Fix up some erroneous comments in code:
interrupt pins are named A-D, the
interrupt pin register is always readonly
and isn't zeroed out on reset.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Including it in device models is unclean, including it without a
reason adds insult to injury.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Avoid this warning from clang analyzer by deleting the variable:
/src/qemu/hw/lsi53c895a.c:895:5: warning: Value stored to 'id' is never read
id = (current_tag >> 8) & 0xf;
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Right now the CDB is not passed to the SCSIBus until scsi_req_enqueue.
Passing it to scsi_req_new will let scsi_req_new dispatch common requests
through different reqops.
Moving the memcpy to scsi_req_new is a hack that will go away as
soon as scsi_req_new will also take care of the parsing.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Reviewed-by: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
An optimization that fast-pathed DMA reads from the SCRIPTS memory
was removed int the process. Likely it breaks with iommus anyway.
Reviewed-by: Richard Henderson <rth@twiddle.net>
Reviewed-by: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Correct typos of "licenced" to "licensed".
Reviewed-by: Stefan Weil <weil@mail.berlios.de>
Reviewed-by: Andreas F=E4rber <andreas.faerber@web.de>
Signed-off-by: Matthew Fernandez <matthew.fernandez@gmail.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
'tag' is just an abstraction to identify the command
from the driver. So we should make that explicit by
replacing 'tag' with a driver-defined pointer 'hba_private'.
This saves the lookup for driver handling several commands
in parallel.
'tag' is still being kept for tracing purposes.
Signed-off-by: Hannes Reinecke <hare@suse.de>
Acked-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
This warning is new in gcc 4.6.
Signed-off-by: Christophe Fergeau <cfergeau@redhat.com>
Acked-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
... and remove some SCSIDevice variables or fields that now become unused.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Move the common part of scsi-disk.c and scsi-generic.c to the SCSI layer.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
This is for when the request must be dropped in the void,
but still memory should be freed. To this end, the devices
register a second callback in SCSIBusOps.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Currently the SCSIRequest structure is abstracted away and cannot accessed
directly from the driver. This requires the handler to do a lookup on
an abstract 'tag' which identifies the SCSIRequest structure.
With this patch the SCSIRequest structure is exposed to the driver. This
allows use to use it directly as an argument to the SCSIDeviceInfo
callback functions and remove the lookup.
A new callback function 'alloc_req' is introduced matching 'free
req'; unref'ing to free up resources after use is moved into the
scsi_command_complete callbacks.
This temporarily introduces a leak of requests that are cancelled,
when they are removed from the queue and not from the driver. This
is fixed later by introducing scsi_req_cancel. That patch in turn
depends on this one, because the argument to scsi_req_cancel is a
SCSIRequest.
Signed-off-by: Hannes Reinecke <hare@suse.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
There are more operations than a SCSI bus can handle, besides completing
commands. One example, which this series will introduce, is cleaning up
after a request is cancelled.
More long term, a "SCSI bus" can represent the LUNs attached to a
target; in this case, while all commands will ultimately reach a logical
unit, it is the target who is in charge of answering REPORT LUNs.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Cc: Christoph Hellwig <hch@lst.de>
The 'sense' field in the HBA status structure is misnamed, as it
actually carries the SCSI status. Rename it.
Signed-off-by: Hannes Reinecke <hare@suse.de>
Reviewed-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Cc: qemu-trivial@nongnu.org
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
If these messages are not handled correctly the guest driver may hang.
Always mandatory:
- ABORT
- BUS DEVICE RESET
Mandatory if tagged queuing is implemented (which disks usually do):
- ABORT TAG
- CLEAR QUEUE
Signed-off-by: Bernhard Kohl <bernhard.kohl@nsn.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Update not only dbc but also dnad when skipping bytes during the MSGOUT
phase. Previously only dbc was updated which is probably wrong and
could lead to bogus message codes being read.
Tested on Linux and Windows Server 2003.
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
lsi_ram_read*() and lsi_ram_write*() are not consistent, one uses
leXX_to_cpu() the other uses nothing. As the comment above the RAM
declaration says: "Script ram is stored as 32-bit words in host
byteorder.", remove the leXX_to_cpu() calls.
This fixes the boot of an ARM versatile machine on MIPS and PowerPC
hosts.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
As stated before, devices can be little, big or native endian. The
target endianness is not of their concern, so we need to push things
down a level.
This patch adds a parameter to cpu_register_io_memory that allows a
device to choose its endianness. For now, all devices simply choose
native endian, because that's the same behavior as before.
Signed-off-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
There is no need for these type casts (as other existing
code shows). So re-write the first argument without
type cast (and remove a related TODO comment).
Cc: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Stefan Weil <weil@mail.berlios.de>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Compiling with GCC 4.6.0 20100925 produced a warning:
/src/qemu/hw/lsi53c895a.c: In function 'lsi_do_msgout':
/src/qemu/hw/lsi53c895a.c:848:9: error: variable 'len' set but not used [-Werror=unused-but-set-variable]
Fix by adding a dummy cast so that the variable is not unused for
non-debug case.
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
When the controller raises the SCSI reset line, we have to perform the
requested reset on all disks attached to the controller's bus. Moreover,
reset is edge triggered, so avoid repeating it if the line was already
high.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
None of its callers checks for failure. scsi_hot_add() can crash
because of that:
(qemu) drive_add 4 if=scsi,format=host_device,file=/dev/sg1
scsi-generic: scsi generic interface too old
Segmentation fault (core dumped)
Fix all callers, not just scsi_hot_add().
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
lsi_bad_phase has a bug in the choice of pmjad1/pmjad2. This does
not matter with Linux guests because it uses just one routine for
both, but it breaks Windows 64-bit guests. This is the text
from the spec:
"[The PMJCTL] bit controls which decision mechanism is used
when jumping on phase mismatch. When this bit is cleared the
LSI53C895A will use Phase Mismatch Jump Address 1 (PMJAD1) when
the WSR bit is cleared and Phase Mismatch Jump Address 2 (PMJAD2)
when the WSR bit is set. When this bit is set the LSI53C895A will
use jump address one (PMJAD1) on data out (data out, command,
message out) transfers and jump address two (PMJAD2) on data in
(data in, status, message in) transfers."
Which means:
CCNTL0.PMJCTL
0 SCNTL2.WSR = 0 PMJAD1
0 SCNTL2.WSR = 1 PMJAD2
1 out PMJAD1
1 in PMJAD2
In qemu, what you get instead is:
CCNTL0.PMJCTL
0 out PMJAD1
0 in PMJAD2 <<<<<
1 out PMJAD1
1 in PMJAD1 <<<<<
Considering that qemu always has SCNTL2.WSR cleared, the two marked cases
(corresponding to phase mismatch on input) are always jumping to the
wrong PMJAD register. The patch implements the correct semantics.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
This fixes a mismerge of 64d564094c (wrong
patch version): We need to mask the tag value properly to obtain its
device ID.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
We must not store references to selected devices as they may be
hot-removed. Instead, look up the device based on its tag right before
using it. If the device disappeared, throw an interrupt and disconnect.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
According to the LSI spec, the reset value of dcmd, dstat, and ctest2
were wrong, and sdid as well as ssid require zero initialization. There
are surely more discrepancies, this is just another increment.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Declare the input message queue empty and initialize the related state
machine properly on controller reset. This fixes unrecoverable errors
when the controller was reset during ongoing requests.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
The LSI controller was lacking a system reset handler. Simply invoke the
existing soft reset handler in this case. This also allows to drop its
explicit invocation during init.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Avoid keeping zombie requests across controller reset by purging the
queue and also dropping the currently active request.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
All callers of lsi_reselect have a lsi_request struct at hand anyway.
So just pass it directly instead of having lsi_reselect search for it
using the tag.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Right now lsi_request is allocated when a request is queued and released
when a request is unqueued. With this patch applied the lsi_request is
kept for the whole lifetime of the scsi request.
Rationale: We can use it for per-request data then. The patch does that
already for the request tag.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Replace the funky array logic for queued commands with standard
qemu list functions. Also rename lsi_queue to lsi_request.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
