]> Git Repo - qemu.git/blame - hw/scsi/lsi53c895a.c
projects / qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Merge remote-tracking branch 'remotes/kraxel/tags/usb-20200310-pull-request' into...
[qemu.git] / hw / scsi / lsi53c895a.c
CommitLineData
5fafdf24 1/*
7d8406be
PB		 2 * QEMU LSI53C895A SCSI Host Bus Adapter emulation
3 *
4 * Copyright (c) 2006 CodeSourcery.
5 * Written by Paul Brook
6 *
8e31bf38 7 * This code is licensed under the LGPL.
7d8406be
PB		 8 */
9
ceae18bd
HP		 10/* Note:
11 * LSI53C810 emulation is incorrect, in the sense that it supports
12 * features added in later evolutions. This should not be a problem,
13 * as well-behaved operating systems will not try to use them.
14 */
15
a4ab4792 16#include "qemu/osdep.h"
777aec7a 17
64552b6b 18#include "hw/irq.h"
83c9f4ca 19#include "hw/pci/pci.h"
0d09e41a 20#include "hw/scsi/scsi.h"
d6454270 21#include "migration/vmstate.h"
9c17d615 22#include "sysemu/dma.h"
85a20bc4 23#include "qemu/log.h"
0b8fa32f 24#include "qemu/module.h"
c921370b 25#include "trace.h"
7d8406be 26
64eb7491
HP		 27static const char *names[] = {
28 "SCNTL0", "SCNTL1", "SCNTL2", "SCNTL3", "SCID", "SXFER", "SDID", "GPREG",
29 "SFBR", "SOCL", "SSID", "SBCL", "DSTAT", "SSTAT0", "SSTAT1", "SSTAT2",
30 "DSA0", "DSA1", "DSA2", "DSA3", "ISTAT", "0x15", "0x16", "0x17",
31 "CTEST0", "CTEST1", "CTEST2", "CTEST3", "TEMP0", "TEMP1", "TEMP2", "TEMP3",
32 "DFIFO", "CTEST4", "CTEST5", "CTEST6", "DBC0", "DBC1", "DBC2", "DCMD",
33 "DNAD0", "DNAD1", "DNAD2", "DNAD3", "DSP0", "DSP1", "DSP2", "DSP3",
34 "DSPS0", "DSPS1", "DSPS2", "DSPS3", "SCRATCHA0", "SCRATCHA1", "SCRATCHA2", "SCRATCHA3",
35 "DMODE", "DIEN", "SBR", "DCNTL", "ADDER0", "ADDER1", "ADDER2", "ADDER3",
36 "SIEN0", "SIEN1", "SIST0", "SIST1", "SLPAR", "0x45", "MACNTL", "GPCNTL",
37 "STIME0", "STIME1", "RESPID", "0x4b", "STEST0", "STEST1", "STEST2", "STEST3",
38 "SIDL", "0x51", "0x52", "0x53", "SODL", "0x55", "0x56", "0x57",
39 "SBDL", "0x59", "0x5a", "0x5b", "SCRATCHB0", "SCRATCHB1", "SCRATCHB2", "SCRATCHB3",
40};
64eb7491 41
18e08a55
MT		 42#define LSI_MAX_DEVS 7
43
7d8406be
PB		 44#define LSI_SCNTL0_TRG 0x01
45#define LSI_SCNTL0_AAP 0x02
46#define LSI_SCNTL0_EPC 0x08
47#define LSI_SCNTL0_WATN 0x10
48#define LSI_SCNTL0_START 0x20
49
50#define LSI_SCNTL1_SST 0x01
51#define LSI_SCNTL1_IARB 0x02
52#define LSI_SCNTL1_AESP 0x04
53#define LSI_SCNTL1_RST 0x08
54#define LSI_SCNTL1_CON 0x10
55#define LSI_SCNTL1_DHP 0x20
56#define LSI_SCNTL1_ADB 0x40
57#define LSI_SCNTL1_EXC 0x80
58
59#define LSI_SCNTL2_WSR 0x01
60#define LSI_SCNTL2_VUE0 0x02
61#define LSI_SCNTL2_VUE1 0x04
62#define LSI_SCNTL2_WSS 0x08
63#define LSI_SCNTL2_SLPHBEN 0x10
64#define LSI_SCNTL2_SLPMD 0x20
65#define LSI_SCNTL2_CHM 0x40
66#define LSI_SCNTL2_SDU 0x80
67
68#define LSI_ISTAT0_DIP 0x01
69#define LSI_ISTAT0_SIP 0x02
70#define LSI_ISTAT0_INTF 0x04
71#define LSI_ISTAT0_CON 0x08
72#define LSI_ISTAT0_SEM 0x10
73#define LSI_ISTAT0_SIGP 0x20
74#define LSI_ISTAT0_SRST 0x40
75#define LSI_ISTAT0_ABRT 0x80
76
77#define LSI_ISTAT1_SI 0x01
78#define LSI_ISTAT1_SRUN 0x02
79#define LSI_ISTAT1_FLSH 0x04
80
81#define LSI_SSTAT0_SDP0 0x01
82#define LSI_SSTAT0_RST 0x02
83#define LSI_SSTAT0_WOA 0x04
84#define LSI_SSTAT0_LOA 0x08
85#define LSI_SSTAT0_AIP 0x10
86#define LSI_SSTAT0_OLF 0x20
87#define LSI_SSTAT0_ORF 0x40
88#define LSI_SSTAT0_ILF 0x80
89
90#define LSI_SIST0_PAR 0x01
91#define LSI_SIST0_RST 0x02
92#define LSI_SIST0_UDC 0x04
93#define LSI_SIST0_SGE 0x08
94#define LSI_SIST0_RSL 0x10
95#define LSI_SIST0_SEL 0x20
96#define LSI_SIST0_CMP 0x40
97#define LSI_SIST0_MA 0x80
98
99#define LSI_SIST1_HTH 0x01
100#define LSI_SIST1_GEN 0x02
101#define LSI_SIST1_STO 0x04
102#define LSI_SIST1_SBMC 0x10
103
104#define LSI_SOCL_IO 0x01
105#define LSI_SOCL_CD 0x02
106#define LSI_SOCL_MSG 0x04
107#define LSI_SOCL_ATN 0x08
108#define LSI_SOCL_SEL 0x10
109#define LSI_SOCL_BSY 0x20
110#define LSI_SOCL_ACK 0x40
111#define LSI_SOCL_REQ 0x80
112
113#define LSI_DSTAT_IID 0x01
114#define LSI_DSTAT_SIR 0x04
115#define LSI_DSTAT_SSI 0x08
116#define LSI_DSTAT_ABRT 0x10
117#define LSI_DSTAT_BF 0x20
118#define LSI_DSTAT_MDPE 0x40
119#define LSI_DSTAT_DFE 0x80
120
121#define LSI_DCNTL_COM 0x01
122#define LSI_DCNTL_IRQD 0x02
123#define LSI_DCNTL_STD 0x04
124#define LSI_DCNTL_IRQM 0x08
125#define LSI_DCNTL_SSM 0x10
126#define LSI_DCNTL_PFEN 0x20
127#define LSI_DCNTL_PFF 0x40
128#define LSI_DCNTL_CLSE 0x80
129
130#define LSI_DMODE_MAN 0x01
131#define LSI_DMODE_BOF 0x02
132#define LSI_DMODE_ERMP 0x04
133#define LSI_DMODE_ERL 0x08
134#define LSI_DMODE_DIOM 0x10
135#define LSI_DMODE_SIOM 0x20
136
137#define LSI_CTEST2_DACK 0x01
138#define LSI_CTEST2_DREQ 0x02
139#define LSI_CTEST2_TEOP 0x04
140#define LSI_CTEST2_PCICIE 0x08
141#define LSI_CTEST2_CM 0x10
142#define LSI_CTEST2_CIO 0x20
143#define LSI_CTEST2_SIGP 0x40
144#define LSI_CTEST2_DDIR 0x80
145
146#define LSI_CTEST5_BL2 0x04
147#define LSI_CTEST5_DDIR 0x08
148#define LSI_CTEST5_MASR 0x10
149#define LSI_CTEST5_DFSN 0x20
150#define LSI_CTEST5_BBCK 0x40
151#define LSI_CTEST5_ADCK 0x80
152
153#define LSI_CCNTL0_DILS 0x01
154#define LSI_CCNTL0_DISFC 0x10
155#define LSI_CCNTL0_ENNDJ 0x20
156#define LSI_CCNTL0_PMJCTL 0x40
157#define LSI_CCNTL0_ENPMJ 0x80
158
b25cf589
AL		 159#define LSI_CCNTL1_EN64DBMV 0x01
160#define LSI_CCNTL1_EN64TIBMV 0x02
161#define LSI_CCNTL1_64TIMOD 0x04
162#define LSI_CCNTL1_DDAC 0x08
163#define LSI_CCNTL1_ZMOD 0x80
164
12dd89f7
SS		 165#define LSI_SBCL_ATN 0x08
166#define LSI_SBCL_BSY 0x20
167#define LSI_SBCL_ACK 0x40
168#define LSI_SBCL_REQ 0x80
169
e560125e
LA		 170/* Enable Response to Reselection */
171#define LSI_SCID_RRE 0x60
172
b25cf589
AL		 173#define LSI_CCNTL1_40BIT (LSI_CCNTL1_EN64TIBMV|LSI_CCNTL1_64TIMOD)
174
7d8406be
PB		 175#define PHASE_DO 0
176#define PHASE_DI 1
177#define PHASE_CMD 2
178#define PHASE_ST 3
179#define PHASE_MO 6
180#define PHASE_MI 7
181#define PHASE_MASK 7
182
a917d384
PB		 183/* Maximum length of MSG IN data. */
184#define LSI_MAX_MSGIN_LEN 8
185
186/* Flag set if this is a tagged command. */
187#define LSI_TAG_VALID (1 << 16)
188
de594e47
PB		 189/* Maximum instructions to process. */
190#define LSI_MAX_INSN 10000
191
042ec49d 192typedef struct lsi_request {
5c6c0e51 193 SCSIRequest *req;
a917d384 194 uint32_t tag;
b96a0da0
GH		 195 uint32_t dma_len;
196 uint8_t *dma_buf;
a917d384
PB		 197 uint32_t pending;
198 int out;
042ec49d
GH		 199 QTAILQ_ENTRY(lsi_request) next;
200} lsi_request;
4d611c9a 201
f08ec2b8
SS		 202enum {
203 LSI_NOWAIT, /* SCRIPTS are running or stopped */
204 LSI_WAIT_RESELECT, /* Wait Reselect instruction has been issued */
205 LSI_DMA_SCRIPTS, /* processing DMA from lsi_execute_script */
206 LSI_DMA_IN_PROGRESS, /* DMA operation is in progress */
207};
208
4ae63d37
SS		 209enum {
210 LSI_MSG_ACTION_COMMAND = 0,
211 LSI_MSG_ACTION_DISCONNECT = 1,
212 LSI_MSG_ACTION_DOUT = 2,
213 LSI_MSG_ACTION_DIN = 3,
214};
215
7d8406be 216typedef struct {
725eec70
AF		 217 /*< private >*/
218 PCIDevice parent_obj;
219 /*< public >*/
220
3cc1b9cb 221 qemu_irq ext_irq;
b0ce84e5
AK		 222 MemoryRegion mmio_io;
223 MemoryRegion ram_io;
224 MemoryRegion io_io;
a8632434 225 AddressSpace pci_io_as;
7d8406be
PB		 226
227 int carry; /* ??? Should this be an a visible register somewhere? */
2f172849 228 int status;
a917d384
PB		 229 int msg_action;
230 int msg_len;
231 uint8_t msg[LSI_MAX_MSGIN_LEN];
7d8406be 232 int waiting;
ca9c39fa 233 SCSIBus bus;
7d8406be 234 int current_lun;
a917d384 235 /* The tag is a combination of the device ID and the SCSI tag. */
af12ac98 236 uint32_t select_tag;
8ccc2ace 237 int command_complete;
042ec49d 238 QTAILQ_HEAD(, lsi_request) queue;
af12ac98 239 lsi_request *current;
7d8406be
PB		 240
241 uint32_t dsa;
242 uint32_t temp;
243 uint32_t dnad;
244 uint32_t dbc;
245 uint8_t istat0;
246 uint8_t istat1;
247 uint8_t dcmd;
248 uint8_t dstat;
249 uint8_t dien;
250 uint8_t sist0;
251 uint8_t sist1;
252 uint8_t sien0;
253 uint8_t sien1;
254 uint8_t mbox0;
255 uint8_t mbox1;
256 uint8_t dfifo;
9167a69a 257 uint8_t ctest2;
7d8406be
PB		 258 uint8_t ctest3;
259 uint8_t ctest4;
260 uint8_t ctest5;
261 uint8_t ccntl0;
262 uint8_t ccntl1;
263 uint32_t dsp;
264 uint32_t dsps;
265 uint8_t dmode;
266 uint8_t dcntl;
267 uint8_t scntl0;
268 uint8_t scntl1;
269 uint8_t scntl2;
270 uint8_t scntl3;
271 uint8_t sstat0;
272 uint8_t sstat1;
273 uint8_t scid;
274 uint8_t sxfer;
275 uint8_t socl;
276 uint8_t sdid;
a917d384 277 uint8_t ssid;
7d8406be 278 uint8_t sfbr;
12dd89f7 279 uint8_t sbcl;
7d8406be
PB		 280 uint8_t stest1;
281 uint8_t stest2;
282 uint8_t stest3;
a917d384 283 uint8_t sidl;
7d8406be
PB		 284 uint8_t stime0;
285 uint8_t respid0;
286 uint8_t respid1;
287 uint32_t mmrs;
288 uint32_t mmws;
289 uint32_t sfs;
290 uint32_t drs;
291 uint32_t sbms;
ab57d967 292 uint32_t dbms;
7d8406be
PB		 293 uint32_t dnad64;
294 uint32_t pmjad1;
295 uint32_t pmjad2;
296 uint32_t rbc;
297 uint32_t ua;
298 uint32_t ia;
299 uint32_t sbc;
300 uint32_t csbc;
dcfb9014 301 uint32_t scratch[18]; /* SCRATCHA-SCRATCHR */
bd8ee11a 302 uint8_t sbr;
6f84da3a 303 uint32_t adder;
7d8406be 304
811a75ba 305 uint8_t script_ram[2048 * sizeof(uint32_t)];
7d8406be
PB		 306} LSIState;
307
ceae18bd 308#define TYPE_LSI53C810 "lsi53c810"
71186c86
PC		 309#define TYPE_LSI53C895A "lsi53c895a"
310
311#define LSI53C895A(obj) \
312 OBJECT_CHECK(LSIState, (obj), TYPE_LSI53C895A)
313
82cf2bcf
SS		 314static const char *scsi_phases[] = {
315 "DOUT",
316 "DIN",
317 "CMD",
318 "STATUS",
319 "RSVOUT",
320 "RSVIN",
321 "MSGOUT",
322 "MSGIN"
323};
324
325static const char *scsi_phase_name(int phase)
326{
327 return scsi_phases[phase & PHASE_MASK];
328}
329
e560125e
LA		 330static inline int lsi_irq_on_rsl(LSIState *s)
331{
332 return (s->sien0 & LSI_SIST0_RSL) && (s->scid & LSI_SCID_RRE);
333}
334
56333e69
GK		 335static lsi_request *get_pending_req(LSIState *s)
336{
337 lsi_request *p;
338
339 QTAILQ_FOREACH(p, &s->queue, next) {
340 if (p->pending) {
341 return p;
342 }
343 }
344 return NULL;
345}
346
7d8406be
PB		 347static void lsi_soft_reset(LSIState *s)
348{
c921370b 349 trace_lsi_reset();
7d8406be
PB		 350 s->carry = 0;
351
4ae63d37 352 s->msg_action = LSI_MSG_ACTION_COMMAND;
d43ba0af 353 s->msg_len = 0;
f08ec2b8 354 s->waiting = LSI_NOWAIT;
7d8406be
PB		 355 s->dsa = 0;
356 s->dnad = 0;
357 s->dbc = 0;
358 s->temp = 0;
359 memset(s->scratch, 0, sizeof(s->scratch));
360 s->istat0 = 0;
361 s->istat1 = 0;
12aa6dd6 362 s->dcmd = 0x40;
98f62e3d 363 s->dstat = 0;
7d8406be
PB		 364 s->dien = 0;
365 s->sist0 = 0;
366 s->sist1 = 0;
367 s->sien0 = 0;
368 s->sien1 = 0;
369 s->mbox0 = 0;
370 s->mbox1 = 0;
371 s->dfifo = 0;
12aa6dd6 372 s->ctest2 = LSI_CTEST2_DACK;
7d8406be
PB		 373 s->ctest3 = 0;
374 s->ctest4 = 0;
375 s->ctest5 = 0;
376 s->ccntl0 = 0;
377 s->ccntl1 = 0;
378 s->dsp = 0;
379 s->dsps = 0;
380 s->dmode = 0;
381 s->dcntl = 0;
382 s->scntl0 = 0xc0;
383 s->scntl1 = 0;
384 s->scntl2 = 0;
385 s->scntl3 = 0;
386 s->sstat0 = 0;
387 s->sstat1 = 0;
388 s->scid = 7;
389 s->sxfer = 0;
390 s->socl = 0;
12aa6dd6
JK		 391 s->sdid = 0;
392 s->ssid = 0;
12dd89f7 393 s->sbcl = 0;
7d8406be
PB		 394 s->stest1 = 0;
395 s->stest2 = 0;
396 s->stest3 = 0;
a917d384 397 s->sidl = 0;
7d8406be
PB		 398 s->stime0 = 0;
399 s->respid0 = 0x80;
400 s->respid1 = 0;
401 s->mmrs = 0;
402 s->mmws = 0;
403 s->sfs = 0;
404 s->drs = 0;
405 s->sbms = 0;
ab57d967 406 s->dbms = 0;
7d8406be
PB		 407 s->dnad64 = 0;
408 s->pmjad1 = 0;
409 s->pmjad2 = 0;
410 s->rbc = 0;
411 s->ua = 0;
412 s->ia = 0;
413 s->sbc = 0;
414 s->csbc = 0;
bd8ee11a 415 s->sbr = 0;
2f0772c5
PB		 416 assert(QTAILQ_EMPTY(&s->queue));
417 assert(!s->current);
7d8406be
PB		 418}
419
b25cf589
AL		 420static int lsi_dma_40bit(LSIState *s)
421{
422 if ((s->ccntl1 & LSI_CCNTL1_40BIT) == LSI_CCNTL1_40BIT)
423 return 1;
424 return 0;
425}
426
dd8edf01
AL		 427static int lsi_dma_ti64bit(LSIState *s)
428{
429 if ((s->ccntl1 & LSI_CCNTL1_EN64TIBMV) == LSI_CCNTL1_EN64TIBMV)
430 return 1;
431 return 0;
432}
433
434static int lsi_dma_64bit(LSIState *s)
435{
436 if ((s->ccntl1 & LSI_CCNTL1_EN64DBMV) == LSI_CCNTL1_EN64DBMV)
437 return 1;
438 return 0;
439}
440
7d8406be
PB		 441static uint8_t lsi_reg_readb(LSIState *s, int offset);
442static void lsi_reg_writeb(LSIState *s, int offset, uint8_t val);
4d611c9a 443static void lsi_execute_script(LSIState *s);
aa4d32c4 444static void lsi_reselect(LSIState *s, lsi_request *p);
7d8406be 445
3975bb56 446static inline void lsi_mem_read(LSIState *s, dma_addr_t addr,
a8632434
HP		 447 void *buf, dma_addr_t len)
448{
449 if (s->dmode & LSI_DMODE_SIOM) {
450 address_space_read(&s->pci_io_as, addr, MEMTXATTRS_UNSPECIFIED,
451 buf, len);
a8632434 452 } else {
3975bb56 453 pci_dma_read(PCI_DEVICE(s), addr, buf, len);
a8632434
HP		 454 }
455}
456
3975bb56 457static inline void lsi_mem_write(LSIState *s, dma_addr_t addr,
a8632434
HP		 458 const void *buf, dma_addr_t len)
459{
460 if (s->dmode & LSI_DMODE_DIOM) {
461 address_space_write(&s->pci_io_as, addr, MEMTXATTRS_UNSPECIFIED,
462 buf, len);
a8632434 463 } else {
3975bb56 464 pci_dma_write(PCI_DEVICE(s), addr, buf, len);
a8632434
HP		 465 }
466}
467
7d8406be
PB		 468static inline uint32_t read_dword(LSIState *s, uint32_t addr)
469{
470 uint32_t buf;
471
725eec70 472 pci_dma_read(PCI_DEVICE(s), addr, &buf, 4);
7d8406be
PB		 473 return cpu_to_le32(buf);
474}
475
476static void lsi_stop_script(LSIState *s)
477{
478 s->istat1 &= ~LSI_ISTAT1_SRUN;
479}
480
3cc1b9cb 481static void lsi_set_irq(LSIState *s, int level)
7d8406be 482{
725eec70 483 PCIDevice *d = PCI_DEVICE(s);
3cc1b9cb
MCA		 484
485 if (s->ext_irq) {
486 qemu_set_irq(s->ext_irq, level);
487 } else {
488 pci_set_irq(d, level);
489 }
490}
491
492static void lsi_update_irq(LSIState *s)
493{
7d8406be
PB		 494 int level;
495 static int last_level;
496
497 /* It's unclear whether the DIP/SIP bits should be cleared when the
498 Interrupt Status Registers are cleared or when istat0 is read.
499 We currently do the formwer, which seems to work. */
500 level = 0;
501 if (s->dstat) {
502 if (s->dstat & s->dien)
503 level = 1;
504 s->istat0 |= LSI_ISTAT0_DIP;
505 } else {
506 s->istat0 &= ~LSI_ISTAT0_DIP;
507 }
508
509 if (s->sist0 || s->sist1) {
510 if ((s->sist0 & s->sien0) || (s->sist1 & s->sien1))
511 level = 1;
512 s->istat0 |= LSI_ISTAT0_SIP;
513 } else {
514 s->istat0 &= ~LSI_ISTAT0_SIP;
515 }
516 if (s->istat0 & LSI_ISTAT0_INTF)
517 level = 1;
518
519 if (level != last_level) {
c921370b 520 trace_lsi_update_irq(level, s->dstat, s->sist1, s->sist0);
7d8406be
PB		 521 last_level = level;
522 }
3cc1b9cb 523 lsi_set_irq(s, level);
e560125e 524
56333e69
GK		 525 if (!s->current && !level && lsi_irq_on_rsl(s) && !(s->scntl1 & LSI_SCNTL1_CON)) {
526 lsi_request *p;
527
c921370b 528 trace_lsi_update_irq_disconnected();
56333e69
GK		 529 p = get_pending_req(s);
530 if (p) {
531 lsi_reselect(s, p);
e560125e
LA		 532 }
533 }
7d8406be
PB		 534}
535
536/* Stop SCRIPTS execution and raise a SCSI interrupt. */
537static void lsi_script_scsi_interrupt(LSIState *s, int stat0, int stat1)
538{
539 uint32_t mask0;
540 uint32_t mask1;
541
c921370b 542 trace_lsi_script_scsi_interrupt(stat1, stat0, s->sist1, s->sist0);
7d8406be
PB		 543 s->sist0 |= stat0;
544 s->sist1 |= stat1;
545 /* Stop processor on fatal or unmasked interrupt. As a special hack
546 we don't stop processing when raising STO. Instead continue
547 execution and stop at the next insn that accesses the SCSI bus. */
548 mask0 = s->sien0 | ~(LSI_SIST0_CMP | LSI_SIST0_SEL | LSI_SIST0_RSL);
549 mask1 = s->sien1 | ~(LSI_SIST1_GEN | LSI_SIST1_HTH);
550 mask1 &= ~LSI_SIST1_STO;
551 if (s->sist0 & mask0 || s->sist1 & mask1) {
552 lsi_stop_script(s);
553 }
554 lsi_update_irq(s);
555}
556
557/* Stop SCRIPTS execution and raise a DMA interrupt. */
558static void lsi_script_dma_interrupt(LSIState *s, int stat)
559{
c921370b 560 trace_lsi_script_dma_interrupt(stat, s->dstat);
7d8406be
PB		 561 s->dstat |= stat;
562 lsi_update_irq(s);
563 lsi_stop_script(s);
564}
565
566static inline void lsi_set_phase(LSIState *s, int phase)
567{
12dd89f7
SS		 568 s->sbcl &= ~PHASE_MASK;
569 s->sbcl |= phase | LSI_SBCL_REQ;
7d8406be
PB		 570 s->sstat1 = (s->sstat1 & ~PHASE_MASK) | phase;
571}
572
573static void lsi_bad_phase(LSIState *s, int out, int new_phase)
574{
575 /* Trigger a phase mismatch. */
576 if (s->ccntl0 & LSI_CCNTL0_ENPMJ) {
d1d74664
PB		 577 if ((s->ccntl0 & LSI_CCNTL0_PMJCTL)) {
578 s->dsp = out ? s->pmjad1 : s->pmjad2;
7d8406be 579 } else {
d1d74664 580 s->dsp = (s->scntl2 & LSI_SCNTL2_WSR ? s->pmjad2 : s->pmjad1);
7d8406be 581 }
c921370b 582 trace_lsi_bad_phase_jump(s->dsp);
7d8406be 583 } else {
c921370b 584 trace_lsi_bad_phase_interrupt();
7d8406be
PB		 585 lsi_script_scsi_interrupt(s, LSI_SIST0_MA, 0);
586 lsi_stop_script(s);
587 }
588 lsi_set_phase(s, new_phase);
589}
590
a917d384
PB		 591
592/* Resume SCRIPTS execution after a DMA operation. */
593static void lsi_resume_script(LSIState *s)
594{
595 if (s->waiting != 2) {
f08ec2b8 596 s->waiting = LSI_NOWAIT;
a917d384
PB		 597 lsi_execute_script(s);
598 } else {
f08ec2b8 599 s->waiting = LSI_NOWAIT;
a917d384
PB		 600 }
601}
602
64d56409
JK		 603static void lsi_disconnect(LSIState *s)
604{
605 s->scntl1 &= ~LSI_SCNTL1_CON;
606 s->sstat1 &= ~PHASE_MASK;
12dd89f7 607 s->sbcl = 0;
64d56409
JK		 608}
609
610static void lsi_bad_selection(LSIState *s, uint32_t id)
611{
c921370b 612 trace_lsi_bad_selection(id);
64d56409
JK		 613 lsi_script_scsi_interrupt(s, 0, LSI_SIST1_STO);
614 lsi_disconnect(s);
615}
616
4d611c9a 617/* Initiate a SCSI layer data transfer. */
7d8406be
PB		 618static void lsi_do_dma(LSIState *s, int out)
619{
f48a7a6e 620 uint32_t count;
9ba4524c 621 dma_addr_t addr;
64d56409 622 SCSIDevice *dev;
7d8406be 623
b96a0da0
GH		 624 assert(s->current);
625 if (!s->current->dma_len) {
a917d384 626 /* Wait until data is available. */
c921370b 627 trace_lsi_do_dma_unavailable();
a917d384 628 return;
7d8406be
PB		 629 }
630
f48a7a6e
PB		 631 dev = s->current->req->dev;
632 assert(dev);
64d56409 633
a917d384 634 count = s->dbc;
b96a0da0
GH		 635 if (count > s->current->dma_len)
636 count = s->current->dma_len;
a917d384
PB		 637
638 addr = s->dnad;
dd8edf01
AL		 639 /* both 40 and Table Indirect 64-bit DMAs store upper bits in dnad64 */
640 if (lsi_dma_40bit(s) || lsi_dma_ti64bit(s))
b25cf589 641 addr |= ((uint64_t)s->dnad64 << 32);
dd8edf01
AL		 642 else if (s->dbms)
643 addr |= ((uint64_t)s->dbms << 32);
b25cf589
AL		 644 else if (s->sbms)
645 addr |= ((uint64_t)s->sbms << 32);
646
c921370b 647 trace_lsi_do_dma(addr, count);
7d8406be 648 s->csbc += count;
a917d384
PB		 649 s->dnad += count;
650 s->dbc -= count;
5c6c0e51 651 if (s->current->dma_buf == NULL) {
0c34459b 652 s->current->dma_buf = scsi_req_get_buf(s->current->req);
a917d384 653 }
7d8406be 654 /* ??? Set SFBR to first data byte. */
a917d384 655 if (out) {
a8632434 656 lsi_mem_read(s, addr, s->current->dma_buf, count);
a917d384 657 } else {
a8632434 658 lsi_mem_write(s, addr, s->current->dma_buf, count);
a917d384 659 }
b96a0da0
GH		 660 s->current->dma_len -= count;
661 if (s->current->dma_len == 0) {
662 s->current->dma_buf = NULL;
ad3376cc 663 scsi_req_continue(s->current->req);
a917d384 664 } else {
b96a0da0 665 s->current->dma_buf += count;
a917d384
PB		 666 lsi_resume_script(s);
667 }
668}
669
670
671/* Add a command to the queue. */
672static void lsi_queue_command(LSIState *s)
673{
af12ac98 674 lsi_request *p = s->current;
a917d384 675
c921370b 676 trace_lsi_queue_command(p->tag);
af12ac98 677 assert(s->current != NULL);
b96a0da0 678 assert(s->current->dma_len == 0);
af12ac98
GH		 679 QTAILQ_INSERT_TAIL(&s->queue, s->current, next);
680 s->current = NULL;
681
a917d384
PB		 682 p->pending = 0;
683 p->out = (s->sstat1 & PHASE_MASK) == PHASE_DO;
684}
685
686/* Queue a byte for a MSG IN phase. */
687static void lsi_add_msg_byte(LSIState *s, uint8_t data)
688{
689 if (s->msg_len >= LSI_MAX_MSGIN_LEN) {
c921370b 690 trace_lsi_add_msg_byte_error();
4d611c9a 691 } else {
c921370b 692 trace_lsi_add_msg_byte(data);
a917d384 693 s->msg[s->msg_len++] = data;
7d8406be 694 }
a917d384
PB		 695}
696
697/* Perform reselection to continue a command. */
aa4d32c4 698static void lsi_reselect(LSIState *s, lsi_request *p)
a917d384 699{
a917d384
PB		 700 int id;
701
af12ac98
GH		 702 assert(s->current == NULL);
703 QTAILQ_REMOVE(&s->queue, p, next);
704 s->current = p;
705
aa4d32c4 706 id = (p->tag >> 8) & 0xf;
a917d384 707 s->ssid = id | 0x80;
cc9f28bc 708 /* LSI53C700 Family Compatibility, see LSI53C895A 4-73 */
f6dc18df 709 if (!(s->dcntl & LSI_DCNTL_COM)) {
cc9f28bc
LA		 710 s->sfbr = 1 << (id & 0x7);
711 }
c921370b 712 trace_lsi_reselect(id);
a917d384
PB		 713 s->scntl1 |= LSI_SCNTL1_CON;
714 lsi_set_phase(s, PHASE_MI);
4ae63d37 715 s->msg_action = p->out ? LSI_MSG_ACTION_DOUT : LSI_MSG_ACTION_DIN;
b96a0da0 716 s->current->dma_len = p->pending;
a917d384 717 lsi_add_msg_byte(s, 0x80);
af12ac98 718 if (s->current->tag & LSI_TAG_VALID) {
a917d384 719 lsi_add_msg_byte(s, 0x20);
aa4d32c4 720 lsi_add_msg_byte(s, p->tag & 0xff);
a917d384
PB		 721 }
722
e560125e
LA		 723 if (lsi_irq_on_rsl(s)) {
724 lsi_script_scsi_interrupt(s, LSI_SIST0_RSL, 0);
725 }
a917d384
PB		 726}
727
11257187 728static lsi_request *lsi_find_by_tag(LSIState *s, uint32_t tag)
a917d384 729{
042ec49d
GH		 730 lsi_request *p;
731
732 QTAILQ_FOREACH(p, &s->queue, next) {
a917d384 733 if (p->tag == tag) {
11257187 734 return p;
a917d384
PB		 735 }
736 }
11257187
PB		 737
738 return NULL;
739}
740
d2a9998f
PB		 741static void lsi_request_free(LSIState *s, lsi_request *p)
742{
743 if (p == s->current) {
744 s->current = NULL;
745 } else {
746 QTAILQ_REMOVE(&s->queue, p, next);
747 }
748 g_free(p);
749}
750
94d3f98a
PB		 751static void lsi_request_cancelled(SCSIRequest *req)
752{
71186c86 753 LSIState *s = LSI53C895A(req->bus->qbus.parent);
c5bf71a9 754 lsi_request *p = req->hba_private;
94d3f98a 755
d2a9998f
PB		 756 req->hba_private = NULL;
757 lsi_request_free(s, p);
758 scsi_req_unref(req);
94d3f98a
PB		 759}
760
11257187
PB		 761/* Record that data is available for a queued command. Returns zero if
762 the device was reselected, nonzero if the IO is deferred. */
c5bf71a9 763static int lsi_queue_req(LSIState *s, SCSIRequest *req, uint32_t len)
11257187 764{
c5bf71a9 765 lsi_request *p = req->hba_private;
11257187
PB		 766
767 if (p->pending) {
c921370b 768 trace_lsi_queue_req_error(p);
11257187 769 }
aba1f023 770 p->pending = len;
11257187
PB		 771 /* Reselect if waiting for it, or if reselection triggers an IRQ
772 and the bus is free.
773 Since no interrupt stacking is implemented in the emulation, it
774 is also required that there are no pending interrupts waiting
775 for service from the device driver. */
f08ec2b8 776 if (s->waiting == LSI_WAIT_RESELECT ||
11257187
PB		 777 (lsi_irq_on_rsl(s) && !(s->scntl1 & LSI_SCNTL1_CON) &&
778 !(s->istat0 & (LSI_ISTAT0_SIP | LSI_ISTAT0_DIP)))) {
779 /* Reselect device. */
780 lsi_reselect(s, p);
781 return 0;
782 } else {
c921370b 783 trace_lsi_queue_req(p->tag);
aba1f023 784 p->pending = len;
11257187
PB		 785 return 1;
786 }
7d8406be 787}
c6df7102
PB		 788
789 /* Callback to indicate that the SCSI layer has completed a command. */
01e95455 790static void lsi_command_complete(SCSIRequest *req, uint32_t status, size_t resid)
4d611c9a 791{
71186c86 792 LSIState *s = LSI53C895A(req->bus->qbus.parent);
4d611c9a
PB		 793 int out;
794
a917d384 795 out = (s->sstat1 & PHASE_MASK) == PHASE_DO;
c921370b 796 trace_lsi_command_complete(status);
aba1f023 797 s->status = status;
c6df7102
PB		 798 s->command_complete = 2;
799 if (s->waiting && s->dbc != 0) {
800 /* Raise phase mismatch for short transfers. */
801 lsi_bad_phase(s, out, PHASE_ST);
802 } else {
803 lsi_set_phase(s, PHASE_ST);
804 }
af12ac98 805
8f6e699d 806 if (req->hba_private == s->current) {
d2a9998f
PB		 807 req->hba_private = NULL;
808 lsi_request_free(s, s->current);
809 scsi_req_unref(req);
4d611c9a 810 }
c6df7102
PB		 811 lsi_resume_script(s);
812}
813
814 /* Callback to indicate that the SCSI layer has completed a transfer. */
aba1f023 815static void lsi_transfer_data(SCSIRequest *req, uint32_t len)
c6df7102 816{
71186c86 817 LSIState *s = LSI53C895A(req->bus->qbus.parent);
c6df7102 818 int out;
4d611c9a 819
8f6e699d 820 assert(req->hba_private);
f08ec2b8 821 if (s->waiting == LSI_WAIT_RESELECT || req->hba_private != s->current ||
e560125e 822 (lsi_irq_on_rsl(s) && !(s->scntl1 & LSI_SCNTL1_CON))) {
c5bf71a9 823 if (lsi_queue_req(s, req, len)) {
a917d384 824 return;
5c6c0e51 825 }
a917d384 826 }
e560125e 827
c6df7102
PB		 828 out = (s->sstat1 & PHASE_MASK) == PHASE_DO;
829
e560125e 830 /* host adapter (re)connected */
c921370b 831 trace_lsi_transfer_data(req->tag, len);
aba1f023 832 s->current->dma_len = len;
8ccc2ace 833 s->command_complete = 1;
c6df7102 834 if (s->waiting) {
f08ec2b8 835 if (s->waiting == LSI_WAIT_RESELECT || s->dbc == 0) {
c6df7102
PB		 836 lsi_resume_script(s);
837 } else {
838 lsi_do_dma(s, out);
839 }
4d611c9a
PB		 840 }
841}
7d8406be
PB		 842
843static void lsi_do_command(LSIState *s)
844{
64d56409 845 SCSIDevice *dev;
7d8406be 846 uint8_t buf[16];
64d56409 847 uint32_t id;
7d8406be
PB		 848 int n;
849
c921370b 850 trace_lsi_do_command(s->dbc);
7d8406be
PB		 851 if (s->dbc > 16)
852 s->dbc = 16;
725eec70 853 pci_dma_read(PCI_DEVICE(s), s->dnad, buf, s->dbc);
7d8406be 854 s->sfbr = buf[0];
8ccc2ace 855 s->command_complete = 0;
af12ac98 856
259d5577 857 id = (s->select_tag >> 8) & 0xf;
0d3545e7 858 dev = scsi_device_find(&s->bus, 0, id, s->current_lun);
64d56409
JK		 859 if (!dev) {
860 lsi_bad_selection(s, id);
861 return;
862 }
863
af12ac98 864 assert(s->current == NULL);
3c55fe2a 865 s->current = g_new0(lsi_request, 1);
af12ac98 866 s->current->tag = s->select_tag;
c39ce112 867 s->current->req = scsi_req_new(dev, s->current->tag, s->current_lun, buf,
c5bf71a9 868 s->current);
af12ac98 869
c39ce112 870 n = scsi_req_enqueue(s->current->req);
ad3376cc
PB		 871 if (n) {
872 if (n > 0) {
873 lsi_set_phase(s, PHASE_DI);
874 } else if (n < 0) {
875 lsi_set_phase(s, PHASE_DO);
876 }
877 scsi_req_continue(s->current->req);
a917d384 878 }
8ccc2ace
TS		 879 if (!s->command_complete) {
880 if (n) {
881 /* Command did not complete immediately so disconnect. */
882 lsi_add_msg_byte(s, 2); /* SAVE DATA POINTER */
883 lsi_add_msg_byte(s, 4); /* DISCONNECT */
884 /* wait data */
885 lsi_set_phase(s, PHASE_MI);
4ae63d37 886 s->msg_action = LSI_MSG_ACTION_DISCONNECT;
8ccc2ace
TS		 887 lsi_queue_command(s);
888 } else {
889 /* wait command complete */
890 lsi_set_phase(s, PHASE_DI);
891 }
7d8406be
PB		 892 }
893}
894
7d8406be
PB		 895static void lsi_do_status(LSIState *s)
896{
2f172849 897 uint8_t status;
c921370b
MCA		 898 trace_lsi_do_status(s->dbc, s->status);
899 if (s->dbc != 1) {
900 trace_lsi_do_status_error();
901 }
7d8406be 902 s->dbc = 1;
2f172849
HR		 903 status = s->status;
904 s->sfbr = status;
725eec70 905 pci_dma_write(PCI_DEVICE(s), s->dnad, &status, 1);
7d8406be 906 lsi_set_phase(s, PHASE_MI);
4ae63d37 907 s->msg_action = LSI_MSG_ACTION_DISCONNECT;
a917d384 908 lsi_add_msg_byte(s, 0); /* COMMAND COMPLETE */
7d8406be
PB		 909}
910
7d8406be
PB		 911static void lsi_do_msgin(LSIState *s)
912{
e58ccf03 913 uint8_t len;
c921370b 914 trace_lsi_do_msgin(s->dbc, s->msg_len);
a917d384
PB		 915 s->sfbr = s->msg[0];
916 len = s->msg_len;
e58ccf03 917 assert(len > 0 && len <= LSI_MAX_MSGIN_LEN);
a917d384
PB		 918 if (len > s->dbc)
919 len = s->dbc;
725eec70 920 pci_dma_write(PCI_DEVICE(s), s->dnad, s->msg, len);
a917d384
PB		 921 /* Linux drivers rely on the last byte being in the SIDL. */
922 s->sidl = s->msg[len - 1];
923 s->msg_len -= len;
924 if (s->msg_len) {
925 memmove(s->msg, s->msg + len, s->msg_len);
7d8406be
PB		 926 } else {
927 /* ??? Check if ATN (not yet implemented) is asserted and maybe
928 switch to PHASE_MO. */
a917d384 929 switch (s->msg_action) {
4ae63d37 930 case LSI_MSG_ACTION_COMMAND:
a917d384
PB		 931 lsi_set_phase(s, PHASE_CMD);
932 break;
4ae63d37 933 case LSI_MSG_ACTION_DISCONNECT:
a917d384
PB		 934 lsi_disconnect(s);
935 break;
4ae63d37 936 case LSI_MSG_ACTION_DOUT:
a917d384
PB		 937 lsi_set_phase(s, PHASE_DO);
938 break;
4ae63d37 939 case LSI_MSG_ACTION_DIN:
a917d384
PB		 940 lsi_set_phase(s, PHASE_DI);
941 break;
942 default:
943 abort();
944 }
7d8406be
PB		 945 }
946}
947
a917d384
PB		 948/* Read the next byte during a MSGOUT phase. */
949static uint8_t lsi_get_msgbyte(LSIState *s)
950{
951 uint8_t data;
725eec70 952 pci_dma_read(PCI_DEVICE(s), s->dnad, &data, 1);
a917d384
PB		 953 s->dnad++;
954 s->dbc--;
955 return data;
956}
957
444dd39b
SH		 958/* Skip the next n bytes during a MSGOUT phase. */
959static void lsi_skip_msgbytes(LSIState *s, unsigned int n)
960{
961 s->dnad += n;
962 s->dbc -= n;
963}
964
7d8406be
PB		 965static void lsi_do_msgout(LSIState *s)
966{
967 uint8_t msg;
a917d384 968 int len;
508240c0 969 uint32_t current_tag;
5c6c0e51 970 lsi_request *current_req, *p, *p_next;
508240c0
BK		 971
972 if (s->current) {
973 current_tag = s->current->tag;
5c6c0e51 974 current_req = s->current;
508240c0
BK		 975 } else {
976 current_tag = s->select_tag;
5c6c0e51 977 current_req = lsi_find_by_tag(s, current_tag);
508240c0 978 }
7d8406be 979
c921370b 980 trace_lsi_do_msgout(s->dbc);
a917d384
PB		 981 while (s->dbc) {
982 msg = lsi_get_msgbyte(s);
983 s->sfbr = msg;
984
985 switch (msg) {
77203ea0 986 case 0x04:
c921370b 987 trace_lsi_do_msgout_disconnect();
a917d384
PB		 988 lsi_disconnect(s);
989 break;
990 case 0x08:
c921370b 991 trace_lsi_do_msgout_noop();
a917d384
PB		 992 lsi_set_phase(s, PHASE_CMD);
993 break;
994 case 0x01:
995 len = lsi_get_msgbyte(s);
996 msg = lsi_get_msgbyte(s);
f3f5b867 997 (void)len; /* avoid a warning about unused variable*/
c921370b 998 trace_lsi_do_msgout_extended(msg, len);
a917d384
PB		 999 switch (msg) {
1000 case 1:
c921370b 1001 trace_lsi_do_msgout_ignored("SDTR");
444dd39b 1002 lsi_skip_msgbytes(s, 2);
a917d384
PB		 1003 break;
1004 case 3:
c921370b 1005 trace_lsi_do_msgout_ignored("WDTR");
444dd39b 1006 lsi_skip_msgbytes(s, 1);
a917d384 1007 break;
966a09fa 1008 case 4:
c921370b 1009 trace_lsi_do_msgout_ignored("PPR");
966a09fa
GK		 1010 lsi_skip_msgbytes(s, 5);
1011 break;
a917d384
PB		 1012 default:
1013 goto bad;
1014 }
1015 break;
1016 case 0x20: /* SIMPLE queue */
af12ac98 1017 s->select_tag |= lsi_get_msgbyte(s) | LSI_TAG_VALID;
c921370b 1018 trace_lsi_do_msgout_simplequeue(s->select_tag & 0xff);
a917d384
PB		 1019 break;
1020 case 0x21: /* HEAD of queue */
c921370b 1021 qemu_log_mask(LOG_UNIMP, "lsi_scsi: HEAD queue not implemented\n");
af12ac98 1022 s->select_tag |= lsi_get_msgbyte(s) | LSI_TAG_VALID;
a917d384
PB		 1023 break;
1024 case 0x22: /* ORDERED queue */
c921370b
MCA		 1025 qemu_log_mask(LOG_UNIMP,
1026 "lsi_scsi: ORDERED queue not implemented\n");
af12ac98 1027 s->select_tag |= lsi_get_msgbyte(s) | LSI_TAG_VALID;
a917d384 1028 break;
508240c0
BK		 1029 case 0x0d:
1030 /* The ABORT TAG message clears the current I/O process only. */
c921370b 1031 trace_lsi_do_msgout_abort(current_tag);
5c6c0e51 1032 if (current_req) {
94d3f98a 1033 scsi_req_cancel(current_req->req);
5c6c0e51 1034 }
508240c0
BK		 1035 lsi_disconnect(s);
1036 break;
1037 case 0x06:
1038 case 0x0e:
1039 case 0x0c:
1040 /* The ABORT message clears all I/O processes for the selecting
1041 initiator on the specified logical unit of the target. */
1042 if (msg == 0x06) {
c921370b 1043 trace_lsi_do_msgout_abort(current_tag);
508240c0
BK		 1044 }
1045 /* The CLEAR QUEUE message clears all I/O processes for all
1046 initiators on the specified logical unit of the target. */
1047 if (msg == 0x0e) {
c921370b 1048 trace_lsi_do_msgout_clearqueue(current_tag);
508240c0
BK		 1049 }
1050 /* The BUS DEVICE RESET message clears all I/O processes for all
1051 initiators on all logical units of the target. */
1052 if (msg == 0x0c) {
c921370b 1053 trace_lsi_do_msgout_busdevicereset(current_tag);
508240c0
BK		 1054 }
1055
1056 /* clear the current I/O process */
5c6c0e51 1057 if (s->current) {
94d3f98a 1058 scsi_req_cancel(s->current->req);
5c6c0e51 1059 }
508240c0
BK		 1060
1061 /* As the current implemented devices scsi_disk and scsi_generic
1062 only support one LUN, we don't need to keep track of LUNs.
1063 Clearing I/O processes for other initiators could be possible
1064 for scsi_generic by sending a SG_SCSI_RESET to the /dev/sgX
1065 device, but this is currently not implemented (and seems not
1066 to be really necessary). So let's simply clear all queued
1067 commands for the current device: */
508240c0 1068 QTAILQ_FOREACH_SAFE(p, &s->queue, next, p_next) {
a6c6f44a 1069 if ((p->tag & 0x0000ff00) == (current_tag & 0x0000ff00)) {
94d3f98a 1070 scsi_req_cancel(p->req);
508240c0
BK		 1071 }
1072 }
1073
1074 lsi_disconnect(s);
1075 break;
a917d384
PB		 1076 default:
1077 if ((msg & 0x80) == 0) {
1078 goto bad;
1079 }
1080 s->current_lun = msg & 7;
c921370b 1081 trace_lsi_do_msgout_select(s->current_lun);
a917d384
PB		 1082 lsi_set_phase(s, PHASE_CMD);
1083 break;
1084 }
7d8406be 1085 }
a917d384
PB		 1086 return;
1087bad:
c921370b 1088 qemu_log_mask(LOG_UNIMP, "Unimplemented message 0x%02x\n", msg);
a917d384
PB		 1089 lsi_set_phase(s, PHASE_MI);
1090 lsi_add_msg_byte(s, 7); /* MESSAGE REJECT */
4ae63d37 1091 s->msg_action = LSI_MSG_ACTION_COMMAND;
7d8406be
PB		 1092}
1093
e20a8dff 1094#define LSI_BUF_SIZE 4096
7d8406be
PB		 1095static void lsi_memcpy(LSIState *s, uint32_t dest, uint32_t src, int count)
1096{
1097 int n;
e20a8dff 1098 uint8_t buf[LSI_BUF_SIZE];
7d8406be 1099
c921370b 1100 trace_lsi_memcpy(dest, src, count);
7d8406be 1101 while (count) {
e20a8dff 1102 n = (count > LSI_BUF_SIZE) ? LSI_BUF_SIZE : count;
a8632434
HP		 1103 lsi_mem_read(s, src, buf, n);
1104 lsi_mem_write(s, dest, buf, n);
7d8406be
PB		 1105 src += n;
1106 dest += n;
1107 count -= n;
1108 }
1109}
1110
a917d384
PB		 1111static void lsi_wait_reselect(LSIState *s)
1112{
042ec49d
GH		 1113 lsi_request *p;
1114
c921370b 1115 trace_lsi_wait_reselect();
042ec49d 1116
56333e69
GK		 1117 if (s->current) {
1118 return;
1119 }
1120 p = get_pending_req(s);
1121 if (p) {
1122 lsi_reselect(s, p);
a917d384 1123 }
b96a0da0 1124 if (s->current == NULL) {
f08ec2b8 1125 s->waiting = LSI_WAIT_RESELECT;
a917d384
PB		 1126 }
1127}
1128
7d8406be
PB		 1129static void lsi_execute_script(LSIState *s)
1130{
725eec70 1131 PCIDevice *pci_dev = PCI_DEVICE(s);
7d8406be 1132 uint32_t insn;
b25cf589 1133 uint32_t addr, addr_high;
7d8406be 1134 int opcode;
ee4d919f 1135 int insn_processed = 0;
7d8406be
PB		 1136
1137 s->istat1 |= LSI_ISTAT1_SRUN;
1138again:
de594e47
PB		 1139 if (++insn_processed > LSI_MAX_INSN) {
1140 /* Some windows drivers make the device spin waiting for a memory
1141 location to change. If we have been executed a lot of code then
1142 assume this is the case and force an unexpected device disconnect.
1143 This is apparently sufficient to beat the drivers into submission.
1144 */
1145 if (!(s->sien0 & LSI_SIST0_UDC)) {
1146 qemu_log_mask(LOG_GUEST_ERROR,
1147 "lsi_scsi: inf. loop with UDC masked");
1148 }
1149 lsi_script_scsi_interrupt(s, LSI_SIST0_UDC, 0);
1150 lsi_disconnect(s);
1151 trace_lsi_execute_script_stop();
1152 return;
1153 }
7d8406be 1154 insn = read_dword(s, s->dsp);
02b373ad
AZ		 1155 if (!insn) {
1156 /* If we receive an empty opcode increment the DSP by 4 bytes
1157 instead of 8 and execute the next opcode at that location */
1158 s->dsp += 4;
1159 goto again;
1160 }
7d8406be 1161 addr = read_dword(s, s->dsp + 4);
b25cf589 1162 addr_high = 0;
c921370b 1163 trace_lsi_execute_script(s->dsp, insn, addr);
7d8406be
PB		 1164 s->dsps = addr;
1165 s->dcmd = insn >> 24;
1166 s->dsp += 8;
1167 switch (insn >> 30) {
1168 case 0: /* Block move. */
1169 if (s->sist1 & LSI_SIST1_STO) {
c921370b 1170 trace_lsi_execute_script_blockmove_delayed();
7d8406be
PB		 1171 lsi_stop_script(s);
1172 break;
1173 }
1174 s->dbc = insn & 0xffffff;
1175 s->rbc = s->dbc;
dd8edf01
AL		 1176 /* ??? Set ESA. */
1177 s->ia = s->dsp - 8;
7d8406be
PB		 1178 if (insn & (1 << 29)) {
1179 /* Indirect addressing. */
1180 addr = read_dword(s, addr);
1181 } else if (insn & (1 << 28)) {
1182 uint32_t buf[2];
1183 int32_t offset;
1184 /* Table indirect addressing. */
dd8edf01
AL		 1185
1186 /* 32-bit Table indirect */
92794105 1187 offset = sextract32(addr, 0, 24);
725eec70 1188 pci_dma_read(pci_dev, s->dsa + offset, buf, 8);
b25cf589
AL		 1189 /* byte count is stored in bits 0:23 only */
1190 s->dbc = cpu_to_le32(buf[0]) & 0xffffff;
7faa239c 1191 s->rbc = s->dbc;
7d8406be 1192 addr = cpu_to_le32(buf[1]);
b25cf589
AL		 1193
1194 /* 40-bit DMA, upper addr bits [39:32] stored in first DWORD of
1195 * table, bits [31:24] */
1196 if (lsi_dma_40bit(s))
1197 addr_high = cpu_to_le32(buf[0]) >> 24;
dd8edf01
AL		 1198 else if (lsi_dma_ti64bit(s)) {
1199 int selector = (cpu_to_le32(buf[0]) >> 24) & 0x1f;
1200 switch (selector) {
1201 case 0 ... 0x0f:
1202 /* offset index into scratch registers since
1203 * TI64 mode can use registers C to R */
1204 addr_high = s->scratch[2 + selector];
1205 break;
1206 case 0x10:
1207 addr_high = s->mmrs;
1208 break;
1209 case 0x11:
1210 addr_high = s->mmws;
1211 break;
1212 case 0x12:
1213 addr_high = s->sfs;
1214 break;
1215 case 0x13:
1216 addr_high = s->drs;
1217 break;
1218 case 0x14:
1219 addr_high = s->sbms;
1220 break;
1221 case 0x15:
1222 addr_high = s->dbms;
1223 break;
1224 default:
c921370b
MCA		 1225 qemu_log_mask(LOG_GUEST_ERROR,
1226 "lsi_scsi: Illegal selector specified (0x%x > 0x15) "
1227 "for 64-bit DMA block move", selector);
dd8edf01
AL		 1228 break;
1229 }
1230 }
1231 } else if (lsi_dma_64bit(s)) {
1232 /* fetch a 3rd dword if 64-bit direct move is enabled and
1233 only if we're not doing table indirect or indirect addressing */
1234 s->dbms = read_dword(s, s->dsp);
1235 s->dsp += 4;
1236 s->ia = s->dsp - 12;
7d8406be
PB		 1237 }
1238 if ((s->sstat1 & PHASE_MASK) != ((insn >> 24) & 7)) {
82cf2bcf
SS		 1239 trace_lsi_execute_script_blockmove_badphase(
1240 scsi_phase_name(s->sstat1),
1241 scsi_phase_name(insn >> 24));
7d8406be
PB		 1242 lsi_script_scsi_interrupt(s, LSI_SIST0_MA, 0);
1243 break;
1244 }
1245 s->dnad = addr;
b25cf589 1246 s->dnad64 = addr_high;
7d8406be
PB		 1247 switch (s->sstat1 & 0x7) {
1248 case PHASE_DO:
f08ec2b8 1249 s->waiting = LSI_DMA_SCRIPTS;
7d8406be 1250 lsi_do_dma(s, 1);
a917d384 1251 if (s->waiting)
f08ec2b8 1252 s->waiting = LSI_DMA_IN_PROGRESS;
7d8406be
PB		 1253 break;
1254 case PHASE_DI:
f08ec2b8 1255 s->waiting = LSI_DMA_SCRIPTS;
7d8406be 1256 lsi_do_dma(s, 0);
a917d384 1257 if (s->waiting)
f08ec2b8 1258 s->waiting = LSI_DMA_IN_PROGRESS;
7d8406be
PB		 1259 break;
1260 case PHASE_CMD:
1261 lsi_do_command(s);
1262 break;
1263 case PHASE_ST:
1264 lsi_do_status(s);
1265 break;
1266 case PHASE_MO:
1267 lsi_do_msgout(s);
1268 break;
1269 case PHASE_MI:
1270 lsi_do_msgin(s);
1271 break;
1272 default:
82cf2bcf
SS		 1273 qemu_log_mask(LOG_UNIMP, "lsi_scsi: Unimplemented phase %s\n",
1274 scsi_phase_name(s->sstat1));
7d8406be
PB		 1275 }
1276 s->dfifo = s->dbc & 0xff;
1277 s->ctest5 = (s->ctest5 & 0xfc) | ((s->dbc >> 8) & 3);
1278 s->sbc = s->dbc;
1279 s->rbc -= s->dbc;
1280 s->ua = addr + s->dbc;
7d8406be
PB		 1281 break;
1282
1283 case 1: /* IO or Read/Write instruction. */
1284 opcode = (insn >> 27) & 7;
1285 if (opcode < 5) {
1286 uint32_t id;
1287
1288 if (insn & (1 << 25)) {
92794105 1289 id = read_dword(s, s->dsa + sextract32(insn, 0, 24));
7d8406be 1290 } else {
07a1bea8 1291 id = insn;
7d8406be
PB		 1292 }
1293 id = (id >> 16) & 0xf;
1294 if (insn & (1 << 26)) {
92794105 1295 addr = s->dsp + sextract32(addr, 0, 24);
7d8406be
PB		 1296 }
1297 s->dnad = addr;
1298 switch (opcode) {
1299 case 0: /* Select */
a917d384 1300 s->sdid = id;
38f5b2b8 1301 if (s->scntl1 & LSI_SCNTL1_CON) {
c921370b 1302 trace_lsi_execute_script_io_alreadyreselected();
38f5b2b8 1303 s->dsp = s->dnad;
a917d384
PB		 1304 break;
1305 }
7d8406be
PB		 1306 s->sstat0 |= LSI_SSTAT0_WOA;
1307 s->scntl1 &= ~LSI_SCNTL1_IARB;
0d3545e7 1308 if (!scsi_device_find(&s->bus, 0, id, 0)) {
64d56409 1309 lsi_bad_selection(s, id);
7d8406be
PB		 1310 break;
1311 }
c921370b
MCA		 1312 trace_lsi_execute_script_io_selected(id,
1313 insn & (1 << 3) ? " ATN" : "");
7d8406be
PB		 1314 /* ??? Linux drivers compain when this is set. Maybe
1315 it only applies in low-level mode (unimplemented).
1316 lsi_script_scsi_interrupt(s, LSI_SIST0_CMP, 0); */
af12ac98 1317 s->select_tag = id << 8;
7d8406be
PB		 1318 s->scntl1 |= LSI_SCNTL1_CON;
1319 if (insn & (1 << 3)) {
1320 s->socl |= LSI_SOCL_ATN;
12dd89f7 1321 s->sbcl |= LSI_SBCL_ATN;
7d8406be 1322 }
12dd89f7 1323 s->sbcl |= LSI_SBCL_BSY;
7d8406be 1324 lsi_set_phase(s, PHASE_MO);
f08ec2b8 1325 s->waiting = LSI_NOWAIT;
7d8406be
PB		 1326 break;
1327 case 1: /* Disconnect */
c921370b 1328 trace_lsi_execute_script_io_disconnect();
7d8406be 1329 s->scntl1 &= ~LSI_SCNTL1_CON;
56333e69
GK		 1330 /* FIXME: this is not entirely correct; the target need not ask
1331 * for reselection until it has to send data, while here we force a
1332 * reselection as soon as the bus is free. The correct flow would
1333 * reselect before lsi_transfer_data and disconnect as soon as
1334 * DMA ends.
1335 */
1336 if (!s->current) {
1337 lsi_request *p = get_pending_req(s);
1338 if (p) {
1339 lsi_reselect(s, p);
1340 }
1341 }
7d8406be
PB		 1342 break;
1343 case 2: /* Wait Reselect */
2265e98b
SS		 1344 if (s->istat0 & LSI_ISTAT0_SIGP) {
1345 s->dsp = s->dnad;
1346 } else if (!lsi_irq_on_rsl(s)) {
1347 lsi_wait_reselect(s);
e560125e 1348 }
7d8406be
PB		 1349 break;
1350 case 3: /* Set */
c921370b 1351 trace_lsi_execute_script_io_set(
7d8406be
PB		 1352 insn & (1 << 3) ? " ATN" : "",
1353 insn & (1 << 6) ? " ACK" : "",
1354 insn & (1 << 9) ? " TM" : "",
1355 insn & (1 << 10) ? " CC" : "");
1356 if (insn & (1 << 3)) {
1357 s->socl |= LSI_SOCL_ATN;
12dd89f7 1358 s->sbcl |= LSI_SBCL_ATN;
7d8406be
PB		 1359 lsi_set_phase(s, PHASE_MO);
1360 }
12dd89f7
SS		 1361
1362 if (insn & (1 << 6)) {
1363 s->sbcl |= LSI_SBCL_ACK;
1364 }
1365
7d8406be 1366 if (insn & (1 << 9)) {
c921370b
MCA		 1367 qemu_log_mask(LOG_UNIMP,
1368 "lsi_scsi: Target mode not implemented\n");
7d8406be
PB		 1369 }
1370 if (insn & (1 << 10))
1371 s->carry = 1;
1372 break;
1373 case 4: /* Clear */
c921370b 1374 trace_lsi_execute_script_io_clear(
7d8406be
PB		 1375 insn & (1 << 3) ? " ATN" : "",
1376 insn & (1 << 6) ? " ACK" : "",
1377 insn & (1 << 9) ? " TM" : "",
1378 insn & (1 << 10) ? " CC" : "");
1379 if (insn & (1 << 3)) {
1380 s->socl &= ~LSI_SOCL_ATN;
12dd89f7 1381 s->sbcl &= ~LSI_SBCL_ATN;
7d8406be 1382 }
12dd89f7
SS		 1383
1384 if (insn & (1 << 6)) {
1385 s->sbcl &= ~LSI_SBCL_ACK;
1386 }
1387
7d8406be
PB		 1388 if (insn & (1 << 10))
1389 s->carry = 0;
1390 break;
1391 }
1392 } else {
1393 uint8_t op0;
1394 uint8_t op1;
1395 uint8_t data8;
1396 int reg;
1397 int operator;
c921370b 1398
7d8406be
PB		 1399 static const char *opcode_names[3] =
1400 {"Write", "Read", "Read-Modify-Write"};
1401 static const char *operator_names[8] =
1402 {"MOV", "SHL", "OR", "XOR", "AND", "SHR", "ADD", "ADC"};
7d8406be
PB		 1403
1404 reg = ((insn >> 16) & 0x7f) | (insn & 0x80);
1405 data8 = (insn >> 8) & 0xff;
1406 opcode = (insn >> 27) & 7;
1407 operator = (insn >> 24) & 7;
c921370b 1408 trace_lsi_execute_script_io_opcode(
7d8406be 1409 opcode_names[opcode - 5], reg,
a917d384 1410 operator_names[operator], data8, s->sfbr,
7d8406be
PB		 1411 (insn & (1 << 23)) ? " SFBR" : "");
1412 op0 = op1 = 0;
1413 switch (opcode) {
1414 case 5: /* From SFBR */
1415 op0 = s->sfbr;
1416 op1 = data8;
1417 break;
1418 case 6: /* To SFBR */
1419 if (operator)
1420 op0 = lsi_reg_readb(s, reg);
1421 op1 = data8;
1422 break;
1423 case 7: /* Read-modify-write */
1424 if (operator)
1425 op0 = lsi_reg_readb(s, reg);
1426 if (insn & (1 << 23)) {
1427 op1 = s->sfbr;
1428 } else {
1429 op1 = data8;
1430 }
1431 break;
1432 }
1433
1434 switch (operator) {
1435 case 0: /* move */
1436 op0 = op1;
1437 break;
1438 case 1: /* Shift left */
1439 op1 = op0 >> 7;
1440 op0 = (op0 << 1) | s->carry;
1441 s->carry = op1;
1442 break;
1443 case 2: /* OR */
1444 op0 |= op1;
1445 break;
1446 case 3: /* XOR */
dcfb9014 1447 op0 ^= op1;
7d8406be
PB		 1448 break;
1449 case 4: /* AND */
1450 op0 &= op1;
1451 break;
1452 case 5: /* SHR */
1453 op1 = op0 & 1;
1454 op0 = (op0 >> 1) | (s->carry << 7);
687fa640 1455 s->carry = op1;
7d8406be
PB		 1456 break;
1457 case 6: /* ADD */
1458 op0 += op1;
1459 s->carry = op0 < op1;
1460 break;
1461 case 7: /* ADC */
1462 op0 += op1 + s->carry;
1463 if (s->carry)
1464 s->carry = op0 <= op1;
1465 else
1466 s->carry = op0 < op1;
1467 break;
1468 }
1469
1470 switch (opcode) {
1471 case 5: /* From SFBR */
1472 case 7: /* Read-modify-write */
1473 lsi_reg_writeb(s, reg, op0);
1474 break;
1475 case 6: /* To SFBR */
1476 s->sfbr = op0;
1477 break;
1478 }
1479 }
1480 break;
1481
1482 case 2: /* Transfer Control. */
1483 {
1484 int cond;
1485 int jmp;
1486
1487 if ((insn & 0x002e0000) == 0) {
c921370b 1488 trace_lsi_execute_script_tc_nop();
7d8406be
PB		 1489 break;
1490 }
1491 if (s->sist1 & LSI_SIST1_STO) {
c921370b 1492 trace_lsi_execute_script_tc_delayedselect_timeout();
7d8406be
PB		 1493 lsi_stop_script(s);
1494 break;
1495 }
1496 cond = jmp = (insn & (1 << 19)) != 0;
1497 if (cond == jmp && (insn & (1 << 21))) {
c921370b 1498 trace_lsi_execute_script_tc_compc(s->carry == jmp);
7d8406be
PB		 1499 cond = s->carry != 0;
1500 }
1501 if (cond == jmp && (insn & (1 << 17))) {
82cf2bcf
SS		 1502 trace_lsi_execute_script_tc_compp(scsi_phase_name(s->sstat1),
1503 jmp ? '=' : '!', scsi_phase_name(insn >> 24));
7d8406be
PB		 1504 cond = (s->sstat1 & PHASE_MASK) == ((insn >> 24) & 7);
1505 }
1506 if (cond == jmp && (insn & (1 << 18))) {
1507 uint8_t mask;
1508
1509 mask = (~insn >> 8) & 0xff;
c921370b 1510 trace_lsi_execute_script_tc_compd(
7d8406be
PB		 1511 s->sfbr, mask, jmp ? '=' : '!', insn & mask);
1512 cond = (s->sfbr & mask) == (insn & mask);
1513 }
1514 if (cond == jmp) {
1515 if (insn & (1 << 23)) {
1516 /* Relative address. */
92794105 1517 addr = s->dsp + sextract32(addr, 0, 24);
7d8406be
PB		 1518 }
1519 switch ((insn >> 27) & 7) {
1520 case 0: /* Jump */
c921370b 1521 trace_lsi_execute_script_tc_jump(addr);
6f84da3a 1522 s->adder = addr;
7d8406be
PB		 1523 s->dsp = addr;
1524 break;
1525 case 1: /* Call */
c921370b 1526 trace_lsi_execute_script_tc_call(addr);
7d8406be
PB		 1527 s->temp = s->dsp;
1528 s->dsp = addr;
1529 break;
1530 case 2: /* Return */
c921370b 1531 trace_lsi_execute_script_tc_return(s->temp);
7d8406be
PB		 1532 s->dsp = s->temp;
1533 break;
1534 case 3: /* Interrupt */
c921370b 1535 trace_lsi_execute_script_tc_interrupt(s->dsps);
7d8406be
PB		 1536 if ((insn & (1 << 20)) != 0) {
1537 s->istat0 |= LSI_ISTAT0_INTF;
1538 lsi_update_irq(s);
1539 } else {
1540 lsi_script_dma_interrupt(s, LSI_DSTAT_SIR);
1541 }
1542 break;
1543 default:
c921370b 1544 trace_lsi_execute_script_tc_illegal();
7d8406be
PB		 1545 lsi_script_dma_interrupt(s, LSI_DSTAT_IID);
1546 break;
1547 }
1548 } else {
c921370b 1549 trace_lsi_execute_script_tc_cc_failed();
7d8406be
PB		 1550 }
1551 }
1552 break;
1553
1554 case 3:
1555 if ((insn & (1 << 29)) == 0) {
1556 /* Memory move. */
1557 uint32_t dest;
1558 /* ??? The docs imply the destination address is loaded into
1559 the TEMP register. However the Linux drivers rely on
1560 the value being presrved. */
1561 dest = read_dword(s, s->dsp);
1562 s->dsp += 4;
1563 lsi_memcpy(s, dest, addr, insn & 0xffffff);
1564 } else {
1565 uint8_t data[7];
1566 int reg;
1567 int n;
1568 int i;
1569
1570 if (insn & (1 << 28)) {
92794105 1571 addr = s->dsa + sextract32(addr, 0, 24);
7d8406be
PB		 1572 }
1573 n = (insn & 7);
1574 reg = (insn >> 16) & 0xff;
1575 if (insn & (1 << 24)) {
725eec70 1576 pci_dma_read(pci_dev, addr, data, n);
c921370b 1577 trace_lsi_execute_script_mm_load(reg, n, addr, *(int *)data);
7d8406be
PB		 1578 for (i = 0; i < n; i++) {
1579 lsi_reg_writeb(s, reg + i, data[i]);
1580 }
1581 } else {
c921370b 1582 trace_lsi_execute_script_mm_store(reg, n, addr);
7d8406be
PB		 1583 for (i = 0; i < n; i++) {
1584 data[i] = lsi_reg_readb(s, reg + i);
1585 }
725eec70 1586 pci_dma_write(pci_dev, addr, data, n);
7d8406be
PB		 1587 }
1588 }
1589 }
de594e47 1590 if (s->istat1 & LSI_ISTAT1_SRUN && s->waiting == LSI_NOWAIT) {
7d8406be
PB		 1591 if (s->dcntl & LSI_DCNTL_SSM) {
1592 lsi_script_dma_interrupt(s, LSI_DSTAT_SSI);
1593 } else {
1594 goto again;
1595 }
1596 }
c921370b 1597 trace_lsi_execute_script_stop();
7d8406be
PB		 1598}
1599
1600static uint8_t lsi_reg_readb(LSIState *s, int offset)
1601{
64eb7491
HP		 1602 uint8_t ret;
1603
75f76531 1604#define CASE_GET_REG24(name, addr) \
64eb7491
HP		 1605 case addr: ret = s->name & 0xff; break; \
1606 case addr + 1: ret = (s->name >> 8) & 0xff; break; \
1607 case addr + 2: ret = (s->name >> 16) & 0xff; break;
75f76531 1608
7d8406be 1609#define CASE_GET_REG32(name, addr) \
64eb7491
HP		 1610 case addr: ret = s->name & 0xff; break; \
1611 case addr + 1: ret = (s->name >> 8) & 0xff; break; \
1612 case addr + 2: ret = (s->name >> 16) & 0xff; break; \
1613 case addr + 3: ret = (s->name >> 24) & 0xff; break;
7d8406be 1614
7d8406be
PB		 1615 switch (offset) {
1616 case 0x00: /* SCNTL0 */
64eb7491
HP		 1617 ret = s->scntl0;
1618 break;
7d8406be 1619 case 0x01: /* SCNTL1 */
64eb7491
HP		 1620 ret = s->scntl1;
1621 break;
7d8406be 1622 case 0x02: /* SCNTL2 */
64eb7491
HP		 1623 ret = s->scntl2;
1624 break;
7d8406be 1625 case 0x03: /* SCNTL3 */
64eb7491
HP		 1626 ret = s->scntl3;
1627 break;
7d8406be 1628 case 0x04: /* SCID */
64eb7491
HP		 1629 ret = s->scid;
1630 break;
7d8406be 1631 case 0x05: /* SXFER */
64eb7491
HP		 1632 ret = s->sxfer;
1633 break;
7d8406be 1634 case 0x06: /* SDID */
64eb7491
HP		 1635 ret = s->sdid;
1636 break;
7d8406be 1637 case 0x07: /* GPREG0 */
64eb7491
HP		 1638 ret = 0x7f;
1639 break;
985a03b0 1640 case 0x08: /* Revision ID */
64eb7491
HP		 1641 ret = 0x00;
1642 break;
6f84da3a 1643 case 0x09: /* SOCL */
64eb7491
HP		 1644 ret = s->socl;
1645 break;
a917d384 1646 case 0xa: /* SSID */
64eb7491
HP		 1647 ret = s->ssid;
1648 break;
7d8406be 1649 case 0xb: /* SBCL */
12dd89f7 1650 ret = s->sbcl;
64eb7491 1651 break;
7d8406be 1652 case 0xc: /* DSTAT */
64eb7491 1653 ret = s->dstat | LSI_DSTAT_DFE;
7d8406be
PB		 1654 if ((s->istat0 & LSI_ISTAT0_INTF) == 0)
1655 s->dstat = 0;
1656 lsi_update_irq(s);
64eb7491 1657 break;
7d8406be 1658 case 0x0d: /* SSTAT0 */
64eb7491
HP		 1659 ret = s->sstat0;
1660 break;
7d8406be 1661 case 0x0e: /* SSTAT1 */
64eb7491
HP		 1662 ret = s->sstat1;
1663 break;
7d8406be 1664 case 0x0f: /* SSTAT2 */
64eb7491
HP		 1665 ret = s->scntl1 & LSI_SCNTL1_CON ? 0 : 2;
1666 break;
7d8406be
PB		 1667 CASE_GET_REG32(dsa, 0x10)
1668 case 0x14: /* ISTAT0 */
64eb7491
HP		 1669 ret = s->istat0;
1670 break;
ecabe8cc 1671 case 0x15: /* ISTAT1 */
64eb7491
HP		 1672 ret = s->istat1;
1673 break;
7d8406be 1674 case 0x16: /* MBOX0 */
64eb7491
HP		 1675 ret = s->mbox0;
1676 break;
7d8406be 1677 case 0x17: /* MBOX1 */
64eb7491
HP		 1678 ret = s->mbox1;
1679 break;
7d8406be 1680 case 0x18: /* CTEST0 */
64eb7491
HP		 1681 ret = 0xff;
1682 break;
7d8406be 1683 case 0x19: /* CTEST1 */
64eb7491
HP		 1684 ret = 0;
1685 break;
7d8406be 1686 case 0x1a: /* CTEST2 */
64eb7491 1687 ret = s->ctest2 | LSI_CTEST2_DACK | LSI_CTEST2_CM;
7d8406be
PB		 1688 if (s->istat0 & LSI_ISTAT0_SIGP) {
1689 s->istat0 &= ~LSI_ISTAT0_SIGP;
64eb7491 1690 ret |= LSI_CTEST2_SIGP;
7d8406be 1691 }
64eb7491 1692 break;
7d8406be 1693 case 0x1b: /* CTEST3 */
64eb7491
HP		 1694 ret = s->ctest3;
1695 break;
7d8406be
PB		 1696 CASE_GET_REG32(temp, 0x1c)
1697 case 0x20: /* DFIFO */
07163c99 1698 ret = s->dfifo;
64eb7491 1699 break;
7d8406be 1700 case 0x21: /* CTEST4 */
64eb7491
HP		 1701 ret = s->ctest4;
1702 break;
7d8406be 1703 case 0x22: /* CTEST5 */
64eb7491
HP		 1704 ret = s->ctest5;
1705 break;
985a03b0 1706 case 0x23: /* CTEST6 */
64eb7491
HP		 1707 ret = 0;
1708 break;
75f76531 1709 CASE_GET_REG24(dbc, 0x24)
7d8406be 1710 case 0x27: /* DCMD */
64eb7491
HP		 1711 ret = s->dcmd;
1712 break;
4b9a2d6d 1713 CASE_GET_REG32(dnad, 0x28)
7d8406be
PB		 1714 CASE_GET_REG32(dsp, 0x2c)
1715 CASE_GET_REG32(dsps, 0x30)
1716 CASE_GET_REG32(scratch[0], 0x34)
1717 case 0x38: /* DMODE */
64eb7491
HP		 1718 ret = s->dmode;
1719 break;
7d8406be 1720 case 0x39: /* DIEN */
64eb7491
HP		 1721 ret = s->dien;
1722 break;
bd8ee11a 1723 case 0x3a: /* SBR */
64eb7491
HP		 1724 ret = s->sbr;
1725 break;
7d8406be 1726 case 0x3b: /* DCNTL */
64eb7491
HP		 1727 ret = s->dcntl;
1728 break;
6f84da3a
PL		 1729 /* ADDER Output (Debug of relative jump address) */
1730 CASE_GET_REG32(adder, 0x3c)
7d8406be 1731 case 0x40: /* SIEN0 */
64eb7491
HP		 1732 ret = s->sien0;
1733 break;
7d8406be 1734 case 0x41: /* SIEN1 */
64eb7491
HP		 1735 ret = s->sien1;
1736 break;
7d8406be 1737 case 0x42: /* SIST0 */
64eb7491 1738 ret = s->sist0;
7d8406be
PB		 1739 s->sist0 = 0;
1740 lsi_update_irq(s);
64eb7491 1741 break;
7d8406be 1742 case 0x43: /* SIST1 */
64eb7491 1743 ret = s->sist1;
7d8406be
PB		 1744 s->sist1 = 0;
1745 lsi_update_irq(s);
64eb7491 1746 break;
9167a69a 1747 case 0x46: /* MACNTL */
64eb7491
HP		 1748 ret = 0x0f;
1749 break;
7d8406be 1750 case 0x47: /* GPCNTL0 */
64eb7491
HP		 1751 ret = 0x0f;
1752 break;
7d8406be 1753 case 0x48: /* STIME0 */
64eb7491
HP		 1754 ret = s->stime0;
1755 break;
7d8406be 1756 case 0x4a: /* RESPID0 */
64eb7491
HP		 1757 ret = s->respid0;
1758 break;
7d8406be 1759 case 0x4b: /* RESPID1 */
64eb7491
HP		 1760 ret = s->respid1;
1761 break;
7d8406be 1762 case 0x4d: /* STEST1 */
64eb7491
HP		 1763 ret = s->stest1;
1764 break;
7d8406be 1765 case 0x4e: /* STEST2 */
64eb7491
HP		 1766 ret = s->stest2;
1767 break;
7d8406be 1768 case 0x4f: /* STEST3 */
64eb7491
HP		 1769 ret = s->stest3;
1770 break;
a917d384
PB		 1771 case 0x50: /* SIDL */
1772 /* This is needed by the linux drivers. We currently only update it
1773 during the MSG IN phase. */
64eb7491
HP		 1774 ret = s->sidl;
1775 break;
7d8406be 1776 case 0x52: /* STEST4 */
64eb7491
HP		 1777 ret = 0xe0;
1778 break;
7d8406be 1779 case 0x56: /* CCNTL0 */
64eb7491
HP		 1780 ret = s->ccntl0;
1781 break;
7d8406be 1782 case 0x57: /* CCNTL1 */
64eb7491
HP		 1783 ret = s->ccntl1;
1784 break;
a917d384
PB		 1785 case 0x58: /* SBDL */
1786 /* Some drivers peek at the data bus during the MSG IN phase. */
e58ccf03
PP		 1787 if ((s->sstat1 & PHASE_MASK) == PHASE_MI) {
1788 assert(s->msg_len > 0);
a917d384 1789 return s->msg[0];
e58ccf03 1790 }
64eb7491
HP		 1791 ret = 0;
1792 break;
a917d384 1793 case 0x59: /* SBDL high */
64eb7491
HP		 1794 ret = 0;
1795 break;
7d8406be
PB		 1796 CASE_GET_REG32(mmrs, 0xa0)
1797 CASE_GET_REG32(mmws, 0xa4)
1798 CASE_GET_REG32(sfs, 0xa8)
1799 CASE_GET_REG32(drs, 0xac)
1800 CASE_GET_REG32(sbms, 0xb0)
ab57d967 1801 CASE_GET_REG32(dbms, 0xb4)
7d8406be
PB		 1802 CASE_GET_REG32(dnad64, 0xb8)
1803 CASE_GET_REG32(pmjad1, 0xc0)
1804 CASE_GET_REG32(pmjad2, 0xc4)
1805 CASE_GET_REG32(rbc, 0xc8)
1806 CASE_GET_REG32(ua, 0xcc)
1807 CASE_GET_REG32(ia, 0xd4)
1808 CASE_GET_REG32(sbc, 0xd8)
1809 CASE_GET_REG32(csbc, 0xdc)
64eb7491
HP		 1810 case 0x5c ... 0x9f:
1811 {
7d8406be
PB		 1812 int n;
1813 int shift;
1814 n = (offset - 0x58) >> 2;
1815 shift = (offset & 3) * 8;
64eb7491
HP		 1816 ret = (s->scratch[n] >> shift) & 0xff;
1817 break;
1818 }
1819 default:
85a20bc4
HP		 1820 {
1821 qemu_log_mask(LOG_GUEST_ERROR,
1822 "lsi_scsi: invalid read from reg %s %x\n",
1823 offset < ARRAY_SIZE(names) ? names[offset] : "???",
1824 offset);
1825 ret = 0xff;
1826 break;
1827 }
7d8406be 1828 }
75f76531 1829#undef CASE_GET_REG24
7d8406be 1830#undef CASE_GET_REG32
64eb7491 1831
c921370b
MCA		 1832 trace_lsi_reg_read(offset < ARRAY_SIZE(names) ? names[offset] : "???",
1833 offset, ret);
64eb7491
HP		 1834
1835 return ret;
7d8406be
PB		 1836}
1837
1838static void lsi_reg_writeb(LSIState *s, int offset, uint8_t val)
1839{
49c47daa
SH		 1840#define CASE_SET_REG24(name, addr) \
1841 case addr : s->name &= 0xffffff00; s->name |= val; break; \
1842 case addr + 1: s->name &= 0xffff00ff; s->name |= val << 8; break; \
1843 case addr + 2: s->name &= 0xff00ffff; s->name |= val << 16; break;
1844
7d8406be
PB		 1845#define CASE_SET_REG32(name, addr) \
1846 case addr : s->name &= 0xffffff00; s->name |= val; break; \
1847 case addr + 1: s->name &= 0xffff00ff; s->name |= val << 8; break; \
1848 case addr + 2: s->name &= 0xff00ffff; s->name |= val << 16; break; \
1849 case addr + 3: s->name &= 0x00ffffff; s->name |= val << 24; break;
1850
c921370b
MCA		 1851 trace_lsi_reg_write(offset < ARRAY_SIZE(names) ? names[offset] : "???",
1852 offset, val);
1853
7d8406be
PB		 1854 switch (offset) {
1855 case 0x00: /* SCNTL0 */
1856 s->scntl0 = val;
1857 if (val & LSI_SCNTL0_START) {
c921370b
MCA		 1858 qemu_log_mask(LOG_UNIMP,
1859 "lsi_scsi: Start sequence not implemented\n");
7d8406be
PB		 1860 }
1861 break;
1862 case 0x01: /* SCNTL1 */
1863 s->scntl1 = val & ~LSI_SCNTL1_SST;
1864 if (val & LSI_SCNTL1_IARB) {
c921370b
MCA		 1865 qemu_log_mask(LOG_UNIMP,
1866 "lsi_scsi: Immediate Arbritration not implemented\n");
7d8406be
PB		 1867 }
1868 if (val & LSI_SCNTL1_RST) {
680a34ee 1869 if (!(s->sstat0 & LSI_SSTAT0_RST)) {
824755ba 1870 qbus_reset_all(BUS(&s->bus));
680a34ee
JK		 1871 s->sstat0 |= LSI_SSTAT0_RST;
1872 lsi_script_scsi_interrupt(s, LSI_SIST0_RST, 0);
1873 }
7d8406be
PB		 1874 } else {
1875 s->sstat0 &= ~LSI_SSTAT0_RST;
1876 }
1877 break;
1878 case 0x02: /* SCNTL2 */
1879 val &= ~(LSI_SCNTL2_WSR | LSI_SCNTL2_WSS);
3d834c78 1880 s->scntl2 = val;
7d8406be
PB		 1881 break;
1882 case 0x03: /* SCNTL3 */
1883 s->scntl3 = val;
1884 break;
1885 case 0x04: /* SCID */
1886 s->scid = val;
1887 break;
1888 case 0x05: /* SXFER */
1889 s->sxfer = val;
1890 break;
a917d384 1891 case 0x06: /* SDID */
c7ac9f40 1892 if ((s->ssid & 0x80) && (val & 0xf) != (s->ssid & 0xf)) {
c921370b
MCA		 1893 qemu_log_mask(LOG_GUEST_ERROR,
1894 "lsi_scsi: Destination ID does not match SSID\n");
c7ac9f40 1895 }
a917d384
PB		 1896 s->sdid = val & 0xf;
1897 break;
7d8406be
PB		 1898 case 0x07: /* GPREG0 */
1899 break;
a917d384
PB		 1900 case 0x08: /* SFBR */
1901 /* The CPU is not allowed to write to this register. However the
1902 SCRIPTS register move instructions are. */
1903 s->sfbr = val;
1904 break;
a15fdf86 1905 case 0x0a: case 0x0b:
9167a69a 1906 /* Openserver writes to these readonly registers on startup */
7d37435b 1907 return;
7d8406be
PB		 1908 case 0x0c: case 0x0d: case 0x0e: case 0x0f:
1909 /* Linux writes to these readonly registers on startup. */
1910 return;
1911 CASE_SET_REG32(dsa, 0x10)
1912 case 0x14: /* ISTAT0 */
1913 s->istat0 = (s->istat0 & 0x0f) | (val & 0xf0);
1914 if (val & LSI_ISTAT0_ABRT) {
1915 lsi_script_dma_interrupt(s, LSI_DSTAT_ABRT);
1916 }
1917 if (val & LSI_ISTAT0_INTF) {
1918 s->istat0 &= ~LSI_ISTAT0_INTF;
1919 lsi_update_irq(s);
1920 }
f08ec2b8 1921 if (s->waiting == LSI_WAIT_RESELECT && val & LSI_ISTAT0_SIGP) {
c921370b 1922 trace_lsi_awoken();
f08ec2b8 1923 s->waiting = LSI_NOWAIT;
7d8406be
PB		 1924 s->dsp = s->dnad;
1925 lsi_execute_script(s);
1926 }
1927 if (val & LSI_ISTAT0_SRST) {
71186c86 1928 qdev_reset_all(DEVICE(s));
7d8406be 1929 }
92d88ecb 1930 break;
7d8406be
PB		 1931 case 0x16: /* MBOX0 */
1932 s->mbox0 = val;
92d88ecb 1933 break;
7d8406be
PB		 1934 case 0x17: /* MBOX1 */
1935 s->mbox1 = val;
92d88ecb 1936 break;
0903c35d
HP		 1937 case 0x18: /* CTEST0 */
1938 /* nothing to do */
1939 break;
9167a69a 1940 case 0x1a: /* CTEST2 */
7d37435b
PB		 1941 s->ctest2 = val & LSI_CTEST2_PCICIE;
1942 break;
7d8406be
PB		 1943 case 0x1b: /* CTEST3 */
1944 s->ctest3 = val & 0x0f;
1945 break;
1946 CASE_SET_REG32(temp, 0x1c)
1947 case 0x21: /* CTEST4 */
1948 if (val & 7) {
c921370b
MCA		 1949 qemu_log_mask(LOG_UNIMP,
1950 "lsi_scsi: Unimplemented CTEST4-FBL 0x%x\n", val);
7d8406be
PB		 1951 }
1952 s->ctest4 = val;
1953 break;
1954 case 0x22: /* CTEST5 */
1955 if (val & (LSI_CTEST5_ADCK | LSI_CTEST5_BBCK)) {
c921370b
MCA		 1956 qemu_log_mask(LOG_UNIMP,
1957 "lsi_scsi: CTEST5 DMA increment not implemented\n");
7d8406be
PB		 1958 }
1959 s->ctest5 = val;
1960 break;
49c47daa 1961 CASE_SET_REG24(dbc, 0x24)
4b9a2d6d 1962 CASE_SET_REG32(dnad, 0x28)
3d834c78 1963 case 0x2c: /* DSP[0:7] */
7d8406be
PB		 1964 s->dsp &= 0xffffff00;
1965 s->dsp |= val;
1966 break;
3d834c78 1967 case 0x2d: /* DSP[8:15] */
7d8406be
PB		 1968 s->dsp &= 0xffff00ff;
1969 s->dsp |= val << 8;
1970 break;
3d834c78 1971 case 0x2e: /* DSP[16:23] */
7d8406be
PB		 1972 s->dsp &= 0xff00ffff;
1973 s->dsp |= val << 16;
1974 break;
3d834c78 1975 case 0x2f: /* DSP[24:31] */
7d8406be
PB		 1976 s->dsp &= 0x00ffffff;
1977 s->dsp |= val << 24;
de594e47
PB		 1978 /*
1979 * FIXME: if s->waiting != LSI_NOWAIT, this will only execute one
1980 * instruction. Is this correct?
1981 */
7d8406be
PB		 1982 if ((s->dmode & LSI_DMODE_MAN) == 0
1983 && (s->istat1 & LSI_ISTAT1_SRUN) == 0)
1984 lsi_execute_script(s);
1985 break;
1986 CASE_SET_REG32(dsps, 0x30)
1987 CASE_SET_REG32(scratch[0], 0x34)
1988 case 0x38: /* DMODE */
7d8406be
PB		 1989 s->dmode = val;
1990 break;
1991 case 0x39: /* DIEN */
1992 s->dien = val;
1993 lsi_update_irq(s);
1994 break;
bd8ee11a
SH		 1995 case 0x3a: /* SBR */
1996 s->sbr = val;
1997 break;
7d8406be
PB		 1998 case 0x3b: /* DCNTL */
1999 s->dcntl = val & ~(LSI_DCNTL_PFF | LSI_DCNTL_STD);
de594e47
PB		 2000 /*
2001 * FIXME: if s->waiting != LSI_NOWAIT, this will only execute one
2002 * instruction. Is this correct?
2003 */
7d8406be
PB		 2004 if ((val & LSI_DCNTL_STD) && (s->istat1 & LSI_ISTAT1_SRUN) == 0)
2005 lsi_execute_script(s);
2006 break;
2007 case 0x40: /* SIEN0 */
2008 s->sien0 = val;
2009 lsi_update_irq(s);
2010 break;
2011 case 0x41: /* SIEN1 */
2012 s->sien1 = val;
2013 lsi_update_irq(s);
2014 break;
2015 case 0x47: /* GPCNTL0 */
2016 break;
2017 case 0x48: /* STIME0 */
2018 s->stime0 = val;
2019 break;
2020 case 0x49: /* STIME1 */
2021 if (val & 0xf) {
c921370b
MCA		 2022 qemu_log_mask(LOG_UNIMP,
2023 "lsi_scsi: General purpose timer not implemented\n");
7d8406be
PB		 2024 /* ??? Raising the interrupt immediately seems to be sufficient
2025 to keep the FreeBSD driver happy. */
2026 lsi_script_scsi_interrupt(s, 0, LSI_SIST1_GEN);
2027 }
2028 break;
2029 case 0x4a: /* RESPID0 */
2030 s->respid0 = val;
2031 break;
2032 case 0x4b: /* RESPID1 */
2033 s->respid1 = val;
2034 break;
2035 case 0x4d: /* STEST1 */
2036 s->stest1 = val;
2037 break;
2038 case 0x4e: /* STEST2 */
2039 if (val & 1) {
c921370b
MCA		 2040 qemu_log_mask(LOG_UNIMP,
2041 "lsi_scsi: Low level mode not implemented\n");
7d8406be
PB		 2042 }
2043 s->stest2 = val;
2044 break;
2045 case 0x4f: /* STEST3 */
2046 if (val & 0x41) {
c921370b
MCA		 2047 qemu_log_mask(LOG_UNIMP,
2048 "lsi_scsi: SCSI FIFO test mode not implemented\n");
7d8406be
PB		 2049 }
2050 s->stest3 = val;
2051 break;
2052 case 0x56: /* CCNTL0 */
2053 s->ccntl0 = val;
2054 break;
2055 case 0x57: /* CCNTL1 */
2056 s->ccntl1 = val;
2057 break;
2058 CASE_SET_REG32(mmrs, 0xa0)
2059 CASE_SET_REG32(mmws, 0xa4)
2060 CASE_SET_REG32(sfs, 0xa8)
2061 CASE_SET_REG32(drs, 0xac)
2062 CASE_SET_REG32(sbms, 0xb0)
ab57d967 2063 CASE_SET_REG32(dbms, 0xb4)
7d8406be
PB		 2064 CASE_SET_REG32(dnad64, 0xb8)
2065 CASE_SET_REG32(pmjad1, 0xc0)
2066 CASE_SET_REG32(pmjad2, 0xc4)
2067 CASE_SET_REG32(rbc, 0xc8)
2068 CASE_SET_REG32(ua, 0xcc)
2069 CASE_SET_REG32(ia, 0xd4)
2070 CASE_SET_REG32(sbc, 0xd8)
2071 CASE_SET_REG32(csbc, 0xdc)
2072 default:
2073 if (offset >= 0x5c && offset < 0xa0) {
2074 int n;
2075 int shift;
2076 n = (offset - 0x58) >> 2;
2077 shift = (offset & 3) * 8;
57ffcc4c 2078 s->scratch[n] = deposit32(s->scratch[n], shift, 8, val);
7d8406be 2079 } else {
85a20bc4
HP		 2080 qemu_log_mask(LOG_GUEST_ERROR,
2081 "lsi_scsi: invalid write to reg %s %x (0x%02x)\n",
2082 offset < ARRAY_SIZE(names) ? names[offset] : "???",
2083 offset, val);
7d8406be
PB		 2084 }
2085 }
49c47daa 2086#undef CASE_SET_REG24
7d8406be
PB		 2087#undef CASE_SET_REG32
2088}
2089
a8170e5e 2090static void lsi_mmio_write(void *opaque, hwaddr addr,
b0ce84e5 2091 uint64_t val, unsigned size)
7d8406be 2092{
eb40f984 2093 LSIState *s = opaque;
7d8406be
PB		 2094
2095 lsi_reg_writeb(s, addr & 0xff, val);
2096}
2097
a8170e5e 2098static uint64_t lsi_mmio_read(void *opaque, hwaddr addr,
b0ce84e5 2099 unsigned size)
7d8406be 2100{
eb40f984 2101 LSIState *s = opaque;
7d8406be
PB		 2102 return lsi_reg_readb(s, addr & 0xff);
2103}
2104
b0ce84e5
AK		 2105static const MemoryRegionOps lsi_mmio_ops = {
2106 .read = lsi_mmio_read,
2107 .write = lsi_mmio_write,
e6c165f3 2108 .endianness = DEVICE_LITTLE_ENDIAN,
b0ce84e5
AK		 2109 .impl = {
2110 .min_access_size = 1,
2111 .max_access_size = 1,
2112 },
7d8406be
PB		 2113};
2114
a8170e5e 2115static void lsi_ram_write(void *opaque, hwaddr addr,
b0ce84e5 2116 uint64_t val, unsigned size)
7d8406be 2117{
eb40f984 2118 LSIState *s = opaque;
811a75ba 2119 stn_le_p(s->script_ram + addr, size, val);
7d8406be
PB		 2120}
2121
a8170e5e 2122static uint64_t lsi_ram_read(void *opaque, hwaddr addr,
b0ce84e5 2123 unsigned size)
7d8406be 2124{
eb40f984 2125 LSIState *s = opaque;
811a75ba 2126 return ldn_le_p(s->script_ram + addr, size);
7d8406be
PB		 2127}
2128
b0ce84e5
AK		 2129static const MemoryRegionOps lsi_ram_ops = {
2130 .read = lsi_ram_read,
2131 .write = lsi_ram_write,
e6c165f3 2132 .endianness = DEVICE_LITTLE_ENDIAN,
7d8406be
PB		 2133};
2134
a8170e5e 2135static uint64_t lsi_io_read(void *opaque, hwaddr addr,
b0ce84e5 2136 unsigned size)
7d8406be 2137{
eb40f984 2138 LSIState *s = opaque;
7d8406be
PB		 2139 return lsi_reg_readb(s, addr & 0xff);
2140}
2141
a8170e5e 2142static void lsi_io_write(void *opaque, hwaddr addr,
b0ce84e5 2143 uint64_t val, unsigned size)
7d8406be 2144{
eb40f984 2145 LSIState *s = opaque;
7d8406be
PB		 2146 lsi_reg_writeb(s, addr & 0xff, val);
2147}
2148
b0ce84e5
AK		 2149static const MemoryRegionOps lsi_io_ops = {
2150 .read = lsi_io_read,
2151 .write = lsi_io_write,
e6c165f3 2152 .endianness = DEVICE_LITTLE_ENDIAN,
b0ce84e5
AK		 2153 .impl = {
2154 .min_access_size = 1,
2155 .max_access_size = 1,
2156 },
2157};
7d8406be 2158
54eefd72
JK		 2159static void lsi_scsi_reset(DeviceState *dev)
2160{
71186c86 2161 LSIState *s = LSI53C895A(dev);
54eefd72
JK		 2162
2163 lsi_soft_reset(s);
2164}
2165
44b1ff31 2166static int lsi_pre_save(void *opaque)
777aec7a
N		 2167{
2168 LSIState *s = opaque;
2169
b96a0da0
GH		 2170 if (s->current) {
2171 assert(s->current->dma_buf == NULL);
2172 assert(s->current->dma_len == 0);
2173 }
042ec49d 2174 assert(QTAILQ_EMPTY(&s->queue));
44b1ff31
DDAG		 2175
2176 return 0;
777aec7a
N		 2177}
2178
e58ccf03
PP		 2179static int lsi_post_load(void *opaque, int version_id)
2180{
2181 LSIState *s = opaque;
2182
2183 if (s->msg_len < 0 || s->msg_len > LSI_MAX_MSGIN_LEN) {
2184 return -EINVAL;
2185 }
2186
2187 return 0;
2188}
2189
4a1b0f1c
JQ		 2190static const VMStateDescription vmstate_lsi_scsi = {
2191 .name = "lsiscsi",
12dd89f7 2192 .version_id = 1,
4a1b0f1c 2193 .minimum_version_id = 0,
4a1b0f1c 2194 .pre_save = lsi_pre_save,
e58ccf03 2195 .post_load = lsi_post_load,
d49805ae 2196 .fields = (VMStateField[]) {
725eec70 2197 VMSTATE_PCI_DEVICE(parent_obj, LSIState),
4a1b0f1c
JQ		 2198
2199 VMSTATE_INT32(carry, LSIState),
2f172849 2200 VMSTATE_INT32(status, LSIState),
4a1b0f1c
JQ		 2201 VMSTATE_INT32(msg_action, LSIState),
2202 VMSTATE_INT32(msg_len, LSIState),
2203 VMSTATE_BUFFER(msg, LSIState),
2204 VMSTATE_INT32(waiting, LSIState),
2205
2206 VMSTATE_UINT32(dsa, LSIState),
2207 VMSTATE_UINT32(temp, LSIState),
2208 VMSTATE_UINT32(dnad, LSIState),
2209 VMSTATE_UINT32(dbc, LSIState),
2210 VMSTATE_UINT8(istat0, LSIState),
2211 VMSTATE_UINT8(istat1, LSIState),
2212 VMSTATE_UINT8(dcmd, LSIState),
2213 VMSTATE_UINT8(dstat, LSIState),
2214 VMSTATE_UINT8(dien, LSIState),
2215 VMSTATE_UINT8(sist0, LSIState),
2216 VMSTATE_UINT8(sist1, LSIState),
2217 VMSTATE_UINT8(sien0, LSIState),
2218 VMSTATE_UINT8(sien1, LSIState),
2219 VMSTATE_UINT8(mbox0, LSIState),
2220 VMSTATE_UINT8(mbox1, LSIState),
2221 VMSTATE_UINT8(dfifo, LSIState),
2222 VMSTATE_UINT8(ctest2, LSIState),
2223 VMSTATE_UINT8(ctest3, LSIState),
2224 VMSTATE_UINT8(ctest4, LSIState),
2225 VMSTATE_UINT8(ctest5, LSIState),
2226 VMSTATE_UINT8(ccntl0, LSIState),
2227 VMSTATE_UINT8(ccntl1, LSIState),
2228 VMSTATE_UINT32(dsp, LSIState),
2229 VMSTATE_UINT32(dsps, LSIState),
2230 VMSTATE_UINT8(dmode, LSIState),
2231 VMSTATE_UINT8(dcntl, LSIState),
2232 VMSTATE_UINT8(scntl0, LSIState),
2233 VMSTATE_UINT8(scntl1, LSIState),
2234 VMSTATE_UINT8(scntl2, LSIState),
2235 VMSTATE_UINT8(scntl3, LSIState),
2236 VMSTATE_UINT8(sstat0, LSIState),
2237 VMSTATE_UINT8(sstat1, LSIState),
2238 VMSTATE_UINT8(scid, LSIState),
2239 VMSTATE_UINT8(sxfer, LSIState),
2240 VMSTATE_UINT8(socl, LSIState),
2241 VMSTATE_UINT8(sdid, LSIState),
2242 VMSTATE_UINT8(ssid, LSIState),
2243 VMSTATE_UINT8(sfbr, LSIState),
2244 VMSTATE_UINT8(stest1, LSIState),
2245 VMSTATE_UINT8(stest2, LSIState),
2246 VMSTATE_UINT8(stest3, LSIState),
2247 VMSTATE_UINT8(sidl, LSIState),
2248 VMSTATE_UINT8(stime0, LSIState),
2249 VMSTATE_UINT8(respid0, LSIState),
2250 VMSTATE_UINT8(respid1, LSIState),
12dd89f7 2251 VMSTATE_UINT8_V(sbcl, LSIState, 1),
4a1b0f1c
JQ		 2252 VMSTATE_UINT32(mmrs, LSIState),
2253 VMSTATE_UINT32(mmws, LSIState),
2254 VMSTATE_UINT32(sfs, LSIState),
2255 VMSTATE_UINT32(drs, LSIState),
2256 VMSTATE_UINT32(sbms, LSIState),
2257 VMSTATE_UINT32(dbms, LSIState),
2258 VMSTATE_UINT32(dnad64, LSIState),
2259 VMSTATE_UINT32(pmjad1, LSIState),
2260 VMSTATE_UINT32(pmjad2, LSIState),
2261 VMSTATE_UINT32(rbc, LSIState),
2262 VMSTATE_UINT32(ua, LSIState),
2263 VMSTATE_UINT32(ia, LSIState),
2264 VMSTATE_UINT32(sbc, LSIState),
2265 VMSTATE_UINT32(csbc, LSIState),
2266 VMSTATE_BUFFER_UNSAFE(scratch, LSIState, 0, 18 * sizeof(uint32_t)),
2267 VMSTATE_UINT8(sbr, LSIState),
2268
811a75ba 2269 VMSTATE_BUFFER_UNSAFE(script_ram, LSIState, 0, 8192),
4a1b0f1c 2270 VMSTATE_END_OF_LIST()
777aec7a 2271 }
4a1b0f1c 2272};
777aec7a 2273
afd4030c
PB		 2274static const struct SCSIBusInfo lsi_scsi_info = {
2275 .tcq = true,
7e0380b9
PB		 2276 .max_target = LSI_MAX_DEVS,
2277 .max_lun = 0, /* LUN support is buggy */
afd4030c 2278
c6df7102 2279 .transfer_data = lsi_transfer_data,
94d3f98a
PB		 2280 .complete = lsi_command_complete,
2281 .cancel = lsi_request_cancelled
cfdc1bb0
PB		 2282};
2283
ae071cc8 2284static void lsi_scsi_realize(PCIDevice *dev, Error **errp)
7d8406be 2285{
71186c86
PC		 2286 LSIState *s = LSI53C895A(dev);
2287 DeviceState *d = DEVICE(dev);
deb54399 2288 uint8_t *pci_conf;
7d8406be 2289
725eec70 2290 pci_conf = dev->config;
deb54399 2291
9167a69a 2292 /* PCI latency timer = 255 */
5845f0e5 2293 pci_conf[PCI_LATENCY_TIMER] = 0xff;
817e0b6f 2294 /* Interrupt pin A */
5845f0e5 2295 pci_conf[PCI_INTERRUPT_PIN] = 0x01;
7d8406be 2296
29776739
PB		 2297 memory_region_init_io(&s->mmio_io, OBJECT(s), &lsi_mmio_ops, s,
2298 "lsi-mmio", 0x400);
2299 memory_region_init_io(&s->ram_io, OBJECT(s), &lsi_ram_ops, s,
2300 "lsi-ram", 0x2000);
2301 memory_region_init_io(&s->io_io, OBJECT(s), &lsi_io_ops, s,
2302 "lsi-io", 256);
b0ce84e5 2303
a8632434 2304 address_space_init(&s->pci_io_as, pci_address_space_io(dev), "lsi-pci-io");
3cc1b9cb 2305 qdev_init_gpio_out(d, &s->ext_irq, 1);
a8632434 2306
725eec70 2307 pci_register_bar(dev, 0, PCI_BASE_ADDRESS_SPACE_IO, &s->io_io);
16b8ed1d 2308 pci_register_bar(dev, 1, PCI_BASE_ADDRESS_SPACE_MEMORY, &s->mmio_io);
725eec70 2309 pci_register_bar(dev, 2, PCI_BASE_ADDRESS_SPACE_MEMORY, &s->ram_io);
042ec49d 2310 QTAILQ_INIT(&s->queue);
7d8406be 2311
b1187b51 2312 scsi_bus_new(&s->bus, sizeof(s->bus), d, &lsi_scsi_info, NULL);
7d8406be 2313}
9be5dafe 2314
a8632434
HP		 2315static void lsi_scsi_unrealize(DeviceState *dev, Error **errp)
2316{
2317 LSIState *s = LSI53C895A(dev);
2318
2319 address_space_destroy(&s->pci_io_as);
2320}
2321
40021f08
AL		 2322static void lsi_class_init(ObjectClass *klass, void *data)
2323{
39bffca2 2324 DeviceClass *dc = DEVICE_CLASS(klass);
40021f08
AL		 2325 PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
2326
ae071cc8 2327 k->realize = lsi_scsi_realize;
40021f08
AL		 2328 k->vendor_id = PCI_VENDOR_ID_LSI_LOGIC;
2329 k->device_id = PCI_DEVICE_ID_LSI_53C895A;
2330 k->class_id = PCI_CLASS_STORAGE_SCSI;
2331 k->subsystem_id = 0x1000;
a8632434 2332 dc->unrealize = lsi_scsi_unrealize;
39bffca2
AL		 2333 dc->reset = lsi_scsi_reset;
2334 dc->vmsd = &vmstate_lsi_scsi;
125ee0ed 2335 set_bit(DEVICE_CATEGORY_STORAGE, dc->categories);
40021f08
AL		 2336}
2337
8c43a6f0 2338static const TypeInfo lsi_info = {
71186c86 2339 .name = TYPE_LSI53C895A,
39bffca2
AL		 2340 .parent = TYPE_PCI_DEVICE,
2341 .instance_size = sizeof(LSIState),
2342 .class_init = lsi_class_init,
fd3b02c8
EH		 2343 .interfaces = (InterfaceInfo[]) {
2344 { INTERFACE_CONVENTIONAL_PCI_DEVICE },
2345 { },
2346 },
0aab0d3a
GH		 2347};
2348
ceae18bd
HP		 2349static void lsi53c810_class_init(ObjectClass *klass, void *data)
2350{
2351 PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
2352
2353 k->device_id = PCI_DEVICE_ID_LSI_53C810;
2354}
2355
2356static TypeInfo lsi53c810_info = {
2357 .name = TYPE_LSI53C810,
2358 .parent = TYPE_LSI53C895A,
2359 .class_init = lsi53c810_class_init,
2360};
2361
83f7d43a 2362static void lsi53c895a_register_types(void)
9be5dafe 2363{
39bffca2 2364 type_register_static(&lsi_info);
ceae18bd 2365 type_register_static(&lsi53c810_info);
9be5dafe
PB		 2366}
2367
83f7d43a 2368type_init(lsi53c895a_register_types)
a64aa578 2369
f74a4f3a
MCA		 2370void lsi53c8xx_handle_legacy_cmdline(DeviceState *lsi_dev)
2371{
2372 LSIState *s = LSI53C895A(lsi_dev);
2373
2374 scsi_bus_legacy_handle_cmdline(&s->bus);
2375}
Empty description
This page took 1.350603 seconds and 4 git commands to generate.