xref: /openbmc/qemu/hw/m68k/next-cube.c (revision ebe15582)
1 /*
2  * NeXT Cube System Driver
3  *
4  * Copyright (c) 2011 Bryce Lanham
5  *
6  * This code is free software; you can redistribute it and/or modify
7  * it under the terms of the GNU General Public License as published
8  * by the Free Software Foundation; either version 2 of the License,
9  * or (at your option) any later version.
10  */
11 
12 #include "qemu/osdep.h"
13 #include "cpu.h"
14 #include "exec/hwaddr.h"
15 #include "exec/address-spaces.h"
16 #include "sysemu/sysemu.h"
17 #include "sysemu/qtest.h"
18 #include "hw/irq.h"
19 #include "hw/m68k/next-cube.h"
20 #include "hw/boards.h"
21 #include "hw/loader.h"
22 #include "hw/scsi/esp.h"
23 #include "hw/sysbus.h"
24 #include "hw/char/escc.h" /* ZILOG 8530 Serial Emulation */
25 #include "hw/block/fdc.h"
26 #include "hw/qdev-properties.h"
27 #include "qapi/error.h"
28 #include "ui/console.h"
29 #include "target/m68k/cpu.h"
30 
31 /* #define DEBUG_NEXT */
32 #ifdef DEBUG_NEXT
33 #define DPRINTF(fmt, ...) \
34     do { printf("NeXT: " fmt , ## __VA_ARGS__); } while (0)
35 #else
36 #define DPRINTF(fmt, ...) do { } while (0)
37 #endif
38 
39 #define TYPE_NEXT_MACHINE MACHINE_TYPE_NAME("next-cube")
40 #define NEXT_MACHINE(obj) OBJECT_CHECK(NeXTState, (obj), TYPE_NEXT_MACHINE)
41 
42 #define ENTRY       0x0100001e
43 #define RAM_SIZE    0x4000000
44 #define ROM_FILE    "Rev_2.5_v66.bin"
45 
46 typedef struct next_dma {
47     uint32_t csr;
48 
49     uint32_t saved_next;
50     uint32_t saved_limit;
51     uint32_t saved_start;
52     uint32_t saved_stop;
53 
54     uint32_t next;
55     uint32_t limit;
56     uint32_t start;
57     uint32_t stop;
58 
59     uint32_t next_initbuf;
60     uint32_t size;
61 } next_dma;
62 
63 typedef struct {
64     MachineState parent;
65 
66     uint32_t int_mask;
67     uint32_t int_status;
68 
69     uint8_t scsi_csr_1;
70     uint8_t scsi_csr_2;
71     next_dma dma[10];
72     qemu_irq *scsi_irq;
73     qemu_irq scsi_dma;
74     qemu_irq scsi_reset;
75     qemu_irq *fd_irq;
76 
77     uint32_t scr1;
78     uint32_t scr2;
79 
80     uint8_t rtc_ram[32];
81 } NeXTState;
82 
83 /* Thanks to NeXT forums for this */
84 /*
85 static const uint8_t rtc_ram3[32] = {
86     0x94, 0x0f, 0x40, 0x00, 0x00, 0x00, 0x00, 0x00,
87     0x00, 0x00, 0xfb, 0x6d, 0x00, 0x00, 0x7B, 0x00,
88     0x00, 0x00, 0x65, 0x6e, 0x00, 0x00, 0x00, 0x00,
89     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x50, 0x13
90 };
91 */
92 static const uint8_t rtc_ram2[32] = {
93     0x94, 0x0f, 0x40, 0x03, 0x00, 0x00, 0x00, 0x00,
94     0x00, 0x00, 0xfb, 0x6d, 0x00, 0x00, 0x4b, 0x00,
95     0x41, 0x00, 0x20, 0x00, 0x00, 0x00, 0x00, 0x00,
96     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x84, 0x7e,
97 };
98 
99 #define SCR2_RTCLK 0x2
100 #define SCR2_RTDATA 0x4
101 #define SCR2_TOBCD(x) (((x / 10) << 4) + (x % 10))
102 
103 static void nextscr2_write(NeXTState *s, uint32_t val, int size)
104 {
105     static int led;
106     static int phase;
107     static uint8_t old_scr2;
108     static uint8_t rtc_command;
109     static uint8_t rtc_value;
110     static uint8_t rtc_status = 0x90;
111     static uint8_t rtc_return;
112     uint8_t scr2_2;
113 
114     if (size == 4) {
115         scr2_2 = (val >> 8) & 0xFF;
116     } else {
117         scr2_2 = val & 0xFF;
118     }
119 
120     if (val & 0x1) {
121         DPRINTF("fault!\n");
122         led++;
123         if (led == 10) {
124             DPRINTF("LED flashing, possible fault!\n");
125             led = 0;
126         }
127     }
128 
129     if (scr2_2 & 0x1) {
130         /* DPRINTF("RTC %x phase %i\n", scr2_2, phase); */
131         if (phase == -1) {
132             phase = 0;
133         }
134         /* If we are in going down clock... do something */
135         if (((old_scr2 & SCR2_RTCLK) != (scr2_2 & SCR2_RTCLK)) &&
136                 ((scr2_2 & SCR2_RTCLK) == 0)) {
137             if (phase < 8) {
138                 rtc_command = (rtc_command << 1) |
139                               ((scr2_2 & SCR2_RTDATA) ? 1 : 0);
140             }
141             if (phase >= 8 && phase < 16) {
142                 rtc_value = (rtc_value << 1) | ((scr2_2 & SCR2_RTDATA) ? 1 : 0);
143 
144                 /* if we read RAM register, output RT_DATA bit */
145                 if (rtc_command <= 0x1F) {
146                     scr2_2 = scr2_2 & (~SCR2_RTDATA);
147                     if (s->rtc_ram[rtc_command] & (0x80 >> (phase - 8))) {
148                         scr2_2 |= SCR2_RTDATA;
149                     }
150 
151                     rtc_return = (rtc_return << 1) |
152                                  ((scr2_2 & SCR2_RTDATA) ? 1 : 0);
153                 }
154                 /* read the status 0x30 */
155                 if (rtc_command == 0x30) {
156                     scr2_2 = scr2_2 & (~SCR2_RTDATA);
157                     /* for now status = 0x98 (new rtc + FTU) */
158                     if (rtc_status & (0x80 >> (phase - 8))) {
159                         scr2_2 |= SCR2_RTDATA;
160                     }
161 
162                     rtc_return = (rtc_return << 1) |
163                                  ((scr2_2 & SCR2_RTDATA) ? 1 : 0);
164                 }
165                 /* read the status 0x31 */
166                 if (rtc_command == 0x31) {
167                     scr2_2 = scr2_2 & (~SCR2_RTDATA);
168                     /* for now 0x00 */
169                     if (0x00 & (0x80 >> (phase - 8))) {
170                         scr2_2 |= SCR2_RTDATA;
171                     }
172                     rtc_return = (rtc_return << 1) |
173                                  ((scr2_2 & SCR2_RTDATA) ? 1 : 0);
174                 }
175 
176                 if ((rtc_command >= 0x20) && (rtc_command <= 0x2F)) {
177                     scr2_2 = scr2_2 & (~SCR2_RTDATA);
178                     /* for now 0x00 */
179                     time_t time_h = time(NULL);
180                     struct tm *info = localtime(&time_h);
181                     int ret = 0;
182 
183                     switch (rtc_command) {
184                     case 0x20:
185                         ret = SCR2_TOBCD(info->tm_sec);
186                         break;
187                     case 0x21:
188                         ret = SCR2_TOBCD(info->tm_min);
189                         break;
190                     case 0x22:
191                         ret = SCR2_TOBCD(info->tm_hour);
192                         break;
193                     case 0x24:
194                         ret = SCR2_TOBCD(info->tm_mday);
195                         break;
196                     case 0x25:
197                         ret = SCR2_TOBCD((info->tm_mon + 1));
198                         break;
199                     case 0x26:
200                         ret = SCR2_TOBCD((info->tm_year - 100));
201                         break;
202 
203                     }
204 
205                     if (ret & (0x80 >> (phase - 8))) {
206                         scr2_2 |= SCR2_RTDATA;
207                     }
208                     rtc_return = (rtc_return << 1) |
209                                  ((scr2_2 & SCR2_RTDATA) ? 1 : 0);
210                 }
211 
212             }
213 
214             phase++;
215             if (phase == 16) {
216                 if (rtc_command >= 0x80 && rtc_command <= 0x9F) {
217                     s->rtc_ram[rtc_command - 0x80] = rtc_value;
218                 }
219                 /* write to x30 register */
220                 if (rtc_command == 0xB1) {
221                     /* clear FTU */
222                     if (rtc_value & 0x04) {
223                         rtc_status = rtc_status & (~0x18);
224                         s->int_status = s->int_status & (~0x04);
225                     }
226                 }
227             }
228         }
229     } else {
230         /* else end or abort */
231         phase = -1;
232         rtc_command = 0;
233         rtc_value = 0;
234     }
235     s->scr2 = val & 0xFFFF00FF;
236     s->scr2 |= scr2_2 << 8;
237     old_scr2 = scr2_2;
238 }
239 
240 static uint32_t mmio_readb(NeXTState *s, hwaddr addr)
241 {
242     switch (addr) {
243     case 0xc000:
244         return (s->scr1 >> 24) & 0xFF;
245     case 0xc001:
246         return (s->scr1 >> 16) & 0xFF;
247     case 0xc002:
248         return (s->scr1 >> 8)  & 0xFF;
249     case 0xc003:
250         return (s->scr1 >> 0)  & 0xFF;
251 
252     case 0xd000:
253         return (s->scr2 >> 24) & 0xFF;
254     case 0xd001:
255         return (s->scr2 >> 16) & 0xFF;
256     case 0xd002:
257         return (s->scr2 >> 8)  & 0xFF;
258     case 0xd003:
259         return (s->scr2 >> 0)  & 0xFF;
260     case 0x14020:
261         DPRINTF("MMIO Read 0x4020\n");
262         return 0x7f;
263 
264     default:
265         DPRINTF("MMIO Read B @ %"HWADDR_PRIx"\n", addr);
266         return 0x0;
267     }
268 }
269 
270 static uint32_t mmio_readw(NeXTState *s, hwaddr addr)
271 {
272     switch (addr) {
273     default:
274         DPRINTF("MMIO Read W @ %"HWADDR_PRIx"\n", addr);
275         return 0x0;
276     }
277 }
278 
279 static uint32_t mmio_readl(NeXTState *s, hwaddr addr)
280 {
281     switch (addr) {
282     case 0x7000:
283         /* DPRINTF("Read INT status: %x\n", s->int_status); */
284         return s->int_status;
285 
286     case 0x7800:
287         DPRINTF("MMIO Read INT mask: %x\n", s->int_mask);
288         return s->int_mask;
289 
290     case 0xc000:
291         return s->scr1;
292 
293     case 0xd000:
294         return s->scr2;
295 
296     default:
297         DPRINTF("MMIO Read L @ %"HWADDR_PRIx"\n", addr);
298         return 0x0;
299     }
300 }
301 
302 static void mmio_writeb(NeXTState *s, hwaddr addr, uint32_t val)
303 {
304     switch (addr) {
305     case 0xd003:
306         nextscr2_write(s, val, 1);
307         break;
308     default:
309         DPRINTF("MMIO Write B @ %x with %x\n", (unsigned int)addr, val);
310     }
311 
312 }
313 
314 static void mmio_writew(NeXTState *s, hwaddr addr, uint32_t val)
315 {
316     DPRINTF("MMIO Write W\n");
317 }
318 
319 static void mmio_writel(NeXTState *s, hwaddr addr, uint32_t val)
320 {
321     switch (addr) {
322     case 0x7000:
323         DPRINTF("INT Status old: %x new: %x\n", s->int_status, val);
324         s->int_status = val;
325         break;
326     case 0x7800:
327         DPRINTF("INT Mask old: %x new: %x\n", s->int_mask, val);
328         s->int_mask  = val;
329         break;
330     case 0xc000:
331         DPRINTF("SCR1 Write: %x\n", val);
332         break;
333     case 0xd000:
334         nextscr2_write(s, val, 4);
335         break;
336 
337     default:
338         DPRINTF("MMIO Write l @ %x with %x\n", (unsigned int)addr, val);
339     }
340 }
341 
342 static uint64_t mmio_readfn(void *opaque, hwaddr addr, unsigned size)
343 {
344     NeXTState *ns = NEXT_MACHINE(opaque);
345 
346     switch (size) {
347     case 1:
348         return mmio_readb(ns, addr);
349     case 2:
350         return mmio_readw(ns, addr);
351     case 4:
352         return mmio_readl(ns, addr);
353     default:
354         g_assert_not_reached();
355     }
356 }
357 
358 static void mmio_writefn(void *opaque, hwaddr addr, uint64_t value,
359                          unsigned size)
360 {
361     NeXTState *ns = NEXT_MACHINE(opaque);
362 
363     switch (size) {
364     case 1:
365         mmio_writeb(ns, addr, value);
366         break;
367     case 2:
368         mmio_writew(ns, addr, value);
369         break;
370     case 4:
371         mmio_writel(ns, addr, value);
372         break;
373     default:
374         g_assert_not_reached();
375     }
376 }
377 
378 static const MemoryRegionOps mmio_ops = {
379     .read = mmio_readfn,
380     .write = mmio_writefn,
381     .valid.min_access_size = 1,
382     .valid.max_access_size = 4,
383     .endianness = DEVICE_NATIVE_ENDIAN,
384 };
385 
386 static uint32_t scr_readb(NeXTState *s, hwaddr addr)
387 {
388     switch (addr) {
389     case 0x14108:
390         DPRINTF("FD read @ %x\n", (unsigned int)addr);
391         return 0x40 | 0x04 | 0x2 | 0x1;
392     case 0x14020:
393         DPRINTF("SCSI 4020  STATUS READ %X\n", s->scsi_csr_1);
394         return s->scsi_csr_1;
395 
396     case 0x14021:
397         DPRINTF("SCSI 4021 STATUS READ %X\n", s->scsi_csr_2);
398         return 0x40;
399 
400     /*
401      * These 4 registers are the hardware timer, not sure which register
402      * is the latch instead of data, but no problems so far
403      */
404     case 0x1a000:
405         return 0xff & (clock() >> 24);
406     case 0x1a001:
407         return 0xff & (clock() >> 16);
408     case 0x1a002:
409         return 0xff & (clock() >> 8);
410     case 0x1a003:
411         /* Hack: We need to have this change consistently to make it work */
412         return 0xFF & clock();
413 
414     default:
415         DPRINTF("BMAP Read B @ %x\n", (unsigned int)addr);
416         return 0;
417     }
418 }
419 
420 static uint32_t scr_readw(NeXTState *s, hwaddr addr)
421 {
422     DPRINTF("BMAP Read W @ %x\n", (unsigned int)addr);
423     return 0;
424 }
425 
426 static uint32_t scr_readl(NeXTState *s, hwaddr addr)
427 {
428     DPRINTF("BMAP Read L @ %x\n", (unsigned int)addr);
429     return 0;
430 }
431 
432 #define SCSICSR_ENABLE  0x01
433 #define SCSICSR_RESET   0x02  /* reset scsi dma */
434 #define SCSICSR_FIFOFL  0x04
435 #define SCSICSR_DMADIR  0x08  /* if set, scsi to mem */
436 #define SCSICSR_CPUDMA  0x10  /* if set, dma enabled */
437 #define SCSICSR_INTMASK 0x20  /* if set, interrupt enabled */
438 
439 static void scr_writeb(NeXTState *s, hwaddr addr, uint32_t value)
440 {
441     switch (addr) {
442     case 0x14108:
443         DPRINTF("FDCSR Write: %x\n", value);
444 
445         if (value == 0x0) {
446             /* qemu_irq_raise(s->fd_irq[0]); */
447         }
448         break;
449     case 0x14020: /* SCSI Control Register */
450         if (value & SCSICSR_FIFOFL) {
451             DPRINTF("SCSICSR FIFO Flush\n");
452             /* will have to add another irq to the esp if this is needed */
453             /* esp_puflush_fifo(esp_g); */
454             /* qemu_irq_pulse(s->scsi_dma); */
455         }
456 
457         if (value & SCSICSR_ENABLE) {
458             DPRINTF("SCSICSR Enable\n");
459             /*
460              * qemu_irq_raise(s->scsi_dma);
461              * s->scsi_csr_1 = 0xc0;
462              * s->scsi_csr_1 |= 0x1;
463              * qemu_irq_pulse(s->scsi_dma);
464              */
465         }
466         /*
467          * else
468          *     s->scsi_csr_1 &= ~SCSICSR_ENABLE;
469          */
470 
471         if (value & SCSICSR_RESET) {
472             DPRINTF("SCSICSR Reset\n");
473             /* I think this should set DMADIR. CPUDMA and INTMASK to 0 */
474             /* qemu_irq_raise(s->scsi_reset); */
475             /* s->scsi_csr_1 &= ~(SCSICSR_INTMASK |0x80|0x1); */
476 
477         }
478         if (value & SCSICSR_DMADIR) {
479             DPRINTF("SCSICSR DMAdir\n");
480         }
481         if (value & SCSICSR_CPUDMA) {
482             DPRINTF("SCSICSR CPUDMA\n");
483             /* qemu_irq_raise(s->scsi_dma); */
484 
485             s->int_status |= 0x4000000;
486         } else {
487             s->int_status &= ~(0x4000000);
488         }
489         if (value & SCSICSR_INTMASK) {
490             DPRINTF("SCSICSR INTMASK\n");
491             /*
492              * int_mask &= ~0x1000;
493              * s->scsi_csr_1 |= value;
494              * s->scsi_csr_1 &= ~SCSICSR_INTMASK;
495              * if (s->scsi_queued) {
496              *     s->scsi_queued = 0;
497              *     next_irq(s, NEXT_SCSI_I, level);
498              * }
499              */
500         } else {
501             /* int_mask |= 0x1000; */
502         }
503         if (value & 0x80) {
504             /* int_mask |= 0x1000; */
505             /* s->scsi_csr_1 |= 0x80; */
506         }
507         DPRINTF("SCSICSR Write: %x\n", value);
508         /* s->scsi_csr_1 = value; */
509         return;
510     /* Hardware timer latch - not implemented yet */
511     case 0x1a000:
512     default:
513         DPRINTF("BMAP Write B @ %x with %x\n", (unsigned int)addr, value);
514     }
515 }
516 
517 static void scr_writew(NeXTState *s, hwaddr addr, uint32_t value)
518 {
519     DPRINTF("BMAP Write W @ %x with %x\n", (unsigned int)addr, value);
520 }
521 
522 static void scr_writel(NeXTState *s, hwaddr addr, uint32_t value)
523 {
524     DPRINTF("BMAP Write L @ %x with %x\n", (unsigned int)addr, value);
525 }
526 
527 static uint64_t scr_readfn(void *opaque, hwaddr addr, unsigned size)
528 {
529     NeXTState *ns = NEXT_MACHINE(opaque);
530 
531     switch (size) {
532     case 1:
533         return scr_readb(ns, addr);
534     case 2:
535         return scr_readw(ns, addr);
536     case 4:
537         return scr_readl(ns, addr);
538     default:
539         g_assert_not_reached();
540     }
541 }
542 
543 static void scr_writefn(void *opaque, hwaddr addr, uint64_t value,
544                         unsigned size)
545 {
546     NeXTState *ns = NEXT_MACHINE(opaque);
547 
548     switch (size) {
549     case 1:
550         scr_writeb(ns, addr, value);
551         break;
552     case 2:
553         scr_writew(ns, addr, value);
554         break;
555     case 4:
556         scr_writel(ns, addr, value);
557         break;
558     default:
559         g_assert_not_reached();
560     }
561 }
562 
563 static const MemoryRegionOps scr_ops = {
564     .read = scr_readfn,
565     .write = scr_writefn,
566     .valid.min_access_size = 1,
567     .valid.max_access_size = 4,
568     .endianness = DEVICE_NATIVE_ENDIAN,
569 };
570 
571 #define NEXTDMA_SCSI(x)      (0x10 + x)
572 #define NEXTDMA_FD(x)        (0x10 + x)
573 #define NEXTDMA_ENTX(x)      (0x110 + x)
574 #define NEXTDMA_ENRX(x)      (0x150 + x)
575 #define NEXTDMA_CSR          0x0
576 #define NEXTDMA_NEXT         0x4000
577 #define NEXTDMA_LIMIT        0x4004
578 #define NEXTDMA_START        0x4008
579 #define NEXTDMA_STOP         0x400c
580 #define NEXTDMA_NEXT_INIT    0x4200
581 #define NEXTDMA_SIZE         0x4204
582 
583 static void dma_writel(void *opaque, hwaddr addr, uint64_t value,
584                        unsigned int size)
585 {
586     NeXTState *next_state = NEXT_MACHINE(opaque);
587 
588     switch (addr) {
589     case NEXTDMA_ENRX(NEXTDMA_CSR):
590         if (value & DMA_DEV2M) {
591             next_state->dma[NEXTDMA_ENRX].csr |= DMA_DEV2M;
592         }
593 
594         if (value & DMA_SETENABLE) {
595             /* DPRINTF("SCSI DMA ENABLE\n"); */
596             next_state->dma[NEXTDMA_ENRX].csr |= DMA_ENABLE;
597         }
598         if (value & DMA_SETSUPDATE) {
599             next_state->dma[NEXTDMA_ENRX].csr |= DMA_SUPDATE;
600         }
601         if (value & DMA_CLRCOMPLETE) {
602             next_state->dma[NEXTDMA_ENRX].csr &= ~DMA_COMPLETE;
603         }
604 
605         if (value & DMA_RESET) {
606             next_state->dma[NEXTDMA_ENRX].csr &= ~(DMA_COMPLETE | DMA_SUPDATE |
607                                                   DMA_ENABLE | DMA_DEV2M);
608         }
609         /* DPRINTF("RXCSR \tWrite: %x\n",value); */
610         break;
611     case NEXTDMA_ENRX(NEXTDMA_NEXT_INIT):
612         next_state->dma[NEXTDMA_ENRX].next_initbuf = value;
613         break;
614     case NEXTDMA_ENRX(NEXTDMA_NEXT):
615         next_state->dma[NEXTDMA_ENRX].next = value;
616         break;
617     case NEXTDMA_ENRX(NEXTDMA_LIMIT):
618         next_state->dma[NEXTDMA_ENRX].limit = value;
619         break;
620     case NEXTDMA_SCSI(NEXTDMA_CSR):
621         if (value & DMA_DEV2M) {
622             next_state->dma[NEXTDMA_SCSI].csr |= DMA_DEV2M;
623         }
624         if (value & DMA_SETENABLE) {
625             /* DPRINTF("SCSI DMA ENABLE\n"); */
626             next_state->dma[NEXTDMA_SCSI].csr |= DMA_ENABLE;
627         }
628         if (value & DMA_SETSUPDATE) {
629             next_state->dma[NEXTDMA_SCSI].csr |= DMA_SUPDATE;
630         }
631         if (value & DMA_CLRCOMPLETE) {
632             next_state->dma[NEXTDMA_SCSI].csr &= ~DMA_COMPLETE;
633         }
634 
635         if (value & DMA_RESET) {
636             next_state->dma[NEXTDMA_SCSI].csr &= ~(DMA_COMPLETE | DMA_SUPDATE |
637                                                   DMA_ENABLE | DMA_DEV2M);
638             /* DPRINTF("SCSI DMA RESET\n"); */
639         }
640         /* DPRINTF("RXCSR \tWrite: %x\n",value); */
641         break;
642 
643     case NEXTDMA_SCSI(NEXTDMA_NEXT):
644         next_state->dma[NEXTDMA_SCSI].next = value;
645         break;
646 
647     case NEXTDMA_SCSI(NEXTDMA_LIMIT):
648         next_state->dma[NEXTDMA_SCSI].limit = value;
649         break;
650 
651     case NEXTDMA_SCSI(NEXTDMA_START):
652         next_state->dma[NEXTDMA_SCSI].start = value;
653         break;
654 
655     case NEXTDMA_SCSI(NEXTDMA_STOP):
656         next_state->dma[NEXTDMA_SCSI].stop = value;
657         break;
658 
659     case NEXTDMA_SCSI(NEXTDMA_NEXT_INIT):
660         next_state->dma[NEXTDMA_SCSI].next_initbuf = value;
661         break;
662 
663     default:
664         DPRINTF("DMA write @ %x w/ %x\n", (unsigned)addr, (unsigned)value);
665     }
666 }
667 
668 static uint64_t dma_readl(void *opaque, hwaddr addr, unsigned int size)
669 {
670     NeXTState *next_state = NEXT_MACHINE(opaque);
671 
672     switch (addr) {
673     case NEXTDMA_SCSI(NEXTDMA_CSR):
674         DPRINTF("SCSI DMA CSR READ\n");
675         return next_state->dma[NEXTDMA_SCSI].csr;
676     case NEXTDMA_ENRX(NEXTDMA_CSR):
677         return next_state->dma[NEXTDMA_ENRX].csr;
678     case NEXTDMA_ENRX(NEXTDMA_NEXT_INIT):
679         return next_state->dma[NEXTDMA_ENRX].next_initbuf;
680     case NEXTDMA_ENRX(NEXTDMA_NEXT):
681         return next_state->dma[NEXTDMA_ENRX].next;
682     case NEXTDMA_ENRX(NEXTDMA_LIMIT):
683         return next_state->dma[NEXTDMA_ENRX].limit;
684 
685     case NEXTDMA_SCSI(NEXTDMA_NEXT):
686         return next_state->dma[NEXTDMA_SCSI].next;
687     case NEXTDMA_SCSI(NEXTDMA_NEXT_INIT):
688         return next_state->dma[NEXTDMA_SCSI].next_initbuf;
689     case NEXTDMA_SCSI(NEXTDMA_LIMIT):
690         return next_state->dma[NEXTDMA_SCSI].limit;
691     case NEXTDMA_SCSI(NEXTDMA_START):
692         return next_state->dma[NEXTDMA_SCSI].start;
693     case NEXTDMA_SCSI(NEXTDMA_STOP):
694         return next_state->dma[NEXTDMA_SCSI].stop;
695 
696     default:
697         DPRINTF("DMA read @ %x\n", (unsigned int)addr);
698         return 0;
699     }
700 
701     /*
702      * once the csr's are done, subtract 0x3FEC from the addr, and that will
703      * normalize the upper registers
704      */
705 }
706 
707 static const MemoryRegionOps dma_ops = {
708     .read = dma_readl,
709     .write = dma_writel,
710     .impl.min_access_size = 4,
711     .valid.min_access_size = 4,
712     .valid.max_access_size = 4,
713     .endianness = DEVICE_NATIVE_ENDIAN,
714 };
715 
716 /*
717  * TODO: set the shift numbers as values in the enum, so the first switch
718  * will not be needed
719  */
720 void next_irq(void *opaque, int number, int level)
721 {
722     M68kCPU *cpu = opaque;
723     int shift = 0;
724     NeXTState *ns = NEXT_MACHINE(qdev_get_machine());
725 
726     /* first switch sets interupt status */
727     /* DPRINTF("IRQ %i\n",number); */
728     switch (number) {
729     /* level 3 - floppy, kbd/mouse, power, ether rx/tx, scsi, clock */
730     case NEXT_FD_I:
731         shift = 7;;
732         break;
733     case NEXT_KBD_I:
734         shift = 3;
735         break;
736     case NEXT_PWR_I:
737         shift = 2;
738         break;
739     case NEXT_ENRX_I:
740         shift = 9;
741         break;
742     case NEXT_ENTX_I:
743         shift = 10;
744         break;
745     case NEXT_SCSI_I:
746         shift = 12;
747         break;
748     case NEXT_CLK_I:
749         shift = 5;
750         break;
751 
752     /* level 5 - scc (serial) */
753     case NEXT_SCC_I:
754         shift = 17;
755         break;
756 
757     /* level 6 - audio etherrx/tx dma */
758     case NEXT_ENTX_DMA_I:
759         shift = 28;
760         break;
761     case NEXT_ENRX_DMA_I:
762         shift = 27;
763         break;
764     case NEXT_SCSI_DMA_I:
765         shift = 26;
766         break;
767     case NEXT_SND_I:
768         shift = 23;
769         break;
770     case NEXT_SCC_DMA_I:
771         shift = 21;
772         break;
773 
774     }
775     /*
776      * this HAS to be wrong, the interrupt handlers in mach and together
777      * int_status and int_mask and return if there is a hit
778      */
779     if (ns->int_mask & (1 << shift)) {
780         DPRINTF("%x interrupt masked @ %x\n", 1 << shift, cpu->env.pc);
781         /* return; */
782     }
783 
784     /* second switch triggers the correct interrupt */
785     if (level) {
786         ns->int_status |= 1 << shift;
787 
788         switch (number) {
789         /* level 3 - floppy, kbd/mouse, power, ether rx/tx, scsi, clock */
790         case NEXT_FD_I:
791         case NEXT_KBD_I:
792         case NEXT_PWR_I:
793         case NEXT_ENRX_I:
794         case NEXT_ENTX_I:
795         case NEXT_SCSI_I:
796         case NEXT_CLK_I:
797             m68k_set_irq_level(cpu, 3, 27);
798             break;
799 
800         /* level 5 - scc (serial) */
801         case NEXT_SCC_I:
802             m68k_set_irq_level(cpu, 5, 29);
803             break;
804 
805         /* level 6 - audio etherrx/tx dma */
806         case NEXT_ENTX_DMA_I:
807         case NEXT_ENRX_DMA_I:
808         case NEXT_SCSI_DMA_I:
809         case NEXT_SND_I:
810         case NEXT_SCC_DMA_I:
811             m68k_set_irq_level(cpu, 6, 30);
812             break;
813         }
814     } else {
815         ns->int_status &= ~(1 << shift);
816         cpu_reset_interrupt(CPU(cpu), CPU_INTERRUPT_HARD);
817     }
818 }
819 
820 static void next_serial_irq(void *opaque, int n, int level)
821 {
822     /* DPRINTF("SCC IRQ NUM %i\n",n); */
823     if (n) {
824         next_irq(opaque, NEXT_SCC_DMA_I, level);
825     } else {
826         next_irq(opaque, NEXT_SCC_I, level);
827     }
828 }
829 
830 static void next_escc_init(M68kCPU *cpu)
831 {
832     qemu_irq *ser_irq = qemu_allocate_irqs(next_serial_irq, cpu, 2);
833     DeviceState *dev;
834     SysBusDevice *s;
835 
836     dev = qdev_create(NULL, TYPE_ESCC);
837     qdev_prop_set_uint32(dev, "disabled", 0);
838     qdev_prop_set_uint32(dev, "frequency", 9600 * 384);
839     qdev_prop_set_uint32(dev, "it_shift", 0);
840     qdev_prop_set_bit(dev, "bit_swap", true);
841     qdev_prop_set_chr(dev, "chrB", serial_hd(1));
842     qdev_prop_set_chr(dev, "chrA", serial_hd(0));
843     qdev_prop_set_uint32(dev, "chnBtype", escc_serial);
844     qdev_prop_set_uint32(dev, "chnAtype", escc_serial);
845     qdev_init_nofail(dev);
846 
847     s = SYS_BUS_DEVICE(dev);
848     sysbus_connect_irq(s, 0, ser_irq[0]);
849     sysbus_connect_irq(s, 1,  ser_irq[1]);
850     sysbus_mmio_map(s, 0, 0x2118000);
851 }
852 
853 static void next_cube_init(MachineState *machine)
854 {
855     M68kCPU *cpu;
856     CPUM68KState *env;
857     MemoryRegion *ram = g_new(MemoryRegion, 1);
858     MemoryRegion *rom = g_new(MemoryRegion, 1);
859     MemoryRegion *mmiomem = g_new(MemoryRegion, 1);
860     MemoryRegion *scrmem = g_new(MemoryRegion, 1);
861     MemoryRegion *dmamem = g_new(MemoryRegion, 1);
862     MemoryRegion *bmapm1 = g_new(MemoryRegion, 1);
863     MemoryRegion *bmapm2 = g_new(MemoryRegion, 1);
864     MemoryRegion *sysmem = get_system_memory();
865     NeXTState *ns = NEXT_MACHINE(machine);
866     DeviceState *dev;
867 
868     /* Initialize the cpu core */
869     cpu = M68K_CPU(cpu_create(machine->cpu_type));
870     if (!cpu) {
871         error_report("Unable to find m68k CPU definition");
872         exit(1);
873     }
874     env = &cpu->env;
875 
876     /* Initialize CPU registers.  */
877     env->vbr = 0;
878     env->sr  = 0x2700;
879 
880     /* Set internal registers to initial values */
881     /*     0x0000XX00 << vital bits */
882     ns->scr1 = 0x00011102;
883     ns->scr2 = 0x00ff0c80;
884 
885     /* Load RTC RAM - TODO: provide possibility to load contents from file */
886     memcpy(ns->rtc_ram, rtc_ram2, 32);
887 
888     /* 64MB RAM starting at 0x04000000  */
889     memory_region_allocate_system_memory(ram, NULL, "next.ram", ram_size);
890     memory_region_add_subregion(sysmem, 0x04000000, ram);
891 
892     /* Framebuffer */
893     dev = qdev_create(NULL, TYPE_NEXTFB);
894     qdev_init_nofail(dev);
895     sysbus_mmio_map(SYS_BUS_DEVICE(dev), 0, 0x0B000000);
896 
897     /* MMIO */
898     memory_region_init_io(mmiomem, NULL, &mmio_ops, machine, "next.mmio",
899                           0xD0000);
900     memory_region_add_subregion(sysmem, 0x02000000, mmiomem);
901 
902     /* BMAP memory */
903     memory_region_init_ram_shared_nomigrate(bmapm1, NULL, "next.bmapmem", 64,
904                                             true, &error_fatal);
905     memory_region_add_subregion(sysmem, 0x020c0000, bmapm1);
906     /* The Rev_2.5_v66.bin firmware accesses it at 0x820c0020, too */
907     memory_region_init_alias(bmapm2, NULL, "next.bmapmem2", bmapm1, 0x0, 64);
908     memory_region_add_subregion(sysmem, 0x820c0000, bmapm2);
909 
910     /* BMAP IO - acts as a catch-all for now */
911     memory_region_init_io(scrmem, NULL, &scr_ops, machine, "next.scr",
912                           0x20000);
913     memory_region_add_subregion(sysmem, 0x02100000, scrmem);
914 
915     /* KBD */
916     dev = qdev_create(NULL, TYPE_NEXTKBD);
917     qdev_init_nofail(dev);
918     sysbus_mmio_map(SYS_BUS_DEVICE(dev), 0, 0x0200e000);
919 
920     /* Load ROM here */
921     if (bios_name == NULL) {
922         bios_name = ROM_FILE;
923     }
924     /* still not sure if the rom should also be mapped at 0x0*/
925     memory_region_init_rom(rom, NULL, "next.rom", 0x20000, &error_fatal);
926     memory_region_add_subregion(sysmem, 0x01000000, rom);
927     if (load_image_targphys(bios_name, 0x01000000, 0x20000) < 8) {
928         if (!qtest_enabled()) {
929             error_report("Failed to load firmware '%s'.", bios_name);
930         }
931     } else {
932         uint8_t *ptr;
933         /* Initial PC is always at offset 4 in firmware binaries */
934         ptr = rom_ptr(0x01000004, 4);
935         g_assert(ptr != NULL);
936         env->pc = ldl_p(ptr);
937         if (env->pc >= 0x01020000) {
938             error_report("'%s' does not seem to be a valid firmware image.",
939                          bios_name);
940             exit(1);
941         }
942     }
943 
944     /* Serial */
945     next_escc_init(cpu);
946 
947     /* TODO: */
948     /* Network */
949     /* SCSI */
950 
951     /* DMA */
952     memory_region_init_io(dmamem, NULL, &dma_ops, machine, "next.dma", 0x5000);
953     memory_region_add_subregion(sysmem, 0x02000000, dmamem);
954 }
955 
956 static void next_machine_class_init(ObjectClass *oc, void *data)
957 {
958     MachineClass *mc = MACHINE_CLASS(oc);
959 
960     mc->desc = "NeXT Cube";
961     mc->init = next_cube_init;
962     mc->default_ram_size = RAM_SIZE;
963     mc->default_cpu_type = M68K_CPU_TYPE_NAME("m68040");
964 }
965 
966 static const TypeInfo next_typeinfo = {
967     .name = TYPE_NEXT_MACHINE,
968     .parent = TYPE_MACHINE,
969     .class_init = next_machine_class_init,
970     .instance_size = sizeof(NeXTState),
971 };
972 
973 static void next_register_type(void)
974 {
975     type_register_static(&next_typeinfo);
976 }
977 
978 type_init(next_register_type)
979