2 * QEMU ESP/NCR53C9x emulation
4 * Copyright (c) 2005-2006 Fabrice Bellard
6 * Permission is hereby granted, free of charge, to any person obtaining a copy
7 * of this software and associated documentation files (the "Software"), to deal
8 * in the Software without restriction, including without limitation the rights
9 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
10 * copies of the Software, and to permit persons to whom the Software is
11 * furnished to do so, subject to the following conditions:
13 * The above copyright notice and this permission notice shall be included in
14 * all copies or substantial portions of the Software.
16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
19 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
21 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
26 #include "scsi-disk.h"
33 * On Sparc32, this is the ESP (NCR53C90) part of chip STP2000 (Master I/O),
34 * also produced as NCR89C100. See
35 * http://www.ibiblio.org/pub/historic-linux/early-ports/Sparc/NCR/NCR89C100.txt
37 * http://www.ibiblio.org/pub/historic-linux/early-ports/Sparc/NCR/NCR53C9X.txt
41 #define DPRINTF(fmt, args...) \
42 do { printf("ESP: " fmt , ##args); } while (0)
44 #define DPRINTF(fmt, args...) do {} while (0)
50 typedef struct ESPState ESPState;
55 uint8_t rregs[ESP_REGS];
56 uint8_t wregs[ESP_REGS];
58 uint32_t ti_rptr, ti_wptr;
59 uint8_t ti_buf[TI_BUFSZ];
62 SCSIDevice *scsi_dev[ESP_MAX_DEVS];
63 SCSIDevice *current_dev;
64 uint8_t cmdbuf[TI_BUFSZ];
68 /* The amount of data left in the current DMA transfer. */
70 /* The size of the current DMA transfer. Zero if no transfer is in
76 espdma_memory_read_write dma_memory_read;
77 espdma_memory_read_write dma_memory_write;
86 #define ESP_WBUSID 0x4
90 #define ESP_WSYNTP 0x6
91 #define ESP_RFLAGS 0x7
108 #define CMD_FLUSH 0x01
109 #define CMD_RESET 0x02
110 #define CMD_BUSRESET 0x03
112 #define CMD_ICCS 0x11
113 #define CMD_MSGACC 0x12
114 #define CMD_SATN 0x1a
115 #define CMD_SELATN 0x42
116 #define CMD_SELATNS 0x43
117 #define CMD_ENSEL 0x44
125 #define STAT_PIO_MASK 0x06
130 #define STAT_INT 0x80
135 #define INTR_RST 0x80
140 #define CFG1_RESREPT 0x40
142 #define CFG2_MASK 0x15
144 #define TCHI_FAS100A 0x4
146 static void esp_raise_irq(ESPState *s)
148 if (!(s->rregs[ESP_RSTAT] & STAT_INT)) {
149 s->rregs[ESP_RSTAT] |= STAT_INT;
150 qemu_irq_raise(s->irq);
154 static void esp_lower_irq(ESPState *s)
156 if (s->rregs[ESP_RSTAT] & STAT_INT) {
157 s->rregs[ESP_RSTAT] &= ~STAT_INT;
158 qemu_irq_lower(s->irq);
162 static uint32_t get_cmd(ESPState *s, uint8_t *buf)
167 dmalen = s->rregs[ESP_TCLO] | (s->rregs[ESP_TCMID] << 8);
168 target = s->wregs[ESP_WBUSID] & 7;
169 DPRINTF("get_cmd: len %d target %d\n", dmalen, target);
171 s->dma_memory_read(s->dma_opaque, buf, dmalen);
174 memcpy(&buf[1], s->ti_buf, dmalen);
182 if (s->current_dev) {
183 /* Started a new command before the old one finished. Cancel it. */
184 s->current_dev->cancel_io(s->current_dev, 0);
188 if (target >= ESP_MAX_DEVS || !s->scsi_dev[target]) {
190 s->rregs[ESP_RSTAT] = 0;
191 s->rregs[ESP_RINTR] = INTR_DC;
192 s->rregs[ESP_RSEQ] = SEQ_0;
196 s->current_dev = s->scsi_dev[target];
200 static void do_cmd(ESPState *s, uint8_t *buf)
205 DPRINTF("do_cmd: busid 0x%x\n", buf[0]);
207 datalen = s->current_dev->send_command(s->current_dev, 0, &buf[1], lun);
208 s->ti_size = datalen;
210 s->rregs[ESP_RSTAT] = STAT_TC;
214 s->rregs[ESP_RSTAT] |= STAT_DI;
215 s->current_dev->read_data(s->current_dev, 0);
217 s->rregs[ESP_RSTAT] |= STAT_DO;
218 s->current_dev->write_data(s->current_dev, 0);
221 s->rregs[ESP_RINTR] = INTR_BS | INTR_FC;
222 s->rregs[ESP_RSEQ] = SEQ_CD;
226 static void handle_satn(ESPState *s)
231 len = get_cmd(s, buf);
236 static void handle_satn_stop(ESPState *s)
238 s->cmdlen = get_cmd(s, s->cmdbuf);
240 DPRINTF("Set ATN & Stop: cmdlen %d\n", s->cmdlen);
242 s->rregs[ESP_RSTAT] = STAT_TC | STAT_CD;
243 s->rregs[ESP_RINTR] = INTR_BS | INTR_FC;
244 s->rregs[ESP_RSEQ] = SEQ_CD;
249 static void write_response(ESPState *s)
251 DPRINTF("Transfer status (sense=%d)\n", s->sense);
252 s->ti_buf[0] = s->sense;
255 s->dma_memory_write(s->dma_opaque, s->ti_buf, 2);
256 s->rregs[ESP_RSTAT] = STAT_TC | STAT_ST;
257 s->rregs[ESP_RINTR] = INTR_BS | INTR_FC;
258 s->rregs[ESP_RSEQ] = SEQ_CD;
263 s->rregs[ESP_RFLAGS] = 2;
268 static void esp_dma_done(ESPState *s)
270 s->rregs[ESP_RSTAT] |= STAT_TC;
271 s->rregs[ESP_RINTR] = INTR_BS;
272 s->rregs[ESP_RSEQ] = 0;
273 s->rregs[ESP_RFLAGS] = 0;
274 s->rregs[ESP_TCLO] = 0;
275 s->rregs[ESP_TCMID] = 0;
279 static void esp_do_dma(ESPState *s)
284 to_device = (s->ti_size < 0);
287 DPRINTF("command len %d + %d\n", s->cmdlen, len);
288 s->dma_memory_read(s->dma_opaque, &s->cmdbuf[s->cmdlen], len);
292 do_cmd(s, s->cmdbuf);
295 if (s->async_len == 0) {
296 /* Defer until data is available. */
299 if (len > s->async_len) {
303 s->dma_memory_read(s->dma_opaque, s->async_buf, len);
305 s->dma_memory_write(s->dma_opaque, s->async_buf, len);
314 if (s->async_len == 0) {
316 // ti_size is negative
317 s->current_dev->write_data(s->current_dev, 0);
319 s->current_dev->read_data(s->current_dev, 0);
320 /* If there is still data to be read from the device then
321 complete the DMA operation immeriately. Otherwise defer
322 until the scsi layer has completed. */
323 if (s->dma_left == 0 && s->ti_size > 0) {
328 /* Partially filled a scsi buffer. Complete immediately. */
333 static void esp_command_complete(void *opaque, int reason, uint32_t tag,
336 ESPState *s = (ESPState *)opaque;
338 if (reason == SCSI_REASON_DONE) {
339 DPRINTF("SCSI Command complete\n");
341 DPRINTF("SCSI command completed unexpectedly\n");
346 DPRINTF("Command failed\n");
348 s->rregs[ESP_RSTAT] = STAT_ST;
350 s->current_dev = NULL;
352 DPRINTF("transfer %d/%d\n", s->dma_left, s->ti_size);
354 s->async_buf = s->current_dev->get_buf(s->current_dev, 0);
357 } else if (s->dma_counter != 0 && s->ti_size <= 0) {
358 /* If this was the last part of a DMA transfer then the
359 completion interrupt is deferred to here. */
365 static void handle_ti(ESPState *s)
367 uint32_t dmalen, minlen;
369 dmalen = s->rregs[ESP_TCLO] | (s->rregs[ESP_TCMID] << 8);
373 s->dma_counter = dmalen;
376 minlen = (dmalen < 32) ? dmalen : 32;
377 else if (s->ti_size < 0)
378 minlen = (dmalen < -s->ti_size) ? dmalen : -s->ti_size;
380 minlen = (dmalen < s->ti_size) ? dmalen : s->ti_size;
381 DPRINTF("Transfer Information len %d\n", minlen);
383 s->dma_left = minlen;
384 s->rregs[ESP_RSTAT] &= ~STAT_TC;
386 } else if (s->do_cmd) {
387 DPRINTF("command len %d\n", s->cmdlen);
391 do_cmd(s, s->cmdbuf);
396 static void esp_reset(void *opaque)
398 ESPState *s = opaque;
402 memset(s->rregs, 0, ESP_REGS);
403 memset(s->wregs, 0, ESP_REGS);
404 s->rregs[ESP_TCHI] = TCHI_FAS100A; // Indicate fas100a
412 static void parent_esp_reset(void *opaque, int irq, int level)
418 static uint32_t esp_mem_readb(void *opaque, target_phys_addr_t addr)
420 ESPState *s = opaque;
423 saddr = (addr >> s->it_shift) & (ESP_REGS - 1);
424 DPRINTF("read reg[%d]: 0x%2.2x\n", saddr, s->rregs[saddr]);
427 if (s->ti_size > 0) {
429 if ((s->rregs[ESP_RSTAT] & STAT_PIO_MASK) == 0) {
431 fprintf(stderr, "esp: PIO data read not implemented\n");
432 s->rregs[ESP_FIFO] = 0;
434 s->rregs[ESP_FIFO] = s->ti_buf[s->ti_rptr++];
438 if (s->ti_size == 0) {
444 // Clear interrupt/error status bits
445 s->rregs[ESP_RSTAT] &= ~(STAT_GE | STAT_PE);
451 return s->rregs[saddr];
454 static void esp_mem_writeb(void *opaque, target_phys_addr_t addr, uint32_t val)
456 ESPState *s = opaque;
459 saddr = (addr >> s->it_shift) & (ESP_REGS - 1);
460 DPRINTF("write reg[%d]: 0x%2.2x -> 0x%2.2x\n", saddr, s->wregs[saddr],
465 s->rregs[ESP_RSTAT] &= ~STAT_TC;
469 s->cmdbuf[s->cmdlen++] = val & 0xff;
470 } else if ((s->rregs[ESP_RSTAT] & STAT_PIO_MASK) == 0) {
474 fprintf(stderr, "esp: PIO data write not implemented\n");
477 s->ti_buf[s->ti_wptr++] = val & 0xff;
481 s->rregs[saddr] = val;
484 /* Reload DMA counter. */
485 s->rregs[ESP_TCLO] = s->wregs[ESP_TCLO];
486 s->rregs[ESP_TCMID] = s->wregs[ESP_TCMID];
490 switch(val & CMD_CMD) {
492 DPRINTF("NOP (%2.2x)\n", val);
495 DPRINTF("Flush FIFO (%2.2x)\n", val);
497 s->rregs[ESP_RINTR] = INTR_FC;
498 s->rregs[ESP_RSEQ] = 0;
499 s->rregs[ESP_RFLAGS] = 0;
502 DPRINTF("Chip reset (%2.2x)\n", val);
506 DPRINTF("Bus reset (%2.2x)\n", val);
507 s->rregs[ESP_RINTR] = INTR_RST;
508 if (!(s->wregs[ESP_CFG1] & CFG1_RESREPT)) {
516 DPRINTF("Initiator Command Complete Sequence (%2.2x)\n", val);
520 DPRINTF("Message Accepted (%2.2x)\n", val);
522 s->rregs[ESP_RINTR] = INTR_DC;
523 s->rregs[ESP_RSEQ] = 0;
526 DPRINTF("Set ATN (%2.2x)\n", val);
529 DPRINTF("Set ATN (%2.2x)\n", val);
533 DPRINTF("Set ATN & stop (%2.2x)\n", val);
537 DPRINTF("Enable selection (%2.2x)\n", val);
540 DPRINTF("Unhandled ESP command (%2.2x)\n", val);
544 case ESP_WBUSID ... ESP_WSYNO:
547 s->rregs[saddr] = val;
549 case ESP_WCCF ... ESP_WTEST:
552 s->rregs[saddr] = val & CFG2_MASK;
554 case ESP_CFG3 ... ESP_RES4:
555 s->rregs[saddr] = val;
560 s->wregs[saddr] = val;
563 static CPUReadMemoryFunc *esp_mem_read[3] = {
569 static CPUWriteMemoryFunc *esp_mem_write[3] = {
575 static void esp_save(QEMUFile *f, void *opaque)
577 ESPState *s = opaque;
579 qemu_put_buffer(f, s->rregs, ESP_REGS);
580 qemu_put_buffer(f, s->wregs, ESP_REGS);
581 qemu_put_be32s(f, (uint32_t *)&s->ti_size);
582 qemu_put_be32s(f, &s->ti_rptr);
583 qemu_put_be32s(f, &s->ti_wptr);
584 qemu_put_buffer(f, s->ti_buf, TI_BUFSZ);
585 qemu_put_be32s(f, &s->sense);
586 qemu_put_be32s(f, &s->dma);
587 qemu_put_buffer(f, s->cmdbuf, TI_BUFSZ);
588 qemu_put_be32s(f, &s->cmdlen);
589 qemu_put_be32s(f, &s->do_cmd);
590 qemu_put_be32s(f, &s->dma_left);
591 // There should be no transfers in progress, so dma_counter is not saved
594 static int esp_load(QEMUFile *f, void *opaque, int version_id)
596 ESPState *s = opaque;
599 return -EINVAL; // Cannot emulate 2
601 qemu_get_buffer(f, s->rregs, ESP_REGS);
602 qemu_get_buffer(f, s->wregs, ESP_REGS);
603 qemu_get_be32s(f, (uint32_t *)&s->ti_size);
604 qemu_get_be32s(f, &s->ti_rptr);
605 qemu_get_be32s(f, &s->ti_wptr);
606 qemu_get_buffer(f, s->ti_buf, TI_BUFSZ);
607 qemu_get_be32s(f, &s->sense);
608 qemu_get_be32s(f, &s->dma);
609 qemu_get_buffer(f, s->cmdbuf, TI_BUFSZ);
610 qemu_get_be32s(f, &s->cmdlen);
611 qemu_get_be32s(f, &s->do_cmd);
612 qemu_get_be32s(f, &s->dma_left);
617 void esp_scsi_attach(void *opaque, BlockDriverState *bd, int id)
619 ESPState *s = (ESPState *)opaque;
622 for (id = 0; id < ESP_MAX_DEVS; id++) {
623 if (s->scsi_dev[id] == NULL)
627 if (id >= ESP_MAX_DEVS) {
628 DPRINTF("Bad Device ID %d\n", id);
631 if (s->scsi_dev[id]) {
632 DPRINTF("Destroying device %d\n", id);
633 s->scsi_dev[id]->destroy(s->scsi_dev[id]);
635 DPRINTF("Attaching block device %d\n", id);
636 /* Command queueing is not implemented. */
637 s->scsi_dev[id] = scsi_generic_init(bd, 0, esp_command_complete, s);
638 if (s->scsi_dev[id] == NULL)
639 s->scsi_dev[id] = scsi_disk_init(bd, 0, esp_command_complete, s);
642 void *esp_init(target_phys_addr_t espaddr, int it_shift,
643 espdma_memory_read_write dma_memory_read,
644 espdma_memory_read_write dma_memory_write,
645 void *dma_opaque, qemu_irq irq, qemu_irq *reset)
650 s = qemu_mallocz(sizeof(ESPState));
655 s->it_shift = it_shift;
656 s->dma_memory_read = dma_memory_read;
657 s->dma_memory_write = dma_memory_write;
658 s->dma_opaque = dma_opaque;
660 esp_io_memory = cpu_register_io_memory(0, esp_mem_read, esp_mem_write, s);
661 cpu_register_physical_memory(espaddr, ESP_REGS << it_shift, esp_io_memory);
665 register_savevm("esp", espaddr, 3, esp_save, esp_load, s);
666 qemu_register_reset(esp_reset, s);
668 *reset = *qemu_allocate_irqs(parent_esp_reset, s, 1);
projects / qemu / blob