1 /* 2 * NeXT Cube System Driver 3 * 4 * Copyright (c) 2011 Bryce Lanham 5 * 6 * This code is free software; you can redistribute it and/or modify 7 * it under the terms of the GNU General Public License as published 8 * by the Free Software Foundation; either version 2 of the License, 9 * or (at your option) any later version. 10 */ 11 12 #include "qemu/osdep.h" 13 #include "cpu.h" 14 #include "exec/hwaddr.h" 15 #include "exec/address-spaces.h" 16 #include "sysemu/sysemu.h" 17 #include "sysemu/qtest.h" 18 #include "hw/irq.h" 19 #include "hw/m68k/next-cube.h" 20 #include "hw/boards.h" 21 #include "hw/loader.h" 22 #include "hw/scsi/esp.h" 23 #include "hw/sysbus.h" 24 #include "qom/object.h" 25 #include "hw/char/escc.h" /* ZILOG 8530 Serial Emulation */ 26 #include "hw/block/fdc.h" 27 #include "hw/qdev-properties.h" 28 #include "qapi/error.h" 29 #include "ui/console.h" 30 #include "target/m68k/cpu.h" 31 32 /* #define DEBUG_NEXT */ 33 #ifdef DEBUG_NEXT 34 #define DPRINTF(fmt, ...) \ 35 do { printf("NeXT: " fmt , ## __VA_ARGS__); } while (0) 36 #else 37 #define DPRINTF(fmt, ...) do { } while (0) 38 #endif 39 40 #define TYPE_NEXT_MACHINE MACHINE_TYPE_NAME("next-cube") 41 typedef struct NeXTState NeXTState; 42 #define NEXT_MACHINE(obj) OBJECT_CHECK(NeXTState, (obj), TYPE_NEXT_MACHINE) 43 44 #define ENTRY 0x0100001e 45 #define RAM_SIZE 0x4000000 46 #define ROM_FILE "Rev_2.5_v66.bin" 47 48 typedef struct next_dma { 49 uint32_t csr; 50 51 uint32_t saved_next; 52 uint32_t saved_limit; 53 uint32_t saved_start; 54 uint32_t saved_stop; 55 56 uint32_t next; 57 uint32_t limit; 58 uint32_t start; 59 uint32_t stop; 60 61 uint32_t next_initbuf; 62 uint32_t size; 63 } next_dma; 64 65 typedef struct NextRtc { 66 uint8_t ram[32]; 67 uint8_t command; 68 uint8_t value; 69 uint8_t status; 70 uint8_t control; 71 uint8_t retval; 72 } NextRtc; 73 74 struct NeXTState { 75 MachineState parent; 76 77 uint32_t int_mask; 78 uint32_t int_status; 79 80 uint8_t scsi_csr_1; 81 uint8_t scsi_csr_2; 82 next_dma dma[10]; 83 qemu_irq *scsi_irq; 84 qemu_irq scsi_dma; 85 qemu_irq scsi_reset; 86 qemu_irq *fd_irq; 87 88 uint32_t scr1; 89 uint32_t scr2; 90 91 NextRtc rtc; 92 }; 93 94 /* Thanks to NeXT forums for this */ 95 /* 96 static const uint8_t rtc_ram3[32] = { 97 0x94, 0x0f, 0x40, 0x00, 0x00, 0x00, 0x00, 0x00, 98 0x00, 0x00, 0xfb, 0x6d, 0x00, 0x00, 0x7B, 0x00, 99 0x00, 0x00, 0x65, 0x6e, 0x00, 0x00, 0x00, 0x00, 100 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x50, 0x13 101 }; 102 */ 103 static const uint8_t rtc_ram2[32] = { 104 0x94, 0x0f, 0x40, 0x03, 0x00, 0x00, 0x00, 0x00, 105 0x00, 0x00, 0xfb, 0x6d, 0x00, 0x00, 0x4b, 0x00, 106 0x41, 0x00, 0x20, 0x00, 0x00, 0x00, 0x00, 0x00, 107 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x84, 0x7e, 108 }; 109 110 #define SCR2_RTCLK 0x2 111 #define SCR2_RTDATA 0x4 112 #define SCR2_TOBCD(x) (((x / 10) << 4) + (x % 10)) 113 114 static void nextscr2_write(NeXTState *s, uint32_t val, int size) 115 { 116 static int led; 117 static int phase; 118 static uint8_t old_scr2; 119 uint8_t scr2_2; 120 NextRtc *rtc = &s->rtc; 121 122 if (size == 4) { 123 scr2_2 = (val >> 8) & 0xFF; 124 } else { 125 scr2_2 = val & 0xFF; 126 } 127 128 if (val & 0x1) { 129 DPRINTF("fault!\n"); 130 led++; 131 if (led == 10) { 132 DPRINTF("LED flashing, possible fault!\n"); 133 led = 0; 134 } 135 } 136 137 if (scr2_2 & 0x1) { 138 /* DPRINTF("RTC %x phase %i\n", scr2_2, phase); */ 139 if (phase == -1) { 140 phase = 0; 141 } 142 /* If we are in going down clock... do something */ 143 if (((old_scr2 & SCR2_RTCLK) != (scr2_2 & SCR2_RTCLK)) && 144 ((scr2_2 & SCR2_RTCLK) == 0)) { 145 if (phase < 8) { 146 rtc->command = (rtc->command << 1) | 147 ((scr2_2 & SCR2_RTDATA) ? 1 : 0); 148 } 149 if (phase >= 8 && phase < 16) { 150 rtc->value = (rtc->value << 1) | 151 ((scr2_2 & SCR2_RTDATA) ? 1 : 0); 152 153 /* if we read RAM register, output RT_DATA bit */ 154 if (rtc->command <= 0x1F) { 155 scr2_2 = scr2_2 & (~SCR2_RTDATA); 156 if (rtc->ram[rtc->command] & (0x80 >> (phase - 8))) { 157 scr2_2 |= SCR2_RTDATA; 158 } 159 160 rtc->retval = (rtc->retval << 1) | 161 ((scr2_2 & SCR2_RTDATA) ? 1 : 0); 162 } 163 /* read the status 0x30 */ 164 if (rtc->command == 0x30) { 165 scr2_2 = scr2_2 & (~SCR2_RTDATA); 166 /* for now status = 0x98 (new rtc + FTU) */ 167 if (rtc->status & (0x80 >> (phase - 8))) { 168 scr2_2 |= SCR2_RTDATA; 169 } 170 171 rtc->retval = (rtc->retval << 1) | 172 ((scr2_2 & SCR2_RTDATA) ? 1 : 0); 173 } 174 /* read the status 0x31 */ 175 if (rtc->command == 0x31) { 176 scr2_2 = scr2_2 & (~SCR2_RTDATA); 177 if (rtc->control & (0x80 >> (phase - 8))) { 178 scr2_2 |= SCR2_RTDATA; 179 } 180 rtc->retval = (rtc->retval << 1) | 181 ((scr2_2 & SCR2_RTDATA) ? 1 : 0); 182 } 183 184 if ((rtc->command >= 0x20) && (rtc->command <= 0x2F)) { 185 scr2_2 = scr2_2 & (~SCR2_RTDATA); 186 /* for now 0x00 */ 187 time_t time_h = time(NULL); 188 struct tm *info = localtime(&time_h); 189 int ret = 0; 190 191 switch (rtc->command) { 192 case 0x20: 193 ret = SCR2_TOBCD(info->tm_sec); 194 break; 195 case 0x21: 196 ret = SCR2_TOBCD(info->tm_min); 197 break; 198 case 0x22: 199 ret = SCR2_TOBCD(info->tm_hour); 200 break; 201 case 0x24: 202 ret = SCR2_TOBCD(info->tm_mday); 203 break; 204 case 0x25: 205 ret = SCR2_TOBCD((info->tm_mon + 1)); 206 break; 207 case 0x26: 208 ret = SCR2_TOBCD((info->tm_year - 100)); 209 break; 210 211 } 212 213 if (ret & (0x80 >> (phase - 8))) { 214 scr2_2 |= SCR2_RTDATA; 215 } 216 rtc->retval = (rtc->retval << 1) | 217 ((scr2_2 & SCR2_RTDATA) ? 1 : 0); 218 } 219 220 } 221 222 phase++; 223 if (phase == 16) { 224 if (rtc->command >= 0x80 && rtc->command <= 0x9F) { 225 rtc->ram[rtc->command - 0x80] = rtc->value; 226 } 227 /* write to x30 register */ 228 if (rtc->command == 0xB1) { 229 /* clear FTU */ 230 if (rtc->value & 0x04) { 231 rtc->status = rtc->status & (~0x18); 232 s->int_status = s->int_status & (~0x04); 233 } 234 } 235 } 236 } 237 } else { 238 /* else end or abort */ 239 phase = -1; 240 rtc->command = 0; 241 rtc->value = 0; 242 } 243 s->scr2 = val & 0xFFFF00FF; 244 s->scr2 |= scr2_2 << 8; 245 old_scr2 = scr2_2; 246 } 247 248 static uint32_t mmio_readb(NeXTState *s, hwaddr addr) 249 { 250 switch (addr) { 251 case 0xc000: 252 return (s->scr1 >> 24) & 0xFF; 253 case 0xc001: 254 return (s->scr1 >> 16) & 0xFF; 255 case 0xc002: 256 return (s->scr1 >> 8) & 0xFF; 257 case 0xc003: 258 return (s->scr1 >> 0) & 0xFF; 259 260 case 0xd000: 261 return (s->scr2 >> 24) & 0xFF; 262 case 0xd001: 263 return (s->scr2 >> 16) & 0xFF; 264 case 0xd002: 265 return (s->scr2 >> 8) & 0xFF; 266 case 0xd003: 267 return (s->scr2 >> 0) & 0xFF; 268 case 0x14020: 269 DPRINTF("MMIO Read 0x4020\n"); 270 return 0x7f; 271 272 default: 273 DPRINTF("MMIO Read B @ %"HWADDR_PRIx"\n", addr); 274 return 0x0; 275 } 276 } 277 278 static uint32_t mmio_readw(NeXTState *s, hwaddr addr) 279 { 280 switch (addr) { 281 default: 282 DPRINTF("MMIO Read W @ %"HWADDR_PRIx"\n", addr); 283 return 0x0; 284 } 285 } 286 287 static uint32_t mmio_readl(NeXTState *s, hwaddr addr) 288 { 289 switch (addr) { 290 case 0x7000: 291 /* DPRINTF("Read INT status: %x\n", s->int_status); */ 292 return s->int_status; 293 294 case 0x7800: 295 DPRINTF("MMIO Read INT mask: %x\n", s->int_mask); 296 return s->int_mask; 297 298 case 0xc000: 299 return s->scr1; 300 301 case 0xd000: 302 return s->scr2; 303 304 default: 305 DPRINTF("MMIO Read L @ %"HWADDR_PRIx"\n", addr); 306 return 0x0; 307 } 308 } 309 310 static void mmio_writeb(NeXTState *s, hwaddr addr, uint32_t val) 311 { 312 switch (addr) { 313 case 0xd003: 314 nextscr2_write(s, val, 1); 315 break; 316 default: 317 DPRINTF("MMIO Write B @ %x with %x\n", (unsigned int)addr, val); 318 } 319 320 } 321 322 static void mmio_writew(NeXTState *s, hwaddr addr, uint32_t val) 323 { 324 DPRINTF("MMIO Write W\n"); 325 } 326 327 static void mmio_writel(NeXTState *s, hwaddr addr, uint32_t val) 328 { 329 switch (addr) { 330 case 0x7000: 331 DPRINTF("INT Status old: %x new: %x\n", s->int_status, val); 332 s->int_status = val; 333 break; 334 case 0x7800: 335 DPRINTF("INT Mask old: %x new: %x\n", s->int_mask, val); 336 s->int_mask = val; 337 break; 338 case 0xc000: 339 DPRINTF("SCR1 Write: %x\n", val); 340 break; 341 case 0xd000: 342 nextscr2_write(s, val, 4); 343 break; 344 345 default: 346 DPRINTF("MMIO Write l @ %x with %x\n", (unsigned int)addr, val); 347 } 348 } 349 350 static uint64_t mmio_readfn(void *opaque, hwaddr addr, unsigned size) 351 { 352 NeXTState *ns = NEXT_MACHINE(opaque); 353 354 switch (size) { 355 case 1: 356 return mmio_readb(ns, addr); 357 case 2: 358 return mmio_readw(ns, addr); 359 case 4: 360 return mmio_readl(ns, addr); 361 default: 362 g_assert_not_reached(); 363 } 364 } 365 366 static void mmio_writefn(void *opaque, hwaddr addr, uint64_t value, 367 unsigned size) 368 { 369 NeXTState *ns = NEXT_MACHINE(opaque); 370 371 switch (size) { 372 case 1: 373 mmio_writeb(ns, addr, value); 374 break; 375 case 2: 376 mmio_writew(ns, addr, value); 377 break; 378 case 4: 379 mmio_writel(ns, addr, value); 380 break; 381 default: 382 g_assert_not_reached(); 383 } 384 } 385 386 static const MemoryRegionOps mmio_ops = { 387 .read = mmio_readfn, 388 .write = mmio_writefn, 389 .valid.min_access_size = 1, 390 .valid.max_access_size = 4, 391 .endianness = DEVICE_NATIVE_ENDIAN, 392 }; 393 394 static uint32_t scr_readb(NeXTState *s, hwaddr addr) 395 { 396 switch (addr) { 397 case 0x14108: 398 DPRINTF("FD read @ %x\n", (unsigned int)addr); 399 return 0x40 | 0x04 | 0x2 | 0x1; 400 case 0x14020: 401 DPRINTF("SCSI 4020 STATUS READ %X\n", s->scsi_csr_1); 402 return s->scsi_csr_1; 403 404 case 0x14021: 405 DPRINTF("SCSI 4021 STATUS READ %X\n", s->scsi_csr_2); 406 return 0x40; 407 408 /* 409 * These 4 registers are the hardware timer, not sure which register 410 * is the latch instead of data, but no problems so far 411 */ 412 case 0x1a000: 413 return 0xff & (clock() >> 24); 414 case 0x1a001: 415 return 0xff & (clock() >> 16); 416 case 0x1a002: 417 return 0xff & (clock() >> 8); 418 case 0x1a003: 419 /* Hack: We need to have this change consistently to make it work */ 420 return 0xFF & clock(); 421 422 default: 423 DPRINTF("BMAP Read B @ %x\n", (unsigned int)addr); 424 return 0; 425 } 426 } 427 428 static uint32_t scr_readw(NeXTState *s, hwaddr addr) 429 { 430 DPRINTF("BMAP Read W @ %x\n", (unsigned int)addr); 431 return 0; 432 } 433 434 static uint32_t scr_readl(NeXTState *s, hwaddr addr) 435 { 436 DPRINTF("BMAP Read L @ %x\n", (unsigned int)addr); 437 return 0; 438 } 439 440 #define SCSICSR_ENABLE 0x01 441 #define SCSICSR_RESET 0x02 /* reset scsi dma */ 442 #define SCSICSR_FIFOFL 0x04 443 #define SCSICSR_DMADIR 0x08 /* if set, scsi to mem */ 444 #define SCSICSR_CPUDMA 0x10 /* if set, dma enabled */ 445 #define SCSICSR_INTMASK 0x20 /* if set, interrupt enabled */ 446 447 static void scr_writeb(NeXTState *s, hwaddr addr, uint32_t value) 448 { 449 switch (addr) { 450 case 0x14108: 451 DPRINTF("FDCSR Write: %x\n", value); 452 453 if (value == 0x0) { 454 /* qemu_irq_raise(s->fd_irq[0]); */ 455 } 456 break; 457 case 0x14020: /* SCSI Control Register */ 458 if (value & SCSICSR_FIFOFL) { 459 DPRINTF("SCSICSR FIFO Flush\n"); 460 /* will have to add another irq to the esp if this is needed */ 461 /* esp_puflush_fifo(esp_g); */ 462 /* qemu_irq_pulse(s->scsi_dma); */ 463 } 464 465 if (value & SCSICSR_ENABLE) { 466 DPRINTF("SCSICSR Enable\n"); 467 /* 468 * qemu_irq_raise(s->scsi_dma); 469 * s->scsi_csr_1 = 0xc0; 470 * s->scsi_csr_1 |= 0x1; 471 * qemu_irq_pulse(s->scsi_dma); 472 */ 473 } 474 /* 475 * else 476 * s->scsi_csr_1 &= ~SCSICSR_ENABLE; 477 */ 478 479 if (value & SCSICSR_RESET) { 480 DPRINTF("SCSICSR Reset\n"); 481 /* I think this should set DMADIR. CPUDMA and INTMASK to 0 */ 482 /* qemu_irq_raise(s->scsi_reset); */ 483 /* s->scsi_csr_1 &= ~(SCSICSR_INTMASK |0x80|0x1); */ 484 485 } 486 if (value & SCSICSR_DMADIR) { 487 DPRINTF("SCSICSR DMAdir\n"); 488 } 489 if (value & SCSICSR_CPUDMA) { 490 DPRINTF("SCSICSR CPUDMA\n"); 491 /* qemu_irq_raise(s->scsi_dma); */ 492 493 s->int_status |= 0x4000000; 494 } else { 495 s->int_status &= ~(0x4000000); 496 } 497 if (value & SCSICSR_INTMASK) { 498 DPRINTF("SCSICSR INTMASK\n"); 499 /* 500 * int_mask &= ~0x1000; 501 * s->scsi_csr_1 |= value; 502 * s->scsi_csr_1 &= ~SCSICSR_INTMASK; 503 * if (s->scsi_queued) { 504 * s->scsi_queued = 0; 505 * next_irq(s, NEXT_SCSI_I, level); 506 * } 507 */ 508 } else { 509 /* int_mask |= 0x1000; */ 510 } 511 if (value & 0x80) { 512 /* int_mask |= 0x1000; */ 513 /* s->scsi_csr_1 |= 0x80; */ 514 } 515 DPRINTF("SCSICSR Write: %x\n", value); 516 /* s->scsi_csr_1 = value; */ 517 return; 518 /* Hardware timer latch - not implemented yet */ 519 case 0x1a000: 520 default: 521 DPRINTF("BMAP Write B @ %x with %x\n", (unsigned int)addr, value); 522 } 523 } 524 525 static void scr_writew(NeXTState *s, hwaddr addr, uint32_t value) 526 { 527 DPRINTF("BMAP Write W @ %x with %x\n", (unsigned int)addr, value); 528 } 529 530 static void scr_writel(NeXTState *s, hwaddr addr, uint32_t value) 531 { 532 DPRINTF("BMAP Write L @ %x with %x\n", (unsigned int)addr, value); 533 } 534 535 static uint64_t scr_readfn(void *opaque, hwaddr addr, unsigned size) 536 { 537 NeXTState *ns = NEXT_MACHINE(opaque); 538 539 switch (size) { 540 case 1: 541 return scr_readb(ns, addr); 542 case 2: 543 return scr_readw(ns, addr); 544 case 4: 545 return scr_readl(ns, addr); 546 default: 547 g_assert_not_reached(); 548 } 549 } 550 551 static void scr_writefn(void *opaque, hwaddr addr, uint64_t value, 552 unsigned size) 553 { 554 NeXTState *ns = NEXT_MACHINE(opaque); 555 556 switch (size) { 557 case 1: 558 scr_writeb(ns, addr, value); 559 break; 560 case 2: 561 scr_writew(ns, addr, value); 562 break; 563 case 4: 564 scr_writel(ns, addr, value); 565 break; 566 default: 567 g_assert_not_reached(); 568 } 569 } 570 571 static const MemoryRegionOps scr_ops = { 572 .read = scr_readfn, 573 .write = scr_writefn, 574 .valid.min_access_size = 1, 575 .valid.max_access_size = 4, 576 .endianness = DEVICE_NATIVE_ENDIAN, 577 }; 578 579 #define NEXTDMA_SCSI(x) (0x10 + x) 580 #define NEXTDMA_FD(x) (0x10 + x) 581 #define NEXTDMA_ENTX(x) (0x110 + x) 582 #define NEXTDMA_ENRX(x) (0x150 + x) 583 #define NEXTDMA_CSR 0x0 584 #define NEXTDMA_NEXT 0x4000 585 #define NEXTDMA_LIMIT 0x4004 586 #define NEXTDMA_START 0x4008 587 #define NEXTDMA_STOP 0x400c 588 #define NEXTDMA_NEXT_INIT 0x4200 589 #define NEXTDMA_SIZE 0x4204 590 591 static void dma_writel(void *opaque, hwaddr addr, uint64_t value, 592 unsigned int size) 593 { 594 NeXTState *next_state = NEXT_MACHINE(opaque); 595 596 switch (addr) { 597 case NEXTDMA_ENRX(NEXTDMA_CSR): 598 if (value & DMA_DEV2M) { 599 next_state->dma[NEXTDMA_ENRX].csr |= DMA_DEV2M; 600 } 601 602 if (value & DMA_SETENABLE) { 603 /* DPRINTF("SCSI DMA ENABLE\n"); */ 604 next_state->dma[NEXTDMA_ENRX].csr |= DMA_ENABLE; 605 } 606 if (value & DMA_SETSUPDATE) { 607 next_state->dma[NEXTDMA_ENRX].csr |= DMA_SUPDATE; 608 } 609 if (value & DMA_CLRCOMPLETE) { 610 next_state->dma[NEXTDMA_ENRX].csr &= ~DMA_COMPLETE; 611 } 612 613 if (value & DMA_RESET) { 614 next_state->dma[NEXTDMA_ENRX].csr &= ~(DMA_COMPLETE | DMA_SUPDATE | 615 DMA_ENABLE | DMA_DEV2M); 616 } 617 /* DPRINTF("RXCSR \tWrite: %x\n",value); */ 618 break; 619 case NEXTDMA_ENRX(NEXTDMA_NEXT_INIT): 620 next_state->dma[NEXTDMA_ENRX].next_initbuf = value; 621 break; 622 case NEXTDMA_ENRX(NEXTDMA_NEXT): 623 next_state->dma[NEXTDMA_ENRX].next = value; 624 break; 625 case NEXTDMA_ENRX(NEXTDMA_LIMIT): 626 next_state->dma[NEXTDMA_ENRX].limit = value; 627 break; 628 case NEXTDMA_SCSI(NEXTDMA_CSR): 629 if (value & DMA_DEV2M) { 630 next_state->dma[NEXTDMA_SCSI].csr |= DMA_DEV2M; 631 } 632 if (value & DMA_SETENABLE) { 633 /* DPRINTF("SCSI DMA ENABLE\n"); */ 634 next_state->dma[NEXTDMA_SCSI].csr |= DMA_ENABLE; 635 } 636 if (value & DMA_SETSUPDATE) { 637 next_state->dma[NEXTDMA_SCSI].csr |= DMA_SUPDATE; 638 } 639 if (value & DMA_CLRCOMPLETE) { 640 next_state->dma[NEXTDMA_SCSI].csr &= ~DMA_COMPLETE; 641 } 642 643 if (value & DMA_RESET) { 644 next_state->dma[NEXTDMA_SCSI].csr &= ~(DMA_COMPLETE | DMA_SUPDATE | 645 DMA_ENABLE | DMA_DEV2M); 646 /* DPRINTF("SCSI DMA RESET\n"); */ 647 } 648 /* DPRINTF("RXCSR \tWrite: %x\n",value); */ 649 break; 650 651 case NEXTDMA_SCSI(NEXTDMA_NEXT): 652 next_state->dma[NEXTDMA_SCSI].next = value; 653 break; 654 655 case NEXTDMA_SCSI(NEXTDMA_LIMIT): 656 next_state->dma[NEXTDMA_SCSI].limit = value; 657 break; 658 659 case NEXTDMA_SCSI(NEXTDMA_START): 660 next_state->dma[NEXTDMA_SCSI].start = value; 661 break; 662 663 case NEXTDMA_SCSI(NEXTDMA_STOP): 664 next_state->dma[NEXTDMA_SCSI].stop = value; 665 break; 666 667 case NEXTDMA_SCSI(NEXTDMA_NEXT_INIT): 668 next_state->dma[NEXTDMA_SCSI].next_initbuf = value; 669 break; 670 671 default: 672 DPRINTF("DMA write @ %x w/ %x\n", (unsigned)addr, (unsigned)value); 673 } 674 } 675 676 static uint64_t dma_readl(void *opaque, hwaddr addr, unsigned int size) 677 { 678 NeXTState *next_state = NEXT_MACHINE(opaque); 679 680 switch (addr) { 681 case NEXTDMA_SCSI(NEXTDMA_CSR): 682 DPRINTF("SCSI DMA CSR READ\n"); 683 return next_state->dma[NEXTDMA_SCSI].csr; 684 case NEXTDMA_ENRX(NEXTDMA_CSR): 685 return next_state->dma[NEXTDMA_ENRX].csr; 686 case NEXTDMA_ENRX(NEXTDMA_NEXT_INIT): 687 return next_state->dma[NEXTDMA_ENRX].next_initbuf; 688 case NEXTDMA_ENRX(NEXTDMA_NEXT): 689 return next_state->dma[NEXTDMA_ENRX].next; 690 case NEXTDMA_ENRX(NEXTDMA_LIMIT): 691 return next_state->dma[NEXTDMA_ENRX].limit; 692 693 case NEXTDMA_SCSI(NEXTDMA_NEXT): 694 return next_state->dma[NEXTDMA_SCSI].next; 695 case NEXTDMA_SCSI(NEXTDMA_NEXT_INIT): 696 return next_state->dma[NEXTDMA_SCSI].next_initbuf; 697 case NEXTDMA_SCSI(NEXTDMA_LIMIT): 698 return next_state->dma[NEXTDMA_SCSI].limit; 699 case NEXTDMA_SCSI(NEXTDMA_START): 700 return next_state->dma[NEXTDMA_SCSI].start; 701 case NEXTDMA_SCSI(NEXTDMA_STOP): 702 return next_state->dma[NEXTDMA_SCSI].stop; 703 704 default: 705 DPRINTF("DMA read @ %x\n", (unsigned int)addr); 706 return 0; 707 } 708 709 /* 710 * once the csr's are done, subtract 0x3FEC from the addr, and that will 711 * normalize the upper registers 712 */ 713 } 714 715 static const MemoryRegionOps dma_ops = { 716 .read = dma_readl, 717 .write = dma_writel, 718 .impl.min_access_size = 4, 719 .valid.min_access_size = 4, 720 .valid.max_access_size = 4, 721 .endianness = DEVICE_NATIVE_ENDIAN, 722 }; 723 724 /* 725 * TODO: set the shift numbers as values in the enum, so the first switch 726 * will not be needed 727 */ 728 void next_irq(void *opaque, int number, int level) 729 { 730 M68kCPU *cpu = opaque; 731 int shift = 0; 732 NeXTState *ns = NEXT_MACHINE(qdev_get_machine()); 733 734 /* first switch sets interupt status */ 735 /* DPRINTF("IRQ %i\n",number); */ 736 switch (number) { 737 /* level 3 - floppy, kbd/mouse, power, ether rx/tx, scsi, clock */ 738 case NEXT_FD_I: 739 shift = 7; 740 break; 741 case NEXT_KBD_I: 742 shift = 3; 743 break; 744 case NEXT_PWR_I: 745 shift = 2; 746 break; 747 case NEXT_ENRX_I: 748 shift = 9; 749 break; 750 case NEXT_ENTX_I: 751 shift = 10; 752 break; 753 case NEXT_SCSI_I: 754 shift = 12; 755 break; 756 case NEXT_CLK_I: 757 shift = 5; 758 break; 759 760 /* level 5 - scc (serial) */ 761 case NEXT_SCC_I: 762 shift = 17; 763 break; 764 765 /* level 6 - audio etherrx/tx dma */ 766 case NEXT_ENTX_DMA_I: 767 shift = 28; 768 break; 769 case NEXT_ENRX_DMA_I: 770 shift = 27; 771 break; 772 case NEXT_SCSI_DMA_I: 773 shift = 26; 774 break; 775 case NEXT_SND_I: 776 shift = 23; 777 break; 778 case NEXT_SCC_DMA_I: 779 shift = 21; 780 break; 781 782 } 783 /* 784 * this HAS to be wrong, the interrupt handlers in mach and together 785 * int_status and int_mask and return if there is a hit 786 */ 787 if (ns->int_mask & (1 << shift)) { 788 DPRINTF("%x interrupt masked @ %x\n", 1 << shift, cpu->env.pc); 789 /* return; */ 790 } 791 792 /* second switch triggers the correct interrupt */ 793 if (level) { 794 ns->int_status |= 1 << shift; 795 796 switch (number) { 797 /* level 3 - floppy, kbd/mouse, power, ether rx/tx, scsi, clock */ 798 case NEXT_FD_I: 799 case NEXT_KBD_I: 800 case NEXT_PWR_I: 801 case NEXT_ENRX_I: 802 case NEXT_ENTX_I: 803 case NEXT_SCSI_I: 804 case NEXT_CLK_I: 805 m68k_set_irq_level(cpu, 3, 27); 806 break; 807 808 /* level 5 - scc (serial) */ 809 case NEXT_SCC_I: 810 m68k_set_irq_level(cpu, 5, 29); 811 break; 812 813 /* level 6 - audio etherrx/tx dma */ 814 case NEXT_ENTX_DMA_I: 815 case NEXT_ENRX_DMA_I: 816 case NEXT_SCSI_DMA_I: 817 case NEXT_SND_I: 818 case NEXT_SCC_DMA_I: 819 m68k_set_irq_level(cpu, 6, 30); 820 break; 821 } 822 } else { 823 ns->int_status &= ~(1 << shift); 824 cpu_reset_interrupt(CPU(cpu), CPU_INTERRUPT_HARD); 825 } 826 } 827 828 static void next_serial_irq(void *opaque, int n, int level) 829 { 830 /* DPRINTF("SCC IRQ NUM %i\n",n); */ 831 if (n) { 832 next_irq(opaque, NEXT_SCC_DMA_I, level); 833 } else { 834 next_irq(opaque, NEXT_SCC_I, level); 835 } 836 } 837 838 static void next_escc_init(M68kCPU *cpu) 839 { 840 qemu_irq *ser_irq = qemu_allocate_irqs(next_serial_irq, cpu, 2); 841 DeviceState *dev; 842 SysBusDevice *s; 843 844 dev = qdev_new(TYPE_ESCC); 845 qdev_prop_set_uint32(dev, "disabled", 0); 846 qdev_prop_set_uint32(dev, "frequency", 9600 * 384); 847 qdev_prop_set_uint32(dev, "it_shift", 0); 848 qdev_prop_set_bit(dev, "bit_swap", true); 849 qdev_prop_set_chr(dev, "chrB", serial_hd(1)); 850 qdev_prop_set_chr(dev, "chrA", serial_hd(0)); 851 qdev_prop_set_uint32(dev, "chnBtype", escc_serial); 852 qdev_prop_set_uint32(dev, "chnAtype", escc_serial); 853 854 s = SYS_BUS_DEVICE(dev); 855 sysbus_realize_and_unref(s, &error_fatal); 856 sysbus_connect_irq(s, 0, ser_irq[0]); 857 sysbus_connect_irq(s, 1, ser_irq[1]); 858 sysbus_mmio_map(s, 0, 0x2118000); 859 } 860 861 static void next_cube_init(MachineState *machine) 862 { 863 M68kCPU *cpu; 864 CPUM68KState *env; 865 MemoryRegion *rom = g_new(MemoryRegion, 1); 866 MemoryRegion *mmiomem = g_new(MemoryRegion, 1); 867 MemoryRegion *scrmem = g_new(MemoryRegion, 1); 868 MemoryRegion *dmamem = g_new(MemoryRegion, 1); 869 MemoryRegion *bmapm1 = g_new(MemoryRegion, 1); 870 MemoryRegion *bmapm2 = g_new(MemoryRegion, 1); 871 MemoryRegion *sysmem = get_system_memory(); 872 NeXTState *ns = NEXT_MACHINE(machine); 873 DeviceState *dev; 874 875 /* Initialize the cpu core */ 876 cpu = M68K_CPU(cpu_create(machine->cpu_type)); 877 if (!cpu) { 878 error_report("Unable to find m68k CPU definition"); 879 exit(1); 880 } 881 env = &cpu->env; 882 883 /* Initialize CPU registers. */ 884 env->vbr = 0; 885 env->sr = 0x2700; 886 887 /* Set internal registers to initial values */ 888 /* 0x0000XX00 << vital bits */ 889 ns->scr1 = 0x00011102; 890 ns->scr2 = 0x00ff0c80; 891 ns->rtc.status = 0x90; 892 893 /* Load RTC RAM - TODO: provide possibility to load contents from file */ 894 memcpy(ns->rtc.ram, rtc_ram2, 32); 895 896 /* 64MB RAM starting at 0x04000000 */ 897 memory_region_add_subregion(sysmem, 0x04000000, machine->ram); 898 899 /* Framebuffer */ 900 dev = qdev_new(TYPE_NEXTFB); 901 sysbus_realize_and_unref(SYS_BUS_DEVICE(dev), &error_fatal); 902 sysbus_mmio_map(SYS_BUS_DEVICE(dev), 0, 0x0B000000); 903 904 /* MMIO */ 905 memory_region_init_io(mmiomem, NULL, &mmio_ops, machine, "next.mmio", 906 0xD0000); 907 memory_region_add_subregion(sysmem, 0x02000000, mmiomem); 908 909 /* BMAP memory */ 910 memory_region_init_ram_shared_nomigrate(bmapm1, NULL, "next.bmapmem", 64, 911 true, &error_fatal); 912 memory_region_add_subregion(sysmem, 0x020c0000, bmapm1); 913 /* The Rev_2.5_v66.bin firmware accesses it at 0x820c0020, too */ 914 memory_region_init_alias(bmapm2, NULL, "next.bmapmem2", bmapm1, 0x0, 64); 915 memory_region_add_subregion(sysmem, 0x820c0000, bmapm2); 916 917 /* BMAP IO - acts as a catch-all for now */ 918 memory_region_init_io(scrmem, NULL, &scr_ops, machine, "next.scr", 919 0x20000); 920 memory_region_add_subregion(sysmem, 0x02100000, scrmem); 921 922 /* KBD */ 923 dev = qdev_new(TYPE_NEXTKBD); 924 sysbus_realize_and_unref(SYS_BUS_DEVICE(dev), &error_fatal); 925 sysbus_mmio_map(SYS_BUS_DEVICE(dev), 0, 0x0200e000); 926 927 /* Load ROM here */ 928 if (bios_name == NULL) { 929 bios_name = ROM_FILE; 930 } 931 /* still not sure if the rom should also be mapped at 0x0*/ 932 memory_region_init_rom(rom, NULL, "next.rom", 0x20000, &error_fatal); 933 memory_region_add_subregion(sysmem, 0x01000000, rom); 934 if (load_image_targphys(bios_name, 0x01000000, 0x20000) < 8) { 935 if (!qtest_enabled()) { 936 error_report("Failed to load firmware '%s'.", bios_name); 937 } 938 } else { 939 uint8_t *ptr; 940 /* Initial PC is always at offset 4 in firmware binaries */ 941 ptr = rom_ptr(0x01000004, 4); 942 g_assert(ptr != NULL); 943 env->pc = ldl_p(ptr); 944 if (env->pc >= 0x01020000) { 945 error_report("'%s' does not seem to be a valid firmware image.", 946 bios_name); 947 exit(1); 948 } 949 } 950 951 /* Serial */ 952 next_escc_init(cpu); 953 954 /* TODO: */ 955 /* Network */ 956 /* SCSI */ 957 958 /* DMA */ 959 memory_region_init_io(dmamem, NULL, &dma_ops, machine, "next.dma", 0x5000); 960 memory_region_add_subregion(sysmem, 0x02000000, dmamem); 961 } 962 963 static void next_machine_class_init(ObjectClass *oc, void *data) 964 { 965 MachineClass *mc = MACHINE_CLASS(oc); 966 967 mc->desc = "NeXT Cube"; 968 mc->init = next_cube_init; 969 mc->default_ram_size = RAM_SIZE; 970 mc->default_ram_id = "next.ram"; 971 mc->default_cpu_type = M68K_CPU_TYPE_NAME("m68040"); 972 } 973 974 static const TypeInfo next_typeinfo = { 975 .name = TYPE_NEXT_MACHINE, 976 .parent = TYPE_MACHINE, 977 .class_init = next_machine_class_init, 978 .instance_size = sizeof(NeXTState), 979 }; 980 981 static void next_register_type(void) 982 { 983 type_register_static(&next_typeinfo); 984 } 985 986 type_init(next_register_type) 987