1 /* 2 * NeXT Cube System Driver 3 * 4 * Copyright (c) 2011 Bryce Lanham 5 * 6 * This code is free software; you can redistribute it and/or modify 7 * it under the terms of the GNU General Public License as published 8 * by the Free Software Foundation; either version 2 of the License, 9 * or (at your option) any later version. 10 */ 11 12 #include "qemu/osdep.h" 13 #include "exec/hwaddr.h" 14 #include "sysemu/sysemu.h" 15 #include "sysemu/qtest.h" 16 #include "hw/irq.h" 17 #include "hw/m68k/next-cube.h" 18 #include "hw/boards.h" 19 #include "hw/loader.h" 20 #include "hw/scsi/esp.h" 21 #include "hw/sysbus.h" 22 #include "qom/object.h" 23 #include "hw/char/escc.h" /* ZILOG 8530 Serial Emulation */ 24 #include "hw/block/fdc.h" 25 #include "hw/qdev-properties.h" 26 #include "qapi/error.h" 27 #include "qemu/error-report.h" 28 #include "ui/console.h" 29 #include "target/m68k/cpu.h" 30 #include "migration/vmstate.h" 31 32 /* #define DEBUG_NEXT */ 33 #ifdef DEBUG_NEXT 34 #define DPRINTF(fmt, ...) \ 35 do { printf("NeXT: " fmt , ## __VA_ARGS__); } while (0) 36 #else 37 #define DPRINTF(fmt, ...) do { } while (0) 38 #endif 39 40 #define TYPE_NEXT_MACHINE MACHINE_TYPE_NAME("next-cube") 41 OBJECT_DECLARE_SIMPLE_TYPE(NeXTState, NEXT_MACHINE) 42 43 #define ENTRY 0x0100001e 44 #define RAM_SIZE 0x4000000 45 #define ROM_FILE "Rev_2.5_v66.bin" 46 47 typedef struct next_dma { 48 uint32_t csr; 49 50 uint32_t saved_next; 51 uint32_t saved_limit; 52 uint32_t saved_start; 53 uint32_t saved_stop; 54 55 uint32_t next; 56 uint32_t limit; 57 uint32_t start; 58 uint32_t stop; 59 60 uint32_t next_initbuf; 61 uint32_t size; 62 } next_dma; 63 64 typedef struct NextRtc { 65 uint8_t ram[32]; 66 uint8_t command; 67 uint8_t value; 68 uint8_t status; 69 uint8_t control; 70 uint8_t retval; 71 } NextRtc; 72 73 struct NeXTState { 74 MachineState parent; 75 76 next_dma dma[10]; 77 }; 78 79 #define TYPE_NEXT_PC "next-pc" 80 OBJECT_DECLARE_SIMPLE_TYPE(NeXTPC, NEXT_PC) 81 82 /* NeXT Peripheral Controller */ 83 struct NeXTPC { 84 SysBusDevice parent_obj; 85 86 M68kCPU *cpu; 87 88 MemoryRegion mmiomem; 89 MemoryRegion scrmem; 90 91 uint32_t scr1; 92 uint32_t scr2; 93 uint32_t int_mask; 94 uint32_t int_status; 95 uint8_t scsi_csr_1; 96 uint8_t scsi_csr_2; 97 98 qemu_irq scsi_reset; 99 qemu_irq scsi_dma; 100 101 NextRtc rtc; 102 }; 103 104 /* Thanks to NeXT forums for this */ 105 /* 106 static const uint8_t rtc_ram3[32] = { 107 0x94, 0x0f, 0x40, 0x00, 0x00, 0x00, 0x00, 0x00, 108 0x00, 0x00, 0xfb, 0x6d, 0x00, 0x00, 0x7B, 0x00, 109 0x00, 0x00, 0x65, 0x6e, 0x00, 0x00, 0x00, 0x00, 110 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x50, 0x13 111 }; 112 */ 113 static const uint8_t rtc_ram2[32] = { 114 0x94, 0x0f, 0x40, 0x03, 0x00, 0x00, 0x00, 0x00, 115 0x00, 0x00, 0xfb, 0x6d, 0x00, 0x00, 0x4b, 0x00, 116 0x41, 0x00, 0x20, 0x00, 0x00, 0x00, 0x00, 0x00, 117 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x84, 0x7e, 118 }; 119 120 #define SCR2_RTCLK 0x2 121 #define SCR2_RTDATA 0x4 122 #define SCR2_TOBCD(x) (((x / 10) << 4) + (x % 10)) 123 124 static void nextscr2_write(NeXTPC *s, uint32_t val, int size) 125 { 126 static int led; 127 static int phase; 128 static uint8_t old_scr2; 129 uint8_t scr2_2; 130 NextRtc *rtc = &s->rtc; 131 132 if (size == 4) { 133 scr2_2 = (val >> 8) & 0xFF; 134 } else { 135 scr2_2 = val & 0xFF; 136 } 137 138 if (val & 0x1) { 139 DPRINTF("fault!\n"); 140 led++; 141 if (led == 10) { 142 DPRINTF("LED flashing, possible fault!\n"); 143 led = 0; 144 } 145 } 146 147 if (scr2_2 & 0x1) { 148 /* DPRINTF("RTC %x phase %i\n", scr2_2, phase); */ 149 if (phase == -1) { 150 phase = 0; 151 } 152 /* If we are in going down clock... do something */ 153 if (((old_scr2 & SCR2_RTCLK) != (scr2_2 & SCR2_RTCLK)) && 154 ((scr2_2 & SCR2_RTCLK) == 0)) { 155 if (phase < 8) { 156 rtc->command = (rtc->command << 1) | 157 ((scr2_2 & SCR2_RTDATA) ? 1 : 0); 158 } 159 if (phase >= 8 && phase < 16) { 160 rtc->value = (rtc->value << 1) | 161 ((scr2_2 & SCR2_RTDATA) ? 1 : 0); 162 163 /* if we read RAM register, output RT_DATA bit */ 164 if (rtc->command <= 0x1F) { 165 scr2_2 = scr2_2 & (~SCR2_RTDATA); 166 if (rtc->ram[rtc->command] & (0x80 >> (phase - 8))) { 167 scr2_2 |= SCR2_RTDATA; 168 } 169 170 rtc->retval = (rtc->retval << 1) | 171 ((scr2_2 & SCR2_RTDATA) ? 1 : 0); 172 } 173 /* read the status 0x30 */ 174 if (rtc->command == 0x30) { 175 scr2_2 = scr2_2 & (~SCR2_RTDATA); 176 /* for now status = 0x98 (new rtc + FTU) */ 177 if (rtc->status & (0x80 >> (phase - 8))) { 178 scr2_2 |= SCR2_RTDATA; 179 } 180 181 rtc->retval = (rtc->retval << 1) | 182 ((scr2_2 & SCR2_RTDATA) ? 1 : 0); 183 } 184 /* read the status 0x31 */ 185 if (rtc->command == 0x31) { 186 scr2_2 = scr2_2 & (~SCR2_RTDATA); 187 if (rtc->control & (0x80 >> (phase - 8))) { 188 scr2_2 |= SCR2_RTDATA; 189 } 190 rtc->retval = (rtc->retval << 1) | 191 ((scr2_2 & SCR2_RTDATA) ? 1 : 0); 192 } 193 194 if ((rtc->command >= 0x20) && (rtc->command <= 0x2F)) { 195 scr2_2 = scr2_2 & (~SCR2_RTDATA); 196 /* for now 0x00 */ 197 time_t time_h = time(NULL); 198 struct tm *info = localtime(&time_h); 199 int ret = 0; 200 201 switch (rtc->command) { 202 case 0x20: 203 ret = SCR2_TOBCD(info->tm_sec); 204 break; 205 case 0x21: 206 ret = SCR2_TOBCD(info->tm_min); 207 break; 208 case 0x22: 209 ret = SCR2_TOBCD(info->tm_hour); 210 break; 211 case 0x24: 212 ret = SCR2_TOBCD(info->tm_mday); 213 break; 214 case 0x25: 215 ret = SCR2_TOBCD((info->tm_mon + 1)); 216 break; 217 case 0x26: 218 ret = SCR2_TOBCD((info->tm_year - 100)); 219 break; 220 221 } 222 223 if (ret & (0x80 >> (phase - 8))) { 224 scr2_2 |= SCR2_RTDATA; 225 } 226 rtc->retval = (rtc->retval << 1) | 227 ((scr2_2 & SCR2_RTDATA) ? 1 : 0); 228 } 229 230 } 231 232 phase++; 233 if (phase == 16) { 234 if (rtc->command >= 0x80 && rtc->command <= 0x9F) { 235 rtc->ram[rtc->command - 0x80] = rtc->value; 236 } 237 /* write to x30 register */ 238 if (rtc->command == 0xB1) { 239 /* clear FTU */ 240 if (rtc->value & 0x04) { 241 rtc->status = rtc->status & (~0x18); 242 s->int_status = s->int_status & (~0x04); 243 } 244 } 245 } 246 } 247 } else { 248 /* else end or abort */ 249 phase = -1; 250 rtc->command = 0; 251 rtc->value = 0; 252 } 253 s->scr2 = val & 0xFFFF00FF; 254 s->scr2 |= scr2_2 << 8; 255 old_scr2 = scr2_2; 256 } 257 258 static uint64_t next_mmio_read(void *opaque, hwaddr addr, unsigned size) 259 { 260 NeXTPC *s = NEXT_PC(opaque); 261 uint64_t val; 262 263 switch (addr) { 264 case 0x7000: 265 /* DPRINTF("Read INT status: %x\n", s->int_status); */ 266 val = s->int_status; 267 break; 268 269 case 0x7800: 270 DPRINTF("MMIO Read INT mask: %x\n", s->int_mask); 271 val = s->int_mask; 272 break; 273 274 case 0xc000 ... 0xc003: 275 val = extract32(s->scr1, (4 - (addr - 0xc000) - size) << 3, 276 size << 3); 277 break; 278 279 case 0xd000 ... 0xd003: 280 val = extract32(s->scr2, (4 - (addr - 0xd000) - size) << 3, 281 size << 3); 282 break; 283 284 case 0x14020: 285 val = 0x7f; 286 break; 287 288 default: 289 val = 0; 290 DPRINTF("MMIO Read @ 0x%"HWADDR_PRIx" size %d\n", addr, size); 291 break; 292 } 293 294 return val; 295 } 296 297 static void next_mmio_write(void *opaque, hwaddr addr, uint64_t val, 298 unsigned size) 299 { 300 NeXTPC *s = NEXT_PC(opaque); 301 302 switch (addr) { 303 case 0x7000: 304 DPRINTF("INT Status old: %x new: %x\n", s->int_status, 305 (unsigned int)val); 306 s->int_status = val; 307 break; 308 309 case 0x7800: 310 DPRINTF("INT Mask old: %x new: %x\n", s->int_mask, (unsigned int)val); 311 s->int_mask = val; 312 break; 313 314 case 0xc000 ... 0xc003: 315 DPRINTF("SCR1 Write: %x\n", (unsigned int)val); 316 s->scr1 = deposit32(s->scr1, (4 - (addr - 0xc000) - size) << 3, 317 size << 3, val); 318 break; 319 320 case 0xd000 ... 0xd003: 321 nextscr2_write(s, val, size); 322 break; 323 324 default: 325 DPRINTF("MMIO Write @ 0x%"HWADDR_PRIx " with 0x%x size %u\n", addr, 326 (unsigned int)val, size); 327 } 328 } 329 330 static const MemoryRegionOps next_mmio_ops = { 331 .read = next_mmio_read, 332 .write = next_mmio_write, 333 .valid.min_access_size = 1, 334 .valid.max_access_size = 4, 335 .endianness = DEVICE_BIG_ENDIAN, 336 }; 337 338 static uint32_t scr_readb(NeXTPC *s, hwaddr addr) 339 { 340 switch (addr) { 341 case 0x14108: 342 DPRINTF("FD read @ %x\n", (unsigned int)addr); 343 return 0x40 | 0x04 | 0x2 | 0x1; 344 case 0x14020: 345 DPRINTF("SCSI 4020 STATUS READ %X\n", s->scsi_csr_1); 346 return s->scsi_csr_1; 347 348 case 0x14021: 349 DPRINTF("SCSI 4021 STATUS READ %X\n", s->scsi_csr_2); 350 return 0x40; 351 352 /* 353 * These 4 registers are the hardware timer, not sure which register 354 * is the latch instead of data, but no problems so far 355 */ 356 case 0x1a000: 357 return 0xff & (clock() >> 24); 358 case 0x1a001: 359 return 0xff & (clock() >> 16); 360 case 0x1a002: 361 return 0xff & (clock() >> 8); 362 case 0x1a003: 363 /* Hack: We need to have this change consistently to make it work */ 364 return 0xFF & clock(); 365 366 /* For now return dummy byte to allow the Ethernet test to timeout */ 367 case 0x6000: 368 return 0xff; 369 370 default: 371 DPRINTF("BMAP Read B @ %x\n", (unsigned int)addr); 372 return 0; 373 } 374 } 375 376 static uint32_t scr_readw(NeXTPC *s, hwaddr addr) 377 { 378 DPRINTF("BMAP Read W @ %x\n", (unsigned int)addr); 379 return 0; 380 } 381 382 static uint32_t scr_readl(NeXTPC *s, hwaddr addr) 383 { 384 DPRINTF("BMAP Read L @ %x\n", (unsigned int)addr); 385 return 0; 386 } 387 388 #define SCSICSR_ENABLE 0x01 389 #define SCSICSR_RESET 0x02 /* reset scsi dma */ 390 #define SCSICSR_FIFOFL 0x04 391 #define SCSICSR_DMADIR 0x08 /* if set, scsi to mem */ 392 #define SCSICSR_CPUDMA 0x10 /* if set, dma enabled */ 393 #define SCSICSR_INTMASK 0x20 /* if set, interrupt enabled */ 394 395 static void scr_writeb(NeXTPC *s, hwaddr addr, uint32_t value) 396 { 397 switch (addr) { 398 case 0x14108: 399 DPRINTF("FDCSR Write: %x\n", value); 400 401 if (value == 0x0) { 402 /* qemu_irq_raise(s->fd_irq[0]); */ 403 } 404 break; 405 case 0x14020: /* SCSI Control Register */ 406 if (value & SCSICSR_FIFOFL) { 407 DPRINTF("SCSICSR FIFO Flush\n"); 408 /* will have to add another irq to the esp if this is needed */ 409 /* esp_puflush_fifo(esp_g); */ 410 } 411 412 if (value & SCSICSR_ENABLE) { 413 DPRINTF("SCSICSR Enable\n"); 414 /* 415 * qemu_irq_raise(s->scsi_dma); 416 * s->scsi_csr_1 = 0xc0; 417 * s->scsi_csr_1 |= 0x1; 418 * qemu_irq_pulse(s->scsi_dma); 419 */ 420 } 421 /* 422 * else 423 * s->scsi_csr_1 &= ~SCSICSR_ENABLE; 424 */ 425 426 if (value & SCSICSR_RESET) { 427 DPRINTF("SCSICSR Reset\n"); 428 /* I think this should set DMADIR. CPUDMA and INTMASK to 0 */ 429 qemu_irq_raise(s->scsi_reset); 430 s->scsi_csr_1 &= ~(SCSICSR_INTMASK | 0x80 | 0x1); 431 qemu_irq_lower(s->scsi_reset); 432 } 433 if (value & SCSICSR_DMADIR) { 434 DPRINTF("SCSICSR DMAdir\n"); 435 } 436 if (value & SCSICSR_CPUDMA) { 437 DPRINTF("SCSICSR CPUDMA\n"); 438 /* qemu_irq_raise(s->scsi_dma); */ 439 s->int_status |= 0x4000000; 440 } else { 441 /* fprintf(stderr,"SCSICSR CPUDMA disabled\n"); */ 442 s->int_status &= ~(0x4000000); 443 /* qemu_irq_lower(s->scsi_dma); */ 444 } 445 if (value & SCSICSR_INTMASK) { 446 DPRINTF("SCSICSR INTMASK\n"); 447 /* 448 * int_mask &= ~0x1000; 449 * s->scsi_csr_1 |= value; 450 * s->scsi_csr_1 &= ~SCSICSR_INTMASK; 451 * if (s->scsi_queued) { 452 * s->scsi_queued = 0; 453 * next_irq(s, NEXT_SCSI_I, level); 454 * } 455 */ 456 } else { 457 /* int_mask |= 0x1000; */ 458 } 459 if (value & 0x80) { 460 /* int_mask |= 0x1000; */ 461 /* s->scsi_csr_1 |= 0x80; */ 462 } 463 DPRINTF("SCSICSR Write: %x\n", value); 464 /* s->scsi_csr_1 = value; */ 465 return; 466 /* Hardware timer latch - not implemented yet */ 467 case 0x1a000: 468 default: 469 DPRINTF("BMAP Write B @ %x with %x\n", (unsigned int)addr, value); 470 } 471 } 472 473 static void scr_writew(NeXTPC *s, hwaddr addr, uint32_t value) 474 { 475 DPRINTF("BMAP Write W @ %x with %x\n", (unsigned int)addr, value); 476 } 477 478 static void scr_writel(NeXTPC *s, hwaddr addr, uint32_t value) 479 { 480 DPRINTF("BMAP Write L @ %x with %x\n", (unsigned int)addr, value); 481 } 482 483 static uint64_t scr_readfn(void *opaque, hwaddr addr, unsigned size) 484 { 485 NeXTPC *s = NEXT_PC(opaque); 486 487 switch (size) { 488 case 1: 489 return scr_readb(s, addr); 490 case 2: 491 return scr_readw(s, addr); 492 case 4: 493 return scr_readl(s, addr); 494 default: 495 g_assert_not_reached(); 496 } 497 } 498 499 static void scr_writefn(void *opaque, hwaddr addr, uint64_t value, 500 unsigned size) 501 { 502 NeXTPC *s = NEXT_PC(opaque); 503 504 switch (size) { 505 case 1: 506 scr_writeb(s, addr, value); 507 break; 508 case 2: 509 scr_writew(s, addr, value); 510 break; 511 case 4: 512 scr_writel(s, addr, value); 513 break; 514 default: 515 g_assert_not_reached(); 516 } 517 } 518 519 static const MemoryRegionOps scr_ops = { 520 .read = scr_readfn, 521 .write = scr_writefn, 522 .valid.min_access_size = 1, 523 .valid.max_access_size = 4, 524 .endianness = DEVICE_NATIVE_ENDIAN, 525 }; 526 527 #define NEXTDMA_SCSI(x) (0x10 + x) 528 #define NEXTDMA_FD(x) (0x10 + x) 529 #define NEXTDMA_ENTX(x) (0x110 + x) 530 #define NEXTDMA_ENRX(x) (0x150 + x) 531 #define NEXTDMA_CSR 0x0 532 #define NEXTDMA_NEXT 0x4000 533 #define NEXTDMA_LIMIT 0x4004 534 #define NEXTDMA_START 0x4008 535 #define NEXTDMA_STOP 0x400c 536 #define NEXTDMA_NEXT_INIT 0x4200 537 #define NEXTDMA_SIZE 0x4204 538 539 static void dma_writel(void *opaque, hwaddr addr, uint64_t value, 540 unsigned int size) 541 { 542 NeXTState *next_state = NEXT_MACHINE(opaque); 543 544 switch (addr) { 545 case NEXTDMA_ENRX(NEXTDMA_CSR): 546 if (value & DMA_DEV2M) { 547 next_state->dma[NEXTDMA_ENRX].csr |= DMA_DEV2M; 548 } 549 550 if (value & DMA_SETENABLE) { 551 /* DPRINTF("SCSI DMA ENABLE\n"); */ 552 next_state->dma[NEXTDMA_ENRX].csr |= DMA_ENABLE; 553 } 554 if (value & DMA_SETSUPDATE) { 555 next_state->dma[NEXTDMA_ENRX].csr |= DMA_SUPDATE; 556 } 557 if (value & DMA_CLRCOMPLETE) { 558 next_state->dma[NEXTDMA_ENRX].csr &= ~DMA_COMPLETE; 559 } 560 561 if (value & DMA_RESET) { 562 next_state->dma[NEXTDMA_ENRX].csr &= ~(DMA_COMPLETE | DMA_SUPDATE | 563 DMA_ENABLE | DMA_DEV2M); 564 } 565 /* DPRINTF("RXCSR \tWrite: %x\n",value); */ 566 break; 567 case NEXTDMA_ENRX(NEXTDMA_NEXT_INIT): 568 next_state->dma[NEXTDMA_ENRX].next_initbuf = value; 569 break; 570 case NEXTDMA_ENRX(NEXTDMA_NEXT): 571 next_state->dma[NEXTDMA_ENRX].next = value; 572 break; 573 case NEXTDMA_ENRX(NEXTDMA_LIMIT): 574 next_state->dma[NEXTDMA_ENRX].limit = value; 575 break; 576 case NEXTDMA_SCSI(NEXTDMA_CSR): 577 if (value & DMA_DEV2M) { 578 next_state->dma[NEXTDMA_SCSI].csr |= DMA_DEV2M; 579 } 580 if (value & DMA_SETENABLE) { 581 /* DPRINTF("SCSI DMA ENABLE\n"); */ 582 next_state->dma[NEXTDMA_SCSI].csr |= DMA_ENABLE; 583 } 584 if (value & DMA_SETSUPDATE) { 585 next_state->dma[NEXTDMA_SCSI].csr |= DMA_SUPDATE; 586 } 587 if (value & DMA_CLRCOMPLETE) { 588 next_state->dma[NEXTDMA_SCSI].csr &= ~DMA_COMPLETE; 589 } 590 591 if (value & DMA_RESET) { 592 next_state->dma[NEXTDMA_SCSI].csr &= ~(DMA_COMPLETE | DMA_SUPDATE | 593 DMA_ENABLE | DMA_DEV2M); 594 /* DPRINTF("SCSI DMA RESET\n"); */ 595 } 596 /* DPRINTF("RXCSR \tWrite: %x\n",value); */ 597 break; 598 599 case NEXTDMA_SCSI(NEXTDMA_NEXT): 600 next_state->dma[NEXTDMA_SCSI].next = value; 601 break; 602 603 case NEXTDMA_SCSI(NEXTDMA_LIMIT): 604 next_state->dma[NEXTDMA_SCSI].limit = value; 605 break; 606 607 case NEXTDMA_SCSI(NEXTDMA_START): 608 next_state->dma[NEXTDMA_SCSI].start = value; 609 break; 610 611 case NEXTDMA_SCSI(NEXTDMA_STOP): 612 next_state->dma[NEXTDMA_SCSI].stop = value; 613 break; 614 615 case NEXTDMA_SCSI(NEXTDMA_NEXT_INIT): 616 next_state->dma[NEXTDMA_SCSI].next_initbuf = value; 617 break; 618 619 default: 620 DPRINTF("DMA write @ %x w/ %x\n", (unsigned)addr, (unsigned)value); 621 } 622 } 623 624 static uint64_t dma_readl(void *opaque, hwaddr addr, unsigned int size) 625 { 626 NeXTState *next_state = NEXT_MACHINE(opaque); 627 628 switch (addr) { 629 case NEXTDMA_SCSI(NEXTDMA_CSR): 630 DPRINTF("SCSI DMA CSR READ\n"); 631 return next_state->dma[NEXTDMA_SCSI].csr; 632 case NEXTDMA_ENRX(NEXTDMA_CSR): 633 return next_state->dma[NEXTDMA_ENRX].csr; 634 case NEXTDMA_ENRX(NEXTDMA_NEXT_INIT): 635 return next_state->dma[NEXTDMA_ENRX].next_initbuf; 636 case NEXTDMA_ENRX(NEXTDMA_NEXT): 637 return next_state->dma[NEXTDMA_ENRX].next; 638 case NEXTDMA_ENRX(NEXTDMA_LIMIT): 639 return next_state->dma[NEXTDMA_ENRX].limit; 640 641 case NEXTDMA_SCSI(NEXTDMA_NEXT): 642 return next_state->dma[NEXTDMA_SCSI].next; 643 case NEXTDMA_SCSI(NEXTDMA_NEXT_INIT): 644 return next_state->dma[NEXTDMA_SCSI].next_initbuf; 645 case NEXTDMA_SCSI(NEXTDMA_LIMIT): 646 return next_state->dma[NEXTDMA_SCSI].limit; 647 case NEXTDMA_SCSI(NEXTDMA_START): 648 return next_state->dma[NEXTDMA_SCSI].start; 649 case NEXTDMA_SCSI(NEXTDMA_STOP): 650 return next_state->dma[NEXTDMA_SCSI].stop; 651 652 default: 653 DPRINTF("DMA read @ %x\n", (unsigned int)addr); 654 return 0; 655 } 656 657 /* 658 * once the csr's are done, subtract 0x3FEC from the addr, and that will 659 * normalize the upper registers 660 */ 661 } 662 663 static const MemoryRegionOps dma_ops = { 664 .read = dma_readl, 665 .write = dma_writel, 666 .impl.min_access_size = 4, 667 .valid.min_access_size = 4, 668 .valid.max_access_size = 4, 669 .endianness = DEVICE_NATIVE_ENDIAN, 670 }; 671 672 static void next_irq(void *opaque, int number, int level) 673 { 674 NeXTPC *s = NEXT_PC(opaque); 675 M68kCPU *cpu = s->cpu; 676 int shift = 0; 677 678 /* first switch sets interrupt status */ 679 /* DPRINTF("IRQ %i\n",number); */ 680 switch (number) { 681 /* level 3 - floppy, kbd/mouse, power, ether rx/tx, scsi, clock */ 682 case NEXT_FD_I: 683 shift = 7; 684 break; 685 case NEXT_KBD_I: 686 shift = 3; 687 break; 688 case NEXT_PWR_I: 689 shift = 2; 690 break; 691 case NEXT_ENRX_I: 692 shift = 9; 693 break; 694 case NEXT_ENTX_I: 695 shift = 10; 696 break; 697 case NEXT_SCSI_I: 698 shift = 12; 699 break; 700 case NEXT_CLK_I: 701 shift = 5; 702 break; 703 704 /* level 5 - scc (serial) */ 705 case NEXT_SCC_I: 706 shift = 17; 707 break; 708 709 /* level 6 - audio etherrx/tx dma */ 710 case NEXT_ENTX_DMA_I: 711 shift = 28; 712 break; 713 case NEXT_ENRX_DMA_I: 714 shift = 27; 715 break; 716 case NEXT_SCSI_DMA_I: 717 shift = 26; 718 break; 719 case NEXT_SND_I: 720 shift = 23; 721 break; 722 case NEXT_SCC_DMA_I: 723 shift = 21; 724 break; 725 726 } 727 /* 728 * this HAS to be wrong, the interrupt handlers in mach and together 729 * int_status and int_mask and return if there is a hit 730 */ 731 if (s->int_mask & (1 << shift)) { 732 DPRINTF("%x interrupt masked @ %x\n", 1 << shift, cpu->env.pc); 733 /* return; */ 734 } 735 736 /* second switch triggers the correct interrupt */ 737 if (level) { 738 s->int_status |= 1 << shift; 739 740 switch (number) { 741 /* level 3 - floppy, kbd/mouse, power, ether rx/tx, scsi, clock */ 742 case NEXT_FD_I: 743 case NEXT_KBD_I: 744 case NEXT_PWR_I: 745 case NEXT_ENRX_I: 746 case NEXT_ENTX_I: 747 case NEXT_SCSI_I: 748 case NEXT_CLK_I: 749 m68k_set_irq_level(cpu, 3, 27); 750 break; 751 752 /* level 5 - scc (serial) */ 753 case NEXT_SCC_I: 754 m68k_set_irq_level(cpu, 5, 29); 755 break; 756 757 /* level 6 - audio etherrx/tx dma */ 758 case NEXT_ENTX_DMA_I: 759 case NEXT_ENRX_DMA_I: 760 case NEXT_SCSI_DMA_I: 761 case NEXT_SND_I: 762 case NEXT_SCC_DMA_I: 763 m68k_set_irq_level(cpu, 6, 30); 764 break; 765 } 766 } else { 767 s->int_status &= ~(1 << shift); 768 cpu_reset_interrupt(CPU(cpu), CPU_INTERRUPT_HARD); 769 } 770 } 771 772 static void nextdma_write(void *opaque, uint8_t *buf, int size, int type) 773 { 774 uint32_t base_addr; 775 int irq = 0; 776 uint8_t align = 16; 777 NeXTState *next_state = NEXT_MACHINE(qdev_get_machine()); 778 779 if (type == NEXTDMA_ENRX || type == NEXTDMA_ENTX) { 780 align = 32; 781 } 782 /* Most DMA is supposedly 16 byte aligned */ 783 if ((size % align) != 0) { 784 size -= size % align; 785 size += align; 786 } 787 788 /* 789 * prom sets the dma start using initbuf while the bootloader uses next 790 * so we check to see if initbuf is 0 791 */ 792 if (next_state->dma[type].next_initbuf == 0) { 793 base_addr = next_state->dma[type].next; 794 } else { 795 base_addr = next_state->dma[type].next_initbuf; 796 } 797 798 cpu_physical_memory_write(base_addr, buf, size); 799 800 next_state->dma[type].next_initbuf = 0; 801 802 /* saved limit is checked to calculate packet size by both, rom and netbsd */ 803 next_state->dma[type].saved_limit = (next_state->dma[type].next + size); 804 next_state->dma[type].saved_next = (next_state->dma[type].next); 805 806 /* 807 * 32 bytes under savedbase seems to be some kind of register 808 * of which the purpose is unknown as of yet 809 */ 810 /* stl_phys(s->rx_dma.base-32,0xFFFFFFFF); */ 811 812 if (!(next_state->dma[type].csr & DMA_SUPDATE)) { 813 next_state->dma[type].next = next_state->dma[type].start; 814 next_state->dma[type].limit = next_state->dma[type].stop; 815 } 816 817 /* Set dma registers and raise an irq */ 818 next_state->dma[type].csr |= DMA_COMPLETE; /* DON'T CHANGE THIS! */ 819 820 switch (type) { 821 case NEXTDMA_SCSI: 822 irq = NEXT_SCSI_DMA_I; 823 break; 824 } 825 826 next_irq(opaque, irq, 1); 827 next_irq(opaque, irq, 0); 828 } 829 830 static void nextscsi_read(void *opaque, uint8_t *buf, int len) 831 { 832 DPRINTF("SCSI READ: %x\n", len); 833 abort(); 834 } 835 836 static void nextscsi_write(void *opaque, uint8_t *buf, int size) 837 { 838 DPRINTF("SCSI WRITE: %i\n", size); 839 nextdma_write(opaque, buf, size, NEXTDMA_SCSI); 840 } 841 842 static void next_scsi_init(DeviceState *pcdev, M68kCPU *cpu) 843 { 844 struct NeXTPC *next_pc = NEXT_PC(pcdev); 845 DeviceState *dev; 846 SysBusDevice *sysbusdev; 847 SysBusESPState *sysbus_esp; 848 ESPState *esp; 849 850 dev = qdev_new(TYPE_SYSBUS_ESP); 851 sysbus_esp = SYSBUS_ESP(dev); 852 esp = &sysbus_esp->esp; 853 esp->dma_memory_read = nextscsi_read; 854 esp->dma_memory_write = nextscsi_write; 855 esp->dma_opaque = pcdev; 856 sysbus_esp->it_shift = 0; 857 esp->dma_enabled = 1; 858 sysbusdev = SYS_BUS_DEVICE(dev); 859 sysbus_realize_and_unref(sysbusdev, &error_fatal); 860 sysbus_connect_irq(sysbusdev, 0, qdev_get_gpio_in(pcdev, NEXT_SCSI_I)); 861 sysbus_mmio_map(sysbusdev, 0, 0x2114000); 862 863 next_pc->scsi_reset = qdev_get_gpio_in(dev, 0); 864 next_pc->scsi_dma = qdev_get_gpio_in(dev, 1); 865 866 scsi_bus_legacy_handle_cmdline(&esp->bus); 867 } 868 869 static void next_escc_init(DeviceState *pcdev) 870 { 871 DeviceState *dev; 872 SysBusDevice *s; 873 874 dev = qdev_new(TYPE_ESCC); 875 qdev_prop_set_uint32(dev, "disabled", 0); 876 qdev_prop_set_uint32(dev, "frequency", 9600 * 384); 877 qdev_prop_set_uint32(dev, "it_shift", 0); 878 qdev_prop_set_bit(dev, "bit_swap", true); 879 qdev_prop_set_chr(dev, "chrB", serial_hd(1)); 880 qdev_prop_set_chr(dev, "chrA", serial_hd(0)); 881 qdev_prop_set_uint32(dev, "chnBtype", escc_serial); 882 qdev_prop_set_uint32(dev, "chnAtype", escc_serial); 883 884 s = SYS_BUS_DEVICE(dev); 885 sysbus_realize_and_unref(s, &error_fatal); 886 sysbus_connect_irq(s, 0, qdev_get_gpio_in(pcdev, NEXT_SCC_I)); 887 sysbus_connect_irq(s, 1, qdev_get_gpio_in(pcdev, NEXT_SCC_DMA_I)); 888 sysbus_mmio_map(s, 0, 0x2118000); 889 } 890 891 static void next_pc_reset(DeviceState *dev) 892 { 893 NeXTPC *s = NEXT_PC(dev); 894 895 /* Set internal registers to initial values */ 896 /* 0x0000XX00 << vital bits */ 897 s->scr1 = 0x00011102; 898 s->scr2 = 0x00ff0c80; 899 900 s->rtc.status = 0x90; 901 902 /* Load RTC RAM - TODO: provide possibility to load contents from file */ 903 memcpy(s->rtc.ram, rtc_ram2, 32); 904 } 905 906 static void next_pc_realize(DeviceState *dev, Error **errp) 907 { 908 NeXTPC *s = NEXT_PC(dev); 909 SysBusDevice *sbd = SYS_BUS_DEVICE(dev); 910 911 qdev_init_gpio_in(dev, next_irq, NEXT_NUM_IRQS); 912 913 memory_region_init_io(&s->mmiomem, OBJECT(s), &next_mmio_ops, s, 914 "next.mmio", 0xd0000); 915 memory_region_init_io(&s->scrmem, OBJECT(s), &scr_ops, s, 916 "next.scr", 0x20000); 917 sysbus_init_mmio(sbd, &s->mmiomem); 918 sysbus_init_mmio(sbd, &s->scrmem); 919 } 920 921 /* 922 * If the m68k CPU implemented its inbound irq lines as GPIO lines 923 * rather than via the m68k_set_irq_level() function we would not need 924 * this cpu link property and could instead provide outbound IRQ lines 925 * that the board could wire up to the CPU. 926 */ 927 static Property next_pc_properties[] = { 928 DEFINE_PROP_LINK("cpu", NeXTPC, cpu, TYPE_M68K_CPU, M68kCPU *), 929 DEFINE_PROP_END_OF_LIST(), 930 }; 931 932 static const VMStateDescription next_rtc_vmstate = { 933 .name = "next-rtc", 934 .version_id = 1, 935 .minimum_version_id = 1, 936 .fields = (VMStateField[]) { 937 VMSTATE_UINT8_ARRAY(ram, NextRtc, 32), 938 VMSTATE_UINT8(command, NextRtc), 939 VMSTATE_UINT8(value, NextRtc), 940 VMSTATE_UINT8(status, NextRtc), 941 VMSTATE_UINT8(control, NextRtc), 942 VMSTATE_UINT8(retval, NextRtc), 943 VMSTATE_END_OF_LIST() 944 }, 945 }; 946 947 static const VMStateDescription next_pc_vmstate = { 948 .name = "next-pc", 949 .version_id = 1, 950 .minimum_version_id = 1, 951 .fields = (VMStateField[]) { 952 VMSTATE_UINT32(scr1, NeXTPC), 953 VMSTATE_UINT32(scr2, NeXTPC), 954 VMSTATE_UINT32(int_mask, NeXTPC), 955 VMSTATE_UINT32(int_status, NeXTPC), 956 VMSTATE_UINT8(scsi_csr_1, NeXTPC), 957 VMSTATE_UINT8(scsi_csr_2, NeXTPC), 958 VMSTATE_STRUCT(rtc, NeXTPC, 0, next_rtc_vmstate, NextRtc), 959 VMSTATE_END_OF_LIST() 960 }, 961 }; 962 963 static void next_pc_class_init(ObjectClass *klass, void *data) 964 { 965 DeviceClass *dc = DEVICE_CLASS(klass); 966 967 dc->desc = "NeXT Peripheral Controller"; 968 dc->realize = next_pc_realize; 969 dc->reset = next_pc_reset; 970 device_class_set_props(dc, next_pc_properties); 971 dc->vmsd = &next_pc_vmstate; 972 } 973 974 static const TypeInfo next_pc_info = { 975 .name = TYPE_NEXT_PC, 976 .parent = TYPE_SYS_BUS_DEVICE, 977 .instance_size = sizeof(NeXTPC), 978 .class_init = next_pc_class_init, 979 }; 980 981 static void next_cube_init(MachineState *machine) 982 { 983 M68kCPU *cpu; 984 CPUM68KState *env; 985 MemoryRegion *rom = g_new(MemoryRegion, 1); 986 MemoryRegion *rom2 = g_new(MemoryRegion, 1); 987 MemoryRegion *dmamem = g_new(MemoryRegion, 1); 988 MemoryRegion *bmapm1 = g_new(MemoryRegion, 1); 989 MemoryRegion *bmapm2 = g_new(MemoryRegion, 1); 990 MemoryRegion *sysmem = get_system_memory(); 991 const char *bios_name = machine->firmware ?: ROM_FILE; 992 DeviceState *pcdev; 993 994 /* Initialize the cpu core */ 995 cpu = M68K_CPU(cpu_create(machine->cpu_type)); 996 if (!cpu) { 997 error_report("Unable to find m68k CPU definition"); 998 exit(1); 999 } 1000 env = &cpu->env; 1001 1002 /* Initialize CPU registers. */ 1003 env->vbr = 0; 1004 env->sr = 0x2700; 1005 1006 /* Peripheral Controller */ 1007 pcdev = qdev_new(TYPE_NEXT_PC); 1008 object_property_set_link(OBJECT(pcdev), "cpu", OBJECT(cpu), &error_abort); 1009 sysbus_realize_and_unref(SYS_BUS_DEVICE(pcdev), &error_fatal); 1010 1011 /* 64MB RAM starting at 0x04000000 */ 1012 memory_region_add_subregion(sysmem, 0x04000000, machine->ram); 1013 1014 /* Framebuffer */ 1015 sysbus_create_simple(TYPE_NEXTFB, 0x0B000000, NULL); 1016 1017 /* MMIO */ 1018 sysbus_mmio_map(SYS_BUS_DEVICE(pcdev), 0, 0x02000000); 1019 1020 /* BMAP IO - acts as a catch-all for now */ 1021 sysbus_mmio_map(SYS_BUS_DEVICE(pcdev), 1, 0x02100000); 1022 1023 /* BMAP memory */ 1024 memory_region_init_ram_flags_nomigrate(bmapm1, NULL, "next.bmapmem", 64, 1025 RAM_SHARED, &error_fatal); 1026 memory_region_add_subregion(sysmem, 0x020c0000, bmapm1); 1027 /* The Rev_2.5_v66.bin firmware accesses it at 0x820c0020, too */ 1028 memory_region_init_alias(bmapm2, NULL, "next.bmapmem2", bmapm1, 0x0, 64); 1029 memory_region_add_subregion(sysmem, 0x820c0000, bmapm2); 1030 1031 /* KBD */ 1032 sysbus_create_simple(TYPE_NEXTKBD, 0x0200e000, NULL); 1033 1034 /* Load ROM here */ 1035 memory_region_init_rom(rom, NULL, "next.rom", 0x20000, &error_fatal); 1036 memory_region_add_subregion(sysmem, 0x01000000, rom); 1037 memory_region_init_alias(rom2, NULL, "next.rom2", rom, 0x0, 0x20000); 1038 memory_region_add_subregion(sysmem, 0x0, rom2); 1039 if (load_image_targphys(bios_name, 0x01000000, 0x20000) < 8) { 1040 if (!qtest_enabled()) { 1041 error_report("Failed to load firmware '%s'.", bios_name); 1042 } 1043 } else { 1044 uint8_t *ptr; 1045 /* Initial PC is always at offset 4 in firmware binaries */ 1046 ptr = rom_ptr(0x01000004, 4); 1047 g_assert(ptr != NULL); 1048 env->pc = ldl_p(ptr); 1049 if (env->pc >= 0x01020000) { 1050 error_report("'%s' does not seem to be a valid firmware image.", 1051 bios_name); 1052 exit(1); 1053 } 1054 } 1055 1056 /* Serial */ 1057 next_escc_init(pcdev); 1058 1059 /* TODO: */ 1060 /* Network */ 1061 /* SCSI */ 1062 next_scsi_init(pcdev, cpu); 1063 1064 /* DMA */ 1065 memory_region_init_io(dmamem, NULL, &dma_ops, machine, "next.dma", 0x5000); 1066 memory_region_add_subregion(sysmem, 0x02000000, dmamem); 1067 } 1068 1069 static void next_machine_class_init(ObjectClass *oc, void *data) 1070 { 1071 MachineClass *mc = MACHINE_CLASS(oc); 1072 1073 mc->desc = "NeXT Cube"; 1074 mc->init = next_cube_init; 1075 mc->block_default_type = IF_SCSI; 1076 mc->default_ram_size = RAM_SIZE; 1077 mc->default_ram_id = "next.ram"; 1078 mc->default_cpu_type = M68K_CPU_TYPE_NAME("m68040"); 1079 } 1080 1081 static const TypeInfo next_typeinfo = { 1082 .name = TYPE_NEXT_MACHINE, 1083 .parent = TYPE_MACHINE, 1084 .class_init = next_machine_class_init, 1085 .instance_size = sizeof(NeXTState), 1086 }; 1087 1088 static void next_register_type(void) 1089 { 1090 type_register_static(&next_typeinfo); 1091 type_register_static(&next_pc_info); 1092 } 1093 1094 type_init(next_register_type) 1095