Statistics
| Branch: | Revision:

root / hw / lsi53c895a.c @ fc4f0754

History | View | Annotate | Download (65.6 kB)

1
/*
2
 * QEMU LSI53C895A SCSI Host Bus Adapter emulation
3
 *
4
 * Copyright (c) 2006 CodeSourcery.
5
 * Written by Paul Brook
6
 *
7
 * This code is licenced under the LGPL.
8
 */
9

    
10
/* ??? Need to check if the {read,write}[wl] routines work properly on
11
   big-endian targets.  */
12

    
13
#include <assert.h>
14

    
15
#include "hw.h"
16
#include "pci.h"
17
#include "scsi.h"
18
#include "block_int.h"
19

    
20
//#define DEBUG_LSI
21
//#define DEBUG_LSI_REG
22

    
23
#ifdef DEBUG_LSI
24
#define DPRINTF(fmt, ...) \
25
do { printf("lsi_scsi: " fmt , ## __VA_ARGS__); } while (0)
26
#define BADF(fmt, ...) \
27
do { fprintf(stderr, "lsi_scsi: error: " fmt , ## __VA_ARGS__); exit(1);} while (0)
28
#else
29
#define DPRINTF(fmt, ...) do {} while(0)
30
#define BADF(fmt, ...) \
31
do { fprintf(stderr, "lsi_scsi: error: " fmt , ## __VA_ARGS__);} while (0)
32
#endif
33

    
34
#define LSI_MAX_DEVS 7
35

    
36
#define LSI_SCNTL0_TRG    0x01
37
#define LSI_SCNTL0_AAP    0x02
38
#define LSI_SCNTL0_EPC    0x08
39
#define LSI_SCNTL0_WATN   0x10
40
#define LSI_SCNTL0_START  0x20
41

    
42
#define LSI_SCNTL1_SST    0x01
43
#define LSI_SCNTL1_IARB   0x02
44
#define LSI_SCNTL1_AESP   0x04
45
#define LSI_SCNTL1_RST    0x08
46
#define LSI_SCNTL1_CON    0x10
47
#define LSI_SCNTL1_DHP    0x20
48
#define LSI_SCNTL1_ADB    0x40
49
#define LSI_SCNTL1_EXC    0x80
50

    
51
#define LSI_SCNTL2_WSR    0x01
52
#define LSI_SCNTL2_VUE0   0x02
53
#define LSI_SCNTL2_VUE1   0x04
54
#define LSI_SCNTL2_WSS    0x08
55
#define LSI_SCNTL2_SLPHBEN 0x10
56
#define LSI_SCNTL2_SLPMD  0x20
57
#define LSI_SCNTL2_CHM    0x40
58
#define LSI_SCNTL2_SDU    0x80
59

    
60
#define LSI_ISTAT0_DIP    0x01
61
#define LSI_ISTAT0_SIP    0x02
62
#define LSI_ISTAT0_INTF   0x04
63
#define LSI_ISTAT0_CON    0x08
64
#define LSI_ISTAT0_SEM    0x10
65
#define LSI_ISTAT0_SIGP   0x20
66
#define LSI_ISTAT0_SRST   0x40
67
#define LSI_ISTAT0_ABRT   0x80
68

    
69
#define LSI_ISTAT1_SI     0x01
70
#define LSI_ISTAT1_SRUN   0x02
71
#define LSI_ISTAT1_FLSH   0x04
72

    
73
#define LSI_SSTAT0_SDP0   0x01
74
#define LSI_SSTAT0_RST    0x02
75
#define LSI_SSTAT0_WOA    0x04
76
#define LSI_SSTAT0_LOA    0x08
77
#define LSI_SSTAT0_AIP    0x10
78
#define LSI_SSTAT0_OLF    0x20
79
#define LSI_SSTAT0_ORF    0x40
80
#define LSI_SSTAT0_ILF    0x80
81

    
82
#define LSI_SIST0_PAR     0x01
83
#define LSI_SIST0_RST     0x02
84
#define LSI_SIST0_UDC     0x04
85
#define LSI_SIST0_SGE     0x08
86
#define LSI_SIST0_RSL     0x10
87
#define LSI_SIST0_SEL     0x20
88
#define LSI_SIST0_CMP     0x40
89
#define LSI_SIST0_MA      0x80
90

    
91
#define LSI_SIST1_HTH     0x01
92
#define LSI_SIST1_GEN     0x02
93
#define LSI_SIST1_STO     0x04
94
#define LSI_SIST1_SBMC    0x10
95

    
96
#define LSI_SOCL_IO       0x01
97
#define LSI_SOCL_CD       0x02
98
#define LSI_SOCL_MSG      0x04
99
#define LSI_SOCL_ATN      0x08
100
#define LSI_SOCL_SEL      0x10
101
#define LSI_SOCL_BSY      0x20
102
#define LSI_SOCL_ACK      0x40
103
#define LSI_SOCL_REQ      0x80
104

    
105
#define LSI_DSTAT_IID     0x01
106
#define LSI_DSTAT_SIR     0x04
107
#define LSI_DSTAT_SSI     0x08
108
#define LSI_DSTAT_ABRT    0x10
109
#define LSI_DSTAT_BF      0x20
110
#define LSI_DSTAT_MDPE    0x40
111
#define LSI_DSTAT_DFE     0x80
112

    
113
#define LSI_DCNTL_COM     0x01
114
#define LSI_DCNTL_IRQD    0x02
115
#define LSI_DCNTL_STD     0x04
116
#define LSI_DCNTL_IRQM    0x08
117
#define LSI_DCNTL_SSM     0x10
118
#define LSI_DCNTL_PFEN    0x20
119
#define LSI_DCNTL_PFF     0x40
120
#define LSI_DCNTL_CLSE    0x80
121

    
122
#define LSI_DMODE_MAN     0x01
123
#define LSI_DMODE_BOF     0x02
124
#define LSI_DMODE_ERMP    0x04
125
#define LSI_DMODE_ERL     0x08
126
#define LSI_DMODE_DIOM    0x10
127
#define LSI_DMODE_SIOM    0x20
128

    
129
#define LSI_CTEST2_DACK   0x01
130
#define LSI_CTEST2_DREQ   0x02
131
#define LSI_CTEST2_TEOP   0x04
132
#define LSI_CTEST2_PCICIE 0x08
133
#define LSI_CTEST2_CM     0x10
134
#define LSI_CTEST2_CIO    0x20
135
#define LSI_CTEST2_SIGP   0x40
136
#define LSI_CTEST2_DDIR   0x80
137

    
138
#define LSI_CTEST5_BL2    0x04
139
#define LSI_CTEST5_DDIR   0x08
140
#define LSI_CTEST5_MASR   0x10
141
#define LSI_CTEST5_DFSN   0x20
142
#define LSI_CTEST5_BBCK   0x40
143
#define LSI_CTEST5_ADCK   0x80
144

    
145
#define LSI_CCNTL0_DILS   0x01
146
#define LSI_CCNTL0_DISFC  0x10
147
#define LSI_CCNTL0_ENNDJ  0x20
148
#define LSI_CCNTL0_PMJCTL 0x40
149
#define LSI_CCNTL0_ENPMJ  0x80
150

    
151
#define LSI_CCNTL1_EN64DBMV  0x01
152
#define LSI_CCNTL1_EN64TIBMV 0x02
153
#define LSI_CCNTL1_64TIMOD   0x04
154
#define LSI_CCNTL1_DDAC      0x08
155
#define LSI_CCNTL1_ZMOD      0x80
156

    
157
/* Enable Response to Reselection */
158
#define LSI_SCID_RRE      0x60
159

    
160
#define LSI_CCNTL1_40BIT (LSI_CCNTL1_EN64TIBMV|LSI_CCNTL1_64TIMOD)
161

    
162
#define PHASE_DO          0
163
#define PHASE_DI          1
164
#define PHASE_CMD         2
165
#define PHASE_ST          3
166
#define PHASE_MO          6
167
#define PHASE_MI          7
168
#define PHASE_MASK        7
169

    
170
/* Maximum length of MSG IN data.  */
171
#define LSI_MAX_MSGIN_LEN 8
172

    
173
/* Flag set if this is a tagged command.  */
174
#define LSI_TAG_VALID     (1 << 16)
175

    
176
typedef struct lsi_request {
177
    SCSIRequest *req;
178
    uint32_t tag;
179
    uint32_t dma_len;
180
    uint8_t *dma_buf;
181
    uint32_t pending;
182
    int out;
183
    QTAILQ_ENTRY(lsi_request) next;
184
} lsi_request;
185

    
186
typedef struct {
187
    PCIDevice dev;
188
    int mmio_io_addr;
189
    int ram_io_addr;
190
    uint32_t script_ram_base;
191

    
192
    int carry; /* ??? Should this be an a visible register somewhere?  */
193
    int status;
194
    /* Action to take at the end of a MSG IN phase.
195
       0 = COMMAND, 1 = disconnect, 2 = DATA OUT, 3 = DATA IN.  */
196
    int msg_action;
197
    int msg_len;
198
    uint8_t msg[LSI_MAX_MSGIN_LEN];
199
    /* 0 if SCRIPTS are running or stopped.
200
     * 1 if a Wait Reselect instruction has been issued.
201
     * 2 if processing DMA from lsi_execute_script.
202
     * 3 if a DMA operation is in progress.  */
203
    int waiting;
204
    SCSIBus bus;
205
    int current_lun;
206
    /* The tag is a combination of the device ID and the SCSI tag.  */
207
    uint32_t select_tag;
208
    int command_complete;
209
    QTAILQ_HEAD(, lsi_request) queue;
210
    lsi_request *current;
211

    
212
    uint32_t dsa;
213
    uint32_t temp;
214
    uint32_t dnad;
215
    uint32_t dbc;
216
    uint8_t istat0;
217
    uint8_t istat1;
218
    uint8_t dcmd;
219
    uint8_t dstat;
220
    uint8_t dien;
221
    uint8_t sist0;
222
    uint8_t sist1;
223
    uint8_t sien0;
224
    uint8_t sien1;
225
    uint8_t mbox0;
226
    uint8_t mbox1;
227
    uint8_t dfifo;
228
    uint8_t ctest2;
229
    uint8_t ctest3;
230
    uint8_t ctest4;
231
    uint8_t ctest5;
232
    uint8_t ccntl0;
233
    uint8_t ccntl1;
234
    uint32_t dsp;
235
    uint32_t dsps;
236
    uint8_t dmode;
237
    uint8_t dcntl;
238
    uint8_t scntl0;
239
    uint8_t scntl1;
240
    uint8_t scntl2;
241
    uint8_t scntl3;
242
    uint8_t sstat0;
243
    uint8_t sstat1;
244
    uint8_t scid;
245
    uint8_t sxfer;
246
    uint8_t socl;
247
    uint8_t sdid;
248
    uint8_t ssid;
249
    uint8_t sfbr;
250
    uint8_t stest1;
251
    uint8_t stest2;
252
    uint8_t stest3;
253
    uint8_t sidl;
254
    uint8_t stime0;
255
    uint8_t respid0;
256
    uint8_t respid1;
257
    uint32_t mmrs;
258
    uint32_t mmws;
259
    uint32_t sfs;
260
    uint32_t drs;
261
    uint32_t sbms;
262
    uint32_t dbms;
263
    uint32_t dnad64;
264
    uint32_t pmjad1;
265
    uint32_t pmjad2;
266
    uint32_t rbc;
267
    uint32_t ua;
268
    uint32_t ia;
269
    uint32_t sbc;
270
    uint32_t csbc;
271
    uint32_t scratch[18]; /* SCRATCHA-SCRATCHR */
272
    uint8_t sbr;
273

    
274
    /* Script ram is stored as 32-bit words in host byteorder.  */
275
    uint32_t script_ram[2048];
276
} LSIState;
277

    
278
static inline int lsi_irq_on_rsl(LSIState *s)
279
{
280
    return (s->sien0 & LSI_SIST0_RSL) && (s->scid & LSI_SCID_RRE);
281
}
282

    
283
static void lsi_soft_reset(LSIState *s)
284
{
285
    lsi_request *p;
286

    
287
    DPRINTF("Reset\n");
288
    s->carry = 0;
289

    
290
    s->msg_action = 0;
291
    s->msg_len = 0;
292
    s->waiting = 0;
293
    s->dsa = 0;
294
    s->dnad = 0;
295
    s->dbc = 0;
296
    s->temp = 0;
297
    memset(s->scratch, 0, sizeof(s->scratch));
298
    s->istat0 = 0;
299
    s->istat1 = 0;
300
    s->dcmd = 0x40;
301
    s->dstat = LSI_DSTAT_DFE;
302
    s->dien = 0;
303
    s->sist0 = 0;
304
    s->sist1 = 0;
305
    s->sien0 = 0;
306
    s->sien1 = 0;
307
    s->mbox0 = 0;
308
    s->mbox1 = 0;
309
    s->dfifo = 0;
310
    s->ctest2 = LSI_CTEST2_DACK;
311
    s->ctest3 = 0;
312
    s->ctest4 = 0;
313
    s->ctest5 = 0;
314
    s->ccntl0 = 0;
315
    s->ccntl1 = 0;
316
    s->dsp = 0;
317
    s->dsps = 0;
318
    s->dmode = 0;
319
    s->dcntl = 0;
320
    s->scntl0 = 0xc0;
321
    s->scntl1 = 0;
322
    s->scntl2 = 0;
323
    s->scntl3 = 0;
324
    s->sstat0 = 0;
325
    s->sstat1 = 0;
326
    s->scid = 7;
327
    s->sxfer = 0;
328
    s->socl = 0;
329
    s->sdid = 0;
330
    s->ssid = 0;
331
    s->stest1 = 0;
332
    s->stest2 = 0;
333
    s->stest3 = 0;
334
    s->sidl = 0;
335
    s->stime0 = 0;
336
    s->respid0 = 0x80;
337
    s->respid1 = 0;
338
    s->mmrs = 0;
339
    s->mmws = 0;
340
    s->sfs = 0;
341
    s->drs = 0;
342
    s->sbms = 0;
343
    s->dbms = 0;
344
    s->dnad64 = 0;
345
    s->pmjad1 = 0;
346
    s->pmjad2 = 0;
347
    s->rbc = 0;
348
    s->ua = 0;
349
    s->ia = 0;
350
    s->sbc = 0;
351
    s->csbc = 0;
352
    s->sbr = 0;
353
    while (!QTAILQ_EMPTY(&s->queue)) {
354
        p = QTAILQ_FIRST(&s->queue);
355
        QTAILQ_REMOVE(&s->queue, p, next);
356
        qemu_free(p);
357
    }
358
    if (s->current) {
359
        qemu_free(s->current);
360
        s->current = NULL;
361
    }
362
}
363

    
364
static int lsi_dma_40bit(LSIState *s)
365
{
366
    if ((s->ccntl1 & LSI_CCNTL1_40BIT) == LSI_CCNTL1_40BIT)
367
        return 1;
368
    return 0;
369
}
370

    
371
static int lsi_dma_ti64bit(LSIState *s)
372
{
373
    if ((s->ccntl1 & LSI_CCNTL1_EN64TIBMV) == LSI_CCNTL1_EN64TIBMV)
374
        return 1;
375
    return 0;
376
}
377

    
378
static int lsi_dma_64bit(LSIState *s)
379
{
380
    if ((s->ccntl1 & LSI_CCNTL1_EN64DBMV) == LSI_CCNTL1_EN64DBMV)
381
        return 1;
382
    return 0;
383
}
384

    
385
static uint8_t lsi_reg_readb(LSIState *s, int offset);
386
static void lsi_reg_writeb(LSIState *s, int offset, uint8_t val);
387
static void lsi_execute_script(LSIState *s);
388
static void lsi_reselect(LSIState *s, lsi_request *p);
389

    
390
static inline uint32_t read_dword(LSIState *s, uint32_t addr)
391
{
392
    uint32_t buf;
393

    
394
    /* Optimize reading from SCRIPTS RAM.  */
395
    if ((addr & 0xffffe000) == s->script_ram_base) {
396
        return s->script_ram[(addr & 0x1fff) >> 2];
397
    }
398
    cpu_physical_memory_read(addr, (uint8_t *)&buf, 4);
399
    return cpu_to_le32(buf);
400
}
401

    
402
static void lsi_stop_script(LSIState *s)
403
{
404
    s->istat1 &= ~LSI_ISTAT1_SRUN;
405
}
406

    
407
static void lsi_update_irq(LSIState *s)
408
{
409
    int level;
410
    static int last_level;
411
    lsi_request *p;
412

    
413
    /* It's unclear whether the DIP/SIP bits should be cleared when the
414
       Interrupt Status Registers are cleared or when istat0 is read.
415
       We currently do the formwer, which seems to work.  */
416
    level = 0;
417
    if (s->dstat) {
418
        if (s->dstat & s->dien)
419
            level = 1;
420
        s->istat0 |= LSI_ISTAT0_DIP;
421
    } else {
422
        s->istat0 &= ~LSI_ISTAT0_DIP;
423
    }
424

    
425
    if (s->sist0 || s->sist1) {
426
        if ((s->sist0 & s->sien0) || (s->sist1 & s->sien1))
427
            level = 1;
428
        s->istat0 |= LSI_ISTAT0_SIP;
429
    } else {
430
        s->istat0 &= ~LSI_ISTAT0_SIP;
431
    }
432
    if (s->istat0 & LSI_ISTAT0_INTF)
433
        level = 1;
434

    
435
    if (level != last_level) {
436
        DPRINTF("Update IRQ level %d dstat %02x sist %02x%02x\n",
437
                level, s->dstat, s->sist1, s->sist0);
438
        last_level = level;
439
    }
440
    qemu_set_irq(s->dev.irq[0], level);
441

    
442
    if (!level && lsi_irq_on_rsl(s) && !(s->scntl1 & LSI_SCNTL1_CON)) {
443
        DPRINTF("Handled IRQs & disconnected, looking for pending "
444
                "processes\n");
445
        QTAILQ_FOREACH(p, &s->queue, next) {
446
            if (p->pending) {
447
                lsi_reselect(s, p);
448
                break;
449
            }
450
        }
451
    }
452
}
453

    
454
/* Stop SCRIPTS execution and raise a SCSI interrupt.  */
455
static void lsi_script_scsi_interrupt(LSIState *s, int stat0, int stat1)
456
{
457
    uint32_t mask0;
458
    uint32_t mask1;
459

    
460
    DPRINTF("SCSI Interrupt 0x%02x%02x prev 0x%02x%02x\n",
461
            stat1, stat0, s->sist1, s->sist0);
462
    s->sist0 |= stat0;
463
    s->sist1 |= stat1;
464
    /* Stop processor on fatal or unmasked interrupt.  As a special hack
465
       we don't stop processing when raising STO.  Instead continue
466
       execution and stop at the next insn that accesses the SCSI bus.  */
467
    mask0 = s->sien0 | ~(LSI_SIST0_CMP | LSI_SIST0_SEL | LSI_SIST0_RSL);
468
    mask1 = s->sien1 | ~(LSI_SIST1_GEN | LSI_SIST1_HTH);
469
    mask1 &= ~LSI_SIST1_STO;
470
    if (s->sist0 & mask0 || s->sist1 & mask1) {
471
        lsi_stop_script(s);
472
    }
473
    lsi_update_irq(s);
474
}
475

    
476
/* Stop SCRIPTS execution and raise a DMA interrupt.  */
477
static void lsi_script_dma_interrupt(LSIState *s, int stat)
478
{
479
    DPRINTF("DMA Interrupt 0x%x prev 0x%x\n", stat, s->dstat);
480
    s->dstat |= stat;
481
    lsi_update_irq(s);
482
    lsi_stop_script(s);
483
}
484

    
485
static inline void lsi_set_phase(LSIState *s, int phase)
486
{
487
    s->sstat1 = (s->sstat1 & ~PHASE_MASK) | phase;
488
}
489

    
490
static void lsi_bad_phase(LSIState *s, int out, int new_phase)
491
{
492
    /* Trigger a phase mismatch.  */
493
    if (s->ccntl0 & LSI_CCNTL0_ENPMJ) {
494
        if ((s->ccntl0 & LSI_CCNTL0_PMJCTL)) {
495
            s->dsp = out ? s->pmjad1 : s->pmjad2;
496
        } else {
497
            s->dsp = (s->scntl2 & LSI_SCNTL2_WSR ? s->pmjad2 : s->pmjad1);
498
        }
499
        DPRINTF("Data phase mismatch jump to %08x\n", s->dsp);
500
    } else {
501
        DPRINTF("Phase mismatch interrupt\n");
502
        lsi_script_scsi_interrupt(s, LSI_SIST0_MA, 0);
503
        lsi_stop_script(s);
504
    }
505
    lsi_set_phase(s, new_phase);
506
}
507

    
508

    
509
/* Resume SCRIPTS execution after a DMA operation.  */
510
static void lsi_resume_script(LSIState *s)
511
{
512
    if (s->waiting != 2) {
513
        s->waiting = 0;
514
        lsi_execute_script(s);
515
    } else {
516
        s->waiting = 0;
517
    }
518
}
519

    
520
static void lsi_disconnect(LSIState *s)
521
{
522
    s->scntl1 &= ~LSI_SCNTL1_CON;
523
    s->sstat1 &= ~PHASE_MASK;
524
}
525

    
526
static void lsi_bad_selection(LSIState *s, uint32_t id)
527
{
528
    DPRINTF("Selected absent target %d\n", id);
529
    lsi_script_scsi_interrupt(s, 0, LSI_SIST1_STO);
530
    lsi_disconnect(s);
531
}
532

    
533
/* Initiate a SCSI layer data transfer.  */
534
static void lsi_do_dma(LSIState *s, int out)
535
{
536
    uint32_t count, id;
537
    target_phys_addr_t addr;
538
    SCSIDevice *dev;
539

    
540
    assert(s->current);
541
    if (!s->current->dma_len) {
542
        /* Wait until data is available.  */
543
        DPRINTF("DMA no data available\n");
544
        return;
545
    }
546

    
547
    id = (s->current->tag >> 8) & 0xf;
548
    dev = s->bus.devs[id];
549
    if (!dev) {
550
        lsi_bad_selection(s, id);
551
        return;
552
    }
553

    
554
    count = s->dbc;
555
    if (count > s->current->dma_len)
556
        count = s->current->dma_len;
557

    
558
    addr = s->dnad;
559
    /* both 40 and Table Indirect 64-bit DMAs store upper bits in dnad64 */
560
    if (lsi_dma_40bit(s) || lsi_dma_ti64bit(s))
561
        addr |= ((uint64_t)s->dnad64 << 32);
562
    else if (s->dbms)
563
        addr |= ((uint64_t)s->dbms << 32);
564
    else if (s->sbms)
565
        addr |= ((uint64_t)s->sbms << 32);
566

    
567
    DPRINTF("DMA addr=0x" TARGET_FMT_plx " len=%d\n", addr, count);
568
    s->csbc += count;
569
    s->dnad += count;
570
    s->dbc -= count;
571
     if (s->current->dma_buf == NULL) {
572
        s->current->dma_buf = dev->info->get_buf(s->current->req);
573
    }
574
    /* ??? Set SFBR to first data byte.  */
575
    if (out) {
576
        cpu_physical_memory_read(addr, s->current->dma_buf, count);
577
    } else {
578
        cpu_physical_memory_write(addr, s->current->dma_buf, count);
579
    }
580
    s->current->dma_len -= count;
581
    if (s->current->dma_len == 0) {
582
        s->current->dma_buf = NULL;
583
        if (out) {
584
            /* Write the data.  */
585
            dev->info->write_data(s->current->req);
586
        } else {
587
            /* Request any remaining data.  */
588
            dev->info->read_data(s->current->req);
589
        }
590
    } else {
591
        s->current->dma_buf += count;
592
        lsi_resume_script(s);
593
    }
594
}
595

    
596

    
597
/* Add a command to the queue.  */
598
static void lsi_queue_command(LSIState *s)
599
{
600
    lsi_request *p = s->current;
601

    
602
    DPRINTF("Queueing tag=0x%x\n", p->tag);
603
    assert(s->current != NULL);
604
    assert(s->current->dma_len == 0);
605
    QTAILQ_INSERT_TAIL(&s->queue, s->current, next);
606
    s->current = NULL;
607

    
608
    p->pending = 0;
609
    p->out = (s->sstat1 & PHASE_MASK) == PHASE_DO;
610
}
611

    
612
/* Queue a byte for a MSG IN phase.  */
613
static void lsi_add_msg_byte(LSIState *s, uint8_t data)
614
{
615
    if (s->msg_len >= LSI_MAX_MSGIN_LEN) {
616
        BADF("MSG IN data too long\n");
617
    } else {
618
        DPRINTF("MSG IN 0x%02x\n", data);
619
        s->msg[s->msg_len++] = data;
620
    }
621
}
622

    
623
/* Perform reselection to continue a command.  */
624
static void lsi_reselect(LSIState *s, lsi_request *p)
625
{
626
    int id;
627

    
628
    assert(s->current == NULL);
629
    QTAILQ_REMOVE(&s->queue, p, next);
630
    s->current = p;
631

    
632
    id = (p->tag >> 8) & 0xf;
633
    s->ssid = id | 0x80;
634
    /* LSI53C700 Family Compatibility, see LSI53C895A 4-73 */
635
    if (!(s->dcntl & LSI_DCNTL_COM)) {
636
        s->sfbr = 1 << (id & 0x7);
637
    }
638
    DPRINTF("Reselected target %d\n", id);
639
    s->scntl1 |= LSI_SCNTL1_CON;
640
    lsi_set_phase(s, PHASE_MI);
641
    s->msg_action = p->out ? 2 : 3;
642
    s->current->dma_len = p->pending;
643
    lsi_add_msg_byte(s, 0x80);
644
    if (s->current->tag & LSI_TAG_VALID) {
645
        lsi_add_msg_byte(s, 0x20);
646
        lsi_add_msg_byte(s, p->tag & 0xff);
647
    }
648

    
649
    if (lsi_irq_on_rsl(s)) {
650
        lsi_script_scsi_interrupt(s, LSI_SIST0_RSL, 0);
651
    }
652
}
653

    
654
static lsi_request *lsi_find_by_tag(LSIState *s, uint32_t tag)
655
{
656
    lsi_request *p;
657

    
658
    QTAILQ_FOREACH(p, &s->queue, next) {
659
        if (p->tag == tag) {
660
            return p;
661
        }
662
    }
663

    
664
    return NULL;
665
}
666

    
667
static void lsi_request_cancelled(SCSIRequest *req)
668
{
669
    LSIState *s = DO_UPCAST(LSIState, dev.qdev, req->bus->qbus.parent);
670
    lsi_request *p;
671

    
672
    if (s->current && req == s->current->req) {
673
        scsi_req_unref(req);
674
        qemu_free(s->current);
675
        s->current = NULL;
676
        return;
677
    }
678

    
679
    p = lsi_find_by_tag(s, req->tag);
680
    if (p) {
681
        QTAILQ_REMOVE(&s->queue, p, next);
682
        scsi_req_unref(req);
683
        qemu_free(p);
684
    }
685
}
686

    
687
/* Record that data is available for a queued command.  Returns zero if
688
   the device was reselected, nonzero if the IO is deferred.  */
689
static int lsi_queue_tag(LSIState *s, uint32_t tag, uint32_t arg)
690
{
691
    lsi_request *p;
692

    
693
    p = lsi_find_by_tag(s, tag);
694
    if (!p) {
695
        BADF("IO with unknown tag %d\n", tag);
696
        return 1;
697
    }
698

    
699
    if (p->pending) {
700
        BADF("Multiple IO pending for tag %d\n", tag);
701
    }
702
    p->pending = arg;
703
    /* Reselect if waiting for it, or if reselection triggers an IRQ
704
       and the bus is free.
705
       Since no interrupt stacking is implemented in the emulation, it
706
       is also required that there are no pending interrupts waiting
707
       for service from the device driver. */
708
    if (s->waiting == 1 ||
709
        (lsi_irq_on_rsl(s) && !(s->scntl1 & LSI_SCNTL1_CON) &&
710
         !(s->istat0 & (LSI_ISTAT0_SIP | LSI_ISTAT0_DIP)))) {
711
        /* Reselect device.  */
712
        lsi_reselect(s, p);
713
        return 0;
714
    } else {
715
        DPRINTF("Queueing IO tag=0x%x\n", tag);
716
        p->pending = arg;
717
        return 1;
718
    }
719
}
720
 /* Callback to indicate that the SCSI layer has completed a transfer.  */
721
static void lsi_command_complete(SCSIRequest *req, int reason, uint32_t arg)
722
{
723
    LSIState *s = DO_UPCAST(LSIState, dev.qdev, req->bus->qbus.parent);
724
    int out;
725

    
726
    out = (s->sstat1 & PHASE_MASK) == PHASE_DO;
727
    if (reason == SCSI_REASON_DONE) {
728
        DPRINTF("Command complete status=%d\n", (int)arg);
729
        s->status = arg;
730
        s->command_complete = 2;
731
        if (s->waiting && s->dbc != 0) {
732
            /* Raise phase mismatch for short transfers.  */
733
            lsi_bad_phase(s, out, PHASE_ST);
734
        } else {
735
            lsi_set_phase(s, PHASE_ST);
736
        }
737

    
738
        if (s->current && req == s->current->req) {
739
            scsi_req_unref(s->current->req);
740
            qemu_free(s->current);
741
            s->current = NULL;
742
        }
743
        lsi_resume_script(s);
744
        return;
745
    }
746

    
747
    if (s->waiting == 1 || !s->current || req->tag != s->current->tag ||
748
        (lsi_irq_on_rsl(s) && !(s->scntl1 & LSI_SCNTL1_CON))) {
749
        if (lsi_queue_tag(s, req->tag, arg)) {
750
            return;
751
        }
752
    }
753

    
754
    /* host adapter (re)connected */
755
    DPRINTF("Data ready tag=0x%x len=%d\n", req->tag, arg);
756
    s->current->dma_len = arg;
757
    s->command_complete = 1;
758
    if (!s->waiting)
759
        return;
760
    if (s->waiting == 1 || s->dbc == 0) {
761
        lsi_resume_script(s);
762
    } else {
763
        lsi_do_dma(s, out);
764
    }
765
}
766

    
767
static void lsi_do_command(LSIState *s)
768
{
769
    SCSIDevice *dev;
770
    uint8_t buf[16];
771
    uint32_t id;
772
    int n;
773

    
774
    DPRINTF("Send command len=%d\n", s->dbc);
775
    if (s->dbc > 16)
776
        s->dbc = 16;
777
    cpu_physical_memory_read(s->dnad, buf, s->dbc);
778
    s->sfbr = buf[0];
779
    s->command_complete = 0;
780

    
781
    id = (s->select_tag >> 8) & 0xf;
782
    dev = s->bus.devs[id];
783
    if (!dev) {
784
        lsi_bad_selection(s, id);
785
        return;
786
    }
787

    
788
    assert(s->current == NULL);
789
    s->current = qemu_mallocz(sizeof(lsi_request));
790
    s->current->tag = s->select_tag;
791
    s->current->req = dev->info->alloc_req(dev, s->current->tag,
792
                                           s->current_lun);
793

    
794
    n = scsi_req_enqueue(s->current->req, buf);
795
    if (n > 0) {
796
        lsi_set_phase(s, PHASE_DI);
797
        dev->info->read_data(s->current->req);
798
    } else if (n < 0) {
799
        lsi_set_phase(s, PHASE_DO);
800
        dev->info->write_data(s->current->req);
801
    }
802

    
803
    if (!s->command_complete) {
804
        if (n) {
805
            /* Command did not complete immediately so disconnect.  */
806
            lsi_add_msg_byte(s, 2); /* SAVE DATA POINTER */
807
            lsi_add_msg_byte(s, 4); /* DISCONNECT */
808
            /* wait data */
809
            lsi_set_phase(s, PHASE_MI);
810
            s->msg_action = 1;
811
            lsi_queue_command(s);
812
        } else {
813
            /* wait command complete */
814
            lsi_set_phase(s, PHASE_DI);
815
        }
816
    }
817
}
818

    
819
static void lsi_do_status(LSIState *s)
820
{
821
    uint8_t status;
822
    DPRINTF("Get status len=%d status=%d\n", s->dbc, s->status);
823
    if (s->dbc != 1)
824
        BADF("Bad Status move\n");
825
    s->dbc = 1;
826
    status = s->status;
827
    s->sfbr = status;
828
    cpu_physical_memory_write(s->dnad, &status, 1);
829
    lsi_set_phase(s, PHASE_MI);
830
    s->msg_action = 1;
831
    lsi_add_msg_byte(s, 0); /* COMMAND COMPLETE */
832
}
833

    
834
static void lsi_do_msgin(LSIState *s)
835
{
836
    int len;
837
    DPRINTF("Message in len=%d/%d\n", s->dbc, s->msg_len);
838
    s->sfbr = s->msg[0];
839
    len = s->msg_len;
840
    if (len > s->dbc)
841
        len = s->dbc;
842
    cpu_physical_memory_write(s->dnad, s->msg, len);
843
    /* Linux drivers rely on the last byte being in the SIDL.  */
844
    s->sidl = s->msg[len - 1];
845
    s->msg_len -= len;
846
    if (s->msg_len) {
847
        memmove(s->msg, s->msg + len, s->msg_len);
848
    } else {
849
        /* ??? Check if ATN (not yet implemented) is asserted and maybe
850
           switch to PHASE_MO.  */
851
        switch (s->msg_action) {
852
        case 0:
853
            lsi_set_phase(s, PHASE_CMD);
854
            break;
855
        case 1:
856
            lsi_disconnect(s);
857
            break;
858
        case 2:
859
            lsi_set_phase(s, PHASE_DO);
860
            break;
861
        case 3:
862
            lsi_set_phase(s, PHASE_DI);
863
            break;
864
        default:
865
            abort();
866
        }
867
    }
868
}
869

    
870
/* Read the next byte during a MSGOUT phase.  */
871
static uint8_t lsi_get_msgbyte(LSIState *s)
872
{
873
    uint8_t data;
874
    cpu_physical_memory_read(s->dnad, &data, 1);
875
    s->dnad++;
876
    s->dbc--;
877
    return data;
878
}
879

    
880
/* Skip the next n bytes during a MSGOUT phase. */
881
static void lsi_skip_msgbytes(LSIState *s, unsigned int n)
882
{
883
    s->dnad += n;
884
    s->dbc  -= n;
885
}
886

    
887
static void lsi_do_msgout(LSIState *s)
888
{
889
    uint8_t msg;
890
    int len;
891
    uint32_t current_tag;
892
    SCSIDevice *current_dev;
893
    lsi_request *current_req, *p, *p_next;
894
    int id;
895

    
896
    if (s->current) {
897
        current_tag = s->current->tag;
898
        current_req = s->current;
899
    } else {
900
        current_tag = s->select_tag;
901
        current_req = lsi_find_by_tag(s, current_tag);
902
    }
903
    id = (current_tag >> 8) & 0xf;
904
    current_dev = s->bus.devs[id];
905

    
906
    DPRINTF("MSG out len=%d\n", s->dbc);
907
    while (s->dbc) {
908
        msg = lsi_get_msgbyte(s);
909
        s->sfbr = msg;
910

    
911
        switch (msg) {
912
        case 0x04:
913
            DPRINTF("MSG: Disconnect\n");
914
            lsi_disconnect(s);
915
            break;
916
        case 0x08:
917
            DPRINTF("MSG: No Operation\n");
918
            lsi_set_phase(s, PHASE_CMD);
919
            break;
920
        case 0x01:
921
            len = lsi_get_msgbyte(s);
922
            msg = lsi_get_msgbyte(s);
923
            (void)len; /* avoid a warning about unused variable*/
924
            DPRINTF("Extended message 0x%x (len %d)\n", msg, len);
925
            switch (msg) {
926
            case 1:
927
                DPRINTF("SDTR (ignored)\n");
928
                lsi_skip_msgbytes(s, 2);
929
                break;
930
            case 3:
931
                DPRINTF("WDTR (ignored)\n");
932
                lsi_skip_msgbytes(s, 1);
933
                break;
934
            default:
935
                goto bad;
936
            }
937
            break;
938
        case 0x20: /* SIMPLE queue */
939
            s->select_tag |= lsi_get_msgbyte(s) | LSI_TAG_VALID;
940
            DPRINTF("SIMPLE queue tag=0x%x\n", s->select_tag & 0xff);
941
            break;
942
        case 0x21: /* HEAD of queue */
943
            BADF("HEAD queue not implemented\n");
944
            s->select_tag |= lsi_get_msgbyte(s) | LSI_TAG_VALID;
945
            break;
946
        case 0x22: /* ORDERED queue */
947
            BADF("ORDERED queue not implemented\n");
948
            s->select_tag |= lsi_get_msgbyte(s) | LSI_TAG_VALID;
949
            break;
950
        case 0x0d:
951
            /* The ABORT TAG message clears the current I/O process only. */
952
            DPRINTF("MSG: ABORT TAG tag=0x%x\n", current_tag);
953
            if (current_req) {
954
                scsi_req_cancel(current_req->req);
955
            }
956
            lsi_disconnect(s);
957
            break;
958
        case 0x06:
959
        case 0x0e:
960
        case 0x0c:
961
            /* The ABORT message clears all I/O processes for the selecting
962
               initiator on the specified logical unit of the target. */
963
            if (msg == 0x06) {
964
                DPRINTF("MSG: ABORT tag=0x%x\n", current_tag);
965
            }
966
            /* The CLEAR QUEUE message clears all I/O processes for all
967
               initiators on the specified logical unit of the target. */
968
            if (msg == 0x0e) {
969
                DPRINTF("MSG: CLEAR QUEUE tag=0x%x\n", current_tag);
970
            }
971
            /* The BUS DEVICE RESET message clears all I/O processes for all
972
               initiators on all logical units of the target. */
973
            if (msg == 0x0c) {
974
                DPRINTF("MSG: BUS DEVICE RESET tag=0x%x\n", current_tag);
975
            }
976

    
977
            /* clear the current I/O process */
978
            if (s->current) {
979
                scsi_req_cancel(s->current->req);
980
            }
981

    
982
            /* As the current implemented devices scsi_disk and scsi_generic
983
               only support one LUN, we don't need to keep track of LUNs.
984
               Clearing I/O processes for other initiators could be possible
985
               for scsi_generic by sending a SG_SCSI_RESET to the /dev/sgX
986
               device, but this is currently not implemented (and seems not
987
               to be really necessary). So let's simply clear all queued
988
               commands for the current device: */
989
            id = current_tag & 0x0000ff00;
990
            QTAILQ_FOREACH_SAFE(p, &s->queue, next, p_next) {
991
                if ((p->tag & 0x0000ff00) == id) {
992
                    scsi_req_cancel(p->req);
993
                }
994
            }
995

    
996
            lsi_disconnect(s);
997
            break;
998
        default:
999
            if ((msg & 0x80) == 0) {
1000
                goto bad;
1001
            }
1002
            s->current_lun = msg & 7;
1003
            DPRINTF("Select LUN %d\n", s->current_lun);
1004
            lsi_set_phase(s, PHASE_CMD);
1005
            break;
1006
        }
1007
    }
1008
    return;
1009
bad:
1010
    BADF("Unimplemented message 0x%02x\n", msg);
1011
    lsi_set_phase(s, PHASE_MI);
1012
    lsi_add_msg_byte(s, 7); /* MESSAGE REJECT */
1013
    s->msg_action = 0;
1014
}
1015

    
1016
/* Sign extend a 24-bit value.  */
1017
static inline int32_t sxt24(int32_t n)
1018
{
1019
    return (n << 8) >> 8;
1020
}
1021

    
1022
#define LSI_BUF_SIZE 4096
1023
static void lsi_memcpy(LSIState *s, uint32_t dest, uint32_t src, int count)
1024
{
1025
    int n;
1026
    uint8_t buf[LSI_BUF_SIZE];
1027

    
1028
    DPRINTF("memcpy dest 0x%08x src 0x%08x count %d\n", dest, src, count);
1029
    while (count) {
1030
        n = (count > LSI_BUF_SIZE) ? LSI_BUF_SIZE : count;
1031
        cpu_physical_memory_read(src, buf, n);
1032
        cpu_physical_memory_write(dest, buf, n);
1033
        src += n;
1034
        dest += n;
1035
        count -= n;
1036
    }
1037
}
1038

    
1039
static void lsi_wait_reselect(LSIState *s)
1040
{
1041
    lsi_request *p;
1042

    
1043
    DPRINTF("Wait Reselect\n");
1044

    
1045
    QTAILQ_FOREACH(p, &s->queue, next) {
1046
        if (p->pending) {
1047
            lsi_reselect(s, p);
1048
            break;
1049
        }
1050
    }
1051
    if (s->current == NULL) {
1052
        s->waiting = 1;
1053
    }
1054
}
1055

    
1056
static void lsi_execute_script(LSIState *s)
1057
{
1058
    uint32_t insn;
1059
    uint32_t addr, addr_high;
1060
    int opcode;
1061
    int insn_processed = 0;
1062

    
1063
    s->istat1 |= LSI_ISTAT1_SRUN;
1064
again:
1065
    insn_processed++;
1066
    insn = read_dword(s, s->dsp);
1067
    if (!insn) {
1068
        /* If we receive an empty opcode increment the DSP by 4 bytes
1069
           instead of 8 and execute the next opcode at that location */
1070
        s->dsp += 4;
1071
        goto again;
1072
    }
1073
    addr = read_dword(s, s->dsp + 4);
1074
    addr_high = 0;
1075
    DPRINTF("SCRIPTS dsp=%08x opcode %08x arg %08x\n", s->dsp, insn, addr);
1076
    s->dsps = addr;
1077
    s->dcmd = insn >> 24;
1078
    s->dsp += 8;
1079
    switch (insn >> 30) {
1080
    case 0: /* Block move.  */
1081
        if (s->sist1 & LSI_SIST1_STO) {
1082
            DPRINTF("Delayed select timeout\n");
1083
            lsi_stop_script(s);
1084
            break;
1085
        }
1086
        s->dbc = insn & 0xffffff;
1087
        s->rbc = s->dbc;
1088
        /* ??? Set ESA.  */
1089
        s->ia = s->dsp - 8;
1090
        if (insn & (1 << 29)) {
1091
            /* Indirect addressing.  */
1092
            addr = read_dword(s, addr);
1093
        } else if (insn & (1 << 28)) {
1094
            uint32_t buf[2];
1095
            int32_t offset;
1096
            /* Table indirect addressing.  */
1097

    
1098
            /* 32-bit Table indirect */
1099
            offset = sxt24(addr);
1100
            cpu_physical_memory_read(s->dsa + offset, (uint8_t *)buf, 8);
1101
            /* byte count is stored in bits 0:23 only */
1102
            s->dbc = cpu_to_le32(buf[0]) & 0xffffff;
1103
            s->rbc = s->dbc;
1104
            addr = cpu_to_le32(buf[1]);
1105

    
1106
            /* 40-bit DMA, upper addr bits [39:32] stored in first DWORD of
1107
             * table, bits [31:24] */
1108
            if (lsi_dma_40bit(s))
1109
                addr_high = cpu_to_le32(buf[0]) >> 24;
1110
            else if (lsi_dma_ti64bit(s)) {
1111
                int selector = (cpu_to_le32(buf[0]) >> 24) & 0x1f;
1112
                switch (selector) {
1113
                case 0 ... 0x0f:
1114
                    /* offset index into scratch registers since
1115
                     * TI64 mode can use registers C to R */
1116
                    addr_high = s->scratch[2 + selector];
1117
                    break;
1118
                case 0x10:
1119
                    addr_high = s->mmrs;
1120
                    break;
1121
                case 0x11:
1122
                    addr_high = s->mmws;
1123
                    break;
1124
                case 0x12:
1125
                    addr_high = s->sfs;
1126
                    break;
1127
                case 0x13:
1128
                    addr_high = s->drs;
1129
                    break;
1130
                case 0x14:
1131
                    addr_high = s->sbms;
1132
                    break;
1133
                case 0x15:
1134
                    addr_high = s->dbms;
1135
                    break;
1136
                default:
1137
                    BADF("Illegal selector specified (0x%x > 0x15)"
1138
                         " for 64-bit DMA block move", selector);
1139
                    break;
1140
                }
1141
            }
1142
        } else if (lsi_dma_64bit(s)) {
1143
            /* fetch a 3rd dword if 64-bit direct move is enabled and
1144
               only if we're not doing table indirect or indirect addressing */
1145
            s->dbms = read_dword(s, s->dsp);
1146
            s->dsp += 4;
1147
            s->ia = s->dsp - 12;
1148
        }
1149
        if ((s->sstat1 & PHASE_MASK) != ((insn >> 24) & 7)) {
1150
            DPRINTF("Wrong phase got %d expected %d\n",
1151
                    s->sstat1 & PHASE_MASK, (insn >> 24) & 7);
1152
            lsi_script_scsi_interrupt(s, LSI_SIST0_MA, 0);
1153
            break;
1154
        }
1155
        s->dnad = addr;
1156
        s->dnad64 = addr_high;
1157
        switch (s->sstat1 & 0x7) {
1158
        case PHASE_DO:
1159
            s->waiting = 2;
1160
            lsi_do_dma(s, 1);
1161
            if (s->waiting)
1162
                s->waiting = 3;
1163
            break;
1164
        case PHASE_DI:
1165
            s->waiting = 2;
1166
            lsi_do_dma(s, 0);
1167
            if (s->waiting)
1168
                s->waiting = 3;
1169
            break;
1170
        case PHASE_CMD:
1171
            lsi_do_command(s);
1172
            break;
1173
        case PHASE_ST:
1174
            lsi_do_status(s);
1175
            break;
1176
        case PHASE_MO:
1177
            lsi_do_msgout(s);
1178
            break;
1179
        case PHASE_MI:
1180
            lsi_do_msgin(s);
1181
            break;
1182
        default:
1183
            BADF("Unimplemented phase %d\n", s->sstat1 & PHASE_MASK);
1184
            exit(1);
1185
        }
1186
        s->dfifo = s->dbc & 0xff;
1187
        s->ctest5 = (s->ctest5 & 0xfc) | ((s->dbc >> 8) & 3);
1188
        s->sbc = s->dbc;
1189
        s->rbc -= s->dbc;
1190
        s->ua = addr + s->dbc;
1191
        break;
1192

    
1193
    case 1: /* IO or Read/Write instruction.  */
1194
        opcode = (insn >> 27) & 7;
1195
        if (opcode < 5) {
1196
            uint32_t id;
1197

    
1198
            if (insn & (1 << 25)) {
1199
                id = read_dword(s, s->dsa + sxt24(insn));
1200
            } else {
1201
                id = insn;
1202
            }
1203
            id = (id >> 16) & 0xf;
1204
            if (insn & (1 << 26)) {
1205
                addr = s->dsp + sxt24(addr);
1206
            }
1207
            s->dnad = addr;
1208
            switch (opcode) {
1209
            case 0: /* Select */
1210
                s->sdid = id;
1211
                if (s->scntl1 & LSI_SCNTL1_CON) {
1212
                    DPRINTF("Already reselected, jumping to alternative address\n");
1213
                    s->dsp = s->dnad;
1214
                    break;
1215
                }
1216
                s->sstat0 |= LSI_SSTAT0_WOA;
1217
                s->scntl1 &= ~LSI_SCNTL1_IARB;
1218
                if (id >= LSI_MAX_DEVS || !s->bus.devs[id]) {
1219
                    lsi_bad_selection(s, id);
1220
                    break;
1221
                }
1222
                DPRINTF("Selected target %d%s\n",
1223
                        id, insn & (1 << 3) ? " ATN" : "");
1224
                /* ??? Linux drivers compain when this is set.  Maybe
1225
                   it only applies in low-level mode (unimplemented).
1226
                lsi_script_scsi_interrupt(s, LSI_SIST0_CMP, 0); */
1227
                s->select_tag = id << 8;
1228
                s->scntl1 |= LSI_SCNTL1_CON;
1229
                if (insn & (1 << 3)) {
1230
                    s->socl |= LSI_SOCL_ATN;
1231
                }
1232
                lsi_set_phase(s, PHASE_MO);
1233
                break;
1234
            case 1: /* Disconnect */
1235
                DPRINTF("Wait Disconnect\n");
1236
                s->scntl1 &= ~LSI_SCNTL1_CON;
1237
                break;
1238
            case 2: /* Wait Reselect */
1239
                if (!lsi_irq_on_rsl(s)) {
1240
                    lsi_wait_reselect(s);
1241
                }
1242
                break;
1243
            case 3: /* Set */
1244
                DPRINTF("Set%s%s%s%s\n",
1245
                        insn & (1 << 3) ? " ATN" : "",
1246
                        insn & (1 << 6) ? " ACK" : "",
1247
                        insn & (1 << 9) ? " TM" : "",
1248
                        insn & (1 << 10) ? " CC" : "");
1249
                if (insn & (1 << 3)) {
1250
                    s->socl |= LSI_SOCL_ATN;
1251
                    lsi_set_phase(s, PHASE_MO);
1252
                }
1253
                if (insn & (1 << 9)) {
1254
                    BADF("Target mode not implemented\n");
1255
                    exit(1);
1256
                }
1257
                if (insn & (1 << 10))
1258
                    s->carry = 1;
1259
                break;
1260
            case 4: /* Clear */
1261
                DPRINTF("Clear%s%s%s%s\n",
1262
                        insn & (1 << 3) ? " ATN" : "",
1263
                        insn & (1 << 6) ? " ACK" : "",
1264
                        insn & (1 << 9) ? " TM" : "",
1265
                        insn & (1 << 10) ? " CC" : "");
1266
                if (insn & (1 << 3)) {
1267
                    s->socl &= ~LSI_SOCL_ATN;
1268
                }
1269
                if (insn & (1 << 10))
1270
                    s->carry = 0;
1271
                break;
1272
            }
1273
        } else {
1274
            uint8_t op0;
1275
            uint8_t op1;
1276
            uint8_t data8;
1277
            int reg;
1278
            int operator;
1279
#ifdef DEBUG_LSI
1280
            static const char *opcode_names[3] =
1281
                {"Write", "Read", "Read-Modify-Write"};
1282
            static const char *operator_names[8] =
1283
                {"MOV", "SHL", "OR", "XOR", "AND", "SHR", "ADD", "ADC"};
1284
#endif
1285

    
1286
            reg = ((insn >> 16) & 0x7f) | (insn & 0x80);
1287
            data8 = (insn >> 8) & 0xff;
1288
            opcode = (insn >> 27) & 7;
1289
            operator = (insn >> 24) & 7;
1290
            DPRINTF("%s reg 0x%x %s data8=0x%02x sfbr=0x%02x%s\n",
1291
                    opcode_names[opcode - 5], reg,
1292
                    operator_names[operator], data8, s->sfbr,
1293
                    (insn & (1 << 23)) ? " SFBR" : "");
1294
            op0 = op1 = 0;
1295
            switch (opcode) {
1296
            case 5: /* From SFBR */
1297
                op0 = s->sfbr;
1298
                op1 = data8;
1299
                break;
1300
            case 6: /* To SFBR */
1301
                if (operator)
1302
                    op0 = lsi_reg_readb(s, reg);
1303
                op1 = data8;
1304
                break;
1305
            case 7: /* Read-modify-write */
1306
                if (operator)
1307
                    op0 = lsi_reg_readb(s, reg);
1308
                if (insn & (1 << 23)) {
1309
                    op1 = s->sfbr;
1310
                } else {
1311
                    op1 = data8;
1312
                }
1313
                break;
1314
            }
1315

    
1316
            switch (operator) {
1317
            case 0: /* move */
1318
                op0 = op1;
1319
                break;
1320
            case 1: /* Shift left */
1321
                op1 = op0 >> 7;
1322
                op0 = (op0 << 1) | s->carry;
1323
                s->carry = op1;
1324
                break;
1325
            case 2: /* OR */
1326
                op0 |= op1;
1327
                break;
1328
            case 3: /* XOR */
1329
                op0 ^= op1;
1330
                break;
1331
            case 4: /* AND */
1332
                op0 &= op1;
1333
                break;
1334
            case 5: /* SHR */
1335
                op1 = op0 & 1;
1336
                op0 = (op0 >> 1) | (s->carry << 7);
1337
                s->carry = op1;
1338
                break;
1339
            case 6: /* ADD */
1340
                op0 += op1;
1341
                s->carry = op0 < op1;
1342
                break;
1343
            case 7: /* ADC */
1344
                op0 += op1 + s->carry;
1345
                if (s->carry)
1346
                    s->carry = op0 <= op1;
1347
                else
1348
                    s->carry = op0 < op1;
1349
                break;
1350
            }
1351

    
1352
            switch (opcode) {
1353
            case 5: /* From SFBR */
1354
            case 7: /* Read-modify-write */
1355
                lsi_reg_writeb(s, reg, op0);
1356
                break;
1357
            case 6: /* To SFBR */
1358
                s->sfbr = op0;
1359
                break;
1360
            }
1361
        }
1362
        break;
1363

    
1364
    case 2: /* Transfer Control.  */
1365
        {
1366
            int cond;
1367
            int jmp;
1368

    
1369
            if ((insn & 0x002e0000) == 0) {
1370
                DPRINTF("NOP\n");
1371
                break;
1372
            }
1373
            if (s->sist1 & LSI_SIST1_STO) {
1374
                DPRINTF("Delayed select timeout\n");
1375
                lsi_stop_script(s);
1376
                break;
1377
            }
1378
            cond = jmp = (insn & (1 << 19)) != 0;
1379
            if (cond == jmp && (insn & (1 << 21))) {
1380
                DPRINTF("Compare carry %d\n", s->carry == jmp);
1381
                cond = s->carry != 0;
1382
            }
1383
            if (cond == jmp && (insn & (1 << 17))) {
1384
                DPRINTF("Compare phase %d %c= %d\n",
1385
                        (s->sstat1 & PHASE_MASK),
1386
                        jmp ? '=' : '!',
1387
                        ((insn >> 24) & 7));
1388
                cond = (s->sstat1 & PHASE_MASK) == ((insn >> 24) & 7);
1389
            }
1390
            if (cond == jmp && (insn & (1 << 18))) {
1391
                uint8_t mask;
1392

    
1393
                mask = (~insn >> 8) & 0xff;
1394
                DPRINTF("Compare data 0x%x & 0x%x %c= 0x%x\n",
1395
                        s->sfbr, mask, jmp ? '=' : '!', insn & mask);
1396
                cond = (s->sfbr & mask) == (insn & mask);
1397
            }
1398
            if (cond == jmp) {
1399
                if (insn & (1 << 23)) {
1400
                    /* Relative address.  */
1401
                    addr = s->dsp + sxt24(addr);
1402
                }
1403
                switch ((insn >> 27) & 7) {
1404
                case 0: /* Jump */
1405
                    DPRINTF("Jump to 0x%08x\n", addr);
1406
                    s->dsp = addr;
1407
                    break;
1408
                case 1: /* Call */
1409
                    DPRINTF("Call 0x%08x\n", addr);
1410
                    s->temp = s->dsp;
1411
                    s->dsp = addr;
1412
                    break;
1413
                case 2: /* Return */
1414
                    DPRINTF("Return to 0x%08x\n", s->temp);
1415
                    s->dsp = s->temp;
1416
                    break;
1417
                case 3: /* Interrupt */
1418
                    DPRINTF("Interrupt 0x%08x\n", s->dsps);
1419
                    if ((insn & (1 << 20)) != 0) {
1420
                        s->istat0 |= LSI_ISTAT0_INTF;
1421
                        lsi_update_irq(s);
1422
                    } else {
1423
                        lsi_script_dma_interrupt(s, LSI_DSTAT_SIR);
1424
                    }
1425
                    break;
1426
                default:
1427
                    DPRINTF("Illegal transfer control\n");
1428
                    lsi_script_dma_interrupt(s, LSI_DSTAT_IID);
1429
                    break;
1430
                }
1431
            } else {
1432
                DPRINTF("Control condition failed\n");
1433
            }
1434
        }
1435
        break;
1436

    
1437
    case 3:
1438
        if ((insn & (1 << 29)) == 0) {
1439
            /* Memory move.  */
1440
            uint32_t dest;
1441
            /* ??? The docs imply the destination address is loaded into
1442
               the TEMP register.  However the Linux drivers rely on
1443
               the value being presrved.  */
1444
            dest = read_dword(s, s->dsp);
1445
            s->dsp += 4;
1446
            lsi_memcpy(s, dest, addr, insn & 0xffffff);
1447
        } else {
1448
            uint8_t data[7];
1449
            int reg;
1450
            int n;
1451
            int i;
1452

    
1453
            if (insn & (1 << 28)) {
1454
                addr = s->dsa + sxt24(addr);
1455
            }
1456
            n = (insn & 7);
1457
            reg = (insn >> 16) & 0xff;
1458
            if (insn & (1 << 24)) {
1459
                cpu_physical_memory_read(addr, data, n);
1460
                DPRINTF("Load reg 0x%x size %d addr 0x%08x = %08x\n", reg, n,
1461
                        addr, *(int *)data);
1462
                for (i = 0; i < n; i++) {
1463
                    lsi_reg_writeb(s, reg + i, data[i]);
1464
                }
1465
            } else {
1466
                DPRINTF("Store reg 0x%x size %d addr 0x%08x\n", reg, n, addr);
1467
                for (i = 0; i < n; i++) {
1468
                    data[i] = lsi_reg_readb(s, reg + i);
1469
                }
1470
                cpu_physical_memory_write(addr, data, n);
1471
            }
1472
        }
1473
    }
1474
    if (insn_processed > 10000 && !s->waiting) {
1475
        /* Some windows drivers make the device spin waiting for a memory
1476
           location to change.  If we have been executed a lot of code then
1477
           assume this is the case and force an unexpected device disconnect.
1478
           This is apparently sufficient to beat the drivers into submission.
1479
         */
1480
        if (!(s->sien0 & LSI_SIST0_UDC))
1481
            fprintf(stderr, "inf. loop with UDC masked\n");
1482
        lsi_script_scsi_interrupt(s, LSI_SIST0_UDC, 0);
1483
        lsi_disconnect(s);
1484
    } else if (s->istat1 & LSI_ISTAT1_SRUN && !s->waiting) {
1485
        if (s->dcntl & LSI_DCNTL_SSM) {
1486
            lsi_script_dma_interrupt(s, LSI_DSTAT_SSI);
1487
        } else {
1488
            goto again;
1489
        }
1490
    }
1491
    DPRINTF("SCRIPTS execution stopped\n");
1492
}
1493

    
1494
static uint8_t lsi_reg_readb(LSIState *s, int offset)
1495
{
1496
    uint8_t tmp;
1497
#define CASE_GET_REG24(name, addr) \
1498
    case addr: return s->name & 0xff; \
1499
    case addr + 1: return (s->name >> 8) & 0xff; \
1500
    case addr + 2: return (s->name >> 16) & 0xff;
1501

    
1502
#define CASE_GET_REG32(name, addr) \
1503
    case addr: return s->name & 0xff; \
1504
    case addr + 1: return (s->name >> 8) & 0xff; \
1505
    case addr + 2: return (s->name >> 16) & 0xff; \
1506
    case addr + 3: return (s->name >> 24) & 0xff;
1507

    
1508
#ifdef DEBUG_LSI_REG
1509
    DPRINTF("Read reg %x\n", offset);
1510
#endif
1511
    switch (offset) {
1512
    case 0x00: /* SCNTL0 */
1513
        return s->scntl0;
1514
    case 0x01: /* SCNTL1 */
1515
        return s->scntl1;
1516
    case 0x02: /* SCNTL2 */
1517
        return s->scntl2;
1518
    case 0x03: /* SCNTL3 */
1519
        return s->scntl3;
1520
    case 0x04: /* SCID */
1521
        return s->scid;
1522
    case 0x05: /* SXFER */
1523
        return s->sxfer;
1524
    case 0x06: /* SDID */
1525
        return s->sdid;
1526
    case 0x07: /* GPREG0 */
1527
        return 0x7f;
1528
    case 0x08: /* Revision ID */
1529
        return 0x00;
1530
    case 0xa: /* SSID */
1531
        return s->ssid;
1532
    case 0xb: /* SBCL */
1533
        /* ??? This is not correct. However it's (hopefully) only
1534
           used for diagnostics, so should be ok.  */
1535
        return 0;
1536
    case 0xc: /* DSTAT */
1537
        tmp = s->dstat | 0x80;
1538
        if ((s->istat0 & LSI_ISTAT0_INTF) == 0)
1539
            s->dstat = 0;
1540
        lsi_update_irq(s);
1541
        return tmp;
1542
    case 0x0d: /* SSTAT0 */
1543
        return s->sstat0;
1544
    case 0x0e: /* SSTAT1 */
1545
        return s->sstat1;
1546
    case 0x0f: /* SSTAT2 */
1547
        return s->scntl1 & LSI_SCNTL1_CON ? 0 : 2;
1548
    CASE_GET_REG32(dsa, 0x10)
1549
    case 0x14: /* ISTAT0 */
1550
        return s->istat0;
1551
    case 0x15: /* ISTAT1 */
1552
        return s->istat1;
1553
    case 0x16: /* MBOX0 */
1554
        return s->mbox0;
1555
    case 0x17: /* MBOX1 */
1556
        return s->mbox1;
1557
    case 0x18: /* CTEST0 */
1558
        return 0xff;
1559
    case 0x19: /* CTEST1 */
1560
        return 0;
1561
    case 0x1a: /* CTEST2 */
1562
        tmp = s->ctest2 | LSI_CTEST2_DACK | LSI_CTEST2_CM;
1563
        if (s->istat0 & LSI_ISTAT0_SIGP) {
1564
            s->istat0 &= ~LSI_ISTAT0_SIGP;
1565
            tmp |= LSI_CTEST2_SIGP;
1566
        }
1567
        return tmp;
1568
    case 0x1b: /* CTEST3 */
1569
        return s->ctest3;
1570
    CASE_GET_REG32(temp, 0x1c)
1571
    case 0x20: /* DFIFO */
1572
        return 0;
1573
    case 0x21: /* CTEST4 */
1574
        return s->ctest4;
1575
    case 0x22: /* CTEST5 */
1576
        return s->ctest5;
1577
    case 0x23: /* CTEST6 */
1578
         return 0;
1579
    CASE_GET_REG24(dbc, 0x24)
1580
    case 0x27: /* DCMD */
1581
        return s->dcmd;
1582
    CASE_GET_REG32(dnad, 0x28)
1583
    CASE_GET_REG32(dsp, 0x2c)
1584
    CASE_GET_REG32(dsps, 0x30)
1585
    CASE_GET_REG32(scratch[0], 0x34)
1586
    case 0x38: /* DMODE */
1587
        return s->dmode;
1588
    case 0x39: /* DIEN */
1589
        return s->dien;
1590
    case 0x3a: /* SBR */
1591
        return s->sbr;
1592
    case 0x3b: /* DCNTL */
1593
        return s->dcntl;
1594
    case 0x40: /* SIEN0 */
1595
        return s->sien0;
1596
    case 0x41: /* SIEN1 */
1597
        return s->sien1;
1598
    case 0x42: /* SIST0 */
1599
        tmp = s->sist0;
1600
        s->sist0 = 0;
1601
        lsi_update_irq(s);
1602
        return tmp;
1603
    case 0x43: /* SIST1 */
1604
        tmp = s->sist1;
1605
        s->sist1 = 0;
1606
        lsi_update_irq(s);
1607
        return tmp;
1608
    case 0x46: /* MACNTL */
1609
        return 0x0f;
1610
    case 0x47: /* GPCNTL0 */
1611
        return 0x0f;
1612
    case 0x48: /* STIME0 */
1613
        return s->stime0;
1614
    case 0x4a: /* RESPID0 */
1615
        return s->respid0;
1616
    case 0x4b: /* RESPID1 */
1617
        return s->respid1;
1618
    case 0x4d: /* STEST1 */
1619
        return s->stest1;
1620
    case 0x4e: /* STEST2 */
1621
        return s->stest2;
1622
    case 0x4f: /* STEST3 */
1623
        return s->stest3;
1624
    case 0x50: /* SIDL */
1625
        /* This is needed by the linux drivers.  We currently only update it
1626
           during the MSG IN phase.  */
1627
        return s->sidl;
1628
    case 0x52: /* STEST4 */
1629
        return 0xe0;
1630
    case 0x56: /* CCNTL0 */
1631
        return s->ccntl0;
1632
    case 0x57: /* CCNTL1 */
1633
        return s->ccntl1;
1634
    case 0x58: /* SBDL */
1635
        /* Some drivers peek at the data bus during the MSG IN phase.  */
1636
        if ((s->sstat1 & PHASE_MASK) == PHASE_MI)
1637
            return s->msg[0];
1638
        return 0;
1639
    case 0x59: /* SBDL high */
1640
        return 0;
1641
    CASE_GET_REG32(mmrs, 0xa0)
1642
    CASE_GET_REG32(mmws, 0xa4)
1643
    CASE_GET_REG32(sfs, 0xa8)
1644
    CASE_GET_REG32(drs, 0xac)
1645
    CASE_GET_REG32(sbms, 0xb0)
1646
    CASE_GET_REG32(dbms, 0xb4)
1647
    CASE_GET_REG32(dnad64, 0xb8)
1648
    CASE_GET_REG32(pmjad1, 0xc0)
1649
    CASE_GET_REG32(pmjad2, 0xc4)
1650
    CASE_GET_REG32(rbc, 0xc8)
1651
    CASE_GET_REG32(ua, 0xcc)
1652
    CASE_GET_REG32(ia, 0xd4)
1653
    CASE_GET_REG32(sbc, 0xd8)
1654
    CASE_GET_REG32(csbc, 0xdc)
1655
    }
1656
    if (offset >= 0x5c && offset < 0xa0) {
1657
        int n;
1658
        int shift;
1659
        n = (offset - 0x58) >> 2;
1660
        shift = (offset & 3) * 8;
1661
        return (s->scratch[n] >> shift) & 0xff;
1662
    }
1663
    BADF("readb 0x%x\n", offset);
1664
    exit(1);
1665
#undef CASE_GET_REG24
1666
#undef CASE_GET_REG32
1667
}
1668

    
1669
static void lsi_reg_writeb(LSIState *s, int offset, uint8_t val)
1670
{
1671
#define CASE_SET_REG24(name, addr) \
1672
    case addr    : s->name &= 0xffffff00; s->name |= val;       break; \
1673
    case addr + 1: s->name &= 0xffff00ff; s->name |= val << 8;  break; \
1674
    case addr + 2: s->name &= 0xff00ffff; s->name |= val << 16; break;
1675

    
1676
#define CASE_SET_REG32(name, addr) \
1677
    case addr    : s->name &= 0xffffff00; s->name |= val;       break; \
1678
    case addr + 1: s->name &= 0xffff00ff; s->name |= val << 8;  break; \
1679
    case addr + 2: s->name &= 0xff00ffff; s->name |= val << 16; break; \
1680
    case addr + 3: s->name &= 0x00ffffff; s->name |= val << 24; break;
1681

    
1682
#ifdef DEBUG_LSI_REG
1683
    DPRINTF("Write reg %x = %02x\n", offset, val);
1684
#endif
1685
    switch (offset) {
1686
    case 0x00: /* SCNTL0 */
1687
        s->scntl0 = val;
1688
        if (val & LSI_SCNTL0_START) {
1689
            BADF("Start sequence not implemented\n");
1690
        }
1691
        break;
1692
    case 0x01: /* SCNTL1 */
1693
        s->scntl1 = val & ~LSI_SCNTL1_SST;
1694
        if (val & LSI_SCNTL1_IARB) {
1695
            BADF("Immediate Arbritration not implemented\n");
1696
        }
1697
        if (val & LSI_SCNTL1_RST) {
1698
            if (!(s->sstat0 & LSI_SSTAT0_RST)) {
1699
                DeviceState *dev;
1700
                int id;
1701

    
1702
                for (id = 0; id < s->bus.ndev; id++) {
1703
                    if (s->bus.devs[id]) {
1704
                        dev = &s->bus.devs[id]->qdev;
1705
                        dev->info->reset(dev);
1706
                    }
1707
                }
1708
                s->sstat0 |= LSI_SSTAT0_RST;
1709
                lsi_script_scsi_interrupt(s, LSI_SIST0_RST, 0);
1710
            }
1711
        } else {
1712
            s->sstat0 &= ~LSI_SSTAT0_RST;
1713
        }
1714
        break;
1715
    case 0x02: /* SCNTL2 */
1716
        val &= ~(LSI_SCNTL2_WSR | LSI_SCNTL2_WSS);
1717
        s->scntl2 = val;
1718
        break;
1719
    case 0x03: /* SCNTL3 */
1720
        s->scntl3 = val;
1721
        break;
1722
    case 0x04: /* SCID */
1723
        s->scid = val;
1724
        break;
1725
    case 0x05: /* SXFER */
1726
        s->sxfer = val;
1727
        break;
1728
    case 0x06: /* SDID */
1729
        if ((val & 0xf) != (s->ssid & 0xf))
1730
            BADF("Destination ID does not match SSID\n");
1731
        s->sdid = val & 0xf;
1732
        break;
1733
    case 0x07: /* GPREG0 */
1734
        break;
1735
    case 0x08: /* SFBR */
1736
        /* The CPU is not allowed to write to this register.  However the
1737
           SCRIPTS register move instructions are.  */
1738
        s->sfbr = val;
1739
        break;
1740
    case 0x0a: case 0x0b:
1741
        /* Openserver writes to these readonly registers on startup */
1742
        return;
1743
    case 0x0c: case 0x0d: case 0x0e: case 0x0f:
1744
        /* Linux writes to these readonly registers on startup.  */
1745
        return;
1746
    CASE_SET_REG32(dsa, 0x10)
1747
    case 0x14: /* ISTAT0 */
1748
        s->istat0 = (s->istat0 & 0x0f) | (val & 0xf0);
1749
        if (val & LSI_ISTAT0_ABRT) {
1750
            lsi_script_dma_interrupt(s, LSI_DSTAT_ABRT);
1751
        }
1752
        if (val & LSI_ISTAT0_INTF) {
1753
            s->istat0 &= ~LSI_ISTAT0_INTF;
1754
            lsi_update_irq(s);
1755
        }
1756
        if (s->waiting == 1 && val & LSI_ISTAT0_SIGP) {
1757
            DPRINTF("Woken by SIGP\n");
1758
            s->waiting = 0;
1759
            s->dsp = s->dnad;
1760
            lsi_execute_script(s);
1761
        }
1762
        if (val & LSI_ISTAT0_SRST) {
1763
            lsi_soft_reset(s);
1764
        }
1765
        break;
1766
    case 0x16: /* MBOX0 */
1767
        s->mbox0 = val;
1768
        break;
1769
    case 0x17: /* MBOX1 */
1770
        s->mbox1 = val;
1771
        break;
1772
    case 0x1a: /* CTEST2 */
1773
        s->ctest2 = val & LSI_CTEST2_PCICIE;
1774
        break;
1775
    case 0x1b: /* CTEST3 */
1776
        s->ctest3 = val & 0x0f;
1777
        break;
1778
    CASE_SET_REG32(temp, 0x1c)
1779
    case 0x21: /* CTEST4 */
1780
        if (val & 7) {
1781
           BADF("Unimplemented CTEST4-FBL 0x%x\n", val);
1782
        }
1783
        s->ctest4 = val;
1784
        break;
1785
    case 0x22: /* CTEST5 */
1786
        if (val & (LSI_CTEST5_ADCK | LSI_CTEST5_BBCK)) {
1787
            BADF("CTEST5 DMA increment not implemented\n");
1788
        }
1789
        s->ctest5 = val;
1790
        break;
1791
    CASE_SET_REG24(dbc, 0x24)
1792
    CASE_SET_REG32(dnad, 0x28)
1793
    case 0x2c: /* DSP[0:7] */
1794
        s->dsp &= 0xffffff00;
1795
        s->dsp |= val;
1796
        break;
1797
    case 0x2d: /* DSP[8:15] */
1798
        s->dsp &= 0xffff00ff;
1799
        s->dsp |= val << 8;
1800
        break;
1801
    case 0x2e: /* DSP[16:23] */
1802
        s->dsp &= 0xff00ffff;
1803
        s->dsp |= val << 16;
1804
        break;
1805
    case 0x2f: /* DSP[24:31] */
1806
        s->dsp &= 0x00ffffff;
1807
        s->dsp |= val << 24;
1808
        if ((s->dmode & LSI_DMODE_MAN) == 0
1809
            && (s->istat1 & LSI_ISTAT1_SRUN) == 0)
1810
            lsi_execute_script(s);
1811
        break;
1812
    CASE_SET_REG32(dsps, 0x30)
1813
    CASE_SET_REG32(scratch[0], 0x34)
1814
    case 0x38: /* DMODE */
1815
        if (val & (LSI_DMODE_SIOM | LSI_DMODE_DIOM)) {
1816
            BADF("IO mappings not implemented\n");
1817
        }
1818
        s->dmode = val;
1819
        break;
1820
    case 0x39: /* DIEN */
1821
        s->dien = val;
1822
        lsi_update_irq(s);
1823
        break;
1824
    case 0x3a: /* SBR */
1825
        s->sbr = val;
1826
        break;
1827
    case 0x3b: /* DCNTL */
1828
        s->dcntl = val & ~(LSI_DCNTL_PFF | LSI_DCNTL_STD);
1829
        if ((val & LSI_DCNTL_STD) && (s->istat1 & LSI_ISTAT1_SRUN) == 0)
1830
            lsi_execute_script(s);
1831
        break;
1832
    case 0x40: /* SIEN0 */
1833
        s->sien0 = val;
1834
        lsi_update_irq(s);
1835
        break;
1836
    case 0x41: /* SIEN1 */
1837
        s->sien1 = val;
1838
        lsi_update_irq(s);
1839
        break;
1840
    case 0x47: /* GPCNTL0 */
1841
        break;
1842
    case 0x48: /* STIME0 */
1843
        s->stime0 = val;
1844
        break;
1845
    case 0x49: /* STIME1 */
1846
        if (val & 0xf) {
1847
            DPRINTF("General purpose timer not implemented\n");
1848
            /* ??? Raising the interrupt immediately seems to be sufficient
1849
               to keep the FreeBSD driver happy.  */
1850
            lsi_script_scsi_interrupt(s, 0, LSI_SIST1_GEN);
1851
        }
1852
        break;
1853
    case 0x4a: /* RESPID0 */
1854
        s->respid0 = val;
1855
        break;
1856
    case 0x4b: /* RESPID1 */
1857
        s->respid1 = val;
1858
        break;
1859
    case 0x4d: /* STEST1 */
1860
        s->stest1 = val;
1861
        break;
1862
    case 0x4e: /* STEST2 */
1863
        if (val & 1) {
1864
            BADF("Low level mode not implemented\n");
1865
        }
1866
        s->stest2 = val;
1867
        break;
1868
    case 0x4f: /* STEST3 */
1869
        if (val & 0x41) {
1870
            BADF("SCSI FIFO test mode not implemented\n");
1871
        }
1872
        s->stest3 = val;
1873
        break;
1874
    case 0x56: /* CCNTL0 */
1875
        s->ccntl0 = val;
1876
        break;
1877
    case 0x57: /* CCNTL1 */
1878
        s->ccntl1 = val;
1879
        break;
1880
    CASE_SET_REG32(mmrs, 0xa0)
1881
    CASE_SET_REG32(mmws, 0xa4)
1882
    CASE_SET_REG32(sfs, 0xa8)
1883
    CASE_SET_REG32(drs, 0xac)
1884
    CASE_SET_REG32(sbms, 0xb0)
1885
    CASE_SET_REG32(dbms, 0xb4)
1886
    CASE_SET_REG32(dnad64, 0xb8)
1887
    CASE_SET_REG32(pmjad1, 0xc0)
1888
    CASE_SET_REG32(pmjad2, 0xc4)
1889
    CASE_SET_REG32(rbc, 0xc8)
1890
    CASE_SET_REG32(ua, 0xcc)
1891
    CASE_SET_REG32(ia, 0xd4)
1892
    CASE_SET_REG32(sbc, 0xd8)
1893
    CASE_SET_REG32(csbc, 0xdc)
1894
    default:
1895
        if (offset >= 0x5c && offset < 0xa0) {
1896
            int n;
1897
            int shift;
1898
            n = (offset - 0x58) >> 2;
1899
            shift = (offset & 3) * 8;
1900
            s->scratch[n] &= ~(0xff << shift);
1901
            s->scratch[n] |= (val & 0xff) << shift;
1902
        } else {
1903
            BADF("Unhandled writeb 0x%x = 0x%x\n", offset, val);
1904
        }
1905
    }
1906
#undef CASE_SET_REG24
1907
#undef CASE_SET_REG32
1908
}
1909

    
1910
static void lsi_mmio_writeb(void *opaque, target_phys_addr_t addr, uint32_t val)
1911
{
1912
    LSIState *s = opaque;
1913

    
1914
    lsi_reg_writeb(s, addr & 0xff, val);
1915
}
1916

    
1917
static void lsi_mmio_writew(void *opaque, target_phys_addr_t addr, uint32_t val)
1918
{
1919
    LSIState *s = opaque;
1920

    
1921
    addr &= 0xff;
1922
    lsi_reg_writeb(s, addr, val & 0xff);
1923
    lsi_reg_writeb(s, addr + 1, (val >> 8) & 0xff);
1924
}
1925

    
1926
static void lsi_mmio_writel(void *opaque, target_phys_addr_t addr, uint32_t val)
1927
{
1928
    LSIState *s = opaque;
1929

    
1930
    addr &= 0xff;
1931
    lsi_reg_writeb(s, addr, val & 0xff);
1932
    lsi_reg_writeb(s, addr + 1, (val >> 8) & 0xff);
1933
    lsi_reg_writeb(s, addr + 2, (val >> 16) & 0xff);
1934
    lsi_reg_writeb(s, addr + 3, (val >> 24) & 0xff);
1935
}
1936

    
1937
static uint32_t lsi_mmio_readb(void *opaque, target_phys_addr_t addr)
1938
{
1939
    LSIState *s = opaque;
1940

    
1941
    return lsi_reg_readb(s, addr & 0xff);
1942
}
1943

    
1944
static uint32_t lsi_mmio_readw(void *opaque, target_phys_addr_t addr)
1945
{
1946
    LSIState *s = opaque;
1947
    uint32_t val;
1948

    
1949
    addr &= 0xff;
1950
    val = lsi_reg_readb(s, addr);
1951
    val |= lsi_reg_readb(s, addr + 1) << 8;
1952
    return val;
1953
}
1954

    
1955
static uint32_t lsi_mmio_readl(void *opaque, target_phys_addr_t addr)
1956
{
1957
    LSIState *s = opaque;
1958
    uint32_t val;
1959
    addr &= 0xff;
1960
    val = lsi_reg_readb(s, addr);
1961
    val |= lsi_reg_readb(s, addr + 1) << 8;
1962
    val |= lsi_reg_readb(s, addr + 2) << 16;
1963
    val |= lsi_reg_readb(s, addr + 3) << 24;
1964
    return val;
1965
}
1966

    
1967
static CPUReadMemoryFunc * const lsi_mmio_readfn[3] = {
1968
    lsi_mmio_readb,
1969
    lsi_mmio_readw,
1970
    lsi_mmio_readl,
1971
};
1972

    
1973
static CPUWriteMemoryFunc * const lsi_mmio_writefn[3] = {
1974
    lsi_mmio_writeb,
1975
    lsi_mmio_writew,
1976
    lsi_mmio_writel,
1977
};
1978

    
1979
static void lsi_ram_writeb(void *opaque, target_phys_addr_t addr, uint32_t val)
1980
{
1981
    LSIState *s = opaque;
1982
    uint32_t newval;
1983
    int shift;
1984

    
1985
    addr &= 0x1fff;
1986
    newval = s->script_ram[addr >> 2];
1987
    shift = (addr & 3) * 8;
1988
    newval &= ~(0xff << shift);
1989
    newval |= val << shift;
1990
    s->script_ram[addr >> 2] = newval;
1991
}
1992

    
1993
static void lsi_ram_writew(void *opaque, target_phys_addr_t addr, uint32_t val)
1994
{
1995
    LSIState *s = opaque;
1996
    uint32_t newval;
1997

    
1998
    addr &= 0x1fff;
1999
    newval = s->script_ram[addr >> 2];
2000
    if (addr & 2) {
2001
        newval = (newval & 0xffff) | (val << 16);
2002
    } else {
2003
        newval = (newval & 0xffff0000) | val;
2004
    }
2005
    s->script_ram[addr >> 2] = newval;
2006
}
2007

    
2008

    
2009
static void lsi_ram_writel(void *opaque, target_phys_addr_t addr, uint32_t val)
2010
{
2011
    LSIState *s = opaque;
2012

    
2013
    addr &= 0x1fff;
2014
    s->script_ram[addr >> 2] = val;
2015
}
2016

    
2017
static uint32_t lsi_ram_readb(void *opaque, target_phys_addr_t addr)
2018
{
2019
    LSIState *s = opaque;
2020
    uint32_t val;
2021

    
2022
    addr &= 0x1fff;
2023
    val = s->script_ram[addr >> 2];
2024
    val >>= (addr & 3) * 8;
2025
    return val & 0xff;
2026
}
2027

    
2028
static uint32_t lsi_ram_readw(void *opaque, target_phys_addr_t addr)
2029
{
2030
    LSIState *s = opaque;
2031
    uint32_t val;
2032

    
2033
    addr &= 0x1fff;
2034
    val = s->script_ram[addr >> 2];
2035
    if (addr & 2)
2036
        val >>= 16;
2037
    return val;
2038
}
2039

    
2040
static uint32_t lsi_ram_readl(void *opaque, target_phys_addr_t addr)
2041
{
2042
    LSIState *s = opaque;
2043

    
2044
    addr &= 0x1fff;
2045
    return s->script_ram[addr >> 2];
2046
}
2047

    
2048
static CPUReadMemoryFunc * const lsi_ram_readfn[3] = {
2049
    lsi_ram_readb,
2050
    lsi_ram_readw,
2051
    lsi_ram_readl,
2052
};
2053

    
2054
static CPUWriteMemoryFunc * const lsi_ram_writefn[3] = {
2055
    lsi_ram_writeb,
2056
    lsi_ram_writew,
2057
    lsi_ram_writel,
2058
};
2059

    
2060
static uint32_t lsi_io_readb(void *opaque, uint32_t addr)
2061
{
2062
    LSIState *s = opaque;
2063
    return lsi_reg_readb(s, addr & 0xff);
2064
}
2065

    
2066
static uint32_t lsi_io_readw(void *opaque, uint32_t addr)
2067
{
2068
    LSIState *s = opaque;
2069
    uint32_t val;
2070
    addr &= 0xff;
2071
    val = lsi_reg_readb(s, addr);
2072
    val |= lsi_reg_readb(s, addr + 1) << 8;
2073
    return val;
2074
}
2075

    
2076
static uint32_t lsi_io_readl(void *opaque, uint32_t addr)
2077
{
2078
    LSIState *s = opaque;
2079
    uint32_t val;
2080
    addr &= 0xff;
2081
    val = lsi_reg_readb(s, addr);
2082
    val |= lsi_reg_readb(s, addr + 1) << 8;
2083
    val |= lsi_reg_readb(s, addr + 2) << 16;
2084
    val |= lsi_reg_readb(s, addr + 3) << 24;
2085
    return val;
2086
}
2087

    
2088
static void lsi_io_writeb(void *opaque, uint32_t addr, uint32_t val)
2089
{
2090
    LSIState *s = opaque;
2091
    lsi_reg_writeb(s, addr & 0xff, val);
2092
}
2093

    
2094
static void lsi_io_writew(void *opaque, uint32_t addr, uint32_t val)
2095
{
2096
    LSIState *s = opaque;
2097
    addr &= 0xff;
2098
    lsi_reg_writeb(s, addr, val & 0xff);
2099
    lsi_reg_writeb(s, addr + 1, (val >> 8) & 0xff);
2100
}
2101

    
2102
static void lsi_io_writel(void *opaque, uint32_t addr, uint32_t val)
2103
{
2104
    LSIState *s = opaque;
2105
    addr &= 0xff;
2106
    lsi_reg_writeb(s, addr, val & 0xff);
2107
    lsi_reg_writeb(s, addr + 1, (val >> 8) & 0xff);
2108
    lsi_reg_writeb(s, addr + 2, (val >> 16) & 0xff);
2109
    lsi_reg_writeb(s, addr + 3, (val >> 24) & 0xff);
2110
}
2111

    
2112
static void lsi_io_mapfunc(PCIDevice *pci_dev, int region_num,
2113
                           pcibus_t addr, pcibus_t size, int type)
2114
{
2115
    LSIState *s = DO_UPCAST(LSIState, dev, pci_dev);
2116

    
2117
    DPRINTF("Mapping IO at %08"FMT_PCIBUS"\n", addr);
2118

    
2119
    register_ioport_write(addr, 256, 1, lsi_io_writeb, s);
2120
    register_ioport_read(addr, 256, 1, lsi_io_readb, s);
2121
    register_ioport_write(addr, 256, 2, lsi_io_writew, s);
2122
    register_ioport_read(addr, 256, 2, lsi_io_readw, s);
2123
    register_ioport_write(addr, 256, 4, lsi_io_writel, s);
2124
    register_ioport_read(addr, 256, 4, lsi_io_readl, s);
2125
}
2126

    
2127
static void lsi_ram_mapfunc(PCIDevice *pci_dev, int region_num,
2128
                            pcibus_t addr, pcibus_t size, int type)
2129
{
2130
    LSIState *s = DO_UPCAST(LSIState, dev, pci_dev);
2131

    
2132
    DPRINTF("Mapping ram at %08"FMT_PCIBUS"\n", addr);
2133
    s->script_ram_base = addr;
2134
    cpu_register_physical_memory(addr + 0, 0x2000, s->ram_io_addr);
2135
}
2136

    
2137
static void lsi_scsi_reset(DeviceState *dev)
2138
{
2139
    LSIState *s = DO_UPCAST(LSIState, dev.qdev, dev);
2140

    
2141
    lsi_soft_reset(s);
2142
}
2143

    
2144
static void lsi_pre_save(void *opaque)
2145
{
2146
    LSIState *s = opaque;
2147

    
2148
    if (s->current) {
2149
        assert(s->current->dma_buf == NULL);
2150
        assert(s->current->dma_len == 0);
2151
    }
2152
    assert(QTAILQ_EMPTY(&s->queue));
2153
}
2154

    
2155
static const VMStateDescription vmstate_lsi_scsi = {
2156
    .name = "lsiscsi",
2157
    .version_id = 0,
2158
    .minimum_version_id = 0,
2159
    .minimum_version_id_old = 0,
2160
    .pre_save = lsi_pre_save,
2161
    .fields      = (VMStateField []) {
2162
        VMSTATE_PCI_DEVICE(dev, LSIState),
2163

    
2164
        VMSTATE_INT32(carry, LSIState),
2165
        VMSTATE_INT32(status, LSIState),
2166
        VMSTATE_INT32(msg_action, LSIState),
2167
        VMSTATE_INT32(msg_len, LSIState),
2168
        VMSTATE_BUFFER(msg, LSIState),
2169
        VMSTATE_INT32(waiting, LSIState),
2170

    
2171
        VMSTATE_UINT32(dsa, LSIState),
2172
        VMSTATE_UINT32(temp, LSIState),
2173
        VMSTATE_UINT32(dnad, LSIState),
2174
        VMSTATE_UINT32(dbc, LSIState),
2175
        VMSTATE_UINT8(istat0, LSIState),
2176
        VMSTATE_UINT8(istat1, LSIState),
2177
        VMSTATE_UINT8(dcmd, LSIState),
2178
        VMSTATE_UINT8(dstat, LSIState),
2179
        VMSTATE_UINT8(dien, LSIState),
2180
        VMSTATE_UINT8(sist0, LSIState),
2181
        VMSTATE_UINT8(sist1, LSIState),
2182
        VMSTATE_UINT8(sien0, LSIState),
2183
        VMSTATE_UINT8(sien1, LSIState),
2184
        VMSTATE_UINT8(mbox0, LSIState),
2185
        VMSTATE_UINT8(mbox1, LSIState),
2186
        VMSTATE_UINT8(dfifo, LSIState),
2187
        VMSTATE_UINT8(ctest2, LSIState),
2188
        VMSTATE_UINT8(ctest3, LSIState),
2189
        VMSTATE_UINT8(ctest4, LSIState),
2190
        VMSTATE_UINT8(ctest5, LSIState),
2191
        VMSTATE_UINT8(ccntl0, LSIState),
2192
        VMSTATE_UINT8(ccntl1, LSIState),
2193
        VMSTATE_UINT32(dsp, LSIState),
2194
        VMSTATE_UINT32(dsps, LSIState),
2195
        VMSTATE_UINT8(dmode, LSIState),
2196
        VMSTATE_UINT8(dcntl, LSIState),
2197
        VMSTATE_UINT8(scntl0, LSIState),
2198
        VMSTATE_UINT8(scntl1, LSIState),
2199
        VMSTATE_UINT8(scntl2, LSIState),
2200
        VMSTATE_UINT8(scntl3, LSIState),
2201
        VMSTATE_UINT8(sstat0, LSIState),
2202
        VMSTATE_UINT8(sstat1, LSIState),
2203
        VMSTATE_UINT8(scid, LSIState),
2204
        VMSTATE_UINT8(sxfer, LSIState),
2205
        VMSTATE_UINT8(socl, LSIState),
2206
        VMSTATE_UINT8(sdid, LSIState),
2207
        VMSTATE_UINT8(ssid, LSIState),
2208
        VMSTATE_UINT8(sfbr, LSIState),
2209
        VMSTATE_UINT8(stest1, LSIState),
2210
        VMSTATE_UINT8(stest2, LSIState),
2211
        VMSTATE_UINT8(stest3, LSIState),
2212
        VMSTATE_UINT8(sidl, LSIState),
2213
        VMSTATE_UINT8(stime0, LSIState),
2214
        VMSTATE_UINT8(respid0, LSIState),
2215
        VMSTATE_UINT8(respid1, LSIState),
2216
        VMSTATE_UINT32(mmrs, LSIState),
2217
        VMSTATE_UINT32(mmws, LSIState),
2218
        VMSTATE_UINT32(sfs, LSIState),
2219
        VMSTATE_UINT32(drs, LSIState),
2220
        VMSTATE_UINT32(sbms, LSIState),
2221
        VMSTATE_UINT32(dbms, LSIState),
2222
        VMSTATE_UINT32(dnad64, LSIState),
2223
        VMSTATE_UINT32(pmjad1, LSIState),
2224
        VMSTATE_UINT32(pmjad2, LSIState),
2225
        VMSTATE_UINT32(rbc, LSIState),
2226
        VMSTATE_UINT32(ua, LSIState),
2227
        VMSTATE_UINT32(ia, LSIState),
2228
        VMSTATE_UINT32(sbc, LSIState),
2229
        VMSTATE_UINT32(csbc, LSIState),
2230
        VMSTATE_BUFFER_UNSAFE(scratch, LSIState, 0, 18 * sizeof(uint32_t)),
2231
        VMSTATE_UINT8(sbr, LSIState),
2232

    
2233
        VMSTATE_BUFFER_UNSAFE(script_ram, LSIState, 0, 2048 * sizeof(uint32_t)),
2234
        VMSTATE_END_OF_LIST()
2235
    }
2236
};
2237

    
2238
static int lsi_scsi_uninit(PCIDevice *d)
2239
{
2240
    LSIState *s = DO_UPCAST(LSIState, dev, d);
2241

    
2242
    cpu_unregister_io_memory(s->mmio_io_addr);
2243
    cpu_unregister_io_memory(s->ram_io_addr);
2244

    
2245
    return 0;
2246
}
2247

    
2248
static const struct SCSIBusOps lsi_scsi_ops = {
2249
    .complete = lsi_command_complete,
2250
    .cancel = lsi_request_cancelled
2251
};
2252

    
2253
static int lsi_scsi_init(PCIDevice *dev)
2254
{
2255
    LSIState *s = DO_UPCAST(LSIState, dev, dev);
2256
    uint8_t *pci_conf;
2257

    
2258
    pci_conf = s->dev.config;
2259

    
2260
    /* PCI Vendor ID (word) */
2261
    pci_config_set_vendor_id(pci_conf, PCI_VENDOR_ID_LSI_LOGIC);
2262
    /* PCI device ID (word) */
2263
    pci_config_set_device_id(pci_conf, PCI_DEVICE_ID_LSI_53C895A);
2264
    /* PCI base class code */
2265
    pci_config_set_class(pci_conf, PCI_CLASS_STORAGE_SCSI);
2266
    /* PCI subsystem ID */
2267
    pci_conf[PCI_SUBSYSTEM_ID] = 0x00;
2268
    pci_conf[PCI_SUBSYSTEM_ID + 1] = 0x10;
2269
    /* PCI latency timer = 255 */
2270
    pci_conf[PCI_LATENCY_TIMER] = 0xff;
2271
    /* TODO: RST# value should be 0 */
2272
    /* Interrupt pin 1 */
2273
    pci_conf[PCI_INTERRUPT_PIN] = 0x01;
2274

    
2275
    s->mmio_io_addr = cpu_register_io_memory(lsi_mmio_readfn,
2276
                                             lsi_mmio_writefn, s,
2277
                                             DEVICE_NATIVE_ENDIAN);
2278
    s->ram_io_addr = cpu_register_io_memory(lsi_ram_readfn,
2279
                                            lsi_ram_writefn, s,
2280
                                            DEVICE_NATIVE_ENDIAN);
2281

    
2282
    pci_register_bar(&s->dev, 0, 256,
2283
                           PCI_BASE_ADDRESS_SPACE_IO, lsi_io_mapfunc);
2284
    pci_register_bar_simple(&s->dev, 1, 0x400, 0, s->mmio_io_addr);
2285
    pci_register_bar(&s->dev, 2, 0x2000,
2286
                           PCI_BASE_ADDRESS_SPACE_MEMORY, lsi_ram_mapfunc);
2287
    QTAILQ_INIT(&s->queue);
2288

    
2289
    scsi_bus_new(&s->bus, &dev->qdev, 1, LSI_MAX_DEVS, &lsi_scsi_ops);
2290
    if (!dev->qdev.hotplugged) {
2291
        return scsi_bus_legacy_handle_cmdline(&s->bus);
2292
    }
2293
    return 0;
2294
}
2295

    
2296
static PCIDeviceInfo lsi_info = {
2297
    .qdev.name  = "lsi53c895a",
2298
    .qdev.alias = "lsi",
2299
    .qdev.size  = sizeof(LSIState),
2300
    .qdev.reset = lsi_scsi_reset,
2301
    .qdev.vmsd  = &vmstate_lsi_scsi,
2302
    .init       = lsi_scsi_init,
2303
    .exit       = lsi_scsi_uninit,
2304
};
2305

    
2306
static void lsi53c895a_register_devices(void)
2307
{
2308
    pci_qdev_register(&lsi_info);
2309
}
2310

    
2311
device_init(lsi53c895a_register_devices);