xref: /illumos-kvm-cmd/hw/lsi53c895a.c (revision 68396ea9)
1 /*
2  * QEMU LSI53C895A SCSI Host Bus Adapter emulation
3  *
4  * Copyright (c) 2006 CodeSourcery.
5  * Written by Paul Brook
6  *
7  * This code is licenced under the LGPL.
8  */
9 
10 /* ??? Need to check if the {read,write}[wl] routines work properly on
11    big-endian targets.  */
12 
13 #include <assert.h>
14 
15 #include "hw.h"
16 #include "pci.h"
17 #include "scsi.h"
18 #include "block_int.h"
19 
20 //#define DEBUG_LSI
21 //#define DEBUG_LSI_REG
22 
23 #ifdef DEBUG_LSI
24 #define DPRINTF(fmt, ...) \
25 do { printf("lsi_scsi: " fmt , ## __VA_ARGS__); } while (0)
26 #define BADF(fmt, ...) \
27 do { fprintf(stderr, "lsi_scsi: error: " fmt , ## __VA_ARGS__); exit(1);} while (0)
28 #else
29 #define DPRINTF(fmt, ...) do {} while(0)
30 #define BADF(fmt, ...) \
31 do { fprintf(stderr, "lsi_scsi: error: " fmt , ## __VA_ARGS__);} while (0)
32 #endif
33 
34 #define LSI_MAX_DEVS 7
35 
36 #define LSI_SCNTL0_TRG    0x01
37 #define LSI_SCNTL0_AAP    0x02
38 #define LSI_SCNTL0_EPC    0x08
39 #define LSI_SCNTL0_WATN   0x10
40 #define LSI_SCNTL0_START  0x20
41 
42 #define LSI_SCNTL1_SST    0x01
43 #define LSI_SCNTL1_IARB   0x02
44 #define LSI_SCNTL1_AESP   0x04
45 #define LSI_SCNTL1_RST    0x08
46 #define LSI_SCNTL1_CON    0x10
47 #define LSI_SCNTL1_DHP    0x20
48 #define LSI_SCNTL1_ADB    0x40
49 #define LSI_SCNTL1_EXC    0x80
50 
51 #define LSI_SCNTL2_WSR    0x01
52 #define LSI_SCNTL2_VUE0   0x02
53 #define LSI_SCNTL2_VUE1   0x04
54 #define LSI_SCNTL2_WSS    0x08
55 #define LSI_SCNTL2_SLPHBEN 0x10
56 #define LSI_SCNTL2_SLPMD  0x20
57 #define LSI_SCNTL2_CHM    0x40
58 #define LSI_SCNTL2_SDU    0x80
59 
60 #define LSI_ISTAT0_DIP    0x01
61 #define LSI_ISTAT0_SIP    0x02
62 #define LSI_ISTAT0_INTF   0x04
63 #define LSI_ISTAT0_CON    0x08
64 #define LSI_ISTAT0_SEM    0x10
65 #define LSI_ISTAT0_SIGP   0x20
66 #define LSI_ISTAT0_SRST   0x40
67 #define LSI_ISTAT0_ABRT   0x80
68 
69 #define LSI_ISTAT1_SI     0x01
70 #define LSI_ISTAT1_SRUN   0x02
71 #define LSI_ISTAT1_FLSH   0x04
72 
73 #define LSI_SSTAT0_SDP0   0x01
74 #define LSI_SSTAT0_RST    0x02
75 #define LSI_SSTAT0_WOA    0x04
76 #define LSI_SSTAT0_LOA    0x08
77 #define LSI_SSTAT0_AIP    0x10
78 #define LSI_SSTAT0_OLF    0x20
79 #define LSI_SSTAT0_ORF    0x40
80 #define LSI_SSTAT0_ILF    0x80
81 
82 #define LSI_SIST0_PAR     0x01
83 #define LSI_SIST0_RST     0x02
84 #define LSI_SIST0_UDC     0x04
85 #define LSI_SIST0_SGE     0x08
86 #define LSI_SIST0_RSL     0x10
87 #define LSI_SIST0_SEL     0x20
88 #define LSI_SIST0_CMP     0x40
89 #define LSI_SIST0_MA      0x80
90 
91 #define LSI_SIST1_HTH     0x01
92 #define LSI_SIST1_GEN     0x02
93 #define LSI_SIST1_STO     0x04
94 #define LSI_SIST1_SBMC    0x10
95 
96 #define LSI_SOCL_IO       0x01
97 #define LSI_SOCL_CD       0x02
98 #define LSI_SOCL_MSG      0x04
99 #define LSI_SOCL_ATN      0x08
100 #define LSI_SOCL_SEL      0x10
101 #define LSI_SOCL_BSY      0x20
102 #define LSI_SOCL_ACK      0x40
103 #define LSI_SOCL_REQ      0x80
104 
105 #define LSI_DSTAT_IID     0x01
106 #define LSI_DSTAT_SIR     0x04
107 #define LSI_DSTAT_SSI     0x08
108 #define LSI_DSTAT_ABRT    0x10
109 #define LSI_DSTAT_BF      0x20
110 #define LSI_DSTAT_MDPE    0x40
111 #define LSI_DSTAT_DFE     0x80
112 
113 #define LSI_DCNTL_COM     0x01
114 #define LSI_DCNTL_IRQD    0x02
115 #define LSI_DCNTL_STD     0x04
116 #define LSI_DCNTL_IRQM    0x08
117 #define LSI_DCNTL_SSM     0x10
118 #define LSI_DCNTL_PFEN    0x20
119 #define LSI_DCNTL_PFF     0x40
120 #define LSI_DCNTL_CLSE    0x80
121 
122 #define LSI_DMODE_MAN     0x01
123 #define LSI_DMODE_BOF     0x02
124 #define LSI_DMODE_ERMP    0x04
125 #define LSI_DMODE_ERL     0x08
126 #define LSI_DMODE_DIOM    0x10
127 #define LSI_DMODE_SIOM    0x20
128 
129 #define LSI_CTEST2_DACK   0x01
130 #define LSI_CTEST2_DREQ   0x02
131 #define LSI_CTEST2_TEOP   0x04
132 #define LSI_CTEST2_PCICIE 0x08
133 #define LSI_CTEST2_CM     0x10
134 #define LSI_CTEST2_CIO    0x20
135 #define LSI_CTEST2_SIGP   0x40
136 #define LSI_CTEST2_DDIR   0x80
137 
138 #define LSI_CTEST5_BL2    0x04
139 #define LSI_CTEST5_DDIR   0x08
140 #define LSI_CTEST5_MASR   0x10
141 #define LSI_CTEST5_DFSN   0x20
142 #define LSI_CTEST5_BBCK   0x40
143 #define LSI_CTEST5_ADCK   0x80
144 
145 #define LSI_CCNTL0_DILS   0x01
146 #define LSI_CCNTL0_DISFC  0x10
147 #define LSI_CCNTL0_ENNDJ  0x20
148 #define LSI_CCNTL0_PMJCTL 0x40
149 #define LSI_CCNTL0_ENPMJ  0x80
150 
151 #define LSI_CCNTL1_EN64DBMV  0x01
152 #define LSI_CCNTL1_EN64TIBMV 0x02
153 #define LSI_CCNTL1_64TIMOD   0x04
154 #define LSI_CCNTL1_DDAC      0x08
155 #define LSI_CCNTL1_ZMOD      0x80
156 
157 /* Enable Response to Reselection */
158 #define LSI_SCID_RRE      0x60
159 
160 #define LSI_CCNTL1_40BIT (LSI_CCNTL1_EN64TIBMV|LSI_CCNTL1_64TIMOD)
161 
162 #define PHASE_DO          0
163 #define PHASE_DI          1
164 #define PHASE_CMD         2
165 #define PHASE_ST          3
166 #define PHASE_MO          6
167 #define PHASE_MI          7
168 #define PHASE_MASK        7
169 
170 /* Maximum length of MSG IN data.  */
171 #define LSI_MAX_MSGIN_LEN 8
172 
173 /* Flag set if this is a tagged command.  */
174 #define LSI_TAG_VALID     (1 << 16)
175 
176 typedef struct lsi_request {
177     uint32_t tag;
178     uint32_t dma_len;
179     uint8_t *dma_buf;
180     uint32_t pending;
181     int out;
182     QTAILQ_ENTRY(lsi_request) next;
183 } lsi_request;
184 
185 typedef struct {
186     PCIDevice dev;
187     int mmio_io_addr;
188     int ram_io_addr;
189     uint32_t script_ram_base;
190 
191     int carry; /* ??? Should this be an a visible register somewhere?  */
192     int sense;
193     /* Action to take at the end of a MSG IN phase.
194        0 = COMMAND, 1 = disconnect, 2 = DATA OUT, 3 = DATA IN.  */
195     int msg_action;
196     int msg_len;
197     uint8_t msg[LSI_MAX_MSGIN_LEN];
198     /* 0 if SCRIPTS are running or stopped.
199      * 1 if a Wait Reselect instruction has been issued.
200      * 2 if processing DMA from lsi_execute_script.
201      * 3 if a DMA operation is in progress.  */
202     int waiting;
203     SCSIBus bus;
204     int current_lun;
205     /* The tag is a combination of the device ID and the SCSI tag.  */
206     uint32_t select_tag;
207     int command_complete;
208     QTAILQ_HEAD(, lsi_request) queue;
209     lsi_request *current;
210 
211     uint32_t dsa;
212     uint32_t temp;
213     uint32_t dnad;
214     uint32_t dbc;
215     uint8_t istat0;
216     uint8_t istat1;
217     uint8_t dcmd;
218     uint8_t dstat;
219     uint8_t dien;
220     uint8_t sist0;
221     uint8_t sist1;
222     uint8_t sien0;
223     uint8_t sien1;
224     uint8_t mbox0;
225     uint8_t mbox1;
226     uint8_t dfifo;
227     uint8_t ctest2;
228     uint8_t ctest3;
229     uint8_t ctest4;
230     uint8_t ctest5;
231     uint8_t ccntl0;
232     uint8_t ccntl1;
233     uint32_t dsp;
234     uint32_t dsps;
235     uint8_t dmode;
236     uint8_t dcntl;
237     uint8_t scntl0;
238     uint8_t scntl1;
239     uint8_t scntl2;
240     uint8_t scntl3;
241     uint8_t sstat0;
242     uint8_t sstat1;
243     uint8_t scid;
244     uint8_t sxfer;
245     uint8_t socl;
246     uint8_t sdid;
247     uint8_t ssid;
248     uint8_t sfbr;
249     uint8_t stest1;
250     uint8_t stest2;
251     uint8_t stest3;
252     uint8_t sidl;
253     uint8_t stime0;
254     uint8_t respid0;
255     uint8_t respid1;
256     uint32_t mmrs;
257     uint32_t mmws;
258     uint32_t sfs;
259     uint32_t drs;
260     uint32_t sbms;
261     uint32_t dbms;
262     uint32_t dnad64;
263     uint32_t pmjad1;
264     uint32_t pmjad2;
265     uint32_t rbc;
266     uint32_t ua;
267     uint32_t ia;
268     uint32_t sbc;
269     uint32_t csbc;
270     uint32_t scratch[18]; /* SCRATCHA-SCRATCHR */
271     uint8_t sbr;
272 
273     /* Script ram is stored as 32-bit words in host byteorder.  */
274     uint32_t script_ram[2048];
275 } LSIState;
276 
lsi_irq_on_rsl(LSIState * s)277 static inline int lsi_irq_on_rsl(LSIState *s)
278 {
279     return (s->sien0 & LSI_SIST0_RSL) && (s->scid & LSI_SCID_RRE);
280 }
281 
lsi_soft_reset(LSIState * s)282 static void lsi_soft_reset(LSIState *s)
283 {
284     lsi_request *p;
285 
286     DPRINTF("Reset\n");
287     s->carry = 0;
288 
289     s->msg_action = 0;
290     s->msg_len = 0;
291     s->waiting = 0;
292     s->dsa = 0;
293     s->dnad = 0;
294     s->dbc = 0;
295     s->temp = 0;
296     memset(s->scratch, 0, sizeof(s->scratch));
297     s->istat0 = 0;
298     s->istat1 = 0;
299     s->dcmd = 0x40;
300     s->dstat = LSI_DSTAT_DFE;
301     s->dien = 0;
302     s->sist0 = 0;
303     s->sist1 = 0;
304     s->sien0 = 0;
305     s->sien1 = 0;
306     s->mbox0 = 0;
307     s->mbox1 = 0;
308     s->dfifo = 0;
309     s->ctest2 = LSI_CTEST2_DACK;
310     s->ctest3 = 0;
311     s->ctest4 = 0;
312     s->ctest5 = 0;
313     s->ccntl0 = 0;
314     s->ccntl1 = 0;
315     s->dsp = 0;
316     s->dsps = 0;
317     s->dmode = 0;
318     s->dcntl = 0;
319     s->scntl0 = 0xc0;
320     s->scntl1 = 0;
321     s->scntl2 = 0;
322     s->scntl3 = 0;
323     s->sstat0 = 0;
324     s->sstat1 = 0;
325     s->scid = 7;
326     s->sxfer = 0;
327     s->socl = 0;
328     s->sdid = 0;
329     s->ssid = 0;
330     s->stest1 = 0;
331     s->stest2 = 0;
332     s->stest3 = 0;
333     s->sidl = 0;
334     s->stime0 = 0;
335     s->respid0 = 0x80;
336     s->respid1 = 0;
337     s->mmrs = 0;
338     s->mmws = 0;
339     s->sfs = 0;
340     s->drs = 0;
341     s->sbms = 0;
342     s->dbms = 0;
343     s->dnad64 = 0;
344     s->pmjad1 = 0;
345     s->pmjad2 = 0;
346     s->rbc = 0;
347     s->ua = 0;
348     s->ia = 0;
349     s->sbc = 0;
350     s->csbc = 0;
351     s->sbr = 0;
352     while (!QTAILQ_EMPTY(&s->queue)) {
353         p = QTAILQ_FIRST(&s->queue);
354         QTAILQ_REMOVE(&s->queue, p, next);
355         qemu_free(p);
356     }
357     if (s->current) {
358         qemu_free(s->current);
359         s->current = NULL;
360     }
361 }
362 
lsi_dma_40bit(LSIState * s)363 static int lsi_dma_40bit(LSIState *s)
364 {
365     if ((s->ccntl1 & LSI_CCNTL1_40BIT) == LSI_CCNTL1_40BIT)
366         return 1;
367     return 0;
368 }
369 
lsi_dma_ti64bit(LSIState * s)370 static int lsi_dma_ti64bit(LSIState *s)
371 {
372     if ((s->ccntl1 & LSI_CCNTL1_EN64TIBMV) == LSI_CCNTL1_EN64TIBMV)
373         return 1;
374     return 0;
375 }
376 
lsi_dma_64bit(LSIState * s)377 static int lsi_dma_64bit(LSIState *s)
378 {
379     if ((s->ccntl1 & LSI_CCNTL1_EN64DBMV) == LSI_CCNTL1_EN64DBMV)
380         return 1;
381     return 0;
382 }
383 
384 static uint8_t lsi_reg_readb(LSIState *s, int offset);
385 static void lsi_reg_writeb(LSIState *s, int offset, uint8_t val);
386 static void lsi_execute_script(LSIState *s);
387 static void lsi_reselect(LSIState *s, lsi_request *p);
388 
read_dword(LSIState * s,uint32_t addr)389 static inline uint32_t read_dword(LSIState *s, uint32_t addr)
390 {
391     uint32_t buf;
392 
393     /* Optimize reading from SCRIPTS RAM.  */
394     if ((addr & 0xffffe000) == s->script_ram_base) {
395         return s->script_ram[(addr & 0x1fff) >> 2];
396     }
397     cpu_physical_memory_read(addr, (uint8_t *)&buf, 4);
398     return cpu_to_le32(buf);
399 }
400 
lsi_stop_script(LSIState * s)401 static void lsi_stop_script(LSIState *s)
402 {
403     s->istat1 &= ~LSI_ISTAT1_SRUN;
404 }
405 
lsi_update_irq(LSIState * s)406 static void lsi_update_irq(LSIState *s)
407 {
408     int level;
409     static int last_level;
410     lsi_request *p;
411 
412     /* It's unclear whether the DIP/SIP bits should be cleared when the
413        Interrupt Status Registers are cleared or when istat0 is read.
414        We currently do the formwer, which seems to work.  */
415     level = 0;
416     if (s->dstat) {
417         if (s->dstat & s->dien)
418             level = 1;
419         s->istat0 |= LSI_ISTAT0_DIP;
420     } else {
421         s->istat0 &= ~LSI_ISTAT0_DIP;
422     }
423 
424     if (s->sist0 || s->sist1) {
425         if ((s->sist0 & s->sien0) || (s->sist1 & s->sien1))
426             level = 1;
427         s->istat0 |= LSI_ISTAT0_SIP;
428     } else {
429         s->istat0 &= ~LSI_ISTAT0_SIP;
430     }
431     if (s->istat0 & LSI_ISTAT0_INTF)
432         level = 1;
433 
434     if (level != last_level) {
435         DPRINTF("Update IRQ level %d dstat %02x sist %02x%02x\n",
436                 level, s->dstat, s->sist1, s->sist0);
437         last_level = level;
438     }
439     qemu_set_irq(s->dev.irq[0], level);
440 
441     if (!level && lsi_irq_on_rsl(s) && !(s->scntl1 & LSI_SCNTL1_CON)) {
442         DPRINTF("Handled IRQs & disconnected, looking for pending "
443                 "processes\n");
444         QTAILQ_FOREACH(p, &s->queue, next) {
445             if (p->pending) {
446                 lsi_reselect(s, p);
447                 break;
448             }
449         }
450     }
451 }
452 
453 /* Stop SCRIPTS execution and raise a SCSI interrupt.  */
lsi_script_scsi_interrupt(LSIState * s,int stat0,int stat1)454 static void lsi_script_scsi_interrupt(LSIState *s, int stat0, int stat1)
455 {
456     uint32_t mask0;
457     uint32_t mask1;
458 
459     DPRINTF("SCSI Interrupt 0x%02x%02x prev 0x%02x%02x\n",
460             stat1, stat0, s->sist1, s->sist0);
461     s->sist0 |= stat0;
462     s->sist1 |= stat1;
463     /* Stop processor on fatal or unmasked interrupt.  As a special hack
464        we don't stop processing when raising STO.  Instead continue
465        execution and stop at the next insn that accesses the SCSI bus.  */
466     mask0 = s->sien0 | ~(LSI_SIST0_CMP | LSI_SIST0_SEL | LSI_SIST0_RSL);
467     mask1 = s->sien1 | ~(LSI_SIST1_GEN | LSI_SIST1_HTH);
468     mask1 &= ~LSI_SIST1_STO;
469     if (s->sist0 & mask0 || s->sist1 & mask1) {
470         lsi_stop_script(s);
471     }
472     lsi_update_irq(s);
473 }
474 
475 /* Stop SCRIPTS execution and raise a DMA interrupt.  */
lsi_script_dma_interrupt(LSIState * s,int stat)476 static void lsi_script_dma_interrupt(LSIState *s, int stat)
477 {
478     DPRINTF("DMA Interrupt 0x%x prev 0x%x\n", stat, s->dstat);
479     s->dstat |= stat;
480     lsi_update_irq(s);
481     lsi_stop_script(s);
482 }
483 
lsi_set_phase(LSIState * s,int phase)484 static inline void lsi_set_phase(LSIState *s, int phase)
485 {
486     s->sstat1 = (s->sstat1 & ~PHASE_MASK) | phase;
487 }
488 
lsi_bad_phase(LSIState * s,int out,int new_phase)489 static void lsi_bad_phase(LSIState *s, int out, int new_phase)
490 {
491     /* Trigger a phase mismatch.  */
492     if (s->ccntl0 & LSI_CCNTL0_ENPMJ) {
493         if ((s->ccntl0 & LSI_CCNTL0_PMJCTL)) {
494             s->dsp = out ? s->pmjad1 : s->pmjad2;
495         } else {
496             s->dsp = (s->scntl2 & LSI_SCNTL2_WSR ? s->pmjad2 : s->pmjad1);
497         }
498         DPRINTF("Data phase mismatch jump to %08x\n", s->dsp);
499     } else {
500         DPRINTF("Phase mismatch interrupt\n");
501         lsi_script_scsi_interrupt(s, LSI_SIST0_MA, 0);
502         lsi_stop_script(s);
503     }
504     lsi_set_phase(s, new_phase);
505 }
506 
507 
508 /* Resume SCRIPTS execution after a DMA operation.  */
lsi_resume_script(LSIState * s)509 static void lsi_resume_script(LSIState *s)
510 {
511     if (s->waiting != 2) {
512         s->waiting = 0;
513         lsi_execute_script(s);
514     } else {
515         s->waiting = 0;
516     }
517 }
518 
lsi_disconnect(LSIState * s)519 static void lsi_disconnect(LSIState *s)
520 {
521     s->scntl1 &= ~LSI_SCNTL1_CON;
522     s->sstat1 &= ~PHASE_MASK;
523 }
524 
lsi_bad_selection(LSIState * s,uint32_t id)525 static void lsi_bad_selection(LSIState *s, uint32_t id)
526 {
527     DPRINTF("Selected absent target %d\n", id);
528     lsi_script_scsi_interrupt(s, 0, LSI_SIST1_STO);
529     lsi_disconnect(s);
530 }
531 
532 /* Initiate a SCSI layer data transfer.  */
lsi_do_dma(LSIState * s,int out)533 static void lsi_do_dma(LSIState *s, int out)
534 {
535     uint32_t count, id;
536     target_phys_addr_t addr;
537     SCSIDevice *dev;
538 
539     assert(s->current);
540     if (!s->current->dma_len) {
541         /* Wait until data is available.  */
542         DPRINTF("DMA no data available\n");
543         return;
544     }
545 
546     id = (s->current->tag >> 8) & 0xf;
547     dev = s->bus.devs[id];
548     if (!dev) {
549         lsi_bad_selection(s, id);
550         return;
551     }
552 
553     count = s->dbc;
554     if (count > s->current->dma_len)
555         count = s->current->dma_len;
556 
557     addr = s->dnad;
558     /* both 40 and Table Indirect 64-bit DMAs store upper bits in dnad64 */
559     if (lsi_dma_40bit(s) || lsi_dma_ti64bit(s))
560         addr |= ((uint64_t)s->dnad64 << 32);
561     else if (s->dbms)
562         addr |= ((uint64_t)s->dbms << 32);
563     else if (s->sbms)
564         addr |= ((uint64_t)s->sbms << 32);
565 
566     DPRINTF("DMA addr=0x" TARGET_FMT_plx " len=%d\n", addr, count);
567     s->csbc += count;
568     s->dnad += count;
569     s->dbc -= count;
570 
571     if (s->current->dma_buf == NULL) {
572         s->current->dma_buf = dev->info->get_buf(dev, s->current->tag);
573     }
574 
575     /* ??? Set SFBR to first data byte.  */
576     if (out) {
577         cpu_physical_memory_read(addr, s->current->dma_buf, count);
578     } else {
579         cpu_physical_memory_write(addr, s->current->dma_buf, count);
580     }
581     s->current->dma_len -= count;
582     if (s->current->dma_len == 0) {
583         s->current->dma_buf = NULL;
584         if (out) {
585             /* Write the data.  */
586             dev->info->write_data(dev, s->current->tag);
587         } else {
588             /* Request any remaining data.  */
589             dev->info->read_data(dev, s->current->tag);
590         }
591     } else {
592         s->current->dma_buf += count;
593         lsi_resume_script(s);
594     }
595 }
596 
597 
598 /* Add a command to the queue.  */
lsi_queue_command(LSIState * s)599 static void lsi_queue_command(LSIState *s)
600 {
601     lsi_request *p = s->current;
602 
603     DPRINTF("Queueing tag=0x%x\n", p->tag);
604     assert(s->current != NULL);
605     assert(s->current->dma_len == 0);
606     QTAILQ_INSERT_TAIL(&s->queue, s->current, next);
607     s->current = NULL;
608 
609     p->pending = 0;
610     p->out = (s->sstat1 & PHASE_MASK) == PHASE_DO;
611 }
612 
613 /* Queue a byte for a MSG IN phase.  */
lsi_add_msg_byte(LSIState * s,uint8_t data)614 static void lsi_add_msg_byte(LSIState *s, uint8_t data)
615 {
616     if (s->msg_len >= LSI_MAX_MSGIN_LEN) {
617         BADF("MSG IN data too long\n");
618     } else {
619         DPRINTF("MSG IN 0x%02x\n", data);
620         s->msg[s->msg_len++] = data;
621     }
622 }
623 
624 /* Perform reselection to continue a command.  */
lsi_reselect(LSIState * s,lsi_request * p)625 static void lsi_reselect(LSIState *s, lsi_request *p)
626 {
627     int id;
628 
629     assert(s->current == NULL);
630     QTAILQ_REMOVE(&s->queue, p, next);
631     s->current = p;
632 
633     id = (p->tag >> 8) & 0xf;
634     s->ssid = id | 0x80;
635     /* LSI53C700 Family Compatibility, see LSI53C895A 4-73 */
636     if (!(s->dcntl & LSI_DCNTL_COM)) {
637         s->sfbr = 1 << (id & 0x7);
638     }
639     DPRINTF("Reselected target %d\n", id);
640     s->scntl1 |= LSI_SCNTL1_CON;
641     lsi_set_phase(s, PHASE_MI);
642     s->msg_action = p->out ? 2 : 3;
643     s->current->dma_len = p->pending;
644     lsi_add_msg_byte(s, 0x80);
645     if (s->current->tag & LSI_TAG_VALID) {
646         lsi_add_msg_byte(s, 0x20);
647         lsi_add_msg_byte(s, p->tag & 0xff);
648     }
649 
650     if (lsi_irq_on_rsl(s)) {
651         lsi_script_scsi_interrupt(s, LSI_SIST0_RSL, 0);
652     }
653 }
654 
655 /* Record that data is available for a queued command.  Returns zero if
656    the device was reselected, nonzero if the IO is deferred.  */
lsi_queue_tag(LSIState * s,uint32_t tag,uint32_t arg)657 static int lsi_queue_tag(LSIState *s, uint32_t tag, uint32_t arg)
658 {
659     lsi_request *p;
660 
661     QTAILQ_FOREACH(p, &s->queue, next) {
662         if (p->tag == tag) {
663             if (p->pending) {
664                 BADF("Multiple IO pending for tag %d\n", tag);
665             }
666             p->pending = arg;
667             /* Reselect if waiting for it, or if reselection triggers an IRQ
668                and the bus is free.
669                Since no interrupt stacking is implemented in the emulation, it
670                is also required that there are no pending interrupts waiting
671                for service from the device driver. */
672             if (s->waiting == 1 ||
673                 (lsi_irq_on_rsl(s) && !(s->scntl1 & LSI_SCNTL1_CON) &&
674                  !(s->istat0 & (LSI_ISTAT0_SIP | LSI_ISTAT0_DIP)))) {
675                 /* Reselect device.  */
676                 lsi_reselect(s, p);
677                 return 0;
678             } else {
679                 DPRINTF("Queueing IO tag=0x%x\n", tag);
680                 p->pending = arg;
681                 return 1;
682             }
683         }
684     }
685     BADF("IO with unknown tag %d\n", tag);
686     return 1;
687 }
688 
689 /* Callback to indicate that the SCSI layer has completed a transfer.  */
lsi_command_complete(SCSIBus * bus,int reason,uint32_t tag,uint32_t arg)690 static void lsi_command_complete(SCSIBus *bus, int reason, uint32_t tag,
691                                  uint32_t arg)
692 {
693     LSIState *s = DO_UPCAST(LSIState, dev.qdev, bus->qbus.parent);
694     int out;
695 
696     out = (s->sstat1 & PHASE_MASK) == PHASE_DO;
697     if (reason == SCSI_REASON_DONE) {
698         DPRINTF("Command complete sense=%d\n", (int)arg);
699         s->sense = arg;
700         s->command_complete = 2;
701         if (s->waiting && s->dbc != 0) {
702             /* Raise phase mismatch for short transfers.  */
703             lsi_bad_phase(s, out, PHASE_ST);
704         } else {
705             lsi_set_phase(s, PHASE_ST);
706         }
707 
708         qemu_free(s->current);
709         s->current = NULL;
710 
711         lsi_resume_script(s);
712         return;
713     }
714 
715     if (s->waiting == 1 || !s->current || tag != s->current->tag ||
716         (lsi_irq_on_rsl(s) && !(s->scntl1 & LSI_SCNTL1_CON))) {
717         if (lsi_queue_tag(s, tag, arg))
718             return;
719     }
720 
721     /* host adapter (re)connected */
722     DPRINTF("Data ready tag=0x%x len=%d\n", tag, arg);
723     s->current->dma_len = arg;
724     s->command_complete = 1;
725     if (!s->waiting)
726         return;
727     if (s->waiting == 1 || s->dbc == 0) {
728         lsi_resume_script(s);
729     } else {
730         lsi_do_dma(s, out);
731     }
732 }
733 
lsi_do_command(LSIState * s)734 static void lsi_do_command(LSIState *s)
735 {
736     SCSIDevice *dev;
737     uint8_t buf[16];
738     uint32_t id;
739     int n;
740 
741     DPRINTF("Send command len=%d\n", s->dbc);
742     if (s->dbc > 16)
743         s->dbc = 16;
744     cpu_physical_memory_read(s->dnad, buf, s->dbc);
745     s->sfbr = buf[0];
746     s->command_complete = 0;
747 
748     id = (s->select_tag >> 8) & 0xf;
749     dev = s->bus.devs[id];
750     if (!dev) {
751         lsi_bad_selection(s, id);
752         return;
753     }
754 
755     assert(s->current == NULL);
756     s->current = qemu_mallocz(sizeof(lsi_request));
757     s->current->tag = s->select_tag;
758 
759     n = dev->info->send_command(dev, s->current->tag, buf, s->current_lun);
760     if (n > 0) {
761         lsi_set_phase(s, PHASE_DI);
762         dev->info->read_data(dev, s->current->tag);
763     } else if (n < 0) {
764         lsi_set_phase(s, PHASE_DO);
765         dev->info->write_data(dev, s->current->tag);
766     }
767 
768     if (!s->command_complete) {
769         if (n) {
770             /* Command did not complete immediately so disconnect.  */
771             lsi_add_msg_byte(s, 2); /* SAVE DATA POINTER */
772             lsi_add_msg_byte(s, 4); /* DISCONNECT */
773             /* wait data */
774             lsi_set_phase(s, PHASE_MI);
775             s->msg_action = 1;
776             lsi_queue_command(s);
777         } else {
778             /* wait command complete */
779             lsi_set_phase(s, PHASE_DI);
780         }
781     }
782 }
783 
lsi_do_status(LSIState * s)784 static void lsi_do_status(LSIState *s)
785 {
786     uint8_t sense;
787     DPRINTF("Get status len=%d sense=%d\n", s->dbc, s->sense);
788     if (s->dbc != 1)
789         BADF("Bad Status move\n");
790     s->dbc = 1;
791     sense = s->sense;
792     s->sfbr = sense;
793     cpu_physical_memory_write(s->dnad, &sense, 1);
794     lsi_set_phase(s, PHASE_MI);
795     s->msg_action = 1;
796     lsi_add_msg_byte(s, 0); /* COMMAND COMPLETE */
797 }
798 
lsi_do_msgin(LSIState * s)799 static void lsi_do_msgin(LSIState *s)
800 {
801     int len;
802     DPRINTF("Message in len=%d/%d\n", s->dbc, s->msg_len);
803     s->sfbr = s->msg[0];
804     len = s->msg_len;
805     if (len > s->dbc)
806         len = s->dbc;
807     cpu_physical_memory_write(s->dnad, s->msg, len);
808     /* Linux drivers rely on the last byte being in the SIDL.  */
809     s->sidl = s->msg[len - 1];
810     s->msg_len -= len;
811     if (s->msg_len) {
812         memmove(s->msg, s->msg + len, s->msg_len);
813     } else {
814         /* ??? Check if ATN (not yet implemented) is asserted and maybe
815            switch to PHASE_MO.  */
816         switch (s->msg_action) {
817         case 0:
818             lsi_set_phase(s, PHASE_CMD);
819             break;
820         case 1:
821             lsi_disconnect(s);
822             break;
823         case 2:
824             lsi_set_phase(s, PHASE_DO);
825             break;
826         case 3:
827             lsi_set_phase(s, PHASE_DI);
828             break;
829         default:
830             abort();
831         }
832     }
833 }
834 
835 /* Read the next byte during a MSGOUT phase.  */
lsi_get_msgbyte(LSIState * s)836 static uint8_t lsi_get_msgbyte(LSIState *s)
837 {
838     uint8_t data;
839     cpu_physical_memory_read(s->dnad, &data, 1);
840     s->dnad++;
841     s->dbc--;
842     return data;
843 }
844 
845 /* Skip the next n bytes during a MSGOUT phase. */
lsi_skip_msgbytes(LSIState * s,unsigned int n)846 static void lsi_skip_msgbytes(LSIState *s, unsigned int n)
847 {
848     s->dnad += n;
849     s->dbc  -= n;
850 }
851 
lsi_do_msgout(LSIState * s)852 static void lsi_do_msgout(LSIState *s)
853 {
854     uint8_t msg;
855     int len;
856     uint32_t current_tag;
857     SCSIDevice *current_dev;
858     lsi_request *p, *p_next;
859     int id;
860 
861     if (s->current) {
862         current_tag = s->current->tag;
863     } else {
864         current_tag = s->select_tag;
865     }
866     id = (current_tag >> 8) & 0xf;
867     current_dev = s->bus.devs[id];
868 
869     DPRINTF("MSG out len=%d\n", s->dbc);
870     while (s->dbc) {
871         msg = lsi_get_msgbyte(s);
872         s->sfbr = msg;
873 
874         switch (msg) {
875         case 0x04:
876             DPRINTF("MSG: Disconnect\n");
877             lsi_disconnect(s);
878             break;
879         case 0x08:
880             DPRINTF("MSG: No Operation\n");
881             lsi_set_phase(s, PHASE_CMD);
882             break;
883         case 0x01:
884             len = lsi_get_msgbyte(s);
885             msg = lsi_get_msgbyte(s);
886             (void)len; /* avoid a warning about unused variable*/
887             DPRINTF("Extended message 0x%x (len %d)\n", msg, len);
888             switch (msg) {
889             case 1:
890                 DPRINTF("SDTR (ignored)\n");
891                 lsi_skip_msgbytes(s, 2);
892                 break;
893             case 3:
894                 DPRINTF("WDTR (ignored)\n");
895                 lsi_skip_msgbytes(s, 1);
896                 break;
897             default:
898                 goto bad;
899             }
900             break;
901         case 0x20: /* SIMPLE queue */
902             s->select_tag |= lsi_get_msgbyte(s) | LSI_TAG_VALID;
903             DPRINTF("SIMPLE queue tag=0x%x\n", s->select_tag & 0xff);
904             break;
905         case 0x21: /* HEAD of queue */
906             BADF("HEAD queue not implemented\n");
907             s->select_tag |= lsi_get_msgbyte(s) | LSI_TAG_VALID;
908             break;
909         case 0x22: /* ORDERED queue */
910             BADF("ORDERED queue not implemented\n");
911             s->select_tag |= lsi_get_msgbyte(s) | LSI_TAG_VALID;
912             break;
913         case 0x0d:
914             /* The ABORT TAG message clears the current I/O process only. */
915             DPRINTF("MSG: ABORT TAG tag=0x%x\n", current_tag);
916             current_dev->info->cancel_io(current_dev, current_tag);
917             lsi_disconnect(s);
918             break;
919         case 0x06:
920         case 0x0e:
921         case 0x0c:
922             /* The ABORT message clears all I/O processes for the selecting
923                initiator on the specified logical unit of the target. */
924             if (msg == 0x06) {
925                 DPRINTF("MSG: ABORT tag=0x%x\n", current_tag);
926             }
927             /* The CLEAR QUEUE message clears all I/O processes for all
928                initiators on the specified logical unit of the target. */
929             if (msg == 0x0e) {
930                 DPRINTF("MSG: CLEAR QUEUE tag=0x%x\n", current_tag);
931             }
932             /* The BUS DEVICE RESET message clears all I/O processes for all
933                initiators on all logical units of the target. */
934             if (msg == 0x0c) {
935                 DPRINTF("MSG: BUS DEVICE RESET tag=0x%x\n", current_tag);
936             }
937 
938             /* clear the current I/O process */
939             current_dev->info->cancel_io(current_dev, current_tag);
940 
941             /* As the current implemented devices scsi_disk and scsi_generic
942                only support one LUN, we don't need to keep track of LUNs.
943                Clearing I/O processes for other initiators could be possible
944                for scsi_generic by sending a SG_SCSI_RESET to the /dev/sgX
945                device, but this is currently not implemented (and seems not
946                to be really necessary). So let's simply clear all queued
947                commands for the current device: */
948             id = current_tag & 0x0000ff00;
949             QTAILQ_FOREACH_SAFE(p, &s->queue, next, p_next) {
950                 if ((p->tag & 0x0000ff00) == id) {
951                     current_dev->info->cancel_io(current_dev, p->tag);
952                     QTAILQ_REMOVE(&s->queue, p, next);
953                 }
954             }
955 
956             lsi_disconnect(s);
957             break;
958         default:
959             if ((msg & 0x80) == 0) {
960                 goto bad;
961             }
962             s->current_lun = msg & 7;
963             DPRINTF("Select LUN %d\n", s->current_lun);
964             lsi_set_phase(s, PHASE_CMD);
965             break;
966         }
967     }
968     return;
969 bad:
970     BADF("Unimplemented message 0x%02x\n", msg);
971     lsi_set_phase(s, PHASE_MI);
972     lsi_add_msg_byte(s, 7); /* MESSAGE REJECT */
973     s->msg_action = 0;
974 }
975 
976 /* Sign extend a 24-bit value.  */
sxt24(int32_t n)977 static inline int32_t sxt24(int32_t n)
978 {
979     return (n << 8) >> 8;
980 }
981 
982 #define LSI_BUF_SIZE 4096
lsi_memcpy(LSIState * s,uint32_t dest,uint32_t src,int count)983 static void lsi_memcpy(LSIState *s, uint32_t dest, uint32_t src, int count)
984 {
985     int n;
986     uint8_t buf[LSI_BUF_SIZE];
987 
988     DPRINTF("memcpy dest 0x%08x src 0x%08x count %d\n", dest, src, count);
989     while (count) {
990         n = (count > LSI_BUF_SIZE) ? LSI_BUF_SIZE : count;
991         cpu_physical_memory_read(src, buf, n);
992         cpu_physical_memory_write(dest, buf, n);
993         src += n;
994         dest += n;
995         count -= n;
996     }
997 }
998 
lsi_wait_reselect(LSIState * s)999 static void lsi_wait_reselect(LSIState *s)
1000 {
1001     lsi_request *p;
1002 
1003     DPRINTF("Wait Reselect\n");
1004 
1005     QTAILQ_FOREACH(p, &s->queue, next) {
1006         if (p->pending) {
1007             lsi_reselect(s, p);
1008             break;
1009         }
1010     }
1011     if (s->current == NULL) {
1012         s->waiting = 1;
1013     }
1014 }
1015 
lsi_execute_script(LSIState * s)1016 static void lsi_execute_script(LSIState *s)
1017 {
1018     uint32_t insn;
1019     uint32_t addr, addr_high;
1020     int opcode;
1021     int insn_processed = 0;
1022 
1023     s->istat1 |= LSI_ISTAT1_SRUN;
1024 again:
1025     insn_processed++;
1026     insn = read_dword(s, s->dsp);
1027     if (!insn) {
1028         /* If we receive an empty opcode increment the DSP by 4 bytes
1029            instead of 8 and execute the next opcode at that location */
1030         s->dsp += 4;
1031         goto again;
1032     }
1033     addr = read_dword(s, s->dsp + 4);
1034     addr_high = 0;
1035     DPRINTF("SCRIPTS dsp=%08x opcode %08x arg %08x\n", s->dsp, insn, addr);
1036     s->dsps = addr;
1037     s->dcmd = insn >> 24;
1038     s->dsp += 8;
1039     switch (insn >> 30) {
1040     case 0: /* Block move.  */
1041         if (s->sist1 & LSI_SIST1_STO) {
1042             DPRINTF("Delayed select timeout\n");
1043             lsi_stop_script(s);
1044             break;
1045         }
1046         s->dbc = insn & 0xffffff;
1047         s->rbc = s->dbc;
1048         /* ??? Set ESA.  */
1049         s->ia = s->dsp - 8;
1050         if (insn & (1 << 29)) {
1051             /* Indirect addressing.  */
1052             addr = read_dword(s, addr);
1053         } else if (insn & (1 << 28)) {
1054             uint32_t buf[2];
1055             int32_t offset;
1056             /* Table indirect addressing.  */
1057 
1058             /* 32-bit Table indirect */
1059             offset = sxt24(addr);
1060             cpu_physical_memory_read(s->dsa + offset, (uint8_t *)buf, 8);
1061             /* byte count is stored in bits 0:23 only */
1062             s->dbc = cpu_to_le32(buf[0]) & 0xffffff;
1063             s->rbc = s->dbc;
1064             addr = cpu_to_le32(buf[1]);
1065 
1066             /* 40-bit DMA, upper addr bits [39:32] stored in first DWORD of
1067              * table, bits [31:24] */
1068             if (lsi_dma_40bit(s))
1069                 addr_high = cpu_to_le32(buf[0]) >> 24;
1070             else if (lsi_dma_ti64bit(s)) {
1071                 int selector = (cpu_to_le32(buf[0]) >> 24) & 0x1f;
1072                 switch (selector) {
1073                 case 0 ... 0x0f:
1074                     /* offset index into scratch registers since
1075                      * TI64 mode can use registers C to R */
1076                     addr_high = s->scratch[2 + selector];
1077                     break;
1078                 case 0x10:
1079                     addr_high = s->mmrs;
1080                     break;
1081                 case 0x11:
1082                     addr_high = s->mmws;
1083                     break;
1084                 case 0x12:
1085                     addr_high = s->sfs;
1086                     break;
1087                 case 0x13:
1088                     addr_high = s->drs;
1089                     break;
1090                 case 0x14:
1091                     addr_high = s->sbms;
1092                     break;
1093                 case 0x15:
1094                     addr_high = s->dbms;
1095                     break;
1096                 default:
1097                     BADF("Illegal selector specified (0x%x > 0x15)"
1098                          " for 64-bit DMA block move", selector);
1099                     break;
1100                 }
1101             }
1102         } else if (lsi_dma_64bit(s)) {
1103             /* fetch a 3rd dword if 64-bit direct move is enabled and
1104                only if we're not doing table indirect or indirect addressing */
1105             s->dbms = read_dword(s, s->dsp);
1106             s->dsp += 4;
1107             s->ia = s->dsp - 12;
1108         }
1109         if ((s->sstat1 & PHASE_MASK) != ((insn >> 24) & 7)) {
1110             DPRINTF("Wrong phase got %d expected %d\n",
1111                     s->sstat1 & PHASE_MASK, (insn >> 24) & 7);
1112             lsi_script_scsi_interrupt(s, LSI_SIST0_MA, 0);
1113             break;
1114         }
1115         s->dnad = addr;
1116         s->dnad64 = addr_high;
1117         switch (s->sstat1 & 0x7) {
1118         case PHASE_DO:
1119             s->waiting = 2;
1120             lsi_do_dma(s, 1);
1121             if (s->waiting)
1122                 s->waiting = 3;
1123             break;
1124         case PHASE_DI:
1125             s->waiting = 2;
1126             lsi_do_dma(s, 0);
1127             if (s->waiting)
1128                 s->waiting = 3;
1129             break;
1130         case PHASE_CMD:
1131             lsi_do_command(s);
1132             break;
1133         case PHASE_ST:
1134             lsi_do_status(s);
1135             break;
1136         case PHASE_MO:
1137             lsi_do_msgout(s);
1138             break;
1139         case PHASE_MI:
1140             lsi_do_msgin(s);
1141             break;
1142         default:
1143             BADF("Unimplemented phase %d\n", s->sstat1 & PHASE_MASK);
1144             exit(1);
1145         }
1146         s->dfifo = s->dbc & 0xff;
1147         s->ctest5 = (s->ctest5 & 0xfc) | ((s->dbc >> 8) & 3);
1148         s->sbc = s->dbc;
1149         s->rbc -= s->dbc;
1150         s->ua = addr + s->dbc;
1151         break;
1152 
1153     case 1: /* IO or Read/Write instruction.  */
1154         opcode = (insn >> 27) & 7;
1155         if (opcode < 5) {
1156             uint32_t id;
1157 
1158             if (insn & (1 << 25)) {
1159                 id = read_dword(s, s->dsa + sxt24(insn));
1160             } else {
1161                 id = insn;
1162             }
1163             id = (id >> 16) & 0xf;
1164             if (insn & (1 << 26)) {
1165                 addr = s->dsp + sxt24(addr);
1166             }
1167             s->dnad = addr;
1168             switch (opcode) {
1169             case 0: /* Select */
1170                 s->sdid = id;
1171                 if (s->scntl1 & LSI_SCNTL1_CON) {
1172                     DPRINTF("Already reselected, jumping to alternative address\n");
1173                     s->dsp = s->dnad;
1174                     break;
1175                 }
1176                 s->sstat0 |= LSI_SSTAT0_WOA;
1177                 s->scntl1 &= ~LSI_SCNTL1_IARB;
1178                 if (id >= LSI_MAX_DEVS || !s->bus.devs[id]) {
1179                     lsi_bad_selection(s, id);
1180                     break;
1181                 }
1182                 DPRINTF("Selected target %d%s\n",
1183                         id, insn & (1 << 3) ? " ATN" : "");
1184                 /* ??? Linux drivers compain when this is set.  Maybe
1185                    it only applies in low-level mode (unimplemented).
1186                 lsi_script_scsi_interrupt(s, LSI_SIST0_CMP, 0); */
1187                 s->select_tag = id << 8;
1188                 s->scntl1 |= LSI_SCNTL1_CON;
1189                 if (insn & (1 << 3)) {
1190                     s->socl |= LSI_SOCL_ATN;
1191                 }
1192                 lsi_set_phase(s, PHASE_MO);
1193                 break;
1194             case 1: /* Disconnect */
1195                 DPRINTF("Wait Disconnect\n");
1196                 s->scntl1 &= ~LSI_SCNTL1_CON;
1197                 break;
1198             case 2: /* Wait Reselect */
1199                 if (!lsi_irq_on_rsl(s)) {
1200                     lsi_wait_reselect(s);
1201                 }
1202                 break;
1203             case 3: /* Set */
1204                 DPRINTF("Set%s%s%s%s\n",
1205                         insn & (1 << 3) ? " ATN" : "",
1206                         insn & (1 << 6) ? " ACK" : "",
1207                         insn & (1 << 9) ? " TM" : "",
1208                         insn & (1 << 10) ? " CC" : "");
1209                 if (insn & (1 << 3)) {
1210                     s->socl |= LSI_SOCL_ATN;
1211                     lsi_set_phase(s, PHASE_MO);
1212                 }
1213                 if (insn & (1 << 9)) {
1214                     BADF("Target mode not implemented\n");
1215                     exit(1);
1216                 }
1217                 if (insn & (1 << 10))
1218                     s->carry = 1;
1219                 break;
1220             case 4: /* Clear */
1221                 DPRINTF("Clear%s%s%s%s\n",
1222                         insn & (1 << 3) ? " ATN" : "",
1223                         insn & (1 << 6) ? " ACK" : "",
1224                         insn & (1 << 9) ? " TM" : "",
1225                         insn & (1 << 10) ? " CC" : "");
1226                 if (insn & (1 << 3)) {
1227                     s->socl &= ~LSI_SOCL_ATN;
1228                 }
1229                 if (insn & (1 << 10))
1230                     s->carry = 0;
1231                 break;
1232             }
1233         } else {
1234             uint8_t op0;
1235             uint8_t op1;
1236             uint8_t data8;
1237             int reg;
1238             int operator;
1239 #ifdef DEBUG_LSI
1240             static const char *opcode_names[3] =
1241                 {"Write", "Read", "Read-Modify-Write"};
1242             static const char *operator_names[8] =
1243                 {"MOV", "SHL", "OR", "XOR", "AND", "SHR", "ADD", "ADC"};
1244 #endif
1245 
1246             reg = ((insn >> 16) & 0x7f) | (insn & 0x80);
1247             data8 = (insn >> 8) & 0xff;
1248             opcode = (insn >> 27) & 7;
1249             operator = (insn >> 24) & 7;
1250             DPRINTF("%s reg 0x%x %s data8=0x%02x sfbr=0x%02x%s\n",
1251                     opcode_names[opcode - 5], reg,
1252                     operator_names[operator], data8, s->sfbr,
1253                     (insn & (1 << 23)) ? " SFBR" : "");
1254             op0 = op1 = 0;
1255             switch (opcode) {
1256             case 5: /* From SFBR */
1257                 op0 = s->sfbr;
1258                 op1 = data8;
1259                 break;
1260             case 6: /* To SFBR */
1261                 if (operator)
1262                     op0 = lsi_reg_readb(s, reg);
1263                 op1 = data8;
1264                 break;
1265             case 7: /* Read-modify-write */
1266                 if (operator)
1267                     op0 = lsi_reg_readb(s, reg);
1268                 if (insn & (1 << 23)) {
1269                     op1 = s->sfbr;
1270                 } else {
1271                     op1 = data8;
1272                 }
1273                 break;
1274             }
1275 
1276             switch (operator) {
1277             case 0: /* move */
1278                 op0 = op1;
1279                 break;
1280             case 1: /* Shift left */
1281                 op1 = op0 >> 7;
1282                 op0 = (op0 << 1) | s->carry;
1283                 s->carry = op1;
1284                 break;
1285             case 2: /* OR */
1286                 op0 |= op1;
1287                 break;
1288             case 3: /* XOR */
1289                 op0 ^= op1;
1290                 break;
1291             case 4: /* AND */
1292                 op0 &= op1;
1293                 break;
1294             case 5: /* SHR */
1295                 op1 = op0 & 1;
1296                 op0 = (op0 >> 1) | (s->carry << 7);
1297                 s->carry = op1;
1298                 break;
1299             case 6: /* ADD */
1300                 op0 += op1;
1301                 s->carry = op0 < op1;
1302                 break;
1303             case 7: /* ADC */
1304                 op0 += op1 + s->carry;
1305                 if (s->carry)
1306                     s->carry = op0 <= op1;
1307                 else
1308                     s->carry = op0 < op1;
1309                 break;
1310             }
1311 
1312             switch (opcode) {
1313             case 5: /* From SFBR */
1314             case 7: /* Read-modify-write */
1315                 lsi_reg_writeb(s, reg, op0);
1316                 break;
1317             case 6: /* To SFBR */
1318                 s->sfbr = op0;
1319                 break;
1320             }
1321         }
1322         break;
1323 
1324     case 2: /* Transfer Control.  */
1325         {
1326             int cond;
1327             int jmp;
1328 
1329             if ((insn & 0x002e0000) == 0) {
1330                 DPRINTF("NOP\n");
1331                 break;
1332             }
1333             if (s->sist1 & LSI_SIST1_STO) {
1334                 DPRINTF("Delayed select timeout\n");
1335                 lsi_stop_script(s);
1336                 break;
1337             }
1338             cond = jmp = (insn & (1 << 19)) != 0;
1339             if (cond == jmp && (insn & (1 << 21))) {
1340                 DPRINTF("Compare carry %d\n", s->carry == jmp);
1341                 cond = s->carry != 0;
1342             }
1343             if (cond == jmp && (insn & (1 << 17))) {
1344                 DPRINTF("Compare phase %d %c= %d\n",
1345                         (s->sstat1 & PHASE_MASK),
1346                         jmp ? '=' : '!',
1347                         ((insn >> 24) & 7));
1348                 cond = (s->sstat1 & PHASE_MASK) == ((insn >> 24) & 7);
1349             }
1350             if (cond == jmp && (insn & (1 << 18))) {
1351                 uint8_t mask;
1352 
1353                 mask = (~insn >> 8) & 0xff;
1354                 DPRINTF("Compare data 0x%x & 0x%x %c= 0x%x\n",
1355                         s->sfbr, mask, jmp ? '=' : '!', insn & mask);
1356                 cond = (s->sfbr & mask) == (insn & mask);
1357             }
1358             if (cond == jmp) {
1359                 if (insn & (1 << 23)) {
1360                     /* Relative address.  */
1361                     addr = s->dsp + sxt24(addr);
1362                 }
1363                 switch ((insn >> 27) & 7) {
1364                 case 0: /* Jump */
1365                     DPRINTF("Jump to 0x%08x\n", addr);
1366                     s->dsp = addr;
1367                     break;
1368                 case 1: /* Call */
1369                     DPRINTF("Call 0x%08x\n", addr);
1370                     s->temp = s->dsp;
1371                     s->dsp = addr;
1372                     break;
1373                 case 2: /* Return */
1374                     DPRINTF("Return to 0x%08x\n", s->temp);
1375                     s->dsp = s->temp;
1376                     break;
1377                 case 3: /* Interrupt */
1378                     DPRINTF("Interrupt 0x%08x\n", s->dsps);
1379                     if ((insn & (1 << 20)) != 0) {
1380                         s->istat0 |= LSI_ISTAT0_INTF;
1381                         lsi_update_irq(s);
1382                     } else {
1383                         lsi_script_dma_interrupt(s, LSI_DSTAT_SIR);
1384                     }
1385                     break;
1386                 default:
1387                     DPRINTF("Illegal transfer control\n");
1388                     lsi_script_dma_interrupt(s, LSI_DSTAT_IID);
1389                     break;
1390                 }
1391             } else {
1392                 DPRINTF("Control condition failed\n");
1393             }
1394         }
1395         break;
1396 
1397     case 3:
1398         if ((insn & (1 << 29)) == 0) {
1399             /* Memory move.  */
1400             uint32_t dest;
1401             /* ??? The docs imply the destination address is loaded into
1402                the TEMP register.  However the Linux drivers rely on
1403                the value being presrved.  */
1404             dest = read_dword(s, s->dsp);
1405             s->dsp += 4;
1406             lsi_memcpy(s, dest, addr, insn & 0xffffff);
1407         } else {
1408             uint8_t data[7];
1409             int reg;
1410             int n;
1411             int i;
1412 
1413             if (insn & (1 << 28)) {
1414                 addr = s->dsa + sxt24(addr);
1415             }
1416             n = (insn & 7);
1417             reg = (insn >> 16) & 0xff;
1418             if (insn & (1 << 24)) {
1419                 cpu_physical_memory_read(addr, data, n);
1420                 DPRINTF("Load reg 0x%x size %d addr 0x%08x = %08x\n", reg, n,
1421                         addr, *(int *)data);
1422                 for (i = 0; i < n; i++) {
1423                     lsi_reg_writeb(s, reg + i, data[i]);
1424                 }
1425             } else {
1426                 DPRINTF("Store reg 0x%x size %d addr 0x%08x\n", reg, n, addr);
1427                 for (i = 0; i < n; i++) {
1428                     data[i] = lsi_reg_readb(s, reg + i);
1429                 }
1430                 cpu_physical_memory_write(addr, data, n);
1431             }
1432         }
1433     }
1434     if (insn_processed > 10000 && !s->waiting) {
1435         /* Some windows drivers make the device spin waiting for a memory
1436            location to change.  If we have been executed a lot of code then
1437            assume this is the case and force an unexpected device disconnect.
1438            This is apparently sufficient to beat the drivers into submission.
1439          */
1440         if (!(s->sien0 & LSI_SIST0_UDC))
1441             fprintf(stderr, "inf. loop with UDC masked\n");
1442         lsi_script_scsi_interrupt(s, LSI_SIST0_UDC, 0);
1443         lsi_disconnect(s);
1444     } else if (s->istat1 & LSI_ISTAT1_SRUN && !s->waiting) {
1445         if (s->dcntl & LSI_DCNTL_SSM) {
1446             lsi_script_dma_interrupt(s, LSI_DSTAT_SSI);
1447         } else {
1448             goto again;
1449         }
1450     }
1451     DPRINTF("SCRIPTS execution stopped\n");
1452 }
1453 
lsi_reg_readb(LSIState * s,int offset)1454 static uint8_t lsi_reg_readb(LSIState *s, int offset)
1455 {
1456     uint8_t tmp;
1457 #define CASE_GET_REG24(name, addr) \
1458     case addr: return s->name & 0xff; \
1459     case addr + 1: return (s->name >> 8) & 0xff; \
1460     case addr + 2: return (s->name >> 16) & 0xff;
1461 
1462 #define CASE_GET_REG32(name, addr) \
1463     case addr: return s->name & 0xff; \
1464     case addr + 1: return (s->name >> 8) & 0xff; \
1465     case addr + 2: return (s->name >> 16) & 0xff; \
1466     case addr + 3: return (s->name >> 24) & 0xff;
1467 
1468 #ifdef DEBUG_LSI_REG
1469     DPRINTF("Read reg %x\n", offset);
1470 #endif
1471     switch (offset) {
1472     case 0x00: /* SCNTL0 */
1473         return s->scntl0;
1474     case 0x01: /* SCNTL1 */
1475         return s->scntl1;
1476     case 0x02: /* SCNTL2 */
1477         return s->scntl2;
1478     case 0x03: /* SCNTL3 */
1479         return s->scntl3;
1480     case 0x04: /* SCID */
1481         return s->scid;
1482     case 0x05: /* SXFER */
1483         return s->sxfer;
1484     case 0x06: /* SDID */
1485         return s->sdid;
1486     case 0x07: /* GPREG0 */
1487         return 0x7f;
1488     case 0x08: /* Revision ID */
1489         return 0x00;
1490     case 0xa: /* SSID */
1491         return s->ssid;
1492     case 0xb: /* SBCL */
1493         /* ??? This is not correct. However it's (hopefully) only
1494            used for diagnostics, so should be ok.  */
1495         return 0;
1496     case 0xc: /* DSTAT */
1497         tmp = s->dstat | 0x80;
1498         if ((s->istat0 & LSI_ISTAT0_INTF) == 0)
1499             s->dstat = 0;
1500         lsi_update_irq(s);
1501         return tmp;
1502     case 0x0d: /* SSTAT0 */
1503         return s->sstat0;
1504     case 0x0e: /* SSTAT1 */
1505         return s->sstat1;
1506     case 0x0f: /* SSTAT2 */
1507         return s->scntl1 & LSI_SCNTL1_CON ? 0 : 2;
1508     CASE_GET_REG32(dsa, 0x10)
1509     case 0x14: /* ISTAT0 */
1510         return s->istat0;
1511     case 0x15: /* ISTAT1 */
1512         return s->istat1;
1513     case 0x16: /* MBOX0 */
1514         return s->mbox0;
1515     case 0x17: /* MBOX1 */
1516         return s->mbox1;
1517     case 0x18: /* CTEST0 */
1518         return 0xff;
1519     case 0x19: /* CTEST1 */
1520         return 0;
1521     case 0x1a: /* CTEST2 */
1522         tmp = s->ctest2 | LSI_CTEST2_DACK | LSI_CTEST2_CM;
1523         if (s->istat0 & LSI_ISTAT0_SIGP) {
1524             s->istat0 &= ~LSI_ISTAT0_SIGP;
1525             tmp |= LSI_CTEST2_SIGP;
1526         }
1527         return tmp;
1528     case 0x1b: /* CTEST3 */
1529         return s->ctest3;
1530     CASE_GET_REG32(temp, 0x1c)
1531     case 0x20: /* DFIFO */
1532         return 0;
1533     case 0x21: /* CTEST4 */
1534         return s->ctest4;
1535     case 0x22: /* CTEST5 */
1536         return s->ctest5;
1537     case 0x23: /* CTEST6 */
1538          return 0;
1539     CASE_GET_REG24(dbc, 0x24)
1540     case 0x27: /* DCMD */
1541         return s->dcmd;
1542     CASE_GET_REG32(dnad, 0x28)
1543     CASE_GET_REG32(dsp, 0x2c)
1544     CASE_GET_REG32(dsps, 0x30)
1545     CASE_GET_REG32(scratch[0], 0x34)
1546     case 0x38: /* DMODE */
1547         return s->dmode;
1548     case 0x39: /* DIEN */
1549         return s->dien;
1550     case 0x3a: /* SBR */
1551         return s->sbr;
1552     case 0x3b: /* DCNTL */
1553         return s->dcntl;
1554     case 0x40: /* SIEN0 */
1555         return s->sien0;
1556     case 0x41: /* SIEN1 */
1557         return s->sien1;
1558     case 0x42: /* SIST0 */
1559         tmp = s->sist0;
1560         s->sist0 = 0;
1561         lsi_update_irq(s);
1562         return tmp;
1563     case 0x43: /* SIST1 */
1564         tmp = s->sist1;
1565         s->sist1 = 0;
1566         lsi_update_irq(s);
1567         return tmp;
1568     case 0x46: /* MACNTL */
1569         return 0x0f;
1570     case 0x47: /* GPCNTL0 */
1571         return 0x0f;
1572     case 0x48: /* STIME0 */
1573         return s->stime0;
1574     case 0x4a: /* RESPID0 */
1575         return s->respid0;
1576     case 0x4b: /* RESPID1 */
1577         return s->respid1;
1578     case 0x4d: /* STEST1 */
1579         return s->stest1;
1580     case 0x4e: /* STEST2 */
1581         return s->stest2;
1582     case 0x4f: /* STEST3 */
1583         return s->stest3;
1584     case 0x50: /* SIDL */
1585         /* This is needed by the linux drivers.  We currently only update it
1586            during the MSG IN phase.  */
1587         return s->sidl;
1588     case 0x52: /* STEST4 */
1589         return 0xe0;
1590     case 0x56: /* CCNTL0 */
1591         return s->ccntl0;
1592     case 0x57: /* CCNTL1 */
1593         return s->ccntl1;
1594     case 0x58: /* SBDL */
1595         /* Some drivers peek at the data bus during the MSG IN phase.  */
1596         if ((s->sstat1 & PHASE_MASK) == PHASE_MI)
1597             return s->msg[0];
1598         return 0;
1599     case 0x59: /* SBDL high */
1600         return 0;
1601     CASE_GET_REG32(mmrs, 0xa0)
1602     CASE_GET_REG32(mmws, 0xa4)
1603     CASE_GET_REG32(sfs, 0xa8)
1604     CASE_GET_REG32(drs, 0xac)
1605     CASE_GET_REG32(sbms, 0xb0)
1606     CASE_GET_REG32(dbms, 0xb4)
1607     CASE_GET_REG32(dnad64, 0xb8)
1608     CASE_GET_REG32(pmjad1, 0xc0)
1609     CASE_GET_REG32(pmjad2, 0xc4)
1610     CASE_GET_REG32(rbc, 0xc8)
1611     CASE_GET_REG32(ua, 0xcc)
1612     CASE_GET_REG32(ia, 0xd4)
1613     CASE_GET_REG32(sbc, 0xd8)
1614     CASE_GET_REG32(csbc, 0xdc)
1615     }
1616     if (offset >= 0x5c && offset < 0xa0) {
1617         int n;
1618         int shift;
1619         n = (offset - 0x58) >> 2;
1620         shift = (offset & 3) * 8;
1621         return (s->scratch[n] >> shift) & 0xff;
1622     }
1623     BADF("readb 0x%x\n", offset);
1624     exit(1);
1625 #undef CASE_GET_REG24
1626 #undef CASE_GET_REG32
1627 }
1628 
lsi_reg_writeb(LSIState * s,int offset,uint8_t val)1629 static void lsi_reg_writeb(LSIState *s, int offset, uint8_t val)
1630 {
1631 #define CASE_SET_REG24(name, addr) \
1632     case addr    : s->name &= 0xffffff00; s->name |= val;       break; \
1633     case addr + 1: s->name &= 0xffff00ff; s->name |= val << 8;  break; \
1634     case addr + 2: s->name &= 0xff00ffff; s->name |= val << 16; break;
1635 
1636 #define CASE_SET_REG32(name, addr) \
1637     case addr    : s->name &= 0xffffff00; s->name |= val;       break; \
1638     case addr + 1: s->name &= 0xffff00ff; s->name |= val << 8;  break; \
1639     case addr + 2: s->name &= 0xff00ffff; s->name |= val << 16; break; \
1640     case addr + 3: s->name &= 0x00ffffff; s->name |= val << 24; break;
1641 
1642 #ifdef DEBUG_LSI_REG
1643     DPRINTF("Write reg %x = %02x\n", offset, val);
1644 #endif
1645     switch (offset) {
1646     case 0x00: /* SCNTL0 */
1647         s->scntl0 = val;
1648         if (val & LSI_SCNTL0_START) {
1649             BADF("Start sequence not implemented\n");
1650         }
1651         break;
1652     case 0x01: /* SCNTL1 */
1653         s->scntl1 = val & ~LSI_SCNTL1_SST;
1654         if (val & LSI_SCNTL1_IARB) {
1655             BADF("Immediate Arbritration not implemented\n");
1656         }
1657         if (val & LSI_SCNTL1_RST) {
1658             if (!(s->sstat0 & LSI_SSTAT0_RST)) {
1659                 DeviceState *dev;
1660                 int id;
1661 
1662                 for (id = 0; id < s->bus.ndev; id++) {
1663                     if (s->bus.devs[id]) {
1664                         dev = &s->bus.devs[id]->qdev;
1665                         dev->info->reset(dev);
1666                     }
1667                 }
1668                 s->sstat0 |= LSI_SSTAT0_RST;
1669                 lsi_script_scsi_interrupt(s, LSI_SIST0_RST, 0);
1670             }
1671         } else {
1672             s->sstat0 &= ~LSI_SSTAT0_RST;
1673         }
1674         break;
1675     case 0x02: /* SCNTL2 */
1676         val &= ~(LSI_SCNTL2_WSR | LSI_SCNTL2_WSS);
1677         s->scntl2 = val;
1678         break;
1679     case 0x03: /* SCNTL3 */
1680         s->scntl3 = val;
1681         break;
1682     case 0x04: /* SCID */
1683         s->scid = val;
1684         break;
1685     case 0x05: /* SXFER */
1686         s->sxfer = val;
1687         break;
1688     case 0x06: /* SDID */
1689         if ((val & 0xf) != (s->ssid & 0xf))
1690             BADF("Destination ID does not match SSID\n");
1691         s->sdid = val & 0xf;
1692         break;
1693     case 0x07: /* GPREG0 */
1694         break;
1695     case 0x08: /* SFBR */
1696         /* The CPU is not allowed to write to this register.  However the
1697            SCRIPTS register move instructions are.  */
1698         s->sfbr = val;
1699         break;
1700     case 0x0a: case 0x0b:
1701         /* Openserver writes to these readonly registers on startup */
1702 	return;
1703     case 0x0c: case 0x0d: case 0x0e: case 0x0f:
1704         /* Linux writes to these readonly registers on startup.  */
1705         return;
1706     CASE_SET_REG32(dsa, 0x10)
1707     case 0x14: /* ISTAT0 */
1708         s->istat0 = (s->istat0 & 0x0f) | (val & 0xf0);
1709         if (val & LSI_ISTAT0_ABRT) {
1710             lsi_script_dma_interrupt(s, LSI_DSTAT_ABRT);
1711         }
1712         if (val & LSI_ISTAT0_INTF) {
1713             s->istat0 &= ~LSI_ISTAT0_INTF;
1714             lsi_update_irq(s);
1715         }
1716         if (s->waiting == 1 && val & LSI_ISTAT0_SIGP) {
1717             DPRINTF("Woken by SIGP\n");
1718             s->waiting = 0;
1719             s->dsp = s->dnad;
1720             lsi_execute_script(s);
1721         }
1722         if (val & LSI_ISTAT0_SRST) {
1723             lsi_soft_reset(s);
1724         }
1725         break;
1726     case 0x16: /* MBOX0 */
1727         s->mbox0 = val;
1728         break;
1729     case 0x17: /* MBOX1 */
1730         s->mbox1 = val;
1731         break;
1732     case 0x1a: /* CTEST2 */
1733 	s->ctest2 = val & LSI_CTEST2_PCICIE;
1734 	break;
1735     case 0x1b: /* CTEST3 */
1736         s->ctest3 = val & 0x0f;
1737         break;
1738     CASE_SET_REG32(temp, 0x1c)
1739     case 0x21: /* CTEST4 */
1740         if (val & 7) {
1741            BADF("Unimplemented CTEST4-FBL 0x%x\n", val);
1742         }
1743         s->ctest4 = val;
1744         break;
1745     case 0x22: /* CTEST5 */
1746         if (val & (LSI_CTEST5_ADCK | LSI_CTEST5_BBCK)) {
1747             BADF("CTEST5 DMA increment not implemented\n");
1748         }
1749         s->ctest5 = val;
1750         break;
1751     CASE_SET_REG24(dbc, 0x24)
1752     CASE_SET_REG32(dnad, 0x28)
1753     case 0x2c: /* DSP[0:7] */
1754         s->dsp &= 0xffffff00;
1755         s->dsp |= val;
1756         break;
1757     case 0x2d: /* DSP[8:15] */
1758         s->dsp &= 0xffff00ff;
1759         s->dsp |= val << 8;
1760         break;
1761     case 0x2e: /* DSP[16:23] */
1762         s->dsp &= 0xff00ffff;
1763         s->dsp |= val << 16;
1764         break;
1765     case 0x2f: /* DSP[24:31] */
1766         s->dsp &= 0x00ffffff;
1767         s->dsp |= val << 24;
1768         if ((s->dmode & LSI_DMODE_MAN) == 0
1769             && (s->istat1 & LSI_ISTAT1_SRUN) == 0)
1770             lsi_execute_script(s);
1771         break;
1772     CASE_SET_REG32(dsps, 0x30)
1773     CASE_SET_REG32(scratch[0], 0x34)
1774     case 0x38: /* DMODE */
1775         if (val & (LSI_DMODE_SIOM | LSI_DMODE_DIOM)) {
1776             BADF("IO mappings not implemented\n");
1777         }
1778         s->dmode = val;
1779         break;
1780     case 0x39: /* DIEN */
1781         s->dien = val;
1782         lsi_update_irq(s);
1783         break;
1784     case 0x3a: /* SBR */
1785         s->sbr = val;
1786         break;
1787     case 0x3b: /* DCNTL */
1788         s->dcntl = val & ~(LSI_DCNTL_PFF | LSI_DCNTL_STD);
1789         if ((val & LSI_DCNTL_STD) && (s->istat1 & LSI_ISTAT1_SRUN) == 0)
1790             lsi_execute_script(s);
1791         break;
1792     case 0x40: /* SIEN0 */
1793         s->sien0 = val;
1794         lsi_update_irq(s);
1795         break;
1796     case 0x41: /* SIEN1 */
1797         s->sien1 = val;
1798         lsi_update_irq(s);
1799         break;
1800     case 0x47: /* GPCNTL0 */
1801         break;
1802     case 0x48: /* STIME0 */
1803         s->stime0 = val;
1804         break;
1805     case 0x49: /* STIME1 */
1806         if (val & 0xf) {
1807             DPRINTF("General purpose timer not implemented\n");
1808             /* ??? Raising the interrupt immediately seems to be sufficient
1809                to keep the FreeBSD driver happy.  */
1810             lsi_script_scsi_interrupt(s, 0, LSI_SIST1_GEN);
1811         }
1812         break;
1813     case 0x4a: /* RESPID0 */
1814         s->respid0 = val;
1815         break;
1816     case 0x4b: /* RESPID1 */
1817         s->respid1 = val;
1818         break;
1819     case 0x4d: /* STEST1 */
1820         s->stest1 = val;
1821         break;
1822     case 0x4e: /* STEST2 */
1823         if (val & 1) {
1824             BADF("Low level mode not implemented\n");
1825         }
1826         s->stest2 = val;
1827         break;
1828     case 0x4f: /* STEST3 */
1829         if (val & 0x41) {
1830             BADF("SCSI FIFO test mode not implemented\n");
1831         }
1832         s->stest3 = val;
1833         break;
1834     case 0x56: /* CCNTL0 */
1835         s->ccntl0 = val;
1836         break;
1837     case 0x57: /* CCNTL1 */
1838         s->ccntl1 = val;
1839         break;
1840     CASE_SET_REG32(mmrs, 0xa0)
1841     CASE_SET_REG32(mmws, 0xa4)
1842     CASE_SET_REG32(sfs, 0xa8)
1843     CASE_SET_REG32(drs, 0xac)
1844     CASE_SET_REG32(sbms, 0xb0)
1845     CASE_SET_REG32(dbms, 0xb4)
1846     CASE_SET_REG32(dnad64, 0xb8)
1847     CASE_SET_REG32(pmjad1, 0xc0)
1848     CASE_SET_REG32(pmjad2, 0xc4)
1849     CASE_SET_REG32(rbc, 0xc8)
1850     CASE_SET_REG32(ua, 0xcc)
1851     CASE_SET_REG32(ia, 0xd4)
1852     CASE_SET_REG32(sbc, 0xd8)
1853     CASE_SET_REG32(csbc, 0xdc)
1854     default:
1855         if (offset >= 0x5c && offset < 0xa0) {
1856             int n;
1857             int shift;
1858             n = (offset - 0x58) >> 2;
1859             shift = (offset & 3) * 8;
1860             s->scratch[n] &= ~(0xff << shift);
1861             s->scratch[n] |= (val & 0xff) << shift;
1862         } else {
1863             BADF("Unhandled writeb 0x%x = 0x%x\n", offset, val);
1864         }
1865     }
1866 #undef CASE_SET_REG24
1867 #undef CASE_SET_REG32
1868 }
1869 
lsi_mmio_writeb(void * opaque,target_phys_addr_t addr,uint32_t val)1870 static void lsi_mmio_writeb(void *opaque, target_phys_addr_t addr, uint32_t val)
1871 {
1872     LSIState *s = opaque;
1873 
1874     lsi_reg_writeb(s, addr & 0xff, val);
1875 }
1876 
lsi_mmio_writew(void * opaque,target_phys_addr_t addr,uint32_t val)1877 static void lsi_mmio_writew(void *opaque, target_phys_addr_t addr, uint32_t val)
1878 {
1879     LSIState *s = opaque;
1880 
1881     addr &= 0xff;
1882     lsi_reg_writeb(s, addr, val & 0xff);
1883     lsi_reg_writeb(s, addr + 1, (val >> 8) & 0xff);
1884 }
1885 
lsi_mmio_writel(void * opaque,target_phys_addr_t addr,uint32_t val)1886 static void lsi_mmio_writel(void *opaque, target_phys_addr_t addr, uint32_t val)
1887 {
1888     LSIState *s = opaque;
1889 
1890     addr &= 0xff;
1891     lsi_reg_writeb(s, addr, val & 0xff);
1892     lsi_reg_writeb(s, addr + 1, (val >> 8) & 0xff);
1893     lsi_reg_writeb(s, addr + 2, (val >> 16) & 0xff);
1894     lsi_reg_writeb(s, addr + 3, (val >> 24) & 0xff);
1895 }
1896 
lsi_mmio_readb(void * opaque,target_phys_addr_t addr)1897 static uint32_t lsi_mmio_readb(void *opaque, target_phys_addr_t addr)
1898 {
1899     LSIState *s = opaque;
1900 
1901     return lsi_reg_readb(s, addr & 0xff);
1902 }
1903 
lsi_mmio_readw(void * opaque,target_phys_addr_t addr)1904 static uint32_t lsi_mmio_readw(void *opaque, target_phys_addr_t addr)
1905 {
1906     LSIState *s = opaque;
1907     uint32_t val;
1908 
1909     addr &= 0xff;
1910     val = lsi_reg_readb(s, addr);
1911     val |= lsi_reg_readb(s, addr + 1) << 8;
1912     return val;
1913 }
1914 
lsi_mmio_readl(void * opaque,target_phys_addr_t addr)1915 static uint32_t lsi_mmio_readl(void *opaque, target_phys_addr_t addr)
1916 {
1917     LSIState *s = opaque;
1918     uint32_t val;
1919     addr &= 0xff;
1920     val = lsi_reg_readb(s, addr);
1921     val |= lsi_reg_readb(s, addr + 1) << 8;
1922     val |= lsi_reg_readb(s, addr + 2) << 16;
1923     val |= lsi_reg_readb(s, addr + 3) << 24;
1924     return val;
1925 }
1926 
1927 static CPUReadMemoryFunc * const lsi_mmio_readfn[3] = {
1928     lsi_mmio_readb,
1929     lsi_mmio_readw,
1930     lsi_mmio_readl,
1931 };
1932 
1933 static CPUWriteMemoryFunc * const lsi_mmio_writefn[3] = {
1934     lsi_mmio_writeb,
1935     lsi_mmio_writew,
1936     lsi_mmio_writel,
1937 };
1938 
lsi_ram_writeb(void * opaque,target_phys_addr_t addr,uint32_t val)1939 static void lsi_ram_writeb(void *opaque, target_phys_addr_t addr, uint32_t val)
1940 {
1941     LSIState *s = opaque;
1942     uint32_t newval;
1943     int shift;
1944 
1945     addr &= 0x1fff;
1946     newval = s->script_ram[addr >> 2];
1947     shift = (addr & 3) * 8;
1948     newval &= ~(0xff << shift);
1949     newval |= val << shift;
1950     s->script_ram[addr >> 2] = newval;
1951 }
1952 
lsi_ram_writew(void * opaque,target_phys_addr_t addr,uint32_t val)1953 static void lsi_ram_writew(void *opaque, target_phys_addr_t addr, uint32_t val)
1954 {
1955     LSIState *s = opaque;
1956     uint32_t newval;
1957 
1958     addr &= 0x1fff;
1959     newval = s->script_ram[addr >> 2];
1960     if (addr & 2) {
1961         newval = (newval & 0xffff) | (val << 16);
1962     } else {
1963         newval = (newval & 0xffff0000) | val;
1964     }
1965     s->script_ram[addr >> 2] = newval;
1966 }
1967 
1968 
lsi_ram_writel(void * opaque,target_phys_addr_t addr,uint32_t val)1969 static void lsi_ram_writel(void *opaque, target_phys_addr_t addr, uint32_t val)
1970 {
1971     LSIState *s = opaque;
1972 
1973     addr &= 0x1fff;
1974     s->script_ram[addr >> 2] = val;
1975 }
1976 
lsi_ram_readb(void * opaque,target_phys_addr_t addr)1977 static uint32_t lsi_ram_readb(void *opaque, target_phys_addr_t addr)
1978 {
1979     LSIState *s = opaque;
1980     uint32_t val;
1981 
1982     addr &= 0x1fff;
1983     val = s->script_ram[addr >> 2];
1984     val >>= (addr & 3) * 8;
1985     return val & 0xff;
1986 }
1987 
lsi_ram_readw(void * opaque,target_phys_addr_t addr)1988 static uint32_t lsi_ram_readw(void *opaque, target_phys_addr_t addr)
1989 {
1990     LSIState *s = opaque;
1991     uint32_t val;
1992 
1993     addr &= 0x1fff;
1994     val = s->script_ram[addr >> 2];
1995     if (addr & 2)
1996         val >>= 16;
1997     return val;
1998 }
1999 
lsi_ram_readl(void * opaque,target_phys_addr_t addr)2000 static uint32_t lsi_ram_readl(void *opaque, target_phys_addr_t addr)
2001 {
2002     LSIState *s = opaque;
2003 
2004     addr &= 0x1fff;
2005     return s->script_ram[addr >> 2];
2006 }
2007 
2008 static CPUReadMemoryFunc * const lsi_ram_readfn[3] = {
2009     lsi_ram_readb,
2010     lsi_ram_readw,
2011     lsi_ram_readl,
2012 };
2013 
2014 static CPUWriteMemoryFunc * const lsi_ram_writefn[3] = {
2015     lsi_ram_writeb,
2016     lsi_ram_writew,
2017     lsi_ram_writel,
2018 };
2019 
lsi_io_readb(void * opaque,uint32_t addr)2020 static uint32_t lsi_io_readb(void *opaque, uint32_t addr)
2021 {
2022     LSIState *s = opaque;
2023     return lsi_reg_readb(s, addr & 0xff);
2024 }
2025 
lsi_io_readw(void * opaque,uint32_t addr)2026 static uint32_t lsi_io_readw(void *opaque, uint32_t addr)
2027 {
2028     LSIState *s = opaque;
2029     uint32_t val;
2030     addr &= 0xff;
2031     val = lsi_reg_readb(s, addr);
2032     val |= lsi_reg_readb(s, addr + 1) << 8;
2033     return val;
2034 }
2035 
lsi_io_readl(void * opaque,uint32_t addr)2036 static uint32_t lsi_io_readl(void *opaque, uint32_t addr)
2037 {
2038     LSIState *s = opaque;
2039     uint32_t val;
2040     addr &= 0xff;
2041     val = lsi_reg_readb(s, addr);
2042     val |= lsi_reg_readb(s, addr + 1) << 8;
2043     val |= lsi_reg_readb(s, addr + 2) << 16;
2044     val |= lsi_reg_readb(s, addr + 3) << 24;
2045     return val;
2046 }
2047 
lsi_io_writeb(void * opaque,uint32_t addr,uint32_t val)2048 static void lsi_io_writeb(void *opaque, uint32_t addr, uint32_t val)
2049 {
2050     LSIState *s = opaque;
2051     lsi_reg_writeb(s, addr & 0xff, val);
2052 }
2053 
lsi_io_writew(void * opaque,uint32_t addr,uint32_t val)2054 static void lsi_io_writew(void *opaque, uint32_t addr, uint32_t val)
2055 {
2056     LSIState *s = opaque;
2057     addr &= 0xff;
2058     lsi_reg_writeb(s, addr, val & 0xff);
2059     lsi_reg_writeb(s, addr + 1, (val >> 8) & 0xff);
2060 }
2061 
lsi_io_writel(void * opaque,uint32_t addr,uint32_t val)2062 static void lsi_io_writel(void *opaque, uint32_t addr, uint32_t val)
2063 {
2064     LSIState *s = opaque;
2065     addr &= 0xff;
2066     lsi_reg_writeb(s, addr, val & 0xff);
2067     lsi_reg_writeb(s, addr + 1, (val >> 8) & 0xff);
2068     lsi_reg_writeb(s, addr + 2, (val >> 16) & 0xff);
2069     lsi_reg_writeb(s, addr + 3, (val >> 24) & 0xff);
2070 }
2071 
lsi_io_mapfunc(PCIDevice * pci_dev,int region_num,pcibus_t addr,pcibus_t size,int type)2072 static void lsi_io_mapfunc(PCIDevice *pci_dev, int region_num,
2073                            pcibus_t addr, pcibus_t size, int type)
2074 {
2075     LSIState *s = DO_UPCAST(LSIState, dev, pci_dev);
2076 
2077     DPRINTF("Mapping IO at %08"FMT_PCIBUS"\n", addr);
2078 
2079     register_ioport_write(addr, 256, 1, lsi_io_writeb, s);
2080     register_ioport_read(addr, 256, 1, lsi_io_readb, s);
2081     register_ioport_write(addr, 256, 2, lsi_io_writew, s);
2082     register_ioport_read(addr, 256, 2, lsi_io_readw, s);
2083     register_ioport_write(addr, 256, 4, lsi_io_writel, s);
2084     register_ioport_read(addr, 256, 4, lsi_io_readl, s);
2085 }
2086 
lsi_ram_mapfunc(PCIDevice * pci_dev,int region_num,pcibus_t addr,pcibus_t size,int type)2087 static void lsi_ram_mapfunc(PCIDevice *pci_dev, int region_num,
2088                             pcibus_t addr, pcibus_t size, int type)
2089 {
2090     LSIState *s = DO_UPCAST(LSIState, dev, pci_dev);
2091 
2092     DPRINTF("Mapping ram at %08"FMT_PCIBUS"\n", addr);
2093     s->script_ram_base = addr;
2094     cpu_register_physical_memory(addr + 0, 0x2000, s->ram_io_addr);
2095 }
2096 
lsi_mmio_mapfunc(PCIDevice * pci_dev,int region_num,pcibus_t addr,pcibus_t size,int type)2097 static void lsi_mmio_mapfunc(PCIDevice *pci_dev, int region_num,
2098                              pcibus_t addr, pcibus_t size, int type)
2099 {
2100     LSIState *s = DO_UPCAST(LSIState, dev, pci_dev);
2101 
2102     DPRINTF("Mapping registers at %08"FMT_PCIBUS"\n", addr);
2103     cpu_register_physical_memory(addr + 0, 0x400, s->mmio_io_addr);
2104 }
2105 
lsi_scsi_reset(DeviceState * dev)2106 static void lsi_scsi_reset(DeviceState *dev)
2107 {
2108     LSIState *s = DO_UPCAST(LSIState, dev.qdev, dev);
2109 
2110     lsi_soft_reset(s);
2111 }
2112 
lsi_pre_save(void * opaque)2113 static void lsi_pre_save(void *opaque)
2114 {
2115     LSIState *s = opaque;
2116 
2117     if (s->current) {
2118         assert(s->current->dma_buf == NULL);
2119         assert(s->current->dma_len == 0);
2120     }
2121     assert(QTAILQ_EMPTY(&s->queue));
2122 }
2123 
2124 static const VMStateDescription vmstate_lsi_scsi = {
2125     .name = "lsiscsi",
2126     .version_id = 0,
2127     .minimum_version_id = 0,
2128     .minimum_version_id_old = 0,
2129     .pre_save = lsi_pre_save,
2130     .fields      = (VMStateField []) {
2131         VMSTATE_PCI_DEVICE(dev, LSIState),
2132 
2133         VMSTATE_INT32(carry, LSIState),
2134         VMSTATE_INT32(sense, LSIState),
2135         VMSTATE_INT32(msg_action, LSIState),
2136         VMSTATE_INT32(msg_len, LSIState),
2137         VMSTATE_BUFFER(msg, LSIState),
2138         VMSTATE_INT32(waiting, LSIState),
2139 
2140         VMSTATE_UINT32(dsa, LSIState),
2141         VMSTATE_UINT32(temp, LSIState),
2142         VMSTATE_UINT32(dnad, LSIState),
2143         VMSTATE_UINT32(dbc, LSIState),
2144         VMSTATE_UINT8(istat0, LSIState),
2145         VMSTATE_UINT8(istat1, LSIState),
2146         VMSTATE_UINT8(dcmd, LSIState),
2147         VMSTATE_UINT8(dstat, LSIState),
2148         VMSTATE_UINT8(dien, LSIState),
2149         VMSTATE_UINT8(sist0, LSIState),
2150         VMSTATE_UINT8(sist1, LSIState),
2151         VMSTATE_UINT8(sien0, LSIState),
2152         VMSTATE_UINT8(sien1, LSIState),
2153         VMSTATE_UINT8(mbox0, LSIState),
2154         VMSTATE_UINT8(mbox1, LSIState),
2155         VMSTATE_UINT8(dfifo, LSIState),
2156         VMSTATE_UINT8(ctest2, LSIState),
2157         VMSTATE_UINT8(ctest3, LSIState),
2158         VMSTATE_UINT8(ctest4, LSIState),
2159         VMSTATE_UINT8(ctest5, LSIState),
2160         VMSTATE_UINT8(ccntl0, LSIState),
2161         VMSTATE_UINT8(ccntl1, LSIState),
2162         VMSTATE_UINT32(dsp, LSIState),
2163         VMSTATE_UINT32(dsps, LSIState),
2164         VMSTATE_UINT8(dmode, LSIState),
2165         VMSTATE_UINT8(dcntl, LSIState),
2166         VMSTATE_UINT8(scntl0, LSIState),
2167         VMSTATE_UINT8(scntl1, LSIState),
2168         VMSTATE_UINT8(scntl2, LSIState),
2169         VMSTATE_UINT8(scntl3, LSIState),
2170         VMSTATE_UINT8(sstat0, LSIState),
2171         VMSTATE_UINT8(sstat1, LSIState),
2172         VMSTATE_UINT8(scid, LSIState),
2173         VMSTATE_UINT8(sxfer, LSIState),
2174         VMSTATE_UINT8(socl, LSIState),
2175         VMSTATE_UINT8(sdid, LSIState),
2176         VMSTATE_UINT8(ssid, LSIState),
2177         VMSTATE_UINT8(sfbr, LSIState),
2178         VMSTATE_UINT8(stest1, LSIState),
2179         VMSTATE_UINT8(stest2, LSIState),
2180         VMSTATE_UINT8(stest3, LSIState),
2181         VMSTATE_UINT8(sidl, LSIState),
2182         VMSTATE_UINT8(stime0, LSIState),
2183         VMSTATE_UINT8(respid0, LSIState),
2184         VMSTATE_UINT8(respid1, LSIState),
2185         VMSTATE_UINT32(mmrs, LSIState),
2186         VMSTATE_UINT32(mmws, LSIState),
2187         VMSTATE_UINT32(sfs, LSIState),
2188         VMSTATE_UINT32(drs, LSIState),
2189         VMSTATE_UINT32(sbms, LSIState),
2190         VMSTATE_UINT32(dbms, LSIState),
2191         VMSTATE_UINT32(dnad64, LSIState),
2192         VMSTATE_UINT32(pmjad1, LSIState),
2193         VMSTATE_UINT32(pmjad2, LSIState),
2194         VMSTATE_UINT32(rbc, LSIState),
2195         VMSTATE_UINT32(ua, LSIState),
2196         VMSTATE_UINT32(ia, LSIState),
2197         VMSTATE_UINT32(sbc, LSIState),
2198         VMSTATE_UINT32(csbc, LSIState),
2199         VMSTATE_BUFFER_UNSAFE(scratch, LSIState, 0, 18 * sizeof(uint32_t)),
2200         VMSTATE_UINT8(sbr, LSIState),
2201 
2202         VMSTATE_BUFFER_UNSAFE(script_ram, LSIState, 0, 2048 * sizeof(uint32_t)),
2203         VMSTATE_END_OF_LIST()
2204     }
2205 };
2206 
lsi_scsi_uninit(PCIDevice * d)2207 static int lsi_scsi_uninit(PCIDevice *d)
2208 {
2209     LSIState *s = DO_UPCAST(LSIState, dev, d);
2210 
2211     cpu_unregister_io_memory(s->mmio_io_addr);
2212     cpu_unregister_io_memory(s->ram_io_addr);
2213 
2214     return 0;
2215 }
2216 
lsi_scsi_init(PCIDevice * dev)2217 static int lsi_scsi_init(PCIDevice *dev)
2218 {
2219     LSIState *s = DO_UPCAST(LSIState, dev, dev);
2220     uint8_t *pci_conf;
2221 
2222     pci_conf = s->dev.config;
2223 
2224     /* PCI Vendor ID (word) */
2225     pci_config_set_vendor_id(pci_conf, PCI_VENDOR_ID_LSI_LOGIC);
2226     /* PCI device ID (word) */
2227     pci_config_set_device_id(pci_conf, PCI_DEVICE_ID_LSI_53C895A);
2228     /* PCI base class code */
2229     pci_config_set_class(pci_conf, PCI_CLASS_STORAGE_SCSI);
2230     /* PCI subsystem ID */
2231     pci_conf[PCI_SUBSYSTEM_ID] = 0x00;
2232     pci_conf[PCI_SUBSYSTEM_ID + 1] = 0x10;
2233     /* PCI latency timer = 255 */
2234     pci_conf[PCI_LATENCY_TIMER] = 0xff;
2235     /* TODO: RST# value should be 0 */
2236     /* Interrupt pin 1 */
2237     pci_conf[PCI_INTERRUPT_PIN] = 0x01;
2238 
2239     s->mmio_io_addr = cpu_register_io_memory(lsi_mmio_readfn,
2240                                              lsi_mmio_writefn, s,
2241                                              DEVICE_NATIVE_ENDIAN);
2242     s->ram_io_addr = cpu_register_io_memory(lsi_ram_readfn,
2243                                             lsi_ram_writefn, s,
2244                                             DEVICE_NATIVE_ENDIAN);
2245 
2246     pci_register_bar(&s->dev, 0, 256,
2247                            PCI_BASE_ADDRESS_SPACE_IO, lsi_io_mapfunc);
2248     pci_register_bar(&s->dev, 1, 0x400,
2249                            PCI_BASE_ADDRESS_SPACE_MEMORY, lsi_mmio_mapfunc);
2250     pci_register_bar(&s->dev, 2, 0x2000,
2251                            PCI_BASE_ADDRESS_SPACE_MEMORY, lsi_ram_mapfunc);
2252     QTAILQ_INIT(&s->queue);
2253 
2254     scsi_bus_new(&s->bus, &dev->qdev, 1, LSI_MAX_DEVS, lsi_command_complete);
2255     if (!dev->qdev.hotplugged) {
2256         return scsi_bus_legacy_handle_cmdline(&s->bus);
2257     }
2258     return 0;
2259 }
2260 
2261 static PCIDeviceInfo lsi_info = {
2262     .qdev.name  = "lsi53c895a",
2263     .qdev.alias = "lsi",
2264     .qdev.size  = sizeof(LSIState),
2265     .qdev.reset = lsi_scsi_reset,
2266     .qdev.vmsd  = &vmstate_lsi_scsi,
2267     .init       = lsi_scsi_init,
2268     .exit       = lsi_scsi_uninit,
2269 };
2270 
lsi53c895a_register_devices(void)2271 static void lsi53c895a_register_devices(void)
2272 {
2273     pci_qdev_register(&lsi_info);
2274 }
2275 
2276 device_init(lsi53c895a_register_devices);
2277