xref: /openbmc/qemu/hw/m68k/next-cube.c (revision c36dd41b)
1 /*
2  * NeXT Cube System Driver
3  *
4  * Copyright (c) 2011 Bryce Lanham
5  *
6  * This code is free software; you can redistribute it and/or modify
7  * it under the terms of the GNU General Public License as published
8  * by the Free Software Foundation; either version 2 of the License,
9  * or (at your option) any later version.
10  */
11 
12 #include "qemu/osdep.h"
13 #include "exec/hwaddr.h"
14 #include "sysemu/sysemu.h"
15 #include "sysemu/qtest.h"
16 #include "hw/irq.h"
17 #include "hw/m68k/next-cube.h"
18 #include "hw/boards.h"
19 #include "hw/loader.h"
20 #include "hw/scsi/esp.h"
21 #include "hw/sysbus.h"
22 #include "qom/object.h"
23 #include "hw/char/escc.h" /* ZILOG 8530 Serial Emulation */
24 #include "hw/block/fdc.h"
25 #include "hw/qdev-properties.h"
26 #include "qapi/error.h"
27 #include "qemu/error-report.h"
28 #include "ui/console.h"
29 #include "target/m68k/cpu.h"
30 #include "migration/vmstate.h"
31 
32 /* #define DEBUG_NEXT */
33 #ifdef DEBUG_NEXT
34 #define DPRINTF(fmt, ...) \
35     do { printf("NeXT: " fmt , ## __VA_ARGS__); } while (0)
36 #else
37 #define DPRINTF(fmt, ...) do { } while (0)
38 #endif
39 
40 #define TYPE_NEXT_MACHINE MACHINE_TYPE_NAME("next-cube")
41 OBJECT_DECLARE_SIMPLE_TYPE(NeXTState, NEXT_MACHINE)
42 
43 #define ENTRY       0x0100001e
44 #define RAM_SIZE    0x4000000
45 #define ROM_FILE    "Rev_2.5_v66.bin"
46 
47 typedef struct next_dma {
48     uint32_t csr;
49 
50     uint32_t saved_next;
51     uint32_t saved_limit;
52     uint32_t saved_start;
53     uint32_t saved_stop;
54 
55     uint32_t next;
56     uint32_t limit;
57     uint32_t start;
58     uint32_t stop;
59 
60     uint32_t next_initbuf;
61     uint32_t size;
62 } next_dma;
63 
64 typedef struct NextRtc {
65     uint8_t ram[32];
66     uint8_t command;
67     uint8_t value;
68     uint8_t status;
69     uint8_t control;
70     uint8_t retval;
71 } NextRtc;
72 
73 struct NeXTState {
74     MachineState parent;
75 
76     next_dma dma[10];
77 };
78 
79 #define TYPE_NEXT_PC "next-pc"
80 OBJECT_DECLARE_SIMPLE_TYPE(NeXTPC, NEXT_PC)
81 
82 /* NeXT Peripheral Controller */
83 struct NeXTPC {
84     SysBusDevice parent_obj;
85 
86     M68kCPU *cpu;
87 
88     MemoryRegion mmiomem;
89     MemoryRegion scrmem;
90 
91     uint32_t scr1;
92     uint32_t scr2;
93     uint8_t scsi_csr_1;
94     uint8_t scsi_csr_2;
95     uint32_t int_mask;
96     uint32_t int_status;
97 
98     NextRtc rtc;
99 };
100 
101 /* Thanks to NeXT forums for this */
102 /*
103 static const uint8_t rtc_ram3[32] = {
104     0x94, 0x0f, 0x40, 0x00, 0x00, 0x00, 0x00, 0x00,
105     0x00, 0x00, 0xfb, 0x6d, 0x00, 0x00, 0x7B, 0x00,
106     0x00, 0x00, 0x65, 0x6e, 0x00, 0x00, 0x00, 0x00,
107     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x50, 0x13
108 };
109 */
110 static const uint8_t rtc_ram2[32] = {
111     0x94, 0x0f, 0x40, 0x03, 0x00, 0x00, 0x00, 0x00,
112     0x00, 0x00, 0xfb, 0x6d, 0x00, 0x00, 0x4b, 0x00,
113     0x41, 0x00, 0x20, 0x00, 0x00, 0x00, 0x00, 0x00,
114     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x84, 0x7e,
115 };
116 
117 #define SCR2_RTCLK 0x2
118 #define SCR2_RTDATA 0x4
119 #define SCR2_TOBCD(x) (((x / 10) << 4) + (x % 10))
120 
121 static void nextscr2_write(NeXTPC *s, uint32_t val, int size)
122 {
123     static int led;
124     static int phase;
125     static uint8_t old_scr2;
126     uint8_t scr2_2;
127     NextRtc *rtc = &s->rtc;
128 
129     if (size == 4) {
130         scr2_2 = (val >> 8) & 0xFF;
131     } else {
132         scr2_2 = val & 0xFF;
133     }
134 
135     if (val & 0x1) {
136         DPRINTF("fault!\n");
137         led++;
138         if (led == 10) {
139             DPRINTF("LED flashing, possible fault!\n");
140             led = 0;
141         }
142     }
143 
144     if (scr2_2 & 0x1) {
145         /* DPRINTF("RTC %x phase %i\n", scr2_2, phase); */
146         if (phase == -1) {
147             phase = 0;
148         }
149         /* If we are in going down clock... do something */
150         if (((old_scr2 & SCR2_RTCLK) != (scr2_2 & SCR2_RTCLK)) &&
151                 ((scr2_2 & SCR2_RTCLK) == 0)) {
152             if (phase < 8) {
153                 rtc->command = (rtc->command << 1) |
154                                ((scr2_2 & SCR2_RTDATA) ? 1 : 0);
155             }
156             if (phase >= 8 && phase < 16) {
157                 rtc->value = (rtc->value << 1) |
158                              ((scr2_2 & SCR2_RTDATA) ? 1 : 0);
159 
160                 /* if we read RAM register, output RT_DATA bit */
161                 if (rtc->command <= 0x1F) {
162                     scr2_2 = scr2_2 & (~SCR2_RTDATA);
163                     if (rtc->ram[rtc->command] & (0x80 >> (phase - 8))) {
164                         scr2_2 |= SCR2_RTDATA;
165                     }
166 
167                     rtc->retval = (rtc->retval << 1) |
168                                   ((scr2_2 & SCR2_RTDATA) ? 1 : 0);
169                 }
170                 /* read the status 0x30 */
171                 if (rtc->command == 0x30) {
172                     scr2_2 = scr2_2 & (~SCR2_RTDATA);
173                     /* for now status = 0x98 (new rtc + FTU) */
174                     if (rtc->status & (0x80 >> (phase - 8))) {
175                         scr2_2 |= SCR2_RTDATA;
176                     }
177 
178                     rtc->retval = (rtc->retval << 1) |
179                                   ((scr2_2 & SCR2_RTDATA) ? 1 : 0);
180                 }
181                 /* read the status 0x31 */
182                 if (rtc->command == 0x31) {
183                     scr2_2 = scr2_2 & (~SCR2_RTDATA);
184                     if (rtc->control & (0x80 >> (phase - 8))) {
185                         scr2_2 |= SCR2_RTDATA;
186                     }
187                     rtc->retval = (rtc->retval << 1) |
188                                   ((scr2_2 & SCR2_RTDATA) ? 1 : 0);
189                 }
190 
191                 if ((rtc->command >= 0x20) && (rtc->command <= 0x2F)) {
192                     scr2_2 = scr2_2 & (~SCR2_RTDATA);
193                     /* for now 0x00 */
194                     time_t time_h = time(NULL);
195                     struct tm *info = localtime(&time_h);
196                     int ret = 0;
197 
198                     switch (rtc->command) {
199                     case 0x20:
200                         ret = SCR2_TOBCD(info->tm_sec);
201                         break;
202                     case 0x21:
203                         ret = SCR2_TOBCD(info->tm_min);
204                         break;
205                     case 0x22:
206                         ret = SCR2_TOBCD(info->tm_hour);
207                         break;
208                     case 0x24:
209                         ret = SCR2_TOBCD(info->tm_mday);
210                         break;
211                     case 0x25:
212                         ret = SCR2_TOBCD((info->tm_mon + 1));
213                         break;
214                     case 0x26:
215                         ret = SCR2_TOBCD((info->tm_year - 100));
216                         break;
217 
218                     }
219 
220                     if (ret & (0x80 >> (phase - 8))) {
221                         scr2_2 |= SCR2_RTDATA;
222                     }
223                     rtc->retval = (rtc->retval << 1) |
224                                   ((scr2_2 & SCR2_RTDATA) ? 1 : 0);
225                 }
226 
227             }
228 
229             phase++;
230             if (phase == 16) {
231                 if (rtc->command >= 0x80 && rtc->command <= 0x9F) {
232                     rtc->ram[rtc->command - 0x80] = rtc->value;
233                 }
234                 /* write to x30 register */
235                 if (rtc->command == 0xB1) {
236                     /* clear FTU */
237                     if (rtc->value & 0x04) {
238                         rtc->status = rtc->status & (~0x18);
239                         s->int_status = s->int_status & (~0x04);
240                     }
241                 }
242             }
243         }
244     } else {
245         /* else end or abort */
246         phase = -1;
247         rtc->command = 0;
248         rtc->value = 0;
249     }
250     s->scr2 = val & 0xFFFF00FF;
251     s->scr2 |= scr2_2 << 8;
252     old_scr2 = scr2_2;
253 }
254 
255 static uint32_t mmio_readb(NeXTPC *s, hwaddr addr)
256 {
257     switch (addr) {
258     case 0xc000:
259         return (s->scr1 >> 24) & 0xFF;
260     case 0xc001:
261         return (s->scr1 >> 16) & 0xFF;
262     case 0xc002:
263         return (s->scr1 >> 8)  & 0xFF;
264     case 0xc003:
265         return (s->scr1 >> 0)  & 0xFF;
266 
267     case 0xd000:
268         return (s->scr2 >> 24) & 0xFF;
269     case 0xd001:
270         return (s->scr2 >> 16) & 0xFF;
271     case 0xd002:
272         return (s->scr2 >> 8)  & 0xFF;
273     case 0xd003:
274         return (s->scr2 >> 0)  & 0xFF;
275     case 0x14020:
276         DPRINTF("MMIO Read 0x4020\n");
277         return 0x7f;
278 
279     default:
280         DPRINTF("MMIO Read B @ %"HWADDR_PRIx"\n", addr);
281         return 0x0;
282     }
283 }
284 
285 static uint32_t mmio_readw(NeXTPC *s, hwaddr addr)
286 {
287     switch (addr) {
288     default:
289         DPRINTF("MMIO Read W @ %"HWADDR_PRIx"\n", addr);
290         return 0x0;
291     }
292 }
293 
294 static uint32_t mmio_readl(NeXTPC *s, hwaddr addr)
295 {
296     switch (addr) {
297     case 0x7000:
298         /* DPRINTF("Read INT status: %x\n", s->int_status); */
299         return s->int_status;
300 
301     case 0x7800:
302         DPRINTF("MMIO Read INT mask: %x\n", s->int_mask);
303         return s->int_mask;
304 
305     case 0xc000:
306         return s->scr1;
307 
308     case 0xd000:
309         return s->scr2;
310 
311     default:
312         DPRINTF("MMIO Read L @ %"HWADDR_PRIx"\n", addr);
313         return 0x0;
314     }
315 }
316 
317 static void mmio_writeb(NeXTPC *s, hwaddr addr, uint32_t val)
318 {
319     switch (addr) {
320     case 0xd003:
321         nextscr2_write(s, val, 1);
322         break;
323     default:
324         DPRINTF("MMIO Write B @ %x with %x\n", (unsigned int)addr, val);
325     }
326 
327 }
328 
329 static void mmio_writew(NeXTPC *s, hwaddr addr, uint32_t val)
330 {
331     DPRINTF("MMIO Write W\n");
332 }
333 
334 static void mmio_writel(NeXTPC *s, hwaddr addr, uint32_t val)
335 {
336     switch (addr) {
337     case 0x7000:
338         DPRINTF("INT Status old: %x new: %x\n", s->int_status, val);
339         s->int_status = val;
340         break;
341     case 0x7800:
342         DPRINTF("INT Mask old: %x new: %x\n", s->int_mask, val);
343         s->int_mask  = val;
344         break;
345     case 0xc000:
346         DPRINTF("SCR1 Write: %x\n", val);
347         break;
348     case 0xd000:
349         nextscr2_write(s, val, 4);
350         break;
351 
352     default:
353         DPRINTF("MMIO Write l @ %x with %x\n", (unsigned int)addr, val);
354     }
355 }
356 
357 static uint64_t mmio_readfn(void *opaque, hwaddr addr, unsigned size)
358 {
359     NeXTPC *s = NEXT_PC(opaque);
360 
361     switch (size) {
362     case 1:
363         return mmio_readb(s, addr);
364     case 2:
365         return mmio_readw(s, addr);
366     case 4:
367         return mmio_readl(s, addr);
368     default:
369         g_assert_not_reached();
370     }
371 }
372 
373 static void mmio_writefn(void *opaque, hwaddr addr, uint64_t value,
374                          unsigned size)
375 {
376     NeXTPC *s = NEXT_PC(opaque);
377 
378     switch (size) {
379     case 1:
380         mmio_writeb(s, addr, value);
381         break;
382     case 2:
383         mmio_writew(s, addr, value);
384         break;
385     case 4:
386         mmio_writel(s, addr, value);
387         break;
388     default:
389         g_assert_not_reached();
390     }
391 }
392 
393 static const MemoryRegionOps mmio_ops = {
394     .read = mmio_readfn,
395     .write = mmio_writefn,
396     .valid.min_access_size = 1,
397     .valid.max_access_size = 4,
398     .endianness = DEVICE_NATIVE_ENDIAN,
399 };
400 
401 static uint32_t scr_readb(NeXTPC *s, hwaddr addr)
402 {
403     switch (addr) {
404     case 0x14108:
405         DPRINTF("FD read @ %x\n", (unsigned int)addr);
406         return 0x40 | 0x04 | 0x2 | 0x1;
407     case 0x14020:
408         DPRINTF("SCSI 4020  STATUS READ %X\n", s->scsi_csr_1);
409         return s->scsi_csr_1;
410 
411     case 0x14021:
412         DPRINTF("SCSI 4021 STATUS READ %X\n", s->scsi_csr_2);
413         return 0x40;
414 
415     /*
416      * These 4 registers are the hardware timer, not sure which register
417      * is the latch instead of data, but no problems so far
418      */
419     case 0x1a000:
420         return 0xff & (clock() >> 24);
421     case 0x1a001:
422         return 0xff & (clock() >> 16);
423     case 0x1a002:
424         return 0xff & (clock() >> 8);
425     case 0x1a003:
426         /* Hack: We need to have this change consistently to make it work */
427         return 0xFF & clock();
428 
429     default:
430         DPRINTF("BMAP Read B @ %x\n", (unsigned int)addr);
431         return 0;
432     }
433 }
434 
435 static uint32_t scr_readw(NeXTPC *s, hwaddr addr)
436 {
437     DPRINTF("BMAP Read W @ %x\n", (unsigned int)addr);
438     return 0;
439 }
440 
441 static uint32_t scr_readl(NeXTPC *s, hwaddr addr)
442 {
443     DPRINTF("BMAP Read L @ %x\n", (unsigned int)addr);
444     return 0;
445 }
446 
447 #define SCSICSR_ENABLE  0x01
448 #define SCSICSR_RESET   0x02  /* reset scsi dma */
449 #define SCSICSR_FIFOFL  0x04
450 #define SCSICSR_DMADIR  0x08  /* if set, scsi to mem */
451 #define SCSICSR_CPUDMA  0x10  /* if set, dma enabled */
452 #define SCSICSR_INTMASK 0x20  /* if set, interrupt enabled */
453 
454 static void scr_writeb(NeXTPC *s, hwaddr addr, uint32_t value)
455 {
456     switch (addr) {
457     case 0x14108:
458         DPRINTF("FDCSR Write: %x\n", value);
459 
460         if (value == 0x0) {
461             /* qemu_irq_raise(s->fd_irq[0]); */
462         }
463         break;
464     case 0x14020: /* SCSI Control Register */
465         if (value & SCSICSR_FIFOFL) {
466             DPRINTF("SCSICSR FIFO Flush\n");
467             /* will have to add another irq to the esp if this is needed */
468             /* esp_puflush_fifo(esp_g); */
469             /* qemu_irq_pulse(s->scsi_dma); */
470         }
471 
472         if (value & SCSICSR_ENABLE) {
473             DPRINTF("SCSICSR Enable\n");
474             /*
475              * qemu_irq_raise(s->scsi_dma);
476              * s->scsi_csr_1 = 0xc0;
477              * s->scsi_csr_1 |= 0x1;
478              * qemu_irq_pulse(s->scsi_dma);
479              */
480         }
481         /*
482          * else
483          *     s->scsi_csr_1 &= ~SCSICSR_ENABLE;
484          */
485 
486         if (value & SCSICSR_RESET) {
487             DPRINTF("SCSICSR Reset\n");
488             /* I think this should set DMADIR. CPUDMA and INTMASK to 0 */
489             /* qemu_irq_raise(s->scsi_reset); */
490             /* s->scsi_csr_1 &= ~(SCSICSR_INTMASK |0x80|0x1); */
491 
492         }
493         if (value & SCSICSR_DMADIR) {
494             DPRINTF("SCSICSR DMAdir\n");
495         }
496         if (value & SCSICSR_CPUDMA) {
497             DPRINTF("SCSICSR CPUDMA\n");
498             /* qemu_irq_raise(s->scsi_dma); */
499 
500             s->int_status |= 0x4000000;
501         } else {
502             s->int_status &= ~(0x4000000);
503         }
504         if (value & SCSICSR_INTMASK) {
505             DPRINTF("SCSICSR INTMASK\n");
506             /*
507              * int_mask &= ~0x1000;
508              * s->scsi_csr_1 |= value;
509              * s->scsi_csr_1 &= ~SCSICSR_INTMASK;
510              * if (s->scsi_queued) {
511              *     s->scsi_queued = 0;
512              *     next_irq(s, NEXT_SCSI_I, level);
513              * }
514              */
515         } else {
516             /* int_mask |= 0x1000; */
517         }
518         if (value & 0x80) {
519             /* int_mask |= 0x1000; */
520             /* s->scsi_csr_1 |= 0x80; */
521         }
522         DPRINTF("SCSICSR Write: %x\n", value);
523         /* s->scsi_csr_1 = value; */
524         return;
525     /* Hardware timer latch - not implemented yet */
526     case 0x1a000:
527     default:
528         DPRINTF("BMAP Write B @ %x with %x\n", (unsigned int)addr, value);
529     }
530 }
531 
532 static void scr_writew(NeXTPC *s, hwaddr addr, uint32_t value)
533 {
534     DPRINTF("BMAP Write W @ %x with %x\n", (unsigned int)addr, value);
535 }
536 
537 static void scr_writel(NeXTPC *s, hwaddr addr, uint32_t value)
538 {
539     DPRINTF("BMAP Write L @ %x with %x\n", (unsigned int)addr, value);
540 }
541 
542 static uint64_t scr_readfn(void *opaque, hwaddr addr, unsigned size)
543 {
544     NeXTPC *s = NEXT_PC(opaque);
545 
546     switch (size) {
547     case 1:
548         return scr_readb(s, addr);
549     case 2:
550         return scr_readw(s, addr);
551     case 4:
552         return scr_readl(s, addr);
553     default:
554         g_assert_not_reached();
555     }
556 }
557 
558 static void scr_writefn(void *opaque, hwaddr addr, uint64_t value,
559                         unsigned size)
560 {
561     NeXTPC *s = NEXT_PC(opaque);
562 
563     switch (size) {
564     case 1:
565         scr_writeb(s, addr, value);
566         break;
567     case 2:
568         scr_writew(s, addr, value);
569         break;
570     case 4:
571         scr_writel(s, addr, value);
572         break;
573     default:
574         g_assert_not_reached();
575     }
576 }
577 
578 static const MemoryRegionOps scr_ops = {
579     .read = scr_readfn,
580     .write = scr_writefn,
581     .valid.min_access_size = 1,
582     .valid.max_access_size = 4,
583     .endianness = DEVICE_NATIVE_ENDIAN,
584 };
585 
586 #define NEXTDMA_SCSI(x)      (0x10 + x)
587 #define NEXTDMA_FD(x)        (0x10 + x)
588 #define NEXTDMA_ENTX(x)      (0x110 + x)
589 #define NEXTDMA_ENRX(x)      (0x150 + x)
590 #define NEXTDMA_CSR          0x0
591 #define NEXTDMA_NEXT         0x4000
592 #define NEXTDMA_LIMIT        0x4004
593 #define NEXTDMA_START        0x4008
594 #define NEXTDMA_STOP         0x400c
595 #define NEXTDMA_NEXT_INIT    0x4200
596 #define NEXTDMA_SIZE         0x4204
597 
598 static void dma_writel(void *opaque, hwaddr addr, uint64_t value,
599                        unsigned int size)
600 {
601     NeXTState *next_state = NEXT_MACHINE(opaque);
602 
603     switch (addr) {
604     case NEXTDMA_ENRX(NEXTDMA_CSR):
605         if (value & DMA_DEV2M) {
606             next_state->dma[NEXTDMA_ENRX].csr |= DMA_DEV2M;
607         }
608 
609         if (value & DMA_SETENABLE) {
610             /* DPRINTF("SCSI DMA ENABLE\n"); */
611             next_state->dma[NEXTDMA_ENRX].csr |= DMA_ENABLE;
612         }
613         if (value & DMA_SETSUPDATE) {
614             next_state->dma[NEXTDMA_ENRX].csr |= DMA_SUPDATE;
615         }
616         if (value & DMA_CLRCOMPLETE) {
617             next_state->dma[NEXTDMA_ENRX].csr &= ~DMA_COMPLETE;
618         }
619 
620         if (value & DMA_RESET) {
621             next_state->dma[NEXTDMA_ENRX].csr &= ~(DMA_COMPLETE | DMA_SUPDATE |
622                                                   DMA_ENABLE | DMA_DEV2M);
623         }
624         /* DPRINTF("RXCSR \tWrite: %x\n",value); */
625         break;
626     case NEXTDMA_ENRX(NEXTDMA_NEXT_INIT):
627         next_state->dma[NEXTDMA_ENRX].next_initbuf = value;
628         break;
629     case NEXTDMA_ENRX(NEXTDMA_NEXT):
630         next_state->dma[NEXTDMA_ENRX].next = value;
631         break;
632     case NEXTDMA_ENRX(NEXTDMA_LIMIT):
633         next_state->dma[NEXTDMA_ENRX].limit = value;
634         break;
635     case NEXTDMA_SCSI(NEXTDMA_CSR):
636         if (value & DMA_DEV2M) {
637             next_state->dma[NEXTDMA_SCSI].csr |= DMA_DEV2M;
638         }
639         if (value & DMA_SETENABLE) {
640             /* DPRINTF("SCSI DMA ENABLE\n"); */
641             next_state->dma[NEXTDMA_SCSI].csr |= DMA_ENABLE;
642         }
643         if (value & DMA_SETSUPDATE) {
644             next_state->dma[NEXTDMA_SCSI].csr |= DMA_SUPDATE;
645         }
646         if (value & DMA_CLRCOMPLETE) {
647             next_state->dma[NEXTDMA_SCSI].csr &= ~DMA_COMPLETE;
648         }
649 
650         if (value & DMA_RESET) {
651             next_state->dma[NEXTDMA_SCSI].csr &= ~(DMA_COMPLETE | DMA_SUPDATE |
652                                                   DMA_ENABLE | DMA_DEV2M);
653             /* DPRINTF("SCSI DMA RESET\n"); */
654         }
655         /* DPRINTF("RXCSR \tWrite: %x\n",value); */
656         break;
657 
658     case NEXTDMA_SCSI(NEXTDMA_NEXT):
659         next_state->dma[NEXTDMA_SCSI].next = value;
660         break;
661 
662     case NEXTDMA_SCSI(NEXTDMA_LIMIT):
663         next_state->dma[NEXTDMA_SCSI].limit = value;
664         break;
665 
666     case NEXTDMA_SCSI(NEXTDMA_START):
667         next_state->dma[NEXTDMA_SCSI].start = value;
668         break;
669 
670     case NEXTDMA_SCSI(NEXTDMA_STOP):
671         next_state->dma[NEXTDMA_SCSI].stop = value;
672         break;
673 
674     case NEXTDMA_SCSI(NEXTDMA_NEXT_INIT):
675         next_state->dma[NEXTDMA_SCSI].next_initbuf = value;
676         break;
677 
678     default:
679         DPRINTF("DMA write @ %x w/ %x\n", (unsigned)addr, (unsigned)value);
680     }
681 }
682 
683 static uint64_t dma_readl(void *opaque, hwaddr addr, unsigned int size)
684 {
685     NeXTState *next_state = NEXT_MACHINE(opaque);
686 
687     switch (addr) {
688     case NEXTDMA_SCSI(NEXTDMA_CSR):
689         DPRINTF("SCSI DMA CSR READ\n");
690         return next_state->dma[NEXTDMA_SCSI].csr;
691     case NEXTDMA_ENRX(NEXTDMA_CSR):
692         return next_state->dma[NEXTDMA_ENRX].csr;
693     case NEXTDMA_ENRX(NEXTDMA_NEXT_INIT):
694         return next_state->dma[NEXTDMA_ENRX].next_initbuf;
695     case NEXTDMA_ENRX(NEXTDMA_NEXT):
696         return next_state->dma[NEXTDMA_ENRX].next;
697     case NEXTDMA_ENRX(NEXTDMA_LIMIT):
698         return next_state->dma[NEXTDMA_ENRX].limit;
699 
700     case NEXTDMA_SCSI(NEXTDMA_NEXT):
701         return next_state->dma[NEXTDMA_SCSI].next;
702     case NEXTDMA_SCSI(NEXTDMA_NEXT_INIT):
703         return next_state->dma[NEXTDMA_SCSI].next_initbuf;
704     case NEXTDMA_SCSI(NEXTDMA_LIMIT):
705         return next_state->dma[NEXTDMA_SCSI].limit;
706     case NEXTDMA_SCSI(NEXTDMA_START):
707         return next_state->dma[NEXTDMA_SCSI].start;
708     case NEXTDMA_SCSI(NEXTDMA_STOP):
709         return next_state->dma[NEXTDMA_SCSI].stop;
710 
711     default:
712         DPRINTF("DMA read @ %x\n", (unsigned int)addr);
713         return 0;
714     }
715 
716     /*
717      * once the csr's are done, subtract 0x3FEC from the addr, and that will
718      * normalize the upper registers
719      */
720 }
721 
722 static const MemoryRegionOps dma_ops = {
723     .read = dma_readl,
724     .write = dma_writel,
725     .impl.min_access_size = 4,
726     .valid.min_access_size = 4,
727     .valid.max_access_size = 4,
728     .endianness = DEVICE_NATIVE_ENDIAN,
729 };
730 
731 static void next_irq(void *opaque, int number, int level)
732 {
733     NeXTPC *s = NEXT_PC(opaque);
734     M68kCPU *cpu = s->cpu;
735     int shift = 0;
736 
737     /* first switch sets interrupt status */
738     /* DPRINTF("IRQ %i\n",number); */
739     switch (number) {
740     /* level 3 - floppy, kbd/mouse, power, ether rx/tx, scsi, clock */
741     case NEXT_FD_I:
742         shift = 7;
743         break;
744     case NEXT_KBD_I:
745         shift = 3;
746         break;
747     case NEXT_PWR_I:
748         shift = 2;
749         break;
750     case NEXT_ENRX_I:
751         shift = 9;
752         break;
753     case NEXT_ENTX_I:
754         shift = 10;
755         break;
756     case NEXT_SCSI_I:
757         shift = 12;
758         break;
759     case NEXT_CLK_I:
760         shift = 5;
761         break;
762 
763     /* level 5 - scc (serial) */
764     case NEXT_SCC_I:
765         shift = 17;
766         break;
767 
768     /* level 6 - audio etherrx/tx dma */
769     case NEXT_ENTX_DMA_I:
770         shift = 28;
771         break;
772     case NEXT_ENRX_DMA_I:
773         shift = 27;
774         break;
775     case NEXT_SCSI_DMA_I:
776         shift = 26;
777         break;
778     case NEXT_SND_I:
779         shift = 23;
780         break;
781     case NEXT_SCC_DMA_I:
782         shift = 21;
783         break;
784 
785     }
786     /*
787      * this HAS to be wrong, the interrupt handlers in mach and together
788      * int_status and int_mask and return if there is a hit
789      */
790     if (s->int_mask & (1 << shift)) {
791         DPRINTF("%x interrupt masked @ %x\n", 1 << shift, cpu->env.pc);
792         /* return; */
793     }
794 
795     /* second switch triggers the correct interrupt */
796     if (level) {
797         s->int_status |= 1 << shift;
798 
799         switch (number) {
800         /* level 3 - floppy, kbd/mouse, power, ether rx/tx, scsi, clock */
801         case NEXT_FD_I:
802         case NEXT_KBD_I:
803         case NEXT_PWR_I:
804         case NEXT_ENRX_I:
805         case NEXT_ENTX_I:
806         case NEXT_SCSI_I:
807         case NEXT_CLK_I:
808             m68k_set_irq_level(cpu, 3, 27);
809             break;
810 
811         /* level 5 - scc (serial) */
812         case NEXT_SCC_I:
813             m68k_set_irq_level(cpu, 5, 29);
814             break;
815 
816         /* level 6 - audio etherrx/tx dma */
817         case NEXT_ENTX_DMA_I:
818         case NEXT_ENRX_DMA_I:
819         case NEXT_SCSI_DMA_I:
820         case NEXT_SND_I:
821         case NEXT_SCC_DMA_I:
822             m68k_set_irq_level(cpu, 6, 30);
823             break;
824         }
825     } else {
826         s->int_status &= ~(1 << shift);
827         cpu_reset_interrupt(CPU(cpu), CPU_INTERRUPT_HARD);
828     }
829 }
830 
831 static void next_escc_init(DeviceState *pcdev)
832 {
833     DeviceState *dev;
834     SysBusDevice *s;
835 
836     dev = qdev_new(TYPE_ESCC);
837     qdev_prop_set_uint32(dev, "disabled", 0);
838     qdev_prop_set_uint32(dev, "frequency", 9600 * 384);
839     qdev_prop_set_uint32(dev, "it_shift", 0);
840     qdev_prop_set_bit(dev, "bit_swap", true);
841     qdev_prop_set_chr(dev, "chrB", serial_hd(1));
842     qdev_prop_set_chr(dev, "chrA", serial_hd(0));
843     qdev_prop_set_uint32(dev, "chnBtype", escc_serial);
844     qdev_prop_set_uint32(dev, "chnAtype", escc_serial);
845 
846     s = SYS_BUS_DEVICE(dev);
847     sysbus_realize_and_unref(s, &error_fatal);
848     sysbus_connect_irq(s, 0, qdev_get_gpio_in(pcdev, NEXT_SCC_I));
849     sysbus_connect_irq(s, 1, qdev_get_gpio_in(pcdev, NEXT_SCC_DMA_I));
850     sysbus_mmio_map(s, 0, 0x2118000);
851 }
852 
853 static void next_pc_reset(DeviceState *dev)
854 {
855     NeXTPC *s = NEXT_PC(dev);
856 
857     /* Set internal registers to initial values */
858     /*     0x0000XX00 << vital bits */
859     s->scr1 = 0x00011102;
860     s->scr2 = 0x00ff0c80;
861 
862     s->rtc.status = 0x90;
863 
864     /* Load RTC RAM - TODO: provide possibility to load contents from file */
865     memcpy(s->rtc.ram, rtc_ram2, 32);
866 }
867 
868 static void next_pc_realize(DeviceState *dev, Error **errp)
869 {
870     NeXTPC *s = NEXT_PC(dev);
871     SysBusDevice *sbd = SYS_BUS_DEVICE(dev);
872 
873     qdev_init_gpio_in(dev, next_irq, NEXT_NUM_IRQS);
874 
875     memory_region_init_io(&s->mmiomem, OBJECT(s), &mmio_ops, s,
876                           "next.mmio", 0xD0000);
877     memory_region_init_io(&s->scrmem, OBJECT(s), &scr_ops, s,
878                           "next.scr", 0x20000);
879     sysbus_init_mmio(sbd, &s->mmiomem);
880     sysbus_init_mmio(sbd, &s->scrmem);
881 }
882 
883 /*
884  * If the m68k CPU implemented its inbound irq lines as GPIO lines
885  * rather than via the m68k_set_irq_level() function we would not need
886  * this cpu link property and could instead provide outbound IRQ lines
887  * that the board could wire up to the CPU.
888  */
889 static Property next_pc_properties[] = {
890     DEFINE_PROP_LINK("cpu", NeXTPC, cpu, TYPE_M68K_CPU, M68kCPU *),
891     DEFINE_PROP_END_OF_LIST(),
892 };
893 
894 static const VMStateDescription next_rtc_vmstate = {
895     .name = "next-rtc",
896     .version_id = 1,
897     .minimum_version_id = 1,
898     .fields = (VMStateField[]) {
899         VMSTATE_UINT8_ARRAY(ram, NextRtc, 32),
900         VMSTATE_UINT8(command, NextRtc),
901         VMSTATE_UINT8(value, NextRtc),
902         VMSTATE_UINT8(status, NextRtc),
903         VMSTATE_UINT8(control, NextRtc),
904         VMSTATE_UINT8(retval, NextRtc),
905         VMSTATE_END_OF_LIST()
906     },
907 };
908 
909 static const VMStateDescription next_pc_vmstate = {
910     .name = "next-pc",
911     .version_id = 1,
912     .minimum_version_id = 1,
913     .fields = (VMStateField[]) {
914         VMSTATE_UINT32(scr1, NeXTPC),
915         VMSTATE_UINT32(scr2, NeXTPC),
916         VMSTATE_UINT32(int_mask, NeXTPC),
917         VMSTATE_UINT32(int_status, NeXTPC),
918         VMSTATE_UINT8(scsi_csr_1, NeXTPC),
919         VMSTATE_UINT8(scsi_csr_2, NeXTPC),
920         VMSTATE_STRUCT(rtc, NeXTPC, 0, next_rtc_vmstate, NextRtc),
921         VMSTATE_END_OF_LIST()
922     },
923 };
924 
925 static void next_pc_class_init(ObjectClass *klass, void *data)
926 {
927     DeviceClass *dc = DEVICE_CLASS(klass);
928 
929     dc->desc = "NeXT Peripheral Controller";
930     dc->realize = next_pc_realize;
931     dc->reset = next_pc_reset;
932     device_class_set_props(dc, next_pc_properties);
933     dc->vmsd = &next_pc_vmstate;
934 }
935 
936 static const TypeInfo next_pc_info = {
937     .name = TYPE_NEXT_PC,
938     .parent = TYPE_SYS_BUS_DEVICE,
939     .instance_size = sizeof(NeXTPC),
940     .class_init = next_pc_class_init,
941 };
942 
943 static void next_cube_init(MachineState *machine)
944 {
945     M68kCPU *cpu;
946     CPUM68KState *env;
947     MemoryRegion *rom = g_new(MemoryRegion, 1);
948     MemoryRegion *dmamem = g_new(MemoryRegion, 1);
949     MemoryRegion *bmapm1 = g_new(MemoryRegion, 1);
950     MemoryRegion *bmapm2 = g_new(MemoryRegion, 1);
951     MemoryRegion *sysmem = get_system_memory();
952     const char *bios_name = machine->firmware ?: ROM_FILE;
953     DeviceState *dev;
954     DeviceState *pcdev;
955 
956     /* Initialize the cpu core */
957     cpu = M68K_CPU(cpu_create(machine->cpu_type));
958     if (!cpu) {
959         error_report("Unable to find m68k CPU definition");
960         exit(1);
961     }
962     env = &cpu->env;
963 
964     /* Initialize CPU registers.  */
965     env->vbr = 0;
966     env->sr  = 0x2700;
967 
968     /* Peripheral Controller */
969     pcdev = qdev_new(TYPE_NEXT_PC);
970     object_property_set_link(OBJECT(pcdev), "cpu", OBJECT(cpu), &error_abort);
971     sysbus_realize_and_unref(SYS_BUS_DEVICE(pcdev), &error_fatal);
972 
973     /* 64MB RAM starting at 0x04000000  */
974     memory_region_add_subregion(sysmem, 0x04000000, machine->ram);
975 
976     /* Framebuffer */
977     dev = qdev_new(TYPE_NEXTFB);
978     sysbus_realize_and_unref(SYS_BUS_DEVICE(dev), &error_fatal);
979     sysbus_mmio_map(SYS_BUS_DEVICE(dev), 0, 0x0B000000);
980 
981     /* MMIO */
982     sysbus_mmio_map(SYS_BUS_DEVICE(pcdev), 0, 0x02000000);
983 
984     /* BMAP IO - acts as a catch-all for now */
985     sysbus_mmio_map(SYS_BUS_DEVICE(pcdev), 1, 0x02100000);
986 
987     /* BMAP memory */
988     memory_region_init_ram_flags_nomigrate(bmapm1, NULL, "next.bmapmem", 64,
989                                            RAM_SHARED, &error_fatal);
990     memory_region_add_subregion(sysmem, 0x020c0000, bmapm1);
991     /* The Rev_2.5_v66.bin firmware accesses it at 0x820c0020, too */
992     memory_region_init_alias(bmapm2, NULL, "next.bmapmem2", bmapm1, 0x0, 64);
993     memory_region_add_subregion(sysmem, 0x820c0000, bmapm2);
994 
995     /* KBD */
996     dev = qdev_new(TYPE_NEXTKBD);
997     sysbus_realize_and_unref(SYS_BUS_DEVICE(dev), &error_fatal);
998     sysbus_mmio_map(SYS_BUS_DEVICE(dev), 0, 0x0200e000);
999 
1000     /* Load ROM here */
1001     /* still not sure if the rom should also be mapped at 0x0*/
1002     memory_region_init_rom(rom, NULL, "next.rom", 0x20000, &error_fatal);
1003     memory_region_add_subregion(sysmem, 0x01000000, rom);
1004     if (load_image_targphys(bios_name, 0x01000000, 0x20000) < 8) {
1005         if (!qtest_enabled()) {
1006             error_report("Failed to load firmware '%s'.", bios_name);
1007         }
1008     } else {
1009         uint8_t *ptr;
1010         /* Initial PC is always at offset 4 in firmware binaries */
1011         ptr = rom_ptr(0x01000004, 4);
1012         g_assert(ptr != NULL);
1013         env->pc = ldl_p(ptr);
1014         if (env->pc >= 0x01020000) {
1015             error_report("'%s' does not seem to be a valid firmware image.",
1016                          bios_name);
1017             exit(1);
1018         }
1019     }
1020 
1021     /* Serial */
1022     next_escc_init(pcdev);
1023 
1024     /* TODO: */
1025     /* Network */
1026     /* SCSI */
1027 
1028     /* DMA */
1029     memory_region_init_io(dmamem, NULL, &dma_ops, machine, "next.dma", 0x5000);
1030     memory_region_add_subregion(sysmem, 0x02000000, dmamem);
1031 }
1032 
1033 static void next_machine_class_init(ObjectClass *oc, void *data)
1034 {
1035     MachineClass *mc = MACHINE_CLASS(oc);
1036 
1037     mc->desc = "NeXT Cube";
1038     mc->init = next_cube_init;
1039     mc->default_ram_size = RAM_SIZE;
1040     mc->default_ram_id = "next.ram";
1041     mc->default_cpu_type = M68K_CPU_TYPE_NAME("m68040");
1042 }
1043 
1044 static const TypeInfo next_typeinfo = {
1045     .name = TYPE_NEXT_MACHINE,
1046     .parent = TYPE_MACHINE,
1047     .class_init = next_machine_class_init,
1048     .instance_size = sizeof(NeXTState),
1049 };
1050 
1051 static void next_register_type(void)
1052 {
1053     type_register_static(&next_typeinfo);
1054     type_register_static(&next_pc_info);
1055 }
1056 
1057 type_init(next_register_type)
1058