1 /* 2 * QEMU ESP/NCR53C9x emulation 3 * 4 * Copyright (c) 2005-2006 Fabrice Bellard 5 * Copyright (c) 2012 Herve Poussineau 6 * 7 * Permission is hereby granted, free of charge, to any person obtaining a copy 8 * of this software and associated documentation files (the "Software"), to deal 9 * in the Software without restriction, including without limitation the rights 10 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 11 * copies of the Software, and to permit persons to whom the Software is 12 * furnished to do so, subject to the following conditions: 13 * 14 * The above copyright notice and this permission notice shall be included in 15 * all copies or substantial portions of the Software. 16 * 17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 18 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 19 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL 20 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 21 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 22 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 23 * THE SOFTWARE. 24 */ 25 26 #include "qemu/osdep.h" 27 #include "hw/sysbus.h" 28 #include "migration/vmstate.h" 29 #include "hw/irq.h" 30 #include "hw/scsi/esp.h" 31 #include "trace.h" 32 #include "qemu/log.h" 33 #include "qemu/module.h" 34 35 /* 36 * On Sparc32, this is the ESP (NCR53C90) part of chip STP2000 (Master I/O), 37 * also produced as NCR89C100. See 38 * http://www.ibiblio.org/pub/historic-linux/early-ports/Sparc/NCR/NCR89C100.txt 39 * and 40 * http://www.ibiblio.org/pub/historic-linux/early-ports/Sparc/NCR/NCR53C9X.txt 41 * 42 * On Macintosh Quadra it is a NCR53C96. 43 */ 44 45 static void esp_raise_irq(ESPState *s) 46 { 47 if (!(s->rregs[ESP_RSTAT] & STAT_INT)) { 48 s->rregs[ESP_RSTAT] |= STAT_INT; 49 qemu_irq_raise(s->irq); 50 trace_esp_raise_irq(); 51 } 52 } 53 54 static void esp_lower_irq(ESPState *s) 55 { 56 if (s->rregs[ESP_RSTAT] & STAT_INT) { 57 s->rregs[ESP_RSTAT] &= ~STAT_INT; 58 qemu_irq_lower(s->irq); 59 trace_esp_lower_irq(); 60 } 61 } 62 63 static void esp_raise_drq(ESPState *s) 64 { 65 qemu_irq_raise(s->irq_data); 66 trace_esp_raise_drq(); 67 } 68 69 static void esp_lower_drq(ESPState *s) 70 { 71 qemu_irq_lower(s->irq_data); 72 trace_esp_lower_drq(); 73 } 74 75 void esp_dma_enable(ESPState *s, int irq, int level) 76 { 77 if (level) { 78 s->dma_enabled = 1; 79 trace_esp_dma_enable(); 80 if (s->dma_cb) { 81 s->dma_cb(s); 82 s->dma_cb = NULL; 83 } 84 } else { 85 trace_esp_dma_disable(); 86 s->dma_enabled = 0; 87 } 88 } 89 90 void esp_request_cancelled(SCSIRequest *req) 91 { 92 ESPState *s = req->hba_private; 93 94 if (req == s->current_req) { 95 scsi_req_unref(s->current_req); 96 s->current_req = NULL; 97 s->current_dev = NULL; 98 } 99 } 100 101 static void esp_fifo_push(ESPState *s, uint8_t val) 102 { 103 if (fifo8_num_used(&s->fifo) == ESP_FIFO_SZ) { 104 trace_esp_error_fifo_overrun(); 105 return; 106 } 107 108 fifo8_push(&s->fifo, val); 109 } 110 111 static uint8_t esp_fifo_pop(ESPState *s) 112 { 113 if (fifo8_is_empty(&s->fifo)) { 114 return 0; 115 } 116 117 return fifo8_pop(&s->fifo); 118 } 119 120 static void esp_cmdfifo_push(ESPState *s, uint8_t val) 121 { 122 if (fifo8_num_used(&s->cmdfifo) == ESP_CMDFIFO_SZ) { 123 trace_esp_error_fifo_overrun(); 124 return; 125 } 126 127 fifo8_push(&s->cmdfifo, val); 128 } 129 130 static uint8_t esp_cmdfifo_pop(ESPState *s) 131 { 132 if (fifo8_is_empty(&s->cmdfifo)) { 133 return 0; 134 } 135 136 return fifo8_pop(&s->cmdfifo); 137 } 138 139 static uint32_t esp_get_tc(ESPState *s) 140 { 141 uint32_t dmalen; 142 143 dmalen = s->rregs[ESP_TCLO]; 144 dmalen |= s->rregs[ESP_TCMID] << 8; 145 dmalen |= s->rregs[ESP_TCHI] << 16; 146 147 return dmalen; 148 } 149 150 static void esp_set_tc(ESPState *s, uint32_t dmalen) 151 { 152 s->rregs[ESP_TCLO] = dmalen; 153 s->rregs[ESP_TCMID] = dmalen >> 8; 154 s->rregs[ESP_TCHI] = dmalen >> 16; 155 } 156 157 static uint32_t esp_get_stc(ESPState *s) 158 { 159 uint32_t dmalen; 160 161 dmalen = s->wregs[ESP_TCLO]; 162 dmalen |= s->wregs[ESP_TCMID] << 8; 163 dmalen |= s->wregs[ESP_TCHI] << 16; 164 165 return dmalen; 166 } 167 168 static uint8_t esp_pdma_read(ESPState *s) 169 { 170 uint8_t val; 171 172 if (s->do_cmd) { 173 val = esp_cmdfifo_pop(s); 174 } else { 175 val = esp_fifo_pop(s); 176 } 177 178 return val; 179 } 180 181 static void esp_pdma_write(ESPState *s, uint8_t val) 182 { 183 uint32_t dmalen = esp_get_tc(s); 184 185 if (dmalen == 0) { 186 return; 187 } 188 189 if (s->do_cmd) { 190 esp_cmdfifo_push(s, val); 191 } else { 192 esp_fifo_push(s, val); 193 } 194 195 dmalen--; 196 esp_set_tc(s, dmalen); 197 } 198 199 static int esp_select(ESPState *s) 200 { 201 int target; 202 203 target = s->wregs[ESP_WBUSID] & BUSID_DID; 204 205 s->ti_size = 0; 206 fifo8_reset(&s->fifo); 207 208 if (s->current_req) { 209 /* Started a new command before the old one finished. Cancel it. */ 210 scsi_req_cancel(s->current_req); 211 s->async_len = 0; 212 } 213 214 s->current_dev = scsi_device_find(&s->bus, 0, target, 0); 215 if (!s->current_dev) { 216 /* No such drive */ 217 s->rregs[ESP_RSTAT] = 0; 218 s->rregs[ESP_RINTR] |= INTR_DC; 219 s->rregs[ESP_RSEQ] = SEQ_0; 220 esp_raise_irq(s); 221 return -1; 222 } 223 224 /* 225 * Note that we deliberately don't raise the IRQ here: this will be done 226 * either in do_busid_cmd() for DATA OUT transfers or by the deferred 227 * IRQ mechanism in esp_transfer_data() for DATA IN transfers 228 */ 229 s->rregs[ESP_RINTR] |= INTR_FC; 230 s->rregs[ESP_RSEQ] = SEQ_CD; 231 return 0; 232 } 233 234 static uint32_t get_cmd(ESPState *s, uint32_t maxlen) 235 { 236 uint8_t buf[ESP_CMDFIFO_SZ]; 237 uint32_t dmalen, n; 238 int target; 239 240 target = s->wregs[ESP_WBUSID] & BUSID_DID; 241 if (s->dma) { 242 dmalen = MIN(esp_get_tc(s), maxlen); 243 if (dmalen == 0) { 244 return 0; 245 } 246 if (s->dma_memory_read) { 247 s->dma_memory_read(s->dma_opaque, buf, dmalen); 248 fifo8_push_all(&s->cmdfifo, buf, dmalen); 249 } else { 250 if (esp_select(s) < 0) { 251 fifo8_reset(&s->cmdfifo); 252 return -1; 253 } 254 esp_raise_drq(s); 255 fifo8_reset(&s->cmdfifo); 256 return 0; 257 } 258 } else { 259 dmalen = MIN(fifo8_num_used(&s->fifo), maxlen); 260 if (dmalen == 0) { 261 return 0; 262 } 263 memcpy(buf, fifo8_pop_buf(&s->fifo, dmalen, &n), dmalen); 264 if (dmalen >= 3) { 265 buf[0] = buf[2] >> 5; 266 } 267 fifo8_push_all(&s->cmdfifo, buf, dmalen); 268 } 269 trace_esp_get_cmd(dmalen, target); 270 271 if (esp_select(s) < 0) { 272 fifo8_reset(&s->cmdfifo); 273 return -1; 274 } 275 return dmalen; 276 } 277 278 static void do_busid_cmd(ESPState *s, uint8_t busid) 279 { 280 uint32_t n, cmdlen; 281 int32_t datalen; 282 int lun; 283 SCSIDevice *current_lun; 284 uint8_t *buf; 285 286 trace_esp_do_busid_cmd(busid); 287 lun = busid & 7; 288 cmdlen = fifo8_num_used(&s->cmdfifo); 289 buf = (uint8_t *)fifo8_pop_buf(&s->cmdfifo, cmdlen, &n); 290 291 current_lun = scsi_device_find(&s->bus, 0, s->current_dev->id, lun); 292 s->current_req = scsi_req_new(current_lun, 0, lun, buf, s); 293 datalen = scsi_req_enqueue(s->current_req); 294 s->ti_size = datalen; 295 fifo8_reset(&s->cmdfifo); 296 if (datalen != 0) { 297 s->rregs[ESP_RSTAT] = STAT_TC; 298 s->rregs[ESP_RSEQ] = SEQ_CD; 299 s->ti_cmd = 0; 300 esp_set_tc(s, 0); 301 if (datalen > 0) { 302 /* 303 * Switch to DATA IN phase but wait until initial data xfer is 304 * complete before raising the command completion interrupt 305 */ 306 s->data_in_ready = false; 307 s->rregs[ESP_RSTAT] |= STAT_DI; 308 } else { 309 s->rregs[ESP_RSTAT] |= STAT_DO; 310 s->rregs[ESP_RINTR] |= INTR_BS | INTR_FC; 311 esp_raise_irq(s); 312 esp_lower_drq(s); 313 } 314 scsi_req_continue(s->current_req); 315 return; 316 } 317 } 318 319 static void do_cmd(ESPState *s) 320 { 321 uint8_t busid = fifo8_pop(&s->cmdfifo); 322 uint32_t n; 323 324 s->cmdfifo_cdb_offset--; 325 326 /* Ignore extended messages for now */ 327 if (s->cmdfifo_cdb_offset) { 328 fifo8_pop_buf(&s->cmdfifo, s->cmdfifo_cdb_offset, &n); 329 s->cmdfifo_cdb_offset = 0; 330 } 331 332 do_busid_cmd(s, busid); 333 } 334 335 static void satn_pdma_cb(ESPState *s) 336 { 337 s->do_cmd = 0; 338 if (!fifo8_is_empty(&s->cmdfifo)) { 339 s->cmdfifo_cdb_offset = 1; 340 do_cmd(s); 341 } 342 } 343 344 static void handle_satn(ESPState *s) 345 { 346 int32_t cmdlen; 347 348 if (s->dma && !s->dma_enabled) { 349 s->dma_cb = handle_satn; 350 return; 351 } 352 s->pdma_cb = satn_pdma_cb; 353 cmdlen = get_cmd(s, ESP_CMDFIFO_SZ); 354 if (cmdlen > 0) { 355 s->cmdfifo_cdb_offset = 1; 356 do_cmd(s); 357 } else if (cmdlen == 0) { 358 s->do_cmd = 1; 359 /* Target present, but no cmd yet - switch to command phase */ 360 s->rregs[ESP_RSEQ] = SEQ_CD; 361 s->rregs[ESP_RSTAT] = STAT_CD; 362 } 363 } 364 365 static void s_without_satn_pdma_cb(ESPState *s) 366 { 367 uint32_t len; 368 369 s->do_cmd = 0; 370 len = fifo8_num_used(&s->cmdfifo); 371 if (len) { 372 s->cmdfifo_cdb_offset = 0; 373 do_busid_cmd(s, 0); 374 } 375 } 376 377 static void handle_s_without_atn(ESPState *s) 378 { 379 int32_t cmdlen; 380 381 if (s->dma && !s->dma_enabled) { 382 s->dma_cb = handle_s_without_atn; 383 return; 384 } 385 s->pdma_cb = s_without_satn_pdma_cb; 386 cmdlen = get_cmd(s, ESP_CMDFIFO_SZ); 387 if (cmdlen > 0) { 388 s->cmdfifo_cdb_offset = 0; 389 do_busid_cmd(s, 0); 390 } else if (cmdlen == 0) { 391 s->do_cmd = 1; 392 /* Target present, but no cmd yet - switch to command phase */ 393 s->rregs[ESP_RSEQ] = SEQ_CD; 394 s->rregs[ESP_RSTAT] = STAT_CD; 395 } 396 } 397 398 static void satn_stop_pdma_cb(ESPState *s) 399 { 400 s->do_cmd = 0; 401 if (!fifo8_is_empty(&s->cmdfifo)) { 402 trace_esp_handle_satn_stop(fifo8_num_used(&s->cmdfifo)); 403 s->do_cmd = 1; 404 s->cmdfifo_cdb_offset = 1; 405 s->rregs[ESP_RSTAT] = STAT_TC | STAT_CD; 406 s->rregs[ESP_RINTR] |= INTR_BS | INTR_FC; 407 s->rregs[ESP_RSEQ] = SEQ_CD; 408 esp_raise_irq(s); 409 } 410 } 411 412 static void handle_satn_stop(ESPState *s) 413 { 414 int32_t cmdlen; 415 416 if (s->dma && !s->dma_enabled) { 417 s->dma_cb = handle_satn_stop; 418 return; 419 } 420 s->pdma_cb = satn_stop_pdma_cb; 421 cmdlen = get_cmd(s, 1); 422 if (cmdlen > 0) { 423 trace_esp_handle_satn_stop(fifo8_num_used(&s->cmdfifo)); 424 s->do_cmd = 1; 425 s->cmdfifo_cdb_offset = 1; 426 s->rregs[ESP_RSTAT] = STAT_MO; 427 s->rregs[ESP_RINTR] |= INTR_BS | INTR_FC; 428 s->rregs[ESP_RSEQ] = SEQ_MO; 429 esp_raise_irq(s); 430 } else if (cmdlen == 0) { 431 s->do_cmd = 1; 432 /* Target present, switch to message out phase */ 433 s->rregs[ESP_RSEQ] = SEQ_MO; 434 s->rregs[ESP_RSTAT] = STAT_MO; 435 } 436 } 437 438 static void write_response_pdma_cb(ESPState *s) 439 { 440 s->rregs[ESP_RSTAT] = STAT_TC | STAT_ST; 441 s->rregs[ESP_RINTR] |= INTR_BS | INTR_FC; 442 s->rregs[ESP_RSEQ] = SEQ_CD; 443 esp_raise_irq(s); 444 } 445 446 static void write_response(ESPState *s) 447 { 448 uint8_t buf[2]; 449 450 trace_esp_write_response(s->status); 451 452 buf[0] = s->status; 453 buf[1] = 0; 454 455 if (s->dma) { 456 if (s->dma_memory_write) { 457 s->dma_memory_write(s->dma_opaque, buf, 2); 458 s->rregs[ESP_RSTAT] = STAT_TC | STAT_ST; 459 s->rregs[ESP_RINTR] |= INTR_BS | INTR_FC; 460 s->rregs[ESP_RSEQ] = SEQ_CD; 461 } else { 462 s->pdma_cb = write_response_pdma_cb; 463 esp_raise_drq(s); 464 return; 465 } 466 } else { 467 fifo8_reset(&s->fifo); 468 fifo8_push_all(&s->fifo, buf, 2); 469 s->rregs[ESP_RFLAGS] = 2; 470 } 471 esp_raise_irq(s); 472 } 473 474 static void esp_dma_done(ESPState *s) 475 { 476 s->rregs[ESP_RSTAT] |= STAT_TC; 477 s->rregs[ESP_RINTR] |= INTR_BS; 478 s->rregs[ESP_RSEQ] = 0; 479 s->rregs[ESP_RFLAGS] = 0; 480 esp_set_tc(s, 0); 481 esp_raise_irq(s); 482 } 483 484 static void do_dma_pdma_cb(ESPState *s) 485 { 486 int to_device = ((s->rregs[ESP_RSTAT] & 7) == STAT_DO); 487 int len; 488 uint32_t n; 489 490 if (s->do_cmd) { 491 s->ti_size = 0; 492 s->do_cmd = 0; 493 do_cmd(s); 494 esp_lower_drq(s); 495 return; 496 } 497 498 if (!s->current_req) { 499 return; 500 } 501 502 if (to_device) { 503 /* Copy FIFO data to device */ 504 len = MIN(s->async_len, ESP_FIFO_SZ); 505 len = MIN(len, fifo8_num_used(&s->fifo)); 506 memcpy(s->async_buf, fifo8_pop_buf(&s->fifo, len, &n), len); 507 s->async_buf += n; 508 s->async_len -= n; 509 s->ti_size += n; 510 511 if (n < len) { 512 /* Unaligned accesses can cause FIFO wraparound */ 513 len = len - n; 514 memcpy(s->async_buf, fifo8_pop_buf(&s->fifo, len, &n), len); 515 s->async_buf += n; 516 s->async_len -= n; 517 s->ti_size += n; 518 } 519 520 if (s->async_len == 0) { 521 scsi_req_continue(s->current_req); 522 return; 523 } 524 525 if (esp_get_tc(s) == 0) { 526 esp_lower_drq(s); 527 esp_dma_done(s); 528 } 529 530 return; 531 } else { 532 if (s->async_len == 0) { 533 /* Defer until the scsi layer has completed */ 534 scsi_req_continue(s->current_req); 535 s->data_in_ready = false; 536 return; 537 } 538 539 if (esp_get_tc(s) != 0) { 540 /* Copy device data to FIFO */ 541 len = MIN(s->async_len, esp_get_tc(s)); 542 len = MIN(len, fifo8_num_free(&s->fifo)); 543 fifo8_push_all(&s->fifo, s->async_buf, len); 544 s->async_buf += len; 545 s->async_len -= len; 546 s->ti_size -= len; 547 esp_set_tc(s, esp_get_tc(s) - len); 548 549 if (esp_get_tc(s) == 0) { 550 /* Indicate transfer to FIFO is complete */ 551 s->rregs[ESP_RSTAT] |= STAT_TC; 552 } 553 return; 554 } 555 556 /* Partially filled a scsi buffer. Complete immediately. */ 557 esp_lower_drq(s); 558 esp_dma_done(s); 559 } 560 } 561 562 static void esp_do_dma(ESPState *s) 563 { 564 uint32_t len, cmdlen; 565 int to_device = ((s->rregs[ESP_RSTAT] & 7) == STAT_DO); 566 uint8_t buf[ESP_CMDFIFO_SZ]; 567 568 len = esp_get_tc(s); 569 if (s->do_cmd) { 570 /* 571 * handle_ti_cmd() case: esp_do_dma() is called only from 572 * handle_ti_cmd() with do_cmd != NULL (see the assert()) 573 */ 574 cmdlen = fifo8_num_used(&s->cmdfifo); 575 trace_esp_do_dma(cmdlen, len); 576 if (s->dma_memory_read) { 577 s->dma_memory_read(s->dma_opaque, buf, len); 578 fifo8_push_all(&s->cmdfifo, buf, len); 579 } else { 580 s->pdma_cb = do_dma_pdma_cb; 581 esp_raise_drq(s); 582 return; 583 } 584 trace_esp_handle_ti_cmd(cmdlen); 585 s->ti_size = 0; 586 if ((s->rregs[ESP_RSTAT] & 7) == STAT_CD) { 587 /* No command received */ 588 if (s->cmdfifo_cdb_offset == fifo8_num_used(&s->cmdfifo)) { 589 return; 590 } 591 592 /* Command has been received */ 593 s->do_cmd = 0; 594 do_cmd(s); 595 } else { 596 /* 597 * Extra message out bytes received: update cmdfifo_cdb_offset 598 * and then switch to commmand phase 599 */ 600 s->cmdfifo_cdb_offset = fifo8_num_used(&s->cmdfifo); 601 s->rregs[ESP_RSTAT] = STAT_TC | STAT_CD; 602 s->rregs[ESP_RSEQ] = SEQ_CD; 603 s->rregs[ESP_RINTR] |= INTR_BS; 604 esp_raise_irq(s); 605 } 606 return; 607 } 608 if (!s->current_req) { 609 return; 610 } 611 if (s->async_len == 0) { 612 /* Defer until data is available. */ 613 return; 614 } 615 if (len > s->async_len) { 616 len = s->async_len; 617 } 618 if (to_device) { 619 if (s->dma_memory_read) { 620 s->dma_memory_read(s->dma_opaque, s->async_buf, len); 621 } else { 622 s->pdma_cb = do_dma_pdma_cb; 623 esp_raise_drq(s); 624 return; 625 } 626 } else { 627 if (s->dma_memory_write) { 628 s->dma_memory_write(s->dma_opaque, s->async_buf, len); 629 } else { 630 /* Adjust TC for any leftover data in the FIFO */ 631 if (!fifo8_is_empty(&s->fifo)) { 632 esp_set_tc(s, esp_get_tc(s) - fifo8_num_used(&s->fifo)); 633 } 634 635 /* Copy device data to FIFO */ 636 len = MIN(len, fifo8_num_free(&s->fifo)); 637 fifo8_push_all(&s->fifo, s->async_buf, len); 638 s->async_buf += len; 639 s->async_len -= len; 640 s->ti_size -= len; 641 642 /* 643 * MacOS toolbox uses a TI length of 16 bytes for all commands, so 644 * commands shorter than this must be padded accordingly 645 */ 646 if (len < esp_get_tc(s) && esp_get_tc(s) <= ESP_FIFO_SZ) { 647 while (fifo8_num_used(&s->fifo) < ESP_FIFO_SZ) { 648 esp_fifo_push(s, 0); 649 len++; 650 } 651 } 652 653 esp_set_tc(s, esp_get_tc(s) - len); 654 s->pdma_cb = do_dma_pdma_cb; 655 esp_raise_drq(s); 656 657 /* Indicate transfer to FIFO is complete */ 658 s->rregs[ESP_RSTAT] |= STAT_TC; 659 return; 660 } 661 } 662 esp_set_tc(s, esp_get_tc(s) - len); 663 s->async_buf += len; 664 s->async_len -= len; 665 if (to_device) { 666 s->ti_size += len; 667 } else { 668 s->ti_size -= len; 669 } 670 if (s->async_len == 0) { 671 scsi_req_continue(s->current_req); 672 /* 673 * If there is still data to be read from the device then 674 * complete the DMA operation immediately. Otherwise defer 675 * until the scsi layer has completed. 676 */ 677 if (to_device || esp_get_tc(s) != 0 || s->ti_size == 0) { 678 return; 679 } 680 } 681 682 /* Partially filled a scsi buffer. Complete immediately. */ 683 esp_dma_done(s); 684 esp_lower_drq(s); 685 } 686 687 static void esp_do_nodma(ESPState *s) 688 { 689 int to_device = ((s->rregs[ESP_RSTAT] & 7) == STAT_DO); 690 uint32_t cmdlen, n; 691 int len; 692 693 if (s->do_cmd) { 694 cmdlen = fifo8_num_used(&s->cmdfifo); 695 trace_esp_handle_ti_cmd(cmdlen); 696 s->ti_size = 0; 697 if ((s->rregs[ESP_RSTAT] & 7) == STAT_CD) { 698 /* No command received */ 699 if (s->cmdfifo_cdb_offset == fifo8_num_used(&s->cmdfifo)) { 700 return; 701 } 702 703 /* Command has been received */ 704 s->do_cmd = 0; 705 do_cmd(s); 706 } else { 707 /* 708 * Extra message out bytes received: update cmdfifo_cdb_offset 709 * and then switch to commmand phase 710 */ 711 s->cmdfifo_cdb_offset = fifo8_num_used(&s->cmdfifo); 712 s->rregs[ESP_RSTAT] = STAT_TC | STAT_CD; 713 s->rregs[ESP_RSEQ] = SEQ_CD; 714 s->rregs[ESP_RINTR] |= INTR_BS; 715 esp_raise_irq(s); 716 } 717 return; 718 } 719 720 if (!s->current_req) { 721 return; 722 } 723 724 if (s->async_len == 0) { 725 /* Defer until data is available. */ 726 return; 727 } 728 729 if (to_device) { 730 len = MIN(fifo8_num_used(&s->fifo), ESP_FIFO_SZ); 731 memcpy(s->async_buf, fifo8_pop_buf(&s->fifo, len, &n), len); 732 s->async_buf += len; 733 s->async_len -= len; 734 s->ti_size += len; 735 } else { 736 len = MIN(s->ti_size, s->async_len); 737 len = MIN(len, fifo8_num_free(&s->fifo)); 738 fifo8_push_all(&s->fifo, s->async_buf, len); 739 s->async_buf += len; 740 s->async_len -= len; 741 s->ti_size -= len; 742 } 743 744 if (s->async_len == 0) { 745 scsi_req_continue(s->current_req); 746 747 if (to_device || s->ti_size == 0) { 748 return; 749 } 750 } 751 752 s->rregs[ESP_RINTR] |= INTR_BS; 753 esp_raise_irq(s); 754 } 755 756 void esp_command_complete(SCSIRequest *req, size_t resid) 757 { 758 ESPState *s = req->hba_private; 759 760 trace_esp_command_complete(); 761 if (s->ti_size != 0) { 762 trace_esp_command_complete_unexpected(); 763 } 764 s->ti_size = 0; 765 s->async_len = 0; 766 if (req->status) { 767 trace_esp_command_complete_fail(); 768 } 769 s->status = req->status; 770 s->rregs[ESP_RSTAT] = STAT_ST; 771 esp_dma_done(s); 772 esp_lower_drq(s); 773 if (s->current_req) { 774 scsi_req_unref(s->current_req); 775 s->current_req = NULL; 776 s->current_dev = NULL; 777 } 778 } 779 780 void esp_transfer_data(SCSIRequest *req, uint32_t len) 781 { 782 ESPState *s = req->hba_private; 783 int to_device = ((s->rregs[ESP_RSTAT] & 7) == STAT_DO); 784 uint32_t dmalen = esp_get_tc(s); 785 786 assert(!s->do_cmd); 787 trace_esp_transfer_data(dmalen, s->ti_size); 788 s->async_len = len; 789 s->async_buf = scsi_req_get_buf(req); 790 791 if (!to_device && !s->data_in_ready) { 792 /* 793 * Initial incoming data xfer is complete so raise command 794 * completion interrupt 795 */ 796 s->data_in_ready = true; 797 s->rregs[ESP_RSTAT] |= STAT_TC; 798 s->rregs[ESP_RINTR] |= INTR_BS; 799 esp_raise_irq(s); 800 801 /* 802 * If data is ready to transfer and the TI command has already 803 * been executed, start DMA immediately. Otherwise DMA will start 804 * when host sends the TI command 805 */ 806 if (s->ti_size && (s->rregs[ESP_CMD] == (CMD_TI | CMD_DMA))) { 807 esp_do_dma(s); 808 } 809 return; 810 } 811 812 if (s->ti_cmd == 0) { 813 /* 814 * Always perform the initial transfer upon reception of the next TI 815 * command to ensure the DMA/non-DMA status of the command is correct. 816 * It is not possible to use s->dma directly in the section below as 817 * some OSs send non-DMA NOP commands after a DMA transfer. Hence if the 818 * async data transfer is delayed then s->dma is set incorrectly. 819 */ 820 return; 821 } 822 823 if (s->ti_cmd & CMD_DMA) { 824 if (dmalen) { 825 esp_do_dma(s); 826 } else if (s->ti_size <= 0) { 827 /* 828 * If this was the last part of a DMA transfer then the 829 * completion interrupt is deferred to here. 830 */ 831 esp_dma_done(s); 832 esp_lower_drq(s); 833 } 834 } else { 835 esp_do_nodma(s); 836 } 837 } 838 839 static void handle_ti(ESPState *s) 840 { 841 uint32_t dmalen; 842 843 if (s->dma && !s->dma_enabled) { 844 s->dma_cb = handle_ti; 845 return; 846 } 847 848 s->ti_cmd = s->rregs[ESP_CMD]; 849 if (s->dma) { 850 dmalen = esp_get_tc(s); 851 trace_esp_handle_ti(dmalen); 852 s->rregs[ESP_RSTAT] &= ~STAT_TC; 853 esp_do_dma(s); 854 } else { 855 trace_esp_handle_ti(s->ti_size); 856 esp_do_nodma(s); 857 } 858 } 859 860 void esp_hard_reset(ESPState *s) 861 { 862 memset(s->rregs, 0, ESP_REGS); 863 memset(s->wregs, 0, ESP_REGS); 864 s->tchi_written = 0; 865 s->ti_size = 0; 866 fifo8_reset(&s->fifo); 867 fifo8_reset(&s->cmdfifo); 868 s->dma = 0; 869 s->do_cmd = 0; 870 s->dma_cb = NULL; 871 872 s->rregs[ESP_CFG1] = 7; 873 } 874 875 static void esp_soft_reset(ESPState *s) 876 { 877 qemu_irq_lower(s->irq); 878 qemu_irq_lower(s->irq_data); 879 esp_hard_reset(s); 880 } 881 882 static void parent_esp_reset(ESPState *s, int irq, int level) 883 { 884 if (level) { 885 esp_soft_reset(s); 886 } 887 } 888 889 uint64_t esp_reg_read(ESPState *s, uint32_t saddr) 890 { 891 uint32_t val; 892 893 switch (saddr) { 894 case ESP_FIFO: 895 if (s->dma_memory_read && s->dma_memory_write && 896 (s->rregs[ESP_RSTAT] & STAT_PIO_MASK) == 0) { 897 /* Data out. */ 898 qemu_log_mask(LOG_UNIMP, "esp: PIO data read not implemented\n"); 899 s->rregs[ESP_FIFO] = 0; 900 } else { 901 s->rregs[ESP_FIFO] = esp_fifo_pop(s); 902 } 903 val = s->rregs[ESP_FIFO]; 904 break; 905 case ESP_RINTR: 906 /* 907 * Clear sequence step, interrupt register and all status bits 908 * except TC 909 */ 910 val = s->rregs[ESP_RINTR]; 911 s->rregs[ESP_RINTR] = 0; 912 s->rregs[ESP_RSTAT] &= ~STAT_TC; 913 s->rregs[ESP_RSEQ] = SEQ_0; 914 esp_lower_irq(s); 915 break; 916 case ESP_TCHI: 917 /* Return the unique id if the value has never been written */ 918 if (!s->tchi_written) { 919 val = s->chip_id; 920 } else { 921 val = s->rregs[saddr]; 922 } 923 break; 924 case ESP_RFLAGS: 925 /* Bottom 5 bits indicate number of bytes in FIFO */ 926 val = fifo8_num_used(&s->fifo); 927 break; 928 default: 929 val = s->rregs[saddr]; 930 break; 931 } 932 933 trace_esp_mem_readb(saddr, val); 934 return val; 935 } 936 937 void esp_reg_write(ESPState *s, uint32_t saddr, uint64_t val) 938 { 939 trace_esp_mem_writeb(saddr, s->wregs[saddr], val); 940 switch (saddr) { 941 case ESP_TCHI: 942 s->tchi_written = true; 943 /* fall through */ 944 case ESP_TCLO: 945 case ESP_TCMID: 946 s->rregs[ESP_RSTAT] &= ~STAT_TC; 947 break; 948 case ESP_FIFO: 949 if (s->do_cmd) { 950 esp_cmdfifo_push(s, val); 951 } else { 952 esp_fifo_push(s, val); 953 } 954 955 /* Non-DMA transfers raise an interrupt after every byte */ 956 if (s->rregs[ESP_CMD] == CMD_TI) { 957 s->rregs[ESP_RINTR] |= INTR_FC | INTR_BS; 958 esp_raise_irq(s); 959 } 960 break; 961 case ESP_CMD: 962 s->rregs[saddr] = val; 963 if (val & CMD_DMA) { 964 s->dma = 1; 965 /* Reload DMA counter. */ 966 if (esp_get_stc(s) == 0) { 967 esp_set_tc(s, 0x10000); 968 } else { 969 esp_set_tc(s, esp_get_stc(s)); 970 } 971 } else { 972 s->dma = 0; 973 } 974 switch (val & CMD_CMD) { 975 case CMD_NOP: 976 trace_esp_mem_writeb_cmd_nop(val); 977 break; 978 case CMD_FLUSH: 979 trace_esp_mem_writeb_cmd_flush(val); 980 fifo8_reset(&s->fifo); 981 break; 982 case CMD_RESET: 983 trace_esp_mem_writeb_cmd_reset(val); 984 esp_soft_reset(s); 985 break; 986 case CMD_BUSRESET: 987 trace_esp_mem_writeb_cmd_bus_reset(val); 988 if (!(s->wregs[ESP_CFG1] & CFG1_RESREPT)) { 989 s->rregs[ESP_RINTR] |= INTR_RST; 990 esp_raise_irq(s); 991 } 992 break; 993 case CMD_TI: 994 trace_esp_mem_writeb_cmd_ti(val); 995 handle_ti(s); 996 break; 997 case CMD_ICCS: 998 trace_esp_mem_writeb_cmd_iccs(val); 999 write_response(s); 1000 s->rregs[ESP_RINTR] |= INTR_FC; 1001 s->rregs[ESP_RSTAT] |= STAT_MI; 1002 break; 1003 case CMD_MSGACC: 1004 trace_esp_mem_writeb_cmd_msgacc(val); 1005 s->rregs[ESP_RINTR] |= INTR_DC; 1006 s->rregs[ESP_RSEQ] = 0; 1007 s->rregs[ESP_RFLAGS] = 0; 1008 esp_raise_irq(s); 1009 break; 1010 case CMD_PAD: 1011 trace_esp_mem_writeb_cmd_pad(val); 1012 s->rregs[ESP_RSTAT] = STAT_TC; 1013 s->rregs[ESP_RINTR] |= INTR_FC; 1014 s->rregs[ESP_RSEQ] = 0; 1015 break; 1016 case CMD_SATN: 1017 trace_esp_mem_writeb_cmd_satn(val); 1018 break; 1019 case CMD_RSTATN: 1020 trace_esp_mem_writeb_cmd_rstatn(val); 1021 break; 1022 case CMD_SEL: 1023 trace_esp_mem_writeb_cmd_sel(val); 1024 handle_s_without_atn(s); 1025 break; 1026 case CMD_SELATN: 1027 trace_esp_mem_writeb_cmd_selatn(val); 1028 handle_satn(s); 1029 break; 1030 case CMD_SELATNS: 1031 trace_esp_mem_writeb_cmd_selatns(val); 1032 handle_satn_stop(s); 1033 break; 1034 case CMD_ENSEL: 1035 trace_esp_mem_writeb_cmd_ensel(val); 1036 s->rregs[ESP_RINTR] = 0; 1037 break; 1038 case CMD_DISSEL: 1039 trace_esp_mem_writeb_cmd_dissel(val); 1040 s->rregs[ESP_RINTR] = 0; 1041 esp_raise_irq(s); 1042 break; 1043 default: 1044 trace_esp_error_unhandled_command(val); 1045 break; 1046 } 1047 break; 1048 case ESP_WBUSID ... ESP_WSYNO: 1049 break; 1050 case ESP_CFG1: 1051 case ESP_CFG2: case ESP_CFG3: 1052 case ESP_RES3: case ESP_RES4: 1053 s->rregs[saddr] = val; 1054 break; 1055 case ESP_WCCF ... ESP_WTEST: 1056 break; 1057 default: 1058 trace_esp_error_invalid_write(val, saddr); 1059 return; 1060 } 1061 s->wregs[saddr] = val; 1062 } 1063 1064 static bool esp_mem_accepts(void *opaque, hwaddr addr, 1065 unsigned size, bool is_write, 1066 MemTxAttrs attrs) 1067 { 1068 return (size == 1) || (is_write && size == 4); 1069 } 1070 1071 static bool esp_is_before_version_5(void *opaque, int version_id) 1072 { 1073 ESPState *s = ESP(opaque); 1074 1075 version_id = MIN(version_id, s->mig_version_id); 1076 return version_id < 5; 1077 } 1078 1079 static bool esp_is_version_5(void *opaque, int version_id) 1080 { 1081 ESPState *s = ESP(opaque); 1082 1083 version_id = MIN(version_id, s->mig_version_id); 1084 return version_id == 5; 1085 } 1086 1087 int esp_pre_save(void *opaque) 1088 { 1089 ESPState *s = ESP(object_resolve_path_component( 1090 OBJECT(opaque), "esp")); 1091 1092 s->mig_version_id = vmstate_esp.version_id; 1093 return 0; 1094 } 1095 1096 static int esp_post_load(void *opaque, int version_id) 1097 { 1098 ESPState *s = ESP(opaque); 1099 int len, i; 1100 1101 version_id = MIN(version_id, s->mig_version_id); 1102 1103 if (version_id < 5) { 1104 esp_set_tc(s, s->mig_dma_left); 1105 1106 /* Migrate ti_buf to fifo */ 1107 len = s->mig_ti_wptr - s->mig_ti_rptr; 1108 for (i = 0; i < len; i++) { 1109 fifo8_push(&s->fifo, s->mig_ti_buf[i]); 1110 } 1111 1112 /* Migrate cmdbuf to cmdfifo */ 1113 for (i = 0; i < s->mig_cmdlen; i++) { 1114 fifo8_push(&s->cmdfifo, s->mig_cmdbuf[i]); 1115 } 1116 } 1117 1118 s->mig_version_id = vmstate_esp.version_id; 1119 return 0; 1120 } 1121 1122 const VMStateDescription vmstate_esp = { 1123 .name = "esp", 1124 .version_id = 5, 1125 .minimum_version_id = 3, 1126 .post_load = esp_post_load, 1127 .fields = (VMStateField[]) { 1128 VMSTATE_BUFFER(rregs, ESPState), 1129 VMSTATE_BUFFER(wregs, ESPState), 1130 VMSTATE_INT32(ti_size, ESPState), 1131 VMSTATE_UINT32_TEST(mig_ti_rptr, ESPState, esp_is_before_version_5), 1132 VMSTATE_UINT32_TEST(mig_ti_wptr, ESPState, esp_is_before_version_5), 1133 VMSTATE_BUFFER_TEST(mig_ti_buf, ESPState, esp_is_before_version_5), 1134 VMSTATE_UINT32(status, ESPState), 1135 VMSTATE_UINT32_TEST(mig_deferred_status, ESPState, 1136 esp_is_before_version_5), 1137 VMSTATE_BOOL_TEST(mig_deferred_complete, ESPState, 1138 esp_is_before_version_5), 1139 VMSTATE_UINT32(dma, ESPState), 1140 VMSTATE_STATIC_BUFFER(mig_cmdbuf, ESPState, 0, 1141 esp_is_before_version_5, 0, 16), 1142 VMSTATE_STATIC_BUFFER(mig_cmdbuf, ESPState, 4, 1143 esp_is_before_version_5, 16, 1144 sizeof(typeof_field(ESPState, mig_cmdbuf))), 1145 VMSTATE_UINT32_TEST(mig_cmdlen, ESPState, esp_is_before_version_5), 1146 VMSTATE_UINT32(do_cmd, ESPState), 1147 VMSTATE_UINT32_TEST(mig_dma_left, ESPState, esp_is_before_version_5), 1148 VMSTATE_BOOL_TEST(data_in_ready, ESPState, esp_is_version_5), 1149 VMSTATE_UINT8_TEST(cmdfifo_cdb_offset, ESPState, esp_is_version_5), 1150 VMSTATE_FIFO8_TEST(fifo, ESPState, esp_is_version_5), 1151 VMSTATE_FIFO8_TEST(cmdfifo, ESPState, esp_is_version_5), 1152 VMSTATE_UINT8_TEST(ti_cmd, ESPState, esp_is_version_5), 1153 VMSTATE_END_OF_LIST() 1154 }, 1155 }; 1156 1157 static void sysbus_esp_mem_write(void *opaque, hwaddr addr, 1158 uint64_t val, unsigned int size) 1159 { 1160 SysBusESPState *sysbus = opaque; 1161 ESPState *s = ESP(&sysbus->esp); 1162 uint32_t saddr; 1163 1164 saddr = addr >> sysbus->it_shift; 1165 esp_reg_write(s, saddr, val); 1166 } 1167 1168 static uint64_t sysbus_esp_mem_read(void *opaque, hwaddr addr, 1169 unsigned int size) 1170 { 1171 SysBusESPState *sysbus = opaque; 1172 ESPState *s = ESP(&sysbus->esp); 1173 uint32_t saddr; 1174 1175 saddr = addr >> sysbus->it_shift; 1176 return esp_reg_read(s, saddr); 1177 } 1178 1179 static const MemoryRegionOps sysbus_esp_mem_ops = { 1180 .read = sysbus_esp_mem_read, 1181 .write = sysbus_esp_mem_write, 1182 .endianness = DEVICE_NATIVE_ENDIAN, 1183 .valid.accepts = esp_mem_accepts, 1184 }; 1185 1186 static void sysbus_esp_pdma_write(void *opaque, hwaddr addr, 1187 uint64_t val, unsigned int size) 1188 { 1189 SysBusESPState *sysbus = opaque; 1190 ESPState *s = ESP(&sysbus->esp); 1191 uint32_t dmalen; 1192 1193 trace_esp_pdma_write(size); 1194 1195 switch (size) { 1196 case 1: 1197 esp_pdma_write(s, val); 1198 break; 1199 case 2: 1200 esp_pdma_write(s, val >> 8); 1201 esp_pdma_write(s, val); 1202 break; 1203 } 1204 dmalen = esp_get_tc(s); 1205 if (dmalen == 0 || fifo8_num_free(&s->fifo) < 2) { 1206 s->pdma_cb(s); 1207 } 1208 } 1209 1210 static uint64_t sysbus_esp_pdma_read(void *opaque, hwaddr addr, 1211 unsigned int size) 1212 { 1213 SysBusESPState *sysbus = opaque; 1214 ESPState *s = ESP(&sysbus->esp); 1215 uint64_t val = 0; 1216 1217 trace_esp_pdma_read(size); 1218 1219 switch (size) { 1220 case 1: 1221 val = esp_pdma_read(s); 1222 break; 1223 case 2: 1224 val = esp_pdma_read(s); 1225 val = (val << 8) | esp_pdma_read(s); 1226 break; 1227 } 1228 if (fifo8_num_used(&s->fifo) < 2) { 1229 s->pdma_cb(s); 1230 } 1231 return val; 1232 } 1233 1234 static const MemoryRegionOps sysbus_esp_pdma_ops = { 1235 .read = sysbus_esp_pdma_read, 1236 .write = sysbus_esp_pdma_write, 1237 .endianness = DEVICE_NATIVE_ENDIAN, 1238 .valid.min_access_size = 1, 1239 .valid.max_access_size = 4, 1240 .impl.min_access_size = 1, 1241 .impl.max_access_size = 2, 1242 }; 1243 1244 static const struct SCSIBusInfo esp_scsi_info = { 1245 .tcq = false, 1246 .max_target = ESP_MAX_DEVS, 1247 .max_lun = 7, 1248 1249 .transfer_data = esp_transfer_data, 1250 .complete = esp_command_complete, 1251 .cancel = esp_request_cancelled 1252 }; 1253 1254 static void sysbus_esp_gpio_demux(void *opaque, int irq, int level) 1255 { 1256 SysBusESPState *sysbus = SYSBUS_ESP(opaque); 1257 ESPState *s = ESP(&sysbus->esp); 1258 1259 switch (irq) { 1260 case 0: 1261 parent_esp_reset(s, irq, level); 1262 break; 1263 case 1: 1264 esp_dma_enable(opaque, irq, level); 1265 break; 1266 } 1267 } 1268 1269 static void sysbus_esp_realize(DeviceState *dev, Error **errp) 1270 { 1271 SysBusDevice *sbd = SYS_BUS_DEVICE(dev); 1272 SysBusESPState *sysbus = SYSBUS_ESP(dev); 1273 ESPState *s = ESP(&sysbus->esp); 1274 1275 if (!qdev_realize(DEVICE(s), NULL, errp)) { 1276 return; 1277 } 1278 1279 sysbus_init_irq(sbd, &s->irq); 1280 sysbus_init_irq(sbd, &s->irq_data); 1281 assert(sysbus->it_shift != -1); 1282 1283 s->chip_id = TCHI_FAS100A; 1284 memory_region_init_io(&sysbus->iomem, OBJECT(sysbus), &sysbus_esp_mem_ops, 1285 sysbus, "esp-regs", ESP_REGS << sysbus->it_shift); 1286 sysbus_init_mmio(sbd, &sysbus->iomem); 1287 memory_region_init_io(&sysbus->pdma, OBJECT(sysbus), &sysbus_esp_pdma_ops, 1288 sysbus, "esp-pdma", 4); 1289 sysbus_init_mmio(sbd, &sysbus->pdma); 1290 1291 qdev_init_gpio_in(dev, sysbus_esp_gpio_demux, 2); 1292 1293 scsi_bus_new(&s->bus, sizeof(s->bus), dev, &esp_scsi_info, NULL); 1294 } 1295 1296 static void sysbus_esp_hard_reset(DeviceState *dev) 1297 { 1298 SysBusESPState *sysbus = SYSBUS_ESP(dev); 1299 ESPState *s = ESP(&sysbus->esp); 1300 1301 esp_hard_reset(s); 1302 } 1303 1304 static void sysbus_esp_init(Object *obj) 1305 { 1306 SysBusESPState *sysbus = SYSBUS_ESP(obj); 1307 1308 object_initialize_child(obj, "esp", &sysbus->esp, TYPE_ESP); 1309 } 1310 1311 static const VMStateDescription vmstate_sysbus_esp_scsi = { 1312 .name = "sysbusespscsi", 1313 .version_id = 2, 1314 .minimum_version_id = 1, 1315 .pre_save = esp_pre_save, 1316 .fields = (VMStateField[]) { 1317 VMSTATE_UINT8_V(esp.mig_version_id, SysBusESPState, 2), 1318 VMSTATE_STRUCT(esp, SysBusESPState, 0, vmstate_esp, ESPState), 1319 VMSTATE_END_OF_LIST() 1320 } 1321 }; 1322 1323 static void sysbus_esp_class_init(ObjectClass *klass, void *data) 1324 { 1325 DeviceClass *dc = DEVICE_CLASS(klass); 1326 1327 dc->realize = sysbus_esp_realize; 1328 dc->reset = sysbus_esp_hard_reset; 1329 dc->vmsd = &vmstate_sysbus_esp_scsi; 1330 set_bit(DEVICE_CATEGORY_STORAGE, dc->categories); 1331 } 1332 1333 static const TypeInfo sysbus_esp_info = { 1334 .name = TYPE_SYSBUS_ESP, 1335 .parent = TYPE_SYS_BUS_DEVICE, 1336 .instance_init = sysbus_esp_init, 1337 .instance_size = sizeof(SysBusESPState), 1338 .class_init = sysbus_esp_class_init, 1339 }; 1340 1341 static void esp_finalize(Object *obj) 1342 { 1343 ESPState *s = ESP(obj); 1344 1345 fifo8_destroy(&s->fifo); 1346 fifo8_destroy(&s->cmdfifo); 1347 } 1348 1349 static void esp_init(Object *obj) 1350 { 1351 ESPState *s = ESP(obj); 1352 1353 fifo8_create(&s->fifo, ESP_FIFO_SZ); 1354 fifo8_create(&s->cmdfifo, ESP_CMDFIFO_SZ); 1355 } 1356 1357 static void esp_class_init(ObjectClass *klass, void *data) 1358 { 1359 DeviceClass *dc = DEVICE_CLASS(klass); 1360 1361 /* internal device for sysbusesp/pciespscsi, not user-creatable */ 1362 dc->user_creatable = false; 1363 set_bit(DEVICE_CATEGORY_STORAGE, dc->categories); 1364 } 1365 1366 static const TypeInfo esp_info = { 1367 .name = TYPE_ESP, 1368 .parent = TYPE_DEVICE, 1369 .instance_init = esp_init, 1370 .instance_finalize = esp_finalize, 1371 .instance_size = sizeof(ESPState), 1372 .class_init = esp_class_init, 1373 }; 1374 1375 static void esp_register_types(void) 1376 { 1377 type_register_static(&sysbus_esp_info); 1378 type_register_static(&esp_info); 1379 } 1380 1381 type_init(esp_register_types) 1382