2 * QEMU LSI53C895A SCSI Host Bus Adapter emulation
4 * Copyright (c) 2006 CodeSourcery.
5 * Written by Paul Brook
7 * This code is licenced under the LGPL.
10 /* ??? Need to check if the {read,write}[wl] routines work properly on
11 big-endian targets. */
18 #include "block_int.h"
21 //#define DEBUG_LSI_REG
24 #define DPRINTF(fmt, ...) \
25 do { printf("lsi_scsi: " fmt , ## __VA_ARGS__); } while (0)
26 #define BADF(fmt, ...) \
27 do { fprintf(stderr, "lsi_scsi: error: " fmt , ## __VA_ARGS__); exit(1);} while (0)
29 #define DPRINTF(fmt, ...) do {} while(0)
30 #define BADF(fmt, ...) \
31 do { fprintf(stderr, "lsi_scsi: error: " fmt , ## __VA_ARGS__);} while (0)
34 #define LSI_MAX_DEVS 7
36 #define LSI_SCNTL0_TRG 0x01
37 #define LSI_SCNTL0_AAP 0x02
38 #define LSI_SCNTL0_EPC 0x08
39 #define LSI_SCNTL0_WATN 0x10
40 #define LSI_SCNTL0_START 0x20
42 #define LSI_SCNTL1_SST 0x01
43 #define LSI_SCNTL1_IARB 0x02
44 #define LSI_SCNTL1_AESP 0x04
45 #define LSI_SCNTL1_RST 0x08
46 #define LSI_SCNTL1_CON 0x10
47 #define LSI_SCNTL1_DHP 0x20
48 #define LSI_SCNTL1_ADB 0x40
49 #define LSI_SCNTL1_EXC 0x80
51 #define LSI_SCNTL2_WSR 0x01
52 #define LSI_SCNTL2_VUE0 0x02
53 #define LSI_SCNTL2_VUE1 0x04
54 #define LSI_SCNTL2_WSS 0x08
55 #define LSI_SCNTL2_SLPHBEN 0x10
56 #define LSI_SCNTL2_SLPMD 0x20
57 #define LSI_SCNTL2_CHM 0x40
58 #define LSI_SCNTL2_SDU 0x80
60 #define LSI_ISTAT0_DIP 0x01
61 #define LSI_ISTAT0_SIP 0x02
62 #define LSI_ISTAT0_INTF 0x04
63 #define LSI_ISTAT0_CON 0x08
64 #define LSI_ISTAT0_SEM 0x10
65 #define LSI_ISTAT0_SIGP 0x20
66 #define LSI_ISTAT0_SRST 0x40
67 #define LSI_ISTAT0_ABRT 0x80
69 #define LSI_ISTAT1_SI 0x01
70 #define LSI_ISTAT1_SRUN 0x02
71 #define LSI_ISTAT1_FLSH 0x04
73 #define LSI_SSTAT0_SDP0 0x01
74 #define LSI_SSTAT0_RST 0x02
75 #define LSI_SSTAT0_WOA 0x04
76 #define LSI_SSTAT0_LOA 0x08
77 #define LSI_SSTAT0_AIP 0x10
78 #define LSI_SSTAT0_OLF 0x20
79 #define LSI_SSTAT0_ORF 0x40
80 #define LSI_SSTAT0_ILF 0x80
82 #define LSI_SIST0_PAR 0x01
83 #define LSI_SIST0_RST 0x02
84 #define LSI_SIST0_UDC 0x04
85 #define LSI_SIST0_SGE 0x08
86 #define LSI_SIST0_RSL 0x10
87 #define LSI_SIST0_SEL 0x20
88 #define LSI_SIST0_CMP 0x40
89 #define LSI_SIST0_MA 0x80
91 #define LSI_SIST1_HTH 0x01
92 #define LSI_SIST1_GEN 0x02
93 #define LSI_SIST1_STO 0x04
94 #define LSI_SIST1_SBMC 0x10
96 #define LSI_SOCL_IO 0x01
97 #define LSI_SOCL_CD 0x02
98 #define LSI_SOCL_MSG 0x04
99 #define LSI_SOCL_ATN 0x08
100 #define LSI_SOCL_SEL 0x10
101 #define LSI_SOCL_BSY 0x20
102 #define LSI_SOCL_ACK 0x40
103 #define LSI_SOCL_REQ 0x80
105 #define LSI_DSTAT_IID 0x01
106 #define LSI_DSTAT_SIR 0x04
107 #define LSI_DSTAT_SSI 0x08
108 #define LSI_DSTAT_ABRT 0x10
109 #define LSI_DSTAT_BF 0x20
110 #define LSI_DSTAT_MDPE 0x40
111 #define LSI_DSTAT_DFE 0x80
113 #define LSI_DCNTL_COM 0x01
114 #define LSI_DCNTL_IRQD 0x02
115 #define LSI_DCNTL_STD 0x04
116 #define LSI_DCNTL_IRQM 0x08
117 #define LSI_DCNTL_SSM 0x10
118 #define LSI_DCNTL_PFEN 0x20
119 #define LSI_DCNTL_PFF 0x40
120 #define LSI_DCNTL_CLSE 0x80
122 #define LSI_DMODE_MAN 0x01
123 #define LSI_DMODE_BOF 0x02
124 #define LSI_DMODE_ERMP 0x04
125 #define LSI_DMODE_ERL 0x08
126 #define LSI_DMODE_DIOM 0x10
127 #define LSI_DMODE_SIOM 0x20
129 #define LSI_CTEST2_DACK 0x01
130 #define LSI_CTEST2_DREQ 0x02
131 #define LSI_CTEST2_TEOP 0x04
132 #define LSI_CTEST2_PCICIE 0x08
133 #define LSI_CTEST2_CM 0x10
134 #define LSI_CTEST2_CIO 0x20
135 #define LSI_CTEST2_SIGP 0x40
136 #define LSI_CTEST2_DDIR 0x80
138 #define LSI_CTEST5_BL2 0x04
139 #define LSI_CTEST5_DDIR 0x08
140 #define LSI_CTEST5_MASR 0x10
141 #define LSI_CTEST5_DFSN 0x20
142 #define LSI_CTEST5_BBCK 0x40
143 #define LSI_CTEST5_ADCK 0x80
145 #define LSI_CCNTL0_DILS 0x01
146 #define LSI_CCNTL0_DISFC 0x10
147 #define LSI_CCNTL0_ENNDJ 0x20
148 #define LSI_CCNTL0_PMJCTL 0x40
149 #define LSI_CCNTL0_ENPMJ 0x80
151 #define LSI_CCNTL1_EN64DBMV 0x01
152 #define LSI_CCNTL1_EN64TIBMV 0x02
153 #define LSI_CCNTL1_64TIMOD 0x04
154 #define LSI_CCNTL1_DDAC 0x08
155 #define LSI_CCNTL1_ZMOD 0x80
157 /* Enable Response to Reselection */
158 #define LSI_SCID_RRE 0x60
160 #define LSI_CCNTL1_40BIT (LSI_CCNTL1_EN64TIBMV|LSI_CCNTL1_64TIMOD)
170 /* Maximum length of MSG IN data. */
171 #define LSI_MAX_MSGIN_LEN 8
173 /* Flag set if this is a tagged command. */
174 #define LSI_TAG_VALID (1 << 16)
176 typedef struct lsi_request {
183 QTAILQ_ENTRY(lsi_request) next;
190 uint32_t script_ram_base;
192 int carry; /* ??? Should this be an a visible register somewhere? */
194 /* Action to take at the end of a MSG IN phase.
195 0 = COMMAND, 1 = disconnect, 2 = DATA OUT, 3 = DATA IN. */
198 uint8_t msg[LSI_MAX_MSGIN_LEN];
199 /* 0 if SCRIPTS are running or stopped.
200 * 1 if a Wait Reselect instruction has been issued.
201 * 2 if processing DMA from lsi_execute_script.
202 * 3 if a DMA operation is in progress. */
205 SCSIDevice *select_dev;
207 /* The tag is a combination of the device ID and the SCSI tag. */
209 int command_complete;
210 QTAILQ_HEAD(, lsi_request) queue;
211 lsi_request *current;
272 uint32_t scratch[18]; /* SCRATCHA-SCRATCHR */
275 /* Script ram is stored as 32-bit words in host byteorder. */
276 uint32_t script_ram[2048];
279 static inline int lsi_irq_on_rsl(LSIState *s)
281 return (s->sien0 & LSI_SIST0_RSL) && (s->scid & LSI_SCID_RRE);
284 static void lsi_soft_reset(LSIState *s)
298 memset(s->scratch, 0, sizeof(s->scratch));
352 while (!QTAILQ_EMPTY(&s->queue)) {
353 p = QTAILQ_FIRST(&s->queue);
354 QTAILQ_REMOVE(&s->queue, p, next);
358 qemu_free(s->current);
363 static int lsi_dma_40bit(LSIState *s)
365 if ((s->ccntl1 & LSI_CCNTL1_40BIT) == LSI_CCNTL1_40BIT)
370 static int lsi_dma_ti64bit(LSIState *s)
372 if ((s->ccntl1 & LSI_CCNTL1_EN64TIBMV) == LSI_CCNTL1_EN64TIBMV)
377 static int lsi_dma_64bit(LSIState *s)
379 if ((s->ccntl1 & LSI_CCNTL1_EN64DBMV) == LSI_CCNTL1_EN64DBMV)
384 static uint8_t lsi_reg_readb(LSIState *s, int offset);
385 static void lsi_reg_writeb(LSIState *s, int offset, uint8_t val);
386 static void lsi_execute_script(LSIState *s);
387 static void lsi_reselect(LSIState *s, lsi_request *p);
389 static inline uint32_t read_dword(LSIState *s, uint32_t addr)
393 /* Optimize reading from SCRIPTS RAM. */
394 if ((addr & 0xffffe000) == s->script_ram_base) {
395 return s->script_ram[(addr & 0x1fff) >> 2];
397 cpu_physical_memory_read(addr, (uint8_t *)&buf, 4);
398 return cpu_to_le32(buf);
401 static void lsi_stop_script(LSIState *s)
403 s->istat1 &= ~LSI_ISTAT1_SRUN;
406 static void lsi_update_irq(LSIState *s)
409 static int last_level;
412 /* It's unclear whether the DIP/SIP bits should be cleared when the
413 Interrupt Status Registers are cleared or when istat0 is read.
414 We currently do the formwer, which seems to work. */
417 if (s->dstat & s->dien)
419 s->istat0 |= LSI_ISTAT0_DIP;
421 s->istat0 &= ~LSI_ISTAT0_DIP;
424 if (s->sist0 || s->sist1) {
425 if ((s->sist0 & s->sien0) || (s->sist1 & s->sien1))
427 s->istat0 |= LSI_ISTAT0_SIP;
429 s->istat0 &= ~LSI_ISTAT0_SIP;
431 if (s->istat0 & LSI_ISTAT0_INTF)
434 if (level != last_level) {
435 DPRINTF("Update IRQ level %d dstat %02x sist %02x%02x\n",
436 level, s->dstat, s->sist1, s->sist0);
439 qemu_set_irq(s->dev.irq[0], level);
441 if (!level && lsi_irq_on_rsl(s) && !(s->scntl1 & LSI_SCNTL1_CON)) {
442 DPRINTF("Handled IRQs & disconnected, looking for pending "
444 QTAILQ_FOREACH(p, &s->queue, next) {
453 /* Stop SCRIPTS execution and raise a SCSI interrupt. */
454 static void lsi_script_scsi_interrupt(LSIState *s, int stat0, int stat1)
459 DPRINTF("SCSI Interrupt 0x%02x%02x prev 0x%02x%02x\n",
460 stat1, stat0, s->sist1, s->sist0);
463 /* Stop processor on fatal or unmasked interrupt. As a special hack
464 we don't stop processing when raising STO. Instead continue
465 execution and stop at the next insn that accesses the SCSI bus. */
466 mask0 = s->sien0 | ~(LSI_SIST0_CMP | LSI_SIST0_SEL | LSI_SIST0_RSL);
467 mask1 = s->sien1 | ~(LSI_SIST1_GEN | LSI_SIST1_HTH);
468 mask1 &= ~LSI_SIST1_STO;
469 if (s->sist0 & mask0 || s->sist1 & mask1) {
475 /* Stop SCRIPTS execution and raise a DMA interrupt. */
476 static void lsi_script_dma_interrupt(LSIState *s, int stat)
478 DPRINTF("DMA Interrupt 0x%x prev 0x%x\n", stat, s->dstat);
484 static inline void lsi_set_phase(LSIState *s, int phase)
486 s->sstat1 = (s->sstat1 & ~PHASE_MASK) | phase;
489 static void lsi_bad_phase(LSIState *s, int out, int new_phase)
491 /* Trigger a phase mismatch. */
492 if (s->ccntl0 & LSI_CCNTL0_ENPMJ) {
493 if ((s->ccntl0 & LSI_CCNTL0_PMJCTL) || out) {
498 DPRINTF("Data phase mismatch jump to %08x\n", s->dsp);
500 DPRINTF("Phase mismatch interrupt\n");
501 lsi_script_scsi_interrupt(s, LSI_SIST0_MA, 0);
504 lsi_set_phase(s, new_phase);
508 /* Resume SCRIPTS execution after a DMA operation. */
509 static void lsi_resume_script(LSIState *s)
511 if (s->waiting != 2) {
513 lsi_execute_script(s);
519 /* Initiate a SCSI layer data transfer. */
520 static void lsi_do_dma(LSIState *s, int out)
523 target_phys_addr_t addr;
526 if (!s->current->dma_len) {
527 /* Wait until data is available. */
528 DPRINTF("DMA no data available\n");
533 if (count > s->current->dma_len)
534 count = s->current->dma_len;
537 /* both 40 and Table Indirect 64-bit DMAs store upper bits in dnad64 */
538 if (lsi_dma_40bit(s) || lsi_dma_ti64bit(s))
539 addr |= ((uint64_t)s->dnad64 << 32);
541 addr |= ((uint64_t)s->dbms << 32);
543 addr |= ((uint64_t)s->sbms << 32);
545 DPRINTF("DMA addr=0x" TARGET_FMT_plx " len=%d\n", addr, count);
550 if (s->current->dma_buf == NULL) {
551 s->current->dma_buf = s->current->dev->info->get_buf(s->current->dev,
555 /* ??? Set SFBR to first data byte. */
557 cpu_physical_memory_read(addr, s->current->dma_buf, count);
559 cpu_physical_memory_write(addr, s->current->dma_buf, count);
561 s->current->dma_len -= count;
562 if (s->current->dma_len == 0) {
563 s->current->dma_buf = NULL;
565 /* Write the data. */
566 s->current->dev->info->write_data(s->current->dev, s->current->tag);
568 /* Request any remaining data. */
569 s->current->dev->info->read_data(s->current->dev, s->current->tag);
572 s->current->dma_buf += count;
573 lsi_resume_script(s);
578 /* Add a command to the queue. */
579 static void lsi_queue_command(LSIState *s)
581 lsi_request *p = s->current;
583 DPRINTF("Queueing tag=0x%x\n", s->current_tag);
584 assert(s->current != NULL);
585 assert(s->current->dma_len == 0);
586 QTAILQ_INSERT_TAIL(&s->queue, s->current, next);
590 p->out = (s->sstat1 & PHASE_MASK) == PHASE_DO;
593 /* Queue a byte for a MSG IN phase. */
594 static void lsi_add_msg_byte(LSIState *s, uint8_t data)
596 if (s->msg_len >= LSI_MAX_MSGIN_LEN) {
597 BADF("MSG IN data too long\n");
599 DPRINTF("MSG IN 0x%02x\n", data);
600 s->msg[s->msg_len++] = data;
604 /* Perform reselection to continue a command. */
605 static void lsi_reselect(LSIState *s, lsi_request *p)
609 assert(s->current == NULL);
610 QTAILQ_REMOVE(&s->queue, p, next);
613 id = (p->tag >> 8) & 0xf;
615 /* LSI53C700 Family Compatibility, see LSI53C895A 4-73 */
616 if (!(s->dcntl & LSI_DCNTL_COM)) {
617 s->sfbr = 1 << (id & 0x7);
619 DPRINTF("Reselected target %d\n", id);
620 s->scntl1 |= LSI_SCNTL1_CON;
621 lsi_set_phase(s, PHASE_MI);
622 s->msg_action = p->out ? 2 : 3;
623 s->current->dma_len = p->pending;
624 lsi_add_msg_byte(s, 0x80);
625 if (s->current->tag & LSI_TAG_VALID) {
626 lsi_add_msg_byte(s, 0x20);
627 lsi_add_msg_byte(s, p->tag & 0xff);
630 if (lsi_irq_on_rsl(s)) {
631 lsi_script_scsi_interrupt(s, LSI_SIST0_RSL, 0);
635 /* Record that data is available for a queued command. Returns zero if
636 the device was reselected, nonzero if the IO is deferred. */
637 static int lsi_queue_tag(LSIState *s, uint32_t tag, uint32_t arg)
641 QTAILQ_FOREACH(p, &s->queue, next) {
644 BADF("Multiple IO pending for tag %d\n", tag);
647 /* Reselect if waiting for it, or if reselection triggers an IRQ
649 Since no interrupt stacking is implemented in the emulation, it
650 is also required that there are no pending interrupts waiting
651 for service from the device driver. */
652 if (s->waiting == 1 ||
653 (lsi_irq_on_rsl(s) && !(s->scntl1 & LSI_SCNTL1_CON) &&
654 !(s->istat0 & (LSI_ISTAT0_SIP | LSI_ISTAT0_DIP)))) {
655 /* Reselect device. */
659 DPRINTF("Queueing IO tag=0x%x\n", tag);
665 BADF("IO with unknown tag %d\n", tag);
669 /* Callback to indicate that the SCSI layer has completed a transfer. */
670 static void lsi_command_complete(SCSIBus *bus, int reason, uint32_t tag,
673 LSIState *s = DO_UPCAST(LSIState, dev.qdev, bus->qbus.parent);
676 out = (s->sstat1 & PHASE_MASK) == PHASE_DO;
677 if (reason == SCSI_REASON_DONE) {
678 DPRINTF("Command complete sense=%d\n", (int)arg);
680 s->command_complete = 2;
681 if (s->waiting && s->dbc != 0) {
682 /* Raise phase mismatch for short transfers. */
683 lsi_bad_phase(s, out, PHASE_ST);
685 lsi_set_phase(s, PHASE_ST);
688 qemu_free(s->current);
691 lsi_resume_script(s);
695 if (s->waiting == 1 || !s->current || tag != s->current->tag ||
696 (lsi_irq_on_rsl(s) && !(s->scntl1 & LSI_SCNTL1_CON))) {
697 if (lsi_queue_tag(s, tag, arg))
701 /* host adapter (re)connected */
702 DPRINTF("Data ready tag=0x%x len=%d\n", tag, arg);
703 s->current->dma_len = arg;
704 s->command_complete = 1;
707 if (s->waiting == 1 || s->dbc == 0) {
708 lsi_resume_script(s);
714 static void lsi_do_command(LSIState *s)
719 DPRINTF("Send command len=%d\n", s->dbc);
722 cpu_physical_memory_read(s->dnad, buf, s->dbc);
724 s->command_complete = 0;
726 assert(s->current == NULL);
727 s->current = qemu_mallocz(sizeof(lsi_request));
728 s->current->tag = s->select_tag;
729 s->current->dev = s->select_dev;
731 n = s->current->dev->info->send_command(s->current->dev, s->current->tag, buf,
734 lsi_set_phase(s, PHASE_DI);
735 s->current->dev->info->read_data(s->current->dev, s->current->tag);
737 lsi_set_phase(s, PHASE_DO);
738 s->current->dev->info->write_data(s->current->dev, s->current->tag);
741 if (!s->command_complete) {
743 /* Command did not complete immediately so disconnect. */
744 lsi_add_msg_byte(s, 2); /* SAVE DATA POINTER */
745 lsi_add_msg_byte(s, 4); /* DISCONNECT */
747 lsi_set_phase(s, PHASE_MI);
749 lsi_queue_command(s);
751 /* wait command complete */
752 lsi_set_phase(s, PHASE_DI);
757 static void lsi_do_status(LSIState *s)
760 DPRINTF("Get status len=%d sense=%d\n", s->dbc, s->sense);
762 BADF("Bad Status move\n");
766 cpu_physical_memory_write(s->dnad, &sense, 1);
767 lsi_set_phase(s, PHASE_MI);
769 lsi_add_msg_byte(s, 0); /* COMMAND COMPLETE */
772 static void lsi_disconnect(LSIState *s)
774 s->scntl1 &= ~LSI_SCNTL1_CON;
775 s->sstat1 &= ~PHASE_MASK;
778 static void lsi_do_msgin(LSIState *s)
781 DPRINTF("Message in len=%d/%d\n", s->dbc, s->msg_len);
786 cpu_physical_memory_write(s->dnad, s->msg, len);
787 /* Linux drivers rely on the last byte being in the SIDL. */
788 s->sidl = s->msg[len - 1];
791 memmove(s->msg, s->msg + len, s->msg_len);
793 /* ??? Check if ATN (not yet implemented) is asserted and maybe
794 switch to PHASE_MO. */
795 switch (s->msg_action) {
797 lsi_set_phase(s, PHASE_CMD);
803 lsi_set_phase(s, PHASE_DO);
806 lsi_set_phase(s, PHASE_DI);
814 /* Read the next byte during a MSGOUT phase. */
815 static uint8_t lsi_get_msgbyte(LSIState *s)
818 cpu_physical_memory_read(s->dnad, &data, 1);
824 static void lsi_do_msgout(LSIState *s)
829 DPRINTF("MSG out len=%d\n", s->dbc);
831 msg = lsi_get_msgbyte(s);
836 DPRINTF("MSG: Disconnect\n");
840 DPRINTF("MSG: No Operation\n");
841 lsi_set_phase(s, PHASE_CMD);
844 len = lsi_get_msgbyte(s);
845 msg = lsi_get_msgbyte(s);
846 DPRINTF("Extended message 0x%x (len %d)\n", msg, len);
849 DPRINTF("SDTR (ignored)\n");
853 DPRINTF("WDTR (ignored)\n");
860 case 0x20: /* SIMPLE queue */
861 s->select_tag |= lsi_get_msgbyte(s) | LSI_TAG_VALID;
862 DPRINTF("SIMPLE queue tag=0x%x\n", s->current_tag & 0xff);
864 case 0x21: /* HEAD of queue */
865 BADF("HEAD queue not implemented\n");
866 s->select_tag |= lsi_get_msgbyte(s) | LSI_TAG_VALID;
868 case 0x22: /* ORDERED queue */
869 BADF("ORDERED queue not implemented\n");
870 s->select_tag |= lsi_get_msgbyte(s) | LSI_TAG_VALID;
873 if ((msg & 0x80) == 0) {
876 s->current_lun = msg & 7;
877 DPRINTF("Select LUN %d\n", s->current_lun);
878 lsi_set_phase(s, PHASE_CMD);
884 BADF("Unimplemented message 0x%02x\n", msg);
885 lsi_set_phase(s, PHASE_MI);
886 lsi_add_msg_byte(s, 7); /* MESSAGE REJECT */
890 /* Sign extend a 24-bit value. */
891 static inline int32_t sxt24(int32_t n)
893 return (n << 8) >> 8;
896 #define LSI_BUF_SIZE 4096
897 static void lsi_memcpy(LSIState *s, uint32_t dest, uint32_t src, int count)
900 uint8_t buf[LSI_BUF_SIZE];
902 DPRINTF("memcpy dest 0x%08x src 0x%08x count %d\n", dest, src, count);
904 n = (count > LSI_BUF_SIZE) ? LSI_BUF_SIZE : count;
905 cpu_physical_memory_read(src, buf, n);
906 cpu_physical_memory_write(dest, buf, n);
913 static void lsi_wait_reselect(LSIState *s)
917 DPRINTF("Wait Reselect\n");
919 QTAILQ_FOREACH(p, &s->queue, next) {
925 if (s->current == NULL) {
930 static void lsi_execute_script(LSIState *s)
933 uint32_t addr, addr_high;
935 int insn_processed = 0;
937 s->istat1 |= LSI_ISTAT1_SRUN;
940 insn = read_dword(s, s->dsp);
942 /* If we receive an empty opcode increment the DSP by 4 bytes
943 instead of 8 and execute the next opcode at that location */
947 addr = read_dword(s, s->dsp + 4);
949 DPRINTF("SCRIPTS dsp=%08x opcode %08x arg %08x\n", s->dsp, insn, addr);
951 s->dcmd = insn >> 24;
953 switch (insn >> 30) {
954 case 0: /* Block move. */
955 if (s->sist1 & LSI_SIST1_STO) {
956 DPRINTF("Delayed select timeout\n");
960 s->dbc = insn & 0xffffff;
964 if (insn & (1 << 29)) {
965 /* Indirect addressing. */
966 addr = read_dword(s, addr);
967 } else if (insn & (1 << 28)) {
970 /* Table indirect addressing. */
972 /* 32-bit Table indirect */
973 offset = sxt24(addr);
974 cpu_physical_memory_read(s->dsa + offset, (uint8_t *)buf, 8);
975 /* byte count is stored in bits 0:23 only */
976 s->dbc = cpu_to_le32(buf[0]) & 0xffffff;
978 addr = cpu_to_le32(buf[1]);
980 /* 40-bit DMA, upper addr bits [39:32] stored in first DWORD of
981 * table, bits [31:24] */
982 if (lsi_dma_40bit(s))
983 addr_high = cpu_to_le32(buf[0]) >> 24;
984 else if (lsi_dma_ti64bit(s)) {
985 int selector = (cpu_to_le32(buf[0]) >> 24) & 0x1f;
988 /* offset index into scratch registers since
989 * TI64 mode can use registers C to R */
990 addr_high = s->scratch[2 + selector];
1005 addr_high = s->sbms;
1008 addr_high = s->dbms;
1011 BADF("Illegal selector specified (0x%x > 0x15)"
1012 " for 64-bit DMA block move", selector);
1016 } else if (lsi_dma_64bit(s)) {
1017 /* fetch a 3rd dword if 64-bit direct move is enabled and
1018 only if we're not doing table indirect or indirect addressing */
1019 s->dbms = read_dword(s, s->dsp);
1021 s->ia = s->dsp - 12;
1023 if ((s->sstat1 & PHASE_MASK) != ((insn >> 24) & 7)) {
1024 DPRINTF("Wrong phase got %d expected %d\n",
1025 s->sstat1 & PHASE_MASK, (insn >> 24) & 7);
1026 lsi_script_scsi_interrupt(s, LSI_SIST0_MA, 0);
1030 s->dnad64 = addr_high;
1031 switch (s->sstat1 & 0x7) {
1057 BADF("Unimplemented phase %d\n", s->sstat1 & PHASE_MASK);
1060 s->dfifo = s->dbc & 0xff;
1061 s->ctest5 = (s->ctest5 & 0xfc) | ((s->dbc >> 8) & 3);
1064 s->ua = addr + s->dbc;
1067 case 1: /* IO or Read/Write instruction. */
1068 opcode = (insn >> 27) & 7;
1072 if (insn & (1 << 25)) {
1073 id = read_dword(s, s->dsa + sxt24(insn));
1077 id = (id >> 16) & 0xf;
1078 if (insn & (1 << 26)) {
1079 addr = s->dsp + sxt24(addr);
1083 case 0: /* Select */
1085 if (s->scntl1 & LSI_SCNTL1_CON) {
1086 DPRINTF("Already reselected, jumping to alternative address\n");
1090 s->sstat0 |= LSI_SSTAT0_WOA;
1091 s->scntl1 &= ~LSI_SCNTL1_IARB;
1092 if (id >= LSI_MAX_DEVS || !s->bus.devs[id]) {
1093 DPRINTF("Selected absent target %d\n", id);
1094 lsi_script_scsi_interrupt(s, 0, LSI_SIST1_STO);
1098 DPRINTF("Selected target %d%s\n",
1099 id, insn & (1 << 3) ? " ATN" : "");
1100 /* ??? Linux drivers compain when this is set. Maybe
1101 it only applies in low-level mode (unimplemented).
1102 lsi_script_scsi_interrupt(s, LSI_SIST0_CMP, 0); */
1103 s->select_dev = s->bus.devs[id];
1104 s->select_tag = id << 8;
1105 s->scntl1 |= LSI_SCNTL1_CON;
1106 if (insn & (1 << 3)) {
1107 s->socl |= LSI_SOCL_ATN;
1109 lsi_set_phase(s, PHASE_MO);
1111 case 1: /* Disconnect */
1112 DPRINTF("Wait Disconnect\n");
1113 s->scntl1 &= ~LSI_SCNTL1_CON;
1115 case 2: /* Wait Reselect */
1116 if (!lsi_irq_on_rsl(s)) {
1117 lsi_wait_reselect(s);
1121 DPRINTF("Set%s%s%s%s\n",
1122 insn & (1 << 3) ? " ATN" : "",
1123 insn & (1 << 6) ? " ACK" : "",
1124 insn & (1 << 9) ? " TM" : "",
1125 insn & (1 << 10) ? " CC" : "");
1126 if (insn & (1 << 3)) {
1127 s->socl |= LSI_SOCL_ATN;
1128 lsi_set_phase(s, PHASE_MO);
1130 if (insn & (1 << 9)) {
1131 BADF("Target mode not implemented\n");
1134 if (insn & (1 << 10))
1138 DPRINTF("Clear%s%s%s%s\n",
1139 insn & (1 << 3) ? " ATN" : "",
1140 insn & (1 << 6) ? " ACK" : "",
1141 insn & (1 << 9) ? " TM" : "",
1142 insn & (1 << 10) ? " CC" : "");
1143 if (insn & (1 << 3)) {
1144 s->socl &= ~LSI_SOCL_ATN;
1146 if (insn & (1 << 10))
1157 static const char *opcode_names[3] =
1158 {"Write", "Read", "Read-Modify-Write"};
1159 static const char *operator_names[8] =
1160 {"MOV", "SHL", "OR", "XOR", "AND", "SHR", "ADD", "ADC"};
1163 reg = ((insn >> 16) & 0x7f) | (insn & 0x80);
1164 data8 = (insn >> 8) & 0xff;
1165 opcode = (insn >> 27) & 7;
1166 operator = (insn >> 24) & 7;
1167 DPRINTF("%s reg 0x%x %s data8=0x%02x sfbr=0x%02x%s\n",
1168 opcode_names[opcode - 5], reg,
1169 operator_names[operator], data8, s->sfbr,
1170 (insn & (1 << 23)) ? " SFBR" : "");
1173 case 5: /* From SFBR */
1177 case 6: /* To SFBR */
1179 op0 = lsi_reg_readb(s, reg);
1182 case 7: /* Read-modify-write */
1184 op0 = lsi_reg_readb(s, reg);
1185 if (insn & (1 << 23)) {
1197 case 1: /* Shift left */
1199 op0 = (op0 << 1) | s->carry;
1213 op0 = (op0 >> 1) | (s->carry << 7);
1218 s->carry = op0 < op1;
1221 op0 += op1 + s->carry;
1223 s->carry = op0 <= op1;
1225 s->carry = op0 < op1;
1230 case 5: /* From SFBR */
1231 case 7: /* Read-modify-write */
1232 lsi_reg_writeb(s, reg, op0);
1234 case 6: /* To SFBR */
1241 case 2: /* Transfer Control. */
1246 if ((insn & 0x002e0000) == 0) {
1250 if (s->sist1 & LSI_SIST1_STO) {
1251 DPRINTF("Delayed select timeout\n");
1255 cond = jmp = (insn & (1 << 19)) != 0;
1256 if (cond == jmp && (insn & (1 << 21))) {
1257 DPRINTF("Compare carry %d\n", s->carry == jmp);
1258 cond = s->carry != 0;
1260 if (cond == jmp && (insn & (1 << 17))) {
1261 DPRINTF("Compare phase %d %c= %d\n",
1262 (s->sstat1 & PHASE_MASK),
1264 ((insn >> 24) & 7));
1265 cond = (s->sstat1 & PHASE_MASK) == ((insn >> 24) & 7);
1267 if (cond == jmp && (insn & (1 << 18))) {
1270 mask = (~insn >> 8) & 0xff;
1271 DPRINTF("Compare data 0x%x & 0x%x %c= 0x%x\n",
1272 s->sfbr, mask, jmp ? '=' : '!', insn & mask);
1273 cond = (s->sfbr & mask) == (insn & mask);
1276 if (insn & (1 << 23)) {
1277 /* Relative address. */
1278 addr = s->dsp + sxt24(addr);
1280 switch ((insn >> 27) & 7) {
1282 DPRINTF("Jump to 0x%08x\n", addr);
1286 DPRINTF("Call 0x%08x\n", addr);
1290 case 2: /* Return */
1291 DPRINTF("Return to 0x%08x\n", s->temp);
1294 case 3: /* Interrupt */
1295 DPRINTF("Interrupt 0x%08x\n", s->dsps);
1296 if ((insn & (1 << 20)) != 0) {
1297 s->istat0 |= LSI_ISTAT0_INTF;
1300 lsi_script_dma_interrupt(s, LSI_DSTAT_SIR);
1304 DPRINTF("Illegal transfer control\n");
1305 lsi_script_dma_interrupt(s, LSI_DSTAT_IID);
1309 DPRINTF("Control condition failed\n");
1315 if ((insn & (1 << 29)) == 0) {
1318 /* ??? The docs imply the destination address is loaded into
1319 the TEMP register. However the Linux drivers rely on
1320 the value being presrved. */
1321 dest = read_dword(s, s->dsp);
1323 lsi_memcpy(s, dest, addr, insn & 0xffffff);
1330 if (insn & (1 << 28)) {
1331 addr = s->dsa + sxt24(addr);
1334 reg = (insn >> 16) & 0xff;
1335 if (insn & (1 << 24)) {
1336 cpu_physical_memory_read(addr, data, n);
1337 DPRINTF("Load reg 0x%x size %d addr 0x%08x = %08x\n", reg, n,
1338 addr, *(int *)data);
1339 for (i = 0; i < n; i++) {
1340 lsi_reg_writeb(s, reg + i, data[i]);
1343 DPRINTF("Store reg 0x%x size %d addr 0x%08x\n", reg, n, addr);
1344 for (i = 0; i < n; i++) {
1345 data[i] = lsi_reg_readb(s, reg + i);
1347 cpu_physical_memory_write(addr, data, n);
1351 if (insn_processed > 10000 && !s->waiting) {
1352 /* Some windows drivers make the device spin waiting for a memory
1353 location to change. If we have been executed a lot of code then
1354 assume this is the case and force an unexpected device disconnect.
1355 This is apparently sufficient to beat the drivers into submission.
1357 if (!(s->sien0 & LSI_SIST0_UDC))
1358 fprintf(stderr, "inf. loop with UDC masked\n");
1359 lsi_script_scsi_interrupt(s, LSI_SIST0_UDC, 0);
1361 } else if (s->istat1 & LSI_ISTAT1_SRUN && !s->waiting) {
1362 if (s->dcntl & LSI_DCNTL_SSM) {
1363 lsi_script_dma_interrupt(s, LSI_DSTAT_SSI);
1368 DPRINTF("SCRIPTS execution stopped\n");
1371 static uint8_t lsi_reg_readb(LSIState *s, int offset)
1374 #define CASE_GET_REG24(name, addr) \
1375 case addr: return s->name & 0xff; \
1376 case addr + 1: return (s->name >> 8) & 0xff; \
1377 case addr + 2: return (s->name >> 16) & 0xff;
1379 #define CASE_GET_REG32(name, addr) \
1380 case addr: return s->name & 0xff; \
1381 case addr + 1: return (s->name >> 8) & 0xff; \
1382 case addr + 2: return (s->name >> 16) & 0xff; \
1383 case addr + 3: return (s->name >> 24) & 0xff;
1385 #ifdef DEBUG_LSI_REG
1386 DPRINTF("Read reg %x\n", offset);
1389 case 0x00: /* SCNTL0 */
1391 case 0x01: /* SCNTL1 */
1393 case 0x02: /* SCNTL2 */
1395 case 0x03: /* SCNTL3 */
1397 case 0x04: /* SCID */
1399 case 0x05: /* SXFER */
1401 case 0x06: /* SDID */
1403 case 0x07: /* GPREG0 */
1405 case 0x08: /* Revision ID */
1407 case 0xa: /* SSID */
1409 case 0xb: /* SBCL */
1410 /* ??? This is not correct. However it's (hopefully) only
1411 used for diagnostics, so should be ok. */
1413 case 0xc: /* DSTAT */
1414 tmp = s->dstat | 0x80;
1415 if ((s->istat0 & LSI_ISTAT0_INTF) == 0)
1419 case 0x0d: /* SSTAT0 */
1421 case 0x0e: /* SSTAT1 */
1423 case 0x0f: /* SSTAT2 */
1424 return s->scntl1 & LSI_SCNTL1_CON ? 0 : 2;
1425 CASE_GET_REG32(dsa, 0x10)
1426 case 0x14: /* ISTAT0 */
1428 case 0x15: /* ISTAT1 */
1430 case 0x16: /* MBOX0 */
1432 case 0x17: /* MBOX1 */
1434 case 0x18: /* CTEST0 */
1436 case 0x19: /* CTEST1 */
1438 case 0x1a: /* CTEST2 */
1439 tmp = s->ctest2 | LSI_CTEST2_DACK | LSI_CTEST2_CM;
1440 if (s->istat0 & LSI_ISTAT0_SIGP) {
1441 s->istat0 &= ~LSI_ISTAT0_SIGP;
1442 tmp |= LSI_CTEST2_SIGP;
1445 case 0x1b: /* CTEST3 */
1447 CASE_GET_REG32(temp, 0x1c)
1448 case 0x20: /* DFIFO */
1450 case 0x21: /* CTEST4 */
1452 case 0x22: /* CTEST5 */
1454 case 0x23: /* CTEST6 */
1456 CASE_GET_REG24(dbc, 0x24)
1457 case 0x27: /* DCMD */
1459 CASE_GET_REG32(dnad, 0x28)
1460 CASE_GET_REG32(dsp, 0x2c)
1461 CASE_GET_REG32(dsps, 0x30)
1462 CASE_GET_REG32(scratch[0], 0x34)
1463 case 0x38: /* DMODE */
1465 case 0x39: /* DIEN */
1467 case 0x3a: /* SBR */
1469 case 0x3b: /* DCNTL */
1471 case 0x40: /* SIEN0 */
1473 case 0x41: /* SIEN1 */
1475 case 0x42: /* SIST0 */
1480 case 0x43: /* SIST1 */
1485 case 0x46: /* MACNTL */
1487 case 0x47: /* GPCNTL0 */
1489 case 0x48: /* STIME0 */
1491 case 0x4a: /* RESPID0 */
1493 case 0x4b: /* RESPID1 */
1495 case 0x4d: /* STEST1 */
1497 case 0x4e: /* STEST2 */
1499 case 0x4f: /* STEST3 */
1501 case 0x50: /* SIDL */
1502 /* This is needed by the linux drivers. We currently only update it
1503 during the MSG IN phase. */
1505 case 0x52: /* STEST4 */
1507 case 0x56: /* CCNTL0 */
1509 case 0x57: /* CCNTL1 */
1511 case 0x58: /* SBDL */
1512 /* Some drivers peek at the data bus during the MSG IN phase. */
1513 if ((s->sstat1 & PHASE_MASK) == PHASE_MI)
1516 case 0x59: /* SBDL high */
1518 CASE_GET_REG32(mmrs, 0xa0)
1519 CASE_GET_REG32(mmws, 0xa4)
1520 CASE_GET_REG32(sfs, 0xa8)
1521 CASE_GET_REG32(drs, 0xac)
1522 CASE_GET_REG32(sbms, 0xb0)
1523 CASE_GET_REG32(dbms, 0xb4)
1524 CASE_GET_REG32(dnad64, 0xb8)
1525 CASE_GET_REG32(pmjad1, 0xc0)
1526 CASE_GET_REG32(pmjad2, 0xc4)
1527 CASE_GET_REG32(rbc, 0xc8)
1528 CASE_GET_REG32(ua, 0xcc)
1529 CASE_GET_REG32(ia, 0xd4)
1530 CASE_GET_REG32(sbc, 0xd8)
1531 CASE_GET_REG32(csbc, 0xdc)
1533 if (offset >= 0x5c && offset < 0xa0) {
1536 n = (offset - 0x58) >> 2;
1537 shift = (offset & 3) * 8;
1538 return (s->scratch[n] >> shift) & 0xff;
1540 BADF("readb 0x%x\n", offset);
1542 #undef CASE_GET_REG24
1543 #undef CASE_GET_REG32
1546 static void lsi_reg_writeb(LSIState *s, int offset, uint8_t val)
1548 #define CASE_SET_REG24(name, addr) \
1549 case addr : s->name &= 0xffffff00; s->name |= val; break; \
1550 case addr + 1: s->name &= 0xffff00ff; s->name |= val << 8; break; \
1551 case addr + 2: s->name &= 0xff00ffff; s->name |= val << 16; break;
1553 #define CASE_SET_REG32(name, addr) \
1554 case addr : s->name &= 0xffffff00; s->name |= val; break; \
1555 case addr + 1: s->name &= 0xffff00ff; s->name |= val << 8; break; \
1556 case addr + 2: s->name &= 0xff00ffff; s->name |= val << 16; break; \
1557 case addr + 3: s->name &= 0x00ffffff; s->name |= val << 24; break;
1559 #ifdef DEBUG_LSI_REG
1560 DPRINTF("Write reg %x = %02x\n", offset, val);
1563 case 0x00: /* SCNTL0 */
1565 if (val & LSI_SCNTL0_START) {
1566 BADF("Start sequence not implemented\n");
1569 case 0x01: /* SCNTL1 */
1570 s->scntl1 = val & ~LSI_SCNTL1_SST;
1571 if (val & LSI_SCNTL1_IARB) {
1572 BADF("Immediate Arbritration not implemented\n");
1574 if (val & LSI_SCNTL1_RST) {
1575 s->sstat0 |= LSI_SSTAT0_RST;
1576 lsi_script_scsi_interrupt(s, LSI_SIST0_RST, 0);
1578 s->sstat0 &= ~LSI_SSTAT0_RST;
1581 case 0x02: /* SCNTL2 */
1582 val &= ~(LSI_SCNTL2_WSR | LSI_SCNTL2_WSS);
1585 case 0x03: /* SCNTL3 */
1588 case 0x04: /* SCID */
1591 case 0x05: /* SXFER */
1594 case 0x06: /* SDID */
1595 if ((val & 0xf) != (s->ssid & 0xf))
1596 BADF("Destination ID does not match SSID\n");
1597 s->sdid = val & 0xf;
1599 case 0x07: /* GPREG0 */
1601 case 0x08: /* SFBR */
1602 /* The CPU is not allowed to write to this register. However the
1603 SCRIPTS register move instructions are. */
1606 case 0x0a: case 0x0b:
1607 /* Openserver writes to these readonly registers on startup */
1609 case 0x0c: case 0x0d: case 0x0e: case 0x0f:
1610 /* Linux writes to these readonly registers on startup. */
1612 CASE_SET_REG32(dsa, 0x10)
1613 case 0x14: /* ISTAT0 */
1614 s->istat0 = (s->istat0 & 0x0f) | (val & 0xf0);
1615 if (val & LSI_ISTAT0_ABRT) {
1616 lsi_script_dma_interrupt(s, LSI_DSTAT_ABRT);
1618 if (val & LSI_ISTAT0_INTF) {
1619 s->istat0 &= ~LSI_ISTAT0_INTF;
1622 if (s->waiting == 1 && val & LSI_ISTAT0_SIGP) {
1623 DPRINTF("Woken by SIGP\n");
1626 lsi_execute_script(s);
1628 if (val & LSI_ISTAT0_SRST) {
1632 case 0x16: /* MBOX0 */
1635 case 0x17: /* MBOX1 */
1638 case 0x1a: /* CTEST2 */
1639 s->ctest2 = val & LSI_CTEST2_PCICIE;
1641 case 0x1b: /* CTEST3 */
1642 s->ctest3 = val & 0x0f;
1644 CASE_SET_REG32(temp, 0x1c)
1645 case 0x21: /* CTEST4 */
1647 BADF("Unimplemented CTEST4-FBL 0x%x\n", val);
1651 case 0x22: /* CTEST5 */
1652 if (val & (LSI_CTEST5_ADCK | LSI_CTEST5_BBCK)) {
1653 BADF("CTEST5 DMA increment not implemented\n");
1657 CASE_SET_REG24(dbc, 0x24)
1658 CASE_SET_REG32(dnad, 0x28)
1659 case 0x2c: /* DSP[0:7] */
1660 s->dsp &= 0xffffff00;
1663 case 0x2d: /* DSP[8:15] */
1664 s->dsp &= 0xffff00ff;
1667 case 0x2e: /* DSP[16:23] */
1668 s->dsp &= 0xff00ffff;
1669 s->dsp |= val << 16;
1671 case 0x2f: /* DSP[24:31] */
1672 s->dsp &= 0x00ffffff;
1673 s->dsp |= val << 24;
1674 if ((s->dmode & LSI_DMODE_MAN) == 0
1675 && (s->istat1 & LSI_ISTAT1_SRUN) == 0)
1676 lsi_execute_script(s);
1678 CASE_SET_REG32(dsps, 0x30)
1679 CASE_SET_REG32(scratch[0], 0x34)
1680 case 0x38: /* DMODE */
1681 if (val & (LSI_DMODE_SIOM | LSI_DMODE_DIOM)) {
1682 BADF("IO mappings not implemented\n");
1686 case 0x39: /* DIEN */
1690 case 0x3a: /* SBR */
1693 case 0x3b: /* DCNTL */
1694 s->dcntl = val & ~(LSI_DCNTL_PFF | LSI_DCNTL_STD);
1695 if ((val & LSI_DCNTL_STD) && (s->istat1 & LSI_ISTAT1_SRUN) == 0)
1696 lsi_execute_script(s);
1698 case 0x40: /* SIEN0 */
1702 case 0x41: /* SIEN1 */
1706 case 0x47: /* GPCNTL0 */
1708 case 0x48: /* STIME0 */
1711 case 0x49: /* STIME1 */
1713 DPRINTF("General purpose timer not implemented\n");
1714 /* ??? Raising the interrupt immediately seems to be sufficient
1715 to keep the FreeBSD driver happy. */
1716 lsi_script_scsi_interrupt(s, 0, LSI_SIST1_GEN);
1719 case 0x4a: /* RESPID0 */
1722 case 0x4b: /* RESPID1 */
1725 case 0x4d: /* STEST1 */
1728 case 0x4e: /* STEST2 */
1730 BADF("Low level mode not implemented\n");
1734 case 0x4f: /* STEST3 */
1736 BADF("SCSI FIFO test mode not implemented\n");
1740 case 0x56: /* CCNTL0 */
1743 case 0x57: /* CCNTL1 */
1746 CASE_SET_REG32(mmrs, 0xa0)
1747 CASE_SET_REG32(mmws, 0xa4)
1748 CASE_SET_REG32(sfs, 0xa8)
1749 CASE_SET_REG32(drs, 0xac)
1750 CASE_SET_REG32(sbms, 0xb0)
1751 CASE_SET_REG32(dbms, 0xb4)
1752 CASE_SET_REG32(dnad64, 0xb8)
1753 CASE_SET_REG32(pmjad1, 0xc0)
1754 CASE_SET_REG32(pmjad2, 0xc4)
1755 CASE_SET_REG32(rbc, 0xc8)
1756 CASE_SET_REG32(ua, 0xcc)
1757 CASE_SET_REG32(ia, 0xd4)
1758 CASE_SET_REG32(sbc, 0xd8)
1759 CASE_SET_REG32(csbc, 0xdc)
1761 if (offset >= 0x5c && offset < 0xa0) {
1764 n = (offset - 0x58) >> 2;
1765 shift = (offset & 3) * 8;
1766 s->scratch[n] &= ~(0xff << shift);
1767 s->scratch[n] |= (val & 0xff) << shift;
1769 BADF("Unhandled writeb 0x%x = 0x%x\n", offset, val);
1772 #undef CASE_SET_REG24
1773 #undef CASE_SET_REG32
1776 static void lsi_mmio_writeb(void *opaque, target_phys_addr_t addr, uint32_t val)
1778 LSIState *s = opaque;
1780 lsi_reg_writeb(s, addr & 0xff, val);
1783 static void lsi_mmio_writew(void *opaque, target_phys_addr_t addr, uint32_t val)
1785 LSIState *s = opaque;
1788 lsi_reg_writeb(s, addr, val & 0xff);
1789 lsi_reg_writeb(s, addr + 1, (val >> 8) & 0xff);
1792 static void lsi_mmio_writel(void *opaque, target_phys_addr_t addr, uint32_t val)
1794 LSIState *s = opaque;
1797 lsi_reg_writeb(s, addr, val & 0xff);
1798 lsi_reg_writeb(s, addr + 1, (val >> 8) & 0xff);
1799 lsi_reg_writeb(s, addr + 2, (val >> 16) & 0xff);
1800 lsi_reg_writeb(s, addr + 3, (val >> 24) & 0xff);
1803 static uint32_t lsi_mmio_readb(void *opaque, target_phys_addr_t addr)
1805 LSIState *s = opaque;
1807 return lsi_reg_readb(s, addr & 0xff);
1810 static uint32_t lsi_mmio_readw(void *opaque, target_phys_addr_t addr)
1812 LSIState *s = opaque;
1816 val = lsi_reg_readb(s, addr);
1817 val |= lsi_reg_readb(s, addr + 1) << 8;
1821 static uint32_t lsi_mmio_readl(void *opaque, target_phys_addr_t addr)
1823 LSIState *s = opaque;
1826 val = lsi_reg_readb(s, addr);
1827 val |= lsi_reg_readb(s, addr + 1) << 8;
1828 val |= lsi_reg_readb(s, addr + 2) << 16;
1829 val |= lsi_reg_readb(s, addr + 3) << 24;
1833 static CPUReadMemoryFunc * const lsi_mmio_readfn[3] = {
1839 static CPUWriteMemoryFunc * const lsi_mmio_writefn[3] = {
1845 static void lsi_ram_writeb(void *opaque, target_phys_addr_t addr, uint32_t val)
1847 LSIState *s = opaque;
1852 newval = s->script_ram[addr >> 2];
1853 shift = (addr & 3) * 8;
1854 newval &= ~(0xff << shift);
1855 newval |= val << shift;
1856 s->script_ram[addr >> 2] = newval;
1859 static void lsi_ram_writew(void *opaque, target_phys_addr_t addr, uint32_t val)
1861 LSIState *s = opaque;
1865 newval = s->script_ram[addr >> 2];
1867 newval = (newval & 0xffff) | (val << 16);
1869 newval = (newval & 0xffff0000) | val;
1871 s->script_ram[addr >> 2] = newval;
1875 static void lsi_ram_writel(void *opaque, target_phys_addr_t addr, uint32_t val)
1877 LSIState *s = opaque;
1880 s->script_ram[addr >> 2] = val;
1883 static uint32_t lsi_ram_readb(void *opaque, target_phys_addr_t addr)
1885 LSIState *s = opaque;
1889 val = s->script_ram[addr >> 2];
1890 val >>= (addr & 3) * 8;
1894 static uint32_t lsi_ram_readw(void *opaque, target_phys_addr_t addr)
1896 LSIState *s = opaque;
1900 val = s->script_ram[addr >> 2];
1903 return le16_to_cpu(val);
1906 static uint32_t lsi_ram_readl(void *opaque, target_phys_addr_t addr)
1908 LSIState *s = opaque;
1911 return le32_to_cpu(s->script_ram[addr >> 2]);
1914 static CPUReadMemoryFunc * const lsi_ram_readfn[3] = {
1920 static CPUWriteMemoryFunc * const lsi_ram_writefn[3] = {
1926 static uint32_t lsi_io_readb(void *opaque, uint32_t addr)
1928 LSIState *s = opaque;
1929 return lsi_reg_readb(s, addr & 0xff);
1932 static uint32_t lsi_io_readw(void *opaque, uint32_t addr)
1934 LSIState *s = opaque;
1937 val = lsi_reg_readb(s, addr);
1938 val |= lsi_reg_readb(s, addr + 1) << 8;
1942 static uint32_t lsi_io_readl(void *opaque, uint32_t addr)
1944 LSIState *s = opaque;
1947 val = lsi_reg_readb(s, addr);
1948 val |= lsi_reg_readb(s, addr + 1) << 8;
1949 val |= lsi_reg_readb(s, addr + 2) << 16;
1950 val |= lsi_reg_readb(s, addr + 3) << 24;
1954 static void lsi_io_writeb(void *opaque, uint32_t addr, uint32_t val)
1956 LSIState *s = opaque;
1957 lsi_reg_writeb(s, addr & 0xff, val);
1960 static void lsi_io_writew(void *opaque, uint32_t addr, uint32_t val)
1962 LSIState *s = opaque;
1964 lsi_reg_writeb(s, addr, val & 0xff);
1965 lsi_reg_writeb(s, addr + 1, (val >> 8) & 0xff);
1968 static void lsi_io_writel(void *opaque, uint32_t addr, uint32_t val)
1970 LSIState *s = opaque;
1972 lsi_reg_writeb(s, addr, val & 0xff);
1973 lsi_reg_writeb(s, addr + 1, (val >> 8) & 0xff);
1974 lsi_reg_writeb(s, addr + 2, (val >> 16) & 0xff);
1975 lsi_reg_writeb(s, addr + 3, (val >> 24) & 0xff);
1978 static void lsi_io_mapfunc(PCIDevice *pci_dev, int region_num,
1979 pcibus_t addr, pcibus_t size, int type)
1981 LSIState *s = DO_UPCAST(LSIState, dev, pci_dev);
1983 DPRINTF("Mapping IO at %08"FMT_PCIBUS"\n", addr);
1985 register_ioport_write(addr, 256, 1, lsi_io_writeb, s);
1986 register_ioport_read(addr, 256, 1, lsi_io_readb, s);
1987 register_ioport_write(addr, 256, 2, lsi_io_writew, s);
1988 register_ioport_read(addr, 256, 2, lsi_io_readw, s);
1989 register_ioport_write(addr, 256, 4, lsi_io_writel, s);
1990 register_ioport_read(addr, 256, 4, lsi_io_readl, s);
1993 static void lsi_ram_mapfunc(PCIDevice *pci_dev, int region_num,
1994 pcibus_t addr, pcibus_t size, int type)
1996 LSIState *s = DO_UPCAST(LSIState, dev, pci_dev);
1998 DPRINTF("Mapping ram at %08"FMT_PCIBUS"\n", addr);
1999 s->script_ram_base = addr;
2000 cpu_register_physical_memory(addr + 0, 0x2000, s->ram_io_addr);
2003 static void lsi_mmio_mapfunc(PCIDevice *pci_dev, int region_num,
2004 pcibus_t addr, pcibus_t size, int type)
2006 LSIState *s = DO_UPCAST(LSIState, dev, pci_dev);
2008 DPRINTF("Mapping registers at %08"FMT_PCIBUS"\n", addr);
2009 cpu_register_physical_memory(addr + 0, 0x400, s->mmio_io_addr);
2012 static void lsi_scsi_reset(DeviceState *dev)
2014 LSIState *s = DO_UPCAST(LSIState, dev.qdev, dev);
2019 static void lsi_pre_save(void *opaque)
2021 LSIState *s = opaque;
2024 assert(s->current->dma_buf == NULL);
2025 assert(s->current->dma_len == 0);
2027 assert(QTAILQ_EMPTY(&s->queue));
2030 static const VMStateDescription vmstate_lsi_scsi = {
2033 .minimum_version_id = 0,
2034 .minimum_version_id_old = 0,
2035 .pre_save = lsi_pre_save,
2036 .fields = (VMStateField []) {
2037 VMSTATE_PCI_DEVICE(dev, LSIState),
2039 VMSTATE_INT32(carry, LSIState),
2040 VMSTATE_INT32(sense, LSIState),
2041 VMSTATE_INT32(msg_action, LSIState),
2042 VMSTATE_INT32(msg_len, LSIState),
2043 VMSTATE_BUFFER(msg, LSIState),
2044 VMSTATE_INT32(waiting, LSIState),
2046 VMSTATE_UINT32(dsa, LSIState),
2047 VMSTATE_UINT32(temp, LSIState),
2048 VMSTATE_UINT32(dnad, LSIState),
2049 VMSTATE_UINT32(dbc, LSIState),
2050 VMSTATE_UINT8(istat0, LSIState),
2051 VMSTATE_UINT8(istat1, LSIState),
2052 VMSTATE_UINT8(dcmd, LSIState),
2053 VMSTATE_UINT8(dstat, LSIState),
2054 VMSTATE_UINT8(dien, LSIState),
2055 VMSTATE_UINT8(sist0, LSIState),
2056 VMSTATE_UINT8(sist1, LSIState),
2057 VMSTATE_UINT8(sien0, LSIState),
2058 VMSTATE_UINT8(sien1, LSIState),
2059 VMSTATE_UINT8(mbox0, LSIState),
2060 VMSTATE_UINT8(mbox1, LSIState),
2061 VMSTATE_UINT8(dfifo, LSIState),
2062 VMSTATE_UINT8(ctest2, LSIState),
2063 VMSTATE_UINT8(ctest3, LSIState),
2064 VMSTATE_UINT8(ctest4, LSIState),
2065 VMSTATE_UINT8(ctest5, LSIState),
2066 VMSTATE_UINT8(ccntl0, LSIState),
2067 VMSTATE_UINT8(ccntl1, LSIState),
2068 VMSTATE_UINT32(dsp, LSIState),
2069 VMSTATE_UINT32(dsps, LSIState),
2070 VMSTATE_UINT8(dmode, LSIState),
2071 VMSTATE_UINT8(dcntl, LSIState),
2072 VMSTATE_UINT8(scntl0, LSIState),
2073 VMSTATE_UINT8(scntl1, LSIState),
2074 VMSTATE_UINT8(scntl2, LSIState),
2075 VMSTATE_UINT8(scntl3, LSIState),
2076 VMSTATE_UINT8(sstat0, LSIState),
2077 VMSTATE_UINT8(sstat1, LSIState),
2078 VMSTATE_UINT8(scid, LSIState),
2079 VMSTATE_UINT8(sxfer, LSIState),
2080 VMSTATE_UINT8(socl, LSIState),
2081 VMSTATE_UINT8(sdid, LSIState),
2082 VMSTATE_UINT8(ssid, LSIState),
2083 VMSTATE_UINT8(sfbr, LSIState),
2084 VMSTATE_UINT8(stest1, LSIState),
2085 VMSTATE_UINT8(stest2, LSIState),
2086 VMSTATE_UINT8(stest3, LSIState),
2087 VMSTATE_UINT8(sidl, LSIState),
2088 VMSTATE_UINT8(stime0, LSIState),
2089 VMSTATE_UINT8(respid0, LSIState),
2090 VMSTATE_UINT8(respid1, LSIState),
2091 VMSTATE_UINT32(mmrs, LSIState),
2092 VMSTATE_UINT32(mmws, LSIState),
2093 VMSTATE_UINT32(sfs, LSIState),
2094 VMSTATE_UINT32(drs, LSIState),
2095 VMSTATE_UINT32(sbms, LSIState),
2096 VMSTATE_UINT32(dbms, LSIState),
2097 VMSTATE_UINT32(dnad64, LSIState),
2098 VMSTATE_UINT32(pmjad1, LSIState),
2099 VMSTATE_UINT32(pmjad2, LSIState),
2100 VMSTATE_UINT32(rbc, LSIState),
2101 VMSTATE_UINT32(ua, LSIState),
2102 VMSTATE_UINT32(ia, LSIState),
2103 VMSTATE_UINT32(sbc, LSIState),
2104 VMSTATE_UINT32(csbc, LSIState),
2105 VMSTATE_BUFFER_UNSAFE(scratch, LSIState, 0, 18 * sizeof(uint32_t)),
2106 VMSTATE_UINT8(sbr, LSIState),
2108 VMSTATE_BUFFER_UNSAFE(script_ram, LSIState, 0, 2048 * sizeof(uint32_t)),
2109 VMSTATE_END_OF_LIST()
2113 static int lsi_scsi_uninit(PCIDevice *d)
2115 LSIState *s = DO_UPCAST(LSIState, dev, d);
2117 cpu_unregister_io_memory(s->mmio_io_addr);
2118 cpu_unregister_io_memory(s->ram_io_addr);
2123 static int lsi_scsi_init(PCIDevice *dev)
2125 LSIState *s = DO_UPCAST(LSIState, dev, dev);
2128 pci_conf = s->dev.config;
2130 /* PCI Vendor ID (word) */
2131 pci_config_set_vendor_id(pci_conf, PCI_VENDOR_ID_LSI_LOGIC);
2132 /* PCI device ID (word) */
2133 pci_config_set_device_id(pci_conf, PCI_DEVICE_ID_LSI_53C895A);
2134 /* PCI base class code */
2135 pci_config_set_class(pci_conf, PCI_CLASS_STORAGE_SCSI);
2136 /* PCI subsystem ID */
2137 pci_conf[PCI_SUBSYSTEM_ID] = 0x00;
2138 pci_conf[PCI_SUBSYSTEM_ID + 1] = 0x10;
2139 /* PCI latency timer = 255 */
2140 pci_conf[PCI_LATENCY_TIMER] = 0xff;
2141 /* TODO: RST# value should be 0 */
2142 /* Interrupt pin 1 */
2143 pci_conf[PCI_INTERRUPT_PIN] = 0x01;
2145 s->mmio_io_addr = cpu_register_io_memory(lsi_mmio_readfn,
2146 lsi_mmio_writefn, s);
2147 s->ram_io_addr = cpu_register_io_memory(lsi_ram_readfn,
2148 lsi_ram_writefn, s);
2150 /* TODO: use dev and get rid of cast below */
2151 pci_register_bar((struct PCIDevice *)s, 0, 256,
2152 PCI_BASE_ADDRESS_SPACE_IO, lsi_io_mapfunc);
2153 pci_register_bar((struct PCIDevice *)s, 1, 0x400,
2154 PCI_BASE_ADDRESS_SPACE_MEMORY, lsi_mmio_mapfunc);
2155 pci_register_bar((struct PCIDevice *)s, 2, 0x2000,
2156 PCI_BASE_ADDRESS_SPACE_MEMORY, lsi_ram_mapfunc);
2157 QTAILQ_INIT(&s->queue);
2159 scsi_bus_new(&s->bus, &dev->qdev, 1, LSI_MAX_DEVS, lsi_command_complete);
2160 if (!dev->qdev.hotplugged) {
2161 scsi_bus_legacy_handle_cmdline(&s->bus);
2166 static PCIDeviceInfo lsi_info = {
2167 .qdev.name = "lsi53c895a",
2168 .qdev.alias = "lsi",
2169 .qdev.size = sizeof(LSIState),
2170 .qdev.reset = lsi_scsi_reset,
2171 .qdev.vmsd = &vmstate_lsi_scsi,
2172 .init = lsi_scsi_init,
2173 .exit = lsi_scsi_uninit,
2176 static void lsi53c895a_register_devices(void)
2178 pci_qdev_register(&lsi_info);
2181 device_init(lsi53c895a_register_devices);
projects / qemu.git / blob