]> git.proxmox.com Git - mirror_qemu.git/blame - hw/scsi/lsi53c895a.c
projects / mirror_qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
scsi-disk: ensure block size is non-zero and changes limited to bits 8-15
[mirror_qemu.git] / hw / scsi / lsi53c895a.c
CommitLineData
5fafdf24 1/*
7d8406be
PB		 2 * QEMU LSI53C895A SCSI Host Bus Adapter emulation
3 *
4 * Copyright (c) 2006 CodeSourcery.
5 * Written by Paul Brook
6 *
8e31bf38 7 * This code is licensed under the LGPL.
7d8406be
PB		 8 */
9
ceae18bd
HP		 10/* Note:
11 * LSI53C810 emulation is incorrect, in the sense that it supports
12 * features added in later evolutions. This should not be a problem,
13 * as well-behaved operating systems will not try to use them.
14 */
15
a4ab4792 16#include "qemu/osdep.h"
777aec7a 17
64552b6b 18#include "hw/irq.h"
83c9f4ca 19#include "hw/pci/pci.h"
0d09e41a 20#include "hw/scsi/scsi.h"
d6454270 21#include "migration/vmstate.h"
9c17d615 22#include "sysemu/dma.h"
85a20bc4 23#include "qemu/log.h"
0b8fa32f 24#include "qemu/module.h"
c921370b 25#include "trace.h"
db1015e9 26#include "qom/object.h"
7d8406be 27
64eb7491
HP		 28static const char *names[] = {
29 "SCNTL0", "SCNTL1", "SCNTL2", "SCNTL3", "SCID", "SXFER", "SDID", "GPREG",
30 "SFBR", "SOCL", "SSID", "SBCL", "DSTAT", "SSTAT0", "SSTAT1", "SSTAT2",
31 "DSA0", "DSA1", "DSA2", "DSA3", "ISTAT", "0x15", "0x16", "0x17",
32 "CTEST0", "CTEST1", "CTEST2", "CTEST3", "TEMP0", "TEMP1", "TEMP2", "TEMP3",
33 "DFIFO", "CTEST4", "CTEST5", "CTEST6", "DBC0", "DBC1", "DBC2", "DCMD",
34 "DNAD0", "DNAD1", "DNAD2", "DNAD3", "DSP0", "DSP1", "DSP2", "DSP3",
35 "DSPS0", "DSPS1", "DSPS2", "DSPS3", "SCRATCHA0", "SCRATCHA1", "SCRATCHA2", "SCRATCHA3",
36 "DMODE", "DIEN", "SBR", "DCNTL", "ADDER0", "ADDER1", "ADDER2", "ADDER3",
37 "SIEN0", "SIEN1", "SIST0", "SIST1", "SLPAR", "0x45", "MACNTL", "GPCNTL",
38 "STIME0", "STIME1", "RESPID", "0x4b", "STEST0", "STEST1", "STEST2", "STEST3",
39 "SIDL", "0x51", "0x52", "0x53", "SODL", "0x55", "0x56", "0x57",
40 "SBDL", "0x59", "0x5a", "0x5b", "SCRATCHB0", "SCRATCHB1", "SCRATCHB2", "SCRATCHB3",
41};
64eb7491 42
18e08a55
MT		 43#define LSI_MAX_DEVS 7
44
7d8406be
PB		 45#define LSI_SCNTL0_TRG 0x01
46#define LSI_SCNTL0_AAP 0x02
47#define LSI_SCNTL0_EPC 0x08
48#define LSI_SCNTL0_WATN 0x10
49#define LSI_SCNTL0_START 0x20
50
51#define LSI_SCNTL1_SST 0x01
52#define LSI_SCNTL1_IARB 0x02
53#define LSI_SCNTL1_AESP 0x04
54#define LSI_SCNTL1_RST 0x08
55#define LSI_SCNTL1_CON 0x10
56#define LSI_SCNTL1_DHP 0x20
57#define LSI_SCNTL1_ADB 0x40
58#define LSI_SCNTL1_EXC 0x80
59
60#define LSI_SCNTL2_WSR 0x01
61#define LSI_SCNTL2_VUE0 0x02
62#define LSI_SCNTL2_VUE1 0x04
63#define LSI_SCNTL2_WSS 0x08
64#define LSI_SCNTL2_SLPHBEN 0x10
65#define LSI_SCNTL2_SLPMD 0x20
66#define LSI_SCNTL2_CHM 0x40
67#define LSI_SCNTL2_SDU 0x80
68
69#define LSI_ISTAT0_DIP 0x01
70#define LSI_ISTAT0_SIP 0x02
71#define LSI_ISTAT0_INTF 0x04
72#define LSI_ISTAT0_CON 0x08
73#define LSI_ISTAT0_SEM 0x10
74#define LSI_ISTAT0_SIGP 0x20
75#define LSI_ISTAT0_SRST 0x40
76#define LSI_ISTAT0_ABRT 0x80
77
78#define LSI_ISTAT1_SI 0x01
79#define LSI_ISTAT1_SRUN 0x02
80#define LSI_ISTAT1_FLSH 0x04
81
82#define LSI_SSTAT0_SDP0 0x01
83#define LSI_SSTAT0_RST 0x02
84#define LSI_SSTAT0_WOA 0x04
85#define LSI_SSTAT0_LOA 0x08
86#define LSI_SSTAT0_AIP 0x10
87#define LSI_SSTAT0_OLF 0x20
88#define LSI_SSTAT0_ORF 0x40
89#define LSI_SSTAT0_ILF 0x80
90
91#define LSI_SIST0_PAR 0x01
92#define LSI_SIST0_RST 0x02
93#define LSI_SIST0_UDC 0x04
94#define LSI_SIST0_SGE 0x08
95#define LSI_SIST0_RSL 0x10
96#define LSI_SIST0_SEL 0x20
97#define LSI_SIST0_CMP 0x40
98#define LSI_SIST0_MA 0x80
99
100#define LSI_SIST1_HTH 0x01
101#define LSI_SIST1_GEN 0x02
102#define LSI_SIST1_STO 0x04
103#define LSI_SIST1_SBMC 0x10
104
105#define LSI_SOCL_IO 0x01
106#define LSI_SOCL_CD 0x02
107#define LSI_SOCL_MSG 0x04
108#define LSI_SOCL_ATN 0x08
109#define LSI_SOCL_SEL 0x10
110#define LSI_SOCL_BSY 0x20
111#define LSI_SOCL_ACK 0x40
112#define LSI_SOCL_REQ 0x80
113
114#define LSI_DSTAT_IID 0x01
115#define LSI_DSTAT_SIR 0x04
116#define LSI_DSTAT_SSI 0x08
117#define LSI_DSTAT_ABRT 0x10
118#define LSI_DSTAT_BF 0x20
119#define LSI_DSTAT_MDPE 0x40
120#define LSI_DSTAT_DFE 0x80
121
122#define LSI_DCNTL_COM 0x01
123#define LSI_DCNTL_IRQD 0x02
124#define LSI_DCNTL_STD 0x04
125#define LSI_DCNTL_IRQM 0x08
126#define LSI_DCNTL_SSM 0x10
127#define LSI_DCNTL_PFEN 0x20
128#define LSI_DCNTL_PFF 0x40
129#define LSI_DCNTL_CLSE 0x80
130
131#define LSI_DMODE_MAN 0x01
132#define LSI_DMODE_BOF 0x02
133#define LSI_DMODE_ERMP 0x04
134#define LSI_DMODE_ERL 0x08
135#define LSI_DMODE_DIOM 0x10
136#define LSI_DMODE_SIOM 0x20
137
138#define LSI_CTEST2_DACK 0x01
139#define LSI_CTEST2_DREQ 0x02
140#define LSI_CTEST2_TEOP 0x04
141#define LSI_CTEST2_PCICIE 0x08
142#define LSI_CTEST2_CM 0x10
143#define LSI_CTEST2_CIO 0x20
144#define LSI_CTEST2_SIGP 0x40
145#define LSI_CTEST2_DDIR 0x80
146
147#define LSI_CTEST5_BL2 0x04
148#define LSI_CTEST5_DDIR 0x08
149#define LSI_CTEST5_MASR 0x10
150#define LSI_CTEST5_DFSN 0x20
151#define LSI_CTEST5_BBCK 0x40
152#define LSI_CTEST5_ADCK 0x80
153
154#define LSI_CCNTL0_DILS 0x01
155#define LSI_CCNTL0_DISFC 0x10
156#define LSI_CCNTL0_ENNDJ 0x20
157#define LSI_CCNTL0_PMJCTL 0x40
158#define LSI_CCNTL0_ENPMJ 0x80
159
b25cf589
AL		 160#define LSI_CCNTL1_EN64DBMV 0x01
161#define LSI_CCNTL1_EN64TIBMV 0x02
162#define LSI_CCNTL1_64TIMOD 0x04
163#define LSI_CCNTL1_DDAC 0x08
164#define LSI_CCNTL1_ZMOD 0x80
165
12dd89f7
SS		 166#define LSI_SBCL_ATN 0x08
167#define LSI_SBCL_BSY 0x20
168#define LSI_SBCL_ACK 0x40
169#define LSI_SBCL_REQ 0x80
170
e560125e
LA		 171/* Enable Response to Reselection */
172#define LSI_SCID_RRE 0x60
173
b25cf589
AL		 174#define LSI_CCNTL1_40BIT (LSI_CCNTL1_EN64TIBMV|LSI_CCNTL1_64TIMOD)
175
7d8406be
PB		 176#define PHASE_DO 0
177#define PHASE_DI 1
178#define PHASE_CMD 2
179#define PHASE_ST 3
180#define PHASE_MO 6
181#define PHASE_MI 7
182#define PHASE_MASK 7
183
a917d384
PB		 184/* Maximum length of MSG IN data. */
185#define LSI_MAX_MSGIN_LEN 8
186
187/* Flag set if this is a tagged command. */
188#define LSI_TAG_VALID (1 << 16)
189
de594e47
PB		 190/* Maximum instructions to process. */
191#define LSI_MAX_INSN 10000
192
042ec49d 193typedef struct lsi_request {
5c6c0e51 194 SCSIRequest *req;
a917d384 195 uint32_t tag;
b96a0da0
GH		 196 uint32_t dma_len;
197 uint8_t *dma_buf;
a917d384
PB		 198 uint32_t pending;
199 int out;
042ec49d
GH		 200 QTAILQ_ENTRY(lsi_request) next;
201} lsi_request;
4d611c9a 202
f08ec2b8
SS		 203enum {
204 LSI_NOWAIT, /* SCRIPTS are running or stopped */
205 LSI_WAIT_RESELECT, /* Wait Reselect instruction has been issued */
206 LSI_DMA_SCRIPTS, /* processing DMA from lsi_execute_script */
207 LSI_DMA_IN_PROGRESS, /* DMA operation is in progress */
208};
209
4ae63d37
SS		 210enum {
211 LSI_MSG_ACTION_COMMAND = 0,
212 LSI_MSG_ACTION_DISCONNECT = 1,
213 LSI_MSG_ACTION_DOUT = 2,
214 LSI_MSG_ACTION_DIN = 3,
215};
216
db1015e9 217struct LSIState {
725eec70
AF		 218 /*< private >*/
219 PCIDevice parent_obj;
220 /*< public >*/
221
3cc1b9cb 222 qemu_irq ext_irq;
b0ce84e5
AK		 223 MemoryRegion mmio_io;
224 MemoryRegion ram_io;
225 MemoryRegion io_io;
a8632434 226 AddressSpace pci_io_as;
7d8406be
PB		 227
228 int carry; /* ??? Should this be an a visible register somewhere? */
2f172849 229 int status;
a917d384
PB		 230 int msg_action;
231 int msg_len;
232 uint8_t msg[LSI_MAX_MSGIN_LEN];
7d8406be 233 int waiting;
ca9c39fa 234 SCSIBus bus;
7d8406be 235 int current_lun;
a917d384 236 /* The tag is a combination of the device ID and the SCSI tag. */
af12ac98 237 uint32_t select_tag;
8ccc2ace 238 int command_complete;
042ec49d 239 QTAILQ_HEAD(, lsi_request) queue;
af12ac98 240 lsi_request *current;
7d8406be
PB		 241
242 uint32_t dsa;
243 uint32_t temp;
244 uint32_t dnad;
245 uint32_t dbc;
246 uint8_t istat0;
247 uint8_t istat1;
248 uint8_t dcmd;
249 uint8_t dstat;
250 uint8_t dien;
251 uint8_t sist0;
252 uint8_t sist1;
253 uint8_t sien0;
254 uint8_t sien1;
255 uint8_t mbox0;
256 uint8_t mbox1;
257 uint8_t dfifo;
9167a69a 258 uint8_t ctest2;
7d8406be
PB		 259 uint8_t ctest3;
260 uint8_t ctest4;
261 uint8_t ctest5;
262 uint8_t ccntl0;
263 uint8_t ccntl1;
264 uint32_t dsp;
265 uint32_t dsps;
266 uint8_t dmode;
267 uint8_t dcntl;
268 uint8_t scntl0;
269 uint8_t scntl1;
270 uint8_t scntl2;
271 uint8_t scntl3;
272 uint8_t sstat0;
273 uint8_t sstat1;
274 uint8_t scid;
275 uint8_t sxfer;
276 uint8_t socl;
277 uint8_t sdid;
a917d384 278 uint8_t ssid;
7d8406be 279 uint8_t sfbr;
12dd89f7 280 uint8_t sbcl;
7d8406be
PB		 281 uint8_t stest1;
282 uint8_t stest2;
283 uint8_t stest3;
a917d384 284 uint8_t sidl;
7d8406be
PB		 285 uint8_t stime0;
286 uint8_t respid0;
287 uint8_t respid1;
288 uint32_t mmrs;
289 uint32_t mmws;
290 uint32_t sfs;
291 uint32_t drs;
292 uint32_t sbms;
ab57d967 293 uint32_t dbms;
7d8406be
PB		 294 uint32_t dnad64;
295 uint32_t pmjad1;
296 uint32_t pmjad2;
297 uint32_t rbc;
298 uint32_t ua;
299 uint32_t ia;
300 uint32_t sbc;
301 uint32_t csbc;
dcfb9014 302 uint32_t scratch[18]; /* SCRATCHA-SCRATCHR */
bd8ee11a 303 uint8_t sbr;
6f84da3a 304 uint32_t adder;
7d8406be 305
811a75ba 306 uint8_t script_ram[2048 * sizeof(uint32_t)];
db1015e9 307};
7d8406be 308
ceae18bd 309#define TYPE_LSI53C810 "lsi53c810"
71186c86
PC		 310#define TYPE_LSI53C895A "lsi53c895a"
311
8063396b 312OBJECT_DECLARE_SIMPLE_TYPE(LSIState, LSI53C895A)
71186c86 313
82cf2bcf
SS		 314static const char *scsi_phases[] = {
315 "DOUT",
316 "DIN",
317 "CMD",
318 "STATUS",
319 "RSVOUT",
320 "RSVIN",
321 "MSGOUT",
322 "MSGIN"
323};
324
325static const char *scsi_phase_name(int phase)
326{
327 return scsi_phases[phase & PHASE_MASK];
328}
329
e560125e
LA		 330static inline int lsi_irq_on_rsl(LSIState *s)
331{
332 return (s->sien0 & LSI_SIST0_RSL) && (s->scid & LSI_SCID_RRE);
333}
334
56333e69
GK		 335static lsi_request *get_pending_req(LSIState *s)
336{
337 lsi_request *p;
338
339 QTAILQ_FOREACH(p, &s->queue, next) {
340 if (p->pending) {
341 return p;
342 }
343 }
344 return NULL;
345}
346
7d8406be
PB		 347static void lsi_soft_reset(LSIState *s)
348{
c921370b 349 trace_lsi_reset();
7d8406be
PB		 350 s->carry = 0;
351
4ae63d37 352 s->msg_action = LSI_MSG_ACTION_COMMAND;
d43ba0af 353 s->msg_len = 0;
f08ec2b8 354 s->waiting = LSI_NOWAIT;
7d8406be
PB		 355 s->dsa = 0;
356 s->dnad = 0;
357 s->dbc = 0;
358 s->temp = 0;
359 memset(s->scratch, 0, sizeof(s->scratch));
360 s->istat0 = 0;
361 s->istat1 = 0;
12aa6dd6 362 s->dcmd = 0x40;
98f62e3d 363 s->dstat = 0;
7d8406be
PB		 364 s->dien = 0;
365 s->sist0 = 0;
366 s->sist1 = 0;
367 s->sien0 = 0;
368 s->sien1 = 0;
369 s->mbox0 = 0;
370 s->mbox1 = 0;
371 s->dfifo = 0;
12aa6dd6 372 s->ctest2 = LSI_CTEST2_DACK;
7d8406be
PB		 373 s->ctest3 = 0;
374 s->ctest4 = 0;
375 s->ctest5 = 0;
376 s->ccntl0 = 0;
377 s->ccntl1 = 0;
378 s->dsp = 0;
379 s->dsps = 0;
380 s->dmode = 0;
381 s->dcntl = 0;
382 s->scntl0 = 0xc0;
383 s->scntl1 = 0;
384 s->scntl2 = 0;
385 s->scntl3 = 0;
386 s->sstat0 = 0;
387 s->sstat1 = 0;
388 s->scid = 7;
389 s->sxfer = 0;
390 s->socl = 0;
12aa6dd6
JK		 391 s->sdid = 0;
392 s->ssid = 0;
12dd89f7 393 s->sbcl = 0;
7d8406be
PB		 394 s->stest1 = 0;
395 s->stest2 = 0;
396 s->stest3 = 0;
a917d384 397 s->sidl = 0;
7d8406be
PB		 398 s->stime0 = 0;
399 s->respid0 = 0x80;
400 s->respid1 = 0;
401 s->mmrs = 0;
402 s->mmws = 0;
403 s->sfs = 0;
404 s->drs = 0;
405 s->sbms = 0;
ab57d967 406 s->dbms = 0;
7d8406be
PB		 407 s->dnad64 = 0;
408 s->pmjad1 = 0;
409 s->pmjad2 = 0;
410 s->rbc = 0;
411 s->ua = 0;
412 s->ia = 0;
413 s->sbc = 0;
414 s->csbc = 0;
bd8ee11a 415 s->sbr = 0;
2f0772c5
PB		 416 assert(QTAILQ_EMPTY(&s->queue));
417 assert(!s->current);
7d8406be
PB		 418}
419
b25cf589
AL		 420static int lsi_dma_40bit(LSIState *s)
421{
422 if ((s->ccntl1 & LSI_CCNTL1_40BIT) == LSI_CCNTL1_40BIT)
423 return 1;
424 return 0;
425}
426
dd8edf01
AL		 427static int lsi_dma_ti64bit(LSIState *s)
428{
429 if ((s->ccntl1 & LSI_CCNTL1_EN64TIBMV) == LSI_CCNTL1_EN64TIBMV)
430 return 1;
431 return 0;
432}
433
434static int lsi_dma_64bit(LSIState *s)
435{
436 if ((s->ccntl1 & LSI_CCNTL1_EN64DBMV) == LSI_CCNTL1_EN64DBMV)
437 return 1;
438 return 0;
439}
440
7d8406be
PB		 441static uint8_t lsi_reg_readb(LSIState *s, int offset);
442static void lsi_reg_writeb(LSIState *s, int offset, uint8_t val);
4d611c9a 443static void lsi_execute_script(LSIState *s);
aa4d32c4 444static void lsi_reselect(LSIState *s, lsi_request *p);
7d8406be 445
3975bb56 446static inline void lsi_mem_read(LSIState *s, dma_addr_t addr,
a8632434
HP		 447 void *buf, dma_addr_t len)
448{
449 if (s->dmode & LSI_DMODE_SIOM) {
450 address_space_read(&s->pci_io_as, addr, MEMTXATTRS_UNSPECIFIED,
451 buf, len);
a8632434 452 } else {
3975bb56 453 pci_dma_read(PCI_DEVICE(s), addr, buf, len);
a8632434
HP		 454 }
455}
456
3975bb56 457static inline void lsi_mem_write(LSIState *s, dma_addr_t addr,
a8632434
HP		 458 const void *buf, dma_addr_t len)
459{
460 if (s->dmode & LSI_DMODE_DIOM) {
461 address_space_write(&s->pci_io_as, addr, MEMTXATTRS_UNSPECIFIED,
462 buf, len);
a8632434 463 } else {
3975bb56 464 pci_dma_write(PCI_DEVICE(s), addr, buf, len);
a8632434
HP		 465 }
466}
467
7d8406be
PB		 468static inline uint32_t read_dword(LSIState *s, uint32_t addr)
469{
470 uint32_t buf;
471
725eec70 472 pci_dma_read(PCI_DEVICE(s), addr, &buf, 4);
7d8406be
PB		 473 return cpu_to_le32(buf);
474}
475
476static void lsi_stop_script(LSIState *s)
477{
478 s->istat1 &= ~LSI_ISTAT1_SRUN;
479}
480
3cc1b9cb 481static void lsi_set_irq(LSIState *s, int level)
7d8406be 482{
725eec70 483 PCIDevice *d = PCI_DEVICE(s);
3cc1b9cb
MCA		 484
485 if (s->ext_irq) {
486 qemu_set_irq(s->ext_irq, level);
487 } else {
488 pci_set_irq(d, level);
489 }
490}
491
492static void lsi_update_irq(LSIState *s)
493{
7d8406be
PB		 494 int level;
495 static int last_level;
496
497 /* It's unclear whether the DIP/SIP bits should be cleared when the
498 Interrupt Status Registers are cleared or when istat0 is read.
499 We currently do the formwer, which seems to work. */
500 level = 0;
501 if (s->dstat) {
502 if (s->dstat & s->dien)
503 level = 1;
504 s->istat0 |= LSI_ISTAT0_DIP;
505 } else {
506 s->istat0 &= ~LSI_ISTAT0_DIP;
507 }
508
509 if (s->sist0 || s->sist1) {
510 if ((s->sist0 & s->sien0) || (s->sist1 & s->sien1))
511 level = 1;
512 s->istat0 |= LSI_ISTAT0_SIP;
513 } else {
514 s->istat0 &= ~LSI_ISTAT0_SIP;
515 }
516 if (s->istat0 & LSI_ISTAT0_INTF)
517 level = 1;
518
519 if (level != last_level) {
c921370b 520 trace_lsi_update_irq(level, s->dstat, s->sist1, s->sist0);
7d8406be
PB		 521 last_level = level;
522 }
3cc1b9cb 523 lsi_set_irq(s, level);
e560125e 524
56333e69
GK		 525 if (!s->current && !level && lsi_irq_on_rsl(s) && !(s->scntl1 & LSI_SCNTL1_CON)) {
526 lsi_request *p;
527
c921370b 528 trace_lsi_update_irq_disconnected();
56333e69
GK		 529 p = get_pending_req(s);
530 if (p) {
531 lsi_reselect(s, p);
e560125e
LA		 532 }
533 }
7d8406be
PB		 534}
535
536/* Stop SCRIPTS execution and raise a SCSI interrupt. */
537static void lsi_script_scsi_interrupt(LSIState *s, int stat0, int stat1)
538{
539 uint32_t mask0;
540 uint32_t mask1;
541
c921370b 542 trace_lsi_script_scsi_interrupt(stat1, stat0, s->sist1, s->sist0);
7d8406be
PB		 543 s->sist0 |= stat0;
544 s->sist1 |= stat1;
545 /* Stop processor on fatal or unmasked interrupt. As a special hack
546 we don't stop processing when raising STO. Instead continue
547 execution and stop at the next insn that accesses the SCSI bus. */
548 mask0 = s->sien0 | ~(LSI_SIST0_CMP | LSI_SIST0_SEL | LSI_SIST0_RSL);
549 mask1 = s->sien1 | ~(LSI_SIST1_GEN | LSI_SIST1_HTH);
550 mask1 &= ~LSI_SIST1_STO;
551 if (s->sist0 & mask0 || s->sist1 & mask1) {
552 lsi_stop_script(s);
553 }
554 lsi_update_irq(s);
555}
556
557/* Stop SCRIPTS execution and raise a DMA interrupt. */
558static void lsi_script_dma_interrupt(LSIState *s, int stat)
559{
c921370b 560 trace_lsi_script_dma_interrupt(stat, s->dstat);
7d8406be
PB		 561 s->dstat |= stat;
562 lsi_update_irq(s);
563 lsi_stop_script(s);
564}
565
566static inline void lsi_set_phase(LSIState *s, int phase)
567{
12dd89f7
SS		 568 s->sbcl &= ~PHASE_MASK;
569 s->sbcl |= phase | LSI_SBCL_REQ;
7d8406be
PB		 570 s->sstat1 = (s->sstat1 & ~PHASE_MASK) | phase;
571}
572
573static void lsi_bad_phase(LSIState *s, int out, int new_phase)
574{
575 /* Trigger a phase mismatch. */
576 if (s->ccntl0 & LSI_CCNTL0_ENPMJ) {
d1d74664
PB		 577 if ((s->ccntl0 & LSI_CCNTL0_PMJCTL)) {
578 s->dsp = out ? s->pmjad1 : s->pmjad2;
7d8406be 579 } else {
d1d74664 580 s->dsp = (s->scntl2 & LSI_SCNTL2_WSR ? s->pmjad2 : s->pmjad1);
7d8406be 581 }
c921370b 582 trace_lsi_bad_phase_jump(s->dsp);
7d8406be 583 } else {
c921370b 584 trace_lsi_bad_phase_interrupt();
7d8406be
PB		 585 lsi_script_scsi_interrupt(s, LSI_SIST0_MA, 0);
586 lsi_stop_script(s);
587 }
588 lsi_set_phase(s, new_phase);
589}
590
a917d384
PB		 591
592/* Resume SCRIPTS execution after a DMA operation. */
593static void lsi_resume_script(LSIState *s)
594{
595 if (s->waiting != 2) {
f08ec2b8 596 s->waiting = LSI_NOWAIT;
a917d384
PB		 597 lsi_execute_script(s);
598 } else {
f08ec2b8 599 s->waiting = LSI_NOWAIT;
a917d384
PB		 600 }
601}
602
64d56409
JK		 603static void lsi_disconnect(LSIState *s)
604{
605 s->scntl1 &= ~LSI_SCNTL1_CON;
606 s->sstat1 &= ~PHASE_MASK;
12dd89f7 607 s->sbcl = 0;
64d56409
JK		 608}
609
610static void lsi_bad_selection(LSIState *s, uint32_t id)
611{
c921370b 612 trace_lsi_bad_selection(id);
64d56409
JK		 613 lsi_script_scsi_interrupt(s, 0, LSI_SIST1_STO);
614 lsi_disconnect(s);
615}
616
4d611c9a 617/* Initiate a SCSI layer data transfer. */
7d8406be
PB		 618static void lsi_do_dma(LSIState *s, int out)
619{
f48a7a6e 620 uint32_t count;
9ba4524c 621 dma_addr_t addr;
64d56409 622 SCSIDevice *dev;
7d8406be 623
4051a1f0 624 if (!s->current || !s->current->dma_len) {
a917d384 625 /* Wait until data is available. */
c921370b 626 trace_lsi_do_dma_unavailable();
a917d384 627 return;
7d8406be
PB		 628 }
629
f48a7a6e
PB		 630 dev = s->current->req->dev;
631 assert(dev);
64d56409 632
a917d384 633 count = s->dbc;
b96a0da0
GH		 634 if (count > s->current->dma_len)
635 count = s->current->dma_len;
a917d384
PB		 636
637 addr = s->dnad;
dd8edf01
AL		 638 /* both 40 and Table Indirect 64-bit DMAs store upper bits in dnad64 */
639 if (lsi_dma_40bit(s) || lsi_dma_ti64bit(s))
b25cf589 640 addr |= ((uint64_t)s->dnad64 << 32);
dd8edf01
AL		 641 else if (s->dbms)
642 addr |= ((uint64_t)s->dbms << 32);
b25cf589
AL		 643 else if (s->sbms)
644 addr |= ((uint64_t)s->sbms << 32);
645
c921370b 646 trace_lsi_do_dma(addr, count);
7d8406be 647 s->csbc += count;
a917d384
PB		 648 s->dnad += count;
649 s->dbc -= count;
5c6c0e51 650 if (s->current->dma_buf == NULL) {
0c34459b 651 s->current->dma_buf = scsi_req_get_buf(s->current->req);
a917d384 652 }
7d8406be 653 /* ??? Set SFBR to first data byte. */
a917d384 654 if (out) {
a8632434 655 lsi_mem_read(s, addr, s->current->dma_buf, count);
a917d384 656 } else {
a8632434 657 lsi_mem_write(s, addr, s->current->dma_buf, count);
a917d384 658 }
b96a0da0
GH		 659 s->current->dma_len -= count;
660 if (s->current->dma_len == 0) {
661 s->current->dma_buf = NULL;
ad3376cc 662 scsi_req_continue(s->current->req);
a917d384 663 } else {
b96a0da0 664 s->current->dma_buf += count;
a917d384
PB		 665 lsi_resume_script(s);
666 }
667}
668
669
670/* Add a command to the queue. */
671static void lsi_queue_command(LSIState *s)
672{
af12ac98 673 lsi_request *p = s->current;
a917d384 674
c921370b 675 trace_lsi_queue_command(p->tag);
af12ac98 676 assert(s->current != NULL);
b96a0da0 677 assert(s->current->dma_len == 0);
af12ac98
GH		 678 QTAILQ_INSERT_TAIL(&s->queue, s->current, next);
679 s->current = NULL;
680
a917d384
PB		 681 p->pending = 0;
682 p->out = (s->sstat1 & PHASE_MASK) == PHASE_DO;
683}
684
685/* Queue a byte for a MSG IN phase. */
686static void lsi_add_msg_byte(LSIState *s, uint8_t data)
687{
688 if (s->msg_len >= LSI_MAX_MSGIN_LEN) {
c921370b 689 trace_lsi_add_msg_byte_error();
4d611c9a 690 } else {
c921370b 691 trace_lsi_add_msg_byte(data);
a917d384 692 s->msg[s->msg_len++] = data;
7d8406be 693 }
a917d384
PB		 694}
695
696/* Perform reselection to continue a command. */
aa4d32c4 697static void lsi_reselect(LSIState *s, lsi_request *p)
a917d384 698{
a917d384
PB		 699 int id;
700
af12ac98
GH		 701 assert(s->current == NULL);
702 QTAILQ_REMOVE(&s->queue, p, next);
703 s->current = p;
704
aa4d32c4 705 id = (p->tag >> 8) & 0xf;
a917d384 706 s->ssid = id | 0x80;
cc9f28bc 707 /* LSI53C700 Family Compatibility, see LSI53C895A 4-73 */
f6dc18df 708 if (!(s->dcntl & LSI_DCNTL_COM)) {
cc9f28bc
LA		 709 s->sfbr = 1 << (id & 0x7);
710 }
c921370b 711 trace_lsi_reselect(id);
a917d384
PB		 712 s->scntl1 |= LSI_SCNTL1_CON;
713 lsi_set_phase(s, PHASE_MI);
4ae63d37 714 s->msg_action = p->out ? LSI_MSG_ACTION_DOUT : LSI_MSG_ACTION_DIN;
b96a0da0 715 s->current->dma_len = p->pending;
a917d384 716 lsi_add_msg_byte(s, 0x80);
af12ac98 717 if (s->current->tag & LSI_TAG_VALID) {
a917d384 718 lsi_add_msg_byte(s, 0x20);
aa4d32c4 719 lsi_add_msg_byte(s, p->tag & 0xff);
a917d384
PB		 720 }
721
e560125e
LA		 722 if (lsi_irq_on_rsl(s)) {
723 lsi_script_scsi_interrupt(s, LSI_SIST0_RSL, 0);
724 }
a917d384
PB		 725}
726
11257187 727static lsi_request *lsi_find_by_tag(LSIState *s, uint32_t tag)
a917d384 728{
042ec49d
GH		 729 lsi_request *p;
730
731 QTAILQ_FOREACH(p, &s->queue, next) {
a917d384 732 if (p->tag == tag) {
11257187 733 return p;
a917d384
PB		 734 }
735 }
11257187
PB		 736
737 return NULL;
738}
739
d2a9998f
PB		 740static void lsi_request_free(LSIState *s, lsi_request *p)
741{
742 if (p == s->current) {
743 s->current = NULL;
744 } else {
745 QTAILQ_REMOVE(&s->queue, p, next);
746 }
747 g_free(p);
748}
749
94d3f98a
PB		 750static void lsi_request_cancelled(SCSIRequest *req)
751{
71186c86 752 LSIState *s = LSI53C895A(req->bus->qbus.parent);
c5bf71a9 753 lsi_request *p = req->hba_private;
94d3f98a 754
d2a9998f
PB		 755 req->hba_private = NULL;
756 lsi_request_free(s, p);
757 scsi_req_unref(req);
94d3f98a
PB		 758}
759
11257187
PB		 760/* Record that data is available for a queued command. Returns zero if
761 the device was reselected, nonzero if the IO is deferred. */
c5bf71a9 762static int lsi_queue_req(LSIState *s, SCSIRequest *req, uint32_t len)
11257187 763{
c5bf71a9 764 lsi_request *p = req->hba_private;
11257187
PB		 765
766 if (p->pending) {
c921370b 767 trace_lsi_queue_req_error(p);
11257187 768 }
aba1f023 769 p->pending = len;
11257187
PB		 770 /* Reselect if waiting for it, or if reselection triggers an IRQ
771 and the bus is free.
772 Since no interrupt stacking is implemented in the emulation, it
773 is also required that there are no pending interrupts waiting
774 for service from the device driver. */
f08ec2b8 775 if (s->waiting == LSI_WAIT_RESELECT ||
11257187
PB		 776 (lsi_irq_on_rsl(s) && !(s->scntl1 & LSI_SCNTL1_CON) &&
777 !(s->istat0 & (LSI_ISTAT0_SIP | LSI_ISTAT0_DIP)))) {
778 /* Reselect device. */
779 lsi_reselect(s, p);
780 return 0;
781 } else {
c921370b 782 trace_lsi_queue_req(p->tag);
aba1f023 783 p->pending = len;
11257187
PB		 784 return 1;
785 }
7d8406be 786}
c6df7102
PB		 787
788 /* Callback to indicate that the SCSI layer has completed a command. */
17ea26c2 789static void lsi_command_complete(SCSIRequest *req, size_t resid)
4d611c9a 790{
71186c86 791 LSIState *s = LSI53C895A(req->bus->qbus.parent);
4d611c9a
PB		 792 int out;
793
a917d384 794 out = (s->sstat1 & PHASE_MASK) == PHASE_DO;
17ea26c2
HR		 795 trace_lsi_command_complete(req->status);
796 s->status = req->status;
c6df7102
PB		 797 s->command_complete = 2;
798 if (s->waiting && s->dbc != 0) {
799 /* Raise phase mismatch for short transfers. */
800 lsi_bad_phase(s, out, PHASE_ST);
801 } else {
802 lsi_set_phase(s, PHASE_ST);
803 }
af12ac98 804
8f6e699d 805 if (req->hba_private == s->current) {
d2a9998f
PB		 806 req->hba_private = NULL;
807 lsi_request_free(s, s->current);
808 scsi_req_unref(req);
4d611c9a 809 }
c6df7102
PB		 810 lsi_resume_script(s);
811}
812
813 /* Callback to indicate that the SCSI layer has completed a transfer. */
aba1f023 814static void lsi_transfer_data(SCSIRequest *req, uint32_t len)
c6df7102 815{
71186c86 816 LSIState *s = LSI53C895A(req->bus->qbus.parent);
c6df7102 817 int out;
4d611c9a 818
8f6e699d 819 assert(req->hba_private);
f08ec2b8 820 if (s->waiting == LSI_WAIT_RESELECT || req->hba_private != s->current ||
e560125e 821 (lsi_irq_on_rsl(s) && !(s->scntl1 & LSI_SCNTL1_CON))) {
c5bf71a9 822 if (lsi_queue_req(s, req, len)) {
a917d384 823 return;
5c6c0e51 824 }
a917d384 825 }
e560125e 826
c6df7102
PB		 827 out = (s->sstat1 & PHASE_MASK) == PHASE_DO;
828
e560125e 829 /* host adapter (re)connected */
c921370b 830 trace_lsi_transfer_data(req->tag, len);
aba1f023 831 s->current->dma_len = len;
8ccc2ace 832 s->command_complete = 1;
c6df7102 833 if (s->waiting) {
f08ec2b8 834 if (s->waiting == LSI_WAIT_RESELECT || s->dbc == 0) {
c6df7102
PB		 835 lsi_resume_script(s);
836 } else {
837 lsi_do_dma(s, out);
838 }
4d611c9a
PB		 839 }
840}
7d8406be
PB		 841
842static void lsi_do_command(LSIState *s)
843{
64d56409 844 SCSIDevice *dev;
7d8406be 845 uint8_t buf[16];
64d56409 846 uint32_t id;
7d8406be
PB		 847 int n;
848
c921370b 849 trace_lsi_do_command(s->dbc);
7d8406be
PB		 850 if (s->dbc > 16)
851 s->dbc = 16;
725eec70 852 pci_dma_read(PCI_DEVICE(s), s->dnad, buf, s->dbc);
7d8406be 853 s->sfbr = buf[0];
8ccc2ace 854 s->command_complete = 0;
af12ac98 855
259d5577 856 id = (s->select_tag >> 8) & 0xf;
0d3545e7 857 dev = scsi_device_find(&s->bus, 0, id, s->current_lun);
64d56409
JK		 858 if (!dev) {
859 lsi_bad_selection(s, id);
860 return;
861 }
862
af12ac98 863 assert(s->current == NULL);
3c55fe2a 864 s->current = g_new0(lsi_request, 1);
af12ac98 865 s->current->tag = s->select_tag;
c39ce112 866 s->current->req = scsi_req_new(dev, s->current->tag, s->current_lun, buf,
c5bf71a9 867 s->current);
af12ac98 868
c39ce112 869 n = scsi_req_enqueue(s->current->req);
ad3376cc
PB		 870 if (n) {
871 if (n > 0) {
872 lsi_set_phase(s, PHASE_DI);
873 } else if (n < 0) {
874 lsi_set_phase(s, PHASE_DO);
875 }
876 scsi_req_continue(s->current->req);
a917d384 877 }
8ccc2ace
TS		 878 if (!s->command_complete) {
879 if (n) {
880 /* Command did not complete immediately so disconnect. */
881 lsi_add_msg_byte(s, 2); /* SAVE DATA POINTER */
882 lsi_add_msg_byte(s, 4); /* DISCONNECT */
883 /* wait data */
884 lsi_set_phase(s, PHASE_MI);
4ae63d37 885 s->msg_action = LSI_MSG_ACTION_DISCONNECT;
8ccc2ace
TS		 886 lsi_queue_command(s);
887 } else {
888 /* wait command complete */
889 lsi_set_phase(s, PHASE_DI);
890 }
7d8406be
PB		 891 }
892}
893
7d8406be
PB		 894static void lsi_do_status(LSIState *s)
895{
2f172849 896 uint8_t status;
c921370b
MCA		 897 trace_lsi_do_status(s->dbc, s->status);
898 if (s->dbc != 1) {
899 trace_lsi_do_status_error();
900 }
7d8406be 901 s->dbc = 1;
2f172849
HR		 902 status = s->status;
903 s->sfbr = status;
725eec70 904 pci_dma_write(PCI_DEVICE(s), s->dnad, &status, 1);
7d8406be 905 lsi_set_phase(s, PHASE_MI);
4ae63d37 906 s->msg_action = LSI_MSG_ACTION_DISCONNECT;
a917d384 907 lsi_add_msg_byte(s, 0); /* COMMAND COMPLETE */
7d8406be
PB		 908}
909
7d8406be
PB		 910static void lsi_do_msgin(LSIState *s)
911{
e58ccf03 912 uint8_t len;
c921370b 913 trace_lsi_do_msgin(s->dbc, s->msg_len);
a917d384
PB		 914 s->sfbr = s->msg[0];
915 len = s->msg_len;
e58ccf03 916 assert(len > 0 && len <= LSI_MAX_MSGIN_LEN);
a917d384
PB		 917 if (len > s->dbc)
918 len = s->dbc;
725eec70 919 pci_dma_write(PCI_DEVICE(s), s->dnad, s->msg, len);
a917d384
PB		 920 /* Linux drivers rely on the last byte being in the SIDL. */
921 s->sidl = s->msg[len - 1];
922 s->msg_len -= len;
923 if (s->msg_len) {
924 memmove(s->msg, s->msg + len, s->msg_len);
7d8406be
PB		 925 } else {
926 /* ??? Check if ATN (not yet implemented) is asserted and maybe
927 switch to PHASE_MO. */
a917d384 928 switch (s->msg_action) {
4ae63d37 929 case LSI_MSG_ACTION_COMMAND:
a917d384
PB		 930 lsi_set_phase(s, PHASE_CMD);
931 break;
4ae63d37 932 case LSI_MSG_ACTION_DISCONNECT:
a917d384
PB		 933 lsi_disconnect(s);
934 break;
4ae63d37 935 case LSI_MSG_ACTION_DOUT:
a917d384
PB		 936 lsi_set_phase(s, PHASE_DO);
937 break;
4ae63d37 938 case LSI_MSG_ACTION_DIN:
a917d384
PB		 939 lsi_set_phase(s, PHASE_DI);
940 break;
941 default:
942 abort();
943 }
7d8406be
PB		 944 }
945}
946
a917d384
PB		 947/* Read the next byte during a MSGOUT phase. */
948static uint8_t lsi_get_msgbyte(LSIState *s)
949{
950 uint8_t data;
725eec70 951 pci_dma_read(PCI_DEVICE(s), s->dnad, &data, 1);
a917d384
PB		 952 s->dnad++;
953 s->dbc--;
954 return data;
955}
956
444dd39b
SH		 957/* Skip the next n bytes during a MSGOUT phase. */
958static void lsi_skip_msgbytes(LSIState *s, unsigned int n)
959{
960 s->dnad += n;
961 s->dbc -= n;
962}
963
7d8406be
PB		 964static void lsi_do_msgout(LSIState *s)
965{
966 uint8_t msg;
a917d384 967 int len;
508240c0 968 uint32_t current_tag;
5c6c0e51 969 lsi_request *current_req, *p, *p_next;
508240c0
BK		 970
971 if (s->current) {
972 current_tag = s->current->tag;
5c6c0e51 973 current_req = s->current;
508240c0
BK		 974 } else {
975 current_tag = s->select_tag;
5c6c0e51 976 current_req = lsi_find_by_tag(s, current_tag);
508240c0 977 }
7d8406be 978
c921370b 979 trace_lsi_do_msgout(s->dbc);
a917d384
PB		 980 while (s->dbc) {
981 msg = lsi_get_msgbyte(s);
982 s->sfbr = msg;
983
984 switch (msg) {
77203ea0 985 case 0x04:
c921370b 986 trace_lsi_do_msgout_disconnect();
a917d384
PB		 987 lsi_disconnect(s);
988 break;
989 case 0x08:
c921370b 990 trace_lsi_do_msgout_noop();
a917d384
PB		 991 lsi_set_phase(s, PHASE_CMD);
992 break;
993 case 0x01:
994 len = lsi_get_msgbyte(s);
995 msg = lsi_get_msgbyte(s);
f3f5b867 996 (void)len; /* avoid a warning about unused variable*/
c921370b 997 trace_lsi_do_msgout_extended(msg, len);
a917d384
PB		 998 switch (msg) {
999 case 1:
c921370b 1000 trace_lsi_do_msgout_ignored("SDTR");
444dd39b 1001 lsi_skip_msgbytes(s, 2);
a917d384
PB		 1002 break;
1003 case 3:
c921370b 1004 trace_lsi_do_msgout_ignored("WDTR");
444dd39b 1005 lsi_skip_msgbytes(s, 1);
a917d384 1006 break;
966a09fa 1007 case 4:
c921370b 1008 trace_lsi_do_msgout_ignored("PPR");
966a09fa
GK		 1009 lsi_skip_msgbytes(s, 5);
1010 break;
a917d384
PB		 1011 default:
1012 goto bad;
1013 }
1014 break;
1015 case 0x20: /* SIMPLE queue */
af12ac98 1016 s->select_tag |= lsi_get_msgbyte(s) | LSI_TAG_VALID;
c921370b 1017 trace_lsi_do_msgout_simplequeue(s->select_tag & 0xff);
a917d384
PB		 1018 break;
1019 case 0x21: /* HEAD of queue */
c921370b 1020 qemu_log_mask(LOG_UNIMP, "lsi_scsi: HEAD queue not implemented\n");
af12ac98 1021 s->select_tag |= lsi_get_msgbyte(s) | LSI_TAG_VALID;
a917d384
PB		 1022 break;
1023 case 0x22: /* ORDERED queue */
c921370b
MCA		 1024 qemu_log_mask(LOG_UNIMP,
1025 "lsi_scsi: ORDERED queue not implemented\n");
af12ac98 1026 s->select_tag |= lsi_get_msgbyte(s) | LSI_TAG_VALID;
a917d384 1027 break;
508240c0
BK		 1028 case 0x0d:
1029 /* The ABORT TAG message clears the current I/O process only. */
c921370b 1030 trace_lsi_do_msgout_abort(current_tag);
6c8fa961 1031 if (current_req && current_req->req) {
94d3f98a 1032 scsi_req_cancel(current_req->req);
4367a20c 1033 current_req = NULL;
5c6c0e51 1034 }
508240c0
BK		 1035 lsi_disconnect(s);
1036 break;
1037 case 0x06:
1038 case 0x0e:
1039 case 0x0c:
1040 /* The ABORT message clears all I/O processes for the selecting
1041 initiator on the specified logical unit of the target. */
1042 if (msg == 0x06) {
c921370b 1043 trace_lsi_do_msgout_abort(current_tag);
508240c0
BK		 1044 }
1045 /* The CLEAR QUEUE message clears all I/O processes for all
1046 initiators on the specified logical unit of the target. */
1047 if (msg == 0x0e) {
c921370b 1048 trace_lsi_do_msgout_clearqueue(current_tag);
508240c0
BK		 1049 }
1050 /* The BUS DEVICE RESET message clears all I/O processes for all
1051 initiators on all logical units of the target. */
1052 if (msg == 0x0c) {
c921370b 1053 trace_lsi_do_msgout_busdevicereset(current_tag);
508240c0
BK		 1054 }
1055
1056 /* clear the current I/O process */
5c6c0e51 1057 if (s->current) {
94d3f98a 1058 scsi_req_cancel(s->current->req);
4367a20c 1059 current_req = NULL;
5c6c0e51 1060 }
508240c0
BK		 1061
1062 /* As the current implemented devices scsi_disk and scsi_generic
1063 only support one LUN, we don't need to keep track of LUNs.
1064 Clearing I/O processes for other initiators could be possible
1065 for scsi_generic by sending a SG_SCSI_RESET to the /dev/sgX
1066 device, but this is currently not implemented (and seems not
1067 to be really necessary). So let's simply clear all queued
1068 commands for the current device: */
508240c0 1069 QTAILQ_FOREACH_SAFE(p, &s->queue, next, p_next) {
a6c6f44a 1070 if ((p->tag & 0x0000ff00) == (current_tag & 0x0000ff00)) {
94d3f98a 1071 scsi_req_cancel(p->req);
508240c0
BK		 1072 }
1073 }
1074
1075 lsi_disconnect(s);
1076 break;
a917d384
PB		 1077 default:
1078 if ((msg & 0x80) == 0) {
1079 goto bad;
1080 }
1081 s->current_lun = msg & 7;
c921370b 1082 trace_lsi_do_msgout_select(s->current_lun);
a917d384
PB		 1083 lsi_set_phase(s, PHASE_CMD);
1084 break;
1085 }
7d8406be 1086 }
a917d384
PB		 1087 return;
1088bad:
c921370b 1089 qemu_log_mask(LOG_UNIMP, "Unimplemented message 0x%02x\n", msg);
a917d384
PB		 1090 lsi_set_phase(s, PHASE_MI);
1091 lsi_add_msg_byte(s, 7); /* MESSAGE REJECT */
4ae63d37 1092 s->msg_action = LSI_MSG_ACTION_COMMAND;
7d8406be
PB		 1093}
1094
e20a8dff 1095#define LSI_BUF_SIZE 4096
7d8406be
PB		 1096static void lsi_memcpy(LSIState *s, uint32_t dest, uint32_t src, int count)
1097{
1098 int n;
e20a8dff 1099 uint8_t buf[LSI_BUF_SIZE];
7d8406be 1100
c921370b 1101 trace_lsi_memcpy(dest, src, count);
7d8406be 1102 while (count) {
e20a8dff 1103 n = (count > LSI_BUF_SIZE) ? LSI_BUF_SIZE : count;
a8632434
HP		 1104 lsi_mem_read(s, src, buf, n);
1105 lsi_mem_write(s, dest, buf, n);
7d8406be
PB		 1106 src += n;
1107 dest += n;
1108 count -= n;
1109 }
1110}
1111
a917d384
PB		 1112static void lsi_wait_reselect(LSIState *s)
1113{
042ec49d
GH		 1114 lsi_request *p;
1115
c921370b 1116 trace_lsi_wait_reselect();
042ec49d 1117
56333e69
GK		 1118 if (s->current) {
1119 return;
1120 }
1121 p = get_pending_req(s);
1122 if (p) {
1123 lsi_reselect(s, p);
a917d384 1124 }
b96a0da0 1125 if (s->current == NULL) {
f08ec2b8 1126 s->waiting = LSI_WAIT_RESELECT;
a917d384
PB		 1127 }
1128}
1129
7d8406be
PB		 1130static void lsi_execute_script(LSIState *s)
1131{
725eec70 1132 PCIDevice *pci_dev = PCI_DEVICE(s);
7d8406be 1133 uint32_t insn;
b25cf589 1134 uint32_t addr, addr_high;
7d8406be 1135 int opcode;
ee4d919f 1136 int insn_processed = 0;
7d8406be
PB		 1137
1138 s->istat1 |= LSI_ISTAT1_SRUN;
1139again:
de594e47
PB		 1140 if (++insn_processed > LSI_MAX_INSN) {
1141 /* Some windows drivers make the device spin waiting for a memory
1142 location to change. If we have been executed a lot of code then
1143 assume this is the case and force an unexpected device disconnect.
1144 This is apparently sufficient to beat the drivers into submission.
1145 */
1146 if (!(s->sien0 & LSI_SIST0_UDC)) {
1147 qemu_log_mask(LOG_GUEST_ERROR,
1148 "lsi_scsi: inf. loop with UDC masked");
1149 }
1150 lsi_script_scsi_interrupt(s, LSI_SIST0_UDC, 0);
1151 lsi_disconnect(s);
1152 trace_lsi_execute_script_stop();
1153 return;
1154 }
7d8406be 1155 insn = read_dword(s, s->dsp);
02b373ad
AZ		 1156 if (!insn) {
1157 /* If we receive an empty opcode increment the DSP by 4 bytes
1158 instead of 8 and execute the next opcode at that location */
1159 s->dsp += 4;
1160 goto again;
1161 }
7d8406be 1162 addr = read_dword(s, s->dsp + 4);
b25cf589 1163 addr_high = 0;
c921370b 1164 trace_lsi_execute_script(s->dsp, insn, addr);
7d8406be
PB		 1165 s->dsps = addr;
1166 s->dcmd = insn >> 24;
1167 s->dsp += 8;
1168 switch (insn >> 30) {
1169 case 0: /* Block move. */
1170 if (s->sist1 & LSI_SIST1_STO) {
c921370b 1171 trace_lsi_execute_script_blockmove_delayed();
7d8406be
PB		 1172 lsi_stop_script(s);
1173 break;
1174 }
1175 s->dbc = insn & 0xffffff;
1176 s->rbc = s->dbc;
dd8edf01
AL		 1177 /* ??? Set ESA. */
1178 s->ia = s->dsp - 8;
7d8406be
PB		 1179 if (insn & (1 << 29)) {
1180 /* Indirect addressing. */
1181 addr = read_dword(s, addr);
1182 } else if (insn & (1 << 28)) {
1183 uint32_t buf[2];
1184 int32_t offset;
1185 /* Table indirect addressing. */
dd8edf01
AL		 1186
1187 /* 32-bit Table indirect */
92794105 1188 offset = sextract32(addr, 0, 24);
725eec70 1189 pci_dma_read(pci_dev, s->dsa + offset, buf, 8);
b25cf589
AL		 1190 /* byte count is stored in bits 0:23 only */
1191 s->dbc = cpu_to_le32(buf[0]) & 0xffffff;
7faa239c 1192 s->rbc = s->dbc;
7d8406be 1193 addr = cpu_to_le32(buf[1]);
b25cf589
AL		 1194
1195 /* 40-bit DMA, upper addr bits [39:32] stored in first DWORD of
1196 * table, bits [31:24] */
1197 if (lsi_dma_40bit(s))
1198 addr_high = cpu_to_le32(buf[0]) >> 24;
dd8edf01
AL		 1199 else if (lsi_dma_ti64bit(s)) {
1200 int selector = (cpu_to_le32(buf[0]) >> 24) & 0x1f;
1201 switch (selector) {
1202 case 0 ... 0x0f:
1203 /* offset index into scratch registers since
1204 * TI64 mode can use registers C to R */
1205 addr_high = s->scratch[2 + selector];
1206 break;
1207 case 0x10:
1208 addr_high = s->mmrs;
1209 break;
1210 case 0x11:
1211 addr_high = s->mmws;
1212 break;
1213 case 0x12:
1214 addr_high = s->sfs;
1215 break;
1216 case 0x13:
1217 addr_high = s->drs;
1218 break;
1219 case 0x14:
1220 addr_high = s->sbms;
1221 break;
1222 case 0x15:
1223 addr_high = s->dbms;
1224 break;
1225 default:
c921370b
MCA		 1226 qemu_log_mask(LOG_GUEST_ERROR,
1227 "lsi_scsi: Illegal selector specified (0x%x > 0x15) "
1228 "for 64-bit DMA block move", selector);
dd8edf01
AL		 1229 break;
1230 }
1231 }
1232 } else if (lsi_dma_64bit(s)) {
1233 /* fetch a 3rd dword if 64-bit direct move is enabled and
1234 only if we're not doing table indirect or indirect addressing */
1235 s->dbms = read_dword(s, s->dsp);
1236 s->dsp += 4;
1237 s->ia = s->dsp - 12;
7d8406be
PB		 1238 }
1239 if ((s->sstat1 & PHASE_MASK) != ((insn >> 24) & 7)) {
82cf2bcf
SS		 1240 trace_lsi_execute_script_blockmove_badphase(
1241 scsi_phase_name(s->sstat1),
1242 scsi_phase_name(insn >> 24));
7d8406be
PB		 1243 lsi_script_scsi_interrupt(s, LSI_SIST0_MA, 0);
1244 break;
1245 }
1246 s->dnad = addr;
b25cf589 1247 s->dnad64 = addr_high;
7d8406be
PB		 1248 switch (s->sstat1 & 0x7) {
1249 case PHASE_DO:
f08ec2b8 1250 s->waiting = LSI_DMA_SCRIPTS;
7d8406be 1251 lsi_do_dma(s, 1);
a917d384 1252 if (s->waiting)
f08ec2b8 1253 s->waiting = LSI_DMA_IN_PROGRESS;
7d8406be
PB		 1254 break;
1255 case PHASE_DI:
f08ec2b8 1256 s->waiting = LSI_DMA_SCRIPTS;
7d8406be 1257 lsi_do_dma(s, 0);
a917d384 1258 if (s->waiting)
f08ec2b8 1259 s->waiting = LSI_DMA_IN_PROGRESS;
7d8406be
PB		 1260 break;
1261 case PHASE_CMD:
1262 lsi_do_command(s);
1263 break;
1264 case PHASE_ST:
1265 lsi_do_status(s);
1266 break;
1267 case PHASE_MO:
1268 lsi_do_msgout(s);
1269 break;
1270 case PHASE_MI:
1271 lsi_do_msgin(s);
1272 break;
1273 default:
82cf2bcf
SS		 1274 qemu_log_mask(LOG_UNIMP, "lsi_scsi: Unimplemented phase %s\n",
1275 scsi_phase_name(s->sstat1));
7d8406be
PB		 1276 }
1277 s->dfifo = s->dbc & 0xff;
1278 s->ctest5 = (s->ctest5 & 0xfc) | ((s->dbc >> 8) & 3);
1279 s->sbc = s->dbc;
1280 s->rbc -= s->dbc;
1281 s->ua = addr + s->dbc;
7d8406be
PB		 1282 break;
1283
1284 case 1: /* IO or Read/Write instruction. */
1285 opcode = (insn >> 27) & 7;
1286 if (opcode < 5) {
1287 uint32_t id;
1288
1289 if (insn & (1 << 25)) {
92794105 1290 id = read_dword(s, s->dsa + sextract32(insn, 0, 24));
7d8406be 1291 } else {
07a1bea8 1292 id = insn;
7d8406be
PB		 1293 }
1294 id = (id >> 16) & 0xf;
1295 if (insn & (1 << 26)) {
92794105 1296 addr = s->dsp + sextract32(addr, 0, 24);
7d8406be
PB		 1297 }
1298 s->dnad = addr;
1299 switch (opcode) {
1300 case 0: /* Select */
a917d384 1301 s->sdid = id;
38f5b2b8 1302 if (s->scntl1 & LSI_SCNTL1_CON) {
c921370b 1303 trace_lsi_execute_script_io_alreadyreselected();
38f5b2b8 1304 s->dsp = s->dnad;
a917d384
PB		 1305 break;
1306 }
7d8406be
PB		 1307 s->sstat0 |= LSI_SSTAT0_WOA;
1308 s->scntl1 &= ~LSI_SCNTL1_IARB;
0d3545e7 1309 if (!scsi_device_find(&s->bus, 0, id, 0)) {
64d56409 1310 lsi_bad_selection(s, id);
7d8406be
PB		 1311 break;
1312 }
c921370b
MCA		 1313 trace_lsi_execute_script_io_selected(id,
1314 insn & (1 << 3) ? " ATN" : "");
7d8406be
PB		 1315 /* ??? Linux drivers compain when this is set. Maybe
1316 it only applies in low-level mode (unimplemented).
1317 lsi_script_scsi_interrupt(s, LSI_SIST0_CMP, 0); */
af12ac98 1318 s->select_tag = id << 8;
7d8406be
PB		 1319 s->scntl1 |= LSI_SCNTL1_CON;
1320 if (insn & (1 << 3)) {
1321 s->socl |= LSI_SOCL_ATN;
12dd89f7 1322 s->sbcl |= LSI_SBCL_ATN;
7d8406be 1323 }
12dd89f7 1324 s->sbcl |= LSI_SBCL_BSY;
7d8406be 1325 lsi_set_phase(s, PHASE_MO);
f08ec2b8 1326 s->waiting = LSI_NOWAIT;
7d8406be
PB		 1327 break;
1328 case 1: /* Disconnect */
c921370b 1329 trace_lsi_execute_script_io_disconnect();
7d8406be 1330 s->scntl1 &= ~LSI_SCNTL1_CON;
56333e69
GK		 1331 /* FIXME: this is not entirely correct; the target need not ask
1332 * for reselection until it has to send data, while here we force a
1333 * reselection as soon as the bus is free. The correct flow would
1334 * reselect before lsi_transfer_data and disconnect as soon as
1335 * DMA ends.
1336 */
1337 if (!s->current) {
1338 lsi_request *p = get_pending_req(s);
1339 if (p) {
1340 lsi_reselect(s, p);
1341 }
1342 }
7d8406be
PB		 1343 break;
1344 case 2: /* Wait Reselect */
2265e98b
SS		 1345 if (s->istat0 & LSI_ISTAT0_SIGP) {
1346 s->dsp = s->dnad;
1347 } else if (!lsi_irq_on_rsl(s)) {
1348 lsi_wait_reselect(s);
e560125e 1349 }
7d8406be
PB		 1350 break;
1351 case 3: /* Set */
c921370b 1352 trace_lsi_execute_script_io_set(
7d8406be
PB		 1353 insn & (1 << 3) ? " ATN" : "",
1354 insn & (1 << 6) ? " ACK" : "",
1355 insn & (1 << 9) ? " TM" : "",
1356 insn & (1 << 10) ? " CC" : "");
1357 if (insn & (1 << 3)) {
1358 s->socl |= LSI_SOCL_ATN;
12dd89f7 1359 s->sbcl |= LSI_SBCL_ATN;
7d8406be
PB		 1360 lsi_set_phase(s, PHASE_MO);
1361 }
12dd89f7
SS		 1362
1363 if (insn & (1 << 6)) {
1364 s->sbcl |= LSI_SBCL_ACK;
1365 }
1366
7d8406be 1367 if (insn & (1 << 9)) {
c921370b
MCA		 1368 qemu_log_mask(LOG_UNIMP,
1369 "lsi_scsi: Target mode not implemented\n");
7d8406be
PB		 1370 }
1371 if (insn & (1 << 10))
1372 s->carry = 1;
1373 break;
1374 case 4: /* Clear */
c921370b 1375 trace_lsi_execute_script_io_clear(
7d8406be
PB		 1376 insn & (1 << 3) ? " ATN" : "",
1377 insn & (1 << 6) ? " ACK" : "",
1378 insn & (1 << 9) ? " TM" : "",
1379 insn & (1 << 10) ? " CC" : "");
1380 if (insn & (1 << 3)) {
1381 s->socl &= ~LSI_SOCL_ATN;
12dd89f7 1382 s->sbcl &= ~LSI_SBCL_ATN;
7d8406be 1383 }
12dd89f7
SS		 1384
1385 if (insn & (1 << 6)) {
1386 s->sbcl &= ~LSI_SBCL_ACK;
1387 }
1388
7d8406be
PB		 1389 if (insn & (1 << 10))
1390 s->carry = 0;
1391 break;
1392 }
1393 } else {
1394 uint8_t op0;
1395 uint8_t op1;
1396 uint8_t data8;
1397 int reg;
1398 int operator;
c921370b 1399
7d8406be
PB		 1400 static const char *opcode_names[3] =
1401 {"Write", "Read", "Read-Modify-Write"};
1402 static const char *operator_names[8] =
1403 {"MOV", "SHL", "OR", "XOR", "AND", "SHR", "ADD", "ADC"};
7d8406be
PB		 1404
1405 reg = ((insn >> 16) & 0x7f) | (insn & 0x80);
1406 data8 = (insn >> 8) & 0xff;
1407 opcode = (insn >> 27) & 7;
1408 operator = (insn >> 24) & 7;
c921370b 1409 trace_lsi_execute_script_io_opcode(
7d8406be 1410 opcode_names[opcode - 5], reg,
a917d384 1411 operator_names[operator], data8, s->sfbr,
7d8406be
PB		 1412 (insn & (1 << 23)) ? " SFBR" : "");
1413 op0 = op1 = 0;
1414 switch (opcode) {
1415 case 5: /* From SFBR */
1416 op0 = s->sfbr;
1417 op1 = data8;
1418 break;
1419 case 6: /* To SFBR */
1420 if (operator)
1421 op0 = lsi_reg_readb(s, reg);
1422 op1 = data8;
1423 break;
1424 case 7: /* Read-modify-write */
1425 if (operator)
1426 op0 = lsi_reg_readb(s, reg);
1427 if (insn & (1 << 23)) {
1428 op1 = s->sfbr;
1429 } else {
1430 op1 = data8;
1431 }
1432 break;
1433 }
1434
1435 switch (operator) {
1436 case 0: /* move */
1437 op0 = op1;
1438 break;
1439 case 1: /* Shift left */
1440 op1 = op0 >> 7;
1441 op0 = (op0 << 1) | s->carry;
1442 s->carry = op1;
1443 break;
1444 case 2: /* OR */
1445 op0 |= op1;
1446 break;
1447 case 3: /* XOR */
dcfb9014 1448 op0 ^= op1;
7d8406be
PB		 1449 break;
1450 case 4: /* AND */
1451 op0 &= op1;
1452 break;
1453 case 5: /* SHR */
1454 op1 = op0 & 1;
1455 op0 = (op0 >> 1) | (s->carry << 7);
687fa640 1456 s->carry = op1;
7d8406be
PB		 1457 break;
1458 case 6: /* ADD */
1459 op0 += op1;
1460 s->carry = op0 < op1;
1461 break;
1462 case 7: /* ADC */
1463 op0 += op1 + s->carry;
1464 if (s->carry)
1465 s->carry = op0 <= op1;
1466 else
1467 s->carry = op0 < op1;
1468 break;
1469 }
1470
1471 switch (opcode) {
1472 case 5: /* From SFBR */
1473 case 7: /* Read-modify-write */
1474 lsi_reg_writeb(s, reg, op0);
1475 break;
1476 case 6: /* To SFBR */
1477 s->sfbr = op0;
1478 break;
1479 }
1480 }
1481 break;
1482
1483 case 2: /* Transfer Control. */
1484 {
1485 int cond;
1486 int jmp;
1487
1488 if ((insn & 0x002e0000) == 0) {
c921370b 1489 trace_lsi_execute_script_tc_nop();
7d8406be
PB		 1490 break;
1491 }
1492 if (s->sist1 & LSI_SIST1_STO) {
c921370b 1493 trace_lsi_execute_script_tc_delayedselect_timeout();
7d8406be
PB		 1494 lsi_stop_script(s);
1495 break;
1496 }
1497 cond = jmp = (insn & (1 << 19)) != 0;
1498 if (cond == jmp && (insn & (1 << 21))) {
c921370b 1499 trace_lsi_execute_script_tc_compc(s->carry == jmp);
7d8406be
PB		 1500 cond = s->carry != 0;
1501 }
1502 if (cond == jmp && (insn & (1 << 17))) {
82cf2bcf
SS		 1503 trace_lsi_execute_script_tc_compp(scsi_phase_name(s->sstat1),
1504 jmp ? '=' : '!', scsi_phase_name(insn >> 24));
7d8406be
PB		 1505 cond = (s->sstat1 & PHASE_MASK) == ((insn >> 24) & 7);
1506 }
1507 if (cond == jmp && (insn & (1 << 18))) {
1508 uint8_t mask;
1509
1510 mask = (~insn >> 8) & 0xff;
c921370b 1511 trace_lsi_execute_script_tc_compd(
7d8406be
PB		 1512 s->sfbr, mask, jmp ? '=' : '!', insn & mask);
1513 cond = (s->sfbr & mask) == (insn & mask);
1514 }
1515 if (cond == jmp) {
1516 if (insn & (1 << 23)) {
1517 /* Relative address. */
92794105 1518 addr = s->dsp + sextract32(addr, 0, 24);
7d8406be
PB		 1519 }
1520 switch ((insn >> 27) & 7) {
1521 case 0: /* Jump */
c921370b 1522 trace_lsi_execute_script_tc_jump(addr);
6f84da3a 1523 s->adder = addr;
7d8406be
PB		 1524 s->dsp = addr;
1525 break;
1526 case 1: /* Call */
c921370b 1527 trace_lsi_execute_script_tc_call(addr);
7d8406be
PB		 1528 s->temp = s->dsp;
1529 s->dsp = addr;
1530 break;
1531 case 2: /* Return */
c921370b 1532 trace_lsi_execute_script_tc_return(s->temp);
7d8406be
PB		 1533 s->dsp = s->temp;
1534 break;
1535 case 3: /* Interrupt */
c921370b 1536 trace_lsi_execute_script_tc_interrupt(s->dsps);
7d8406be
PB		 1537 if ((insn & (1 << 20)) != 0) {
1538 s->istat0 |= LSI_ISTAT0_INTF;
1539 lsi_update_irq(s);
1540 } else {
1541 lsi_script_dma_interrupt(s, LSI_DSTAT_SIR);
1542 }
1543 break;
1544 default:
c921370b 1545 trace_lsi_execute_script_tc_illegal();
7d8406be
PB		 1546 lsi_script_dma_interrupt(s, LSI_DSTAT_IID);
1547 break;
1548 }
1549 } else {
c921370b 1550 trace_lsi_execute_script_tc_cc_failed();
7d8406be
PB		 1551 }
1552 }
1553 break;
1554
1555 case 3:
1556 if ((insn & (1 << 29)) == 0) {
1557 /* Memory move. */
1558 uint32_t dest;
1559 /* ??? The docs imply the destination address is loaded into
1560 the TEMP register. However the Linux drivers rely on
1561 the value being presrved. */
1562 dest = read_dword(s, s->dsp);
1563 s->dsp += 4;
1564 lsi_memcpy(s, dest, addr, insn & 0xffffff);
1565 } else {
1566 uint8_t data[7];
1567 int reg;
1568 int n;
1569 int i;
1570
1571 if (insn & (1 << 28)) {
92794105 1572 addr = s->dsa + sextract32(addr, 0, 24);
7d8406be
PB		 1573 }
1574 n = (insn & 7);
1575 reg = (insn >> 16) & 0xff;
1576 if (insn & (1 << 24)) {
725eec70 1577 pci_dma_read(pci_dev, addr, data, n);
c921370b 1578 trace_lsi_execute_script_mm_load(reg, n, addr, *(int *)data);
7d8406be
PB		 1579 for (i = 0; i < n; i++) {
1580 lsi_reg_writeb(s, reg + i, data[i]);
1581 }
1582 } else {
c921370b 1583 trace_lsi_execute_script_mm_store(reg, n, addr);
7d8406be
PB		 1584 for (i = 0; i < n; i++) {
1585 data[i] = lsi_reg_readb(s, reg + i);
1586 }
725eec70 1587 pci_dma_write(pci_dev, addr, data, n);
7d8406be
PB		 1588 }
1589 }
1590 }
de594e47 1591 if (s->istat1 & LSI_ISTAT1_SRUN && s->waiting == LSI_NOWAIT) {
7d8406be
PB		 1592 if (s->dcntl & LSI_DCNTL_SSM) {
1593 lsi_script_dma_interrupt(s, LSI_DSTAT_SSI);
1594 } else {
1595 goto again;
1596 }
1597 }
c921370b 1598 trace_lsi_execute_script_stop();
7d8406be
PB		 1599}
1600
1601static uint8_t lsi_reg_readb(LSIState *s, int offset)
1602{
64eb7491
HP		 1603 uint8_t ret;
1604
75f76531 1605#define CASE_GET_REG24(name, addr) \
64eb7491
HP		 1606 case addr: ret = s->name & 0xff; break; \
1607 case addr + 1: ret = (s->name >> 8) & 0xff; break; \
1608 case addr + 2: ret = (s->name >> 16) & 0xff; break;
75f76531 1609
7d8406be 1610#define CASE_GET_REG32(name, addr) \
64eb7491
HP		 1611 case addr: ret = s->name & 0xff; break; \
1612 case addr + 1: ret = (s->name >> 8) & 0xff; break; \
1613 case addr + 2: ret = (s->name >> 16) & 0xff; break; \
1614 case addr + 3: ret = (s->name >> 24) & 0xff; break;
7d8406be 1615
7d8406be
PB		 1616 switch (offset) {
1617 case 0x00: /* SCNTL0 */
64eb7491
HP		 1618 ret = s->scntl0;
1619 break;
7d8406be 1620 case 0x01: /* SCNTL1 */
64eb7491
HP		 1621 ret = s->scntl1;
1622 break;
7d8406be 1623 case 0x02: /* SCNTL2 */
64eb7491
HP		 1624 ret = s->scntl2;
1625 break;
7d8406be 1626 case 0x03: /* SCNTL3 */
64eb7491
HP		 1627 ret = s->scntl3;
1628 break;
7d8406be 1629 case 0x04: /* SCID */
64eb7491
HP		 1630 ret = s->scid;
1631 break;
7d8406be 1632 case 0x05: /* SXFER */
64eb7491
HP		 1633 ret = s->sxfer;
1634 break;
7d8406be 1635 case 0x06: /* SDID */
64eb7491
HP		 1636 ret = s->sdid;
1637 break;
7d8406be 1638 case 0x07: /* GPREG0 */
64eb7491
HP		 1639 ret = 0x7f;
1640 break;
985a03b0 1641 case 0x08: /* Revision ID */
64eb7491
HP		 1642 ret = 0x00;
1643 break;
6f84da3a 1644 case 0x09: /* SOCL */
64eb7491
HP		 1645 ret = s->socl;
1646 break;
a917d384 1647 case 0xa: /* SSID */
64eb7491
HP		 1648 ret = s->ssid;
1649 break;
7d8406be 1650 case 0xb: /* SBCL */
12dd89f7 1651 ret = s->sbcl;
64eb7491 1652 break;
7d8406be 1653 case 0xc: /* DSTAT */
64eb7491 1654 ret = s->dstat | LSI_DSTAT_DFE;
7d8406be
PB		 1655 if ((s->istat0 & LSI_ISTAT0_INTF) == 0)
1656 s->dstat = 0;
1657 lsi_update_irq(s);
64eb7491 1658 break;
7d8406be 1659 case 0x0d: /* SSTAT0 */
64eb7491
HP		 1660 ret = s->sstat0;
1661 break;
7d8406be 1662 case 0x0e: /* SSTAT1 */
64eb7491
HP		 1663 ret = s->sstat1;
1664 break;
7d8406be 1665 case 0x0f: /* SSTAT2 */
64eb7491
HP		 1666 ret = s->scntl1 & LSI_SCNTL1_CON ? 0 : 2;
1667 break;
7d8406be
PB		 1668 CASE_GET_REG32(dsa, 0x10)
1669 case 0x14: /* ISTAT0 */
64eb7491
HP		 1670 ret = s->istat0;
1671 break;
ecabe8cc 1672 case 0x15: /* ISTAT1 */
64eb7491
HP		 1673 ret = s->istat1;
1674 break;
7d8406be 1675 case 0x16: /* MBOX0 */
64eb7491
HP		 1676 ret = s->mbox0;
1677 break;
7d8406be 1678 case 0x17: /* MBOX1 */
64eb7491
HP		 1679 ret = s->mbox1;
1680 break;
7d8406be 1681 case 0x18: /* CTEST0 */
64eb7491
HP		 1682 ret = 0xff;
1683 break;
7d8406be 1684 case 0x19: /* CTEST1 */
64eb7491
HP		 1685 ret = 0;
1686 break;
7d8406be 1687 case 0x1a: /* CTEST2 */
64eb7491 1688 ret = s->ctest2 | LSI_CTEST2_DACK | LSI_CTEST2_CM;
7d8406be
PB		 1689 if (s->istat0 & LSI_ISTAT0_SIGP) {
1690 s->istat0 &= ~LSI_ISTAT0_SIGP;
64eb7491 1691 ret |= LSI_CTEST2_SIGP;
7d8406be 1692 }
64eb7491 1693 break;
7d8406be 1694 case 0x1b: /* CTEST3 */
64eb7491
HP		 1695 ret = s->ctest3;
1696 break;
7d8406be
PB		 1697 CASE_GET_REG32(temp, 0x1c)
1698 case 0x20: /* DFIFO */
07163c99 1699 ret = s->dfifo;
64eb7491 1700 break;
7d8406be 1701 case 0x21: /* CTEST4 */
64eb7491
HP		 1702 ret = s->ctest4;
1703 break;
7d8406be 1704 case 0x22: /* CTEST5 */
64eb7491
HP		 1705 ret = s->ctest5;
1706 break;
985a03b0 1707 case 0x23: /* CTEST6 */
64eb7491
HP		 1708 ret = 0;
1709 break;
75f76531 1710 CASE_GET_REG24(dbc, 0x24)
7d8406be 1711 case 0x27: /* DCMD */
64eb7491
HP		 1712 ret = s->dcmd;
1713 break;
4b9a2d6d 1714 CASE_GET_REG32(dnad, 0x28)
7d8406be
PB		 1715 CASE_GET_REG32(dsp, 0x2c)
1716 CASE_GET_REG32(dsps, 0x30)
1717 CASE_GET_REG32(scratch[0], 0x34)
1718 case 0x38: /* DMODE */
64eb7491
HP		 1719 ret = s->dmode;
1720 break;
7d8406be 1721 case 0x39: /* DIEN */
64eb7491
HP		 1722 ret = s->dien;
1723 break;
bd8ee11a 1724 case 0x3a: /* SBR */
64eb7491
HP		 1725 ret = s->sbr;
1726 break;
7d8406be 1727 case 0x3b: /* DCNTL */
64eb7491
HP		 1728 ret = s->dcntl;
1729 break;
6f84da3a
PL		 1730 /* ADDER Output (Debug of relative jump address) */
1731 CASE_GET_REG32(adder, 0x3c)
7d8406be 1732 case 0x40: /* SIEN0 */
64eb7491
HP		 1733 ret = s->sien0;
1734 break;
7d8406be 1735 case 0x41: /* SIEN1 */
64eb7491
HP		 1736 ret = s->sien1;
1737 break;
7d8406be 1738 case 0x42: /* SIST0 */
64eb7491 1739 ret = s->sist0;
7d8406be
PB		 1740 s->sist0 = 0;
1741 lsi_update_irq(s);
64eb7491 1742 break;
7d8406be 1743 case 0x43: /* SIST1 */
64eb7491 1744 ret = s->sist1;
7d8406be
PB		 1745 s->sist1 = 0;
1746 lsi_update_irq(s);
64eb7491 1747 break;
9167a69a 1748 case 0x46: /* MACNTL */
64eb7491
HP		 1749 ret = 0x0f;
1750 break;
7d8406be 1751 case 0x47: /* GPCNTL0 */
64eb7491
HP		 1752 ret = 0x0f;
1753 break;
7d8406be 1754 case 0x48: /* STIME0 */
64eb7491
HP		 1755 ret = s->stime0;
1756 break;
7d8406be 1757 case 0x4a: /* RESPID0 */
64eb7491
HP		 1758 ret = s->respid0;
1759 break;
7d8406be 1760 case 0x4b: /* RESPID1 */
64eb7491
HP		 1761 ret = s->respid1;
1762 break;
7d8406be 1763 case 0x4d: /* STEST1 */
64eb7491
HP		 1764 ret = s->stest1;
1765 break;
7d8406be 1766 case 0x4e: /* STEST2 */
64eb7491
HP		 1767 ret = s->stest2;
1768 break;
7d8406be 1769 case 0x4f: /* STEST3 */
64eb7491
HP		 1770 ret = s->stest3;
1771 break;
a917d384
PB		 1772 case 0x50: /* SIDL */
1773 /* This is needed by the linux drivers. We currently only update it
1774 during the MSG IN phase. */
64eb7491
HP		 1775 ret = s->sidl;
1776 break;
7d8406be 1777 case 0x52: /* STEST4 */
64eb7491
HP		 1778 ret = 0xe0;
1779 break;
7d8406be 1780 case 0x56: /* CCNTL0 */
64eb7491
HP		 1781 ret = s->ccntl0;
1782 break;
7d8406be 1783 case 0x57: /* CCNTL1 */
64eb7491
HP		 1784 ret = s->ccntl1;
1785 break;
a917d384
PB		 1786 case 0x58: /* SBDL */
1787 /* Some drivers peek at the data bus during the MSG IN phase. */
e58ccf03
PP		 1788 if ((s->sstat1 & PHASE_MASK) == PHASE_MI) {
1789 assert(s->msg_len > 0);
a917d384 1790 return s->msg[0];
e58ccf03 1791 }
64eb7491
HP		 1792 ret = 0;
1793 break;
a917d384 1794 case 0x59: /* SBDL high */
64eb7491
HP		 1795 ret = 0;
1796 break;
7d8406be
PB		 1797 CASE_GET_REG32(mmrs, 0xa0)
1798 CASE_GET_REG32(mmws, 0xa4)
1799 CASE_GET_REG32(sfs, 0xa8)
1800 CASE_GET_REG32(drs, 0xac)
1801 CASE_GET_REG32(sbms, 0xb0)
ab57d967 1802 CASE_GET_REG32(dbms, 0xb4)
7d8406be
PB		 1803 CASE_GET_REG32(dnad64, 0xb8)
1804 CASE_GET_REG32(pmjad1, 0xc0)
1805 CASE_GET_REG32(pmjad2, 0xc4)
1806 CASE_GET_REG32(rbc, 0xc8)
1807 CASE_GET_REG32(ua, 0xcc)
1808 CASE_GET_REG32(ia, 0xd4)
1809 CASE_GET_REG32(sbc, 0xd8)
1810 CASE_GET_REG32(csbc, 0xdc)
64eb7491
HP		 1811 case 0x5c ... 0x9f:
1812 {
7d8406be
PB		 1813 int n;
1814 int shift;
1815 n = (offset - 0x58) >> 2;
1816 shift = (offset & 3) * 8;
64eb7491
HP		 1817 ret = (s->scratch[n] >> shift) & 0xff;
1818 break;
1819 }
1820 default:
85a20bc4
HP		 1821 {
1822 qemu_log_mask(LOG_GUEST_ERROR,
1823 "lsi_scsi: invalid read from reg %s %x\n",
1824 offset < ARRAY_SIZE(names) ? names[offset] : "???",
1825 offset);
1826 ret = 0xff;
1827 break;
1828 }
7d8406be 1829 }
75f76531 1830#undef CASE_GET_REG24
7d8406be 1831#undef CASE_GET_REG32
64eb7491 1832
c921370b
MCA		 1833 trace_lsi_reg_read(offset < ARRAY_SIZE(names) ? names[offset] : "???",
1834 offset, ret);
64eb7491
HP		 1835
1836 return ret;
7d8406be
PB		 1837}
1838
1839static void lsi_reg_writeb(LSIState *s, int offset, uint8_t val)
1840{
49c47daa
SH		 1841#define CASE_SET_REG24(name, addr) \
1842 case addr : s->name &= 0xffffff00; s->name |= val; break; \
1843 case addr + 1: s->name &= 0xffff00ff; s->name |= val << 8; break; \
1844 case addr + 2: s->name &= 0xff00ffff; s->name |= val << 16; break;
1845
7d8406be
PB		 1846#define CASE_SET_REG32(name, addr) \
1847 case addr : s->name &= 0xffffff00; s->name |= val; break; \
1848 case addr + 1: s->name &= 0xffff00ff; s->name |= val << 8; break; \
1849 case addr + 2: s->name &= 0xff00ffff; s->name |= val << 16; break; \
1850 case addr + 3: s->name &= 0x00ffffff; s->name |= val << 24; break;
1851
c921370b
MCA		 1852 trace_lsi_reg_write(offset < ARRAY_SIZE(names) ? names[offset] : "???",
1853 offset, val);
1854
7d8406be
PB		 1855 switch (offset) {
1856 case 0x00: /* SCNTL0 */
1857 s->scntl0 = val;
1858 if (val & LSI_SCNTL0_START) {
c921370b
MCA		 1859 qemu_log_mask(LOG_UNIMP,
1860 "lsi_scsi: Start sequence not implemented\n");
7d8406be
PB		 1861 }
1862 break;
1863 case 0x01: /* SCNTL1 */
1864 s->scntl1 = val & ~LSI_SCNTL1_SST;
1865 if (val & LSI_SCNTL1_IARB) {
c921370b
MCA		 1866 qemu_log_mask(LOG_UNIMP,
1867 "lsi_scsi: Immediate Arbritration not implemented\n");
7d8406be
PB		 1868 }
1869 if (val & LSI_SCNTL1_RST) {
680a34ee 1870 if (!(s->sstat0 & LSI_SSTAT0_RST)) {
824755ba 1871 qbus_reset_all(BUS(&s->bus));
680a34ee
JK		 1872 s->sstat0 |= LSI_SSTAT0_RST;
1873 lsi_script_scsi_interrupt(s, LSI_SIST0_RST, 0);
1874 }
7d8406be
PB		 1875 } else {
1876 s->sstat0 &= ~LSI_SSTAT0_RST;
1877 }
1878 break;
1879 case 0x02: /* SCNTL2 */
1880 val &= ~(LSI_SCNTL2_WSR | LSI_SCNTL2_WSS);
3d834c78 1881 s->scntl2 = val;
7d8406be
PB		 1882 break;
1883 case 0x03: /* SCNTL3 */
1884 s->scntl3 = val;
1885 break;
1886 case 0x04: /* SCID */
1887 s->scid = val;
1888 break;
1889 case 0x05: /* SXFER */
1890 s->sxfer = val;
1891 break;
a917d384 1892 case 0x06: /* SDID */
c7ac9f40 1893 if ((s->ssid & 0x80) && (val & 0xf) != (s->ssid & 0xf)) {
c921370b
MCA		 1894 qemu_log_mask(LOG_GUEST_ERROR,
1895 "lsi_scsi: Destination ID does not match SSID\n");
c7ac9f40 1896 }
a917d384
PB		 1897 s->sdid = val & 0xf;
1898 break;
7d8406be
PB		 1899 case 0x07: /* GPREG0 */
1900 break;
a917d384
PB		 1901 case 0x08: /* SFBR */
1902 /* The CPU is not allowed to write to this register. However the
1903 SCRIPTS register move instructions are. */
1904 s->sfbr = val;
1905 break;
a15fdf86 1906 case 0x0a: case 0x0b:
9167a69a 1907 /* Openserver writes to these readonly registers on startup */
7d37435b 1908 return;
7d8406be
PB		 1909 case 0x0c: case 0x0d: case 0x0e: case 0x0f:
1910 /* Linux writes to these readonly registers on startup. */
1911 return;
1912 CASE_SET_REG32(dsa, 0x10)
1913 case 0x14: /* ISTAT0 */
1914 s->istat0 = (s->istat0 & 0x0f) | (val & 0xf0);
1915 if (val & LSI_ISTAT0_ABRT) {
1916 lsi_script_dma_interrupt(s, LSI_DSTAT_ABRT);
1917 }
1918 if (val & LSI_ISTAT0_INTF) {
1919 s->istat0 &= ~LSI_ISTAT0_INTF;
1920 lsi_update_irq(s);
1921 }
f08ec2b8 1922 if (s->waiting == LSI_WAIT_RESELECT && val & LSI_ISTAT0_SIGP) {
c921370b 1923 trace_lsi_awoken();
f08ec2b8 1924 s->waiting = LSI_NOWAIT;
7d8406be
PB		 1925 s->dsp = s->dnad;
1926 lsi_execute_script(s);
1927 }
1928 if (val & LSI_ISTAT0_SRST) {
71186c86 1929 qdev_reset_all(DEVICE(s));
7d8406be 1930 }
92d88ecb 1931 break;
7d8406be
PB		 1932 case 0x16: /* MBOX0 */
1933 s->mbox0 = val;
92d88ecb 1934 break;
7d8406be
PB		 1935 case 0x17: /* MBOX1 */
1936 s->mbox1 = val;
92d88ecb 1937 break;
0903c35d
HP		 1938 case 0x18: /* CTEST0 */
1939 /* nothing to do */
1940 break;
9167a69a 1941 case 0x1a: /* CTEST2 */
7d37435b
PB		 1942 s->ctest2 = val & LSI_CTEST2_PCICIE;
1943 break;
7d8406be
PB		 1944 case 0x1b: /* CTEST3 */
1945 s->ctest3 = val & 0x0f;
1946 break;
1947 CASE_SET_REG32(temp, 0x1c)
1948 case 0x21: /* CTEST4 */
1949 if (val & 7) {
c921370b
MCA		 1950 qemu_log_mask(LOG_UNIMP,
1951 "lsi_scsi: Unimplemented CTEST4-FBL 0x%x\n", val);
7d8406be
PB		 1952 }
1953 s->ctest4 = val;
1954 break;
1955 case 0x22: /* CTEST5 */
1956 if (val & (LSI_CTEST5_ADCK | LSI_CTEST5_BBCK)) {
c921370b
MCA		 1957 qemu_log_mask(LOG_UNIMP,
1958 "lsi_scsi: CTEST5 DMA increment not implemented\n");
7d8406be
PB		 1959 }
1960 s->ctest5 = val;
1961 break;
49c47daa 1962 CASE_SET_REG24(dbc, 0x24)
4b9a2d6d 1963 CASE_SET_REG32(dnad, 0x28)
3d834c78 1964 case 0x2c: /* DSP[0:7] */
7d8406be
PB		 1965 s->dsp &= 0xffffff00;
1966 s->dsp |= val;
1967 break;
3d834c78 1968 case 0x2d: /* DSP[8:15] */
7d8406be
PB		 1969 s->dsp &= 0xffff00ff;
1970 s->dsp |= val << 8;
1971 break;
3d834c78 1972 case 0x2e: /* DSP[16:23] */
7d8406be
PB		 1973 s->dsp &= 0xff00ffff;
1974 s->dsp |= val << 16;
1975 break;
3d834c78 1976 case 0x2f: /* DSP[24:31] */
7d8406be
PB		 1977 s->dsp &= 0x00ffffff;
1978 s->dsp |= val << 24;
de594e47
PB		 1979 /*
1980 * FIXME: if s->waiting != LSI_NOWAIT, this will only execute one
1981 * instruction. Is this correct?
1982 */
7d8406be
PB		 1983 if ((s->dmode & LSI_DMODE_MAN) == 0
1984 && (s->istat1 & LSI_ISTAT1_SRUN) == 0)
1985 lsi_execute_script(s);
1986 break;
1987 CASE_SET_REG32(dsps, 0x30)
1988 CASE_SET_REG32(scratch[0], 0x34)
1989 case 0x38: /* DMODE */
7d8406be
PB		 1990 s->dmode = val;
1991 break;
1992 case 0x39: /* DIEN */
1993 s->dien = val;
1994 lsi_update_irq(s);
1995 break;
bd8ee11a
SH		 1996 case 0x3a: /* SBR */
1997 s->sbr = val;
1998 break;
7d8406be
PB		 1999 case 0x3b: /* DCNTL */
2000 s->dcntl = val & ~(LSI_DCNTL_PFF | LSI_DCNTL_STD);
de594e47
PB		 2001 /*
2002 * FIXME: if s->waiting != LSI_NOWAIT, this will only execute one
2003 * instruction. Is this correct?
2004 */
7d8406be
PB		 2005 if ((val & LSI_DCNTL_STD) && (s->istat1 & LSI_ISTAT1_SRUN) == 0)
2006 lsi_execute_script(s);
2007 break;
2008 case 0x40: /* SIEN0 */
2009 s->sien0 = val;
2010 lsi_update_irq(s);
2011 break;
2012 case 0x41: /* SIEN1 */
2013 s->sien1 = val;
2014 lsi_update_irq(s);
2015 break;
2016 case 0x47: /* GPCNTL0 */
2017 break;
2018 case 0x48: /* STIME0 */
2019 s->stime0 = val;
2020 break;
2021 case 0x49: /* STIME1 */
2022 if (val & 0xf) {
c921370b
MCA		 2023 qemu_log_mask(LOG_UNIMP,
2024 "lsi_scsi: General purpose timer not implemented\n");
7d8406be
PB		 2025 /* ??? Raising the interrupt immediately seems to be sufficient
2026 to keep the FreeBSD driver happy. */
2027 lsi_script_scsi_interrupt(s, 0, LSI_SIST1_GEN);
2028 }
2029 break;
2030 case 0x4a: /* RESPID0 */
2031 s->respid0 = val;
2032 break;
2033 case 0x4b: /* RESPID1 */
2034 s->respid1 = val;
2035 break;
2036 case 0x4d: /* STEST1 */
2037 s->stest1 = val;
2038 break;
2039 case 0x4e: /* STEST2 */
2040 if (val & 1) {
c921370b
MCA		 2041 qemu_log_mask(LOG_UNIMP,
2042 "lsi_scsi: Low level mode not implemented\n");
7d8406be
PB		 2043 }
2044 s->stest2 = val;
2045 break;
2046 case 0x4f: /* STEST3 */
2047 if (val & 0x41) {
c921370b
MCA		 2048 qemu_log_mask(LOG_UNIMP,
2049 "lsi_scsi: SCSI FIFO test mode not implemented\n");
7d8406be
PB		 2050 }
2051 s->stest3 = val;
2052 break;
2053 case 0x56: /* CCNTL0 */
2054 s->ccntl0 = val;
2055 break;
2056 case 0x57: /* CCNTL1 */
2057 s->ccntl1 = val;
2058 break;
2059 CASE_SET_REG32(mmrs, 0xa0)
2060 CASE_SET_REG32(mmws, 0xa4)
2061 CASE_SET_REG32(sfs, 0xa8)
2062 CASE_SET_REG32(drs, 0xac)
2063 CASE_SET_REG32(sbms, 0xb0)
ab57d967 2064 CASE_SET_REG32(dbms, 0xb4)
7d8406be
PB		 2065 CASE_SET_REG32(dnad64, 0xb8)
2066 CASE_SET_REG32(pmjad1, 0xc0)
2067 CASE_SET_REG32(pmjad2, 0xc4)
2068 CASE_SET_REG32(rbc, 0xc8)
2069 CASE_SET_REG32(ua, 0xcc)
2070 CASE_SET_REG32(ia, 0xd4)
2071 CASE_SET_REG32(sbc, 0xd8)
2072 CASE_SET_REG32(csbc, 0xdc)
2073 default:
2074 if (offset >= 0x5c && offset < 0xa0) {
2075 int n;
2076 int shift;
2077 n = (offset - 0x58) >> 2;
2078 shift = (offset & 3) * 8;
57ffcc4c 2079 s->scratch[n] = deposit32(s->scratch[n], shift, 8, val);
7d8406be 2080 } else {
85a20bc4
HP		 2081 qemu_log_mask(LOG_GUEST_ERROR,
2082 "lsi_scsi: invalid write to reg %s %x (0x%02x)\n",
2083 offset < ARRAY_SIZE(names) ? names[offset] : "???",
2084 offset, val);
7d8406be
PB		 2085 }
2086 }
49c47daa 2087#undef CASE_SET_REG24
7d8406be
PB		 2088#undef CASE_SET_REG32
2089}
2090
a8170e5e 2091static void lsi_mmio_write(void *opaque, hwaddr addr,
b0ce84e5 2092 uint64_t val, unsigned size)
7d8406be 2093{
eb40f984 2094 LSIState *s = opaque;
7d8406be
PB		 2095
2096 lsi_reg_writeb(s, addr & 0xff, val);
2097}
2098
a8170e5e 2099static uint64_t lsi_mmio_read(void *opaque, hwaddr addr,
b0ce84e5 2100 unsigned size)
7d8406be 2101{
eb40f984 2102 LSIState *s = opaque;
7d8406be
PB		 2103 return lsi_reg_readb(s, addr & 0xff);
2104}
2105
b0ce84e5
AK		 2106static const MemoryRegionOps lsi_mmio_ops = {
2107 .read = lsi_mmio_read,
2108 .write = lsi_mmio_write,
e6c165f3 2109 .endianness = DEVICE_LITTLE_ENDIAN,
b0ce84e5
AK		 2110 .impl = {
2111 .min_access_size = 1,
2112 .max_access_size = 1,
2113 },
7d8406be
PB		 2114};
2115
a8170e5e 2116static void lsi_ram_write(void *opaque, hwaddr addr,
b0ce84e5 2117 uint64_t val, unsigned size)
7d8406be 2118{
eb40f984 2119 LSIState *s = opaque;
811a75ba 2120 stn_le_p(s->script_ram + addr, size, val);
7d8406be
PB		 2121}
2122
a8170e5e 2123static uint64_t lsi_ram_read(void *opaque, hwaddr addr,
b0ce84e5 2124 unsigned size)
7d8406be 2125{
eb40f984 2126 LSIState *s = opaque;
811a75ba 2127 return ldn_le_p(s->script_ram + addr, size);
7d8406be
PB		 2128}
2129
b0ce84e5
AK		 2130static const MemoryRegionOps lsi_ram_ops = {
2131 .read = lsi_ram_read,
2132 .write = lsi_ram_write,
e6c165f3 2133 .endianness = DEVICE_LITTLE_ENDIAN,
7d8406be
PB		 2134};
2135
a8170e5e 2136static uint64_t lsi_io_read(void *opaque, hwaddr addr,
b0ce84e5 2137 unsigned size)
7d8406be 2138{
eb40f984 2139 LSIState *s = opaque;
7d8406be
PB		 2140 return lsi_reg_readb(s, addr & 0xff);
2141}
2142
a8170e5e 2143static void lsi_io_write(void *opaque, hwaddr addr,
b0ce84e5 2144 uint64_t val, unsigned size)
7d8406be 2145{
eb40f984 2146 LSIState *s = opaque;
7d8406be
PB		 2147 lsi_reg_writeb(s, addr & 0xff, val);
2148}
2149
b0ce84e5
AK		 2150static const MemoryRegionOps lsi_io_ops = {
2151 .read = lsi_io_read,
2152 .write = lsi_io_write,
e6c165f3 2153 .endianness = DEVICE_LITTLE_ENDIAN,
b0ce84e5
AK		 2154 .impl = {
2155 .min_access_size = 1,
2156 .max_access_size = 1,
2157 },
2158};
7d8406be 2159
54eefd72
JK		 2160static void lsi_scsi_reset(DeviceState *dev)
2161{
71186c86 2162 LSIState *s = LSI53C895A(dev);
54eefd72
JK		 2163
2164 lsi_soft_reset(s);
2165}
2166
44b1ff31 2167static int lsi_pre_save(void *opaque)
777aec7a
N		 2168{
2169 LSIState *s = opaque;
2170
b96a0da0
GH		 2171 if (s->current) {
2172 assert(s->current->dma_buf == NULL);
2173 assert(s->current->dma_len == 0);
2174 }
042ec49d 2175 assert(QTAILQ_EMPTY(&s->queue));
44b1ff31
DDAG		 2176
2177 return 0;
777aec7a
N		 2178}
2179
e58ccf03
PP		 2180static int lsi_post_load(void *opaque, int version_id)
2181{
2182 LSIState *s = opaque;
2183
2184 if (s->msg_len < 0 || s->msg_len > LSI_MAX_MSGIN_LEN) {
2185 return -EINVAL;
2186 }
2187
2188 return 0;
2189}
2190
4a1b0f1c
JQ		 2191static const VMStateDescription vmstate_lsi_scsi = {
2192 .name = "lsiscsi",
12dd89f7 2193 .version_id = 1,
4a1b0f1c 2194 .minimum_version_id = 0,
4a1b0f1c 2195 .pre_save = lsi_pre_save,
e58ccf03 2196 .post_load = lsi_post_load,
d49805ae 2197 .fields = (VMStateField[]) {
725eec70 2198 VMSTATE_PCI_DEVICE(parent_obj, LSIState),
4a1b0f1c
JQ		 2199
2200 VMSTATE_INT32(carry, LSIState),
2f172849 2201 VMSTATE_INT32(status, LSIState),
4a1b0f1c
JQ		 2202 VMSTATE_INT32(msg_action, LSIState),
2203 VMSTATE_INT32(msg_len, LSIState),
2204 VMSTATE_BUFFER(msg, LSIState),
2205 VMSTATE_INT32(waiting, LSIState),
2206
2207 VMSTATE_UINT32(dsa, LSIState),
2208 VMSTATE_UINT32(temp, LSIState),
2209 VMSTATE_UINT32(dnad, LSIState),
2210 VMSTATE_UINT32(dbc, LSIState),
2211 VMSTATE_UINT8(istat0, LSIState),
2212 VMSTATE_UINT8(istat1, LSIState),
2213 VMSTATE_UINT8(dcmd, LSIState),
2214 VMSTATE_UINT8(dstat, LSIState),
2215 VMSTATE_UINT8(dien, LSIState),
2216 VMSTATE_UINT8(sist0, LSIState),
2217 VMSTATE_UINT8(sist1, LSIState),
2218 VMSTATE_UINT8(sien0, LSIState),
2219 VMSTATE_UINT8(sien1, LSIState),
2220 VMSTATE_UINT8(mbox0, LSIState),
2221 VMSTATE_UINT8(mbox1, LSIState),
2222 VMSTATE_UINT8(dfifo, LSIState),
2223 VMSTATE_UINT8(ctest2, LSIState),
2224 VMSTATE_UINT8(ctest3, LSIState),
2225 VMSTATE_UINT8(ctest4, LSIState),
2226 VMSTATE_UINT8(ctest5, LSIState),
2227 VMSTATE_UINT8(ccntl0, LSIState),
2228 VMSTATE_UINT8(ccntl1, LSIState),
2229 VMSTATE_UINT32(dsp, LSIState),
2230 VMSTATE_UINT32(dsps, LSIState),
2231 VMSTATE_UINT8(dmode, LSIState),
2232 VMSTATE_UINT8(dcntl, LSIState),
2233 VMSTATE_UINT8(scntl0, LSIState),
2234 VMSTATE_UINT8(scntl1, LSIState),
2235 VMSTATE_UINT8(scntl2, LSIState),
2236 VMSTATE_UINT8(scntl3, LSIState),
2237 VMSTATE_UINT8(sstat0, LSIState),
2238 VMSTATE_UINT8(sstat1, LSIState),
2239 VMSTATE_UINT8(scid, LSIState),
2240 VMSTATE_UINT8(sxfer, LSIState),
2241 VMSTATE_UINT8(socl, LSIState),
2242 VMSTATE_UINT8(sdid, LSIState),
2243 VMSTATE_UINT8(ssid, LSIState),
2244 VMSTATE_UINT8(sfbr, LSIState),
2245 VMSTATE_UINT8(stest1, LSIState),
2246 VMSTATE_UINT8(stest2, LSIState),
2247 VMSTATE_UINT8(stest3, LSIState),
2248 VMSTATE_UINT8(sidl, LSIState),
2249 VMSTATE_UINT8(stime0, LSIState),
2250 VMSTATE_UINT8(respid0, LSIState),
2251 VMSTATE_UINT8(respid1, LSIState),
12dd89f7 2252 VMSTATE_UINT8_V(sbcl, LSIState, 1),
4a1b0f1c
JQ		 2253 VMSTATE_UINT32(mmrs, LSIState),
2254 VMSTATE_UINT32(mmws, LSIState),
2255 VMSTATE_UINT32(sfs, LSIState),
2256 VMSTATE_UINT32(drs, LSIState),
2257 VMSTATE_UINT32(sbms, LSIState),
2258 VMSTATE_UINT32(dbms, LSIState),
2259 VMSTATE_UINT32(dnad64, LSIState),
2260 VMSTATE_UINT32(pmjad1, LSIState),
2261 VMSTATE_UINT32(pmjad2, LSIState),
2262 VMSTATE_UINT32(rbc, LSIState),
2263 VMSTATE_UINT32(ua, LSIState),
2264 VMSTATE_UINT32(ia, LSIState),
2265 VMSTATE_UINT32(sbc, LSIState),
2266 VMSTATE_UINT32(csbc, LSIState),
2267 VMSTATE_BUFFER_UNSAFE(scratch, LSIState, 0, 18 * sizeof(uint32_t)),
2268 VMSTATE_UINT8(sbr, LSIState),
2269
811a75ba 2270 VMSTATE_BUFFER_UNSAFE(script_ram, LSIState, 0, 8192),
4a1b0f1c 2271 VMSTATE_END_OF_LIST()
777aec7a 2272 }
4a1b0f1c 2273};
777aec7a 2274
afd4030c
PB		 2275static const struct SCSIBusInfo lsi_scsi_info = {
2276 .tcq = true,
7e0380b9
PB		 2277 .max_target = LSI_MAX_DEVS,
2278 .max_lun = 0, /* LUN support is buggy */
afd4030c 2279
c6df7102 2280 .transfer_data = lsi_transfer_data,
94d3f98a
PB		 2281 .complete = lsi_command_complete,
2282 .cancel = lsi_request_cancelled
cfdc1bb0
PB		 2283};
2284
ae071cc8 2285static void lsi_scsi_realize(PCIDevice *dev, Error **errp)
7d8406be 2286{
71186c86
PC		 2287 LSIState *s = LSI53C895A(dev);
2288 DeviceState *d = DEVICE(dev);
deb54399 2289 uint8_t *pci_conf;
7d8406be 2290
725eec70 2291 pci_conf = dev->config;
deb54399 2292
9167a69a 2293 /* PCI latency timer = 255 */
5845f0e5 2294 pci_conf[PCI_LATENCY_TIMER] = 0xff;
817e0b6f 2295 /* Interrupt pin A */
5845f0e5 2296 pci_conf[PCI_INTERRUPT_PIN] = 0x01;
7d8406be 2297
29776739
PB		 2298 memory_region_init_io(&s->mmio_io, OBJECT(s), &lsi_mmio_ops, s,
2299 "lsi-mmio", 0x400);
2300 memory_region_init_io(&s->ram_io, OBJECT(s), &lsi_ram_ops, s,
2301 "lsi-ram", 0x2000);
2302 memory_region_init_io(&s->io_io, OBJECT(s), &lsi_io_ops, s,
2303 "lsi-io", 256);
b0ce84e5 2304
a8632434 2305 address_space_init(&s->pci_io_as, pci_address_space_io(dev), "lsi-pci-io");
3cc1b9cb 2306 qdev_init_gpio_out(d, &s->ext_irq, 1);
a8632434 2307
725eec70 2308 pci_register_bar(dev, 0, PCI_BASE_ADDRESS_SPACE_IO, &s->io_io);
16b8ed1d 2309 pci_register_bar(dev, 1, PCI_BASE_ADDRESS_SPACE_MEMORY, &s->mmio_io);
725eec70 2310 pci_register_bar(dev, 2, PCI_BASE_ADDRESS_SPACE_MEMORY, &s->ram_io);
042ec49d 2311 QTAILQ_INIT(&s->queue);
7d8406be 2312
739e95f5 2313 scsi_bus_init(&s->bus, sizeof(s->bus), d, &lsi_scsi_info);
7d8406be 2314}
9be5dafe 2315
faabca42 2316static void lsi_scsi_exit(PCIDevice *dev)
a8632434
HP		 2317{
2318 LSIState *s = LSI53C895A(dev);
2319
2320 address_space_destroy(&s->pci_io_as);
2321}
2322
40021f08
AL		 2323static void lsi_class_init(ObjectClass *klass, void *data)
2324{
39bffca2 2325 DeviceClass *dc = DEVICE_CLASS(klass);
40021f08
AL		 2326 PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
2327
ae071cc8 2328 k->realize = lsi_scsi_realize;
faabca42 2329 k->exit = lsi_scsi_exit;
40021f08
AL		 2330 k->vendor_id = PCI_VENDOR_ID_LSI_LOGIC;
2331 k->device_id = PCI_DEVICE_ID_LSI_53C895A;
2332 k->class_id = PCI_CLASS_STORAGE_SCSI;
2333 k->subsystem_id = 0x1000;
39bffca2
AL		 2334 dc->reset = lsi_scsi_reset;
2335 dc->vmsd = &vmstate_lsi_scsi;
125ee0ed 2336 set_bit(DEVICE_CATEGORY_STORAGE, dc->categories);
40021f08
AL		 2337}
2338
8c43a6f0 2339static const TypeInfo lsi_info = {
71186c86 2340 .name = TYPE_LSI53C895A,
39bffca2
AL		 2341 .parent = TYPE_PCI_DEVICE,
2342 .instance_size = sizeof(LSIState),
2343 .class_init = lsi_class_init,
fd3b02c8
EH		 2344 .interfaces = (InterfaceInfo[]) {
2345 { INTERFACE_CONVENTIONAL_PCI_DEVICE },
2346 { },
2347 },
0aab0d3a
GH		 2348};
2349
ceae18bd
HP		 2350static void lsi53c810_class_init(ObjectClass *klass, void *data)
2351{
2352 PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
2353
2354 k->device_id = PCI_DEVICE_ID_LSI_53C810;
2355}
2356
5e78c98b 2357static const TypeInfo lsi53c810_info = {
ceae18bd
HP		 2358 .name = TYPE_LSI53C810,
2359 .parent = TYPE_LSI53C895A,
2360 .class_init = lsi53c810_class_init,
2361};
2362
83f7d43a 2363static void lsi53c895a_register_types(void)
9be5dafe 2364{
39bffca2 2365 type_register_static(&lsi_info);
ceae18bd 2366 type_register_static(&lsi53c810_info);
9be5dafe
PB		 2367}
2368
83f7d43a 2369type_init(lsi53c895a_register_types)
a64aa578 2370
f74a4f3a
MCA		 2371void lsi53c8xx_handle_legacy_cmdline(DeviceState *lsi_dev)
2372{
2373 LSIState *s = LSI53C895A(lsi_dev);
2374
2375 scsi_bus_legacy_handle_cmdline(&s->bus);
2376}
QEMU mirror