1 /*
2 * NeXT Cube System Driver
3 *
4 * Copyright (c) 2011 Bryce Lanham
5 *
6 * This code is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published
8 * by the Free Software Foundation; either version 2 of the License,
9 * or (at your option) any later version.
10 */
11
12 #include "qemu/osdep.h"
13 #include "cpu.h"
14 #include "exec/hwaddr.h"
15 #include "exec/address-spaces.h"
16 #include "sysemu/sysemu.h"
17 #include "sysemu/qtest.h"
18 #include "hw/irq.h"
19 #include "hw/m68k/next-cube.h"
20 #include "hw/boards.h"
21 #include "hw/loader.h"
22 #include "hw/scsi/esp.h"
23 #include "hw/sysbus.h"
24 #include "qom/object.h"
25 #include "hw/char/escc.h" /* ZILOG 8530 Serial Emulation */
26 #include "hw/block/fdc.h"
27 #include "hw/qdev-properties.h"
28 #include "qapi/error.h"
29 #include "ui/console.h"
30 #include "target/m68k/cpu.h"
31
32 /* #define DEBUG_NEXT */
33 #ifdef DEBUG_NEXT
34 #define DPRINTF(fmt, ...) \
35 do { printf("NeXT: " fmt , ## __VA_ARGS__); } while (0)
36 #else
37 #define DPRINTF(fmt, ...) do { } while (0)
38 #endif
39
40 #define TYPE_NEXT_MACHINE MACHINE_TYPE_NAME("next-cube")
41 OBJECT_DECLARE_SIMPLE_TYPE(NeXTState, NEXT_MACHINE)
42
43 #define ENTRY 0x0100001e
44 #define RAM_SIZE 0x4000000
45 #define ROM_FILE "Rev_2.5_v66.bin"
46
47 typedef struct next_dma {
48 uint32_t csr;
49
50 uint32_t saved_next;
51 uint32_t saved_limit;
52 uint32_t saved_start;
53 uint32_t saved_stop;
54
55 uint32_t next;
56 uint32_t limit;
57 uint32_t start;
58 uint32_t stop;
59
60 uint32_t next_initbuf;
61 uint32_t size;
62 } next_dma;
63
64 typedef struct NextRtc {
65 uint8_t ram[32];
66 uint8_t command;
67 uint8_t value;
68 uint8_t status;
69 uint8_t control;
70 uint8_t retval;
71 } NextRtc;
72
73 struct NeXTState {
74 MachineState parent;
75
76 uint32_t int_mask;
77 uint32_t int_status;
78
79 uint8_t scsi_csr_1;
80 uint8_t scsi_csr_2;
81 next_dma dma[10];
82 qemu_irq *scsi_irq;
83 qemu_irq scsi_dma;
84 qemu_irq scsi_reset;
85 qemu_irq *fd_irq;
86
87 uint32_t scr1;
88 uint32_t scr2;
89
90 NextRtc rtc;
91 };
92
93 /* Thanks to NeXT forums for this */
94 /*
95 static const uint8_t rtc_ram3[32] = {
96 0x94, 0x0f, 0x40, 0x00, 0x00, 0x00, 0x00, 0x00,
97 0x00, 0x00, 0xfb, 0x6d, 0x00, 0x00, 0x7B, 0x00,
98 0x00, 0x00, 0x65, 0x6e, 0x00, 0x00, 0x00, 0x00,
99 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x50, 0x13
100 };
101 */
102 static const uint8_t rtc_ram2[32] = {
103 0x94, 0x0f, 0x40, 0x03, 0x00, 0x00, 0x00, 0x00,
104 0x00, 0x00, 0xfb, 0x6d, 0x00, 0x00, 0x4b, 0x00,
105 0x41, 0x00, 0x20, 0x00, 0x00, 0x00, 0x00, 0x00,
106 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x84, 0x7e,
107 };
108
109 #define SCR2_RTCLK 0x2
110 #define SCR2_RTDATA 0x4
111 #define SCR2_TOBCD(x) (((x / 10) << 4) + (x % 10))
112
nextscr2_write(NeXTState * s,uint32_t val,int size)113 static void nextscr2_write(NeXTState *s, uint32_t val, int size)
114 {
115 static int led;
116 static int phase;
117 static uint8_t old_scr2;
118 uint8_t scr2_2;
119 NextRtc *rtc = &s->rtc;
120
121 if (size == 4) {
122 scr2_2 = (val >> 8) & 0xFF;
123 } else {
124 scr2_2 = val & 0xFF;
125 }
126
127 if (val & 0x1) {
128 DPRINTF("fault!\n");
129 led++;
130 if (led == 10) {
131 DPRINTF("LED flashing, possible fault!\n");
132 led = 0;
133 }
134 }
135
136 if (scr2_2 & 0x1) {
137 /* DPRINTF("RTC %x phase %i\n", scr2_2, phase); */
138 if (phase == -1) {
139 phase = 0;
140 }
141 /* If we are in going down clock... do something */
142 if (((old_scr2 & SCR2_RTCLK) != (scr2_2 & SCR2_RTCLK)) &&
143 ((scr2_2 & SCR2_RTCLK) == 0)) {
144 if (phase < 8) {
145 rtc->command = (rtc->command << 1) |
146 ((scr2_2 & SCR2_RTDATA) ? 1 : 0);
147 }
148 if (phase >= 8 && phase < 16) {
149 rtc->value = (rtc->value << 1) |
150 ((scr2_2 & SCR2_RTDATA) ? 1 : 0);
151
152 /* if we read RAM register, output RT_DATA bit */
153 if (rtc->command <= 0x1F) {
154 scr2_2 = scr2_2 & (~SCR2_RTDATA);
155 if (rtc->ram[rtc->command] & (0x80 >> (phase - 8))) {
156 scr2_2 |= SCR2_RTDATA;
157 }
158
159 rtc->retval = (rtc->retval << 1) |
160 ((scr2_2 & SCR2_RTDATA) ? 1 : 0);
161 }
162 /* read the status 0x30 */
163 if (rtc->command == 0x30) {
164 scr2_2 = scr2_2 & (~SCR2_RTDATA);
165 /* for now status = 0x98 (new rtc + FTU) */
166 if (rtc->status & (0x80 >> (phase - 8))) {
167 scr2_2 |= SCR2_RTDATA;
168 }
169
170 rtc->retval = (rtc->retval << 1) |
171 ((scr2_2 & SCR2_RTDATA) ? 1 : 0);
172 }
173 /* read the status 0x31 */
174 if (rtc->command == 0x31) {
175 scr2_2 = scr2_2 & (~SCR2_RTDATA);
176 if (rtc->control & (0x80 >> (phase - 8))) {
177 scr2_2 |= SCR2_RTDATA;
178 }
179 rtc->retval = (rtc->retval << 1) |
180 ((scr2_2 & SCR2_RTDATA) ? 1 : 0);
181 }
182
183 if ((rtc->command >= 0x20) && (rtc->command <= 0x2F)) {
184 scr2_2 = scr2_2 & (~SCR2_RTDATA);
185 /* for now 0x00 */
186 time_t time_h = time(NULL);
187 struct tm *info = localtime(&time_h);
188 int ret = 0;
189
190 switch (rtc->command) {
191 case 0x20:
192 ret = SCR2_TOBCD(info->tm_sec);
193 break;
194 case 0x21:
195 ret = SCR2_TOBCD(info->tm_min);
196 break;
197 case 0x22:
198 ret = SCR2_TOBCD(info->tm_hour);
199 break;
200 case 0x24:
201 ret = SCR2_TOBCD(info->tm_mday);
202 break;
203 case 0x25:
204 ret = SCR2_TOBCD((info->tm_mon + 1));
205 break;
206 case 0x26:
207 ret = SCR2_TOBCD((info->tm_year - 100));
208 break;
209
210 }
211
212 if (ret & (0x80 >> (phase - 8))) {
213 scr2_2 |= SCR2_RTDATA;
214 }
215 rtc->retval = (rtc->retval << 1) |
216 ((scr2_2 & SCR2_RTDATA) ? 1 : 0);
217 }
218
219 }
220
221 phase++;
222 if (phase == 16) {
223 if (rtc->command >= 0x80 && rtc->command <= 0x9F) {
224 rtc->ram[rtc->command - 0x80] = rtc->value;
225 }
226 /* write to x30 register */
227 if (rtc->command == 0xB1) {
228 /* clear FTU */
229 if (rtc->value & 0x04) {
230 rtc->status = rtc->status & (~0x18);
231 s->int_status = s->int_status & (~0x04);
232 }
233 }
234 }
235 }
236 } else {
237 /* else end or abort */
238 phase = -1;
239 rtc->command = 0;
240 rtc->value = 0;
241 }
242 s->scr2 = val & 0xFFFF00FF;
243 s->scr2 |= scr2_2 << 8;
244 old_scr2 = scr2_2;
245 }
246
mmio_readb(NeXTState * s,hwaddr addr)247 static uint32_t mmio_readb(NeXTState *s, hwaddr addr)
248 {
249 switch (addr) {
250 case 0xc000:
251 return (s->scr1 >> 24) & 0xFF;
252 case 0xc001:
253 return (s->scr1 >> 16) & 0xFF;
254 case 0xc002:
255 return (s->scr1 >> 8) & 0xFF;
256 case 0xc003:
257 return (s->scr1 >> 0) & 0xFF;
258
259 case 0xd000:
260 return (s->scr2 >> 24) & 0xFF;
261 case 0xd001:
262 return (s->scr2 >> 16) & 0xFF;
263 case 0xd002:
264 return (s->scr2 >> 8) & 0xFF;
265 case 0xd003:
266 return (s->scr2 >> 0) & 0xFF;
267 case 0x14020:
268 DPRINTF("MMIO Read 0x4020\n");
269 return 0x7f;
270
271 default:
272 DPRINTF("MMIO Read B @ %"HWADDR_PRIx"\n", addr);
273 return 0x0;
274 }
275 }
276
mmio_readw(NeXTState * s,hwaddr addr)277 static uint32_t mmio_readw(NeXTState *s, hwaddr addr)
278 {
279 switch (addr) {
280 default:
281 DPRINTF("MMIO Read W @ %"HWADDR_PRIx"\n", addr);
282 return 0x0;
283 }
284 }
285
mmio_readl(NeXTState * s,hwaddr addr)286 static uint32_t mmio_readl(NeXTState *s, hwaddr addr)
287 {
288 switch (addr) {
289 case 0x7000:
290 /* DPRINTF("Read INT status: %x\n", s->int_status); */
291 return s->int_status;
292
293 case 0x7800:
294 DPRINTF("MMIO Read INT mask: %x\n", s->int_mask);
295 return s->int_mask;
296
297 case 0xc000:
298 return s->scr1;
299
300 case 0xd000:
301 return s->scr2;
302
303 default:
304 DPRINTF("MMIO Read L @ %"HWADDR_PRIx"\n", addr);
305 return 0x0;
306 }
307 }
308
mmio_writeb(NeXTState * s,hwaddr addr,uint32_t val)309 static void mmio_writeb(NeXTState *s, hwaddr addr, uint32_t val)
310 {
311 switch (addr) {
312 case 0xd003:
313 nextscr2_write(s, val, 1);
314 break;
315 default:
316 DPRINTF("MMIO Write B @ %x with %x\n", (unsigned int)addr, val);
317 }
318
319 }
320
mmio_writew(NeXTState * s,hwaddr addr,uint32_t val)321 static void mmio_writew(NeXTState *s, hwaddr addr, uint32_t val)
322 {
323 DPRINTF("MMIO Write W\n");
324 }
325
mmio_writel(NeXTState * s,hwaddr addr,uint32_t val)326 static void mmio_writel(NeXTState *s, hwaddr addr, uint32_t val)
327 {
328 switch (addr) {
329 case 0x7000:
330 DPRINTF("INT Status old: %x new: %x\n", s->int_status, val);
331 s->int_status = val;
332 break;
333 case 0x7800:
334 DPRINTF("INT Mask old: %x new: %x\n", s->int_mask, val);
335 s->int_mask = val;
336 break;
337 case 0xc000:
338 DPRINTF("SCR1 Write: %x\n", val);
339 break;
340 case 0xd000:
341 nextscr2_write(s, val, 4);
342 break;
343
344 default:
345 DPRINTF("MMIO Write l @ %x with %x\n", (unsigned int)addr, val);
346 }
347 }
348
mmio_readfn(void * opaque,hwaddr addr,unsigned size)349 static uint64_t mmio_readfn(void *opaque, hwaddr addr, unsigned size)
350 {
351 NeXTState *ns = NEXT_MACHINE(opaque);
352
353 switch (size) {
354 case 1:
355 return mmio_readb(ns, addr);
356 case 2:
357 return mmio_readw(ns, addr);
358 case 4:
359 return mmio_readl(ns, addr);
360 default:
361 g_assert_not_reached();
362 }
363 }
364
mmio_writefn(void * opaque,hwaddr addr,uint64_t value,unsigned size)365 static void mmio_writefn(void *opaque, hwaddr addr, uint64_t value,
366 unsigned size)
367 {
368 NeXTState *ns = NEXT_MACHINE(opaque);
369
370 switch (size) {
371 case 1:
372 mmio_writeb(ns, addr, value);
373 break;
374 case 2:
375 mmio_writew(ns, addr, value);
376 break;
377 case 4:
378 mmio_writel(ns, addr, value);
379 break;
380 default:
381 g_assert_not_reached();
382 }
383 }
384
385 static const MemoryRegionOps mmio_ops = {
386 .read = mmio_readfn,
387 .write = mmio_writefn,
388 .valid.min_access_size = 1,
389 .valid.max_access_size = 4,
390 .endianness = DEVICE_NATIVE_ENDIAN,
391 };
392
scr_readb(NeXTState * s,hwaddr addr)393 static uint32_t scr_readb(NeXTState *s, hwaddr addr)
394 {
395 switch (addr) {
396 case 0x14108:
397 DPRINTF("FD read @ %x\n", (unsigned int)addr);
398 return 0x40 | 0x04 | 0x2 | 0x1;
399 case 0x14020:
400 DPRINTF("SCSI 4020 STATUS READ %X\n", s->scsi_csr_1);
401 return s->scsi_csr_1;
402
403 case 0x14021:
404 DPRINTF("SCSI 4021 STATUS READ %X\n", s->scsi_csr_2);
405 return 0x40;
406
407 /*
408 * These 4 registers are the hardware timer, not sure which register
409 * is the latch instead of data, but no problems so far
410 */
411 case 0x1a000:
412 return 0xff & (clock() >> 24);
413 case 0x1a001:
414 return 0xff & (clock() >> 16);
415 case 0x1a002:
416 return 0xff & (clock() >> 8);
417 case 0x1a003:
418 /* Hack: We need to have this change consistently to make it work */
419 return 0xFF & clock();
420
421 default:
422 DPRINTF("BMAP Read B @ %x\n", (unsigned int)addr);
423 return 0;
424 }
425 }
426
scr_readw(NeXTState * s,hwaddr addr)427 static uint32_t scr_readw(NeXTState *s, hwaddr addr)
428 {
429 DPRINTF("BMAP Read W @ %x\n", (unsigned int)addr);
430 return 0;
431 }
432
scr_readl(NeXTState * s,hwaddr addr)433 static uint32_t scr_readl(NeXTState *s, hwaddr addr)
434 {
435 DPRINTF("BMAP Read L @ %x\n", (unsigned int)addr);
436 return 0;
437 }
438
439 #define SCSICSR_ENABLE 0x01
440 #define SCSICSR_RESET 0x02 /* reset scsi dma */
441 #define SCSICSR_FIFOFL 0x04
442 #define SCSICSR_DMADIR 0x08 /* if set, scsi to mem */
443 #define SCSICSR_CPUDMA 0x10 /* if set, dma enabled */
444 #define SCSICSR_INTMASK 0x20 /* if set, interrupt enabled */
445
scr_writeb(NeXTState * s,hwaddr addr,uint32_t value)446 static void scr_writeb(NeXTState *s, hwaddr addr, uint32_t value)
447 {
448 switch (addr) {
449 case 0x14108:
450 DPRINTF("FDCSR Write: %x\n", value);
451
452 if (value == 0x0) {
453 /* qemu_irq_raise(s->fd_irq[0]); */
454 }
455 break;
456 case 0x14020: /* SCSI Control Register */
457 if (value & SCSICSR_FIFOFL) {
458 DPRINTF("SCSICSR FIFO Flush\n");
459 /* will have to add another irq to the esp if this is needed */
460 /* esp_puflush_fifo(esp_g); */
461 /* qemu_irq_pulse(s->scsi_dma); */
462 }
463
464 if (value & SCSICSR_ENABLE) {
465 DPRINTF("SCSICSR Enable\n");
466 /*
467 * qemu_irq_raise(s->scsi_dma);
468 * s->scsi_csr_1 = 0xc0;
469 * s->scsi_csr_1 |= 0x1;
470 * qemu_irq_pulse(s->scsi_dma);
471 */
472 }
473 /*
474 * else
475 * s->scsi_csr_1 &= ~SCSICSR_ENABLE;
476 */
477
478 if (value & SCSICSR_RESET) {
479 DPRINTF("SCSICSR Reset\n");
480 /* I think this should set DMADIR. CPUDMA and INTMASK to 0 */
481 /* qemu_irq_raise(s->scsi_reset); */
482 /* s->scsi_csr_1 &= ~(SCSICSR_INTMASK |0x80|0x1); */
483
484 }
485 if (value & SCSICSR_DMADIR) {
486 DPRINTF("SCSICSR DMAdir\n");
487 }
488 if (value & SCSICSR_CPUDMA) {
489 DPRINTF("SCSICSR CPUDMA\n");
490 /* qemu_irq_raise(s->scsi_dma); */
491
492 s->int_status |= 0x4000000;
493 } else {
494 s->int_status &= ~(0x4000000);
495 }
496 if (value & SCSICSR_INTMASK) {
497 DPRINTF("SCSICSR INTMASK\n");
498 /*
499 * int_mask &= ~0x1000;
500 * s->scsi_csr_1 |= value;
501 * s->scsi_csr_1 &= ~SCSICSR_INTMASK;
502 * if (s->scsi_queued) {
503 * s->scsi_queued = 0;
504 * next_irq(s, NEXT_SCSI_I, level);
505 * }
506 */
507 } else {
508 /* int_mask |= 0x1000; */
509 }
510 if (value & 0x80) {
511 /* int_mask |= 0x1000; */
512 /* s->scsi_csr_1 |= 0x80; */
513 }
514 DPRINTF("SCSICSR Write: %x\n", value);
515 /* s->scsi_csr_1 = value; */
516 return;
517 /* Hardware timer latch - not implemented yet */
518 case 0x1a000:
519 default:
520 DPRINTF("BMAP Write B @ %x with %x\n", (unsigned int)addr, value);
521 }
522 }
523
scr_writew(NeXTState * s,hwaddr addr,uint32_t value)524 static void scr_writew(NeXTState *s, hwaddr addr, uint32_t value)
525 {
526 DPRINTF("BMAP Write W @ %x with %x\n", (unsigned int)addr, value);
527 }
528
scr_writel(NeXTState * s,hwaddr addr,uint32_t value)529 static void scr_writel(NeXTState *s, hwaddr addr, uint32_t value)
530 {
531 DPRINTF("BMAP Write L @ %x with %x\n", (unsigned int)addr, value);
532 }
533
scr_readfn(void * opaque,hwaddr addr,unsigned size)534 static uint64_t scr_readfn(void *opaque, hwaddr addr, unsigned size)
535 {
536 NeXTState *ns = NEXT_MACHINE(opaque);
537
538 switch (size) {
539 case 1:
540 return scr_readb(ns, addr);
541 case 2:
542 return scr_readw(ns, addr);
543 case 4:
544 return scr_readl(ns, addr);
545 default:
546 g_assert_not_reached();
547 }
548 }
549
scr_writefn(void * opaque,hwaddr addr,uint64_t value,unsigned size)550 static void scr_writefn(void *opaque, hwaddr addr, uint64_t value,
551 unsigned size)
552 {
553 NeXTState *ns = NEXT_MACHINE(opaque);
554
555 switch (size) {
556 case 1:
557 scr_writeb(ns, addr, value);
558 break;
559 case 2:
560 scr_writew(ns, addr, value);
561 break;
562 case 4:
563 scr_writel(ns, addr, value);
564 break;
565 default:
566 g_assert_not_reached();
567 }
568 }
569
570 static const MemoryRegionOps scr_ops = {
571 .read = scr_readfn,
572 .write = scr_writefn,
573 .valid.min_access_size = 1,
574 .valid.max_access_size = 4,
575 .endianness = DEVICE_NATIVE_ENDIAN,
576 };
577
578 #define NEXTDMA_SCSI(x) (0x10 + x)
579 #define NEXTDMA_FD(x) (0x10 + x)
580 #define NEXTDMA_ENTX(x) (0x110 + x)
581 #define NEXTDMA_ENRX(x) (0x150 + x)
582 #define NEXTDMA_CSR 0x0
583 #define NEXTDMA_NEXT 0x4000
584 #define NEXTDMA_LIMIT 0x4004
585 #define NEXTDMA_START 0x4008
586 #define NEXTDMA_STOP 0x400c
587 #define NEXTDMA_NEXT_INIT 0x4200
588 #define NEXTDMA_SIZE 0x4204
589
dma_writel(void * opaque,hwaddr addr,uint64_t value,unsigned int size)590 static void dma_writel(void *opaque, hwaddr addr, uint64_t value,
591 unsigned int size)
592 {
593 NeXTState *next_state = NEXT_MACHINE(opaque);
594
595 switch (addr) {
596 case NEXTDMA_ENRX(NEXTDMA_CSR):
597 if (value & DMA_DEV2M) {
598 next_state->dma[NEXTDMA_ENRX].csr |= DMA_DEV2M;
599 }
600
601 if (value & DMA_SETENABLE) {
602 /* DPRINTF("SCSI DMA ENABLE\n"); */
603 next_state->dma[NEXTDMA_ENRX].csr |= DMA_ENABLE;
604 }
605 if (value & DMA_SETSUPDATE) {
606 next_state->dma[NEXTDMA_ENRX].csr |= DMA_SUPDATE;
607 }
608 if (value & DMA_CLRCOMPLETE) {
609 next_state->dma[NEXTDMA_ENRX].csr &= ~DMA_COMPLETE;
610 }
611
612 if (value & DMA_RESET) {
613 next_state->dma[NEXTDMA_ENRX].csr &= ~(DMA_COMPLETE | DMA_SUPDATE |
614 DMA_ENABLE | DMA_DEV2M);
615 }
616 /* DPRINTF("RXCSR \tWrite: %x\n",value); */
617 break;
618 case NEXTDMA_ENRX(NEXTDMA_NEXT_INIT):
619 next_state->dma[NEXTDMA_ENRX].next_initbuf = value;
620 break;
621 case NEXTDMA_ENRX(NEXTDMA_NEXT):
622 next_state->dma[NEXTDMA_ENRX].next = value;
623 break;
624 case NEXTDMA_ENRX(NEXTDMA_LIMIT):
625 next_state->dma[NEXTDMA_ENRX].limit = value;
626 break;
627 case NEXTDMA_SCSI(NEXTDMA_CSR):
628 if (value & DMA_DEV2M) {
629 next_state->dma[NEXTDMA_SCSI].csr |= DMA_DEV2M;
630 }
631 if (value & DMA_SETENABLE) {
632 /* DPRINTF("SCSI DMA ENABLE\n"); */
633 next_state->dma[NEXTDMA_SCSI].csr |= DMA_ENABLE;
634 }
635 if (value & DMA_SETSUPDATE) {
636 next_state->dma[NEXTDMA_SCSI].csr |= DMA_SUPDATE;
637 }
638 if (value & DMA_CLRCOMPLETE) {
639 next_state->dma[NEXTDMA_SCSI].csr &= ~DMA_COMPLETE;
640 }
641
642 if (value & DMA_RESET) {
643 next_state->dma[NEXTDMA_SCSI].csr &= ~(DMA_COMPLETE | DMA_SUPDATE |
644 DMA_ENABLE | DMA_DEV2M);
645 /* DPRINTF("SCSI DMA RESET\n"); */
646 }
647 /* DPRINTF("RXCSR \tWrite: %x\n",value); */
648 break;
649
650 case NEXTDMA_SCSI(NEXTDMA_NEXT):
651 next_state->dma[NEXTDMA_SCSI].next = value;
652 break;
653
654 case NEXTDMA_SCSI(NEXTDMA_LIMIT):
655 next_state->dma[NEXTDMA_SCSI].limit = value;
656 break;
657
658 case NEXTDMA_SCSI(NEXTDMA_START):
659 next_state->dma[NEXTDMA_SCSI].start = value;
660 break;
661
662 case NEXTDMA_SCSI(NEXTDMA_STOP):
663 next_state->dma[NEXTDMA_SCSI].stop = value;
664 break;
665
666 case NEXTDMA_SCSI(NEXTDMA_NEXT_INIT):
667 next_state->dma[NEXTDMA_SCSI].next_initbuf = value;
668 break;
669
670 default:
671 DPRINTF("DMA write @ %x w/ %x\n", (unsigned)addr, (unsigned)value);
672 }
673 }
674
dma_readl(void * opaque,hwaddr addr,unsigned int size)675 static uint64_t dma_readl(void *opaque, hwaddr addr, unsigned int size)
676 {
677 NeXTState *next_state = NEXT_MACHINE(opaque);
678
679 switch (addr) {
680 case NEXTDMA_SCSI(NEXTDMA_CSR):
681 DPRINTF("SCSI DMA CSR READ\n");
682 return next_state->dma[NEXTDMA_SCSI].csr;
683 case NEXTDMA_ENRX(NEXTDMA_CSR):
684 return next_state->dma[NEXTDMA_ENRX].csr;
685 case NEXTDMA_ENRX(NEXTDMA_NEXT_INIT):
686 return next_state->dma[NEXTDMA_ENRX].next_initbuf;
687 case NEXTDMA_ENRX(NEXTDMA_NEXT):
688 return next_state->dma[NEXTDMA_ENRX].next;
689 case NEXTDMA_ENRX(NEXTDMA_LIMIT):
690 return next_state->dma[NEXTDMA_ENRX].limit;
691
692 case NEXTDMA_SCSI(NEXTDMA_NEXT):
693 return next_state->dma[NEXTDMA_SCSI].next;
694 case NEXTDMA_SCSI(NEXTDMA_NEXT_INIT):
695 return next_state->dma[NEXTDMA_SCSI].next_initbuf;
696 case NEXTDMA_SCSI(NEXTDMA_LIMIT):
697 return next_state->dma[NEXTDMA_SCSI].limit;
698 case NEXTDMA_SCSI(NEXTDMA_START):
699 return next_state->dma[NEXTDMA_SCSI].start;
700 case NEXTDMA_SCSI(NEXTDMA_STOP):
701 return next_state->dma[NEXTDMA_SCSI].stop;
702
703 default:
704 DPRINTF("DMA read @ %x\n", (unsigned int)addr);
705 return 0;
706 }
707
708 /*
709 * once the csr's are done, subtract 0x3FEC from the addr, and that will
710 * normalize the upper registers
711 */
712 }
713
714 static const MemoryRegionOps dma_ops = {
715 .read = dma_readl,
716 .write = dma_writel,
717 .impl.min_access_size = 4,
718 .valid.min_access_size = 4,
719 .valid.max_access_size = 4,
720 .endianness = DEVICE_NATIVE_ENDIAN,
721 };
722
723 /*
724 * TODO: set the shift numbers as values in the enum, so the first switch
725 * will not be needed
726 */
next_irq(void * opaque,int number,int level)727 void next_irq(void *opaque, int number, int level)
728 {
729 M68kCPU *cpu = opaque;
730 int shift = 0;
731 NeXTState *ns = NEXT_MACHINE(qdev_get_machine());
732
733 /* first switch sets interupt status */
734 /* DPRINTF("IRQ %i\n",number); */
735 switch (number) {
736 /* level 3 - floppy, kbd/mouse, power, ether rx/tx, scsi, clock */
737 case NEXT_FD_I:
738 shift = 7;
739 break;
740 case NEXT_KBD_I:
741 shift = 3;
742 break;
743 case NEXT_PWR_I:
744 shift = 2;
745 break;
746 case NEXT_ENRX_I:
747 shift = 9;
748 break;
749 case NEXT_ENTX_I:
750 shift = 10;
751 break;
752 case NEXT_SCSI_I:
753 shift = 12;
754 break;
755 case NEXT_CLK_I:
756 shift = 5;
757 break;
758
759 /* level 5 - scc (serial) */
760 case NEXT_SCC_I:
761 shift = 17;
762 break;
763
764 /* level 6 - audio etherrx/tx dma */
765 case NEXT_ENTX_DMA_I:
766 shift = 28;
767 break;
768 case NEXT_ENRX_DMA_I:
769 shift = 27;
770 break;
771 case NEXT_SCSI_DMA_I:
772 shift = 26;
773 break;
774 case NEXT_SND_I:
775 shift = 23;
776 break;
777 case NEXT_SCC_DMA_I:
778 shift = 21;
779 break;
780
781 }
782 /*
783 * this HAS to be wrong, the interrupt handlers in mach and together
784 * int_status and int_mask and return if there is a hit
785 */
786 if (ns->int_mask & (1 << shift)) {
787 DPRINTF("%x interrupt masked @ %x\n", 1 << shift, cpu->env.pc);
788 /* return; */
789 }
790
791 /* second switch triggers the correct interrupt */
792 if (level) {
793 ns->int_status |= 1 << shift;
794
795 switch (number) {
796 /* level 3 - floppy, kbd/mouse, power, ether rx/tx, scsi, clock */
797 case NEXT_FD_I:
798 case NEXT_KBD_I:
799 case NEXT_PWR_I:
800 case NEXT_ENRX_I:
801 case NEXT_ENTX_I:
802 case NEXT_SCSI_I:
803 case NEXT_CLK_I:
804 m68k_set_irq_level(cpu, 3, 27);
805 break;
806
807 /* level 5 - scc (serial) */
808 case NEXT_SCC_I:
809 m68k_set_irq_level(cpu, 5, 29);
810 break;
811
812 /* level 6 - audio etherrx/tx dma */
813 case NEXT_ENTX_DMA_I:
814 case NEXT_ENRX_DMA_I:
815 case NEXT_SCSI_DMA_I:
816 case NEXT_SND_I:
817 case NEXT_SCC_DMA_I:
818 m68k_set_irq_level(cpu, 6, 30);
819 break;
820 }
821 } else {
822 ns->int_status &= ~(1 << shift);
823 cpu_reset_interrupt(CPU(cpu), CPU_INTERRUPT_HARD);
824 }
825 }
826
next_serial_irq(void * opaque,int n,int level)827 static void next_serial_irq(void *opaque, int n, int level)
828 {
829 /* DPRINTF("SCC IRQ NUM %i\n",n); */
830 if (n) {
831 next_irq(opaque, NEXT_SCC_DMA_I, level);
832 } else {
833 next_irq(opaque, NEXT_SCC_I, level);
834 }
835 }
836
next_escc_init(M68kCPU * cpu)837 static void next_escc_init(M68kCPU *cpu)
838 {
839 qemu_irq *ser_irq = qemu_allocate_irqs(next_serial_irq, cpu, 2);
840 DeviceState *dev;
841 SysBusDevice *s;
842
843 dev = qdev_new(TYPE_ESCC);
844 qdev_prop_set_uint32(dev, "disabled", 0);
845 qdev_prop_set_uint32(dev, "frequency", 9600 * 384);
846 qdev_prop_set_uint32(dev, "it_shift", 0);
847 qdev_prop_set_bit(dev, "bit_swap", true);
848 qdev_prop_set_chr(dev, "chrB", serial_hd(1));
849 qdev_prop_set_chr(dev, "chrA", serial_hd(0));
850 qdev_prop_set_uint32(dev, "chnBtype", escc_serial);
851 qdev_prop_set_uint32(dev, "chnAtype", escc_serial);
852
853 s = SYS_BUS_DEVICE(dev);
854 sysbus_realize_and_unref(s, &error_fatal);
855 sysbus_connect_irq(s, 0, ser_irq[0]);
856 sysbus_connect_irq(s, 1, ser_irq[1]);
857 sysbus_mmio_map(s, 0, 0x2118000);
858 }
859
next_cube_init(MachineState * machine)860 static void next_cube_init(MachineState *machine)
861 {
862 M68kCPU *cpu;
863 CPUM68KState *env;
864 MemoryRegion *rom = g_new(MemoryRegion, 1);
865 MemoryRegion *mmiomem = g_new(MemoryRegion, 1);
866 MemoryRegion *scrmem = g_new(MemoryRegion, 1);
867 MemoryRegion *dmamem = g_new(MemoryRegion, 1);
868 MemoryRegion *bmapm1 = g_new(MemoryRegion, 1);
869 MemoryRegion *bmapm2 = g_new(MemoryRegion, 1);
870 MemoryRegion *sysmem = get_system_memory();
871 NeXTState *ns = NEXT_MACHINE(machine);
872 DeviceState *dev;
873
874 /* Initialize the cpu core */
875 cpu = M68K_CPU(cpu_create(machine->cpu_type));
876 if (!cpu) {
877 error_report("Unable to find m68k CPU definition");
878 exit(1);
879 }
880 env = &cpu->env;
881
882 /* Initialize CPU registers. */
883 env->vbr = 0;
884 env->sr = 0x2700;
885
886 /* Set internal registers to initial values */
887 /* 0x0000XX00 << vital bits */
888 ns->scr1 = 0x00011102;
889 ns->scr2 = 0x00ff0c80;
890 ns->rtc.status = 0x90;
891
892 /* Load RTC RAM - TODO: provide possibility to load contents from file */
893 memcpy(ns->rtc.ram, rtc_ram2, 32);
894
895 /* 64MB RAM starting at 0x04000000 */
896 memory_region_add_subregion(sysmem, 0x04000000, machine->ram);
897
898 /* Framebuffer */
899 dev = qdev_new(TYPE_NEXTFB);
900 sysbus_realize_and_unref(SYS_BUS_DEVICE(dev), &error_fatal);
901 sysbus_mmio_map(SYS_BUS_DEVICE(dev), 0, 0x0B000000);
902
903 /* MMIO */
904 memory_region_init_io(mmiomem, NULL, &mmio_ops, machine, "next.mmio",
905 0xD0000);
906 memory_region_add_subregion(sysmem, 0x02000000, mmiomem);
907
908 /* BMAP memory */
909 memory_region_init_ram_shared_nomigrate(bmapm1, NULL, "next.bmapmem", 64,
910 true, &error_fatal);
911 memory_region_add_subregion(sysmem, 0x020c0000, bmapm1);
912 /* The Rev_2.5_v66.bin firmware accesses it at 0x820c0020, too */
913 memory_region_init_alias(bmapm2, NULL, "next.bmapmem2", bmapm1, 0x0, 64);
914 memory_region_add_subregion(sysmem, 0x820c0000, bmapm2);
915
916 /* BMAP IO - acts as a catch-all for now */
917 memory_region_init_io(scrmem, NULL, &scr_ops, machine, "next.scr",
918 0x20000);
919 memory_region_add_subregion(sysmem, 0x02100000, scrmem);
920
921 /* KBD */
922 dev = qdev_new(TYPE_NEXTKBD);
923 sysbus_realize_and_unref(SYS_BUS_DEVICE(dev), &error_fatal);
924 sysbus_mmio_map(SYS_BUS_DEVICE(dev), 0, 0x0200e000);
925
926 /* Load ROM here */
927 if (bios_name == NULL) {
928 bios_name = ROM_FILE;
929 }
930 /* still not sure if the rom should also be mapped at 0x0*/
931 memory_region_init_rom(rom, NULL, "next.rom", 0x20000, &error_fatal);
932 memory_region_add_subregion(sysmem, 0x01000000, rom);
933 if (load_image_targphys(bios_name, 0x01000000, 0x20000) < 8) {
934 if (!qtest_enabled()) {
935 error_report("Failed to load firmware '%s'.", bios_name);
936 }
937 } else {
938 uint8_t *ptr;
939 /* Initial PC is always at offset 4 in firmware binaries */
940 ptr = rom_ptr(0x01000004, 4);
941 g_assert(ptr != NULL);
942 env->pc = ldl_p(ptr);
943 if (env->pc >= 0x01020000) {
944 error_report("'%s' does not seem to be a valid firmware image.",
945 bios_name);
946 exit(1);
947 }
948 }
949
950 /* Serial */
951 next_escc_init(cpu);
952
953 /* TODO: */
954 /* Network */
955 /* SCSI */
956
957 /* DMA */
958 memory_region_init_io(dmamem, NULL, &dma_ops, machine, "next.dma", 0x5000);
959 memory_region_add_subregion(sysmem, 0x02000000, dmamem);
960 }
961
next_machine_class_init(ObjectClass * oc,void * data)962 static void next_machine_class_init(ObjectClass *oc, void *data)
963 {
964 MachineClass *mc = MACHINE_CLASS(oc);
965
966 mc->desc = "NeXT Cube";
967 mc->init = next_cube_init;
968 mc->default_ram_size = RAM_SIZE;
969 mc->default_ram_id = "next.ram";
970 mc->default_cpu_type = M68K_CPU_TYPE_NAME("m68040");
971 }
972
973 static const TypeInfo next_typeinfo = {
974 .name = TYPE_NEXT_MACHINE,
975 .parent = TYPE_MACHINE,
976 .class_init = next_machine_class_init,
977 .instance_size = sizeof(NeXTState),
978 };
979
next_register_type(void)980 static void next_register_type(void)
981 {
982 type_register_static(&next_typeinfo);
983 }
984
985 type_init(next_register_type)
986