xref: /freebsd/sys/dev/aic7xxx/aic79xx.seq (revision 2ff63af9b88c7413b7d71715b5532625752a248e)
1/*-
2 * Adaptec U320 device driver firmware for Linux and FreeBSD.
3 *
4 * Copyright (c) 1994-2001, 2004 Justin T. Gibbs.
5 * Copyright (c) 2000-2002 Adaptec Inc.
6 * All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 * 1. Redistributions of source code must retain the above copyright
12 *    notice, this list of conditions, and the following disclaimer,
13 *    without modification.
14 * 2. Redistributions in binary form must reproduce at minimum a disclaimer
15 *    substantially similar to the "NO WARRANTY" disclaimer below
16 *    ("Disclaimer") and any redistribution must be conditioned upon
17 *    including a substantially similar Disclaimer requirement for further
18 *    binary redistribution.
19 * 3. Neither the names of the above-listed copyright holders nor the names
20 *    of any contributors may be used to endorse or promote products derived
21 *    from this software without specific prior written permission.
22 *
23 * Alternatively, this software may be distributed under the terms of the
24 * GNU General Public License ("GPL") version 2 as published by the Free
25 * Software Foundation.
26 *
27 * NO WARRANTY
28 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
29 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
30 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR
31 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
32 * HOLDERS OR CONTRIBUTORS BE LIABLE FOR SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
33 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
34 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
35 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
36 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
37 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
38 * POSSIBILITY OF SUCH DAMAGES.
39 */
40
41VERSION = "$Id: //depot/aic7xxx/aic7xxx/aic79xx.seq#119 $"
42PATCH_ARG_LIST = "struct ahd_softc *ahd"
43PREFIX = "ahd_"
44
45#include "aic79xx.reg"
46#include "scsi_message.h"
47
48restart:
49if ((ahd->bugs & AHD_INTCOLLISION_BUG) != 0) {
50	test	SEQINTCODE, 0xFF jz idle_loop;
51	SET_SEQINTCODE(NO_SEQINT)
52}
53
54idle_loop:
55
56	if ((ahd->bugs & AHD_INTCOLLISION_BUG) != 0) {
57		/*
58		 * Convert ERROR status into a sequencer
59		 * interrupt to handle the case of an
60		 * interrupt collision on the hardware
61		 * setting of HWERR.
62		 */
63		test	ERROR, 0xFF jz no_error_set;
64		SET_SEQINTCODE(SAW_HWERR)
65no_error_set:
66	}
67	SET_MODE(M_SCSI, M_SCSI)
68	test	SCSISEQ0, ENSELO|ENARBO jnz idle_loop_checkbus;
69	test	SEQ_FLAGS2, SELECTOUT_QFROZEN jz check_waiting_list;
70	/*
71	 * If the kernel has caught up with us, thaw the queue.
72	 */
73	mov	A, KERNEL_QFREEZE_COUNT;
74	cmp	QFREEZE_COUNT, A jne check_frozen_completions;
75	mov	A, KERNEL_QFREEZE_COUNT[1];
76	cmp	QFREEZE_COUNT[1], A jne check_frozen_completions;
77	and	SEQ_FLAGS2, ~SELECTOUT_QFROZEN;
78	jmp	check_waiting_list;
79check_frozen_completions:
80	test	SSTAT0, SELDO|SELINGO jnz idle_loop_checkbus;
81BEGIN_CRITICAL;
82	/*
83	 * If we have completions stalled waiting for the qfreeze
84	 * to take effect, move them over to the complete_scb list
85	 * now that no selections are pending.
86	 */
87	cmp	COMPLETE_ON_QFREEZE_HEAD[1],SCB_LIST_NULL je idle_loop_checkbus;
88	/*
89	 * Find the end of the qfreeze list.  The first element has
90	 * to be treated specially.
91	 */
92	bmov	SCBPTR, COMPLETE_ON_QFREEZE_HEAD, 2;
93	cmp 	SCB_NEXT_COMPLETE[1], SCB_LIST_NULL je join_lists;
94	/*
95	 * Now the normal loop.
96	 */
97	bmov	SCBPTR, SCB_NEXT_COMPLETE, 2;
98	cmp 	SCB_NEXT_COMPLETE[1], SCB_LIST_NULL jne . - 1;
99join_lists:
100	bmov	SCB_NEXT_COMPLETE, COMPLETE_SCB_HEAD, 2;
101	bmov	COMPLETE_SCB_HEAD, COMPLETE_ON_QFREEZE_HEAD, 2;
102	mvi	COMPLETE_ON_QFREEZE_HEAD[1], SCB_LIST_NULL;
103	jmp	idle_loop_checkbus;
104check_waiting_list:
105	cmp	WAITING_TID_HEAD[1], SCB_LIST_NULL je idle_loop_checkbus;
106	/*
107	 * ENSELO is cleared by a SELDO, so we must test for SELDO
108	 * one last time.
109	 */
110	test	SSTAT0, SELDO jnz select_out;
111	call	start_selection;
112idle_loop_checkbus:
113	test	SSTAT0, SELDO jnz select_out;
114END_CRITICAL;
115	test	SSTAT0, SELDI jnz select_in;
116	test	SCSIPHASE, ~DATA_PHASE_MASK jz idle_loop_check_nonpackreq;
117	test	SCSISIGO, ATNO jz idle_loop_check_nonpackreq;
118	call	unexpected_nonpkt_phase_find_ctxt;
119idle_loop_check_nonpackreq:
120	test	SSTAT2, NONPACKREQ jz . + 2;
121	call	unexpected_nonpkt_phase_find_ctxt;
122	if ((ahd->bugs & AHD_FAINT_LED_BUG) != 0) {
123		/*
124		 * On Rev A. hardware, the busy LED is only
125		 * turned on automaically during selections
126		 * and re-selections.  Make the LED status
127		 * more useful by forcing it to be on so
128		 * long as one of our data FIFOs is active.
129		 */
130		and	A, FIFO0FREE|FIFO1FREE, DFFSTAT;
131		cmp	A, FIFO0FREE|FIFO1FREE jne . + 3;
132		and	SBLKCTL, ~DIAGLEDEN|DIAGLEDON;
133		jmp	. + 2;
134		or	SBLKCTL, DIAGLEDEN|DIAGLEDON;
135	}
136	call	idle_loop_gsfifo_in_scsi_mode;
137	call	idle_loop_service_fifos;
138	call	idle_loop_cchan;
139	jmp	idle_loop;
140
141idle_loop_gsfifo:
142	SET_MODE(M_SCSI, M_SCSI)
143BEGIN_CRITICAL;
144idle_loop_gsfifo_in_scsi_mode:
145	test	LQISTAT2, LQIGSAVAIL jz return;
146	/*
147	 * We have received good status for this transaction.  There may
148	 * still be data in our FIFOs draining to the host.  Complete
149	 * the SCB only if all data has transferred to the host.
150	 */
151good_status_IU_done:
152	bmov	SCBPTR, GSFIFO, 2;
153	clr	SCB_SCSI_STATUS;
154	/*
155	 * If a command completed before an attempted task management
156	 * function completed, notify the host after disabling any
157	 * pending select-outs.
158	 */
159	test	SCB_TASK_MANAGEMENT, 0xFF jz gsfifo_complete_normally;
160	test	SSTAT0, SELDO|SELINGO jnz . + 2;
161	and	SCSISEQ0, ~ENSELO;
162	SET_SEQINTCODE(TASKMGMT_CMD_CMPLT_OKAY)
163gsfifo_complete_normally:
164	or	SCB_CONTROL, STATUS_RCVD;
165
166	/*
167	 * Since this status did not consume a FIFO, we have to
168	 * be a bit more dilligent in how we check for FIFOs pertaining
169	 * to this transaction.  There are two states that a FIFO still
170	 * transferring data may be in.
171	 *
172	 * 1) Configured and draining to the host, with a FIFO handler.
173	 * 2) Pending cfg4data, fifo not empty.
174	 *
175	 * Case 1 can be detected by noticing a non-zero FIFO active
176	 * count in the SCB.  In this case, we allow the routine servicing
177	 * the FIFO to complete the SCB.
178	 *
179	 * Case 2 implies either a pending or yet to occur save data
180	 * pointers for this same context in the other FIFO.  So, if
181	 * we detect case 1, we will properly defer the post of the SCB
182	 * and achieve the desired result.  The pending cfg4data will
183	 * notice that status has been received and complete the SCB.
184	 */
185	test	SCB_FIFO_USE_COUNT, 0xFF jnz idle_loop_gsfifo_in_scsi_mode;
186	call	complete;
187END_CRITICAL;
188	jmp	idle_loop_gsfifo_in_scsi_mode;
189
190idle_loop_service_fifos:
191	SET_MODE(M_DFF0, M_DFF0)
192BEGIN_CRITICAL;
193	test	LONGJMP_ADDR[1], INVALID_ADDR jnz idle_loop_next_fifo;
194	call	longjmp;
195END_CRITICAL;
196idle_loop_next_fifo:
197	SET_MODE(M_DFF1, M_DFF1)
198BEGIN_CRITICAL;
199	test	LONGJMP_ADDR[1], INVALID_ADDR jz longjmp;
200END_CRITICAL;
201return:
202	ret;
203
204idle_loop_cchan:
205	SET_MODE(M_CCHAN, M_CCHAN)
206	test	QOFF_CTLSTA, HS_MAILBOX_ACT jz	hs_mailbox_empty;
207	or	QOFF_CTLSTA, HS_MAILBOX_ACT;
208	mov	LOCAL_HS_MAILBOX, HS_MAILBOX;
209hs_mailbox_empty:
210BEGIN_CRITICAL;
211	test	CCSCBCTL, CCARREN|CCSCBEN jz scbdma_idle;
212	test	CCSCBCTL, CCSCBDIR jnz fetch_new_scb_inprog;
213	test	CCSCBCTL, CCSCBDONE jz return;
214	/* FALLTHROUGH */
215scbdma_tohost_done:
216	test	CCSCBCTL, CCARREN jz fill_qoutfifo_dmadone;
217	/*
218	 * An SCB has been successfully uploaded to the host.
219	 * If the SCB was uploaded for some reason other than
220	 * bad SCSI status (currently only for underruns), we
221	 * queue the SCB for normal completion.  Otherwise, we
222	 * wait until any select-out activity has halted, and
223	 * then queue the completion.
224	 */
225	and	CCSCBCTL, ~(CCARREN|CCSCBEN);
226	bmov	COMPLETE_DMA_SCB_HEAD, SCB_NEXT_COMPLETE, 2;
227	cmp	SCB_NEXT_COMPLETE[1], SCB_LIST_NULL jne . + 2;
228	mvi	COMPLETE_DMA_SCB_TAIL[1], SCB_LIST_NULL;
229	test	SCB_SCSI_STATUS, 0xff jz scbdma_queue_completion;
230	bmov	SCB_NEXT_COMPLETE, COMPLETE_ON_QFREEZE_HEAD, 2;
231	bmov	COMPLETE_ON_QFREEZE_HEAD, SCBPTR, 2 ret;
232scbdma_queue_completion:
233	bmov	SCB_NEXT_COMPLETE, COMPLETE_SCB_HEAD, 2;
234	bmov	COMPLETE_SCB_HEAD, SCBPTR, 2 ret;
235fill_qoutfifo_dmadone:
236	and	CCSCBCTL, ~(CCARREN|CCSCBEN);
237	call	qoutfifo_updated;
238	mvi	COMPLETE_SCB_DMAINPROG_HEAD[1], SCB_LIST_NULL;
239	bmov	QOUTFIFO_NEXT_ADDR, SCBHADDR, 4;
240	test	QOFF_CTLSTA, SDSCB_ROLLOVR jz return;
241	bmov	QOUTFIFO_NEXT_ADDR, SHARED_DATA_ADDR, 4;
242	xor	QOUTFIFO_ENTRY_VALID_TAG, QOUTFIFO_ENTRY_VALID_TOGGLE ret;
243END_CRITICAL;
244
245qoutfifo_updated:
246	/*
247	 * If there are more commands waiting to be dma'ed
248	 * to the host, always coalesce.  Otherwise honor the
249	 * host's wishes.
250	 */
251	cmp	COMPLETE_DMA_SCB_HEAD[1], SCB_LIST_NULL jne coalesce_by_count;
252	cmp	COMPLETE_SCB_HEAD[1], SCB_LIST_NULL jne coalesce_by_count;
253	test	LOCAL_HS_MAILBOX, ENINT_COALESCE jz issue_cmdcmplt;
254
255	/*
256	 * If we have relatively few commands outstanding, don't
257	 * bother waiting for another command to complete.
258	 */
259	test	CMDS_PENDING[1], 0xFF jnz coalesce_by_count;
260	/* Add -1 so that jnc means <= not just < */
261	add	A, -1, INT_COALESCING_MINCMDS;
262	add	NONE, A, CMDS_PENDING;
263	jnc	issue_cmdcmplt;
264
265	/*
266	 * If coalescing, only coalesce up to the limit
267	 * provided by the host driver.
268	 */
269coalesce_by_count:
270	mov	A, INT_COALESCING_MAXCMDS;
271	add	NONE, A, INT_COALESCING_CMDCOUNT;
272	jc	issue_cmdcmplt;
273	/*
274	 * If the timer is not currently active,
275	 * fire it up.
276	 */
277	test	INTCTL, SWTMINTMASK jz return;
278	bmov	SWTIMER, INT_COALESCING_TIMER, 2;
279	mvi	CLRSEQINTSTAT, CLRSEQ_SWTMRTO;
280	or	INTCTL, SWTMINTEN|SWTIMER_START;
281	and	INTCTL, ~SWTMINTMASK ret;
282
283issue_cmdcmplt:
284	mvi	INTSTAT, CMDCMPLT;
285	clr	INT_COALESCING_CMDCOUNT;
286	or	INTCTL, SWTMINTMASK ret;
287
288BEGIN_CRITICAL;
289fetch_new_scb_inprog:
290	test	CCSCBCTL, ARRDONE jz return;
291fetch_new_scb_done:
292	and	CCSCBCTL, ~(CCARREN|CCSCBEN);
293	clr	A;
294	add	CMDS_PENDING, 1;
295	adc	CMDS_PENDING[1], A;
296	if ((ahd->bugs & AHD_PKT_LUN_BUG) != 0) {
297		/*
298		 * "Short Luns" are not placed into outgoing LQ
299		 * packets in the correct byte order.  Use a full
300		 * sized lun field instead and fill it with the
301		 * one byte of lun information we support.
302		 */
303		mov	SCB_PKT_LUN[6], SCB_LUN;
304	}
305	/*
306	 * The FIFO use count field is shared with the
307	 * tag set by the host so that our SCB dma engine
308	 * knows the correct location to store the SCB.
309	 * Set it to zero before processing the SCB.
310	 */
311	clr	SCB_FIFO_USE_COUNT;
312	/* Update the next SCB address to download. */
313	bmov	NEXT_QUEUED_SCB_ADDR, SCB_NEXT_SCB_BUSADDR, 4;
314	/*
315	 * NULL out the SCB links since these fields
316	 * occupy the same location as SCB_NEXT_SCB_BUSADDR.
317	 */
318	mvi	SCB_NEXT[1], SCB_LIST_NULL;
319	mvi	SCB_NEXT2[1], SCB_LIST_NULL;
320	/* Increment our position in the QINFIFO. */
321	mov	NONE, SNSCB_QOFF;
322
323	/*
324	 * Save SCBID of this SCB in REG0 since
325	 * SCBPTR will be clobbered during target
326	 * list updates.  We also record the SCB's
327	 * flags so that we can refer to them even
328	 * after SCBPTR has been changed.
329	 */
330	bmov	REG0, SCBPTR, 2;
331	mov	A, SCB_CONTROL;
332
333	/*
334	 * Find the tail SCB of the execution queue
335	 * for this target.
336	 */
337	shr	SINDEX, 3, SCB_SCSIID;
338	and	SINDEX, ~0x1;
339	mvi	SINDEX[1], (WAITING_SCB_TAILS >> 8);
340	bmov	DINDEX, SINDEX, 2;
341	bmov	SCBPTR, SINDIR, 2;
342
343	/*
344	 * Update the tail to point to the new SCB.
345	 */
346	bmov	DINDIR, REG0, 2;
347
348	/*
349	 * If the queue was empty, queue this SCB as
350	 * the first for this target.
351	 */
352	cmp	SCBPTR[1], SCB_LIST_NULL je first_new_target_scb;
353
354	/*
355	 * SCBs that want to send messages must always be
356	 * at the head of their per-target queue so that
357	 * ATN can be asserted even if the current
358	 * negotiation agreement is packetized.  If the
359	 * target queue is empty, the SCB can be queued
360	 * immediately.  If the queue is not empty, we must
361	 * wait for it to empty before entering this SCB
362	 * into the waiting for selection queue.  Otherwise
363	 * our batching and round-robin selection scheme
364	 * could allow commands to be queued out of order.
365	 * To simplify the implementation, we stop pulling
366	 * new commands from the host until the MK_MESSAGE
367	 * SCB can be queued to the waiting for selection
368	 * list.
369	 */
370	test	A, MK_MESSAGE jz batch_scb;
371
372	/*
373	 * If the last SCB is also a MK_MESSAGE SCB, then
374	 * order is preserved even if we batch.
375	 */
376	test	SCB_CONTROL, MK_MESSAGE jz batch_scb;
377
378	/*
379	 * Defer this SCB and stop fetching new SCBs until
380	 * it can be queued.  Since the SCB_SCSIID of the
381	 * tail SCB must be the same as that of the newly
382	 * queued SCB, there is no need to restore the SCBID
383	 * here.
384	 */
385	or	SEQ_FLAGS2, PENDING_MK_MESSAGE;
386	bmov	MK_MESSAGE_SCB, REG0, 2;
387	mov	MK_MESSAGE_SCSIID, SCB_SCSIID ret;
388
389batch_scb:
390	/*
391	 * Otherwise just update the previous tail SCB to
392	 * point to the new tail.
393	 */
394	bmov	SCB_NEXT, REG0, 2 ret;
395
396first_new_target_scb:
397	/*
398	 * Append SCB to the tail of the waiting for
399	 * selection list.
400	 */
401	cmp	WAITING_TID_HEAD[1], SCB_LIST_NULL je first_new_scb;
402	bmov	SCBPTR, WAITING_TID_TAIL, 2;
403	bmov	SCB_NEXT2, REG0, 2;
404	bmov	WAITING_TID_TAIL, REG0, 2 ret;
405first_new_scb:
406	/*
407	 * Whole list is empty, so the head of
408	 * the list must be initialized too.
409	 */
410	bmov	WAITING_TID_HEAD, REG0, 2;
411	bmov	WAITING_TID_TAIL, REG0, 2 ret;
412END_CRITICAL;
413
414scbdma_idle:
415	/*
416	 * Don't bother downloading new SCBs to execute
417	 * if select-outs are currently frozen or we have
418	 * a MK_MESSAGE SCB waiting to enter the queue.
419	 */
420	test	SEQ_FLAGS2, SELECTOUT_QFROZEN|PENDING_MK_MESSAGE
421		jnz scbdma_no_new_scbs;
422BEGIN_CRITICAL;
423	test	QOFF_CTLSTA, NEW_SCB_AVAIL jnz fetch_new_scb;
424scbdma_no_new_scbs:
425	cmp	COMPLETE_DMA_SCB_HEAD[1], SCB_LIST_NULL jne dma_complete_scb;
426	cmp	COMPLETE_SCB_HEAD[1], SCB_LIST_NULL je return;
427	/* FALLTHROUGH */
428fill_qoutfifo:
429	/*
430	 * Keep track of the SCBs we are dmaing just
431	 * in case the DMA fails or is aborted.
432	 */
433	bmov	COMPLETE_SCB_DMAINPROG_HEAD, COMPLETE_SCB_HEAD, 2;
434	mvi	CCSCBCTL, CCSCBRESET;
435	bmov	SCBHADDR, QOUTFIFO_NEXT_ADDR, 4;
436	mov	A, QOUTFIFO_NEXT_ADDR;
437	bmov	SCBPTR, COMPLETE_SCB_HEAD, 2;
438fill_qoutfifo_loop:
439	bmov	CCSCBRAM, SCBPTR, 2;
440	mov	CCSCBRAM, SCB_SGPTR[0];
441	mov	CCSCBRAM, QOUTFIFO_ENTRY_VALID_TAG;
442	mov	NONE, SDSCB_QOFF;
443	inc	INT_COALESCING_CMDCOUNT;
444	add	CMDS_PENDING, -1;
445	adc	CMDS_PENDING[1], -1;
446	cmp	SCB_NEXT_COMPLETE[1], SCB_LIST_NULL je fill_qoutfifo_done;
447	cmp	CCSCBADDR, CCSCBADDR_MAX je fill_qoutfifo_done;
448	test	QOFF_CTLSTA, SDSCB_ROLLOVR jnz fill_qoutfifo_done;
449	/*
450	 * Don't cross an ADB or Cachline boundary when DMA'ing
451	 * completion entries.  In PCI mode, at least in 32/33
452	 * configurations, the SCB DMA engine may lose its place
453	 * in the data-stream should the target force a retry on
454	 * something other than an 8byte aligned boundary. In
455	 * PCI-X mode, we do this to avoid split transactions since
456	 * many chipsets seem to be unable to format proper split
457	 * completions to continue the data transfer.
458	 */
459	add	SINDEX, A, CCSCBADDR;
460	test	SINDEX, CACHELINE_MASK jz fill_qoutfifo_done;
461	bmov	SCBPTR, SCB_NEXT_COMPLETE, 2;
462	jmp	fill_qoutfifo_loop;
463fill_qoutfifo_done:
464	mov	SCBHCNT, CCSCBADDR;
465	mvi	CCSCBCTL, CCSCBEN|CCSCBRESET;
466	bmov	COMPLETE_SCB_HEAD, SCB_NEXT_COMPLETE, 2;
467	mvi	SCB_NEXT_COMPLETE[1], SCB_LIST_NULL ret;
468
469fetch_new_scb:
470	bmov	SCBHADDR, NEXT_QUEUED_SCB_ADDR, 4;
471	mvi	CCARREN|CCSCBEN|CCSCBDIR|CCSCBRESET jmp dma_scb;
472dma_complete_scb:
473	bmov	SCBPTR, COMPLETE_DMA_SCB_HEAD, 2;
474	bmov	SCBHADDR, SCB_BUSADDR, 4;
475	mvi	CCARREN|CCSCBEN|CCSCBRESET jmp dma_scb;
476
477/*
478 * Either post or fetch an SCB from host memory.  The caller
479 * is responsible for polling for transfer completion.
480 *
481 * Prerequisits: Mode == M_CCHAN
482 *		 SINDEX contains CCSCBCTL flags
483 *		 SCBHADDR set to Host SCB address
484 *		 SCBPTR set to SCB src location on "push" operations
485 */
486SET_SRC_MODE	M_CCHAN;
487SET_DST_MODE	M_CCHAN;
488dma_scb:
489	mvi	SCBHCNT, SCB_TRANSFER_SIZE;
490	mov	CCSCBCTL, SINDEX ret;
491
492setjmp:
493	/*
494	 * At least on the A, a return in the same
495	 * instruction as the bmov results in a return
496	 * to the caller, not to the new address at the
497	 * top of the stack.  Since we want the latter
498	 * (we use setjmp to register a handler from an
499	 * interrupt context but not invoke that handler
500	 * until we return to our idle loop), use a
501	 * separate ret instruction.
502	 */
503	bmov	LONGJMP_ADDR, STACK, 2;
504	ret;
505setjmp_inline:
506	bmov	LONGJMP_ADDR, STACK, 2;
507longjmp:
508	bmov	STACK, LONGJMP_ADDR, 2 ret;
509END_CRITICAL;
510
511/*************************** Chip Bug Work Arounds ****************************/
512/*
513 * Must disable interrupts when setting the mode pointer
514 * register as an interrupt occurring mid update will
515 * fail to store the new mode value for restoration on
516 * an iret.
517 */
518if ((ahd->bugs & AHD_SET_MODE_BUG) != 0) {
519set_mode_work_around:
520	mvi	SEQINTCTL, INTVEC1DSL;
521	mov	MODE_PTR, SINDEX;
522	clr	SEQINTCTL ret;
523}
524
525
526if ((ahd->bugs & AHD_INTCOLLISION_BUG) != 0) {
527set_seqint_work_around:
528	mov	SEQINTCODE, SINDEX;
529	mvi	SEQINTCODE, NO_SEQINT ret;
530}
531
532/************************ Packetized LongJmp Routines *************************/
533SET_SRC_MODE	M_SCSI;
534SET_DST_MODE	M_SCSI;
535start_selection:
536BEGIN_CRITICAL;
537	if ((ahd->bugs & AHD_SENT_SCB_UPDATE_BUG) != 0) {
538		/*
539		 * Razor #494
540		 * Rev A hardware fails to update LAST/CURR/NEXTSCB
541		 * correctly after a packetized selection in several
542		 * situations:
543		 *
544		 * 1) If only one command existed in the queue, the
545		 *    LAST/CURR/NEXTSCB are unchanged.
546		 *
547		 * 2) In a non QAS, protocol allowed phase change,
548		 *    the queue is shifted 1 too far.  LASTSCB is
549		 *    the last SCB that was correctly processed.
550		 *
551		 * 3) In the QAS case, if the full list of commands
552		 *    was successfully sent, NEXTSCB is NULL and neither
553		 *    CURRSCB nor LASTSCB can be trusted.  We must
554		 *    manually walk the list counting MAXCMDCNT elements
555		 *    to find the last SCB that was sent correctly.
556		 *
557		 * To simplify the workaround for this bug in SELDO
558		 * handling, we initialize LASTSCB prior to enabling
559		 * selection so we can rely on it even for case #1 above.
560		 */
561		bmov	LASTSCB, WAITING_TID_HEAD, 2;
562	}
563	bmov	CURRSCB, WAITING_TID_HEAD, 2;
564	bmov	SCBPTR, WAITING_TID_HEAD, 2;
565	shr	SELOID, 4, SCB_SCSIID;
566	/*
567	 * If we want to send a message to the device, ensure
568	 * we are selecting with atn irregardless of our packetized
569	 * agreement.  Since SPI4 only allows target reset or PPR
570	 * messages if this is a packetized connection, the change
571	 * to our negotiation table entry for this selection will
572	 * be cleared when the message is acted on.
573	 */
574	test	SCB_CONTROL, MK_MESSAGE jz . + 3;
575	mov	NEGOADDR, SELOID;
576	or	NEGCONOPTS, ENAUTOATNO;
577	or	SCSISEQ0, ENSELO ret;
578END_CRITICAL;
579
580/*
581 * Allocate a FIFO for a non-packetized transaction.
582 * In RevA hardware, both FIFOs must be free before we
583 * can allocate a FIFO for a non-packetized transaction.
584 */
585allocate_fifo_loop:
586	/*
587	 * Do whatever work is required to free a FIFO.
588	 */
589	call	idle_loop_service_fifos;
590	SET_MODE(M_SCSI, M_SCSI)
591allocate_fifo:
592	if ((ahd->bugs & AHD_NONPACKFIFO_BUG) != 0) {
593		and	A, FIFO0FREE|FIFO1FREE, DFFSTAT;
594		cmp	A, FIFO0FREE|FIFO1FREE jne allocate_fifo_loop;
595	} else {
596		test	DFFSTAT, FIFO1FREE jnz allocate_fifo1;
597		test	DFFSTAT, FIFO0FREE jz allocate_fifo_loop;
598		mvi	DFFSTAT, B_CURRFIFO_0;
599		SET_MODE(M_DFF0, M_DFF0)
600		bmov	SCBPTR, ALLOCFIFO_SCBPTR, 2 ret;
601	}
602SET_SRC_MODE	M_SCSI;
603SET_DST_MODE	M_SCSI;
604allocate_fifo1:
605	mvi	DFFSTAT, CURRFIFO_1;
606	SET_MODE(M_DFF1, M_DFF1)
607	bmov	SCBPTR, ALLOCFIFO_SCBPTR, 2 ret;
608
609/*
610 * We have been reselected as an initiator
611 * or selected as a target.
612 */
613SET_SRC_MODE	M_SCSI;
614SET_DST_MODE	M_SCSI;
615select_in:
616	if ((ahd->bugs & AHD_FAINT_LED_BUG) != 0) {
617		/*
618		 * On Rev A. hardware, the busy LED is only
619		 * turned on automaically during selections
620		 * and re-selections.  Make the LED status
621		 * more useful by forcing it to be on from
622		 * the point of selection until our idle
623		 * loop determines that neither of our FIFOs
624		 * are busy.  This handles the non-packetized
625		 * case nicely as we will not return to the
626		 * idle loop until the busfree at the end of
627		 * each transaction.
628		 */
629		or	SBLKCTL, DIAGLEDEN|DIAGLEDON;
630	}
631	if ((ahd->bugs & AHD_BUSFREEREV_BUG) != 0) {
632		/*
633		 * Test to ensure that the bus has not
634		 * already gone free prior to clearing
635		 * any stale busfree status.  This avoids
636		 * a window whereby a busfree just after
637		 * a selection could be missed.
638		 */
639		test	SCSISIGI, BSYI jz . + 2;
640		mvi	CLRSINT1,CLRBUSFREE;
641		or	SIMODE1, ENBUSFREE;
642	}
643	or	SXFRCTL0, SPIOEN;
644	and	SAVED_SCSIID, SELID_MASK, SELID;
645	and	A, OID, IOWNID;
646	or	SAVED_SCSIID, A;
647	mvi	CLRSINT0, CLRSELDI;
648	jmp	ITloop;
649
650/*
651 * We have successfully selected out.
652 *
653 * Clear SELDO.
654 * Dequeue all SCBs sent from the waiting queue
655 * Requeue all SCBs *not* sent to the tail of the waiting queue
656 * Take Razor #494 into account for above.
657 *
658 * In Packetized Mode:
659 *	Return to the idle loop.  Our interrupt handler will take
660 *	care of any incoming L_Qs.
661 *
662 * In Non-Packetize Mode:
663 *	Continue to our normal state machine.
664 */
665SET_SRC_MODE	M_SCSI;
666SET_DST_MODE	M_SCSI;
667select_out:
668BEGIN_CRITICAL;
669	if ((ahd->bugs & AHD_FAINT_LED_BUG) != 0) {
670		/*
671		 * On Rev A. hardware, the busy LED is only
672		 * turned on automaically during selections
673		 * and re-selections.  Make the LED status
674		 * more useful by forcing it to be on from
675		 * the point of re-selection until our idle
676		 * loop determines that neither of our FIFOs
677		 * are busy.  This handles the non-packetized
678		 * case nicely as we will not return to the
679		 * idle loop until the busfree at the end of
680		 * each transaction.
681		 */
682		or	SBLKCTL, DIAGLEDEN|DIAGLEDON;
683	}
684	/* Clear out all SCBs that have been successfully sent. */
685	if ((ahd->bugs & AHD_SENT_SCB_UPDATE_BUG) != 0) {
686		/*
687		 * For packetized, the LQO manager clears ENSELO on
688		 * the assertion of SELDO.  If we are non-packetized,
689		 * LASTSCB and CURRSCB are accurate.
690		 */
691		test	SCSISEQ0, ENSELO jnz use_lastscb;
692
693		/*
694		 * The update is correct for LQOSTAT1 errors.  All
695		 * but LQOBUSFREE are handled by kernel interrupts.
696		 * If we see LQOBUSFREE, return to the idle loop.
697		 * Once we are out of the select_out critical section,
698		 * the kernel will cleanup the LQOBUSFREE and we will
699		 * eventually restart the selection if appropriate.
700		 */
701		test	LQOSTAT1, LQOBUSFREE jnz idle_loop;
702
703		/*
704		 * On a phase change oustside of packet boundaries,
705		 * LASTSCB points to the currently active SCB context
706		 * on the bus.
707		 */
708		test	LQOSTAT2, LQOPHACHGOUTPKT jnz use_lastscb;
709
710		/*
711		 * If the hardware has traversed the whole list, NEXTSCB
712		 * will be NULL, CURRSCB and LASTSCB cannot be trusted,
713		 * but MAXCMDCNT is accurate.  If we stop part way through
714		 * the list or only had one command to issue, NEXTSCB[1] is
715		 * not NULL and LASTSCB is the last command to go out.
716		 */
717		cmp	NEXTSCB[1], SCB_LIST_NULL jne use_lastscb;
718
719		/*
720		 * Brute force walk.
721		 */
722		bmov	SCBPTR, WAITING_TID_HEAD, 2;
723		mvi	SEQINTCTL, INTVEC1DSL;
724		mvi	MODE_PTR, MK_MODE(M_CFG, M_CFG);
725		mov	A, MAXCMDCNT;
726		mvi	MODE_PTR, MK_MODE(M_SCSI, M_SCSI);
727		clr	SEQINTCTL;
728find_lastscb_loop:
729		dec	A;
730		test	A, 0xFF jz found_last_sent_scb;
731		bmov	SCBPTR, SCB_NEXT, 2;
732		jmp	find_lastscb_loop;
733use_lastscb:
734		bmov	SCBPTR, LASTSCB, 2;
735found_last_sent_scb:
736		bmov	CURRSCB, SCBPTR, 2;
737curscb_ww_done:
738	} else {
739		bmov	SCBPTR, CURRSCB, 2;
740	}
741
742	/*
743	 * The whole list made it.  Clear our tail pointer to indicate
744	 * that the per-target selection queue is now empty.
745	 */
746	cmp	SCB_NEXT[1], SCB_LIST_NULL je select_out_clear_tail;
747
748	/*
749	 * Requeue any SCBs not sent, to the tail of the waiting Q.
750	 * We know that neither the per-TID list nor the list of
751	 * TIDs is empty.  Use this knowledge to our advantage and
752	 * queue the remainder to the tail of the global execution
753	 * queue.
754	 */
755	bmov	REG0, SCB_NEXT, 2;
756select_out_queue_remainder:
757	bmov	SCBPTR, WAITING_TID_TAIL, 2;
758	bmov	SCB_NEXT2, REG0, 2;
759	bmov	WAITING_TID_TAIL, REG0, 2;
760	jmp	select_out_inc_tid_q;
761
762select_out_clear_tail:
763	/*
764	 * Queue any pending MK_MESSAGE SCB for this target now
765	 * that the queue is empty.
766	 */
767	test	SEQ_FLAGS2, PENDING_MK_MESSAGE jz select_out_no_mk_message_scb;
768	mov	A, MK_MESSAGE_SCSIID;
769	cmp	SCB_SCSIID, A jne select_out_no_mk_message_scb;
770	and	SEQ_FLAGS2, ~PENDING_MK_MESSAGE;
771	bmov	REG0, MK_MESSAGE_SCB, 2;
772	jmp select_out_queue_remainder;
773
774select_out_no_mk_message_scb:
775	/*
776	 * Clear this target's execution tail and increment the queue.
777	 */
778	shr	DINDEX, 3, SCB_SCSIID;
779	or	DINDEX, 1;	/* Want only the second byte */
780	mvi	DINDEX[1], ((WAITING_SCB_TAILS) >> 8);
781	mvi	DINDIR, SCB_LIST_NULL;
782select_out_inc_tid_q:
783	bmov	SCBPTR, WAITING_TID_HEAD, 2;
784	bmov	WAITING_TID_HEAD, SCB_NEXT2, 2;
785	cmp	WAITING_TID_HEAD[1], SCB_LIST_NULL jne . + 2;
786	mvi	WAITING_TID_TAIL[1], SCB_LIST_NULL;
787	bmov	SCBPTR, CURRSCB, 2;
788	mvi	CLRSINT0, CLRSELDO;
789	test	LQOSTAT2, LQOPHACHGOUTPKT jnz unexpected_nonpkt_mode_cleared;
790	test	LQOSTAT1, LQOPHACHGINPKT jnz unexpected_nonpkt_mode_cleared;
791
792	/*
793	 * If this is a packetized connection, return to our
794	 * idle_loop and let our interrupt handler deal with
795	 * any connection setup/teardown issues.  The only
796	 * exceptions are the case of MK_MESSAGE and task management
797	 * SCBs.
798	 */
799	if ((ahd->bugs & AHD_LQO_ATNO_BUG) != 0) {
800		/*
801		 * In the A, the LQO manager transitions to LQOSTOP0 even if
802		 * we have selected out with ATN asserted and the target
803		 * REQs in a non-packet phase.
804		 */
805		test 	SCB_CONTROL, MK_MESSAGE jz select_out_no_message;
806		test	SCSISIGO, ATNO jnz select_out_non_packetized;
807select_out_no_message:
808	}
809	test	LQOSTAT2, LQOSTOP0 jz select_out_non_packetized;
810	test	SCB_TASK_MANAGEMENT, 0xFF jz idle_loop;
811	SET_SEQINTCODE(TASKMGMT_FUNC_COMPLETE)
812	jmp	idle_loop;
813
814select_out_non_packetized:
815	/* Non packetized request. */
816	and     SCSISEQ0, ~ENSELO;
817	if ((ahd->bugs & AHD_BUSFREEREV_BUG) != 0) {
818		/*
819		 * Test to ensure that the bus has not
820		 * already gone free prior to clearing
821		 * any stale busfree status.  This avoids
822		 * a window whereby a busfree just after
823		 * a selection could be missed.
824		 */
825		test	SCSISIGI, BSYI jz . + 2;
826		mvi	CLRSINT1,CLRBUSFREE;
827		or	SIMODE1, ENBUSFREE;
828	}
829	mov	SAVED_SCSIID, SCB_SCSIID;
830	mov	SAVED_LUN, SCB_LUN;
831	mvi	SEQ_FLAGS, NO_CDB_SENT;
832END_CRITICAL;
833	or	SXFRCTL0, SPIOEN;
834
835	/*
836	 * As soon as we get a successful selection, the target
837	 * should go into the message out phase since we have ATN
838	 * asserted.
839	 */
840	mvi	MSG_OUT, MSG_IDENTIFYFLAG;
841
842	/*
843	 * Main loop for information transfer phases.  Wait for the
844	 * target to assert REQ before checking MSG, C/D and I/O for
845	 * the bus phase.
846	 */
847mesgin_phasemis:
848ITloop:
849	call	phase_lock;
850
851	mov	A, LASTPHASE;
852
853	test	A, ~P_DATAIN_DT	jz p_data;
854	cmp	A,P_COMMAND	je p_command;
855	cmp	A,P_MESGOUT	je p_mesgout;
856	cmp	A,P_STATUS	je p_status;
857	cmp	A,P_MESGIN	je p_mesgin;
858
859	SET_SEQINTCODE(BAD_PHASE)
860	jmp	ITloop;			/* Try reading the bus again. */
861
862/*
863 * Command phase.  Set up the DMA registers and let 'er rip.
864 */
865p_command:
866	test	SEQ_FLAGS, NOT_IDENTIFIED jz p_command_okay;
867	SET_SEQINTCODE(PROTO_VIOLATION)
868p_command_okay:
869	test	MODE_PTR, ~(MK_MODE(M_DFF1, M_DFF1))
870		jnz p_command_allocate_fifo;
871	/*
872	 * Command retry.  Free our current FIFO and
873	 * re-allocate a FIFO so transfer state is
874	 * reset.
875	 */
876SET_SRC_MODE	M_DFF1;
877SET_DST_MODE	M_DFF1;
878	mvi	DFFSXFRCTL, RSTCHN|CLRSHCNT;
879	SET_MODE(M_SCSI, M_SCSI)
880p_command_allocate_fifo:
881	bmov	ALLOCFIFO_SCBPTR, SCBPTR, 2;
882	call	allocate_fifo;
883SET_SRC_MODE	M_DFF1;
884SET_DST_MODE	M_DFF1;
885	add	NONE, -17, SCB_CDB_LEN;
886	jnc	p_command_embedded;
887p_command_from_host:
888	bmov	HADDR[0], SCB_HOST_CDB_PTR, 9;
889	mvi	SG_CACHE_PRE, LAST_SEG;
890	mvi	DFCNTRL, (PRELOADEN|SCSIEN|HDMAEN);
891	jmp	p_command_xfer;
892p_command_embedded:
893	bmov	SHCNT[0], SCB_CDB_LEN,  1;
894	bmov	DFDAT, SCB_CDB_STORE, 16;
895	mvi	DFCNTRL, SCSIEN;
896p_command_xfer:
897	and	SEQ_FLAGS, ~NO_CDB_SENT;
898	if ((ahd->features & AHD_FAST_CDB_DELIVERY) != 0) {
899		/*
900		 * To speed up CDB delivery in Rev B, all CDB acks
901		 * are "released" to the output sync as soon as the
902		 * command phase starts.  There is only one problem
903		 * with this approach.  If the target changes phase
904		 * before all data are sent, we have left over acks
905		 * that can go out on the bus in a data phase.  Due
906		 * to other chip contraints, this only happens if
907		 * the target goes to data-in, but if the acks go
908		 * out before we can test SDONE, we'll think that
909		 * the transfer has completed successfully.  Work
910		 * around this by taking advantage of the 400ns or
911		 * 800ns dead time between command phase and the REQ
912		 * of the new phase.  If the transfer has completed
913		 * successfully, SCSIEN should fall *long* before we
914		 * see a phase change.  We thus treat any phasemiss
915		 * that occurs before SCSIEN falls as an incomplete
916		 * transfer.
917		 */
918		test	SSTAT1, PHASEMIS jnz p_command_xfer_failed;
919		test	DFCNTRL, SCSIEN jnz . - 1;
920	} else {
921		test	DFCNTRL, SCSIEN jnz .;
922	}
923	/*
924	 * DMA Channel automatically disabled.
925	 * Don't allow a data phase if the command
926	 * was not fully transferred.
927	 */
928	test	SSTAT2, SDONE jnz ITloop;
929p_command_xfer_failed:
930	or	SEQ_FLAGS, NO_CDB_SENT;
931	jmp	ITloop;
932
933
934/*
935 * Status phase.  Wait for the data byte to appear, then read it
936 * and store it into the SCB.
937 */
938SET_SRC_MODE	M_SCSI;
939SET_DST_MODE	M_SCSI;
940p_status:
941	test	SEQ_FLAGS,NOT_IDENTIFIED jnz mesgin_proto_violation;
942p_status_okay:
943	mov	SCB_SCSI_STATUS, SCSIDAT;
944	or	SCB_CONTROL, STATUS_RCVD;
945	jmp	ITloop;
946
947/*
948 * Message out phase.  If MSG_OUT is MSG_IDENTIFYFLAG, build a full
949 * indentify message sequence and send it to the target.  The host may
950 * override this behavior by setting the MK_MESSAGE bit in the SCB
951 * control byte.  This will cause us to interrupt the host and allow
952 * it to handle the message phase completely on its own.  If the bit
953 * associated with this target is set, we will also interrupt the host,
954 * thereby allowing it to send a message on the next selection regardless
955 * of the transaction being sent.
956 *
957 * If MSG_OUT is == HOST_MSG, also interrupt the host and take a message.
958 * This is done to allow the host to send messages outside of an identify
959 * sequence while protecting the seqencer from testing the MK_MESSAGE bit
960 * on an SCB that might not be for the current nexus. (For example, a
961 * BDR message in response to a bad reselection would leave us pointed to
962 * an SCB that doesn't have anything to do with the current target).
963 *
964 * Otherwise, treat MSG_OUT as a 1 byte message to send (abort, abort tag,
965 * bus device reset).
966 *
967 * When there are no messages to send, MSG_OUT should be set to MSG_NOOP,
968 * in case the target decides to put us in this phase for some strange
969 * reason.
970 */
971p_mesgout_retry:
972	/* Turn on ATN for the retry */
973	mvi	SCSISIGO, ATNO;
974p_mesgout:
975	mov	SINDEX, MSG_OUT;
976	cmp	SINDEX, MSG_IDENTIFYFLAG jne p_mesgout_from_host;
977	test	SCB_CONTROL,MK_MESSAGE	jnz host_message_loop;
978p_mesgout_identify:
979	or	SINDEX, MSG_IDENTIFYFLAG|DISCENB, SCB_LUN;
980	test	SCB_CONTROL, DISCENB jnz . + 2;
981	and	SINDEX, ~DISCENB;
982/*
983 * Send a tag message if TAG_ENB is set in the SCB control block.
984 * Use SCB_NONPACKET_TAG as the tag value.
985 */
986p_mesgout_tag:
987	test	SCB_CONTROL,TAG_ENB jz  p_mesgout_onebyte;
988	mov	SCSIDAT, SINDEX;	/* Send the identify message */
989	call	phase_lock;
990	cmp	LASTPHASE, P_MESGOUT	jne p_mesgout_done;
991	and	SCSIDAT,TAG_ENB|SCB_TAG_TYPE,SCB_CONTROL;
992	call	phase_lock;
993	cmp	LASTPHASE, P_MESGOUT	jne p_mesgout_done;
994	mov	SCBPTR jmp p_mesgout_onebyte;
995/*
996 * Interrupt the driver, and allow it to handle this message
997 * phase and any required retries.
998 */
999p_mesgout_from_host:
1000	cmp	SINDEX, HOST_MSG	jne p_mesgout_onebyte;
1001	jmp	host_message_loop;
1002
1003p_mesgout_onebyte:
1004	mvi	CLRSINT1, CLRATNO;
1005	mov	SCSIDAT, SINDEX;
1006
1007/*
1008 * If the next bus phase after ATN drops is message out, it means
1009 * that the target is requesting that the last message(s) be resent.
1010 */
1011	call	phase_lock;
1012	cmp	LASTPHASE, P_MESGOUT	je p_mesgout_retry;
1013
1014p_mesgout_done:
1015	mvi	CLRSINT1,CLRATNO;	/* Be sure to turn ATNO off */
1016	mov	LAST_MSG, MSG_OUT;
1017	mvi	MSG_OUT, MSG_NOOP;	/* No message left */
1018	jmp	ITloop;
1019
1020/*
1021 * Message in phase.  Bytes are read using Automatic PIO mode.
1022 */
1023p_mesgin:
1024	/* read the 1st message byte */
1025	mvi	ACCUM		call inb_first;
1026
1027	test	A,MSG_IDENTIFYFLAG	jnz mesgin_identify;
1028	cmp	A,MSG_DISCONNECT	je mesgin_disconnect;
1029	cmp	A,MSG_SAVEDATAPOINTER	je mesgin_sdptrs;
1030	cmp	ALLZEROS,A		je mesgin_complete;
1031	cmp	A,MSG_RESTOREPOINTERS	je mesgin_rdptrs;
1032	cmp	A,MSG_IGN_WIDE_RESIDUE	je mesgin_ign_wide_residue;
1033	cmp	A,MSG_NOOP		je mesgin_done;
1034
1035/*
1036 * Pushed message loop to allow the kernel to
1037 * run it's own message state engine.  To avoid an
1038 * extra nop instruction after signaling the kernel,
1039 * we perform the phase_lock before checking to see
1040 * if we should exit the loop and skip the phase_lock
1041 * in the ITloop.  Performing back to back phase_locks
1042 * shouldn't hurt, but why do it twice...
1043 */
1044host_message_loop:
1045	call	phase_lock;	/* Benign the first time through. */
1046	SET_SEQINTCODE(HOST_MSG_LOOP)
1047	cmp	RETURN_1, EXIT_MSG_LOOP	je ITloop;
1048	cmp	RETURN_1, CONT_MSG_LOOP_WRITE	jne . + 3;
1049	mov	SCSIDAT, RETURN_2;
1050	jmp	host_message_loop;
1051	/* Must be CONT_MSG_LOOP_READ */
1052	mov	NONE, SCSIDAT;	/* ACK Byte */
1053	jmp	host_message_loop;
1054
1055mesgin_ign_wide_residue:
1056	mov	SAVED_MODE, MODE_PTR;
1057	SET_MODE(M_SCSI, M_SCSI)
1058	shr	NEGOADDR, 4, SAVED_SCSIID;
1059	mov	A, NEGCONOPTS;
1060	RESTORE_MODE(SAVED_MODE)
1061	test	A, WIDEXFER jz mesgin_reject;
1062	/* Pull the residue byte */
1063	mvi	REG0	call inb_next;
1064	cmp	REG0, 0x01 jne mesgin_reject;
1065	test	SCB_RESIDUAL_SGPTR[0], SG_LIST_NULL jz . + 2;
1066	test	SCB_TASK_ATTRIBUTE, SCB_XFERLEN_ODD jnz mesgin_done;
1067	SET_SEQINTCODE(IGN_WIDE_RES)
1068	jmp	mesgin_done;
1069
1070mesgin_proto_violation:
1071	SET_SEQINTCODE(PROTO_VIOLATION)
1072	jmp	mesgin_done;
1073mesgin_reject:
1074	mvi	MSG_MESSAGE_REJECT	call mk_mesg;
1075mesgin_done:
1076	mov	NONE,SCSIDAT;		/*dummy read from latch to ACK*/
1077	jmp	ITloop;
1078
1079#define INDEX_DISC_LIST(scsiid, lun)					\
1080	and	A, 0xC0, scsiid;					\
1081	or	SCBPTR, A, lun;						\
1082	clr	SCBPTR[1];						\
1083	and	SINDEX, 0x30, scsiid;					\
1084	shr	SINDEX, 3;	/* Multiply by 2 */			\
1085	add	SINDEX, (SCB_DISCONNECTED_LISTS & 0xFF);		\
1086	mvi	SINDEX[1], ((SCB_DISCONNECTED_LISTS >> 8) & 0xFF)
1087
1088mesgin_identify:
1089	/*
1090	 * Determine whether a target is using tagged or non-tagged
1091	 * transactions by first looking at the transaction stored in
1092	 * the per-device, disconnected array.  If there is no untagged
1093	 * transaction for this target, this must be a tagged transaction.
1094	 */
1095	and	SAVED_LUN, MSG_IDENTIFY_LUNMASK, A;
1096	INDEX_DISC_LIST(SAVED_SCSIID, SAVED_LUN);
1097	bmov	DINDEX, SINDEX, 2;
1098	bmov	REG0, SINDIR, 2;
1099	cmp	REG0[1], SCB_LIST_NULL je snoop_tag;
1100	/* Untagged.  Clear the busy table entry and setup the SCB. */
1101	bmov	DINDIR, ALLONES, 2;
1102	bmov	SCBPTR, REG0, 2;
1103	jmp	setup_SCB;
1104
1105/*
1106 * Here we "snoop" the bus looking for a SIMPLE QUEUE TAG message.
1107 * If we get one, we use the tag returned to find the proper
1108 * SCB.  After receiving the tag, look for the SCB at SCB locations tag and
1109 * tag + 256.
1110 */
1111snoop_tag:
1112	if ((ahd->flags & AHD_SEQUENCER_DEBUG) != 0) {
1113		or	SEQ_FLAGS, 0x80;
1114	}
1115	mov	NONE, SCSIDAT;		/* ACK Identify MSG */
1116	call	phase_lock;
1117	if ((ahd->flags & AHD_SEQUENCER_DEBUG) != 0) {
1118		or	SEQ_FLAGS, 0x1;
1119	}
1120	cmp	LASTPHASE, P_MESGIN	jne not_found_ITloop;
1121	if ((ahd->flags & AHD_SEQUENCER_DEBUG) != 0) {
1122		or	SEQ_FLAGS, 0x2;
1123	}
1124	cmp	SCSIBUS, MSG_SIMPLE_Q_TAG jne not_found;
1125get_tag:
1126	clr	SCBPTR[1];
1127	mvi	SCBPTR	call inb_next;	/* tag value */
1128verify_scb:
1129	test	SCB_CONTROL,DISCONNECTED jz verify_other_scb;
1130	mov	A, SAVED_SCSIID;
1131	cmp	SCB_SCSIID, A jne verify_other_scb;
1132	mov	A, SAVED_LUN;
1133	cmp	SCB_LUN, A je setup_SCB_disconnected;
1134verify_other_scb:
1135	xor	SCBPTR[1], 1;
1136	test	SCBPTR[1], 0xFF jnz verify_scb;
1137	jmp	not_found;
1138
1139/*
1140 * Ensure that the SCB the tag points to is for
1141 * an SCB transaction to the reconnecting target.
1142 */
1143setup_SCB:
1144	if ((ahd->flags & AHD_SEQUENCER_DEBUG) != 0) {
1145		or	SEQ_FLAGS, 0x10;
1146	}
1147	test	SCB_CONTROL,DISCONNECTED jz not_found;
1148setup_SCB_disconnected:
1149	and	SCB_CONTROL,~DISCONNECTED;
1150	clr	SEQ_FLAGS;	/* make note of IDENTIFY */
1151	test	SCB_SGPTR, SG_LIST_NULL jnz . + 3;
1152	bmov	ALLOCFIFO_SCBPTR, SCBPTR, 2;
1153	call	allocate_fifo;
1154	/* See if the host wants to send a message upon reconnection */
1155	test	SCB_CONTROL, MK_MESSAGE jz mesgin_done;
1156	mvi	HOST_MSG	call mk_mesg;
1157	jmp	mesgin_done;
1158
1159not_found:
1160	SET_SEQINTCODE(NO_MATCH)
1161	jmp	mesgin_done;
1162
1163not_found_ITloop:
1164	SET_SEQINTCODE(NO_MATCH)
1165	jmp	ITloop;
1166
1167/*
1168 * We received a "command complete" message.  Put the SCB on the complete
1169 * queue and trigger a completion interrupt via the idle loop.  Before doing
1170 * so, check to see if there is a residual or the status byte is something
1171 * other than STATUS_GOOD (0).  In either of these conditions, we upload the
1172 * SCB back to the host so it can process this information.
1173 */
1174mesgin_complete:
1175
1176	/*
1177	 * If ATN is raised, we still want to give the target a message.
1178	 * Perhaps there was a parity error on this last message byte.
1179	 * Either way, the target should take us to message out phase
1180	 * and then attempt to complete the command again.  We should use a
1181	 * critical section here to guard against a timeout triggering
1182	 * for this command and setting ATN while we are still processing
1183	 * the completion.
1184	test	SCSISIGI, ATNI jnz mesgin_done;
1185	 */
1186
1187	/*
1188	 * If we are identified and have successfully sent the CDB,
1189	 * any status will do.  Optimize this fast path.
1190	 */
1191	test	SCB_CONTROL, STATUS_RCVD jz mesgin_proto_violation;
1192	test	SEQ_FLAGS, NOT_IDENTIFIED|NO_CDB_SENT jz complete_accepted;
1193
1194	/*
1195	 * If the target never sent an identify message but instead went
1196	 * to mesgin to give an invalid message, let the host abort us.
1197	 */
1198	test	SEQ_FLAGS, NOT_IDENTIFIED jnz mesgin_proto_violation;
1199
1200	/*
1201	 * If we recevied good status but never successfully sent the
1202	 * cdb, abort the command.
1203	 */
1204	test	SCB_SCSI_STATUS,0xff	jnz complete_accepted;
1205	test	SEQ_FLAGS, NO_CDB_SENT jnz mesgin_proto_violation;
1206complete_accepted:
1207
1208	/*
1209	 * See if we attempted to deliver a message but the target ignored us.
1210	 */
1211	test	SCB_CONTROL, MK_MESSAGE jz complete_nomsg;
1212	SET_SEQINTCODE(MKMSG_FAILED)
1213complete_nomsg:
1214	call	queue_scb_completion;
1215	jmp	await_busfree;
1216
1217BEGIN_CRITICAL;
1218freeze_queue:
1219	/* Cancel any pending select-out. */
1220	test	SSTAT0, SELDO|SELINGO jnz . + 2;
1221	and	SCSISEQ0, ~ENSELO;
1222	mov	ACCUM_SAVE, A;
1223	clr	A;
1224	add	QFREEZE_COUNT, 1;
1225	adc	QFREEZE_COUNT[1], A;
1226	or	SEQ_FLAGS2, SELECTOUT_QFROZEN;
1227	mov	A, ACCUM_SAVE ret;
1228END_CRITICAL;
1229
1230/*
1231 * Complete the current FIFO's SCB if data for this same
1232 * SCB is not transferring in the other FIFO.
1233 */
1234SET_SRC_MODE	M_DFF1;
1235SET_DST_MODE	M_DFF1;
1236pkt_complete_scb_if_fifos_idle:
1237	bmov	ARG_1, SCBPTR, 2;
1238	mvi	DFFSXFRCTL, CLRCHN;
1239	SET_MODE(M_SCSI, M_SCSI)
1240	bmov	SCBPTR, ARG_1, 2;
1241	test	SCB_FIFO_USE_COUNT, 0xFF jnz return;
1242queue_scb_completion:
1243	test	SCB_SCSI_STATUS,0xff	jnz bad_status;
1244	/*
1245	 * Check for residuals
1246	 */
1247	test	SCB_SGPTR, SG_LIST_NULL jnz complete;	/* No xfer */
1248	test	SCB_SGPTR, SG_FULL_RESID jnz upload_scb;/* Never xfered */
1249	test	SCB_RESIDUAL_SGPTR, SG_LIST_NULL jz upload_scb;
1250complete:
1251BEGIN_CRITICAL;
1252	bmov	SCB_NEXT_COMPLETE, COMPLETE_SCB_HEAD, 2;
1253	bmov	COMPLETE_SCB_HEAD, SCBPTR, 2 ret;
1254END_CRITICAL;
1255bad_status:
1256	cmp	SCB_SCSI_STATUS, STATUS_PKT_SENSE je upload_scb;
1257	call	freeze_queue;
1258upload_scb:
1259	/*
1260	 * Restore SCB TAG since we reuse this field
1261	 * in the sequencer.  We don't want to corrupt
1262	 * it on the host.
1263	 */
1264	bmov	SCB_TAG, SCBPTR, 2;
1265BEGIN_CRITICAL;
1266	or	SCB_SGPTR, SG_STATUS_VALID;
1267	mvi	SCB_NEXT_COMPLETE[1], SCB_LIST_NULL;
1268	cmp	COMPLETE_DMA_SCB_HEAD[1], SCB_LIST_NULL jne add_dma_scb_tail;
1269	bmov	COMPLETE_DMA_SCB_HEAD, SCBPTR, 2;
1270	bmov	COMPLETE_DMA_SCB_TAIL, SCBPTR, 2 ret;
1271add_dma_scb_tail:
1272	bmov	REG0, SCBPTR, 2;
1273	bmov	SCBPTR, COMPLETE_DMA_SCB_TAIL, 2;
1274	bmov	SCB_NEXT_COMPLETE, REG0, 2;
1275	bmov	COMPLETE_DMA_SCB_TAIL, REG0, 2 ret;
1276END_CRITICAL;
1277
1278/*
1279 * Is it a disconnect message?  Set a flag in the SCB to remind us
1280 * and await the bus going free.  If this is an untagged transaction
1281 * store the SCB id for it in our untagged target table for lookup on
1282 * a reselction.
1283 */
1284mesgin_disconnect:
1285	/*
1286	 * If ATN is raised, we still want to give the target a message.
1287	 * Perhaps there was a parity error on this last message byte
1288	 * or we want to abort this command.  Either way, the target
1289	 * should take us to message out phase and then attempt to
1290	 * disconnect again.
1291	 * XXX - Wait for more testing.
1292	test	SCSISIGI, ATNI jnz mesgin_done;
1293	 */
1294	test	SEQ_FLAGS, NOT_IDENTIFIED|NO_CDB_SENT
1295		jnz mesgin_proto_violation;
1296	or	SCB_CONTROL,DISCONNECTED;
1297	test	SCB_CONTROL, TAG_ENB jnz await_busfree;
1298queue_disc_scb:
1299	bmov	REG0, SCBPTR, 2;
1300	INDEX_DISC_LIST(SAVED_SCSIID, SAVED_LUN);
1301	bmov	DINDEX, SINDEX, 2;
1302	bmov	DINDIR, REG0, 2;
1303	bmov	SCBPTR, REG0, 2;
1304	/* FALLTHROUGH */
1305await_busfree:
1306	and	SIMODE1, ~ENBUSFREE;
1307	if ((ahd->bugs & AHD_BUSFREEREV_BUG) == 0) {
1308		/*
1309		 * In the BUSFREEREV_BUG case, the
1310		 * busfree status was cleared at the
1311		 * beginning of the connection.
1312		 */
1313		mvi	CLRSINT1,CLRBUSFREE;
1314	}
1315	mov	NONE, SCSIDAT;		/* Ack the last byte */
1316	test	MODE_PTR, ~(MK_MODE(M_DFF1, M_DFF1))
1317		jnz await_busfree_not_m_dff;
1318SET_SRC_MODE	M_DFF1;
1319SET_DST_MODE	M_DFF1;
1320await_busfree_clrchn:
1321	mvi	DFFSXFRCTL, CLRCHN;
1322await_busfree_not_m_dff:
1323	/* clear target specific flags */
1324	mvi	SEQ_FLAGS, NOT_IDENTIFIED|NO_CDB_SENT;
1325	test	SSTAT1,REQINIT|BUSFREE	jz .;
1326	/*
1327	 * We only set BUSFREE status once either a new
1328	 * phase has been detected or we are really
1329	 * BUSFREE.  This allows the driver to know
1330	 * that we are active on the bus even though
1331	 * no identified transaction exists should a
1332	 * timeout occur while awaiting busfree.
1333	 */
1334	mvi	LASTPHASE, P_BUSFREE;
1335	test	SSTAT1, BUSFREE jnz idle_loop;
1336	SET_SEQINTCODE(MISSED_BUSFREE)
1337
1338
1339/*
1340 * Save data pointers message:
1341 * Copying RAM values back to SCB, for Save Data Pointers message, but
1342 * only if we've actually been into a data phase to change them.  This
1343 * protects against bogus data in scratch ram and the residual counts
1344 * since they are only initialized when we go into data_in or data_out.
1345 * Ack the message as soon as possible.
1346 */
1347SET_SRC_MODE	M_DFF1;
1348SET_DST_MODE	M_DFF1;
1349mesgin_sdptrs:
1350	mov	NONE,SCSIDAT;		/*dummy read from latch to ACK*/
1351	test	SEQ_FLAGS, DPHASE	jz ITloop;
1352	call	save_pointers;
1353	jmp	ITloop;
1354
1355save_pointers:
1356	/*
1357	 * If we are asked to save our position at the end of the
1358	 * transfer, just mark us at the end rather than perform a
1359	 * full save.
1360	 */
1361	test	SCB_RESIDUAL_SGPTR[0], SG_LIST_NULL jz save_pointers_full;
1362	or	SCB_SGPTR, SG_LIST_NULL ret;
1363
1364save_pointers_full:
1365	/*
1366	 * The SCB_DATAPTR becomes the current SHADDR.
1367	 * All other information comes directly from our residual
1368	 * state.
1369	 */
1370	bmov	SCB_DATAPTR, SHADDR, 8;
1371	bmov	SCB_DATACNT, SCB_RESIDUAL_DATACNT, 8 ret;
1372
1373/*
1374 * Restore pointers message?  Data pointers are recopied from the
1375 * SCB anytime we enter a data phase for the first time, so all
1376 * we need to do is clear the DPHASE flag and let the data phase
1377 * code do the rest.  We also reset/reallocate the FIFO to make
1378 * sure we have a clean start for the next data or command phase.
1379 */
1380mesgin_rdptrs:
1381	and	SEQ_FLAGS, ~DPHASE;
1382	test	MODE_PTR, ~(MK_MODE(M_DFF1, M_DFF1)) jnz msgin_rdptrs_get_fifo;
1383	mvi	DFFSXFRCTL, RSTCHN|CLRSHCNT;
1384	SET_MODE(M_SCSI, M_SCSI)
1385msgin_rdptrs_get_fifo:
1386	call	allocate_fifo;
1387	jmp	mesgin_done;
1388
1389phase_lock:
1390	if ((ahd->bugs & AHD_EARLY_REQ_BUG) != 0) {
1391		/*
1392		 * Don't ignore persistent REQ assertions just because
1393		 * they were asserted within the bus settle delay window.
1394		 * This allows us to tolerate devices like the GEM318
1395		 * that violate the SCSI spec.  We are careful not to
1396		 * count REQ while we are waiting for it to fall during
1397		 * an async phase due to our asserted ACK.  Each
1398		 * sequencer instruction takes ~25ns, so the REQ must
1399		 * last at least 100ns in order to be counted as a true
1400		 * REQ.
1401		 */
1402		test	SCSIPHASE, 0xFF jnz phase_locked;
1403		test	SCSISIGI, ACKI jnz phase_lock;
1404		test	SCSISIGI, REQI jz phase_lock;
1405		test	SCSIPHASE, 0xFF jnz phase_locked;
1406		test	SCSISIGI, ACKI jnz phase_lock;
1407		test	SCSISIGI, REQI jz phase_lock;
1408phase_locked:
1409	} else {
1410		test	SCSIPHASE, 0xFF jz .;
1411	}
1412	test	SSTAT1, SCSIPERR jnz phase_lock;
1413phase_lock_latch_phase:
1414	and	LASTPHASE, PHASE_MASK, SCSISIGI ret;
1415
1416/*
1417 * Functions to read data in Automatic PIO mode.
1418 *
1419 * An ACK is not sent on input from the target until SCSIDATL is read from.
1420 * So we wait until SCSIDATL is latched (the usual way), then read the data
1421 * byte directly off the bus using SCSIBUSL.  When we have pulled the ATN
1422 * line, or we just want to acknowledge the byte, then we do a dummy read
1423 * from SCISDATL.  The SCSI spec guarantees that the target will hold the
1424 * data byte on the bus until we send our ACK.
1425 *
1426 * The assumption here is that these are called in a particular sequence,
1427 * and that REQ is already set when inb_first is called.  inb_{first,next}
1428 * use the same calling convention as inb.
1429 */
1430inb_next:
1431	mov	NONE,SCSIDAT;		/*dummy read from latch to ACK*/
1432inb_next_wait:
1433	/*
1434	 * If there is a parity error, wait for the kernel to
1435	 * see the interrupt and prepare our message response
1436	 * before continuing.
1437	 */
1438	test	SCSIPHASE, 0xFF jz .;
1439	test	SSTAT1, SCSIPERR jnz inb_next_wait;
1440inb_next_check_phase:
1441	and	LASTPHASE, PHASE_MASK, SCSISIGI;
1442	cmp	LASTPHASE, P_MESGIN jne mesgin_phasemis;
1443inb_first:
1444	clr	DINDEX[1];
1445	mov	DINDEX,SINDEX;
1446	mov	DINDIR,SCSIBUS	ret;		/*read byte directly from bus*/
1447inb_last:
1448	mov	NONE,SCSIDAT ret;		/*dummy read from latch to ACK*/
1449
1450mk_mesg:
1451	mvi	SCSISIGO, ATNO;
1452	mov	MSG_OUT,SINDEX ret;
1453
1454SET_SRC_MODE	M_DFF1;
1455SET_DST_MODE	M_DFF1;
1456disable_ccsgen:
1457	test	SG_STATE, FETCH_INPROG jz disable_ccsgen_fetch_done;
1458	clr	CCSGCTL;
1459disable_ccsgen_fetch_done:
1460	clr	SG_STATE ret;
1461
1462service_fifo:
1463	/*
1464	 * Do we have any prefetch left???
1465	 */
1466	test	SG_STATE, SEGS_AVAIL jnz idle_sg_avail;
1467
1468	/*
1469	 * Can this FIFO have access to the S/G cache yet?
1470	 */
1471	test	CCSGCTL, SG_CACHE_AVAIL jz return;
1472
1473	/* Did we just finish fetching segs? */
1474	test	CCSGCTL, CCSGDONE jnz idle_sgfetch_complete;
1475
1476	/* Are we actively fetching segments? */
1477	test	CCSGCTL, CCSGENACK jnz return;
1478
1479	/*
1480	 * Should the other FIFO get the S/G cache first?  If
1481	 * both FIFOs have been allocated since we last checked
1482	 * any FIFO, it is important that we service a FIFO
1483	 * that is not actively on the bus first.  This guarantees
1484	 * that a FIFO will be freed to handle snapshot requests for
1485	 * any FIFO that is still on the bus.  Chips with RTI do not
1486	 * perform snapshots, so don't bother with this test there.
1487	 */
1488	if ((ahd->features & AHD_RTI) == 0) {
1489		/*
1490		 * If we're not still receiving SCSI data,
1491		 * it is safe to allocate the S/G cache to
1492		 * this FIFO.
1493		 */
1494		test	DFCNTRL, SCSIEN jz idle_sgfetch_start;
1495
1496		/*
1497		 * Switch to the other FIFO.  Non-RTI chips
1498		 * also have the "set mode" bug, so we must
1499		 * disable interrupts during the switch.
1500		 */
1501		mvi	SEQINTCTL, INTVEC1DSL;
1502		xor	MODE_PTR, MK_MODE(M_DFF1, M_DFF1);
1503
1504		/*
1505		 * If the other FIFO needs loading, then it
1506		 * must not have claimed the S/G cache yet
1507		 * (SG_CACHE_AVAIL would have been cleared in
1508		 * the original FIFO mode and we test this above).
1509		 * Return to the idle loop so we can process the
1510		 * FIFO not currently on the bus first.
1511		 */
1512		test	SG_STATE, LOADING_NEEDED jz idle_sgfetch_okay;
1513		clr	SEQINTCTL ret;
1514idle_sgfetch_okay:
1515		xor	MODE_PTR, MK_MODE(M_DFF1, M_DFF1);
1516		clr	SEQINTCTL;
1517	}
1518
1519idle_sgfetch_start:
1520	/*
1521	 * We fetch a "cacheline aligned" and sized amount of data
1522	 * so we don't end up referencing a non-existant page.
1523	 * Cacheline aligned is in quotes because the kernel will
1524	 * set the prefetch amount to a reasonable level if the
1525	 * cacheline size is unknown.
1526	 */
1527	bmov	SGHADDR, SCB_RESIDUAL_SGPTR, 4;
1528	mvi	SGHCNT, SG_PREFETCH_CNT;
1529	if ((ahd->bugs & AHD_REG_SLOW_SETTLE_BUG) != 0) {
1530		/*
1531		 * Need two instructions between "touches" of SGHADDR.
1532		 */
1533		nop;
1534	}
1535	and	SGHADDR[0], SG_PREFETCH_ALIGN_MASK, SCB_RESIDUAL_SGPTR;
1536	mvi	CCSGCTL, CCSGEN|CCSGRESET;
1537	or	SG_STATE, FETCH_INPROG ret;
1538idle_sgfetch_complete:
1539	/*
1540	 * Guard against SG_CACHE_AVAIL activating during sg fetch
1541	 * request in the other FIFO.
1542	 */
1543	test	SG_STATE, FETCH_INPROG jz return;
1544	clr	CCSGCTL;
1545	and	CCSGADDR, SG_PREFETCH_ADDR_MASK, SCB_RESIDUAL_SGPTR;
1546	mvi	SG_STATE, SEGS_AVAIL|LOADING_NEEDED;
1547idle_sg_avail:
1548	/* Does the hardware have space for another SG entry? */
1549	test	DFSTATUS, PRELOAD_AVAIL jz return;
1550	/*
1551	 * On the A, preloading a segment before HDMAENACK
1552	 * comes true can clobber the shadow address of the
1553	 * first segment in the S/G FIFO.  Wait until it is
1554	 * safe to proceed.
1555	 */
1556	if ((ahd->features & AHD_NEW_DFCNTRL_OPTS) == 0) {
1557		test	DFCNTRL, HDMAENACK jz return;
1558	}
1559	if ((ahd->flags & AHD_64BIT_ADDRESSING) != 0) {
1560		bmov	HADDR, CCSGRAM, 8;
1561	} else {
1562		bmov 	HADDR, CCSGRAM, 4;
1563	}
1564	bmov	HCNT, CCSGRAM, 3;
1565	bmov	SCB_RESIDUAL_DATACNT[3], CCSGRAM, 1;
1566	if ((ahd->flags & AHD_39BIT_ADDRESSING) != 0) {
1567		and	HADDR[4], SG_HIGH_ADDR_BITS, SCB_RESIDUAL_DATACNT[3];
1568	}
1569	if ((ahd->flags & AHD_64BIT_ADDRESSING) != 0) {
1570		/* Skip 4 bytes of pad. */
1571		add	CCSGADDR, 4;
1572	}
1573sg_advance:
1574	clr	A;			/* add sizeof(struct scatter) */
1575	add	SCB_RESIDUAL_SGPTR[0],SG_SIZEOF;
1576	adc	SCB_RESIDUAL_SGPTR[1],A;
1577	adc	SCB_RESIDUAL_SGPTR[2],A;
1578	adc	SCB_RESIDUAL_SGPTR[3],A;
1579	mov	SINDEX, SCB_RESIDUAL_SGPTR[0];
1580	test	SCB_RESIDUAL_DATACNT[3], SG_LAST_SEG jz . + 3;
1581	or	SINDEX, LAST_SEG;
1582	clr	SG_STATE;
1583	mov	SG_CACHE_PRE, SINDEX;
1584	if ((ahd->features & AHD_NEW_DFCNTRL_OPTS) != 0) {
1585		/*
1586		 * Use SCSIENWRDIS so that SCSIEN is never
1587		 * modified by this operation.
1588		 */
1589		or	DFCNTRL, PRELOADEN|HDMAEN|SCSIENWRDIS;
1590	} else {
1591		or	DFCNTRL, PRELOADEN|HDMAEN;
1592	}
1593	/*
1594	 * Do we have another segment in the cache?
1595	 */
1596	add	NONE, SG_PREFETCH_CNT_LIMIT, CCSGADDR;
1597	jnc	return;
1598	and	SG_STATE, ~SEGS_AVAIL ret;
1599
1600/*
1601 * Initialize the DMA address and counter from the SCB.
1602 */
1603load_first_seg:
1604	bmov	HADDR, SCB_DATAPTR, 11;
1605	and	REG_ISR, ~SG_FULL_RESID, SCB_SGPTR[0];
1606	test	SCB_DATACNT[3], SG_LAST_SEG jz . + 2;
1607	or	REG_ISR, LAST_SEG;
1608	mov	SG_CACHE_PRE, REG_ISR;
1609	mvi	DFCNTRL, (PRELOADEN|SCSIEN|HDMAEN);
1610	/*
1611	 * Since we've are entering a data phase, we will
1612	 * rely on the SCB_RESID* fields.  Initialize the
1613	 * residual and clear the full residual flag.
1614	 */
1615	and	SCB_SGPTR[0], ~SG_FULL_RESID;
1616	bmov	SCB_RESIDUAL_DATACNT[3], SCB_DATACNT[3], 5;
1617	/* If we need more S/G elements, tell the idle loop */
1618	test	SCB_RESIDUAL_DATACNT[3], SG_LAST_SEG jnz . + 2;
1619	mvi	SG_STATE, LOADING_NEEDED ret;
1620	clr	SG_STATE ret;
1621
1622p_data_handle_xfer:
1623	call	setjmp;
1624	test	SG_STATE, LOADING_NEEDED jnz service_fifo;
1625p_data_clear_handler:
1626	or	LONGJMP_ADDR[1], INVALID_ADDR ret;
1627
1628p_data:
1629	test	SEQ_FLAGS, NOT_IDENTIFIED|NO_CDB_SENT	jz p_data_allowed;
1630	SET_SEQINTCODE(PROTO_VIOLATION)
1631p_data_allowed:
1632
1633	test	SEQ_FLAGS, DPHASE	jz data_phase_initialize;
1634
1635	/*
1636	 * If we re-enter the data phase after going through another
1637	 * phase, our transfer location has almost certainly been
1638	 * corrupted by the interveining, non-data, transfers.  Ask
1639	 * the host driver to fix us up based on the transfer residual
1640	 * unless we already know that we should be bitbucketing.
1641	 */
1642	test	SCB_RESIDUAL_SGPTR[0], SG_LIST_NULL jnz p_data_bitbucket;
1643	SET_SEQINTCODE(PDATA_REINIT)
1644	jmp	data_phase_inbounds;
1645
1646p_data_bitbucket:
1647	/*
1648	 * Turn on `Bit Bucket' mode, wait until the target takes
1649	 * us to another phase, and then notify the host.
1650	 */
1651	mov	SAVED_MODE, MODE_PTR;
1652	test	MODE_PTR, ~(MK_MODE(M_DFF1, M_DFF1))
1653		jnz bitbucket_not_m_dff;
1654	/*
1655	 * Ensure that any FIFO contents are cleared out and the
1656	 * FIFO free'd prior to starting the BITBUCKET.  BITBUCKET
1657	 * doesn't discard data already in the FIFO.
1658	 */
1659	mvi	DFFSXFRCTL, RSTCHN|CLRSHCNT;
1660	SET_MODE(M_SCSI, M_SCSI)
1661bitbucket_not_m_dff:
1662	or	SXFRCTL1,BITBUCKET;
1663	/* Wait for non-data phase. */
1664	test	SCSIPHASE, ~DATA_PHASE_MASK jz .;
1665	and	SXFRCTL1, ~BITBUCKET;
1666	RESTORE_MODE(SAVED_MODE)
1667SET_SRC_MODE	M_DFF1;
1668SET_DST_MODE	M_DFF1;
1669	SET_SEQINTCODE(DATA_OVERRUN)
1670	jmp	ITloop;
1671
1672data_phase_initialize:
1673	test	SCB_SGPTR[0], SG_LIST_NULL jnz p_data_bitbucket;
1674	call	load_first_seg;
1675data_phase_inbounds:
1676	/* We have seen a data phase at least once. */
1677	or	SEQ_FLAGS, DPHASE;
1678	mov	SAVED_MODE, MODE_PTR;
1679	test	SG_STATE, LOADING_NEEDED jz data_group_dma_loop;
1680	call	p_data_handle_xfer;
1681data_group_dma_loop:
1682	/*
1683	 * The transfer is complete if either the last segment
1684	 * completes or the target changes phase.  Both conditions
1685	 * will clear SCSIEN.
1686	 */
1687	call	idle_loop_service_fifos;
1688	call	idle_loop_cchan;
1689	call	idle_loop_gsfifo;
1690	RESTORE_MODE(SAVED_MODE)
1691	test	DFCNTRL, SCSIEN jnz data_group_dma_loop;
1692
1693data_group_dmafinish:
1694	/*
1695	 * The transfer has terminated either due to a phase
1696	 * change, and/or the completion of the last segment.
1697	 * We have two goals here.  Do as much other work
1698	 * as possible while the data fifo drains on a read
1699	 * and respond as quickly as possible to the standard
1700	 * messages (save data pointers/disconnect and command
1701	 * complete) that usually follow a data phase.
1702	 */
1703	call	calc_residual;
1704
1705	/*
1706	 * Go ahead and shut down the DMA engine now.
1707	 */
1708	test	DFCNTRL, DIRECTION jnz data_phase_finish;
1709data_group_fifoflush:
1710	if ((ahd->bugs & AHD_AUTOFLUSH_BUG) != 0) {
1711		or	DFCNTRL, FIFOFLUSH;
1712	}
1713	/*
1714	 * We have enabled the auto-ack feature.  This means
1715	 * that the controller may have already transferred
1716	 * some overrun bytes into the data FIFO and acked them
1717	 * on the bus.  The only way to detect this situation is
1718	 * to wait for LAST_SEG_DONE to come true on a completed
1719	 * transfer and then test to see if the data FIFO is
1720	 * non-empty.  We know there is more data yet to transfer
1721	 * if SG_LIST_NULL is not yet set, thus there cannot be
1722	 * an overrun.
1723	 */
1724	test	SCB_RESIDUAL_SGPTR[0], SG_LIST_NULL jz data_phase_finish;
1725	test	SG_CACHE_SHADOW, LAST_SEG_DONE jz .;
1726	test	DFSTATUS, FIFOEMP jnz data_phase_finish;
1727	/* Overrun */
1728	jmp	p_data;
1729data_phase_finish:
1730	/*
1731	 * If the target has left us in data phase, loop through
1732	 * the dma code again.  We will only loop if there is a
1733	 * data overrun.
1734	 */
1735	if ((ahd->flags & AHD_TARGETROLE) != 0) {
1736		test	SSTAT0, TARGET jnz data_phase_done;
1737	}
1738	if ((ahd->flags & AHD_INITIATORROLE) != 0) {
1739		test	SSTAT1, REQINIT jz .;
1740		test	SCSIPHASE, DATA_PHASE_MASK jnz p_data;
1741	}
1742
1743data_phase_done:
1744	/* Kill off any pending prefetch */
1745	call	disable_ccsgen;
1746	or 	LONGJMP_ADDR[1], INVALID_ADDR;
1747
1748	if ((ahd->flags & AHD_TARGETROLE) != 0) {
1749		test	SEQ_FLAGS, DPHASE_PENDING jz ITloop;
1750		/*
1751		and	SEQ_FLAGS, ~DPHASE_PENDING;
1752		 * For data-in phases, wait for any pending acks from the
1753		 * initiator before changing phase.  We only need to
1754		 * send Ignore Wide Residue messages for data-in phases.
1755		test	DFCNTRL, DIRECTION jz target_ITloop;
1756		test	SSTAT1, REQINIT	jnz .;
1757		test	SCB_TASK_ATTRIBUTE, SCB_XFERLEN_ODD jz target_ITloop;
1758		SET_MODE(M_SCSI, M_SCSI)
1759		test	NEGCONOPTS, WIDEXFER jz target_ITloop;
1760		 */
1761		/*
1762		 * Issue an Ignore Wide Residue Message.
1763		mvi	P_MESGIN|BSYO call change_phase;
1764		mvi	MSG_IGN_WIDE_RESIDUE call target_outb;
1765		mvi	1 call target_outb;
1766		jmp	target_ITloop;
1767		 */
1768	} else {
1769		jmp	ITloop;
1770	}
1771
1772/*
1773 * We assume that, even though data may still be
1774 * transferring to the host, that the SCSI side of
1775 * the DMA engine is now in a static state.  This
1776 * allows us to update our notion of where we are
1777 * in this transfer.
1778 *
1779 * If, by chance, we stopped before being able
1780 * to fetch additional segments for this transfer,
1781 * yet the last S/G was completely exhausted,
1782 * call our idle loop until it is able to load
1783 * another segment.  This will allow us to immediately
1784 * pickup on the next segment on the next data phase.
1785 *
1786 * If we happened to stop on the last segment, then
1787 * our residual information is still correct from
1788 * the idle loop and there is no need to perform
1789 * any fixups.
1790 */
1791residual_before_last_seg:
1792	test    MDFFSTAT, SHVALID	jnz sgptr_fixup;
1793	/*
1794	 * Can never happen from an interrupt as the packetized
1795	 * hardware will only interrupt us once SHVALID or
1796	 * LAST_SEG_DONE.
1797	 */
1798	call	idle_loop_service_fifos;
1799	RESTORE_MODE(SAVED_MODE)
1800	/* FALLTHROUGH */
1801calc_residual:
1802	test	SG_CACHE_SHADOW, LAST_SEG jz residual_before_last_seg;
1803	/* Record if we've consumed all S/G entries */
1804	test	MDFFSTAT, SHVALID	jz . + 2;
1805	bmov	SCB_RESIDUAL_DATACNT, SHCNT, 3 ret;
1806	or	SCB_RESIDUAL_SGPTR[0], SG_LIST_NULL ret;
1807
1808sgptr_fixup:
1809	/*
1810	 * Fixup the residual next S/G pointer.  The S/G preload
1811	 * feature of the chip allows us to load two elements
1812	 * in addition to the currently active element.  We
1813	 * store the bottom byte of the next S/G pointer in
1814	 * the SG_CACHE_PTR register so we can restore the
1815	 * correct value when the DMA completes.  If the next
1816	 * sg ptr value has advanced to the point where higher
1817	 * bytes in the address have been affected, fix them
1818	 * too.
1819	 */
1820	test	SG_CACHE_SHADOW, 0x80 jz sgptr_fixup_done;
1821	test	SCB_RESIDUAL_SGPTR[0], 0x80 jnz sgptr_fixup_done;
1822	add	SCB_RESIDUAL_SGPTR[1], -1;
1823	adc	SCB_RESIDUAL_SGPTR[2], -1;
1824	adc	SCB_RESIDUAL_SGPTR[3], -1;
1825sgptr_fixup_done:
1826	and	SCB_RESIDUAL_SGPTR[0], SG_ADDR_MASK, SG_CACHE_SHADOW;
1827	clr	SCB_RESIDUAL_DATACNT[3]; /* We are not the last seg */
1828	bmov	SCB_RESIDUAL_DATACNT, SHCNT, 3 ret;
1829
1830export timer_isr:
1831	call	issue_cmdcmplt;
1832	mvi	CLRSEQINTSTAT, CLRSEQ_SWTMRTO;
1833	if ((ahd->bugs & AHD_SET_MODE_BUG) != 0) {
1834		/*
1835		 * In H2A4, the mode pointer is not saved
1836		 * for intvec2, but is restored on iret.
1837		 * This can lead to the restoration of a
1838		 * bogus mode ptr.  Manually clear the
1839		 * intmask bits and do a normal return
1840		 * to compensate.
1841		 */
1842		and	SEQINTCTL, ~(INTMASK2|INTMASK1) ret;
1843	} else {
1844		or	SEQINTCTL, IRET ret;
1845	}
1846
1847export seq_isr:
1848	if ((ahd->features & AHD_RTI) == 0) {
1849		/*
1850		 * On RevA Silicon, if the target returns us to data-out
1851		 * after we have already trained for data-out, it is
1852		 * possible for us to transition the free running clock to
1853		 * data-valid before the required 100ns P1 setup time (8 P1
1854		 * assertions in fast-160 mode).  This will only happen if
1855		 * this L-Q is a continuation of a data transfer for which
1856		 * we have already prefetched data into our FIFO (LQ/Data
1857		 * followed by LQ/Data for the same write transaction).
1858		 * This can cause some target implementations to miss the
1859		 * first few data transfers on the bus.  We detect this
1860		 * situation by noticing that this is the first data transfer
1861		 * after an LQ (LQIWORKONLQ true), that the data transfer is
1862		 * a continuation of a transfer already setup in our FIFO
1863		 * (SAVEPTRS interrupt), and that the transaction is a write
1864		 * (DIRECTION set in DFCNTRL). The delay is performed by
1865		 * disabling SCSIEN until we see the first REQ from the
1866		 * target.
1867		 *
1868		 * First instruction in an ISR cannot be a branch on
1869		 * Rev A.  Snapshot LQISTAT2 so the status is not missed
1870		 * and deffer the test by one instruction.
1871		 */
1872		mov	REG_ISR, LQISTAT2;
1873		test	REG_ISR, LQIWORKONLQ jz main_isr;
1874		test	SEQINTSRC, SAVEPTRS  jz main_isr;
1875		test	LONGJMP_ADDR[1], INVALID_ADDR jz saveptr_active_fifo;
1876		/*
1877		 * Switch to the active FIFO after clearing the snapshot
1878		 * savepointer in the current FIFO.  We do this so that
1879		 * a pending CTXTDONE or SAVEPTR is visible in the active
1880		 * FIFO.  This status is the only way we can detect if we
1881		 * have lost the race (e.g. host paused us) and our attempts
1882		 * to disable the channel occurred after all REQs were
1883		 * already seen and acked (REQINIT never comes true).
1884		 */
1885		mvi	DFFSXFRCTL, CLRCHN;
1886		xor	MODE_PTR, MK_MODE(M_DFF1, M_DFF1);
1887		test	DFCNTRL, DIRECTION jz interrupt_return;
1888		and	DFCNTRL, ~SCSIEN;
1889snapshot_wait_data_valid:
1890		test	SEQINTSRC, (CTXTDONE|SAVEPTRS) jnz interrupt_return;
1891		test	SSTAT1, REQINIT	jz snapshot_wait_data_valid;
1892snapshot_data_valid:
1893		or	DFCNTRL, SCSIEN;
1894		or	SEQINTCTL, IRET ret;
1895snapshot_saveptr:
1896		mvi	DFFSXFRCTL, CLRCHN;
1897		or	SEQINTCTL, IRET ret;
1898main_isr:
1899	}
1900	test	SEQINTSRC, CFG4DATA	jnz cfg4data_intr;
1901	test	SEQINTSRC, CFG4ISTAT	jnz cfg4istat_intr;
1902	test	SEQINTSRC, SAVEPTRS	jnz saveptr_intr;
1903	test	SEQINTSRC, CFG4ICMD	jnz cfg4icmd_intr;
1904	SET_SEQINTCODE(INVALID_SEQINT)
1905
1906/*
1907 * There are two types of save pointers interrupts:
1908 * The first is a snapshot save pointers where the current FIFO is not
1909 * active and contains a snapshot of the current poniter information.
1910 * This happens between packets in a stream for a single L_Q.  Since we
1911 * are not performing a pointer save, we can safely clear the channel
1912 * so it can be used for other transactions.  On RTI capable controllers,
1913 * where snapshots can, and are, disabled, the code to handle this type
1914 * of snapshot is not active.
1915 *
1916 * The second case is a save pointers on an active FIFO which occurs
1917 * if the target changes to a new L_Q or busfrees/QASes and the transfer
1918 * has a residual.  This should occur coincident with a ctxtdone.  We
1919 * disable the interrupt and allow our active routine to handle the
1920 * save.
1921 */
1922saveptr_intr:
1923	if ((ahd->features & AHD_RTI) == 0) {
1924		test	LONGJMP_ADDR[1], INVALID_ADDR jnz snapshot_saveptr;
1925	}
1926saveptr_active_fifo:
1927	and	SEQIMODE, ~ENSAVEPTRS;
1928	or	SEQINTCTL, IRET ret;
1929
1930cfg4data_intr:
1931	test	SCB_SGPTR[0], SG_LIST_NULL jnz pkt_handle_overrun_inc_use_count;
1932	call	load_first_seg;
1933	call	pkt_handle_xfer;
1934	inc	SCB_FIFO_USE_COUNT;
1935interrupt_return:
1936	or	SEQINTCTL, IRET ret;
1937
1938cfg4istat_intr:
1939	call	freeze_queue;
1940	add	NONE, -13, SCB_CDB_LEN;
1941	jnc	cfg4istat_have_sense_addr;
1942	test	SCB_CDB_LEN, SCB_CDB_LEN_PTR jnz cfg4istat_have_sense_addr;
1943	/*
1944	 * Host sets up address/count and enables transfer.
1945	 */
1946	SET_SEQINTCODE(CFG4ISTAT_INTR)
1947	jmp	cfg4istat_setup_handler;
1948cfg4istat_have_sense_addr:
1949	bmov	HADDR, SCB_SENSE_BUSADDR, 4;
1950	mvi	HCNT[1], (AHD_SENSE_BUFSIZE >> 8);
1951	mvi	SG_CACHE_PRE, LAST_SEG;
1952	mvi	DFCNTRL, PRELOADEN|SCSIEN|HDMAEN;
1953cfg4istat_setup_handler:
1954	/*
1955	 * Status pkt is transferring to host.
1956	 * Wait in idle loop for transfer to complete.
1957	 * If a command completed before an attempted
1958	 * task management function completed, notify the host.
1959	 */
1960	test	SCB_TASK_MANAGEMENT, 0xFF jz cfg4istat_no_taskmgmt_func;
1961	SET_SEQINTCODE(TASKMGMT_CMD_CMPLT_OKAY)
1962cfg4istat_no_taskmgmt_func:
1963	call	pkt_handle_status;
1964	or	SEQINTCTL, IRET ret;
1965
1966cfg4icmd_intr:
1967	/*
1968	 * In the case of DMAing a CDB from the host, the normal
1969	 * CDB buffer is formatted with an 8 byte address followed
1970	 * by a 1 byte count.
1971	 */
1972	bmov	HADDR[0], SCB_HOST_CDB_PTR, 9;
1973	mvi	SG_CACHE_PRE, LAST_SEG;
1974	mvi	DFCNTRL, (PRELOADEN|SCSIEN|HDMAEN);
1975	call	pkt_handle_cdb;
1976	or	SEQINTCTL, IRET ret;
1977
1978/*
1979 * See if the target has gone on in this context creating an
1980 * overrun condition.  For the write case, the hardware cannot
1981 * ack bytes until data are provided.  So, if the target begins
1982 * another  packet without changing contexts, implying we are
1983 * not sitting on a packet boundary, we are in an overrun
1984 * situation.  For the read case, the hardware will continue to
1985 * ack bytes into the FIFO, and may even ack the last overrun packet
1986 * into the FIFO.   If the FIFO should become non-empty, we are in
1987 * a read overrun case.
1988 */
1989#define check_overrun							\
1990	/* Not on a packet boundary. */					\
1991	test 	MDFFSTAT, DLZERO jz pkt_handle_overrun;			\
1992	test	DFSTATUS, FIFOEMP jz pkt_handle_overrun
1993
1994pkt_handle_xfer:
1995	test	SG_STATE, LOADING_NEEDED jz pkt_last_seg;
1996	call	setjmp;
1997	test	SEQINTSRC, SAVEPTRS jnz pkt_saveptrs;
1998	test	SCSIPHASE, ~DATA_PHASE_MASK jz . + 2;
1999	test	SCSISIGO, ATNO jnz . + 2;
2000	test	SSTAT2, NONPACKREQ jz pkt_service_fifo;
2001	/*
2002	 * Defer handling of this NONPACKREQ until we
2003	 * can be sure it pertains to this FIFO.  SAVEPTRS
2004	 * will not be asserted if the NONPACKREQ is for us,
2005	 * so we must simulate it if shadow is valid.  If
2006	 * shadow is not valid, keep running this FIFO until we
2007	 * have satisfied the transfer by loading segments and
2008	 * waiting for either shadow valid or last_seg_done.
2009	 */
2010	test	MDFFSTAT, SHVALID jnz pkt_saveptrs;
2011pkt_service_fifo:
2012	test	SG_STATE, LOADING_NEEDED jnz service_fifo;
2013pkt_last_seg:
2014	call	setjmp;
2015	test	SEQINTSRC, SAVEPTRS jnz pkt_saveptrs;
2016	test	SG_CACHE_SHADOW, LAST_SEG_DONE jnz pkt_last_seg_done;
2017	test	SCSIPHASE, ~DATA_PHASE_MASK jz . + 2;
2018	test	SCSISIGO, ATNO jnz . + 2;
2019	test	SSTAT2, NONPACKREQ jz return;
2020	test	MDFFSTAT, SHVALID jz return;
2021	/* FALLTHROUGH */
2022
2023/*
2024 * Either a SAVEPTRS interrupt condition is pending for this FIFO
2025 * or we have a pending NONPACKREQ for this FIFO.  We differentiate
2026 * between the two by capturing the state of the SAVEPTRS interrupt
2027 * prior to clearing this status and executing the common code for
2028 * these two cases.
2029 */
2030pkt_saveptrs:
2031BEGIN_CRITICAL;
2032	if ((ahd->bugs & AHD_AUTOFLUSH_BUG) != 0) {
2033		or	DFCNTRL, FIFOFLUSH;
2034	}
2035	mov	REG0, SEQINTSRC;
2036	call	calc_residual;
2037	call	save_pointers;
2038	mvi	CLRSEQINTSRC, CLRSAVEPTRS;
2039	call	disable_ccsgen;
2040	or	SEQIMODE, ENSAVEPTRS;
2041	test	DFCNTRL, DIRECTION jnz pkt_saveptrs_check_status;
2042	test	DFSTATUS, FIFOEMP jnz pkt_saveptrs_check_status;
2043	/*
2044	 * Keep a handler around for this FIFO until it drains
2045	 * to the host to guarantee that we don't complete the
2046	 * command to the host before the data arrives.
2047	 */
2048pkt_saveptrs_wait_fifoemp:
2049	call	setjmp;
2050	test	DFSTATUS, FIFOEMP jz return;
2051pkt_saveptrs_check_status:
2052	or	LONGJMP_ADDR[1], INVALID_ADDR;
2053	test	REG0, SAVEPTRS jz unexpected_nonpkt_phase;
2054	dec	SCB_FIFO_USE_COUNT;
2055	test	SCB_CONTROL, STATUS_RCVD jnz pkt_complete_scb_if_fifos_idle;
2056	mvi	DFFSXFRCTL, CLRCHN ret;
2057
2058/*
2059 * LAST_SEG_DONE status has been seen in the current FIFO.
2060 * This indicates that all of the allowed data for this
2061 * command has transferred across the SCSI and host buses.
2062 * Check for overrun and see if we can complete this command.
2063 */
2064pkt_last_seg_done:
2065	/*
2066	 * Mark transfer as completed.
2067	 */
2068	or	SCB_SGPTR, SG_LIST_NULL;
2069
2070	/*
2071	 * Wait for the current context to finish to verify that
2072	 * no overrun condition has occurred.
2073	 */
2074	test	SEQINTSRC, CTXTDONE jnz pkt_ctxt_done;
2075	call	setjmp;
2076pkt_wait_ctxt_done_loop:
2077	test	SEQINTSRC, CTXTDONE jnz pkt_ctxt_done;
2078	/*
2079	 * A sufficiently large overrun or a NONPACKREQ may
2080	 * prevent CTXTDONE from ever asserting, so we must
2081	 * poll for these statuses too.
2082	 */
2083	check_overrun;
2084	test	SSTAT2, NONPACKREQ jz return;
2085	test	SEQINTSRC, CTXTDONE jz unexpected_nonpkt_phase;
2086	/* FALLTHROUGH */
2087
2088pkt_ctxt_done:
2089	check_overrun;
2090	or	LONGJMP_ADDR[1], INVALID_ADDR;
2091	/*
2092	 * If status has been received, it is safe to skip
2093	 * the check to see if another FIFO is active because
2094	 * LAST_SEG_DONE has been observed.  However, we check
2095	 * the FIFO anyway since it costs us only one extra
2096	 * instruction to leverage common code to perform the
2097	 * SCB completion.
2098	 */
2099	dec	SCB_FIFO_USE_COUNT;
2100	test	SCB_CONTROL, STATUS_RCVD jnz pkt_complete_scb_if_fifos_idle;
2101	mvi	DFFSXFRCTL, CLRCHN ret;
2102END_CRITICAL;
2103
2104/*
2105 * Must wait until CDB xfer is over before issuing the
2106 * clear channel.
2107 */
2108pkt_handle_cdb:
2109	call	setjmp;
2110	test	SG_CACHE_SHADOW, LAST_SEG_DONE jz return;
2111	or	LONGJMP_ADDR[1], INVALID_ADDR;
2112	mvi	DFFSXFRCTL, CLRCHN ret;
2113
2114/*
2115 * Watch over the status transfer.  Our host sense buffer is
2116 * large enough to take the maximum allowed status packet.
2117 * None-the-less, we must still catch and report overruns to
2118 * the host.  Additionally, properly catch unexpected non-packet
2119 * phases that are typically caused by CRC errors in status packet
2120 * transmission.
2121 */
2122pkt_handle_status:
2123	call	setjmp;
2124	test	SG_CACHE_SHADOW, LAST_SEG_DONE jnz pkt_status_check_overrun;
2125	test	SEQINTSRC, CTXTDONE jz pkt_status_check_nonpackreq;
2126	test	SG_CACHE_SHADOW, LAST_SEG_DONE jnz pkt_status_check_overrun;
2127pkt_status_IU_done:
2128	if ((ahd->bugs & AHD_AUTOFLUSH_BUG) != 0) {
2129		or	DFCNTRL, FIFOFLUSH;
2130	}
2131	test	DFSTATUS, FIFOEMP jz return;
2132BEGIN_CRITICAL;
2133	or	LONGJMP_ADDR[1], INVALID_ADDR;
2134	mvi	SCB_SCSI_STATUS, STATUS_PKT_SENSE;
2135	or	SCB_CONTROL, STATUS_RCVD;
2136	jmp	pkt_complete_scb_if_fifos_idle;
2137END_CRITICAL;
2138pkt_status_check_overrun:
2139	/*
2140	 * Status PKT overruns are unceremoniously recovered with a
2141	 * bus reset.  If we've overrun, let the host know so that
2142	 * recovery can be performed.
2143	 *
2144	 * LAST_SEG_DONE has been observed.  If either CTXTDONE or
2145	 * a NONPACKREQ phase change have occurred and the FIFO is
2146	 * empty, there is no overrun.
2147	 */
2148	test	DFSTATUS, FIFOEMP jz pkt_status_report_overrun;
2149	test	SEQINTSRC, CTXTDONE jz . + 2;
2150	test	DFSTATUS, FIFOEMP jnz pkt_status_IU_done;
2151	test	SCSIPHASE, ~DATA_PHASE_MASK jz return;
2152	test	DFSTATUS, FIFOEMP jnz pkt_status_check_nonpackreq;
2153pkt_status_report_overrun:
2154	SET_SEQINTCODE(STATUS_OVERRUN)
2155	/* SEQUENCER RESTARTED */
2156pkt_status_check_nonpackreq:
2157	/*
2158	 * CTXTDONE may be held off if a NONPACKREQ is associated with
2159	 * the current context.  If a NONPACKREQ is observed, decide
2160	 * if it is for the current context.  If it is for the current
2161	 * context, we must defer NONPACKREQ processing until all data
2162	 * has transferred to the host.
2163	 */
2164	test	SCSIPHASE, ~DATA_PHASE_MASK jz return;
2165	test	SCSISIGO, ATNO jnz . + 2;
2166	test	SSTAT2, NONPACKREQ jz return;
2167	test	SEQINTSRC, CTXTDONE jnz pkt_status_IU_done;
2168	test	DFSTATUS, FIFOEMP jz return;
2169	/*
2170	 * The unexpected nonpkt phase handler assumes that any
2171	 * data channel use will have a FIFO reference count.  It
2172	 * turns out that the status handler doesn't need a references
2173	 * count since the status received flag, and thus completion
2174	 * processing, cannot be set until the handler is finished.
2175	 * We increment the count here to make the nonpkt handler
2176	 * happy.
2177	 */
2178	inc	SCB_FIFO_USE_COUNT;
2179	/* FALLTHROUGH */
2180
2181/*
2182 * Nonpackreq is a polled status.  It can come true in three situations:
2183 * we have received an L_Q, we have sent one or more L_Qs, or there is no
2184 * L_Q context associated with this REQ (REQ occurs immediately after a
2185 * (re)selection).  Routines that know that the context responsible for this
2186 * nonpackreq call directly into unexpected_nonpkt_phase.  In the case of the
2187 * top level idle loop, we exhaust all active contexts prior to determining that
2188 * we simply do not have the full I_T_L_Q for this phase.
2189 */
2190unexpected_nonpkt_phase_find_ctxt:
2191	/*
2192	 * This nonpackreq is most likely associated with one of the tags
2193	 * in a FIFO or an outgoing LQ.  Only treat it as an I_T only
2194	 * nonpackreq if we've cleared out the FIFOs and handled any
2195	 * pending SELDO.
2196	 */
2197SET_SRC_MODE	M_SCSI;
2198SET_DST_MODE	M_SCSI;
2199	and	A, FIFO1FREE|FIFO0FREE, DFFSTAT;
2200	cmp	A, FIFO1FREE|FIFO0FREE jne return;
2201	test	SSTAT0, SELDO jnz return;
2202	mvi	SCBPTR[1], SCB_LIST_NULL;
2203unexpected_nonpkt_phase:
2204	test	MODE_PTR, ~(MK_MODE(M_DFF1, M_DFF1))
2205		jnz unexpected_nonpkt_mode_cleared;
2206SET_SRC_MODE	M_DFF0;
2207SET_DST_MODE	M_DFF0;
2208	or	LONGJMP_ADDR[1], INVALID_ADDR;
2209	dec	SCB_FIFO_USE_COUNT;
2210	mvi	DFFSXFRCTL, CLRCHN;
2211unexpected_nonpkt_mode_cleared:
2212	mvi	CLRSINT2, CLRNONPACKREQ;
2213	if ((ahd->bugs & AHD_BUSFREEREV_BUG) != 0) {
2214		/*
2215		 * Test to ensure that the bus has not
2216		 * already gone free prior to clearing
2217		 * any stale busfree status.  This avoids
2218		 * a window whereby a busfree just after
2219		 * a selection could be missed.
2220		 */
2221		test	SCSISIGI, BSYI jz . + 2;
2222		mvi	CLRSINT1,CLRBUSFREE;
2223		or	SIMODE1, ENBUSFREE;
2224	}
2225	test	SCSIPHASE, ~(MSG_IN_PHASE|MSG_OUT_PHASE) jnz illegal_phase;
2226	SET_SEQINTCODE(ENTERING_NONPACK)
2227	jmp	ITloop;
2228
2229illegal_phase:
2230	SET_SEQINTCODE(ILLEGAL_PHASE)
2231	jmp	ITloop;
2232
2233/*
2234 * We have entered an overrun situation.  If we have working
2235 * BITBUCKET, flip that on and let the hardware eat any overrun
2236 * data.  Otherwise use an overrun buffer in the host to simulate
2237 * BITBUCKET.
2238 */
2239pkt_handle_overrun_inc_use_count:
2240	inc	SCB_FIFO_USE_COUNT;
2241pkt_handle_overrun:
2242	SET_SEQINTCODE(CFG4OVERRUN)
2243	call	freeze_queue;
2244	if ((ahd->bugs & AHD_PKT_BITBUCKET_BUG) == 0) {
2245		or	DFFSXFRCTL, DFFBITBUCKET;
2246SET_SRC_MODE	M_DFF1;
2247SET_DST_MODE	M_DFF1;
2248	} else {
2249		call	load_overrun_buf;
2250		mvi	DFCNTRL, (HDMAEN|SCSIEN|PRELOADEN);
2251	}
2252	call	setjmp;
2253	if ((ahd->bugs & AHD_PKT_BITBUCKET_BUG) != 0) {
2254		test	DFSTATUS, PRELOAD_AVAIL jz overrun_load_done;
2255		call	load_overrun_buf;
2256		or	DFCNTRL, PRELOADEN;
2257overrun_load_done:
2258		test	SEQINTSRC, CTXTDONE jnz pkt_overrun_end;
2259	} else {
2260		test	DFFSXFRCTL, DFFBITBUCKET jz pkt_overrun_end;
2261	}
2262	test	SSTAT2, NONPACKREQ jz return;
2263pkt_overrun_end:
2264	or	SCB_RESIDUAL_SGPTR, SG_OVERRUN_RESID;
2265	test	SEQINTSRC, CTXTDONE jz unexpected_nonpkt_phase;
2266	dec	SCB_FIFO_USE_COUNT;
2267	or	LONGJMP_ADDR[1], INVALID_ADDR;
2268	test	SCB_CONTROL, STATUS_RCVD jnz pkt_complete_scb_if_fifos_idle;
2269	mvi	DFFSXFRCTL, CLRCHN ret;
2270
2271if ((ahd->bugs & AHD_PKT_BITBUCKET_BUG) != 0) {
2272load_overrun_buf:
2273	/*
2274	 * Load a dummy segment if preload space is available.
2275	 */
2276	mov 	HADDR[0], SHARED_DATA_ADDR;
2277	add	HADDR[1], PKT_OVERRUN_BUFOFFSET, SHARED_DATA_ADDR[1];
2278	mov	ACCUM_SAVE, A;
2279	clr	A;
2280	adc	HADDR[2], A, SHARED_DATA_ADDR[2];
2281	adc	HADDR[3], A, SHARED_DATA_ADDR[3];
2282	mov	A, ACCUM_SAVE;
2283	bmov	HADDR[4], ALLZEROS, 4;
2284	/* PKT_OVERRUN_BUFSIZE is a multiple of 256 */
2285	clr	HCNT[0];
2286	mvi	HCNT[1], ((PKT_OVERRUN_BUFSIZE >> 8) & 0xFF);
2287	clr	HCNT[2] ret;
2288}
2289