1 /* 2 * NeXT Cube System Driver 3 * 4 * Copyright (c) 2011 Bryce Lanham 5 * 6 * This code is free software; you can redistribute it and/or modify 7 * it under the terms of the GNU General Public License as published 8 * by the Free Software Foundation; either version 2 of the License, 9 * or (at your option) any later version. 10 */ 11 12 #include "qemu/osdep.h" 13 #include "exec/hwaddr.h" 14 #include "system/system.h" 15 #include "system/qtest.h" 16 #include "hw/irq.h" 17 #include "hw/m68k/next-cube.h" 18 #include "hw/boards.h" 19 #include "hw/loader.h" 20 #include "hw/scsi/esp.h" 21 #include "hw/sysbus.h" 22 #include "qom/object.h" 23 #include "hw/char/escc.h" /* ZILOG 8530 Serial Emulation */ 24 #include "hw/block/fdc.h" 25 #include "hw/misc/empty_slot.h" 26 #include "hw/qdev-properties.h" 27 #include "qapi/error.h" 28 #include "qemu/error-report.h" 29 #include "ui/console.h" 30 #include "target/m68k/cpu.h" 31 #include "migration/vmstate.h" 32 33 /* #define DEBUG_NEXT */ 34 #ifdef DEBUG_NEXT 35 #define DPRINTF(fmt, ...) \ 36 do { printf("NeXT: " fmt , ## __VA_ARGS__); } while (0) 37 #else 38 #define DPRINTF(fmt, ...) do { } while (0) 39 #endif 40 41 #define ENTRY 0x0100001e 42 #define RAM_SIZE 0x4000000 43 #define ROM_FILE "Rev_2.5_v66.bin" 44 45 typedef struct NeXTRTC { 46 int8_t phase; 47 uint8_t ram[32]; 48 uint8_t command; 49 uint8_t value; 50 uint8_t status; 51 uint8_t control; 52 uint8_t retval; 53 } NeXTRTC; 54 55 #define TYPE_NEXT_SCSI "next-scsi" 56 OBJECT_DECLARE_SIMPLE_TYPE(NeXTSCSI, NEXT_SCSI) 57 58 /* NeXT SCSI Controller */ 59 struct NeXTSCSI { 60 SysBusDevice parent_obj; 61 62 MemoryRegion scsi_mem; 63 64 SysBusESPState sysbus_esp; 65 66 MemoryRegion scsi_csr_mem; 67 uint8_t scsi_csr_1; 68 uint8_t scsi_csr_2; 69 }; 70 71 #define TYPE_NEXT_PC "next-pc" 72 OBJECT_DECLARE_SIMPLE_TYPE(NeXTPC, NEXT_PC) 73 74 /* NeXT Peripheral Controller */ 75 struct NeXTPC { 76 SysBusDevice parent_obj; 77 78 M68kCPU *cpu; 79 80 MemoryRegion floppy_mem; 81 MemoryRegion timer_mem; 82 MemoryRegion dummyen_mem; 83 MemoryRegion mmiomem; 84 MemoryRegion scrmem; 85 86 uint32_t scr1; 87 uint32_t scr2; 88 uint32_t old_scr2; 89 uint32_t int_mask; 90 uint32_t int_status; 91 uint32_t led; 92 93 NeXTSCSI next_scsi; 94 95 qemu_irq scsi_reset; 96 qemu_irq scsi_dma; 97 98 ESCCState escc; 99 100 NeXTRTC rtc; 101 qemu_irq rtc_power_irq; 102 }; 103 104 typedef struct next_dma { 105 uint32_t csr; 106 107 uint32_t saved_next; 108 uint32_t saved_limit; 109 uint32_t saved_start; 110 uint32_t saved_stop; 111 112 uint32_t next; 113 uint32_t limit; 114 uint32_t start; 115 uint32_t stop; 116 117 uint32_t next_initbuf; 118 uint32_t size; 119 } next_dma; 120 121 #define TYPE_NEXT_MACHINE MACHINE_TYPE_NAME("next-cube") 122 OBJECT_DECLARE_SIMPLE_TYPE(NeXTState, NEXT_MACHINE) 123 124 struct NeXTState { 125 MachineState parent; 126 127 MemoryRegion rom; 128 MemoryRegion rom2; 129 MemoryRegion dmamem; 130 MemoryRegion bmapm1; 131 MemoryRegion bmapm2; 132 133 next_dma dma[10]; 134 }; 135 136 /* Thanks to NeXT forums for this */ 137 /* 138 static const uint8_t rtc_ram3[32] = { 139 0x94, 0x0f, 0x40, 0x00, 0x00, 0x00, 0x00, 0x00, 140 0x00, 0x00, 0xfb, 0x6d, 0x00, 0x00, 0x7B, 0x00, 141 0x00, 0x00, 0x65, 0x6e, 0x00, 0x00, 0x00, 0x00, 142 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x50, 0x13 143 }; 144 */ 145 static const uint8_t rtc_ram2[32] = { 146 0x94, 0x0f, 0x40, 0x03, 0x00, 0x00, 0x00, 0x00, 147 0x00, 0x00, 0xfb, 0x6d, 0x00, 0x00, 0x4b, 0x00, 148 0x41, 0x00, 0x20, 0x00, 0x00, 0x00, 0x00, 0x00, 149 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x84, 0x7e, 150 }; 151 152 #define SCR2_RTCLK 0x2 153 #define SCR2_RTDATA 0x4 154 #define SCR2_TOBCD(x) (((x / 10) << 4) + (x % 10)) 155 156 static void next_scr2_led_update(NeXTPC *s) 157 { 158 if (s->scr2 & 0x1) { 159 DPRINTF("fault!\n"); 160 s->led++; 161 if (s->led == 10) { 162 DPRINTF("LED flashing, possible fault!\n"); 163 s->led = 0; 164 } 165 } 166 } 167 168 static void next_scr2_rtc_update(NeXTPC *s) 169 { 170 uint8_t old_scr2, scr2_2; 171 NeXTRTC *rtc = &s->rtc; 172 173 old_scr2 = extract32(s->old_scr2, 8, 8); 174 scr2_2 = extract32(s->scr2, 8, 8); 175 176 if (scr2_2 & 0x1) { 177 /* DPRINTF("RTC %x phase %i\n", scr2_2, rtc->phase); */ 178 if (rtc->phase == -1) { 179 rtc->phase = 0; 180 } 181 /* If we are in going down clock... do something */ 182 if (((old_scr2 & SCR2_RTCLK) != (scr2_2 & SCR2_RTCLK)) && 183 ((scr2_2 & SCR2_RTCLK) == 0)) { 184 if (rtc->phase < 8) { 185 rtc->command = (rtc->command << 1) | 186 ((scr2_2 & SCR2_RTDATA) ? 1 : 0); 187 } 188 if (rtc->phase >= 8 && rtc->phase < 16) { 189 rtc->value = (rtc->value << 1) | 190 ((scr2_2 & SCR2_RTDATA) ? 1 : 0); 191 192 /* if we read RAM register, output RT_DATA bit */ 193 if (rtc->command <= 0x1F) { 194 scr2_2 = scr2_2 & (~SCR2_RTDATA); 195 if (rtc->ram[rtc->command] & (0x80 >> (rtc->phase - 8))) { 196 scr2_2 |= SCR2_RTDATA; 197 } 198 199 rtc->retval = (rtc->retval << 1) | 200 ((scr2_2 & SCR2_RTDATA) ? 1 : 0); 201 } 202 /* read the status 0x30 */ 203 if (rtc->command == 0x30) { 204 scr2_2 = scr2_2 & (~SCR2_RTDATA); 205 /* for now status = 0x98 (new rtc + FTU) */ 206 if (rtc->status & (0x80 >> (rtc->phase - 8))) { 207 scr2_2 |= SCR2_RTDATA; 208 } 209 210 rtc->retval = (rtc->retval << 1) | 211 ((scr2_2 & SCR2_RTDATA) ? 1 : 0); 212 } 213 /* read the status 0x31 */ 214 if (rtc->command == 0x31) { 215 scr2_2 = scr2_2 & (~SCR2_RTDATA); 216 if (rtc->control & (0x80 >> (rtc->phase - 8))) { 217 scr2_2 |= SCR2_RTDATA; 218 } 219 rtc->retval = (rtc->retval << 1) | 220 ((scr2_2 & SCR2_RTDATA) ? 1 : 0); 221 } 222 223 if ((rtc->command >= 0x20) && (rtc->command <= 0x2F)) { 224 scr2_2 = scr2_2 & (~SCR2_RTDATA); 225 /* for now 0x00 */ 226 time_t time_h = time(NULL); 227 struct tm *info = localtime(&time_h); 228 int ret = 0; 229 230 switch (rtc->command) { 231 case 0x20: 232 ret = SCR2_TOBCD(info->tm_sec); 233 break; 234 case 0x21: 235 ret = SCR2_TOBCD(info->tm_min); 236 break; 237 case 0x22: 238 ret = SCR2_TOBCD(info->tm_hour); 239 break; 240 case 0x24: 241 ret = SCR2_TOBCD(info->tm_mday); 242 break; 243 case 0x25: 244 ret = SCR2_TOBCD((info->tm_mon + 1)); 245 break; 246 case 0x26: 247 ret = SCR2_TOBCD((info->tm_year - 100)); 248 break; 249 250 } 251 252 if (ret & (0x80 >> (rtc->phase - 8))) { 253 scr2_2 |= SCR2_RTDATA; 254 } 255 rtc->retval = (rtc->retval << 1) | 256 ((scr2_2 & SCR2_RTDATA) ? 1 : 0); 257 } 258 259 } 260 261 rtc->phase++; 262 if (rtc->phase == 16) { 263 if (rtc->command >= 0x80 && rtc->command <= 0x9F) { 264 rtc->ram[rtc->command - 0x80] = rtc->value; 265 } 266 /* write to x30 register */ 267 if (rtc->command == 0xB1) { 268 /* clear FTU */ 269 if (rtc->value & 0x04) { 270 rtc->status = rtc->status & (~0x18); 271 qemu_irq_lower(s->rtc_power_irq); 272 } 273 } 274 } 275 } 276 } else { 277 /* else end or abort */ 278 rtc->phase = -1; 279 rtc->command = 0; 280 rtc->value = 0; 281 } 282 283 s->scr2 = deposit32(s->scr2, 8, 8, scr2_2); 284 } 285 286 static uint64_t next_mmio_read(void *opaque, hwaddr addr, unsigned size) 287 { 288 NeXTPC *s = NEXT_PC(opaque); 289 uint64_t val; 290 291 switch (addr) { 292 case 0x2000: /* 0x2007000 */ 293 /* DPRINTF("Read INT status: %x\n", s->int_status); */ 294 val = s->int_status; 295 break; 296 297 case 0x2800: /* 0x2007800 */ 298 DPRINTF("MMIO Read INT mask: %x\n", s->int_mask); 299 val = s->int_mask; 300 break; 301 302 case 0x7000 ... 0x7003: /* 0x200c000 */ 303 val = extract32(s->scr1, (4 - (addr - 0x7000) - size) << 3, 304 size << 3); 305 break; 306 307 case 0x8000 ... 0x8003: /* 0x200d000 */ 308 val = extract32(s->scr2, (4 - (addr - 0x8000) - size) << 3, 309 size << 3); 310 break; 311 312 default: 313 val = 0; 314 DPRINTF("MMIO Read @ 0x%"HWADDR_PRIx" size %d\n", addr, size); 315 break; 316 } 317 318 return val; 319 } 320 321 static void next_mmio_write(void *opaque, hwaddr addr, uint64_t val, 322 unsigned size) 323 { 324 NeXTPC *s = NEXT_PC(opaque); 325 326 switch (addr) { 327 case 0x2000: /* 0x2007000 */ 328 DPRINTF("INT Status old: %x new: %x\n", s->int_status, 329 (unsigned int)val); 330 s->int_status = val; 331 break; 332 333 case 0x2800: /* 0x2007800 */ 334 DPRINTF("INT Mask old: %x new: %x\n", s->int_mask, (unsigned int)val); 335 s->int_mask = val; 336 break; 337 338 case 0x7000 ... 0x7003: /* 0x200c000 */ 339 DPRINTF("SCR1 Write: %x\n", (unsigned int)val); 340 s->scr1 = deposit32(s->scr1, (4 - (addr - 0x7000) - size) << 3, 341 size << 3, val); 342 break; 343 344 case 0x8000 ... 0x8003: /* 0x200d000 */ 345 s->scr2 = deposit32(s->scr2, (4 - (addr - 0x8000) - size) << 3, 346 size << 3, val); 347 next_scr2_led_update(s); 348 next_scr2_rtc_update(s); 349 s->old_scr2 = s->scr2; 350 break; 351 352 default: 353 DPRINTF("MMIO Write @ 0x%"HWADDR_PRIx " with 0x%x size %u\n", addr, 354 (unsigned int)val, size); 355 } 356 } 357 358 static const MemoryRegionOps next_mmio_ops = { 359 .read = next_mmio_read, 360 .write = next_mmio_write, 361 .valid.min_access_size = 1, 362 .valid.max_access_size = 4, 363 .endianness = DEVICE_BIG_ENDIAN, 364 }; 365 366 #define SCSICSR_ENABLE 0x01 367 #define SCSICSR_RESET 0x02 /* reset scsi dma */ 368 #define SCSICSR_FIFOFL 0x04 369 #define SCSICSR_DMADIR 0x08 /* if set, scsi to mem */ 370 #define SCSICSR_CPUDMA 0x10 /* if set, dma enabled */ 371 #define SCSICSR_INTMASK 0x20 /* if set, interrupt enabled */ 372 373 #define NEXTDMA_SCSI(x) (0x10 + x) 374 #define NEXTDMA_FD(x) (0x10 + x) 375 #define NEXTDMA_ENTX(x) (0x110 + x) 376 #define NEXTDMA_ENRX(x) (0x150 + x) 377 #define NEXTDMA_CSR 0x0 378 #define NEXTDMA_NEXT 0x4000 379 #define NEXTDMA_LIMIT 0x4004 380 #define NEXTDMA_START 0x4008 381 #define NEXTDMA_STOP 0x400c 382 #define NEXTDMA_NEXT_INIT 0x4200 383 #define NEXTDMA_SIZE 0x4204 384 385 static void next_dma_write(void *opaque, hwaddr addr, uint64_t val, 386 unsigned int size) 387 { 388 NeXTState *next_state = NEXT_MACHINE(opaque); 389 390 switch (addr) { 391 case NEXTDMA_ENRX(NEXTDMA_CSR): 392 if (val & DMA_DEV2M) { 393 next_state->dma[NEXTDMA_ENRX].csr |= DMA_DEV2M; 394 } 395 396 if (val & DMA_SETENABLE) { 397 /* DPRINTF("SCSI DMA ENABLE\n"); */ 398 next_state->dma[NEXTDMA_ENRX].csr |= DMA_ENABLE; 399 } 400 if (val & DMA_SETSUPDATE) { 401 next_state->dma[NEXTDMA_ENRX].csr |= DMA_SUPDATE; 402 } 403 if (val & DMA_CLRCOMPLETE) { 404 next_state->dma[NEXTDMA_ENRX].csr &= ~DMA_COMPLETE; 405 } 406 407 if (val & DMA_RESET) { 408 next_state->dma[NEXTDMA_ENRX].csr &= ~(DMA_COMPLETE | DMA_SUPDATE | 409 DMA_ENABLE | DMA_DEV2M); 410 } 411 /* DPRINTF("RXCSR \tWrite: %x\n",value); */ 412 break; 413 414 case NEXTDMA_ENRX(NEXTDMA_NEXT_INIT): 415 next_state->dma[NEXTDMA_ENRX].next_initbuf = val; 416 break; 417 418 case NEXTDMA_ENRX(NEXTDMA_NEXT): 419 next_state->dma[NEXTDMA_ENRX].next = val; 420 break; 421 422 case NEXTDMA_ENRX(NEXTDMA_LIMIT): 423 next_state->dma[NEXTDMA_ENRX].limit = val; 424 break; 425 426 case NEXTDMA_SCSI(NEXTDMA_CSR): 427 if (val & DMA_DEV2M) { 428 next_state->dma[NEXTDMA_SCSI].csr |= DMA_DEV2M; 429 } 430 if (val & DMA_SETENABLE) { 431 /* DPRINTF("SCSI DMA ENABLE\n"); */ 432 next_state->dma[NEXTDMA_SCSI].csr |= DMA_ENABLE; 433 } 434 if (val & DMA_SETSUPDATE) { 435 next_state->dma[NEXTDMA_SCSI].csr |= DMA_SUPDATE; 436 } 437 if (val & DMA_CLRCOMPLETE) { 438 next_state->dma[NEXTDMA_SCSI].csr &= ~DMA_COMPLETE; 439 } 440 441 if (val & DMA_RESET) { 442 next_state->dma[NEXTDMA_SCSI].csr &= ~(DMA_COMPLETE | DMA_SUPDATE | 443 DMA_ENABLE | DMA_DEV2M); 444 /* DPRINTF("SCSI DMA RESET\n"); */ 445 } 446 /* DPRINTF("RXCSR \tWrite: %x\n",value); */ 447 break; 448 449 case NEXTDMA_SCSI(NEXTDMA_NEXT): 450 next_state->dma[NEXTDMA_SCSI].next = val; 451 break; 452 453 case NEXTDMA_SCSI(NEXTDMA_LIMIT): 454 next_state->dma[NEXTDMA_SCSI].limit = val; 455 break; 456 457 case NEXTDMA_SCSI(NEXTDMA_START): 458 next_state->dma[NEXTDMA_SCSI].start = val; 459 break; 460 461 case NEXTDMA_SCSI(NEXTDMA_STOP): 462 next_state->dma[NEXTDMA_SCSI].stop = val; 463 break; 464 465 case NEXTDMA_SCSI(NEXTDMA_NEXT_INIT): 466 next_state->dma[NEXTDMA_SCSI].next_initbuf = val; 467 break; 468 469 default: 470 DPRINTF("DMA write @ %x w/ %x\n", (unsigned)addr, (unsigned)val); 471 } 472 } 473 474 static uint64_t next_dma_read(void *opaque, hwaddr addr, unsigned int size) 475 { 476 NeXTState *next_state = NEXT_MACHINE(opaque); 477 uint64_t val; 478 479 switch (addr) { 480 case NEXTDMA_SCSI(NEXTDMA_CSR): 481 DPRINTF("SCSI DMA CSR READ\n"); 482 val = next_state->dma[NEXTDMA_SCSI].csr; 483 break; 484 485 case NEXTDMA_ENRX(NEXTDMA_CSR): 486 val = next_state->dma[NEXTDMA_ENRX].csr; 487 break; 488 489 case NEXTDMA_ENRX(NEXTDMA_NEXT_INIT): 490 val = next_state->dma[NEXTDMA_ENRX].next_initbuf; 491 break; 492 493 case NEXTDMA_ENRX(NEXTDMA_NEXT): 494 val = next_state->dma[NEXTDMA_ENRX].next; 495 break; 496 497 case NEXTDMA_ENRX(NEXTDMA_LIMIT): 498 val = next_state->dma[NEXTDMA_ENRX].limit; 499 break; 500 501 case NEXTDMA_SCSI(NEXTDMA_NEXT): 502 val = next_state->dma[NEXTDMA_SCSI].next; 503 break; 504 505 case NEXTDMA_SCSI(NEXTDMA_NEXT_INIT): 506 val = next_state->dma[NEXTDMA_SCSI].next_initbuf; 507 break; 508 509 case NEXTDMA_SCSI(NEXTDMA_LIMIT): 510 val = next_state->dma[NEXTDMA_SCSI].limit; 511 break; 512 513 case NEXTDMA_SCSI(NEXTDMA_START): 514 val = next_state->dma[NEXTDMA_SCSI].start; 515 break; 516 517 case NEXTDMA_SCSI(NEXTDMA_STOP): 518 val = next_state->dma[NEXTDMA_SCSI].stop; 519 break; 520 521 default: 522 DPRINTF("DMA read @ %x\n", (unsigned int)addr); 523 val = 0; 524 } 525 526 /* 527 * once the csr's are done, subtract 0x3FEC from the addr, and that will 528 * normalize the upper registers 529 */ 530 531 return val; 532 } 533 534 static const MemoryRegionOps next_dma_ops = { 535 .read = next_dma_read, 536 .write = next_dma_write, 537 .impl.min_access_size = 4, 538 .valid.min_access_size = 4, 539 .valid.max_access_size = 4, 540 .endianness = DEVICE_BIG_ENDIAN, 541 }; 542 543 static void next_irq(void *opaque, int number, int level) 544 { 545 NeXTPC *s = NEXT_PC(opaque); 546 M68kCPU *cpu = s->cpu; 547 int shift = 0; 548 549 /* first switch sets interrupt status */ 550 /* DPRINTF("IRQ %i\n",number); */ 551 switch (number) { 552 /* level 3 - floppy, kbd/mouse, power, ether rx/tx, scsi, clock */ 553 case NEXT_FD_I: 554 shift = 7; 555 break; 556 case NEXT_KBD_I: 557 shift = 3; 558 break; 559 case NEXT_PWR_I: 560 shift = 2; 561 break; 562 case NEXT_ENRX_I: 563 shift = 9; 564 break; 565 case NEXT_ENTX_I: 566 shift = 10; 567 break; 568 case NEXT_SCSI_I: 569 shift = 12; 570 break; 571 case NEXT_CLK_I: 572 shift = 5; 573 break; 574 575 /* level 5 - scc (serial) */ 576 case NEXT_SCC_I: 577 shift = 17; 578 break; 579 580 /* level 6 - audio etherrx/tx dma */ 581 case NEXT_ENTX_DMA_I: 582 shift = 28; 583 break; 584 case NEXT_ENRX_DMA_I: 585 shift = 27; 586 break; 587 case NEXT_SCSI_DMA_I: 588 shift = 26; 589 break; 590 case NEXT_SND_I: 591 shift = 23; 592 break; 593 case NEXT_SCC_DMA_I: 594 shift = 21; 595 break; 596 597 } 598 /* 599 * this HAS to be wrong, the interrupt handlers in mach and together 600 * int_status and int_mask and return if there is a hit 601 */ 602 if (s->int_mask & (1 << shift)) { 603 DPRINTF("%x interrupt masked @ %x\n", 1 << shift, cpu->env.pc); 604 /* return; */ 605 } 606 607 /* second switch triggers the correct interrupt */ 608 if (level) { 609 s->int_status |= 1 << shift; 610 611 switch (number) { 612 /* level 3 - floppy, kbd/mouse, power, ether rx/tx, scsi, clock */ 613 case NEXT_FD_I: 614 case NEXT_KBD_I: 615 case NEXT_PWR_I: 616 case NEXT_ENRX_I: 617 case NEXT_ENTX_I: 618 case NEXT_SCSI_I: 619 case NEXT_CLK_I: 620 m68k_set_irq_level(cpu, 3, 27); 621 break; 622 623 /* level 5 - scc (serial) */ 624 case NEXT_SCC_I: 625 m68k_set_irq_level(cpu, 5, 29); 626 break; 627 628 /* level 6 - audio etherrx/tx dma */ 629 case NEXT_ENTX_DMA_I: 630 case NEXT_ENRX_DMA_I: 631 case NEXT_SCSI_DMA_I: 632 case NEXT_SND_I: 633 case NEXT_SCC_DMA_I: 634 m68k_set_irq_level(cpu, 6, 30); 635 break; 636 } 637 } else { 638 s->int_status &= ~(1 << shift); 639 cpu_reset_interrupt(CPU(cpu), CPU_INTERRUPT_HARD); 640 } 641 } 642 643 static void nextdma_write(void *opaque, uint8_t *buf, int size, int type) 644 { 645 uint32_t base_addr; 646 int irq = 0; 647 uint8_t align = 16; 648 NeXTState *next_state = NEXT_MACHINE(qdev_get_machine()); 649 650 if (type == NEXTDMA_ENRX || type == NEXTDMA_ENTX) { 651 align = 32; 652 } 653 /* Most DMA is supposedly 16 byte aligned */ 654 if ((size % align) != 0) { 655 size -= size % align; 656 size += align; 657 } 658 659 /* 660 * prom sets the dma start using initbuf while the bootloader uses next 661 * so we check to see if initbuf is 0 662 */ 663 if (next_state->dma[type].next_initbuf == 0) { 664 base_addr = next_state->dma[type].next; 665 } else { 666 base_addr = next_state->dma[type].next_initbuf; 667 } 668 669 cpu_physical_memory_write(base_addr, buf, size); 670 671 next_state->dma[type].next_initbuf = 0; 672 673 /* saved limit is checked to calculate packet size by both, rom and netbsd */ 674 next_state->dma[type].saved_limit = (next_state->dma[type].next + size); 675 next_state->dma[type].saved_next = (next_state->dma[type].next); 676 677 /* 678 * 32 bytes under savedbase seems to be some kind of register 679 * of which the purpose is unknown as of yet 680 */ 681 /* stl_phys(s->rx_dma.base-32,0xFFFFFFFF); */ 682 683 if (!(next_state->dma[type].csr & DMA_SUPDATE)) { 684 next_state->dma[type].next = next_state->dma[type].start; 685 next_state->dma[type].limit = next_state->dma[type].stop; 686 } 687 688 /* Set dma registers and raise an irq */ 689 next_state->dma[type].csr |= DMA_COMPLETE; /* DON'T CHANGE THIS! */ 690 691 switch (type) { 692 case NEXTDMA_SCSI: 693 irq = NEXT_SCSI_DMA_I; 694 break; 695 } 696 697 next_irq(opaque, irq, 1); 698 next_irq(opaque, irq, 0); 699 } 700 701 static void nextscsi_read(void *opaque, uint8_t *buf, int len) 702 { 703 DPRINTF("SCSI READ: %x\n", len); 704 abort(); 705 } 706 707 static void nextscsi_write(void *opaque, uint8_t *buf, int size) 708 { 709 DPRINTF("SCSI WRITE: %i\n", size); 710 nextdma_write(opaque, buf, size, NEXTDMA_SCSI); 711 } 712 713 static void next_scsi_csr_write(void *opaque, hwaddr addr, uint64_t val, 714 unsigned size) 715 { 716 NeXTSCSI *s = NEXT_SCSI(opaque); 717 NeXTPC *pc = NEXT_PC(container_of(s, NeXTPC, next_scsi)); 718 719 switch (addr) { 720 case 0: 721 if (val & SCSICSR_FIFOFL) { 722 DPRINTF("SCSICSR FIFO Flush\n"); 723 /* will have to add another irq to the esp if this is needed */ 724 /* esp_puflush_fifo(esp_g); */ 725 } 726 727 if (val & SCSICSR_ENABLE) { 728 DPRINTF("SCSICSR Enable\n"); 729 /* 730 * qemu_irq_raise(s->scsi_dma); 731 * s->scsi_csr_1 = 0xc0; 732 * s->scsi_csr_1 |= 0x1; 733 * qemu_irq_pulse(s->scsi_dma); 734 */ 735 } 736 /* 737 * else 738 * s->scsi_csr_1 &= ~SCSICSR_ENABLE; 739 */ 740 741 if (val & SCSICSR_RESET) { 742 DPRINTF("SCSICSR Reset\n"); 743 /* I think this should set DMADIR. CPUDMA and INTMASK to 0 */ 744 qemu_irq_raise(pc->scsi_reset); 745 s->scsi_csr_1 &= ~(SCSICSR_INTMASK | 0x80 | 0x1); 746 qemu_irq_lower(pc->scsi_reset); 747 } 748 if (val & SCSICSR_DMADIR) { 749 DPRINTF("SCSICSR DMAdir\n"); 750 } 751 if (val & SCSICSR_CPUDMA) { 752 DPRINTF("SCSICSR CPUDMA\n"); 753 /* qemu_irq_raise(s->scsi_dma); */ 754 pc->int_status |= 0x4000000; 755 } else { 756 /* fprintf(stderr,"SCSICSR CPUDMA disabled\n"); */ 757 pc->int_status &= ~(0x4000000); 758 /* qemu_irq_lower(s->scsi_dma); */ 759 } 760 if (val & SCSICSR_INTMASK) { 761 DPRINTF("SCSICSR INTMASK\n"); 762 /* 763 * int_mask &= ~0x1000; 764 * s->scsi_csr_1 |= val; 765 * s->scsi_csr_1 &= ~SCSICSR_INTMASK; 766 * if (s->scsi_queued) { 767 * s->scsi_queued = 0; 768 * next_irq(s, NEXT_SCSI_I, level); 769 * } 770 */ 771 } else { 772 /* int_mask |= 0x1000; */ 773 } 774 if (val & 0x80) { 775 /* int_mask |= 0x1000; */ 776 /* s->scsi_csr_1 |= 0x80; */ 777 } 778 DPRINTF("SCSICSR1 Write: %"PRIx64 "\n", val); 779 s->scsi_csr_1 = val; 780 break; 781 782 case 1: 783 DPRINTF("SCSICSR2 Write: %"PRIx64 "\n", val); 784 s->scsi_csr_2 = val; 785 break; 786 787 default: 788 g_assert_not_reached(); 789 } 790 } 791 792 static uint64_t next_scsi_csr_read(void *opaque, hwaddr addr, unsigned size) 793 { 794 NeXTSCSI *s = NEXT_SCSI(opaque); 795 uint64_t val; 796 797 switch (addr) { 798 case 0: 799 DPRINTF("SCSI 4020 STATUS READ %X\n", s->scsi_csr_1); 800 val = s->scsi_csr_1; 801 break; 802 803 case 1: 804 DPRINTF("SCSI 4021 STATUS READ %X\n", s->scsi_csr_2); 805 val = s->scsi_csr_2; 806 break; 807 808 default: 809 g_assert_not_reached(); 810 } 811 812 return val; 813 } 814 815 static const MemoryRegionOps next_scsi_csr_ops = { 816 .read = next_scsi_csr_read, 817 .write = next_scsi_csr_write, 818 .valid.min_access_size = 1, 819 .valid.max_access_size = 1, 820 .endianness = DEVICE_BIG_ENDIAN, 821 }; 822 823 static void next_scsi_init(Object *obj) 824 { 825 NeXTSCSI *s = NEXT_SCSI(obj); 826 SysBusDevice *sbd = SYS_BUS_DEVICE(obj); 827 828 object_initialize_child(obj, "esp", &s->sysbus_esp, TYPE_SYSBUS_ESP); 829 830 memory_region_init_io(&s->scsi_csr_mem, obj, &next_scsi_csr_ops, 831 s, "csrs", 2); 832 833 memory_region_init(&s->scsi_mem, obj, "next.scsi", 0x40); 834 sysbus_init_mmio(sbd, &s->scsi_mem); 835 } 836 837 static void next_scsi_realize(DeviceState *dev, Error **errp) 838 { 839 NeXTSCSI *s = NEXT_SCSI(dev); 840 SysBusESPState *sysbus_esp; 841 SysBusDevice *sbd; 842 ESPState *esp; 843 NeXTPC *pcdev; 844 845 pcdev = NEXT_PC(container_of(s, NeXTPC, next_scsi)); 846 847 /* ESP */ 848 sysbus_esp = SYSBUS_ESP(&s->sysbus_esp); 849 esp = &sysbus_esp->esp; 850 esp->dma_memory_read = nextscsi_read; 851 esp->dma_memory_write = nextscsi_write; 852 esp->dma_opaque = pcdev; 853 sysbus_esp->it_shift = 0; 854 esp->dma_enabled = 1; 855 sbd = SYS_BUS_DEVICE(sysbus_esp); 856 if (!sysbus_realize(sbd, errp)) { 857 return; 858 } 859 memory_region_add_subregion(&s->scsi_mem, 0x0, 860 sysbus_mmio_get_region(sbd, 0)); 861 862 /* SCSI CSRs */ 863 memory_region_add_subregion(&s->scsi_mem, 0x20, &s->scsi_csr_mem); 864 865 scsi_bus_legacy_handle_cmdline(&s->sysbus_esp.esp.bus); 866 } 867 868 static const VMStateDescription next_scsi_vmstate = { 869 .name = "next-scsi", 870 .version_id = 0, 871 .minimum_version_id = 0, 872 .fields = (const VMStateField[]) { 873 VMSTATE_UINT8(scsi_csr_1, NeXTSCSI), 874 VMSTATE_UINT8(scsi_csr_2, NeXTSCSI), 875 VMSTATE_END_OF_LIST() 876 }, 877 }; 878 879 static void next_scsi_class_init(ObjectClass *klass, void *data) 880 { 881 DeviceClass *dc = DEVICE_CLASS(klass); 882 883 dc->desc = "NeXT SCSI Controller"; 884 dc->realize = next_scsi_realize; 885 dc->vmsd = &next_scsi_vmstate; 886 } 887 888 static const TypeInfo next_scsi_info = { 889 .name = TYPE_NEXT_SCSI, 890 .parent = TYPE_SYS_BUS_DEVICE, 891 .instance_init = next_scsi_init, 892 .instance_size = sizeof(NeXTSCSI), 893 .class_init = next_scsi_class_init, 894 }; 895 896 static void next_floppy_write(void *opaque, hwaddr addr, uint64_t val, 897 unsigned size) 898 { 899 switch (addr) { 900 case 0: 901 DPRINTF("FDCSR Write: %"PRIx64 "\n", val); 902 if (val == 0x0) { 903 /* qemu_irq_raise(s->fd_irq[0]); */ 904 } 905 break; 906 907 default: 908 g_assert_not_reached(); 909 } 910 } 911 912 static uint64_t next_floppy_read(void *opaque, hwaddr addr, unsigned size) 913 { 914 uint64_t val; 915 916 switch (addr) { 917 case 0: 918 DPRINTF("FD read @ %x\n", (unsigned int)addr); 919 val = 0x40 | 0x04 | 0x2 | 0x1; 920 break; 921 922 default: 923 g_assert_not_reached(); 924 } 925 926 return val; 927 } 928 929 static const MemoryRegionOps next_floppy_ops = { 930 .read = next_floppy_read, 931 .write = next_floppy_write, 932 .valid.min_access_size = 1, 933 .valid.max_access_size = 4, 934 .endianness = DEVICE_BIG_ENDIAN, 935 }; 936 937 static void next_timer_write(void *opaque, hwaddr addr, uint64_t val, 938 unsigned size) 939 { 940 switch (addr) { 941 case 0 ... 3: 942 /* Hardware timer latch - not implemented yet */ 943 break; 944 945 default: 946 g_assert_not_reached(); 947 } 948 } 949 950 static uint64_t next_timer_read(void *opaque, hwaddr addr, unsigned size) 951 { 952 uint64_t val; 953 954 switch (addr) { 955 case 0 ... 3: 956 /* 957 * These 4 registers are the hardware timer, not sure which register 958 * is the latch instead of data, but no problems so far. 959 * 960 * Hack: We need to have the LSB change consistently to make it work 961 */ 962 val = extract32(clock(), (4 - addr - size) << 3, 963 size << 3); 964 break; 965 966 default: 967 g_assert_not_reached(); 968 } 969 970 return val; 971 } 972 973 static const MemoryRegionOps next_timer_ops = { 974 .read = next_timer_read, 975 .write = next_timer_write, 976 .valid.min_access_size = 1, 977 .valid.max_access_size = 4, 978 .endianness = DEVICE_BIG_ENDIAN, 979 }; 980 981 static void next_dummy_en_write(void *opaque, hwaddr addr, uint64_t val, 982 unsigned size) 983 { 984 /* Do nothing */ 985 return; 986 } 987 988 static uint64_t next_dummy_en_read(void *opaque, hwaddr addr, unsigned size) 989 { 990 uint64_t val; 991 992 switch (addr) { 993 case 0: 994 /* For now return dummy byte to allow the Ethernet test to timeout */ 995 val = 0xff; 996 break; 997 998 default: 999 val = 0; 1000 } 1001 1002 return val; 1003 } 1004 1005 static const MemoryRegionOps next_dummy_en_ops = { 1006 .read = next_dummy_en_read, 1007 .write = next_dummy_en_write, 1008 .valid.min_access_size = 1, 1009 .valid.max_access_size = 4, 1010 .endianness = DEVICE_BIG_ENDIAN, 1011 }; 1012 1013 static void next_pc_reset_hold(Object *obj, ResetType type) 1014 { 1015 NeXTPC *s = NEXT_PC(obj); 1016 1017 /* Set internal registers to initial values */ 1018 /* 0x0000XX00 << vital bits */ 1019 s->scr1 = 0x00011102; 1020 s->scr2 = 0x00ff0c80; 1021 s->old_scr2 = s->scr2; 1022 1023 s->rtc.status = 0x90; 1024 1025 /* Load RTC RAM - TODO: provide possibility to load contents from file */ 1026 memcpy(s->rtc.ram, rtc_ram2, 32); 1027 } 1028 1029 static void next_pc_realize(DeviceState *dev, Error **errp) 1030 { 1031 NeXTPC *s = NEXT_PC(dev); 1032 SysBusDevice *sbd; 1033 DeviceState *d; 1034 1035 /* SCSI */ 1036 sbd = SYS_BUS_DEVICE(&s->next_scsi); 1037 if (!sysbus_realize(sbd, errp)) { 1038 return; 1039 } 1040 1041 d = DEVICE(object_resolve_path_component(OBJECT(&s->next_scsi), "esp")); 1042 sysbus_connect_irq(SYS_BUS_DEVICE(d), 0, 1043 qdev_get_gpio_in(DEVICE(s), NEXT_SCSI_I)); 1044 1045 s->scsi_reset = qdev_get_gpio_in(d, 0); 1046 s->scsi_dma = qdev_get_gpio_in(d, 1); 1047 1048 /* ESCC */ 1049 d = DEVICE(&s->escc); 1050 qdev_prop_set_uint32(d, "disabled", 0); 1051 qdev_prop_set_uint32(d, "frequency", 9600 * 384); 1052 qdev_prop_set_uint32(d, "it_shift", 0); 1053 qdev_prop_set_bit(d, "bit_swap", true); 1054 qdev_prop_set_chr(d, "chrB", serial_hd(1)); 1055 qdev_prop_set_chr(d, "chrA", serial_hd(0)); 1056 qdev_prop_set_uint32(d, "chnBtype", escc_serial); 1057 qdev_prop_set_uint32(d, "chnAtype", escc_serial); 1058 1059 sbd = SYS_BUS_DEVICE(d); 1060 if (!sysbus_realize(sbd, errp)) { 1061 return; 1062 } 1063 sysbus_connect_irq(sbd, 0, qdev_get_gpio_in(dev, NEXT_SCC_I)); 1064 sysbus_connect_irq(sbd, 1, qdev_get_gpio_in(dev, NEXT_SCC_DMA_I)); 1065 } 1066 1067 static void next_pc_init(Object *obj) 1068 { 1069 NeXTPC *s = NEXT_PC(obj); 1070 SysBusDevice *sbd = SYS_BUS_DEVICE(obj); 1071 1072 qdev_init_gpio_in(DEVICE(obj), next_irq, NEXT_NUM_IRQS); 1073 1074 memory_region_init_io(&s->mmiomem, OBJECT(s), &next_mmio_ops, s, 1075 "next.mmio", 0x9000); 1076 sysbus_init_mmio(sbd, &s->mmiomem); 1077 1078 memory_region_init_io(&s->dummyen_mem, OBJECT(s), &next_dummy_en_ops, s, 1079 "next.en", 0x20); 1080 sysbus_init_mmio(sbd, &s->dummyen_mem); 1081 1082 object_initialize_child(obj, "next-scsi", &s->next_scsi, TYPE_NEXT_SCSI); 1083 sysbus_init_mmio(sbd, 1084 sysbus_mmio_get_region(SYS_BUS_DEVICE(&s->next_scsi), 0)); 1085 1086 memory_region_init_io(&s->floppy_mem, OBJECT(s), &next_floppy_ops, s, 1087 "next.floppy", 4); 1088 sysbus_init_mmio(sbd, &s->floppy_mem); 1089 1090 object_initialize_child(obj, "escc", &s->escc, TYPE_ESCC); 1091 sysbus_init_mmio(sbd, 1092 sysbus_mmio_get_region(SYS_BUS_DEVICE(&s->escc), 0)); 1093 1094 memory_region_init_io(&s->timer_mem, OBJECT(s), &next_timer_ops, s, 1095 "next.timer", 4); 1096 sysbus_init_mmio(sbd, &s->timer_mem); 1097 1098 s->rtc_power_irq = qdev_get_gpio_in(DEVICE(obj), NEXT_PWR_I); 1099 } 1100 1101 /* 1102 * If the m68k CPU implemented its inbound irq lines as GPIO lines 1103 * rather than via the m68k_set_irq_level() function we would not need 1104 * this cpu link property and could instead provide outbound IRQ lines 1105 * that the board could wire up to the CPU. 1106 */ 1107 static const Property next_pc_properties[] = { 1108 DEFINE_PROP_LINK("cpu", NeXTPC, cpu, TYPE_M68K_CPU, M68kCPU *), 1109 }; 1110 1111 static const VMStateDescription next_rtc_vmstate = { 1112 .name = "next-rtc", 1113 .version_id = 2, 1114 .minimum_version_id = 2, 1115 .fields = (const VMStateField[]) { 1116 VMSTATE_INT8(phase, NeXTRTC), 1117 VMSTATE_UINT8_ARRAY(ram, NeXTRTC, 32), 1118 VMSTATE_UINT8(command, NeXTRTC), 1119 VMSTATE_UINT8(value, NeXTRTC), 1120 VMSTATE_UINT8(status, NeXTRTC), 1121 VMSTATE_UINT8(control, NeXTRTC), 1122 VMSTATE_UINT8(retval, NeXTRTC), 1123 VMSTATE_END_OF_LIST() 1124 }, 1125 }; 1126 1127 static const VMStateDescription next_pc_vmstate = { 1128 .name = "next-pc", 1129 .version_id = 3, 1130 .minimum_version_id = 3, 1131 .fields = (const VMStateField[]) { 1132 VMSTATE_UINT32(scr1, NeXTPC), 1133 VMSTATE_UINT32(scr2, NeXTPC), 1134 VMSTATE_UINT32(old_scr2, NeXTPC), 1135 VMSTATE_UINT32(int_mask, NeXTPC), 1136 VMSTATE_UINT32(int_status, NeXTPC), 1137 VMSTATE_UINT32(led, NeXTPC), 1138 VMSTATE_STRUCT(rtc, NeXTPC, 0, next_rtc_vmstate, NeXTRTC), 1139 VMSTATE_END_OF_LIST() 1140 }, 1141 }; 1142 1143 static void next_pc_class_init(ObjectClass *klass, void *data) 1144 { 1145 DeviceClass *dc = DEVICE_CLASS(klass); 1146 ResettableClass *rc = RESETTABLE_CLASS(klass); 1147 1148 dc->desc = "NeXT Peripheral Controller"; 1149 dc->realize = next_pc_realize; 1150 device_class_set_props(dc, next_pc_properties); 1151 dc->vmsd = &next_pc_vmstate; 1152 rc->phases.hold = next_pc_reset_hold; 1153 } 1154 1155 static const TypeInfo next_pc_info = { 1156 .name = TYPE_NEXT_PC, 1157 .parent = TYPE_SYS_BUS_DEVICE, 1158 .instance_init = next_pc_init, 1159 .instance_size = sizeof(NeXTPC), 1160 .class_init = next_pc_class_init, 1161 }; 1162 1163 static void next_cube_init(MachineState *machine) 1164 { 1165 NeXTState *m = NEXT_MACHINE(machine); 1166 M68kCPU *cpu; 1167 CPUM68KState *env; 1168 MemoryRegion *sysmem = get_system_memory(); 1169 const char *bios_name = machine->firmware ?: ROM_FILE; 1170 DeviceState *pcdev; 1171 1172 /* Initialize the cpu core */ 1173 cpu = M68K_CPU(cpu_create(machine->cpu_type)); 1174 if (!cpu) { 1175 error_report("Unable to find m68k CPU definition"); 1176 exit(1); 1177 } 1178 env = &cpu->env; 1179 1180 /* Initialize CPU registers. */ 1181 env->vbr = 0; 1182 env->sr = 0x2700; 1183 1184 /* Peripheral Controller */ 1185 pcdev = qdev_new(TYPE_NEXT_PC); 1186 object_property_set_link(OBJECT(pcdev), "cpu", OBJECT(cpu), &error_abort); 1187 sysbus_realize_and_unref(SYS_BUS_DEVICE(pcdev), &error_fatal); 1188 1189 /* 64MB RAM starting at 0x04000000 */ 1190 memory_region_add_subregion(sysmem, 0x04000000, machine->ram); 1191 1192 /* Framebuffer */ 1193 sysbus_create_simple(TYPE_NEXTFB, 0x0B000000, NULL); 1194 1195 /* MMIO */ 1196 sysbus_mmio_map(SYS_BUS_DEVICE(pcdev), 0, 0x02005000); 1197 1198 /* BMAP IO - acts as a catch-all for now */ 1199 sysbus_mmio_map(SYS_BUS_DEVICE(pcdev), 1, 0x02100000); 1200 1201 /* en network (dummy) */ 1202 sysbus_mmio_map(SYS_BUS_DEVICE(pcdev), 1, 0x02106000); 1203 1204 /* unknown: Brightness control register? */ 1205 empty_slot_init("next.unknown.0", 0x02110000, 0x10); 1206 /* unknown: Magneto-Optical drive controller? */ 1207 empty_slot_init("next.unknown.1", 0x02112000, 0x10); 1208 1209 /* SCSI */ 1210 sysbus_mmio_map(SYS_BUS_DEVICE(pcdev), 2, 0x02114000); 1211 /* Floppy */ 1212 sysbus_mmio_map(SYS_BUS_DEVICE(pcdev), 3, 0x02114108); 1213 /* ESCC */ 1214 sysbus_mmio_map(SYS_BUS_DEVICE(pcdev), 4, 0x02118000); 1215 1216 /* unknown: Serial clock configuration register? */ 1217 empty_slot_init("next.unknown.2", 0x02118004, 0x10); 1218 1219 /* Timer */ 1220 sysbus_mmio_map(SYS_BUS_DEVICE(pcdev), 5, 0x0211a000); 1221 1222 /* BMAP memory */ 1223 memory_region_init_ram_flags_nomigrate(&m->bmapm1, NULL, "next.bmapmem", 1224 64, RAM_SHARED, &error_fatal); 1225 memory_region_add_subregion(sysmem, 0x020c0000, &m->bmapm1); 1226 /* The Rev_2.5_v66.bin firmware accesses it at 0x820c0020, too */ 1227 memory_region_init_alias(&m->bmapm2, NULL, "next.bmapmem2", &m->bmapm1, 1228 0x0, 64); 1229 memory_region_add_subregion(sysmem, 0x820c0000, &m->bmapm2); 1230 1231 /* KBD */ 1232 sysbus_create_simple(TYPE_NEXTKBD, 0x0200e000, NULL); 1233 1234 /* Load ROM here */ 1235 memory_region_init_rom(&m->rom, NULL, "next.rom", 0x20000, &error_fatal); 1236 memory_region_add_subregion(sysmem, 0x01000000, &m->rom); 1237 memory_region_init_alias(&m->rom2, NULL, "next.rom2", &m->rom, 0x0, 1238 0x20000); 1239 memory_region_add_subregion(sysmem, 0x0, &m->rom2); 1240 if (load_image_targphys(bios_name, 0x01000000, 0x20000) < 8) { 1241 if (!qtest_enabled()) { 1242 error_report("Failed to load firmware '%s'.", bios_name); 1243 } 1244 } else { 1245 uint8_t *ptr; 1246 /* Initial PC is always at offset 4 in firmware binaries */ 1247 ptr = rom_ptr(0x01000004, 4); 1248 g_assert(ptr != NULL); 1249 env->pc = ldl_be_p(ptr); 1250 if (env->pc >= 0x01020000) { 1251 error_report("'%s' does not seem to be a valid firmware image.", 1252 bios_name); 1253 exit(1); 1254 } 1255 } 1256 1257 /* DMA */ 1258 memory_region_init_io(&m->dmamem, NULL, &next_dma_ops, machine, 1259 "next.dma", 0x5000); 1260 memory_region_add_subregion(sysmem, 0x02000000, &m->dmamem); 1261 } 1262 1263 static void next_machine_class_init(ObjectClass *oc, void *data) 1264 { 1265 MachineClass *mc = MACHINE_CLASS(oc); 1266 1267 mc->desc = "NeXT Cube"; 1268 mc->init = next_cube_init; 1269 mc->block_default_type = IF_SCSI; 1270 mc->default_ram_size = RAM_SIZE; 1271 mc->default_ram_id = "next.ram"; 1272 mc->default_cpu_type = M68K_CPU_TYPE_NAME("m68040"); 1273 mc->no_cdrom = true; 1274 } 1275 1276 static const TypeInfo next_typeinfo = { 1277 .name = TYPE_NEXT_MACHINE, 1278 .parent = TYPE_MACHINE, 1279 .class_init = next_machine_class_init, 1280 .instance_size = sizeof(NeXTState), 1281 }; 1282 1283 static void next_register_type(void) 1284 { 1285 type_register_static(&next_typeinfo); 1286 type_register_static(&next_pc_info); 1287 type_register_static(&next_scsi_info); 1288 } 1289 1290 type_init(next_register_type) 1291