1/*
2 * Adaptec U320 device driver firmware for Linux and FreeBSD.
3 *
4 * Copyright (c) 1994-2001, 2004 Justin T. Gibbs.
5 * Copyright (c) 2000-2002 Adaptec Inc.
6 * All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 * 1. Redistributions of source code must retain the above copyright
12 *    notice, this list of conditions, and the following disclaimer,
13 *    without modification.
14 * 2. Redistributions in binary form must reproduce at minimum a disclaimer
15 *    substantially similar to the "NO WARRANTY" disclaimer below
16 *    ("Disclaimer") and any redistribution must be conditioned upon
17 *    including a substantially similar Disclaimer requirement for further
18 *    binary redistribution.
19 * 3. Neither the names of the above-listed copyright holders nor the names
20 *    of any contributors may be used to endorse or promote products derived
21 *    from this software without specific prior written permission.
22 *
23 * Alternatively, this software may be distributed under the terms of the
24 * GNU General Public License ("GPL") version 2 as published by the Free
25 * Software Foundation.
26 *
27 * NO WARRANTY
28 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
29 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
30 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR
31 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
32 * HOLDERS OR CONTRIBUTORS BE LIABLE FOR SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
33 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
34 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
35 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
36 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
37 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
38 * POSSIBILITY OF SUCH DAMAGES.
39 *
40 * $FreeBSD$
41 */
42
43VERSION = "$Id: //depot/aic7xxx/aic7xxx/aic79xx.seq#120 $"
44PATCH_ARG_LIST = "struct ahd_softc *ahd"
45PREFIX = "ahd_"
46
47#include "aic79xx.reg"
48#include "scsi_message.h"
49
50restart:
51if ((ahd->bugs & AHD_INTCOLLISION_BUG) != 0) {
52	test	SEQINTCODE, 0xFF jz idle_loop;
53	SET_SEQINTCODE(NO_SEQINT)
54}
55
56idle_loop:
57
58	if ((ahd->bugs & AHD_INTCOLLISION_BUG) != 0) {
59		/*
60		 * Convert ERROR status into a sequencer
61		 * interrupt to handle the case of an
62		 * interrupt collision on the hardware
63		 * setting of HWERR.
64		 */
65		test	ERROR, 0xFF jz no_error_set;
66		SET_SEQINTCODE(SAW_HWERR)
67no_error_set:
68	}
69	SET_MODE(M_SCSI, M_SCSI)
70	test	SCSISEQ0, ENSELO|ENARBO jnz idle_loop_checkbus;
71	test	SEQ_FLAGS2, SELECTOUT_QFROZEN jz check_waiting_list;
72	/*
73	 * If the kernel has caught up with us, thaw the queue.
74	 */
75	mov	A, KERNEL_QFREEZE_COUNT;
76	cmp	QFREEZE_COUNT, A jne check_frozen_completions;
77	mov	A, KERNEL_QFREEZE_COUNT[1];
78	cmp	QFREEZE_COUNT[1], A jne check_frozen_completions;
79	and	SEQ_FLAGS2, ~SELECTOUT_QFROZEN;
80	jmp	check_waiting_list;
81check_frozen_completions:
82	test	SSTAT0, SELDO|SELINGO jnz idle_loop_checkbus;
83BEGIN_CRITICAL;
84	/*
85	 * If we have completions stalled waiting for the qfreeze
86	 * to take effect, move them over to the complete_scb list
87	 * now that no selections are pending.
88	 */
89	cmp	COMPLETE_ON_QFREEZE_HEAD[1],SCB_LIST_NULL je idle_loop_checkbus;
90	/*
91	 * Find the end of the qfreeze list.  The first element has
92	 * to be treated specially.
93	 */
94	bmov	SCBPTR, COMPLETE_ON_QFREEZE_HEAD, 2;
95	cmp 	SCB_NEXT_COMPLETE[1], SCB_LIST_NULL je join_lists;
96	/*
97	 * Now the normal loop.
98	 */
99	bmov	SCBPTR, SCB_NEXT_COMPLETE, 2;
100	cmp 	SCB_NEXT_COMPLETE[1], SCB_LIST_NULL jne . - 1;
101join_lists:
102	bmov	SCB_NEXT_COMPLETE, COMPLETE_SCB_HEAD, 2;
103	bmov	COMPLETE_SCB_HEAD, COMPLETE_ON_QFREEZE_HEAD, 2;
104	mvi	COMPLETE_ON_QFREEZE_HEAD[1], SCB_LIST_NULL;
105	jmp	idle_loop_checkbus;
106check_waiting_list:
107	cmp	WAITING_TID_HEAD[1], SCB_LIST_NULL je idle_loop_checkbus;
108	/*
109	 * ENSELO is cleared by a SELDO, so we must test for SELDO
110	 * one last time.
111	 */
112	test	SSTAT0, SELDO jnz select_out;
113	call	start_selection;
114idle_loop_checkbus:
115	test	SSTAT0, SELDO jnz select_out;
116END_CRITICAL;
117	test	SSTAT0, SELDI jnz select_in;
118	test	SCSIPHASE, ~DATA_PHASE_MASK jz idle_loop_check_nonpackreq;
119	test	SCSISIGO, ATNO jz idle_loop_check_nonpackreq;
120	call	unexpected_nonpkt_phase_find_ctxt;
121idle_loop_check_nonpackreq:
122	test	SSTAT2, NONPACKREQ jz . + 2;
123	call	unexpected_nonpkt_phase_find_ctxt;
124	if ((ahd->bugs & AHD_FAINT_LED_BUG) != 0) {
125		/*
126		 * On Rev A. hardware, the busy LED is only
127		 * turned on automaically during selections
128		 * and re-selections.  Make the LED status
129		 * more useful by forcing it to be on so
130		 * long as one of our data FIFOs is active.
131		 */
132		and	A, FIFO0FREE|FIFO1FREE, DFFSTAT;
133		cmp	A, FIFO0FREE|FIFO1FREE jne . + 3;
134		and	SBLKCTL, ~DIAGLEDEN|DIAGLEDON;
135		jmp	. + 2;
136		or	SBLKCTL, DIAGLEDEN|DIAGLEDON;
137	}
138	call	idle_loop_gsfifo_in_scsi_mode;
139	call	idle_loop_service_fifos;
140	call	idle_loop_cchan;
141	jmp	idle_loop;
142
143idle_loop_gsfifo:
144	SET_MODE(M_SCSI, M_SCSI)
145BEGIN_CRITICAL;
146idle_loop_gsfifo_in_scsi_mode:
147	test	LQISTAT2, LQIGSAVAIL jz return;
148	/*
149	 * We have received good status for this transaction.  There may
150	 * still be data in our FIFOs draining to the host.  Complete
151	 * the SCB only if all data has transferred to the host.
152	 */
153good_status_IU_done:
154	bmov	SCBPTR, GSFIFO, 2;
155	clr	SCB_SCSI_STATUS;
156	/*
157	 * If a command completed before an attempted task management
158	 * function completed, notify the host after disabling any
159	 * pending select-outs.
160	 */
161	test	SCB_TASK_MANAGEMENT, 0xFF jz gsfifo_complete_normally;
162	test	SSTAT0, SELDO|SELINGO jnz . + 2;
163	and	SCSISEQ0, ~ENSELO;
164	SET_SEQINTCODE(TASKMGMT_CMD_CMPLT_OKAY)
165gsfifo_complete_normally:
166	or	SCB_CONTROL, STATUS_RCVD;
167
168	/*
169	 * Since this status did not consume a FIFO, we have to
170	 * be a bit more dilligent in how we check for FIFOs pertaining
171	 * to this transaction.  There are two states that a FIFO still
172	 * transferring data may be in.
173	 *
174	 * 1) Configured and draining to the host, with a FIFO handler.
175	 * 2) Pending cfg4data, fifo not empty.
176	 *
177	 * Case 1 can be detected by noticing a non-zero FIFO active
178	 * count in the SCB.  In this case, we allow the routine servicing
179	 * the FIFO to complete the SCB.
180	 * 
181	 * Case 2 implies either a pending or yet to occur save data
182	 * pointers for this same context in the other FIFO.  So, if
183	 * we detect case 1, we will properly defer the post of the SCB
184	 * and achieve the desired result.  The pending cfg4data will
185	 * notice that status has been received and complete the SCB.
186	 */
187	test	SCB_FIFO_USE_COUNT, 0xFF jnz idle_loop_gsfifo_in_scsi_mode;
188	call	complete;
189END_CRITICAL;
190	jmp	idle_loop_gsfifo_in_scsi_mode;
191
192idle_loop_service_fifos:
193	SET_MODE(M_DFF0, M_DFF0)
194BEGIN_CRITICAL;
195	test	LONGJMP_ADDR[1], INVALID_ADDR jnz idle_loop_next_fifo;
196	call	longjmp;
197END_CRITICAL;
198idle_loop_next_fifo:
199	SET_MODE(M_DFF1, M_DFF1)
200BEGIN_CRITICAL;
201	test	LONGJMP_ADDR[1], INVALID_ADDR jz longjmp;
202END_CRITICAL;
203return:
204	ret;
205
206idle_loop_cchan:
207	SET_MODE(M_CCHAN, M_CCHAN)
208	test	QOFF_CTLSTA, HS_MAILBOX_ACT jz	hs_mailbox_empty;
209	or	QOFF_CTLSTA, HS_MAILBOX_ACT;
210	mov	LOCAL_HS_MAILBOX, HS_MAILBOX;
211hs_mailbox_empty:
212BEGIN_CRITICAL;
213	test	CCSCBCTL, CCARREN|CCSCBEN jz scbdma_idle;
214	test	CCSCBCTL, CCSCBDIR jnz fetch_new_scb_inprog;
215	test	CCSCBCTL, CCSCBDONE jz return;
216	/* FALLTHROUGH */
217scbdma_tohost_done:
218	test	CCSCBCTL, CCARREN jz fill_qoutfifo_dmadone;
219	/*
220	 * An SCB has been successfully uploaded to the host.
221	 * If the SCB was uploaded for some reason other than
222	 * bad SCSI status (currently only for underruns), we
223	 * queue the SCB for normal completion.  Otherwise, we
224	 * wait until any select-out activity has halted, and
225	 * then queue the completion.
226	 */
227	and	CCSCBCTL, ~(CCARREN|CCSCBEN);
228	bmov	COMPLETE_DMA_SCB_HEAD, SCB_NEXT_COMPLETE, 2;
229	cmp	SCB_NEXT_COMPLETE[1], SCB_LIST_NULL jne . + 2;
230	mvi	COMPLETE_DMA_SCB_TAIL[1], SCB_LIST_NULL;
231	test	SCB_SCSI_STATUS, 0xff jz scbdma_queue_completion;
232	bmov	SCB_NEXT_COMPLETE, COMPLETE_ON_QFREEZE_HEAD, 2;
233	bmov	COMPLETE_ON_QFREEZE_HEAD, SCBPTR, 2 ret;
234scbdma_queue_completion:
235	bmov	SCB_NEXT_COMPLETE, COMPLETE_SCB_HEAD, 2;
236	bmov	COMPLETE_SCB_HEAD, SCBPTR, 2 ret;
237fill_qoutfifo_dmadone:
238	and	CCSCBCTL, ~(CCARREN|CCSCBEN);
239	call	qoutfifo_updated;
240	mvi	COMPLETE_SCB_DMAINPROG_HEAD[1], SCB_LIST_NULL;
241	bmov	QOUTFIFO_NEXT_ADDR, SCBHADDR, 4;
242	test	QOFF_CTLSTA, SDSCB_ROLLOVR jz return;
243	bmov	QOUTFIFO_NEXT_ADDR, SHARED_DATA_ADDR, 4;
244	xor	QOUTFIFO_ENTRY_VALID_TAG, QOUTFIFO_ENTRY_VALID_TOGGLE ret;
245END_CRITICAL;
246
247qoutfifo_updated:
248	/*
249	 * If there are more commands waiting to be dma'ed
250	 * to the host, always coalesce.  Otherwise honor the
251	 * host's wishes.
252	 */
253	cmp	COMPLETE_DMA_SCB_HEAD[1], SCB_LIST_NULL jne coalesce_by_count;
254	cmp	COMPLETE_SCB_HEAD[1], SCB_LIST_NULL jne coalesce_by_count;
255	test	LOCAL_HS_MAILBOX, ENINT_COALESCE jz issue_cmdcmplt;
256
257	/*
258	 * If we have relatively few commands outstanding, don't
259	 * bother waiting for another command to complete.
260	 */
261	test	CMDS_PENDING[1], 0xFF jnz coalesce_by_count;
262	/* Add -1 so that jnc means <= not just < */
263	add	A, -1, INT_COALESCING_MINCMDS;
264	add	NONE, A, CMDS_PENDING;
265	jnc	issue_cmdcmplt;
266	
267	/*
268	 * If coalescing, only coalesce up to the limit
269	 * provided by the host driver.
270	 */
271coalesce_by_count:
272	mov	A, INT_COALESCING_MAXCMDS;
273	add	NONE, A, INT_COALESCING_CMDCOUNT;
274	jc	issue_cmdcmplt;
275	/*
276	 * If the timer is not currently active,
277	 * fire it up.
278	 */
279	test	INTCTL, SWTMINTMASK jz return;
280	bmov	SWTIMER, INT_COALESCING_TIMER, 2;
281	mvi	CLRSEQINTSTAT, CLRSEQ_SWTMRTO;
282	or	INTCTL, SWTMINTEN|SWTIMER_START;
283	and	INTCTL, ~SWTMINTMASK ret;
284
285issue_cmdcmplt:
286	mvi	INTSTAT, CMDCMPLT;
287	clr	INT_COALESCING_CMDCOUNT;
288	or	INTCTL, SWTMINTMASK ret;
289
290BEGIN_CRITICAL;
291fetch_new_scb_inprog:
292	test	CCSCBCTL, ARRDONE jz return;
293fetch_new_scb_done:
294	and	CCSCBCTL, ~(CCARREN|CCSCBEN);
295	clr	A;
296	add	CMDS_PENDING, 1;
297	adc	CMDS_PENDING[1], A;
298	if ((ahd->bugs & AHD_PKT_LUN_BUG) != 0) {
299		/*
300		 * "Short Luns" are not placed into outgoing LQ
301		 * packets in the correct byte order.  Use a full
302		 * sized lun field instead and fill it with the
303		 * one byte of lun information we support.
304		 */
305		mov	SCB_PKT_LUN[6], SCB_LUN;
306	}
307	/*
308	 * The FIFO use count field is shared with the
309	 * tag set by the host so that our SCB dma engine
310	 * knows the correct location to store the SCB.
311	 * Set it to zero before processing the SCB.
312	 */
313	clr	SCB_FIFO_USE_COUNT;
314	/* Update the next SCB address to download. */
315	bmov	NEXT_QUEUED_SCB_ADDR, SCB_NEXT_SCB_BUSADDR, 4;
316	/*
317	 * NULL out the SCB links since these fields
318	 * occupy the same location as SCB_NEXT_SCB_BUSADDR.
319	 */
320	mvi	SCB_NEXT[1], SCB_LIST_NULL;
321	mvi	SCB_NEXT2[1], SCB_LIST_NULL;
322	/* Increment our position in the QINFIFO. */
323	mov	NONE, SNSCB_QOFF;
324
325	/*
326	 * Save SCBID of this SCB in REG0 since
327	 * SCBPTR will be clobbered during target
328	 * list updates.  We also record the SCB's
329	 * flags so that we can refer to them even
330	 * after SCBPTR has been changed.
331	 */
332	bmov	REG0, SCBPTR, 2;
333	mov	A, SCB_CONTROL;
334
335	/*
336	 * Find the tail SCB of the execution queue
337	 * for this target.
338	 */
339	shr	SINDEX, 3, SCB_SCSIID;
340	and	SINDEX, ~0x1;
341	mvi	SINDEX[1], (WAITING_SCB_TAILS >> 8);
342	bmov	DINDEX, SINDEX, 2;
343	bmov	SCBPTR, SINDIR, 2;
344
345	/*
346	 * Update the tail to point to the new SCB.
347	 */
348	bmov	DINDIR, REG0, 2;
349
350	/*
351	 * If the queue was empty, queue this SCB as
352	 * the first for this target.
353	 */
354	cmp	SCBPTR[1], SCB_LIST_NULL je first_new_target_scb;
355
356	/*
357	 * SCBs that want to send messages must always be
358	 * at the head of their per-target queue so that
359	 * ATN can be asserted even if the current
360	 * negotiation agreement is packetized.  If the
361	 * target queue is empty, the SCB can be queued
362	 * immediately.  If the queue is not empty, we must
363	 * wait for it to empty before entering this SCB
364	 * into the waiting for selection queue.  Otherwise
365	 * our batching and round-robin selection scheme 
366	 * could allow commands to be queued out of order.
367	 * To simplify the implementation, we stop pulling
368	 * new commands from the host until the MK_MESSAGE
369	 * SCB can be queued to the waiting for selection
370	 * list.
371	 */
372	test	A, MK_MESSAGE jz batch_scb; 
373
374	/*
375	 * If the last SCB is also a MK_MESSAGE SCB, then
376	 * order is preserved even if we batch.
377	 */
378	test	SCB_CONTROL, MK_MESSAGE jz batch_scb; 
379
380	/*
381	 * Defer this SCB and stop fetching new SCBs until
382	 * it can be queued.  Since the SCB_SCSIID of the
383	 * tail SCB must be the same as that of the newly
384	 * queued SCB, there is no need to restore the SCBID
385	 * here.
386	 */
387	or	SEQ_FLAGS2, PENDING_MK_MESSAGE;
388	bmov	MK_MESSAGE_SCB, REG0, 2;
389	mov	MK_MESSAGE_SCSIID, SCB_SCSIID ret;
390
391batch_scb:
392	/*
393	 * Otherwise just update the previous tail SCB to
394	 * point to the new tail.
395	 */
396	bmov	SCB_NEXT, REG0, 2 ret;
397
398first_new_target_scb:
399	/*
400	 * Append SCB to the tail of the waiting for
401	 * selection list.
402	 */
403	cmp	WAITING_TID_HEAD[1], SCB_LIST_NULL je first_new_scb;
404	bmov	SCBPTR, WAITING_TID_TAIL, 2;
405	bmov	SCB_NEXT2, REG0, 2;
406	bmov	WAITING_TID_TAIL, REG0, 2 ret;
407first_new_scb:
408	/*
409	 * Whole list is empty, so the head of
410	 * the list must be initialized too.
411	 */
412	bmov	WAITING_TID_HEAD, REG0, 2;
413	bmov	WAITING_TID_TAIL, REG0, 2 ret;
414END_CRITICAL;
415
416scbdma_idle:
417	/*
418	 * Don't bother downloading new SCBs to execute
419	 * if select-outs are currently frozen or we have
420	 * a MK_MESSAGE SCB waiting to enter the queue.
421	 */
422	test	SEQ_FLAGS2, SELECTOUT_QFROZEN|PENDING_MK_MESSAGE
423		jnz scbdma_no_new_scbs;
424BEGIN_CRITICAL;
425	test	QOFF_CTLSTA, NEW_SCB_AVAIL jnz fetch_new_scb;
426scbdma_no_new_scbs:
427	cmp	COMPLETE_DMA_SCB_HEAD[1], SCB_LIST_NULL jne dma_complete_scb;
428	cmp	COMPLETE_SCB_HEAD[1], SCB_LIST_NULL je return;
429	/* FALLTHROUGH */
430fill_qoutfifo:
431	/*
432	 * Keep track of the SCBs we are dmaing just
433	 * in case the DMA fails or is aborted.
434	 */
435	bmov	COMPLETE_SCB_DMAINPROG_HEAD, COMPLETE_SCB_HEAD, 2;
436	mvi	CCSCBCTL, CCSCBRESET;
437	bmov	SCBHADDR, QOUTFIFO_NEXT_ADDR, 4;
438	mov	A, QOUTFIFO_NEXT_ADDR;
439	bmov	SCBPTR, COMPLETE_SCB_HEAD, 2;
440fill_qoutfifo_loop:
441	bmov	CCSCBRAM, SCBPTR, 2;
442	mov	CCSCBRAM, SCB_SGPTR[0];
443	mov	CCSCBRAM, QOUTFIFO_ENTRY_VALID_TAG;
444	mov	NONE, SDSCB_QOFF;
445	inc	INT_COALESCING_CMDCOUNT;
446	add	CMDS_PENDING, -1;
447	adc	CMDS_PENDING[1], -1;
448	cmp	SCB_NEXT_COMPLETE[1], SCB_LIST_NULL je fill_qoutfifo_done;
449	cmp	CCSCBADDR, CCSCBADDR_MAX je fill_qoutfifo_done;
450	test	QOFF_CTLSTA, SDSCB_ROLLOVR jnz fill_qoutfifo_done;
451	/*
452	 * Don't cross an ADB or Cachline boundary when DMA'ing
453	 * completion entries.  In PCI mode, at least in 32/33
454	 * configurations, the SCB DMA engine may lose its place
455	 * in the data-stream should the target force a retry on
456	 * something other than an 8byte aligned boundary. In
457	 * PCI-X mode, we do this to avoid split transactions since
458	 * many chipsets seem to be unable to format proper split
459	 * completions to continue the data transfer.
460	 */
461	add	SINDEX, A, CCSCBADDR;
462	test	SINDEX, CACHELINE_MASK jz fill_qoutfifo_done;
463	bmov	SCBPTR, SCB_NEXT_COMPLETE, 2;
464	jmp	fill_qoutfifo_loop;
465fill_qoutfifo_done:
466	mov	SCBHCNT, CCSCBADDR;
467	mvi	CCSCBCTL, CCSCBEN|CCSCBRESET;
468	bmov	COMPLETE_SCB_HEAD, SCB_NEXT_COMPLETE, 2;
469	mvi	SCB_NEXT_COMPLETE[1], SCB_LIST_NULL ret;
470
471fetch_new_scb:
472	bmov	SCBHADDR, NEXT_QUEUED_SCB_ADDR, 4;
473	mvi	CCARREN|CCSCBEN|CCSCBDIR|CCSCBRESET jmp dma_scb;
474dma_complete_scb:
475	bmov	SCBPTR, COMPLETE_DMA_SCB_HEAD, 2;
476	bmov	SCBHADDR, SCB_BUSADDR, 4;
477	mvi	CCARREN|CCSCBEN|CCSCBRESET jmp dma_scb;
478
479/*
480 * Either post or fetch an SCB from host memory.  The caller
481 * is responsible for polling for transfer completion.
482 *
483 * Prerequisits: Mode == M_CCHAN
484 *		 SINDEX contains CCSCBCTL flags
485 *		 SCBHADDR set to Host SCB address
486 *		 SCBPTR set to SCB src location on "push" operations
487 */
488SET_SRC_MODE	M_CCHAN;
489SET_DST_MODE	M_CCHAN;
490dma_scb:
491	mvi	SCBHCNT, SCB_TRANSFER_SIZE;
492	mov	CCSCBCTL, SINDEX ret;
493
494setjmp:
495	/*
496	 * At least on the A, a return in the same
497	 * instruction as the bmov results in a return
498	 * to the caller, not to the new address at the
499	 * top of the stack.  Since we want the latter
500	 * (we use setjmp to register a handler from an
501	 * interrupt context but not invoke that handler
502	 * until we return to our idle loop), use a
503	 * separate ret instruction.
504	 */
505	bmov	LONGJMP_ADDR, STACK, 2;
506	ret;
507setjmp_inline:
508	bmov	LONGJMP_ADDR, STACK, 2;
509longjmp:
510	bmov	STACK, LONGJMP_ADDR, 2 ret;
511END_CRITICAL;
512
513/*************************** Chip Bug Work Arounds ****************************/
514/*
515 * Must disable interrupts when setting the mode pointer
516 * register as an interrupt occurring mid update will
517 * fail to store the new mode value for restoration on
518 * an iret.
519 */
520if ((ahd->bugs & AHD_SET_MODE_BUG) != 0) {
521set_mode_work_around:
522	mvi	SEQINTCTL, INTVEC1DSL;
523	mov	MODE_PTR, SINDEX;
524	clr	SEQINTCTL ret;
525}
526
527
528if ((ahd->bugs & AHD_INTCOLLISION_BUG) != 0) {
529set_seqint_work_around:
530	mov	SEQINTCODE, SINDEX;
531	mvi	SEQINTCODE, NO_SEQINT ret;
532}
533
534/************************ Packetized LongJmp Routines *************************/
535SET_SRC_MODE	M_SCSI;
536SET_DST_MODE	M_SCSI;
537start_selection:
538BEGIN_CRITICAL;
539	if ((ahd->bugs & AHD_SENT_SCB_UPDATE_BUG) != 0) {
540		/*
541		 * Razor #494
542		 * Rev A hardware fails to update LAST/CURR/NEXTSCB
543		 * correctly after a packetized selection in several
544		 * situations:
545		 *
546		 * 1) If only one command existed in the queue, the
547		 *    LAST/CURR/NEXTSCB are unchanged.
548		 *
549		 * 2) In a non QAS, protocol allowed phase change,
550		 *    the queue is shifted 1 too far.  LASTSCB is
551		 *    the last SCB that was correctly processed.
552		 * 
553		 * 3) In the QAS case, if the full list of commands
554		 *    was successfully sent, NEXTSCB is NULL and neither
555		 *    CURRSCB nor LASTSCB can be trusted.  We must
556		 *    manually walk the list counting MAXCMDCNT elements
557		 *    to find the last SCB that was sent correctly.
558		 *
559		 * To simplify the workaround for this bug in SELDO
560		 * handling, we initialize LASTSCB prior to enabling
561		 * selection so we can rely on it even for case #1 above.
562		 */
563		bmov	LASTSCB, WAITING_TID_HEAD, 2;
564	}
565	bmov	CURRSCB, WAITING_TID_HEAD, 2;
566	bmov	SCBPTR, WAITING_TID_HEAD, 2;
567	shr	SELOID, 4, SCB_SCSIID;
568	/*
569	 * If we want to send a message to the device, ensure
570	 * we are selecting with atn regardless of our packetized
571	 * agreement.  Since SPI4 only allows target reset or PPR
572	 * messages if this is a packetized connection, the change
573	 * to our negotiation table entry for this selection will
574	 * be cleared when the message is acted on.
575	 */
576	test	SCB_CONTROL, MK_MESSAGE jz . + 3;
577	mov	NEGOADDR, SELOID;
578	or	NEGCONOPTS, ENAUTOATNO;
579	or	SCSISEQ0, ENSELO ret;
580END_CRITICAL;
581
582/*
583 * Allocate a FIFO for a non-packetized transaction.
584 * In RevA hardware, both FIFOs must be free before we
585 * can allocate a FIFO for a non-packetized transaction.
586 */
587allocate_fifo_loop:
588	/*
589	 * Do whatever work is required to free a FIFO.
590	 */
591	call	idle_loop_service_fifos;
592	SET_MODE(M_SCSI, M_SCSI)
593allocate_fifo:
594	if ((ahd->bugs & AHD_NONPACKFIFO_BUG) != 0) {
595		and	A, FIFO0FREE|FIFO1FREE, DFFSTAT;
596		cmp	A, FIFO0FREE|FIFO1FREE jne allocate_fifo_loop;
597	} else {
598		test	DFFSTAT, FIFO1FREE jnz allocate_fifo1;
599		test	DFFSTAT, FIFO0FREE jz allocate_fifo_loop;
600		mvi	DFFSTAT, B_CURRFIFO_0;
601		SET_MODE(M_DFF0, M_DFF0)
602		bmov	SCBPTR, ALLOCFIFO_SCBPTR, 2 ret;
603	}
604SET_SRC_MODE	M_SCSI;
605SET_DST_MODE	M_SCSI;
606allocate_fifo1:
607	mvi	DFFSTAT, CURRFIFO_1;
608	SET_MODE(M_DFF1, M_DFF1)
609	bmov	SCBPTR, ALLOCFIFO_SCBPTR, 2 ret;
610
611/*
612 * We have been reselected as an initiator
613 * or selected as a target.
614 */
615SET_SRC_MODE	M_SCSI;
616SET_DST_MODE	M_SCSI;
617select_in:
618	if ((ahd->bugs & AHD_FAINT_LED_BUG) != 0) {
619		/*
620		 * On Rev A. hardware, the busy LED is only
621		 * turned on automaically during selections
622		 * and re-selections.  Make the LED status
623		 * more useful by forcing it to be on from
624		 * the point of selection until our idle
625		 * loop determines that neither of our FIFOs
626		 * are busy.  This handles the non-packetized
627		 * case nicely as we will not return to the
628		 * idle loop until the busfree at the end of
629		 * each transaction.
630		 */
631		or	SBLKCTL, DIAGLEDEN|DIAGLEDON;
632	}
633	if ((ahd->bugs & AHD_BUSFREEREV_BUG) != 0) {
634		/*
635		 * Test to ensure that the bus has not
636		 * already gone free prior to clearing
637		 * any stale busfree status.  This avoids
638		 * a window whereby a busfree just after
639		 * a selection could be missed.
640		 */
641		test	SCSISIGI, BSYI jz . + 2;
642		mvi	CLRSINT1,CLRBUSFREE;
643		or	SIMODE1, ENBUSFREE;
644	}
645	or	SXFRCTL0, SPIOEN;
646	and	SAVED_SCSIID, SELID_MASK, SELID;
647	and	A, OID, IOWNID;
648	or	SAVED_SCSIID, A;
649	mvi	CLRSINT0, CLRSELDI;
650	jmp	ITloop;
651
652/*
653 * We have successfully selected out.
654 *
655 * Clear SELDO.
656 * Dequeue all SCBs sent from the waiting queue
657 * Requeue all SCBs *not* sent to the tail of the waiting queue
658 * Take Razor #494 into account for above.
659 *
660 * In Packetized Mode:
661 *	Return to the idle loop.  Our interrupt handler will take
662 *	care of any incoming L_Qs.
663 *
664 * In Non-Packetize Mode:
665 *	Continue to our normal state machine.
666 */
667SET_SRC_MODE	M_SCSI;
668SET_DST_MODE	M_SCSI;
669select_out:
670BEGIN_CRITICAL;
671	if ((ahd->bugs & AHD_FAINT_LED_BUG) != 0) {
672		/*
673		 * On Rev A. hardware, the busy LED is only
674		 * turned on automaically during selections
675		 * and re-selections.  Make the LED status
676		 * more useful by forcing it to be on from
677		 * the point of re-selection until our idle
678		 * loop determines that neither of our FIFOs
679		 * are busy.  This handles the non-packetized
680		 * case nicely as we will not return to the
681		 * idle loop until the busfree at the end of
682		 * each transaction.
683		 */
684		or	SBLKCTL, DIAGLEDEN|DIAGLEDON;
685	}
686	/* Clear out all SCBs that have been successfully sent. */
687	if ((ahd->bugs & AHD_SENT_SCB_UPDATE_BUG) != 0) {
688		/*
689		 * For packetized, the LQO manager clears ENSELO on
690		 * the assertion of SELDO.  If we are non-packetized,
691		 * LASTSCB and CURRSCB are accurate.
692		 */
693		test	SCSISEQ0, ENSELO jnz use_lastscb;
694
695		/*
696		 * The update is correct for LQOSTAT1 errors.  All
697		 * but LQOBUSFREE are handled by kernel interrupts.
698		 * If we see LQOBUSFREE, return to the idle loop.
699		 * Once we are out of the select_out critical section,
700		 * the kernel will cleanup the LQOBUSFREE and we will
701		 * eventually restart the selection if appropriate.
702		 */
703		test	LQOSTAT1, LQOBUSFREE jnz idle_loop;
704
705		/*
706		 * On a phase change oustside of packet boundaries,
707		 * LASTSCB points to the currently active SCB context
708		 * on the bus.
709		 */
710		test	LQOSTAT2, LQOPHACHGOUTPKT jnz use_lastscb;
711
712		/*
713		 * If the hardware has traversed the whole list, NEXTSCB
714		 * will be NULL, CURRSCB and LASTSCB cannot be trusted,
715		 * but MAXCMDCNT is accurate.  If we stop part way through
716		 * the list or only had one command to issue, NEXTSCB[1] is
717		 * not NULL and LASTSCB is the last command to go out.
718		 */
719		cmp	NEXTSCB[1], SCB_LIST_NULL jne use_lastscb;
720
721		/*
722		 * Brute force walk.
723		 */
724		bmov	SCBPTR, WAITING_TID_HEAD, 2;
725		mvi	SEQINTCTL, INTVEC1DSL;
726		mvi	MODE_PTR, MK_MODE(M_CFG, M_CFG);
727		mov	A, MAXCMDCNT;
728		mvi	MODE_PTR, MK_MODE(M_SCSI, M_SCSI);
729		clr	SEQINTCTL;
730find_lastscb_loop:
731		dec	A;
732		test	A, 0xFF jz found_last_sent_scb;
733		bmov	SCBPTR, SCB_NEXT, 2;
734		jmp	find_lastscb_loop;
735use_lastscb:
736		bmov	SCBPTR, LASTSCB, 2;
737found_last_sent_scb:
738		bmov	CURRSCB, SCBPTR, 2;
739curscb_ww_done:
740	} else {
741		bmov	SCBPTR, CURRSCB, 2;
742	}
743
744	/*
745	 * The whole list made it.  Clear our tail pointer to indicate
746	 * that the per-target selection queue is now empty.
747	 */
748	cmp	SCB_NEXT[1], SCB_LIST_NULL je select_out_clear_tail;
749
750	/*
751	 * Requeue any SCBs not sent, to the tail of the waiting Q.
752	 * We know that neither the per-TID list nor the list of
753	 * TIDs is empty.  Use this knowledge to our advantage and
754	 * queue the remainder to the tail of the global execution
755	 * queue.
756	 */
757	bmov	REG0, SCB_NEXT, 2;
758select_out_queue_remainder:
759	bmov	SCBPTR, WAITING_TID_TAIL, 2;
760	bmov	SCB_NEXT2, REG0, 2;
761	bmov	WAITING_TID_TAIL, REG0, 2;
762	jmp	select_out_inc_tid_q;
763
764select_out_clear_tail:
765	/*
766	 * Queue any pending MK_MESSAGE SCB for this target now
767	 * that the queue is empty.
768	 */
769	test	SEQ_FLAGS2, PENDING_MK_MESSAGE jz select_out_no_mk_message_scb;
770	mov	A, MK_MESSAGE_SCSIID;
771	cmp	SCB_SCSIID, A jne select_out_no_mk_message_scb;
772	and	SEQ_FLAGS2, ~PENDING_MK_MESSAGE;
773	bmov	REG0, MK_MESSAGE_SCB, 2;
774	jmp select_out_queue_remainder;
775
776select_out_no_mk_message_scb:
777	/*
778	 * Clear this target's execution tail and increment the queue.
779	 */
780	shr	DINDEX, 3, SCB_SCSIID;
781	or	DINDEX, 1;	/* Want only the second byte */
782	mvi	DINDEX[1], ((WAITING_SCB_TAILS) >> 8);
783	mvi	DINDIR, SCB_LIST_NULL;
784select_out_inc_tid_q:
785	bmov	SCBPTR, WAITING_TID_HEAD, 2;
786	bmov	WAITING_TID_HEAD, SCB_NEXT2, 2;
787	cmp	WAITING_TID_HEAD[1], SCB_LIST_NULL jne . + 2;
788	mvi	WAITING_TID_TAIL[1], SCB_LIST_NULL;
789	bmov	SCBPTR, CURRSCB, 2;
790	mvi	CLRSINT0, CLRSELDO;
791	test	LQOSTAT2, LQOPHACHGOUTPKT jnz unexpected_nonpkt_mode_cleared;
792	test	LQOSTAT1, LQOPHACHGINPKT jnz unexpected_nonpkt_mode_cleared;
793
794	/*
795	 * If this is a packetized connection, return to our
796	 * idle_loop and let our interrupt handler deal with
797	 * any connection setup/teardown issues.  The only
798	 * exceptions are the case of MK_MESSAGE and task management
799	 * SCBs.
800	 */
801	if ((ahd->bugs & AHD_LQO_ATNO_BUG) != 0) {
802		/*
803		 * In the A, the LQO manager transitions to LQOSTOP0 even if
804		 * we have selected out with ATN asserted and the target
805		 * REQs in a non-packet phase.
806		 */
807		test 	SCB_CONTROL, MK_MESSAGE jz select_out_no_message;
808		test	SCSISIGO, ATNO jnz select_out_non_packetized;
809select_out_no_message:
810	}
811	test	LQOSTAT2, LQOSTOP0 jz select_out_non_packetized;
812	test	SCB_TASK_MANAGEMENT, 0xFF jz idle_loop;
813	SET_SEQINTCODE(TASKMGMT_FUNC_COMPLETE)
814	jmp	idle_loop;
815
816select_out_non_packetized:
817	/* Non packetized request. */
818	and     SCSISEQ0, ~ENSELO;
819	if ((ahd->bugs & AHD_BUSFREEREV_BUG) != 0) {
820		/*
821		 * Test to ensure that the bus has not
822		 * already gone free prior to clearing
823		 * any stale busfree status.  This avoids
824		 * a window whereby a busfree just after
825		 * a selection could be missed.
826		 */
827		test	SCSISIGI, BSYI jz . + 2;
828		mvi	CLRSINT1,CLRBUSFREE;
829		or	SIMODE1, ENBUSFREE;
830	}
831	mov	SAVED_SCSIID, SCB_SCSIID;
832	mov	SAVED_LUN, SCB_LUN;
833	mvi	SEQ_FLAGS, NO_CDB_SENT;
834END_CRITICAL;
835	or	SXFRCTL0, SPIOEN;
836
837	/*
838	 * As soon as we get a successful selection, the target
839	 * should go into the message out phase since we have ATN
840	 * asserted.
841	 */
842	mvi	MSG_OUT, MSG_IDENTIFYFLAG;
843
844	/*
845	 * Main loop for information transfer phases.  Wait for the
846	 * target to assert REQ before checking MSG, C/D and I/O for
847	 * the bus phase.
848	 */
849mesgin_phasemis:
850ITloop:
851	call	phase_lock;
852
853	mov	A, LASTPHASE;
854
855	test	A, ~P_DATAIN_DT	jz p_data;
856	cmp	A,P_COMMAND	je p_command;
857	cmp	A,P_MESGOUT	je p_mesgout;
858	cmp	A,P_STATUS	je p_status;
859	cmp	A,P_MESGIN	je p_mesgin;
860
861	SET_SEQINTCODE(BAD_PHASE)
862	jmp	ITloop;			/* Try reading the bus again. */
863
864/*
865 * Command phase.  Set up the DMA registers and let 'er rip.
866 */
867p_command:
868	test	SEQ_FLAGS, NOT_IDENTIFIED jz p_command_okay;
869	SET_SEQINTCODE(PROTO_VIOLATION)
870p_command_okay:
871	test	MODE_PTR, ~(MK_MODE(M_DFF1, M_DFF1))
872		jnz p_command_allocate_fifo;
873	/*
874	 * Command retry.  Free our current FIFO and
875	 * re-allocate a FIFO so transfer state is
876	 * reset.
877	 */
878SET_SRC_MODE	M_DFF1;
879SET_DST_MODE	M_DFF1;
880	mvi	DFFSXFRCTL, RSTCHN|CLRSHCNT;
881	SET_MODE(M_SCSI, M_SCSI)
882p_command_allocate_fifo:
883	bmov	ALLOCFIFO_SCBPTR, SCBPTR, 2;
884	call	allocate_fifo;
885SET_SRC_MODE	M_DFF1;
886SET_DST_MODE	M_DFF1;
887	add	NONE, -17, SCB_CDB_LEN;
888	jnc	p_command_embedded;
889p_command_from_host:
890	bmov	HADDR[0], SCB_HOST_CDB_PTR, 9;
891	mvi	SG_CACHE_PRE, LAST_SEG;
892	mvi	DFCNTRL, (PRELOADEN|SCSIEN|HDMAEN);
893	jmp	p_command_xfer;
894p_command_embedded:
895	bmov	SHCNT[0], SCB_CDB_LEN,  1;
896	bmov	DFDAT, SCB_CDB_STORE, 16; 
897	mvi	DFCNTRL, SCSIEN;
898p_command_xfer:
899	and	SEQ_FLAGS, ~NO_CDB_SENT;
900	if ((ahd->features & AHD_FAST_CDB_DELIVERY) != 0) {
901		/*
902		 * To speed up CDB delivery in Rev B, all CDB acks
903		 * are "released" to the output sync as soon as the
904		 * command phase starts.  There is only one problem
905		 * with this approach.  If the target changes phase
906		 * before all data are sent, we have left over acks
907		 * that can go out on the bus in a data phase.  Due
908		 * to other chip contraints, this only happens if
909		 * the target goes to data-in, but if the acks go
910		 * out before we can test SDONE, we'll think that
911		 * the transfer has completed successfully.  Work
912		 * around this by taking advantage of the 400ns or
913		 * 800ns dead time between command phase and the REQ
914		 * of the new phase.  If the transfer has completed
915		 * successfully, SCSIEN should fall *long* before we
916		 * see a phase change.  We thus treat any phasemiss
917		 * that occurs before SCSIEN falls as an incomplete
918		 * transfer.
919		 */
920		test	SSTAT1, PHASEMIS jnz p_command_xfer_failed;
921		test	DFCNTRL, SCSIEN jnz . - 1;
922	} else {
923		test	DFCNTRL, SCSIEN jnz .;
924	}
925	/*
926	 * DMA Channel automatically disabled.
927	 * Don't allow a data phase if the command
928	 * was not fully transferred.
929	 */
930	test	SSTAT2, SDONE jnz ITloop;
931p_command_xfer_failed:
932	or	SEQ_FLAGS, NO_CDB_SENT;
933	jmp	ITloop;
934
935
936/*
937 * Status phase.  Wait for the data byte to appear, then read it
938 * and store it into the SCB.
939 */
940SET_SRC_MODE	M_SCSI;
941SET_DST_MODE	M_SCSI;
942p_status:
943	test	SEQ_FLAGS,NOT_IDENTIFIED jnz mesgin_proto_violation;
944p_status_okay:
945	mov	SCB_SCSI_STATUS, SCSIDAT;
946	or	SCB_CONTROL, STATUS_RCVD;
947	jmp	ITloop;
948
949/*
950 * Message out phase.  If MSG_OUT is MSG_IDENTIFYFLAG, build a full
951 * indentify message sequence and send it to the target.  The host may
952 * override this behavior by setting the MK_MESSAGE bit in the SCB
953 * control byte.  This will cause us to interrupt the host and allow
954 * it to handle the message phase completely on its own.  If the bit
955 * associated with this target is set, we will also interrupt the host,
956 * thereby allowing it to send a message on the next selection regardless
957 * of the transaction being sent.
958 * 
959 * If MSG_OUT is == HOST_MSG, also interrupt the host and take a message.
960 * This is done to allow the host to send messages outside of an identify
961 * sequence while protecting the seqencer from testing the MK_MESSAGE bit
962 * on an SCB that might not be for the current nexus. (For example, a
963 * BDR message in response to a bad reselection would leave us pointed to
964 * an SCB that doesn't have anything to do with the current target).
965 *
966 * Otherwise, treat MSG_OUT as a 1 byte message to send (abort, abort tag,
967 * bus device reset).
968 *
969 * When there are no messages to send, MSG_OUT should be set to MSG_NOOP,
970 * in case the target decides to put us in this phase for some strange
971 * reason.
972 */
973p_mesgout_retry:
974	/* Turn on ATN for the retry */
975	mvi	SCSISIGO, ATNO;
976p_mesgout:
977	mov	SINDEX, MSG_OUT;
978	cmp	SINDEX, MSG_IDENTIFYFLAG jne p_mesgout_from_host;
979	test	SCB_CONTROL,MK_MESSAGE	jnz host_message_loop;
980p_mesgout_identify:
981	or	SINDEX, MSG_IDENTIFYFLAG|DISCENB, SCB_LUN;
982	test	SCB_CONTROL, DISCENB jnz . + 2;
983	and	SINDEX, ~DISCENB;
984/*
985 * Send a tag message if TAG_ENB is set in the SCB control block.
986 * Use SCB_NONPACKET_TAG as the tag value.
987 */
988p_mesgout_tag:
989	test	SCB_CONTROL,TAG_ENB jz  p_mesgout_onebyte;
990	mov	SCSIDAT, SINDEX;	/* Send the identify message */
991	call	phase_lock;
992	cmp	LASTPHASE, P_MESGOUT	jne p_mesgout_done;
993	and	SCSIDAT,TAG_ENB|SCB_TAG_TYPE,SCB_CONTROL;
994	call	phase_lock;
995	cmp	LASTPHASE, P_MESGOUT	jne p_mesgout_done;
996	mov	SCBPTR jmp p_mesgout_onebyte;
997/*
998 * Interrupt the driver, and allow it to handle this message
999 * phase and any required retries.
1000 */
1001p_mesgout_from_host:
1002	cmp	SINDEX, HOST_MSG	jne p_mesgout_onebyte;
1003	jmp	host_message_loop;
1004
1005p_mesgout_onebyte:
1006	mvi	CLRSINT1, CLRATNO;
1007	mov	SCSIDAT, SINDEX;
1008
1009/*
1010 * If the next bus phase after ATN drops is message out, it means
1011 * that the target is requesting that the last message(s) be resent.
1012 */
1013	call	phase_lock;
1014	cmp	LASTPHASE, P_MESGOUT	je p_mesgout_retry;
1015
1016p_mesgout_done:
1017	mvi	CLRSINT1,CLRATNO;	/* Be sure to turn ATNO off */
1018	mov	LAST_MSG, MSG_OUT;
1019	mvi	MSG_OUT, MSG_NOOP;	/* No message left */
1020	jmp	ITloop;
1021
1022/*
1023 * Message in phase.  Bytes are read using Automatic PIO mode.
1024 */
1025p_mesgin:
1026	/* read the 1st message byte */
1027	mvi	ACCUM		call inb_first;
1028
1029	test	A,MSG_IDENTIFYFLAG	jnz mesgin_identify;
1030	cmp	A,MSG_DISCONNECT	je mesgin_disconnect;
1031	cmp	A,MSG_SAVEDATAPOINTER	je mesgin_sdptrs;
1032	cmp	ALLZEROS,A		je mesgin_complete;
1033	cmp	A,MSG_RESTOREPOINTERS	je mesgin_rdptrs;
1034	cmp	A,MSG_IGN_WIDE_RESIDUE	je mesgin_ign_wide_residue;
1035	cmp	A,MSG_NOOP		je mesgin_done;
1036
1037/*
1038 * Pushed message loop to allow the kernel to
1039 * run it's own message state engine.  To avoid an
1040 * extra nop instruction after signaling the kernel,
1041 * we perform the phase_lock before checking to see
1042 * if we should exit the loop and skip the phase_lock
1043 * in the ITloop.  Performing back to back phase_locks
1044 * shouldn't hurt, but why do it twice...
1045 */
1046host_message_loop:
1047	call	phase_lock;	/* Benign the first time through. */
1048	SET_SEQINTCODE(HOST_MSG_LOOP)
1049	cmp	RETURN_1, EXIT_MSG_LOOP	je ITloop;
1050	cmp	RETURN_1, CONT_MSG_LOOP_WRITE	jne . + 3;
1051	mov	SCSIDAT, RETURN_2;
1052	jmp	host_message_loop;
1053	/* Must be CONT_MSG_LOOP_READ */
1054	mov	NONE, SCSIDAT;	/* ACK Byte */
1055	jmp	host_message_loop;
1056
1057mesgin_ign_wide_residue:
1058	mov	SAVED_MODE, MODE_PTR;
1059	SET_MODE(M_SCSI, M_SCSI)
1060	shr	NEGOADDR, 4, SAVED_SCSIID;
1061	mov	A, NEGCONOPTS;
1062	RESTORE_MODE(SAVED_MODE)
1063	test	A, WIDEXFER jz mesgin_reject;
1064	/* Pull the residue byte */
1065	mvi	REG0	call inb_next;
1066	cmp	REG0, 0x01 jne mesgin_reject;
1067	test	SCB_RESIDUAL_SGPTR[0], SG_LIST_NULL jz . + 2;
1068	test	SCB_TASK_ATTRIBUTE, SCB_XFERLEN_ODD jnz mesgin_done;
1069	SET_SEQINTCODE(IGN_WIDE_RES)
1070	jmp	mesgin_done;
1071
1072mesgin_proto_violation:
1073	SET_SEQINTCODE(PROTO_VIOLATION)
1074	jmp	mesgin_done;
1075mesgin_reject:
1076	mvi	MSG_MESSAGE_REJECT	call mk_mesg;
1077mesgin_done:
1078	mov	NONE,SCSIDAT;		/*dummy read from latch to ACK*/
1079	jmp	ITloop;
1080
1081#define INDEX_DISC_LIST(scsiid, lun)					\
1082	and	A, 0xC0, scsiid;					\
1083	or	SCBPTR, A, lun;						\
1084	clr	SCBPTR[1];						\
1085	and	SINDEX, 0x30, scsiid;					\
1086	shr	SINDEX, 3;	/* Multiply by 2 */			\
1087	add	SINDEX, (SCB_DISCONNECTED_LISTS & 0xFF);		\
1088	mvi	SINDEX[1], ((SCB_DISCONNECTED_LISTS >> 8) & 0xFF)
1089
1090mesgin_identify:
1091	/*
1092	 * Determine whether a target is using tagged or non-tagged
1093	 * transactions by first looking at the transaction stored in
1094	 * the per-device, disconnected array.  If there is no untagged
1095	 * transaction for this target, this must be a tagged transaction.
1096	 */
1097	and	SAVED_LUN, MSG_IDENTIFY_LUNMASK, A;
1098	INDEX_DISC_LIST(SAVED_SCSIID, SAVED_LUN);
1099	bmov	DINDEX, SINDEX, 2;
1100	bmov	REG0, SINDIR, 2;
1101	cmp	REG0[1], SCB_LIST_NULL je snoop_tag;
1102	/* Untagged.  Clear the busy table entry and setup the SCB. */
1103	bmov	DINDIR, ALLONES, 2;
1104	bmov	SCBPTR, REG0, 2;
1105	jmp	setup_SCB;
1106
1107/*
1108 * Here we "snoop" the bus looking for a SIMPLE QUEUE TAG message.
1109 * If we get one, we use the tag returned to find the proper
1110 * SCB.  After receiving the tag, look for the SCB at SCB locations tag and
1111 * tag + 256.
1112 */
1113snoop_tag:
1114	if ((ahd->flags & AHD_SEQUENCER_DEBUG) != 0) {
1115		or	SEQ_FLAGS, 0x80;
1116	}
1117	mov	NONE, SCSIDAT;		/* ACK Identify MSG */
1118	call	phase_lock;
1119	if ((ahd->flags & AHD_SEQUENCER_DEBUG) != 0) {
1120		or	SEQ_FLAGS, 0x1;
1121	}
1122	cmp	LASTPHASE, P_MESGIN	jne not_found_ITloop;
1123	if ((ahd->flags & AHD_SEQUENCER_DEBUG) != 0) {
1124		or	SEQ_FLAGS, 0x2;
1125	}
1126	cmp	SCSIBUS, MSG_SIMPLE_Q_TAG jne not_found;
1127get_tag:
1128	clr	SCBPTR[1];
1129	mvi	SCBPTR	call inb_next;	/* tag value */
1130verify_scb:
1131	test	SCB_CONTROL,DISCONNECTED jz verify_other_scb;
1132	mov	A, SAVED_SCSIID;
1133	cmp	SCB_SCSIID, A jne verify_other_scb;
1134	mov	A, SAVED_LUN;
1135	cmp	SCB_LUN, A je setup_SCB_disconnected;
1136verify_other_scb:
1137	xor	SCBPTR[1], 1;
1138	test	SCBPTR[1], 0xFF jnz verify_scb;
1139	jmp	not_found;
1140
1141/*
1142 * Ensure that the SCB the tag points to is for
1143 * an SCB transaction to the reconnecting target.
1144 */
1145setup_SCB:
1146	if ((ahd->flags & AHD_SEQUENCER_DEBUG) != 0) {
1147		or	SEQ_FLAGS, 0x10;
1148	}
1149	test	SCB_CONTROL,DISCONNECTED jz not_found;
1150setup_SCB_disconnected:
1151	and	SCB_CONTROL,~DISCONNECTED;
1152	clr	SEQ_FLAGS;	/* make note of IDENTIFY */
1153	test	SCB_SGPTR, SG_LIST_NULL jnz . + 3;
1154	bmov	ALLOCFIFO_SCBPTR, SCBPTR, 2;
1155	call	allocate_fifo;
1156	/* See if the host wants to send a message upon reconnection */
1157	test	SCB_CONTROL, MK_MESSAGE jz mesgin_done;
1158	mvi	HOST_MSG	call mk_mesg;
1159	jmp	mesgin_done;
1160
1161not_found:
1162	SET_SEQINTCODE(NO_MATCH)
1163	jmp	mesgin_done;
1164
1165not_found_ITloop:
1166	SET_SEQINTCODE(NO_MATCH)
1167	jmp	ITloop;
1168
1169/*
1170 * We received a "command complete" message.  Put the SCB on the complete
1171 * queue and trigger a completion interrupt via the idle loop.  Before doing
1172 * so, check to see if there is a residual or the status byte is something
1173 * other than STATUS_GOOD (0).  In either of these conditions, we upload the
1174 * SCB back to the host so it can process this information.
1175 */
1176mesgin_complete:
1177
1178	/*
1179	 * If ATN is raised, we still want to give the target a message.
1180	 * Perhaps there was a parity error on this last message byte.
1181	 * Either way, the target should take us to message out phase
1182	 * and then attempt to complete the command again.  We should use a
1183	 * critical section here to guard against a timeout triggering
1184	 * for this command and setting ATN while we are still processing
1185	 * the completion.
1186	test	SCSISIGI, ATNI jnz mesgin_done;
1187	 */
1188
1189	/*
1190	 * If we are identified and have successfully sent the CDB,
1191	 * any status will do.  Optimize this fast path.
1192	 */
1193	test	SCB_CONTROL, STATUS_RCVD jz mesgin_proto_violation;
1194	test	SEQ_FLAGS, NOT_IDENTIFIED|NO_CDB_SENT jz complete_accepted;
1195
1196	/*
1197	 * If the target never sent an identify message but instead went
1198	 * to mesgin to give an invalid message, let the host abort us.
1199	 */
1200	test	SEQ_FLAGS, NOT_IDENTIFIED jnz mesgin_proto_violation;
1201
1202	/*
1203	 * If we recevied good status but never successfully sent the
1204	 * cdb, abort the command.
1205	 */
1206	test	SCB_SCSI_STATUS,0xff	jnz complete_accepted;
1207	test	SEQ_FLAGS, NO_CDB_SENT jnz mesgin_proto_violation;
1208complete_accepted:
1209
1210	/*
1211	 * See if we attempted to deliver a message but the target ingnored us.
1212	 */
1213	test	SCB_CONTROL, MK_MESSAGE jz complete_nomsg;
1214	SET_SEQINTCODE(MKMSG_FAILED)
1215complete_nomsg:
1216	call	queue_scb_completion;
1217	jmp	await_busfree;
1218
1219BEGIN_CRITICAL;
1220freeze_queue:
1221	/* Cancel any pending select-out. */
1222	test	SSTAT0, SELDO|SELINGO jnz . + 2;
1223	and	SCSISEQ0, ~ENSELO;
1224	mov	ACCUM_SAVE, A;
1225	clr	A;
1226	add	QFREEZE_COUNT, 1;
1227	adc	QFREEZE_COUNT[1], A;
1228	or	SEQ_FLAGS2, SELECTOUT_QFROZEN;
1229	mov	A, ACCUM_SAVE ret;
1230END_CRITICAL;
1231
1232/*
1233 * Complete the current FIFO's SCB if data for this same
1234 * SCB is not transferring in the other FIFO.
1235 */
1236SET_SRC_MODE	M_DFF1;
1237SET_DST_MODE	M_DFF1;
1238pkt_complete_scb_if_fifos_idle:
1239	bmov	ARG_1, SCBPTR, 2;
1240	mvi	DFFSXFRCTL, CLRCHN;
1241	SET_MODE(M_SCSI, M_SCSI)
1242	bmov	SCBPTR, ARG_1, 2;
1243	test	SCB_FIFO_USE_COUNT, 0xFF jnz return;
1244queue_scb_completion:
1245	test	SCB_SCSI_STATUS,0xff	jnz bad_status;
1246	/*
1247	 * Check for residuals
1248	 */
1249	test	SCB_SGPTR, SG_LIST_NULL jnz complete;	/* No xfer */
1250	test	SCB_SGPTR, SG_FULL_RESID jnz upload_scb;/* Never xfered */
1251	test	SCB_RESIDUAL_SGPTR, SG_LIST_NULL jz upload_scb;
1252complete:
1253BEGIN_CRITICAL;
1254	bmov	SCB_NEXT_COMPLETE, COMPLETE_SCB_HEAD, 2;
1255	bmov	COMPLETE_SCB_HEAD, SCBPTR, 2 ret;
1256END_CRITICAL;
1257bad_status:
1258	cmp	SCB_SCSI_STATUS, STATUS_PKT_SENSE je upload_scb;
1259	call	freeze_queue;
1260upload_scb:
1261	/*
1262	 * Restore SCB TAG since we reuse this field
1263	 * in the sequencer.  We don't want to corrupt
1264	 * it on the host.
1265	 */
1266	bmov	SCB_TAG, SCBPTR, 2;
1267BEGIN_CRITICAL;
1268	or	SCB_SGPTR, SG_STATUS_VALID;
1269	mvi	SCB_NEXT_COMPLETE[1], SCB_LIST_NULL;
1270	cmp	COMPLETE_DMA_SCB_HEAD[1], SCB_LIST_NULL jne add_dma_scb_tail;
1271	bmov	COMPLETE_DMA_SCB_HEAD, SCBPTR, 2;
1272	bmov	COMPLETE_DMA_SCB_TAIL, SCBPTR, 2 ret;
1273add_dma_scb_tail:
1274	bmov	REG0, SCBPTR, 2;
1275	bmov	SCBPTR, COMPLETE_DMA_SCB_TAIL, 2;
1276	bmov	SCB_NEXT_COMPLETE, REG0, 2;
1277	bmov	COMPLETE_DMA_SCB_TAIL, REG0, 2 ret;
1278END_CRITICAL;
1279
1280/*
1281 * Is it a disconnect message?  Set a flag in the SCB to remind us
1282 * and await the bus going free.  If this is an untagged transaction
1283 * store the SCB id for it in our untagged target table for lookup on
1284 * a reselection.
1285 */
1286mesgin_disconnect:
1287	/*
1288	 * If ATN is raised, we still want to give the target a message.
1289	 * Perhaps there was a parity error on this last message byte
1290	 * or we want to abort this command.  Either way, the target
1291	 * should take us to message out phase and then attempt to
1292	 * disconnect again.
1293	 * XXX - Wait for more testing.
1294	test	SCSISIGI, ATNI jnz mesgin_done;
1295	 */
1296	test	SEQ_FLAGS, NOT_IDENTIFIED|NO_CDB_SENT
1297		jnz mesgin_proto_violation;
1298	or	SCB_CONTROL,DISCONNECTED;
1299	test	SCB_CONTROL, TAG_ENB jnz await_busfree;
1300queue_disc_scb:
1301	bmov	REG0, SCBPTR, 2;
1302	INDEX_DISC_LIST(SAVED_SCSIID, SAVED_LUN);
1303	bmov	DINDEX, SINDEX, 2;
1304	bmov	DINDIR, REG0, 2;
1305	bmov	SCBPTR, REG0, 2;
1306	/* FALLTHROUGH */
1307await_busfree:
1308	and	SIMODE1, ~ENBUSFREE;
1309	if ((ahd->bugs & AHD_BUSFREEREV_BUG) == 0) {
1310		/*
1311		 * In the BUSFREEREV_BUG case, the
1312		 * busfree status was cleared at the
1313		 * beginning of the connection.
1314		 */
1315		mvi	CLRSINT1,CLRBUSFREE;
1316	}
1317	mov	NONE, SCSIDAT;		/* Ack the last byte */
1318	test	MODE_PTR, ~(MK_MODE(M_DFF1, M_DFF1))
1319		jnz await_busfree_not_m_dff;
1320SET_SRC_MODE	M_DFF1;
1321SET_DST_MODE	M_DFF1;
1322await_busfree_clrchn:
1323	mvi	DFFSXFRCTL, CLRCHN;
1324await_busfree_not_m_dff:
1325	/* clear target specific flags */
1326	mvi	SEQ_FLAGS, NOT_IDENTIFIED|NO_CDB_SENT;
1327	test	SSTAT1,REQINIT|BUSFREE	jz .;
1328	/*
1329	 * We only set BUSFREE status once either a new
1330	 * phase has been detected or we are really
1331	 * BUSFREE.  This allows the driver to know
1332	 * that we are active on the bus even though
1333	 * no identified transaction exists should a
1334	 * timeout occur while awaiting busfree.
1335	 */
1336	mvi	LASTPHASE, P_BUSFREE;
1337	test	SSTAT1, BUSFREE jnz idle_loop;
1338	SET_SEQINTCODE(MISSED_BUSFREE)
1339
1340
1341/*
1342 * Save data pointers message:
1343 * Copying RAM values back to SCB, for Save Data Pointers message, but
1344 * only if we've actually been into a data phase to change them.  This
1345 * protects against bogus data in scratch ram and the residual counts
1346 * since they are only initialized when we go into data_in or data_out.
1347 * Ack the message as soon as possible.
1348 */
1349SET_SRC_MODE	M_DFF1;
1350SET_DST_MODE	M_DFF1;
1351mesgin_sdptrs:
1352	mov	NONE,SCSIDAT;		/*dummy read from latch to ACK*/
1353	test	SEQ_FLAGS, DPHASE	jz ITloop;
1354	call	save_pointers;
1355	jmp	ITloop;
1356
1357save_pointers:
1358	/*
1359	 * If we are asked to save our position at the end of the
1360	 * transfer, just mark us at the end rather than perform a
1361	 * full save.
1362	 */
1363	test	SCB_RESIDUAL_SGPTR[0], SG_LIST_NULL jz save_pointers_full;
1364	or	SCB_SGPTR, SG_LIST_NULL ret;
1365
1366save_pointers_full:
1367	/*
1368	 * The SCB_DATAPTR becomes the current SHADDR.
1369	 * All other information comes directly from our residual
1370	 * state.
1371	 */
1372	bmov	SCB_DATAPTR, SHADDR, 8;
1373	bmov	SCB_DATACNT, SCB_RESIDUAL_DATACNT, 8 ret;
1374
1375/*
1376 * Restore pointers message?  Data pointers are recopied from the
1377 * SCB anytime we enter a data phase for the first time, so all
1378 * we need to do is clear the DPHASE flag and let the data phase
1379 * code do the rest.  We also reset/reallocate the FIFO to make
1380 * sure we have a clean start for the next data or command phase.
1381 */
1382mesgin_rdptrs:
1383	and	SEQ_FLAGS, ~DPHASE;
1384	test	MODE_PTR, ~(MK_MODE(M_DFF1, M_DFF1)) jnz msgin_rdptrs_get_fifo;
1385	mvi	DFFSXFRCTL, RSTCHN|CLRSHCNT;
1386	SET_MODE(M_SCSI, M_SCSI)
1387msgin_rdptrs_get_fifo:
1388	call	allocate_fifo;
1389	jmp	mesgin_done;
1390
1391phase_lock:     
1392	if ((ahd->bugs & AHD_EARLY_REQ_BUG) != 0) {
1393		/*
1394		 * Don't ignore persistent REQ assertions just because
1395		 * they were asserted within the bus settle delay window.
1396		 * This allows us to tolerate devices like the GEM318
1397		 * that violate the SCSI spec.  We are careful not to
1398		 * count REQ while we are waiting for it to fall during
1399		 * an async phase due to our asserted ACK.  Each
1400		 * sequencer instruction takes ~25ns, so the REQ must
1401		 * last at least 100ns in order to be counted as a true
1402		 * REQ.
1403		 */
1404		test	SCSIPHASE, 0xFF jnz phase_locked;
1405		test	SCSISIGI, ACKI jnz phase_lock;
1406		test	SCSISIGI, REQI jz phase_lock;
1407		test	SCSIPHASE, 0xFF jnz phase_locked;
1408		test	SCSISIGI, ACKI jnz phase_lock;
1409		test	SCSISIGI, REQI jz phase_lock;
1410phase_locked:
1411	} else {
1412		test	SCSIPHASE, 0xFF jz .;
1413	}
1414	test	SSTAT1, SCSIPERR jnz phase_lock;
1415phase_lock_latch_phase:
1416	and	LASTPHASE, PHASE_MASK, SCSISIGI ret;
1417
1418/*
1419 * Functions to read data in Automatic PIO mode.
1420 *
1421 * An ACK is not sent on input from the target until SCSIDATL is read from.
1422 * So we wait until SCSIDATL is latched (the usual way), then read the data
1423 * byte directly off the bus using SCSIBUSL.  When we have pulled the ATN
1424 * line, or we just want to acknowledge the byte, then we do a dummy read
1425 * from SCISDATL.  The SCSI spec guarantees that the target will hold the
1426 * data byte on the bus until we send our ACK.
1427 *
1428 * The assumption here is that these are called in a particular sequence,
1429 * and that REQ is already set when inb_first is called.  inb_{first,next}
1430 * use the same calling convention as inb.
1431 */
1432inb_next:
1433	mov	NONE,SCSIDAT;		/*dummy read from latch to ACK*/
1434inb_next_wait:
1435	/*
1436	 * If there is a parity error, wait for the kernel to
1437	 * see the interrupt and prepare our message response
1438	 * before continuing.
1439	 */
1440	test	SCSIPHASE, 0xFF jz .;
1441	test	SSTAT1, SCSIPERR jnz inb_next_wait;
1442inb_next_check_phase:
1443	and	LASTPHASE, PHASE_MASK, SCSISIGI;
1444	cmp	LASTPHASE, P_MESGIN jne mesgin_phasemis;
1445inb_first:
1446	clr	DINDEX[1];
1447	mov	DINDEX,SINDEX;
1448	mov	DINDIR,SCSIBUS	ret;		/*read byte directly from bus*/
1449inb_last:
1450	mov	NONE,SCSIDAT ret;		/*dummy read from latch to ACK*/
1451
1452mk_mesg:
1453	mvi	SCSISIGO, ATNO;
1454	mov	MSG_OUT,SINDEX ret;
1455
1456SET_SRC_MODE	M_DFF1;
1457SET_DST_MODE	M_DFF1;
1458disable_ccsgen:
1459	test	SG_STATE, FETCH_INPROG jz disable_ccsgen_fetch_done;
1460	clr	CCSGCTL;
1461disable_ccsgen_fetch_done:
1462	clr	SG_STATE ret;
1463
1464service_fifo:
1465	/*
1466	 * Do we have any prefetch left???
1467	 */
1468	test	SG_STATE, SEGS_AVAIL jnz idle_sg_avail;
1469
1470	/*
1471	 * Can this FIFO have access to the S/G cache yet?
1472	 */
1473	test	CCSGCTL, SG_CACHE_AVAIL jz return;
1474
1475	/* Did we just finish fetching segs? */
1476	test	CCSGCTL, CCSGDONE jnz idle_sgfetch_complete;
1477
1478	/* Are we actively fetching segments? */
1479	test	CCSGCTL, CCSGENACK jnz return;
1480
1481	/*
1482	 * Should the other FIFO get the S/G cache first?  If
1483	 * both FIFOs have been allocated since we last checked
1484	 * any FIFO, it is important that we service a FIFO
1485	 * that is not actively on the bus first.  This guarantees
1486	 * that a FIFO will be freed to handle snapshot requests for
1487	 * any FIFO that is still on the bus.  Chips with RTI do not
1488	 * perform snapshots, so don't bother with this test there.
1489	 */
1490	if ((ahd->features & AHD_RTI) == 0) {
1491		/*
1492		 * If we're not still receiving SCSI data,
1493		 * it is safe to allocate the S/G cache to
1494		 * this FIFO.
1495		 */
1496		test	DFCNTRL, SCSIEN jz idle_sgfetch_start;
1497
1498		/*
1499		 * Switch to the other FIFO.  Non-RTI chips
1500		 * also have the "set mode" bug, so we must
1501		 * disable interrupts during the switch.
1502		 */
1503		mvi	SEQINTCTL, INTVEC1DSL;
1504		xor	MODE_PTR, MK_MODE(M_DFF1, M_DFF1);
1505
1506		/*
1507		 * If the other FIFO needs loading, then it
1508		 * must not have claimed the S/G cache yet
1509		 * (SG_CACHE_AVAIL would have been cleared in
1510		 * the original FIFO mode and we test this above).
1511		 * Return to the idle loop so we can process the
1512		 * FIFO not currently on the bus first.
1513		 */
1514		test	SG_STATE, LOADING_NEEDED jz idle_sgfetch_okay;
1515		clr	SEQINTCTL ret;
1516idle_sgfetch_okay:
1517		xor	MODE_PTR, MK_MODE(M_DFF1, M_DFF1);
1518		clr	SEQINTCTL;
1519	}
1520
1521idle_sgfetch_start:
1522	/*
1523	 * We fetch a "cacheline aligned" and sized amount of data
1524	 * so we don't end up referencing a non-existent page.
1525	 * Cacheline aligned is in quotes because the kernel will
1526	 * set the prefetch amount to a reasonable level if the
1527	 * cacheline size is unknown.
1528	 */
1529	bmov	SGHADDR, SCB_RESIDUAL_SGPTR, 4;
1530	mvi	SGHCNT, SG_PREFETCH_CNT;
1531	if ((ahd->bugs & AHD_REG_SLOW_SETTLE_BUG) != 0) {
1532		/*
1533		 * Need two instructions between "touches" of SGHADDR.
1534		 */
1535		nop;
1536	}
1537	and	SGHADDR[0], SG_PREFETCH_ALIGN_MASK, SCB_RESIDUAL_SGPTR;
1538	mvi	CCSGCTL, CCSGEN|CCSGRESET;
1539	or	SG_STATE, FETCH_INPROG ret;
1540idle_sgfetch_complete:
1541	/*
1542	 * Guard against SG_CACHE_AVAIL activating during sg fetch
1543	 * request in the other FIFO.
1544	 */
1545	test	SG_STATE, FETCH_INPROG jz return;
1546	clr	CCSGCTL;
1547	and	CCSGADDR, SG_PREFETCH_ADDR_MASK, SCB_RESIDUAL_SGPTR;
1548	mvi	SG_STATE, SEGS_AVAIL|LOADING_NEEDED;
1549idle_sg_avail:
1550	/* Does the hardware have space for another SG entry? */
1551	test	DFSTATUS, PRELOAD_AVAIL jz return;
1552	/*
1553	 * On the A, preloading a segment before HDMAENACK
1554	 * comes true can clobber the shadow address of the
1555	 * first segment in the S/G FIFO.  Wait until it is
1556	 * safe to proceed.
1557	 */
1558	if ((ahd->features & AHD_NEW_DFCNTRL_OPTS) == 0) {
1559		test	DFCNTRL, HDMAENACK jz return;
1560	}
1561	if ((ahd->flags & AHD_64BIT_ADDRESSING) != 0) {
1562		bmov	HADDR, CCSGRAM, 8;
1563	} else {
1564		bmov 	HADDR, CCSGRAM, 4;
1565	}
1566	bmov	HCNT, CCSGRAM, 3;
1567	bmov	SCB_RESIDUAL_DATACNT[3], CCSGRAM, 1;
1568	if ((ahd->flags & AHD_39BIT_ADDRESSING) != 0) {
1569		and	HADDR[4], SG_HIGH_ADDR_BITS, SCB_RESIDUAL_DATACNT[3];
1570	}
1571	if ((ahd->flags & AHD_64BIT_ADDRESSING) != 0) {
1572		/* Skip 4 bytes of pad. */
1573		add	CCSGADDR, 4;
1574	}
1575sg_advance:
1576	clr	A;			/* add sizeof(struct scatter) */
1577	add	SCB_RESIDUAL_SGPTR[0],SG_SIZEOF;
1578	adc	SCB_RESIDUAL_SGPTR[1],A;
1579	adc	SCB_RESIDUAL_SGPTR[2],A;
1580	adc	SCB_RESIDUAL_SGPTR[3],A;
1581	mov	SINDEX, SCB_RESIDUAL_SGPTR[0];
1582	test	SCB_RESIDUAL_DATACNT[3], SG_LAST_SEG jz . + 3;
1583	or	SINDEX, LAST_SEG;
1584	clr	SG_STATE;
1585	mov	SG_CACHE_PRE, SINDEX;
1586	if ((ahd->features & AHD_NEW_DFCNTRL_OPTS) != 0) {
1587		/*
1588		 * Use SCSIENWRDIS so that SCSIEN is never
1589		 * modified by this operation.
1590		 */
1591		or	DFCNTRL, PRELOADEN|HDMAEN|SCSIENWRDIS;
1592	} else {
1593		or	DFCNTRL, PRELOADEN|HDMAEN;
1594	}
1595	/*
1596	 * Do we have another segment in the cache?
1597	 */
1598	add	NONE, SG_PREFETCH_CNT_LIMIT, CCSGADDR;
1599	jnc	return;
1600	and	SG_STATE, ~SEGS_AVAIL ret;
1601
1602/*
1603 * Initialize the DMA address and counter from the SCB.
1604 */
1605load_first_seg:
1606	bmov	HADDR, SCB_DATAPTR, 11;
1607	and	REG_ISR, ~SG_FULL_RESID, SCB_SGPTR[0];
1608	test	SCB_DATACNT[3], SG_LAST_SEG jz . + 2;
1609	or	REG_ISR, LAST_SEG;
1610	mov	SG_CACHE_PRE, REG_ISR;
1611	mvi	DFCNTRL, (PRELOADEN|SCSIEN|HDMAEN);
1612	/*
1613	 * Since we've are entering a data phase, we will
1614	 * rely on the SCB_RESID* fields.  Initialize the
1615	 * residual and clear the full residual flag.
1616	 */
1617	and	SCB_SGPTR[0], ~SG_FULL_RESID;
1618	bmov	SCB_RESIDUAL_DATACNT[3], SCB_DATACNT[3], 5;
1619	/* If we need more S/G elements, tell the idle loop */
1620	test	SCB_RESIDUAL_DATACNT[3], SG_LAST_SEG jnz . + 2;
1621	mvi	SG_STATE, LOADING_NEEDED ret;
1622	clr	SG_STATE ret;
1623
1624p_data_handle_xfer:
1625	call	setjmp;
1626	test	SG_STATE, LOADING_NEEDED jnz service_fifo;
1627p_data_clear_handler:
1628	or	LONGJMP_ADDR[1], INVALID_ADDR ret;
1629
1630p_data:
1631	test	SEQ_FLAGS, NOT_IDENTIFIED|NO_CDB_SENT	jz p_data_allowed;
1632	SET_SEQINTCODE(PROTO_VIOLATION)
1633p_data_allowed:
1634 
1635	test	SEQ_FLAGS, DPHASE	jz data_phase_initialize;
1636
1637	/*
1638	 * If we re-enter the data phase after going through another
1639	 * phase, our transfer location has almost certainly been
1640	 * corrupted by the interveining, non-data, transfers.  Ask
1641	 * the host driver to fix us up based on the transfer residual
1642	 * unless we already know that we should be bitbucketing.
1643	 */
1644	test	SCB_RESIDUAL_SGPTR[0], SG_LIST_NULL jnz p_data_bitbucket;
1645	SET_SEQINTCODE(PDATA_REINIT)
1646	jmp	data_phase_inbounds;
1647
1648p_data_bitbucket:
1649	/*
1650	 * Turn on `Bit Bucket' mode, wait until the target takes
1651	 * us to another phase, and then notify the host.
1652	 */
1653	mov	SAVED_MODE, MODE_PTR;
1654	test	MODE_PTR, ~(MK_MODE(M_DFF1, M_DFF1))
1655		jnz bitbucket_not_m_dff;
1656	/*
1657	 * Ensure that any FIFO contents are cleared out and the
1658	 * FIFO free'd prior to starting the BITBUCKET.  BITBUCKET
1659	 * doesn't discard data already in the FIFO.
1660	 */
1661	mvi	DFFSXFRCTL, RSTCHN|CLRSHCNT;
1662	SET_MODE(M_SCSI, M_SCSI)
1663bitbucket_not_m_dff:
1664	or	SXFRCTL1,BITBUCKET;
1665	/* Wait for non-data phase. */
1666	test	SCSIPHASE, ~DATA_PHASE_MASK jz .;
1667	and	SXFRCTL1, ~BITBUCKET;
1668	RESTORE_MODE(SAVED_MODE)
1669SET_SRC_MODE	M_DFF1;
1670SET_DST_MODE	M_DFF1;
1671	SET_SEQINTCODE(DATA_OVERRUN)
1672	jmp	ITloop;
1673
1674data_phase_initialize:
1675	test	SCB_SGPTR[0], SG_LIST_NULL jnz p_data_bitbucket;
1676	call	load_first_seg;
1677data_phase_inbounds:
1678	/* We have seen a data phase at least once. */
1679	or	SEQ_FLAGS, DPHASE;
1680	mov	SAVED_MODE, MODE_PTR;
1681	test	SG_STATE, LOADING_NEEDED jz data_group_dma_loop;
1682	call	p_data_handle_xfer;
1683data_group_dma_loop:
1684	/*
1685	 * The transfer is complete if either the last segment
1686	 * completes or the target changes phase.  Both conditions
1687	 * will clear SCSIEN.
1688	 */
1689	call	idle_loop_service_fifos;
1690	call	idle_loop_cchan;
1691	call	idle_loop_gsfifo;
1692	RESTORE_MODE(SAVED_MODE)
1693	test	DFCNTRL, SCSIEN jnz data_group_dma_loop;
1694
1695data_group_dmafinish:
1696	/*
1697	 * The transfer has terminated either due to a phase
1698	 * change, and/or the completion of the last segment.
1699	 * We have two goals here.  Do as much other work
1700	 * as possible while the data fifo drains on a read
1701	 * and respond as quickly as possible to the standard
1702	 * messages (save data pointers/disconnect and command
1703	 * complete) that usually follow a data phase.
1704	 */
1705	call	calc_residual;
1706
1707	/*
1708	 * Go ahead and shut down the DMA engine now.
1709	 */
1710	test	DFCNTRL, DIRECTION jnz data_phase_finish;
1711data_group_fifoflush:
1712	if ((ahd->bugs & AHD_AUTOFLUSH_BUG) != 0) {
1713		or	DFCNTRL, FIFOFLUSH;
1714	}
1715	/*
1716	 * We have enabled the auto-ack feature.  This means
1717	 * that the controller may have already transferred
1718	 * some overrun bytes into the data FIFO and acked them
1719	 * on the bus.  The only way to detect this situation is
1720	 * to wait for LAST_SEG_DONE to come true on a completed
1721	 * transfer and then test to see if the data FIFO is
1722	 * non-empty.  We know there is more data yet to transfer
1723	 * if SG_LIST_NULL is not yet set, thus there cannot be
1724	 * an overrun.
1725	 */
1726	test	SCB_RESIDUAL_SGPTR[0], SG_LIST_NULL jz data_phase_finish;
1727	test	SG_CACHE_SHADOW, LAST_SEG_DONE jz .;
1728	test	DFSTATUS, FIFOEMP jnz data_phase_finish;
1729	/* Overrun */
1730	jmp	p_data;
1731data_phase_finish:
1732	/*
1733	 * If the target has left us in data phase, loop through
1734	 * the dma code again.  We will only loop if there is a
1735	 * data overrun.  
1736	 */
1737	if ((ahd->flags & AHD_TARGETROLE) != 0) {
1738		test	SSTAT0, TARGET jnz data_phase_done;
1739	}
1740	if ((ahd->flags & AHD_INITIATORROLE) != 0) {
1741		test	SSTAT1, REQINIT jz .;
1742		test	SCSIPHASE, DATA_PHASE_MASK jnz p_data;
1743	}
1744
1745data_phase_done:
1746	/* Kill off any pending prefetch */
1747	call	disable_ccsgen;
1748	or 	LONGJMP_ADDR[1], INVALID_ADDR;
1749
1750	if ((ahd->flags & AHD_TARGETROLE) != 0) {
1751		test	SEQ_FLAGS, DPHASE_PENDING jz ITloop;
1752		/*
1753		and	SEQ_FLAGS, ~DPHASE_PENDING;
1754		 * For data-in phases, wait for any pending acks from the
1755		 * initiator before changing phase.  We only need to
1756		 * send Ignore Wide Residue messages for data-in phases.
1757		test	DFCNTRL, DIRECTION jz target_ITloop;
1758		test	SSTAT1, REQINIT	jnz .;
1759		test	SCB_TASK_ATTRIBUTE, SCB_XFERLEN_ODD jz target_ITloop;
1760		SET_MODE(M_SCSI, M_SCSI)
1761		test	NEGCONOPTS, WIDEXFER jz target_ITloop;
1762		 */
1763		/*
1764		 * Issue an Ignore Wide Residue Message.
1765		mvi	P_MESGIN|BSYO call change_phase;
1766		mvi	MSG_IGN_WIDE_RESIDUE call target_outb;
1767		mvi	1 call target_outb;
1768		jmp	target_ITloop;
1769		 */
1770	} else {
1771		jmp	ITloop;
1772	}
1773
1774/*
1775 * We assume that, even though data may still be
1776 * transferring to the host, that the SCSI side of
1777 * the DMA engine is now in a static state.  This
1778 * allows us to update our notion of where we are
1779 * in this transfer.
1780 *
1781 * If, by chance, we stopped before being able
1782 * to fetch additional segments for this transfer,
1783 * yet the last S/G was completely exhausted,
1784 * call our idle loop until it is able to load
1785 * another segment.  This will allow us to immediately
1786 * pickup on the next segment on the next data phase.
1787 *
1788 * If we happened to stop on the last segment, then
1789 * our residual information is still correct from
1790 * the idle loop and there is no need to perform
1791 * any fixups.
1792 */
1793residual_before_last_seg:
1794	test    MDFFSTAT, SHVALID	jnz sgptr_fixup;
1795	/*
1796	 * Can never happen from an interrupt as the packetized
1797	 * hardware will only interrupt us once SHVALID or
1798	 * LAST_SEG_DONE.
1799	 */
1800	call	idle_loop_service_fifos;
1801	RESTORE_MODE(SAVED_MODE)
1802	/* FALLTHROUGH */
1803calc_residual:
1804	test	SG_CACHE_SHADOW, LAST_SEG jz residual_before_last_seg;
1805	/* Record if we've consumed all S/G entries */
1806	test	MDFFSTAT, SHVALID	jz . + 2;
1807	bmov	SCB_RESIDUAL_DATACNT, SHCNT, 3 ret;
1808	or	SCB_RESIDUAL_SGPTR[0], SG_LIST_NULL ret;
1809
1810sgptr_fixup:
1811	/*
1812	 * Fixup the residual next S/G pointer.  The S/G preload
1813	 * feature of the chip allows us to load two elements
1814	 * in addition to the currently active element.  We
1815	 * store the bottom byte of the next S/G pointer in
1816	 * the SG_CACHE_PTR register so we can restore the
1817	 * correct value when the DMA completes.  If the next
1818	 * sg ptr value has advanced to the point where higher
1819	 * bytes in the address have been affected, fix them
1820	 * too.
1821	 */
1822	test	SG_CACHE_SHADOW, 0x80 jz sgptr_fixup_done;
1823	test	SCB_RESIDUAL_SGPTR[0], 0x80 jnz sgptr_fixup_done;
1824	add	SCB_RESIDUAL_SGPTR[1], -1;
1825	adc	SCB_RESIDUAL_SGPTR[2], -1; 
1826	adc	SCB_RESIDUAL_SGPTR[3], -1;
1827sgptr_fixup_done:
1828	and	SCB_RESIDUAL_SGPTR[0], SG_ADDR_MASK, SG_CACHE_SHADOW;
1829	clr	SCB_RESIDUAL_DATACNT[3]; /* We are not the last seg */
1830	bmov	SCB_RESIDUAL_DATACNT, SHCNT, 3 ret;
1831
1832export timer_isr:
1833	call	issue_cmdcmplt;
1834	mvi	CLRSEQINTSTAT, CLRSEQ_SWTMRTO;
1835	if ((ahd->bugs & AHD_SET_MODE_BUG) != 0) {
1836		/*
1837		 * In H2A4, the mode pointer is not saved
1838		 * for intvec2, but is restored on iret.
1839		 * This can lead to the restoration of a
1840		 * bogus mode ptr.  Manually clear the
1841		 * intmask bits and do a normal return
1842		 * to compensate.
1843		 */
1844		and	SEQINTCTL, ~(INTMASK2|INTMASK1) ret;
1845	} else {
1846		or	SEQINTCTL, IRET ret;
1847	}
1848
1849export seq_isr:
1850	if ((ahd->features & AHD_RTI) == 0) {
1851		/*
1852		 * On RevA Silicon, if the target returns us to data-out
1853		 * after we have already trained for data-out, it is
1854		 * possible for us to transition the free running clock to
1855		 * data-valid before the required 100ns P1 setup time (8 P1
1856		 * assertions in fast-160 mode).  This will only happen if
1857		 * this L-Q is a continuation of a data transfer for which
1858		 * we have already prefetched data into our FIFO (LQ/Data
1859		 * followed by LQ/Data for the same write transaction).
1860		 * This can cause some target implementations to miss the
1861		 * first few data transfers on the bus.  We detect this
1862		 * situation by noticing that this is the first data transfer
1863		 * after an LQ (LQIWORKONLQ true), that the data transfer is
1864		 * a continuation of a transfer already setup in our FIFO
1865		 * (SAVEPTRS interrupt), and that the transaction is a write
1866		 * (DIRECTION set in DFCNTRL). The delay is performed by
1867		 * disabling SCSIEN until we see the first REQ from the
1868		 * target.
1869		 * 
1870		 * First instruction in an ISR cannot be a branch on
1871		 * Rev A.  Snapshot LQISTAT2 so the status is not missed
1872		 * and deffer the test by one instruction.
1873		 */
1874		mov	REG_ISR, LQISTAT2;
1875		test	REG_ISR, LQIWORKONLQ jz main_isr;
1876		test	SEQINTSRC, SAVEPTRS  jz main_isr;
1877		test	LONGJMP_ADDR[1], INVALID_ADDR jz saveptr_active_fifo;
1878		/*
1879		 * Switch to the active FIFO after clearing the snapshot
1880		 * savepointer in the current FIFO.  We do this so that
1881		 * a pending CTXTDONE or SAVEPTR is visible in the active
1882		 * FIFO.  This status is the only way we can detect if we
1883		 * have lost the race (e.g. host paused us) and our attempts
1884		 * to disable the channel occurred after all REQs were
1885		 * already seen and acked (REQINIT never comes true).
1886		 */
1887		mvi	DFFSXFRCTL, CLRCHN;
1888		xor	MODE_PTR, MK_MODE(M_DFF1, M_DFF1);
1889		test	DFCNTRL, DIRECTION jz interrupt_return;
1890		and	DFCNTRL, ~SCSIEN;
1891snapshot_wait_data_valid:
1892		test	SEQINTSRC, (CTXTDONE|SAVEPTRS) jnz interrupt_return;
1893		test	SSTAT1, REQINIT	jz snapshot_wait_data_valid;
1894snapshot_data_valid:
1895		or	DFCNTRL, SCSIEN;
1896		or	SEQINTCTL, IRET ret;
1897snapshot_saveptr:
1898		mvi	DFFSXFRCTL, CLRCHN;
1899		or	SEQINTCTL, IRET ret;
1900main_isr:
1901	}
1902	test	SEQINTSRC, CFG4DATA	jnz cfg4data_intr;
1903	test	SEQINTSRC, CFG4ISTAT	jnz cfg4istat_intr;
1904	test	SEQINTSRC, SAVEPTRS	jnz saveptr_intr;
1905	test	SEQINTSRC, CFG4ICMD	jnz cfg4icmd_intr;
1906	SET_SEQINTCODE(INVALID_SEQINT)
1907
1908/*
1909 * There are two types of save pointers interrupts:
1910 * The first is a snapshot save pointers where the current FIFO is not
1911 * active and contains a snapshot of the current poniter information.
1912 * This happens between packets in a stream for a single L_Q.  Since we
1913 * are not performing a pointer save, we can safely clear the channel
1914 * so it can be used for other transactions.  On RTI capable controllers,
1915 * where snapshots can, and are, disabled, the code to handle this type
1916 * of snapshot is not active.
1917 *
1918 * The second case is a save pointers on an active FIFO which occurs
1919 * if the target changes to a new L_Q or busfrees/QASes and the transfer
1920 * has a residual.  This should occur coincident with a ctxtdone.  We
1921 * disable the interrupt and allow our active routine to handle the
1922 * save.
1923 */
1924saveptr_intr:
1925	if ((ahd->features & AHD_RTI) == 0) {
1926		test	LONGJMP_ADDR[1], INVALID_ADDR jnz snapshot_saveptr;
1927	}
1928saveptr_active_fifo:
1929	and	SEQIMODE, ~ENSAVEPTRS;
1930	or	SEQINTCTL, IRET ret;
1931
1932cfg4data_intr:
1933	test	SCB_SGPTR[0], SG_LIST_NULL jnz pkt_handle_overrun_inc_use_count;
1934	call	load_first_seg;
1935	call	pkt_handle_xfer;
1936	inc	SCB_FIFO_USE_COUNT;
1937interrupt_return:
1938	or	SEQINTCTL, IRET ret;
1939
1940cfg4istat_intr:
1941	call	freeze_queue;
1942	add	NONE, -13, SCB_CDB_LEN;
1943	jnc	cfg4istat_have_sense_addr;
1944	test	SCB_CDB_LEN, SCB_CDB_LEN_PTR jnz cfg4istat_have_sense_addr;
1945	/*
1946	 * Host sets up address/count and enables transfer.
1947	 */
1948	SET_SEQINTCODE(CFG4ISTAT_INTR)
1949	jmp	cfg4istat_setup_handler;
1950cfg4istat_have_sense_addr:
1951	bmov	HADDR, SCB_SENSE_BUSADDR, 4;
1952	mvi	HCNT[1], (AHD_SENSE_BUFSIZE >> 8);
1953	mvi	SG_CACHE_PRE, LAST_SEG;
1954	mvi	DFCNTRL, PRELOADEN|SCSIEN|HDMAEN;
1955cfg4istat_setup_handler:
1956	/*
1957	 * Status pkt is transferring to host.
1958	 * Wait in idle loop for transfer to complete.
1959	 * If a command completed before an attempted
1960	 * task management function completed, notify the host.
1961	 */
1962	test	SCB_TASK_MANAGEMENT, 0xFF jz cfg4istat_no_taskmgmt_func;
1963	SET_SEQINTCODE(TASKMGMT_CMD_CMPLT_OKAY)
1964cfg4istat_no_taskmgmt_func:
1965	call	pkt_handle_status;
1966	or	SEQINTCTL, IRET ret;
1967
1968cfg4icmd_intr:
1969	/*
1970	 * In the case of DMAing a CDB from the host, the normal
1971	 * CDB buffer is formatted with an 8 byte address followed
1972	 * by a 1 byte count.
1973	 */
1974	bmov	HADDR[0], SCB_HOST_CDB_PTR, 9;
1975	mvi	SG_CACHE_PRE, LAST_SEG;
1976	mvi	DFCNTRL, (PRELOADEN|SCSIEN|HDMAEN);
1977	call	pkt_handle_cdb;
1978	or	SEQINTCTL, IRET ret;
1979
1980/*
1981 * See if the target has gone on in this context creating an
1982 * overrun condition.  For the write case, the hardware cannot
1983 * ack bytes until data are provided.  So, if the target begins
1984 * another  packet without changing contexts, implying we are
1985 * not sitting on a packet boundary, we are in an overrun
1986 * situation.  For the read case, the hardware will continue to
1987 * ack bytes into the FIFO, and may even ack the last overrun packet
1988 * into the FIFO.   If the FIFO should become non-empty, we are in
1989 * a read overrun case.
1990 */
1991#define check_overrun							\
1992	/* Not on a packet boundary. */					\
1993	test 	MDFFSTAT, DLZERO jz pkt_handle_overrun;			\
1994	test	DFSTATUS, FIFOEMP jz pkt_handle_overrun
1995
1996pkt_handle_xfer:
1997	test	SG_STATE, LOADING_NEEDED jz pkt_last_seg;
1998	call	setjmp;
1999	test	SEQINTSRC, SAVEPTRS jnz pkt_saveptrs;
2000	test	SCSIPHASE, ~DATA_PHASE_MASK jz . + 2;
2001	test	SCSISIGO, ATNO jnz . + 2;
2002	test	SSTAT2, NONPACKREQ jz pkt_service_fifo;
2003	/*
2004	 * Defer handling of this NONPACKREQ until we
2005	 * can be sure it pertains to this FIFO.  SAVEPTRS
2006	 * will not be asserted if the NONPACKREQ is for us,
2007	 * so we must simulate it if shadow is valid.  If
2008	 * shadow is not valid, keep running this FIFO until we
2009	 * have satisfied the transfer by loading segments and
2010	 * waiting for either shadow valid or last_seg_done.
2011	 */
2012	test	MDFFSTAT, SHVALID jnz pkt_saveptrs;
2013pkt_service_fifo:
2014	test	SG_STATE, LOADING_NEEDED jnz service_fifo;
2015pkt_last_seg:
2016	call	setjmp;
2017	test	SEQINTSRC, SAVEPTRS jnz pkt_saveptrs;
2018	test	SG_CACHE_SHADOW, LAST_SEG_DONE jnz pkt_last_seg_done;
2019	test	SCSIPHASE, ~DATA_PHASE_MASK jz . + 2;
2020	test	SCSISIGO, ATNO jnz . + 2;
2021	test	SSTAT2, NONPACKREQ jz return;
2022	test	MDFFSTAT, SHVALID jz return;
2023	/* FALLTHROUGH */
2024
2025/*
2026 * Either a SAVEPTRS interrupt condition is pending for this FIFO
2027 * or we have a pending NONPACKREQ for this FIFO.  We differentiate
2028 * between the two by capturing the state of the SAVEPTRS interrupt
2029 * prior to clearing this status and executing the common code for
2030 * these two cases.
2031 */
2032pkt_saveptrs:
2033BEGIN_CRITICAL;
2034	if ((ahd->bugs & AHD_AUTOFLUSH_BUG) != 0) {
2035		or	DFCNTRL, FIFOFLUSH;
2036	}
2037	mov	REG0, SEQINTSRC;
2038	call	calc_residual;
2039	call	save_pointers;
2040	mvi	CLRSEQINTSRC, CLRSAVEPTRS;
2041	call	disable_ccsgen;
2042	or	SEQIMODE, ENSAVEPTRS;
2043	test	DFCNTRL, DIRECTION jnz pkt_saveptrs_check_status;
2044	test	DFSTATUS, FIFOEMP jnz pkt_saveptrs_check_status;
2045	/*
2046	 * Keep a handler around for this FIFO until it drains
2047	 * to the host to guarantee that we don't complete the
2048	 * command to the host before the data arrives.
2049	 */
2050pkt_saveptrs_wait_fifoemp:
2051	call	setjmp;
2052	test	DFSTATUS, FIFOEMP jz return;
2053pkt_saveptrs_check_status:
2054	or	LONGJMP_ADDR[1], INVALID_ADDR;
2055	test	REG0, SAVEPTRS jz unexpected_nonpkt_phase;
2056	dec	SCB_FIFO_USE_COUNT;
2057	test	SCB_CONTROL, STATUS_RCVD jnz pkt_complete_scb_if_fifos_idle;
2058	mvi	DFFSXFRCTL, CLRCHN ret;
2059
2060/*
2061 * LAST_SEG_DONE status has been seen in the current FIFO.
2062 * This indicates that all of the allowed data for this
2063 * command has transferred across the SCSI and host buses.
2064 * Check for overrun and see if we can complete this command.
2065 */
2066pkt_last_seg_done:
2067	/*
2068	 * Mark transfer as completed.
2069	 */
2070	or	SCB_SGPTR, SG_LIST_NULL;
2071
2072	/*
2073	 * Wait for the current context to finish to verify that
2074	 * no overrun condition has occurred.
2075	 */
2076	test	SEQINTSRC, CTXTDONE jnz pkt_ctxt_done;
2077	call	setjmp;
2078pkt_wait_ctxt_done_loop:
2079	test	SEQINTSRC, CTXTDONE jnz pkt_ctxt_done;
2080	/*
2081	 * A sufficiently large overrun or a NONPACKREQ may
2082	 * prevent CTXTDONE from ever asserting, so we must
2083	 * poll for these statuses too.
2084	 */
2085	check_overrun;
2086	test	SSTAT2, NONPACKREQ jz return;
2087	test	SEQINTSRC, CTXTDONE jz unexpected_nonpkt_phase;
2088	/* FALLTHROUGH */
2089
2090pkt_ctxt_done:
2091	check_overrun;
2092	or	LONGJMP_ADDR[1], INVALID_ADDR;
2093	/*
2094	 * If status has been received, it is safe to skip
2095	 * the check to see if another FIFO is active because
2096	 * LAST_SEG_DONE has been observed.  However, we check
2097	 * the FIFO anyway since it costs us only one extra
2098	 * instruction to leverage common code to perform the
2099	 * SCB completion.
2100	 */
2101	dec	SCB_FIFO_USE_COUNT;
2102	test	SCB_CONTROL, STATUS_RCVD jnz pkt_complete_scb_if_fifos_idle;
2103	mvi	DFFSXFRCTL, CLRCHN ret;
2104END_CRITICAL;
2105
2106/*
2107 * Must wait until CDB xfer is over before issuing the
2108 * clear channel.
2109 */
2110pkt_handle_cdb:
2111	call	setjmp;
2112	test	SG_CACHE_SHADOW, LAST_SEG_DONE jz return;
2113	or	LONGJMP_ADDR[1], INVALID_ADDR;
2114	mvi	DFFSXFRCTL, CLRCHN ret;
2115
2116/*
2117 * Watch over the status transfer.  Our host sense buffer is
2118 * large enough to take the maximum allowed status packet.
2119 * None-the-less, we must still catch and report overruns to
2120 * the host.  Additionally, properly catch unexpected non-packet
2121 * phases that are typically caused by CRC errors in status packet
2122 * transmission.
2123 */
2124pkt_handle_status:
2125	call	setjmp;
2126	test	SG_CACHE_SHADOW, LAST_SEG_DONE jnz pkt_status_check_overrun;
2127	test	SEQINTSRC, CTXTDONE jz pkt_status_check_nonpackreq;
2128	test	SG_CACHE_SHADOW, LAST_SEG_DONE jnz pkt_status_check_overrun;
2129pkt_status_IU_done:
2130	if ((ahd->bugs & AHD_AUTOFLUSH_BUG) != 0) {
2131		or	DFCNTRL, FIFOFLUSH;
2132	}
2133	test	DFSTATUS, FIFOEMP jz return;
2134BEGIN_CRITICAL;
2135	or	LONGJMP_ADDR[1], INVALID_ADDR;
2136	mvi	SCB_SCSI_STATUS, STATUS_PKT_SENSE;
2137	or	SCB_CONTROL, STATUS_RCVD;
2138	jmp	pkt_complete_scb_if_fifos_idle;
2139END_CRITICAL;
2140pkt_status_check_overrun:
2141	/*
2142	 * Status PKT overruns are uncerimoniously recovered with a
2143	 * bus reset.  If we've overrun, let the host know so that
2144	 * recovery can be performed.
2145	 *
2146	 * LAST_SEG_DONE has been observed.  If either CTXTDONE or
2147	 * a NONPACKREQ phase change have occurred and the FIFO is
2148	 * empty, there is no overrun.
2149	 */
2150	test	DFSTATUS, FIFOEMP jz pkt_status_report_overrun;
2151	test	SEQINTSRC, CTXTDONE jz . + 2;
2152	test	DFSTATUS, FIFOEMP jnz pkt_status_IU_done;
2153	test	SCSIPHASE, ~DATA_PHASE_MASK jz return;
2154	test	DFSTATUS, FIFOEMP jnz pkt_status_check_nonpackreq;
2155pkt_status_report_overrun:
2156	SET_SEQINTCODE(STATUS_OVERRUN)
2157	/* SEQUENCER RESTARTED */
2158pkt_status_check_nonpackreq:
2159	/*
2160	 * CTXTDONE may be held off if a NONPACKREQ is associated with
2161	 * the current context.  If a NONPACKREQ is observed, decide
2162	 * if it is for the current context.  If it is for the current
2163	 * context, we must defer NONPACKREQ processing until all data
2164	 * has transferred to the host.
2165	 */
2166	test	SCSIPHASE, ~DATA_PHASE_MASK jz return;
2167	test	SCSISIGO, ATNO jnz . + 2;
2168	test	SSTAT2, NONPACKREQ jz return;
2169	test	SEQINTSRC, CTXTDONE jnz pkt_status_IU_done;
2170	test	DFSTATUS, FIFOEMP jz return;
2171	/*
2172	 * The unexpected nonpkt phase handler assumes that any
2173	 * data channel use will have a FIFO reference count.  It
2174	 * turns out that the status handler doesn't need a references
2175	 * count since the status received flag, and thus completion
2176	 * processing, cannot be set until the handler is finished.
2177	 * We increment the count here to make the nonpkt handler
2178	 * happy.
2179	 */
2180	inc	SCB_FIFO_USE_COUNT;
2181	/* FALLTHROUGH */
2182
2183/*
2184 * Nonpackreq is a polled status.  It can come true in three situations:
2185 * we have received an L_Q, we have sent one or more L_Qs, or there is no
2186 * L_Q context associated with this REQ (REQ occurs immediately after a
2187 * (re)selection).  Routines that know that the context responsible for this
2188 * nonpackreq call directly into unexpected_nonpkt_phase.  In the case of the
2189 * top level idle loop, we exhaust all active contexts prior to determining that
2190 * we simply do not have the full I_T_L_Q for this phase.
2191 */
2192unexpected_nonpkt_phase_find_ctxt:
2193	/*
2194	 * This nonpackreq is most likely associated with one of the tags
2195	 * in a FIFO or an outgoing LQ.  Only treat it as an I_T only
2196	 * nonpackreq if we've cleared out the FIFOs and handled any
2197	 * pending SELDO.
2198	 */
2199SET_SRC_MODE	M_SCSI;
2200SET_DST_MODE	M_SCSI;
2201	and	A, FIFO1FREE|FIFO0FREE, DFFSTAT;
2202	cmp	A, FIFO1FREE|FIFO0FREE jne return;
2203	test	SSTAT0, SELDO jnz return;
2204	mvi	SCBPTR[1], SCB_LIST_NULL;
2205unexpected_nonpkt_phase:
2206	test	MODE_PTR, ~(MK_MODE(M_DFF1, M_DFF1))
2207		jnz unexpected_nonpkt_mode_cleared;
2208SET_SRC_MODE	M_DFF0;
2209SET_DST_MODE	M_DFF0;
2210	or	LONGJMP_ADDR[1], INVALID_ADDR;
2211	dec	SCB_FIFO_USE_COUNT;
2212	mvi	DFFSXFRCTL, CLRCHN;
2213unexpected_nonpkt_mode_cleared:
2214	mvi	CLRSINT2, CLRNONPACKREQ;
2215	if ((ahd->bugs & AHD_BUSFREEREV_BUG) != 0) {
2216		/*
2217		 * Test to ensure that the bus has not
2218		 * already gone free prior to clearing
2219		 * any stale busfree status.  This avoids
2220		 * a window whereby a busfree just after
2221		 * a selection could be missed.
2222		 */
2223		test	SCSISIGI, BSYI jz . + 2;
2224		mvi	CLRSINT1,CLRBUSFREE;
2225		or	SIMODE1, ENBUSFREE;
2226	}
2227	test	SCSIPHASE, ~(MSG_IN_PHASE|MSG_OUT_PHASE) jnz illegal_phase;
2228	SET_SEQINTCODE(ENTERING_NONPACK)
2229	jmp	ITloop;
2230
2231illegal_phase:
2232	SET_SEQINTCODE(ILLEGAL_PHASE)
2233	jmp	ITloop;
2234
2235/*
2236 * We have entered an overrun situation.  If we have working
2237 * BITBUCKET, flip that on and let the hardware eat any overrun
2238 * data.  Otherwise use an overrun buffer in the host to simulate
2239 * BITBUCKET.
2240 */
2241pkt_handle_overrun_inc_use_count:
2242	inc	SCB_FIFO_USE_COUNT;
2243pkt_handle_overrun:
2244	SET_SEQINTCODE(CFG4OVERRUN)
2245	call	freeze_queue;
2246	if ((ahd->bugs & AHD_PKT_BITBUCKET_BUG) == 0) {
2247		or	DFFSXFRCTL, DFFBITBUCKET;
2248SET_SRC_MODE	M_DFF1;
2249SET_DST_MODE	M_DFF1;
2250	} else {
2251		call	load_overrun_buf;
2252		mvi	DFCNTRL, (HDMAEN|SCSIEN|PRELOADEN);
2253	}
2254	call	setjmp;
2255	if ((ahd->bugs & AHD_PKT_BITBUCKET_BUG) != 0) {
2256		test	DFSTATUS, PRELOAD_AVAIL jz overrun_load_done;
2257		call	load_overrun_buf;
2258		or	DFCNTRL, PRELOADEN;
2259overrun_load_done:
2260		test	SEQINTSRC, CTXTDONE jnz pkt_overrun_end;
2261	} else {
2262		test	DFFSXFRCTL, DFFBITBUCKET jz pkt_overrun_end;
2263	}
2264	test	SSTAT2, NONPACKREQ jz return;
2265pkt_overrun_end:
2266	or	SCB_RESIDUAL_SGPTR, SG_OVERRUN_RESID;
2267	test	SEQINTSRC, CTXTDONE jz unexpected_nonpkt_phase;
2268	dec	SCB_FIFO_USE_COUNT;
2269	or	LONGJMP_ADDR[1], INVALID_ADDR;
2270	test	SCB_CONTROL, STATUS_RCVD jnz pkt_complete_scb_if_fifos_idle;
2271	mvi	DFFSXFRCTL, CLRCHN ret;
2272
2273if ((ahd->bugs & AHD_PKT_BITBUCKET_BUG) != 0) {
2274load_overrun_buf:
2275	/*
2276	 * Load a dummy segment if preload space is available.
2277	 */
2278	mov 	HADDR[0], SHARED_DATA_ADDR;
2279	add	HADDR[1], PKT_OVERRUN_BUFOFFSET, SHARED_DATA_ADDR[1];
2280	mov	ACCUM_SAVE, A;
2281	clr	A;
2282	adc	HADDR[2], A, SHARED_DATA_ADDR[2];
2283	adc	HADDR[3], A, SHARED_DATA_ADDR[3];
2284	mov	A, ACCUM_SAVE;
2285	bmov	HADDR[4], ALLZEROS, 4;
2286	/* PKT_OVERRUN_BUFSIZE is a multiple of 256 */
2287	clr	HCNT[0];
2288	mvi	HCNT[1], ((PKT_OVERRUN_BUFSIZE >> 8) & 0xFF);
2289	clr	HCNT[2] ret;
2290}
2291