2 * QEMU ESP/NCR53C9x emulation
4 * Copyright (c) 2005-2006 Fabrice Bellard
6 * Permission is hereby granted, free of charge, to any person obtaining a copy
7 * of this software and associated documentation files (the "Software"), to deal
8 * in the Software without restriction, including without limitation the rights
9 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
10 * copies of the Software, and to permit persons to whom the Software is
11 * furnished to do so, subject to the following conditions:
13 * The above copyright notice and this permission notice shall be included in
14 * all copies or substantial portions of the Software.
16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
19 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
21 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
30 * On Sparc32, this is the ESP (NCR53C90) part of chip STP2000 (Master I/O), also
31 * produced as NCR89C100. See
32 * http://www.ibiblio.org/pub/historic-linux/early-ports/Sparc/NCR/NCR89C100.txt
34 * http://www.ibiblio.org/pub/historic-linux/early-ports/Sparc/NCR/NCR53C9X.txt
38 #define DPRINTF(fmt, args...) \
39 do { printf("ESP: " fmt , ##args); } while (0)
41 #define DPRINTF(fmt, args...)
46 #define ESP_SIZE (ESP_REGS * 4)
48 /* The HBA is ID 7, so for simplicitly limit to 7 devices. */
49 #define ESP_MAX_DEVS 7
51 typedef struct ESPState ESPState;
55 BlockDriverState **bd;
56 uint8_t rregs[ESP_REGS];
57 uint8_t wregs[ESP_REGS];
59 uint32_t ti_rptr, ti_wptr;
60 uint8_t ti_buf[TI_BUFSZ];
63 SCSIDevice *scsi_dev[MAX_DISKS];
64 SCSIDevice *current_dev;
65 uint8_t cmdbuf[TI_BUFSZ];
69 /* The amount of data left in the current DMA transfer. */
71 /* The size of the current DMA transfer. Zero if no transfer is in
99 static int get_cmd(ESPState *s, uint8_t *buf)
104 dmalen = s->rregs[0] | (s->rregs[1] << 8);
105 target = s->wregs[4] & 7;
106 DPRINTF("get_cmd: len %d target %d\n", dmalen, target);
108 espdma_memory_read(s->dma_opaque, buf, dmalen);
111 memcpy(&buf[1], s->ti_buf, dmalen);
119 if (s->current_dev) {
120 /* Started a new command before the old one finished. Cancel it. */
121 scsi_cancel_io(s->current_dev, 0);
125 if (target >= MAX_DISKS || !s->scsi_dev[target]) {
127 s->rregs[4] = STAT_IN;
128 s->rregs[5] = INTR_DC;
130 qemu_irq_raise(s->irq);
133 s->current_dev = s->scsi_dev[target];
137 static void do_cmd(ESPState *s, uint8_t *buf)
142 DPRINTF("do_cmd: busid 0x%x\n", buf[0]);
144 datalen = scsi_send_command(s->current_dev, 0, &buf[1], lun);
145 s->ti_size = datalen;
147 s->rregs[4] = STAT_IN | STAT_TC;
151 s->rregs[4] |= STAT_DI;
152 scsi_read_data(s->current_dev, 0);
154 s->rregs[4] |= STAT_DO;
155 scsi_write_data(s->current_dev, 0);
158 s->rregs[5] = INTR_BS | INTR_FC;
159 s->rregs[6] = SEQ_CD;
160 qemu_irq_raise(s->irq);
163 static void handle_satn(ESPState *s)
168 len = get_cmd(s, buf);
173 static void handle_satn_stop(ESPState *s)
175 s->cmdlen = get_cmd(s, s->cmdbuf);
177 DPRINTF("Set ATN & Stop: cmdlen %d\n", s->cmdlen);
179 s->rregs[4] = STAT_IN | STAT_TC | STAT_CD;
180 s->rregs[5] = INTR_BS | INTR_FC;
181 s->rregs[6] = SEQ_CD;
182 qemu_irq_raise(s->irq);
186 static void write_response(ESPState *s)
188 DPRINTF("Transfer status (sense=%d)\n", s->sense);
189 s->ti_buf[0] = s->sense;
192 espdma_memory_write(s->dma_opaque, s->ti_buf, 2);
193 s->rregs[4] = STAT_IN | STAT_TC | STAT_ST;
194 s->rregs[5] = INTR_BS | INTR_FC;
195 s->rregs[6] = SEQ_CD;
202 qemu_irq_raise(s->irq);
205 static void esp_dma_done(ESPState *s)
207 s->rregs[4] |= STAT_IN | STAT_TC;
208 s->rregs[5] = INTR_BS;
213 qemu_irq_raise(s->irq);
216 static void esp_do_dma(ESPState *s)
221 to_device = (s->ti_size < 0);
224 DPRINTF("command len %d + %d\n", s->cmdlen, len);
225 espdma_memory_read(s->dma_opaque, &s->cmdbuf[s->cmdlen], len);
229 do_cmd(s, s->cmdbuf);
232 if (s->async_len == 0) {
233 /* Defer until data is available. */
236 if (len > s->async_len) {
240 espdma_memory_read(s->dma_opaque, s->async_buf, len);
242 espdma_memory_write(s->dma_opaque, s->async_buf, len);
251 if (s->async_len == 0) {
253 // ti_size is negative
254 scsi_write_data(s->current_dev, 0);
256 scsi_read_data(s->current_dev, 0);
257 /* If there is still data to be read from the device then
258 complete the DMA operation immeriately. Otherwise defer
259 until the scsi layer has completed. */
260 if (s->dma_left == 0 && s->ti_size > 0) {
265 /* Partially filled a scsi buffer. Complete immediately. */
270 static void esp_command_complete(void *opaque, int reason, uint32_t tag,
273 ESPState *s = (ESPState *)opaque;
275 if (reason == SCSI_REASON_DONE) {
276 DPRINTF("SCSI Command complete\n");
278 DPRINTF("SCSI command completed unexpectedly\n");
283 DPRINTF("Command failed\n");
285 s->rregs[4] = STAT_ST;
287 s->current_dev = NULL;
289 DPRINTF("transfer %d/%d\n", s->dma_left, s->ti_size);
291 s->async_buf = scsi_get_buf(s->current_dev, 0);
294 } else if (s->dma_counter != 0 && s->ti_size <= 0) {
295 /* If this was the last part of a DMA transfer then the
296 completion interrupt is deferred to here. */
302 static void handle_ti(ESPState *s)
304 uint32_t dmalen, minlen;
306 dmalen = s->rregs[0] | (s->rregs[1] << 8);
310 s->dma_counter = dmalen;
313 minlen = (dmalen < 32) ? dmalen : 32;
314 else if (s->ti_size < 0)
315 minlen = (dmalen < -s->ti_size) ? dmalen : -s->ti_size;
317 minlen = (dmalen < s->ti_size) ? dmalen : s->ti_size;
318 DPRINTF("Transfer Information len %d\n", minlen);
320 s->dma_left = minlen;
321 s->rregs[4] &= ~STAT_TC;
323 } else if (s->do_cmd) {
324 DPRINTF("command len %d\n", s->cmdlen);
328 do_cmd(s, s->cmdbuf);
333 static void esp_reset(void *opaque)
335 ESPState *s = opaque;
337 memset(s->rregs, 0, ESP_REGS);
338 memset(s->wregs, 0, ESP_REGS);
339 s->rregs[0x0e] = 0x4; // Indicate fas100a
347 static void parent_esp_reset(void *opaque, int irq, int level)
353 static uint32_t esp_mem_readb(void *opaque, target_phys_addr_t addr)
355 ESPState *s = opaque;
358 saddr = (addr & ESP_MASK) >> 2;
359 DPRINTF("read reg[%d]: 0x%2.2x\n", saddr, s->rregs[saddr]);
363 if (s->ti_size > 0) {
365 if ((s->rregs[4] & 6) == 0) {
367 fprintf(stderr, "esp: PIO data read not implemented\n");
370 s->rregs[2] = s->ti_buf[s->ti_rptr++];
372 qemu_irq_raise(s->irq);
374 if (s->ti_size == 0) {
381 // Clear interrupt/error status bits
382 s->rregs[4] &= ~(STAT_IN | STAT_GE | STAT_PE);
383 qemu_irq_lower(s->irq);
388 return s->rregs[saddr];
391 static void esp_mem_writeb(void *opaque, target_phys_addr_t addr, uint32_t val)
393 ESPState *s = opaque;
396 saddr = (addr & ESP_MASK) >> 2;
397 DPRINTF("write reg[%d]: 0x%2.2x -> 0x%2.2x\n", saddr, s->wregs[saddr], val);
401 s->rregs[4] &= ~STAT_TC;
406 s->cmdbuf[s->cmdlen++] = val & 0xff;
407 } else if ((s->rregs[4] & 6) == 0) {
411 fprintf(stderr, "esp: PIO data write not implemented\n");
414 s->ti_buf[s->ti_wptr++] = val & 0xff;
418 s->rregs[saddr] = val;
422 /* Reload DMA counter. */
423 s->rregs[0] = s->wregs[0];
424 s->rregs[1] = s->wregs[1];
430 DPRINTF("NOP (%2.2x)\n", val);
433 DPRINTF("Flush FIFO (%2.2x)\n", val);
435 s->rregs[5] = INTR_FC;
439 DPRINTF("Chip reset (%2.2x)\n", val);
443 DPRINTF("Bus reset (%2.2x)\n", val);
444 s->rregs[5] = INTR_RST;
445 if (!(s->wregs[8] & 0x40)) {
446 qemu_irq_raise(s->irq);
453 DPRINTF("Initiator Command Complete Sequence (%2.2x)\n", val);
457 DPRINTF("Message Accepted (%2.2x)\n", val);
459 s->rregs[5] = INTR_DC;
463 DPRINTF("Set ATN (%2.2x)\n", val);
466 DPRINTF("Set ATN (%2.2x)\n", val);
470 DPRINTF("Set ATN & stop (%2.2x)\n", val);
474 DPRINTF("Enable selection (%2.2x)\n", val);
477 DPRINTF("Unhandled ESP command (%2.2x)\n", val);
484 s->rregs[saddr] = val;
489 s->rregs[saddr] = val & 0x15;
492 s->rregs[saddr] = val;
497 s->wregs[saddr] = val;
500 static CPUReadMemoryFunc *esp_mem_read[3] = {
506 static CPUWriteMemoryFunc *esp_mem_write[3] = {
512 static void esp_save(QEMUFile *f, void *opaque)
514 ESPState *s = opaque;
516 qemu_put_buffer(f, s->rregs, ESP_REGS);
517 qemu_put_buffer(f, s->wregs, ESP_REGS);
518 qemu_put_be32s(f, &s->ti_size);
519 qemu_put_be32s(f, &s->ti_rptr);
520 qemu_put_be32s(f, &s->ti_wptr);
521 qemu_put_buffer(f, s->ti_buf, TI_BUFSZ);
522 qemu_put_be32s(f, &s->sense);
523 qemu_put_be32s(f, &s->dma);
524 qemu_put_buffer(f, s->cmdbuf, TI_BUFSZ);
525 qemu_put_be32s(f, &s->cmdlen);
526 qemu_put_be32s(f, &s->do_cmd);
527 qemu_put_be32s(f, &s->dma_left);
528 // There should be no transfers in progress, so dma_counter is not saved
531 static int esp_load(QEMUFile *f, void *opaque, int version_id)
533 ESPState *s = opaque;
536 return -EINVAL; // Cannot emulate 2
538 qemu_get_buffer(f, s->rregs, ESP_REGS);
539 qemu_get_buffer(f, s->wregs, ESP_REGS);
540 qemu_get_be32s(f, &s->ti_size);
541 qemu_get_be32s(f, &s->ti_rptr);
542 qemu_get_be32s(f, &s->ti_wptr);
543 qemu_get_buffer(f, s->ti_buf, TI_BUFSZ);
544 qemu_get_be32s(f, &s->sense);
545 qemu_get_be32s(f, &s->dma);
546 qemu_get_buffer(f, s->cmdbuf, TI_BUFSZ);
547 qemu_get_be32s(f, &s->cmdlen);
548 qemu_get_be32s(f, &s->do_cmd);
549 qemu_get_be32s(f, &s->dma_left);
554 void esp_scsi_attach(void *opaque, BlockDriverState *bd, int id)
556 ESPState *s = (ESPState *)opaque;
559 for (id = 0; id < ESP_MAX_DEVS; id++) {
560 if (s->scsi_dev[id] == NULL)
564 if (id >= ESP_MAX_DEVS) {
565 DPRINTF("Bad Device ID %d\n", id);
568 if (s->scsi_dev[id]) {
569 DPRINTF("Destroying device %d\n", id);
570 scsi_disk_destroy(s->scsi_dev[id]);
572 DPRINTF("Attaching block device %d\n", id);
573 /* Command queueing is not implemented. */
574 s->scsi_dev[id] = scsi_disk_init(bd, 0, esp_command_complete, s);
577 void *esp_init(BlockDriverState **bd, target_phys_addr_t espaddr,
578 void *dma_opaque, qemu_irq irq, qemu_irq *reset)
583 s = qemu_mallocz(sizeof(ESPState));
589 s->dma_opaque = dma_opaque;
591 esp_io_memory = cpu_register_io_memory(0, esp_mem_read, esp_mem_write, s);
592 cpu_register_physical_memory(espaddr, ESP_SIZE, esp_io_memory);
596 register_savevm("esp", espaddr, 3, esp_save, esp_load, s);
597 qemu_register_reset(esp_reset, s);
599 *reset = *qemu_allocate_irqs(parent_esp_reset, s, 1);
projects / qemu / blob