Statistics
| Branch: | Revision:

root / hw / lsi53c895a.c @ 5fafdf24

History | View | Annotate | Download (51.9 kB)

1
/*
2
 * QEMU LSI53C895A SCSI Host Bus Adapter emulation
3
 *
4
 * Copyright (c) 2006 CodeSourcery.
5
 * Written by Paul Brook
6
 *
7
 * This code is licenced under the LGPL.
8
 */
9

    
10
/* ??? Need to check if the {read,write}[wl] routines work properly on
11
   big-endian targets.  */
12

    
13
#include "vl.h"
14

    
15
//#define DEBUG_LSI
16
//#define DEBUG_LSI_REG
17

    
18
#ifdef DEBUG_LSI
19
#define DPRINTF(fmt, args...) \
20
do { printf("lsi_scsi: " fmt , ##args); } while (0)
21
#define BADF(fmt, args...) \
22
do { fprintf(stderr, "lsi_scsi: error: " fmt , ##args); exit(1);} while (0)
23
#else
24
#define DPRINTF(fmt, args...) do {} while(0)
25
#define BADF(fmt, args...) \
26
do { fprintf(stderr, "lsi_scsi: error: " fmt , ##args);} while (0)
27
#endif
28

    
29
#define LSI_SCNTL0_TRG    0x01
30
#define LSI_SCNTL0_AAP    0x02
31
#define LSI_SCNTL0_EPC    0x08
32
#define LSI_SCNTL0_WATN   0x10
33
#define LSI_SCNTL0_START  0x20
34

    
35
#define LSI_SCNTL1_SST    0x01
36
#define LSI_SCNTL1_IARB   0x02
37
#define LSI_SCNTL1_AESP   0x04
38
#define LSI_SCNTL1_RST    0x08
39
#define LSI_SCNTL1_CON    0x10
40
#define LSI_SCNTL1_DHP    0x20
41
#define LSI_SCNTL1_ADB    0x40
42
#define LSI_SCNTL1_EXC    0x80
43

    
44
#define LSI_SCNTL2_WSR    0x01
45
#define LSI_SCNTL2_VUE0   0x02
46
#define LSI_SCNTL2_VUE1   0x04
47
#define LSI_SCNTL2_WSS    0x08
48
#define LSI_SCNTL2_SLPHBEN 0x10
49
#define LSI_SCNTL2_SLPMD  0x20
50
#define LSI_SCNTL2_CHM    0x40
51
#define LSI_SCNTL2_SDU    0x80
52

    
53
#define LSI_ISTAT0_DIP    0x01
54
#define LSI_ISTAT0_SIP    0x02
55
#define LSI_ISTAT0_INTF   0x04
56
#define LSI_ISTAT0_CON    0x08
57
#define LSI_ISTAT0_SEM    0x10
58
#define LSI_ISTAT0_SIGP   0x20
59
#define LSI_ISTAT0_SRST   0x40
60
#define LSI_ISTAT0_ABRT   0x80
61

    
62
#define LSI_ISTAT1_SI     0x01
63
#define LSI_ISTAT1_SRUN   0x02
64
#define LSI_ISTAT1_FLSH   0x04
65

    
66
#define LSI_SSTAT0_SDP0   0x01
67
#define LSI_SSTAT0_RST    0x02
68
#define LSI_SSTAT0_WOA    0x04
69
#define LSI_SSTAT0_LOA    0x08
70
#define LSI_SSTAT0_AIP    0x10
71
#define LSI_SSTAT0_OLF    0x20
72
#define LSI_SSTAT0_ORF    0x40
73
#define LSI_SSTAT0_ILF    0x80
74

    
75
#define LSI_SIST0_PAR     0x01
76
#define LSI_SIST0_RST     0x02
77
#define LSI_SIST0_UDC     0x04
78
#define LSI_SIST0_SGE     0x08
79
#define LSI_SIST0_RSL     0x10
80
#define LSI_SIST0_SEL     0x20
81
#define LSI_SIST0_CMP     0x40
82
#define LSI_SIST0_MA      0x80
83

    
84
#define LSI_SIST1_HTH     0x01
85
#define LSI_SIST1_GEN     0x02
86
#define LSI_SIST1_STO     0x04
87
#define LSI_SIST1_SBMC    0x10
88

    
89
#define LSI_SOCL_IO       0x01
90
#define LSI_SOCL_CD       0x02
91
#define LSI_SOCL_MSG      0x04
92
#define LSI_SOCL_ATN      0x08
93
#define LSI_SOCL_SEL      0x10
94
#define LSI_SOCL_BSY      0x20
95
#define LSI_SOCL_ACK      0x40
96
#define LSI_SOCL_REQ      0x80
97

    
98
#define LSI_DSTAT_IID     0x01
99
#define LSI_DSTAT_SIR     0x04
100
#define LSI_DSTAT_SSI     0x08
101
#define LSI_DSTAT_ABRT    0x10
102
#define LSI_DSTAT_BF      0x20
103
#define LSI_DSTAT_MDPE    0x40
104
#define LSI_DSTAT_DFE     0x80
105

    
106
#define LSI_DCNTL_COM     0x01
107
#define LSI_DCNTL_IRQD    0x02
108
#define LSI_DCNTL_STD     0x04
109
#define LSI_DCNTL_IRQM    0x08
110
#define LSI_DCNTL_SSM     0x10
111
#define LSI_DCNTL_PFEN    0x20
112
#define LSI_DCNTL_PFF     0x40
113
#define LSI_DCNTL_CLSE    0x80
114

    
115
#define LSI_DMODE_MAN     0x01
116
#define LSI_DMODE_BOF     0x02
117
#define LSI_DMODE_ERMP    0x04
118
#define LSI_DMODE_ERL     0x08
119
#define LSI_DMODE_DIOM    0x10
120
#define LSI_DMODE_SIOM    0x20
121

    
122
#define LSI_CTEST2_DACK   0x01
123
#define LSI_CTEST2_DREQ   0x02
124
#define LSI_CTEST2_TEOP   0x04
125
#define LSI_CTEST2_PCICIE 0x08
126
#define LSI_CTEST2_CM     0x10
127
#define LSI_CTEST2_CIO    0x20
128
#define LSI_CTEST2_SIGP   0x40
129
#define LSI_CTEST2_DDIR   0x80
130

    
131
#define LSI_CTEST5_BL2    0x04
132
#define LSI_CTEST5_DDIR   0x08
133
#define LSI_CTEST5_MASR   0x10
134
#define LSI_CTEST5_DFSN   0x20
135
#define LSI_CTEST5_BBCK   0x40
136
#define LSI_CTEST5_ADCK   0x80
137

    
138
#define LSI_CCNTL0_DILS   0x01
139
#define LSI_CCNTL0_DISFC  0x10
140
#define LSI_CCNTL0_ENNDJ  0x20
141
#define LSI_CCNTL0_PMJCTL 0x40
142
#define LSI_CCNTL0_ENPMJ  0x80
143

    
144
#define PHASE_DO          0
145
#define PHASE_DI          1
146
#define PHASE_CMD         2
147
#define PHASE_ST          3
148
#define PHASE_MO          6
149
#define PHASE_MI          7
150
#define PHASE_MASK        7
151

    
152
/* The HBA is ID 7, so for simplicitly limit to 7 devices.  */
153
#define LSI_MAX_DEVS      7
154

    
155
/* Maximum length of MSG IN data.  */
156
#define LSI_MAX_MSGIN_LEN 8
157

    
158
/* Flag set if this is a tagged command.  */
159
#define LSI_TAG_VALID     (1 << 16)
160

    
161
typedef struct {
162
    uint32_t tag;
163
    uint32_t pending;
164
    int out;
165
} lsi_queue;
166

    
167
typedef struct {
168
    PCIDevice pci_dev;
169
    int mmio_io_addr;
170
    int ram_io_addr;
171
    uint32_t script_ram_base;
172

    
173
    int carry; /* ??? Should this be an a visible register somewhere?  */
174
    int sense;
175
    /* Action to take at the end of a MSG IN phase.
176
       0 = COMMAND, 1 = disconect, 2 = DATA OUT, 3 = DATA IN.  */
177
    int msg_action;
178
    int msg_len;
179
    uint8_t msg[LSI_MAX_MSGIN_LEN];
180
    /* 0 if SCRIPTS are running or stopped.
181
     * 1 if a Wait Reselect instruction has been issued.
182
     * 2 if processing DMA from lsi_execute_script.
183
     * 3 if a DMA operation is in progress.  */
184
    int waiting;
185
    SCSIDevice *scsi_dev[LSI_MAX_DEVS];
186
    SCSIDevice *current_dev;
187
    int current_lun;
188
    /* The tag is a combination of the device ID and the SCSI tag.  */
189
    uint32_t current_tag;
190
    uint32_t current_dma_len;
191
    uint8_t *dma_buf;
192
    lsi_queue *queue;
193
    int queue_len;
194
    int active_commands;
195

    
196
    uint32_t dsa;
197
    uint32_t temp;
198
    uint32_t dnad;
199
    uint32_t dbc;
200
    uint8_t istat0;
201
    uint8_t istat1;
202
    uint8_t dcmd;
203
    uint8_t dstat;
204
    uint8_t dien;
205
    uint8_t sist0;
206
    uint8_t sist1;
207
    uint8_t sien0;
208
    uint8_t sien1;
209
    uint8_t mbox0;
210
    uint8_t mbox1;
211
    uint8_t dfifo;
212
    uint8_t ctest3;
213
    uint8_t ctest4;
214
    uint8_t ctest5;
215
    uint8_t ccntl0;
216
    uint8_t ccntl1;
217
    uint32_t dsp;
218
    uint32_t dsps;
219
    uint8_t dmode;
220
    uint8_t dcntl;
221
    uint8_t scntl0;
222
    uint8_t scntl1;
223
    uint8_t scntl2;
224
    uint8_t scntl3;
225
    uint8_t sstat0;
226
    uint8_t sstat1;
227
    uint8_t scid;
228
    uint8_t sxfer;
229
    uint8_t socl;
230
    uint8_t sdid;
231
    uint8_t ssid;
232
    uint8_t sfbr;
233
    uint8_t stest1;
234
    uint8_t stest2;
235
    uint8_t stest3;
236
    uint8_t sidl;
237
    uint8_t stime0;
238
    uint8_t respid0;
239
    uint8_t respid1;
240
    uint32_t mmrs;
241
    uint32_t mmws;
242
    uint32_t sfs;
243
    uint32_t drs;
244
    uint32_t sbms;
245
    uint32_t dmbs;
246
    uint32_t dnad64;
247
    uint32_t pmjad1;
248
    uint32_t pmjad2;
249
    uint32_t rbc;
250
    uint32_t ua;
251
    uint32_t ia;
252
    uint32_t sbc;
253
    uint32_t csbc;
254
    uint32_t scratch[18]; /* SCRATCHA-SCRATCHR */
255

    
256
    /* Script ram is stored as 32-bit words in host byteorder.  */
257
    uint32_t script_ram[2048];
258
} LSIState;
259

    
260
static void lsi_soft_reset(LSIState *s)
261
{
262
    DPRINTF("Reset\n");
263
    s->carry = 0;
264

    
265
    s->waiting = 0;
266
    s->dsa = 0;
267
    s->dnad = 0;
268
    s->dbc = 0;
269
    s->temp = 0;
270
    memset(s->scratch, 0, sizeof(s->scratch));
271
    s->istat0 = 0;
272
    s->istat1 = 0;
273
    s->dcmd = 0;
274
    s->dstat = 0;
275
    s->dien = 0;
276
    s->sist0 = 0;
277
    s->sist1 = 0;
278
    s->sien0 = 0;
279
    s->sien1 = 0;
280
    s->mbox0 = 0;
281
    s->mbox1 = 0;
282
    s->dfifo = 0;
283
    s->ctest3 = 0;
284
    s->ctest4 = 0;
285
    s->ctest5 = 0;
286
    s->ccntl0 = 0;
287
    s->ccntl1 = 0;
288
    s->dsp = 0;
289
    s->dsps = 0;
290
    s->dmode = 0;
291
    s->dcntl = 0;
292
    s->scntl0 = 0xc0;
293
    s->scntl1 = 0;
294
    s->scntl2 = 0;
295
    s->scntl3 = 0;
296
    s->sstat0 = 0;
297
    s->sstat1 = 0;
298
    s->scid = 7;
299
    s->sxfer = 0;
300
    s->socl = 0;
301
    s->stest1 = 0;
302
    s->stest2 = 0;
303
    s->stest3 = 0;
304
    s->sidl = 0;
305
    s->stime0 = 0;
306
    s->respid0 = 0x80;
307
    s->respid1 = 0;
308
    s->mmrs = 0;
309
    s->mmws = 0;
310
    s->sfs = 0;
311
    s->drs = 0;
312
    s->sbms = 0;
313
    s->dmbs = 0;
314
    s->dnad64 = 0;
315
    s->pmjad1 = 0;
316
    s->pmjad2 = 0;
317
    s->rbc = 0;
318
    s->ua = 0;
319
    s->ia = 0;
320
    s->sbc = 0;
321
    s->csbc = 0;
322
}
323

    
324
static uint8_t lsi_reg_readb(LSIState *s, int offset);
325
static void lsi_reg_writeb(LSIState *s, int offset, uint8_t val);
326
static void lsi_execute_script(LSIState *s);
327

    
328
static inline uint32_t read_dword(LSIState *s, uint32_t addr)
329
{
330
    uint32_t buf;
331

    
332
    /* Optimize reading from SCRIPTS RAM.  */
333
    if ((addr & 0xffffe000) == s->script_ram_base) {
334
        return s->script_ram[(addr & 0x1fff) >> 2];
335
    }
336
    cpu_physical_memory_read(addr, (uint8_t *)&buf, 4);
337
    return cpu_to_le32(buf);
338
}
339

    
340
static void lsi_stop_script(LSIState *s)
341
{
342
    s->istat1 &= ~LSI_ISTAT1_SRUN;
343
}
344

    
345
static void lsi_update_irq(LSIState *s)
346
{
347
    int level;
348
    static int last_level;
349

    
350
    /* It's unclear whether the DIP/SIP bits should be cleared when the
351
       Interrupt Status Registers are cleared or when istat0 is read.
352
       We currently do the formwer, which seems to work.  */
353
    level = 0;
354
    if (s->dstat) {
355
        if (s->dstat & s->dien)
356
            level = 1;
357
        s->istat0 |= LSI_ISTAT0_DIP;
358
    } else {
359
        s->istat0 &= ~LSI_ISTAT0_DIP;
360
    }
361

    
362
    if (s->sist0 || s->sist1) {
363
        if ((s->sist0 & s->sien0) || (s->sist1 & s->sien1))
364
            level = 1;
365
        s->istat0 |= LSI_ISTAT0_SIP;
366
    } else {
367
        s->istat0 &= ~LSI_ISTAT0_SIP;
368
    }
369
    if (s->istat0 & LSI_ISTAT0_INTF)
370
        level = 1;
371

    
372
    if (level != last_level) {
373
        DPRINTF("Update IRQ level %d dstat %02x sist %02x%02x\n",
374
                level, s->dstat, s->sist1, s->sist0);
375
        last_level = level;
376
    }
377
    qemu_set_irq(s->pci_dev.irq[0], level);
378
}
379

    
380
/* Stop SCRIPTS execution and raise a SCSI interrupt.  */
381
static void lsi_script_scsi_interrupt(LSIState *s, int stat0, int stat1)
382
{
383
    uint32_t mask0;
384
    uint32_t mask1;
385

    
386
    DPRINTF("SCSI Interrupt 0x%02x%02x prev 0x%02x%02x\n",
387
            stat1, stat0, s->sist1, s->sist0);
388
    s->sist0 |= stat0;
389
    s->sist1 |= stat1;
390
    /* Stop processor on fatal or unmasked interrupt.  As a special hack
391
       we don't stop processing when raising STO.  Instead continue
392
       execution and stop at the next insn that accesses the SCSI bus.  */
393
    mask0 = s->sien0 | ~(LSI_SIST0_CMP | LSI_SIST0_SEL | LSI_SIST0_RSL);
394
    mask1 = s->sien1 | ~(LSI_SIST1_GEN | LSI_SIST1_HTH);
395
    mask1 &= ~LSI_SIST1_STO;
396
    if (s->sist0 & mask0 || s->sist1 & mask1) {
397
        lsi_stop_script(s);
398
    }
399
    lsi_update_irq(s);
400
}
401

    
402
/* Stop SCRIPTS execution and raise a DMA interrupt.  */
403
static void lsi_script_dma_interrupt(LSIState *s, int stat)
404
{
405
    DPRINTF("DMA Interrupt 0x%x prev 0x%x\n", stat, s->dstat);
406
    s->dstat |= stat;
407
    lsi_update_irq(s);
408
    lsi_stop_script(s);
409
}
410

    
411
static inline void lsi_set_phase(LSIState *s, int phase)
412
{
413
    s->sstat1 = (s->sstat1 & ~PHASE_MASK) | phase;
414
}
415

    
416
static void lsi_bad_phase(LSIState *s, int out, int new_phase)
417
{
418
    /* Trigger a phase mismatch.  */
419
    if (s->ccntl0 & LSI_CCNTL0_ENPMJ) {
420
        if ((s->ccntl0 & LSI_CCNTL0_PMJCTL) || out) {
421
            s->dsp = s->pmjad1;
422
        } else {
423
            s->dsp = s->pmjad2;
424
        }
425
        DPRINTF("Data phase mismatch jump to %08x\n", s->dsp);
426
    } else {
427
        DPRINTF("Phase mismatch interrupt\n");
428
        lsi_script_scsi_interrupt(s, LSI_SIST0_MA, 0);
429
        lsi_stop_script(s);
430
    }
431
    lsi_set_phase(s, new_phase);
432
}
433

    
434

    
435
/* Resume SCRIPTS execution after a DMA operation.  */
436
static void lsi_resume_script(LSIState *s)
437
{
438
    if (s->waiting != 2) {
439
        s->waiting = 0;
440
        lsi_execute_script(s);
441
    } else {
442
        s->waiting = 0;
443
    }
444
}
445

    
446
/* Initiate a SCSI layer data transfer.  */
447
static void lsi_do_dma(LSIState *s, int out)
448
{
449
    uint32_t count;
450
    uint32_t addr;
451

    
452
    if (!s->current_dma_len) {
453
        /* Wait until data is available.  */
454
        DPRINTF("DMA no data available\n");
455
        return;
456
    }
457

    
458
    count = s->dbc;
459
    if (count > s->current_dma_len)
460
        count = s->current_dma_len;
461
    DPRINTF("DMA addr=0x%08x len=%d\n", s->dnad, count);
462

    
463
    addr = s->dnad;
464
    s->csbc += count;
465
    s->dnad += count;
466
    s->dbc -= count;
467

    
468
    if (s->dma_buf == NULL) {
469
        s->dma_buf = scsi_get_buf(s->current_dev, s->current_tag);
470
    }
471

    
472
    /* ??? Set SFBR to first data byte.  */
473
    if (out) {
474
        cpu_physical_memory_read(addr, s->dma_buf, count);
475
    } else {
476
        cpu_physical_memory_write(addr, s->dma_buf, count);
477
    }
478
    s->current_dma_len -= count;
479
    if (s->current_dma_len == 0) {
480
        s->dma_buf = NULL;
481
        if (out) {
482
            /* Write the data.  */
483
            scsi_write_data(s->current_dev, s->current_tag);
484
        } else {
485
            /* Request any remaining data.  */
486
            scsi_read_data(s->current_dev, s->current_tag);
487
        }
488
    } else {
489
        s->dma_buf += count;
490
        lsi_resume_script(s);
491
    }
492
}
493

    
494

    
495
/* Add a command to the queue.  */
496
static void lsi_queue_command(LSIState *s)
497
{
498
    lsi_queue *p;
499

    
500
    DPRINTF("Queueing tag=0x%x\n", s->current_tag);
501
    if (s->queue_len == s->active_commands) {
502
        s->queue_len++;
503
        s->queue = realloc(s->queue, s->queue_len * sizeof(lsi_queue));
504
    }
505
    p = &s->queue[s->active_commands++];
506
    p->tag = s->current_tag;
507
    p->pending = 0;
508
    p->out = (s->sstat1 & PHASE_MASK) == PHASE_DO;
509
}
510

    
511
/* Queue a byte for a MSG IN phase.  */
512
static void lsi_add_msg_byte(LSIState *s, uint8_t data)
513
{
514
    if (s->msg_len >= LSI_MAX_MSGIN_LEN) {
515
        BADF("MSG IN data too long\n");
516
    } else {
517
        DPRINTF("MSG IN 0x%02x\n", data);
518
        s->msg[s->msg_len++] = data;
519
    }
520
}
521

    
522
/* Perform reselection to continue a command.  */
523
static void lsi_reselect(LSIState *s, uint32_t tag)
524
{
525
    lsi_queue *p;
526
    int n;
527
    int id;
528

    
529
    p = NULL;
530
    for (n = 0; n < s->active_commands; n++) {
531
        p = &s->queue[n];
532
        if (p->tag == tag)
533
            break;
534
    }
535
    if (n == s->active_commands) {
536
        BADF("Reselected non-existant command tag=0x%x\n", tag);
537
        return;
538
    }
539
    id = (tag >> 8) & 0xf;
540
    s->ssid = id | 0x80;
541
    DPRINTF("Reselected target %d\n", id);
542
    s->current_dev = s->scsi_dev[id];
543
    s->current_tag = tag;
544
    s->scntl1 |= LSI_SCNTL1_CON;
545
    lsi_set_phase(s, PHASE_MI);
546
    s->msg_action = p->out ? 2 : 3;
547
    s->current_dma_len = p->pending;
548
    s->dma_buf = NULL;
549
    lsi_add_msg_byte(s, 0x80);
550
    if (s->current_tag & LSI_TAG_VALID) {
551
        lsi_add_msg_byte(s, 0x20);
552
        lsi_add_msg_byte(s, tag & 0xff);
553
    }
554

    
555
    s->active_commands--;
556
    if (n != s->active_commands) {
557
        s->queue[n] = s->queue[s->active_commands];
558
    }
559
}
560

    
561
/* Record that data is available for a queued command.  Returns zero if
562
   the device was reselected, nonzero if the IO is deferred.  */
563
static int lsi_queue_tag(LSIState *s, uint32_t tag, uint32_t arg)
564
{
565
    lsi_queue *p;
566
    int i;
567
    for (i = 0; i < s->active_commands; i++) {
568
        p = &s->queue[i];
569
        if (p->tag == tag) {
570
            if (p->pending) {
571
                BADF("Multiple IO pending for tag %d\n", tag);
572
            }
573
            p->pending = arg;
574
            if (s->waiting == 1) {
575
                /* Reselect device.  */
576
                lsi_reselect(s, tag);
577
                return 0;
578
            } else {
579
               DPRINTF("Queueing IO tag=0x%x\n", tag);
580
                p->pending = arg;
581
                return 1;
582
            }
583
        }
584
    }
585
    BADF("IO with unknown tag %d\n", tag);
586
    return 1;
587
}
588

    
589
/* Callback to indicate that the SCSI layer has completed a transfer.  */
590
static void lsi_command_complete(void *opaque, int reason, uint32_t tag,
591
                                 uint32_t arg)
592
{
593
    LSIState *s = (LSIState *)opaque;
594
    int out;
595

    
596
    out = (s->sstat1 & PHASE_MASK) == PHASE_DO;
597
    if (reason == SCSI_REASON_DONE) {
598
        DPRINTF("Command complete sense=%d\n", (int)arg);
599
        s->sense = arg;
600
        if (s->waiting && s->dbc != 0) {
601
            /* Raise phase mismatch for short transfers.  */
602
            lsi_bad_phase(s, out, PHASE_ST);
603
        } else {
604
            lsi_set_phase(s, PHASE_ST);
605
        }
606
        lsi_resume_script(s);
607
        return;
608
    }
609

    
610
    if (s->waiting == 1 || tag != s->current_tag) {
611
        if (lsi_queue_tag(s, tag, arg))
612
            return;
613
    }
614
    DPRINTF("Data ready tag=0x%x len=%d\n", tag, arg);
615
    s->current_dma_len = arg;
616
    if (!s->waiting)
617
        return;
618
    if (s->waiting == 1 || s->dbc == 0) {
619
        lsi_resume_script(s);
620
    } else {
621
        lsi_do_dma(s, out);
622
    }
623
}
624

    
625
static void lsi_do_command(LSIState *s)
626
{
627
    uint8_t buf[16];
628
    int n;
629

    
630
    DPRINTF("Send command len=%d\n", s->dbc);
631
    if (s->dbc > 16)
632
        s->dbc = 16;
633
    cpu_physical_memory_read(s->dnad, buf, s->dbc);
634
    s->sfbr = buf[0];
635
    n = scsi_send_command(s->current_dev, s->current_tag, buf, s->current_lun);
636
    if (n > 0) {
637
        lsi_set_phase(s, PHASE_DI);
638
        scsi_read_data(s->current_dev, s->current_tag);
639
    } else if (n < 0) {
640
        lsi_set_phase(s, PHASE_DO);
641
        scsi_write_data(s->current_dev, s->current_tag);
642
    }
643
    if (n && s->current_dma_len == 0) {
644
        /* Command did not complete immediately so disconnect.  */
645
        lsi_add_msg_byte(s, 2); /* SAVE DATA POINTER */
646
        lsi_add_msg_byte(s, 4); /* DISCONNECT */
647
        lsi_set_phase(s, PHASE_MI);
648
        s->msg_action = 1;
649
        lsi_queue_command(s);
650
    }
651
}
652

    
653
static void lsi_do_status(LSIState *s)
654
{
655
    uint8_t sense;
656
    DPRINTF("Get status len=%d sense=%d\n", s->dbc, s->sense);
657
    if (s->dbc != 1)
658
        BADF("Bad Status move\n");
659
    s->dbc = 1;
660
    sense = s->sense;
661
    s->sfbr = sense;
662
    cpu_physical_memory_write(s->dnad, &sense, 1);
663
    lsi_set_phase(s, PHASE_MI);
664
    s->msg_action = 1;
665
    lsi_add_msg_byte(s, 0); /* COMMAND COMPLETE */
666
}
667

    
668
static void lsi_disconnect(LSIState *s)
669
{
670
    s->scntl1 &= ~LSI_SCNTL1_CON;
671
    s->sstat1 &= ~PHASE_MASK;
672
}
673

    
674
static void lsi_do_msgin(LSIState *s)
675
{
676
    int len;
677
    DPRINTF("Message in len=%d/%d\n", s->dbc, s->msg_len);
678
    s->sfbr = s->msg[0];
679
    len = s->msg_len;
680
    if (len > s->dbc)
681
        len = s->dbc;
682
    cpu_physical_memory_write(s->dnad, s->msg, len);
683
    /* Linux drivers rely on the last byte being in the SIDL.  */
684
    s->sidl = s->msg[len - 1];
685
    s->msg_len -= len;
686
    if (s->msg_len) {
687
        memmove(s->msg, s->msg + len, s->msg_len);
688
    } else {
689
        /* ??? Check if ATN (not yet implemented) is asserted and maybe
690
           switch to PHASE_MO.  */
691
        switch (s->msg_action) {
692
        case 0:
693
            lsi_set_phase(s, PHASE_CMD);
694
            break;
695
        case 1:
696
            lsi_disconnect(s);
697
            break;
698
        case 2:
699
            lsi_set_phase(s, PHASE_DO);
700
            break;
701
        case 3:
702
            lsi_set_phase(s, PHASE_DI);
703
            break;
704
        default:
705
            abort();
706
        }
707
    }
708
}
709

    
710
/* Read the next byte during a MSGOUT phase.  */
711
static uint8_t lsi_get_msgbyte(LSIState *s)
712
{
713
    uint8_t data;
714
    cpu_physical_memory_read(s->dnad, &data, 1);
715
    s->dnad++;
716
    s->dbc--;
717
    return data;
718
}
719

    
720
static void lsi_do_msgout(LSIState *s)
721
{
722
    uint8_t msg;
723
    int len;
724

    
725
    DPRINTF("MSG out len=%d\n", s->dbc);
726
    while (s->dbc) {
727
        msg = lsi_get_msgbyte(s);
728
        s->sfbr = msg;
729

    
730
        switch (msg) {
731
        case 0x00:
732
            DPRINTF("MSG: Disconnect\n");
733
            lsi_disconnect(s);
734
            break;
735
        case 0x08:
736
            DPRINTF("MSG: No Operation\n");
737
            lsi_set_phase(s, PHASE_CMD);
738
            break;
739
        case 0x01:
740
            len = lsi_get_msgbyte(s);
741
            msg = lsi_get_msgbyte(s);
742
            DPRINTF("Extended message 0x%x (len %d)\n", msg, len);
743
            switch (msg) {
744
            case 1:
745
                DPRINTF("SDTR (ignored)\n");
746
                s->dbc -= 2;
747
                break;
748
            case 3:
749
                DPRINTF("WDTR (ignored)\n");
750
                s->dbc -= 1;
751
                break;
752
            default:
753
                goto bad;
754
            }
755
            break;
756
        case 0x20: /* SIMPLE queue */
757
            s->current_tag |= lsi_get_msgbyte(s) | LSI_TAG_VALID;
758
            DPRINTF("SIMPLE queue tag=0x%x\n", s->current_tag & 0xff);
759
            break;
760
        case 0x21: /* HEAD of queue */
761
            BADF("HEAD queue not implemented\n");
762
            s->current_tag |= lsi_get_msgbyte(s) | LSI_TAG_VALID;
763
            break;
764
        case 0x22: /* ORDERED queue */
765
            BADF("ORDERED queue not implemented\n");
766
            s->current_tag |= lsi_get_msgbyte(s) | LSI_TAG_VALID;
767
            break;
768
        default:
769
            if ((msg & 0x80) == 0) {
770
                goto bad;
771
            }
772
            s->current_lun = msg & 7;
773
            DPRINTF("Select LUN %d\n", s->current_lun);
774
            lsi_set_phase(s, PHASE_CMD);
775
            break;
776
        }
777
    }
778
    return;
779
bad:
780
    BADF("Unimplemented message 0x%02x\n", msg);
781
    lsi_set_phase(s, PHASE_MI);
782
    lsi_add_msg_byte(s, 7); /* MESSAGE REJECT */
783
    s->msg_action = 0;
784
}
785

    
786
/* Sign extend a 24-bit value.  */
787
static inline int32_t sxt24(int32_t n)
788
{
789
    return (n << 8) >> 8;
790
}
791

    
792
static void lsi_memcpy(LSIState *s, uint32_t dest, uint32_t src, int count)
793
{
794
    int n;
795
    uint8_t buf[TARGET_PAGE_SIZE];
796

    
797
    DPRINTF("memcpy dest 0x%08x src 0x%08x count %d\n", dest, src, count);
798
    while (count) {
799
        n = (count > TARGET_PAGE_SIZE) ? TARGET_PAGE_SIZE : count;
800
        cpu_physical_memory_read(src, buf, n);
801
        cpu_physical_memory_write(dest, buf, n);
802
        src += n;
803
        dest += n;
804
        count -= n;
805
    }
806
}
807

    
808
static void lsi_wait_reselect(LSIState *s)
809
{
810
    int i;
811
    DPRINTF("Wait Reselect\n");
812
    if (s->current_dma_len)
813
        BADF("Reselect with pending DMA\n");
814
    for (i = 0; i < s->active_commands; i++) {
815
        if (s->queue[i].pending) {
816
            lsi_reselect(s, s->queue[i].tag);
817
            break;
818
        }
819
    }
820
    if (s->current_dma_len == 0) {
821
        s->waiting = 1;
822
    }
823
}
824

    
825
static void lsi_execute_script(LSIState *s)
826
{
827
    uint32_t insn;
828
    uint32_t addr;
829
    int opcode;
830

    
831
    s->istat1 |= LSI_ISTAT1_SRUN;
832
again:
833
    insn = read_dword(s, s->dsp);
834
    addr = read_dword(s, s->dsp + 4);
835
    DPRINTF("SCRIPTS dsp=%08x opcode %08x arg %08x\n", s->dsp, insn, addr);
836
    s->dsps = addr;
837
    s->dcmd = insn >> 24;
838
    s->dsp += 8;
839
    switch (insn >> 30) {
840
    case 0: /* Block move.  */
841
        if (s->sist1 & LSI_SIST1_STO) {
842
            DPRINTF("Delayed select timeout\n");
843
            lsi_stop_script(s);
844
            break;
845
        }
846
        s->dbc = insn & 0xffffff;
847
        s->rbc = s->dbc;
848
        if (insn & (1 << 29)) {
849
            /* Indirect addressing.  */
850
            addr = read_dword(s, addr);
851
        } else if (insn & (1 << 28)) {
852
            uint32_t buf[2];
853
            int32_t offset;
854
            /* Table indirect addressing.  */
855
            offset = sxt24(addr);
856
            cpu_physical_memory_read(s->dsa + offset, (uint8_t *)buf, 8);
857
            s->dbc = cpu_to_le32(buf[0]);
858
            s->rbc = s->dbc;
859
            addr = cpu_to_le32(buf[1]);
860
        }
861
        if ((s->sstat1 & PHASE_MASK) != ((insn >> 24) & 7)) {
862
            DPRINTF("Wrong phase got %d expected %d\n",
863
                    s->sstat1 & PHASE_MASK, (insn >> 24) & 7);
864
            lsi_script_scsi_interrupt(s, LSI_SIST0_MA, 0);
865
            break;
866
        }
867
        s->dnad = addr;
868
        /* ??? Set ESA.  */
869
        s->ia = s->dsp - 8;
870
        switch (s->sstat1 & 0x7) {
871
        case PHASE_DO:
872
            s->waiting = 2;
873
            lsi_do_dma(s, 1);
874
            if (s->waiting)
875
                s->waiting = 3;
876
            break;
877
        case PHASE_DI:
878
            s->waiting = 2;
879
            lsi_do_dma(s, 0);
880
            if (s->waiting)
881
                s->waiting = 3;
882
            break;
883
        case PHASE_CMD:
884
            lsi_do_command(s);
885
            break;
886
        case PHASE_ST:
887
            lsi_do_status(s);
888
            break;
889
        case PHASE_MO:
890
            lsi_do_msgout(s);
891
            break;
892
        case PHASE_MI:
893
            lsi_do_msgin(s);
894
            break;
895
        default:
896
            BADF("Unimplemented phase %d\n", s->sstat1 & PHASE_MASK);
897
            exit(1);
898
        }
899
        s->dfifo = s->dbc & 0xff;
900
        s->ctest5 = (s->ctest5 & 0xfc) | ((s->dbc >> 8) & 3);
901
        s->sbc = s->dbc;
902
        s->rbc -= s->dbc;
903
        s->ua = addr + s->dbc;
904
        break;
905

    
906
    case 1: /* IO or Read/Write instruction.  */
907
        opcode = (insn >> 27) & 7;
908
        if (opcode < 5) {
909
            uint32_t id;
910

    
911
            if (insn & (1 << 25)) {
912
                id = read_dword(s, s->dsa + sxt24(insn));
913
            } else {
914
                id = addr;
915
            }
916
            id = (id >> 16) & 0xf;
917
            if (insn & (1 << 26)) {
918
                addr = s->dsp + sxt24(addr);
919
            }
920
            s->dnad = addr;
921
            switch (opcode) {
922
            case 0: /* Select */
923
                s->sdid = id;
924
                if (s->current_dma_len && (s->ssid & 0xf) == id) {
925
                    DPRINTF("Already reselected by target %d\n", id);
926
                    break;
927
                }
928
                s->sstat0 |= LSI_SSTAT0_WOA;
929
                s->scntl1 &= ~LSI_SCNTL1_IARB;
930
                if (id >= LSI_MAX_DEVS || !s->scsi_dev[id]) {
931
                    DPRINTF("Selected absent target %d\n", id);
932
                    lsi_script_scsi_interrupt(s, 0, LSI_SIST1_STO);
933
                    lsi_disconnect(s);
934
                    break;
935
                }
936
                DPRINTF("Selected target %d%s\n",
937
                        id, insn & (1 << 3) ? " ATN" : "");
938
                /* ??? Linux drivers compain when this is set.  Maybe
939
                   it only applies in low-level mode (unimplemented).
940
                lsi_script_scsi_interrupt(s, LSI_SIST0_CMP, 0); */
941
                s->current_dev = s->scsi_dev[id];
942
                s->current_tag = id << 8;
943
                s->scntl1 |= LSI_SCNTL1_CON;
944
                if (insn & (1 << 3)) {
945
                    s->socl |= LSI_SOCL_ATN;
946
                }
947
                lsi_set_phase(s, PHASE_MO);
948
                break;
949
            case 1: /* Disconnect */
950
                DPRINTF("Wait Disconect\n");
951
                s->scntl1 &= ~LSI_SCNTL1_CON;
952
                break;
953
            case 2: /* Wait Reselect */
954
                lsi_wait_reselect(s);
955
                break;
956
            case 3: /* Set */
957
                DPRINTF("Set%s%s%s%s\n",
958
                        insn & (1 << 3) ? " ATN" : "",
959
                        insn & (1 << 6) ? " ACK" : "",
960
                        insn & (1 << 9) ? " TM" : "",
961
                        insn & (1 << 10) ? " CC" : "");
962
                if (insn & (1 << 3)) {
963
                    s->socl |= LSI_SOCL_ATN;
964
                    lsi_set_phase(s, PHASE_MO);
965
                }
966
                if (insn & (1 << 9)) {
967
                    BADF("Target mode not implemented\n");
968
                    exit(1);
969
                }
970
                if (insn & (1 << 10))
971
                    s->carry = 1;
972
                break;
973
            case 4: /* Clear */
974
                DPRINTF("Clear%s%s%s%s\n",
975
                        insn & (1 << 3) ? " ATN" : "",
976
                        insn & (1 << 6) ? " ACK" : "",
977
                        insn & (1 << 9) ? " TM" : "",
978
                        insn & (1 << 10) ? " CC" : "");
979
                if (insn & (1 << 3)) {
980
                    s->socl &= ~LSI_SOCL_ATN;
981
                }
982
                if (insn & (1 << 10))
983
                    s->carry = 0;
984
                break;
985
            }
986
        } else {
987
            uint8_t op0;
988
            uint8_t op1;
989
            uint8_t data8;
990
            int reg;
991
            int operator;
992
#ifdef DEBUG_LSI
993
            static const char *opcode_names[3] =
994
                {"Write", "Read", "Read-Modify-Write"};
995
            static const char *operator_names[8] =
996
                {"MOV", "SHL", "OR", "XOR", "AND", "SHR", "ADD", "ADC"};
997
#endif
998

    
999
            reg = ((insn >> 16) & 0x7f) | (insn & 0x80);
1000
            data8 = (insn >> 8) & 0xff;
1001
            opcode = (insn >> 27) & 7;
1002
            operator = (insn >> 24) & 7;
1003
            DPRINTF("%s reg 0x%x %s data8=0x%02x sfbr=0x%02x%s\n",
1004
                    opcode_names[opcode - 5], reg,
1005
                    operator_names[operator], data8, s->sfbr,
1006
                    (insn & (1 << 23)) ? " SFBR" : "");
1007
            op0 = op1 = 0;
1008
            switch (opcode) {
1009
            case 5: /* From SFBR */
1010
                op0 = s->sfbr;
1011
                op1 = data8;
1012
                break;
1013
            case 6: /* To SFBR */
1014
                if (operator)
1015
                    op0 = lsi_reg_readb(s, reg);
1016
                op1 = data8;
1017
                break;
1018
            case 7: /* Read-modify-write */
1019
                if (operator)
1020
                    op0 = lsi_reg_readb(s, reg);
1021
                if (insn & (1 << 23)) {
1022
                    op1 = s->sfbr;
1023
                } else {
1024
                    op1 = data8;
1025
                }
1026
                break;
1027
            }
1028

    
1029
            switch (operator) {
1030
            case 0: /* move */
1031
                op0 = op1;
1032
                break;
1033
            case 1: /* Shift left */
1034
                op1 = op0 >> 7;
1035
                op0 = (op0 << 1) | s->carry;
1036
                s->carry = op1;
1037
                break;
1038
            case 2: /* OR */
1039
                op0 |= op1;
1040
                break;
1041
            case 3: /* XOR */
1042
                op0 ^= op1;
1043
                break;
1044
            case 4: /* AND */
1045
                op0 &= op1;
1046
                break;
1047
            case 5: /* SHR */
1048
                op1 = op0 & 1;
1049
                op0 = (op0 >> 1) | (s->carry << 7);
1050
                s->carry = op1;
1051
                break;
1052
            case 6: /* ADD */
1053
                op0 += op1;
1054
                s->carry = op0 < op1;
1055
                break;
1056
            case 7: /* ADC */
1057
                op0 += op1 + s->carry;
1058
                if (s->carry)
1059
                    s->carry = op0 <= op1;
1060
                else
1061
                    s->carry = op0 < op1;
1062
                break;
1063
            }
1064

    
1065
            switch (opcode) {
1066
            case 5: /* From SFBR */
1067
            case 7: /* Read-modify-write */
1068
                lsi_reg_writeb(s, reg, op0);
1069
                break;
1070
            case 6: /* To SFBR */
1071
                s->sfbr = op0;
1072
                break;
1073
            }
1074
        }
1075
        break;
1076

    
1077
    case 2: /* Transfer Control.  */
1078
        {
1079
            int cond;
1080
            int jmp;
1081

    
1082
            if ((insn & 0x002e0000) == 0) {
1083
                DPRINTF("NOP\n");
1084
                break;
1085
            }
1086
            if (s->sist1 & LSI_SIST1_STO) {
1087
                DPRINTF("Delayed select timeout\n");
1088
                lsi_stop_script(s);
1089
                break;
1090
            }
1091
            cond = jmp = (insn & (1 << 19)) != 0;
1092
            if (cond == jmp && (insn & (1 << 21))) {
1093
                DPRINTF("Compare carry %d\n", s->carry == jmp);
1094
                cond = s->carry != 0;
1095
            }
1096
            if (cond == jmp && (insn & (1 << 17))) {
1097
                DPRINTF("Compare phase %d %c= %d\n",
1098
                        (s->sstat1 & PHASE_MASK),
1099
                        jmp ? '=' : '!',
1100
                        ((insn >> 24) & 7));
1101
                cond = (s->sstat1 & PHASE_MASK) == ((insn >> 24) & 7);
1102
            }
1103
            if (cond == jmp && (insn & (1 << 18))) {
1104
                uint8_t mask;
1105

    
1106
                mask = (~insn >> 8) & 0xff;
1107
                DPRINTF("Compare data 0x%x & 0x%x %c= 0x%x\n",
1108
                        s->sfbr, mask, jmp ? '=' : '!', insn & mask);
1109
                cond = (s->sfbr & mask) == (insn & mask);
1110
            }
1111
            if (cond == jmp) {
1112
                if (insn & (1 << 23)) {
1113
                    /* Relative address.  */
1114
                    addr = s->dsp + sxt24(addr);
1115
                }
1116
                switch ((insn >> 27) & 7) {
1117
                case 0: /* Jump */
1118
                    DPRINTF("Jump to 0x%08x\n", addr);
1119
                    s->dsp = addr;
1120
                    break;
1121
                case 1: /* Call */
1122
                    DPRINTF("Call 0x%08x\n", addr);
1123
                    s->temp = s->dsp;
1124
                    s->dsp = addr;
1125
                    break;
1126
                case 2: /* Return */
1127
                    DPRINTF("Return to 0x%08x\n", s->temp);
1128
                    s->dsp = s->temp;
1129
                    break;
1130
                case 3: /* Interrupt */
1131
                    DPRINTF("Interrupt 0x%08x\n", s->dsps);
1132
                    if ((insn & (1 << 20)) != 0) {
1133
                        s->istat0 |= LSI_ISTAT0_INTF;
1134
                        lsi_update_irq(s);
1135
                    } else {
1136
                        lsi_script_dma_interrupt(s, LSI_DSTAT_SIR);
1137
                    }
1138
                    break;
1139
                default:
1140
                    DPRINTF("Illegal transfer control\n");
1141
                    lsi_script_dma_interrupt(s, LSI_DSTAT_IID);
1142
                    break;
1143
                }
1144
            } else {
1145
                DPRINTF("Control condition failed\n");
1146
            }
1147
        }
1148
        break;
1149

    
1150
    case 3:
1151
        if ((insn & (1 << 29)) == 0) {
1152
            /* Memory move.  */
1153
            uint32_t dest;
1154
            /* ??? The docs imply the destination address is loaded into
1155
               the TEMP register.  However the Linux drivers rely on
1156
               the value being presrved.  */
1157
            dest = read_dword(s, s->dsp);
1158
            s->dsp += 4;
1159
            lsi_memcpy(s, dest, addr, insn & 0xffffff);
1160
        } else {
1161
            uint8_t data[7];
1162
            int reg;
1163
            int n;
1164
            int i;
1165

    
1166
            if (insn & (1 << 28)) {
1167
                addr = s->dsa + sxt24(addr);
1168
            }
1169
            n = (insn & 7);
1170
            reg = (insn >> 16) & 0xff;
1171
            if (insn & (1 << 24)) {
1172
                cpu_physical_memory_read(addr, data, n);
1173
                DPRINTF("Load reg 0x%x size %d addr 0x%08x = %08x\n", reg, n,
1174
                        addr, *(int *)data);
1175
                for (i = 0; i < n; i++) {
1176
                    lsi_reg_writeb(s, reg + i, data[i]);
1177
                }
1178
            } else {
1179
                DPRINTF("Store reg 0x%x size %d addr 0x%08x\n", reg, n, addr);
1180
                for (i = 0; i < n; i++) {
1181
                    data[i] = lsi_reg_readb(s, reg + i);
1182
                }
1183
                cpu_physical_memory_write(addr, data, n);
1184
            }
1185
        }
1186
    }
1187
    /* ??? Need to avoid infinite loops.  */
1188
    if (s->istat1 & LSI_ISTAT1_SRUN && !s->waiting) {
1189
        if (s->dcntl & LSI_DCNTL_SSM) {
1190
            lsi_script_dma_interrupt(s, LSI_DSTAT_SSI);
1191
        } else {
1192
            goto again;
1193
        }
1194
    }
1195
    DPRINTF("SCRIPTS execution stopped\n");
1196
}
1197

    
1198
static uint8_t lsi_reg_readb(LSIState *s, int offset)
1199
{
1200
    uint8_t tmp;
1201
#define CASE_GET_REG32(name, addr) \
1202
    case addr: return s->name & 0xff; \
1203
    case addr + 1: return (s->name >> 8) & 0xff; \
1204
    case addr + 2: return (s->name >> 16) & 0xff; \
1205
    case addr + 3: return (s->name >> 24) & 0xff;
1206

    
1207
#ifdef DEBUG_LSI_REG
1208
    DPRINTF("Read reg %x\n", offset);
1209
#endif
1210
    switch (offset) {
1211
    case 0x00: /* SCNTL0 */
1212
        return s->scntl0;
1213
    case 0x01: /* SCNTL1 */
1214
        return s->scntl1;
1215
    case 0x02: /* SCNTL2 */
1216
        return s->scntl2;
1217
    case 0x03: /* SCNTL3 */
1218
        return s->scntl3;
1219
    case 0x04: /* SCID */
1220
        return s->scid;
1221
    case 0x05: /* SXFER */
1222
        return s->sxfer;
1223
    case 0x06: /* SDID */
1224
        return s->sdid;
1225
    case 0x07: /* GPREG0 */
1226
        return 0x7f;
1227
    case 0xa: /* SSID */
1228
        return s->ssid;
1229
    case 0xb: /* SBCL */
1230
        /* ??? This is not correct. However it's (hopefully) only
1231
           used for diagnostics, so should be ok.  */
1232
        return 0;
1233
    case 0xc: /* DSTAT */
1234
        tmp = s->dstat | 0x80;
1235
        if ((s->istat0 & LSI_ISTAT0_INTF) == 0)
1236
            s->dstat = 0;
1237
        lsi_update_irq(s);
1238
        return tmp;
1239
    case 0x0d: /* SSTAT0 */
1240
        return s->sstat0;
1241
    case 0x0e: /* SSTAT1 */
1242
        return s->sstat1;
1243
    case 0x0f: /* SSTAT2 */
1244
        return s->scntl1 & LSI_SCNTL1_CON ? 0 : 2;
1245
    CASE_GET_REG32(dsa, 0x10)
1246
    case 0x14: /* ISTAT0 */
1247
        return s->istat0;
1248
    case 0x16: /* MBOX0 */
1249
        return s->mbox0;
1250
    case 0x17: /* MBOX1 */
1251
        return s->mbox1;
1252
    case 0x18: /* CTEST0 */
1253
        return 0xff;
1254
    case 0x19: /* CTEST1 */
1255
        return 0;
1256
    case 0x1a: /* CTEST2 */
1257
        tmp = LSI_CTEST2_DACK | LSI_CTEST2_CM;
1258
        if (s->istat0 & LSI_ISTAT0_SIGP) {
1259
            s->istat0 &= ~LSI_ISTAT0_SIGP;
1260
            tmp |= LSI_CTEST2_SIGP;
1261
        }
1262
        return tmp;
1263
    case 0x1b: /* CTEST3 */
1264
        return s->ctest3;
1265
    CASE_GET_REG32(temp, 0x1c)
1266
    case 0x20: /* DFIFO */
1267
        return 0;
1268
    case 0x21: /* CTEST4 */
1269
        return s->ctest4;
1270
    case 0x22: /* CTEST5 */
1271
        return s->ctest5;
1272
    case 0x24: /* DBC[0:7] */
1273
        return s->dbc & 0xff;
1274
    case 0x25: /* DBC[8:15] */
1275
        return (s->dbc >> 8) & 0xff;
1276
    case 0x26: /* DBC[16->23] */
1277
        return (s->dbc >> 16) & 0xff;
1278
    case 0x27: /* DCMD */
1279
        return s->dcmd;
1280
    CASE_GET_REG32(dsp, 0x2c)
1281
    CASE_GET_REG32(dsps, 0x30)
1282
    CASE_GET_REG32(scratch[0], 0x34)
1283
    case 0x38: /* DMODE */
1284
        return s->dmode;
1285
    case 0x39: /* DIEN */
1286
        return s->dien;
1287
    case 0x3b: /* DCNTL */
1288
        return s->dcntl;
1289
    case 0x40: /* SIEN0 */
1290
        return s->sien0;
1291
    case 0x41: /* SIEN1 */
1292
        return s->sien1;
1293
    case 0x42: /* SIST0 */
1294
        tmp = s->sist0;
1295
        s->sist0 = 0;
1296
        lsi_update_irq(s);
1297
        return tmp;
1298
    case 0x43: /* SIST1 */
1299
        tmp = s->sist1;
1300
        s->sist1 = 0;
1301
        lsi_update_irq(s);
1302
        return tmp;
1303
    case 0x47: /* GPCNTL0 */
1304
        return 0x0f;
1305
    case 0x48: /* STIME0 */
1306
        return s->stime0;
1307
    case 0x4a: /* RESPID0 */
1308
        return s->respid0;
1309
    case 0x4b: /* RESPID1 */
1310
        return s->respid1;
1311
    case 0x4d: /* STEST1 */
1312
        return s->stest1;
1313
    case 0x4e: /* STEST2 */
1314
        return s->stest2;
1315
    case 0x4f: /* STEST3 */
1316
        return s->stest3;
1317
    case 0x50: /* SIDL */
1318
        /* This is needed by the linux drivers.  We currently only update it
1319
           during the MSG IN phase.  */
1320
        return s->sidl;
1321
    case 0x52: /* STEST4 */
1322
        return 0xe0;
1323
    case 0x56: /* CCNTL0 */
1324
        return s->ccntl0;
1325
    case 0x57: /* CCNTL1 */
1326
        return s->ccntl1;
1327
    case 0x58: /* SBDL */
1328
        /* Some drivers peek at the data bus during the MSG IN phase.  */
1329
        if ((s->sstat1 & PHASE_MASK) == PHASE_MI)
1330
            return s->msg[0];
1331
        return 0;
1332
    case 0x59: /* SBDL high */
1333
        return 0;
1334
    CASE_GET_REG32(mmrs, 0xa0)
1335
    CASE_GET_REG32(mmws, 0xa4)
1336
    CASE_GET_REG32(sfs, 0xa8)
1337
    CASE_GET_REG32(drs, 0xac)
1338
    CASE_GET_REG32(sbms, 0xb0)
1339
    CASE_GET_REG32(dmbs, 0xb4)
1340
    CASE_GET_REG32(dnad64, 0xb8)
1341
    CASE_GET_REG32(pmjad1, 0xc0)
1342
    CASE_GET_REG32(pmjad2, 0xc4)
1343
    CASE_GET_REG32(rbc, 0xc8)
1344
    CASE_GET_REG32(ua, 0xcc)
1345
    CASE_GET_REG32(ia, 0xd4)
1346
    CASE_GET_REG32(sbc, 0xd8)
1347
    CASE_GET_REG32(csbc, 0xdc)
1348
    }
1349
    if (offset >= 0x5c && offset < 0xa0) {
1350
        int n;
1351
        int shift;
1352
        n = (offset - 0x58) >> 2;
1353
        shift = (offset & 3) * 8;
1354
        return (s->scratch[n] >> shift) & 0xff;
1355
    }
1356
    BADF("readb 0x%x\n", offset);
1357
    exit(1);
1358
#undef CASE_GET_REG32
1359
}
1360

    
1361
static void lsi_reg_writeb(LSIState *s, int offset, uint8_t val)
1362
{
1363
#define CASE_SET_REG32(name, addr) \
1364
    case addr    : s->name &= 0xffffff00; s->name |= val;       break; \
1365
    case addr + 1: s->name &= 0xffff00ff; s->name |= val << 8;  break; \
1366
    case addr + 2: s->name &= 0xff00ffff; s->name |= val << 16; break; \
1367
    case addr + 3: s->name &= 0x00ffffff; s->name |= val << 24; break;
1368

    
1369
#ifdef DEBUG_LSI_REG
1370
    DPRINTF("Write reg %x = %02x\n", offset, val);
1371
#endif
1372
    switch (offset) {
1373
    case 0x00: /* SCNTL0 */
1374
        s->scntl0 = val;
1375
        if (val & LSI_SCNTL0_START) {
1376
            BADF("Start sequence not implemented\n");
1377
        }
1378
        break;
1379
    case 0x01: /* SCNTL1 */
1380
        s->scntl1 = val & ~LSI_SCNTL1_SST;
1381
        if (val & LSI_SCNTL1_IARB) {
1382
            BADF("Immediate Arbritration not implemented\n");
1383
        }
1384
        if (val & LSI_SCNTL1_RST) {
1385
            s->sstat0 |= LSI_SSTAT0_RST;
1386
            lsi_script_scsi_interrupt(s, LSI_SIST0_RST, 0);
1387
        } else {
1388
            s->sstat0 &= ~LSI_SSTAT0_RST;
1389
        }
1390
        break;
1391
    case 0x02: /* SCNTL2 */
1392
        val &= ~(LSI_SCNTL2_WSR | LSI_SCNTL2_WSS);
1393
        s->scntl2 = val;
1394
        break;
1395
    case 0x03: /* SCNTL3 */
1396
        s->scntl3 = val;
1397
        break;
1398
    case 0x04: /* SCID */
1399
        s->scid = val;
1400
        break;
1401
    case 0x05: /* SXFER */
1402
        s->sxfer = val;
1403
        break;
1404
    case 0x06: /* SDID */
1405
        if ((val & 0xf) != (s->ssid & 0xf))
1406
            BADF("Destination ID does not match SSID\n");
1407
        s->sdid = val & 0xf;
1408
        break;
1409
    case 0x07: /* GPREG0 */
1410
        break;
1411
    case 0x08: /* SFBR */
1412
        /* The CPU is not allowed to write to this register.  However the
1413
           SCRIPTS register move instructions are.  */
1414
        s->sfbr = val;
1415
        break;
1416
    case 0x0c: case 0x0d: case 0x0e: case 0x0f:
1417
        /* Linux writes to these readonly registers on startup.  */
1418
        return;
1419
    CASE_SET_REG32(dsa, 0x10)
1420
    case 0x14: /* ISTAT0 */
1421
        s->istat0 = (s->istat0 & 0x0f) | (val & 0xf0);
1422
        if (val & LSI_ISTAT0_ABRT) {
1423
            lsi_script_dma_interrupt(s, LSI_DSTAT_ABRT);
1424
        }
1425
        if (val & LSI_ISTAT0_INTF) {
1426
            s->istat0 &= ~LSI_ISTAT0_INTF;
1427
            lsi_update_irq(s);
1428
        }
1429
        if (s->waiting == 1 && val & LSI_ISTAT0_SIGP) {
1430
            DPRINTF("Woken by SIGP\n");
1431
            s->waiting = 0;
1432
            s->dsp = s->dnad;
1433
            lsi_execute_script(s);
1434
        }
1435
        if (val & LSI_ISTAT0_SRST) {
1436
            lsi_soft_reset(s);
1437
        }
1438
        break;
1439
    case 0x16: /* MBOX0 */
1440
        s->mbox0 = val;
1441
        break;
1442
    case 0x17: /* MBOX1 */
1443
        s->mbox1 = val;
1444
        break;
1445
    case 0x1b: /* CTEST3 */
1446
        s->ctest3 = val & 0x0f;
1447
        break;
1448
    CASE_SET_REG32(temp, 0x1c)
1449
    case 0x21: /* CTEST4 */
1450
        if (val & 7) {
1451
           BADF("Unimplemented CTEST4-FBL 0x%x\n", val);
1452
        }
1453
        s->ctest4 = val;
1454
        break;
1455
    case 0x22: /* CTEST5 */
1456
        if (val & (LSI_CTEST5_ADCK | LSI_CTEST5_BBCK)) {
1457
            BADF("CTEST5 DMA increment not implemented\n");
1458
        }
1459
        s->ctest5 = val;
1460
        break;
1461
    case 0x2c: /* DSP[0:7] */
1462
        s->dsp &= 0xffffff00;
1463
        s->dsp |= val;
1464
        break;
1465
    case 0x2d: /* DSP[8:15] */
1466
        s->dsp &= 0xffff00ff;
1467
        s->dsp |= val << 8;
1468
        break;
1469
    case 0x2e: /* DSP[16:23] */
1470
        s->dsp &= 0xff00ffff;
1471
        s->dsp |= val << 16;
1472
        break;
1473
    case 0x2f: /* DSP[24:31] */
1474
        s->dsp &= 0x00ffffff;
1475
        s->dsp |= val << 24;
1476
        if ((s->dmode & LSI_DMODE_MAN) == 0
1477
            && (s->istat1 & LSI_ISTAT1_SRUN) == 0)
1478
            lsi_execute_script(s);
1479
        break;
1480
    CASE_SET_REG32(dsps, 0x30)
1481
    CASE_SET_REG32(scratch[0], 0x34)
1482
    case 0x38: /* DMODE */
1483
        if (val & (LSI_DMODE_SIOM | LSI_DMODE_DIOM)) {
1484
            BADF("IO mappings not implemented\n");
1485
        }
1486
        s->dmode = val;
1487
        break;
1488
    case 0x39: /* DIEN */
1489
        s->dien = val;
1490
        lsi_update_irq(s);
1491
        break;
1492
    case 0x3b: /* DCNTL */
1493
        s->dcntl = val & ~(LSI_DCNTL_PFF | LSI_DCNTL_STD);
1494
        if ((val & LSI_DCNTL_STD) && (s->istat1 & LSI_ISTAT1_SRUN) == 0)
1495
            lsi_execute_script(s);
1496
        break;
1497
    case 0x40: /* SIEN0 */
1498
        s->sien0 = val;
1499
        lsi_update_irq(s);
1500
        break;
1501
    case 0x41: /* SIEN1 */
1502
        s->sien1 = val;
1503
        lsi_update_irq(s);
1504
        break;
1505
    case 0x47: /* GPCNTL0 */
1506
        break;
1507
    case 0x48: /* STIME0 */
1508
        s->stime0 = val;
1509
        break;
1510
    case 0x49: /* STIME1 */
1511
        if (val & 0xf) {
1512
            DPRINTF("General purpose timer not implemented\n");
1513
            /* ??? Raising the interrupt immediately seems to be sufficient
1514
               to keep the FreeBSD driver happy.  */
1515
            lsi_script_scsi_interrupt(s, 0, LSI_SIST1_GEN);
1516
        }
1517
        break;
1518
    case 0x4a: /* RESPID0 */
1519
        s->respid0 = val;
1520
        break;
1521
    case 0x4b: /* RESPID1 */
1522
        s->respid1 = val;
1523
        break;
1524
    case 0x4d: /* STEST1 */
1525
        s->stest1 = val;
1526
        break;
1527
    case 0x4e: /* STEST2 */
1528
        if (val & 1) {
1529
            BADF("Low level mode not implemented\n");
1530
        }
1531
        s->stest2 = val;
1532
        break;
1533
    case 0x4f: /* STEST3 */
1534
        if (val & 0x41) {
1535
            BADF("SCSI FIFO test mode not implemented\n");
1536
        }
1537
        s->stest3 = val;
1538
        break;
1539
    case 0x56: /* CCNTL0 */
1540
        s->ccntl0 = val;
1541
        break;
1542
    case 0x57: /* CCNTL1 */
1543
        s->ccntl1 = val;
1544
        break;
1545
    CASE_SET_REG32(mmrs, 0xa0)
1546
    CASE_SET_REG32(mmws, 0xa4)
1547
    CASE_SET_REG32(sfs, 0xa8)
1548
    CASE_SET_REG32(drs, 0xac)
1549
    CASE_SET_REG32(sbms, 0xb0)
1550
    CASE_SET_REG32(dmbs, 0xb4)
1551
    CASE_SET_REG32(dnad64, 0xb8)
1552
    CASE_SET_REG32(pmjad1, 0xc0)
1553
    CASE_SET_REG32(pmjad2, 0xc4)
1554
    CASE_SET_REG32(rbc, 0xc8)
1555
    CASE_SET_REG32(ua, 0xcc)
1556
    CASE_SET_REG32(ia, 0xd4)
1557
    CASE_SET_REG32(sbc, 0xd8)
1558
    CASE_SET_REG32(csbc, 0xdc)
1559
    default:
1560
        if (offset >= 0x5c && offset < 0xa0) {
1561
            int n;
1562
            int shift;
1563
            n = (offset - 0x58) >> 2;
1564
            shift = (offset & 3) * 8;
1565
            s->scratch[n] &= ~(0xff << shift);
1566
            s->scratch[n] |= (val & 0xff) << shift;
1567
        } else {
1568
            BADF("Unhandled writeb 0x%x = 0x%x\n", offset, val);
1569
        }
1570
    }
1571
#undef CASE_SET_REG32
1572
}
1573

    
1574
static void lsi_mmio_writeb(void *opaque, target_phys_addr_t addr, uint32_t val)
1575
{
1576
    LSIState *s = (LSIState *)opaque;
1577

    
1578
    lsi_reg_writeb(s, addr & 0xff, val);
1579
}
1580

    
1581
static void lsi_mmio_writew(void *opaque, target_phys_addr_t addr, uint32_t val)
1582
{
1583
    LSIState *s = (LSIState *)opaque;
1584

    
1585
    addr &= 0xff;
1586
    lsi_reg_writeb(s, addr, val & 0xff);
1587
    lsi_reg_writeb(s, addr + 1, (val >> 8) & 0xff);
1588
}
1589

    
1590
static void lsi_mmio_writel(void *opaque, target_phys_addr_t addr, uint32_t val)
1591
{
1592
    LSIState *s = (LSIState *)opaque;
1593

    
1594
    addr &= 0xff;
1595
    lsi_reg_writeb(s, addr, val & 0xff);
1596
    lsi_reg_writeb(s, addr + 1, (val >> 8) & 0xff);
1597
    lsi_reg_writeb(s, addr + 2, (val >> 16) & 0xff);
1598
    lsi_reg_writeb(s, addr + 3, (val >> 24) & 0xff);
1599
}
1600

    
1601
static uint32_t lsi_mmio_readb(void *opaque, target_phys_addr_t addr)
1602
{
1603
    LSIState *s = (LSIState *)opaque;
1604

    
1605
    return lsi_reg_readb(s, addr & 0xff);
1606
}
1607

    
1608
static uint32_t lsi_mmio_readw(void *opaque, target_phys_addr_t addr)
1609
{
1610
    LSIState *s = (LSIState *)opaque;
1611
    uint32_t val;
1612

    
1613
    addr &= 0xff;
1614
    val = lsi_reg_readb(s, addr);
1615
    val |= lsi_reg_readb(s, addr + 1) << 8;
1616
    return val;
1617
}
1618

    
1619
static uint32_t lsi_mmio_readl(void *opaque, target_phys_addr_t addr)
1620
{
1621
    LSIState *s = (LSIState *)opaque;
1622
    uint32_t val;
1623
    addr &= 0xff;
1624
    val = lsi_reg_readb(s, addr);
1625
    val |= lsi_reg_readb(s, addr + 1) << 8;
1626
    val |= lsi_reg_readb(s, addr + 2) << 16;
1627
    val |= lsi_reg_readb(s, addr + 3) << 24;
1628
    return val;
1629
}
1630

    
1631
static CPUReadMemoryFunc *lsi_mmio_readfn[3] = {
1632
    lsi_mmio_readb,
1633
    lsi_mmio_readw,
1634
    lsi_mmio_readl,
1635
};
1636

    
1637
static CPUWriteMemoryFunc *lsi_mmio_writefn[3] = {
1638
    lsi_mmio_writeb,
1639
    lsi_mmio_writew,
1640
    lsi_mmio_writel,
1641
};
1642

    
1643
static void lsi_ram_writeb(void *opaque, target_phys_addr_t addr, uint32_t val)
1644
{
1645
    LSIState *s = (LSIState *)opaque;
1646
    uint32_t newval;
1647
    int shift;
1648

    
1649
    addr &= 0x1fff;
1650
    newval = s->script_ram[addr >> 2];
1651
    shift = (addr & 3) * 8;
1652
    newval &= ~(0xff << shift);
1653
    newval |= val << shift;
1654
    s->script_ram[addr >> 2] = newval;
1655
}
1656

    
1657
static void lsi_ram_writew(void *opaque, target_phys_addr_t addr, uint32_t val)
1658
{
1659
    LSIState *s = (LSIState *)opaque;
1660
    uint32_t newval;
1661

    
1662
    addr &= 0x1fff;
1663
    newval = s->script_ram[addr >> 2];
1664
    if (addr & 2) {
1665
        newval = (newval & 0xffff) | (val << 16);
1666
    } else {
1667
        newval = (newval & 0xffff0000) | val;
1668
    }
1669
    s->script_ram[addr >> 2] = newval;
1670
}
1671

    
1672

    
1673
static void lsi_ram_writel(void *opaque, target_phys_addr_t addr, uint32_t val)
1674
{
1675
    LSIState *s = (LSIState *)opaque;
1676

    
1677
    addr &= 0x1fff;
1678
    s->script_ram[addr >> 2] = val;
1679
}
1680

    
1681
static uint32_t lsi_ram_readb(void *opaque, target_phys_addr_t addr)
1682
{
1683
    LSIState *s = (LSIState *)opaque;
1684
    uint32_t val;
1685

    
1686
    addr &= 0x1fff;
1687
    val = s->script_ram[addr >> 2];
1688
    val >>= (addr & 3) * 8;
1689
    return val & 0xff;
1690
}
1691

    
1692
static uint32_t lsi_ram_readw(void *opaque, target_phys_addr_t addr)
1693
{
1694
    LSIState *s = (LSIState *)opaque;
1695
    uint32_t val;
1696

    
1697
    addr &= 0x1fff;
1698
    val = s->script_ram[addr >> 2];
1699
    if (addr & 2)
1700
        val >>= 16;
1701
    return le16_to_cpu(val);
1702
}
1703

    
1704
static uint32_t lsi_ram_readl(void *opaque, target_phys_addr_t addr)
1705
{
1706
    LSIState *s = (LSIState *)opaque;
1707

    
1708
    addr &= 0x1fff;
1709
    return le32_to_cpu(s->script_ram[addr >> 2]);
1710
}
1711

    
1712
static CPUReadMemoryFunc *lsi_ram_readfn[3] = {
1713
    lsi_ram_readb,
1714
    lsi_ram_readw,
1715
    lsi_ram_readl,
1716
};
1717

    
1718
static CPUWriteMemoryFunc *lsi_ram_writefn[3] = {
1719
    lsi_ram_writeb,
1720
    lsi_ram_writew,
1721
    lsi_ram_writel,
1722
};
1723

    
1724
static uint32_t lsi_io_readb(void *opaque, uint32_t addr)
1725
{
1726
    LSIState *s = (LSIState *)opaque;
1727
    return lsi_reg_readb(s, addr & 0xff);
1728
}
1729

    
1730
static uint32_t lsi_io_readw(void *opaque, uint32_t addr)
1731
{
1732
    LSIState *s = (LSIState *)opaque;
1733
    uint32_t val;
1734
    addr &= 0xff;
1735
    val = lsi_reg_readb(s, addr);
1736
    val |= lsi_reg_readb(s, addr + 1) << 8;
1737
    return val;
1738
}
1739

    
1740
static uint32_t lsi_io_readl(void *opaque, uint32_t addr)
1741
{
1742
    LSIState *s = (LSIState *)opaque;
1743
    uint32_t val;
1744
    addr &= 0xff;
1745
    val = lsi_reg_readb(s, addr);
1746
    val |= lsi_reg_readb(s, addr + 1) << 8;
1747
    val |= lsi_reg_readb(s, addr + 2) << 16;
1748
    val |= lsi_reg_readb(s, addr + 3) << 24;
1749
    return val;
1750
}
1751

    
1752
static void lsi_io_writeb(void *opaque, uint32_t addr, uint32_t val)
1753
{
1754
    LSIState *s = (LSIState *)opaque;
1755
    lsi_reg_writeb(s, addr & 0xff, val);
1756
}
1757

    
1758
static void lsi_io_writew(void *opaque, uint32_t addr, uint32_t val)
1759
{
1760
    LSIState *s = (LSIState *)opaque;
1761
    addr &= 0xff;
1762
    lsi_reg_writeb(s, addr, val & 0xff);
1763
    lsi_reg_writeb(s, addr + 1, (val >> 8) & 0xff);
1764
}
1765

    
1766
static void lsi_io_writel(void *opaque, uint32_t addr, uint32_t val)
1767
{
1768
    LSIState *s = (LSIState *)opaque;
1769
    addr &= 0xff;
1770
    lsi_reg_writeb(s, addr, val & 0xff);
1771
    lsi_reg_writeb(s, addr + 1, (val >> 8) & 0xff);
1772
    lsi_reg_writeb(s, addr + 2, (val >> 16) & 0xff);
1773
    lsi_reg_writeb(s, addr + 3, (val >> 24) & 0xff);
1774
}
1775

    
1776
static void lsi_io_mapfunc(PCIDevice *pci_dev, int region_num,
1777
                           uint32_t addr, uint32_t size, int type)
1778
{
1779
    LSIState *s = (LSIState *)pci_dev;
1780

    
1781
    DPRINTF("Mapping IO at %08x\n", addr);
1782

    
1783
    register_ioport_write(addr, 256, 1, lsi_io_writeb, s);
1784
    register_ioport_read(addr, 256, 1, lsi_io_readb, s);
1785
    register_ioport_write(addr, 256, 2, lsi_io_writew, s);
1786
    register_ioport_read(addr, 256, 2, lsi_io_readw, s);
1787
    register_ioport_write(addr, 256, 4, lsi_io_writel, s);
1788
    register_ioport_read(addr, 256, 4, lsi_io_readl, s);
1789
}
1790

    
1791
static void lsi_ram_mapfunc(PCIDevice *pci_dev, int region_num,
1792
                            uint32_t addr, uint32_t size, int type)
1793
{
1794
    LSIState *s = (LSIState *)pci_dev;
1795

    
1796
    DPRINTF("Mapping ram at %08x\n", addr);
1797
    s->script_ram_base = addr;
1798
    cpu_register_physical_memory(addr + 0, 0x2000, s->ram_io_addr);
1799
}
1800

    
1801
static void lsi_mmio_mapfunc(PCIDevice *pci_dev, int region_num,
1802
                             uint32_t addr, uint32_t size, int type)
1803
{
1804
    LSIState *s = (LSIState *)pci_dev;
1805

    
1806
    DPRINTF("Mapping registers at %08x\n", addr);
1807
    cpu_register_physical_memory(addr + 0, 0x400, s->mmio_io_addr);
1808
}
1809

    
1810
void lsi_scsi_attach(void *opaque, BlockDriverState *bd, int id)
1811
{
1812
    LSIState *s = (LSIState *)opaque;
1813

    
1814
    if (id < 0) {
1815
        for (id = 0; id < LSI_MAX_DEVS; id++) {
1816
            if (s->scsi_dev[id] == NULL)
1817
                break;
1818
        }
1819
    }
1820
    if (id >= LSI_MAX_DEVS) {
1821
        BADF("Bad Device ID %d\n", id);
1822
        return;
1823
    }
1824
    if (s->scsi_dev[id]) {
1825
        DPRINTF("Destroying device %d\n", id);
1826
        scsi_disk_destroy(s->scsi_dev[id]);
1827
    }
1828
    DPRINTF("Attaching block device %d\n", id);
1829
    s->scsi_dev[id] = scsi_disk_init(bd, 1, lsi_command_complete, s);
1830
}
1831

    
1832
void *lsi_scsi_init(PCIBus *bus, int devfn)
1833
{
1834
    LSIState *s;
1835

    
1836
    s = (LSIState *)pci_register_device(bus, "LSI53C895A SCSI HBA",
1837
                                        sizeof(*s), devfn, NULL, NULL);
1838
    if (s == NULL) {
1839
        fprintf(stderr, "lsi-scsi: Failed to register PCI device\n");
1840
        return NULL;
1841
    }
1842

    
1843
    s->pci_dev.config[0x00] = 0x00;
1844
    s->pci_dev.config[0x01] = 0x10;
1845
    s->pci_dev.config[0x02] = 0x12;
1846
    s->pci_dev.config[0x03] = 0x00;
1847
    s->pci_dev.config[0x0b] = 0x01;
1848
    s->pci_dev.config[0x3d] = 0x01; /* interrupt pin 1 */
1849

    
1850
    s->mmio_io_addr = cpu_register_io_memory(0, lsi_mmio_readfn,
1851
                                             lsi_mmio_writefn, s);
1852
    s->ram_io_addr = cpu_register_io_memory(0, lsi_ram_readfn,
1853
                                            lsi_ram_writefn, s);
1854

    
1855
    pci_register_io_region((struct PCIDevice *)s, 0, 256,
1856
                           PCI_ADDRESS_SPACE_IO, lsi_io_mapfunc);
1857
    pci_register_io_region((struct PCIDevice *)s, 1, 0x400,
1858
                           PCI_ADDRESS_SPACE_MEM, lsi_mmio_mapfunc);
1859
    pci_register_io_region((struct PCIDevice *)s, 2, 0x2000,
1860
                           PCI_ADDRESS_SPACE_MEM, lsi_ram_mapfunc);
1861
    s->queue = qemu_malloc(sizeof(lsi_queue));
1862
    s->queue_len = 1;
1863
    s->active_commands = 0;
1864

    
1865
    lsi_soft_reset(s);
1866

    
1867
    return s;
1868
}
1869