2 * QEMU LSI53C895A SCSI Host Bus Adapter emulation
4 * Copyright (c) 2006 CodeSourcery.
5 * Written by Paul Brook
7 * This code is licenced under the LGPL.
10 /* ??? Need to check if the {read,write}[wl] routines work properly on
11 big-endian targets. */
16 //#define DEBUG_LSI_REG
19 #define DPRINTF(fmt, args...) \
20 do { printf("lsi_scsi: " fmt , ##args); } while (0)
21 #define BADF(fmt, args...) \
22 do { fprintf(stderr, "lsi_scsi: " fmt , ##args); exit(1);} while (0)
24 #define DPRINTF(fmt, args...) do {} while(0)
25 #define BADF(fmt, args...) \
26 do { fprintf(stderr, "lsi_scsi: " fmt , ##args); } while (0)
29 #define LSI_SCNTL0_TRG 0x01
30 #define LSI_SCNTL0_AAP 0x02
31 #define LSI_SCNTL0_EPC 0x08
32 #define LSI_SCNTL0_WATN 0x10
33 #define LSI_SCNTL0_START 0x20
35 #define LSI_SCNTL1_SST 0x01
36 #define LSI_SCNTL1_IARB 0x02
37 #define LSI_SCNTL1_AESP 0x04
38 #define LSI_SCNTL1_RST 0x08
39 #define LSI_SCNTL1_CON 0x10
40 #define LSI_SCNTL1_DHP 0x20
41 #define LSI_SCNTL1_ADB 0x40
42 #define LSI_SCNTL1_EXC 0x80
44 #define LSI_SCNTL2_WSR 0x01
45 #define LSI_SCNTL2_VUE0 0x02
46 #define LSI_SCNTL2_VUE1 0x04
47 #define LSI_SCNTL2_WSS 0x08
48 #define LSI_SCNTL2_SLPHBEN 0x10
49 #define LSI_SCNTL2_SLPMD 0x20
50 #define LSI_SCNTL2_CHM 0x40
51 #define LSI_SCNTL2_SDU 0x80
53 #define LSI_ISTAT0_DIP 0x01
54 #define LSI_ISTAT0_SIP 0x02
55 #define LSI_ISTAT0_INTF 0x04
56 #define LSI_ISTAT0_CON 0x08
57 #define LSI_ISTAT0_SEM 0x10
58 #define LSI_ISTAT0_SIGP 0x20
59 #define LSI_ISTAT0_SRST 0x40
60 #define LSI_ISTAT0_ABRT 0x80
62 #define LSI_ISTAT1_SI 0x01
63 #define LSI_ISTAT1_SRUN 0x02
64 #define LSI_ISTAT1_FLSH 0x04
66 #define LSI_SSTAT0_SDP0 0x01
67 #define LSI_SSTAT0_RST 0x02
68 #define LSI_SSTAT0_WOA 0x04
69 #define LSI_SSTAT0_LOA 0x08
70 #define LSI_SSTAT0_AIP 0x10
71 #define LSI_SSTAT0_OLF 0x20
72 #define LSI_SSTAT0_ORF 0x40
73 #define LSI_SSTAT0_ILF 0x80
75 #define LSI_SIST0_PAR 0x01
76 #define LSI_SIST0_RST 0x02
77 #define LSI_SIST0_UDC 0x04
78 #define LSI_SIST0_SGE 0x08
79 #define LSI_SIST0_RSL 0x10
80 #define LSI_SIST0_SEL 0x20
81 #define LSI_SIST0_CMP 0x40
82 #define LSI_SIST0_MA 0x80
84 #define LSI_SIST1_HTH 0x01
85 #define LSI_SIST1_GEN 0x02
86 #define LSI_SIST1_STO 0x04
87 #define LSI_SIST1_SBMC 0x10
89 #define LSI_SOCL_IO 0x01
90 #define LSI_SOCL_CD 0x02
91 #define LSI_SOCL_MSG 0x04
92 #define LSI_SOCL_ATN 0x08
93 #define LSI_SOCL_SEL 0x10
94 #define LSI_SOCL_BSY 0x20
95 #define LSI_SOCL_ACK 0x40
96 #define LSI_SOCL_REQ 0x80
98 #define LSI_DSTAT_IID 0x01
99 #define LSI_DSTAT_SIR 0x04
100 #define LSI_DSTAT_SSI 0x08
101 #define LSI_DSTAT_ABRT 0x10
102 #define LSI_DSTAT_BF 0x20
103 #define LSI_DSTAT_MDPE 0x40
104 #define LSI_DSTAT_DFE 0x80
106 #define LSI_DCNTL_COM 0x01
107 #define LSI_DCNTL_IRQD 0x02
108 #define LSI_DCNTL_STD 0x04
109 #define LSI_DCNTL_IRQM 0x08
110 #define LSI_DCNTL_SSM 0x10
111 #define LSI_DCNTL_PFEN 0x20
112 #define LSI_DCNTL_PFF 0x40
113 #define LSI_DCNTL_CLSE 0x80
115 #define LSI_DMODE_MAN 0x01
116 #define LSI_DMODE_BOF 0x02
117 #define LSI_DMODE_ERMP 0x04
118 #define LSI_DMODE_ERL 0x08
119 #define LSI_DMODE_DIOM 0x10
120 #define LSI_DMODE_SIOM 0x20
122 #define LSI_CTEST2_DACK 0x01
123 #define LSI_CTEST2_DREQ 0x02
124 #define LSI_CTEST2_TEOP 0x04
125 #define LSI_CTEST2_PCICIE 0x08
126 #define LSI_CTEST2_CM 0x10
127 #define LSI_CTEST2_CIO 0x20
128 #define LSI_CTEST2_SIGP 0x40
129 #define LSI_CTEST2_DDIR 0x80
131 #define LSI_CTEST5_BL2 0x04
132 #define LSI_CTEST5_DDIR 0x08
133 #define LSI_CTEST5_MASR 0x10
134 #define LSI_CTEST5_DFSN 0x20
135 #define LSI_CTEST5_BBCK 0x40
136 #define LSI_CTEST5_ADCK 0x80
138 #define LSI_CCNTL0_DILS 0x01
139 #define LSI_CCNTL0_DISFC 0x10
140 #define LSI_CCNTL0_ENNDJ 0x20
141 #define LSI_CCNTL0_PMJCTL 0x40
142 #define LSI_CCNTL0_ENPMJ 0x80
152 /* The HBA is ID 7, so for simplicitly limit to 7 devices. */
153 #define LSI_MAX_DEVS 7
159 uint32_t script_ram_base;
162 int carry; /* ??? Should this be an a visible register somewhere? */
165 /* Nonzero if a Wait Reselect instruction has been issued. */
167 SCSIDevice *scsi_dev[LSI_MAX_DEVS];
168 SCSIDevice *current_dev;
227 uint32_t scratch[13]; /* SCRATCHA-SCRATCHR */
229 /* Script ram is stored as 32-bit words in host byteorder. */
230 uint32_t script_ram[2048];
233 static void lsi_soft_reset(LSIState *s)
243 memset(s->scratch, 0, sizeof(s->scratch));
296 static uint8_t lsi_reg_readb(LSIState *s, int offset);
297 static void lsi_reg_writeb(LSIState *s, int offset, uint8_t val);
299 static inline uint32_t read_dword(LSIState *s, uint32_t addr)
303 /* Optimize reading from SCRIPTS RAM. */
304 if ((addr & 0xffffe000) == s->script_ram_base) {
305 return s->script_ram[(addr & 0x1fff) >> 2];
307 cpu_physical_memory_read(addr, (uint8_t *)&buf, 4);
308 return cpu_to_le32(buf);
311 static void lsi_stop_script(LSIState *s)
313 s->istat1 &= ~LSI_ISTAT1_SRUN;
316 static void lsi_update_irq(LSIState *s)
319 static int last_level;
321 /* It's unclear whether the DIP/SIP bits should be cleared when the
322 Interrupt Status Registers are cleared or when istat0 is read.
323 We currently do the formwer, which seems to work. */
326 if (s->dstat & s->dien)
328 s->istat0 |= LSI_ISTAT0_DIP;
330 s->istat0 &= ~LSI_ISTAT0_DIP;
333 if (s->sist0 || s->sist1) {
334 if ((s->sist0 & s->sien0) || (s->sist1 & s->sien1))
336 s->istat0 |= LSI_ISTAT0_SIP;
338 s->istat0 &= ~LSI_ISTAT0_SIP;
340 if (s->istat0 & LSI_ISTAT0_INTF)
343 if (level != last_level) {
344 DPRINTF("Update IRQ level %d dstat %02x sist %02x%02x\n",
345 level, s->dstat, s->sist1, s->sist0);
348 pci_set_irq(&s->pci_dev, 0, level);
351 /* Stop SCRIPTS execution and raise a SCSI interrupt. */
352 static void lsi_script_scsi_interrupt(LSIState *s, int stat0, int stat1)
357 DPRINTF("SCSI Interrupt 0x%02x%02x prev 0x%02x%02x\n",
358 stat1, stat0, s->sist1, s->sist0);
361 /* Stop processor on fatal or unmasked interrupt. As a special hack
362 we don't stop processing when raising STO. Instead continue
363 execution and stop at the next insn that accesses the SCSI bus. */
364 mask0 = s->sien0 | ~(LSI_SIST0_CMP | LSI_SIST0_SEL | LSI_SIST0_RSL);
365 mask1 = s->sien1 | ~(LSI_SIST1_GEN | LSI_SIST1_HTH);
366 mask1 &= ~LSI_SIST1_STO;
367 if (s->sist0 & mask0 || s->sist1 & mask1) {
373 /* Stop SCRIPTS execution and raise a DMA interrupt. */
374 static void lsi_script_dma_interrupt(LSIState *s, int stat)
376 DPRINTF("DMA Interrupt 0x%x prev 0x%x\n", stat, s->dstat);
382 static inline void lsi_set_phase(LSIState *s, int phase)
384 s->sstat1 = (s->sstat1 & ~PHASE_MASK) | phase;
387 static void lsi_bad_phase(LSIState *s, int out, int new_phase)
389 /* Trigger a phase mismatch. */
390 if (s->ccntl0 & LSI_CCNTL0_ENPMJ) {
391 if ((s->ccntl0 & LSI_CCNTL0_PMJCTL) || out) {
396 DPRINTF("Data phase mismatch jump to %08x\n", s->dsp);
398 DPRINTF("Phase mismatch interrupt\n");
399 lsi_script_scsi_interrupt(s, LSI_SIST0_MA, 0);
402 lsi_set_phase(s, new_phase);
405 static void lsi_do_dma(LSIState *s, int out)
407 uint8_t buf[TARGET_PAGE_SIZE];
414 DPRINTF("DMA %s addr=0x%08x len=%d avail=%d\n", out ? "out" : "in",
415 addr, count, s->data_len);
416 /* ??? Too long transfers are truncated. Don't know if this is the
418 if (count > s->data_len) {
419 /* If the DMA length is greater then the device data length then
420 a phase mismatch will occur. */
423 lsi_bad_phase(s, out, PHASE_ST);
428 /* ??? Set SFBR to first data byte. */
430 n = (count > TARGET_PAGE_SIZE) ? TARGET_PAGE_SIZE : count;
432 cpu_physical_memory_read(addr, buf, n);
433 scsi_write_data(s->current_dev, buf, n);
435 scsi_read_data(s->current_dev, buf, n);
436 cpu_physical_memory_write(addr, buf, n);
444 static void lsi_do_command(LSIState *s)
449 DPRINTF("Send command len=%d\n", s->dbc);
452 cpu_physical_memory_read(s->dnad, buf, s->dbc);
454 n = scsi_send_command(s->current_dev, 0, buf, s->current_lun);
457 lsi_set_phase(s, PHASE_DI);
460 lsi_set_phase(s, PHASE_DO);
464 static void lsi_command_complete(void *opaque, uint32_t tag, int sense)
466 LSIState *s = (LSIState *)opaque;
468 DPRINTF("Command complete sense=%d\n", sense);
470 lsi_set_phase(s, PHASE_ST);
473 static void lsi_do_status(LSIState *s)
475 DPRINTF("Get status len=%d sense=%d\n", s->dbc, s->sense);
477 BADF("Bad Status move\n");
480 cpu_physical_memory_write(s->dnad, &s->msg, 1);
482 lsi_set_phase(s, PHASE_MI);
483 s->msg = 0; /* COMMAND COMPLETE */
486 static void lsi_disconnect(LSIState *s)
488 s->scntl1 &= ~LSI_SCNTL1_CON;
489 s->sstat1 &= ~PHASE_MASK;
492 static void lsi_do_msgin(LSIState *s)
494 DPRINTF("Message in len=%d\n", s->dbc);
497 cpu_physical_memory_write(s->dnad, &s->msg, 1);
501 /* ??? Check if ATN (not yet implemented) is asserted and maybe
502 switch to PHASE_MO. */
503 lsi_set_phase(s, PHASE_CMD);
507 static void lsi_do_msgout(LSIState *s)
511 DPRINTF("MSG out len=%d\n", s->dbc);
513 /* Multibyte messages not implemented. */
514 s->msg = 7; /* MESSAGE REJECT */
516 //lsi_bad_phase(s, 1, PHASE_MI);
517 lsi_set_phase(s, PHASE_MI);
520 cpu_physical_memory_read(s->dnad, &msg, 1);
526 DPRINTF("Got Disconnect\n");
530 DPRINTF("Got No Operation\n");
531 lsi_set_phase(s, PHASE_CMD);
534 if ((msg & 0x80) == 0) {
535 DPRINTF("Unimplemented message 0x%d\n", msg);
536 s->msg = 7; /* MESSAGE REJECT */
537 lsi_bad_phase(s, 1, PHASE_MI);
540 s->current_lun = msg & 7;
541 DPRINTF("Select LUN %d\n", s->current_lun);
542 lsi_set_phase(s, PHASE_CMD);
545 /* Sign extend a 24-bit value. */
546 static inline int32_t sxt24(int32_t n)
548 return (n << 8) >> 8;
551 static void lsi_memcpy(LSIState *s, uint32_t dest, uint32_t src, int count)
554 uint8_t buf[TARGET_PAGE_SIZE];
556 DPRINTF("memcpy dest 0x%08x src 0x%08x count %d\n", dest, src, count);
558 n = (count > TARGET_PAGE_SIZE) ? TARGET_PAGE_SIZE : count;
559 cpu_physical_memory_read(src, buf, n);
560 cpu_physical_memory_write(dest, buf, n);
567 static void lsi_execute_script(LSIState *s)
573 s->istat1 |= LSI_ISTAT1_SRUN;
575 insn = read_dword(s, s->dsp);
576 addr = read_dword(s, s->dsp + 4);
577 DPRINTF("SCRIPTS dsp=%08x opcode %08x arg %08x\n", s->dsp, insn, addr);
579 s->dcmd = insn >> 24;
581 switch (insn >> 30) {
582 case 0: /* Block move. */
583 if (s->sist1 & LSI_SIST1_STO) {
584 DPRINTF("Delayed select timeout\n");
588 s->dbc = insn & 0xffffff;
590 if (insn & (1 << 29)) {
591 /* Indirect addressing. */
592 addr = read_dword(s, addr);
593 } else if (insn & (1 << 28)) {
596 /* Table indirect addressing. */
597 offset = sxt24(addr);
598 cpu_physical_memory_read(s->dsa + offset, (uint8_t *)buf, 8);
599 s->dbc = cpu_to_le32(buf[0]);
600 addr = cpu_to_le32(buf[1]);
602 if ((s->sstat1 & PHASE_MASK) != ((insn >> 24) & 7)) {
603 DPRINTF("Wrong phase got %d expected %d\n",
604 s->sstat1 & PHASE_MASK, (insn >> 24) & 7);
605 lsi_script_scsi_interrupt(s, LSI_SIST0_MA, 0);
609 switch (s->sstat1 & 0x7) {
629 BADF("Unimplemented phase %d\n", s->sstat1 & PHASE_MASK);
632 s->dfifo = s->dbc & 0xff;
633 s->ctest5 = (s->ctest5 & 0xfc) | ((s->dbc >> 8) & 3);
636 s->ua = addr + s->dbc;
641 case 1: /* IO or Read/Write instruction. */
642 opcode = (insn >> 27) & 7;
646 if (insn & (1 << 25)) {
647 id = read_dword(s, s->dsa + sxt24(insn));
651 id = (id >> 16) & 0xf;
652 if (insn & (1 << 26)) {
653 addr = s->dsp + sxt24(addr);
658 s->sstat0 |= LSI_SSTAT0_WOA;
659 s->scntl1 &= ~LSI_SCNTL1_IARB;
661 if (id >= LSI_MAX_DEVS || !s->scsi_dev[id]) {
662 DPRINTF("Selected absent target %d\n", id);
663 lsi_script_scsi_interrupt(s, 0, LSI_SIST1_STO);
667 DPRINTF("Selected target %d%s\n",
668 id, insn & (1 << 3) ? " ATN" : "");
669 /* ??? Linux drivers compain when this is set. Maybe
670 it only applies in low-level mode (unimplemented).
671 lsi_script_scsi_interrupt(s, LSI_SIST0_CMP, 0); */
672 s->current_dev = s->scsi_dev[id];
673 s->scntl1 |= LSI_SCNTL1_CON;
674 if (insn & (1 << 3)) {
675 s->socl |= LSI_SOCL_ATN;
677 lsi_set_phase(s, PHASE_MO);
679 case 1: /* Disconnect */
680 DPRINTF("Wait Disconect\n");
681 s->scntl1 &= ~LSI_SCNTL1_CON;
683 case 2: /* Wait Reselect */
684 DPRINTF("Wait Reselect\n");
688 DPRINTF("Set%s%s%s%s\n",
689 insn & (1 << 3) ? " ATN" : "",
690 insn & (1 << 6) ? " ACK" : "",
691 insn & (1 << 9) ? " TM" : "",
692 insn & (1 << 10) ? " CC" : "");
693 if (insn & (1 << 3)) {
694 s->socl |= LSI_SOCL_ATN;
695 lsi_set_phase(s, PHASE_MO);
697 if (insn & (1 << 9)) {
698 BADF("Target mode not implemented\n");
701 if (insn & (1 << 10))
705 DPRINTF("Clear%s%s%s%s\n",
706 insn & (1 << 3) ? " ATN" : "",
707 insn & (1 << 6) ? " ACK" : "",
708 insn & (1 << 9) ? " TM" : "",
709 insn & (1 << 10) ? " CC" : "");
710 if (insn & (1 << 3)) {
711 s->socl &= ~LSI_SOCL_ATN;
713 if (insn & (1 << 10))
724 static const char *opcode_names[3] =
725 {"Write", "Read", "Read-Modify-Write"};
726 static const char *operator_names[8] =
727 {"MOV", "SHL", "OR", "XOR", "AND", "SHR", "ADD", "ADC"};
730 reg = ((insn >> 16) & 0x7f) | (insn & 0x80);
731 data8 = (insn >> 8) & 0xff;
732 opcode = (insn >> 27) & 7;
733 operator = (insn >> 24) & 7;
734 DPRINTF("%s reg 0x%x %s data8 %d%s\n",
735 opcode_names[opcode - 5], reg,
736 operator_names[operator], data8,
737 (insn & (1 << 23)) ? " SFBR" : "");
740 case 5: /* From SFBR */
744 case 6: /* To SFBR */
746 op0 = lsi_reg_readb(s, reg);
749 case 7: /* Read-modify-write */
751 op0 = lsi_reg_readb(s, reg);
752 if (insn & (1 << 23)) {
764 case 1: /* Shift left */
766 op0 = (op0 << 1) | s->carry;
780 op0 = (op0 >> 1) | (s->carry << 7);
784 s->carry = op0 < op1;
787 op0 += op1 + s->carry;
789 s->carry = op0 <= op1;
791 s->carry = op0 < op1;
796 case 5: /* From SFBR */
797 case 7: /* Read-modify-write */
798 lsi_reg_writeb(s, reg, op0);
800 case 6: /* To SFBR */
807 case 2: /* Transfer Control. */
812 if ((insn & 0x002e0000) == 0) {
816 if (s->sist1 & LSI_SIST1_STO) {
817 DPRINTF("Delayed select timeout\n");
821 cond = jmp = (insn & (1 << 19)) != 0;
822 if (cond == jmp && (insn & (1 << 21))) {
823 DPRINTF("Compare carry %d\n", s->carry == jmp);
824 cond = s->carry != 0;
826 if (cond == jmp && (insn & (1 << 17))) {
827 DPRINTF("Compare phase %d %c= %d\n",
828 (s->sstat1 & PHASE_MASK),
831 cond = (s->sstat1 & PHASE_MASK) == ((insn >> 24) & 7);
833 if (cond == jmp && (insn & (1 << 18))) {
836 mask = (~insn >> 8) & 0xff;
837 DPRINTF("Compare data 0x%x & 0x%x %c= 0x%x\n",
838 s->sfbr, mask, jmp ? '=' : '!', insn & mask);
839 cond = (s->sfbr & mask) == (insn & mask);
842 if (insn & (1 << 23)) {
843 /* Relative address. */
844 addr = s->dsp + sxt24(addr);
846 switch ((insn >> 27) & 7) {
848 DPRINTF("Jump to 0x%08x\n", addr);
852 DPRINTF("Call 0x%08x\n", addr);
857 DPRINTF("Return to 0x%08x\n", s->temp);
860 case 3: /* Interrupt */
861 DPRINTF("Interrupt 0x%08x\n", s->dsps);
862 if ((insn & (1 << 20)) != 0) {
863 s->istat0 |= LSI_ISTAT0_INTF;
866 lsi_script_dma_interrupt(s, LSI_DSTAT_SIR);
870 DPRINTF("Illegal transfer control\n");
871 lsi_script_dma_interrupt(s, LSI_DSTAT_IID);
875 DPRINTF("Control condition failed\n");
881 if ((insn & (1 << 29)) == 0) {
884 /* ??? The docs imply the destination address is loaded into
885 the TEMP register. However the Linux drivers rely on
886 the value being presrved. */
887 dest = read_dword(s, s->dsp);
889 lsi_memcpy(s, dest, addr, insn & 0xffffff);
896 if (insn & (1 << 28)) {
897 addr = s->dsa + sxt24(addr);
900 reg = (insn >> 16) & 0xff;
901 if (insn & (1 << 24)) {
902 DPRINTF("Load reg 0x%x size %d addr 0x%08x\n", reg, n, addr);
903 cpu_physical_memory_read(addr, data, n);
904 for (i = 0; i < n; i++) {
905 lsi_reg_writeb(s, reg + i, data[i]);
908 DPRINTF("Store reg 0x%x size %d addr 0x%08x\n", reg, n, addr);
909 for (i = 0; i < n; i++) {
910 data[i] = lsi_reg_readb(s, reg + i);
912 cpu_physical_memory_write(addr, data, n);
916 /* ??? Need to avoid infinite loops. */
917 if (s->istat1 & LSI_ISTAT1_SRUN && !s->waiting) {
918 if (s->dcntl & LSI_DCNTL_SSM) {
919 lsi_script_dma_interrupt(s, LSI_DSTAT_SSI);
924 DPRINTF("SCRIPTS execution stopped\n");
927 static uint8_t lsi_reg_readb(LSIState *s, int offset)
930 #define CASE_GET_REG32(name, addr) \
931 case addr: return s->name & 0xff; \
932 case addr + 1: return (s->name >> 8) & 0xff; \
933 case addr + 2: return (s->name >> 16) & 0xff; \
934 case addr + 3: return (s->name >> 24) & 0xff;
937 DPRINTF("Read reg %x\n", offset);
940 case 0x00: /* SCNTL0 */
942 case 0x01: /* SCNTL1 */
944 case 0x02: /* SCNTL2 */
946 case 0x03: /* SCNTL3 */
948 case 0x04: /* SCID */
950 case 0x05: /* SXFER */
952 case 0x06: /* SDID */
954 case 0x07: /* GPREG0 */
957 /* ??? This is not correct. However it's (hopefully) only
958 used for diagnostics, so should be ok. */
960 case 0xc: /* DSTAT */
961 tmp = s->dstat | 0x80;
962 if ((s->istat0 & LSI_ISTAT0_INTF) == 0)
966 case 0x0d: /* SSTAT0 */
968 case 0x0e: /* SSTAT1 */
970 case 0x0f: /* SSTAT2 */
971 return s->scntl1 & LSI_SCNTL1_CON ? 0 : 2;
972 CASE_GET_REG32(dsa, 0x10)
973 case 0x14: /* ISTAT0 */
975 case 0x16: /* MBOX0 */
977 case 0x17: /* MBOX1 */
979 case 0x18: /* CTEST0 */
981 case 0x19: /* CTEST1 */
983 case 0x1a: /* CTEST2 */
984 tmp = LSI_CTEST2_DACK | LSI_CTEST2_CM;
985 if (s->istat0 & LSI_ISTAT0_SIGP) {
986 s->istat0 &= ~LSI_ISTAT0_SIGP;
987 tmp |= LSI_CTEST2_SIGP;
990 case 0x1b: /* CTEST3 */
992 CASE_GET_REG32(temp, 0x1c)
993 case 0x20: /* DFIFO */
995 case 0x21: /* CTEST4 */
997 case 0x22: /* CTEST5 */
999 case 0x24: /* DBC[0:7] */
1000 return s->dbc & 0xff;
1001 case 0x25: /* DBC[8:15] */
1002 return (s->dbc >> 8) & 0xff;
1003 case 0x26: /* DBC[16->23] */
1004 return (s->dbc >> 16) & 0xff;
1005 case 0x27: /* DCMD */
1007 CASE_GET_REG32(dsp, 0x2c)
1008 CASE_GET_REG32(dsps, 0x30)
1009 CASE_GET_REG32(scratch[0], 0x34)
1010 case 0x38: /* DMODE */
1012 case 0x39: /* DIEN */
1014 case 0x3b: /* DCNTL */
1016 case 0x40: /* SIEN0 */
1018 case 0x41: /* SIEN1 */
1020 case 0x42: /* SIST0 */
1025 case 0x43: /* SIST1 */
1030 case 0x47: /* GPCNTL0 */
1032 case 0x48: /* STIME0 */
1034 case 0x4a: /* RESPID0 */
1036 case 0x4b: /* RESPID1 */
1038 case 0x4d: /* STEST1 */
1040 case 0x4e: /* STEST2 */
1042 case 0x4f: /* STEST3 */
1044 case 0x52: /* STEST4 */
1046 case 0x56: /* CCNTL0 */
1048 case 0x57: /* CCNTL1 */
1050 case 0x58: case 0x59: /* SBDL */
1052 CASE_GET_REG32(mmrs, 0xa0)
1053 CASE_GET_REG32(mmws, 0xa4)
1054 CASE_GET_REG32(sfs, 0xa8)
1055 CASE_GET_REG32(drs, 0xac)
1056 CASE_GET_REG32(sbms, 0xb0)
1057 CASE_GET_REG32(dmbs, 0xb4)
1058 CASE_GET_REG32(dnad64, 0xb8)
1059 CASE_GET_REG32(pmjad1, 0xc0)
1060 CASE_GET_REG32(pmjad2, 0xc4)
1061 CASE_GET_REG32(rbc, 0xc8)
1062 CASE_GET_REG32(ua, 0xcc)
1063 CASE_GET_REG32(ia, 0xd4)
1064 CASE_GET_REG32(sbc, 0xd8)
1065 CASE_GET_REG32(csbc, 0xdc)
1067 if (offset >= 0x5c && offset < 0xa0) {
1070 n = (offset - 0x58) >> 2;
1071 shift = (offset & 3) * 8;
1072 return (s->scratch[n] >> shift) & 0xff;
1074 BADF("readb 0x%x\n", offset);
1076 #undef CASE_GET_REG32
1079 static void lsi_reg_writeb(LSIState *s, int offset, uint8_t val)
1081 #define CASE_SET_REG32(name, addr) \
1082 case addr : s->name &= 0xffffff00; s->name |= val; break; \
1083 case addr + 1: s->name &= 0xffff00ff; s->name |= val << 8; break; \
1084 case addr + 2: s->name &= 0xff00ffff; s->name |= val << 16; break; \
1085 case addr + 3: s->name &= 0x00ffffff; s->name |= val << 24; break;
1087 #ifdef DEBUG_LSI_REG
1088 DPRINTF("Write reg %x = %02x\n", offset, val);
1091 case 0x00: /* SCNTL0 */
1093 if (val & LSI_SCNTL0_START) {
1094 BADF("Start sequence not implemented\n");
1097 case 0x01: /* SCNTL1 */
1098 s->scntl1 = val & ~LSI_SCNTL1_SST;
1099 if (val & LSI_SCNTL1_IARB) {
1100 BADF("Immediate Arbritration not implemented\n");
1102 if (val & LSI_SCNTL1_RST) {
1103 s->sstat0 |= LSI_SSTAT0_RST;
1104 lsi_script_scsi_interrupt(s, LSI_SIST0_RST, 0);
1106 s->sstat0 &= ~LSI_SSTAT0_RST;
1109 case 0x02: /* SCNTL2 */
1110 val &= ~(LSI_SCNTL2_WSR | LSI_SCNTL2_WSS);
1113 case 0x03: /* SCNTL3 */
1116 case 0x04: /* SCID */
1119 case 0x05: /* SXFER */
1122 case 0x07: /* GPREG0 */
1124 case 0x0c: case 0x0d: case 0x0e: case 0x0f:
1125 /* Linux writes to these readonly registers on startup. */
1127 CASE_SET_REG32(dsa, 0x10)
1128 case 0x14: /* ISTAT0 */
1129 s->istat0 = (s->istat0 & 0x0f) | (val & 0xf0);
1130 if (val & LSI_ISTAT0_ABRT) {
1131 lsi_script_dma_interrupt(s, LSI_DSTAT_ABRT);
1133 if (val & LSI_ISTAT0_INTF) {
1134 s->istat0 &= ~LSI_ISTAT0_INTF;
1137 if (s->waiting && val & LSI_ISTAT0_SIGP) {
1138 DPRINTF("Woken by SIGP\n");
1141 lsi_execute_script(s);
1143 if (val & LSI_ISTAT0_SRST) {
1146 case 0x16: /* MBOX0 */
1148 case 0x17: /* MBOX1 */
1150 case 0x1b: /* CTEST3 */
1151 s->ctest3 = val & 0x0f;
1153 CASE_SET_REG32(temp, 0x1c)
1154 case 0x21: /* CTEST4 */
1156 BADF("Unimplemented CTEST4-FBL 0x%x\n", val);
1160 case 0x22: /* CTEST5 */
1161 if (val & (LSI_CTEST5_ADCK | LSI_CTEST5_BBCK)) {
1162 BADF("CTEST5 DMA increment not implemented\n");
1166 case 0x2c: /* DSPS[0:7] */
1167 s->dsp &= 0xffffff00;
1170 case 0x2d: /* DSPS[8:15] */
1171 s->dsp &= 0xffff00ff;
1174 case 0x2e: /* DSPS[16:23] */
1175 s->dsp &= 0xff00ffff;
1176 s->dsp |= val << 16;
1178 case 0x2f: /* DSPS[14:31] */
1179 s->dsp &= 0x00ffffff;
1180 s->dsp |= val << 24;
1181 if ((s->dmode & LSI_DMODE_MAN) == 0
1182 && (s->istat1 & LSI_ISTAT1_SRUN) == 0)
1183 lsi_execute_script(s);
1185 CASE_SET_REG32(dsps, 0x30)
1186 CASE_SET_REG32(scratch[0], 0x34)
1187 case 0x38: /* DMODE */
1188 if (val & (LSI_DMODE_SIOM | LSI_DMODE_DIOM)) {
1189 BADF("IO mappings not implemented\n");
1193 case 0x39: /* DIEN */
1197 case 0x3b: /* DCNTL */
1198 s->dcntl = val & ~(LSI_DCNTL_PFF | LSI_DCNTL_STD);
1199 if ((val & LSI_DCNTL_STD) && (s->istat1 & LSI_ISTAT1_SRUN) == 0)
1200 lsi_execute_script(s);
1202 case 0x40: /* SIEN0 */
1206 case 0x41: /* SIEN1 */
1210 case 0x47: /* GPCNTL0 */
1212 case 0x48: /* STIME0 */
1215 case 0x49: /* STIME1 */
1217 DPRINTF("General purpose timer not implemented\n");
1218 /* ??? Raising the interrupt immediately seems to be sufficient
1219 to keep the FreeBSD driver happy. */
1220 lsi_script_scsi_interrupt(s, 0, LSI_SIST1_GEN);
1223 case 0x4a: /* RESPID0 */
1226 case 0x4b: /* RESPID1 */
1229 case 0x4d: /* STEST1 */
1232 case 0x4e: /* STEST2 */
1234 BADF("Low level mode not implemented\n");
1238 case 0x4f: /* STEST3 */
1240 BADF("SCSI FIFO test mode not implemented\n");
1244 case 0x56: /* CCNTL0 */
1247 case 0x57: /* CCNTL1 */
1250 CASE_SET_REG32(mmrs, 0xa0)
1251 CASE_SET_REG32(mmws, 0xa4)
1252 CASE_SET_REG32(sfs, 0xa8)
1253 CASE_SET_REG32(drs, 0xac)
1254 CASE_SET_REG32(sbms, 0xb0)
1255 CASE_SET_REG32(dmbs, 0xb4)
1256 CASE_SET_REG32(dnad64, 0xb8)
1257 CASE_SET_REG32(pmjad1, 0xc0)
1258 CASE_SET_REG32(pmjad2, 0xc4)
1259 CASE_SET_REG32(rbc, 0xc8)
1260 CASE_SET_REG32(ua, 0xcc)
1261 CASE_SET_REG32(ia, 0xd4)
1262 CASE_SET_REG32(sbc, 0xd8)
1263 CASE_SET_REG32(csbc, 0xdc)
1265 if (offset >= 0x5c && offset < 0xa0) {
1268 n = (offset - 0x58) >> 2;
1269 shift = (offset & 3) * 8;
1270 s->scratch[n] &= ~(0xff << shift);
1271 s->scratch[n] |= (val & 0xff) << shift;
1273 BADF("Unhandled writeb 0x%x = 0x%x\n", offset, val);
1276 #undef CASE_SET_REG32
1279 static void lsi_mmio_writeb(void *opaque, target_phys_addr_t addr, uint32_t val)
1281 LSIState *s = (LSIState *)opaque;
1283 lsi_reg_writeb(s, addr & 0xff, val);
1286 static void lsi_mmio_writew(void *opaque, target_phys_addr_t addr, uint32_t val)
1288 LSIState *s = (LSIState *)opaque;
1291 lsi_reg_writeb(s, addr, val & 0xff);
1292 lsi_reg_writeb(s, addr + 1, (val >> 8) & 0xff);
1295 static void lsi_mmio_writel(void *opaque, target_phys_addr_t addr, uint32_t val)
1297 LSIState *s = (LSIState *)opaque;
1300 lsi_reg_writeb(s, addr, val & 0xff);
1301 lsi_reg_writeb(s, addr + 1, (val >> 8) & 0xff);
1302 lsi_reg_writeb(s, addr + 2, (val >> 16) & 0xff);
1303 lsi_reg_writeb(s, addr + 3, (val >> 24) & 0xff);
1306 static uint32_t lsi_mmio_readb(void *opaque, target_phys_addr_t addr)
1308 LSIState *s = (LSIState *)opaque;
1310 return lsi_reg_readb(s, addr & 0xff);
1313 static uint32_t lsi_mmio_readw(void *opaque, target_phys_addr_t addr)
1315 LSIState *s = (LSIState *)opaque;
1319 val = lsi_reg_readb(s, addr);
1320 val |= lsi_reg_readb(s, addr + 1) << 8;
1324 static uint32_t lsi_mmio_readl(void *opaque, target_phys_addr_t addr)
1326 LSIState *s = (LSIState *)opaque;
1329 val = lsi_reg_readb(s, addr);
1330 val |= lsi_reg_readb(s, addr + 1) << 8;
1331 val |= lsi_reg_readb(s, addr + 2) << 16;
1332 val |= lsi_reg_readb(s, addr + 3) << 24;
1336 static CPUReadMemoryFunc *lsi_mmio_readfn[3] = {
1342 static CPUWriteMemoryFunc *lsi_mmio_writefn[3] = {
1348 static void lsi_ram_writeb(void *opaque, target_phys_addr_t addr, uint32_t val)
1350 LSIState *s = (LSIState *)opaque;
1355 newval = s->script_ram[addr >> 2];
1356 shift = (addr & 3) * 8;
1357 newval &= ~(0xff << shift);
1358 newval |= val << shift;
1359 s->script_ram[addr >> 2] = newval;
1362 static void lsi_ram_writew(void *opaque, target_phys_addr_t addr, uint32_t val)
1364 LSIState *s = (LSIState *)opaque;
1368 newval = s->script_ram[addr >> 2];
1370 newval = (newval & 0xffff) | (val << 16);
1372 newval = (newval & 0xffff0000) | val;
1374 s->script_ram[addr >> 2] = newval;
1378 static void lsi_ram_writel(void *opaque, target_phys_addr_t addr, uint32_t val)
1380 LSIState *s = (LSIState *)opaque;
1383 s->script_ram[addr >> 2] = val;
1386 static uint32_t lsi_ram_readb(void *opaque, target_phys_addr_t addr)
1388 LSIState *s = (LSIState *)opaque;
1392 val = s->script_ram[addr >> 2];
1393 val >>= (addr & 3) * 8;
1397 static uint32_t lsi_ram_readw(void *opaque, target_phys_addr_t addr)
1399 LSIState *s = (LSIState *)opaque;
1403 val = s->script_ram[addr >> 2];
1406 return le16_to_cpu(val);
1409 static uint32_t lsi_ram_readl(void *opaque, target_phys_addr_t addr)
1411 LSIState *s = (LSIState *)opaque;
1414 return le32_to_cpu(s->script_ram[addr >> 2]);
1417 static CPUReadMemoryFunc *lsi_ram_readfn[3] = {
1423 static CPUWriteMemoryFunc *lsi_ram_writefn[3] = {
1429 static uint32_t lsi_io_readb(void *opaque, uint32_t addr)
1431 LSIState *s = (LSIState *)opaque;
1432 return lsi_reg_readb(s, addr & 0xff);
1435 static uint32_t lsi_io_readw(void *opaque, uint32_t addr)
1437 LSIState *s = (LSIState *)opaque;
1440 val = lsi_reg_readb(s, addr);
1441 val |= lsi_reg_readb(s, addr + 1) << 8;
1445 static uint32_t lsi_io_readl(void *opaque, uint32_t addr)
1447 LSIState *s = (LSIState *)opaque;
1450 val = lsi_reg_readb(s, addr);
1451 val |= lsi_reg_readb(s, addr + 1) << 8;
1452 val |= lsi_reg_readb(s, addr + 2) << 16;
1453 val |= lsi_reg_readb(s, addr + 3) << 24;
1457 static void lsi_io_writeb(void *opaque, uint32_t addr, uint32_t val)
1459 LSIState *s = (LSIState *)opaque;
1460 lsi_reg_writeb(s, addr & 0xff, val);
1463 static void lsi_io_writew(void *opaque, uint32_t addr, uint32_t val)
1465 LSIState *s = (LSIState *)opaque;
1467 lsi_reg_writeb(s, addr, val & 0xff);
1468 lsi_reg_writeb(s, addr + 1, (val >> 8) & 0xff);
1471 static void lsi_io_writel(void *opaque, uint32_t addr, uint32_t val)
1473 LSIState *s = (LSIState *)opaque;
1475 lsi_reg_writeb(s, addr, val & 0xff);
1476 lsi_reg_writeb(s, addr + 1, (val >> 8) & 0xff);
1477 lsi_reg_writeb(s, addr + 2, (val >> 16) & 0xff);
1478 lsi_reg_writeb(s, addr + 2, (val >> 24) & 0xff);
1481 static void lsi_io_mapfunc(PCIDevice *pci_dev, int region_num,
1482 uint32_t addr, uint32_t size, int type)
1484 LSIState *s = (LSIState *)pci_dev;
1486 DPRINTF("Mapping IO at %08x\n", addr);
1488 register_ioport_write(addr, 256, 1, lsi_io_writeb, s);
1489 register_ioport_read(addr, 256, 1, lsi_io_readb, s);
1490 register_ioport_write(addr, 256, 2, lsi_io_writew, s);
1491 register_ioport_read(addr, 256, 2, lsi_io_readw, s);
1492 register_ioport_write(addr, 256, 4, lsi_io_writel, s);
1493 register_ioport_read(addr, 256, 4, lsi_io_readl, s);
1496 static void lsi_ram_mapfunc(PCIDevice *pci_dev, int region_num,
1497 uint32_t addr, uint32_t size, int type)
1499 LSIState *s = (LSIState *)pci_dev;
1501 DPRINTF("Mapping ram at %08x\n", addr);
1502 s->script_ram_base = addr;
1503 cpu_register_physical_memory(addr + 0, 0x2000, s->ram_io_addr);
1506 static void lsi_mmio_mapfunc(PCIDevice *pci_dev, int region_num,
1507 uint32_t addr, uint32_t size, int type)
1509 LSIState *s = (LSIState *)pci_dev;
1511 DPRINTF("Mapping registers at %08x\n", addr);
1512 cpu_register_physical_memory(addr + 0, 0x400, s->mmio_io_addr);
1515 void lsi_scsi_attach(void *opaque, BlockDriverState *bd, int id)
1517 LSIState *s = (LSIState *)opaque;
1520 for (id = 0; id < LSI_MAX_DEVS; id++) {
1521 if (s->scsi_dev[id] == NULL)
1525 if (id >= LSI_MAX_DEVS) {
1526 BADF("Bad Device ID %d\n", id);
1529 if (s->scsi_dev[id]) {
1530 DPRINTF("Destroying device %d\n", id);
1531 scsi_disk_destroy(s->scsi_dev[id]);
1533 DPRINTF("Attaching block device %d\n", id);
1534 s->scsi_dev[id] = scsi_disk_init(bd, lsi_command_complete, s);
1537 void *lsi_scsi_init(PCIBus *bus, int devfn)
1541 s = (LSIState *)pci_register_device(bus, "LSI53C895A SCSI HBA",
1542 sizeof(*s), devfn, NULL, NULL);
1544 fprintf(stderr, "lsi-scsi: Failed to register PCI device\n");
1548 s->pci_dev.config[0x00] = 0x00;
1549 s->pci_dev.config[0x01] = 0x10;
1550 s->pci_dev.config[0x02] = 0x12;
1551 s->pci_dev.config[0x03] = 0x00;
1552 s->pci_dev.config[0x0b] = 0x01;
1553 s->pci_dev.config[0x3d] = 0x01; /* interrupt pin 1 */
1555 s->mmio_io_addr = cpu_register_io_memory(0, lsi_mmio_readfn,
1556 lsi_mmio_writefn, s);
1557 s->ram_io_addr = cpu_register_io_memory(0, lsi_ram_readfn,
1558 lsi_ram_writefn, s);
1560 pci_register_io_region((struct PCIDevice *)s, 0, 256,
1561 PCI_ADDRESS_SPACE_IO, lsi_io_mapfunc);
1562 pci_register_io_region((struct PCIDevice *)s, 1, 0x400,
1563 PCI_ADDRESS_SPACE_MEM, lsi_mmio_mapfunc);
1564 pci_register_io_region((struct PCIDevice *)s, 2, 0x2000,
1565 PCI_ADDRESS_SPACE_MEM, lsi_ram_mapfunc);
projects / qemu / blob