1 /*
2  * NeXT Cube System Driver
3  *
4  * Copyright (c) 2011 Bryce Lanham
5  *
6  * This code is free software; you can redistribute it and/or modify
7  * it under the terms of the GNU General Public License as published
8  * by the Free Software Foundation; either version 2 of the License,
9  * or (at your option) any later version.
10  */
11 
12 #include "qemu/osdep.h"
13 #include "cpu.h"
14 #include "exec/hwaddr.h"
15 #include "exec/address-spaces.h"
16 #include "sysemu/sysemu.h"
17 #include "sysemu/qtest.h"
18 #include "hw/irq.h"
19 #include "hw/m68k/next-cube.h"
20 #include "hw/boards.h"
21 #include "hw/loader.h"
22 #include "hw/scsi/esp.h"
23 #include "hw/sysbus.h"
24 #include "hw/char/escc.h" /* ZILOG 8530 Serial Emulation */
25 #include "hw/block/fdc.h"
26 #include "hw/qdev-properties.h"
27 #include "qapi/error.h"
28 #include "ui/console.h"
29 #include "target/m68k/cpu.h"
30 
31 /* #define DEBUG_NEXT */
32 #ifdef DEBUG_NEXT
33 #define DPRINTF(fmt, ...) \
34     do { printf("NeXT: " fmt , ## __VA_ARGS__); } while (0)
35 #else
36 #define DPRINTF(fmt, ...) do { } while (0)
37 #endif
38 
39 #define TYPE_NEXT_MACHINE MACHINE_TYPE_NAME("next-cube")
40 #define NEXT_MACHINE(obj) OBJECT_CHECK(NeXTState, (obj), TYPE_NEXT_MACHINE)
41 
42 #define ENTRY       0x0100001e
43 #define RAM_SIZE    0x4000000
44 #define ROM_FILE    "Rev_2.5_v66.bin"
45 
46 typedef struct next_dma {
47     uint32_t csr;
48 
49     uint32_t saved_next;
50     uint32_t saved_limit;
51     uint32_t saved_start;
52     uint32_t saved_stop;
53 
54     uint32_t next;
55     uint32_t limit;
56     uint32_t start;
57     uint32_t stop;
58 
59     uint32_t next_initbuf;
60     uint32_t size;
61 } next_dma;
62 
63 typedef struct NextRtc {
64     uint8_t ram[32];
65     uint8_t command;
66     uint8_t value;
67     uint8_t status;
68     uint8_t control;
69     uint8_t retval;
70 } NextRtc;
71 
72 typedef struct {
73     MachineState parent;
74 
75     uint32_t int_mask;
76     uint32_t int_status;
77 
78     uint8_t scsi_csr_1;
79     uint8_t scsi_csr_2;
80     next_dma dma[10];
81     qemu_irq *scsi_irq;
82     qemu_irq scsi_dma;
83     qemu_irq scsi_reset;
84     qemu_irq *fd_irq;
85 
86     uint32_t scr1;
87     uint32_t scr2;
88 
89     NextRtc rtc;
90 } NeXTState;
91 
92 /* Thanks to NeXT forums for this */
93 /*
94 static const uint8_t rtc_ram3[32] = {
95     0x94, 0x0f, 0x40, 0x00, 0x00, 0x00, 0x00, 0x00,
96     0x00, 0x00, 0xfb, 0x6d, 0x00, 0x00, 0x7B, 0x00,
97     0x00, 0x00, 0x65, 0x6e, 0x00, 0x00, 0x00, 0x00,
98     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x50, 0x13
99 };
100 */
101 static const uint8_t rtc_ram2[32] = {
102     0x94, 0x0f, 0x40, 0x03, 0x00, 0x00, 0x00, 0x00,
103     0x00, 0x00, 0xfb, 0x6d, 0x00, 0x00, 0x4b, 0x00,
104     0x41, 0x00, 0x20, 0x00, 0x00, 0x00, 0x00, 0x00,
105     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x84, 0x7e,
106 };
107 
108 #define SCR2_RTCLK 0x2
109 #define SCR2_RTDATA 0x4
110 #define SCR2_TOBCD(x) (((x / 10) << 4) + (x % 10))
111 
nextscr2_write(NeXTState * s,uint32_t val,int size)112 static void nextscr2_write(NeXTState *s, uint32_t val, int size)
113 {
114     static int led;
115     static int phase;
116     static uint8_t old_scr2;
117     uint8_t scr2_2;
118     NextRtc *rtc = &s->rtc;
119 
120     if (size == 4) {
121         scr2_2 = (val >> 8) & 0xFF;
122     } else {
123         scr2_2 = val & 0xFF;
124     }
125 
126     if (val & 0x1) {
127         DPRINTF("fault!\n");
128         led++;
129         if (led == 10) {
130             DPRINTF("LED flashing, possible fault!\n");
131             led = 0;
132         }
133     }
134 
135     if (scr2_2 & 0x1) {
136         /* DPRINTF("RTC %x phase %i\n", scr2_2, phase); */
137         if (phase == -1) {
138             phase = 0;
139         }
140         /* If we are in going down clock... do something */
141         if (((old_scr2 & SCR2_RTCLK) != (scr2_2 & SCR2_RTCLK)) &&
142                 ((scr2_2 & SCR2_RTCLK) == 0)) {
143             if (phase < 8) {
144                 rtc->command = (rtc->command << 1) |
145                                ((scr2_2 & SCR2_RTDATA) ? 1 : 0);
146             }
147             if (phase >= 8 && phase < 16) {
148                 rtc->value = (rtc->value << 1) |
149                              ((scr2_2 & SCR2_RTDATA) ? 1 : 0);
150 
151                 /* if we read RAM register, output RT_DATA bit */
152                 if (rtc->command <= 0x1F) {
153                     scr2_2 = scr2_2 & (~SCR2_RTDATA);
154                     if (rtc->ram[rtc->command] & (0x80 >> (phase - 8))) {
155                         scr2_2 |= SCR2_RTDATA;
156                     }
157 
158                     rtc->retval = (rtc->retval << 1) |
159                                   ((scr2_2 & SCR2_RTDATA) ? 1 : 0);
160                 }
161                 /* read the status 0x30 */
162                 if (rtc->command == 0x30) {
163                     scr2_2 = scr2_2 & (~SCR2_RTDATA);
164                     /* for now status = 0x98 (new rtc + FTU) */
165                     if (rtc->status & (0x80 >> (phase - 8))) {
166                         scr2_2 |= SCR2_RTDATA;
167                     }
168 
169                     rtc->retval = (rtc->retval << 1) |
170                                   ((scr2_2 & SCR2_RTDATA) ? 1 : 0);
171                 }
172                 /* read the status 0x31 */
173                 if (rtc->command == 0x31) {
174                     scr2_2 = scr2_2 & (~SCR2_RTDATA);
175                     if (rtc->control & (0x80 >> (phase - 8))) {
176                         scr2_2 |= SCR2_RTDATA;
177                     }
178                     rtc->retval = (rtc->retval << 1) |
179                                   ((scr2_2 & SCR2_RTDATA) ? 1 : 0);
180                 }
181 
182                 if ((rtc->command >= 0x20) && (rtc->command <= 0x2F)) {
183                     scr2_2 = scr2_2 & (~SCR2_RTDATA);
184                     /* for now 0x00 */
185                     time_t time_h = time(NULL);
186                     struct tm *info = localtime(&time_h);
187                     int ret = 0;
188 
189                     switch (rtc->command) {
190                     case 0x20:
191                         ret = SCR2_TOBCD(info->tm_sec);
192                         break;
193                     case 0x21:
194                         ret = SCR2_TOBCD(info->tm_min);
195                         break;
196                     case 0x22:
197                         ret = SCR2_TOBCD(info->tm_hour);
198                         break;
199                     case 0x24:
200                         ret = SCR2_TOBCD(info->tm_mday);
201                         break;
202                     case 0x25:
203                         ret = SCR2_TOBCD((info->tm_mon + 1));
204                         break;
205                     case 0x26:
206                         ret = SCR2_TOBCD((info->tm_year - 100));
207                         break;
208 
209                     }
210 
211                     if (ret & (0x80 >> (phase - 8))) {
212                         scr2_2 |= SCR2_RTDATA;
213                     }
214                     rtc->retval = (rtc->retval << 1) |
215                                   ((scr2_2 & SCR2_RTDATA) ? 1 : 0);
216                 }
217 
218             }
219 
220             phase++;
221             if (phase == 16) {
222                 if (rtc->command >= 0x80 && rtc->command <= 0x9F) {
223                     rtc->ram[rtc->command - 0x80] = rtc->value;
224                 }
225                 /* write to x30 register */
226                 if (rtc->command == 0xB1) {
227                     /* clear FTU */
228                     if (rtc->value & 0x04) {
229                         rtc->status = rtc->status & (~0x18);
230                         s->int_status = s->int_status & (~0x04);
231                     }
232                 }
233             }
234         }
235     } else {
236         /* else end or abort */
237         phase = -1;
238         rtc->command = 0;
239         rtc->value = 0;
240     }
241     s->scr2 = val & 0xFFFF00FF;
242     s->scr2 |= scr2_2 << 8;
243     old_scr2 = scr2_2;
244 }
245 
mmio_readb(NeXTState * s,hwaddr addr)246 static uint32_t mmio_readb(NeXTState *s, hwaddr addr)
247 {
248     switch (addr) {
249     case 0xc000:
250         return (s->scr1 >> 24) & 0xFF;
251     case 0xc001:
252         return (s->scr1 >> 16) & 0xFF;
253     case 0xc002:
254         return (s->scr1 >> 8)  & 0xFF;
255     case 0xc003:
256         return (s->scr1 >> 0)  & 0xFF;
257 
258     case 0xd000:
259         return (s->scr2 >> 24) & 0xFF;
260     case 0xd001:
261         return (s->scr2 >> 16) & 0xFF;
262     case 0xd002:
263         return (s->scr2 >> 8)  & 0xFF;
264     case 0xd003:
265         return (s->scr2 >> 0)  & 0xFF;
266     case 0x14020:
267         DPRINTF("MMIO Read 0x4020\n");
268         return 0x7f;
269 
270     default:
271         DPRINTF("MMIO Read B @ %"HWADDR_PRIx"\n", addr);
272         return 0x0;
273     }
274 }
275 
mmio_readw(NeXTState * s,hwaddr addr)276 static uint32_t mmio_readw(NeXTState *s, hwaddr addr)
277 {
278     switch (addr) {
279     default:
280         DPRINTF("MMIO Read W @ %"HWADDR_PRIx"\n", addr);
281         return 0x0;
282     }
283 }
284 
mmio_readl(NeXTState * s,hwaddr addr)285 static uint32_t mmio_readl(NeXTState *s, hwaddr addr)
286 {
287     switch (addr) {
288     case 0x7000:
289         /* DPRINTF("Read INT status: %x\n", s->int_status); */
290         return s->int_status;
291 
292     case 0x7800:
293         DPRINTF("MMIO Read INT mask: %x\n", s->int_mask);
294         return s->int_mask;
295 
296     case 0xc000:
297         return s->scr1;
298 
299     case 0xd000:
300         return s->scr2;
301 
302     default:
303         DPRINTF("MMIO Read L @ %"HWADDR_PRIx"\n", addr);
304         return 0x0;
305     }
306 }
307 
mmio_writeb(NeXTState * s,hwaddr addr,uint32_t val)308 static void mmio_writeb(NeXTState *s, hwaddr addr, uint32_t val)
309 {
310     switch (addr) {
311     case 0xd003:
312         nextscr2_write(s, val, 1);
313         break;
314     default:
315         DPRINTF("MMIO Write B @ %x with %x\n", (unsigned int)addr, val);
316     }
317 
318 }
319 
mmio_writew(NeXTState * s,hwaddr addr,uint32_t val)320 static void mmio_writew(NeXTState *s, hwaddr addr, uint32_t val)
321 {
322     DPRINTF("MMIO Write W\n");
323 }
324 
mmio_writel(NeXTState * s,hwaddr addr,uint32_t val)325 static void mmio_writel(NeXTState *s, hwaddr addr, uint32_t val)
326 {
327     switch (addr) {
328     case 0x7000:
329         DPRINTF("INT Status old: %x new: %x\n", s->int_status, val);
330         s->int_status = val;
331         break;
332     case 0x7800:
333         DPRINTF("INT Mask old: %x new: %x\n", s->int_mask, val);
334         s->int_mask  = val;
335         break;
336     case 0xc000:
337         DPRINTF("SCR1 Write: %x\n", val);
338         break;
339     case 0xd000:
340         nextscr2_write(s, val, 4);
341         break;
342 
343     default:
344         DPRINTF("MMIO Write l @ %x with %x\n", (unsigned int)addr, val);
345     }
346 }
347 
mmio_readfn(void * opaque,hwaddr addr,unsigned size)348 static uint64_t mmio_readfn(void *opaque, hwaddr addr, unsigned size)
349 {
350     NeXTState *ns = NEXT_MACHINE(opaque);
351 
352     switch (size) {
353     case 1:
354         return mmio_readb(ns, addr);
355     case 2:
356         return mmio_readw(ns, addr);
357     case 4:
358         return mmio_readl(ns, addr);
359     default:
360         g_assert_not_reached();
361     }
362 }
363 
mmio_writefn(void * opaque,hwaddr addr,uint64_t value,unsigned size)364 static void mmio_writefn(void *opaque, hwaddr addr, uint64_t value,
365                          unsigned size)
366 {
367     NeXTState *ns = NEXT_MACHINE(opaque);
368 
369     switch (size) {
370     case 1:
371         mmio_writeb(ns, addr, value);
372         break;
373     case 2:
374         mmio_writew(ns, addr, value);
375         break;
376     case 4:
377         mmio_writel(ns, addr, value);
378         break;
379     default:
380         g_assert_not_reached();
381     }
382 }
383 
384 static const MemoryRegionOps mmio_ops = {
385     .read = mmio_readfn,
386     .write = mmio_writefn,
387     .valid.min_access_size = 1,
388     .valid.max_access_size = 4,
389     .endianness = DEVICE_NATIVE_ENDIAN,
390 };
391 
scr_readb(NeXTState * s,hwaddr addr)392 static uint32_t scr_readb(NeXTState *s, hwaddr addr)
393 {
394     switch (addr) {
395     case 0x14108:
396         DPRINTF("FD read @ %x\n", (unsigned int)addr);
397         return 0x40 | 0x04 | 0x2 | 0x1;
398     case 0x14020:
399         DPRINTF("SCSI 4020  STATUS READ %X\n", s->scsi_csr_1);
400         return s->scsi_csr_1;
401 
402     case 0x14021:
403         DPRINTF("SCSI 4021 STATUS READ %X\n", s->scsi_csr_2);
404         return 0x40;
405 
406     /*
407      * These 4 registers are the hardware timer, not sure which register
408      * is the latch instead of data, but no problems so far
409      */
410     case 0x1a000:
411         return 0xff & (clock() >> 24);
412     case 0x1a001:
413         return 0xff & (clock() >> 16);
414     case 0x1a002:
415         return 0xff & (clock() >> 8);
416     case 0x1a003:
417         /* Hack: We need to have this change consistently to make it work */
418         return 0xFF & clock();
419 
420     default:
421         DPRINTF("BMAP Read B @ %x\n", (unsigned int)addr);
422         return 0;
423     }
424 }
425 
scr_readw(NeXTState * s,hwaddr addr)426 static uint32_t scr_readw(NeXTState *s, hwaddr addr)
427 {
428     DPRINTF("BMAP Read W @ %x\n", (unsigned int)addr);
429     return 0;
430 }
431 
scr_readl(NeXTState * s,hwaddr addr)432 static uint32_t scr_readl(NeXTState *s, hwaddr addr)
433 {
434     DPRINTF("BMAP Read L @ %x\n", (unsigned int)addr);
435     return 0;
436 }
437 
438 #define SCSICSR_ENABLE  0x01
439 #define SCSICSR_RESET   0x02  /* reset scsi dma */
440 #define SCSICSR_FIFOFL  0x04
441 #define SCSICSR_DMADIR  0x08  /* if set, scsi to mem */
442 #define SCSICSR_CPUDMA  0x10  /* if set, dma enabled */
443 #define SCSICSR_INTMASK 0x20  /* if set, interrupt enabled */
444 
scr_writeb(NeXTState * s,hwaddr addr,uint32_t value)445 static void scr_writeb(NeXTState *s, hwaddr addr, uint32_t value)
446 {
447     switch (addr) {
448     case 0x14108:
449         DPRINTF("FDCSR Write: %x\n", value);
450 
451         if (value == 0x0) {
452             /* qemu_irq_raise(s->fd_irq[0]); */
453         }
454         break;
455     case 0x14020: /* SCSI Control Register */
456         if (value & SCSICSR_FIFOFL) {
457             DPRINTF("SCSICSR FIFO Flush\n");
458             /* will have to add another irq to the esp if this is needed */
459             /* esp_puflush_fifo(esp_g); */
460             /* qemu_irq_pulse(s->scsi_dma); */
461         }
462 
463         if (value & SCSICSR_ENABLE) {
464             DPRINTF("SCSICSR Enable\n");
465             /*
466              * qemu_irq_raise(s->scsi_dma);
467              * s->scsi_csr_1 = 0xc0;
468              * s->scsi_csr_1 |= 0x1;
469              * qemu_irq_pulse(s->scsi_dma);
470              */
471         }
472         /*
473          * else
474          *     s->scsi_csr_1 &= ~SCSICSR_ENABLE;
475          */
476 
477         if (value & SCSICSR_RESET) {
478             DPRINTF("SCSICSR Reset\n");
479             /* I think this should set DMADIR. CPUDMA and INTMASK to 0 */
480             /* qemu_irq_raise(s->scsi_reset); */
481             /* s->scsi_csr_1 &= ~(SCSICSR_INTMASK |0x80|0x1); */
482 
483         }
484         if (value & SCSICSR_DMADIR) {
485             DPRINTF("SCSICSR DMAdir\n");
486         }
487         if (value & SCSICSR_CPUDMA) {
488             DPRINTF("SCSICSR CPUDMA\n");
489             /* qemu_irq_raise(s->scsi_dma); */
490 
491             s->int_status |= 0x4000000;
492         } else {
493             s->int_status &= ~(0x4000000);
494         }
495         if (value & SCSICSR_INTMASK) {
496             DPRINTF("SCSICSR INTMASK\n");
497             /*
498              * int_mask &= ~0x1000;
499              * s->scsi_csr_1 |= value;
500              * s->scsi_csr_1 &= ~SCSICSR_INTMASK;
501              * if (s->scsi_queued) {
502              *     s->scsi_queued = 0;
503              *     next_irq(s, NEXT_SCSI_I, level);
504              * }
505              */
506         } else {
507             /* int_mask |= 0x1000; */
508         }
509         if (value & 0x80) {
510             /* int_mask |= 0x1000; */
511             /* s->scsi_csr_1 |= 0x80; */
512         }
513         DPRINTF("SCSICSR Write: %x\n", value);
514         /* s->scsi_csr_1 = value; */
515         return;
516     /* Hardware timer latch - not implemented yet */
517     case 0x1a000:
518     default:
519         DPRINTF("BMAP Write B @ %x with %x\n", (unsigned int)addr, value);
520     }
521 }
522 
scr_writew(NeXTState * s,hwaddr addr,uint32_t value)523 static void scr_writew(NeXTState *s, hwaddr addr, uint32_t value)
524 {
525     DPRINTF("BMAP Write W @ %x with %x\n", (unsigned int)addr, value);
526 }
527 
scr_writel(NeXTState * s,hwaddr addr,uint32_t value)528 static void scr_writel(NeXTState *s, hwaddr addr, uint32_t value)
529 {
530     DPRINTF("BMAP Write L @ %x with %x\n", (unsigned int)addr, value);
531 }
532 
scr_readfn(void * opaque,hwaddr addr,unsigned size)533 static uint64_t scr_readfn(void *opaque, hwaddr addr, unsigned size)
534 {
535     NeXTState *ns = NEXT_MACHINE(opaque);
536 
537     switch (size) {
538     case 1:
539         return scr_readb(ns, addr);
540     case 2:
541         return scr_readw(ns, addr);
542     case 4:
543         return scr_readl(ns, addr);
544     default:
545         g_assert_not_reached();
546     }
547 }
548 
scr_writefn(void * opaque,hwaddr addr,uint64_t value,unsigned size)549 static void scr_writefn(void *opaque, hwaddr addr, uint64_t value,
550                         unsigned size)
551 {
552     NeXTState *ns = NEXT_MACHINE(opaque);
553 
554     switch (size) {
555     case 1:
556         scr_writeb(ns, addr, value);
557         break;
558     case 2:
559         scr_writew(ns, addr, value);
560         break;
561     case 4:
562         scr_writel(ns, addr, value);
563         break;
564     default:
565         g_assert_not_reached();
566     }
567 }
568 
569 static const MemoryRegionOps scr_ops = {
570     .read = scr_readfn,
571     .write = scr_writefn,
572     .valid.min_access_size = 1,
573     .valid.max_access_size = 4,
574     .endianness = DEVICE_NATIVE_ENDIAN,
575 };
576 
577 #define NEXTDMA_SCSI(x)      (0x10 + x)
578 #define NEXTDMA_FD(x)        (0x10 + x)
579 #define NEXTDMA_ENTX(x)      (0x110 + x)
580 #define NEXTDMA_ENRX(x)      (0x150 + x)
581 #define NEXTDMA_CSR          0x0
582 #define NEXTDMA_NEXT         0x4000
583 #define NEXTDMA_LIMIT        0x4004
584 #define NEXTDMA_START        0x4008
585 #define NEXTDMA_STOP         0x400c
586 #define NEXTDMA_NEXT_INIT    0x4200
587 #define NEXTDMA_SIZE         0x4204
588 
dma_writel(void * opaque,hwaddr addr,uint64_t value,unsigned int size)589 static void dma_writel(void *opaque, hwaddr addr, uint64_t value,
590                        unsigned int size)
591 {
592     NeXTState *next_state = NEXT_MACHINE(opaque);
593 
594     switch (addr) {
595     case NEXTDMA_ENRX(NEXTDMA_CSR):
596         if (value & DMA_DEV2M) {
597             next_state->dma[NEXTDMA_ENRX].csr |= DMA_DEV2M;
598         }
599 
600         if (value & DMA_SETENABLE) {
601             /* DPRINTF("SCSI DMA ENABLE\n"); */
602             next_state->dma[NEXTDMA_ENRX].csr |= DMA_ENABLE;
603         }
604         if (value & DMA_SETSUPDATE) {
605             next_state->dma[NEXTDMA_ENRX].csr |= DMA_SUPDATE;
606         }
607         if (value & DMA_CLRCOMPLETE) {
608             next_state->dma[NEXTDMA_ENRX].csr &= ~DMA_COMPLETE;
609         }
610 
611         if (value & DMA_RESET) {
612             next_state->dma[NEXTDMA_ENRX].csr &= ~(DMA_COMPLETE | DMA_SUPDATE |
613                                                   DMA_ENABLE | DMA_DEV2M);
614         }
615         /* DPRINTF("RXCSR \tWrite: %x\n",value); */
616         break;
617     case NEXTDMA_ENRX(NEXTDMA_NEXT_INIT):
618         next_state->dma[NEXTDMA_ENRX].next_initbuf = value;
619         break;
620     case NEXTDMA_ENRX(NEXTDMA_NEXT):
621         next_state->dma[NEXTDMA_ENRX].next = value;
622         break;
623     case NEXTDMA_ENRX(NEXTDMA_LIMIT):
624         next_state->dma[NEXTDMA_ENRX].limit = value;
625         break;
626     case NEXTDMA_SCSI(NEXTDMA_CSR):
627         if (value & DMA_DEV2M) {
628             next_state->dma[NEXTDMA_SCSI].csr |= DMA_DEV2M;
629         }
630         if (value & DMA_SETENABLE) {
631             /* DPRINTF("SCSI DMA ENABLE\n"); */
632             next_state->dma[NEXTDMA_SCSI].csr |= DMA_ENABLE;
633         }
634         if (value & DMA_SETSUPDATE) {
635             next_state->dma[NEXTDMA_SCSI].csr |= DMA_SUPDATE;
636         }
637         if (value & DMA_CLRCOMPLETE) {
638             next_state->dma[NEXTDMA_SCSI].csr &= ~DMA_COMPLETE;
639         }
640 
641         if (value & DMA_RESET) {
642             next_state->dma[NEXTDMA_SCSI].csr &= ~(DMA_COMPLETE | DMA_SUPDATE |
643                                                   DMA_ENABLE | DMA_DEV2M);
644             /* DPRINTF("SCSI DMA RESET\n"); */
645         }
646         /* DPRINTF("RXCSR \tWrite: %x\n",value); */
647         break;
648 
649     case NEXTDMA_SCSI(NEXTDMA_NEXT):
650         next_state->dma[NEXTDMA_SCSI].next = value;
651         break;
652 
653     case NEXTDMA_SCSI(NEXTDMA_LIMIT):
654         next_state->dma[NEXTDMA_SCSI].limit = value;
655         break;
656 
657     case NEXTDMA_SCSI(NEXTDMA_START):
658         next_state->dma[NEXTDMA_SCSI].start = value;
659         break;
660 
661     case NEXTDMA_SCSI(NEXTDMA_STOP):
662         next_state->dma[NEXTDMA_SCSI].stop = value;
663         break;
664 
665     case NEXTDMA_SCSI(NEXTDMA_NEXT_INIT):
666         next_state->dma[NEXTDMA_SCSI].next_initbuf = value;
667         break;
668 
669     default:
670         DPRINTF("DMA write @ %x w/ %x\n", (unsigned)addr, (unsigned)value);
671     }
672 }
673 
dma_readl(void * opaque,hwaddr addr,unsigned int size)674 static uint64_t dma_readl(void *opaque, hwaddr addr, unsigned int size)
675 {
676     NeXTState *next_state = NEXT_MACHINE(opaque);
677 
678     switch (addr) {
679     case NEXTDMA_SCSI(NEXTDMA_CSR):
680         DPRINTF("SCSI DMA CSR READ\n");
681         return next_state->dma[NEXTDMA_SCSI].csr;
682     case NEXTDMA_ENRX(NEXTDMA_CSR):
683         return next_state->dma[NEXTDMA_ENRX].csr;
684     case NEXTDMA_ENRX(NEXTDMA_NEXT_INIT):
685         return next_state->dma[NEXTDMA_ENRX].next_initbuf;
686     case NEXTDMA_ENRX(NEXTDMA_NEXT):
687         return next_state->dma[NEXTDMA_ENRX].next;
688     case NEXTDMA_ENRX(NEXTDMA_LIMIT):
689         return next_state->dma[NEXTDMA_ENRX].limit;
690 
691     case NEXTDMA_SCSI(NEXTDMA_NEXT):
692         return next_state->dma[NEXTDMA_SCSI].next;
693     case NEXTDMA_SCSI(NEXTDMA_NEXT_INIT):
694         return next_state->dma[NEXTDMA_SCSI].next_initbuf;
695     case NEXTDMA_SCSI(NEXTDMA_LIMIT):
696         return next_state->dma[NEXTDMA_SCSI].limit;
697     case NEXTDMA_SCSI(NEXTDMA_START):
698         return next_state->dma[NEXTDMA_SCSI].start;
699     case NEXTDMA_SCSI(NEXTDMA_STOP):
700         return next_state->dma[NEXTDMA_SCSI].stop;
701 
702     default:
703         DPRINTF("DMA read @ %x\n", (unsigned int)addr);
704         return 0;
705     }
706 
707     /*
708      * once the csr's are done, subtract 0x3FEC from the addr, and that will
709      * normalize the upper registers
710      */
711 }
712 
713 static const MemoryRegionOps dma_ops = {
714     .read = dma_readl,
715     .write = dma_writel,
716     .impl.min_access_size = 4,
717     .valid.min_access_size = 4,
718     .valid.max_access_size = 4,
719     .endianness = DEVICE_NATIVE_ENDIAN,
720 };
721 
722 /*
723  * TODO: set the shift numbers as values in the enum, so the first switch
724  * will not be needed
725  */
next_irq(void * opaque,int number,int level)726 void next_irq(void *opaque, int number, int level)
727 {
728     M68kCPU *cpu = opaque;
729     int shift = 0;
730     NeXTState *ns = NEXT_MACHINE(qdev_get_machine());
731 
732     /* first switch sets interupt status */
733     /* DPRINTF("IRQ %i\n",number); */
734     switch (number) {
735     /* level 3 - floppy, kbd/mouse, power, ether rx/tx, scsi, clock */
736     case NEXT_FD_I:
737         shift = 7;;
738         break;
739     case NEXT_KBD_I:
740         shift = 3;
741         break;
742     case NEXT_PWR_I:
743         shift = 2;
744         break;
745     case NEXT_ENRX_I:
746         shift = 9;
747         break;
748     case NEXT_ENTX_I:
749         shift = 10;
750         break;
751     case NEXT_SCSI_I:
752         shift = 12;
753         break;
754     case NEXT_CLK_I:
755         shift = 5;
756         break;
757 
758     /* level 5 - scc (serial) */
759     case NEXT_SCC_I:
760         shift = 17;
761         break;
762 
763     /* level 6 - audio etherrx/tx dma */
764     case NEXT_ENTX_DMA_I:
765         shift = 28;
766         break;
767     case NEXT_ENRX_DMA_I:
768         shift = 27;
769         break;
770     case NEXT_SCSI_DMA_I:
771         shift = 26;
772         break;
773     case NEXT_SND_I:
774         shift = 23;
775         break;
776     case NEXT_SCC_DMA_I:
777         shift = 21;
778         break;
779 
780     }
781     /*
782      * this HAS to be wrong, the interrupt handlers in mach and together
783      * int_status and int_mask and return if there is a hit
784      */
785     if (ns->int_mask & (1 << shift)) {
786         DPRINTF("%x interrupt masked @ %x\n", 1 << shift, cpu->env.pc);
787         /* return; */
788     }
789 
790     /* second switch triggers the correct interrupt */
791     if (level) {
792         ns->int_status |= 1 << shift;
793 
794         switch (number) {
795         /* level 3 - floppy, kbd/mouse, power, ether rx/tx, scsi, clock */
796         case NEXT_FD_I:
797         case NEXT_KBD_I:
798         case NEXT_PWR_I:
799         case NEXT_ENRX_I:
800         case NEXT_ENTX_I:
801         case NEXT_SCSI_I:
802         case NEXT_CLK_I:
803             m68k_set_irq_level(cpu, 3, 27);
804             break;
805 
806         /* level 5 - scc (serial) */
807         case NEXT_SCC_I:
808             m68k_set_irq_level(cpu, 5, 29);
809             break;
810 
811         /* level 6 - audio etherrx/tx dma */
812         case NEXT_ENTX_DMA_I:
813         case NEXT_ENRX_DMA_I:
814         case NEXT_SCSI_DMA_I:
815         case NEXT_SND_I:
816         case NEXT_SCC_DMA_I:
817             m68k_set_irq_level(cpu, 6, 30);
818             break;
819         }
820     } else {
821         ns->int_status &= ~(1 << shift);
822         cpu_reset_interrupt(CPU(cpu), CPU_INTERRUPT_HARD);
823     }
824 }
825 
next_serial_irq(void * opaque,int n,int level)826 static void next_serial_irq(void *opaque, int n, int level)
827 {
828     /* DPRINTF("SCC IRQ NUM %i\n",n); */
829     if (n) {
830         next_irq(opaque, NEXT_SCC_DMA_I, level);
831     } else {
832         next_irq(opaque, NEXT_SCC_I, level);
833     }
834 }
835 
next_escc_init(M68kCPU * cpu)836 static void next_escc_init(M68kCPU *cpu)
837 {
838     qemu_irq *ser_irq = qemu_allocate_irqs(next_serial_irq, cpu, 2);
839     DeviceState *dev;
840     SysBusDevice *s;
841 
842     dev = qdev_create(NULL, TYPE_ESCC);
843     qdev_prop_set_uint32(dev, "disabled", 0);
844     qdev_prop_set_uint32(dev, "frequency", 9600 * 384);
845     qdev_prop_set_uint32(dev, "it_shift", 0);
846     qdev_prop_set_bit(dev, "bit_swap", true);
847     qdev_prop_set_chr(dev, "chrB", serial_hd(1));
848     qdev_prop_set_chr(dev, "chrA", serial_hd(0));
849     qdev_prop_set_uint32(dev, "chnBtype", escc_serial);
850     qdev_prop_set_uint32(dev, "chnAtype", escc_serial);
851     qdev_init_nofail(dev);
852 
853     s = SYS_BUS_DEVICE(dev);
854     sysbus_connect_irq(s, 0, ser_irq[0]);
855     sysbus_connect_irq(s, 1,  ser_irq[1]);
856     sysbus_mmio_map(s, 0, 0x2118000);
857 }
858 
next_cube_init(MachineState * machine)859 static void next_cube_init(MachineState *machine)
860 {
861     M68kCPU *cpu;
862     CPUM68KState *env;
863     MemoryRegion *ram = g_new(MemoryRegion, 1);
864     MemoryRegion *rom = g_new(MemoryRegion, 1);
865     MemoryRegion *mmiomem = g_new(MemoryRegion, 1);
866     MemoryRegion *scrmem = g_new(MemoryRegion, 1);
867     MemoryRegion *dmamem = g_new(MemoryRegion, 1);
868     MemoryRegion *bmapm1 = g_new(MemoryRegion, 1);
869     MemoryRegion *bmapm2 = g_new(MemoryRegion, 1);
870     MemoryRegion *sysmem = get_system_memory();
871     NeXTState *ns = NEXT_MACHINE(machine);
872     DeviceState *dev;
873 
874     /* Initialize the cpu core */
875     cpu = M68K_CPU(cpu_create(machine->cpu_type));
876     if (!cpu) {
877         error_report("Unable to find m68k CPU definition");
878         exit(1);
879     }
880     env = &cpu->env;
881 
882     /* Initialize CPU registers.  */
883     env->vbr = 0;
884     env->sr  = 0x2700;
885 
886     /* Set internal registers to initial values */
887     /*     0x0000XX00 << vital bits */
888     ns->scr1 = 0x00011102;
889     ns->scr2 = 0x00ff0c80;
890     ns->rtc.status = 0x90;
891 
892     /* Load RTC RAM - TODO: provide possibility to load contents from file */
893     memcpy(ns->rtc.ram, rtc_ram2, 32);
894 
895     /* 64MB RAM starting at 0x04000000  */
896     memory_region_allocate_system_memory(ram, NULL, "next.ram", ram_size);
897     memory_region_add_subregion(sysmem, 0x04000000, ram);
898 
899     /* Framebuffer */
900     dev = qdev_create(NULL, TYPE_NEXTFB);
901     qdev_init_nofail(dev);
902     sysbus_mmio_map(SYS_BUS_DEVICE(dev), 0, 0x0B000000);
903 
904     /* MMIO */
905     memory_region_init_io(mmiomem, NULL, &mmio_ops, machine, "next.mmio",
906                           0xD0000);
907     memory_region_add_subregion(sysmem, 0x02000000, mmiomem);
908 
909     /* BMAP memory */
910     memory_region_init_ram_shared_nomigrate(bmapm1, NULL, "next.bmapmem", 64,
911                                             true, &error_fatal);
912     memory_region_add_subregion(sysmem, 0x020c0000, bmapm1);
913     /* The Rev_2.5_v66.bin firmware accesses it at 0x820c0020, too */
914     memory_region_init_alias(bmapm2, NULL, "next.bmapmem2", bmapm1, 0x0, 64);
915     memory_region_add_subregion(sysmem, 0x820c0000, bmapm2);
916 
917     /* BMAP IO - acts as a catch-all for now */
918     memory_region_init_io(scrmem, NULL, &scr_ops, machine, "next.scr",
919                           0x20000);
920     memory_region_add_subregion(sysmem, 0x02100000, scrmem);
921 
922     /* KBD */
923     dev = qdev_create(NULL, TYPE_NEXTKBD);
924     qdev_init_nofail(dev);
925     sysbus_mmio_map(SYS_BUS_DEVICE(dev), 0, 0x0200e000);
926 
927     /* Load ROM here */
928     if (bios_name == NULL) {
929         bios_name = ROM_FILE;
930     }
931     /* still not sure if the rom should also be mapped at 0x0*/
932     memory_region_init_rom(rom, NULL, "next.rom", 0x20000, &error_fatal);
933     memory_region_add_subregion(sysmem, 0x01000000, rom);
934     if (load_image_targphys(bios_name, 0x01000000, 0x20000) < 8) {
935         if (!qtest_enabled()) {
936             error_report("Failed to load firmware '%s'.", bios_name);
937         }
938     } else {
939         uint8_t *ptr;
940         /* Initial PC is always at offset 4 in firmware binaries */
941         ptr = rom_ptr(0x01000004, 4);
942         g_assert(ptr != NULL);
943         env->pc = ldl_p(ptr);
944         if (env->pc >= 0x01020000) {
945             error_report("'%s' does not seem to be a valid firmware image.",
946                          bios_name);
947             exit(1);
948         }
949     }
950 
951     /* Serial */
952     next_escc_init(cpu);
953 
954     /* TODO: */
955     /* Network */
956     /* SCSI */
957 
958     /* DMA */
959     memory_region_init_io(dmamem, NULL, &dma_ops, machine, "next.dma", 0x5000);
960     memory_region_add_subregion(sysmem, 0x02000000, dmamem);
961 }
962 
next_machine_class_init(ObjectClass * oc,void * data)963 static void next_machine_class_init(ObjectClass *oc, void *data)
964 {
965     MachineClass *mc = MACHINE_CLASS(oc);
966 
967     mc->desc = "NeXT Cube";
968     mc->init = next_cube_init;
969     mc->default_ram_size = RAM_SIZE;
970     mc->default_cpu_type = M68K_CPU_TYPE_NAME("m68040");
971 }
972 
973 static const TypeInfo next_typeinfo = {
974     .name = TYPE_NEXT_MACHINE,
975     .parent = TYPE_MACHINE,
976     .class_init = next_machine_class_init,
977     .instance_size = sizeof(NeXTState),
978 };
979 
next_register_type(void)980 static void next_register_type(void)
981 {
982     type_register_static(&next_typeinfo);
983 }
984 
985 type_init(next_register_type)
986