1 /*
2  * NeXT Cube System Driver
3  *
4  * Copyright (c) 2011 Bryce Lanham
5  *
6  * This code is free software; you can redistribute it and/or modify
7  * it under the terms of the GNU General Public License as published
8  * by the Free Software Foundation; either version 2 of the License,
9  * or (at your option) any later version.
10  */
11 
12 #include "qemu/osdep.h"
13 #include "cpu.h"
14 #include "exec/hwaddr.h"
15 #include "exec/address-spaces.h"
16 #include "sysemu/sysemu.h"
17 #include "sysemu/qtest.h"
18 #include "hw/irq.h"
19 #include "hw/m68k/next-cube.h"
20 #include "hw/boards.h"
21 #include "hw/loader.h"
22 #include "hw/scsi/esp.h"
23 #include "hw/sysbus.h"
24 #include "qom/object.h"
25 #include "hw/char/escc.h" /* ZILOG 8530 Serial Emulation */
26 #include "hw/block/fdc.h"
27 #include "hw/qdev-properties.h"
28 #include "qapi/error.h"
29 #include "ui/console.h"
30 #include "target/m68k/cpu.h"
31 
32 /* #define DEBUG_NEXT */
33 #ifdef DEBUG_NEXT
34 #define DPRINTF(fmt, ...) \
35     do { printf("NeXT: " fmt , ## __VA_ARGS__); } while (0)
36 #else
37 #define DPRINTF(fmt, ...) do { } while (0)
38 #endif
39 
40 #define TYPE_NEXT_MACHINE MACHINE_TYPE_NAME("next-cube")
41 OBJECT_DECLARE_SIMPLE_TYPE(NeXTState, NEXT_MACHINE)
42 
43 #define ENTRY       0x0100001e
44 #define RAM_SIZE    0x4000000
45 #define ROM_FILE    "Rev_2.5_v66.bin"
46 
47 typedef struct next_dma {
48     uint32_t csr;
49 
50     uint32_t saved_next;
51     uint32_t saved_limit;
52     uint32_t saved_start;
53     uint32_t saved_stop;
54 
55     uint32_t next;
56     uint32_t limit;
57     uint32_t start;
58     uint32_t stop;
59 
60     uint32_t next_initbuf;
61     uint32_t size;
62 } next_dma;
63 
64 typedef struct NextRtc {
65     uint8_t ram[32];
66     uint8_t command;
67     uint8_t value;
68     uint8_t status;
69     uint8_t control;
70     uint8_t retval;
71 } NextRtc;
72 
73 struct NeXTState {
74     MachineState parent;
75 
76     uint32_t int_mask;
77     uint32_t int_status;
78 
79     uint8_t scsi_csr_1;
80     uint8_t scsi_csr_2;
81     next_dma dma[10];
82     qemu_irq *scsi_irq;
83     qemu_irq scsi_dma;
84     qemu_irq scsi_reset;
85     qemu_irq *fd_irq;
86 
87     uint32_t scr1;
88     uint32_t scr2;
89 
90     NextRtc rtc;
91 };
92 
93 /* Thanks to NeXT forums for this */
94 /*
95 static const uint8_t rtc_ram3[32] = {
96     0x94, 0x0f, 0x40, 0x00, 0x00, 0x00, 0x00, 0x00,
97     0x00, 0x00, 0xfb, 0x6d, 0x00, 0x00, 0x7B, 0x00,
98     0x00, 0x00, 0x65, 0x6e, 0x00, 0x00, 0x00, 0x00,
99     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x50, 0x13
100 };
101 */
102 static const uint8_t rtc_ram2[32] = {
103     0x94, 0x0f, 0x40, 0x03, 0x00, 0x00, 0x00, 0x00,
104     0x00, 0x00, 0xfb, 0x6d, 0x00, 0x00, 0x4b, 0x00,
105     0x41, 0x00, 0x20, 0x00, 0x00, 0x00, 0x00, 0x00,
106     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x84, 0x7e,
107 };
108 
109 #define SCR2_RTCLK 0x2
110 #define SCR2_RTDATA 0x4
111 #define SCR2_TOBCD(x) (((x / 10) << 4) + (x % 10))
112 
nextscr2_write(NeXTState * s,uint32_t val,int size)113 static void nextscr2_write(NeXTState *s, uint32_t val, int size)
114 {
115     static int led;
116     static int phase;
117     static uint8_t old_scr2;
118     uint8_t scr2_2;
119     NextRtc *rtc = &s->rtc;
120 
121     if (size == 4) {
122         scr2_2 = (val >> 8) & 0xFF;
123     } else {
124         scr2_2 = val & 0xFF;
125     }
126 
127     if (val & 0x1) {
128         DPRINTF("fault!\n");
129         led++;
130         if (led == 10) {
131             DPRINTF("LED flashing, possible fault!\n");
132             led = 0;
133         }
134     }
135 
136     if (scr2_2 & 0x1) {
137         /* DPRINTF("RTC %x phase %i\n", scr2_2, phase); */
138         if (phase == -1) {
139             phase = 0;
140         }
141         /* If we are in going down clock... do something */
142         if (((old_scr2 & SCR2_RTCLK) != (scr2_2 & SCR2_RTCLK)) &&
143                 ((scr2_2 & SCR2_RTCLK) == 0)) {
144             if (phase < 8) {
145                 rtc->command = (rtc->command << 1) |
146                                ((scr2_2 & SCR2_RTDATA) ? 1 : 0);
147             }
148             if (phase >= 8 && phase < 16) {
149                 rtc->value = (rtc->value << 1) |
150                              ((scr2_2 & SCR2_RTDATA) ? 1 : 0);
151 
152                 /* if we read RAM register, output RT_DATA bit */
153                 if (rtc->command <= 0x1F) {
154                     scr2_2 = scr2_2 & (~SCR2_RTDATA);
155                     if (rtc->ram[rtc->command] & (0x80 >> (phase - 8))) {
156                         scr2_2 |= SCR2_RTDATA;
157                     }
158 
159                     rtc->retval = (rtc->retval << 1) |
160                                   ((scr2_2 & SCR2_RTDATA) ? 1 : 0);
161                 }
162                 /* read the status 0x30 */
163                 if (rtc->command == 0x30) {
164                     scr2_2 = scr2_2 & (~SCR2_RTDATA);
165                     /* for now status = 0x98 (new rtc + FTU) */
166                     if (rtc->status & (0x80 >> (phase - 8))) {
167                         scr2_2 |= SCR2_RTDATA;
168                     }
169 
170                     rtc->retval = (rtc->retval << 1) |
171                                   ((scr2_2 & SCR2_RTDATA) ? 1 : 0);
172                 }
173                 /* read the status 0x31 */
174                 if (rtc->command == 0x31) {
175                     scr2_2 = scr2_2 & (~SCR2_RTDATA);
176                     if (rtc->control & (0x80 >> (phase - 8))) {
177                         scr2_2 |= SCR2_RTDATA;
178                     }
179                     rtc->retval = (rtc->retval << 1) |
180                                   ((scr2_2 & SCR2_RTDATA) ? 1 : 0);
181                 }
182 
183                 if ((rtc->command >= 0x20) && (rtc->command <= 0x2F)) {
184                     scr2_2 = scr2_2 & (~SCR2_RTDATA);
185                     /* for now 0x00 */
186                     time_t time_h = time(NULL);
187                     struct tm *info = localtime(&time_h);
188                     int ret = 0;
189 
190                     switch (rtc->command) {
191                     case 0x20:
192                         ret = SCR2_TOBCD(info->tm_sec);
193                         break;
194                     case 0x21:
195                         ret = SCR2_TOBCD(info->tm_min);
196                         break;
197                     case 0x22:
198                         ret = SCR2_TOBCD(info->tm_hour);
199                         break;
200                     case 0x24:
201                         ret = SCR2_TOBCD(info->tm_mday);
202                         break;
203                     case 0x25:
204                         ret = SCR2_TOBCD((info->tm_mon + 1));
205                         break;
206                     case 0x26:
207                         ret = SCR2_TOBCD((info->tm_year - 100));
208                         break;
209 
210                     }
211 
212                     if (ret & (0x80 >> (phase - 8))) {
213                         scr2_2 |= SCR2_RTDATA;
214                     }
215                     rtc->retval = (rtc->retval << 1) |
216                                   ((scr2_2 & SCR2_RTDATA) ? 1 : 0);
217                 }
218 
219             }
220 
221             phase++;
222             if (phase == 16) {
223                 if (rtc->command >= 0x80 && rtc->command <= 0x9F) {
224                     rtc->ram[rtc->command - 0x80] = rtc->value;
225                 }
226                 /* write to x30 register */
227                 if (rtc->command == 0xB1) {
228                     /* clear FTU */
229                     if (rtc->value & 0x04) {
230                         rtc->status = rtc->status & (~0x18);
231                         s->int_status = s->int_status & (~0x04);
232                     }
233                 }
234             }
235         }
236     } else {
237         /* else end or abort */
238         phase = -1;
239         rtc->command = 0;
240         rtc->value = 0;
241     }
242     s->scr2 = val & 0xFFFF00FF;
243     s->scr2 |= scr2_2 << 8;
244     old_scr2 = scr2_2;
245 }
246 
mmio_readb(NeXTState * s,hwaddr addr)247 static uint32_t mmio_readb(NeXTState *s, hwaddr addr)
248 {
249     switch (addr) {
250     case 0xc000:
251         return (s->scr1 >> 24) & 0xFF;
252     case 0xc001:
253         return (s->scr1 >> 16) & 0xFF;
254     case 0xc002:
255         return (s->scr1 >> 8)  & 0xFF;
256     case 0xc003:
257         return (s->scr1 >> 0)  & 0xFF;
258 
259     case 0xd000:
260         return (s->scr2 >> 24) & 0xFF;
261     case 0xd001:
262         return (s->scr2 >> 16) & 0xFF;
263     case 0xd002:
264         return (s->scr2 >> 8)  & 0xFF;
265     case 0xd003:
266         return (s->scr2 >> 0)  & 0xFF;
267     case 0x14020:
268         DPRINTF("MMIO Read 0x4020\n");
269         return 0x7f;
270 
271     default:
272         DPRINTF("MMIO Read B @ %"HWADDR_PRIx"\n", addr);
273         return 0x0;
274     }
275 }
276 
mmio_readw(NeXTState * s,hwaddr addr)277 static uint32_t mmio_readw(NeXTState *s, hwaddr addr)
278 {
279     switch (addr) {
280     default:
281         DPRINTF("MMIO Read W @ %"HWADDR_PRIx"\n", addr);
282         return 0x0;
283     }
284 }
285 
mmio_readl(NeXTState * s,hwaddr addr)286 static uint32_t mmio_readl(NeXTState *s, hwaddr addr)
287 {
288     switch (addr) {
289     case 0x7000:
290         /* DPRINTF("Read INT status: %x\n", s->int_status); */
291         return s->int_status;
292 
293     case 0x7800:
294         DPRINTF("MMIO Read INT mask: %x\n", s->int_mask);
295         return s->int_mask;
296 
297     case 0xc000:
298         return s->scr1;
299 
300     case 0xd000:
301         return s->scr2;
302 
303     default:
304         DPRINTF("MMIO Read L @ %"HWADDR_PRIx"\n", addr);
305         return 0x0;
306     }
307 }
308 
mmio_writeb(NeXTState * s,hwaddr addr,uint32_t val)309 static void mmio_writeb(NeXTState *s, hwaddr addr, uint32_t val)
310 {
311     switch (addr) {
312     case 0xd003:
313         nextscr2_write(s, val, 1);
314         break;
315     default:
316         DPRINTF("MMIO Write B @ %x with %x\n", (unsigned int)addr, val);
317     }
318 
319 }
320 
mmio_writew(NeXTState * s,hwaddr addr,uint32_t val)321 static void mmio_writew(NeXTState *s, hwaddr addr, uint32_t val)
322 {
323     DPRINTF("MMIO Write W\n");
324 }
325 
mmio_writel(NeXTState * s,hwaddr addr,uint32_t val)326 static void mmio_writel(NeXTState *s, hwaddr addr, uint32_t val)
327 {
328     switch (addr) {
329     case 0x7000:
330         DPRINTF("INT Status old: %x new: %x\n", s->int_status, val);
331         s->int_status = val;
332         break;
333     case 0x7800:
334         DPRINTF("INT Mask old: %x new: %x\n", s->int_mask, val);
335         s->int_mask  = val;
336         break;
337     case 0xc000:
338         DPRINTF("SCR1 Write: %x\n", val);
339         break;
340     case 0xd000:
341         nextscr2_write(s, val, 4);
342         break;
343 
344     default:
345         DPRINTF("MMIO Write l @ %x with %x\n", (unsigned int)addr, val);
346     }
347 }
348 
mmio_readfn(void * opaque,hwaddr addr,unsigned size)349 static uint64_t mmio_readfn(void *opaque, hwaddr addr, unsigned size)
350 {
351     NeXTState *ns = NEXT_MACHINE(opaque);
352 
353     switch (size) {
354     case 1:
355         return mmio_readb(ns, addr);
356     case 2:
357         return mmio_readw(ns, addr);
358     case 4:
359         return mmio_readl(ns, addr);
360     default:
361         g_assert_not_reached();
362     }
363 }
364 
mmio_writefn(void * opaque,hwaddr addr,uint64_t value,unsigned size)365 static void mmio_writefn(void *opaque, hwaddr addr, uint64_t value,
366                          unsigned size)
367 {
368     NeXTState *ns = NEXT_MACHINE(opaque);
369 
370     switch (size) {
371     case 1:
372         mmio_writeb(ns, addr, value);
373         break;
374     case 2:
375         mmio_writew(ns, addr, value);
376         break;
377     case 4:
378         mmio_writel(ns, addr, value);
379         break;
380     default:
381         g_assert_not_reached();
382     }
383 }
384 
385 static const MemoryRegionOps mmio_ops = {
386     .read = mmio_readfn,
387     .write = mmio_writefn,
388     .valid.min_access_size = 1,
389     .valid.max_access_size = 4,
390     .endianness = DEVICE_NATIVE_ENDIAN,
391 };
392 
scr_readb(NeXTState * s,hwaddr addr)393 static uint32_t scr_readb(NeXTState *s, hwaddr addr)
394 {
395     switch (addr) {
396     case 0x14108:
397         DPRINTF("FD read @ %x\n", (unsigned int)addr);
398         return 0x40 | 0x04 | 0x2 | 0x1;
399     case 0x14020:
400         DPRINTF("SCSI 4020  STATUS READ %X\n", s->scsi_csr_1);
401         return s->scsi_csr_1;
402 
403     case 0x14021:
404         DPRINTF("SCSI 4021 STATUS READ %X\n", s->scsi_csr_2);
405         return 0x40;
406 
407     /*
408      * These 4 registers are the hardware timer, not sure which register
409      * is the latch instead of data, but no problems so far
410      */
411     case 0x1a000:
412         return 0xff & (clock() >> 24);
413     case 0x1a001:
414         return 0xff & (clock() >> 16);
415     case 0x1a002:
416         return 0xff & (clock() >> 8);
417     case 0x1a003:
418         /* Hack: We need to have this change consistently to make it work */
419         return 0xFF & clock();
420 
421     default:
422         DPRINTF("BMAP Read B @ %x\n", (unsigned int)addr);
423         return 0;
424     }
425 }
426 
scr_readw(NeXTState * s,hwaddr addr)427 static uint32_t scr_readw(NeXTState *s, hwaddr addr)
428 {
429     DPRINTF("BMAP Read W @ %x\n", (unsigned int)addr);
430     return 0;
431 }
432 
scr_readl(NeXTState * s,hwaddr addr)433 static uint32_t scr_readl(NeXTState *s, hwaddr addr)
434 {
435     DPRINTF("BMAP Read L @ %x\n", (unsigned int)addr);
436     return 0;
437 }
438 
439 #define SCSICSR_ENABLE  0x01
440 #define SCSICSR_RESET   0x02  /* reset scsi dma */
441 #define SCSICSR_FIFOFL  0x04
442 #define SCSICSR_DMADIR  0x08  /* if set, scsi to mem */
443 #define SCSICSR_CPUDMA  0x10  /* if set, dma enabled */
444 #define SCSICSR_INTMASK 0x20  /* if set, interrupt enabled */
445 
scr_writeb(NeXTState * s,hwaddr addr,uint32_t value)446 static void scr_writeb(NeXTState *s, hwaddr addr, uint32_t value)
447 {
448     switch (addr) {
449     case 0x14108:
450         DPRINTF("FDCSR Write: %x\n", value);
451 
452         if (value == 0x0) {
453             /* qemu_irq_raise(s->fd_irq[0]); */
454         }
455         break;
456     case 0x14020: /* SCSI Control Register */
457         if (value & SCSICSR_FIFOFL) {
458             DPRINTF("SCSICSR FIFO Flush\n");
459             /* will have to add another irq to the esp if this is needed */
460             /* esp_puflush_fifo(esp_g); */
461             /* qemu_irq_pulse(s->scsi_dma); */
462         }
463 
464         if (value & SCSICSR_ENABLE) {
465             DPRINTF("SCSICSR Enable\n");
466             /*
467              * qemu_irq_raise(s->scsi_dma);
468              * s->scsi_csr_1 = 0xc0;
469              * s->scsi_csr_1 |= 0x1;
470              * qemu_irq_pulse(s->scsi_dma);
471              */
472         }
473         /*
474          * else
475          *     s->scsi_csr_1 &= ~SCSICSR_ENABLE;
476          */
477 
478         if (value & SCSICSR_RESET) {
479             DPRINTF("SCSICSR Reset\n");
480             /* I think this should set DMADIR. CPUDMA and INTMASK to 0 */
481             /* qemu_irq_raise(s->scsi_reset); */
482             /* s->scsi_csr_1 &= ~(SCSICSR_INTMASK |0x80|0x1); */
483 
484         }
485         if (value & SCSICSR_DMADIR) {
486             DPRINTF("SCSICSR DMAdir\n");
487         }
488         if (value & SCSICSR_CPUDMA) {
489             DPRINTF("SCSICSR CPUDMA\n");
490             /* qemu_irq_raise(s->scsi_dma); */
491 
492             s->int_status |= 0x4000000;
493         } else {
494             s->int_status &= ~(0x4000000);
495         }
496         if (value & SCSICSR_INTMASK) {
497             DPRINTF("SCSICSR INTMASK\n");
498             /*
499              * int_mask &= ~0x1000;
500              * s->scsi_csr_1 |= value;
501              * s->scsi_csr_1 &= ~SCSICSR_INTMASK;
502              * if (s->scsi_queued) {
503              *     s->scsi_queued = 0;
504              *     next_irq(s, NEXT_SCSI_I, level);
505              * }
506              */
507         } else {
508             /* int_mask |= 0x1000; */
509         }
510         if (value & 0x80) {
511             /* int_mask |= 0x1000; */
512             /* s->scsi_csr_1 |= 0x80; */
513         }
514         DPRINTF("SCSICSR Write: %x\n", value);
515         /* s->scsi_csr_1 = value; */
516         return;
517     /* Hardware timer latch - not implemented yet */
518     case 0x1a000:
519     default:
520         DPRINTF("BMAP Write B @ %x with %x\n", (unsigned int)addr, value);
521     }
522 }
523 
scr_writew(NeXTState * s,hwaddr addr,uint32_t value)524 static void scr_writew(NeXTState *s, hwaddr addr, uint32_t value)
525 {
526     DPRINTF("BMAP Write W @ %x with %x\n", (unsigned int)addr, value);
527 }
528 
scr_writel(NeXTState * s,hwaddr addr,uint32_t value)529 static void scr_writel(NeXTState *s, hwaddr addr, uint32_t value)
530 {
531     DPRINTF("BMAP Write L @ %x with %x\n", (unsigned int)addr, value);
532 }
533 
scr_readfn(void * opaque,hwaddr addr,unsigned size)534 static uint64_t scr_readfn(void *opaque, hwaddr addr, unsigned size)
535 {
536     NeXTState *ns = NEXT_MACHINE(opaque);
537 
538     switch (size) {
539     case 1:
540         return scr_readb(ns, addr);
541     case 2:
542         return scr_readw(ns, addr);
543     case 4:
544         return scr_readl(ns, addr);
545     default:
546         g_assert_not_reached();
547     }
548 }
549 
scr_writefn(void * opaque,hwaddr addr,uint64_t value,unsigned size)550 static void scr_writefn(void *opaque, hwaddr addr, uint64_t value,
551                         unsigned size)
552 {
553     NeXTState *ns = NEXT_MACHINE(opaque);
554 
555     switch (size) {
556     case 1:
557         scr_writeb(ns, addr, value);
558         break;
559     case 2:
560         scr_writew(ns, addr, value);
561         break;
562     case 4:
563         scr_writel(ns, addr, value);
564         break;
565     default:
566         g_assert_not_reached();
567     }
568 }
569 
570 static const MemoryRegionOps scr_ops = {
571     .read = scr_readfn,
572     .write = scr_writefn,
573     .valid.min_access_size = 1,
574     .valid.max_access_size = 4,
575     .endianness = DEVICE_NATIVE_ENDIAN,
576 };
577 
578 #define NEXTDMA_SCSI(x)      (0x10 + x)
579 #define NEXTDMA_FD(x)        (0x10 + x)
580 #define NEXTDMA_ENTX(x)      (0x110 + x)
581 #define NEXTDMA_ENRX(x)      (0x150 + x)
582 #define NEXTDMA_CSR          0x0
583 #define NEXTDMA_NEXT         0x4000
584 #define NEXTDMA_LIMIT        0x4004
585 #define NEXTDMA_START        0x4008
586 #define NEXTDMA_STOP         0x400c
587 #define NEXTDMA_NEXT_INIT    0x4200
588 #define NEXTDMA_SIZE         0x4204
589 
dma_writel(void * opaque,hwaddr addr,uint64_t value,unsigned int size)590 static void dma_writel(void *opaque, hwaddr addr, uint64_t value,
591                        unsigned int size)
592 {
593     NeXTState *next_state = NEXT_MACHINE(opaque);
594 
595     switch (addr) {
596     case NEXTDMA_ENRX(NEXTDMA_CSR):
597         if (value & DMA_DEV2M) {
598             next_state->dma[NEXTDMA_ENRX].csr |= DMA_DEV2M;
599         }
600 
601         if (value & DMA_SETENABLE) {
602             /* DPRINTF("SCSI DMA ENABLE\n"); */
603             next_state->dma[NEXTDMA_ENRX].csr |= DMA_ENABLE;
604         }
605         if (value & DMA_SETSUPDATE) {
606             next_state->dma[NEXTDMA_ENRX].csr |= DMA_SUPDATE;
607         }
608         if (value & DMA_CLRCOMPLETE) {
609             next_state->dma[NEXTDMA_ENRX].csr &= ~DMA_COMPLETE;
610         }
611 
612         if (value & DMA_RESET) {
613             next_state->dma[NEXTDMA_ENRX].csr &= ~(DMA_COMPLETE | DMA_SUPDATE |
614                                                   DMA_ENABLE | DMA_DEV2M);
615         }
616         /* DPRINTF("RXCSR \tWrite: %x\n",value); */
617         break;
618     case NEXTDMA_ENRX(NEXTDMA_NEXT_INIT):
619         next_state->dma[NEXTDMA_ENRX].next_initbuf = value;
620         break;
621     case NEXTDMA_ENRX(NEXTDMA_NEXT):
622         next_state->dma[NEXTDMA_ENRX].next = value;
623         break;
624     case NEXTDMA_ENRX(NEXTDMA_LIMIT):
625         next_state->dma[NEXTDMA_ENRX].limit = value;
626         break;
627     case NEXTDMA_SCSI(NEXTDMA_CSR):
628         if (value & DMA_DEV2M) {
629             next_state->dma[NEXTDMA_SCSI].csr |= DMA_DEV2M;
630         }
631         if (value & DMA_SETENABLE) {
632             /* DPRINTF("SCSI DMA ENABLE\n"); */
633             next_state->dma[NEXTDMA_SCSI].csr |= DMA_ENABLE;
634         }
635         if (value & DMA_SETSUPDATE) {
636             next_state->dma[NEXTDMA_SCSI].csr |= DMA_SUPDATE;
637         }
638         if (value & DMA_CLRCOMPLETE) {
639             next_state->dma[NEXTDMA_SCSI].csr &= ~DMA_COMPLETE;
640         }
641 
642         if (value & DMA_RESET) {
643             next_state->dma[NEXTDMA_SCSI].csr &= ~(DMA_COMPLETE | DMA_SUPDATE |
644                                                   DMA_ENABLE | DMA_DEV2M);
645             /* DPRINTF("SCSI DMA RESET\n"); */
646         }
647         /* DPRINTF("RXCSR \tWrite: %x\n",value); */
648         break;
649 
650     case NEXTDMA_SCSI(NEXTDMA_NEXT):
651         next_state->dma[NEXTDMA_SCSI].next = value;
652         break;
653 
654     case NEXTDMA_SCSI(NEXTDMA_LIMIT):
655         next_state->dma[NEXTDMA_SCSI].limit = value;
656         break;
657 
658     case NEXTDMA_SCSI(NEXTDMA_START):
659         next_state->dma[NEXTDMA_SCSI].start = value;
660         break;
661 
662     case NEXTDMA_SCSI(NEXTDMA_STOP):
663         next_state->dma[NEXTDMA_SCSI].stop = value;
664         break;
665 
666     case NEXTDMA_SCSI(NEXTDMA_NEXT_INIT):
667         next_state->dma[NEXTDMA_SCSI].next_initbuf = value;
668         break;
669 
670     default:
671         DPRINTF("DMA write @ %x w/ %x\n", (unsigned)addr, (unsigned)value);
672     }
673 }
674 
dma_readl(void * opaque,hwaddr addr,unsigned int size)675 static uint64_t dma_readl(void *opaque, hwaddr addr, unsigned int size)
676 {
677     NeXTState *next_state = NEXT_MACHINE(opaque);
678 
679     switch (addr) {
680     case NEXTDMA_SCSI(NEXTDMA_CSR):
681         DPRINTF("SCSI DMA CSR READ\n");
682         return next_state->dma[NEXTDMA_SCSI].csr;
683     case NEXTDMA_ENRX(NEXTDMA_CSR):
684         return next_state->dma[NEXTDMA_ENRX].csr;
685     case NEXTDMA_ENRX(NEXTDMA_NEXT_INIT):
686         return next_state->dma[NEXTDMA_ENRX].next_initbuf;
687     case NEXTDMA_ENRX(NEXTDMA_NEXT):
688         return next_state->dma[NEXTDMA_ENRX].next;
689     case NEXTDMA_ENRX(NEXTDMA_LIMIT):
690         return next_state->dma[NEXTDMA_ENRX].limit;
691 
692     case NEXTDMA_SCSI(NEXTDMA_NEXT):
693         return next_state->dma[NEXTDMA_SCSI].next;
694     case NEXTDMA_SCSI(NEXTDMA_NEXT_INIT):
695         return next_state->dma[NEXTDMA_SCSI].next_initbuf;
696     case NEXTDMA_SCSI(NEXTDMA_LIMIT):
697         return next_state->dma[NEXTDMA_SCSI].limit;
698     case NEXTDMA_SCSI(NEXTDMA_START):
699         return next_state->dma[NEXTDMA_SCSI].start;
700     case NEXTDMA_SCSI(NEXTDMA_STOP):
701         return next_state->dma[NEXTDMA_SCSI].stop;
702 
703     default:
704         DPRINTF("DMA read @ %x\n", (unsigned int)addr);
705         return 0;
706     }
707 
708     /*
709      * once the csr's are done, subtract 0x3FEC from the addr, and that will
710      * normalize the upper registers
711      */
712 }
713 
714 static const MemoryRegionOps dma_ops = {
715     .read = dma_readl,
716     .write = dma_writel,
717     .impl.min_access_size = 4,
718     .valid.min_access_size = 4,
719     .valid.max_access_size = 4,
720     .endianness = DEVICE_NATIVE_ENDIAN,
721 };
722 
723 /*
724  * TODO: set the shift numbers as values in the enum, so the first switch
725  * will not be needed
726  */
next_irq(void * opaque,int number,int level)727 void next_irq(void *opaque, int number, int level)
728 {
729     M68kCPU *cpu = opaque;
730     int shift = 0;
731     NeXTState *ns = NEXT_MACHINE(qdev_get_machine());
732 
733     /* first switch sets interupt status */
734     /* DPRINTF("IRQ %i\n",number); */
735     switch (number) {
736     /* level 3 - floppy, kbd/mouse, power, ether rx/tx, scsi, clock */
737     case NEXT_FD_I:
738         shift = 7;
739         break;
740     case NEXT_KBD_I:
741         shift = 3;
742         break;
743     case NEXT_PWR_I:
744         shift = 2;
745         break;
746     case NEXT_ENRX_I:
747         shift = 9;
748         break;
749     case NEXT_ENTX_I:
750         shift = 10;
751         break;
752     case NEXT_SCSI_I:
753         shift = 12;
754         break;
755     case NEXT_CLK_I:
756         shift = 5;
757         break;
758 
759     /* level 5 - scc (serial) */
760     case NEXT_SCC_I:
761         shift = 17;
762         break;
763 
764     /* level 6 - audio etherrx/tx dma */
765     case NEXT_ENTX_DMA_I:
766         shift = 28;
767         break;
768     case NEXT_ENRX_DMA_I:
769         shift = 27;
770         break;
771     case NEXT_SCSI_DMA_I:
772         shift = 26;
773         break;
774     case NEXT_SND_I:
775         shift = 23;
776         break;
777     case NEXT_SCC_DMA_I:
778         shift = 21;
779         break;
780 
781     }
782     /*
783      * this HAS to be wrong, the interrupt handlers in mach and together
784      * int_status and int_mask and return if there is a hit
785      */
786     if (ns->int_mask & (1 << shift)) {
787         DPRINTF("%x interrupt masked @ %x\n", 1 << shift, cpu->env.pc);
788         /* return; */
789     }
790 
791     /* second switch triggers the correct interrupt */
792     if (level) {
793         ns->int_status |= 1 << shift;
794 
795         switch (number) {
796         /* level 3 - floppy, kbd/mouse, power, ether rx/tx, scsi, clock */
797         case NEXT_FD_I:
798         case NEXT_KBD_I:
799         case NEXT_PWR_I:
800         case NEXT_ENRX_I:
801         case NEXT_ENTX_I:
802         case NEXT_SCSI_I:
803         case NEXT_CLK_I:
804             m68k_set_irq_level(cpu, 3, 27);
805             break;
806 
807         /* level 5 - scc (serial) */
808         case NEXT_SCC_I:
809             m68k_set_irq_level(cpu, 5, 29);
810             break;
811 
812         /* level 6 - audio etherrx/tx dma */
813         case NEXT_ENTX_DMA_I:
814         case NEXT_ENRX_DMA_I:
815         case NEXT_SCSI_DMA_I:
816         case NEXT_SND_I:
817         case NEXT_SCC_DMA_I:
818             m68k_set_irq_level(cpu, 6, 30);
819             break;
820         }
821     } else {
822         ns->int_status &= ~(1 << shift);
823         cpu_reset_interrupt(CPU(cpu), CPU_INTERRUPT_HARD);
824     }
825 }
826 
next_serial_irq(void * opaque,int n,int level)827 static void next_serial_irq(void *opaque, int n, int level)
828 {
829     /* DPRINTF("SCC IRQ NUM %i\n",n); */
830     if (n) {
831         next_irq(opaque, NEXT_SCC_DMA_I, level);
832     } else {
833         next_irq(opaque, NEXT_SCC_I, level);
834     }
835 }
836 
next_escc_init(M68kCPU * cpu)837 static void next_escc_init(M68kCPU *cpu)
838 {
839     qemu_irq *ser_irq = qemu_allocate_irqs(next_serial_irq, cpu, 2);
840     DeviceState *dev;
841     SysBusDevice *s;
842 
843     dev = qdev_new(TYPE_ESCC);
844     qdev_prop_set_uint32(dev, "disabled", 0);
845     qdev_prop_set_uint32(dev, "frequency", 9600 * 384);
846     qdev_prop_set_uint32(dev, "it_shift", 0);
847     qdev_prop_set_bit(dev, "bit_swap", true);
848     qdev_prop_set_chr(dev, "chrB", serial_hd(1));
849     qdev_prop_set_chr(dev, "chrA", serial_hd(0));
850     qdev_prop_set_uint32(dev, "chnBtype", escc_serial);
851     qdev_prop_set_uint32(dev, "chnAtype", escc_serial);
852 
853     s = SYS_BUS_DEVICE(dev);
854     sysbus_realize_and_unref(s, &error_fatal);
855     sysbus_connect_irq(s, 0, ser_irq[0]);
856     sysbus_connect_irq(s, 1,  ser_irq[1]);
857     sysbus_mmio_map(s, 0, 0x2118000);
858 }
859 
next_cube_init(MachineState * machine)860 static void next_cube_init(MachineState *machine)
861 {
862     M68kCPU *cpu;
863     CPUM68KState *env;
864     MemoryRegion *rom = g_new(MemoryRegion, 1);
865     MemoryRegion *mmiomem = g_new(MemoryRegion, 1);
866     MemoryRegion *scrmem = g_new(MemoryRegion, 1);
867     MemoryRegion *dmamem = g_new(MemoryRegion, 1);
868     MemoryRegion *bmapm1 = g_new(MemoryRegion, 1);
869     MemoryRegion *bmapm2 = g_new(MemoryRegion, 1);
870     MemoryRegion *sysmem = get_system_memory();
871     NeXTState *ns = NEXT_MACHINE(machine);
872     DeviceState *dev;
873 
874     /* Initialize the cpu core */
875     cpu = M68K_CPU(cpu_create(machine->cpu_type));
876     if (!cpu) {
877         error_report("Unable to find m68k CPU definition");
878         exit(1);
879     }
880     env = &cpu->env;
881 
882     /* Initialize CPU registers.  */
883     env->vbr = 0;
884     env->sr  = 0x2700;
885 
886     /* Set internal registers to initial values */
887     /*     0x0000XX00 << vital bits */
888     ns->scr1 = 0x00011102;
889     ns->scr2 = 0x00ff0c80;
890     ns->rtc.status = 0x90;
891 
892     /* Load RTC RAM - TODO: provide possibility to load contents from file */
893     memcpy(ns->rtc.ram, rtc_ram2, 32);
894 
895     /* 64MB RAM starting at 0x04000000  */
896     memory_region_add_subregion(sysmem, 0x04000000, machine->ram);
897 
898     /* Framebuffer */
899     dev = qdev_new(TYPE_NEXTFB);
900     sysbus_realize_and_unref(SYS_BUS_DEVICE(dev), &error_fatal);
901     sysbus_mmio_map(SYS_BUS_DEVICE(dev), 0, 0x0B000000);
902 
903     /* MMIO */
904     memory_region_init_io(mmiomem, NULL, &mmio_ops, machine, "next.mmio",
905                           0xD0000);
906     memory_region_add_subregion(sysmem, 0x02000000, mmiomem);
907 
908     /* BMAP memory */
909     memory_region_init_ram_shared_nomigrate(bmapm1, NULL, "next.bmapmem", 64,
910                                             true, &error_fatal);
911     memory_region_add_subregion(sysmem, 0x020c0000, bmapm1);
912     /* The Rev_2.5_v66.bin firmware accesses it at 0x820c0020, too */
913     memory_region_init_alias(bmapm2, NULL, "next.bmapmem2", bmapm1, 0x0, 64);
914     memory_region_add_subregion(sysmem, 0x820c0000, bmapm2);
915 
916     /* BMAP IO - acts as a catch-all for now */
917     memory_region_init_io(scrmem, NULL, &scr_ops, machine, "next.scr",
918                           0x20000);
919     memory_region_add_subregion(sysmem, 0x02100000, scrmem);
920 
921     /* KBD */
922     dev = qdev_new(TYPE_NEXTKBD);
923     sysbus_realize_and_unref(SYS_BUS_DEVICE(dev), &error_fatal);
924     sysbus_mmio_map(SYS_BUS_DEVICE(dev), 0, 0x0200e000);
925 
926     /* Load ROM here */
927     if (bios_name == NULL) {
928         bios_name = ROM_FILE;
929     }
930     /* still not sure if the rom should also be mapped at 0x0*/
931     memory_region_init_rom(rom, NULL, "next.rom", 0x20000, &error_fatal);
932     memory_region_add_subregion(sysmem, 0x01000000, rom);
933     if (load_image_targphys(bios_name, 0x01000000, 0x20000) < 8) {
934         if (!qtest_enabled()) {
935             error_report("Failed to load firmware '%s'.", bios_name);
936         }
937     } else {
938         uint8_t *ptr;
939         /* Initial PC is always at offset 4 in firmware binaries */
940         ptr = rom_ptr(0x01000004, 4);
941         g_assert(ptr != NULL);
942         env->pc = ldl_p(ptr);
943         if (env->pc >= 0x01020000) {
944             error_report("'%s' does not seem to be a valid firmware image.",
945                          bios_name);
946             exit(1);
947         }
948     }
949 
950     /* Serial */
951     next_escc_init(cpu);
952 
953     /* TODO: */
954     /* Network */
955     /* SCSI */
956 
957     /* DMA */
958     memory_region_init_io(dmamem, NULL, &dma_ops, machine, "next.dma", 0x5000);
959     memory_region_add_subregion(sysmem, 0x02000000, dmamem);
960 }
961 
next_machine_class_init(ObjectClass * oc,void * data)962 static void next_machine_class_init(ObjectClass *oc, void *data)
963 {
964     MachineClass *mc = MACHINE_CLASS(oc);
965 
966     mc->desc = "NeXT Cube";
967     mc->init = next_cube_init;
968     mc->default_ram_size = RAM_SIZE;
969     mc->default_ram_id = "next.ram";
970     mc->default_cpu_type = M68K_CPU_TYPE_NAME("m68040");
971 }
972 
973 static const TypeInfo next_typeinfo = {
974     .name = TYPE_NEXT_MACHINE,
975     .parent = TYPE_MACHINE,
976     .class_init = next_machine_class_init,
977     .instance_size = sizeof(NeXTState),
978 };
979 
next_register_type(void)980 static void next_register_type(void)
981 {
982     type_register_static(&next_typeinfo);
983 }
984 
985 type_init(next_register_type)
986