2 * QEMU LSI53C895A SCSI Host Bus Adapter emulation
4 * Copyright (c) 2006 CodeSourcery.
5 * Written by Paul Brook
7 * This code is licensed under the LGPL.
11 * LSI53C810 emulation is incorrect, in the sense that it supports
12 * features added in later evolutions. This should not be a problem,
13 * as well-behaved operating systems will not try to use them.
16 #include "qemu/osdep.h"
19 #include "hw/pci/pci.h"
20 #include "hw/scsi/scsi.h"
21 #include "sysemu/dma.h"
25 //#define DEBUG_LSI_REG
28 #define DPRINTF(fmt, ...) \
29 do { printf("lsi_scsi: " fmt , ## __VA_ARGS__); } while (0)
30 #define BADF(fmt, ...) \
31 do { fprintf(stderr, "lsi_scsi: error: " fmt , ## __VA_ARGS__); exit(1);} while (0)
33 #define DPRINTF(fmt, ...) do {} while(0)
34 #define BADF(fmt, ...) \
35 do { fprintf(stderr, "lsi_scsi: error: " fmt , ## __VA_ARGS__);} while (0)
38 static const char *names[] = {
39 "SCNTL0", "SCNTL1", "SCNTL2", "SCNTL3", "SCID", "SXFER", "SDID", "GPREG",
40 "SFBR", "SOCL", "SSID", "SBCL", "DSTAT", "SSTAT0", "SSTAT1", "SSTAT2",
41 "DSA0", "DSA1", "DSA2", "DSA3", "ISTAT", "0x15", "0x16", "0x17",
42 "CTEST0", "CTEST1", "CTEST2", "CTEST3", "TEMP0", "TEMP1", "TEMP2", "TEMP3",
43 "DFIFO", "CTEST4", "CTEST5", "CTEST6", "DBC0", "DBC1", "DBC2", "DCMD",
44 "DNAD0", "DNAD1", "DNAD2", "DNAD3", "DSP0", "DSP1", "DSP2", "DSP3",
45 "DSPS0", "DSPS1", "DSPS2", "DSPS3", "SCRATCHA0", "SCRATCHA1", "SCRATCHA2", "SCRATCHA3",
46 "DMODE", "DIEN", "SBR", "DCNTL", "ADDER0", "ADDER1", "ADDER2", "ADDER3",
47 "SIEN0", "SIEN1", "SIST0", "SIST1", "SLPAR", "0x45", "MACNTL", "GPCNTL",
48 "STIME0", "STIME1", "RESPID", "0x4b", "STEST0", "STEST1", "STEST2", "STEST3",
49 "SIDL", "0x51", "0x52", "0x53", "SODL", "0x55", "0x56", "0x57",
50 "SBDL", "0x59", "0x5a", "0x5b", "SCRATCHB0", "SCRATCHB1", "SCRATCHB2", "SCRATCHB3",
53 #define LSI_MAX_DEVS 7
55 #define LSI_SCNTL0_TRG 0x01
56 #define LSI_SCNTL0_AAP 0x02
57 #define LSI_SCNTL0_EPC 0x08
58 #define LSI_SCNTL0_WATN 0x10
59 #define LSI_SCNTL0_START 0x20
61 #define LSI_SCNTL1_SST 0x01
62 #define LSI_SCNTL1_IARB 0x02
63 #define LSI_SCNTL1_AESP 0x04
64 #define LSI_SCNTL1_RST 0x08
65 #define LSI_SCNTL1_CON 0x10
66 #define LSI_SCNTL1_DHP 0x20
67 #define LSI_SCNTL1_ADB 0x40
68 #define LSI_SCNTL1_EXC 0x80
70 #define LSI_SCNTL2_WSR 0x01
71 #define LSI_SCNTL2_VUE0 0x02
72 #define LSI_SCNTL2_VUE1 0x04
73 #define LSI_SCNTL2_WSS 0x08
74 #define LSI_SCNTL2_SLPHBEN 0x10
75 #define LSI_SCNTL2_SLPMD 0x20
76 #define LSI_SCNTL2_CHM 0x40
77 #define LSI_SCNTL2_SDU 0x80
79 #define LSI_ISTAT0_DIP 0x01
80 #define LSI_ISTAT0_SIP 0x02
81 #define LSI_ISTAT0_INTF 0x04
82 #define LSI_ISTAT0_CON 0x08
83 #define LSI_ISTAT0_SEM 0x10
84 #define LSI_ISTAT0_SIGP 0x20
85 #define LSI_ISTAT0_SRST 0x40
86 #define LSI_ISTAT0_ABRT 0x80
88 #define LSI_ISTAT1_SI 0x01
89 #define LSI_ISTAT1_SRUN 0x02
90 #define LSI_ISTAT1_FLSH 0x04
92 #define LSI_SSTAT0_SDP0 0x01
93 #define LSI_SSTAT0_RST 0x02
94 #define LSI_SSTAT0_WOA 0x04
95 #define LSI_SSTAT0_LOA 0x08
96 #define LSI_SSTAT0_AIP 0x10
97 #define LSI_SSTAT0_OLF 0x20
98 #define LSI_SSTAT0_ORF 0x40
99 #define LSI_SSTAT0_ILF 0x80
101 #define LSI_SIST0_PAR 0x01
102 #define LSI_SIST0_RST 0x02
103 #define LSI_SIST0_UDC 0x04
104 #define LSI_SIST0_SGE 0x08
105 #define LSI_SIST0_RSL 0x10
106 #define LSI_SIST0_SEL 0x20
107 #define LSI_SIST0_CMP 0x40
108 #define LSI_SIST0_MA 0x80
110 #define LSI_SIST1_HTH 0x01
111 #define LSI_SIST1_GEN 0x02
112 #define LSI_SIST1_STO 0x04
113 #define LSI_SIST1_SBMC 0x10
115 #define LSI_SOCL_IO 0x01
116 #define LSI_SOCL_CD 0x02
117 #define LSI_SOCL_MSG 0x04
118 #define LSI_SOCL_ATN 0x08
119 #define LSI_SOCL_SEL 0x10
120 #define LSI_SOCL_BSY 0x20
121 #define LSI_SOCL_ACK 0x40
122 #define LSI_SOCL_REQ 0x80
124 #define LSI_DSTAT_IID 0x01
125 #define LSI_DSTAT_SIR 0x04
126 #define LSI_DSTAT_SSI 0x08
127 #define LSI_DSTAT_ABRT 0x10
128 #define LSI_DSTAT_BF 0x20
129 #define LSI_DSTAT_MDPE 0x40
130 #define LSI_DSTAT_DFE 0x80
132 #define LSI_DCNTL_COM 0x01
133 #define LSI_DCNTL_IRQD 0x02
134 #define LSI_DCNTL_STD 0x04
135 #define LSI_DCNTL_IRQM 0x08
136 #define LSI_DCNTL_SSM 0x10
137 #define LSI_DCNTL_PFEN 0x20
138 #define LSI_DCNTL_PFF 0x40
139 #define LSI_DCNTL_CLSE 0x80
141 #define LSI_DMODE_MAN 0x01
142 #define LSI_DMODE_BOF 0x02
143 #define LSI_DMODE_ERMP 0x04
144 #define LSI_DMODE_ERL 0x08
145 #define LSI_DMODE_DIOM 0x10
146 #define LSI_DMODE_SIOM 0x20
148 #define LSI_CTEST2_DACK 0x01
149 #define LSI_CTEST2_DREQ 0x02
150 #define LSI_CTEST2_TEOP 0x04
151 #define LSI_CTEST2_PCICIE 0x08
152 #define LSI_CTEST2_CM 0x10
153 #define LSI_CTEST2_CIO 0x20
154 #define LSI_CTEST2_SIGP 0x40
155 #define LSI_CTEST2_DDIR 0x80
157 #define LSI_CTEST5_BL2 0x04
158 #define LSI_CTEST5_DDIR 0x08
159 #define LSI_CTEST5_MASR 0x10
160 #define LSI_CTEST5_DFSN 0x20
161 #define LSI_CTEST5_BBCK 0x40
162 #define LSI_CTEST5_ADCK 0x80
164 #define LSI_CCNTL0_DILS 0x01
165 #define LSI_CCNTL0_DISFC 0x10
166 #define LSI_CCNTL0_ENNDJ 0x20
167 #define LSI_CCNTL0_PMJCTL 0x40
168 #define LSI_CCNTL0_ENPMJ 0x80
170 #define LSI_CCNTL1_EN64DBMV 0x01
171 #define LSI_CCNTL1_EN64TIBMV 0x02
172 #define LSI_CCNTL1_64TIMOD 0x04
173 #define LSI_CCNTL1_DDAC 0x08
174 #define LSI_CCNTL1_ZMOD 0x80
176 /* Enable Response to Reselection */
177 #define LSI_SCID_RRE 0x60
179 #define LSI_CCNTL1_40BIT (LSI_CCNTL1_EN64TIBMV|LSI_CCNTL1_64TIMOD)
189 /* Maximum length of MSG IN data. */
190 #define LSI_MAX_MSGIN_LEN 8
192 /* Flag set if this is a tagged command. */
193 #define LSI_TAG_VALID (1 << 16)
195 typedef struct lsi_request {
202 QTAILQ_ENTRY(lsi_request) next;
207 PCIDevice parent_obj;
211 MemoryRegion mmio_io;
214 AddressSpace pci_io_as;
216 int carry; /* ??? Should this be an a visible register somewhere? */
218 /* Action to take at the end of a MSG IN phase.
219 0 = COMMAND, 1 = disconnect, 2 = DATA OUT, 3 = DATA IN. */
222 uint8_t msg[LSI_MAX_MSGIN_LEN];
223 /* 0 if SCRIPTS are running or stopped.
224 * 1 if a Wait Reselect instruction has been issued.
225 * 2 if processing DMA from lsi_execute_script.
226 * 3 if a DMA operation is in progress. */
230 /* The tag is a combination of the device ID and the SCSI tag. */
232 int command_complete;
233 QTAILQ_HEAD(, lsi_request) queue;
234 lsi_request *current;
295 uint32_t scratch[18]; /* SCRATCHA-SCRATCHR */
299 /* Script ram is stored as 32-bit words in host byteorder. */
300 uint32_t script_ram[2048];
303 #define TYPE_LSI53C810 "lsi53c810"
304 #define TYPE_LSI53C895A "lsi53c895a"
306 #define LSI53C895A(obj) \
307 OBJECT_CHECK(LSIState, (obj), TYPE_LSI53C895A)
309 static inline int lsi_irq_on_rsl(LSIState *s)
311 return (s->sien0 & LSI_SIST0_RSL) && (s->scid & LSI_SCID_RRE);
314 static void lsi_soft_reset(LSIState *s)
326 memset(s->scratch, 0, sizeof(s->scratch));
339 s->ctest2 = LSI_CTEST2_DACK;
382 assert(QTAILQ_EMPTY(&s->queue));
386 static int lsi_dma_40bit(LSIState *s)
388 if ((s->ccntl1 & LSI_CCNTL1_40BIT) == LSI_CCNTL1_40BIT)
393 static int lsi_dma_ti64bit(LSIState *s)
395 if ((s->ccntl1 & LSI_CCNTL1_EN64TIBMV) == LSI_CCNTL1_EN64TIBMV)
400 static int lsi_dma_64bit(LSIState *s)
402 if ((s->ccntl1 & LSI_CCNTL1_EN64DBMV) == LSI_CCNTL1_EN64DBMV)
407 static uint8_t lsi_reg_readb(LSIState *s, int offset);
408 static void lsi_reg_writeb(LSIState *s, int offset, uint8_t val);
409 static void lsi_execute_script(LSIState *s);
410 static void lsi_reselect(LSIState *s, lsi_request *p);
412 static inline void lsi_mem_read(LSIState *s, dma_addr_t addr,
413 void *buf, dma_addr_t len)
415 if (s->dmode & LSI_DMODE_SIOM) {
416 address_space_read(&s->pci_io_as, addr, MEMTXATTRS_UNSPECIFIED,
419 pci_dma_read(PCI_DEVICE(s), addr, buf, len);
423 static inline void lsi_mem_write(LSIState *s, dma_addr_t addr,
424 const void *buf, dma_addr_t len)
426 if (s->dmode & LSI_DMODE_DIOM) {
427 address_space_write(&s->pci_io_as, addr, MEMTXATTRS_UNSPECIFIED,
430 pci_dma_write(PCI_DEVICE(s), addr, buf, len);
434 static inline uint32_t read_dword(LSIState *s, uint32_t addr)
438 pci_dma_read(PCI_DEVICE(s), addr, &buf, 4);
439 return cpu_to_le32(buf);
442 static void lsi_stop_script(LSIState *s)
444 s->istat1 &= ~LSI_ISTAT1_SRUN;
447 static void lsi_set_irq(LSIState *s, int level)
449 PCIDevice *d = PCI_DEVICE(s);
452 qemu_set_irq(s->ext_irq, level);
454 pci_set_irq(d, level);
458 static void lsi_update_irq(LSIState *s)
461 static int last_level;
464 /* It's unclear whether the DIP/SIP bits should be cleared when the
465 Interrupt Status Registers are cleared or when istat0 is read.
466 We currently do the formwer, which seems to work. */
469 if (s->dstat & s->dien)
471 s->istat0 |= LSI_ISTAT0_DIP;
473 s->istat0 &= ~LSI_ISTAT0_DIP;
476 if (s->sist0 || s->sist1) {
477 if ((s->sist0 & s->sien0) || (s->sist1 & s->sien1))
479 s->istat0 |= LSI_ISTAT0_SIP;
481 s->istat0 &= ~LSI_ISTAT0_SIP;
483 if (s->istat0 & LSI_ISTAT0_INTF)
486 if (level != last_level) {
487 DPRINTF("Update IRQ level %d dstat %02x sist %02x%02x\n",
488 level, s->dstat, s->sist1, s->sist0);
491 lsi_set_irq(s, level);
493 if (!level && lsi_irq_on_rsl(s) && !(s->scntl1 & LSI_SCNTL1_CON)) {
494 DPRINTF("Handled IRQs & disconnected, looking for pending "
496 QTAILQ_FOREACH(p, &s->queue, next) {
505 /* Stop SCRIPTS execution and raise a SCSI interrupt. */
506 static void lsi_script_scsi_interrupt(LSIState *s, int stat0, int stat1)
511 DPRINTF("SCSI Interrupt 0x%02x%02x prev 0x%02x%02x\n",
512 stat1, stat0, s->sist1, s->sist0);
515 /* Stop processor on fatal or unmasked interrupt. As a special hack
516 we don't stop processing when raising STO. Instead continue
517 execution and stop at the next insn that accesses the SCSI bus. */
518 mask0 = s->sien0 | ~(LSI_SIST0_CMP | LSI_SIST0_SEL | LSI_SIST0_RSL);
519 mask1 = s->sien1 | ~(LSI_SIST1_GEN | LSI_SIST1_HTH);
520 mask1 &= ~LSI_SIST1_STO;
521 if (s->sist0 & mask0 || s->sist1 & mask1) {
527 /* Stop SCRIPTS execution and raise a DMA interrupt. */
528 static void lsi_script_dma_interrupt(LSIState *s, int stat)
530 DPRINTF("DMA Interrupt 0x%x prev 0x%x\n", stat, s->dstat);
536 static inline void lsi_set_phase(LSIState *s, int phase)
538 s->sstat1 = (s->sstat1 & ~PHASE_MASK) | phase;
541 static void lsi_bad_phase(LSIState *s, int out, int new_phase)
543 /* Trigger a phase mismatch. */
544 if (s->ccntl0 & LSI_CCNTL0_ENPMJ) {
545 if ((s->ccntl0 & LSI_CCNTL0_PMJCTL)) {
546 s->dsp = out ? s->pmjad1 : s->pmjad2;
548 s->dsp = (s->scntl2 & LSI_SCNTL2_WSR ? s->pmjad2 : s->pmjad1);
550 DPRINTF("Data phase mismatch jump to %08x\n", s->dsp);
552 DPRINTF("Phase mismatch interrupt\n");
553 lsi_script_scsi_interrupt(s, LSI_SIST0_MA, 0);
556 lsi_set_phase(s, new_phase);
560 /* Resume SCRIPTS execution after a DMA operation. */
561 static void lsi_resume_script(LSIState *s)
563 if (s->waiting != 2) {
565 lsi_execute_script(s);
571 static void lsi_disconnect(LSIState *s)
573 s->scntl1 &= ~LSI_SCNTL1_CON;
574 s->sstat1 &= ~PHASE_MASK;
577 static void lsi_bad_selection(LSIState *s, uint32_t id)
579 DPRINTF("Selected absent target %d\n", id);
580 lsi_script_scsi_interrupt(s, 0, LSI_SIST1_STO);
584 /* Initiate a SCSI layer data transfer. */
585 static void lsi_do_dma(LSIState *s, int out)
592 if (!s->current->dma_len) {
593 /* Wait until data is available. */
594 DPRINTF("DMA no data available\n");
598 dev = s->current->req->dev;
602 if (count > s->current->dma_len)
603 count = s->current->dma_len;
606 /* both 40 and Table Indirect 64-bit DMAs store upper bits in dnad64 */
607 if (lsi_dma_40bit(s) || lsi_dma_ti64bit(s))
608 addr |= ((uint64_t)s->dnad64 << 32);
610 addr |= ((uint64_t)s->dbms << 32);
612 addr |= ((uint64_t)s->sbms << 32);
614 DPRINTF("DMA addr=0x" DMA_ADDR_FMT " len=%d\n", addr, count);
618 if (s->current->dma_buf == NULL) {
619 s->current->dma_buf = scsi_req_get_buf(s->current->req);
621 /* ??? Set SFBR to first data byte. */
623 lsi_mem_read(s, addr, s->current->dma_buf, count);
625 lsi_mem_write(s, addr, s->current->dma_buf, count);
627 s->current->dma_len -= count;
628 if (s->current->dma_len == 0) {
629 s->current->dma_buf = NULL;
630 scsi_req_continue(s->current->req);
632 s->current->dma_buf += count;
633 lsi_resume_script(s);
638 /* Add a command to the queue. */
639 static void lsi_queue_command(LSIState *s)
641 lsi_request *p = s->current;
643 DPRINTF("Queueing tag=0x%x\n", p->tag);
644 assert(s->current != NULL);
645 assert(s->current->dma_len == 0);
646 QTAILQ_INSERT_TAIL(&s->queue, s->current, next);
650 p->out = (s->sstat1 & PHASE_MASK) == PHASE_DO;
653 /* Queue a byte for a MSG IN phase. */
654 static void lsi_add_msg_byte(LSIState *s, uint8_t data)
656 if (s->msg_len >= LSI_MAX_MSGIN_LEN) {
657 BADF("MSG IN data too long\n");
659 DPRINTF("MSG IN 0x%02x\n", data);
660 s->msg[s->msg_len++] = data;
664 /* Perform reselection to continue a command. */
665 static void lsi_reselect(LSIState *s, lsi_request *p)
669 assert(s->current == NULL);
670 QTAILQ_REMOVE(&s->queue, p, next);
673 id = (p->tag >> 8) & 0xf;
675 /* LSI53C700 Family Compatibility, see LSI53C895A 4-73 */
676 if (!(s->dcntl & LSI_DCNTL_COM)) {
677 s->sfbr = 1 << (id & 0x7);
679 DPRINTF("Reselected target %d\n", id);
680 s->scntl1 |= LSI_SCNTL1_CON;
681 lsi_set_phase(s, PHASE_MI);
682 s->msg_action = p->out ? 2 : 3;
683 s->current->dma_len = p->pending;
684 lsi_add_msg_byte(s, 0x80);
685 if (s->current->tag & LSI_TAG_VALID) {
686 lsi_add_msg_byte(s, 0x20);
687 lsi_add_msg_byte(s, p->tag & 0xff);
690 if (lsi_irq_on_rsl(s)) {
691 lsi_script_scsi_interrupt(s, LSI_SIST0_RSL, 0);
695 static lsi_request *lsi_find_by_tag(LSIState *s, uint32_t tag)
699 QTAILQ_FOREACH(p, &s->queue, next) {
708 static void lsi_request_free(LSIState *s, lsi_request *p)
710 if (p == s->current) {
713 QTAILQ_REMOVE(&s->queue, p, next);
718 static void lsi_request_cancelled(SCSIRequest *req)
720 LSIState *s = LSI53C895A(req->bus->qbus.parent);
721 lsi_request *p = req->hba_private;
723 req->hba_private = NULL;
724 lsi_request_free(s, p);
728 /* Record that data is available for a queued command. Returns zero if
729 the device was reselected, nonzero if the IO is deferred. */
730 static int lsi_queue_req(LSIState *s, SCSIRequest *req, uint32_t len)
732 lsi_request *p = req->hba_private;
735 BADF("Multiple IO pending for request %p\n", p);
738 /* Reselect if waiting for it, or if reselection triggers an IRQ
740 Since no interrupt stacking is implemented in the emulation, it
741 is also required that there are no pending interrupts waiting
742 for service from the device driver. */
743 if (s->waiting == 1 ||
744 (lsi_irq_on_rsl(s) && !(s->scntl1 & LSI_SCNTL1_CON) &&
745 !(s->istat0 & (LSI_ISTAT0_SIP | LSI_ISTAT0_DIP)))) {
746 /* Reselect device. */
750 DPRINTF("Queueing IO tag=0x%x\n", p->tag);
756 /* Callback to indicate that the SCSI layer has completed a command. */
757 static void lsi_command_complete(SCSIRequest *req, uint32_t status, size_t resid)
759 LSIState *s = LSI53C895A(req->bus->qbus.parent);
762 out = (s->sstat1 & PHASE_MASK) == PHASE_DO;
763 DPRINTF("Command complete status=%d\n", (int)status);
765 s->command_complete = 2;
766 if (s->waiting && s->dbc != 0) {
767 /* Raise phase mismatch for short transfers. */
768 lsi_bad_phase(s, out, PHASE_ST);
770 lsi_set_phase(s, PHASE_ST);
773 if (req->hba_private == s->current) {
774 req->hba_private = NULL;
775 lsi_request_free(s, s->current);
778 lsi_resume_script(s);
781 /* Callback to indicate that the SCSI layer has completed a transfer. */
782 static void lsi_transfer_data(SCSIRequest *req, uint32_t len)
784 LSIState *s = LSI53C895A(req->bus->qbus.parent);
787 assert(req->hba_private);
788 if (s->waiting == 1 || req->hba_private != s->current ||
789 (lsi_irq_on_rsl(s) && !(s->scntl1 & LSI_SCNTL1_CON))) {
790 if (lsi_queue_req(s, req, len)) {
795 out = (s->sstat1 & PHASE_MASK) == PHASE_DO;
797 /* host adapter (re)connected */
798 DPRINTF("Data ready tag=0x%x len=%d\n", req->tag, len);
799 s->current->dma_len = len;
800 s->command_complete = 1;
802 if (s->waiting == 1 || s->dbc == 0) {
803 lsi_resume_script(s);
810 static void lsi_do_command(LSIState *s)
817 DPRINTF("Send command len=%d\n", s->dbc);
820 pci_dma_read(PCI_DEVICE(s), s->dnad, buf, s->dbc);
822 s->command_complete = 0;
824 id = (s->select_tag >> 8) & 0xf;
825 dev = scsi_device_find(&s->bus, 0, id, s->current_lun);
827 lsi_bad_selection(s, id);
831 assert(s->current == NULL);
832 s->current = g_new0(lsi_request, 1);
833 s->current->tag = s->select_tag;
834 s->current->req = scsi_req_new(dev, s->current->tag, s->current_lun, buf,
837 n = scsi_req_enqueue(s->current->req);
840 lsi_set_phase(s, PHASE_DI);
842 lsi_set_phase(s, PHASE_DO);
844 scsi_req_continue(s->current->req);
846 if (!s->command_complete) {
848 /* Command did not complete immediately so disconnect. */
849 lsi_add_msg_byte(s, 2); /* SAVE DATA POINTER */
850 lsi_add_msg_byte(s, 4); /* DISCONNECT */
852 lsi_set_phase(s, PHASE_MI);
854 lsi_queue_command(s);
856 /* wait command complete */
857 lsi_set_phase(s, PHASE_DI);
862 static void lsi_do_status(LSIState *s)
865 DPRINTF("Get status len=%d status=%d\n", s->dbc, s->status);
867 BADF("Bad Status move\n");
871 pci_dma_write(PCI_DEVICE(s), s->dnad, &status, 1);
872 lsi_set_phase(s, PHASE_MI);
874 lsi_add_msg_byte(s, 0); /* COMMAND COMPLETE */
877 static void lsi_do_msgin(LSIState *s)
880 DPRINTF("Message in len=%d/%d\n", s->dbc, s->msg_len);
885 pci_dma_write(PCI_DEVICE(s), s->dnad, s->msg, len);
886 /* Linux drivers rely on the last byte being in the SIDL. */
887 s->sidl = s->msg[len - 1];
890 memmove(s->msg, s->msg + len, s->msg_len);
892 /* ??? Check if ATN (not yet implemented) is asserted and maybe
893 switch to PHASE_MO. */
894 switch (s->msg_action) {
896 lsi_set_phase(s, PHASE_CMD);
902 lsi_set_phase(s, PHASE_DO);
905 lsi_set_phase(s, PHASE_DI);
913 /* Read the next byte during a MSGOUT phase. */
914 static uint8_t lsi_get_msgbyte(LSIState *s)
917 pci_dma_read(PCI_DEVICE(s), s->dnad, &data, 1);
923 /* Skip the next n bytes during a MSGOUT phase. */
924 static void lsi_skip_msgbytes(LSIState *s, unsigned int n)
930 static void lsi_do_msgout(LSIState *s)
934 uint32_t current_tag;
935 lsi_request *current_req, *p, *p_next;
938 current_tag = s->current->tag;
939 current_req = s->current;
941 current_tag = s->select_tag;
942 current_req = lsi_find_by_tag(s, current_tag);
945 DPRINTF("MSG out len=%d\n", s->dbc);
947 msg = lsi_get_msgbyte(s);
952 DPRINTF("MSG: Disconnect\n");
956 DPRINTF("MSG: No Operation\n");
957 lsi_set_phase(s, PHASE_CMD);
960 len = lsi_get_msgbyte(s);
961 msg = lsi_get_msgbyte(s);
962 (void)len; /* avoid a warning about unused variable*/
963 DPRINTF("Extended message 0x%x (len %d)\n", msg, len);
966 DPRINTF("SDTR (ignored)\n");
967 lsi_skip_msgbytes(s, 2);
970 DPRINTF("WDTR (ignored)\n");
971 lsi_skip_msgbytes(s, 1);
974 DPRINTF("PPR (ignored)\n");
975 lsi_skip_msgbytes(s, 5);
981 case 0x20: /* SIMPLE queue */
982 s->select_tag |= lsi_get_msgbyte(s) | LSI_TAG_VALID;
983 DPRINTF("SIMPLE queue tag=0x%x\n", s->select_tag & 0xff);
985 case 0x21: /* HEAD of queue */
986 BADF("HEAD queue not implemented\n");
987 s->select_tag |= lsi_get_msgbyte(s) | LSI_TAG_VALID;
989 case 0x22: /* ORDERED queue */
990 BADF("ORDERED queue not implemented\n");
991 s->select_tag |= lsi_get_msgbyte(s) | LSI_TAG_VALID;
994 /* The ABORT TAG message clears the current I/O process only. */
995 DPRINTF("MSG: ABORT TAG tag=0x%x\n", current_tag);
997 scsi_req_cancel(current_req->req);
1004 /* The ABORT message clears all I/O processes for the selecting
1005 initiator on the specified logical unit of the target. */
1007 DPRINTF("MSG: ABORT tag=0x%x\n", current_tag);
1009 /* The CLEAR QUEUE message clears all I/O processes for all
1010 initiators on the specified logical unit of the target. */
1012 DPRINTF("MSG: CLEAR QUEUE tag=0x%x\n", current_tag);
1014 /* The BUS DEVICE RESET message clears all I/O processes for all
1015 initiators on all logical units of the target. */
1017 DPRINTF("MSG: BUS DEVICE RESET tag=0x%x\n", current_tag);
1020 /* clear the current I/O process */
1022 scsi_req_cancel(s->current->req);
1025 /* As the current implemented devices scsi_disk and scsi_generic
1026 only support one LUN, we don't need to keep track of LUNs.
1027 Clearing I/O processes for other initiators could be possible
1028 for scsi_generic by sending a SG_SCSI_RESET to the /dev/sgX
1029 device, but this is currently not implemented (and seems not
1030 to be really necessary). So let's simply clear all queued
1031 commands for the current device: */
1032 QTAILQ_FOREACH_SAFE(p, &s->queue, next, p_next) {
1033 if ((p->tag & 0x0000ff00) == (current_tag & 0x0000ff00)) {
1034 scsi_req_cancel(p->req);
1041 if ((msg & 0x80) == 0) {
1044 s->current_lun = msg & 7;
1045 DPRINTF("Select LUN %d\n", s->current_lun);
1046 lsi_set_phase(s, PHASE_CMD);
1052 BADF("Unimplemented message 0x%02x\n", msg);
1053 lsi_set_phase(s, PHASE_MI);
1054 lsi_add_msg_byte(s, 7); /* MESSAGE REJECT */
1058 #define LSI_BUF_SIZE 4096
1059 static void lsi_memcpy(LSIState *s, uint32_t dest, uint32_t src, int count)
1062 uint8_t buf[LSI_BUF_SIZE];
1064 DPRINTF("memcpy dest 0x%08x src 0x%08x count %d\n", dest, src, count);
1066 n = (count > LSI_BUF_SIZE) ? LSI_BUF_SIZE : count;
1067 lsi_mem_read(s, src, buf, n);
1068 lsi_mem_write(s, dest, buf, n);
1075 static void lsi_wait_reselect(LSIState *s)
1079 DPRINTF("Wait Reselect\n");
1081 QTAILQ_FOREACH(p, &s->queue, next) {
1087 if (s->current == NULL) {
1092 static void lsi_execute_script(LSIState *s)
1094 PCIDevice *pci_dev = PCI_DEVICE(s);
1096 uint32_t addr, addr_high;
1098 int insn_processed = 0;
1100 s->istat1 |= LSI_ISTAT1_SRUN;
1103 insn = read_dword(s, s->dsp);
1105 /* If we receive an empty opcode increment the DSP by 4 bytes
1106 instead of 8 and execute the next opcode at that location */
1110 addr = read_dword(s, s->dsp + 4);
1112 DPRINTF("SCRIPTS dsp=%08x opcode %08x arg %08x\n", s->dsp, insn, addr);
1114 s->dcmd = insn >> 24;
1116 switch (insn >> 30) {
1117 case 0: /* Block move. */
1118 if (s->sist1 & LSI_SIST1_STO) {
1119 DPRINTF("Delayed select timeout\n");
1123 s->dbc = insn & 0xffffff;
1127 if (insn & (1 << 29)) {
1128 /* Indirect addressing. */
1129 addr = read_dword(s, addr);
1130 } else if (insn & (1 << 28)) {
1133 /* Table indirect addressing. */
1135 /* 32-bit Table indirect */
1136 offset = sextract32(addr, 0, 24);
1137 pci_dma_read(pci_dev, s->dsa + offset, buf, 8);
1138 /* byte count is stored in bits 0:23 only */
1139 s->dbc = cpu_to_le32(buf[0]) & 0xffffff;
1141 addr = cpu_to_le32(buf[1]);
1143 /* 40-bit DMA, upper addr bits [39:32] stored in first DWORD of
1144 * table, bits [31:24] */
1145 if (lsi_dma_40bit(s))
1146 addr_high = cpu_to_le32(buf[0]) >> 24;
1147 else if (lsi_dma_ti64bit(s)) {
1148 int selector = (cpu_to_le32(buf[0]) >> 24) & 0x1f;
1151 /* offset index into scratch registers since
1152 * TI64 mode can use registers C to R */
1153 addr_high = s->scratch[2 + selector];
1156 addr_high = s->mmrs;
1159 addr_high = s->mmws;
1168 addr_high = s->sbms;
1171 addr_high = s->dbms;
1174 BADF("Illegal selector specified (0x%x > 0x15)"
1175 " for 64-bit DMA block move", selector);
1179 } else if (lsi_dma_64bit(s)) {
1180 /* fetch a 3rd dword if 64-bit direct move is enabled and
1181 only if we're not doing table indirect or indirect addressing */
1182 s->dbms = read_dword(s, s->dsp);
1184 s->ia = s->dsp - 12;
1186 if ((s->sstat1 & PHASE_MASK) != ((insn >> 24) & 7)) {
1187 DPRINTF("Wrong phase got %d expected %d\n",
1188 s->sstat1 & PHASE_MASK, (insn >> 24) & 7);
1189 lsi_script_scsi_interrupt(s, LSI_SIST0_MA, 0);
1193 s->dnad64 = addr_high;
1194 switch (s->sstat1 & 0x7) {
1220 BADF("Unimplemented phase %d\n", s->sstat1 & PHASE_MASK);
1223 s->dfifo = s->dbc & 0xff;
1224 s->ctest5 = (s->ctest5 & 0xfc) | ((s->dbc >> 8) & 3);
1227 s->ua = addr + s->dbc;
1230 case 1: /* IO or Read/Write instruction. */
1231 opcode = (insn >> 27) & 7;
1235 if (insn & (1 << 25)) {
1236 id = read_dword(s, s->dsa + sextract32(insn, 0, 24));
1240 id = (id >> 16) & 0xf;
1241 if (insn & (1 << 26)) {
1242 addr = s->dsp + sextract32(addr, 0, 24);
1246 case 0: /* Select */
1248 if (s->scntl1 & LSI_SCNTL1_CON) {
1249 DPRINTF("Already reselected, jumping to alternative address\n");
1253 s->sstat0 |= LSI_SSTAT0_WOA;
1254 s->scntl1 &= ~LSI_SCNTL1_IARB;
1255 if (!scsi_device_find(&s->bus, 0, id, 0)) {
1256 lsi_bad_selection(s, id);
1259 DPRINTF("Selected target %d%s\n",
1260 id, insn & (1 << 3) ? " ATN" : "");
1261 /* ??? Linux drivers compain when this is set. Maybe
1262 it only applies in low-level mode (unimplemented).
1263 lsi_script_scsi_interrupt(s, LSI_SIST0_CMP, 0); */
1264 s->select_tag = id << 8;
1265 s->scntl1 |= LSI_SCNTL1_CON;
1266 if (insn & (1 << 3)) {
1267 s->socl |= LSI_SOCL_ATN;
1269 lsi_set_phase(s, PHASE_MO);
1271 case 1: /* Disconnect */
1272 DPRINTF("Wait Disconnect\n");
1273 s->scntl1 &= ~LSI_SCNTL1_CON;
1275 case 2: /* Wait Reselect */
1276 if (!lsi_irq_on_rsl(s)) {
1277 lsi_wait_reselect(s);
1281 DPRINTF("Set%s%s%s%s\n",
1282 insn & (1 << 3) ? " ATN" : "",
1283 insn & (1 << 6) ? " ACK" : "",
1284 insn & (1 << 9) ? " TM" : "",
1285 insn & (1 << 10) ? " CC" : "");
1286 if (insn & (1 << 3)) {
1287 s->socl |= LSI_SOCL_ATN;
1288 lsi_set_phase(s, PHASE_MO);
1290 if (insn & (1 << 9)) {
1291 BADF("Target mode not implemented\n");
1294 if (insn & (1 << 10))
1298 DPRINTF("Clear%s%s%s%s\n",
1299 insn & (1 << 3) ? " ATN" : "",
1300 insn & (1 << 6) ? " ACK" : "",
1301 insn & (1 << 9) ? " TM" : "",
1302 insn & (1 << 10) ? " CC" : "");
1303 if (insn & (1 << 3)) {
1304 s->socl &= ~LSI_SOCL_ATN;
1306 if (insn & (1 << 10))
1317 static const char *opcode_names[3] =
1318 {"Write", "Read", "Read-Modify-Write"};
1319 static const char *operator_names[8] =
1320 {"MOV", "SHL", "OR", "XOR", "AND", "SHR", "ADD", "ADC"};
1323 reg = ((insn >> 16) & 0x7f) | (insn & 0x80);
1324 data8 = (insn >> 8) & 0xff;
1325 opcode = (insn >> 27) & 7;
1326 operator = (insn >> 24) & 7;
1327 DPRINTF("%s reg 0x%x %s data8=0x%02x sfbr=0x%02x%s\n",
1328 opcode_names[opcode - 5], reg,
1329 operator_names[operator], data8, s->sfbr,
1330 (insn & (1 << 23)) ? " SFBR" : "");
1333 case 5: /* From SFBR */
1337 case 6: /* To SFBR */
1339 op0 = lsi_reg_readb(s, reg);
1342 case 7: /* Read-modify-write */
1344 op0 = lsi_reg_readb(s, reg);
1345 if (insn & (1 << 23)) {
1357 case 1: /* Shift left */
1359 op0 = (op0 << 1) | s->carry;
1373 op0 = (op0 >> 1) | (s->carry << 7);
1378 s->carry = op0 < op1;
1381 op0 += op1 + s->carry;
1383 s->carry = op0 <= op1;
1385 s->carry = op0 < op1;
1390 case 5: /* From SFBR */
1391 case 7: /* Read-modify-write */
1392 lsi_reg_writeb(s, reg, op0);
1394 case 6: /* To SFBR */
1401 case 2: /* Transfer Control. */
1406 if ((insn & 0x002e0000) == 0) {
1410 if (s->sist1 & LSI_SIST1_STO) {
1411 DPRINTF("Delayed select timeout\n");
1415 cond = jmp = (insn & (1 << 19)) != 0;
1416 if (cond == jmp && (insn & (1 << 21))) {
1417 DPRINTF("Compare carry %d\n", s->carry == jmp);
1418 cond = s->carry != 0;
1420 if (cond == jmp && (insn & (1 << 17))) {
1421 DPRINTF("Compare phase %d %c= %d\n",
1422 (s->sstat1 & PHASE_MASK),
1424 ((insn >> 24) & 7));
1425 cond = (s->sstat1 & PHASE_MASK) == ((insn >> 24) & 7);
1427 if (cond == jmp && (insn & (1 << 18))) {
1430 mask = (~insn >> 8) & 0xff;
1431 DPRINTF("Compare data 0x%x & 0x%x %c= 0x%x\n",
1432 s->sfbr, mask, jmp ? '=' : '!', insn & mask);
1433 cond = (s->sfbr & mask) == (insn & mask);
1436 if (insn & (1 << 23)) {
1437 /* Relative address. */
1438 addr = s->dsp + sextract32(addr, 0, 24);
1440 switch ((insn >> 27) & 7) {
1442 DPRINTF("Jump to 0x%08x\n", addr);
1447 DPRINTF("Call 0x%08x\n", addr);
1451 case 2: /* Return */
1452 DPRINTF("Return to 0x%08x\n", s->temp);
1455 case 3: /* Interrupt */
1456 DPRINTF("Interrupt 0x%08x\n", s->dsps);
1457 if ((insn & (1 << 20)) != 0) {
1458 s->istat0 |= LSI_ISTAT0_INTF;
1461 lsi_script_dma_interrupt(s, LSI_DSTAT_SIR);
1465 DPRINTF("Illegal transfer control\n");
1466 lsi_script_dma_interrupt(s, LSI_DSTAT_IID);
1470 DPRINTF("Control condition failed\n");
1476 if ((insn & (1 << 29)) == 0) {
1479 /* ??? The docs imply the destination address is loaded into
1480 the TEMP register. However the Linux drivers rely on
1481 the value being presrved. */
1482 dest = read_dword(s, s->dsp);
1484 lsi_memcpy(s, dest, addr, insn & 0xffffff);
1491 if (insn & (1 << 28)) {
1492 addr = s->dsa + sextract32(addr, 0, 24);
1495 reg = (insn >> 16) & 0xff;
1496 if (insn & (1 << 24)) {
1497 pci_dma_read(pci_dev, addr, data, n);
1498 DPRINTF("Load reg 0x%x size %d addr 0x%08x = %08x\n", reg, n,
1499 addr, *(int *)data);
1500 for (i = 0; i < n; i++) {
1501 lsi_reg_writeb(s, reg + i, data[i]);
1504 DPRINTF("Store reg 0x%x size %d addr 0x%08x\n", reg, n, addr);
1505 for (i = 0; i < n; i++) {
1506 data[i] = lsi_reg_readb(s, reg + i);
1508 pci_dma_write(pci_dev, addr, data, n);
1512 if (insn_processed > 10000 && !s->waiting) {
1513 /* Some windows drivers make the device spin waiting for a memory
1514 location to change. If we have been executed a lot of code then
1515 assume this is the case and force an unexpected device disconnect.
1516 This is apparently sufficient to beat the drivers into submission.
1518 if (!(s->sien0 & LSI_SIST0_UDC))
1519 fprintf(stderr, "inf. loop with UDC masked\n");
1520 lsi_script_scsi_interrupt(s, LSI_SIST0_UDC, 0);
1522 } else if (s->istat1 & LSI_ISTAT1_SRUN && !s->waiting) {
1523 if (s->dcntl & LSI_DCNTL_SSM) {
1524 lsi_script_dma_interrupt(s, LSI_DSTAT_SSI);
1529 DPRINTF("SCRIPTS execution stopped\n");
1532 static uint8_t lsi_reg_readb(LSIState *s, int offset)
1536 #define CASE_GET_REG24(name, addr) \
1537 case addr: ret = s->name & 0xff; break; \
1538 case addr + 1: ret = (s->name >> 8) & 0xff; break; \
1539 case addr + 2: ret = (s->name >> 16) & 0xff; break;
1541 #define CASE_GET_REG32(name, addr) \
1542 case addr: ret = s->name & 0xff; break; \
1543 case addr + 1: ret = (s->name >> 8) & 0xff; break; \
1544 case addr + 2: ret = (s->name >> 16) & 0xff; break; \
1545 case addr + 3: ret = (s->name >> 24) & 0xff; break;
1548 case 0x00: /* SCNTL0 */
1551 case 0x01: /* SCNTL1 */
1554 case 0x02: /* SCNTL2 */
1557 case 0x03: /* SCNTL3 */
1560 case 0x04: /* SCID */
1563 case 0x05: /* SXFER */
1566 case 0x06: /* SDID */
1569 case 0x07: /* GPREG0 */
1572 case 0x08: /* Revision ID */
1575 case 0x09: /* SOCL */
1578 case 0xa: /* SSID */
1581 case 0xb: /* SBCL */
1582 /* ??? This is not correct. However it's (hopefully) only
1583 used for diagnostics, so should be ok. */
1586 case 0xc: /* DSTAT */
1587 ret = s->dstat | LSI_DSTAT_DFE;
1588 if ((s->istat0 & LSI_ISTAT0_INTF) == 0)
1592 case 0x0d: /* SSTAT0 */
1595 case 0x0e: /* SSTAT1 */
1598 case 0x0f: /* SSTAT2 */
1599 ret = s->scntl1 & LSI_SCNTL1_CON ? 0 : 2;
1601 CASE_GET_REG32(dsa, 0x10)
1602 case 0x14: /* ISTAT0 */
1605 case 0x15: /* ISTAT1 */
1608 case 0x16: /* MBOX0 */
1611 case 0x17: /* MBOX1 */
1614 case 0x18: /* CTEST0 */
1617 case 0x19: /* CTEST1 */
1620 case 0x1a: /* CTEST2 */
1621 ret = s->ctest2 | LSI_CTEST2_DACK | LSI_CTEST2_CM;
1622 if (s->istat0 & LSI_ISTAT0_SIGP) {
1623 s->istat0 &= ~LSI_ISTAT0_SIGP;
1624 ret |= LSI_CTEST2_SIGP;
1627 case 0x1b: /* CTEST3 */
1630 CASE_GET_REG32(temp, 0x1c)
1631 case 0x20: /* DFIFO */
1634 case 0x21: /* CTEST4 */
1637 case 0x22: /* CTEST5 */
1640 case 0x23: /* CTEST6 */
1643 CASE_GET_REG24(dbc, 0x24)
1644 case 0x27: /* DCMD */
1647 CASE_GET_REG32(dnad, 0x28)
1648 CASE_GET_REG32(dsp, 0x2c)
1649 CASE_GET_REG32(dsps, 0x30)
1650 CASE_GET_REG32(scratch[0], 0x34)
1651 case 0x38: /* DMODE */
1654 case 0x39: /* DIEN */
1657 case 0x3a: /* SBR */
1660 case 0x3b: /* DCNTL */
1663 /* ADDER Output (Debug of relative jump address) */
1664 CASE_GET_REG32(adder, 0x3c)
1665 case 0x40: /* SIEN0 */
1668 case 0x41: /* SIEN1 */
1671 case 0x42: /* SIST0 */
1676 case 0x43: /* SIST1 */
1681 case 0x46: /* MACNTL */
1684 case 0x47: /* GPCNTL0 */
1687 case 0x48: /* STIME0 */
1690 case 0x4a: /* RESPID0 */
1693 case 0x4b: /* RESPID1 */
1696 case 0x4d: /* STEST1 */
1699 case 0x4e: /* STEST2 */
1702 case 0x4f: /* STEST3 */
1705 case 0x50: /* SIDL */
1706 /* This is needed by the linux drivers. We currently only update it
1707 during the MSG IN phase. */
1710 case 0x52: /* STEST4 */
1713 case 0x56: /* CCNTL0 */
1716 case 0x57: /* CCNTL1 */
1719 case 0x58: /* SBDL */
1720 /* Some drivers peek at the data bus during the MSG IN phase. */
1721 if ((s->sstat1 & PHASE_MASK) == PHASE_MI)
1725 case 0x59: /* SBDL high */
1728 CASE_GET_REG32(mmrs, 0xa0)
1729 CASE_GET_REG32(mmws, 0xa4)
1730 CASE_GET_REG32(sfs, 0xa8)
1731 CASE_GET_REG32(drs, 0xac)
1732 CASE_GET_REG32(sbms, 0xb0)
1733 CASE_GET_REG32(dbms, 0xb4)
1734 CASE_GET_REG32(dnad64, 0xb8)
1735 CASE_GET_REG32(pmjad1, 0xc0)
1736 CASE_GET_REG32(pmjad2, 0xc4)
1737 CASE_GET_REG32(rbc, 0xc8)
1738 CASE_GET_REG32(ua, 0xcc)
1739 CASE_GET_REG32(ia, 0xd4)
1740 CASE_GET_REG32(sbc, 0xd8)
1741 CASE_GET_REG32(csbc, 0xdc)
1746 n = (offset - 0x58) >> 2;
1747 shift = (offset & 3) * 8;
1748 ret = (s->scratch[n] >> shift) & 0xff;
1753 qemu_log_mask(LOG_GUEST_ERROR,
1754 "lsi_scsi: invalid read from reg %s %x\n",
1755 offset < ARRAY_SIZE(names) ? names[offset] : "???",
1761 #undef CASE_GET_REG24
1762 #undef CASE_GET_REG32
1764 #ifdef DEBUG_LSI_REG
1765 DPRINTF("Read reg %s %x = %02x\n",
1766 offset < ARRAY_SIZE(names) ? names[offset] : "???", offset, ret);
1772 static void lsi_reg_writeb(LSIState *s, int offset, uint8_t val)
1774 #define CASE_SET_REG24(name, addr) \
1775 case addr : s->name &= 0xffffff00; s->name |= val; break; \
1776 case addr + 1: s->name &= 0xffff00ff; s->name |= val << 8; break; \
1777 case addr + 2: s->name &= 0xff00ffff; s->name |= val << 16; break;
1779 #define CASE_SET_REG32(name, addr) \
1780 case addr : s->name &= 0xffffff00; s->name |= val; break; \
1781 case addr + 1: s->name &= 0xffff00ff; s->name |= val << 8; break; \
1782 case addr + 2: s->name &= 0xff00ffff; s->name |= val << 16; break; \
1783 case addr + 3: s->name &= 0x00ffffff; s->name |= val << 24; break;
1785 #ifdef DEBUG_LSI_REG
1786 DPRINTF("Write reg %s %x = %02x\n",
1787 offset < ARRAY_SIZE(names) ? names[offset] : "???", offset, val);
1790 case 0x00: /* SCNTL0 */
1792 if (val & LSI_SCNTL0_START) {
1793 BADF("Start sequence not implemented\n");
1796 case 0x01: /* SCNTL1 */
1797 s->scntl1 = val & ~LSI_SCNTL1_SST;
1798 if (val & LSI_SCNTL1_IARB) {
1799 BADF("Immediate Arbritration not implemented\n");
1801 if (val & LSI_SCNTL1_RST) {
1802 if (!(s->sstat0 & LSI_SSTAT0_RST)) {
1803 qbus_reset_all(&s->bus.qbus);
1804 s->sstat0 |= LSI_SSTAT0_RST;
1805 lsi_script_scsi_interrupt(s, LSI_SIST0_RST, 0);
1808 s->sstat0 &= ~LSI_SSTAT0_RST;
1811 case 0x02: /* SCNTL2 */
1812 val &= ~(LSI_SCNTL2_WSR | LSI_SCNTL2_WSS);
1815 case 0x03: /* SCNTL3 */
1818 case 0x04: /* SCID */
1821 case 0x05: /* SXFER */
1824 case 0x06: /* SDID */
1825 if ((s->ssid & 0x80) && (val & 0xf) != (s->ssid & 0xf)) {
1826 BADF("Destination ID does not match SSID\n");
1828 s->sdid = val & 0xf;
1830 case 0x07: /* GPREG0 */
1832 case 0x08: /* SFBR */
1833 /* The CPU is not allowed to write to this register. However the
1834 SCRIPTS register move instructions are. */
1837 case 0x0a: case 0x0b:
1838 /* Openserver writes to these readonly registers on startup */
1840 case 0x0c: case 0x0d: case 0x0e: case 0x0f:
1841 /* Linux writes to these readonly registers on startup. */
1843 CASE_SET_REG32(dsa, 0x10)
1844 case 0x14: /* ISTAT0 */
1845 s->istat0 = (s->istat0 & 0x0f) | (val & 0xf0);
1846 if (val & LSI_ISTAT0_ABRT) {
1847 lsi_script_dma_interrupt(s, LSI_DSTAT_ABRT);
1849 if (val & LSI_ISTAT0_INTF) {
1850 s->istat0 &= ~LSI_ISTAT0_INTF;
1853 if (s->waiting == 1 && val & LSI_ISTAT0_SIGP) {
1854 DPRINTF("Woken by SIGP\n");
1857 lsi_execute_script(s);
1859 if (val & LSI_ISTAT0_SRST) {
1860 qdev_reset_all(DEVICE(s));
1863 case 0x16: /* MBOX0 */
1866 case 0x17: /* MBOX1 */
1869 case 0x18: /* CTEST0 */
1872 case 0x1a: /* CTEST2 */
1873 s->ctest2 = val & LSI_CTEST2_PCICIE;
1875 case 0x1b: /* CTEST3 */
1876 s->ctest3 = val & 0x0f;
1878 CASE_SET_REG32(temp, 0x1c)
1879 case 0x21: /* CTEST4 */
1881 BADF("Unimplemented CTEST4-FBL 0x%x\n", val);
1885 case 0x22: /* CTEST5 */
1886 if (val & (LSI_CTEST5_ADCK | LSI_CTEST5_BBCK)) {
1887 BADF("CTEST5 DMA increment not implemented\n");
1891 CASE_SET_REG24(dbc, 0x24)
1892 CASE_SET_REG32(dnad, 0x28)
1893 case 0x2c: /* DSP[0:7] */
1894 s->dsp &= 0xffffff00;
1897 case 0x2d: /* DSP[8:15] */
1898 s->dsp &= 0xffff00ff;
1901 case 0x2e: /* DSP[16:23] */
1902 s->dsp &= 0xff00ffff;
1903 s->dsp |= val << 16;
1905 case 0x2f: /* DSP[24:31] */
1906 s->dsp &= 0x00ffffff;
1907 s->dsp |= val << 24;
1908 if ((s->dmode & LSI_DMODE_MAN) == 0
1909 && (s->istat1 & LSI_ISTAT1_SRUN) == 0)
1910 lsi_execute_script(s);
1912 CASE_SET_REG32(dsps, 0x30)
1913 CASE_SET_REG32(scratch[0], 0x34)
1914 case 0x38: /* DMODE */
1917 case 0x39: /* DIEN */
1921 case 0x3a: /* SBR */
1924 case 0x3b: /* DCNTL */
1925 s->dcntl = val & ~(LSI_DCNTL_PFF | LSI_DCNTL_STD);
1926 if ((val & LSI_DCNTL_STD) && (s->istat1 & LSI_ISTAT1_SRUN) == 0)
1927 lsi_execute_script(s);
1929 case 0x40: /* SIEN0 */
1933 case 0x41: /* SIEN1 */
1937 case 0x47: /* GPCNTL0 */
1939 case 0x48: /* STIME0 */
1942 case 0x49: /* STIME1 */
1944 DPRINTF("General purpose timer not implemented\n");
1945 /* ??? Raising the interrupt immediately seems to be sufficient
1946 to keep the FreeBSD driver happy. */
1947 lsi_script_scsi_interrupt(s, 0, LSI_SIST1_GEN);
1950 case 0x4a: /* RESPID0 */
1953 case 0x4b: /* RESPID1 */
1956 case 0x4d: /* STEST1 */
1959 case 0x4e: /* STEST2 */
1961 BADF("Low level mode not implemented\n");
1965 case 0x4f: /* STEST3 */
1967 BADF("SCSI FIFO test mode not implemented\n");
1971 case 0x56: /* CCNTL0 */
1974 case 0x57: /* CCNTL1 */
1977 CASE_SET_REG32(mmrs, 0xa0)
1978 CASE_SET_REG32(mmws, 0xa4)
1979 CASE_SET_REG32(sfs, 0xa8)
1980 CASE_SET_REG32(drs, 0xac)
1981 CASE_SET_REG32(sbms, 0xb0)
1982 CASE_SET_REG32(dbms, 0xb4)
1983 CASE_SET_REG32(dnad64, 0xb8)
1984 CASE_SET_REG32(pmjad1, 0xc0)
1985 CASE_SET_REG32(pmjad2, 0xc4)
1986 CASE_SET_REG32(rbc, 0xc8)
1987 CASE_SET_REG32(ua, 0xcc)
1988 CASE_SET_REG32(ia, 0xd4)
1989 CASE_SET_REG32(sbc, 0xd8)
1990 CASE_SET_REG32(csbc, 0xdc)
1992 if (offset >= 0x5c && offset < 0xa0) {
1995 n = (offset - 0x58) >> 2;
1996 shift = (offset & 3) * 8;
1997 s->scratch[n] = deposit32(s->scratch[n], shift, 8, val);
1999 qemu_log_mask(LOG_GUEST_ERROR,
2000 "lsi_scsi: invalid write to reg %s %x (0x%02x)\n",
2001 offset < ARRAY_SIZE(names) ? names[offset] : "???",
2005 #undef CASE_SET_REG24
2006 #undef CASE_SET_REG32
2009 static void lsi_mmio_write(void *opaque, hwaddr addr,
2010 uint64_t val, unsigned size)
2012 LSIState *s = opaque;
2014 lsi_reg_writeb(s, addr & 0xff, val);
2017 static uint64_t lsi_mmio_read(void *opaque, hwaddr addr,
2020 LSIState *s = opaque;
2022 return lsi_reg_readb(s, addr & 0xff);
2025 static const MemoryRegionOps lsi_mmio_ops = {
2026 .read = lsi_mmio_read,
2027 .write = lsi_mmio_write,
2028 .endianness = DEVICE_NATIVE_ENDIAN,
2030 .min_access_size = 1,
2031 .max_access_size = 1,
2035 static void lsi_ram_write(void *opaque, hwaddr addr,
2036 uint64_t val, unsigned size)
2038 LSIState *s = opaque;
2043 newval = s->script_ram[addr >> 2];
2044 shift = (addr & 3) * 8;
2045 mask = ((uint64_t)1 << (size * 8)) - 1;
2046 newval &= ~(mask << shift);
2047 newval |= val << shift;
2048 s->script_ram[addr >> 2] = newval;
2051 static uint64_t lsi_ram_read(void *opaque, hwaddr addr,
2054 LSIState *s = opaque;
2058 val = s->script_ram[addr >> 2];
2059 mask = ((uint64_t)1 << (size * 8)) - 1;
2060 val >>= (addr & 3) * 8;
2064 static const MemoryRegionOps lsi_ram_ops = {
2065 .read = lsi_ram_read,
2066 .write = lsi_ram_write,
2067 .endianness = DEVICE_NATIVE_ENDIAN,
2070 static uint64_t lsi_io_read(void *opaque, hwaddr addr,
2073 LSIState *s = opaque;
2074 return lsi_reg_readb(s, addr & 0xff);
2077 static void lsi_io_write(void *opaque, hwaddr addr,
2078 uint64_t val, unsigned size)
2080 LSIState *s = opaque;
2081 lsi_reg_writeb(s, addr & 0xff, val);
2084 static const MemoryRegionOps lsi_io_ops = {
2085 .read = lsi_io_read,
2086 .write = lsi_io_write,
2087 .endianness = DEVICE_NATIVE_ENDIAN,
2089 .min_access_size = 1,
2090 .max_access_size = 1,
2094 static void lsi_scsi_reset(DeviceState *dev)
2096 LSIState *s = LSI53C895A(dev);
2101 static int lsi_pre_save(void *opaque)
2103 LSIState *s = opaque;
2106 assert(s->current->dma_buf == NULL);
2107 assert(s->current->dma_len == 0);
2109 assert(QTAILQ_EMPTY(&s->queue));
2114 static const VMStateDescription vmstate_lsi_scsi = {
2117 .minimum_version_id = 0,
2118 .pre_save = lsi_pre_save,
2119 .fields = (VMStateField[]) {
2120 VMSTATE_PCI_DEVICE(parent_obj, LSIState),
2122 VMSTATE_INT32(carry, LSIState),
2123 VMSTATE_INT32(status, LSIState),
2124 VMSTATE_INT32(msg_action, LSIState),
2125 VMSTATE_INT32(msg_len, LSIState),
2126 VMSTATE_BUFFER(msg, LSIState),
2127 VMSTATE_INT32(waiting, LSIState),
2129 VMSTATE_UINT32(dsa, LSIState),
2130 VMSTATE_UINT32(temp, LSIState),
2131 VMSTATE_UINT32(dnad, LSIState),
2132 VMSTATE_UINT32(dbc, LSIState),
2133 VMSTATE_UINT8(istat0, LSIState),
2134 VMSTATE_UINT8(istat1, LSIState),
2135 VMSTATE_UINT8(dcmd, LSIState),
2136 VMSTATE_UINT8(dstat, LSIState),
2137 VMSTATE_UINT8(dien, LSIState),
2138 VMSTATE_UINT8(sist0, LSIState),
2139 VMSTATE_UINT8(sist1, LSIState),
2140 VMSTATE_UINT8(sien0, LSIState),
2141 VMSTATE_UINT8(sien1, LSIState),
2142 VMSTATE_UINT8(mbox0, LSIState),
2143 VMSTATE_UINT8(mbox1, LSIState),
2144 VMSTATE_UINT8(dfifo, LSIState),
2145 VMSTATE_UINT8(ctest2, LSIState),
2146 VMSTATE_UINT8(ctest3, LSIState),
2147 VMSTATE_UINT8(ctest4, LSIState),
2148 VMSTATE_UINT8(ctest5, LSIState),
2149 VMSTATE_UINT8(ccntl0, LSIState),
2150 VMSTATE_UINT8(ccntl1, LSIState),
2151 VMSTATE_UINT32(dsp, LSIState),
2152 VMSTATE_UINT32(dsps, LSIState),
2153 VMSTATE_UINT8(dmode, LSIState),
2154 VMSTATE_UINT8(dcntl, LSIState),
2155 VMSTATE_UINT8(scntl0, LSIState),
2156 VMSTATE_UINT8(scntl1, LSIState),
2157 VMSTATE_UINT8(scntl2, LSIState),
2158 VMSTATE_UINT8(scntl3, LSIState),
2159 VMSTATE_UINT8(sstat0, LSIState),
2160 VMSTATE_UINT8(sstat1, LSIState),
2161 VMSTATE_UINT8(scid, LSIState),
2162 VMSTATE_UINT8(sxfer, LSIState),
2163 VMSTATE_UINT8(socl, LSIState),
2164 VMSTATE_UINT8(sdid, LSIState),
2165 VMSTATE_UINT8(ssid, LSIState),
2166 VMSTATE_UINT8(sfbr, LSIState),
2167 VMSTATE_UINT8(stest1, LSIState),
2168 VMSTATE_UINT8(stest2, LSIState),
2169 VMSTATE_UINT8(stest3, LSIState),
2170 VMSTATE_UINT8(sidl, LSIState),
2171 VMSTATE_UINT8(stime0, LSIState),
2172 VMSTATE_UINT8(respid0, LSIState),
2173 VMSTATE_UINT8(respid1, LSIState),
2174 VMSTATE_UINT32(mmrs, LSIState),
2175 VMSTATE_UINT32(mmws, LSIState),
2176 VMSTATE_UINT32(sfs, LSIState),
2177 VMSTATE_UINT32(drs, LSIState),
2178 VMSTATE_UINT32(sbms, LSIState),
2179 VMSTATE_UINT32(dbms, LSIState),
2180 VMSTATE_UINT32(dnad64, LSIState),
2181 VMSTATE_UINT32(pmjad1, LSIState),
2182 VMSTATE_UINT32(pmjad2, LSIState),
2183 VMSTATE_UINT32(rbc, LSIState),
2184 VMSTATE_UINT32(ua, LSIState),
2185 VMSTATE_UINT32(ia, LSIState),
2186 VMSTATE_UINT32(sbc, LSIState),
2187 VMSTATE_UINT32(csbc, LSIState),
2188 VMSTATE_BUFFER_UNSAFE(scratch, LSIState, 0, 18 * sizeof(uint32_t)),
2189 VMSTATE_UINT8(sbr, LSIState),
2191 VMSTATE_BUFFER_UNSAFE(script_ram, LSIState, 0, 2048 * sizeof(uint32_t)),
2192 VMSTATE_END_OF_LIST()
2196 static const struct SCSIBusInfo lsi_scsi_info = {
2198 .max_target = LSI_MAX_DEVS,
2199 .max_lun = 0, /* LUN support is buggy */
2201 .transfer_data = lsi_transfer_data,
2202 .complete = lsi_command_complete,
2203 .cancel = lsi_request_cancelled
2206 static void lsi_scsi_realize(PCIDevice *dev, Error **errp)
2208 LSIState *s = LSI53C895A(dev);
2209 DeviceState *d = DEVICE(dev);
2212 pci_conf = dev->config;
2214 /* PCI latency timer = 255 */
2215 pci_conf[PCI_LATENCY_TIMER] = 0xff;
2216 /* Interrupt pin A */
2217 pci_conf[PCI_INTERRUPT_PIN] = 0x01;
2219 memory_region_init_io(&s->mmio_io, OBJECT(s), &lsi_mmio_ops, s,
2221 memory_region_init_io(&s->ram_io, OBJECT(s), &lsi_ram_ops, s,
2223 memory_region_init_io(&s->io_io, OBJECT(s), &lsi_io_ops, s,
2226 address_space_init(&s->pci_io_as, pci_address_space_io(dev), "lsi-pci-io");
2227 qdev_init_gpio_out(d, &s->ext_irq, 1);
2229 pci_register_bar(dev, 0, PCI_BASE_ADDRESS_SPACE_IO, &s->io_io);
2230 pci_register_bar(dev, 1, PCI_BASE_ADDRESS_SPACE_MEMORY, &s->mmio_io);
2231 pci_register_bar(dev, 2, PCI_BASE_ADDRESS_SPACE_MEMORY, &s->ram_io);
2232 QTAILQ_INIT(&s->queue);
2234 scsi_bus_new(&s->bus, sizeof(s->bus), d, &lsi_scsi_info, NULL);
2237 static void lsi_scsi_unrealize(DeviceState *dev, Error **errp)
2239 LSIState *s = LSI53C895A(dev);
2241 address_space_destroy(&s->pci_io_as);
2244 static void lsi_class_init(ObjectClass *klass, void *data)
2246 DeviceClass *dc = DEVICE_CLASS(klass);
2247 PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
2249 k->realize = lsi_scsi_realize;
2250 k->vendor_id = PCI_VENDOR_ID_LSI_LOGIC;
2251 k->device_id = PCI_DEVICE_ID_LSI_53C895A;
2252 k->class_id = PCI_CLASS_STORAGE_SCSI;
2253 k->subsystem_id = 0x1000;
2254 dc->unrealize = lsi_scsi_unrealize;
2255 dc->reset = lsi_scsi_reset;
2256 dc->vmsd = &vmstate_lsi_scsi;
2257 set_bit(DEVICE_CATEGORY_STORAGE, dc->categories);
2260 static const TypeInfo lsi_info = {
2261 .name = TYPE_LSI53C895A,
2262 .parent = TYPE_PCI_DEVICE,
2263 .instance_size = sizeof(LSIState),
2264 .class_init = lsi_class_init,
2265 .interfaces = (InterfaceInfo[]) {
2266 { INTERFACE_CONVENTIONAL_PCI_DEVICE },
2271 static void lsi53c810_class_init(ObjectClass *klass, void *data)
2273 PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
2275 k->device_id = PCI_DEVICE_ID_LSI_53C810;
2278 static TypeInfo lsi53c810_info = {
2279 .name = TYPE_LSI53C810,
2280 .parent = TYPE_LSI53C895A,
2281 .class_init = lsi53c810_class_init,
2284 static void lsi53c895a_register_types(void)
2286 type_register_static(&lsi_info);
2287 type_register_static(&lsi53c810_info);
2290 type_init(lsi53c895a_register_types)
2292 void lsi53c8xx_handle_legacy_cmdline(DeviceState *lsi_dev)
2294 LSIState *s = LSI53C895A(lsi_dev);
2296 scsi_bus_legacy_handle_cmdline(&s->bus);
projects / qemu.git / blob