1 /* 2 * NeXT Cube System Driver 3 * 4 * Copyright (c) 2011 Bryce Lanham 5 * 6 * This code is free software; you can redistribute it and/or modify 7 * it under the terms of the GNU General Public License as published 8 * by the Free Software Foundation; either version 2 of the License, 9 * or (at your option) any later version. 10 */ 11 12 #include "qemu/osdep.h" 13 #include "cpu.h" 14 #include "exec/hwaddr.h" 15 #include "exec/address-spaces.h" 16 #include "sysemu/sysemu.h" 17 #include "sysemu/qtest.h" 18 #include "hw/irq.h" 19 #include "hw/m68k/next-cube.h" 20 #include "hw/boards.h" 21 #include "hw/loader.h" 22 #include "hw/scsi/esp.h" 23 #include "hw/sysbus.h" 24 #include "qom/object.h" 25 #include "hw/char/escc.h" /* ZILOG 8530 Serial Emulation */ 26 #include "hw/block/fdc.h" 27 #include "hw/qdev-properties.h" 28 #include "qapi/error.h" 29 #include "ui/console.h" 30 #include "target/m68k/cpu.h" 31 32 /* #define DEBUG_NEXT */ 33 #ifdef DEBUG_NEXT 34 #define DPRINTF(fmt, ...) \ 35 do { printf("NeXT: " fmt , ## __VA_ARGS__); } while (0) 36 #else 37 #define DPRINTF(fmt, ...) do { } while (0) 38 #endif 39 40 #define TYPE_NEXT_MACHINE MACHINE_TYPE_NAME("next-cube") 41 typedef struct NeXTState NeXTState; 42 DECLARE_INSTANCE_CHECKER(NeXTState, NEXT_MACHINE, 43 TYPE_NEXT_MACHINE) 44 45 #define ENTRY 0x0100001e 46 #define RAM_SIZE 0x4000000 47 #define ROM_FILE "Rev_2.5_v66.bin" 48 49 typedef struct next_dma { 50 uint32_t csr; 51 52 uint32_t saved_next; 53 uint32_t saved_limit; 54 uint32_t saved_start; 55 uint32_t saved_stop; 56 57 uint32_t next; 58 uint32_t limit; 59 uint32_t start; 60 uint32_t stop; 61 62 uint32_t next_initbuf; 63 uint32_t size; 64 } next_dma; 65 66 typedef struct NextRtc { 67 uint8_t ram[32]; 68 uint8_t command; 69 uint8_t value; 70 uint8_t status; 71 uint8_t control; 72 uint8_t retval; 73 } NextRtc; 74 75 struct NeXTState { 76 MachineState parent; 77 78 uint32_t int_mask; 79 uint32_t int_status; 80 81 uint8_t scsi_csr_1; 82 uint8_t scsi_csr_2; 83 next_dma dma[10]; 84 qemu_irq *scsi_irq; 85 qemu_irq scsi_dma; 86 qemu_irq scsi_reset; 87 qemu_irq *fd_irq; 88 89 uint32_t scr1; 90 uint32_t scr2; 91 92 NextRtc rtc; 93 }; 94 95 /* Thanks to NeXT forums for this */ 96 /* 97 static const uint8_t rtc_ram3[32] = { 98 0x94, 0x0f, 0x40, 0x00, 0x00, 0x00, 0x00, 0x00, 99 0x00, 0x00, 0xfb, 0x6d, 0x00, 0x00, 0x7B, 0x00, 100 0x00, 0x00, 0x65, 0x6e, 0x00, 0x00, 0x00, 0x00, 101 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x50, 0x13 102 }; 103 */ 104 static const uint8_t rtc_ram2[32] = { 105 0x94, 0x0f, 0x40, 0x03, 0x00, 0x00, 0x00, 0x00, 106 0x00, 0x00, 0xfb, 0x6d, 0x00, 0x00, 0x4b, 0x00, 107 0x41, 0x00, 0x20, 0x00, 0x00, 0x00, 0x00, 0x00, 108 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x84, 0x7e, 109 }; 110 111 #define SCR2_RTCLK 0x2 112 #define SCR2_RTDATA 0x4 113 #define SCR2_TOBCD(x) (((x / 10) << 4) + (x % 10)) 114 115 static void nextscr2_write(NeXTState *s, uint32_t val, int size) 116 { 117 static int led; 118 static int phase; 119 static uint8_t old_scr2; 120 uint8_t scr2_2; 121 NextRtc *rtc = &s->rtc; 122 123 if (size == 4) { 124 scr2_2 = (val >> 8) & 0xFF; 125 } else { 126 scr2_2 = val & 0xFF; 127 } 128 129 if (val & 0x1) { 130 DPRINTF("fault!\n"); 131 led++; 132 if (led == 10) { 133 DPRINTF("LED flashing, possible fault!\n"); 134 led = 0; 135 } 136 } 137 138 if (scr2_2 & 0x1) { 139 /* DPRINTF("RTC %x phase %i\n", scr2_2, phase); */ 140 if (phase == -1) { 141 phase = 0; 142 } 143 /* If we are in going down clock... do something */ 144 if (((old_scr2 & SCR2_RTCLK) != (scr2_2 & SCR2_RTCLK)) && 145 ((scr2_2 & SCR2_RTCLK) == 0)) { 146 if (phase < 8) { 147 rtc->command = (rtc->command << 1) | 148 ((scr2_2 & SCR2_RTDATA) ? 1 : 0); 149 } 150 if (phase >= 8 && phase < 16) { 151 rtc->value = (rtc->value << 1) | 152 ((scr2_2 & SCR2_RTDATA) ? 1 : 0); 153 154 /* if we read RAM register, output RT_DATA bit */ 155 if (rtc->command <= 0x1F) { 156 scr2_2 = scr2_2 & (~SCR2_RTDATA); 157 if (rtc->ram[rtc->command] & (0x80 >> (phase - 8))) { 158 scr2_2 |= SCR2_RTDATA; 159 } 160 161 rtc->retval = (rtc->retval << 1) | 162 ((scr2_2 & SCR2_RTDATA) ? 1 : 0); 163 } 164 /* read the status 0x30 */ 165 if (rtc->command == 0x30) { 166 scr2_2 = scr2_2 & (~SCR2_RTDATA); 167 /* for now status = 0x98 (new rtc + FTU) */ 168 if (rtc->status & (0x80 >> (phase - 8))) { 169 scr2_2 |= SCR2_RTDATA; 170 } 171 172 rtc->retval = (rtc->retval << 1) | 173 ((scr2_2 & SCR2_RTDATA) ? 1 : 0); 174 } 175 /* read the status 0x31 */ 176 if (rtc->command == 0x31) { 177 scr2_2 = scr2_2 & (~SCR2_RTDATA); 178 if (rtc->control & (0x80 >> (phase - 8))) { 179 scr2_2 |= SCR2_RTDATA; 180 } 181 rtc->retval = (rtc->retval << 1) | 182 ((scr2_2 & SCR2_RTDATA) ? 1 : 0); 183 } 184 185 if ((rtc->command >= 0x20) && (rtc->command <= 0x2F)) { 186 scr2_2 = scr2_2 & (~SCR2_RTDATA); 187 /* for now 0x00 */ 188 time_t time_h = time(NULL); 189 struct tm *info = localtime(&time_h); 190 int ret = 0; 191 192 switch (rtc->command) { 193 case 0x20: 194 ret = SCR2_TOBCD(info->tm_sec); 195 break; 196 case 0x21: 197 ret = SCR2_TOBCD(info->tm_min); 198 break; 199 case 0x22: 200 ret = SCR2_TOBCD(info->tm_hour); 201 break; 202 case 0x24: 203 ret = SCR2_TOBCD(info->tm_mday); 204 break; 205 case 0x25: 206 ret = SCR2_TOBCD((info->tm_mon + 1)); 207 break; 208 case 0x26: 209 ret = SCR2_TOBCD((info->tm_year - 100)); 210 break; 211 212 } 213 214 if (ret & (0x80 >> (phase - 8))) { 215 scr2_2 |= SCR2_RTDATA; 216 } 217 rtc->retval = (rtc->retval << 1) | 218 ((scr2_2 & SCR2_RTDATA) ? 1 : 0); 219 } 220 221 } 222 223 phase++; 224 if (phase == 16) { 225 if (rtc->command >= 0x80 && rtc->command <= 0x9F) { 226 rtc->ram[rtc->command - 0x80] = rtc->value; 227 } 228 /* write to x30 register */ 229 if (rtc->command == 0xB1) { 230 /* clear FTU */ 231 if (rtc->value & 0x04) { 232 rtc->status = rtc->status & (~0x18); 233 s->int_status = s->int_status & (~0x04); 234 } 235 } 236 } 237 } 238 } else { 239 /* else end or abort */ 240 phase = -1; 241 rtc->command = 0; 242 rtc->value = 0; 243 } 244 s->scr2 = val & 0xFFFF00FF; 245 s->scr2 |= scr2_2 << 8; 246 old_scr2 = scr2_2; 247 } 248 249 static uint32_t mmio_readb(NeXTState *s, hwaddr addr) 250 { 251 switch (addr) { 252 case 0xc000: 253 return (s->scr1 >> 24) & 0xFF; 254 case 0xc001: 255 return (s->scr1 >> 16) & 0xFF; 256 case 0xc002: 257 return (s->scr1 >> 8) & 0xFF; 258 case 0xc003: 259 return (s->scr1 >> 0) & 0xFF; 260 261 case 0xd000: 262 return (s->scr2 >> 24) & 0xFF; 263 case 0xd001: 264 return (s->scr2 >> 16) & 0xFF; 265 case 0xd002: 266 return (s->scr2 >> 8) & 0xFF; 267 case 0xd003: 268 return (s->scr2 >> 0) & 0xFF; 269 case 0x14020: 270 DPRINTF("MMIO Read 0x4020\n"); 271 return 0x7f; 272 273 default: 274 DPRINTF("MMIO Read B @ %"HWADDR_PRIx"\n", addr); 275 return 0x0; 276 } 277 } 278 279 static uint32_t mmio_readw(NeXTState *s, hwaddr addr) 280 { 281 switch (addr) { 282 default: 283 DPRINTF("MMIO Read W @ %"HWADDR_PRIx"\n", addr); 284 return 0x0; 285 } 286 } 287 288 static uint32_t mmio_readl(NeXTState *s, hwaddr addr) 289 { 290 switch (addr) { 291 case 0x7000: 292 /* DPRINTF("Read INT status: %x\n", s->int_status); */ 293 return s->int_status; 294 295 case 0x7800: 296 DPRINTF("MMIO Read INT mask: %x\n", s->int_mask); 297 return s->int_mask; 298 299 case 0xc000: 300 return s->scr1; 301 302 case 0xd000: 303 return s->scr2; 304 305 default: 306 DPRINTF("MMIO Read L @ %"HWADDR_PRIx"\n", addr); 307 return 0x0; 308 } 309 } 310 311 static void mmio_writeb(NeXTState *s, hwaddr addr, uint32_t val) 312 { 313 switch (addr) { 314 case 0xd003: 315 nextscr2_write(s, val, 1); 316 break; 317 default: 318 DPRINTF("MMIO Write B @ %x with %x\n", (unsigned int)addr, val); 319 } 320 321 } 322 323 static void mmio_writew(NeXTState *s, hwaddr addr, uint32_t val) 324 { 325 DPRINTF("MMIO Write W\n"); 326 } 327 328 static void mmio_writel(NeXTState *s, hwaddr addr, uint32_t val) 329 { 330 switch (addr) { 331 case 0x7000: 332 DPRINTF("INT Status old: %x new: %x\n", s->int_status, val); 333 s->int_status = val; 334 break; 335 case 0x7800: 336 DPRINTF("INT Mask old: %x new: %x\n", s->int_mask, val); 337 s->int_mask = val; 338 break; 339 case 0xc000: 340 DPRINTF("SCR1 Write: %x\n", val); 341 break; 342 case 0xd000: 343 nextscr2_write(s, val, 4); 344 break; 345 346 default: 347 DPRINTF("MMIO Write l @ %x with %x\n", (unsigned int)addr, val); 348 } 349 } 350 351 static uint64_t mmio_readfn(void *opaque, hwaddr addr, unsigned size) 352 { 353 NeXTState *ns = NEXT_MACHINE(opaque); 354 355 switch (size) { 356 case 1: 357 return mmio_readb(ns, addr); 358 case 2: 359 return mmio_readw(ns, addr); 360 case 4: 361 return mmio_readl(ns, addr); 362 default: 363 g_assert_not_reached(); 364 } 365 } 366 367 static void mmio_writefn(void *opaque, hwaddr addr, uint64_t value, 368 unsigned size) 369 { 370 NeXTState *ns = NEXT_MACHINE(opaque); 371 372 switch (size) { 373 case 1: 374 mmio_writeb(ns, addr, value); 375 break; 376 case 2: 377 mmio_writew(ns, addr, value); 378 break; 379 case 4: 380 mmio_writel(ns, addr, value); 381 break; 382 default: 383 g_assert_not_reached(); 384 } 385 } 386 387 static const MemoryRegionOps mmio_ops = { 388 .read = mmio_readfn, 389 .write = mmio_writefn, 390 .valid.min_access_size = 1, 391 .valid.max_access_size = 4, 392 .endianness = DEVICE_NATIVE_ENDIAN, 393 }; 394 395 static uint32_t scr_readb(NeXTState *s, hwaddr addr) 396 { 397 switch (addr) { 398 case 0x14108: 399 DPRINTF("FD read @ %x\n", (unsigned int)addr); 400 return 0x40 | 0x04 | 0x2 | 0x1; 401 case 0x14020: 402 DPRINTF("SCSI 4020 STATUS READ %X\n", s->scsi_csr_1); 403 return s->scsi_csr_1; 404 405 case 0x14021: 406 DPRINTF("SCSI 4021 STATUS READ %X\n", s->scsi_csr_2); 407 return 0x40; 408 409 /* 410 * These 4 registers are the hardware timer, not sure which register 411 * is the latch instead of data, but no problems so far 412 */ 413 case 0x1a000: 414 return 0xff & (clock() >> 24); 415 case 0x1a001: 416 return 0xff & (clock() >> 16); 417 case 0x1a002: 418 return 0xff & (clock() >> 8); 419 case 0x1a003: 420 /* Hack: We need to have this change consistently to make it work */ 421 return 0xFF & clock(); 422 423 default: 424 DPRINTF("BMAP Read B @ %x\n", (unsigned int)addr); 425 return 0; 426 } 427 } 428 429 static uint32_t scr_readw(NeXTState *s, hwaddr addr) 430 { 431 DPRINTF("BMAP Read W @ %x\n", (unsigned int)addr); 432 return 0; 433 } 434 435 static uint32_t scr_readl(NeXTState *s, hwaddr addr) 436 { 437 DPRINTF("BMAP Read L @ %x\n", (unsigned int)addr); 438 return 0; 439 } 440 441 #define SCSICSR_ENABLE 0x01 442 #define SCSICSR_RESET 0x02 /* reset scsi dma */ 443 #define SCSICSR_FIFOFL 0x04 444 #define SCSICSR_DMADIR 0x08 /* if set, scsi to mem */ 445 #define SCSICSR_CPUDMA 0x10 /* if set, dma enabled */ 446 #define SCSICSR_INTMASK 0x20 /* if set, interrupt enabled */ 447 448 static void scr_writeb(NeXTState *s, hwaddr addr, uint32_t value) 449 { 450 switch (addr) { 451 case 0x14108: 452 DPRINTF("FDCSR Write: %x\n", value); 453 454 if (value == 0x0) { 455 /* qemu_irq_raise(s->fd_irq[0]); */ 456 } 457 break; 458 case 0x14020: /* SCSI Control Register */ 459 if (value & SCSICSR_FIFOFL) { 460 DPRINTF("SCSICSR FIFO Flush\n"); 461 /* will have to add another irq to the esp if this is needed */ 462 /* esp_puflush_fifo(esp_g); */ 463 /* qemu_irq_pulse(s->scsi_dma); */ 464 } 465 466 if (value & SCSICSR_ENABLE) { 467 DPRINTF("SCSICSR Enable\n"); 468 /* 469 * qemu_irq_raise(s->scsi_dma); 470 * s->scsi_csr_1 = 0xc0; 471 * s->scsi_csr_1 |= 0x1; 472 * qemu_irq_pulse(s->scsi_dma); 473 */ 474 } 475 /* 476 * else 477 * s->scsi_csr_1 &= ~SCSICSR_ENABLE; 478 */ 479 480 if (value & SCSICSR_RESET) { 481 DPRINTF("SCSICSR Reset\n"); 482 /* I think this should set DMADIR. CPUDMA and INTMASK to 0 */ 483 /* qemu_irq_raise(s->scsi_reset); */ 484 /* s->scsi_csr_1 &= ~(SCSICSR_INTMASK |0x80|0x1); */ 485 486 } 487 if (value & SCSICSR_DMADIR) { 488 DPRINTF("SCSICSR DMAdir\n"); 489 } 490 if (value & SCSICSR_CPUDMA) { 491 DPRINTF("SCSICSR CPUDMA\n"); 492 /* qemu_irq_raise(s->scsi_dma); */ 493 494 s->int_status |= 0x4000000; 495 } else { 496 s->int_status &= ~(0x4000000); 497 } 498 if (value & SCSICSR_INTMASK) { 499 DPRINTF("SCSICSR INTMASK\n"); 500 /* 501 * int_mask &= ~0x1000; 502 * s->scsi_csr_1 |= value; 503 * s->scsi_csr_1 &= ~SCSICSR_INTMASK; 504 * if (s->scsi_queued) { 505 * s->scsi_queued = 0; 506 * next_irq(s, NEXT_SCSI_I, level); 507 * } 508 */ 509 } else { 510 /* int_mask |= 0x1000; */ 511 } 512 if (value & 0x80) { 513 /* int_mask |= 0x1000; */ 514 /* s->scsi_csr_1 |= 0x80; */ 515 } 516 DPRINTF("SCSICSR Write: %x\n", value); 517 /* s->scsi_csr_1 = value; */ 518 return; 519 /* Hardware timer latch - not implemented yet */ 520 case 0x1a000: 521 default: 522 DPRINTF("BMAP Write B @ %x with %x\n", (unsigned int)addr, value); 523 } 524 } 525 526 static void scr_writew(NeXTState *s, hwaddr addr, uint32_t value) 527 { 528 DPRINTF("BMAP Write W @ %x with %x\n", (unsigned int)addr, value); 529 } 530 531 static void scr_writel(NeXTState *s, hwaddr addr, uint32_t value) 532 { 533 DPRINTF("BMAP Write L @ %x with %x\n", (unsigned int)addr, value); 534 } 535 536 static uint64_t scr_readfn(void *opaque, hwaddr addr, unsigned size) 537 { 538 NeXTState *ns = NEXT_MACHINE(opaque); 539 540 switch (size) { 541 case 1: 542 return scr_readb(ns, addr); 543 case 2: 544 return scr_readw(ns, addr); 545 case 4: 546 return scr_readl(ns, addr); 547 default: 548 g_assert_not_reached(); 549 } 550 } 551 552 static void scr_writefn(void *opaque, hwaddr addr, uint64_t value, 553 unsigned size) 554 { 555 NeXTState *ns = NEXT_MACHINE(opaque); 556 557 switch (size) { 558 case 1: 559 scr_writeb(ns, addr, value); 560 break; 561 case 2: 562 scr_writew(ns, addr, value); 563 break; 564 case 4: 565 scr_writel(ns, addr, value); 566 break; 567 default: 568 g_assert_not_reached(); 569 } 570 } 571 572 static const MemoryRegionOps scr_ops = { 573 .read = scr_readfn, 574 .write = scr_writefn, 575 .valid.min_access_size = 1, 576 .valid.max_access_size = 4, 577 .endianness = DEVICE_NATIVE_ENDIAN, 578 }; 579 580 #define NEXTDMA_SCSI(x) (0x10 + x) 581 #define NEXTDMA_FD(x) (0x10 + x) 582 #define NEXTDMA_ENTX(x) (0x110 + x) 583 #define NEXTDMA_ENRX(x) (0x150 + x) 584 #define NEXTDMA_CSR 0x0 585 #define NEXTDMA_NEXT 0x4000 586 #define NEXTDMA_LIMIT 0x4004 587 #define NEXTDMA_START 0x4008 588 #define NEXTDMA_STOP 0x400c 589 #define NEXTDMA_NEXT_INIT 0x4200 590 #define NEXTDMA_SIZE 0x4204 591 592 static void dma_writel(void *opaque, hwaddr addr, uint64_t value, 593 unsigned int size) 594 { 595 NeXTState *next_state = NEXT_MACHINE(opaque); 596 597 switch (addr) { 598 case NEXTDMA_ENRX(NEXTDMA_CSR): 599 if (value & DMA_DEV2M) { 600 next_state->dma[NEXTDMA_ENRX].csr |= DMA_DEV2M; 601 } 602 603 if (value & DMA_SETENABLE) { 604 /* DPRINTF("SCSI DMA ENABLE\n"); */ 605 next_state->dma[NEXTDMA_ENRX].csr |= DMA_ENABLE; 606 } 607 if (value & DMA_SETSUPDATE) { 608 next_state->dma[NEXTDMA_ENRX].csr |= DMA_SUPDATE; 609 } 610 if (value & DMA_CLRCOMPLETE) { 611 next_state->dma[NEXTDMA_ENRX].csr &= ~DMA_COMPLETE; 612 } 613 614 if (value & DMA_RESET) { 615 next_state->dma[NEXTDMA_ENRX].csr &= ~(DMA_COMPLETE | DMA_SUPDATE | 616 DMA_ENABLE | DMA_DEV2M); 617 } 618 /* DPRINTF("RXCSR \tWrite: %x\n",value); */ 619 break; 620 case NEXTDMA_ENRX(NEXTDMA_NEXT_INIT): 621 next_state->dma[NEXTDMA_ENRX].next_initbuf = value; 622 break; 623 case NEXTDMA_ENRX(NEXTDMA_NEXT): 624 next_state->dma[NEXTDMA_ENRX].next = value; 625 break; 626 case NEXTDMA_ENRX(NEXTDMA_LIMIT): 627 next_state->dma[NEXTDMA_ENRX].limit = value; 628 break; 629 case NEXTDMA_SCSI(NEXTDMA_CSR): 630 if (value & DMA_DEV2M) { 631 next_state->dma[NEXTDMA_SCSI].csr |= DMA_DEV2M; 632 } 633 if (value & DMA_SETENABLE) { 634 /* DPRINTF("SCSI DMA ENABLE\n"); */ 635 next_state->dma[NEXTDMA_SCSI].csr |= DMA_ENABLE; 636 } 637 if (value & DMA_SETSUPDATE) { 638 next_state->dma[NEXTDMA_SCSI].csr |= DMA_SUPDATE; 639 } 640 if (value & DMA_CLRCOMPLETE) { 641 next_state->dma[NEXTDMA_SCSI].csr &= ~DMA_COMPLETE; 642 } 643 644 if (value & DMA_RESET) { 645 next_state->dma[NEXTDMA_SCSI].csr &= ~(DMA_COMPLETE | DMA_SUPDATE | 646 DMA_ENABLE | DMA_DEV2M); 647 /* DPRINTF("SCSI DMA RESET\n"); */ 648 } 649 /* DPRINTF("RXCSR \tWrite: %x\n",value); */ 650 break; 651 652 case NEXTDMA_SCSI(NEXTDMA_NEXT): 653 next_state->dma[NEXTDMA_SCSI].next = value; 654 break; 655 656 case NEXTDMA_SCSI(NEXTDMA_LIMIT): 657 next_state->dma[NEXTDMA_SCSI].limit = value; 658 break; 659 660 case NEXTDMA_SCSI(NEXTDMA_START): 661 next_state->dma[NEXTDMA_SCSI].start = value; 662 break; 663 664 case NEXTDMA_SCSI(NEXTDMA_STOP): 665 next_state->dma[NEXTDMA_SCSI].stop = value; 666 break; 667 668 case NEXTDMA_SCSI(NEXTDMA_NEXT_INIT): 669 next_state->dma[NEXTDMA_SCSI].next_initbuf = value; 670 break; 671 672 default: 673 DPRINTF("DMA write @ %x w/ %x\n", (unsigned)addr, (unsigned)value); 674 } 675 } 676 677 static uint64_t dma_readl(void *opaque, hwaddr addr, unsigned int size) 678 { 679 NeXTState *next_state = NEXT_MACHINE(opaque); 680 681 switch (addr) { 682 case NEXTDMA_SCSI(NEXTDMA_CSR): 683 DPRINTF("SCSI DMA CSR READ\n"); 684 return next_state->dma[NEXTDMA_SCSI].csr; 685 case NEXTDMA_ENRX(NEXTDMA_CSR): 686 return next_state->dma[NEXTDMA_ENRX].csr; 687 case NEXTDMA_ENRX(NEXTDMA_NEXT_INIT): 688 return next_state->dma[NEXTDMA_ENRX].next_initbuf; 689 case NEXTDMA_ENRX(NEXTDMA_NEXT): 690 return next_state->dma[NEXTDMA_ENRX].next; 691 case NEXTDMA_ENRX(NEXTDMA_LIMIT): 692 return next_state->dma[NEXTDMA_ENRX].limit; 693 694 case NEXTDMA_SCSI(NEXTDMA_NEXT): 695 return next_state->dma[NEXTDMA_SCSI].next; 696 case NEXTDMA_SCSI(NEXTDMA_NEXT_INIT): 697 return next_state->dma[NEXTDMA_SCSI].next_initbuf; 698 case NEXTDMA_SCSI(NEXTDMA_LIMIT): 699 return next_state->dma[NEXTDMA_SCSI].limit; 700 case NEXTDMA_SCSI(NEXTDMA_START): 701 return next_state->dma[NEXTDMA_SCSI].start; 702 case NEXTDMA_SCSI(NEXTDMA_STOP): 703 return next_state->dma[NEXTDMA_SCSI].stop; 704 705 default: 706 DPRINTF("DMA read @ %x\n", (unsigned int)addr); 707 return 0; 708 } 709 710 /* 711 * once the csr's are done, subtract 0x3FEC from the addr, and that will 712 * normalize the upper registers 713 */ 714 } 715 716 static const MemoryRegionOps dma_ops = { 717 .read = dma_readl, 718 .write = dma_writel, 719 .impl.min_access_size = 4, 720 .valid.min_access_size = 4, 721 .valid.max_access_size = 4, 722 .endianness = DEVICE_NATIVE_ENDIAN, 723 }; 724 725 /* 726 * TODO: set the shift numbers as values in the enum, so the first switch 727 * will not be needed 728 */ 729 void next_irq(void *opaque, int number, int level) 730 { 731 M68kCPU *cpu = opaque; 732 int shift = 0; 733 NeXTState *ns = NEXT_MACHINE(qdev_get_machine()); 734 735 /* first switch sets interupt status */ 736 /* DPRINTF("IRQ %i\n",number); */ 737 switch (number) { 738 /* level 3 - floppy, kbd/mouse, power, ether rx/tx, scsi, clock */ 739 case NEXT_FD_I: 740 shift = 7; 741 break; 742 case NEXT_KBD_I: 743 shift = 3; 744 break; 745 case NEXT_PWR_I: 746 shift = 2; 747 break; 748 case NEXT_ENRX_I: 749 shift = 9; 750 break; 751 case NEXT_ENTX_I: 752 shift = 10; 753 break; 754 case NEXT_SCSI_I: 755 shift = 12; 756 break; 757 case NEXT_CLK_I: 758 shift = 5; 759 break; 760 761 /* level 5 - scc (serial) */ 762 case NEXT_SCC_I: 763 shift = 17; 764 break; 765 766 /* level 6 - audio etherrx/tx dma */ 767 case NEXT_ENTX_DMA_I: 768 shift = 28; 769 break; 770 case NEXT_ENRX_DMA_I: 771 shift = 27; 772 break; 773 case NEXT_SCSI_DMA_I: 774 shift = 26; 775 break; 776 case NEXT_SND_I: 777 shift = 23; 778 break; 779 case NEXT_SCC_DMA_I: 780 shift = 21; 781 break; 782 783 } 784 /* 785 * this HAS to be wrong, the interrupt handlers in mach and together 786 * int_status and int_mask and return if there is a hit 787 */ 788 if (ns->int_mask & (1 << shift)) { 789 DPRINTF("%x interrupt masked @ %x\n", 1 << shift, cpu->env.pc); 790 /* return; */ 791 } 792 793 /* second switch triggers the correct interrupt */ 794 if (level) { 795 ns->int_status |= 1 << shift; 796 797 switch (number) { 798 /* level 3 - floppy, kbd/mouse, power, ether rx/tx, scsi, clock */ 799 case NEXT_FD_I: 800 case NEXT_KBD_I: 801 case NEXT_PWR_I: 802 case NEXT_ENRX_I: 803 case NEXT_ENTX_I: 804 case NEXT_SCSI_I: 805 case NEXT_CLK_I: 806 m68k_set_irq_level(cpu, 3, 27); 807 break; 808 809 /* level 5 - scc (serial) */ 810 case NEXT_SCC_I: 811 m68k_set_irq_level(cpu, 5, 29); 812 break; 813 814 /* level 6 - audio etherrx/tx dma */ 815 case NEXT_ENTX_DMA_I: 816 case NEXT_ENRX_DMA_I: 817 case NEXT_SCSI_DMA_I: 818 case NEXT_SND_I: 819 case NEXT_SCC_DMA_I: 820 m68k_set_irq_level(cpu, 6, 30); 821 break; 822 } 823 } else { 824 ns->int_status &= ~(1 << shift); 825 cpu_reset_interrupt(CPU(cpu), CPU_INTERRUPT_HARD); 826 } 827 } 828 829 static void next_serial_irq(void *opaque, int n, int level) 830 { 831 /* DPRINTF("SCC IRQ NUM %i\n",n); */ 832 if (n) { 833 next_irq(opaque, NEXT_SCC_DMA_I, level); 834 } else { 835 next_irq(opaque, NEXT_SCC_I, level); 836 } 837 } 838 839 static void next_escc_init(M68kCPU *cpu) 840 { 841 qemu_irq *ser_irq = qemu_allocate_irqs(next_serial_irq, cpu, 2); 842 DeviceState *dev; 843 SysBusDevice *s; 844 845 dev = qdev_new(TYPE_ESCC); 846 qdev_prop_set_uint32(dev, "disabled", 0); 847 qdev_prop_set_uint32(dev, "frequency", 9600 * 384); 848 qdev_prop_set_uint32(dev, "it_shift", 0); 849 qdev_prop_set_bit(dev, "bit_swap", true); 850 qdev_prop_set_chr(dev, "chrB", serial_hd(1)); 851 qdev_prop_set_chr(dev, "chrA", serial_hd(0)); 852 qdev_prop_set_uint32(dev, "chnBtype", escc_serial); 853 qdev_prop_set_uint32(dev, "chnAtype", escc_serial); 854 855 s = SYS_BUS_DEVICE(dev); 856 sysbus_realize_and_unref(s, &error_fatal); 857 sysbus_connect_irq(s, 0, ser_irq[0]); 858 sysbus_connect_irq(s, 1, ser_irq[1]); 859 sysbus_mmio_map(s, 0, 0x2118000); 860 } 861 862 static void next_cube_init(MachineState *machine) 863 { 864 M68kCPU *cpu; 865 CPUM68KState *env; 866 MemoryRegion *rom = g_new(MemoryRegion, 1); 867 MemoryRegion *mmiomem = g_new(MemoryRegion, 1); 868 MemoryRegion *scrmem = g_new(MemoryRegion, 1); 869 MemoryRegion *dmamem = g_new(MemoryRegion, 1); 870 MemoryRegion *bmapm1 = g_new(MemoryRegion, 1); 871 MemoryRegion *bmapm2 = g_new(MemoryRegion, 1); 872 MemoryRegion *sysmem = get_system_memory(); 873 NeXTState *ns = NEXT_MACHINE(machine); 874 DeviceState *dev; 875 876 /* Initialize the cpu core */ 877 cpu = M68K_CPU(cpu_create(machine->cpu_type)); 878 if (!cpu) { 879 error_report("Unable to find m68k CPU definition"); 880 exit(1); 881 } 882 env = &cpu->env; 883 884 /* Initialize CPU registers. */ 885 env->vbr = 0; 886 env->sr = 0x2700; 887 888 /* Set internal registers to initial values */ 889 /* 0x0000XX00 << vital bits */ 890 ns->scr1 = 0x00011102; 891 ns->scr2 = 0x00ff0c80; 892 ns->rtc.status = 0x90; 893 894 /* Load RTC RAM - TODO: provide possibility to load contents from file */ 895 memcpy(ns->rtc.ram, rtc_ram2, 32); 896 897 /* 64MB RAM starting at 0x04000000 */ 898 memory_region_add_subregion(sysmem, 0x04000000, machine->ram); 899 900 /* Framebuffer */ 901 dev = qdev_new(TYPE_NEXTFB); 902 sysbus_realize_and_unref(SYS_BUS_DEVICE(dev), &error_fatal); 903 sysbus_mmio_map(SYS_BUS_DEVICE(dev), 0, 0x0B000000); 904 905 /* MMIO */ 906 memory_region_init_io(mmiomem, NULL, &mmio_ops, machine, "next.mmio", 907 0xD0000); 908 memory_region_add_subregion(sysmem, 0x02000000, mmiomem); 909 910 /* BMAP memory */ 911 memory_region_init_ram_shared_nomigrate(bmapm1, NULL, "next.bmapmem", 64, 912 true, &error_fatal); 913 memory_region_add_subregion(sysmem, 0x020c0000, bmapm1); 914 /* The Rev_2.5_v66.bin firmware accesses it at 0x820c0020, too */ 915 memory_region_init_alias(bmapm2, NULL, "next.bmapmem2", bmapm1, 0x0, 64); 916 memory_region_add_subregion(sysmem, 0x820c0000, bmapm2); 917 918 /* BMAP IO - acts as a catch-all for now */ 919 memory_region_init_io(scrmem, NULL, &scr_ops, machine, "next.scr", 920 0x20000); 921 memory_region_add_subregion(sysmem, 0x02100000, scrmem); 922 923 /* KBD */ 924 dev = qdev_new(TYPE_NEXTKBD); 925 sysbus_realize_and_unref(SYS_BUS_DEVICE(dev), &error_fatal); 926 sysbus_mmio_map(SYS_BUS_DEVICE(dev), 0, 0x0200e000); 927 928 /* Load ROM here */ 929 if (bios_name == NULL) { 930 bios_name = ROM_FILE; 931 } 932 /* still not sure if the rom should also be mapped at 0x0*/ 933 memory_region_init_rom(rom, NULL, "next.rom", 0x20000, &error_fatal); 934 memory_region_add_subregion(sysmem, 0x01000000, rom); 935 if (load_image_targphys(bios_name, 0x01000000, 0x20000) < 8) { 936 if (!qtest_enabled()) { 937 error_report("Failed to load firmware '%s'.", bios_name); 938 } 939 } else { 940 uint8_t *ptr; 941 /* Initial PC is always at offset 4 in firmware binaries */ 942 ptr = rom_ptr(0x01000004, 4); 943 g_assert(ptr != NULL); 944 env->pc = ldl_p(ptr); 945 if (env->pc >= 0x01020000) { 946 error_report("'%s' does not seem to be a valid firmware image.", 947 bios_name); 948 exit(1); 949 } 950 } 951 952 /* Serial */ 953 next_escc_init(cpu); 954 955 /* TODO: */ 956 /* Network */ 957 /* SCSI */ 958 959 /* DMA */ 960 memory_region_init_io(dmamem, NULL, &dma_ops, machine, "next.dma", 0x5000); 961 memory_region_add_subregion(sysmem, 0x02000000, dmamem); 962 } 963 964 static void next_machine_class_init(ObjectClass *oc, void *data) 965 { 966 MachineClass *mc = MACHINE_CLASS(oc); 967 968 mc->desc = "NeXT Cube"; 969 mc->init = next_cube_init; 970 mc->default_ram_size = RAM_SIZE; 971 mc->default_ram_id = "next.ram"; 972 mc->default_cpu_type = M68K_CPU_TYPE_NAME("m68040"); 973 } 974 975 static const TypeInfo next_typeinfo = { 976 .name = TYPE_NEXT_MACHINE, 977 .parent = TYPE_MACHINE, 978 .class_init = next_machine_class_init, 979 .instance_size = sizeof(NeXTState), 980 }; 981 982 static void next_register_type(void) 983 { 984 type_register_static(&next_typeinfo); 985 } 986 987 type_init(next_register_type) 988