Statistics
| Branch: | Revision:

root / hw / lsi53c895a.c @ ad3376cc

History | View | Annotate | Download (65.3 kB)

1
/*
2
 * QEMU LSI53C895A SCSI Host Bus Adapter emulation
3
 *
4
 * Copyright (c) 2006 CodeSourcery.
5
 * Written by Paul Brook
6
 *
7
 * This code is licenced under the LGPL.
8
 */
9

    
10
/* ??? Need to check if the {read,write}[wl] routines work properly on
11
   big-endian targets.  */
12

    
13
#include <assert.h>
14

    
15
#include "hw.h"
16
#include "pci.h"
17
#include "scsi.h"
18
#include "block_int.h"
19

    
20
//#define DEBUG_LSI
21
//#define DEBUG_LSI_REG
22

    
23
#ifdef DEBUG_LSI
24
#define DPRINTF(fmt, ...) \
25
do { printf("lsi_scsi: " fmt , ## __VA_ARGS__); } while (0)
26
#define BADF(fmt, ...) \
27
do { fprintf(stderr, "lsi_scsi: error: " fmt , ## __VA_ARGS__); exit(1);} while (0)
28
#else
29
#define DPRINTF(fmt, ...) do {} while(0)
30
#define BADF(fmt, ...) \
31
do { fprintf(stderr, "lsi_scsi: error: " fmt , ## __VA_ARGS__);} while (0)
32
#endif
33

    
34
#define LSI_MAX_DEVS 7
35

    
36
#define LSI_SCNTL0_TRG    0x01
37
#define LSI_SCNTL0_AAP    0x02
38
#define LSI_SCNTL0_EPC    0x08
39
#define LSI_SCNTL0_WATN   0x10
40
#define LSI_SCNTL0_START  0x20
41

    
42
#define LSI_SCNTL1_SST    0x01
43
#define LSI_SCNTL1_IARB   0x02
44
#define LSI_SCNTL1_AESP   0x04
45
#define LSI_SCNTL1_RST    0x08
46
#define LSI_SCNTL1_CON    0x10
47
#define LSI_SCNTL1_DHP    0x20
48
#define LSI_SCNTL1_ADB    0x40
49
#define LSI_SCNTL1_EXC    0x80
50

    
51
#define LSI_SCNTL2_WSR    0x01
52
#define LSI_SCNTL2_VUE0   0x02
53
#define LSI_SCNTL2_VUE1   0x04
54
#define LSI_SCNTL2_WSS    0x08
55
#define LSI_SCNTL2_SLPHBEN 0x10
56
#define LSI_SCNTL2_SLPMD  0x20
57
#define LSI_SCNTL2_CHM    0x40
58
#define LSI_SCNTL2_SDU    0x80
59

    
60
#define LSI_ISTAT0_DIP    0x01
61
#define LSI_ISTAT0_SIP    0x02
62
#define LSI_ISTAT0_INTF   0x04
63
#define LSI_ISTAT0_CON    0x08
64
#define LSI_ISTAT0_SEM    0x10
65
#define LSI_ISTAT0_SIGP   0x20
66
#define LSI_ISTAT0_SRST   0x40
67
#define LSI_ISTAT0_ABRT   0x80
68

    
69
#define LSI_ISTAT1_SI     0x01
70
#define LSI_ISTAT1_SRUN   0x02
71
#define LSI_ISTAT1_FLSH   0x04
72

    
73
#define LSI_SSTAT0_SDP0   0x01
74
#define LSI_SSTAT0_RST    0x02
75
#define LSI_SSTAT0_WOA    0x04
76
#define LSI_SSTAT0_LOA    0x08
77
#define LSI_SSTAT0_AIP    0x10
78
#define LSI_SSTAT0_OLF    0x20
79
#define LSI_SSTAT0_ORF    0x40
80
#define LSI_SSTAT0_ILF    0x80
81

    
82
#define LSI_SIST0_PAR     0x01
83
#define LSI_SIST0_RST     0x02
84
#define LSI_SIST0_UDC     0x04
85
#define LSI_SIST0_SGE     0x08
86
#define LSI_SIST0_RSL     0x10
87
#define LSI_SIST0_SEL     0x20
88
#define LSI_SIST0_CMP     0x40
89
#define LSI_SIST0_MA      0x80
90

    
91
#define LSI_SIST1_HTH     0x01
92
#define LSI_SIST1_GEN     0x02
93
#define LSI_SIST1_STO     0x04
94
#define LSI_SIST1_SBMC    0x10
95

    
96
#define LSI_SOCL_IO       0x01
97
#define LSI_SOCL_CD       0x02
98
#define LSI_SOCL_MSG      0x04
99
#define LSI_SOCL_ATN      0x08
100
#define LSI_SOCL_SEL      0x10
101
#define LSI_SOCL_BSY      0x20
102
#define LSI_SOCL_ACK      0x40
103
#define LSI_SOCL_REQ      0x80
104

    
105
#define LSI_DSTAT_IID     0x01
106
#define LSI_DSTAT_SIR     0x04
107
#define LSI_DSTAT_SSI     0x08
108
#define LSI_DSTAT_ABRT    0x10
109
#define LSI_DSTAT_BF      0x20
110
#define LSI_DSTAT_MDPE    0x40
111
#define LSI_DSTAT_DFE     0x80
112

    
113
#define LSI_DCNTL_COM     0x01
114
#define LSI_DCNTL_IRQD    0x02
115
#define LSI_DCNTL_STD     0x04
116
#define LSI_DCNTL_IRQM    0x08
117
#define LSI_DCNTL_SSM     0x10
118
#define LSI_DCNTL_PFEN    0x20
119
#define LSI_DCNTL_PFF     0x40
120
#define LSI_DCNTL_CLSE    0x80
121

    
122
#define LSI_DMODE_MAN     0x01
123
#define LSI_DMODE_BOF     0x02
124
#define LSI_DMODE_ERMP    0x04
125
#define LSI_DMODE_ERL     0x08
126
#define LSI_DMODE_DIOM    0x10
127
#define LSI_DMODE_SIOM    0x20
128

    
129
#define LSI_CTEST2_DACK   0x01
130
#define LSI_CTEST2_DREQ   0x02
131
#define LSI_CTEST2_TEOP   0x04
132
#define LSI_CTEST2_PCICIE 0x08
133
#define LSI_CTEST2_CM     0x10
134
#define LSI_CTEST2_CIO    0x20
135
#define LSI_CTEST2_SIGP   0x40
136
#define LSI_CTEST2_DDIR   0x80
137

    
138
#define LSI_CTEST5_BL2    0x04
139
#define LSI_CTEST5_DDIR   0x08
140
#define LSI_CTEST5_MASR   0x10
141
#define LSI_CTEST5_DFSN   0x20
142
#define LSI_CTEST5_BBCK   0x40
143
#define LSI_CTEST5_ADCK   0x80
144

    
145
#define LSI_CCNTL0_DILS   0x01
146
#define LSI_CCNTL0_DISFC  0x10
147
#define LSI_CCNTL0_ENNDJ  0x20
148
#define LSI_CCNTL0_PMJCTL 0x40
149
#define LSI_CCNTL0_ENPMJ  0x80
150

    
151
#define LSI_CCNTL1_EN64DBMV  0x01
152
#define LSI_CCNTL1_EN64TIBMV 0x02
153
#define LSI_CCNTL1_64TIMOD   0x04
154
#define LSI_CCNTL1_DDAC      0x08
155
#define LSI_CCNTL1_ZMOD      0x80
156

    
157
/* Enable Response to Reselection */
158
#define LSI_SCID_RRE      0x60
159

    
160
#define LSI_CCNTL1_40BIT (LSI_CCNTL1_EN64TIBMV|LSI_CCNTL1_64TIMOD)
161

    
162
#define PHASE_DO          0
163
#define PHASE_DI          1
164
#define PHASE_CMD         2
165
#define PHASE_ST          3
166
#define PHASE_MO          6
167
#define PHASE_MI          7
168
#define PHASE_MASK        7
169

    
170
/* Maximum length of MSG IN data.  */
171
#define LSI_MAX_MSGIN_LEN 8
172

    
173
/* Flag set if this is a tagged command.  */
174
#define LSI_TAG_VALID     (1 << 16)
175

    
176
typedef struct lsi_request {
177
    SCSIRequest *req;
178
    uint32_t tag;
179
    uint32_t dma_len;
180
    uint8_t *dma_buf;
181
    uint32_t pending;
182
    int out;
183
    QTAILQ_ENTRY(lsi_request) next;
184
} lsi_request;
185

    
186
typedef struct {
187
    PCIDevice dev;
188
    int mmio_io_addr;
189
    int ram_io_addr;
190
    uint32_t script_ram_base;
191

    
192
    int carry; /* ??? Should this be an a visible register somewhere?  */
193
    int status;
194
    /* Action to take at the end of a MSG IN phase.
195
       0 = COMMAND, 1 = disconnect, 2 = DATA OUT, 3 = DATA IN.  */
196
    int msg_action;
197
    int msg_len;
198
    uint8_t msg[LSI_MAX_MSGIN_LEN];
199
    /* 0 if SCRIPTS are running or stopped.
200
     * 1 if a Wait Reselect instruction has been issued.
201
     * 2 if processing DMA from lsi_execute_script.
202
     * 3 if a DMA operation is in progress.  */
203
    int waiting;
204
    SCSIBus bus;
205
    int current_lun;
206
    /* The tag is a combination of the device ID and the SCSI tag.  */
207
    uint32_t select_tag;
208
    int command_complete;
209
    QTAILQ_HEAD(, lsi_request) queue;
210
    lsi_request *current;
211

    
212
    uint32_t dsa;
213
    uint32_t temp;
214
    uint32_t dnad;
215
    uint32_t dbc;
216
    uint8_t istat0;
217
    uint8_t istat1;
218
    uint8_t dcmd;
219
    uint8_t dstat;
220
    uint8_t dien;
221
    uint8_t sist0;
222
    uint8_t sist1;
223
    uint8_t sien0;
224
    uint8_t sien1;
225
    uint8_t mbox0;
226
    uint8_t mbox1;
227
    uint8_t dfifo;
228
    uint8_t ctest2;
229
    uint8_t ctest3;
230
    uint8_t ctest4;
231
    uint8_t ctest5;
232
    uint8_t ccntl0;
233
    uint8_t ccntl1;
234
    uint32_t dsp;
235
    uint32_t dsps;
236
    uint8_t dmode;
237
    uint8_t dcntl;
238
    uint8_t scntl0;
239
    uint8_t scntl1;
240
    uint8_t scntl2;
241
    uint8_t scntl3;
242
    uint8_t sstat0;
243
    uint8_t sstat1;
244
    uint8_t scid;
245
    uint8_t sxfer;
246
    uint8_t socl;
247
    uint8_t sdid;
248
    uint8_t ssid;
249
    uint8_t sfbr;
250
    uint8_t stest1;
251
    uint8_t stest2;
252
    uint8_t stest3;
253
    uint8_t sidl;
254
    uint8_t stime0;
255
    uint8_t respid0;
256
    uint8_t respid1;
257
    uint32_t mmrs;
258
    uint32_t mmws;
259
    uint32_t sfs;
260
    uint32_t drs;
261
    uint32_t sbms;
262
    uint32_t dbms;
263
    uint32_t dnad64;
264
    uint32_t pmjad1;
265
    uint32_t pmjad2;
266
    uint32_t rbc;
267
    uint32_t ua;
268
    uint32_t ia;
269
    uint32_t sbc;
270
    uint32_t csbc;
271
    uint32_t scratch[18]; /* SCRATCHA-SCRATCHR */
272
    uint8_t sbr;
273

    
274
    /* Script ram is stored as 32-bit words in host byteorder.  */
275
    uint32_t script_ram[2048];
276
} LSIState;
277

    
278
static inline int lsi_irq_on_rsl(LSIState *s)
279
{
280
    return (s->sien0 & LSI_SIST0_RSL) && (s->scid & LSI_SCID_RRE);
281
}
282

    
283
static void lsi_soft_reset(LSIState *s)
284
{
285
    lsi_request *p;
286

    
287
    DPRINTF("Reset\n");
288
    s->carry = 0;
289

    
290
    s->msg_action = 0;
291
    s->msg_len = 0;
292
    s->waiting = 0;
293
    s->dsa = 0;
294
    s->dnad = 0;
295
    s->dbc = 0;
296
    s->temp = 0;
297
    memset(s->scratch, 0, sizeof(s->scratch));
298
    s->istat0 = 0;
299
    s->istat1 = 0;
300
    s->dcmd = 0x40;
301
    s->dstat = LSI_DSTAT_DFE;
302
    s->dien = 0;
303
    s->sist0 = 0;
304
    s->sist1 = 0;
305
    s->sien0 = 0;
306
    s->sien1 = 0;
307
    s->mbox0 = 0;
308
    s->mbox1 = 0;
309
    s->dfifo = 0;
310
    s->ctest2 = LSI_CTEST2_DACK;
311
    s->ctest3 = 0;
312
    s->ctest4 = 0;
313
    s->ctest5 = 0;
314
    s->ccntl0 = 0;
315
    s->ccntl1 = 0;
316
    s->dsp = 0;
317
    s->dsps = 0;
318
    s->dmode = 0;
319
    s->dcntl = 0;
320
    s->scntl0 = 0xc0;
321
    s->scntl1 = 0;
322
    s->scntl2 = 0;
323
    s->scntl3 = 0;
324
    s->sstat0 = 0;
325
    s->sstat1 = 0;
326
    s->scid = 7;
327
    s->sxfer = 0;
328
    s->socl = 0;
329
    s->sdid = 0;
330
    s->ssid = 0;
331
    s->stest1 = 0;
332
    s->stest2 = 0;
333
    s->stest3 = 0;
334
    s->sidl = 0;
335
    s->stime0 = 0;
336
    s->respid0 = 0x80;
337
    s->respid1 = 0;
338
    s->mmrs = 0;
339
    s->mmws = 0;
340
    s->sfs = 0;
341
    s->drs = 0;
342
    s->sbms = 0;
343
    s->dbms = 0;
344
    s->dnad64 = 0;
345
    s->pmjad1 = 0;
346
    s->pmjad2 = 0;
347
    s->rbc = 0;
348
    s->ua = 0;
349
    s->ia = 0;
350
    s->sbc = 0;
351
    s->csbc = 0;
352
    s->sbr = 0;
353
    while (!QTAILQ_EMPTY(&s->queue)) {
354
        p = QTAILQ_FIRST(&s->queue);
355
        QTAILQ_REMOVE(&s->queue, p, next);
356
        qemu_free(p);
357
    }
358
    if (s->current) {
359
        qemu_free(s->current);
360
        s->current = NULL;
361
    }
362
}
363

    
364
static int lsi_dma_40bit(LSIState *s)
365
{
366
    if ((s->ccntl1 & LSI_CCNTL1_40BIT) == LSI_CCNTL1_40BIT)
367
        return 1;
368
    return 0;
369
}
370

    
371
static int lsi_dma_ti64bit(LSIState *s)
372
{
373
    if ((s->ccntl1 & LSI_CCNTL1_EN64TIBMV) == LSI_CCNTL1_EN64TIBMV)
374
        return 1;
375
    return 0;
376
}
377

    
378
static int lsi_dma_64bit(LSIState *s)
379
{
380
    if ((s->ccntl1 & LSI_CCNTL1_EN64DBMV) == LSI_CCNTL1_EN64DBMV)
381
        return 1;
382
    return 0;
383
}
384

    
385
static uint8_t lsi_reg_readb(LSIState *s, int offset);
386
static void lsi_reg_writeb(LSIState *s, int offset, uint8_t val);
387
static void lsi_execute_script(LSIState *s);
388
static void lsi_reselect(LSIState *s, lsi_request *p);
389

    
390
static inline uint32_t read_dword(LSIState *s, uint32_t addr)
391
{
392
    uint32_t buf;
393

    
394
    /* Optimize reading from SCRIPTS RAM.  */
395
    if ((addr & 0xffffe000) == s->script_ram_base) {
396
        return s->script_ram[(addr & 0x1fff) >> 2];
397
    }
398
    cpu_physical_memory_read(addr, (uint8_t *)&buf, 4);
399
    return cpu_to_le32(buf);
400
}
401

    
402
static void lsi_stop_script(LSIState *s)
403
{
404
    s->istat1 &= ~LSI_ISTAT1_SRUN;
405
}
406

    
407
static void lsi_update_irq(LSIState *s)
408
{
409
    int level;
410
    static int last_level;
411
    lsi_request *p;
412

    
413
    /* It's unclear whether the DIP/SIP bits should be cleared when the
414
       Interrupt Status Registers are cleared or when istat0 is read.
415
       We currently do the formwer, which seems to work.  */
416
    level = 0;
417
    if (s->dstat) {
418
        if (s->dstat & s->dien)
419
            level = 1;
420
        s->istat0 |= LSI_ISTAT0_DIP;
421
    } else {
422
        s->istat0 &= ~LSI_ISTAT0_DIP;
423
    }
424

    
425
    if (s->sist0 || s->sist1) {
426
        if ((s->sist0 & s->sien0) || (s->sist1 & s->sien1))
427
            level = 1;
428
        s->istat0 |= LSI_ISTAT0_SIP;
429
    } else {
430
        s->istat0 &= ~LSI_ISTAT0_SIP;
431
    }
432
    if (s->istat0 & LSI_ISTAT0_INTF)
433
        level = 1;
434

    
435
    if (level != last_level) {
436
        DPRINTF("Update IRQ level %d dstat %02x sist %02x%02x\n",
437
                level, s->dstat, s->sist1, s->sist0);
438
        last_level = level;
439
    }
440
    qemu_set_irq(s->dev.irq[0], level);
441

    
442
    if (!level && lsi_irq_on_rsl(s) && !(s->scntl1 & LSI_SCNTL1_CON)) {
443
        DPRINTF("Handled IRQs & disconnected, looking for pending "
444
                "processes\n");
445
        QTAILQ_FOREACH(p, &s->queue, next) {
446
            if (p->pending) {
447
                lsi_reselect(s, p);
448
                break;
449
            }
450
        }
451
    }
452
}
453

    
454
/* Stop SCRIPTS execution and raise a SCSI interrupt.  */
455
static void lsi_script_scsi_interrupt(LSIState *s, int stat0, int stat1)
456
{
457
    uint32_t mask0;
458
    uint32_t mask1;
459

    
460
    DPRINTF("SCSI Interrupt 0x%02x%02x prev 0x%02x%02x\n",
461
            stat1, stat0, s->sist1, s->sist0);
462
    s->sist0 |= stat0;
463
    s->sist1 |= stat1;
464
    /* Stop processor on fatal or unmasked interrupt.  As a special hack
465
       we don't stop processing when raising STO.  Instead continue
466
       execution and stop at the next insn that accesses the SCSI bus.  */
467
    mask0 = s->sien0 | ~(LSI_SIST0_CMP | LSI_SIST0_SEL | LSI_SIST0_RSL);
468
    mask1 = s->sien1 | ~(LSI_SIST1_GEN | LSI_SIST1_HTH);
469
    mask1 &= ~LSI_SIST1_STO;
470
    if (s->sist0 & mask0 || s->sist1 & mask1) {
471
        lsi_stop_script(s);
472
    }
473
    lsi_update_irq(s);
474
}
475

    
476
/* Stop SCRIPTS execution and raise a DMA interrupt.  */
477
static void lsi_script_dma_interrupt(LSIState *s, int stat)
478
{
479
    DPRINTF("DMA Interrupt 0x%x prev 0x%x\n", stat, s->dstat);
480
    s->dstat |= stat;
481
    lsi_update_irq(s);
482
    lsi_stop_script(s);
483
}
484

    
485
static inline void lsi_set_phase(LSIState *s, int phase)
486
{
487
    s->sstat1 = (s->sstat1 & ~PHASE_MASK) | phase;
488
}
489

    
490
static void lsi_bad_phase(LSIState *s, int out, int new_phase)
491
{
492
    /* Trigger a phase mismatch.  */
493
    if (s->ccntl0 & LSI_CCNTL0_ENPMJ) {
494
        if ((s->ccntl0 & LSI_CCNTL0_PMJCTL)) {
495
            s->dsp = out ? s->pmjad1 : s->pmjad2;
496
        } else {
497
            s->dsp = (s->scntl2 & LSI_SCNTL2_WSR ? s->pmjad2 : s->pmjad1);
498
        }
499
        DPRINTF("Data phase mismatch jump to %08x\n", s->dsp);
500
    } else {
501
        DPRINTF("Phase mismatch interrupt\n");
502
        lsi_script_scsi_interrupt(s, LSI_SIST0_MA, 0);
503
        lsi_stop_script(s);
504
    }
505
    lsi_set_phase(s, new_phase);
506
}
507

    
508

    
509
/* Resume SCRIPTS execution after a DMA operation.  */
510
static void lsi_resume_script(LSIState *s)
511
{
512
    if (s->waiting != 2) {
513
        s->waiting = 0;
514
        lsi_execute_script(s);
515
    } else {
516
        s->waiting = 0;
517
    }
518
}
519

    
520
static void lsi_disconnect(LSIState *s)
521
{
522
    s->scntl1 &= ~LSI_SCNTL1_CON;
523
    s->sstat1 &= ~PHASE_MASK;
524
}
525

    
526
static void lsi_bad_selection(LSIState *s, uint32_t id)
527
{
528
    DPRINTF("Selected absent target %d\n", id);
529
    lsi_script_scsi_interrupt(s, 0, LSI_SIST1_STO);
530
    lsi_disconnect(s);
531
}
532

    
533
/* Initiate a SCSI layer data transfer.  */
534
static void lsi_do_dma(LSIState *s, int out)
535
{
536
    uint32_t count, id;
537
    target_phys_addr_t addr;
538
    SCSIDevice *dev;
539

    
540
    assert(s->current);
541
    if (!s->current->dma_len) {
542
        /* Wait until data is available.  */
543
        DPRINTF("DMA no data available\n");
544
        return;
545
    }
546

    
547
    id = (s->current->tag >> 8) & 0xf;
548
    dev = s->bus.devs[id];
549
    if (!dev) {
550
        lsi_bad_selection(s, id);
551
        return;
552
    }
553

    
554
    count = s->dbc;
555
    if (count > s->current->dma_len)
556
        count = s->current->dma_len;
557

    
558
    addr = s->dnad;
559
    /* both 40 and Table Indirect 64-bit DMAs store upper bits in dnad64 */
560
    if (lsi_dma_40bit(s) || lsi_dma_ti64bit(s))
561
        addr |= ((uint64_t)s->dnad64 << 32);
562
    else if (s->dbms)
563
        addr |= ((uint64_t)s->dbms << 32);
564
    else if (s->sbms)
565
        addr |= ((uint64_t)s->sbms << 32);
566

    
567
    DPRINTF("DMA addr=0x" TARGET_FMT_plx " len=%d\n", addr, count);
568
    s->csbc += count;
569
    s->dnad += count;
570
    s->dbc -= count;
571
     if (s->current->dma_buf == NULL) {
572
        s->current->dma_buf = dev->info->get_buf(s->current->req);
573
    }
574
    /* ??? Set SFBR to first data byte.  */
575
    if (out) {
576
        cpu_physical_memory_read(addr, s->current->dma_buf, count);
577
    } else {
578
        cpu_physical_memory_write(addr, s->current->dma_buf, count);
579
    }
580
    s->current->dma_len -= count;
581
    if (s->current->dma_len == 0) {
582
        s->current->dma_buf = NULL;
583
        scsi_req_continue(s->current->req);
584
    } else {
585
        s->current->dma_buf += count;
586
        lsi_resume_script(s);
587
    }
588
}
589

    
590

    
591
/* Add a command to the queue.  */
592
static void lsi_queue_command(LSIState *s)
593
{
594
    lsi_request *p = s->current;
595

    
596
    DPRINTF("Queueing tag=0x%x\n", p->tag);
597
    assert(s->current != NULL);
598
    assert(s->current->dma_len == 0);
599
    QTAILQ_INSERT_TAIL(&s->queue, s->current, next);
600
    s->current = NULL;
601

    
602
    p->pending = 0;
603
    p->out = (s->sstat1 & PHASE_MASK) == PHASE_DO;
604
}
605

    
606
/* Queue a byte for a MSG IN phase.  */
607
static void lsi_add_msg_byte(LSIState *s, uint8_t data)
608
{
609
    if (s->msg_len >= LSI_MAX_MSGIN_LEN) {
610
        BADF("MSG IN data too long\n");
611
    } else {
612
        DPRINTF("MSG IN 0x%02x\n", data);
613
        s->msg[s->msg_len++] = data;
614
    }
615
}
616

    
617
/* Perform reselection to continue a command.  */
618
static void lsi_reselect(LSIState *s, lsi_request *p)
619
{
620
    int id;
621

    
622
    assert(s->current == NULL);
623
    QTAILQ_REMOVE(&s->queue, p, next);
624
    s->current = p;
625

    
626
    id = (p->tag >> 8) & 0xf;
627
    s->ssid = id | 0x80;
628
    /* LSI53C700 Family Compatibility, see LSI53C895A 4-73 */
629
    if (!(s->dcntl & LSI_DCNTL_COM)) {
630
        s->sfbr = 1 << (id & 0x7);
631
    }
632
    DPRINTF("Reselected target %d\n", id);
633
    s->scntl1 |= LSI_SCNTL1_CON;
634
    lsi_set_phase(s, PHASE_MI);
635
    s->msg_action = p->out ? 2 : 3;
636
    s->current->dma_len = p->pending;
637
    lsi_add_msg_byte(s, 0x80);
638
    if (s->current->tag & LSI_TAG_VALID) {
639
        lsi_add_msg_byte(s, 0x20);
640
        lsi_add_msg_byte(s, p->tag & 0xff);
641
    }
642

    
643
    if (lsi_irq_on_rsl(s)) {
644
        lsi_script_scsi_interrupt(s, LSI_SIST0_RSL, 0);
645
    }
646
}
647

    
648
static lsi_request *lsi_find_by_tag(LSIState *s, uint32_t tag)
649
{
650
    lsi_request *p;
651

    
652
    QTAILQ_FOREACH(p, &s->queue, next) {
653
        if (p->tag == tag) {
654
            return p;
655
        }
656
    }
657

    
658
    return NULL;
659
}
660

    
661
static void lsi_request_cancelled(SCSIRequest *req)
662
{
663
    LSIState *s = DO_UPCAST(LSIState, dev.qdev, req->bus->qbus.parent);
664
    lsi_request *p;
665

    
666
    if (s->current && req == s->current->req) {
667
        scsi_req_unref(req);
668
        qemu_free(s->current);
669
        s->current = NULL;
670
        return;
671
    }
672

    
673
    p = lsi_find_by_tag(s, req->tag);
674
    if (p) {
675
        QTAILQ_REMOVE(&s->queue, p, next);
676
        scsi_req_unref(req);
677
        qemu_free(p);
678
    }
679
}
680

    
681
/* Record that data is available for a queued command.  Returns zero if
682
   the device was reselected, nonzero if the IO is deferred.  */
683
static int lsi_queue_tag(LSIState *s, uint32_t tag, uint32_t arg)
684
{
685
    lsi_request *p;
686

    
687
    p = lsi_find_by_tag(s, tag);
688
    if (!p) {
689
        BADF("IO with unknown tag %d\n", tag);
690
        return 1;
691
    }
692

    
693
    if (p->pending) {
694
        BADF("Multiple IO pending for tag %d\n", tag);
695
    }
696
    p->pending = arg;
697
    /* Reselect if waiting for it, or if reselection triggers an IRQ
698
       and the bus is free.
699
       Since no interrupt stacking is implemented in the emulation, it
700
       is also required that there are no pending interrupts waiting
701
       for service from the device driver. */
702
    if (s->waiting == 1 ||
703
        (lsi_irq_on_rsl(s) && !(s->scntl1 & LSI_SCNTL1_CON) &&
704
         !(s->istat0 & (LSI_ISTAT0_SIP | LSI_ISTAT0_DIP)))) {
705
        /* Reselect device.  */
706
        lsi_reselect(s, p);
707
        return 0;
708
    } else {
709
        DPRINTF("Queueing IO tag=0x%x\n", tag);
710
        p->pending = arg;
711
        return 1;
712
    }
713
}
714
 /* Callback to indicate that the SCSI layer has completed a transfer.  */
715
static void lsi_command_complete(SCSIRequest *req, int reason, uint32_t arg)
716
{
717
    LSIState *s = DO_UPCAST(LSIState, dev.qdev, req->bus->qbus.parent);
718
    int out;
719

    
720
    out = (s->sstat1 & PHASE_MASK) == PHASE_DO;
721
    if (reason == SCSI_REASON_DONE) {
722
        DPRINTF("Command complete status=%d\n", (int)arg);
723
        s->status = arg;
724
        s->command_complete = 2;
725
        if (s->waiting && s->dbc != 0) {
726
            /* Raise phase mismatch for short transfers.  */
727
            lsi_bad_phase(s, out, PHASE_ST);
728
        } else {
729
            lsi_set_phase(s, PHASE_ST);
730
        }
731

    
732
        if (s->current && req == s->current->req) {
733
            scsi_req_unref(s->current->req);
734
            qemu_free(s->current);
735
            s->current = NULL;
736
        }
737
        lsi_resume_script(s);
738
        return;
739
    }
740

    
741
    if (s->waiting == 1 || !s->current || req->tag != s->current->tag ||
742
        (lsi_irq_on_rsl(s) && !(s->scntl1 & LSI_SCNTL1_CON))) {
743
        if (lsi_queue_tag(s, req->tag, arg)) {
744
            return;
745
        }
746
    }
747

    
748
    /* host adapter (re)connected */
749
    DPRINTF("Data ready tag=0x%x len=%d\n", req->tag, arg);
750
    s->current->dma_len = arg;
751
    s->command_complete = 1;
752
    if (!s->waiting)
753
        return;
754
    if (s->waiting == 1 || s->dbc == 0) {
755
        lsi_resume_script(s);
756
    } else {
757
        lsi_do_dma(s, out);
758
    }
759
}
760

    
761
static void lsi_do_command(LSIState *s)
762
{
763
    SCSIDevice *dev;
764
    uint8_t buf[16];
765
    uint32_t id;
766
    int n;
767

    
768
    DPRINTF("Send command len=%d\n", s->dbc);
769
    if (s->dbc > 16)
770
        s->dbc = 16;
771
    cpu_physical_memory_read(s->dnad, buf, s->dbc);
772
    s->sfbr = buf[0];
773
    s->command_complete = 0;
774

    
775
    id = (s->select_tag >> 8) & 0xf;
776
    dev = s->bus.devs[id];
777
    if (!dev) {
778
        lsi_bad_selection(s, id);
779
        return;
780
    }
781

    
782
    assert(s->current == NULL);
783
    s->current = qemu_mallocz(sizeof(lsi_request));
784
    s->current->tag = s->select_tag;
785
    s->current->req = scsi_req_new(dev, s->current->tag, s->current_lun);
786

    
787
    n = scsi_req_enqueue(s->current->req, buf);
788
    if (n) {
789
        if (n > 0) {
790
            lsi_set_phase(s, PHASE_DI);
791
        } else if (n < 0) {
792
            lsi_set_phase(s, PHASE_DO);
793
        }
794
        scsi_req_continue(s->current->req);
795
    }
796
    if (!s->command_complete) {
797
        if (n) {
798
            /* Command did not complete immediately so disconnect.  */
799
            lsi_add_msg_byte(s, 2); /* SAVE DATA POINTER */
800
            lsi_add_msg_byte(s, 4); /* DISCONNECT */
801
            /* wait data */
802
            lsi_set_phase(s, PHASE_MI);
803
            s->msg_action = 1;
804
            lsi_queue_command(s);
805
        } else {
806
            /* wait command complete */
807
            lsi_set_phase(s, PHASE_DI);
808
        }
809
    }
810
}
811

    
812
static void lsi_do_status(LSIState *s)
813
{
814
    uint8_t status;
815
    DPRINTF("Get status len=%d status=%d\n", s->dbc, s->status);
816
    if (s->dbc != 1)
817
        BADF("Bad Status move\n");
818
    s->dbc = 1;
819
    status = s->status;
820
    s->sfbr = status;
821
    cpu_physical_memory_write(s->dnad, &status, 1);
822
    lsi_set_phase(s, PHASE_MI);
823
    s->msg_action = 1;
824
    lsi_add_msg_byte(s, 0); /* COMMAND COMPLETE */
825
}
826

    
827
static void lsi_do_msgin(LSIState *s)
828
{
829
    int len;
830
    DPRINTF("Message in len=%d/%d\n", s->dbc, s->msg_len);
831
    s->sfbr = s->msg[0];
832
    len = s->msg_len;
833
    if (len > s->dbc)
834
        len = s->dbc;
835
    cpu_physical_memory_write(s->dnad, s->msg, len);
836
    /* Linux drivers rely on the last byte being in the SIDL.  */
837
    s->sidl = s->msg[len - 1];
838
    s->msg_len -= len;
839
    if (s->msg_len) {
840
        memmove(s->msg, s->msg + len, s->msg_len);
841
    } else {
842
        /* ??? Check if ATN (not yet implemented) is asserted and maybe
843
           switch to PHASE_MO.  */
844
        switch (s->msg_action) {
845
        case 0:
846
            lsi_set_phase(s, PHASE_CMD);
847
            break;
848
        case 1:
849
            lsi_disconnect(s);
850
            break;
851
        case 2:
852
            lsi_set_phase(s, PHASE_DO);
853
            break;
854
        case 3:
855
            lsi_set_phase(s, PHASE_DI);
856
            break;
857
        default:
858
            abort();
859
        }
860
    }
861
}
862

    
863
/* Read the next byte during a MSGOUT phase.  */
864
static uint8_t lsi_get_msgbyte(LSIState *s)
865
{
866
    uint8_t data;
867
    cpu_physical_memory_read(s->dnad, &data, 1);
868
    s->dnad++;
869
    s->dbc--;
870
    return data;
871
}
872

    
873
/* Skip the next n bytes during a MSGOUT phase. */
874
static void lsi_skip_msgbytes(LSIState *s, unsigned int n)
875
{
876
    s->dnad += n;
877
    s->dbc  -= n;
878
}
879

    
880
static void lsi_do_msgout(LSIState *s)
881
{
882
    uint8_t msg;
883
    int len;
884
    uint32_t current_tag;
885
    SCSIDevice *current_dev;
886
    lsi_request *current_req, *p, *p_next;
887
    int id;
888

    
889
    if (s->current) {
890
        current_tag = s->current->tag;
891
        current_req = s->current;
892
    } else {
893
        current_tag = s->select_tag;
894
        current_req = lsi_find_by_tag(s, current_tag);
895
    }
896
    id = (current_tag >> 8) & 0xf;
897
    current_dev = s->bus.devs[id];
898

    
899
    DPRINTF("MSG out len=%d\n", s->dbc);
900
    while (s->dbc) {
901
        msg = lsi_get_msgbyte(s);
902
        s->sfbr = msg;
903

    
904
        switch (msg) {
905
        case 0x04:
906
            DPRINTF("MSG: Disconnect\n");
907
            lsi_disconnect(s);
908
            break;
909
        case 0x08:
910
            DPRINTF("MSG: No Operation\n");
911
            lsi_set_phase(s, PHASE_CMD);
912
            break;
913
        case 0x01:
914
            len = lsi_get_msgbyte(s);
915
            msg = lsi_get_msgbyte(s);
916
            (void)len; /* avoid a warning about unused variable*/
917
            DPRINTF("Extended message 0x%x (len %d)\n", msg, len);
918
            switch (msg) {
919
            case 1:
920
                DPRINTF("SDTR (ignored)\n");
921
                lsi_skip_msgbytes(s, 2);
922
                break;
923
            case 3:
924
                DPRINTF("WDTR (ignored)\n");
925
                lsi_skip_msgbytes(s, 1);
926
                break;
927
            default:
928
                goto bad;
929
            }
930
            break;
931
        case 0x20: /* SIMPLE queue */
932
            s->select_tag |= lsi_get_msgbyte(s) | LSI_TAG_VALID;
933
            DPRINTF("SIMPLE queue tag=0x%x\n", s->select_tag & 0xff);
934
            break;
935
        case 0x21: /* HEAD of queue */
936
            BADF("HEAD queue not implemented\n");
937
            s->select_tag |= lsi_get_msgbyte(s) | LSI_TAG_VALID;
938
            break;
939
        case 0x22: /* ORDERED queue */
940
            BADF("ORDERED queue not implemented\n");
941
            s->select_tag |= lsi_get_msgbyte(s) | LSI_TAG_VALID;
942
            break;
943
        case 0x0d:
944
            /* The ABORT TAG message clears the current I/O process only. */
945
            DPRINTF("MSG: ABORT TAG tag=0x%x\n", current_tag);
946
            if (current_req) {
947
                scsi_req_cancel(current_req->req);
948
            }
949
            lsi_disconnect(s);
950
            break;
951
        case 0x06:
952
        case 0x0e:
953
        case 0x0c:
954
            /* The ABORT message clears all I/O processes for the selecting
955
               initiator on the specified logical unit of the target. */
956
            if (msg == 0x06) {
957
                DPRINTF("MSG: ABORT tag=0x%x\n", current_tag);
958
            }
959
            /* The CLEAR QUEUE message clears all I/O processes for all
960
               initiators on the specified logical unit of the target. */
961
            if (msg == 0x0e) {
962
                DPRINTF("MSG: CLEAR QUEUE tag=0x%x\n", current_tag);
963
            }
964
            /* The BUS DEVICE RESET message clears all I/O processes for all
965
               initiators on all logical units of the target. */
966
            if (msg == 0x0c) {
967
                DPRINTF("MSG: BUS DEVICE RESET tag=0x%x\n", current_tag);
968
            }
969

    
970
            /* clear the current I/O process */
971
            if (s->current) {
972
                scsi_req_cancel(s->current->req);
973
            }
974

    
975
            /* As the current implemented devices scsi_disk and scsi_generic
976
               only support one LUN, we don't need to keep track of LUNs.
977
               Clearing I/O processes for other initiators could be possible
978
               for scsi_generic by sending a SG_SCSI_RESET to the /dev/sgX
979
               device, but this is currently not implemented (and seems not
980
               to be really necessary). So let's simply clear all queued
981
               commands for the current device: */
982
            id = current_tag & 0x0000ff00;
983
            QTAILQ_FOREACH_SAFE(p, &s->queue, next, p_next) {
984
                if ((p->tag & 0x0000ff00) == id) {
985
                    scsi_req_cancel(p->req);
986
                }
987
            }
988

    
989
            lsi_disconnect(s);
990
            break;
991
        default:
992
            if ((msg & 0x80) == 0) {
993
                goto bad;
994
            }
995
            s->current_lun = msg & 7;
996
            DPRINTF("Select LUN %d\n", s->current_lun);
997
            lsi_set_phase(s, PHASE_CMD);
998
            break;
999
        }
1000
    }
1001
    return;
1002
bad:
1003
    BADF("Unimplemented message 0x%02x\n", msg);
1004
    lsi_set_phase(s, PHASE_MI);
1005
    lsi_add_msg_byte(s, 7); /* MESSAGE REJECT */
1006
    s->msg_action = 0;
1007
}
1008

    
1009
/* Sign extend a 24-bit value.  */
1010
static inline int32_t sxt24(int32_t n)
1011
{
1012
    return (n << 8) >> 8;
1013
}
1014

    
1015
#define LSI_BUF_SIZE 4096
1016
static void lsi_memcpy(LSIState *s, uint32_t dest, uint32_t src, int count)
1017
{
1018
    int n;
1019
    uint8_t buf[LSI_BUF_SIZE];
1020

    
1021
    DPRINTF("memcpy dest 0x%08x src 0x%08x count %d\n", dest, src, count);
1022
    while (count) {
1023
        n = (count > LSI_BUF_SIZE) ? LSI_BUF_SIZE : count;
1024
        cpu_physical_memory_read(src, buf, n);
1025
        cpu_physical_memory_write(dest, buf, n);
1026
        src += n;
1027
        dest += n;
1028
        count -= n;
1029
    }
1030
}
1031

    
1032
static void lsi_wait_reselect(LSIState *s)
1033
{
1034
    lsi_request *p;
1035

    
1036
    DPRINTF("Wait Reselect\n");
1037

    
1038
    QTAILQ_FOREACH(p, &s->queue, next) {
1039
        if (p->pending) {
1040
            lsi_reselect(s, p);
1041
            break;
1042
        }
1043
    }
1044
    if (s->current == NULL) {
1045
        s->waiting = 1;
1046
    }
1047
}
1048

    
1049
static void lsi_execute_script(LSIState *s)
1050
{
1051
    uint32_t insn;
1052
    uint32_t addr, addr_high;
1053
    int opcode;
1054
    int insn_processed = 0;
1055

    
1056
    s->istat1 |= LSI_ISTAT1_SRUN;
1057
again:
1058
    insn_processed++;
1059
    insn = read_dword(s, s->dsp);
1060
    if (!insn) {
1061
        /* If we receive an empty opcode increment the DSP by 4 bytes
1062
           instead of 8 and execute the next opcode at that location */
1063
        s->dsp += 4;
1064
        goto again;
1065
    }
1066
    addr = read_dword(s, s->dsp + 4);
1067
    addr_high = 0;
1068
    DPRINTF("SCRIPTS dsp=%08x opcode %08x arg %08x\n", s->dsp, insn, addr);
1069
    s->dsps = addr;
1070
    s->dcmd = insn >> 24;
1071
    s->dsp += 8;
1072
    switch (insn >> 30) {
1073
    case 0: /* Block move.  */
1074
        if (s->sist1 & LSI_SIST1_STO) {
1075
            DPRINTF("Delayed select timeout\n");
1076
            lsi_stop_script(s);
1077
            break;
1078
        }
1079
        s->dbc = insn & 0xffffff;
1080
        s->rbc = s->dbc;
1081
        /* ??? Set ESA.  */
1082
        s->ia = s->dsp - 8;
1083
        if (insn & (1 << 29)) {
1084
            /* Indirect addressing.  */
1085
            addr = read_dword(s, addr);
1086
        } else if (insn & (1 << 28)) {
1087
            uint32_t buf[2];
1088
            int32_t offset;
1089
            /* Table indirect addressing.  */
1090

    
1091
            /* 32-bit Table indirect */
1092
            offset = sxt24(addr);
1093
            cpu_physical_memory_read(s->dsa + offset, (uint8_t *)buf, 8);
1094
            /* byte count is stored in bits 0:23 only */
1095
            s->dbc = cpu_to_le32(buf[0]) & 0xffffff;
1096
            s->rbc = s->dbc;
1097
            addr = cpu_to_le32(buf[1]);
1098

    
1099
            /* 40-bit DMA, upper addr bits [39:32] stored in first DWORD of
1100
             * table, bits [31:24] */
1101
            if (lsi_dma_40bit(s))
1102
                addr_high = cpu_to_le32(buf[0]) >> 24;
1103
            else if (lsi_dma_ti64bit(s)) {
1104
                int selector = (cpu_to_le32(buf[0]) >> 24) & 0x1f;
1105
                switch (selector) {
1106
                case 0 ... 0x0f:
1107
                    /* offset index into scratch registers since
1108
                     * TI64 mode can use registers C to R */
1109
                    addr_high = s->scratch[2 + selector];
1110
                    break;
1111
                case 0x10:
1112
                    addr_high = s->mmrs;
1113
                    break;
1114
                case 0x11:
1115
                    addr_high = s->mmws;
1116
                    break;
1117
                case 0x12:
1118
                    addr_high = s->sfs;
1119
                    break;
1120
                case 0x13:
1121
                    addr_high = s->drs;
1122
                    break;
1123
                case 0x14:
1124
                    addr_high = s->sbms;
1125
                    break;
1126
                case 0x15:
1127
                    addr_high = s->dbms;
1128
                    break;
1129
                default:
1130
                    BADF("Illegal selector specified (0x%x > 0x15)"
1131
                         " for 64-bit DMA block move", selector);
1132
                    break;
1133
                }
1134
            }
1135
        } else if (lsi_dma_64bit(s)) {
1136
            /* fetch a 3rd dword if 64-bit direct move is enabled and
1137
               only if we're not doing table indirect or indirect addressing */
1138
            s->dbms = read_dword(s, s->dsp);
1139
            s->dsp += 4;
1140
            s->ia = s->dsp - 12;
1141
        }
1142
        if ((s->sstat1 & PHASE_MASK) != ((insn >> 24) & 7)) {
1143
            DPRINTF("Wrong phase got %d expected %d\n",
1144
                    s->sstat1 & PHASE_MASK, (insn >> 24) & 7);
1145
            lsi_script_scsi_interrupt(s, LSI_SIST0_MA, 0);
1146
            break;
1147
        }
1148
        s->dnad = addr;
1149
        s->dnad64 = addr_high;
1150
        switch (s->sstat1 & 0x7) {
1151
        case PHASE_DO:
1152
            s->waiting = 2;
1153
            lsi_do_dma(s, 1);
1154
            if (s->waiting)
1155
                s->waiting = 3;
1156
            break;
1157
        case PHASE_DI:
1158
            s->waiting = 2;
1159
            lsi_do_dma(s, 0);
1160
            if (s->waiting)
1161
                s->waiting = 3;
1162
            break;
1163
        case PHASE_CMD:
1164
            lsi_do_command(s);
1165
            break;
1166
        case PHASE_ST:
1167
            lsi_do_status(s);
1168
            break;
1169
        case PHASE_MO:
1170
            lsi_do_msgout(s);
1171
            break;
1172
        case PHASE_MI:
1173
            lsi_do_msgin(s);
1174
            break;
1175
        default:
1176
            BADF("Unimplemented phase %d\n", s->sstat1 & PHASE_MASK);
1177
            exit(1);
1178
        }
1179
        s->dfifo = s->dbc & 0xff;
1180
        s->ctest5 = (s->ctest5 & 0xfc) | ((s->dbc >> 8) & 3);
1181
        s->sbc = s->dbc;
1182
        s->rbc -= s->dbc;
1183
        s->ua = addr + s->dbc;
1184
        break;
1185

    
1186
    case 1: /* IO or Read/Write instruction.  */
1187
        opcode = (insn >> 27) & 7;
1188
        if (opcode < 5) {
1189
            uint32_t id;
1190

    
1191
            if (insn & (1 << 25)) {
1192
                id = read_dword(s, s->dsa + sxt24(insn));
1193
            } else {
1194
                id = insn;
1195
            }
1196
            id = (id >> 16) & 0xf;
1197
            if (insn & (1 << 26)) {
1198
                addr = s->dsp + sxt24(addr);
1199
            }
1200
            s->dnad = addr;
1201
            switch (opcode) {
1202
            case 0: /* Select */
1203
                s->sdid = id;
1204
                if (s->scntl1 & LSI_SCNTL1_CON) {
1205
                    DPRINTF("Already reselected, jumping to alternative address\n");
1206
                    s->dsp = s->dnad;
1207
                    break;
1208
                }
1209
                s->sstat0 |= LSI_SSTAT0_WOA;
1210
                s->scntl1 &= ~LSI_SCNTL1_IARB;
1211
                if (id >= LSI_MAX_DEVS || !s->bus.devs[id]) {
1212
                    lsi_bad_selection(s, id);
1213
                    break;
1214
                }
1215
                DPRINTF("Selected target %d%s\n",
1216
                        id, insn & (1 << 3) ? " ATN" : "");
1217
                /* ??? Linux drivers compain when this is set.  Maybe
1218
                   it only applies in low-level mode (unimplemented).
1219
                lsi_script_scsi_interrupt(s, LSI_SIST0_CMP, 0); */
1220
                s->select_tag = id << 8;
1221
                s->scntl1 |= LSI_SCNTL1_CON;
1222
                if (insn & (1 << 3)) {
1223
                    s->socl |= LSI_SOCL_ATN;
1224
                }
1225
                lsi_set_phase(s, PHASE_MO);
1226
                break;
1227
            case 1: /* Disconnect */
1228
                DPRINTF("Wait Disconnect\n");
1229
                s->scntl1 &= ~LSI_SCNTL1_CON;
1230
                break;
1231
            case 2: /* Wait Reselect */
1232
                if (!lsi_irq_on_rsl(s)) {
1233
                    lsi_wait_reselect(s);
1234
                }
1235
                break;
1236
            case 3: /* Set */
1237
                DPRINTF("Set%s%s%s%s\n",
1238
                        insn & (1 << 3) ? " ATN" : "",
1239
                        insn & (1 << 6) ? " ACK" : "",
1240
                        insn & (1 << 9) ? " TM" : "",
1241
                        insn & (1 << 10) ? " CC" : "");
1242
                if (insn & (1 << 3)) {
1243
                    s->socl |= LSI_SOCL_ATN;
1244
                    lsi_set_phase(s, PHASE_MO);
1245
                }
1246
                if (insn & (1 << 9)) {
1247
                    BADF("Target mode not implemented\n");
1248
                    exit(1);
1249
                }
1250
                if (insn & (1 << 10))
1251
                    s->carry = 1;
1252
                break;
1253
            case 4: /* Clear */
1254
                DPRINTF("Clear%s%s%s%s\n",
1255
                        insn & (1 << 3) ? " ATN" : "",
1256
                        insn & (1 << 6) ? " ACK" : "",
1257
                        insn & (1 << 9) ? " TM" : "",
1258
                        insn & (1 << 10) ? " CC" : "");
1259
                if (insn & (1 << 3)) {
1260
                    s->socl &= ~LSI_SOCL_ATN;
1261
                }
1262
                if (insn & (1 << 10))
1263
                    s->carry = 0;
1264
                break;
1265
            }
1266
        } else {
1267
            uint8_t op0;
1268
            uint8_t op1;
1269
            uint8_t data8;
1270
            int reg;
1271
            int operator;
1272
#ifdef DEBUG_LSI
1273
            static const char *opcode_names[3] =
1274
                {"Write", "Read", "Read-Modify-Write"};
1275
            static const char *operator_names[8] =
1276
                {"MOV", "SHL", "OR", "XOR", "AND", "SHR", "ADD", "ADC"};
1277
#endif
1278

    
1279
            reg = ((insn >> 16) & 0x7f) | (insn & 0x80);
1280
            data8 = (insn >> 8) & 0xff;
1281
            opcode = (insn >> 27) & 7;
1282
            operator = (insn >> 24) & 7;
1283
            DPRINTF("%s reg 0x%x %s data8=0x%02x sfbr=0x%02x%s\n",
1284
                    opcode_names[opcode - 5], reg,
1285
                    operator_names[operator], data8, s->sfbr,
1286
                    (insn & (1 << 23)) ? " SFBR" : "");
1287
            op0 = op1 = 0;
1288
            switch (opcode) {
1289
            case 5: /* From SFBR */
1290
                op0 = s->sfbr;
1291
                op1 = data8;
1292
                break;
1293
            case 6: /* To SFBR */
1294
                if (operator)
1295
                    op0 = lsi_reg_readb(s, reg);
1296
                op1 = data8;
1297
                break;
1298
            case 7: /* Read-modify-write */
1299
                if (operator)
1300
                    op0 = lsi_reg_readb(s, reg);
1301
                if (insn & (1 << 23)) {
1302
                    op1 = s->sfbr;
1303
                } else {
1304
                    op1 = data8;
1305
                }
1306
                break;
1307
            }
1308

    
1309
            switch (operator) {
1310
            case 0: /* move */
1311
                op0 = op1;
1312
                break;
1313
            case 1: /* Shift left */
1314
                op1 = op0 >> 7;
1315
                op0 = (op0 << 1) | s->carry;
1316
                s->carry = op1;
1317
                break;
1318
            case 2: /* OR */
1319
                op0 |= op1;
1320
                break;
1321
            case 3: /* XOR */
1322
                op0 ^= op1;
1323
                break;
1324
            case 4: /* AND */
1325
                op0 &= op1;
1326
                break;
1327
            case 5: /* SHR */
1328
                op1 = op0 & 1;
1329
                op0 = (op0 >> 1) | (s->carry << 7);
1330
                s->carry = op1;
1331
                break;
1332
            case 6: /* ADD */
1333
                op0 += op1;
1334
                s->carry = op0 < op1;
1335
                break;
1336
            case 7: /* ADC */
1337
                op0 += op1 + s->carry;
1338
                if (s->carry)
1339
                    s->carry = op0 <= op1;
1340
                else
1341
                    s->carry = op0 < op1;
1342
                break;
1343
            }
1344

    
1345
            switch (opcode) {
1346
            case 5: /* From SFBR */
1347
            case 7: /* Read-modify-write */
1348
                lsi_reg_writeb(s, reg, op0);
1349
                break;
1350
            case 6: /* To SFBR */
1351
                s->sfbr = op0;
1352
                break;
1353
            }
1354
        }
1355
        break;
1356

    
1357
    case 2: /* Transfer Control.  */
1358
        {
1359
            int cond;
1360
            int jmp;
1361

    
1362
            if ((insn & 0x002e0000) == 0) {
1363
                DPRINTF("NOP\n");
1364
                break;
1365
            }
1366
            if (s->sist1 & LSI_SIST1_STO) {
1367
                DPRINTF("Delayed select timeout\n");
1368
                lsi_stop_script(s);
1369
                break;
1370
            }
1371
            cond = jmp = (insn & (1 << 19)) != 0;
1372
            if (cond == jmp && (insn & (1 << 21))) {
1373
                DPRINTF("Compare carry %d\n", s->carry == jmp);
1374
                cond = s->carry != 0;
1375
            }
1376
            if (cond == jmp && (insn & (1 << 17))) {
1377
                DPRINTF("Compare phase %d %c= %d\n",
1378
                        (s->sstat1 & PHASE_MASK),
1379
                        jmp ? '=' : '!',
1380
                        ((insn >> 24) & 7));
1381
                cond = (s->sstat1 & PHASE_MASK) == ((insn >> 24) & 7);
1382
            }
1383
            if (cond == jmp && (insn & (1 << 18))) {
1384
                uint8_t mask;
1385

    
1386
                mask = (~insn >> 8) & 0xff;
1387
                DPRINTF("Compare data 0x%x & 0x%x %c= 0x%x\n",
1388
                        s->sfbr, mask, jmp ? '=' : '!', insn & mask);
1389
                cond = (s->sfbr & mask) == (insn & mask);
1390
            }
1391
            if (cond == jmp) {
1392
                if (insn & (1 << 23)) {
1393
                    /* Relative address.  */
1394
                    addr = s->dsp + sxt24(addr);
1395
                }
1396
                switch ((insn >> 27) & 7) {
1397
                case 0: /* Jump */
1398
                    DPRINTF("Jump to 0x%08x\n", addr);
1399
                    s->dsp = addr;
1400
                    break;
1401
                case 1: /* Call */
1402
                    DPRINTF("Call 0x%08x\n", addr);
1403
                    s->temp = s->dsp;
1404
                    s->dsp = addr;
1405
                    break;
1406
                case 2: /* Return */
1407
                    DPRINTF("Return to 0x%08x\n", s->temp);
1408
                    s->dsp = s->temp;
1409
                    break;
1410
                case 3: /* Interrupt */
1411
                    DPRINTF("Interrupt 0x%08x\n", s->dsps);
1412
                    if ((insn & (1 << 20)) != 0) {
1413
                        s->istat0 |= LSI_ISTAT0_INTF;
1414
                        lsi_update_irq(s);
1415
                    } else {
1416
                        lsi_script_dma_interrupt(s, LSI_DSTAT_SIR);
1417
                    }
1418
                    break;
1419
                default:
1420
                    DPRINTF("Illegal transfer control\n");
1421
                    lsi_script_dma_interrupt(s, LSI_DSTAT_IID);
1422
                    break;
1423
                }
1424
            } else {
1425
                DPRINTF("Control condition failed\n");
1426
            }
1427
        }
1428
        break;
1429

    
1430
    case 3:
1431
        if ((insn & (1 << 29)) == 0) {
1432
            /* Memory move.  */
1433
            uint32_t dest;
1434
            /* ??? The docs imply the destination address is loaded into
1435
               the TEMP register.  However the Linux drivers rely on
1436
               the value being presrved.  */
1437
            dest = read_dword(s, s->dsp);
1438
            s->dsp += 4;
1439
            lsi_memcpy(s, dest, addr, insn & 0xffffff);
1440
        } else {
1441
            uint8_t data[7];
1442
            int reg;
1443
            int n;
1444
            int i;
1445

    
1446
            if (insn & (1 << 28)) {
1447
                addr = s->dsa + sxt24(addr);
1448
            }
1449
            n = (insn & 7);
1450
            reg = (insn >> 16) & 0xff;
1451
            if (insn & (1 << 24)) {
1452
                cpu_physical_memory_read(addr, data, n);
1453
                DPRINTF("Load reg 0x%x size %d addr 0x%08x = %08x\n", reg, n,
1454
                        addr, *(int *)data);
1455
                for (i = 0; i < n; i++) {
1456
                    lsi_reg_writeb(s, reg + i, data[i]);
1457
                }
1458
            } else {
1459
                DPRINTF("Store reg 0x%x size %d addr 0x%08x\n", reg, n, addr);
1460
                for (i = 0; i < n; i++) {
1461
                    data[i] = lsi_reg_readb(s, reg + i);
1462
                }
1463
                cpu_physical_memory_write(addr, data, n);
1464
            }
1465
        }
1466
    }
1467
    if (insn_processed > 10000 && !s->waiting) {
1468
        /* Some windows drivers make the device spin waiting for a memory
1469
           location to change.  If we have been executed a lot of code then
1470
           assume this is the case and force an unexpected device disconnect.
1471
           This is apparently sufficient to beat the drivers into submission.
1472
         */
1473
        if (!(s->sien0 & LSI_SIST0_UDC))
1474
            fprintf(stderr, "inf. loop with UDC masked\n");
1475
        lsi_script_scsi_interrupt(s, LSI_SIST0_UDC, 0);
1476
        lsi_disconnect(s);
1477
    } else if (s->istat1 & LSI_ISTAT1_SRUN && !s->waiting) {
1478
        if (s->dcntl & LSI_DCNTL_SSM) {
1479
            lsi_script_dma_interrupt(s, LSI_DSTAT_SSI);
1480
        } else {
1481
            goto again;
1482
        }
1483
    }
1484
    DPRINTF("SCRIPTS execution stopped\n");
1485
}
1486

    
1487
static uint8_t lsi_reg_readb(LSIState *s, int offset)
1488
{
1489
    uint8_t tmp;
1490
#define CASE_GET_REG24(name, addr) \
1491
    case addr: return s->name & 0xff; \
1492
    case addr + 1: return (s->name >> 8) & 0xff; \
1493
    case addr + 2: return (s->name >> 16) & 0xff;
1494

    
1495
#define CASE_GET_REG32(name, addr) \
1496
    case addr: return s->name & 0xff; \
1497
    case addr + 1: return (s->name >> 8) & 0xff; \
1498
    case addr + 2: return (s->name >> 16) & 0xff; \
1499
    case addr + 3: return (s->name >> 24) & 0xff;
1500

    
1501
#ifdef DEBUG_LSI_REG
1502
    DPRINTF("Read reg %x\n", offset);
1503
#endif
1504
    switch (offset) {
1505
    case 0x00: /* SCNTL0 */
1506
        return s->scntl0;
1507
    case 0x01: /* SCNTL1 */
1508
        return s->scntl1;
1509
    case 0x02: /* SCNTL2 */
1510
        return s->scntl2;
1511
    case 0x03: /* SCNTL3 */
1512
        return s->scntl3;
1513
    case 0x04: /* SCID */
1514
        return s->scid;
1515
    case 0x05: /* SXFER */
1516
        return s->sxfer;
1517
    case 0x06: /* SDID */
1518
        return s->sdid;
1519
    case 0x07: /* GPREG0 */
1520
        return 0x7f;
1521
    case 0x08: /* Revision ID */
1522
        return 0x00;
1523
    case 0xa: /* SSID */
1524
        return s->ssid;
1525
    case 0xb: /* SBCL */
1526
        /* ??? This is not correct. However it's (hopefully) only
1527
           used for diagnostics, so should be ok.  */
1528
        return 0;
1529
    case 0xc: /* DSTAT */
1530
        tmp = s->dstat | 0x80;
1531
        if ((s->istat0 & LSI_ISTAT0_INTF) == 0)
1532
            s->dstat = 0;
1533
        lsi_update_irq(s);
1534
        return tmp;
1535
    case 0x0d: /* SSTAT0 */
1536
        return s->sstat0;
1537
    case 0x0e: /* SSTAT1 */
1538
        return s->sstat1;
1539
    case 0x0f: /* SSTAT2 */
1540
        return s->scntl1 & LSI_SCNTL1_CON ? 0 : 2;
1541
    CASE_GET_REG32(dsa, 0x10)
1542
    case 0x14: /* ISTAT0 */
1543
        return s->istat0;
1544
    case 0x15: /* ISTAT1 */
1545
        return s->istat1;
1546
    case 0x16: /* MBOX0 */
1547
        return s->mbox0;
1548
    case 0x17: /* MBOX1 */
1549
        return s->mbox1;
1550
    case 0x18: /* CTEST0 */
1551
        return 0xff;
1552
    case 0x19: /* CTEST1 */
1553
        return 0;
1554
    case 0x1a: /* CTEST2 */
1555
        tmp = s->ctest2 | LSI_CTEST2_DACK | LSI_CTEST2_CM;
1556
        if (s->istat0 & LSI_ISTAT0_SIGP) {
1557
            s->istat0 &= ~LSI_ISTAT0_SIGP;
1558
            tmp |= LSI_CTEST2_SIGP;
1559
        }
1560
        return tmp;
1561
    case 0x1b: /* CTEST3 */
1562
        return s->ctest3;
1563
    CASE_GET_REG32(temp, 0x1c)
1564
    case 0x20: /* DFIFO */
1565
        return 0;
1566
    case 0x21: /* CTEST4 */
1567
        return s->ctest4;
1568
    case 0x22: /* CTEST5 */
1569
        return s->ctest5;
1570
    case 0x23: /* CTEST6 */
1571
         return 0;
1572
    CASE_GET_REG24(dbc, 0x24)
1573
    case 0x27: /* DCMD */
1574
        return s->dcmd;
1575
    CASE_GET_REG32(dnad, 0x28)
1576
    CASE_GET_REG32(dsp, 0x2c)
1577
    CASE_GET_REG32(dsps, 0x30)
1578
    CASE_GET_REG32(scratch[0], 0x34)
1579
    case 0x38: /* DMODE */
1580
        return s->dmode;
1581
    case 0x39: /* DIEN */
1582
        return s->dien;
1583
    case 0x3a: /* SBR */
1584
        return s->sbr;
1585
    case 0x3b: /* DCNTL */
1586
        return s->dcntl;
1587
    case 0x40: /* SIEN0 */
1588
        return s->sien0;
1589
    case 0x41: /* SIEN1 */
1590
        return s->sien1;
1591
    case 0x42: /* SIST0 */
1592
        tmp = s->sist0;
1593
        s->sist0 = 0;
1594
        lsi_update_irq(s);
1595
        return tmp;
1596
    case 0x43: /* SIST1 */
1597
        tmp = s->sist1;
1598
        s->sist1 = 0;
1599
        lsi_update_irq(s);
1600
        return tmp;
1601
    case 0x46: /* MACNTL */
1602
        return 0x0f;
1603
    case 0x47: /* GPCNTL0 */
1604
        return 0x0f;
1605
    case 0x48: /* STIME0 */
1606
        return s->stime0;
1607
    case 0x4a: /* RESPID0 */
1608
        return s->respid0;
1609
    case 0x4b: /* RESPID1 */
1610
        return s->respid1;
1611
    case 0x4d: /* STEST1 */
1612
        return s->stest1;
1613
    case 0x4e: /* STEST2 */
1614
        return s->stest2;
1615
    case 0x4f: /* STEST3 */
1616
        return s->stest3;
1617
    case 0x50: /* SIDL */
1618
        /* This is needed by the linux drivers.  We currently only update it
1619
           during the MSG IN phase.  */
1620
        return s->sidl;
1621
    case 0x52: /* STEST4 */
1622
        return 0xe0;
1623
    case 0x56: /* CCNTL0 */
1624
        return s->ccntl0;
1625
    case 0x57: /* CCNTL1 */
1626
        return s->ccntl1;
1627
    case 0x58: /* SBDL */
1628
        /* Some drivers peek at the data bus during the MSG IN phase.  */
1629
        if ((s->sstat1 & PHASE_MASK) == PHASE_MI)
1630
            return s->msg[0];
1631
        return 0;
1632
    case 0x59: /* SBDL high */
1633
        return 0;
1634
    CASE_GET_REG32(mmrs, 0xa0)
1635
    CASE_GET_REG32(mmws, 0xa4)
1636
    CASE_GET_REG32(sfs, 0xa8)
1637
    CASE_GET_REG32(drs, 0xac)
1638
    CASE_GET_REG32(sbms, 0xb0)
1639
    CASE_GET_REG32(dbms, 0xb4)
1640
    CASE_GET_REG32(dnad64, 0xb8)
1641
    CASE_GET_REG32(pmjad1, 0xc0)
1642
    CASE_GET_REG32(pmjad2, 0xc4)
1643
    CASE_GET_REG32(rbc, 0xc8)
1644
    CASE_GET_REG32(ua, 0xcc)
1645
    CASE_GET_REG32(ia, 0xd4)
1646
    CASE_GET_REG32(sbc, 0xd8)
1647
    CASE_GET_REG32(csbc, 0xdc)
1648
    }
1649
    if (offset >= 0x5c && offset < 0xa0) {
1650
        int n;
1651
        int shift;
1652
        n = (offset - 0x58) >> 2;
1653
        shift = (offset & 3) * 8;
1654
        return (s->scratch[n] >> shift) & 0xff;
1655
    }
1656
    BADF("readb 0x%x\n", offset);
1657
    exit(1);
1658
#undef CASE_GET_REG24
1659
#undef CASE_GET_REG32
1660
}
1661

    
1662
static void lsi_reg_writeb(LSIState *s, int offset, uint8_t val)
1663
{
1664
#define CASE_SET_REG24(name, addr) \
1665
    case addr    : s->name &= 0xffffff00; s->name |= val;       break; \
1666
    case addr + 1: s->name &= 0xffff00ff; s->name |= val << 8;  break; \
1667
    case addr + 2: s->name &= 0xff00ffff; s->name |= val << 16; break;
1668

    
1669
#define CASE_SET_REG32(name, addr) \
1670
    case addr    : s->name &= 0xffffff00; s->name |= val;       break; \
1671
    case addr + 1: s->name &= 0xffff00ff; s->name |= val << 8;  break; \
1672
    case addr + 2: s->name &= 0xff00ffff; s->name |= val << 16; break; \
1673
    case addr + 3: s->name &= 0x00ffffff; s->name |= val << 24; break;
1674

    
1675
#ifdef DEBUG_LSI_REG
1676
    DPRINTF("Write reg %x = %02x\n", offset, val);
1677
#endif
1678
    switch (offset) {
1679
    case 0x00: /* SCNTL0 */
1680
        s->scntl0 = val;
1681
        if (val & LSI_SCNTL0_START) {
1682
            BADF("Start sequence not implemented\n");
1683
        }
1684
        break;
1685
    case 0x01: /* SCNTL1 */
1686
        s->scntl1 = val & ~LSI_SCNTL1_SST;
1687
        if (val & LSI_SCNTL1_IARB) {
1688
            BADF("Immediate Arbritration not implemented\n");
1689
        }
1690
        if (val & LSI_SCNTL1_RST) {
1691
            if (!(s->sstat0 & LSI_SSTAT0_RST)) {
1692
                DeviceState *dev;
1693
                int id;
1694

    
1695
                for (id = 0; id < s->bus.ndev; id++) {
1696
                    if (s->bus.devs[id]) {
1697
                        dev = &s->bus.devs[id]->qdev;
1698
                        dev->info->reset(dev);
1699
                    }
1700
                }
1701
                s->sstat0 |= LSI_SSTAT0_RST;
1702
                lsi_script_scsi_interrupt(s, LSI_SIST0_RST, 0);
1703
            }
1704
        } else {
1705
            s->sstat0 &= ~LSI_SSTAT0_RST;
1706
        }
1707
        break;
1708
    case 0x02: /* SCNTL2 */
1709
        val &= ~(LSI_SCNTL2_WSR | LSI_SCNTL2_WSS);
1710
        s->scntl2 = val;
1711
        break;
1712
    case 0x03: /* SCNTL3 */
1713
        s->scntl3 = val;
1714
        break;
1715
    case 0x04: /* SCID */
1716
        s->scid = val;
1717
        break;
1718
    case 0x05: /* SXFER */
1719
        s->sxfer = val;
1720
        break;
1721
    case 0x06: /* SDID */
1722
        if ((val & 0xf) != (s->ssid & 0xf))
1723
            BADF("Destination ID does not match SSID\n");
1724
        s->sdid = val & 0xf;
1725
        break;
1726
    case 0x07: /* GPREG0 */
1727
        break;
1728
    case 0x08: /* SFBR */
1729
        /* The CPU is not allowed to write to this register.  However the
1730
           SCRIPTS register move instructions are.  */
1731
        s->sfbr = val;
1732
        break;
1733
    case 0x0a: case 0x0b:
1734
        /* Openserver writes to these readonly registers on startup */
1735
        return;
1736
    case 0x0c: case 0x0d: case 0x0e: case 0x0f:
1737
        /* Linux writes to these readonly registers on startup.  */
1738
        return;
1739
    CASE_SET_REG32(dsa, 0x10)
1740
    case 0x14: /* ISTAT0 */
1741
        s->istat0 = (s->istat0 & 0x0f) | (val & 0xf0);
1742
        if (val & LSI_ISTAT0_ABRT) {
1743
            lsi_script_dma_interrupt(s, LSI_DSTAT_ABRT);
1744
        }
1745
        if (val & LSI_ISTAT0_INTF) {
1746
            s->istat0 &= ~LSI_ISTAT0_INTF;
1747
            lsi_update_irq(s);
1748
        }
1749
        if (s->waiting == 1 && val & LSI_ISTAT0_SIGP) {
1750
            DPRINTF("Woken by SIGP\n");
1751
            s->waiting = 0;
1752
            s->dsp = s->dnad;
1753
            lsi_execute_script(s);
1754
        }
1755
        if (val & LSI_ISTAT0_SRST) {
1756
            lsi_soft_reset(s);
1757
        }
1758
        break;
1759
    case 0x16: /* MBOX0 */
1760
        s->mbox0 = val;
1761
        break;
1762
    case 0x17: /* MBOX1 */
1763
        s->mbox1 = val;
1764
        break;
1765
    case 0x1a: /* CTEST2 */
1766
        s->ctest2 = val & LSI_CTEST2_PCICIE;
1767
        break;
1768
    case 0x1b: /* CTEST3 */
1769
        s->ctest3 = val & 0x0f;
1770
        break;
1771
    CASE_SET_REG32(temp, 0x1c)
1772
    case 0x21: /* CTEST4 */
1773
        if (val & 7) {
1774
           BADF("Unimplemented CTEST4-FBL 0x%x\n", val);
1775
        }
1776
        s->ctest4 = val;
1777
        break;
1778
    case 0x22: /* CTEST5 */
1779
        if (val & (LSI_CTEST5_ADCK | LSI_CTEST5_BBCK)) {
1780
            BADF("CTEST5 DMA increment not implemented\n");
1781
        }
1782
        s->ctest5 = val;
1783
        break;
1784
    CASE_SET_REG24(dbc, 0x24)
1785
    CASE_SET_REG32(dnad, 0x28)
1786
    case 0x2c: /* DSP[0:7] */
1787
        s->dsp &= 0xffffff00;
1788
        s->dsp |= val;
1789
        break;
1790
    case 0x2d: /* DSP[8:15] */
1791
        s->dsp &= 0xffff00ff;
1792
        s->dsp |= val << 8;
1793
        break;
1794
    case 0x2e: /* DSP[16:23] */
1795
        s->dsp &= 0xff00ffff;
1796
        s->dsp |= val << 16;
1797
        break;
1798
    case 0x2f: /* DSP[24:31] */
1799
        s->dsp &= 0x00ffffff;
1800
        s->dsp |= val << 24;
1801
        if ((s->dmode & LSI_DMODE_MAN) == 0
1802
            && (s->istat1 & LSI_ISTAT1_SRUN) == 0)
1803
            lsi_execute_script(s);
1804
        break;
1805
    CASE_SET_REG32(dsps, 0x30)
1806
    CASE_SET_REG32(scratch[0], 0x34)
1807
    case 0x38: /* DMODE */
1808
        if (val & (LSI_DMODE_SIOM | LSI_DMODE_DIOM)) {
1809
            BADF("IO mappings not implemented\n");
1810
        }
1811
        s->dmode = val;
1812
        break;
1813
    case 0x39: /* DIEN */
1814
        s->dien = val;
1815
        lsi_update_irq(s);
1816
        break;
1817
    case 0x3a: /* SBR */
1818
        s->sbr = val;
1819
        break;
1820
    case 0x3b: /* DCNTL */
1821
        s->dcntl = val & ~(LSI_DCNTL_PFF | LSI_DCNTL_STD);
1822
        if ((val & LSI_DCNTL_STD) && (s->istat1 & LSI_ISTAT1_SRUN) == 0)
1823
            lsi_execute_script(s);
1824
        break;
1825
    case 0x40: /* SIEN0 */
1826
        s->sien0 = val;
1827
        lsi_update_irq(s);
1828
        break;
1829
    case 0x41: /* SIEN1 */
1830
        s->sien1 = val;
1831
        lsi_update_irq(s);
1832
        break;
1833
    case 0x47: /* GPCNTL0 */
1834
        break;
1835
    case 0x48: /* STIME0 */
1836
        s->stime0 = val;
1837
        break;
1838
    case 0x49: /* STIME1 */
1839
        if (val & 0xf) {
1840
            DPRINTF("General purpose timer not implemented\n");
1841
            /* ??? Raising the interrupt immediately seems to be sufficient
1842
               to keep the FreeBSD driver happy.  */
1843
            lsi_script_scsi_interrupt(s, 0, LSI_SIST1_GEN);
1844
        }
1845
        break;
1846
    case 0x4a: /* RESPID0 */
1847
        s->respid0 = val;
1848
        break;
1849
    case 0x4b: /* RESPID1 */
1850
        s->respid1 = val;
1851
        break;
1852
    case 0x4d: /* STEST1 */
1853
        s->stest1 = val;
1854
        break;
1855
    case 0x4e: /* STEST2 */
1856
        if (val & 1) {
1857
            BADF("Low level mode not implemented\n");
1858
        }
1859
        s->stest2 = val;
1860
        break;
1861
    case 0x4f: /* STEST3 */
1862
        if (val & 0x41) {
1863
            BADF("SCSI FIFO test mode not implemented\n");
1864
        }
1865
        s->stest3 = val;
1866
        break;
1867
    case 0x56: /* CCNTL0 */
1868
        s->ccntl0 = val;
1869
        break;
1870
    case 0x57: /* CCNTL1 */
1871
        s->ccntl1 = val;
1872
        break;
1873
    CASE_SET_REG32(mmrs, 0xa0)
1874
    CASE_SET_REG32(mmws, 0xa4)
1875
    CASE_SET_REG32(sfs, 0xa8)
1876
    CASE_SET_REG32(drs, 0xac)
1877
    CASE_SET_REG32(sbms, 0xb0)
1878
    CASE_SET_REG32(dbms, 0xb4)
1879
    CASE_SET_REG32(dnad64, 0xb8)
1880
    CASE_SET_REG32(pmjad1, 0xc0)
1881
    CASE_SET_REG32(pmjad2, 0xc4)
1882
    CASE_SET_REG32(rbc, 0xc8)
1883
    CASE_SET_REG32(ua, 0xcc)
1884
    CASE_SET_REG32(ia, 0xd4)
1885
    CASE_SET_REG32(sbc, 0xd8)
1886
    CASE_SET_REG32(csbc, 0xdc)
1887
    default:
1888
        if (offset >= 0x5c && offset < 0xa0) {
1889
            int n;
1890
            int shift;
1891
            n = (offset - 0x58) >> 2;
1892
            shift = (offset & 3) * 8;
1893
            s->scratch[n] &= ~(0xff << shift);
1894
            s->scratch[n] |= (val & 0xff) << shift;
1895
        } else {
1896
            BADF("Unhandled writeb 0x%x = 0x%x\n", offset, val);
1897
        }
1898
    }
1899
#undef CASE_SET_REG24
1900
#undef CASE_SET_REG32
1901
}
1902

    
1903
static void lsi_mmio_writeb(void *opaque, target_phys_addr_t addr, uint32_t val)
1904
{
1905
    LSIState *s = opaque;
1906

    
1907
    lsi_reg_writeb(s, addr & 0xff, val);
1908
}
1909

    
1910
static void lsi_mmio_writew(void *opaque, target_phys_addr_t addr, uint32_t val)
1911
{
1912
    LSIState *s = opaque;
1913

    
1914
    addr &= 0xff;
1915
    lsi_reg_writeb(s, addr, val & 0xff);
1916
    lsi_reg_writeb(s, addr + 1, (val >> 8) & 0xff);
1917
}
1918

    
1919
static void lsi_mmio_writel(void *opaque, target_phys_addr_t addr, uint32_t val)
1920
{
1921
    LSIState *s = opaque;
1922

    
1923
    addr &= 0xff;
1924
    lsi_reg_writeb(s, addr, val & 0xff);
1925
    lsi_reg_writeb(s, addr + 1, (val >> 8) & 0xff);
1926
    lsi_reg_writeb(s, addr + 2, (val >> 16) & 0xff);
1927
    lsi_reg_writeb(s, addr + 3, (val >> 24) & 0xff);
1928
}
1929

    
1930
static uint32_t lsi_mmio_readb(void *opaque, target_phys_addr_t addr)
1931
{
1932
    LSIState *s = opaque;
1933

    
1934
    return lsi_reg_readb(s, addr & 0xff);
1935
}
1936

    
1937
static uint32_t lsi_mmio_readw(void *opaque, target_phys_addr_t addr)
1938
{
1939
    LSIState *s = opaque;
1940
    uint32_t val;
1941

    
1942
    addr &= 0xff;
1943
    val = lsi_reg_readb(s, addr);
1944
    val |= lsi_reg_readb(s, addr + 1) << 8;
1945
    return val;
1946
}
1947

    
1948
static uint32_t lsi_mmio_readl(void *opaque, target_phys_addr_t addr)
1949
{
1950
    LSIState *s = opaque;
1951
    uint32_t val;
1952
    addr &= 0xff;
1953
    val = lsi_reg_readb(s, addr);
1954
    val |= lsi_reg_readb(s, addr + 1) << 8;
1955
    val |= lsi_reg_readb(s, addr + 2) << 16;
1956
    val |= lsi_reg_readb(s, addr + 3) << 24;
1957
    return val;
1958
}
1959

    
1960
static CPUReadMemoryFunc * const lsi_mmio_readfn[3] = {
1961
    lsi_mmio_readb,
1962
    lsi_mmio_readw,
1963
    lsi_mmio_readl,
1964
};
1965

    
1966
static CPUWriteMemoryFunc * const lsi_mmio_writefn[3] = {
1967
    lsi_mmio_writeb,
1968
    lsi_mmio_writew,
1969
    lsi_mmio_writel,
1970
};
1971

    
1972
static void lsi_ram_writeb(void *opaque, target_phys_addr_t addr, uint32_t val)
1973
{
1974
    LSIState *s = opaque;
1975
    uint32_t newval;
1976
    int shift;
1977

    
1978
    addr &= 0x1fff;
1979
    newval = s->script_ram[addr >> 2];
1980
    shift = (addr & 3) * 8;
1981
    newval &= ~(0xff << shift);
1982
    newval |= val << shift;
1983
    s->script_ram[addr >> 2] = newval;
1984
}
1985

    
1986
static void lsi_ram_writew(void *opaque, target_phys_addr_t addr, uint32_t val)
1987
{
1988
    LSIState *s = opaque;
1989
    uint32_t newval;
1990

    
1991
    addr &= 0x1fff;
1992
    newval = s->script_ram[addr >> 2];
1993
    if (addr & 2) {
1994
        newval = (newval & 0xffff) | (val << 16);
1995
    } else {
1996
        newval = (newval & 0xffff0000) | val;
1997
    }
1998
    s->script_ram[addr >> 2] = newval;
1999
}
2000

    
2001

    
2002
static void lsi_ram_writel(void *opaque, target_phys_addr_t addr, uint32_t val)
2003
{
2004
    LSIState *s = opaque;
2005

    
2006
    addr &= 0x1fff;
2007
    s->script_ram[addr >> 2] = val;
2008
}
2009

    
2010
static uint32_t lsi_ram_readb(void *opaque, target_phys_addr_t addr)
2011
{
2012
    LSIState *s = opaque;
2013
    uint32_t val;
2014

    
2015
    addr &= 0x1fff;
2016
    val = s->script_ram[addr >> 2];
2017
    val >>= (addr & 3) * 8;
2018
    return val & 0xff;
2019
}
2020

    
2021
static uint32_t lsi_ram_readw(void *opaque, target_phys_addr_t addr)
2022
{
2023
    LSIState *s = opaque;
2024
    uint32_t val;
2025

    
2026
    addr &= 0x1fff;
2027
    val = s->script_ram[addr >> 2];
2028
    if (addr & 2)
2029
        val >>= 16;
2030
    return val;
2031
}
2032

    
2033
static uint32_t lsi_ram_readl(void *opaque, target_phys_addr_t addr)
2034
{
2035
    LSIState *s = opaque;
2036

    
2037
    addr &= 0x1fff;
2038
    return s->script_ram[addr >> 2];
2039
}
2040

    
2041
static CPUReadMemoryFunc * const lsi_ram_readfn[3] = {
2042
    lsi_ram_readb,
2043
    lsi_ram_readw,
2044
    lsi_ram_readl,
2045
};
2046

    
2047
static CPUWriteMemoryFunc * const lsi_ram_writefn[3] = {
2048
    lsi_ram_writeb,
2049
    lsi_ram_writew,
2050
    lsi_ram_writel,
2051
};
2052

    
2053
static uint32_t lsi_io_readb(void *opaque, uint32_t addr)
2054
{
2055
    LSIState *s = opaque;
2056
    return lsi_reg_readb(s, addr & 0xff);
2057
}
2058

    
2059
static uint32_t lsi_io_readw(void *opaque, uint32_t addr)
2060
{
2061
    LSIState *s = opaque;
2062
    uint32_t val;
2063
    addr &= 0xff;
2064
    val = lsi_reg_readb(s, addr);
2065
    val |= lsi_reg_readb(s, addr + 1) << 8;
2066
    return val;
2067
}
2068

    
2069
static uint32_t lsi_io_readl(void *opaque, uint32_t addr)
2070
{
2071
    LSIState *s = opaque;
2072
    uint32_t val;
2073
    addr &= 0xff;
2074
    val = lsi_reg_readb(s, addr);
2075
    val |= lsi_reg_readb(s, addr + 1) << 8;
2076
    val |= lsi_reg_readb(s, addr + 2) << 16;
2077
    val |= lsi_reg_readb(s, addr + 3) << 24;
2078
    return val;
2079
}
2080

    
2081
static void lsi_io_writeb(void *opaque, uint32_t addr, uint32_t val)
2082
{
2083
    LSIState *s = opaque;
2084
    lsi_reg_writeb(s, addr & 0xff, val);
2085
}
2086

    
2087
static void lsi_io_writew(void *opaque, uint32_t addr, uint32_t val)
2088
{
2089
    LSIState *s = opaque;
2090
    addr &= 0xff;
2091
    lsi_reg_writeb(s, addr, val & 0xff);
2092
    lsi_reg_writeb(s, addr + 1, (val >> 8) & 0xff);
2093
}
2094

    
2095
static void lsi_io_writel(void *opaque, uint32_t addr, uint32_t val)
2096
{
2097
    LSIState *s = opaque;
2098
    addr &= 0xff;
2099
    lsi_reg_writeb(s, addr, val & 0xff);
2100
    lsi_reg_writeb(s, addr + 1, (val >> 8) & 0xff);
2101
    lsi_reg_writeb(s, addr + 2, (val >> 16) & 0xff);
2102
    lsi_reg_writeb(s, addr + 3, (val >> 24) & 0xff);
2103
}
2104

    
2105
static void lsi_io_mapfunc(PCIDevice *pci_dev, int region_num,
2106
                           pcibus_t addr, pcibus_t size, int type)
2107
{
2108
    LSIState *s = DO_UPCAST(LSIState, dev, pci_dev);
2109

    
2110
    DPRINTF("Mapping IO at %08"FMT_PCIBUS"\n", addr);
2111

    
2112
    register_ioport_write(addr, 256, 1, lsi_io_writeb, s);
2113
    register_ioport_read(addr, 256, 1, lsi_io_readb, s);
2114
    register_ioport_write(addr, 256, 2, lsi_io_writew, s);
2115
    register_ioport_read(addr, 256, 2, lsi_io_readw, s);
2116
    register_ioport_write(addr, 256, 4, lsi_io_writel, s);
2117
    register_ioport_read(addr, 256, 4, lsi_io_readl, s);
2118
}
2119

    
2120
static void lsi_ram_mapfunc(PCIDevice *pci_dev, int region_num,
2121
                            pcibus_t addr, pcibus_t size, int type)
2122
{
2123
    LSIState *s = DO_UPCAST(LSIState, dev, pci_dev);
2124

    
2125
    DPRINTF("Mapping ram at %08"FMT_PCIBUS"\n", addr);
2126
    s->script_ram_base = addr;
2127
    cpu_register_physical_memory(addr + 0, 0x2000, s->ram_io_addr);
2128
}
2129

    
2130
static void lsi_scsi_reset(DeviceState *dev)
2131
{
2132
    LSIState *s = DO_UPCAST(LSIState, dev.qdev, dev);
2133

    
2134
    lsi_soft_reset(s);
2135
}
2136

    
2137
static void lsi_pre_save(void *opaque)
2138
{
2139
    LSIState *s = opaque;
2140

    
2141
    if (s->current) {
2142
        assert(s->current->dma_buf == NULL);
2143
        assert(s->current->dma_len == 0);
2144
    }
2145
    assert(QTAILQ_EMPTY(&s->queue));
2146
}
2147

    
2148
static const VMStateDescription vmstate_lsi_scsi = {
2149
    .name = "lsiscsi",
2150
    .version_id = 0,
2151
    .minimum_version_id = 0,
2152
    .minimum_version_id_old = 0,
2153
    .pre_save = lsi_pre_save,
2154
    .fields      = (VMStateField []) {
2155
        VMSTATE_PCI_DEVICE(dev, LSIState),
2156

    
2157
        VMSTATE_INT32(carry, LSIState),
2158
        VMSTATE_INT32(status, LSIState),
2159
        VMSTATE_INT32(msg_action, LSIState),
2160
        VMSTATE_INT32(msg_len, LSIState),
2161
        VMSTATE_BUFFER(msg, LSIState),
2162
        VMSTATE_INT32(waiting, LSIState),
2163

    
2164
        VMSTATE_UINT32(dsa, LSIState),
2165
        VMSTATE_UINT32(temp, LSIState),
2166
        VMSTATE_UINT32(dnad, LSIState),
2167
        VMSTATE_UINT32(dbc, LSIState),
2168
        VMSTATE_UINT8(istat0, LSIState),
2169
        VMSTATE_UINT8(istat1, LSIState),
2170
        VMSTATE_UINT8(dcmd, LSIState),
2171
        VMSTATE_UINT8(dstat, LSIState),
2172
        VMSTATE_UINT8(dien, LSIState),
2173
        VMSTATE_UINT8(sist0, LSIState),
2174
        VMSTATE_UINT8(sist1, LSIState),
2175
        VMSTATE_UINT8(sien0, LSIState),
2176
        VMSTATE_UINT8(sien1, LSIState),
2177
        VMSTATE_UINT8(mbox0, LSIState),
2178
        VMSTATE_UINT8(mbox1, LSIState),
2179
        VMSTATE_UINT8(dfifo, LSIState),
2180
        VMSTATE_UINT8(ctest2, LSIState),
2181
        VMSTATE_UINT8(ctest3, LSIState),
2182
        VMSTATE_UINT8(ctest4, LSIState),
2183
        VMSTATE_UINT8(ctest5, LSIState),
2184
        VMSTATE_UINT8(ccntl0, LSIState),
2185
        VMSTATE_UINT8(ccntl1, LSIState),
2186
        VMSTATE_UINT32(dsp, LSIState),
2187
        VMSTATE_UINT32(dsps, LSIState),
2188
        VMSTATE_UINT8(dmode, LSIState),
2189
        VMSTATE_UINT8(dcntl, LSIState),
2190
        VMSTATE_UINT8(scntl0, LSIState),
2191
        VMSTATE_UINT8(scntl1, LSIState),
2192
        VMSTATE_UINT8(scntl2, LSIState),
2193
        VMSTATE_UINT8(scntl3, LSIState),
2194
        VMSTATE_UINT8(sstat0, LSIState),
2195
        VMSTATE_UINT8(sstat1, LSIState),
2196
        VMSTATE_UINT8(scid, LSIState),
2197
        VMSTATE_UINT8(sxfer, LSIState),
2198
        VMSTATE_UINT8(socl, LSIState),
2199
        VMSTATE_UINT8(sdid, LSIState),
2200
        VMSTATE_UINT8(ssid, LSIState),
2201
        VMSTATE_UINT8(sfbr, LSIState),
2202
        VMSTATE_UINT8(stest1, LSIState),
2203
        VMSTATE_UINT8(stest2, LSIState),
2204
        VMSTATE_UINT8(stest3, LSIState),
2205
        VMSTATE_UINT8(sidl, LSIState),
2206
        VMSTATE_UINT8(stime0, LSIState),
2207
        VMSTATE_UINT8(respid0, LSIState),
2208
        VMSTATE_UINT8(respid1, LSIState),
2209
        VMSTATE_UINT32(mmrs, LSIState),
2210
        VMSTATE_UINT32(mmws, LSIState),
2211
        VMSTATE_UINT32(sfs, LSIState),
2212
        VMSTATE_UINT32(drs, LSIState),
2213
        VMSTATE_UINT32(sbms, LSIState),
2214
        VMSTATE_UINT32(dbms, LSIState),
2215
        VMSTATE_UINT32(dnad64, LSIState),
2216
        VMSTATE_UINT32(pmjad1, LSIState),
2217
        VMSTATE_UINT32(pmjad2, LSIState),
2218
        VMSTATE_UINT32(rbc, LSIState),
2219
        VMSTATE_UINT32(ua, LSIState),
2220
        VMSTATE_UINT32(ia, LSIState),
2221
        VMSTATE_UINT32(sbc, LSIState),
2222
        VMSTATE_UINT32(csbc, LSIState),
2223
        VMSTATE_BUFFER_UNSAFE(scratch, LSIState, 0, 18 * sizeof(uint32_t)),
2224
        VMSTATE_UINT8(sbr, LSIState),
2225

    
2226
        VMSTATE_BUFFER_UNSAFE(script_ram, LSIState, 0, 2048 * sizeof(uint32_t)),
2227
        VMSTATE_END_OF_LIST()
2228
    }
2229
};
2230

    
2231
static int lsi_scsi_uninit(PCIDevice *d)
2232
{
2233
    LSIState *s = DO_UPCAST(LSIState, dev, d);
2234

    
2235
    cpu_unregister_io_memory(s->mmio_io_addr);
2236
    cpu_unregister_io_memory(s->ram_io_addr);
2237

    
2238
    return 0;
2239
}
2240

    
2241
static const struct SCSIBusOps lsi_scsi_ops = {
2242
    .complete = lsi_command_complete,
2243
    .cancel = lsi_request_cancelled
2244
};
2245

    
2246
static int lsi_scsi_init(PCIDevice *dev)
2247
{
2248
    LSIState *s = DO_UPCAST(LSIState, dev, dev);
2249
    uint8_t *pci_conf;
2250

    
2251
    pci_conf = s->dev.config;
2252

    
2253
    /* PCI Vendor ID (word) */
2254
    pci_config_set_vendor_id(pci_conf, PCI_VENDOR_ID_LSI_LOGIC);
2255
    /* PCI device ID (word) */
2256
    pci_config_set_device_id(pci_conf, PCI_DEVICE_ID_LSI_53C895A);
2257
    /* PCI base class code */
2258
    pci_config_set_class(pci_conf, PCI_CLASS_STORAGE_SCSI);
2259
    /* PCI subsystem ID */
2260
    pci_conf[PCI_SUBSYSTEM_ID] = 0x00;
2261
    pci_conf[PCI_SUBSYSTEM_ID + 1] = 0x10;
2262
    /* PCI latency timer = 255 */
2263
    pci_conf[PCI_LATENCY_TIMER] = 0xff;
2264
    /* TODO: RST# value should be 0 */
2265
    /* Interrupt pin 1 */
2266
    pci_conf[PCI_INTERRUPT_PIN] = 0x01;
2267

    
2268
    s->mmio_io_addr = cpu_register_io_memory(lsi_mmio_readfn,
2269
                                             lsi_mmio_writefn, s,
2270
                                             DEVICE_NATIVE_ENDIAN);
2271
    s->ram_io_addr = cpu_register_io_memory(lsi_ram_readfn,
2272
                                            lsi_ram_writefn, s,
2273
                                            DEVICE_NATIVE_ENDIAN);
2274

    
2275
    pci_register_bar(&s->dev, 0, 256,
2276
                           PCI_BASE_ADDRESS_SPACE_IO, lsi_io_mapfunc);
2277
    pci_register_bar_simple(&s->dev, 1, 0x400, 0, s->mmio_io_addr);
2278
    pci_register_bar(&s->dev, 2, 0x2000,
2279
                           PCI_BASE_ADDRESS_SPACE_MEMORY, lsi_ram_mapfunc);
2280
    QTAILQ_INIT(&s->queue);
2281

    
2282
    scsi_bus_new(&s->bus, &dev->qdev, 1, LSI_MAX_DEVS, &lsi_scsi_ops);
2283
    if (!dev->qdev.hotplugged) {
2284
        return scsi_bus_legacy_handle_cmdline(&s->bus);
2285
    }
2286
    return 0;
2287
}
2288

    
2289
static PCIDeviceInfo lsi_info = {
2290
    .qdev.name  = "lsi53c895a",
2291
    .qdev.alias = "lsi",
2292
    .qdev.size  = sizeof(LSIState),
2293
    .qdev.reset = lsi_scsi_reset,
2294
    .qdev.vmsd  = &vmstate_lsi_scsi,
2295
    .init       = lsi_scsi_init,
2296
    .exit       = lsi_scsi_uninit,
2297
};
2298

    
2299
static void lsi53c895a_register_devices(void)
2300
{
2301
    pci_qdev_register(&lsi_info);
2302
}
2303

    
2304
device_init(lsi53c895a_register_devices);