2 * QEMU LSI53C895A SCSI Host Bus Adapter emulation
4 * Copyright (c) 2006 CodeSourcery.
5 * Written by Paul Brook
7 * This code is licenced under the LGPL.
10 /* ??? Need to check if the {read,write}[wl] routines work properly on
11 big-endian targets. */
18 #include "block_int.h"
21 //#define DEBUG_LSI_REG
24 #define DPRINTF(fmt, ...) \
25 do { printf("lsi_scsi: " fmt , ## __VA_ARGS__); } while (0)
26 #define BADF(fmt, ...) \
27 do { fprintf(stderr, "lsi_scsi: error: " fmt , ## __VA_ARGS__); exit(1);} while (0)
29 #define DPRINTF(fmt, ...) do {} while(0)
30 #define BADF(fmt, ...) \
31 do { fprintf(stderr, "lsi_scsi: error: " fmt , ## __VA_ARGS__);} while (0)
34 #define LSI_MAX_DEVS 7
36 #define LSI_SCNTL0_TRG 0x01
37 #define LSI_SCNTL0_AAP 0x02
38 #define LSI_SCNTL0_EPC 0x08
39 #define LSI_SCNTL0_WATN 0x10
40 #define LSI_SCNTL0_START 0x20
42 #define LSI_SCNTL1_SST 0x01
43 #define LSI_SCNTL1_IARB 0x02
44 #define LSI_SCNTL1_AESP 0x04
45 #define LSI_SCNTL1_RST 0x08
46 #define LSI_SCNTL1_CON 0x10
47 #define LSI_SCNTL1_DHP 0x20
48 #define LSI_SCNTL1_ADB 0x40
49 #define LSI_SCNTL1_EXC 0x80
51 #define LSI_SCNTL2_WSR 0x01
52 #define LSI_SCNTL2_VUE0 0x02
53 #define LSI_SCNTL2_VUE1 0x04
54 #define LSI_SCNTL2_WSS 0x08
55 #define LSI_SCNTL2_SLPHBEN 0x10
56 #define LSI_SCNTL2_SLPMD 0x20
57 #define LSI_SCNTL2_CHM 0x40
58 #define LSI_SCNTL2_SDU 0x80
60 #define LSI_ISTAT0_DIP 0x01
61 #define LSI_ISTAT0_SIP 0x02
62 #define LSI_ISTAT0_INTF 0x04
63 #define LSI_ISTAT0_CON 0x08
64 #define LSI_ISTAT0_SEM 0x10
65 #define LSI_ISTAT0_SIGP 0x20
66 #define LSI_ISTAT0_SRST 0x40
67 #define LSI_ISTAT0_ABRT 0x80
69 #define LSI_ISTAT1_SI 0x01
70 #define LSI_ISTAT1_SRUN 0x02
71 #define LSI_ISTAT1_FLSH 0x04
73 #define LSI_SSTAT0_SDP0 0x01
74 #define LSI_SSTAT0_RST 0x02
75 #define LSI_SSTAT0_WOA 0x04
76 #define LSI_SSTAT0_LOA 0x08
77 #define LSI_SSTAT0_AIP 0x10
78 #define LSI_SSTAT0_OLF 0x20
79 #define LSI_SSTAT0_ORF 0x40
80 #define LSI_SSTAT0_ILF 0x80
82 #define LSI_SIST0_PAR 0x01
83 #define LSI_SIST0_RST 0x02
84 #define LSI_SIST0_UDC 0x04
85 #define LSI_SIST0_SGE 0x08
86 #define LSI_SIST0_RSL 0x10
87 #define LSI_SIST0_SEL 0x20
88 #define LSI_SIST0_CMP 0x40
89 #define LSI_SIST0_MA 0x80
91 #define LSI_SIST1_HTH 0x01
92 #define LSI_SIST1_GEN 0x02
93 #define LSI_SIST1_STO 0x04
94 #define LSI_SIST1_SBMC 0x10
96 #define LSI_SOCL_IO 0x01
97 #define LSI_SOCL_CD 0x02
98 #define LSI_SOCL_MSG 0x04
99 #define LSI_SOCL_ATN 0x08
100 #define LSI_SOCL_SEL 0x10
101 #define LSI_SOCL_BSY 0x20
102 #define LSI_SOCL_ACK 0x40
103 #define LSI_SOCL_REQ 0x80
105 #define LSI_DSTAT_IID 0x01
106 #define LSI_DSTAT_SIR 0x04
107 #define LSI_DSTAT_SSI 0x08
108 #define LSI_DSTAT_ABRT 0x10
109 #define LSI_DSTAT_BF 0x20
110 #define LSI_DSTAT_MDPE 0x40
111 #define LSI_DSTAT_DFE 0x80
113 #define LSI_DCNTL_COM 0x01
114 #define LSI_DCNTL_IRQD 0x02
115 #define LSI_DCNTL_STD 0x04
116 #define LSI_DCNTL_IRQM 0x08
117 #define LSI_DCNTL_SSM 0x10
118 #define LSI_DCNTL_PFEN 0x20
119 #define LSI_DCNTL_PFF 0x40
120 #define LSI_DCNTL_CLSE 0x80
122 #define LSI_DMODE_MAN 0x01
123 #define LSI_DMODE_BOF 0x02
124 #define LSI_DMODE_ERMP 0x04
125 #define LSI_DMODE_ERL 0x08
126 #define LSI_DMODE_DIOM 0x10
127 #define LSI_DMODE_SIOM 0x20
129 #define LSI_CTEST2_DACK 0x01
130 #define LSI_CTEST2_DREQ 0x02
131 #define LSI_CTEST2_TEOP 0x04
132 #define LSI_CTEST2_PCICIE 0x08
133 #define LSI_CTEST2_CM 0x10
134 #define LSI_CTEST2_CIO 0x20
135 #define LSI_CTEST2_SIGP 0x40
136 #define LSI_CTEST2_DDIR 0x80
138 #define LSI_CTEST5_BL2 0x04
139 #define LSI_CTEST5_DDIR 0x08
140 #define LSI_CTEST5_MASR 0x10
141 #define LSI_CTEST5_DFSN 0x20
142 #define LSI_CTEST5_BBCK 0x40
143 #define LSI_CTEST5_ADCK 0x80
145 #define LSI_CCNTL0_DILS 0x01
146 #define LSI_CCNTL0_DISFC 0x10
147 #define LSI_CCNTL0_ENNDJ 0x20
148 #define LSI_CCNTL0_PMJCTL 0x40
149 #define LSI_CCNTL0_ENPMJ 0x80
151 #define LSI_CCNTL1_EN64DBMV 0x01
152 #define LSI_CCNTL1_EN64TIBMV 0x02
153 #define LSI_CCNTL1_64TIMOD 0x04
154 #define LSI_CCNTL1_DDAC 0x08
155 #define LSI_CCNTL1_ZMOD 0x80
157 /* Enable Response to Reselection */
158 #define LSI_SCID_RRE 0x60
160 #define LSI_CCNTL1_40BIT (LSI_CCNTL1_EN64TIBMV|LSI_CCNTL1_64TIMOD)
170 /* Maximum length of MSG IN data. */
171 #define LSI_MAX_MSGIN_LEN 8
173 /* Flag set if this is a tagged command. */
174 #define LSI_TAG_VALID (1 << 16)
176 typedef struct lsi_request {
182 QTAILQ_ENTRY(lsi_request) next;
189 uint32_t script_ram_base;
191 int carry; /* ??? Should this be an a visible register somewhere? */
193 /* Action to take at the end of a MSG IN phase.
194 0 = COMMAND, 1 = disconnect, 2 = DATA OUT, 3 = DATA IN. */
197 uint8_t msg[LSI_MAX_MSGIN_LEN];
198 /* 0 if SCRIPTS are running or stopped.
199 * 1 if a Wait Reselect instruction has been issued.
200 * 2 if processing DMA from lsi_execute_script.
201 * 3 if a DMA operation is in progress. */
205 /* The tag is a combination of the device ID and the SCSI tag. */
207 int command_complete;
208 QTAILQ_HEAD(, lsi_request) queue;
209 lsi_request *current;
270 uint32_t scratch[18]; /* SCRATCHA-SCRATCHR */
273 /* Script ram is stored as 32-bit words in host byteorder. */
274 uint32_t script_ram[2048];
277 static inline int lsi_irq_on_rsl(LSIState *s)
279 return (s->sien0 & LSI_SIST0_RSL) && (s->scid & LSI_SCID_RRE);
282 static void lsi_soft_reset(LSIState *s)
296 memset(s->scratch, 0, sizeof(s->scratch));
300 s->dstat = LSI_DSTAT_DFE;
309 s->ctest2 = LSI_CTEST2_DACK;
352 while (!QTAILQ_EMPTY(&s->queue)) {
353 p = QTAILQ_FIRST(&s->queue);
354 QTAILQ_REMOVE(&s->queue, p, next);
358 qemu_free(s->current);
363 static int lsi_dma_40bit(LSIState *s)
365 if ((s->ccntl1 & LSI_CCNTL1_40BIT) == LSI_CCNTL1_40BIT)
370 static int lsi_dma_ti64bit(LSIState *s)
372 if ((s->ccntl1 & LSI_CCNTL1_EN64TIBMV) == LSI_CCNTL1_EN64TIBMV)
377 static int lsi_dma_64bit(LSIState *s)
379 if ((s->ccntl1 & LSI_CCNTL1_EN64DBMV) == LSI_CCNTL1_EN64DBMV)
384 static uint8_t lsi_reg_readb(LSIState *s, int offset);
385 static void lsi_reg_writeb(LSIState *s, int offset, uint8_t val);
386 static void lsi_execute_script(LSIState *s);
387 static void lsi_reselect(LSIState *s, lsi_request *p);
389 static inline uint32_t read_dword(LSIState *s, uint32_t addr)
393 /* Optimize reading from SCRIPTS RAM. */
394 if ((addr & 0xffffe000) == s->script_ram_base) {
395 return s->script_ram[(addr & 0x1fff) >> 2];
397 cpu_physical_memory_read(addr, (uint8_t *)&buf, 4);
398 return cpu_to_le32(buf);
401 static void lsi_stop_script(LSIState *s)
403 s->istat1 &= ~LSI_ISTAT1_SRUN;
406 static void lsi_update_irq(LSIState *s)
409 static int last_level;
412 /* It's unclear whether the DIP/SIP bits should be cleared when the
413 Interrupt Status Registers are cleared or when istat0 is read.
414 We currently do the formwer, which seems to work. */
417 if (s->dstat & s->dien)
419 s->istat0 |= LSI_ISTAT0_DIP;
421 s->istat0 &= ~LSI_ISTAT0_DIP;
424 if (s->sist0 || s->sist1) {
425 if ((s->sist0 & s->sien0) || (s->sist1 & s->sien1))
427 s->istat0 |= LSI_ISTAT0_SIP;
429 s->istat0 &= ~LSI_ISTAT0_SIP;
431 if (s->istat0 & LSI_ISTAT0_INTF)
434 if (level != last_level) {
435 DPRINTF("Update IRQ level %d dstat %02x sist %02x%02x\n",
436 level, s->dstat, s->sist1, s->sist0);
439 qemu_set_irq(s->dev.irq[0], level);
441 if (!level && lsi_irq_on_rsl(s) && !(s->scntl1 & LSI_SCNTL1_CON)) {
442 DPRINTF("Handled IRQs & disconnected, looking for pending "
444 QTAILQ_FOREACH(p, &s->queue, next) {
453 /* Stop SCRIPTS execution and raise a SCSI interrupt. */
454 static void lsi_script_scsi_interrupt(LSIState *s, int stat0, int stat1)
459 DPRINTF("SCSI Interrupt 0x%02x%02x prev 0x%02x%02x\n",
460 stat1, stat0, s->sist1, s->sist0);
463 /* Stop processor on fatal or unmasked interrupt. As a special hack
464 we don't stop processing when raising STO. Instead continue
465 execution and stop at the next insn that accesses the SCSI bus. */
466 mask0 = s->sien0 | ~(LSI_SIST0_CMP | LSI_SIST0_SEL | LSI_SIST0_RSL);
467 mask1 = s->sien1 | ~(LSI_SIST1_GEN | LSI_SIST1_HTH);
468 mask1 &= ~LSI_SIST1_STO;
469 if (s->sist0 & mask0 || s->sist1 & mask1) {
475 /* Stop SCRIPTS execution and raise a DMA interrupt. */
476 static void lsi_script_dma_interrupt(LSIState *s, int stat)
478 DPRINTF("DMA Interrupt 0x%x prev 0x%x\n", stat, s->dstat);
484 static inline void lsi_set_phase(LSIState *s, int phase)
486 s->sstat1 = (s->sstat1 & ~PHASE_MASK) | phase;
489 static void lsi_bad_phase(LSIState *s, int out, int new_phase)
491 /* Trigger a phase mismatch. */
492 if (s->ccntl0 & LSI_CCNTL0_ENPMJ) {
493 if ((s->ccntl0 & LSI_CCNTL0_PMJCTL) || out) {
498 DPRINTF("Data phase mismatch jump to %08x\n", s->dsp);
500 DPRINTF("Phase mismatch interrupt\n");
501 lsi_script_scsi_interrupt(s, LSI_SIST0_MA, 0);
504 lsi_set_phase(s, new_phase);
508 /* Resume SCRIPTS execution after a DMA operation. */
509 static void lsi_resume_script(LSIState *s)
511 if (s->waiting != 2) {
513 lsi_execute_script(s);
519 static void lsi_disconnect(LSIState *s)
521 s->scntl1 &= ~LSI_SCNTL1_CON;
522 s->sstat1 &= ~PHASE_MASK;
525 static void lsi_bad_selection(LSIState *s, uint32_t id)
527 DPRINTF("Selected absent target %d\n", id);
528 lsi_script_scsi_interrupt(s, 0, LSI_SIST1_STO);
532 /* Initiate a SCSI layer data transfer. */
533 static void lsi_do_dma(LSIState *s, int out)
536 target_phys_addr_t addr;
540 if (!s->current->dma_len) {
541 /* Wait until data is available. */
542 DPRINTF("DMA no data available\n");
546 id = s->current->tag >> 8;
547 dev = s->bus.devs[id];
549 lsi_bad_selection(s, id);
554 if (count > s->current->dma_len)
555 count = s->current->dma_len;
558 /* both 40 and Table Indirect 64-bit DMAs store upper bits in dnad64 */
559 if (lsi_dma_40bit(s) || lsi_dma_ti64bit(s))
560 addr |= ((uint64_t)s->dnad64 << 32);
562 addr |= ((uint64_t)s->dbms << 32);
564 addr |= ((uint64_t)s->sbms << 32);
566 DPRINTF("DMA addr=0x" TARGET_FMT_plx " len=%d\n", addr, count);
571 if (s->current->dma_buf == NULL) {
572 s->current->dma_buf = dev->info->get_buf(dev, s->current->tag);
575 /* ??? Set SFBR to first data byte. */
577 cpu_physical_memory_read(addr, s->current->dma_buf, count);
579 cpu_physical_memory_write(addr, s->current->dma_buf, count);
581 s->current->dma_len -= count;
582 if (s->current->dma_len == 0) {
583 s->current->dma_buf = NULL;
585 /* Write the data. */
586 dev->info->write_data(dev, s->current->tag);
588 /* Request any remaining data. */
589 dev->info->read_data(dev, s->current->tag);
592 s->current->dma_buf += count;
593 lsi_resume_script(s);
598 /* Add a command to the queue. */
599 static void lsi_queue_command(LSIState *s)
601 lsi_request *p = s->current;
603 DPRINTF("Queueing tag=0x%x\n", s->current_tag);
604 assert(s->current != NULL);
605 assert(s->current->dma_len == 0);
606 QTAILQ_INSERT_TAIL(&s->queue, s->current, next);
610 p->out = (s->sstat1 & PHASE_MASK) == PHASE_DO;
613 /* Queue a byte for a MSG IN phase. */
614 static void lsi_add_msg_byte(LSIState *s, uint8_t data)
616 if (s->msg_len >= LSI_MAX_MSGIN_LEN) {
617 BADF("MSG IN data too long\n");
619 DPRINTF("MSG IN 0x%02x\n", data);
620 s->msg[s->msg_len++] = data;
624 /* Perform reselection to continue a command. */
625 static void lsi_reselect(LSIState *s, lsi_request *p)
629 assert(s->current == NULL);
630 QTAILQ_REMOVE(&s->queue, p, next);
633 id = (p->tag >> 8) & 0xf;
635 /* LSI53C700 Family Compatibility, see LSI53C895A 4-73 */
636 if (!(s->dcntl & LSI_DCNTL_COM)) {
637 s->sfbr = 1 << (id & 0x7);
639 DPRINTF("Reselected target %d\n", id);
640 s->scntl1 |= LSI_SCNTL1_CON;
641 lsi_set_phase(s, PHASE_MI);
642 s->msg_action = p->out ? 2 : 3;
643 s->current->dma_len = p->pending;
644 lsi_add_msg_byte(s, 0x80);
645 if (s->current->tag & LSI_TAG_VALID) {
646 lsi_add_msg_byte(s, 0x20);
647 lsi_add_msg_byte(s, p->tag & 0xff);
650 if (lsi_irq_on_rsl(s)) {
651 lsi_script_scsi_interrupt(s, LSI_SIST0_RSL, 0);
655 /* Record that data is available for a queued command. Returns zero if
656 the device was reselected, nonzero if the IO is deferred. */
657 static int lsi_queue_tag(LSIState *s, uint32_t tag, uint32_t arg)
661 QTAILQ_FOREACH(p, &s->queue, next) {
664 BADF("Multiple IO pending for tag %d\n", tag);
667 /* Reselect if waiting for it, or if reselection triggers an IRQ
669 Since no interrupt stacking is implemented in the emulation, it
670 is also required that there are no pending interrupts waiting
671 for service from the device driver. */
672 if (s->waiting == 1 ||
673 (lsi_irq_on_rsl(s) && !(s->scntl1 & LSI_SCNTL1_CON) &&
674 !(s->istat0 & (LSI_ISTAT0_SIP | LSI_ISTAT0_DIP)))) {
675 /* Reselect device. */
679 DPRINTF("Queueing IO tag=0x%x\n", tag);
685 BADF("IO with unknown tag %d\n", tag);
689 /* Callback to indicate that the SCSI layer has completed a transfer. */
690 static void lsi_command_complete(SCSIBus *bus, int reason, uint32_t tag,
693 LSIState *s = DO_UPCAST(LSIState, dev.qdev, bus->qbus.parent);
696 out = (s->sstat1 & PHASE_MASK) == PHASE_DO;
697 if (reason == SCSI_REASON_DONE) {
698 DPRINTF("Command complete sense=%d\n", (int)arg);
700 s->command_complete = 2;
701 if (s->waiting && s->dbc != 0) {
702 /* Raise phase mismatch for short transfers. */
703 lsi_bad_phase(s, out, PHASE_ST);
705 lsi_set_phase(s, PHASE_ST);
708 qemu_free(s->current);
711 lsi_resume_script(s);
715 if (s->waiting == 1 || !s->current || tag != s->current->tag ||
716 (lsi_irq_on_rsl(s) && !(s->scntl1 & LSI_SCNTL1_CON))) {
717 if (lsi_queue_tag(s, tag, arg))
721 /* host adapter (re)connected */
722 DPRINTF("Data ready tag=0x%x len=%d\n", tag, arg);
723 s->current->dma_len = arg;
724 s->command_complete = 1;
727 if (s->waiting == 1 || s->dbc == 0) {
728 lsi_resume_script(s);
734 static void lsi_do_command(LSIState *s)
741 DPRINTF("Send command len=%d\n", s->dbc);
744 cpu_physical_memory_read(s->dnad, buf, s->dbc);
746 s->command_complete = 0;
748 id = s->select_tag >> 8;
749 dev = s->bus.devs[id];
751 lsi_bad_selection(s, id);
755 assert(s->current == NULL);
756 s->current = qemu_mallocz(sizeof(lsi_request));
757 s->current->tag = s->select_tag;
759 n = dev->info->send_command(dev, s->current->tag, buf, s->current_lun);
761 lsi_set_phase(s, PHASE_DI);
762 dev->info->read_data(dev, s->current->tag);
764 lsi_set_phase(s, PHASE_DO);
765 dev->info->write_data(dev, s->current->tag);
768 if (!s->command_complete) {
770 /* Command did not complete immediately so disconnect. */
771 lsi_add_msg_byte(s, 2); /* SAVE DATA POINTER */
772 lsi_add_msg_byte(s, 4); /* DISCONNECT */
774 lsi_set_phase(s, PHASE_MI);
776 lsi_queue_command(s);
778 /* wait command complete */
779 lsi_set_phase(s, PHASE_DI);
784 static void lsi_do_status(LSIState *s)
787 DPRINTF("Get status len=%d sense=%d\n", s->dbc, s->sense);
789 BADF("Bad Status move\n");
793 cpu_physical_memory_write(s->dnad, &sense, 1);
794 lsi_set_phase(s, PHASE_MI);
796 lsi_add_msg_byte(s, 0); /* COMMAND COMPLETE */
799 static void lsi_do_msgin(LSIState *s)
802 DPRINTF("Message in len=%d/%d\n", s->dbc, s->msg_len);
807 cpu_physical_memory_write(s->dnad, s->msg, len);
808 /* Linux drivers rely on the last byte being in the SIDL. */
809 s->sidl = s->msg[len - 1];
812 memmove(s->msg, s->msg + len, s->msg_len);
814 /* ??? Check if ATN (not yet implemented) is asserted and maybe
815 switch to PHASE_MO. */
816 switch (s->msg_action) {
818 lsi_set_phase(s, PHASE_CMD);
824 lsi_set_phase(s, PHASE_DO);
827 lsi_set_phase(s, PHASE_DI);
835 /* Read the next byte during a MSGOUT phase. */
836 static uint8_t lsi_get_msgbyte(LSIState *s)
839 cpu_physical_memory_read(s->dnad, &data, 1);
845 static void lsi_do_msgout(LSIState *s)
850 DPRINTF("MSG out len=%d\n", s->dbc);
852 msg = lsi_get_msgbyte(s);
857 DPRINTF("MSG: Disconnect\n");
861 DPRINTF("MSG: No Operation\n");
862 lsi_set_phase(s, PHASE_CMD);
865 len = lsi_get_msgbyte(s);
866 msg = lsi_get_msgbyte(s);
867 DPRINTF("Extended message 0x%x (len %d)\n", msg, len);
870 DPRINTF("SDTR (ignored)\n");
874 DPRINTF("WDTR (ignored)\n");
881 case 0x20: /* SIMPLE queue */
882 s->select_tag |= lsi_get_msgbyte(s) | LSI_TAG_VALID;
883 DPRINTF("SIMPLE queue tag=0x%x\n", s->current_tag & 0xff);
885 case 0x21: /* HEAD of queue */
886 BADF("HEAD queue not implemented\n");
887 s->select_tag |= lsi_get_msgbyte(s) | LSI_TAG_VALID;
889 case 0x22: /* ORDERED queue */
890 BADF("ORDERED queue not implemented\n");
891 s->select_tag |= lsi_get_msgbyte(s) | LSI_TAG_VALID;
894 if ((msg & 0x80) == 0) {
897 s->current_lun = msg & 7;
898 DPRINTF("Select LUN %d\n", s->current_lun);
899 lsi_set_phase(s, PHASE_CMD);
905 BADF("Unimplemented message 0x%02x\n", msg);
906 lsi_set_phase(s, PHASE_MI);
907 lsi_add_msg_byte(s, 7); /* MESSAGE REJECT */
911 /* Sign extend a 24-bit value. */
912 static inline int32_t sxt24(int32_t n)
914 return (n << 8) >> 8;
917 #define LSI_BUF_SIZE 4096
918 static void lsi_memcpy(LSIState *s, uint32_t dest, uint32_t src, int count)
921 uint8_t buf[LSI_BUF_SIZE];
923 DPRINTF("memcpy dest 0x%08x src 0x%08x count %d\n", dest, src, count);
925 n = (count > LSI_BUF_SIZE) ? LSI_BUF_SIZE : count;
926 cpu_physical_memory_read(src, buf, n);
927 cpu_physical_memory_write(dest, buf, n);
934 static void lsi_wait_reselect(LSIState *s)
938 DPRINTF("Wait Reselect\n");
940 QTAILQ_FOREACH(p, &s->queue, next) {
946 if (s->current == NULL) {
951 static void lsi_execute_script(LSIState *s)
954 uint32_t addr, addr_high;
956 int insn_processed = 0;
958 s->istat1 |= LSI_ISTAT1_SRUN;
961 insn = read_dword(s, s->dsp);
963 /* If we receive an empty opcode increment the DSP by 4 bytes
964 instead of 8 and execute the next opcode at that location */
968 addr = read_dword(s, s->dsp + 4);
970 DPRINTF("SCRIPTS dsp=%08x opcode %08x arg %08x\n", s->dsp, insn, addr);
972 s->dcmd = insn >> 24;
974 switch (insn >> 30) {
975 case 0: /* Block move. */
976 if (s->sist1 & LSI_SIST1_STO) {
977 DPRINTF("Delayed select timeout\n");
981 s->dbc = insn & 0xffffff;
985 if (insn & (1 << 29)) {
986 /* Indirect addressing. */
987 addr = read_dword(s, addr);
988 } else if (insn & (1 << 28)) {
991 /* Table indirect addressing. */
993 /* 32-bit Table indirect */
994 offset = sxt24(addr);
995 cpu_physical_memory_read(s->dsa + offset, (uint8_t *)buf, 8);
996 /* byte count is stored in bits 0:23 only */
997 s->dbc = cpu_to_le32(buf[0]) & 0xffffff;
999 addr = cpu_to_le32(buf[1]);
1001 /* 40-bit DMA, upper addr bits [39:32] stored in first DWORD of
1002 * table, bits [31:24] */
1003 if (lsi_dma_40bit(s))
1004 addr_high = cpu_to_le32(buf[0]) >> 24;
1005 else if (lsi_dma_ti64bit(s)) {
1006 int selector = (cpu_to_le32(buf[0]) >> 24) & 0x1f;
1009 /* offset index into scratch registers since
1010 * TI64 mode can use registers C to R */
1011 addr_high = s->scratch[2 + selector];
1014 addr_high = s->mmrs;
1017 addr_high = s->mmws;
1026 addr_high = s->sbms;
1029 addr_high = s->dbms;
1032 BADF("Illegal selector specified (0x%x > 0x15)"
1033 " for 64-bit DMA block move", selector);
1037 } else if (lsi_dma_64bit(s)) {
1038 /* fetch a 3rd dword if 64-bit direct move is enabled and
1039 only if we're not doing table indirect or indirect addressing */
1040 s->dbms = read_dword(s, s->dsp);
1042 s->ia = s->dsp - 12;
1044 if ((s->sstat1 & PHASE_MASK) != ((insn >> 24) & 7)) {
1045 DPRINTF("Wrong phase got %d expected %d\n",
1046 s->sstat1 & PHASE_MASK, (insn >> 24) & 7);
1047 lsi_script_scsi_interrupt(s, LSI_SIST0_MA, 0);
1051 s->dnad64 = addr_high;
1052 switch (s->sstat1 & 0x7) {
1078 BADF("Unimplemented phase %d\n", s->sstat1 & PHASE_MASK);
1081 s->dfifo = s->dbc & 0xff;
1082 s->ctest5 = (s->ctest5 & 0xfc) | ((s->dbc >> 8) & 3);
1085 s->ua = addr + s->dbc;
1088 case 1: /* IO or Read/Write instruction. */
1089 opcode = (insn >> 27) & 7;
1093 if (insn & (1 << 25)) {
1094 id = read_dword(s, s->dsa + sxt24(insn));
1098 id = (id >> 16) & 0xf;
1099 if (insn & (1 << 26)) {
1100 addr = s->dsp + sxt24(addr);
1104 case 0: /* Select */
1106 if (s->scntl1 & LSI_SCNTL1_CON) {
1107 DPRINTF("Already reselected, jumping to alternative address\n");
1111 s->sstat0 |= LSI_SSTAT0_WOA;
1112 s->scntl1 &= ~LSI_SCNTL1_IARB;
1113 if (id >= LSI_MAX_DEVS || !s->bus.devs[id]) {
1114 lsi_bad_selection(s, id);
1117 DPRINTF("Selected target %d%s\n",
1118 id, insn & (1 << 3) ? " ATN" : "");
1119 /* ??? Linux drivers compain when this is set. Maybe
1120 it only applies in low-level mode (unimplemented).
1121 lsi_script_scsi_interrupt(s, LSI_SIST0_CMP, 0); */
1122 s->select_tag = id << 8;
1123 s->scntl1 |= LSI_SCNTL1_CON;
1124 if (insn & (1 << 3)) {
1125 s->socl |= LSI_SOCL_ATN;
1127 lsi_set_phase(s, PHASE_MO);
1129 case 1: /* Disconnect */
1130 DPRINTF("Wait Disconnect\n");
1131 s->scntl1 &= ~LSI_SCNTL1_CON;
1133 case 2: /* Wait Reselect */
1134 if (!lsi_irq_on_rsl(s)) {
1135 lsi_wait_reselect(s);
1139 DPRINTF("Set%s%s%s%s\n",
1140 insn & (1 << 3) ? " ATN" : "",
1141 insn & (1 << 6) ? " ACK" : "",
1142 insn & (1 << 9) ? " TM" : "",
1143 insn & (1 << 10) ? " CC" : "");
1144 if (insn & (1 << 3)) {
1145 s->socl |= LSI_SOCL_ATN;
1146 lsi_set_phase(s, PHASE_MO);
1148 if (insn & (1 << 9)) {
1149 BADF("Target mode not implemented\n");
1152 if (insn & (1 << 10))
1156 DPRINTF("Clear%s%s%s%s\n",
1157 insn & (1 << 3) ? " ATN" : "",
1158 insn & (1 << 6) ? " ACK" : "",
1159 insn & (1 << 9) ? " TM" : "",
1160 insn & (1 << 10) ? " CC" : "");
1161 if (insn & (1 << 3)) {
1162 s->socl &= ~LSI_SOCL_ATN;
1164 if (insn & (1 << 10))
1175 static const char *opcode_names[3] =
1176 {"Write", "Read", "Read-Modify-Write"};
1177 static const char *operator_names[8] =
1178 {"MOV", "SHL", "OR", "XOR", "AND", "SHR", "ADD", "ADC"};
1181 reg = ((insn >> 16) & 0x7f) | (insn & 0x80);
1182 data8 = (insn >> 8) & 0xff;
1183 opcode = (insn >> 27) & 7;
1184 operator = (insn >> 24) & 7;
1185 DPRINTF("%s reg 0x%x %s data8=0x%02x sfbr=0x%02x%s\n",
1186 opcode_names[opcode - 5], reg,
1187 operator_names[operator], data8, s->sfbr,
1188 (insn & (1 << 23)) ? " SFBR" : "");
1191 case 5: /* From SFBR */
1195 case 6: /* To SFBR */
1197 op0 = lsi_reg_readb(s, reg);
1200 case 7: /* Read-modify-write */
1202 op0 = lsi_reg_readb(s, reg);
1203 if (insn & (1 << 23)) {
1215 case 1: /* Shift left */
1217 op0 = (op0 << 1) | s->carry;
1231 op0 = (op0 >> 1) | (s->carry << 7);
1236 s->carry = op0 < op1;
1239 op0 += op1 + s->carry;
1241 s->carry = op0 <= op1;
1243 s->carry = op0 < op1;
1248 case 5: /* From SFBR */
1249 case 7: /* Read-modify-write */
1250 lsi_reg_writeb(s, reg, op0);
1252 case 6: /* To SFBR */
1259 case 2: /* Transfer Control. */
1264 if ((insn & 0x002e0000) == 0) {
1268 if (s->sist1 & LSI_SIST1_STO) {
1269 DPRINTF("Delayed select timeout\n");
1273 cond = jmp = (insn & (1 << 19)) != 0;
1274 if (cond == jmp && (insn & (1 << 21))) {
1275 DPRINTF("Compare carry %d\n", s->carry == jmp);
1276 cond = s->carry != 0;
1278 if (cond == jmp && (insn & (1 << 17))) {
1279 DPRINTF("Compare phase %d %c= %d\n",
1280 (s->sstat1 & PHASE_MASK),
1282 ((insn >> 24) & 7));
1283 cond = (s->sstat1 & PHASE_MASK) == ((insn >> 24) & 7);
1285 if (cond == jmp && (insn & (1 << 18))) {
1288 mask = (~insn >> 8) & 0xff;
1289 DPRINTF("Compare data 0x%x & 0x%x %c= 0x%x\n",
1290 s->sfbr, mask, jmp ? '=' : '!', insn & mask);
1291 cond = (s->sfbr & mask) == (insn & mask);
1294 if (insn & (1 << 23)) {
1295 /* Relative address. */
1296 addr = s->dsp + sxt24(addr);
1298 switch ((insn >> 27) & 7) {
1300 DPRINTF("Jump to 0x%08x\n", addr);
1304 DPRINTF("Call 0x%08x\n", addr);
1308 case 2: /* Return */
1309 DPRINTF("Return to 0x%08x\n", s->temp);
1312 case 3: /* Interrupt */
1313 DPRINTF("Interrupt 0x%08x\n", s->dsps);
1314 if ((insn & (1 << 20)) != 0) {
1315 s->istat0 |= LSI_ISTAT0_INTF;
1318 lsi_script_dma_interrupt(s, LSI_DSTAT_SIR);
1322 DPRINTF("Illegal transfer control\n");
1323 lsi_script_dma_interrupt(s, LSI_DSTAT_IID);
1327 DPRINTF("Control condition failed\n");
1333 if ((insn & (1 << 29)) == 0) {
1336 /* ??? The docs imply the destination address is loaded into
1337 the TEMP register. However the Linux drivers rely on
1338 the value being presrved. */
1339 dest = read_dword(s, s->dsp);
1341 lsi_memcpy(s, dest, addr, insn & 0xffffff);
1348 if (insn & (1 << 28)) {
1349 addr = s->dsa + sxt24(addr);
1352 reg = (insn >> 16) & 0xff;
1353 if (insn & (1 << 24)) {
1354 cpu_physical_memory_read(addr, data, n);
1355 DPRINTF("Load reg 0x%x size %d addr 0x%08x = %08x\n", reg, n,
1356 addr, *(int *)data);
1357 for (i = 0; i < n; i++) {
1358 lsi_reg_writeb(s, reg + i, data[i]);
1361 DPRINTF("Store reg 0x%x size %d addr 0x%08x\n", reg, n, addr);
1362 for (i = 0; i < n; i++) {
1363 data[i] = lsi_reg_readb(s, reg + i);
1365 cpu_physical_memory_write(addr, data, n);
1369 if (insn_processed > 10000 && !s->waiting) {
1370 /* Some windows drivers make the device spin waiting for a memory
1371 location to change. If we have been executed a lot of code then
1372 assume this is the case and force an unexpected device disconnect.
1373 This is apparently sufficient to beat the drivers into submission.
1375 if (!(s->sien0 & LSI_SIST0_UDC))
1376 fprintf(stderr, "inf. loop with UDC masked\n");
1377 lsi_script_scsi_interrupt(s, LSI_SIST0_UDC, 0);
1379 } else if (s->istat1 & LSI_ISTAT1_SRUN && !s->waiting) {
1380 if (s->dcntl & LSI_DCNTL_SSM) {
1381 lsi_script_dma_interrupt(s, LSI_DSTAT_SSI);
1386 DPRINTF("SCRIPTS execution stopped\n");
1389 static uint8_t lsi_reg_readb(LSIState *s, int offset)
1392 #define CASE_GET_REG24(name, addr) \
1393 case addr: return s->name & 0xff; \
1394 case addr + 1: return (s->name >> 8) & 0xff; \
1395 case addr + 2: return (s->name >> 16) & 0xff;
1397 #define CASE_GET_REG32(name, addr) \
1398 case addr: return s->name & 0xff; \
1399 case addr + 1: return (s->name >> 8) & 0xff; \
1400 case addr + 2: return (s->name >> 16) & 0xff; \
1401 case addr + 3: return (s->name >> 24) & 0xff;
1403 #ifdef DEBUG_LSI_REG
1404 DPRINTF("Read reg %x\n", offset);
1407 case 0x00: /* SCNTL0 */
1409 case 0x01: /* SCNTL1 */
1411 case 0x02: /* SCNTL2 */
1413 case 0x03: /* SCNTL3 */
1415 case 0x04: /* SCID */
1417 case 0x05: /* SXFER */
1419 case 0x06: /* SDID */
1421 case 0x07: /* GPREG0 */
1423 case 0x08: /* Revision ID */
1425 case 0xa: /* SSID */
1427 case 0xb: /* SBCL */
1428 /* ??? This is not correct. However it's (hopefully) only
1429 used for diagnostics, so should be ok. */
1431 case 0xc: /* DSTAT */
1432 tmp = s->dstat | 0x80;
1433 if ((s->istat0 & LSI_ISTAT0_INTF) == 0)
1437 case 0x0d: /* SSTAT0 */
1439 case 0x0e: /* SSTAT1 */
1441 case 0x0f: /* SSTAT2 */
1442 return s->scntl1 & LSI_SCNTL1_CON ? 0 : 2;
1443 CASE_GET_REG32(dsa, 0x10)
1444 case 0x14: /* ISTAT0 */
1446 case 0x15: /* ISTAT1 */
1448 case 0x16: /* MBOX0 */
1450 case 0x17: /* MBOX1 */
1452 case 0x18: /* CTEST0 */
1454 case 0x19: /* CTEST1 */
1456 case 0x1a: /* CTEST2 */
1457 tmp = s->ctest2 | LSI_CTEST2_DACK | LSI_CTEST2_CM;
1458 if (s->istat0 & LSI_ISTAT0_SIGP) {
1459 s->istat0 &= ~LSI_ISTAT0_SIGP;
1460 tmp |= LSI_CTEST2_SIGP;
1463 case 0x1b: /* CTEST3 */
1465 CASE_GET_REG32(temp, 0x1c)
1466 case 0x20: /* DFIFO */
1468 case 0x21: /* CTEST4 */
1470 case 0x22: /* CTEST5 */
1472 case 0x23: /* CTEST6 */
1474 CASE_GET_REG24(dbc, 0x24)
1475 case 0x27: /* DCMD */
1477 CASE_GET_REG32(dnad, 0x28)
1478 CASE_GET_REG32(dsp, 0x2c)
1479 CASE_GET_REG32(dsps, 0x30)
1480 CASE_GET_REG32(scratch[0], 0x34)
1481 case 0x38: /* DMODE */
1483 case 0x39: /* DIEN */
1485 case 0x3a: /* SBR */
1487 case 0x3b: /* DCNTL */
1489 case 0x40: /* SIEN0 */
1491 case 0x41: /* SIEN1 */
1493 case 0x42: /* SIST0 */
1498 case 0x43: /* SIST1 */
1503 case 0x46: /* MACNTL */
1505 case 0x47: /* GPCNTL0 */
1507 case 0x48: /* STIME0 */
1509 case 0x4a: /* RESPID0 */
1511 case 0x4b: /* RESPID1 */
1513 case 0x4d: /* STEST1 */
1515 case 0x4e: /* STEST2 */
1517 case 0x4f: /* STEST3 */
1519 case 0x50: /* SIDL */
1520 /* This is needed by the linux drivers. We currently only update it
1521 during the MSG IN phase. */
1523 case 0x52: /* STEST4 */
1525 case 0x56: /* CCNTL0 */
1527 case 0x57: /* CCNTL1 */
1529 case 0x58: /* SBDL */
1530 /* Some drivers peek at the data bus during the MSG IN phase. */
1531 if ((s->sstat1 & PHASE_MASK) == PHASE_MI)
1534 case 0x59: /* SBDL high */
1536 CASE_GET_REG32(mmrs, 0xa0)
1537 CASE_GET_REG32(mmws, 0xa4)
1538 CASE_GET_REG32(sfs, 0xa8)
1539 CASE_GET_REG32(drs, 0xac)
1540 CASE_GET_REG32(sbms, 0xb0)
1541 CASE_GET_REG32(dbms, 0xb4)
1542 CASE_GET_REG32(dnad64, 0xb8)
1543 CASE_GET_REG32(pmjad1, 0xc0)
1544 CASE_GET_REG32(pmjad2, 0xc4)
1545 CASE_GET_REG32(rbc, 0xc8)
1546 CASE_GET_REG32(ua, 0xcc)
1547 CASE_GET_REG32(ia, 0xd4)
1548 CASE_GET_REG32(sbc, 0xd8)
1549 CASE_GET_REG32(csbc, 0xdc)
1551 if (offset >= 0x5c && offset < 0xa0) {
1554 n = (offset - 0x58) >> 2;
1555 shift = (offset & 3) * 8;
1556 return (s->scratch[n] >> shift) & 0xff;
1558 BADF("readb 0x%x\n", offset);
1560 #undef CASE_GET_REG24
1561 #undef CASE_GET_REG32
1564 static void lsi_reg_writeb(LSIState *s, int offset, uint8_t val)
1566 #define CASE_SET_REG24(name, addr) \
1567 case addr : s->name &= 0xffffff00; s->name |= val; break; \
1568 case addr + 1: s->name &= 0xffff00ff; s->name |= val << 8; break; \
1569 case addr + 2: s->name &= 0xff00ffff; s->name |= val << 16; break;
1571 #define CASE_SET_REG32(name, addr) \
1572 case addr : s->name &= 0xffffff00; s->name |= val; break; \
1573 case addr + 1: s->name &= 0xffff00ff; s->name |= val << 8; break; \
1574 case addr + 2: s->name &= 0xff00ffff; s->name |= val << 16; break; \
1575 case addr + 3: s->name &= 0x00ffffff; s->name |= val << 24; break;
1577 #ifdef DEBUG_LSI_REG
1578 DPRINTF("Write reg %x = %02x\n", offset, val);
1581 case 0x00: /* SCNTL0 */
1583 if (val & LSI_SCNTL0_START) {
1584 BADF("Start sequence not implemented\n");
1587 case 0x01: /* SCNTL1 */
1588 s->scntl1 = val & ~LSI_SCNTL1_SST;
1589 if (val & LSI_SCNTL1_IARB) {
1590 BADF("Immediate Arbritration not implemented\n");
1592 if (val & LSI_SCNTL1_RST) {
1593 s->sstat0 |= LSI_SSTAT0_RST;
1594 lsi_script_scsi_interrupt(s, LSI_SIST0_RST, 0);
1596 s->sstat0 &= ~LSI_SSTAT0_RST;
1599 case 0x02: /* SCNTL2 */
1600 val &= ~(LSI_SCNTL2_WSR | LSI_SCNTL2_WSS);
1603 case 0x03: /* SCNTL3 */
1606 case 0x04: /* SCID */
1609 case 0x05: /* SXFER */
1612 case 0x06: /* SDID */
1613 if ((val & 0xf) != (s->ssid & 0xf))
1614 BADF("Destination ID does not match SSID\n");
1615 s->sdid = val & 0xf;
1617 case 0x07: /* GPREG0 */
1619 case 0x08: /* SFBR */
1620 /* The CPU is not allowed to write to this register. However the
1621 SCRIPTS register move instructions are. */
1624 case 0x0a: case 0x0b:
1625 /* Openserver writes to these readonly registers on startup */
1627 case 0x0c: case 0x0d: case 0x0e: case 0x0f:
1628 /* Linux writes to these readonly registers on startup. */
1630 CASE_SET_REG32(dsa, 0x10)
1631 case 0x14: /* ISTAT0 */
1632 s->istat0 = (s->istat0 & 0x0f) | (val & 0xf0);
1633 if (val & LSI_ISTAT0_ABRT) {
1634 lsi_script_dma_interrupt(s, LSI_DSTAT_ABRT);
1636 if (val & LSI_ISTAT0_INTF) {
1637 s->istat0 &= ~LSI_ISTAT0_INTF;
1640 if (s->waiting == 1 && val & LSI_ISTAT0_SIGP) {
1641 DPRINTF("Woken by SIGP\n");
1644 lsi_execute_script(s);
1646 if (val & LSI_ISTAT0_SRST) {
1650 case 0x16: /* MBOX0 */
1653 case 0x17: /* MBOX1 */
1656 case 0x1a: /* CTEST2 */
1657 s->ctest2 = val & LSI_CTEST2_PCICIE;
1659 case 0x1b: /* CTEST3 */
1660 s->ctest3 = val & 0x0f;
1662 CASE_SET_REG32(temp, 0x1c)
1663 case 0x21: /* CTEST4 */
1665 BADF("Unimplemented CTEST4-FBL 0x%x\n", val);
1669 case 0x22: /* CTEST5 */
1670 if (val & (LSI_CTEST5_ADCK | LSI_CTEST5_BBCK)) {
1671 BADF("CTEST5 DMA increment not implemented\n");
1675 CASE_SET_REG24(dbc, 0x24)
1676 CASE_SET_REG32(dnad, 0x28)
1677 case 0x2c: /* DSP[0:7] */
1678 s->dsp &= 0xffffff00;
1681 case 0x2d: /* DSP[8:15] */
1682 s->dsp &= 0xffff00ff;
1685 case 0x2e: /* DSP[16:23] */
1686 s->dsp &= 0xff00ffff;
1687 s->dsp |= val << 16;
1689 case 0x2f: /* DSP[24:31] */
1690 s->dsp &= 0x00ffffff;
1691 s->dsp |= val << 24;
1692 if ((s->dmode & LSI_DMODE_MAN) == 0
1693 && (s->istat1 & LSI_ISTAT1_SRUN) == 0)
1694 lsi_execute_script(s);
1696 CASE_SET_REG32(dsps, 0x30)
1697 CASE_SET_REG32(scratch[0], 0x34)
1698 case 0x38: /* DMODE */
1699 if (val & (LSI_DMODE_SIOM | LSI_DMODE_DIOM)) {
1700 BADF("IO mappings not implemented\n");
1704 case 0x39: /* DIEN */
1708 case 0x3a: /* SBR */
1711 case 0x3b: /* DCNTL */
1712 s->dcntl = val & ~(LSI_DCNTL_PFF | LSI_DCNTL_STD);
1713 if ((val & LSI_DCNTL_STD) && (s->istat1 & LSI_ISTAT1_SRUN) == 0)
1714 lsi_execute_script(s);
1716 case 0x40: /* SIEN0 */
1720 case 0x41: /* SIEN1 */
1724 case 0x47: /* GPCNTL0 */
1726 case 0x48: /* STIME0 */
1729 case 0x49: /* STIME1 */
1731 DPRINTF("General purpose timer not implemented\n");
1732 /* ??? Raising the interrupt immediately seems to be sufficient
1733 to keep the FreeBSD driver happy. */
1734 lsi_script_scsi_interrupt(s, 0, LSI_SIST1_GEN);
1737 case 0x4a: /* RESPID0 */
1740 case 0x4b: /* RESPID1 */
1743 case 0x4d: /* STEST1 */
1746 case 0x4e: /* STEST2 */
1748 BADF("Low level mode not implemented\n");
1752 case 0x4f: /* STEST3 */
1754 BADF("SCSI FIFO test mode not implemented\n");
1758 case 0x56: /* CCNTL0 */
1761 case 0x57: /* CCNTL1 */
1764 CASE_SET_REG32(mmrs, 0xa0)
1765 CASE_SET_REG32(mmws, 0xa4)
1766 CASE_SET_REG32(sfs, 0xa8)
1767 CASE_SET_REG32(drs, 0xac)
1768 CASE_SET_REG32(sbms, 0xb0)
1769 CASE_SET_REG32(dbms, 0xb4)
1770 CASE_SET_REG32(dnad64, 0xb8)
1771 CASE_SET_REG32(pmjad1, 0xc0)
1772 CASE_SET_REG32(pmjad2, 0xc4)
1773 CASE_SET_REG32(rbc, 0xc8)
1774 CASE_SET_REG32(ua, 0xcc)
1775 CASE_SET_REG32(ia, 0xd4)
1776 CASE_SET_REG32(sbc, 0xd8)
1777 CASE_SET_REG32(csbc, 0xdc)
1779 if (offset >= 0x5c && offset < 0xa0) {
1782 n = (offset - 0x58) >> 2;
1783 shift = (offset & 3) * 8;
1784 s->scratch[n] &= ~(0xff << shift);
1785 s->scratch[n] |= (val & 0xff) << shift;
1787 BADF("Unhandled writeb 0x%x = 0x%x\n", offset, val);
1790 #undef CASE_SET_REG24
1791 #undef CASE_SET_REG32
1794 static void lsi_mmio_writeb(void *opaque, target_phys_addr_t addr, uint32_t val)
1796 LSIState *s = opaque;
1798 lsi_reg_writeb(s, addr & 0xff, val);
1801 static void lsi_mmio_writew(void *opaque, target_phys_addr_t addr, uint32_t val)
1803 LSIState *s = opaque;
1806 lsi_reg_writeb(s, addr, val & 0xff);
1807 lsi_reg_writeb(s, addr + 1, (val >> 8) & 0xff);
1810 static void lsi_mmio_writel(void *opaque, target_phys_addr_t addr, uint32_t val)
1812 LSIState *s = opaque;
1815 lsi_reg_writeb(s, addr, val & 0xff);
1816 lsi_reg_writeb(s, addr + 1, (val >> 8) & 0xff);
1817 lsi_reg_writeb(s, addr + 2, (val >> 16) & 0xff);
1818 lsi_reg_writeb(s, addr + 3, (val >> 24) & 0xff);
1821 static uint32_t lsi_mmio_readb(void *opaque, target_phys_addr_t addr)
1823 LSIState *s = opaque;
1825 return lsi_reg_readb(s, addr & 0xff);
1828 static uint32_t lsi_mmio_readw(void *opaque, target_phys_addr_t addr)
1830 LSIState *s = opaque;
1834 val = lsi_reg_readb(s, addr);
1835 val |= lsi_reg_readb(s, addr + 1) << 8;
1839 static uint32_t lsi_mmio_readl(void *opaque, target_phys_addr_t addr)
1841 LSIState *s = opaque;
1844 val = lsi_reg_readb(s, addr);
1845 val |= lsi_reg_readb(s, addr + 1) << 8;
1846 val |= lsi_reg_readb(s, addr + 2) << 16;
1847 val |= lsi_reg_readb(s, addr + 3) << 24;
1851 static CPUReadMemoryFunc * const lsi_mmio_readfn[3] = {
1857 static CPUWriteMemoryFunc * const lsi_mmio_writefn[3] = {
1863 static void lsi_ram_writeb(void *opaque, target_phys_addr_t addr, uint32_t val)
1865 LSIState *s = opaque;
1870 newval = s->script_ram[addr >> 2];
1871 shift = (addr & 3) * 8;
1872 newval &= ~(0xff << shift);
1873 newval |= val << shift;
1874 s->script_ram[addr >> 2] = newval;
1877 static void lsi_ram_writew(void *opaque, target_phys_addr_t addr, uint32_t val)
1879 LSIState *s = opaque;
1883 newval = s->script_ram[addr >> 2];
1885 newval = (newval & 0xffff) | (val << 16);
1887 newval = (newval & 0xffff0000) | val;
1889 s->script_ram[addr >> 2] = newval;
1893 static void lsi_ram_writel(void *opaque, target_phys_addr_t addr, uint32_t val)
1895 LSIState *s = opaque;
1898 s->script_ram[addr >> 2] = val;
1901 static uint32_t lsi_ram_readb(void *opaque, target_phys_addr_t addr)
1903 LSIState *s = opaque;
1907 val = s->script_ram[addr >> 2];
1908 val >>= (addr & 3) * 8;
1912 static uint32_t lsi_ram_readw(void *opaque, target_phys_addr_t addr)
1914 LSIState *s = opaque;
1918 val = s->script_ram[addr >> 2];
1921 return le16_to_cpu(val);
1924 static uint32_t lsi_ram_readl(void *opaque, target_phys_addr_t addr)
1926 LSIState *s = opaque;
1929 return le32_to_cpu(s->script_ram[addr >> 2]);
1932 static CPUReadMemoryFunc * const lsi_ram_readfn[3] = {
1938 static CPUWriteMemoryFunc * const lsi_ram_writefn[3] = {
1944 static uint32_t lsi_io_readb(void *opaque, uint32_t addr)
1946 LSIState *s = opaque;
1947 return lsi_reg_readb(s, addr & 0xff);
1950 static uint32_t lsi_io_readw(void *opaque, uint32_t addr)
1952 LSIState *s = opaque;
1955 val = lsi_reg_readb(s, addr);
1956 val |= lsi_reg_readb(s, addr + 1) << 8;
1960 static uint32_t lsi_io_readl(void *opaque, uint32_t addr)
1962 LSIState *s = opaque;
1965 val = lsi_reg_readb(s, addr);
1966 val |= lsi_reg_readb(s, addr + 1) << 8;
1967 val |= lsi_reg_readb(s, addr + 2) << 16;
1968 val |= lsi_reg_readb(s, addr + 3) << 24;
1972 static void lsi_io_writeb(void *opaque, uint32_t addr, uint32_t val)
1974 LSIState *s = opaque;
1975 lsi_reg_writeb(s, addr & 0xff, val);
1978 static void lsi_io_writew(void *opaque, uint32_t addr, uint32_t val)
1980 LSIState *s = opaque;
1982 lsi_reg_writeb(s, addr, val & 0xff);
1983 lsi_reg_writeb(s, addr + 1, (val >> 8) & 0xff);
1986 static void lsi_io_writel(void *opaque, uint32_t addr, uint32_t val)
1988 LSIState *s = opaque;
1990 lsi_reg_writeb(s, addr, val & 0xff);
1991 lsi_reg_writeb(s, addr + 1, (val >> 8) & 0xff);
1992 lsi_reg_writeb(s, addr + 2, (val >> 16) & 0xff);
1993 lsi_reg_writeb(s, addr + 3, (val >> 24) & 0xff);
1996 static void lsi_io_mapfunc(PCIDevice *pci_dev, int region_num,
1997 pcibus_t addr, pcibus_t size, int type)
1999 LSIState *s = DO_UPCAST(LSIState, dev, pci_dev);
2001 DPRINTF("Mapping IO at %08"FMT_PCIBUS"\n", addr);
2003 register_ioport_write(addr, 256, 1, lsi_io_writeb, s);
2004 register_ioport_read(addr, 256, 1, lsi_io_readb, s);
2005 register_ioport_write(addr, 256, 2, lsi_io_writew, s);
2006 register_ioport_read(addr, 256, 2, lsi_io_readw, s);
2007 register_ioport_write(addr, 256, 4, lsi_io_writel, s);
2008 register_ioport_read(addr, 256, 4, lsi_io_readl, s);
2011 static void lsi_ram_mapfunc(PCIDevice *pci_dev, int region_num,
2012 pcibus_t addr, pcibus_t size, int type)
2014 LSIState *s = DO_UPCAST(LSIState, dev, pci_dev);
2016 DPRINTF("Mapping ram at %08"FMT_PCIBUS"\n", addr);
2017 s->script_ram_base = addr;
2018 cpu_register_physical_memory(addr + 0, 0x2000, s->ram_io_addr);
2021 static void lsi_mmio_mapfunc(PCIDevice *pci_dev, int region_num,
2022 pcibus_t addr, pcibus_t size, int type)
2024 LSIState *s = DO_UPCAST(LSIState, dev, pci_dev);
2026 DPRINTF("Mapping registers at %08"FMT_PCIBUS"\n", addr);
2027 cpu_register_physical_memory(addr + 0, 0x400, s->mmio_io_addr);
2030 static void lsi_scsi_reset(DeviceState *dev)
2032 LSIState *s = DO_UPCAST(LSIState, dev.qdev, dev);
2037 static void lsi_pre_save(void *opaque)
2039 LSIState *s = opaque;
2042 assert(s->current->dma_buf == NULL);
2043 assert(s->current->dma_len == 0);
2045 assert(QTAILQ_EMPTY(&s->queue));
2048 static const VMStateDescription vmstate_lsi_scsi = {
2051 .minimum_version_id = 0,
2052 .minimum_version_id_old = 0,
2053 .pre_save = lsi_pre_save,
2054 .fields = (VMStateField []) {
2055 VMSTATE_PCI_DEVICE(dev, LSIState),
2057 VMSTATE_INT32(carry, LSIState),
2058 VMSTATE_INT32(sense, LSIState),
2059 VMSTATE_INT32(msg_action, LSIState),
2060 VMSTATE_INT32(msg_len, LSIState),
2061 VMSTATE_BUFFER(msg, LSIState),
2062 VMSTATE_INT32(waiting, LSIState),
2064 VMSTATE_UINT32(dsa, LSIState),
2065 VMSTATE_UINT32(temp, LSIState),
2066 VMSTATE_UINT32(dnad, LSIState),
2067 VMSTATE_UINT32(dbc, LSIState),
2068 VMSTATE_UINT8(istat0, LSIState),
2069 VMSTATE_UINT8(istat1, LSIState),
2070 VMSTATE_UINT8(dcmd, LSIState),
2071 VMSTATE_UINT8(dstat, LSIState),
2072 VMSTATE_UINT8(dien, LSIState),
2073 VMSTATE_UINT8(sist0, LSIState),
2074 VMSTATE_UINT8(sist1, LSIState),
2075 VMSTATE_UINT8(sien0, LSIState),
2076 VMSTATE_UINT8(sien1, LSIState),
2077 VMSTATE_UINT8(mbox0, LSIState),
2078 VMSTATE_UINT8(mbox1, LSIState),
2079 VMSTATE_UINT8(dfifo, LSIState),
2080 VMSTATE_UINT8(ctest2, LSIState),
2081 VMSTATE_UINT8(ctest3, LSIState),
2082 VMSTATE_UINT8(ctest4, LSIState),
2083 VMSTATE_UINT8(ctest5, LSIState),
2084 VMSTATE_UINT8(ccntl0, LSIState),
2085 VMSTATE_UINT8(ccntl1, LSIState),
2086 VMSTATE_UINT32(dsp, LSIState),
2087 VMSTATE_UINT32(dsps, LSIState),
2088 VMSTATE_UINT8(dmode, LSIState),
2089 VMSTATE_UINT8(dcntl, LSIState),
2090 VMSTATE_UINT8(scntl0, LSIState),
2091 VMSTATE_UINT8(scntl1, LSIState),
2092 VMSTATE_UINT8(scntl2, LSIState),
2093 VMSTATE_UINT8(scntl3, LSIState),
2094 VMSTATE_UINT8(sstat0, LSIState),
2095 VMSTATE_UINT8(sstat1, LSIState),
2096 VMSTATE_UINT8(scid, LSIState),
2097 VMSTATE_UINT8(sxfer, LSIState),
2098 VMSTATE_UINT8(socl, LSIState),
2099 VMSTATE_UINT8(sdid, LSIState),
2100 VMSTATE_UINT8(ssid, LSIState),
2101 VMSTATE_UINT8(sfbr, LSIState),
2102 VMSTATE_UINT8(stest1, LSIState),
2103 VMSTATE_UINT8(stest2, LSIState),
2104 VMSTATE_UINT8(stest3, LSIState),
2105 VMSTATE_UINT8(sidl, LSIState),
2106 VMSTATE_UINT8(stime0, LSIState),
2107 VMSTATE_UINT8(respid0, LSIState),
2108 VMSTATE_UINT8(respid1, LSIState),
2109 VMSTATE_UINT32(mmrs, LSIState),
2110 VMSTATE_UINT32(mmws, LSIState),
2111 VMSTATE_UINT32(sfs, LSIState),
2112 VMSTATE_UINT32(drs, LSIState),
2113 VMSTATE_UINT32(sbms, LSIState),
2114 VMSTATE_UINT32(dbms, LSIState),
2115 VMSTATE_UINT32(dnad64, LSIState),
2116 VMSTATE_UINT32(pmjad1, LSIState),
2117 VMSTATE_UINT32(pmjad2, LSIState),
2118 VMSTATE_UINT32(rbc, LSIState),
2119 VMSTATE_UINT32(ua, LSIState),
2120 VMSTATE_UINT32(ia, LSIState),
2121 VMSTATE_UINT32(sbc, LSIState),
2122 VMSTATE_UINT32(csbc, LSIState),
2123 VMSTATE_BUFFER_UNSAFE(scratch, LSIState, 0, 18 * sizeof(uint32_t)),
2124 VMSTATE_UINT8(sbr, LSIState),
2126 VMSTATE_BUFFER_UNSAFE(script_ram, LSIState, 0, 2048 * sizeof(uint32_t)),
2127 VMSTATE_END_OF_LIST()
2131 static int lsi_scsi_uninit(PCIDevice *d)
2133 LSIState *s = DO_UPCAST(LSIState, dev, d);
2135 cpu_unregister_io_memory(s->mmio_io_addr);
2136 cpu_unregister_io_memory(s->ram_io_addr);
2141 static int lsi_scsi_init(PCIDevice *dev)
2143 LSIState *s = DO_UPCAST(LSIState, dev, dev);
2146 pci_conf = s->dev.config;
2148 /* PCI Vendor ID (word) */
2149 pci_config_set_vendor_id(pci_conf, PCI_VENDOR_ID_LSI_LOGIC);
2150 /* PCI device ID (word) */
2151 pci_config_set_device_id(pci_conf, PCI_DEVICE_ID_LSI_53C895A);
2152 /* PCI base class code */
2153 pci_config_set_class(pci_conf, PCI_CLASS_STORAGE_SCSI);
2154 /* PCI subsystem ID */
2155 pci_conf[PCI_SUBSYSTEM_ID] = 0x00;
2156 pci_conf[PCI_SUBSYSTEM_ID + 1] = 0x10;
2157 /* PCI latency timer = 255 */
2158 pci_conf[PCI_LATENCY_TIMER] = 0xff;
2159 /* TODO: RST# value should be 0 */
2160 /* Interrupt pin 1 */
2161 pci_conf[PCI_INTERRUPT_PIN] = 0x01;
2163 s->mmio_io_addr = cpu_register_io_memory(lsi_mmio_readfn,
2164 lsi_mmio_writefn, s);
2165 s->ram_io_addr = cpu_register_io_memory(lsi_ram_readfn,
2166 lsi_ram_writefn, s);
2168 /* TODO: use dev and get rid of cast below */
2169 pci_register_bar((struct PCIDevice *)s, 0, 256,
2170 PCI_BASE_ADDRESS_SPACE_IO, lsi_io_mapfunc);
2171 pci_register_bar((struct PCIDevice *)s, 1, 0x400,
2172 PCI_BASE_ADDRESS_SPACE_MEMORY, lsi_mmio_mapfunc);
2173 pci_register_bar((struct PCIDevice *)s, 2, 0x2000,
2174 PCI_BASE_ADDRESS_SPACE_MEMORY, lsi_ram_mapfunc);
2175 QTAILQ_INIT(&s->queue);
2177 scsi_bus_new(&s->bus, &dev->qdev, 1, LSI_MAX_DEVS, lsi_command_complete);
2178 if (!dev->qdev.hotplugged) {
2179 scsi_bus_legacy_handle_cmdline(&s->bus);
2184 static PCIDeviceInfo lsi_info = {
2185 .qdev.name = "lsi53c895a",
2186 .qdev.alias = "lsi",
2187 .qdev.size = sizeof(LSIState),
2188 .qdev.reset = lsi_scsi_reset,
2189 .qdev.vmsd = &vmstate_lsi_scsi,
2190 .init = lsi_scsi_init,
2191 .exit = lsi_scsi_uninit,
2194 static void lsi53c895a_register_devices(void)
2196 pci_qdev_register(&lsi_info);
2199 device_init(lsi53c895a_register_devices);
projects / qemu.git / blob