1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16#include "qemu/osdep.h"
17
18#include "hw/irq.h"
19#include "hw/pci/pci_device.h"
20#include "hw/scsi/scsi.h"
21#include "migration/vmstate.h"
22#include "sysemu/dma.h"
23#include "qemu/log.h"
24#include "qemu/module.h"
25#include "trace.h"
26#include "qom/object.h"
27
28static const char *names[] = {
29 "SCNTL0", "SCNTL1", "SCNTL2", "SCNTL3", "SCID", "SXFER", "SDID", "GPREG",
30 "SFBR", "SOCL", "SSID", "SBCL", "DSTAT", "SSTAT0", "SSTAT1", "SSTAT2",
31 "DSA0", "DSA1", "DSA2", "DSA3", "ISTAT", "0x15", "0x16", "0x17",
32 "CTEST0", "CTEST1", "CTEST2", "CTEST3", "TEMP0", "TEMP1", "TEMP2", "TEMP3",
33 "DFIFO", "CTEST4", "CTEST5", "CTEST6", "DBC0", "DBC1", "DBC2", "DCMD",
34 "DNAD0", "DNAD1", "DNAD2", "DNAD3", "DSP0", "DSP1", "DSP2", "DSP3",
35 "DSPS0", "DSPS1", "DSPS2", "DSPS3", "SCRATCHA0", "SCRATCHA1", "SCRATCHA2", "SCRATCHA3",
36 "DMODE", "DIEN", "SBR", "DCNTL", "ADDER0", "ADDER1", "ADDER2", "ADDER3",
37 "SIEN0", "SIEN1", "SIST0", "SIST1", "SLPAR", "0x45", "MACNTL", "GPCNTL",
38 "STIME0", "STIME1", "RESPID", "0x4b", "STEST0", "STEST1", "STEST2", "STEST3",
39 "SIDL", "0x51", "0x52", "0x53", "SODL", "0x55", "0x56", "0x57",
40 "SBDL", "0x59", "0x5a", "0x5b", "SCRATCHB0", "SCRATCHB1", "SCRATCHB2", "SCRATCHB3",
41};
42
43#define LSI_MAX_DEVS 7
44
45#define LSI_SCNTL0_TRG 0x01
46#define LSI_SCNTL0_AAP 0x02
47#define LSI_SCNTL0_EPC 0x08
48#define LSI_SCNTL0_WATN 0x10
49#define LSI_SCNTL0_START 0x20
50
51#define LSI_SCNTL1_SST 0x01
52#define LSI_SCNTL1_IARB 0x02
53#define LSI_SCNTL1_AESP 0x04
54#define LSI_SCNTL1_RST 0x08
55#define LSI_SCNTL1_CON 0x10
56#define LSI_SCNTL1_DHP 0x20
57#define LSI_SCNTL1_ADB 0x40
58#define LSI_SCNTL1_EXC 0x80
59
60#define LSI_SCNTL2_WSR 0x01
61#define LSI_SCNTL2_VUE0 0x02
62#define LSI_SCNTL2_VUE1 0x04
63#define LSI_SCNTL2_WSS 0x08
64#define LSI_SCNTL2_SLPHBEN 0x10
65#define LSI_SCNTL2_SLPMD 0x20
66#define LSI_SCNTL2_CHM 0x40
67#define LSI_SCNTL2_SDU 0x80
68
69#define LSI_ISTAT0_DIP 0x01
70#define LSI_ISTAT0_SIP 0x02
71#define LSI_ISTAT0_INTF 0x04
72#define LSI_ISTAT0_CON 0x08
73#define LSI_ISTAT0_SEM 0x10
74#define LSI_ISTAT0_SIGP 0x20
75#define LSI_ISTAT0_SRST 0x40
76#define LSI_ISTAT0_ABRT 0x80
77
78#define LSI_ISTAT1_SI 0x01
79#define LSI_ISTAT1_SRUN 0x02
80#define LSI_ISTAT1_FLSH 0x04
81
82#define LSI_SSTAT0_SDP0 0x01
83#define LSI_SSTAT0_RST 0x02
84#define LSI_SSTAT0_WOA 0x04
85#define LSI_SSTAT0_LOA 0x08
86#define LSI_SSTAT0_AIP 0x10
87#define LSI_SSTAT0_OLF 0x20
88#define LSI_SSTAT0_ORF 0x40
89#define LSI_SSTAT0_ILF 0x80
90
91#define LSI_SIST0_PAR 0x01
92#define LSI_SIST0_RST 0x02
93#define LSI_SIST0_UDC 0x04
94#define LSI_SIST0_SGE 0x08
95#define LSI_SIST0_RSL 0x10
96#define LSI_SIST0_SEL 0x20
97#define LSI_SIST0_CMP 0x40
98#define LSI_SIST0_MA 0x80
99
100#define LSI_SIST1_HTH 0x01
101#define LSI_SIST1_GEN 0x02
102#define LSI_SIST1_STO 0x04
103#define LSI_SIST1_SBMC 0x10
104
105#define LSI_SOCL_IO 0x01
106#define LSI_SOCL_CD 0x02
107#define LSI_SOCL_MSG 0x04
108#define LSI_SOCL_ATN 0x08
109#define LSI_SOCL_SEL 0x10
110#define LSI_SOCL_BSY 0x20
111#define LSI_SOCL_ACK 0x40
112#define LSI_SOCL_REQ 0x80
113
114#define LSI_DSTAT_IID 0x01
115#define LSI_DSTAT_SIR 0x04
116#define LSI_DSTAT_SSI 0x08
117#define LSI_DSTAT_ABRT 0x10
118#define LSI_DSTAT_BF 0x20
119#define LSI_DSTAT_MDPE 0x40
120#define LSI_DSTAT_DFE 0x80
121
122#define LSI_DCNTL_COM 0x01
123#define LSI_DCNTL_IRQD 0x02
124#define LSI_DCNTL_STD 0x04
125#define LSI_DCNTL_IRQM 0x08
126#define LSI_DCNTL_SSM 0x10
127#define LSI_DCNTL_PFEN 0x20
128#define LSI_DCNTL_PFF 0x40
129#define LSI_DCNTL_CLSE 0x80
130
131#define LSI_DMODE_MAN 0x01
132#define LSI_DMODE_BOF 0x02
133#define LSI_DMODE_ERMP 0x04
134#define LSI_DMODE_ERL 0x08
135#define LSI_DMODE_DIOM 0x10
136#define LSI_DMODE_SIOM 0x20
137
138#define LSI_CTEST2_DACK 0x01
139#define LSI_CTEST2_DREQ 0x02
140#define LSI_CTEST2_TEOP 0x04
141#define LSI_CTEST2_PCICIE 0x08
142#define LSI_CTEST2_CM 0x10
143#define LSI_CTEST2_CIO 0x20
144#define LSI_CTEST2_SIGP 0x40
145#define LSI_CTEST2_DDIR 0x80
146
147#define LSI_CTEST5_BL2 0x04
148#define LSI_CTEST5_DDIR 0x08
149#define LSI_CTEST5_MASR 0x10
150#define LSI_CTEST5_DFSN 0x20
151#define LSI_CTEST5_BBCK 0x40
152#define LSI_CTEST5_ADCK 0x80
153
154#define LSI_CCNTL0_DILS 0x01
155#define LSI_CCNTL0_DISFC 0x10
156#define LSI_CCNTL0_ENNDJ 0x20
157#define LSI_CCNTL0_PMJCTL 0x40
158#define LSI_CCNTL0_ENPMJ 0x80
159
160#define LSI_CCNTL1_EN64DBMV 0x01
161#define LSI_CCNTL1_EN64TIBMV 0x02
162#define LSI_CCNTL1_64TIMOD 0x04
163#define LSI_CCNTL1_DDAC 0x08
164#define LSI_CCNTL1_ZMOD 0x80
165
166#define LSI_SBCL_ATN 0x08
167#define LSI_SBCL_BSY 0x20
168#define LSI_SBCL_ACK 0x40
169#define LSI_SBCL_REQ 0x80
170
171
172#define LSI_SCID_RRE 0x60
173
174#define LSI_CCNTL1_40BIT (LSI_CCNTL1_EN64TIBMV|LSI_CCNTL1_64TIMOD)
175
176#define PHASE_DO 0
177#define PHASE_DI 1
178#define PHASE_CMD 2
179#define PHASE_ST 3
180#define PHASE_MO 6
181#define PHASE_MI 7
182#define PHASE_MASK 7
183
184
185#define LSI_MAX_MSGIN_LEN 8
186
187
188#define LSI_TAG_VALID (1 << 16)
189
190
191#define LSI_MAX_INSN 10000
192
193typedef struct lsi_request {
194 SCSIRequest *req;
195 uint32_t tag;
196 uint32_t dma_len;
197 uint8_t *dma_buf;
198 uint32_t pending;
199 int out;
200 QTAILQ_ENTRY(lsi_request) next;
201} lsi_request;
202
203enum {
204 LSI_NOWAIT,
205 LSI_WAIT_RESELECT,
206 LSI_DMA_SCRIPTS,
207 LSI_DMA_IN_PROGRESS,
208};
209
210enum {
211 LSI_MSG_ACTION_COMMAND = 0,
212 LSI_MSG_ACTION_DISCONNECT = 1,
213 LSI_MSG_ACTION_DOUT = 2,
214 LSI_MSG_ACTION_DIN = 3,
215};
216
217struct LSIState {
218
219 PCIDevice parent_obj;
220
221
222 qemu_irq ext_irq;
223 MemoryRegion mmio_io;
224 MemoryRegion ram_io;
225 MemoryRegion io_io;
226 AddressSpace pci_io_as;
227
228 int carry;
229 int status;
230 int msg_action;
231 int msg_len;
232 uint8_t msg[LSI_MAX_MSGIN_LEN];
233 int waiting;
234 SCSIBus bus;
235 int current_lun;
236
237 uint32_t select_tag;
238 int command_complete;
239 QTAILQ_HEAD(, lsi_request) queue;
240 lsi_request *current;
241
242 uint32_t dsa;
243 uint32_t temp;
244 uint32_t dnad;
245 uint32_t dbc;
246 uint8_t istat0;
247 uint8_t istat1;
248 uint8_t dcmd;
249 uint8_t dstat;
250 uint8_t dien;
251 uint8_t sist0;
252 uint8_t sist1;
253 uint8_t sien0;
254 uint8_t sien1;
255 uint8_t mbox0;
256 uint8_t mbox1;
257 uint8_t dfifo;
258 uint8_t ctest2;
259 uint8_t ctest3;
260 uint8_t ctest4;
261 uint8_t ctest5;
262 uint8_t ccntl0;
263 uint8_t ccntl1;
264 uint32_t dsp;
265 uint32_t dsps;
266 uint8_t dmode;
267 uint8_t dcntl;
268 uint8_t scntl0;
269 uint8_t scntl1;
270 uint8_t scntl2;
271 uint8_t scntl3;
272 uint8_t sstat0;
273 uint8_t sstat1;
274 uint8_t scid;
275 uint8_t sxfer;
276 uint8_t socl;
277 uint8_t sdid;
278 uint8_t ssid;
279 uint8_t sfbr;
280 uint8_t sbcl;
281 uint8_t stest1;
282 uint8_t stest2;
283 uint8_t stest3;
284 uint8_t sidl;
285 uint8_t stime0;
286 uint8_t respid0;
287 uint8_t respid1;
288 uint32_t mmrs;
289 uint32_t mmws;
290 uint32_t sfs;
291 uint32_t drs;
292 uint32_t sbms;
293 uint32_t dbms;
294 uint32_t dnad64;
295 uint32_t pmjad1;
296 uint32_t pmjad2;
297 uint32_t rbc;
298 uint32_t ua;
299 uint32_t ia;
300 uint32_t sbc;
301 uint32_t csbc;
302 uint32_t scratch[18];
303 uint8_t sbr;
304 uint32_t adder;
305
306 uint8_t script_ram[2048 * sizeof(uint32_t)];
307};
308
309#define TYPE_LSI53C810 "lsi53c810"
310#define TYPE_LSI53C895A "lsi53c895a"
311
312OBJECT_DECLARE_SIMPLE_TYPE(LSIState, LSI53C895A)
313
314static const char *scsi_phases[] = {
315 "DOUT",
316 "DIN",
317 "CMD",
318 "STATUS",
319 "RSVOUT",
320 "RSVIN",
321 "MSGOUT",
322 "MSGIN"
323};
324
325static const char *scsi_phase_name(int phase)
326{
327 return scsi_phases[phase & PHASE_MASK];
328}
329
330static inline int lsi_irq_on_rsl(LSIState *s)
331{
332 return (s->sien0 & LSI_SIST0_RSL) && (s->scid & LSI_SCID_RRE);
333}
334
335static lsi_request *get_pending_req(LSIState *s)
336{
337 lsi_request *p;
338
339 QTAILQ_FOREACH(p, &s->queue, next) {
340 if (p->pending) {
341 return p;
342 }
343 }
344 return NULL;
345}
346
347static void lsi_soft_reset(LSIState *s)
348{
349 trace_lsi_reset();
350 s->carry = 0;
351
352 s->msg_action = LSI_MSG_ACTION_COMMAND;
353 s->msg_len = 0;
354 s->waiting = LSI_NOWAIT;
355 s->dsa = 0;
356 s->dnad = 0;
357 s->dbc = 0;
358 s->temp = 0;
359 memset(s->scratch, 0, sizeof(s->scratch));
360 s->istat0 = 0;
361 s->istat1 = 0;
362 s->dcmd = 0x40;
363 s->dstat = 0;
364 s->dien = 0;
365 s->sist0 = 0;
366 s->sist1 = 0;
367 s->sien0 = 0;
368 s->sien1 = 0;
369 s->mbox0 = 0;
370 s->mbox1 = 0;
371 s->dfifo = 0;
372 s->ctest2 = LSI_CTEST2_DACK;
373 s->ctest3 = 0;
374 s->ctest4 = 0;
375 s->ctest5 = 0;
376 s->ccntl0 = 0;
377 s->ccntl1 = 0;
378 s->dsp = 0;
379 s->dsps = 0;
380 s->dmode = 0;
381 s->dcntl = 0;
382 s->scntl0 = 0xc0;
383 s->scntl1 = 0;
384 s->scntl2 = 0;
385 s->scntl3 = 0;
386 s->sstat0 = 0;
387 s->sstat1 = 0;
388 s->scid = 7;
389 s->sxfer = 0;
390 s->socl = 0;
391 s->sdid = 0;
392 s->ssid = 0;
393 s->sbcl = 0;
394 s->stest1 = 0;
395 s->stest2 = 0;
396 s->stest3 = 0;
397 s->sidl = 0;
398 s->stime0 = 0;
399 s->respid0 = 0x80;
400 s->respid1 = 0;
401 s->mmrs = 0;
402 s->mmws = 0;
403 s->sfs = 0;
404 s->drs = 0;
405 s->sbms = 0;
406 s->dbms = 0;
407 s->dnad64 = 0;
408 s->pmjad1 = 0;
409 s->pmjad2 = 0;
410 s->rbc = 0;
411 s->ua = 0;
412 s->ia = 0;
413 s->sbc = 0;
414 s->csbc = 0;
415 s->sbr = 0;
416 assert(QTAILQ_EMPTY(&s->queue));
417 assert(!s->current);
418}
419
420static int lsi_dma_40bit(LSIState *s)
421{
422 if ((s->ccntl1 & LSI_CCNTL1_40BIT) == LSI_CCNTL1_40BIT)
423 return 1;
424 return 0;
425}
426
427static int lsi_dma_ti64bit(LSIState *s)
428{
429 if ((s->ccntl1 & LSI_CCNTL1_EN64TIBMV) == LSI_CCNTL1_EN64TIBMV)
430 return 1;
431 return 0;
432}
433
434static int lsi_dma_64bit(LSIState *s)
435{
436 if ((s->ccntl1 & LSI_CCNTL1_EN64DBMV) == LSI_CCNTL1_EN64DBMV)
437 return 1;
438 return 0;
439}
440
441static uint8_t lsi_reg_readb(LSIState *s, int offset);
442static void lsi_reg_writeb(LSIState *s, int offset, uint8_t val);
443static void lsi_execute_script(LSIState *s);
444static void lsi_reselect(LSIState *s, lsi_request *p);
445
446static inline void lsi_mem_read(LSIState *s, dma_addr_t addr,
447 void *buf, dma_addr_t len)
448{
449 if (s->dmode & LSI_DMODE_SIOM) {
450 address_space_read(&s->pci_io_as, addr, MEMTXATTRS_UNSPECIFIED,
451 buf, len);
452 } else {
453 pci_dma_read(PCI_DEVICE(s), addr, buf, len);
454 }
455}
456
457static inline void lsi_mem_write(LSIState *s, dma_addr_t addr,
458 const void *buf, dma_addr_t len)
459{
460 if (s->dmode & LSI_DMODE_DIOM) {
461 address_space_write(&s->pci_io_as, addr, MEMTXATTRS_UNSPECIFIED,
462 buf, len);
463 } else {
464 pci_dma_write(PCI_DEVICE(s), addr, buf, len);
465 }
466}
467
468static inline uint32_t read_dword(LSIState *s, uint32_t addr)
469{
470 uint32_t buf;
471
472 pci_dma_read(PCI_DEVICE(s), addr, &buf, 4);
473 return cpu_to_le32(buf);
474}
475
476static void lsi_stop_script(LSIState *s)
477{
478 s->istat1 &= ~LSI_ISTAT1_SRUN;
479}
480
481static void lsi_set_irq(LSIState *s, int level)
482{
483 PCIDevice *d = PCI_DEVICE(s);
484
485 if (s->ext_irq) {
486 qemu_set_irq(s->ext_irq, level);
487 } else {
488 pci_set_irq(d, level);
489 }
490}
491
492static void lsi_update_irq(LSIState *s)
493{
494 int level;
495 static int last_level;
496
497
498
499
500 level = 0;
501 if (s->dstat) {
502 if (s->dstat & s->dien)
503 level = 1;
504 s->istat0 |= LSI_ISTAT0_DIP;
505 } else {
506 s->istat0 &= ~LSI_ISTAT0_DIP;
507 }
508
509 if (s->sist0 || s->sist1) {
510 if ((s->sist0 & s->sien0) || (s->sist1 & s->sien1))
511 level = 1;
512 s->istat0 |= LSI_ISTAT0_SIP;
513 } else {
514 s->istat0 &= ~LSI_ISTAT0_SIP;
515 }
516 if (s->istat0 & LSI_ISTAT0_INTF)
517 level = 1;
518
519 if (level != last_level) {
520 trace_lsi_update_irq(level, s->dstat, s->sist1, s->sist0);
521 last_level = level;
522 }
523 lsi_set_irq(s, level);
524
525 if (!s->current && !level && lsi_irq_on_rsl(s) && !(s->scntl1 & LSI_SCNTL1_CON)) {
526 lsi_request *p;
527
528 trace_lsi_update_irq_disconnected();
529 p = get_pending_req(s);
530 if (p) {
531 lsi_reselect(s, p);
532 }
533 }
534}
535
536
537static void lsi_script_scsi_interrupt(LSIState *s, int stat0, int stat1)
538{
539 uint32_t mask0;
540 uint32_t mask1;
541
542 trace_lsi_script_scsi_interrupt(stat1, stat0, s->sist1, s->sist0);
543 s->sist0 |= stat0;
544 s->sist1 |= stat1;
545
546
547
548 mask0 = s->sien0 | ~(LSI_SIST0_CMP | LSI_SIST0_SEL | LSI_SIST0_RSL);
549 mask1 = s->sien1 | ~(LSI_SIST1_GEN | LSI_SIST1_HTH);
550 mask1 &= ~LSI_SIST1_STO;
551 if (s->sist0 & mask0 || s->sist1 & mask1) {
552 lsi_stop_script(s);
553 }
554 lsi_update_irq(s);
555}
556
557
558static void lsi_script_dma_interrupt(LSIState *s, int stat)
559{
560 trace_lsi_script_dma_interrupt(stat, s->dstat);
561 s->dstat |= stat;
562 lsi_update_irq(s);
563 lsi_stop_script(s);
564}
565
566static inline void lsi_set_phase(LSIState *s, int phase)
567{
568 s->sbcl &= ~PHASE_MASK;
569 s->sbcl |= phase | LSI_SBCL_REQ;
570 s->sstat1 = (s->sstat1 & ~PHASE_MASK) | phase;
571}
572
573static void lsi_bad_phase(LSIState *s, int out, int new_phase)
574{
575
576 if (s->ccntl0 & LSI_CCNTL0_ENPMJ) {
577 if ((s->ccntl0 & LSI_CCNTL0_PMJCTL)) {
578 s->dsp = out ? s->pmjad1 : s->pmjad2;
579 } else {
580 s->dsp = (s->scntl2 & LSI_SCNTL2_WSR ? s->pmjad2 : s->pmjad1);
581 }
582 trace_lsi_bad_phase_jump(s->dsp);
583 } else {
584 trace_lsi_bad_phase_interrupt();
585 lsi_script_scsi_interrupt(s, LSI_SIST0_MA, 0);
586 lsi_stop_script(s);
587 }
588 lsi_set_phase(s, new_phase);
589}
590
591
592
593static void lsi_resume_script(LSIState *s)
594{
595 if (s->waiting != 2) {
596 s->waiting = LSI_NOWAIT;
597 lsi_execute_script(s);
598 } else {
599 s->waiting = LSI_NOWAIT;
600 }
601}
602
603static void lsi_disconnect(LSIState *s)
604{
605 s->scntl1 &= ~LSI_SCNTL1_CON;
606 s->sstat1 &= ~PHASE_MASK;
607 s->sbcl = 0;
608}
609
610static void lsi_bad_selection(LSIState *s, uint32_t id)
611{
612 trace_lsi_bad_selection(id);
613 lsi_script_scsi_interrupt(s, 0, LSI_SIST1_STO);
614 lsi_disconnect(s);
615}
616
617
618static void lsi_do_dma(LSIState *s, int out)
619{
620 uint32_t count;
621 dma_addr_t addr;
622 SCSIDevice *dev;
623
624 if (!s->current || !s->current->dma_len) {
625
626 trace_lsi_do_dma_unavailable();
627 return;
628 }
629
630 dev = s->current->req->dev;
631 assert(dev);
632
633 count = s->dbc;
634 if (count > s->current->dma_len)
635 count = s->current->dma_len;
636
637 addr = s->dnad;
638
639 if (lsi_dma_40bit(s) || lsi_dma_ti64bit(s))
640 addr |= ((uint64_t)s->dnad64 << 32);
641 else if (s->dbms)
642 addr |= ((uint64_t)s->dbms << 32);
643 else if (s->sbms)
644 addr |= ((uint64_t)s->sbms << 32);
645
646 trace_lsi_do_dma(addr, count);
647 s->csbc += count;
648 s->dnad += count;
649 s->dbc -= count;
650 if (s->current->dma_buf == NULL) {
651 s->current->dma_buf = scsi_req_get_buf(s->current->req);
652 }
653
654 if (out) {
655 lsi_mem_read(s, addr, s->current->dma_buf, count);
656 } else {
657 lsi_mem_write(s, addr, s->current->dma_buf, count);
658 }
659 s->current->dma_len -= count;
660 if (s->current->dma_len == 0) {
661 s->current->dma_buf = NULL;
662 scsi_req_continue(s->current->req);
663 } else {
664 s->current->dma_buf += count;
665 lsi_resume_script(s);
666 }
667}
668
669
670
671static void lsi_queue_command(LSIState *s)
672{
673 lsi_request *p = s->current;
674
675 trace_lsi_queue_command(p->tag);
676 assert(s->current != NULL);
677 assert(s->current->dma_len == 0);
678 QTAILQ_INSERT_TAIL(&s->queue, s->current, next);
679 s->current = NULL;
680
681 p->pending = 0;
682 p->out = (s->sstat1 & PHASE_MASK) == PHASE_DO;
683}
684
685
686static void lsi_add_msg_byte(LSIState *s, uint8_t data)
687{
688 if (s->msg_len >= LSI_MAX_MSGIN_LEN) {
689 trace_lsi_add_msg_byte_error();
690 } else {
691 trace_lsi_add_msg_byte(data);
692 s->msg[s->msg_len++] = data;
693 }
694}
695
696
697static void lsi_reselect(LSIState *s, lsi_request *p)
698{
699 int id;
700
701 assert(s->current == NULL);
702 QTAILQ_REMOVE(&s->queue, p, next);
703 s->current = p;
704
705 id = (p->tag >> 8) & 0xf;
706 s->ssid = id | 0x80;
707
708 if (!(s->dcntl & LSI_DCNTL_COM)) {
709 s->sfbr = 1 << (id & 0x7);
710 }
711 trace_lsi_reselect(id);
712 s->scntl1 |= LSI_SCNTL1_CON;
713 lsi_set_phase(s, PHASE_MI);
714 s->msg_action = p->out ? LSI_MSG_ACTION_DOUT : LSI_MSG_ACTION_DIN;
715 s->current->dma_len = p->pending;
716 lsi_add_msg_byte(s, 0x80);
717 if (s->current->tag & LSI_TAG_VALID) {
718 lsi_add_msg_byte(s, 0x20);
719 lsi_add_msg_byte(s, p->tag & 0xff);
720 }
721
722 if (lsi_irq_on_rsl(s)) {
723 lsi_script_scsi_interrupt(s, LSI_SIST0_RSL, 0);
724 }
725}
726
727static lsi_request *lsi_find_by_tag(LSIState *s, uint32_t tag)
728{
729 lsi_request *p;
730
731 QTAILQ_FOREACH(p, &s->queue, next) {
732 if (p->tag == tag) {
733 return p;
734 }
735 }
736
737 return NULL;
738}
739
740static void lsi_request_free(LSIState *s, lsi_request *p)
741{
742 if (p == s->current) {
743 s->current = NULL;
744 } else {
745 QTAILQ_REMOVE(&s->queue, p, next);
746 }
747 g_free(p);
748}
749
750static void lsi_request_cancelled(SCSIRequest *req)
751{
752 LSIState *s = LSI53C895A(req->bus->qbus.parent);
753 lsi_request *p = req->hba_private;
754
755 req->hba_private = NULL;
756 lsi_request_free(s, p);
757 scsi_req_unref(req);
758}
759
760
761
762static int lsi_queue_req(LSIState *s, SCSIRequest *req, uint32_t len)
763{
764 lsi_request *p = req->hba_private;
765
766 if (p->pending) {
767 trace_lsi_queue_req_error(p);
768 }
769 p->pending = len;
770
771
772
773
774
775 if (s->waiting == LSI_WAIT_RESELECT ||
776 (lsi_irq_on_rsl(s) && !(s->scntl1 & LSI_SCNTL1_CON) &&
777 !(s->istat0 & (LSI_ISTAT0_SIP | LSI_ISTAT0_DIP)))) {
778
779 lsi_reselect(s, p);
780 return 0;
781 } else {
782 trace_lsi_queue_req(p->tag);
783 p->pending = len;
784 return 1;
785 }
786}
787
788
789static void lsi_command_complete(SCSIRequest *req, size_t resid)
790{
791 LSIState *s = LSI53C895A(req->bus->qbus.parent);
792 int out;
793
794 out = (s->sstat1 & PHASE_MASK) == PHASE_DO;
795 trace_lsi_command_complete(req->status);
796 s->status = req->status;
797 s->command_complete = 2;
798 if (s->waiting && s->dbc != 0) {
799
800 lsi_bad_phase(s, out, PHASE_ST);
801 } else {
802 lsi_set_phase(s, PHASE_ST);
803 }
804
805 if (req->hba_private == s->current) {
806 req->hba_private = NULL;
807 lsi_request_free(s, s->current);
808 scsi_req_unref(req);
809 }
810 lsi_resume_script(s);
811}
812
813
814static void lsi_transfer_data(SCSIRequest *req, uint32_t len)
815{
816 LSIState *s = LSI53C895A(req->bus->qbus.parent);
817 int out;
818
819 assert(req->hba_private);
820 if (s->waiting == LSI_WAIT_RESELECT || req->hba_private != s->current ||
821 (lsi_irq_on_rsl(s) && !(s->scntl1 & LSI_SCNTL1_CON))) {
822 if (lsi_queue_req(s, req, len)) {
823 return;
824 }
825 }
826
827 out = (s->sstat1 & PHASE_MASK) == PHASE_DO;
828
829
830 trace_lsi_transfer_data(req->tag, len);
831 s->current->dma_len = len;
832 s->command_complete = 1;
833 if (s->waiting) {
834 if (s->waiting == LSI_WAIT_RESELECT || s->dbc == 0) {
835 lsi_resume_script(s);
836 } else {
837 lsi_do_dma(s, out);
838 }
839 }
840}
841
842static void lsi_do_command(LSIState *s)
843{
844 SCSIDevice *dev;
845 uint8_t buf[16];
846 uint32_t id;
847 int n;
848
849 trace_lsi_do_command(s->dbc);
850 if (s->dbc > 16)
851 s->dbc = 16;
852 pci_dma_read(PCI_DEVICE(s), s->dnad, buf, s->dbc);
853 s->sfbr = buf[0];
854 s->command_complete = 0;
855
856 id = (s->select_tag >> 8) & 0xf;
857 dev = scsi_device_find(&s->bus, 0, id, s->current_lun);
858 if (!dev) {
859 lsi_bad_selection(s, id);
860 return;
861 }
862
863 assert(s->current == NULL);
864 s->current = g_new0(lsi_request, 1);
865 s->current->tag = s->select_tag;
866 s->current->req = scsi_req_new(dev, s->current->tag, s->current_lun, buf,
867 s->dbc, s->current);
868
869 n = scsi_req_enqueue(s->current->req);
870 if (n) {
871 if (n > 0) {
872 lsi_set_phase(s, PHASE_DI);
873 } else if (n < 0) {
874 lsi_set_phase(s, PHASE_DO);
875 }
876 scsi_req_continue(s->current->req);
877 }
878 if (!s->command_complete) {
879 if (n) {
880
881 lsi_add_msg_byte(s, 2);
882 lsi_add_msg_byte(s, 4);
883
884 lsi_set_phase(s, PHASE_MI);
885 s->msg_action = LSI_MSG_ACTION_DISCONNECT;
886 lsi_queue_command(s);
887 } else {
888
889 lsi_set_phase(s, PHASE_DI);
890 }
891 }
892}
893
894static void lsi_do_status(LSIState *s)
895{
896 uint8_t status;
897 trace_lsi_do_status(s->dbc, s->status);
898 if (s->dbc != 1) {
899 trace_lsi_do_status_error();
900 }
901 s->dbc = 1;
902 status = s->status;
903 s->sfbr = status;
904 pci_dma_write(PCI_DEVICE(s), s->dnad, &status, 1);
905 lsi_set_phase(s, PHASE_MI);
906 s->msg_action = LSI_MSG_ACTION_DISCONNECT;
907 lsi_add_msg_byte(s, 0);
908}
909
910static void lsi_do_msgin(LSIState *s)
911{
912 uint8_t len;
913 trace_lsi_do_msgin(s->dbc, s->msg_len);
914 s->sfbr = s->msg[0];
915 len = s->msg_len;
916 assert(len > 0 && len <= LSI_MAX_MSGIN_LEN);
917 if (len > s->dbc)
918 len = s->dbc;
919 pci_dma_write(PCI_DEVICE(s), s->dnad, s->msg, len);
920
921 s->sidl = s->msg[len - 1];
922 s->msg_len -= len;
923 if (s->msg_len) {
924 memmove(s->msg, s->msg + len, s->msg_len);
925 } else {
926
927
928 switch (s->msg_action) {
929 case LSI_MSG_ACTION_COMMAND:
930 lsi_set_phase(s, PHASE_CMD);
931 break;
932 case LSI_MSG_ACTION_DISCONNECT:
933 lsi_disconnect(s);
934 break;
935 case LSI_MSG_ACTION_DOUT:
936 lsi_set_phase(s, PHASE_DO);
937 break;
938 case LSI_MSG_ACTION_DIN:
939 lsi_set_phase(s, PHASE_DI);
940 break;
941 default:
942 abort();
943 }
944 }
945}
946
947
948static uint8_t lsi_get_msgbyte(LSIState *s)
949{
950 uint8_t data;
951 pci_dma_read(PCI_DEVICE(s), s->dnad, &data, 1);
952 s->dnad++;
953 s->dbc--;
954 return data;
955}
956
957
958static void lsi_skip_msgbytes(LSIState *s, unsigned int n)
959{
960 s->dnad += n;
961 s->dbc -= n;
962}
963
964static void lsi_do_msgout(LSIState *s)
965{
966 uint8_t msg;
967 int len;
968 uint32_t current_tag;
969 lsi_request *current_req, *p, *p_next;
970
971 if (s->current) {
972 current_tag = s->current->tag;
973 current_req = s->current;
974 } else {
975 current_tag = s->select_tag;
976 current_req = lsi_find_by_tag(s, current_tag);
977 }
978
979 trace_lsi_do_msgout(s->dbc);
980 while (s->dbc) {
981 msg = lsi_get_msgbyte(s);
982 s->sfbr = msg;
983
984 switch (msg) {
985 case 0x04:
986 trace_lsi_do_msgout_disconnect();
987 lsi_disconnect(s);
988 break;
989 case 0x08:
990 trace_lsi_do_msgout_noop();
991 lsi_set_phase(s, PHASE_CMD);
992 break;
993 case 0x01:
994 len = lsi_get_msgbyte(s);
995 msg = lsi_get_msgbyte(s);
996 (void)len;
997 trace_lsi_do_msgout_extended(msg, len);
998 switch (msg) {
999 case 1:
1000 trace_lsi_do_msgout_ignored("SDTR");
1001 lsi_skip_msgbytes(s, 2);
1002 break;
1003 case 3:
1004 trace_lsi_do_msgout_ignored("WDTR");
1005 lsi_skip_msgbytes(s, 1);
1006 break;
1007 case 4:
1008 trace_lsi_do_msgout_ignored("PPR");
1009 lsi_skip_msgbytes(s, 5);
1010 break;
1011 default:
1012 goto bad;
1013 }
1014 break;
1015 case 0x20:
1016 s->select_tag |= lsi_get_msgbyte(s) | LSI_TAG_VALID;
1017 trace_lsi_do_msgout_simplequeue(s->select_tag & 0xff);
1018 break;
1019 case 0x21:
1020 qemu_log_mask(LOG_UNIMP, "lsi_scsi: HEAD queue not implemented\n");
1021 s->select_tag |= lsi_get_msgbyte(s) | LSI_TAG_VALID;
1022 break;
1023 case 0x22:
1024 qemu_log_mask(LOG_UNIMP,
1025 "lsi_scsi: ORDERED queue not implemented\n");
1026 s->select_tag |= lsi_get_msgbyte(s) | LSI_TAG_VALID;
1027 break;
1028 case 0x0d:
1029
1030 trace_lsi_do_msgout_abort(current_tag);
1031 if (current_req && current_req->req) {
1032 scsi_req_cancel(current_req->req);
1033 current_req = NULL;
1034 }
1035 lsi_disconnect(s);
1036 break;
1037 case 0x06:
1038 case 0x0e:
1039 case 0x0c:
1040
1041
1042 if (msg == 0x06) {
1043 trace_lsi_do_msgout_abort(current_tag);
1044 }
1045
1046
1047 if (msg == 0x0e) {
1048 trace_lsi_do_msgout_clearqueue(current_tag);
1049 }
1050
1051
1052 if (msg == 0x0c) {
1053 trace_lsi_do_msgout_busdevicereset(current_tag);
1054 }
1055
1056
1057 if (s->current) {
1058 scsi_req_cancel(s->current->req);
1059 current_req = NULL;
1060 }
1061
1062
1063
1064
1065
1066
1067
1068
1069 QTAILQ_FOREACH_SAFE(p, &s->queue, next, p_next) {
1070 if ((p->tag & 0x0000ff00) == (current_tag & 0x0000ff00)) {
1071 scsi_req_cancel(p->req);
1072 }
1073 }
1074
1075 lsi_disconnect(s);
1076 break;
1077 default:
1078 if ((msg & 0x80) == 0) {
1079 goto bad;
1080 }
1081 s->current_lun = msg & 7;
1082 trace_lsi_do_msgout_select(s->current_lun);
1083 lsi_set_phase(s, PHASE_CMD);
1084 break;
1085 }
1086 }
1087 return;
1088bad:
1089 qemu_log_mask(LOG_UNIMP, "Unimplemented message 0x%02x\n", msg);
1090 lsi_set_phase(s, PHASE_MI);
1091 lsi_add_msg_byte(s, 7);
1092 s->msg_action = LSI_MSG_ACTION_COMMAND;
1093}
1094
1095#define LSI_BUF_SIZE 4096
1096static void lsi_memcpy(LSIState *s, uint32_t dest, uint32_t src, int count)
1097{
1098 int n;
1099 uint8_t buf[LSI_BUF_SIZE];
1100
1101 trace_lsi_memcpy(dest, src, count);
1102 while (count) {
1103 n = (count > LSI_BUF_SIZE) ? LSI_BUF_SIZE : count;
1104 lsi_mem_read(s, src, buf, n);
1105 lsi_mem_write(s, dest, buf, n);
1106 src += n;
1107 dest += n;
1108 count -= n;
1109 }
1110}
1111
1112static void lsi_wait_reselect(LSIState *s)
1113{
1114 lsi_request *p;
1115
1116 trace_lsi_wait_reselect();
1117
1118 if (s->current) {
1119 return;
1120 }
1121 p = get_pending_req(s);
1122 if (p) {
1123 lsi_reselect(s, p);
1124 }
1125 if (s->current == NULL) {
1126 s->waiting = LSI_WAIT_RESELECT;
1127 }
1128}
1129
1130static void lsi_execute_script(LSIState *s)
1131{
1132 PCIDevice *pci_dev = PCI_DEVICE(s);
1133 uint32_t insn;
1134 uint32_t addr, addr_high;
1135 int opcode;
1136 int insn_processed = 0;
1137 static int reentrancy_level;
1138
1139 reentrancy_level++;
1140
1141 s->istat1 |= LSI_ISTAT1_SRUN;
1142again:
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154 if (++insn_processed > LSI_MAX_INSN || reentrancy_level > 8) {
1155 if (!(s->sien0 & LSI_SIST0_UDC)) {
1156 qemu_log_mask(LOG_GUEST_ERROR,
1157 "lsi_scsi: inf. loop with UDC masked");
1158 }
1159 lsi_script_scsi_interrupt(s, LSI_SIST0_UDC, 0);
1160 lsi_disconnect(s);
1161 trace_lsi_execute_script_stop();
1162 return;
1163 }
1164 insn = read_dword(s, s->dsp);
1165 if (!insn) {
1166
1167
1168 s->dsp += 4;
1169 goto again;
1170 }
1171 addr = read_dword(s, s->dsp + 4);
1172 addr_high = 0;
1173 trace_lsi_execute_script(s->dsp, insn, addr);
1174 s->dsps = addr;
1175 s->dcmd = insn >> 24;
1176 s->dsp += 8;
1177 switch (insn >> 30) {
1178 case 0:
1179 if (s->sist1 & LSI_SIST1_STO) {
1180 trace_lsi_execute_script_blockmove_delayed();
1181 lsi_stop_script(s);
1182 break;
1183 }
1184 s->dbc = insn & 0xffffff;
1185 s->rbc = s->dbc;
1186
1187 s->ia = s->dsp - 8;
1188 if (insn & (1 << 29)) {
1189
1190 addr = read_dword(s, addr);
1191 } else if (insn & (1 << 28)) {
1192 uint32_t buf[2];
1193 int32_t offset;
1194
1195
1196
1197 offset = sextract32(addr, 0, 24);
1198 pci_dma_read(pci_dev, s->dsa + offset, buf, 8);
1199
1200 s->dbc = cpu_to_le32(buf[0]) & 0xffffff;
1201 s->rbc = s->dbc;
1202 addr = cpu_to_le32(buf[1]);
1203
1204
1205
1206 if (lsi_dma_40bit(s))
1207 addr_high = cpu_to_le32(buf[0]) >> 24;
1208 else if (lsi_dma_ti64bit(s)) {
1209 int selector = (cpu_to_le32(buf[0]) >> 24) & 0x1f;
1210 switch (selector) {
1211 case 0 ... 0x0f:
1212
1213
1214 addr_high = s->scratch[2 + selector];
1215 break;
1216 case 0x10:
1217 addr_high = s->mmrs;
1218 break;
1219 case 0x11:
1220 addr_high = s->mmws;
1221 break;
1222 case 0x12:
1223 addr_high = s->sfs;
1224 break;
1225 case 0x13:
1226 addr_high = s->drs;
1227 break;
1228 case 0x14:
1229 addr_high = s->sbms;
1230 break;
1231 case 0x15:
1232 addr_high = s->dbms;
1233 break;
1234 default:
1235 qemu_log_mask(LOG_GUEST_ERROR,
1236 "lsi_scsi: Illegal selector specified (0x%x > 0x15) "
1237 "for 64-bit DMA block move", selector);
1238 break;
1239 }
1240 }
1241 } else if (lsi_dma_64bit(s)) {
1242
1243
1244 s->dbms = read_dword(s, s->dsp);
1245 s->dsp += 4;
1246 s->ia = s->dsp - 12;
1247 }
1248 if ((s->sstat1 & PHASE_MASK) != ((insn >> 24) & 7)) {
1249 trace_lsi_execute_script_blockmove_badphase(
1250 scsi_phase_name(s->sstat1),
1251 scsi_phase_name(insn >> 24));
1252 lsi_script_scsi_interrupt(s, LSI_SIST0_MA, 0);
1253 break;
1254 }
1255 s->dnad = addr;
1256 s->dnad64 = addr_high;
1257 switch (s->sstat1 & 0x7) {
1258 case PHASE_DO:
1259 s->waiting = LSI_DMA_SCRIPTS;
1260 lsi_do_dma(s, 1);
1261 if (s->waiting)
1262 s->waiting = LSI_DMA_IN_PROGRESS;
1263 break;
1264 case PHASE_DI:
1265 s->waiting = LSI_DMA_SCRIPTS;
1266 lsi_do_dma(s, 0);
1267 if (s->waiting)
1268 s->waiting = LSI_DMA_IN_PROGRESS;
1269 break;
1270 case PHASE_CMD:
1271 lsi_do_command(s);
1272 break;
1273 case PHASE_ST:
1274 lsi_do_status(s);
1275 break;
1276 case PHASE_MO:
1277 lsi_do_msgout(s);
1278 break;
1279 case PHASE_MI:
1280 lsi_do_msgin(s);
1281 break;
1282 default:
1283 qemu_log_mask(LOG_UNIMP, "lsi_scsi: Unimplemented phase %s\n",
1284 scsi_phase_name(s->sstat1));
1285 }
1286 s->dfifo = s->dbc & 0xff;
1287 s->ctest5 = (s->ctest5 & 0xfc) | ((s->dbc >> 8) & 3);
1288 s->sbc = s->dbc;
1289 s->rbc -= s->dbc;
1290 s->ua = addr + s->dbc;
1291 break;
1292
1293 case 1:
1294 opcode = (insn >> 27) & 7;
1295 if (opcode < 5) {
1296 uint32_t id;
1297
1298 if (insn & (1 << 25)) {
1299 id = read_dword(s, s->dsa + sextract32(insn, 0, 24));
1300 } else {
1301 id = insn;
1302 }
1303 id = (id >> 16) & 0xf;
1304 if (insn & (1 << 26)) {
1305 addr = s->dsp + sextract32(addr, 0, 24);
1306 }
1307 s->dnad = addr;
1308 switch (opcode) {
1309 case 0:
1310 s->sdid = id;
1311 if (s->scntl1 & LSI_SCNTL1_CON) {
1312 trace_lsi_execute_script_io_alreadyreselected();
1313 s->dsp = s->dnad;
1314 break;
1315 }
1316 s->sstat0 |= LSI_SSTAT0_WOA;
1317 s->scntl1 &= ~LSI_SCNTL1_IARB;
1318 if (!scsi_device_find(&s->bus, 0, id, 0)) {
1319 lsi_bad_selection(s, id);
1320 break;
1321 }
1322 trace_lsi_execute_script_io_selected(id,
1323 insn & (1 << 3) ? " ATN" : "");
1324
1325
1326
1327 s->select_tag = id << 8;
1328 s->scntl1 |= LSI_SCNTL1_CON;
1329 if (insn & (1 << 3)) {
1330 s->socl |= LSI_SOCL_ATN;
1331 s->sbcl |= LSI_SBCL_ATN;
1332 }
1333 s->sbcl |= LSI_SBCL_BSY;
1334 lsi_set_phase(s, PHASE_MO);
1335 s->waiting = LSI_NOWAIT;
1336 break;
1337 case 1:
1338 trace_lsi_execute_script_io_disconnect();
1339 s->scntl1 &= ~LSI_SCNTL1_CON;
1340
1341
1342
1343
1344
1345
1346 if (!s->current) {
1347 lsi_request *p = get_pending_req(s);
1348 if (p) {
1349 lsi_reselect(s, p);
1350 }
1351 }
1352 break;
1353 case 2:
1354 if (s->istat0 & LSI_ISTAT0_SIGP) {
1355 s->dsp = s->dnad;
1356 } else if (!lsi_irq_on_rsl(s)) {
1357 lsi_wait_reselect(s);
1358 }
1359 break;
1360 case 3:
1361 trace_lsi_execute_script_io_set(
1362 insn & (1 << 3) ? " ATN" : "",
1363 insn & (1 << 6) ? " ACK" : "",
1364 insn & (1 << 9) ? " TM" : "",
1365 insn & (1 << 10) ? " CC" : "");
1366 if (insn & (1 << 3)) {
1367 s->socl |= LSI_SOCL_ATN;
1368 s->sbcl |= LSI_SBCL_ATN;
1369 lsi_set_phase(s, PHASE_MO);
1370 }
1371
1372 if (insn & (1 << 6)) {
1373 s->sbcl |= LSI_SBCL_ACK;
1374 }
1375
1376 if (insn & (1 << 9)) {
1377 qemu_log_mask(LOG_UNIMP,
1378 "lsi_scsi: Target mode not implemented\n");
1379 }
1380 if (insn & (1 << 10))
1381 s->carry = 1;
1382 break;
1383 case 4:
1384 trace_lsi_execute_script_io_clear(
1385 insn & (1 << 3) ? " ATN" : "",
1386 insn & (1 << 6) ? " ACK" : "",
1387 insn & (1 << 9) ? " TM" : "",
1388 insn & (1 << 10) ? " CC" : "");
1389 if (insn & (1 << 3)) {
1390 s->socl &= ~LSI_SOCL_ATN;
1391 s->sbcl &= ~LSI_SBCL_ATN;
1392 }
1393
1394 if (insn & (1 << 6)) {
1395 s->sbcl &= ~LSI_SBCL_ACK;
1396 }
1397
1398 if (insn & (1 << 10))
1399 s->carry = 0;
1400 break;
1401 }
1402 } else {
1403 uint8_t op0;
1404 uint8_t op1;
1405 uint8_t data8;
1406 int reg;
1407 int operator;
1408
1409 static const char *opcode_names[3] =
1410 {"Write", "Read", "Read-Modify-Write"};
1411 static const char *operator_names[8] =
1412 {"MOV", "SHL", "OR", "XOR", "AND", "SHR", "ADD", "ADC"};
1413
1414 reg = ((insn >> 16) & 0x7f) | (insn & 0x80);
1415 data8 = (insn >> 8) & 0xff;
1416 opcode = (insn >> 27) & 7;
1417 operator = (insn >> 24) & 7;
1418 trace_lsi_execute_script_io_opcode(
1419 opcode_names[opcode - 5], reg,
1420 operator_names[operator], data8, s->sfbr,
1421 (insn & (1 << 23)) ? " SFBR" : "");
1422 op0 = op1 = 0;
1423 switch (opcode) {
1424 case 5:
1425 op0 = s->sfbr;
1426 op1 = data8;
1427 break;
1428 case 6:
1429 if (operator)
1430 op0 = lsi_reg_readb(s, reg);
1431 op1 = data8;
1432 break;
1433 case 7:
1434 if (operator)
1435 op0 = lsi_reg_readb(s, reg);
1436 if (insn & (1 << 23)) {
1437 op1 = s->sfbr;
1438 } else {
1439 op1 = data8;
1440 }
1441 break;
1442 }
1443
1444 switch (operator) {
1445 case 0:
1446 op0 = op1;
1447 break;
1448 case 1:
1449 op1 = op0 >> 7;
1450 op0 = (op0 << 1) | s->carry;
1451 s->carry = op1;
1452 break;
1453 case 2:
1454 op0 |= op1;
1455 break;
1456 case 3:
1457 op0 ^= op1;
1458 break;
1459 case 4:
1460 op0 &= op1;
1461 break;
1462 case 5:
1463 op1 = op0 & 1;
1464 op0 = (op0 >> 1) | (s->carry << 7);
1465 s->carry = op1;
1466 break;
1467 case 6:
1468 op0 += op1;
1469 s->carry = op0 < op1;
1470 break;
1471 case 7:
1472 op0 += op1 + s->carry;
1473 if (s->carry)
1474 s->carry = op0 <= op1;
1475 else
1476 s->carry = op0 < op1;
1477 break;
1478 }
1479
1480 switch (opcode) {
1481 case 5:
1482 case 7:
1483 lsi_reg_writeb(s, reg, op0);
1484 break;
1485 case 6:
1486 s->sfbr = op0;
1487 break;
1488 }
1489 }
1490 break;
1491
1492 case 2:
1493 {
1494 int cond;
1495 int jmp;
1496
1497 if ((insn & 0x002e0000) == 0) {
1498 trace_lsi_execute_script_tc_nop();
1499 break;
1500 }
1501 if (s->sist1 & LSI_SIST1_STO) {
1502 trace_lsi_execute_script_tc_delayedselect_timeout();
1503 lsi_stop_script(s);
1504 break;
1505 }
1506 cond = jmp = (insn & (1 << 19)) != 0;
1507 if (cond == jmp && (insn & (1 << 21))) {
1508 trace_lsi_execute_script_tc_compc(s->carry == jmp);
1509 cond = s->carry != 0;
1510 }
1511 if (cond == jmp && (insn & (1 << 17))) {
1512 trace_lsi_execute_script_tc_compp(scsi_phase_name(s->sstat1),
1513 jmp ? '=' : '!', scsi_phase_name(insn >> 24));
1514 cond = (s->sstat1 & PHASE_MASK) == ((insn >> 24) & 7);
1515 }
1516 if (cond == jmp && (insn & (1 << 18))) {
1517 uint8_t mask;
1518
1519 mask = (~insn >> 8) & 0xff;
1520 trace_lsi_execute_script_tc_compd(
1521 s->sfbr, mask, jmp ? '=' : '!', insn & mask);
1522 cond = (s->sfbr & mask) == (insn & mask);
1523 }
1524 if (cond == jmp) {
1525 if (insn & (1 << 23)) {
1526
1527 addr = s->dsp + sextract32(addr, 0, 24);
1528 }
1529 switch ((insn >> 27) & 7) {
1530 case 0:
1531 trace_lsi_execute_script_tc_jump(addr);
1532 s->adder = addr;
1533 s->dsp = addr;
1534 break;
1535 case 1:
1536 trace_lsi_execute_script_tc_call(addr);
1537 s->temp = s->dsp;
1538 s->dsp = addr;
1539 break;
1540 case 2:
1541 trace_lsi_execute_script_tc_return(s->temp);
1542 s->dsp = s->temp;
1543 break;
1544 case 3:
1545 trace_lsi_execute_script_tc_interrupt(s->dsps);
1546 if ((insn & (1 << 20)) != 0) {
1547 s->istat0 |= LSI_ISTAT0_INTF;
1548 lsi_update_irq(s);
1549 } else {
1550 lsi_script_dma_interrupt(s, LSI_DSTAT_SIR);
1551 }
1552 break;
1553 default:
1554 trace_lsi_execute_script_tc_illegal();
1555 lsi_script_dma_interrupt(s, LSI_DSTAT_IID);
1556 break;
1557 }
1558 } else {
1559 trace_lsi_execute_script_tc_cc_failed();
1560 }
1561 }
1562 break;
1563
1564 case 3:
1565 if ((insn & (1 << 29)) == 0) {
1566
1567 uint32_t dest;
1568
1569
1570
1571 dest = read_dword(s, s->dsp);
1572 s->dsp += 4;
1573 lsi_memcpy(s, dest, addr, insn & 0xffffff);
1574 } else {
1575 uint8_t data[7];
1576 int reg;
1577 int n;
1578 int i;
1579
1580 if (insn & (1 << 28)) {
1581 addr = s->dsa + sextract32(addr, 0, 24);
1582 }
1583 n = (insn & 7);
1584 reg = (insn >> 16) & 0xff;
1585 if (insn & (1 << 24)) {
1586 pci_dma_read(pci_dev, addr, data, n);
1587 trace_lsi_execute_script_mm_load(reg, n, addr, *(int *)data);
1588 for (i = 0; i < n; i++) {
1589 lsi_reg_writeb(s, reg + i, data[i]);
1590 }
1591 } else {
1592 trace_lsi_execute_script_mm_store(reg, n, addr);
1593 for (i = 0; i < n; i++) {
1594 data[i] = lsi_reg_readb(s, reg + i);
1595 }
1596 pci_dma_write(pci_dev, addr, data, n);
1597 }
1598 }
1599 }
1600 if (s->istat1 & LSI_ISTAT1_SRUN && s->waiting == LSI_NOWAIT) {
1601 if (s->dcntl & LSI_DCNTL_SSM) {
1602 lsi_script_dma_interrupt(s, LSI_DSTAT_SSI);
1603 } else {
1604 goto again;
1605 }
1606 }
1607 trace_lsi_execute_script_stop();
1608
1609 reentrancy_level--;
1610}
1611
1612static uint8_t lsi_reg_readb(LSIState *s, int offset)
1613{
1614 uint8_t ret;
1615
1616#define CASE_GET_REG24(name, addr) \
1617 case addr: ret = s->name & 0xff; break; \
1618 case addr + 1: ret = (s->name >> 8) & 0xff; break; \
1619 case addr + 2: ret = (s->name >> 16) & 0xff; break;
1620
1621#define CASE_GET_REG32(name, addr) \
1622 case addr: ret = s->name & 0xff; break; \
1623 case addr + 1: ret = (s->name >> 8) & 0xff; break; \
1624 case addr + 2: ret = (s->name >> 16) & 0xff; break; \
1625 case addr + 3: ret = (s->name >> 24) & 0xff; break;
1626
1627 switch (offset) {
1628 case 0x00:
1629 ret = s->scntl0;
1630 break;
1631 case 0x01:
1632 ret = s->scntl1;
1633 break;
1634 case 0x02:
1635 ret = s->scntl2;
1636 break;
1637 case 0x03:
1638 ret = s->scntl3;
1639 break;
1640 case 0x04:
1641 ret = s->scid;
1642 break;
1643 case 0x05:
1644 ret = s->sxfer;
1645 break;
1646 case 0x06:
1647 ret = s->sdid;
1648 break;
1649 case 0x07:
1650 ret = 0x7f;
1651 break;
1652 case 0x08:
1653 ret = 0x00;
1654 break;
1655 case 0x09:
1656 ret = s->socl;
1657 break;
1658 case 0xa:
1659 ret = s->ssid;
1660 break;
1661 case 0xb:
1662 ret = s->sbcl;
1663 break;
1664 case 0xc:
1665 ret = s->dstat | LSI_DSTAT_DFE;
1666 if ((s->istat0 & LSI_ISTAT0_INTF) == 0)
1667 s->dstat = 0;
1668 lsi_update_irq(s);
1669 break;
1670 case 0x0d:
1671 ret = s->sstat0;
1672 break;
1673 case 0x0e:
1674 ret = s->sstat1;
1675 break;
1676 case 0x0f:
1677 ret = s->scntl1 & LSI_SCNTL1_CON ? 0 : 2;
1678 break;
1679 CASE_GET_REG32(dsa, 0x10)
1680 case 0x14:
1681 ret = s->istat0;
1682 break;
1683 case 0x15:
1684 ret = s->istat1;
1685 break;
1686 case 0x16:
1687 ret = s->mbox0;
1688 break;
1689 case 0x17:
1690 ret = s->mbox1;
1691 break;
1692 case 0x18:
1693 ret = 0xff;
1694 break;
1695 case 0x19:
1696 ret = 0;
1697 break;
1698 case 0x1a:
1699 ret = s->ctest2 | LSI_CTEST2_DACK | LSI_CTEST2_CM;
1700 if (s->istat0 & LSI_ISTAT0_SIGP) {
1701 s->istat0 &= ~LSI_ISTAT0_SIGP;
1702 ret |= LSI_CTEST2_SIGP;
1703 }
1704 break;
1705 case 0x1b:
1706 ret = s->ctest3;
1707 break;
1708 CASE_GET_REG32(temp, 0x1c)
1709 case 0x20:
1710 ret = s->dfifo;
1711 break;
1712 case 0x21:
1713 ret = s->ctest4;
1714 break;
1715 case 0x22:
1716 ret = s->ctest5;
1717 break;
1718 case 0x23:
1719 ret = 0;
1720 break;
1721 CASE_GET_REG24(dbc, 0x24)
1722 case 0x27:
1723 ret = s->dcmd;
1724 break;
1725 CASE_GET_REG32(dnad, 0x28)
1726 CASE_GET_REG32(dsp, 0x2c)
1727 CASE_GET_REG32(dsps, 0x30)
1728 CASE_GET_REG32(scratch[0], 0x34)
1729 case 0x38:
1730 ret = s->dmode;
1731 break;
1732 case 0x39:
1733 ret = s->dien;
1734 break;
1735 case 0x3a:
1736 ret = s->sbr;
1737 break;
1738 case 0x3b:
1739 ret = s->dcntl;
1740 break;
1741
1742 CASE_GET_REG32(adder, 0x3c)
1743 case 0x40:
1744 ret = s->sien0;
1745 break;
1746 case 0x41:
1747 ret = s->sien1;
1748 break;
1749 case 0x42:
1750 ret = s->sist0;
1751 s->sist0 = 0;
1752 lsi_update_irq(s);
1753 break;
1754 case 0x43:
1755 ret = s->sist1;
1756 s->sist1 = 0;
1757 lsi_update_irq(s);
1758 break;
1759 case 0x46:
1760 ret = 0x0f;
1761 break;
1762 case 0x47:
1763 ret = 0x0f;
1764 break;
1765 case 0x48:
1766 ret = s->stime0;
1767 break;
1768 case 0x4a:
1769 ret = s->respid0;
1770 break;
1771 case 0x4b:
1772 ret = s->respid1;
1773 break;
1774 case 0x4d:
1775 ret = s->stest1;
1776 break;
1777 case 0x4e:
1778 ret = s->stest2;
1779 break;
1780 case 0x4f:
1781 ret = s->stest3;
1782 break;
1783 case 0x50:
1784
1785
1786 ret = s->sidl;
1787 break;
1788 case 0x52:
1789 ret = 0xe0;
1790 break;
1791 case 0x56:
1792 ret = s->ccntl0;
1793 break;
1794 case 0x57:
1795 ret = s->ccntl1;
1796 break;
1797 case 0x58:
1798
1799 if ((s->sstat1 & PHASE_MASK) == PHASE_MI) {
1800 assert(s->msg_len > 0);
1801 return s->msg[0];
1802 }
1803 ret = 0;
1804 break;
1805 case 0x59:
1806 ret = 0;
1807 break;
1808 CASE_GET_REG32(mmrs, 0xa0)
1809 CASE_GET_REG32(mmws, 0xa4)
1810 CASE_GET_REG32(sfs, 0xa8)
1811 CASE_GET_REG32(drs, 0xac)
1812 CASE_GET_REG32(sbms, 0xb0)
1813 CASE_GET_REG32(dbms, 0xb4)
1814 CASE_GET_REG32(dnad64, 0xb8)
1815 CASE_GET_REG32(pmjad1, 0xc0)
1816 CASE_GET_REG32(pmjad2, 0xc4)
1817 CASE_GET_REG32(rbc, 0xc8)
1818 CASE_GET_REG32(ua, 0xcc)
1819 CASE_GET_REG32(ia, 0xd4)
1820 CASE_GET_REG32(sbc, 0xd8)
1821 CASE_GET_REG32(csbc, 0xdc)
1822 case 0x5c ... 0x9f:
1823 {
1824 int n;
1825 int shift;
1826 n = (offset - 0x58) >> 2;
1827 shift = (offset & 3) * 8;
1828 ret = (s->scratch[n] >> shift) & 0xff;
1829 break;
1830 }
1831 default:
1832 {
1833 qemu_log_mask(LOG_GUEST_ERROR,
1834 "lsi_scsi: invalid read from reg %s %x\n",
1835 offset < ARRAY_SIZE(names) ? names[offset] : "???",
1836 offset);
1837 ret = 0xff;
1838 break;
1839 }
1840 }
1841#undef CASE_GET_REG24
1842#undef CASE_GET_REG32
1843
1844 trace_lsi_reg_read(offset < ARRAY_SIZE(names) ? names[offset] : "???",
1845 offset, ret);
1846
1847 return ret;
1848}
1849
1850static void lsi_reg_writeb(LSIState *s, int offset, uint8_t val)
1851{
1852#define CASE_SET_REG24(name, addr) \
1853 case addr : s->name &= 0xffffff00; s->name |= val; break; \
1854 case addr + 1: s->name &= 0xffff00ff; s->name |= val << 8; break; \
1855 case addr + 2: s->name &= 0xff00ffff; s->name |= val << 16; break;
1856
1857#define CASE_SET_REG32(name, addr) \
1858 case addr : s->name &= 0xffffff00; s->name |= val; break; \
1859 case addr + 1: s->name &= 0xffff00ff; s->name |= val << 8; break; \
1860 case addr + 2: s->name &= 0xff00ffff; s->name |= val << 16; break; \
1861 case addr + 3: s->name &= 0x00ffffff; s->name |= val << 24; break;
1862
1863 trace_lsi_reg_write(offset < ARRAY_SIZE(names) ? names[offset] : "???",
1864 offset, val);
1865
1866 switch (offset) {
1867 case 0x00:
1868 s->scntl0 = val;
1869 if (val & LSI_SCNTL0_START) {
1870 qemu_log_mask(LOG_UNIMP,
1871 "lsi_scsi: Start sequence not implemented\n");
1872 }
1873 break;
1874 case 0x01:
1875 s->scntl1 = val & ~LSI_SCNTL1_SST;
1876 if (val & LSI_SCNTL1_IARB) {
1877 qemu_log_mask(LOG_UNIMP,
1878 "lsi_scsi: Immediate Arbritration not implemented\n");
1879 }
1880 if (val & LSI_SCNTL1_RST) {
1881 if (!(s->sstat0 & LSI_SSTAT0_RST)) {
1882 bus_cold_reset(BUS(&s->bus));
1883 s->sstat0 |= LSI_SSTAT0_RST;
1884 lsi_script_scsi_interrupt(s, LSI_SIST0_RST, 0);
1885 }
1886 } else {
1887 s->sstat0 &= ~LSI_SSTAT0_RST;
1888 }
1889 break;
1890 case 0x02:
1891 val &= ~(LSI_SCNTL2_WSR | LSI_SCNTL2_WSS);
1892 s->scntl2 = val;
1893 break;
1894 case 0x03:
1895 s->scntl3 = val;
1896 break;
1897 case 0x04:
1898 s->scid = val;
1899 break;
1900 case 0x05:
1901 s->sxfer = val;
1902 break;
1903 case 0x06:
1904 if ((s->ssid & 0x80) && (val & 0xf) != (s->ssid & 0xf)) {
1905 qemu_log_mask(LOG_GUEST_ERROR,
1906 "lsi_scsi: Destination ID does not match SSID\n");
1907 }
1908 s->sdid = val & 0xf;
1909 break;
1910 case 0x07:
1911 break;
1912 case 0x08:
1913
1914
1915 s->sfbr = val;
1916 break;
1917 case 0x0a: case 0x0b:
1918
1919 return;
1920 case 0x0c: case 0x0d: case 0x0e: case 0x0f:
1921
1922 return;
1923 CASE_SET_REG32(dsa, 0x10)
1924 case 0x14:
1925 s->istat0 = (s->istat0 & 0x0f) | (val & 0xf0);
1926 if (val & LSI_ISTAT0_ABRT) {
1927 lsi_script_dma_interrupt(s, LSI_DSTAT_ABRT);
1928 }
1929 if (val & LSI_ISTAT0_INTF) {
1930 s->istat0 &= ~LSI_ISTAT0_INTF;
1931 lsi_update_irq(s);
1932 }
1933 if (s->waiting == LSI_WAIT_RESELECT && val & LSI_ISTAT0_SIGP) {
1934 trace_lsi_awoken();
1935 s->waiting = LSI_NOWAIT;
1936 s->dsp = s->dnad;
1937 lsi_execute_script(s);
1938 }
1939 if (val & LSI_ISTAT0_SRST) {
1940 device_cold_reset(DEVICE(s));
1941 }
1942 break;
1943 case 0x16:
1944 s->mbox0 = val;
1945 break;
1946 case 0x17:
1947 s->mbox1 = val;
1948 break;
1949 case 0x18:
1950
1951 break;
1952 case 0x1a:
1953 s->ctest2 = val & LSI_CTEST2_PCICIE;
1954 break;
1955 case 0x1b:
1956 s->ctest3 = val & 0x0f;
1957 break;
1958 CASE_SET_REG32(temp, 0x1c)
1959 case 0x21:
1960 if (val & 7) {
1961 qemu_log_mask(LOG_UNIMP,
1962 "lsi_scsi: Unimplemented CTEST4-FBL 0x%x\n", val);
1963 }
1964 s->ctest4 = val;
1965 break;
1966 case 0x22:
1967 if (val & (LSI_CTEST5_ADCK | LSI_CTEST5_BBCK)) {
1968 qemu_log_mask(LOG_UNIMP,
1969 "lsi_scsi: CTEST5 DMA increment not implemented\n");
1970 }
1971 s->ctest5 = val;
1972 break;
1973 CASE_SET_REG24(dbc, 0x24)
1974 CASE_SET_REG32(dnad, 0x28)
1975 case 0x2c:
1976 s->dsp &= 0xffffff00;
1977 s->dsp |= val;
1978 break;
1979 case 0x2d:
1980 s->dsp &= 0xffff00ff;
1981 s->dsp |= val << 8;
1982 break;
1983 case 0x2e:
1984 s->dsp &= 0xff00ffff;
1985 s->dsp |= val << 16;
1986 break;
1987 case 0x2f:
1988 s->dsp &= 0x00ffffff;
1989 s->dsp |= val << 24;
1990
1991
1992
1993
1994 if ((s->dmode & LSI_DMODE_MAN) == 0
1995 && (s->istat1 & LSI_ISTAT1_SRUN) == 0)
1996 lsi_execute_script(s);
1997 break;
1998 CASE_SET_REG32(dsps, 0x30)
1999 CASE_SET_REG32(scratch[0], 0x34)
2000 case 0x38:
2001 s->dmode = val;
2002 break;
2003 case 0x39:
2004 s->dien = val;
2005 lsi_update_irq(s);
2006 break;
2007 case 0x3a:
2008 s->sbr = val;
2009 break;
2010 case 0x3b:
2011 s->dcntl = val & ~(LSI_DCNTL_PFF | LSI_DCNTL_STD);
2012
2013
2014
2015
2016 if ((val & LSI_DCNTL_STD) && (s->istat1 & LSI_ISTAT1_SRUN) == 0)
2017 lsi_execute_script(s);
2018 break;
2019 case 0x40:
2020 s->sien0 = val;
2021 lsi_update_irq(s);
2022 break;
2023 case 0x41:
2024 s->sien1 = val;
2025 lsi_update_irq(s);
2026 break;
2027 case 0x47:
2028 break;
2029 case 0x48:
2030 s->stime0 = val;
2031 break;
2032 case 0x49:
2033 if (val & 0xf) {
2034 qemu_log_mask(LOG_UNIMP,
2035 "lsi_scsi: General purpose timer not implemented\n");
2036
2037
2038 lsi_script_scsi_interrupt(s, 0, LSI_SIST1_GEN);
2039 }
2040 break;
2041 case 0x4a:
2042 s->respid0 = val;
2043 break;
2044 case 0x4b:
2045 s->respid1 = val;
2046 break;
2047 case 0x4d:
2048 s->stest1 = val;
2049 break;
2050 case 0x4e:
2051 if (val & 1) {
2052 qemu_log_mask(LOG_UNIMP,
2053 "lsi_scsi: Low level mode not implemented\n");
2054 }
2055 s->stest2 = val;
2056 break;
2057 case 0x4f:
2058 if (val & 0x41) {
2059 qemu_log_mask(LOG_UNIMP,
2060 "lsi_scsi: SCSI FIFO test mode not implemented\n");
2061 }
2062 s->stest3 = val;
2063 break;
2064 case 0x56:
2065 s->ccntl0 = val;
2066 break;
2067 case 0x57:
2068 s->ccntl1 = val;
2069 break;
2070 CASE_SET_REG32(mmrs, 0xa0)
2071 CASE_SET_REG32(mmws, 0xa4)
2072 CASE_SET_REG32(sfs, 0xa8)
2073 CASE_SET_REG32(drs, 0xac)
2074 CASE_SET_REG32(sbms, 0xb0)
2075 CASE_SET_REG32(dbms, 0xb4)
2076 CASE_SET_REG32(dnad64, 0xb8)
2077 CASE_SET_REG32(pmjad1, 0xc0)
2078 CASE_SET_REG32(pmjad2, 0xc4)
2079 CASE_SET_REG32(rbc, 0xc8)
2080 CASE_SET_REG32(ua, 0xcc)
2081 CASE_SET_REG32(ia, 0xd4)
2082 CASE_SET_REG32(sbc, 0xd8)
2083 CASE_SET_REG32(csbc, 0xdc)
2084 default:
2085 if (offset >= 0x5c && offset < 0xa0) {
2086 int n;
2087 int shift;
2088 n = (offset - 0x58) >> 2;
2089 shift = (offset & 3) * 8;
2090 s->scratch[n] = deposit32(s->scratch[n], shift, 8, val);
2091 } else {
2092 qemu_log_mask(LOG_GUEST_ERROR,
2093 "lsi_scsi: invalid write to reg %s %x (0x%02x)\n",
2094 offset < ARRAY_SIZE(names) ? names[offset] : "???",
2095 offset, val);
2096 }
2097 }
2098#undef CASE_SET_REG24
2099#undef CASE_SET_REG32
2100}
2101
2102static void lsi_mmio_write(void *opaque, hwaddr addr,
2103 uint64_t val, unsigned size)
2104{
2105 LSIState *s = opaque;
2106
2107 lsi_reg_writeb(s, addr & 0xff, val);
2108}
2109
2110static uint64_t lsi_mmio_read(void *opaque, hwaddr addr,
2111 unsigned size)
2112{
2113 LSIState *s = opaque;
2114 return lsi_reg_readb(s, addr & 0xff);
2115}
2116
2117static const MemoryRegionOps lsi_mmio_ops = {
2118 .read = lsi_mmio_read,
2119 .write = lsi_mmio_write,
2120 .endianness = DEVICE_LITTLE_ENDIAN,
2121 .impl = {
2122 .min_access_size = 1,
2123 .max_access_size = 1,
2124 },
2125};
2126
2127static void lsi_ram_write(void *opaque, hwaddr addr,
2128 uint64_t val, unsigned size)
2129{
2130 LSIState *s = opaque;
2131 stn_le_p(s->script_ram + addr, size, val);
2132}
2133
2134static uint64_t lsi_ram_read(void *opaque, hwaddr addr,
2135 unsigned size)
2136{
2137 LSIState *s = opaque;
2138 return ldn_le_p(s->script_ram + addr, size);
2139}
2140
2141static const MemoryRegionOps lsi_ram_ops = {
2142 .read = lsi_ram_read,
2143 .write = lsi_ram_write,
2144 .endianness = DEVICE_LITTLE_ENDIAN,
2145};
2146
2147static uint64_t lsi_io_read(void *opaque, hwaddr addr,
2148 unsigned size)
2149{
2150 LSIState *s = opaque;
2151 return lsi_reg_readb(s, addr & 0xff);
2152}
2153
2154static void lsi_io_write(void *opaque, hwaddr addr,
2155 uint64_t val, unsigned size)
2156{
2157 LSIState *s = opaque;
2158 lsi_reg_writeb(s, addr & 0xff, val);
2159}
2160
2161static const MemoryRegionOps lsi_io_ops = {
2162 .read = lsi_io_read,
2163 .write = lsi_io_write,
2164 .endianness = DEVICE_LITTLE_ENDIAN,
2165 .impl = {
2166 .min_access_size = 1,
2167 .max_access_size = 1,
2168 },
2169};
2170
2171static void lsi_scsi_reset(DeviceState *dev)
2172{
2173 LSIState *s = LSI53C895A(dev);
2174
2175 lsi_soft_reset(s);
2176}
2177
2178static int lsi_pre_save(void *opaque)
2179{
2180 LSIState *s = opaque;
2181
2182 if (s->current) {
2183 assert(s->current->dma_buf == NULL);
2184 assert(s->current->dma_len == 0);
2185 }
2186 assert(QTAILQ_EMPTY(&s->queue));
2187
2188 return 0;
2189}
2190
2191static int lsi_post_load(void *opaque, int version_id)
2192{
2193 LSIState *s = opaque;
2194
2195 if (s->msg_len < 0 || s->msg_len > LSI_MAX_MSGIN_LEN) {
2196 return -EINVAL;
2197 }
2198
2199 return 0;
2200}
2201
2202static const VMStateDescription vmstate_lsi_scsi = {
2203 .name = "lsiscsi",
2204 .version_id = 1,
2205 .minimum_version_id = 0,
2206 .pre_save = lsi_pre_save,
2207 .post_load = lsi_post_load,
2208 .fields = (VMStateField[]) {
2209 VMSTATE_PCI_DEVICE(parent_obj, LSIState),
2210
2211 VMSTATE_INT32(carry, LSIState),
2212 VMSTATE_INT32(status, LSIState),
2213 VMSTATE_INT32(msg_action, LSIState),
2214 VMSTATE_INT32(msg_len, LSIState),
2215 VMSTATE_BUFFER(msg, LSIState),
2216 VMSTATE_INT32(waiting, LSIState),
2217
2218 VMSTATE_UINT32(dsa, LSIState),
2219 VMSTATE_UINT32(temp, LSIState),
2220 VMSTATE_UINT32(dnad, LSIState),
2221 VMSTATE_UINT32(dbc, LSIState),
2222 VMSTATE_UINT8(istat0, LSIState),
2223 VMSTATE_UINT8(istat1, LSIState),
2224 VMSTATE_UINT8(dcmd, LSIState),
2225 VMSTATE_UINT8(dstat, LSIState),
2226 VMSTATE_UINT8(dien, LSIState),
2227 VMSTATE_UINT8(sist0, LSIState),
2228 VMSTATE_UINT8(sist1, LSIState),
2229 VMSTATE_UINT8(sien0, LSIState),
2230 VMSTATE_UINT8(sien1, LSIState),
2231 VMSTATE_UINT8(mbox0, LSIState),
2232 VMSTATE_UINT8(mbox1, LSIState),
2233 VMSTATE_UINT8(dfifo, LSIState),
2234 VMSTATE_UINT8(ctest2, LSIState),
2235 VMSTATE_UINT8(ctest3, LSIState),
2236 VMSTATE_UINT8(ctest4, LSIState),
2237 VMSTATE_UINT8(ctest5, LSIState),
2238 VMSTATE_UINT8(ccntl0, LSIState),
2239 VMSTATE_UINT8(ccntl1, LSIState),
2240 VMSTATE_UINT32(dsp, LSIState),
2241 VMSTATE_UINT32(dsps, LSIState),
2242 VMSTATE_UINT8(dmode, LSIState),
2243 VMSTATE_UINT8(dcntl, LSIState),
2244 VMSTATE_UINT8(scntl0, LSIState),
2245 VMSTATE_UINT8(scntl1, LSIState),
2246 VMSTATE_UINT8(scntl2, LSIState),
2247 VMSTATE_UINT8(scntl3, LSIState),
2248 VMSTATE_UINT8(sstat0, LSIState),
2249 VMSTATE_UINT8(sstat1, LSIState),
2250 VMSTATE_UINT8(scid, LSIState),
2251 VMSTATE_UINT8(sxfer, LSIState),
2252 VMSTATE_UINT8(socl, LSIState),
2253 VMSTATE_UINT8(sdid, LSIState),
2254 VMSTATE_UINT8(ssid, LSIState),
2255 VMSTATE_UINT8(sfbr, LSIState),
2256 VMSTATE_UINT8(stest1, LSIState),
2257 VMSTATE_UINT8(stest2, LSIState),
2258 VMSTATE_UINT8(stest3, LSIState),
2259 VMSTATE_UINT8(sidl, LSIState),
2260 VMSTATE_UINT8(stime0, LSIState),
2261 VMSTATE_UINT8(respid0, LSIState),
2262 VMSTATE_UINT8(respid1, LSIState),
2263 VMSTATE_UINT8_V(sbcl, LSIState, 1),
2264 VMSTATE_UINT32(mmrs, LSIState),
2265 VMSTATE_UINT32(mmws, LSIState),
2266 VMSTATE_UINT32(sfs, LSIState),
2267 VMSTATE_UINT32(drs, LSIState),
2268 VMSTATE_UINT32(sbms, LSIState),
2269 VMSTATE_UINT32(dbms, LSIState),
2270 VMSTATE_UINT32(dnad64, LSIState),
2271 VMSTATE_UINT32(pmjad1, LSIState),
2272 VMSTATE_UINT32(pmjad2, LSIState),
2273 VMSTATE_UINT32(rbc, LSIState),
2274 VMSTATE_UINT32(ua, LSIState),
2275 VMSTATE_UINT32(ia, LSIState),
2276 VMSTATE_UINT32(sbc, LSIState),
2277 VMSTATE_UINT32(csbc, LSIState),
2278 VMSTATE_BUFFER_UNSAFE(scratch, LSIState, 0, 18 * sizeof(uint32_t)),
2279 VMSTATE_UINT8(sbr, LSIState),
2280
2281 VMSTATE_BUFFER_UNSAFE(script_ram, LSIState, 0, 8192),
2282 VMSTATE_END_OF_LIST()
2283 }
2284};
2285
2286static const struct SCSIBusInfo lsi_scsi_info = {
2287 .tcq = true,
2288 .max_target = LSI_MAX_DEVS,
2289 .max_lun = 0,
2290
2291 .transfer_data = lsi_transfer_data,
2292 .complete = lsi_command_complete,
2293 .cancel = lsi_request_cancelled
2294};
2295
2296static void lsi_scsi_realize(PCIDevice *dev, Error **errp)
2297{
2298 LSIState *s = LSI53C895A(dev);
2299 DeviceState *d = DEVICE(dev);
2300 uint8_t *pci_conf;
2301
2302 pci_conf = dev->config;
2303
2304
2305 pci_conf[PCI_LATENCY_TIMER] = 0xff;
2306
2307 pci_conf[PCI_INTERRUPT_PIN] = 0x01;
2308
2309 memory_region_init_io(&s->mmio_io, OBJECT(s), &lsi_mmio_ops, s,
2310 "lsi-mmio", 0x400);
2311 memory_region_init_io(&s->ram_io, OBJECT(s), &lsi_ram_ops, s,
2312 "lsi-ram", 0x2000);
2313 memory_region_init_io(&s->io_io, OBJECT(s), &lsi_io_ops, s,
2314 "lsi-io", 256);
2315
2316 address_space_init(&s->pci_io_as, pci_address_space_io(dev), "lsi-pci-io");
2317 qdev_init_gpio_out(d, &s->ext_irq, 1);
2318
2319 pci_register_bar(dev, 0, PCI_BASE_ADDRESS_SPACE_IO, &s->io_io);
2320 pci_register_bar(dev, 1, PCI_BASE_ADDRESS_SPACE_MEMORY, &s->mmio_io);
2321 pci_register_bar(dev, 2, PCI_BASE_ADDRESS_SPACE_MEMORY, &s->ram_io);
2322 QTAILQ_INIT(&s->queue);
2323
2324 scsi_bus_init(&s->bus, sizeof(s->bus), d, &lsi_scsi_info);
2325}
2326
2327static void lsi_scsi_exit(PCIDevice *dev)
2328{
2329 LSIState *s = LSI53C895A(dev);
2330
2331 address_space_destroy(&s->pci_io_as);
2332}
2333
2334static void lsi_class_init(ObjectClass *klass, void *data)
2335{
2336 DeviceClass *dc = DEVICE_CLASS(klass);
2337 PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
2338
2339 k->realize = lsi_scsi_realize;
2340 k->exit = lsi_scsi_exit;
2341 k->vendor_id = PCI_VENDOR_ID_LSI_LOGIC;
2342 k->device_id = PCI_DEVICE_ID_LSI_53C895A;
2343 k->class_id = PCI_CLASS_STORAGE_SCSI;
2344 k->subsystem_id = 0x1000;
2345 dc->reset = lsi_scsi_reset;
2346 dc->vmsd = &vmstate_lsi_scsi;
2347 set_bit(DEVICE_CATEGORY_STORAGE, dc->categories);
2348}
2349
2350static const TypeInfo lsi_info = {
2351 .name = TYPE_LSI53C895A,
2352 .parent = TYPE_PCI_DEVICE,
2353 .instance_size = sizeof(LSIState),
2354 .class_init = lsi_class_init,
2355 .interfaces = (InterfaceInfo[]) {
2356 { INTERFACE_CONVENTIONAL_PCI_DEVICE },
2357 { },
2358 },
2359};
2360
2361static void lsi53c810_class_init(ObjectClass *klass, void *data)
2362{
2363 PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
2364
2365 k->device_id = PCI_DEVICE_ID_LSI_53C810;
2366}
2367
2368static const TypeInfo lsi53c810_info = {
2369 .name = TYPE_LSI53C810,
2370 .parent = TYPE_LSI53C895A,
2371 .class_init = lsi53c810_class_init,
2372};
2373
2374static void lsi53c895a_register_types(void)
2375{
2376 type_register_static(&lsi_info);
2377 type_register_static(&lsi53c810_info);
2378}
2379
2380type_init(lsi53c895a_register_types)
2381
2382void lsi53c8xx_handle_legacy_cmdline(DeviceState *lsi_dev)
2383{
2384 LSIState *s = LSI53C895A(lsi_dev);
2385
2386 scsi_bus_legacy_handle_cmdline(&s->bus);
2387}
2388
