2005-03-13 17:43:36 +08:00
|
|
|
/*
|
2006-09-04 00:09:07 +08:00
|
|
|
* QEMU ESP/NCR53C9x emulation
|
2007-09-17 05:08:06 +08:00
|
|
|
*
|
2006-03-12 00:29:14 +08:00
|
|
|
* Copyright (c) 2005-2006 Fabrice Bellard
|
2012-07-09 18:02:31 +08:00
|
|
|
* Copyright (c) 2012 Herve Poussineau
|
2007-09-17 05:08:06 +08:00
|
|
|
*
|
2005-03-13 17:43:36 +08:00
|
|
|
* Permission is hereby granted, free of charge, to any person obtaining a copy
|
|
|
|
* of this software and associated documentation files (the "Software"), to deal
|
|
|
|
* in the Software without restriction, including without limitation the rights
|
|
|
|
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
|
|
|
* copies of the Software, and to permit persons to whom the Software is
|
|
|
|
* furnished to do so, subject to the following conditions:
|
|
|
|
*
|
|
|
|
* The above copyright notice and this permission notice shall be included in
|
|
|
|
* all copies or substantial portions of the Software.
|
|
|
|
*
|
|
|
|
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
|
|
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
|
|
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
|
|
|
|
* THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
|
|
|
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
|
|
|
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
|
|
|
* THE SOFTWARE.
|
|
|
|
*/
|
2008-04-10 00:32:48 +08:00
|
|
|
|
2016-01-27 02:17:16 +08:00
|
|
|
#include "qemu/osdep.h"
|
2013-02-04 22:40:22 +08:00
|
|
|
#include "hw/sysbus.h"
|
2019-08-12 13:23:45 +08:00
|
|
|
#include "migration/vmstate.h"
|
2019-08-12 13:23:42 +08:00
|
|
|
#include "hw/irq.h"
|
2013-02-06 00:06:20 +08:00
|
|
|
#include "hw/scsi/esp.h"
|
2011-09-11 23:54:18 +08:00
|
|
|
#include "trace.h"
|
2012-12-18 01:20:00 +08:00
|
|
|
#include "qemu/log.h"
|
2019-05-23 22:35:07 +08:00
|
|
|
#include "qemu/module.h"
|
2005-03-13 17:43:36 +08:00
|
|
|
|
2006-09-04 00:09:07 +08:00
|
|
|
/*
|
2007-12-01 22:51:23 +08:00
|
|
|
* On Sparc32, this is the ESP (NCR53C90) part of chip STP2000 (Master I/O),
|
|
|
|
* also produced as NCR89C100. See
|
2006-09-04 00:09:07 +08:00
|
|
|
* http://www.ibiblio.org/pub/historic-linux/early-ports/Sparc/NCR/NCR89C100.txt
|
|
|
|
* and
|
|
|
|
* http://www.ibiblio.org/pub/historic-linux/early-ports/Sparc/NCR/NCR53C9X.txt
|
|
|
|
*/
|
|
|
|
|
2008-04-25 01:20:25 +08:00
|
|
|
static void esp_raise_irq(ESPState *s)
|
|
|
|
{
|
|
|
|
if (!(s->rregs[ESP_RSTAT] & STAT_INT)) {
|
|
|
|
s->rregs[ESP_RSTAT] |= STAT_INT;
|
|
|
|
qemu_irq_raise(s->irq);
|
2011-09-11 23:54:18 +08:00
|
|
|
trace_esp_raise_irq();
|
2008-04-25 01:20:25 +08:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
static void esp_lower_irq(ESPState *s)
|
|
|
|
{
|
|
|
|
if (s->rregs[ESP_RSTAT] & STAT_INT) {
|
|
|
|
s->rregs[ESP_RSTAT] &= ~STAT_INT;
|
|
|
|
qemu_irq_lower(s->irq);
|
2011-09-11 23:54:18 +08:00
|
|
|
trace_esp_lower_irq();
|
2008-04-25 01:20:25 +08:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2012-08-05 03:10:03 +08:00
|
|
|
void esp_dma_enable(ESPState *s, int irq, int level)
|
2010-09-12 00:38:33 +08:00
|
|
|
{
|
|
|
|
if (level) {
|
|
|
|
s->dma_enabled = 1;
|
2011-09-11 23:54:18 +08:00
|
|
|
trace_esp_dma_enable();
|
2010-09-12 00:38:33 +08:00
|
|
|
if (s->dma_cb) {
|
|
|
|
s->dma_cb(s);
|
|
|
|
s->dma_cb = NULL;
|
|
|
|
}
|
|
|
|
} else {
|
2011-09-11 23:54:18 +08:00
|
|
|
trace_esp_dma_disable();
|
2010-09-12 00:38:33 +08:00
|
|
|
s->dma_enabled = 0;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2012-08-05 03:10:03 +08:00
|
|
|
void esp_request_cancelled(SCSIRequest *req)
|
2011-04-19 04:53:08 +08:00
|
|
|
{
|
2012-07-09 18:02:27 +08:00
|
|
|
ESPState *s = req->hba_private;
|
2011-04-19 04:53:08 +08:00
|
|
|
|
|
|
|
if (req == s->current_req) {
|
|
|
|
scsi_req_unref(s->current_req);
|
|
|
|
s->current_req = NULL;
|
|
|
|
s->current_dev = NULL;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2016-05-19 18:39:31 +08:00
|
|
|
static uint32_t get_cmd(ESPState *s, uint8_t *buf, uint8_t buflen)
|
2005-04-07 04:31:50 +08:00
|
|
|
{
|
2006-08-29 12:52:16 +08:00
|
|
|
uint32_t dmalen;
|
2005-04-07 04:31:50 +08:00
|
|
|
int target;
|
|
|
|
|
2008-11-30 00:45:28 +08:00
|
|
|
target = s->wregs[ESP_WBUSID] & BUSID_DID;
|
2005-10-31 01:24:05 +08:00
|
|
|
if (s->dma) {
|
2012-08-02 21:43:39 +08:00
|
|
|
dmalen = s->rregs[ESP_TCLO];
|
|
|
|
dmalen |= s->rregs[ESP_TCMID] << 8;
|
|
|
|
dmalen |= s->rregs[ESP_TCHI] << 16;
|
2016-05-19 18:39:31 +08:00
|
|
|
if (dmalen > buflen) {
|
|
|
|
return 0;
|
|
|
|
}
|
2008-03-02 16:48:47 +08:00
|
|
|
s->dma_memory_read(s->dma_opaque, buf, dmalen);
|
2005-10-31 01:24:05 +08:00
|
|
|
} else {
|
2008-11-30 00:51:02 +08:00
|
|
|
dmalen = s->ti_size;
|
2016-06-01 01:53:27 +08:00
|
|
|
if (dmalen > TI_BUFSZ) {
|
|
|
|
return 0;
|
|
|
|
}
|
2008-11-30 00:51:02 +08:00
|
|
|
memcpy(buf, s->ti_buf, dmalen);
|
2011-07-02 23:23:00 +08:00
|
|
|
buf[0] = buf[2] >> 5;
|
2005-10-31 01:24:05 +08:00
|
|
|
}
|
2011-09-11 23:54:18 +08:00
|
|
|
trace_esp_get_cmd(dmalen, target);
|
2006-05-26 07:58:51 +08:00
|
|
|
|
2005-04-07 04:31:50 +08:00
|
|
|
s->ti_size = 0;
|
2005-10-31 01:24:05 +08:00
|
|
|
s->ti_rptr = 0;
|
|
|
|
s->ti_wptr = 0;
|
2005-04-07 04:31:50 +08:00
|
|
|
|
2011-07-09 22:44:41 +08:00
|
|
|
if (s->current_req) {
|
2006-08-29 12:52:16 +08:00
|
|
|
/* Started a new command before the old one finished. Cancel it. */
|
2011-04-19 04:53:08 +08:00
|
|
|
scsi_req_cancel(s->current_req);
|
2006-08-29 12:52:16 +08:00
|
|
|
s->async_len = 0;
|
|
|
|
}
|
|
|
|
|
2011-07-28 05:24:50 +08:00
|
|
|
s->current_dev = scsi_device_find(&s->bus, 0, target, 0);
|
2011-07-29 00:02:13 +08:00
|
|
|
if (!s->current_dev) {
|
2006-05-26 07:58:51 +08:00
|
|
|
// No such drive
|
2008-04-25 01:20:25 +08:00
|
|
|
s->rregs[ESP_RSTAT] = 0;
|
2007-12-01 22:51:23 +08:00
|
|
|
s->rregs[ESP_RINTR] = INTR_DC;
|
|
|
|
s->rregs[ESP_RSEQ] = SEQ_0;
|
2008-04-25 01:20:25 +08:00
|
|
|
esp_raise_irq(s);
|
2007-10-06 19:28:21 +08:00
|
|
|
return 0;
|
2005-04-07 04:31:50 +08:00
|
|
|
}
|
2006-06-03 22:19:19 +08:00
|
|
|
return dmalen;
|
|
|
|
}
|
|
|
|
|
2009-09-05 14:24:47 +08:00
|
|
|
static void do_busid_cmd(ESPState *s, uint8_t *buf, uint8_t busid)
|
2006-06-03 22:19:19 +08:00
|
|
|
{
|
|
|
|
int32_t datalen;
|
|
|
|
int lun;
|
2011-07-29 00:02:13 +08:00
|
|
|
SCSIDevice *current_lun;
|
2006-06-03 22:19:19 +08:00
|
|
|
|
2011-09-11 23:54:18 +08:00
|
|
|
trace_esp_do_busid_cmd(busid);
|
2009-09-05 14:24:47 +08:00
|
|
|
lun = busid & 7;
|
2011-07-28 05:24:50 +08:00
|
|
|
current_lun = scsi_device_find(&s->bus, 0, s->current_dev->id, lun);
|
2012-07-09 18:02:27 +08:00
|
|
|
s->current_req = scsi_req_new(current_lun, 0, lun, buf, s);
|
2011-08-03 16:49:10 +08:00
|
|
|
datalen = scsi_req_enqueue(s->current_req);
|
2006-09-04 00:09:07 +08:00
|
|
|
s->ti_size = datalen;
|
|
|
|
if (datalen != 0) {
|
2008-04-25 01:20:25 +08:00
|
|
|
s->rregs[ESP_RSTAT] = STAT_TC;
|
2006-08-29 12:52:16 +08:00
|
|
|
s->dma_left = 0;
|
2006-09-17 11:20:58 +08:00
|
|
|
s->dma_counter = 0;
|
2006-05-26 07:58:51 +08:00
|
|
|
if (datalen > 0) {
|
2007-12-01 22:51:23 +08:00
|
|
|
s->rregs[ESP_RSTAT] |= STAT_DI;
|
2006-05-26 07:58:51 +08:00
|
|
|
} else {
|
2007-12-01 22:51:23 +08:00
|
|
|
s->rregs[ESP_RSTAT] |= STAT_DO;
|
2005-12-06 04:30:36 +08:00
|
|
|
}
|
2011-04-18 21:28:11 +08:00
|
|
|
scsi_req_continue(s->current_req);
|
2005-04-07 04:31:50 +08:00
|
|
|
}
|
2007-12-01 22:51:23 +08:00
|
|
|
s->rregs[ESP_RINTR] = INTR_BS | INTR_FC;
|
|
|
|
s->rregs[ESP_RSEQ] = SEQ_CD;
|
2008-04-25 01:20:25 +08:00
|
|
|
esp_raise_irq(s);
|
2005-04-07 04:31:50 +08:00
|
|
|
}
|
|
|
|
|
2009-09-05 14:24:47 +08:00
|
|
|
static void do_cmd(ESPState *s, uint8_t *buf)
|
|
|
|
{
|
|
|
|
uint8_t busid = buf[0];
|
|
|
|
|
|
|
|
do_busid_cmd(s, &buf[1], busid);
|
|
|
|
}
|
|
|
|
|
2006-06-03 22:19:19 +08:00
|
|
|
static void handle_satn(ESPState *s)
|
|
|
|
{
|
|
|
|
uint8_t buf[32];
|
|
|
|
int len;
|
|
|
|
|
2012-07-09 18:02:22 +08:00
|
|
|
if (s->dma && !s->dma_enabled) {
|
2010-09-12 00:38:33 +08:00
|
|
|
s->dma_cb = handle_satn;
|
|
|
|
return;
|
|
|
|
}
|
2016-05-19 18:39:31 +08:00
|
|
|
len = get_cmd(s, buf, sizeof(buf));
|
2006-06-03 22:19:19 +08:00
|
|
|
if (len)
|
|
|
|
do_cmd(s, buf);
|
|
|
|
}
|
|
|
|
|
2009-09-05 14:24:47 +08:00
|
|
|
static void handle_s_without_atn(ESPState *s)
|
|
|
|
{
|
|
|
|
uint8_t buf[32];
|
|
|
|
int len;
|
|
|
|
|
2012-07-09 18:02:22 +08:00
|
|
|
if (s->dma && !s->dma_enabled) {
|
2010-09-12 00:38:33 +08:00
|
|
|
s->dma_cb = handle_s_without_atn;
|
|
|
|
return;
|
|
|
|
}
|
2016-05-19 18:39:31 +08:00
|
|
|
len = get_cmd(s, buf, sizeof(buf));
|
2009-09-05 14:24:47 +08:00
|
|
|
if (len) {
|
|
|
|
do_busid_cmd(s, buf, 0);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2006-06-03 22:19:19 +08:00
|
|
|
static void handle_satn_stop(ESPState *s)
|
|
|
|
{
|
2012-07-09 18:02:22 +08:00
|
|
|
if (s->dma && !s->dma_enabled) {
|
2010-09-12 00:38:33 +08:00
|
|
|
s->dma_cb = handle_satn_stop;
|
|
|
|
return;
|
|
|
|
}
|
2016-05-19 18:39:31 +08:00
|
|
|
s->cmdlen = get_cmd(s, s->cmdbuf, sizeof(s->cmdbuf));
|
2006-06-03 22:19:19 +08:00
|
|
|
if (s->cmdlen) {
|
2011-09-11 23:54:18 +08:00
|
|
|
trace_esp_handle_satn_stop(s->cmdlen);
|
2006-06-03 22:19:19 +08:00
|
|
|
s->do_cmd = 1;
|
2008-04-25 01:20:25 +08:00
|
|
|
s->rregs[ESP_RSTAT] = STAT_TC | STAT_CD;
|
2007-12-01 22:51:23 +08:00
|
|
|
s->rregs[ESP_RINTR] = INTR_BS | INTR_FC;
|
|
|
|
s->rregs[ESP_RSEQ] = SEQ_CD;
|
2008-04-25 01:20:25 +08:00
|
|
|
esp_raise_irq(s);
|
2006-06-03 22:19:19 +08:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2006-05-27 05:53:41 +08:00
|
|
|
static void write_response(ESPState *s)
|
2005-04-07 04:31:50 +08:00
|
|
|
{
|
2011-09-11 23:54:18 +08:00
|
|
|
trace_esp_write_response(s->status);
|
2011-05-21 02:10:02 +08:00
|
|
|
s->ti_buf[0] = s->status;
|
2006-05-27 05:53:41 +08:00
|
|
|
s->ti_buf[1] = 0;
|
2005-10-31 01:24:05 +08:00
|
|
|
if (s->dma) {
|
2008-03-02 16:48:47 +08:00
|
|
|
s->dma_memory_write(s->dma_opaque, s->ti_buf, 2);
|
2008-04-25 01:20:25 +08:00
|
|
|
s->rregs[ESP_RSTAT] = STAT_TC | STAT_ST;
|
2007-12-01 22:51:23 +08:00
|
|
|
s->rregs[ESP_RINTR] = INTR_BS | INTR_FC;
|
|
|
|
s->rregs[ESP_RSEQ] = SEQ_CD;
|
2005-10-31 01:24:05 +08:00
|
|
|
} else {
|
2007-10-06 19:28:21 +08:00
|
|
|
s->ti_size = 2;
|
|
|
|
s->ti_rptr = 0;
|
2016-06-14 21:10:24 +08:00
|
|
|
s->ti_wptr = 2;
|
2007-12-01 22:51:23 +08:00
|
|
|
s->rregs[ESP_RFLAGS] = 2;
|
2005-10-31 01:24:05 +08:00
|
|
|
}
|
2008-04-25 01:20:25 +08:00
|
|
|
esp_raise_irq(s);
|
2005-04-07 04:31:50 +08:00
|
|
|
}
|
2005-10-31 01:24:05 +08:00
|
|
|
|
2006-08-29 12:52:16 +08:00
|
|
|
static void esp_dma_done(ESPState *s)
|
|
|
|
{
|
2008-04-25 01:20:25 +08:00
|
|
|
s->rregs[ESP_RSTAT] |= STAT_TC;
|
2007-12-01 22:51:23 +08:00
|
|
|
s->rregs[ESP_RINTR] = INTR_BS;
|
|
|
|
s->rregs[ESP_RSEQ] = 0;
|
|
|
|
s->rregs[ESP_RFLAGS] = 0;
|
|
|
|
s->rregs[ESP_TCLO] = 0;
|
|
|
|
s->rregs[ESP_TCMID] = 0;
|
2012-08-02 21:43:39 +08:00
|
|
|
s->rregs[ESP_TCHI] = 0;
|
2008-04-25 01:20:25 +08:00
|
|
|
esp_raise_irq(s);
|
2006-08-29 12:52:16 +08:00
|
|
|
}
|
|
|
|
|
2006-08-12 09:04:27 +08:00
|
|
|
static void esp_do_dma(ESPState *s)
|
|
|
|
{
|
2006-09-04 00:09:07 +08:00
|
|
|
uint32_t len;
|
2006-08-12 09:04:27 +08:00
|
|
|
int to_device;
|
2006-08-29 12:52:16 +08:00
|
|
|
|
|
|
|
len = s->dma_left;
|
2006-08-12 09:04:27 +08:00
|
|
|
if (s->do_cmd) {
|
2019-10-27 00:45:36 +08:00
|
|
|
/*
|
|
|
|
* handle_ti_cmd() case: esp_do_dma() is called only from
|
|
|
|
* handle_ti_cmd() with do_cmd != NULL (see the assert())
|
|
|
|
*/
|
2011-09-11 23:54:18 +08:00
|
|
|
trace_esp_do_dma(s->cmdlen, len);
|
2016-06-16 06:22:35 +08:00
|
|
|
assert (s->cmdlen <= sizeof(s->cmdbuf) &&
|
|
|
|
len <= sizeof(s->cmdbuf) - s->cmdlen);
|
2008-03-02 16:48:47 +08:00
|
|
|
s->dma_memory_read(s->dma_opaque, &s->cmdbuf[s->cmdlen], len);
|
2019-10-27 00:45:36 +08:00
|
|
|
trace_esp_handle_ti_cmd(s->cmdlen);
|
|
|
|
s->ti_size = 0;
|
|
|
|
s->cmdlen = 0;
|
|
|
|
s->do_cmd = 0;
|
|
|
|
do_cmd(s, s->cmdbuf);
|
2006-08-12 09:04:27 +08:00
|
|
|
return;
|
2006-08-29 12:52:16 +08:00
|
|
|
}
|
|
|
|
if (s->async_len == 0) {
|
|
|
|
/* Defer until data is available. */
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
if (len > s->async_len) {
|
|
|
|
len = s->async_len;
|
|
|
|
}
|
2016-06-15 20:29:33 +08:00
|
|
|
to_device = (s->ti_size < 0);
|
2006-08-29 12:52:16 +08:00
|
|
|
if (to_device) {
|
2008-03-02 16:48:47 +08:00
|
|
|
s->dma_memory_read(s->dma_opaque, s->async_buf, len);
|
2006-08-12 09:04:27 +08:00
|
|
|
} else {
|
2008-03-02 16:48:47 +08:00
|
|
|
s->dma_memory_write(s->dma_opaque, s->async_buf, len);
|
2006-08-29 12:52:16 +08:00
|
|
|
}
|
|
|
|
s->dma_left -= len;
|
|
|
|
s->async_buf += len;
|
|
|
|
s->async_len -= len;
|
2006-09-17 11:20:58 +08:00
|
|
|
if (to_device)
|
|
|
|
s->ti_size += len;
|
|
|
|
else
|
|
|
|
s->ti_size -= len;
|
2006-08-29 12:52:16 +08:00
|
|
|
if (s->async_len == 0) {
|
2011-04-18 21:28:11 +08:00
|
|
|
scsi_req_continue(s->current_req);
|
|
|
|
/* If there is still data to be read from the device then
|
|
|
|
complete the DMA operation immediately. Otherwise defer
|
|
|
|
until the scsi layer has completed. */
|
|
|
|
if (to_device || s->dma_left != 0 || s->ti_size == 0) {
|
|
|
|
return;
|
2006-08-12 09:04:27 +08:00
|
|
|
}
|
2006-08-29 12:52:16 +08:00
|
|
|
}
|
2011-04-18 21:28:11 +08:00
|
|
|
|
|
|
|
/* Partially filled a scsi buffer. Complete immediately. */
|
|
|
|
esp_dma_done(s);
|
2006-08-12 09:04:27 +08:00
|
|
|
}
|
|
|
|
|
scsi: esp: Defer command completion until previous interrupts have been handled
The guest OS reads RSTAT, RSEQ, and RINTR, and expects those registers
to reflect a consistent state. However, it is possible that the registers
can change after RSTAT was read, but before RINTR is read, when
esp_command_complete() is called.
Guest OS qemu
-------- ----
[handle interrupt]
Read RSTAT
esp_command_complete()
RSTAT = STAT_ST
esp_dma_done()
RSTAT |= STAT_TC
RSEQ = 0
RINTR = INTR_BS
Read RSEQ
Read RINTR RINTR = 0
RSTAT &= ~STAT_TC
RSEQ = SEQ_CD
The guest OS would then try to handle INTR_BS combined with an old
value of RSTAT. This sometimes resulted in lost events, spurious
interrupts, guest OS confusion, and stalled SCSI operations.
A typical guest error log (observed with various versions of Linux)
looks as follows.
scsi host1: Spurious irq, sreg=13.
...
scsi host1: Aborting command [84531f10:2a]
scsi host1: Current command [f882eea8:35]
scsi host1: Queued command [84531f10:2a]
scsi host1: Active command [f882eea8:35]
scsi host1: Dumping command log
scsi host1: ent[15] CMD val[44] sreg[90] seqreg[00] sreg2[00] ireg[20] ss[00] event[0c]
scsi host1: ent[16] CMD val[01] sreg[90] seqreg[00] sreg2[00] ireg[20] ss[02] event[0c]
scsi host1: ent[17] CMD val[43] sreg[90] seqreg[00] sreg2[00] ireg[20] ss[02] event[0c]
scsi host1: ent[18] EVENT val[0d] sreg[92] seqreg[04] sreg2[00] ireg[18] ss[00] event[0c]
...
Defer handling command completion until previous interrupts have been
handled to fix the problem.
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
2018-11-30 01:17:42 +08:00
|
|
|
static void esp_report_command_complete(ESPState *s, uint32_t status)
|
2006-05-26 07:58:51 +08:00
|
|
|
{
|
2011-09-11 23:54:18 +08:00
|
|
|
trace_esp_command_complete();
|
2011-04-22 18:27:30 +08:00
|
|
|
if (s->ti_size != 0) {
|
2011-09-11 23:54:18 +08:00
|
|
|
trace_esp_command_complete_unexpected();
|
2011-04-22 18:27:30 +08:00
|
|
|
}
|
|
|
|
s->ti_size = 0;
|
|
|
|
s->dma_left = 0;
|
|
|
|
s->async_len = 0;
|
2011-05-21 02:18:07 +08:00
|
|
|
if (status) {
|
2011-09-11 23:54:18 +08:00
|
|
|
trace_esp_command_complete_fail();
|
2011-04-22 18:27:30 +08:00
|
|
|
}
|
2011-05-21 02:18:07 +08:00
|
|
|
s->status = status;
|
2011-04-22 18:27:30 +08:00
|
|
|
s->rregs[ESP_RSTAT] = STAT_ST;
|
|
|
|
esp_dma_done(s);
|
|
|
|
if (s->current_req) {
|
|
|
|
scsi_req_unref(s->current_req);
|
|
|
|
s->current_req = NULL;
|
|
|
|
s->current_dev = NULL;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
scsi: esp: Defer command completion until previous interrupts have been handled
The guest OS reads RSTAT, RSEQ, and RINTR, and expects those registers
to reflect a consistent state. However, it is possible that the registers
can change after RSTAT was read, but before RINTR is read, when
esp_command_complete() is called.
Guest OS qemu
-------- ----
[handle interrupt]
Read RSTAT
esp_command_complete()
RSTAT = STAT_ST
esp_dma_done()
RSTAT |= STAT_TC
RSEQ = 0
RINTR = INTR_BS
Read RSEQ
Read RINTR RINTR = 0
RSTAT &= ~STAT_TC
RSEQ = SEQ_CD
The guest OS would then try to handle INTR_BS combined with an old
value of RSTAT. This sometimes resulted in lost events, spurious
interrupts, guest OS confusion, and stalled SCSI operations.
A typical guest error log (observed with various versions of Linux)
looks as follows.
scsi host1: Spurious irq, sreg=13.
...
scsi host1: Aborting command [84531f10:2a]
scsi host1: Current command [f882eea8:35]
scsi host1: Queued command [84531f10:2a]
scsi host1: Active command [f882eea8:35]
scsi host1: Dumping command log
scsi host1: ent[15] CMD val[44] sreg[90] seqreg[00] sreg2[00] ireg[20] ss[00] event[0c]
scsi host1: ent[16] CMD val[01] sreg[90] seqreg[00] sreg2[00] ireg[20] ss[02] event[0c]
scsi host1: ent[17] CMD val[43] sreg[90] seqreg[00] sreg2[00] ireg[20] ss[02] event[0c]
scsi host1: ent[18] EVENT val[0d] sreg[92] seqreg[04] sreg2[00] ireg[18] ss[00] event[0c]
...
Defer handling command completion until previous interrupts have been
handled to fix the problem.
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
2018-11-30 01:17:42 +08:00
|
|
|
void esp_command_complete(SCSIRequest *req, uint32_t status,
|
|
|
|
size_t resid)
|
|
|
|
{
|
|
|
|
ESPState *s = req->hba_private;
|
|
|
|
|
|
|
|
if (s->rregs[ESP_RSTAT] & STAT_INT) {
|
|
|
|
/* Defer handling command complete until the previous
|
|
|
|
* interrupt has been handled.
|
|
|
|
*/
|
|
|
|
trace_esp_command_complete_deferred();
|
|
|
|
s->deferred_status = status;
|
|
|
|
s->deferred_complete = true;
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
esp_report_command_complete(s, status);
|
|
|
|
}
|
|
|
|
|
2012-08-05 03:10:03 +08:00
|
|
|
void esp_transfer_data(SCSIRequest *req, uint32_t len)
|
2011-04-22 18:27:30 +08:00
|
|
|
{
|
2012-07-09 18:02:27 +08:00
|
|
|
ESPState *s = req->hba_private;
|
2011-04-22 18:27:30 +08:00
|
|
|
|
2016-06-15 20:29:33 +08:00
|
|
|
assert(!s->do_cmd);
|
2011-09-11 23:54:18 +08:00
|
|
|
trace_esp_transfer_data(s->dma_left, s->ti_size);
|
2011-05-21 02:18:07 +08:00
|
|
|
s->async_len = len;
|
2011-04-22 18:27:30 +08:00
|
|
|
s->async_buf = scsi_req_get_buf(req);
|
|
|
|
if (s->dma_left) {
|
|
|
|
esp_do_dma(s);
|
|
|
|
} else if (s->dma_counter != 0 && s->ti_size <= 0) {
|
|
|
|
/* If this was the last part of a DMA transfer then the
|
|
|
|
completion interrupt is deferred to here. */
|
2006-08-29 12:52:16 +08:00
|
|
|
esp_dma_done(s);
|
2006-08-12 09:04:27 +08:00
|
|
|
}
|
2006-05-26 07:58:51 +08:00
|
|
|
}
|
|
|
|
|
2005-04-07 04:31:50 +08:00
|
|
|
static void handle_ti(ESPState *s)
|
|
|
|
{
|
2006-08-12 09:04:27 +08:00
|
|
|
uint32_t dmalen, minlen;
|
2005-04-07 04:31:50 +08:00
|
|
|
|
2012-07-09 18:02:23 +08:00
|
|
|
if (s->dma && !s->dma_enabled) {
|
|
|
|
s->dma_cb = handle_ti;
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
2012-08-02 21:43:39 +08:00
|
|
|
dmalen = s->rregs[ESP_TCLO];
|
|
|
|
dmalen |= s->rregs[ESP_TCMID] << 8;
|
|
|
|
dmalen |= s->rregs[ESP_TCHI] << 16;
|
2006-05-21 20:46:31 +08:00
|
|
|
if (dmalen==0) {
|
|
|
|
dmalen=0x10000;
|
|
|
|
}
|
2006-09-17 11:20:58 +08:00
|
|
|
s->dma_counter = dmalen;
|
2006-05-21 20:46:31 +08:00
|
|
|
|
2006-06-03 22:19:19 +08:00
|
|
|
if (s->do_cmd)
|
2016-06-16 06:22:35 +08:00
|
|
|
minlen = (dmalen < ESP_CMDBUF_SZ) ? dmalen : ESP_CMDBUF_SZ;
|
2006-09-04 00:09:07 +08:00
|
|
|
else if (s->ti_size < 0)
|
|
|
|
minlen = (dmalen < -s->ti_size) ? dmalen : -s->ti_size;
|
2006-06-03 22:19:19 +08:00
|
|
|
else
|
|
|
|
minlen = (dmalen < s->ti_size) ? dmalen : s->ti_size;
|
2011-09-11 23:54:18 +08:00
|
|
|
trace_esp_handle_ti(minlen);
|
2005-10-31 01:24:05 +08:00
|
|
|
if (s->dma) {
|
2006-08-12 09:04:27 +08:00
|
|
|
s->dma_left = minlen;
|
2007-12-01 22:51:23 +08:00
|
|
|
s->rregs[ESP_RSTAT] &= ~STAT_TC;
|
2006-08-12 09:04:27 +08:00
|
|
|
esp_do_dma(s);
|
2019-10-27 00:45:36 +08:00
|
|
|
} else if (s->do_cmd) {
|
2011-09-11 23:54:18 +08:00
|
|
|
trace_esp_handle_ti_cmd(s->cmdlen);
|
2006-06-03 22:19:19 +08:00
|
|
|
s->ti_size = 0;
|
|
|
|
s->cmdlen = 0;
|
|
|
|
s->do_cmd = 0;
|
|
|
|
do_cmd(s, s->cmdbuf);
|
|
|
|
}
|
2005-04-07 04:31:50 +08:00
|
|
|
}
|
|
|
|
|
2012-08-05 03:10:03 +08:00
|
|
|
void esp_hard_reset(ESPState *s)
|
2005-03-13 17:43:36 +08:00
|
|
|
{
|
2007-05-27 01:39:43 +08:00
|
|
|
memset(s->rregs, 0, ESP_REGS);
|
|
|
|
memset(s->wregs, 0, ESP_REGS);
|
2014-11-10 23:52:55 +08:00
|
|
|
s->tchi_written = 0;
|
2006-03-12 00:29:14 +08:00
|
|
|
s->ti_size = 0;
|
|
|
|
s->ti_rptr = 0;
|
|
|
|
s->ti_wptr = 0;
|
|
|
|
s->dma = 0;
|
2006-06-03 22:19:19 +08:00
|
|
|
s->do_cmd = 0;
|
2010-09-12 00:38:33 +08:00
|
|
|
s->dma_cb = NULL;
|
2008-11-30 00:45:28 +08:00
|
|
|
|
|
|
|
s->rregs[ESP_CFG1] = 7;
|
2005-03-13 17:43:36 +08:00
|
|
|
}
|
|
|
|
|
2012-07-09 18:02:28 +08:00
|
|
|
static void esp_soft_reset(ESPState *s)
|
2010-06-11 01:57:39 +08:00
|
|
|
{
|
|
|
|
qemu_irq_lower(s->irq);
|
2012-07-09 18:02:28 +08:00
|
|
|
esp_hard_reset(s);
|
2010-06-11 01:57:39 +08:00
|
|
|
}
|
|
|
|
|
2012-07-09 18:02:28 +08:00
|
|
|
static void parent_esp_reset(ESPState *s, int irq, int level)
|
2007-08-17 03:56:27 +08:00
|
|
|
{
|
2010-06-11 01:57:39 +08:00
|
|
|
if (level) {
|
2012-07-09 18:02:28 +08:00
|
|
|
esp_soft_reset(s);
|
2010-06-11 01:57:39 +08:00
|
|
|
}
|
2007-08-17 03:56:27 +08:00
|
|
|
}
|
|
|
|
|
2012-08-05 03:10:03 +08:00
|
|
|
uint64_t esp_reg_read(ESPState *s, uint32_t saddr)
|
2010-09-12 00:38:33 +08:00
|
|
|
{
|
2012-07-09 18:02:28 +08:00
|
|
|
uint32_t old_val;
|
2010-09-12 00:38:33 +08:00
|
|
|
|
2011-09-11 23:54:18 +08:00
|
|
|
trace_esp_mem_readb(saddr, s->rregs[saddr]);
|
2005-03-13 17:43:36 +08:00
|
|
|
switch (saddr) {
|
2007-12-01 22:51:23 +08:00
|
|
|
case ESP_FIFO:
|
2016-06-07 00:34:43 +08:00
|
|
|
if ((s->rregs[ESP_RSTAT] & STAT_PIO_MASK) == 0) {
|
|
|
|
/* Data out. */
|
|
|
|
qemu_log_mask(LOG_UNIMP, "esp: PIO data read not implemented\n");
|
|
|
|
s->rregs[ESP_FIFO] = 0;
|
|
|
|
} else if (s->ti_rptr < s->ti_wptr) {
|
2007-10-06 19:28:21 +08:00
|
|
|
s->ti_size--;
|
2016-06-07 00:34:43 +08:00
|
|
|
s->rregs[ESP_FIFO] = s->ti_buf[s->ti_rptr++];
|
2007-10-06 19:28:21 +08:00
|
|
|
}
|
2016-06-07 00:34:43 +08:00
|
|
|
if (s->ti_rptr == s->ti_wptr) {
|
2005-10-31 01:24:05 +08:00
|
|
|
s->ti_rptr = 0;
|
|
|
|
s->ti_wptr = 0;
|
|
|
|
}
|
2007-10-06 19:28:21 +08:00
|
|
|
break;
|
2007-12-01 22:51:23 +08:00
|
|
|
case ESP_RINTR:
|
2009-07-31 15:26:44 +08:00
|
|
|
/* Clear sequence step, interrupt register and all status bits
|
|
|
|
except TC */
|
|
|
|
old_val = s->rregs[ESP_RINTR];
|
|
|
|
s->rregs[ESP_RINTR] = 0;
|
|
|
|
s->rregs[ESP_RSTAT] &= ~STAT_TC;
|
|
|
|
s->rregs[ESP_RSEQ] = SEQ_CD;
|
2008-04-25 01:20:25 +08:00
|
|
|
esp_lower_irq(s);
|
scsi: esp: Defer command completion until previous interrupts have been handled
The guest OS reads RSTAT, RSEQ, and RINTR, and expects those registers
to reflect a consistent state. However, it is possible that the registers
can change after RSTAT was read, but before RINTR is read, when
esp_command_complete() is called.
Guest OS qemu
-------- ----
[handle interrupt]
Read RSTAT
esp_command_complete()
RSTAT = STAT_ST
esp_dma_done()
RSTAT |= STAT_TC
RSEQ = 0
RINTR = INTR_BS
Read RSEQ
Read RINTR RINTR = 0
RSTAT &= ~STAT_TC
RSEQ = SEQ_CD
The guest OS would then try to handle INTR_BS combined with an old
value of RSTAT. This sometimes resulted in lost events, spurious
interrupts, guest OS confusion, and stalled SCSI operations.
A typical guest error log (observed with various versions of Linux)
looks as follows.
scsi host1: Spurious irq, sreg=13.
...
scsi host1: Aborting command [84531f10:2a]
scsi host1: Current command [f882eea8:35]
scsi host1: Queued command [84531f10:2a]
scsi host1: Active command [f882eea8:35]
scsi host1: Dumping command log
scsi host1: ent[15] CMD val[44] sreg[90] seqreg[00] sreg2[00] ireg[20] ss[00] event[0c]
scsi host1: ent[16] CMD val[01] sreg[90] seqreg[00] sreg2[00] ireg[20] ss[02] event[0c]
scsi host1: ent[17] CMD val[43] sreg[90] seqreg[00] sreg2[00] ireg[20] ss[02] event[0c]
scsi host1: ent[18] EVENT val[0d] sreg[92] seqreg[04] sreg2[00] ireg[18] ss[00] event[0c]
...
Defer handling command completion until previous interrupts have been
handled to fix the problem.
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
2018-11-30 01:17:42 +08:00
|
|
|
if (s->deferred_complete) {
|
|
|
|
esp_report_command_complete(s, s->deferred_status);
|
|
|
|
s->deferred_complete = false;
|
|
|
|
}
|
2009-07-31 15:26:44 +08:00
|
|
|
return old_val;
|
2014-11-10 23:52:55 +08:00
|
|
|
case ESP_TCHI:
|
|
|
|
/* Return the unique id if the value has never been written */
|
|
|
|
if (!s->tchi_written) {
|
|
|
|
return s->chip_id;
|
|
|
|
}
|
2005-03-13 17:43:36 +08:00
|
|
|
default:
|
2007-10-06 19:28:21 +08:00
|
|
|
break;
|
2005-03-13 17:43:36 +08:00
|
|
|
}
|
2005-04-07 04:31:50 +08:00
|
|
|
return s->rregs[saddr];
|
2005-03-13 17:43:36 +08:00
|
|
|
}
|
|
|
|
|
2012-08-05 03:10:03 +08:00
|
|
|
void esp_reg_write(ESPState *s, uint32_t saddr, uint64_t val)
|
2005-03-13 17:43:36 +08:00
|
|
|
{
|
2011-09-11 23:54:18 +08:00
|
|
|
trace_esp_mem_writeb(saddr, s->wregs[saddr], val);
|
2005-03-13 17:43:36 +08:00
|
|
|
switch (saddr) {
|
2014-11-10 23:52:55 +08:00
|
|
|
case ESP_TCHI:
|
|
|
|
s->tchi_written = true;
|
|
|
|
/* fall through */
|
2007-12-01 22:51:23 +08:00
|
|
|
case ESP_TCLO:
|
|
|
|
case ESP_TCMID:
|
|
|
|
s->rregs[ESP_RSTAT] &= ~STAT_TC;
|
2005-10-31 01:24:05 +08:00
|
|
|
break;
|
2007-12-01 22:51:23 +08:00
|
|
|
case ESP_FIFO:
|
2006-06-03 22:19:19 +08:00
|
|
|
if (s->do_cmd) {
|
2016-06-16 06:22:35 +08:00
|
|
|
if (s->cmdlen < ESP_CMDBUF_SZ) {
|
2016-05-19 18:39:30 +08:00
|
|
|
s->cmdbuf[s->cmdlen++] = val & 0xff;
|
|
|
|
} else {
|
|
|
|
trace_esp_error_fifo_overrun();
|
|
|
|
}
|
2016-06-07 00:34:43 +08:00
|
|
|
} else if (s->ti_wptr == TI_BUFSZ - 1) {
|
2012-07-09 18:02:29 +08:00
|
|
|
trace_esp_error_fifo_overrun();
|
2006-05-26 07:58:51 +08:00
|
|
|
} else {
|
|
|
|
s->ti_size++;
|
|
|
|
s->ti_buf[s->ti_wptr++] = val & 0xff;
|
|
|
|
}
|
2007-10-06 19:28:21 +08:00
|
|
|
break;
|
2007-12-01 22:51:23 +08:00
|
|
|
case ESP_CMD:
|
2005-10-31 01:24:05 +08:00
|
|
|
s->rregs[saddr] = val;
|
2007-12-01 22:51:23 +08:00
|
|
|
if (val & CMD_DMA) {
|
2007-10-06 19:28:21 +08:00
|
|
|
s->dma = 1;
|
2006-09-17 11:20:58 +08:00
|
|
|
/* Reload DMA counter. */
|
2007-12-01 22:51:23 +08:00
|
|
|
s->rregs[ESP_TCLO] = s->wregs[ESP_TCLO];
|
|
|
|
s->rregs[ESP_TCMID] = s->wregs[ESP_TCMID];
|
2012-08-02 21:43:39 +08:00
|
|
|
s->rregs[ESP_TCHI] = s->wregs[ESP_TCHI];
|
2007-10-06 19:28:21 +08:00
|
|
|
} else {
|
|
|
|
s->dma = 0;
|
|
|
|
}
|
2007-12-01 22:51:23 +08:00
|
|
|
switch(val & CMD_CMD) {
|
|
|
|
case CMD_NOP:
|
2011-09-11 23:54:18 +08:00
|
|
|
trace_esp_mem_writeb_cmd_nop(val);
|
2007-10-06 19:28:21 +08:00
|
|
|
break;
|
2007-12-01 22:51:23 +08:00
|
|
|
case CMD_FLUSH:
|
2011-09-11 23:54:18 +08:00
|
|
|
trace_esp_mem_writeb_cmd_flush(val);
|
2005-11-11 08:24:58 +08:00
|
|
|
//s->ti_size = 0;
|
2007-12-01 22:51:23 +08:00
|
|
|
s->rregs[ESP_RINTR] = INTR_FC;
|
|
|
|
s->rregs[ESP_RSEQ] = 0;
|
2008-06-26 03:59:53 +08:00
|
|
|
s->rregs[ESP_RFLAGS] = 0;
|
2007-10-06 19:28:21 +08:00
|
|
|
break;
|
2007-12-01 22:51:23 +08:00
|
|
|
case CMD_RESET:
|
2011-09-11 23:54:18 +08:00
|
|
|
trace_esp_mem_writeb_cmd_reset(val);
|
2012-07-09 18:02:28 +08:00
|
|
|
esp_soft_reset(s);
|
2007-10-06 19:28:21 +08:00
|
|
|
break;
|
2007-12-01 22:51:23 +08:00
|
|
|
case CMD_BUSRESET:
|
2011-09-11 23:54:18 +08:00
|
|
|
trace_esp_mem_writeb_cmd_bus_reset(val);
|
2007-12-01 22:51:23 +08:00
|
|
|
s->rregs[ESP_RINTR] = INTR_RST;
|
|
|
|
if (!(s->wregs[ESP_CFG1] & CFG1_RESREPT)) {
|
2008-04-25 01:20:25 +08:00
|
|
|
esp_raise_irq(s);
|
2005-11-11 08:24:58 +08:00
|
|
|
}
|
2007-10-06 19:28:21 +08:00
|
|
|
break;
|
2007-12-01 22:51:23 +08:00
|
|
|
case CMD_TI:
|
2007-10-06 19:28:21 +08:00
|
|
|
handle_ti(s);
|
|
|
|
break;
|
2007-12-01 22:51:23 +08:00
|
|
|
case CMD_ICCS:
|
2011-09-11 23:54:18 +08:00
|
|
|
trace_esp_mem_writeb_cmd_iccs(val);
|
2007-10-06 19:28:21 +08:00
|
|
|
write_response(s);
|
2008-11-30 18:24:13 +08:00
|
|
|
s->rregs[ESP_RINTR] = INTR_FC;
|
|
|
|
s->rregs[ESP_RSTAT] |= STAT_MI;
|
2007-10-06 19:28:21 +08:00
|
|
|
break;
|
2007-12-01 22:51:23 +08:00
|
|
|
case CMD_MSGACC:
|
2011-09-11 23:54:18 +08:00
|
|
|
trace_esp_mem_writeb_cmd_msgacc(val);
|
2007-12-01 22:51:23 +08:00
|
|
|
s->rregs[ESP_RINTR] = INTR_DC;
|
|
|
|
s->rregs[ESP_RSEQ] = 0;
|
2009-09-01 01:03:51 +08:00
|
|
|
s->rregs[ESP_RFLAGS] = 0;
|
|
|
|
esp_raise_irq(s);
|
2007-10-06 19:28:21 +08:00
|
|
|
break;
|
2009-08-22 21:55:05 +08:00
|
|
|
case CMD_PAD:
|
2011-09-11 23:54:18 +08:00
|
|
|
trace_esp_mem_writeb_cmd_pad(val);
|
2009-08-22 21:55:05 +08:00
|
|
|
s->rregs[ESP_RSTAT] = STAT_TC;
|
|
|
|
s->rregs[ESP_RINTR] = INTR_FC;
|
|
|
|
s->rregs[ESP_RSEQ] = 0;
|
|
|
|
break;
|
2007-12-01 22:51:23 +08:00
|
|
|
case CMD_SATN:
|
2011-09-11 23:54:18 +08:00
|
|
|
trace_esp_mem_writeb_cmd_satn(val);
|
2007-10-06 19:28:21 +08:00
|
|
|
break;
|
2012-07-09 18:02:25 +08:00
|
|
|
case CMD_RSTATN:
|
|
|
|
trace_esp_mem_writeb_cmd_rstatn(val);
|
|
|
|
break;
|
2009-08-22 21:54:31 +08:00
|
|
|
case CMD_SEL:
|
2011-09-11 23:54:18 +08:00
|
|
|
trace_esp_mem_writeb_cmd_sel(val);
|
2009-09-05 14:24:47 +08:00
|
|
|
handle_s_without_atn(s);
|
2009-08-22 21:54:31 +08:00
|
|
|
break;
|
2007-12-01 22:51:23 +08:00
|
|
|
case CMD_SELATN:
|
2011-09-11 23:54:18 +08:00
|
|
|
trace_esp_mem_writeb_cmd_selatn(val);
|
2007-10-06 19:28:21 +08:00
|
|
|
handle_satn(s);
|
|
|
|
break;
|
2007-12-01 22:51:23 +08:00
|
|
|
case CMD_SELATNS:
|
2011-09-11 23:54:18 +08:00
|
|
|
trace_esp_mem_writeb_cmd_selatns(val);
|
2007-10-06 19:28:21 +08:00
|
|
|
handle_satn_stop(s);
|
|
|
|
break;
|
2007-12-01 22:51:23 +08:00
|
|
|
case CMD_ENSEL:
|
2011-09-11 23:54:18 +08:00
|
|
|
trace_esp_mem_writeb_cmd_ensel(val);
|
2008-11-30 00:51:42 +08:00
|
|
|
s->rregs[ESP_RINTR] = 0;
|
2007-08-11 15:58:41 +08:00
|
|
|
break;
|
2012-07-09 18:02:24 +08:00
|
|
|
case CMD_DISSEL:
|
|
|
|
trace_esp_mem_writeb_cmd_dissel(val);
|
|
|
|
s->rregs[ESP_RINTR] = 0;
|
|
|
|
esp_raise_irq(s);
|
|
|
|
break;
|
2007-10-06 19:28:21 +08:00
|
|
|
default:
|
2012-07-09 18:02:29 +08:00
|
|
|
trace_esp_error_unhandled_command(val);
|
2007-10-06 19:28:21 +08:00
|
|
|
break;
|
|
|
|
}
|
|
|
|
break;
|
2007-12-01 22:51:23 +08:00
|
|
|
case ESP_WBUSID ... ESP_WSYNO:
|
2007-10-06 19:28:21 +08:00
|
|
|
break;
|
2007-12-01 22:51:23 +08:00
|
|
|
case ESP_CFG1:
|
2012-08-02 21:43:39 +08:00
|
|
|
case ESP_CFG2: case ESP_CFG3:
|
|
|
|
case ESP_RES3: case ESP_RES4:
|
2005-10-31 01:24:05 +08:00
|
|
|
s->rregs[saddr] = val;
|
|
|
|
break;
|
2007-12-01 22:51:23 +08:00
|
|
|
case ESP_WCCF ... ESP_WTEST:
|
2005-10-31 01:24:05 +08:00
|
|
|
break;
|
2005-03-13 17:43:36 +08:00
|
|
|
default:
|
2012-07-09 18:02:29 +08:00
|
|
|
trace_esp_error_invalid_write(val, saddr);
|
2008-11-30 00:45:28 +08:00
|
|
|
return;
|
2005-03-13 17:43:36 +08:00
|
|
|
}
|
2005-04-07 04:31:50 +08:00
|
|
|
s->wregs[saddr] = val;
|
2005-03-13 17:43:36 +08:00
|
|
|
}
|
|
|
|
|
2012-10-23 18:30:10 +08:00
|
|
|
static bool esp_mem_accepts(void *opaque, hwaddr addr,
|
2018-05-31 21:50:52 +08:00
|
|
|
unsigned size, bool is_write,
|
|
|
|
MemTxAttrs attrs)
|
2011-11-13 19:07:04 +08:00
|
|
|
{
|
|
|
|
return (size == 1) || (is_write && size == 4);
|
|
|
|
}
|
2005-03-13 17:43:36 +08:00
|
|
|
|
2012-08-05 03:10:03 +08:00
|
|
|
const VMStateDescription vmstate_esp = {
|
2009-09-19 23:44:50 +08:00
|
|
|
.name ="esp",
|
2016-06-20 22:32:39 +08:00
|
|
|
.version_id = 4,
|
2009-09-19 23:44:50 +08:00
|
|
|
.minimum_version_id = 3,
|
2014-04-16 22:01:33 +08:00
|
|
|
.fields = (VMStateField[]) {
|
2009-09-19 23:44:50 +08:00
|
|
|
VMSTATE_BUFFER(rregs, ESPState),
|
|
|
|
VMSTATE_BUFFER(wregs, ESPState),
|
|
|
|
VMSTATE_INT32(ti_size, ESPState),
|
|
|
|
VMSTATE_UINT32(ti_rptr, ESPState),
|
|
|
|
VMSTATE_UINT32(ti_wptr, ESPState),
|
|
|
|
VMSTATE_BUFFER(ti_buf, ESPState),
|
2011-05-21 02:10:02 +08:00
|
|
|
VMSTATE_UINT32(status, ESPState),
|
scsi: esp: Defer command completion until previous interrupts have been handled
The guest OS reads RSTAT, RSEQ, and RINTR, and expects those registers
to reflect a consistent state. However, it is possible that the registers
can change after RSTAT was read, but before RINTR is read, when
esp_command_complete() is called.
Guest OS qemu
-------- ----
[handle interrupt]
Read RSTAT
esp_command_complete()
RSTAT = STAT_ST
esp_dma_done()
RSTAT |= STAT_TC
RSEQ = 0
RINTR = INTR_BS
Read RSEQ
Read RINTR RINTR = 0
RSTAT &= ~STAT_TC
RSEQ = SEQ_CD
The guest OS would then try to handle INTR_BS combined with an old
value of RSTAT. This sometimes resulted in lost events, spurious
interrupts, guest OS confusion, and stalled SCSI operations.
A typical guest error log (observed with various versions of Linux)
looks as follows.
scsi host1: Spurious irq, sreg=13.
...
scsi host1: Aborting command [84531f10:2a]
scsi host1: Current command [f882eea8:35]
scsi host1: Queued command [84531f10:2a]
scsi host1: Active command [f882eea8:35]
scsi host1: Dumping command log
scsi host1: ent[15] CMD val[44] sreg[90] seqreg[00] sreg2[00] ireg[20] ss[00] event[0c]
scsi host1: ent[16] CMD val[01] sreg[90] seqreg[00] sreg2[00] ireg[20] ss[02] event[0c]
scsi host1: ent[17] CMD val[43] sreg[90] seqreg[00] sreg2[00] ireg[20] ss[02] event[0c]
scsi host1: ent[18] EVENT val[0d] sreg[92] seqreg[04] sreg2[00] ireg[18] ss[00] event[0c]
...
Defer handling command completion until previous interrupts have been
handled to fix the problem.
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
2018-11-30 01:17:42 +08:00
|
|
|
VMSTATE_UINT32(deferred_status, ESPState),
|
|
|
|
VMSTATE_BOOL(deferred_complete, ESPState),
|
2009-09-19 23:44:50 +08:00
|
|
|
VMSTATE_UINT32(dma, ESPState),
|
2016-06-20 22:32:39 +08:00
|
|
|
VMSTATE_PARTIAL_BUFFER(cmdbuf, ESPState, 16),
|
|
|
|
VMSTATE_BUFFER_START_MIDDLE_V(cmdbuf, ESPState, 16, 4),
|
2009-09-19 23:44:50 +08:00
|
|
|
VMSTATE_UINT32(cmdlen, ESPState),
|
|
|
|
VMSTATE_UINT32(do_cmd, ESPState),
|
|
|
|
VMSTATE_UINT32(dma_left, ESPState),
|
|
|
|
VMSTATE_END_OF_LIST()
|
|
|
|
}
|
|
|
|
};
|
2005-03-13 17:43:36 +08:00
|
|
|
|
2012-10-23 18:30:10 +08:00
|
|
|
static void sysbus_esp_mem_write(void *opaque, hwaddr addr,
|
2012-07-09 18:02:28 +08:00
|
|
|
uint64_t val, unsigned int size)
|
|
|
|
{
|
|
|
|
SysBusESPState *sysbus = opaque;
|
|
|
|
uint32_t saddr;
|
|
|
|
|
|
|
|
saddr = addr >> sysbus->it_shift;
|
|
|
|
esp_reg_write(&sysbus->esp, saddr, val);
|
|
|
|
}
|
|
|
|
|
2012-10-23 18:30:10 +08:00
|
|
|
static uint64_t sysbus_esp_mem_read(void *opaque, hwaddr addr,
|
2012-07-09 18:02:28 +08:00
|
|
|
unsigned int size)
|
|
|
|
{
|
|
|
|
SysBusESPState *sysbus = opaque;
|
|
|
|
uint32_t saddr;
|
|
|
|
|
|
|
|
saddr = addr >> sysbus->it_shift;
|
|
|
|
return esp_reg_read(&sysbus->esp, saddr);
|
|
|
|
}
|
|
|
|
|
|
|
|
static const MemoryRegionOps sysbus_esp_mem_ops = {
|
|
|
|
.read = sysbus_esp_mem_read,
|
|
|
|
.write = sysbus_esp_mem_write,
|
|
|
|
.endianness = DEVICE_NATIVE_ENDIAN,
|
|
|
|
.valid.accepts = esp_mem_accepts,
|
|
|
|
};
|
|
|
|
|
2011-08-13 21:44:45 +08:00
|
|
|
static const struct SCSIBusInfo esp_scsi_info = {
|
|
|
|
.tcq = false,
|
2011-08-14 00:55:17 +08:00
|
|
|
.max_target = ESP_MAX_DEVS,
|
|
|
|
.max_lun = 7,
|
2011-08-13 21:44:45 +08:00
|
|
|
|
2011-04-22 18:27:30 +08:00
|
|
|
.transfer_data = esp_transfer_data,
|
2011-04-19 04:53:08 +08:00
|
|
|
.complete = esp_command_complete,
|
|
|
|
.cancel = esp_request_cancelled
|
2011-04-18 23:11:14 +08:00
|
|
|
};
|
|
|
|
|
2012-07-09 18:02:28 +08:00
|
|
|
static void sysbus_esp_gpio_demux(void *opaque, int irq, int level)
|
2009-05-15 05:35:07 +08:00
|
|
|
{
|
2017-09-09 22:21:16 +08:00
|
|
|
SysBusESPState *sysbus = ESP_STATE(opaque);
|
2012-07-09 18:02:28 +08:00
|
|
|
ESPState *s = &sysbus->esp;
|
|
|
|
|
|
|
|
switch (irq) {
|
|
|
|
case 0:
|
|
|
|
parent_esp_reset(s, irq, level);
|
|
|
|
break;
|
|
|
|
case 1:
|
|
|
|
esp_dma_enable(opaque, irq, level);
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2013-07-01 18:18:35 +08:00
|
|
|
static void sysbus_esp_realize(DeviceState *dev, Error **errp)
|
2012-07-09 18:02:28 +08:00
|
|
|
{
|
2013-07-01 18:18:35 +08:00
|
|
|
SysBusDevice *sbd = SYS_BUS_DEVICE(dev);
|
2017-09-09 22:21:16 +08:00
|
|
|
SysBusESPState *sysbus = ESP_STATE(dev);
|
2012-07-09 18:02:28 +08:00
|
|
|
ESPState *s = &sysbus->esp;
|
2005-03-13 17:43:36 +08:00
|
|
|
|
2013-07-01 18:18:35 +08:00
|
|
|
sysbus_init_irq(sbd, &s->irq);
|
2012-07-09 18:02:28 +08:00
|
|
|
assert(sysbus->it_shift != -1);
|
2005-03-13 17:43:36 +08:00
|
|
|
|
2012-07-09 18:02:26 +08:00
|
|
|
s->chip_id = TCHI_FAS100A;
|
2013-06-07 09:25:08 +08:00
|
|
|
memory_region_init_io(&sysbus->iomem, OBJECT(sysbus), &sysbus_esp_mem_ops,
|
|
|
|
sysbus, "esp", ESP_REGS << sysbus->it_shift);
|
2013-07-01 18:18:35 +08:00
|
|
|
sysbus_init_mmio(sbd, &sysbus->iomem);
|
2005-03-13 17:43:36 +08:00
|
|
|
|
2013-07-01 18:18:35 +08:00
|
|
|
qdev_init_gpio_in(dev, sysbus_esp_gpio_demux, 2);
|
2007-08-17 03:56:27 +08:00
|
|
|
|
2013-08-24 02:30:03 +08:00
|
|
|
scsi_bus_new(&s->bus, sizeof(s->bus), dev, &esp_scsi_info, NULL);
|
2006-09-04 00:09:07 +08:00
|
|
|
}
|
2009-05-15 05:35:07 +08:00
|
|
|
|
2012-07-09 18:02:28 +08:00
|
|
|
static void sysbus_esp_hard_reset(DeviceState *dev)
|
|
|
|
{
|
2017-09-09 22:21:16 +08:00
|
|
|
SysBusESPState *sysbus = ESP_STATE(dev);
|
2012-07-09 18:02:28 +08:00
|
|
|
esp_hard_reset(&sysbus->esp);
|
|
|
|
}
|
|
|
|
|
|
|
|
static const VMStateDescription vmstate_sysbus_esp_scsi = {
|
|
|
|
.name = "sysbusespscsi",
|
scsi: esp: Defer command completion until previous interrupts have been handled
The guest OS reads RSTAT, RSEQ, and RINTR, and expects those registers
to reflect a consistent state. However, it is possible that the registers
can change after RSTAT was read, but before RINTR is read, when
esp_command_complete() is called.
Guest OS qemu
-------- ----
[handle interrupt]
Read RSTAT
esp_command_complete()
RSTAT = STAT_ST
esp_dma_done()
RSTAT |= STAT_TC
RSEQ = 0
RINTR = INTR_BS
Read RSEQ
Read RINTR RINTR = 0
RSTAT &= ~STAT_TC
RSEQ = SEQ_CD
The guest OS would then try to handle INTR_BS combined with an old
value of RSTAT. This sometimes resulted in lost events, spurious
interrupts, guest OS confusion, and stalled SCSI operations.
A typical guest error log (observed with various versions of Linux)
looks as follows.
scsi host1: Spurious irq, sreg=13.
...
scsi host1: Aborting command [84531f10:2a]
scsi host1: Current command [f882eea8:35]
scsi host1: Queued command [84531f10:2a]
scsi host1: Active command [f882eea8:35]
scsi host1: Dumping command log
scsi host1: ent[15] CMD val[44] sreg[90] seqreg[00] sreg2[00] ireg[20] ss[00] event[0c]
scsi host1: ent[16] CMD val[01] sreg[90] seqreg[00] sreg2[00] ireg[20] ss[02] event[0c]
scsi host1: ent[17] CMD val[43] sreg[90] seqreg[00] sreg2[00] ireg[20] ss[02] event[0c]
scsi host1: ent[18] EVENT val[0d] sreg[92] seqreg[04] sreg2[00] ireg[18] ss[00] event[0c]
...
Defer handling command completion until previous interrupts have been
handled to fix the problem.
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
2018-11-30 01:17:42 +08:00
|
|
|
.version_id = 1,
|
|
|
|
.minimum_version_id = 1,
|
2012-07-09 18:02:28 +08:00
|
|
|
.fields = (VMStateField[]) {
|
|
|
|
VMSTATE_STRUCT(esp, SysBusESPState, 0, vmstate_esp, ESPState),
|
|
|
|
VMSTATE_END_OF_LIST()
|
|
|
|
}
|
2012-01-25 03:12:29 +08:00
|
|
|
};
|
|
|
|
|
2012-07-09 18:02:28 +08:00
|
|
|
static void sysbus_esp_class_init(ObjectClass *klass, void *data)
|
2012-01-25 03:12:29 +08:00
|
|
|
{
|
2011-12-08 11:34:16 +08:00
|
|
|
DeviceClass *dc = DEVICE_CLASS(klass);
|
2012-01-25 03:12:29 +08:00
|
|
|
|
2013-07-01 18:18:35 +08:00
|
|
|
dc->realize = sysbus_esp_realize;
|
2012-07-09 18:02:28 +08:00
|
|
|
dc->reset = sysbus_esp_hard_reset;
|
|
|
|
dc->vmsd = &vmstate_sysbus_esp_scsi;
|
2013-07-29 22:17:45 +08:00
|
|
|
set_bit(DEVICE_CATEGORY_STORAGE, dc->categories);
|
2012-01-25 03:12:29 +08:00
|
|
|
}
|
|
|
|
|
2012-08-02 16:40:30 +08:00
|
|
|
static const TypeInfo sysbus_esp_info = {
|
2013-07-01 18:18:34 +08:00
|
|
|
.name = TYPE_ESP,
|
2011-12-08 11:34:16 +08:00
|
|
|
.parent = TYPE_SYS_BUS_DEVICE,
|
2012-07-09 18:02:28 +08:00
|
|
|
.instance_size = sizeof(SysBusESPState),
|
|
|
|
.class_init = sysbus_esp_class_init,
|
2009-10-25 00:34:21 +08:00
|
|
|
};
|
|
|
|
|
2012-02-09 22:20:55 +08:00
|
|
|
static void esp_register_types(void)
|
2009-05-15 05:35:07 +08:00
|
|
|
{
|
2012-07-09 18:02:28 +08:00
|
|
|
type_register_static(&sysbus_esp_info);
|
2009-05-15 05:35:07 +08:00
|
|
|
}
|
|
|
|
|
2012-02-09 22:20:55 +08:00
|
|
|
type_init(esp_register_types)
|