2 * QEMU ESP/NCR53C9x emulation
4 * Copyright (c) 2005-2006 Fabrice Bellard
6 * Permission is hereby granted, free of charge, to any person obtaining a copy
7 * of this software and associated documentation files (the "Software"), to deal
8 * in the Software without restriction, including without limitation the rights
9 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
10 * copies of the Software, and to permit persons to whom the Software is
11 * furnished to do so, subject to the following conditions:
13 * The above copyright notice and this permission notice shall be included in
14 * all copies or substantial portions of the Software.
16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
19 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
21 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
26 #include "scsi-disk.h"
33 * On Sparc32, this is the ESP (NCR53C90) part of chip STP2000 (Master I/O),
34 * also produced as NCR89C100. See
35 * http://www.ibiblio.org/pub/historic-linux/early-ports/Sparc/NCR/NCR89C100.txt
37 * http://www.ibiblio.org/pub/historic-linux/early-ports/Sparc/NCR/NCR53C9X.txt
41 #define DPRINTF(fmt, ...) \
42 do { printf("ESP: " fmt , ## __VA_ARGS__); } while (0)
44 #define DPRINTF(fmt, ...) do {} while (0)
47 #define ESP_ERROR(fmt, ...) \
48 do { printf("ESP ERROR: %s: " fmt, __func__ , ## __VA_ARGS__); } while (0)
53 typedef struct ESPState ESPState;
59 uint8_t rregs[ESP_REGS];
60 uint8_t wregs[ESP_REGS];
62 uint32_t ti_rptr, ti_wptr;
63 uint8_t ti_buf[TI_BUFSZ];
66 SCSIDevice *scsi_dev[ESP_MAX_DEVS];
67 SCSIDevice *current_dev;
68 uint8_t cmdbuf[TI_BUFSZ];
72 /* The amount of data left in the current DMA transfer. */
74 /* The size of the current DMA transfer. Zero if no transfer is in
80 espdma_memory_read_write dma_memory_read;
81 espdma_memory_read_write dma_memory_write;
90 #define ESP_WBUSID 0x4
94 #define ESP_WSYNTP 0x6
95 #define ESP_RFLAGS 0x7
100 #define ESP_RRES2 0xa
101 #define ESP_WTEST 0xa
112 #define CMD_FLUSH 0x01
113 #define CMD_RESET 0x02
114 #define CMD_BUSRESET 0x03
116 #define CMD_ICCS 0x11
117 #define CMD_MSGACC 0x12
118 #define CMD_SATN 0x1a
119 #define CMD_SELATN 0x42
120 #define CMD_SELATNS 0x43
121 #define CMD_ENSEL 0x44
129 #define STAT_PIO_MASK 0x06
134 #define STAT_INT 0x80
136 #define BUSID_DID 0x07
141 #define INTR_RST 0x80
146 #define CFG1_RESREPT 0x40
148 #define TCHI_FAS100A 0x4
150 static void esp_raise_irq(ESPState *s)
152 if (!(s->rregs[ESP_RSTAT] & STAT_INT)) {
153 s->rregs[ESP_RSTAT] |= STAT_INT;
154 qemu_irq_raise(s->irq);
158 static void esp_lower_irq(ESPState *s)
160 if (s->rregs[ESP_RSTAT] & STAT_INT) {
161 s->rregs[ESP_RSTAT] &= ~STAT_INT;
162 qemu_irq_lower(s->irq);
166 static uint32_t get_cmd(ESPState *s, uint8_t *buf)
171 target = s->wregs[ESP_WBUSID] & BUSID_DID;
173 dmalen = s->rregs[ESP_TCLO] | (s->rregs[ESP_TCMID] << 8);
174 s->dma_memory_read(s->dma_opaque, buf, dmalen);
177 memcpy(buf, s->ti_buf, dmalen);
180 DPRINTF("get_cmd: len %d target %d\n", dmalen, target);
186 if (s->current_dev) {
187 /* Started a new command before the old one finished. Cancel it. */
188 s->current_dev->cancel_io(s->current_dev, 0);
192 if (target >= ESP_MAX_DEVS || !s->scsi_dev[target]) {
194 s->rregs[ESP_RSTAT] = 0;
195 s->rregs[ESP_RINTR] = INTR_DC;
196 s->rregs[ESP_RSEQ] = SEQ_0;
200 s->current_dev = s->scsi_dev[target];
204 static void do_cmd(ESPState *s, uint8_t *buf)
209 DPRINTF("do_cmd: busid 0x%x\n", buf[0]);
211 datalen = s->current_dev->send_command(s->current_dev, 0, &buf[1], lun);
212 s->ti_size = datalen;
214 s->rregs[ESP_RSTAT] = STAT_TC;
218 s->rregs[ESP_RSTAT] |= STAT_DI;
219 s->current_dev->read_data(s->current_dev, 0);
221 s->rregs[ESP_RSTAT] |= STAT_DO;
222 s->current_dev->write_data(s->current_dev, 0);
225 s->rregs[ESP_RINTR] = INTR_BS | INTR_FC;
226 s->rregs[ESP_RSEQ] = SEQ_CD;
230 static void handle_satn(ESPState *s)
235 len = get_cmd(s, buf);
240 static void handle_satn_stop(ESPState *s)
242 s->cmdlen = get_cmd(s, s->cmdbuf);
244 DPRINTF("Set ATN & Stop: cmdlen %d\n", s->cmdlen);
246 s->rregs[ESP_RSTAT] = STAT_TC | STAT_CD;
247 s->rregs[ESP_RINTR] = INTR_BS | INTR_FC;
248 s->rregs[ESP_RSEQ] = SEQ_CD;
253 static void write_response(ESPState *s)
255 DPRINTF("Transfer status (sense=%d)\n", s->sense);
256 s->ti_buf[0] = s->sense;
259 s->dma_memory_write(s->dma_opaque, s->ti_buf, 2);
260 s->rregs[ESP_RSTAT] = STAT_TC | STAT_ST;
261 s->rregs[ESP_RINTR] = INTR_BS | INTR_FC;
262 s->rregs[ESP_RSEQ] = SEQ_CD;
267 s->rregs[ESP_RFLAGS] = 2;
272 static void esp_dma_done(ESPState *s)
274 s->rregs[ESP_RSTAT] |= STAT_TC;
275 s->rregs[ESP_RINTR] = INTR_BS;
276 s->rregs[ESP_RSEQ] = 0;
277 s->rregs[ESP_RFLAGS] = 0;
278 s->rregs[ESP_TCLO] = 0;
279 s->rregs[ESP_TCMID] = 0;
283 static void esp_do_dma(ESPState *s)
288 to_device = (s->ti_size < 0);
291 DPRINTF("command len %d + %d\n", s->cmdlen, len);
292 s->dma_memory_read(s->dma_opaque, &s->cmdbuf[s->cmdlen], len);
296 do_cmd(s, s->cmdbuf);
299 if (s->async_len == 0) {
300 /* Defer until data is available. */
303 if (len > s->async_len) {
307 s->dma_memory_read(s->dma_opaque, s->async_buf, len);
309 s->dma_memory_write(s->dma_opaque, s->async_buf, len);
318 if (s->async_len == 0) {
320 // ti_size is negative
321 s->current_dev->write_data(s->current_dev, 0);
323 s->current_dev->read_data(s->current_dev, 0);
324 /* If there is still data to be read from the device then
325 complete the DMA operation immediately. Otherwise defer
326 until the scsi layer has completed. */
327 if (s->dma_left == 0 && s->ti_size > 0) {
332 /* Partially filled a scsi buffer. Complete immediately. */
337 static void esp_command_complete(void *opaque, int reason, uint32_t tag,
340 ESPState *s = (ESPState *)opaque;
342 if (reason == SCSI_REASON_DONE) {
343 DPRINTF("SCSI Command complete\n");
345 DPRINTF("SCSI command completed unexpectedly\n");
350 DPRINTF("Command failed\n");
352 s->rregs[ESP_RSTAT] = STAT_ST;
354 s->current_dev = NULL;
356 DPRINTF("transfer %d/%d\n", s->dma_left, s->ti_size);
358 s->async_buf = s->current_dev->get_buf(s->current_dev, 0);
361 } else if (s->dma_counter != 0 && s->ti_size <= 0) {
362 /* If this was the last part of a DMA transfer then the
363 completion interrupt is deferred to here. */
369 static void handle_ti(ESPState *s)
371 uint32_t dmalen, minlen;
373 dmalen = s->rregs[ESP_TCLO] | (s->rregs[ESP_TCMID] << 8);
377 s->dma_counter = dmalen;
380 minlen = (dmalen < 32) ? dmalen : 32;
381 else if (s->ti_size < 0)
382 minlen = (dmalen < -s->ti_size) ? dmalen : -s->ti_size;
384 minlen = (dmalen < s->ti_size) ? dmalen : s->ti_size;
385 DPRINTF("Transfer Information len %d\n", minlen);
387 s->dma_left = minlen;
388 s->rregs[ESP_RSTAT] &= ~STAT_TC;
390 } else if (s->do_cmd) {
391 DPRINTF("command len %d\n", s->cmdlen);
395 do_cmd(s, s->cmdbuf);
400 static void esp_reset(void *opaque)
402 ESPState *s = opaque;
404 memset(s->rregs, 0, ESP_REGS);
405 memset(s->wregs, 0, ESP_REGS);
406 s->rregs[ESP_TCHI] = TCHI_FAS100A; // Indicate fas100a
413 s->rregs[ESP_CFG1] = 7;
416 static void parent_esp_reset(void *opaque, int irq, int level)
422 static uint32_t esp_mem_readb(void *opaque, target_phys_addr_t addr)
424 ESPState *s = opaque;
427 saddr = addr >> s->it_shift;
428 DPRINTF("read reg[%d]: 0x%2.2x\n", saddr, s->rregs[saddr]);
431 if (s->ti_size > 0) {
433 if ((s->rregs[ESP_RSTAT] & STAT_PIO_MASK) == 0) {
435 ESP_ERROR("PIO data read not implemented\n");
436 s->rregs[ESP_FIFO] = 0;
438 s->rregs[ESP_FIFO] = s->ti_buf[s->ti_rptr++];
442 if (s->ti_size == 0) {
448 // Clear interrupt/error status bits
449 s->rregs[ESP_RSTAT] &= ~(STAT_GE | STAT_PE);
455 return s->rregs[saddr];
458 static void esp_mem_writeb(void *opaque, target_phys_addr_t addr, uint32_t val)
460 ESPState *s = opaque;
463 saddr = addr >> s->it_shift;
464 DPRINTF("write reg[%d]: 0x%2.2x -> 0x%2.2x\n", saddr, s->wregs[saddr],
469 s->rregs[ESP_RSTAT] &= ~STAT_TC;
473 s->cmdbuf[s->cmdlen++] = val & 0xff;
474 } else if (s->ti_size == TI_BUFSZ - 1) {
475 ESP_ERROR("fifo overrun\n");
478 s->ti_buf[s->ti_wptr++] = val & 0xff;
482 s->rregs[saddr] = val;
485 /* Reload DMA counter. */
486 s->rregs[ESP_TCLO] = s->wregs[ESP_TCLO];
487 s->rregs[ESP_TCMID] = s->wregs[ESP_TCMID];
491 switch(val & CMD_CMD) {
493 DPRINTF("NOP (%2.2x)\n", val);
496 DPRINTF("Flush FIFO (%2.2x)\n", val);
498 s->rregs[ESP_RINTR] = INTR_FC;
499 s->rregs[ESP_RSEQ] = 0;
500 s->rregs[ESP_RFLAGS] = 0;
503 DPRINTF("Chip reset (%2.2x)\n", val);
507 DPRINTF("Bus reset (%2.2x)\n", val);
508 s->rregs[ESP_RINTR] = INTR_RST;
509 if (!(s->wregs[ESP_CFG1] & CFG1_RESREPT)) {
517 DPRINTF("Initiator Command Complete Sequence (%2.2x)\n", val);
519 s->rregs[ESP_RINTR] = INTR_FC;
520 s->rregs[ESP_RSTAT] |= STAT_MI;
523 DPRINTF("Message Accepted (%2.2x)\n", val);
525 s->rregs[ESP_RINTR] = INTR_DC;
526 s->rregs[ESP_RSEQ] = 0;
529 DPRINTF("Set ATN (%2.2x)\n", val);
532 DPRINTF("Set ATN (%2.2x)\n", val);
536 DPRINTF("Set ATN & stop (%2.2x)\n", val);
540 DPRINTF("Enable selection (%2.2x)\n", val);
541 s->rregs[ESP_RINTR] = 0;
544 ESP_ERROR("Unhandled ESP command (%2.2x)\n", val);
548 case ESP_WBUSID ... ESP_WSYNO:
551 s->rregs[saddr] = val;
553 case ESP_WCCF ... ESP_WTEST:
555 case ESP_CFG2 ... ESP_RES4:
556 s->rregs[saddr] = val;
559 ESP_ERROR("invalid write of 0x%02x at [0x%x]\n", val, saddr);
562 s->wregs[saddr] = val;
565 static CPUReadMemoryFunc *esp_mem_read[3] = {
571 static CPUWriteMemoryFunc *esp_mem_write[3] = {
577 static void esp_save(QEMUFile *f, void *opaque)
579 ESPState *s = opaque;
581 qemu_put_buffer(f, s->rregs, ESP_REGS);
582 qemu_put_buffer(f, s->wregs, ESP_REGS);
583 qemu_put_sbe32s(f, &s->ti_size);
584 qemu_put_be32s(f, &s->ti_rptr);
585 qemu_put_be32s(f, &s->ti_wptr);
586 qemu_put_buffer(f, s->ti_buf, TI_BUFSZ);
587 qemu_put_be32s(f, &s->sense);
588 qemu_put_be32s(f, &s->dma);
589 qemu_put_buffer(f, s->cmdbuf, TI_BUFSZ);
590 qemu_put_be32s(f, &s->cmdlen);
591 qemu_put_be32s(f, &s->do_cmd);
592 qemu_put_be32s(f, &s->dma_left);
593 // There should be no transfers in progress, so dma_counter is not saved
596 static int esp_load(QEMUFile *f, void *opaque, int version_id)
598 ESPState *s = opaque;
601 return -EINVAL; // Cannot emulate 2
603 qemu_get_buffer(f, s->rregs, ESP_REGS);
604 qemu_get_buffer(f, s->wregs, ESP_REGS);
605 qemu_get_sbe32s(f, &s->ti_size);
606 qemu_get_be32s(f, &s->ti_rptr);
607 qemu_get_be32s(f, &s->ti_wptr);
608 qemu_get_buffer(f, s->ti_buf, TI_BUFSZ);
609 qemu_get_be32s(f, &s->sense);
610 qemu_get_be32s(f, &s->dma);
611 qemu_get_buffer(f, s->cmdbuf, TI_BUFSZ);
612 qemu_get_be32s(f, &s->cmdlen);
613 qemu_get_be32s(f, &s->do_cmd);
614 qemu_get_be32s(f, &s->dma_left);
619 static void esp_scsi_attach(DeviceState *host, BlockDriverState *bd, int id)
621 ESPState *s = FROM_SYSBUS(ESPState, sysbus_from_qdev(host));
624 for (id = 0; id < ESP_MAX_DEVS; id++) {
625 if (id == (s->rregs[ESP_CFG1] & 0x7))
627 if (s->scsi_dev[id] == NULL)
631 if (id >= ESP_MAX_DEVS) {
632 DPRINTF("Bad Device ID %d\n", id);
635 if (s->scsi_dev[id]) {
636 DPRINTF("Destroying device %d\n", id);
637 s->scsi_dev[id]->destroy(s->scsi_dev[id]);
639 DPRINTF("Attaching block device %d\n", id);
640 /* Command queueing is not implemented. */
641 s->scsi_dev[id] = scsi_generic_init(bd, 0, esp_command_complete, s);
642 if (s->scsi_dev[id] == NULL)
643 s->scsi_dev[id] = scsi_disk_init(bd, 0, esp_command_complete, s);
646 void esp_init(target_phys_addr_t espaddr, int it_shift,
647 espdma_memory_read_write dma_memory_read,
648 espdma_memory_read_write dma_memory_write,
649 void *dma_opaque, qemu_irq irq, qemu_irq *reset)
654 dev = qdev_create(NULL, "esp");
655 qdev_set_prop_ptr(dev, "dma_memory_read", dma_memory_read);
656 qdev_set_prop_ptr(dev, "dma_memory_write", dma_memory_write);
657 qdev_set_prop_ptr(dev, "dma_opaque", dma_opaque);
658 qdev_set_prop_int(dev, "it_shift", it_shift);
660 s = sysbus_from_qdev(dev);
661 sysbus_connect_irq(s, 0, irq);
662 sysbus_mmio_map(s, 0, espaddr);
665 static void esp_init1(SysBusDevice *dev)
667 ESPState *s = FROM_SYSBUS(ESPState, dev);
670 sysbus_init_irq(dev, &s->irq);
671 s->it_shift = qdev_get_prop_int(&dev->qdev, "it_shift", -1);
672 assert(s->it_shift != -1);
673 s->dma_memory_read = qdev_get_prop_ptr(&dev->qdev, "dma_memory_read");
674 s->dma_memory_write = qdev_get_prop_ptr(&dev->qdev, "dma_memory_write");
675 s->dma_opaque = qdev_get_prop_ptr(&dev->qdev, "dma_opaque");
677 esp_io_memory = cpu_register_io_memory(esp_mem_read, esp_mem_write, s);
678 sysbus_init_mmio(dev, ESP_REGS << s->it_shift, esp_io_memory);
682 register_savevm("esp", -1, 3, esp_save, esp_load, s);
683 qemu_register_reset(esp_reset, s);
685 qdev_init_gpio_in(&dev->qdev, parent_esp_reset, 1);
687 scsi_bus_new(&dev->qdev, esp_scsi_attach);
690 static void esp_register_devices(void)
692 sysbus_register_dev("esp", sizeof(ESPState), esp_init1);
695 device_init(esp_register_devices)
projects / qemu.git / blob