scsi: esp: check buffer length before reading scsi command
[qemu.git] / hw / scsi / esp.c
1 /*
2 * QEMU ESP/NCR53C9x emulation
3 *
4 * Copyright (c) 2005-2006 Fabrice Bellard
5 * Copyright (c) 2012 Herve Poussineau
6 *
7 * Permission is hereby granted, free of charge, to any person obtaining a copy
8 * of this software and associated documentation files (the "Software"), to deal
9 * in the Software without restriction, including without limitation the rights
10 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
11 * copies of the Software, and to permit persons to whom the Software is
12 * furnished to do so, subject to the following conditions:
13 *
14 * The above copyright notice and this permission notice shall be included in
15 * all copies or substantial portions of the Software.
16 *
17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
18 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
19 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
20 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
21 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
22 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
23 * THE SOFTWARE.
24 */
25
26 #include "qemu/osdep.h"
27 #include "hw/sysbus.h"
28 #include "hw/scsi/esp.h"
29 #include "trace.h"
30 #include "qapi/error.h"
31 #include "qemu/log.h"
32
33 /*
34 * On Sparc32, this is the ESP (NCR53C90) part of chip STP2000 (Master I/O),
35 * also produced as NCR89C100. See
36 * http://www.ibiblio.org/pub/historic-linux/early-ports/Sparc/NCR/NCR89C100.txt
37 * and
38 * http://www.ibiblio.org/pub/historic-linux/early-ports/Sparc/NCR/NCR53C9X.txt
39 */
40
41 static void esp_raise_irq(ESPState *s)
42 {
43 if (!(s->rregs[ESP_RSTAT] & STAT_INT)) {
44 s->rregs[ESP_RSTAT] |= STAT_INT;
45 qemu_irq_raise(s->irq);
46 trace_esp_raise_irq();
47 }
48 }
49
50 static void esp_lower_irq(ESPState *s)
51 {
52 if (s->rregs[ESP_RSTAT] & STAT_INT) {
53 s->rregs[ESP_RSTAT] &= ~STAT_INT;
54 qemu_irq_lower(s->irq);
55 trace_esp_lower_irq();
56 }
57 }
58
59 void esp_dma_enable(ESPState *s, int irq, int level)
60 {
61 if (level) {
62 s->dma_enabled = 1;
63 trace_esp_dma_enable();
64 if (s->dma_cb) {
65 s->dma_cb(s);
66 s->dma_cb = NULL;
67 }
68 } else {
69 trace_esp_dma_disable();
70 s->dma_enabled = 0;
71 }
72 }
73
74 void esp_request_cancelled(SCSIRequest *req)
75 {
76 ESPState *s = req->hba_private;
77
78 if (req == s->current_req) {
79 scsi_req_unref(s->current_req);
80 s->current_req = NULL;
81 s->current_dev = NULL;
82 }
83 }
84
85 static uint32_t get_cmd(ESPState *s, uint8_t *buf, uint8_t buflen)
86 {
87 uint32_t dmalen;
88 int target;
89
90 target = s->wregs[ESP_WBUSID] & BUSID_DID;
91 if (s->dma) {
92 dmalen = s->rregs[ESP_TCLO];
93 dmalen |= s->rregs[ESP_TCMID] << 8;
94 dmalen |= s->rregs[ESP_TCHI] << 16;
95 if (dmalen > buflen) {
96 return 0;
97 }
98 s->dma_memory_read(s->dma_opaque, buf, dmalen);
99 } else {
100 dmalen = s->ti_size;
101 if (dmalen > TI_BUFSZ) {
102 return 0;
103 }
104 memcpy(buf, s->ti_buf, dmalen);
105 buf[0] = buf[2] >> 5;
106 }
107 trace_esp_get_cmd(dmalen, target);
108
109 s->ti_size = 0;
110 s->ti_rptr = 0;
111 s->ti_wptr = 0;
112
113 if (s->current_req) {
114 /* Started a new command before the old one finished. Cancel it. */
115 scsi_req_cancel(s->current_req);
116 s->async_len = 0;
117 }
118
119 s->current_dev = scsi_device_find(&s->bus, 0, target, 0);
120 if (!s->current_dev) {
121 // No such drive
122 s->rregs[ESP_RSTAT] = 0;
123 s->rregs[ESP_RINTR] = INTR_DC;
124 s->rregs[ESP_RSEQ] = SEQ_0;
125 esp_raise_irq(s);
126 return 0;
127 }
128 return dmalen;
129 }
130
131 static void do_busid_cmd(ESPState *s, uint8_t *buf, uint8_t busid)
132 {
133 int32_t datalen;
134 int lun;
135 SCSIDevice *current_lun;
136
137 trace_esp_do_busid_cmd(busid);
138 lun = busid & 7;
139 current_lun = scsi_device_find(&s->bus, 0, s->current_dev->id, lun);
140 s->current_req = scsi_req_new(current_lun, 0, lun, buf, s);
141 datalen = scsi_req_enqueue(s->current_req);
142 s->ti_size = datalen;
143 if (datalen != 0) {
144 s->rregs[ESP_RSTAT] = STAT_TC;
145 s->dma_left = 0;
146 s->dma_counter = 0;
147 if (datalen > 0) {
148 s->rregs[ESP_RSTAT] |= STAT_DI;
149 } else {
150 s->rregs[ESP_RSTAT] |= STAT_DO;
151 }
152 scsi_req_continue(s->current_req);
153 }
154 s->rregs[ESP_RINTR] = INTR_BS | INTR_FC;
155 s->rregs[ESP_RSEQ] = SEQ_CD;
156 esp_raise_irq(s);
157 }
158
159 static void do_cmd(ESPState *s, uint8_t *buf)
160 {
161 uint8_t busid = buf[0];
162
163 do_busid_cmd(s, &buf[1], busid);
164 }
165
166 static void handle_satn(ESPState *s)
167 {
168 uint8_t buf[32];
169 int len;
170
171 if (s->dma && !s->dma_enabled) {
172 s->dma_cb = handle_satn;
173 return;
174 }
175 len = get_cmd(s, buf, sizeof(buf));
176 if (len)
177 do_cmd(s, buf);
178 }
179
180 static void handle_s_without_atn(ESPState *s)
181 {
182 uint8_t buf[32];
183 int len;
184
185 if (s->dma && !s->dma_enabled) {
186 s->dma_cb = handle_s_without_atn;
187 return;
188 }
189 len = get_cmd(s, buf, sizeof(buf));
190 if (len) {
191 do_busid_cmd(s, buf, 0);
192 }
193 }
194
195 static void handle_satn_stop(ESPState *s)
196 {
197 if (s->dma && !s->dma_enabled) {
198 s->dma_cb = handle_satn_stop;
199 return;
200 }
201 s->cmdlen = get_cmd(s, s->cmdbuf, sizeof(s->cmdbuf));
202 if (s->cmdlen) {
203 trace_esp_handle_satn_stop(s->cmdlen);
204 s->do_cmd = 1;
205 s->rregs[ESP_RSTAT] = STAT_TC | STAT_CD;
206 s->rregs[ESP_RINTR] = INTR_BS | INTR_FC;
207 s->rregs[ESP_RSEQ] = SEQ_CD;
208 esp_raise_irq(s);
209 }
210 }
211
212 static void write_response(ESPState *s)
213 {
214 trace_esp_write_response(s->status);
215 s->ti_buf[0] = s->status;
216 s->ti_buf[1] = 0;
217 if (s->dma) {
218 s->dma_memory_write(s->dma_opaque, s->ti_buf, 2);
219 s->rregs[ESP_RSTAT] = STAT_TC | STAT_ST;
220 s->rregs[ESP_RINTR] = INTR_BS | INTR_FC;
221 s->rregs[ESP_RSEQ] = SEQ_CD;
222 } else {
223 s->ti_size = 2;
224 s->ti_rptr = 0;
225 s->ti_wptr = 0;
226 s->rregs[ESP_RFLAGS] = 2;
227 }
228 esp_raise_irq(s);
229 }
230
231 static void esp_dma_done(ESPState *s)
232 {
233 s->rregs[ESP_RSTAT] |= STAT_TC;
234 s->rregs[ESP_RINTR] = INTR_BS;
235 s->rregs[ESP_RSEQ] = 0;
236 s->rregs[ESP_RFLAGS] = 0;
237 s->rregs[ESP_TCLO] = 0;
238 s->rregs[ESP_TCMID] = 0;
239 s->rregs[ESP_TCHI] = 0;
240 esp_raise_irq(s);
241 }
242
243 static void esp_do_dma(ESPState *s)
244 {
245 uint32_t len;
246 int to_device;
247
248 to_device = (s->ti_size < 0);
249 len = s->dma_left;
250 if (s->do_cmd) {
251 trace_esp_do_dma(s->cmdlen, len);
252 s->dma_memory_read(s->dma_opaque, &s->cmdbuf[s->cmdlen], len);
253 s->ti_size = 0;
254 s->cmdlen = 0;
255 s->do_cmd = 0;
256 do_cmd(s, s->cmdbuf);
257 return;
258 }
259 if (s->async_len == 0) {
260 /* Defer until data is available. */
261 return;
262 }
263 if (len > s->async_len) {
264 len = s->async_len;
265 }
266 if (to_device) {
267 s->dma_memory_read(s->dma_opaque, s->async_buf, len);
268 } else {
269 s->dma_memory_write(s->dma_opaque, s->async_buf, len);
270 }
271 s->dma_left -= len;
272 s->async_buf += len;
273 s->async_len -= len;
274 if (to_device)
275 s->ti_size += len;
276 else
277 s->ti_size -= len;
278 if (s->async_len == 0) {
279 scsi_req_continue(s->current_req);
280 /* If there is still data to be read from the device then
281 complete the DMA operation immediately. Otherwise defer
282 until the scsi layer has completed. */
283 if (to_device || s->dma_left != 0 || s->ti_size == 0) {
284 return;
285 }
286 }
287
288 /* Partially filled a scsi buffer. Complete immediately. */
289 esp_dma_done(s);
290 }
291
292 void esp_command_complete(SCSIRequest *req, uint32_t status,
293 size_t resid)
294 {
295 ESPState *s = req->hba_private;
296
297 trace_esp_command_complete();
298 if (s->ti_size != 0) {
299 trace_esp_command_complete_unexpected();
300 }
301 s->ti_size = 0;
302 s->dma_left = 0;
303 s->async_len = 0;
304 if (status) {
305 trace_esp_command_complete_fail();
306 }
307 s->status = status;
308 s->rregs[ESP_RSTAT] = STAT_ST;
309 esp_dma_done(s);
310 if (s->current_req) {
311 scsi_req_unref(s->current_req);
312 s->current_req = NULL;
313 s->current_dev = NULL;
314 }
315 }
316
317 void esp_transfer_data(SCSIRequest *req, uint32_t len)
318 {
319 ESPState *s = req->hba_private;
320
321 trace_esp_transfer_data(s->dma_left, s->ti_size);
322 s->async_len = len;
323 s->async_buf = scsi_req_get_buf(req);
324 if (s->dma_left) {
325 esp_do_dma(s);
326 } else if (s->dma_counter != 0 && s->ti_size <= 0) {
327 /* If this was the last part of a DMA transfer then the
328 completion interrupt is deferred to here. */
329 esp_dma_done(s);
330 }
331 }
332
333 static void handle_ti(ESPState *s)
334 {
335 uint32_t dmalen, minlen;
336
337 if (s->dma && !s->dma_enabled) {
338 s->dma_cb = handle_ti;
339 return;
340 }
341
342 dmalen = s->rregs[ESP_TCLO];
343 dmalen |= s->rregs[ESP_TCMID] << 8;
344 dmalen |= s->rregs[ESP_TCHI] << 16;
345 if (dmalen==0) {
346 dmalen=0x10000;
347 }
348 s->dma_counter = dmalen;
349
350 if (s->do_cmd)
351 minlen = (dmalen < 32) ? dmalen : 32;
352 else if (s->ti_size < 0)
353 minlen = (dmalen < -s->ti_size) ? dmalen : -s->ti_size;
354 else
355 minlen = (dmalen < s->ti_size) ? dmalen : s->ti_size;
356 trace_esp_handle_ti(minlen);
357 if (s->dma) {
358 s->dma_left = minlen;
359 s->rregs[ESP_RSTAT] &= ~STAT_TC;
360 esp_do_dma(s);
361 } else if (s->do_cmd) {
362 trace_esp_handle_ti_cmd(s->cmdlen);
363 s->ti_size = 0;
364 s->cmdlen = 0;
365 s->do_cmd = 0;
366 do_cmd(s, s->cmdbuf);
367 return;
368 }
369 }
370
371 void esp_hard_reset(ESPState *s)
372 {
373 memset(s->rregs, 0, ESP_REGS);
374 memset(s->wregs, 0, ESP_REGS);
375 s->tchi_written = 0;
376 s->ti_size = 0;
377 s->ti_rptr = 0;
378 s->ti_wptr = 0;
379 s->dma = 0;
380 s->do_cmd = 0;
381 s->dma_cb = NULL;
382
383 s->rregs[ESP_CFG1] = 7;
384 }
385
386 static void esp_soft_reset(ESPState *s)
387 {
388 qemu_irq_lower(s->irq);
389 esp_hard_reset(s);
390 }
391
392 static void parent_esp_reset(ESPState *s, int irq, int level)
393 {
394 if (level) {
395 esp_soft_reset(s);
396 }
397 }
398
399 uint64_t esp_reg_read(ESPState *s, uint32_t saddr)
400 {
401 uint32_t old_val;
402
403 trace_esp_mem_readb(saddr, s->rregs[saddr]);
404 switch (saddr) {
405 case ESP_FIFO:
406 if ((s->rregs[ESP_RSTAT] & STAT_PIO_MASK) == 0) {
407 /* Data out. */
408 qemu_log_mask(LOG_UNIMP, "esp: PIO data read not implemented\n");
409 s->rregs[ESP_FIFO] = 0;
410 esp_raise_irq(s);
411 } else if (s->ti_rptr < s->ti_wptr) {
412 s->ti_size--;
413 s->rregs[ESP_FIFO] = s->ti_buf[s->ti_rptr++];
414 esp_raise_irq(s);
415 }
416 if (s->ti_rptr == s->ti_wptr) {
417 s->ti_rptr = 0;
418 s->ti_wptr = 0;
419 }
420 break;
421 case ESP_RINTR:
422 /* Clear sequence step, interrupt register and all status bits
423 except TC */
424 old_val = s->rregs[ESP_RINTR];
425 s->rregs[ESP_RINTR] = 0;
426 s->rregs[ESP_RSTAT] &= ~STAT_TC;
427 s->rregs[ESP_RSEQ] = SEQ_CD;
428 esp_lower_irq(s);
429
430 return old_val;
431 case ESP_TCHI:
432 /* Return the unique id if the value has never been written */
433 if (!s->tchi_written) {
434 return s->chip_id;
435 }
436 default:
437 break;
438 }
439 return s->rregs[saddr];
440 }
441
442 void esp_reg_write(ESPState *s, uint32_t saddr, uint64_t val)
443 {
444 trace_esp_mem_writeb(saddr, s->wregs[saddr], val);
445 switch (saddr) {
446 case ESP_TCHI:
447 s->tchi_written = true;
448 /* fall through */
449 case ESP_TCLO:
450 case ESP_TCMID:
451 s->rregs[ESP_RSTAT] &= ~STAT_TC;
452 break;
453 case ESP_FIFO:
454 if (s->do_cmd) {
455 if (s->cmdlen < TI_BUFSZ) {
456 s->cmdbuf[s->cmdlen++] = val & 0xff;
457 } else {
458 trace_esp_error_fifo_overrun();
459 }
460 } else if (s->ti_wptr == TI_BUFSZ - 1) {
461 trace_esp_error_fifo_overrun();
462 } else {
463 s->ti_size++;
464 s->ti_buf[s->ti_wptr++] = val & 0xff;
465 }
466 break;
467 case ESP_CMD:
468 s->rregs[saddr] = val;
469 if (val & CMD_DMA) {
470 s->dma = 1;
471 /* Reload DMA counter. */
472 s->rregs[ESP_TCLO] = s->wregs[ESP_TCLO];
473 s->rregs[ESP_TCMID] = s->wregs[ESP_TCMID];
474 s->rregs[ESP_TCHI] = s->wregs[ESP_TCHI];
475 } else {
476 s->dma = 0;
477 }
478 switch(val & CMD_CMD) {
479 case CMD_NOP:
480 trace_esp_mem_writeb_cmd_nop(val);
481 break;
482 case CMD_FLUSH:
483 trace_esp_mem_writeb_cmd_flush(val);
484 //s->ti_size = 0;
485 s->rregs[ESP_RINTR] = INTR_FC;
486 s->rregs[ESP_RSEQ] = 0;
487 s->rregs[ESP_RFLAGS] = 0;
488 break;
489 case CMD_RESET:
490 trace_esp_mem_writeb_cmd_reset(val);
491 esp_soft_reset(s);
492 break;
493 case CMD_BUSRESET:
494 trace_esp_mem_writeb_cmd_bus_reset(val);
495 s->rregs[ESP_RINTR] = INTR_RST;
496 if (!(s->wregs[ESP_CFG1] & CFG1_RESREPT)) {
497 esp_raise_irq(s);
498 }
499 break;
500 case CMD_TI:
501 handle_ti(s);
502 break;
503 case CMD_ICCS:
504 trace_esp_mem_writeb_cmd_iccs(val);
505 write_response(s);
506 s->rregs[ESP_RINTR] = INTR_FC;
507 s->rregs[ESP_RSTAT] |= STAT_MI;
508 break;
509 case CMD_MSGACC:
510 trace_esp_mem_writeb_cmd_msgacc(val);
511 s->rregs[ESP_RINTR] = INTR_DC;
512 s->rregs[ESP_RSEQ] = 0;
513 s->rregs[ESP_RFLAGS] = 0;
514 esp_raise_irq(s);
515 break;
516 case CMD_PAD:
517 trace_esp_mem_writeb_cmd_pad(val);
518 s->rregs[ESP_RSTAT] = STAT_TC;
519 s->rregs[ESP_RINTR] = INTR_FC;
520 s->rregs[ESP_RSEQ] = 0;
521 break;
522 case CMD_SATN:
523 trace_esp_mem_writeb_cmd_satn(val);
524 break;
525 case CMD_RSTATN:
526 trace_esp_mem_writeb_cmd_rstatn(val);
527 break;
528 case CMD_SEL:
529 trace_esp_mem_writeb_cmd_sel(val);
530 handle_s_without_atn(s);
531 break;
532 case CMD_SELATN:
533 trace_esp_mem_writeb_cmd_selatn(val);
534 handle_satn(s);
535 break;
536 case CMD_SELATNS:
537 trace_esp_mem_writeb_cmd_selatns(val);
538 handle_satn_stop(s);
539 break;
540 case CMD_ENSEL:
541 trace_esp_mem_writeb_cmd_ensel(val);
542 s->rregs[ESP_RINTR] = 0;
543 break;
544 case CMD_DISSEL:
545 trace_esp_mem_writeb_cmd_dissel(val);
546 s->rregs[ESP_RINTR] = 0;
547 esp_raise_irq(s);
548 break;
549 default:
550 trace_esp_error_unhandled_command(val);
551 break;
552 }
553 break;
554 case ESP_WBUSID ... ESP_WSYNO:
555 break;
556 case ESP_CFG1:
557 case ESP_CFG2: case ESP_CFG3:
558 case ESP_RES3: case ESP_RES4:
559 s->rregs[saddr] = val;
560 break;
561 case ESP_WCCF ... ESP_WTEST:
562 break;
563 default:
564 trace_esp_error_invalid_write(val, saddr);
565 return;
566 }
567 s->wregs[saddr] = val;
568 }
569
570 static bool esp_mem_accepts(void *opaque, hwaddr addr,
571 unsigned size, bool is_write)
572 {
573 return (size == 1) || (is_write && size == 4);
574 }
575
576 const VMStateDescription vmstate_esp = {
577 .name ="esp",
578 .version_id = 3,
579 .minimum_version_id = 3,
580 .fields = (VMStateField[]) {
581 VMSTATE_BUFFER(rregs, ESPState),
582 VMSTATE_BUFFER(wregs, ESPState),
583 VMSTATE_INT32(ti_size, ESPState),
584 VMSTATE_UINT32(ti_rptr, ESPState),
585 VMSTATE_UINT32(ti_wptr, ESPState),
586 VMSTATE_BUFFER(ti_buf, ESPState),
587 VMSTATE_UINT32(status, ESPState),
588 VMSTATE_UINT32(dma, ESPState),
589 VMSTATE_BUFFER(cmdbuf, ESPState),
590 VMSTATE_UINT32(cmdlen, ESPState),
591 VMSTATE_UINT32(do_cmd, ESPState),
592 VMSTATE_UINT32(dma_left, ESPState),
593 VMSTATE_END_OF_LIST()
594 }
595 };
596
597 #define TYPE_ESP "esp"
598 #define ESP(obj) OBJECT_CHECK(SysBusESPState, (obj), TYPE_ESP)
599
600 typedef struct {
601 /*< private >*/
602 SysBusDevice parent_obj;
603 /*< public >*/
604
605 MemoryRegion iomem;
606 uint32_t it_shift;
607 ESPState esp;
608 } SysBusESPState;
609
610 static void sysbus_esp_mem_write(void *opaque, hwaddr addr,
611 uint64_t val, unsigned int size)
612 {
613 SysBusESPState *sysbus = opaque;
614 uint32_t saddr;
615
616 saddr = addr >> sysbus->it_shift;
617 esp_reg_write(&sysbus->esp, saddr, val);
618 }
619
620 static uint64_t sysbus_esp_mem_read(void *opaque, hwaddr addr,
621 unsigned int size)
622 {
623 SysBusESPState *sysbus = opaque;
624 uint32_t saddr;
625
626 saddr = addr >> sysbus->it_shift;
627 return esp_reg_read(&sysbus->esp, saddr);
628 }
629
630 static const MemoryRegionOps sysbus_esp_mem_ops = {
631 .read = sysbus_esp_mem_read,
632 .write = sysbus_esp_mem_write,
633 .endianness = DEVICE_NATIVE_ENDIAN,
634 .valid.accepts = esp_mem_accepts,
635 };
636
637 void esp_init(hwaddr espaddr, int it_shift,
638 ESPDMAMemoryReadWriteFunc dma_memory_read,
639 ESPDMAMemoryReadWriteFunc dma_memory_write,
640 void *dma_opaque, qemu_irq irq, qemu_irq *reset,
641 qemu_irq *dma_enable)
642 {
643 DeviceState *dev;
644 SysBusDevice *s;
645 SysBusESPState *sysbus;
646 ESPState *esp;
647
648 dev = qdev_create(NULL, TYPE_ESP);
649 sysbus = ESP(dev);
650 esp = &sysbus->esp;
651 esp->dma_memory_read = dma_memory_read;
652 esp->dma_memory_write = dma_memory_write;
653 esp->dma_opaque = dma_opaque;
654 sysbus->it_shift = it_shift;
655 /* XXX for now until rc4030 has been changed to use DMA enable signal */
656 esp->dma_enabled = 1;
657 qdev_init_nofail(dev);
658 s = SYS_BUS_DEVICE(dev);
659 sysbus_connect_irq(s, 0, irq);
660 sysbus_mmio_map(s, 0, espaddr);
661 *reset = qdev_get_gpio_in(dev, 0);
662 *dma_enable = qdev_get_gpio_in(dev, 1);
663 }
664
665 static const struct SCSIBusInfo esp_scsi_info = {
666 .tcq = false,
667 .max_target = ESP_MAX_DEVS,
668 .max_lun = 7,
669
670 .transfer_data = esp_transfer_data,
671 .complete = esp_command_complete,
672 .cancel = esp_request_cancelled
673 };
674
675 static void sysbus_esp_gpio_demux(void *opaque, int irq, int level)
676 {
677 SysBusESPState *sysbus = ESP(opaque);
678 ESPState *s = &sysbus->esp;
679
680 switch (irq) {
681 case 0:
682 parent_esp_reset(s, irq, level);
683 break;
684 case 1:
685 esp_dma_enable(opaque, irq, level);
686 break;
687 }
688 }
689
690 static void sysbus_esp_realize(DeviceState *dev, Error **errp)
691 {
692 SysBusDevice *sbd = SYS_BUS_DEVICE(dev);
693 SysBusESPState *sysbus = ESP(dev);
694 ESPState *s = &sysbus->esp;
695 Error *err = NULL;
696
697 sysbus_init_irq(sbd, &s->irq);
698 assert(sysbus->it_shift != -1);
699
700 s->chip_id = TCHI_FAS100A;
701 memory_region_init_io(&sysbus->iomem, OBJECT(sysbus), &sysbus_esp_mem_ops,
702 sysbus, "esp", ESP_REGS << sysbus->it_shift);
703 sysbus_init_mmio(sbd, &sysbus->iomem);
704
705 qdev_init_gpio_in(dev, sysbus_esp_gpio_demux, 2);
706
707 scsi_bus_new(&s->bus, sizeof(s->bus), dev, &esp_scsi_info, NULL);
708 scsi_bus_legacy_handle_cmdline(&s->bus, &err);
709 if (err != NULL) {
710 error_propagate(errp, err);
711 return;
712 }
713 }
714
715 static void sysbus_esp_hard_reset(DeviceState *dev)
716 {
717 SysBusESPState *sysbus = ESP(dev);
718 esp_hard_reset(&sysbus->esp);
719 }
720
721 static const VMStateDescription vmstate_sysbus_esp_scsi = {
722 .name = "sysbusespscsi",
723 .version_id = 0,
724 .minimum_version_id = 0,
725 .fields = (VMStateField[]) {
726 VMSTATE_STRUCT(esp, SysBusESPState, 0, vmstate_esp, ESPState),
727 VMSTATE_END_OF_LIST()
728 }
729 };
730
731 static void sysbus_esp_class_init(ObjectClass *klass, void *data)
732 {
733 DeviceClass *dc = DEVICE_CLASS(klass);
734
735 dc->realize = sysbus_esp_realize;
736 dc->reset = sysbus_esp_hard_reset;
737 dc->vmsd = &vmstate_sysbus_esp_scsi;
738 set_bit(DEVICE_CATEGORY_STORAGE, dc->categories);
739 }
740
741 static const TypeInfo sysbus_esp_info = {
742 .name = TYPE_ESP,
743 .parent = TYPE_SYS_BUS_DEVICE,
744 .instance_size = sizeof(SysBusESPState),
745 .class_init = sysbus_esp_class_init,
746 };
747
748 static void esp_register_types(void)
749 {
750 type_register_static(&sysbus_esp_info);
751 }
752
753 type_init(esp_register_types)