2 * QEMU LSI53C895A SCSI Host Bus Adapter emulation
4 * Copyright (c) 2006 CodeSourcery.
5 * Written by Paul Brook
7 * This code is licensed under the LGPL.
11 * LSI53C810 emulation is incorrect, in the sense that it supports
12 * features added in later evolutions. This should not be a problem,
13 * as well-behaved operating systems will not try to use them.
16 #include "qemu/osdep.h"
19 #include "hw/pci/pci.h"
20 #include "hw/scsi/scsi.h"
21 #include "sysemu/dma.h"
25 static const char *names
[] = {
26 "SCNTL0", "SCNTL1", "SCNTL2", "SCNTL3", "SCID", "SXFER", "SDID", "GPREG",
27 "SFBR", "SOCL", "SSID", "SBCL", "DSTAT", "SSTAT0", "SSTAT1", "SSTAT2",
28 "DSA0", "DSA1", "DSA2", "DSA3", "ISTAT", "0x15", "0x16", "0x17",
29 "CTEST0", "CTEST1", "CTEST2", "CTEST3", "TEMP0", "TEMP1", "TEMP2", "TEMP3",
30 "DFIFO", "CTEST4", "CTEST5", "CTEST6", "DBC0", "DBC1", "DBC2", "DCMD",
31 "DNAD0", "DNAD1", "DNAD2", "DNAD3", "DSP0", "DSP1", "DSP2", "DSP3",
32 "DSPS0", "DSPS1", "DSPS2", "DSPS3", "SCRATCHA0", "SCRATCHA1", "SCRATCHA2", "SCRATCHA3",
33 "DMODE", "DIEN", "SBR", "DCNTL", "ADDER0", "ADDER1", "ADDER2", "ADDER3",
34 "SIEN0", "SIEN1", "SIST0", "SIST1", "SLPAR", "0x45", "MACNTL", "GPCNTL",
35 "STIME0", "STIME1", "RESPID", "0x4b", "STEST0", "STEST1", "STEST2", "STEST3",
36 "SIDL", "0x51", "0x52", "0x53", "SODL", "0x55", "0x56", "0x57",
37 "SBDL", "0x59", "0x5a", "0x5b", "SCRATCHB0", "SCRATCHB1", "SCRATCHB2", "SCRATCHB3",
40 #define LSI_MAX_DEVS 7
42 #define LSI_SCNTL0_TRG 0x01
43 #define LSI_SCNTL0_AAP 0x02
44 #define LSI_SCNTL0_EPC 0x08
45 #define LSI_SCNTL0_WATN 0x10
46 #define LSI_SCNTL0_START 0x20
48 #define LSI_SCNTL1_SST 0x01
49 #define LSI_SCNTL1_IARB 0x02
50 #define LSI_SCNTL1_AESP 0x04
51 #define LSI_SCNTL1_RST 0x08
52 #define LSI_SCNTL1_CON 0x10
53 #define LSI_SCNTL1_DHP 0x20
54 #define LSI_SCNTL1_ADB 0x40
55 #define LSI_SCNTL1_EXC 0x80
57 #define LSI_SCNTL2_WSR 0x01
58 #define LSI_SCNTL2_VUE0 0x02
59 #define LSI_SCNTL2_VUE1 0x04
60 #define LSI_SCNTL2_WSS 0x08
61 #define LSI_SCNTL2_SLPHBEN 0x10
62 #define LSI_SCNTL2_SLPMD 0x20
63 #define LSI_SCNTL2_CHM 0x40
64 #define LSI_SCNTL2_SDU 0x80
66 #define LSI_ISTAT0_DIP 0x01
67 #define LSI_ISTAT0_SIP 0x02
68 #define LSI_ISTAT0_INTF 0x04
69 #define LSI_ISTAT0_CON 0x08
70 #define LSI_ISTAT0_SEM 0x10
71 #define LSI_ISTAT0_SIGP 0x20
72 #define LSI_ISTAT0_SRST 0x40
73 #define LSI_ISTAT0_ABRT 0x80
75 #define LSI_ISTAT1_SI 0x01
76 #define LSI_ISTAT1_SRUN 0x02
77 #define LSI_ISTAT1_FLSH 0x04
79 #define LSI_SSTAT0_SDP0 0x01
80 #define LSI_SSTAT0_RST 0x02
81 #define LSI_SSTAT0_WOA 0x04
82 #define LSI_SSTAT0_LOA 0x08
83 #define LSI_SSTAT0_AIP 0x10
84 #define LSI_SSTAT0_OLF 0x20
85 #define LSI_SSTAT0_ORF 0x40
86 #define LSI_SSTAT0_ILF 0x80
88 #define LSI_SIST0_PAR 0x01
89 #define LSI_SIST0_RST 0x02
90 #define LSI_SIST0_UDC 0x04
91 #define LSI_SIST0_SGE 0x08
92 #define LSI_SIST0_RSL 0x10
93 #define LSI_SIST0_SEL 0x20
94 #define LSI_SIST0_CMP 0x40
95 #define LSI_SIST0_MA 0x80
97 #define LSI_SIST1_HTH 0x01
98 #define LSI_SIST1_GEN 0x02
99 #define LSI_SIST1_STO 0x04
100 #define LSI_SIST1_SBMC 0x10
102 #define LSI_SOCL_IO 0x01
103 #define LSI_SOCL_CD 0x02
104 #define LSI_SOCL_MSG 0x04
105 #define LSI_SOCL_ATN 0x08
106 #define LSI_SOCL_SEL 0x10
107 #define LSI_SOCL_BSY 0x20
108 #define LSI_SOCL_ACK 0x40
109 #define LSI_SOCL_REQ 0x80
111 #define LSI_DSTAT_IID 0x01
112 #define LSI_DSTAT_SIR 0x04
113 #define LSI_DSTAT_SSI 0x08
114 #define LSI_DSTAT_ABRT 0x10
115 #define LSI_DSTAT_BF 0x20
116 #define LSI_DSTAT_MDPE 0x40
117 #define LSI_DSTAT_DFE 0x80
119 #define LSI_DCNTL_COM 0x01
120 #define LSI_DCNTL_IRQD 0x02
121 #define LSI_DCNTL_STD 0x04
122 #define LSI_DCNTL_IRQM 0x08
123 #define LSI_DCNTL_SSM 0x10
124 #define LSI_DCNTL_PFEN 0x20
125 #define LSI_DCNTL_PFF 0x40
126 #define LSI_DCNTL_CLSE 0x80
128 #define LSI_DMODE_MAN 0x01
129 #define LSI_DMODE_BOF 0x02
130 #define LSI_DMODE_ERMP 0x04
131 #define LSI_DMODE_ERL 0x08
132 #define LSI_DMODE_DIOM 0x10
133 #define LSI_DMODE_SIOM 0x20
135 #define LSI_CTEST2_DACK 0x01
136 #define LSI_CTEST2_DREQ 0x02
137 #define LSI_CTEST2_TEOP 0x04
138 #define LSI_CTEST2_PCICIE 0x08
139 #define LSI_CTEST2_CM 0x10
140 #define LSI_CTEST2_CIO 0x20
141 #define LSI_CTEST2_SIGP 0x40
142 #define LSI_CTEST2_DDIR 0x80
144 #define LSI_CTEST5_BL2 0x04
145 #define LSI_CTEST5_DDIR 0x08
146 #define LSI_CTEST5_MASR 0x10
147 #define LSI_CTEST5_DFSN 0x20
148 #define LSI_CTEST5_BBCK 0x40
149 #define LSI_CTEST5_ADCK 0x80
151 #define LSI_CCNTL0_DILS 0x01
152 #define LSI_CCNTL0_DISFC 0x10
153 #define LSI_CCNTL0_ENNDJ 0x20
154 #define LSI_CCNTL0_PMJCTL 0x40
155 #define LSI_CCNTL0_ENPMJ 0x80
157 #define LSI_CCNTL1_EN64DBMV 0x01
158 #define LSI_CCNTL1_EN64TIBMV 0x02
159 #define LSI_CCNTL1_64TIMOD 0x04
160 #define LSI_CCNTL1_DDAC 0x08
161 #define LSI_CCNTL1_ZMOD 0x80
163 #define LSI_SBCL_ATN 0x08
164 #define LSI_SBCL_BSY 0x20
165 #define LSI_SBCL_ACK 0x40
166 #define LSI_SBCL_REQ 0x80
168 /* Enable Response to Reselection */
169 #define LSI_SCID_RRE 0x60
171 #define LSI_CCNTL1_40BIT (LSI_CCNTL1_EN64TIBMV|LSI_CCNTL1_64TIMOD)
181 /* Maximum length of MSG IN data. */
182 #define LSI_MAX_MSGIN_LEN 8
184 /* Flag set if this is a tagged command. */
185 #define LSI_TAG_VALID (1 << 16)
187 typedef struct lsi_request
{
194 QTAILQ_ENTRY(lsi_request
) next
;
198 LSI_NOWAIT
, /* SCRIPTS are running or stopped */
199 LSI_WAIT_RESELECT
, /* Wait Reselect instruction has been issued */
200 LSI_DMA_SCRIPTS
, /* processing DMA from lsi_execute_script */
201 LSI_DMA_IN_PROGRESS
, /* DMA operation is in progress */
205 LSI_MSG_ACTION_COMMAND
= 0,
206 LSI_MSG_ACTION_DISCONNECT
= 1,
207 LSI_MSG_ACTION_DOUT
= 2,
208 LSI_MSG_ACTION_DIN
= 3,
213 PCIDevice parent_obj
;
217 MemoryRegion mmio_io
;
220 AddressSpace pci_io_as
;
222 int carry
; /* ??? Should this be an a visible register somewhere? */
226 uint8_t msg
[LSI_MAX_MSGIN_LEN
];
230 /* The tag is a combination of the device ID and the SCSI tag. */
232 int command_complete
;
233 QTAILQ_HEAD(, lsi_request
) queue
;
234 lsi_request
*current
;
296 uint32_t scratch
[18]; /* SCRATCHA-SCRATCHR */
300 uint8_t script_ram
[2048 * sizeof(uint32_t)];
303 #define TYPE_LSI53C810 "lsi53c810"
304 #define TYPE_LSI53C895A "lsi53c895a"
306 #define LSI53C895A(obj) \
307 OBJECT_CHECK(LSIState, (obj), TYPE_LSI53C895A)
309 static const char *scsi_phases
[] = {
320 static const char *scsi_phase_name(int phase
)
322 return scsi_phases
[phase
& PHASE_MASK
];
325 static inline int lsi_irq_on_rsl(LSIState
*s
)
327 return (s
->sien0
& LSI_SIST0_RSL
) && (s
->scid
& LSI_SCID_RRE
);
330 static lsi_request
*get_pending_req(LSIState
*s
)
334 QTAILQ_FOREACH(p
, &s
->queue
, next
) {
342 static void lsi_soft_reset(LSIState
*s
)
347 s
->msg_action
= LSI_MSG_ACTION_COMMAND
;
349 s
->waiting
= LSI_NOWAIT
;
354 memset(s
->scratch
, 0, sizeof(s
->scratch
));
367 s
->ctest2
= LSI_CTEST2_DACK
;
411 assert(QTAILQ_EMPTY(&s
->queue
));
415 static int lsi_dma_40bit(LSIState
*s
)
417 if ((s
->ccntl1
& LSI_CCNTL1_40BIT
) == LSI_CCNTL1_40BIT
)
422 static int lsi_dma_ti64bit(LSIState
*s
)
424 if ((s
->ccntl1
& LSI_CCNTL1_EN64TIBMV
) == LSI_CCNTL1_EN64TIBMV
)
429 static int lsi_dma_64bit(LSIState
*s
)
431 if ((s
->ccntl1
& LSI_CCNTL1_EN64DBMV
) == LSI_CCNTL1_EN64DBMV
)
436 static uint8_t lsi_reg_readb(LSIState
*s
, int offset
);
437 static void lsi_reg_writeb(LSIState
*s
, int offset
, uint8_t val
);
438 static void lsi_execute_script(LSIState
*s
);
439 static void lsi_reselect(LSIState
*s
, lsi_request
*p
);
441 static inline void lsi_mem_read(LSIState
*s
, dma_addr_t addr
,
442 void *buf
, dma_addr_t len
)
444 if (s
->dmode
& LSI_DMODE_SIOM
) {
445 address_space_read(&s
->pci_io_as
, addr
, MEMTXATTRS_UNSPECIFIED
,
448 pci_dma_read(PCI_DEVICE(s
), addr
, buf
, len
);
452 static inline void lsi_mem_write(LSIState
*s
, dma_addr_t addr
,
453 const void *buf
, dma_addr_t len
)
455 if (s
->dmode
& LSI_DMODE_DIOM
) {
456 address_space_write(&s
->pci_io_as
, addr
, MEMTXATTRS_UNSPECIFIED
,
459 pci_dma_write(PCI_DEVICE(s
), addr
, buf
, len
);
463 static inline uint32_t read_dword(LSIState
*s
, uint32_t addr
)
467 pci_dma_read(PCI_DEVICE(s
), addr
, &buf
, 4);
468 return cpu_to_le32(buf
);
471 static void lsi_stop_script(LSIState
*s
)
473 s
->istat1
&= ~LSI_ISTAT1_SRUN
;
476 static void lsi_set_irq(LSIState
*s
, int level
)
478 PCIDevice
*d
= PCI_DEVICE(s
);
481 qemu_set_irq(s
->ext_irq
, level
);
483 pci_set_irq(d
, level
);
487 static void lsi_update_irq(LSIState
*s
)
490 static int last_level
;
492 /* It's unclear whether the DIP/SIP bits should be cleared when the
493 Interrupt Status Registers are cleared or when istat0 is read.
494 We currently do the formwer, which seems to work. */
497 if (s
->dstat
& s
->dien
)
499 s
->istat0
|= LSI_ISTAT0_DIP
;
501 s
->istat0
&= ~LSI_ISTAT0_DIP
;
504 if (s
->sist0
|| s
->sist1
) {
505 if ((s
->sist0
& s
->sien0
) || (s
->sist1
& s
->sien1
))
507 s
->istat0
|= LSI_ISTAT0_SIP
;
509 s
->istat0
&= ~LSI_ISTAT0_SIP
;
511 if (s
->istat0
& LSI_ISTAT0_INTF
)
514 if (level
!= last_level
) {
515 trace_lsi_update_irq(level
, s
->dstat
, s
->sist1
, s
->sist0
);
518 lsi_set_irq(s
, level
);
520 if (!s
->current
&& !level
&& lsi_irq_on_rsl(s
) && !(s
->scntl1
& LSI_SCNTL1_CON
)) {
523 trace_lsi_update_irq_disconnected();
524 p
= get_pending_req(s
);
531 /* Stop SCRIPTS execution and raise a SCSI interrupt. */
532 static void lsi_script_scsi_interrupt(LSIState
*s
, int stat0
, int stat1
)
537 trace_lsi_script_scsi_interrupt(stat1
, stat0
, s
->sist1
, s
->sist0
);
540 /* Stop processor on fatal or unmasked interrupt. As a special hack
541 we don't stop processing when raising STO. Instead continue
542 execution and stop at the next insn that accesses the SCSI bus. */
543 mask0
= s
->sien0
| ~(LSI_SIST0_CMP
| LSI_SIST0_SEL
| LSI_SIST0_RSL
);
544 mask1
= s
->sien1
| ~(LSI_SIST1_GEN
| LSI_SIST1_HTH
);
545 mask1
&= ~LSI_SIST1_STO
;
546 if (s
->sist0
& mask0
|| s
->sist1
& mask1
) {
552 /* Stop SCRIPTS execution and raise a DMA interrupt. */
553 static void lsi_script_dma_interrupt(LSIState
*s
, int stat
)
555 trace_lsi_script_dma_interrupt(stat
, s
->dstat
);
561 static inline void lsi_set_phase(LSIState
*s
, int phase
)
563 s
->sbcl
&= ~PHASE_MASK
;
564 s
->sbcl
|= phase
| LSI_SBCL_REQ
;
565 s
->sstat1
= (s
->sstat1
& ~PHASE_MASK
) | phase
;
568 static void lsi_bad_phase(LSIState
*s
, int out
, int new_phase
)
570 /* Trigger a phase mismatch. */
571 if (s
->ccntl0
& LSI_CCNTL0_ENPMJ
) {
572 if ((s
->ccntl0
& LSI_CCNTL0_PMJCTL
)) {
573 s
->dsp
= out
? s
->pmjad1
: s
->pmjad2
;
575 s
->dsp
= (s
->scntl2
& LSI_SCNTL2_WSR
? s
->pmjad2
: s
->pmjad1
);
577 trace_lsi_bad_phase_jump(s
->dsp
);
579 trace_lsi_bad_phase_interrupt();
580 lsi_script_scsi_interrupt(s
, LSI_SIST0_MA
, 0);
583 lsi_set_phase(s
, new_phase
);
587 /* Resume SCRIPTS execution after a DMA operation. */
588 static void lsi_resume_script(LSIState
*s
)
590 if (s
->waiting
!= 2) {
591 s
->waiting
= LSI_NOWAIT
;
592 lsi_execute_script(s
);
594 s
->waiting
= LSI_NOWAIT
;
598 static void lsi_disconnect(LSIState
*s
)
600 s
->scntl1
&= ~LSI_SCNTL1_CON
;
601 s
->sstat1
&= ~PHASE_MASK
;
605 static void lsi_bad_selection(LSIState
*s
, uint32_t id
)
607 trace_lsi_bad_selection(id
);
608 lsi_script_scsi_interrupt(s
, 0, LSI_SIST1_STO
);
612 /* Initiate a SCSI layer data transfer. */
613 static void lsi_do_dma(LSIState
*s
, int out
)
620 if (!s
->current
->dma_len
) {
621 /* Wait until data is available. */
622 trace_lsi_do_dma_unavailable();
626 dev
= s
->current
->req
->dev
;
630 if (count
> s
->current
->dma_len
)
631 count
= s
->current
->dma_len
;
634 /* both 40 and Table Indirect 64-bit DMAs store upper bits in dnad64 */
635 if (lsi_dma_40bit(s
) || lsi_dma_ti64bit(s
))
636 addr
|= ((uint64_t)s
->dnad64
<< 32);
638 addr
|= ((uint64_t)s
->dbms
<< 32);
640 addr
|= ((uint64_t)s
->sbms
<< 32);
642 trace_lsi_do_dma(addr
, count
);
646 if (s
->current
->dma_buf
== NULL
) {
647 s
->current
->dma_buf
= scsi_req_get_buf(s
->current
->req
);
649 /* ??? Set SFBR to first data byte. */
651 lsi_mem_read(s
, addr
, s
->current
->dma_buf
, count
);
653 lsi_mem_write(s
, addr
, s
->current
->dma_buf
, count
);
655 s
->current
->dma_len
-= count
;
656 if (s
->current
->dma_len
== 0) {
657 s
->current
->dma_buf
= NULL
;
658 scsi_req_continue(s
->current
->req
);
660 s
->current
->dma_buf
+= count
;
661 lsi_resume_script(s
);
666 /* Add a command to the queue. */
667 static void lsi_queue_command(LSIState
*s
)
669 lsi_request
*p
= s
->current
;
671 trace_lsi_queue_command(p
->tag
);
672 assert(s
->current
!= NULL
);
673 assert(s
->current
->dma_len
== 0);
674 QTAILQ_INSERT_TAIL(&s
->queue
, s
->current
, next
);
678 p
->out
= (s
->sstat1
& PHASE_MASK
) == PHASE_DO
;
681 /* Queue a byte for a MSG IN phase. */
682 static void lsi_add_msg_byte(LSIState
*s
, uint8_t data
)
684 if (s
->msg_len
>= LSI_MAX_MSGIN_LEN
) {
685 trace_lsi_add_msg_byte_error();
687 trace_lsi_add_msg_byte(data
);
688 s
->msg
[s
->msg_len
++] = data
;
692 /* Perform reselection to continue a command. */
693 static void lsi_reselect(LSIState
*s
, lsi_request
*p
)
697 assert(s
->current
== NULL
);
698 QTAILQ_REMOVE(&s
->queue
, p
, next
);
701 id
= (p
->tag
>> 8) & 0xf;
703 /* LSI53C700 Family Compatibility, see LSI53C895A 4-73 */
704 if (!(s
->dcntl
& LSI_DCNTL_COM
)) {
705 s
->sfbr
= 1 << (id
& 0x7);
707 trace_lsi_reselect(id
);
708 s
->scntl1
|= LSI_SCNTL1_CON
;
709 lsi_set_phase(s
, PHASE_MI
);
710 s
->msg_action
= p
->out
? LSI_MSG_ACTION_DOUT
: LSI_MSG_ACTION_DIN
;
711 s
->current
->dma_len
= p
->pending
;
712 lsi_add_msg_byte(s
, 0x80);
713 if (s
->current
->tag
& LSI_TAG_VALID
) {
714 lsi_add_msg_byte(s
, 0x20);
715 lsi_add_msg_byte(s
, p
->tag
& 0xff);
718 if (lsi_irq_on_rsl(s
)) {
719 lsi_script_scsi_interrupt(s
, LSI_SIST0_RSL
, 0);
723 static lsi_request
*lsi_find_by_tag(LSIState
*s
, uint32_t tag
)
727 QTAILQ_FOREACH(p
, &s
->queue
, next
) {
736 static void lsi_request_free(LSIState
*s
, lsi_request
*p
)
738 if (p
== s
->current
) {
741 QTAILQ_REMOVE(&s
->queue
, p
, next
);
746 static void lsi_request_cancelled(SCSIRequest
*req
)
748 LSIState
*s
= LSI53C895A(req
->bus
->qbus
.parent
);
749 lsi_request
*p
= req
->hba_private
;
751 req
->hba_private
= NULL
;
752 lsi_request_free(s
, p
);
756 /* Record that data is available for a queued command. Returns zero if
757 the device was reselected, nonzero if the IO is deferred. */
758 static int lsi_queue_req(LSIState
*s
, SCSIRequest
*req
, uint32_t len
)
760 lsi_request
*p
= req
->hba_private
;
763 trace_lsi_queue_req_error(p
);
766 /* Reselect if waiting for it, or if reselection triggers an IRQ
768 Since no interrupt stacking is implemented in the emulation, it
769 is also required that there are no pending interrupts waiting
770 for service from the device driver. */
771 if (s
->waiting
== LSI_WAIT_RESELECT
||
772 (lsi_irq_on_rsl(s
) && !(s
->scntl1
& LSI_SCNTL1_CON
) &&
773 !(s
->istat0
& (LSI_ISTAT0_SIP
| LSI_ISTAT0_DIP
)))) {
774 /* Reselect device. */
778 trace_lsi_queue_req(p
->tag
);
784 /* Callback to indicate that the SCSI layer has completed a command. */
785 static void lsi_command_complete(SCSIRequest
*req
, uint32_t status
, size_t resid
)
787 LSIState
*s
= LSI53C895A(req
->bus
->qbus
.parent
);
790 out
= (s
->sstat1
& PHASE_MASK
) == PHASE_DO
;
791 trace_lsi_command_complete(status
);
793 s
->command_complete
= 2;
794 if (s
->waiting
&& s
->dbc
!= 0) {
795 /* Raise phase mismatch for short transfers. */
796 lsi_bad_phase(s
, out
, PHASE_ST
);
798 lsi_set_phase(s
, PHASE_ST
);
801 if (req
->hba_private
== s
->current
) {
802 req
->hba_private
= NULL
;
803 lsi_request_free(s
, s
->current
);
806 lsi_resume_script(s
);
809 /* Callback to indicate that the SCSI layer has completed a transfer. */
810 static void lsi_transfer_data(SCSIRequest
*req
, uint32_t len
)
812 LSIState
*s
= LSI53C895A(req
->bus
->qbus
.parent
);
815 assert(req
->hba_private
);
816 if (s
->waiting
== LSI_WAIT_RESELECT
|| req
->hba_private
!= s
->current
||
817 (lsi_irq_on_rsl(s
) && !(s
->scntl1
& LSI_SCNTL1_CON
))) {
818 if (lsi_queue_req(s
, req
, len
)) {
823 out
= (s
->sstat1
& PHASE_MASK
) == PHASE_DO
;
825 /* host adapter (re)connected */
826 trace_lsi_transfer_data(req
->tag
, len
);
827 s
->current
->dma_len
= len
;
828 s
->command_complete
= 1;
830 if (s
->waiting
== LSI_WAIT_RESELECT
|| s
->dbc
== 0) {
831 lsi_resume_script(s
);
838 static void lsi_do_command(LSIState
*s
)
845 trace_lsi_do_command(s
->dbc
);
848 pci_dma_read(PCI_DEVICE(s
), s
->dnad
, buf
, s
->dbc
);
850 s
->command_complete
= 0;
852 id
= (s
->select_tag
>> 8) & 0xf;
853 dev
= scsi_device_find(&s
->bus
, 0, id
, s
->current_lun
);
855 lsi_bad_selection(s
, id
);
859 assert(s
->current
== NULL
);
860 s
->current
= g_new0(lsi_request
, 1);
861 s
->current
->tag
= s
->select_tag
;
862 s
->current
->req
= scsi_req_new(dev
, s
->current
->tag
, s
->current_lun
, buf
,
865 n
= scsi_req_enqueue(s
->current
->req
);
868 lsi_set_phase(s
, PHASE_DI
);
870 lsi_set_phase(s
, PHASE_DO
);
872 scsi_req_continue(s
->current
->req
);
874 if (!s
->command_complete
) {
876 /* Command did not complete immediately so disconnect. */
877 lsi_add_msg_byte(s
, 2); /* SAVE DATA POINTER */
878 lsi_add_msg_byte(s
, 4); /* DISCONNECT */
880 lsi_set_phase(s
, PHASE_MI
);
881 s
->msg_action
= LSI_MSG_ACTION_DISCONNECT
;
882 lsi_queue_command(s
);
884 /* wait command complete */
885 lsi_set_phase(s
, PHASE_DI
);
890 static void lsi_do_status(LSIState
*s
)
893 trace_lsi_do_status(s
->dbc
, s
->status
);
895 trace_lsi_do_status_error();
900 pci_dma_write(PCI_DEVICE(s
), s
->dnad
, &status
, 1);
901 lsi_set_phase(s
, PHASE_MI
);
902 s
->msg_action
= LSI_MSG_ACTION_DISCONNECT
;
903 lsi_add_msg_byte(s
, 0); /* COMMAND COMPLETE */
906 static void lsi_do_msgin(LSIState
*s
)
909 trace_lsi_do_msgin(s
->dbc
, s
->msg_len
);
912 assert(len
> 0 && len
<= LSI_MAX_MSGIN_LEN
);
915 pci_dma_write(PCI_DEVICE(s
), s
->dnad
, s
->msg
, len
);
916 /* Linux drivers rely on the last byte being in the SIDL. */
917 s
->sidl
= s
->msg
[len
- 1];
920 memmove(s
->msg
, s
->msg
+ len
, s
->msg_len
);
922 /* ??? Check if ATN (not yet implemented) is asserted and maybe
923 switch to PHASE_MO. */
924 switch (s
->msg_action
) {
925 case LSI_MSG_ACTION_COMMAND
:
926 lsi_set_phase(s
, PHASE_CMD
);
928 case LSI_MSG_ACTION_DISCONNECT
:
931 case LSI_MSG_ACTION_DOUT
:
932 lsi_set_phase(s
, PHASE_DO
);
934 case LSI_MSG_ACTION_DIN
:
935 lsi_set_phase(s
, PHASE_DI
);
943 /* Read the next byte during a MSGOUT phase. */
944 static uint8_t lsi_get_msgbyte(LSIState
*s
)
947 pci_dma_read(PCI_DEVICE(s
), s
->dnad
, &data
, 1);
953 /* Skip the next n bytes during a MSGOUT phase. */
954 static void lsi_skip_msgbytes(LSIState
*s
, unsigned int n
)
960 static void lsi_do_msgout(LSIState
*s
)
964 uint32_t current_tag
;
965 lsi_request
*current_req
, *p
, *p_next
;
968 current_tag
= s
->current
->tag
;
969 current_req
= s
->current
;
971 current_tag
= s
->select_tag
;
972 current_req
= lsi_find_by_tag(s
, current_tag
);
975 trace_lsi_do_msgout(s
->dbc
);
977 msg
= lsi_get_msgbyte(s
);
982 trace_lsi_do_msgout_disconnect();
986 trace_lsi_do_msgout_noop();
987 lsi_set_phase(s
, PHASE_CMD
);
990 len
= lsi_get_msgbyte(s
);
991 msg
= lsi_get_msgbyte(s
);
992 (void)len
; /* avoid a warning about unused variable*/
993 trace_lsi_do_msgout_extended(msg
, len
);
996 trace_lsi_do_msgout_ignored("SDTR");
997 lsi_skip_msgbytes(s
, 2);
1000 trace_lsi_do_msgout_ignored("WDTR");
1001 lsi_skip_msgbytes(s
, 1);
1004 trace_lsi_do_msgout_ignored("PPR");
1005 lsi_skip_msgbytes(s
, 5);
1011 case 0x20: /* SIMPLE queue */
1012 s
->select_tag
|= lsi_get_msgbyte(s
) | LSI_TAG_VALID
;
1013 trace_lsi_do_msgout_simplequeue(s
->select_tag
& 0xff);
1015 case 0x21: /* HEAD of queue */
1016 qemu_log_mask(LOG_UNIMP
, "lsi_scsi: HEAD queue not implemented\n");
1017 s
->select_tag
|= lsi_get_msgbyte(s
) | LSI_TAG_VALID
;
1019 case 0x22: /* ORDERED queue */
1020 qemu_log_mask(LOG_UNIMP
,
1021 "lsi_scsi: ORDERED queue not implemented\n");
1022 s
->select_tag
|= lsi_get_msgbyte(s
) | LSI_TAG_VALID
;
1025 /* The ABORT TAG message clears the current I/O process only. */
1026 trace_lsi_do_msgout_abort(current_tag
);
1028 scsi_req_cancel(current_req
->req
);
1035 /* The ABORT message clears all I/O processes for the selecting
1036 initiator on the specified logical unit of the target. */
1038 trace_lsi_do_msgout_abort(current_tag
);
1040 /* The CLEAR QUEUE message clears all I/O processes for all
1041 initiators on the specified logical unit of the target. */
1043 trace_lsi_do_msgout_clearqueue(current_tag
);
1045 /* The BUS DEVICE RESET message clears all I/O processes for all
1046 initiators on all logical units of the target. */
1048 trace_lsi_do_msgout_busdevicereset(current_tag
);
1051 /* clear the current I/O process */
1053 scsi_req_cancel(s
->current
->req
);
1056 /* As the current implemented devices scsi_disk and scsi_generic
1057 only support one LUN, we don't need to keep track of LUNs.
1058 Clearing I/O processes for other initiators could be possible
1059 for scsi_generic by sending a SG_SCSI_RESET to the /dev/sgX
1060 device, but this is currently not implemented (and seems not
1061 to be really necessary). So let's simply clear all queued
1062 commands for the current device: */
1063 QTAILQ_FOREACH_SAFE(p
, &s
->queue
, next
, p_next
) {
1064 if ((p
->tag
& 0x0000ff00) == (current_tag
& 0x0000ff00)) {
1065 scsi_req_cancel(p
->req
);
1072 if ((msg
& 0x80) == 0) {
1075 s
->current_lun
= msg
& 7;
1076 trace_lsi_do_msgout_select(s
->current_lun
);
1077 lsi_set_phase(s
, PHASE_CMD
);
1083 qemu_log_mask(LOG_UNIMP
, "Unimplemented message 0x%02x\n", msg
);
1084 lsi_set_phase(s
, PHASE_MI
);
1085 lsi_add_msg_byte(s
, 7); /* MESSAGE REJECT */
1086 s
->msg_action
= LSI_MSG_ACTION_COMMAND
;
1089 #define LSI_BUF_SIZE 4096
1090 static void lsi_memcpy(LSIState
*s
, uint32_t dest
, uint32_t src
, int count
)
1093 uint8_t buf
[LSI_BUF_SIZE
];
1095 trace_lsi_memcpy(dest
, src
, count
);
1097 n
= (count
> LSI_BUF_SIZE
) ? LSI_BUF_SIZE
: count
;
1098 lsi_mem_read(s
, src
, buf
, n
);
1099 lsi_mem_write(s
, dest
, buf
, n
);
1106 static void lsi_wait_reselect(LSIState
*s
)
1110 trace_lsi_wait_reselect();
1115 p
= get_pending_req(s
);
1119 if (s
->current
== NULL
) {
1120 s
->waiting
= LSI_WAIT_RESELECT
;
1124 static void lsi_execute_script(LSIState
*s
)
1126 PCIDevice
*pci_dev
= PCI_DEVICE(s
);
1128 uint32_t addr
, addr_high
;
1130 int insn_processed
= 0;
1132 s
->istat1
|= LSI_ISTAT1_SRUN
;
1135 insn
= read_dword(s
, s
->dsp
);
1137 /* If we receive an empty opcode increment the DSP by 4 bytes
1138 instead of 8 and execute the next opcode at that location */
1142 addr
= read_dword(s
, s
->dsp
+ 4);
1144 trace_lsi_execute_script(s
->dsp
, insn
, addr
);
1146 s
->dcmd
= insn
>> 24;
1148 switch (insn
>> 30) {
1149 case 0: /* Block move. */
1150 if (s
->sist1
& LSI_SIST1_STO
) {
1151 trace_lsi_execute_script_blockmove_delayed();
1155 s
->dbc
= insn
& 0xffffff;
1159 if (insn
& (1 << 29)) {
1160 /* Indirect addressing. */
1161 addr
= read_dword(s
, addr
);
1162 } else if (insn
& (1 << 28)) {
1165 /* Table indirect addressing. */
1167 /* 32-bit Table indirect */
1168 offset
= sextract32(addr
, 0, 24);
1169 pci_dma_read(pci_dev
, s
->dsa
+ offset
, buf
, 8);
1170 /* byte count is stored in bits 0:23 only */
1171 s
->dbc
= cpu_to_le32(buf
[0]) & 0xffffff;
1173 addr
= cpu_to_le32(buf
[1]);
1175 /* 40-bit DMA, upper addr bits [39:32] stored in first DWORD of
1176 * table, bits [31:24] */
1177 if (lsi_dma_40bit(s
))
1178 addr_high
= cpu_to_le32(buf
[0]) >> 24;
1179 else if (lsi_dma_ti64bit(s
)) {
1180 int selector
= (cpu_to_le32(buf
[0]) >> 24) & 0x1f;
1183 /* offset index into scratch registers since
1184 * TI64 mode can use registers C to R */
1185 addr_high
= s
->scratch
[2 + selector
];
1188 addr_high
= s
->mmrs
;
1191 addr_high
= s
->mmws
;
1200 addr_high
= s
->sbms
;
1203 addr_high
= s
->dbms
;
1206 qemu_log_mask(LOG_GUEST_ERROR
,
1207 "lsi_scsi: Illegal selector specified (0x%x > 0x15) "
1208 "for 64-bit DMA block move", selector
);
1212 } else if (lsi_dma_64bit(s
)) {
1213 /* fetch a 3rd dword if 64-bit direct move is enabled and
1214 only if we're not doing table indirect or indirect addressing */
1215 s
->dbms
= read_dword(s
, s
->dsp
);
1217 s
->ia
= s
->dsp
- 12;
1219 if ((s
->sstat1
& PHASE_MASK
) != ((insn
>> 24) & 7)) {
1220 trace_lsi_execute_script_blockmove_badphase(
1221 scsi_phase_name(s
->sstat1
),
1222 scsi_phase_name(insn
>> 24));
1223 lsi_script_scsi_interrupt(s
, LSI_SIST0_MA
, 0);
1227 s
->dnad64
= addr_high
;
1228 switch (s
->sstat1
& 0x7) {
1230 s
->waiting
= LSI_DMA_SCRIPTS
;
1233 s
->waiting
= LSI_DMA_IN_PROGRESS
;
1236 s
->waiting
= LSI_DMA_SCRIPTS
;
1239 s
->waiting
= LSI_DMA_IN_PROGRESS
;
1254 qemu_log_mask(LOG_UNIMP
, "lsi_scsi: Unimplemented phase %s\n",
1255 scsi_phase_name(s
->sstat1
));
1257 s
->dfifo
= s
->dbc
& 0xff;
1258 s
->ctest5
= (s
->ctest5
& 0xfc) | ((s
->dbc
>> 8) & 3);
1261 s
->ua
= addr
+ s
->dbc
;
1264 case 1: /* IO or Read/Write instruction. */
1265 opcode
= (insn
>> 27) & 7;
1269 if (insn
& (1 << 25)) {
1270 id
= read_dword(s
, s
->dsa
+ sextract32(insn
, 0, 24));
1274 id
= (id
>> 16) & 0xf;
1275 if (insn
& (1 << 26)) {
1276 addr
= s
->dsp
+ sextract32(addr
, 0, 24);
1280 case 0: /* Select */
1282 if (s
->scntl1
& LSI_SCNTL1_CON
) {
1283 trace_lsi_execute_script_io_alreadyreselected();
1287 s
->sstat0
|= LSI_SSTAT0_WOA
;
1288 s
->scntl1
&= ~LSI_SCNTL1_IARB
;
1289 if (!scsi_device_find(&s
->bus
, 0, id
, 0)) {
1290 lsi_bad_selection(s
, id
);
1293 trace_lsi_execute_script_io_selected(id
,
1294 insn
& (1 << 3) ? " ATN" : "");
1295 /* ??? Linux drivers compain when this is set. Maybe
1296 it only applies in low-level mode (unimplemented).
1297 lsi_script_scsi_interrupt(s, LSI_SIST0_CMP, 0); */
1298 s
->select_tag
= id
<< 8;
1299 s
->scntl1
|= LSI_SCNTL1_CON
;
1300 if (insn
& (1 << 3)) {
1301 s
->socl
|= LSI_SOCL_ATN
;
1302 s
->sbcl
|= LSI_SBCL_ATN
;
1304 s
->sbcl
|= LSI_SBCL_BSY
;
1305 lsi_set_phase(s
, PHASE_MO
);
1306 s
->waiting
= LSI_NOWAIT
;
1308 case 1: /* Disconnect */
1309 trace_lsi_execute_script_io_disconnect();
1310 s
->scntl1
&= ~LSI_SCNTL1_CON
;
1311 /* FIXME: this is not entirely correct; the target need not ask
1312 * for reselection until it has to send data, while here we force a
1313 * reselection as soon as the bus is free. The correct flow would
1314 * reselect before lsi_transfer_data and disconnect as soon as
1318 lsi_request
*p
= get_pending_req(s
);
1324 case 2: /* Wait Reselect */
1325 if (s
->istat0
& LSI_ISTAT0_SIGP
) {
1327 } else if (!lsi_irq_on_rsl(s
)) {
1328 lsi_wait_reselect(s
);
1332 trace_lsi_execute_script_io_set(
1333 insn
& (1 << 3) ? " ATN" : "",
1334 insn
& (1 << 6) ? " ACK" : "",
1335 insn
& (1 << 9) ? " TM" : "",
1336 insn
& (1 << 10) ? " CC" : "");
1337 if (insn
& (1 << 3)) {
1338 s
->socl
|= LSI_SOCL_ATN
;
1339 s
->sbcl
|= LSI_SBCL_ATN
;
1340 lsi_set_phase(s
, PHASE_MO
);
1343 if (insn
& (1 << 6)) {
1344 s
->sbcl
|= LSI_SBCL_ACK
;
1347 if (insn
& (1 << 9)) {
1348 qemu_log_mask(LOG_UNIMP
,
1349 "lsi_scsi: Target mode not implemented\n");
1351 if (insn
& (1 << 10))
1355 trace_lsi_execute_script_io_clear(
1356 insn
& (1 << 3) ? " ATN" : "",
1357 insn
& (1 << 6) ? " ACK" : "",
1358 insn
& (1 << 9) ? " TM" : "",
1359 insn
& (1 << 10) ? " CC" : "");
1360 if (insn
& (1 << 3)) {
1361 s
->socl
&= ~LSI_SOCL_ATN
;
1362 s
->sbcl
&= ~LSI_SBCL_ATN
;
1365 if (insn
& (1 << 6)) {
1366 s
->sbcl
&= ~LSI_SBCL_ACK
;
1369 if (insn
& (1 << 10))
1380 static const char *opcode_names
[3] =
1381 {"Write", "Read", "Read-Modify-Write"};
1382 static const char *operator_names
[8] =
1383 {"MOV", "SHL", "OR", "XOR", "AND", "SHR", "ADD", "ADC"};
1385 reg
= ((insn
>> 16) & 0x7f) | (insn
& 0x80);
1386 data8
= (insn
>> 8) & 0xff;
1387 opcode
= (insn
>> 27) & 7;
1388 operator = (insn
>> 24) & 7;
1389 trace_lsi_execute_script_io_opcode(
1390 opcode_names
[opcode
- 5], reg
,
1391 operator_names
[operator], data8
, s
->sfbr
,
1392 (insn
& (1 << 23)) ? " SFBR" : "");
1395 case 5: /* From SFBR */
1399 case 6: /* To SFBR */
1401 op0
= lsi_reg_readb(s
, reg
);
1404 case 7: /* Read-modify-write */
1406 op0
= lsi_reg_readb(s
, reg
);
1407 if (insn
& (1 << 23)) {
1419 case 1: /* Shift left */
1421 op0
= (op0
<< 1) | s
->carry
;
1435 op0
= (op0
>> 1) | (s
->carry
<< 7);
1440 s
->carry
= op0
< op1
;
1443 op0
+= op1
+ s
->carry
;
1445 s
->carry
= op0
<= op1
;
1447 s
->carry
= op0
< op1
;
1452 case 5: /* From SFBR */
1453 case 7: /* Read-modify-write */
1454 lsi_reg_writeb(s
, reg
, op0
);
1456 case 6: /* To SFBR */
1463 case 2: /* Transfer Control. */
1468 if ((insn
& 0x002e0000) == 0) {
1469 trace_lsi_execute_script_tc_nop();
1472 if (s
->sist1
& LSI_SIST1_STO
) {
1473 trace_lsi_execute_script_tc_delayedselect_timeout();
1477 cond
= jmp
= (insn
& (1 << 19)) != 0;
1478 if (cond
== jmp
&& (insn
& (1 << 21))) {
1479 trace_lsi_execute_script_tc_compc(s
->carry
== jmp
);
1480 cond
= s
->carry
!= 0;
1482 if (cond
== jmp
&& (insn
& (1 << 17))) {
1483 trace_lsi_execute_script_tc_compp(scsi_phase_name(s
->sstat1
),
1484 jmp
? '=' : '!', scsi_phase_name(insn
>> 24));
1485 cond
= (s
->sstat1
& PHASE_MASK
) == ((insn
>> 24) & 7);
1487 if (cond
== jmp
&& (insn
& (1 << 18))) {
1490 mask
= (~insn
>> 8) & 0xff;
1491 trace_lsi_execute_script_tc_compd(
1492 s
->sfbr
, mask
, jmp
? '=' : '!', insn
& mask
);
1493 cond
= (s
->sfbr
& mask
) == (insn
& mask
);
1496 if (insn
& (1 << 23)) {
1497 /* Relative address. */
1498 addr
= s
->dsp
+ sextract32(addr
, 0, 24);
1500 switch ((insn
>> 27) & 7) {
1502 trace_lsi_execute_script_tc_jump(addr
);
1507 trace_lsi_execute_script_tc_call(addr
);
1511 case 2: /* Return */
1512 trace_lsi_execute_script_tc_return(s
->temp
);
1515 case 3: /* Interrupt */
1516 trace_lsi_execute_script_tc_interrupt(s
->dsps
);
1517 if ((insn
& (1 << 20)) != 0) {
1518 s
->istat0
|= LSI_ISTAT0_INTF
;
1521 lsi_script_dma_interrupt(s
, LSI_DSTAT_SIR
);
1525 trace_lsi_execute_script_tc_illegal();
1526 lsi_script_dma_interrupt(s
, LSI_DSTAT_IID
);
1530 trace_lsi_execute_script_tc_cc_failed();
1536 if ((insn
& (1 << 29)) == 0) {
1539 /* ??? The docs imply the destination address is loaded into
1540 the TEMP register. However the Linux drivers rely on
1541 the value being presrved. */
1542 dest
= read_dword(s
, s
->dsp
);
1544 lsi_memcpy(s
, dest
, addr
, insn
& 0xffffff);
1551 if (insn
& (1 << 28)) {
1552 addr
= s
->dsa
+ sextract32(addr
, 0, 24);
1555 reg
= (insn
>> 16) & 0xff;
1556 if (insn
& (1 << 24)) {
1557 pci_dma_read(pci_dev
, addr
, data
, n
);
1558 trace_lsi_execute_script_mm_load(reg
, n
, addr
, *(int *)data
);
1559 for (i
= 0; i
< n
; i
++) {
1560 lsi_reg_writeb(s
, reg
+ i
, data
[i
]);
1563 trace_lsi_execute_script_mm_store(reg
, n
, addr
);
1564 for (i
= 0; i
< n
; i
++) {
1565 data
[i
] = lsi_reg_readb(s
, reg
+ i
);
1567 pci_dma_write(pci_dev
, addr
, data
, n
);
1571 if (insn_processed
> 10000 && s
->waiting
== LSI_NOWAIT
) {
1572 /* Some windows drivers make the device spin waiting for a memory
1573 location to change. If we have been executed a lot of code then
1574 assume this is the case and force an unexpected device disconnect.
1575 This is apparently sufficient to beat the drivers into submission.
1577 if (!(s
->sien0
& LSI_SIST0_UDC
)) {
1578 qemu_log_mask(LOG_GUEST_ERROR
,
1579 "lsi_scsi: inf. loop with UDC masked");
1581 lsi_script_scsi_interrupt(s
, LSI_SIST0_UDC
, 0);
1583 } else if (s
->istat1
& LSI_ISTAT1_SRUN
&& s
->waiting
== LSI_NOWAIT
) {
1584 if (s
->dcntl
& LSI_DCNTL_SSM
) {
1585 lsi_script_dma_interrupt(s
, LSI_DSTAT_SSI
);
1590 trace_lsi_execute_script_stop();
1593 static uint8_t lsi_reg_readb(LSIState
*s
, int offset
)
1597 #define CASE_GET_REG24(name, addr) \
1598 case addr: ret = s->name & 0xff; break; \
1599 case addr + 1: ret = (s->name >> 8) & 0xff; break; \
1600 case addr + 2: ret = (s->name >> 16) & 0xff; break;
1602 #define CASE_GET_REG32(name, addr) \
1603 case addr: ret = s->name & 0xff; break; \
1604 case addr + 1: ret = (s->name >> 8) & 0xff; break; \
1605 case addr + 2: ret = (s->name >> 16) & 0xff; break; \
1606 case addr + 3: ret = (s->name >> 24) & 0xff; break;
1609 case 0x00: /* SCNTL0 */
1612 case 0x01: /* SCNTL1 */
1615 case 0x02: /* SCNTL2 */
1618 case 0x03: /* SCNTL3 */
1621 case 0x04: /* SCID */
1624 case 0x05: /* SXFER */
1627 case 0x06: /* SDID */
1630 case 0x07: /* GPREG0 */
1633 case 0x08: /* Revision ID */
1636 case 0x09: /* SOCL */
1639 case 0xa: /* SSID */
1642 case 0xb: /* SBCL */
1645 case 0xc: /* DSTAT */
1646 ret
= s
->dstat
| LSI_DSTAT_DFE
;
1647 if ((s
->istat0
& LSI_ISTAT0_INTF
) == 0)
1651 case 0x0d: /* SSTAT0 */
1654 case 0x0e: /* SSTAT1 */
1657 case 0x0f: /* SSTAT2 */
1658 ret
= s
->scntl1
& LSI_SCNTL1_CON
? 0 : 2;
1660 CASE_GET_REG32(dsa
, 0x10)
1661 case 0x14: /* ISTAT0 */
1664 case 0x15: /* ISTAT1 */
1667 case 0x16: /* MBOX0 */
1670 case 0x17: /* MBOX1 */
1673 case 0x18: /* CTEST0 */
1676 case 0x19: /* CTEST1 */
1679 case 0x1a: /* CTEST2 */
1680 ret
= s
->ctest2
| LSI_CTEST2_DACK
| LSI_CTEST2_CM
;
1681 if (s
->istat0
& LSI_ISTAT0_SIGP
) {
1682 s
->istat0
&= ~LSI_ISTAT0_SIGP
;
1683 ret
|= LSI_CTEST2_SIGP
;
1686 case 0x1b: /* CTEST3 */
1689 CASE_GET_REG32(temp
, 0x1c)
1690 case 0x20: /* DFIFO */
1693 case 0x21: /* CTEST4 */
1696 case 0x22: /* CTEST5 */
1699 case 0x23: /* CTEST6 */
1702 CASE_GET_REG24(dbc
, 0x24)
1703 case 0x27: /* DCMD */
1706 CASE_GET_REG32(dnad
, 0x28)
1707 CASE_GET_REG32(dsp
, 0x2c)
1708 CASE_GET_REG32(dsps
, 0x30)
1709 CASE_GET_REG32(scratch
[0], 0x34)
1710 case 0x38: /* DMODE */
1713 case 0x39: /* DIEN */
1716 case 0x3a: /* SBR */
1719 case 0x3b: /* DCNTL */
1722 /* ADDER Output (Debug of relative jump address) */
1723 CASE_GET_REG32(adder
, 0x3c)
1724 case 0x40: /* SIEN0 */
1727 case 0x41: /* SIEN1 */
1730 case 0x42: /* SIST0 */
1735 case 0x43: /* SIST1 */
1740 case 0x46: /* MACNTL */
1743 case 0x47: /* GPCNTL0 */
1746 case 0x48: /* STIME0 */
1749 case 0x4a: /* RESPID0 */
1752 case 0x4b: /* RESPID1 */
1755 case 0x4d: /* STEST1 */
1758 case 0x4e: /* STEST2 */
1761 case 0x4f: /* STEST3 */
1764 case 0x50: /* SIDL */
1765 /* This is needed by the linux drivers. We currently only update it
1766 during the MSG IN phase. */
1769 case 0x52: /* STEST4 */
1772 case 0x56: /* CCNTL0 */
1775 case 0x57: /* CCNTL1 */
1778 case 0x58: /* SBDL */
1779 /* Some drivers peek at the data bus during the MSG IN phase. */
1780 if ((s
->sstat1
& PHASE_MASK
) == PHASE_MI
) {
1781 assert(s
->msg_len
> 0);
1786 case 0x59: /* SBDL high */
1789 CASE_GET_REG32(mmrs
, 0xa0)
1790 CASE_GET_REG32(mmws
, 0xa4)
1791 CASE_GET_REG32(sfs
, 0xa8)
1792 CASE_GET_REG32(drs
, 0xac)
1793 CASE_GET_REG32(sbms
, 0xb0)
1794 CASE_GET_REG32(dbms
, 0xb4)
1795 CASE_GET_REG32(dnad64
, 0xb8)
1796 CASE_GET_REG32(pmjad1
, 0xc0)
1797 CASE_GET_REG32(pmjad2
, 0xc4)
1798 CASE_GET_REG32(rbc
, 0xc8)
1799 CASE_GET_REG32(ua
, 0xcc)
1800 CASE_GET_REG32(ia
, 0xd4)
1801 CASE_GET_REG32(sbc
, 0xd8)
1802 CASE_GET_REG32(csbc
, 0xdc)
1807 n
= (offset
- 0x58) >> 2;
1808 shift
= (offset
& 3) * 8;
1809 ret
= (s
->scratch
[n
] >> shift
) & 0xff;
1814 qemu_log_mask(LOG_GUEST_ERROR
,
1815 "lsi_scsi: invalid read from reg %s %x\n",
1816 offset
< ARRAY_SIZE(names
) ? names
[offset
] : "???",
1822 #undef CASE_GET_REG24
1823 #undef CASE_GET_REG32
1825 trace_lsi_reg_read(offset
< ARRAY_SIZE(names
) ? names
[offset
] : "???",
1831 static void lsi_reg_writeb(LSIState
*s
, int offset
, uint8_t val
)
1833 #define CASE_SET_REG24(name, addr) \
1834 case addr : s->name &= 0xffffff00; s->name |= val; break; \
1835 case addr + 1: s->name &= 0xffff00ff; s->name |= val << 8; break; \
1836 case addr + 2: s->name &= 0xff00ffff; s->name |= val << 16; break;
1838 #define CASE_SET_REG32(name, addr) \
1839 case addr : s->name &= 0xffffff00; s->name |= val; break; \
1840 case addr + 1: s->name &= 0xffff00ff; s->name |= val << 8; break; \
1841 case addr + 2: s->name &= 0xff00ffff; s->name |= val << 16; break; \
1842 case addr + 3: s->name &= 0x00ffffff; s->name |= val << 24; break;
1844 trace_lsi_reg_write(offset
< ARRAY_SIZE(names
) ? names
[offset
] : "???",
1848 case 0x00: /* SCNTL0 */
1850 if (val
& LSI_SCNTL0_START
) {
1851 qemu_log_mask(LOG_UNIMP
,
1852 "lsi_scsi: Start sequence not implemented\n");
1855 case 0x01: /* SCNTL1 */
1856 s
->scntl1
= val
& ~LSI_SCNTL1_SST
;
1857 if (val
& LSI_SCNTL1_IARB
) {
1858 qemu_log_mask(LOG_UNIMP
,
1859 "lsi_scsi: Immediate Arbritration not implemented\n");
1861 if (val
& LSI_SCNTL1_RST
) {
1862 if (!(s
->sstat0
& LSI_SSTAT0_RST
)) {
1863 qbus_reset_all(&s
->bus
.qbus
);
1864 s
->sstat0
|= LSI_SSTAT0_RST
;
1865 lsi_script_scsi_interrupt(s
, LSI_SIST0_RST
, 0);
1868 s
->sstat0
&= ~LSI_SSTAT0_RST
;
1871 case 0x02: /* SCNTL2 */
1872 val
&= ~(LSI_SCNTL2_WSR
| LSI_SCNTL2_WSS
);
1875 case 0x03: /* SCNTL3 */
1878 case 0x04: /* SCID */
1881 case 0x05: /* SXFER */
1884 case 0x06: /* SDID */
1885 if ((s
->ssid
& 0x80) && (val
& 0xf) != (s
->ssid
& 0xf)) {
1886 qemu_log_mask(LOG_GUEST_ERROR
,
1887 "lsi_scsi: Destination ID does not match SSID\n");
1889 s
->sdid
= val
& 0xf;
1891 case 0x07: /* GPREG0 */
1893 case 0x08: /* SFBR */
1894 /* The CPU is not allowed to write to this register. However the
1895 SCRIPTS register move instructions are. */
1898 case 0x0a: case 0x0b:
1899 /* Openserver writes to these readonly registers on startup */
1901 case 0x0c: case 0x0d: case 0x0e: case 0x0f:
1902 /* Linux writes to these readonly registers on startup. */
1904 CASE_SET_REG32(dsa
, 0x10)
1905 case 0x14: /* ISTAT0 */
1906 s
->istat0
= (s
->istat0
& 0x0f) | (val
& 0xf0);
1907 if (val
& LSI_ISTAT0_ABRT
) {
1908 lsi_script_dma_interrupt(s
, LSI_DSTAT_ABRT
);
1910 if (val
& LSI_ISTAT0_INTF
) {
1911 s
->istat0
&= ~LSI_ISTAT0_INTF
;
1914 if (s
->waiting
== LSI_WAIT_RESELECT
&& val
& LSI_ISTAT0_SIGP
) {
1916 s
->waiting
= LSI_NOWAIT
;
1918 lsi_execute_script(s
);
1920 if (val
& LSI_ISTAT0_SRST
) {
1921 qdev_reset_all(DEVICE(s
));
1924 case 0x16: /* MBOX0 */
1927 case 0x17: /* MBOX1 */
1930 case 0x18: /* CTEST0 */
1933 case 0x1a: /* CTEST2 */
1934 s
->ctest2
= val
& LSI_CTEST2_PCICIE
;
1936 case 0x1b: /* CTEST3 */
1937 s
->ctest3
= val
& 0x0f;
1939 CASE_SET_REG32(temp
, 0x1c)
1940 case 0x21: /* CTEST4 */
1942 qemu_log_mask(LOG_UNIMP
,
1943 "lsi_scsi: Unimplemented CTEST4-FBL 0x%x\n", val
);
1947 case 0x22: /* CTEST5 */
1948 if (val
& (LSI_CTEST5_ADCK
| LSI_CTEST5_BBCK
)) {
1949 qemu_log_mask(LOG_UNIMP
,
1950 "lsi_scsi: CTEST5 DMA increment not implemented\n");
1954 CASE_SET_REG24(dbc
, 0x24)
1955 CASE_SET_REG32(dnad
, 0x28)
1956 case 0x2c: /* DSP[0:7] */
1957 s
->dsp
&= 0xffffff00;
1960 case 0x2d: /* DSP[8:15] */
1961 s
->dsp
&= 0xffff00ff;
1964 case 0x2e: /* DSP[16:23] */
1965 s
->dsp
&= 0xff00ffff;
1966 s
->dsp
|= val
<< 16;
1968 case 0x2f: /* DSP[24:31] */
1969 s
->dsp
&= 0x00ffffff;
1970 s
->dsp
|= val
<< 24;
1971 if ((s
->dmode
& LSI_DMODE_MAN
) == 0
1972 && (s
->istat1
& LSI_ISTAT1_SRUN
) == 0)
1973 lsi_execute_script(s
);
1975 CASE_SET_REG32(dsps
, 0x30)
1976 CASE_SET_REG32(scratch
[0], 0x34)
1977 case 0x38: /* DMODE */
1980 case 0x39: /* DIEN */
1984 case 0x3a: /* SBR */
1987 case 0x3b: /* DCNTL */
1988 s
->dcntl
= val
& ~(LSI_DCNTL_PFF
| LSI_DCNTL_STD
);
1989 if ((val
& LSI_DCNTL_STD
) && (s
->istat1
& LSI_ISTAT1_SRUN
) == 0)
1990 lsi_execute_script(s
);
1992 case 0x40: /* SIEN0 */
1996 case 0x41: /* SIEN1 */
2000 case 0x47: /* GPCNTL0 */
2002 case 0x48: /* STIME0 */
2005 case 0x49: /* STIME1 */
2007 qemu_log_mask(LOG_UNIMP
,
2008 "lsi_scsi: General purpose timer not implemented\n");
2009 /* ??? Raising the interrupt immediately seems to be sufficient
2010 to keep the FreeBSD driver happy. */
2011 lsi_script_scsi_interrupt(s
, 0, LSI_SIST1_GEN
);
2014 case 0x4a: /* RESPID0 */
2017 case 0x4b: /* RESPID1 */
2020 case 0x4d: /* STEST1 */
2023 case 0x4e: /* STEST2 */
2025 qemu_log_mask(LOG_UNIMP
,
2026 "lsi_scsi: Low level mode not implemented\n");
2030 case 0x4f: /* STEST3 */
2032 qemu_log_mask(LOG_UNIMP
,
2033 "lsi_scsi: SCSI FIFO test mode not implemented\n");
2037 case 0x56: /* CCNTL0 */
2040 case 0x57: /* CCNTL1 */
2043 CASE_SET_REG32(mmrs
, 0xa0)
2044 CASE_SET_REG32(mmws
, 0xa4)
2045 CASE_SET_REG32(sfs
, 0xa8)
2046 CASE_SET_REG32(drs
, 0xac)
2047 CASE_SET_REG32(sbms
, 0xb0)
2048 CASE_SET_REG32(dbms
, 0xb4)
2049 CASE_SET_REG32(dnad64
, 0xb8)
2050 CASE_SET_REG32(pmjad1
, 0xc0)
2051 CASE_SET_REG32(pmjad2
, 0xc4)
2052 CASE_SET_REG32(rbc
, 0xc8)
2053 CASE_SET_REG32(ua
, 0xcc)
2054 CASE_SET_REG32(ia
, 0xd4)
2055 CASE_SET_REG32(sbc
, 0xd8)
2056 CASE_SET_REG32(csbc
, 0xdc)
2058 if (offset
>= 0x5c && offset
< 0xa0) {
2061 n
= (offset
- 0x58) >> 2;
2062 shift
= (offset
& 3) * 8;
2063 s
->scratch
[n
] = deposit32(s
->scratch
[n
], shift
, 8, val
);
2065 qemu_log_mask(LOG_GUEST_ERROR
,
2066 "lsi_scsi: invalid write to reg %s %x (0x%02x)\n",
2067 offset
< ARRAY_SIZE(names
) ? names
[offset
] : "???",
2071 #undef CASE_SET_REG24
2072 #undef CASE_SET_REG32
2075 static void lsi_mmio_write(void *opaque
, hwaddr addr
,
2076 uint64_t val
, unsigned size
)
2078 LSIState
*s
= opaque
;
2080 lsi_reg_writeb(s
, addr
& 0xff, val
);
2083 static uint64_t lsi_mmio_read(void *opaque
, hwaddr addr
,
2086 LSIState
*s
= opaque
;
2087 return lsi_reg_readb(s
, addr
& 0xff);
2090 static const MemoryRegionOps lsi_mmio_ops
= {
2091 .read
= lsi_mmio_read
,
2092 .write
= lsi_mmio_write
,
2093 .endianness
= DEVICE_LITTLE_ENDIAN
,
2095 .min_access_size
= 1,
2096 .max_access_size
= 1,
2100 static void lsi_ram_write(void *opaque
, hwaddr addr
,
2101 uint64_t val
, unsigned size
)
2103 LSIState
*s
= opaque
;
2104 stn_le_p(s
->script_ram
+ addr
, size
, val
);
2107 static uint64_t lsi_ram_read(void *opaque
, hwaddr addr
,
2110 LSIState
*s
= opaque
;
2111 return ldn_le_p(s
->script_ram
+ addr
, size
);
2114 static const MemoryRegionOps lsi_ram_ops
= {
2115 .read
= lsi_ram_read
,
2116 .write
= lsi_ram_write
,
2117 .endianness
= DEVICE_LITTLE_ENDIAN
,
2120 static uint64_t lsi_io_read(void *opaque
, hwaddr addr
,
2123 LSIState
*s
= opaque
;
2124 return lsi_reg_readb(s
, addr
& 0xff);
2127 static void lsi_io_write(void *opaque
, hwaddr addr
,
2128 uint64_t val
, unsigned size
)
2130 LSIState
*s
= opaque
;
2131 lsi_reg_writeb(s
, addr
& 0xff, val
);
2134 static const MemoryRegionOps lsi_io_ops
= {
2135 .read
= lsi_io_read
,
2136 .write
= lsi_io_write
,
2137 .endianness
= DEVICE_LITTLE_ENDIAN
,
2139 .min_access_size
= 1,
2140 .max_access_size
= 1,
2144 static void lsi_scsi_reset(DeviceState
*dev
)
2146 LSIState
*s
= LSI53C895A(dev
);
2151 static int lsi_pre_save(void *opaque
)
2153 LSIState
*s
= opaque
;
2156 assert(s
->current
->dma_buf
== NULL
);
2157 assert(s
->current
->dma_len
== 0);
2159 assert(QTAILQ_EMPTY(&s
->queue
));
2164 static int lsi_post_load(void *opaque
, int version_id
)
2166 LSIState
*s
= opaque
;
2168 if (s
->msg_len
< 0 || s
->msg_len
> LSI_MAX_MSGIN_LEN
) {
2175 static const VMStateDescription vmstate_lsi_scsi
= {
2178 .minimum_version_id
= 0,
2179 .pre_save
= lsi_pre_save
,
2180 .post_load
= lsi_post_load
,
2181 .fields
= (VMStateField
[]) {
2182 VMSTATE_PCI_DEVICE(parent_obj
, LSIState
),
2184 VMSTATE_INT32(carry
, LSIState
),
2185 VMSTATE_INT32(status
, LSIState
),
2186 VMSTATE_INT32(msg_action
, LSIState
),
2187 VMSTATE_INT32(msg_len
, LSIState
),
2188 VMSTATE_BUFFER(msg
, LSIState
),
2189 VMSTATE_INT32(waiting
, LSIState
),
2191 VMSTATE_UINT32(dsa
, LSIState
),
2192 VMSTATE_UINT32(temp
, LSIState
),
2193 VMSTATE_UINT32(dnad
, LSIState
),
2194 VMSTATE_UINT32(dbc
, LSIState
),
2195 VMSTATE_UINT8(istat0
, LSIState
),
2196 VMSTATE_UINT8(istat1
, LSIState
),
2197 VMSTATE_UINT8(dcmd
, LSIState
),
2198 VMSTATE_UINT8(dstat
, LSIState
),
2199 VMSTATE_UINT8(dien
, LSIState
),
2200 VMSTATE_UINT8(sist0
, LSIState
),
2201 VMSTATE_UINT8(sist1
, LSIState
),
2202 VMSTATE_UINT8(sien0
, LSIState
),
2203 VMSTATE_UINT8(sien1
, LSIState
),
2204 VMSTATE_UINT8(mbox0
, LSIState
),
2205 VMSTATE_UINT8(mbox1
, LSIState
),
2206 VMSTATE_UINT8(dfifo
, LSIState
),
2207 VMSTATE_UINT8(ctest2
, LSIState
),
2208 VMSTATE_UINT8(ctest3
, LSIState
),
2209 VMSTATE_UINT8(ctest4
, LSIState
),
2210 VMSTATE_UINT8(ctest5
, LSIState
),
2211 VMSTATE_UINT8(ccntl0
, LSIState
),
2212 VMSTATE_UINT8(ccntl1
, LSIState
),
2213 VMSTATE_UINT32(dsp
, LSIState
),
2214 VMSTATE_UINT32(dsps
, LSIState
),
2215 VMSTATE_UINT8(dmode
, LSIState
),
2216 VMSTATE_UINT8(dcntl
, LSIState
),
2217 VMSTATE_UINT8(scntl0
, LSIState
),
2218 VMSTATE_UINT8(scntl1
, LSIState
),
2219 VMSTATE_UINT8(scntl2
, LSIState
),
2220 VMSTATE_UINT8(scntl3
, LSIState
),
2221 VMSTATE_UINT8(sstat0
, LSIState
),
2222 VMSTATE_UINT8(sstat1
, LSIState
),
2223 VMSTATE_UINT8(scid
, LSIState
),
2224 VMSTATE_UINT8(sxfer
, LSIState
),
2225 VMSTATE_UINT8(socl
, LSIState
),
2226 VMSTATE_UINT8(sdid
, LSIState
),
2227 VMSTATE_UINT8(ssid
, LSIState
),
2228 VMSTATE_UINT8(sfbr
, LSIState
),
2229 VMSTATE_UINT8(stest1
, LSIState
),
2230 VMSTATE_UINT8(stest2
, LSIState
),
2231 VMSTATE_UINT8(stest3
, LSIState
),
2232 VMSTATE_UINT8(sidl
, LSIState
),
2233 VMSTATE_UINT8(stime0
, LSIState
),
2234 VMSTATE_UINT8(respid0
, LSIState
),
2235 VMSTATE_UINT8(respid1
, LSIState
),
2236 VMSTATE_UINT8_V(sbcl
, LSIState
, 1),
2237 VMSTATE_UINT32(mmrs
, LSIState
),
2238 VMSTATE_UINT32(mmws
, LSIState
),
2239 VMSTATE_UINT32(sfs
, LSIState
),
2240 VMSTATE_UINT32(drs
, LSIState
),
2241 VMSTATE_UINT32(sbms
, LSIState
),
2242 VMSTATE_UINT32(dbms
, LSIState
),
2243 VMSTATE_UINT32(dnad64
, LSIState
),
2244 VMSTATE_UINT32(pmjad1
, LSIState
),
2245 VMSTATE_UINT32(pmjad2
, LSIState
),
2246 VMSTATE_UINT32(rbc
, LSIState
),
2247 VMSTATE_UINT32(ua
, LSIState
),
2248 VMSTATE_UINT32(ia
, LSIState
),
2249 VMSTATE_UINT32(sbc
, LSIState
),
2250 VMSTATE_UINT32(csbc
, LSIState
),
2251 VMSTATE_BUFFER_UNSAFE(scratch
, LSIState
, 0, 18 * sizeof(uint32_t)),
2252 VMSTATE_UINT8(sbr
, LSIState
),
2254 VMSTATE_BUFFER_UNSAFE(script_ram
, LSIState
, 0, 8192),
2255 VMSTATE_END_OF_LIST()
2259 static const struct SCSIBusInfo lsi_scsi_info
= {
2261 .max_target
= LSI_MAX_DEVS
,
2262 .max_lun
= 0, /* LUN support is buggy */
2264 .transfer_data
= lsi_transfer_data
,
2265 .complete
= lsi_command_complete
,
2266 .cancel
= lsi_request_cancelled
2269 static void lsi_scsi_realize(PCIDevice
*dev
, Error
**errp
)
2271 LSIState
*s
= LSI53C895A(dev
);
2272 DeviceState
*d
= DEVICE(dev
);
2275 pci_conf
= dev
->config
;
2277 /* PCI latency timer = 255 */
2278 pci_conf
[PCI_LATENCY_TIMER
] = 0xff;
2279 /* Interrupt pin A */
2280 pci_conf
[PCI_INTERRUPT_PIN
] = 0x01;
2282 memory_region_init_io(&s
->mmio_io
, OBJECT(s
), &lsi_mmio_ops
, s
,
2284 memory_region_init_io(&s
->ram_io
, OBJECT(s
), &lsi_ram_ops
, s
,
2286 memory_region_init_io(&s
->io_io
, OBJECT(s
), &lsi_io_ops
, s
,
2289 address_space_init(&s
->pci_io_as
, pci_address_space_io(dev
), "lsi-pci-io");
2290 qdev_init_gpio_out(d
, &s
->ext_irq
, 1);
2292 pci_register_bar(dev
, 0, PCI_BASE_ADDRESS_SPACE_IO
, &s
->io_io
);
2293 pci_register_bar(dev
, 1, PCI_BASE_ADDRESS_SPACE_MEMORY
, &s
->mmio_io
);
2294 pci_register_bar(dev
, 2, PCI_BASE_ADDRESS_SPACE_MEMORY
, &s
->ram_io
);
2295 QTAILQ_INIT(&s
->queue
);
2297 scsi_bus_new(&s
->bus
, sizeof(s
->bus
), d
, &lsi_scsi_info
, NULL
);
2300 static void lsi_scsi_unrealize(DeviceState
*dev
, Error
**errp
)
2302 LSIState
*s
= LSI53C895A(dev
);
2304 address_space_destroy(&s
->pci_io_as
);
2307 static void lsi_class_init(ObjectClass
*klass
, void *data
)
2309 DeviceClass
*dc
= DEVICE_CLASS(klass
);
2310 PCIDeviceClass
*k
= PCI_DEVICE_CLASS(klass
);
2312 k
->realize
= lsi_scsi_realize
;
2313 k
->vendor_id
= PCI_VENDOR_ID_LSI_LOGIC
;
2314 k
->device_id
= PCI_DEVICE_ID_LSI_53C895A
;
2315 k
->class_id
= PCI_CLASS_STORAGE_SCSI
;
2316 k
->subsystem_id
= 0x1000;
2317 dc
->unrealize
= lsi_scsi_unrealize
;
2318 dc
->reset
= lsi_scsi_reset
;
2319 dc
->vmsd
= &vmstate_lsi_scsi
;
2320 set_bit(DEVICE_CATEGORY_STORAGE
, dc
->categories
);
2323 static const TypeInfo lsi_info
= {
2324 .name
= TYPE_LSI53C895A
,
2325 .parent
= TYPE_PCI_DEVICE
,
2326 .instance_size
= sizeof(LSIState
),
2327 .class_init
= lsi_class_init
,
2328 .interfaces
= (InterfaceInfo
[]) {
2329 { INTERFACE_CONVENTIONAL_PCI_DEVICE
},
2334 static void lsi53c810_class_init(ObjectClass
*klass
, void *data
)
2336 PCIDeviceClass
*k
= PCI_DEVICE_CLASS(klass
);
2338 k
->device_id
= PCI_DEVICE_ID_LSI_53C810
;
2341 static TypeInfo lsi53c810_info
= {
2342 .name
= TYPE_LSI53C810
,
2343 .parent
= TYPE_LSI53C895A
,
2344 .class_init
= lsi53c810_class_init
,
2347 static void lsi53c895a_register_types(void)
2349 type_register_static(&lsi_info
);
2350 type_register_static(&lsi53c810_info
);
2353 type_init(lsi53c895a_register_types
)
2355 void lsi53c8xx_handle_legacy_cmdline(DeviceState
*lsi_dev
)
2357 LSIState
*s
= LSI53C895A(lsi_dev
);
2359 scsi_bus_legacy_handle_cmdline(&s
->bus
);