xref: /openbmc/qemu/hw/m68k/next-cube.c (revision 6400be01)
1 /*
2  * NeXT Cube System Driver
3  *
4  * Copyright (c) 2011 Bryce Lanham
5  *
6  * This code is free software; you can redistribute it and/or modify
7  * it under the terms of the GNU General Public License as published
8  * by the Free Software Foundation; either version 2 of the License,
9  * or (at your option) any later version.
10  */
11 
12 #include "qemu/osdep.h"
13 #include "exec/hwaddr.h"
14 #include "sysemu/sysemu.h"
15 #include "sysemu/qtest.h"
16 #include "hw/irq.h"
17 #include "hw/m68k/next-cube.h"
18 #include "hw/boards.h"
19 #include "hw/loader.h"
20 #include "hw/scsi/esp.h"
21 #include "hw/sysbus.h"
22 #include "qom/object.h"
23 #include "hw/char/escc.h" /* ZILOG 8530 Serial Emulation */
24 #include "hw/block/fdc.h"
25 #include "hw/qdev-properties.h"
26 #include "qapi/error.h"
27 #include "qemu/error-report.h"
28 #include "ui/console.h"
29 #include "target/m68k/cpu.h"
30 #include "migration/vmstate.h"
31 
32 /* #define DEBUG_NEXT */
33 #ifdef DEBUG_NEXT
34 #define DPRINTF(fmt, ...) \
35     do { printf("NeXT: " fmt , ## __VA_ARGS__); } while (0)
36 #else
37 #define DPRINTF(fmt, ...) do { } while (0)
38 #endif
39 
40 #define TYPE_NEXT_MACHINE MACHINE_TYPE_NAME("next-cube")
41 OBJECT_DECLARE_SIMPLE_TYPE(NeXTState, NEXT_MACHINE)
42 
43 #define ENTRY       0x0100001e
44 #define RAM_SIZE    0x4000000
45 #define ROM_FILE    "Rev_2.5_v66.bin"
46 
47 typedef struct next_dma {
48     uint32_t csr;
49 
50     uint32_t saved_next;
51     uint32_t saved_limit;
52     uint32_t saved_start;
53     uint32_t saved_stop;
54 
55     uint32_t next;
56     uint32_t limit;
57     uint32_t start;
58     uint32_t stop;
59 
60     uint32_t next_initbuf;
61     uint32_t size;
62 } next_dma;
63 
64 typedef struct NextRtc {
65     int8_t phase;
66     uint8_t ram[32];
67     uint8_t command;
68     uint8_t value;
69     uint8_t status;
70     uint8_t control;
71     uint8_t retval;
72 } NextRtc;
73 
74 struct NeXTState {
75     MachineState parent;
76 
77     MemoryRegion rom;
78     MemoryRegion rom2;
79     MemoryRegion dmamem;
80     MemoryRegion bmapm1;
81     MemoryRegion bmapm2;
82 
83     next_dma dma[10];
84 };
85 
86 #define TYPE_NEXT_PC "next-pc"
87 OBJECT_DECLARE_SIMPLE_TYPE(NeXTPC, NEXT_PC)
88 
89 /* NeXT Peripheral Controller */
90 struct NeXTPC {
91     SysBusDevice parent_obj;
92 
93     M68kCPU *cpu;
94 
95     MemoryRegion mmiomem;
96     MemoryRegion scrmem;
97 
98     uint32_t scr1;
99     uint32_t scr2;
100     uint32_t old_scr2;
101     uint32_t int_mask;
102     uint32_t int_status;
103     uint32_t led;
104     uint8_t scsi_csr_1;
105     uint8_t scsi_csr_2;
106 
107     qemu_irq scsi_reset;
108     qemu_irq scsi_dma;
109 
110     NextRtc rtc;
111 };
112 
113 /* Thanks to NeXT forums for this */
114 /*
115 static const uint8_t rtc_ram3[32] = {
116     0x94, 0x0f, 0x40, 0x00, 0x00, 0x00, 0x00, 0x00,
117     0x00, 0x00, 0xfb, 0x6d, 0x00, 0x00, 0x7B, 0x00,
118     0x00, 0x00, 0x65, 0x6e, 0x00, 0x00, 0x00, 0x00,
119     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x50, 0x13
120 };
121 */
122 static const uint8_t rtc_ram2[32] = {
123     0x94, 0x0f, 0x40, 0x03, 0x00, 0x00, 0x00, 0x00,
124     0x00, 0x00, 0xfb, 0x6d, 0x00, 0x00, 0x4b, 0x00,
125     0x41, 0x00, 0x20, 0x00, 0x00, 0x00, 0x00, 0x00,
126     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x84, 0x7e,
127 };
128 
129 #define SCR2_RTCLK 0x2
130 #define SCR2_RTDATA 0x4
131 #define SCR2_TOBCD(x) (((x / 10) << 4) + (x % 10))
132 
133 static void next_scr2_led_update(NeXTPC *s)
134 {
135     if (s->scr2 & 0x1) {
136         DPRINTF("fault!\n");
137         s->led++;
138         if (s->led == 10) {
139             DPRINTF("LED flashing, possible fault!\n");
140             s->led = 0;
141         }
142     }
143 }
144 
145 static void next_scr2_rtc_update(NeXTPC *s)
146 {
147     uint8_t old_scr2, scr2_2;
148     NextRtc *rtc = &s->rtc;
149 
150     old_scr2 = extract32(s->old_scr2, 8, 8);
151     scr2_2 = extract32(s->scr2, 8, 8);
152 
153     if (scr2_2 & 0x1) {
154         /* DPRINTF("RTC %x phase %i\n", scr2_2, rtc->phase); */
155         if (rtc->phase == -1) {
156             rtc->phase = 0;
157         }
158         /* If we are in going down clock... do something */
159         if (((old_scr2 & SCR2_RTCLK) != (scr2_2 & SCR2_RTCLK)) &&
160                 ((scr2_2 & SCR2_RTCLK) == 0)) {
161             if (rtc->phase < 8) {
162                 rtc->command = (rtc->command << 1) |
163                                ((scr2_2 & SCR2_RTDATA) ? 1 : 0);
164             }
165             if (rtc->phase >= 8 && rtc->phase < 16) {
166                 rtc->value = (rtc->value << 1) |
167                              ((scr2_2 & SCR2_RTDATA) ? 1 : 0);
168 
169                 /* if we read RAM register, output RT_DATA bit */
170                 if (rtc->command <= 0x1F) {
171                     scr2_2 = scr2_2 & (~SCR2_RTDATA);
172                     if (rtc->ram[rtc->command] & (0x80 >> (rtc->phase - 8))) {
173                         scr2_2 |= SCR2_RTDATA;
174                     }
175 
176                     rtc->retval = (rtc->retval << 1) |
177                                   ((scr2_2 & SCR2_RTDATA) ? 1 : 0);
178                 }
179                 /* read the status 0x30 */
180                 if (rtc->command == 0x30) {
181                     scr2_2 = scr2_2 & (~SCR2_RTDATA);
182                     /* for now status = 0x98 (new rtc + FTU) */
183                     if (rtc->status & (0x80 >> (rtc->phase - 8))) {
184                         scr2_2 |= SCR2_RTDATA;
185                     }
186 
187                     rtc->retval = (rtc->retval << 1) |
188                                   ((scr2_2 & SCR2_RTDATA) ? 1 : 0);
189                 }
190                 /* read the status 0x31 */
191                 if (rtc->command == 0x31) {
192                     scr2_2 = scr2_2 & (~SCR2_RTDATA);
193                     if (rtc->control & (0x80 >> (rtc->phase - 8))) {
194                         scr2_2 |= SCR2_RTDATA;
195                     }
196                     rtc->retval = (rtc->retval << 1) |
197                                   ((scr2_2 & SCR2_RTDATA) ? 1 : 0);
198                 }
199 
200                 if ((rtc->command >= 0x20) && (rtc->command <= 0x2F)) {
201                     scr2_2 = scr2_2 & (~SCR2_RTDATA);
202                     /* for now 0x00 */
203                     time_t time_h = time(NULL);
204                     struct tm *info = localtime(&time_h);
205                     int ret = 0;
206 
207                     switch (rtc->command) {
208                     case 0x20:
209                         ret = SCR2_TOBCD(info->tm_sec);
210                         break;
211                     case 0x21:
212                         ret = SCR2_TOBCD(info->tm_min);
213                         break;
214                     case 0x22:
215                         ret = SCR2_TOBCD(info->tm_hour);
216                         break;
217                     case 0x24:
218                         ret = SCR2_TOBCD(info->tm_mday);
219                         break;
220                     case 0x25:
221                         ret = SCR2_TOBCD((info->tm_mon + 1));
222                         break;
223                     case 0x26:
224                         ret = SCR2_TOBCD((info->tm_year - 100));
225                         break;
226 
227                     }
228 
229                     if (ret & (0x80 >> (rtc->phase - 8))) {
230                         scr2_2 |= SCR2_RTDATA;
231                     }
232                     rtc->retval = (rtc->retval << 1) |
233                                   ((scr2_2 & SCR2_RTDATA) ? 1 : 0);
234                 }
235 
236             }
237 
238             rtc->phase++;
239             if (rtc->phase == 16) {
240                 if (rtc->command >= 0x80 && rtc->command <= 0x9F) {
241                     rtc->ram[rtc->command - 0x80] = rtc->value;
242                 }
243                 /* write to x30 register */
244                 if (rtc->command == 0xB1) {
245                     /* clear FTU */
246                     if (rtc->value & 0x04) {
247                         rtc->status = rtc->status & (~0x18);
248                         s->int_status = s->int_status & (~0x04);
249                     }
250                 }
251             }
252         }
253     } else {
254         /* else end or abort */
255         rtc->phase = -1;
256         rtc->command = 0;
257         rtc->value = 0;
258     }
259 
260     s->scr2 = deposit32(s->scr2, 8, 8, scr2_2);
261 }
262 
263 static uint64_t next_mmio_read(void *opaque, hwaddr addr, unsigned size)
264 {
265     NeXTPC *s = NEXT_PC(opaque);
266     uint64_t val;
267 
268     switch (addr) {
269     case 0x7000:
270         /* DPRINTF("Read INT status: %x\n", s->int_status); */
271         val = s->int_status;
272         break;
273 
274     case 0x7800:
275         DPRINTF("MMIO Read INT mask: %x\n", s->int_mask);
276         val = s->int_mask;
277         break;
278 
279     case 0xc000 ... 0xc003:
280         val = extract32(s->scr1, (4 - (addr - 0xc000) - size) << 3,
281                         size << 3);
282         break;
283 
284     case 0xd000 ... 0xd003:
285         val = extract32(s->scr2, (4 - (addr - 0xd000) - size) << 3,
286                         size << 3);
287         break;
288 
289     case 0x14020:
290         val = 0x7f;
291         break;
292 
293     default:
294         val = 0;
295         DPRINTF("MMIO Read @ 0x%"HWADDR_PRIx" size %d\n", addr, size);
296         break;
297     }
298 
299     return val;
300 }
301 
302 static void next_mmio_write(void *opaque, hwaddr addr, uint64_t val,
303                             unsigned size)
304 {
305     NeXTPC *s = NEXT_PC(opaque);
306 
307     switch (addr) {
308     case 0x7000:
309         DPRINTF("INT Status old: %x new: %x\n", s->int_status,
310                 (unsigned int)val);
311         s->int_status = val;
312         break;
313 
314     case 0x7800:
315         DPRINTF("INT Mask old: %x new: %x\n", s->int_mask, (unsigned int)val);
316         s->int_mask  = val;
317         break;
318 
319     case 0xc000 ... 0xc003:
320         DPRINTF("SCR1 Write: %x\n", (unsigned int)val);
321         s->scr1 = deposit32(s->scr1, (4 - (addr - 0xc000) - size) << 3,
322                             size << 3, val);
323         break;
324 
325     case 0xd000 ... 0xd003:
326         s->scr2 = deposit32(s->scr2, (4 - (addr - 0xd000) - size) << 3,
327                             size << 3, val);
328         next_scr2_led_update(s);
329         next_scr2_rtc_update(s);
330         s->old_scr2 = s->scr2;
331         break;
332 
333     default:
334         DPRINTF("MMIO Write @ 0x%"HWADDR_PRIx " with 0x%x size %u\n", addr,
335                 (unsigned int)val, size);
336     }
337 }
338 
339 static const MemoryRegionOps next_mmio_ops = {
340     .read = next_mmio_read,
341     .write = next_mmio_write,
342     .valid.min_access_size = 1,
343     .valid.max_access_size = 4,
344     .endianness = DEVICE_BIG_ENDIAN,
345 };
346 
347 #define SCSICSR_ENABLE  0x01
348 #define SCSICSR_RESET   0x02  /* reset scsi dma */
349 #define SCSICSR_FIFOFL  0x04
350 #define SCSICSR_DMADIR  0x08  /* if set, scsi to mem */
351 #define SCSICSR_CPUDMA  0x10  /* if set, dma enabled */
352 #define SCSICSR_INTMASK 0x20  /* if set, interrupt enabled */
353 
354 static uint64_t next_scr_readfn(void *opaque, hwaddr addr, unsigned size)
355 {
356     NeXTPC *s = NEXT_PC(opaque);
357     uint64_t val;
358 
359     switch (addr) {
360     case 0x14108:
361         DPRINTF("FD read @ %x\n", (unsigned int)addr);
362         val = 0x40 | 0x04 | 0x2 | 0x1;
363         break;
364 
365     case 0x14020:
366         DPRINTF("SCSI 4020  STATUS READ %X\n", s->scsi_csr_1);
367         val = s->scsi_csr_1;
368         break;
369 
370     case 0x14021:
371         DPRINTF("SCSI 4021 STATUS READ %X\n", s->scsi_csr_2);
372         val = 0x40;
373         break;
374 
375     /*
376      * These 4 registers are the hardware timer, not sure which register
377      * is the latch instead of data, but no problems so far.
378      *
379      * Hack: We need to have the LSB change consistently to make it work
380      */
381     case 0x1a000 ... 0x1a003:
382         val = extract32(clock(), (4 - (addr - 0x1a000) - size) << 3,
383                         size << 3);
384         break;
385 
386     /* For now return dummy byte to allow the Ethernet test to timeout */
387     case 0x6000:
388         val = 0xff;
389         break;
390 
391     default:
392         DPRINTF("BMAP Read @ 0x%x size %u\n", (unsigned int)addr, size);
393         val = 0;
394         break;
395     }
396 
397     return val;
398 }
399 
400 static void next_scr_writefn(void *opaque, hwaddr addr, uint64_t val,
401                              unsigned size)
402 {
403     NeXTPC *s = NEXT_PC(opaque);
404 
405     switch (addr) {
406     case 0x14108:
407         DPRINTF("FDCSR Write: %x\n", value);
408         if (val == 0x0) {
409             /* qemu_irq_raise(s->fd_irq[0]); */
410         }
411         break;
412 
413     case 0x14020: /* SCSI Control Register */
414         if (val & SCSICSR_FIFOFL) {
415             DPRINTF("SCSICSR FIFO Flush\n");
416             /* will have to add another irq to the esp if this is needed */
417             /* esp_puflush_fifo(esp_g); */
418         }
419 
420         if (val & SCSICSR_ENABLE) {
421             DPRINTF("SCSICSR Enable\n");
422             /*
423              * qemu_irq_raise(s->scsi_dma);
424              * s->scsi_csr_1 = 0xc0;
425              * s->scsi_csr_1 |= 0x1;
426              * qemu_irq_pulse(s->scsi_dma);
427              */
428         }
429         /*
430          * else
431          *     s->scsi_csr_1 &= ~SCSICSR_ENABLE;
432          */
433 
434         if (val & SCSICSR_RESET) {
435             DPRINTF("SCSICSR Reset\n");
436             /* I think this should set DMADIR. CPUDMA and INTMASK to 0 */
437             qemu_irq_raise(s->scsi_reset);
438             s->scsi_csr_1 &= ~(SCSICSR_INTMASK | 0x80 | 0x1);
439             qemu_irq_lower(s->scsi_reset);
440         }
441         if (val & SCSICSR_DMADIR) {
442             DPRINTF("SCSICSR DMAdir\n");
443         }
444         if (val & SCSICSR_CPUDMA) {
445             DPRINTF("SCSICSR CPUDMA\n");
446             /* qemu_irq_raise(s->scsi_dma); */
447             s->int_status |= 0x4000000;
448         } else {
449             /* fprintf(stderr,"SCSICSR CPUDMA disabled\n"); */
450             s->int_status &= ~(0x4000000);
451             /* qemu_irq_lower(s->scsi_dma); */
452         }
453         if (val & SCSICSR_INTMASK) {
454             DPRINTF("SCSICSR INTMASK\n");
455             /*
456              * int_mask &= ~0x1000;
457              * s->scsi_csr_1 |= val;
458              * s->scsi_csr_1 &= ~SCSICSR_INTMASK;
459              * if (s->scsi_queued) {
460              *     s->scsi_queued = 0;
461              *     next_irq(s, NEXT_SCSI_I, level);
462              * }
463              */
464         } else {
465             /* int_mask |= 0x1000; */
466         }
467         if (val & 0x80) {
468             /* int_mask |= 0x1000; */
469             /* s->scsi_csr_1 |= 0x80; */
470         }
471         DPRINTF("SCSICSR Write: %x\n", val);
472         /* s->scsi_csr_1 = val; */
473         break;
474 
475     /* Hardware timer latch - not implemented yet */
476     case 0x1a000:
477     default:
478         DPRINTF("BMAP Write @ 0x%x with 0x%x size %u\n", (unsigned int)addr,
479                 val, size);
480     }
481 }
482 
483 static const MemoryRegionOps next_scr_ops = {
484     .read = next_scr_readfn,
485     .write = next_scr_writefn,
486     .valid.min_access_size = 1,
487     .valid.max_access_size = 4,
488     .endianness = DEVICE_BIG_ENDIAN,
489 };
490 
491 #define NEXTDMA_SCSI(x)      (0x10 + x)
492 #define NEXTDMA_FD(x)        (0x10 + x)
493 #define NEXTDMA_ENTX(x)      (0x110 + x)
494 #define NEXTDMA_ENRX(x)      (0x150 + x)
495 #define NEXTDMA_CSR          0x0
496 #define NEXTDMA_NEXT         0x4000
497 #define NEXTDMA_LIMIT        0x4004
498 #define NEXTDMA_START        0x4008
499 #define NEXTDMA_STOP         0x400c
500 #define NEXTDMA_NEXT_INIT    0x4200
501 #define NEXTDMA_SIZE         0x4204
502 
503 static void next_dma_write(void *opaque, hwaddr addr, uint64_t val,
504                            unsigned int size)
505 {
506     NeXTState *next_state = NEXT_MACHINE(opaque);
507 
508     switch (addr) {
509     case NEXTDMA_ENRX(NEXTDMA_CSR):
510         if (val & DMA_DEV2M) {
511             next_state->dma[NEXTDMA_ENRX].csr |= DMA_DEV2M;
512         }
513 
514         if (val & DMA_SETENABLE) {
515             /* DPRINTF("SCSI DMA ENABLE\n"); */
516             next_state->dma[NEXTDMA_ENRX].csr |= DMA_ENABLE;
517         }
518         if (val & DMA_SETSUPDATE) {
519             next_state->dma[NEXTDMA_ENRX].csr |= DMA_SUPDATE;
520         }
521         if (val & DMA_CLRCOMPLETE) {
522             next_state->dma[NEXTDMA_ENRX].csr &= ~DMA_COMPLETE;
523         }
524 
525         if (val & DMA_RESET) {
526             next_state->dma[NEXTDMA_ENRX].csr &= ~(DMA_COMPLETE | DMA_SUPDATE |
527                                                   DMA_ENABLE | DMA_DEV2M);
528         }
529         /* DPRINTF("RXCSR \tWrite: %x\n",value); */
530         break;
531 
532     case NEXTDMA_ENRX(NEXTDMA_NEXT_INIT):
533         next_state->dma[NEXTDMA_ENRX].next_initbuf = val;
534         break;
535 
536     case NEXTDMA_ENRX(NEXTDMA_NEXT):
537         next_state->dma[NEXTDMA_ENRX].next = val;
538         break;
539 
540     case NEXTDMA_ENRX(NEXTDMA_LIMIT):
541         next_state->dma[NEXTDMA_ENRX].limit = val;
542         break;
543 
544     case NEXTDMA_SCSI(NEXTDMA_CSR):
545         if (val & DMA_DEV2M) {
546             next_state->dma[NEXTDMA_SCSI].csr |= DMA_DEV2M;
547         }
548         if (val & DMA_SETENABLE) {
549             /* DPRINTF("SCSI DMA ENABLE\n"); */
550             next_state->dma[NEXTDMA_SCSI].csr |= DMA_ENABLE;
551         }
552         if (val & DMA_SETSUPDATE) {
553             next_state->dma[NEXTDMA_SCSI].csr |= DMA_SUPDATE;
554         }
555         if (val & DMA_CLRCOMPLETE) {
556             next_state->dma[NEXTDMA_SCSI].csr &= ~DMA_COMPLETE;
557         }
558 
559         if (val & DMA_RESET) {
560             next_state->dma[NEXTDMA_SCSI].csr &= ~(DMA_COMPLETE | DMA_SUPDATE |
561                                                   DMA_ENABLE | DMA_DEV2M);
562             /* DPRINTF("SCSI DMA RESET\n"); */
563         }
564         /* DPRINTF("RXCSR \tWrite: %x\n",value); */
565         break;
566 
567     case NEXTDMA_SCSI(NEXTDMA_NEXT):
568         next_state->dma[NEXTDMA_SCSI].next = val;
569         break;
570 
571     case NEXTDMA_SCSI(NEXTDMA_LIMIT):
572         next_state->dma[NEXTDMA_SCSI].limit = val;
573         break;
574 
575     case NEXTDMA_SCSI(NEXTDMA_START):
576         next_state->dma[NEXTDMA_SCSI].start = val;
577         break;
578 
579     case NEXTDMA_SCSI(NEXTDMA_STOP):
580         next_state->dma[NEXTDMA_SCSI].stop = val;
581         break;
582 
583     case NEXTDMA_SCSI(NEXTDMA_NEXT_INIT):
584         next_state->dma[NEXTDMA_SCSI].next_initbuf = val;
585         break;
586 
587     default:
588         DPRINTF("DMA write @ %x w/ %x\n", (unsigned)addr, (unsigned)value);
589     }
590 }
591 
592 static uint64_t next_dma_read(void *opaque, hwaddr addr, unsigned int size)
593 {
594     NeXTState *next_state = NEXT_MACHINE(opaque);
595     uint64_t val;
596 
597     switch (addr) {
598     case NEXTDMA_SCSI(NEXTDMA_CSR):
599         DPRINTF("SCSI DMA CSR READ\n");
600         val = next_state->dma[NEXTDMA_SCSI].csr;
601         break;
602 
603     case NEXTDMA_ENRX(NEXTDMA_CSR):
604         val = next_state->dma[NEXTDMA_ENRX].csr;
605         break;
606 
607     case NEXTDMA_ENRX(NEXTDMA_NEXT_INIT):
608         val = next_state->dma[NEXTDMA_ENRX].next_initbuf;
609         break;
610 
611     case NEXTDMA_ENRX(NEXTDMA_NEXT):
612         val = next_state->dma[NEXTDMA_ENRX].next;
613         break;
614 
615     case NEXTDMA_ENRX(NEXTDMA_LIMIT):
616         val = next_state->dma[NEXTDMA_ENRX].limit;
617         break;
618 
619     case NEXTDMA_SCSI(NEXTDMA_NEXT):
620         val = next_state->dma[NEXTDMA_SCSI].next;
621         break;
622 
623     case NEXTDMA_SCSI(NEXTDMA_NEXT_INIT):
624         val = next_state->dma[NEXTDMA_SCSI].next_initbuf;
625         break;
626 
627     case NEXTDMA_SCSI(NEXTDMA_LIMIT):
628         val = next_state->dma[NEXTDMA_SCSI].limit;
629         break;
630 
631     case NEXTDMA_SCSI(NEXTDMA_START):
632         val = next_state->dma[NEXTDMA_SCSI].start;
633         break;
634 
635     case NEXTDMA_SCSI(NEXTDMA_STOP):
636         val = next_state->dma[NEXTDMA_SCSI].stop;
637         break;
638 
639     default:
640         DPRINTF("DMA read @ %x\n", (unsigned int)addr);
641         val = 0;
642     }
643 
644     /*
645      * once the csr's are done, subtract 0x3FEC from the addr, and that will
646      * normalize the upper registers
647      */
648 
649     return val;
650 }
651 
652 static const MemoryRegionOps next_dma_ops = {
653     .read = next_dma_read,
654     .write = next_dma_write,
655     .impl.min_access_size = 4,
656     .valid.min_access_size = 4,
657     .valid.max_access_size = 4,
658     .endianness = DEVICE_BIG_ENDIAN,
659 };
660 
661 static void next_irq(void *opaque, int number, int level)
662 {
663     NeXTPC *s = NEXT_PC(opaque);
664     M68kCPU *cpu = s->cpu;
665     int shift = 0;
666 
667     /* first switch sets interrupt status */
668     /* DPRINTF("IRQ %i\n",number); */
669     switch (number) {
670     /* level 3 - floppy, kbd/mouse, power, ether rx/tx, scsi, clock */
671     case NEXT_FD_I:
672         shift = 7;
673         break;
674     case NEXT_KBD_I:
675         shift = 3;
676         break;
677     case NEXT_PWR_I:
678         shift = 2;
679         break;
680     case NEXT_ENRX_I:
681         shift = 9;
682         break;
683     case NEXT_ENTX_I:
684         shift = 10;
685         break;
686     case NEXT_SCSI_I:
687         shift = 12;
688         break;
689     case NEXT_CLK_I:
690         shift = 5;
691         break;
692 
693     /* level 5 - scc (serial) */
694     case NEXT_SCC_I:
695         shift = 17;
696         break;
697 
698     /* level 6 - audio etherrx/tx dma */
699     case NEXT_ENTX_DMA_I:
700         shift = 28;
701         break;
702     case NEXT_ENRX_DMA_I:
703         shift = 27;
704         break;
705     case NEXT_SCSI_DMA_I:
706         shift = 26;
707         break;
708     case NEXT_SND_I:
709         shift = 23;
710         break;
711     case NEXT_SCC_DMA_I:
712         shift = 21;
713         break;
714 
715     }
716     /*
717      * this HAS to be wrong, the interrupt handlers in mach and together
718      * int_status and int_mask and return if there is a hit
719      */
720     if (s->int_mask & (1 << shift)) {
721         DPRINTF("%x interrupt masked @ %x\n", 1 << shift, cpu->env.pc);
722         /* return; */
723     }
724 
725     /* second switch triggers the correct interrupt */
726     if (level) {
727         s->int_status |= 1 << shift;
728 
729         switch (number) {
730         /* level 3 - floppy, kbd/mouse, power, ether rx/tx, scsi, clock */
731         case NEXT_FD_I:
732         case NEXT_KBD_I:
733         case NEXT_PWR_I:
734         case NEXT_ENRX_I:
735         case NEXT_ENTX_I:
736         case NEXT_SCSI_I:
737         case NEXT_CLK_I:
738             m68k_set_irq_level(cpu, 3, 27);
739             break;
740 
741         /* level 5 - scc (serial) */
742         case NEXT_SCC_I:
743             m68k_set_irq_level(cpu, 5, 29);
744             break;
745 
746         /* level 6 - audio etherrx/tx dma */
747         case NEXT_ENTX_DMA_I:
748         case NEXT_ENRX_DMA_I:
749         case NEXT_SCSI_DMA_I:
750         case NEXT_SND_I:
751         case NEXT_SCC_DMA_I:
752             m68k_set_irq_level(cpu, 6, 30);
753             break;
754         }
755     } else {
756         s->int_status &= ~(1 << shift);
757         cpu_reset_interrupt(CPU(cpu), CPU_INTERRUPT_HARD);
758     }
759 }
760 
761 static void nextdma_write(void *opaque, uint8_t *buf, int size, int type)
762 {
763     uint32_t base_addr;
764     int irq = 0;
765     uint8_t align = 16;
766     NeXTState *next_state = NEXT_MACHINE(qdev_get_machine());
767 
768     if (type == NEXTDMA_ENRX || type == NEXTDMA_ENTX) {
769         align = 32;
770     }
771     /* Most DMA is supposedly 16 byte aligned */
772     if ((size % align) != 0) {
773         size -= size % align;
774         size += align;
775     }
776 
777     /*
778      * prom sets the dma start using initbuf while the bootloader uses next
779      * so we check to see if initbuf is 0
780      */
781     if (next_state->dma[type].next_initbuf == 0) {
782         base_addr = next_state->dma[type].next;
783     } else {
784         base_addr = next_state->dma[type].next_initbuf;
785     }
786 
787     cpu_physical_memory_write(base_addr, buf, size);
788 
789     next_state->dma[type].next_initbuf = 0;
790 
791     /* saved limit is checked to calculate packet size by both, rom and netbsd */
792     next_state->dma[type].saved_limit = (next_state->dma[type].next + size);
793     next_state->dma[type].saved_next  = (next_state->dma[type].next);
794 
795     /*
796      * 32 bytes under savedbase seems to be some kind of register
797      * of which the purpose is unknown as of yet
798      */
799     /* stl_phys(s->rx_dma.base-32,0xFFFFFFFF); */
800 
801     if (!(next_state->dma[type].csr & DMA_SUPDATE)) {
802         next_state->dma[type].next  = next_state->dma[type].start;
803         next_state->dma[type].limit = next_state->dma[type].stop;
804     }
805 
806     /* Set dma registers and raise an irq */
807     next_state->dma[type].csr |= DMA_COMPLETE; /* DON'T CHANGE THIS! */
808 
809     switch (type) {
810     case NEXTDMA_SCSI:
811         irq = NEXT_SCSI_DMA_I;
812         break;
813     }
814 
815     next_irq(opaque, irq, 1);
816     next_irq(opaque, irq, 0);
817 }
818 
819 static void nextscsi_read(void *opaque, uint8_t *buf, int len)
820 {
821     DPRINTF("SCSI READ: %x\n", len);
822     abort();
823 }
824 
825 static void nextscsi_write(void *opaque, uint8_t *buf, int size)
826 {
827     DPRINTF("SCSI WRITE: %i\n", size);
828     nextdma_write(opaque, buf, size, NEXTDMA_SCSI);
829 }
830 
831 static void next_scsi_init(DeviceState *pcdev, M68kCPU *cpu)
832 {
833     struct NeXTPC *next_pc = NEXT_PC(pcdev);
834     DeviceState *dev;
835     SysBusDevice *sysbusdev;
836     SysBusESPState *sysbus_esp;
837     ESPState *esp;
838 
839     dev = qdev_new(TYPE_SYSBUS_ESP);
840     sysbus_esp = SYSBUS_ESP(dev);
841     esp = &sysbus_esp->esp;
842     esp->dma_memory_read = nextscsi_read;
843     esp->dma_memory_write = nextscsi_write;
844     esp->dma_opaque = pcdev;
845     sysbus_esp->it_shift = 0;
846     esp->dma_enabled = 1;
847     sysbusdev = SYS_BUS_DEVICE(dev);
848     sysbus_realize_and_unref(sysbusdev, &error_fatal);
849     sysbus_connect_irq(sysbusdev, 0, qdev_get_gpio_in(pcdev, NEXT_SCSI_I));
850     sysbus_mmio_map(sysbusdev, 0, 0x2114000);
851 
852     next_pc->scsi_reset = qdev_get_gpio_in(dev, 0);
853     next_pc->scsi_dma = qdev_get_gpio_in(dev, 1);
854 
855     scsi_bus_legacy_handle_cmdline(&esp->bus);
856 }
857 
858 static void next_escc_init(DeviceState *pcdev)
859 {
860     DeviceState *dev;
861     SysBusDevice *s;
862 
863     dev = qdev_new(TYPE_ESCC);
864     qdev_prop_set_uint32(dev, "disabled", 0);
865     qdev_prop_set_uint32(dev, "frequency", 9600 * 384);
866     qdev_prop_set_uint32(dev, "it_shift", 0);
867     qdev_prop_set_bit(dev, "bit_swap", true);
868     qdev_prop_set_chr(dev, "chrB", serial_hd(1));
869     qdev_prop_set_chr(dev, "chrA", serial_hd(0));
870     qdev_prop_set_uint32(dev, "chnBtype", escc_serial);
871     qdev_prop_set_uint32(dev, "chnAtype", escc_serial);
872 
873     s = SYS_BUS_DEVICE(dev);
874     sysbus_realize_and_unref(s, &error_fatal);
875     sysbus_connect_irq(s, 0, qdev_get_gpio_in(pcdev, NEXT_SCC_I));
876     sysbus_connect_irq(s, 1, qdev_get_gpio_in(pcdev, NEXT_SCC_DMA_I));
877     sysbus_mmio_map(s, 0, 0x2118000);
878 }
879 
880 static void next_pc_reset(DeviceState *dev)
881 {
882     NeXTPC *s = NEXT_PC(dev);
883 
884     /* Set internal registers to initial values */
885     /*     0x0000XX00 << vital bits */
886     s->scr1 = 0x00011102;
887     s->scr2 = 0x00ff0c80;
888     s->old_scr2 = s->scr2;
889 
890     s->rtc.status = 0x90;
891 
892     /* Load RTC RAM - TODO: provide possibility to load contents from file */
893     memcpy(s->rtc.ram, rtc_ram2, 32);
894 }
895 
896 static void next_pc_realize(DeviceState *dev, Error **errp)
897 {
898     NeXTPC *s = NEXT_PC(dev);
899     SysBusDevice *sbd = SYS_BUS_DEVICE(dev);
900 
901     qdev_init_gpio_in(dev, next_irq, NEXT_NUM_IRQS);
902 
903     memory_region_init_io(&s->mmiomem, OBJECT(s), &next_mmio_ops, s,
904                           "next.mmio", 0xd0000);
905     memory_region_init_io(&s->scrmem, OBJECT(s), &next_scr_ops, s,
906                           "next.scr", 0x20000);
907     sysbus_init_mmio(sbd, &s->mmiomem);
908     sysbus_init_mmio(sbd, &s->scrmem);
909 }
910 
911 /*
912  * If the m68k CPU implemented its inbound irq lines as GPIO lines
913  * rather than via the m68k_set_irq_level() function we would not need
914  * this cpu link property and could instead provide outbound IRQ lines
915  * that the board could wire up to the CPU.
916  */
917 static Property next_pc_properties[] = {
918     DEFINE_PROP_LINK("cpu", NeXTPC, cpu, TYPE_M68K_CPU, M68kCPU *),
919     DEFINE_PROP_END_OF_LIST(),
920 };
921 
922 static const VMStateDescription next_rtc_vmstate = {
923     .name = "next-rtc",
924     .version_id = 2,
925     .minimum_version_id = 2,
926     .fields = (const VMStateField[]) {
927         VMSTATE_INT8(phase, NextRtc),
928         VMSTATE_UINT8_ARRAY(ram, NextRtc, 32),
929         VMSTATE_UINT8(command, NextRtc),
930         VMSTATE_UINT8(value, NextRtc),
931         VMSTATE_UINT8(status, NextRtc),
932         VMSTATE_UINT8(control, NextRtc),
933         VMSTATE_UINT8(retval, NextRtc),
934         VMSTATE_END_OF_LIST()
935     },
936 };
937 
938 static const VMStateDescription next_pc_vmstate = {
939     .name = "next-pc",
940     .version_id = 2,
941     .minimum_version_id = 2,
942     .fields = (const VMStateField[]) {
943         VMSTATE_UINT32(scr1, NeXTPC),
944         VMSTATE_UINT32(scr2, NeXTPC),
945         VMSTATE_UINT32(old_scr2, NeXTPC),
946         VMSTATE_UINT32(int_mask, NeXTPC),
947         VMSTATE_UINT32(int_status, NeXTPC),
948         VMSTATE_UINT32(led, NeXTPC),
949         VMSTATE_UINT8(scsi_csr_1, NeXTPC),
950         VMSTATE_UINT8(scsi_csr_2, NeXTPC),
951         VMSTATE_STRUCT(rtc, NeXTPC, 0, next_rtc_vmstate, NextRtc),
952         VMSTATE_END_OF_LIST()
953     },
954 };
955 
956 static void next_pc_class_init(ObjectClass *klass, void *data)
957 {
958     DeviceClass *dc = DEVICE_CLASS(klass);
959 
960     dc->desc = "NeXT Peripheral Controller";
961     dc->realize = next_pc_realize;
962     dc->reset = next_pc_reset;
963     device_class_set_props(dc, next_pc_properties);
964     dc->vmsd = &next_pc_vmstate;
965 }
966 
967 static const TypeInfo next_pc_info = {
968     .name = TYPE_NEXT_PC,
969     .parent = TYPE_SYS_BUS_DEVICE,
970     .instance_size = sizeof(NeXTPC),
971     .class_init = next_pc_class_init,
972 };
973 
974 static void next_cube_init(MachineState *machine)
975 {
976     NeXTState *m = NEXT_MACHINE(machine);
977     M68kCPU *cpu;
978     CPUM68KState *env;
979     MemoryRegion *sysmem = get_system_memory();
980     const char *bios_name = machine->firmware ?: ROM_FILE;
981     DeviceState *pcdev;
982 
983     /* Initialize the cpu core */
984     cpu = M68K_CPU(cpu_create(machine->cpu_type));
985     if (!cpu) {
986         error_report("Unable to find m68k CPU definition");
987         exit(1);
988     }
989     env = &cpu->env;
990 
991     /* Initialize CPU registers.  */
992     env->vbr = 0;
993     env->sr  = 0x2700;
994 
995     /* Peripheral Controller */
996     pcdev = qdev_new(TYPE_NEXT_PC);
997     object_property_set_link(OBJECT(pcdev), "cpu", OBJECT(cpu), &error_abort);
998     sysbus_realize_and_unref(SYS_BUS_DEVICE(pcdev), &error_fatal);
999 
1000     /* 64MB RAM starting at 0x04000000  */
1001     memory_region_add_subregion(sysmem, 0x04000000, machine->ram);
1002 
1003     /* Framebuffer */
1004     sysbus_create_simple(TYPE_NEXTFB, 0x0B000000, NULL);
1005 
1006     /* MMIO */
1007     sysbus_mmio_map(SYS_BUS_DEVICE(pcdev), 0, 0x02000000);
1008 
1009     /* BMAP IO - acts as a catch-all for now */
1010     sysbus_mmio_map(SYS_BUS_DEVICE(pcdev), 1, 0x02100000);
1011 
1012     /* BMAP memory */
1013     memory_region_init_ram_flags_nomigrate(&m->bmapm1, NULL, "next.bmapmem",
1014                                            64, RAM_SHARED, &error_fatal);
1015     memory_region_add_subregion(sysmem, 0x020c0000, &m->bmapm1);
1016     /* The Rev_2.5_v66.bin firmware accesses it at 0x820c0020, too */
1017     memory_region_init_alias(&m->bmapm2, NULL, "next.bmapmem2", &m->bmapm1,
1018                              0x0, 64);
1019     memory_region_add_subregion(sysmem, 0x820c0000, &m->bmapm2);
1020 
1021     /* KBD */
1022     sysbus_create_simple(TYPE_NEXTKBD, 0x0200e000, NULL);
1023 
1024     /* Load ROM here */
1025     memory_region_init_rom(&m->rom, NULL, "next.rom", 0x20000, &error_fatal);
1026     memory_region_add_subregion(sysmem, 0x01000000, &m->rom);
1027     memory_region_init_alias(&m->rom2, NULL, "next.rom2", &m->rom, 0x0,
1028                              0x20000);
1029     memory_region_add_subregion(sysmem, 0x0, &m->rom2);
1030     if (load_image_targphys(bios_name, 0x01000000, 0x20000) < 8) {
1031         if (!qtest_enabled()) {
1032             error_report("Failed to load firmware '%s'.", bios_name);
1033         }
1034     } else {
1035         uint8_t *ptr;
1036         /* Initial PC is always at offset 4 in firmware binaries */
1037         ptr = rom_ptr(0x01000004, 4);
1038         g_assert(ptr != NULL);
1039         env->pc = ldl_p(ptr);
1040         if (env->pc >= 0x01020000) {
1041             error_report("'%s' does not seem to be a valid firmware image.",
1042                          bios_name);
1043             exit(1);
1044         }
1045     }
1046 
1047     /* Serial */
1048     next_escc_init(pcdev);
1049 
1050     /* TODO: */
1051     /* Network */
1052     /* SCSI */
1053     next_scsi_init(pcdev, cpu);
1054 
1055     /* DMA */
1056     memory_region_init_io(&m->dmamem, NULL, &next_dma_ops, machine,
1057                           "next.dma", 0x5000);
1058     memory_region_add_subregion(sysmem, 0x02000000, &m->dmamem);
1059 }
1060 
1061 static void next_machine_class_init(ObjectClass *oc, void *data)
1062 {
1063     MachineClass *mc = MACHINE_CLASS(oc);
1064 
1065     mc->desc = "NeXT Cube";
1066     mc->init = next_cube_init;
1067     mc->block_default_type = IF_SCSI;
1068     mc->default_ram_size = RAM_SIZE;
1069     mc->default_ram_id = "next.ram";
1070     mc->default_cpu_type = M68K_CPU_TYPE_NAME("m68040");
1071 }
1072 
1073 static const TypeInfo next_typeinfo = {
1074     .name = TYPE_NEXT_MACHINE,
1075     .parent = TYPE_MACHINE,
1076     .class_init = next_machine_class_init,
1077     .instance_size = sizeof(NeXTState),
1078 };
1079 
1080 static void next_register_type(void)
1081 {
1082     type_register_static(&next_typeinfo);
1083     type_register_static(&next_pc_info);
1084 }
1085 
1086 type_init(next_register_type)
1087