1 /* 2 * QEMU LSI53C895A SCSI Host Bus Adapter emulation 3 * 4 * Copyright (c) 2006 CodeSourcery. 5 * Written by Paul Brook 6 * 7 * This code is licensed under the LGPL. 8 */ 9 10 /* Note: 11 * LSI53C810 emulation is incorrect, in the sense that it supports 12 * features added in later evolutions. This should not be a problem, 13 * as well-behaved operating systems will not try to use them. 14 */ 15 16 #include "qemu/osdep.h" 17 18 #include "hw/irq.h" 19 #include "hw/pci/pci.h" 20 #include "hw/scsi/scsi.h" 21 #include "migration/vmstate.h" 22 #include "sysemu/dma.h" 23 #include "qemu/log.h" 24 #include "qemu/module.h" 25 #include "trace.h" 26 #include "qom/object.h" 27 28 static const char *names[] = { 29 "SCNTL0", "SCNTL1", "SCNTL2", "SCNTL3", "SCID", "SXFER", "SDID", "GPREG", 30 "SFBR", "SOCL", "SSID", "SBCL", "DSTAT", "SSTAT0", "SSTAT1", "SSTAT2", 31 "DSA0", "DSA1", "DSA2", "DSA3", "ISTAT", "0x15", "0x16", "0x17", 32 "CTEST0", "CTEST1", "CTEST2", "CTEST3", "TEMP0", "TEMP1", "TEMP2", "TEMP3", 33 "DFIFO", "CTEST4", "CTEST5", "CTEST6", "DBC0", "DBC1", "DBC2", "DCMD", 34 "DNAD0", "DNAD1", "DNAD2", "DNAD3", "DSP0", "DSP1", "DSP2", "DSP3", 35 "DSPS0", "DSPS1", "DSPS2", "DSPS3", "SCRATCHA0", "SCRATCHA1", "SCRATCHA2", "SCRATCHA3", 36 "DMODE", "DIEN", "SBR", "DCNTL", "ADDER0", "ADDER1", "ADDER2", "ADDER3", 37 "SIEN0", "SIEN1", "SIST0", "SIST1", "SLPAR", "0x45", "MACNTL", "GPCNTL", 38 "STIME0", "STIME1", "RESPID", "0x4b", "STEST0", "STEST1", "STEST2", "STEST3", 39 "SIDL", "0x51", "0x52", "0x53", "SODL", "0x55", "0x56", "0x57", 40 "SBDL", "0x59", "0x5a", "0x5b", "SCRATCHB0", "SCRATCHB1", "SCRATCHB2", "SCRATCHB3", 41 }; 42 43 #define LSI_MAX_DEVS 7 44 45 #define LSI_SCNTL0_TRG 0x01 46 #define LSI_SCNTL0_AAP 0x02 47 #define LSI_SCNTL0_EPC 0x08 48 #define LSI_SCNTL0_WATN 0x10 49 #define LSI_SCNTL0_START 0x20 50 51 #define LSI_SCNTL1_SST 0x01 52 #define LSI_SCNTL1_IARB 0x02 53 #define LSI_SCNTL1_AESP 0x04 54 #define LSI_SCNTL1_RST 0x08 55 #define LSI_SCNTL1_CON 0x10 56 #define LSI_SCNTL1_DHP 0x20 57 #define LSI_SCNTL1_ADB 0x40 58 #define LSI_SCNTL1_EXC 0x80 59 60 #define LSI_SCNTL2_WSR 0x01 61 #define LSI_SCNTL2_VUE0 0x02 62 #define LSI_SCNTL2_VUE1 0x04 63 #define LSI_SCNTL2_WSS 0x08 64 #define LSI_SCNTL2_SLPHBEN 0x10 65 #define LSI_SCNTL2_SLPMD 0x20 66 #define LSI_SCNTL2_CHM 0x40 67 #define LSI_SCNTL2_SDU 0x80 68 69 #define LSI_ISTAT0_DIP 0x01 70 #define LSI_ISTAT0_SIP 0x02 71 #define LSI_ISTAT0_INTF 0x04 72 #define LSI_ISTAT0_CON 0x08 73 #define LSI_ISTAT0_SEM 0x10 74 #define LSI_ISTAT0_SIGP 0x20 75 #define LSI_ISTAT0_SRST 0x40 76 #define LSI_ISTAT0_ABRT 0x80 77 78 #define LSI_ISTAT1_SI 0x01 79 #define LSI_ISTAT1_SRUN 0x02 80 #define LSI_ISTAT1_FLSH 0x04 81 82 #define LSI_SSTAT0_SDP0 0x01 83 #define LSI_SSTAT0_RST 0x02 84 #define LSI_SSTAT0_WOA 0x04 85 #define LSI_SSTAT0_LOA 0x08 86 #define LSI_SSTAT0_AIP 0x10 87 #define LSI_SSTAT0_OLF 0x20 88 #define LSI_SSTAT0_ORF 0x40 89 #define LSI_SSTAT0_ILF 0x80 90 91 #define LSI_SIST0_PAR 0x01 92 #define LSI_SIST0_RST 0x02 93 #define LSI_SIST0_UDC 0x04 94 #define LSI_SIST0_SGE 0x08 95 #define LSI_SIST0_RSL 0x10 96 #define LSI_SIST0_SEL 0x20 97 #define LSI_SIST0_CMP 0x40 98 #define LSI_SIST0_MA 0x80 99 100 #define LSI_SIST1_HTH 0x01 101 #define LSI_SIST1_GEN 0x02 102 #define LSI_SIST1_STO 0x04 103 #define LSI_SIST1_SBMC 0x10 104 105 #define LSI_SOCL_IO 0x01 106 #define LSI_SOCL_CD 0x02 107 #define LSI_SOCL_MSG 0x04 108 #define LSI_SOCL_ATN 0x08 109 #define LSI_SOCL_SEL 0x10 110 #define LSI_SOCL_BSY 0x20 111 #define LSI_SOCL_ACK 0x40 112 #define LSI_SOCL_REQ 0x80 113 114 #define LSI_DSTAT_IID 0x01 115 #define LSI_DSTAT_SIR 0x04 116 #define LSI_DSTAT_SSI 0x08 117 #define LSI_DSTAT_ABRT 0x10 118 #define LSI_DSTAT_BF 0x20 119 #define LSI_DSTAT_MDPE 0x40 120 #define LSI_DSTAT_DFE 0x80 121 122 #define LSI_DCNTL_COM 0x01 123 #define LSI_DCNTL_IRQD 0x02 124 #define LSI_DCNTL_STD 0x04 125 #define LSI_DCNTL_IRQM 0x08 126 #define LSI_DCNTL_SSM 0x10 127 #define LSI_DCNTL_PFEN 0x20 128 #define LSI_DCNTL_PFF 0x40 129 #define LSI_DCNTL_CLSE 0x80 130 131 #define LSI_DMODE_MAN 0x01 132 #define LSI_DMODE_BOF 0x02 133 #define LSI_DMODE_ERMP 0x04 134 #define LSI_DMODE_ERL 0x08 135 #define LSI_DMODE_DIOM 0x10 136 #define LSI_DMODE_SIOM 0x20 137 138 #define LSI_CTEST2_DACK 0x01 139 #define LSI_CTEST2_DREQ 0x02 140 #define LSI_CTEST2_TEOP 0x04 141 #define LSI_CTEST2_PCICIE 0x08 142 #define LSI_CTEST2_CM 0x10 143 #define LSI_CTEST2_CIO 0x20 144 #define LSI_CTEST2_SIGP 0x40 145 #define LSI_CTEST2_DDIR 0x80 146 147 #define LSI_CTEST5_BL2 0x04 148 #define LSI_CTEST5_DDIR 0x08 149 #define LSI_CTEST5_MASR 0x10 150 #define LSI_CTEST5_DFSN 0x20 151 #define LSI_CTEST5_BBCK 0x40 152 #define LSI_CTEST5_ADCK 0x80 153 154 #define LSI_CCNTL0_DILS 0x01 155 #define LSI_CCNTL0_DISFC 0x10 156 #define LSI_CCNTL0_ENNDJ 0x20 157 #define LSI_CCNTL0_PMJCTL 0x40 158 #define LSI_CCNTL0_ENPMJ 0x80 159 160 #define LSI_CCNTL1_EN64DBMV 0x01 161 #define LSI_CCNTL1_EN64TIBMV 0x02 162 #define LSI_CCNTL1_64TIMOD 0x04 163 #define LSI_CCNTL1_DDAC 0x08 164 #define LSI_CCNTL1_ZMOD 0x80 165 166 #define LSI_SBCL_ATN 0x08 167 #define LSI_SBCL_BSY 0x20 168 #define LSI_SBCL_ACK 0x40 169 #define LSI_SBCL_REQ 0x80 170 171 /* Enable Response to Reselection */ 172 #define LSI_SCID_RRE 0x60 173 174 #define LSI_CCNTL1_40BIT (LSI_CCNTL1_EN64TIBMV|LSI_CCNTL1_64TIMOD) 175 176 #define PHASE_DO 0 177 #define PHASE_DI 1 178 #define PHASE_CMD 2 179 #define PHASE_ST 3 180 #define PHASE_MO 6 181 #define PHASE_MI 7 182 #define PHASE_MASK 7 183 184 /* Maximum length of MSG IN data. */ 185 #define LSI_MAX_MSGIN_LEN 8 186 187 /* Flag set if this is a tagged command. */ 188 #define LSI_TAG_VALID (1 << 16) 189 190 /* Maximum instructions to process. */ 191 #define LSI_MAX_INSN 10000 192 193 typedef struct lsi_request { 194 SCSIRequest *req; 195 uint32_t tag; 196 uint32_t dma_len; 197 uint8_t *dma_buf; 198 uint32_t pending; 199 int out; 200 QTAILQ_ENTRY(lsi_request) next; 201 } lsi_request; 202 203 enum { 204 LSI_NOWAIT, /* SCRIPTS are running or stopped */ 205 LSI_WAIT_RESELECT, /* Wait Reselect instruction has been issued */ 206 LSI_DMA_SCRIPTS, /* processing DMA from lsi_execute_script */ 207 LSI_DMA_IN_PROGRESS, /* DMA operation is in progress */ 208 }; 209 210 enum { 211 LSI_MSG_ACTION_COMMAND = 0, 212 LSI_MSG_ACTION_DISCONNECT = 1, 213 LSI_MSG_ACTION_DOUT = 2, 214 LSI_MSG_ACTION_DIN = 3, 215 }; 216 217 struct LSIState { 218 /*< private >*/ 219 PCIDevice parent_obj; 220 /*< public >*/ 221 222 qemu_irq ext_irq; 223 MemoryRegion mmio_io; 224 MemoryRegion ram_io; 225 MemoryRegion io_io; 226 AddressSpace pci_io_as; 227 228 int carry; /* ??? Should this be an a visible register somewhere? */ 229 int status; 230 int msg_action; 231 int msg_len; 232 uint8_t msg[LSI_MAX_MSGIN_LEN]; 233 int waiting; 234 SCSIBus bus; 235 int current_lun; 236 /* The tag is a combination of the device ID and the SCSI tag. */ 237 uint32_t select_tag; 238 int command_complete; 239 QTAILQ_HEAD(, lsi_request) queue; 240 lsi_request *current; 241 242 uint32_t dsa; 243 uint32_t temp; 244 uint32_t dnad; 245 uint32_t dbc; 246 uint8_t istat0; 247 uint8_t istat1; 248 uint8_t dcmd; 249 uint8_t dstat; 250 uint8_t dien; 251 uint8_t sist0; 252 uint8_t sist1; 253 uint8_t sien0; 254 uint8_t sien1; 255 uint8_t mbox0; 256 uint8_t mbox1; 257 uint8_t dfifo; 258 uint8_t ctest2; 259 uint8_t ctest3; 260 uint8_t ctest4; 261 uint8_t ctest5; 262 uint8_t ccntl0; 263 uint8_t ccntl1; 264 uint32_t dsp; 265 uint32_t dsps; 266 uint8_t dmode; 267 uint8_t dcntl; 268 uint8_t scntl0; 269 uint8_t scntl1; 270 uint8_t scntl2; 271 uint8_t scntl3; 272 uint8_t sstat0; 273 uint8_t sstat1; 274 uint8_t scid; 275 uint8_t sxfer; 276 uint8_t socl; 277 uint8_t sdid; 278 uint8_t ssid; 279 uint8_t sfbr; 280 uint8_t sbcl; 281 uint8_t stest1; 282 uint8_t stest2; 283 uint8_t stest3; 284 uint8_t sidl; 285 uint8_t stime0; 286 uint8_t respid0; 287 uint8_t respid1; 288 uint32_t mmrs; 289 uint32_t mmws; 290 uint32_t sfs; 291 uint32_t drs; 292 uint32_t sbms; 293 uint32_t dbms; 294 uint32_t dnad64; 295 uint32_t pmjad1; 296 uint32_t pmjad2; 297 uint32_t rbc; 298 uint32_t ua; 299 uint32_t ia; 300 uint32_t sbc; 301 uint32_t csbc; 302 uint32_t scratch[18]; /* SCRATCHA-SCRATCHR */ 303 uint8_t sbr; 304 uint32_t adder; 305 306 uint8_t script_ram[2048 * sizeof(uint32_t)]; 307 }; 308 typedef struct LSIState LSIState; 309 310 #define TYPE_LSI53C810 "lsi53c810" 311 #define TYPE_LSI53C895A "lsi53c895a" 312 313 DECLARE_INSTANCE_CHECKER(LSIState, LSI53C895A, 314 TYPE_LSI53C895A) 315 316 static const char *scsi_phases[] = { 317 "DOUT", 318 "DIN", 319 "CMD", 320 "STATUS", 321 "RSVOUT", 322 "RSVIN", 323 "MSGOUT", 324 "MSGIN" 325 }; 326 327 static const char *scsi_phase_name(int phase) 328 { 329 return scsi_phases[phase & PHASE_MASK]; 330 } 331 332 static inline int lsi_irq_on_rsl(LSIState *s) 333 { 334 return (s->sien0 & LSI_SIST0_RSL) && (s->scid & LSI_SCID_RRE); 335 } 336 337 static lsi_request *get_pending_req(LSIState *s) 338 { 339 lsi_request *p; 340 341 QTAILQ_FOREACH(p, &s->queue, next) { 342 if (p->pending) { 343 return p; 344 } 345 } 346 return NULL; 347 } 348 349 static void lsi_soft_reset(LSIState *s) 350 { 351 trace_lsi_reset(); 352 s->carry = 0; 353 354 s->msg_action = LSI_MSG_ACTION_COMMAND; 355 s->msg_len = 0; 356 s->waiting = LSI_NOWAIT; 357 s->dsa = 0; 358 s->dnad = 0; 359 s->dbc = 0; 360 s->temp = 0; 361 memset(s->scratch, 0, sizeof(s->scratch)); 362 s->istat0 = 0; 363 s->istat1 = 0; 364 s->dcmd = 0x40; 365 s->dstat = 0; 366 s->dien = 0; 367 s->sist0 = 0; 368 s->sist1 = 0; 369 s->sien0 = 0; 370 s->sien1 = 0; 371 s->mbox0 = 0; 372 s->mbox1 = 0; 373 s->dfifo = 0; 374 s->ctest2 = LSI_CTEST2_DACK; 375 s->ctest3 = 0; 376 s->ctest4 = 0; 377 s->ctest5 = 0; 378 s->ccntl0 = 0; 379 s->ccntl1 = 0; 380 s->dsp = 0; 381 s->dsps = 0; 382 s->dmode = 0; 383 s->dcntl = 0; 384 s->scntl0 = 0xc0; 385 s->scntl1 = 0; 386 s->scntl2 = 0; 387 s->scntl3 = 0; 388 s->sstat0 = 0; 389 s->sstat1 = 0; 390 s->scid = 7; 391 s->sxfer = 0; 392 s->socl = 0; 393 s->sdid = 0; 394 s->ssid = 0; 395 s->sbcl = 0; 396 s->stest1 = 0; 397 s->stest2 = 0; 398 s->stest3 = 0; 399 s->sidl = 0; 400 s->stime0 = 0; 401 s->respid0 = 0x80; 402 s->respid1 = 0; 403 s->mmrs = 0; 404 s->mmws = 0; 405 s->sfs = 0; 406 s->drs = 0; 407 s->sbms = 0; 408 s->dbms = 0; 409 s->dnad64 = 0; 410 s->pmjad1 = 0; 411 s->pmjad2 = 0; 412 s->rbc = 0; 413 s->ua = 0; 414 s->ia = 0; 415 s->sbc = 0; 416 s->csbc = 0; 417 s->sbr = 0; 418 assert(QTAILQ_EMPTY(&s->queue)); 419 assert(!s->current); 420 } 421 422 static int lsi_dma_40bit(LSIState *s) 423 { 424 if ((s->ccntl1 & LSI_CCNTL1_40BIT) == LSI_CCNTL1_40BIT) 425 return 1; 426 return 0; 427 } 428 429 static int lsi_dma_ti64bit(LSIState *s) 430 { 431 if ((s->ccntl1 & LSI_CCNTL1_EN64TIBMV) == LSI_CCNTL1_EN64TIBMV) 432 return 1; 433 return 0; 434 } 435 436 static int lsi_dma_64bit(LSIState *s) 437 { 438 if ((s->ccntl1 & LSI_CCNTL1_EN64DBMV) == LSI_CCNTL1_EN64DBMV) 439 return 1; 440 return 0; 441 } 442 443 static uint8_t lsi_reg_readb(LSIState *s, int offset); 444 static void lsi_reg_writeb(LSIState *s, int offset, uint8_t val); 445 static void lsi_execute_script(LSIState *s); 446 static void lsi_reselect(LSIState *s, lsi_request *p); 447 448 static inline void lsi_mem_read(LSIState *s, dma_addr_t addr, 449 void *buf, dma_addr_t len) 450 { 451 if (s->dmode & LSI_DMODE_SIOM) { 452 address_space_read(&s->pci_io_as, addr, MEMTXATTRS_UNSPECIFIED, 453 buf, len); 454 } else { 455 pci_dma_read(PCI_DEVICE(s), addr, buf, len); 456 } 457 } 458 459 static inline void lsi_mem_write(LSIState *s, dma_addr_t addr, 460 const void *buf, dma_addr_t len) 461 { 462 if (s->dmode & LSI_DMODE_DIOM) { 463 address_space_write(&s->pci_io_as, addr, MEMTXATTRS_UNSPECIFIED, 464 buf, len); 465 } else { 466 pci_dma_write(PCI_DEVICE(s), addr, buf, len); 467 } 468 } 469 470 static inline uint32_t read_dword(LSIState *s, uint32_t addr) 471 { 472 uint32_t buf; 473 474 pci_dma_read(PCI_DEVICE(s), addr, &buf, 4); 475 return cpu_to_le32(buf); 476 } 477 478 static void lsi_stop_script(LSIState *s) 479 { 480 s->istat1 &= ~LSI_ISTAT1_SRUN; 481 } 482 483 static void lsi_set_irq(LSIState *s, int level) 484 { 485 PCIDevice *d = PCI_DEVICE(s); 486 487 if (s->ext_irq) { 488 qemu_set_irq(s->ext_irq, level); 489 } else { 490 pci_set_irq(d, level); 491 } 492 } 493 494 static void lsi_update_irq(LSIState *s) 495 { 496 int level; 497 static int last_level; 498 499 /* It's unclear whether the DIP/SIP bits should be cleared when the 500 Interrupt Status Registers are cleared or when istat0 is read. 501 We currently do the formwer, which seems to work. */ 502 level = 0; 503 if (s->dstat) { 504 if (s->dstat & s->dien) 505 level = 1; 506 s->istat0 |= LSI_ISTAT0_DIP; 507 } else { 508 s->istat0 &= ~LSI_ISTAT0_DIP; 509 } 510 511 if (s->sist0 || s->sist1) { 512 if ((s->sist0 & s->sien0) || (s->sist1 & s->sien1)) 513 level = 1; 514 s->istat0 |= LSI_ISTAT0_SIP; 515 } else { 516 s->istat0 &= ~LSI_ISTAT0_SIP; 517 } 518 if (s->istat0 & LSI_ISTAT0_INTF) 519 level = 1; 520 521 if (level != last_level) { 522 trace_lsi_update_irq(level, s->dstat, s->sist1, s->sist0); 523 last_level = level; 524 } 525 lsi_set_irq(s, level); 526 527 if (!s->current && !level && lsi_irq_on_rsl(s) && !(s->scntl1 & LSI_SCNTL1_CON)) { 528 lsi_request *p; 529 530 trace_lsi_update_irq_disconnected(); 531 p = get_pending_req(s); 532 if (p) { 533 lsi_reselect(s, p); 534 } 535 } 536 } 537 538 /* Stop SCRIPTS execution and raise a SCSI interrupt. */ 539 static void lsi_script_scsi_interrupt(LSIState *s, int stat0, int stat1) 540 { 541 uint32_t mask0; 542 uint32_t mask1; 543 544 trace_lsi_script_scsi_interrupt(stat1, stat0, s->sist1, s->sist0); 545 s->sist0 |= stat0; 546 s->sist1 |= stat1; 547 /* Stop processor on fatal or unmasked interrupt. As a special hack 548 we don't stop processing when raising STO. Instead continue 549 execution and stop at the next insn that accesses the SCSI bus. */ 550 mask0 = s->sien0 | ~(LSI_SIST0_CMP | LSI_SIST0_SEL | LSI_SIST0_RSL); 551 mask1 = s->sien1 | ~(LSI_SIST1_GEN | LSI_SIST1_HTH); 552 mask1 &= ~LSI_SIST1_STO; 553 if (s->sist0 & mask0 || s->sist1 & mask1) { 554 lsi_stop_script(s); 555 } 556 lsi_update_irq(s); 557 } 558 559 /* Stop SCRIPTS execution and raise a DMA interrupt. */ 560 static void lsi_script_dma_interrupt(LSIState *s, int stat) 561 { 562 trace_lsi_script_dma_interrupt(stat, s->dstat); 563 s->dstat |= stat; 564 lsi_update_irq(s); 565 lsi_stop_script(s); 566 } 567 568 static inline void lsi_set_phase(LSIState *s, int phase) 569 { 570 s->sbcl &= ~PHASE_MASK; 571 s->sbcl |= phase | LSI_SBCL_REQ; 572 s->sstat1 = (s->sstat1 & ~PHASE_MASK) | phase; 573 } 574 575 static void lsi_bad_phase(LSIState *s, int out, int new_phase) 576 { 577 /* Trigger a phase mismatch. */ 578 if (s->ccntl0 & LSI_CCNTL0_ENPMJ) { 579 if ((s->ccntl0 & LSI_CCNTL0_PMJCTL)) { 580 s->dsp = out ? s->pmjad1 : s->pmjad2; 581 } else { 582 s->dsp = (s->scntl2 & LSI_SCNTL2_WSR ? s->pmjad2 : s->pmjad1); 583 } 584 trace_lsi_bad_phase_jump(s->dsp); 585 } else { 586 trace_lsi_bad_phase_interrupt(); 587 lsi_script_scsi_interrupt(s, LSI_SIST0_MA, 0); 588 lsi_stop_script(s); 589 } 590 lsi_set_phase(s, new_phase); 591 } 592 593 594 /* Resume SCRIPTS execution after a DMA operation. */ 595 static void lsi_resume_script(LSIState *s) 596 { 597 if (s->waiting != 2) { 598 s->waiting = LSI_NOWAIT; 599 lsi_execute_script(s); 600 } else { 601 s->waiting = LSI_NOWAIT; 602 } 603 } 604 605 static void lsi_disconnect(LSIState *s) 606 { 607 s->scntl1 &= ~LSI_SCNTL1_CON; 608 s->sstat1 &= ~PHASE_MASK; 609 s->sbcl = 0; 610 } 611 612 static void lsi_bad_selection(LSIState *s, uint32_t id) 613 { 614 trace_lsi_bad_selection(id); 615 lsi_script_scsi_interrupt(s, 0, LSI_SIST1_STO); 616 lsi_disconnect(s); 617 } 618 619 /* Initiate a SCSI layer data transfer. */ 620 static void lsi_do_dma(LSIState *s, int out) 621 { 622 uint32_t count; 623 dma_addr_t addr; 624 SCSIDevice *dev; 625 626 assert(s->current); 627 if (!s->current->dma_len) { 628 /* Wait until data is available. */ 629 trace_lsi_do_dma_unavailable(); 630 return; 631 } 632 633 dev = s->current->req->dev; 634 assert(dev); 635 636 count = s->dbc; 637 if (count > s->current->dma_len) 638 count = s->current->dma_len; 639 640 addr = s->dnad; 641 /* both 40 and Table Indirect 64-bit DMAs store upper bits in dnad64 */ 642 if (lsi_dma_40bit(s) || lsi_dma_ti64bit(s)) 643 addr |= ((uint64_t)s->dnad64 << 32); 644 else if (s->dbms) 645 addr |= ((uint64_t)s->dbms << 32); 646 else if (s->sbms) 647 addr |= ((uint64_t)s->sbms << 32); 648 649 trace_lsi_do_dma(addr, count); 650 s->csbc += count; 651 s->dnad += count; 652 s->dbc -= count; 653 if (s->current->dma_buf == NULL) { 654 s->current->dma_buf = scsi_req_get_buf(s->current->req); 655 } 656 /* ??? Set SFBR to first data byte. */ 657 if (out) { 658 lsi_mem_read(s, addr, s->current->dma_buf, count); 659 } else { 660 lsi_mem_write(s, addr, s->current->dma_buf, count); 661 } 662 s->current->dma_len -= count; 663 if (s->current->dma_len == 0) { 664 s->current->dma_buf = NULL; 665 scsi_req_continue(s->current->req); 666 } else { 667 s->current->dma_buf += count; 668 lsi_resume_script(s); 669 } 670 } 671 672 673 /* Add a command to the queue. */ 674 static void lsi_queue_command(LSIState *s) 675 { 676 lsi_request *p = s->current; 677 678 trace_lsi_queue_command(p->tag); 679 assert(s->current != NULL); 680 assert(s->current->dma_len == 0); 681 QTAILQ_INSERT_TAIL(&s->queue, s->current, next); 682 s->current = NULL; 683 684 p->pending = 0; 685 p->out = (s->sstat1 & PHASE_MASK) == PHASE_DO; 686 } 687 688 /* Queue a byte for a MSG IN phase. */ 689 static void lsi_add_msg_byte(LSIState *s, uint8_t data) 690 { 691 if (s->msg_len >= LSI_MAX_MSGIN_LEN) { 692 trace_lsi_add_msg_byte_error(); 693 } else { 694 trace_lsi_add_msg_byte(data); 695 s->msg[s->msg_len++] = data; 696 } 697 } 698 699 /* Perform reselection to continue a command. */ 700 static void lsi_reselect(LSIState *s, lsi_request *p) 701 { 702 int id; 703 704 assert(s->current == NULL); 705 QTAILQ_REMOVE(&s->queue, p, next); 706 s->current = p; 707 708 id = (p->tag >> 8) & 0xf; 709 s->ssid = id | 0x80; 710 /* LSI53C700 Family Compatibility, see LSI53C895A 4-73 */ 711 if (!(s->dcntl & LSI_DCNTL_COM)) { 712 s->sfbr = 1 << (id & 0x7); 713 } 714 trace_lsi_reselect(id); 715 s->scntl1 |= LSI_SCNTL1_CON; 716 lsi_set_phase(s, PHASE_MI); 717 s->msg_action = p->out ? LSI_MSG_ACTION_DOUT : LSI_MSG_ACTION_DIN; 718 s->current->dma_len = p->pending; 719 lsi_add_msg_byte(s, 0x80); 720 if (s->current->tag & LSI_TAG_VALID) { 721 lsi_add_msg_byte(s, 0x20); 722 lsi_add_msg_byte(s, p->tag & 0xff); 723 } 724 725 if (lsi_irq_on_rsl(s)) { 726 lsi_script_scsi_interrupt(s, LSI_SIST0_RSL, 0); 727 } 728 } 729 730 static lsi_request *lsi_find_by_tag(LSIState *s, uint32_t tag) 731 { 732 lsi_request *p; 733 734 QTAILQ_FOREACH(p, &s->queue, next) { 735 if (p->tag == tag) { 736 return p; 737 } 738 } 739 740 return NULL; 741 } 742 743 static void lsi_request_free(LSIState *s, lsi_request *p) 744 { 745 if (p == s->current) { 746 s->current = NULL; 747 } else { 748 QTAILQ_REMOVE(&s->queue, p, next); 749 } 750 g_free(p); 751 } 752 753 static void lsi_request_cancelled(SCSIRequest *req) 754 { 755 LSIState *s = LSI53C895A(req->bus->qbus.parent); 756 lsi_request *p = req->hba_private; 757 758 req->hba_private = NULL; 759 lsi_request_free(s, p); 760 scsi_req_unref(req); 761 } 762 763 /* Record that data is available for a queued command. Returns zero if 764 the device was reselected, nonzero if the IO is deferred. */ 765 static int lsi_queue_req(LSIState *s, SCSIRequest *req, uint32_t len) 766 { 767 lsi_request *p = req->hba_private; 768 769 if (p->pending) { 770 trace_lsi_queue_req_error(p); 771 } 772 p->pending = len; 773 /* Reselect if waiting for it, or if reselection triggers an IRQ 774 and the bus is free. 775 Since no interrupt stacking is implemented in the emulation, it 776 is also required that there are no pending interrupts waiting 777 for service from the device driver. */ 778 if (s->waiting == LSI_WAIT_RESELECT || 779 (lsi_irq_on_rsl(s) && !(s->scntl1 & LSI_SCNTL1_CON) && 780 !(s->istat0 & (LSI_ISTAT0_SIP | LSI_ISTAT0_DIP)))) { 781 /* Reselect device. */ 782 lsi_reselect(s, p); 783 return 0; 784 } else { 785 trace_lsi_queue_req(p->tag); 786 p->pending = len; 787 return 1; 788 } 789 } 790 791 /* Callback to indicate that the SCSI layer has completed a command. */ 792 static void lsi_command_complete(SCSIRequest *req, uint32_t status, size_t resid) 793 { 794 LSIState *s = LSI53C895A(req->bus->qbus.parent); 795 int out; 796 797 out = (s->sstat1 & PHASE_MASK) == PHASE_DO; 798 trace_lsi_command_complete(status); 799 s->status = status; 800 s->command_complete = 2; 801 if (s->waiting && s->dbc != 0) { 802 /* Raise phase mismatch for short transfers. */ 803 lsi_bad_phase(s, out, PHASE_ST); 804 } else { 805 lsi_set_phase(s, PHASE_ST); 806 } 807 808 if (req->hba_private == s->current) { 809 req->hba_private = NULL; 810 lsi_request_free(s, s->current); 811 scsi_req_unref(req); 812 } 813 lsi_resume_script(s); 814 } 815 816 /* Callback to indicate that the SCSI layer has completed a transfer. */ 817 static void lsi_transfer_data(SCSIRequest *req, uint32_t len) 818 { 819 LSIState *s = LSI53C895A(req->bus->qbus.parent); 820 int out; 821 822 assert(req->hba_private); 823 if (s->waiting == LSI_WAIT_RESELECT || req->hba_private != s->current || 824 (lsi_irq_on_rsl(s) && !(s->scntl1 & LSI_SCNTL1_CON))) { 825 if (lsi_queue_req(s, req, len)) { 826 return; 827 } 828 } 829 830 out = (s->sstat1 & PHASE_MASK) == PHASE_DO; 831 832 /* host adapter (re)connected */ 833 trace_lsi_transfer_data(req->tag, len); 834 s->current->dma_len = len; 835 s->command_complete = 1; 836 if (s->waiting) { 837 if (s->waiting == LSI_WAIT_RESELECT || s->dbc == 0) { 838 lsi_resume_script(s); 839 } else { 840 lsi_do_dma(s, out); 841 } 842 } 843 } 844 845 static void lsi_do_command(LSIState *s) 846 { 847 SCSIDevice *dev; 848 uint8_t buf[16]; 849 uint32_t id; 850 int n; 851 852 trace_lsi_do_command(s->dbc); 853 if (s->dbc > 16) 854 s->dbc = 16; 855 pci_dma_read(PCI_DEVICE(s), s->dnad, buf, s->dbc); 856 s->sfbr = buf[0]; 857 s->command_complete = 0; 858 859 id = (s->select_tag >> 8) & 0xf; 860 dev = scsi_device_find(&s->bus, 0, id, s->current_lun); 861 if (!dev) { 862 lsi_bad_selection(s, id); 863 return; 864 } 865 866 assert(s->current == NULL); 867 s->current = g_new0(lsi_request, 1); 868 s->current->tag = s->select_tag; 869 s->current->req = scsi_req_new(dev, s->current->tag, s->current_lun, buf, 870 s->current); 871 872 n = scsi_req_enqueue(s->current->req); 873 if (n) { 874 if (n > 0) { 875 lsi_set_phase(s, PHASE_DI); 876 } else if (n < 0) { 877 lsi_set_phase(s, PHASE_DO); 878 } 879 scsi_req_continue(s->current->req); 880 } 881 if (!s->command_complete) { 882 if (n) { 883 /* Command did not complete immediately so disconnect. */ 884 lsi_add_msg_byte(s, 2); /* SAVE DATA POINTER */ 885 lsi_add_msg_byte(s, 4); /* DISCONNECT */ 886 /* wait data */ 887 lsi_set_phase(s, PHASE_MI); 888 s->msg_action = LSI_MSG_ACTION_DISCONNECT; 889 lsi_queue_command(s); 890 } else { 891 /* wait command complete */ 892 lsi_set_phase(s, PHASE_DI); 893 } 894 } 895 } 896 897 static void lsi_do_status(LSIState *s) 898 { 899 uint8_t status; 900 trace_lsi_do_status(s->dbc, s->status); 901 if (s->dbc != 1) { 902 trace_lsi_do_status_error(); 903 } 904 s->dbc = 1; 905 status = s->status; 906 s->sfbr = status; 907 pci_dma_write(PCI_DEVICE(s), s->dnad, &status, 1); 908 lsi_set_phase(s, PHASE_MI); 909 s->msg_action = LSI_MSG_ACTION_DISCONNECT; 910 lsi_add_msg_byte(s, 0); /* COMMAND COMPLETE */ 911 } 912 913 static void lsi_do_msgin(LSIState *s) 914 { 915 uint8_t len; 916 trace_lsi_do_msgin(s->dbc, s->msg_len); 917 s->sfbr = s->msg[0]; 918 len = s->msg_len; 919 assert(len > 0 && len <= LSI_MAX_MSGIN_LEN); 920 if (len > s->dbc) 921 len = s->dbc; 922 pci_dma_write(PCI_DEVICE(s), s->dnad, s->msg, len); 923 /* Linux drivers rely on the last byte being in the SIDL. */ 924 s->sidl = s->msg[len - 1]; 925 s->msg_len -= len; 926 if (s->msg_len) { 927 memmove(s->msg, s->msg + len, s->msg_len); 928 } else { 929 /* ??? Check if ATN (not yet implemented) is asserted and maybe 930 switch to PHASE_MO. */ 931 switch (s->msg_action) { 932 case LSI_MSG_ACTION_COMMAND: 933 lsi_set_phase(s, PHASE_CMD); 934 break; 935 case LSI_MSG_ACTION_DISCONNECT: 936 lsi_disconnect(s); 937 break; 938 case LSI_MSG_ACTION_DOUT: 939 lsi_set_phase(s, PHASE_DO); 940 break; 941 case LSI_MSG_ACTION_DIN: 942 lsi_set_phase(s, PHASE_DI); 943 break; 944 default: 945 abort(); 946 } 947 } 948 } 949 950 /* Read the next byte during a MSGOUT phase. */ 951 static uint8_t lsi_get_msgbyte(LSIState *s) 952 { 953 uint8_t data; 954 pci_dma_read(PCI_DEVICE(s), s->dnad, &data, 1); 955 s->dnad++; 956 s->dbc--; 957 return data; 958 } 959 960 /* Skip the next n bytes during a MSGOUT phase. */ 961 static void lsi_skip_msgbytes(LSIState *s, unsigned int n) 962 { 963 s->dnad += n; 964 s->dbc -= n; 965 } 966 967 static void lsi_do_msgout(LSIState *s) 968 { 969 uint8_t msg; 970 int len; 971 uint32_t current_tag; 972 lsi_request *current_req, *p, *p_next; 973 974 if (s->current) { 975 current_tag = s->current->tag; 976 current_req = s->current; 977 } else { 978 current_tag = s->select_tag; 979 current_req = lsi_find_by_tag(s, current_tag); 980 } 981 982 trace_lsi_do_msgout(s->dbc); 983 while (s->dbc) { 984 msg = lsi_get_msgbyte(s); 985 s->sfbr = msg; 986 987 switch (msg) { 988 case 0x04: 989 trace_lsi_do_msgout_disconnect(); 990 lsi_disconnect(s); 991 break; 992 case 0x08: 993 trace_lsi_do_msgout_noop(); 994 lsi_set_phase(s, PHASE_CMD); 995 break; 996 case 0x01: 997 len = lsi_get_msgbyte(s); 998 msg = lsi_get_msgbyte(s); 999 (void)len; /* avoid a warning about unused variable*/ 1000 trace_lsi_do_msgout_extended(msg, len); 1001 switch (msg) { 1002 case 1: 1003 trace_lsi_do_msgout_ignored("SDTR"); 1004 lsi_skip_msgbytes(s, 2); 1005 break; 1006 case 3: 1007 trace_lsi_do_msgout_ignored("WDTR"); 1008 lsi_skip_msgbytes(s, 1); 1009 break; 1010 case 4: 1011 trace_lsi_do_msgout_ignored("PPR"); 1012 lsi_skip_msgbytes(s, 5); 1013 break; 1014 default: 1015 goto bad; 1016 } 1017 break; 1018 case 0x20: /* SIMPLE queue */ 1019 s->select_tag |= lsi_get_msgbyte(s) | LSI_TAG_VALID; 1020 trace_lsi_do_msgout_simplequeue(s->select_tag & 0xff); 1021 break; 1022 case 0x21: /* HEAD of queue */ 1023 qemu_log_mask(LOG_UNIMP, "lsi_scsi: HEAD queue not implemented\n"); 1024 s->select_tag |= lsi_get_msgbyte(s) | LSI_TAG_VALID; 1025 break; 1026 case 0x22: /* ORDERED queue */ 1027 qemu_log_mask(LOG_UNIMP, 1028 "lsi_scsi: ORDERED queue not implemented\n"); 1029 s->select_tag |= lsi_get_msgbyte(s) | LSI_TAG_VALID; 1030 break; 1031 case 0x0d: 1032 /* The ABORT TAG message clears the current I/O process only. */ 1033 trace_lsi_do_msgout_abort(current_tag); 1034 if (current_req) { 1035 scsi_req_cancel(current_req->req); 1036 } 1037 lsi_disconnect(s); 1038 break; 1039 case 0x06: 1040 case 0x0e: 1041 case 0x0c: 1042 /* The ABORT message clears all I/O processes for the selecting 1043 initiator on the specified logical unit of the target. */ 1044 if (msg == 0x06) { 1045 trace_lsi_do_msgout_abort(current_tag); 1046 } 1047 /* The CLEAR QUEUE message clears all I/O processes for all 1048 initiators on the specified logical unit of the target. */ 1049 if (msg == 0x0e) { 1050 trace_lsi_do_msgout_clearqueue(current_tag); 1051 } 1052 /* The BUS DEVICE RESET message clears all I/O processes for all 1053 initiators on all logical units of the target. */ 1054 if (msg == 0x0c) { 1055 trace_lsi_do_msgout_busdevicereset(current_tag); 1056 } 1057 1058 /* clear the current I/O process */ 1059 if (s->current) { 1060 scsi_req_cancel(s->current->req); 1061 } 1062 1063 /* As the current implemented devices scsi_disk and scsi_generic 1064 only support one LUN, we don't need to keep track of LUNs. 1065 Clearing I/O processes for other initiators could be possible 1066 for scsi_generic by sending a SG_SCSI_RESET to the /dev/sgX 1067 device, but this is currently not implemented (and seems not 1068 to be really necessary). So let's simply clear all queued 1069 commands for the current device: */ 1070 QTAILQ_FOREACH_SAFE(p, &s->queue, next, p_next) { 1071 if ((p->tag & 0x0000ff00) == (current_tag & 0x0000ff00)) { 1072 scsi_req_cancel(p->req); 1073 } 1074 } 1075 1076 lsi_disconnect(s); 1077 break; 1078 default: 1079 if ((msg & 0x80) == 0) { 1080 goto bad; 1081 } 1082 s->current_lun = msg & 7; 1083 trace_lsi_do_msgout_select(s->current_lun); 1084 lsi_set_phase(s, PHASE_CMD); 1085 break; 1086 } 1087 } 1088 return; 1089 bad: 1090 qemu_log_mask(LOG_UNIMP, "Unimplemented message 0x%02x\n", msg); 1091 lsi_set_phase(s, PHASE_MI); 1092 lsi_add_msg_byte(s, 7); /* MESSAGE REJECT */ 1093 s->msg_action = LSI_MSG_ACTION_COMMAND; 1094 } 1095 1096 #define LSI_BUF_SIZE 4096 1097 static void lsi_memcpy(LSIState *s, uint32_t dest, uint32_t src, int count) 1098 { 1099 int n; 1100 uint8_t buf[LSI_BUF_SIZE]; 1101 1102 trace_lsi_memcpy(dest, src, count); 1103 while (count) { 1104 n = (count > LSI_BUF_SIZE) ? LSI_BUF_SIZE : count; 1105 lsi_mem_read(s, src, buf, n); 1106 lsi_mem_write(s, dest, buf, n); 1107 src += n; 1108 dest += n; 1109 count -= n; 1110 } 1111 } 1112 1113 static void lsi_wait_reselect(LSIState *s) 1114 { 1115 lsi_request *p; 1116 1117 trace_lsi_wait_reselect(); 1118 1119 if (s->current) { 1120 return; 1121 } 1122 p = get_pending_req(s); 1123 if (p) { 1124 lsi_reselect(s, p); 1125 } 1126 if (s->current == NULL) { 1127 s->waiting = LSI_WAIT_RESELECT; 1128 } 1129 } 1130 1131 static void lsi_execute_script(LSIState *s) 1132 { 1133 PCIDevice *pci_dev = PCI_DEVICE(s); 1134 uint32_t insn; 1135 uint32_t addr, addr_high; 1136 int opcode; 1137 int insn_processed = 0; 1138 1139 s->istat1 |= LSI_ISTAT1_SRUN; 1140 again: 1141 if (++insn_processed > LSI_MAX_INSN) { 1142 /* Some windows drivers make the device spin waiting for a memory 1143 location to change. If we have been executed a lot of code then 1144 assume this is the case and force an unexpected device disconnect. 1145 This is apparently sufficient to beat the drivers into submission. 1146 */ 1147 if (!(s->sien0 & LSI_SIST0_UDC)) { 1148 qemu_log_mask(LOG_GUEST_ERROR, 1149 "lsi_scsi: inf. loop with UDC masked"); 1150 } 1151 lsi_script_scsi_interrupt(s, LSI_SIST0_UDC, 0); 1152 lsi_disconnect(s); 1153 trace_lsi_execute_script_stop(); 1154 return; 1155 } 1156 insn = read_dword(s, s->dsp); 1157 if (!insn) { 1158 /* If we receive an empty opcode increment the DSP by 4 bytes 1159 instead of 8 and execute the next opcode at that location */ 1160 s->dsp += 4; 1161 goto again; 1162 } 1163 addr = read_dword(s, s->dsp + 4); 1164 addr_high = 0; 1165 trace_lsi_execute_script(s->dsp, insn, addr); 1166 s->dsps = addr; 1167 s->dcmd = insn >> 24; 1168 s->dsp += 8; 1169 switch (insn >> 30) { 1170 case 0: /* Block move. */ 1171 if (s->sist1 & LSI_SIST1_STO) { 1172 trace_lsi_execute_script_blockmove_delayed(); 1173 lsi_stop_script(s); 1174 break; 1175 } 1176 s->dbc = insn & 0xffffff; 1177 s->rbc = s->dbc; 1178 /* ??? Set ESA. */ 1179 s->ia = s->dsp - 8; 1180 if (insn & (1 << 29)) { 1181 /* Indirect addressing. */ 1182 addr = read_dword(s, addr); 1183 } else if (insn & (1 << 28)) { 1184 uint32_t buf[2]; 1185 int32_t offset; 1186 /* Table indirect addressing. */ 1187 1188 /* 32-bit Table indirect */ 1189 offset = sextract32(addr, 0, 24); 1190 pci_dma_read(pci_dev, s->dsa + offset, buf, 8); 1191 /* byte count is stored in bits 0:23 only */ 1192 s->dbc = cpu_to_le32(buf[0]) & 0xffffff; 1193 s->rbc = s->dbc; 1194 addr = cpu_to_le32(buf[1]); 1195 1196 /* 40-bit DMA, upper addr bits [39:32] stored in first DWORD of 1197 * table, bits [31:24] */ 1198 if (lsi_dma_40bit(s)) 1199 addr_high = cpu_to_le32(buf[0]) >> 24; 1200 else if (lsi_dma_ti64bit(s)) { 1201 int selector = (cpu_to_le32(buf[0]) >> 24) & 0x1f; 1202 switch (selector) { 1203 case 0 ... 0x0f: 1204 /* offset index into scratch registers since 1205 * TI64 mode can use registers C to R */ 1206 addr_high = s->scratch[2 + selector]; 1207 break; 1208 case 0x10: 1209 addr_high = s->mmrs; 1210 break; 1211 case 0x11: 1212 addr_high = s->mmws; 1213 break; 1214 case 0x12: 1215 addr_high = s->sfs; 1216 break; 1217 case 0x13: 1218 addr_high = s->drs; 1219 break; 1220 case 0x14: 1221 addr_high = s->sbms; 1222 break; 1223 case 0x15: 1224 addr_high = s->dbms; 1225 break; 1226 default: 1227 qemu_log_mask(LOG_GUEST_ERROR, 1228 "lsi_scsi: Illegal selector specified (0x%x > 0x15) " 1229 "for 64-bit DMA block move", selector); 1230 break; 1231 } 1232 } 1233 } else if (lsi_dma_64bit(s)) { 1234 /* fetch a 3rd dword if 64-bit direct move is enabled and 1235 only if we're not doing table indirect or indirect addressing */ 1236 s->dbms = read_dword(s, s->dsp); 1237 s->dsp += 4; 1238 s->ia = s->dsp - 12; 1239 } 1240 if ((s->sstat1 & PHASE_MASK) != ((insn >> 24) & 7)) { 1241 trace_lsi_execute_script_blockmove_badphase( 1242 scsi_phase_name(s->sstat1), 1243 scsi_phase_name(insn >> 24)); 1244 lsi_script_scsi_interrupt(s, LSI_SIST0_MA, 0); 1245 break; 1246 } 1247 s->dnad = addr; 1248 s->dnad64 = addr_high; 1249 switch (s->sstat1 & 0x7) { 1250 case PHASE_DO: 1251 s->waiting = LSI_DMA_SCRIPTS; 1252 lsi_do_dma(s, 1); 1253 if (s->waiting) 1254 s->waiting = LSI_DMA_IN_PROGRESS; 1255 break; 1256 case PHASE_DI: 1257 s->waiting = LSI_DMA_SCRIPTS; 1258 lsi_do_dma(s, 0); 1259 if (s->waiting) 1260 s->waiting = LSI_DMA_IN_PROGRESS; 1261 break; 1262 case PHASE_CMD: 1263 lsi_do_command(s); 1264 break; 1265 case PHASE_ST: 1266 lsi_do_status(s); 1267 break; 1268 case PHASE_MO: 1269 lsi_do_msgout(s); 1270 break; 1271 case PHASE_MI: 1272 lsi_do_msgin(s); 1273 break; 1274 default: 1275 qemu_log_mask(LOG_UNIMP, "lsi_scsi: Unimplemented phase %s\n", 1276 scsi_phase_name(s->sstat1)); 1277 } 1278 s->dfifo = s->dbc & 0xff; 1279 s->ctest5 = (s->ctest5 & 0xfc) | ((s->dbc >> 8) & 3); 1280 s->sbc = s->dbc; 1281 s->rbc -= s->dbc; 1282 s->ua = addr + s->dbc; 1283 break; 1284 1285 case 1: /* IO or Read/Write instruction. */ 1286 opcode = (insn >> 27) & 7; 1287 if (opcode < 5) { 1288 uint32_t id; 1289 1290 if (insn & (1 << 25)) { 1291 id = read_dword(s, s->dsa + sextract32(insn, 0, 24)); 1292 } else { 1293 id = insn; 1294 } 1295 id = (id >> 16) & 0xf; 1296 if (insn & (1 << 26)) { 1297 addr = s->dsp + sextract32(addr, 0, 24); 1298 } 1299 s->dnad = addr; 1300 switch (opcode) { 1301 case 0: /* Select */ 1302 s->sdid = id; 1303 if (s->scntl1 & LSI_SCNTL1_CON) { 1304 trace_lsi_execute_script_io_alreadyreselected(); 1305 s->dsp = s->dnad; 1306 break; 1307 } 1308 s->sstat0 |= LSI_SSTAT0_WOA; 1309 s->scntl1 &= ~LSI_SCNTL1_IARB; 1310 if (!scsi_device_find(&s->bus, 0, id, 0)) { 1311 lsi_bad_selection(s, id); 1312 break; 1313 } 1314 trace_lsi_execute_script_io_selected(id, 1315 insn & (1 << 3) ? " ATN" : ""); 1316 /* ??? Linux drivers compain when this is set. Maybe 1317 it only applies in low-level mode (unimplemented). 1318 lsi_script_scsi_interrupt(s, LSI_SIST0_CMP, 0); */ 1319 s->select_tag = id << 8; 1320 s->scntl1 |= LSI_SCNTL1_CON; 1321 if (insn & (1 << 3)) { 1322 s->socl |= LSI_SOCL_ATN; 1323 s->sbcl |= LSI_SBCL_ATN; 1324 } 1325 s->sbcl |= LSI_SBCL_BSY; 1326 lsi_set_phase(s, PHASE_MO); 1327 s->waiting = LSI_NOWAIT; 1328 break; 1329 case 1: /* Disconnect */ 1330 trace_lsi_execute_script_io_disconnect(); 1331 s->scntl1 &= ~LSI_SCNTL1_CON; 1332 /* FIXME: this is not entirely correct; the target need not ask 1333 * for reselection until it has to send data, while here we force a 1334 * reselection as soon as the bus is free. The correct flow would 1335 * reselect before lsi_transfer_data and disconnect as soon as 1336 * DMA ends. 1337 */ 1338 if (!s->current) { 1339 lsi_request *p = get_pending_req(s); 1340 if (p) { 1341 lsi_reselect(s, p); 1342 } 1343 } 1344 break; 1345 case 2: /* Wait Reselect */ 1346 if (s->istat0 & LSI_ISTAT0_SIGP) { 1347 s->dsp = s->dnad; 1348 } else if (!lsi_irq_on_rsl(s)) { 1349 lsi_wait_reselect(s); 1350 } 1351 break; 1352 case 3: /* Set */ 1353 trace_lsi_execute_script_io_set( 1354 insn & (1 << 3) ? " ATN" : "", 1355 insn & (1 << 6) ? " ACK" : "", 1356 insn & (1 << 9) ? " TM" : "", 1357 insn & (1 << 10) ? " CC" : ""); 1358 if (insn & (1 << 3)) { 1359 s->socl |= LSI_SOCL_ATN; 1360 s->sbcl |= LSI_SBCL_ATN; 1361 lsi_set_phase(s, PHASE_MO); 1362 } 1363 1364 if (insn & (1 << 6)) { 1365 s->sbcl |= LSI_SBCL_ACK; 1366 } 1367 1368 if (insn & (1 << 9)) { 1369 qemu_log_mask(LOG_UNIMP, 1370 "lsi_scsi: Target mode not implemented\n"); 1371 } 1372 if (insn & (1 << 10)) 1373 s->carry = 1; 1374 break; 1375 case 4: /* Clear */ 1376 trace_lsi_execute_script_io_clear( 1377 insn & (1 << 3) ? " ATN" : "", 1378 insn & (1 << 6) ? " ACK" : "", 1379 insn & (1 << 9) ? " TM" : "", 1380 insn & (1 << 10) ? " CC" : ""); 1381 if (insn & (1 << 3)) { 1382 s->socl &= ~LSI_SOCL_ATN; 1383 s->sbcl &= ~LSI_SBCL_ATN; 1384 } 1385 1386 if (insn & (1 << 6)) { 1387 s->sbcl &= ~LSI_SBCL_ACK; 1388 } 1389 1390 if (insn & (1 << 10)) 1391 s->carry = 0; 1392 break; 1393 } 1394 } else { 1395 uint8_t op0; 1396 uint8_t op1; 1397 uint8_t data8; 1398 int reg; 1399 int operator; 1400 1401 static const char *opcode_names[3] = 1402 {"Write", "Read", "Read-Modify-Write"}; 1403 static const char *operator_names[8] = 1404 {"MOV", "SHL", "OR", "XOR", "AND", "SHR", "ADD", "ADC"}; 1405 1406 reg = ((insn >> 16) & 0x7f) | (insn & 0x80); 1407 data8 = (insn >> 8) & 0xff; 1408 opcode = (insn >> 27) & 7; 1409 operator = (insn >> 24) & 7; 1410 trace_lsi_execute_script_io_opcode( 1411 opcode_names[opcode - 5], reg, 1412 operator_names[operator], data8, s->sfbr, 1413 (insn & (1 << 23)) ? " SFBR" : ""); 1414 op0 = op1 = 0; 1415 switch (opcode) { 1416 case 5: /* From SFBR */ 1417 op0 = s->sfbr; 1418 op1 = data8; 1419 break; 1420 case 6: /* To SFBR */ 1421 if (operator) 1422 op0 = lsi_reg_readb(s, reg); 1423 op1 = data8; 1424 break; 1425 case 7: /* Read-modify-write */ 1426 if (operator) 1427 op0 = lsi_reg_readb(s, reg); 1428 if (insn & (1 << 23)) { 1429 op1 = s->sfbr; 1430 } else { 1431 op1 = data8; 1432 } 1433 break; 1434 } 1435 1436 switch (operator) { 1437 case 0: /* move */ 1438 op0 = op1; 1439 break; 1440 case 1: /* Shift left */ 1441 op1 = op0 >> 7; 1442 op0 = (op0 << 1) | s->carry; 1443 s->carry = op1; 1444 break; 1445 case 2: /* OR */ 1446 op0 |= op1; 1447 break; 1448 case 3: /* XOR */ 1449 op0 ^= op1; 1450 break; 1451 case 4: /* AND */ 1452 op0 &= op1; 1453 break; 1454 case 5: /* SHR */ 1455 op1 = op0 & 1; 1456 op0 = (op0 >> 1) | (s->carry << 7); 1457 s->carry = op1; 1458 break; 1459 case 6: /* ADD */ 1460 op0 += op1; 1461 s->carry = op0 < op1; 1462 break; 1463 case 7: /* ADC */ 1464 op0 += op1 + s->carry; 1465 if (s->carry) 1466 s->carry = op0 <= op1; 1467 else 1468 s->carry = op0 < op1; 1469 break; 1470 } 1471 1472 switch (opcode) { 1473 case 5: /* From SFBR */ 1474 case 7: /* Read-modify-write */ 1475 lsi_reg_writeb(s, reg, op0); 1476 break; 1477 case 6: /* To SFBR */ 1478 s->sfbr = op0; 1479 break; 1480 } 1481 } 1482 break; 1483 1484 case 2: /* Transfer Control. */ 1485 { 1486 int cond; 1487 int jmp; 1488 1489 if ((insn & 0x002e0000) == 0) { 1490 trace_lsi_execute_script_tc_nop(); 1491 break; 1492 } 1493 if (s->sist1 & LSI_SIST1_STO) { 1494 trace_lsi_execute_script_tc_delayedselect_timeout(); 1495 lsi_stop_script(s); 1496 break; 1497 } 1498 cond = jmp = (insn & (1 << 19)) != 0; 1499 if (cond == jmp && (insn & (1 << 21))) { 1500 trace_lsi_execute_script_tc_compc(s->carry == jmp); 1501 cond = s->carry != 0; 1502 } 1503 if (cond == jmp && (insn & (1 << 17))) { 1504 trace_lsi_execute_script_tc_compp(scsi_phase_name(s->sstat1), 1505 jmp ? '=' : '!', scsi_phase_name(insn >> 24)); 1506 cond = (s->sstat1 & PHASE_MASK) == ((insn >> 24) & 7); 1507 } 1508 if (cond == jmp && (insn & (1 << 18))) { 1509 uint8_t mask; 1510 1511 mask = (~insn >> 8) & 0xff; 1512 trace_lsi_execute_script_tc_compd( 1513 s->sfbr, mask, jmp ? '=' : '!', insn & mask); 1514 cond = (s->sfbr & mask) == (insn & mask); 1515 } 1516 if (cond == jmp) { 1517 if (insn & (1 << 23)) { 1518 /* Relative address. */ 1519 addr = s->dsp + sextract32(addr, 0, 24); 1520 } 1521 switch ((insn >> 27) & 7) { 1522 case 0: /* Jump */ 1523 trace_lsi_execute_script_tc_jump(addr); 1524 s->adder = addr; 1525 s->dsp = addr; 1526 break; 1527 case 1: /* Call */ 1528 trace_lsi_execute_script_tc_call(addr); 1529 s->temp = s->dsp; 1530 s->dsp = addr; 1531 break; 1532 case 2: /* Return */ 1533 trace_lsi_execute_script_tc_return(s->temp); 1534 s->dsp = s->temp; 1535 break; 1536 case 3: /* Interrupt */ 1537 trace_lsi_execute_script_tc_interrupt(s->dsps); 1538 if ((insn & (1 << 20)) != 0) { 1539 s->istat0 |= LSI_ISTAT0_INTF; 1540 lsi_update_irq(s); 1541 } else { 1542 lsi_script_dma_interrupt(s, LSI_DSTAT_SIR); 1543 } 1544 break; 1545 default: 1546 trace_lsi_execute_script_tc_illegal(); 1547 lsi_script_dma_interrupt(s, LSI_DSTAT_IID); 1548 break; 1549 } 1550 } else { 1551 trace_lsi_execute_script_tc_cc_failed(); 1552 } 1553 } 1554 break; 1555 1556 case 3: 1557 if ((insn & (1 << 29)) == 0) { 1558 /* Memory move. */ 1559 uint32_t dest; 1560 /* ??? The docs imply the destination address is loaded into 1561 the TEMP register. However the Linux drivers rely on 1562 the value being presrved. */ 1563 dest = read_dword(s, s->dsp); 1564 s->dsp += 4; 1565 lsi_memcpy(s, dest, addr, insn & 0xffffff); 1566 } else { 1567 uint8_t data[7]; 1568 int reg; 1569 int n; 1570 int i; 1571 1572 if (insn & (1 << 28)) { 1573 addr = s->dsa + sextract32(addr, 0, 24); 1574 } 1575 n = (insn & 7); 1576 reg = (insn >> 16) & 0xff; 1577 if (insn & (1 << 24)) { 1578 pci_dma_read(pci_dev, addr, data, n); 1579 trace_lsi_execute_script_mm_load(reg, n, addr, *(int *)data); 1580 for (i = 0; i < n; i++) { 1581 lsi_reg_writeb(s, reg + i, data[i]); 1582 } 1583 } else { 1584 trace_lsi_execute_script_mm_store(reg, n, addr); 1585 for (i = 0; i < n; i++) { 1586 data[i] = lsi_reg_readb(s, reg + i); 1587 } 1588 pci_dma_write(pci_dev, addr, data, n); 1589 } 1590 } 1591 } 1592 if (s->istat1 & LSI_ISTAT1_SRUN && s->waiting == LSI_NOWAIT) { 1593 if (s->dcntl & LSI_DCNTL_SSM) { 1594 lsi_script_dma_interrupt(s, LSI_DSTAT_SSI); 1595 } else { 1596 goto again; 1597 } 1598 } 1599 trace_lsi_execute_script_stop(); 1600 } 1601 1602 static uint8_t lsi_reg_readb(LSIState *s, int offset) 1603 { 1604 uint8_t ret; 1605 1606 #define CASE_GET_REG24(name, addr) \ 1607 case addr: ret = s->name & 0xff; break; \ 1608 case addr + 1: ret = (s->name >> 8) & 0xff; break; \ 1609 case addr + 2: ret = (s->name >> 16) & 0xff; break; 1610 1611 #define CASE_GET_REG32(name, addr) \ 1612 case addr: ret = s->name & 0xff; break; \ 1613 case addr + 1: ret = (s->name >> 8) & 0xff; break; \ 1614 case addr + 2: ret = (s->name >> 16) & 0xff; break; \ 1615 case addr + 3: ret = (s->name >> 24) & 0xff; break; 1616 1617 switch (offset) { 1618 case 0x00: /* SCNTL0 */ 1619 ret = s->scntl0; 1620 break; 1621 case 0x01: /* SCNTL1 */ 1622 ret = s->scntl1; 1623 break; 1624 case 0x02: /* SCNTL2 */ 1625 ret = s->scntl2; 1626 break; 1627 case 0x03: /* SCNTL3 */ 1628 ret = s->scntl3; 1629 break; 1630 case 0x04: /* SCID */ 1631 ret = s->scid; 1632 break; 1633 case 0x05: /* SXFER */ 1634 ret = s->sxfer; 1635 break; 1636 case 0x06: /* SDID */ 1637 ret = s->sdid; 1638 break; 1639 case 0x07: /* GPREG0 */ 1640 ret = 0x7f; 1641 break; 1642 case 0x08: /* Revision ID */ 1643 ret = 0x00; 1644 break; 1645 case 0x09: /* SOCL */ 1646 ret = s->socl; 1647 break; 1648 case 0xa: /* SSID */ 1649 ret = s->ssid; 1650 break; 1651 case 0xb: /* SBCL */ 1652 ret = s->sbcl; 1653 break; 1654 case 0xc: /* DSTAT */ 1655 ret = s->dstat | LSI_DSTAT_DFE; 1656 if ((s->istat0 & LSI_ISTAT0_INTF) == 0) 1657 s->dstat = 0; 1658 lsi_update_irq(s); 1659 break; 1660 case 0x0d: /* SSTAT0 */ 1661 ret = s->sstat0; 1662 break; 1663 case 0x0e: /* SSTAT1 */ 1664 ret = s->sstat1; 1665 break; 1666 case 0x0f: /* SSTAT2 */ 1667 ret = s->scntl1 & LSI_SCNTL1_CON ? 0 : 2; 1668 break; 1669 CASE_GET_REG32(dsa, 0x10) 1670 case 0x14: /* ISTAT0 */ 1671 ret = s->istat0; 1672 break; 1673 case 0x15: /* ISTAT1 */ 1674 ret = s->istat1; 1675 break; 1676 case 0x16: /* MBOX0 */ 1677 ret = s->mbox0; 1678 break; 1679 case 0x17: /* MBOX1 */ 1680 ret = s->mbox1; 1681 break; 1682 case 0x18: /* CTEST0 */ 1683 ret = 0xff; 1684 break; 1685 case 0x19: /* CTEST1 */ 1686 ret = 0; 1687 break; 1688 case 0x1a: /* CTEST2 */ 1689 ret = s->ctest2 | LSI_CTEST2_DACK | LSI_CTEST2_CM; 1690 if (s->istat0 & LSI_ISTAT0_SIGP) { 1691 s->istat0 &= ~LSI_ISTAT0_SIGP; 1692 ret |= LSI_CTEST2_SIGP; 1693 } 1694 break; 1695 case 0x1b: /* CTEST3 */ 1696 ret = s->ctest3; 1697 break; 1698 CASE_GET_REG32(temp, 0x1c) 1699 case 0x20: /* DFIFO */ 1700 ret = s->dfifo; 1701 break; 1702 case 0x21: /* CTEST4 */ 1703 ret = s->ctest4; 1704 break; 1705 case 0x22: /* CTEST5 */ 1706 ret = s->ctest5; 1707 break; 1708 case 0x23: /* CTEST6 */ 1709 ret = 0; 1710 break; 1711 CASE_GET_REG24(dbc, 0x24) 1712 case 0x27: /* DCMD */ 1713 ret = s->dcmd; 1714 break; 1715 CASE_GET_REG32(dnad, 0x28) 1716 CASE_GET_REG32(dsp, 0x2c) 1717 CASE_GET_REG32(dsps, 0x30) 1718 CASE_GET_REG32(scratch[0], 0x34) 1719 case 0x38: /* DMODE */ 1720 ret = s->dmode; 1721 break; 1722 case 0x39: /* DIEN */ 1723 ret = s->dien; 1724 break; 1725 case 0x3a: /* SBR */ 1726 ret = s->sbr; 1727 break; 1728 case 0x3b: /* DCNTL */ 1729 ret = s->dcntl; 1730 break; 1731 /* ADDER Output (Debug of relative jump address) */ 1732 CASE_GET_REG32(adder, 0x3c) 1733 case 0x40: /* SIEN0 */ 1734 ret = s->sien0; 1735 break; 1736 case 0x41: /* SIEN1 */ 1737 ret = s->sien1; 1738 break; 1739 case 0x42: /* SIST0 */ 1740 ret = s->sist0; 1741 s->sist0 = 0; 1742 lsi_update_irq(s); 1743 break; 1744 case 0x43: /* SIST1 */ 1745 ret = s->sist1; 1746 s->sist1 = 0; 1747 lsi_update_irq(s); 1748 break; 1749 case 0x46: /* MACNTL */ 1750 ret = 0x0f; 1751 break; 1752 case 0x47: /* GPCNTL0 */ 1753 ret = 0x0f; 1754 break; 1755 case 0x48: /* STIME0 */ 1756 ret = s->stime0; 1757 break; 1758 case 0x4a: /* RESPID0 */ 1759 ret = s->respid0; 1760 break; 1761 case 0x4b: /* RESPID1 */ 1762 ret = s->respid1; 1763 break; 1764 case 0x4d: /* STEST1 */ 1765 ret = s->stest1; 1766 break; 1767 case 0x4e: /* STEST2 */ 1768 ret = s->stest2; 1769 break; 1770 case 0x4f: /* STEST3 */ 1771 ret = s->stest3; 1772 break; 1773 case 0x50: /* SIDL */ 1774 /* This is needed by the linux drivers. We currently only update it 1775 during the MSG IN phase. */ 1776 ret = s->sidl; 1777 break; 1778 case 0x52: /* STEST4 */ 1779 ret = 0xe0; 1780 break; 1781 case 0x56: /* CCNTL0 */ 1782 ret = s->ccntl0; 1783 break; 1784 case 0x57: /* CCNTL1 */ 1785 ret = s->ccntl1; 1786 break; 1787 case 0x58: /* SBDL */ 1788 /* Some drivers peek at the data bus during the MSG IN phase. */ 1789 if ((s->sstat1 & PHASE_MASK) == PHASE_MI) { 1790 assert(s->msg_len > 0); 1791 return s->msg[0]; 1792 } 1793 ret = 0; 1794 break; 1795 case 0x59: /* SBDL high */ 1796 ret = 0; 1797 break; 1798 CASE_GET_REG32(mmrs, 0xa0) 1799 CASE_GET_REG32(mmws, 0xa4) 1800 CASE_GET_REG32(sfs, 0xa8) 1801 CASE_GET_REG32(drs, 0xac) 1802 CASE_GET_REG32(sbms, 0xb0) 1803 CASE_GET_REG32(dbms, 0xb4) 1804 CASE_GET_REG32(dnad64, 0xb8) 1805 CASE_GET_REG32(pmjad1, 0xc0) 1806 CASE_GET_REG32(pmjad2, 0xc4) 1807 CASE_GET_REG32(rbc, 0xc8) 1808 CASE_GET_REG32(ua, 0xcc) 1809 CASE_GET_REG32(ia, 0xd4) 1810 CASE_GET_REG32(sbc, 0xd8) 1811 CASE_GET_REG32(csbc, 0xdc) 1812 case 0x5c ... 0x9f: 1813 { 1814 int n; 1815 int shift; 1816 n = (offset - 0x58) >> 2; 1817 shift = (offset & 3) * 8; 1818 ret = (s->scratch[n] >> shift) & 0xff; 1819 break; 1820 } 1821 default: 1822 { 1823 qemu_log_mask(LOG_GUEST_ERROR, 1824 "lsi_scsi: invalid read from reg %s %x\n", 1825 offset < ARRAY_SIZE(names) ? names[offset] : "???", 1826 offset); 1827 ret = 0xff; 1828 break; 1829 } 1830 } 1831 #undef CASE_GET_REG24 1832 #undef CASE_GET_REG32 1833 1834 trace_lsi_reg_read(offset < ARRAY_SIZE(names) ? names[offset] : "???", 1835 offset, ret); 1836 1837 return ret; 1838 } 1839 1840 static void lsi_reg_writeb(LSIState *s, int offset, uint8_t val) 1841 { 1842 #define CASE_SET_REG24(name, addr) \ 1843 case addr : s->name &= 0xffffff00; s->name |= val; break; \ 1844 case addr + 1: s->name &= 0xffff00ff; s->name |= val << 8; break; \ 1845 case addr + 2: s->name &= 0xff00ffff; s->name |= val << 16; break; 1846 1847 #define CASE_SET_REG32(name, addr) \ 1848 case addr : s->name &= 0xffffff00; s->name |= val; break; \ 1849 case addr + 1: s->name &= 0xffff00ff; s->name |= val << 8; break; \ 1850 case addr + 2: s->name &= 0xff00ffff; s->name |= val << 16; break; \ 1851 case addr + 3: s->name &= 0x00ffffff; s->name |= val << 24; break; 1852 1853 trace_lsi_reg_write(offset < ARRAY_SIZE(names) ? names[offset] : "???", 1854 offset, val); 1855 1856 switch (offset) { 1857 case 0x00: /* SCNTL0 */ 1858 s->scntl0 = val; 1859 if (val & LSI_SCNTL0_START) { 1860 qemu_log_mask(LOG_UNIMP, 1861 "lsi_scsi: Start sequence not implemented\n"); 1862 } 1863 break; 1864 case 0x01: /* SCNTL1 */ 1865 s->scntl1 = val & ~LSI_SCNTL1_SST; 1866 if (val & LSI_SCNTL1_IARB) { 1867 qemu_log_mask(LOG_UNIMP, 1868 "lsi_scsi: Immediate Arbritration not implemented\n"); 1869 } 1870 if (val & LSI_SCNTL1_RST) { 1871 if (!(s->sstat0 & LSI_SSTAT0_RST)) { 1872 qbus_reset_all(BUS(&s->bus)); 1873 s->sstat0 |= LSI_SSTAT0_RST; 1874 lsi_script_scsi_interrupt(s, LSI_SIST0_RST, 0); 1875 } 1876 } else { 1877 s->sstat0 &= ~LSI_SSTAT0_RST; 1878 } 1879 break; 1880 case 0x02: /* SCNTL2 */ 1881 val &= ~(LSI_SCNTL2_WSR | LSI_SCNTL2_WSS); 1882 s->scntl2 = val; 1883 break; 1884 case 0x03: /* SCNTL3 */ 1885 s->scntl3 = val; 1886 break; 1887 case 0x04: /* SCID */ 1888 s->scid = val; 1889 break; 1890 case 0x05: /* SXFER */ 1891 s->sxfer = val; 1892 break; 1893 case 0x06: /* SDID */ 1894 if ((s->ssid & 0x80) && (val & 0xf) != (s->ssid & 0xf)) { 1895 qemu_log_mask(LOG_GUEST_ERROR, 1896 "lsi_scsi: Destination ID does not match SSID\n"); 1897 } 1898 s->sdid = val & 0xf; 1899 break; 1900 case 0x07: /* GPREG0 */ 1901 break; 1902 case 0x08: /* SFBR */ 1903 /* The CPU is not allowed to write to this register. However the 1904 SCRIPTS register move instructions are. */ 1905 s->sfbr = val; 1906 break; 1907 case 0x0a: case 0x0b: 1908 /* Openserver writes to these readonly registers on startup */ 1909 return; 1910 case 0x0c: case 0x0d: case 0x0e: case 0x0f: 1911 /* Linux writes to these readonly registers on startup. */ 1912 return; 1913 CASE_SET_REG32(dsa, 0x10) 1914 case 0x14: /* ISTAT0 */ 1915 s->istat0 = (s->istat0 & 0x0f) | (val & 0xf0); 1916 if (val & LSI_ISTAT0_ABRT) { 1917 lsi_script_dma_interrupt(s, LSI_DSTAT_ABRT); 1918 } 1919 if (val & LSI_ISTAT0_INTF) { 1920 s->istat0 &= ~LSI_ISTAT0_INTF; 1921 lsi_update_irq(s); 1922 } 1923 if (s->waiting == LSI_WAIT_RESELECT && val & LSI_ISTAT0_SIGP) { 1924 trace_lsi_awoken(); 1925 s->waiting = LSI_NOWAIT; 1926 s->dsp = s->dnad; 1927 lsi_execute_script(s); 1928 } 1929 if (val & LSI_ISTAT0_SRST) { 1930 qdev_reset_all(DEVICE(s)); 1931 } 1932 break; 1933 case 0x16: /* MBOX0 */ 1934 s->mbox0 = val; 1935 break; 1936 case 0x17: /* MBOX1 */ 1937 s->mbox1 = val; 1938 break; 1939 case 0x18: /* CTEST0 */ 1940 /* nothing to do */ 1941 break; 1942 case 0x1a: /* CTEST2 */ 1943 s->ctest2 = val & LSI_CTEST2_PCICIE; 1944 break; 1945 case 0x1b: /* CTEST3 */ 1946 s->ctest3 = val & 0x0f; 1947 break; 1948 CASE_SET_REG32(temp, 0x1c) 1949 case 0x21: /* CTEST4 */ 1950 if (val & 7) { 1951 qemu_log_mask(LOG_UNIMP, 1952 "lsi_scsi: Unimplemented CTEST4-FBL 0x%x\n", val); 1953 } 1954 s->ctest4 = val; 1955 break; 1956 case 0x22: /* CTEST5 */ 1957 if (val & (LSI_CTEST5_ADCK | LSI_CTEST5_BBCK)) { 1958 qemu_log_mask(LOG_UNIMP, 1959 "lsi_scsi: CTEST5 DMA increment not implemented\n"); 1960 } 1961 s->ctest5 = val; 1962 break; 1963 CASE_SET_REG24(dbc, 0x24) 1964 CASE_SET_REG32(dnad, 0x28) 1965 case 0x2c: /* DSP[0:7] */ 1966 s->dsp &= 0xffffff00; 1967 s->dsp |= val; 1968 break; 1969 case 0x2d: /* DSP[8:15] */ 1970 s->dsp &= 0xffff00ff; 1971 s->dsp |= val << 8; 1972 break; 1973 case 0x2e: /* DSP[16:23] */ 1974 s->dsp &= 0xff00ffff; 1975 s->dsp |= val << 16; 1976 break; 1977 case 0x2f: /* DSP[24:31] */ 1978 s->dsp &= 0x00ffffff; 1979 s->dsp |= val << 24; 1980 /* 1981 * FIXME: if s->waiting != LSI_NOWAIT, this will only execute one 1982 * instruction. Is this correct? 1983 */ 1984 if ((s->dmode & LSI_DMODE_MAN) == 0 1985 && (s->istat1 & LSI_ISTAT1_SRUN) == 0) 1986 lsi_execute_script(s); 1987 break; 1988 CASE_SET_REG32(dsps, 0x30) 1989 CASE_SET_REG32(scratch[0], 0x34) 1990 case 0x38: /* DMODE */ 1991 s->dmode = val; 1992 break; 1993 case 0x39: /* DIEN */ 1994 s->dien = val; 1995 lsi_update_irq(s); 1996 break; 1997 case 0x3a: /* SBR */ 1998 s->sbr = val; 1999 break; 2000 case 0x3b: /* DCNTL */ 2001 s->dcntl = val & ~(LSI_DCNTL_PFF | LSI_DCNTL_STD); 2002 /* 2003 * FIXME: if s->waiting != LSI_NOWAIT, this will only execute one 2004 * instruction. Is this correct? 2005 */ 2006 if ((val & LSI_DCNTL_STD) && (s->istat1 & LSI_ISTAT1_SRUN) == 0) 2007 lsi_execute_script(s); 2008 break; 2009 case 0x40: /* SIEN0 */ 2010 s->sien0 = val; 2011 lsi_update_irq(s); 2012 break; 2013 case 0x41: /* SIEN1 */ 2014 s->sien1 = val; 2015 lsi_update_irq(s); 2016 break; 2017 case 0x47: /* GPCNTL0 */ 2018 break; 2019 case 0x48: /* STIME0 */ 2020 s->stime0 = val; 2021 break; 2022 case 0x49: /* STIME1 */ 2023 if (val & 0xf) { 2024 qemu_log_mask(LOG_UNIMP, 2025 "lsi_scsi: General purpose timer not implemented\n"); 2026 /* ??? Raising the interrupt immediately seems to be sufficient 2027 to keep the FreeBSD driver happy. */ 2028 lsi_script_scsi_interrupt(s, 0, LSI_SIST1_GEN); 2029 } 2030 break; 2031 case 0x4a: /* RESPID0 */ 2032 s->respid0 = val; 2033 break; 2034 case 0x4b: /* RESPID1 */ 2035 s->respid1 = val; 2036 break; 2037 case 0x4d: /* STEST1 */ 2038 s->stest1 = val; 2039 break; 2040 case 0x4e: /* STEST2 */ 2041 if (val & 1) { 2042 qemu_log_mask(LOG_UNIMP, 2043 "lsi_scsi: Low level mode not implemented\n"); 2044 } 2045 s->stest2 = val; 2046 break; 2047 case 0x4f: /* STEST3 */ 2048 if (val & 0x41) { 2049 qemu_log_mask(LOG_UNIMP, 2050 "lsi_scsi: SCSI FIFO test mode not implemented\n"); 2051 } 2052 s->stest3 = val; 2053 break; 2054 case 0x56: /* CCNTL0 */ 2055 s->ccntl0 = val; 2056 break; 2057 case 0x57: /* CCNTL1 */ 2058 s->ccntl1 = val; 2059 break; 2060 CASE_SET_REG32(mmrs, 0xa0) 2061 CASE_SET_REG32(mmws, 0xa4) 2062 CASE_SET_REG32(sfs, 0xa8) 2063 CASE_SET_REG32(drs, 0xac) 2064 CASE_SET_REG32(sbms, 0xb0) 2065 CASE_SET_REG32(dbms, 0xb4) 2066 CASE_SET_REG32(dnad64, 0xb8) 2067 CASE_SET_REG32(pmjad1, 0xc0) 2068 CASE_SET_REG32(pmjad2, 0xc4) 2069 CASE_SET_REG32(rbc, 0xc8) 2070 CASE_SET_REG32(ua, 0xcc) 2071 CASE_SET_REG32(ia, 0xd4) 2072 CASE_SET_REG32(sbc, 0xd8) 2073 CASE_SET_REG32(csbc, 0xdc) 2074 default: 2075 if (offset >= 0x5c && offset < 0xa0) { 2076 int n; 2077 int shift; 2078 n = (offset - 0x58) >> 2; 2079 shift = (offset & 3) * 8; 2080 s->scratch[n] = deposit32(s->scratch[n], shift, 8, val); 2081 } else { 2082 qemu_log_mask(LOG_GUEST_ERROR, 2083 "lsi_scsi: invalid write to reg %s %x (0x%02x)\n", 2084 offset < ARRAY_SIZE(names) ? names[offset] : "???", 2085 offset, val); 2086 } 2087 } 2088 #undef CASE_SET_REG24 2089 #undef CASE_SET_REG32 2090 } 2091 2092 static void lsi_mmio_write(void *opaque, hwaddr addr, 2093 uint64_t val, unsigned size) 2094 { 2095 LSIState *s = opaque; 2096 2097 lsi_reg_writeb(s, addr & 0xff, val); 2098 } 2099 2100 static uint64_t lsi_mmio_read(void *opaque, hwaddr addr, 2101 unsigned size) 2102 { 2103 LSIState *s = opaque; 2104 return lsi_reg_readb(s, addr & 0xff); 2105 } 2106 2107 static const MemoryRegionOps lsi_mmio_ops = { 2108 .read = lsi_mmio_read, 2109 .write = lsi_mmio_write, 2110 .endianness = DEVICE_LITTLE_ENDIAN, 2111 .impl = { 2112 .min_access_size = 1, 2113 .max_access_size = 1, 2114 }, 2115 }; 2116 2117 static void lsi_ram_write(void *opaque, hwaddr addr, 2118 uint64_t val, unsigned size) 2119 { 2120 LSIState *s = opaque; 2121 stn_le_p(s->script_ram + addr, size, val); 2122 } 2123 2124 static uint64_t lsi_ram_read(void *opaque, hwaddr addr, 2125 unsigned size) 2126 { 2127 LSIState *s = opaque; 2128 return ldn_le_p(s->script_ram + addr, size); 2129 } 2130 2131 static const MemoryRegionOps lsi_ram_ops = { 2132 .read = lsi_ram_read, 2133 .write = lsi_ram_write, 2134 .endianness = DEVICE_LITTLE_ENDIAN, 2135 }; 2136 2137 static uint64_t lsi_io_read(void *opaque, hwaddr addr, 2138 unsigned size) 2139 { 2140 LSIState *s = opaque; 2141 return lsi_reg_readb(s, addr & 0xff); 2142 } 2143 2144 static void lsi_io_write(void *opaque, hwaddr addr, 2145 uint64_t val, unsigned size) 2146 { 2147 LSIState *s = opaque; 2148 lsi_reg_writeb(s, addr & 0xff, val); 2149 } 2150 2151 static const MemoryRegionOps lsi_io_ops = { 2152 .read = lsi_io_read, 2153 .write = lsi_io_write, 2154 .endianness = DEVICE_LITTLE_ENDIAN, 2155 .impl = { 2156 .min_access_size = 1, 2157 .max_access_size = 1, 2158 }, 2159 }; 2160 2161 static void lsi_scsi_reset(DeviceState *dev) 2162 { 2163 LSIState *s = LSI53C895A(dev); 2164 2165 lsi_soft_reset(s); 2166 } 2167 2168 static int lsi_pre_save(void *opaque) 2169 { 2170 LSIState *s = opaque; 2171 2172 if (s->current) { 2173 assert(s->current->dma_buf == NULL); 2174 assert(s->current->dma_len == 0); 2175 } 2176 assert(QTAILQ_EMPTY(&s->queue)); 2177 2178 return 0; 2179 } 2180 2181 static int lsi_post_load(void *opaque, int version_id) 2182 { 2183 LSIState *s = opaque; 2184 2185 if (s->msg_len < 0 || s->msg_len > LSI_MAX_MSGIN_LEN) { 2186 return -EINVAL; 2187 } 2188 2189 return 0; 2190 } 2191 2192 static const VMStateDescription vmstate_lsi_scsi = { 2193 .name = "lsiscsi", 2194 .version_id = 1, 2195 .minimum_version_id = 0, 2196 .pre_save = lsi_pre_save, 2197 .post_load = lsi_post_load, 2198 .fields = (VMStateField[]) { 2199 VMSTATE_PCI_DEVICE(parent_obj, LSIState), 2200 2201 VMSTATE_INT32(carry, LSIState), 2202 VMSTATE_INT32(status, LSIState), 2203 VMSTATE_INT32(msg_action, LSIState), 2204 VMSTATE_INT32(msg_len, LSIState), 2205 VMSTATE_BUFFER(msg, LSIState), 2206 VMSTATE_INT32(waiting, LSIState), 2207 2208 VMSTATE_UINT32(dsa, LSIState), 2209 VMSTATE_UINT32(temp, LSIState), 2210 VMSTATE_UINT32(dnad, LSIState), 2211 VMSTATE_UINT32(dbc, LSIState), 2212 VMSTATE_UINT8(istat0, LSIState), 2213 VMSTATE_UINT8(istat1, LSIState), 2214 VMSTATE_UINT8(dcmd, LSIState), 2215 VMSTATE_UINT8(dstat, LSIState), 2216 VMSTATE_UINT8(dien, LSIState), 2217 VMSTATE_UINT8(sist0, LSIState), 2218 VMSTATE_UINT8(sist1, LSIState), 2219 VMSTATE_UINT8(sien0, LSIState), 2220 VMSTATE_UINT8(sien1, LSIState), 2221 VMSTATE_UINT8(mbox0, LSIState), 2222 VMSTATE_UINT8(mbox1, LSIState), 2223 VMSTATE_UINT8(dfifo, LSIState), 2224 VMSTATE_UINT8(ctest2, LSIState), 2225 VMSTATE_UINT8(ctest3, LSIState), 2226 VMSTATE_UINT8(ctest4, LSIState), 2227 VMSTATE_UINT8(ctest5, LSIState), 2228 VMSTATE_UINT8(ccntl0, LSIState), 2229 VMSTATE_UINT8(ccntl1, LSIState), 2230 VMSTATE_UINT32(dsp, LSIState), 2231 VMSTATE_UINT32(dsps, LSIState), 2232 VMSTATE_UINT8(dmode, LSIState), 2233 VMSTATE_UINT8(dcntl, LSIState), 2234 VMSTATE_UINT8(scntl0, LSIState), 2235 VMSTATE_UINT8(scntl1, LSIState), 2236 VMSTATE_UINT8(scntl2, LSIState), 2237 VMSTATE_UINT8(scntl3, LSIState), 2238 VMSTATE_UINT8(sstat0, LSIState), 2239 VMSTATE_UINT8(sstat1, LSIState), 2240 VMSTATE_UINT8(scid, LSIState), 2241 VMSTATE_UINT8(sxfer, LSIState), 2242 VMSTATE_UINT8(socl, LSIState), 2243 VMSTATE_UINT8(sdid, LSIState), 2244 VMSTATE_UINT8(ssid, LSIState), 2245 VMSTATE_UINT8(sfbr, LSIState), 2246 VMSTATE_UINT8(stest1, LSIState), 2247 VMSTATE_UINT8(stest2, LSIState), 2248 VMSTATE_UINT8(stest3, LSIState), 2249 VMSTATE_UINT8(sidl, LSIState), 2250 VMSTATE_UINT8(stime0, LSIState), 2251 VMSTATE_UINT8(respid0, LSIState), 2252 VMSTATE_UINT8(respid1, LSIState), 2253 VMSTATE_UINT8_V(sbcl, LSIState, 1), 2254 VMSTATE_UINT32(mmrs, LSIState), 2255 VMSTATE_UINT32(mmws, LSIState), 2256 VMSTATE_UINT32(sfs, LSIState), 2257 VMSTATE_UINT32(drs, LSIState), 2258 VMSTATE_UINT32(sbms, LSIState), 2259 VMSTATE_UINT32(dbms, LSIState), 2260 VMSTATE_UINT32(dnad64, LSIState), 2261 VMSTATE_UINT32(pmjad1, LSIState), 2262 VMSTATE_UINT32(pmjad2, LSIState), 2263 VMSTATE_UINT32(rbc, LSIState), 2264 VMSTATE_UINT32(ua, LSIState), 2265 VMSTATE_UINT32(ia, LSIState), 2266 VMSTATE_UINT32(sbc, LSIState), 2267 VMSTATE_UINT32(csbc, LSIState), 2268 VMSTATE_BUFFER_UNSAFE(scratch, LSIState, 0, 18 * sizeof(uint32_t)), 2269 VMSTATE_UINT8(sbr, LSIState), 2270 2271 VMSTATE_BUFFER_UNSAFE(script_ram, LSIState, 0, 8192), 2272 VMSTATE_END_OF_LIST() 2273 } 2274 }; 2275 2276 static const struct SCSIBusInfo lsi_scsi_info = { 2277 .tcq = true, 2278 .max_target = LSI_MAX_DEVS, 2279 .max_lun = 0, /* LUN support is buggy */ 2280 2281 .transfer_data = lsi_transfer_data, 2282 .complete = lsi_command_complete, 2283 .cancel = lsi_request_cancelled 2284 }; 2285 2286 static void lsi_scsi_realize(PCIDevice *dev, Error **errp) 2287 { 2288 LSIState *s = LSI53C895A(dev); 2289 DeviceState *d = DEVICE(dev); 2290 uint8_t *pci_conf; 2291 2292 pci_conf = dev->config; 2293 2294 /* PCI latency timer = 255 */ 2295 pci_conf[PCI_LATENCY_TIMER] = 0xff; 2296 /* Interrupt pin A */ 2297 pci_conf[PCI_INTERRUPT_PIN] = 0x01; 2298 2299 memory_region_init_io(&s->mmio_io, OBJECT(s), &lsi_mmio_ops, s, 2300 "lsi-mmio", 0x400); 2301 memory_region_init_io(&s->ram_io, OBJECT(s), &lsi_ram_ops, s, 2302 "lsi-ram", 0x2000); 2303 memory_region_init_io(&s->io_io, OBJECT(s), &lsi_io_ops, s, 2304 "lsi-io", 256); 2305 2306 address_space_init(&s->pci_io_as, pci_address_space_io(dev), "lsi-pci-io"); 2307 qdev_init_gpio_out(d, &s->ext_irq, 1); 2308 2309 pci_register_bar(dev, 0, PCI_BASE_ADDRESS_SPACE_IO, &s->io_io); 2310 pci_register_bar(dev, 1, PCI_BASE_ADDRESS_SPACE_MEMORY, &s->mmio_io); 2311 pci_register_bar(dev, 2, PCI_BASE_ADDRESS_SPACE_MEMORY, &s->ram_io); 2312 QTAILQ_INIT(&s->queue); 2313 2314 scsi_bus_new(&s->bus, sizeof(s->bus), d, &lsi_scsi_info, NULL); 2315 } 2316 2317 static void lsi_scsi_unrealize(DeviceState *dev) 2318 { 2319 LSIState *s = LSI53C895A(dev); 2320 2321 address_space_destroy(&s->pci_io_as); 2322 } 2323 2324 static void lsi_class_init(ObjectClass *klass, void *data) 2325 { 2326 DeviceClass *dc = DEVICE_CLASS(klass); 2327 PCIDeviceClass *k = PCI_DEVICE_CLASS(klass); 2328 2329 k->realize = lsi_scsi_realize; 2330 k->vendor_id = PCI_VENDOR_ID_LSI_LOGIC; 2331 k->device_id = PCI_DEVICE_ID_LSI_53C895A; 2332 k->class_id = PCI_CLASS_STORAGE_SCSI; 2333 k->subsystem_id = 0x1000; 2334 dc->unrealize = lsi_scsi_unrealize; 2335 dc->reset = lsi_scsi_reset; 2336 dc->vmsd = &vmstate_lsi_scsi; 2337 set_bit(DEVICE_CATEGORY_STORAGE, dc->categories); 2338 } 2339 2340 static const TypeInfo lsi_info = { 2341 .name = TYPE_LSI53C895A, 2342 .parent = TYPE_PCI_DEVICE, 2343 .instance_size = sizeof(LSIState), 2344 .class_init = lsi_class_init, 2345 .interfaces = (InterfaceInfo[]) { 2346 { INTERFACE_CONVENTIONAL_PCI_DEVICE }, 2347 { }, 2348 }, 2349 }; 2350 2351 static void lsi53c810_class_init(ObjectClass *klass, void *data) 2352 { 2353 PCIDeviceClass *k = PCI_DEVICE_CLASS(klass); 2354 2355 k->device_id = PCI_DEVICE_ID_LSI_53C810; 2356 } 2357 2358 static TypeInfo lsi53c810_info = { 2359 .name = TYPE_LSI53C810, 2360 .parent = TYPE_LSI53C895A, 2361 .class_init = lsi53c810_class_init, 2362 }; 2363 2364 static void lsi53c895a_register_types(void) 2365 { 2366 type_register_static(&lsi_info); 2367 type_register_static(&lsi53c810_info); 2368 } 2369 2370 type_init(lsi53c895a_register_types) 2371 2372 void lsi53c8xx_handle_legacy_cmdline(DeviceState *lsi_dev) 2373 { 2374 LSIState *s = LSI53C895A(lsi_dev); 2375 2376 scsi_bus_legacy_handle_cmdline(&s->bus); 2377 } 2378