2 * QEMU ESP/NCR53C9x emulation
4 * Copyright (c) 2005-2006 Fabrice Bellard
6 * Permission is hereby granted, free of charge, to any person obtaining a copy
7 * of this software and associated documentation files (the "Software"), to deal
8 * in the Software without restriction, including without limitation the rights
9 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
10 * copies of the Software, and to permit persons to whom the Software is
11 * furnished to do so, subject to the following conditions:
13 * The above copyright notice and this permission notice shall be included in
14 * all copies or substantial portions of the Software.
16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
19 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
21 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
26 #include "scsi-disk.h"
33 * On Sparc32, this is the ESP (NCR53C90) part of chip STP2000 (Master I/O),
34 * also produced as NCR89C100. See
35 * http://www.ibiblio.org/pub/historic-linux/early-ports/Sparc/NCR/NCR89C100.txt
37 * http://www.ibiblio.org/pub/historic-linux/early-ports/Sparc/NCR/NCR53C9X.txt
41 #define DPRINTF(fmt, args...) \
42 do { printf("ESP: " fmt , ##args); } while (0)
44 #define DPRINTF(fmt, args...)
49 #define ESP_SIZE (ESP_REGS * 4)
52 typedef struct ESPState ESPState;
56 uint8_t rregs[ESP_REGS];
57 uint8_t wregs[ESP_REGS];
59 uint32_t ti_rptr, ti_wptr;
60 uint8_t ti_buf[TI_BUFSZ];
63 SCSIDevice *scsi_dev[ESP_MAX_DEVS];
64 SCSIDevice *current_dev;
65 uint8_t cmdbuf[TI_BUFSZ];
69 /* The amount of data left in the current DMA transfer. */
71 /* The size of the current DMA transfer. Zero if no transfer is in
77 espdma_memory_read_write dma_memory_read;
78 espdma_memory_read_write dma_memory_write;
87 #define ESP_WBUSID 0x4
91 #define ESP_WSYNTP 0x6
92 #define ESP_RFLAGS 0x7
109 #define CMD_FLUSH 0x01
110 #define CMD_RESET 0x02
111 #define CMD_BUSRESET 0x03
113 #define CMD_ICCS 0x11
114 #define CMD_MSGACC 0x12
115 #define CMD_SATN 0x1a
116 #define CMD_SELATN 0x42
117 #define CMD_SELATNS 0x43
118 #define CMD_ENSEL 0x44
126 #define STAT_PIO_MASK 0x06
136 #define INTR_RST 0x80
141 #define CFG1_RESREPT 0x40
143 #define CFG2_MASK 0x15
145 #define TCHI_FAS100A 0x4
147 static int get_cmd(ESPState *s, uint8_t *buf)
152 dmalen = s->rregs[ESP_TCLO] | (s->rregs[ESP_TCMID] << 8);
153 target = s->wregs[ESP_WBUSID] & 7;
154 DPRINTF("get_cmd: len %d target %d\n", dmalen, target);
156 s->dma_memory_read(s->dma_opaque, buf, dmalen);
159 memcpy(&buf[1], s->ti_buf, dmalen);
167 if (s->current_dev) {
168 /* Started a new command before the old one finished. Cancel it. */
169 s->current_dev->cancel_io(s->current_dev, 0);
173 if (target >= ESP_MAX_DEVS || !s->scsi_dev[target]) {
175 s->rregs[ESP_RSTAT] = STAT_IN;
176 s->rregs[ESP_RINTR] = INTR_DC;
177 s->rregs[ESP_RSEQ] = SEQ_0;
178 qemu_irq_raise(s->irq);
181 s->current_dev = s->scsi_dev[target];
185 static void do_cmd(ESPState *s, uint8_t *buf)
190 DPRINTF("do_cmd: busid 0x%x\n", buf[0]);
192 datalen = s->current_dev->send_command(s->current_dev, 0, &buf[1], lun);
193 s->ti_size = datalen;
195 s->rregs[ESP_RSTAT] = STAT_IN | STAT_TC;
199 s->rregs[ESP_RSTAT] |= STAT_DI;
200 s->current_dev->read_data(s->current_dev, 0);
202 s->rregs[ESP_RSTAT] |= STAT_DO;
203 s->current_dev->write_data(s->current_dev, 0);
206 s->rregs[ESP_RINTR] = INTR_BS | INTR_FC;
207 s->rregs[ESP_RSEQ] = SEQ_CD;
208 qemu_irq_raise(s->irq);
211 static void handle_satn(ESPState *s)
216 len = get_cmd(s, buf);
221 static void handle_satn_stop(ESPState *s)
223 s->cmdlen = get_cmd(s, s->cmdbuf);
225 DPRINTF("Set ATN & Stop: cmdlen %d\n", s->cmdlen);
227 s->rregs[ESP_RSTAT] = STAT_IN | STAT_TC | STAT_CD;
228 s->rregs[ESP_RINTR] = INTR_BS | INTR_FC;
229 s->rregs[ESP_RSEQ] = SEQ_CD;
230 qemu_irq_raise(s->irq);
234 static void write_response(ESPState *s)
236 DPRINTF("Transfer status (sense=%d)\n", s->sense);
237 s->ti_buf[0] = s->sense;
240 s->dma_memory_write(s->dma_opaque, s->ti_buf, 2);
241 s->rregs[ESP_RSTAT] = STAT_IN | STAT_TC | STAT_ST;
242 s->rregs[ESP_RINTR] = INTR_BS | INTR_FC;
243 s->rregs[ESP_RSEQ] = SEQ_CD;
248 s->rregs[ESP_RFLAGS] = 2;
250 qemu_irq_raise(s->irq);
253 static void esp_dma_done(ESPState *s)
255 s->rregs[ESP_RSTAT] |= STAT_IN | STAT_TC;
256 s->rregs[ESP_RINTR] = INTR_BS;
257 s->rregs[ESP_RSEQ] = 0;
258 s->rregs[ESP_RFLAGS] = 0;
259 s->rregs[ESP_TCLO] = 0;
260 s->rregs[ESP_TCMID] = 0;
261 qemu_irq_raise(s->irq);
264 static void esp_do_dma(ESPState *s)
269 to_device = (s->ti_size < 0);
272 DPRINTF("command len %d + %d\n", s->cmdlen, len);
273 s->dma_memory_read(s->dma_opaque, &s->cmdbuf[s->cmdlen], len);
277 do_cmd(s, s->cmdbuf);
280 if (s->async_len == 0) {
281 /* Defer until data is available. */
284 if (len > s->async_len) {
288 s->dma_memory_read(s->dma_opaque, s->async_buf, len);
290 s->dma_memory_write(s->dma_opaque, s->async_buf, len);
299 if (s->async_len == 0) {
301 // ti_size is negative
302 s->current_dev->write_data(s->current_dev, 0);
304 s->current_dev->read_data(s->current_dev, 0);
305 /* If there is still data to be read from the device then
306 complete the DMA operation immeriately. Otherwise defer
307 until the scsi layer has completed. */
308 if (s->dma_left == 0 && s->ti_size > 0) {
313 /* Partially filled a scsi buffer. Complete immediately. */
318 static void esp_command_complete(void *opaque, int reason, uint32_t tag,
321 ESPState *s = (ESPState *)opaque;
323 if (reason == SCSI_REASON_DONE) {
324 DPRINTF("SCSI Command complete\n");
326 DPRINTF("SCSI command completed unexpectedly\n");
331 DPRINTF("Command failed\n");
333 s->rregs[ESP_RSTAT] = STAT_ST;
335 s->current_dev = NULL;
337 DPRINTF("transfer %d/%d\n", s->dma_left, s->ti_size);
339 s->async_buf = s->current_dev->get_buf(s->current_dev, 0);
342 } else if (s->dma_counter != 0 && s->ti_size <= 0) {
343 /* If this was the last part of a DMA transfer then the
344 completion interrupt is deferred to here. */
350 static void handle_ti(ESPState *s)
352 uint32_t dmalen, minlen;
354 dmalen = s->rregs[ESP_TCLO] | (s->rregs[ESP_TCMID] << 8);
358 s->dma_counter = dmalen;
361 minlen = (dmalen < 32) ? dmalen : 32;
362 else if (s->ti_size < 0)
363 minlen = (dmalen < -s->ti_size) ? dmalen : -s->ti_size;
365 minlen = (dmalen < s->ti_size) ? dmalen : s->ti_size;
366 DPRINTF("Transfer Information len %d\n", minlen);
368 s->dma_left = minlen;
369 s->rregs[ESP_RSTAT] &= ~STAT_TC;
371 } else if (s->do_cmd) {
372 DPRINTF("command len %d\n", s->cmdlen);
376 do_cmd(s, s->cmdbuf);
381 static void esp_reset(void *opaque)
383 ESPState *s = opaque;
385 memset(s->rregs, 0, ESP_REGS);
386 memset(s->wregs, 0, ESP_REGS);
387 s->rregs[ESP_TCHI] = TCHI_FAS100A; // Indicate fas100a
395 static void parent_esp_reset(void *opaque, int irq, int level)
401 static uint32_t esp_mem_readb(void *opaque, target_phys_addr_t addr)
403 ESPState *s = opaque;
406 saddr = (addr & ESP_MASK) >> 2;
407 DPRINTF("read reg[%d]: 0x%2.2x\n", saddr, s->rregs[saddr]);
410 if (s->ti_size > 0) {
412 if ((s->rregs[ESP_RSTAT] & STAT_PIO_MASK) == 0) {
414 fprintf(stderr, "esp: PIO data read not implemented\n");
415 s->rregs[ESP_FIFO] = 0;
417 s->rregs[ESP_FIFO] = s->ti_buf[s->ti_rptr++];
419 qemu_irq_raise(s->irq);
421 if (s->ti_size == 0) {
427 // Clear interrupt/error status bits
428 s->rregs[ESP_RSTAT] &= ~(STAT_IN | STAT_GE | STAT_PE);
429 qemu_irq_lower(s->irq);
434 return s->rregs[saddr];
437 static void esp_mem_writeb(void *opaque, target_phys_addr_t addr, uint32_t val)
439 ESPState *s = opaque;
442 saddr = (addr & ESP_MASK) >> 2;
443 DPRINTF("write reg[%d]: 0x%2.2x -> 0x%2.2x\n", saddr, s->wregs[saddr],
448 s->rregs[ESP_RSTAT] &= ~STAT_TC;
452 s->cmdbuf[s->cmdlen++] = val & 0xff;
453 } else if ((s->rregs[ESP_RSTAT] & STAT_PIO_MASK) == 0) {
457 fprintf(stderr, "esp: PIO data write not implemented\n");
460 s->ti_buf[s->ti_wptr++] = val & 0xff;
464 s->rregs[saddr] = val;
467 /* Reload DMA counter. */
468 s->rregs[ESP_TCLO] = s->wregs[ESP_TCLO];
469 s->rregs[ESP_TCMID] = s->wregs[ESP_TCMID];
473 switch(val & CMD_CMD) {
475 DPRINTF("NOP (%2.2x)\n", val);
478 DPRINTF("Flush FIFO (%2.2x)\n", val);
480 s->rregs[ESP_RINTR] = INTR_FC;
481 s->rregs[ESP_RSEQ] = 0;
484 DPRINTF("Chip reset (%2.2x)\n", val);
488 DPRINTF("Bus reset (%2.2x)\n", val);
489 s->rregs[ESP_RINTR] = INTR_RST;
490 if (!(s->wregs[ESP_CFG1] & CFG1_RESREPT)) {
491 qemu_irq_raise(s->irq);
498 DPRINTF("Initiator Command Complete Sequence (%2.2x)\n", val);
502 DPRINTF("Message Accepted (%2.2x)\n", val);
504 s->rregs[ESP_RINTR] = INTR_DC;
505 s->rregs[ESP_RSEQ] = 0;
508 DPRINTF("Set ATN (%2.2x)\n", val);
511 DPRINTF("Set ATN (%2.2x)\n", val);
515 DPRINTF("Set ATN & stop (%2.2x)\n", val);
519 DPRINTF("Enable selection (%2.2x)\n", val);
522 DPRINTF("Unhandled ESP command (%2.2x)\n", val);
526 case ESP_WBUSID ... ESP_WSYNO:
529 s->rregs[saddr] = val;
531 case ESP_WCCF ... ESP_WTEST:
534 s->rregs[saddr] = val & CFG2_MASK;
536 case ESP_CFG3 ... ESP_RES4:
537 s->rregs[saddr] = val;
542 s->wregs[saddr] = val;
545 static CPUReadMemoryFunc *esp_mem_read[3] = {
551 static CPUWriteMemoryFunc *esp_mem_write[3] = {
557 static void esp_save(QEMUFile *f, void *opaque)
559 ESPState *s = opaque;
561 qemu_put_buffer(f, s->rregs, ESP_REGS);
562 qemu_put_buffer(f, s->wregs, ESP_REGS);
563 qemu_put_be32s(f, &s->ti_size);
564 qemu_put_be32s(f, &s->ti_rptr);
565 qemu_put_be32s(f, &s->ti_wptr);
566 qemu_put_buffer(f, s->ti_buf, TI_BUFSZ);
567 qemu_put_be32s(f, &s->sense);
568 qemu_put_be32s(f, &s->dma);
569 qemu_put_buffer(f, s->cmdbuf, TI_BUFSZ);
570 qemu_put_be32s(f, &s->cmdlen);
571 qemu_put_be32s(f, &s->do_cmd);
572 qemu_put_be32s(f, &s->dma_left);
573 // There should be no transfers in progress, so dma_counter is not saved
576 static int esp_load(QEMUFile *f, void *opaque, int version_id)
578 ESPState *s = opaque;
581 return -EINVAL; // Cannot emulate 2
583 qemu_get_buffer(f, s->rregs, ESP_REGS);
584 qemu_get_buffer(f, s->wregs, ESP_REGS);
585 qemu_get_be32s(f, &s->ti_size);
586 qemu_get_be32s(f, &s->ti_rptr);
587 qemu_get_be32s(f, &s->ti_wptr);
588 qemu_get_buffer(f, s->ti_buf, TI_BUFSZ);
589 qemu_get_be32s(f, &s->sense);
590 qemu_get_be32s(f, &s->dma);
591 qemu_get_buffer(f, s->cmdbuf, TI_BUFSZ);
592 qemu_get_be32s(f, &s->cmdlen);
593 qemu_get_be32s(f, &s->do_cmd);
594 qemu_get_be32s(f, &s->dma_left);
599 void esp_scsi_attach(void *opaque, BlockDriverState *bd, int id)
601 ESPState *s = (ESPState *)opaque;
604 for (id = 0; id < ESP_MAX_DEVS; id++) {
605 if (s->scsi_dev[id] == NULL)
609 if (id >= ESP_MAX_DEVS) {
610 DPRINTF("Bad Device ID %d\n", id);
613 if (s->scsi_dev[id]) {
614 DPRINTF("Destroying device %d\n", id);
615 s->scsi_dev[id]->destroy(s->scsi_dev[id]);
617 DPRINTF("Attaching block device %d\n", id);
618 /* Command queueing is not implemented. */
619 s->scsi_dev[id] = scsi_generic_init(bd, 0, esp_command_complete, s);
620 if (s->scsi_dev[id] == NULL)
621 s->scsi_dev[id] = scsi_disk_init(bd, 0, esp_command_complete, s);
624 void *esp_init(target_phys_addr_t espaddr,
625 espdma_memory_read_write dma_memory_read,
626 espdma_memory_read_write dma_memory_write,
627 void *dma_opaque, qemu_irq irq, qemu_irq *reset)
632 s = qemu_mallocz(sizeof(ESPState));
637 s->dma_memory_read = dma_memory_read;
638 s->dma_memory_write = dma_memory_write;
639 s->dma_opaque = dma_opaque;
641 esp_io_memory = cpu_register_io_memory(0, esp_mem_read, esp_mem_write, s);
642 cpu_register_physical_memory(espaddr, ESP_SIZE, esp_io_memory);
646 register_savevm("esp", espaddr, 3, esp_save, esp_load, s);
647 qemu_register_reset(esp_reset, s);
649 *reset = *qemu_allocate_irqs(parent_esp_reset, s, 1);
projects / qemu / blob