2 * QEMU LSI53C895A SCSI Host Bus Adapter emulation
4 * Copyright (c) 2006 CodeSourcery.
5 * Written by Paul Brook
7 * This code is licenced under the LGPL.
10 /* ??? Need to check if the {read,write}[wl] routines work properly on
11 big-endian targets. */
16 //#define DEBUG_LSI_REG
19 #define DPRINTF(fmt, args...) \
20 do { printf("lsi_scsi: " fmt , ##args); } while (0)
21 #define BADF(fmt, args...) \
22 do { fprintf(stderr, "lsi_scsi: " fmt , ##args); exit(1);} while (0)
24 #define DPRINTF(fmt, args...) do {} while(0)
25 #define BADF(fmt, args...) \
26 do { fprintf(stderr, "lsi_scsi: " fmt , ##args); } while (0)
29 #define LSI_SCNTL0_TRG 0x01
30 #define LSI_SCNTL0_AAP 0x02
31 #define LSI_SCNTL0_EPC 0x08
32 #define LSI_SCNTL0_WATN 0x10
33 #define LSI_SCNTL0_START 0x20
35 #define LSI_SCNTL1_SST 0x01
36 #define LSI_SCNTL1_IARB 0x02
37 #define LSI_SCNTL1_AESP 0x04
38 #define LSI_SCNTL1_RST 0x08
39 #define LSI_SCNTL1_CON 0x10
40 #define LSI_SCNTL1_DHP 0x20
41 #define LSI_SCNTL1_ADB 0x40
42 #define LSI_SCNTL1_EXC 0x80
44 #define LSI_SCNTL2_WSR 0x01
45 #define LSI_SCNTL2_VUE0 0x02
46 #define LSI_SCNTL2_VUE1 0x04
47 #define LSI_SCNTL2_WSS 0x08
48 #define LSI_SCNTL2_SLPHBEN 0x10
49 #define LSI_SCNTL2_SLPMD 0x20
50 #define LSI_SCNTL2_CHM 0x40
51 #define LSI_SCNTL2_SDU 0x80
53 #define LSI_ISTAT0_DIP 0x01
54 #define LSI_ISTAT0_SIP 0x02
55 #define LSI_ISTAT0_INTF 0x04
56 #define LSI_ISTAT0_CON 0x08
57 #define LSI_ISTAT0_SEM 0x10
58 #define LSI_ISTAT0_SIGP 0x20
59 #define LSI_ISTAT0_SRST 0x40
60 #define LSI_ISTAT0_ABRT 0x80
62 #define LSI_ISTAT1_SI 0x01
63 #define LSI_ISTAT1_SRUN 0x02
64 #define LSI_ISTAT1_FLSH 0x04
66 #define LSI_SSTAT0_SDP0 0x01
67 #define LSI_SSTAT0_RST 0x02
68 #define LSI_SSTAT0_WOA 0x04
69 #define LSI_SSTAT0_LOA 0x08
70 #define LSI_SSTAT0_AIP 0x10
71 #define LSI_SSTAT0_OLF 0x20
72 #define LSI_SSTAT0_ORF 0x40
73 #define LSI_SSTAT0_ILF 0x80
75 #define LSI_SIST0_PAR 0x01
76 #define LSI_SIST0_RST 0x02
77 #define LSI_SIST0_UDC 0x04
78 #define LSI_SIST0_SGE 0x08
79 #define LSI_SIST0_RSL 0x10
80 #define LSI_SIST0_SEL 0x20
81 #define LSI_SIST0_CMP 0x40
82 #define LSI_SIST0_MA 0x80
84 #define LSI_SIST1_HTH 0x01
85 #define LSI_SIST1_GEN 0x02
86 #define LSI_SIST1_STO 0x04
87 #define LSI_SIST1_SBMC 0x10
89 #define LSI_SOCL_IO 0x01
90 #define LSI_SOCL_CD 0x02
91 #define LSI_SOCL_MSG 0x04
92 #define LSI_SOCL_ATN 0x08
93 #define LSI_SOCL_SEL 0x10
94 #define LSI_SOCL_BSY 0x20
95 #define LSI_SOCL_ACK 0x40
96 #define LSI_SOCL_REQ 0x80
98 #define LSI_DSTAT_IID 0x01
99 #define LSI_DSTAT_SIR 0x04
100 #define LSI_DSTAT_SSI 0x08
101 #define LSI_DSTAT_ABRT 0x10
102 #define LSI_DSTAT_BF 0x20
103 #define LSI_DSTAT_MDPE 0x40
104 #define LSI_DSTAT_DFE 0x80
106 #define LSI_DCNTL_COM 0x01
107 #define LSI_DCNTL_IRQD 0x02
108 #define LSI_DCNTL_STD 0x04
109 #define LSI_DCNTL_IRQM 0x08
110 #define LSI_DCNTL_SSM 0x10
111 #define LSI_DCNTL_PFEN 0x20
112 #define LSI_DCNTL_PFF 0x40
113 #define LSI_DCNTL_CLSE 0x80
115 #define LSI_DMODE_MAN 0x01
116 #define LSI_DMODE_BOF 0x02
117 #define LSI_DMODE_ERMP 0x04
118 #define LSI_DMODE_ERL 0x08
119 #define LSI_DMODE_DIOM 0x10
120 #define LSI_DMODE_SIOM 0x20
122 #define LSI_CTEST2_DACK 0x01
123 #define LSI_CTEST2_DREQ 0x02
124 #define LSI_CTEST2_TEOP 0x04
125 #define LSI_CTEST2_PCICIE 0x08
126 #define LSI_CTEST2_CM 0x10
127 #define LSI_CTEST2_CIO 0x20
128 #define LSI_CTEST2_SIGP 0x40
129 #define LSI_CTEST2_DDIR 0x80
131 #define LSI_CTEST5_BL2 0x04
132 #define LSI_CTEST5_DDIR 0x08
133 #define LSI_CTEST5_MASR 0x10
134 #define LSI_CTEST5_DFSN 0x20
135 #define LSI_CTEST5_BBCK 0x40
136 #define LSI_CTEST5_ADCK 0x80
138 #define LSI_CCNTL0_DILS 0x01
139 #define LSI_CCNTL0_DISFC 0x10
140 #define LSI_CCNTL0_ENNDJ 0x20
141 #define LSI_CCNTL0_PMJCTL 0x40
142 #define LSI_CCNTL0_ENPMJ 0x80
152 /* The HBA is ID 7, so for simplicitly limit to 7 devices. */
153 #define LSI_MAX_DEVS 7
155 /* Size of internal DMA buffer for async IO requests. */
156 #define LSI_DMA_BLOCK_SIZE 0x10000
162 uint32_t script_ram_base;
165 int carry; /* ??? Should this be an a visible register somewhere? */
168 /* 0 if SCRIPTS are running or stopped.
169 * 1 if a Wait Reselect instruction has been issued.
170 * 2 if a DMA operation is in progress. */
172 SCSIDevice *scsi_dev[LSI_MAX_DEVS];
173 SCSIDevice *current_dev;
232 uint32_t scratch[13]; /* SCRATCHA-SCRATCHR */
234 uint8_t dma_buf[LSI_DMA_BLOCK_SIZE];
235 /* Script ram is stored as 32-bit words in host byteorder. */
236 uint32_t script_ram[2048];
239 static void lsi_soft_reset(LSIState *s)
249 memset(s->scratch, 0, sizeof(s->scratch));
302 static uint8_t lsi_reg_readb(LSIState *s, int offset);
303 static void lsi_reg_writeb(LSIState *s, int offset, uint8_t val);
304 static void lsi_execute_script(LSIState *s);
306 static inline uint32_t read_dword(LSIState *s, uint32_t addr)
310 /* Optimize reading from SCRIPTS RAM. */
311 if ((addr & 0xffffe000) == s->script_ram_base) {
312 return s->script_ram[(addr & 0x1fff) >> 2];
314 cpu_physical_memory_read(addr, (uint8_t *)&buf, 4);
315 return cpu_to_le32(buf);
318 static void lsi_stop_script(LSIState *s)
320 s->istat1 &= ~LSI_ISTAT1_SRUN;
323 static void lsi_update_irq(LSIState *s)
326 static int last_level;
328 /* It's unclear whether the DIP/SIP bits should be cleared when the
329 Interrupt Status Registers are cleared or when istat0 is read.
330 We currently do the formwer, which seems to work. */
333 if (s->dstat & s->dien)
335 s->istat0 |= LSI_ISTAT0_DIP;
337 s->istat0 &= ~LSI_ISTAT0_DIP;
340 if (s->sist0 || s->sist1) {
341 if ((s->sist0 & s->sien0) || (s->sist1 & s->sien1))
343 s->istat0 |= LSI_ISTAT0_SIP;
345 s->istat0 &= ~LSI_ISTAT0_SIP;
347 if (s->istat0 & LSI_ISTAT0_INTF)
350 if (level != last_level) {
351 DPRINTF("Update IRQ level %d dstat %02x sist %02x%02x\n",
352 level, s->dstat, s->sist1, s->sist0);
355 pci_set_irq(&s->pci_dev, 0, level);
358 /* Stop SCRIPTS execution and raise a SCSI interrupt. */
359 static void lsi_script_scsi_interrupt(LSIState *s, int stat0, int stat1)
364 DPRINTF("SCSI Interrupt 0x%02x%02x prev 0x%02x%02x\n",
365 stat1, stat0, s->sist1, s->sist0);
368 /* Stop processor on fatal or unmasked interrupt. As a special hack
369 we don't stop processing when raising STO. Instead continue
370 execution and stop at the next insn that accesses the SCSI bus. */
371 mask0 = s->sien0 | ~(LSI_SIST0_CMP | LSI_SIST0_SEL | LSI_SIST0_RSL);
372 mask1 = s->sien1 | ~(LSI_SIST1_GEN | LSI_SIST1_HTH);
373 mask1 &= ~LSI_SIST1_STO;
374 if (s->sist0 & mask0 || s->sist1 & mask1) {
380 /* Stop SCRIPTS execution and raise a DMA interrupt. */
381 static void lsi_script_dma_interrupt(LSIState *s, int stat)
383 DPRINTF("DMA Interrupt 0x%x prev 0x%x\n", stat, s->dstat);
389 static inline void lsi_set_phase(LSIState *s, int phase)
391 s->sstat1 = (s->sstat1 & ~PHASE_MASK) | phase;
394 static void lsi_bad_phase(LSIState *s, int out, int new_phase)
396 /* Trigger a phase mismatch. */
397 if (s->ccntl0 & LSI_CCNTL0_ENPMJ) {
398 if ((s->ccntl0 & LSI_CCNTL0_PMJCTL) || out) {
403 DPRINTF("Data phase mismatch jump to %08x\n", s->dsp);
405 DPRINTF("Phase mismatch interrupt\n");
406 lsi_script_scsi_interrupt(s, LSI_SIST0_MA, 0);
409 lsi_set_phase(s, new_phase);
412 /* Initiate a SCSI layer data transfer. */
413 static void lsi_do_dma(LSIState *s, int out)
418 if (count > LSI_DMA_BLOCK_SIZE)
419 count = LSI_DMA_BLOCK_SIZE;
420 DPRINTF("DMA addr=0x%08x len=%d avail=%d\n",
421 addr, count, s->data_len);
422 /* ??? Too long transfers are truncated. Don't know if this is the
424 if (count > s->data_len) {
425 /* If the DMA length is greater than the device data length then
426 a phase mismatch will occur. */
429 lsi_bad_phase(s, out, PHASE_ST);
434 /* ??? Set SFBR to first data byte. */
435 if ((s->sstat1 & PHASE_MASK) == PHASE_DO) {
436 cpu_physical_memory_read(s->dnad, s->dma_buf, count);
437 scsi_write_data(s->current_dev, s->dma_buf, count);
439 scsi_read_data(s->current_dev, s->dma_buf, count);
441 /* If the DMA did not complete then suspend execution. */
446 /* Callback to indicate that the SCSI layer has completed a transfer. */
447 static void lsi_command_complete(void *opaque, uint32_t reason, int sense)
449 LSIState *s = (LSIState *)opaque;
453 out = ((s->sstat1 & PHASE_MASK) == PHASE_DO);
455 if (count > LSI_DMA_BLOCK_SIZE)
456 count = LSI_DMA_BLOCK_SIZE;
458 cpu_physical_memory_write(s->dnad, s->dma_buf, count);
462 if (reason == SCSI_REASON_DONE) {
463 DPRINTF("Command complete sense=%d\n", sense);
465 lsi_set_phase(s, PHASE_ST);
470 } else if (s->waiting == 2) {
471 /* Restart SCRIPTS execution. */
473 lsi_execute_script(s);
477 static void lsi_do_command(LSIState *s)
482 DPRINTF("Send command len=%d\n", s->dbc);
485 cpu_physical_memory_read(s->dnad, buf, s->dbc);
487 n = scsi_send_command(s->current_dev, 0, buf, s->current_lun);
490 lsi_set_phase(s, PHASE_DI);
493 lsi_set_phase(s, PHASE_DO);
497 static void lsi_do_status(LSIState *s)
499 DPRINTF("Get status len=%d sense=%d\n", s->dbc, s->sense);
501 BADF("Bad Status move\n");
504 cpu_physical_memory_write(s->dnad, &s->msg, 1);
506 lsi_set_phase(s, PHASE_MI);
507 s->msg = 0; /* COMMAND COMPLETE */
510 static void lsi_disconnect(LSIState *s)
512 s->scntl1 &= ~LSI_SCNTL1_CON;
513 s->sstat1 &= ~PHASE_MASK;
516 static void lsi_do_msgin(LSIState *s)
518 DPRINTF("Message in len=%d\n", s->dbc);
521 cpu_physical_memory_write(s->dnad, &s->msg, 1);
525 /* ??? Check if ATN (not yet implemented) is asserted and maybe
526 switch to PHASE_MO. */
527 lsi_set_phase(s, PHASE_CMD);
531 static void lsi_do_msgout(LSIState *s)
535 DPRINTF("MSG out len=%d\n", s->dbc);
537 /* Multibyte messages not implemented. */
538 s->msg = 7; /* MESSAGE REJECT */
540 //lsi_bad_phase(s, 1, PHASE_MI);
541 lsi_set_phase(s, PHASE_MI);
544 cpu_physical_memory_read(s->dnad, &msg, 1);
550 DPRINTF("Got Disconnect\n");
554 DPRINTF("Got No Operation\n");
555 lsi_set_phase(s, PHASE_CMD);
558 if ((msg & 0x80) == 0) {
559 DPRINTF("Unimplemented message 0x%d\n", msg);
560 s->msg = 7; /* MESSAGE REJECT */
561 lsi_bad_phase(s, 1, PHASE_MI);
564 s->current_lun = msg & 7;
565 DPRINTF("Select LUN %d\n", s->current_lun);
566 lsi_set_phase(s, PHASE_CMD);
569 /* Sign extend a 24-bit value. */
570 static inline int32_t sxt24(int32_t n)
572 return (n << 8) >> 8;
575 static void lsi_memcpy(LSIState *s, uint32_t dest, uint32_t src, int count)
578 uint8_t buf[TARGET_PAGE_SIZE];
580 DPRINTF("memcpy dest 0x%08x src 0x%08x count %d\n", dest, src, count);
582 n = (count > TARGET_PAGE_SIZE) ? TARGET_PAGE_SIZE : count;
583 cpu_physical_memory_read(src, buf, n);
584 cpu_physical_memory_write(dest, buf, n);
591 static void lsi_execute_script(LSIState *s)
597 s->istat1 |= LSI_ISTAT1_SRUN;
599 insn = read_dword(s, s->dsp);
600 addr = read_dword(s, s->dsp + 4);
601 DPRINTF("SCRIPTS dsp=%08x opcode %08x arg %08x\n", s->dsp, insn, addr);
603 s->dcmd = insn >> 24;
605 switch (insn >> 30) {
606 case 0: /* Block move. */
607 if (s->sist1 & LSI_SIST1_STO) {
608 DPRINTF("Delayed select timeout\n");
612 s->dbc = insn & 0xffffff;
614 if (insn & (1 << 29)) {
615 /* Indirect addressing. */
616 addr = read_dword(s, addr);
617 } else if (insn & (1 << 28)) {
620 /* Table indirect addressing. */
621 offset = sxt24(addr);
622 cpu_physical_memory_read(s->dsa + offset, (uint8_t *)buf, 8);
623 s->dbc = cpu_to_le32(buf[0]);
624 addr = cpu_to_le32(buf[1]);
626 if ((s->sstat1 & PHASE_MASK) != ((insn >> 24) & 7)) {
627 DPRINTF("Wrong phase got %d expected %d\n",
628 s->sstat1 & PHASE_MASK, (insn >> 24) & 7);
629 lsi_script_scsi_interrupt(s, LSI_SIST0_MA, 0);
633 switch (s->sstat1 & 0x7) {
653 BADF("Unimplemented phase %d\n", s->sstat1 & PHASE_MASK);
656 s->dfifo = s->dbc & 0xff;
657 s->ctest5 = (s->ctest5 & 0xfc) | ((s->dbc >> 8) & 3);
660 s->ua = addr + s->dbc;
665 case 1: /* IO or Read/Write instruction. */
666 opcode = (insn >> 27) & 7;
670 if (insn & (1 << 25)) {
671 id = read_dword(s, s->dsa + sxt24(insn));
675 id = (id >> 16) & 0xf;
676 if (insn & (1 << 26)) {
677 addr = s->dsp + sxt24(addr);
682 s->sstat0 |= LSI_SSTAT0_WOA;
683 s->scntl1 &= ~LSI_SCNTL1_IARB;
685 if (id >= LSI_MAX_DEVS || !s->scsi_dev[id]) {
686 DPRINTF("Selected absent target %d\n", id);
687 lsi_script_scsi_interrupt(s, 0, LSI_SIST1_STO);
691 DPRINTF("Selected target %d%s\n",
692 id, insn & (1 << 3) ? " ATN" : "");
693 /* ??? Linux drivers compain when this is set. Maybe
694 it only applies in low-level mode (unimplemented).
695 lsi_script_scsi_interrupt(s, LSI_SIST0_CMP, 0); */
696 s->current_dev = s->scsi_dev[id];
697 s->scntl1 |= LSI_SCNTL1_CON;
698 if (insn & (1 << 3)) {
699 s->socl |= LSI_SOCL_ATN;
701 lsi_set_phase(s, PHASE_MO);
703 case 1: /* Disconnect */
704 DPRINTF("Wait Disconect\n");
705 s->scntl1 &= ~LSI_SCNTL1_CON;
707 case 2: /* Wait Reselect */
708 DPRINTF("Wait Reselect\n");
712 DPRINTF("Set%s%s%s%s\n",
713 insn & (1 << 3) ? " ATN" : "",
714 insn & (1 << 6) ? " ACK" : "",
715 insn & (1 << 9) ? " TM" : "",
716 insn & (1 << 10) ? " CC" : "");
717 if (insn & (1 << 3)) {
718 s->socl |= LSI_SOCL_ATN;
719 lsi_set_phase(s, PHASE_MO);
721 if (insn & (1 << 9)) {
722 BADF("Target mode not implemented\n");
725 if (insn & (1 << 10))
729 DPRINTF("Clear%s%s%s%s\n",
730 insn & (1 << 3) ? " ATN" : "",
731 insn & (1 << 6) ? " ACK" : "",
732 insn & (1 << 9) ? " TM" : "",
733 insn & (1 << 10) ? " CC" : "");
734 if (insn & (1 << 3)) {
735 s->socl &= ~LSI_SOCL_ATN;
737 if (insn & (1 << 10))
748 static const char *opcode_names[3] =
749 {"Write", "Read", "Read-Modify-Write"};
750 static const char *operator_names[8] =
751 {"MOV", "SHL", "OR", "XOR", "AND", "SHR", "ADD", "ADC"};
754 reg = ((insn >> 16) & 0x7f) | (insn & 0x80);
755 data8 = (insn >> 8) & 0xff;
756 opcode = (insn >> 27) & 7;
757 operator = (insn >> 24) & 7;
758 DPRINTF("%s reg 0x%x %s data8 %d%s\n",
759 opcode_names[opcode - 5], reg,
760 operator_names[operator], data8,
761 (insn & (1 << 23)) ? " SFBR" : "");
764 case 5: /* From SFBR */
768 case 6: /* To SFBR */
770 op0 = lsi_reg_readb(s, reg);
773 case 7: /* Read-modify-write */
775 op0 = lsi_reg_readb(s, reg);
776 if (insn & (1 << 23)) {
788 case 1: /* Shift left */
790 op0 = (op0 << 1) | s->carry;
804 op0 = (op0 >> 1) | (s->carry << 7);
808 s->carry = op0 < op1;
811 op0 += op1 + s->carry;
813 s->carry = op0 <= op1;
815 s->carry = op0 < op1;
820 case 5: /* From SFBR */
821 case 7: /* Read-modify-write */
822 lsi_reg_writeb(s, reg, op0);
824 case 6: /* To SFBR */
831 case 2: /* Transfer Control. */
836 if ((insn & 0x002e0000) == 0) {
840 if (s->sist1 & LSI_SIST1_STO) {
841 DPRINTF("Delayed select timeout\n");
845 cond = jmp = (insn & (1 << 19)) != 0;
846 if (cond == jmp && (insn & (1 << 21))) {
847 DPRINTF("Compare carry %d\n", s->carry == jmp);
848 cond = s->carry != 0;
850 if (cond == jmp && (insn & (1 << 17))) {
851 DPRINTF("Compare phase %d %c= %d\n",
852 (s->sstat1 & PHASE_MASK),
855 cond = (s->sstat1 & PHASE_MASK) == ((insn >> 24) & 7);
857 if (cond == jmp && (insn & (1 << 18))) {
860 mask = (~insn >> 8) & 0xff;
861 DPRINTF("Compare data 0x%x & 0x%x %c= 0x%x\n",
862 s->sfbr, mask, jmp ? '=' : '!', insn & mask);
863 cond = (s->sfbr & mask) == (insn & mask);
866 if (insn & (1 << 23)) {
867 /* Relative address. */
868 addr = s->dsp + sxt24(addr);
870 switch ((insn >> 27) & 7) {
872 DPRINTF("Jump to 0x%08x\n", addr);
876 DPRINTF("Call 0x%08x\n", addr);
881 DPRINTF("Return to 0x%08x\n", s->temp);
884 case 3: /* Interrupt */
885 DPRINTF("Interrupt 0x%08x\n", s->dsps);
886 if ((insn & (1 << 20)) != 0) {
887 s->istat0 |= LSI_ISTAT0_INTF;
890 lsi_script_dma_interrupt(s, LSI_DSTAT_SIR);
894 DPRINTF("Illegal transfer control\n");
895 lsi_script_dma_interrupt(s, LSI_DSTAT_IID);
899 DPRINTF("Control condition failed\n");
905 if ((insn & (1 << 29)) == 0) {
908 /* ??? The docs imply the destination address is loaded into
909 the TEMP register. However the Linux drivers rely on
910 the value being presrved. */
911 dest = read_dword(s, s->dsp);
913 lsi_memcpy(s, dest, addr, insn & 0xffffff);
920 if (insn & (1 << 28)) {
921 addr = s->dsa + sxt24(addr);
924 reg = (insn >> 16) & 0xff;
925 if (insn & (1 << 24)) {
926 DPRINTF("Load reg 0x%x size %d addr 0x%08x\n", reg, n, addr);
927 cpu_physical_memory_read(addr, data, n);
928 for (i = 0; i < n; i++) {
929 lsi_reg_writeb(s, reg + i, data[i]);
932 DPRINTF("Store reg 0x%x size %d addr 0x%08x\n", reg, n, addr);
933 for (i = 0; i < n; i++) {
934 data[i] = lsi_reg_readb(s, reg + i);
936 cpu_physical_memory_write(addr, data, n);
940 /* ??? Need to avoid infinite loops. */
941 if (s->istat1 & LSI_ISTAT1_SRUN && !s->waiting) {
942 if (s->dcntl & LSI_DCNTL_SSM) {
943 lsi_script_dma_interrupt(s, LSI_DSTAT_SSI);
948 DPRINTF("SCRIPTS execution stopped\n");
951 static uint8_t lsi_reg_readb(LSIState *s, int offset)
954 #define CASE_GET_REG32(name, addr) \
955 case addr: return s->name & 0xff; \
956 case addr + 1: return (s->name >> 8) & 0xff; \
957 case addr + 2: return (s->name >> 16) & 0xff; \
958 case addr + 3: return (s->name >> 24) & 0xff;
961 DPRINTF("Read reg %x\n", offset);
964 case 0x00: /* SCNTL0 */
966 case 0x01: /* SCNTL1 */
968 case 0x02: /* SCNTL2 */
970 case 0x03: /* SCNTL3 */
972 case 0x04: /* SCID */
974 case 0x05: /* SXFER */
976 case 0x06: /* SDID */
978 case 0x07: /* GPREG0 */
981 /* ??? This is not correct. However it's (hopefully) only
982 used for diagnostics, so should be ok. */
984 case 0xc: /* DSTAT */
985 tmp = s->dstat | 0x80;
986 if ((s->istat0 & LSI_ISTAT0_INTF) == 0)
990 case 0x0d: /* SSTAT0 */
992 case 0x0e: /* SSTAT1 */
994 case 0x0f: /* SSTAT2 */
995 return s->scntl1 & LSI_SCNTL1_CON ? 0 : 2;
996 CASE_GET_REG32(dsa, 0x10)
997 case 0x14: /* ISTAT0 */
999 case 0x16: /* MBOX0 */
1001 case 0x17: /* MBOX1 */
1003 case 0x18: /* CTEST0 */
1005 case 0x19: /* CTEST1 */
1007 case 0x1a: /* CTEST2 */
1008 tmp = LSI_CTEST2_DACK | LSI_CTEST2_CM;
1009 if (s->istat0 & LSI_ISTAT0_SIGP) {
1010 s->istat0 &= ~LSI_ISTAT0_SIGP;
1011 tmp |= LSI_CTEST2_SIGP;
1014 case 0x1b: /* CTEST3 */
1016 CASE_GET_REG32(temp, 0x1c)
1017 case 0x20: /* DFIFO */
1019 case 0x21: /* CTEST4 */
1021 case 0x22: /* CTEST5 */
1023 case 0x24: /* DBC[0:7] */
1024 return s->dbc & 0xff;
1025 case 0x25: /* DBC[8:15] */
1026 return (s->dbc >> 8) & 0xff;
1027 case 0x26: /* DBC[16->23] */
1028 return (s->dbc >> 16) & 0xff;
1029 case 0x27: /* DCMD */
1031 CASE_GET_REG32(dsp, 0x2c)
1032 CASE_GET_REG32(dsps, 0x30)
1033 CASE_GET_REG32(scratch[0], 0x34)
1034 case 0x38: /* DMODE */
1036 case 0x39: /* DIEN */
1038 case 0x3b: /* DCNTL */
1040 case 0x40: /* SIEN0 */
1042 case 0x41: /* SIEN1 */
1044 case 0x42: /* SIST0 */
1049 case 0x43: /* SIST1 */
1054 case 0x47: /* GPCNTL0 */
1056 case 0x48: /* STIME0 */
1058 case 0x4a: /* RESPID0 */
1060 case 0x4b: /* RESPID1 */
1062 case 0x4d: /* STEST1 */
1064 case 0x4e: /* STEST2 */
1066 case 0x4f: /* STEST3 */
1068 case 0x52: /* STEST4 */
1070 case 0x56: /* CCNTL0 */
1072 case 0x57: /* CCNTL1 */
1074 case 0x58: case 0x59: /* SBDL */
1076 CASE_GET_REG32(mmrs, 0xa0)
1077 CASE_GET_REG32(mmws, 0xa4)
1078 CASE_GET_REG32(sfs, 0xa8)
1079 CASE_GET_REG32(drs, 0xac)
1080 CASE_GET_REG32(sbms, 0xb0)
1081 CASE_GET_REG32(dmbs, 0xb4)
1082 CASE_GET_REG32(dnad64, 0xb8)
1083 CASE_GET_REG32(pmjad1, 0xc0)
1084 CASE_GET_REG32(pmjad2, 0xc4)
1085 CASE_GET_REG32(rbc, 0xc8)
1086 CASE_GET_REG32(ua, 0xcc)
1087 CASE_GET_REG32(ia, 0xd4)
1088 CASE_GET_REG32(sbc, 0xd8)
1089 CASE_GET_REG32(csbc, 0xdc)
1091 if (offset >= 0x5c && offset < 0xa0) {
1094 n = (offset - 0x58) >> 2;
1095 shift = (offset & 3) * 8;
1096 return (s->scratch[n] >> shift) & 0xff;
1098 BADF("readb 0x%x\n", offset);
1100 #undef CASE_GET_REG32
1103 static void lsi_reg_writeb(LSIState *s, int offset, uint8_t val)
1105 #define CASE_SET_REG32(name, addr) \
1106 case addr : s->name &= 0xffffff00; s->name |= val; break; \
1107 case addr + 1: s->name &= 0xffff00ff; s->name |= val << 8; break; \
1108 case addr + 2: s->name &= 0xff00ffff; s->name |= val << 16; break; \
1109 case addr + 3: s->name &= 0x00ffffff; s->name |= val << 24; break;
1111 #ifdef DEBUG_LSI_REG
1112 DPRINTF("Write reg %x = %02x\n", offset, val);
1115 case 0x00: /* SCNTL0 */
1117 if (val & LSI_SCNTL0_START) {
1118 BADF("Start sequence not implemented\n");
1121 case 0x01: /* SCNTL1 */
1122 s->scntl1 = val & ~LSI_SCNTL1_SST;
1123 if (val & LSI_SCNTL1_IARB) {
1124 BADF("Immediate Arbritration not implemented\n");
1126 if (val & LSI_SCNTL1_RST) {
1127 s->sstat0 |= LSI_SSTAT0_RST;
1128 lsi_script_scsi_interrupt(s, LSI_SIST0_RST, 0);
1130 s->sstat0 &= ~LSI_SSTAT0_RST;
1133 case 0x02: /* SCNTL2 */
1134 val &= ~(LSI_SCNTL2_WSR | LSI_SCNTL2_WSS);
1137 case 0x03: /* SCNTL3 */
1140 case 0x04: /* SCID */
1143 case 0x05: /* SXFER */
1146 case 0x07: /* GPREG0 */
1148 case 0x0c: case 0x0d: case 0x0e: case 0x0f:
1149 /* Linux writes to these readonly registers on startup. */
1151 CASE_SET_REG32(dsa, 0x10)
1152 case 0x14: /* ISTAT0 */
1153 s->istat0 = (s->istat0 & 0x0f) | (val & 0xf0);
1154 if (val & LSI_ISTAT0_ABRT) {
1155 lsi_script_dma_interrupt(s, LSI_DSTAT_ABRT);
1157 if (val & LSI_ISTAT0_INTF) {
1158 s->istat0 &= ~LSI_ISTAT0_INTF;
1161 if (s->waiting == 1 && val & LSI_ISTAT0_SIGP) {
1162 DPRINTF("Woken by SIGP\n");
1165 lsi_execute_script(s);
1167 if (val & LSI_ISTAT0_SRST) {
1170 case 0x16: /* MBOX0 */
1172 case 0x17: /* MBOX1 */
1174 case 0x1b: /* CTEST3 */
1175 s->ctest3 = val & 0x0f;
1177 CASE_SET_REG32(temp, 0x1c)
1178 case 0x21: /* CTEST4 */
1180 BADF("Unimplemented CTEST4-FBL 0x%x\n", val);
1184 case 0x22: /* CTEST5 */
1185 if (val & (LSI_CTEST5_ADCK | LSI_CTEST5_BBCK)) {
1186 BADF("CTEST5 DMA increment not implemented\n");
1190 case 0x2c: /* DSPS[0:7] */
1191 s->dsp &= 0xffffff00;
1194 case 0x2d: /* DSPS[8:15] */
1195 s->dsp &= 0xffff00ff;
1198 case 0x2e: /* DSPS[16:23] */
1199 s->dsp &= 0xff00ffff;
1200 s->dsp |= val << 16;
1202 case 0x2f: /* DSPS[14:31] */
1203 s->dsp &= 0x00ffffff;
1204 s->dsp |= val << 24;
1205 if ((s->dmode & LSI_DMODE_MAN) == 0
1206 && (s->istat1 & LSI_ISTAT1_SRUN) == 0)
1207 lsi_execute_script(s);
1209 CASE_SET_REG32(dsps, 0x30)
1210 CASE_SET_REG32(scratch[0], 0x34)
1211 case 0x38: /* DMODE */
1212 if (val & (LSI_DMODE_SIOM | LSI_DMODE_DIOM)) {
1213 BADF("IO mappings not implemented\n");
1217 case 0x39: /* DIEN */
1221 case 0x3b: /* DCNTL */
1222 s->dcntl = val & ~(LSI_DCNTL_PFF | LSI_DCNTL_STD);
1223 if ((val & LSI_DCNTL_STD) && (s->istat1 & LSI_ISTAT1_SRUN) == 0)
1224 lsi_execute_script(s);
1226 case 0x40: /* SIEN0 */
1230 case 0x41: /* SIEN1 */
1234 case 0x47: /* GPCNTL0 */
1236 case 0x48: /* STIME0 */
1239 case 0x49: /* STIME1 */
1241 DPRINTF("General purpose timer not implemented\n");
1242 /* ??? Raising the interrupt immediately seems to be sufficient
1243 to keep the FreeBSD driver happy. */
1244 lsi_script_scsi_interrupt(s, 0, LSI_SIST1_GEN);
1247 case 0x4a: /* RESPID0 */
1250 case 0x4b: /* RESPID1 */
1253 case 0x4d: /* STEST1 */
1256 case 0x4e: /* STEST2 */
1258 BADF("Low level mode not implemented\n");
1262 case 0x4f: /* STEST3 */
1264 BADF("SCSI FIFO test mode not implemented\n");
1268 case 0x56: /* CCNTL0 */
1271 case 0x57: /* CCNTL1 */
1274 CASE_SET_REG32(mmrs, 0xa0)
1275 CASE_SET_REG32(mmws, 0xa4)
1276 CASE_SET_REG32(sfs, 0xa8)
1277 CASE_SET_REG32(drs, 0xac)
1278 CASE_SET_REG32(sbms, 0xb0)
1279 CASE_SET_REG32(dmbs, 0xb4)
1280 CASE_SET_REG32(dnad64, 0xb8)
1281 CASE_SET_REG32(pmjad1, 0xc0)
1282 CASE_SET_REG32(pmjad2, 0xc4)
1283 CASE_SET_REG32(rbc, 0xc8)
1284 CASE_SET_REG32(ua, 0xcc)
1285 CASE_SET_REG32(ia, 0xd4)
1286 CASE_SET_REG32(sbc, 0xd8)
1287 CASE_SET_REG32(csbc, 0xdc)
1289 if (offset >= 0x5c && offset < 0xa0) {
1292 n = (offset - 0x58) >> 2;
1293 shift = (offset & 3) * 8;
1294 s->scratch[n] &= ~(0xff << shift);
1295 s->scratch[n] |= (val & 0xff) << shift;
1297 BADF("Unhandled writeb 0x%x = 0x%x\n", offset, val);
1300 #undef CASE_SET_REG32
1303 static void lsi_mmio_writeb(void *opaque, target_phys_addr_t addr, uint32_t val)
1305 LSIState *s = (LSIState *)opaque;
1307 lsi_reg_writeb(s, addr & 0xff, val);
1310 static void lsi_mmio_writew(void *opaque, target_phys_addr_t addr, uint32_t val)
1312 LSIState *s = (LSIState *)opaque;
1315 lsi_reg_writeb(s, addr, val & 0xff);
1316 lsi_reg_writeb(s, addr + 1, (val >> 8) & 0xff);
1319 static void lsi_mmio_writel(void *opaque, target_phys_addr_t addr, uint32_t val)
1321 LSIState *s = (LSIState *)opaque;
1324 lsi_reg_writeb(s, addr, val & 0xff);
1325 lsi_reg_writeb(s, addr + 1, (val >> 8) & 0xff);
1326 lsi_reg_writeb(s, addr + 2, (val >> 16) & 0xff);
1327 lsi_reg_writeb(s, addr + 3, (val >> 24) & 0xff);
1330 static uint32_t lsi_mmio_readb(void *opaque, target_phys_addr_t addr)
1332 LSIState *s = (LSIState *)opaque;
1334 return lsi_reg_readb(s, addr & 0xff);
1337 static uint32_t lsi_mmio_readw(void *opaque, target_phys_addr_t addr)
1339 LSIState *s = (LSIState *)opaque;
1343 val = lsi_reg_readb(s, addr);
1344 val |= lsi_reg_readb(s, addr + 1) << 8;
1348 static uint32_t lsi_mmio_readl(void *opaque, target_phys_addr_t addr)
1350 LSIState *s = (LSIState *)opaque;
1353 val = lsi_reg_readb(s, addr);
1354 val |= lsi_reg_readb(s, addr + 1) << 8;
1355 val |= lsi_reg_readb(s, addr + 2) << 16;
1356 val |= lsi_reg_readb(s, addr + 3) << 24;
1360 static CPUReadMemoryFunc *lsi_mmio_readfn[3] = {
1366 static CPUWriteMemoryFunc *lsi_mmio_writefn[3] = {
1372 static void lsi_ram_writeb(void *opaque, target_phys_addr_t addr, uint32_t val)
1374 LSIState *s = (LSIState *)opaque;
1379 newval = s->script_ram[addr >> 2];
1380 shift = (addr & 3) * 8;
1381 newval &= ~(0xff << shift);
1382 newval |= val << shift;
1383 s->script_ram[addr >> 2] = newval;
1386 static void lsi_ram_writew(void *opaque, target_phys_addr_t addr, uint32_t val)
1388 LSIState *s = (LSIState *)opaque;
1392 newval = s->script_ram[addr >> 2];
1394 newval = (newval & 0xffff) | (val << 16);
1396 newval = (newval & 0xffff0000) | val;
1398 s->script_ram[addr >> 2] = newval;
1402 static void lsi_ram_writel(void *opaque, target_phys_addr_t addr, uint32_t val)
1404 LSIState *s = (LSIState *)opaque;
1407 s->script_ram[addr >> 2] = val;
1410 static uint32_t lsi_ram_readb(void *opaque, target_phys_addr_t addr)
1412 LSIState *s = (LSIState *)opaque;
1416 val = s->script_ram[addr >> 2];
1417 val >>= (addr & 3) * 8;
1421 static uint32_t lsi_ram_readw(void *opaque, target_phys_addr_t addr)
1423 LSIState *s = (LSIState *)opaque;
1427 val = s->script_ram[addr >> 2];
1430 return le16_to_cpu(val);
1433 static uint32_t lsi_ram_readl(void *opaque, target_phys_addr_t addr)
1435 LSIState *s = (LSIState *)opaque;
1438 return le32_to_cpu(s->script_ram[addr >> 2]);
1441 static CPUReadMemoryFunc *lsi_ram_readfn[3] = {
1447 static CPUWriteMemoryFunc *lsi_ram_writefn[3] = {
1453 static uint32_t lsi_io_readb(void *opaque, uint32_t addr)
1455 LSIState *s = (LSIState *)opaque;
1456 return lsi_reg_readb(s, addr & 0xff);
1459 static uint32_t lsi_io_readw(void *opaque, uint32_t addr)
1461 LSIState *s = (LSIState *)opaque;
1464 val = lsi_reg_readb(s, addr);
1465 val |= lsi_reg_readb(s, addr + 1) << 8;
1469 static uint32_t lsi_io_readl(void *opaque, uint32_t addr)
1471 LSIState *s = (LSIState *)opaque;
1474 val = lsi_reg_readb(s, addr);
1475 val |= lsi_reg_readb(s, addr + 1) << 8;
1476 val |= lsi_reg_readb(s, addr + 2) << 16;
1477 val |= lsi_reg_readb(s, addr + 3) << 24;
1481 static void lsi_io_writeb(void *opaque, uint32_t addr, uint32_t val)
1483 LSIState *s = (LSIState *)opaque;
1484 lsi_reg_writeb(s, addr & 0xff, val);
1487 static void lsi_io_writew(void *opaque, uint32_t addr, uint32_t val)
1489 LSIState *s = (LSIState *)opaque;
1491 lsi_reg_writeb(s, addr, val & 0xff);
1492 lsi_reg_writeb(s, addr + 1, (val >> 8) & 0xff);
1495 static void lsi_io_writel(void *opaque, uint32_t addr, uint32_t val)
1497 LSIState *s = (LSIState *)opaque;
1499 lsi_reg_writeb(s, addr, val & 0xff);
1500 lsi_reg_writeb(s, addr + 1, (val >> 8) & 0xff);
1501 lsi_reg_writeb(s, addr + 2, (val >> 16) & 0xff);
1502 lsi_reg_writeb(s, addr + 2, (val >> 24) & 0xff);
1505 static void lsi_io_mapfunc(PCIDevice *pci_dev, int region_num,
1506 uint32_t addr, uint32_t size, int type)
1508 LSIState *s = (LSIState *)pci_dev;
1510 DPRINTF("Mapping IO at %08x\n", addr);
1512 register_ioport_write(addr, 256, 1, lsi_io_writeb, s);
1513 register_ioport_read(addr, 256, 1, lsi_io_readb, s);
1514 register_ioport_write(addr, 256, 2, lsi_io_writew, s);
1515 register_ioport_read(addr, 256, 2, lsi_io_readw, s);
1516 register_ioport_write(addr, 256, 4, lsi_io_writel, s);
1517 register_ioport_read(addr, 256, 4, lsi_io_readl, s);
1520 static void lsi_ram_mapfunc(PCIDevice *pci_dev, int region_num,
1521 uint32_t addr, uint32_t size, int type)
1523 LSIState *s = (LSIState *)pci_dev;
1525 DPRINTF("Mapping ram at %08x\n", addr);
1526 s->script_ram_base = addr;
1527 cpu_register_physical_memory(addr + 0, 0x2000, s->ram_io_addr);
1530 static void lsi_mmio_mapfunc(PCIDevice *pci_dev, int region_num,
1531 uint32_t addr, uint32_t size, int type)
1533 LSIState *s = (LSIState *)pci_dev;
1535 DPRINTF("Mapping registers at %08x\n", addr);
1536 cpu_register_physical_memory(addr + 0, 0x400, s->mmio_io_addr);
1539 void lsi_scsi_attach(void *opaque, BlockDriverState *bd, int id)
1541 LSIState *s = (LSIState *)opaque;
1544 for (id = 0; id < LSI_MAX_DEVS; id++) {
1545 if (s->scsi_dev[id] == NULL)
1549 if (id >= LSI_MAX_DEVS) {
1550 BADF("Bad Device ID %d\n", id);
1553 if (s->scsi_dev[id]) {
1554 DPRINTF("Destroying device %d\n", id);
1555 scsi_disk_destroy(s->scsi_dev[id]);
1557 DPRINTF("Attaching block device %d\n", id);
1558 s->scsi_dev[id] = scsi_disk_init(bd, lsi_command_complete, s);
1561 void *lsi_scsi_init(PCIBus *bus, int devfn)
1565 s = (LSIState *)pci_register_device(bus, "LSI53C895A SCSI HBA",
1566 sizeof(*s), devfn, NULL, NULL);
1568 fprintf(stderr, "lsi-scsi: Failed to register PCI device\n");
1572 s->pci_dev.config[0x00] = 0x00;
1573 s->pci_dev.config[0x01] = 0x10;
1574 s->pci_dev.config[0x02] = 0x12;
1575 s->pci_dev.config[0x03] = 0x00;
1576 s->pci_dev.config[0x0b] = 0x01;
1577 s->pci_dev.config[0x3d] = 0x01; /* interrupt pin 1 */
1579 s->mmio_io_addr = cpu_register_io_memory(0, lsi_mmio_readfn,
1580 lsi_mmio_writefn, s);
1581 s->ram_io_addr = cpu_register_io_memory(0, lsi_ram_readfn,
1582 lsi_ram_writefn, s);
1584 pci_register_io_region((struct PCIDevice *)s, 0, 256,
1585 PCI_ADDRESS_SPACE_IO, lsi_io_mapfunc);
1586 pci_register_io_region((struct PCIDevice *)s, 1, 0x400,
1587 PCI_ADDRESS_SPACE_MEM, lsi_mmio_mapfunc);
1588 pci_register_io_region((struct PCIDevice *)s, 2, 0x2000,
1589 PCI_ADDRESS_SPACE_MEM, lsi_ram_mapfunc);
projects / qemu / blob