xref: /openbmc/qemu/hw/m68k/next-cube.c (revision 0885f1221e0add5529dada1e7948d2c00189cb8b)
1 /*
2  * NeXT Cube System Driver
3  *
4  * Copyright (c) 2011 Bryce Lanham
5  *
6  * This code is free software; you can redistribute it and/or modify
7  * it under the terms of the GNU General Public License as published
8  * by the Free Software Foundation; either version 2 of the License,
9  * or (at your option) any later version.
10  */
11 
12 #include "qemu/osdep.h"
13 #include "exec/hwaddr.h"
14 #include "sysemu/sysemu.h"
15 #include "sysemu/qtest.h"
16 #include "hw/irq.h"
17 #include "hw/m68k/next-cube.h"
18 #include "hw/boards.h"
19 #include "hw/loader.h"
20 #include "hw/scsi/esp.h"
21 #include "hw/sysbus.h"
22 #include "qom/object.h"
23 #include "hw/char/escc.h" /* ZILOG 8530 Serial Emulation */
24 #include "hw/block/fdc.h"
25 #include "hw/qdev-properties.h"
26 #include "qapi/error.h"
27 #include "qemu/error-report.h"
28 #include "ui/console.h"
29 #include "target/m68k/cpu.h"
30 #include "migration/vmstate.h"
31 
32 /* #define DEBUG_NEXT */
33 #ifdef DEBUG_NEXT
34 #define DPRINTF(fmt, ...) \
35     do { printf("NeXT: " fmt , ## __VA_ARGS__); } while (0)
36 #else
37 #define DPRINTF(fmt, ...) do { } while (0)
38 #endif
39 
40 #define TYPE_NEXT_MACHINE MACHINE_TYPE_NAME("next-cube")
41 OBJECT_DECLARE_SIMPLE_TYPE(NeXTState, NEXT_MACHINE)
42 
43 #define ENTRY       0x0100001e
44 #define RAM_SIZE    0x4000000
45 #define ROM_FILE    "Rev_2.5_v66.bin"
46 
47 typedef struct next_dma {
48     uint32_t csr;
49 
50     uint32_t saved_next;
51     uint32_t saved_limit;
52     uint32_t saved_start;
53     uint32_t saved_stop;
54 
55     uint32_t next;
56     uint32_t limit;
57     uint32_t start;
58     uint32_t stop;
59 
60     uint32_t next_initbuf;
61     uint32_t size;
62 } next_dma;
63 
64 typedef struct NextRtc {
65     uint8_t ram[32];
66     uint8_t command;
67     uint8_t value;
68     uint8_t status;
69     uint8_t control;
70     uint8_t retval;
71 } NextRtc;
72 
73 struct NeXTState {
74     MachineState parent;
75 
76     next_dma dma[10];
77 };
78 
79 #define TYPE_NEXT_PC "next-pc"
80 OBJECT_DECLARE_SIMPLE_TYPE(NeXTPC, NEXT_PC)
81 
82 /* NeXT Peripheral Controller */
83 struct NeXTPC {
84     SysBusDevice parent_obj;
85 
86     M68kCPU *cpu;
87 
88     MemoryRegion mmiomem;
89     MemoryRegion scrmem;
90 
91     uint32_t scr1;
92     uint32_t scr2;
93     uint32_t int_mask;
94     uint32_t int_status;
95     uint8_t scsi_csr_1;
96     uint8_t scsi_csr_2;
97 
98     qemu_irq scsi_reset;
99     qemu_irq scsi_dma;
100 
101     NextRtc rtc;
102 };
103 
104 /* Thanks to NeXT forums for this */
105 /*
106 static const uint8_t rtc_ram3[32] = {
107     0x94, 0x0f, 0x40, 0x00, 0x00, 0x00, 0x00, 0x00,
108     0x00, 0x00, 0xfb, 0x6d, 0x00, 0x00, 0x7B, 0x00,
109     0x00, 0x00, 0x65, 0x6e, 0x00, 0x00, 0x00, 0x00,
110     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x50, 0x13
111 };
112 */
113 static const uint8_t rtc_ram2[32] = {
114     0x94, 0x0f, 0x40, 0x03, 0x00, 0x00, 0x00, 0x00,
115     0x00, 0x00, 0xfb, 0x6d, 0x00, 0x00, 0x4b, 0x00,
116     0x41, 0x00, 0x20, 0x00, 0x00, 0x00, 0x00, 0x00,
117     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x84, 0x7e,
118 };
119 
120 #define SCR2_RTCLK 0x2
121 #define SCR2_RTDATA 0x4
122 #define SCR2_TOBCD(x) (((x / 10) << 4) + (x % 10))
123 
124 static void nextscr2_write(NeXTPC *s, uint32_t val, int size)
125 {
126     static int led;
127     static int phase;
128     static uint8_t old_scr2;
129     uint8_t scr2_2;
130     NextRtc *rtc = &s->rtc;
131 
132     if (size == 4) {
133         scr2_2 = (val >> 8) & 0xFF;
134     } else {
135         scr2_2 = val & 0xFF;
136     }
137 
138     if (val & 0x1) {
139         DPRINTF("fault!\n");
140         led++;
141         if (led == 10) {
142             DPRINTF("LED flashing, possible fault!\n");
143             led = 0;
144         }
145     }
146 
147     if (scr2_2 & 0x1) {
148         /* DPRINTF("RTC %x phase %i\n", scr2_2, phase); */
149         if (phase == -1) {
150             phase = 0;
151         }
152         /* If we are in going down clock... do something */
153         if (((old_scr2 & SCR2_RTCLK) != (scr2_2 & SCR2_RTCLK)) &&
154                 ((scr2_2 & SCR2_RTCLK) == 0)) {
155             if (phase < 8) {
156                 rtc->command = (rtc->command << 1) |
157                                ((scr2_2 & SCR2_RTDATA) ? 1 : 0);
158             }
159             if (phase >= 8 && phase < 16) {
160                 rtc->value = (rtc->value << 1) |
161                              ((scr2_2 & SCR2_RTDATA) ? 1 : 0);
162 
163                 /* if we read RAM register, output RT_DATA bit */
164                 if (rtc->command <= 0x1F) {
165                     scr2_2 = scr2_2 & (~SCR2_RTDATA);
166                     if (rtc->ram[rtc->command] & (0x80 >> (phase - 8))) {
167                         scr2_2 |= SCR2_RTDATA;
168                     }
169 
170                     rtc->retval = (rtc->retval << 1) |
171                                   ((scr2_2 & SCR2_RTDATA) ? 1 : 0);
172                 }
173                 /* read the status 0x30 */
174                 if (rtc->command == 0x30) {
175                     scr2_2 = scr2_2 & (~SCR2_RTDATA);
176                     /* for now status = 0x98 (new rtc + FTU) */
177                     if (rtc->status & (0x80 >> (phase - 8))) {
178                         scr2_2 |= SCR2_RTDATA;
179                     }
180 
181                     rtc->retval = (rtc->retval << 1) |
182                                   ((scr2_2 & SCR2_RTDATA) ? 1 : 0);
183                 }
184                 /* read the status 0x31 */
185                 if (rtc->command == 0x31) {
186                     scr2_2 = scr2_2 & (~SCR2_RTDATA);
187                     if (rtc->control & (0x80 >> (phase - 8))) {
188                         scr2_2 |= SCR2_RTDATA;
189                     }
190                     rtc->retval = (rtc->retval << 1) |
191                                   ((scr2_2 & SCR2_RTDATA) ? 1 : 0);
192                 }
193 
194                 if ((rtc->command >= 0x20) && (rtc->command <= 0x2F)) {
195                     scr2_2 = scr2_2 & (~SCR2_RTDATA);
196                     /* for now 0x00 */
197                     time_t time_h = time(NULL);
198                     struct tm *info = localtime(&time_h);
199                     int ret = 0;
200 
201                     switch (rtc->command) {
202                     case 0x20:
203                         ret = SCR2_TOBCD(info->tm_sec);
204                         break;
205                     case 0x21:
206                         ret = SCR2_TOBCD(info->tm_min);
207                         break;
208                     case 0x22:
209                         ret = SCR2_TOBCD(info->tm_hour);
210                         break;
211                     case 0x24:
212                         ret = SCR2_TOBCD(info->tm_mday);
213                         break;
214                     case 0x25:
215                         ret = SCR2_TOBCD((info->tm_mon + 1));
216                         break;
217                     case 0x26:
218                         ret = SCR2_TOBCD((info->tm_year - 100));
219                         break;
220 
221                     }
222 
223                     if (ret & (0x80 >> (phase - 8))) {
224                         scr2_2 |= SCR2_RTDATA;
225                     }
226                     rtc->retval = (rtc->retval << 1) |
227                                   ((scr2_2 & SCR2_RTDATA) ? 1 : 0);
228                 }
229 
230             }
231 
232             phase++;
233             if (phase == 16) {
234                 if (rtc->command >= 0x80 && rtc->command <= 0x9F) {
235                     rtc->ram[rtc->command - 0x80] = rtc->value;
236                 }
237                 /* write to x30 register */
238                 if (rtc->command == 0xB1) {
239                     /* clear FTU */
240                     if (rtc->value & 0x04) {
241                         rtc->status = rtc->status & (~0x18);
242                         s->int_status = s->int_status & (~0x04);
243                     }
244                 }
245             }
246         }
247     } else {
248         /* else end or abort */
249         phase = -1;
250         rtc->command = 0;
251         rtc->value = 0;
252     }
253     s->scr2 = val & 0xFFFF00FF;
254     s->scr2 |= scr2_2 << 8;
255     old_scr2 = scr2_2;
256 }
257 
258 static uint32_t mmio_readb(NeXTPC *s, hwaddr addr)
259 {
260     switch (addr) {
261     case 0xc000:
262         return (s->scr1 >> 24) & 0xFF;
263     case 0xc001:
264         return (s->scr1 >> 16) & 0xFF;
265     case 0xc002:
266         return (s->scr1 >> 8)  & 0xFF;
267     case 0xc003:
268         return (s->scr1 >> 0)  & 0xFF;
269 
270     case 0xd000:
271         return (s->scr2 >> 24) & 0xFF;
272     case 0xd001:
273         return (s->scr2 >> 16) & 0xFF;
274     case 0xd002:
275         return (s->scr2 >> 8)  & 0xFF;
276     case 0xd003:
277         return (s->scr2 >> 0)  & 0xFF;
278     case 0x14020:
279         DPRINTF("MMIO Read 0x4020\n");
280         return 0x7f;
281 
282     default:
283         DPRINTF("MMIO Read B @ %"HWADDR_PRIx"\n", addr);
284         return 0x0;
285     }
286 }
287 
288 static uint32_t mmio_readw(NeXTPC *s, hwaddr addr)
289 {
290     switch (addr) {
291     default:
292         DPRINTF("MMIO Read W @ %"HWADDR_PRIx"\n", addr);
293         return 0x0;
294     }
295 }
296 
297 static uint32_t mmio_readl(NeXTPC *s, hwaddr addr)
298 {
299     switch (addr) {
300     case 0x7000:
301         /* DPRINTF("Read INT status: %x\n", s->int_status); */
302         return s->int_status;
303 
304     case 0x7800:
305         DPRINTF("MMIO Read INT mask: %x\n", s->int_mask);
306         return s->int_mask;
307 
308     case 0xc000:
309         return s->scr1;
310 
311     case 0xd000:
312         return s->scr2;
313 
314     default:
315         DPRINTF("MMIO Read L @ %"HWADDR_PRIx"\n", addr);
316         return 0x0;
317     }
318 }
319 
320 static void mmio_writeb(NeXTPC *s, hwaddr addr, uint32_t val)
321 {
322     switch (addr) {
323     case 0xd003:
324         nextscr2_write(s, val, 1);
325         break;
326     default:
327         DPRINTF("MMIO Write B @ %x with %x\n", (unsigned int)addr, val);
328     }
329 
330 }
331 
332 static void mmio_writew(NeXTPC *s, hwaddr addr, uint32_t val)
333 {
334     DPRINTF("MMIO Write W\n");
335 }
336 
337 static void mmio_writel(NeXTPC *s, hwaddr addr, uint32_t val)
338 {
339     switch (addr) {
340     case 0x7000:
341         DPRINTF("INT Status old: %x new: %x\n", s->int_status, val);
342         s->int_status = val;
343         break;
344     case 0x7800:
345         DPRINTF("INT Mask old: %x new: %x\n", s->int_mask, val);
346         s->int_mask  = val;
347         break;
348     case 0xc000:
349         DPRINTF("SCR1 Write: %x\n", val);
350         break;
351     case 0xd000:
352         nextscr2_write(s, val, 4);
353         break;
354 
355     default:
356         DPRINTF("MMIO Write l @ %x with %x\n", (unsigned int)addr, val);
357     }
358 }
359 
360 static uint64_t mmio_readfn(void *opaque, hwaddr addr, unsigned size)
361 {
362     NeXTPC *s = NEXT_PC(opaque);
363 
364     switch (size) {
365     case 1:
366         return mmio_readb(s, addr);
367     case 2:
368         return mmio_readw(s, addr);
369     case 4:
370         return mmio_readl(s, addr);
371     default:
372         g_assert_not_reached();
373     }
374 }
375 
376 static void mmio_writefn(void *opaque, hwaddr addr, uint64_t value,
377                          unsigned size)
378 {
379     NeXTPC *s = NEXT_PC(opaque);
380 
381     switch (size) {
382     case 1:
383         mmio_writeb(s, addr, value);
384         break;
385     case 2:
386         mmio_writew(s, addr, value);
387         break;
388     case 4:
389         mmio_writel(s, addr, value);
390         break;
391     default:
392         g_assert_not_reached();
393     }
394 }
395 
396 static const MemoryRegionOps mmio_ops = {
397     .read = mmio_readfn,
398     .write = mmio_writefn,
399     .valid.min_access_size = 1,
400     .valid.max_access_size = 4,
401     .endianness = DEVICE_NATIVE_ENDIAN,
402 };
403 
404 static uint32_t scr_readb(NeXTPC *s, hwaddr addr)
405 {
406     switch (addr) {
407     case 0x14108:
408         DPRINTF("FD read @ %x\n", (unsigned int)addr);
409         return 0x40 | 0x04 | 0x2 | 0x1;
410     case 0x14020:
411         DPRINTF("SCSI 4020  STATUS READ %X\n", s->scsi_csr_1);
412         return s->scsi_csr_1;
413 
414     case 0x14021:
415         DPRINTF("SCSI 4021 STATUS READ %X\n", s->scsi_csr_2);
416         return 0x40;
417 
418     /*
419      * These 4 registers are the hardware timer, not sure which register
420      * is the latch instead of data, but no problems so far
421      */
422     case 0x1a000:
423         return 0xff & (clock() >> 24);
424     case 0x1a001:
425         return 0xff & (clock() >> 16);
426     case 0x1a002:
427         return 0xff & (clock() >> 8);
428     case 0x1a003:
429         /* Hack: We need to have this change consistently to make it work */
430         return 0xFF & clock();
431 
432     default:
433         DPRINTF("BMAP Read B @ %x\n", (unsigned int)addr);
434         return 0;
435     }
436 }
437 
438 static uint32_t scr_readw(NeXTPC *s, hwaddr addr)
439 {
440     DPRINTF("BMAP Read W @ %x\n", (unsigned int)addr);
441     return 0;
442 }
443 
444 static uint32_t scr_readl(NeXTPC *s, hwaddr addr)
445 {
446     DPRINTF("BMAP Read L @ %x\n", (unsigned int)addr);
447     return 0;
448 }
449 
450 #define SCSICSR_ENABLE  0x01
451 #define SCSICSR_RESET   0x02  /* reset scsi dma */
452 #define SCSICSR_FIFOFL  0x04
453 #define SCSICSR_DMADIR  0x08  /* if set, scsi to mem */
454 #define SCSICSR_CPUDMA  0x10  /* if set, dma enabled */
455 #define SCSICSR_INTMASK 0x20  /* if set, interrupt enabled */
456 
457 static void scr_writeb(NeXTPC *s, hwaddr addr, uint32_t value)
458 {
459     switch (addr) {
460     case 0x14108:
461         DPRINTF("FDCSR Write: %x\n", value);
462 
463         if (value == 0x0) {
464             /* qemu_irq_raise(s->fd_irq[0]); */
465         }
466         break;
467     case 0x14020: /* SCSI Control Register */
468         if (value & SCSICSR_FIFOFL) {
469             DPRINTF("SCSICSR FIFO Flush\n");
470             /* will have to add another irq to the esp if this is needed */
471             /* esp_puflush_fifo(esp_g); */
472             qemu_irq_pulse(s->scsi_dma);
473         }
474 
475         if (value & SCSICSR_ENABLE) {
476             DPRINTF("SCSICSR Enable\n");
477             /*
478              * qemu_irq_raise(s->scsi_dma);
479              * s->scsi_csr_1 = 0xc0;
480              * s->scsi_csr_1 |= 0x1;
481              * qemu_irq_pulse(s->scsi_dma);
482              */
483         }
484         /*
485          * else
486          *     s->scsi_csr_1 &= ~SCSICSR_ENABLE;
487          */
488 
489         if (value & SCSICSR_RESET) {
490             DPRINTF("SCSICSR Reset\n");
491             /* I think this should set DMADIR. CPUDMA and INTMASK to 0 */
492             qemu_irq_raise(s->scsi_reset);
493             s->scsi_csr_1 &= ~(SCSICSR_INTMASK | 0x80 | 0x1);
494             qemu_irq_lower(s->scsi_reset);
495         }
496         if (value & SCSICSR_DMADIR) {
497             DPRINTF("SCSICSR DMAdir\n");
498         }
499         if (value & SCSICSR_CPUDMA) {
500             DPRINTF("SCSICSR CPUDMA\n");
501             /* qemu_irq_raise(s->scsi_dma); */
502             s->int_status |= 0x4000000;
503         } else {
504             /* fprintf(stderr,"SCSICSR CPUDMA disabled\n"); */
505             s->int_status &= ~(0x4000000);
506             /* qemu_irq_lower(s->scsi_dma); */
507         }
508         if (value & SCSICSR_INTMASK) {
509             DPRINTF("SCSICSR INTMASK\n");
510             /*
511              * int_mask &= ~0x1000;
512              * s->scsi_csr_1 |= value;
513              * s->scsi_csr_1 &= ~SCSICSR_INTMASK;
514              * if (s->scsi_queued) {
515              *     s->scsi_queued = 0;
516              *     next_irq(s, NEXT_SCSI_I, level);
517              * }
518              */
519         } else {
520             /* int_mask |= 0x1000; */
521         }
522         if (value & 0x80) {
523             /* int_mask |= 0x1000; */
524             /* s->scsi_csr_1 |= 0x80; */
525         }
526         DPRINTF("SCSICSR Write: %x\n", value);
527         /* s->scsi_csr_1 = value; */
528         return;
529     /* Hardware timer latch - not implemented yet */
530     case 0x1a000:
531     default:
532         DPRINTF("BMAP Write B @ %x with %x\n", (unsigned int)addr, value);
533     }
534 }
535 
536 static void scr_writew(NeXTPC *s, hwaddr addr, uint32_t value)
537 {
538     DPRINTF("BMAP Write W @ %x with %x\n", (unsigned int)addr, value);
539 }
540 
541 static void scr_writel(NeXTPC *s, hwaddr addr, uint32_t value)
542 {
543     DPRINTF("BMAP Write L @ %x with %x\n", (unsigned int)addr, value);
544 }
545 
546 static uint64_t scr_readfn(void *opaque, hwaddr addr, unsigned size)
547 {
548     NeXTPC *s = NEXT_PC(opaque);
549 
550     switch (size) {
551     case 1:
552         return scr_readb(s, addr);
553     case 2:
554         return scr_readw(s, addr);
555     case 4:
556         return scr_readl(s, addr);
557     default:
558         g_assert_not_reached();
559     }
560 }
561 
562 static void scr_writefn(void *opaque, hwaddr addr, uint64_t value,
563                         unsigned size)
564 {
565     NeXTPC *s = NEXT_PC(opaque);
566 
567     switch (size) {
568     case 1:
569         scr_writeb(s, addr, value);
570         break;
571     case 2:
572         scr_writew(s, addr, value);
573         break;
574     case 4:
575         scr_writel(s, addr, value);
576         break;
577     default:
578         g_assert_not_reached();
579     }
580 }
581 
582 static const MemoryRegionOps scr_ops = {
583     .read = scr_readfn,
584     .write = scr_writefn,
585     .valid.min_access_size = 1,
586     .valid.max_access_size = 4,
587     .endianness = DEVICE_NATIVE_ENDIAN,
588 };
589 
590 #define NEXTDMA_SCSI(x)      (0x10 + x)
591 #define NEXTDMA_FD(x)        (0x10 + x)
592 #define NEXTDMA_ENTX(x)      (0x110 + x)
593 #define NEXTDMA_ENRX(x)      (0x150 + x)
594 #define NEXTDMA_CSR          0x0
595 #define NEXTDMA_NEXT         0x4000
596 #define NEXTDMA_LIMIT        0x4004
597 #define NEXTDMA_START        0x4008
598 #define NEXTDMA_STOP         0x400c
599 #define NEXTDMA_NEXT_INIT    0x4200
600 #define NEXTDMA_SIZE         0x4204
601 
602 static void dma_writel(void *opaque, hwaddr addr, uint64_t value,
603                        unsigned int size)
604 {
605     NeXTState *next_state = NEXT_MACHINE(opaque);
606 
607     switch (addr) {
608     case NEXTDMA_ENRX(NEXTDMA_CSR):
609         if (value & DMA_DEV2M) {
610             next_state->dma[NEXTDMA_ENRX].csr |= DMA_DEV2M;
611         }
612 
613         if (value & DMA_SETENABLE) {
614             /* DPRINTF("SCSI DMA ENABLE\n"); */
615             next_state->dma[NEXTDMA_ENRX].csr |= DMA_ENABLE;
616         }
617         if (value & DMA_SETSUPDATE) {
618             next_state->dma[NEXTDMA_ENRX].csr |= DMA_SUPDATE;
619         }
620         if (value & DMA_CLRCOMPLETE) {
621             next_state->dma[NEXTDMA_ENRX].csr &= ~DMA_COMPLETE;
622         }
623 
624         if (value & DMA_RESET) {
625             next_state->dma[NEXTDMA_ENRX].csr &= ~(DMA_COMPLETE | DMA_SUPDATE |
626                                                   DMA_ENABLE | DMA_DEV2M);
627         }
628         /* DPRINTF("RXCSR \tWrite: %x\n",value); */
629         break;
630     case NEXTDMA_ENRX(NEXTDMA_NEXT_INIT):
631         next_state->dma[NEXTDMA_ENRX].next_initbuf = value;
632         break;
633     case NEXTDMA_ENRX(NEXTDMA_NEXT):
634         next_state->dma[NEXTDMA_ENRX].next = value;
635         break;
636     case NEXTDMA_ENRX(NEXTDMA_LIMIT):
637         next_state->dma[NEXTDMA_ENRX].limit = value;
638         break;
639     case NEXTDMA_SCSI(NEXTDMA_CSR):
640         if (value & DMA_DEV2M) {
641             next_state->dma[NEXTDMA_SCSI].csr |= DMA_DEV2M;
642         }
643         if (value & DMA_SETENABLE) {
644             /* DPRINTF("SCSI DMA ENABLE\n"); */
645             next_state->dma[NEXTDMA_SCSI].csr |= DMA_ENABLE;
646         }
647         if (value & DMA_SETSUPDATE) {
648             next_state->dma[NEXTDMA_SCSI].csr |= DMA_SUPDATE;
649         }
650         if (value & DMA_CLRCOMPLETE) {
651             next_state->dma[NEXTDMA_SCSI].csr &= ~DMA_COMPLETE;
652         }
653 
654         if (value & DMA_RESET) {
655             next_state->dma[NEXTDMA_SCSI].csr &= ~(DMA_COMPLETE | DMA_SUPDATE |
656                                                   DMA_ENABLE | DMA_DEV2M);
657             /* DPRINTF("SCSI DMA RESET\n"); */
658         }
659         /* DPRINTF("RXCSR \tWrite: %x\n",value); */
660         break;
661 
662     case NEXTDMA_SCSI(NEXTDMA_NEXT):
663         next_state->dma[NEXTDMA_SCSI].next = value;
664         break;
665 
666     case NEXTDMA_SCSI(NEXTDMA_LIMIT):
667         next_state->dma[NEXTDMA_SCSI].limit = value;
668         break;
669 
670     case NEXTDMA_SCSI(NEXTDMA_START):
671         next_state->dma[NEXTDMA_SCSI].start = value;
672         break;
673 
674     case NEXTDMA_SCSI(NEXTDMA_STOP):
675         next_state->dma[NEXTDMA_SCSI].stop = value;
676         break;
677 
678     case NEXTDMA_SCSI(NEXTDMA_NEXT_INIT):
679         next_state->dma[NEXTDMA_SCSI].next_initbuf = value;
680         break;
681 
682     default:
683         DPRINTF("DMA write @ %x w/ %x\n", (unsigned)addr, (unsigned)value);
684     }
685 }
686 
687 static uint64_t dma_readl(void *opaque, hwaddr addr, unsigned int size)
688 {
689     NeXTState *next_state = NEXT_MACHINE(opaque);
690 
691     switch (addr) {
692     case NEXTDMA_SCSI(NEXTDMA_CSR):
693         DPRINTF("SCSI DMA CSR READ\n");
694         return next_state->dma[NEXTDMA_SCSI].csr;
695     case NEXTDMA_ENRX(NEXTDMA_CSR):
696         return next_state->dma[NEXTDMA_ENRX].csr;
697     case NEXTDMA_ENRX(NEXTDMA_NEXT_INIT):
698         return next_state->dma[NEXTDMA_ENRX].next_initbuf;
699     case NEXTDMA_ENRX(NEXTDMA_NEXT):
700         return next_state->dma[NEXTDMA_ENRX].next;
701     case NEXTDMA_ENRX(NEXTDMA_LIMIT):
702         return next_state->dma[NEXTDMA_ENRX].limit;
703 
704     case NEXTDMA_SCSI(NEXTDMA_NEXT):
705         return next_state->dma[NEXTDMA_SCSI].next;
706     case NEXTDMA_SCSI(NEXTDMA_NEXT_INIT):
707         return next_state->dma[NEXTDMA_SCSI].next_initbuf;
708     case NEXTDMA_SCSI(NEXTDMA_LIMIT):
709         return next_state->dma[NEXTDMA_SCSI].limit;
710     case NEXTDMA_SCSI(NEXTDMA_START):
711         return next_state->dma[NEXTDMA_SCSI].start;
712     case NEXTDMA_SCSI(NEXTDMA_STOP):
713         return next_state->dma[NEXTDMA_SCSI].stop;
714 
715     default:
716         DPRINTF("DMA read @ %x\n", (unsigned int)addr);
717         return 0;
718     }
719 
720     /*
721      * once the csr's are done, subtract 0x3FEC from the addr, and that will
722      * normalize the upper registers
723      */
724 }
725 
726 static const MemoryRegionOps dma_ops = {
727     .read = dma_readl,
728     .write = dma_writel,
729     .impl.min_access_size = 4,
730     .valid.min_access_size = 4,
731     .valid.max_access_size = 4,
732     .endianness = DEVICE_NATIVE_ENDIAN,
733 };
734 
735 static void next_irq(void *opaque, int number, int level)
736 {
737     NeXTPC *s = NEXT_PC(opaque);
738     M68kCPU *cpu = s->cpu;
739     int shift = 0;
740 
741     /* first switch sets interrupt status */
742     /* DPRINTF("IRQ %i\n",number); */
743     switch (number) {
744     /* level 3 - floppy, kbd/mouse, power, ether rx/tx, scsi, clock */
745     case NEXT_FD_I:
746         shift = 7;
747         break;
748     case NEXT_KBD_I:
749         shift = 3;
750         break;
751     case NEXT_PWR_I:
752         shift = 2;
753         break;
754     case NEXT_ENRX_I:
755         shift = 9;
756         break;
757     case NEXT_ENTX_I:
758         shift = 10;
759         break;
760     case NEXT_SCSI_I:
761         shift = 12;
762         break;
763     case NEXT_CLK_I:
764         shift = 5;
765         break;
766 
767     /* level 5 - scc (serial) */
768     case NEXT_SCC_I:
769         shift = 17;
770         break;
771 
772     /* level 6 - audio etherrx/tx dma */
773     case NEXT_ENTX_DMA_I:
774         shift = 28;
775         break;
776     case NEXT_ENRX_DMA_I:
777         shift = 27;
778         break;
779     case NEXT_SCSI_DMA_I:
780         shift = 26;
781         break;
782     case NEXT_SND_I:
783         shift = 23;
784         break;
785     case NEXT_SCC_DMA_I:
786         shift = 21;
787         break;
788 
789     }
790     /*
791      * this HAS to be wrong, the interrupt handlers in mach and together
792      * int_status and int_mask and return if there is a hit
793      */
794     if (s->int_mask & (1 << shift)) {
795         DPRINTF("%x interrupt masked @ %x\n", 1 << shift, cpu->env.pc);
796         /* return; */
797     }
798 
799     /* second switch triggers the correct interrupt */
800     if (level) {
801         s->int_status |= 1 << shift;
802 
803         switch (number) {
804         /* level 3 - floppy, kbd/mouse, power, ether rx/tx, scsi, clock */
805         case NEXT_FD_I:
806         case NEXT_KBD_I:
807         case NEXT_PWR_I:
808         case NEXT_ENRX_I:
809         case NEXT_ENTX_I:
810         case NEXT_SCSI_I:
811         case NEXT_CLK_I:
812             m68k_set_irq_level(cpu, 3, 27);
813             break;
814 
815         /* level 5 - scc (serial) */
816         case NEXT_SCC_I:
817             m68k_set_irq_level(cpu, 5, 29);
818             break;
819 
820         /* level 6 - audio etherrx/tx dma */
821         case NEXT_ENTX_DMA_I:
822         case NEXT_ENRX_DMA_I:
823         case NEXT_SCSI_DMA_I:
824         case NEXT_SND_I:
825         case NEXT_SCC_DMA_I:
826             m68k_set_irq_level(cpu, 6, 30);
827             break;
828         }
829     } else {
830         s->int_status &= ~(1 << shift);
831         cpu_reset_interrupt(CPU(cpu), CPU_INTERRUPT_HARD);
832     }
833 }
834 
835 static void nextdma_write(void *opaque, uint8_t *buf, int size, int type)
836 {
837     uint32_t base_addr;
838     int irq = 0;
839     uint8_t align = 16;
840     NeXTState *next_state = NEXT_MACHINE(qdev_get_machine());
841 
842     if (type == NEXTDMA_ENRX || type == NEXTDMA_ENTX) {
843         align = 32;
844     }
845     /* Most DMA is supposedly 16 byte aligned */
846     if ((size % align) != 0) {
847         size -= size % align;
848         size += align;
849     }
850 
851     /*
852      * prom sets the dma start using initbuf while the bootloader uses next
853      * so we check to see if initbuf is 0
854      */
855     if (next_state->dma[type].next_initbuf == 0) {
856         base_addr = next_state->dma[type].next;
857     } else {
858         base_addr = next_state->dma[type].next_initbuf;
859     }
860 
861     cpu_physical_memory_write(base_addr, buf, size);
862 
863     next_state->dma[type].next_initbuf = 0;
864 
865     /* saved limit is checked to calculate packet size by both, rom and netbsd */
866     next_state->dma[type].saved_limit = (next_state->dma[type].next + size);
867     next_state->dma[type].saved_next  = (next_state->dma[type].next);
868 
869     /*
870      * 32 bytes under savedbase seems to be some kind of register
871      * of which the purpose is unknown as of yet
872      */
873     /* stl_phys(s->rx_dma.base-32,0xFFFFFFFF); */
874 
875     if (!(next_state->dma[type].csr & DMA_SUPDATE)) {
876         next_state->dma[type].next  = next_state->dma[type].start;
877         next_state->dma[type].limit = next_state->dma[type].stop;
878     }
879 
880     /* Set dma registers and raise an irq */
881     next_state->dma[type].csr |= DMA_COMPLETE; /* DON'T CHANGE THIS! */
882 
883     switch (type) {
884     case NEXTDMA_SCSI:
885         irq = NEXT_SCSI_DMA_I;
886         break;
887     }
888 
889     next_irq(opaque, irq, 1);
890     next_irq(opaque, irq, 0);
891 }
892 
893 static void nextscsi_read(void *opaque, uint8_t *buf, int len)
894 {
895     DPRINTF("SCSI READ: %x\n", len);
896     abort();
897 }
898 
899 static void nextscsi_write(void *opaque, uint8_t *buf, int size)
900 {
901     DPRINTF("SCSI WRITE: %i\n", size);
902     nextdma_write(opaque, buf, size, NEXTDMA_SCSI);
903 }
904 
905 static void next_scsi_init(DeviceState *pcdev, M68kCPU *cpu)
906 {
907     struct NeXTPC *next_pc = NEXT_PC(pcdev);
908     DeviceState *dev;
909     SysBusDevice *sysbusdev;
910     SysBusESPState *sysbus_esp;
911     ESPState *esp;
912 
913     dev = qdev_new(TYPE_SYSBUS_ESP);
914     sysbus_esp = SYSBUS_ESP(dev);
915     esp = &sysbus_esp->esp;
916     esp->dma_memory_read = nextscsi_read;
917     esp->dma_memory_write = nextscsi_write;
918     esp->dma_opaque = pcdev;
919     sysbus_esp->it_shift = 0;
920     esp->dma_enabled = 1;
921     sysbusdev = SYS_BUS_DEVICE(dev);
922     sysbus_realize_and_unref(sysbusdev, &error_fatal);
923     sysbus_connect_irq(sysbusdev, 0, qdev_get_gpio_in(pcdev, NEXT_SCSI_I));
924     sysbus_mmio_map(sysbusdev, 0, 0x2114000);
925 
926     next_pc->scsi_reset = qdev_get_gpio_in(dev, 0);
927     next_pc->scsi_dma = qdev_get_gpio_in(dev, 1);
928 
929     scsi_bus_legacy_handle_cmdline(&esp->bus);
930 }
931 
932 static void next_escc_init(DeviceState *pcdev)
933 {
934     DeviceState *dev;
935     SysBusDevice *s;
936 
937     dev = qdev_new(TYPE_ESCC);
938     qdev_prop_set_uint32(dev, "disabled", 0);
939     qdev_prop_set_uint32(dev, "frequency", 9600 * 384);
940     qdev_prop_set_uint32(dev, "it_shift", 0);
941     qdev_prop_set_bit(dev, "bit_swap", true);
942     qdev_prop_set_chr(dev, "chrB", serial_hd(1));
943     qdev_prop_set_chr(dev, "chrA", serial_hd(0));
944     qdev_prop_set_uint32(dev, "chnBtype", escc_serial);
945     qdev_prop_set_uint32(dev, "chnAtype", escc_serial);
946 
947     s = SYS_BUS_DEVICE(dev);
948     sysbus_realize_and_unref(s, &error_fatal);
949     sysbus_connect_irq(s, 0, qdev_get_gpio_in(pcdev, NEXT_SCC_I));
950     sysbus_connect_irq(s, 1, qdev_get_gpio_in(pcdev, NEXT_SCC_DMA_I));
951     sysbus_mmio_map(s, 0, 0x2118000);
952 }
953 
954 static void next_pc_reset(DeviceState *dev)
955 {
956     NeXTPC *s = NEXT_PC(dev);
957 
958     /* Set internal registers to initial values */
959     /*     0x0000XX00 << vital bits */
960     s->scr1 = 0x00011102;
961     s->scr2 = 0x00ff0c80;
962 
963     s->rtc.status = 0x90;
964 
965     /* Load RTC RAM - TODO: provide possibility to load contents from file */
966     memcpy(s->rtc.ram, rtc_ram2, 32);
967 }
968 
969 static void next_pc_realize(DeviceState *dev, Error **errp)
970 {
971     NeXTPC *s = NEXT_PC(dev);
972     SysBusDevice *sbd = SYS_BUS_DEVICE(dev);
973 
974     qdev_init_gpio_in(dev, next_irq, NEXT_NUM_IRQS);
975 
976     memory_region_init_io(&s->mmiomem, OBJECT(s), &mmio_ops, s,
977                           "next.mmio", 0xD0000);
978     memory_region_init_io(&s->scrmem, OBJECT(s), &scr_ops, s,
979                           "next.scr", 0x20000);
980     sysbus_init_mmio(sbd, &s->mmiomem);
981     sysbus_init_mmio(sbd, &s->scrmem);
982 }
983 
984 /*
985  * If the m68k CPU implemented its inbound irq lines as GPIO lines
986  * rather than via the m68k_set_irq_level() function we would not need
987  * this cpu link property and could instead provide outbound IRQ lines
988  * that the board could wire up to the CPU.
989  */
990 static Property next_pc_properties[] = {
991     DEFINE_PROP_LINK("cpu", NeXTPC, cpu, TYPE_M68K_CPU, M68kCPU *),
992     DEFINE_PROP_END_OF_LIST(),
993 };
994 
995 static const VMStateDescription next_rtc_vmstate = {
996     .name = "next-rtc",
997     .version_id = 1,
998     .minimum_version_id = 1,
999     .fields = (VMStateField[]) {
1000         VMSTATE_UINT8_ARRAY(ram, NextRtc, 32),
1001         VMSTATE_UINT8(command, NextRtc),
1002         VMSTATE_UINT8(value, NextRtc),
1003         VMSTATE_UINT8(status, NextRtc),
1004         VMSTATE_UINT8(control, NextRtc),
1005         VMSTATE_UINT8(retval, NextRtc),
1006         VMSTATE_END_OF_LIST()
1007     },
1008 };
1009 
1010 static const VMStateDescription next_pc_vmstate = {
1011     .name = "next-pc",
1012     .version_id = 1,
1013     .minimum_version_id = 1,
1014     .fields = (VMStateField[]) {
1015         VMSTATE_UINT32(scr1, NeXTPC),
1016         VMSTATE_UINT32(scr2, NeXTPC),
1017         VMSTATE_UINT32(int_mask, NeXTPC),
1018         VMSTATE_UINT32(int_status, NeXTPC),
1019         VMSTATE_UINT8(scsi_csr_1, NeXTPC),
1020         VMSTATE_UINT8(scsi_csr_2, NeXTPC),
1021         VMSTATE_STRUCT(rtc, NeXTPC, 0, next_rtc_vmstate, NextRtc),
1022         VMSTATE_END_OF_LIST()
1023     },
1024 };
1025 
1026 static void next_pc_class_init(ObjectClass *klass, void *data)
1027 {
1028     DeviceClass *dc = DEVICE_CLASS(klass);
1029 
1030     dc->desc = "NeXT Peripheral Controller";
1031     dc->realize = next_pc_realize;
1032     dc->reset = next_pc_reset;
1033     device_class_set_props(dc, next_pc_properties);
1034     dc->vmsd = &next_pc_vmstate;
1035 }
1036 
1037 static const TypeInfo next_pc_info = {
1038     .name = TYPE_NEXT_PC,
1039     .parent = TYPE_SYS_BUS_DEVICE,
1040     .instance_size = sizeof(NeXTPC),
1041     .class_init = next_pc_class_init,
1042 };
1043 
1044 static void next_cube_init(MachineState *machine)
1045 {
1046     M68kCPU *cpu;
1047     CPUM68KState *env;
1048     MemoryRegion *rom = g_new(MemoryRegion, 1);
1049     MemoryRegion *rom2 = g_new(MemoryRegion, 1);
1050     MemoryRegion *dmamem = g_new(MemoryRegion, 1);
1051     MemoryRegion *bmapm1 = g_new(MemoryRegion, 1);
1052     MemoryRegion *bmapm2 = g_new(MemoryRegion, 1);
1053     MemoryRegion *sysmem = get_system_memory();
1054     const char *bios_name = machine->firmware ?: ROM_FILE;
1055     DeviceState *pcdev;
1056 
1057     /* Initialize the cpu core */
1058     cpu = M68K_CPU(cpu_create(machine->cpu_type));
1059     if (!cpu) {
1060         error_report("Unable to find m68k CPU definition");
1061         exit(1);
1062     }
1063     env = &cpu->env;
1064 
1065     /* Initialize CPU registers.  */
1066     env->vbr = 0;
1067     env->sr  = 0x2700;
1068 
1069     /* Peripheral Controller */
1070     pcdev = qdev_new(TYPE_NEXT_PC);
1071     object_property_set_link(OBJECT(pcdev), "cpu", OBJECT(cpu), &error_abort);
1072     sysbus_realize_and_unref(SYS_BUS_DEVICE(pcdev), &error_fatal);
1073 
1074     /* 64MB RAM starting at 0x04000000  */
1075     memory_region_add_subregion(sysmem, 0x04000000, machine->ram);
1076 
1077     /* Framebuffer */
1078     sysbus_create_simple(TYPE_NEXTFB, 0x0B000000, NULL);
1079 
1080     /* MMIO */
1081     sysbus_mmio_map(SYS_BUS_DEVICE(pcdev), 0, 0x02000000);
1082 
1083     /* BMAP IO - acts as a catch-all for now */
1084     sysbus_mmio_map(SYS_BUS_DEVICE(pcdev), 1, 0x02100000);
1085 
1086     /* BMAP memory */
1087     memory_region_init_ram_flags_nomigrate(bmapm1, NULL, "next.bmapmem", 64,
1088                                            RAM_SHARED, &error_fatal);
1089     memory_region_add_subregion(sysmem, 0x020c0000, bmapm1);
1090     /* The Rev_2.5_v66.bin firmware accesses it at 0x820c0020, too */
1091     memory_region_init_alias(bmapm2, NULL, "next.bmapmem2", bmapm1, 0x0, 64);
1092     memory_region_add_subregion(sysmem, 0x820c0000, bmapm2);
1093 
1094     /* KBD */
1095     sysbus_create_simple(TYPE_NEXTKBD, 0x0200e000, NULL);
1096 
1097     /* Load ROM here */
1098     memory_region_init_rom(rom, NULL, "next.rom", 0x20000, &error_fatal);
1099     memory_region_add_subregion(sysmem, 0x01000000, rom);
1100     memory_region_init_alias(rom2, NULL, "next.rom2", rom, 0x0, 0x20000);
1101     memory_region_add_subregion(sysmem, 0x0, rom2);
1102     if (load_image_targphys(bios_name, 0x01000000, 0x20000) < 8) {
1103         if (!qtest_enabled()) {
1104             error_report("Failed to load firmware '%s'.", bios_name);
1105         }
1106     } else {
1107         uint8_t *ptr;
1108         /* Initial PC is always at offset 4 in firmware binaries */
1109         ptr = rom_ptr(0x01000004, 4);
1110         g_assert(ptr != NULL);
1111         env->pc = ldl_p(ptr);
1112         if (env->pc >= 0x01020000) {
1113             error_report("'%s' does not seem to be a valid firmware image.",
1114                          bios_name);
1115             exit(1);
1116         }
1117     }
1118 
1119     /* Serial */
1120     next_escc_init(pcdev);
1121 
1122     /* TODO: */
1123     /* Network */
1124     /* SCSI */
1125     next_scsi_init(pcdev, cpu);
1126 
1127     /* DMA */
1128     memory_region_init_io(dmamem, NULL, &dma_ops, machine, "next.dma", 0x5000);
1129     memory_region_add_subregion(sysmem, 0x02000000, dmamem);
1130 }
1131 
1132 static void next_machine_class_init(ObjectClass *oc, void *data)
1133 {
1134     MachineClass *mc = MACHINE_CLASS(oc);
1135 
1136     mc->desc = "NeXT Cube";
1137     mc->init = next_cube_init;
1138     mc->block_default_type = IF_SCSI;
1139     mc->default_ram_size = RAM_SIZE;
1140     mc->default_ram_id = "next.ram";
1141     mc->default_cpu_type = M68K_CPU_TYPE_NAME("m68040");
1142 }
1143 
1144 static const TypeInfo next_typeinfo = {
1145     .name = TYPE_NEXT_MACHINE,
1146     .parent = TYPE_MACHINE,
1147     .class_init = next_machine_class_init,
1148     .instance_size = sizeof(NeXTState),
1149 };
1150 
1151 static void next_register_type(void)
1152 {
1153     type_register_static(&next_typeinfo);
1154     type_register_static(&next_pc_info);
1155 }
1156 
1157 type_init(next_register_type)
1158