esp: add pseudo-DMA as used by Macintosh

qemu with hax to log dma reads & writes jcs.org/2018/11/12/vfio

There is no DMA in Quadra 800, so the CPU reads/writes the data from the
PDMA register (offset 0x100, ESP_PDMA in hw/m68k/q800.c) and copies them
to/from the memory.

There is a nice assembly loop in the kernel to do that, see
linux/drivers/scsi/mac_esp.c:MAC_ESP_PDMA_LOOP().

The start of the transfer is triggered by the DREQ interrupt (see linux
mac_esp_send_pdma_cmd()), the CPU polls on the IRQ flag to start the
transfer after a SCSI command has been sent (in Quadra 800 it goes
through the VIA2, the via2-irq line and the vIFR register)

The Macintosh hardware includes hardware handshaking to prevent the CPU
from reading invalid data or writing data faster than the peripheral
device can accept it.

This is the "blind mode", and from the doc:
"Approximate maximum SCSI transfer rates within a blocks are 1.4 MB per
second for blind transfers in the Macintosh II"

Some references can be found in:
Apple Macintosh Family Hardware Reference, ISBN 0-201-19255-1
Guide to the Macintosh Family Hardware, ISBN-0-201-52405-8

Acked-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Co-developed-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
Acked-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <20191026164546.30020-4-laurent@vivier.eu>

Laurent Vivier 6 years ago 74d71ea1 6130b188

+284 -9

2 changed files

expand all

scsi

esp.c

include

scsi

esp.h

+269 -9

hw/scsi/esp.c

··· 38 38 * http://www.ibiblio.org/pub/historic-linux/early-ports/Sparc/NCR/NCR89C100.txt 39 39 * and 40 40 * http://www.ibiblio.org/pub/historic-linux/early-ports/Sparc/NCR/NCR53C9X.txt 41 + * 42 + * On Macintosh Quadra it is a NCR53C96. 41 43 */ 42 44 43 45 static void esp_raise_irq(ESPState *s) ··· 58 60 } 59 61 } 60 62 63 + static void esp_raise_drq(ESPState *s) 64 + { 65 + qemu_irq_raise(s->irq_data); 66 + } 67 + 68 + static void esp_lower_drq(ESPState *s) 69 + { 70 + qemu_irq_lower(s->irq_data); 71 + } 72 + 61 73 void esp_dma_enable(ESPState *s, int irq, int level) 62 74 { 63 75 if (level) { ··· 84 96 } 85 97 } 86 98 99 + static void set_pdma(ESPState *s, enum pdma_origin_id origin, 100 + uint32_t index, uint32_t len) 101 + { 102 + s->pdma_origin = origin; 103 + s->pdma_start = index; 104 + s->pdma_cur = index; 105 + s->pdma_len = len; 106 + } 107 + 108 + static uint8_t *get_pdma_buf(ESPState *s) 109 + { 110 + switch (s->pdma_origin) { 111 + case PDMA: 112 + return s->pdma_buf; 113 + case TI: 114 + return s->ti_buf; 115 + case CMD: 116 + return s->cmdbuf; 117 + case ASYNC: 118 + return s->async_buf; 119 + } 120 + return NULL; 121 + } 122 + 87 123 static int get_cmd_cb(ESPState *s) 88 124 { 89 125 int target; ··· 125 161 if (dmalen > buflen) { 126 162 return 0; 127 163 } 128 - s->dma_memory_read(s->dma_opaque, buf, dmalen); 164 + if (s->dma_memory_read) { 165 + s->dma_memory_read(s->dma_opaque, buf, dmalen); 166 + } else { 167 + memcpy(s->pdma_buf, buf, dmalen); 168 + set_pdma(s, PDMA, 0, dmalen); 169 + esp_raise_drq(s); 170 + return 0; 171 + } 129 172 } else { 130 173 dmalen = s->ti_size; 131 174 if (dmalen > TI_BUFSZ) { ··· 177 220 do_busid_cmd(s, &buf[1], busid); 178 221 } 179 222 223 + static void satn_pdma_cb(ESPState *s) 224 + { 225 + if (get_cmd_cb(s) < 0) { 226 + return; 227 + } 228 + if (s->pdma_cur != s->pdma_start) { 229 + do_cmd(s, get_pdma_buf(s) + s->pdma_start); 230 + } 231 + } 232 + 180 233 static void handle_satn(ESPState *s) 181 234 { 182 235 uint8_t buf[32]; ··· 186 239 s->dma_cb = handle_satn; 187 240 return; 188 241 } 242 + s->pdma_cb = satn_pdma_cb; 189 243 len = get_cmd(s, buf, sizeof(buf)); 190 244 if (len) 191 245 do_cmd(s, buf); 192 246 } 193 247 248 + static void s_without_satn_pdma_cb(ESPState *s) 249 + { 250 + if (get_cmd_cb(s) < 0) { 251 + return; 252 + } 253 + if (s->pdma_cur != s->pdma_start) { 254 + do_busid_cmd(s, get_pdma_buf(s) + s->pdma_start, 0); 255 + } 256 + } 257 + 194 258 static void handle_s_without_atn(ESPState *s) 195 259 { 196 260 uint8_t buf[32]; ··· 200 264 s->dma_cb = handle_s_without_atn; 201 265 return; 202 266 } 267 + s->pdma_cb = s_without_satn_pdma_cb; 203 268 len = get_cmd(s, buf, sizeof(buf)); 204 269 if (len) { 205 270 do_busid_cmd(s, buf, 0); 206 271 } 207 272 } 208 273 274 + static void satn_stop_pdma_cb(ESPState *s) 275 + { 276 + if (get_cmd_cb(s) < 0) { 277 + return; 278 + } 279 + s->cmdlen = s->pdma_cur - s->pdma_start; 280 + if (s->cmdlen) { 281 + trace_esp_handle_satn_stop(s->cmdlen); 282 + s->do_cmd = 1; 283 + s->rregs[ESP_RSTAT] = STAT_TC | STAT_CD; 284 + s->rregs[ESP_RINTR] = INTR_BS | INTR_FC; 285 + s->rregs[ESP_RSEQ] = SEQ_CD; 286 + esp_raise_irq(s); 287 + } 288 + } 289 + 209 290 static void handle_satn_stop(ESPState *s) 210 291 { 211 292 if (s->dma && !s->dma_enabled) { 212 293 s->dma_cb = handle_satn_stop; 213 294 return; 214 295 } 296 + s->pdma_cb = satn_stop_pdma_cb;; 215 297 s->cmdlen = get_cmd(s, s->cmdbuf, sizeof(s->cmdbuf)); 216 298 if (s->cmdlen) { 217 299 trace_esp_handle_satn_stop(s->cmdlen); ··· 223 305 } 224 306 } 225 307 308 + static void write_response_pdma_cb(ESPState *s) 309 + { 310 + s->rregs[ESP_RSTAT] = STAT_TC | STAT_ST; 311 + s->rregs[ESP_RINTR] = INTR_BS | INTR_FC; 312 + s->rregs[ESP_RSEQ] = SEQ_CD; 313 + esp_raise_irq(s); 314 + } 315 + 226 316 static void write_response(ESPState *s) 227 317 { 228 318 trace_esp_write_response(s->status); 229 319 s->ti_buf[0] = s->status; 230 320 s->ti_buf[1] = 0; 231 321 if (s->dma) { 232 - s->dma_memory_write(s->dma_opaque, s->ti_buf, 2); 233 - s->rregs[ESP_RSTAT] = STAT_TC | STAT_ST; 234 - s->rregs[ESP_RINTR] = INTR_BS | INTR_FC; 235 - s->rregs[ESP_RSEQ] = SEQ_CD; 322 + if (s->dma_memory_write) { 323 + s->dma_memory_write(s->dma_opaque, s->ti_buf, 2); 324 + s->rregs[ESP_RSTAT] = STAT_TC | STAT_ST; 325 + s->rregs[ESP_RINTR] = INTR_BS | INTR_FC; 326 + s->rregs[ESP_RSEQ] = SEQ_CD; 327 + } else { 328 + set_pdma(s, TI, 0, 2); 329 + s->pdma_cb = write_response_pdma_cb; 330 + esp_raise_drq(s); 331 + return; 332 + } 236 333 } else { 237 334 s->ti_size = 2; 238 335 s->ti_rptr = 0; ··· 254 351 esp_raise_irq(s); 255 352 } 256 353 354 + static void do_dma_pdma_cb(ESPState *s) 355 + { 356 + int to_device = (s->ti_size < 0); 357 + int len = s->pdma_cur - s->pdma_start; 358 + if (s->do_cmd) { 359 + s->ti_size = 0; 360 + s->cmdlen = 0; 361 + s->do_cmd = 0; 362 + do_cmd(s, s->cmdbuf); 363 + return; 364 + } 365 + s->dma_left -= len; 366 + s->async_buf += len; 367 + s->async_len -= len; 368 + if (to_device) { 369 + s->ti_size += len; 370 + } else { 371 + s->ti_size -= len; 372 + } 373 + if (s->async_len == 0) { 374 + scsi_req_continue(s->current_req); 375 + /* 376 + * If there is still data to be read from the device then 377 + * complete the DMA operation immediately. Otherwise defer 378 + * until the scsi layer has completed. 379 + */ 380 + if (to_device || s->dma_left != 0 || s->ti_size == 0) { 381 + return; 382 + } 383 + } 384 + 385 + /* Partially filled a scsi buffer. Complete immediately. */ 386 + esp_dma_done(s); 387 + } 388 + 257 389 static void esp_do_dma(ESPState *s) 258 390 { 259 391 uint32_t len; ··· 268 400 trace_esp_do_dma(s->cmdlen, len); 269 401 assert (s->cmdlen <= sizeof(s->cmdbuf) && 270 402 len <= sizeof(s->cmdbuf) - s->cmdlen); 271 - s->dma_memory_read(s->dma_opaque, &s->cmdbuf[s->cmdlen], len); 403 + if (s->dma_memory_read) { 404 + s->dma_memory_read(s->dma_opaque, &s->cmdbuf[s->cmdlen], len); 405 + } else { 406 + set_pdma(s, CMD, s->cmdlen, len); 407 + s->pdma_cb = do_dma_pdma_cb; 408 + esp_raise_drq(s); 409 + return; 410 + } 272 411 trace_esp_handle_ti_cmd(s->cmdlen); 273 412 s->ti_size = 0; 274 413 s->cmdlen = 0; ··· 285 424 } 286 425 to_device = (s->ti_size < 0); 287 426 if (to_device) { 288 - s->dma_memory_read(s->dma_opaque, s->async_buf, len); 427 + if (s->dma_memory_read) { 428 + s->dma_memory_read(s->dma_opaque, s->async_buf, len); 429 + } else { 430 + set_pdma(s, ASYNC, 0, len); 431 + s->pdma_cb = do_dma_pdma_cb; 432 + esp_raise_drq(s); 433 + return; 434 + } 289 435 } else { 290 - s->dma_memory_write(s->dma_opaque, s->async_buf, len); 436 + if (s->dma_memory_write) { 437 + s->dma_memory_write(s->dma_opaque, s->async_buf, len); 438 + } else { 439 + set_pdma(s, ASYNC, 0, len); 440 + s->pdma_cb = do_dma_pdma_cb; 441 + esp_raise_drq(s); 442 + return; 443 + } 291 444 } 292 445 s->dma_left -= len; 293 446 s->async_buf += len; ··· 421 574 static void esp_soft_reset(ESPState *s) 422 575 { 423 576 qemu_irq_lower(s->irq); 577 + qemu_irq_lower(s->irq_data); 424 578 esp_hard_reset(s); 425 579 } 426 580 ··· 610 764 return (size == 1) || (is_write && size == 4); 611 765 } 612 766 767 + static bool esp_pdma_needed(void *opaque) 768 + { 769 + ESPState *s = opaque; 770 + return s->dma_memory_read == NULL && s->dma_memory_write == NULL && 771 + s->dma_enabled; 772 + } 773 + 774 + static const VMStateDescription vmstate_esp_pdma = { 775 + .name = "esp/pdma", 776 + .version_id = 1, 777 + .minimum_version_id = 1, 778 + .needed = esp_pdma_needed, 779 + .fields = (VMStateField[]) { 780 + VMSTATE_BUFFER(pdma_buf, ESPState), 781 + VMSTATE_INT32(pdma_origin, ESPState), 782 + VMSTATE_UINT32(pdma_len, ESPState), 783 + VMSTATE_UINT32(pdma_start, ESPState), 784 + VMSTATE_UINT32(pdma_cur, ESPState), 785 + VMSTATE_END_OF_LIST() 786 + } 787 + }; 788 + 613 789 const VMStateDescription vmstate_esp = { 614 790 .name ="esp", 615 791 .version_id = 4, ··· 631 807 VMSTATE_UINT32(do_cmd, ESPState), 632 808 VMSTATE_UINT32(dma_left, ESPState), 633 809 VMSTATE_END_OF_LIST() 810 + }, 811 + .subsections = (const VMStateDescription * []) { 812 + &vmstate_esp_pdma, 813 + NULL 634 814 } 635 815 }; 636 816 ··· 661 841 .valid.accepts = esp_mem_accepts, 662 842 }; 663 843 844 + static void sysbus_esp_pdma_write(void *opaque, hwaddr addr, 845 + uint64_t val, unsigned int size) 846 + { 847 + SysBusESPState *sysbus = opaque; 848 + ESPState *s = &sysbus->esp; 849 + uint32_t dmalen; 850 + uint8_t *buf = get_pdma_buf(s); 851 + 852 + dmalen = s->rregs[ESP_TCLO]; 853 + dmalen |= s->rregs[ESP_TCMID] << 8; 854 + dmalen |= s->rregs[ESP_TCHI] << 16; 855 + if (dmalen == 0 || s->pdma_len == 0) { 856 + return; 857 + } 858 + switch (size) { 859 + case 1: 860 + buf[s->pdma_cur++] = val; 861 + s->pdma_len--; 862 + dmalen--; 863 + break; 864 + case 2: 865 + buf[s->pdma_cur++] = val >> 8; 866 + buf[s->pdma_cur++] = val; 867 + s->pdma_len -= 2; 868 + dmalen -= 2; 869 + break; 870 + } 871 + s->rregs[ESP_TCLO] = dmalen & 0xff; 872 + s->rregs[ESP_TCMID] = dmalen >> 8; 873 + s->rregs[ESP_TCHI] = dmalen >> 16; 874 + if (s->pdma_len == 0 && s->pdma_cb) { 875 + esp_lower_drq(s); 876 + s->pdma_cb(s); 877 + s->pdma_cb = NULL; 878 + } 879 + } 880 + 881 + static uint64_t sysbus_esp_pdma_read(void *opaque, hwaddr addr, 882 + unsigned int size) 883 + { 884 + SysBusESPState *sysbus = opaque; 885 + ESPState *s = &sysbus->esp; 886 + uint8_t *buf = get_pdma_buf(s); 887 + uint64_t val = 0; 888 + 889 + if (s->pdma_len == 0) { 890 + return 0; 891 + } 892 + switch (size) { 893 + case 1: 894 + val = buf[s->pdma_cur++]; 895 + s->pdma_len--; 896 + break; 897 + case 2: 898 + val = buf[s->pdma_cur++]; 899 + val = (val << 8) | buf[s->pdma_cur++]; 900 + s->pdma_len -= 2; 901 + break; 902 + } 903 + 904 + if (s->pdma_len == 0 && s->pdma_cb) { 905 + esp_lower_drq(s); 906 + s->pdma_cb(s); 907 + s->pdma_cb = NULL; 908 + } 909 + return val; 910 + } 911 + 912 + static const MemoryRegionOps sysbus_esp_pdma_ops = { 913 + .read = sysbus_esp_pdma_read, 914 + .write = sysbus_esp_pdma_write, 915 + .endianness = DEVICE_NATIVE_ENDIAN, 916 + .valid.min_access_size = 1, 917 + .valid.max_access_size = 2, 918 + }; 919 + 664 920 static const struct SCSIBusInfo esp_scsi_info = { 665 921 .tcq = false, 666 922 .max_target = ESP_MAX_DEVS, ··· 693 949 ESPState *s = &sysbus->esp; 694 950 695 951 sysbus_init_irq(sbd, &s->irq); 952 + sysbus_init_irq(sbd, &s->irq_data); 696 953 assert(sysbus->it_shift != -1); 697 954 698 955 s->chip_id = TCHI_FAS100A; 699 956 memory_region_init_io(&sysbus->iomem, OBJECT(sysbus), &sysbus_esp_mem_ops, 700 - sysbus, "esp", ESP_REGS << sysbus->it_shift); 957 + sysbus, "esp-regs", ESP_REGS << sysbus->it_shift); 701 958 sysbus_init_mmio(sbd, &sysbus->iomem); 959 + memory_region_init_io(&sysbus->pdma, OBJECT(sysbus), &sysbus_esp_pdma_ops, 960 + sysbus, "esp-pdma", 2); 961 + sysbus_init_mmio(sbd, &sysbus->pdma); 702 962 703 963 qdev_init_gpio_in(dev, sysbus_esp_gpio_demux, 2); 704 964

+15

include/hw/scsi/esp.h

··· 14 14 15 15 typedef struct ESPState ESPState; 16 16 17 + enum pdma_origin_id { 18 + PDMA, 19 + TI, 20 + CMD, 21 + ASYNC, 22 + }; 23 + 17 24 struct ESPState { 18 25 uint8_t rregs[ESP_REGS]; 19 26 uint8_t wregs[ESP_REGS]; 20 27 qemu_irq irq; 28 + qemu_irq irq_data; 21 29 uint8_t chip_id; 22 30 bool tchi_written; 23 31 int32_t ti_size; ··· 48 56 ESPDMAMemoryReadWriteFunc dma_memory_write; 49 57 void *dma_opaque; 50 58 void (*dma_cb)(ESPState *s); 59 + uint8_t pdma_buf[32]; 60 + int pdma_origin; 61 + uint32_t pdma_len; 62 + uint32_t pdma_start; 63 + uint32_t pdma_cur; 64 + void (*pdma_cb)(ESPState *s); 51 65 }; 52 66 53 67 #define TYPE_ESP "esp" ··· 59 73 /*< public >*/ 60 74 61 75 MemoryRegion iomem; 76 + MemoryRegion pdma; 62 77 uint32_t it_shift; 63 78 ESPState esp; 64 79 } SysBusESPState;