1 /*
2 * NeXT Cube System Driver
3 *
4 * Copyright (c) 2011 Bryce Lanham
5 *
6 * This code is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published
8 * by the Free Software Foundation; either version 2 of the License,
9 * or (at your option) any later version.
10 */
11
12 #include "qemu/osdep.h"
13 #include "cpu.h"
14 #include "exec/hwaddr.h"
15 #include "exec/address-spaces.h"
16 #include "sysemu/sysemu.h"
17 #include "sysemu/qtest.h"
18 #include "hw/irq.h"
19 #include "hw/m68k/next-cube.h"
20 #include "hw/boards.h"
21 #include "hw/loader.h"
22 #include "hw/scsi/esp.h"
23 #include "hw/sysbus.h"
24 #include "hw/char/escc.h" /* ZILOG 8530 Serial Emulation */
25 #include "hw/block/fdc.h"
26 #include "hw/qdev-properties.h"
27 #include "qapi/error.h"
28 #include "ui/console.h"
29 #include "target/m68k/cpu.h"
30
31 /* #define DEBUG_NEXT */
32 #ifdef DEBUG_NEXT
33 #define DPRINTF(fmt, ...) \
34 do { printf("NeXT: " fmt , ## __VA_ARGS__); } while (0)
35 #else
36 #define DPRINTF(fmt, ...) do { } while (0)
37 #endif
38
39 #define TYPE_NEXT_MACHINE MACHINE_TYPE_NAME("next-cube")
40 #define NEXT_MACHINE(obj) OBJECT_CHECK(NeXTState, (obj), TYPE_NEXT_MACHINE)
41
42 #define ENTRY 0x0100001e
43 #define RAM_SIZE 0x4000000
44 #define ROM_FILE "Rev_2.5_v66.bin"
45
46 typedef struct next_dma {
47 uint32_t csr;
48
49 uint32_t saved_next;
50 uint32_t saved_limit;
51 uint32_t saved_start;
52 uint32_t saved_stop;
53
54 uint32_t next;
55 uint32_t limit;
56 uint32_t start;
57 uint32_t stop;
58
59 uint32_t next_initbuf;
60 uint32_t size;
61 } next_dma;
62
63 typedef struct NextRtc {
64 uint8_t ram[32];
65 uint8_t command;
66 uint8_t value;
67 uint8_t status;
68 uint8_t control;
69 uint8_t retval;
70 } NextRtc;
71
72 typedef struct {
73 MachineState parent;
74
75 uint32_t int_mask;
76 uint32_t int_status;
77
78 uint8_t scsi_csr_1;
79 uint8_t scsi_csr_2;
80 next_dma dma[10];
81 qemu_irq *scsi_irq;
82 qemu_irq scsi_dma;
83 qemu_irq scsi_reset;
84 qemu_irq *fd_irq;
85
86 uint32_t scr1;
87 uint32_t scr2;
88
89 NextRtc rtc;
90 } NeXTState;
91
92 /* Thanks to NeXT forums for this */
93 /*
94 static const uint8_t rtc_ram3[32] = {
95 0x94, 0x0f, 0x40, 0x00, 0x00, 0x00, 0x00, 0x00,
96 0x00, 0x00, 0xfb, 0x6d, 0x00, 0x00, 0x7B, 0x00,
97 0x00, 0x00, 0x65, 0x6e, 0x00, 0x00, 0x00, 0x00,
98 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x50, 0x13
99 };
100 */
101 static const uint8_t rtc_ram2[32] = {
102 0x94, 0x0f, 0x40, 0x03, 0x00, 0x00, 0x00, 0x00,
103 0x00, 0x00, 0xfb, 0x6d, 0x00, 0x00, 0x4b, 0x00,
104 0x41, 0x00, 0x20, 0x00, 0x00, 0x00, 0x00, 0x00,
105 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x84, 0x7e,
106 };
107
108 #define SCR2_RTCLK 0x2
109 #define SCR2_RTDATA 0x4
110 #define SCR2_TOBCD(x) (((x / 10) << 4) + (x % 10))
111
nextscr2_write(NeXTState * s,uint32_t val,int size)112 static void nextscr2_write(NeXTState *s, uint32_t val, int size)
113 {
114 static int led;
115 static int phase;
116 static uint8_t old_scr2;
117 uint8_t scr2_2;
118 NextRtc *rtc = &s->rtc;
119
120 if (size == 4) {
121 scr2_2 = (val >> 8) & 0xFF;
122 } else {
123 scr2_2 = val & 0xFF;
124 }
125
126 if (val & 0x1) {
127 DPRINTF("fault!\n");
128 led++;
129 if (led == 10) {
130 DPRINTF("LED flashing, possible fault!\n");
131 led = 0;
132 }
133 }
134
135 if (scr2_2 & 0x1) {
136 /* DPRINTF("RTC %x phase %i\n", scr2_2, phase); */
137 if (phase == -1) {
138 phase = 0;
139 }
140 /* If we are in going down clock... do something */
141 if (((old_scr2 & SCR2_RTCLK) != (scr2_2 & SCR2_RTCLK)) &&
142 ((scr2_2 & SCR2_RTCLK) == 0)) {
143 if (phase < 8) {
144 rtc->command = (rtc->command << 1) |
145 ((scr2_2 & SCR2_RTDATA) ? 1 : 0);
146 }
147 if (phase >= 8 && phase < 16) {
148 rtc->value = (rtc->value << 1) |
149 ((scr2_2 & SCR2_RTDATA) ? 1 : 0);
150
151 /* if we read RAM register, output RT_DATA bit */
152 if (rtc->command <= 0x1F) {
153 scr2_2 = scr2_2 & (~SCR2_RTDATA);
154 if (rtc->ram[rtc->command] & (0x80 >> (phase - 8))) {
155 scr2_2 |= SCR2_RTDATA;
156 }
157
158 rtc->retval = (rtc->retval << 1) |
159 ((scr2_2 & SCR2_RTDATA) ? 1 : 0);
160 }
161 /* read the status 0x30 */
162 if (rtc->command == 0x30) {
163 scr2_2 = scr2_2 & (~SCR2_RTDATA);
164 /* for now status = 0x98 (new rtc + FTU) */
165 if (rtc->status & (0x80 >> (phase - 8))) {
166 scr2_2 |= SCR2_RTDATA;
167 }
168
169 rtc->retval = (rtc->retval << 1) |
170 ((scr2_2 & SCR2_RTDATA) ? 1 : 0);
171 }
172 /* read the status 0x31 */
173 if (rtc->command == 0x31) {
174 scr2_2 = scr2_2 & (~SCR2_RTDATA);
175 if (rtc->control & (0x80 >> (phase - 8))) {
176 scr2_2 |= SCR2_RTDATA;
177 }
178 rtc->retval = (rtc->retval << 1) |
179 ((scr2_2 & SCR2_RTDATA) ? 1 : 0);
180 }
181
182 if ((rtc->command >= 0x20) && (rtc->command <= 0x2F)) {
183 scr2_2 = scr2_2 & (~SCR2_RTDATA);
184 /* for now 0x00 */
185 time_t time_h = time(NULL);
186 struct tm *info = localtime(&time_h);
187 int ret = 0;
188
189 switch (rtc->command) {
190 case 0x20:
191 ret = SCR2_TOBCD(info->tm_sec);
192 break;
193 case 0x21:
194 ret = SCR2_TOBCD(info->tm_min);
195 break;
196 case 0x22:
197 ret = SCR2_TOBCD(info->tm_hour);
198 break;
199 case 0x24:
200 ret = SCR2_TOBCD(info->tm_mday);
201 break;
202 case 0x25:
203 ret = SCR2_TOBCD((info->tm_mon + 1));
204 break;
205 case 0x26:
206 ret = SCR2_TOBCD((info->tm_year - 100));
207 break;
208
209 }
210
211 if (ret & (0x80 >> (phase - 8))) {
212 scr2_2 |= SCR2_RTDATA;
213 }
214 rtc->retval = (rtc->retval << 1) |
215 ((scr2_2 & SCR2_RTDATA) ? 1 : 0);
216 }
217
218 }
219
220 phase++;
221 if (phase == 16) {
222 if (rtc->command >= 0x80 && rtc->command <= 0x9F) {
223 rtc->ram[rtc->command - 0x80] = rtc->value;
224 }
225 /* write to x30 register */
226 if (rtc->command == 0xB1) {
227 /* clear FTU */
228 if (rtc->value & 0x04) {
229 rtc->status = rtc->status & (~0x18);
230 s->int_status = s->int_status & (~0x04);
231 }
232 }
233 }
234 }
235 } else {
236 /* else end or abort */
237 phase = -1;
238 rtc->command = 0;
239 rtc->value = 0;
240 }
241 s->scr2 = val & 0xFFFF00FF;
242 s->scr2 |= scr2_2 << 8;
243 old_scr2 = scr2_2;
244 }
245
mmio_readb(NeXTState * s,hwaddr addr)246 static uint32_t mmio_readb(NeXTState *s, hwaddr addr)
247 {
248 switch (addr) {
249 case 0xc000:
250 return (s->scr1 >> 24) & 0xFF;
251 case 0xc001:
252 return (s->scr1 >> 16) & 0xFF;
253 case 0xc002:
254 return (s->scr1 >> 8) & 0xFF;
255 case 0xc003:
256 return (s->scr1 >> 0) & 0xFF;
257
258 case 0xd000:
259 return (s->scr2 >> 24) & 0xFF;
260 case 0xd001:
261 return (s->scr2 >> 16) & 0xFF;
262 case 0xd002:
263 return (s->scr2 >> 8) & 0xFF;
264 case 0xd003:
265 return (s->scr2 >> 0) & 0xFF;
266 case 0x14020:
267 DPRINTF("MMIO Read 0x4020\n");
268 return 0x7f;
269
270 default:
271 DPRINTF("MMIO Read B @ %"HWADDR_PRIx"\n", addr);
272 return 0x0;
273 }
274 }
275
mmio_readw(NeXTState * s,hwaddr addr)276 static uint32_t mmio_readw(NeXTState *s, hwaddr addr)
277 {
278 switch (addr) {
279 default:
280 DPRINTF("MMIO Read W @ %"HWADDR_PRIx"\n", addr);
281 return 0x0;
282 }
283 }
284
mmio_readl(NeXTState * s,hwaddr addr)285 static uint32_t mmio_readl(NeXTState *s, hwaddr addr)
286 {
287 switch (addr) {
288 case 0x7000:
289 /* DPRINTF("Read INT status: %x\n", s->int_status); */
290 return s->int_status;
291
292 case 0x7800:
293 DPRINTF("MMIO Read INT mask: %x\n", s->int_mask);
294 return s->int_mask;
295
296 case 0xc000:
297 return s->scr1;
298
299 case 0xd000:
300 return s->scr2;
301
302 default:
303 DPRINTF("MMIO Read L @ %"HWADDR_PRIx"\n", addr);
304 return 0x0;
305 }
306 }
307
mmio_writeb(NeXTState * s,hwaddr addr,uint32_t val)308 static void mmio_writeb(NeXTState *s, hwaddr addr, uint32_t val)
309 {
310 switch (addr) {
311 case 0xd003:
312 nextscr2_write(s, val, 1);
313 break;
314 default:
315 DPRINTF("MMIO Write B @ %x with %x\n", (unsigned int)addr, val);
316 }
317
318 }
319
mmio_writew(NeXTState * s,hwaddr addr,uint32_t val)320 static void mmio_writew(NeXTState *s, hwaddr addr, uint32_t val)
321 {
322 DPRINTF("MMIO Write W\n");
323 }
324
mmio_writel(NeXTState * s,hwaddr addr,uint32_t val)325 static void mmio_writel(NeXTState *s, hwaddr addr, uint32_t val)
326 {
327 switch (addr) {
328 case 0x7000:
329 DPRINTF("INT Status old: %x new: %x\n", s->int_status, val);
330 s->int_status = val;
331 break;
332 case 0x7800:
333 DPRINTF("INT Mask old: %x new: %x\n", s->int_mask, val);
334 s->int_mask = val;
335 break;
336 case 0xc000:
337 DPRINTF("SCR1 Write: %x\n", val);
338 break;
339 case 0xd000:
340 nextscr2_write(s, val, 4);
341 break;
342
343 default:
344 DPRINTF("MMIO Write l @ %x with %x\n", (unsigned int)addr, val);
345 }
346 }
347
mmio_readfn(void * opaque,hwaddr addr,unsigned size)348 static uint64_t mmio_readfn(void *opaque, hwaddr addr, unsigned size)
349 {
350 NeXTState *ns = NEXT_MACHINE(opaque);
351
352 switch (size) {
353 case 1:
354 return mmio_readb(ns, addr);
355 case 2:
356 return mmio_readw(ns, addr);
357 case 4:
358 return mmio_readl(ns, addr);
359 default:
360 g_assert_not_reached();
361 }
362 }
363
mmio_writefn(void * opaque,hwaddr addr,uint64_t value,unsigned size)364 static void mmio_writefn(void *opaque, hwaddr addr, uint64_t value,
365 unsigned size)
366 {
367 NeXTState *ns = NEXT_MACHINE(opaque);
368
369 switch (size) {
370 case 1:
371 mmio_writeb(ns, addr, value);
372 break;
373 case 2:
374 mmio_writew(ns, addr, value);
375 break;
376 case 4:
377 mmio_writel(ns, addr, value);
378 break;
379 default:
380 g_assert_not_reached();
381 }
382 }
383
384 static const MemoryRegionOps mmio_ops = {
385 .read = mmio_readfn,
386 .write = mmio_writefn,
387 .valid.min_access_size = 1,
388 .valid.max_access_size = 4,
389 .endianness = DEVICE_NATIVE_ENDIAN,
390 };
391
scr_readb(NeXTState * s,hwaddr addr)392 static uint32_t scr_readb(NeXTState *s, hwaddr addr)
393 {
394 switch (addr) {
395 case 0x14108:
396 DPRINTF("FD read @ %x\n", (unsigned int)addr);
397 return 0x40 | 0x04 | 0x2 | 0x1;
398 case 0x14020:
399 DPRINTF("SCSI 4020 STATUS READ %X\n", s->scsi_csr_1);
400 return s->scsi_csr_1;
401
402 case 0x14021:
403 DPRINTF("SCSI 4021 STATUS READ %X\n", s->scsi_csr_2);
404 return 0x40;
405
406 /*
407 * These 4 registers are the hardware timer, not sure which register
408 * is the latch instead of data, but no problems so far
409 */
410 case 0x1a000:
411 return 0xff & (clock() >> 24);
412 case 0x1a001:
413 return 0xff & (clock() >> 16);
414 case 0x1a002:
415 return 0xff & (clock() >> 8);
416 case 0x1a003:
417 /* Hack: We need to have this change consistently to make it work */
418 return 0xFF & clock();
419
420 default:
421 DPRINTF("BMAP Read B @ %x\n", (unsigned int)addr);
422 return 0;
423 }
424 }
425
scr_readw(NeXTState * s,hwaddr addr)426 static uint32_t scr_readw(NeXTState *s, hwaddr addr)
427 {
428 DPRINTF("BMAP Read W @ %x\n", (unsigned int)addr);
429 return 0;
430 }
431
scr_readl(NeXTState * s,hwaddr addr)432 static uint32_t scr_readl(NeXTState *s, hwaddr addr)
433 {
434 DPRINTF("BMAP Read L @ %x\n", (unsigned int)addr);
435 return 0;
436 }
437
438 #define SCSICSR_ENABLE 0x01
439 #define SCSICSR_RESET 0x02 /* reset scsi dma */
440 #define SCSICSR_FIFOFL 0x04
441 #define SCSICSR_DMADIR 0x08 /* if set, scsi to mem */
442 #define SCSICSR_CPUDMA 0x10 /* if set, dma enabled */
443 #define SCSICSR_INTMASK 0x20 /* if set, interrupt enabled */
444
scr_writeb(NeXTState * s,hwaddr addr,uint32_t value)445 static void scr_writeb(NeXTState *s, hwaddr addr, uint32_t value)
446 {
447 switch (addr) {
448 case 0x14108:
449 DPRINTF("FDCSR Write: %x\n", value);
450
451 if (value == 0x0) {
452 /* qemu_irq_raise(s->fd_irq[0]); */
453 }
454 break;
455 case 0x14020: /* SCSI Control Register */
456 if (value & SCSICSR_FIFOFL) {
457 DPRINTF("SCSICSR FIFO Flush\n");
458 /* will have to add another irq to the esp if this is needed */
459 /* esp_puflush_fifo(esp_g); */
460 /* qemu_irq_pulse(s->scsi_dma); */
461 }
462
463 if (value & SCSICSR_ENABLE) {
464 DPRINTF("SCSICSR Enable\n");
465 /*
466 * qemu_irq_raise(s->scsi_dma);
467 * s->scsi_csr_1 = 0xc0;
468 * s->scsi_csr_1 |= 0x1;
469 * qemu_irq_pulse(s->scsi_dma);
470 */
471 }
472 /*
473 * else
474 * s->scsi_csr_1 &= ~SCSICSR_ENABLE;
475 */
476
477 if (value & SCSICSR_RESET) {
478 DPRINTF("SCSICSR Reset\n");
479 /* I think this should set DMADIR. CPUDMA and INTMASK to 0 */
480 /* qemu_irq_raise(s->scsi_reset); */
481 /* s->scsi_csr_1 &= ~(SCSICSR_INTMASK |0x80|0x1); */
482
483 }
484 if (value & SCSICSR_DMADIR) {
485 DPRINTF("SCSICSR DMAdir\n");
486 }
487 if (value & SCSICSR_CPUDMA) {
488 DPRINTF("SCSICSR CPUDMA\n");
489 /* qemu_irq_raise(s->scsi_dma); */
490
491 s->int_status |= 0x4000000;
492 } else {
493 s->int_status &= ~(0x4000000);
494 }
495 if (value & SCSICSR_INTMASK) {
496 DPRINTF("SCSICSR INTMASK\n");
497 /*
498 * int_mask &= ~0x1000;
499 * s->scsi_csr_1 |= value;
500 * s->scsi_csr_1 &= ~SCSICSR_INTMASK;
501 * if (s->scsi_queued) {
502 * s->scsi_queued = 0;
503 * next_irq(s, NEXT_SCSI_I, level);
504 * }
505 */
506 } else {
507 /* int_mask |= 0x1000; */
508 }
509 if (value & 0x80) {
510 /* int_mask |= 0x1000; */
511 /* s->scsi_csr_1 |= 0x80; */
512 }
513 DPRINTF("SCSICSR Write: %x\n", value);
514 /* s->scsi_csr_1 = value; */
515 return;
516 /* Hardware timer latch - not implemented yet */
517 case 0x1a000:
518 default:
519 DPRINTF("BMAP Write B @ %x with %x\n", (unsigned int)addr, value);
520 }
521 }
522
scr_writew(NeXTState * s,hwaddr addr,uint32_t value)523 static void scr_writew(NeXTState *s, hwaddr addr, uint32_t value)
524 {
525 DPRINTF("BMAP Write W @ %x with %x\n", (unsigned int)addr, value);
526 }
527
scr_writel(NeXTState * s,hwaddr addr,uint32_t value)528 static void scr_writel(NeXTState *s, hwaddr addr, uint32_t value)
529 {
530 DPRINTF("BMAP Write L @ %x with %x\n", (unsigned int)addr, value);
531 }
532
scr_readfn(void * opaque,hwaddr addr,unsigned size)533 static uint64_t scr_readfn(void *opaque, hwaddr addr, unsigned size)
534 {
535 NeXTState *ns = NEXT_MACHINE(opaque);
536
537 switch (size) {
538 case 1:
539 return scr_readb(ns, addr);
540 case 2:
541 return scr_readw(ns, addr);
542 case 4:
543 return scr_readl(ns, addr);
544 default:
545 g_assert_not_reached();
546 }
547 }
548
scr_writefn(void * opaque,hwaddr addr,uint64_t value,unsigned size)549 static void scr_writefn(void *opaque, hwaddr addr, uint64_t value,
550 unsigned size)
551 {
552 NeXTState *ns = NEXT_MACHINE(opaque);
553
554 switch (size) {
555 case 1:
556 scr_writeb(ns, addr, value);
557 break;
558 case 2:
559 scr_writew(ns, addr, value);
560 break;
561 case 4:
562 scr_writel(ns, addr, value);
563 break;
564 default:
565 g_assert_not_reached();
566 }
567 }
568
569 static const MemoryRegionOps scr_ops = {
570 .read = scr_readfn,
571 .write = scr_writefn,
572 .valid.min_access_size = 1,
573 .valid.max_access_size = 4,
574 .endianness = DEVICE_NATIVE_ENDIAN,
575 };
576
577 #define NEXTDMA_SCSI(x) (0x10 + x)
578 #define NEXTDMA_FD(x) (0x10 + x)
579 #define NEXTDMA_ENTX(x) (0x110 + x)
580 #define NEXTDMA_ENRX(x) (0x150 + x)
581 #define NEXTDMA_CSR 0x0
582 #define NEXTDMA_NEXT 0x4000
583 #define NEXTDMA_LIMIT 0x4004
584 #define NEXTDMA_START 0x4008
585 #define NEXTDMA_STOP 0x400c
586 #define NEXTDMA_NEXT_INIT 0x4200
587 #define NEXTDMA_SIZE 0x4204
588
dma_writel(void * opaque,hwaddr addr,uint64_t value,unsigned int size)589 static void dma_writel(void *opaque, hwaddr addr, uint64_t value,
590 unsigned int size)
591 {
592 NeXTState *next_state = NEXT_MACHINE(opaque);
593
594 switch (addr) {
595 case NEXTDMA_ENRX(NEXTDMA_CSR):
596 if (value & DMA_DEV2M) {
597 next_state->dma[NEXTDMA_ENRX].csr |= DMA_DEV2M;
598 }
599
600 if (value & DMA_SETENABLE) {
601 /* DPRINTF("SCSI DMA ENABLE\n"); */
602 next_state->dma[NEXTDMA_ENRX].csr |= DMA_ENABLE;
603 }
604 if (value & DMA_SETSUPDATE) {
605 next_state->dma[NEXTDMA_ENRX].csr |= DMA_SUPDATE;
606 }
607 if (value & DMA_CLRCOMPLETE) {
608 next_state->dma[NEXTDMA_ENRX].csr &= ~DMA_COMPLETE;
609 }
610
611 if (value & DMA_RESET) {
612 next_state->dma[NEXTDMA_ENRX].csr &= ~(DMA_COMPLETE | DMA_SUPDATE |
613 DMA_ENABLE | DMA_DEV2M);
614 }
615 /* DPRINTF("RXCSR \tWrite: %x\n",value); */
616 break;
617 case NEXTDMA_ENRX(NEXTDMA_NEXT_INIT):
618 next_state->dma[NEXTDMA_ENRX].next_initbuf = value;
619 break;
620 case NEXTDMA_ENRX(NEXTDMA_NEXT):
621 next_state->dma[NEXTDMA_ENRX].next = value;
622 break;
623 case NEXTDMA_ENRX(NEXTDMA_LIMIT):
624 next_state->dma[NEXTDMA_ENRX].limit = value;
625 break;
626 case NEXTDMA_SCSI(NEXTDMA_CSR):
627 if (value & DMA_DEV2M) {
628 next_state->dma[NEXTDMA_SCSI].csr |= DMA_DEV2M;
629 }
630 if (value & DMA_SETENABLE) {
631 /* DPRINTF("SCSI DMA ENABLE\n"); */
632 next_state->dma[NEXTDMA_SCSI].csr |= DMA_ENABLE;
633 }
634 if (value & DMA_SETSUPDATE) {
635 next_state->dma[NEXTDMA_SCSI].csr |= DMA_SUPDATE;
636 }
637 if (value & DMA_CLRCOMPLETE) {
638 next_state->dma[NEXTDMA_SCSI].csr &= ~DMA_COMPLETE;
639 }
640
641 if (value & DMA_RESET) {
642 next_state->dma[NEXTDMA_SCSI].csr &= ~(DMA_COMPLETE | DMA_SUPDATE |
643 DMA_ENABLE | DMA_DEV2M);
644 /* DPRINTF("SCSI DMA RESET\n"); */
645 }
646 /* DPRINTF("RXCSR \tWrite: %x\n",value); */
647 break;
648
649 case NEXTDMA_SCSI(NEXTDMA_NEXT):
650 next_state->dma[NEXTDMA_SCSI].next = value;
651 break;
652
653 case NEXTDMA_SCSI(NEXTDMA_LIMIT):
654 next_state->dma[NEXTDMA_SCSI].limit = value;
655 break;
656
657 case NEXTDMA_SCSI(NEXTDMA_START):
658 next_state->dma[NEXTDMA_SCSI].start = value;
659 break;
660
661 case NEXTDMA_SCSI(NEXTDMA_STOP):
662 next_state->dma[NEXTDMA_SCSI].stop = value;
663 break;
664
665 case NEXTDMA_SCSI(NEXTDMA_NEXT_INIT):
666 next_state->dma[NEXTDMA_SCSI].next_initbuf = value;
667 break;
668
669 default:
670 DPRINTF("DMA write @ %x w/ %x\n", (unsigned)addr, (unsigned)value);
671 }
672 }
673
dma_readl(void * opaque,hwaddr addr,unsigned int size)674 static uint64_t dma_readl(void *opaque, hwaddr addr, unsigned int size)
675 {
676 NeXTState *next_state = NEXT_MACHINE(opaque);
677
678 switch (addr) {
679 case NEXTDMA_SCSI(NEXTDMA_CSR):
680 DPRINTF("SCSI DMA CSR READ\n");
681 return next_state->dma[NEXTDMA_SCSI].csr;
682 case NEXTDMA_ENRX(NEXTDMA_CSR):
683 return next_state->dma[NEXTDMA_ENRX].csr;
684 case NEXTDMA_ENRX(NEXTDMA_NEXT_INIT):
685 return next_state->dma[NEXTDMA_ENRX].next_initbuf;
686 case NEXTDMA_ENRX(NEXTDMA_NEXT):
687 return next_state->dma[NEXTDMA_ENRX].next;
688 case NEXTDMA_ENRX(NEXTDMA_LIMIT):
689 return next_state->dma[NEXTDMA_ENRX].limit;
690
691 case NEXTDMA_SCSI(NEXTDMA_NEXT):
692 return next_state->dma[NEXTDMA_SCSI].next;
693 case NEXTDMA_SCSI(NEXTDMA_NEXT_INIT):
694 return next_state->dma[NEXTDMA_SCSI].next_initbuf;
695 case NEXTDMA_SCSI(NEXTDMA_LIMIT):
696 return next_state->dma[NEXTDMA_SCSI].limit;
697 case NEXTDMA_SCSI(NEXTDMA_START):
698 return next_state->dma[NEXTDMA_SCSI].start;
699 case NEXTDMA_SCSI(NEXTDMA_STOP):
700 return next_state->dma[NEXTDMA_SCSI].stop;
701
702 default:
703 DPRINTF("DMA read @ %x\n", (unsigned int)addr);
704 return 0;
705 }
706
707 /*
708 * once the csr's are done, subtract 0x3FEC from the addr, and that will
709 * normalize the upper registers
710 */
711 }
712
713 static const MemoryRegionOps dma_ops = {
714 .read = dma_readl,
715 .write = dma_writel,
716 .impl.min_access_size = 4,
717 .valid.min_access_size = 4,
718 .valid.max_access_size = 4,
719 .endianness = DEVICE_NATIVE_ENDIAN,
720 };
721
722 /*
723 * TODO: set the shift numbers as values in the enum, so the first switch
724 * will not be needed
725 */
next_irq(void * opaque,int number,int level)726 void next_irq(void *opaque, int number, int level)
727 {
728 M68kCPU *cpu = opaque;
729 int shift = 0;
730 NeXTState *ns = NEXT_MACHINE(qdev_get_machine());
731
732 /* first switch sets interupt status */
733 /* DPRINTF("IRQ %i\n",number); */
734 switch (number) {
735 /* level 3 - floppy, kbd/mouse, power, ether rx/tx, scsi, clock */
736 case NEXT_FD_I:
737 shift = 7;;
738 break;
739 case NEXT_KBD_I:
740 shift = 3;
741 break;
742 case NEXT_PWR_I:
743 shift = 2;
744 break;
745 case NEXT_ENRX_I:
746 shift = 9;
747 break;
748 case NEXT_ENTX_I:
749 shift = 10;
750 break;
751 case NEXT_SCSI_I:
752 shift = 12;
753 break;
754 case NEXT_CLK_I:
755 shift = 5;
756 break;
757
758 /* level 5 - scc (serial) */
759 case NEXT_SCC_I:
760 shift = 17;
761 break;
762
763 /* level 6 - audio etherrx/tx dma */
764 case NEXT_ENTX_DMA_I:
765 shift = 28;
766 break;
767 case NEXT_ENRX_DMA_I:
768 shift = 27;
769 break;
770 case NEXT_SCSI_DMA_I:
771 shift = 26;
772 break;
773 case NEXT_SND_I:
774 shift = 23;
775 break;
776 case NEXT_SCC_DMA_I:
777 shift = 21;
778 break;
779
780 }
781 /*
782 * this HAS to be wrong, the interrupt handlers in mach and together
783 * int_status and int_mask and return if there is a hit
784 */
785 if (ns->int_mask & (1 << shift)) {
786 DPRINTF("%x interrupt masked @ %x\n", 1 << shift, cpu->env.pc);
787 /* return; */
788 }
789
790 /* second switch triggers the correct interrupt */
791 if (level) {
792 ns->int_status |= 1 << shift;
793
794 switch (number) {
795 /* level 3 - floppy, kbd/mouse, power, ether rx/tx, scsi, clock */
796 case NEXT_FD_I:
797 case NEXT_KBD_I:
798 case NEXT_PWR_I:
799 case NEXT_ENRX_I:
800 case NEXT_ENTX_I:
801 case NEXT_SCSI_I:
802 case NEXT_CLK_I:
803 m68k_set_irq_level(cpu, 3, 27);
804 break;
805
806 /* level 5 - scc (serial) */
807 case NEXT_SCC_I:
808 m68k_set_irq_level(cpu, 5, 29);
809 break;
810
811 /* level 6 - audio etherrx/tx dma */
812 case NEXT_ENTX_DMA_I:
813 case NEXT_ENRX_DMA_I:
814 case NEXT_SCSI_DMA_I:
815 case NEXT_SND_I:
816 case NEXT_SCC_DMA_I:
817 m68k_set_irq_level(cpu, 6, 30);
818 break;
819 }
820 } else {
821 ns->int_status &= ~(1 << shift);
822 cpu_reset_interrupt(CPU(cpu), CPU_INTERRUPT_HARD);
823 }
824 }
825
next_serial_irq(void * opaque,int n,int level)826 static void next_serial_irq(void *opaque, int n, int level)
827 {
828 /* DPRINTF("SCC IRQ NUM %i\n",n); */
829 if (n) {
830 next_irq(opaque, NEXT_SCC_DMA_I, level);
831 } else {
832 next_irq(opaque, NEXT_SCC_I, level);
833 }
834 }
835
next_escc_init(M68kCPU * cpu)836 static void next_escc_init(M68kCPU *cpu)
837 {
838 qemu_irq *ser_irq = qemu_allocate_irqs(next_serial_irq, cpu, 2);
839 DeviceState *dev;
840 SysBusDevice *s;
841
842 dev = qdev_create(NULL, TYPE_ESCC);
843 qdev_prop_set_uint32(dev, "disabled", 0);
844 qdev_prop_set_uint32(dev, "frequency", 9600 * 384);
845 qdev_prop_set_uint32(dev, "it_shift", 0);
846 qdev_prop_set_bit(dev, "bit_swap", true);
847 qdev_prop_set_chr(dev, "chrB", serial_hd(1));
848 qdev_prop_set_chr(dev, "chrA", serial_hd(0));
849 qdev_prop_set_uint32(dev, "chnBtype", escc_serial);
850 qdev_prop_set_uint32(dev, "chnAtype", escc_serial);
851 qdev_init_nofail(dev);
852
853 s = SYS_BUS_DEVICE(dev);
854 sysbus_connect_irq(s, 0, ser_irq[0]);
855 sysbus_connect_irq(s, 1, ser_irq[1]);
856 sysbus_mmio_map(s, 0, 0x2118000);
857 }
858
next_cube_init(MachineState * machine)859 static void next_cube_init(MachineState *machine)
860 {
861 M68kCPU *cpu;
862 CPUM68KState *env;
863 MemoryRegion *ram = g_new(MemoryRegion, 1);
864 MemoryRegion *rom = g_new(MemoryRegion, 1);
865 MemoryRegion *mmiomem = g_new(MemoryRegion, 1);
866 MemoryRegion *scrmem = g_new(MemoryRegion, 1);
867 MemoryRegion *dmamem = g_new(MemoryRegion, 1);
868 MemoryRegion *bmapm1 = g_new(MemoryRegion, 1);
869 MemoryRegion *bmapm2 = g_new(MemoryRegion, 1);
870 MemoryRegion *sysmem = get_system_memory();
871 NeXTState *ns = NEXT_MACHINE(machine);
872 DeviceState *dev;
873
874 /* Initialize the cpu core */
875 cpu = M68K_CPU(cpu_create(machine->cpu_type));
876 if (!cpu) {
877 error_report("Unable to find m68k CPU definition");
878 exit(1);
879 }
880 env = &cpu->env;
881
882 /* Initialize CPU registers. */
883 env->vbr = 0;
884 env->sr = 0x2700;
885
886 /* Set internal registers to initial values */
887 /* 0x0000XX00 << vital bits */
888 ns->scr1 = 0x00011102;
889 ns->scr2 = 0x00ff0c80;
890 ns->rtc.status = 0x90;
891
892 /* Load RTC RAM - TODO: provide possibility to load contents from file */
893 memcpy(ns->rtc.ram, rtc_ram2, 32);
894
895 /* 64MB RAM starting at 0x04000000 */
896 memory_region_allocate_system_memory(ram, NULL, "next.ram", ram_size);
897 memory_region_add_subregion(sysmem, 0x04000000, ram);
898
899 /* Framebuffer */
900 dev = qdev_create(NULL, TYPE_NEXTFB);
901 qdev_init_nofail(dev);
902 sysbus_mmio_map(SYS_BUS_DEVICE(dev), 0, 0x0B000000);
903
904 /* MMIO */
905 memory_region_init_io(mmiomem, NULL, &mmio_ops, machine, "next.mmio",
906 0xD0000);
907 memory_region_add_subregion(sysmem, 0x02000000, mmiomem);
908
909 /* BMAP memory */
910 memory_region_init_ram_shared_nomigrate(bmapm1, NULL, "next.bmapmem", 64,
911 true, &error_fatal);
912 memory_region_add_subregion(sysmem, 0x020c0000, bmapm1);
913 /* The Rev_2.5_v66.bin firmware accesses it at 0x820c0020, too */
914 memory_region_init_alias(bmapm2, NULL, "next.bmapmem2", bmapm1, 0x0, 64);
915 memory_region_add_subregion(sysmem, 0x820c0000, bmapm2);
916
917 /* BMAP IO - acts as a catch-all for now */
918 memory_region_init_io(scrmem, NULL, &scr_ops, machine, "next.scr",
919 0x20000);
920 memory_region_add_subregion(sysmem, 0x02100000, scrmem);
921
922 /* KBD */
923 dev = qdev_create(NULL, TYPE_NEXTKBD);
924 qdev_init_nofail(dev);
925 sysbus_mmio_map(SYS_BUS_DEVICE(dev), 0, 0x0200e000);
926
927 /* Load ROM here */
928 if (bios_name == NULL) {
929 bios_name = ROM_FILE;
930 }
931 /* still not sure if the rom should also be mapped at 0x0*/
932 memory_region_init_rom(rom, NULL, "next.rom", 0x20000, &error_fatal);
933 memory_region_add_subregion(sysmem, 0x01000000, rom);
934 if (load_image_targphys(bios_name, 0x01000000, 0x20000) < 8) {
935 if (!qtest_enabled()) {
936 error_report("Failed to load firmware '%s'.", bios_name);
937 }
938 } else {
939 uint8_t *ptr;
940 /* Initial PC is always at offset 4 in firmware binaries */
941 ptr = rom_ptr(0x01000004, 4);
942 g_assert(ptr != NULL);
943 env->pc = ldl_p(ptr);
944 if (env->pc >= 0x01020000) {
945 error_report("'%s' does not seem to be a valid firmware image.",
946 bios_name);
947 exit(1);
948 }
949 }
950
951 /* Serial */
952 next_escc_init(cpu);
953
954 /* TODO: */
955 /* Network */
956 /* SCSI */
957
958 /* DMA */
959 memory_region_init_io(dmamem, NULL, &dma_ops, machine, "next.dma", 0x5000);
960 memory_region_add_subregion(sysmem, 0x02000000, dmamem);
961 }
962
next_machine_class_init(ObjectClass * oc,void * data)963 static void next_machine_class_init(ObjectClass *oc, void *data)
964 {
965 MachineClass *mc = MACHINE_CLASS(oc);
966
967 mc->desc = "NeXT Cube";
968 mc->init = next_cube_init;
969 mc->default_ram_size = RAM_SIZE;
970 mc->default_cpu_type = M68K_CPU_TYPE_NAME("m68040");
971 }
972
973 static const TypeInfo next_typeinfo = {
974 .name = TYPE_NEXT_MACHINE,
975 .parent = TYPE_MACHINE,
976 .class_init = next_machine_class_init,
977 .instance_size = sizeof(NeXTState),
978 };
979
next_register_type(void)980 static void next_register_type(void)
981 {
982 type_register_static(&next_typeinfo);
983 }
984
985 type_init(next_register_type)
986