1 /*
2 * NeXT Cube System Driver
3 *
4 * Copyright (c) 2011 Bryce Lanham
5 *
6 * This code is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published
8 * by the Free Software Foundation; either version 2 of the License,
9 * or (at your option) any later version.
10 */
11
12 #include "qemu/osdep.h"
13 #include "exec/hwaddr.h"
14 #include "sysemu/sysemu.h"
15 #include "sysemu/qtest.h"
16 #include "hw/irq.h"
17 #include "hw/m68k/next-cube.h"
18 #include "hw/boards.h"
19 #include "hw/loader.h"
20 #include "hw/scsi/esp.h"
21 #include "hw/sysbus.h"
22 #include "qom/object.h"
23 #include "hw/char/escc.h" /* ZILOG 8530 Serial Emulation */
24 #include "hw/block/fdc.h"
25 #include "hw/qdev-properties.h"
26 #include "qapi/error.h"
27 #include "qemu/error-report.h"
28 #include "ui/console.h"
29 #include "target/m68k/cpu.h"
30 #include "migration/vmstate.h"
31
32 /* #define DEBUG_NEXT */
33 #ifdef DEBUG_NEXT
34 #define DPRINTF(fmt, ...) \
35 do { printf("NeXT: " fmt , ## __VA_ARGS__); } while (0)
36 #else
37 #define DPRINTF(fmt, ...) do { } while (0)
38 #endif
39
40 #define TYPE_NEXT_MACHINE MACHINE_TYPE_NAME("next-cube")
41 OBJECT_DECLARE_SIMPLE_TYPE(NeXTState, NEXT_MACHINE)
42
43 #define ENTRY 0x0100001e
44 #define RAM_SIZE 0x4000000
45 #define ROM_FILE "Rev_2.5_v66.bin"
46
47 typedef struct next_dma {
48 uint32_t csr;
49
50 uint32_t saved_next;
51 uint32_t saved_limit;
52 uint32_t saved_start;
53 uint32_t saved_stop;
54
55 uint32_t next;
56 uint32_t limit;
57 uint32_t start;
58 uint32_t stop;
59
60 uint32_t next_initbuf;
61 uint32_t size;
62 } next_dma;
63
64 typedef struct NextRtc {
65 int8_t phase;
66 uint8_t ram[32];
67 uint8_t command;
68 uint8_t value;
69 uint8_t status;
70 uint8_t control;
71 uint8_t retval;
72 } NextRtc;
73
74 struct NeXTState {
75 MachineState parent;
76
77 MemoryRegion rom;
78 MemoryRegion rom2;
79 MemoryRegion dmamem;
80 MemoryRegion bmapm1;
81 MemoryRegion bmapm2;
82
83 next_dma dma[10];
84 };
85
86 #define TYPE_NEXT_PC "next-pc"
87 OBJECT_DECLARE_SIMPLE_TYPE(NeXTPC, NEXT_PC)
88
89 /* NeXT Peripheral Controller */
90 struct NeXTPC {
91 SysBusDevice parent_obj;
92
93 M68kCPU *cpu;
94
95 MemoryRegion mmiomem;
96 MemoryRegion scrmem;
97
98 uint32_t scr1;
99 uint32_t scr2;
100 uint32_t old_scr2;
101 uint32_t int_mask;
102 uint32_t int_status;
103 uint32_t led;
104 uint8_t scsi_csr_1;
105 uint8_t scsi_csr_2;
106
107 qemu_irq scsi_reset;
108 qemu_irq scsi_dma;
109
110 NextRtc rtc;
111 };
112
113 /* Thanks to NeXT forums for this */
114 /*
115 static const uint8_t rtc_ram3[32] = {
116 0x94, 0x0f, 0x40, 0x00, 0x00, 0x00, 0x00, 0x00,
117 0x00, 0x00, 0xfb, 0x6d, 0x00, 0x00, 0x7B, 0x00,
118 0x00, 0x00, 0x65, 0x6e, 0x00, 0x00, 0x00, 0x00,
119 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x50, 0x13
120 };
121 */
122 static const uint8_t rtc_ram2[32] = {
123 0x94, 0x0f, 0x40, 0x03, 0x00, 0x00, 0x00, 0x00,
124 0x00, 0x00, 0xfb, 0x6d, 0x00, 0x00, 0x4b, 0x00,
125 0x41, 0x00, 0x20, 0x00, 0x00, 0x00, 0x00, 0x00,
126 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x84, 0x7e,
127 };
128
129 #define SCR2_RTCLK 0x2
130 #define SCR2_RTDATA 0x4
131 #define SCR2_TOBCD(x) (((x / 10) << 4) + (x % 10))
132
next_scr2_led_update(NeXTPC * s)133 static void next_scr2_led_update(NeXTPC *s)
134 {
135 if (s->scr2 & 0x1) {
136 DPRINTF("fault!\n");
137 s->led++;
138 if (s->led == 10) {
139 DPRINTF("LED flashing, possible fault!\n");
140 s->led = 0;
141 }
142 }
143 }
144
next_scr2_rtc_update(NeXTPC * s)145 static void next_scr2_rtc_update(NeXTPC *s)
146 {
147 uint8_t old_scr2, scr2_2;
148 NextRtc *rtc = &s->rtc;
149
150 old_scr2 = extract32(s->old_scr2, 8, 8);
151 scr2_2 = extract32(s->scr2, 8, 8);
152
153 if (scr2_2 & 0x1) {
154 /* DPRINTF("RTC %x phase %i\n", scr2_2, rtc->phase); */
155 if (rtc->phase == -1) {
156 rtc->phase = 0;
157 }
158 /* If we are in going down clock... do something */
159 if (((old_scr2 & SCR2_RTCLK) != (scr2_2 & SCR2_RTCLK)) &&
160 ((scr2_2 & SCR2_RTCLK) == 0)) {
161 if (rtc->phase < 8) {
162 rtc->command = (rtc->command << 1) |
163 ((scr2_2 & SCR2_RTDATA) ? 1 : 0);
164 }
165 if (rtc->phase >= 8 && rtc->phase < 16) {
166 rtc->value = (rtc->value << 1) |
167 ((scr2_2 & SCR2_RTDATA) ? 1 : 0);
168
169 /* if we read RAM register, output RT_DATA bit */
170 if (rtc->command <= 0x1F) {
171 scr2_2 = scr2_2 & (~SCR2_RTDATA);
172 if (rtc->ram[rtc->command] & (0x80 >> (rtc->phase - 8))) {
173 scr2_2 |= SCR2_RTDATA;
174 }
175
176 rtc->retval = (rtc->retval << 1) |
177 ((scr2_2 & SCR2_RTDATA) ? 1 : 0);
178 }
179 /* read the status 0x30 */
180 if (rtc->command == 0x30) {
181 scr2_2 = scr2_2 & (~SCR2_RTDATA);
182 /* for now status = 0x98 (new rtc + FTU) */
183 if (rtc->status & (0x80 >> (rtc->phase - 8))) {
184 scr2_2 |= SCR2_RTDATA;
185 }
186
187 rtc->retval = (rtc->retval << 1) |
188 ((scr2_2 & SCR2_RTDATA) ? 1 : 0);
189 }
190 /* read the status 0x31 */
191 if (rtc->command == 0x31) {
192 scr2_2 = scr2_2 & (~SCR2_RTDATA);
193 if (rtc->control & (0x80 >> (rtc->phase - 8))) {
194 scr2_2 |= SCR2_RTDATA;
195 }
196 rtc->retval = (rtc->retval << 1) |
197 ((scr2_2 & SCR2_RTDATA) ? 1 : 0);
198 }
199
200 if ((rtc->command >= 0x20) && (rtc->command <= 0x2F)) {
201 scr2_2 = scr2_2 & (~SCR2_RTDATA);
202 /* for now 0x00 */
203 time_t time_h = time(NULL);
204 struct tm *info = localtime(&time_h);
205 int ret = 0;
206
207 switch (rtc->command) {
208 case 0x20:
209 ret = SCR2_TOBCD(info->tm_sec);
210 break;
211 case 0x21:
212 ret = SCR2_TOBCD(info->tm_min);
213 break;
214 case 0x22:
215 ret = SCR2_TOBCD(info->tm_hour);
216 break;
217 case 0x24:
218 ret = SCR2_TOBCD(info->tm_mday);
219 break;
220 case 0x25:
221 ret = SCR2_TOBCD((info->tm_mon + 1));
222 break;
223 case 0x26:
224 ret = SCR2_TOBCD((info->tm_year - 100));
225 break;
226
227 }
228
229 if (ret & (0x80 >> (rtc->phase - 8))) {
230 scr2_2 |= SCR2_RTDATA;
231 }
232 rtc->retval = (rtc->retval << 1) |
233 ((scr2_2 & SCR2_RTDATA) ? 1 : 0);
234 }
235
236 }
237
238 rtc->phase++;
239 if (rtc->phase == 16) {
240 if (rtc->command >= 0x80 && rtc->command <= 0x9F) {
241 rtc->ram[rtc->command - 0x80] = rtc->value;
242 }
243 /* write to x30 register */
244 if (rtc->command == 0xB1) {
245 /* clear FTU */
246 if (rtc->value & 0x04) {
247 rtc->status = rtc->status & (~0x18);
248 s->int_status = s->int_status & (~0x04);
249 }
250 }
251 }
252 }
253 } else {
254 /* else end or abort */
255 rtc->phase = -1;
256 rtc->command = 0;
257 rtc->value = 0;
258 }
259
260 s->scr2 = deposit32(s->scr2, 8, 8, scr2_2);
261 }
262
next_mmio_read(void * opaque,hwaddr addr,unsigned size)263 static uint64_t next_mmio_read(void *opaque, hwaddr addr, unsigned size)
264 {
265 NeXTPC *s = NEXT_PC(opaque);
266 uint64_t val;
267
268 switch (addr) {
269 case 0x7000:
270 /* DPRINTF("Read INT status: %x\n", s->int_status); */
271 val = s->int_status;
272 break;
273
274 case 0x7800:
275 DPRINTF("MMIO Read INT mask: %x\n", s->int_mask);
276 val = s->int_mask;
277 break;
278
279 case 0xc000 ... 0xc003:
280 val = extract32(s->scr1, (4 - (addr - 0xc000) - size) << 3,
281 size << 3);
282 break;
283
284 case 0xd000 ... 0xd003:
285 val = extract32(s->scr2, (4 - (addr - 0xd000) - size) << 3,
286 size << 3);
287 break;
288
289 case 0x14020:
290 val = 0x7f;
291 break;
292
293 default:
294 val = 0;
295 DPRINTF("MMIO Read @ 0x%"HWADDR_PRIx" size %d\n", addr, size);
296 break;
297 }
298
299 return val;
300 }
301
next_mmio_write(void * opaque,hwaddr addr,uint64_t val,unsigned size)302 static void next_mmio_write(void *opaque, hwaddr addr, uint64_t val,
303 unsigned size)
304 {
305 NeXTPC *s = NEXT_PC(opaque);
306
307 switch (addr) {
308 case 0x7000:
309 DPRINTF("INT Status old: %x new: %x\n", s->int_status,
310 (unsigned int)val);
311 s->int_status = val;
312 break;
313
314 case 0x7800:
315 DPRINTF("INT Mask old: %x new: %x\n", s->int_mask, (unsigned int)val);
316 s->int_mask = val;
317 break;
318
319 case 0xc000 ... 0xc003:
320 DPRINTF("SCR1 Write: %x\n", (unsigned int)val);
321 s->scr1 = deposit32(s->scr1, (4 - (addr - 0xc000) - size) << 3,
322 size << 3, val);
323 break;
324
325 case 0xd000 ... 0xd003:
326 s->scr2 = deposit32(s->scr2, (4 - (addr - 0xd000) - size) << 3,
327 size << 3, val);
328 next_scr2_led_update(s);
329 next_scr2_rtc_update(s);
330 s->old_scr2 = s->scr2;
331 break;
332
333 default:
334 DPRINTF("MMIO Write @ 0x%"HWADDR_PRIx " with 0x%x size %u\n", addr,
335 (unsigned int)val, size);
336 }
337 }
338
339 static const MemoryRegionOps next_mmio_ops = {
340 .read = next_mmio_read,
341 .write = next_mmio_write,
342 .valid.min_access_size = 1,
343 .valid.max_access_size = 4,
344 .endianness = DEVICE_BIG_ENDIAN,
345 };
346
347 #define SCSICSR_ENABLE 0x01
348 #define SCSICSR_RESET 0x02 /* reset scsi dma */
349 #define SCSICSR_FIFOFL 0x04
350 #define SCSICSR_DMADIR 0x08 /* if set, scsi to mem */
351 #define SCSICSR_CPUDMA 0x10 /* if set, dma enabled */
352 #define SCSICSR_INTMASK 0x20 /* if set, interrupt enabled */
353
next_scr_readfn(void * opaque,hwaddr addr,unsigned size)354 static uint64_t next_scr_readfn(void *opaque, hwaddr addr, unsigned size)
355 {
356 NeXTPC *s = NEXT_PC(opaque);
357 uint64_t val;
358
359 switch (addr) {
360 case 0x14108:
361 DPRINTF("FD read @ %x\n", (unsigned int)addr);
362 val = 0x40 | 0x04 | 0x2 | 0x1;
363 break;
364
365 case 0x14020:
366 DPRINTF("SCSI 4020 STATUS READ %X\n", s->scsi_csr_1);
367 val = s->scsi_csr_1;
368 break;
369
370 case 0x14021:
371 DPRINTF("SCSI 4021 STATUS READ %X\n", s->scsi_csr_2);
372 val = 0x40;
373 break;
374
375 /*
376 * These 4 registers are the hardware timer, not sure which register
377 * is the latch instead of data, but no problems so far.
378 *
379 * Hack: We need to have the LSB change consistently to make it work
380 */
381 case 0x1a000 ... 0x1a003:
382 val = extract32(clock(), (4 - (addr - 0x1a000) - size) << 3,
383 size << 3);
384 break;
385
386 /* For now return dummy byte to allow the Ethernet test to timeout */
387 case 0x6000:
388 val = 0xff;
389 break;
390
391 default:
392 DPRINTF("BMAP Read @ 0x%x size %u\n", (unsigned int)addr, size);
393 val = 0;
394 break;
395 }
396
397 return val;
398 }
399
next_scr_writefn(void * opaque,hwaddr addr,uint64_t val,unsigned size)400 static void next_scr_writefn(void *opaque, hwaddr addr, uint64_t val,
401 unsigned size)
402 {
403 NeXTPC *s = NEXT_PC(opaque);
404
405 switch (addr) {
406 case 0x14108:
407 DPRINTF("FDCSR Write: %x\n", value);
408 if (val == 0x0) {
409 /* qemu_irq_raise(s->fd_irq[0]); */
410 }
411 break;
412
413 case 0x14020: /* SCSI Control Register */
414 if (val & SCSICSR_FIFOFL) {
415 DPRINTF("SCSICSR FIFO Flush\n");
416 /* will have to add another irq to the esp if this is needed */
417 /* esp_puflush_fifo(esp_g); */
418 }
419
420 if (val & SCSICSR_ENABLE) {
421 DPRINTF("SCSICSR Enable\n");
422 /*
423 * qemu_irq_raise(s->scsi_dma);
424 * s->scsi_csr_1 = 0xc0;
425 * s->scsi_csr_1 |= 0x1;
426 * qemu_irq_pulse(s->scsi_dma);
427 */
428 }
429 /*
430 * else
431 * s->scsi_csr_1 &= ~SCSICSR_ENABLE;
432 */
433
434 if (val & SCSICSR_RESET) {
435 DPRINTF("SCSICSR Reset\n");
436 /* I think this should set DMADIR. CPUDMA and INTMASK to 0 */
437 qemu_irq_raise(s->scsi_reset);
438 s->scsi_csr_1 &= ~(SCSICSR_INTMASK | 0x80 | 0x1);
439 qemu_irq_lower(s->scsi_reset);
440 }
441 if (val & SCSICSR_DMADIR) {
442 DPRINTF("SCSICSR DMAdir\n");
443 }
444 if (val & SCSICSR_CPUDMA) {
445 DPRINTF("SCSICSR CPUDMA\n");
446 /* qemu_irq_raise(s->scsi_dma); */
447 s->int_status |= 0x4000000;
448 } else {
449 /* fprintf(stderr,"SCSICSR CPUDMA disabled\n"); */
450 s->int_status &= ~(0x4000000);
451 /* qemu_irq_lower(s->scsi_dma); */
452 }
453 if (val & SCSICSR_INTMASK) {
454 DPRINTF("SCSICSR INTMASK\n");
455 /*
456 * int_mask &= ~0x1000;
457 * s->scsi_csr_1 |= val;
458 * s->scsi_csr_1 &= ~SCSICSR_INTMASK;
459 * if (s->scsi_queued) {
460 * s->scsi_queued = 0;
461 * next_irq(s, NEXT_SCSI_I, level);
462 * }
463 */
464 } else {
465 /* int_mask |= 0x1000; */
466 }
467 if (val & 0x80) {
468 /* int_mask |= 0x1000; */
469 /* s->scsi_csr_1 |= 0x80; */
470 }
471 DPRINTF("SCSICSR Write: %x\n", val);
472 /* s->scsi_csr_1 = val; */
473 break;
474
475 /* Hardware timer latch - not implemented yet */
476 case 0x1a000:
477 default:
478 DPRINTF("BMAP Write @ 0x%x with 0x%x size %u\n", (unsigned int)addr,
479 val, size);
480 }
481 }
482
483 static const MemoryRegionOps next_scr_ops = {
484 .read = next_scr_readfn,
485 .write = next_scr_writefn,
486 .valid.min_access_size = 1,
487 .valid.max_access_size = 4,
488 .endianness = DEVICE_BIG_ENDIAN,
489 };
490
491 #define NEXTDMA_SCSI(x) (0x10 + x)
492 #define NEXTDMA_FD(x) (0x10 + x)
493 #define NEXTDMA_ENTX(x) (0x110 + x)
494 #define NEXTDMA_ENRX(x) (0x150 + x)
495 #define NEXTDMA_CSR 0x0
496 #define NEXTDMA_NEXT 0x4000
497 #define NEXTDMA_LIMIT 0x4004
498 #define NEXTDMA_START 0x4008
499 #define NEXTDMA_STOP 0x400c
500 #define NEXTDMA_NEXT_INIT 0x4200
501 #define NEXTDMA_SIZE 0x4204
502
next_dma_write(void * opaque,hwaddr addr,uint64_t val,unsigned int size)503 static void next_dma_write(void *opaque, hwaddr addr, uint64_t val,
504 unsigned int size)
505 {
506 NeXTState *next_state = NEXT_MACHINE(opaque);
507
508 switch (addr) {
509 case NEXTDMA_ENRX(NEXTDMA_CSR):
510 if (val & DMA_DEV2M) {
511 next_state->dma[NEXTDMA_ENRX].csr |= DMA_DEV2M;
512 }
513
514 if (val & DMA_SETENABLE) {
515 /* DPRINTF("SCSI DMA ENABLE\n"); */
516 next_state->dma[NEXTDMA_ENRX].csr |= DMA_ENABLE;
517 }
518 if (val & DMA_SETSUPDATE) {
519 next_state->dma[NEXTDMA_ENRX].csr |= DMA_SUPDATE;
520 }
521 if (val & DMA_CLRCOMPLETE) {
522 next_state->dma[NEXTDMA_ENRX].csr &= ~DMA_COMPLETE;
523 }
524
525 if (val & DMA_RESET) {
526 next_state->dma[NEXTDMA_ENRX].csr &= ~(DMA_COMPLETE | DMA_SUPDATE |
527 DMA_ENABLE | DMA_DEV2M);
528 }
529 /* DPRINTF("RXCSR \tWrite: %x\n",value); */
530 break;
531
532 case NEXTDMA_ENRX(NEXTDMA_NEXT_INIT):
533 next_state->dma[NEXTDMA_ENRX].next_initbuf = val;
534 break;
535
536 case NEXTDMA_ENRX(NEXTDMA_NEXT):
537 next_state->dma[NEXTDMA_ENRX].next = val;
538 break;
539
540 case NEXTDMA_ENRX(NEXTDMA_LIMIT):
541 next_state->dma[NEXTDMA_ENRX].limit = val;
542 break;
543
544 case NEXTDMA_SCSI(NEXTDMA_CSR):
545 if (val & DMA_DEV2M) {
546 next_state->dma[NEXTDMA_SCSI].csr |= DMA_DEV2M;
547 }
548 if (val & DMA_SETENABLE) {
549 /* DPRINTF("SCSI DMA ENABLE\n"); */
550 next_state->dma[NEXTDMA_SCSI].csr |= DMA_ENABLE;
551 }
552 if (val & DMA_SETSUPDATE) {
553 next_state->dma[NEXTDMA_SCSI].csr |= DMA_SUPDATE;
554 }
555 if (val & DMA_CLRCOMPLETE) {
556 next_state->dma[NEXTDMA_SCSI].csr &= ~DMA_COMPLETE;
557 }
558
559 if (val & DMA_RESET) {
560 next_state->dma[NEXTDMA_SCSI].csr &= ~(DMA_COMPLETE | DMA_SUPDATE |
561 DMA_ENABLE | DMA_DEV2M);
562 /* DPRINTF("SCSI DMA RESET\n"); */
563 }
564 /* DPRINTF("RXCSR \tWrite: %x\n",value); */
565 break;
566
567 case NEXTDMA_SCSI(NEXTDMA_NEXT):
568 next_state->dma[NEXTDMA_SCSI].next = val;
569 break;
570
571 case NEXTDMA_SCSI(NEXTDMA_LIMIT):
572 next_state->dma[NEXTDMA_SCSI].limit = val;
573 break;
574
575 case NEXTDMA_SCSI(NEXTDMA_START):
576 next_state->dma[NEXTDMA_SCSI].start = val;
577 break;
578
579 case NEXTDMA_SCSI(NEXTDMA_STOP):
580 next_state->dma[NEXTDMA_SCSI].stop = val;
581 break;
582
583 case NEXTDMA_SCSI(NEXTDMA_NEXT_INIT):
584 next_state->dma[NEXTDMA_SCSI].next_initbuf = val;
585 break;
586
587 default:
588 DPRINTF("DMA write @ %x w/ %x\n", (unsigned)addr, (unsigned)value);
589 }
590 }
591
next_dma_read(void * opaque,hwaddr addr,unsigned int size)592 static uint64_t next_dma_read(void *opaque, hwaddr addr, unsigned int size)
593 {
594 NeXTState *next_state = NEXT_MACHINE(opaque);
595 uint64_t val;
596
597 switch (addr) {
598 case NEXTDMA_SCSI(NEXTDMA_CSR):
599 DPRINTF("SCSI DMA CSR READ\n");
600 val = next_state->dma[NEXTDMA_SCSI].csr;
601 break;
602
603 case NEXTDMA_ENRX(NEXTDMA_CSR):
604 val = next_state->dma[NEXTDMA_ENRX].csr;
605 break;
606
607 case NEXTDMA_ENRX(NEXTDMA_NEXT_INIT):
608 val = next_state->dma[NEXTDMA_ENRX].next_initbuf;
609 break;
610
611 case NEXTDMA_ENRX(NEXTDMA_NEXT):
612 val = next_state->dma[NEXTDMA_ENRX].next;
613 break;
614
615 case NEXTDMA_ENRX(NEXTDMA_LIMIT):
616 val = next_state->dma[NEXTDMA_ENRX].limit;
617 break;
618
619 case NEXTDMA_SCSI(NEXTDMA_NEXT):
620 val = next_state->dma[NEXTDMA_SCSI].next;
621 break;
622
623 case NEXTDMA_SCSI(NEXTDMA_NEXT_INIT):
624 val = next_state->dma[NEXTDMA_SCSI].next_initbuf;
625 break;
626
627 case NEXTDMA_SCSI(NEXTDMA_LIMIT):
628 val = next_state->dma[NEXTDMA_SCSI].limit;
629 break;
630
631 case NEXTDMA_SCSI(NEXTDMA_START):
632 val = next_state->dma[NEXTDMA_SCSI].start;
633 break;
634
635 case NEXTDMA_SCSI(NEXTDMA_STOP):
636 val = next_state->dma[NEXTDMA_SCSI].stop;
637 break;
638
639 default:
640 DPRINTF("DMA read @ %x\n", (unsigned int)addr);
641 val = 0;
642 }
643
644 /*
645 * once the csr's are done, subtract 0x3FEC from the addr, and that will
646 * normalize the upper registers
647 */
648
649 return val;
650 }
651
652 static const MemoryRegionOps next_dma_ops = {
653 .read = next_dma_read,
654 .write = next_dma_write,
655 .impl.min_access_size = 4,
656 .valid.min_access_size = 4,
657 .valid.max_access_size = 4,
658 .endianness = DEVICE_BIG_ENDIAN,
659 };
660
next_irq(void * opaque,int number,int level)661 static void next_irq(void *opaque, int number, int level)
662 {
663 NeXTPC *s = NEXT_PC(opaque);
664 M68kCPU *cpu = s->cpu;
665 int shift = 0;
666
667 /* first switch sets interrupt status */
668 /* DPRINTF("IRQ %i\n",number); */
669 switch (number) {
670 /* level 3 - floppy, kbd/mouse, power, ether rx/tx, scsi, clock */
671 case NEXT_FD_I:
672 shift = 7;
673 break;
674 case NEXT_KBD_I:
675 shift = 3;
676 break;
677 case NEXT_PWR_I:
678 shift = 2;
679 break;
680 case NEXT_ENRX_I:
681 shift = 9;
682 break;
683 case NEXT_ENTX_I:
684 shift = 10;
685 break;
686 case NEXT_SCSI_I:
687 shift = 12;
688 break;
689 case NEXT_CLK_I:
690 shift = 5;
691 break;
692
693 /* level 5 - scc (serial) */
694 case NEXT_SCC_I:
695 shift = 17;
696 break;
697
698 /* level 6 - audio etherrx/tx dma */
699 case NEXT_ENTX_DMA_I:
700 shift = 28;
701 break;
702 case NEXT_ENRX_DMA_I:
703 shift = 27;
704 break;
705 case NEXT_SCSI_DMA_I:
706 shift = 26;
707 break;
708 case NEXT_SND_I:
709 shift = 23;
710 break;
711 case NEXT_SCC_DMA_I:
712 shift = 21;
713 break;
714
715 }
716 /*
717 * this HAS to be wrong, the interrupt handlers in mach and together
718 * int_status and int_mask and return if there is a hit
719 */
720 if (s->int_mask & (1 << shift)) {
721 DPRINTF("%x interrupt masked @ %x\n", 1 << shift, cpu->env.pc);
722 /* return; */
723 }
724
725 /* second switch triggers the correct interrupt */
726 if (level) {
727 s->int_status |= 1 << shift;
728
729 switch (number) {
730 /* level 3 - floppy, kbd/mouse, power, ether rx/tx, scsi, clock */
731 case NEXT_FD_I:
732 case NEXT_KBD_I:
733 case NEXT_PWR_I:
734 case NEXT_ENRX_I:
735 case NEXT_ENTX_I:
736 case NEXT_SCSI_I:
737 case NEXT_CLK_I:
738 m68k_set_irq_level(cpu, 3, 27);
739 break;
740
741 /* level 5 - scc (serial) */
742 case NEXT_SCC_I:
743 m68k_set_irq_level(cpu, 5, 29);
744 break;
745
746 /* level 6 - audio etherrx/tx dma */
747 case NEXT_ENTX_DMA_I:
748 case NEXT_ENRX_DMA_I:
749 case NEXT_SCSI_DMA_I:
750 case NEXT_SND_I:
751 case NEXT_SCC_DMA_I:
752 m68k_set_irq_level(cpu, 6, 30);
753 break;
754 }
755 } else {
756 s->int_status &= ~(1 << shift);
757 cpu_reset_interrupt(CPU(cpu), CPU_INTERRUPT_HARD);
758 }
759 }
760
nextdma_write(void * opaque,uint8_t * buf,int size,int type)761 static void nextdma_write(void *opaque, uint8_t *buf, int size, int type)
762 {
763 uint32_t base_addr;
764 int irq = 0;
765 uint8_t align = 16;
766 NeXTState *next_state = NEXT_MACHINE(qdev_get_machine());
767
768 if (type == NEXTDMA_ENRX || type == NEXTDMA_ENTX) {
769 align = 32;
770 }
771 /* Most DMA is supposedly 16 byte aligned */
772 if ((size % align) != 0) {
773 size -= size % align;
774 size += align;
775 }
776
777 /*
778 * prom sets the dma start using initbuf while the bootloader uses next
779 * so we check to see if initbuf is 0
780 */
781 if (next_state->dma[type].next_initbuf == 0) {
782 base_addr = next_state->dma[type].next;
783 } else {
784 base_addr = next_state->dma[type].next_initbuf;
785 }
786
787 cpu_physical_memory_write(base_addr, buf, size);
788
789 next_state->dma[type].next_initbuf = 0;
790
791 /* saved limit is checked to calculate packet size by both, rom and netbsd */
792 next_state->dma[type].saved_limit = (next_state->dma[type].next + size);
793 next_state->dma[type].saved_next = (next_state->dma[type].next);
794
795 /*
796 * 32 bytes under savedbase seems to be some kind of register
797 * of which the purpose is unknown as of yet
798 */
799 /* stl_phys(s->rx_dma.base-32,0xFFFFFFFF); */
800
801 if (!(next_state->dma[type].csr & DMA_SUPDATE)) {
802 next_state->dma[type].next = next_state->dma[type].start;
803 next_state->dma[type].limit = next_state->dma[type].stop;
804 }
805
806 /* Set dma registers and raise an irq */
807 next_state->dma[type].csr |= DMA_COMPLETE; /* DON'T CHANGE THIS! */
808
809 switch (type) {
810 case NEXTDMA_SCSI:
811 irq = NEXT_SCSI_DMA_I;
812 break;
813 }
814
815 next_irq(opaque, irq, 1);
816 next_irq(opaque, irq, 0);
817 }
818
nextscsi_read(void * opaque,uint8_t * buf,int len)819 static void nextscsi_read(void *opaque, uint8_t *buf, int len)
820 {
821 DPRINTF("SCSI READ: %x\n", len);
822 abort();
823 }
824
nextscsi_write(void * opaque,uint8_t * buf,int size)825 static void nextscsi_write(void *opaque, uint8_t *buf, int size)
826 {
827 DPRINTF("SCSI WRITE: %i\n", size);
828 nextdma_write(opaque, buf, size, NEXTDMA_SCSI);
829 }
830
next_scsi_init(DeviceState * pcdev,M68kCPU * cpu)831 static void next_scsi_init(DeviceState *pcdev, M68kCPU *cpu)
832 {
833 struct NeXTPC *next_pc = NEXT_PC(pcdev);
834 DeviceState *dev;
835 SysBusDevice *sysbusdev;
836 SysBusESPState *sysbus_esp;
837 ESPState *esp;
838
839 dev = qdev_new(TYPE_SYSBUS_ESP);
840 sysbus_esp = SYSBUS_ESP(dev);
841 esp = &sysbus_esp->esp;
842 esp->dma_memory_read = nextscsi_read;
843 esp->dma_memory_write = nextscsi_write;
844 esp->dma_opaque = pcdev;
845 sysbus_esp->it_shift = 0;
846 esp->dma_enabled = 1;
847 sysbusdev = SYS_BUS_DEVICE(dev);
848 sysbus_realize_and_unref(sysbusdev, &error_fatal);
849 sysbus_connect_irq(sysbusdev, 0, qdev_get_gpio_in(pcdev, NEXT_SCSI_I));
850 sysbus_mmio_map(sysbusdev, 0, 0x2114000);
851
852 next_pc->scsi_reset = qdev_get_gpio_in(dev, 0);
853 next_pc->scsi_dma = qdev_get_gpio_in(dev, 1);
854
855 scsi_bus_legacy_handle_cmdline(&esp->bus);
856 }
857
next_escc_init(DeviceState * pcdev)858 static void next_escc_init(DeviceState *pcdev)
859 {
860 DeviceState *dev;
861 SysBusDevice *s;
862
863 dev = qdev_new(TYPE_ESCC);
864 qdev_prop_set_uint32(dev, "disabled", 0);
865 qdev_prop_set_uint32(dev, "frequency", 9600 * 384);
866 qdev_prop_set_uint32(dev, "it_shift", 0);
867 qdev_prop_set_bit(dev, "bit_swap", true);
868 qdev_prop_set_chr(dev, "chrB", serial_hd(1));
869 qdev_prop_set_chr(dev, "chrA", serial_hd(0));
870 qdev_prop_set_uint32(dev, "chnBtype", escc_serial);
871 qdev_prop_set_uint32(dev, "chnAtype", escc_serial);
872
873 s = SYS_BUS_DEVICE(dev);
874 sysbus_realize_and_unref(s, &error_fatal);
875 sysbus_connect_irq(s, 0, qdev_get_gpio_in(pcdev, NEXT_SCC_I));
876 sysbus_connect_irq(s, 1, qdev_get_gpio_in(pcdev, NEXT_SCC_DMA_I));
877 sysbus_mmio_map(s, 0, 0x2118000);
878 }
879
next_pc_reset(DeviceState * dev)880 static void next_pc_reset(DeviceState *dev)
881 {
882 NeXTPC *s = NEXT_PC(dev);
883
884 /* Set internal registers to initial values */
885 /* 0x0000XX00 << vital bits */
886 s->scr1 = 0x00011102;
887 s->scr2 = 0x00ff0c80;
888 s->old_scr2 = s->scr2;
889
890 s->rtc.status = 0x90;
891
892 /* Load RTC RAM - TODO: provide possibility to load contents from file */
893 memcpy(s->rtc.ram, rtc_ram2, 32);
894 }
895
next_pc_realize(DeviceState * dev,Error ** errp)896 static void next_pc_realize(DeviceState *dev, Error **errp)
897 {
898 NeXTPC *s = NEXT_PC(dev);
899 SysBusDevice *sbd = SYS_BUS_DEVICE(dev);
900
901 qdev_init_gpio_in(dev, next_irq, NEXT_NUM_IRQS);
902
903 memory_region_init_io(&s->mmiomem, OBJECT(s), &next_mmio_ops, s,
904 "next.mmio", 0xd0000);
905 memory_region_init_io(&s->scrmem, OBJECT(s), &next_scr_ops, s,
906 "next.scr", 0x20000);
907 sysbus_init_mmio(sbd, &s->mmiomem);
908 sysbus_init_mmio(sbd, &s->scrmem);
909 }
910
911 /*
912 * If the m68k CPU implemented its inbound irq lines as GPIO lines
913 * rather than via the m68k_set_irq_level() function we would not need
914 * this cpu link property and could instead provide outbound IRQ lines
915 * that the board could wire up to the CPU.
916 */
917 static Property next_pc_properties[] = {
918 DEFINE_PROP_LINK("cpu", NeXTPC, cpu, TYPE_M68K_CPU, M68kCPU *),
919 DEFINE_PROP_END_OF_LIST(),
920 };
921
922 static const VMStateDescription next_rtc_vmstate = {
923 .name = "next-rtc",
924 .version_id = 2,
925 .minimum_version_id = 2,
926 .fields = (const VMStateField[]) {
927 VMSTATE_INT8(phase, NextRtc),
928 VMSTATE_UINT8_ARRAY(ram, NextRtc, 32),
929 VMSTATE_UINT8(command, NextRtc),
930 VMSTATE_UINT8(value, NextRtc),
931 VMSTATE_UINT8(status, NextRtc),
932 VMSTATE_UINT8(control, NextRtc),
933 VMSTATE_UINT8(retval, NextRtc),
934 VMSTATE_END_OF_LIST()
935 },
936 };
937
938 static const VMStateDescription next_pc_vmstate = {
939 .name = "next-pc",
940 .version_id = 2,
941 .minimum_version_id = 2,
942 .fields = (const VMStateField[]) {
943 VMSTATE_UINT32(scr1, NeXTPC),
944 VMSTATE_UINT32(scr2, NeXTPC),
945 VMSTATE_UINT32(old_scr2, NeXTPC),
946 VMSTATE_UINT32(int_mask, NeXTPC),
947 VMSTATE_UINT32(int_status, NeXTPC),
948 VMSTATE_UINT32(led, NeXTPC),
949 VMSTATE_UINT8(scsi_csr_1, NeXTPC),
950 VMSTATE_UINT8(scsi_csr_2, NeXTPC),
951 VMSTATE_STRUCT(rtc, NeXTPC, 0, next_rtc_vmstate, NextRtc),
952 VMSTATE_END_OF_LIST()
953 },
954 };
955
next_pc_class_init(ObjectClass * klass,void * data)956 static void next_pc_class_init(ObjectClass *klass, void *data)
957 {
958 DeviceClass *dc = DEVICE_CLASS(klass);
959
960 dc->desc = "NeXT Peripheral Controller";
961 dc->realize = next_pc_realize;
962 dc->reset = next_pc_reset;
963 device_class_set_props(dc, next_pc_properties);
964 dc->vmsd = &next_pc_vmstate;
965 }
966
967 static const TypeInfo next_pc_info = {
968 .name = TYPE_NEXT_PC,
969 .parent = TYPE_SYS_BUS_DEVICE,
970 .instance_size = sizeof(NeXTPC),
971 .class_init = next_pc_class_init,
972 };
973
next_cube_init(MachineState * machine)974 static void next_cube_init(MachineState *machine)
975 {
976 NeXTState *m = NEXT_MACHINE(machine);
977 M68kCPU *cpu;
978 CPUM68KState *env;
979 MemoryRegion *sysmem = get_system_memory();
980 const char *bios_name = machine->firmware ?: ROM_FILE;
981 DeviceState *pcdev;
982
983 /* Initialize the cpu core */
984 cpu = M68K_CPU(cpu_create(machine->cpu_type));
985 if (!cpu) {
986 error_report("Unable to find m68k CPU definition");
987 exit(1);
988 }
989 env = &cpu->env;
990
991 /* Initialize CPU registers. */
992 env->vbr = 0;
993 env->sr = 0x2700;
994
995 /* Peripheral Controller */
996 pcdev = qdev_new(TYPE_NEXT_PC);
997 object_property_set_link(OBJECT(pcdev), "cpu", OBJECT(cpu), &error_abort);
998 sysbus_realize_and_unref(SYS_BUS_DEVICE(pcdev), &error_fatal);
999
1000 /* 64MB RAM starting at 0x04000000 */
1001 memory_region_add_subregion(sysmem, 0x04000000, machine->ram);
1002
1003 /* Framebuffer */
1004 sysbus_create_simple(TYPE_NEXTFB, 0x0B000000, NULL);
1005
1006 /* MMIO */
1007 sysbus_mmio_map(SYS_BUS_DEVICE(pcdev), 0, 0x02000000);
1008
1009 /* BMAP IO - acts as a catch-all for now */
1010 sysbus_mmio_map(SYS_BUS_DEVICE(pcdev), 1, 0x02100000);
1011
1012 /* BMAP memory */
1013 memory_region_init_ram_flags_nomigrate(&m->bmapm1, NULL, "next.bmapmem",
1014 64, RAM_SHARED, &error_fatal);
1015 memory_region_add_subregion(sysmem, 0x020c0000, &m->bmapm1);
1016 /* The Rev_2.5_v66.bin firmware accesses it at 0x820c0020, too */
1017 memory_region_init_alias(&m->bmapm2, NULL, "next.bmapmem2", &m->bmapm1,
1018 0x0, 64);
1019 memory_region_add_subregion(sysmem, 0x820c0000, &m->bmapm2);
1020
1021 /* KBD */
1022 sysbus_create_simple(TYPE_NEXTKBD, 0x0200e000, NULL);
1023
1024 /* Load ROM here */
1025 memory_region_init_rom(&m->rom, NULL, "next.rom", 0x20000, &error_fatal);
1026 memory_region_add_subregion(sysmem, 0x01000000, &m->rom);
1027 memory_region_init_alias(&m->rom2, NULL, "next.rom2", &m->rom, 0x0,
1028 0x20000);
1029 memory_region_add_subregion(sysmem, 0x0, &m->rom2);
1030 if (load_image_targphys(bios_name, 0x01000000, 0x20000) < 8) {
1031 if (!qtest_enabled()) {
1032 error_report("Failed to load firmware '%s'.", bios_name);
1033 }
1034 } else {
1035 uint8_t *ptr;
1036 /* Initial PC is always at offset 4 in firmware binaries */
1037 ptr = rom_ptr(0x01000004, 4);
1038 g_assert(ptr != NULL);
1039 env->pc = ldl_p(ptr);
1040 if (env->pc >= 0x01020000) {
1041 error_report("'%s' does not seem to be a valid firmware image.",
1042 bios_name);
1043 exit(1);
1044 }
1045 }
1046
1047 /* Serial */
1048 next_escc_init(pcdev);
1049
1050 /* TODO: */
1051 /* Network */
1052 /* SCSI */
1053 next_scsi_init(pcdev, cpu);
1054
1055 /* DMA */
1056 memory_region_init_io(&m->dmamem, NULL, &next_dma_ops, machine,
1057 "next.dma", 0x5000);
1058 memory_region_add_subregion(sysmem, 0x02000000, &m->dmamem);
1059 }
1060
next_machine_class_init(ObjectClass * oc,void * data)1061 static void next_machine_class_init(ObjectClass *oc, void *data)
1062 {
1063 MachineClass *mc = MACHINE_CLASS(oc);
1064
1065 mc->desc = "NeXT Cube";
1066 mc->init = next_cube_init;
1067 mc->block_default_type = IF_SCSI;
1068 mc->default_ram_size = RAM_SIZE;
1069 mc->default_ram_id = "next.ram";
1070 mc->default_cpu_type = M68K_CPU_TYPE_NAME("m68040");
1071 }
1072
1073 static const TypeInfo next_typeinfo = {
1074 .name = TYPE_NEXT_MACHINE,
1075 .parent = TYPE_MACHINE,
1076 .class_init = next_machine_class_init,
1077 .instance_size = sizeof(NeXTState),
1078 };
1079
next_register_type(void)1080 static void next_register_type(void)
1081 {
1082 type_register_static(&next_typeinfo);
1083 type_register_static(&next_pc_info);
1084 }
1085
1086 type_init(next_register_type)
1087