1 /* 2 * QEMU LSI53C895A SCSI Host Bus Adapter emulation 3 * 4 * Copyright (c) 2006 CodeSourcery. 5 * Written by Paul Brook 6 * 7 * This code is licensed under the LGPL. 8 */ 9 10 /* Note: 11 * LSI53C810 emulation is incorrect, in the sense that it supports 12 * features added in later evolutions. This should not be a problem, 13 * as well-behaved operating systems will not try to use them. 14 */ 15 16 #include "qemu/osdep.h" 17 18 #include "hw/irq.h" 19 #include "hw/pci/pci_device.h" 20 #include "hw/scsi/scsi.h" 21 #include "migration/vmstate.h" 22 #include "sysemu/dma.h" 23 #include "qemu/log.h" 24 #include "qemu/module.h" 25 #include "trace.h" 26 #include "qom/object.h" 27 28 static const char *names[] = { 29 "SCNTL0", "SCNTL1", "SCNTL2", "SCNTL3", "SCID", "SXFER", "SDID", "GPREG", 30 "SFBR", "SOCL", "SSID", "SBCL", "DSTAT", "SSTAT0", "SSTAT1", "SSTAT2", 31 "DSA0", "DSA1", "DSA2", "DSA3", "ISTAT", "0x15", "0x16", "0x17", 32 "CTEST0", "CTEST1", "CTEST2", "CTEST3", "TEMP0", "TEMP1", "TEMP2", "TEMP3", 33 "DFIFO", "CTEST4", "CTEST5", "CTEST6", "DBC0", "DBC1", "DBC2", "DCMD", 34 "DNAD0", "DNAD1", "DNAD2", "DNAD3", "DSP0", "DSP1", "DSP2", "DSP3", 35 "DSPS0", "DSPS1", "DSPS2", "DSPS3", "SCRATCHA0", "SCRATCHA1", "SCRATCHA2", "SCRATCHA3", 36 "DMODE", "DIEN", "SBR", "DCNTL", "ADDER0", "ADDER1", "ADDER2", "ADDER3", 37 "SIEN0", "SIEN1", "SIST0", "SIST1", "SLPAR", "0x45", "MACNTL", "GPCNTL", 38 "STIME0", "STIME1", "RESPID", "0x4b", "STEST0", "STEST1", "STEST2", "STEST3", 39 "SIDL", "0x51", "0x52", "0x53", "SODL", "0x55", "0x56", "0x57", 40 "SBDL", "0x59", "0x5a", "0x5b", "SCRATCHB0", "SCRATCHB1", "SCRATCHB2", "SCRATCHB3", 41 }; 42 43 #define LSI_MAX_DEVS 7 44 45 #define LSI_SCNTL0_TRG 0x01 46 #define LSI_SCNTL0_AAP 0x02 47 #define LSI_SCNTL0_EPC 0x08 48 #define LSI_SCNTL0_WATN 0x10 49 #define LSI_SCNTL0_START 0x20 50 51 #define LSI_SCNTL1_SST 0x01 52 #define LSI_SCNTL1_IARB 0x02 53 #define LSI_SCNTL1_AESP 0x04 54 #define LSI_SCNTL1_RST 0x08 55 #define LSI_SCNTL1_CON 0x10 56 #define LSI_SCNTL1_DHP 0x20 57 #define LSI_SCNTL1_ADB 0x40 58 #define LSI_SCNTL1_EXC 0x80 59 60 #define LSI_SCNTL2_WSR 0x01 61 #define LSI_SCNTL2_VUE0 0x02 62 #define LSI_SCNTL2_VUE1 0x04 63 #define LSI_SCNTL2_WSS 0x08 64 #define LSI_SCNTL2_SLPHBEN 0x10 65 #define LSI_SCNTL2_SLPMD 0x20 66 #define LSI_SCNTL2_CHM 0x40 67 #define LSI_SCNTL2_SDU 0x80 68 69 #define LSI_ISTAT0_DIP 0x01 70 #define LSI_ISTAT0_SIP 0x02 71 #define LSI_ISTAT0_INTF 0x04 72 #define LSI_ISTAT0_CON 0x08 73 #define LSI_ISTAT0_SEM 0x10 74 #define LSI_ISTAT0_SIGP 0x20 75 #define LSI_ISTAT0_SRST 0x40 76 #define LSI_ISTAT0_ABRT 0x80 77 78 #define LSI_ISTAT1_SI 0x01 79 #define LSI_ISTAT1_SRUN 0x02 80 #define LSI_ISTAT1_FLSH 0x04 81 82 #define LSI_SSTAT0_SDP0 0x01 83 #define LSI_SSTAT0_RST 0x02 84 #define LSI_SSTAT0_WOA 0x04 85 #define LSI_SSTAT0_LOA 0x08 86 #define LSI_SSTAT0_AIP 0x10 87 #define LSI_SSTAT0_OLF 0x20 88 #define LSI_SSTAT0_ORF 0x40 89 #define LSI_SSTAT0_ILF 0x80 90 91 #define LSI_SIST0_PAR 0x01 92 #define LSI_SIST0_RST 0x02 93 #define LSI_SIST0_UDC 0x04 94 #define LSI_SIST0_SGE 0x08 95 #define LSI_SIST0_RSL 0x10 96 #define LSI_SIST0_SEL 0x20 97 #define LSI_SIST0_CMP 0x40 98 #define LSI_SIST0_MA 0x80 99 100 #define LSI_SIST1_HTH 0x01 101 #define LSI_SIST1_GEN 0x02 102 #define LSI_SIST1_STO 0x04 103 #define LSI_SIST1_SBMC 0x10 104 105 #define LSI_SOCL_IO 0x01 106 #define LSI_SOCL_CD 0x02 107 #define LSI_SOCL_MSG 0x04 108 #define LSI_SOCL_ATN 0x08 109 #define LSI_SOCL_SEL 0x10 110 #define LSI_SOCL_BSY 0x20 111 #define LSI_SOCL_ACK 0x40 112 #define LSI_SOCL_REQ 0x80 113 114 #define LSI_DSTAT_IID 0x01 115 #define LSI_DSTAT_SIR 0x04 116 #define LSI_DSTAT_SSI 0x08 117 #define LSI_DSTAT_ABRT 0x10 118 #define LSI_DSTAT_BF 0x20 119 #define LSI_DSTAT_MDPE 0x40 120 #define LSI_DSTAT_DFE 0x80 121 122 #define LSI_DCNTL_COM 0x01 123 #define LSI_DCNTL_IRQD 0x02 124 #define LSI_DCNTL_STD 0x04 125 #define LSI_DCNTL_IRQM 0x08 126 #define LSI_DCNTL_SSM 0x10 127 #define LSI_DCNTL_PFEN 0x20 128 #define LSI_DCNTL_PFF 0x40 129 #define LSI_DCNTL_CLSE 0x80 130 131 #define LSI_DMODE_MAN 0x01 132 #define LSI_DMODE_BOF 0x02 133 #define LSI_DMODE_ERMP 0x04 134 #define LSI_DMODE_ERL 0x08 135 #define LSI_DMODE_DIOM 0x10 136 #define LSI_DMODE_SIOM 0x20 137 138 #define LSI_CTEST2_DACK 0x01 139 #define LSI_CTEST2_DREQ 0x02 140 #define LSI_CTEST2_TEOP 0x04 141 #define LSI_CTEST2_PCICIE 0x08 142 #define LSI_CTEST2_CM 0x10 143 #define LSI_CTEST2_CIO 0x20 144 #define LSI_CTEST2_SIGP 0x40 145 #define LSI_CTEST2_DDIR 0x80 146 147 #define LSI_CTEST5_BL2 0x04 148 #define LSI_CTEST5_DDIR 0x08 149 #define LSI_CTEST5_MASR 0x10 150 #define LSI_CTEST5_DFSN 0x20 151 #define LSI_CTEST5_BBCK 0x40 152 #define LSI_CTEST5_ADCK 0x80 153 154 #define LSI_CCNTL0_DILS 0x01 155 #define LSI_CCNTL0_DISFC 0x10 156 #define LSI_CCNTL0_ENNDJ 0x20 157 #define LSI_CCNTL0_PMJCTL 0x40 158 #define LSI_CCNTL0_ENPMJ 0x80 159 160 #define LSI_CCNTL1_EN64DBMV 0x01 161 #define LSI_CCNTL1_EN64TIBMV 0x02 162 #define LSI_CCNTL1_64TIMOD 0x04 163 #define LSI_CCNTL1_DDAC 0x08 164 #define LSI_CCNTL1_ZMOD 0x80 165 166 #define LSI_SBCL_ATN 0x08 167 #define LSI_SBCL_BSY 0x20 168 #define LSI_SBCL_ACK 0x40 169 #define LSI_SBCL_REQ 0x80 170 171 /* Enable Response to Reselection */ 172 #define LSI_SCID_RRE 0x60 173 174 #define LSI_CCNTL1_40BIT (LSI_CCNTL1_EN64TIBMV|LSI_CCNTL1_64TIMOD) 175 176 #define PHASE_DO 0 177 #define PHASE_DI 1 178 #define PHASE_CMD 2 179 #define PHASE_ST 3 180 #define PHASE_MO 6 181 #define PHASE_MI 7 182 #define PHASE_MASK 7 183 184 /* Maximum length of MSG IN data. */ 185 #define LSI_MAX_MSGIN_LEN 8 186 187 /* Flag set if this is a tagged command. */ 188 #define LSI_TAG_VALID (1 << 16) 189 190 /* Maximum instructions to process. */ 191 #define LSI_MAX_INSN 10000 192 193 typedef struct lsi_request { 194 SCSIRequest *req; 195 uint32_t tag; 196 uint32_t dma_len; 197 uint8_t *dma_buf; 198 uint32_t pending; 199 int out; 200 QTAILQ_ENTRY(lsi_request) next; 201 } lsi_request; 202 203 enum { 204 LSI_NOWAIT, /* SCRIPTS are running or stopped */ 205 LSI_WAIT_RESELECT, /* Wait Reselect instruction has been issued */ 206 LSI_DMA_SCRIPTS, /* processing DMA from lsi_execute_script */ 207 LSI_DMA_IN_PROGRESS, /* DMA operation is in progress */ 208 }; 209 210 enum { 211 LSI_MSG_ACTION_COMMAND = 0, 212 LSI_MSG_ACTION_DISCONNECT = 1, 213 LSI_MSG_ACTION_DOUT = 2, 214 LSI_MSG_ACTION_DIN = 3, 215 }; 216 217 struct LSIState { 218 /*< private >*/ 219 PCIDevice parent_obj; 220 /*< public >*/ 221 222 qemu_irq ext_irq; 223 MemoryRegion mmio_io; 224 MemoryRegion ram_io; 225 MemoryRegion io_io; 226 AddressSpace pci_io_as; 227 228 int carry; /* ??? Should this be an a visible register somewhere? */ 229 int status; 230 int msg_action; 231 int msg_len; 232 uint8_t msg[LSI_MAX_MSGIN_LEN]; 233 int waiting; 234 SCSIBus bus; 235 int current_lun; 236 /* The tag is a combination of the device ID and the SCSI tag. */ 237 uint32_t select_tag; 238 int command_complete; 239 QTAILQ_HEAD(, lsi_request) queue; 240 lsi_request *current; 241 242 uint32_t dsa; 243 uint32_t temp; 244 uint32_t dnad; 245 uint32_t dbc; 246 uint8_t istat0; 247 uint8_t istat1; 248 uint8_t dcmd; 249 uint8_t dstat; 250 uint8_t dien; 251 uint8_t sist0; 252 uint8_t sist1; 253 uint8_t sien0; 254 uint8_t sien1; 255 uint8_t mbox0; 256 uint8_t mbox1; 257 uint8_t dfifo; 258 uint8_t ctest2; 259 uint8_t ctest3; 260 uint8_t ctest4; 261 uint8_t ctest5; 262 uint8_t ccntl0; 263 uint8_t ccntl1; 264 uint32_t dsp; 265 uint32_t dsps; 266 uint8_t dmode; 267 uint8_t dcntl; 268 uint8_t scntl0; 269 uint8_t scntl1; 270 uint8_t scntl2; 271 uint8_t scntl3; 272 uint8_t sstat0; 273 uint8_t sstat1; 274 uint8_t scid; 275 uint8_t sxfer; 276 uint8_t socl; 277 uint8_t sdid; 278 uint8_t ssid; 279 uint8_t sfbr; 280 uint8_t sbcl; 281 uint8_t stest1; 282 uint8_t stest2; 283 uint8_t stest3; 284 uint8_t sidl; 285 uint8_t stime0; 286 uint8_t respid0; 287 uint8_t respid1; 288 uint32_t mmrs; 289 uint32_t mmws; 290 uint32_t sfs; 291 uint32_t drs; 292 uint32_t sbms; 293 uint32_t dbms; 294 uint32_t dnad64; 295 uint32_t pmjad1; 296 uint32_t pmjad2; 297 uint32_t rbc; 298 uint32_t ua; 299 uint32_t ia; 300 uint32_t sbc; 301 uint32_t csbc; 302 uint32_t scratch[18]; /* SCRATCHA-SCRATCHR */ 303 uint8_t sbr; 304 uint32_t adder; 305 306 uint8_t script_ram[2048 * sizeof(uint32_t)]; 307 }; 308 309 #define TYPE_LSI53C810 "lsi53c810" 310 #define TYPE_LSI53C895A "lsi53c895a" 311 312 OBJECT_DECLARE_SIMPLE_TYPE(LSIState, LSI53C895A) 313 314 static const char *scsi_phases[] = { 315 "DOUT", 316 "DIN", 317 "CMD", 318 "STATUS", 319 "RSVOUT", 320 "RSVIN", 321 "MSGOUT", 322 "MSGIN" 323 }; 324 325 static const char *scsi_phase_name(int phase) 326 { 327 return scsi_phases[phase & PHASE_MASK]; 328 } 329 330 static inline int lsi_irq_on_rsl(LSIState *s) 331 { 332 return (s->sien0 & LSI_SIST0_RSL) && (s->scid & LSI_SCID_RRE); 333 } 334 335 static lsi_request *get_pending_req(LSIState *s) 336 { 337 lsi_request *p; 338 339 QTAILQ_FOREACH(p, &s->queue, next) { 340 if (p->pending) { 341 return p; 342 } 343 } 344 return NULL; 345 } 346 347 static void lsi_soft_reset(LSIState *s) 348 { 349 trace_lsi_reset(); 350 s->carry = 0; 351 352 s->msg_action = LSI_MSG_ACTION_COMMAND; 353 s->msg_len = 0; 354 s->waiting = LSI_NOWAIT; 355 s->dsa = 0; 356 s->dnad = 0; 357 s->dbc = 0; 358 s->temp = 0; 359 memset(s->scratch, 0, sizeof(s->scratch)); 360 s->istat0 = 0; 361 s->istat1 = 0; 362 s->dcmd = 0x40; 363 s->dstat = 0; 364 s->dien = 0; 365 s->sist0 = 0; 366 s->sist1 = 0; 367 s->sien0 = 0; 368 s->sien1 = 0; 369 s->mbox0 = 0; 370 s->mbox1 = 0; 371 s->dfifo = 0; 372 s->ctest2 = LSI_CTEST2_DACK; 373 s->ctest3 = 0; 374 s->ctest4 = 0; 375 s->ctest5 = 0; 376 s->ccntl0 = 0; 377 s->ccntl1 = 0; 378 s->dsp = 0; 379 s->dsps = 0; 380 s->dmode = 0; 381 s->dcntl = 0; 382 s->scntl0 = 0xc0; 383 s->scntl1 = 0; 384 s->scntl2 = 0; 385 s->scntl3 = 0; 386 s->sstat0 = 0; 387 s->sstat1 = 0; 388 s->scid = 7; 389 s->sxfer = 0; 390 s->socl = 0; 391 s->sdid = 0; 392 s->ssid = 0; 393 s->sbcl = 0; 394 s->stest1 = 0; 395 s->stest2 = 0; 396 s->stest3 = 0; 397 s->sidl = 0; 398 s->stime0 = 0; 399 s->respid0 = 0x80; 400 s->respid1 = 0; 401 s->mmrs = 0; 402 s->mmws = 0; 403 s->sfs = 0; 404 s->drs = 0; 405 s->sbms = 0; 406 s->dbms = 0; 407 s->dnad64 = 0; 408 s->pmjad1 = 0; 409 s->pmjad2 = 0; 410 s->rbc = 0; 411 s->ua = 0; 412 s->ia = 0; 413 s->sbc = 0; 414 s->csbc = 0; 415 s->sbr = 0; 416 assert(QTAILQ_EMPTY(&s->queue)); 417 assert(!s->current); 418 } 419 420 static int lsi_dma_40bit(LSIState *s) 421 { 422 if ((s->ccntl1 & LSI_CCNTL1_40BIT) == LSI_CCNTL1_40BIT) 423 return 1; 424 return 0; 425 } 426 427 static int lsi_dma_ti64bit(LSIState *s) 428 { 429 if ((s->ccntl1 & LSI_CCNTL1_EN64TIBMV) == LSI_CCNTL1_EN64TIBMV) 430 return 1; 431 return 0; 432 } 433 434 static int lsi_dma_64bit(LSIState *s) 435 { 436 if ((s->ccntl1 & LSI_CCNTL1_EN64DBMV) == LSI_CCNTL1_EN64DBMV) 437 return 1; 438 return 0; 439 } 440 441 static uint8_t lsi_reg_readb(LSIState *s, int offset); 442 static void lsi_reg_writeb(LSIState *s, int offset, uint8_t val); 443 static void lsi_execute_script(LSIState *s); 444 static void lsi_reselect(LSIState *s, lsi_request *p); 445 446 static inline void lsi_mem_read(LSIState *s, dma_addr_t addr, 447 void *buf, dma_addr_t len) 448 { 449 if (s->dmode & LSI_DMODE_SIOM) { 450 address_space_read(&s->pci_io_as, addr, MEMTXATTRS_UNSPECIFIED, 451 buf, len); 452 } else { 453 pci_dma_read(PCI_DEVICE(s), addr, buf, len); 454 } 455 } 456 457 static inline void lsi_mem_write(LSIState *s, dma_addr_t addr, 458 const void *buf, dma_addr_t len) 459 { 460 if (s->dmode & LSI_DMODE_DIOM) { 461 address_space_write(&s->pci_io_as, addr, MEMTXATTRS_UNSPECIFIED, 462 buf, len); 463 } else { 464 pci_dma_write(PCI_DEVICE(s), addr, buf, len); 465 } 466 } 467 468 static inline uint32_t read_dword(LSIState *s, uint32_t addr) 469 { 470 uint32_t buf; 471 472 pci_dma_read(PCI_DEVICE(s), addr, &buf, 4); 473 return cpu_to_le32(buf); 474 } 475 476 static void lsi_stop_script(LSIState *s) 477 { 478 s->istat1 &= ~LSI_ISTAT1_SRUN; 479 } 480 481 static void lsi_set_irq(LSIState *s, int level) 482 { 483 PCIDevice *d = PCI_DEVICE(s); 484 485 if (s->ext_irq) { 486 qemu_set_irq(s->ext_irq, level); 487 } else { 488 pci_set_irq(d, level); 489 } 490 } 491 492 static void lsi_update_irq(LSIState *s) 493 { 494 int level; 495 static int last_level; 496 497 /* It's unclear whether the DIP/SIP bits should be cleared when the 498 Interrupt Status Registers are cleared or when istat0 is read. 499 We currently do the formwer, which seems to work. */ 500 level = 0; 501 if (s->dstat) { 502 if (s->dstat & s->dien) 503 level = 1; 504 s->istat0 |= LSI_ISTAT0_DIP; 505 } else { 506 s->istat0 &= ~LSI_ISTAT0_DIP; 507 } 508 509 if (s->sist0 || s->sist1) { 510 if ((s->sist0 & s->sien0) || (s->sist1 & s->sien1)) 511 level = 1; 512 s->istat0 |= LSI_ISTAT0_SIP; 513 } else { 514 s->istat0 &= ~LSI_ISTAT0_SIP; 515 } 516 if (s->istat0 & LSI_ISTAT0_INTF) 517 level = 1; 518 519 if (level != last_level) { 520 trace_lsi_update_irq(level, s->dstat, s->sist1, s->sist0); 521 last_level = level; 522 } 523 lsi_set_irq(s, level); 524 525 if (!s->current && !level && lsi_irq_on_rsl(s) && !(s->scntl1 & LSI_SCNTL1_CON)) { 526 lsi_request *p; 527 528 trace_lsi_update_irq_disconnected(); 529 p = get_pending_req(s); 530 if (p) { 531 lsi_reselect(s, p); 532 } 533 } 534 } 535 536 /* Stop SCRIPTS execution and raise a SCSI interrupt. */ 537 static void lsi_script_scsi_interrupt(LSIState *s, int stat0, int stat1) 538 { 539 uint32_t mask0; 540 uint32_t mask1; 541 542 trace_lsi_script_scsi_interrupt(stat1, stat0, s->sist1, s->sist0); 543 s->sist0 |= stat0; 544 s->sist1 |= stat1; 545 /* Stop processor on fatal or unmasked interrupt. As a special hack 546 we don't stop processing when raising STO. Instead continue 547 execution and stop at the next insn that accesses the SCSI bus. */ 548 mask0 = s->sien0 | ~(LSI_SIST0_CMP | LSI_SIST0_SEL | LSI_SIST0_RSL); 549 mask1 = s->sien1 | ~(LSI_SIST1_GEN | LSI_SIST1_HTH); 550 mask1 &= ~LSI_SIST1_STO; 551 if (s->sist0 & mask0 || s->sist1 & mask1) { 552 lsi_stop_script(s); 553 } 554 lsi_update_irq(s); 555 } 556 557 /* Stop SCRIPTS execution and raise a DMA interrupt. */ 558 static void lsi_script_dma_interrupt(LSIState *s, int stat) 559 { 560 trace_lsi_script_dma_interrupt(stat, s->dstat); 561 s->dstat |= stat; 562 lsi_update_irq(s); 563 lsi_stop_script(s); 564 } 565 566 static inline void lsi_set_phase(LSIState *s, int phase) 567 { 568 s->sbcl &= ~PHASE_MASK; 569 s->sbcl |= phase | LSI_SBCL_REQ; 570 s->sstat1 = (s->sstat1 & ~PHASE_MASK) | phase; 571 } 572 573 static void lsi_bad_phase(LSIState *s, int out, int new_phase) 574 { 575 /* Trigger a phase mismatch. */ 576 if (s->ccntl0 & LSI_CCNTL0_ENPMJ) { 577 if ((s->ccntl0 & LSI_CCNTL0_PMJCTL)) { 578 s->dsp = out ? s->pmjad1 : s->pmjad2; 579 } else { 580 s->dsp = (s->scntl2 & LSI_SCNTL2_WSR ? s->pmjad2 : s->pmjad1); 581 } 582 trace_lsi_bad_phase_jump(s->dsp); 583 } else { 584 trace_lsi_bad_phase_interrupt(); 585 lsi_script_scsi_interrupt(s, LSI_SIST0_MA, 0); 586 lsi_stop_script(s); 587 } 588 lsi_set_phase(s, new_phase); 589 } 590 591 592 /* Resume SCRIPTS execution after a DMA operation. */ 593 static void lsi_resume_script(LSIState *s) 594 { 595 if (s->waiting != 2) { 596 s->waiting = LSI_NOWAIT; 597 lsi_execute_script(s); 598 } else { 599 s->waiting = LSI_NOWAIT; 600 } 601 } 602 603 static void lsi_disconnect(LSIState *s) 604 { 605 s->scntl1 &= ~LSI_SCNTL1_CON; 606 s->sstat1 &= ~PHASE_MASK; 607 s->sbcl = 0; 608 } 609 610 static void lsi_bad_selection(LSIState *s, uint32_t id) 611 { 612 trace_lsi_bad_selection(id); 613 lsi_script_scsi_interrupt(s, 0, LSI_SIST1_STO); 614 lsi_disconnect(s); 615 } 616 617 /* Initiate a SCSI layer data transfer. */ 618 static void lsi_do_dma(LSIState *s, int out) 619 { 620 uint32_t count; 621 dma_addr_t addr; 622 SCSIDevice *dev; 623 624 if (!s->current || !s->current->dma_len) { 625 /* Wait until data is available. */ 626 trace_lsi_do_dma_unavailable(); 627 return; 628 } 629 630 dev = s->current->req->dev; 631 assert(dev); 632 633 count = s->dbc; 634 if (count > s->current->dma_len) 635 count = s->current->dma_len; 636 637 addr = s->dnad; 638 /* both 40 and Table Indirect 64-bit DMAs store upper bits in dnad64 */ 639 if (lsi_dma_40bit(s) || lsi_dma_ti64bit(s)) 640 addr |= ((uint64_t)s->dnad64 << 32); 641 else if (s->dbms) 642 addr |= ((uint64_t)s->dbms << 32); 643 else if (s->sbms) 644 addr |= ((uint64_t)s->sbms << 32); 645 646 trace_lsi_do_dma(addr, count); 647 s->csbc += count; 648 s->dnad += count; 649 s->dbc -= count; 650 if (s->current->dma_buf == NULL) { 651 s->current->dma_buf = scsi_req_get_buf(s->current->req); 652 } 653 /* ??? Set SFBR to first data byte. */ 654 if (out) { 655 lsi_mem_read(s, addr, s->current->dma_buf, count); 656 } else { 657 lsi_mem_write(s, addr, s->current->dma_buf, count); 658 } 659 s->current->dma_len -= count; 660 if (s->current->dma_len == 0) { 661 s->current->dma_buf = NULL; 662 scsi_req_continue(s->current->req); 663 } else { 664 s->current->dma_buf += count; 665 lsi_resume_script(s); 666 } 667 } 668 669 670 /* Add a command to the queue. */ 671 static void lsi_queue_command(LSIState *s) 672 { 673 lsi_request *p = s->current; 674 675 trace_lsi_queue_command(p->tag); 676 assert(s->current != NULL); 677 assert(s->current->dma_len == 0); 678 QTAILQ_INSERT_TAIL(&s->queue, s->current, next); 679 s->current = NULL; 680 681 p->pending = 0; 682 p->out = (s->sstat1 & PHASE_MASK) == PHASE_DO; 683 } 684 685 /* Queue a byte for a MSG IN phase. */ 686 static void lsi_add_msg_byte(LSIState *s, uint8_t data) 687 { 688 if (s->msg_len >= LSI_MAX_MSGIN_LEN) { 689 trace_lsi_add_msg_byte_error(); 690 } else { 691 trace_lsi_add_msg_byte(data); 692 s->msg[s->msg_len++] = data; 693 } 694 } 695 696 /* Perform reselection to continue a command. */ 697 static void lsi_reselect(LSIState *s, lsi_request *p) 698 { 699 int id; 700 701 assert(s->current == NULL); 702 QTAILQ_REMOVE(&s->queue, p, next); 703 s->current = p; 704 705 id = (p->tag >> 8) & 0xf; 706 s->ssid = id | 0x80; 707 /* LSI53C700 Family Compatibility, see LSI53C895A 4-73 */ 708 if (!(s->dcntl & LSI_DCNTL_COM)) { 709 s->sfbr = 1 << (id & 0x7); 710 } 711 trace_lsi_reselect(id); 712 s->scntl1 |= LSI_SCNTL1_CON; 713 lsi_set_phase(s, PHASE_MI); 714 s->msg_action = p->out ? LSI_MSG_ACTION_DOUT : LSI_MSG_ACTION_DIN; 715 s->current->dma_len = p->pending; 716 lsi_add_msg_byte(s, 0x80); 717 if (s->current->tag & LSI_TAG_VALID) { 718 lsi_add_msg_byte(s, 0x20); 719 lsi_add_msg_byte(s, p->tag & 0xff); 720 } 721 722 if (lsi_irq_on_rsl(s)) { 723 lsi_script_scsi_interrupt(s, LSI_SIST0_RSL, 0); 724 } 725 } 726 727 static lsi_request *lsi_find_by_tag(LSIState *s, uint32_t tag) 728 { 729 lsi_request *p; 730 731 QTAILQ_FOREACH(p, &s->queue, next) { 732 if (p->tag == tag) { 733 return p; 734 } 735 } 736 737 return NULL; 738 } 739 740 static void lsi_request_free(LSIState *s, lsi_request *p) 741 { 742 if (p == s->current) { 743 s->current = NULL; 744 } else { 745 QTAILQ_REMOVE(&s->queue, p, next); 746 } 747 g_free(p); 748 } 749 750 static void lsi_request_cancelled(SCSIRequest *req) 751 { 752 LSIState *s = LSI53C895A(req->bus->qbus.parent); 753 lsi_request *p = req->hba_private; 754 755 req->hba_private = NULL; 756 lsi_request_free(s, p); 757 scsi_req_unref(req); 758 } 759 760 /* Record that data is available for a queued command. Returns zero if 761 the device was reselected, nonzero if the IO is deferred. */ 762 static int lsi_queue_req(LSIState *s, SCSIRequest *req, uint32_t len) 763 { 764 lsi_request *p = req->hba_private; 765 766 if (p->pending) { 767 trace_lsi_queue_req_error(p); 768 } 769 p->pending = len; 770 /* Reselect if waiting for it, or if reselection triggers an IRQ 771 and the bus is free. 772 Since no interrupt stacking is implemented in the emulation, it 773 is also required that there are no pending interrupts waiting 774 for service from the device driver. */ 775 if (s->waiting == LSI_WAIT_RESELECT || 776 (lsi_irq_on_rsl(s) && !(s->scntl1 & LSI_SCNTL1_CON) && 777 !(s->istat0 & (LSI_ISTAT0_SIP | LSI_ISTAT0_DIP)))) { 778 /* Reselect device. */ 779 lsi_reselect(s, p); 780 return 0; 781 } else { 782 trace_lsi_queue_req(p->tag); 783 p->pending = len; 784 return 1; 785 } 786 } 787 788 /* Callback to indicate that the SCSI layer has completed a command. */ 789 static void lsi_command_complete(SCSIRequest *req, size_t resid) 790 { 791 LSIState *s = LSI53C895A(req->bus->qbus.parent); 792 int out; 793 794 out = (s->sstat1 & PHASE_MASK) == PHASE_DO; 795 trace_lsi_command_complete(req->status); 796 s->status = req->status; 797 s->command_complete = 2; 798 if (s->waiting && s->dbc != 0) { 799 /* Raise phase mismatch for short transfers. */ 800 lsi_bad_phase(s, out, PHASE_ST); 801 } else { 802 lsi_set_phase(s, PHASE_ST); 803 } 804 805 if (req->hba_private == s->current) { 806 req->hba_private = NULL; 807 lsi_request_free(s, s->current); 808 scsi_req_unref(req); 809 } 810 lsi_resume_script(s); 811 } 812 813 /* Callback to indicate that the SCSI layer has completed a transfer. */ 814 static void lsi_transfer_data(SCSIRequest *req, uint32_t len) 815 { 816 LSIState *s = LSI53C895A(req->bus->qbus.parent); 817 int out; 818 819 assert(req->hba_private); 820 if (s->waiting == LSI_WAIT_RESELECT || req->hba_private != s->current || 821 (lsi_irq_on_rsl(s) && !(s->scntl1 & LSI_SCNTL1_CON))) { 822 if (lsi_queue_req(s, req, len)) { 823 return; 824 } 825 } 826 827 out = (s->sstat1 & PHASE_MASK) == PHASE_DO; 828 829 /* host adapter (re)connected */ 830 trace_lsi_transfer_data(req->tag, len); 831 s->current->dma_len = len; 832 s->command_complete = 1; 833 if (s->waiting) { 834 if (s->waiting == LSI_WAIT_RESELECT || s->dbc == 0) { 835 lsi_resume_script(s); 836 } else { 837 lsi_do_dma(s, out); 838 } 839 } 840 } 841 842 static void lsi_do_command(LSIState *s) 843 { 844 SCSIDevice *dev; 845 uint8_t buf[16]; 846 uint32_t id; 847 int n; 848 849 trace_lsi_do_command(s->dbc); 850 if (s->dbc > 16) 851 s->dbc = 16; 852 pci_dma_read(PCI_DEVICE(s), s->dnad, buf, s->dbc); 853 s->sfbr = buf[0]; 854 s->command_complete = 0; 855 856 id = (s->select_tag >> 8) & 0xf; 857 dev = scsi_device_find(&s->bus, 0, id, s->current_lun); 858 if (!dev) { 859 lsi_bad_selection(s, id); 860 return; 861 } 862 863 assert(s->current == NULL); 864 s->current = g_new0(lsi_request, 1); 865 s->current->tag = s->select_tag; 866 s->current->req = scsi_req_new(dev, s->current->tag, s->current_lun, buf, 867 s->dbc, s->current); 868 869 n = scsi_req_enqueue(s->current->req); 870 if (n) { 871 if (n > 0) { 872 lsi_set_phase(s, PHASE_DI); 873 } else if (n < 0) { 874 lsi_set_phase(s, PHASE_DO); 875 } 876 scsi_req_continue(s->current->req); 877 } 878 if (!s->command_complete) { 879 if (n) { 880 /* Command did not complete immediately so disconnect. */ 881 lsi_add_msg_byte(s, 2); /* SAVE DATA POINTER */ 882 lsi_add_msg_byte(s, 4); /* DISCONNECT */ 883 /* wait data */ 884 lsi_set_phase(s, PHASE_MI); 885 s->msg_action = LSI_MSG_ACTION_DISCONNECT; 886 lsi_queue_command(s); 887 } else { 888 /* wait command complete */ 889 lsi_set_phase(s, PHASE_DI); 890 } 891 } 892 } 893 894 static void lsi_do_status(LSIState *s) 895 { 896 uint8_t status; 897 trace_lsi_do_status(s->dbc, s->status); 898 if (s->dbc != 1) { 899 trace_lsi_do_status_error(); 900 } 901 s->dbc = 1; 902 status = s->status; 903 s->sfbr = status; 904 pci_dma_write(PCI_DEVICE(s), s->dnad, &status, 1); 905 lsi_set_phase(s, PHASE_MI); 906 s->msg_action = LSI_MSG_ACTION_DISCONNECT; 907 lsi_add_msg_byte(s, 0); /* COMMAND COMPLETE */ 908 } 909 910 static void lsi_do_msgin(LSIState *s) 911 { 912 uint8_t len; 913 trace_lsi_do_msgin(s->dbc, s->msg_len); 914 s->sfbr = s->msg[0]; 915 len = s->msg_len; 916 assert(len > 0 && len <= LSI_MAX_MSGIN_LEN); 917 if (len > s->dbc) 918 len = s->dbc; 919 pci_dma_write(PCI_DEVICE(s), s->dnad, s->msg, len); 920 /* Linux drivers rely on the last byte being in the SIDL. */ 921 s->sidl = s->msg[len - 1]; 922 s->msg_len -= len; 923 if (s->msg_len) { 924 memmove(s->msg, s->msg + len, s->msg_len); 925 } else { 926 /* ??? Check if ATN (not yet implemented) is asserted and maybe 927 switch to PHASE_MO. */ 928 switch (s->msg_action) { 929 case LSI_MSG_ACTION_COMMAND: 930 lsi_set_phase(s, PHASE_CMD); 931 break; 932 case LSI_MSG_ACTION_DISCONNECT: 933 lsi_disconnect(s); 934 break; 935 case LSI_MSG_ACTION_DOUT: 936 lsi_set_phase(s, PHASE_DO); 937 break; 938 case LSI_MSG_ACTION_DIN: 939 lsi_set_phase(s, PHASE_DI); 940 break; 941 default: 942 abort(); 943 } 944 } 945 } 946 947 /* Read the next byte during a MSGOUT phase. */ 948 static uint8_t lsi_get_msgbyte(LSIState *s) 949 { 950 uint8_t data; 951 pci_dma_read(PCI_DEVICE(s), s->dnad, &data, 1); 952 s->dnad++; 953 s->dbc--; 954 return data; 955 } 956 957 /* Skip the next n bytes during a MSGOUT phase. */ 958 static void lsi_skip_msgbytes(LSIState *s, unsigned int n) 959 { 960 s->dnad += n; 961 s->dbc -= n; 962 } 963 964 static void lsi_do_msgout(LSIState *s) 965 { 966 uint8_t msg; 967 int len; 968 uint32_t current_tag; 969 lsi_request *current_req, *p, *p_next; 970 971 if (s->current) { 972 current_tag = s->current->tag; 973 current_req = s->current; 974 } else { 975 current_tag = s->select_tag; 976 current_req = lsi_find_by_tag(s, current_tag); 977 } 978 979 trace_lsi_do_msgout(s->dbc); 980 while (s->dbc) { 981 msg = lsi_get_msgbyte(s); 982 s->sfbr = msg; 983 984 switch (msg) { 985 case 0x04: 986 trace_lsi_do_msgout_disconnect(); 987 lsi_disconnect(s); 988 break; 989 case 0x08: 990 trace_lsi_do_msgout_noop(); 991 lsi_set_phase(s, PHASE_CMD); 992 break; 993 case 0x01: 994 len = lsi_get_msgbyte(s); 995 msg = lsi_get_msgbyte(s); 996 (void)len; /* avoid a warning about unused variable*/ 997 trace_lsi_do_msgout_extended(msg, len); 998 switch (msg) { 999 case 1: 1000 trace_lsi_do_msgout_ignored("SDTR"); 1001 lsi_skip_msgbytes(s, 2); 1002 break; 1003 case 3: 1004 trace_lsi_do_msgout_ignored("WDTR"); 1005 lsi_skip_msgbytes(s, 1); 1006 break; 1007 case 4: 1008 trace_lsi_do_msgout_ignored("PPR"); 1009 lsi_skip_msgbytes(s, 5); 1010 break; 1011 default: 1012 goto bad; 1013 } 1014 break; 1015 case 0x20: /* SIMPLE queue */ 1016 s->select_tag |= lsi_get_msgbyte(s) | LSI_TAG_VALID; 1017 trace_lsi_do_msgout_simplequeue(s->select_tag & 0xff); 1018 break; 1019 case 0x21: /* HEAD of queue */ 1020 qemu_log_mask(LOG_UNIMP, "lsi_scsi: HEAD queue not implemented\n"); 1021 s->select_tag |= lsi_get_msgbyte(s) | LSI_TAG_VALID; 1022 break; 1023 case 0x22: /* ORDERED queue */ 1024 qemu_log_mask(LOG_UNIMP, 1025 "lsi_scsi: ORDERED queue not implemented\n"); 1026 s->select_tag |= lsi_get_msgbyte(s) | LSI_TAG_VALID; 1027 break; 1028 case 0x0d: 1029 /* The ABORT TAG message clears the current I/O process only. */ 1030 trace_lsi_do_msgout_abort(current_tag); 1031 if (current_req && current_req->req) { 1032 scsi_req_cancel(current_req->req); 1033 current_req = NULL; 1034 } 1035 lsi_disconnect(s); 1036 break; 1037 case 0x06: 1038 case 0x0e: 1039 case 0x0c: 1040 /* The ABORT message clears all I/O processes for the selecting 1041 initiator on the specified logical unit of the target. */ 1042 if (msg == 0x06) { 1043 trace_lsi_do_msgout_abort(current_tag); 1044 } 1045 /* The CLEAR QUEUE message clears all I/O processes for all 1046 initiators on the specified logical unit of the target. */ 1047 if (msg == 0x0e) { 1048 trace_lsi_do_msgout_clearqueue(current_tag); 1049 } 1050 /* The BUS DEVICE RESET message clears all I/O processes for all 1051 initiators on all logical units of the target. */ 1052 if (msg == 0x0c) { 1053 trace_lsi_do_msgout_busdevicereset(current_tag); 1054 } 1055 1056 /* clear the current I/O process */ 1057 if (s->current) { 1058 scsi_req_cancel(s->current->req); 1059 current_req = NULL; 1060 } 1061 1062 /* As the current implemented devices scsi_disk and scsi_generic 1063 only support one LUN, we don't need to keep track of LUNs. 1064 Clearing I/O processes for other initiators could be possible 1065 for scsi_generic by sending a SG_SCSI_RESET to the /dev/sgX 1066 device, but this is currently not implemented (and seems not 1067 to be really necessary). So let's simply clear all queued 1068 commands for the current device: */ 1069 QTAILQ_FOREACH_SAFE(p, &s->queue, next, p_next) { 1070 if ((p->tag & 0x0000ff00) == (current_tag & 0x0000ff00)) { 1071 scsi_req_cancel(p->req); 1072 } 1073 } 1074 1075 lsi_disconnect(s); 1076 break; 1077 default: 1078 if ((msg & 0x80) == 0) { 1079 goto bad; 1080 } 1081 s->current_lun = msg & 7; 1082 trace_lsi_do_msgout_select(s->current_lun); 1083 lsi_set_phase(s, PHASE_CMD); 1084 break; 1085 } 1086 } 1087 return; 1088 bad: 1089 qemu_log_mask(LOG_UNIMP, "Unimplemented message 0x%02x\n", msg); 1090 lsi_set_phase(s, PHASE_MI); 1091 lsi_add_msg_byte(s, 7); /* MESSAGE REJECT */ 1092 s->msg_action = LSI_MSG_ACTION_COMMAND; 1093 } 1094 1095 #define LSI_BUF_SIZE 4096 1096 static void lsi_memcpy(LSIState *s, uint32_t dest, uint32_t src, int count) 1097 { 1098 int n; 1099 uint8_t buf[LSI_BUF_SIZE]; 1100 1101 trace_lsi_memcpy(dest, src, count); 1102 while (count) { 1103 n = (count > LSI_BUF_SIZE) ? LSI_BUF_SIZE : count; 1104 lsi_mem_read(s, src, buf, n); 1105 lsi_mem_write(s, dest, buf, n); 1106 src += n; 1107 dest += n; 1108 count -= n; 1109 } 1110 } 1111 1112 static void lsi_wait_reselect(LSIState *s) 1113 { 1114 lsi_request *p; 1115 1116 trace_lsi_wait_reselect(); 1117 1118 if (s->current) { 1119 return; 1120 } 1121 p = get_pending_req(s); 1122 if (p) { 1123 lsi_reselect(s, p); 1124 } 1125 if (s->current == NULL) { 1126 s->waiting = LSI_WAIT_RESELECT; 1127 } 1128 } 1129 1130 static void lsi_execute_script(LSIState *s) 1131 { 1132 PCIDevice *pci_dev = PCI_DEVICE(s); 1133 uint32_t insn; 1134 uint32_t addr, addr_high; 1135 int opcode; 1136 int insn_processed = 0; 1137 1138 s->istat1 |= LSI_ISTAT1_SRUN; 1139 again: 1140 if (++insn_processed > LSI_MAX_INSN) { 1141 /* Some windows drivers make the device spin waiting for a memory 1142 location to change. If we have been executed a lot of code then 1143 assume this is the case and force an unexpected device disconnect. 1144 This is apparently sufficient to beat the drivers into submission. 1145 */ 1146 if (!(s->sien0 & LSI_SIST0_UDC)) { 1147 qemu_log_mask(LOG_GUEST_ERROR, 1148 "lsi_scsi: inf. loop with UDC masked"); 1149 } 1150 lsi_script_scsi_interrupt(s, LSI_SIST0_UDC, 0); 1151 lsi_disconnect(s); 1152 trace_lsi_execute_script_stop(); 1153 return; 1154 } 1155 insn = read_dword(s, s->dsp); 1156 if (!insn) { 1157 /* If we receive an empty opcode increment the DSP by 4 bytes 1158 instead of 8 and execute the next opcode at that location */ 1159 s->dsp += 4; 1160 goto again; 1161 } 1162 addr = read_dword(s, s->dsp + 4); 1163 addr_high = 0; 1164 trace_lsi_execute_script(s->dsp, insn, addr); 1165 s->dsps = addr; 1166 s->dcmd = insn >> 24; 1167 s->dsp += 8; 1168 switch (insn >> 30) { 1169 case 0: /* Block move. */ 1170 if (s->sist1 & LSI_SIST1_STO) { 1171 trace_lsi_execute_script_blockmove_delayed(); 1172 lsi_stop_script(s); 1173 break; 1174 } 1175 s->dbc = insn & 0xffffff; 1176 s->rbc = s->dbc; 1177 /* ??? Set ESA. */ 1178 s->ia = s->dsp - 8; 1179 if (insn & (1 << 29)) { 1180 /* Indirect addressing. */ 1181 addr = read_dword(s, addr); 1182 } else if (insn & (1 << 28)) { 1183 uint32_t buf[2]; 1184 int32_t offset; 1185 /* Table indirect addressing. */ 1186 1187 /* 32-bit Table indirect */ 1188 offset = sextract32(addr, 0, 24); 1189 pci_dma_read(pci_dev, s->dsa + offset, buf, 8); 1190 /* byte count is stored in bits 0:23 only */ 1191 s->dbc = cpu_to_le32(buf[0]) & 0xffffff; 1192 s->rbc = s->dbc; 1193 addr = cpu_to_le32(buf[1]); 1194 1195 /* 40-bit DMA, upper addr bits [39:32] stored in first DWORD of 1196 * table, bits [31:24] */ 1197 if (lsi_dma_40bit(s)) 1198 addr_high = cpu_to_le32(buf[0]) >> 24; 1199 else if (lsi_dma_ti64bit(s)) { 1200 int selector = (cpu_to_le32(buf[0]) >> 24) & 0x1f; 1201 switch (selector) { 1202 case 0 ... 0x0f: 1203 /* offset index into scratch registers since 1204 * TI64 mode can use registers C to R */ 1205 addr_high = s->scratch[2 + selector]; 1206 break; 1207 case 0x10: 1208 addr_high = s->mmrs; 1209 break; 1210 case 0x11: 1211 addr_high = s->mmws; 1212 break; 1213 case 0x12: 1214 addr_high = s->sfs; 1215 break; 1216 case 0x13: 1217 addr_high = s->drs; 1218 break; 1219 case 0x14: 1220 addr_high = s->sbms; 1221 break; 1222 case 0x15: 1223 addr_high = s->dbms; 1224 break; 1225 default: 1226 qemu_log_mask(LOG_GUEST_ERROR, 1227 "lsi_scsi: Illegal selector specified (0x%x > 0x15) " 1228 "for 64-bit DMA block move", selector); 1229 break; 1230 } 1231 } 1232 } else if (lsi_dma_64bit(s)) { 1233 /* fetch a 3rd dword if 64-bit direct move is enabled and 1234 only if we're not doing table indirect or indirect addressing */ 1235 s->dbms = read_dword(s, s->dsp); 1236 s->dsp += 4; 1237 s->ia = s->dsp - 12; 1238 } 1239 if ((s->sstat1 & PHASE_MASK) != ((insn >> 24) & 7)) { 1240 trace_lsi_execute_script_blockmove_badphase( 1241 scsi_phase_name(s->sstat1), 1242 scsi_phase_name(insn >> 24)); 1243 lsi_script_scsi_interrupt(s, LSI_SIST0_MA, 0); 1244 break; 1245 } 1246 s->dnad = addr; 1247 s->dnad64 = addr_high; 1248 switch (s->sstat1 & 0x7) { 1249 case PHASE_DO: 1250 s->waiting = LSI_DMA_SCRIPTS; 1251 lsi_do_dma(s, 1); 1252 if (s->waiting) 1253 s->waiting = LSI_DMA_IN_PROGRESS; 1254 break; 1255 case PHASE_DI: 1256 s->waiting = LSI_DMA_SCRIPTS; 1257 lsi_do_dma(s, 0); 1258 if (s->waiting) 1259 s->waiting = LSI_DMA_IN_PROGRESS; 1260 break; 1261 case PHASE_CMD: 1262 lsi_do_command(s); 1263 break; 1264 case PHASE_ST: 1265 lsi_do_status(s); 1266 break; 1267 case PHASE_MO: 1268 lsi_do_msgout(s); 1269 break; 1270 case PHASE_MI: 1271 lsi_do_msgin(s); 1272 break; 1273 default: 1274 qemu_log_mask(LOG_UNIMP, "lsi_scsi: Unimplemented phase %s\n", 1275 scsi_phase_name(s->sstat1)); 1276 } 1277 s->dfifo = s->dbc & 0xff; 1278 s->ctest5 = (s->ctest5 & 0xfc) | ((s->dbc >> 8) & 3); 1279 s->sbc = s->dbc; 1280 s->rbc -= s->dbc; 1281 s->ua = addr + s->dbc; 1282 break; 1283 1284 case 1: /* IO or Read/Write instruction. */ 1285 opcode = (insn >> 27) & 7; 1286 if (opcode < 5) { 1287 uint32_t id; 1288 1289 if (insn & (1 << 25)) { 1290 id = read_dword(s, s->dsa + sextract32(insn, 0, 24)); 1291 } else { 1292 id = insn; 1293 } 1294 id = (id >> 16) & 0xf; 1295 if (insn & (1 << 26)) { 1296 addr = s->dsp + sextract32(addr, 0, 24); 1297 } 1298 s->dnad = addr; 1299 switch (opcode) { 1300 case 0: /* Select */ 1301 s->sdid = id; 1302 if (s->scntl1 & LSI_SCNTL1_CON) { 1303 trace_lsi_execute_script_io_alreadyreselected(); 1304 s->dsp = s->dnad; 1305 break; 1306 } 1307 s->sstat0 |= LSI_SSTAT0_WOA; 1308 s->scntl1 &= ~LSI_SCNTL1_IARB; 1309 if (!scsi_device_find(&s->bus, 0, id, 0)) { 1310 lsi_bad_selection(s, id); 1311 break; 1312 } 1313 trace_lsi_execute_script_io_selected(id, 1314 insn & (1 << 3) ? " ATN" : ""); 1315 /* ??? Linux drivers compain when this is set. Maybe 1316 it only applies in low-level mode (unimplemented). 1317 lsi_script_scsi_interrupt(s, LSI_SIST0_CMP, 0); */ 1318 s->select_tag = id << 8; 1319 s->scntl1 |= LSI_SCNTL1_CON; 1320 if (insn & (1 << 3)) { 1321 s->socl |= LSI_SOCL_ATN; 1322 s->sbcl |= LSI_SBCL_ATN; 1323 } 1324 s->sbcl |= LSI_SBCL_BSY; 1325 lsi_set_phase(s, PHASE_MO); 1326 s->waiting = LSI_NOWAIT; 1327 break; 1328 case 1: /* Disconnect */ 1329 trace_lsi_execute_script_io_disconnect(); 1330 s->scntl1 &= ~LSI_SCNTL1_CON; 1331 /* FIXME: this is not entirely correct; the target need not ask 1332 * for reselection until it has to send data, while here we force a 1333 * reselection as soon as the bus is free. The correct flow would 1334 * reselect before lsi_transfer_data and disconnect as soon as 1335 * DMA ends. 1336 */ 1337 if (!s->current) { 1338 lsi_request *p = get_pending_req(s); 1339 if (p) { 1340 lsi_reselect(s, p); 1341 } 1342 } 1343 break; 1344 case 2: /* Wait Reselect */ 1345 if (s->istat0 & LSI_ISTAT0_SIGP) { 1346 s->dsp = s->dnad; 1347 } else if (!lsi_irq_on_rsl(s)) { 1348 lsi_wait_reselect(s); 1349 } 1350 break; 1351 case 3: /* Set */ 1352 trace_lsi_execute_script_io_set( 1353 insn & (1 << 3) ? " ATN" : "", 1354 insn & (1 << 6) ? " ACK" : "", 1355 insn & (1 << 9) ? " TM" : "", 1356 insn & (1 << 10) ? " CC" : ""); 1357 if (insn & (1 << 3)) { 1358 s->socl |= LSI_SOCL_ATN; 1359 s->sbcl |= LSI_SBCL_ATN; 1360 lsi_set_phase(s, PHASE_MO); 1361 } 1362 1363 if (insn & (1 << 6)) { 1364 s->sbcl |= LSI_SBCL_ACK; 1365 } 1366 1367 if (insn & (1 << 9)) { 1368 qemu_log_mask(LOG_UNIMP, 1369 "lsi_scsi: Target mode not implemented\n"); 1370 } 1371 if (insn & (1 << 10)) 1372 s->carry = 1; 1373 break; 1374 case 4: /* Clear */ 1375 trace_lsi_execute_script_io_clear( 1376 insn & (1 << 3) ? " ATN" : "", 1377 insn & (1 << 6) ? " ACK" : "", 1378 insn & (1 << 9) ? " TM" : "", 1379 insn & (1 << 10) ? " CC" : ""); 1380 if (insn & (1 << 3)) { 1381 s->socl &= ~LSI_SOCL_ATN; 1382 s->sbcl &= ~LSI_SBCL_ATN; 1383 } 1384 1385 if (insn & (1 << 6)) { 1386 s->sbcl &= ~LSI_SBCL_ACK; 1387 } 1388 1389 if (insn & (1 << 10)) 1390 s->carry = 0; 1391 break; 1392 } 1393 } else { 1394 uint8_t op0; 1395 uint8_t op1; 1396 uint8_t data8; 1397 int reg; 1398 int operator; 1399 1400 static const char *opcode_names[3] = 1401 {"Write", "Read", "Read-Modify-Write"}; 1402 static const char *operator_names[8] = 1403 {"MOV", "SHL", "OR", "XOR", "AND", "SHR", "ADD", "ADC"}; 1404 1405 reg = ((insn >> 16) & 0x7f) | (insn & 0x80); 1406 data8 = (insn >> 8) & 0xff; 1407 opcode = (insn >> 27) & 7; 1408 operator = (insn >> 24) & 7; 1409 trace_lsi_execute_script_io_opcode( 1410 opcode_names[opcode - 5], reg, 1411 operator_names[operator], data8, s->sfbr, 1412 (insn & (1 << 23)) ? " SFBR" : ""); 1413 op0 = op1 = 0; 1414 switch (opcode) { 1415 case 5: /* From SFBR */ 1416 op0 = s->sfbr; 1417 op1 = data8; 1418 break; 1419 case 6: /* To SFBR */ 1420 if (operator) 1421 op0 = lsi_reg_readb(s, reg); 1422 op1 = data8; 1423 break; 1424 case 7: /* Read-modify-write */ 1425 if (operator) 1426 op0 = lsi_reg_readb(s, reg); 1427 if (insn & (1 << 23)) { 1428 op1 = s->sfbr; 1429 } else { 1430 op1 = data8; 1431 } 1432 break; 1433 } 1434 1435 switch (operator) { 1436 case 0: /* move */ 1437 op0 = op1; 1438 break; 1439 case 1: /* Shift left */ 1440 op1 = op0 >> 7; 1441 op0 = (op0 << 1) | s->carry; 1442 s->carry = op1; 1443 break; 1444 case 2: /* OR */ 1445 op0 |= op1; 1446 break; 1447 case 3: /* XOR */ 1448 op0 ^= op1; 1449 break; 1450 case 4: /* AND */ 1451 op0 &= op1; 1452 break; 1453 case 5: /* SHR */ 1454 op1 = op0 & 1; 1455 op0 = (op0 >> 1) | (s->carry << 7); 1456 s->carry = op1; 1457 break; 1458 case 6: /* ADD */ 1459 op0 += op1; 1460 s->carry = op0 < op1; 1461 break; 1462 case 7: /* ADC */ 1463 op0 += op1 + s->carry; 1464 if (s->carry) 1465 s->carry = op0 <= op1; 1466 else 1467 s->carry = op0 < op1; 1468 break; 1469 } 1470 1471 switch (opcode) { 1472 case 5: /* From SFBR */ 1473 case 7: /* Read-modify-write */ 1474 lsi_reg_writeb(s, reg, op0); 1475 break; 1476 case 6: /* To SFBR */ 1477 s->sfbr = op0; 1478 break; 1479 } 1480 } 1481 break; 1482 1483 case 2: /* Transfer Control. */ 1484 { 1485 int cond; 1486 int jmp; 1487 1488 if ((insn & 0x002e0000) == 0) { 1489 trace_lsi_execute_script_tc_nop(); 1490 break; 1491 } 1492 if (s->sist1 & LSI_SIST1_STO) { 1493 trace_lsi_execute_script_tc_delayedselect_timeout(); 1494 lsi_stop_script(s); 1495 break; 1496 } 1497 cond = jmp = (insn & (1 << 19)) != 0; 1498 if (cond == jmp && (insn & (1 << 21))) { 1499 trace_lsi_execute_script_tc_compc(s->carry == jmp); 1500 cond = s->carry != 0; 1501 } 1502 if (cond == jmp && (insn & (1 << 17))) { 1503 trace_lsi_execute_script_tc_compp(scsi_phase_name(s->sstat1), 1504 jmp ? '=' : '!', scsi_phase_name(insn >> 24)); 1505 cond = (s->sstat1 & PHASE_MASK) == ((insn >> 24) & 7); 1506 } 1507 if (cond == jmp && (insn & (1 << 18))) { 1508 uint8_t mask; 1509 1510 mask = (~insn >> 8) & 0xff; 1511 trace_lsi_execute_script_tc_compd( 1512 s->sfbr, mask, jmp ? '=' : '!', insn & mask); 1513 cond = (s->sfbr & mask) == (insn & mask); 1514 } 1515 if (cond == jmp) { 1516 if (insn & (1 << 23)) { 1517 /* Relative address. */ 1518 addr = s->dsp + sextract32(addr, 0, 24); 1519 } 1520 switch ((insn >> 27) & 7) { 1521 case 0: /* Jump */ 1522 trace_lsi_execute_script_tc_jump(addr); 1523 s->adder = addr; 1524 s->dsp = addr; 1525 break; 1526 case 1: /* Call */ 1527 trace_lsi_execute_script_tc_call(addr); 1528 s->temp = s->dsp; 1529 s->dsp = addr; 1530 break; 1531 case 2: /* Return */ 1532 trace_lsi_execute_script_tc_return(s->temp); 1533 s->dsp = s->temp; 1534 break; 1535 case 3: /* Interrupt */ 1536 trace_lsi_execute_script_tc_interrupt(s->dsps); 1537 if ((insn & (1 << 20)) != 0) { 1538 s->istat0 |= LSI_ISTAT0_INTF; 1539 lsi_update_irq(s); 1540 } else { 1541 lsi_script_dma_interrupt(s, LSI_DSTAT_SIR); 1542 } 1543 break; 1544 default: 1545 trace_lsi_execute_script_tc_illegal(); 1546 lsi_script_dma_interrupt(s, LSI_DSTAT_IID); 1547 break; 1548 } 1549 } else { 1550 trace_lsi_execute_script_tc_cc_failed(); 1551 } 1552 } 1553 break; 1554 1555 case 3: 1556 if ((insn & (1 << 29)) == 0) { 1557 /* Memory move. */ 1558 uint32_t dest; 1559 /* ??? The docs imply the destination address is loaded into 1560 the TEMP register. However the Linux drivers rely on 1561 the value being presrved. */ 1562 dest = read_dword(s, s->dsp); 1563 s->dsp += 4; 1564 lsi_memcpy(s, dest, addr, insn & 0xffffff); 1565 } else { 1566 uint8_t data[7]; 1567 int reg; 1568 int n; 1569 int i; 1570 1571 if (insn & (1 << 28)) { 1572 addr = s->dsa + sextract32(addr, 0, 24); 1573 } 1574 n = (insn & 7); 1575 reg = (insn >> 16) & 0xff; 1576 if (insn & (1 << 24)) { 1577 pci_dma_read(pci_dev, addr, data, n); 1578 trace_lsi_execute_script_mm_load(reg, n, addr, *(int *)data); 1579 for (i = 0; i < n; i++) { 1580 lsi_reg_writeb(s, reg + i, data[i]); 1581 } 1582 } else { 1583 trace_lsi_execute_script_mm_store(reg, n, addr); 1584 for (i = 0; i < n; i++) { 1585 data[i] = lsi_reg_readb(s, reg + i); 1586 } 1587 pci_dma_write(pci_dev, addr, data, n); 1588 } 1589 } 1590 } 1591 if (s->istat1 & LSI_ISTAT1_SRUN && s->waiting == LSI_NOWAIT) { 1592 if (s->dcntl & LSI_DCNTL_SSM) { 1593 lsi_script_dma_interrupt(s, LSI_DSTAT_SSI); 1594 } else { 1595 goto again; 1596 } 1597 } 1598 trace_lsi_execute_script_stop(); 1599 } 1600 1601 static uint8_t lsi_reg_readb(LSIState *s, int offset) 1602 { 1603 uint8_t ret; 1604 1605 #define CASE_GET_REG24(name, addr) \ 1606 case addr: ret = s->name & 0xff; break; \ 1607 case addr + 1: ret = (s->name >> 8) & 0xff; break; \ 1608 case addr + 2: ret = (s->name >> 16) & 0xff; break; 1609 1610 #define CASE_GET_REG32(name, addr) \ 1611 case addr: ret = s->name & 0xff; break; \ 1612 case addr + 1: ret = (s->name >> 8) & 0xff; break; \ 1613 case addr + 2: ret = (s->name >> 16) & 0xff; break; \ 1614 case addr + 3: ret = (s->name >> 24) & 0xff; break; 1615 1616 switch (offset) { 1617 case 0x00: /* SCNTL0 */ 1618 ret = s->scntl0; 1619 break; 1620 case 0x01: /* SCNTL1 */ 1621 ret = s->scntl1; 1622 break; 1623 case 0x02: /* SCNTL2 */ 1624 ret = s->scntl2; 1625 break; 1626 case 0x03: /* SCNTL3 */ 1627 ret = s->scntl3; 1628 break; 1629 case 0x04: /* SCID */ 1630 ret = s->scid; 1631 break; 1632 case 0x05: /* SXFER */ 1633 ret = s->sxfer; 1634 break; 1635 case 0x06: /* SDID */ 1636 ret = s->sdid; 1637 break; 1638 case 0x07: /* GPREG0 */ 1639 ret = 0x7f; 1640 break; 1641 case 0x08: /* Revision ID */ 1642 ret = 0x00; 1643 break; 1644 case 0x09: /* SOCL */ 1645 ret = s->socl; 1646 break; 1647 case 0xa: /* SSID */ 1648 ret = s->ssid; 1649 break; 1650 case 0xb: /* SBCL */ 1651 ret = s->sbcl; 1652 break; 1653 case 0xc: /* DSTAT */ 1654 ret = s->dstat | LSI_DSTAT_DFE; 1655 if ((s->istat0 & LSI_ISTAT0_INTF) == 0) 1656 s->dstat = 0; 1657 lsi_update_irq(s); 1658 break; 1659 case 0x0d: /* SSTAT0 */ 1660 ret = s->sstat0; 1661 break; 1662 case 0x0e: /* SSTAT1 */ 1663 ret = s->sstat1; 1664 break; 1665 case 0x0f: /* SSTAT2 */ 1666 ret = s->scntl1 & LSI_SCNTL1_CON ? 0 : 2; 1667 break; 1668 CASE_GET_REG32(dsa, 0x10) 1669 case 0x14: /* ISTAT0 */ 1670 ret = s->istat0; 1671 break; 1672 case 0x15: /* ISTAT1 */ 1673 ret = s->istat1; 1674 break; 1675 case 0x16: /* MBOX0 */ 1676 ret = s->mbox0; 1677 break; 1678 case 0x17: /* MBOX1 */ 1679 ret = s->mbox1; 1680 break; 1681 case 0x18: /* CTEST0 */ 1682 ret = 0xff; 1683 break; 1684 case 0x19: /* CTEST1 */ 1685 ret = 0; 1686 break; 1687 case 0x1a: /* CTEST2 */ 1688 ret = s->ctest2 | LSI_CTEST2_DACK | LSI_CTEST2_CM; 1689 if (s->istat0 & LSI_ISTAT0_SIGP) { 1690 s->istat0 &= ~LSI_ISTAT0_SIGP; 1691 ret |= LSI_CTEST2_SIGP; 1692 } 1693 break; 1694 case 0x1b: /* CTEST3 */ 1695 ret = s->ctest3; 1696 break; 1697 CASE_GET_REG32(temp, 0x1c) 1698 case 0x20: /* DFIFO */ 1699 ret = s->dfifo; 1700 break; 1701 case 0x21: /* CTEST4 */ 1702 ret = s->ctest4; 1703 break; 1704 case 0x22: /* CTEST5 */ 1705 ret = s->ctest5; 1706 break; 1707 case 0x23: /* CTEST6 */ 1708 ret = 0; 1709 break; 1710 CASE_GET_REG24(dbc, 0x24) 1711 case 0x27: /* DCMD */ 1712 ret = s->dcmd; 1713 break; 1714 CASE_GET_REG32(dnad, 0x28) 1715 CASE_GET_REG32(dsp, 0x2c) 1716 CASE_GET_REG32(dsps, 0x30) 1717 CASE_GET_REG32(scratch[0], 0x34) 1718 case 0x38: /* DMODE */ 1719 ret = s->dmode; 1720 break; 1721 case 0x39: /* DIEN */ 1722 ret = s->dien; 1723 break; 1724 case 0x3a: /* SBR */ 1725 ret = s->sbr; 1726 break; 1727 case 0x3b: /* DCNTL */ 1728 ret = s->dcntl; 1729 break; 1730 /* ADDER Output (Debug of relative jump address) */ 1731 CASE_GET_REG32(adder, 0x3c) 1732 case 0x40: /* SIEN0 */ 1733 ret = s->sien0; 1734 break; 1735 case 0x41: /* SIEN1 */ 1736 ret = s->sien1; 1737 break; 1738 case 0x42: /* SIST0 */ 1739 ret = s->sist0; 1740 s->sist0 = 0; 1741 lsi_update_irq(s); 1742 break; 1743 case 0x43: /* SIST1 */ 1744 ret = s->sist1; 1745 s->sist1 = 0; 1746 lsi_update_irq(s); 1747 break; 1748 case 0x46: /* MACNTL */ 1749 ret = 0x0f; 1750 break; 1751 case 0x47: /* GPCNTL0 */ 1752 ret = 0x0f; 1753 break; 1754 case 0x48: /* STIME0 */ 1755 ret = s->stime0; 1756 break; 1757 case 0x4a: /* RESPID0 */ 1758 ret = s->respid0; 1759 break; 1760 case 0x4b: /* RESPID1 */ 1761 ret = s->respid1; 1762 break; 1763 case 0x4d: /* STEST1 */ 1764 ret = s->stest1; 1765 break; 1766 case 0x4e: /* STEST2 */ 1767 ret = s->stest2; 1768 break; 1769 case 0x4f: /* STEST3 */ 1770 ret = s->stest3; 1771 break; 1772 case 0x50: /* SIDL */ 1773 /* This is needed by the linux drivers. We currently only update it 1774 during the MSG IN phase. */ 1775 ret = s->sidl; 1776 break; 1777 case 0x52: /* STEST4 */ 1778 ret = 0xe0; 1779 break; 1780 case 0x56: /* CCNTL0 */ 1781 ret = s->ccntl0; 1782 break; 1783 case 0x57: /* CCNTL1 */ 1784 ret = s->ccntl1; 1785 break; 1786 case 0x58: /* SBDL */ 1787 /* Some drivers peek at the data bus during the MSG IN phase. */ 1788 if ((s->sstat1 & PHASE_MASK) == PHASE_MI) { 1789 assert(s->msg_len > 0); 1790 return s->msg[0]; 1791 } 1792 ret = 0; 1793 break; 1794 case 0x59: /* SBDL high */ 1795 ret = 0; 1796 break; 1797 CASE_GET_REG32(mmrs, 0xa0) 1798 CASE_GET_REG32(mmws, 0xa4) 1799 CASE_GET_REG32(sfs, 0xa8) 1800 CASE_GET_REG32(drs, 0xac) 1801 CASE_GET_REG32(sbms, 0xb0) 1802 CASE_GET_REG32(dbms, 0xb4) 1803 CASE_GET_REG32(dnad64, 0xb8) 1804 CASE_GET_REG32(pmjad1, 0xc0) 1805 CASE_GET_REG32(pmjad2, 0xc4) 1806 CASE_GET_REG32(rbc, 0xc8) 1807 CASE_GET_REG32(ua, 0xcc) 1808 CASE_GET_REG32(ia, 0xd4) 1809 CASE_GET_REG32(sbc, 0xd8) 1810 CASE_GET_REG32(csbc, 0xdc) 1811 case 0x5c ... 0x9f: 1812 { 1813 int n; 1814 int shift; 1815 n = (offset - 0x58) >> 2; 1816 shift = (offset & 3) * 8; 1817 ret = (s->scratch[n] >> shift) & 0xff; 1818 break; 1819 } 1820 default: 1821 { 1822 qemu_log_mask(LOG_GUEST_ERROR, 1823 "lsi_scsi: invalid read from reg %s %x\n", 1824 offset < ARRAY_SIZE(names) ? names[offset] : "???", 1825 offset); 1826 ret = 0xff; 1827 break; 1828 } 1829 } 1830 #undef CASE_GET_REG24 1831 #undef CASE_GET_REG32 1832 1833 trace_lsi_reg_read(offset < ARRAY_SIZE(names) ? names[offset] : "???", 1834 offset, ret); 1835 1836 return ret; 1837 } 1838 1839 static void lsi_reg_writeb(LSIState *s, int offset, uint8_t val) 1840 { 1841 #define CASE_SET_REG24(name, addr) \ 1842 case addr : s->name &= 0xffffff00; s->name |= val; break; \ 1843 case addr + 1: s->name &= 0xffff00ff; s->name |= val << 8; break; \ 1844 case addr + 2: s->name &= 0xff00ffff; s->name |= val << 16; break; 1845 1846 #define CASE_SET_REG32(name, addr) \ 1847 case addr : s->name &= 0xffffff00; s->name |= val; break; \ 1848 case addr + 1: s->name &= 0xffff00ff; s->name |= val << 8; break; \ 1849 case addr + 2: s->name &= 0xff00ffff; s->name |= val << 16; break; \ 1850 case addr + 3: s->name &= 0x00ffffff; s->name |= val << 24; break; 1851 1852 trace_lsi_reg_write(offset < ARRAY_SIZE(names) ? names[offset] : "???", 1853 offset, val); 1854 1855 switch (offset) { 1856 case 0x00: /* SCNTL0 */ 1857 s->scntl0 = val; 1858 if (val & LSI_SCNTL0_START) { 1859 qemu_log_mask(LOG_UNIMP, 1860 "lsi_scsi: Start sequence not implemented\n"); 1861 } 1862 break; 1863 case 0x01: /* SCNTL1 */ 1864 s->scntl1 = val & ~LSI_SCNTL1_SST; 1865 if (val & LSI_SCNTL1_IARB) { 1866 qemu_log_mask(LOG_UNIMP, 1867 "lsi_scsi: Immediate Arbritration not implemented\n"); 1868 } 1869 if (val & LSI_SCNTL1_RST) { 1870 if (!(s->sstat0 & LSI_SSTAT0_RST)) { 1871 bus_cold_reset(BUS(&s->bus)); 1872 s->sstat0 |= LSI_SSTAT0_RST; 1873 lsi_script_scsi_interrupt(s, LSI_SIST0_RST, 0); 1874 } 1875 } else { 1876 s->sstat0 &= ~LSI_SSTAT0_RST; 1877 } 1878 break; 1879 case 0x02: /* SCNTL2 */ 1880 val &= ~(LSI_SCNTL2_WSR | LSI_SCNTL2_WSS); 1881 s->scntl2 = val; 1882 break; 1883 case 0x03: /* SCNTL3 */ 1884 s->scntl3 = val; 1885 break; 1886 case 0x04: /* SCID */ 1887 s->scid = val; 1888 break; 1889 case 0x05: /* SXFER */ 1890 s->sxfer = val; 1891 break; 1892 case 0x06: /* SDID */ 1893 if ((s->ssid & 0x80) && (val & 0xf) != (s->ssid & 0xf)) { 1894 qemu_log_mask(LOG_GUEST_ERROR, 1895 "lsi_scsi: Destination ID does not match SSID\n"); 1896 } 1897 s->sdid = val & 0xf; 1898 break; 1899 case 0x07: /* GPREG0 */ 1900 break; 1901 case 0x08: /* SFBR */ 1902 /* The CPU is not allowed to write to this register. However the 1903 SCRIPTS register move instructions are. */ 1904 s->sfbr = val; 1905 break; 1906 case 0x0a: case 0x0b: 1907 /* Openserver writes to these readonly registers on startup */ 1908 return; 1909 case 0x0c: case 0x0d: case 0x0e: case 0x0f: 1910 /* Linux writes to these readonly registers on startup. */ 1911 return; 1912 CASE_SET_REG32(dsa, 0x10) 1913 case 0x14: /* ISTAT0 */ 1914 s->istat0 = (s->istat0 & 0x0f) | (val & 0xf0); 1915 if (val & LSI_ISTAT0_ABRT) { 1916 lsi_script_dma_interrupt(s, LSI_DSTAT_ABRT); 1917 } 1918 if (val & LSI_ISTAT0_INTF) { 1919 s->istat0 &= ~LSI_ISTAT0_INTF; 1920 lsi_update_irq(s); 1921 } 1922 if (s->waiting == LSI_WAIT_RESELECT && val & LSI_ISTAT0_SIGP) { 1923 trace_lsi_awoken(); 1924 s->waiting = LSI_NOWAIT; 1925 s->dsp = s->dnad; 1926 lsi_execute_script(s); 1927 } 1928 if (val & LSI_ISTAT0_SRST) { 1929 device_cold_reset(DEVICE(s)); 1930 } 1931 break; 1932 case 0x16: /* MBOX0 */ 1933 s->mbox0 = val; 1934 break; 1935 case 0x17: /* MBOX1 */ 1936 s->mbox1 = val; 1937 break; 1938 case 0x18: /* CTEST0 */ 1939 /* nothing to do */ 1940 break; 1941 case 0x1a: /* CTEST2 */ 1942 s->ctest2 = val & LSI_CTEST2_PCICIE; 1943 break; 1944 case 0x1b: /* CTEST3 */ 1945 s->ctest3 = val & 0x0f; 1946 break; 1947 CASE_SET_REG32(temp, 0x1c) 1948 case 0x21: /* CTEST4 */ 1949 if (val & 7) { 1950 qemu_log_mask(LOG_UNIMP, 1951 "lsi_scsi: Unimplemented CTEST4-FBL 0x%x\n", val); 1952 } 1953 s->ctest4 = val; 1954 break; 1955 case 0x22: /* CTEST5 */ 1956 if (val & (LSI_CTEST5_ADCK | LSI_CTEST5_BBCK)) { 1957 qemu_log_mask(LOG_UNIMP, 1958 "lsi_scsi: CTEST5 DMA increment not implemented\n"); 1959 } 1960 s->ctest5 = val; 1961 break; 1962 CASE_SET_REG24(dbc, 0x24) 1963 CASE_SET_REG32(dnad, 0x28) 1964 case 0x2c: /* DSP[0:7] */ 1965 s->dsp &= 0xffffff00; 1966 s->dsp |= val; 1967 break; 1968 case 0x2d: /* DSP[8:15] */ 1969 s->dsp &= 0xffff00ff; 1970 s->dsp |= val << 8; 1971 break; 1972 case 0x2e: /* DSP[16:23] */ 1973 s->dsp &= 0xff00ffff; 1974 s->dsp |= val << 16; 1975 break; 1976 case 0x2f: /* DSP[24:31] */ 1977 s->dsp &= 0x00ffffff; 1978 s->dsp |= val << 24; 1979 /* 1980 * FIXME: if s->waiting != LSI_NOWAIT, this will only execute one 1981 * instruction. Is this correct? 1982 */ 1983 if ((s->dmode & LSI_DMODE_MAN) == 0 1984 && (s->istat1 & LSI_ISTAT1_SRUN) == 0) 1985 lsi_execute_script(s); 1986 break; 1987 CASE_SET_REG32(dsps, 0x30) 1988 CASE_SET_REG32(scratch[0], 0x34) 1989 case 0x38: /* DMODE */ 1990 s->dmode = val; 1991 break; 1992 case 0x39: /* DIEN */ 1993 s->dien = val; 1994 lsi_update_irq(s); 1995 break; 1996 case 0x3a: /* SBR */ 1997 s->sbr = val; 1998 break; 1999 case 0x3b: /* DCNTL */ 2000 s->dcntl = val & ~(LSI_DCNTL_PFF | LSI_DCNTL_STD); 2001 /* 2002 * FIXME: if s->waiting != LSI_NOWAIT, this will only execute one 2003 * instruction. Is this correct? 2004 */ 2005 if ((val & LSI_DCNTL_STD) && (s->istat1 & LSI_ISTAT1_SRUN) == 0) 2006 lsi_execute_script(s); 2007 break; 2008 case 0x40: /* SIEN0 */ 2009 s->sien0 = val; 2010 lsi_update_irq(s); 2011 break; 2012 case 0x41: /* SIEN1 */ 2013 s->sien1 = val; 2014 lsi_update_irq(s); 2015 break; 2016 case 0x47: /* GPCNTL0 */ 2017 break; 2018 case 0x48: /* STIME0 */ 2019 s->stime0 = val; 2020 break; 2021 case 0x49: /* STIME1 */ 2022 if (val & 0xf) { 2023 qemu_log_mask(LOG_UNIMP, 2024 "lsi_scsi: General purpose timer not implemented\n"); 2025 /* ??? Raising the interrupt immediately seems to be sufficient 2026 to keep the FreeBSD driver happy. */ 2027 lsi_script_scsi_interrupt(s, 0, LSI_SIST1_GEN); 2028 } 2029 break; 2030 case 0x4a: /* RESPID0 */ 2031 s->respid0 = val; 2032 break; 2033 case 0x4b: /* RESPID1 */ 2034 s->respid1 = val; 2035 break; 2036 case 0x4d: /* STEST1 */ 2037 s->stest1 = val; 2038 break; 2039 case 0x4e: /* STEST2 */ 2040 if (val & 1) { 2041 qemu_log_mask(LOG_UNIMP, 2042 "lsi_scsi: Low level mode not implemented\n"); 2043 } 2044 s->stest2 = val; 2045 break; 2046 case 0x4f: /* STEST3 */ 2047 if (val & 0x41) { 2048 qemu_log_mask(LOG_UNIMP, 2049 "lsi_scsi: SCSI FIFO test mode not implemented\n"); 2050 } 2051 s->stest3 = val; 2052 break; 2053 case 0x56: /* CCNTL0 */ 2054 s->ccntl0 = val; 2055 break; 2056 case 0x57: /* CCNTL1 */ 2057 s->ccntl1 = val; 2058 break; 2059 CASE_SET_REG32(mmrs, 0xa0) 2060 CASE_SET_REG32(mmws, 0xa4) 2061 CASE_SET_REG32(sfs, 0xa8) 2062 CASE_SET_REG32(drs, 0xac) 2063 CASE_SET_REG32(sbms, 0xb0) 2064 CASE_SET_REG32(dbms, 0xb4) 2065 CASE_SET_REG32(dnad64, 0xb8) 2066 CASE_SET_REG32(pmjad1, 0xc0) 2067 CASE_SET_REG32(pmjad2, 0xc4) 2068 CASE_SET_REG32(rbc, 0xc8) 2069 CASE_SET_REG32(ua, 0xcc) 2070 CASE_SET_REG32(ia, 0xd4) 2071 CASE_SET_REG32(sbc, 0xd8) 2072 CASE_SET_REG32(csbc, 0xdc) 2073 default: 2074 if (offset >= 0x5c && offset < 0xa0) { 2075 int n; 2076 int shift; 2077 n = (offset - 0x58) >> 2; 2078 shift = (offset & 3) * 8; 2079 s->scratch[n] = deposit32(s->scratch[n], shift, 8, val); 2080 } else { 2081 qemu_log_mask(LOG_GUEST_ERROR, 2082 "lsi_scsi: invalid write to reg %s %x (0x%02x)\n", 2083 offset < ARRAY_SIZE(names) ? names[offset] : "???", 2084 offset, val); 2085 } 2086 } 2087 #undef CASE_SET_REG24 2088 #undef CASE_SET_REG32 2089 } 2090 2091 static void lsi_mmio_write(void *opaque, hwaddr addr, 2092 uint64_t val, unsigned size) 2093 { 2094 LSIState *s = opaque; 2095 2096 lsi_reg_writeb(s, addr & 0xff, val); 2097 } 2098 2099 static uint64_t lsi_mmio_read(void *opaque, hwaddr addr, 2100 unsigned size) 2101 { 2102 LSIState *s = opaque; 2103 return lsi_reg_readb(s, addr & 0xff); 2104 } 2105 2106 static const MemoryRegionOps lsi_mmio_ops = { 2107 .read = lsi_mmio_read, 2108 .write = lsi_mmio_write, 2109 .endianness = DEVICE_LITTLE_ENDIAN, 2110 .impl = { 2111 .min_access_size = 1, 2112 .max_access_size = 1, 2113 }, 2114 }; 2115 2116 static void lsi_ram_write(void *opaque, hwaddr addr, 2117 uint64_t val, unsigned size) 2118 { 2119 LSIState *s = opaque; 2120 stn_le_p(s->script_ram + addr, size, val); 2121 } 2122 2123 static uint64_t lsi_ram_read(void *opaque, hwaddr addr, 2124 unsigned size) 2125 { 2126 LSIState *s = opaque; 2127 return ldn_le_p(s->script_ram + addr, size); 2128 } 2129 2130 static const MemoryRegionOps lsi_ram_ops = { 2131 .read = lsi_ram_read, 2132 .write = lsi_ram_write, 2133 .endianness = DEVICE_LITTLE_ENDIAN, 2134 }; 2135 2136 static uint64_t lsi_io_read(void *opaque, hwaddr addr, 2137 unsigned size) 2138 { 2139 LSIState *s = opaque; 2140 return lsi_reg_readb(s, addr & 0xff); 2141 } 2142 2143 static void lsi_io_write(void *opaque, hwaddr addr, 2144 uint64_t val, unsigned size) 2145 { 2146 LSIState *s = opaque; 2147 lsi_reg_writeb(s, addr & 0xff, val); 2148 } 2149 2150 static const MemoryRegionOps lsi_io_ops = { 2151 .read = lsi_io_read, 2152 .write = lsi_io_write, 2153 .endianness = DEVICE_LITTLE_ENDIAN, 2154 .impl = { 2155 .min_access_size = 1, 2156 .max_access_size = 1, 2157 }, 2158 }; 2159 2160 static void lsi_scsi_reset(DeviceState *dev) 2161 { 2162 LSIState *s = LSI53C895A(dev); 2163 2164 lsi_soft_reset(s); 2165 } 2166 2167 static int lsi_pre_save(void *opaque) 2168 { 2169 LSIState *s = opaque; 2170 2171 if (s->current) { 2172 assert(s->current->dma_buf == NULL); 2173 assert(s->current->dma_len == 0); 2174 } 2175 assert(QTAILQ_EMPTY(&s->queue)); 2176 2177 return 0; 2178 } 2179 2180 static int lsi_post_load(void *opaque, int version_id) 2181 { 2182 LSIState *s = opaque; 2183 2184 if (s->msg_len < 0 || s->msg_len > LSI_MAX_MSGIN_LEN) { 2185 return -EINVAL; 2186 } 2187 2188 return 0; 2189 } 2190 2191 static const VMStateDescription vmstate_lsi_scsi = { 2192 .name = "lsiscsi", 2193 .version_id = 1, 2194 .minimum_version_id = 0, 2195 .pre_save = lsi_pre_save, 2196 .post_load = lsi_post_load, 2197 .fields = (VMStateField[]) { 2198 VMSTATE_PCI_DEVICE(parent_obj, LSIState), 2199 2200 VMSTATE_INT32(carry, LSIState), 2201 VMSTATE_INT32(status, LSIState), 2202 VMSTATE_INT32(msg_action, LSIState), 2203 VMSTATE_INT32(msg_len, LSIState), 2204 VMSTATE_BUFFER(msg, LSIState), 2205 VMSTATE_INT32(waiting, LSIState), 2206 2207 VMSTATE_UINT32(dsa, LSIState), 2208 VMSTATE_UINT32(temp, LSIState), 2209 VMSTATE_UINT32(dnad, LSIState), 2210 VMSTATE_UINT32(dbc, LSIState), 2211 VMSTATE_UINT8(istat0, LSIState), 2212 VMSTATE_UINT8(istat1, LSIState), 2213 VMSTATE_UINT8(dcmd, LSIState), 2214 VMSTATE_UINT8(dstat, LSIState), 2215 VMSTATE_UINT8(dien, LSIState), 2216 VMSTATE_UINT8(sist0, LSIState), 2217 VMSTATE_UINT8(sist1, LSIState), 2218 VMSTATE_UINT8(sien0, LSIState), 2219 VMSTATE_UINT8(sien1, LSIState), 2220 VMSTATE_UINT8(mbox0, LSIState), 2221 VMSTATE_UINT8(mbox1, LSIState), 2222 VMSTATE_UINT8(dfifo, LSIState), 2223 VMSTATE_UINT8(ctest2, LSIState), 2224 VMSTATE_UINT8(ctest3, LSIState), 2225 VMSTATE_UINT8(ctest4, LSIState), 2226 VMSTATE_UINT8(ctest5, LSIState), 2227 VMSTATE_UINT8(ccntl0, LSIState), 2228 VMSTATE_UINT8(ccntl1, LSIState), 2229 VMSTATE_UINT32(dsp, LSIState), 2230 VMSTATE_UINT32(dsps, LSIState), 2231 VMSTATE_UINT8(dmode, LSIState), 2232 VMSTATE_UINT8(dcntl, LSIState), 2233 VMSTATE_UINT8(scntl0, LSIState), 2234 VMSTATE_UINT8(scntl1, LSIState), 2235 VMSTATE_UINT8(scntl2, LSIState), 2236 VMSTATE_UINT8(scntl3, LSIState), 2237 VMSTATE_UINT8(sstat0, LSIState), 2238 VMSTATE_UINT8(sstat1, LSIState), 2239 VMSTATE_UINT8(scid, LSIState), 2240 VMSTATE_UINT8(sxfer, LSIState), 2241 VMSTATE_UINT8(socl, LSIState), 2242 VMSTATE_UINT8(sdid, LSIState), 2243 VMSTATE_UINT8(ssid, LSIState), 2244 VMSTATE_UINT8(sfbr, LSIState), 2245 VMSTATE_UINT8(stest1, LSIState), 2246 VMSTATE_UINT8(stest2, LSIState), 2247 VMSTATE_UINT8(stest3, LSIState), 2248 VMSTATE_UINT8(sidl, LSIState), 2249 VMSTATE_UINT8(stime0, LSIState), 2250 VMSTATE_UINT8(respid0, LSIState), 2251 VMSTATE_UINT8(respid1, LSIState), 2252 VMSTATE_UINT8_V(sbcl, LSIState, 1), 2253 VMSTATE_UINT32(mmrs, LSIState), 2254 VMSTATE_UINT32(mmws, LSIState), 2255 VMSTATE_UINT32(sfs, LSIState), 2256 VMSTATE_UINT32(drs, LSIState), 2257 VMSTATE_UINT32(sbms, LSIState), 2258 VMSTATE_UINT32(dbms, LSIState), 2259 VMSTATE_UINT32(dnad64, LSIState), 2260 VMSTATE_UINT32(pmjad1, LSIState), 2261 VMSTATE_UINT32(pmjad2, LSIState), 2262 VMSTATE_UINT32(rbc, LSIState), 2263 VMSTATE_UINT32(ua, LSIState), 2264 VMSTATE_UINT32(ia, LSIState), 2265 VMSTATE_UINT32(sbc, LSIState), 2266 VMSTATE_UINT32(csbc, LSIState), 2267 VMSTATE_BUFFER_UNSAFE(scratch, LSIState, 0, 18 * sizeof(uint32_t)), 2268 VMSTATE_UINT8(sbr, LSIState), 2269 2270 VMSTATE_BUFFER_UNSAFE(script_ram, LSIState, 0, 8192), 2271 VMSTATE_END_OF_LIST() 2272 } 2273 }; 2274 2275 static const struct SCSIBusInfo lsi_scsi_info = { 2276 .tcq = true, 2277 .max_target = LSI_MAX_DEVS, 2278 .max_lun = 0, /* LUN support is buggy */ 2279 2280 .transfer_data = lsi_transfer_data, 2281 .complete = lsi_command_complete, 2282 .cancel = lsi_request_cancelled 2283 }; 2284 2285 static void lsi_scsi_realize(PCIDevice *dev, Error **errp) 2286 { 2287 LSIState *s = LSI53C895A(dev); 2288 DeviceState *d = DEVICE(dev); 2289 uint8_t *pci_conf; 2290 2291 pci_conf = dev->config; 2292 2293 /* PCI latency timer = 255 */ 2294 pci_conf[PCI_LATENCY_TIMER] = 0xff; 2295 /* Interrupt pin A */ 2296 pci_conf[PCI_INTERRUPT_PIN] = 0x01; 2297 2298 memory_region_init_io(&s->mmio_io, OBJECT(s), &lsi_mmio_ops, s, 2299 "lsi-mmio", 0x400); 2300 memory_region_init_io(&s->ram_io, OBJECT(s), &lsi_ram_ops, s, 2301 "lsi-ram", 0x2000); 2302 memory_region_init_io(&s->io_io, OBJECT(s), &lsi_io_ops, s, 2303 "lsi-io", 256); 2304 2305 /* 2306 * Since we use the address-space API to interact with ram_io, disable the 2307 * re-entrancy guard. 2308 */ 2309 s->ram_io.disable_reentrancy_guard = true; 2310 2311 address_space_init(&s->pci_io_as, pci_address_space_io(dev), "lsi-pci-io"); 2312 qdev_init_gpio_out(d, &s->ext_irq, 1); 2313 2314 pci_register_bar(dev, 0, PCI_BASE_ADDRESS_SPACE_IO, &s->io_io); 2315 pci_register_bar(dev, 1, PCI_BASE_ADDRESS_SPACE_MEMORY, &s->mmio_io); 2316 pci_register_bar(dev, 2, PCI_BASE_ADDRESS_SPACE_MEMORY, &s->ram_io); 2317 QTAILQ_INIT(&s->queue); 2318 2319 scsi_bus_init(&s->bus, sizeof(s->bus), d, &lsi_scsi_info); 2320 } 2321 2322 static void lsi_scsi_exit(PCIDevice *dev) 2323 { 2324 LSIState *s = LSI53C895A(dev); 2325 2326 address_space_destroy(&s->pci_io_as); 2327 } 2328 2329 static void lsi_class_init(ObjectClass *klass, void *data) 2330 { 2331 DeviceClass *dc = DEVICE_CLASS(klass); 2332 PCIDeviceClass *k = PCI_DEVICE_CLASS(klass); 2333 2334 k->realize = lsi_scsi_realize; 2335 k->exit = lsi_scsi_exit; 2336 k->vendor_id = PCI_VENDOR_ID_LSI_LOGIC; 2337 k->device_id = PCI_DEVICE_ID_LSI_53C895A; 2338 k->class_id = PCI_CLASS_STORAGE_SCSI; 2339 k->subsystem_id = 0x1000; 2340 dc->reset = lsi_scsi_reset; 2341 dc->vmsd = &vmstate_lsi_scsi; 2342 set_bit(DEVICE_CATEGORY_STORAGE, dc->categories); 2343 } 2344 2345 static const TypeInfo lsi_info = { 2346 .name = TYPE_LSI53C895A, 2347 .parent = TYPE_PCI_DEVICE, 2348 .instance_size = sizeof(LSIState), 2349 .class_init = lsi_class_init, 2350 .interfaces = (InterfaceInfo[]) { 2351 { INTERFACE_CONVENTIONAL_PCI_DEVICE }, 2352 { }, 2353 }, 2354 }; 2355 2356 static void lsi53c810_class_init(ObjectClass *klass, void *data) 2357 { 2358 PCIDeviceClass *k = PCI_DEVICE_CLASS(klass); 2359 2360 k->device_id = PCI_DEVICE_ID_LSI_53C810; 2361 } 2362 2363 static const TypeInfo lsi53c810_info = { 2364 .name = TYPE_LSI53C810, 2365 .parent = TYPE_LSI53C895A, 2366 .class_init = lsi53c810_class_init, 2367 }; 2368 2369 static void lsi53c895a_register_types(void) 2370 { 2371 type_register_static(&lsi_info); 2372 type_register_static(&lsi53c810_info); 2373 } 2374 2375 type_init(lsi53c895a_register_types) 2376 2377 void lsi53c8xx_handle_legacy_cmdline(DeviceState *lsi_dev) 2378 { 2379 LSIState *s = LSI53C895A(lsi_dev); 2380 2381 scsi_bus_legacy_handle_cmdline(&s->bus); 2382 } 2383