/
valemobil
/
qemu
GigaCode
beta
ОбзорЦентр заботыВойти

qemu

Форк
0
Ветки: 48Коммиты: 115287Теги: 388
qemu
/hw
/misc
/
mac_via.c 
1447 строк · 49.5 Кб
1
/*
2
 * QEMU m68k Macintosh VIA device support
3
 *
4
 * Copyright (c) 2011-2018 Laurent Vivier
5
 * Copyright (c) 2018 Mark Cave-Ayland
6
 *
7
 * Some parts from hw/misc/macio/cuda.c
8
 *
9
 * Copyright (c) 2004-2007 Fabrice Bellard
10
 * Copyright (c) 2007 Jocelyn Mayer
11
 *
12
 * some parts from linux-2.6.29, arch/m68k/include/asm/mac_via.h
13
 *
14
 * This work is licensed under the terms of the GNU GPL, version 2 or later.
15
 * See the COPYING file in the top-level directory.
16
 */
17


18
#include "qemu/osdep.h"
19
#include "exec/address-spaces.h"
20
#include "migration/vmstate.h"
21
#include "hw/sysbus.h"
22
#include "hw/irq.h"
23
#include "qemu/timer.h"
24
#include "hw/misc/mac_via.h"
25
#include "hw/misc/mos6522.h"
26
#include "hw/input/adb.h"
27
#include "sysemu/runstate.h"
28
#include "qapi/error.h"
29
#include "qemu/cutils.h"
30
#include "hw/qdev-properties.h"
31
#include "hw/qdev-properties-system.h"
32
#include "sysemu/block-backend.h"
33
#include "sysemu/rtc.h"
34
#include "trace.h"
35
#include "qemu/log.h"
36


37
/*
38
 * VIAs: There are two in every machine
39
 */
40


41
/*
42
 * Not all of these are true post MacII I think.
43
 * CSA: probably the ones CHRP marks as 'unused' change purposes
44
 * when the IWM becomes the SWIM.
45
 * http://www.rs6000.ibm.com/resource/technology/chrpio/via5.mak.html
46
 * ftp://ftp.austin.ibm.com/pub/technology/spec/chrp/inwork/CHRP_IORef_1.0.pdf
47
 *
48
 * also, http://developer.apple.com/technotes/hw/hw_09.html claims the
49
 * following changes for IIfx:
50
 * VIA1A_vSccWrReq not available and that VIA1A_vSync has moved to an IOP.
51
 * Also, "All of the functionality of VIA2 has been moved to other chips".
52
 */
53


54
#define VIA1A_vSccWrReq 0x80   /*
55
                                * SCC write. (input)
56
                                * [CHRP] SCC WREQ: Reflects the state of the
57
                                * Wait/Request pins from the SCC.
58
                                * [Macintosh Family Hardware]
59
                                * as CHRP on SE/30,II,IIx,IIcx,IIci.
60
                                * on IIfx, "0 means an active request"
61
                                */
62
#define VIA1A_vRev8     0x40   /*
63
                                * Revision 8 board ???
64
                                * [CHRP] En WaitReqB: Lets the WaitReq_L
65
                                * signal from port B of the SCC appear on
66
                                * the PA7 input pin. Output.
67
                                * [Macintosh Family] On the SE/30, this
68
                                * is the bit to flip screen buffers.
69
                                * 0=alternate, 1=main.
70
                                * on II,IIx,IIcx,IIci,IIfx this is a bit
71
                                * for Rev ID. 0=II,IIx, 1=IIcx,IIci,IIfx
72
                                */
73
#define VIA1A_vHeadSel  0x20   /*
74
                                * Head select for IWM.
75
                                * [CHRP] unused.
76
                                * [Macintosh Family] "Floppy disk
77
                                * state-control line SEL" on all but IIfx
78
                                */
79
#define VIA1A_vOverlay  0x10   /*
80
                                * [Macintosh Family] On SE/30,II,IIx,IIcx
81
                                * this bit enables the "Overlay" address
82
                                * map in the address decoders as it is on
83
                                * reset for mapping the ROM over the reset
84
                                * vector. 1=use overlay map.
85
                                * On the IIci,IIfx it is another bit of the
86
                                * CPU ID: 0=normal IIci, 1=IIci with parity
87
                                * feature or IIfx.
88
                                * [CHRP] En WaitReqA: Lets the WaitReq_L
89
                                * signal from port A of the SCC appear
90
                                * on the PA7 input pin (CHRP). Output.
91
                                * [MkLinux] "Drive Select"
92
                                *  (with 0x20 being 'disk head select')
93
                                */
94
#define VIA1A_vSync     0x08   /*
95
                                * [CHRP] Sync Modem: modem clock select:
96
                                * 1: select the external serial clock to
97
                                *    drive the SCC's /RTxCA pin.
98
                                * 0: Select the 3.6864MHz clock to drive
99
                                *    the SCC cell.
100
                                * [Macintosh Family] Correct on all but IIfx
101
                                */
102


103
/*
104
 * Macintosh Family Hardware sez: bits 0-2 of VIA1A are volume control
105
 * on Macs which had the PWM sound hardware.  Reserved on newer models.
106
 * On IIci,IIfx, bits 1-2 are the rest of the CPU ID:
107
 * bit 2: 1=IIci, 0=IIfx
108
 * bit 1: 1 on both IIci and IIfx.
109
 * MkLinux sez bit 0 is 'burnin flag' in this case.
110
 * CHRP sez: VIA1A bits 0-2 and 5 are 'unused': if programmed as
111
 * inputs, these bits will read 0.
112
 */
113
#define VIA1A_vVolume   0x07    /* Audio volume mask for PWM */
114
#define VIA1A_CPUID0    0x02    /* CPU id bit 0 on RBV, others */
115
#define VIA1A_CPUID1    0x04    /* CPU id bit 0 on RBV, others */
116
#define VIA1A_CPUID2    0x10    /* CPU id bit 0 on RBV, others */
117
#define VIA1A_CPUID3    0x40    /* CPU id bit 0 on RBV, others */
118
#define VIA1A_CPUID_MASK (VIA1A_CPUID0 | VIA1A_CPUID1 | \
119
                          VIA1A_CPUID2 | VIA1A_CPUID3)
120
#define VIA1A_CPUID_Q800 (VIA1A_CPUID0 | VIA1A_CPUID2)
121


122
/*
123
 * Info on VIA1B is from Macintosh Family Hardware & MkLinux.
124
 * CHRP offers no info.
125
 */
126
#define VIA1B_vSound   0x80    /*
127
                                * Sound enable (for compatibility with
128
                                * PWM hardware) 0=enabled.
129
                                * Also, on IIci w/parity, shows parity error
130
                                * 0=error, 1=OK.
131
                                */
132
#define VIA1B_vMystery 0x40    /*
133
                                * On IIci, parity enable. 0=enabled,1=disabled
134
                                * On SE/30, vertical sync interrupt enable.
135
                                * 0=enabled. This vSync interrupt shows up
136
                                * as a slot $E interrupt.
137
                                * On Quadra 800 this bit toggles A/UX mode which
138
                                * configures the glue logic to deliver some IRQs
139
                                * at different levels compared to a classic
140
                                * Mac.
141
                                */
142
#define VIA1B_vADBS2   0x20    /* ADB state input bit 1 (unused on IIfx) */
143
#define VIA1B_vADBS1   0x10    /* ADB state input bit 0 (unused on IIfx) */
144
#define VIA1B_vADBInt  0x08    /* ADB interrupt 0=interrupt (unused on IIfx)*/
145
#define VIA1B_vRTCEnb  0x04    /* Enable Real time clock. 0=enabled. */
146
#define VIA1B_vRTCClk  0x02    /* Real time clock serial-clock line. */
147
#define VIA1B_vRTCData 0x01    /* Real time clock serial-data line. */
148


149
/*
150
 *    VIA2 A register is the interrupt lines raised off the nubus
151
 *    slots.
152
 *      The below info is from 'Macintosh Family Hardware.'
153
 *      MkLinux calls the 'IIci internal video IRQ' below the 'RBV slot 0 irq.'
154
 *      It also notes that the slot $9 IRQ is the 'Ethernet IRQ' and
155
 *      defines the 'Video IRQ' as 0x40 for the 'EVR' VIA work-alike.
156
 *      Perhaps OSS uses vRAM1 and vRAM2 for ADB.
157
 */
158


159
#define VIA2A_vRAM1    0x80    /* RAM size bit 1 (IIci: reserved) */
160
#define VIA2A_vRAM0    0x40    /* RAM size bit 0 (IIci: internal video IRQ) */
161
#define VIA2A_vIRQE    0x20    /* IRQ from slot $E */
162
#define VIA2A_vIRQD    0x10    /* IRQ from slot $D */
163
#define VIA2A_vIRQC    0x08    /* IRQ from slot $C */
164
#define VIA2A_vIRQB    0x04    /* IRQ from slot $B */
165
#define VIA2A_vIRQA    0x02    /* IRQ from slot $A */
166
#define VIA2A_vIRQ9    0x01    /* IRQ from slot $9 */
167


168
/*
169
 * RAM size bits decoded as follows:
170
 * bit1 bit0  size of ICs in bank A
171
 *  0    0    256 kbit
172
 *  0    1    1 Mbit
173
 *  1    0    4 Mbit
174
 *  1    1   16 Mbit
175
 */
176


177
/*
178
 *    Register B has the fun stuff in it
179
 */
180


181
#define VIA2B_vVBL    0x80    /*
182
                               * VBL output to VIA1 (60.15Hz) driven by
183
                               * timer T1.
184
                               * on IIci, parity test: 0=test mode.
185
                               * [MkLinux] RBV_PARODD: 1=odd,0=even.
186
                               */
187
#define VIA2B_vSndJck 0x40    /*
188
                               * External sound jack status.
189
                               * 0=plug is inserted.  On SE/30, always 0
190
                               */
191
#define VIA2B_vTfr0   0x20    /* Transfer mode bit 0 ack from NuBus */
192
#define VIA2B_vTfr1   0x10    /* Transfer mode bit 1 ack from NuBus */
193
#define VIA2B_vMode32 0x08    /*
194
                               * 24/32bit switch - doubles as cache flush
195
                               * on II, AMU/PMMU control.
196
                               *   if AMU, 0=24bit to 32bit translation
197
                               *   if PMMU, 1=PMMU is accessing page table.
198
                               * on SE/30 tied low.
199
                               * on IIx,IIcx,IIfx, unused.
200
                               * on IIci/RBV, cache control. 0=flush cache.
201
                               */
202
#define VIA2B_vPower  0x04   /*
203
                              * Power off, 0=shut off power.
204
                              * on SE/30 this signal sent to PDS card.
205
                              */
206
#define VIA2B_vBusLk  0x02   /*
207
                              * Lock NuBus transactions, 0=locked.
208
                              * on SE/30 sent to PDS card.
209
                              */
210
#define VIA2B_vCDis   0x01   /*
211
                              * Cache control. On IIci, 1=disable cache card
212
                              * on others, 0=disable processor's instruction
213
                              * and data caches.
214
                              */
215


216
/* interrupt flags */
217


218
#define IRQ_SET         0x80
219


220
/* common */
221


222
#define VIA_IRQ_TIMER1      0x40
223
#define VIA_IRQ_TIMER2      0x20
224


225
/*
226
 * Apple sez: http://developer.apple.com/technotes/ov/ov_04.html
227
 * Another example of a valid function that has no ROM support is the use
228
 * of the alternate video page for page-flipping animation. Since there
229
 * is no ROM call to flip pages, it is necessary to go play with the
230
 * right bit in the VIA chip (6522 Versatile Interface Adapter).
231
 * [CSA: don't know which one this is, but it's one of 'em!]
232
 */
233


234
/*
235
 *    6522 registers - see databook.
236
 * CSA: Assignments for VIA1 confirmed from CHRP spec.
237
 */
238


239
/* partial address decode.  0xYYXX : XX part for RBV, YY part for VIA */
240
/* Note: 15 VIA regs, 8 RBV regs */
241


242
#define vBufB    0x0000  /* [VIA/RBV]  Register B */
243
#define vBufAH   0x0200  /* [VIA only] Buffer A, with handshake. DON'T USE! */
244
#define vDirB    0x0400  /* [VIA only] Data Direction Register B. */
245
#define vDirA    0x0600  /* [VIA only] Data Direction Register A. */
246
#define vT1CL    0x0800  /* [VIA only] Timer one counter low. */
247
#define vT1CH    0x0a00  /* [VIA only] Timer one counter high. */
248
#define vT1LL    0x0c00  /* [VIA only] Timer one latches low. */
249
#define vT1LH    0x0e00  /* [VIA only] Timer one latches high. */
250
#define vT2CL    0x1000  /* [VIA only] Timer two counter low. */
251
#define vT2CH    0x1200  /* [VIA only] Timer two counter high. */
252
#define vSR      0x1400  /* [VIA only] Shift register. */
253
#define vACR     0x1600  /* [VIA only] Auxiliary control register. */
254
#define vPCR     0x1800  /* [VIA only] Peripheral control register. */
255
                         /*
256
                          *           CHRP sez never ever to *write* this.
257
                          *            Mac family says never to *change* this.
258
                          * In fact we need to initialize it once at start.
259
                          */
260
#define vIFR     0x1a00  /* [VIA/RBV]  Interrupt flag register. */
261
#define vIER     0x1c00  /* [VIA/RBV]  Interrupt enable register. */
262
#define vBufA    0x1e00  /* [VIA/RBV] register A (no handshake) */
263


264
/* from linux 2.6 drivers/macintosh/via-macii.c */
265


266
/* Bits in ACR */
267


268
#define VIA1ACR_vShiftCtrl         0x1c        /* Shift register control bits */
269
#define VIA1ACR_vShiftExtClk       0x0c        /* Shift on external clock */
270
#define VIA1ACR_vShiftOut          0x10        /* Shift out if 1 */
271


272
/*
273
 * Apple Macintosh Family Hardware Refenece
274
 * Table 19-10 ADB transaction states
275
 */
276


277
#define ADB_STATE_NEW       0
278
#define ADB_STATE_EVEN      1
279
#define ADB_STATE_ODD       2
280
#define ADB_STATE_IDLE      3
281


282
#define VIA1B_vADB_StateMask    (VIA1B_vADBS1 | VIA1B_vADBS2)
283
#define VIA1B_vADB_StateShift   4
284


285
#define VIA_TIMER_FREQ (783360)
286
#define VIA_ADB_POLL_FREQ 50 /* XXX: not real */
287


288
/*
289
 * Guide to the Macintosh Family Hardware ch. 12 "Displays" p. 401 gives the
290
 * precise 60Hz interrupt frequency as ~60.15Hz with a period of 16625.8 us
291
 */
292
#define VIA_60HZ_TIMER_PERIOD_NS   16625800
293


294
/* VIA returns time offset from Jan 1, 1904, not 1970 */
295
#define RTC_OFFSET 2082844800
296


297
enum {
298
    REG_0,
299
    REG_1,
300
    REG_2,
301
    REG_3,
302
    REG_TEST,
303
    REG_WPROTECT,
304
    REG_PRAM_ADDR,
305
    REG_PRAM_ADDR_LAST = REG_PRAM_ADDR + 19,
306
    REG_PRAM_SECT,
307
    REG_PRAM_SECT_LAST = REG_PRAM_SECT + 7,
308
    REG_INVALID,
309
    REG_EMPTY = 0xff,
310
};
311


312
static void via1_sixty_hz_update(MOS6522Q800VIA1State *v1s)
313
{
314
    /* 60 Hz irq */
315
    v1s->next_sixty_hz = (qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) +
316
                          VIA_60HZ_TIMER_PERIOD_NS) /
317
                          VIA_60HZ_TIMER_PERIOD_NS * VIA_60HZ_TIMER_PERIOD_NS;
318
    timer_mod(v1s->sixty_hz_timer, v1s->next_sixty_hz);
319
}
320


321
static void via1_one_second_update(MOS6522Q800VIA1State *v1s)
322
{
323
    v1s->next_second = (qemu_clock_get_ms(QEMU_CLOCK_VIRTUAL) + 1000) /
324
                       1000 * 1000;
325
    timer_mod(v1s->one_second_timer, v1s->next_second);
326
}
327


328
static void via1_sixty_hz(void *opaque)
329
{
330
    MOS6522Q800VIA1State *v1s = opaque;
331
    MOS6522State *s = MOS6522(v1s);
332
    qemu_irq irq = qdev_get_gpio_in(DEVICE(s), VIA1_IRQ_60HZ_BIT);
333


334
    /* Negative edge trigger */
335
    qemu_irq_lower(irq);
336
    qemu_irq_raise(irq);
337


338
    via1_sixty_hz_update(v1s);
339
}
340


341
static void via1_one_second(void *opaque)
342
{
343
    MOS6522Q800VIA1State *v1s = opaque;
344
    MOS6522State *s = MOS6522(v1s);
345
    qemu_irq irq = qdev_get_gpio_in(DEVICE(s), VIA1_IRQ_ONE_SECOND_BIT);
346


347
    /* Negative edge trigger */
348
    qemu_irq_lower(irq);
349
    qemu_irq_raise(irq);
350


351
    via1_one_second_update(v1s);
352
}
353


354


355
static void pram_update(MOS6522Q800VIA1State *v1s)
356
{
357
    if (v1s->blk) {
358
        if (blk_pwrite(v1s->blk, 0, sizeof(v1s->PRAM), v1s->PRAM, 0) < 0) {
359
            qemu_log("pram_update: cannot write to file\n");
360
        }
361
    }
362
}
363


364
/*
365
 * RTC Commands
366
 *
367
 * Command byte    Register addressed by the command
368
 *
369
 * z00x0001        Seconds register 0 (lowest-order byte)
370
 * z00x0101        Seconds register 1
371
 * z00x1001        Seconds register 2
372
 * z00x1101        Seconds register 3 (highest-order byte)
373
 * 00110001        Test register (write-only)
374
 * 00110101        Write-Protect Register (write-only)
375
 * z010aa01        RAM address 100aa ($10-$13) (first 20 bytes only)
376
 * z1aaaa01        RAM address 0aaaa ($00-$0F) (first 20 bytes only)
377
 * z0111aaa        Extended memory designator and sector number
378
 *
379
 * For a read request, z=1, for a write z=0
380
 * The letter x indicates don't care
381
 * The letter a indicates bits whose value depend on what parameter
382
 * RAM byte you want to address
383
 */
384
static int via1_rtc_compact_cmd(uint8_t value)
385
{
386
    uint8_t read = value & 0x80;
387


388
    value &= 0x7f;
389


390
    /* the last 2 bits of a command byte must always be 0b01 ... */
391
    if ((value & 0x78) == 0x38) {
392
        /* except for the extended memory designator */
393
        return read | (REG_PRAM_SECT + (value & 0x07));
394
    }
395
    if ((value & 0x03) == 0x01) {
396
        value >>= 2;
397
        if ((value & 0x18) == 0) {
398
            /* seconds registers */
399
            return read | (REG_0 + (value & 0x03));
400
        } else if ((value == 0x0c) && !read) {
401
            return REG_TEST;
402
        } else if ((value == 0x0d) && !read) {
403
            return REG_WPROTECT;
404
        } else if ((value & 0x1c) == 0x08) {
405
            /* RAM address 0x10 to 0x13 */
406
            return read | (REG_PRAM_ADDR + 0x10 + (value & 0x03));
407
        } else if ((value & 0x10) == 0x10) {
408
            /* RAM address 0x00 to 0x0f */
409
            return read | (REG_PRAM_ADDR + (value & 0x0f));
410
        }
411
    }
412
    return REG_INVALID;
413
}
414


415
static void via1_rtc_update(MOS6522Q800VIA1State *v1s)
416
{
417
    MOS6522State *s = MOS6522(v1s);
418
    int cmd, sector, addr;
419
    uint32_t time;
420


421
    if (s->b & VIA1B_vRTCEnb) {
422
        return;
423
    }
424


425
    if (s->dirb & VIA1B_vRTCData) {
426
        /* send bits to the RTC */
427
        if (!(v1s->last_b & VIA1B_vRTCClk) && (s->b & VIA1B_vRTCClk)) {
428
            v1s->data_out <<= 1;
429
            v1s->data_out |= s->b & VIA1B_vRTCData;
430
            v1s->data_out_cnt++;
431
        }
432
        trace_via1_rtc_update_data_out(v1s->data_out_cnt, v1s->data_out);
433
    } else {
434
        trace_via1_rtc_update_data_in(v1s->data_in_cnt, v1s->data_in);
435
        /* receive bits from the RTC */
436
        if ((v1s->last_b & VIA1B_vRTCClk) &&
437
            !(s->b & VIA1B_vRTCClk) &&
438
            v1s->data_in_cnt) {
439
            s->b = (s->b & ~VIA1B_vRTCData) |
440
                   ((v1s->data_in >> 7) & VIA1B_vRTCData);
441
            v1s->data_in <<= 1;
442
            v1s->data_in_cnt--;
443
        }
444
        return;
445
    }
446


447
    if (v1s->data_out_cnt != 8) {
448
        return;
449
    }
450


451
    v1s->data_out_cnt = 0;
452


453
    trace_via1_rtc_internal_status(v1s->cmd, v1s->alt, v1s->data_out);
454
    /* first byte: it's a command */
455
    if (v1s->cmd == REG_EMPTY) {
456


457
        cmd = via1_rtc_compact_cmd(v1s->data_out);
458
        trace_via1_rtc_internal_cmd(cmd);
459


460
        if (cmd == REG_INVALID) {
461
            trace_via1_rtc_cmd_invalid(v1s->data_out);
462
            return;
463
        }
464


465
        if (cmd & 0x80) { /* this is a read command */
466
            switch (cmd & 0x7f) {
467
            case REG_0...REG_3: /* seconds registers */
468
                /*
469
                 * register 0 is lowest-order byte
470
                 * register 3 is highest-order byte
471
                 */
472


473
                time = v1s->tick_offset + (qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL)
474
                       / NANOSECONDS_PER_SECOND);
475
                trace_via1_rtc_internal_time(time);
476
                v1s->data_in = (time >> ((cmd & 0x03) << 3)) & 0xff;
477
                v1s->data_in_cnt = 8;
478
                trace_via1_rtc_cmd_seconds_read((cmd & 0x7f) - REG_0,
479
                                                v1s->data_in);
480
                break;
481
            case REG_PRAM_ADDR...REG_PRAM_ADDR_LAST:
482
                /* PRAM address 0x00 -> 0x13 */
483
                v1s->data_in = v1s->PRAM[(cmd & 0x7f) - REG_PRAM_ADDR];
484
                v1s->data_in_cnt = 8;
485
                trace_via1_rtc_cmd_pram_read((cmd & 0x7f) - REG_PRAM_ADDR,
486
                                             v1s->data_in);
487
                break;
488
            case REG_PRAM_SECT...REG_PRAM_SECT_LAST:
489
                /*
490
                 * extended memory designator and sector number
491
                 * the only two-byte read command
492
                 */
493
                trace_via1_rtc_internal_set_cmd(cmd);
494
                v1s->cmd = cmd;
495
                break;
496
            default:
497
                g_assert_not_reached();
498
                break;
499
            }
500
            return;
501
        }
502


503
        /* this is a write command, needs a parameter */
504
        if (cmd == REG_WPROTECT || !v1s->wprotect) {
505
            trace_via1_rtc_internal_set_cmd(cmd);
506
            v1s->cmd = cmd;
507
        } else {
508
            trace_via1_rtc_internal_ignore_cmd(cmd);
509
        }
510
        return;
511
    }
512


513
    /* second byte: it's a parameter */
514
    if (v1s->alt == REG_EMPTY) {
515
        switch (v1s->cmd & 0x7f) {
516
        case REG_0...REG_3: /* seconds register */
517
            /* FIXME */
518
            trace_via1_rtc_cmd_seconds_write(v1s->cmd - REG_0, v1s->data_out);
519
            v1s->cmd = REG_EMPTY;
520
            break;
521
        case REG_TEST:
522
            /* device control: nothing to do */
523
            trace_via1_rtc_cmd_test_write(v1s->data_out);
524
            v1s->cmd = REG_EMPTY;
525
            break;
526
        case REG_WPROTECT:
527
            /* Write Protect register */
528
            trace_via1_rtc_cmd_wprotect_write(v1s->data_out);
529
            v1s->wprotect = !!(v1s->data_out & 0x80);
530
            v1s->cmd = REG_EMPTY;
531
            break;
532
        case REG_PRAM_ADDR...REG_PRAM_ADDR_LAST:
533
            /* PRAM address 0x00 -> 0x13 */
534
            trace_via1_rtc_cmd_pram_write(v1s->cmd - REG_PRAM_ADDR,
535
                                          v1s->data_out);
536
            v1s->PRAM[v1s->cmd - REG_PRAM_ADDR] = v1s->data_out;
537
            pram_update(v1s);
538
            v1s->cmd = REG_EMPTY;
539
            break;
540
        case REG_PRAM_SECT...REG_PRAM_SECT_LAST:
541
            addr = (v1s->data_out >> 2) & 0x1f;
542
            sector = (v1s->cmd & 0x7f) - REG_PRAM_SECT;
543
            if (v1s->cmd & 0x80) {
544
                /* it's a read */
545
                v1s->data_in = v1s->PRAM[sector * 32 + addr];
546
                v1s->data_in_cnt = 8;
547
                trace_via1_rtc_cmd_pram_sect_read(sector, addr,
548
                                                  sector * 32 + addr,
549
                                                  v1s->data_in);
550
                v1s->cmd = REG_EMPTY;
551
            } else {
552
                /* it's a write, we need one more parameter */
553
                trace_via1_rtc_internal_set_alt(addr, sector, addr);
554
                v1s->alt = addr;
555
            }
556
            break;
557
        default:
558
            g_assert_not_reached();
559
            break;
560
        }
561
        return;
562
    }
563


564
    /* third byte: it's the data of a REG_PRAM_SECT write */
565
    g_assert(REG_PRAM_SECT <= v1s->cmd && v1s->cmd <= REG_PRAM_SECT_LAST);
566
    sector = v1s->cmd - REG_PRAM_SECT;
567
    v1s->PRAM[sector * 32 + v1s->alt] = v1s->data_out;
568
    pram_update(v1s);
569
    trace_via1_rtc_cmd_pram_sect_write(sector, v1s->alt, sector * 32 + v1s->alt,
570
                                       v1s->data_out);
571
    v1s->alt = REG_EMPTY;
572
    v1s->cmd = REG_EMPTY;
573
}
574


575
static void adb_via_poll(void *opaque)
576
{
577
    MOS6522Q800VIA1State *v1s = MOS6522_Q800_VIA1(opaque);
578
    MOS6522State *s = MOS6522(v1s);
579
    ADBBusState *adb_bus = &v1s->adb_bus;
580
    uint8_t obuf[9];
581
    uint8_t *data = &s->sr;
582
    int olen;
583


584
    /*
585
     * Setting vADBInt below indicates that an autopoll reply has been
586
     * received, however we must block autopoll until the point where
587
     * the entire reply has been read back to the host
588
     */
589
    adb_autopoll_block(adb_bus);
590


591
    if (v1s->adb_data_in_size > 0 && v1s->adb_data_in_index == 0) {
592
        /*
593
         * For older Linux kernels that switch to IDLE mode after sending the
594
         * ADB command, detect if there is an existing response and return that
595
         * as a "fake" autopoll reply or bus timeout accordingly
596
         */
597
        *data = v1s->adb_data_out[0];
598
        olen = v1s->adb_data_in_size;
599


600
        s->b &= ~VIA1B_vADBInt;
601
        qemu_irq_raise(v1s->adb_data_ready);
602
    } else {
603
        /*
604
         * Otherwise poll as normal
605
         */
606
        v1s->adb_data_in_index = 0;
607
        v1s->adb_data_out_index = 0;
608
        olen = adb_poll(adb_bus, obuf, adb_bus->autopoll_mask);
609


610
        if (olen > 0) {
611
            /* Autopoll response */
612
            *data = obuf[0];
613
            olen--;
614
            memcpy(v1s->adb_data_in, &obuf[1], olen);
615
            v1s->adb_data_in_size = olen;
616


617
            s->b &= ~VIA1B_vADBInt;
618
            qemu_irq_raise(v1s->adb_data_ready);
619
        } else {
620
            *data = v1s->adb_autopoll_cmd;
621
            obuf[0] = 0xff;
622
            obuf[1] = 0xff;
623
            olen = 2;
624


625
            memcpy(v1s->adb_data_in, obuf, olen);
626
            v1s->adb_data_in_size = olen;
627


628
            s->b &= ~VIA1B_vADBInt;
629
            qemu_irq_raise(v1s->adb_data_ready);
630
        }
631
    }
632


633
    trace_via1_adb_poll(*data, (s->b & VIA1B_vADBInt) ? "+" : "-",
634
                        adb_bus->status, v1s->adb_data_in_index, olen);
635
}
636


637
static int adb_via_send_len(uint8_t data)
638
{
639
    /* Determine the send length from the given ADB command */
640
    uint8_t cmd = data & 0xc;
641
    uint8_t reg = data & 0x3;
642


643
    switch (cmd) {
644
    case 0x8:
645
        /* Listen command */
646
        switch (reg) {
647
        case 2:
648
            /* Register 2 is only used for the keyboard */
649
            return 3;
650
        case 3:
651
            /*
652
             * Fortunately our devices only implement writes
653
             * to register 3 which is fixed at 2 bytes
654
             */
655
            return 3;
656
        default:
657
            qemu_log_mask(LOG_UNIMP, "ADB unknown length for register %d\n",
658
                          reg);
659
            return 1;
660
        }
661
    default:
662
        /* Talk, BusReset */
663
        return 1;
664
    }
665
}
666


667
static void adb_via_send(MOS6522Q800VIA1State *v1s, int state, uint8_t data)
668
{
669
    MOS6522State *ms = MOS6522(v1s);
670
    ADBBusState *adb_bus = &v1s->adb_bus;
671
    uint16_t autopoll_mask;
672


673
    switch (state) {
674
    case ADB_STATE_NEW:
675
        /*
676
         * Command byte: vADBInt tells host autopoll data already present
677
         * in VIA shift register and ADB transceiver
678
         */
679
        adb_autopoll_block(adb_bus);
680


681
        if (adb_bus->status & ADB_STATUS_POLLREPLY) {
682
            /* Tell the host the existing data is from autopoll */
683
            ms->b &= ~VIA1B_vADBInt;
684
        } else {
685
            ms->b |= VIA1B_vADBInt;
686
            v1s->adb_data_out_index = 0;
687
            v1s->adb_data_out[v1s->adb_data_out_index++] = data;
688
        }
689


690
        trace_via1_adb_send(" NEW", data, (ms->b & VIA1B_vADBInt) ? "+" : "-");
691
        qemu_irq_raise(v1s->adb_data_ready);
692
        break;
693


694
    case ADB_STATE_EVEN:
695
    case ADB_STATE_ODD:
696
        ms->b |= VIA1B_vADBInt;
697
        v1s->adb_data_out[v1s->adb_data_out_index++] = data;
698


699
        trace_via1_adb_send(state == ADB_STATE_EVEN ? "EVEN" : " ODD",
700
                            data, (ms->b & VIA1B_vADBInt) ? "+" : "-");
701
        qemu_irq_raise(v1s->adb_data_ready);
702
        break;
703


704
    case ADB_STATE_IDLE:
705
        ms->b |= VIA1B_vADBInt;
706
        adb_autopoll_unblock(adb_bus);
707


708
        trace_via1_adb_send("IDLE", data,
709
                            (ms->b & VIA1B_vADBInt) ? "+" : "-");
710


711
        return;
712
    }
713


714
    /* If the command is complete, execute it */
715
    if (v1s->adb_data_out_index == adb_via_send_len(v1s->adb_data_out[0])) {
716
        v1s->adb_data_in_size = adb_request(adb_bus, v1s->adb_data_in,
717
                                            v1s->adb_data_out,
718
                                            v1s->adb_data_out_index);
719
        v1s->adb_data_in_index = 0;
720


721
        if (adb_bus->status & ADB_STATUS_BUSTIMEOUT) {
722
            /*
723
             * Bus timeout (but allow first EVEN and ODD byte to indicate
724
             * timeout via vADBInt and SRQ status)
725
             */
726
            v1s->adb_data_in[0] = 0xff;
727
            v1s->adb_data_in[1] = 0xff;
728
            v1s->adb_data_in_size = 2;
729
        }
730


731
        /*
732
         * If last command is TALK, store it for use by autopoll and adjust
733
         * the autopoll mask accordingly
734
         */
735
        if ((v1s->adb_data_out[0] & 0xc) == 0xc) {
736
            v1s->adb_autopoll_cmd = v1s->adb_data_out[0];
737


738
            autopoll_mask = 1 << (v1s->adb_autopoll_cmd >> 4);
739
            adb_set_autopoll_mask(adb_bus, autopoll_mask);
740
        }
741
    }
742
}
743


744
static void adb_via_receive(MOS6522Q800VIA1State *v1s, int state, uint8_t *data)
745
{
746
    MOS6522State *ms = MOS6522(v1s);
747
    ADBBusState *adb_bus = &v1s->adb_bus;
748
    uint16_t pending;
749


750
    switch (state) {
751
    case ADB_STATE_NEW:
752
        ms->b |= VIA1B_vADBInt;
753
        return;
754


755
    case ADB_STATE_IDLE:
756
        ms->b |= VIA1B_vADBInt;
757
        adb_autopoll_unblock(adb_bus);
758


759
        trace_via1_adb_receive("IDLE", *data,
760
                        (ms->b & VIA1B_vADBInt) ? "+" : "-", adb_bus->status,
761
                        v1s->adb_data_in_index, v1s->adb_data_in_size);
762


763
        break;
764


765
    case ADB_STATE_EVEN:
766
    case ADB_STATE_ODD:
767
        switch (v1s->adb_data_in_index) {
768
        case 0:
769
            /* First EVEN byte: vADBInt indicates bus timeout */
770
            *data = v1s->adb_data_in[v1s->adb_data_in_index];
771
            if (adb_bus->status & ADB_STATUS_BUSTIMEOUT) {
772
                ms->b &= ~VIA1B_vADBInt;
773
            } else {
774
                ms->b |= VIA1B_vADBInt;
775
            }
776


777
            trace_via1_adb_receive(state == ADB_STATE_EVEN ? "EVEN" : " ODD",
778
                                   *data, (ms->b & VIA1B_vADBInt) ? "+" : "-",
779
                                   adb_bus->status, v1s->adb_data_in_index,
780
                                   v1s->adb_data_in_size);
781


782
            v1s->adb_data_in_index++;
783
            break;
784


785
        case 1:
786
            /* First ODD byte: vADBInt indicates SRQ */
787
            *data = v1s->adb_data_in[v1s->adb_data_in_index];
788
            pending = adb_bus->pending & ~(1 << (v1s->adb_autopoll_cmd >> 4));
789
            if (pending) {
790
                ms->b &= ~VIA1B_vADBInt;
791
            } else {
792
                ms->b |= VIA1B_vADBInt;
793
            }
794


795
            trace_via1_adb_receive(state == ADB_STATE_EVEN ? "EVEN" : " ODD",
796
                                   *data, (ms->b & VIA1B_vADBInt) ? "+" : "-",
797
                                   adb_bus->status, v1s->adb_data_in_index,
798
                                   v1s->adb_data_in_size);
799


800
            v1s->adb_data_in_index++;
801
            break;
802


803
        default:
804
            /*
805
             * Otherwise vADBInt indicates end of data. Note that Linux
806
             * specifically checks for the sequence 0x0 0xff to confirm the
807
             * end of the poll reply, so provide these extra bytes below to
808
             * keep it happy
809
             */
810
            if (v1s->adb_data_in_index < v1s->adb_data_in_size) {
811
                /* Next data byte */
812
                *data = v1s->adb_data_in[v1s->adb_data_in_index];
813
                ms->b |= VIA1B_vADBInt;
814
            } else if (v1s->adb_data_in_index == v1s->adb_data_in_size) {
815
                if (adb_bus->status & ADB_STATUS_BUSTIMEOUT) {
816
                    /* Bus timeout (no more data) */
817
                    *data = 0xff;
818
                } else {
819
                    /* Return 0x0 after reply */
820
                    *data = 0;
821
                }
822
                ms->b &= ~VIA1B_vADBInt;
823
            } else {
824
                /* Bus timeout (no more data) */
825
                *data = 0xff;
826
                ms->b &= ~VIA1B_vADBInt;
827
                adb_bus->status = 0;
828
                adb_autopoll_unblock(adb_bus);
829
            }
830


831
            trace_via1_adb_receive(state == ADB_STATE_EVEN ? "EVEN" : " ODD",
832
                                   *data, (ms->b & VIA1B_vADBInt) ? "+" : "-",
833
                                   adb_bus->status, v1s->adb_data_in_index,
834
                                   v1s->adb_data_in_size);
835


836
            if (v1s->adb_data_in_index <= v1s->adb_data_in_size) {
837
                v1s->adb_data_in_index++;
838
            }
839
            break;
840
        }
841


842
        qemu_irq_raise(v1s->adb_data_ready);
843
        break;
844
    }
845
}
846


847
static void via1_adb_update(MOS6522Q800VIA1State *v1s)
848
{
849
    MOS6522State *s = MOS6522(v1s);
850
    int oldstate, state;
851


852
    oldstate = (v1s->last_b & VIA1B_vADB_StateMask) >> VIA1B_vADB_StateShift;
853
    state = (s->b & VIA1B_vADB_StateMask) >> VIA1B_vADB_StateShift;
854


855
    if (state != oldstate) {
856
        if (s->acr & VIA1ACR_vShiftOut) {
857
            /* output mode */
858
            adb_via_send(v1s, state, s->sr);
859
        } else {
860
            /* input mode */
861
            adb_via_receive(v1s, state, &s->sr);
862
        }
863
    }
864
}
865


866
static void via1_auxmode_update(MOS6522Q800VIA1State *v1s)
867
{
868
    MOS6522State *s = MOS6522(v1s);
869
    int oldirq, irq;
870


871
    oldirq = (v1s->last_b & VIA1B_vMystery) ? 1 : 0;
872
    irq = (s->b & VIA1B_vMystery) ? 1 : 0;
873


874
    /* Check to see if the A/UX mode bit has changed */
875
    if (irq != oldirq) {
876
        trace_via1_auxmode(irq);
877
        qemu_set_irq(v1s->auxmode_irq, irq);
878


879
        /*
880
         * Clear the ADB interrupt. MacOS can leave VIA1B_vADBInt asserted
881
         * (low) if a poll sequence doesn't complete before NetBSD disables
882
         * interrupts upon boot. Fortunately NetBSD switches to the so-called
883
         * "A/UX" interrupt mode after it initialises, so we can use this as
884
         * a convenient place to clear the ADB interrupt for now.
885
         */
886
        s->b |= VIA1B_vADBInt;
887
    }
888
}
889


890
/*
891
 * Addresses and real values for TimeDBRA/TimeSCCB to allow timer calibration
892
 * to succeed (NOTE: both values have been multiplied by 3 to cope with the
893
 * speed of QEMU execution on a modern host
894
 */
895
#define MACOS_TIMEDBRA        0xd00
896
#define MACOS_TIMESCCB        0xd02
897


898
#define MACOS_TIMEDBRA_VALUE  (0x2a00 * 3)
899
#define MACOS_TIMESCCB_VALUE  (0x079d * 3)
900


901
static bool via1_is_toolbox_timer_calibrated(void)
902
{
903
    /*
904
     * Indicate whether the MacOS toolbox has been calibrated by checking
905
     * for the value of our magic constants
906
     */
907
    uint16_t timedbra = lduw_be_phys(&address_space_memory, MACOS_TIMEDBRA);
908
    uint16_t timesccdb = lduw_be_phys(&address_space_memory, MACOS_TIMESCCB);
909


910
    return (timedbra == MACOS_TIMEDBRA_VALUE &&
911
            timesccdb == MACOS_TIMESCCB_VALUE);
912
}
913


914
static void via1_timer_calibration_hack(MOS6522Q800VIA1State *v1s, int addr,
915
                                        uint64_t val, int size)
916
{
917
    /*
918
     * Work around timer calibration to ensure we that we have non-zero and
919
     * known good values for TIMEDRBA and TIMESCCDB.
920
     *
921
     * This works by attempting to detect the reset and calibration sequence
922
     * of writes to VIA1
923
     */
924
    int old_timer_hack_state = v1s->timer_hack_state;
925


926
    switch (v1s->timer_hack_state) {
927
    case 0:
928
        if (addr == VIA_REG_PCR && val == 0x22) {
929
            /* VIA_REG_PCR: configure VIA1 edge triggering */
930
            v1s->timer_hack_state = 1;
931
        }
932
        break;
933
    case 1:
934
        if (addr == VIA_REG_T2CL && val == 0xc) {
935
            /* VIA_REG_T2CL: low byte of 1ms counter */
936
            if (!via1_is_toolbox_timer_calibrated()) {
937
                v1s->timer_hack_state = 2;
938
            } else {
939
                v1s->timer_hack_state = 0;
940
            }
941
        }
942
        break;
943
    case 2:
944
        if (addr == VIA_REG_T2CH && val == 0x3) {
945
            /*
946
             * VIA_REG_T2CH: high byte of 1ms counter (very likely at the
947
             * start of SETUPTIMEK)
948
             */
949
            if (!via1_is_toolbox_timer_calibrated()) {
950
                v1s->timer_hack_state = 3;
951
            } else {
952
                v1s->timer_hack_state = 0;
953
            }
954
        }
955
        break;
956
    case 3:
957
        if (addr == VIA_REG_IER && val == 0x20) {
958
            /*
959
             * VIA_REG_IER: update at end of SETUPTIMEK
960
             *
961
             * Timer calibration has finished: unfortunately the values in
962
             * TIMEDBRA (0xd00) and TIMESCCDB (0xd02) are so far out they
963
             * cause divide by zero errors.
964
             *
965
             * Update them with values obtained from a real Q800 but with
966
             * a x3 scaling factor which seems to work well
967
             */
968
            stw_be_phys(&address_space_memory, MACOS_TIMEDBRA,
969
                        MACOS_TIMEDBRA_VALUE);
970
            stw_be_phys(&address_space_memory, MACOS_TIMESCCB,
971
                        MACOS_TIMESCCB_VALUE);
972


973
            v1s->timer_hack_state = 4;
974
        }
975
        break;
976
    case 4:
977
        /*
978
         * This is the normal post-calibration timer state: we should
979
         * generally remain here unless we detect the A/UX calibration
980
         * loop, or a write to VIA_REG_PCR suggesting a reset
981
         */
982
        if (addr == VIA_REG_PCR && val == 0x22) {
983
            /* Looks like there has been a reset? */
984
            v1s->timer_hack_state = 1;
985
        }
986


987
        if (addr == VIA_REG_T2CL && val == 0xf0) {
988
            /* VIA_REG_T2CL: low byte of counter (A/UX) */
989
            v1s->timer_hack_state = 5;
990
        }
991
        break;
992
    case 5:
993
        if (addr == VIA_REG_T2CH && val == 0x3c) {
994
            /*
995
             * VIA_REG_T2CH: high byte of counter (A/UX). We are now extremely
996
             * likely to be in the A/UX timer calibration routine, so move to
997
             * the next state where we enable the calibration hack.
998
             */
999
            v1s->timer_hack_state = 6;
1000
        } else if ((addr == VIA_REG_IER && val == 0x20) ||
1001
                   addr == VIA_REG_T2CH) {
1002
            /* We're doing something else with the timer, not calibration */
1003
            v1s->timer_hack_state = 0;
1004
        }
1005
        break;
1006
    case 6:
1007
        if ((addr == VIA_REG_IER && val == 0x20) || addr == VIA_REG_T2CH) {
1008
            /* End of A/UX timer calibration routine, or another write */
1009
            v1s->timer_hack_state = 7;
1010
        } else {
1011
            v1s->timer_hack_state = 0;
1012
        }
1013
        break;
1014
    case 7:
1015
        /*
1016
         * This is the normal post-calibration timer state once both the
1017
         * MacOS toolbox and A/UX have been calibrated, until we see a write
1018
         * to VIA_REG_PCR to suggest a reset
1019
         */
1020
        if (addr == VIA_REG_PCR && val == 0x22) {
1021
            /* Looks like there has been a reset? */
1022
            v1s->timer_hack_state = 1;
1023
        }
1024
        break;
1025
    default:
1026
        g_assert_not_reached();
1027
    }
1028


1029
    if (old_timer_hack_state != v1s->timer_hack_state) {
1030
        trace_via1_timer_hack_state(v1s->timer_hack_state);
1031
    }
1032
}
1033


1034
static uint64_t mos6522_q800_via1_read(void *opaque, hwaddr addr, unsigned size)
1035
{
1036
    MOS6522Q800VIA1State *s = MOS6522_Q800_VIA1(opaque);
1037
    MOS6522State *ms = MOS6522(s);
1038
    uint64_t ret;
1039
    int64_t now;
1040


1041
    addr = (addr >> 9) & 0xf;
1042
    ret = mos6522_read(ms, addr, size);
1043
    switch (addr) {
1044
    case VIA_REG_A:
1045
    case VIA_REG_ANH:
1046
        /* Quadra 800 Id */
1047
        ret = (ret & ~VIA1A_CPUID_MASK) | VIA1A_CPUID_Q800;
1048
        break;
1049
    case VIA_REG_T2CH:
1050
        if (s->timer_hack_state == 6) {
1051
            /*
1052
             * The A/UX timer calibration loop runs continuously until 2
1053
             * consecutive iterations differ by at least 0x492 timer ticks.
1054
             * Modern hosts execute the timer calibration loop so fast that
1055
             * this situation never occurs causing a hang on boot. Use a
1056
             * similar method to Shoebill which is to randomly add 0x500 to
1057
             * the T2 counter value during calibration to enable it to
1058
             * eventually succeed.
1059
             */
1060
            now = qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL);
1061
            if (now & 1) {
1062
                ret += 0x5;
1063
            }
1064
        }
1065
        break;
1066
    }
1067
    return ret;
1068
}
1069


1070
static void mos6522_q800_via1_write(void *opaque, hwaddr addr, uint64_t val,
1071
                                    unsigned size)
1072
{
1073
    MOS6522Q800VIA1State *v1s = MOS6522_Q800_VIA1(opaque);
1074
    MOS6522State *ms = MOS6522(v1s);
1075
    int oldstate, state;
1076
    int oldsr = ms->sr;
1077


1078
    addr = (addr >> 9) & 0xf;
1079


1080
    via1_timer_calibration_hack(v1s, addr, val, size);
1081


1082
    mos6522_write(ms, addr, val, size);
1083


1084
    switch (addr) {
1085
    case VIA_REG_B:
1086
        via1_rtc_update(v1s);
1087
        via1_adb_update(v1s);
1088
        via1_auxmode_update(v1s);
1089


1090
        v1s->last_b = ms->b;
1091
        break;
1092


1093
    case VIA_REG_SR:
1094
        {
1095
            /*
1096
             * NetBSD assumes it can send its first ADB command after sending
1097
             * the ADB_BUSRESET command in ADB_STATE_NEW without changing the
1098
             * state back to ADB_STATE_IDLE first as detailed in the ADB
1099
             * protocol.
1100
             *
1101
             * Add a workaround to detect this condition at the start of ADB
1102
             * enumeration and send the next command written to SR after a
1103
             * ADB_BUSRESET onto the bus regardless, even if we don't detect a
1104
             * state transition to ADB_STATE_NEW.
1105
             *
1106
             * Note that in my tests the NetBSD state machine takes one ADB
1107
             * operation to recover which means the probe for an ADB device at
1108
             * address 1 always fails. However since the first device is at
1109
             * address 2 then this will work fine, without having to come up
1110
             * with a more complicated and invasive solution.
1111
             */
1112
            oldstate = (v1s->last_b & VIA1B_vADB_StateMask) >>
1113
                       VIA1B_vADB_StateShift;
1114
            state = (ms->b & VIA1B_vADB_StateMask) >> VIA1B_vADB_StateShift;
1115


1116
            if (oldstate == ADB_STATE_NEW && state == ADB_STATE_NEW &&
1117
                    (ms->acr & VIA1ACR_vShiftOut) &&
1118
                    oldsr == 0 /* ADB_BUSRESET */) {
1119
                trace_via1_adb_netbsd_enum_hack();
1120
                adb_via_send(v1s, state, ms->sr);
1121
            }
1122
        }
1123
        break;
1124
    }
1125
}
1126


1127
static const MemoryRegionOps mos6522_q800_via1_ops = {
1128
    .read = mos6522_q800_via1_read,
1129
    .write = mos6522_q800_via1_write,
1130
    .endianness = DEVICE_BIG_ENDIAN,
1131
    .valid = {
1132
        .min_access_size = 1,
1133
        .max_access_size = 4,
1134
    },
1135
};
1136


1137
static uint64_t mos6522_q800_via2_read(void *opaque, hwaddr addr, unsigned size)
1138
{
1139
    MOS6522Q800VIA2State *s = MOS6522_Q800_VIA2(opaque);
1140
    MOS6522State *ms = MOS6522(s);
1141
    uint64_t val;
1142


1143
    addr = (addr >> 9) & 0xf;
1144
    val = mos6522_read(ms, addr, size);
1145


1146
    switch (addr) {
1147
    case VIA_REG_IFR:
1148
        /*
1149
         * On a Q800 an emulated VIA2 is integrated into the onboard logic. The
1150
         * expectation of most OSs is that the DRQ bit is live, rather than
1151
         * latched as it would be on a real VIA so do the same here.
1152
         *
1153
         * Note: DRQ is negative edge triggered
1154
         */
1155
        val &= ~VIA2_IRQ_SCSI_DATA;
1156
        val |= (~ms->last_irq_levels & VIA2_IRQ_SCSI_DATA);
1157
        break;
1158
    }
1159


1160
    return val;
1161
}
1162


1163
static void mos6522_q800_via2_write(void *opaque, hwaddr addr, uint64_t val,
1164
                                    unsigned size)
1165
{
1166
    MOS6522Q800VIA2State *s = MOS6522_Q800_VIA2(opaque);
1167
    MOS6522State *ms = MOS6522(s);
1168


1169
    addr = (addr >> 9) & 0xf;
1170
    mos6522_write(ms, addr, val, size);
1171
}
1172


1173
static const MemoryRegionOps mos6522_q800_via2_ops = {
1174
    .read = mos6522_q800_via2_read,
1175
    .write = mos6522_q800_via2_write,
1176
    .endianness = DEVICE_BIG_ENDIAN,
1177
    .valid = {
1178
        .min_access_size = 1,
1179
        .max_access_size = 4,
1180
    },
1181
};
1182


1183
static void via1_postload_update_cb(void *opaque, bool running, RunState state)
1184
{
1185
    MOS6522Q800VIA1State *v1s = MOS6522_Q800_VIA1(opaque);
1186


1187
    qemu_del_vm_change_state_handler(v1s->vmstate);
1188
    v1s->vmstate = NULL;
1189


1190
    pram_update(v1s);
1191
}
1192


1193
static int via1_post_load(void *opaque, int version_id)
1194
{
1195
    MOS6522Q800VIA1State *v1s = MOS6522_Q800_VIA1(opaque);
1196


1197
    if (v1s->blk) {
1198
        v1s->vmstate = qemu_add_vm_change_state_handler(
1199
                           via1_postload_update_cb, v1s);
1200
    }
1201


1202
    return 0;
1203
}
1204


1205
/* VIA 1 */
1206
static void mos6522_q800_via1_reset_hold(Object *obj, ResetType type)
1207
{
1208
    MOS6522Q800VIA1State *v1s = MOS6522_Q800_VIA1(obj);
1209
    MOS6522State *ms = MOS6522(v1s);
1210
    MOS6522DeviceClass *mdc = MOS6522_GET_CLASS(ms);
1211
    ADBBusState *adb_bus = &v1s->adb_bus;
1212


1213
    if (mdc->parent_phases.hold) {
1214
        mdc->parent_phases.hold(obj, type);
1215
    }
1216


1217
    ms->timers[0].frequency = VIA_TIMER_FREQ;
1218
    ms->timers[1].frequency = VIA_TIMER_FREQ;
1219


1220
    ms->b = VIA1B_vADB_StateMask | VIA1B_vADBInt | VIA1B_vRTCEnb;
1221


1222
    /* ADB/RTC */
1223
    adb_set_autopoll_enabled(adb_bus, true);
1224
    v1s->cmd = REG_EMPTY;
1225
    v1s->alt = REG_EMPTY;
1226


1227
    /* Timer calibration hack */
1228
    v1s->timer_hack_state = 0;
1229
}
1230


1231
static void mos6522_q800_via1_realize(DeviceState *dev, Error **errp)
1232
{
1233
    MOS6522Q800VIA1State *v1s = MOS6522_Q800_VIA1(dev);
1234
    ADBBusState *adb_bus = &v1s->adb_bus;
1235
    struct tm tm;
1236
    int ret;
1237


1238
    v1s->one_second_timer = timer_new_ms(QEMU_CLOCK_VIRTUAL, via1_one_second,
1239
                                         v1s);
1240
    via1_one_second_update(v1s);
1241
    v1s->sixty_hz_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, via1_sixty_hz,
1242
                                       v1s);
1243
    via1_sixty_hz_update(v1s);
1244


1245
    qemu_get_timedate(&tm, 0);
1246
    v1s->tick_offset = (uint32_t)mktimegm(&tm) + RTC_OFFSET;
1247


1248
    adb_register_autopoll_callback(adb_bus, adb_via_poll, v1s);
1249
    v1s->adb_data_ready = qdev_get_gpio_in(dev, VIA1_IRQ_ADB_READY_BIT);
1250


1251
    if (v1s->blk) {
1252
        int64_t len = blk_getlength(v1s->blk);
1253
        if (len < 0) {
1254
            error_setg_errno(errp, -len,
1255
                             "could not get length of backing image");
1256
            return;
1257
        }
1258
        ret = blk_set_perm(v1s->blk,
1259
                           BLK_PERM_CONSISTENT_READ | BLK_PERM_WRITE,
1260
                           BLK_PERM_ALL, errp);
1261
        if (ret < 0) {
1262
            return;
1263
        }
1264


1265
        ret = blk_pread(v1s->blk, 0, sizeof(v1s->PRAM), v1s->PRAM, 0);
1266
        if (ret < 0) {
1267
            error_setg(errp, "can't read PRAM contents");
1268
            return;
1269
        }
1270
    }
1271
}
1272


1273
static void mos6522_q800_via1_init(Object *obj)
1274
{
1275
    MOS6522Q800VIA1State *v1s = MOS6522_Q800_VIA1(obj);
1276
    SysBusDevice *sbd = SYS_BUS_DEVICE(v1s);
1277


1278
    memory_region_init_io(&v1s->via_mem, obj, &mos6522_q800_via1_ops, v1s,
1279
                          "via1", VIA_SIZE);
1280
    sysbus_init_mmio(sbd, &v1s->via_mem);
1281


1282
    /* ADB */
1283
    qbus_init((BusState *)&v1s->adb_bus, sizeof(v1s->adb_bus),
1284
              TYPE_ADB_BUS, DEVICE(v1s), "adb.0");
1285


1286
    /* A/UX mode */
1287
    qdev_init_gpio_out(DEVICE(obj), &v1s->auxmode_irq, 1);
1288
}
1289


1290
static const VMStateDescription vmstate_q800_via1 = {
1291
    .name = "q800-via1",
1292
    .version_id = 0,
1293
    .minimum_version_id = 0,
1294
    .post_load = via1_post_load,
1295
    .fields = (const VMStateField[]) {
1296
        VMSTATE_STRUCT(parent_obj, MOS6522Q800VIA1State, 0, vmstate_mos6522,
1297
                       MOS6522State),
1298
        VMSTATE_UINT8(last_b, MOS6522Q800VIA1State),
1299
        /* RTC */
1300
        VMSTATE_BUFFER(PRAM, MOS6522Q800VIA1State),
1301
        VMSTATE_UINT32(tick_offset, MOS6522Q800VIA1State),
1302
        VMSTATE_UINT8(data_out, MOS6522Q800VIA1State),
1303
        VMSTATE_INT32(data_out_cnt, MOS6522Q800VIA1State),
1304
        VMSTATE_UINT8(data_in, MOS6522Q800VIA1State),
1305
        VMSTATE_UINT8(data_in_cnt, MOS6522Q800VIA1State),
1306
        VMSTATE_UINT8(cmd, MOS6522Q800VIA1State),
1307
        VMSTATE_INT32(wprotect, MOS6522Q800VIA1State),
1308
        VMSTATE_INT32(alt, MOS6522Q800VIA1State),
1309
        /* ADB */
1310
        VMSTATE_INT32(adb_data_in_size, MOS6522Q800VIA1State),
1311
        VMSTATE_INT32(adb_data_in_index, MOS6522Q800VIA1State),
1312
        VMSTATE_INT32(adb_data_out_index, MOS6522Q800VIA1State),
1313
        VMSTATE_BUFFER(adb_data_in, MOS6522Q800VIA1State),
1314
        VMSTATE_BUFFER(adb_data_out, MOS6522Q800VIA1State),
1315
        VMSTATE_UINT8(adb_autopoll_cmd, MOS6522Q800VIA1State),
1316
        /* Timers */
1317
        VMSTATE_TIMER_PTR(one_second_timer, MOS6522Q800VIA1State),
1318
        VMSTATE_INT64(next_second, MOS6522Q800VIA1State),
1319
        VMSTATE_TIMER_PTR(sixty_hz_timer, MOS6522Q800VIA1State),
1320
        VMSTATE_INT64(next_sixty_hz, MOS6522Q800VIA1State),
1321
        /* Timer hack */
1322
        VMSTATE_INT32(timer_hack_state, MOS6522Q800VIA1State),
1323
        VMSTATE_END_OF_LIST()
1324
    }
1325
};
1326


1327
static Property mos6522_q800_via1_properties[] = {
1328
    DEFINE_PROP_DRIVE("drive", MOS6522Q800VIA1State, blk),
1329
    DEFINE_PROP_END_OF_LIST(),
1330
};
1331


1332
static void mos6522_q800_via1_class_init(ObjectClass *oc, void *data)
1333
{
1334
    DeviceClass *dc = DEVICE_CLASS(oc);
1335
    ResettableClass *rc = RESETTABLE_CLASS(oc);
1336
    MOS6522DeviceClass *mdc = MOS6522_CLASS(oc);
1337


1338
    dc->realize = mos6522_q800_via1_realize;
1339
    resettable_class_set_parent_phases(rc, NULL, mos6522_q800_via1_reset_hold,
1340
                                       NULL, &mdc->parent_phases);
1341
    dc->vmsd = &vmstate_q800_via1;
1342
    device_class_set_props(dc, mos6522_q800_via1_properties);
1343
}
1344


1345
static const TypeInfo mos6522_q800_via1_type_info = {
1346
    .name = TYPE_MOS6522_Q800_VIA1,
1347
    .parent = TYPE_MOS6522,
1348
    .instance_size = sizeof(MOS6522Q800VIA1State),
1349
    .instance_init = mos6522_q800_via1_init,
1350
    .class_init = mos6522_q800_via1_class_init,
1351
};
1352


1353
/* VIA 2 */
1354
static void mos6522_q800_via2_portB_write(MOS6522State *s)
1355
{
1356
    if (s->dirb & VIA2B_vPower && (s->b & VIA2B_vPower) == 0) {
1357
        /* shutdown */
1358
        qemu_system_shutdown_request(SHUTDOWN_CAUSE_GUEST_SHUTDOWN);
1359
    }
1360
}
1361


1362
static void mos6522_q800_via2_reset_hold(Object *obj, ResetType type)
1363
{
1364
    MOS6522State *ms = MOS6522(obj);
1365
    MOS6522DeviceClass *mdc = MOS6522_GET_CLASS(ms);
1366


1367
    if (mdc->parent_phases.hold) {
1368
        mdc->parent_phases.hold(obj, type);
1369
    }
1370


1371
    ms->timers[0].frequency = VIA_TIMER_FREQ;
1372
    ms->timers[1].frequency = VIA_TIMER_FREQ;
1373


1374
    ms->dirb = 0;
1375
    ms->b = 0;
1376
    ms->dira = 0;
1377
    ms->a = 0x7f;
1378
}
1379


1380
static void via2_nubus_irq_request(void *opaque, int n, int level)
1381
{
1382
    MOS6522Q800VIA2State *v2s = opaque;
1383
    MOS6522State *s = MOS6522(v2s);
1384
    qemu_irq irq = qdev_get_gpio_in(DEVICE(s), VIA2_IRQ_NUBUS_BIT);
1385


1386
    if (level) {
1387
        /* Port A nubus IRQ inputs are active LOW */
1388
        s->a &= ~(1 << n);
1389
    } else {
1390
        s->a |= (1 << n);
1391
    }
1392


1393
    /* Negative edge trigger */
1394
    qemu_set_irq(irq, !level);
1395
}
1396


1397
static void mos6522_q800_via2_init(Object *obj)
1398
{
1399
    MOS6522Q800VIA2State *v2s = MOS6522_Q800_VIA2(obj);
1400
    SysBusDevice *sbd = SYS_BUS_DEVICE(v2s);
1401


1402
    memory_region_init_io(&v2s->via_mem, obj, &mos6522_q800_via2_ops, v2s,
1403
                          "via2", VIA_SIZE);
1404
    sysbus_init_mmio(sbd, &v2s->via_mem);
1405


1406
    qdev_init_gpio_in_named(DEVICE(obj), via2_nubus_irq_request, "nubus-irq",
1407
                            VIA2_NUBUS_IRQ_NB);
1408
}
1409


1410
static const VMStateDescription vmstate_q800_via2 = {
1411
    .name = "q800-via2",
1412
    .version_id = 0,
1413
    .minimum_version_id = 0,
1414
    .fields = (const VMStateField[]) {
1415
        VMSTATE_STRUCT(parent_obj, MOS6522Q800VIA2State, 0, vmstate_mos6522,
1416
                       MOS6522State),
1417
        VMSTATE_END_OF_LIST()
1418
    }
1419
};
1420


1421
static void mos6522_q800_via2_class_init(ObjectClass *oc, void *data)
1422
{
1423
    DeviceClass *dc = DEVICE_CLASS(oc);
1424
    ResettableClass *rc = RESETTABLE_CLASS(oc);
1425
    MOS6522DeviceClass *mdc = MOS6522_CLASS(oc);
1426


1427
    resettable_class_set_parent_phases(rc, NULL, mos6522_q800_via2_reset_hold,
1428
                                       NULL, &mdc->parent_phases);
1429
    dc->vmsd = &vmstate_q800_via2;
1430
    mdc->portB_write = mos6522_q800_via2_portB_write;
1431
}
1432


1433
static const TypeInfo mos6522_q800_via2_type_info = {
1434
    .name = TYPE_MOS6522_Q800_VIA2,
1435
    .parent = TYPE_MOS6522,
1436
    .instance_size = sizeof(MOS6522Q800VIA2State),
1437
    .instance_init = mos6522_q800_via2_init,
1438
    .class_init = mos6522_q800_via2_class_init,
1439
};
1440


1441
static void mac_via_register_types(void)
1442
{
1443
    type_register_static(&mos6522_q800_via1_type_info);
1444
    type_register_static(&mos6522_q800_via2_type_info);
1445
}
1446


1447
type_init(mac_via_register_types);
1448

Использование cookies

Мы используем файлы cookie в соответствии с Политикой конфиденциальности и Политикой использования cookies.

Нажимая кнопку «Принимаю», Вы даете АО «СберТех» согласие на обработку Ваших персональных данных в целях совершенствования нашего веб-сайта и Сервиса GitVerse, а также повышения удобства их использования.

Запретить использование cookies Вы можете самостоятельно в настройках Вашего браузера.