1 /* 2 * QEMU LSI53C895A SCSI Host Bus Adapter emulation 3 * 4 * Copyright (c) 2006 CodeSourcery. 5 * Written by Paul Brook 6 * 7 * This code is licensed under the LGPL. 8 */ 9 10 /* Note: 11 * LSI53C810 emulation is incorrect, in the sense that it supports 12 * features added in later evolutions. This should not be a problem, 13 * as well-behaved operating systems will not try to use them. 14 */ 15 16 #include "qemu/osdep.h" 17 18 #include "hw/hw.h" 19 #include "hw/irq.h" 20 #include "hw/pci/pci.h" 21 #include "hw/scsi/scsi.h" 22 #include "migration/vmstate.h" 23 #include "sysemu/dma.h" 24 #include "qemu/log.h" 25 #include "qemu/module.h" 26 #include "trace.h" 27 28 static const char *names[] = { 29 "SCNTL0", "SCNTL1", "SCNTL2", "SCNTL3", "SCID", "SXFER", "SDID", "GPREG", 30 "SFBR", "SOCL", "SSID", "SBCL", "DSTAT", "SSTAT0", "SSTAT1", "SSTAT2", 31 "DSA0", "DSA1", "DSA2", "DSA3", "ISTAT", "0x15", "0x16", "0x17", 32 "CTEST0", "CTEST1", "CTEST2", "CTEST3", "TEMP0", "TEMP1", "TEMP2", "TEMP3", 33 "DFIFO", "CTEST4", "CTEST5", "CTEST6", "DBC0", "DBC1", "DBC2", "DCMD", 34 "DNAD0", "DNAD1", "DNAD2", "DNAD3", "DSP0", "DSP1", "DSP2", "DSP3", 35 "DSPS0", "DSPS1", "DSPS2", "DSPS3", "SCRATCHA0", "SCRATCHA1", "SCRATCHA2", "SCRATCHA3", 36 "DMODE", "DIEN", "SBR", "DCNTL", "ADDER0", "ADDER1", "ADDER2", "ADDER3", 37 "SIEN0", "SIEN1", "SIST0", "SIST1", "SLPAR", "0x45", "MACNTL", "GPCNTL", 38 "STIME0", "STIME1", "RESPID", "0x4b", "STEST0", "STEST1", "STEST2", "STEST3", 39 "SIDL", "0x51", "0x52", "0x53", "SODL", "0x55", "0x56", "0x57", 40 "SBDL", "0x59", "0x5a", "0x5b", "SCRATCHB0", "SCRATCHB1", "SCRATCHB2", "SCRATCHB3", 41 }; 42 43 #define LSI_MAX_DEVS 7 44 45 #define LSI_SCNTL0_TRG 0x01 46 #define LSI_SCNTL0_AAP 0x02 47 #define LSI_SCNTL0_EPC 0x08 48 #define LSI_SCNTL0_WATN 0x10 49 #define LSI_SCNTL0_START 0x20 50 51 #define LSI_SCNTL1_SST 0x01 52 #define LSI_SCNTL1_IARB 0x02 53 #define LSI_SCNTL1_AESP 0x04 54 #define LSI_SCNTL1_RST 0x08 55 #define LSI_SCNTL1_CON 0x10 56 #define LSI_SCNTL1_DHP 0x20 57 #define LSI_SCNTL1_ADB 0x40 58 #define LSI_SCNTL1_EXC 0x80 59 60 #define LSI_SCNTL2_WSR 0x01 61 #define LSI_SCNTL2_VUE0 0x02 62 #define LSI_SCNTL2_VUE1 0x04 63 #define LSI_SCNTL2_WSS 0x08 64 #define LSI_SCNTL2_SLPHBEN 0x10 65 #define LSI_SCNTL2_SLPMD 0x20 66 #define LSI_SCNTL2_CHM 0x40 67 #define LSI_SCNTL2_SDU 0x80 68 69 #define LSI_ISTAT0_DIP 0x01 70 #define LSI_ISTAT0_SIP 0x02 71 #define LSI_ISTAT0_INTF 0x04 72 #define LSI_ISTAT0_CON 0x08 73 #define LSI_ISTAT0_SEM 0x10 74 #define LSI_ISTAT0_SIGP 0x20 75 #define LSI_ISTAT0_SRST 0x40 76 #define LSI_ISTAT0_ABRT 0x80 77 78 #define LSI_ISTAT1_SI 0x01 79 #define LSI_ISTAT1_SRUN 0x02 80 #define LSI_ISTAT1_FLSH 0x04 81 82 #define LSI_SSTAT0_SDP0 0x01 83 #define LSI_SSTAT0_RST 0x02 84 #define LSI_SSTAT0_WOA 0x04 85 #define LSI_SSTAT0_LOA 0x08 86 #define LSI_SSTAT0_AIP 0x10 87 #define LSI_SSTAT0_OLF 0x20 88 #define LSI_SSTAT0_ORF 0x40 89 #define LSI_SSTAT0_ILF 0x80 90 91 #define LSI_SIST0_PAR 0x01 92 #define LSI_SIST0_RST 0x02 93 #define LSI_SIST0_UDC 0x04 94 #define LSI_SIST0_SGE 0x08 95 #define LSI_SIST0_RSL 0x10 96 #define LSI_SIST0_SEL 0x20 97 #define LSI_SIST0_CMP 0x40 98 #define LSI_SIST0_MA 0x80 99 100 #define LSI_SIST1_HTH 0x01 101 #define LSI_SIST1_GEN 0x02 102 #define LSI_SIST1_STO 0x04 103 #define LSI_SIST1_SBMC 0x10 104 105 #define LSI_SOCL_IO 0x01 106 #define LSI_SOCL_CD 0x02 107 #define LSI_SOCL_MSG 0x04 108 #define LSI_SOCL_ATN 0x08 109 #define LSI_SOCL_SEL 0x10 110 #define LSI_SOCL_BSY 0x20 111 #define LSI_SOCL_ACK 0x40 112 #define LSI_SOCL_REQ 0x80 113 114 #define LSI_DSTAT_IID 0x01 115 #define LSI_DSTAT_SIR 0x04 116 #define LSI_DSTAT_SSI 0x08 117 #define LSI_DSTAT_ABRT 0x10 118 #define LSI_DSTAT_BF 0x20 119 #define LSI_DSTAT_MDPE 0x40 120 #define LSI_DSTAT_DFE 0x80 121 122 #define LSI_DCNTL_COM 0x01 123 #define LSI_DCNTL_IRQD 0x02 124 #define LSI_DCNTL_STD 0x04 125 #define LSI_DCNTL_IRQM 0x08 126 #define LSI_DCNTL_SSM 0x10 127 #define LSI_DCNTL_PFEN 0x20 128 #define LSI_DCNTL_PFF 0x40 129 #define LSI_DCNTL_CLSE 0x80 130 131 #define LSI_DMODE_MAN 0x01 132 #define LSI_DMODE_BOF 0x02 133 #define LSI_DMODE_ERMP 0x04 134 #define LSI_DMODE_ERL 0x08 135 #define LSI_DMODE_DIOM 0x10 136 #define LSI_DMODE_SIOM 0x20 137 138 #define LSI_CTEST2_DACK 0x01 139 #define LSI_CTEST2_DREQ 0x02 140 #define LSI_CTEST2_TEOP 0x04 141 #define LSI_CTEST2_PCICIE 0x08 142 #define LSI_CTEST2_CM 0x10 143 #define LSI_CTEST2_CIO 0x20 144 #define LSI_CTEST2_SIGP 0x40 145 #define LSI_CTEST2_DDIR 0x80 146 147 #define LSI_CTEST5_BL2 0x04 148 #define LSI_CTEST5_DDIR 0x08 149 #define LSI_CTEST5_MASR 0x10 150 #define LSI_CTEST5_DFSN 0x20 151 #define LSI_CTEST5_BBCK 0x40 152 #define LSI_CTEST5_ADCK 0x80 153 154 #define LSI_CCNTL0_DILS 0x01 155 #define LSI_CCNTL0_DISFC 0x10 156 #define LSI_CCNTL0_ENNDJ 0x20 157 #define LSI_CCNTL0_PMJCTL 0x40 158 #define LSI_CCNTL0_ENPMJ 0x80 159 160 #define LSI_CCNTL1_EN64DBMV 0x01 161 #define LSI_CCNTL1_EN64TIBMV 0x02 162 #define LSI_CCNTL1_64TIMOD 0x04 163 #define LSI_CCNTL1_DDAC 0x08 164 #define LSI_CCNTL1_ZMOD 0x80 165 166 #define LSI_SBCL_ATN 0x08 167 #define LSI_SBCL_BSY 0x20 168 #define LSI_SBCL_ACK 0x40 169 #define LSI_SBCL_REQ 0x80 170 171 /* Enable Response to Reselection */ 172 #define LSI_SCID_RRE 0x60 173 174 #define LSI_CCNTL1_40BIT (LSI_CCNTL1_EN64TIBMV|LSI_CCNTL1_64TIMOD) 175 176 #define PHASE_DO 0 177 #define PHASE_DI 1 178 #define PHASE_CMD 2 179 #define PHASE_ST 3 180 #define PHASE_MO 6 181 #define PHASE_MI 7 182 #define PHASE_MASK 7 183 184 /* Maximum length of MSG IN data. */ 185 #define LSI_MAX_MSGIN_LEN 8 186 187 /* Flag set if this is a tagged command. */ 188 #define LSI_TAG_VALID (1 << 16) 189 190 typedef struct lsi_request { 191 SCSIRequest *req; 192 uint32_t tag; 193 uint32_t dma_len; 194 uint8_t *dma_buf; 195 uint32_t pending; 196 int out; 197 QTAILQ_ENTRY(lsi_request) next; 198 } lsi_request; 199 200 enum { 201 LSI_NOWAIT, /* SCRIPTS are running or stopped */ 202 LSI_WAIT_RESELECT, /* Wait Reselect instruction has been issued */ 203 LSI_DMA_SCRIPTS, /* processing DMA from lsi_execute_script */ 204 LSI_DMA_IN_PROGRESS, /* DMA operation is in progress */ 205 }; 206 207 enum { 208 LSI_MSG_ACTION_COMMAND = 0, 209 LSI_MSG_ACTION_DISCONNECT = 1, 210 LSI_MSG_ACTION_DOUT = 2, 211 LSI_MSG_ACTION_DIN = 3, 212 }; 213 214 typedef struct { 215 /*< private >*/ 216 PCIDevice parent_obj; 217 /*< public >*/ 218 219 qemu_irq ext_irq; 220 MemoryRegion mmio_io; 221 MemoryRegion ram_io; 222 MemoryRegion io_io; 223 AddressSpace pci_io_as; 224 225 int carry; /* ??? Should this be an a visible register somewhere? */ 226 int status; 227 int msg_action; 228 int msg_len; 229 uint8_t msg[LSI_MAX_MSGIN_LEN]; 230 int waiting; 231 SCSIBus bus; 232 int current_lun; 233 /* The tag is a combination of the device ID and the SCSI tag. */ 234 uint32_t select_tag; 235 int command_complete; 236 QTAILQ_HEAD(, lsi_request) queue; 237 lsi_request *current; 238 239 uint32_t dsa; 240 uint32_t temp; 241 uint32_t dnad; 242 uint32_t dbc; 243 uint8_t istat0; 244 uint8_t istat1; 245 uint8_t dcmd; 246 uint8_t dstat; 247 uint8_t dien; 248 uint8_t sist0; 249 uint8_t sist1; 250 uint8_t sien0; 251 uint8_t sien1; 252 uint8_t mbox0; 253 uint8_t mbox1; 254 uint8_t dfifo; 255 uint8_t ctest2; 256 uint8_t ctest3; 257 uint8_t ctest4; 258 uint8_t ctest5; 259 uint8_t ccntl0; 260 uint8_t ccntl1; 261 uint32_t dsp; 262 uint32_t dsps; 263 uint8_t dmode; 264 uint8_t dcntl; 265 uint8_t scntl0; 266 uint8_t scntl1; 267 uint8_t scntl2; 268 uint8_t scntl3; 269 uint8_t sstat0; 270 uint8_t sstat1; 271 uint8_t scid; 272 uint8_t sxfer; 273 uint8_t socl; 274 uint8_t sdid; 275 uint8_t ssid; 276 uint8_t sfbr; 277 uint8_t sbcl; 278 uint8_t stest1; 279 uint8_t stest2; 280 uint8_t stest3; 281 uint8_t sidl; 282 uint8_t stime0; 283 uint8_t respid0; 284 uint8_t respid1; 285 uint32_t mmrs; 286 uint32_t mmws; 287 uint32_t sfs; 288 uint32_t drs; 289 uint32_t sbms; 290 uint32_t dbms; 291 uint32_t dnad64; 292 uint32_t pmjad1; 293 uint32_t pmjad2; 294 uint32_t rbc; 295 uint32_t ua; 296 uint32_t ia; 297 uint32_t sbc; 298 uint32_t csbc; 299 uint32_t scratch[18]; /* SCRATCHA-SCRATCHR */ 300 uint8_t sbr; 301 uint32_t adder; 302 303 uint8_t script_ram[2048 * sizeof(uint32_t)]; 304 } LSIState; 305 306 #define TYPE_LSI53C810 "lsi53c810" 307 #define TYPE_LSI53C895A "lsi53c895a" 308 309 #define LSI53C895A(obj) \ 310 OBJECT_CHECK(LSIState, (obj), TYPE_LSI53C895A) 311 312 static const char *scsi_phases[] = { 313 "DOUT", 314 "DIN", 315 "CMD", 316 "STATUS", 317 "RSVOUT", 318 "RSVIN", 319 "MSGOUT", 320 "MSGIN" 321 }; 322 323 static const char *scsi_phase_name(int phase) 324 { 325 return scsi_phases[phase & PHASE_MASK]; 326 } 327 328 static inline int lsi_irq_on_rsl(LSIState *s) 329 { 330 return (s->sien0 & LSI_SIST0_RSL) && (s->scid & LSI_SCID_RRE); 331 } 332 333 static lsi_request *get_pending_req(LSIState *s) 334 { 335 lsi_request *p; 336 337 QTAILQ_FOREACH(p, &s->queue, next) { 338 if (p->pending) { 339 return p; 340 } 341 } 342 return NULL; 343 } 344 345 static void lsi_soft_reset(LSIState *s) 346 { 347 trace_lsi_reset(); 348 s->carry = 0; 349 350 s->msg_action = LSI_MSG_ACTION_COMMAND; 351 s->msg_len = 0; 352 s->waiting = LSI_NOWAIT; 353 s->dsa = 0; 354 s->dnad = 0; 355 s->dbc = 0; 356 s->temp = 0; 357 memset(s->scratch, 0, sizeof(s->scratch)); 358 s->istat0 = 0; 359 s->istat1 = 0; 360 s->dcmd = 0x40; 361 s->dstat = 0; 362 s->dien = 0; 363 s->sist0 = 0; 364 s->sist1 = 0; 365 s->sien0 = 0; 366 s->sien1 = 0; 367 s->mbox0 = 0; 368 s->mbox1 = 0; 369 s->dfifo = 0; 370 s->ctest2 = LSI_CTEST2_DACK; 371 s->ctest3 = 0; 372 s->ctest4 = 0; 373 s->ctest5 = 0; 374 s->ccntl0 = 0; 375 s->ccntl1 = 0; 376 s->dsp = 0; 377 s->dsps = 0; 378 s->dmode = 0; 379 s->dcntl = 0; 380 s->scntl0 = 0xc0; 381 s->scntl1 = 0; 382 s->scntl2 = 0; 383 s->scntl3 = 0; 384 s->sstat0 = 0; 385 s->sstat1 = 0; 386 s->scid = 7; 387 s->sxfer = 0; 388 s->socl = 0; 389 s->sdid = 0; 390 s->ssid = 0; 391 s->sbcl = 0; 392 s->stest1 = 0; 393 s->stest2 = 0; 394 s->stest3 = 0; 395 s->sidl = 0; 396 s->stime0 = 0; 397 s->respid0 = 0x80; 398 s->respid1 = 0; 399 s->mmrs = 0; 400 s->mmws = 0; 401 s->sfs = 0; 402 s->drs = 0; 403 s->sbms = 0; 404 s->dbms = 0; 405 s->dnad64 = 0; 406 s->pmjad1 = 0; 407 s->pmjad2 = 0; 408 s->rbc = 0; 409 s->ua = 0; 410 s->ia = 0; 411 s->sbc = 0; 412 s->csbc = 0; 413 s->sbr = 0; 414 assert(QTAILQ_EMPTY(&s->queue)); 415 assert(!s->current); 416 } 417 418 static int lsi_dma_40bit(LSIState *s) 419 { 420 if ((s->ccntl1 & LSI_CCNTL1_40BIT) == LSI_CCNTL1_40BIT) 421 return 1; 422 return 0; 423 } 424 425 static int lsi_dma_ti64bit(LSIState *s) 426 { 427 if ((s->ccntl1 & LSI_CCNTL1_EN64TIBMV) == LSI_CCNTL1_EN64TIBMV) 428 return 1; 429 return 0; 430 } 431 432 static int lsi_dma_64bit(LSIState *s) 433 { 434 if ((s->ccntl1 & LSI_CCNTL1_EN64DBMV) == LSI_CCNTL1_EN64DBMV) 435 return 1; 436 return 0; 437 } 438 439 static uint8_t lsi_reg_readb(LSIState *s, int offset); 440 static void lsi_reg_writeb(LSIState *s, int offset, uint8_t val); 441 static void lsi_execute_script(LSIState *s); 442 static void lsi_reselect(LSIState *s, lsi_request *p); 443 444 static inline void lsi_mem_read(LSIState *s, dma_addr_t addr, 445 void *buf, dma_addr_t len) 446 { 447 if (s->dmode & LSI_DMODE_SIOM) { 448 address_space_read(&s->pci_io_as, addr, MEMTXATTRS_UNSPECIFIED, 449 buf, len); 450 } else { 451 pci_dma_read(PCI_DEVICE(s), addr, buf, len); 452 } 453 } 454 455 static inline void lsi_mem_write(LSIState *s, dma_addr_t addr, 456 const void *buf, dma_addr_t len) 457 { 458 if (s->dmode & LSI_DMODE_DIOM) { 459 address_space_write(&s->pci_io_as, addr, MEMTXATTRS_UNSPECIFIED, 460 buf, len); 461 } else { 462 pci_dma_write(PCI_DEVICE(s), addr, buf, len); 463 } 464 } 465 466 static inline uint32_t read_dword(LSIState *s, uint32_t addr) 467 { 468 uint32_t buf; 469 470 pci_dma_read(PCI_DEVICE(s), addr, &buf, 4); 471 return cpu_to_le32(buf); 472 } 473 474 static void lsi_stop_script(LSIState *s) 475 { 476 s->istat1 &= ~LSI_ISTAT1_SRUN; 477 } 478 479 static void lsi_set_irq(LSIState *s, int level) 480 { 481 PCIDevice *d = PCI_DEVICE(s); 482 483 if (s->ext_irq) { 484 qemu_set_irq(s->ext_irq, level); 485 } else { 486 pci_set_irq(d, level); 487 } 488 } 489 490 static void lsi_update_irq(LSIState *s) 491 { 492 int level; 493 static int last_level; 494 495 /* It's unclear whether the DIP/SIP bits should be cleared when the 496 Interrupt Status Registers are cleared or when istat0 is read. 497 We currently do the formwer, which seems to work. */ 498 level = 0; 499 if (s->dstat) { 500 if (s->dstat & s->dien) 501 level = 1; 502 s->istat0 |= LSI_ISTAT0_DIP; 503 } else { 504 s->istat0 &= ~LSI_ISTAT0_DIP; 505 } 506 507 if (s->sist0 || s->sist1) { 508 if ((s->sist0 & s->sien0) || (s->sist1 & s->sien1)) 509 level = 1; 510 s->istat0 |= LSI_ISTAT0_SIP; 511 } else { 512 s->istat0 &= ~LSI_ISTAT0_SIP; 513 } 514 if (s->istat0 & LSI_ISTAT0_INTF) 515 level = 1; 516 517 if (level != last_level) { 518 trace_lsi_update_irq(level, s->dstat, s->sist1, s->sist0); 519 last_level = level; 520 } 521 lsi_set_irq(s, level); 522 523 if (!s->current && !level && lsi_irq_on_rsl(s) && !(s->scntl1 & LSI_SCNTL1_CON)) { 524 lsi_request *p; 525 526 trace_lsi_update_irq_disconnected(); 527 p = get_pending_req(s); 528 if (p) { 529 lsi_reselect(s, p); 530 } 531 } 532 } 533 534 /* Stop SCRIPTS execution and raise a SCSI interrupt. */ 535 static void lsi_script_scsi_interrupt(LSIState *s, int stat0, int stat1) 536 { 537 uint32_t mask0; 538 uint32_t mask1; 539 540 trace_lsi_script_scsi_interrupt(stat1, stat0, s->sist1, s->sist0); 541 s->sist0 |= stat0; 542 s->sist1 |= stat1; 543 /* Stop processor on fatal or unmasked interrupt. As a special hack 544 we don't stop processing when raising STO. Instead continue 545 execution and stop at the next insn that accesses the SCSI bus. */ 546 mask0 = s->sien0 | ~(LSI_SIST0_CMP | LSI_SIST0_SEL | LSI_SIST0_RSL); 547 mask1 = s->sien1 | ~(LSI_SIST1_GEN | LSI_SIST1_HTH); 548 mask1 &= ~LSI_SIST1_STO; 549 if (s->sist0 & mask0 || s->sist1 & mask1) { 550 lsi_stop_script(s); 551 } 552 lsi_update_irq(s); 553 } 554 555 /* Stop SCRIPTS execution and raise a DMA interrupt. */ 556 static void lsi_script_dma_interrupt(LSIState *s, int stat) 557 { 558 trace_lsi_script_dma_interrupt(stat, s->dstat); 559 s->dstat |= stat; 560 lsi_update_irq(s); 561 lsi_stop_script(s); 562 } 563 564 static inline void lsi_set_phase(LSIState *s, int phase) 565 { 566 s->sbcl &= ~PHASE_MASK; 567 s->sbcl |= phase | LSI_SBCL_REQ; 568 s->sstat1 = (s->sstat1 & ~PHASE_MASK) | phase; 569 } 570 571 static void lsi_bad_phase(LSIState *s, int out, int new_phase) 572 { 573 /* Trigger a phase mismatch. */ 574 if (s->ccntl0 & LSI_CCNTL0_ENPMJ) { 575 if ((s->ccntl0 & LSI_CCNTL0_PMJCTL)) { 576 s->dsp = out ? s->pmjad1 : s->pmjad2; 577 } else { 578 s->dsp = (s->scntl2 & LSI_SCNTL2_WSR ? s->pmjad2 : s->pmjad1); 579 } 580 trace_lsi_bad_phase_jump(s->dsp); 581 } else { 582 trace_lsi_bad_phase_interrupt(); 583 lsi_script_scsi_interrupt(s, LSI_SIST0_MA, 0); 584 lsi_stop_script(s); 585 } 586 lsi_set_phase(s, new_phase); 587 } 588 589 590 /* Resume SCRIPTS execution after a DMA operation. */ 591 static void lsi_resume_script(LSIState *s) 592 { 593 if (s->waiting != 2) { 594 s->waiting = LSI_NOWAIT; 595 lsi_execute_script(s); 596 } else { 597 s->waiting = LSI_NOWAIT; 598 } 599 } 600 601 static void lsi_disconnect(LSIState *s) 602 { 603 s->scntl1 &= ~LSI_SCNTL1_CON; 604 s->sstat1 &= ~PHASE_MASK; 605 s->sbcl = 0; 606 } 607 608 static void lsi_bad_selection(LSIState *s, uint32_t id) 609 { 610 trace_lsi_bad_selection(id); 611 lsi_script_scsi_interrupt(s, 0, LSI_SIST1_STO); 612 lsi_disconnect(s); 613 } 614 615 /* Initiate a SCSI layer data transfer. */ 616 static void lsi_do_dma(LSIState *s, int out) 617 { 618 uint32_t count; 619 dma_addr_t addr; 620 SCSIDevice *dev; 621 622 assert(s->current); 623 if (!s->current->dma_len) { 624 /* Wait until data is available. */ 625 trace_lsi_do_dma_unavailable(); 626 return; 627 } 628 629 dev = s->current->req->dev; 630 assert(dev); 631 632 count = s->dbc; 633 if (count > s->current->dma_len) 634 count = s->current->dma_len; 635 636 addr = s->dnad; 637 /* both 40 and Table Indirect 64-bit DMAs store upper bits in dnad64 */ 638 if (lsi_dma_40bit(s) || lsi_dma_ti64bit(s)) 639 addr |= ((uint64_t)s->dnad64 << 32); 640 else if (s->dbms) 641 addr |= ((uint64_t)s->dbms << 32); 642 else if (s->sbms) 643 addr |= ((uint64_t)s->sbms << 32); 644 645 trace_lsi_do_dma(addr, count); 646 s->csbc += count; 647 s->dnad += count; 648 s->dbc -= count; 649 if (s->current->dma_buf == NULL) { 650 s->current->dma_buf = scsi_req_get_buf(s->current->req); 651 } 652 /* ??? Set SFBR to first data byte. */ 653 if (out) { 654 lsi_mem_read(s, addr, s->current->dma_buf, count); 655 } else { 656 lsi_mem_write(s, addr, s->current->dma_buf, count); 657 } 658 s->current->dma_len -= count; 659 if (s->current->dma_len == 0) { 660 s->current->dma_buf = NULL; 661 scsi_req_continue(s->current->req); 662 } else { 663 s->current->dma_buf += count; 664 lsi_resume_script(s); 665 } 666 } 667 668 669 /* Add a command to the queue. */ 670 static void lsi_queue_command(LSIState *s) 671 { 672 lsi_request *p = s->current; 673 674 trace_lsi_queue_command(p->tag); 675 assert(s->current != NULL); 676 assert(s->current->dma_len == 0); 677 QTAILQ_INSERT_TAIL(&s->queue, s->current, next); 678 s->current = NULL; 679 680 p->pending = 0; 681 p->out = (s->sstat1 & PHASE_MASK) == PHASE_DO; 682 } 683 684 /* Queue a byte for a MSG IN phase. */ 685 static void lsi_add_msg_byte(LSIState *s, uint8_t data) 686 { 687 if (s->msg_len >= LSI_MAX_MSGIN_LEN) { 688 trace_lsi_add_msg_byte_error(); 689 } else { 690 trace_lsi_add_msg_byte(data); 691 s->msg[s->msg_len++] = data; 692 } 693 } 694 695 /* Perform reselection to continue a command. */ 696 static void lsi_reselect(LSIState *s, lsi_request *p) 697 { 698 int id; 699 700 assert(s->current == NULL); 701 QTAILQ_REMOVE(&s->queue, p, next); 702 s->current = p; 703 704 id = (p->tag >> 8) & 0xf; 705 s->ssid = id | 0x80; 706 /* LSI53C700 Family Compatibility, see LSI53C895A 4-73 */ 707 if (!(s->dcntl & LSI_DCNTL_COM)) { 708 s->sfbr = 1 << (id & 0x7); 709 } 710 trace_lsi_reselect(id); 711 s->scntl1 |= LSI_SCNTL1_CON; 712 lsi_set_phase(s, PHASE_MI); 713 s->msg_action = p->out ? LSI_MSG_ACTION_DOUT : LSI_MSG_ACTION_DIN; 714 s->current->dma_len = p->pending; 715 lsi_add_msg_byte(s, 0x80); 716 if (s->current->tag & LSI_TAG_VALID) { 717 lsi_add_msg_byte(s, 0x20); 718 lsi_add_msg_byte(s, p->tag & 0xff); 719 } 720 721 if (lsi_irq_on_rsl(s)) { 722 lsi_script_scsi_interrupt(s, LSI_SIST0_RSL, 0); 723 } 724 } 725 726 static lsi_request *lsi_find_by_tag(LSIState *s, uint32_t tag) 727 { 728 lsi_request *p; 729 730 QTAILQ_FOREACH(p, &s->queue, next) { 731 if (p->tag == tag) { 732 return p; 733 } 734 } 735 736 return NULL; 737 } 738 739 static void lsi_request_free(LSIState *s, lsi_request *p) 740 { 741 if (p == s->current) { 742 s->current = NULL; 743 } else { 744 QTAILQ_REMOVE(&s->queue, p, next); 745 } 746 g_free(p); 747 } 748 749 static void lsi_request_cancelled(SCSIRequest *req) 750 { 751 LSIState *s = LSI53C895A(req->bus->qbus.parent); 752 lsi_request *p = req->hba_private; 753 754 req->hba_private = NULL; 755 lsi_request_free(s, p); 756 scsi_req_unref(req); 757 } 758 759 /* Record that data is available for a queued command. Returns zero if 760 the device was reselected, nonzero if the IO is deferred. */ 761 static int lsi_queue_req(LSIState *s, SCSIRequest *req, uint32_t len) 762 { 763 lsi_request *p = req->hba_private; 764 765 if (p->pending) { 766 trace_lsi_queue_req_error(p); 767 } 768 p->pending = len; 769 /* Reselect if waiting for it, or if reselection triggers an IRQ 770 and the bus is free. 771 Since no interrupt stacking is implemented in the emulation, it 772 is also required that there are no pending interrupts waiting 773 for service from the device driver. */ 774 if (s->waiting == LSI_WAIT_RESELECT || 775 (lsi_irq_on_rsl(s) && !(s->scntl1 & LSI_SCNTL1_CON) && 776 !(s->istat0 & (LSI_ISTAT0_SIP | LSI_ISTAT0_DIP)))) { 777 /* Reselect device. */ 778 lsi_reselect(s, p); 779 return 0; 780 } else { 781 trace_lsi_queue_req(p->tag); 782 p->pending = len; 783 return 1; 784 } 785 } 786 787 /* Callback to indicate that the SCSI layer has completed a command. */ 788 static void lsi_command_complete(SCSIRequest *req, uint32_t status, size_t resid) 789 { 790 LSIState *s = LSI53C895A(req->bus->qbus.parent); 791 int out; 792 793 out = (s->sstat1 & PHASE_MASK) == PHASE_DO; 794 trace_lsi_command_complete(status); 795 s->status = status; 796 s->command_complete = 2; 797 if (s->waiting && s->dbc != 0) { 798 /* Raise phase mismatch for short transfers. */ 799 lsi_bad_phase(s, out, PHASE_ST); 800 } else { 801 lsi_set_phase(s, PHASE_ST); 802 } 803 804 if (req->hba_private == s->current) { 805 req->hba_private = NULL; 806 lsi_request_free(s, s->current); 807 scsi_req_unref(req); 808 } 809 lsi_resume_script(s); 810 } 811 812 /* Callback to indicate that the SCSI layer has completed a transfer. */ 813 static void lsi_transfer_data(SCSIRequest *req, uint32_t len) 814 { 815 LSIState *s = LSI53C895A(req->bus->qbus.parent); 816 int out; 817 818 assert(req->hba_private); 819 if (s->waiting == LSI_WAIT_RESELECT || req->hba_private != s->current || 820 (lsi_irq_on_rsl(s) && !(s->scntl1 & LSI_SCNTL1_CON))) { 821 if (lsi_queue_req(s, req, len)) { 822 return; 823 } 824 } 825 826 out = (s->sstat1 & PHASE_MASK) == PHASE_DO; 827 828 /* host adapter (re)connected */ 829 trace_lsi_transfer_data(req->tag, len); 830 s->current->dma_len = len; 831 s->command_complete = 1; 832 if (s->waiting) { 833 if (s->waiting == LSI_WAIT_RESELECT || s->dbc == 0) { 834 lsi_resume_script(s); 835 } else { 836 lsi_do_dma(s, out); 837 } 838 } 839 } 840 841 static void lsi_do_command(LSIState *s) 842 { 843 SCSIDevice *dev; 844 uint8_t buf[16]; 845 uint32_t id; 846 int n; 847 848 trace_lsi_do_command(s->dbc); 849 if (s->dbc > 16) 850 s->dbc = 16; 851 pci_dma_read(PCI_DEVICE(s), s->dnad, buf, s->dbc); 852 s->sfbr = buf[0]; 853 s->command_complete = 0; 854 855 id = (s->select_tag >> 8) & 0xf; 856 dev = scsi_device_find(&s->bus, 0, id, s->current_lun); 857 if (!dev) { 858 lsi_bad_selection(s, id); 859 return; 860 } 861 862 assert(s->current == NULL); 863 s->current = g_new0(lsi_request, 1); 864 s->current->tag = s->select_tag; 865 s->current->req = scsi_req_new(dev, s->current->tag, s->current_lun, buf, 866 s->current); 867 868 n = scsi_req_enqueue(s->current->req); 869 if (n) { 870 if (n > 0) { 871 lsi_set_phase(s, PHASE_DI); 872 } else if (n < 0) { 873 lsi_set_phase(s, PHASE_DO); 874 } 875 scsi_req_continue(s->current->req); 876 } 877 if (!s->command_complete) { 878 if (n) { 879 /* Command did not complete immediately so disconnect. */ 880 lsi_add_msg_byte(s, 2); /* SAVE DATA POINTER */ 881 lsi_add_msg_byte(s, 4); /* DISCONNECT */ 882 /* wait data */ 883 lsi_set_phase(s, PHASE_MI); 884 s->msg_action = LSI_MSG_ACTION_DISCONNECT; 885 lsi_queue_command(s); 886 } else { 887 /* wait command complete */ 888 lsi_set_phase(s, PHASE_DI); 889 } 890 } 891 } 892 893 static void lsi_do_status(LSIState *s) 894 { 895 uint8_t status; 896 trace_lsi_do_status(s->dbc, s->status); 897 if (s->dbc != 1) { 898 trace_lsi_do_status_error(); 899 } 900 s->dbc = 1; 901 status = s->status; 902 s->sfbr = status; 903 pci_dma_write(PCI_DEVICE(s), s->dnad, &status, 1); 904 lsi_set_phase(s, PHASE_MI); 905 s->msg_action = LSI_MSG_ACTION_DISCONNECT; 906 lsi_add_msg_byte(s, 0); /* COMMAND COMPLETE */ 907 } 908 909 static void lsi_do_msgin(LSIState *s) 910 { 911 uint8_t len; 912 trace_lsi_do_msgin(s->dbc, s->msg_len); 913 s->sfbr = s->msg[0]; 914 len = s->msg_len; 915 assert(len > 0 && len <= LSI_MAX_MSGIN_LEN); 916 if (len > s->dbc) 917 len = s->dbc; 918 pci_dma_write(PCI_DEVICE(s), s->dnad, s->msg, len); 919 /* Linux drivers rely on the last byte being in the SIDL. */ 920 s->sidl = s->msg[len - 1]; 921 s->msg_len -= len; 922 if (s->msg_len) { 923 memmove(s->msg, s->msg + len, s->msg_len); 924 } else { 925 /* ??? Check if ATN (not yet implemented) is asserted and maybe 926 switch to PHASE_MO. */ 927 switch (s->msg_action) { 928 case LSI_MSG_ACTION_COMMAND: 929 lsi_set_phase(s, PHASE_CMD); 930 break; 931 case LSI_MSG_ACTION_DISCONNECT: 932 lsi_disconnect(s); 933 break; 934 case LSI_MSG_ACTION_DOUT: 935 lsi_set_phase(s, PHASE_DO); 936 break; 937 case LSI_MSG_ACTION_DIN: 938 lsi_set_phase(s, PHASE_DI); 939 break; 940 default: 941 abort(); 942 } 943 } 944 } 945 946 /* Read the next byte during a MSGOUT phase. */ 947 static uint8_t lsi_get_msgbyte(LSIState *s) 948 { 949 uint8_t data; 950 pci_dma_read(PCI_DEVICE(s), s->dnad, &data, 1); 951 s->dnad++; 952 s->dbc--; 953 return data; 954 } 955 956 /* Skip the next n bytes during a MSGOUT phase. */ 957 static void lsi_skip_msgbytes(LSIState *s, unsigned int n) 958 { 959 s->dnad += n; 960 s->dbc -= n; 961 } 962 963 static void lsi_do_msgout(LSIState *s) 964 { 965 uint8_t msg; 966 int len; 967 uint32_t current_tag; 968 lsi_request *current_req, *p, *p_next; 969 970 if (s->current) { 971 current_tag = s->current->tag; 972 current_req = s->current; 973 } else { 974 current_tag = s->select_tag; 975 current_req = lsi_find_by_tag(s, current_tag); 976 } 977 978 trace_lsi_do_msgout(s->dbc); 979 while (s->dbc) { 980 msg = lsi_get_msgbyte(s); 981 s->sfbr = msg; 982 983 switch (msg) { 984 case 0x04: 985 trace_lsi_do_msgout_disconnect(); 986 lsi_disconnect(s); 987 break; 988 case 0x08: 989 trace_lsi_do_msgout_noop(); 990 lsi_set_phase(s, PHASE_CMD); 991 break; 992 case 0x01: 993 len = lsi_get_msgbyte(s); 994 msg = lsi_get_msgbyte(s); 995 (void)len; /* avoid a warning about unused variable*/ 996 trace_lsi_do_msgout_extended(msg, len); 997 switch (msg) { 998 case 1: 999 trace_lsi_do_msgout_ignored("SDTR"); 1000 lsi_skip_msgbytes(s, 2); 1001 break; 1002 case 3: 1003 trace_lsi_do_msgout_ignored("WDTR"); 1004 lsi_skip_msgbytes(s, 1); 1005 break; 1006 case 4: 1007 trace_lsi_do_msgout_ignored("PPR"); 1008 lsi_skip_msgbytes(s, 5); 1009 break; 1010 default: 1011 goto bad; 1012 } 1013 break; 1014 case 0x20: /* SIMPLE queue */ 1015 s->select_tag |= lsi_get_msgbyte(s) | LSI_TAG_VALID; 1016 trace_lsi_do_msgout_simplequeue(s->select_tag & 0xff); 1017 break; 1018 case 0x21: /* HEAD of queue */ 1019 qemu_log_mask(LOG_UNIMP, "lsi_scsi: HEAD queue not implemented\n"); 1020 s->select_tag |= lsi_get_msgbyte(s) | LSI_TAG_VALID; 1021 break; 1022 case 0x22: /* ORDERED queue */ 1023 qemu_log_mask(LOG_UNIMP, 1024 "lsi_scsi: ORDERED queue not implemented\n"); 1025 s->select_tag |= lsi_get_msgbyte(s) | LSI_TAG_VALID; 1026 break; 1027 case 0x0d: 1028 /* The ABORT TAG message clears the current I/O process only. */ 1029 trace_lsi_do_msgout_abort(current_tag); 1030 if (current_req) { 1031 scsi_req_cancel(current_req->req); 1032 } 1033 lsi_disconnect(s); 1034 break; 1035 case 0x06: 1036 case 0x0e: 1037 case 0x0c: 1038 /* The ABORT message clears all I/O processes for the selecting 1039 initiator on the specified logical unit of the target. */ 1040 if (msg == 0x06) { 1041 trace_lsi_do_msgout_abort(current_tag); 1042 } 1043 /* The CLEAR QUEUE message clears all I/O processes for all 1044 initiators on the specified logical unit of the target. */ 1045 if (msg == 0x0e) { 1046 trace_lsi_do_msgout_clearqueue(current_tag); 1047 } 1048 /* The BUS DEVICE RESET message clears all I/O processes for all 1049 initiators on all logical units of the target. */ 1050 if (msg == 0x0c) { 1051 trace_lsi_do_msgout_busdevicereset(current_tag); 1052 } 1053 1054 /* clear the current I/O process */ 1055 if (s->current) { 1056 scsi_req_cancel(s->current->req); 1057 } 1058 1059 /* As the current implemented devices scsi_disk and scsi_generic 1060 only support one LUN, we don't need to keep track of LUNs. 1061 Clearing I/O processes for other initiators could be possible 1062 for scsi_generic by sending a SG_SCSI_RESET to the /dev/sgX 1063 device, but this is currently not implemented (and seems not 1064 to be really necessary). So let's simply clear all queued 1065 commands for the current device: */ 1066 QTAILQ_FOREACH_SAFE(p, &s->queue, next, p_next) { 1067 if ((p->tag & 0x0000ff00) == (current_tag & 0x0000ff00)) { 1068 scsi_req_cancel(p->req); 1069 } 1070 } 1071 1072 lsi_disconnect(s); 1073 break; 1074 default: 1075 if ((msg & 0x80) == 0) { 1076 goto bad; 1077 } 1078 s->current_lun = msg & 7; 1079 trace_lsi_do_msgout_select(s->current_lun); 1080 lsi_set_phase(s, PHASE_CMD); 1081 break; 1082 } 1083 } 1084 return; 1085 bad: 1086 qemu_log_mask(LOG_UNIMP, "Unimplemented message 0x%02x\n", msg); 1087 lsi_set_phase(s, PHASE_MI); 1088 lsi_add_msg_byte(s, 7); /* MESSAGE REJECT */ 1089 s->msg_action = LSI_MSG_ACTION_COMMAND; 1090 } 1091 1092 #define LSI_BUF_SIZE 4096 1093 static void lsi_memcpy(LSIState *s, uint32_t dest, uint32_t src, int count) 1094 { 1095 int n; 1096 uint8_t buf[LSI_BUF_SIZE]; 1097 1098 trace_lsi_memcpy(dest, src, count); 1099 while (count) { 1100 n = (count > LSI_BUF_SIZE) ? LSI_BUF_SIZE : count; 1101 lsi_mem_read(s, src, buf, n); 1102 lsi_mem_write(s, dest, buf, n); 1103 src += n; 1104 dest += n; 1105 count -= n; 1106 } 1107 } 1108 1109 static void lsi_wait_reselect(LSIState *s) 1110 { 1111 lsi_request *p; 1112 1113 trace_lsi_wait_reselect(); 1114 1115 if (s->current) { 1116 return; 1117 } 1118 p = get_pending_req(s); 1119 if (p) { 1120 lsi_reselect(s, p); 1121 } 1122 if (s->current == NULL) { 1123 s->waiting = LSI_WAIT_RESELECT; 1124 } 1125 } 1126 1127 static void lsi_execute_script(LSIState *s) 1128 { 1129 PCIDevice *pci_dev = PCI_DEVICE(s); 1130 uint32_t insn; 1131 uint32_t addr, addr_high; 1132 int opcode; 1133 int insn_processed = 0; 1134 1135 s->istat1 |= LSI_ISTAT1_SRUN; 1136 again: 1137 insn_processed++; 1138 insn = read_dword(s, s->dsp); 1139 if (!insn) { 1140 /* If we receive an empty opcode increment the DSP by 4 bytes 1141 instead of 8 and execute the next opcode at that location */ 1142 s->dsp += 4; 1143 goto again; 1144 } 1145 addr = read_dword(s, s->dsp + 4); 1146 addr_high = 0; 1147 trace_lsi_execute_script(s->dsp, insn, addr); 1148 s->dsps = addr; 1149 s->dcmd = insn >> 24; 1150 s->dsp += 8; 1151 switch (insn >> 30) { 1152 case 0: /* Block move. */ 1153 if (s->sist1 & LSI_SIST1_STO) { 1154 trace_lsi_execute_script_blockmove_delayed(); 1155 lsi_stop_script(s); 1156 break; 1157 } 1158 s->dbc = insn & 0xffffff; 1159 s->rbc = s->dbc; 1160 /* ??? Set ESA. */ 1161 s->ia = s->dsp - 8; 1162 if (insn & (1 << 29)) { 1163 /* Indirect addressing. */ 1164 addr = read_dword(s, addr); 1165 } else if (insn & (1 << 28)) { 1166 uint32_t buf[2]; 1167 int32_t offset; 1168 /* Table indirect addressing. */ 1169 1170 /* 32-bit Table indirect */ 1171 offset = sextract32(addr, 0, 24); 1172 pci_dma_read(pci_dev, s->dsa + offset, buf, 8); 1173 /* byte count is stored in bits 0:23 only */ 1174 s->dbc = cpu_to_le32(buf[0]) & 0xffffff; 1175 s->rbc = s->dbc; 1176 addr = cpu_to_le32(buf[1]); 1177 1178 /* 40-bit DMA, upper addr bits [39:32] stored in first DWORD of 1179 * table, bits [31:24] */ 1180 if (lsi_dma_40bit(s)) 1181 addr_high = cpu_to_le32(buf[0]) >> 24; 1182 else if (lsi_dma_ti64bit(s)) { 1183 int selector = (cpu_to_le32(buf[0]) >> 24) & 0x1f; 1184 switch (selector) { 1185 case 0 ... 0x0f: 1186 /* offset index into scratch registers since 1187 * TI64 mode can use registers C to R */ 1188 addr_high = s->scratch[2 + selector]; 1189 break; 1190 case 0x10: 1191 addr_high = s->mmrs; 1192 break; 1193 case 0x11: 1194 addr_high = s->mmws; 1195 break; 1196 case 0x12: 1197 addr_high = s->sfs; 1198 break; 1199 case 0x13: 1200 addr_high = s->drs; 1201 break; 1202 case 0x14: 1203 addr_high = s->sbms; 1204 break; 1205 case 0x15: 1206 addr_high = s->dbms; 1207 break; 1208 default: 1209 qemu_log_mask(LOG_GUEST_ERROR, 1210 "lsi_scsi: Illegal selector specified (0x%x > 0x15) " 1211 "for 64-bit DMA block move", selector); 1212 break; 1213 } 1214 } 1215 } else if (lsi_dma_64bit(s)) { 1216 /* fetch a 3rd dword if 64-bit direct move is enabled and 1217 only if we're not doing table indirect or indirect addressing */ 1218 s->dbms = read_dword(s, s->dsp); 1219 s->dsp += 4; 1220 s->ia = s->dsp - 12; 1221 } 1222 if ((s->sstat1 & PHASE_MASK) != ((insn >> 24) & 7)) { 1223 trace_lsi_execute_script_blockmove_badphase( 1224 scsi_phase_name(s->sstat1), 1225 scsi_phase_name(insn >> 24)); 1226 lsi_script_scsi_interrupt(s, LSI_SIST0_MA, 0); 1227 break; 1228 } 1229 s->dnad = addr; 1230 s->dnad64 = addr_high; 1231 switch (s->sstat1 & 0x7) { 1232 case PHASE_DO: 1233 s->waiting = LSI_DMA_SCRIPTS; 1234 lsi_do_dma(s, 1); 1235 if (s->waiting) 1236 s->waiting = LSI_DMA_IN_PROGRESS; 1237 break; 1238 case PHASE_DI: 1239 s->waiting = LSI_DMA_SCRIPTS; 1240 lsi_do_dma(s, 0); 1241 if (s->waiting) 1242 s->waiting = LSI_DMA_IN_PROGRESS; 1243 break; 1244 case PHASE_CMD: 1245 lsi_do_command(s); 1246 break; 1247 case PHASE_ST: 1248 lsi_do_status(s); 1249 break; 1250 case PHASE_MO: 1251 lsi_do_msgout(s); 1252 break; 1253 case PHASE_MI: 1254 lsi_do_msgin(s); 1255 break; 1256 default: 1257 qemu_log_mask(LOG_UNIMP, "lsi_scsi: Unimplemented phase %s\n", 1258 scsi_phase_name(s->sstat1)); 1259 } 1260 s->dfifo = s->dbc & 0xff; 1261 s->ctest5 = (s->ctest5 & 0xfc) | ((s->dbc >> 8) & 3); 1262 s->sbc = s->dbc; 1263 s->rbc -= s->dbc; 1264 s->ua = addr + s->dbc; 1265 break; 1266 1267 case 1: /* IO or Read/Write instruction. */ 1268 opcode = (insn >> 27) & 7; 1269 if (opcode < 5) { 1270 uint32_t id; 1271 1272 if (insn & (1 << 25)) { 1273 id = read_dword(s, s->dsa + sextract32(insn, 0, 24)); 1274 } else { 1275 id = insn; 1276 } 1277 id = (id >> 16) & 0xf; 1278 if (insn & (1 << 26)) { 1279 addr = s->dsp + sextract32(addr, 0, 24); 1280 } 1281 s->dnad = addr; 1282 switch (opcode) { 1283 case 0: /* Select */ 1284 s->sdid = id; 1285 if (s->scntl1 & LSI_SCNTL1_CON) { 1286 trace_lsi_execute_script_io_alreadyreselected(); 1287 s->dsp = s->dnad; 1288 break; 1289 } 1290 s->sstat0 |= LSI_SSTAT0_WOA; 1291 s->scntl1 &= ~LSI_SCNTL1_IARB; 1292 if (!scsi_device_find(&s->bus, 0, id, 0)) { 1293 lsi_bad_selection(s, id); 1294 break; 1295 } 1296 trace_lsi_execute_script_io_selected(id, 1297 insn & (1 << 3) ? " ATN" : ""); 1298 /* ??? Linux drivers compain when this is set. Maybe 1299 it only applies in low-level mode (unimplemented). 1300 lsi_script_scsi_interrupt(s, LSI_SIST0_CMP, 0); */ 1301 s->select_tag = id << 8; 1302 s->scntl1 |= LSI_SCNTL1_CON; 1303 if (insn & (1 << 3)) { 1304 s->socl |= LSI_SOCL_ATN; 1305 s->sbcl |= LSI_SBCL_ATN; 1306 } 1307 s->sbcl |= LSI_SBCL_BSY; 1308 lsi_set_phase(s, PHASE_MO); 1309 s->waiting = LSI_NOWAIT; 1310 break; 1311 case 1: /* Disconnect */ 1312 trace_lsi_execute_script_io_disconnect(); 1313 s->scntl1 &= ~LSI_SCNTL1_CON; 1314 /* FIXME: this is not entirely correct; the target need not ask 1315 * for reselection until it has to send data, while here we force a 1316 * reselection as soon as the bus is free. The correct flow would 1317 * reselect before lsi_transfer_data and disconnect as soon as 1318 * DMA ends. 1319 */ 1320 if (!s->current) { 1321 lsi_request *p = get_pending_req(s); 1322 if (p) { 1323 lsi_reselect(s, p); 1324 } 1325 } 1326 break; 1327 case 2: /* Wait Reselect */ 1328 if (s->istat0 & LSI_ISTAT0_SIGP) { 1329 s->dsp = s->dnad; 1330 } else if (!lsi_irq_on_rsl(s)) { 1331 lsi_wait_reselect(s); 1332 } 1333 break; 1334 case 3: /* Set */ 1335 trace_lsi_execute_script_io_set( 1336 insn & (1 << 3) ? " ATN" : "", 1337 insn & (1 << 6) ? " ACK" : "", 1338 insn & (1 << 9) ? " TM" : "", 1339 insn & (1 << 10) ? " CC" : ""); 1340 if (insn & (1 << 3)) { 1341 s->socl |= LSI_SOCL_ATN; 1342 s->sbcl |= LSI_SBCL_ATN; 1343 lsi_set_phase(s, PHASE_MO); 1344 } 1345 1346 if (insn & (1 << 6)) { 1347 s->sbcl |= LSI_SBCL_ACK; 1348 } 1349 1350 if (insn & (1 << 9)) { 1351 qemu_log_mask(LOG_UNIMP, 1352 "lsi_scsi: Target mode not implemented\n"); 1353 } 1354 if (insn & (1 << 10)) 1355 s->carry = 1; 1356 break; 1357 case 4: /* Clear */ 1358 trace_lsi_execute_script_io_clear( 1359 insn & (1 << 3) ? " ATN" : "", 1360 insn & (1 << 6) ? " ACK" : "", 1361 insn & (1 << 9) ? " TM" : "", 1362 insn & (1 << 10) ? " CC" : ""); 1363 if (insn & (1 << 3)) { 1364 s->socl &= ~LSI_SOCL_ATN; 1365 s->sbcl &= ~LSI_SBCL_ATN; 1366 } 1367 1368 if (insn & (1 << 6)) { 1369 s->sbcl &= ~LSI_SBCL_ACK; 1370 } 1371 1372 if (insn & (1 << 10)) 1373 s->carry = 0; 1374 break; 1375 } 1376 } else { 1377 uint8_t op0; 1378 uint8_t op1; 1379 uint8_t data8; 1380 int reg; 1381 int operator; 1382 1383 static const char *opcode_names[3] = 1384 {"Write", "Read", "Read-Modify-Write"}; 1385 static const char *operator_names[8] = 1386 {"MOV", "SHL", "OR", "XOR", "AND", "SHR", "ADD", "ADC"}; 1387 1388 reg = ((insn >> 16) & 0x7f) | (insn & 0x80); 1389 data8 = (insn >> 8) & 0xff; 1390 opcode = (insn >> 27) & 7; 1391 operator = (insn >> 24) & 7; 1392 trace_lsi_execute_script_io_opcode( 1393 opcode_names[opcode - 5], reg, 1394 operator_names[operator], data8, s->sfbr, 1395 (insn & (1 << 23)) ? " SFBR" : ""); 1396 op0 = op1 = 0; 1397 switch (opcode) { 1398 case 5: /* From SFBR */ 1399 op0 = s->sfbr; 1400 op1 = data8; 1401 break; 1402 case 6: /* To SFBR */ 1403 if (operator) 1404 op0 = lsi_reg_readb(s, reg); 1405 op1 = data8; 1406 break; 1407 case 7: /* Read-modify-write */ 1408 if (operator) 1409 op0 = lsi_reg_readb(s, reg); 1410 if (insn & (1 << 23)) { 1411 op1 = s->sfbr; 1412 } else { 1413 op1 = data8; 1414 } 1415 break; 1416 } 1417 1418 switch (operator) { 1419 case 0: /* move */ 1420 op0 = op1; 1421 break; 1422 case 1: /* Shift left */ 1423 op1 = op0 >> 7; 1424 op0 = (op0 << 1) | s->carry; 1425 s->carry = op1; 1426 break; 1427 case 2: /* OR */ 1428 op0 |= op1; 1429 break; 1430 case 3: /* XOR */ 1431 op0 ^= op1; 1432 break; 1433 case 4: /* AND */ 1434 op0 &= op1; 1435 break; 1436 case 5: /* SHR */ 1437 op1 = op0 & 1; 1438 op0 = (op0 >> 1) | (s->carry << 7); 1439 s->carry = op1; 1440 break; 1441 case 6: /* ADD */ 1442 op0 += op1; 1443 s->carry = op0 < op1; 1444 break; 1445 case 7: /* ADC */ 1446 op0 += op1 + s->carry; 1447 if (s->carry) 1448 s->carry = op0 <= op1; 1449 else 1450 s->carry = op0 < op1; 1451 break; 1452 } 1453 1454 switch (opcode) { 1455 case 5: /* From SFBR */ 1456 case 7: /* Read-modify-write */ 1457 lsi_reg_writeb(s, reg, op0); 1458 break; 1459 case 6: /* To SFBR */ 1460 s->sfbr = op0; 1461 break; 1462 } 1463 } 1464 break; 1465 1466 case 2: /* Transfer Control. */ 1467 { 1468 int cond; 1469 int jmp; 1470 1471 if ((insn & 0x002e0000) == 0) { 1472 trace_lsi_execute_script_tc_nop(); 1473 break; 1474 } 1475 if (s->sist1 & LSI_SIST1_STO) { 1476 trace_lsi_execute_script_tc_delayedselect_timeout(); 1477 lsi_stop_script(s); 1478 break; 1479 } 1480 cond = jmp = (insn & (1 << 19)) != 0; 1481 if (cond == jmp && (insn & (1 << 21))) { 1482 trace_lsi_execute_script_tc_compc(s->carry == jmp); 1483 cond = s->carry != 0; 1484 } 1485 if (cond == jmp && (insn & (1 << 17))) { 1486 trace_lsi_execute_script_tc_compp(scsi_phase_name(s->sstat1), 1487 jmp ? '=' : '!', scsi_phase_name(insn >> 24)); 1488 cond = (s->sstat1 & PHASE_MASK) == ((insn >> 24) & 7); 1489 } 1490 if (cond == jmp && (insn & (1 << 18))) { 1491 uint8_t mask; 1492 1493 mask = (~insn >> 8) & 0xff; 1494 trace_lsi_execute_script_tc_compd( 1495 s->sfbr, mask, jmp ? '=' : '!', insn & mask); 1496 cond = (s->sfbr & mask) == (insn & mask); 1497 } 1498 if (cond == jmp) { 1499 if (insn & (1 << 23)) { 1500 /* Relative address. */ 1501 addr = s->dsp + sextract32(addr, 0, 24); 1502 } 1503 switch ((insn >> 27) & 7) { 1504 case 0: /* Jump */ 1505 trace_lsi_execute_script_tc_jump(addr); 1506 s->adder = addr; 1507 s->dsp = addr; 1508 break; 1509 case 1: /* Call */ 1510 trace_lsi_execute_script_tc_call(addr); 1511 s->temp = s->dsp; 1512 s->dsp = addr; 1513 break; 1514 case 2: /* Return */ 1515 trace_lsi_execute_script_tc_return(s->temp); 1516 s->dsp = s->temp; 1517 break; 1518 case 3: /* Interrupt */ 1519 trace_lsi_execute_script_tc_interrupt(s->dsps); 1520 if ((insn & (1 << 20)) != 0) { 1521 s->istat0 |= LSI_ISTAT0_INTF; 1522 lsi_update_irq(s); 1523 } else { 1524 lsi_script_dma_interrupt(s, LSI_DSTAT_SIR); 1525 } 1526 break; 1527 default: 1528 trace_lsi_execute_script_tc_illegal(); 1529 lsi_script_dma_interrupt(s, LSI_DSTAT_IID); 1530 break; 1531 } 1532 } else { 1533 trace_lsi_execute_script_tc_cc_failed(); 1534 } 1535 } 1536 break; 1537 1538 case 3: 1539 if ((insn & (1 << 29)) == 0) { 1540 /* Memory move. */ 1541 uint32_t dest; 1542 /* ??? The docs imply the destination address is loaded into 1543 the TEMP register. However the Linux drivers rely on 1544 the value being presrved. */ 1545 dest = read_dword(s, s->dsp); 1546 s->dsp += 4; 1547 lsi_memcpy(s, dest, addr, insn & 0xffffff); 1548 } else { 1549 uint8_t data[7]; 1550 int reg; 1551 int n; 1552 int i; 1553 1554 if (insn & (1 << 28)) { 1555 addr = s->dsa + sextract32(addr, 0, 24); 1556 } 1557 n = (insn & 7); 1558 reg = (insn >> 16) & 0xff; 1559 if (insn & (1 << 24)) { 1560 pci_dma_read(pci_dev, addr, data, n); 1561 trace_lsi_execute_script_mm_load(reg, n, addr, *(int *)data); 1562 for (i = 0; i < n; i++) { 1563 lsi_reg_writeb(s, reg + i, data[i]); 1564 } 1565 } else { 1566 trace_lsi_execute_script_mm_store(reg, n, addr); 1567 for (i = 0; i < n; i++) { 1568 data[i] = lsi_reg_readb(s, reg + i); 1569 } 1570 pci_dma_write(pci_dev, addr, data, n); 1571 } 1572 } 1573 } 1574 if (insn_processed > 10000 && s->waiting == LSI_NOWAIT) { 1575 /* Some windows drivers make the device spin waiting for a memory 1576 location to change. If we have been executed a lot of code then 1577 assume this is the case and force an unexpected device disconnect. 1578 This is apparently sufficient to beat the drivers into submission. 1579 */ 1580 if (!(s->sien0 & LSI_SIST0_UDC)) { 1581 qemu_log_mask(LOG_GUEST_ERROR, 1582 "lsi_scsi: inf. loop with UDC masked"); 1583 } 1584 lsi_script_scsi_interrupt(s, LSI_SIST0_UDC, 0); 1585 lsi_disconnect(s); 1586 } else if (s->istat1 & LSI_ISTAT1_SRUN && s->waiting == LSI_NOWAIT) { 1587 if (s->dcntl & LSI_DCNTL_SSM) { 1588 lsi_script_dma_interrupt(s, LSI_DSTAT_SSI); 1589 } else { 1590 goto again; 1591 } 1592 } 1593 trace_lsi_execute_script_stop(); 1594 } 1595 1596 static uint8_t lsi_reg_readb(LSIState *s, int offset) 1597 { 1598 uint8_t ret; 1599 1600 #define CASE_GET_REG24(name, addr) \ 1601 case addr: ret = s->name & 0xff; break; \ 1602 case addr + 1: ret = (s->name >> 8) & 0xff; break; \ 1603 case addr + 2: ret = (s->name >> 16) & 0xff; break; 1604 1605 #define CASE_GET_REG32(name, addr) \ 1606 case addr: ret = s->name & 0xff; break; \ 1607 case addr + 1: ret = (s->name >> 8) & 0xff; break; \ 1608 case addr + 2: ret = (s->name >> 16) & 0xff; break; \ 1609 case addr + 3: ret = (s->name >> 24) & 0xff; break; 1610 1611 switch (offset) { 1612 case 0x00: /* SCNTL0 */ 1613 ret = s->scntl0; 1614 break; 1615 case 0x01: /* SCNTL1 */ 1616 ret = s->scntl1; 1617 break; 1618 case 0x02: /* SCNTL2 */ 1619 ret = s->scntl2; 1620 break; 1621 case 0x03: /* SCNTL3 */ 1622 ret = s->scntl3; 1623 break; 1624 case 0x04: /* SCID */ 1625 ret = s->scid; 1626 break; 1627 case 0x05: /* SXFER */ 1628 ret = s->sxfer; 1629 break; 1630 case 0x06: /* SDID */ 1631 ret = s->sdid; 1632 break; 1633 case 0x07: /* GPREG0 */ 1634 ret = 0x7f; 1635 break; 1636 case 0x08: /* Revision ID */ 1637 ret = 0x00; 1638 break; 1639 case 0x09: /* SOCL */ 1640 ret = s->socl; 1641 break; 1642 case 0xa: /* SSID */ 1643 ret = s->ssid; 1644 break; 1645 case 0xb: /* SBCL */ 1646 ret = s->sbcl; 1647 break; 1648 case 0xc: /* DSTAT */ 1649 ret = s->dstat | LSI_DSTAT_DFE; 1650 if ((s->istat0 & LSI_ISTAT0_INTF) == 0) 1651 s->dstat = 0; 1652 lsi_update_irq(s); 1653 break; 1654 case 0x0d: /* SSTAT0 */ 1655 ret = s->sstat0; 1656 break; 1657 case 0x0e: /* SSTAT1 */ 1658 ret = s->sstat1; 1659 break; 1660 case 0x0f: /* SSTAT2 */ 1661 ret = s->scntl1 & LSI_SCNTL1_CON ? 0 : 2; 1662 break; 1663 CASE_GET_REG32(dsa, 0x10) 1664 case 0x14: /* ISTAT0 */ 1665 ret = s->istat0; 1666 break; 1667 case 0x15: /* ISTAT1 */ 1668 ret = s->istat1; 1669 break; 1670 case 0x16: /* MBOX0 */ 1671 ret = s->mbox0; 1672 break; 1673 case 0x17: /* MBOX1 */ 1674 ret = s->mbox1; 1675 break; 1676 case 0x18: /* CTEST0 */ 1677 ret = 0xff; 1678 break; 1679 case 0x19: /* CTEST1 */ 1680 ret = 0; 1681 break; 1682 case 0x1a: /* CTEST2 */ 1683 ret = s->ctest2 | LSI_CTEST2_DACK | LSI_CTEST2_CM; 1684 if (s->istat0 & LSI_ISTAT0_SIGP) { 1685 s->istat0 &= ~LSI_ISTAT0_SIGP; 1686 ret |= LSI_CTEST2_SIGP; 1687 } 1688 break; 1689 case 0x1b: /* CTEST3 */ 1690 ret = s->ctest3; 1691 break; 1692 CASE_GET_REG32(temp, 0x1c) 1693 case 0x20: /* DFIFO */ 1694 ret = s->dfifo; 1695 break; 1696 case 0x21: /* CTEST4 */ 1697 ret = s->ctest4; 1698 break; 1699 case 0x22: /* CTEST5 */ 1700 ret = s->ctest5; 1701 break; 1702 case 0x23: /* CTEST6 */ 1703 ret = 0; 1704 break; 1705 CASE_GET_REG24(dbc, 0x24) 1706 case 0x27: /* DCMD */ 1707 ret = s->dcmd; 1708 break; 1709 CASE_GET_REG32(dnad, 0x28) 1710 CASE_GET_REG32(dsp, 0x2c) 1711 CASE_GET_REG32(dsps, 0x30) 1712 CASE_GET_REG32(scratch[0], 0x34) 1713 case 0x38: /* DMODE */ 1714 ret = s->dmode; 1715 break; 1716 case 0x39: /* DIEN */ 1717 ret = s->dien; 1718 break; 1719 case 0x3a: /* SBR */ 1720 ret = s->sbr; 1721 break; 1722 case 0x3b: /* DCNTL */ 1723 ret = s->dcntl; 1724 break; 1725 /* ADDER Output (Debug of relative jump address) */ 1726 CASE_GET_REG32(adder, 0x3c) 1727 case 0x40: /* SIEN0 */ 1728 ret = s->sien0; 1729 break; 1730 case 0x41: /* SIEN1 */ 1731 ret = s->sien1; 1732 break; 1733 case 0x42: /* SIST0 */ 1734 ret = s->sist0; 1735 s->sist0 = 0; 1736 lsi_update_irq(s); 1737 break; 1738 case 0x43: /* SIST1 */ 1739 ret = s->sist1; 1740 s->sist1 = 0; 1741 lsi_update_irq(s); 1742 break; 1743 case 0x46: /* MACNTL */ 1744 ret = 0x0f; 1745 break; 1746 case 0x47: /* GPCNTL0 */ 1747 ret = 0x0f; 1748 break; 1749 case 0x48: /* STIME0 */ 1750 ret = s->stime0; 1751 break; 1752 case 0x4a: /* RESPID0 */ 1753 ret = s->respid0; 1754 break; 1755 case 0x4b: /* RESPID1 */ 1756 ret = s->respid1; 1757 break; 1758 case 0x4d: /* STEST1 */ 1759 ret = s->stest1; 1760 break; 1761 case 0x4e: /* STEST2 */ 1762 ret = s->stest2; 1763 break; 1764 case 0x4f: /* STEST3 */ 1765 ret = s->stest3; 1766 break; 1767 case 0x50: /* SIDL */ 1768 /* This is needed by the linux drivers. We currently only update it 1769 during the MSG IN phase. */ 1770 ret = s->sidl; 1771 break; 1772 case 0x52: /* STEST4 */ 1773 ret = 0xe0; 1774 break; 1775 case 0x56: /* CCNTL0 */ 1776 ret = s->ccntl0; 1777 break; 1778 case 0x57: /* CCNTL1 */ 1779 ret = s->ccntl1; 1780 break; 1781 case 0x58: /* SBDL */ 1782 /* Some drivers peek at the data bus during the MSG IN phase. */ 1783 if ((s->sstat1 & PHASE_MASK) == PHASE_MI) { 1784 assert(s->msg_len > 0); 1785 return s->msg[0]; 1786 } 1787 ret = 0; 1788 break; 1789 case 0x59: /* SBDL high */ 1790 ret = 0; 1791 break; 1792 CASE_GET_REG32(mmrs, 0xa0) 1793 CASE_GET_REG32(mmws, 0xa4) 1794 CASE_GET_REG32(sfs, 0xa8) 1795 CASE_GET_REG32(drs, 0xac) 1796 CASE_GET_REG32(sbms, 0xb0) 1797 CASE_GET_REG32(dbms, 0xb4) 1798 CASE_GET_REG32(dnad64, 0xb8) 1799 CASE_GET_REG32(pmjad1, 0xc0) 1800 CASE_GET_REG32(pmjad2, 0xc4) 1801 CASE_GET_REG32(rbc, 0xc8) 1802 CASE_GET_REG32(ua, 0xcc) 1803 CASE_GET_REG32(ia, 0xd4) 1804 CASE_GET_REG32(sbc, 0xd8) 1805 CASE_GET_REG32(csbc, 0xdc) 1806 case 0x5c ... 0x9f: 1807 { 1808 int n; 1809 int shift; 1810 n = (offset - 0x58) >> 2; 1811 shift = (offset & 3) * 8; 1812 ret = (s->scratch[n] >> shift) & 0xff; 1813 break; 1814 } 1815 default: 1816 { 1817 qemu_log_mask(LOG_GUEST_ERROR, 1818 "lsi_scsi: invalid read from reg %s %x\n", 1819 offset < ARRAY_SIZE(names) ? names[offset] : "???", 1820 offset); 1821 ret = 0xff; 1822 break; 1823 } 1824 } 1825 #undef CASE_GET_REG24 1826 #undef CASE_GET_REG32 1827 1828 trace_lsi_reg_read(offset < ARRAY_SIZE(names) ? names[offset] : "???", 1829 offset, ret); 1830 1831 return ret; 1832 } 1833 1834 static void lsi_reg_writeb(LSIState *s, int offset, uint8_t val) 1835 { 1836 #define CASE_SET_REG24(name, addr) \ 1837 case addr : s->name &= 0xffffff00; s->name |= val; break; \ 1838 case addr + 1: s->name &= 0xffff00ff; s->name |= val << 8; break; \ 1839 case addr + 2: s->name &= 0xff00ffff; s->name |= val << 16; break; 1840 1841 #define CASE_SET_REG32(name, addr) \ 1842 case addr : s->name &= 0xffffff00; s->name |= val; break; \ 1843 case addr + 1: s->name &= 0xffff00ff; s->name |= val << 8; break; \ 1844 case addr + 2: s->name &= 0xff00ffff; s->name |= val << 16; break; \ 1845 case addr + 3: s->name &= 0x00ffffff; s->name |= val << 24; break; 1846 1847 trace_lsi_reg_write(offset < ARRAY_SIZE(names) ? names[offset] : "???", 1848 offset, val); 1849 1850 switch (offset) { 1851 case 0x00: /* SCNTL0 */ 1852 s->scntl0 = val; 1853 if (val & LSI_SCNTL0_START) { 1854 qemu_log_mask(LOG_UNIMP, 1855 "lsi_scsi: Start sequence not implemented\n"); 1856 } 1857 break; 1858 case 0x01: /* SCNTL1 */ 1859 s->scntl1 = val & ~LSI_SCNTL1_SST; 1860 if (val & LSI_SCNTL1_IARB) { 1861 qemu_log_mask(LOG_UNIMP, 1862 "lsi_scsi: Immediate Arbritration not implemented\n"); 1863 } 1864 if (val & LSI_SCNTL1_RST) { 1865 if (!(s->sstat0 & LSI_SSTAT0_RST)) { 1866 qbus_reset_all(BUS(&s->bus)); 1867 s->sstat0 |= LSI_SSTAT0_RST; 1868 lsi_script_scsi_interrupt(s, LSI_SIST0_RST, 0); 1869 } 1870 } else { 1871 s->sstat0 &= ~LSI_SSTAT0_RST; 1872 } 1873 break; 1874 case 0x02: /* SCNTL2 */ 1875 val &= ~(LSI_SCNTL2_WSR | LSI_SCNTL2_WSS); 1876 s->scntl2 = val; 1877 break; 1878 case 0x03: /* SCNTL3 */ 1879 s->scntl3 = val; 1880 break; 1881 case 0x04: /* SCID */ 1882 s->scid = val; 1883 break; 1884 case 0x05: /* SXFER */ 1885 s->sxfer = val; 1886 break; 1887 case 0x06: /* SDID */ 1888 if ((s->ssid & 0x80) && (val & 0xf) != (s->ssid & 0xf)) { 1889 qemu_log_mask(LOG_GUEST_ERROR, 1890 "lsi_scsi: Destination ID does not match SSID\n"); 1891 } 1892 s->sdid = val & 0xf; 1893 break; 1894 case 0x07: /* GPREG0 */ 1895 break; 1896 case 0x08: /* SFBR */ 1897 /* The CPU is not allowed to write to this register. However the 1898 SCRIPTS register move instructions are. */ 1899 s->sfbr = val; 1900 break; 1901 case 0x0a: case 0x0b: 1902 /* Openserver writes to these readonly registers on startup */ 1903 return; 1904 case 0x0c: case 0x0d: case 0x0e: case 0x0f: 1905 /* Linux writes to these readonly registers on startup. */ 1906 return; 1907 CASE_SET_REG32(dsa, 0x10) 1908 case 0x14: /* ISTAT0 */ 1909 s->istat0 = (s->istat0 & 0x0f) | (val & 0xf0); 1910 if (val & LSI_ISTAT0_ABRT) { 1911 lsi_script_dma_interrupt(s, LSI_DSTAT_ABRT); 1912 } 1913 if (val & LSI_ISTAT0_INTF) { 1914 s->istat0 &= ~LSI_ISTAT0_INTF; 1915 lsi_update_irq(s); 1916 } 1917 if (s->waiting == LSI_WAIT_RESELECT && val & LSI_ISTAT0_SIGP) { 1918 trace_lsi_awoken(); 1919 s->waiting = LSI_NOWAIT; 1920 s->dsp = s->dnad; 1921 lsi_execute_script(s); 1922 } 1923 if (val & LSI_ISTAT0_SRST) { 1924 qdev_reset_all(DEVICE(s)); 1925 } 1926 break; 1927 case 0x16: /* MBOX0 */ 1928 s->mbox0 = val; 1929 break; 1930 case 0x17: /* MBOX1 */ 1931 s->mbox1 = val; 1932 break; 1933 case 0x18: /* CTEST0 */ 1934 /* nothing to do */ 1935 break; 1936 case 0x1a: /* CTEST2 */ 1937 s->ctest2 = val & LSI_CTEST2_PCICIE; 1938 break; 1939 case 0x1b: /* CTEST3 */ 1940 s->ctest3 = val & 0x0f; 1941 break; 1942 CASE_SET_REG32(temp, 0x1c) 1943 case 0x21: /* CTEST4 */ 1944 if (val & 7) { 1945 qemu_log_mask(LOG_UNIMP, 1946 "lsi_scsi: Unimplemented CTEST4-FBL 0x%x\n", val); 1947 } 1948 s->ctest4 = val; 1949 break; 1950 case 0x22: /* CTEST5 */ 1951 if (val & (LSI_CTEST5_ADCK | LSI_CTEST5_BBCK)) { 1952 qemu_log_mask(LOG_UNIMP, 1953 "lsi_scsi: CTEST5 DMA increment not implemented\n"); 1954 } 1955 s->ctest5 = val; 1956 break; 1957 CASE_SET_REG24(dbc, 0x24) 1958 CASE_SET_REG32(dnad, 0x28) 1959 case 0x2c: /* DSP[0:7] */ 1960 s->dsp &= 0xffffff00; 1961 s->dsp |= val; 1962 break; 1963 case 0x2d: /* DSP[8:15] */ 1964 s->dsp &= 0xffff00ff; 1965 s->dsp |= val << 8; 1966 break; 1967 case 0x2e: /* DSP[16:23] */ 1968 s->dsp &= 0xff00ffff; 1969 s->dsp |= val << 16; 1970 break; 1971 case 0x2f: /* DSP[24:31] */ 1972 s->dsp &= 0x00ffffff; 1973 s->dsp |= val << 24; 1974 if ((s->dmode & LSI_DMODE_MAN) == 0 1975 && (s->istat1 & LSI_ISTAT1_SRUN) == 0) 1976 lsi_execute_script(s); 1977 break; 1978 CASE_SET_REG32(dsps, 0x30) 1979 CASE_SET_REG32(scratch[0], 0x34) 1980 case 0x38: /* DMODE */ 1981 s->dmode = val; 1982 break; 1983 case 0x39: /* DIEN */ 1984 s->dien = val; 1985 lsi_update_irq(s); 1986 break; 1987 case 0x3a: /* SBR */ 1988 s->sbr = val; 1989 break; 1990 case 0x3b: /* DCNTL */ 1991 s->dcntl = val & ~(LSI_DCNTL_PFF | LSI_DCNTL_STD); 1992 if ((val & LSI_DCNTL_STD) && (s->istat1 & LSI_ISTAT1_SRUN) == 0) 1993 lsi_execute_script(s); 1994 break; 1995 case 0x40: /* SIEN0 */ 1996 s->sien0 = val; 1997 lsi_update_irq(s); 1998 break; 1999 case 0x41: /* SIEN1 */ 2000 s->sien1 = val; 2001 lsi_update_irq(s); 2002 break; 2003 case 0x47: /* GPCNTL0 */ 2004 break; 2005 case 0x48: /* STIME0 */ 2006 s->stime0 = val; 2007 break; 2008 case 0x49: /* STIME1 */ 2009 if (val & 0xf) { 2010 qemu_log_mask(LOG_UNIMP, 2011 "lsi_scsi: General purpose timer not implemented\n"); 2012 /* ??? Raising the interrupt immediately seems to be sufficient 2013 to keep the FreeBSD driver happy. */ 2014 lsi_script_scsi_interrupt(s, 0, LSI_SIST1_GEN); 2015 } 2016 break; 2017 case 0x4a: /* RESPID0 */ 2018 s->respid0 = val; 2019 break; 2020 case 0x4b: /* RESPID1 */ 2021 s->respid1 = val; 2022 break; 2023 case 0x4d: /* STEST1 */ 2024 s->stest1 = val; 2025 break; 2026 case 0x4e: /* STEST2 */ 2027 if (val & 1) { 2028 qemu_log_mask(LOG_UNIMP, 2029 "lsi_scsi: Low level mode not implemented\n"); 2030 } 2031 s->stest2 = val; 2032 break; 2033 case 0x4f: /* STEST3 */ 2034 if (val & 0x41) { 2035 qemu_log_mask(LOG_UNIMP, 2036 "lsi_scsi: SCSI FIFO test mode not implemented\n"); 2037 } 2038 s->stest3 = val; 2039 break; 2040 case 0x56: /* CCNTL0 */ 2041 s->ccntl0 = val; 2042 break; 2043 case 0x57: /* CCNTL1 */ 2044 s->ccntl1 = val; 2045 break; 2046 CASE_SET_REG32(mmrs, 0xa0) 2047 CASE_SET_REG32(mmws, 0xa4) 2048 CASE_SET_REG32(sfs, 0xa8) 2049 CASE_SET_REG32(drs, 0xac) 2050 CASE_SET_REG32(sbms, 0xb0) 2051 CASE_SET_REG32(dbms, 0xb4) 2052 CASE_SET_REG32(dnad64, 0xb8) 2053 CASE_SET_REG32(pmjad1, 0xc0) 2054 CASE_SET_REG32(pmjad2, 0xc4) 2055 CASE_SET_REG32(rbc, 0xc8) 2056 CASE_SET_REG32(ua, 0xcc) 2057 CASE_SET_REG32(ia, 0xd4) 2058 CASE_SET_REG32(sbc, 0xd8) 2059 CASE_SET_REG32(csbc, 0xdc) 2060 default: 2061 if (offset >= 0x5c && offset < 0xa0) { 2062 int n; 2063 int shift; 2064 n = (offset - 0x58) >> 2; 2065 shift = (offset & 3) * 8; 2066 s->scratch[n] = deposit32(s->scratch[n], shift, 8, val); 2067 } else { 2068 qemu_log_mask(LOG_GUEST_ERROR, 2069 "lsi_scsi: invalid write to reg %s %x (0x%02x)\n", 2070 offset < ARRAY_SIZE(names) ? names[offset] : "???", 2071 offset, val); 2072 } 2073 } 2074 #undef CASE_SET_REG24 2075 #undef CASE_SET_REG32 2076 } 2077 2078 static void lsi_mmio_write(void *opaque, hwaddr addr, 2079 uint64_t val, unsigned size) 2080 { 2081 LSIState *s = opaque; 2082 2083 lsi_reg_writeb(s, addr & 0xff, val); 2084 } 2085 2086 static uint64_t lsi_mmio_read(void *opaque, hwaddr addr, 2087 unsigned size) 2088 { 2089 LSIState *s = opaque; 2090 return lsi_reg_readb(s, addr & 0xff); 2091 } 2092 2093 static const MemoryRegionOps lsi_mmio_ops = { 2094 .read = lsi_mmio_read, 2095 .write = lsi_mmio_write, 2096 .endianness = DEVICE_LITTLE_ENDIAN, 2097 .impl = { 2098 .min_access_size = 1, 2099 .max_access_size = 1, 2100 }, 2101 }; 2102 2103 static void lsi_ram_write(void *opaque, hwaddr addr, 2104 uint64_t val, unsigned size) 2105 { 2106 LSIState *s = opaque; 2107 stn_le_p(s->script_ram + addr, size, val); 2108 } 2109 2110 static uint64_t lsi_ram_read(void *opaque, hwaddr addr, 2111 unsigned size) 2112 { 2113 LSIState *s = opaque; 2114 return ldn_le_p(s->script_ram + addr, size); 2115 } 2116 2117 static const MemoryRegionOps lsi_ram_ops = { 2118 .read = lsi_ram_read, 2119 .write = lsi_ram_write, 2120 .endianness = DEVICE_LITTLE_ENDIAN, 2121 }; 2122 2123 static uint64_t lsi_io_read(void *opaque, hwaddr addr, 2124 unsigned size) 2125 { 2126 LSIState *s = opaque; 2127 return lsi_reg_readb(s, addr & 0xff); 2128 } 2129 2130 static void lsi_io_write(void *opaque, hwaddr addr, 2131 uint64_t val, unsigned size) 2132 { 2133 LSIState *s = opaque; 2134 lsi_reg_writeb(s, addr & 0xff, val); 2135 } 2136 2137 static const MemoryRegionOps lsi_io_ops = { 2138 .read = lsi_io_read, 2139 .write = lsi_io_write, 2140 .endianness = DEVICE_LITTLE_ENDIAN, 2141 .impl = { 2142 .min_access_size = 1, 2143 .max_access_size = 1, 2144 }, 2145 }; 2146 2147 static void lsi_scsi_reset(DeviceState *dev) 2148 { 2149 LSIState *s = LSI53C895A(dev); 2150 2151 lsi_soft_reset(s); 2152 } 2153 2154 static int lsi_pre_save(void *opaque) 2155 { 2156 LSIState *s = opaque; 2157 2158 if (s->current) { 2159 assert(s->current->dma_buf == NULL); 2160 assert(s->current->dma_len == 0); 2161 } 2162 assert(QTAILQ_EMPTY(&s->queue)); 2163 2164 return 0; 2165 } 2166 2167 static int lsi_post_load(void *opaque, int version_id) 2168 { 2169 LSIState *s = opaque; 2170 2171 if (s->msg_len < 0 || s->msg_len > LSI_MAX_MSGIN_LEN) { 2172 return -EINVAL; 2173 } 2174 2175 return 0; 2176 } 2177 2178 static const VMStateDescription vmstate_lsi_scsi = { 2179 .name = "lsiscsi", 2180 .version_id = 1, 2181 .minimum_version_id = 0, 2182 .pre_save = lsi_pre_save, 2183 .post_load = lsi_post_load, 2184 .fields = (VMStateField[]) { 2185 VMSTATE_PCI_DEVICE(parent_obj, LSIState), 2186 2187 VMSTATE_INT32(carry, LSIState), 2188 VMSTATE_INT32(status, LSIState), 2189 VMSTATE_INT32(msg_action, LSIState), 2190 VMSTATE_INT32(msg_len, LSIState), 2191 VMSTATE_BUFFER(msg, LSIState), 2192 VMSTATE_INT32(waiting, LSIState), 2193 2194 VMSTATE_UINT32(dsa, LSIState), 2195 VMSTATE_UINT32(temp, LSIState), 2196 VMSTATE_UINT32(dnad, LSIState), 2197 VMSTATE_UINT32(dbc, LSIState), 2198 VMSTATE_UINT8(istat0, LSIState), 2199 VMSTATE_UINT8(istat1, LSIState), 2200 VMSTATE_UINT8(dcmd, LSIState), 2201 VMSTATE_UINT8(dstat, LSIState), 2202 VMSTATE_UINT8(dien, LSIState), 2203 VMSTATE_UINT8(sist0, LSIState), 2204 VMSTATE_UINT8(sist1, LSIState), 2205 VMSTATE_UINT8(sien0, LSIState), 2206 VMSTATE_UINT8(sien1, LSIState), 2207 VMSTATE_UINT8(mbox0, LSIState), 2208 VMSTATE_UINT8(mbox1, LSIState), 2209 VMSTATE_UINT8(dfifo, LSIState), 2210 VMSTATE_UINT8(ctest2, LSIState), 2211 VMSTATE_UINT8(ctest3, LSIState), 2212 VMSTATE_UINT8(ctest4, LSIState), 2213 VMSTATE_UINT8(ctest5, LSIState), 2214 VMSTATE_UINT8(ccntl0, LSIState), 2215 VMSTATE_UINT8(ccntl1, LSIState), 2216 VMSTATE_UINT32(dsp, LSIState), 2217 VMSTATE_UINT32(dsps, LSIState), 2218 VMSTATE_UINT8(dmode, LSIState), 2219 VMSTATE_UINT8(dcntl, LSIState), 2220 VMSTATE_UINT8(scntl0, LSIState), 2221 VMSTATE_UINT8(scntl1, LSIState), 2222 VMSTATE_UINT8(scntl2, LSIState), 2223 VMSTATE_UINT8(scntl3, LSIState), 2224 VMSTATE_UINT8(sstat0, LSIState), 2225 VMSTATE_UINT8(sstat1, LSIState), 2226 VMSTATE_UINT8(scid, LSIState), 2227 VMSTATE_UINT8(sxfer, LSIState), 2228 VMSTATE_UINT8(socl, LSIState), 2229 VMSTATE_UINT8(sdid, LSIState), 2230 VMSTATE_UINT8(ssid, LSIState), 2231 VMSTATE_UINT8(sfbr, LSIState), 2232 VMSTATE_UINT8(stest1, LSIState), 2233 VMSTATE_UINT8(stest2, LSIState), 2234 VMSTATE_UINT8(stest3, LSIState), 2235 VMSTATE_UINT8(sidl, LSIState), 2236 VMSTATE_UINT8(stime0, LSIState), 2237 VMSTATE_UINT8(respid0, LSIState), 2238 VMSTATE_UINT8(respid1, LSIState), 2239 VMSTATE_UINT8_V(sbcl, LSIState, 1), 2240 VMSTATE_UINT32(mmrs, LSIState), 2241 VMSTATE_UINT32(mmws, LSIState), 2242 VMSTATE_UINT32(sfs, LSIState), 2243 VMSTATE_UINT32(drs, LSIState), 2244 VMSTATE_UINT32(sbms, LSIState), 2245 VMSTATE_UINT32(dbms, LSIState), 2246 VMSTATE_UINT32(dnad64, LSIState), 2247 VMSTATE_UINT32(pmjad1, LSIState), 2248 VMSTATE_UINT32(pmjad2, LSIState), 2249 VMSTATE_UINT32(rbc, LSIState), 2250 VMSTATE_UINT32(ua, LSIState), 2251 VMSTATE_UINT32(ia, LSIState), 2252 VMSTATE_UINT32(sbc, LSIState), 2253 VMSTATE_UINT32(csbc, LSIState), 2254 VMSTATE_BUFFER_UNSAFE(scratch, LSIState, 0, 18 * sizeof(uint32_t)), 2255 VMSTATE_UINT8(sbr, LSIState), 2256 2257 VMSTATE_BUFFER_UNSAFE(script_ram, LSIState, 0, 8192), 2258 VMSTATE_END_OF_LIST() 2259 } 2260 }; 2261 2262 static const struct SCSIBusInfo lsi_scsi_info = { 2263 .tcq = true, 2264 .max_target = LSI_MAX_DEVS, 2265 .max_lun = 0, /* LUN support is buggy */ 2266 2267 .transfer_data = lsi_transfer_data, 2268 .complete = lsi_command_complete, 2269 .cancel = lsi_request_cancelled 2270 }; 2271 2272 static void lsi_scsi_realize(PCIDevice *dev, Error **errp) 2273 { 2274 LSIState *s = LSI53C895A(dev); 2275 DeviceState *d = DEVICE(dev); 2276 uint8_t *pci_conf; 2277 2278 pci_conf = dev->config; 2279 2280 /* PCI latency timer = 255 */ 2281 pci_conf[PCI_LATENCY_TIMER] = 0xff; 2282 /* Interrupt pin A */ 2283 pci_conf[PCI_INTERRUPT_PIN] = 0x01; 2284 2285 memory_region_init_io(&s->mmio_io, OBJECT(s), &lsi_mmio_ops, s, 2286 "lsi-mmio", 0x400); 2287 memory_region_init_io(&s->ram_io, OBJECT(s), &lsi_ram_ops, s, 2288 "lsi-ram", 0x2000); 2289 memory_region_init_io(&s->io_io, OBJECT(s), &lsi_io_ops, s, 2290 "lsi-io", 256); 2291 2292 address_space_init(&s->pci_io_as, pci_address_space_io(dev), "lsi-pci-io"); 2293 qdev_init_gpio_out(d, &s->ext_irq, 1); 2294 2295 pci_register_bar(dev, 0, PCI_BASE_ADDRESS_SPACE_IO, &s->io_io); 2296 pci_register_bar(dev, 1, PCI_BASE_ADDRESS_SPACE_MEMORY, &s->mmio_io); 2297 pci_register_bar(dev, 2, PCI_BASE_ADDRESS_SPACE_MEMORY, &s->ram_io); 2298 QTAILQ_INIT(&s->queue); 2299 2300 scsi_bus_new(&s->bus, sizeof(s->bus), d, &lsi_scsi_info, NULL); 2301 } 2302 2303 static void lsi_scsi_unrealize(DeviceState *dev, Error **errp) 2304 { 2305 LSIState *s = LSI53C895A(dev); 2306 2307 address_space_destroy(&s->pci_io_as); 2308 } 2309 2310 static void lsi_class_init(ObjectClass *klass, void *data) 2311 { 2312 DeviceClass *dc = DEVICE_CLASS(klass); 2313 PCIDeviceClass *k = PCI_DEVICE_CLASS(klass); 2314 2315 k->realize = lsi_scsi_realize; 2316 k->vendor_id = PCI_VENDOR_ID_LSI_LOGIC; 2317 k->device_id = PCI_DEVICE_ID_LSI_53C895A; 2318 k->class_id = PCI_CLASS_STORAGE_SCSI; 2319 k->subsystem_id = 0x1000; 2320 dc->unrealize = lsi_scsi_unrealize; 2321 dc->reset = lsi_scsi_reset; 2322 dc->vmsd = &vmstate_lsi_scsi; 2323 set_bit(DEVICE_CATEGORY_STORAGE, dc->categories); 2324 } 2325 2326 static const TypeInfo lsi_info = { 2327 .name = TYPE_LSI53C895A, 2328 .parent = TYPE_PCI_DEVICE, 2329 .instance_size = sizeof(LSIState), 2330 .class_init = lsi_class_init, 2331 .interfaces = (InterfaceInfo[]) { 2332 { INTERFACE_CONVENTIONAL_PCI_DEVICE }, 2333 { }, 2334 }, 2335 }; 2336 2337 static void lsi53c810_class_init(ObjectClass *klass, void *data) 2338 { 2339 PCIDeviceClass *k = PCI_DEVICE_CLASS(klass); 2340 2341 k->device_id = PCI_DEVICE_ID_LSI_53C810; 2342 } 2343 2344 static TypeInfo lsi53c810_info = { 2345 .name = TYPE_LSI53C810, 2346 .parent = TYPE_LSI53C895A, 2347 .class_init = lsi53c810_class_init, 2348 }; 2349 2350 static void lsi53c895a_register_types(void) 2351 { 2352 type_register_static(&lsi_info); 2353 type_register_static(&lsi53c810_info); 2354 } 2355 2356 type_init(lsi53c895a_register_types) 2357 2358 void lsi53c8xx_handle_legacy_cmdline(DeviceState *lsi_dev) 2359 { 2360 LSIState *s = LSI53C895A(lsi_dev); 2361 2362 scsi_bus_legacy_handle_cmdline(&s->bus); 2363 } 2364