1 /* 2 * QEMU LSI53C895A SCSI Host Bus Adapter emulation 3 * 4 * Copyright (c) 2006 CodeSourcery. 5 * Written by Paul Brook 6 * 7 * This code is licensed under the LGPL. 8 */ 9 10 /* ??? Need to check if the {read,write}[wl] routines work properly on 11 big-endian targets. */ 12 13 #include <assert.h> 14 15 #include "hw/hw.h" 16 #include "hw/pci/pci.h" 17 #include "hw/scsi/scsi.h" 18 #include "sysemu/dma.h" 19 20 //#define DEBUG_LSI 21 //#define DEBUG_LSI_REG 22 23 #ifdef DEBUG_LSI 24 #define DPRINTF(fmt, ...) \ 25 do { printf("lsi_scsi: " fmt , ## __VA_ARGS__); } while (0) 26 #define BADF(fmt, ...) \ 27 do { fprintf(stderr, "lsi_scsi: error: " fmt , ## __VA_ARGS__); exit(1);} while (0) 28 #else 29 #define DPRINTF(fmt, ...) do {} while(0) 30 #define BADF(fmt, ...) \ 31 do { fprintf(stderr, "lsi_scsi: error: " fmt , ## __VA_ARGS__);} while (0) 32 #endif 33 34 #define LSI_MAX_DEVS 7 35 36 #define LSI_SCNTL0_TRG 0x01 37 #define LSI_SCNTL0_AAP 0x02 38 #define LSI_SCNTL0_EPC 0x08 39 #define LSI_SCNTL0_WATN 0x10 40 #define LSI_SCNTL0_START 0x20 41 42 #define LSI_SCNTL1_SST 0x01 43 #define LSI_SCNTL1_IARB 0x02 44 #define LSI_SCNTL1_AESP 0x04 45 #define LSI_SCNTL1_RST 0x08 46 #define LSI_SCNTL1_CON 0x10 47 #define LSI_SCNTL1_DHP 0x20 48 #define LSI_SCNTL1_ADB 0x40 49 #define LSI_SCNTL1_EXC 0x80 50 51 #define LSI_SCNTL2_WSR 0x01 52 #define LSI_SCNTL2_VUE0 0x02 53 #define LSI_SCNTL2_VUE1 0x04 54 #define LSI_SCNTL2_WSS 0x08 55 #define LSI_SCNTL2_SLPHBEN 0x10 56 #define LSI_SCNTL2_SLPMD 0x20 57 #define LSI_SCNTL2_CHM 0x40 58 #define LSI_SCNTL2_SDU 0x80 59 60 #define LSI_ISTAT0_DIP 0x01 61 #define LSI_ISTAT0_SIP 0x02 62 #define LSI_ISTAT0_INTF 0x04 63 #define LSI_ISTAT0_CON 0x08 64 #define LSI_ISTAT0_SEM 0x10 65 #define LSI_ISTAT0_SIGP 0x20 66 #define LSI_ISTAT0_SRST 0x40 67 #define LSI_ISTAT0_ABRT 0x80 68 69 #define LSI_ISTAT1_SI 0x01 70 #define LSI_ISTAT1_SRUN 0x02 71 #define LSI_ISTAT1_FLSH 0x04 72 73 #define LSI_SSTAT0_SDP0 0x01 74 #define LSI_SSTAT0_RST 0x02 75 #define LSI_SSTAT0_WOA 0x04 76 #define LSI_SSTAT0_LOA 0x08 77 #define LSI_SSTAT0_AIP 0x10 78 #define LSI_SSTAT0_OLF 0x20 79 #define LSI_SSTAT0_ORF 0x40 80 #define LSI_SSTAT0_ILF 0x80 81 82 #define LSI_SIST0_PAR 0x01 83 #define LSI_SIST0_RST 0x02 84 #define LSI_SIST0_UDC 0x04 85 #define LSI_SIST0_SGE 0x08 86 #define LSI_SIST0_RSL 0x10 87 #define LSI_SIST0_SEL 0x20 88 #define LSI_SIST0_CMP 0x40 89 #define LSI_SIST0_MA 0x80 90 91 #define LSI_SIST1_HTH 0x01 92 #define LSI_SIST1_GEN 0x02 93 #define LSI_SIST1_STO 0x04 94 #define LSI_SIST1_SBMC 0x10 95 96 #define LSI_SOCL_IO 0x01 97 #define LSI_SOCL_CD 0x02 98 #define LSI_SOCL_MSG 0x04 99 #define LSI_SOCL_ATN 0x08 100 #define LSI_SOCL_SEL 0x10 101 #define LSI_SOCL_BSY 0x20 102 #define LSI_SOCL_ACK 0x40 103 #define LSI_SOCL_REQ 0x80 104 105 #define LSI_DSTAT_IID 0x01 106 #define LSI_DSTAT_SIR 0x04 107 #define LSI_DSTAT_SSI 0x08 108 #define LSI_DSTAT_ABRT 0x10 109 #define LSI_DSTAT_BF 0x20 110 #define LSI_DSTAT_MDPE 0x40 111 #define LSI_DSTAT_DFE 0x80 112 113 #define LSI_DCNTL_COM 0x01 114 #define LSI_DCNTL_IRQD 0x02 115 #define LSI_DCNTL_STD 0x04 116 #define LSI_DCNTL_IRQM 0x08 117 #define LSI_DCNTL_SSM 0x10 118 #define LSI_DCNTL_PFEN 0x20 119 #define LSI_DCNTL_PFF 0x40 120 #define LSI_DCNTL_CLSE 0x80 121 122 #define LSI_DMODE_MAN 0x01 123 #define LSI_DMODE_BOF 0x02 124 #define LSI_DMODE_ERMP 0x04 125 #define LSI_DMODE_ERL 0x08 126 #define LSI_DMODE_DIOM 0x10 127 #define LSI_DMODE_SIOM 0x20 128 129 #define LSI_CTEST2_DACK 0x01 130 #define LSI_CTEST2_DREQ 0x02 131 #define LSI_CTEST2_TEOP 0x04 132 #define LSI_CTEST2_PCICIE 0x08 133 #define LSI_CTEST2_CM 0x10 134 #define LSI_CTEST2_CIO 0x20 135 #define LSI_CTEST2_SIGP 0x40 136 #define LSI_CTEST2_DDIR 0x80 137 138 #define LSI_CTEST5_BL2 0x04 139 #define LSI_CTEST5_DDIR 0x08 140 #define LSI_CTEST5_MASR 0x10 141 #define LSI_CTEST5_DFSN 0x20 142 #define LSI_CTEST5_BBCK 0x40 143 #define LSI_CTEST5_ADCK 0x80 144 145 #define LSI_CCNTL0_DILS 0x01 146 #define LSI_CCNTL0_DISFC 0x10 147 #define LSI_CCNTL0_ENNDJ 0x20 148 #define LSI_CCNTL0_PMJCTL 0x40 149 #define LSI_CCNTL0_ENPMJ 0x80 150 151 #define LSI_CCNTL1_EN64DBMV 0x01 152 #define LSI_CCNTL1_EN64TIBMV 0x02 153 #define LSI_CCNTL1_64TIMOD 0x04 154 #define LSI_CCNTL1_DDAC 0x08 155 #define LSI_CCNTL1_ZMOD 0x80 156 157 /* Enable Response to Reselection */ 158 #define LSI_SCID_RRE 0x60 159 160 #define LSI_CCNTL1_40BIT (LSI_CCNTL1_EN64TIBMV|LSI_CCNTL1_64TIMOD) 161 162 #define PHASE_DO 0 163 #define PHASE_DI 1 164 #define PHASE_CMD 2 165 #define PHASE_ST 3 166 #define PHASE_MO 6 167 #define PHASE_MI 7 168 #define PHASE_MASK 7 169 170 /* Maximum length of MSG IN data. */ 171 #define LSI_MAX_MSGIN_LEN 8 172 173 /* Flag set if this is a tagged command. */ 174 #define LSI_TAG_VALID (1 << 16) 175 176 typedef struct lsi_request { 177 SCSIRequest *req; 178 uint32_t tag; 179 uint32_t dma_len; 180 uint8_t *dma_buf; 181 uint32_t pending; 182 int out; 183 QTAILQ_ENTRY(lsi_request) next; 184 } lsi_request; 185 186 typedef struct { 187 PCIDevice dev; 188 MemoryRegion mmio_io; 189 MemoryRegion ram_io; 190 MemoryRegion io_io; 191 192 int carry; /* ??? Should this be an a visible register somewhere? */ 193 int status; 194 /* Action to take at the end of a MSG IN phase. 195 0 = COMMAND, 1 = disconnect, 2 = DATA OUT, 3 = DATA IN. */ 196 int msg_action; 197 int msg_len; 198 uint8_t msg[LSI_MAX_MSGIN_LEN]; 199 /* 0 if SCRIPTS are running or stopped. 200 * 1 if a Wait Reselect instruction has been issued. 201 * 2 if processing DMA from lsi_execute_script. 202 * 3 if a DMA operation is in progress. */ 203 int waiting; 204 SCSIBus bus; 205 int current_lun; 206 /* The tag is a combination of the device ID and the SCSI tag. */ 207 uint32_t select_tag; 208 int command_complete; 209 QTAILQ_HEAD(, lsi_request) queue; 210 lsi_request *current; 211 212 uint32_t dsa; 213 uint32_t temp; 214 uint32_t dnad; 215 uint32_t dbc; 216 uint8_t istat0; 217 uint8_t istat1; 218 uint8_t dcmd; 219 uint8_t dstat; 220 uint8_t dien; 221 uint8_t sist0; 222 uint8_t sist1; 223 uint8_t sien0; 224 uint8_t sien1; 225 uint8_t mbox0; 226 uint8_t mbox1; 227 uint8_t dfifo; 228 uint8_t ctest2; 229 uint8_t ctest3; 230 uint8_t ctest4; 231 uint8_t ctest5; 232 uint8_t ccntl0; 233 uint8_t ccntl1; 234 uint32_t dsp; 235 uint32_t dsps; 236 uint8_t dmode; 237 uint8_t dcntl; 238 uint8_t scntl0; 239 uint8_t scntl1; 240 uint8_t scntl2; 241 uint8_t scntl3; 242 uint8_t sstat0; 243 uint8_t sstat1; 244 uint8_t scid; 245 uint8_t sxfer; 246 uint8_t socl; 247 uint8_t sdid; 248 uint8_t ssid; 249 uint8_t sfbr; 250 uint8_t stest1; 251 uint8_t stest2; 252 uint8_t stest3; 253 uint8_t sidl; 254 uint8_t stime0; 255 uint8_t respid0; 256 uint8_t respid1; 257 uint32_t mmrs; 258 uint32_t mmws; 259 uint32_t sfs; 260 uint32_t drs; 261 uint32_t sbms; 262 uint32_t dbms; 263 uint32_t dnad64; 264 uint32_t pmjad1; 265 uint32_t pmjad2; 266 uint32_t rbc; 267 uint32_t ua; 268 uint32_t ia; 269 uint32_t sbc; 270 uint32_t csbc; 271 uint32_t scratch[18]; /* SCRATCHA-SCRATCHR */ 272 uint8_t sbr; 273 274 /* Script ram is stored as 32-bit words in host byteorder. */ 275 uint32_t script_ram[2048]; 276 } LSIState; 277 278 static inline int lsi_irq_on_rsl(LSIState *s) 279 { 280 return (s->sien0 & LSI_SIST0_RSL) && (s->scid & LSI_SCID_RRE); 281 } 282 283 static void lsi_soft_reset(LSIState *s) 284 { 285 DPRINTF("Reset\n"); 286 s->carry = 0; 287 288 s->msg_action = 0; 289 s->msg_len = 0; 290 s->waiting = 0; 291 s->dsa = 0; 292 s->dnad = 0; 293 s->dbc = 0; 294 s->temp = 0; 295 memset(s->scratch, 0, sizeof(s->scratch)); 296 s->istat0 = 0; 297 s->istat1 = 0; 298 s->dcmd = 0x40; 299 s->dstat = LSI_DSTAT_DFE; 300 s->dien = 0; 301 s->sist0 = 0; 302 s->sist1 = 0; 303 s->sien0 = 0; 304 s->sien1 = 0; 305 s->mbox0 = 0; 306 s->mbox1 = 0; 307 s->dfifo = 0; 308 s->ctest2 = LSI_CTEST2_DACK; 309 s->ctest3 = 0; 310 s->ctest4 = 0; 311 s->ctest5 = 0; 312 s->ccntl0 = 0; 313 s->ccntl1 = 0; 314 s->dsp = 0; 315 s->dsps = 0; 316 s->dmode = 0; 317 s->dcntl = 0; 318 s->scntl0 = 0xc0; 319 s->scntl1 = 0; 320 s->scntl2 = 0; 321 s->scntl3 = 0; 322 s->sstat0 = 0; 323 s->sstat1 = 0; 324 s->scid = 7; 325 s->sxfer = 0; 326 s->socl = 0; 327 s->sdid = 0; 328 s->ssid = 0; 329 s->stest1 = 0; 330 s->stest2 = 0; 331 s->stest3 = 0; 332 s->sidl = 0; 333 s->stime0 = 0; 334 s->respid0 = 0x80; 335 s->respid1 = 0; 336 s->mmrs = 0; 337 s->mmws = 0; 338 s->sfs = 0; 339 s->drs = 0; 340 s->sbms = 0; 341 s->dbms = 0; 342 s->dnad64 = 0; 343 s->pmjad1 = 0; 344 s->pmjad2 = 0; 345 s->rbc = 0; 346 s->ua = 0; 347 s->ia = 0; 348 s->sbc = 0; 349 s->csbc = 0; 350 s->sbr = 0; 351 assert(QTAILQ_EMPTY(&s->queue)); 352 assert(!s->current); 353 } 354 355 static int lsi_dma_40bit(LSIState *s) 356 { 357 if ((s->ccntl1 & LSI_CCNTL1_40BIT) == LSI_CCNTL1_40BIT) 358 return 1; 359 return 0; 360 } 361 362 static int lsi_dma_ti64bit(LSIState *s) 363 { 364 if ((s->ccntl1 & LSI_CCNTL1_EN64TIBMV) == LSI_CCNTL1_EN64TIBMV) 365 return 1; 366 return 0; 367 } 368 369 static int lsi_dma_64bit(LSIState *s) 370 { 371 if ((s->ccntl1 & LSI_CCNTL1_EN64DBMV) == LSI_CCNTL1_EN64DBMV) 372 return 1; 373 return 0; 374 } 375 376 static uint8_t lsi_reg_readb(LSIState *s, int offset); 377 static void lsi_reg_writeb(LSIState *s, int offset, uint8_t val); 378 static void lsi_execute_script(LSIState *s); 379 static void lsi_reselect(LSIState *s, lsi_request *p); 380 381 static inline uint32_t read_dword(LSIState *s, uint32_t addr) 382 { 383 uint32_t buf; 384 385 pci_dma_read(&s->dev, addr, &buf, 4); 386 return cpu_to_le32(buf); 387 } 388 389 static void lsi_stop_script(LSIState *s) 390 { 391 s->istat1 &= ~LSI_ISTAT1_SRUN; 392 } 393 394 static void lsi_update_irq(LSIState *s) 395 { 396 int level; 397 static int last_level; 398 lsi_request *p; 399 400 /* It's unclear whether the DIP/SIP bits should be cleared when the 401 Interrupt Status Registers are cleared or when istat0 is read. 402 We currently do the formwer, which seems to work. */ 403 level = 0; 404 if (s->dstat) { 405 if (s->dstat & s->dien) 406 level = 1; 407 s->istat0 |= LSI_ISTAT0_DIP; 408 } else { 409 s->istat0 &= ~LSI_ISTAT0_DIP; 410 } 411 412 if (s->sist0 || s->sist1) { 413 if ((s->sist0 & s->sien0) || (s->sist1 & s->sien1)) 414 level = 1; 415 s->istat0 |= LSI_ISTAT0_SIP; 416 } else { 417 s->istat0 &= ~LSI_ISTAT0_SIP; 418 } 419 if (s->istat0 & LSI_ISTAT0_INTF) 420 level = 1; 421 422 if (level != last_level) { 423 DPRINTF("Update IRQ level %d dstat %02x sist %02x%02x\n", 424 level, s->dstat, s->sist1, s->sist0); 425 last_level = level; 426 } 427 qemu_set_irq(s->dev.irq[0], level); 428 429 if (!level && lsi_irq_on_rsl(s) && !(s->scntl1 & LSI_SCNTL1_CON)) { 430 DPRINTF("Handled IRQs & disconnected, looking for pending " 431 "processes\n"); 432 QTAILQ_FOREACH(p, &s->queue, next) { 433 if (p->pending) { 434 lsi_reselect(s, p); 435 break; 436 } 437 } 438 } 439 } 440 441 /* Stop SCRIPTS execution and raise a SCSI interrupt. */ 442 static void lsi_script_scsi_interrupt(LSIState *s, int stat0, int stat1) 443 { 444 uint32_t mask0; 445 uint32_t mask1; 446 447 DPRINTF("SCSI Interrupt 0x%02x%02x prev 0x%02x%02x\n", 448 stat1, stat0, s->sist1, s->sist0); 449 s->sist0 |= stat0; 450 s->sist1 |= stat1; 451 /* Stop processor on fatal or unmasked interrupt. As a special hack 452 we don't stop processing when raising STO. Instead continue 453 execution and stop at the next insn that accesses the SCSI bus. */ 454 mask0 = s->sien0 | ~(LSI_SIST0_CMP | LSI_SIST0_SEL | LSI_SIST0_RSL); 455 mask1 = s->sien1 | ~(LSI_SIST1_GEN | LSI_SIST1_HTH); 456 mask1 &= ~LSI_SIST1_STO; 457 if (s->sist0 & mask0 || s->sist1 & mask1) { 458 lsi_stop_script(s); 459 } 460 lsi_update_irq(s); 461 } 462 463 /* Stop SCRIPTS execution and raise a DMA interrupt. */ 464 static void lsi_script_dma_interrupt(LSIState *s, int stat) 465 { 466 DPRINTF("DMA Interrupt 0x%x prev 0x%x\n", stat, s->dstat); 467 s->dstat |= stat; 468 lsi_update_irq(s); 469 lsi_stop_script(s); 470 } 471 472 static inline void lsi_set_phase(LSIState *s, int phase) 473 { 474 s->sstat1 = (s->sstat1 & ~PHASE_MASK) | phase; 475 } 476 477 static void lsi_bad_phase(LSIState *s, int out, int new_phase) 478 { 479 /* Trigger a phase mismatch. */ 480 if (s->ccntl0 & LSI_CCNTL0_ENPMJ) { 481 if ((s->ccntl0 & LSI_CCNTL0_PMJCTL)) { 482 s->dsp = out ? s->pmjad1 : s->pmjad2; 483 } else { 484 s->dsp = (s->scntl2 & LSI_SCNTL2_WSR ? s->pmjad2 : s->pmjad1); 485 } 486 DPRINTF("Data phase mismatch jump to %08x\n", s->dsp); 487 } else { 488 DPRINTF("Phase mismatch interrupt\n"); 489 lsi_script_scsi_interrupt(s, LSI_SIST0_MA, 0); 490 lsi_stop_script(s); 491 } 492 lsi_set_phase(s, new_phase); 493 } 494 495 496 /* Resume SCRIPTS execution after a DMA operation. */ 497 static void lsi_resume_script(LSIState *s) 498 { 499 if (s->waiting != 2) { 500 s->waiting = 0; 501 lsi_execute_script(s); 502 } else { 503 s->waiting = 0; 504 } 505 } 506 507 static void lsi_disconnect(LSIState *s) 508 { 509 s->scntl1 &= ~LSI_SCNTL1_CON; 510 s->sstat1 &= ~PHASE_MASK; 511 } 512 513 static void lsi_bad_selection(LSIState *s, uint32_t id) 514 { 515 DPRINTF("Selected absent target %d\n", id); 516 lsi_script_scsi_interrupt(s, 0, LSI_SIST1_STO); 517 lsi_disconnect(s); 518 } 519 520 /* Initiate a SCSI layer data transfer. */ 521 static void lsi_do_dma(LSIState *s, int out) 522 { 523 uint32_t count; 524 dma_addr_t addr; 525 SCSIDevice *dev; 526 527 assert(s->current); 528 if (!s->current->dma_len) { 529 /* Wait until data is available. */ 530 DPRINTF("DMA no data available\n"); 531 return; 532 } 533 534 dev = s->current->req->dev; 535 assert(dev); 536 537 count = s->dbc; 538 if (count > s->current->dma_len) 539 count = s->current->dma_len; 540 541 addr = s->dnad; 542 /* both 40 and Table Indirect 64-bit DMAs store upper bits in dnad64 */ 543 if (lsi_dma_40bit(s) || lsi_dma_ti64bit(s)) 544 addr |= ((uint64_t)s->dnad64 << 32); 545 else if (s->dbms) 546 addr |= ((uint64_t)s->dbms << 32); 547 else if (s->sbms) 548 addr |= ((uint64_t)s->sbms << 32); 549 550 DPRINTF("DMA addr=0x" DMA_ADDR_FMT " len=%d\n", addr, count); 551 s->csbc += count; 552 s->dnad += count; 553 s->dbc -= count; 554 if (s->current->dma_buf == NULL) { 555 s->current->dma_buf = scsi_req_get_buf(s->current->req); 556 } 557 /* ??? Set SFBR to first data byte. */ 558 if (out) { 559 pci_dma_read(&s->dev, addr, s->current->dma_buf, count); 560 } else { 561 pci_dma_write(&s->dev, addr, s->current->dma_buf, count); 562 } 563 s->current->dma_len -= count; 564 if (s->current->dma_len == 0) { 565 s->current->dma_buf = NULL; 566 scsi_req_continue(s->current->req); 567 } else { 568 s->current->dma_buf += count; 569 lsi_resume_script(s); 570 } 571 } 572 573 574 /* Add a command to the queue. */ 575 static void lsi_queue_command(LSIState *s) 576 { 577 lsi_request *p = s->current; 578 579 DPRINTF("Queueing tag=0x%x\n", p->tag); 580 assert(s->current != NULL); 581 assert(s->current->dma_len == 0); 582 QTAILQ_INSERT_TAIL(&s->queue, s->current, next); 583 s->current = NULL; 584 585 p->pending = 0; 586 p->out = (s->sstat1 & PHASE_MASK) == PHASE_DO; 587 } 588 589 /* Queue a byte for a MSG IN phase. */ 590 static void lsi_add_msg_byte(LSIState *s, uint8_t data) 591 { 592 if (s->msg_len >= LSI_MAX_MSGIN_LEN) { 593 BADF("MSG IN data too long\n"); 594 } else { 595 DPRINTF("MSG IN 0x%02x\n", data); 596 s->msg[s->msg_len++] = data; 597 } 598 } 599 600 /* Perform reselection to continue a command. */ 601 static void lsi_reselect(LSIState *s, lsi_request *p) 602 { 603 int id; 604 605 assert(s->current == NULL); 606 QTAILQ_REMOVE(&s->queue, p, next); 607 s->current = p; 608 609 id = (p->tag >> 8) & 0xf; 610 s->ssid = id | 0x80; 611 /* LSI53C700 Family Compatibility, see LSI53C895A 4-73 */ 612 if (!(s->dcntl & LSI_DCNTL_COM)) { 613 s->sfbr = 1 << (id & 0x7); 614 } 615 DPRINTF("Reselected target %d\n", id); 616 s->scntl1 |= LSI_SCNTL1_CON; 617 lsi_set_phase(s, PHASE_MI); 618 s->msg_action = p->out ? 2 : 3; 619 s->current->dma_len = p->pending; 620 lsi_add_msg_byte(s, 0x80); 621 if (s->current->tag & LSI_TAG_VALID) { 622 lsi_add_msg_byte(s, 0x20); 623 lsi_add_msg_byte(s, p->tag & 0xff); 624 } 625 626 if (lsi_irq_on_rsl(s)) { 627 lsi_script_scsi_interrupt(s, LSI_SIST0_RSL, 0); 628 } 629 } 630 631 static lsi_request *lsi_find_by_tag(LSIState *s, uint32_t tag) 632 { 633 lsi_request *p; 634 635 QTAILQ_FOREACH(p, &s->queue, next) { 636 if (p->tag == tag) { 637 return p; 638 } 639 } 640 641 return NULL; 642 } 643 644 static void lsi_request_free(LSIState *s, lsi_request *p) 645 { 646 if (p == s->current) { 647 s->current = NULL; 648 } else { 649 QTAILQ_REMOVE(&s->queue, p, next); 650 } 651 g_free(p); 652 } 653 654 static void lsi_request_cancelled(SCSIRequest *req) 655 { 656 LSIState *s = DO_UPCAST(LSIState, dev.qdev, req->bus->qbus.parent); 657 lsi_request *p = req->hba_private; 658 659 req->hba_private = NULL; 660 lsi_request_free(s, p); 661 scsi_req_unref(req); 662 } 663 664 /* Record that data is available for a queued command. Returns zero if 665 the device was reselected, nonzero if the IO is deferred. */ 666 static int lsi_queue_req(LSIState *s, SCSIRequest *req, uint32_t len) 667 { 668 lsi_request *p = req->hba_private; 669 670 if (p->pending) { 671 BADF("Multiple IO pending for request %p\n", p); 672 } 673 p->pending = len; 674 /* Reselect if waiting for it, or if reselection triggers an IRQ 675 and the bus is free. 676 Since no interrupt stacking is implemented in the emulation, it 677 is also required that there are no pending interrupts waiting 678 for service from the device driver. */ 679 if (s->waiting == 1 || 680 (lsi_irq_on_rsl(s) && !(s->scntl1 & LSI_SCNTL1_CON) && 681 !(s->istat0 & (LSI_ISTAT0_SIP | LSI_ISTAT0_DIP)))) { 682 /* Reselect device. */ 683 lsi_reselect(s, p); 684 return 0; 685 } else { 686 DPRINTF("Queueing IO tag=0x%x\n", p->tag); 687 p->pending = len; 688 return 1; 689 } 690 } 691 692 /* Callback to indicate that the SCSI layer has completed a command. */ 693 static void lsi_command_complete(SCSIRequest *req, uint32_t status, size_t resid) 694 { 695 LSIState *s = DO_UPCAST(LSIState, dev.qdev, req->bus->qbus.parent); 696 int out; 697 698 out = (s->sstat1 & PHASE_MASK) == PHASE_DO; 699 DPRINTF("Command complete status=%d\n", (int)status); 700 s->status = status; 701 s->command_complete = 2; 702 if (s->waiting && s->dbc != 0) { 703 /* Raise phase mismatch for short transfers. */ 704 lsi_bad_phase(s, out, PHASE_ST); 705 } else { 706 lsi_set_phase(s, PHASE_ST); 707 } 708 709 if (req->hba_private == s->current) { 710 req->hba_private = NULL; 711 lsi_request_free(s, s->current); 712 scsi_req_unref(req); 713 } 714 lsi_resume_script(s); 715 } 716 717 /* Callback to indicate that the SCSI layer has completed a transfer. */ 718 static void lsi_transfer_data(SCSIRequest *req, uint32_t len) 719 { 720 LSIState *s = DO_UPCAST(LSIState, dev.qdev, req->bus->qbus.parent); 721 int out; 722 723 assert(req->hba_private); 724 if (s->waiting == 1 || req->hba_private != s->current || 725 (lsi_irq_on_rsl(s) && !(s->scntl1 & LSI_SCNTL1_CON))) { 726 if (lsi_queue_req(s, req, len)) { 727 return; 728 } 729 } 730 731 out = (s->sstat1 & PHASE_MASK) == PHASE_DO; 732 733 /* host adapter (re)connected */ 734 DPRINTF("Data ready tag=0x%x len=%d\n", req->tag, len); 735 s->current->dma_len = len; 736 s->command_complete = 1; 737 if (s->waiting) { 738 if (s->waiting == 1 || s->dbc == 0) { 739 lsi_resume_script(s); 740 } else { 741 lsi_do_dma(s, out); 742 } 743 } 744 } 745 746 static void lsi_do_command(LSIState *s) 747 { 748 SCSIDevice *dev; 749 uint8_t buf[16]; 750 uint32_t id; 751 int n; 752 753 DPRINTF("Send command len=%d\n", s->dbc); 754 if (s->dbc > 16) 755 s->dbc = 16; 756 pci_dma_read(&s->dev, s->dnad, buf, s->dbc); 757 s->sfbr = buf[0]; 758 s->command_complete = 0; 759 760 id = (s->select_tag >> 8) & 0xf; 761 dev = scsi_device_find(&s->bus, 0, id, s->current_lun); 762 if (!dev) { 763 lsi_bad_selection(s, id); 764 return; 765 } 766 767 assert(s->current == NULL); 768 s->current = g_malloc0(sizeof(lsi_request)); 769 s->current->tag = s->select_tag; 770 s->current->req = scsi_req_new(dev, s->current->tag, s->current_lun, buf, 771 s->current); 772 773 n = scsi_req_enqueue(s->current->req); 774 if (n) { 775 if (n > 0) { 776 lsi_set_phase(s, PHASE_DI); 777 } else if (n < 0) { 778 lsi_set_phase(s, PHASE_DO); 779 } 780 scsi_req_continue(s->current->req); 781 } 782 if (!s->command_complete) { 783 if (n) { 784 /* Command did not complete immediately so disconnect. */ 785 lsi_add_msg_byte(s, 2); /* SAVE DATA POINTER */ 786 lsi_add_msg_byte(s, 4); /* DISCONNECT */ 787 /* wait data */ 788 lsi_set_phase(s, PHASE_MI); 789 s->msg_action = 1; 790 lsi_queue_command(s); 791 } else { 792 /* wait command complete */ 793 lsi_set_phase(s, PHASE_DI); 794 } 795 } 796 } 797 798 static void lsi_do_status(LSIState *s) 799 { 800 uint8_t status; 801 DPRINTF("Get status len=%d status=%d\n", s->dbc, s->status); 802 if (s->dbc != 1) 803 BADF("Bad Status move\n"); 804 s->dbc = 1; 805 status = s->status; 806 s->sfbr = status; 807 pci_dma_write(&s->dev, s->dnad, &status, 1); 808 lsi_set_phase(s, PHASE_MI); 809 s->msg_action = 1; 810 lsi_add_msg_byte(s, 0); /* COMMAND COMPLETE */ 811 } 812 813 static void lsi_do_msgin(LSIState *s) 814 { 815 int len; 816 DPRINTF("Message in len=%d/%d\n", s->dbc, s->msg_len); 817 s->sfbr = s->msg[0]; 818 len = s->msg_len; 819 if (len > s->dbc) 820 len = s->dbc; 821 pci_dma_write(&s->dev, s->dnad, s->msg, len); 822 /* Linux drivers rely on the last byte being in the SIDL. */ 823 s->sidl = s->msg[len - 1]; 824 s->msg_len -= len; 825 if (s->msg_len) { 826 memmove(s->msg, s->msg + len, s->msg_len); 827 } else { 828 /* ??? Check if ATN (not yet implemented) is asserted and maybe 829 switch to PHASE_MO. */ 830 switch (s->msg_action) { 831 case 0: 832 lsi_set_phase(s, PHASE_CMD); 833 break; 834 case 1: 835 lsi_disconnect(s); 836 break; 837 case 2: 838 lsi_set_phase(s, PHASE_DO); 839 break; 840 case 3: 841 lsi_set_phase(s, PHASE_DI); 842 break; 843 default: 844 abort(); 845 } 846 } 847 } 848 849 /* Read the next byte during a MSGOUT phase. */ 850 static uint8_t lsi_get_msgbyte(LSIState *s) 851 { 852 uint8_t data; 853 pci_dma_read(&s->dev, s->dnad, &data, 1); 854 s->dnad++; 855 s->dbc--; 856 return data; 857 } 858 859 /* Skip the next n bytes during a MSGOUT phase. */ 860 static void lsi_skip_msgbytes(LSIState *s, unsigned int n) 861 { 862 s->dnad += n; 863 s->dbc -= n; 864 } 865 866 static void lsi_do_msgout(LSIState *s) 867 { 868 uint8_t msg; 869 int len; 870 uint32_t current_tag; 871 lsi_request *current_req, *p, *p_next; 872 873 if (s->current) { 874 current_tag = s->current->tag; 875 current_req = s->current; 876 } else { 877 current_tag = s->select_tag; 878 current_req = lsi_find_by_tag(s, current_tag); 879 } 880 881 DPRINTF("MSG out len=%d\n", s->dbc); 882 while (s->dbc) { 883 msg = lsi_get_msgbyte(s); 884 s->sfbr = msg; 885 886 switch (msg) { 887 case 0x04: 888 DPRINTF("MSG: Disconnect\n"); 889 lsi_disconnect(s); 890 break; 891 case 0x08: 892 DPRINTF("MSG: No Operation\n"); 893 lsi_set_phase(s, PHASE_CMD); 894 break; 895 case 0x01: 896 len = lsi_get_msgbyte(s); 897 msg = lsi_get_msgbyte(s); 898 (void)len; /* avoid a warning about unused variable*/ 899 DPRINTF("Extended message 0x%x (len %d)\n", msg, len); 900 switch (msg) { 901 case 1: 902 DPRINTF("SDTR (ignored)\n"); 903 lsi_skip_msgbytes(s, 2); 904 break; 905 case 3: 906 DPRINTF("WDTR (ignored)\n"); 907 lsi_skip_msgbytes(s, 1); 908 break; 909 default: 910 goto bad; 911 } 912 break; 913 case 0x20: /* SIMPLE queue */ 914 s->select_tag |= lsi_get_msgbyte(s) | LSI_TAG_VALID; 915 DPRINTF("SIMPLE queue tag=0x%x\n", s->select_tag & 0xff); 916 break; 917 case 0x21: /* HEAD of queue */ 918 BADF("HEAD queue not implemented\n"); 919 s->select_tag |= lsi_get_msgbyte(s) | LSI_TAG_VALID; 920 break; 921 case 0x22: /* ORDERED queue */ 922 BADF("ORDERED queue not implemented\n"); 923 s->select_tag |= lsi_get_msgbyte(s) | LSI_TAG_VALID; 924 break; 925 case 0x0d: 926 /* The ABORT TAG message clears the current I/O process only. */ 927 DPRINTF("MSG: ABORT TAG tag=0x%x\n", current_tag); 928 if (current_req) { 929 scsi_req_cancel(current_req->req); 930 } 931 lsi_disconnect(s); 932 break; 933 case 0x06: 934 case 0x0e: 935 case 0x0c: 936 /* The ABORT message clears all I/O processes for the selecting 937 initiator on the specified logical unit of the target. */ 938 if (msg == 0x06) { 939 DPRINTF("MSG: ABORT tag=0x%x\n", current_tag); 940 } 941 /* The CLEAR QUEUE message clears all I/O processes for all 942 initiators on the specified logical unit of the target. */ 943 if (msg == 0x0e) { 944 DPRINTF("MSG: CLEAR QUEUE tag=0x%x\n", current_tag); 945 } 946 /* The BUS DEVICE RESET message clears all I/O processes for all 947 initiators on all logical units of the target. */ 948 if (msg == 0x0c) { 949 DPRINTF("MSG: BUS DEVICE RESET tag=0x%x\n", current_tag); 950 } 951 952 /* clear the current I/O process */ 953 if (s->current) { 954 scsi_req_cancel(s->current->req); 955 } 956 957 /* As the current implemented devices scsi_disk and scsi_generic 958 only support one LUN, we don't need to keep track of LUNs. 959 Clearing I/O processes for other initiators could be possible 960 for scsi_generic by sending a SG_SCSI_RESET to the /dev/sgX 961 device, but this is currently not implemented (and seems not 962 to be really necessary). So let's simply clear all queued 963 commands for the current device: */ 964 QTAILQ_FOREACH_SAFE(p, &s->queue, next, p_next) { 965 if ((p->tag & 0x0000ff00) == (current_tag & 0x0000ff00)) { 966 scsi_req_cancel(p->req); 967 } 968 } 969 970 lsi_disconnect(s); 971 break; 972 default: 973 if ((msg & 0x80) == 0) { 974 goto bad; 975 } 976 s->current_lun = msg & 7; 977 DPRINTF("Select LUN %d\n", s->current_lun); 978 lsi_set_phase(s, PHASE_CMD); 979 break; 980 } 981 } 982 return; 983 bad: 984 BADF("Unimplemented message 0x%02x\n", msg); 985 lsi_set_phase(s, PHASE_MI); 986 lsi_add_msg_byte(s, 7); /* MESSAGE REJECT */ 987 s->msg_action = 0; 988 } 989 990 /* Sign extend a 24-bit value. */ 991 static inline int32_t sxt24(int32_t n) 992 { 993 return (n << 8) >> 8; 994 } 995 996 #define LSI_BUF_SIZE 4096 997 static void lsi_memcpy(LSIState *s, uint32_t dest, uint32_t src, int count) 998 { 999 int n; 1000 uint8_t buf[LSI_BUF_SIZE]; 1001 1002 DPRINTF("memcpy dest 0x%08x src 0x%08x count %d\n", dest, src, count); 1003 while (count) { 1004 n = (count > LSI_BUF_SIZE) ? LSI_BUF_SIZE : count; 1005 pci_dma_read(&s->dev, src, buf, n); 1006 pci_dma_write(&s->dev, dest, buf, n); 1007 src += n; 1008 dest += n; 1009 count -= n; 1010 } 1011 } 1012 1013 static void lsi_wait_reselect(LSIState *s) 1014 { 1015 lsi_request *p; 1016 1017 DPRINTF("Wait Reselect\n"); 1018 1019 QTAILQ_FOREACH(p, &s->queue, next) { 1020 if (p->pending) { 1021 lsi_reselect(s, p); 1022 break; 1023 } 1024 } 1025 if (s->current == NULL) { 1026 s->waiting = 1; 1027 } 1028 } 1029 1030 static void lsi_execute_script(LSIState *s) 1031 { 1032 uint32_t insn; 1033 uint32_t addr, addr_high; 1034 int opcode; 1035 int insn_processed = 0; 1036 1037 s->istat1 |= LSI_ISTAT1_SRUN; 1038 again: 1039 insn_processed++; 1040 insn = read_dword(s, s->dsp); 1041 if (!insn) { 1042 /* If we receive an empty opcode increment the DSP by 4 bytes 1043 instead of 8 and execute the next opcode at that location */ 1044 s->dsp += 4; 1045 goto again; 1046 } 1047 addr = read_dword(s, s->dsp + 4); 1048 addr_high = 0; 1049 DPRINTF("SCRIPTS dsp=%08x opcode %08x arg %08x\n", s->dsp, insn, addr); 1050 s->dsps = addr; 1051 s->dcmd = insn >> 24; 1052 s->dsp += 8; 1053 switch (insn >> 30) { 1054 case 0: /* Block move. */ 1055 if (s->sist1 & LSI_SIST1_STO) { 1056 DPRINTF("Delayed select timeout\n"); 1057 lsi_stop_script(s); 1058 break; 1059 } 1060 s->dbc = insn & 0xffffff; 1061 s->rbc = s->dbc; 1062 /* ??? Set ESA. */ 1063 s->ia = s->dsp - 8; 1064 if (insn & (1 << 29)) { 1065 /* Indirect addressing. */ 1066 addr = read_dword(s, addr); 1067 } else if (insn & (1 << 28)) { 1068 uint32_t buf[2]; 1069 int32_t offset; 1070 /* Table indirect addressing. */ 1071 1072 /* 32-bit Table indirect */ 1073 offset = sxt24(addr); 1074 pci_dma_read(&s->dev, s->dsa + offset, buf, 8); 1075 /* byte count is stored in bits 0:23 only */ 1076 s->dbc = cpu_to_le32(buf[0]) & 0xffffff; 1077 s->rbc = s->dbc; 1078 addr = cpu_to_le32(buf[1]); 1079 1080 /* 40-bit DMA, upper addr bits [39:32] stored in first DWORD of 1081 * table, bits [31:24] */ 1082 if (lsi_dma_40bit(s)) 1083 addr_high = cpu_to_le32(buf[0]) >> 24; 1084 else if (lsi_dma_ti64bit(s)) { 1085 int selector = (cpu_to_le32(buf[0]) >> 24) & 0x1f; 1086 switch (selector) { 1087 case 0 ... 0x0f: 1088 /* offset index into scratch registers since 1089 * TI64 mode can use registers C to R */ 1090 addr_high = s->scratch[2 + selector]; 1091 break; 1092 case 0x10: 1093 addr_high = s->mmrs; 1094 break; 1095 case 0x11: 1096 addr_high = s->mmws; 1097 break; 1098 case 0x12: 1099 addr_high = s->sfs; 1100 break; 1101 case 0x13: 1102 addr_high = s->drs; 1103 break; 1104 case 0x14: 1105 addr_high = s->sbms; 1106 break; 1107 case 0x15: 1108 addr_high = s->dbms; 1109 break; 1110 default: 1111 BADF("Illegal selector specified (0x%x > 0x15)" 1112 " for 64-bit DMA block move", selector); 1113 break; 1114 } 1115 } 1116 } else if (lsi_dma_64bit(s)) { 1117 /* fetch a 3rd dword if 64-bit direct move is enabled and 1118 only if we're not doing table indirect or indirect addressing */ 1119 s->dbms = read_dword(s, s->dsp); 1120 s->dsp += 4; 1121 s->ia = s->dsp - 12; 1122 } 1123 if ((s->sstat1 & PHASE_MASK) != ((insn >> 24) & 7)) { 1124 DPRINTF("Wrong phase got %d expected %d\n", 1125 s->sstat1 & PHASE_MASK, (insn >> 24) & 7); 1126 lsi_script_scsi_interrupt(s, LSI_SIST0_MA, 0); 1127 break; 1128 } 1129 s->dnad = addr; 1130 s->dnad64 = addr_high; 1131 switch (s->sstat1 & 0x7) { 1132 case PHASE_DO: 1133 s->waiting = 2; 1134 lsi_do_dma(s, 1); 1135 if (s->waiting) 1136 s->waiting = 3; 1137 break; 1138 case PHASE_DI: 1139 s->waiting = 2; 1140 lsi_do_dma(s, 0); 1141 if (s->waiting) 1142 s->waiting = 3; 1143 break; 1144 case PHASE_CMD: 1145 lsi_do_command(s); 1146 break; 1147 case PHASE_ST: 1148 lsi_do_status(s); 1149 break; 1150 case PHASE_MO: 1151 lsi_do_msgout(s); 1152 break; 1153 case PHASE_MI: 1154 lsi_do_msgin(s); 1155 break; 1156 default: 1157 BADF("Unimplemented phase %d\n", s->sstat1 & PHASE_MASK); 1158 exit(1); 1159 } 1160 s->dfifo = s->dbc & 0xff; 1161 s->ctest5 = (s->ctest5 & 0xfc) | ((s->dbc >> 8) & 3); 1162 s->sbc = s->dbc; 1163 s->rbc -= s->dbc; 1164 s->ua = addr + s->dbc; 1165 break; 1166 1167 case 1: /* IO or Read/Write instruction. */ 1168 opcode = (insn >> 27) & 7; 1169 if (opcode < 5) { 1170 uint32_t id; 1171 1172 if (insn & (1 << 25)) { 1173 id = read_dword(s, s->dsa + sxt24(insn)); 1174 } else { 1175 id = insn; 1176 } 1177 id = (id >> 16) & 0xf; 1178 if (insn & (1 << 26)) { 1179 addr = s->dsp + sxt24(addr); 1180 } 1181 s->dnad = addr; 1182 switch (opcode) { 1183 case 0: /* Select */ 1184 s->sdid = id; 1185 if (s->scntl1 & LSI_SCNTL1_CON) { 1186 DPRINTF("Already reselected, jumping to alternative address\n"); 1187 s->dsp = s->dnad; 1188 break; 1189 } 1190 s->sstat0 |= LSI_SSTAT0_WOA; 1191 s->scntl1 &= ~LSI_SCNTL1_IARB; 1192 if (!scsi_device_find(&s->bus, 0, id, 0)) { 1193 lsi_bad_selection(s, id); 1194 break; 1195 } 1196 DPRINTF("Selected target %d%s\n", 1197 id, insn & (1 << 3) ? " ATN" : ""); 1198 /* ??? Linux drivers compain when this is set. Maybe 1199 it only applies in low-level mode (unimplemented). 1200 lsi_script_scsi_interrupt(s, LSI_SIST0_CMP, 0); */ 1201 s->select_tag = id << 8; 1202 s->scntl1 |= LSI_SCNTL1_CON; 1203 if (insn & (1 << 3)) { 1204 s->socl |= LSI_SOCL_ATN; 1205 } 1206 lsi_set_phase(s, PHASE_MO); 1207 break; 1208 case 1: /* Disconnect */ 1209 DPRINTF("Wait Disconnect\n"); 1210 s->scntl1 &= ~LSI_SCNTL1_CON; 1211 break; 1212 case 2: /* Wait Reselect */ 1213 if (!lsi_irq_on_rsl(s)) { 1214 lsi_wait_reselect(s); 1215 } 1216 break; 1217 case 3: /* Set */ 1218 DPRINTF("Set%s%s%s%s\n", 1219 insn & (1 << 3) ? " ATN" : "", 1220 insn & (1 << 6) ? " ACK" : "", 1221 insn & (1 << 9) ? " TM" : "", 1222 insn & (1 << 10) ? " CC" : ""); 1223 if (insn & (1 << 3)) { 1224 s->socl |= LSI_SOCL_ATN; 1225 lsi_set_phase(s, PHASE_MO); 1226 } 1227 if (insn & (1 << 9)) { 1228 BADF("Target mode not implemented\n"); 1229 exit(1); 1230 } 1231 if (insn & (1 << 10)) 1232 s->carry = 1; 1233 break; 1234 case 4: /* Clear */ 1235 DPRINTF("Clear%s%s%s%s\n", 1236 insn & (1 << 3) ? " ATN" : "", 1237 insn & (1 << 6) ? " ACK" : "", 1238 insn & (1 << 9) ? " TM" : "", 1239 insn & (1 << 10) ? " CC" : ""); 1240 if (insn & (1 << 3)) { 1241 s->socl &= ~LSI_SOCL_ATN; 1242 } 1243 if (insn & (1 << 10)) 1244 s->carry = 0; 1245 break; 1246 } 1247 } else { 1248 uint8_t op0; 1249 uint8_t op1; 1250 uint8_t data8; 1251 int reg; 1252 int operator; 1253 #ifdef DEBUG_LSI 1254 static const char *opcode_names[3] = 1255 {"Write", "Read", "Read-Modify-Write"}; 1256 static const char *operator_names[8] = 1257 {"MOV", "SHL", "OR", "XOR", "AND", "SHR", "ADD", "ADC"}; 1258 #endif 1259 1260 reg = ((insn >> 16) & 0x7f) | (insn & 0x80); 1261 data8 = (insn >> 8) & 0xff; 1262 opcode = (insn >> 27) & 7; 1263 operator = (insn >> 24) & 7; 1264 DPRINTF("%s reg 0x%x %s data8=0x%02x sfbr=0x%02x%s\n", 1265 opcode_names[opcode - 5], reg, 1266 operator_names[operator], data8, s->sfbr, 1267 (insn & (1 << 23)) ? " SFBR" : ""); 1268 op0 = op1 = 0; 1269 switch (opcode) { 1270 case 5: /* From SFBR */ 1271 op0 = s->sfbr; 1272 op1 = data8; 1273 break; 1274 case 6: /* To SFBR */ 1275 if (operator) 1276 op0 = lsi_reg_readb(s, reg); 1277 op1 = data8; 1278 break; 1279 case 7: /* Read-modify-write */ 1280 if (operator) 1281 op0 = lsi_reg_readb(s, reg); 1282 if (insn & (1 << 23)) { 1283 op1 = s->sfbr; 1284 } else { 1285 op1 = data8; 1286 } 1287 break; 1288 } 1289 1290 switch (operator) { 1291 case 0: /* move */ 1292 op0 = op1; 1293 break; 1294 case 1: /* Shift left */ 1295 op1 = op0 >> 7; 1296 op0 = (op0 << 1) | s->carry; 1297 s->carry = op1; 1298 break; 1299 case 2: /* OR */ 1300 op0 |= op1; 1301 break; 1302 case 3: /* XOR */ 1303 op0 ^= op1; 1304 break; 1305 case 4: /* AND */ 1306 op0 &= op1; 1307 break; 1308 case 5: /* SHR */ 1309 op1 = op0 & 1; 1310 op0 = (op0 >> 1) | (s->carry << 7); 1311 s->carry = op1; 1312 break; 1313 case 6: /* ADD */ 1314 op0 += op1; 1315 s->carry = op0 < op1; 1316 break; 1317 case 7: /* ADC */ 1318 op0 += op1 + s->carry; 1319 if (s->carry) 1320 s->carry = op0 <= op1; 1321 else 1322 s->carry = op0 < op1; 1323 break; 1324 } 1325 1326 switch (opcode) { 1327 case 5: /* From SFBR */ 1328 case 7: /* Read-modify-write */ 1329 lsi_reg_writeb(s, reg, op0); 1330 break; 1331 case 6: /* To SFBR */ 1332 s->sfbr = op0; 1333 break; 1334 } 1335 } 1336 break; 1337 1338 case 2: /* Transfer Control. */ 1339 { 1340 int cond; 1341 int jmp; 1342 1343 if ((insn & 0x002e0000) == 0) { 1344 DPRINTF("NOP\n"); 1345 break; 1346 } 1347 if (s->sist1 & LSI_SIST1_STO) { 1348 DPRINTF("Delayed select timeout\n"); 1349 lsi_stop_script(s); 1350 break; 1351 } 1352 cond = jmp = (insn & (1 << 19)) != 0; 1353 if (cond == jmp && (insn & (1 << 21))) { 1354 DPRINTF("Compare carry %d\n", s->carry == jmp); 1355 cond = s->carry != 0; 1356 } 1357 if (cond == jmp && (insn & (1 << 17))) { 1358 DPRINTF("Compare phase %d %c= %d\n", 1359 (s->sstat1 & PHASE_MASK), 1360 jmp ? '=' : '!', 1361 ((insn >> 24) & 7)); 1362 cond = (s->sstat1 & PHASE_MASK) == ((insn >> 24) & 7); 1363 } 1364 if (cond == jmp && (insn & (1 << 18))) { 1365 uint8_t mask; 1366 1367 mask = (~insn >> 8) & 0xff; 1368 DPRINTF("Compare data 0x%x & 0x%x %c= 0x%x\n", 1369 s->sfbr, mask, jmp ? '=' : '!', insn & mask); 1370 cond = (s->sfbr & mask) == (insn & mask); 1371 } 1372 if (cond == jmp) { 1373 if (insn & (1 << 23)) { 1374 /* Relative address. */ 1375 addr = s->dsp + sxt24(addr); 1376 } 1377 switch ((insn >> 27) & 7) { 1378 case 0: /* Jump */ 1379 DPRINTF("Jump to 0x%08x\n", addr); 1380 s->dsp = addr; 1381 break; 1382 case 1: /* Call */ 1383 DPRINTF("Call 0x%08x\n", addr); 1384 s->temp = s->dsp; 1385 s->dsp = addr; 1386 break; 1387 case 2: /* Return */ 1388 DPRINTF("Return to 0x%08x\n", s->temp); 1389 s->dsp = s->temp; 1390 break; 1391 case 3: /* Interrupt */ 1392 DPRINTF("Interrupt 0x%08x\n", s->dsps); 1393 if ((insn & (1 << 20)) != 0) { 1394 s->istat0 |= LSI_ISTAT0_INTF; 1395 lsi_update_irq(s); 1396 } else { 1397 lsi_script_dma_interrupt(s, LSI_DSTAT_SIR); 1398 } 1399 break; 1400 default: 1401 DPRINTF("Illegal transfer control\n"); 1402 lsi_script_dma_interrupt(s, LSI_DSTAT_IID); 1403 break; 1404 } 1405 } else { 1406 DPRINTF("Control condition failed\n"); 1407 } 1408 } 1409 break; 1410 1411 case 3: 1412 if ((insn & (1 << 29)) == 0) { 1413 /* Memory move. */ 1414 uint32_t dest; 1415 /* ??? The docs imply the destination address is loaded into 1416 the TEMP register. However the Linux drivers rely on 1417 the value being presrved. */ 1418 dest = read_dword(s, s->dsp); 1419 s->dsp += 4; 1420 lsi_memcpy(s, dest, addr, insn & 0xffffff); 1421 } else { 1422 uint8_t data[7]; 1423 int reg; 1424 int n; 1425 int i; 1426 1427 if (insn & (1 << 28)) { 1428 addr = s->dsa + sxt24(addr); 1429 } 1430 n = (insn & 7); 1431 reg = (insn >> 16) & 0xff; 1432 if (insn & (1 << 24)) { 1433 pci_dma_read(&s->dev, addr, data, n); 1434 DPRINTF("Load reg 0x%x size %d addr 0x%08x = %08x\n", reg, n, 1435 addr, *(int *)data); 1436 for (i = 0; i < n; i++) { 1437 lsi_reg_writeb(s, reg + i, data[i]); 1438 } 1439 } else { 1440 DPRINTF("Store reg 0x%x size %d addr 0x%08x\n", reg, n, addr); 1441 for (i = 0; i < n; i++) { 1442 data[i] = lsi_reg_readb(s, reg + i); 1443 } 1444 pci_dma_write(&s->dev, addr, data, n); 1445 } 1446 } 1447 } 1448 if (insn_processed > 10000 && !s->waiting) { 1449 /* Some windows drivers make the device spin waiting for a memory 1450 location to change. If we have been executed a lot of code then 1451 assume this is the case and force an unexpected device disconnect. 1452 This is apparently sufficient to beat the drivers into submission. 1453 */ 1454 if (!(s->sien0 & LSI_SIST0_UDC)) 1455 fprintf(stderr, "inf. loop with UDC masked\n"); 1456 lsi_script_scsi_interrupt(s, LSI_SIST0_UDC, 0); 1457 lsi_disconnect(s); 1458 } else if (s->istat1 & LSI_ISTAT1_SRUN && !s->waiting) { 1459 if (s->dcntl & LSI_DCNTL_SSM) { 1460 lsi_script_dma_interrupt(s, LSI_DSTAT_SSI); 1461 } else { 1462 goto again; 1463 } 1464 } 1465 DPRINTF("SCRIPTS execution stopped\n"); 1466 } 1467 1468 static uint8_t lsi_reg_readb(LSIState *s, int offset) 1469 { 1470 uint8_t tmp; 1471 #define CASE_GET_REG24(name, addr) \ 1472 case addr: return s->name & 0xff; \ 1473 case addr + 1: return (s->name >> 8) & 0xff; \ 1474 case addr + 2: return (s->name >> 16) & 0xff; 1475 1476 #define CASE_GET_REG32(name, addr) \ 1477 case addr: return s->name & 0xff; \ 1478 case addr + 1: return (s->name >> 8) & 0xff; \ 1479 case addr + 2: return (s->name >> 16) & 0xff; \ 1480 case addr + 3: return (s->name >> 24) & 0xff; 1481 1482 #ifdef DEBUG_LSI_REG 1483 DPRINTF("Read reg %x\n", offset); 1484 #endif 1485 switch (offset) { 1486 case 0x00: /* SCNTL0 */ 1487 return s->scntl0; 1488 case 0x01: /* SCNTL1 */ 1489 return s->scntl1; 1490 case 0x02: /* SCNTL2 */ 1491 return s->scntl2; 1492 case 0x03: /* SCNTL3 */ 1493 return s->scntl3; 1494 case 0x04: /* SCID */ 1495 return s->scid; 1496 case 0x05: /* SXFER */ 1497 return s->sxfer; 1498 case 0x06: /* SDID */ 1499 return s->sdid; 1500 case 0x07: /* GPREG0 */ 1501 return 0x7f; 1502 case 0x08: /* Revision ID */ 1503 return 0x00; 1504 case 0xa: /* SSID */ 1505 return s->ssid; 1506 case 0xb: /* SBCL */ 1507 /* ??? This is not correct. However it's (hopefully) only 1508 used for diagnostics, so should be ok. */ 1509 return 0; 1510 case 0xc: /* DSTAT */ 1511 tmp = s->dstat | 0x80; 1512 if ((s->istat0 & LSI_ISTAT0_INTF) == 0) 1513 s->dstat = 0; 1514 lsi_update_irq(s); 1515 return tmp; 1516 case 0x0d: /* SSTAT0 */ 1517 return s->sstat0; 1518 case 0x0e: /* SSTAT1 */ 1519 return s->sstat1; 1520 case 0x0f: /* SSTAT2 */ 1521 return s->scntl1 & LSI_SCNTL1_CON ? 0 : 2; 1522 CASE_GET_REG32(dsa, 0x10) 1523 case 0x14: /* ISTAT0 */ 1524 return s->istat0; 1525 case 0x15: /* ISTAT1 */ 1526 return s->istat1; 1527 case 0x16: /* MBOX0 */ 1528 return s->mbox0; 1529 case 0x17: /* MBOX1 */ 1530 return s->mbox1; 1531 case 0x18: /* CTEST0 */ 1532 return 0xff; 1533 case 0x19: /* CTEST1 */ 1534 return 0; 1535 case 0x1a: /* CTEST2 */ 1536 tmp = s->ctest2 | LSI_CTEST2_DACK | LSI_CTEST2_CM; 1537 if (s->istat0 & LSI_ISTAT0_SIGP) { 1538 s->istat0 &= ~LSI_ISTAT0_SIGP; 1539 tmp |= LSI_CTEST2_SIGP; 1540 } 1541 return tmp; 1542 case 0x1b: /* CTEST3 */ 1543 return s->ctest3; 1544 CASE_GET_REG32(temp, 0x1c) 1545 case 0x20: /* DFIFO */ 1546 return 0; 1547 case 0x21: /* CTEST4 */ 1548 return s->ctest4; 1549 case 0x22: /* CTEST5 */ 1550 return s->ctest5; 1551 case 0x23: /* CTEST6 */ 1552 return 0; 1553 CASE_GET_REG24(dbc, 0x24) 1554 case 0x27: /* DCMD */ 1555 return s->dcmd; 1556 CASE_GET_REG32(dnad, 0x28) 1557 CASE_GET_REG32(dsp, 0x2c) 1558 CASE_GET_REG32(dsps, 0x30) 1559 CASE_GET_REG32(scratch[0], 0x34) 1560 case 0x38: /* DMODE */ 1561 return s->dmode; 1562 case 0x39: /* DIEN */ 1563 return s->dien; 1564 case 0x3a: /* SBR */ 1565 return s->sbr; 1566 case 0x3b: /* DCNTL */ 1567 return s->dcntl; 1568 case 0x40: /* SIEN0 */ 1569 return s->sien0; 1570 case 0x41: /* SIEN1 */ 1571 return s->sien1; 1572 case 0x42: /* SIST0 */ 1573 tmp = s->sist0; 1574 s->sist0 = 0; 1575 lsi_update_irq(s); 1576 return tmp; 1577 case 0x43: /* SIST1 */ 1578 tmp = s->sist1; 1579 s->sist1 = 0; 1580 lsi_update_irq(s); 1581 return tmp; 1582 case 0x46: /* MACNTL */ 1583 return 0x0f; 1584 case 0x47: /* GPCNTL0 */ 1585 return 0x0f; 1586 case 0x48: /* STIME0 */ 1587 return s->stime0; 1588 case 0x4a: /* RESPID0 */ 1589 return s->respid0; 1590 case 0x4b: /* RESPID1 */ 1591 return s->respid1; 1592 case 0x4d: /* STEST1 */ 1593 return s->stest1; 1594 case 0x4e: /* STEST2 */ 1595 return s->stest2; 1596 case 0x4f: /* STEST3 */ 1597 return s->stest3; 1598 case 0x50: /* SIDL */ 1599 /* This is needed by the linux drivers. We currently only update it 1600 during the MSG IN phase. */ 1601 return s->sidl; 1602 case 0x52: /* STEST4 */ 1603 return 0xe0; 1604 case 0x56: /* CCNTL0 */ 1605 return s->ccntl0; 1606 case 0x57: /* CCNTL1 */ 1607 return s->ccntl1; 1608 case 0x58: /* SBDL */ 1609 /* Some drivers peek at the data bus during the MSG IN phase. */ 1610 if ((s->sstat1 & PHASE_MASK) == PHASE_MI) 1611 return s->msg[0]; 1612 return 0; 1613 case 0x59: /* SBDL high */ 1614 return 0; 1615 CASE_GET_REG32(mmrs, 0xa0) 1616 CASE_GET_REG32(mmws, 0xa4) 1617 CASE_GET_REG32(sfs, 0xa8) 1618 CASE_GET_REG32(drs, 0xac) 1619 CASE_GET_REG32(sbms, 0xb0) 1620 CASE_GET_REG32(dbms, 0xb4) 1621 CASE_GET_REG32(dnad64, 0xb8) 1622 CASE_GET_REG32(pmjad1, 0xc0) 1623 CASE_GET_REG32(pmjad2, 0xc4) 1624 CASE_GET_REG32(rbc, 0xc8) 1625 CASE_GET_REG32(ua, 0xcc) 1626 CASE_GET_REG32(ia, 0xd4) 1627 CASE_GET_REG32(sbc, 0xd8) 1628 CASE_GET_REG32(csbc, 0xdc) 1629 } 1630 if (offset >= 0x5c && offset < 0xa0) { 1631 int n; 1632 int shift; 1633 n = (offset - 0x58) >> 2; 1634 shift = (offset & 3) * 8; 1635 return (s->scratch[n] >> shift) & 0xff; 1636 } 1637 BADF("readb 0x%x\n", offset); 1638 exit(1); 1639 #undef CASE_GET_REG24 1640 #undef CASE_GET_REG32 1641 } 1642 1643 static void lsi_reg_writeb(LSIState *s, int offset, uint8_t val) 1644 { 1645 #define CASE_SET_REG24(name, addr) \ 1646 case addr : s->name &= 0xffffff00; s->name |= val; break; \ 1647 case addr + 1: s->name &= 0xffff00ff; s->name |= val << 8; break; \ 1648 case addr + 2: s->name &= 0xff00ffff; s->name |= val << 16; break; 1649 1650 #define CASE_SET_REG32(name, addr) \ 1651 case addr : s->name &= 0xffffff00; s->name |= val; break; \ 1652 case addr + 1: s->name &= 0xffff00ff; s->name |= val << 8; break; \ 1653 case addr + 2: s->name &= 0xff00ffff; s->name |= val << 16; break; \ 1654 case addr + 3: s->name &= 0x00ffffff; s->name |= val << 24; break; 1655 1656 #ifdef DEBUG_LSI_REG 1657 DPRINTF("Write reg %x = %02x\n", offset, val); 1658 #endif 1659 switch (offset) { 1660 case 0x00: /* SCNTL0 */ 1661 s->scntl0 = val; 1662 if (val & LSI_SCNTL0_START) { 1663 BADF("Start sequence not implemented\n"); 1664 } 1665 break; 1666 case 0x01: /* SCNTL1 */ 1667 s->scntl1 = val & ~LSI_SCNTL1_SST; 1668 if (val & LSI_SCNTL1_IARB) { 1669 BADF("Immediate Arbritration not implemented\n"); 1670 } 1671 if (val & LSI_SCNTL1_RST) { 1672 if (!(s->sstat0 & LSI_SSTAT0_RST)) { 1673 qbus_reset_all(&s->bus.qbus); 1674 s->sstat0 |= LSI_SSTAT0_RST; 1675 lsi_script_scsi_interrupt(s, LSI_SIST0_RST, 0); 1676 } 1677 } else { 1678 s->sstat0 &= ~LSI_SSTAT0_RST; 1679 } 1680 break; 1681 case 0x02: /* SCNTL2 */ 1682 val &= ~(LSI_SCNTL2_WSR | LSI_SCNTL2_WSS); 1683 s->scntl2 = val; 1684 break; 1685 case 0x03: /* SCNTL3 */ 1686 s->scntl3 = val; 1687 break; 1688 case 0x04: /* SCID */ 1689 s->scid = val; 1690 break; 1691 case 0x05: /* SXFER */ 1692 s->sxfer = val; 1693 break; 1694 case 0x06: /* SDID */ 1695 if ((val & 0xf) != (s->ssid & 0xf)) 1696 BADF("Destination ID does not match SSID\n"); 1697 s->sdid = val & 0xf; 1698 break; 1699 case 0x07: /* GPREG0 */ 1700 break; 1701 case 0x08: /* SFBR */ 1702 /* The CPU is not allowed to write to this register. However the 1703 SCRIPTS register move instructions are. */ 1704 s->sfbr = val; 1705 break; 1706 case 0x0a: case 0x0b: 1707 /* Openserver writes to these readonly registers on startup */ 1708 return; 1709 case 0x0c: case 0x0d: case 0x0e: case 0x0f: 1710 /* Linux writes to these readonly registers on startup. */ 1711 return; 1712 CASE_SET_REG32(dsa, 0x10) 1713 case 0x14: /* ISTAT0 */ 1714 s->istat0 = (s->istat0 & 0x0f) | (val & 0xf0); 1715 if (val & LSI_ISTAT0_ABRT) { 1716 lsi_script_dma_interrupt(s, LSI_DSTAT_ABRT); 1717 } 1718 if (val & LSI_ISTAT0_INTF) { 1719 s->istat0 &= ~LSI_ISTAT0_INTF; 1720 lsi_update_irq(s); 1721 } 1722 if (s->waiting == 1 && val & LSI_ISTAT0_SIGP) { 1723 DPRINTF("Woken by SIGP\n"); 1724 s->waiting = 0; 1725 s->dsp = s->dnad; 1726 lsi_execute_script(s); 1727 } 1728 if (val & LSI_ISTAT0_SRST) { 1729 qdev_reset_all(&s->dev.qdev); 1730 } 1731 break; 1732 case 0x16: /* MBOX0 */ 1733 s->mbox0 = val; 1734 break; 1735 case 0x17: /* MBOX1 */ 1736 s->mbox1 = val; 1737 break; 1738 case 0x1a: /* CTEST2 */ 1739 s->ctest2 = val & LSI_CTEST2_PCICIE; 1740 break; 1741 case 0x1b: /* CTEST3 */ 1742 s->ctest3 = val & 0x0f; 1743 break; 1744 CASE_SET_REG32(temp, 0x1c) 1745 case 0x21: /* CTEST4 */ 1746 if (val & 7) { 1747 BADF("Unimplemented CTEST4-FBL 0x%x\n", val); 1748 } 1749 s->ctest4 = val; 1750 break; 1751 case 0x22: /* CTEST5 */ 1752 if (val & (LSI_CTEST5_ADCK | LSI_CTEST5_BBCK)) { 1753 BADF("CTEST5 DMA increment not implemented\n"); 1754 } 1755 s->ctest5 = val; 1756 break; 1757 CASE_SET_REG24(dbc, 0x24) 1758 CASE_SET_REG32(dnad, 0x28) 1759 case 0x2c: /* DSP[0:7] */ 1760 s->dsp &= 0xffffff00; 1761 s->dsp |= val; 1762 break; 1763 case 0x2d: /* DSP[8:15] */ 1764 s->dsp &= 0xffff00ff; 1765 s->dsp |= val << 8; 1766 break; 1767 case 0x2e: /* DSP[16:23] */ 1768 s->dsp &= 0xff00ffff; 1769 s->dsp |= val << 16; 1770 break; 1771 case 0x2f: /* DSP[24:31] */ 1772 s->dsp &= 0x00ffffff; 1773 s->dsp |= val << 24; 1774 if ((s->dmode & LSI_DMODE_MAN) == 0 1775 && (s->istat1 & LSI_ISTAT1_SRUN) == 0) 1776 lsi_execute_script(s); 1777 break; 1778 CASE_SET_REG32(dsps, 0x30) 1779 CASE_SET_REG32(scratch[0], 0x34) 1780 case 0x38: /* DMODE */ 1781 if (val & (LSI_DMODE_SIOM | LSI_DMODE_DIOM)) { 1782 BADF("IO mappings not implemented\n"); 1783 } 1784 s->dmode = val; 1785 break; 1786 case 0x39: /* DIEN */ 1787 s->dien = val; 1788 lsi_update_irq(s); 1789 break; 1790 case 0x3a: /* SBR */ 1791 s->sbr = val; 1792 break; 1793 case 0x3b: /* DCNTL */ 1794 s->dcntl = val & ~(LSI_DCNTL_PFF | LSI_DCNTL_STD); 1795 if ((val & LSI_DCNTL_STD) && (s->istat1 & LSI_ISTAT1_SRUN) == 0) 1796 lsi_execute_script(s); 1797 break; 1798 case 0x40: /* SIEN0 */ 1799 s->sien0 = val; 1800 lsi_update_irq(s); 1801 break; 1802 case 0x41: /* SIEN1 */ 1803 s->sien1 = val; 1804 lsi_update_irq(s); 1805 break; 1806 case 0x47: /* GPCNTL0 */ 1807 break; 1808 case 0x48: /* STIME0 */ 1809 s->stime0 = val; 1810 break; 1811 case 0x49: /* STIME1 */ 1812 if (val & 0xf) { 1813 DPRINTF("General purpose timer not implemented\n"); 1814 /* ??? Raising the interrupt immediately seems to be sufficient 1815 to keep the FreeBSD driver happy. */ 1816 lsi_script_scsi_interrupt(s, 0, LSI_SIST1_GEN); 1817 } 1818 break; 1819 case 0x4a: /* RESPID0 */ 1820 s->respid0 = val; 1821 break; 1822 case 0x4b: /* RESPID1 */ 1823 s->respid1 = val; 1824 break; 1825 case 0x4d: /* STEST1 */ 1826 s->stest1 = val; 1827 break; 1828 case 0x4e: /* STEST2 */ 1829 if (val & 1) { 1830 BADF("Low level mode not implemented\n"); 1831 } 1832 s->stest2 = val; 1833 break; 1834 case 0x4f: /* STEST3 */ 1835 if (val & 0x41) { 1836 BADF("SCSI FIFO test mode not implemented\n"); 1837 } 1838 s->stest3 = val; 1839 break; 1840 case 0x56: /* CCNTL0 */ 1841 s->ccntl0 = val; 1842 break; 1843 case 0x57: /* CCNTL1 */ 1844 s->ccntl1 = val; 1845 break; 1846 CASE_SET_REG32(mmrs, 0xa0) 1847 CASE_SET_REG32(mmws, 0xa4) 1848 CASE_SET_REG32(sfs, 0xa8) 1849 CASE_SET_REG32(drs, 0xac) 1850 CASE_SET_REG32(sbms, 0xb0) 1851 CASE_SET_REG32(dbms, 0xb4) 1852 CASE_SET_REG32(dnad64, 0xb8) 1853 CASE_SET_REG32(pmjad1, 0xc0) 1854 CASE_SET_REG32(pmjad2, 0xc4) 1855 CASE_SET_REG32(rbc, 0xc8) 1856 CASE_SET_REG32(ua, 0xcc) 1857 CASE_SET_REG32(ia, 0xd4) 1858 CASE_SET_REG32(sbc, 0xd8) 1859 CASE_SET_REG32(csbc, 0xdc) 1860 default: 1861 if (offset >= 0x5c && offset < 0xa0) { 1862 int n; 1863 int shift; 1864 n = (offset - 0x58) >> 2; 1865 shift = (offset & 3) * 8; 1866 s->scratch[n] &= ~(0xff << shift); 1867 s->scratch[n] |= (val & 0xff) << shift; 1868 } else { 1869 BADF("Unhandled writeb 0x%x = 0x%x\n", offset, val); 1870 } 1871 } 1872 #undef CASE_SET_REG24 1873 #undef CASE_SET_REG32 1874 } 1875 1876 static void lsi_mmio_write(void *opaque, hwaddr addr, 1877 uint64_t val, unsigned size) 1878 { 1879 LSIState *s = opaque; 1880 1881 lsi_reg_writeb(s, addr & 0xff, val); 1882 } 1883 1884 static uint64_t lsi_mmio_read(void *opaque, hwaddr addr, 1885 unsigned size) 1886 { 1887 LSIState *s = opaque; 1888 1889 return lsi_reg_readb(s, addr & 0xff); 1890 } 1891 1892 static const MemoryRegionOps lsi_mmio_ops = { 1893 .read = lsi_mmio_read, 1894 .write = lsi_mmio_write, 1895 .endianness = DEVICE_NATIVE_ENDIAN, 1896 .impl = { 1897 .min_access_size = 1, 1898 .max_access_size = 1, 1899 }, 1900 }; 1901 1902 static void lsi_ram_write(void *opaque, hwaddr addr, 1903 uint64_t val, unsigned size) 1904 { 1905 LSIState *s = opaque; 1906 uint32_t newval; 1907 uint32_t mask; 1908 int shift; 1909 1910 newval = s->script_ram[addr >> 2]; 1911 shift = (addr & 3) * 8; 1912 mask = ((uint64_t)1 << (size * 8)) - 1; 1913 newval &= ~(mask << shift); 1914 newval |= val << shift; 1915 s->script_ram[addr >> 2] = newval; 1916 } 1917 1918 static uint64_t lsi_ram_read(void *opaque, hwaddr addr, 1919 unsigned size) 1920 { 1921 LSIState *s = opaque; 1922 uint32_t val; 1923 uint32_t mask; 1924 1925 val = s->script_ram[addr >> 2]; 1926 mask = ((uint64_t)1 << (size * 8)) - 1; 1927 val >>= (addr & 3) * 8; 1928 return val & mask; 1929 } 1930 1931 static const MemoryRegionOps lsi_ram_ops = { 1932 .read = lsi_ram_read, 1933 .write = lsi_ram_write, 1934 .endianness = DEVICE_NATIVE_ENDIAN, 1935 }; 1936 1937 static uint64_t lsi_io_read(void *opaque, hwaddr addr, 1938 unsigned size) 1939 { 1940 LSIState *s = opaque; 1941 return lsi_reg_readb(s, addr & 0xff); 1942 } 1943 1944 static void lsi_io_write(void *opaque, hwaddr addr, 1945 uint64_t val, unsigned size) 1946 { 1947 LSIState *s = opaque; 1948 lsi_reg_writeb(s, addr & 0xff, val); 1949 } 1950 1951 static const MemoryRegionOps lsi_io_ops = { 1952 .read = lsi_io_read, 1953 .write = lsi_io_write, 1954 .endianness = DEVICE_NATIVE_ENDIAN, 1955 .impl = { 1956 .min_access_size = 1, 1957 .max_access_size = 1, 1958 }, 1959 }; 1960 1961 static void lsi_scsi_reset(DeviceState *dev) 1962 { 1963 LSIState *s = DO_UPCAST(LSIState, dev.qdev, dev); 1964 1965 lsi_soft_reset(s); 1966 } 1967 1968 static void lsi_pre_save(void *opaque) 1969 { 1970 LSIState *s = opaque; 1971 1972 if (s->current) { 1973 assert(s->current->dma_buf == NULL); 1974 assert(s->current->dma_len == 0); 1975 } 1976 assert(QTAILQ_EMPTY(&s->queue)); 1977 } 1978 1979 static const VMStateDescription vmstate_lsi_scsi = { 1980 .name = "lsiscsi", 1981 .version_id = 0, 1982 .minimum_version_id = 0, 1983 .minimum_version_id_old = 0, 1984 .pre_save = lsi_pre_save, 1985 .fields = (VMStateField []) { 1986 VMSTATE_PCI_DEVICE(dev, LSIState), 1987 1988 VMSTATE_INT32(carry, LSIState), 1989 VMSTATE_INT32(status, LSIState), 1990 VMSTATE_INT32(msg_action, LSIState), 1991 VMSTATE_INT32(msg_len, LSIState), 1992 VMSTATE_BUFFER(msg, LSIState), 1993 VMSTATE_INT32(waiting, LSIState), 1994 1995 VMSTATE_UINT32(dsa, LSIState), 1996 VMSTATE_UINT32(temp, LSIState), 1997 VMSTATE_UINT32(dnad, LSIState), 1998 VMSTATE_UINT32(dbc, LSIState), 1999 VMSTATE_UINT8(istat0, LSIState), 2000 VMSTATE_UINT8(istat1, LSIState), 2001 VMSTATE_UINT8(dcmd, LSIState), 2002 VMSTATE_UINT8(dstat, LSIState), 2003 VMSTATE_UINT8(dien, LSIState), 2004 VMSTATE_UINT8(sist0, LSIState), 2005 VMSTATE_UINT8(sist1, LSIState), 2006 VMSTATE_UINT8(sien0, LSIState), 2007 VMSTATE_UINT8(sien1, LSIState), 2008 VMSTATE_UINT8(mbox0, LSIState), 2009 VMSTATE_UINT8(mbox1, LSIState), 2010 VMSTATE_UINT8(dfifo, LSIState), 2011 VMSTATE_UINT8(ctest2, LSIState), 2012 VMSTATE_UINT8(ctest3, LSIState), 2013 VMSTATE_UINT8(ctest4, LSIState), 2014 VMSTATE_UINT8(ctest5, LSIState), 2015 VMSTATE_UINT8(ccntl0, LSIState), 2016 VMSTATE_UINT8(ccntl1, LSIState), 2017 VMSTATE_UINT32(dsp, LSIState), 2018 VMSTATE_UINT32(dsps, LSIState), 2019 VMSTATE_UINT8(dmode, LSIState), 2020 VMSTATE_UINT8(dcntl, LSIState), 2021 VMSTATE_UINT8(scntl0, LSIState), 2022 VMSTATE_UINT8(scntl1, LSIState), 2023 VMSTATE_UINT8(scntl2, LSIState), 2024 VMSTATE_UINT8(scntl3, LSIState), 2025 VMSTATE_UINT8(sstat0, LSIState), 2026 VMSTATE_UINT8(sstat1, LSIState), 2027 VMSTATE_UINT8(scid, LSIState), 2028 VMSTATE_UINT8(sxfer, LSIState), 2029 VMSTATE_UINT8(socl, LSIState), 2030 VMSTATE_UINT8(sdid, LSIState), 2031 VMSTATE_UINT8(ssid, LSIState), 2032 VMSTATE_UINT8(sfbr, LSIState), 2033 VMSTATE_UINT8(stest1, LSIState), 2034 VMSTATE_UINT8(stest2, LSIState), 2035 VMSTATE_UINT8(stest3, LSIState), 2036 VMSTATE_UINT8(sidl, LSIState), 2037 VMSTATE_UINT8(stime0, LSIState), 2038 VMSTATE_UINT8(respid0, LSIState), 2039 VMSTATE_UINT8(respid1, LSIState), 2040 VMSTATE_UINT32(mmrs, LSIState), 2041 VMSTATE_UINT32(mmws, LSIState), 2042 VMSTATE_UINT32(sfs, LSIState), 2043 VMSTATE_UINT32(drs, LSIState), 2044 VMSTATE_UINT32(sbms, LSIState), 2045 VMSTATE_UINT32(dbms, LSIState), 2046 VMSTATE_UINT32(dnad64, LSIState), 2047 VMSTATE_UINT32(pmjad1, LSIState), 2048 VMSTATE_UINT32(pmjad2, LSIState), 2049 VMSTATE_UINT32(rbc, LSIState), 2050 VMSTATE_UINT32(ua, LSIState), 2051 VMSTATE_UINT32(ia, LSIState), 2052 VMSTATE_UINT32(sbc, LSIState), 2053 VMSTATE_UINT32(csbc, LSIState), 2054 VMSTATE_BUFFER_UNSAFE(scratch, LSIState, 0, 18 * sizeof(uint32_t)), 2055 VMSTATE_UINT8(sbr, LSIState), 2056 2057 VMSTATE_BUFFER_UNSAFE(script_ram, LSIState, 0, 2048 * sizeof(uint32_t)), 2058 VMSTATE_END_OF_LIST() 2059 } 2060 }; 2061 2062 static void lsi_scsi_uninit(PCIDevice *d) 2063 { 2064 LSIState *s = DO_UPCAST(LSIState, dev, d); 2065 2066 memory_region_destroy(&s->mmio_io); 2067 memory_region_destroy(&s->ram_io); 2068 memory_region_destroy(&s->io_io); 2069 } 2070 2071 static const struct SCSIBusInfo lsi_scsi_info = { 2072 .tcq = true, 2073 .max_target = LSI_MAX_DEVS, 2074 .max_lun = 0, /* LUN support is buggy */ 2075 2076 .transfer_data = lsi_transfer_data, 2077 .complete = lsi_command_complete, 2078 .cancel = lsi_request_cancelled 2079 }; 2080 2081 static int lsi_scsi_init(PCIDevice *dev) 2082 { 2083 LSIState *s = DO_UPCAST(LSIState, dev, dev); 2084 uint8_t *pci_conf; 2085 2086 pci_conf = s->dev.config; 2087 2088 /* PCI latency timer = 255 */ 2089 pci_conf[PCI_LATENCY_TIMER] = 0xff; 2090 /* Interrupt pin A */ 2091 pci_conf[PCI_INTERRUPT_PIN] = 0x01; 2092 2093 memory_region_init_io(&s->mmio_io, &lsi_mmio_ops, s, "lsi-mmio", 0x400); 2094 memory_region_init_io(&s->ram_io, &lsi_ram_ops, s, "lsi-ram", 0x2000); 2095 memory_region_init_io(&s->io_io, &lsi_io_ops, s, "lsi-io", 256); 2096 2097 pci_register_bar(&s->dev, 0, PCI_BASE_ADDRESS_SPACE_IO, &s->io_io); 2098 pci_register_bar(&s->dev, 1, 0, &s->mmio_io); 2099 pci_register_bar(&s->dev, 2, PCI_BASE_ADDRESS_SPACE_MEMORY, &s->ram_io); 2100 QTAILQ_INIT(&s->queue); 2101 2102 scsi_bus_new(&s->bus, &dev->qdev, &lsi_scsi_info, NULL); 2103 if (!dev->qdev.hotplugged) { 2104 return scsi_bus_legacy_handle_cmdline(&s->bus); 2105 } 2106 return 0; 2107 } 2108 2109 static void lsi_class_init(ObjectClass *klass, void *data) 2110 { 2111 DeviceClass *dc = DEVICE_CLASS(klass); 2112 PCIDeviceClass *k = PCI_DEVICE_CLASS(klass); 2113 2114 k->init = lsi_scsi_init; 2115 k->exit = lsi_scsi_uninit; 2116 k->vendor_id = PCI_VENDOR_ID_LSI_LOGIC; 2117 k->device_id = PCI_DEVICE_ID_LSI_53C895A; 2118 k->class_id = PCI_CLASS_STORAGE_SCSI; 2119 k->subsystem_id = 0x1000; 2120 dc->reset = lsi_scsi_reset; 2121 dc->vmsd = &vmstate_lsi_scsi; 2122 } 2123 2124 static const TypeInfo lsi_info = { 2125 .name = "lsi53c895a", 2126 .parent = TYPE_PCI_DEVICE, 2127 .instance_size = sizeof(LSIState), 2128 .class_init = lsi_class_init, 2129 }; 2130 2131 static void lsi53c895a_register_types(void) 2132 { 2133 type_register_static(&lsi_info); 2134 } 2135 2136 type_init(lsi53c895a_register_types) 2137