2 * QEMU ESP/NCR53C9x emulation
4 * Copyright (c) 2005-2006 Fabrice Bellard
6 * Permission is hereby granted, free of charge, to any person obtaining a copy
7 * of this software and associated documentation files (the "Software"), to deal
8 * in the Software without restriction, including without limitation the rights
9 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
10 * copies of the Software, and to permit persons to whom the Software is
11 * furnished to do so, subject to the following conditions:
13 * The above copyright notice and this permission notice shall be included in
14 * all copies or substantial portions of the Software.
16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
19 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
21 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
30 * On Sparc32, this is the ESP (NCR53C90) part of chip STP2000 (Master I/O), also
31 * produced as NCR89C100. See
32 * http://www.ibiblio.org/pub/historic-linux/early-ports/Sparc/NCR/NCR89C100.txt
34 * http://www.ibiblio.org/pub/historic-linux/early-ports/Sparc/NCR/NCR53C9X.txt
38 #define DPRINTF(fmt, args...) \
39 do { printf("ESP: " fmt , ##args); } while (0)
41 #define DPRINTF(fmt, args...)
44 #define ESP_MAXREG 0x3f
46 /* The HBA is ID 7, so for simplicitly limit to 7 devices. */
47 #define ESP_MAX_DEVS 7
49 typedef struct ESPState ESPState;
52 BlockDriverState **bd;
53 uint8_t rregs[ESP_MAXREG];
54 uint8_t wregs[ESP_MAXREG];
56 uint32_t ti_rptr, ti_wptr;
57 uint8_t ti_buf[TI_BUFSZ];
60 SCSIDevice *scsi_dev[MAX_DISKS];
61 SCSIDevice *current_dev;
62 uint8_t cmdbuf[TI_BUFSZ];
66 /* The amount of data left in the current DMA transfer. */
68 /* The size of the current DMA transfer. Zero if no transfer is in
96 static int get_cmd(ESPState *s, uint8_t *buf)
101 dmalen = s->rregs[0] | (s->rregs[1] << 8);
102 target = s->wregs[4] & 7;
103 DPRINTF("get_cmd: len %d target %d\n", dmalen, target);
105 espdma_memory_read(s->dma_opaque, buf, dmalen);
108 memcpy(&buf[1], s->ti_buf, dmalen);
116 if (s->current_dev) {
117 /* Started a new command before the old one finished. Cancel it. */
118 scsi_cancel_io(s->current_dev, 0);
122 if (target >= MAX_DISKS || !s->scsi_dev[target]) {
124 s->rregs[4] = STAT_IN;
125 s->rregs[5] = INTR_DC;
127 espdma_raise_irq(s->dma_opaque);
130 s->current_dev = s->scsi_dev[target];
134 static void do_cmd(ESPState *s, uint8_t *buf)
139 DPRINTF("do_cmd: busid 0x%x\n", buf[0]);
141 datalen = scsi_send_command(s->current_dev, 0, &buf[1], lun);
142 s->ti_size = datalen;
144 s->rregs[4] = STAT_IN | STAT_TC;
148 s->rregs[4] |= STAT_DI;
149 scsi_read_data(s->current_dev, 0);
151 s->rregs[4] |= STAT_DO;
152 scsi_write_data(s->current_dev, 0);
155 s->rregs[5] = INTR_BS | INTR_FC;
156 s->rregs[6] = SEQ_CD;
157 espdma_raise_irq(s->dma_opaque);
160 static void handle_satn(ESPState *s)
165 len = get_cmd(s, buf);
170 static void handle_satn_stop(ESPState *s)
172 s->cmdlen = get_cmd(s, s->cmdbuf);
174 DPRINTF("Set ATN & Stop: cmdlen %d\n", s->cmdlen);
176 s->rregs[4] = STAT_IN | STAT_TC | STAT_CD;
177 s->rregs[5] = INTR_BS | INTR_FC;
178 s->rregs[6] = SEQ_CD;
179 espdma_raise_irq(s->dma_opaque);
183 static void write_response(ESPState *s)
185 DPRINTF("Transfer status (sense=%d)\n", s->sense);
186 s->ti_buf[0] = s->sense;
189 espdma_memory_write(s->dma_opaque, s->ti_buf, 2);
190 s->rregs[4] = STAT_IN | STAT_TC | STAT_ST;
191 s->rregs[5] = INTR_BS | INTR_FC;
192 s->rregs[6] = SEQ_CD;
199 espdma_raise_irq(s->dma_opaque);
202 static void esp_dma_done(ESPState *s)
204 s->rregs[4] |= STAT_IN | STAT_TC;
205 s->rregs[5] = INTR_BS;
210 espdma_raise_irq(s->dma_opaque);
213 static void esp_do_dma(ESPState *s)
218 to_device = (s->ti_size < 0);
221 DPRINTF("command len %d + %d\n", s->cmdlen, len);
222 espdma_memory_read(s->dma_opaque, &s->cmdbuf[s->cmdlen], len);
226 do_cmd(s, s->cmdbuf);
229 if (s->async_len == 0) {
230 /* Defer until data is available. */
233 if (len > s->async_len) {
237 espdma_memory_read(s->dma_opaque, s->async_buf, len);
239 espdma_memory_write(s->dma_opaque, s->async_buf, len);
248 if (s->async_len == 0) {
250 // ti_size is negative
251 scsi_write_data(s->current_dev, 0);
253 scsi_read_data(s->current_dev, 0);
254 /* If there is still data to be read from the device then
255 complete the DMA operation immeriately. Otherwise defer
256 until the scsi layer has completed. */
257 if (s->dma_left == 0 && s->ti_size > 0) {
262 /* Partially filled a scsi buffer. Complete immediately. */
267 static void esp_command_complete(void *opaque, int reason, uint32_t tag,
270 ESPState *s = (ESPState *)opaque;
272 if (reason == SCSI_REASON_DONE) {
273 DPRINTF("SCSI Command complete\n");
275 DPRINTF("SCSI command completed unexpectedly\n");
280 DPRINTF("Command failed\n");
282 s->rregs[4] = STAT_ST;
284 s->current_dev = NULL;
286 DPRINTF("transfer %d/%d\n", s->dma_left, s->ti_size);
288 s->async_buf = scsi_get_buf(s->current_dev, 0);
291 } else if (s->dma_counter != 0 && s->ti_size <= 0) {
292 /* If this was the last part of a DMA transfer then the
293 completion interrupt is deferred to here. */
299 static void handle_ti(ESPState *s)
301 uint32_t dmalen, minlen;
303 dmalen = s->rregs[0] | (s->rregs[1] << 8);
307 s->dma_counter = dmalen;
310 minlen = (dmalen < 32) ? dmalen : 32;
311 else if (s->ti_size < 0)
312 minlen = (dmalen < -s->ti_size) ? dmalen : -s->ti_size;
314 minlen = (dmalen < s->ti_size) ? dmalen : s->ti_size;
315 DPRINTF("Transfer Information len %d\n", minlen);
317 s->dma_left = minlen;
318 s->rregs[4] &= ~STAT_TC;
320 } else if (s->do_cmd) {
321 DPRINTF("command len %d\n", s->cmdlen);
325 do_cmd(s, s->cmdbuf);
330 void esp_reset(void *opaque)
332 ESPState *s = opaque;
334 memset(s->rregs, 0, ESP_MAXREG);
335 memset(s->wregs, 0, ESP_MAXREG);
336 s->rregs[0x0e] = 0x4; // Indicate fas100a
344 static uint32_t esp_mem_readb(void *opaque, target_phys_addr_t addr)
346 ESPState *s = opaque;
349 saddr = (addr & ESP_MAXREG) >> 2;
350 DPRINTF("read reg[%d]: 0x%2.2x\n", saddr, s->rregs[saddr]);
354 if (s->ti_size > 0) {
356 if ((s->rregs[4] & 6) == 0) {
358 fprintf(stderr, "esp: PIO data read not implemented\n");
361 s->rregs[2] = s->ti_buf[s->ti_rptr++];
363 espdma_raise_irq(s->dma_opaque);
365 if (s->ti_size == 0) {
372 // Clear interrupt/error status bits
373 s->rregs[4] &= ~(STAT_IN | STAT_GE | STAT_PE);
374 espdma_clear_irq(s->dma_opaque);
379 return s->rregs[saddr];
382 static void esp_mem_writeb(void *opaque, target_phys_addr_t addr, uint32_t val)
384 ESPState *s = opaque;
387 saddr = (addr & ESP_MAXREG) >> 2;
388 DPRINTF("write reg[%d]: 0x%2.2x -> 0x%2.2x\n", saddr, s->wregs[saddr], val);
392 s->rregs[4] &= ~STAT_TC;
397 s->cmdbuf[s->cmdlen++] = val & 0xff;
398 } else if ((s->rregs[4] & 6) == 0) {
402 fprintf(stderr, "esp: PIO data write not implemented\n");
405 s->ti_buf[s->ti_wptr++] = val & 0xff;
409 s->rregs[saddr] = val;
413 /* Reload DMA counter. */
414 s->rregs[0] = s->wregs[0];
415 s->rregs[1] = s->wregs[1];
421 DPRINTF("NOP (%2.2x)\n", val);
424 DPRINTF("Flush FIFO (%2.2x)\n", val);
426 s->rregs[5] = INTR_FC;
430 DPRINTF("Chip reset (%2.2x)\n", val);
434 DPRINTF("Bus reset (%2.2x)\n", val);
435 s->rregs[5] = INTR_RST;
436 if (!(s->wregs[8] & 0x40)) {
437 espdma_raise_irq(s->dma_opaque);
444 DPRINTF("Initiator Command Complete Sequence (%2.2x)\n", val);
448 DPRINTF("Message Accepted (%2.2x)\n", val);
450 s->rregs[5] = INTR_DC;
454 DPRINTF("Set ATN (%2.2x)\n", val);
457 DPRINTF("Set ATN (%2.2x)\n", val);
461 DPRINTF("Set ATN & stop (%2.2x)\n", val);
465 DPRINTF("Unhandled ESP command (%2.2x)\n", val);
472 s->rregs[saddr] = val;
477 s->rregs[saddr] = val & 0x15;
480 s->rregs[saddr] = val;
485 s->wregs[saddr] = val;
488 static CPUReadMemoryFunc *esp_mem_read[3] = {
494 static CPUWriteMemoryFunc *esp_mem_write[3] = {
500 static void esp_save(QEMUFile *f, void *opaque)
502 ESPState *s = opaque;
504 qemu_put_buffer(f, s->rregs, ESP_MAXREG);
505 qemu_put_buffer(f, s->wregs, ESP_MAXREG);
506 qemu_put_be32s(f, &s->ti_size);
507 qemu_put_be32s(f, &s->ti_rptr);
508 qemu_put_be32s(f, &s->ti_wptr);
509 qemu_put_buffer(f, s->ti_buf, TI_BUFSZ);
510 qemu_put_be32s(f, &s->sense);
511 qemu_put_be32s(f, &s->dma);
512 qemu_put_buffer(f, s->cmdbuf, TI_BUFSZ);
513 qemu_put_be32s(f, &s->cmdlen);
514 qemu_put_be32s(f, &s->do_cmd);
515 qemu_put_be32s(f, &s->dma_left);
516 // There should be no transfers in progress, so dma_counter is not saved
519 static int esp_load(QEMUFile *f, void *opaque, int version_id)
521 ESPState *s = opaque;
524 return -EINVAL; // Cannot emulate 2
526 qemu_get_buffer(f, s->rregs, ESP_MAXREG);
527 qemu_get_buffer(f, s->wregs, ESP_MAXREG);
528 qemu_get_be32s(f, &s->ti_size);
529 qemu_get_be32s(f, &s->ti_rptr);
530 qemu_get_be32s(f, &s->ti_wptr);
531 qemu_get_buffer(f, s->ti_buf, TI_BUFSZ);
532 qemu_get_be32s(f, &s->sense);
533 qemu_get_be32s(f, &s->dma);
534 qemu_get_buffer(f, s->cmdbuf, TI_BUFSZ);
535 qemu_get_be32s(f, &s->cmdlen);
536 qemu_get_be32s(f, &s->do_cmd);
537 qemu_get_be32s(f, &s->dma_left);
542 void esp_scsi_attach(void *opaque, BlockDriverState *bd, int id)
544 ESPState *s = (ESPState *)opaque;
547 for (id = 0; id < ESP_MAX_DEVS; id++) {
548 if (s->scsi_dev[id] == NULL)
552 if (id >= ESP_MAX_DEVS) {
553 DPRINTF("Bad Device ID %d\n", id);
556 if (s->scsi_dev[id]) {
557 DPRINTF("Destroying device %d\n", id);
558 scsi_disk_destroy(s->scsi_dev[id]);
560 DPRINTF("Attaching block device %d\n", id);
561 /* Command queueing is not implemented. */
562 s->scsi_dev[id] = scsi_disk_init(bd, 0, esp_command_complete, s);
565 void *esp_init(BlockDriverState **bd, target_phys_addr_t espaddr,
571 s = qemu_mallocz(sizeof(ESPState));
576 s->dma_opaque = dma_opaque;
578 esp_io_memory = cpu_register_io_memory(0, esp_mem_read, esp_mem_write, s);
579 cpu_register_physical_memory(espaddr, ESP_MAXREG*4, esp_io_memory);
583 register_savevm("esp", espaddr, 3, esp_save, esp_load, s);
584 qemu_register_reset(esp_reset, s);
projects / qemu / blob