1 /* 2 * QEMU LSI53C895A SCSI Host Bus Adapter emulation 3 * 4 * Copyright (c) 2006 CodeSourcery. 5 * Written by Paul Brook 6 * 7 * This code is licensed under the LGPL. 8 */ 9 10 /* Note: 11 * LSI53C810 emulation is incorrect, in the sense that it supports 12 * features added in later evolutions. This should not be a problem, 13 * as well-behaved operating systems will not try to use them. 14 */ 15 16 #include "qemu/osdep.h" 17 18 #include "hw/hw.h" 19 #include "hw/pci/pci.h" 20 #include "hw/scsi/scsi.h" 21 #include "sysemu/dma.h" 22 #include "qemu/log.h" 23 #include "trace.h" 24 25 static const char *names[] = { 26 "SCNTL0", "SCNTL1", "SCNTL2", "SCNTL3", "SCID", "SXFER", "SDID", "GPREG", 27 "SFBR", "SOCL", "SSID", "SBCL", "DSTAT", "SSTAT0", "SSTAT1", "SSTAT2", 28 "DSA0", "DSA1", "DSA2", "DSA3", "ISTAT", "0x15", "0x16", "0x17", 29 "CTEST0", "CTEST1", "CTEST2", "CTEST3", "TEMP0", "TEMP1", "TEMP2", "TEMP3", 30 "DFIFO", "CTEST4", "CTEST5", "CTEST6", "DBC0", "DBC1", "DBC2", "DCMD", 31 "DNAD0", "DNAD1", "DNAD2", "DNAD3", "DSP0", "DSP1", "DSP2", "DSP3", 32 "DSPS0", "DSPS1", "DSPS2", "DSPS3", "SCRATCHA0", "SCRATCHA1", "SCRATCHA2", "SCRATCHA3", 33 "DMODE", "DIEN", "SBR", "DCNTL", "ADDER0", "ADDER1", "ADDER2", "ADDER3", 34 "SIEN0", "SIEN1", "SIST0", "SIST1", "SLPAR", "0x45", "MACNTL", "GPCNTL", 35 "STIME0", "STIME1", "RESPID", "0x4b", "STEST0", "STEST1", "STEST2", "STEST3", 36 "SIDL", "0x51", "0x52", "0x53", "SODL", "0x55", "0x56", "0x57", 37 "SBDL", "0x59", "0x5a", "0x5b", "SCRATCHB0", "SCRATCHB1", "SCRATCHB2", "SCRATCHB3", 38 }; 39 40 #define LSI_MAX_DEVS 7 41 42 #define LSI_SCNTL0_TRG 0x01 43 #define LSI_SCNTL0_AAP 0x02 44 #define LSI_SCNTL0_EPC 0x08 45 #define LSI_SCNTL0_WATN 0x10 46 #define LSI_SCNTL0_START 0x20 47 48 #define LSI_SCNTL1_SST 0x01 49 #define LSI_SCNTL1_IARB 0x02 50 #define LSI_SCNTL1_AESP 0x04 51 #define LSI_SCNTL1_RST 0x08 52 #define LSI_SCNTL1_CON 0x10 53 #define LSI_SCNTL1_DHP 0x20 54 #define LSI_SCNTL1_ADB 0x40 55 #define LSI_SCNTL1_EXC 0x80 56 57 #define LSI_SCNTL2_WSR 0x01 58 #define LSI_SCNTL2_VUE0 0x02 59 #define LSI_SCNTL2_VUE1 0x04 60 #define LSI_SCNTL2_WSS 0x08 61 #define LSI_SCNTL2_SLPHBEN 0x10 62 #define LSI_SCNTL2_SLPMD 0x20 63 #define LSI_SCNTL2_CHM 0x40 64 #define LSI_SCNTL2_SDU 0x80 65 66 #define LSI_ISTAT0_DIP 0x01 67 #define LSI_ISTAT0_SIP 0x02 68 #define LSI_ISTAT0_INTF 0x04 69 #define LSI_ISTAT0_CON 0x08 70 #define LSI_ISTAT0_SEM 0x10 71 #define LSI_ISTAT0_SIGP 0x20 72 #define LSI_ISTAT0_SRST 0x40 73 #define LSI_ISTAT0_ABRT 0x80 74 75 #define LSI_ISTAT1_SI 0x01 76 #define LSI_ISTAT1_SRUN 0x02 77 #define LSI_ISTAT1_FLSH 0x04 78 79 #define LSI_SSTAT0_SDP0 0x01 80 #define LSI_SSTAT0_RST 0x02 81 #define LSI_SSTAT0_WOA 0x04 82 #define LSI_SSTAT0_LOA 0x08 83 #define LSI_SSTAT0_AIP 0x10 84 #define LSI_SSTAT0_OLF 0x20 85 #define LSI_SSTAT0_ORF 0x40 86 #define LSI_SSTAT0_ILF 0x80 87 88 #define LSI_SIST0_PAR 0x01 89 #define LSI_SIST0_RST 0x02 90 #define LSI_SIST0_UDC 0x04 91 #define LSI_SIST0_SGE 0x08 92 #define LSI_SIST0_RSL 0x10 93 #define LSI_SIST0_SEL 0x20 94 #define LSI_SIST0_CMP 0x40 95 #define LSI_SIST0_MA 0x80 96 97 #define LSI_SIST1_HTH 0x01 98 #define LSI_SIST1_GEN 0x02 99 #define LSI_SIST1_STO 0x04 100 #define LSI_SIST1_SBMC 0x10 101 102 #define LSI_SOCL_IO 0x01 103 #define LSI_SOCL_CD 0x02 104 #define LSI_SOCL_MSG 0x04 105 #define LSI_SOCL_ATN 0x08 106 #define LSI_SOCL_SEL 0x10 107 #define LSI_SOCL_BSY 0x20 108 #define LSI_SOCL_ACK 0x40 109 #define LSI_SOCL_REQ 0x80 110 111 #define LSI_DSTAT_IID 0x01 112 #define LSI_DSTAT_SIR 0x04 113 #define LSI_DSTAT_SSI 0x08 114 #define LSI_DSTAT_ABRT 0x10 115 #define LSI_DSTAT_BF 0x20 116 #define LSI_DSTAT_MDPE 0x40 117 #define LSI_DSTAT_DFE 0x80 118 119 #define LSI_DCNTL_COM 0x01 120 #define LSI_DCNTL_IRQD 0x02 121 #define LSI_DCNTL_STD 0x04 122 #define LSI_DCNTL_IRQM 0x08 123 #define LSI_DCNTL_SSM 0x10 124 #define LSI_DCNTL_PFEN 0x20 125 #define LSI_DCNTL_PFF 0x40 126 #define LSI_DCNTL_CLSE 0x80 127 128 #define LSI_DMODE_MAN 0x01 129 #define LSI_DMODE_BOF 0x02 130 #define LSI_DMODE_ERMP 0x04 131 #define LSI_DMODE_ERL 0x08 132 #define LSI_DMODE_DIOM 0x10 133 #define LSI_DMODE_SIOM 0x20 134 135 #define LSI_CTEST2_DACK 0x01 136 #define LSI_CTEST2_DREQ 0x02 137 #define LSI_CTEST2_TEOP 0x04 138 #define LSI_CTEST2_PCICIE 0x08 139 #define LSI_CTEST2_CM 0x10 140 #define LSI_CTEST2_CIO 0x20 141 #define LSI_CTEST2_SIGP 0x40 142 #define LSI_CTEST2_DDIR 0x80 143 144 #define LSI_CTEST5_BL2 0x04 145 #define LSI_CTEST5_DDIR 0x08 146 #define LSI_CTEST5_MASR 0x10 147 #define LSI_CTEST5_DFSN 0x20 148 #define LSI_CTEST5_BBCK 0x40 149 #define LSI_CTEST5_ADCK 0x80 150 151 #define LSI_CCNTL0_DILS 0x01 152 #define LSI_CCNTL0_DISFC 0x10 153 #define LSI_CCNTL0_ENNDJ 0x20 154 #define LSI_CCNTL0_PMJCTL 0x40 155 #define LSI_CCNTL0_ENPMJ 0x80 156 157 #define LSI_CCNTL1_EN64DBMV 0x01 158 #define LSI_CCNTL1_EN64TIBMV 0x02 159 #define LSI_CCNTL1_64TIMOD 0x04 160 #define LSI_CCNTL1_DDAC 0x08 161 #define LSI_CCNTL1_ZMOD 0x80 162 163 /* Enable Response to Reselection */ 164 #define LSI_SCID_RRE 0x60 165 166 #define LSI_CCNTL1_40BIT (LSI_CCNTL1_EN64TIBMV|LSI_CCNTL1_64TIMOD) 167 168 #define PHASE_DO 0 169 #define PHASE_DI 1 170 #define PHASE_CMD 2 171 #define PHASE_ST 3 172 #define PHASE_MO 6 173 #define PHASE_MI 7 174 #define PHASE_MASK 7 175 176 /* Maximum length of MSG IN data. */ 177 #define LSI_MAX_MSGIN_LEN 8 178 179 /* Flag set if this is a tagged command. */ 180 #define LSI_TAG_VALID (1 << 16) 181 182 typedef struct lsi_request { 183 SCSIRequest *req; 184 uint32_t tag; 185 uint32_t dma_len; 186 uint8_t *dma_buf; 187 uint32_t pending; 188 int out; 189 QTAILQ_ENTRY(lsi_request) next; 190 } lsi_request; 191 192 typedef struct { 193 /*< private >*/ 194 PCIDevice parent_obj; 195 /*< public >*/ 196 197 qemu_irq ext_irq; 198 MemoryRegion mmio_io; 199 MemoryRegion ram_io; 200 MemoryRegion io_io; 201 AddressSpace pci_io_as; 202 203 int carry; /* ??? Should this be an a visible register somewhere? */ 204 int status; 205 /* Action to take at the end of a MSG IN phase. 206 0 = COMMAND, 1 = disconnect, 2 = DATA OUT, 3 = DATA IN. */ 207 int msg_action; 208 int msg_len; 209 uint8_t msg[LSI_MAX_MSGIN_LEN]; 210 /* 0 if SCRIPTS are running or stopped. 211 * 1 if a Wait Reselect instruction has been issued. 212 * 2 if processing DMA from lsi_execute_script. 213 * 3 if a DMA operation is in progress. */ 214 int waiting; 215 SCSIBus bus; 216 int current_lun; 217 /* The tag is a combination of the device ID and the SCSI tag. */ 218 uint32_t select_tag; 219 int command_complete; 220 QTAILQ_HEAD(, lsi_request) queue; 221 lsi_request *current; 222 223 uint32_t dsa; 224 uint32_t temp; 225 uint32_t dnad; 226 uint32_t dbc; 227 uint8_t istat0; 228 uint8_t istat1; 229 uint8_t dcmd; 230 uint8_t dstat; 231 uint8_t dien; 232 uint8_t sist0; 233 uint8_t sist1; 234 uint8_t sien0; 235 uint8_t sien1; 236 uint8_t mbox0; 237 uint8_t mbox1; 238 uint8_t dfifo; 239 uint8_t ctest2; 240 uint8_t ctest3; 241 uint8_t ctest4; 242 uint8_t ctest5; 243 uint8_t ccntl0; 244 uint8_t ccntl1; 245 uint32_t dsp; 246 uint32_t dsps; 247 uint8_t dmode; 248 uint8_t dcntl; 249 uint8_t scntl0; 250 uint8_t scntl1; 251 uint8_t scntl2; 252 uint8_t scntl3; 253 uint8_t sstat0; 254 uint8_t sstat1; 255 uint8_t scid; 256 uint8_t sxfer; 257 uint8_t socl; 258 uint8_t sdid; 259 uint8_t ssid; 260 uint8_t sfbr; 261 uint8_t stest1; 262 uint8_t stest2; 263 uint8_t stest3; 264 uint8_t sidl; 265 uint8_t stime0; 266 uint8_t respid0; 267 uint8_t respid1; 268 uint32_t mmrs; 269 uint32_t mmws; 270 uint32_t sfs; 271 uint32_t drs; 272 uint32_t sbms; 273 uint32_t dbms; 274 uint32_t dnad64; 275 uint32_t pmjad1; 276 uint32_t pmjad2; 277 uint32_t rbc; 278 uint32_t ua; 279 uint32_t ia; 280 uint32_t sbc; 281 uint32_t csbc; 282 uint32_t scratch[18]; /* SCRATCHA-SCRATCHR */ 283 uint8_t sbr; 284 uint32_t adder; 285 286 /* Script ram is stored as 32-bit words in host byteorder. */ 287 uint32_t script_ram[2048]; 288 } LSIState; 289 290 #define TYPE_LSI53C810 "lsi53c810" 291 #define TYPE_LSI53C895A "lsi53c895a" 292 293 #define LSI53C895A(obj) \ 294 OBJECT_CHECK(LSIState, (obj), TYPE_LSI53C895A) 295 296 static inline int lsi_irq_on_rsl(LSIState *s) 297 { 298 return (s->sien0 & LSI_SIST0_RSL) && (s->scid & LSI_SCID_RRE); 299 } 300 301 static lsi_request *get_pending_req(LSIState *s) 302 { 303 lsi_request *p; 304 305 QTAILQ_FOREACH(p, &s->queue, next) { 306 if (p->pending) { 307 return p; 308 } 309 } 310 return NULL; 311 } 312 313 static void lsi_soft_reset(LSIState *s) 314 { 315 trace_lsi_reset(); 316 s->carry = 0; 317 318 s->msg_action = 0; 319 s->msg_len = 0; 320 s->waiting = 0; 321 s->dsa = 0; 322 s->dnad = 0; 323 s->dbc = 0; 324 s->temp = 0; 325 memset(s->scratch, 0, sizeof(s->scratch)); 326 s->istat0 = 0; 327 s->istat1 = 0; 328 s->dcmd = 0x40; 329 s->dstat = 0; 330 s->dien = 0; 331 s->sist0 = 0; 332 s->sist1 = 0; 333 s->sien0 = 0; 334 s->sien1 = 0; 335 s->mbox0 = 0; 336 s->mbox1 = 0; 337 s->dfifo = 0; 338 s->ctest2 = LSI_CTEST2_DACK; 339 s->ctest3 = 0; 340 s->ctest4 = 0; 341 s->ctest5 = 0; 342 s->ccntl0 = 0; 343 s->ccntl1 = 0; 344 s->dsp = 0; 345 s->dsps = 0; 346 s->dmode = 0; 347 s->dcntl = 0; 348 s->scntl0 = 0xc0; 349 s->scntl1 = 0; 350 s->scntl2 = 0; 351 s->scntl3 = 0; 352 s->sstat0 = 0; 353 s->sstat1 = 0; 354 s->scid = 7; 355 s->sxfer = 0; 356 s->socl = 0; 357 s->sdid = 0; 358 s->ssid = 0; 359 s->stest1 = 0; 360 s->stest2 = 0; 361 s->stest3 = 0; 362 s->sidl = 0; 363 s->stime0 = 0; 364 s->respid0 = 0x80; 365 s->respid1 = 0; 366 s->mmrs = 0; 367 s->mmws = 0; 368 s->sfs = 0; 369 s->drs = 0; 370 s->sbms = 0; 371 s->dbms = 0; 372 s->dnad64 = 0; 373 s->pmjad1 = 0; 374 s->pmjad2 = 0; 375 s->rbc = 0; 376 s->ua = 0; 377 s->ia = 0; 378 s->sbc = 0; 379 s->csbc = 0; 380 s->sbr = 0; 381 assert(QTAILQ_EMPTY(&s->queue)); 382 assert(!s->current); 383 } 384 385 static int lsi_dma_40bit(LSIState *s) 386 { 387 if ((s->ccntl1 & LSI_CCNTL1_40BIT) == LSI_CCNTL1_40BIT) 388 return 1; 389 return 0; 390 } 391 392 static int lsi_dma_ti64bit(LSIState *s) 393 { 394 if ((s->ccntl1 & LSI_CCNTL1_EN64TIBMV) == LSI_CCNTL1_EN64TIBMV) 395 return 1; 396 return 0; 397 } 398 399 static int lsi_dma_64bit(LSIState *s) 400 { 401 if ((s->ccntl1 & LSI_CCNTL1_EN64DBMV) == LSI_CCNTL1_EN64DBMV) 402 return 1; 403 return 0; 404 } 405 406 static uint8_t lsi_reg_readb(LSIState *s, int offset); 407 static void lsi_reg_writeb(LSIState *s, int offset, uint8_t val); 408 static void lsi_execute_script(LSIState *s); 409 static void lsi_reselect(LSIState *s, lsi_request *p); 410 411 static inline void lsi_mem_read(LSIState *s, dma_addr_t addr, 412 void *buf, dma_addr_t len) 413 { 414 if (s->dmode & LSI_DMODE_SIOM) { 415 address_space_read(&s->pci_io_as, addr, MEMTXATTRS_UNSPECIFIED, 416 buf, len); 417 } else { 418 pci_dma_read(PCI_DEVICE(s), addr, buf, len); 419 } 420 } 421 422 static inline void lsi_mem_write(LSIState *s, dma_addr_t addr, 423 const void *buf, dma_addr_t len) 424 { 425 if (s->dmode & LSI_DMODE_DIOM) { 426 address_space_write(&s->pci_io_as, addr, MEMTXATTRS_UNSPECIFIED, 427 buf, len); 428 } else { 429 pci_dma_write(PCI_DEVICE(s), addr, buf, len); 430 } 431 } 432 433 static inline uint32_t read_dword(LSIState *s, uint32_t addr) 434 { 435 uint32_t buf; 436 437 pci_dma_read(PCI_DEVICE(s), addr, &buf, 4); 438 return cpu_to_le32(buf); 439 } 440 441 static void lsi_stop_script(LSIState *s) 442 { 443 s->istat1 &= ~LSI_ISTAT1_SRUN; 444 } 445 446 static void lsi_set_irq(LSIState *s, int level) 447 { 448 PCIDevice *d = PCI_DEVICE(s); 449 450 if (s->ext_irq) { 451 qemu_set_irq(s->ext_irq, level); 452 } else { 453 pci_set_irq(d, level); 454 } 455 } 456 457 static void lsi_update_irq(LSIState *s) 458 { 459 int level; 460 static int last_level; 461 462 /* It's unclear whether the DIP/SIP bits should be cleared when the 463 Interrupt Status Registers are cleared or when istat0 is read. 464 We currently do the formwer, which seems to work. */ 465 level = 0; 466 if (s->dstat) { 467 if (s->dstat & s->dien) 468 level = 1; 469 s->istat0 |= LSI_ISTAT0_DIP; 470 } else { 471 s->istat0 &= ~LSI_ISTAT0_DIP; 472 } 473 474 if (s->sist0 || s->sist1) { 475 if ((s->sist0 & s->sien0) || (s->sist1 & s->sien1)) 476 level = 1; 477 s->istat0 |= LSI_ISTAT0_SIP; 478 } else { 479 s->istat0 &= ~LSI_ISTAT0_SIP; 480 } 481 if (s->istat0 & LSI_ISTAT0_INTF) 482 level = 1; 483 484 if (level != last_level) { 485 trace_lsi_update_irq(level, s->dstat, s->sist1, s->sist0); 486 last_level = level; 487 } 488 lsi_set_irq(s, level); 489 490 if (!s->current && !level && lsi_irq_on_rsl(s) && !(s->scntl1 & LSI_SCNTL1_CON)) { 491 lsi_request *p; 492 493 trace_lsi_update_irq_disconnected(); 494 p = get_pending_req(s); 495 if (p) { 496 lsi_reselect(s, p); 497 } 498 } 499 } 500 501 /* Stop SCRIPTS execution and raise a SCSI interrupt. */ 502 static void lsi_script_scsi_interrupt(LSIState *s, int stat0, int stat1) 503 { 504 uint32_t mask0; 505 uint32_t mask1; 506 507 trace_lsi_script_scsi_interrupt(stat1, stat0, s->sist1, s->sist0); 508 s->sist0 |= stat0; 509 s->sist1 |= stat1; 510 /* Stop processor on fatal or unmasked interrupt. As a special hack 511 we don't stop processing when raising STO. Instead continue 512 execution and stop at the next insn that accesses the SCSI bus. */ 513 mask0 = s->sien0 | ~(LSI_SIST0_CMP | LSI_SIST0_SEL | LSI_SIST0_RSL); 514 mask1 = s->sien1 | ~(LSI_SIST1_GEN | LSI_SIST1_HTH); 515 mask1 &= ~LSI_SIST1_STO; 516 if (s->sist0 & mask0 || s->sist1 & mask1) { 517 lsi_stop_script(s); 518 } 519 lsi_update_irq(s); 520 } 521 522 /* Stop SCRIPTS execution and raise a DMA interrupt. */ 523 static void lsi_script_dma_interrupt(LSIState *s, int stat) 524 { 525 trace_lsi_script_dma_interrupt(stat, s->dstat); 526 s->dstat |= stat; 527 lsi_update_irq(s); 528 lsi_stop_script(s); 529 } 530 531 static inline void lsi_set_phase(LSIState *s, int phase) 532 { 533 s->sstat1 = (s->sstat1 & ~PHASE_MASK) | phase; 534 } 535 536 static void lsi_bad_phase(LSIState *s, int out, int new_phase) 537 { 538 /* Trigger a phase mismatch. */ 539 if (s->ccntl0 & LSI_CCNTL0_ENPMJ) { 540 if ((s->ccntl0 & LSI_CCNTL0_PMJCTL)) { 541 s->dsp = out ? s->pmjad1 : s->pmjad2; 542 } else { 543 s->dsp = (s->scntl2 & LSI_SCNTL2_WSR ? s->pmjad2 : s->pmjad1); 544 } 545 trace_lsi_bad_phase_jump(s->dsp); 546 } else { 547 trace_lsi_bad_phase_interrupt(); 548 lsi_script_scsi_interrupt(s, LSI_SIST0_MA, 0); 549 lsi_stop_script(s); 550 } 551 lsi_set_phase(s, new_phase); 552 } 553 554 555 /* Resume SCRIPTS execution after a DMA operation. */ 556 static void lsi_resume_script(LSIState *s) 557 { 558 if (s->waiting != 2) { 559 s->waiting = 0; 560 lsi_execute_script(s); 561 } else { 562 s->waiting = 0; 563 } 564 } 565 566 static void lsi_disconnect(LSIState *s) 567 { 568 s->scntl1 &= ~LSI_SCNTL1_CON; 569 s->sstat1 &= ~PHASE_MASK; 570 } 571 572 static void lsi_bad_selection(LSIState *s, uint32_t id) 573 { 574 trace_lsi_bad_selection(id); 575 lsi_script_scsi_interrupt(s, 0, LSI_SIST1_STO); 576 lsi_disconnect(s); 577 } 578 579 /* Initiate a SCSI layer data transfer. */ 580 static void lsi_do_dma(LSIState *s, int out) 581 { 582 uint32_t count; 583 dma_addr_t addr; 584 SCSIDevice *dev; 585 586 assert(s->current); 587 if (!s->current->dma_len) { 588 /* Wait until data is available. */ 589 trace_lsi_do_dma_unavailable(); 590 return; 591 } 592 593 dev = s->current->req->dev; 594 assert(dev); 595 596 count = s->dbc; 597 if (count > s->current->dma_len) 598 count = s->current->dma_len; 599 600 addr = s->dnad; 601 /* both 40 and Table Indirect 64-bit DMAs store upper bits in dnad64 */ 602 if (lsi_dma_40bit(s) || lsi_dma_ti64bit(s)) 603 addr |= ((uint64_t)s->dnad64 << 32); 604 else if (s->dbms) 605 addr |= ((uint64_t)s->dbms << 32); 606 else if (s->sbms) 607 addr |= ((uint64_t)s->sbms << 32); 608 609 trace_lsi_do_dma(addr, count); 610 s->csbc += count; 611 s->dnad += count; 612 s->dbc -= count; 613 if (s->current->dma_buf == NULL) { 614 s->current->dma_buf = scsi_req_get_buf(s->current->req); 615 } 616 /* ??? Set SFBR to first data byte. */ 617 if (out) { 618 lsi_mem_read(s, addr, s->current->dma_buf, count); 619 } else { 620 lsi_mem_write(s, addr, s->current->dma_buf, count); 621 } 622 s->current->dma_len -= count; 623 if (s->current->dma_len == 0) { 624 s->current->dma_buf = NULL; 625 scsi_req_continue(s->current->req); 626 } else { 627 s->current->dma_buf += count; 628 lsi_resume_script(s); 629 } 630 } 631 632 633 /* Add a command to the queue. */ 634 static void lsi_queue_command(LSIState *s) 635 { 636 lsi_request *p = s->current; 637 638 trace_lsi_queue_command(p->tag); 639 assert(s->current != NULL); 640 assert(s->current->dma_len == 0); 641 QTAILQ_INSERT_TAIL(&s->queue, s->current, next); 642 s->current = NULL; 643 644 p->pending = 0; 645 p->out = (s->sstat1 & PHASE_MASK) == PHASE_DO; 646 } 647 648 /* Queue a byte for a MSG IN phase. */ 649 static void lsi_add_msg_byte(LSIState *s, uint8_t data) 650 { 651 if (s->msg_len >= LSI_MAX_MSGIN_LEN) { 652 trace_lsi_add_msg_byte_error(); 653 } else { 654 trace_lsi_add_msg_byte(data); 655 s->msg[s->msg_len++] = data; 656 } 657 } 658 659 /* Perform reselection to continue a command. */ 660 static void lsi_reselect(LSIState *s, lsi_request *p) 661 { 662 int id; 663 664 assert(s->current == NULL); 665 QTAILQ_REMOVE(&s->queue, p, next); 666 s->current = p; 667 668 id = (p->tag >> 8) & 0xf; 669 s->ssid = id | 0x80; 670 /* LSI53C700 Family Compatibility, see LSI53C895A 4-73 */ 671 if (!(s->dcntl & LSI_DCNTL_COM)) { 672 s->sfbr = 1 << (id & 0x7); 673 } 674 trace_lsi_reselect(id); 675 s->scntl1 |= LSI_SCNTL1_CON; 676 lsi_set_phase(s, PHASE_MI); 677 s->msg_action = p->out ? 2 : 3; 678 s->current->dma_len = p->pending; 679 lsi_add_msg_byte(s, 0x80); 680 if (s->current->tag & LSI_TAG_VALID) { 681 lsi_add_msg_byte(s, 0x20); 682 lsi_add_msg_byte(s, p->tag & 0xff); 683 } 684 685 if (lsi_irq_on_rsl(s)) { 686 lsi_script_scsi_interrupt(s, LSI_SIST0_RSL, 0); 687 } 688 } 689 690 static lsi_request *lsi_find_by_tag(LSIState *s, uint32_t tag) 691 { 692 lsi_request *p; 693 694 QTAILQ_FOREACH(p, &s->queue, next) { 695 if (p->tag == tag) { 696 return p; 697 } 698 } 699 700 return NULL; 701 } 702 703 static void lsi_request_free(LSIState *s, lsi_request *p) 704 { 705 if (p == s->current) { 706 s->current = NULL; 707 } else { 708 QTAILQ_REMOVE(&s->queue, p, next); 709 } 710 g_free(p); 711 } 712 713 static void lsi_request_cancelled(SCSIRequest *req) 714 { 715 LSIState *s = LSI53C895A(req->bus->qbus.parent); 716 lsi_request *p = req->hba_private; 717 718 req->hba_private = NULL; 719 lsi_request_free(s, p); 720 scsi_req_unref(req); 721 } 722 723 /* Record that data is available for a queued command. Returns zero if 724 the device was reselected, nonzero if the IO is deferred. */ 725 static int lsi_queue_req(LSIState *s, SCSIRequest *req, uint32_t len) 726 { 727 lsi_request *p = req->hba_private; 728 729 if (p->pending) { 730 trace_lsi_queue_req_error(p); 731 } 732 p->pending = len; 733 /* Reselect if waiting for it, or if reselection triggers an IRQ 734 and the bus is free. 735 Since no interrupt stacking is implemented in the emulation, it 736 is also required that there are no pending interrupts waiting 737 for service from the device driver. */ 738 if (s->waiting == 1 || 739 (lsi_irq_on_rsl(s) && !(s->scntl1 & LSI_SCNTL1_CON) && 740 !(s->istat0 & (LSI_ISTAT0_SIP | LSI_ISTAT0_DIP)))) { 741 /* Reselect device. */ 742 lsi_reselect(s, p); 743 return 0; 744 } else { 745 trace_lsi_queue_req(p->tag); 746 p->pending = len; 747 return 1; 748 } 749 } 750 751 /* Callback to indicate that the SCSI layer has completed a command. */ 752 static void lsi_command_complete(SCSIRequest *req, uint32_t status, size_t resid) 753 { 754 LSIState *s = LSI53C895A(req->bus->qbus.parent); 755 int out; 756 757 out = (s->sstat1 & PHASE_MASK) == PHASE_DO; 758 trace_lsi_command_complete(status); 759 s->status = status; 760 s->command_complete = 2; 761 if (s->waiting && s->dbc != 0) { 762 /* Raise phase mismatch for short transfers. */ 763 lsi_bad_phase(s, out, PHASE_ST); 764 } else { 765 lsi_set_phase(s, PHASE_ST); 766 } 767 768 if (req->hba_private == s->current) { 769 req->hba_private = NULL; 770 lsi_request_free(s, s->current); 771 scsi_req_unref(req); 772 } 773 lsi_resume_script(s); 774 } 775 776 /* Callback to indicate that the SCSI layer has completed a transfer. */ 777 static void lsi_transfer_data(SCSIRequest *req, uint32_t len) 778 { 779 LSIState *s = LSI53C895A(req->bus->qbus.parent); 780 int out; 781 782 assert(req->hba_private); 783 if (s->waiting == 1 || req->hba_private != s->current || 784 (lsi_irq_on_rsl(s) && !(s->scntl1 & LSI_SCNTL1_CON))) { 785 if (lsi_queue_req(s, req, len)) { 786 return; 787 } 788 } 789 790 out = (s->sstat1 & PHASE_MASK) == PHASE_DO; 791 792 /* host adapter (re)connected */ 793 trace_lsi_transfer_data(req->tag, len); 794 s->current->dma_len = len; 795 s->command_complete = 1; 796 if (s->waiting) { 797 if (s->waiting == 1 || s->dbc == 0) { 798 lsi_resume_script(s); 799 } else { 800 lsi_do_dma(s, out); 801 } 802 } 803 } 804 805 static void lsi_do_command(LSIState *s) 806 { 807 SCSIDevice *dev; 808 uint8_t buf[16]; 809 uint32_t id; 810 int n; 811 812 trace_lsi_do_command(s->dbc); 813 if (s->dbc > 16) 814 s->dbc = 16; 815 pci_dma_read(PCI_DEVICE(s), s->dnad, buf, s->dbc); 816 s->sfbr = buf[0]; 817 s->command_complete = 0; 818 819 id = (s->select_tag >> 8) & 0xf; 820 dev = scsi_device_find(&s->bus, 0, id, s->current_lun); 821 if (!dev) { 822 lsi_bad_selection(s, id); 823 return; 824 } 825 826 assert(s->current == NULL); 827 s->current = g_new0(lsi_request, 1); 828 s->current->tag = s->select_tag; 829 s->current->req = scsi_req_new(dev, s->current->tag, s->current_lun, buf, 830 s->current); 831 832 n = scsi_req_enqueue(s->current->req); 833 if (n) { 834 if (n > 0) { 835 lsi_set_phase(s, PHASE_DI); 836 } else if (n < 0) { 837 lsi_set_phase(s, PHASE_DO); 838 } 839 scsi_req_continue(s->current->req); 840 } 841 if (!s->command_complete) { 842 if (n) { 843 /* Command did not complete immediately so disconnect. */ 844 lsi_add_msg_byte(s, 2); /* SAVE DATA POINTER */ 845 lsi_add_msg_byte(s, 4); /* DISCONNECT */ 846 /* wait data */ 847 lsi_set_phase(s, PHASE_MI); 848 s->msg_action = 1; 849 lsi_queue_command(s); 850 } else { 851 /* wait command complete */ 852 lsi_set_phase(s, PHASE_DI); 853 } 854 } 855 } 856 857 static void lsi_do_status(LSIState *s) 858 { 859 uint8_t status; 860 trace_lsi_do_status(s->dbc, s->status); 861 if (s->dbc != 1) { 862 trace_lsi_do_status_error(); 863 } 864 s->dbc = 1; 865 status = s->status; 866 s->sfbr = status; 867 pci_dma_write(PCI_DEVICE(s), s->dnad, &status, 1); 868 lsi_set_phase(s, PHASE_MI); 869 s->msg_action = 1; 870 lsi_add_msg_byte(s, 0); /* COMMAND COMPLETE */ 871 } 872 873 static void lsi_do_msgin(LSIState *s) 874 { 875 uint8_t len; 876 trace_lsi_do_msgin(s->dbc, s->msg_len); 877 s->sfbr = s->msg[0]; 878 len = s->msg_len; 879 assert(len > 0 && len <= LSI_MAX_MSGIN_LEN); 880 if (len > s->dbc) 881 len = s->dbc; 882 pci_dma_write(PCI_DEVICE(s), s->dnad, s->msg, len); 883 /* Linux drivers rely on the last byte being in the SIDL. */ 884 s->sidl = s->msg[len - 1]; 885 s->msg_len -= len; 886 if (s->msg_len) { 887 memmove(s->msg, s->msg + len, s->msg_len); 888 } else { 889 /* ??? Check if ATN (not yet implemented) is asserted and maybe 890 switch to PHASE_MO. */ 891 switch (s->msg_action) { 892 case 0: 893 lsi_set_phase(s, PHASE_CMD); 894 break; 895 case 1: 896 lsi_disconnect(s); 897 break; 898 case 2: 899 lsi_set_phase(s, PHASE_DO); 900 break; 901 case 3: 902 lsi_set_phase(s, PHASE_DI); 903 break; 904 default: 905 abort(); 906 } 907 } 908 } 909 910 /* Read the next byte during a MSGOUT phase. */ 911 static uint8_t lsi_get_msgbyte(LSIState *s) 912 { 913 uint8_t data; 914 pci_dma_read(PCI_DEVICE(s), s->dnad, &data, 1); 915 s->dnad++; 916 s->dbc--; 917 return data; 918 } 919 920 /* Skip the next n bytes during a MSGOUT phase. */ 921 static void lsi_skip_msgbytes(LSIState *s, unsigned int n) 922 { 923 s->dnad += n; 924 s->dbc -= n; 925 } 926 927 static void lsi_do_msgout(LSIState *s) 928 { 929 uint8_t msg; 930 int len; 931 uint32_t current_tag; 932 lsi_request *current_req, *p, *p_next; 933 934 if (s->current) { 935 current_tag = s->current->tag; 936 current_req = s->current; 937 } else { 938 current_tag = s->select_tag; 939 current_req = lsi_find_by_tag(s, current_tag); 940 } 941 942 trace_lsi_do_msgout(s->dbc); 943 while (s->dbc) { 944 msg = lsi_get_msgbyte(s); 945 s->sfbr = msg; 946 947 switch (msg) { 948 case 0x04: 949 trace_lsi_do_msgout_disconnect(); 950 lsi_disconnect(s); 951 break; 952 case 0x08: 953 trace_lsi_do_msgout_noop(); 954 lsi_set_phase(s, PHASE_CMD); 955 break; 956 case 0x01: 957 len = lsi_get_msgbyte(s); 958 msg = lsi_get_msgbyte(s); 959 (void)len; /* avoid a warning about unused variable*/ 960 trace_lsi_do_msgout_extended(msg, len); 961 switch (msg) { 962 case 1: 963 trace_lsi_do_msgout_ignored("SDTR"); 964 lsi_skip_msgbytes(s, 2); 965 break; 966 case 3: 967 trace_lsi_do_msgout_ignored("WDTR"); 968 lsi_skip_msgbytes(s, 1); 969 break; 970 case 4: 971 trace_lsi_do_msgout_ignored("PPR"); 972 lsi_skip_msgbytes(s, 5); 973 break; 974 default: 975 goto bad; 976 } 977 break; 978 case 0x20: /* SIMPLE queue */ 979 s->select_tag |= lsi_get_msgbyte(s) | LSI_TAG_VALID; 980 trace_lsi_do_msgout_simplequeue(s->select_tag & 0xff); 981 break; 982 case 0x21: /* HEAD of queue */ 983 qemu_log_mask(LOG_UNIMP, "lsi_scsi: HEAD queue not implemented\n"); 984 s->select_tag |= lsi_get_msgbyte(s) | LSI_TAG_VALID; 985 break; 986 case 0x22: /* ORDERED queue */ 987 qemu_log_mask(LOG_UNIMP, 988 "lsi_scsi: ORDERED queue not implemented\n"); 989 s->select_tag |= lsi_get_msgbyte(s) | LSI_TAG_VALID; 990 break; 991 case 0x0d: 992 /* The ABORT TAG message clears the current I/O process only. */ 993 trace_lsi_do_msgout_abort(current_tag); 994 if (current_req) { 995 scsi_req_cancel(current_req->req); 996 } 997 lsi_disconnect(s); 998 break; 999 case 0x06: 1000 case 0x0e: 1001 case 0x0c: 1002 /* The ABORT message clears all I/O processes for the selecting 1003 initiator on the specified logical unit of the target. */ 1004 if (msg == 0x06) { 1005 trace_lsi_do_msgout_abort(current_tag); 1006 } 1007 /* The CLEAR QUEUE message clears all I/O processes for all 1008 initiators on the specified logical unit of the target. */ 1009 if (msg == 0x0e) { 1010 trace_lsi_do_msgout_clearqueue(current_tag); 1011 } 1012 /* The BUS DEVICE RESET message clears all I/O processes for all 1013 initiators on all logical units of the target. */ 1014 if (msg == 0x0c) { 1015 trace_lsi_do_msgout_busdevicereset(current_tag); 1016 } 1017 1018 /* clear the current I/O process */ 1019 if (s->current) { 1020 scsi_req_cancel(s->current->req); 1021 } 1022 1023 /* As the current implemented devices scsi_disk and scsi_generic 1024 only support one LUN, we don't need to keep track of LUNs. 1025 Clearing I/O processes for other initiators could be possible 1026 for scsi_generic by sending a SG_SCSI_RESET to the /dev/sgX 1027 device, but this is currently not implemented (and seems not 1028 to be really necessary). So let's simply clear all queued 1029 commands for the current device: */ 1030 QTAILQ_FOREACH_SAFE(p, &s->queue, next, p_next) { 1031 if ((p->tag & 0x0000ff00) == (current_tag & 0x0000ff00)) { 1032 scsi_req_cancel(p->req); 1033 } 1034 } 1035 1036 lsi_disconnect(s); 1037 break; 1038 default: 1039 if ((msg & 0x80) == 0) { 1040 goto bad; 1041 } 1042 s->current_lun = msg & 7; 1043 trace_lsi_do_msgout_select(s->current_lun); 1044 lsi_set_phase(s, PHASE_CMD); 1045 break; 1046 } 1047 } 1048 return; 1049 bad: 1050 qemu_log_mask(LOG_UNIMP, "Unimplemented message 0x%02x\n", msg); 1051 lsi_set_phase(s, PHASE_MI); 1052 lsi_add_msg_byte(s, 7); /* MESSAGE REJECT */ 1053 s->msg_action = 0; 1054 } 1055 1056 #define LSI_BUF_SIZE 4096 1057 static void lsi_memcpy(LSIState *s, uint32_t dest, uint32_t src, int count) 1058 { 1059 int n; 1060 uint8_t buf[LSI_BUF_SIZE]; 1061 1062 trace_lsi_memcpy(dest, src, count); 1063 while (count) { 1064 n = (count > LSI_BUF_SIZE) ? LSI_BUF_SIZE : count; 1065 lsi_mem_read(s, src, buf, n); 1066 lsi_mem_write(s, dest, buf, n); 1067 src += n; 1068 dest += n; 1069 count -= n; 1070 } 1071 } 1072 1073 static void lsi_wait_reselect(LSIState *s) 1074 { 1075 lsi_request *p; 1076 1077 trace_lsi_wait_reselect(); 1078 1079 if (s->current) { 1080 return; 1081 } 1082 p = get_pending_req(s); 1083 if (p) { 1084 lsi_reselect(s, p); 1085 } 1086 if (s->current == NULL) { 1087 s->waiting = 1; 1088 } 1089 } 1090 1091 static void lsi_execute_script(LSIState *s) 1092 { 1093 PCIDevice *pci_dev = PCI_DEVICE(s); 1094 uint32_t insn; 1095 uint32_t addr, addr_high; 1096 int opcode; 1097 int insn_processed = 0; 1098 1099 s->istat1 |= LSI_ISTAT1_SRUN; 1100 again: 1101 insn_processed++; 1102 insn = read_dword(s, s->dsp); 1103 if (!insn) { 1104 /* If we receive an empty opcode increment the DSP by 4 bytes 1105 instead of 8 and execute the next opcode at that location */ 1106 s->dsp += 4; 1107 goto again; 1108 } 1109 addr = read_dword(s, s->dsp + 4); 1110 addr_high = 0; 1111 trace_lsi_execute_script(s->dsp, insn, addr); 1112 s->dsps = addr; 1113 s->dcmd = insn >> 24; 1114 s->dsp += 8; 1115 switch (insn >> 30) { 1116 case 0: /* Block move. */ 1117 if (s->sist1 & LSI_SIST1_STO) { 1118 trace_lsi_execute_script_blockmove_delayed(); 1119 lsi_stop_script(s); 1120 break; 1121 } 1122 s->dbc = insn & 0xffffff; 1123 s->rbc = s->dbc; 1124 /* ??? Set ESA. */ 1125 s->ia = s->dsp - 8; 1126 if (insn & (1 << 29)) { 1127 /* Indirect addressing. */ 1128 addr = read_dword(s, addr); 1129 } else if (insn & (1 << 28)) { 1130 uint32_t buf[2]; 1131 int32_t offset; 1132 /* Table indirect addressing. */ 1133 1134 /* 32-bit Table indirect */ 1135 offset = sextract32(addr, 0, 24); 1136 pci_dma_read(pci_dev, s->dsa + offset, buf, 8); 1137 /* byte count is stored in bits 0:23 only */ 1138 s->dbc = cpu_to_le32(buf[0]) & 0xffffff; 1139 s->rbc = s->dbc; 1140 addr = cpu_to_le32(buf[1]); 1141 1142 /* 40-bit DMA, upper addr bits [39:32] stored in first DWORD of 1143 * table, bits [31:24] */ 1144 if (lsi_dma_40bit(s)) 1145 addr_high = cpu_to_le32(buf[0]) >> 24; 1146 else if (lsi_dma_ti64bit(s)) { 1147 int selector = (cpu_to_le32(buf[0]) >> 24) & 0x1f; 1148 switch (selector) { 1149 case 0 ... 0x0f: 1150 /* offset index into scratch registers since 1151 * TI64 mode can use registers C to R */ 1152 addr_high = s->scratch[2 + selector]; 1153 break; 1154 case 0x10: 1155 addr_high = s->mmrs; 1156 break; 1157 case 0x11: 1158 addr_high = s->mmws; 1159 break; 1160 case 0x12: 1161 addr_high = s->sfs; 1162 break; 1163 case 0x13: 1164 addr_high = s->drs; 1165 break; 1166 case 0x14: 1167 addr_high = s->sbms; 1168 break; 1169 case 0x15: 1170 addr_high = s->dbms; 1171 break; 1172 default: 1173 qemu_log_mask(LOG_GUEST_ERROR, 1174 "lsi_scsi: Illegal selector specified (0x%x > 0x15) " 1175 "for 64-bit DMA block move", selector); 1176 break; 1177 } 1178 } 1179 } else if (lsi_dma_64bit(s)) { 1180 /* fetch a 3rd dword if 64-bit direct move is enabled and 1181 only if we're not doing table indirect or indirect addressing */ 1182 s->dbms = read_dword(s, s->dsp); 1183 s->dsp += 4; 1184 s->ia = s->dsp - 12; 1185 } 1186 if ((s->sstat1 & PHASE_MASK) != ((insn >> 24) & 7)) { 1187 trace_lsi_execute_script_blockmove_badphase(s->sstat1 & PHASE_MASK, 1188 (insn >> 24) & 7); 1189 lsi_script_scsi_interrupt(s, LSI_SIST0_MA, 0); 1190 break; 1191 } 1192 s->dnad = addr; 1193 s->dnad64 = addr_high; 1194 switch (s->sstat1 & 0x7) { 1195 case PHASE_DO: 1196 s->waiting = 2; 1197 lsi_do_dma(s, 1); 1198 if (s->waiting) 1199 s->waiting = 3; 1200 break; 1201 case PHASE_DI: 1202 s->waiting = 2; 1203 lsi_do_dma(s, 0); 1204 if (s->waiting) 1205 s->waiting = 3; 1206 break; 1207 case PHASE_CMD: 1208 lsi_do_command(s); 1209 break; 1210 case PHASE_ST: 1211 lsi_do_status(s); 1212 break; 1213 case PHASE_MO: 1214 lsi_do_msgout(s); 1215 break; 1216 case PHASE_MI: 1217 lsi_do_msgin(s); 1218 break; 1219 default: 1220 qemu_log_mask(LOG_UNIMP, "lsi_scsi: Unimplemented phase %d\n", 1221 s->sstat1 & PHASE_MASK); 1222 } 1223 s->dfifo = s->dbc & 0xff; 1224 s->ctest5 = (s->ctest5 & 0xfc) | ((s->dbc >> 8) & 3); 1225 s->sbc = s->dbc; 1226 s->rbc -= s->dbc; 1227 s->ua = addr + s->dbc; 1228 break; 1229 1230 case 1: /* IO or Read/Write instruction. */ 1231 opcode = (insn >> 27) & 7; 1232 if (opcode < 5) { 1233 uint32_t id; 1234 1235 if (insn & (1 << 25)) { 1236 id = read_dword(s, s->dsa + sextract32(insn, 0, 24)); 1237 } else { 1238 id = insn; 1239 } 1240 id = (id >> 16) & 0xf; 1241 if (insn & (1 << 26)) { 1242 addr = s->dsp + sextract32(addr, 0, 24); 1243 } 1244 s->dnad = addr; 1245 switch (opcode) { 1246 case 0: /* Select */ 1247 s->sdid = id; 1248 if (s->scntl1 & LSI_SCNTL1_CON) { 1249 trace_lsi_execute_script_io_alreadyreselected(); 1250 s->dsp = s->dnad; 1251 break; 1252 } 1253 s->sstat0 |= LSI_SSTAT0_WOA; 1254 s->scntl1 &= ~LSI_SCNTL1_IARB; 1255 if (!scsi_device_find(&s->bus, 0, id, 0)) { 1256 lsi_bad_selection(s, id); 1257 break; 1258 } 1259 trace_lsi_execute_script_io_selected(id, 1260 insn & (1 << 3) ? " ATN" : ""); 1261 /* ??? Linux drivers compain when this is set. Maybe 1262 it only applies in low-level mode (unimplemented). 1263 lsi_script_scsi_interrupt(s, LSI_SIST0_CMP, 0); */ 1264 s->select_tag = id << 8; 1265 s->scntl1 |= LSI_SCNTL1_CON; 1266 if (insn & (1 << 3)) { 1267 s->socl |= LSI_SOCL_ATN; 1268 } 1269 lsi_set_phase(s, PHASE_MO); 1270 break; 1271 case 1: /* Disconnect */ 1272 trace_lsi_execute_script_io_disconnect(); 1273 s->scntl1 &= ~LSI_SCNTL1_CON; 1274 /* FIXME: this is not entirely correct; the target need not ask 1275 * for reselection until it has to send data, while here we force a 1276 * reselection as soon as the bus is free. The correct flow would 1277 * reselect before lsi_transfer_data and disconnect as soon as 1278 * DMA ends. 1279 */ 1280 if (!s->current) { 1281 lsi_request *p = get_pending_req(s); 1282 if (p) { 1283 lsi_reselect(s, p); 1284 } 1285 } 1286 break; 1287 case 2: /* Wait Reselect */ 1288 if (!lsi_irq_on_rsl(s)) { 1289 lsi_wait_reselect(s); 1290 } 1291 break; 1292 case 3: /* Set */ 1293 trace_lsi_execute_script_io_set( 1294 insn & (1 << 3) ? " ATN" : "", 1295 insn & (1 << 6) ? " ACK" : "", 1296 insn & (1 << 9) ? " TM" : "", 1297 insn & (1 << 10) ? " CC" : ""); 1298 if (insn & (1 << 3)) { 1299 s->socl |= LSI_SOCL_ATN; 1300 lsi_set_phase(s, PHASE_MO); 1301 } 1302 if (insn & (1 << 9)) { 1303 qemu_log_mask(LOG_UNIMP, 1304 "lsi_scsi: Target mode not implemented\n"); 1305 } 1306 if (insn & (1 << 10)) 1307 s->carry = 1; 1308 break; 1309 case 4: /* Clear */ 1310 trace_lsi_execute_script_io_clear( 1311 insn & (1 << 3) ? " ATN" : "", 1312 insn & (1 << 6) ? " ACK" : "", 1313 insn & (1 << 9) ? " TM" : "", 1314 insn & (1 << 10) ? " CC" : ""); 1315 if (insn & (1 << 3)) { 1316 s->socl &= ~LSI_SOCL_ATN; 1317 } 1318 if (insn & (1 << 10)) 1319 s->carry = 0; 1320 break; 1321 } 1322 } else { 1323 uint8_t op0; 1324 uint8_t op1; 1325 uint8_t data8; 1326 int reg; 1327 int operator; 1328 1329 static const char *opcode_names[3] = 1330 {"Write", "Read", "Read-Modify-Write"}; 1331 static const char *operator_names[8] = 1332 {"MOV", "SHL", "OR", "XOR", "AND", "SHR", "ADD", "ADC"}; 1333 1334 reg = ((insn >> 16) & 0x7f) | (insn & 0x80); 1335 data8 = (insn >> 8) & 0xff; 1336 opcode = (insn >> 27) & 7; 1337 operator = (insn >> 24) & 7; 1338 trace_lsi_execute_script_io_opcode( 1339 opcode_names[opcode - 5], reg, 1340 operator_names[operator], data8, s->sfbr, 1341 (insn & (1 << 23)) ? " SFBR" : ""); 1342 op0 = op1 = 0; 1343 switch (opcode) { 1344 case 5: /* From SFBR */ 1345 op0 = s->sfbr; 1346 op1 = data8; 1347 break; 1348 case 6: /* To SFBR */ 1349 if (operator) 1350 op0 = lsi_reg_readb(s, reg); 1351 op1 = data8; 1352 break; 1353 case 7: /* Read-modify-write */ 1354 if (operator) 1355 op0 = lsi_reg_readb(s, reg); 1356 if (insn & (1 << 23)) { 1357 op1 = s->sfbr; 1358 } else { 1359 op1 = data8; 1360 } 1361 break; 1362 } 1363 1364 switch (operator) { 1365 case 0: /* move */ 1366 op0 = op1; 1367 break; 1368 case 1: /* Shift left */ 1369 op1 = op0 >> 7; 1370 op0 = (op0 << 1) | s->carry; 1371 s->carry = op1; 1372 break; 1373 case 2: /* OR */ 1374 op0 |= op1; 1375 break; 1376 case 3: /* XOR */ 1377 op0 ^= op1; 1378 break; 1379 case 4: /* AND */ 1380 op0 &= op1; 1381 break; 1382 case 5: /* SHR */ 1383 op1 = op0 & 1; 1384 op0 = (op0 >> 1) | (s->carry << 7); 1385 s->carry = op1; 1386 break; 1387 case 6: /* ADD */ 1388 op0 += op1; 1389 s->carry = op0 < op1; 1390 break; 1391 case 7: /* ADC */ 1392 op0 += op1 + s->carry; 1393 if (s->carry) 1394 s->carry = op0 <= op1; 1395 else 1396 s->carry = op0 < op1; 1397 break; 1398 } 1399 1400 switch (opcode) { 1401 case 5: /* From SFBR */ 1402 case 7: /* Read-modify-write */ 1403 lsi_reg_writeb(s, reg, op0); 1404 break; 1405 case 6: /* To SFBR */ 1406 s->sfbr = op0; 1407 break; 1408 } 1409 } 1410 break; 1411 1412 case 2: /* Transfer Control. */ 1413 { 1414 int cond; 1415 int jmp; 1416 1417 if ((insn & 0x002e0000) == 0) { 1418 trace_lsi_execute_script_tc_nop(); 1419 break; 1420 } 1421 if (s->sist1 & LSI_SIST1_STO) { 1422 trace_lsi_execute_script_tc_delayedselect_timeout(); 1423 lsi_stop_script(s); 1424 break; 1425 } 1426 cond = jmp = (insn & (1 << 19)) != 0; 1427 if (cond == jmp && (insn & (1 << 21))) { 1428 trace_lsi_execute_script_tc_compc(s->carry == jmp); 1429 cond = s->carry != 0; 1430 } 1431 if (cond == jmp && (insn & (1 << 17))) { 1432 trace_lsi_execute_script_tc_compp( 1433 (s->sstat1 & PHASE_MASK), 1434 jmp ? '=' : '!', 1435 ((insn >> 24) & 7)); 1436 cond = (s->sstat1 & PHASE_MASK) == ((insn >> 24) & 7); 1437 } 1438 if (cond == jmp && (insn & (1 << 18))) { 1439 uint8_t mask; 1440 1441 mask = (~insn >> 8) & 0xff; 1442 trace_lsi_execute_script_tc_compd( 1443 s->sfbr, mask, jmp ? '=' : '!', insn & mask); 1444 cond = (s->sfbr & mask) == (insn & mask); 1445 } 1446 if (cond == jmp) { 1447 if (insn & (1 << 23)) { 1448 /* Relative address. */ 1449 addr = s->dsp + sextract32(addr, 0, 24); 1450 } 1451 switch ((insn >> 27) & 7) { 1452 case 0: /* Jump */ 1453 trace_lsi_execute_script_tc_jump(addr); 1454 s->adder = addr; 1455 s->dsp = addr; 1456 break; 1457 case 1: /* Call */ 1458 trace_lsi_execute_script_tc_call(addr); 1459 s->temp = s->dsp; 1460 s->dsp = addr; 1461 break; 1462 case 2: /* Return */ 1463 trace_lsi_execute_script_tc_return(s->temp); 1464 s->dsp = s->temp; 1465 break; 1466 case 3: /* Interrupt */ 1467 trace_lsi_execute_script_tc_interrupt(s->dsps); 1468 if ((insn & (1 << 20)) != 0) { 1469 s->istat0 |= LSI_ISTAT0_INTF; 1470 lsi_update_irq(s); 1471 } else { 1472 lsi_script_dma_interrupt(s, LSI_DSTAT_SIR); 1473 } 1474 break; 1475 default: 1476 trace_lsi_execute_script_tc_illegal(); 1477 lsi_script_dma_interrupt(s, LSI_DSTAT_IID); 1478 break; 1479 } 1480 } else { 1481 trace_lsi_execute_script_tc_cc_failed(); 1482 } 1483 } 1484 break; 1485 1486 case 3: 1487 if ((insn & (1 << 29)) == 0) { 1488 /* Memory move. */ 1489 uint32_t dest; 1490 /* ??? The docs imply the destination address is loaded into 1491 the TEMP register. However the Linux drivers rely on 1492 the value being presrved. */ 1493 dest = read_dword(s, s->dsp); 1494 s->dsp += 4; 1495 lsi_memcpy(s, dest, addr, insn & 0xffffff); 1496 } else { 1497 uint8_t data[7]; 1498 int reg; 1499 int n; 1500 int i; 1501 1502 if (insn & (1 << 28)) { 1503 addr = s->dsa + sextract32(addr, 0, 24); 1504 } 1505 n = (insn & 7); 1506 reg = (insn >> 16) & 0xff; 1507 if (insn & (1 << 24)) { 1508 pci_dma_read(pci_dev, addr, data, n); 1509 trace_lsi_execute_script_mm_load(reg, n, addr, *(int *)data); 1510 for (i = 0; i < n; i++) { 1511 lsi_reg_writeb(s, reg + i, data[i]); 1512 } 1513 } else { 1514 trace_lsi_execute_script_mm_store(reg, n, addr); 1515 for (i = 0; i < n; i++) { 1516 data[i] = lsi_reg_readb(s, reg + i); 1517 } 1518 pci_dma_write(pci_dev, addr, data, n); 1519 } 1520 } 1521 } 1522 if (insn_processed > 10000 && !s->waiting) { 1523 /* Some windows drivers make the device spin waiting for a memory 1524 location to change. If we have been executed a lot of code then 1525 assume this is the case and force an unexpected device disconnect. 1526 This is apparently sufficient to beat the drivers into submission. 1527 */ 1528 if (!(s->sien0 & LSI_SIST0_UDC)) { 1529 qemu_log_mask(LOG_GUEST_ERROR, 1530 "lsi_scsi: inf. loop with UDC masked"); 1531 } 1532 lsi_script_scsi_interrupt(s, LSI_SIST0_UDC, 0); 1533 lsi_disconnect(s); 1534 } else if (s->istat1 & LSI_ISTAT1_SRUN && !s->waiting) { 1535 if (s->dcntl & LSI_DCNTL_SSM) { 1536 lsi_script_dma_interrupt(s, LSI_DSTAT_SSI); 1537 } else { 1538 goto again; 1539 } 1540 } 1541 trace_lsi_execute_script_stop(); 1542 } 1543 1544 static uint8_t lsi_reg_readb(LSIState *s, int offset) 1545 { 1546 uint8_t ret; 1547 1548 #define CASE_GET_REG24(name, addr) \ 1549 case addr: ret = s->name & 0xff; break; \ 1550 case addr + 1: ret = (s->name >> 8) & 0xff; break; \ 1551 case addr + 2: ret = (s->name >> 16) & 0xff; break; 1552 1553 #define CASE_GET_REG32(name, addr) \ 1554 case addr: ret = s->name & 0xff; break; \ 1555 case addr + 1: ret = (s->name >> 8) & 0xff; break; \ 1556 case addr + 2: ret = (s->name >> 16) & 0xff; break; \ 1557 case addr + 3: ret = (s->name >> 24) & 0xff; break; 1558 1559 switch (offset) { 1560 case 0x00: /* SCNTL0 */ 1561 ret = s->scntl0; 1562 break; 1563 case 0x01: /* SCNTL1 */ 1564 ret = s->scntl1; 1565 break; 1566 case 0x02: /* SCNTL2 */ 1567 ret = s->scntl2; 1568 break; 1569 case 0x03: /* SCNTL3 */ 1570 ret = s->scntl3; 1571 break; 1572 case 0x04: /* SCID */ 1573 ret = s->scid; 1574 break; 1575 case 0x05: /* SXFER */ 1576 ret = s->sxfer; 1577 break; 1578 case 0x06: /* SDID */ 1579 ret = s->sdid; 1580 break; 1581 case 0x07: /* GPREG0 */ 1582 ret = 0x7f; 1583 break; 1584 case 0x08: /* Revision ID */ 1585 ret = 0x00; 1586 break; 1587 case 0x09: /* SOCL */ 1588 ret = s->socl; 1589 break; 1590 case 0xa: /* SSID */ 1591 ret = s->ssid; 1592 break; 1593 case 0xb: /* SBCL */ 1594 /* ??? This is not correct. However it's (hopefully) only 1595 used for diagnostics, so should be ok. */ 1596 ret = 0; 1597 break; 1598 case 0xc: /* DSTAT */ 1599 ret = s->dstat | LSI_DSTAT_DFE; 1600 if ((s->istat0 & LSI_ISTAT0_INTF) == 0) 1601 s->dstat = 0; 1602 lsi_update_irq(s); 1603 break; 1604 case 0x0d: /* SSTAT0 */ 1605 ret = s->sstat0; 1606 break; 1607 case 0x0e: /* SSTAT1 */ 1608 ret = s->sstat1; 1609 break; 1610 case 0x0f: /* SSTAT2 */ 1611 ret = s->scntl1 & LSI_SCNTL1_CON ? 0 : 2; 1612 break; 1613 CASE_GET_REG32(dsa, 0x10) 1614 case 0x14: /* ISTAT0 */ 1615 ret = s->istat0; 1616 break; 1617 case 0x15: /* ISTAT1 */ 1618 ret = s->istat1; 1619 break; 1620 case 0x16: /* MBOX0 */ 1621 ret = s->mbox0; 1622 break; 1623 case 0x17: /* MBOX1 */ 1624 ret = s->mbox1; 1625 break; 1626 case 0x18: /* CTEST0 */ 1627 ret = 0xff; 1628 break; 1629 case 0x19: /* CTEST1 */ 1630 ret = 0; 1631 break; 1632 case 0x1a: /* CTEST2 */ 1633 ret = s->ctest2 | LSI_CTEST2_DACK | LSI_CTEST2_CM; 1634 if (s->istat0 & LSI_ISTAT0_SIGP) { 1635 s->istat0 &= ~LSI_ISTAT0_SIGP; 1636 ret |= LSI_CTEST2_SIGP; 1637 } 1638 break; 1639 case 0x1b: /* CTEST3 */ 1640 ret = s->ctest3; 1641 break; 1642 CASE_GET_REG32(temp, 0x1c) 1643 case 0x20: /* DFIFO */ 1644 ret = 0; 1645 break; 1646 case 0x21: /* CTEST4 */ 1647 ret = s->ctest4; 1648 break; 1649 case 0x22: /* CTEST5 */ 1650 ret = s->ctest5; 1651 break; 1652 case 0x23: /* CTEST6 */ 1653 ret = 0; 1654 break; 1655 CASE_GET_REG24(dbc, 0x24) 1656 case 0x27: /* DCMD */ 1657 ret = s->dcmd; 1658 break; 1659 CASE_GET_REG32(dnad, 0x28) 1660 CASE_GET_REG32(dsp, 0x2c) 1661 CASE_GET_REG32(dsps, 0x30) 1662 CASE_GET_REG32(scratch[0], 0x34) 1663 case 0x38: /* DMODE */ 1664 ret = s->dmode; 1665 break; 1666 case 0x39: /* DIEN */ 1667 ret = s->dien; 1668 break; 1669 case 0x3a: /* SBR */ 1670 ret = s->sbr; 1671 break; 1672 case 0x3b: /* DCNTL */ 1673 ret = s->dcntl; 1674 break; 1675 /* ADDER Output (Debug of relative jump address) */ 1676 CASE_GET_REG32(adder, 0x3c) 1677 case 0x40: /* SIEN0 */ 1678 ret = s->sien0; 1679 break; 1680 case 0x41: /* SIEN1 */ 1681 ret = s->sien1; 1682 break; 1683 case 0x42: /* SIST0 */ 1684 ret = s->sist0; 1685 s->sist0 = 0; 1686 lsi_update_irq(s); 1687 break; 1688 case 0x43: /* SIST1 */ 1689 ret = s->sist1; 1690 s->sist1 = 0; 1691 lsi_update_irq(s); 1692 break; 1693 case 0x46: /* MACNTL */ 1694 ret = 0x0f; 1695 break; 1696 case 0x47: /* GPCNTL0 */ 1697 ret = 0x0f; 1698 break; 1699 case 0x48: /* STIME0 */ 1700 ret = s->stime0; 1701 break; 1702 case 0x4a: /* RESPID0 */ 1703 ret = s->respid0; 1704 break; 1705 case 0x4b: /* RESPID1 */ 1706 ret = s->respid1; 1707 break; 1708 case 0x4d: /* STEST1 */ 1709 ret = s->stest1; 1710 break; 1711 case 0x4e: /* STEST2 */ 1712 ret = s->stest2; 1713 break; 1714 case 0x4f: /* STEST3 */ 1715 ret = s->stest3; 1716 break; 1717 case 0x50: /* SIDL */ 1718 /* This is needed by the linux drivers. We currently only update it 1719 during the MSG IN phase. */ 1720 ret = s->sidl; 1721 break; 1722 case 0x52: /* STEST4 */ 1723 ret = 0xe0; 1724 break; 1725 case 0x56: /* CCNTL0 */ 1726 ret = s->ccntl0; 1727 break; 1728 case 0x57: /* CCNTL1 */ 1729 ret = s->ccntl1; 1730 break; 1731 case 0x58: /* SBDL */ 1732 /* Some drivers peek at the data bus during the MSG IN phase. */ 1733 if ((s->sstat1 & PHASE_MASK) == PHASE_MI) { 1734 assert(s->msg_len > 0); 1735 return s->msg[0]; 1736 } 1737 ret = 0; 1738 break; 1739 case 0x59: /* SBDL high */ 1740 ret = 0; 1741 break; 1742 CASE_GET_REG32(mmrs, 0xa0) 1743 CASE_GET_REG32(mmws, 0xa4) 1744 CASE_GET_REG32(sfs, 0xa8) 1745 CASE_GET_REG32(drs, 0xac) 1746 CASE_GET_REG32(sbms, 0xb0) 1747 CASE_GET_REG32(dbms, 0xb4) 1748 CASE_GET_REG32(dnad64, 0xb8) 1749 CASE_GET_REG32(pmjad1, 0xc0) 1750 CASE_GET_REG32(pmjad2, 0xc4) 1751 CASE_GET_REG32(rbc, 0xc8) 1752 CASE_GET_REG32(ua, 0xcc) 1753 CASE_GET_REG32(ia, 0xd4) 1754 CASE_GET_REG32(sbc, 0xd8) 1755 CASE_GET_REG32(csbc, 0xdc) 1756 case 0x5c ... 0x9f: 1757 { 1758 int n; 1759 int shift; 1760 n = (offset - 0x58) >> 2; 1761 shift = (offset & 3) * 8; 1762 ret = (s->scratch[n] >> shift) & 0xff; 1763 break; 1764 } 1765 default: 1766 { 1767 qemu_log_mask(LOG_GUEST_ERROR, 1768 "lsi_scsi: invalid read from reg %s %x\n", 1769 offset < ARRAY_SIZE(names) ? names[offset] : "???", 1770 offset); 1771 ret = 0xff; 1772 break; 1773 } 1774 } 1775 #undef CASE_GET_REG24 1776 #undef CASE_GET_REG32 1777 1778 trace_lsi_reg_read(offset < ARRAY_SIZE(names) ? names[offset] : "???", 1779 offset, ret); 1780 1781 return ret; 1782 } 1783 1784 static void lsi_reg_writeb(LSIState *s, int offset, uint8_t val) 1785 { 1786 #define CASE_SET_REG24(name, addr) \ 1787 case addr : s->name &= 0xffffff00; s->name |= val; break; \ 1788 case addr + 1: s->name &= 0xffff00ff; s->name |= val << 8; break; \ 1789 case addr + 2: s->name &= 0xff00ffff; s->name |= val << 16; break; 1790 1791 #define CASE_SET_REG32(name, addr) \ 1792 case addr : s->name &= 0xffffff00; s->name |= val; break; \ 1793 case addr + 1: s->name &= 0xffff00ff; s->name |= val << 8; break; \ 1794 case addr + 2: s->name &= 0xff00ffff; s->name |= val << 16; break; \ 1795 case addr + 3: s->name &= 0x00ffffff; s->name |= val << 24; break; 1796 1797 trace_lsi_reg_write(offset < ARRAY_SIZE(names) ? names[offset] : "???", 1798 offset, val); 1799 1800 switch (offset) { 1801 case 0x00: /* SCNTL0 */ 1802 s->scntl0 = val; 1803 if (val & LSI_SCNTL0_START) { 1804 qemu_log_mask(LOG_UNIMP, 1805 "lsi_scsi: Start sequence not implemented\n"); 1806 } 1807 break; 1808 case 0x01: /* SCNTL1 */ 1809 s->scntl1 = val & ~LSI_SCNTL1_SST; 1810 if (val & LSI_SCNTL1_IARB) { 1811 qemu_log_mask(LOG_UNIMP, 1812 "lsi_scsi: Immediate Arbritration not implemented\n"); 1813 } 1814 if (val & LSI_SCNTL1_RST) { 1815 if (!(s->sstat0 & LSI_SSTAT0_RST)) { 1816 qbus_reset_all(&s->bus.qbus); 1817 s->sstat0 |= LSI_SSTAT0_RST; 1818 lsi_script_scsi_interrupt(s, LSI_SIST0_RST, 0); 1819 } 1820 } else { 1821 s->sstat0 &= ~LSI_SSTAT0_RST; 1822 } 1823 break; 1824 case 0x02: /* SCNTL2 */ 1825 val &= ~(LSI_SCNTL2_WSR | LSI_SCNTL2_WSS); 1826 s->scntl2 = val; 1827 break; 1828 case 0x03: /* SCNTL3 */ 1829 s->scntl3 = val; 1830 break; 1831 case 0x04: /* SCID */ 1832 s->scid = val; 1833 break; 1834 case 0x05: /* SXFER */ 1835 s->sxfer = val; 1836 break; 1837 case 0x06: /* SDID */ 1838 if ((s->ssid & 0x80) && (val & 0xf) != (s->ssid & 0xf)) { 1839 qemu_log_mask(LOG_GUEST_ERROR, 1840 "lsi_scsi: Destination ID does not match SSID\n"); 1841 } 1842 s->sdid = val & 0xf; 1843 break; 1844 case 0x07: /* GPREG0 */ 1845 break; 1846 case 0x08: /* SFBR */ 1847 /* The CPU is not allowed to write to this register. However the 1848 SCRIPTS register move instructions are. */ 1849 s->sfbr = val; 1850 break; 1851 case 0x0a: case 0x0b: 1852 /* Openserver writes to these readonly registers on startup */ 1853 return; 1854 case 0x0c: case 0x0d: case 0x0e: case 0x0f: 1855 /* Linux writes to these readonly registers on startup. */ 1856 return; 1857 CASE_SET_REG32(dsa, 0x10) 1858 case 0x14: /* ISTAT0 */ 1859 s->istat0 = (s->istat0 & 0x0f) | (val & 0xf0); 1860 if (val & LSI_ISTAT0_ABRT) { 1861 lsi_script_dma_interrupt(s, LSI_DSTAT_ABRT); 1862 } 1863 if (val & LSI_ISTAT0_INTF) { 1864 s->istat0 &= ~LSI_ISTAT0_INTF; 1865 lsi_update_irq(s); 1866 } 1867 if (s->waiting == 1 && val & LSI_ISTAT0_SIGP) { 1868 trace_lsi_awoken(); 1869 s->waiting = 0; 1870 s->dsp = s->dnad; 1871 lsi_execute_script(s); 1872 } 1873 if (val & LSI_ISTAT0_SRST) { 1874 qdev_reset_all(DEVICE(s)); 1875 } 1876 break; 1877 case 0x16: /* MBOX0 */ 1878 s->mbox0 = val; 1879 break; 1880 case 0x17: /* MBOX1 */ 1881 s->mbox1 = val; 1882 break; 1883 case 0x18: /* CTEST0 */ 1884 /* nothing to do */ 1885 break; 1886 case 0x1a: /* CTEST2 */ 1887 s->ctest2 = val & LSI_CTEST2_PCICIE; 1888 break; 1889 case 0x1b: /* CTEST3 */ 1890 s->ctest3 = val & 0x0f; 1891 break; 1892 CASE_SET_REG32(temp, 0x1c) 1893 case 0x21: /* CTEST4 */ 1894 if (val & 7) { 1895 qemu_log_mask(LOG_UNIMP, 1896 "lsi_scsi: Unimplemented CTEST4-FBL 0x%x\n", val); 1897 } 1898 s->ctest4 = val; 1899 break; 1900 case 0x22: /* CTEST5 */ 1901 if (val & (LSI_CTEST5_ADCK | LSI_CTEST5_BBCK)) { 1902 qemu_log_mask(LOG_UNIMP, 1903 "lsi_scsi: CTEST5 DMA increment not implemented\n"); 1904 } 1905 s->ctest5 = val; 1906 break; 1907 CASE_SET_REG24(dbc, 0x24) 1908 CASE_SET_REG32(dnad, 0x28) 1909 case 0x2c: /* DSP[0:7] */ 1910 s->dsp &= 0xffffff00; 1911 s->dsp |= val; 1912 break; 1913 case 0x2d: /* DSP[8:15] */ 1914 s->dsp &= 0xffff00ff; 1915 s->dsp |= val << 8; 1916 break; 1917 case 0x2e: /* DSP[16:23] */ 1918 s->dsp &= 0xff00ffff; 1919 s->dsp |= val << 16; 1920 break; 1921 case 0x2f: /* DSP[24:31] */ 1922 s->dsp &= 0x00ffffff; 1923 s->dsp |= val << 24; 1924 if ((s->dmode & LSI_DMODE_MAN) == 0 1925 && (s->istat1 & LSI_ISTAT1_SRUN) == 0) 1926 lsi_execute_script(s); 1927 break; 1928 CASE_SET_REG32(dsps, 0x30) 1929 CASE_SET_REG32(scratch[0], 0x34) 1930 case 0x38: /* DMODE */ 1931 s->dmode = val; 1932 break; 1933 case 0x39: /* DIEN */ 1934 s->dien = val; 1935 lsi_update_irq(s); 1936 break; 1937 case 0x3a: /* SBR */ 1938 s->sbr = val; 1939 break; 1940 case 0x3b: /* DCNTL */ 1941 s->dcntl = val & ~(LSI_DCNTL_PFF | LSI_DCNTL_STD); 1942 if ((val & LSI_DCNTL_STD) && (s->istat1 & LSI_ISTAT1_SRUN) == 0) 1943 lsi_execute_script(s); 1944 break; 1945 case 0x40: /* SIEN0 */ 1946 s->sien0 = val; 1947 lsi_update_irq(s); 1948 break; 1949 case 0x41: /* SIEN1 */ 1950 s->sien1 = val; 1951 lsi_update_irq(s); 1952 break; 1953 case 0x47: /* GPCNTL0 */ 1954 break; 1955 case 0x48: /* STIME0 */ 1956 s->stime0 = val; 1957 break; 1958 case 0x49: /* STIME1 */ 1959 if (val & 0xf) { 1960 qemu_log_mask(LOG_UNIMP, 1961 "lsi_scsi: General purpose timer not implemented\n"); 1962 /* ??? Raising the interrupt immediately seems to be sufficient 1963 to keep the FreeBSD driver happy. */ 1964 lsi_script_scsi_interrupt(s, 0, LSI_SIST1_GEN); 1965 } 1966 break; 1967 case 0x4a: /* RESPID0 */ 1968 s->respid0 = val; 1969 break; 1970 case 0x4b: /* RESPID1 */ 1971 s->respid1 = val; 1972 break; 1973 case 0x4d: /* STEST1 */ 1974 s->stest1 = val; 1975 break; 1976 case 0x4e: /* STEST2 */ 1977 if (val & 1) { 1978 qemu_log_mask(LOG_UNIMP, 1979 "lsi_scsi: Low level mode not implemented\n"); 1980 } 1981 s->stest2 = val; 1982 break; 1983 case 0x4f: /* STEST3 */ 1984 if (val & 0x41) { 1985 qemu_log_mask(LOG_UNIMP, 1986 "lsi_scsi: SCSI FIFO test mode not implemented\n"); 1987 } 1988 s->stest3 = val; 1989 break; 1990 case 0x56: /* CCNTL0 */ 1991 s->ccntl0 = val; 1992 break; 1993 case 0x57: /* CCNTL1 */ 1994 s->ccntl1 = val; 1995 break; 1996 CASE_SET_REG32(mmrs, 0xa0) 1997 CASE_SET_REG32(mmws, 0xa4) 1998 CASE_SET_REG32(sfs, 0xa8) 1999 CASE_SET_REG32(drs, 0xac) 2000 CASE_SET_REG32(sbms, 0xb0) 2001 CASE_SET_REG32(dbms, 0xb4) 2002 CASE_SET_REG32(dnad64, 0xb8) 2003 CASE_SET_REG32(pmjad1, 0xc0) 2004 CASE_SET_REG32(pmjad2, 0xc4) 2005 CASE_SET_REG32(rbc, 0xc8) 2006 CASE_SET_REG32(ua, 0xcc) 2007 CASE_SET_REG32(ia, 0xd4) 2008 CASE_SET_REG32(sbc, 0xd8) 2009 CASE_SET_REG32(csbc, 0xdc) 2010 default: 2011 if (offset >= 0x5c && offset < 0xa0) { 2012 int n; 2013 int shift; 2014 n = (offset - 0x58) >> 2; 2015 shift = (offset & 3) * 8; 2016 s->scratch[n] = deposit32(s->scratch[n], shift, 8, val); 2017 } else { 2018 qemu_log_mask(LOG_GUEST_ERROR, 2019 "lsi_scsi: invalid write to reg %s %x (0x%02x)\n", 2020 offset < ARRAY_SIZE(names) ? names[offset] : "???", 2021 offset, val); 2022 } 2023 } 2024 #undef CASE_SET_REG24 2025 #undef CASE_SET_REG32 2026 } 2027 2028 static void lsi_mmio_write(void *opaque, hwaddr addr, 2029 uint64_t val, unsigned size) 2030 { 2031 LSIState *s = opaque; 2032 2033 lsi_reg_writeb(s, addr & 0xff, val); 2034 } 2035 2036 static uint64_t lsi_mmio_read(void *opaque, hwaddr addr, 2037 unsigned size) 2038 { 2039 LSIState *s = opaque; 2040 2041 return lsi_reg_readb(s, addr & 0xff); 2042 } 2043 2044 static const MemoryRegionOps lsi_mmio_ops = { 2045 .read = lsi_mmio_read, 2046 .write = lsi_mmio_write, 2047 .endianness = DEVICE_NATIVE_ENDIAN, 2048 .impl = { 2049 .min_access_size = 1, 2050 .max_access_size = 1, 2051 }, 2052 }; 2053 2054 static void lsi_ram_write(void *opaque, hwaddr addr, 2055 uint64_t val, unsigned size) 2056 { 2057 LSIState *s = opaque; 2058 uint32_t newval; 2059 uint32_t mask; 2060 int shift; 2061 2062 newval = s->script_ram[addr >> 2]; 2063 shift = (addr & 3) * 8; 2064 mask = ((uint64_t)1 << (size * 8)) - 1; 2065 newval &= ~(mask << shift); 2066 newval |= val << shift; 2067 s->script_ram[addr >> 2] = newval; 2068 } 2069 2070 static uint64_t lsi_ram_read(void *opaque, hwaddr addr, 2071 unsigned size) 2072 { 2073 LSIState *s = opaque; 2074 uint32_t val; 2075 uint32_t mask; 2076 2077 val = s->script_ram[addr >> 2]; 2078 mask = ((uint64_t)1 << (size * 8)) - 1; 2079 val >>= (addr & 3) * 8; 2080 return val & mask; 2081 } 2082 2083 static const MemoryRegionOps lsi_ram_ops = { 2084 .read = lsi_ram_read, 2085 .write = lsi_ram_write, 2086 .endianness = DEVICE_NATIVE_ENDIAN, 2087 }; 2088 2089 static uint64_t lsi_io_read(void *opaque, hwaddr addr, 2090 unsigned size) 2091 { 2092 LSIState *s = opaque; 2093 return lsi_reg_readb(s, addr & 0xff); 2094 } 2095 2096 static void lsi_io_write(void *opaque, hwaddr addr, 2097 uint64_t val, unsigned size) 2098 { 2099 LSIState *s = opaque; 2100 lsi_reg_writeb(s, addr & 0xff, val); 2101 } 2102 2103 static const MemoryRegionOps lsi_io_ops = { 2104 .read = lsi_io_read, 2105 .write = lsi_io_write, 2106 .endianness = DEVICE_NATIVE_ENDIAN, 2107 .impl = { 2108 .min_access_size = 1, 2109 .max_access_size = 1, 2110 }, 2111 }; 2112 2113 static void lsi_scsi_reset(DeviceState *dev) 2114 { 2115 LSIState *s = LSI53C895A(dev); 2116 2117 lsi_soft_reset(s); 2118 } 2119 2120 static int lsi_pre_save(void *opaque) 2121 { 2122 LSIState *s = opaque; 2123 2124 if (s->current) { 2125 assert(s->current->dma_buf == NULL); 2126 assert(s->current->dma_len == 0); 2127 } 2128 assert(QTAILQ_EMPTY(&s->queue)); 2129 2130 return 0; 2131 } 2132 2133 static int lsi_post_load(void *opaque, int version_id) 2134 { 2135 LSIState *s = opaque; 2136 2137 if (s->msg_len < 0 || s->msg_len > LSI_MAX_MSGIN_LEN) { 2138 return -EINVAL; 2139 } 2140 2141 return 0; 2142 } 2143 2144 static const VMStateDescription vmstate_lsi_scsi = { 2145 .name = "lsiscsi", 2146 .version_id = 0, 2147 .minimum_version_id = 0, 2148 .pre_save = lsi_pre_save, 2149 .post_load = lsi_post_load, 2150 .fields = (VMStateField[]) { 2151 VMSTATE_PCI_DEVICE(parent_obj, LSIState), 2152 2153 VMSTATE_INT32(carry, LSIState), 2154 VMSTATE_INT32(status, LSIState), 2155 VMSTATE_INT32(msg_action, LSIState), 2156 VMSTATE_INT32(msg_len, LSIState), 2157 VMSTATE_BUFFER(msg, LSIState), 2158 VMSTATE_INT32(waiting, LSIState), 2159 2160 VMSTATE_UINT32(dsa, LSIState), 2161 VMSTATE_UINT32(temp, LSIState), 2162 VMSTATE_UINT32(dnad, LSIState), 2163 VMSTATE_UINT32(dbc, LSIState), 2164 VMSTATE_UINT8(istat0, LSIState), 2165 VMSTATE_UINT8(istat1, LSIState), 2166 VMSTATE_UINT8(dcmd, LSIState), 2167 VMSTATE_UINT8(dstat, LSIState), 2168 VMSTATE_UINT8(dien, LSIState), 2169 VMSTATE_UINT8(sist0, LSIState), 2170 VMSTATE_UINT8(sist1, LSIState), 2171 VMSTATE_UINT8(sien0, LSIState), 2172 VMSTATE_UINT8(sien1, LSIState), 2173 VMSTATE_UINT8(mbox0, LSIState), 2174 VMSTATE_UINT8(mbox1, LSIState), 2175 VMSTATE_UINT8(dfifo, LSIState), 2176 VMSTATE_UINT8(ctest2, LSIState), 2177 VMSTATE_UINT8(ctest3, LSIState), 2178 VMSTATE_UINT8(ctest4, LSIState), 2179 VMSTATE_UINT8(ctest5, LSIState), 2180 VMSTATE_UINT8(ccntl0, LSIState), 2181 VMSTATE_UINT8(ccntl1, LSIState), 2182 VMSTATE_UINT32(dsp, LSIState), 2183 VMSTATE_UINT32(dsps, LSIState), 2184 VMSTATE_UINT8(dmode, LSIState), 2185 VMSTATE_UINT8(dcntl, LSIState), 2186 VMSTATE_UINT8(scntl0, LSIState), 2187 VMSTATE_UINT8(scntl1, LSIState), 2188 VMSTATE_UINT8(scntl2, LSIState), 2189 VMSTATE_UINT8(scntl3, LSIState), 2190 VMSTATE_UINT8(sstat0, LSIState), 2191 VMSTATE_UINT8(sstat1, LSIState), 2192 VMSTATE_UINT8(scid, LSIState), 2193 VMSTATE_UINT8(sxfer, LSIState), 2194 VMSTATE_UINT8(socl, LSIState), 2195 VMSTATE_UINT8(sdid, LSIState), 2196 VMSTATE_UINT8(ssid, LSIState), 2197 VMSTATE_UINT8(sfbr, LSIState), 2198 VMSTATE_UINT8(stest1, LSIState), 2199 VMSTATE_UINT8(stest2, LSIState), 2200 VMSTATE_UINT8(stest3, LSIState), 2201 VMSTATE_UINT8(sidl, LSIState), 2202 VMSTATE_UINT8(stime0, LSIState), 2203 VMSTATE_UINT8(respid0, LSIState), 2204 VMSTATE_UINT8(respid1, LSIState), 2205 VMSTATE_UINT32(mmrs, LSIState), 2206 VMSTATE_UINT32(mmws, LSIState), 2207 VMSTATE_UINT32(sfs, LSIState), 2208 VMSTATE_UINT32(drs, LSIState), 2209 VMSTATE_UINT32(sbms, LSIState), 2210 VMSTATE_UINT32(dbms, LSIState), 2211 VMSTATE_UINT32(dnad64, LSIState), 2212 VMSTATE_UINT32(pmjad1, LSIState), 2213 VMSTATE_UINT32(pmjad2, LSIState), 2214 VMSTATE_UINT32(rbc, LSIState), 2215 VMSTATE_UINT32(ua, LSIState), 2216 VMSTATE_UINT32(ia, LSIState), 2217 VMSTATE_UINT32(sbc, LSIState), 2218 VMSTATE_UINT32(csbc, LSIState), 2219 VMSTATE_BUFFER_UNSAFE(scratch, LSIState, 0, 18 * sizeof(uint32_t)), 2220 VMSTATE_UINT8(sbr, LSIState), 2221 2222 VMSTATE_BUFFER_UNSAFE(script_ram, LSIState, 0, 2048 * sizeof(uint32_t)), 2223 VMSTATE_END_OF_LIST() 2224 } 2225 }; 2226 2227 static const struct SCSIBusInfo lsi_scsi_info = { 2228 .tcq = true, 2229 .max_target = LSI_MAX_DEVS, 2230 .max_lun = 0, /* LUN support is buggy */ 2231 2232 .transfer_data = lsi_transfer_data, 2233 .complete = lsi_command_complete, 2234 .cancel = lsi_request_cancelled 2235 }; 2236 2237 static void lsi_scsi_realize(PCIDevice *dev, Error **errp) 2238 { 2239 LSIState *s = LSI53C895A(dev); 2240 DeviceState *d = DEVICE(dev); 2241 uint8_t *pci_conf; 2242 2243 pci_conf = dev->config; 2244 2245 /* PCI latency timer = 255 */ 2246 pci_conf[PCI_LATENCY_TIMER] = 0xff; 2247 /* Interrupt pin A */ 2248 pci_conf[PCI_INTERRUPT_PIN] = 0x01; 2249 2250 memory_region_init_io(&s->mmio_io, OBJECT(s), &lsi_mmio_ops, s, 2251 "lsi-mmio", 0x400); 2252 memory_region_init_io(&s->ram_io, OBJECT(s), &lsi_ram_ops, s, 2253 "lsi-ram", 0x2000); 2254 memory_region_init_io(&s->io_io, OBJECT(s), &lsi_io_ops, s, 2255 "lsi-io", 256); 2256 2257 address_space_init(&s->pci_io_as, pci_address_space_io(dev), "lsi-pci-io"); 2258 qdev_init_gpio_out(d, &s->ext_irq, 1); 2259 2260 pci_register_bar(dev, 0, PCI_BASE_ADDRESS_SPACE_IO, &s->io_io); 2261 pci_register_bar(dev, 1, PCI_BASE_ADDRESS_SPACE_MEMORY, &s->mmio_io); 2262 pci_register_bar(dev, 2, PCI_BASE_ADDRESS_SPACE_MEMORY, &s->ram_io); 2263 QTAILQ_INIT(&s->queue); 2264 2265 scsi_bus_new(&s->bus, sizeof(s->bus), d, &lsi_scsi_info, NULL); 2266 } 2267 2268 static void lsi_scsi_unrealize(DeviceState *dev, Error **errp) 2269 { 2270 LSIState *s = LSI53C895A(dev); 2271 2272 address_space_destroy(&s->pci_io_as); 2273 } 2274 2275 static void lsi_class_init(ObjectClass *klass, void *data) 2276 { 2277 DeviceClass *dc = DEVICE_CLASS(klass); 2278 PCIDeviceClass *k = PCI_DEVICE_CLASS(klass); 2279 2280 k->realize = lsi_scsi_realize; 2281 k->vendor_id = PCI_VENDOR_ID_LSI_LOGIC; 2282 k->device_id = PCI_DEVICE_ID_LSI_53C895A; 2283 k->class_id = PCI_CLASS_STORAGE_SCSI; 2284 k->subsystem_id = 0x1000; 2285 dc->unrealize = lsi_scsi_unrealize; 2286 dc->reset = lsi_scsi_reset; 2287 dc->vmsd = &vmstate_lsi_scsi; 2288 set_bit(DEVICE_CATEGORY_STORAGE, dc->categories); 2289 } 2290 2291 static const TypeInfo lsi_info = { 2292 .name = TYPE_LSI53C895A, 2293 .parent = TYPE_PCI_DEVICE, 2294 .instance_size = sizeof(LSIState), 2295 .class_init = lsi_class_init, 2296 .interfaces = (InterfaceInfo[]) { 2297 { INTERFACE_CONVENTIONAL_PCI_DEVICE }, 2298 { }, 2299 }, 2300 }; 2301 2302 static void lsi53c810_class_init(ObjectClass *klass, void *data) 2303 { 2304 PCIDeviceClass *k = PCI_DEVICE_CLASS(klass); 2305 2306 k->device_id = PCI_DEVICE_ID_LSI_53C810; 2307 } 2308 2309 static TypeInfo lsi53c810_info = { 2310 .name = TYPE_LSI53C810, 2311 .parent = TYPE_LSI53C895A, 2312 .class_init = lsi53c810_class_init, 2313 }; 2314 2315 static void lsi53c895a_register_types(void) 2316 { 2317 type_register_static(&lsi_info); 2318 type_register_static(&lsi53c810_info); 2319 } 2320 2321 type_init(lsi53c895a_register_types) 2322 2323 void lsi53c8xx_handle_legacy_cmdline(DeviceState *lsi_dev) 2324 { 2325 LSIState *s = LSI53C895A(lsi_dev); 2326 2327 scsi_bus_legacy_handle_cmdline(&s->bus); 2328 } 2329