1 /* 2 * QEMU LSI53C895A SCSI Host Bus Adapter emulation 3 * 4 * Copyright (c) 2006 CodeSourcery. 5 * Written by Paul Brook 6 * 7 * This code is licensed under the LGPL. 8 */ 9 10 /* Note: 11 * LSI53C810 emulation is incorrect, in the sense that it supports 12 * features added in later evolutions. This should not be a problem, 13 * as well-behaved operating systems will not try to use them. 14 */ 15 16 #include "qemu/osdep.h" 17 18 #include "hw/irq.h" 19 #include "hw/pci/pci.h" 20 #include "hw/scsi/scsi.h" 21 #include "migration/vmstate.h" 22 #include "sysemu/dma.h" 23 #include "qemu/log.h" 24 #include "qemu/module.h" 25 #include "trace.h" 26 #include "qom/object.h" 27 28 static const char *names[] = { 29 "SCNTL0", "SCNTL1", "SCNTL2", "SCNTL3", "SCID", "SXFER", "SDID", "GPREG", 30 "SFBR", "SOCL", "SSID", "SBCL", "DSTAT", "SSTAT0", "SSTAT1", "SSTAT2", 31 "DSA0", "DSA1", "DSA2", "DSA3", "ISTAT", "0x15", "0x16", "0x17", 32 "CTEST0", "CTEST1", "CTEST2", "CTEST3", "TEMP0", "TEMP1", "TEMP2", "TEMP3", 33 "DFIFO", "CTEST4", "CTEST5", "CTEST6", "DBC0", "DBC1", "DBC2", "DCMD", 34 "DNAD0", "DNAD1", "DNAD2", "DNAD3", "DSP0", "DSP1", "DSP2", "DSP3", 35 "DSPS0", "DSPS1", "DSPS2", "DSPS3", "SCRATCHA0", "SCRATCHA1", "SCRATCHA2", "SCRATCHA3", 36 "DMODE", "DIEN", "SBR", "DCNTL", "ADDER0", "ADDER1", "ADDER2", "ADDER3", 37 "SIEN0", "SIEN1", "SIST0", "SIST1", "SLPAR", "0x45", "MACNTL", "GPCNTL", 38 "STIME0", "STIME1", "RESPID", "0x4b", "STEST0", "STEST1", "STEST2", "STEST3", 39 "SIDL", "0x51", "0x52", "0x53", "SODL", "0x55", "0x56", "0x57", 40 "SBDL", "0x59", "0x5a", "0x5b", "SCRATCHB0", "SCRATCHB1", "SCRATCHB2", "SCRATCHB3", 41 }; 42 43 #define LSI_MAX_DEVS 7 44 45 #define LSI_SCNTL0_TRG 0x01 46 #define LSI_SCNTL0_AAP 0x02 47 #define LSI_SCNTL0_EPC 0x08 48 #define LSI_SCNTL0_WATN 0x10 49 #define LSI_SCNTL0_START 0x20 50 51 #define LSI_SCNTL1_SST 0x01 52 #define LSI_SCNTL1_IARB 0x02 53 #define LSI_SCNTL1_AESP 0x04 54 #define LSI_SCNTL1_RST 0x08 55 #define LSI_SCNTL1_CON 0x10 56 #define LSI_SCNTL1_DHP 0x20 57 #define LSI_SCNTL1_ADB 0x40 58 #define LSI_SCNTL1_EXC 0x80 59 60 #define LSI_SCNTL2_WSR 0x01 61 #define LSI_SCNTL2_VUE0 0x02 62 #define LSI_SCNTL2_VUE1 0x04 63 #define LSI_SCNTL2_WSS 0x08 64 #define LSI_SCNTL2_SLPHBEN 0x10 65 #define LSI_SCNTL2_SLPMD 0x20 66 #define LSI_SCNTL2_CHM 0x40 67 #define LSI_SCNTL2_SDU 0x80 68 69 #define LSI_ISTAT0_DIP 0x01 70 #define LSI_ISTAT0_SIP 0x02 71 #define LSI_ISTAT0_INTF 0x04 72 #define LSI_ISTAT0_CON 0x08 73 #define LSI_ISTAT0_SEM 0x10 74 #define LSI_ISTAT0_SIGP 0x20 75 #define LSI_ISTAT0_SRST 0x40 76 #define LSI_ISTAT0_ABRT 0x80 77 78 #define LSI_ISTAT1_SI 0x01 79 #define LSI_ISTAT1_SRUN 0x02 80 #define LSI_ISTAT1_FLSH 0x04 81 82 #define LSI_SSTAT0_SDP0 0x01 83 #define LSI_SSTAT0_RST 0x02 84 #define LSI_SSTAT0_WOA 0x04 85 #define LSI_SSTAT0_LOA 0x08 86 #define LSI_SSTAT0_AIP 0x10 87 #define LSI_SSTAT0_OLF 0x20 88 #define LSI_SSTAT0_ORF 0x40 89 #define LSI_SSTAT0_ILF 0x80 90 91 #define LSI_SIST0_PAR 0x01 92 #define LSI_SIST0_RST 0x02 93 #define LSI_SIST0_UDC 0x04 94 #define LSI_SIST0_SGE 0x08 95 #define LSI_SIST0_RSL 0x10 96 #define LSI_SIST0_SEL 0x20 97 #define LSI_SIST0_CMP 0x40 98 #define LSI_SIST0_MA 0x80 99 100 #define LSI_SIST1_HTH 0x01 101 #define LSI_SIST1_GEN 0x02 102 #define LSI_SIST1_STO 0x04 103 #define LSI_SIST1_SBMC 0x10 104 105 #define LSI_SOCL_IO 0x01 106 #define LSI_SOCL_CD 0x02 107 #define LSI_SOCL_MSG 0x04 108 #define LSI_SOCL_ATN 0x08 109 #define LSI_SOCL_SEL 0x10 110 #define LSI_SOCL_BSY 0x20 111 #define LSI_SOCL_ACK 0x40 112 #define LSI_SOCL_REQ 0x80 113 114 #define LSI_DSTAT_IID 0x01 115 #define LSI_DSTAT_SIR 0x04 116 #define LSI_DSTAT_SSI 0x08 117 #define LSI_DSTAT_ABRT 0x10 118 #define LSI_DSTAT_BF 0x20 119 #define LSI_DSTAT_MDPE 0x40 120 #define LSI_DSTAT_DFE 0x80 121 122 #define LSI_DCNTL_COM 0x01 123 #define LSI_DCNTL_IRQD 0x02 124 #define LSI_DCNTL_STD 0x04 125 #define LSI_DCNTL_IRQM 0x08 126 #define LSI_DCNTL_SSM 0x10 127 #define LSI_DCNTL_PFEN 0x20 128 #define LSI_DCNTL_PFF 0x40 129 #define LSI_DCNTL_CLSE 0x80 130 131 #define LSI_DMODE_MAN 0x01 132 #define LSI_DMODE_BOF 0x02 133 #define LSI_DMODE_ERMP 0x04 134 #define LSI_DMODE_ERL 0x08 135 #define LSI_DMODE_DIOM 0x10 136 #define LSI_DMODE_SIOM 0x20 137 138 #define LSI_CTEST2_DACK 0x01 139 #define LSI_CTEST2_DREQ 0x02 140 #define LSI_CTEST2_TEOP 0x04 141 #define LSI_CTEST2_PCICIE 0x08 142 #define LSI_CTEST2_CM 0x10 143 #define LSI_CTEST2_CIO 0x20 144 #define LSI_CTEST2_SIGP 0x40 145 #define LSI_CTEST2_DDIR 0x80 146 147 #define LSI_CTEST5_BL2 0x04 148 #define LSI_CTEST5_DDIR 0x08 149 #define LSI_CTEST5_MASR 0x10 150 #define LSI_CTEST5_DFSN 0x20 151 #define LSI_CTEST5_BBCK 0x40 152 #define LSI_CTEST5_ADCK 0x80 153 154 #define LSI_CCNTL0_DILS 0x01 155 #define LSI_CCNTL0_DISFC 0x10 156 #define LSI_CCNTL0_ENNDJ 0x20 157 #define LSI_CCNTL0_PMJCTL 0x40 158 #define LSI_CCNTL0_ENPMJ 0x80 159 160 #define LSI_CCNTL1_EN64DBMV 0x01 161 #define LSI_CCNTL1_EN64TIBMV 0x02 162 #define LSI_CCNTL1_64TIMOD 0x04 163 #define LSI_CCNTL1_DDAC 0x08 164 #define LSI_CCNTL1_ZMOD 0x80 165 166 #define LSI_SBCL_ATN 0x08 167 #define LSI_SBCL_BSY 0x20 168 #define LSI_SBCL_ACK 0x40 169 #define LSI_SBCL_REQ 0x80 170 171 /* Enable Response to Reselection */ 172 #define LSI_SCID_RRE 0x60 173 174 #define LSI_CCNTL1_40BIT (LSI_CCNTL1_EN64TIBMV|LSI_CCNTL1_64TIMOD) 175 176 #define PHASE_DO 0 177 #define PHASE_DI 1 178 #define PHASE_CMD 2 179 #define PHASE_ST 3 180 #define PHASE_MO 6 181 #define PHASE_MI 7 182 #define PHASE_MASK 7 183 184 /* Maximum length of MSG IN data. */ 185 #define LSI_MAX_MSGIN_LEN 8 186 187 /* Flag set if this is a tagged command. */ 188 #define LSI_TAG_VALID (1 << 16) 189 190 /* Maximum instructions to process. */ 191 #define LSI_MAX_INSN 10000 192 193 typedef struct lsi_request { 194 SCSIRequest *req; 195 uint32_t tag; 196 uint32_t dma_len; 197 uint8_t *dma_buf; 198 uint32_t pending; 199 int out; 200 QTAILQ_ENTRY(lsi_request) next; 201 } lsi_request; 202 203 enum { 204 LSI_NOWAIT, /* SCRIPTS are running or stopped */ 205 LSI_WAIT_RESELECT, /* Wait Reselect instruction has been issued */ 206 LSI_DMA_SCRIPTS, /* processing DMA from lsi_execute_script */ 207 LSI_DMA_IN_PROGRESS, /* DMA operation is in progress */ 208 }; 209 210 enum { 211 LSI_MSG_ACTION_COMMAND = 0, 212 LSI_MSG_ACTION_DISCONNECT = 1, 213 LSI_MSG_ACTION_DOUT = 2, 214 LSI_MSG_ACTION_DIN = 3, 215 }; 216 217 struct LSIState { 218 /*< private >*/ 219 PCIDevice parent_obj; 220 /*< public >*/ 221 222 qemu_irq ext_irq; 223 MemoryRegion mmio_io; 224 MemoryRegion ram_io; 225 MemoryRegion io_io; 226 AddressSpace pci_io_as; 227 228 int carry; /* ??? Should this be an a visible register somewhere? */ 229 int status; 230 int msg_action; 231 int msg_len; 232 uint8_t msg[LSI_MAX_MSGIN_LEN]; 233 int waiting; 234 SCSIBus bus; 235 int current_lun; 236 /* The tag is a combination of the device ID and the SCSI tag. */ 237 uint32_t select_tag; 238 int command_complete; 239 QTAILQ_HEAD(, lsi_request) queue; 240 lsi_request *current; 241 242 uint32_t dsa; 243 uint32_t temp; 244 uint32_t dnad; 245 uint32_t dbc; 246 uint8_t istat0; 247 uint8_t istat1; 248 uint8_t dcmd; 249 uint8_t dstat; 250 uint8_t dien; 251 uint8_t sist0; 252 uint8_t sist1; 253 uint8_t sien0; 254 uint8_t sien1; 255 uint8_t mbox0; 256 uint8_t mbox1; 257 uint8_t dfifo; 258 uint8_t ctest2; 259 uint8_t ctest3; 260 uint8_t ctest4; 261 uint8_t ctest5; 262 uint8_t ccntl0; 263 uint8_t ccntl1; 264 uint32_t dsp; 265 uint32_t dsps; 266 uint8_t dmode; 267 uint8_t dcntl; 268 uint8_t scntl0; 269 uint8_t scntl1; 270 uint8_t scntl2; 271 uint8_t scntl3; 272 uint8_t sstat0; 273 uint8_t sstat1; 274 uint8_t scid; 275 uint8_t sxfer; 276 uint8_t socl; 277 uint8_t sdid; 278 uint8_t ssid; 279 uint8_t sfbr; 280 uint8_t sbcl; 281 uint8_t stest1; 282 uint8_t stest2; 283 uint8_t stest3; 284 uint8_t sidl; 285 uint8_t stime0; 286 uint8_t respid0; 287 uint8_t respid1; 288 uint32_t mmrs; 289 uint32_t mmws; 290 uint32_t sfs; 291 uint32_t drs; 292 uint32_t sbms; 293 uint32_t dbms; 294 uint32_t dnad64; 295 uint32_t pmjad1; 296 uint32_t pmjad2; 297 uint32_t rbc; 298 uint32_t ua; 299 uint32_t ia; 300 uint32_t sbc; 301 uint32_t csbc; 302 uint32_t scratch[18]; /* SCRATCHA-SCRATCHR */ 303 uint8_t sbr; 304 uint32_t adder; 305 306 uint8_t script_ram[2048 * sizeof(uint32_t)]; 307 }; 308 309 #define TYPE_LSI53C810 "lsi53c810" 310 #define TYPE_LSI53C895A "lsi53c895a" 311 312 OBJECT_DECLARE_SIMPLE_TYPE(LSIState, LSI53C895A) 313 314 static const char *scsi_phases[] = { 315 "DOUT", 316 "DIN", 317 "CMD", 318 "STATUS", 319 "RSVOUT", 320 "RSVIN", 321 "MSGOUT", 322 "MSGIN" 323 }; 324 325 static const char *scsi_phase_name(int phase) 326 { 327 return scsi_phases[phase & PHASE_MASK]; 328 } 329 330 static inline int lsi_irq_on_rsl(LSIState *s) 331 { 332 return (s->sien0 & LSI_SIST0_RSL) && (s->scid & LSI_SCID_RRE); 333 } 334 335 static lsi_request *get_pending_req(LSIState *s) 336 { 337 lsi_request *p; 338 339 QTAILQ_FOREACH(p, &s->queue, next) { 340 if (p->pending) { 341 return p; 342 } 343 } 344 return NULL; 345 } 346 347 static void lsi_soft_reset(LSIState *s) 348 { 349 trace_lsi_reset(); 350 s->carry = 0; 351 352 s->msg_action = LSI_MSG_ACTION_COMMAND; 353 s->msg_len = 0; 354 s->waiting = LSI_NOWAIT; 355 s->dsa = 0; 356 s->dnad = 0; 357 s->dbc = 0; 358 s->temp = 0; 359 memset(s->scratch, 0, sizeof(s->scratch)); 360 s->istat0 = 0; 361 s->istat1 = 0; 362 s->dcmd = 0x40; 363 s->dstat = 0; 364 s->dien = 0; 365 s->sist0 = 0; 366 s->sist1 = 0; 367 s->sien0 = 0; 368 s->sien1 = 0; 369 s->mbox0 = 0; 370 s->mbox1 = 0; 371 s->dfifo = 0; 372 s->ctest2 = LSI_CTEST2_DACK; 373 s->ctest3 = 0; 374 s->ctest4 = 0; 375 s->ctest5 = 0; 376 s->ccntl0 = 0; 377 s->ccntl1 = 0; 378 s->dsp = 0; 379 s->dsps = 0; 380 s->dmode = 0; 381 s->dcntl = 0; 382 s->scntl0 = 0xc0; 383 s->scntl1 = 0; 384 s->scntl2 = 0; 385 s->scntl3 = 0; 386 s->sstat0 = 0; 387 s->sstat1 = 0; 388 s->scid = 7; 389 s->sxfer = 0; 390 s->socl = 0; 391 s->sdid = 0; 392 s->ssid = 0; 393 s->sbcl = 0; 394 s->stest1 = 0; 395 s->stest2 = 0; 396 s->stest3 = 0; 397 s->sidl = 0; 398 s->stime0 = 0; 399 s->respid0 = 0x80; 400 s->respid1 = 0; 401 s->mmrs = 0; 402 s->mmws = 0; 403 s->sfs = 0; 404 s->drs = 0; 405 s->sbms = 0; 406 s->dbms = 0; 407 s->dnad64 = 0; 408 s->pmjad1 = 0; 409 s->pmjad2 = 0; 410 s->rbc = 0; 411 s->ua = 0; 412 s->ia = 0; 413 s->sbc = 0; 414 s->csbc = 0; 415 s->sbr = 0; 416 assert(QTAILQ_EMPTY(&s->queue)); 417 assert(!s->current); 418 } 419 420 static int lsi_dma_40bit(LSIState *s) 421 { 422 if ((s->ccntl1 & LSI_CCNTL1_40BIT) == LSI_CCNTL1_40BIT) 423 return 1; 424 return 0; 425 } 426 427 static int lsi_dma_ti64bit(LSIState *s) 428 { 429 if ((s->ccntl1 & LSI_CCNTL1_EN64TIBMV) == LSI_CCNTL1_EN64TIBMV) 430 return 1; 431 return 0; 432 } 433 434 static int lsi_dma_64bit(LSIState *s) 435 { 436 if ((s->ccntl1 & LSI_CCNTL1_EN64DBMV) == LSI_CCNTL1_EN64DBMV) 437 return 1; 438 return 0; 439 } 440 441 static uint8_t lsi_reg_readb(LSIState *s, int offset); 442 static void lsi_reg_writeb(LSIState *s, int offset, uint8_t val); 443 static void lsi_execute_script(LSIState *s); 444 static void lsi_reselect(LSIState *s, lsi_request *p); 445 446 static inline void lsi_mem_read(LSIState *s, dma_addr_t addr, 447 void *buf, dma_addr_t len) 448 { 449 if (s->dmode & LSI_DMODE_SIOM) { 450 address_space_read(&s->pci_io_as, addr, MEMTXATTRS_UNSPECIFIED, 451 buf, len); 452 } else { 453 pci_dma_read(PCI_DEVICE(s), addr, buf, len); 454 } 455 } 456 457 static inline void lsi_mem_write(LSIState *s, dma_addr_t addr, 458 const void *buf, dma_addr_t len) 459 { 460 if (s->dmode & LSI_DMODE_DIOM) { 461 address_space_write(&s->pci_io_as, addr, MEMTXATTRS_UNSPECIFIED, 462 buf, len); 463 } else { 464 pci_dma_write(PCI_DEVICE(s), addr, buf, len); 465 } 466 } 467 468 static inline uint32_t read_dword(LSIState *s, uint32_t addr) 469 { 470 uint32_t buf; 471 472 pci_dma_read(PCI_DEVICE(s), addr, &buf, 4); 473 return cpu_to_le32(buf); 474 } 475 476 static void lsi_stop_script(LSIState *s) 477 { 478 s->istat1 &= ~LSI_ISTAT1_SRUN; 479 } 480 481 static void lsi_set_irq(LSIState *s, int level) 482 { 483 PCIDevice *d = PCI_DEVICE(s); 484 485 if (s->ext_irq) { 486 qemu_set_irq(s->ext_irq, level); 487 } else { 488 pci_set_irq(d, level); 489 } 490 } 491 492 static void lsi_update_irq(LSIState *s) 493 { 494 int level; 495 static int last_level; 496 497 /* It's unclear whether the DIP/SIP bits should be cleared when the 498 Interrupt Status Registers are cleared or when istat0 is read. 499 We currently do the formwer, which seems to work. */ 500 level = 0; 501 if (s->dstat) { 502 if (s->dstat & s->dien) 503 level = 1; 504 s->istat0 |= LSI_ISTAT0_DIP; 505 } else { 506 s->istat0 &= ~LSI_ISTAT0_DIP; 507 } 508 509 if (s->sist0 || s->sist1) { 510 if ((s->sist0 & s->sien0) || (s->sist1 & s->sien1)) 511 level = 1; 512 s->istat0 |= LSI_ISTAT0_SIP; 513 } else { 514 s->istat0 &= ~LSI_ISTAT0_SIP; 515 } 516 if (s->istat0 & LSI_ISTAT0_INTF) 517 level = 1; 518 519 if (level != last_level) { 520 trace_lsi_update_irq(level, s->dstat, s->sist1, s->sist0); 521 last_level = level; 522 } 523 lsi_set_irq(s, level); 524 525 if (!s->current && !level && lsi_irq_on_rsl(s) && !(s->scntl1 & LSI_SCNTL1_CON)) { 526 lsi_request *p; 527 528 trace_lsi_update_irq_disconnected(); 529 p = get_pending_req(s); 530 if (p) { 531 lsi_reselect(s, p); 532 } 533 } 534 } 535 536 /* Stop SCRIPTS execution and raise a SCSI interrupt. */ 537 static void lsi_script_scsi_interrupt(LSIState *s, int stat0, int stat1) 538 { 539 uint32_t mask0; 540 uint32_t mask1; 541 542 trace_lsi_script_scsi_interrupt(stat1, stat0, s->sist1, s->sist0); 543 s->sist0 |= stat0; 544 s->sist1 |= stat1; 545 /* Stop processor on fatal or unmasked interrupt. As a special hack 546 we don't stop processing when raising STO. Instead continue 547 execution and stop at the next insn that accesses the SCSI bus. */ 548 mask0 = s->sien0 | ~(LSI_SIST0_CMP | LSI_SIST0_SEL | LSI_SIST0_RSL); 549 mask1 = s->sien1 | ~(LSI_SIST1_GEN | LSI_SIST1_HTH); 550 mask1 &= ~LSI_SIST1_STO; 551 if (s->sist0 & mask0 || s->sist1 & mask1) { 552 lsi_stop_script(s); 553 } 554 lsi_update_irq(s); 555 } 556 557 /* Stop SCRIPTS execution and raise a DMA interrupt. */ 558 static void lsi_script_dma_interrupt(LSIState *s, int stat) 559 { 560 trace_lsi_script_dma_interrupt(stat, s->dstat); 561 s->dstat |= stat; 562 lsi_update_irq(s); 563 lsi_stop_script(s); 564 } 565 566 static inline void lsi_set_phase(LSIState *s, int phase) 567 { 568 s->sbcl &= ~PHASE_MASK; 569 s->sbcl |= phase | LSI_SBCL_REQ; 570 s->sstat1 = (s->sstat1 & ~PHASE_MASK) | phase; 571 } 572 573 static void lsi_bad_phase(LSIState *s, int out, int new_phase) 574 { 575 /* Trigger a phase mismatch. */ 576 if (s->ccntl0 & LSI_CCNTL0_ENPMJ) { 577 if ((s->ccntl0 & LSI_CCNTL0_PMJCTL)) { 578 s->dsp = out ? s->pmjad1 : s->pmjad2; 579 } else { 580 s->dsp = (s->scntl2 & LSI_SCNTL2_WSR ? s->pmjad2 : s->pmjad1); 581 } 582 trace_lsi_bad_phase_jump(s->dsp); 583 } else { 584 trace_lsi_bad_phase_interrupt(); 585 lsi_script_scsi_interrupt(s, LSI_SIST0_MA, 0); 586 lsi_stop_script(s); 587 } 588 lsi_set_phase(s, new_phase); 589 } 590 591 592 /* Resume SCRIPTS execution after a DMA operation. */ 593 static void lsi_resume_script(LSIState *s) 594 { 595 if (s->waiting != 2) { 596 s->waiting = LSI_NOWAIT; 597 lsi_execute_script(s); 598 } else { 599 s->waiting = LSI_NOWAIT; 600 } 601 } 602 603 static void lsi_disconnect(LSIState *s) 604 { 605 s->scntl1 &= ~LSI_SCNTL1_CON; 606 s->sstat1 &= ~PHASE_MASK; 607 s->sbcl = 0; 608 } 609 610 static void lsi_bad_selection(LSIState *s, uint32_t id) 611 { 612 trace_lsi_bad_selection(id); 613 lsi_script_scsi_interrupt(s, 0, LSI_SIST1_STO); 614 lsi_disconnect(s); 615 } 616 617 /* Initiate a SCSI layer data transfer. */ 618 static void lsi_do_dma(LSIState *s, int out) 619 { 620 uint32_t count; 621 dma_addr_t addr; 622 SCSIDevice *dev; 623 624 assert(s->current); 625 if (!s->current->dma_len) { 626 /* Wait until data is available. */ 627 trace_lsi_do_dma_unavailable(); 628 return; 629 } 630 631 dev = s->current->req->dev; 632 assert(dev); 633 634 count = s->dbc; 635 if (count > s->current->dma_len) 636 count = s->current->dma_len; 637 638 addr = s->dnad; 639 /* both 40 and Table Indirect 64-bit DMAs store upper bits in dnad64 */ 640 if (lsi_dma_40bit(s) || lsi_dma_ti64bit(s)) 641 addr |= ((uint64_t)s->dnad64 << 32); 642 else if (s->dbms) 643 addr |= ((uint64_t)s->dbms << 32); 644 else if (s->sbms) 645 addr |= ((uint64_t)s->sbms << 32); 646 647 trace_lsi_do_dma(addr, count); 648 s->csbc += count; 649 s->dnad += count; 650 s->dbc -= count; 651 if (s->current->dma_buf == NULL) { 652 s->current->dma_buf = scsi_req_get_buf(s->current->req); 653 } 654 /* ??? Set SFBR to first data byte. */ 655 if (out) { 656 lsi_mem_read(s, addr, s->current->dma_buf, count); 657 } else { 658 lsi_mem_write(s, addr, s->current->dma_buf, count); 659 } 660 s->current->dma_len -= count; 661 if (s->current->dma_len == 0) { 662 s->current->dma_buf = NULL; 663 scsi_req_continue(s->current->req); 664 } else { 665 s->current->dma_buf += count; 666 lsi_resume_script(s); 667 } 668 } 669 670 671 /* Add a command to the queue. */ 672 static void lsi_queue_command(LSIState *s) 673 { 674 lsi_request *p = s->current; 675 676 trace_lsi_queue_command(p->tag); 677 assert(s->current != NULL); 678 assert(s->current->dma_len == 0); 679 QTAILQ_INSERT_TAIL(&s->queue, s->current, next); 680 s->current = NULL; 681 682 p->pending = 0; 683 p->out = (s->sstat1 & PHASE_MASK) == PHASE_DO; 684 } 685 686 /* Queue a byte for a MSG IN phase. */ 687 static void lsi_add_msg_byte(LSIState *s, uint8_t data) 688 { 689 if (s->msg_len >= LSI_MAX_MSGIN_LEN) { 690 trace_lsi_add_msg_byte_error(); 691 } else { 692 trace_lsi_add_msg_byte(data); 693 s->msg[s->msg_len++] = data; 694 } 695 } 696 697 /* Perform reselection to continue a command. */ 698 static void lsi_reselect(LSIState *s, lsi_request *p) 699 { 700 int id; 701 702 assert(s->current == NULL); 703 QTAILQ_REMOVE(&s->queue, p, next); 704 s->current = p; 705 706 id = (p->tag >> 8) & 0xf; 707 s->ssid = id | 0x80; 708 /* LSI53C700 Family Compatibility, see LSI53C895A 4-73 */ 709 if (!(s->dcntl & LSI_DCNTL_COM)) { 710 s->sfbr = 1 << (id & 0x7); 711 } 712 trace_lsi_reselect(id); 713 s->scntl1 |= LSI_SCNTL1_CON; 714 lsi_set_phase(s, PHASE_MI); 715 s->msg_action = p->out ? LSI_MSG_ACTION_DOUT : LSI_MSG_ACTION_DIN; 716 s->current->dma_len = p->pending; 717 lsi_add_msg_byte(s, 0x80); 718 if (s->current->tag & LSI_TAG_VALID) { 719 lsi_add_msg_byte(s, 0x20); 720 lsi_add_msg_byte(s, p->tag & 0xff); 721 } 722 723 if (lsi_irq_on_rsl(s)) { 724 lsi_script_scsi_interrupt(s, LSI_SIST0_RSL, 0); 725 } 726 } 727 728 static lsi_request *lsi_find_by_tag(LSIState *s, uint32_t tag) 729 { 730 lsi_request *p; 731 732 QTAILQ_FOREACH(p, &s->queue, next) { 733 if (p->tag == tag) { 734 return p; 735 } 736 } 737 738 return NULL; 739 } 740 741 static void lsi_request_free(LSIState *s, lsi_request *p) 742 { 743 if (p == s->current) { 744 s->current = NULL; 745 } else { 746 QTAILQ_REMOVE(&s->queue, p, next); 747 } 748 g_free(p); 749 } 750 751 static void lsi_request_cancelled(SCSIRequest *req) 752 { 753 LSIState *s = LSI53C895A(req->bus->qbus.parent); 754 lsi_request *p = req->hba_private; 755 756 req->hba_private = NULL; 757 lsi_request_free(s, p); 758 scsi_req_unref(req); 759 } 760 761 /* Record that data is available for a queued command. Returns zero if 762 the device was reselected, nonzero if the IO is deferred. */ 763 static int lsi_queue_req(LSIState *s, SCSIRequest *req, uint32_t len) 764 { 765 lsi_request *p = req->hba_private; 766 767 if (p->pending) { 768 trace_lsi_queue_req_error(p); 769 } 770 p->pending = len; 771 /* Reselect if waiting for it, or if reselection triggers an IRQ 772 and the bus is free. 773 Since no interrupt stacking is implemented in the emulation, it 774 is also required that there are no pending interrupts waiting 775 for service from the device driver. */ 776 if (s->waiting == LSI_WAIT_RESELECT || 777 (lsi_irq_on_rsl(s) && !(s->scntl1 & LSI_SCNTL1_CON) && 778 !(s->istat0 & (LSI_ISTAT0_SIP | LSI_ISTAT0_DIP)))) { 779 /* Reselect device. */ 780 lsi_reselect(s, p); 781 return 0; 782 } else { 783 trace_lsi_queue_req(p->tag); 784 p->pending = len; 785 return 1; 786 } 787 } 788 789 /* Callback to indicate that the SCSI layer has completed a command. */ 790 static void lsi_command_complete(SCSIRequest *req, size_t resid) 791 { 792 LSIState *s = LSI53C895A(req->bus->qbus.parent); 793 int out; 794 795 out = (s->sstat1 & PHASE_MASK) == PHASE_DO; 796 trace_lsi_command_complete(req->status); 797 s->status = req->status; 798 s->command_complete = 2; 799 if (s->waiting && s->dbc != 0) { 800 /* Raise phase mismatch for short transfers. */ 801 lsi_bad_phase(s, out, PHASE_ST); 802 } else { 803 lsi_set_phase(s, PHASE_ST); 804 } 805 806 if (req->hba_private == s->current) { 807 req->hba_private = NULL; 808 lsi_request_free(s, s->current); 809 scsi_req_unref(req); 810 } 811 lsi_resume_script(s); 812 } 813 814 /* Callback to indicate that the SCSI layer has completed a transfer. */ 815 static void lsi_transfer_data(SCSIRequest *req, uint32_t len) 816 { 817 LSIState *s = LSI53C895A(req->bus->qbus.parent); 818 int out; 819 820 assert(req->hba_private); 821 if (s->waiting == LSI_WAIT_RESELECT || req->hba_private != s->current || 822 (lsi_irq_on_rsl(s) && !(s->scntl1 & LSI_SCNTL1_CON))) { 823 if (lsi_queue_req(s, req, len)) { 824 return; 825 } 826 } 827 828 out = (s->sstat1 & PHASE_MASK) == PHASE_DO; 829 830 /* host adapter (re)connected */ 831 trace_lsi_transfer_data(req->tag, len); 832 s->current->dma_len = len; 833 s->command_complete = 1; 834 if (s->waiting) { 835 if (s->waiting == LSI_WAIT_RESELECT || s->dbc == 0) { 836 lsi_resume_script(s); 837 } else { 838 lsi_do_dma(s, out); 839 } 840 } 841 } 842 843 static void lsi_do_command(LSIState *s) 844 { 845 SCSIDevice *dev; 846 uint8_t buf[16]; 847 uint32_t id; 848 int n; 849 850 trace_lsi_do_command(s->dbc); 851 if (s->dbc > 16) 852 s->dbc = 16; 853 pci_dma_read(PCI_DEVICE(s), s->dnad, buf, s->dbc); 854 s->sfbr = buf[0]; 855 s->command_complete = 0; 856 857 id = (s->select_tag >> 8) & 0xf; 858 dev = scsi_device_find(&s->bus, 0, id, s->current_lun); 859 if (!dev) { 860 lsi_bad_selection(s, id); 861 return; 862 } 863 864 assert(s->current == NULL); 865 s->current = g_new0(lsi_request, 1); 866 s->current->tag = s->select_tag; 867 s->current->req = scsi_req_new(dev, s->current->tag, s->current_lun, buf, 868 s->current); 869 870 n = scsi_req_enqueue(s->current->req); 871 if (n) { 872 if (n > 0) { 873 lsi_set_phase(s, PHASE_DI); 874 } else if (n < 0) { 875 lsi_set_phase(s, PHASE_DO); 876 } 877 scsi_req_continue(s->current->req); 878 } 879 if (!s->command_complete) { 880 if (n) { 881 /* Command did not complete immediately so disconnect. */ 882 lsi_add_msg_byte(s, 2); /* SAVE DATA POINTER */ 883 lsi_add_msg_byte(s, 4); /* DISCONNECT */ 884 /* wait data */ 885 lsi_set_phase(s, PHASE_MI); 886 s->msg_action = LSI_MSG_ACTION_DISCONNECT; 887 lsi_queue_command(s); 888 } else { 889 /* wait command complete */ 890 lsi_set_phase(s, PHASE_DI); 891 } 892 } 893 } 894 895 static void lsi_do_status(LSIState *s) 896 { 897 uint8_t status; 898 trace_lsi_do_status(s->dbc, s->status); 899 if (s->dbc != 1) { 900 trace_lsi_do_status_error(); 901 } 902 s->dbc = 1; 903 status = s->status; 904 s->sfbr = status; 905 pci_dma_write(PCI_DEVICE(s), s->dnad, &status, 1); 906 lsi_set_phase(s, PHASE_MI); 907 s->msg_action = LSI_MSG_ACTION_DISCONNECT; 908 lsi_add_msg_byte(s, 0); /* COMMAND COMPLETE */ 909 } 910 911 static void lsi_do_msgin(LSIState *s) 912 { 913 uint8_t len; 914 trace_lsi_do_msgin(s->dbc, s->msg_len); 915 s->sfbr = s->msg[0]; 916 len = s->msg_len; 917 assert(len > 0 && len <= LSI_MAX_MSGIN_LEN); 918 if (len > s->dbc) 919 len = s->dbc; 920 pci_dma_write(PCI_DEVICE(s), s->dnad, s->msg, len); 921 /* Linux drivers rely on the last byte being in the SIDL. */ 922 s->sidl = s->msg[len - 1]; 923 s->msg_len -= len; 924 if (s->msg_len) { 925 memmove(s->msg, s->msg + len, s->msg_len); 926 } else { 927 /* ??? Check if ATN (not yet implemented) is asserted and maybe 928 switch to PHASE_MO. */ 929 switch (s->msg_action) { 930 case LSI_MSG_ACTION_COMMAND: 931 lsi_set_phase(s, PHASE_CMD); 932 break; 933 case LSI_MSG_ACTION_DISCONNECT: 934 lsi_disconnect(s); 935 break; 936 case LSI_MSG_ACTION_DOUT: 937 lsi_set_phase(s, PHASE_DO); 938 break; 939 case LSI_MSG_ACTION_DIN: 940 lsi_set_phase(s, PHASE_DI); 941 break; 942 default: 943 abort(); 944 } 945 } 946 } 947 948 /* Read the next byte during a MSGOUT phase. */ 949 static uint8_t lsi_get_msgbyte(LSIState *s) 950 { 951 uint8_t data; 952 pci_dma_read(PCI_DEVICE(s), s->dnad, &data, 1); 953 s->dnad++; 954 s->dbc--; 955 return data; 956 } 957 958 /* Skip the next n bytes during a MSGOUT phase. */ 959 static void lsi_skip_msgbytes(LSIState *s, unsigned int n) 960 { 961 s->dnad += n; 962 s->dbc -= n; 963 } 964 965 static void lsi_do_msgout(LSIState *s) 966 { 967 uint8_t msg; 968 int len; 969 uint32_t current_tag; 970 lsi_request *current_req, *p, *p_next; 971 972 if (s->current) { 973 current_tag = s->current->tag; 974 current_req = s->current; 975 } else { 976 current_tag = s->select_tag; 977 current_req = lsi_find_by_tag(s, current_tag); 978 } 979 980 trace_lsi_do_msgout(s->dbc); 981 while (s->dbc) { 982 msg = lsi_get_msgbyte(s); 983 s->sfbr = msg; 984 985 switch (msg) { 986 case 0x04: 987 trace_lsi_do_msgout_disconnect(); 988 lsi_disconnect(s); 989 break; 990 case 0x08: 991 trace_lsi_do_msgout_noop(); 992 lsi_set_phase(s, PHASE_CMD); 993 break; 994 case 0x01: 995 len = lsi_get_msgbyte(s); 996 msg = lsi_get_msgbyte(s); 997 (void)len; /* avoid a warning about unused variable*/ 998 trace_lsi_do_msgout_extended(msg, len); 999 switch (msg) { 1000 case 1: 1001 trace_lsi_do_msgout_ignored("SDTR"); 1002 lsi_skip_msgbytes(s, 2); 1003 break; 1004 case 3: 1005 trace_lsi_do_msgout_ignored("WDTR"); 1006 lsi_skip_msgbytes(s, 1); 1007 break; 1008 case 4: 1009 trace_lsi_do_msgout_ignored("PPR"); 1010 lsi_skip_msgbytes(s, 5); 1011 break; 1012 default: 1013 goto bad; 1014 } 1015 break; 1016 case 0x20: /* SIMPLE queue */ 1017 s->select_tag |= lsi_get_msgbyte(s) | LSI_TAG_VALID; 1018 trace_lsi_do_msgout_simplequeue(s->select_tag & 0xff); 1019 break; 1020 case 0x21: /* HEAD of queue */ 1021 qemu_log_mask(LOG_UNIMP, "lsi_scsi: HEAD queue not implemented\n"); 1022 s->select_tag |= lsi_get_msgbyte(s) | LSI_TAG_VALID; 1023 break; 1024 case 0x22: /* ORDERED queue */ 1025 qemu_log_mask(LOG_UNIMP, 1026 "lsi_scsi: ORDERED queue not implemented\n"); 1027 s->select_tag |= lsi_get_msgbyte(s) | LSI_TAG_VALID; 1028 break; 1029 case 0x0d: 1030 /* The ABORT TAG message clears the current I/O process only. */ 1031 trace_lsi_do_msgout_abort(current_tag); 1032 if (current_req) { 1033 scsi_req_cancel(current_req->req); 1034 } 1035 lsi_disconnect(s); 1036 break; 1037 case 0x06: 1038 case 0x0e: 1039 case 0x0c: 1040 /* The ABORT message clears all I/O processes for the selecting 1041 initiator on the specified logical unit of the target. */ 1042 if (msg == 0x06) { 1043 trace_lsi_do_msgout_abort(current_tag); 1044 } 1045 /* The CLEAR QUEUE message clears all I/O processes for all 1046 initiators on the specified logical unit of the target. */ 1047 if (msg == 0x0e) { 1048 trace_lsi_do_msgout_clearqueue(current_tag); 1049 } 1050 /* The BUS DEVICE RESET message clears all I/O processes for all 1051 initiators on all logical units of the target. */ 1052 if (msg == 0x0c) { 1053 trace_lsi_do_msgout_busdevicereset(current_tag); 1054 } 1055 1056 /* clear the current I/O process */ 1057 if (s->current) { 1058 scsi_req_cancel(s->current->req); 1059 } 1060 1061 /* As the current implemented devices scsi_disk and scsi_generic 1062 only support one LUN, we don't need to keep track of LUNs. 1063 Clearing I/O processes for other initiators could be possible 1064 for scsi_generic by sending a SG_SCSI_RESET to the /dev/sgX 1065 device, but this is currently not implemented (and seems not 1066 to be really necessary). So let's simply clear all queued 1067 commands for the current device: */ 1068 QTAILQ_FOREACH_SAFE(p, &s->queue, next, p_next) { 1069 if ((p->tag & 0x0000ff00) == (current_tag & 0x0000ff00)) { 1070 scsi_req_cancel(p->req); 1071 } 1072 } 1073 1074 lsi_disconnect(s); 1075 break; 1076 default: 1077 if ((msg & 0x80) == 0) { 1078 goto bad; 1079 } 1080 s->current_lun = msg & 7; 1081 trace_lsi_do_msgout_select(s->current_lun); 1082 lsi_set_phase(s, PHASE_CMD); 1083 break; 1084 } 1085 } 1086 return; 1087 bad: 1088 qemu_log_mask(LOG_UNIMP, "Unimplemented message 0x%02x\n", msg); 1089 lsi_set_phase(s, PHASE_MI); 1090 lsi_add_msg_byte(s, 7); /* MESSAGE REJECT */ 1091 s->msg_action = LSI_MSG_ACTION_COMMAND; 1092 } 1093 1094 #define LSI_BUF_SIZE 4096 1095 static void lsi_memcpy(LSIState *s, uint32_t dest, uint32_t src, int count) 1096 { 1097 int n; 1098 uint8_t buf[LSI_BUF_SIZE]; 1099 1100 trace_lsi_memcpy(dest, src, count); 1101 while (count) { 1102 n = (count > LSI_BUF_SIZE) ? LSI_BUF_SIZE : count; 1103 lsi_mem_read(s, src, buf, n); 1104 lsi_mem_write(s, dest, buf, n); 1105 src += n; 1106 dest += n; 1107 count -= n; 1108 } 1109 } 1110 1111 static void lsi_wait_reselect(LSIState *s) 1112 { 1113 lsi_request *p; 1114 1115 trace_lsi_wait_reselect(); 1116 1117 if (s->current) { 1118 return; 1119 } 1120 p = get_pending_req(s); 1121 if (p) { 1122 lsi_reselect(s, p); 1123 } 1124 if (s->current == NULL) { 1125 s->waiting = LSI_WAIT_RESELECT; 1126 } 1127 } 1128 1129 static void lsi_execute_script(LSIState *s) 1130 { 1131 PCIDevice *pci_dev = PCI_DEVICE(s); 1132 uint32_t insn; 1133 uint32_t addr, addr_high; 1134 int opcode; 1135 int insn_processed = 0; 1136 1137 s->istat1 |= LSI_ISTAT1_SRUN; 1138 again: 1139 if (++insn_processed > LSI_MAX_INSN) { 1140 /* Some windows drivers make the device spin waiting for a memory 1141 location to change. If we have been executed a lot of code then 1142 assume this is the case and force an unexpected device disconnect. 1143 This is apparently sufficient to beat the drivers into submission. 1144 */ 1145 if (!(s->sien0 & LSI_SIST0_UDC)) { 1146 qemu_log_mask(LOG_GUEST_ERROR, 1147 "lsi_scsi: inf. loop with UDC masked"); 1148 } 1149 lsi_script_scsi_interrupt(s, LSI_SIST0_UDC, 0); 1150 lsi_disconnect(s); 1151 trace_lsi_execute_script_stop(); 1152 return; 1153 } 1154 insn = read_dword(s, s->dsp); 1155 if (!insn) { 1156 /* If we receive an empty opcode increment the DSP by 4 bytes 1157 instead of 8 and execute the next opcode at that location */ 1158 s->dsp += 4; 1159 goto again; 1160 } 1161 addr = read_dword(s, s->dsp + 4); 1162 addr_high = 0; 1163 trace_lsi_execute_script(s->dsp, insn, addr); 1164 s->dsps = addr; 1165 s->dcmd = insn >> 24; 1166 s->dsp += 8; 1167 switch (insn >> 30) { 1168 case 0: /* Block move. */ 1169 if (s->sist1 & LSI_SIST1_STO) { 1170 trace_lsi_execute_script_blockmove_delayed(); 1171 lsi_stop_script(s); 1172 break; 1173 } 1174 s->dbc = insn & 0xffffff; 1175 s->rbc = s->dbc; 1176 /* ??? Set ESA. */ 1177 s->ia = s->dsp - 8; 1178 if (insn & (1 << 29)) { 1179 /* Indirect addressing. */ 1180 addr = read_dword(s, addr); 1181 } else if (insn & (1 << 28)) { 1182 uint32_t buf[2]; 1183 int32_t offset; 1184 /* Table indirect addressing. */ 1185 1186 /* 32-bit Table indirect */ 1187 offset = sextract32(addr, 0, 24); 1188 pci_dma_read(pci_dev, s->dsa + offset, buf, 8); 1189 /* byte count is stored in bits 0:23 only */ 1190 s->dbc = cpu_to_le32(buf[0]) & 0xffffff; 1191 s->rbc = s->dbc; 1192 addr = cpu_to_le32(buf[1]); 1193 1194 /* 40-bit DMA, upper addr bits [39:32] stored in first DWORD of 1195 * table, bits [31:24] */ 1196 if (lsi_dma_40bit(s)) 1197 addr_high = cpu_to_le32(buf[0]) >> 24; 1198 else if (lsi_dma_ti64bit(s)) { 1199 int selector = (cpu_to_le32(buf[0]) >> 24) & 0x1f; 1200 switch (selector) { 1201 case 0 ... 0x0f: 1202 /* offset index into scratch registers since 1203 * TI64 mode can use registers C to R */ 1204 addr_high = s->scratch[2 + selector]; 1205 break; 1206 case 0x10: 1207 addr_high = s->mmrs; 1208 break; 1209 case 0x11: 1210 addr_high = s->mmws; 1211 break; 1212 case 0x12: 1213 addr_high = s->sfs; 1214 break; 1215 case 0x13: 1216 addr_high = s->drs; 1217 break; 1218 case 0x14: 1219 addr_high = s->sbms; 1220 break; 1221 case 0x15: 1222 addr_high = s->dbms; 1223 break; 1224 default: 1225 qemu_log_mask(LOG_GUEST_ERROR, 1226 "lsi_scsi: Illegal selector specified (0x%x > 0x15) " 1227 "for 64-bit DMA block move", selector); 1228 break; 1229 } 1230 } 1231 } else if (lsi_dma_64bit(s)) { 1232 /* fetch a 3rd dword if 64-bit direct move is enabled and 1233 only if we're not doing table indirect or indirect addressing */ 1234 s->dbms = read_dword(s, s->dsp); 1235 s->dsp += 4; 1236 s->ia = s->dsp - 12; 1237 } 1238 if ((s->sstat1 & PHASE_MASK) != ((insn >> 24) & 7)) { 1239 trace_lsi_execute_script_blockmove_badphase( 1240 scsi_phase_name(s->sstat1), 1241 scsi_phase_name(insn >> 24)); 1242 lsi_script_scsi_interrupt(s, LSI_SIST0_MA, 0); 1243 break; 1244 } 1245 s->dnad = addr; 1246 s->dnad64 = addr_high; 1247 switch (s->sstat1 & 0x7) { 1248 case PHASE_DO: 1249 s->waiting = LSI_DMA_SCRIPTS; 1250 lsi_do_dma(s, 1); 1251 if (s->waiting) 1252 s->waiting = LSI_DMA_IN_PROGRESS; 1253 break; 1254 case PHASE_DI: 1255 s->waiting = LSI_DMA_SCRIPTS; 1256 lsi_do_dma(s, 0); 1257 if (s->waiting) 1258 s->waiting = LSI_DMA_IN_PROGRESS; 1259 break; 1260 case PHASE_CMD: 1261 lsi_do_command(s); 1262 break; 1263 case PHASE_ST: 1264 lsi_do_status(s); 1265 break; 1266 case PHASE_MO: 1267 lsi_do_msgout(s); 1268 break; 1269 case PHASE_MI: 1270 lsi_do_msgin(s); 1271 break; 1272 default: 1273 qemu_log_mask(LOG_UNIMP, "lsi_scsi: Unimplemented phase %s\n", 1274 scsi_phase_name(s->sstat1)); 1275 } 1276 s->dfifo = s->dbc & 0xff; 1277 s->ctest5 = (s->ctest5 & 0xfc) | ((s->dbc >> 8) & 3); 1278 s->sbc = s->dbc; 1279 s->rbc -= s->dbc; 1280 s->ua = addr + s->dbc; 1281 break; 1282 1283 case 1: /* IO or Read/Write instruction. */ 1284 opcode = (insn >> 27) & 7; 1285 if (opcode < 5) { 1286 uint32_t id; 1287 1288 if (insn & (1 << 25)) { 1289 id = read_dword(s, s->dsa + sextract32(insn, 0, 24)); 1290 } else { 1291 id = insn; 1292 } 1293 id = (id >> 16) & 0xf; 1294 if (insn & (1 << 26)) { 1295 addr = s->dsp + sextract32(addr, 0, 24); 1296 } 1297 s->dnad = addr; 1298 switch (opcode) { 1299 case 0: /* Select */ 1300 s->sdid = id; 1301 if (s->scntl1 & LSI_SCNTL1_CON) { 1302 trace_lsi_execute_script_io_alreadyreselected(); 1303 s->dsp = s->dnad; 1304 break; 1305 } 1306 s->sstat0 |= LSI_SSTAT0_WOA; 1307 s->scntl1 &= ~LSI_SCNTL1_IARB; 1308 if (!scsi_device_find(&s->bus, 0, id, 0)) { 1309 lsi_bad_selection(s, id); 1310 break; 1311 } 1312 trace_lsi_execute_script_io_selected(id, 1313 insn & (1 << 3) ? " ATN" : ""); 1314 /* ??? Linux drivers compain when this is set. Maybe 1315 it only applies in low-level mode (unimplemented). 1316 lsi_script_scsi_interrupt(s, LSI_SIST0_CMP, 0); */ 1317 s->select_tag = id << 8; 1318 s->scntl1 |= LSI_SCNTL1_CON; 1319 if (insn & (1 << 3)) { 1320 s->socl |= LSI_SOCL_ATN; 1321 s->sbcl |= LSI_SBCL_ATN; 1322 } 1323 s->sbcl |= LSI_SBCL_BSY; 1324 lsi_set_phase(s, PHASE_MO); 1325 s->waiting = LSI_NOWAIT; 1326 break; 1327 case 1: /* Disconnect */ 1328 trace_lsi_execute_script_io_disconnect(); 1329 s->scntl1 &= ~LSI_SCNTL1_CON; 1330 /* FIXME: this is not entirely correct; the target need not ask 1331 * for reselection until it has to send data, while here we force a 1332 * reselection as soon as the bus is free. The correct flow would 1333 * reselect before lsi_transfer_data and disconnect as soon as 1334 * DMA ends. 1335 */ 1336 if (!s->current) { 1337 lsi_request *p = get_pending_req(s); 1338 if (p) { 1339 lsi_reselect(s, p); 1340 } 1341 } 1342 break; 1343 case 2: /* Wait Reselect */ 1344 if (s->istat0 & LSI_ISTAT0_SIGP) { 1345 s->dsp = s->dnad; 1346 } else if (!lsi_irq_on_rsl(s)) { 1347 lsi_wait_reselect(s); 1348 } 1349 break; 1350 case 3: /* Set */ 1351 trace_lsi_execute_script_io_set( 1352 insn & (1 << 3) ? " ATN" : "", 1353 insn & (1 << 6) ? " ACK" : "", 1354 insn & (1 << 9) ? " TM" : "", 1355 insn & (1 << 10) ? " CC" : ""); 1356 if (insn & (1 << 3)) { 1357 s->socl |= LSI_SOCL_ATN; 1358 s->sbcl |= LSI_SBCL_ATN; 1359 lsi_set_phase(s, PHASE_MO); 1360 } 1361 1362 if (insn & (1 << 6)) { 1363 s->sbcl |= LSI_SBCL_ACK; 1364 } 1365 1366 if (insn & (1 << 9)) { 1367 qemu_log_mask(LOG_UNIMP, 1368 "lsi_scsi: Target mode not implemented\n"); 1369 } 1370 if (insn & (1 << 10)) 1371 s->carry = 1; 1372 break; 1373 case 4: /* Clear */ 1374 trace_lsi_execute_script_io_clear( 1375 insn & (1 << 3) ? " ATN" : "", 1376 insn & (1 << 6) ? " ACK" : "", 1377 insn & (1 << 9) ? " TM" : "", 1378 insn & (1 << 10) ? " CC" : ""); 1379 if (insn & (1 << 3)) { 1380 s->socl &= ~LSI_SOCL_ATN; 1381 s->sbcl &= ~LSI_SBCL_ATN; 1382 } 1383 1384 if (insn & (1 << 6)) { 1385 s->sbcl &= ~LSI_SBCL_ACK; 1386 } 1387 1388 if (insn & (1 << 10)) 1389 s->carry = 0; 1390 break; 1391 } 1392 } else { 1393 uint8_t op0; 1394 uint8_t op1; 1395 uint8_t data8; 1396 int reg; 1397 int operator; 1398 1399 static const char *opcode_names[3] = 1400 {"Write", "Read", "Read-Modify-Write"}; 1401 static const char *operator_names[8] = 1402 {"MOV", "SHL", "OR", "XOR", "AND", "SHR", "ADD", "ADC"}; 1403 1404 reg = ((insn >> 16) & 0x7f) | (insn & 0x80); 1405 data8 = (insn >> 8) & 0xff; 1406 opcode = (insn >> 27) & 7; 1407 operator = (insn >> 24) & 7; 1408 trace_lsi_execute_script_io_opcode( 1409 opcode_names[opcode - 5], reg, 1410 operator_names[operator], data8, s->sfbr, 1411 (insn & (1 << 23)) ? " SFBR" : ""); 1412 op0 = op1 = 0; 1413 switch (opcode) { 1414 case 5: /* From SFBR */ 1415 op0 = s->sfbr; 1416 op1 = data8; 1417 break; 1418 case 6: /* To SFBR */ 1419 if (operator) 1420 op0 = lsi_reg_readb(s, reg); 1421 op1 = data8; 1422 break; 1423 case 7: /* Read-modify-write */ 1424 if (operator) 1425 op0 = lsi_reg_readb(s, reg); 1426 if (insn & (1 << 23)) { 1427 op1 = s->sfbr; 1428 } else { 1429 op1 = data8; 1430 } 1431 break; 1432 } 1433 1434 switch (operator) { 1435 case 0: /* move */ 1436 op0 = op1; 1437 break; 1438 case 1: /* Shift left */ 1439 op1 = op0 >> 7; 1440 op0 = (op0 << 1) | s->carry; 1441 s->carry = op1; 1442 break; 1443 case 2: /* OR */ 1444 op0 |= op1; 1445 break; 1446 case 3: /* XOR */ 1447 op0 ^= op1; 1448 break; 1449 case 4: /* AND */ 1450 op0 &= op1; 1451 break; 1452 case 5: /* SHR */ 1453 op1 = op0 & 1; 1454 op0 = (op0 >> 1) | (s->carry << 7); 1455 s->carry = op1; 1456 break; 1457 case 6: /* ADD */ 1458 op0 += op1; 1459 s->carry = op0 < op1; 1460 break; 1461 case 7: /* ADC */ 1462 op0 += op1 + s->carry; 1463 if (s->carry) 1464 s->carry = op0 <= op1; 1465 else 1466 s->carry = op0 < op1; 1467 break; 1468 } 1469 1470 switch (opcode) { 1471 case 5: /* From SFBR */ 1472 case 7: /* Read-modify-write */ 1473 lsi_reg_writeb(s, reg, op0); 1474 break; 1475 case 6: /* To SFBR */ 1476 s->sfbr = op0; 1477 break; 1478 } 1479 } 1480 break; 1481 1482 case 2: /* Transfer Control. */ 1483 { 1484 int cond; 1485 int jmp; 1486 1487 if ((insn & 0x002e0000) == 0) { 1488 trace_lsi_execute_script_tc_nop(); 1489 break; 1490 } 1491 if (s->sist1 & LSI_SIST1_STO) { 1492 trace_lsi_execute_script_tc_delayedselect_timeout(); 1493 lsi_stop_script(s); 1494 break; 1495 } 1496 cond = jmp = (insn & (1 << 19)) != 0; 1497 if (cond == jmp && (insn & (1 << 21))) { 1498 trace_lsi_execute_script_tc_compc(s->carry == jmp); 1499 cond = s->carry != 0; 1500 } 1501 if (cond == jmp && (insn & (1 << 17))) { 1502 trace_lsi_execute_script_tc_compp(scsi_phase_name(s->sstat1), 1503 jmp ? '=' : '!', scsi_phase_name(insn >> 24)); 1504 cond = (s->sstat1 & PHASE_MASK) == ((insn >> 24) & 7); 1505 } 1506 if (cond == jmp && (insn & (1 << 18))) { 1507 uint8_t mask; 1508 1509 mask = (~insn >> 8) & 0xff; 1510 trace_lsi_execute_script_tc_compd( 1511 s->sfbr, mask, jmp ? '=' : '!', insn & mask); 1512 cond = (s->sfbr & mask) == (insn & mask); 1513 } 1514 if (cond == jmp) { 1515 if (insn & (1 << 23)) { 1516 /* Relative address. */ 1517 addr = s->dsp + sextract32(addr, 0, 24); 1518 } 1519 switch ((insn >> 27) & 7) { 1520 case 0: /* Jump */ 1521 trace_lsi_execute_script_tc_jump(addr); 1522 s->adder = addr; 1523 s->dsp = addr; 1524 break; 1525 case 1: /* Call */ 1526 trace_lsi_execute_script_tc_call(addr); 1527 s->temp = s->dsp; 1528 s->dsp = addr; 1529 break; 1530 case 2: /* Return */ 1531 trace_lsi_execute_script_tc_return(s->temp); 1532 s->dsp = s->temp; 1533 break; 1534 case 3: /* Interrupt */ 1535 trace_lsi_execute_script_tc_interrupt(s->dsps); 1536 if ((insn & (1 << 20)) != 0) { 1537 s->istat0 |= LSI_ISTAT0_INTF; 1538 lsi_update_irq(s); 1539 } else { 1540 lsi_script_dma_interrupt(s, LSI_DSTAT_SIR); 1541 } 1542 break; 1543 default: 1544 trace_lsi_execute_script_tc_illegal(); 1545 lsi_script_dma_interrupt(s, LSI_DSTAT_IID); 1546 break; 1547 } 1548 } else { 1549 trace_lsi_execute_script_tc_cc_failed(); 1550 } 1551 } 1552 break; 1553 1554 case 3: 1555 if ((insn & (1 << 29)) == 0) { 1556 /* Memory move. */ 1557 uint32_t dest; 1558 /* ??? The docs imply the destination address is loaded into 1559 the TEMP register. However the Linux drivers rely on 1560 the value being presrved. */ 1561 dest = read_dword(s, s->dsp); 1562 s->dsp += 4; 1563 lsi_memcpy(s, dest, addr, insn & 0xffffff); 1564 } else { 1565 uint8_t data[7]; 1566 int reg; 1567 int n; 1568 int i; 1569 1570 if (insn & (1 << 28)) { 1571 addr = s->dsa + sextract32(addr, 0, 24); 1572 } 1573 n = (insn & 7); 1574 reg = (insn >> 16) & 0xff; 1575 if (insn & (1 << 24)) { 1576 pci_dma_read(pci_dev, addr, data, n); 1577 trace_lsi_execute_script_mm_load(reg, n, addr, *(int *)data); 1578 for (i = 0; i < n; i++) { 1579 lsi_reg_writeb(s, reg + i, data[i]); 1580 } 1581 } else { 1582 trace_lsi_execute_script_mm_store(reg, n, addr); 1583 for (i = 0; i < n; i++) { 1584 data[i] = lsi_reg_readb(s, reg + i); 1585 } 1586 pci_dma_write(pci_dev, addr, data, n); 1587 } 1588 } 1589 } 1590 if (s->istat1 & LSI_ISTAT1_SRUN && s->waiting == LSI_NOWAIT) { 1591 if (s->dcntl & LSI_DCNTL_SSM) { 1592 lsi_script_dma_interrupt(s, LSI_DSTAT_SSI); 1593 } else { 1594 goto again; 1595 } 1596 } 1597 trace_lsi_execute_script_stop(); 1598 } 1599 1600 static uint8_t lsi_reg_readb(LSIState *s, int offset) 1601 { 1602 uint8_t ret; 1603 1604 #define CASE_GET_REG24(name, addr) \ 1605 case addr: ret = s->name & 0xff; break; \ 1606 case addr + 1: ret = (s->name >> 8) & 0xff; break; \ 1607 case addr + 2: ret = (s->name >> 16) & 0xff; break; 1608 1609 #define CASE_GET_REG32(name, addr) \ 1610 case addr: ret = s->name & 0xff; break; \ 1611 case addr + 1: ret = (s->name >> 8) & 0xff; break; \ 1612 case addr + 2: ret = (s->name >> 16) & 0xff; break; \ 1613 case addr + 3: ret = (s->name >> 24) & 0xff; break; 1614 1615 switch (offset) { 1616 case 0x00: /* SCNTL0 */ 1617 ret = s->scntl0; 1618 break; 1619 case 0x01: /* SCNTL1 */ 1620 ret = s->scntl1; 1621 break; 1622 case 0x02: /* SCNTL2 */ 1623 ret = s->scntl2; 1624 break; 1625 case 0x03: /* SCNTL3 */ 1626 ret = s->scntl3; 1627 break; 1628 case 0x04: /* SCID */ 1629 ret = s->scid; 1630 break; 1631 case 0x05: /* SXFER */ 1632 ret = s->sxfer; 1633 break; 1634 case 0x06: /* SDID */ 1635 ret = s->sdid; 1636 break; 1637 case 0x07: /* GPREG0 */ 1638 ret = 0x7f; 1639 break; 1640 case 0x08: /* Revision ID */ 1641 ret = 0x00; 1642 break; 1643 case 0x09: /* SOCL */ 1644 ret = s->socl; 1645 break; 1646 case 0xa: /* SSID */ 1647 ret = s->ssid; 1648 break; 1649 case 0xb: /* SBCL */ 1650 ret = s->sbcl; 1651 break; 1652 case 0xc: /* DSTAT */ 1653 ret = s->dstat | LSI_DSTAT_DFE; 1654 if ((s->istat0 & LSI_ISTAT0_INTF) == 0) 1655 s->dstat = 0; 1656 lsi_update_irq(s); 1657 break; 1658 case 0x0d: /* SSTAT0 */ 1659 ret = s->sstat0; 1660 break; 1661 case 0x0e: /* SSTAT1 */ 1662 ret = s->sstat1; 1663 break; 1664 case 0x0f: /* SSTAT2 */ 1665 ret = s->scntl1 & LSI_SCNTL1_CON ? 0 : 2; 1666 break; 1667 CASE_GET_REG32(dsa, 0x10) 1668 case 0x14: /* ISTAT0 */ 1669 ret = s->istat0; 1670 break; 1671 case 0x15: /* ISTAT1 */ 1672 ret = s->istat1; 1673 break; 1674 case 0x16: /* MBOX0 */ 1675 ret = s->mbox0; 1676 break; 1677 case 0x17: /* MBOX1 */ 1678 ret = s->mbox1; 1679 break; 1680 case 0x18: /* CTEST0 */ 1681 ret = 0xff; 1682 break; 1683 case 0x19: /* CTEST1 */ 1684 ret = 0; 1685 break; 1686 case 0x1a: /* CTEST2 */ 1687 ret = s->ctest2 | LSI_CTEST2_DACK | LSI_CTEST2_CM; 1688 if (s->istat0 & LSI_ISTAT0_SIGP) { 1689 s->istat0 &= ~LSI_ISTAT0_SIGP; 1690 ret |= LSI_CTEST2_SIGP; 1691 } 1692 break; 1693 case 0x1b: /* CTEST3 */ 1694 ret = s->ctest3; 1695 break; 1696 CASE_GET_REG32(temp, 0x1c) 1697 case 0x20: /* DFIFO */ 1698 ret = s->dfifo; 1699 break; 1700 case 0x21: /* CTEST4 */ 1701 ret = s->ctest4; 1702 break; 1703 case 0x22: /* CTEST5 */ 1704 ret = s->ctest5; 1705 break; 1706 case 0x23: /* CTEST6 */ 1707 ret = 0; 1708 break; 1709 CASE_GET_REG24(dbc, 0x24) 1710 case 0x27: /* DCMD */ 1711 ret = s->dcmd; 1712 break; 1713 CASE_GET_REG32(dnad, 0x28) 1714 CASE_GET_REG32(dsp, 0x2c) 1715 CASE_GET_REG32(dsps, 0x30) 1716 CASE_GET_REG32(scratch[0], 0x34) 1717 case 0x38: /* DMODE */ 1718 ret = s->dmode; 1719 break; 1720 case 0x39: /* DIEN */ 1721 ret = s->dien; 1722 break; 1723 case 0x3a: /* SBR */ 1724 ret = s->sbr; 1725 break; 1726 case 0x3b: /* DCNTL */ 1727 ret = s->dcntl; 1728 break; 1729 /* ADDER Output (Debug of relative jump address) */ 1730 CASE_GET_REG32(adder, 0x3c) 1731 case 0x40: /* SIEN0 */ 1732 ret = s->sien0; 1733 break; 1734 case 0x41: /* SIEN1 */ 1735 ret = s->sien1; 1736 break; 1737 case 0x42: /* SIST0 */ 1738 ret = s->sist0; 1739 s->sist0 = 0; 1740 lsi_update_irq(s); 1741 break; 1742 case 0x43: /* SIST1 */ 1743 ret = s->sist1; 1744 s->sist1 = 0; 1745 lsi_update_irq(s); 1746 break; 1747 case 0x46: /* MACNTL */ 1748 ret = 0x0f; 1749 break; 1750 case 0x47: /* GPCNTL0 */ 1751 ret = 0x0f; 1752 break; 1753 case 0x48: /* STIME0 */ 1754 ret = s->stime0; 1755 break; 1756 case 0x4a: /* RESPID0 */ 1757 ret = s->respid0; 1758 break; 1759 case 0x4b: /* RESPID1 */ 1760 ret = s->respid1; 1761 break; 1762 case 0x4d: /* STEST1 */ 1763 ret = s->stest1; 1764 break; 1765 case 0x4e: /* STEST2 */ 1766 ret = s->stest2; 1767 break; 1768 case 0x4f: /* STEST3 */ 1769 ret = s->stest3; 1770 break; 1771 case 0x50: /* SIDL */ 1772 /* This is needed by the linux drivers. We currently only update it 1773 during the MSG IN phase. */ 1774 ret = s->sidl; 1775 break; 1776 case 0x52: /* STEST4 */ 1777 ret = 0xe0; 1778 break; 1779 case 0x56: /* CCNTL0 */ 1780 ret = s->ccntl0; 1781 break; 1782 case 0x57: /* CCNTL1 */ 1783 ret = s->ccntl1; 1784 break; 1785 case 0x58: /* SBDL */ 1786 /* Some drivers peek at the data bus during the MSG IN phase. */ 1787 if ((s->sstat1 & PHASE_MASK) == PHASE_MI) { 1788 assert(s->msg_len > 0); 1789 return s->msg[0]; 1790 } 1791 ret = 0; 1792 break; 1793 case 0x59: /* SBDL high */ 1794 ret = 0; 1795 break; 1796 CASE_GET_REG32(mmrs, 0xa0) 1797 CASE_GET_REG32(mmws, 0xa4) 1798 CASE_GET_REG32(sfs, 0xa8) 1799 CASE_GET_REG32(drs, 0xac) 1800 CASE_GET_REG32(sbms, 0xb0) 1801 CASE_GET_REG32(dbms, 0xb4) 1802 CASE_GET_REG32(dnad64, 0xb8) 1803 CASE_GET_REG32(pmjad1, 0xc0) 1804 CASE_GET_REG32(pmjad2, 0xc4) 1805 CASE_GET_REG32(rbc, 0xc8) 1806 CASE_GET_REG32(ua, 0xcc) 1807 CASE_GET_REG32(ia, 0xd4) 1808 CASE_GET_REG32(sbc, 0xd8) 1809 CASE_GET_REG32(csbc, 0xdc) 1810 case 0x5c ... 0x9f: 1811 { 1812 int n; 1813 int shift; 1814 n = (offset - 0x58) >> 2; 1815 shift = (offset & 3) * 8; 1816 ret = (s->scratch[n] >> shift) & 0xff; 1817 break; 1818 } 1819 default: 1820 { 1821 qemu_log_mask(LOG_GUEST_ERROR, 1822 "lsi_scsi: invalid read from reg %s %x\n", 1823 offset < ARRAY_SIZE(names) ? names[offset] : "???", 1824 offset); 1825 ret = 0xff; 1826 break; 1827 } 1828 } 1829 #undef CASE_GET_REG24 1830 #undef CASE_GET_REG32 1831 1832 trace_lsi_reg_read(offset < ARRAY_SIZE(names) ? names[offset] : "???", 1833 offset, ret); 1834 1835 return ret; 1836 } 1837 1838 static void lsi_reg_writeb(LSIState *s, int offset, uint8_t val) 1839 { 1840 #define CASE_SET_REG24(name, addr) \ 1841 case addr : s->name &= 0xffffff00; s->name |= val; break; \ 1842 case addr + 1: s->name &= 0xffff00ff; s->name |= val << 8; break; \ 1843 case addr + 2: s->name &= 0xff00ffff; s->name |= val << 16; break; 1844 1845 #define CASE_SET_REG32(name, addr) \ 1846 case addr : s->name &= 0xffffff00; s->name |= val; break; \ 1847 case addr + 1: s->name &= 0xffff00ff; s->name |= val << 8; break; \ 1848 case addr + 2: s->name &= 0xff00ffff; s->name |= val << 16; break; \ 1849 case addr + 3: s->name &= 0x00ffffff; s->name |= val << 24; break; 1850 1851 trace_lsi_reg_write(offset < ARRAY_SIZE(names) ? names[offset] : "???", 1852 offset, val); 1853 1854 switch (offset) { 1855 case 0x00: /* SCNTL0 */ 1856 s->scntl0 = val; 1857 if (val & LSI_SCNTL0_START) { 1858 qemu_log_mask(LOG_UNIMP, 1859 "lsi_scsi: Start sequence not implemented\n"); 1860 } 1861 break; 1862 case 0x01: /* SCNTL1 */ 1863 s->scntl1 = val & ~LSI_SCNTL1_SST; 1864 if (val & LSI_SCNTL1_IARB) { 1865 qemu_log_mask(LOG_UNIMP, 1866 "lsi_scsi: Immediate Arbritration not implemented\n"); 1867 } 1868 if (val & LSI_SCNTL1_RST) { 1869 if (!(s->sstat0 & LSI_SSTAT0_RST)) { 1870 qbus_reset_all(BUS(&s->bus)); 1871 s->sstat0 |= LSI_SSTAT0_RST; 1872 lsi_script_scsi_interrupt(s, LSI_SIST0_RST, 0); 1873 } 1874 } else { 1875 s->sstat0 &= ~LSI_SSTAT0_RST; 1876 } 1877 break; 1878 case 0x02: /* SCNTL2 */ 1879 val &= ~(LSI_SCNTL2_WSR | LSI_SCNTL2_WSS); 1880 s->scntl2 = val; 1881 break; 1882 case 0x03: /* SCNTL3 */ 1883 s->scntl3 = val; 1884 break; 1885 case 0x04: /* SCID */ 1886 s->scid = val; 1887 break; 1888 case 0x05: /* SXFER */ 1889 s->sxfer = val; 1890 break; 1891 case 0x06: /* SDID */ 1892 if ((s->ssid & 0x80) && (val & 0xf) != (s->ssid & 0xf)) { 1893 qemu_log_mask(LOG_GUEST_ERROR, 1894 "lsi_scsi: Destination ID does not match SSID\n"); 1895 } 1896 s->sdid = val & 0xf; 1897 break; 1898 case 0x07: /* GPREG0 */ 1899 break; 1900 case 0x08: /* SFBR */ 1901 /* The CPU is not allowed to write to this register. However the 1902 SCRIPTS register move instructions are. */ 1903 s->sfbr = val; 1904 break; 1905 case 0x0a: case 0x0b: 1906 /* Openserver writes to these readonly registers on startup */ 1907 return; 1908 case 0x0c: case 0x0d: case 0x0e: case 0x0f: 1909 /* Linux writes to these readonly registers on startup. */ 1910 return; 1911 CASE_SET_REG32(dsa, 0x10) 1912 case 0x14: /* ISTAT0 */ 1913 s->istat0 = (s->istat0 & 0x0f) | (val & 0xf0); 1914 if (val & LSI_ISTAT0_ABRT) { 1915 lsi_script_dma_interrupt(s, LSI_DSTAT_ABRT); 1916 } 1917 if (val & LSI_ISTAT0_INTF) { 1918 s->istat0 &= ~LSI_ISTAT0_INTF; 1919 lsi_update_irq(s); 1920 } 1921 if (s->waiting == LSI_WAIT_RESELECT && val & LSI_ISTAT0_SIGP) { 1922 trace_lsi_awoken(); 1923 s->waiting = LSI_NOWAIT; 1924 s->dsp = s->dnad; 1925 lsi_execute_script(s); 1926 } 1927 if (val & LSI_ISTAT0_SRST) { 1928 qdev_reset_all(DEVICE(s)); 1929 } 1930 break; 1931 case 0x16: /* MBOX0 */ 1932 s->mbox0 = val; 1933 break; 1934 case 0x17: /* MBOX1 */ 1935 s->mbox1 = val; 1936 break; 1937 case 0x18: /* CTEST0 */ 1938 /* nothing to do */ 1939 break; 1940 case 0x1a: /* CTEST2 */ 1941 s->ctest2 = val & LSI_CTEST2_PCICIE; 1942 break; 1943 case 0x1b: /* CTEST3 */ 1944 s->ctest3 = val & 0x0f; 1945 break; 1946 CASE_SET_REG32(temp, 0x1c) 1947 case 0x21: /* CTEST4 */ 1948 if (val & 7) { 1949 qemu_log_mask(LOG_UNIMP, 1950 "lsi_scsi: Unimplemented CTEST4-FBL 0x%x\n", val); 1951 } 1952 s->ctest4 = val; 1953 break; 1954 case 0x22: /* CTEST5 */ 1955 if (val & (LSI_CTEST5_ADCK | LSI_CTEST5_BBCK)) { 1956 qemu_log_mask(LOG_UNIMP, 1957 "lsi_scsi: CTEST5 DMA increment not implemented\n"); 1958 } 1959 s->ctest5 = val; 1960 break; 1961 CASE_SET_REG24(dbc, 0x24) 1962 CASE_SET_REG32(dnad, 0x28) 1963 case 0x2c: /* DSP[0:7] */ 1964 s->dsp &= 0xffffff00; 1965 s->dsp |= val; 1966 break; 1967 case 0x2d: /* DSP[8:15] */ 1968 s->dsp &= 0xffff00ff; 1969 s->dsp |= val << 8; 1970 break; 1971 case 0x2e: /* DSP[16:23] */ 1972 s->dsp &= 0xff00ffff; 1973 s->dsp |= val << 16; 1974 break; 1975 case 0x2f: /* DSP[24:31] */ 1976 s->dsp &= 0x00ffffff; 1977 s->dsp |= val << 24; 1978 /* 1979 * FIXME: if s->waiting != LSI_NOWAIT, this will only execute one 1980 * instruction. Is this correct? 1981 */ 1982 if ((s->dmode & LSI_DMODE_MAN) == 0 1983 && (s->istat1 & LSI_ISTAT1_SRUN) == 0) 1984 lsi_execute_script(s); 1985 break; 1986 CASE_SET_REG32(dsps, 0x30) 1987 CASE_SET_REG32(scratch[0], 0x34) 1988 case 0x38: /* DMODE */ 1989 s->dmode = val; 1990 break; 1991 case 0x39: /* DIEN */ 1992 s->dien = val; 1993 lsi_update_irq(s); 1994 break; 1995 case 0x3a: /* SBR */ 1996 s->sbr = val; 1997 break; 1998 case 0x3b: /* DCNTL */ 1999 s->dcntl = val & ~(LSI_DCNTL_PFF | LSI_DCNTL_STD); 2000 /* 2001 * FIXME: if s->waiting != LSI_NOWAIT, this will only execute one 2002 * instruction. Is this correct? 2003 */ 2004 if ((val & LSI_DCNTL_STD) && (s->istat1 & LSI_ISTAT1_SRUN) == 0) 2005 lsi_execute_script(s); 2006 break; 2007 case 0x40: /* SIEN0 */ 2008 s->sien0 = val; 2009 lsi_update_irq(s); 2010 break; 2011 case 0x41: /* SIEN1 */ 2012 s->sien1 = val; 2013 lsi_update_irq(s); 2014 break; 2015 case 0x47: /* GPCNTL0 */ 2016 break; 2017 case 0x48: /* STIME0 */ 2018 s->stime0 = val; 2019 break; 2020 case 0x49: /* STIME1 */ 2021 if (val & 0xf) { 2022 qemu_log_mask(LOG_UNIMP, 2023 "lsi_scsi: General purpose timer not implemented\n"); 2024 /* ??? Raising the interrupt immediately seems to be sufficient 2025 to keep the FreeBSD driver happy. */ 2026 lsi_script_scsi_interrupt(s, 0, LSI_SIST1_GEN); 2027 } 2028 break; 2029 case 0x4a: /* RESPID0 */ 2030 s->respid0 = val; 2031 break; 2032 case 0x4b: /* RESPID1 */ 2033 s->respid1 = val; 2034 break; 2035 case 0x4d: /* STEST1 */ 2036 s->stest1 = val; 2037 break; 2038 case 0x4e: /* STEST2 */ 2039 if (val & 1) { 2040 qemu_log_mask(LOG_UNIMP, 2041 "lsi_scsi: Low level mode not implemented\n"); 2042 } 2043 s->stest2 = val; 2044 break; 2045 case 0x4f: /* STEST3 */ 2046 if (val & 0x41) { 2047 qemu_log_mask(LOG_UNIMP, 2048 "lsi_scsi: SCSI FIFO test mode not implemented\n"); 2049 } 2050 s->stest3 = val; 2051 break; 2052 case 0x56: /* CCNTL0 */ 2053 s->ccntl0 = val; 2054 break; 2055 case 0x57: /* CCNTL1 */ 2056 s->ccntl1 = val; 2057 break; 2058 CASE_SET_REG32(mmrs, 0xa0) 2059 CASE_SET_REG32(mmws, 0xa4) 2060 CASE_SET_REG32(sfs, 0xa8) 2061 CASE_SET_REG32(drs, 0xac) 2062 CASE_SET_REG32(sbms, 0xb0) 2063 CASE_SET_REG32(dbms, 0xb4) 2064 CASE_SET_REG32(dnad64, 0xb8) 2065 CASE_SET_REG32(pmjad1, 0xc0) 2066 CASE_SET_REG32(pmjad2, 0xc4) 2067 CASE_SET_REG32(rbc, 0xc8) 2068 CASE_SET_REG32(ua, 0xcc) 2069 CASE_SET_REG32(ia, 0xd4) 2070 CASE_SET_REG32(sbc, 0xd8) 2071 CASE_SET_REG32(csbc, 0xdc) 2072 default: 2073 if (offset >= 0x5c && offset < 0xa0) { 2074 int n; 2075 int shift; 2076 n = (offset - 0x58) >> 2; 2077 shift = (offset & 3) * 8; 2078 s->scratch[n] = deposit32(s->scratch[n], shift, 8, val); 2079 } else { 2080 qemu_log_mask(LOG_GUEST_ERROR, 2081 "lsi_scsi: invalid write to reg %s %x (0x%02x)\n", 2082 offset < ARRAY_SIZE(names) ? names[offset] : "???", 2083 offset, val); 2084 } 2085 } 2086 #undef CASE_SET_REG24 2087 #undef CASE_SET_REG32 2088 } 2089 2090 static void lsi_mmio_write(void *opaque, hwaddr addr, 2091 uint64_t val, unsigned size) 2092 { 2093 LSIState *s = opaque; 2094 2095 lsi_reg_writeb(s, addr & 0xff, val); 2096 } 2097 2098 static uint64_t lsi_mmio_read(void *opaque, hwaddr addr, 2099 unsigned size) 2100 { 2101 LSIState *s = opaque; 2102 return lsi_reg_readb(s, addr & 0xff); 2103 } 2104 2105 static const MemoryRegionOps lsi_mmio_ops = { 2106 .read = lsi_mmio_read, 2107 .write = lsi_mmio_write, 2108 .endianness = DEVICE_LITTLE_ENDIAN, 2109 .impl = { 2110 .min_access_size = 1, 2111 .max_access_size = 1, 2112 }, 2113 }; 2114 2115 static void lsi_ram_write(void *opaque, hwaddr addr, 2116 uint64_t val, unsigned size) 2117 { 2118 LSIState *s = opaque; 2119 stn_le_p(s->script_ram + addr, size, val); 2120 } 2121 2122 static uint64_t lsi_ram_read(void *opaque, hwaddr addr, 2123 unsigned size) 2124 { 2125 LSIState *s = opaque; 2126 return ldn_le_p(s->script_ram + addr, size); 2127 } 2128 2129 static const MemoryRegionOps lsi_ram_ops = { 2130 .read = lsi_ram_read, 2131 .write = lsi_ram_write, 2132 .endianness = DEVICE_LITTLE_ENDIAN, 2133 }; 2134 2135 static uint64_t lsi_io_read(void *opaque, hwaddr addr, 2136 unsigned size) 2137 { 2138 LSIState *s = opaque; 2139 return lsi_reg_readb(s, addr & 0xff); 2140 } 2141 2142 static void lsi_io_write(void *opaque, hwaddr addr, 2143 uint64_t val, unsigned size) 2144 { 2145 LSIState *s = opaque; 2146 lsi_reg_writeb(s, addr & 0xff, val); 2147 } 2148 2149 static const MemoryRegionOps lsi_io_ops = { 2150 .read = lsi_io_read, 2151 .write = lsi_io_write, 2152 .endianness = DEVICE_LITTLE_ENDIAN, 2153 .impl = { 2154 .min_access_size = 1, 2155 .max_access_size = 1, 2156 }, 2157 }; 2158 2159 static void lsi_scsi_reset(DeviceState *dev) 2160 { 2161 LSIState *s = LSI53C895A(dev); 2162 2163 lsi_soft_reset(s); 2164 } 2165 2166 static int lsi_pre_save(void *opaque) 2167 { 2168 LSIState *s = opaque; 2169 2170 if (s->current) { 2171 assert(s->current->dma_buf == NULL); 2172 assert(s->current->dma_len == 0); 2173 } 2174 assert(QTAILQ_EMPTY(&s->queue)); 2175 2176 return 0; 2177 } 2178 2179 static int lsi_post_load(void *opaque, int version_id) 2180 { 2181 LSIState *s = opaque; 2182 2183 if (s->msg_len < 0 || s->msg_len > LSI_MAX_MSGIN_LEN) { 2184 return -EINVAL; 2185 } 2186 2187 return 0; 2188 } 2189 2190 static const VMStateDescription vmstate_lsi_scsi = { 2191 .name = "lsiscsi", 2192 .version_id = 1, 2193 .minimum_version_id = 0, 2194 .pre_save = lsi_pre_save, 2195 .post_load = lsi_post_load, 2196 .fields = (VMStateField[]) { 2197 VMSTATE_PCI_DEVICE(parent_obj, LSIState), 2198 2199 VMSTATE_INT32(carry, LSIState), 2200 VMSTATE_INT32(status, LSIState), 2201 VMSTATE_INT32(msg_action, LSIState), 2202 VMSTATE_INT32(msg_len, LSIState), 2203 VMSTATE_BUFFER(msg, LSIState), 2204 VMSTATE_INT32(waiting, LSIState), 2205 2206 VMSTATE_UINT32(dsa, LSIState), 2207 VMSTATE_UINT32(temp, LSIState), 2208 VMSTATE_UINT32(dnad, LSIState), 2209 VMSTATE_UINT32(dbc, LSIState), 2210 VMSTATE_UINT8(istat0, LSIState), 2211 VMSTATE_UINT8(istat1, LSIState), 2212 VMSTATE_UINT8(dcmd, LSIState), 2213 VMSTATE_UINT8(dstat, LSIState), 2214 VMSTATE_UINT8(dien, LSIState), 2215 VMSTATE_UINT8(sist0, LSIState), 2216 VMSTATE_UINT8(sist1, LSIState), 2217 VMSTATE_UINT8(sien0, LSIState), 2218 VMSTATE_UINT8(sien1, LSIState), 2219 VMSTATE_UINT8(mbox0, LSIState), 2220 VMSTATE_UINT8(mbox1, LSIState), 2221 VMSTATE_UINT8(dfifo, LSIState), 2222 VMSTATE_UINT8(ctest2, LSIState), 2223 VMSTATE_UINT8(ctest3, LSIState), 2224 VMSTATE_UINT8(ctest4, LSIState), 2225 VMSTATE_UINT8(ctest5, LSIState), 2226 VMSTATE_UINT8(ccntl0, LSIState), 2227 VMSTATE_UINT8(ccntl1, LSIState), 2228 VMSTATE_UINT32(dsp, LSIState), 2229 VMSTATE_UINT32(dsps, LSIState), 2230 VMSTATE_UINT8(dmode, LSIState), 2231 VMSTATE_UINT8(dcntl, LSIState), 2232 VMSTATE_UINT8(scntl0, LSIState), 2233 VMSTATE_UINT8(scntl1, LSIState), 2234 VMSTATE_UINT8(scntl2, LSIState), 2235 VMSTATE_UINT8(scntl3, LSIState), 2236 VMSTATE_UINT8(sstat0, LSIState), 2237 VMSTATE_UINT8(sstat1, LSIState), 2238 VMSTATE_UINT8(scid, LSIState), 2239 VMSTATE_UINT8(sxfer, LSIState), 2240 VMSTATE_UINT8(socl, LSIState), 2241 VMSTATE_UINT8(sdid, LSIState), 2242 VMSTATE_UINT8(ssid, LSIState), 2243 VMSTATE_UINT8(sfbr, LSIState), 2244 VMSTATE_UINT8(stest1, LSIState), 2245 VMSTATE_UINT8(stest2, LSIState), 2246 VMSTATE_UINT8(stest3, LSIState), 2247 VMSTATE_UINT8(sidl, LSIState), 2248 VMSTATE_UINT8(stime0, LSIState), 2249 VMSTATE_UINT8(respid0, LSIState), 2250 VMSTATE_UINT8(respid1, LSIState), 2251 VMSTATE_UINT8_V(sbcl, LSIState, 1), 2252 VMSTATE_UINT32(mmrs, LSIState), 2253 VMSTATE_UINT32(mmws, LSIState), 2254 VMSTATE_UINT32(sfs, LSIState), 2255 VMSTATE_UINT32(drs, LSIState), 2256 VMSTATE_UINT32(sbms, LSIState), 2257 VMSTATE_UINT32(dbms, LSIState), 2258 VMSTATE_UINT32(dnad64, LSIState), 2259 VMSTATE_UINT32(pmjad1, LSIState), 2260 VMSTATE_UINT32(pmjad2, LSIState), 2261 VMSTATE_UINT32(rbc, LSIState), 2262 VMSTATE_UINT32(ua, LSIState), 2263 VMSTATE_UINT32(ia, LSIState), 2264 VMSTATE_UINT32(sbc, LSIState), 2265 VMSTATE_UINT32(csbc, LSIState), 2266 VMSTATE_BUFFER_UNSAFE(scratch, LSIState, 0, 18 * sizeof(uint32_t)), 2267 VMSTATE_UINT8(sbr, LSIState), 2268 2269 VMSTATE_BUFFER_UNSAFE(script_ram, LSIState, 0, 8192), 2270 VMSTATE_END_OF_LIST() 2271 } 2272 }; 2273 2274 static const struct SCSIBusInfo lsi_scsi_info = { 2275 .tcq = true, 2276 .max_target = LSI_MAX_DEVS, 2277 .max_lun = 0, /* LUN support is buggy */ 2278 2279 .transfer_data = lsi_transfer_data, 2280 .complete = lsi_command_complete, 2281 .cancel = lsi_request_cancelled 2282 }; 2283 2284 static void lsi_scsi_realize(PCIDevice *dev, Error **errp) 2285 { 2286 LSIState *s = LSI53C895A(dev); 2287 DeviceState *d = DEVICE(dev); 2288 uint8_t *pci_conf; 2289 2290 pci_conf = dev->config; 2291 2292 /* PCI latency timer = 255 */ 2293 pci_conf[PCI_LATENCY_TIMER] = 0xff; 2294 /* Interrupt pin A */ 2295 pci_conf[PCI_INTERRUPT_PIN] = 0x01; 2296 2297 memory_region_init_io(&s->mmio_io, OBJECT(s), &lsi_mmio_ops, s, 2298 "lsi-mmio", 0x400); 2299 memory_region_init_io(&s->ram_io, OBJECT(s), &lsi_ram_ops, s, 2300 "lsi-ram", 0x2000); 2301 memory_region_init_io(&s->io_io, OBJECT(s), &lsi_io_ops, s, 2302 "lsi-io", 256); 2303 2304 address_space_init(&s->pci_io_as, pci_address_space_io(dev), "lsi-pci-io"); 2305 qdev_init_gpio_out(d, &s->ext_irq, 1); 2306 2307 pci_register_bar(dev, 0, PCI_BASE_ADDRESS_SPACE_IO, &s->io_io); 2308 pci_register_bar(dev, 1, PCI_BASE_ADDRESS_SPACE_MEMORY, &s->mmio_io); 2309 pci_register_bar(dev, 2, PCI_BASE_ADDRESS_SPACE_MEMORY, &s->ram_io); 2310 QTAILQ_INIT(&s->queue); 2311 2312 scsi_bus_new(&s->bus, sizeof(s->bus), d, &lsi_scsi_info, NULL); 2313 } 2314 2315 static void lsi_scsi_exit(PCIDevice *dev) 2316 { 2317 LSIState *s = LSI53C895A(dev); 2318 2319 address_space_destroy(&s->pci_io_as); 2320 } 2321 2322 static void lsi_class_init(ObjectClass *klass, void *data) 2323 { 2324 DeviceClass *dc = DEVICE_CLASS(klass); 2325 PCIDeviceClass *k = PCI_DEVICE_CLASS(klass); 2326 2327 k->realize = lsi_scsi_realize; 2328 k->exit = lsi_scsi_exit; 2329 k->vendor_id = PCI_VENDOR_ID_LSI_LOGIC; 2330 k->device_id = PCI_DEVICE_ID_LSI_53C895A; 2331 k->class_id = PCI_CLASS_STORAGE_SCSI; 2332 k->subsystem_id = 0x1000; 2333 dc->reset = lsi_scsi_reset; 2334 dc->vmsd = &vmstate_lsi_scsi; 2335 set_bit(DEVICE_CATEGORY_STORAGE, dc->categories); 2336 } 2337 2338 static const TypeInfo lsi_info = { 2339 .name = TYPE_LSI53C895A, 2340 .parent = TYPE_PCI_DEVICE, 2341 .instance_size = sizeof(LSIState), 2342 .class_init = lsi_class_init, 2343 .interfaces = (InterfaceInfo[]) { 2344 { INTERFACE_CONVENTIONAL_PCI_DEVICE }, 2345 { }, 2346 }, 2347 }; 2348 2349 static void lsi53c810_class_init(ObjectClass *klass, void *data) 2350 { 2351 PCIDeviceClass *k = PCI_DEVICE_CLASS(klass); 2352 2353 k->device_id = PCI_DEVICE_ID_LSI_53C810; 2354 } 2355 2356 static TypeInfo lsi53c810_info = { 2357 .name = TYPE_LSI53C810, 2358 .parent = TYPE_LSI53C895A, 2359 .class_init = lsi53c810_class_init, 2360 }; 2361 2362 static void lsi53c895a_register_types(void) 2363 { 2364 type_register_static(&lsi_info); 2365 type_register_static(&lsi53c810_info); 2366 } 2367 2368 type_init(lsi53c895a_register_types) 2369 2370 void lsi53c8xx_handle_legacy_cmdline(DeviceState *lsi_dev) 2371 { 2372 LSIState *s = LSI53C895A(lsi_dev); 2373 2374 scsi_bus_legacy_handle_cmdline(&s->bus); 2375 } 2376