1 /*
2 * QEMU LSI53C895A SCSI Host Bus Adapter emulation
3 *
4 * Copyright (c) 2006 CodeSourcery.
5 * Written by Paul Brook
6 *
7 * This code is licensed under the LGPL.
8 */
9
10 /* Note:
11 * LSI53C810 emulation is incorrect, in the sense that it supports
12 * features added in later evolutions. This should not be a problem,
13 * as well-behaved operating systems will not try to use them.
14 */
15
16 #include <assert.h>
17
18 #include "qemuuaeglue.h"
19 #include "queue.h"
20
21 //#include "hw/hw.h"
22 //#include "hw/pci/pci.h"
23 #include "scsi/scsi.h"
24 //#include "sysemu/dma.h"
25
26 //#define DEBUG_LSI
27 //#define DEBUG_LSI_REG
28
29 #ifdef DEBUG_LSI
30 #define DPRINTF(fmt, ...) \
31 do { write_log("lsi_scsi: " fmt , ## __VA_ARGS__); } while (0)
32 #define BADF(fmt, ...) \
33 do { write_log("lsi_scsi: error: " fmt , ## __VA_ARGS__); } while (0)
34 #else
35 #define DPRINTF(fmt, ...) do {} while(0)
36 #define BADF(fmt, ...) \
37 do { write_log("lsi_scsi: error: " fmt , ## __VA_ARGS__); } while (0)
38 #endif
39
40 #define LSI_MAX_DEVS 7
41
42 #define LSI_SCNTL0_TRG 0x01
43 #define LSI_SCNTL0_AAP 0x02
44 #define LSI_SCNTL0_EPC 0x08
45 #define LSI_SCNTL0_WATN 0x10
46 #define LSI_SCNTL0_START 0x20
47
48 #define LSI_SCNTL1_SST 0x01
49 #define LSI_SCNTL1_IARB 0x02
50 #define LSI_SCNTL1_AESP 0x04
51 #define LSI_SCNTL1_RST 0x08
52 #define LSI_SCNTL1_CON 0x10
53 #define LSI_SCNTL1_DHP 0x20
54 #define LSI_SCNTL1_ADB 0x40
55 #define LSI_SCNTL1_EXC 0x80
56
57 #define LSI_SCNTL2_WSR 0x01
58 #define LSI_SCNTL2_VUE0 0x02
59 #define LSI_SCNTL2_VUE1 0x04
60 #define LSI_SCNTL2_WSS 0x08
61 #define LSI_SCNTL2_SLPHBEN 0x10
62 #define LSI_SCNTL2_SLPMD 0x20
63 #define LSI_SCNTL2_CHM 0x40
64 #define LSI_SCNTL2_SDU 0x80
65
66 #define LSI_ISTAT0_DIP 0x01
67 #define LSI_ISTAT0_SIP 0x02
68 #define LSI_ISTAT0_INTF 0x04
69 #define LSI_ISTAT0_CON 0x08
70 #define LSI_ISTAT0_SEM 0x10
71 #define LSI_ISTAT0_SIGP 0x20
72 #define LSI_ISTAT0_SRST 0x40
73 #define LSI_ISTAT0_ABRT 0x80
74
75 #define LSI_ISTAT1_SI 0x01
76 #define LSI_ISTAT1_SRUN 0x02
77 #define LSI_ISTAT1_FLSH 0x04
78
79 #define LSI_SSTAT0_SDP0 0x01
80 #define LSI_SSTAT0_RST 0x02
81 #define LSI_SSTAT0_WOA 0x04
82 #define LSI_SSTAT0_LOA 0x08
83 #define LSI_SSTAT0_AIP 0x10
84 #define LSI_SSTAT0_OLF 0x20
85 #define LSI_SSTAT0_ORF 0x40
86 #define LSI_SSTAT0_ILF 0x80
87
88 #define LSI_SIST0_PAR 0x01
89 #define LSI_SIST0_RST 0x02
90 #define LSI_SIST0_UDC 0x04
91 #define LSI_SIST0_SGE 0x08
92 #define LSI_SIST0_RSL 0x10
93 #define LSI_SIST0_SEL 0x20
94 #define LSI_SIST0_CMP 0x40
95 #define LSI_SIST0_MA 0x80
96
97 #define LSI_SIST1_HTH 0x01
98 #define LSI_SIST1_GEN 0x02
99 #define LSI_SIST1_STO 0x04
100 #define LSI_SIST1_SBMC 0x10
101
102 #define LSI_SOCL_IO 0x01
103 #define LSI_SOCL_CD 0x02
104 #define LSI_SOCL_MSG 0x04
105 #define LSI_SOCL_ATN 0x08
106 #define LSI_SOCL_SEL 0x10
107 #define LSI_SOCL_BSY 0x20
108 #define LSI_SOCL_ACK 0x40
109 #define LSI_SOCL_REQ 0x80
110
111 #define LSI_DSTAT_IID 0x01
112 #define LSI_DSTAT_SIR 0x04
113 #define LSI_DSTAT_SSI 0x08
114 #define LSI_DSTAT_ABRT 0x10
115 #define LSI_DSTAT_BF 0x20
116 #define LSI_DSTAT_MDPE 0x40
117 #define LSI_DSTAT_DFE 0x80
118
119 #define LSI_DCNTL_COM 0x01
120 #define LSI_DCNTL_IRQD 0x02
121 #define LSI_DCNTL_STD 0x04
122 #define LSI_DCNTL_IRQM 0x08
123 #define LSI_DCNTL_SSM 0x10
124 #define LSI_DCNTL_PFEN 0x20
125 #define LSI_DCNTL_PFF 0x40
126 #define LSI_DCNTL_CLSE 0x80
127
128 #define LSI_DMODE_MAN 0x01
129 #define LSI_DMODE_BOF 0x02
130 #define LSI_DMODE_ERMP 0x04
131 #define LSI_DMODE_ERL 0x08
132 #define LSI_DMODE_DIOM 0x10
133 #define LSI_DMODE_SIOM 0x20
134
135 #define LSI_CTEST2_DACK 0x01
136 #define LSI_CTEST2_DREQ 0x02
137 #define LSI_CTEST2_TEOP 0x04
138 #define LSI_CTEST2_PCICIE 0x08
139 #define LSI_CTEST2_CM 0x10
140 #define LSI_CTEST2_CIO 0x20
141 #define LSI_CTEST2_SIGP 0x40
142 #define LSI_CTEST2_DDIR 0x80
143
144 #define LSI_CTEST5_BL2 0x04
145 #define LSI_CTEST5_DDIR 0x08
146 #define LSI_CTEST5_MASR 0x10
147 #define LSI_CTEST5_DFSN 0x20
148 #define LSI_CTEST5_BBCK 0x40
149 #define LSI_CTEST5_ADCK 0x80
150
151 #define LSI_CCNTL0_DILS 0x01
152 #define LSI_CCNTL0_DISFC 0x10
153 #define LSI_CCNTL0_ENNDJ 0x20
154 #define LSI_CCNTL0_PMJCTL 0x40
155 #define LSI_CCNTL0_ENPMJ 0x80
156
157 #define LSI_CCNTL1_EN64DBMV 0x01
158 #define LSI_CCNTL1_EN64TIBMV 0x02
159 #define LSI_CCNTL1_64TIMOD 0x04
160 #define LSI_CCNTL1_DDAC 0x08
161 #define LSI_CCNTL1_ZMOD 0x80
162
163 /* Enable Response to Reselection */
164 #define LSI_SCID_RRE 0x60
165
166 #define LSI_CCNTL1_40BIT (LSI_CCNTL1_EN64TIBMV|LSI_CCNTL1_64TIMOD)
167
168 #define PHASE_DO 0
169 #define PHASE_DI 1
170 #define PHASE_CMD 2
171 #define PHASE_ST 3
172 #define PHASE_MO 6
173 #define PHASE_MI 7
174 #define PHASE_MASK 7
175
176 /* Maximum length of MSG IN data. */
177 #define LSI_MAX_MSGIN_LEN 8
178
179 /* Flag set if this is a tagged command. */
180 #define LSI_TAG_VALID (1 << 16)
181
182 typedef struct lsi_request {
183 SCSIRequest *req;
184 uint32_t tag;
185 uint32_t dma_len;
186 uint8_t *dma_buf;
187 uint32_t pending;
188 int out;
189 QTAILQ_ENTRY(lsi_request) next;
190 } lsi_request;
191
192 typedef struct {
193 /*< private >*/
194 // PCIDevice parent_obj;
195 /*< public >*/
196
197 //MemoryRegion mmio_io;
198 //MemoryRegion ram_io;
199 //MemoryRegion io_io;
200
201 int carry; /* ??? Should this be an a visible register somewhere? */
202 int status;
203 /* Action to take at the end of a MSG IN phase.
204 0 = COMMAND, 1 = disconnect, 2 = DATA OUT, 3 = DATA IN. */
205 int msg_action;
206 int msg_len;
207 uint8_t msg[LSI_MAX_MSGIN_LEN];
208 /* 0 if SCRIPTS are running or stopped.
209 * 1 if a Wait Reselect instruction has been issued.
210 * 2 if processing DMA from lsi_execute_script.
211 * 3 if a DMA operation is in progress. */
212 int waiting;
213 SCSIBus bus;
214 int current_lun;
215 /* The tag is a combination of the device ID and the SCSI tag. */
216 uint32_t select_tag;
217 int command_complete;
218 QTAILQ_HEAD(, lsi_request) queue;
219 lsi_request *current;
220
221 uint32_t dsa;
222 uint32_t temp;
223 uint32_t dnad;
224 uint32_t dbc;
225 uint8_t istat0;
226 uint8_t istat1;
227 uint8_t dcmd;
228 uint8_t dstat;
229 uint8_t dien;
230 uint8_t sist0;
231 uint8_t sist1;
232 uint8_t sien0;
233 uint8_t sien1;
234 uint8_t mbox0;
235 uint8_t mbox1;
236 uint8_t dfifo;
237 uint8_t ctest2;
238 uint8_t ctest3;
239 uint8_t ctest4;
240 uint8_t ctest5;
241 uint8_t ccntl0;
242 uint8_t ccntl1;
243 uint32_t dsp;
244 uint32_t dsps;
245 uint8_t dmode;
246 uint8_t dcntl;
247 uint8_t scntl0;
248 uint8_t scntl1;
249 uint8_t scntl2;
250 uint8_t scntl3;
251 uint8_t sstat0;
252 uint8_t sstat1;
253 uint8_t scid;
254 uint8_t sxfer;
255 uint8_t socl;
256 uint8_t sdid;
257 uint8_t ssid;
258 uint8_t sfbr;
259 uint8_t stest1;
260 uint8_t stest2;
261 uint8_t stest3;
262 uint8_t sidl;
263 uint8_t stime0;
264 uint8_t respid0;
265 uint8_t respid1;
266 uint32_t mmrs;
267 uint32_t mmws;
268 uint32_t sfs;
269 uint32_t drs;
270 uint32_t sbms;
271 uint32_t dbms;
272 uint32_t dnad64;
273 uint32_t pmjad1;
274 uint32_t pmjad2;
275 uint32_t rbc;
276 uint32_t ua;
277 uint32_t ia;
278 uint32_t sbc;
279 uint32_t csbc;
280 uint32_t scratch[18]; /* SCRATCHA-SCRATCHR */
281 uint8_t sbr;
282 uint8_t chip_rev;
283 int last_level;
284
285 /* Script ram is stored as 32-bit words in host byteorder. */
286 uint32_t script_ram[2048];
287 } LSIState;
288
289 #define TYPE_LSI53C810 "lsi53c810"
290 #define TYPE_LSI53C895A "lsi53c895a"
291
292 #define LSI53C895A(obj) (LSIState*)obj->lsistate
293 // OBJECT_CHECK(LSIState, (obj), TYPE_LSI53C895A)
294
lsi_irq_on_rsl(LSIState * s)295 static inline int lsi_irq_on_rsl(LSIState *s)
296 {
297 return (s->sien0 & LSI_SIST0_RSL) && (s->scid & LSI_SCID_RRE);
298 }
299
lsi_soft_reset(LSIState * s)300 static void lsi_soft_reset(LSIState *s)
301 {
302 DPRINTF("Reset\n");
303 s->carry = 0;
304
305 s->msg_action = 0;
306 s->msg_len = 0;
307 s->waiting = 0;
308 s->dsa = 0;
309 s->dnad = 0;
310 s->dbc = 0;
311 s->temp = 0;
312 memset(s->scratch, 0, sizeof(s->scratch));
313 s->istat0 = 0;
314 s->istat1 = 0;
315 s->dcmd = 0x40;
316 s->dstat = LSI_DSTAT_DFE;
317 s->dien = 0;
318 s->sist0 = 0;
319 s->sist1 = 0;
320 s->sien0 = 0;
321 s->sien1 = 0;
322 s->mbox0 = 0;
323 s->mbox1 = 0;
324 s->dfifo = 0;
325 s->ctest2 = LSI_CTEST2_DACK;
326 s->ctest3 = 0;
327 s->ctest4 = 0;
328 s->ctest5 = 0;
329 s->ccntl0 = 0;
330 s->ccntl1 = 0;
331 s->dsp = 0;
332 s->dsps = 0;
333 s->dmode = 0;
334 s->dcntl = 0;
335 s->scntl0 = 0xc0;
336 s->scntl1 = 0;
337 s->scntl2 = 0;
338 s->scntl3 = 0;
339 s->sstat0 = 0;
340 s->sstat1 = 0;
341 s->scid = 7;
342 s->sxfer = 0;
343 s->socl = 0;
344 s->sdid = 0;
345 s->ssid = 0;
346 s->stest1 = 0;
347 s->stest2 = 0;
348 s->stest3 = 0;
349 s->sidl = 0;
350 s->stime0 = 0;
351 s->respid0 = 0x80;
352 s->respid1 = 0;
353 s->mmrs = 0;
354 s->mmws = 0;
355 s->sfs = 0;
356 s->drs = 0;
357 s->sbms = 0;
358 s->dbms = 0;
359 s->dnad64 = 0;
360 s->pmjad1 = 0;
361 s->pmjad2 = 0;
362 s->rbc = 0;
363 s->ua = 0;
364 s->ia = 0;
365 s->sbc = 0;
366 s->csbc = 0;
367 s->sbr = 0;
368 assert(QTAILQ_EMPTY(&s->queue));
369 assert(!s->current);
370 }
371
lsi_dma_40bit(LSIState * s)372 static int lsi_dma_40bit(LSIState *s)
373 {
374 if ((s->ccntl1 & LSI_CCNTL1_40BIT) == LSI_CCNTL1_40BIT)
375 return 1;
376 return 0;
377 }
378
lsi_dma_ti64bit(LSIState * s)379 static int lsi_dma_ti64bit(LSIState *s)
380 {
381 if ((s->ccntl1 & LSI_CCNTL1_EN64TIBMV) == LSI_CCNTL1_EN64TIBMV)
382 return 1;
383 return 0;
384 }
385
lsi_dma_64bit(LSIState * s)386 static int lsi_dma_64bit(LSIState *s)
387 {
388 if ((s->ccntl1 & LSI_CCNTL1_EN64DBMV) == LSI_CCNTL1_EN64DBMV)
389 return 1;
390 return 0;
391 }
392
393 static uint8_t lsi_reg_readb(LSIState *s, int offset);
394 static void lsi_reg_writeb(LSIState *s, int offset, uint8_t val);
395 static void lsi_execute_script(LSIState *s);
396 static void lsi_reselect(LSIState *s, lsi_request *p);
397
read_dword(LSIState * s,uint32_t addr)398 static inline uint32_t read_dword(LSIState *s, uint32_t addr)
399 {
400 uint32_t buf;
401
402 pci_dma_read(PCI_DEVICE(s), addr, &buf, 4);
403 return cpu_to_le32(buf);
404 }
405
lsi_stop_script(LSIState * s)406 static void lsi_stop_script(LSIState *s)
407 {
408 s->istat1 &= ~LSI_ISTAT1_SRUN;
409 }
410
do_irq(LSIState * s,int level)411 static void do_irq(LSIState *s, int level)
412 {
413 PCIDevice *d = PCI_DEVICE(s);
414 if (level != s->last_level) {
415 DPRINTF("Update IRQ level %d dstat %02x sist %02x%02x\n",
416 level, s->dstat, s->sist1, s->sist0);
417 s->last_level = level;
418 }
419 pci_set_irq(d, level);
420 }
421
lsi_update_irq(LSIState * s)422 static void lsi_update_irq(LSIState *s)
423 {
424 int level;
425 lsi_request *p;
426
427 /* It's unclear whether the DIP/SIP bits should be cleared when the
428 Interrupt Status Registers are cleared or when istat0 is read.
429 We currently do the formwer, which seems to work. */
430 level = 0;
431 if (s->dstat) {
432 if (s->dstat & s->dien)
433 level = 1;
434 s->istat0 |= LSI_ISTAT0_DIP;
435 } else {
436 s->istat0 &= ~LSI_ISTAT0_DIP;
437 }
438
439 if (s->sist0 || s->sist1) {
440 if ((s->sist0 & s->sien0) || (s->sist1 & s->sien1))
441 level = 1;
442 s->istat0 |= LSI_ISTAT0_SIP;
443 } else {
444 s->istat0 &= ~LSI_ISTAT0_SIP;
445 }
446 if (s->istat0 & LSI_ISTAT0_INTF)
447 level = 1;
448
449 do_irq(s, level);
450
451 if (!level && lsi_irq_on_rsl(s) && !(s->scntl1 & LSI_SCNTL1_CON)) {
452 DPRINTF("Handled IRQs & disconnected, looking for pending "
453 "processes\n");
454 QTAILQ_FOREACH(p, &s->queue, next) {
455 if (p->pending) {
456 lsi_reselect(s, p);
457 break;
458 }
459 }
460 }
461 }
462
463 /* Stop SCRIPTS execution and raise a SCSI interrupt. */
lsi_script_scsi_interrupt(LSIState * s,int stat0,int stat1)464 static void lsi_script_scsi_interrupt(LSIState *s, int stat0, int stat1)
465 {
466 uint32_t mask0;
467 uint32_t mask1;
468
469 DPRINTF("SCSI Interrupt 0x%02x%02x prev 0x%02x%02x\n",
470 stat1, stat0, s->sist1, s->sist0);
471 s->sist0 |= stat0;
472 s->sist1 |= stat1;
473 /* Stop processor on fatal or unmasked interrupt. As a special hack
474 we don't stop processing when raising STO. Instead continue
475 execution and stop at the next insn that accesses the SCSI bus. */
476 mask0 = s->sien0 | ~(LSI_SIST0_CMP | LSI_SIST0_SEL | LSI_SIST0_RSL);
477 mask1 = s->sien1 | ~(LSI_SIST1_GEN | LSI_SIST1_HTH);
478 mask1 &= ~LSI_SIST1_STO;
479 if (s->sist0 & mask0 || s->sist1 & mask1) {
480 lsi_stop_script(s);
481 }
482 lsi_update_irq(s);
483 }
484
485 /* Stop SCRIPTS execution and raise a DMA interrupt. */
lsi_script_dma_interrupt(LSIState * s,int stat)486 static void lsi_script_dma_interrupt(LSIState *s, int stat)
487 {
488 DPRINTF("DMA Interrupt 0x%x prev 0x%x\n", stat, s->dstat);
489 s->dstat |= stat;
490 lsi_update_irq(s);
491 lsi_stop_script(s);
492 }
493
lsi_set_phase(LSIState * s,int phase)494 static inline void lsi_set_phase(LSIState *s, int phase)
495 {
496 s->sstat1 = (s->sstat1 & ~PHASE_MASK) | phase;
497 }
498
lsi_bad_phase(LSIState * s,int out,int new_phase)499 static void lsi_bad_phase(LSIState *s, int out, int new_phase)
500 {
501 /* Trigger a phase mismatch. */
502 if (s->ccntl0 & LSI_CCNTL0_ENPMJ) {
503 if ((s->ccntl0 & LSI_CCNTL0_PMJCTL)) {
504 s->dsp = out ? s->pmjad1 : s->pmjad2;
505 } else {
506 s->dsp = (s->scntl2 & LSI_SCNTL2_WSR ? s->pmjad2 : s->pmjad1);
507 }
508 DPRINTF("Data phase mismatch jump to %08x\n", s->dsp);
509 } else {
510 DPRINTF("Phase mismatch interrupt\n");
511 lsi_script_scsi_interrupt(s, LSI_SIST0_MA, 0);
512 lsi_stop_script(s);
513 }
514 lsi_set_phase(s, new_phase);
515 }
516
517
518 /* Resume SCRIPTS execution after a DMA operation. */
lsi_resume_script(LSIState * s)519 static void lsi_resume_script(LSIState *s)
520 {
521 if (s->waiting != 2) {
522 s->waiting = 0;
523 lsi_execute_script(s);
524 } else {
525 s->waiting = 0;
526 }
527 }
528
lsi_disconnect(LSIState * s)529 static void lsi_disconnect(LSIState *s)
530 {
531 s->scntl1 &= ~LSI_SCNTL1_CON;
532 s->sstat1 &= ~PHASE_MASK;
533 }
534
lsi_bad_selection(LSIState * s,uint32_t id)535 static void lsi_bad_selection(LSIState *s, uint32_t id)
536 {
537 DPRINTF("Selected absent target %d\n", id);
538 lsi_script_scsi_interrupt(s, 0, LSI_SIST1_STO);
539 lsi_disconnect(s);
540 }
541
542 /* Initiate a SCSI layer data transfer. */
lsi_do_dma(LSIState * s,int out)543 static void lsi_do_dma(LSIState *s, int out)
544 {
545 PCIDevice *pci_dev;
546 uint32_t count;
547 dma_addr_t addr;
548 SCSIDevice *dev;
549
550 assert(s->current);
551 if (!s->current->dma_len) {
552 /* Wait until data is available. */
553 DPRINTF("DMA no data available\n");
554 return;
555 }
556
557 pci_dev = PCI_DEVICE(s);
558 dev = s->current->req->dev;
559 assert(dev);
560
561 count = s->dbc;
562 if (count > s->current->dma_len)
563 count = s->current->dma_len;
564
565 addr = s->dnad;
566 /* both 40 and Table Indirect 64-bit DMAs store upper bits in dnad64 */
567 if (lsi_dma_40bit(s) || lsi_dma_ti64bit(s))
568 addr |= ((uint64_t)s->dnad64 << 32);
569 else if (s->dbms)
570 addr |= ((uint64_t)s->dbms << 32);
571 else if (s->sbms)
572 addr |= ((uint64_t)s->sbms << 32);
573
574 DPRINTF("DMA addr=0x" DMA_ADDR_FMT " len=%d\n", addr, count);
575 s->csbc += count;
576 s->dnad += count;
577 s->dbc -= count;
578 if (s->current->dma_buf == NULL) {
579 s->current->dma_buf = scsi_req_get_buf(s->current->req);
580 }
581 /* ??? Set SFBR to first data byte. */
582 if (out) {
583 pci_dma_read(pci_dev, addr, s->current->dma_buf, count);
584 } else {
585 pci_dma_write(pci_dev, addr, s->current->dma_buf, count);
586 }
587 s->current->dma_len -= count;
588 if (s->current->dma_len == 0) {
589 s->current->dma_buf = NULL;
590 scsi_req_continue(s->current->req);
591 } else {
592 s->current->dma_buf += count;
593 lsi_resume_script(s);
594 }
595 }
596
597
598 /* Add a command to the queue. */
lsi_queue_command(LSIState * s)599 static void lsi_queue_command(LSIState *s)
600 {
601 lsi_request *p = s->current;
602
603 DPRINTF("Queueing tag=0x%x\n", p->tag);
604 assert(s->current != NULL);
605 assert(s->current->dma_len == 0);
606 QTAILQ_INSERT_TAIL(&s->queue, s->current, next);
607 s->current = NULL;
608
609 p->pending = 0;
610 p->out = (s->sstat1 & PHASE_MASK) == PHASE_DO;
611 }
612
613 /* Queue a byte for a MSG IN phase. */
lsi_add_msg_byte(LSIState * s,uint8_t data)614 static void lsi_add_msg_byte(LSIState *s, uint8_t data)
615 {
616 if (s->msg_len >= LSI_MAX_MSGIN_LEN) {
617 BADF("MSG IN data too long\n");
618 } else {
619 DPRINTF("MSG IN 0x%02x\n", data);
620 s->msg[s->msg_len++] = data;
621 }
622 }
623
624 /* Perform reselection to continue a command. */
lsi_reselect(LSIState * s,lsi_request * p)625 static void lsi_reselect(LSIState *s, lsi_request *p)
626 {
627 int id;
628
629 assert(s->current == NULL);
630 QTAILQ_REMOVE(&s->queue, p, next);
631 s->current = p;
632
633 id = (p->tag >> 8) & 0xf;
634 s->ssid = id | 0x80;
635 /* LSI53C700 Family Compatibility, see LSI53C895A 4-73 */
636 if (!(s->dcntl & LSI_DCNTL_COM)) {
637 s->sfbr = 1 << (id & 0x7);
638 }
639 DPRINTF("Reselected target %d\n", id);
640 s->scntl1 |= LSI_SCNTL1_CON;
641 lsi_set_phase(s, PHASE_MI);
642 s->msg_action = p->out ? 2 : 3;
643 s->current->dma_len = p->pending;
644 lsi_add_msg_byte(s, 0x80);
645 if (s->current->tag & LSI_TAG_VALID) {
646 lsi_add_msg_byte(s, 0x20);
647 lsi_add_msg_byte(s, p->tag & 0xff);
648 }
649
650 if (lsi_irq_on_rsl(s)) {
651 lsi_script_scsi_interrupt(s, LSI_SIST0_RSL, 0);
652 }
653 }
654
lsi_find_by_tag(LSIState * s,uint32_t tag)655 static lsi_request *lsi_find_by_tag(LSIState *s, uint32_t tag)
656 {
657 lsi_request *p;
658
659 QTAILQ_FOREACH(p, &s->queue, next) {
660 if (p->tag == tag) {
661 return p;
662 }
663 }
664
665 return NULL;
666 }
667
lsi_request_free(LSIState * s,lsi_request * p)668 static void lsi_request_free(LSIState *s, lsi_request *p)
669 {
670 if (p == s->current) {
671 s->current = NULL;
672 } else {
673 QTAILQ_REMOVE(&s->queue, p, next);
674 }
675 g_free(p);
676 }
677
lsi_request_cancelled(SCSIRequest * req)678 void lsi_request_cancelled(SCSIRequest *req)
679 {
680 LSIState *s = LSI53C895A(req->bus->qbus.parent);
681 lsi_request *p = (lsi_request*)req->hba_private;
682
683 req->hba_private = NULL;
684 lsi_request_free(s, p);
685 scsi_req_unref(req);
686 }
687
688 /* Record that data is available for a queued command. Returns zero if
689 the device was reselected, nonzero if the IO is deferred. */
lsi_queue_req(LSIState * s,SCSIRequest * req,uint32_t len)690 static int lsi_queue_req(LSIState *s, SCSIRequest *req, uint32_t len)
691 {
692 lsi_request *p = (lsi_request*)req->hba_private;
693
694 if (p->pending) {
695 BADF("Multiple IO pending for request %p\n", p);
696 }
697 p->pending = len;
698 /* Reselect if waiting for it, or if reselection triggers an IRQ
699 and the bus is free.
700 Since no interrupt stacking is implemented in the emulation, it
701 is also required that there are no pending interrupts waiting
702 for service from the device driver. */
703 if (s->waiting == 1 ||
704 (lsi_irq_on_rsl(s) && !(s->scntl1 & LSI_SCNTL1_CON) &&
705 !(s->istat0 & (LSI_ISTAT0_SIP | LSI_ISTAT0_DIP)))) {
706 /* Reselect device. */
707 lsi_reselect(s, p);
708 return 0;
709 } else {
710 DPRINTF("Queueing IO tag=0x%x\n", p->tag);
711 p->pending = len;
712 return 1;
713 }
714 }
715
716 /* Callback to indicate that the SCSI layer has completed a command. */
lsi_command_complete(SCSIRequest * req,uint32_t status,size_t resid)717 void lsi_command_complete(SCSIRequest *req, uint32_t status, size_t resid)
718 {
719 LSIState *s = LSI53C895A(req->bus->qbus.parent);
720 int out;
721
722 out = (s->sstat1 & PHASE_MASK) == PHASE_DO;
723 DPRINTF("Command complete status=%d\n", (int)status);
724 s->status = status;
725 s->command_complete = 2;
726 if (s->waiting && s->dbc != 0) {
727 /* Raise phase mismatch for short transfers. */
728 lsi_bad_phase(s, out, PHASE_ST);
729 } else {
730 lsi_set_phase(s, PHASE_ST);
731 }
732
733 if (req->hba_private == s->current) {
734 req->hba_private = NULL;
735 lsi_request_free(s, s->current);
736 scsi_req_unref(req);
737 }
738 lsi_resume_script(s);
739 }
740
741 /* Callback to indicate that the SCSI layer has completed a transfer. */
lsi_transfer_data(SCSIRequest * req,uint32_t len)742 void lsi_transfer_data(SCSIRequest *req, uint32_t len)
743 {
744 LSIState *s = LSI53C895A(req->bus->qbus.parent);
745 int out;
746
747 assert(req->hba_private);
748 if (s->waiting == 1 || req->hba_private != s->current ||
749 (lsi_irq_on_rsl(s) && !(s->scntl1 & LSI_SCNTL1_CON))) {
750 if (lsi_queue_req(s, req, len)) {
751 return;
752 }
753 }
754
755 out = (s->sstat1 & PHASE_MASK) == PHASE_DO;
756
757 /* host adapter (re)connected */
758 DPRINTF("Data ready tag=0x%x len=%d\n", req->tag, len);
759 s->current->dma_len = len;
760 s->command_complete = 1;
761 if (s->waiting) {
762 if (s->waiting == 1 || s->dbc == 0) {
763 lsi_resume_script(s);
764 } else {
765 lsi_do_dma(s, out);
766 }
767 }
768 }
769
lsi_do_command(LSIState * s)770 static void lsi_do_command(LSIState *s)
771 {
772 SCSIDevice *dev;
773 uint8_t buf[16];
774 uint32_t id;
775 int n;
776
777 DPRINTF("Send command len=%d\n", s->dbc);
778 if (s->dbc > 16)
779 s->dbc = 16;
780 pci_dma_read(PCI_DEVICE(s), s->dnad, buf, s->dbc);
781 s->sfbr = buf[0];
782 s->command_complete = 0;
783
784 id = (s->select_tag >> 8) & 0xf;
785 dev = scsi_device_find(&s->bus, 0, id, s->current_lun);
786 if (!dev) {
787 lsi_bad_selection(s, id);
788 return;
789 }
790
791 assert(s->current == NULL);
792 s->current = (lsi_request*)calloc(sizeof(lsi_request), 1);
793 s->current->tag = s->select_tag;
794 s->current->req = scsi_req_new(dev, s->current->tag, s->current_lun, buf, s->dbc, s->current);
795
796 n = scsi_req_enqueue(s->current->req);
797 if (n) {
798 if (n > 0) {
799 lsi_set_phase(s, PHASE_DI);
800 } else if (n < 0) {
801 lsi_set_phase(s, PHASE_DO);
802 }
803 scsi_req_continue(s->current->req);
804 }
805 if (!s->command_complete) {
806 if (n) {
807 /* Command did not complete immediately so disconnect. */
808 lsi_add_msg_byte(s, 2); /* SAVE DATA POINTER */
809 lsi_add_msg_byte(s, 4); /* DISCONNECT */
810 /* wait data */
811 lsi_set_phase(s, PHASE_MI);
812 s->msg_action = 1;
813 lsi_queue_command(s);
814 } else {
815 /* wait command complete */
816 lsi_set_phase(s, PHASE_DI);
817 }
818 }
819 }
820
lsi_do_status(LSIState * s)821 static void lsi_do_status(LSIState *s)
822 {
823 uint8_t status;
824 DPRINTF("Get status len=%d status=%d\n", s->dbc, s->status);
825 if (s->dbc != 1)
826 BADF("Bad Status move\n");
827 s->dbc = 1;
828 status = s->status;
829 s->sfbr = status;
830 pci_dma_write(PCI_DEVICE(s), s->dnad, &status, 1);
831 lsi_set_phase(s, PHASE_MI);
832 s->msg_action = 1;
833 lsi_add_msg_byte(s, 0); /* COMMAND COMPLETE */
834 }
835
lsi_do_msgin(LSIState * s)836 static void lsi_do_msgin(LSIState *s)
837 {
838 int len;
839 DPRINTF("Message in len=%d/%d\n", s->dbc, s->msg_len);
840 s->sfbr = s->msg[0];
841 len = s->msg_len;
842 if (len > s->dbc)
843 len = s->dbc;
844 pci_dma_write(PCI_DEVICE(s), s->dnad, s->msg, len);
845 /* Linux drivers rely on the last byte being in the SIDL. */
846 s->sidl = s->msg[len - 1];
847 s->msg_len -= len;
848 if (s->msg_len) {
849 memmove(s->msg, s->msg + len, s->msg_len);
850 } else {
851 /* ??? Check if ATN (not yet implemented) is asserted and maybe
852 switch to PHASE_MO. */
853 switch (s->msg_action) {
854 case 0:
855 lsi_set_phase(s, PHASE_CMD);
856 break;
857 case 1:
858 lsi_disconnect(s);
859 break;
860 case 2:
861 lsi_set_phase(s, PHASE_DO);
862 break;
863 case 3:
864 lsi_set_phase(s, PHASE_DI);
865 break;
866 default:
867 abort();
868 }
869 }
870 }
871
872 /* Read the next byte during a MSGOUT phase. */
lsi_get_msgbyte(LSIState * s)873 static uint8_t lsi_get_msgbyte(LSIState *s)
874 {
875 uint8_t data;
876 pci_dma_read(PCI_DEVICE(s), s->dnad, &data, 1);
877 s->dnad++;
878 s->dbc--;
879 return data;
880 }
881
882 /* Skip the next n bytes during a MSGOUT phase. */
lsi_skip_msgbytes(LSIState * s,unsigned int n)883 static void lsi_skip_msgbytes(LSIState *s, unsigned int n)
884 {
885 s->dnad += n;
886 s->dbc -= n;
887 }
888
lsi_do_msgout(LSIState * s)889 static void lsi_do_msgout(LSIState *s)
890 {
891 uint8_t msg;
892 int len;
893 uint32_t current_tag;
894 lsi_request *current_req, *p, *p_next;
895
896 if (s->current) {
897 current_tag = s->current->tag;
898 current_req = s->current;
899 } else {
900 current_tag = s->select_tag;
901 current_req = lsi_find_by_tag(s, current_tag);
902 }
903
904 DPRINTF("MSG out len=%d\n", s->dbc);
905 while (s->dbc) {
906 msg = lsi_get_msgbyte(s);
907 s->sfbr = msg;
908
909 switch (msg) {
910 case 0x04:
911 DPRINTF("MSG: Disconnect\n");
912 lsi_disconnect(s);
913 break;
914 case 0x08:
915 DPRINTF("MSG: No Operation\n");
916 lsi_set_phase(s, PHASE_CMD);
917 break;
918 case 0x01:
919 len = lsi_get_msgbyte(s);
920 msg = lsi_get_msgbyte(s);
921 (void)len; /* avoid a warning about unused variable*/
922 DPRINTF("Extended message 0x%x (len %d)\n", msg, len);
923 switch (msg) {
924 case 1:
925 DPRINTF("SDTR (ignored)\n");
926 lsi_skip_msgbytes(s, 2);
927 break;
928 case 3:
929 DPRINTF("WDTR (ignored)\n");
930 lsi_skip_msgbytes(s, 1);
931 break;
932 default:
933 goto bad;
934 }
935 break;
936 case 0x20: /* SIMPLE queue */
937 s->select_tag |= lsi_get_msgbyte(s) | LSI_TAG_VALID;
938 DPRINTF("SIMPLE queue tag=0x%x\n", s->select_tag & 0xff);
939 break;
940 case 0x21: /* HEAD of queue */
941 BADF("HEAD queue not implemented\n");
942 s->select_tag |= lsi_get_msgbyte(s) | LSI_TAG_VALID;
943 break;
944 case 0x22: /* ORDERED queue */
945 BADF("ORDERED queue not implemented\n");
946 s->select_tag |= lsi_get_msgbyte(s) | LSI_TAG_VALID;
947 break;
948 case 0x0d:
949 /* The ABORT TAG message clears the current I/O process only. */
950 DPRINTF("MSG: ABORT TAG tag=0x%x\n", current_tag);
951 if (current_req) {
952 scsi_req_cancel(current_req->req);
953 }
954 lsi_disconnect(s);
955 break;
956 case 0x06:
957 case 0x0e:
958 case 0x0c:
959 /* The ABORT message clears all I/O processes for the selecting
960 initiator on the specified logical unit of the target. */
961 if (msg == 0x06) {
962 DPRINTF("MSG: ABORT tag=0x%x\n", current_tag);
963 }
964 /* The CLEAR QUEUE message clears all I/O processes for all
965 initiators on the specified logical unit of the target. */
966 if (msg == 0x0e) {
967 DPRINTF("MSG: CLEAR QUEUE tag=0x%x\n", current_tag);
968 }
969 /* The BUS DEVICE RESET message clears all I/O processes for all
970 initiators on all logical units of the target. */
971 if (msg == 0x0c) {
972 DPRINTF("MSG: BUS DEVICE RESET tag=0x%x\n", current_tag);
973 }
974
975 /* clear the current I/O process */
976 if (s->current) {
977 scsi_req_cancel(s->current->req);
978 }
979
980 /* As the current implemented devices scsi_disk and scsi_generic
981 only support one LUN, we don't need to keep track of LUNs.
982 Clearing I/O processes for other initiators could be possible
983 for scsi_generic by sending a SG_SCSI_RESET to the /dev/sgX
984 device, but this is currently not implemented (and seems not
985 to be really necessary). So let's simply clear all queued
986 commands for the current device: */
987 QTAILQ_FOREACH_SAFE(p, &s->queue, next, p_next) {
988 if ((p->tag & 0x0000ff00) == (current_tag & 0x0000ff00)) {
989 scsi_req_cancel(p->req);
990 }
991 }
992
993 lsi_disconnect(s);
994 break;
995 default:
996 if ((msg & 0x80) == 0) {
997 goto bad;
998 }
999 s->current_lun = msg & 7;
1000 DPRINTF("Select LUN %d\n", s->current_lun);
1001 lsi_set_phase(s, PHASE_CMD);
1002 break;
1003 }
1004 }
1005 return;
1006 bad:
1007 BADF("Unimplemented message 0x%02x\n", msg);
1008 lsi_set_phase(s, PHASE_MI);
1009 lsi_add_msg_byte(s, 7); /* MESSAGE REJECT */
1010 s->msg_action = 0;
1011 }
1012
1013 #define LSI_BUF_SIZE 4096
lsi_memcpy(LSIState * s,uint32_t dest,uint32_t src,int count)1014 static void lsi_memcpy(LSIState *s, uint32_t dest, uint32_t src, int count)
1015 {
1016 PCIDevice *d = PCI_DEVICE(s);
1017 int n;
1018 uint8_t buf[LSI_BUF_SIZE];
1019
1020 DPRINTF("memcpy dest 0x%08x src 0x%08x count %d\n", dest, src, count);
1021 while (count) {
1022 n = (count > LSI_BUF_SIZE) ? LSI_BUF_SIZE : count;
1023 pci_dma_read(d, src, buf, n);
1024 pci_dma_write(d, dest, buf, n);
1025 src += n;
1026 dest += n;
1027 count -= n;
1028 }
1029 }
1030
lsi_wait_reselect(LSIState * s)1031 static void lsi_wait_reselect(LSIState *s)
1032 {
1033 lsi_request *p;
1034
1035 DPRINTF("Wait Reselect\n");
1036
1037 QTAILQ_FOREACH(p, &s->queue, next) {
1038 if (p->pending) {
1039 lsi_reselect(s, p);
1040 break;
1041 }
1042 }
1043 if (s->current == NULL) {
1044 s->waiting = 1;
1045 }
1046 }
1047
lsi_execute_script(LSIState * s)1048 static void lsi_execute_script(LSIState *s)
1049 {
1050 PCIDevice *pci_dev = PCI_DEVICE(s);
1051 uint32_t insn;
1052 uint32_t addr, addr_high;
1053 int opcode;
1054 int insn_processed = 0;
1055
1056 s->istat1 |= LSI_ISTAT1_SRUN;
1057 again:
1058 insn_processed++;
1059 insn = read_dword(s, s->dsp);
1060 if (!insn) {
1061 /* If we receive an empty opcode increment the DSP by 4 bytes
1062 instead of 8 and execute the next opcode at that location */
1063 s->dsp += 4;
1064 goto again;
1065 }
1066 addr = read_dword(s, s->dsp + 4);
1067 addr_high = 0;
1068 DPRINTF("SCRIPTS dsp=%08x opcode %08x arg %08x\n", s->dsp, insn, addr);
1069 s->dsps = addr;
1070 s->dcmd = insn >> 24;
1071 s->dsp += 8;
1072 switch (insn >> 30) {
1073 case 0: /* Block move. */
1074 if (s->sist1 & LSI_SIST1_STO) {
1075 DPRINTF("Delayed select timeout\n");
1076 lsi_stop_script(s);
1077 break;
1078 }
1079 s->dbc = insn & 0xffffff;
1080 s->rbc = s->dbc;
1081 /* ??? Set ESA. */
1082 s->ia = s->dsp - 8;
1083 if (insn & (1 << 29)) {
1084 /* Indirect addressing. */
1085 addr = read_dword(s, addr);
1086 } else if (insn & (1 << 28)) {
1087 uint32_t buf[2];
1088 int32_t offset;
1089 /* Table indirect addressing. */
1090
1091 /* 32-bit Table indirect */
1092 offset = sextract32(addr, 0, 24);
1093 pci_dma_read(pci_dev, s->dsa + offset, buf, 8);
1094 /* byte count is stored in bits 0:23 only */
1095 s->dbc = cpu_to_le32(buf[0]) & 0xffffff;
1096 s->rbc = s->dbc;
1097 addr = cpu_to_le32(buf[1]);
1098
1099 /* 40-bit DMA, upper addr bits [39:32] stored in first DWORD of
1100 * table, bits [31:24] */
1101 if (lsi_dma_40bit(s))
1102 addr_high = cpu_to_le32(buf[0]) >> 24;
1103 else if (lsi_dma_ti64bit(s)) {
1104 int selector = (cpu_to_le32(buf[0]) >> 24) & 0x1f;
1105 switch (selector) {
1106 case 0:
1107 case 1:
1108 case 2:
1109 case 3:
1110 case 4:
1111 case 5:
1112 case 6:
1113 case 7:
1114 case 8:
1115 case 9:
1116 case 10:
1117 case 11:
1118 case 12:
1119 case 13:
1120 case 14:
1121 case 15:
1122 /* offset index into scratch registers since
1123 * TI64 mode can use registers C to R */
1124 addr_high = s->scratch[2 + selector];
1125 break;
1126 case 0x10:
1127 addr_high = s->mmrs;
1128 break;
1129 case 0x11:
1130 addr_high = s->mmws;
1131 break;
1132 case 0x12:
1133 addr_high = s->sfs;
1134 break;
1135 case 0x13:
1136 addr_high = s->drs;
1137 break;
1138 case 0x14:
1139 addr_high = s->sbms;
1140 break;
1141 case 0x15:
1142 addr_high = s->dbms;
1143 break;
1144 default:
1145 BADF("Illegal selector specified (0x%x > 0x15)"
1146 " for 64-bit DMA block move", selector);
1147 break;
1148 }
1149 }
1150 } else if (lsi_dma_64bit(s)) {
1151 /* fetch a 3rd dword if 64-bit direct move is enabled and
1152 only if we're not doing table indirect or indirect addressing */
1153 s->dbms = read_dword(s, s->dsp);
1154 s->dsp += 4;
1155 s->ia = s->dsp - 12;
1156 }
1157 if ((s->sstat1 & PHASE_MASK) != ((insn >> 24) & 7)) {
1158 DPRINTF("Wrong phase got %d expected %d\n",
1159 s->sstat1 & PHASE_MASK, (insn >> 24) & 7);
1160 lsi_script_scsi_interrupt(s, LSI_SIST0_MA, 0);
1161 break;
1162 }
1163 s->dnad = addr;
1164 s->dnad64 = addr_high;
1165 switch (s->sstat1 & 0x7) {
1166 case PHASE_DO:
1167 s->waiting = 2;
1168 lsi_do_dma(s, 1);
1169 if (s->waiting)
1170 s->waiting = 3;
1171 break;
1172 case PHASE_DI:
1173 s->waiting = 2;
1174 lsi_do_dma(s, 0);
1175 if (s->waiting)
1176 s->waiting = 3;
1177 break;
1178 case PHASE_CMD:
1179 lsi_do_command(s);
1180 break;
1181 case PHASE_ST:
1182 lsi_do_status(s);
1183 break;
1184 case PHASE_MO:
1185 lsi_do_msgout(s);
1186 break;
1187 case PHASE_MI:
1188 lsi_do_msgin(s);
1189 break;
1190 default:
1191 BADF("Unimplemented phase %d\n", s->sstat1 & PHASE_MASK);
1192 }
1193 s->dfifo = s->dbc & 0xff;
1194 s->ctest5 = (s->ctest5 & 0xfc) | ((s->dbc >> 8) & 3);
1195 s->sbc = s->dbc;
1196 s->rbc -= s->dbc;
1197 s->ua = addr + s->dbc;
1198 break;
1199
1200 case 1: /* IO or Read/Write instruction. */
1201 opcode = (insn >> 27) & 7;
1202 if (opcode < 5) {
1203 uint32_t id;
1204
1205 if (insn & (1 << 25)) {
1206 id = read_dword(s, s->dsa + sextract32(insn, 0, 24));
1207 } else {
1208 id = insn;
1209 }
1210 id = (id >> 16) & 0xf;
1211 if (insn & (1 << 26)) {
1212 addr = s->dsp + sextract32(addr, 0, 24);
1213 }
1214 s->dnad = addr;
1215 switch (opcode) {
1216 case 0: /* Select */
1217 s->sdid = id;
1218 if (s->scntl1 & LSI_SCNTL1_CON) {
1219 DPRINTF("Already reselected, jumping to alternative address\n");
1220 s->dsp = s->dnad;
1221 break;
1222 }
1223 s->sstat0 |= LSI_SSTAT0_WOA;
1224 s->scntl1 &= ~LSI_SCNTL1_IARB;
1225 if (!scsi_device_find(&s->bus, 0, id, 0)) {
1226 lsi_bad_selection(s, id);
1227 break;
1228 }
1229 DPRINTF("Selected target %d%s\n",
1230 id, insn & (1 << 3) ? " ATN" : "");
1231 /* ??? Linux drivers compain when this is set. Maybe
1232 it only applies in low-level mode (unimplemented).
1233 lsi_script_scsi_interrupt(s, LSI_SIST0_CMP, 0); */
1234 s->select_tag = id << 8;
1235 s->scntl1 |= LSI_SCNTL1_CON;
1236 if (insn & (1 << 3)) {
1237 s->socl |= LSI_SOCL_ATN;
1238 }
1239 lsi_set_phase(s, PHASE_MO);
1240 break;
1241 case 1: /* Disconnect */
1242 DPRINTF("Wait Disconnect\n");
1243 s->scntl1 &= ~LSI_SCNTL1_CON;
1244 break;
1245 case 2: /* Wait Reselect */
1246 if (!lsi_irq_on_rsl(s)) {
1247 lsi_wait_reselect(s);
1248 }
1249 break;
1250 case 3: /* Set */
1251 DPRINTF("Set%s%s%s%s\n",
1252 insn & (1 << 3) ? " ATN" : "",
1253 insn & (1 << 6) ? " ACK" : "",
1254 insn & (1 << 9) ? " TM" : "",
1255 insn & (1 << 10) ? " CC" : "");
1256 if (insn & (1 << 3)) {
1257 s->socl |= LSI_SOCL_ATN;
1258 lsi_set_phase(s, PHASE_MO);
1259 }
1260 if (insn & (1 << 9)) {
1261 BADF("Target mode not implemented\n");
1262 }
1263 if (insn & (1 << 10))
1264 s->carry = 1;
1265 break;
1266 case 4: /* Clear */
1267 DPRINTF("Clear%s%s%s%s\n",
1268 insn & (1 << 3) ? " ATN" : "",
1269 insn & (1 << 6) ? " ACK" : "",
1270 insn & (1 << 9) ? " TM" : "",
1271 insn & (1 << 10) ? " CC" : "");
1272 if (insn & (1 << 3)) {
1273 s->socl &= ~LSI_SOCL_ATN;
1274 }
1275 if (insn & (1 << 10))
1276 s->carry = 0;
1277 break;
1278 }
1279 } else {
1280 uint8_t op0;
1281 uint8_t op1;
1282 uint8_t data8;
1283 int reg;
1284 int oper;
1285 #ifdef DEBUG_LSI
1286 static const char *opcode_names[3] =
1287 {"Write", "Read", "Read-Modify-Write"};
1288 static const char *operator_names[8] =
1289 {"MOV", "SHL", "OR", "XOR", "AND", "SHR", "ADD", "ADC"};
1290 #endif
1291
1292 reg = ((insn >> 16) & 0x7f) | (insn & 0x80);
1293 data8 = (insn >> 8) & 0xff;
1294 opcode = (insn >> 27) & 7;
1295 oper = (insn >> 24) & 7;
1296 DPRINTF("%s reg 0x%x %s data8=0x%02x sfbr=0x%02x%s\n",
1297 opcode_names[opcode - 5], reg,
1298 operator_names[oper], data8, s->sfbr,
1299 (insn & (1 << 23)) ? " SFBR" : "");
1300 op0 = op1 = 0;
1301 switch (opcode) {
1302 case 5: /* From SFBR */
1303 op0 = s->sfbr;
1304 op1 = data8;
1305 break;
1306 case 6: /* To SFBR */
1307 if (oper)
1308 op0 = lsi_reg_readb(s, reg);
1309 op1 = data8;
1310 break;
1311 case 7: /* Read-modify-write */
1312 if (oper)
1313 op0 = lsi_reg_readb(s, reg);
1314 if (insn & (1 << 23)) {
1315 op1 = s->sfbr;
1316 } else {
1317 op1 = data8;
1318 }
1319 break;
1320 }
1321
1322 switch (oper) {
1323 case 0: /* move */
1324 op0 = op1;
1325 break;
1326 case 1: /* Shift left */
1327 op1 = op0 >> 7;
1328 op0 = (op0 << 1) | s->carry;
1329 s->carry = op1;
1330 break;
1331 case 2: /* OR */
1332 op0 |= op1;
1333 break;
1334 case 3: /* XOR */
1335 op0 ^= op1;
1336 break;
1337 case 4: /* AND */
1338 op0 &= op1;
1339 break;
1340 case 5: /* SHR */
1341 op1 = op0 & 1;
1342 op0 = (op0 >> 1) | (s->carry << 7);
1343 s->carry = op1;
1344 break;
1345 case 6: /* ADD */
1346 op0 += op1;
1347 s->carry = op0 < op1;
1348 break;
1349 case 7: /* ADC */
1350 op0 += op1 + s->carry;
1351 if (s->carry)
1352 s->carry = op0 <= op1;
1353 else
1354 s->carry = op0 < op1;
1355 break;
1356 }
1357
1358 switch (opcode) {
1359 case 5: /* From SFBR */
1360 case 7: /* Read-modify-write */
1361 lsi_reg_writeb(s, reg, op0);
1362 break;
1363 case 6: /* To SFBR */
1364 s->sfbr = op0;
1365 break;
1366 }
1367 }
1368 break;
1369
1370 case 2: /* Transfer Control. */
1371 {
1372 int cond;
1373 int jmp;
1374
1375 if ((insn & 0x002e0000) == 0) {
1376 DPRINTF("NOP\n");
1377 break;
1378 }
1379 if (s->sist1 & LSI_SIST1_STO) {
1380 DPRINTF("Delayed select timeout\n");
1381 lsi_stop_script(s);
1382 break;
1383 }
1384 cond = jmp = (insn & (1 << 19)) != 0;
1385 if (cond == jmp && (insn & (1 << 21))) {
1386 DPRINTF("Compare carry %d\n", s->carry == jmp);
1387 cond = s->carry != 0;
1388 }
1389 if (cond == jmp && (insn & (1 << 17))) {
1390 DPRINTF("Compare phase %d %c= %d\n",
1391 (s->sstat1 & PHASE_MASK),
1392 jmp ? '=' : '!',
1393 ((insn >> 24) & 7));
1394 cond = (s->sstat1 & PHASE_MASK) == ((insn >> 24) & 7);
1395 }
1396 if (cond == jmp && (insn & (1 << 18))) {
1397 uint8_t mask;
1398
1399 mask = (~insn >> 8) & 0xff;
1400 DPRINTF("Compare data 0x%x & 0x%x %c= 0x%x\n",
1401 s->sfbr, mask, jmp ? '=' : '!', insn & mask);
1402 cond = (s->sfbr & mask) == (insn & mask);
1403 }
1404 if (cond == jmp) {
1405 if (insn & (1 << 23)) {
1406 /* Relative address. */
1407 addr = s->dsp + sextract32(addr, 0, 24);
1408 }
1409 switch ((insn >> 27) & 7) {
1410 case 0: /* Jump */
1411 DPRINTF("Jump to 0x%08x\n", addr);
1412 s->dsp = addr;
1413 break;
1414 case 1: /* Call */
1415 DPRINTF("Call 0x%08x\n", addr);
1416 s->temp = s->dsp;
1417 s->dsp = addr;
1418 break;
1419 case 2: /* Return */
1420 DPRINTF("Return to 0x%08x\n", s->temp);
1421 s->dsp = s->temp;
1422 break;
1423 case 3: /* Interrupt */
1424 DPRINTF("Interrupt 0x%08x\n", s->dsps);
1425 if ((insn & (1 << 20)) != 0) {
1426 s->istat0 |= LSI_ISTAT0_INTF;
1427 lsi_update_irq(s);
1428 } else {
1429 lsi_script_dma_interrupt(s, LSI_DSTAT_SIR);
1430 }
1431 break;
1432 default:
1433 DPRINTF("Illegal transfer control\n");
1434 lsi_script_dma_interrupt(s, LSI_DSTAT_IID);
1435 break;
1436 }
1437 } else {
1438 DPRINTF("Control condition failed\n");
1439 }
1440 }
1441 break;
1442
1443 case 3:
1444 if ((insn & (1 << 29)) == 0) {
1445 /* Memory move. */
1446 uint32_t dest;
1447 /* ??? The docs imply the destination address is loaded into
1448 the TEMP register. However the Linux drivers rely on
1449 the value being presrved. */
1450 dest = read_dword(s, s->dsp);
1451 s->dsp += 4;
1452 lsi_memcpy(s, dest, addr, insn & 0xffffff);
1453 } else {
1454 uint8_t data[7];
1455 int reg;
1456 int n;
1457 int i;
1458
1459 if (insn & (1 << 28)) {
1460 addr = s->dsa + sextract32(addr, 0, 24);
1461 }
1462 n = (insn & 7);
1463 reg = (insn >> 16) & 0xff;
1464 if (insn & (1 << 24)) {
1465 pci_dma_read(pci_dev, addr, data, n);
1466 DPRINTF("Load reg 0x%x size %d addr 0x%08x = %08x\n", reg, n,
1467 addr, *(int *)data);
1468 for (i = 0; i < n; i++) {
1469 lsi_reg_writeb(s, reg + i, data[i]);
1470 }
1471 } else {
1472 DPRINTF("Store reg 0x%x size %d addr 0x%08x\n", reg, n, addr);
1473 for (i = 0; i < n; i++) {
1474 data[i] = lsi_reg_readb(s, reg + i);
1475 }
1476 pci_dma_write(pci_dev, addr, data, n);
1477 }
1478 }
1479 }
1480 if (insn_processed > 10000 && !s->waiting) {
1481 /* Some windows drivers make the device spin waiting for a memory
1482 location to change. If we have been executed a lot of code then
1483 assume this is the case and force an unexpected device disconnect.
1484 This is apparently sufficient to beat the drivers into submission.
1485 */
1486 if (!(s->sien0 & LSI_SIST0_UDC))
1487 fprintf(stderr, "inf. loop with UDC masked\n");
1488 lsi_script_scsi_interrupt(s, LSI_SIST0_UDC, 0);
1489 lsi_disconnect(s);
1490 } else if (s->istat1 & LSI_ISTAT1_SRUN && !s->waiting) {
1491 if (s->dcntl & LSI_DCNTL_SSM) {
1492 lsi_script_dma_interrupt(s, LSI_DSTAT_SSI);
1493 } else {
1494 goto again;
1495 }
1496 }
1497 DPRINTF("SCRIPTS execution stopped\n");
1498 }
1499
lsi_reg_readb2(LSIState * s,int offset)1500 static uint8_t lsi_reg_readb2(LSIState *s, int offset)
1501 {
1502 uint8_t tmp;
1503 #define CASE_GET_REG24(name, addr) \
1504 case addr: return s->name & 0xff; \
1505 case addr + 1: return (s->name >> 8) & 0xff; \
1506 case addr + 2: return (s->name >> 16) & 0xff;
1507
1508 #define CASE_GET_REG32(name, addr) \
1509 case addr: return s->name & 0xff; \
1510 case addr + 1: return (s->name >> 8) & 0xff; \
1511 case addr + 2: return (s->name >> 16) & 0xff; \
1512 case addr + 3: return (s->name >> 24) & 0xff;
1513
1514 switch (offset) {
1515 case 0x00: /* SCNTL0 */
1516 return s->scntl0;
1517 case 0x01: /* SCNTL1 */
1518 return s->scntl1;
1519 case 0x02: /* SCNTL2 */
1520 return s->scntl2;
1521 case 0x03: /* SCNTL3 */
1522 return s->scntl3;
1523 case 0x04: /* SCID */
1524 return s->scid;
1525 case 0x05: /* SXFER */
1526 return s->sxfer;
1527 case 0x06: /* SDID */
1528 return s->sdid;
1529 case 0x07: /* GPREG0 */
1530 return 0x7f;
1531 case 0x08: /* Revision ID */
1532 return 0x00;
1533 case 0xa: /* SSID */
1534 return s->ssid;
1535 case 0xb: /* SBCL */
1536 /* ??? This is not correct. However it's (hopefully) only
1537 used for diagnostics, so should be ok. */
1538 return 0;
1539 case 0xc: /* DSTAT */
1540 tmp = s->dstat | LSI_DSTAT_DFE;
1541 if ((s->istat0 & LSI_ISTAT0_INTF) == 0)
1542 s->dstat = 0;
1543 lsi_update_irq(s);
1544 return tmp;
1545 case 0x0d: /* SSTAT0 */
1546 return s->sstat0;
1547 case 0x0e: /* SSTAT1 */
1548 return s->sstat1;
1549 case 0x0f: /* SSTAT2 */
1550 return s->scntl1 & LSI_SCNTL1_CON ? 0 : 2;
1551 CASE_GET_REG32(dsa, 0x10)
1552 case 0x14: /* ISTAT0 */
1553 return s->istat0;
1554 case 0x15: /* ISTAT1 */
1555 return s->istat1;
1556 case 0x16: /* MBOX0 */
1557 return s->mbox0;
1558 case 0x17: /* MBOX1 */
1559 return s->mbox1;
1560 case 0x18: /* CTEST0 */
1561 return 0xff;
1562 case 0x19: /* CTEST1 */
1563 return 0xf0; // dma fifo empty
1564 case 0x1a: /* CTEST2 */
1565 tmp = s->ctest2 | LSI_CTEST2_DACK | LSI_CTEST2_CM;
1566 if (s->istat0 & LSI_ISTAT0_SIGP) {
1567 s->istat0 &= ~LSI_ISTAT0_SIGP;
1568 tmp |= LSI_CTEST2_SIGP;
1569 }
1570 return tmp;
1571 case 0x1b: /* CTEST3 */
1572 return (s->ctest3 & (0x08 | 0x02 | 0x01)) | s->chip_rev;
1573 CASE_GET_REG32(temp, 0x1c)
1574 case 0x20: /* DFIFO */
1575 return 0;
1576 case 0x21: /* CTEST4 */
1577 return s->ctest4;
1578 case 0x22: /* CTEST5 */
1579 return s->ctest5;
1580 case 0x23: /* CTEST6 */
1581 return 0;
1582 CASE_GET_REG24(dbc, 0x24)
1583 case 0x27: /* DCMD */
1584 return s->dcmd;
1585 CASE_GET_REG32(dnad, 0x28)
1586 CASE_GET_REG32(dsp, 0x2c)
1587 CASE_GET_REG32(dsps, 0x30)
1588 CASE_GET_REG32(scratch[0], 0x34)
1589 case 0x38: /* DMODE */
1590 return s->dmode;
1591 case 0x39: /* DIEN */
1592 return s->dien;
1593 case 0x3a: /* SBR */
1594 return s->sbr;
1595 case 0x3b: /* DCNTL */
1596 return s->dcntl;
1597 case 0x40: /* SIEN0 */
1598 return s->sien0;
1599 case 0x41: /* SIEN1 */
1600 return s->sien1;
1601 case 0x42: /* SIST0 */
1602 tmp = s->sist0;
1603 s->sist0 = 0;
1604 lsi_update_irq(s);
1605 return tmp;
1606 case 0x43: /* SIST1 */
1607 tmp = s->sist1;
1608 s->sist1 = 0;
1609 lsi_update_irq(s);
1610 return tmp;
1611 case 0x46: /* MACNTL */
1612 return 0x0f | s->chip_rev;
1613 case 0x47: /* GPCNTL0 */
1614 return 0x0f;
1615 case 0x48: /* STIME0 */
1616 return s->stime0;
1617 case 0x4a: /* RESPID0 */
1618 return s->respid0;
1619 case 0x4b: /* RESPID1 */
1620 return s->respid1;
1621 case 0x4d: /* STEST1 */
1622 return s->stest1;
1623 case 0x4e: /* STEST2 */
1624 return s->stest2;
1625 case 0x4f: /* STEST3 */
1626 return s->stest3;
1627 case 0x50: /* SIDL */
1628 /* This is needed by the linux drivers. We currently only update it
1629 during the MSG IN phase. */
1630 return s->sidl;
1631 case 0x52: /* STEST4 */
1632 return 0xe0;
1633 case 0x56: /* CCNTL0 */
1634 return s->ccntl0;
1635 case 0x57: /* CCNTL1 */
1636 return s->ccntl1;
1637 case 0x58: /* SBDL */
1638 /* Some drivers peek at the data bus during the MSG IN phase. */
1639 if ((s->sstat1 & PHASE_MASK) == PHASE_MI)
1640 return s->msg[0];
1641 return 0;
1642 case 0x59: /* SBDL high */
1643 return 0;
1644 CASE_GET_REG32(mmrs, 0xa0)
1645 CASE_GET_REG32(mmws, 0xa4)
1646 CASE_GET_REG32(sfs, 0xa8)
1647 CASE_GET_REG32(drs, 0xac)
1648 CASE_GET_REG32(sbms, 0xb0)
1649 CASE_GET_REG32(dbms, 0xb4)
1650 CASE_GET_REG32(dnad64, 0xb8)
1651 CASE_GET_REG32(pmjad1, 0xc0)
1652 CASE_GET_REG32(pmjad2, 0xc4)
1653 CASE_GET_REG32(rbc, 0xc8)
1654 CASE_GET_REG32(ua, 0xcc)
1655 CASE_GET_REG32(ia, 0xd4)
1656 CASE_GET_REG32(sbc, 0xd8)
1657 CASE_GET_REG32(csbc, 0xdc)
1658 }
1659 if (offset >= 0x5c && offset < 0xa0) {
1660 int n;
1661 int shift;
1662 n = (offset - 0x58) >> 2;
1663 shift = (offset & 3) * 8;
1664 return (s->scratch[n] >> shift) & 0xff;
1665 }
1666 BADF("readb 0x%x\n", offset);
1667 return 0;
1668 #undef CASE_GET_REG24
1669 #undef CASE_GET_REG32
1670 }
1671
lsi_reg_readb(LSIState * s,int offset)1672 static uint8_t lsi_reg_readb(LSIState *s, int offset)
1673 {
1674 uint8_t v = lsi_reg_readb2(s, offset);
1675 #ifdef DEBUG_LSI_REG
1676 DPRINTF("Read reg %02x = %02x\n", offset, v);
1677 #endif
1678 return v;
1679 }
1680
lsi_reg_writeb(LSIState * s,int offset,uint8_t val)1681 static void lsi_reg_writeb(LSIState *s, int offset, uint8_t val)
1682 {
1683 #define CASE_SET_REG24(name, addr) \
1684 case addr : s->name &= 0xffffff00; s->name |= val; break; \
1685 case addr + 1: s->name &= 0xffff00ff; s->name |= val << 8; break; \
1686 case addr + 2: s->name &= 0xff00ffff; s->name |= val << 16; break;
1687
1688 #define CASE_SET_REG32(name, addr) \
1689 case addr : s->name &= 0xffffff00; s->name |= val; break; \
1690 case addr + 1: s->name &= 0xffff00ff; s->name |= val << 8; break; \
1691 case addr + 2: s->name &= 0xff00ffff; s->name |= val << 16; break; \
1692 case addr + 3: s->name &= 0x00ffffff; s->name |= val << 24; break;
1693
1694 #ifdef DEBUG_LSI_REG
1695 DPRINTF("Write reg %02x = %02x\n", offset, val);
1696 #endif
1697 switch (offset) {
1698 case 0x00: /* SCNTL0 */
1699 s->scntl0 = val;
1700 if (val & LSI_SCNTL0_START) {
1701 BADF("Start sequence not implemented\n");
1702 }
1703 break;
1704 case 0x01: /* SCNTL1 */
1705 s->scntl1 = val & ~LSI_SCNTL1_SST;
1706 if (val & LSI_SCNTL1_IARB) {
1707 BADF("Immediate Arbritration not implemented\n");
1708 }
1709 if (val & LSI_SCNTL1_RST) {
1710 if (!(s->sstat0 & LSI_SSTAT0_RST)) {
1711 ;//qbus_reset_all(&s->bus.qbus);
1712 s->sstat0 |= LSI_SSTAT0_RST;
1713 lsi_script_scsi_interrupt(s, LSI_SIST0_RST, 0);
1714 }
1715 } else {
1716 s->sstat0 &= ~LSI_SSTAT0_RST;
1717 }
1718 break;
1719 case 0x02: /* SCNTL2 */
1720 val &= ~(LSI_SCNTL2_WSR | LSI_SCNTL2_WSS);
1721 s->scntl2 = val;
1722 break;
1723 case 0x03: /* SCNTL3 */
1724 s->scntl3 = val;
1725 break;
1726 case 0x04: /* SCID */
1727 s->scid = val;
1728 break;
1729 case 0x05: /* SXFER */
1730 s->sxfer = val;
1731 break;
1732 case 0x06: /* SDID */
1733 if ((s->ssid & 0x80) && (val & 0xf) != (s->ssid & 0xf)) {
1734 BADF("Destination ID does not match SSID\n");
1735 }
1736 s->sdid = val & 0xf;
1737 break;
1738 case 0x07: /* GPREG0 */
1739 break;
1740 case 0x08: /* SFBR */
1741 /* The CPU is not allowed to write to this register. However the
1742 SCRIPTS register move instructions are. */
1743 s->sfbr = val;
1744 break;
1745 case 0x0a: case 0x0b:
1746 /* Openserver writes to these readonly registers on startup */
1747 return;
1748 case 0x0c: case 0x0d: case 0x0e: case 0x0f:
1749 /* Linux writes to these readonly registers on startup. */
1750 return;
1751 CASE_SET_REG32(dsa, 0x10)
1752 case 0x14: /* ISTAT0 */
1753 s->istat0 = (s->istat0 & 0x0f) | (val & 0xf0);
1754 if ((val & LSI_ISTAT0_ABRT) && !(val & LSI_ISTAT0_SRST)) {
1755 lsi_script_dma_interrupt(s, LSI_DSTAT_ABRT);
1756 }
1757 if (val & LSI_ISTAT0_INTF) {
1758 s->istat0 &= ~LSI_ISTAT0_INTF;
1759 lsi_update_irq(s);
1760 }
1761 if (s->waiting == 1 && val & LSI_ISTAT0_SIGP) {
1762 DPRINTF("Woken by SIGP\n");
1763 s->waiting = 0;
1764 s->dsp = s->dnad;
1765 lsi_execute_script(s);
1766 }
1767 if (val & LSI_ISTAT0_SRST) {
1768 do_irq(s, 0);
1769 lsi_soft_reset(s);
1770 ;//qdev_reset_all(DEVICE(s));
1771 }
1772 break;
1773 case 0x16: /* MBOX0 */
1774 s->mbox0 = val;
1775 break;
1776 case 0x17: /* MBOX1 */
1777 s->mbox1 = val;
1778 break;
1779 case 0x18: /* CTEST0 */
1780 /* nothing to do */
1781 break;
1782 case 0x19: /* CTEST1 */
1783 /* nothing to do */
1784 break;
1785 case 0x1a: /* CTEST2 */
1786 s->ctest2 = val & LSI_CTEST2_PCICIE;
1787 break;
1788 case 0x1b: /* CTEST3 */
1789 s->ctest3 = val & 0x0f;
1790 break;
1791 CASE_SET_REG32(temp, 0x1c)
1792 case 0x21: /* CTEST4 */
1793 if (val & 7) {
1794 BADF("Unimplemented CTEST4-FBL 0x%x\n", val);
1795 }
1796 s->ctest4 = val;
1797 break;
1798 case 0x22: /* CTEST5 */
1799 if (val & (LSI_CTEST5_ADCK | LSI_CTEST5_BBCK)) {
1800 BADF("CTEST5 DMA increment not implemented\n");
1801 }
1802 s->ctest5 = val;
1803 break;
1804 CASE_SET_REG24(dbc, 0x24)
1805 CASE_SET_REG32(dnad, 0x28)
1806 case 0x2c: /* DSP[0:7] */
1807 s->dsp &= 0xffffff00;
1808 s->dsp |= val;
1809 break;
1810 case 0x2d: /* DSP[8:15] */
1811 s->dsp &= 0xffff00ff;
1812 s->dsp |= val << 8;
1813 break;
1814 case 0x2e: /* DSP[16:23] */
1815 s->dsp &= 0xff00ffff;
1816 s->dsp |= val << 16;
1817 break;
1818 case 0x2f: /* DSP[24:31] */
1819 s->dsp &= 0x00ffffff;
1820 s->dsp |= val << 24;
1821 if ((s->dmode & LSI_DMODE_MAN) == 0
1822 && (s->istat1 & LSI_ISTAT1_SRUN) == 0)
1823 lsi_execute_script(s);
1824 break;
1825 CASE_SET_REG32(dsps, 0x30)
1826 CASE_SET_REG32(scratch[0], 0x34)
1827 case 0x38: /* DMODE */
1828 if (val & (LSI_DMODE_SIOM | LSI_DMODE_DIOM)) {
1829 BADF("IO mappings not implemented\n");
1830 }
1831 s->dmode = val;
1832 break;
1833 case 0x39: /* DIEN */
1834 s->dien = val;
1835 lsi_update_irq(s);
1836 break;
1837 case 0x3a: /* SBR */
1838 s->sbr = val;
1839 break;
1840 case 0x3b: /* DCNTL */
1841 s->dcntl = val & ~(LSI_DCNTL_PFF | LSI_DCNTL_STD);
1842 if ((val & LSI_DCNTL_STD) && (s->istat1 & LSI_ISTAT1_SRUN) == 0)
1843 lsi_execute_script(s);
1844 break;
1845 case 0x40: /* SIEN0 */
1846 s->sien0 = val;
1847 lsi_update_irq(s);
1848 break;
1849 case 0x41: /* SIEN1 */
1850 s->sien1 = val;
1851 lsi_update_irq(s);
1852 break;
1853 case 0x47: /* GPCNTL0 */
1854 break;
1855 case 0x48: /* STIME0 */
1856 s->stime0 = val;
1857 break;
1858 case 0x49: /* STIME1 */
1859 if (val & 0xf) {
1860 DPRINTF("General purpose timer not implemented\n");
1861 /* ??? Raising the interrupt immediately seems to be sufficient
1862 to keep the FreeBSD driver happy. */
1863 lsi_script_scsi_interrupt(s, 0, LSI_SIST1_GEN);
1864 }
1865 break;
1866 case 0x4a: /* RESPID0 */
1867 s->respid0 = val;
1868 break;
1869 case 0x4b: /* RESPID1 */
1870 s->respid1 = val;
1871 break;
1872 case 0x4d: /* STEST1 */
1873 s->stest1 = val;
1874 break;
1875 case 0x4e: /* STEST2 */
1876 if (val & 1) {
1877 BADF("Low level mode not implemented\n");
1878 }
1879 s->stest2 = val;
1880 break;
1881 case 0x4f: /* STEST3 */
1882 if (val & 0x41) {
1883 BADF("SCSI FIFO test mode not implemented\n");
1884 }
1885 s->stest3 = val;
1886 break;
1887 case 0x56: /* CCNTL0 */
1888 s->ccntl0 = val;
1889 break;
1890 case 0x57: /* CCNTL1 */
1891 s->ccntl1 = val;
1892 break;
1893 CASE_SET_REG32(mmrs, 0xa0)
1894 CASE_SET_REG32(mmws, 0xa4)
1895 CASE_SET_REG32(sfs, 0xa8)
1896 CASE_SET_REG32(drs, 0xac)
1897 CASE_SET_REG32(sbms, 0xb0)
1898 CASE_SET_REG32(dbms, 0xb4)
1899 CASE_SET_REG32(dnad64, 0xb8)
1900 CASE_SET_REG32(pmjad1, 0xc0)
1901 CASE_SET_REG32(pmjad2, 0xc4)
1902 CASE_SET_REG32(rbc, 0xc8)
1903 CASE_SET_REG32(ua, 0xcc)
1904 CASE_SET_REG32(ia, 0xd4)
1905 CASE_SET_REG32(sbc, 0xd8)
1906 CASE_SET_REG32(csbc, 0xdc)
1907 default:
1908 if (offset >= 0x5c && offset < 0xa0) {
1909 int n;
1910 int shift;
1911 n = (offset - 0x58) >> 2;
1912 shift = (offset & 3) * 8;
1913 s->scratch[n] = deposit32(s->scratch[n], shift, 8, val);
1914 } else {
1915 BADF("Unhandled writeb 0x%x = 0x%x\n", offset, val);
1916 }
1917 }
1918 #undef CASE_SET_REG24
1919 #undef CASE_SET_REG32
1920 }
1921
lsi_mmio_write(void * opaque,hwaddr addr,uint64_t val,unsigned size)1922 void lsi_mmio_write(void *opaque, hwaddr addr,
1923 uint64_t val, unsigned size)
1924 {
1925 LSIState *s = (LSIState*)opaque;
1926
1927 lsi_reg_writeb(s, addr & 0xff, val);
1928 }
1929
lsi_mmio_read(void * opaque,hwaddr addr,unsigned size)1930 uint64_t lsi_mmio_read(void *opaque, hwaddr addr,
1931 unsigned size)
1932 {
1933 LSIState *s = (LSIState*)opaque;
1934
1935 return lsi_reg_readb(s, addr & 0xff);
1936 }
1937
1938 #if 0
1939 static const MemoryRegionOps lsi_mmio_ops = {
1940 .read = lsi_mmio_read,
1941 .write = lsi_mmio_write,
1942 .endianness = DEVICE_NATIVE_ENDIAN,
1943 .impl = {
1944 .min_access_size = 1,
1945 .max_access_size = 1,
1946 },
1947 };
1948
1949 static void lsi_ram_write(void *opaque, hwaddr addr,
1950 uint64_t val, unsigned size)
1951 {
1952 LSIState *s = opaque;
1953 uint32_t newval;
1954 uint32_t mask;
1955 int shift;
1956
1957 newval = s->script_ram[addr >> 2];
1958 shift = (addr & 3) * 8;
1959 mask = ((uint64_t)1 << (size * 8)) - 1;
1960 newval &= ~(mask << shift);
1961 newval |= val << shift;
1962 s->script_ram[addr >> 2] = newval;
1963 }
1964
1965 static uint64_t lsi_ram_read(void *opaque, hwaddr addr,
1966 unsigned size)
1967 {
1968 LSIState *s = opaque;
1969 uint32_t val;
1970 uint32_t mask;
1971
1972 val = s->script_ram[addr >> 2];
1973 mask = ((uint64_t)1 << (size * 8)) - 1;
1974 val >>= (addr & 3) * 8;
1975 return val & mask;
1976 }
1977
1978 static const MemoryRegionOps lsi_ram_ops = {
1979 .read = lsi_ram_read,
1980 .write = lsi_ram_write,
1981 .endianness = DEVICE_NATIVE_ENDIAN,
1982 };
1983
1984 static uint64_t lsi_io_read(void *opaque, hwaddr addr,
1985 unsigned size)
1986 {
1987 LSIState *s = opaque;
1988 return lsi_reg_readb(s, addr & 0xff);
1989 }
1990
1991 static void lsi_io_write(void *opaque, hwaddr addr,
1992 uint64_t val, unsigned size)
1993 {
1994 LSIState *s = opaque;
1995 lsi_reg_writeb(s, addr & 0xff, val);
1996 }
1997
1998 static const MemoryRegionOps lsi_io_ops = {
1999 .read = lsi_io_read,
2000 .write = lsi_io_write,
2001 .endianness = DEVICE_NATIVE_ENDIAN,
2002 .impl = {
2003 .min_access_size = 1,
2004 .max_access_size = 1,
2005 },
2006 };
2007 #endif
2008
lsi_scsi_reset(DeviceState * dev,void * privdata)2009 void lsi_scsi_reset(DeviceState *dev, void *privdata)
2010 {
2011 LSIState *s = LSI53C895A(dev);
2012
2013 lsi_soft_reset(s);
2014 s->bus.privdata = privdata;
2015 s->chip_rev = 0x20;
2016 }
2017
lsi_scsi_init(DeviceState * dev)2018 void lsi_scsi_init(DeviceState *dev)
2019 {
2020 dev->lsistate = calloc (sizeof(LSIState), 1);
2021 }
2022
2023 #if 0
2024 static void lsi_pre_save(void *opaque)
2025 {
2026 LSIState *s = opaque;
2027
2028 if (s->current) {
2029 assert(s->current->dma_buf == NULL);
2030 assert(s->current->dma_len == 0);
2031 }
2032 assert(QTAILQ_EMPTY(&s->queue));
2033 }
2034
2035 static const VMStateDescription vmstate_lsi_scsi = {
2036 .name = "lsiscsi",
2037 .version_id = 0,
2038 .minimum_version_id = 0,
2039 .minimum_version_id_old = 0,
2040 .pre_save = lsi_pre_save,
2041 .fields = (VMStateField []) {
2042 VMSTATE_PCI_DEVICE(parent_obj, LSIState),
2043
2044 VMSTATE_INT32(carry, LSIState),
2045 VMSTATE_INT32(status, LSIState),
2046 VMSTATE_INT32(msg_action, LSIState),
2047 VMSTATE_INT32(msg_len, LSIState),
2048 VMSTATE_BUFFER(msg, LSIState),
2049 VMSTATE_INT32(waiting, LSIState),
2050
2051 VMSTATE_UINT32(dsa, LSIState),
2052 VMSTATE_UINT32(temp, LSIState),
2053 VMSTATE_UINT32(dnad, LSIState),
2054 VMSTATE_UINT32(dbc, LSIState),
2055 VMSTATE_UINT8(istat0, LSIState),
2056 VMSTATE_UINT8(istat1, LSIState),
2057 VMSTATE_UINT8(dcmd, LSIState),
2058 VMSTATE_UINT8(dstat, LSIState),
2059 VMSTATE_UINT8(dien, LSIState),
2060 VMSTATE_UINT8(sist0, LSIState),
2061 VMSTATE_UINT8(sist1, LSIState),
2062 VMSTATE_UINT8(sien0, LSIState),
2063 VMSTATE_UINT8(sien1, LSIState),
2064 VMSTATE_UINT8(mbox0, LSIState),
2065 VMSTATE_UINT8(mbox1, LSIState),
2066 VMSTATE_UINT8(dfifo, LSIState),
2067 VMSTATE_UINT8(ctest2, LSIState),
2068 VMSTATE_UINT8(ctest3, LSIState),
2069 VMSTATE_UINT8(ctest4, LSIState),
2070 VMSTATE_UINT8(ctest5, LSIState),
2071 VMSTATE_UINT8(ccntl0, LSIState),
2072 VMSTATE_UINT8(ccntl1, LSIState),
2073 VMSTATE_UINT32(dsp, LSIState),
2074 VMSTATE_UINT32(dsps, LSIState),
2075 VMSTATE_UINT8(dmode, LSIState),
2076 VMSTATE_UINT8(dcntl, LSIState),
2077 VMSTATE_UINT8(scntl0, LSIState),
2078 VMSTATE_UINT8(scntl1, LSIState),
2079 VMSTATE_UINT8(scntl2, LSIState),
2080 VMSTATE_UINT8(scntl3, LSIState),
2081 VMSTATE_UINT8(sstat0, LSIState),
2082 VMSTATE_UINT8(sstat1, LSIState),
2083 VMSTATE_UINT8(scid, LSIState),
2084 VMSTATE_UINT8(sxfer, LSIState),
2085 VMSTATE_UINT8(socl, LSIState),
2086 VMSTATE_UINT8(sdid, LSIState),
2087 VMSTATE_UINT8(ssid, LSIState),
2088 VMSTATE_UINT8(sfbr, LSIState),
2089 VMSTATE_UINT8(stest1, LSIState),
2090 VMSTATE_UINT8(stest2, LSIState),
2091 VMSTATE_UINT8(stest3, LSIState),
2092 VMSTATE_UINT8(sidl, LSIState),
2093 VMSTATE_UINT8(stime0, LSIState),
2094 VMSTATE_UINT8(respid0, LSIState),
2095 VMSTATE_UINT8(respid1, LSIState),
2096 VMSTATE_UINT32(mmrs, LSIState),
2097 VMSTATE_UINT32(mmws, LSIState),
2098 VMSTATE_UINT32(sfs, LSIState),
2099 VMSTATE_UINT32(drs, LSIState),
2100 VMSTATE_UINT32(sbms, LSIState),
2101 VMSTATE_UINT32(dbms, LSIState),
2102 VMSTATE_UINT32(dnad64, LSIState),
2103 VMSTATE_UINT32(pmjad1, LSIState),
2104 VMSTATE_UINT32(pmjad2, LSIState),
2105 VMSTATE_UINT32(rbc, LSIState),
2106 VMSTATE_UINT32(ua, LSIState),
2107 VMSTATE_UINT32(ia, LSIState),
2108 VMSTATE_UINT32(sbc, LSIState),
2109 VMSTATE_UINT32(csbc, LSIState),
2110 VMSTATE_BUFFER_UNSAFE(scratch, LSIState, 0, 18 * sizeof(uint32_t)),
2111 VMSTATE_UINT8(sbr, LSIState),
2112
2113 VMSTATE_BUFFER_UNSAFE(script_ram, LSIState, 0, 2048 * sizeof(uint32_t)),
2114 VMSTATE_END_OF_LIST()
2115 }
2116 };
2117
2118 static void lsi_scsi_uninit(PCIDevice *d)
2119 {
2120 LSIState *s = LSI53C895A(d);
2121
2122 memory_region_destroy(&s->mmio_io);
2123 memory_region_destroy(&s->ram_io);
2124 memory_region_destroy(&s->io_io);
2125 }
2126
2127 static const struct SCSIBusInfo lsi_scsi_info = {
2128 .tcq = true,
2129 .max_target = LSI_MAX_DEVS,
2130 .max_lun = 0, /* LUN support is buggy */
2131
2132 .transfer_data = lsi_transfer_data,
2133 .complete = lsi_command_complete,
2134 .cancel = lsi_request_cancelled
2135 };
2136
2137 static int lsi_scsi_init(PCIDevice *dev)
2138 {
2139 LSIState *s = LSI53C895A(dev);
2140 DeviceState *d = DEVICE(dev);
2141 uint8_t *pci_conf;
2142 Error *err = NULL;
2143
2144 pci_conf = dev->config;
2145
2146 /* PCI latency timer = 255 */
2147 pci_conf[PCI_LATENCY_TIMER] = 0xff;
2148 /* Interrupt pin A */
2149 pci_conf[PCI_INTERRUPT_PIN] = 0x01;
2150
2151 memory_region_init_io(&s->mmio_io, OBJECT(s), &lsi_mmio_ops, s,
2152 "lsi-mmio", 0x400);
2153 memory_region_init_io(&s->ram_io, OBJECT(s), &lsi_ram_ops, s,
2154 "lsi-ram", 0x2000);
2155 memory_region_init_io(&s->io_io, OBJECT(s), &lsi_io_ops, s,
2156 "lsi-io", 256);
2157
2158 pci_register_bar(dev, 0, PCI_BASE_ADDRESS_SPACE_IO, &s->io_io);
2159 pci_register_bar(dev, 1, PCI_BASE_ADDRESS_SPACE_MEMORY, &s->mmio_io);
2160 pci_register_bar(dev, 2, PCI_BASE_ADDRESS_SPACE_MEMORY, &s->ram_io);
2161 QTAILQ_INIT(&s->queue);
2162
2163 scsi_bus_new(&s->bus, sizeof(s->bus), d, &lsi_scsi_info, NULL);
2164 if (!d->hotplugged) {
2165 scsi_bus_legacy_handle_cmdline(&s->bus, &err);
2166 if (err != NULL) {
2167 error_free(err);
2168 return -1;
2169 }
2170 }
2171 return 0;
2172 }
2173
2174 static void lsi_class_init(ObjectClass *klass, void *data)
2175 {
2176 DeviceClass *dc = DEVICE_CLASS(klass);
2177 PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
2178
2179 k->init = lsi_scsi_init;
2180 k->exit = lsi_scsi_uninit;
2181 k->vendor_id = PCI_VENDOR_ID_LSI_LOGIC;
2182 k->device_id = PCI_DEVICE_ID_LSI_53C895A;
2183 k->class_id = PCI_CLASS_STORAGE_SCSI;
2184 k->subsystem_id = 0x1000;
2185 dc->reset = lsi_scsi_reset;
2186 dc->vmsd = &vmstate_lsi_scsi;
2187 set_bit(DEVICE_CATEGORY_STORAGE, dc->categories);
2188 }
2189
2190 static const TypeInfo lsi_info = {
2191 .name = TYPE_LSI53C895A,
2192 .parent = TYPE_PCI_DEVICE,
2193 .instance_size = sizeof(LSIState),
2194 .class_init = lsi_class_init,
2195 };
2196
2197 static void lsi53c810_class_init(ObjectClass *klass, void *data)
2198 {
2199 PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
2200
2201 k->device_id = PCI_DEVICE_ID_LSI_53C810;
2202 }
2203
2204 static TypeInfo lsi53c810_info = {
2205 .name = TYPE_LSI53C810,
2206 .parent = TYPE_LSI53C895A,
2207 .class_init = lsi53c810_class_init,
2208 };
2209
2210 static void lsi53c895a_register_types(void)
2211 {
2212 type_register_static(&lsi_info);
2213 type_register_static(&lsi53c810_info);
2214 }
2215
2216 type_init(lsi53c895a_register_types)
2217 #endif
2218