1 /* 2 * NeXT Cube System Driver 3 * 4 * Copyright (c) 2011 Bryce Lanham 5 * 6 * This code is free software; you can redistribute it and/or modify 7 * it under the terms of the GNU General Public License as published 8 * by the Free Software Foundation; either version 2 of the License, 9 * or (at your option) any later version. 10 */ 11 12 #include "qemu/osdep.h" 13 #include "exec/hwaddr.h" 14 #include "system/system.h" 15 #include "system/qtest.h" 16 #include "hw/irq.h" 17 #include "hw/m68k/next-cube.h" 18 #include "hw/boards.h" 19 #include "hw/loader.h" 20 #include "hw/scsi/esp.h" 21 #include "hw/sysbus.h" 22 #include "qom/object.h" 23 #include "hw/char/escc.h" /* ZILOG 8530 Serial Emulation */ 24 #include "hw/block/fdc.h" 25 #include "hw/misc/empty_slot.h" 26 #include "hw/qdev-properties.h" 27 #include "qapi/error.h" 28 #include "qemu/error-report.h" 29 #include "ui/console.h" 30 #include "target/m68k/cpu.h" 31 #include "migration/vmstate.h" 32 33 /* #define DEBUG_NEXT */ 34 #ifdef DEBUG_NEXT 35 #define DPRINTF(fmt, ...) \ 36 do { printf("NeXT: " fmt , ## __VA_ARGS__); } while (0) 37 #else 38 #define DPRINTF(fmt, ...) do { } while (0) 39 #endif 40 41 #define ENTRY 0x0100001e 42 #define RAM_SIZE 0x4000000 43 #define ROM_FILE "Rev_2.5_v66.bin" 44 45 typedef struct NeXTRTC { 46 int8_t phase; 47 uint8_t ram[32]; 48 uint8_t command; 49 uint8_t value; 50 uint8_t status; 51 uint8_t control; 52 uint8_t retval; 53 } NeXTRTC; 54 55 #define TYPE_NEXT_SCSI "next-scsi" 56 OBJECT_DECLARE_SIMPLE_TYPE(NeXTSCSI, NEXT_SCSI) 57 58 /* NeXT SCSI Controller */ 59 struct NeXTSCSI { 60 SysBusDevice parent_obj; 61 62 MemoryRegion scsi_mem; 63 64 SysBusESPState sysbus_esp; 65 66 MemoryRegion scsi_csr_mem; 67 uint8_t scsi_csr_1; 68 uint8_t scsi_csr_2; 69 }; 70 71 #define TYPE_NEXT_PC "next-pc" 72 OBJECT_DECLARE_SIMPLE_TYPE(NeXTPC, NEXT_PC) 73 74 /* NeXT Peripheral Controller */ 75 struct NeXTPC { 76 SysBusDevice parent_obj; 77 78 M68kCPU *cpu; 79 80 MemoryRegion floppy_mem; 81 MemoryRegion timer_mem; 82 MemoryRegion dummyen_mem; 83 MemoryRegion mmiomem; 84 MemoryRegion scrmem; 85 86 uint32_t scr1; 87 uint32_t scr2; 88 uint32_t old_scr2; 89 uint32_t int_mask; 90 uint32_t int_status; 91 uint32_t led; 92 93 NeXTSCSI next_scsi; 94 95 qemu_irq scsi_reset; 96 qemu_irq scsi_dma; 97 98 ESCCState escc; 99 100 NeXTRTC rtc; 101 }; 102 103 typedef struct next_dma { 104 uint32_t csr; 105 106 uint32_t saved_next; 107 uint32_t saved_limit; 108 uint32_t saved_start; 109 uint32_t saved_stop; 110 111 uint32_t next; 112 uint32_t limit; 113 uint32_t start; 114 uint32_t stop; 115 116 uint32_t next_initbuf; 117 uint32_t size; 118 } next_dma; 119 120 #define TYPE_NEXT_MACHINE MACHINE_TYPE_NAME("next-cube") 121 OBJECT_DECLARE_SIMPLE_TYPE(NeXTState, NEXT_MACHINE) 122 123 struct NeXTState { 124 MachineState parent; 125 126 MemoryRegion rom; 127 MemoryRegion rom2; 128 MemoryRegion dmamem; 129 MemoryRegion bmapm1; 130 MemoryRegion bmapm2; 131 132 next_dma dma[10]; 133 }; 134 135 /* Thanks to NeXT forums for this */ 136 /* 137 static const uint8_t rtc_ram3[32] = { 138 0x94, 0x0f, 0x40, 0x00, 0x00, 0x00, 0x00, 0x00, 139 0x00, 0x00, 0xfb, 0x6d, 0x00, 0x00, 0x7B, 0x00, 140 0x00, 0x00, 0x65, 0x6e, 0x00, 0x00, 0x00, 0x00, 141 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x50, 0x13 142 }; 143 */ 144 static const uint8_t rtc_ram2[32] = { 145 0x94, 0x0f, 0x40, 0x03, 0x00, 0x00, 0x00, 0x00, 146 0x00, 0x00, 0xfb, 0x6d, 0x00, 0x00, 0x4b, 0x00, 147 0x41, 0x00, 0x20, 0x00, 0x00, 0x00, 0x00, 0x00, 148 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x84, 0x7e, 149 }; 150 151 #define SCR2_RTCLK 0x2 152 #define SCR2_RTDATA 0x4 153 #define SCR2_TOBCD(x) (((x / 10) << 4) + (x % 10)) 154 155 static void next_scr2_led_update(NeXTPC *s) 156 { 157 if (s->scr2 & 0x1) { 158 DPRINTF("fault!\n"); 159 s->led++; 160 if (s->led == 10) { 161 DPRINTF("LED flashing, possible fault!\n"); 162 s->led = 0; 163 } 164 } 165 } 166 167 static void next_scr2_rtc_update(NeXTPC *s) 168 { 169 uint8_t old_scr2, scr2_2; 170 NeXTRTC *rtc = &s->rtc; 171 172 old_scr2 = extract32(s->old_scr2, 8, 8); 173 scr2_2 = extract32(s->scr2, 8, 8); 174 175 if (scr2_2 & 0x1) { 176 /* DPRINTF("RTC %x phase %i\n", scr2_2, rtc->phase); */ 177 if (rtc->phase == -1) { 178 rtc->phase = 0; 179 } 180 /* If we are in going down clock... do something */ 181 if (((old_scr2 & SCR2_RTCLK) != (scr2_2 & SCR2_RTCLK)) && 182 ((scr2_2 & SCR2_RTCLK) == 0)) { 183 if (rtc->phase < 8) { 184 rtc->command = (rtc->command << 1) | 185 ((scr2_2 & SCR2_RTDATA) ? 1 : 0); 186 } 187 if (rtc->phase >= 8 && rtc->phase < 16) { 188 rtc->value = (rtc->value << 1) | 189 ((scr2_2 & SCR2_RTDATA) ? 1 : 0); 190 191 /* if we read RAM register, output RT_DATA bit */ 192 if (rtc->command <= 0x1F) { 193 scr2_2 = scr2_2 & (~SCR2_RTDATA); 194 if (rtc->ram[rtc->command] & (0x80 >> (rtc->phase - 8))) { 195 scr2_2 |= SCR2_RTDATA; 196 } 197 198 rtc->retval = (rtc->retval << 1) | 199 ((scr2_2 & SCR2_RTDATA) ? 1 : 0); 200 } 201 /* read the status 0x30 */ 202 if (rtc->command == 0x30) { 203 scr2_2 = scr2_2 & (~SCR2_RTDATA); 204 /* for now status = 0x98 (new rtc + FTU) */ 205 if (rtc->status & (0x80 >> (rtc->phase - 8))) { 206 scr2_2 |= SCR2_RTDATA; 207 } 208 209 rtc->retval = (rtc->retval << 1) | 210 ((scr2_2 & SCR2_RTDATA) ? 1 : 0); 211 } 212 /* read the status 0x31 */ 213 if (rtc->command == 0x31) { 214 scr2_2 = scr2_2 & (~SCR2_RTDATA); 215 if (rtc->control & (0x80 >> (rtc->phase - 8))) { 216 scr2_2 |= SCR2_RTDATA; 217 } 218 rtc->retval = (rtc->retval << 1) | 219 ((scr2_2 & SCR2_RTDATA) ? 1 : 0); 220 } 221 222 if ((rtc->command >= 0x20) && (rtc->command <= 0x2F)) { 223 scr2_2 = scr2_2 & (~SCR2_RTDATA); 224 /* for now 0x00 */ 225 time_t time_h = time(NULL); 226 struct tm *info = localtime(&time_h); 227 int ret = 0; 228 229 switch (rtc->command) { 230 case 0x20: 231 ret = SCR2_TOBCD(info->tm_sec); 232 break; 233 case 0x21: 234 ret = SCR2_TOBCD(info->tm_min); 235 break; 236 case 0x22: 237 ret = SCR2_TOBCD(info->tm_hour); 238 break; 239 case 0x24: 240 ret = SCR2_TOBCD(info->tm_mday); 241 break; 242 case 0x25: 243 ret = SCR2_TOBCD((info->tm_mon + 1)); 244 break; 245 case 0x26: 246 ret = SCR2_TOBCD((info->tm_year - 100)); 247 break; 248 249 } 250 251 if (ret & (0x80 >> (rtc->phase - 8))) { 252 scr2_2 |= SCR2_RTDATA; 253 } 254 rtc->retval = (rtc->retval << 1) | 255 ((scr2_2 & SCR2_RTDATA) ? 1 : 0); 256 } 257 258 } 259 260 rtc->phase++; 261 if (rtc->phase == 16) { 262 if (rtc->command >= 0x80 && rtc->command <= 0x9F) { 263 rtc->ram[rtc->command - 0x80] = rtc->value; 264 } 265 /* write to x30 register */ 266 if (rtc->command == 0xB1) { 267 /* clear FTU */ 268 if (rtc->value & 0x04) { 269 rtc->status = rtc->status & (~0x18); 270 s->int_status = s->int_status & (~0x04); 271 } 272 } 273 } 274 } 275 } else { 276 /* else end or abort */ 277 rtc->phase = -1; 278 rtc->command = 0; 279 rtc->value = 0; 280 } 281 282 s->scr2 = deposit32(s->scr2, 8, 8, scr2_2); 283 } 284 285 static uint64_t next_mmio_read(void *opaque, hwaddr addr, unsigned size) 286 { 287 NeXTPC *s = NEXT_PC(opaque); 288 uint64_t val; 289 290 switch (addr) { 291 case 0x2000: /* 0x2007000 */ 292 /* DPRINTF("Read INT status: %x\n", s->int_status); */ 293 val = s->int_status; 294 break; 295 296 case 0x2800: /* 0x2007800 */ 297 DPRINTF("MMIO Read INT mask: %x\n", s->int_mask); 298 val = s->int_mask; 299 break; 300 301 case 0x7000 ... 0x7003: /* 0x200c000 */ 302 val = extract32(s->scr1, (4 - (addr - 0x7000) - size) << 3, 303 size << 3); 304 break; 305 306 case 0x8000 ... 0x8003: /* 0x200d000 */ 307 val = extract32(s->scr2, (4 - (addr - 0x8000) - size) << 3, 308 size << 3); 309 break; 310 311 default: 312 val = 0; 313 DPRINTF("MMIO Read @ 0x%"HWADDR_PRIx" size %d\n", addr, size); 314 break; 315 } 316 317 return val; 318 } 319 320 static void next_mmio_write(void *opaque, hwaddr addr, uint64_t val, 321 unsigned size) 322 { 323 NeXTPC *s = NEXT_PC(opaque); 324 325 switch (addr) { 326 case 0x2000: /* 0x2007000 */ 327 DPRINTF("INT Status old: %x new: %x\n", s->int_status, 328 (unsigned int)val); 329 s->int_status = val; 330 break; 331 332 case 0x2800: /* 0x2007800 */ 333 DPRINTF("INT Mask old: %x new: %x\n", s->int_mask, (unsigned int)val); 334 s->int_mask = val; 335 break; 336 337 case 0x7000 ... 0x7003: /* 0x200c000 */ 338 DPRINTF("SCR1 Write: %x\n", (unsigned int)val); 339 s->scr1 = deposit32(s->scr1, (4 - (addr - 0x7000) - size) << 3, 340 size << 3, val); 341 break; 342 343 case 0x8000 ... 0x8003: /* 0x200d000 */ 344 s->scr2 = deposit32(s->scr2, (4 - (addr - 0x8000) - size) << 3, 345 size << 3, val); 346 next_scr2_led_update(s); 347 next_scr2_rtc_update(s); 348 s->old_scr2 = s->scr2; 349 break; 350 351 default: 352 DPRINTF("MMIO Write @ 0x%"HWADDR_PRIx " with 0x%x size %u\n", addr, 353 (unsigned int)val, size); 354 } 355 } 356 357 static const MemoryRegionOps next_mmio_ops = { 358 .read = next_mmio_read, 359 .write = next_mmio_write, 360 .valid.min_access_size = 1, 361 .valid.max_access_size = 4, 362 .endianness = DEVICE_BIG_ENDIAN, 363 }; 364 365 #define SCSICSR_ENABLE 0x01 366 #define SCSICSR_RESET 0x02 /* reset scsi dma */ 367 #define SCSICSR_FIFOFL 0x04 368 #define SCSICSR_DMADIR 0x08 /* if set, scsi to mem */ 369 #define SCSICSR_CPUDMA 0x10 /* if set, dma enabled */ 370 #define SCSICSR_INTMASK 0x20 /* if set, interrupt enabled */ 371 372 #define NEXTDMA_SCSI(x) (0x10 + x) 373 #define NEXTDMA_FD(x) (0x10 + x) 374 #define NEXTDMA_ENTX(x) (0x110 + x) 375 #define NEXTDMA_ENRX(x) (0x150 + x) 376 #define NEXTDMA_CSR 0x0 377 #define NEXTDMA_NEXT 0x4000 378 #define NEXTDMA_LIMIT 0x4004 379 #define NEXTDMA_START 0x4008 380 #define NEXTDMA_STOP 0x400c 381 #define NEXTDMA_NEXT_INIT 0x4200 382 #define NEXTDMA_SIZE 0x4204 383 384 static void next_dma_write(void *opaque, hwaddr addr, uint64_t val, 385 unsigned int size) 386 { 387 NeXTState *next_state = NEXT_MACHINE(opaque); 388 389 switch (addr) { 390 case NEXTDMA_ENRX(NEXTDMA_CSR): 391 if (val & DMA_DEV2M) { 392 next_state->dma[NEXTDMA_ENRX].csr |= DMA_DEV2M; 393 } 394 395 if (val & DMA_SETENABLE) { 396 /* DPRINTF("SCSI DMA ENABLE\n"); */ 397 next_state->dma[NEXTDMA_ENRX].csr |= DMA_ENABLE; 398 } 399 if (val & DMA_SETSUPDATE) { 400 next_state->dma[NEXTDMA_ENRX].csr |= DMA_SUPDATE; 401 } 402 if (val & DMA_CLRCOMPLETE) { 403 next_state->dma[NEXTDMA_ENRX].csr &= ~DMA_COMPLETE; 404 } 405 406 if (val & DMA_RESET) { 407 next_state->dma[NEXTDMA_ENRX].csr &= ~(DMA_COMPLETE | DMA_SUPDATE | 408 DMA_ENABLE | DMA_DEV2M); 409 } 410 /* DPRINTF("RXCSR \tWrite: %x\n",value); */ 411 break; 412 413 case NEXTDMA_ENRX(NEXTDMA_NEXT_INIT): 414 next_state->dma[NEXTDMA_ENRX].next_initbuf = val; 415 break; 416 417 case NEXTDMA_ENRX(NEXTDMA_NEXT): 418 next_state->dma[NEXTDMA_ENRX].next = val; 419 break; 420 421 case NEXTDMA_ENRX(NEXTDMA_LIMIT): 422 next_state->dma[NEXTDMA_ENRX].limit = val; 423 break; 424 425 case NEXTDMA_SCSI(NEXTDMA_CSR): 426 if (val & DMA_DEV2M) { 427 next_state->dma[NEXTDMA_SCSI].csr |= DMA_DEV2M; 428 } 429 if (val & DMA_SETENABLE) { 430 /* DPRINTF("SCSI DMA ENABLE\n"); */ 431 next_state->dma[NEXTDMA_SCSI].csr |= DMA_ENABLE; 432 } 433 if (val & DMA_SETSUPDATE) { 434 next_state->dma[NEXTDMA_SCSI].csr |= DMA_SUPDATE; 435 } 436 if (val & DMA_CLRCOMPLETE) { 437 next_state->dma[NEXTDMA_SCSI].csr &= ~DMA_COMPLETE; 438 } 439 440 if (val & DMA_RESET) { 441 next_state->dma[NEXTDMA_SCSI].csr &= ~(DMA_COMPLETE | DMA_SUPDATE | 442 DMA_ENABLE | DMA_DEV2M); 443 /* DPRINTF("SCSI DMA RESET\n"); */ 444 } 445 /* DPRINTF("RXCSR \tWrite: %x\n",value); */ 446 break; 447 448 case NEXTDMA_SCSI(NEXTDMA_NEXT): 449 next_state->dma[NEXTDMA_SCSI].next = val; 450 break; 451 452 case NEXTDMA_SCSI(NEXTDMA_LIMIT): 453 next_state->dma[NEXTDMA_SCSI].limit = val; 454 break; 455 456 case NEXTDMA_SCSI(NEXTDMA_START): 457 next_state->dma[NEXTDMA_SCSI].start = val; 458 break; 459 460 case NEXTDMA_SCSI(NEXTDMA_STOP): 461 next_state->dma[NEXTDMA_SCSI].stop = val; 462 break; 463 464 case NEXTDMA_SCSI(NEXTDMA_NEXT_INIT): 465 next_state->dma[NEXTDMA_SCSI].next_initbuf = val; 466 break; 467 468 default: 469 DPRINTF("DMA write @ %x w/ %x\n", (unsigned)addr, (unsigned)val); 470 } 471 } 472 473 static uint64_t next_dma_read(void *opaque, hwaddr addr, unsigned int size) 474 { 475 NeXTState *next_state = NEXT_MACHINE(opaque); 476 uint64_t val; 477 478 switch (addr) { 479 case NEXTDMA_SCSI(NEXTDMA_CSR): 480 DPRINTF("SCSI DMA CSR READ\n"); 481 val = next_state->dma[NEXTDMA_SCSI].csr; 482 break; 483 484 case NEXTDMA_ENRX(NEXTDMA_CSR): 485 val = next_state->dma[NEXTDMA_ENRX].csr; 486 break; 487 488 case NEXTDMA_ENRX(NEXTDMA_NEXT_INIT): 489 val = next_state->dma[NEXTDMA_ENRX].next_initbuf; 490 break; 491 492 case NEXTDMA_ENRX(NEXTDMA_NEXT): 493 val = next_state->dma[NEXTDMA_ENRX].next; 494 break; 495 496 case NEXTDMA_ENRX(NEXTDMA_LIMIT): 497 val = next_state->dma[NEXTDMA_ENRX].limit; 498 break; 499 500 case NEXTDMA_SCSI(NEXTDMA_NEXT): 501 val = next_state->dma[NEXTDMA_SCSI].next; 502 break; 503 504 case NEXTDMA_SCSI(NEXTDMA_NEXT_INIT): 505 val = next_state->dma[NEXTDMA_SCSI].next_initbuf; 506 break; 507 508 case NEXTDMA_SCSI(NEXTDMA_LIMIT): 509 val = next_state->dma[NEXTDMA_SCSI].limit; 510 break; 511 512 case NEXTDMA_SCSI(NEXTDMA_START): 513 val = next_state->dma[NEXTDMA_SCSI].start; 514 break; 515 516 case NEXTDMA_SCSI(NEXTDMA_STOP): 517 val = next_state->dma[NEXTDMA_SCSI].stop; 518 break; 519 520 default: 521 DPRINTF("DMA read @ %x\n", (unsigned int)addr); 522 val = 0; 523 } 524 525 /* 526 * once the csr's are done, subtract 0x3FEC from the addr, and that will 527 * normalize the upper registers 528 */ 529 530 return val; 531 } 532 533 static const MemoryRegionOps next_dma_ops = { 534 .read = next_dma_read, 535 .write = next_dma_write, 536 .impl.min_access_size = 4, 537 .valid.min_access_size = 4, 538 .valid.max_access_size = 4, 539 .endianness = DEVICE_BIG_ENDIAN, 540 }; 541 542 static void next_irq(void *opaque, int number, int level) 543 { 544 NeXTPC *s = NEXT_PC(opaque); 545 M68kCPU *cpu = s->cpu; 546 int shift = 0; 547 548 /* first switch sets interrupt status */ 549 /* DPRINTF("IRQ %i\n",number); */ 550 switch (number) { 551 /* level 3 - floppy, kbd/mouse, power, ether rx/tx, scsi, clock */ 552 case NEXT_FD_I: 553 shift = 7; 554 break; 555 case NEXT_KBD_I: 556 shift = 3; 557 break; 558 case NEXT_PWR_I: 559 shift = 2; 560 break; 561 case NEXT_ENRX_I: 562 shift = 9; 563 break; 564 case NEXT_ENTX_I: 565 shift = 10; 566 break; 567 case NEXT_SCSI_I: 568 shift = 12; 569 break; 570 case NEXT_CLK_I: 571 shift = 5; 572 break; 573 574 /* level 5 - scc (serial) */ 575 case NEXT_SCC_I: 576 shift = 17; 577 break; 578 579 /* level 6 - audio etherrx/tx dma */ 580 case NEXT_ENTX_DMA_I: 581 shift = 28; 582 break; 583 case NEXT_ENRX_DMA_I: 584 shift = 27; 585 break; 586 case NEXT_SCSI_DMA_I: 587 shift = 26; 588 break; 589 case NEXT_SND_I: 590 shift = 23; 591 break; 592 case NEXT_SCC_DMA_I: 593 shift = 21; 594 break; 595 596 } 597 /* 598 * this HAS to be wrong, the interrupt handlers in mach and together 599 * int_status and int_mask and return if there is a hit 600 */ 601 if (s->int_mask & (1 << shift)) { 602 DPRINTF("%x interrupt masked @ %x\n", 1 << shift, cpu->env.pc); 603 /* return; */ 604 } 605 606 /* second switch triggers the correct interrupt */ 607 if (level) { 608 s->int_status |= 1 << shift; 609 610 switch (number) { 611 /* level 3 - floppy, kbd/mouse, power, ether rx/tx, scsi, clock */ 612 case NEXT_FD_I: 613 case NEXT_KBD_I: 614 case NEXT_PWR_I: 615 case NEXT_ENRX_I: 616 case NEXT_ENTX_I: 617 case NEXT_SCSI_I: 618 case NEXT_CLK_I: 619 m68k_set_irq_level(cpu, 3, 27); 620 break; 621 622 /* level 5 - scc (serial) */ 623 case NEXT_SCC_I: 624 m68k_set_irq_level(cpu, 5, 29); 625 break; 626 627 /* level 6 - audio etherrx/tx dma */ 628 case NEXT_ENTX_DMA_I: 629 case NEXT_ENRX_DMA_I: 630 case NEXT_SCSI_DMA_I: 631 case NEXT_SND_I: 632 case NEXT_SCC_DMA_I: 633 m68k_set_irq_level(cpu, 6, 30); 634 break; 635 } 636 } else { 637 s->int_status &= ~(1 << shift); 638 cpu_reset_interrupt(CPU(cpu), CPU_INTERRUPT_HARD); 639 } 640 } 641 642 static void nextdma_write(void *opaque, uint8_t *buf, int size, int type) 643 { 644 uint32_t base_addr; 645 int irq = 0; 646 uint8_t align = 16; 647 NeXTState *next_state = NEXT_MACHINE(qdev_get_machine()); 648 649 if (type == NEXTDMA_ENRX || type == NEXTDMA_ENTX) { 650 align = 32; 651 } 652 /* Most DMA is supposedly 16 byte aligned */ 653 if ((size % align) != 0) { 654 size -= size % align; 655 size += align; 656 } 657 658 /* 659 * prom sets the dma start using initbuf while the bootloader uses next 660 * so we check to see if initbuf is 0 661 */ 662 if (next_state->dma[type].next_initbuf == 0) { 663 base_addr = next_state->dma[type].next; 664 } else { 665 base_addr = next_state->dma[type].next_initbuf; 666 } 667 668 cpu_physical_memory_write(base_addr, buf, size); 669 670 next_state->dma[type].next_initbuf = 0; 671 672 /* saved limit is checked to calculate packet size by both, rom and netbsd */ 673 next_state->dma[type].saved_limit = (next_state->dma[type].next + size); 674 next_state->dma[type].saved_next = (next_state->dma[type].next); 675 676 /* 677 * 32 bytes under savedbase seems to be some kind of register 678 * of which the purpose is unknown as of yet 679 */ 680 /* stl_phys(s->rx_dma.base-32,0xFFFFFFFF); */ 681 682 if (!(next_state->dma[type].csr & DMA_SUPDATE)) { 683 next_state->dma[type].next = next_state->dma[type].start; 684 next_state->dma[type].limit = next_state->dma[type].stop; 685 } 686 687 /* Set dma registers and raise an irq */ 688 next_state->dma[type].csr |= DMA_COMPLETE; /* DON'T CHANGE THIS! */ 689 690 switch (type) { 691 case NEXTDMA_SCSI: 692 irq = NEXT_SCSI_DMA_I; 693 break; 694 } 695 696 next_irq(opaque, irq, 1); 697 next_irq(opaque, irq, 0); 698 } 699 700 static void nextscsi_read(void *opaque, uint8_t *buf, int len) 701 { 702 DPRINTF("SCSI READ: %x\n", len); 703 abort(); 704 } 705 706 static void nextscsi_write(void *opaque, uint8_t *buf, int size) 707 { 708 DPRINTF("SCSI WRITE: %i\n", size); 709 nextdma_write(opaque, buf, size, NEXTDMA_SCSI); 710 } 711 712 static void next_scsi_csr_write(void *opaque, hwaddr addr, uint64_t val, 713 unsigned size) 714 { 715 NeXTSCSI *s = NEXT_SCSI(opaque); 716 NeXTPC *pc = NEXT_PC(container_of(s, NeXTPC, next_scsi)); 717 718 switch (addr) { 719 case 0: 720 if (val & SCSICSR_FIFOFL) { 721 DPRINTF("SCSICSR FIFO Flush\n"); 722 /* will have to add another irq to the esp if this is needed */ 723 /* esp_puflush_fifo(esp_g); */ 724 } 725 726 if (val & SCSICSR_ENABLE) { 727 DPRINTF("SCSICSR Enable\n"); 728 /* 729 * qemu_irq_raise(s->scsi_dma); 730 * s->scsi_csr_1 = 0xc0; 731 * s->scsi_csr_1 |= 0x1; 732 * qemu_irq_pulse(s->scsi_dma); 733 */ 734 } 735 /* 736 * else 737 * s->scsi_csr_1 &= ~SCSICSR_ENABLE; 738 */ 739 740 if (val & SCSICSR_RESET) { 741 DPRINTF("SCSICSR Reset\n"); 742 /* I think this should set DMADIR. CPUDMA and INTMASK to 0 */ 743 qemu_irq_raise(pc->scsi_reset); 744 s->scsi_csr_1 &= ~(SCSICSR_INTMASK | 0x80 | 0x1); 745 qemu_irq_lower(pc->scsi_reset); 746 } 747 if (val & SCSICSR_DMADIR) { 748 DPRINTF("SCSICSR DMAdir\n"); 749 } 750 if (val & SCSICSR_CPUDMA) { 751 DPRINTF("SCSICSR CPUDMA\n"); 752 /* qemu_irq_raise(s->scsi_dma); */ 753 pc->int_status |= 0x4000000; 754 } else { 755 /* fprintf(stderr,"SCSICSR CPUDMA disabled\n"); */ 756 pc->int_status &= ~(0x4000000); 757 /* qemu_irq_lower(s->scsi_dma); */ 758 } 759 if (val & SCSICSR_INTMASK) { 760 DPRINTF("SCSICSR INTMASK\n"); 761 /* 762 * int_mask &= ~0x1000; 763 * s->scsi_csr_1 |= val; 764 * s->scsi_csr_1 &= ~SCSICSR_INTMASK; 765 * if (s->scsi_queued) { 766 * s->scsi_queued = 0; 767 * next_irq(s, NEXT_SCSI_I, level); 768 * } 769 */ 770 } else { 771 /* int_mask |= 0x1000; */ 772 } 773 if (val & 0x80) { 774 /* int_mask |= 0x1000; */ 775 /* s->scsi_csr_1 |= 0x80; */ 776 } 777 DPRINTF("SCSICSR1 Write: %"PRIx64 "\n", val); 778 s->scsi_csr_1 = val; 779 break; 780 781 case 1: 782 DPRINTF("SCSICSR2 Write: %"PRIx64 "\n", val); 783 s->scsi_csr_2 = val; 784 break; 785 786 default: 787 g_assert_not_reached(); 788 } 789 } 790 791 static uint64_t next_scsi_csr_read(void *opaque, hwaddr addr, unsigned size) 792 { 793 NeXTSCSI *s = NEXT_SCSI(opaque); 794 uint64_t val; 795 796 switch (addr) { 797 case 0: 798 DPRINTF("SCSI 4020 STATUS READ %X\n", s->scsi_csr_1); 799 val = s->scsi_csr_1; 800 break; 801 802 case 1: 803 DPRINTF("SCSI 4021 STATUS READ %X\n", s->scsi_csr_2); 804 val = s->scsi_csr_2; 805 break; 806 807 default: 808 g_assert_not_reached(); 809 } 810 811 return val; 812 } 813 814 static const MemoryRegionOps next_scsi_csr_ops = { 815 .read = next_scsi_csr_read, 816 .write = next_scsi_csr_write, 817 .valid.min_access_size = 1, 818 .valid.max_access_size = 1, 819 .endianness = DEVICE_BIG_ENDIAN, 820 }; 821 822 static void next_scsi_init(Object *obj) 823 { 824 NeXTSCSI *s = NEXT_SCSI(obj); 825 SysBusDevice *sbd = SYS_BUS_DEVICE(obj); 826 827 object_initialize_child(obj, "esp", &s->sysbus_esp, TYPE_SYSBUS_ESP); 828 829 memory_region_init_io(&s->scsi_csr_mem, obj, &next_scsi_csr_ops, 830 s, "csrs", 2); 831 832 memory_region_init(&s->scsi_mem, obj, "next.scsi", 0x40); 833 sysbus_init_mmio(sbd, &s->scsi_mem); 834 } 835 836 static void next_scsi_realize(DeviceState *dev, Error **errp) 837 { 838 NeXTSCSI *s = NEXT_SCSI(dev); 839 SysBusESPState *sysbus_esp; 840 SysBusDevice *sbd; 841 ESPState *esp; 842 NeXTPC *pcdev; 843 844 pcdev = NEXT_PC(container_of(s, NeXTPC, next_scsi)); 845 846 /* ESP */ 847 sysbus_esp = SYSBUS_ESP(&s->sysbus_esp); 848 esp = &sysbus_esp->esp; 849 esp->dma_memory_read = nextscsi_read; 850 esp->dma_memory_write = nextscsi_write; 851 esp->dma_opaque = pcdev; 852 sysbus_esp->it_shift = 0; 853 esp->dma_enabled = 1; 854 sbd = SYS_BUS_DEVICE(sysbus_esp); 855 if (!sysbus_realize(sbd, errp)) { 856 return; 857 } 858 memory_region_add_subregion(&s->scsi_mem, 0x0, 859 sysbus_mmio_get_region(sbd, 0)); 860 861 /* SCSI CSRs */ 862 memory_region_add_subregion(&s->scsi_mem, 0x20, &s->scsi_csr_mem); 863 864 scsi_bus_legacy_handle_cmdline(&s->sysbus_esp.esp.bus); 865 } 866 867 static const VMStateDescription next_scsi_vmstate = { 868 .name = "next-scsi", 869 .version_id = 0, 870 .minimum_version_id = 0, 871 .fields = (const VMStateField[]) { 872 VMSTATE_UINT8(scsi_csr_1, NeXTSCSI), 873 VMSTATE_UINT8(scsi_csr_2, NeXTSCSI), 874 VMSTATE_END_OF_LIST() 875 }, 876 }; 877 878 static void next_scsi_class_init(ObjectClass *klass, void *data) 879 { 880 DeviceClass *dc = DEVICE_CLASS(klass); 881 882 dc->desc = "NeXT SCSI Controller"; 883 dc->realize = next_scsi_realize; 884 dc->vmsd = &next_scsi_vmstate; 885 } 886 887 static const TypeInfo next_scsi_info = { 888 .name = TYPE_NEXT_SCSI, 889 .parent = TYPE_SYS_BUS_DEVICE, 890 .instance_init = next_scsi_init, 891 .instance_size = sizeof(NeXTSCSI), 892 .class_init = next_scsi_class_init, 893 }; 894 895 static void next_floppy_write(void *opaque, hwaddr addr, uint64_t val, 896 unsigned size) 897 { 898 switch (addr) { 899 case 0: 900 DPRINTF("FDCSR Write: %"PRIx64 "\n", val); 901 if (val == 0x0) { 902 /* qemu_irq_raise(s->fd_irq[0]); */ 903 } 904 break; 905 906 default: 907 g_assert_not_reached(); 908 } 909 } 910 911 static uint64_t next_floppy_read(void *opaque, hwaddr addr, unsigned size) 912 { 913 uint64_t val; 914 915 switch (addr) { 916 case 0: 917 DPRINTF("FD read @ %x\n", (unsigned int)addr); 918 val = 0x40 | 0x04 | 0x2 | 0x1; 919 break; 920 921 default: 922 g_assert_not_reached(); 923 } 924 925 return val; 926 } 927 928 static const MemoryRegionOps next_floppy_ops = { 929 .read = next_floppy_read, 930 .write = next_floppy_write, 931 .valid.min_access_size = 1, 932 .valid.max_access_size = 4, 933 .endianness = DEVICE_BIG_ENDIAN, 934 }; 935 936 static void next_timer_write(void *opaque, hwaddr addr, uint64_t val, 937 unsigned size) 938 { 939 switch (addr) { 940 case 0 ... 3: 941 /* Hardware timer latch - not implemented yet */ 942 break; 943 944 default: 945 g_assert_not_reached(); 946 } 947 } 948 949 static uint64_t next_timer_read(void *opaque, hwaddr addr, unsigned size) 950 { 951 uint64_t val; 952 953 switch (addr) { 954 case 0 ... 3: 955 /* 956 * These 4 registers are the hardware timer, not sure which register 957 * is the latch instead of data, but no problems so far. 958 * 959 * Hack: We need to have the LSB change consistently to make it work 960 */ 961 val = extract32(clock(), (4 - addr - size) << 3, 962 size << 3); 963 break; 964 965 default: 966 g_assert_not_reached(); 967 } 968 969 return val; 970 } 971 972 static const MemoryRegionOps next_timer_ops = { 973 .read = next_timer_read, 974 .write = next_timer_write, 975 .valid.min_access_size = 1, 976 .valid.max_access_size = 4, 977 .endianness = DEVICE_BIG_ENDIAN, 978 }; 979 980 static void next_dummy_en_write(void *opaque, hwaddr addr, uint64_t val, 981 unsigned size) 982 { 983 /* Do nothing */ 984 return; 985 } 986 987 static uint64_t next_dummy_en_read(void *opaque, hwaddr addr, unsigned size) 988 { 989 uint64_t val; 990 991 switch (addr) { 992 case 0: 993 /* For now return dummy byte to allow the Ethernet test to timeout */ 994 val = 0xff; 995 break; 996 997 default: 998 val = 0; 999 } 1000 1001 return val; 1002 } 1003 1004 static const MemoryRegionOps next_dummy_en_ops = { 1005 .read = next_dummy_en_read, 1006 .write = next_dummy_en_write, 1007 .valid.min_access_size = 1, 1008 .valid.max_access_size = 4, 1009 .endianness = DEVICE_BIG_ENDIAN, 1010 }; 1011 1012 static void next_pc_reset_hold(Object *obj, ResetType type) 1013 { 1014 NeXTPC *s = NEXT_PC(obj); 1015 1016 /* Set internal registers to initial values */ 1017 /* 0x0000XX00 << vital bits */ 1018 s->scr1 = 0x00011102; 1019 s->scr2 = 0x00ff0c80; 1020 s->old_scr2 = s->scr2; 1021 1022 s->rtc.status = 0x90; 1023 1024 /* Load RTC RAM - TODO: provide possibility to load contents from file */ 1025 memcpy(s->rtc.ram, rtc_ram2, 32); 1026 } 1027 1028 static void next_pc_realize(DeviceState *dev, Error **errp) 1029 { 1030 NeXTPC *s = NEXT_PC(dev); 1031 SysBusDevice *sbd; 1032 DeviceState *d; 1033 1034 /* SCSI */ 1035 sbd = SYS_BUS_DEVICE(&s->next_scsi); 1036 if (!sysbus_realize(sbd, errp)) { 1037 return; 1038 } 1039 1040 d = DEVICE(object_resolve_path_component(OBJECT(&s->next_scsi), "esp")); 1041 sysbus_connect_irq(SYS_BUS_DEVICE(d), 0, 1042 qdev_get_gpio_in(DEVICE(s), NEXT_SCSI_I)); 1043 1044 s->scsi_reset = qdev_get_gpio_in(d, 0); 1045 s->scsi_dma = qdev_get_gpio_in(d, 1); 1046 1047 /* ESCC */ 1048 d = DEVICE(&s->escc); 1049 qdev_prop_set_uint32(d, "disabled", 0); 1050 qdev_prop_set_uint32(d, "frequency", 9600 * 384); 1051 qdev_prop_set_uint32(d, "it_shift", 0); 1052 qdev_prop_set_bit(d, "bit_swap", true); 1053 qdev_prop_set_chr(d, "chrB", serial_hd(1)); 1054 qdev_prop_set_chr(d, "chrA", serial_hd(0)); 1055 qdev_prop_set_uint32(d, "chnBtype", escc_serial); 1056 qdev_prop_set_uint32(d, "chnAtype", escc_serial); 1057 1058 sbd = SYS_BUS_DEVICE(d); 1059 if (!sysbus_realize(sbd, errp)) { 1060 return; 1061 } 1062 sysbus_connect_irq(sbd, 0, qdev_get_gpio_in(dev, NEXT_SCC_I)); 1063 sysbus_connect_irq(sbd, 1, qdev_get_gpio_in(dev, NEXT_SCC_DMA_I)); 1064 } 1065 1066 static void next_pc_init(Object *obj) 1067 { 1068 NeXTPC *s = NEXT_PC(obj); 1069 SysBusDevice *sbd = SYS_BUS_DEVICE(obj); 1070 1071 qdev_init_gpio_in(DEVICE(obj), next_irq, NEXT_NUM_IRQS); 1072 1073 memory_region_init_io(&s->mmiomem, OBJECT(s), &next_mmio_ops, s, 1074 "next.mmio", 0x9000); 1075 sysbus_init_mmio(sbd, &s->mmiomem); 1076 1077 memory_region_init_io(&s->dummyen_mem, OBJECT(s), &next_dummy_en_ops, s, 1078 "next.en", 0x20); 1079 sysbus_init_mmio(sbd, &s->dummyen_mem); 1080 1081 object_initialize_child(obj, "next-scsi", &s->next_scsi, TYPE_NEXT_SCSI); 1082 sysbus_init_mmio(sbd, 1083 sysbus_mmio_get_region(SYS_BUS_DEVICE(&s->next_scsi), 0)); 1084 1085 memory_region_init_io(&s->floppy_mem, OBJECT(s), &next_floppy_ops, s, 1086 "next.floppy", 4); 1087 sysbus_init_mmio(sbd, &s->floppy_mem); 1088 1089 object_initialize_child(obj, "escc", &s->escc, TYPE_ESCC); 1090 sysbus_init_mmio(sbd, 1091 sysbus_mmio_get_region(SYS_BUS_DEVICE(&s->escc), 0)); 1092 1093 memory_region_init_io(&s->timer_mem, OBJECT(s), &next_timer_ops, s, 1094 "next.timer", 4); 1095 sysbus_init_mmio(sbd, &s->timer_mem); 1096 } 1097 1098 /* 1099 * If the m68k CPU implemented its inbound irq lines as GPIO lines 1100 * rather than via the m68k_set_irq_level() function we would not need 1101 * this cpu link property and could instead provide outbound IRQ lines 1102 * that the board could wire up to the CPU. 1103 */ 1104 static const Property next_pc_properties[] = { 1105 DEFINE_PROP_LINK("cpu", NeXTPC, cpu, TYPE_M68K_CPU, M68kCPU *), 1106 }; 1107 1108 static const VMStateDescription next_rtc_vmstate = { 1109 .name = "next-rtc", 1110 .version_id = 2, 1111 .minimum_version_id = 2, 1112 .fields = (const VMStateField[]) { 1113 VMSTATE_INT8(phase, NeXTRTC), 1114 VMSTATE_UINT8_ARRAY(ram, NeXTRTC, 32), 1115 VMSTATE_UINT8(command, NeXTRTC), 1116 VMSTATE_UINT8(value, NeXTRTC), 1117 VMSTATE_UINT8(status, NeXTRTC), 1118 VMSTATE_UINT8(control, NeXTRTC), 1119 VMSTATE_UINT8(retval, NeXTRTC), 1120 VMSTATE_END_OF_LIST() 1121 }, 1122 }; 1123 1124 static const VMStateDescription next_pc_vmstate = { 1125 .name = "next-pc", 1126 .version_id = 3, 1127 .minimum_version_id = 3, 1128 .fields = (const VMStateField[]) { 1129 VMSTATE_UINT32(scr1, NeXTPC), 1130 VMSTATE_UINT32(scr2, NeXTPC), 1131 VMSTATE_UINT32(old_scr2, NeXTPC), 1132 VMSTATE_UINT32(int_mask, NeXTPC), 1133 VMSTATE_UINT32(int_status, NeXTPC), 1134 VMSTATE_UINT32(led, NeXTPC), 1135 VMSTATE_STRUCT(rtc, NeXTPC, 0, next_rtc_vmstate, NeXTRTC), 1136 VMSTATE_END_OF_LIST() 1137 }, 1138 }; 1139 1140 static void next_pc_class_init(ObjectClass *klass, void *data) 1141 { 1142 DeviceClass *dc = DEVICE_CLASS(klass); 1143 ResettableClass *rc = RESETTABLE_CLASS(klass); 1144 1145 dc->desc = "NeXT Peripheral Controller"; 1146 dc->realize = next_pc_realize; 1147 device_class_set_props(dc, next_pc_properties); 1148 dc->vmsd = &next_pc_vmstate; 1149 rc->phases.hold = next_pc_reset_hold; 1150 } 1151 1152 static const TypeInfo next_pc_info = { 1153 .name = TYPE_NEXT_PC, 1154 .parent = TYPE_SYS_BUS_DEVICE, 1155 .instance_init = next_pc_init, 1156 .instance_size = sizeof(NeXTPC), 1157 .class_init = next_pc_class_init, 1158 }; 1159 1160 static void next_cube_init(MachineState *machine) 1161 { 1162 NeXTState *m = NEXT_MACHINE(machine); 1163 M68kCPU *cpu; 1164 CPUM68KState *env; 1165 MemoryRegion *sysmem = get_system_memory(); 1166 const char *bios_name = machine->firmware ?: ROM_FILE; 1167 DeviceState *pcdev; 1168 1169 /* Initialize the cpu core */ 1170 cpu = M68K_CPU(cpu_create(machine->cpu_type)); 1171 if (!cpu) { 1172 error_report("Unable to find m68k CPU definition"); 1173 exit(1); 1174 } 1175 env = &cpu->env; 1176 1177 /* Initialize CPU registers. */ 1178 env->vbr = 0; 1179 env->sr = 0x2700; 1180 1181 /* Peripheral Controller */ 1182 pcdev = qdev_new(TYPE_NEXT_PC); 1183 object_property_set_link(OBJECT(pcdev), "cpu", OBJECT(cpu), &error_abort); 1184 sysbus_realize_and_unref(SYS_BUS_DEVICE(pcdev), &error_fatal); 1185 1186 /* 64MB RAM starting at 0x04000000 */ 1187 memory_region_add_subregion(sysmem, 0x04000000, machine->ram); 1188 1189 /* Framebuffer */ 1190 sysbus_create_simple(TYPE_NEXTFB, 0x0B000000, NULL); 1191 1192 /* MMIO */ 1193 sysbus_mmio_map(SYS_BUS_DEVICE(pcdev), 0, 0x02005000); 1194 1195 /* BMAP IO - acts as a catch-all for now */ 1196 sysbus_mmio_map(SYS_BUS_DEVICE(pcdev), 1, 0x02100000); 1197 1198 /* en network (dummy) */ 1199 sysbus_mmio_map(SYS_BUS_DEVICE(pcdev), 1, 0x02106000); 1200 1201 /* unknown: Brightness control register? */ 1202 empty_slot_init("next.unknown.0", 0x02110000, 0x10); 1203 /* unknown: Magneto-Optical drive controller? */ 1204 empty_slot_init("next.unknown.1", 0x02112000, 0x10); 1205 1206 /* SCSI */ 1207 sysbus_mmio_map(SYS_BUS_DEVICE(pcdev), 2, 0x02114000); 1208 /* Floppy */ 1209 sysbus_mmio_map(SYS_BUS_DEVICE(pcdev), 3, 0x02114108); 1210 /* ESCC */ 1211 sysbus_mmio_map(SYS_BUS_DEVICE(pcdev), 4, 0x02118000); 1212 1213 /* unknown: Serial clock configuration register? */ 1214 empty_slot_init("next.unknown.2", 0x02118004, 0x10); 1215 1216 /* Timer */ 1217 sysbus_mmio_map(SYS_BUS_DEVICE(pcdev), 5, 0x0211a000); 1218 1219 /* BMAP memory */ 1220 memory_region_init_ram_flags_nomigrate(&m->bmapm1, NULL, "next.bmapmem", 1221 64, RAM_SHARED, &error_fatal); 1222 memory_region_add_subregion(sysmem, 0x020c0000, &m->bmapm1); 1223 /* The Rev_2.5_v66.bin firmware accesses it at 0x820c0020, too */ 1224 memory_region_init_alias(&m->bmapm2, NULL, "next.bmapmem2", &m->bmapm1, 1225 0x0, 64); 1226 memory_region_add_subregion(sysmem, 0x820c0000, &m->bmapm2); 1227 1228 /* KBD */ 1229 sysbus_create_simple(TYPE_NEXTKBD, 0x0200e000, NULL); 1230 1231 /* Load ROM here */ 1232 memory_region_init_rom(&m->rom, NULL, "next.rom", 0x20000, &error_fatal); 1233 memory_region_add_subregion(sysmem, 0x01000000, &m->rom); 1234 memory_region_init_alias(&m->rom2, NULL, "next.rom2", &m->rom, 0x0, 1235 0x20000); 1236 memory_region_add_subregion(sysmem, 0x0, &m->rom2); 1237 if (load_image_targphys(bios_name, 0x01000000, 0x20000) < 8) { 1238 if (!qtest_enabled()) { 1239 error_report("Failed to load firmware '%s'.", bios_name); 1240 } 1241 } else { 1242 uint8_t *ptr; 1243 /* Initial PC is always at offset 4 in firmware binaries */ 1244 ptr = rom_ptr(0x01000004, 4); 1245 g_assert(ptr != NULL); 1246 env->pc = ldl_be_p(ptr); 1247 if (env->pc >= 0x01020000) { 1248 error_report("'%s' does not seem to be a valid firmware image.", 1249 bios_name); 1250 exit(1); 1251 } 1252 } 1253 1254 /* DMA */ 1255 memory_region_init_io(&m->dmamem, NULL, &next_dma_ops, machine, 1256 "next.dma", 0x5000); 1257 memory_region_add_subregion(sysmem, 0x02000000, &m->dmamem); 1258 } 1259 1260 static void next_machine_class_init(ObjectClass *oc, void *data) 1261 { 1262 MachineClass *mc = MACHINE_CLASS(oc); 1263 1264 mc->desc = "NeXT Cube"; 1265 mc->init = next_cube_init; 1266 mc->block_default_type = IF_SCSI; 1267 mc->default_ram_size = RAM_SIZE; 1268 mc->default_ram_id = "next.ram"; 1269 mc->default_cpu_type = M68K_CPU_TYPE_NAME("m68040"); 1270 mc->no_cdrom = true; 1271 } 1272 1273 static const TypeInfo next_typeinfo = { 1274 .name = TYPE_NEXT_MACHINE, 1275 .parent = TYPE_MACHINE, 1276 .class_init = next_machine_class_init, 1277 .instance_size = sizeof(NeXTState), 1278 }; 1279 1280 static void next_register_type(void) 1281 { 1282 type_register_static(&next_typeinfo); 1283 type_register_static(&next_pc_info); 1284 type_register_static(&next_scsi_info); 1285 } 1286 1287 type_init(next_register_type) 1288