xref: /openbmc/qemu/hw/m68k/next-cube.c (revision 940e43aa30e0f793bd18b79221296cdf17724018)
1 /*
2  * NeXT Cube System Driver
3  *
4  * Copyright (c) 2011 Bryce Lanham
5  *
6  * This code is free software; you can redistribute it and/or modify
7  * it under the terms of the GNU General Public License as published
8  * by the Free Software Foundation; either version 2 of the License,
9  * or (at your option) any later version.
10  */
11 
12 #include "qemu/osdep.h"
13 #include "cpu.h"
14 #include "exec/hwaddr.h"
15 #include "exec/address-spaces.h"
16 #include "sysemu/sysemu.h"
17 #include "sysemu/qtest.h"
18 #include "hw/irq.h"
19 #include "hw/m68k/next-cube.h"
20 #include "hw/boards.h"
21 #include "hw/loader.h"
22 #include "hw/scsi/esp.h"
23 #include "hw/sysbus.h"
24 #include "qom/object.h"
25 #include "hw/char/escc.h" /* ZILOG 8530 Serial Emulation */
26 #include "hw/block/fdc.h"
27 #include "hw/qdev-properties.h"
28 #include "qapi/error.h"
29 #include "ui/console.h"
30 #include "target/m68k/cpu.h"
31 #include "migration/vmstate.h"
32 
33 /* #define DEBUG_NEXT */
34 #ifdef DEBUG_NEXT
35 #define DPRINTF(fmt, ...) \
36     do { printf("NeXT: " fmt , ## __VA_ARGS__); } while (0)
37 #else
38 #define DPRINTF(fmt, ...) do { } while (0)
39 #endif
40 
41 #define TYPE_NEXT_MACHINE MACHINE_TYPE_NAME("next-cube")
42 OBJECT_DECLARE_SIMPLE_TYPE(NeXTState, NEXT_MACHINE)
43 
44 #define ENTRY       0x0100001e
45 #define RAM_SIZE    0x4000000
46 #define ROM_FILE    "Rev_2.5_v66.bin"
47 
48 typedef struct next_dma {
49     uint32_t csr;
50 
51     uint32_t saved_next;
52     uint32_t saved_limit;
53     uint32_t saved_start;
54     uint32_t saved_stop;
55 
56     uint32_t next;
57     uint32_t limit;
58     uint32_t start;
59     uint32_t stop;
60 
61     uint32_t next_initbuf;
62     uint32_t size;
63 } next_dma;
64 
65 typedef struct NextRtc {
66     uint8_t ram[32];
67     uint8_t command;
68     uint8_t value;
69     uint8_t status;
70     uint8_t control;
71     uint8_t retval;
72 } NextRtc;
73 
74 struct NeXTState {
75     MachineState parent;
76 
77     next_dma dma[10];
78 };
79 
80 #define TYPE_NEXT_PC "next-pc"
81 OBJECT_DECLARE_SIMPLE_TYPE(NeXTPC, NEXT_PC)
82 
83 /* NeXT Peripheral Controller */
84 struct NeXTPC {
85     SysBusDevice parent_obj;
86 
87     M68kCPU *cpu;
88 
89     MemoryRegion mmiomem;
90     MemoryRegion scrmem;
91 
92     uint32_t scr1;
93     uint32_t scr2;
94     uint8_t scsi_csr_1;
95     uint8_t scsi_csr_2;
96     uint32_t int_mask;
97     uint32_t int_status;
98 
99     NextRtc rtc;
100 };
101 
102 /* Thanks to NeXT forums for this */
103 /*
104 static const uint8_t rtc_ram3[32] = {
105     0x94, 0x0f, 0x40, 0x00, 0x00, 0x00, 0x00, 0x00,
106     0x00, 0x00, 0xfb, 0x6d, 0x00, 0x00, 0x7B, 0x00,
107     0x00, 0x00, 0x65, 0x6e, 0x00, 0x00, 0x00, 0x00,
108     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x50, 0x13
109 };
110 */
111 static const uint8_t rtc_ram2[32] = {
112     0x94, 0x0f, 0x40, 0x03, 0x00, 0x00, 0x00, 0x00,
113     0x00, 0x00, 0xfb, 0x6d, 0x00, 0x00, 0x4b, 0x00,
114     0x41, 0x00, 0x20, 0x00, 0x00, 0x00, 0x00, 0x00,
115     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x84, 0x7e,
116 };
117 
118 #define SCR2_RTCLK 0x2
119 #define SCR2_RTDATA 0x4
120 #define SCR2_TOBCD(x) (((x / 10) << 4) + (x % 10))
121 
122 static void nextscr2_write(NeXTPC *s, uint32_t val, int size)
123 {
124     static int led;
125     static int phase;
126     static uint8_t old_scr2;
127     uint8_t scr2_2;
128     NextRtc *rtc = &s->rtc;
129 
130     if (size == 4) {
131         scr2_2 = (val >> 8) & 0xFF;
132     } else {
133         scr2_2 = val & 0xFF;
134     }
135 
136     if (val & 0x1) {
137         DPRINTF("fault!\n");
138         led++;
139         if (led == 10) {
140             DPRINTF("LED flashing, possible fault!\n");
141             led = 0;
142         }
143     }
144 
145     if (scr2_2 & 0x1) {
146         /* DPRINTF("RTC %x phase %i\n", scr2_2, phase); */
147         if (phase == -1) {
148             phase = 0;
149         }
150         /* If we are in going down clock... do something */
151         if (((old_scr2 & SCR2_RTCLK) != (scr2_2 & SCR2_RTCLK)) &&
152                 ((scr2_2 & SCR2_RTCLK) == 0)) {
153             if (phase < 8) {
154                 rtc->command = (rtc->command << 1) |
155                                ((scr2_2 & SCR2_RTDATA) ? 1 : 0);
156             }
157             if (phase >= 8 && phase < 16) {
158                 rtc->value = (rtc->value << 1) |
159                              ((scr2_2 & SCR2_RTDATA) ? 1 : 0);
160 
161                 /* if we read RAM register, output RT_DATA bit */
162                 if (rtc->command <= 0x1F) {
163                     scr2_2 = scr2_2 & (~SCR2_RTDATA);
164                     if (rtc->ram[rtc->command] & (0x80 >> (phase - 8))) {
165                         scr2_2 |= SCR2_RTDATA;
166                     }
167 
168                     rtc->retval = (rtc->retval << 1) |
169                                   ((scr2_2 & SCR2_RTDATA) ? 1 : 0);
170                 }
171                 /* read the status 0x30 */
172                 if (rtc->command == 0x30) {
173                     scr2_2 = scr2_2 & (~SCR2_RTDATA);
174                     /* for now status = 0x98 (new rtc + FTU) */
175                     if (rtc->status & (0x80 >> (phase - 8))) {
176                         scr2_2 |= SCR2_RTDATA;
177                     }
178 
179                     rtc->retval = (rtc->retval << 1) |
180                                   ((scr2_2 & SCR2_RTDATA) ? 1 : 0);
181                 }
182                 /* read the status 0x31 */
183                 if (rtc->command == 0x31) {
184                     scr2_2 = scr2_2 & (~SCR2_RTDATA);
185                     if (rtc->control & (0x80 >> (phase - 8))) {
186                         scr2_2 |= SCR2_RTDATA;
187                     }
188                     rtc->retval = (rtc->retval << 1) |
189                                   ((scr2_2 & SCR2_RTDATA) ? 1 : 0);
190                 }
191 
192                 if ((rtc->command >= 0x20) && (rtc->command <= 0x2F)) {
193                     scr2_2 = scr2_2 & (~SCR2_RTDATA);
194                     /* for now 0x00 */
195                     time_t time_h = time(NULL);
196                     struct tm *info = localtime(&time_h);
197                     int ret = 0;
198 
199                     switch (rtc->command) {
200                     case 0x20:
201                         ret = SCR2_TOBCD(info->tm_sec);
202                         break;
203                     case 0x21:
204                         ret = SCR2_TOBCD(info->tm_min);
205                         break;
206                     case 0x22:
207                         ret = SCR2_TOBCD(info->tm_hour);
208                         break;
209                     case 0x24:
210                         ret = SCR2_TOBCD(info->tm_mday);
211                         break;
212                     case 0x25:
213                         ret = SCR2_TOBCD((info->tm_mon + 1));
214                         break;
215                     case 0x26:
216                         ret = SCR2_TOBCD((info->tm_year - 100));
217                         break;
218 
219                     }
220 
221                     if (ret & (0x80 >> (phase - 8))) {
222                         scr2_2 |= SCR2_RTDATA;
223                     }
224                     rtc->retval = (rtc->retval << 1) |
225                                   ((scr2_2 & SCR2_RTDATA) ? 1 : 0);
226                 }
227 
228             }
229 
230             phase++;
231             if (phase == 16) {
232                 if (rtc->command >= 0x80 && rtc->command <= 0x9F) {
233                     rtc->ram[rtc->command - 0x80] = rtc->value;
234                 }
235                 /* write to x30 register */
236                 if (rtc->command == 0xB1) {
237                     /* clear FTU */
238                     if (rtc->value & 0x04) {
239                         rtc->status = rtc->status & (~0x18);
240                         s->int_status = s->int_status & (~0x04);
241                     }
242                 }
243             }
244         }
245     } else {
246         /* else end or abort */
247         phase = -1;
248         rtc->command = 0;
249         rtc->value = 0;
250     }
251     s->scr2 = val & 0xFFFF00FF;
252     s->scr2 |= scr2_2 << 8;
253     old_scr2 = scr2_2;
254 }
255 
256 static uint32_t mmio_readb(NeXTPC *s, hwaddr addr)
257 {
258     switch (addr) {
259     case 0xc000:
260         return (s->scr1 >> 24) & 0xFF;
261     case 0xc001:
262         return (s->scr1 >> 16) & 0xFF;
263     case 0xc002:
264         return (s->scr1 >> 8)  & 0xFF;
265     case 0xc003:
266         return (s->scr1 >> 0)  & 0xFF;
267 
268     case 0xd000:
269         return (s->scr2 >> 24) & 0xFF;
270     case 0xd001:
271         return (s->scr2 >> 16) & 0xFF;
272     case 0xd002:
273         return (s->scr2 >> 8)  & 0xFF;
274     case 0xd003:
275         return (s->scr2 >> 0)  & 0xFF;
276     case 0x14020:
277         DPRINTF("MMIO Read 0x4020\n");
278         return 0x7f;
279 
280     default:
281         DPRINTF("MMIO Read B @ %"HWADDR_PRIx"\n", addr);
282         return 0x0;
283     }
284 }
285 
286 static uint32_t mmio_readw(NeXTPC *s, hwaddr addr)
287 {
288     switch (addr) {
289     default:
290         DPRINTF("MMIO Read W @ %"HWADDR_PRIx"\n", addr);
291         return 0x0;
292     }
293 }
294 
295 static uint32_t mmio_readl(NeXTPC *s, hwaddr addr)
296 {
297     switch (addr) {
298     case 0x7000:
299         /* DPRINTF("Read INT status: %x\n", s->int_status); */
300         return s->int_status;
301 
302     case 0x7800:
303         DPRINTF("MMIO Read INT mask: %x\n", s->int_mask);
304         return s->int_mask;
305 
306     case 0xc000:
307         return s->scr1;
308 
309     case 0xd000:
310         return s->scr2;
311 
312     default:
313         DPRINTF("MMIO Read L @ %"HWADDR_PRIx"\n", addr);
314         return 0x0;
315     }
316 }
317 
318 static void mmio_writeb(NeXTPC *s, hwaddr addr, uint32_t val)
319 {
320     switch (addr) {
321     case 0xd003:
322         nextscr2_write(s, val, 1);
323         break;
324     default:
325         DPRINTF("MMIO Write B @ %x with %x\n", (unsigned int)addr, val);
326     }
327 
328 }
329 
330 static void mmio_writew(NeXTPC *s, hwaddr addr, uint32_t val)
331 {
332     DPRINTF("MMIO Write W\n");
333 }
334 
335 static void mmio_writel(NeXTPC *s, hwaddr addr, uint32_t val)
336 {
337     switch (addr) {
338     case 0x7000:
339         DPRINTF("INT Status old: %x new: %x\n", s->int_status, val);
340         s->int_status = val;
341         break;
342     case 0x7800:
343         DPRINTF("INT Mask old: %x new: %x\n", s->int_mask, val);
344         s->int_mask  = val;
345         break;
346     case 0xc000:
347         DPRINTF("SCR1 Write: %x\n", val);
348         break;
349     case 0xd000:
350         nextscr2_write(s, val, 4);
351         break;
352 
353     default:
354         DPRINTF("MMIO Write l @ %x with %x\n", (unsigned int)addr, val);
355     }
356 }
357 
358 static uint64_t mmio_readfn(void *opaque, hwaddr addr, unsigned size)
359 {
360     NeXTPC *s = NEXT_PC(opaque);
361 
362     switch (size) {
363     case 1:
364         return mmio_readb(s, addr);
365     case 2:
366         return mmio_readw(s, addr);
367     case 4:
368         return mmio_readl(s, addr);
369     default:
370         g_assert_not_reached();
371     }
372 }
373 
374 static void mmio_writefn(void *opaque, hwaddr addr, uint64_t value,
375                          unsigned size)
376 {
377     NeXTPC *s = NEXT_PC(opaque);
378 
379     switch (size) {
380     case 1:
381         mmio_writeb(s, addr, value);
382         break;
383     case 2:
384         mmio_writew(s, addr, value);
385         break;
386     case 4:
387         mmio_writel(s, addr, value);
388         break;
389     default:
390         g_assert_not_reached();
391     }
392 }
393 
394 static const MemoryRegionOps mmio_ops = {
395     .read = mmio_readfn,
396     .write = mmio_writefn,
397     .valid.min_access_size = 1,
398     .valid.max_access_size = 4,
399     .endianness = DEVICE_NATIVE_ENDIAN,
400 };
401 
402 static uint32_t scr_readb(NeXTPC *s, hwaddr addr)
403 {
404     switch (addr) {
405     case 0x14108:
406         DPRINTF("FD read @ %x\n", (unsigned int)addr);
407         return 0x40 | 0x04 | 0x2 | 0x1;
408     case 0x14020:
409         DPRINTF("SCSI 4020  STATUS READ %X\n", s->scsi_csr_1);
410         return s->scsi_csr_1;
411 
412     case 0x14021:
413         DPRINTF("SCSI 4021 STATUS READ %X\n", s->scsi_csr_2);
414         return 0x40;
415 
416     /*
417      * These 4 registers are the hardware timer, not sure which register
418      * is the latch instead of data, but no problems so far
419      */
420     case 0x1a000:
421         return 0xff & (clock() >> 24);
422     case 0x1a001:
423         return 0xff & (clock() >> 16);
424     case 0x1a002:
425         return 0xff & (clock() >> 8);
426     case 0x1a003:
427         /* Hack: We need to have this change consistently to make it work */
428         return 0xFF & clock();
429 
430     default:
431         DPRINTF("BMAP Read B @ %x\n", (unsigned int)addr);
432         return 0;
433     }
434 }
435 
436 static uint32_t scr_readw(NeXTPC *s, hwaddr addr)
437 {
438     DPRINTF("BMAP Read W @ %x\n", (unsigned int)addr);
439     return 0;
440 }
441 
442 static uint32_t scr_readl(NeXTPC *s, hwaddr addr)
443 {
444     DPRINTF("BMAP Read L @ %x\n", (unsigned int)addr);
445     return 0;
446 }
447 
448 #define SCSICSR_ENABLE  0x01
449 #define SCSICSR_RESET   0x02  /* reset scsi dma */
450 #define SCSICSR_FIFOFL  0x04
451 #define SCSICSR_DMADIR  0x08  /* if set, scsi to mem */
452 #define SCSICSR_CPUDMA  0x10  /* if set, dma enabled */
453 #define SCSICSR_INTMASK 0x20  /* if set, interrupt enabled */
454 
455 static void scr_writeb(NeXTPC *s, hwaddr addr, uint32_t value)
456 {
457     switch (addr) {
458     case 0x14108:
459         DPRINTF("FDCSR Write: %x\n", value);
460 
461         if (value == 0x0) {
462             /* qemu_irq_raise(s->fd_irq[0]); */
463         }
464         break;
465     case 0x14020: /* SCSI Control Register */
466         if (value & SCSICSR_FIFOFL) {
467             DPRINTF("SCSICSR FIFO Flush\n");
468             /* will have to add another irq to the esp if this is needed */
469             /* esp_puflush_fifo(esp_g); */
470             /* qemu_irq_pulse(s->scsi_dma); */
471         }
472 
473         if (value & SCSICSR_ENABLE) {
474             DPRINTF("SCSICSR Enable\n");
475             /*
476              * qemu_irq_raise(s->scsi_dma);
477              * s->scsi_csr_1 = 0xc0;
478              * s->scsi_csr_1 |= 0x1;
479              * qemu_irq_pulse(s->scsi_dma);
480              */
481         }
482         /*
483          * else
484          *     s->scsi_csr_1 &= ~SCSICSR_ENABLE;
485          */
486 
487         if (value & SCSICSR_RESET) {
488             DPRINTF("SCSICSR Reset\n");
489             /* I think this should set DMADIR. CPUDMA and INTMASK to 0 */
490             /* qemu_irq_raise(s->scsi_reset); */
491             /* s->scsi_csr_1 &= ~(SCSICSR_INTMASK |0x80|0x1); */
492 
493         }
494         if (value & SCSICSR_DMADIR) {
495             DPRINTF("SCSICSR DMAdir\n");
496         }
497         if (value & SCSICSR_CPUDMA) {
498             DPRINTF("SCSICSR CPUDMA\n");
499             /* qemu_irq_raise(s->scsi_dma); */
500 
501             s->int_status |= 0x4000000;
502         } else {
503             s->int_status &= ~(0x4000000);
504         }
505         if (value & SCSICSR_INTMASK) {
506             DPRINTF("SCSICSR INTMASK\n");
507             /*
508              * int_mask &= ~0x1000;
509              * s->scsi_csr_1 |= value;
510              * s->scsi_csr_1 &= ~SCSICSR_INTMASK;
511              * if (s->scsi_queued) {
512              *     s->scsi_queued = 0;
513              *     next_irq(s, NEXT_SCSI_I, level);
514              * }
515              */
516         } else {
517             /* int_mask |= 0x1000; */
518         }
519         if (value & 0x80) {
520             /* int_mask |= 0x1000; */
521             /* s->scsi_csr_1 |= 0x80; */
522         }
523         DPRINTF("SCSICSR Write: %x\n", value);
524         /* s->scsi_csr_1 = value; */
525         return;
526     /* Hardware timer latch - not implemented yet */
527     case 0x1a000:
528     default:
529         DPRINTF("BMAP Write B @ %x with %x\n", (unsigned int)addr, value);
530     }
531 }
532 
533 static void scr_writew(NeXTPC *s, hwaddr addr, uint32_t value)
534 {
535     DPRINTF("BMAP Write W @ %x with %x\n", (unsigned int)addr, value);
536 }
537 
538 static void scr_writel(NeXTPC *s, hwaddr addr, uint32_t value)
539 {
540     DPRINTF("BMAP Write L @ %x with %x\n", (unsigned int)addr, value);
541 }
542 
543 static uint64_t scr_readfn(void *opaque, hwaddr addr, unsigned size)
544 {
545     NeXTPC *s = NEXT_PC(opaque);
546 
547     switch (size) {
548     case 1:
549         return scr_readb(s, addr);
550     case 2:
551         return scr_readw(s, addr);
552     case 4:
553         return scr_readl(s, addr);
554     default:
555         g_assert_not_reached();
556     }
557 }
558 
559 static void scr_writefn(void *opaque, hwaddr addr, uint64_t value,
560                         unsigned size)
561 {
562     NeXTPC *s = NEXT_PC(opaque);
563 
564     switch (size) {
565     case 1:
566         scr_writeb(s, addr, value);
567         break;
568     case 2:
569         scr_writew(s, addr, value);
570         break;
571     case 4:
572         scr_writel(s, addr, value);
573         break;
574     default:
575         g_assert_not_reached();
576     }
577 }
578 
579 static const MemoryRegionOps scr_ops = {
580     .read = scr_readfn,
581     .write = scr_writefn,
582     .valid.min_access_size = 1,
583     .valid.max_access_size = 4,
584     .endianness = DEVICE_NATIVE_ENDIAN,
585 };
586 
587 #define NEXTDMA_SCSI(x)      (0x10 + x)
588 #define NEXTDMA_FD(x)        (0x10 + x)
589 #define NEXTDMA_ENTX(x)      (0x110 + x)
590 #define NEXTDMA_ENRX(x)      (0x150 + x)
591 #define NEXTDMA_CSR          0x0
592 #define NEXTDMA_NEXT         0x4000
593 #define NEXTDMA_LIMIT        0x4004
594 #define NEXTDMA_START        0x4008
595 #define NEXTDMA_STOP         0x400c
596 #define NEXTDMA_NEXT_INIT    0x4200
597 #define NEXTDMA_SIZE         0x4204
598 
599 static void dma_writel(void *opaque, hwaddr addr, uint64_t value,
600                        unsigned int size)
601 {
602     NeXTState *next_state = NEXT_MACHINE(opaque);
603 
604     switch (addr) {
605     case NEXTDMA_ENRX(NEXTDMA_CSR):
606         if (value & DMA_DEV2M) {
607             next_state->dma[NEXTDMA_ENRX].csr |= DMA_DEV2M;
608         }
609 
610         if (value & DMA_SETENABLE) {
611             /* DPRINTF("SCSI DMA ENABLE\n"); */
612             next_state->dma[NEXTDMA_ENRX].csr |= DMA_ENABLE;
613         }
614         if (value & DMA_SETSUPDATE) {
615             next_state->dma[NEXTDMA_ENRX].csr |= DMA_SUPDATE;
616         }
617         if (value & DMA_CLRCOMPLETE) {
618             next_state->dma[NEXTDMA_ENRX].csr &= ~DMA_COMPLETE;
619         }
620 
621         if (value & DMA_RESET) {
622             next_state->dma[NEXTDMA_ENRX].csr &= ~(DMA_COMPLETE | DMA_SUPDATE |
623                                                   DMA_ENABLE | DMA_DEV2M);
624         }
625         /* DPRINTF("RXCSR \tWrite: %x\n",value); */
626         break;
627     case NEXTDMA_ENRX(NEXTDMA_NEXT_INIT):
628         next_state->dma[NEXTDMA_ENRX].next_initbuf = value;
629         break;
630     case NEXTDMA_ENRX(NEXTDMA_NEXT):
631         next_state->dma[NEXTDMA_ENRX].next = value;
632         break;
633     case NEXTDMA_ENRX(NEXTDMA_LIMIT):
634         next_state->dma[NEXTDMA_ENRX].limit = value;
635         break;
636     case NEXTDMA_SCSI(NEXTDMA_CSR):
637         if (value & DMA_DEV2M) {
638             next_state->dma[NEXTDMA_SCSI].csr |= DMA_DEV2M;
639         }
640         if (value & DMA_SETENABLE) {
641             /* DPRINTF("SCSI DMA ENABLE\n"); */
642             next_state->dma[NEXTDMA_SCSI].csr |= DMA_ENABLE;
643         }
644         if (value & DMA_SETSUPDATE) {
645             next_state->dma[NEXTDMA_SCSI].csr |= DMA_SUPDATE;
646         }
647         if (value & DMA_CLRCOMPLETE) {
648             next_state->dma[NEXTDMA_SCSI].csr &= ~DMA_COMPLETE;
649         }
650 
651         if (value & DMA_RESET) {
652             next_state->dma[NEXTDMA_SCSI].csr &= ~(DMA_COMPLETE | DMA_SUPDATE |
653                                                   DMA_ENABLE | DMA_DEV2M);
654             /* DPRINTF("SCSI DMA RESET\n"); */
655         }
656         /* DPRINTF("RXCSR \tWrite: %x\n",value); */
657         break;
658 
659     case NEXTDMA_SCSI(NEXTDMA_NEXT):
660         next_state->dma[NEXTDMA_SCSI].next = value;
661         break;
662 
663     case NEXTDMA_SCSI(NEXTDMA_LIMIT):
664         next_state->dma[NEXTDMA_SCSI].limit = value;
665         break;
666 
667     case NEXTDMA_SCSI(NEXTDMA_START):
668         next_state->dma[NEXTDMA_SCSI].start = value;
669         break;
670 
671     case NEXTDMA_SCSI(NEXTDMA_STOP):
672         next_state->dma[NEXTDMA_SCSI].stop = value;
673         break;
674 
675     case NEXTDMA_SCSI(NEXTDMA_NEXT_INIT):
676         next_state->dma[NEXTDMA_SCSI].next_initbuf = value;
677         break;
678 
679     default:
680         DPRINTF("DMA write @ %x w/ %x\n", (unsigned)addr, (unsigned)value);
681     }
682 }
683 
684 static uint64_t dma_readl(void *opaque, hwaddr addr, unsigned int size)
685 {
686     NeXTState *next_state = NEXT_MACHINE(opaque);
687 
688     switch (addr) {
689     case NEXTDMA_SCSI(NEXTDMA_CSR):
690         DPRINTF("SCSI DMA CSR READ\n");
691         return next_state->dma[NEXTDMA_SCSI].csr;
692     case NEXTDMA_ENRX(NEXTDMA_CSR):
693         return next_state->dma[NEXTDMA_ENRX].csr;
694     case NEXTDMA_ENRX(NEXTDMA_NEXT_INIT):
695         return next_state->dma[NEXTDMA_ENRX].next_initbuf;
696     case NEXTDMA_ENRX(NEXTDMA_NEXT):
697         return next_state->dma[NEXTDMA_ENRX].next;
698     case NEXTDMA_ENRX(NEXTDMA_LIMIT):
699         return next_state->dma[NEXTDMA_ENRX].limit;
700 
701     case NEXTDMA_SCSI(NEXTDMA_NEXT):
702         return next_state->dma[NEXTDMA_SCSI].next;
703     case NEXTDMA_SCSI(NEXTDMA_NEXT_INIT):
704         return next_state->dma[NEXTDMA_SCSI].next_initbuf;
705     case NEXTDMA_SCSI(NEXTDMA_LIMIT):
706         return next_state->dma[NEXTDMA_SCSI].limit;
707     case NEXTDMA_SCSI(NEXTDMA_START):
708         return next_state->dma[NEXTDMA_SCSI].start;
709     case NEXTDMA_SCSI(NEXTDMA_STOP):
710         return next_state->dma[NEXTDMA_SCSI].stop;
711 
712     default:
713         DPRINTF("DMA read @ %x\n", (unsigned int)addr);
714         return 0;
715     }
716 
717     /*
718      * once the csr's are done, subtract 0x3FEC from the addr, and that will
719      * normalize the upper registers
720      */
721 }
722 
723 static const MemoryRegionOps dma_ops = {
724     .read = dma_readl,
725     .write = dma_writel,
726     .impl.min_access_size = 4,
727     .valid.min_access_size = 4,
728     .valid.max_access_size = 4,
729     .endianness = DEVICE_NATIVE_ENDIAN,
730 };
731 
732 static void next_irq(void *opaque, int number, int level)
733 {
734     NeXTPC *s = NEXT_PC(opaque);
735     M68kCPU *cpu = s->cpu;
736     int shift = 0;
737 
738     /* first switch sets interupt status */
739     /* DPRINTF("IRQ %i\n",number); */
740     switch (number) {
741     /* level 3 - floppy, kbd/mouse, power, ether rx/tx, scsi, clock */
742     case NEXT_FD_I:
743         shift = 7;
744         break;
745     case NEXT_KBD_I:
746         shift = 3;
747         break;
748     case NEXT_PWR_I:
749         shift = 2;
750         break;
751     case NEXT_ENRX_I:
752         shift = 9;
753         break;
754     case NEXT_ENTX_I:
755         shift = 10;
756         break;
757     case NEXT_SCSI_I:
758         shift = 12;
759         break;
760     case NEXT_CLK_I:
761         shift = 5;
762         break;
763 
764     /* level 5 - scc (serial) */
765     case NEXT_SCC_I:
766         shift = 17;
767         break;
768 
769     /* level 6 - audio etherrx/tx dma */
770     case NEXT_ENTX_DMA_I:
771         shift = 28;
772         break;
773     case NEXT_ENRX_DMA_I:
774         shift = 27;
775         break;
776     case NEXT_SCSI_DMA_I:
777         shift = 26;
778         break;
779     case NEXT_SND_I:
780         shift = 23;
781         break;
782     case NEXT_SCC_DMA_I:
783         shift = 21;
784         break;
785 
786     }
787     /*
788      * this HAS to be wrong, the interrupt handlers in mach and together
789      * int_status and int_mask and return if there is a hit
790      */
791     if (s->int_mask & (1 << shift)) {
792         DPRINTF("%x interrupt masked @ %x\n", 1 << shift, cpu->env.pc);
793         /* return; */
794     }
795 
796     /* second switch triggers the correct interrupt */
797     if (level) {
798         s->int_status |= 1 << shift;
799 
800         switch (number) {
801         /* level 3 - floppy, kbd/mouse, power, ether rx/tx, scsi, clock */
802         case NEXT_FD_I:
803         case NEXT_KBD_I:
804         case NEXT_PWR_I:
805         case NEXT_ENRX_I:
806         case NEXT_ENTX_I:
807         case NEXT_SCSI_I:
808         case NEXT_CLK_I:
809             m68k_set_irq_level(cpu, 3, 27);
810             break;
811 
812         /* level 5 - scc (serial) */
813         case NEXT_SCC_I:
814             m68k_set_irq_level(cpu, 5, 29);
815             break;
816 
817         /* level 6 - audio etherrx/tx dma */
818         case NEXT_ENTX_DMA_I:
819         case NEXT_ENRX_DMA_I:
820         case NEXT_SCSI_DMA_I:
821         case NEXT_SND_I:
822         case NEXT_SCC_DMA_I:
823             m68k_set_irq_level(cpu, 6, 30);
824             break;
825         }
826     } else {
827         s->int_status &= ~(1 << shift);
828         cpu_reset_interrupt(CPU(cpu), CPU_INTERRUPT_HARD);
829     }
830 }
831 
832 static void next_escc_init(DeviceState *pcdev)
833 {
834     DeviceState *dev;
835     SysBusDevice *s;
836 
837     dev = qdev_new(TYPE_ESCC);
838     qdev_prop_set_uint32(dev, "disabled", 0);
839     qdev_prop_set_uint32(dev, "frequency", 9600 * 384);
840     qdev_prop_set_uint32(dev, "it_shift", 0);
841     qdev_prop_set_bit(dev, "bit_swap", true);
842     qdev_prop_set_chr(dev, "chrB", serial_hd(1));
843     qdev_prop_set_chr(dev, "chrA", serial_hd(0));
844     qdev_prop_set_uint32(dev, "chnBtype", escc_serial);
845     qdev_prop_set_uint32(dev, "chnAtype", escc_serial);
846 
847     s = SYS_BUS_DEVICE(dev);
848     sysbus_realize_and_unref(s, &error_fatal);
849     sysbus_connect_irq(s, 0, qdev_get_gpio_in(pcdev, NEXT_SCC_I));
850     sysbus_connect_irq(s, 1, qdev_get_gpio_in(pcdev, NEXT_SCC_DMA_I));
851     sysbus_mmio_map(s, 0, 0x2118000);
852 }
853 
854 static void next_pc_reset(DeviceState *dev)
855 {
856     NeXTPC *s = NEXT_PC(dev);
857 
858     /* Set internal registers to initial values */
859     /*     0x0000XX00 << vital bits */
860     s->scr1 = 0x00011102;
861     s->scr2 = 0x00ff0c80;
862 
863     s->rtc.status = 0x90;
864 
865     /* Load RTC RAM - TODO: provide possibility to load contents from file */
866     memcpy(s->rtc.ram, rtc_ram2, 32);
867 }
868 
869 static void next_pc_realize(DeviceState *dev, Error **errp)
870 {
871     NeXTPC *s = NEXT_PC(dev);
872     SysBusDevice *sbd = SYS_BUS_DEVICE(dev);
873 
874     qdev_init_gpio_in(dev, next_irq, NEXT_NUM_IRQS);
875 
876     memory_region_init_io(&s->mmiomem, OBJECT(s), &mmio_ops, s,
877                           "next.mmio", 0xD0000);
878     memory_region_init_io(&s->scrmem, OBJECT(s), &scr_ops, s,
879                           "next.scr", 0x20000);
880     sysbus_init_mmio(sbd, &s->mmiomem);
881     sysbus_init_mmio(sbd, &s->scrmem);
882 }
883 
884 /*
885  * If the m68k CPU implemented its inbound irq lines as GPIO lines
886  * rather than via the m68k_set_irq_level() function we would not need
887  * this cpu link property and could instead provide outbound IRQ lines
888  * that the board could wire up to the CPU.
889  */
890 static Property next_pc_properties[] = {
891     DEFINE_PROP_LINK("cpu", NeXTPC, cpu, TYPE_M68K_CPU, M68kCPU *),
892     DEFINE_PROP_END_OF_LIST(),
893 };
894 
895 static const VMStateDescription next_rtc_vmstate = {
896     .name = "next-rtc",
897     .version_id = 1,
898     .minimum_version_id = 1,
899     .fields = (VMStateField[]) {
900         VMSTATE_UINT8_ARRAY(ram, NextRtc, 32),
901         VMSTATE_UINT8(command, NextRtc),
902         VMSTATE_UINT8(value, NextRtc),
903         VMSTATE_UINT8(status, NextRtc),
904         VMSTATE_UINT8(control, NextRtc),
905         VMSTATE_UINT8(retval, NextRtc),
906         VMSTATE_END_OF_LIST()
907     },
908 };
909 
910 static const VMStateDescription next_pc_vmstate = {
911     .name = "next-pc",
912     .version_id = 1,
913     .minimum_version_id = 1,
914     .fields = (VMStateField[]) {
915         VMSTATE_UINT32(scr1, NeXTPC),
916         VMSTATE_UINT32(scr2, NeXTPC),
917         VMSTATE_UINT32(int_mask, NeXTPC),
918         VMSTATE_UINT32(int_status, NeXTPC),
919         VMSTATE_UINT8(scsi_csr_1, NeXTPC),
920         VMSTATE_UINT8(scsi_csr_2, NeXTPC),
921         VMSTATE_STRUCT(rtc, NeXTPC, 0, next_rtc_vmstate, NextRtc),
922         VMSTATE_END_OF_LIST()
923     },
924 };
925 
926 static void next_pc_class_init(ObjectClass *klass, void *data)
927 {
928     DeviceClass *dc = DEVICE_CLASS(klass);
929 
930     dc->desc = "NeXT Peripheral Controller";
931     dc->realize = next_pc_realize;
932     dc->reset = next_pc_reset;
933     device_class_set_props(dc, next_pc_properties);
934     dc->vmsd = &next_pc_vmstate;
935 }
936 
937 static const TypeInfo next_pc_info = {
938     .name = TYPE_NEXT_PC,
939     .parent = TYPE_SYS_BUS_DEVICE,
940     .instance_size = sizeof(NeXTPC),
941     .class_init = next_pc_class_init,
942 };
943 
944 static void next_cube_init(MachineState *machine)
945 {
946     M68kCPU *cpu;
947     CPUM68KState *env;
948     MemoryRegion *rom = g_new(MemoryRegion, 1);
949     MemoryRegion *dmamem = g_new(MemoryRegion, 1);
950     MemoryRegion *bmapm1 = g_new(MemoryRegion, 1);
951     MemoryRegion *bmapm2 = g_new(MemoryRegion, 1);
952     MemoryRegion *sysmem = get_system_memory();
953     const char *bios_name = machine->firmware ?: ROM_FILE;
954     DeviceState *dev;
955     DeviceState *pcdev;
956 
957     /* Initialize the cpu core */
958     cpu = M68K_CPU(cpu_create(machine->cpu_type));
959     if (!cpu) {
960         error_report("Unable to find m68k CPU definition");
961         exit(1);
962     }
963     env = &cpu->env;
964 
965     /* Initialize CPU registers.  */
966     env->vbr = 0;
967     env->sr  = 0x2700;
968 
969     /* Peripheral Controller */
970     pcdev = qdev_new(TYPE_NEXT_PC);
971     object_property_set_link(OBJECT(pcdev), "cpu", OBJECT(cpu), &error_abort);
972     sysbus_realize_and_unref(SYS_BUS_DEVICE(pcdev), &error_fatal);
973 
974     /* 64MB RAM starting at 0x04000000  */
975     memory_region_add_subregion(sysmem, 0x04000000, machine->ram);
976 
977     /* Framebuffer */
978     dev = qdev_new(TYPE_NEXTFB);
979     sysbus_realize_and_unref(SYS_BUS_DEVICE(dev), &error_fatal);
980     sysbus_mmio_map(SYS_BUS_DEVICE(dev), 0, 0x0B000000);
981 
982     /* MMIO */
983     sysbus_mmio_map(SYS_BUS_DEVICE(pcdev), 0, 0x02000000);
984 
985     /* BMAP IO - acts as a catch-all for now */
986     sysbus_mmio_map(SYS_BUS_DEVICE(pcdev), 1, 0x02100000);
987 
988     /* BMAP memory */
989     memory_region_init_ram_shared_nomigrate(bmapm1, NULL, "next.bmapmem", 64,
990                                             true, &error_fatal);
991     memory_region_add_subregion(sysmem, 0x020c0000, bmapm1);
992     /* The Rev_2.5_v66.bin firmware accesses it at 0x820c0020, too */
993     memory_region_init_alias(bmapm2, NULL, "next.bmapmem2", bmapm1, 0x0, 64);
994     memory_region_add_subregion(sysmem, 0x820c0000, bmapm2);
995 
996     /* KBD */
997     dev = qdev_new(TYPE_NEXTKBD);
998     sysbus_realize_and_unref(SYS_BUS_DEVICE(dev), &error_fatal);
999     sysbus_mmio_map(SYS_BUS_DEVICE(dev), 0, 0x0200e000);
1000 
1001     /* Load ROM here */
1002     /* still not sure if the rom should also be mapped at 0x0*/
1003     memory_region_init_rom(rom, NULL, "next.rom", 0x20000, &error_fatal);
1004     memory_region_add_subregion(sysmem, 0x01000000, rom);
1005     if (load_image_targphys(bios_name, 0x01000000, 0x20000) < 8) {
1006         if (!qtest_enabled()) {
1007             error_report("Failed to load firmware '%s'.", bios_name);
1008         }
1009     } else {
1010         uint8_t *ptr;
1011         /* Initial PC is always at offset 4 in firmware binaries */
1012         ptr = rom_ptr(0x01000004, 4);
1013         g_assert(ptr != NULL);
1014         env->pc = ldl_p(ptr);
1015         if (env->pc >= 0x01020000) {
1016             error_report("'%s' does not seem to be a valid firmware image.",
1017                          bios_name);
1018             exit(1);
1019         }
1020     }
1021 
1022     /* Serial */
1023     next_escc_init(pcdev);
1024 
1025     /* TODO: */
1026     /* Network */
1027     /* SCSI */
1028 
1029     /* DMA */
1030     memory_region_init_io(dmamem, NULL, &dma_ops, machine, "next.dma", 0x5000);
1031     memory_region_add_subregion(sysmem, 0x02000000, dmamem);
1032 }
1033 
1034 static void next_machine_class_init(ObjectClass *oc, void *data)
1035 {
1036     MachineClass *mc = MACHINE_CLASS(oc);
1037 
1038     mc->desc = "NeXT Cube";
1039     mc->init = next_cube_init;
1040     mc->default_ram_size = RAM_SIZE;
1041     mc->default_ram_id = "next.ram";
1042     mc->default_cpu_type = M68K_CPU_TYPE_NAME("m68040");
1043 }
1044 
1045 static const TypeInfo next_typeinfo = {
1046     .name = TYPE_NEXT_MACHINE,
1047     .parent = TYPE_MACHINE,
1048     .class_init = next_machine_class_init,
1049     .instance_size = sizeof(NeXTState),
1050 };
1051 
1052 static void next_register_type(void)
1053 {
1054     type_register_static(&next_typeinfo);
1055     type_register_static(&next_pc_info);
1056 }
1057 
1058 type_init(next_register_type)
1059