search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
lsi: do not exit QEMU if reading invalid register
[qemu/kevin.git] / hw / scsi / lsi53c895a.c
blob9d2e3eb1ba0073a4a97589beda1ab0bc593ffa8c
1 /*
2 * QEMU LSI53C895A SCSI Host Bus Adapter emulation
3 *
4 * Copyright (c) 2006 CodeSourcery.
5 * Written by Paul Brook
6 *
7 * This code is licensed under the LGPL.
8 */
9
10 /* Note:
11 * LSI53C810 emulation is incorrect, in the sense that it supports
12 * features added in later evolutions. This should not be a problem,
13 * as well-behaved operating systems will not try to use them.
14 */
15
16 #include "qemu/osdep.h"
17
18 #include "hw/hw.h"
19 #include "hw/pci/pci.h"
20 #include "hw/scsi/scsi.h"
21 #include "sysemu/dma.h"
22 #include "qemu/log.h"
23
24 //#define DEBUG_LSI
25 //#define DEBUG_LSI_REG
26
27 #ifdef DEBUG_LSI
28 #define DPRINTF(fmt, ...) \
29 do { printf("lsi_scsi: " fmt , ## __VA_ARGS__); } while (0)
30 #define BADF(fmt, ...) \
31 do { fprintf(stderr, "lsi_scsi: error: " fmt , ## __VA_ARGS__); exit(1);} while (0)
32 #else
33 #define DPRINTF(fmt, ...) do {} while(0)
34 #define BADF(fmt, ...) \
35 do { fprintf(stderr, "lsi_scsi: error: " fmt , ## __VA_ARGS__);} while (0)
36 #endif
37
38 static const char *names[] = {
39 "SCNTL0", "SCNTL1", "SCNTL2", "SCNTL3", "SCID", "SXFER", "SDID", "GPREG",
40 "SFBR", "SOCL", "SSID", "SBCL", "DSTAT", "SSTAT0", "SSTAT1", "SSTAT2",
41 "DSA0", "DSA1", "DSA2", "DSA3", "ISTAT", "0x15", "0x16", "0x17",
42 "CTEST0", "CTEST1", "CTEST2", "CTEST3", "TEMP0", "TEMP1", "TEMP2", "TEMP3",
43 "DFIFO", "CTEST4", "CTEST5", "CTEST6", "DBC0", "DBC1", "DBC2", "DCMD",
44 "DNAD0", "DNAD1", "DNAD2", "DNAD3", "DSP0", "DSP1", "DSP2", "DSP3",
45 "DSPS0", "DSPS1", "DSPS2", "DSPS3", "SCRATCHA0", "SCRATCHA1", "SCRATCHA2", "SCRATCHA3",
46 "DMODE", "DIEN", "SBR", "DCNTL", "ADDER0", "ADDER1", "ADDER2", "ADDER3",
47 "SIEN0", "SIEN1", "SIST0", "SIST1", "SLPAR", "0x45", "MACNTL", "GPCNTL",
48 "STIME0", "STIME1", "RESPID", "0x4b", "STEST0", "STEST1", "STEST2", "STEST3",
49 "SIDL", "0x51", "0x52", "0x53", "SODL", "0x55", "0x56", "0x57",
50 "SBDL", "0x59", "0x5a", "0x5b", "SCRATCHB0", "SCRATCHB1", "SCRATCHB2", "SCRATCHB3",
51 };
52
53 #define LSI_MAX_DEVS 7
54
55 #define LSI_SCNTL0_TRG 0x01
56 #define LSI_SCNTL0_AAP 0x02
57 #define LSI_SCNTL0_EPC 0x08
58 #define LSI_SCNTL0_WATN 0x10
59 #define LSI_SCNTL0_START 0x20
60
61 #define LSI_SCNTL1_SST 0x01
62 #define LSI_SCNTL1_IARB 0x02
63 #define LSI_SCNTL1_AESP 0x04
64 #define LSI_SCNTL1_RST 0x08
65 #define LSI_SCNTL1_CON 0x10
66 #define LSI_SCNTL1_DHP 0x20
67 #define LSI_SCNTL1_ADB 0x40
68 #define LSI_SCNTL1_EXC 0x80
69
70 #define LSI_SCNTL2_WSR 0x01
71 #define LSI_SCNTL2_VUE0 0x02
72 #define LSI_SCNTL2_VUE1 0x04
73 #define LSI_SCNTL2_WSS 0x08
74 #define LSI_SCNTL2_SLPHBEN 0x10
75 #define LSI_SCNTL2_SLPMD 0x20
76 #define LSI_SCNTL2_CHM 0x40
77 #define LSI_SCNTL2_SDU 0x80
78
79 #define LSI_ISTAT0_DIP 0x01
80 #define LSI_ISTAT0_SIP 0x02
81 #define LSI_ISTAT0_INTF 0x04
82 #define LSI_ISTAT0_CON 0x08
83 #define LSI_ISTAT0_SEM 0x10
84 #define LSI_ISTAT0_SIGP 0x20
85 #define LSI_ISTAT0_SRST 0x40
86 #define LSI_ISTAT0_ABRT 0x80
87
88 #define LSI_ISTAT1_SI 0x01
89 #define LSI_ISTAT1_SRUN 0x02
90 #define LSI_ISTAT1_FLSH 0x04
91
92 #define LSI_SSTAT0_SDP0 0x01
93 #define LSI_SSTAT0_RST 0x02
94 #define LSI_SSTAT0_WOA 0x04
95 #define LSI_SSTAT0_LOA 0x08
96 #define LSI_SSTAT0_AIP 0x10
97 #define LSI_SSTAT0_OLF 0x20
98 #define LSI_SSTAT0_ORF 0x40
99 #define LSI_SSTAT0_ILF 0x80
100
101 #define LSI_SIST0_PAR 0x01
102 #define LSI_SIST0_RST 0x02
103 #define LSI_SIST0_UDC 0x04
104 #define LSI_SIST0_SGE 0x08
105 #define LSI_SIST0_RSL 0x10
106 #define LSI_SIST0_SEL 0x20
107 #define LSI_SIST0_CMP 0x40
108 #define LSI_SIST0_MA 0x80
109
110 #define LSI_SIST1_HTH 0x01
111 #define LSI_SIST1_GEN 0x02
112 #define LSI_SIST1_STO 0x04
113 #define LSI_SIST1_SBMC 0x10
114
115 #define LSI_SOCL_IO 0x01
116 #define LSI_SOCL_CD 0x02
117 #define LSI_SOCL_MSG 0x04
118 #define LSI_SOCL_ATN 0x08
119 #define LSI_SOCL_SEL 0x10
120 #define LSI_SOCL_BSY 0x20
121 #define LSI_SOCL_ACK 0x40
122 #define LSI_SOCL_REQ 0x80
123
124 #define LSI_DSTAT_IID 0x01
125 #define LSI_DSTAT_SIR 0x04
126 #define LSI_DSTAT_SSI 0x08
127 #define LSI_DSTAT_ABRT 0x10
128 #define LSI_DSTAT_BF 0x20
129 #define LSI_DSTAT_MDPE 0x40
130 #define LSI_DSTAT_DFE 0x80
131
132 #define LSI_DCNTL_COM 0x01
133 #define LSI_DCNTL_IRQD 0x02
134 #define LSI_DCNTL_STD 0x04
135 #define LSI_DCNTL_IRQM 0x08
136 #define LSI_DCNTL_SSM 0x10
137 #define LSI_DCNTL_PFEN 0x20
138 #define LSI_DCNTL_PFF 0x40
139 #define LSI_DCNTL_CLSE 0x80
140
141 #define LSI_DMODE_MAN 0x01
142 #define LSI_DMODE_BOF 0x02
143 #define LSI_DMODE_ERMP 0x04
144 #define LSI_DMODE_ERL 0x08
145 #define LSI_DMODE_DIOM 0x10
146 #define LSI_DMODE_SIOM 0x20
147
148 #define LSI_CTEST2_DACK 0x01
149 #define LSI_CTEST2_DREQ 0x02
150 #define LSI_CTEST2_TEOP 0x04
151 #define LSI_CTEST2_PCICIE 0x08
152 #define LSI_CTEST2_CM 0x10
153 #define LSI_CTEST2_CIO 0x20
154 #define LSI_CTEST2_SIGP 0x40
155 #define LSI_CTEST2_DDIR 0x80
156
157 #define LSI_CTEST5_BL2 0x04
158 #define LSI_CTEST5_DDIR 0x08
159 #define LSI_CTEST5_MASR 0x10
160 #define LSI_CTEST5_DFSN 0x20
161 #define LSI_CTEST5_BBCK 0x40
162 #define LSI_CTEST5_ADCK 0x80
163
164 #define LSI_CCNTL0_DILS 0x01
165 #define LSI_CCNTL0_DISFC 0x10
166 #define LSI_CCNTL0_ENNDJ 0x20
167 #define LSI_CCNTL0_PMJCTL 0x40
168 #define LSI_CCNTL0_ENPMJ 0x80
169
170 #define LSI_CCNTL1_EN64DBMV 0x01
171 #define LSI_CCNTL1_EN64TIBMV 0x02
172 #define LSI_CCNTL1_64TIMOD 0x04
173 #define LSI_CCNTL1_DDAC 0x08
174 #define LSI_CCNTL1_ZMOD 0x80
175
176 /* Enable Response to Reselection */
177 #define LSI_SCID_RRE 0x60
178
179 #define LSI_CCNTL1_40BIT (LSI_CCNTL1_EN64TIBMV|LSI_CCNTL1_64TIMOD)
180
181 #define PHASE_DO 0
182 #define PHASE_DI 1
183 #define PHASE_CMD 2
184 #define PHASE_ST 3
185 #define PHASE_MO 6
186 #define PHASE_MI 7
187 #define PHASE_MASK 7
188
189 /* Maximum length of MSG IN data. */
190 #define LSI_MAX_MSGIN_LEN 8
191
192 /* Flag set if this is a tagged command. */
193 #define LSI_TAG_VALID (1 << 16)
194
195 typedef struct lsi_request {
196 SCSIRequest *req;
197 uint32_t tag;
198 uint32_t dma_len;
199 uint8_t *dma_buf;
200 uint32_t pending;
201 int out;
202 QTAILQ_ENTRY(lsi_request) next;
203 } lsi_request;
204
205 typedef struct {
206 /*< private >*/
207 PCIDevice parent_obj;
208 /*< public >*/
209
210 MemoryRegion mmio_io;
211 MemoryRegion ram_io;
212 MemoryRegion io_io;
213
214 int carry; /* ??? Should this be an a visible register somewhere? */
215 int status;
216 /* Action to take at the end of a MSG IN phase.
217 0 = COMMAND, 1 = disconnect, 2 = DATA OUT, 3 = DATA IN. */
218 int msg_action;
219 int msg_len;
220 uint8_t msg[LSI_MAX_MSGIN_LEN];
221 /* 0 if SCRIPTS are running or stopped.
222 * 1 if a Wait Reselect instruction has been issued.
223 * 2 if processing DMA from lsi_execute_script.
224 * 3 if a DMA operation is in progress. */
225 int waiting;
226 SCSIBus bus;
227 int current_lun;
228 /* The tag is a combination of the device ID and the SCSI tag. */
229 uint32_t select_tag;
230 int command_complete;
231 QTAILQ_HEAD(, lsi_request) queue;
232 lsi_request *current;
233
234 uint32_t dsa;
235 uint32_t temp;
236 uint32_t dnad;
237 uint32_t dbc;
238 uint8_t istat0;
239 uint8_t istat1;
240 uint8_t dcmd;
241 uint8_t dstat;
242 uint8_t dien;
243 uint8_t sist0;
244 uint8_t sist1;
245 uint8_t sien0;
246 uint8_t sien1;
247 uint8_t mbox0;
248 uint8_t mbox1;
249 uint8_t dfifo;
250 uint8_t ctest2;
251 uint8_t ctest3;
252 uint8_t ctest4;
253 uint8_t ctest5;
254 uint8_t ccntl0;
255 uint8_t ccntl1;
256 uint32_t dsp;
257 uint32_t dsps;
258 uint8_t dmode;
259 uint8_t dcntl;
260 uint8_t scntl0;
261 uint8_t scntl1;
262 uint8_t scntl2;
263 uint8_t scntl3;
264 uint8_t sstat0;
265 uint8_t sstat1;
266 uint8_t scid;
267 uint8_t sxfer;
268 uint8_t socl;
269 uint8_t sdid;
270 uint8_t ssid;
271 uint8_t sfbr;
272 uint8_t stest1;
273 uint8_t stest2;
274 uint8_t stest3;
275 uint8_t sidl;
276 uint8_t stime0;
277 uint8_t respid0;
278 uint8_t respid1;
279 uint32_t mmrs;
280 uint32_t mmws;
281 uint32_t sfs;
282 uint32_t drs;
283 uint32_t sbms;
284 uint32_t dbms;
285 uint32_t dnad64;
286 uint32_t pmjad1;
287 uint32_t pmjad2;
288 uint32_t rbc;
289 uint32_t ua;
290 uint32_t ia;
291 uint32_t sbc;
292 uint32_t csbc;
293 uint32_t scratch[18]; /* SCRATCHA-SCRATCHR */
294 uint8_t sbr;
295 uint32_t adder;
296
297 /* Script ram is stored as 32-bit words in host byteorder. */
298 uint32_t script_ram[2048];
299 } LSIState;
300
301 #define TYPE_LSI53C810 "lsi53c810"
302 #define TYPE_LSI53C895A "lsi53c895a"
303
304 #define LSI53C895A(obj) \
305 OBJECT_CHECK(LSIState, (obj), TYPE_LSI53C895A)
306
307 static inline int lsi_irq_on_rsl(LSIState *s)
308 {
309 return (s->sien0 & LSI_SIST0_RSL) && (s->scid & LSI_SCID_RRE);
310 }
311
312 static void lsi_soft_reset(LSIState *s)
313 {
314 DPRINTF("Reset\n");
315 s->carry = 0;
316
317 s->msg_action = 0;
318 s->msg_len = 0;
319 s->waiting = 0;
320 s->dsa = 0;
321 s->dnad = 0;
322 s->dbc = 0;
323 s->temp = 0;
324 memset(s->scratch, 0, sizeof(s->scratch));
325 s->istat0 = 0;
326 s->istat1 = 0;
327 s->dcmd = 0x40;
328 s->dstat = LSI_DSTAT_DFE;
329 s->dien = 0;
330 s->sist0 = 0;
331 s->sist1 = 0;
332 s->sien0 = 0;
333 s->sien1 = 0;
334 s->mbox0 = 0;
335 s->mbox1 = 0;
336 s->dfifo = 0;
337 s->ctest2 = LSI_CTEST2_DACK;
338 s->ctest3 = 0;
339 s->ctest4 = 0;
340 s->ctest5 = 0;
341 s->ccntl0 = 0;
342 s->ccntl1 = 0;
343 s->dsp = 0;
344 s->dsps = 0;
345 s->dmode = 0;
346 s->dcntl = 0;
347 s->scntl0 = 0xc0;
348 s->scntl1 = 0;
349 s->scntl2 = 0;
350 s->scntl3 = 0;
351 s->sstat0 = 0;
352 s->sstat1 = 0;
353 s->scid = 7;
354 s->sxfer = 0;
355 s->socl = 0;
356 s->sdid = 0;
357 s->ssid = 0;
358 s->stest1 = 0;
359 s->stest2 = 0;
360 s->stest3 = 0;
361 s->sidl = 0;
362 s->stime0 = 0;
363 s->respid0 = 0x80;
364 s->respid1 = 0;
365 s->mmrs = 0;
366 s->mmws = 0;
367 s->sfs = 0;
368 s->drs = 0;
369 s->sbms = 0;
370 s->dbms = 0;
371 s->dnad64 = 0;
372 s->pmjad1 = 0;
373 s->pmjad2 = 0;
374 s->rbc = 0;
375 s->ua = 0;
376 s->ia = 0;
377 s->sbc = 0;
378 s->csbc = 0;
379 s->sbr = 0;
380 assert(QTAILQ_EMPTY(&s->queue));
381 assert(!s->current);
382 }
383
384 static int lsi_dma_40bit(LSIState *s)
385 {
386 if ((s->ccntl1 & LSI_CCNTL1_40BIT) == LSI_CCNTL1_40BIT)
387 return 1;
388 return 0;
389 }
390
391 static int lsi_dma_ti64bit(LSIState *s)
392 {
393 if ((s->ccntl1 & LSI_CCNTL1_EN64TIBMV) == LSI_CCNTL1_EN64TIBMV)
394 return 1;
395 return 0;
396 }
397
398 static int lsi_dma_64bit(LSIState *s)
399 {
400 if ((s->ccntl1 & LSI_CCNTL1_EN64DBMV) == LSI_CCNTL1_EN64DBMV)
401 return 1;
402 return 0;
403 }
404
405 static uint8_t lsi_reg_readb(LSIState *s, int offset);
406 static void lsi_reg_writeb(LSIState *s, int offset, uint8_t val);
407 static void lsi_execute_script(LSIState *s);
408 static void lsi_reselect(LSIState *s, lsi_request *p);
409
410 static inline uint32_t read_dword(LSIState *s, uint32_t addr)
411 {
412 uint32_t buf;
413
414 pci_dma_read(PCI_DEVICE(s), addr, &buf, 4);
415 return cpu_to_le32(buf);
416 }
417
418 static void lsi_stop_script(LSIState *s)
419 {
420 s->istat1 &= ~LSI_ISTAT1_SRUN;
421 }
422
423 static void lsi_update_irq(LSIState *s)
424 {
425 PCIDevice *d = PCI_DEVICE(s);
426 int level;
427 static int last_level;
428 lsi_request *p;
429
430 /* It's unclear whether the DIP/SIP bits should be cleared when the
431 Interrupt Status Registers are cleared or when istat0 is read.
432 We currently do the formwer, which seems to work. */
433 level = 0;
434 if (s->dstat) {
435 if (s->dstat & s->dien)
436 level = 1;
437 s->istat0 |= LSI_ISTAT0_DIP;
438 } else {
439 s->istat0 &= ~LSI_ISTAT0_DIP;
440 }
441
442 if (s->sist0 || s->sist1) {
443 if ((s->sist0 & s->sien0) || (s->sist1 & s->sien1))
444 level = 1;
445 s->istat0 |= LSI_ISTAT0_SIP;
446 } else {
447 s->istat0 &= ~LSI_ISTAT0_SIP;
448 }
449 if (s->istat0 & LSI_ISTAT0_INTF)
450 level = 1;
451
452 if (level != last_level) {
453 DPRINTF("Update IRQ level %d dstat %02x sist %02x%02x\n",
454 level, s->dstat, s->sist1, s->sist0);
455 last_level = level;
456 }
457 pci_set_irq(d, level);
458
459 if (!level && lsi_irq_on_rsl(s) && !(s->scntl1 & LSI_SCNTL1_CON)) {
460 DPRINTF("Handled IRQs & disconnected, looking for pending "
461 "processes\n");
462 QTAILQ_FOREACH(p, &s->queue, next) {
463 if (p->pending) {
464 lsi_reselect(s, p);
465 break;
466 }
467 }
468 }
469 }
470
471 /* Stop SCRIPTS execution and raise a SCSI interrupt. */
472 static void lsi_script_scsi_interrupt(LSIState *s, int stat0, int stat1)
473 {
474 uint32_t mask0;
475 uint32_t mask1;
476
477 DPRINTF("SCSI Interrupt 0x%02x%02x prev 0x%02x%02x\n",
478 stat1, stat0, s->sist1, s->sist0);
479 s->sist0 |= stat0;
480 s->sist1 |= stat1;
481 /* Stop processor on fatal or unmasked interrupt. As a special hack
482 we don't stop processing when raising STO. Instead continue
483 execution and stop at the next insn that accesses the SCSI bus. */
484 mask0 = s->sien0 | ~(LSI_SIST0_CMP | LSI_SIST0_SEL | LSI_SIST0_RSL);
485 mask1 = s->sien1 | ~(LSI_SIST1_GEN | LSI_SIST1_HTH);
486 mask1 &= ~LSI_SIST1_STO;
487 if (s->sist0 & mask0 || s->sist1 & mask1) {
488 lsi_stop_script(s);
489 }
490 lsi_update_irq(s);
491 }
492
493 /* Stop SCRIPTS execution and raise a DMA interrupt. */
494 static void lsi_script_dma_interrupt(LSIState *s, int stat)
495 {
496 DPRINTF("DMA Interrupt 0x%x prev 0x%x\n", stat, s->dstat);
497 s->dstat |= stat;
498 lsi_update_irq(s);
499 lsi_stop_script(s);
500 }
501
502 static inline void lsi_set_phase(LSIState *s, int phase)
503 {
504 s->sstat1 = (s->sstat1 & ~PHASE_MASK) | phase;
505 }
506
507 static void lsi_bad_phase(LSIState *s, int out, int new_phase)
508 {
509 /* Trigger a phase mismatch. */
510 if (s->ccntl0 & LSI_CCNTL0_ENPMJ) {
511 if ((s->ccntl0 & LSI_CCNTL0_PMJCTL)) {
512 s->dsp = out ? s->pmjad1 : s->pmjad2;
513 } else {
514 s->dsp = (s->scntl2 & LSI_SCNTL2_WSR ? s->pmjad2 : s->pmjad1);
515 }
516 DPRINTF("Data phase mismatch jump to %08x\n", s->dsp);
517 } else {
518 DPRINTF("Phase mismatch interrupt\n");
519 lsi_script_scsi_interrupt(s, LSI_SIST0_MA, 0);
520 lsi_stop_script(s);
521 }
522 lsi_set_phase(s, new_phase);
523 }
524
525
526 /* Resume SCRIPTS execution after a DMA operation. */
527 static void lsi_resume_script(LSIState *s)
528 {
529 if (s->waiting != 2) {
530 s->waiting = 0;
531 lsi_execute_script(s);
532 } else {
533 s->waiting = 0;
534 }
535 }
536
537 static void lsi_disconnect(LSIState *s)
538 {
539 s->scntl1 &= ~LSI_SCNTL1_CON;
540 s->sstat1 &= ~PHASE_MASK;
541 }
542
543 static void lsi_bad_selection(LSIState *s, uint32_t id)
544 {
545 DPRINTF("Selected absent target %d\n", id);
546 lsi_script_scsi_interrupt(s, 0, LSI_SIST1_STO);
547 lsi_disconnect(s);
548 }
549
550 /* Initiate a SCSI layer data transfer. */
551 static void lsi_do_dma(LSIState *s, int out)
552 {
553 PCIDevice *pci_dev;
554 uint32_t count;
555 dma_addr_t addr;
556 SCSIDevice *dev;
557
558 assert(s->current);
559 if (!s->current->dma_len) {
560 /* Wait until data is available. */
561 DPRINTF("DMA no data available\n");
562 return;
563 }
564
565 pci_dev = PCI_DEVICE(s);
566 dev = s->current->req->dev;
567 assert(dev);
568
569 count = s->dbc;
570 if (count > s->current->dma_len)
571 count = s->current->dma_len;
572
573 addr = s->dnad;
574 /* both 40 and Table Indirect 64-bit DMAs store upper bits in dnad64 */
575 if (lsi_dma_40bit(s) || lsi_dma_ti64bit(s))
576 addr |= ((uint64_t)s->dnad64 << 32);
577 else if (s->dbms)
578 addr |= ((uint64_t)s->dbms << 32);
579 else if (s->sbms)
580 addr |= ((uint64_t)s->sbms << 32);
581
582 DPRINTF("DMA addr=0x" DMA_ADDR_FMT " len=%d\n", addr, count);
583 s->csbc += count;
584 s->dnad += count;
585 s->dbc -= count;
586 if (s->current->dma_buf == NULL) {
587 s->current->dma_buf = scsi_req_get_buf(s->current->req);
588 }
589 /* ??? Set SFBR to first data byte. */
590 if (out) {
591 pci_dma_read(pci_dev, addr, s->current->dma_buf, count);
592 } else {
593 pci_dma_write(pci_dev, addr, s->current->dma_buf, count);
594 }
595 s->current->dma_len -= count;
596 if (s->current->dma_len == 0) {
597 s->current->dma_buf = NULL;
598 scsi_req_continue(s->current->req);
599 } else {
600 s->current->dma_buf += count;
601 lsi_resume_script(s);
602 }
603 }
604
605
606 /* Add a command to the queue. */
607 static void lsi_queue_command(LSIState *s)
608 {
609 lsi_request *p = s->current;
610
611 DPRINTF("Queueing tag=0x%x\n", p->tag);
612 assert(s->current != NULL);
613 assert(s->current->dma_len == 0);
614 QTAILQ_INSERT_TAIL(&s->queue, s->current, next);
615 s->current = NULL;
616
617 p->pending = 0;
618 p->out = (s->sstat1 & PHASE_MASK) == PHASE_DO;
619 }
620
621 /* Queue a byte for a MSG IN phase. */
622 static void lsi_add_msg_byte(LSIState *s, uint8_t data)
623 {
624 if (s->msg_len >= LSI_MAX_MSGIN_LEN) {
625 BADF("MSG IN data too long\n");
626 } else {
627 DPRINTF("MSG IN 0x%02x\n", data);
628 s->msg[s->msg_len++] = data;
629 }
630 }
631
632 /* Perform reselection to continue a command. */
633 static void lsi_reselect(LSIState *s, lsi_request *p)
634 {
635 int id;
636
637 assert(s->current == NULL);
638 QTAILQ_REMOVE(&s->queue, p, next);
639 s->current = p;
640
641 id = (p->tag >> 8) & 0xf;
642 s->ssid = id | 0x80;
643 /* LSI53C700 Family Compatibility, see LSI53C895A 4-73 */
644 if (!(s->dcntl & LSI_DCNTL_COM)) {
645 s->sfbr = 1 << (id & 0x7);
646 }
647 DPRINTF("Reselected target %d\n", id);
648 s->scntl1 |= LSI_SCNTL1_CON;
649 lsi_set_phase(s, PHASE_MI);
650 s->msg_action = p->out ? 2 : 3;
651 s->current->dma_len = p->pending;
652 lsi_add_msg_byte(s, 0x80);
653 if (s->current->tag & LSI_TAG_VALID) {
654 lsi_add_msg_byte(s, 0x20);
655 lsi_add_msg_byte(s, p->tag & 0xff);
656 }
657
658 if (lsi_irq_on_rsl(s)) {
659 lsi_script_scsi_interrupt(s, LSI_SIST0_RSL, 0);
660 }
661 }
662
663 static lsi_request *lsi_find_by_tag(LSIState *s, uint32_t tag)
664 {
665 lsi_request *p;
666
667 QTAILQ_FOREACH(p, &s->queue, next) {
668 if (p->tag == tag) {
669 return p;
670 }
671 }
672
673 return NULL;
674 }
675
676 static void lsi_request_free(LSIState *s, lsi_request *p)
677 {
678 if (p == s->current) {
679 s->current = NULL;
680 } else {
681 QTAILQ_REMOVE(&s->queue, p, next);
682 }
683 g_free(p);
684 }
685
686 static void lsi_request_cancelled(SCSIRequest *req)
687 {
688 LSIState *s = LSI53C895A(req->bus->qbus.parent);
689 lsi_request *p = req->hba_private;
690
691 req->hba_private = NULL;
692 lsi_request_free(s, p);
693 scsi_req_unref(req);
694 }
695
696 /* Record that data is available for a queued command. Returns zero if
697 the device was reselected, nonzero if the IO is deferred. */
698 static int lsi_queue_req(LSIState *s, SCSIRequest *req, uint32_t len)
699 {
700 lsi_request *p = req->hba_private;
701
702 if (p->pending) {
703 BADF("Multiple IO pending for request %p\n", p);
704 }
705 p->pending = len;
706 /* Reselect if waiting for it, or if reselection triggers an IRQ
707 and the bus is free.
708 Since no interrupt stacking is implemented in the emulation, it
709 is also required that there are no pending interrupts waiting
710 for service from the device driver. */
711 if (s->waiting == 1 ||
712 (lsi_irq_on_rsl(s) && !(s->scntl1 & LSI_SCNTL1_CON) &&
713 !(s->istat0 & (LSI_ISTAT0_SIP | LSI_ISTAT0_DIP)))) {
714 /* Reselect device. */
715 lsi_reselect(s, p);
716 return 0;
717 } else {
718 DPRINTF("Queueing IO tag=0x%x\n", p->tag);
719 p->pending = len;
720 return 1;
721 }
722 }
723
724 /* Callback to indicate that the SCSI layer has completed a command. */
725 static void lsi_command_complete(SCSIRequest *req, uint32_t status, size_t resid)
726 {
727 LSIState *s = LSI53C895A(req->bus->qbus.parent);
728 int out;
729
730 out = (s->sstat1 & PHASE_MASK) == PHASE_DO;
731 DPRINTF("Command complete status=%d\n", (int)status);
732 s->status = status;
733 s->command_complete = 2;
734 if (s->waiting && s->dbc != 0) {
735 /* Raise phase mismatch for short transfers. */
736 lsi_bad_phase(s, out, PHASE_ST);
737 } else {
738 lsi_set_phase(s, PHASE_ST);
739 }
740
741 if (req->hba_private == s->current) {
742 req->hba_private = NULL;
743 lsi_request_free(s, s->current);
744 scsi_req_unref(req);
745 }
746 lsi_resume_script(s);
747 }
748
749 /* Callback to indicate that the SCSI layer has completed a transfer. */
750 static void lsi_transfer_data(SCSIRequest *req, uint32_t len)
751 {
752 LSIState *s = LSI53C895A(req->bus->qbus.parent);
753 int out;
754
755 assert(req->hba_private);
756 if (s->waiting == 1 || req->hba_private != s->current ||
757 (lsi_irq_on_rsl(s) && !(s->scntl1 & LSI_SCNTL1_CON))) {
758 if (lsi_queue_req(s, req, len)) {
759 return;
760 }
761 }
762
763 out = (s->sstat1 & PHASE_MASK) == PHASE_DO;
764
765 /* host adapter (re)connected */
766 DPRINTF("Data ready tag=0x%x len=%d\n", req->tag, len);
767 s->current->dma_len = len;
768 s->command_complete = 1;
769 if (s->waiting) {
770 if (s->waiting == 1 || s->dbc == 0) {
771 lsi_resume_script(s);
772 } else {
773 lsi_do_dma(s, out);
774 }
775 }
776 }
777
778 static void lsi_do_command(LSIState *s)
779 {
780 SCSIDevice *dev;
781 uint8_t buf[16];
782 uint32_t id;
783 int n;
784
785 DPRINTF("Send command len=%d\n", s->dbc);
786 if (s->dbc > 16)
787 s->dbc = 16;
788 pci_dma_read(PCI_DEVICE(s), s->dnad, buf, s->dbc);
789 s->sfbr = buf[0];
790 s->command_complete = 0;
791
792 id = (s->select_tag >> 8) & 0xf;
793 dev = scsi_device_find(&s->bus, 0, id, s->current_lun);
794 if (!dev) {
795 lsi_bad_selection(s, id);
796 return;
797 }
798
799 assert(s->current == NULL);
800 s->current = g_new0(lsi_request, 1);
801 s->current->tag = s->select_tag;
802 s->current->req = scsi_req_new(dev, s->current->tag, s->current_lun, buf,
803 s->current);
804
805 n = scsi_req_enqueue(s->current->req);
806 if (n) {
807 if (n > 0) {
808 lsi_set_phase(s, PHASE_DI);
809 } else if (n < 0) {
810 lsi_set_phase(s, PHASE_DO);
811 }
812 scsi_req_continue(s->current->req);
813 }
814 if (!s->command_complete) {
815 if (n) {
816 /* Command did not complete immediately so disconnect. */
817 lsi_add_msg_byte(s, 2); /* SAVE DATA POINTER */
818 lsi_add_msg_byte(s, 4); /* DISCONNECT */
819 /* wait data */
820 lsi_set_phase(s, PHASE_MI);
821 s->msg_action = 1;
822 lsi_queue_command(s);
823 } else {
824 /* wait command complete */
825 lsi_set_phase(s, PHASE_DI);
826 }
827 }
828 }
829
830 static void lsi_do_status(LSIState *s)
831 {
832 uint8_t status;
833 DPRINTF("Get status len=%d status=%d\n", s->dbc, s->status);
834 if (s->dbc != 1)
835 BADF("Bad Status move\n");
836 s->dbc = 1;
837 status = s->status;
838 s->sfbr = status;
839 pci_dma_write(PCI_DEVICE(s), s->dnad, &status, 1);
840 lsi_set_phase(s, PHASE_MI);
841 s->msg_action = 1;
842 lsi_add_msg_byte(s, 0); /* COMMAND COMPLETE */
843 }
844
845 static void lsi_do_msgin(LSIState *s)
846 {
847 int len;
848 DPRINTF("Message in len=%d/%d\n", s->dbc, s->msg_len);
849 s->sfbr = s->msg[0];
850 len = s->msg_len;
851 if (len > s->dbc)
852 len = s->dbc;
853 pci_dma_write(PCI_DEVICE(s), s->dnad, s->msg, len);
854 /* Linux drivers rely on the last byte being in the SIDL. */
855 s->sidl = s->msg[len - 1];
856 s->msg_len -= len;
857 if (s->msg_len) {
858 memmove(s->msg, s->msg + len, s->msg_len);
859 } else {
860 /* ??? Check if ATN (not yet implemented) is asserted and maybe
861 switch to PHASE_MO. */
862 switch (s->msg_action) {
863 case 0:
864 lsi_set_phase(s, PHASE_CMD);
865 break;
866 case 1:
867 lsi_disconnect(s);
868 break;
869 case 2:
870 lsi_set_phase(s, PHASE_DO);
871 break;
872 case 3:
873 lsi_set_phase(s, PHASE_DI);
874 break;
875 default:
876 abort();
877 }
878 }
879 }
880
881 /* Read the next byte during a MSGOUT phase. */
882 static uint8_t lsi_get_msgbyte(LSIState *s)
883 {
884 uint8_t data;
885 pci_dma_read(PCI_DEVICE(s), s->dnad, &data, 1);
886 s->dnad++;
887 s->dbc--;
888 return data;
889 }
890
891 /* Skip the next n bytes during a MSGOUT phase. */
892 static void lsi_skip_msgbytes(LSIState *s, unsigned int n)
893 {
894 s->dnad += n;
895 s->dbc -= n;
896 }
897
898 static void lsi_do_msgout(LSIState *s)
899 {
900 uint8_t msg;
901 int len;
902 uint32_t current_tag;
903 lsi_request *current_req, *p, *p_next;
904
905 if (s->current) {
906 current_tag = s->current->tag;
907 current_req = s->current;
908 } else {
909 current_tag = s->select_tag;
910 current_req = lsi_find_by_tag(s, current_tag);
911 }
912
913 DPRINTF("MSG out len=%d\n", s->dbc);
914 while (s->dbc) {
915 msg = lsi_get_msgbyte(s);
916 s->sfbr = msg;
917
918 switch (msg) {
919 case 0x04:
920 DPRINTF("MSG: Disconnect\n");
921 lsi_disconnect(s);
922 break;
923 case 0x08:
924 DPRINTF("MSG: No Operation\n");
925 lsi_set_phase(s, PHASE_CMD);
926 break;
927 case 0x01:
928 len = lsi_get_msgbyte(s);
929 msg = lsi_get_msgbyte(s);
930 (void)len; /* avoid a warning about unused variable*/
931 DPRINTF("Extended message 0x%x (len %d)\n", msg, len);
932 switch (msg) {
933 case 1:
934 DPRINTF("SDTR (ignored)\n");
935 lsi_skip_msgbytes(s, 2);
936 break;
937 case 3:
938 DPRINTF("WDTR (ignored)\n");
939 lsi_skip_msgbytes(s, 1);
940 break;
941 default:
942 goto bad;
943 }
944 break;
945 case 0x20: /* SIMPLE queue */
946 s->select_tag |= lsi_get_msgbyte(s) | LSI_TAG_VALID;
947 DPRINTF("SIMPLE queue tag=0x%x\n", s->select_tag & 0xff);
948 break;
949 case 0x21: /* HEAD of queue */
950 BADF("HEAD queue not implemented\n");
951 s->select_tag |= lsi_get_msgbyte(s) | LSI_TAG_VALID;
952 break;
953 case 0x22: /* ORDERED queue */
954 BADF("ORDERED queue not implemented\n");
955 s->select_tag |= lsi_get_msgbyte(s) | LSI_TAG_VALID;
956 break;
957 case 0x0d:
958 /* The ABORT TAG message clears the current I/O process only. */
959 DPRINTF("MSG: ABORT TAG tag=0x%x\n", current_tag);
960 if (current_req) {
961 scsi_req_cancel(current_req->req);
962 }
963 lsi_disconnect(s);
964 break;
965 case 0x06:
966 case 0x0e:
967 case 0x0c:
968 /* The ABORT message clears all I/O processes for the selecting
969 initiator on the specified logical unit of the target. */
970 if (msg == 0x06) {
971 DPRINTF("MSG: ABORT tag=0x%x\n", current_tag);
972 }
973 /* The CLEAR QUEUE message clears all I/O processes for all
974 initiators on the specified logical unit of the target. */
975 if (msg == 0x0e) {
976 DPRINTF("MSG: CLEAR QUEUE tag=0x%x\n", current_tag);
977 }
978 /* The BUS DEVICE RESET message clears all I/O processes for all
979 initiators on all logical units of the target. */
980 if (msg == 0x0c) {
981 DPRINTF("MSG: BUS DEVICE RESET tag=0x%x\n", current_tag);
982 }
983
984 /* clear the current I/O process */
985 if (s->current) {
986 scsi_req_cancel(s->current->req);
987 }
988
989 /* As the current implemented devices scsi_disk and scsi_generic
990 only support one LUN, we don't need to keep track of LUNs.
991 Clearing I/O processes for other initiators could be possible
992 for scsi_generic by sending a SG_SCSI_RESET to the /dev/sgX
993 device, but this is currently not implemented (and seems not
994 to be really necessary). So let's simply clear all queued
995 commands for the current device: */
996 QTAILQ_FOREACH_SAFE(p, &s->queue, next, p_next) {
997 if ((p->tag & 0x0000ff00) == (current_tag & 0x0000ff00)) {
998 scsi_req_cancel(p->req);
999 }
1000 }
1001
1002 lsi_disconnect(s);
1003 break;
1004 default:
1005 if ((msg & 0x80) == 0) {
1006 goto bad;
1007 }
1008 s->current_lun = msg & 7;
1009 DPRINTF("Select LUN %d\n", s->current_lun);
1010 lsi_set_phase(s, PHASE_CMD);
1011 break;
1012 }
1013 }
1014 return;
1015 bad:
1016 BADF("Unimplemented message 0x%02x\n", msg);
1017 lsi_set_phase(s, PHASE_MI);
1018 lsi_add_msg_byte(s, 7); /* MESSAGE REJECT */
1019 s->msg_action = 0;
1020 }
1021
1022 #define LSI_BUF_SIZE 4096
1023 static void lsi_memcpy(LSIState *s, uint32_t dest, uint32_t src, int count)
1024 {
1025 PCIDevice *d = PCI_DEVICE(s);
1026 int n;
1027 uint8_t buf[LSI_BUF_SIZE];
1028
1029 DPRINTF("memcpy dest 0x%08x src 0x%08x count %d\n", dest, src, count);
1030 while (count) {
1031 n = (count > LSI_BUF_SIZE) ? LSI_BUF_SIZE : count;
1032 pci_dma_read(d, src, buf, n);
1033 pci_dma_write(d, dest, buf, n);
1034 src += n;
1035 dest += n;
1036 count -= n;
1037 }
1038 }
1039
1040 static void lsi_wait_reselect(LSIState *s)
1041 {
1042 lsi_request *p;
1043
1044 DPRINTF("Wait Reselect\n");
1045
1046 QTAILQ_FOREACH(p, &s->queue, next) {
1047 if (p->pending) {
1048 lsi_reselect(s, p);
1049 break;
1050 }
1051 }
1052 if (s->current == NULL) {
1053 s->waiting = 1;
1054 }
1055 }
1056
1057 static void lsi_execute_script(LSIState *s)
1058 {
1059 PCIDevice *pci_dev = PCI_DEVICE(s);
1060 uint32_t insn;
1061 uint32_t addr, addr_high;
1062 int opcode;
1063 int insn_processed = 0;
1064
1065 s->istat1 |= LSI_ISTAT1_SRUN;
1066 again:
1067 insn_processed++;
1068 insn = read_dword(s, s->dsp);
1069 if (!insn) {
1070 /* If we receive an empty opcode increment the DSP by 4 bytes
1071 instead of 8 and execute the next opcode at that location */
1072 s->dsp += 4;
1073 goto again;
1074 }
1075 addr = read_dword(s, s->dsp + 4);
1076 addr_high = 0;
1077 DPRINTF("SCRIPTS dsp=%08x opcode %08x arg %08x\n", s->dsp, insn, addr);
1078 s->dsps = addr;
1079 s->dcmd = insn >> 24;
1080 s->dsp += 8;
1081 switch (insn >> 30) {
1082 case 0: /* Block move. */
1083 if (s->sist1 & LSI_SIST1_STO) {
1084 DPRINTF("Delayed select timeout\n");
1085 lsi_stop_script(s);
1086 break;
1087 }
1088 s->dbc = insn & 0xffffff;
1089 s->rbc = s->dbc;
1090 /* ??? Set ESA. */
1091 s->ia = s->dsp - 8;
1092 if (insn & (1 << 29)) {
1093 /* Indirect addressing. */
1094 addr = read_dword(s, addr);
1095 } else if (insn & (1 << 28)) {
1096 uint32_t buf[2];
1097 int32_t offset;
1098 /* Table indirect addressing. */
1099
1100 /* 32-bit Table indirect */
1101 offset = sextract32(addr, 0, 24);
1102 pci_dma_read(pci_dev, s->dsa + offset, buf, 8);
1103 /* byte count is stored in bits 0:23 only */
1104 s->dbc = cpu_to_le32(buf[0]) & 0xffffff;
1105 s->rbc = s->dbc;
1106 addr = cpu_to_le32(buf[1]);
1107
1108 /* 40-bit DMA, upper addr bits [39:32] stored in first DWORD of
1109 * table, bits [31:24] */
1110 if (lsi_dma_40bit(s))
1111 addr_high = cpu_to_le32(buf[0]) >> 24;
1112 else if (lsi_dma_ti64bit(s)) {
1113 int selector = (cpu_to_le32(buf[0]) >> 24) & 0x1f;
1114 switch (selector) {
1115 case 0 ... 0x0f:
1116 /* offset index into scratch registers since
1117 * TI64 mode can use registers C to R */
1118 addr_high = s->scratch[2 + selector];
1119 break;
1120 case 0x10:
1121 addr_high = s->mmrs;
1122 break;
1123 case 0x11:
1124 addr_high = s->mmws;
1125 break;
1126 case 0x12:
1127 addr_high = s->sfs;
1128 break;
1129 case 0x13:
1130 addr_high = s->drs;
1131 break;
1132 case 0x14:
1133 addr_high = s->sbms;
1134 break;
1135 case 0x15:
1136 addr_high = s->dbms;
1137 break;
1138 default:
1139 BADF("Illegal selector specified (0x%x > 0x15)"
1140 " for 64-bit DMA block move", selector);
1141 break;
1142 }
1143 }
1144 } else if (lsi_dma_64bit(s)) {
1145 /* fetch a 3rd dword if 64-bit direct move is enabled and
1146 only if we're not doing table indirect or indirect addressing */
1147 s->dbms = read_dword(s, s->dsp);
1148 s->dsp += 4;
1149 s->ia = s->dsp - 12;
1150 }
1151 if ((s->sstat1 & PHASE_MASK) != ((insn >> 24) & 7)) {
1152 DPRINTF("Wrong phase got %d expected %d\n",
1153 s->sstat1 & PHASE_MASK, (insn >> 24) & 7);
1154 lsi_script_scsi_interrupt(s, LSI_SIST0_MA, 0);
1155 break;
1156 }
1157 s->dnad = addr;
1158 s->dnad64 = addr_high;
1159 switch (s->sstat1 & 0x7) {
1160 case PHASE_DO:
1161 s->waiting = 2;
1162 lsi_do_dma(s, 1);
1163 if (s->waiting)
1164 s->waiting = 3;
1165 break;
1166 case PHASE_DI:
1167 s->waiting = 2;
1168 lsi_do_dma(s, 0);
1169 if (s->waiting)
1170 s->waiting = 3;
1171 break;
1172 case PHASE_CMD:
1173 lsi_do_command(s);
1174 break;
1175 case PHASE_ST:
1176 lsi_do_status(s);
1177 break;
1178 case PHASE_MO:
1179 lsi_do_msgout(s);
1180 break;
1181 case PHASE_MI:
1182 lsi_do_msgin(s);
1183 break;
1184 default:
1185 BADF("Unimplemented phase %d\n", s->sstat1 & PHASE_MASK);
1186 exit(1);
1187 }
1188 s->dfifo = s->dbc & 0xff;
1189 s->ctest5 = (s->ctest5 & 0xfc) | ((s->dbc >> 8) & 3);
1190 s->sbc = s->dbc;
1191 s->rbc -= s->dbc;
1192 s->ua = addr + s->dbc;
1193 break;
1194
1195 case 1: /* IO or Read/Write instruction. */
1196 opcode = (insn >> 27) & 7;
1197 if (opcode < 5) {
1198 uint32_t id;
1199
1200 if (insn & (1 << 25)) {
1201 id = read_dword(s, s->dsa + sextract32(insn, 0, 24));
1202 } else {
1203 id = insn;
1204 }
1205 id = (id >> 16) & 0xf;
1206 if (insn & (1 << 26)) {
1207 addr = s->dsp + sextract32(addr, 0, 24);
1208 }
1209 s->dnad = addr;
1210 switch (opcode) {
1211 case 0: /* Select */
1212 s->sdid = id;
1213 if (s->scntl1 & LSI_SCNTL1_CON) {
1214 DPRINTF("Already reselected, jumping to alternative address\n");
1215 s->dsp = s->dnad;
1216 break;
1217 }
1218 s->sstat0 |= LSI_SSTAT0_WOA;
1219 s->scntl1 &= ~LSI_SCNTL1_IARB;
1220 if (!scsi_device_find(&s->bus, 0, id, 0)) {
1221 lsi_bad_selection(s, id);
1222 break;
1223 }
1224 DPRINTF("Selected target %d%s\n",
1225 id, insn & (1 << 3) ? " ATN" : "");
1226 /* ??? Linux drivers compain when this is set. Maybe
1227 it only applies in low-level mode (unimplemented).
1228 lsi_script_scsi_interrupt(s, LSI_SIST0_CMP, 0); */
1229 s->select_tag = id << 8;
1230 s->scntl1 |= LSI_SCNTL1_CON;
1231 if (insn & (1 << 3)) {
1232 s->socl |= LSI_SOCL_ATN;
1233 }
1234 lsi_set_phase(s, PHASE_MO);
1235 break;
1236 case 1: /* Disconnect */
1237 DPRINTF("Wait Disconnect\n");
1238 s->scntl1 &= ~LSI_SCNTL1_CON;
1239 break;
1240 case 2: /* Wait Reselect */
1241 if (!lsi_irq_on_rsl(s)) {
1242 lsi_wait_reselect(s);
1243 }
1244 break;
1245 case 3: /* Set */
1246 DPRINTF("Set%s%s%s%s\n",
1247 insn & (1 << 3) ? " ATN" : "",
1248 insn & (1 << 6) ? " ACK" : "",
1249 insn & (1 << 9) ? " TM" : "",
1250 insn & (1 << 10) ? " CC" : "");
1251 if (insn & (1 << 3)) {
1252 s->socl |= LSI_SOCL_ATN;
1253 lsi_set_phase(s, PHASE_MO);
1254 }
1255 if (insn & (1 << 9)) {
1256 BADF("Target mode not implemented\n");
1257 exit(1);
1258 }
1259 if (insn & (1 << 10))
1260 s->carry = 1;
1261 break;
1262 case 4: /* Clear */
1263 DPRINTF("Clear%s%s%s%s\n",
1264 insn & (1 << 3) ? " ATN" : "",
1265 insn & (1 << 6) ? " ACK" : "",
1266 insn & (1 << 9) ? " TM" : "",
1267 insn & (1 << 10) ? " CC" : "");
1268 if (insn & (1 << 3)) {
1269 s->socl &= ~LSI_SOCL_ATN;
1270 }
1271 if (insn & (1 << 10))
1272 s->carry = 0;
1273 break;
1274 }
1275 } else {
1276 uint8_t op0;
1277 uint8_t op1;
1278 uint8_t data8;
1279 int reg;
1280 int operator;
1281 #ifdef DEBUG_LSI
1282 static const char *opcode_names[3] =
1283 {"Write", "Read", "Read-Modify-Write"};
1284 static const char *operator_names[8] =
1285 {"MOV", "SHL", "OR", "XOR", "AND", "SHR", "ADD", "ADC"};
1286 #endif
1287
1288 reg = ((insn >> 16) & 0x7f) | (insn & 0x80);
1289 data8 = (insn >> 8) & 0xff;
1290 opcode = (insn >> 27) & 7;
1291 operator = (insn >> 24) & 7;
1292 DPRINTF("%s reg 0x%x %s data8=0x%02x sfbr=0x%02x%s\n",
1293 opcode_names[opcode - 5], reg,
1294 operator_names[operator], data8, s->sfbr,
1295 (insn & (1 << 23)) ? " SFBR" : "");
1296 op0 = op1 = 0;
1297 switch (opcode) {
1298 case 5: /* From SFBR */
1299 op0 = s->sfbr;
1300 op1 = data8;
1301 break;
1302 case 6: /* To SFBR */
1303 if (operator)
1304 op0 = lsi_reg_readb(s, reg);
1305 op1 = data8;
1306 break;
1307 case 7: /* Read-modify-write */
1308 if (operator)
1309 op0 = lsi_reg_readb(s, reg);
1310 if (insn & (1 << 23)) {
1311 op1 = s->sfbr;
1312 } else {
1313 op1 = data8;
1314 }
1315 break;
1316 }
1317
1318 switch (operator) {
1319 case 0: /* move */
1320 op0 = op1;
1321 break;
1322 case 1: /* Shift left */
1323 op1 = op0 >> 7;
1324 op0 = (op0 << 1) | s->carry;
1325 s->carry = op1;
1326 break;
1327 case 2: /* OR */
1328 op0 |= op1;
1329 break;
1330 case 3: /* XOR */
1331 op0 ^= op1;
1332 break;
1333 case 4: /* AND */
1334 op0 &= op1;
1335 break;
1336 case 5: /* SHR */
1337 op1 = op0 & 1;
1338 op0 = (op0 >> 1) | (s->carry << 7);
1339 s->carry = op1;
1340 break;
1341 case 6: /* ADD */
1342 op0 += op1;
1343 s->carry = op0 < op1;
1344 break;
1345 case 7: /* ADC */
1346 op0 += op1 + s->carry;
1347 if (s->carry)
1348 s->carry = op0 <= op1;
1349 else
1350 s->carry = op0 < op1;
1351 break;
1352 }
1353
1354 switch (opcode) {
1355 case 5: /* From SFBR */
1356 case 7: /* Read-modify-write */
1357 lsi_reg_writeb(s, reg, op0);
1358 break;
1359 case 6: /* To SFBR */
1360 s->sfbr = op0;
1361 break;
1362 }
1363 }
1364 break;
1365
1366 case 2: /* Transfer Control. */
1367 {
1368 int cond;
1369 int jmp;
1370
1371 if ((insn & 0x002e0000) == 0) {
1372 DPRINTF("NOP\n");
1373 break;
1374 }
1375 if (s->sist1 & LSI_SIST1_STO) {
1376 DPRINTF("Delayed select timeout\n");
1377 lsi_stop_script(s);
1378 break;
1379 }
1380 cond = jmp = (insn & (1 << 19)) != 0;
1381 if (cond == jmp && (insn & (1 << 21))) {
1382 DPRINTF("Compare carry %d\n", s->carry == jmp);
1383 cond = s->carry != 0;
1384 }
1385 if (cond == jmp && (insn & (1 << 17))) {
1386 DPRINTF("Compare phase %d %c= %d\n",
1387 (s->sstat1 & PHASE_MASK),
1388 jmp ? '=' : '!',
1389 ((insn >> 24) & 7));
1390 cond = (s->sstat1 & PHASE_MASK) == ((insn >> 24) & 7);
1391 }
1392 if (cond == jmp && (insn & (1 << 18))) {
1393 uint8_t mask;
1394
1395 mask = (~insn >> 8) & 0xff;
1396 DPRINTF("Compare data 0x%x & 0x%x %c= 0x%x\n",
1397 s->sfbr, mask, jmp ? '=' : '!', insn & mask);
1398 cond = (s->sfbr & mask) == (insn & mask);
1399 }
1400 if (cond == jmp) {
1401 if (insn & (1 << 23)) {
1402 /* Relative address. */
1403 addr = s->dsp + sextract32(addr, 0, 24);
1404 }
1405 switch ((insn >> 27) & 7) {
1406 case 0: /* Jump */
1407 DPRINTF("Jump to 0x%08x\n", addr);
1408 s->adder = addr;
1409 s->dsp = addr;
1410 break;
1411 case 1: /* Call */
1412 DPRINTF("Call 0x%08x\n", addr);
1413 s->temp = s->dsp;
1414 s->dsp = addr;
1415 break;
1416 case 2: /* Return */
1417 DPRINTF("Return to 0x%08x\n", s->temp);
1418 s->dsp = s->temp;
1419 break;
1420 case 3: /* Interrupt */
1421 DPRINTF("Interrupt 0x%08x\n", s->dsps);
1422 if ((insn & (1 << 20)) != 0) {
1423 s->istat0 |= LSI_ISTAT0_INTF;
1424 lsi_update_irq(s);
1425 } else {
1426 lsi_script_dma_interrupt(s, LSI_DSTAT_SIR);
1427 }
1428 break;
1429 default:
1430 DPRINTF("Illegal transfer control\n");
1431 lsi_script_dma_interrupt(s, LSI_DSTAT_IID);
1432 break;
1433 }
1434 } else {
1435 DPRINTF("Control condition failed\n");
1436 }
1437 }
1438 break;
1439
1440 case 3:
1441 if ((insn & (1 << 29)) == 0) {
1442 /* Memory move. */
1443 uint32_t dest;
1444 /* ??? The docs imply the destination address is loaded into
1445 the TEMP register. However the Linux drivers rely on
1446 the value being presrved. */
1447 dest = read_dword(s, s->dsp);
1448 s->dsp += 4;
1449 lsi_memcpy(s, dest, addr, insn & 0xffffff);
1450 } else {
1451 uint8_t data[7];
1452 int reg;
1453 int n;
1454 int i;
1455
1456 if (insn & (1 << 28)) {
1457 addr = s->dsa + sextract32(addr, 0, 24);
1458 }
1459 n = (insn & 7);
1460 reg = (insn >> 16) & 0xff;
1461 if (insn & (1 << 24)) {
1462 pci_dma_read(pci_dev, addr, data, n);
1463 DPRINTF("Load reg 0x%x size %d addr 0x%08x = %08x\n", reg, n,
1464 addr, *(int *)data);
1465 for (i = 0; i < n; i++) {
1466 lsi_reg_writeb(s, reg + i, data[i]);
1467 }
1468 } else {
1469 DPRINTF("Store reg 0x%x size %d addr 0x%08x\n", reg, n, addr);
1470 for (i = 0; i < n; i++) {
1471 data[i] = lsi_reg_readb(s, reg + i);
1472 }
1473 pci_dma_write(pci_dev, addr, data, n);
1474 }
1475 }
1476 }
1477 if (insn_processed > 10000 && !s->waiting) {
1478 /* Some windows drivers make the device spin waiting for a memory
1479 location to change. If we have been executed a lot of code then
1480 assume this is the case and force an unexpected device disconnect.
1481 This is apparently sufficient to beat the drivers into submission.
1482 */
1483 if (!(s->sien0 & LSI_SIST0_UDC))
1484 fprintf(stderr, "inf. loop with UDC masked\n");
1485 lsi_script_scsi_interrupt(s, LSI_SIST0_UDC, 0);
1486 lsi_disconnect(s);
1487 } else if (s->istat1 & LSI_ISTAT1_SRUN && !s->waiting) {
1488 if (s->dcntl & LSI_DCNTL_SSM) {
1489 lsi_script_dma_interrupt(s, LSI_DSTAT_SSI);
1490 } else {
1491 goto again;
1492 }
1493 }
1494 DPRINTF("SCRIPTS execution stopped\n");
1495 }
1496
1497 static uint8_t lsi_reg_readb(LSIState *s, int offset)
1498 {
1499 uint8_t ret;
1500
1501 #define CASE_GET_REG24(name, addr) \
1502 case addr: ret = s->name & 0xff; break; \
1503 case addr + 1: ret = (s->name >> 8) & 0xff; break; \
1504 case addr + 2: ret = (s->name >> 16) & 0xff; break;
1505
1506 #define CASE_GET_REG32(name, addr) \
1507 case addr: ret = s->name & 0xff; break; \
1508 case addr + 1: ret = (s->name >> 8) & 0xff; break; \
1509 case addr + 2: ret = (s->name >> 16) & 0xff; break; \
1510 case addr + 3: ret = (s->name >> 24) & 0xff; break;
1511
1512 switch (offset) {
1513 case 0x00: /* SCNTL0 */
1514 ret = s->scntl0;
1515 break;
1516 case 0x01: /* SCNTL1 */
1517 ret = s->scntl1;
1518 break;
1519 case 0x02: /* SCNTL2 */
1520 ret = s->scntl2;
1521 break;
1522 case 0x03: /* SCNTL3 */
1523 ret = s->scntl3;
1524 break;
1525 case 0x04: /* SCID */
1526 ret = s->scid;
1527 break;
1528 case 0x05: /* SXFER */
1529 ret = s->sxfer;
1530 break;
1531 case 0x06: /* SDID */
1532 ret = s->sdid;
1533 break;
1534 case 0x07: /* GPREG0 */
1535 ret = 0x7f;
1536 break;
1537 case 0x08: /* Revision ID */
1538 ret = 0x00;
1539 break;
1540 case 0x09: /* SOCL */
1541 ret = s->socl;
1542 break;
1543 case 0xa: /* SSID */
1544 ret = s->ssid;
1545 break;
1546 case 0xb: /* SBCL */
1547 /* ??? This is not correct. However it's (hopefully) only
1548 used for diagnostics, so should be ok. */
1549 ret = 0;
1550 break;
1551 case 0xc: /* DSTAT */
1552 ret = s->dstat | LSI_DSTAT_DFE;
1553 if ((s->istat0 & LSI_ISTAT0_INTF) == 0)
1554 s->dstat = 0;
1555 lsi_update_irq(s);
1556 break;
1557 case 0x0d: /* SSTAT0 */
1558 ret = s->sstat0;
1559 break;
1560 case 0x0e: /* SSTAT1 */
1561 ret = s->sstat1;
1562 break;
1563 case 0x0f: /* SSTAT2 */
1564 ret = s->scntl1 & LSI_SCNTL1_CON ? 0 : 2;
1565 break;
1566 CASE_GET_REG32(dsa, 0x10)
1567 case 0x14: /* ISTAT0 */
1568 ret = s->istat0;
1569 break;
1570 case 0x15: /* ISTAT1 */
1571 ret = s->istat1;
1572 break;
1573 case 0x16: /* MBOX0 */
1574 ret = s->mbox0;
1575 break;
1576 case 0x17: /* MBOX1 */
1577 ret = s->mbox1;
1578 break;
1579 case 0x18: /* CTEST0 */
1580 ret = 0xff;
1581 break;
1582 case 0x19: /* CTEST1 */
1583 ret = 0;
1584 break;
1585 case 0x1a: /* CTEST2 */
1586 ret = s->ctest2 | LSI_CTEST2_DACK | LSI_CTEST2_CM;
1587 if (s->istat0 & LSI_ISTAT0_SIGP) {
1588 s->istat0 &= ~LSI_ISTAT0_SIGP;
1589 ret |= LSI_CTEST2_SIGP;
1590 }
1591 break;
1592 case 0x1b: /* CTEST3 */
1593 ret = s->ctest3;
1594 break;
1595 CASE_GET_REG32(temp, 0x1c)
1596 case 0x20: /* DFIFO */
1597 ret = 0;
1598 break;
1599 case 0x21: /* CTEST4 */
1600 ret = s->ctest4;
1601 break;
1602 case 0x22: /* CTEST5 */
1603 ret = s->ctest5;
1604 break;
1605 case 0x23: /* CTEST6 */
1606 ret = 0;
1607 break;
1608 CASE_GET_REG24(dbc, 0x24)
1609 case 0x27: /* DCMD */
1610 ret = s->dcmd;
1611 break;
1612 CASE_GET_REG32(dnad, 0x28)
1613 CASE_GET_REG32(dsp, 0x2c)
1614 CASE_GET_REG32(dsps, 0x30)
1615 CASE_GET_REG32(scratch[0], 0x34)
1616 case 0x38: /* DMODE */
1617 ret = s->dmode;
1618 break;
1619 case 0x39: /* DIEN */
1620 ret = s->dien;
1621 break;
1622 case 0x3a: /* SBR */
1623 ret = s->sbr;
1624 break;
1625 case 0x3b: /* DCNTL */
1626 ret = s->dcntl;
1627 break;
1628 /* ADDER Output (Debug of relative jump address) */
1629 CASE_GET_REG32(adder, 0x3c)
1630 case 0x40: /* SIEN0 */
1631 ret = s->sien0;
1632 break;
1633 case 0x41: /* SIEN1 */
1634 ret = s->sien1;
1635 break;
1636 case 0x42: /* SIST0 */
1637 ret = s->sist0;
1638 s->sist0 = 0;
1639 lsi_update_irq(s);
1640 break;
1641 case 0x43: /* SIST1 */
1642 ret = s->sist1;
1643 s->sist1 = 0;
1644 lsi_update_irq(s);
1645 break;
1646 case 0x46: /* MACNTL */
1647 ret = 0x0f;
1648 break;
1649 case 0x47: /* GPCNTL0 */
1650 ret = 0x0f;
1651 break;
1652 case 0x48: /* STIME0 */
1653 ret = s->stime0;
1654 break;
1655 case 0x4a: /* RESPID0 */
1656 ret = s->respid0;
1657 break;
1658 case 0x4b: /* RESPID1 */
1659 ret = s->respid1;
1660 break;
1661 case 0x4d: /* STEST1 */
1662 ret = s->stest1;
1663 break;
1664 case 0x4e: /* STEST2 */
1665 ret = s->stest2;
1666 break;
1667 case 0x4f: /* STEST3 */
1668 ret = s->stest3;
1669 break;
1670 case 0x50: /* SIDL */
1671 /* This is needed by the linux drivers. We currently only update it
1672 during the MSG IN phase. */
1673 ret = s->sidl;
1674 break;
1675 case 0x52: /* STEST4 */
1676 ret = 0xe0;
1677 break;
1678 case 0x56: /* CCNTL0 */
1679 ret = s->ccntl0;
1680 break;
1681 case 0x57: /* CCNTL1 */
1682 ret = s->ccntl1;
1683 break;
1684 case 0x58: /* SBDL */
1685 /* Some drivers peek at the data bus during the MSG IN phase. */
1686 if ((s->sstat1 & PHASE_MASK) == PHASE_MI)
1687 return s->msg[0];
1688 ret = 0;
1689 break;
1690 case 0x59: /* SBDL high */
1691 ret = 0;
1692 break;
1693 CASE_GET_REG32(mmrs, 0xa0)
1694 CASE_GET_REG32(mmws, 0xa4)
1695 CASE_GET_REG32(sfs, 0xa8)
1696 CASE_GET_REG32(drs, 0xac)
1697 CASE_GET_REG32(sbms, 0xb0)
1698 CASE_GET_REG32(dbms, 0xb4)
1699 CASE_GET_REG32(dnad64, 0xb8)
1700 CASE_GET_REG32(pmjad1, 0xc0)
1701 CASE_GET_REG32(pmjad2, 0xc4)
1702 CASE_GET_REG32(rbc, 0xc8)
1703 CASE_GET_REG32(ua, 0xcc)
1704 CASE_GET_REG32(ia, 0xd4)
1705 CASE_GET_REG32(sbc, 0xd8)
1706 CASE_GET_REG32(csbc, 0xdc)
1707 case 0x5c ... 0x9f:
1708 {
1709 int n;
1710 int shift;
1711 n = (offset - 0x58) >> 2;
1712 shift = (offset & 3) * 8;
1713 ret = (s->scratch[n] >> shift) & 0xff;
1714 break;
1715 }
1716 default:
1717 {
1718 qemu_log_mask(LOG_GUEST_ERROR,
1719 "lsi_scsi: invalid read from reg %s %x\n",
1720 offset < ARRAY_SIZE(names) ? names[offset] : "???",
1721 offset);
1722 ret = 0xff;
1723 break;
1724 }
1725 }
1726 #undef CASE_GET_REG24
1727 #undef CASE_GET_REG32
1728
1729 #ifdef DEBUG_LSI_REG
1730 DPRINTF("Read reg %s %x = %02x\n",
1731 offset < ARRAY_SIZE(names) ? names[offset] : "???", offset, ret);
1732 #endif
1733
1734 return ret;
1735 }
1736
1737 static void lsi_reg_writeb(LSIState *s, int offset, uint8_t val)
1738 {
1739 #define CASE_SET_REG24(name, addr) \
1740 case addr : s->name &= 0xffffff00; s->name |= val; break; \
1741 case addr + 1: s->name &= 0xffff00ff; s->name |= val << 8; break; \
1742 case addr + 2: s->name &= 0xff00ffff; s->name |= val << 16; break;
1743
1744 #define CASE_SET_REG32(name, addr) \
1745 case addr : s->name &= 0xffffff00; s->name |= val; break; \
1746 case addr + 1: s->name &= 0xffff00ff; s->name |= val << 8; break; \
1747 case addr + 2: s->name &= 0xff00ffff; s->name |= val << 16; break; \
1748 case addr + 3: s->name &= 0x00ffffff; s->name |= val << 24; break;
1749
1750 #ifdef DEBUG_LSI_REG
1751 DPRINTF("Write reg %s %x = %02x\n",
1752 offset < ARRAY_SIZE(names) ? names[offset] : "???", offset, val);
1753 #endif
1754 switch (offset) {
1755 case 0x00: /* SCNTL0 */
1756 s->scntl0 = val;
1757 if (val & LSI_SCNTL0_START) {
1758 BADF("Start sequence not implemented\n");
1759 }
1760 break;
1761 case 0x01: /* SCNTL1 */
1762 s->scntl1 = val & ~LSI_SCNTL1_SST;
1763 if (val & LSI_SCNTL1_IARB) {
1764 BADF("Immediate Arbritration not implemented\n");
1765 }
1766 if (val & LSI_SCNTL1_RST) {
1767 if (!(s->sstat0 & LSI_SSTAT0_RST)) {
1768 qbus_reset_all(&s->bus.qbus);
1769 s->sstat0 |= LSI_SSTAT0_RST;
1770 lsi_script_scsi_interrupt(s, LSI_SIST0_RST, 0);
1771 }
1772 } else {
1773 s->sstat0 &= ~LSI_SSTAT0_RST;
1774 }
1775 break;
1776 case 0x02: /* SCNTL2 */
1777 val &= ~(LSI_SCNTL2_WSR | LSI_SCNTL2_WSS);
1778 s->scntl2 = val;
1779 break;
1780 case 0x03: /* SCNTL3 */
1781 s->scntl3 = val;
1782 break;
1783 case 0x04: /* SCID */
1784 s->scid = val;
1785 break;
1786 case 0x05: /* SXFER */
1787 s->sxfer = val;
1788 break;
1789 case 0x06: /* SDID */
1790 if ((s->ssid & 0x80) && (val & 0xf) != (s->ssid & 0xf)) {
1791 BADF("Destination ID does not match SSID\n");
1792 }
1793 s->sdid = val & 0xf;
1794 break;
1795 case 0x07: /* GPREG0 */
1796 break;
1797 case 0x08: /* SFBR */
1798 /* The CPU is not allowed to write to this register. However the
1799 SCRIPTS register move instructions are. */
1800 s->sfbr = val;
1801 break;
1802 case 0x0a: case 0x0b:
1803 /* Openserver writes to these readonly registers on startup */
1804 return;
1805 case 0x0c: case 0x0d: case 0x0e: case 0x0f:
1806 /* Linux writes to these readonly registers on startup. */
1807 return;
1808 CASE_SET_REG32(dsa, 0x10)
1809 case 0x14: /* ISTAT0 */
1810 s->istat0 = (s->istat0 & 0x0f) | (val & 0xf0);
1811 if (val & LSI_ISTAT0_ABRT) {
1812 lsi_script_dma_interrupt(s, LSI_DSTAT_ABRT);
1813 }
1814 if (val & LSI_ISTAT0_INTF) {
1815 s->istat0 &= ~LSI_ISTAT0_INTF;
1816 lsi_update_irq(s);
1817 }
1818 if (s->waiting == 1 && val & LSI_ISTAT0_SIGP) {
1819 DPRINTF("Woken by SIGP\n");
1820 s->waiting = 0;
1821 s->dsp = s->dnad;
1822 lsi_execute_script(s);
1823 }
1824 if (val & LSI_ISTAT0_SRST) {
1825 qdev_reset_all(DEVICE(s));
1826 }
1827 break;
1828 case 0x16: /* MBOX0 */
1829 s->mbox0 = val;
1830 break;
1831 case 0x17: /* MBOX1 */
1832 s->mbox1 = val;
1833 break;
1834 case 0x18: /* CTEST0 */
1835 /* nothing to do */
1836 break;
1837 case 0x1a: /* CTEST2 */
1838 s->ctest2 = val & LSI_CTEST2_PCICIE;
1839 break;
1840 case 0x1b: /* CTEST3 */
1841 s->ctest3 = val & 0x0f;
1842 break;
1843 CASE_SET_REG32(temp, 0x1c)
1844 case 0x21: /* CTEST4 */
1845 if (val & 7) {
1846 BADF("Unimplemented CTEST4-FBL 0x%x\n", val);
1847 }
1848 s->ctest4 = val;
1849 break;
1850 case 0x22: /* CTEST5 */
1851 if (val & (LSI_CTEST5_ADCK | LSI_CTEST5_BBCK)) {
1852 BADF("CTEST5 DMA increment not implemented\n");
1853 }
1854 s->ctest5 = val;
1855 break;
1856 CASE_SET_REG24(dbc, 0x24)
1857 CASE_SET_REG32(dnad, 0x28)
1858 case 0x2c: /* DSP[0:7] */
1859 s->dsp &= 0xffffff00;
1860 s->dsp |= val;
1861 break;
1862 case 0x2d: /* DSP[8:15] */
1863 s->dsp &= 0xffff00ff;
1864 s->dsp |= val << 8;
1865 break;
1866 case 0x2e: /* DSP[16:23] */
1867 s->dsp &= 0xff00ffff;
1868 s->dsp |= val << 16;
1869 break;
1870 case 0x2f: /* DSP[24:31] */
1871 s->dsp &= 0x00ffffff;
1872 s->dsp |= val << 24;
1873 if ((s->dmode & LSI_DMODE_MAN) == 0
1874 && (s->istat1 & LSI_ISTAT1_SRUN) == 0)
1875 lsi_execute_script(s);
1876 break;
1877 CASE_SET_REG32(dsps, 0x30)
1878 CASE_SET_REG32(scratch[0], 0x34)
1879 case 0x38: /* DMODE */
1880 if (val & (LSI_DMODE_SIOM | LSI_DMODE_DIOM)) {
1881 BADF("IO mappings not implemented\n");
1882 }
1883 s->dmode = val;
1884 break;
1885 case 0x39: /* DIEN */
1886 s->dien = val;
1887 lsi_update_irq(s);
1888 break;
1889 case 0x3a: /* SBR */
1890 s->sbr = val;
1891 break;
1892 case 0x3b: /* DCNTL */
1893 s->dcntl = val & ~(LSI_DCNTL_PFF | LSI_DCNTL_STD);
1894 if ((val & LSI_DCNTL_STD) && (s->istat1 & LSI_ISTAT1_SRUN) == 0)
1895 lsi_execute_script(s);
1896 break;
1897 case 0x40: /* SIEN0 */
1898 s->sien0 = val;
1899 lsi_update_irq(s);
1900 break;
1901 case 0x41: /* SIEN1 */
1902 s->sien1 = val;
1903 lsi_update_irq(s);
1904 break;
1905 case 0x47: /* GPCNTL0 */
1906 break;
1907 case 0x48: /* STIME0 */
1908 s->stime0 = val;
1909 break;
1910 case 0x49: /* STIME1 */
1911 if (val & 0xf) {
1912 DPRINTF("General purpose timer not implemented\n");
1913 /* ??? Raising the interrupt immediately seems to be sufficient
1914 to keep the FreeBSD driver happy. */
1915 lsi_script_scsi_interrupt(s, 0, LSI_SIST1_GEN);
1916 }
1917 break;
1918 case 0x4a: /* RESPID0 */
1919 s->respid0 = val;
1920 break;
1921 case 0x4b: /* RESPID1 */
1922 s->respid1 = val;
1923 break;
1924 case 0x4d: /* STEST1 */
1925 s->stest1 = val;
1926 break;
1927 case 0x4e: /* STEST2 */
1928 if (val & 1) {
1929 BADF("Low level mode not implemented\n");
1930 }
1931 s->stest2 = val;
1932 break;
1933 case 0x4f: /* STEST3 */
1934 if (val & 0x41) {
1935 BADF("SCSI FIFO test mode not implemented\n");
1936 }
1937 s->stest3 = val;
1938 break;
1939 case 0x56: /* CCNTL0 */
1940 s->ccntl0 = val;
1941 break;
1942 case 0x57: /* CCNTL1 */
1943 s->ccntl1 = val;
1944 break;
1945 CASE_SET_REG32(mmrs, 0xa0)
1946 CASE_SET_REG32(mmws, 0xa4)
1947 CASE_SET_REG32(sfs, 0xa8)
1948 CASE_SET_REG32(drs, 0xac)
1949 CASE_SET_REG32(sbms, 0xb0)
1950 CASE_SET_REG32(dbms, 0xb4)
1951 CASE_SET_REG32(dnad64, 0xb8)
1952 CASE_SET_REG32(pmjad1, 0xc0)
1953 CASE_SET_REG32(pmjad2, 0xc4)
1954 CASE_SET_REG32(rbc, 0xc8)
1955 CASE_SET_REG32(ua, 0xcc)
1956 CASE_SET_REG32(ia, 0xd4)
1957 CASE_SET_REG32(sbc, 0xd8)
1958 CASE_SET_REG32(csbc, 0xdc)
1959 default:
1960 if (offset >= 0x5c && offset < 0xa0) {
1961 int n;
1962 int shift;
1963 n = (offset - 0x58) >> 2;
1964 shift = (offset & 3) * 8;
1965 s->scratch[n] = deposit32(s->scratch[n], shift, 8, val);
1966 } else {
1967 qemu_log_mask(LOG_GUEST_ERROR,
1968 "lsi_scsi: invalid write to reg %s %x (0x%02x)\n",
1969 offset < ARRAY_SIZE(names) ? names[offset] : "???",
1970 offset, val);
1971 }
1972 }
1973 #undef CASE_SET_REG24
1974 #undef CASE_SET_REG32
1975 }
1976
1977 static void lsi_mmio_write(void *opaque, hwaddr addr,
1978 uint64_t val, unsigned size)
1979 {
1980 LSIState *s = opaque;
1981
1982 lsi_reg_writeb(s, addr & 0xff, val);
1983 }
1984
1985 static uint64_t lsi_mmio_read(void *opaque, hwaddr addr,
1986 unsigned size)
1987 {
1988 LSIState *s = opaque;
1989
1990 return lsi_reg_readb(s, addr & 0xff);
1991 }
1992
1993 static const MemoryRegionOps lsi_mmio_ops = {
1994 .read = lsi_mmio_read,
1995 .write = lsi_mmio_write,
1996 .endianness = DEVICE_NATIVE_ENDIAN,
1997 .impl = {
1998 .min_access_size = 1,
1999 .max_access_size = 1,
2000 },
2001 };
2002
2003 static void lsi_ram_write(void *opaque, hwaddr addr,
2004 uint64_t val, unsigned size)
2005 {
2006 LSIState *s = opaque;
2007 uint32_t newval;
2008 uint32_t mask;
2009 int shift;
2010
2011 newval = s->script_ram[addr >> 2];
2012 shift = (addr & 3) * 8;
2013 mask = ((uint64_t)1 << (size * 8)) - 1;
2014 newval &= ~(mask << shift);
2015 newval |= val << shift;
2016 s->script_ram[addr >> 2] = newval;
2017 }
2018
2019 static uint64_t lsi_ram_read(void *opaque, hwaddr addr,
2020 unsigned size)
2021 {
2022 LSIState *s = opaque;
2023 uint32_t val;
2024 uint32_t mask;
2025
2026 val = s->script_ram[addr >> 2];
2027 mask = ((uint64_t)1 << (size * 8)) - 1;
2028 val >>= (addr & 3) * 8;
2029 return val & mask;
2030 }
2031
2032 static const MemoryRegionOps lsi_ram_ops = {
2033 .read = lsi_ram_read,
2034 .write = lsi_ram_write,
2035 .endianness = DEVICE_NATIVE_ENDIAN,
2036 };
2037
2038 static uint64_t lsi_io_read(void *opaque, hwaddr addr,
2039 unsigned size)
2040 {
2041 LSIState *s = opaque;
2042 return lsi_reg_readb(s, addr & 0xff);
2043 }
2044
2045 static void lsi_io_write(void *opaque, hwaddr addr,
2046 uint64_t val, unsigned size)
2047 {
2048 LSIState *s = opaque;
2049 lsi_reg_writeb(s, addr & 0xff, val);
2050 }
2051
2052 static const MemoryRegionOps lsi_io_ops = {
2053 .read = lsi_io_read,
2054 .write = lsi_io_write,
2055 .endianness = DEVICE_NATIVE_ENDIAN,
2056 .impl = {
2057 .min_access_size = 1,
2058 .max_access_size = 1,
2059 },
2060 };
2061
2062 static void lsi_scsi_reset(DeviceState *dev)
2063 {
2064 LSIState *s = LSI53C895A(dev);
2065
2066 lsi_soft_reset(s);
2067 }
2068
2069 static void lsi_pre_save(void *opaque)
2070 {
2071 LSIState *s = opaque;
2072
2073 if (s->current) {
2074 assert(s->current->dma_buf == NULL);
2075 assert(s->current->dma_len == 0);
2076 }
2077 assert(QTAILQ_EMPTY(&s->queue));
2078 }
2079
2080 static const VMStateDescription vmstate_lsi_scsi = {
2081 .name = "lsiscsi",
2082 .version_id = 0,
2083 .minimum_version_id = 0,
2084 .pre_save = lsi_pre_save,
2085 .fields = (VMStateField[]) {
2086 VMSTATE_PCI_DEVICE(parent_obj, LSIState),
2087
2088 VMSTATE_INT32(carry, LSIState),
2089 VMSTATE_INT32(status, LSIState),
2090 VMSTATE_INT32(msg_action, LSIState),
2091 VMSTATE_INT32(msg_len, LSIState),
2092 VMSTATE_BUFFER(msg, LSIState),
2093 VMSTATE_INT32(waiting, LSIState),
2094
2095 VMSTATE_UINT32(dsa, LSIState),
2096 VMSTATE_UINT32(temp, LSIState),
2097 VMSTATE_UINT32(dnad, LSIState),
2098 VMSTATE_UINT32(dbc, LSIState),
2099 VMSTATE_UINT8(istat0, LSIState),
2100 VMSTATE_UINT8(istat1, LSIState),
2101 VMSTATE_UINT8(dcmd, LSIState),
2102 VMSTATE_UINT8(dstat, LSIState),
2103 VMSTATE_UINT8(dien, LSIState),
2104 VMSTATE_UINT8(sist0, LSIState),
2105 VMSTATE_UINT8(sist1, LSIState),
2106 VMSTATE_UINT8(sien0, LSIState),
2107 VMSTATE_UINT8(sien1, LSIState),
2108 VMSTATE_UINT8(mbox0, LSIState),
2109 VMSTATE_UINT8(mbox1, LSIState),
2110 VMSTATE_UINT8(dfifo, LSIState),
2111 VMSTATE_UINT8(ctest2, LSIState),
2112 VMSTATE_UINT8(ctest3, LSIState),
2113 VMSTATE_UINT8(ctest4, LSIState),
2114 VMSTATE_UINT8(ctest5, LSIState),
2115 VMSTATE_UINT8(ccntl0, LSIState),
2116 VMSTATE_UINT8(ccntl1, LSIState),
2117 VMSTATE_UINT32(dsp, LSIState),
2118 VMSTATE_UINT32(dsps, LSIState),
2119 VMSTATE_UINT8(dmode, LSIState),
2120 VMSTATE_UINT8(dcntl, LSIState),
2121 VMSTATE_UINT8(scntl0, LSIState),
2122 VMSTATE_UINT8(scntl1, LSIState),
2123 VMSTATE_UINT8(scntl2, LSIState),
2124 VMSTATE_UINT8(scntl3, LSIState),
2125 VMSTATE_UINT8(sstat0, LSIState),
2126 VMSTATE_UINT8(sstat1, LSIState),
2127 VMSTATE_UINT8(scid, LSIState),
2128 VMSTATE_UINT8(sxfer, LSIState),
2129 VMSTATE_UINT8(socl, LSIState),
2130 VMSTATE_UINT8(sdid, LSIState),
2131 VMSTATE_UINT8(ssid, LSIState),
2132 VMSTATE_UINT8(sfbr, LSIState),
2133 VMSTATE_UINT8(stest1, LSIState),
2134 VMSTATE_UINT8(stest2, LSIState),
2135 VMSTATE_UINT8(stest3, LSIState),
2136 VMSTATE_UINT8(sidl, LSIState),
2137 VMSTATE_UINT8(stime0, LSIState),
2138 VMSTATE_UINT8(respid0, LSIState),
2139 VMSTATE_UINT8(respid1, LSIState),
2140 VMSTATE_UINT32(mmrs, LSIState),
2141 VMSTATE_UINT32(mmws, LSIState),
2142 VMSTATE_UINT32(sfs, LSIState),
2143 VMSTATE_UINT32(drs, LSIState),
2144 VMSTATE_UINT32(sbms, LSIState),
2145 VMSTATE_UINT32(dbms, LSIState),
2146 VMSTATE_UINT32(dnad64, LSIState),
2147 VMSTATE_UINT32(pmjad1, LSIState),
2148 VMSTATE_UINT32(pmjad2, LSIState),
2149 VMSTATE_UINT32(rbc, LSIState),
2150 VMSTATE_UINT32(ua, LSIState),
2151 VMSTATE_UINT32(ia, LSIState),
2152 VMSTATE_UINT32(sbc, LSIState),
2153 VMSTATE_UINT32(csbc, LSIState),
2154 VMSTATE_BUFFER_UNSAFE(scratch, LSIState, 0, 18 * sizeof(uint32_t)),
2155 VMSTATE_UINT8(sbr, LSIState),
2156
2157 VMSTATE_BUFFER_UNSAFE(script_ram, LSIState, 0, 2048 * sizeof(uint32_t)),
2158 VMSTATE_END_OF_LIST()
2159 }
2160 };
2161
2162 static const struct SCSIBusInfo lsi_scsi_info = {
2163 .tcq = true,
2164 .max_target = LSI_MAX_DEVS,
2165 .max_lun = 0, /* LUN support is buggy */
2166
2167 .transfer_data = lsi_transfer_data,
2168 .complete = lsi_command_complete,
2169 .cancel = lsi_request_cancelled
2170 };
2171
2172 static void lsi_scsi_realize(PCIDevice *dev, Error **errp)
2173 {
2174 LSIState *s = LSI53C895A(dev);
2175 DeviceState *d = DEVICE(dev);
2176 uint8_t *pci_conf;
2177
2178 pci_conf = dev->config;
2179
2180 /* PCI latency timer = 255 */
2181 pci_conf[PCI_LATENCY_TIMER] = 0xff;
2182 /* Interrupt pin A */
2183 pci_conf[PCI_INTERRUPT_PIN] = 0x01;
2184
2185 memory_region_init_io(&s->mmio_io, OBJECT(s), &lsi_mmio_ops, s,
2186 "lsi-mmio", 0x400);
2187 memory_region_init_io(&s->ram_io, OBJECT(s), &lsi_ram_ops, s,
2188 "lsi-ram", 0x2000);
2189 memory_region_init_io(&s->io_io, OBJECT(s), &lsi_io_ops, s,
2190 "lsi-io", 256);
2191
2192 pci_register_bar(dev, 0, PCI_BASE_ADDRESS_SPACE_IO, &s->io_io);
2193 pci_register_bar(dev, 1, PCI_BASE_ADDRESS_SPACE_MEMORY, &s->mmio_io);
2194 pci_register_bar(dev, 2, PCI_BASE_ADDRESS_SPACE_MEMORY, &s->ram_io);
2195 QTAILQ_INIT(&s->queue);
2196
2197 scsi_bus_new(&s->bus, sizeof(s->bus), d, &lsi_scsi_info, NULL);
2198 if (!d->hotplugged) {
2199 scsi_bus_legacy_handle_cmdline(&s->bus, errp);
2200 }
2201 }
2202
2203 static void lsi_class_init(ObjectClass *klass, void *data)
2204 {
2205 DeviceClass *dc = DEVICE_CLASS(klass);
2206 PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
2207
2208 k->realize = lsi_scsi_realize;
2209 k->vendor_id = PCI_VENDOR_ID_LSI_LOGIC;
2210 k->device_id = PCI_DEVICE_ID_LSI_53C895A;
2211 k->class_id = PCI_CLASS_STORAGE_SCSI;
2212 k->subsystem_id = 0x1000;
2213 dc->reset = lsi_scsi_reset;
2214 dc->vmsd = &vmstate_lsi_scsi;
2215 set_bit(DEVICE_CATEGORY_STORAGE, dc->categories);
2216 }
2217
2218 static const TypeInfo lsi_info = {
2219 .name = TYPE_LSI53C895A,
2220 .parent = TYPE_PCI_DEVICE,
2221 .instance_size = sizeof(LSIState),
2222 .class_init = lsi_class_init,
2223 };
2224
2225 static void lsi53c810_class_init(ObjectClass *klass, void *data)
2226 {
2227 PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
2228
2229 k->device_id = PCI_DEVICE_ID_LSI_53C810;
2230 }
2231
2232 static TypeInfo lsi53c810_info = {
2233 .name = TYPE_LSI53C810,
2234 .parent = TYPE_LSI53C895A,
2235 .class_init = lsi53c810_class_init,
2236 };
2237
2238 static void lsi53c895a_register_types(void)
2239 {
2240 type_register_static(&lsi_info);
2241 type_register_static(&lsi53c810_info);
2242 }
2243
2244 type_init(lsi53c895a_register_types)
Random patches