1 /* 2 * NeXT Cube System Driver 3 * 4 * Copyright (c) 2011 Bryce Lanham 5 * 6 * This code is free software; you can redistribute it and/or modify 7 * it under the terms of the GNU General Public License as published 8 * by the Free Software Foundation; either version 2 of the License, 9 * or (at your option) any later version. 10 */ 11 12 #include "qemu/osdep.h" 13 #include "exec/hwaddr.h" 14 #include "system/system.h" 15 #include "system/qtest.h" 16 #include "hw/irq.h" 17 #include "hw/m68k/next-cube.h" 18 #include "hw/boards.h" 19 #include "hw/loader.h" 20 #include "hw/scsi/esp.h" 21 #include "hw/sysbus.h" 22 #include "qom/object.h" 23 #include "hw/char/escc.h" /* ZILOG 8530 Serial Emulation */ 24 #include "hw/block/fdc.h" 25 #include "hw/misc/empty_slot.h" 26 #include "hw/qdev-properties.h" 27 #include "qapi/error.h" 28 #include "qemu/error-report.h" 29 #include "ui/console.h" 30 #include "target/m68k/cpu.h" 31 #include "migration/vmstate.h" 32 33 /* #define DEBUG_NEXT */ 34 #ifdef DEBUG_NEXT 35 #define DPRINTF(fmt, ...) \ 36 do { printf("NeXT: " fmt , ## __VA_ARGS__); } while (0) 37 #else 38 #define DPRINTF(fmt, ...) do { } while (0) 39 #endif 40 41 #define ENTRY 0x0100001e 42 #define RAM_SIZE 0x4000000 43 #define ROM_FILE "Rev_2.5_v66.bin" 44 45 typedef struct NeXTRTC { 46 int8_t phase; 47 uint8_t ram[32]; 48 uint8_t command; 49 uint8_t value; 50 uint8_t status; 51 uint8_t control; 52 uint8_t retval; 53 } NeXTRTC; 54 55 #define TYPE_NEXT_SCSI "next-scsi" 56 OBJECT_DECLARE_SIMPLE_TYPE(NeXTSCSI, NEXT_SCSI) 57 58 /* NeXT SCSI Controller */ 59 struct NeXTSCSI { 60 SysBusDevice parent_obj; 61 62 MemoryRegion scsi_mem; 63 64 SysBusESPState sysbus_esp; 65 66 MemoryRegion scsi_csr_mem; 67 uint8_t scsi_csr_1; 68 uint8_t scsi_csr_2; 69 }; 70 71 #define TYPE_NEXT_PC "next-pc" 72 OBJECT_DECLARE_SIMPLE_TYPE(NeXTPC, NEXT_PC) 73 74 /* NeXT Peripheral Controller */ 75 struct NeXTPC { 76 SysBusDevice parent_obj; 77 78 M68kCPU *cpu; 79 80 MemoryRegion floppy_mem; 81 MemoryRegion timer_mem; 82 MemoryRegion dummyen_mem; 83 MemoryRegion mmiomem; 84 MemoryRegion scrmem; 85 86 uint32_t scr1; 87 uint32_t scr2; 88 uint32_t old_scr2; 89 uint32_t int_mask; 90 uint32_t int_status; 91 uint32_t led; 92 93 NeXTSCSI next_scsi; 94 95 qemu_irq scsi_reset; 96 qemu_irq scsi_dma; 97 98 ESCCState escc; 99 100 NeXTRTC rtc; 101 qemu_irq rtc_power_irq; 102 }; 103 104 typedef struct next_dma { 105 uint32_t csr; 106 107 uint32_t saved_next; 108 uint32_t saved_limit; 109 uint32_t saved_start; 110 uint32_t saved_stop; 111 112 uint32_t next; 113 uint32_t limit; 114 uint32_t start; 115 uint32_t stop; 116 117 uint32_t next_initbuf; 118 uint32_t size; 119 } next_dma; 120 121 #define TYPE_NEXT_MACHINE MACHINE_TYPE_NAME("next-cube") 122 OBJECT_DECLARE_SIMPLE_TYPE(NeXTState, NEXT_MACHINE) 123 124 struct NeXTState { 125 MachineState parent; 126 127 MemoryRegion rom; 128 MemoryRegion rom2; 129 MemoryRegion dmamem; 130 MemoryRegion bmapm1; 131 MemoryRegion bmapm2; 132 133 next_dma dma[10]; 134 }; 135 136 /* Thanks to NeXT forums for this */ 137 /* 138 static const uint8_t rtc_ram3[32] = { 139 0x94, 0x0f, 0x40, 0x00, 0x00, 0x00, 0x00, 0x00, 140 0x00, 0x00, 0xfb, 0x6d, 0x00, 0x00, 0x7B, 0x00, 141 0x00, 0x00, 0x65, 0x6e, 0x00, 0x00, 0x00, 0x00, 142 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x50, 0x13 143 }; 144 */ 145 static const uint8_t rtc_ram2[32] = { 146 0x94, 0x0f, 0x40, 0x03, 0x00, 0x00, 0x00, 0x00, 147 0x00, 0x00, 0xfb, 0x6d, 0x00, 0x00, 0x4b, 0x00, 148 0x41, 0x00, 0x20, 0x00, 0x00, 0x00, 0x00, 0x00, 149 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x84, 0x7e, 150 }; 151 152 #define SCR2_RTCLK 0x2 153 #define SCR2_RTDATA 0x4 154 #define SCR2_TOBCD(x) (((x / 10) << 4) + (x % 10)) 155 156 static void next_scr2_led_update(NeXTPC *s) 157 { 158 if (s->scr2 & 0x1) { 159 DPRINTF("fault!\n"); 160 s->led++; 161 if (s->led == 10) { 162 DPRINTF("LED flashing, possible fault!\n"); 163 s->led = 0; 164 } 165 } 166 } 167 168 static bool next_rtc_cmd_is_write(uint8_t cmd) 169 { 170 return (cmd >= 0x80 && cmd <= 0x9f) || 171 (cmd == 0xb1); 172 } 173 174 static void next_scr2_rtc_update(NeXTPC *s) 175 { 176 uint8_t old_scr2, scr2_2; 177 NeXTRTC *rtc = &s->rtc; 178 179 old_scr2 = extract32(s->old_scr2, 8, 8); 180 scr2_2 = extract32(s->scr2, 8, 8); 181 182 if (scr2_2 & 0x1) { 183 /* DPRINTF("RTC %x phase %i\n", scr2_2, rtc->phase); */ 184 if (rtc->phase == -1) { 185 rtc->phase = 0; 186 } 187 /* If we are in going down clock... do something */ 188 if (((old_scr2 & SCR2_RTCLK) != (scr2_2 & SCR2_RTCLK)) && 189 ((scr2_2 & SCR2_RTCLK) == 0)) { 190 if (rtc->phase < 8) { 191 rtc->command = (rtc->command << 1) | 192 ((scr2_2 & SCR2_RTDATA) ? 1 : 0); 193 194 if (rtc->phase == 7 && !next_rtc_cmd_is_write(rtc->command)) { 195 if (rtc->command <= 0x1f) { 196 /* RAM registers */ 197 rtc->retval = rtc->ram[rtc->command]; 198 } 199 if ((rtc->command >= 0x20) && (rtc->command <= 0x2F)) { 200 /* RTC */ 201 time_t time_h = time(NULL); 202 struct tm *info = localtime(&time_h); 203 rtc->retval = 0; 204 205 switch (rtc->command) { 206 case 0x20: 207 rtc->retval = SCR2_TOBCD(info->tm_sec); 208 break; 209 case 0x21: 210 rtc->retval = SCR2_TOBCD(info->tm_min); 211 break; 212 case 0x22: 213 rtc->retval = SCR2_TOBCD(info->tm_hour); 214 break; 215 case 0x24: 216 rtc->retval = SCR2_TOBCD(info->tm_mday); 217 break; 218 case 0x25: 219 rtc->retval = SCR2_TOBCD((info->tm_mon + 1)); 220 break; 221 case 0x26: 222 rtc->retval = SCR2_TOBCD((info->tm_year - 100)); 223 break; 224 } 225 } 226 if (rtc->command == 0x30) { 227 /* read the status 0x30 */ 228 rtc->retval = rtc->status; 229 } 230 if (rtc->command == 0x31) { 231 /* read the control 0x31 */ 232 rtc->retval = rtc->control; 233 } 234 } 235 } 236 if (rtc->phase >= 8 && rtc->phase < 16) { 237 if (next_rtc_cmd_is_write(rtc->command)) { 238 /* Shift in value to write */ 239 rtc->value = (rtc->value << 1) | 240 ((scr2_2 & SCR2_RTDATA) ? 1 : 0); 241 } else { 242 /* Shift out value to read */ 243 if (rtc->retval & (0x80 >> (rtc->phase - 8))) { 244 scr2_2 |= SCR2_RTDATA; 245 } else { 246 scr2_2 &= ~SCR2_RTDATA; 247 } 248 } 249 } 250 251 rtc->phase++; 252 if (rtc->phase == 16 && next_rtc_cmd_is_write(rtc->command)) { 253 if (rtc->command >= 0x80 && rtc->command <= 0x9f) { 254 /* RAM registers */ 255 rtc->ram[rtc->command - 0x80] = rtc->value; 256 } 257 if (rtc->command == 0xb1) { 258 /* write to 0x30 register */ 259 if (rtc->value & 0x04) { 260 /* clear FTU */ 261 rtc->status = rtc->status & (~0x18); 262 qemu_irq_lower(s->rtc_power_irq); 263 } 264 } 265 } 266 } 267 } else { 268 /* else end or abort */ 269 rtc->phase = -1; 270 rtc->command = 0; 271 rtc->value = 0; 272 } 273 274 s->scr2 = deposit32(s->scr2, 8, 8, scr2_2); 275 } 276 277 static uint64_t next_mmio_read(void *opaque, hwaddr addr, unsigned size) 278 { 279 NeXTPC *s = NEXT_PC(opaque); 280 uint64_t val; 281 282 switch (addr) { 283 case 0x2000: /* 0x2007000 */ 284 /* DPRINTF("Read INT status: %x\n", s->int_status); */ 285 val = s->int_status; 286 break; 287 288 case 0x2800: /* 0x2007800 */ 289 DPRINTF("MMIO Read INT mask: %x\n", s->int_mask); 290 val = s->int_mask; 291 break; 292 293 case 0x7000 ... 0x7003: /* 0x200c000 */ 294 val = extract32(s->scr1, (4 - (addr - 0x7000) - size) << 3, 295 size << 3); 296 break; 297 298 case 0x8000 ... 0x8003: /* 0x200d000 */ 299 val = extract32(s->scr2, (4 - (addr - 0x8000) - size) << 3, 300 size << 3); 301 break; 302 303 default: 304 val = 0; 305 DPRINTF("MMIO Read @ 0x%"HWADDR_PRIx" size %d\n", addr, size); 306 break; 307 } 308 309 return val; 310 } 311 312 static void next_mmio_write(void *opaque, hwaddr addr, uint64_t val, 313 unsigned size) 314 { 315 NeXTPC *s = NEXT_PC(opaque); 316 317 switch (addr) { 318 case 0x2000: /* 0x2007000 */ 319 DPRINTF("INT Status old: %x new: %x\n", s->int_status, 320 (unsigned int)val); 321 s->int_status = val; 322 break; 323 324 case 0x2800: /* 0x2007800 */ 325 DPRINTF("INT Mask old: %x new: %x\n", s->int_mask, (unsigned int)val); 326 s->int_mask = val; 327 break; 328 329 case 0x7000 ... 0x7003: /* 0x200c000 */ 330 DPRINTF("SCR1 Write: %x\n", (unsigned int)val); 331 s->scr1 = deposit32(s->scr1, (4 - (addr - 0x7000) - size) << 3, 332 size << 3, val); 333 break; 334 335 case 0x8000 ... 0x8003: /* 0x200d000 */ 336 s->scr2 = deposit32(s->scr2, (4 - (addr - 0x8000) - size) << 3, 337 size << 3, val); 338 next_scr2_led_update(s); 339 next_scr2_rtc_update(s); 340 s->old_scr2 = s->scr2; 341 break; 342 343 default: 344 DPRINTF("MMIO Write @ 0x%"HWADDR_PRIx " with 0x%x size %u\n", addr, 345 (unsigned int)val, size); 346 } 347 } 348 349 static const MemoryRegionOps next_mmio_ops = { 350 .read = next_mmio_read, 351 .write = next_mmio_write, 352 .valid.min_access_size = 1, 353 .valid.max_access_size = 4, 354 .endianness = DEVICE_BIG_ENDIAN, 355 }; 356 357 #define SCSICSR_ENABLE 0x01 358 #define SCSICSR_RESET 0x02 /* reset scsi dma */ 359 #define SCSICSR_FIFOFL 0x04 360 #define SCSICSR_DMADIR 0x08 /* if set, scsi to mem */ 361 #define SCSICSR_CPUDMA 0x10 /* if set, dma enabled */ 362 #define SCSICSR_INTMASK 0x20 /* if set, interrupt enabled */ 363 364 #define NEXTDMA_SCSI(x) (0x10 + x) 365 #define NEXTDMA_FD(x) (0x10 + x) 366 #define NEXTDMA_ENTX(x) (0x110 + x) 367 #define NEXTDMA_ENRX(x) (0x150 + x) 368 #define NEXTDMA_CSR 0x0 369 #define NEXTDMA_NEXT 0x4000 370 #define NEXTDMA_LIMIT 0x4004 371 #define NEXTDMA_START 0x4008 372 #define NEXTDMA_STOP 0x400c 373 #define NEXTDMA_NEXT_INIT 0x4200 374 #define NEXTDMA_SIZE 0x4204 375 376 static void next_dma_write(void *opaque, hwaddr addr, uint64_t val, 377 unsigned int size) 378 { 379 NeXTState *next_state = NEXT_MACHINE(opaque); 380 381 switch (addr) { 382 case NEXTDMA_ENRX(NEXTDMA_CSR): 383 if (val & DMA_DEV2M) { 384 next_state->dma[NEXTDMA_ENRX].csr |= DMA_DEV2M; 385 } 386 387 if (val & DMA_SETENABLE) { 388 /* DPRINTF("SCSI DMA ENABLE\n"); */ 389 next_state->dma[NEXTDMA_ENRX].csr |= DMA_ENABLE; 390 } 391 if (val & DMA_SETSUPDATE) { 392 next_state->dma[NEXTDMA_ENRX].csr |= DMA_SUPDATE; 393 } 394 if (val & DMA_CLRCOMPLETE) { 395 next_state->dma[NEXTDMA_ENRX].csr &= ~DMA_COMPLETE; 396 } 397 398 if (val & DMA_RESET) { 399 next_state->dma[NEXTDMA_ENRX].csr &= ~(DMA_COMPLETE | DMA_SUPDATE | 400 DMA_ENABLE | DMA_DEV2M); 401 } 402 /* DPRINTF("RXCSR \tWrite: %x\n",value); */ 403 break; 404 405 case NEXTDMA_ENRX(NEXTDMA_NEXT_INIT): 406 next_state->dma[NEXTDMA_ENRX].next_initbuf = val; 407 break; 408 409 case NEXTDMA_ENRX(NEXTDMA_NEXT): 410 next_state->dma[NEXTDMA_ENRX].next = val; 411 break; 412 413 case NEXTDMA_ENRX(NEXTDMA_LIMIT): 414 next_state->dma[NEXTDMA_ENRX].limit = val; 415 break; 416 417 case NEXTDMA_SCSI(NEXTDMA_CSR): 418 if (val & DMA_DEV2M) { 419 next_state->dma[NEXTDMA_SCSI].csr |= DMA_DEV2M; 420 } 421 if (val & DMA_SETENABLE) { 422 /* DPRINTF("SCSI DMA ENABLE\n"); */ 423 next_state->dma[NEXTDMA_SCSI].csr |= DMA_ENABLE; 424 } 425 if (val & DMA_SETSUPDATE) { 426 next_state->dma[NEXTDMA_SCSI].csr |= DMA_SUPDATE; 427 } 428 if (val & DMA_CLRCOMPLETE) { 429 next_state->dma[NEXTDMA_SCSI].csr &= ~DMA_COMPLETE; 430 } 431 432 if (val & DMA_RESET) { 433 next_state->dma[NEXTDMA_SCSI].csr &= ~(DMA_COMPLETE | DMA_SUPDATE | 434 DMA_ENABLE | DMA_DEV2M); 435 /* DPRINTF("SCSI DMA RESET\n"); */ 436 } 437 /* DPRINTF("RXCSR \tWrite: %x\n",value); */ 438 break; 439 440 case NEXTDMA_SCSI(NEXTDMA_NEXT): 441 next_state->dma[NEXTDMA_SCSI].next = val; 442 break; 443 444 case NEXTDMA_SCSI(NEXTDMA_LIMIT): 445 next_state->dma[NEXTDMA_SCSI].limit = val; 446 break; 447 448 case NEXTDMA_SCSI(NEXTDMA_START): 449 next_state->dma[NEXTDMA_SCSI].start = val; 450 break; 451 452 case NEXTDMA_SCSI(NEXTDMA_STOP): 453 next_state->dma[NEXTDMA_SCSI].stop = val; 454 break; 455 456 case NEXTDMA_SCSI(NEXTDMA_NEXT_INIT): 457 next_state->dma[NEXTDMA_SCSI].next_initbuf = val; 458 break; 459 460 default: 461 DPRINTF("DMA write @ %x w/ %x\n", (unsigned)addr, (unsigned)val); 462 } 463 } 464 465 static uint64_t next_dma_read(void *opaque, hwaddr addr, unsigned int size) 466 { 467 NeXTState *next_state = NEXT_MACHINE(opaque); 468 uint64_t val; 469 470 switch (addr) { 471 case NEXTDMA_SCSI(NEXTDMA_CSR): 472 DPRINTF("SCSI DMA CSR READ\n"); 473 val = next_state->dma[NEXTDMA_SCSI].csr; 474 break; 475 476 case NEXTDMA_ENRX(NEXTDMA_CSR): 477 val = next_state->dma[NEXTDMA_ENRX].csr; 478 break; 479 480 case NEXTDMA_ENRX(NEXTDMA_NEXT_INIT): 481 val = next_state->dma[NEXTDMA_ENRX].next_initbuf; 482 break; 483 484 case NEXTDMA_ENRX(NEXTDMA_NEXT): 485 val = next_state->dma[NEXTDMA_ENRX].next; 486 break; 487 488 case NEXTDMA_ENRX(NEXTDMA_LIMIT): 489 val = next_state->dma[NEXTDMA_ENRX].limit; 490 break; 491 492 case NEXTDMA_SCSI(NEXTDMA_NEXT): 493 val = next_state->dma[NEXTDMA_SCSI].next; 494 break; 495 496 case NEXTDMA_SCSI(NEXTDMA_NEXT_INIT): 497 val = next_state->dma[NEXTDMA_SCSI].next_initbuf; 498 break; 499 500 case NEXTDMA_SCSI(NEXTDMA_LIMIT): 501 val = next_state->dma[NEXTDMA_SCSI].limit; 502 break; 503 504 case NEXTDMA_SCSI(NEXTDMA_START): 505 val = next_state->dma[NEXTDMA_SCSI].start; 506 break; 507 508 case NEXTDMA_SCSI(NEXTDMA_STOP): 509 val = next_state->dma[NEXTDMA_SCSI].stop; 510 break; 511 512 default: 513 DPRINTF("DMA read @ %x\n", (unsigned int)addr); 514 val = 0; 515 } 516 517 /* 518 * once the csr's are done, subtract 0x3FEC from the addr, and that will 519 * normalize the upper registers 520 */ 521 522 return val; 523 } 524 525 static const MemoryRegionOps next_dma_ops = { 526 .read = next_dma_read, 527 .write = next_dma_write, 528 .impl.min_access_size = 4, 529 .valid.min_access_size = 4, 530 .valid.max_access_size = 4, 531 .endianness = DEVICE_BIG_ENDIAN, 532 }; 533 534 static void next_irq(void *opaque, int number, int level) 535 { 536 NeXTPC *s = NEXT_PC(opaque); 537 M68kCPU *cpu = s->cpu; 538 int shift = 0; 539 540 /* first switch sets interrupt status */ 541 /* DPRINTF("IRQ %i\n",number); */ 542 switch (number) { 543 /* level 3 - floppy, kbd/mouse, power, ether rx/tx, scsi, clock */ 544 case NEXT_FD_I: 545 shift = 7; 546 break; 547 case NEXT_KBD_I: 548 shift = 3; 549 break; 550 case NEXT_PWR_I: 551 shift = 2; 552 break; 553 case NEXT_ENRX_I: 554 shift = 9; 555 break; 556 case NEXT_ENTX_I: 557 shift = 10; 558 break; 559 case NEXT_SCSI_I: 560 shift = 12; 561 break; 562 case NEXT_CLK_I: 563 shift = 5; 564 break; 565 566 /* level 5 - scc (serial) */ 567 case NEXT_SCC_I: 568 shift = 17; 569 break; 570 571 /* level 6 - audio etherrx/tx dma */ 572 case NEXT_ENTX_DMA_I: 573 shift = 28; 574 break; 575 case NEXT_ENRX_DMA_I: 576 shift = 27; 577 break; 578 case NEXT_SCSI_DMA_I: 579 shift = 26; 580 break; 581 case NEXT_SND_I: 582 shift = 23; 583 break; 584 case NEXT_SCC_DMA_I: 585 shift = 21; 586 break; 587 588 } 589 /* 590 * this HAS to be wrong, the interrupt handlers in mach and together 591 * int_status and int_mask and return if there is a hit 592 */ 593 if (s->int_mask & (1 << shift)) { 594 DPRINTF("%x interrupt masked @ %x\n", 1 << shift, cpu->env.pc); 595 /* return; */ 596 } 597 598 /* second switch triggers the correct interrupt */ 599 if (level) { 600 s->int_status |= 1 << shift; 601 602 switch (number) { 603 /* level 3 - floppy, kbd/mouse, power, ether rx/tx, scsi, clock */ 604 case NEXT_FD_I: 605 case NEXT_KBD_I: 606 case NEXT_PWR_I: 607 case NEXT_ENRX_I: 608 case NEXT_ENTX_I: 609 case NEXT_SCSI_I: 610 case NEXT_CLK_I: 611 m68k_set_irq_level(cpu, 3, 27); 612 break; 613 614 /* level 5 - scc (serial) */ 615 case NEXT_SCC_I: 616 m68k_set_irq_level(cpu, 5, 29); 617 break; 618 619 /* level 6 - audio etherrx/tx dma */ 620 case NEXT_ENTX_DMA_I: 621 case NEXT_ENRX_DMA_I: 622 case NEXT_SCSI_DMA_I: 623 case NEXT_SND_I: 624 case NEXT_SCC_DMA_I: 625 m68k_set_irq_level(cpu, 6, 30); 626 break; 627 } 628 } else { 629 s->int_status &= ~(1 << shift); 630 cpu_reset_interrupt(CPU(cpu), CPU_INTERRUPT_HARD); 631 } 632 } 633 634 static void nextdma_write(void *opaque, uint8_t *buf, int size, int type) 635 { 636 uint32_t base_addr; 637 int irq = 0; 638 uint8_t align = 16; 639 NeXTState *next_state = NEXT_MACHINE(qdev_get_machine()); 640 641 if (type == NEXTDMA_ENRX || type == NEXTDMA_ENTX) { 642 align = 32; 643 } 644 /* Most DMA is supposedly 16 byte aligned */ 645 if ((size % align) != 0) { 646 size -= size % align; 647 size += align; 648 } 649 650 /* 651 * prom sets the dma start using initbuf while the bootloader uses next 652 * so we check to see if initbuf is 0 653 */ 654 if (next_state->dma[type].next_initbuf == 0) { 655 base_addr = next_state->dma[type].next; 656 } else { 657 base_addr = next_state->dma[type].next_initbuf; 658 } 659 660 cpu_physical_memory_write(base_addr, buf, size); 661 662 next_state->dma[type].next_initbuf = 0; 663 664 /* saved limit is checked to calculate packet size by both, rom and netbsd */ 665 next_state->dma[type].saved_limit = (next_state->dma[type].next + size); 666 next_state->dma[type].saved_next = (next_state->dma[type].next); 667 668 /* 669 * 32 bytes under savedbase seems to be some kind of register 670 * of which the purpose is unknown as of yet 671 */ 672 /* stl_phys(s->rx_dma.base-32,0xFFFFFFFF); */ 673 674 if (!(next_state->dma[type].csr & DMA_SUPDATE)) { 675 next_state->dma[type].next = next_state->dma[type].start; 676 next_state->dma[type].limit = next_state->dma[type].stop; 677 } 678 679 /* Set dma registers and raise an irq */ 680 next_state->dma[type].csr |= DMA_COMPLETE; /* DON'T CHANGE THIS! */ 681 682 switch (type) { 683 case NEXTDMA_SCSI: 684 irq = NEXT_SCSI_DMA_I; 685 break; 686 } 687 688 next_irq(opaque, irq, 1); 689 next_irq(opaque, irq, 0); 690 } 691 692 static void nextscsi_read(void *opaque, uint8_t *buf, int len) 693 { 694 DPRINTF("SCSI READ: %x\n", len); 695 abort(); 696 } 697 698 static void nextscsi_write(void *opaque, uint8_t *buf, int size) 699 { 700 DPRINTF("SCSI WRITE: %i\n", size); 701 nextdma_write(opaque, buf, size, NEXTDMA_SCSI); 702 } 703 704 static void next_scsi_csr_write(void *opaque, hwaddr addr, uint64_t val, 705 unsigned size) 706 { 707 NeXTSCSI *s = NEXT_SCSI(opaque); 708 NeXTPC *pc = NEXT_PC(container_of(s, NeXTPC, next_scsi)); 709 710 switch (addr) { 711 case 0: 712 if (val & SCSICSR_FIFOFL) { 713 DPRINTF("SCSICSR FIFO Flush\n"); 714 /* will have to add another irq to the esp if this is needed */ 715 /* esp_puflush_fifo(esp_g); */ 716 } 717 718 if (val & SCSICSR_ENABLE) { 719 DPRINTF("SCSICSR Enable\n"); 720 /* 721 * qemu_irq_raise(s->scsi_dma); 722 * s->scsi_csr_1 = 0xc0; 723 * s->scsi_csr_1 |= 0x1; 724 * qemu_irq_pulse(s->scsi_dma); 725 */ 726 } 727 /* 728 * else 729 * s->scsi_csr_1 &= ~SCSICSR_ENABLE; 730 */ 731 732 if (val & SCSICSR_RESET) { 733 DPRINTF("SCSICSR Reset\n"); 734 /* I think this should set DMADIR. CPUDMA and INTMASK to 0 */ 735 qemu_irq_raise(pc->scsi_reset); 736 s->scsi_csr_1 &= ~(SCSICSR_INTMASK | 0x80 | 0x1); 737 qemu_irq_lower(pc->scsi_reset); 738 } 739 if (val & SCSICSR_DMADIR) { 740 DPRINTF("SCSICSR DMAdir\n"); 741 } 742 if (val & SCSICSR_CPUDMA) { 743 DPRINTF("SCSICSR CPUDMA\n"); 744 /* qemu_irq_raise(s->scsi_dma); */ 745 pc->int_status |= 0x4000000; 746 } else { 747 /* fprintf(stderr,"SCSICSR CPUDMA disabled\n"); */ 748 pc->int_status &= ~(0x4000000); 749 /* qemu_irq_lower(s->scsi_dma); */ 750 } 751 if (val & SCSICSR_INTMASK) { 752 DPRINTF("SCSICSR INTMASK\n"); 753 /* 754 * int_mask &= ~0x1000; 755 * s->scsi_csr_1 |= val; 756 * s->scsi_csr_1 &= ~SCSICSR_INTMASK; 757 * if (s->scsi_queued) { 758 * s->scsi_queued = 0; 759 * next_irq(s, NEXT_SCSI_I, level); 760 * } 761 */ 762 } else { 763 /* int_mask |= 0x1000; */ 764 } 765 if (val & 0x80) { 766 /* int_mask |= 0x1000; */ 767 /* s->scsi_csr_1 |= 0x80; */ 768 } 769 DPRINTF("SCSICSR1 Write: %"PRIx64 "\n", val); 770 s->scsi_csr_1 = val; 771 break; 772 773 case 1: 774 DPRINTF("SCSICSR2 Write: %"PRIx64 "\n", val); 775 s->scsi_csr_2 = val; 776 break; 777 778 default: 779 g_assert_not_reached(); 780 } 781 } 782 783 static uint64_t next_scsi_csr_read(void *opaque, hwaddr addr, unsigned size) 784 { 785 NeXTSCSI *s = NEXT_SCSI(opaque); 786 uint64_t val; 787 788 switch (addr) { 789 case 0: 790 DPRINTF("SCSI 4020 STATUS READ %X\n", s->scsi_csr_1); 791 val = s->scsi_csr_1; 792 break; 793 794 case 1: 795 DPRINTF("SCSI 4021 STATUS READ %X\n", s->scsi_csr_2); 796 val = s->scsi_csr_2; 797 break; 798 799 default: 800 g_assert_not_reached(); 801 } 802 803 return val; 804 } 805 806 static const MemoryRegionOps next_scsi_csr_ops = { 807 .read = next_scsi_csr_read, 808 .write = next_scsi_csr_write, 809 .valid.min_access_size = 1, 810 .valid.max_access_size = 1, 811 .endianness = DEVICE_BIG_ENDIAN, 812 }; 813 814 static void next_scsi_init(Object *obj) 815 { 816 NeXTSCSI *s = NEXT_SCSI(obj); 817 SysBusDevice *sbd = SYS_BUS_DEVICE(obj); 818 819 object_initialize_child(obj, "esp", &s->sysbus_esp, TYPE_SYSBUS_ESP); 820 821 memory_region_init_io(&s->scsi_csr_mem, obj, &next_scsi_csr_ops, 822 s, "csrs", 2); 823 824 memory_region_init(&s->scsi_mem, obj, "next.scsi", 0x40); 825 sysbus_init_mmio(sbd, &s->scsi_mem); 826 } 827 828 static void next_scsi_realize(DeviceState *dev, Error **errp) 829 { 830 NeXTSCSI *s = NEXT_SCSI(dev); 831 SysBusESPState *sysbus_esp; 832 SysBusDevice *sbd; 833 ESPState *esp; 834 NeXTPC *pcdev; 835 836 pcdev = NEXT_PC(container_of(s, NeXTPC, next_scsi)); 837 838 /* ESP */ 839 sysbus_esp = SYSBUS_ESP(&s->sysbus_esp); 840 esp = &sysbus_esp->esp; 841 esp->dma_memory_read = nextscsi_read; 842 esp->dma_memory_write = nextscsi_write; 843 esp->dma_opaque = pcdev; 844 sysbus_esp->it_shift = 0; 845 esp->dma_enabled = 1; 846 sbd = SYS_BUS_DEVICE(sysbus_esp); 847 if (!sysbus_realize(sbd, errp)) { 848 return; 849 } 850 memory_region_add_subregion(&s->scsi_mem, 0x0, 851 sysbus_mmio_get_region(sbd, 0)); 852 853 /* SCSI CSRs */ 854 memory_region_add_subregion(&s->scsi_mem, 0x20, &s->scsi_csr_mem); 855 856 scsi_bus_legacy_handle_cmdline(&s->sysbus_esp.esp.bus); 857 } 858 859 static const VMStateDescription next_scsi_vmstate = { 860 .name = "next-scsi", 861 .version_id = 0, 862 .minimum_version_id = 0, 863 .fields = (const VMStateField[]) { 864 VMSTATE_UINT8(scsi_csr_1, NeXTSCSI), 865 VMSTATE_UINT8(scsi_csr_2, NeXTSCSI), 866 VMSTATE_END_OF_LIST() 867 }, 868 }; 869 870 static void next_scsi_class_init(ObjectClass *klass, void *data) 871 { 872 DeviceClass *dc = DEVICE_CLASS(klass); 873 874 dc->desc = "NeXT SCSI Controller"; 875 dc->realize = next_scsi_realize; 876 dc->vmsd = &next_scsi_vmstate; 877 } 878 879 static const TypeInfo next_scsi_info = { 880 .name = TYPE_NEXT_SCSI, 881 .parent = TYPE_SYS_BUS_DEVICE, 882 .instance_init = next_scsi_init, 883 .instance_size = sizeof(NeXTSCSI), 884 .class_init = next_scsi_class_init, 885 }; 886 887 static void next_floppy_write(void *opaque, hwaddr addr, uint64_t val, 888 unsigned size) 889 { 890 switch (addr) { 891 case 0: 892 DPRINTF("FDCSR Write: %"PRIx64 "\n", val); 893 if (val == 0x0) { 894 /* qemu_irq_raise(s->fd_irq[0]); */ 895 } 896 break; 897 898 default: 899 g_assert_not_reached(); 900 } 901 } 902 903 static uint64_t next_floppy_read(void *opaque, hwaddr addr, unsigned size) 904 { 905 uint64_t val; 906 907 switch (addr) { 908 case 0: 909 DPRINTF("FD read @ %x\n", (unsigned int)addr); 910 val = 0x40 | 0x04 | 0x2 | 0x1; 911 break; 912 913 default: 914 g_assert_not_reached(); 915 } 916 917 return val; 918 } 919 920 static const MemoryRegionOps next_floppy_ops = { 921 .read = next_floppy_read, 922 .write = next_floppy_write, 923 .valid.min_access_size = 1, 924 .valid.max_access_size = 4, 925 .endianness = DEVICE_BIG_ENDIAN, 926 }; 927 928 static void next_timer_write(void *opaque, hwaddr addr, uint64_t val, 929 unsigned size) 930 { 931 switch (addr) { 932 case 0 ... 3: 933 /* Hardware timer latch - not implemented yet */ 934 break; 935 936 default: 937 g_assert_not_reached(); 938 } 939 } 940 941 static uint64_t next_timer_read(void *opaque, hwaddr addr, unsigned size) 942 { 943 uint64_t val; 944 945 switch (addr) { 946 case 0 ... 3: 947 /* 948 * These 4 registers are the hardware timer, not sure which register 949 * is the latch instead of data, but no problems so far. 950 * 951 * Hack: We need to have the LSB change consistently to make it work 952 */ 953 val = extract32(clock(), (4 - addr - size) << 3, 954 size << 3); 955 break; 956 957 default: 958 g_assert_not_reached(); 959 } 960 961 return val; 962 } 963 964 static const MemoryRegionOps next_timer_ops = { 965 .read = next_timer_read, 966 .write = next_timer_write, 967 .valid.min_access_size = 1, 968 .valid.max_access_size = 4, 969 .endianness = DEVICE_BIG_ENDIAN, 970 }; 971 972 static void next_dummy_en_write(void *opaque, hwaddr addr, uint64_t val, 973 unsigned size) 974 { 975 /* Do nothing */ 976 return; 977 } 978 979 static uint64_t next_dummy_en_read(void *opaque, hwaddr addr, unsigned size) 980 { 981 uint64_t val; 982 983 switch (addr) { 984 case 0: 985 /* For now return dummy byte to allow the Ethernet test to timeout */ 986 val = 0xff; 987 break; 988 989 default: 990 val = 0; 991 } 992 993 return val; 994 } 995 996 static const MemoryRegionOps next_dummy_en_ops = { 997 .read = next_dummy_en_read, 998 .write = next_dummy_en_write, 999 .valid.min_access_size = 1, 1000 .valid.max_access_size = 4, 1001 .endianness = DEVICE_BIG_ENDIAN, 1002 }; 1003 1004 static void next_pc_reset_hold(Object *obj, ResetType type) 1005 { 1006 NeXTPC *s = NEXT_PC(obj); 1007 1008 /* Set internal registers to initial values */ 1009 /* 0x0000XX00 << vital bits */ 1010 s->scr1 = 0x00011102; 1011 s->scr2 = 0x00ff0c80; 1012 s->old_scr2 = s->scr2; 1013 1014 s->rtc.status = 0x90; 1015 1016 /* Load RTC RAM - TODO: provide possibility to load contents from file */ 1017 memcpy(s->rtc.ram, rtc_ram2, 32); 1018 } 1019 1020 static void next_pc_realize(DeviceState *dev, Error **errp) 1021 { 1022 NeXTPC *s = NEXT_PC(dev); 1023 SysBusDevice *sbd; 1024 DeviceState *d; 1025 1026 /* SCSI */ 1027 sbd = SYS_BUS_DEVICE(&s->next_scsi); 1028 if (!sysbus_realize(sbd, errp)) { 1029 return; 1030 } 1031 1032 d = DEVICE(object_resolve_path_component(OBJECT(&s->next_scsi), "esp")); 1033 sysbus_connect_irq(SYS_BUS_DEVICE(d), 0, 1034 qdev_get_gpio_in(DEVICE(s), NEXT_SCSI_I)); 1035 1036 s->scsi_reset = qdev_get_gpio_in(d, 0); 1037 s->scsi_dma = qdev_get_gpio_in(d, 1); 1038 1039 /* ESCC */ 1040 d = DEVICE(&s->escc); 1041 qdev_prop_set_uint32(d, "disabled", 0); 1042 qdev_prop_set_uint32(d, "frequency", 9600 * 384); 1043 qdev_prop_set_uint32(d, "it_shift", 0); 1044 qdev_prop_set_bit(d, "bit_swap", true); 1045 qdev_prop_set_chr(d, "chrB", serial_hd(1)); 1046 qdev_prop_set_chr(d, "chrA", serial_hd(0)); 1047 qdev_prop_set_uint32(d, "chnBtype", escc_serial); 1048 qdev_prop_set_uint32(d, "chnAtype", escc_serial); 1049 1050 sbd = SYS_BUS_DEVICE(d); 1051 if (!sysbus_realize(sbd, errp)) { 1052 return; 1053 } 1054 sysbus_connect_irq(sbd, 0, qdev_get_gpio_in(dev, NEXT_SCC_I)); 1055 sysbus_connect_irq(sbd, 1, qdev_get_gpio_in(dev, NEXT_SCC_DMA_I)); 1056 } 1057 1058 static void next_pc_init(Object *obj) 1059 { 1060 NeXTPC *s = NEXT_PC(obj); 1061 SysBusDevice *sbd = SYS_BUS_DEVICE(obj); 1062 1063 qdev_init_gpio_in(DEVICE(obj), next_irq, NEXT_NUM_IRQS); 1064 1065 memory_region_init_io(&s->mmiomem, OBJECT(s), &next_mmio_ops, s, 1066 "next.mmio", 0x9000); 1067 sysbus_init_mmio(sbd, &s->mmiomem); 1068 1069 memory_region_init_io(&s->dummyen_mem, OBJECT(s), &next_dummy_en_ops, s, 1070 "next.en", 0x20); 1071 sysbus_init_mmio(sbd, &s->dummyen_mem); 1072 1073 object_initialize_child(obj, "next-scsi", &s->next_scsi, TYPE_NEXT_SCSI); 1074 sysbus_init_mmio(sbd, 1075 sysbus_mmio_get_region(SYS_BUS_DEVICE(&s->next_scsi), 0)); 1076 1077 memory_region_init_io(&s->floppy_mem, OBJECT(s), &next_floppy_ops, s, 1078 "next.floppy", 4); 1079 sysbus_init_mmio(sbd, &s->floppy_mem); 1080 1081 object_initialize_child(obj, "escc", &s->escc, TYPE_ESCC); 1082 sysbus_init_mmio(sbd, 1083 sysbus_mmio_get_region(SYS_BUS_DEVICE(&s->escc), 0)); 1084 1085 memory_region_init_io(&s->timer_mem, OBJECT(s), &next_timer_ops, s, 1086 "next.timer", 4); 1087 sysbus_init_mmio(sbd, &s->timer_mem); 1088 1089 s->rtc_power_irq = qdev_get_gpio_in(DEVICE(obj), NEXT_PWR_I); 1090 } 1091 1092 /* 1093 * If the m68k CPU implemented its inbound irq lines as GPIO lines 1094 * rather than via the m68k_set_irq_level() function we would not need 1095 * this cpu link property and could instead provide outbound IRQ lines 1096 * that the board could wire up to the CPU. 1097 */ 1098 static const Property next_pc_properties[] = { 1099 DEFINE_PROP_LINK("cpu", NeXTPC, cpu, TYPE_M68K_CPU, M68kCPU *), 1100 }; 1101 1102 static const VMStateDescription next_rtc_vmstate = { 1103 .name = "next-rtc", 1104 .version_id = 2, 1105 .minimum_version_id = 2, 1106 .fields = (const VMStateField[]) { 1107 VMSTATE_INT8(phase, NeXTRTC), 1108 VMSTATE_UINT8_ARRAY(ram, NeXTRTC, 32), 1109 VMSTATE_UINT8(command, NeXTRTC), 1110 VMSTATE_UINT8(value, NeXTRTC), 1111 VMSTATE_UINT8(status, NeXTRTC), 1112 VMSTATE_UINT8(control, NeXTRTC), 1113 VMSTATE_UINT8(retval, NeXTRTC), 1114 VMSTATE_END_OF_LIST() 1115 }, 1116 }; 1117 1118 static const VMStateDescription next_pc_vmstate = { 1119 .name = "next-pc", 1120 .version_id = 3, 1121 .minimum_version_id = 3, 1122 .fields = (const VMStateField[]) { 1123 VMSTATE_UINT32(scr1, NeXTPC), 1124 VMSTATE_UINT32(scr2, NeXTPC), 1125 VMSTATE_UINT32(old_scr2, NeXTPC), 1126 VMSTATE_UINT32(int_mask, NeXTPC), 1127 VMSTATE_UINT32(int_status, NeXTPC), 1128 VMSTATE_UINT32(led, NeXTPC), 1129 VMSTATE_STRUCT(rtc, NeXTPC, 0, next_rtc_vmstate, NeXTRTC), 1130 VMSTATE_END_OF_LIST() 1131 }, 1132 }; 1133 1134 static void next_pc_class_init(ObjectClass *klass, void *data) 1135 { 1136 DeviceClass *dc = DEVICE_CLASS(klass); 1137 ResettableClass *rc = RESETTABLE_CLASS(klass); 1138 1139 dc->desc = "NeXT Peripheral Controller"; 1140 dc->realize = next_pc_realize; 1141 device_class_set_props(dc, next_pc_properties); 1142 dc->vmsd = &next_pc_vmstate; 1143 rc->phases.hold = next_pc_reset_hold; 1144 } 1145 1146 static const TypeInfo next_pc_info = { 1147 .name = TYPE_NEXT_PC, 1148 .parent = TYPE_SYS_BUS_DEVICE, 1149 .instance_init = next_pc_init, 1150 .instance_size = sizeof(NeXTPC), 1151 .class_init = next_pc_class_init, 1152 }; 1153 1154 static void next_cube_init(MachineState *machine) 1155 { 1156 NeXTState *m = NEXT_MACHINE(machine); 1157 M68kCPU *cpu; 1158 CPUM68KState *env; 1159 MemoryRegion *sysmem = get_system_memory(); 1160 const char *bios_name = machine->firmware ?: ROM_FILE; 1161 DeviceState *pcdev; 1162 1163 /* Initialize the cpu core */ 1164 cpu = M68K_CPU(cpu_create(machine->cpu_type)); 1165 if (!cpu) { 1166 error_report("Unable to find m68k CPU definition"); 1167 exit(1); 1168 } 1169 env = &cpu->env; 1170 1171 /* Initialize CPU registers. */ 1172 env->vbr = 0; 1173 env->sr = 0x2700; 1174 1175 /* Peripheral Controller */ 1176 pcdev = qdev_new(TYPE_NEXT_PC); 1177 object_property_set_link(OBJECT(pcdev), "cpu", OBJECT(cpu), &error_abort); 1178 sysbus_realize_and_unref(SYS_BUS_DEVICE(pcdev), &error_fatal); 1179 1180 /* 64MB RAM starting at 0x04000000 */ 1181 memory_region_add_subregion(sysmem, 0x04000000, machine->ram); 1182 1183 /* Framebuffer */ 1184 sysbus_create_simple(TYPE_NEXTFB, 0x0B000000, NULL); 1185 1186 /* MMIO */ 1187 sysbus_mmio_map(SYS_BUS_DEVICE(pcdev), 0, 0x02005000); 1188 1189 /* BMAP IO - acts as a catch-all for now */ 1190 sysbus_mmio_map(SYS_BUS_DEVICE(pcdev), 1, 0x02100000); 1191 1192 /* en network (dummy) */ 1193 sysbus_mmio_map(SYS_BUS_DEVICE(pcdev), 1, 0x02106000); 1194 1195 /* unknown: Brightness control register? */ 1196 empty_slot_init("next.unknown.0", 0x02110000, 0x10); 1197 /* unknown: Magneto-Optical drive controller? */ 1198 empty_slot_init("next.unknown.1", 0x02112000, 0x10); 1199 1200 /* SCSI */ 1201 sysbus_mmio_map(SYS_BUS_DEVICE(pcdev), 2, 0x02114000); 1202 /* Floppy */ 1203 sysbus_mmio_map(SYS_BUS_DEVICE(pcdev), 3, 0x02114108); 1204 /* ESCC */ 1205 sysbus_mmio_map(SYS_BUS_DEVICE(pcdev), 4, 0x02118000); 1206 1207 /* unknown: Serial clock configuration register? */ 1208 empty_slot_init("next.unknown.2", 0x02118004, 0x10); 1209 1210 /* Timer */ 1211 sysbus_mmio_map(SYS_BUS_DEVICE(pcdev), 5, 0x0211a000); 1212 1213 /* BMAP memory */ 1214 memory_region_init_ram_flags_nomigrate(&m->bmapm1, NULL, "next.bmapmem", 1215 64, RAM_SHARED, &error_fatal); 1216 memory_region_add_subregion(sysmem, 0x020c0000, &m->bmapm1); 1217 /* The Rev_2.5_v66.bin firmware accesses it at 0x820c0020, too */ 1218 memory_region_init_alias(&m->bmapm2, NULL, "next.bmapmem2", &m->bmapm1, 1219 0x0, 64); 1220 memory_region_add_subregion(sysmem, 0x820c0000, &m->bmapm2); 1221 1222 /* KBD */ 1223 sysbus_create_simple(TYPE_NEXTKBD, 0x0200e000, NULL); 1224 1225 /* Load ROM here */ 1226 memory_region_init_rom(&m->rom, NULL, "next.rom", 0x20000, &error_fatal); 1227 memory_region_add_subregion(sysmem, 0x01000000, &m->rom); 1228 memory_region_init_alias(&m->rom2, NULL, "next.rom2", &m->rom, 0x0, 1229 0x20000); 1230 memory_region_add_subregion(sysmem, 0x0, &m->rom2); 1231 if (load_image_targphys(bios_name, 0x01000000, 0x20000) < 8) { 1232 if (!qtest_enabled()) { 1233 error_report("Failed to load firmware '%s'.", bios_name); 1234 } 1235 } else { 1236 uint8_t *ptr; 1237 /* Initial PC is always at offset 4 in firmware binaries */ 1238 ptr = rom_ptr(0x01000004, 4); 1239 g_assert(ptr != NULL); 1240 env->pc = ldl_be_p(ptr); 1241 if (env->pc >= 0x01020000) { 1242 error_report("'%s' does not seem to be a valid firmware image.", 1243 bios_name); 1244 exit(1); 1245 } 1246 } 1247 1248 /* DMA */ 1249 memory_region_init_io(&m->dmamem, NULL, &next_dma_ops, machine, 1250 "next.dma", 0x5000); 1251 memory_region_add_subregion(sysmem, 0x02000000, &m->dmamem); 1252 } 1253 1254 static void next_machine_class_init(ObjectClass *oc, void *data) 1255 { 1256 MachineClass *mc = MACHINE_CLASS(oc); 1257 1258 mc->desc = "NeXT Cube"; 1259 mc->init = next_cube_init; 1260 mc->block_default_type = IF_SCSI; 1261 mc->default_ram_size = RAM_SIZE; 1262 mc->default_ram_id = "next.ram"; 1263 mc->default_cpu_type = M68K_CPU_TYPE_NAME("m68040"); 1264 mc->no_cdrom = true; 1265 } 1266 1267 static const TypeInfo next_typeinfo = { 1268 .name = TYPE_NEXT_MACHINE, 1269 .parent = TYPE_MACHINE, 1270 .class_init = next_machine_class_init, 1271 .instance_size = sizeof(NeXTState), 1272 }; 1273 1274 static void next_register_type(void) 1275 { 1276 type_register_static(&next_typeinfo); 1277 type_register_static(&next_pc_info); 1278 type_register_static(&next_scsi_info); 1279 } 1280 1281 type_init(next_register_type) 1282