search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
net: validate that ids are well formed
[qemu.git] / hw / m68k / next-cube.c
blob92b45d760f196daf7f2b435c732dc8217c6df324
1 /*
2 * NeXT Cube System Driver
3 *
4 * Copyright (c) 2011 Bryce Lanham
5 *
6 * This code is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published
8 * by the Free Software Foundation; either version 2 of the License,
9 * or (at your option) any later version.
10 */
11
12 #include "qemu/osdep.h"
13 #include "cpu.h"
14 #include "exec/hwaddr.h"
15 #include "exec/address-spaces.h"
16 #include "sysemu/sysemu.h"
17 #include "sysemu/qtest.h"
18 #include "hw/irq.h"
19 #include "hw/m68k/next-cube.h"
20 #include "hw/boards.h"
21 #include "hw/loader.h"
22 #include "hw/scsi/esp.h"
23 #include "hw/sysbus.h"
24 #include "qom/object.h"
25 #include "hw/char/escc.h" /* ZILOG 8530 Serial Emulation */
26 #include "hw/block/fdc.h"
27 #include "hw/qdev-properties.h"
28 #include "qapi/error.h"
29 #include "ui/console.h"
30 #include "target/m68k/cpu.h"
31 #include "migration/vmstate.h"
32
33 /* #define DEBUG_NEXT */
34 #ifdef DEBUG_NEXT
35 #define DPRINTF(fmt, ...) \
36 do { printf("NeXT: " fmt , ## __VA_ARGS__); } while (0)
37 #else
38 #define DPRINTF(fmt, ...) do { } while (0)
39 #endif
40
41 #define TYPE_NEXT_MACHINE MACHINE_TYPE_NAME("next-cube")
42 OBJECT_DECLARE_SIMPLE_TYPE(NeXTState, NEXT_MACHINE)
43
44 #define ENTRY 0x0100001e
45 #define RAM_SIZE 0x4000000
46 #define ROM_FILE "Rev_2.5_v66.bin"
47
48 typedef struct next_dma {
49 uint32_t csr;
50
51 uint32_t saved_next;
52 uint32_t saved_limit;
53 uint32_t saved_start;
54 uint32_t saved_stop;
55
56 uint32_t next;
57 uint32_t limit;
58 uint32_t start;
59 uint32_t stop;
60
61 uint32_t next_initbuf;
62 uint32_t size;
63 } next_dma;
64
65 typedef struct NextRtc {
66 uint8_t ram[32];
67 uint8_t command;
68 uint8_t value;
69 uint8_t status;
70 uint8_t control;
71 uint8_t retval;
72 } NextRtc;
73
74 struct NeXTState {
75 MachineState parent;
76
77 next_dma dma[10];
78 };
79
80 #define TYPE_NEXT_PC "next-pc"
81 OBJECT_DECLARE_SIMPLE_TYPE(NeXTPC, NEXT_PC)
82
83 /* NeXT Peripheral Controller */
84 struct NeXTPC {
85 SysBusDevice parent_obj;
86
87 M68kCPU *cpu;
88
89 MemoryRegion mmiomem;
90 MemoryRegion scrmem;
91
92 uint32_t scr1;
93 uint32_t scr2;
94 uint8_t scsi_csr_1;
95 uint8_t scsi_csr_2;
96 uint32_t int_mask;
97 uint32_t int_status;
98
99 NextRtc rtc;
100 };
101
102 /* Thanks to NeXT forums for this */
103 /*
104 static const uint8_t rtc_ram3[32] = {
105 0x94, 0x0f, 0x40, 0x00, 0x00, 0x00, 0x00, 0x00,
106 0x00, 0x00, 0xfb, 0x6d, 0x00, 0x00, 0x7B, 0x00,
107 0x00, 0x00, 0x65, 0x6e, 0x00, 0x00, 0x00, 0x00,
108 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x50, 0x13
109 };
110 */
111 static const uint8_t rtc_ram2[32] = {
112 0x94, 0x0f, 0x40, 0x03, 0x00, 0x00, 0x00, 0x00,
113 0x00, 0x00, 0xfb, 0x6d, 0x00, 0x00, 0x4b, 0x00,
114 0x41, 0x00, 0x20, 0x00, 0x00, 0x00, 0x00, 0x00,
115 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x84, 0x7e,
116 };
117
118 #define SCR2_RTCLK 0x2
119 #define SCR2_RTDATA 0x4
120 #define SCR2_TOBCD(x) (((x / 10) << 4) + (x % 10))
121
122 static void nextscr2_write(NeXTPC *s, uint32_t val, int size)
123 {
124 static int led;
125 static int phase;
126 static uint8_t old_scr2;
127 uint8_t scr2_2;
128 NextRtc *rtc = &s->rtc;
129
130 if (size == 4) {
131 scr2_2 = (val >> 8) & 0xFF;
132 } else {
133 scr2_2 = val & 0xFF;
134 }
135
136 if (val & 0x1) {
137 DPRINTF("fault!\n");
138 led++;
139 if (led == 10) {
140 DPRINTF("LED flashing, possible fault!\n");
141 led = 0;
142 }
143 }
144
145 if (scr2_2 & 0x1) {
146 /* DPRINTF("RTC %x phase %i\n", scr2_2, phase); */
147 if (phase == -1) {
148 phase = 0;
149 }
150 /* If we are in going down clock... do something */
151 if (((old_scr2 & SCR2_RTCLK) != (scr2_2 & SCR2_RTCLK)) &&
152 ((scr2_2 & SCR2_RTCLK) == 0)) {
153 if (phase < 8) {
154 rtc->command = (rtc->command << 1) |
155 ((scr2_2 & SCR2_RTDATA) ? 1 : 0);
156 }
157 if (phase >= 8 && phase < 16) {
158 rtc->value = (rtc->value << 1) |
159 ((scr2_2 & SCR2_RTDATA) ? 1 : 0);
160
161 /* if we read RAM register, output RT_DATA bit */
162 if (rtc->command <= 0x1F) {
163 scr2_2 = scr2_2 & (~SCR2_RTDATA);
164 if (rtc->ram[rtc->command] & (0x80 >> (phase - 8))) {
165 scr2_2 |= SCR2_RTDATA;
166 }
167
168 rtc->retval = (rtc->retval << 1) |
169 ((scr2_2 & SCR2_RTDATA) ? 1 : 0);
170 }
171 /* read the status 0x30 */
172 if (rtc->command == 0x30) {
173 scr2_2 = scr2_2 & (~SCR2_RTDATA);
174 /* for now status = 0x98 (new rtc + FTU) */
175 if (rtc->status & (0x80 >> (phase - 8))) {
176 scr2_2 |= SCR2_RTDATA;
177 }
178
179 rtc->retval = (rtc->retval << 1) |
180 ((scr2_2 & SCR2_RTDATA) ? 1 : 0);
181 }
182 /* read the status 0x31 */
183 if (rtc->command == 0x31) {
184 scr2_2 = scr2_2 & (~SCR2_RTDATA);
185 if (rtc->control & (0x80 >> (phase - 8))) {
186 scr2_2 |= SCR2_RTDATA;
187 }
188 rtc->retval = (rtc->retval << 1) |
189 ((scr2_2 & SCR2_RTDATA) ? 1 : 0);
190 }
191
192 if ((rtc->command >= 0x20) && (rtc->command <= 0x2F)) {
193 scr2_2 = scr2_2 & (~SCR2_RTDATA);
194 /* for now 0x00 */
195 time_t time_h = time(NULL);
196 struct tm *info = localtime(&time_h);
197 int ret = 0;
198
199 switch (rtc->command) {
200 case 0x20:
201 ret = SCR2_TOBCD(info->tm_sec);
202 break;
203 case 0x21:
204 ret = SCR2_TOBCD(info->tm_min);
205 break;
206 case 0x22:
207 ret = SCR2_TOBCD(info->tm_hour);
208 break;
209 case 0x24:
210 ret = SCR2_TOBCD(info->tm_mday);
211 break;
212 case 0x25:
213 ret = SCR2_TOBCD((info->tm_mon + 1));
214 break;
215 case 0x26:
216 ret = SCR2_TOBCD((info->tm_year - 100));
217 break;
218
219 }
220
221 if (ret & (0x80 >> (phase - 8))) {
222 scr2_2 |= SCR2_RTDATA;
223 }
224 rtc->retval = (rtc->retval << 1) |
225 ((scr2_2 & SCR2_RTDATA) ? 1 : 0);
226 }
227
228 }
229
230 phase++;
231 if (phase == 16) {
232 if (rtc->command >= 0x80 && rtc->command <= 0x9F) {
233 rtc->ram[rtc->command - 0x80] = rtc->value;
234 }
235 /* write to x30 register */
236 if (rtc->command == 0xB1) {
237 /* clear FTU */
238 if (rtc->value & 0x04) {
239 rtc->status = rtc->status & (~0x18);
240 s->int_status = s->int_status & (~0x04);
241 }
242 }
243 }
244 }
245 } else {
246 /* else end or abort */
247 phase = -1;
248 rtc->command = 0;
249 rtc->value = 0;
250 }
251 s->scr2 = val & 0xFFFF00FF;
252 s->scr2 |= scr2_2 << 8;
253 old_scr2 = scr2_2;
254 }
255
256 static uint32_t mmio_readb(NeXTPC *s, hwaddr addr)
257 {
258 switch (addr) {
259 case 0xc000:
260 return (s->scr1 >> 24) & 0xFF;
261 case 0xc001:
262 return (s->scr1 >> 16) & 0xFF;
263 case 0xc002:
264 return (s->scr1 >> 8) & 0xFF;
265 case 0xc003:
266 return (s->scr1 >> 0) & 0xFF;
267
268 case 0xd000:
269 return (s->scr2 >> 24) & 0xFF;
270 case 0xd001:
271 return (s->scr2 >> 16) & 0xFF;
272 case 0xd002:
273 return (s->scr2 >> 8) & 0xFF;
274 case 0xd003:
275 return (s->scr2 >> 0) & 0xFF;
276 case 0x14020:
277 DPRINTF("MMIO Read 0x4020\n");
278 return 0x7f;
279
280 default:
281 DPRINTF("MMIO Read B @ %"HWADDR_PRIx"\n", addr);
282 return 0x0;
283 }
284 }
285
286 static uint32_t mmio_readw(NeXTPC *s, hwaddr addr)
287 {
288 switch (addr) {
289 default:
290 DPRINTF("MMIO Read W @ %"HWADDR_PRIx"\n", addr);
291 return 0x0;
292 }
293 }
294
295 static uint32_t mmio_readl(NeXTPC *s, hwaddr addr)
296 {
297 switch (addr) {
298 case 0x7000:
299 /* DPRINTF("Read INT status: %x\n", s->int_status); */
300 return s->int_status;
301
302 case 0x7800:
303 DPRINTF("MMIO Read INT mask: %x\n", s->int_mask);
304 return s->int_mask;
305
306 case 0xc000:
307 return s->scr1;
308
309 case 0xd000:
310 return s->scr2;
311
312 default:
313 DPRINTF("MMIO Read L @ %"HWADDR_PRIx"\n", addr);
314 return 0x0;
315 }
316 }
317
318 static void mmio_writeb(NeXTPC *s, hwaddr addr, uint32_t val)
319 {
320 switch (addr) {
321 case 0xd003:
322 nextscr2_write(s, val, 1);
323 break;
324 default:
325 DPRINTF("MMIO Write B @ %x with %x\n", (unsigned int)addr, val);
326 }
327
328 }
329
330 static void mmio_writew(NeXTPC *s, hwaddr addr, uint32_t val)
331 {
332 DPRINTF("MMIO Write W\n");
333 }
334
335 static void mmio_writel(NeXTPC *s, hwaddr addr, uint32_t val)
336 {
337 switch (addr) {
338 case 0x7000:
339 DPRINTF("INT Status old: %x new: %x\n", s->int_status, val);
340 s->int_status = val;
341 break;
342 case 0x7800:
343 DPRINTF("INT Mask old: %x new: %x\n", s->int_mask, val);
344 s->int_mask = val;
345 break;
346 case 0xc000:
347 DPRINTF("SCR1 Write: %x\n", val);
348 break;
349 case 0xd000:
350 nextscr2_write(s, val, 4);
351 break;
352
353 default:
354 DPRINTF("MMIO Write l @ %x with %x\n", (unsigned int)addr, val);
355 }
356 }
357
358 static uint64_t mmio_readfn(void *opaque, hwaddr addr, unsigned size)
359 {
360 NeXTPC *s = NEXT_PC(opaque);
361
362 switch (size) {
363 case 1:
364 return mmio_readb(s, addr);
365 case 2:
366 return mmio_readw(s, addr);
367 case 4:
368 return mmio_readl(s, addr);
369 default:
370 g_assert_not_reached();
371 }
372 }
373
374 static void mmio_writefn(void *opaque, hwaddr addr, uint64_t value,
375 unsigned size)
376 {
377 NeXTPC *s = NEXT_PC(opaque);
378
379 switch (size) {
380 case 1:
381 mmio_writeb(s, addr, value);
382 break;
383 case 2:
384 mmio_writew(s, addr, value);
385 break;
386 case 4:
387 mmio_writel(s, addr, value);
388 break;
389 default:
390 g_assert_not_reached();
391 }
392 }
393
394 static const MemoryRegionOps mmio_ops = {
395 .read = mmio_readfn,
396 .write = mmio_writefn,
397 .valid.min_access_size = 1,
398 .valid.max_access_size = 4,
399 .endianness = DEVICE_NATIVE_ENDIAN,
400 };
401
402 static uint32_t scr_readb(NeXTPC *s, hwaddr addr)
403 {
404 switch (addr) {
405 case 0x14108:
406 DPRINTF("FD read @ %x\n", (unsigned int)addr);
407 return 0x40 | 0x04 | 0x2 | 0x1;
408 case 0x14020:
409 DPRINTF("SCSI 4020 STATUS READ %X\n", s->scsi_csr_1);
410 return s->scsi_csr_1;
411
412 case 0x14021:
413 DPRINTF("SCSI 4021 STATUS READ %X\n", s->scsi_csr_2);
414 return 0x40;
415
416 /*
417 * These 4 registers are the hardware timer, not sure which register
418 * is the latch instead of data, but no problems so far
419 */
420 case 0x1a000:
421 return 0xff & (clock() >> 24);
422 case 0x1a001:
423 return 0xff & (clock() >> 16);
424 case 0x1a002:
425 return 0xff & (clock() >> 8);
426 case 0x1a003:
427 /* Hack: We need to have this change consistently to make it work */
428 return 0xFF & clock();
429
430 default:
431 DPRINTF("BMAP Read B @ %x\n", (unsigned int)addr);
432 return 0;
433 }
434 }
435
436 static uint32_t scr_readw(NeXTPC *s, hwaddr addr)
437 {
438 DPRINTF("BMAP Read W @ %x\n", (unsigned int)addr);
439 return 0;
440 }
441
442 static uint32_t scr_readl(NeXTPC *s, hwaddr addr)
443 {
444 DPRINTF("BMAP Read L @ %x\n", (unsigned int)addr);
445 return 0;
446 }
447
448 #define SCSICSR_ENABLE 0x01
449 #define SCSICSR_RESET 0x02 /* reset scsi dma */
450 #define SCSICSR_FIFOFL 0x04
451 #define SCSICSR_DMADIR 0x08 /* if set, scsi to mem */
452 #define SCSICSR_CPUDMA 0x10 /* if set, dma enabled */
453 #define SCSICSR_INTMASK 0x20 /* if set, interrupt enabled */
454
455 static void scr_writeb(NeXTPC *s, hwaddr addr, uint32_t value)
456 {
457 switch (addr) {
458 case 0x14108:
459 DPRINTF("FDCSR Write: %x\n", value);
460
461 if (value == 0x0) {
462 /* qemu_irq_raise(s->fd_irq[0]); */
463 }
464 break;
465 case 0x14020: /* SCSI Control Register */
466 if (value & SCSICSR_FIFOFL) {
467 DPRINTF("SCSICSR FIFO Flush\n");
468 /* will have to add another irq to the esp if this is needed */
469 /* esp_puflush_fifo(esp_g); */
470 /* qemu_irq_pulse(s->scsi_dma); */
471 }
472
473 if (value & SCSICSR_ENABLE) {
474 DPRINTF("SCSICSR Enable\n");
475 /*
476 * qemu_irq_raise(s->scsi_dma);
477 * s->scsi_csr_1 = 0xc0;
478 * s->scsi_csr_1 |= 0x1;
479 * qemu_irq_pulse(s->scsi_dma);
480 */
481 }
482 /*
483 * else
484 * s->scsi_csr_1 &= ~SCSICSR_ENABLE;
485 */
486
487 if (value & SCSICSR_RESET) {
488 DPRINTF("SCSICSR Reset\n");
489 /* I think this should set DMADIR. CPUDMA and INTMASK to 0 */
490 /* qemu_irq_raise(s->scsi_reset); */
491 /* s->scsi_csr_1 &= ~(SCSICSR_INTMASK |0x80|0x1); */
492
493 }
494 if (value & SCSICSR_DMADIR) {
495 DPRINTF("SCSICSR DMAdir\n");
496 }
497 if (value & SCSICSR_CPUDMA) {
498 DPRINTF("SCSICSR CPUDMA\n");
499 /* qemu_irq_raise(s->scsi_dma); */
500
501 s->int_status |= 0x4000000;
502 } else {
503 s->int_status &= ~(0x4000000);
504 }
505 if (value & SCSICSR_INTMASK) {
506 DPRINTF("SCSICSR INTMASK\n");
507 /*
508 * int_mask &= ~0x1000;
509 * s->scsi_csr_1 |= value;
510 * s->scsi_csr_1 &= ~SCSICSR_INTMASK;
511 * if (s->scsi_queued) {
512 * s->scsi_queued = 0;
513 * next_irq(s, NEXT_SCSI_I, level);
514 * }
515 */
516 } else {
517 /* int_mask |= 0x1000; */
518 }
519 if (value & 0x80) {
520 /* int_mask |= 0x1000; */
521 /* s->scsi_csr_1 |= 0x80; */
522 }
523 DPRINTF("SCSICSR Write: %x\n", value);
524 /* s->scsi_csr_1 = value; */
525 return;
526 /* Hardware timer latch - not implemented yet */
527 case 0x1a000:
528 default:
529 DPRINTF("BMAP Write B @ %x with %x\n", (unsigned int)addr, value);
530 }
531 }
532
533 static void scr_writew(NeXTPC *s, hwaddr addr, uint32_t value)
534 {
535 DPRINTF("BMAP Write W @ %x with %x\n", (unsigned int)addr, value);
536 }
537
538 static void scr_writel(NeXTPC *s, hwaddr addr, uint32_t value)
539 {
540 DPRINTF("BMAP Write L @ %x with %x\n", (unsigned int)addr, value);
541 }
542
543 static uint64_t scr_readfn(void *opaque, hwaddr addr, unsigned size)
544 {
545 NeXTPC *s = NEXT_PC(opaque);
546
547 switch (size) {
548 case 1:
549 return scr_readb(s, addr);
550 case 2:
551 return scr_readw(s, addr);
552 case 4:
553 return scr_readl(s, addr);
554 default:
555 g_assert_not_reached();
556 }
557 }
558
559 static void scr_writefn(void *opaque, hwaddr addr, uint64_t value,
560 unsigned size)
561 {
562 NeXTPC *s = NEXT_PC(opaque);
563
564 switch (size) {
565 case 1:
566 scr_writeb(s, addr, value);
567 break;
568 case 2:
569 scr_writew(s, addr, value);
570 break;
571 case 4:
572 scr_writel(s, addr, value);
573 break;
574 default:
575 g_assert_not_reached();
576 }
577 }
578
579 static const MemoryRegionOps scr_ops = {
580 .read = scr_readfn,
581 .write = scr_writefn,
582 .valid.min_access_size = 1,
583 .valid.max_access_size = 4,
584 .endianness = DEVICE_NATIVE_ENDIAN,
585 };
586
587 #define NEXTDMA_SCSI(x) (0x10 + x)
588 #define NEXTDMA_FD(x) (0x10 + x)
589 #define NEXTDMA_ENTX(x) (0x110 + x)
590 #define NEXTDMA_ENRX(x) (0x150 + x)
591 #define NEXTDMA_CSR 0x0
592 #define NEXTDMA_NEXT 0x4000
593 #define NEXTDMA_LIMIT 0x4004
594 #define NEXTDMA_START 0x4008
595 #define NEXTDMA_STOP 0x400c
596 #define NEXTDMA_NEXT_INIT 0x4200
597 #define NEXTDMA_SIZE 0x4204
598
599 static void dma_writel(void *opaque, hwaddr addr, uint64_t value,
600 unsigned int size)
601 {
602 NeXTState *next_state = NEXT_MACHINE(opaque);
603
604 switch (addr) {
605 case NEXTDMA_ENRX(NEXTDMA_CSR):
606 if (value & DMA_DEV2M) {
607 next_state->dma[NEXTDMA_ENRX].csr |= DMA_DEV2M;
608 }
609
610 if (value & DMA_SETENABLE) {
611 /* DPRINTF("SCSI DMA ENABLE\n"); */
612 next_state->dma[NEXTDMA_ENRX].csr |= DMA_ENABLE;
613 }
614 if (value & DMA_SETSUPDATE) {
615 next_state->dma[NEXTDMA_ENRX].csr |= DMA_SUPDATE;
616 }
617 if (value & DMA_CLRCOMPLETE) {
618 next_state->dma[NEXTDMA_ENRX].csr &= ~DMA_COMPLETE;
619 }
620
621 if (value & DMA_RESET) {
622 next_state->dma[NEXTDMA_ENRX].csr &= ~(DMA_COMPLETE | DMA_SUPDATE |
623 DMA_ENABLE | DMA_DEV2M);
624 }
625 /* DPRINTF("RXCSR \tWrite: %x\n",value); */
626 break;
627 case NEXTDMA_ENRX(NEXTDMA_NEXT_INIT):
628 next_state->dma[NEXTDMA_ENRX].next_initbuf = value;
629 break;
630 case NEXTDMA_ENRX(NEXTDMA_NEXT):
631 next_state->dma[NEXTDMA_ENRX].next = value;
632 break;
633 case NEXTDMA_ENRX(NEXTDMA_LIMIT):
634 next_state->dma[NEXTDMA_ENRX].limit = value;
635 break;
636 case NEXTDMA_SCSI(NEXTDMA_CSR):
637 if (value & DMA_DEV2M) {
638 next_state->dma[NEXTDMA_SCSI].csr |= DMA_DEV2M;
639 }
640 if (value & DMA_SETENABLE) {
641 /* DPRINTF("SCSI DMA ENABLE\n"); */
642 next_state->dma[NEXTDMA_SCSI].csr |= DMA_ENABLE;
643 }
644 if (value & DMA_SETSUPDATE) {
645 next_state->dma[NEXTDMA_SCSI].csr |= DMA_SUPDATE;
646 }
647 if (value & DMA_CLRCOMPLETE) {
648 next_state->dma[NEXTDMA_SCSI].csr &= ~DMA_COMPLETE;
649 }
650
651 if (value & DMA_RESET) {
652 next_state->dma[NEXTDMA_SCSI].csr &= ~(DMA_COMPLETE | DMA_SUPDATE |
653 DMA_ENABLE | DMA_DEV2M);
654 /* DPRINTF("SCSI DMA RESET\n"); */
655 }
656 /* DPRINTF("RXCSR \tWrite: %x\n",value); */
657 break;
658
659 case NEXTDMA_SCSI(NEXTDMA_NEXT):
660 next_state->dma[NEXTDMA_SCSI].next = value;
661 break;
662
663 case NEXTDMA_SCSI(NEXTDMA_LIMIT):
664 next_state->dma[NEXTDMA_SCSI].limit = value;
665 break;
666
667 case NEXTDMA_SCSI(NEXTDMA_START):
668 next_state->dma[NEXTDMA_SCSI].start = value;
669 break;
670
671 case NEXTDMA_SCSI(NEXTDMA_STOP):
672 next_state->dma[NEXTDMA_SCSI].stop = value;
673 break;
674
675 case NEXTDMA_SCSI(NEXTDMA_NEXT_INIT):
676 next_state->dma[NEXTDMA_SCSI].next_initbuf = value;
677 break;
678
679 default:
680 DPRINTF("DMA write @ %x w/ %x\n", (unsigned)addr, (unsigned)value);
681 }
682 }
683
684 static uint64_t dma_readl(void *opaque, hwaddr addr, unsigned int size)
685 {
686 NeXTState *next_state = NEXT_MACHINE(opaque);
687
688 switch (addr) {
689 case NEXTDMA_SCSI(NEXTDMA_CSR):
690 DPRINTF("SCSI DMA CSR READ\n");
691 return next_state->dma[NEXTDMA_SCSI].csr;
692 case NEXTDMA_ENRX(NEXTDMA_CSR):
693 return next_state->dma[NEXTDMA_ENRX].csr;
694 case NEXTDMA_ENRX(NEXTDMA_NEXT_INIT):
695 return next_state->dma[NEXTDMA_ENRX].next_initbuf;
696 case NEXTDMA_ENRX(NEXTDMA_NEXT):
697 return next_state->dma[NEXTDMA_ENRX].next;
698 case NEXTDMA_ENRX(NEXTDMA_LIMIT):
699 return next_state->dma[NEXTDMA_ENRX].limit;
700
701 case NEXTDMA_SCSI(NEXTDMA_NEXT):
702 return next_state->dma[NEXTDMA_SCSI].next;
703 case NEXTDMA_SCSI(NEXTDMA_NEXT_INIT):
704 return next_state->dma[NEXTDMA_SCSI].next_initbuf;
705 case NEXTDMA_SCSI(NEXTDMA_LIMIT):
706 return next_state->dma[NEXTDMA_SCSI].limit;
707 case NEXTDMA_SCSI(NEXTDMA_START):
708 return next_state->dma[NEXTDMA_SCSI].start;
709 case NEXTDMA_SCSI(NEXTDMA_STOP):
710 return next_state->dma[NEXTDMA_SCSI].stop;
711
712 default:
713 DPRINTF("DMA read @ %x\n", (unsigned int)addr);
714 return 0;
715 }
716
717 /*
718 * once the csr's are done, subtract 0x3FEC from the addr, and that will
719 * normalize the upper registers
720 */
721 }
722
723 static const MemoryRegionOps dma_ops = {
724 .read = dma_readl,
725 .write = dma_writel,
726 .impl.min_access_size = 4,
727 .valid.min_access_size = 4,
728 .valid.max_access_size = 4,
729 .endianness = DEVICE_NATIVE_ENDIAN,
730 };
731
732 static void next_irq(void *opaque, int number, int level)
733 {
734 NeXTPC *s = NEXT_PC(opaque);
735 M68kCPU *cpu = s->cpu;
736 int shift = 0;
737
738 /* first switch sets interupt status */
739 /* DPRINTF("IRQ %i\n",number); */
740 switch (number) {
741 /* level 3 - floppy, kbd/mouse, power, ether rx/tx, scsi, clock */
742 case NEXT_FD_I:
743 shift = 7;
744 break;
745 case NEXT_KBD_I:
746 shift = 3;
747 break;
748 case NEXT_PWR_I:
749 shift = 2;
750 break;
751 case NEXT_ENRX_I:
752 shift = 9;
753 break;
754 case NEXT_ENTX_I:
755 shift = 10;
756 break;
757 case NEXT_SCSI_I:
758 shift = 12;
759 break;
760 case NEXT_CLK_I:
761 shift = 5;
762 break;
763
764 /* level 5 - scc (serial) */
765 case NEXT_SCC_I:
766 shift = 17;
767 break;
768
769 /* level 6 - audio etherrx/tx dma */
770 case NEXT_ENTX_DMA_I:
771 shift = 28;
772 break;
773 case NEXT_ENRX_DMA_I:
774 shift = 27;
775 break;
776 case NEXT_SCSI_DMA_I:
777 shift = 26;
778 break;
779 case NEXT_SND_I:
780 shift = 23;
781 break;
782 case NEXT_SCC_DMA_I:
783 shift = 21;
784 break;
785
786 }
787 /*
788 * this HAS to be wrong, the interrupt handlers in mach and together
789 * int_status and int_mask and return if there is a hit
790 */
791 if (s->int_mask & (1 << shift)) {
792 DPRINTF("%x interrupt masked @ %x\n", 1 << shift, cpu->env.pc);
793 /* return; */
794 }
795
796 /* second switch triggers the correct interrupt */
797 if (level) {
798 s->int_status |= 1 << shift;
799
800 switch (number) {
801 /* level 3 - floppy, kbd/mouse, power, ether rx/tx, scsi, clock */
802 case NEXT_FD_I:
803 case NEXT_KBD_I:
804 case NEXT_PWR_I:
805 case NEXT_ENRX_I:
806 case NEXT_ENTX_I:
807 case NEXT_SCSI_I:
808 case NEXT_CLK_I:
809 m68k_set_irq_level(cpu, 3, 27);
810 break;
811
812 /* level 5 - scc (serial) */
813 case NEXT_SCC_I:
814 m68k_set_irq_level(cpu, 5, 29);
815 break;
816
817 /* level 6 - audio etherrx/tx dma */
818 case NEXT_ENTX_DMA_I:
819 case NEXT_ENRX_DMA_I:
820 case NEXT_SCSI_DMA_I:
821 case NEXT_SND_I:
822 case NEXT_SCC_DMA_I:
823 m68k_set_irq_level(cpu, 6, 30);
824 break;
825 }
826 } else {
827 s->int_status &= ~(1 << shift);
828 cpu_reset_interrupt(CPU(cpu), CPU_INTERRUPT_HARD);
829 }
830 }
831
832 static void next_escc_init(DeviceState *pcdev)
833 {
834 DeviceState *dev;
835 SysBusDevice *s;
836
837 dev = qdev_new(TYPE_ESCC);
838 qdev_prop_set_uint32(dev, "disabled", 0);
839 qdev_prop_set_uint32(dev, "frequency", 9600 * 384);
840 qdev_prop_set_uint32(dev, "it_shift", 0);
841 qdev_prop_set_bit(dev, "bit_swap", true);
842 qdev_prop_set_chr(dev, "chrB", serial_hd(1));
843 qdev_prop_set_chr(dev, "chrA", serial_hd(0));
844 qdev_prop_set_uint32(dev, "chnBtype", escc_serial);
845 qdev_prop_set_uint32(dev, "chnAtype", escc_serial);
846
847 s = SYS_BUS_DEVICE(dev);
848 sysbus_realize_and_unref(s, &error_fatal);
849 sysbus_connect_irq(s, 0, qdev_get_gpio_in(pcdev, NEXT_SCC_I));
850 sysbus_connect_irq(s, 1, qdev_get_gpio_in(pcdev, NEXT_SCC_DMA_I));
851 sysbus_mmio_map(s, 0, 0x2118000);
852 }
853
854 static void next_pc_reset(DeviceState *dev)
855 {
856 NeXTPC *s = NEXT_PC(dev);
857
858 /* Set internal registers to initial values */
859 /* 0x0000XX00 << vital bits */
860 s->scr1 = 0x00011102;
861 s->scr2 = 0x00ff0c80;
862
863 s->rtc.status = 0x90;
864
865 /* Load RTC RAM - TODO: provide possibility to load contents from file */
866 memcpy(s->rtc.ram, rtc_ram2, 32);
867 }
868
869 static void next_pc_realize(DeviceState *dev, Error **errp)
870 {
871 NeXTPC *s = NEXT_PC(dev);
872 SysBusDevice *sbd = SYS_BUS_DEVICE(dev);
873
874 qdev_init_gpio_in(dev, next_irq, NEXT_NUM_IRQS);
875
876 memory_region_init_io(&s->mmiomem, OBJECT(s), &mmio_ops, s,
877 "next.mmio", 0xD0000);
878 memory_region_init_io(&s->scrmem, OBJECT(s), &scr_ops, s,
879 "next.scr", 0x20000);
880 sysbus_init_mmio(sbd, &s->mmiomem);
881 sysbus_init_mmio(sbd, &s->scrmem);
882 }
883
884 /*
885 * If the m68k CPU implemented its inbound irq lines as GPIO lines
886 * rather than via the m68k_set_irq_level() function we would not need
887 * this cpu link property and could instead provide outbound IRQ lines
888 * that the board could wire up to the CPU.
889 */
890 static Property next_pc_properties[] = {
891 DEFINE_PROP_LINK("cpu", NeXTPC, cpu, TYPE_M68K_CPU, M68kCPU *),
892 DEFINE_PROP_END_OF_LIST(),
893 };
894
895 static const VMStateDescription next_rtc_vmstate = {
896 .name = "next-rtc",
897 .version_id = 1,
898 .minimum_version_id = 1,
899 .fields = (VMStateField[]) {
900 VMSTATE_UINT8_ARRAY(ram, NextRtc, 32),
901 VMSTATE_UINT8(command, NextRtc),
902 VMSTATE_UINT8(value, NextRtc),
903 VMSTATE_UINT8(status, NextRtc),
904 VMSTATE_UINT8(control, NextRtc),
905 VMSTATE_UINT8(retval, NextRtc),
906 VMSTATE_END_OF_LIST()
907 },
908 };
909
910 static const VMStateDescription next_pc_vmstate = {
911 .name = "next-pc",
912 .version_id = 1,
913 .minimum_version_id = 1,
914 .fields = (VMStateField[]) {
915 VMSTATE_UINT32(scr1, NeXTPC),
916 VMSTATE_UINT32(scr2, NeXTPC),
917 VMSTATE_UINT32(int_mask, NeXTPC),
918 VMSTATE_UINT32(int_status, NeXTPC),
919 VMSTATE_UINT8(scsi_csr_1, NeXTPC),
920 VMSTATE_UINT8(scsi_csr_2, NeXTPC),
921 VMSTATE_STRUCT(rtc, NeXTPC, 0, next_rtc_vmstate, NextRtc),
922 VMSTATE_END_OF_LIST()
923 },
924 };
925
926 static void next_pc_class_init(ObjectClass *klass, void *data)
927 {
928 DeviceClass *dc = DEVICE_CLASS(klass);
929
930 dc->desc = "NeXT Peripheral Controller";
931 dc->realize = next_pc_realize;
932 dc->reset = next_pc_reset;
933 device_class_set_props(dc, next_pc_properties);
934 dc->vmsd = &next_pc_vmstate;
935 }
936
937 static const TypeInfo next_pc_info = {
938 .name = TYPE_NEXT_PC,
939 .parent = TYPE_SYS_BUS_DEVICE,
940 .instance_size = sizeof(NeXTPC),
941 .class_init = next_pc_class_init,
942 };
943
944 static void next_cube_init(MachineState *machine)
945 {
946 M68kCPU *cpu;
947 CPUM68KState *env;
948 MemoryRegion *rom = g_new(MemoryRegion, 1);
949 MemoryRegion *dmamem = g_new(MemoryRegion, 1);
950 MemoryRegion *bmapm1 = g_new(MemoryRegion, 1);
951 MemoryRegion *bmapm2 = g_new(MemoryRegion, 1);
952 MemoryRegion *sysmem = get_system_memory();
953 const char *bios_name = machine->firmware ?: ROM_FILE;
954 DeviceState *dev;
955 DeviceState *pcdev;
956
957 /* Initialize the cpu core */
958 cpu = M68K_CPU(cpu_create(machine->cpu_type));
959 if (!cpu) {
960 error_report("Unable to find m68k CPU definition");
961 exit(1);
962 }
963 env = &cpu->env;
964
965 /* Initialize CPU registers. */
966 env->vbr = 0;
967 env->sr = 0x2700;
968
969 /* Peripheral Controller */
970 pcdev = qdev_new(TYPE_NEXT_PC);
971 object_property_set_link(OBJECT(pcdev), "cpu", OBJECT(cpu), &error_abort);
972 sysbus_realize_and_unref(SYS_BUS_DEVICE(pcdev), &error_fatal);
973
974 /* 64MB RAM starting at 0x04000000 */
975 memory_region_add_subregion(sysmem, 0x04000000, machine->ram);
976
977 /* Framebuffer */
978 dev = qdev_new(TYPE_NEXTFB);
979 sysbus_realize_and_unref(SYS_BUS_DEVICE(dev), &error_fatal);
980 sysbus_mmio_map(SYS_BUS_DEVICE(dev), 0, 0x0B000000);
981
982 /* MMIO */
983 sysbus_mmio_map(SYS_BUS_DEVICE(pcdev), 0, 0x02000000);
984
985 /* BMAP IO - acts as a catch-all for now */
986 sysbus_mmio_map(SYS_BUS_DEVICE(pcdev), 1, 0x02100000);
987
988 /* BMAP memory */
989 memory_region_init_ram_shared_nomigrate(bmapm1, NULL, "next.bmapmem", 64,
990 true, &error_fatal);
991 memory_region_add_subregion(sysmem, 0x020c0000, bmapm1);
992 /* The Rev_2.5_v66.bin firmware accesses it at 0x820c0020, too */
993 memory_region_init_alias(bmapm2, NULL, "next.bmapmem2", bmapm1, 0x0, 64);
994 memory_region_add_subregion(sysmem, 0x820c0000, bmapm2);
995
996 /* KBD */
997 dev = qdev_new(TYPE_NEXTKBD);
998 sysbus_realize_and_unref(SYS_BUS_DEVICE(dev), &error_fatal);
999 sysbus_mmio_map(SYS_BUS_DEVICE(dev), 0, 0x0200e000);
1000
1001 /* Load ROM here */
1002 /* still not sure if the rom should also be mapped at 0x0*/
1003 memory_region_init_rom(rom, NULL, "next.rom", 0x20000, &error_fatal);
1004 memory_region_add_subregion(sysmem, 0x01000000, rom);
1005 if (load_image_targphys(bios_name, 0x01000000, 0x20000) < 8) {
1006 if (!qtest_enabled()) {
1007 error_report("Failed to load firmware '%s'.", bios_name);
1008 }
1009 } else {
1010 uint8_t *ptr;
1011 /* Initial PC is always at offset 4 in firmware binaries */
1012 ptr = rom_ptr(0x01000004, 4);
1013 g_assert(ptr != NULL);
1014 env->pc = ldl_p(ptr);
1015 if (env->pc >= 0x01020000) {
1016 error_report("'%s' does not seem to be a valid firmware image.",
1017 bios_name);
1018 exit(1);
1019 }
1020 }
1021
1022 /* Serial */
1023 next_escc_init(pcdev);
1024
1025 /* TODO: */
1026 /* Network */
1027 /* SCSI */
1028
1029 /* DMA */
1030 memory_region_init_io(dmamem, NULL, &dma_ops, machine, "next.dma", 0x5000);
1031 memory_region_add_subregion(sysmem, 0x02000000, dmamem);
1032 }
1033
1034 static void next_machine_class_init(ObjectClass *oc, void *data)
1035 {
1036 MachineClass *mc = MACHINE_CLASS(oc);
1037
1038 mc->desc = "NeXT Cube";
1039 mc->init = next_cube_init;
1040 mc->default_ram_size = RAM_SIZE;
1041 mc->default_ram_id = "next.ram";
1042 mc->default_cpu_type = M68K_CPU_TYPE_NAME("m68040");
1043 }
1044
1045 static const TypeInfo next_typeinfo = {
1046 .name = TYPE_NEXT_MACHINE,
1047 .parent = TYPE_MACHINE,
1048 .class_init = next_machine_class_init,
1049 .instance_size = sizeof(NeXTState),
1050 };
1051
1052 static void next_register_type(void)
1053 {
1054 type_register_static(&next_typeinfo);
1055 type_register_static(&next_pc_info);
1056 }
1057
1058 type_init(next_register_type)
QEmu