]> git.proxmox.com Git - mirror_qemu.git/blame - hw/misc/mac_via.c
projects / mirror_qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
mac_via: implement ADB_STATE_IDLE state if shift register in input mode
[mirror_qemu.git] / hw / misc / mac_via.c
CommitLineData
6dca62a0
LV		 1/*
2 * QEMU m68k Macintosh VIA device support
3 *
4 * Copyright (c) 2011-2018 Laurent Vivier
5 * Copyright (c) 2018 Mark Cave-Ayland
6 *
7 * Some parts from hw/misc/macio/cuda.c
8 *
9 * Copyright (c) 2004-2007 Fabrice Bellard
10 * Copyright (c) 2007 Jocelyn Mayer
11 *
12 * some parts from linux-2.6.29, arch/m68k/include/asm/mac_via.h
13 *
14 * This work is licensed under the terms of the GNU GPL, version 2 or later.
15 * See the COPYING file in the top-level directory.
16 */
17
18#include "qemu/osdep.h"
366d2779 19#include "exec/address-spaces.h"
6dca62a0
LV		 20#include "migration/vmstate.h"
21#include "hw/sysbus.h"
22#include "hw/irq.h"
23#include "qemu/timer.h"
24#include "hw/misc/mac_via.h"
25#include "hw/misc/mos6522.h"
26#include "hw/input/adb.h"
27#include "sysemu/runstate.h"
28#include "qapi/error.h"
29#include "qemu/cutils.h"
eb064db9 30#include "hw/qdev-properties.h"
ce35e229 31#include "hw/qdev-properties-system.h"
eb064db9 32#include "sysemu/block-backend.h"
2f93d8b0 33#include "sysemu/rtc.h"
b2619c15 34#include "trace.h"
80aab795 35#include "qemu/log.h"
6dca62a0
LV		 36
37/*
02a68a3e 38 * VIAs: There are two in every machine
6dca62a0
LV		 39 */
40
6dca62a0
LV		 41/*
42 * Not all of these are true post MacII I think.
43 * CSA: probably the ones CHRP marks as 'unused' change purposes
44 * when the IWM becomes the SWIM.
45 * http://www.rs6000.ibm.com/resource/technology/chrpio/via5.mak.html
46 * ftp://ftp.austin.ibm.com/pub/technology/spec/chrp/inwork/CHRP_IORef_1.0.pdf
47 *
48 * also, http://developer.apple.com/technotes/hw/hw_09.html claims the
49 * following changes for IIfx:
50 * VIA1A_vSccWrReq not available and that VIA1A_vSync has moved to an IOP.
51 * Also, "All of the functionality of VIA2 has been moved to other chips".
52 */
53
54#define VIA1A_vSccWrReq 0x80 /*
55 * SCC write. (input)
56 * [CHRP] SCC WREQ: Reflects the state of the
57 * Wait/Request pins from the SCC.
58 * [Macintosh Family Hardware]
59 * as CHRP on SE/30,II,IIx,IIcx,IIci.
60 * on IIfx, "0 means an active request"
61 */
62#define VIA1A_vRev8 0x40 /*
63 * Revision 8 board ???
64 * [CHRP] En WaitReqB: Lets the WaitReq_L
65 * signal from port B of the SCC appear on
66 * the PA7 input pin. Output.
67 * [Macintosh Family] On the SE/30, this
68 * is the bit to flip screen buffers.
69 * 0=alternate, 1=main.
70 * on II,IIx,IIcx,IIci,IIfx this is a bit
71 * for Rev ID. 0=II,IIx, 1=IIcx,IIci,IIfx
72 */
73#define VIA1A_vHeadSel 0x20 /*
74 * Head select for IWM.
75 * [CHRP] unused.
76 * [Macintosh Family] "Floppy disk
77 * state-control line SEL" on all but IIfx
78 */
79#define VIA1A_vOverlay 0x10 /*
80 * [Macintosh Family] On SE/30,II,IIx,IIcx
81 * this bit enables the "Overlay" address
82 * map in the address decoders as it is on
83 * reset for mapping the ROM over the reset
84 * vector. 1=use overlay map.
85 * On the IIci,IIfx it is another bit of the
86 * CPU ID: 0=normal IIci, 1=IIci with parity
87 * feature or IIfx.
88 * [CHRP] En WaitReqA: Lets the WaitReq_L
89 * signal from port A of the SCC appear
90 * on the PA7 input pin (CHRP). Output.
91 * [MkLinux] "Drive Select"
92 * (with 0x20 being 'disk head select')
93 */
94#define VIA1A_vSync 0x08 /*
95 * [CHRP] Sync Modem: modem clock select:
96 * 1: select the external serial clock to
97 * drive the SCC's /RTxCA pin.
98 * 0: Select the 3.6864MHz clock to drive
99 * the SCC cell.
100 * [Macintosh Family] Correct on all but IIfx
101 */
102
103/*
104 * Macintosh Family Hardware sez: bits 0-2 of VIA1A are volume control
105 * on Macs which had the PWM sound hardware. Reserved on newer models.
106 * On IIci,IIfx, bits 1-2 are the rest of the CPU ID:
107 * bit 2: 1=IIci, 0=IIfx
108 * bit 1: 1 on both IIci and IIfx.
109 * MkLinux sez bit 0 is 'burnin flag' in this case.
110 * CHRP sez: VIA1A bits 0-2 and 5 are 'unused': if programmed as
111 * inputs, these bits will read 0.
112 */
113#define VIA1A_vVolume 0x07 /* Audio volume mask for PWM */
114#define VIA1A_CPUID0 0x02 /* CPU id bit 0 on RBV, others */
115#define VIA1A_CPUID1 0x04 /* CPU id bit 0 on RBV, others */
116#define VIA1A_CPUID2 0x10 /* CPU id bit 0 on RBV, others */
117#define VIA1A_CPUID3 0x40 /* CPU id bit 0 on RBV, others */
0f03047c
MCA		 118#define VIA1A_CPUID_MASK (VIA1A_CPUID0 | VIA1A_CPUID1 | \
119 VIA1A_CPUID2 | VIA1A_CPUID3)
120#define VIA1A_CPUID_Q800 (VIA1A_CPUID0 | VIA1A_CPUID2)
6dca62a0
LV		 121
122/*
123 * Info on VIA1B is from Macintosh Family Hardware & MkLinux.
124 * CHRP offers no info.
125 */
126#define VIA1B_vSound 0x80 /*
127 * Sound enable (for compatibility with
128 * PWM hardware) 0=enabled.
129 * Also, on IIci w/parity, shows parity error
130 * 0=error, 1=OK.
131 */
132#define VIA1B_vMystery 0x40 /*
133 * On IIci, parity enable. 0=enabled,1=disabled
134 * On SE/30, vertical sync interrupt enable.
135 * 0=enabled. This vSync interrupt shows up
136 * as a slot $E interrupt.
e976459b
MCA		 137 * On Quadra 800 this bit toggles A/UX mode which
138 * configures the glue logic to deliver some IRQs
139 * at different levels compared to a classic
140 * Mac.
6dca62a0
LV		 141 */
142#define VIA1B_vADBS2 0x20 /* ADB state input bit 1 (unused on IIfx) */
143#define VIA1B_vADBS1 0x10 /* ADB state input bit 0 (unused on IIfx) */
144#define VIA1B_vADBInt 0x08 /* ADB interrupt 0=interrupt (unused on IIfx)*/
145#define VIA1B_vRTCEnb 0x04 /* Enable Real time clock. 0=enabled. */
146#define VIA1B_vRTCClk 0x02 /* Real time clock serial-clock line. */
147#define VIA1B_vRTCData 0x01 /* Real time clock serial-data line. */
148
149/*
150 * VIA2 A register is the interrupt lines raised off the nubus
151 * slots.
152 * The below info is from 'Macintosh Family Hardware.'
153 * MkLinux calls the 'IIci internal video IRQ' below the 'RBV slot 0 irq.'
154 * It also notes that the slot $9 IRQ is the 'Ethernet IRQ' and
155 * defines the 'Video IRQ' as 0x40 for the 'EVR' VIA work-alike.
156 * Perhaps OSS uses vRAM1 and vRAM2 for ADB.
157 */
158
159#define VIA2A_vRAM1 0x80 /* RAM size bit 1 (IIci: reserved) */
160#define VIA2A_vRAM0 0x40 /* RAM size bit 0 (IIci: internal video IRQ) */
161#define VIA2A_vIRQE 0x20 /* IRQ from slot $E */
162#define VIA2A_vIRQD 0x10 /* IRQ from slot $D */
163#define VIA2A_vIRQC 0x08 /* IRQ from slot $C */
164#define VIA2A_vIRQB 0x04 /* IRQ from slot $B */
165#define VIA2A_vIRQA 0x02 /* IRQ from slot $A */
166#define VIA2A_vIRQ9 0x01 /* IRQ from slot $9 */
167
168/*
169 * RAM size bits decoded as follows:
170 * bit1 bit0 size of ICs in bank A
171 * 0 0 256 kbit
172 * 0 1 1 Mbit
173 * 1 0 4 Mbit
174 * 1 1 16 Mbit
175 */
176
177/*
178 * Register B has the fun stuff in it
179 */
180
181#define VIA2B_vVBL 0x80 /*
182 * VBL output to VIA1 (60.15Hz) driven by
183 * timer T1.
184 * on IIci, parity test: 0=test mode.
185 * [MkLinux] RBV_PARODD: 1=odd,0=even.
186 */
187#define VIA2B_vSndJck 0x40 /*
188 * External sound jack status.
189 * 0=plug is inserted. On SE/30, always 0
190 */
191#define VIA2B_vTfr0 0x20 /* Transfer mode bit 0 ack from NuBus */
192#define VIA2B_vTfr1 0x10 /* Transfer mode bit 1 ack from NuBus */
193#define VIA2B_vMode32 0x08 /*
194 * 24/32bit switch - doubles as cache flush
195 * on II, AMU/PMMU control.
196 * if AMU, 0=24bit to 32bit translation
197 * if PMMU, 1=PMMU is accessing page table.
198 * on SE/30 tied low.
199 * on IIx,IIcx,IIfx, unused.
200 * on IIci/RBV, cache control. 0=flush cache.
201 */
202#define VIA2B_vPower 0x04 /*
203 * Power off, 0=shut off power.
204 * on SE/30 this signal sent to PDS card.
205 */
206#define VIA2B_vBusLk 0x02 /*
207 * Lock NuBus transactions, 0=locked.
208 * on SE/30 sent to PDS card.
209 */
210#define VIA2B_vCDis 0x01 /*
211 * Cache control. On IIci, 1=disable cache card
212 * on others, 0=disable processor's instruction
213 * and data caches.
214 */
215
216/* interrupt flags */
217
218#define IRQ_SET 0x80
219
220/* common */
221
222#define VIA_IRQ_TIMER1 0x40
223#define VIA_IRQ_TIMER2 0x20
224
225/*
226 * Apple sez: http://developer.apple.com/technotes/ov/ov_04.html
227 * Another example of a valid function that has no ROM support is the use
228 * of the alternate video page for page-flipping animation. Since there
229 * is no ROM call to flip pages, it is necessary to go play with the
230 * right bit in the VIA chip (6522 Versatile Interface Adapter).
231 * [CSA: don't know which one this is, but it's one of 'em!]
232 */
233
234/*
235 * 6522 registers - see databook.
236 * CSA: Assignments for VIA1 confirmed from CHRP spec.
237 */
238
239/* partial address decode. 0xYYXX : XX part for RBV, YY part for VIA */
240/* Note: 15 VIA regs, 8 RBV regs */
241
242#define vBufB 0x0000 /* [VIA/RBV] Register B */
243#define vBufAH 0x0200 /* [VIA only] Buffer A, with handshake. DON'T USE! */
244#define vDirB 0x0400 /* [VIA only] Data Direction Register B. */
245#define vDirA 0x0600 /* [VIA only] Data Direction Register A. */
246#define vT1CL 0x0800 /* [VIA only] Timer one counter low. */
247#define vT1CH 0x0a00 /* [VIA only] Timer one counter high. */
248#define vT1LL 0x0c00 /* [VIA only] Timer one latches low. */
249#define vT1LH 0x0e00 /* [VIA only] Timer one latches high. */
250#define vT2CL 0x1000 /* [VIA only] Timer two counter low. */
251#define vT2CH 0x1200 /* [VIA only] Timer two counter high. */
252#define vSR 0x1400 /* [VIA only] Shift register. */
9b4b4e51 253#define vACR 0x1600 /* [VIA only] Auxiliary control register. */
6dca62a0
LV		 254#define vPCR 0x1800 /* [VIA only] Peripheral control register. */
255 /*
256 * CHRP sez never ever to *write* this.
257 * Mac family says never to *change* this.
258 * In fact we need to initialize it once at start.
259 */
260#define vIFR 0x1a00 /* [VIA/RBV] Interrupt flag register. */
261#define vIER 0x1c00 /* [VIA/RBV] Interrupt enable register. */
262#define vBufA 0x1e00 /* [VIA/RBV] register A (no handshake) */
263
264/* from linux 2.6 drivers/macintosh/via-macii.c */
265
266/* Bits in ACR */
267
268#define VIA1ACR_vShiftCtrl 0x1c /* Shift register control bits */
269#define VIA1ACR_vShiftExtClk 0x0c /* Shift on external clock */
270#define VIA1ACR_vShiftOut 0x10 /* Shift out if 1 */
271
272/*
273 * Apple Macintosh Family Hardware Refenece
274 * Table 19-10 ADB transaction states
275 */
276
87a34e2a
LV		 277#define ADB_STATE_NEW 0
278#define ADB_STATE_EVEN 1
279#define ADB_STATE_ODD 2
280#define ADB_STATE_IDLE 3
281
6dca62a0
LV		 282#define VIA1B_vADB_StateMask (VIA1B_vADBS1 | VIA1B_vADBS2)
283#define VIA1B_vADB_StateShift 4
284
285#define VIA_TIMER_FREQ (783360)
87a34e2a 286#define VIA_ADB_POLL_FREQ 50 /* XXX: not real */
6dca62a0 287
82ff856f
MCA		 288/*
289 * Guide to the Macintosh Family Hardware ch. 12 "Displays" p. 401 gives the
290 * precise 60Hz interrupt frequency as ~60.15Hz with a period of 16625.8 us
291 */
292#define VIA_60HZ_TIMER_PERIOD_NS 16625800
293
6dca62a0
LV		 294/* VIA returns time offset from Jan 1, 1904, not 1970 */
295#define RTC_OFFSET 2082844800
296
b2619c15
LV		 297enum {
298 REG_0,
299 REG_1,
300 REG_2,
301 REG_3,
302 REG_TEST,
303 REG_WPROTECT,
304 REG_PRAM_ADDR,
305 REG_PRAM_ADDR_LAST = REG_PRAM_ADDR + 19,
306 REG_PRAM_SECT,
307 REG_PRAM_SECT_LAST = REG_PRAM_SECT + 7,
308 REG_INVALID,
309 REG_EMPTY = 0xff,
310};
311
4c8f4ab4 312static void via1_sixty_hz_update(MOS6522Q800VIA1State *v1s)
6dca62a0 313{
6dca62a0 314 /* 60 Hz irq */
82ff856f
MCA		 315 v1s->next_sixty_hz = (qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) +
316 VIA_60HZ_TIMER_PERIOD_NS) /
317 VIA_60HZ_TIMER_PERIOD_NS * VIA_60HZ_TIMER_PERIOD_NS;
30ca7edd 318 timer_mod(v1s->sixty_hz_timer, v1s->next_sixty_hz);
6dca62a0
LV		 319}
320
321static void via1_one_second_update(MOS6522Q800VIA1State *v1s)
322{
6dca62a0
LV		 323 v1s->next_second = (qemu_clock_get_ms(QEMU_CLOCK_VIRTUAL) + 1000) /
324 1000 * 1000;
30ca7edd 325 timer_mod(v1s->one_second_timer, v1s->next_second);
6dca62a0
LV		 326}
327
4c8f4ab4 328static void via1_sixty_hz(void *opaque)
6dca62a0
LV		 329{
330 MOS6522Q800VIA1State *v1s = opaque;
331 MOS6522State *s = MOS6522(v1s);
ebe5bca2 332 qemu_irq irq = qdev_get_gpio_in(DEVICE(s), VIA1_IRQ_60HZ_BIT);
6dca62a0 333
b793b4ef
MCA		 334 /* Negative edge trigger */
335 qemu_irq_lower(irq);
336 qemu_irq_raise(irq);
6dca62a0 337
4c8f4ab4 338 via1_sixty_hz_update(v1s);
6dca62a0
LV		 339}
340
341static void via1_one_second(void *opaque)
342{
343 MOS6522Q800VIA1State *v1s = opaque;
344 MOS6522State *s = MOS6522(v1s);
ebe5bca2 345 qemu_irq irq = qdev_get_gpio_in(DEVICE(s), VIA1_IRQ_ONE_SECOND_BIT);
6dca62a0 346
b793b4ef
MCA		 347 /* Negative edge trigger */
348 qemu_irq_lower(irq);
349 qemu_irq_raise(irq);
6dca62a0
LV		 350
351 via1_one_second_update(v1s);
352}
353
eb064db9 354
8064d7bb 355static void pram_update(MOS6522Q800VIA1State *v1s)
eb064db9 356{
8064d7bb 357 if (v1s->blk) {
a9262f55 358 if (blk_pwrite(v1s->blk, 0, sizeof(v1s->PRAM), v1s->PRAM, 0) < 0) {
80aab795
LV		 359 qemu_log("pram_update: cannot write to file\n");
360 }
eb064db9
LV		 361 }
362}
363
b2619c15
LV		 364/*
365 * RTC Commands
366 *
367 * Command byte Register addressed by the command
368 *
53200905
MCA		 369 * z00x0001 Seconds register 0 (lowest-order byte)
370 * z00x0101 Seconds register 1
371 * z00x1001 Seconds register 2
372 * z00x1101 Seconds register 3 (highest-order byte)
b2619c15
LV		 373 * 00110001 Test register (write-only)
374 * 00110101 Write-Protect Register (write-only)
375 * z010aa01 RAM address 100aa ($10-$13) (first 20 bytes only)
376 * z1aaaa01 RAM address 0aaaa ($00-$0F) (first 20 bytes only)
377 * z0111aaa Extended memory designator and sector number
378 *
379 * For a read request, z=1, for a write z=0
53200905 380 * The letter x indicates don't care
b2619c15
LV		 381 * The letter a indicates bits whose value depend on what parameter
382 * RAM byte you want to address
383 */
384static int via1_rtc_compact_cmd(uint8_t value)
385{
386 uint8_t read = value & 0x80;
387
388 value &= 0x7f;
389
390 /* the last 2 bits of a command byte must always be 0b01 ... */
391 if ((value & 0x78) == 0x38) {
392 /* except for the extended memory designator */
393 return read | (REG_PRAM_SECT + (value & 0x07));
394 }
395 if ((value & 0x03) == 0x01) {
396 value >>= 2;
53200905 397 if ((value & 0x18) == 0) {
b2619c15
LV		 398 /* seconds registers */
399 return read | (REG_0 + (value & 0x03));
400 } else if ((value == 0x0c) && !read) {
401 return REG_TEST;
402 } else if ((value == 0x0d) && !read) {
403 return REG_WPROTECT;
404 } else if ((value & 0x1c) == 0x08) {
405 /* RAM address 0x10 to 0x13 */
406 return read | (REG_PRAM_ADDR + 0x10 + (value & 0x03));
ce47d531 407 } else if ((value & 0x10) == 0x10) {
b2619c15
LV		 408 /* RAM address 0x00 to 0x0f */
409 return read | (REG_PRAM_ADDR + (value & 0x0f));
410 }
411 }
412 return REG_INVALID;
413}
414
741258b0 415static void via1_rtc_update(MOS6522Q800VIA1State *v1s)
6dca62a0 416{
6dca62a0 417 MOS6522State *s = MOS6522(v1s);
b2619c15
LV		 418 int cmd, sector, addr;
419 uint32_t time;
6dca62a0
LV		 420
421 if (s->b & VIA1B_vRTCEnb) {
422 return;
423 }
424
425 if (s->dirb & VIA1B_vRTCData) {
426 /* send bits to the RTC */
427 if (!(v1s->last_b & VIA1B_vRTCClk) && (s->b & VIA1B_vRTCClk)) {
741258b0
MCA		 428 v1s->data_out <<= 1;
429 v1s->data_out |= s->b & VIA1B_vRTCData;
430 v1s->data_out_cnt++;
6dca62a0 431 }
741258b0 432 trace_via1_rtc_update_data_out(v1s->data_out_cnt, v1s->data_out);
6dca62a0 433 } else {
741258b0 434 trace_via1_rtc_update_data_in(v1s->data_in_cnt, v1s->data_in);
6dca62a0
LV		 435 /* receive bits from the RTC */
436 if ((v1s->last_b & VIA1B_vRTCClk) &&
437 !(s->b & VIA1B_vRTCClk) &&
741258b0 438 v1s->data_in_cnt) {
6dca62a0 439 s->b = (s->b & ~VIA1B_vRTCData) |
741258b0
MCA		 440 ((v1s->data_in >> 7) & VIA1B_vRTCData);
441 v1s->data_in <<= 1;
442 v1s->data_in_cnt--;
6dca62a0 443 }
b2619c15 444 return;
6dca62a0
LV		 445 }
446
741258b0 447 if (v1s->data_out_cnt != 8) {
b2619c15
LV		 448 return;
449 }
450
741258b0 451 v1s->data_out_cnt = 0;
b2619c15 452
741258b0 453 trace_via1_rtc_internal_status(v1s->cmd, v1s->alt, v1s->data_out);
b2619c15 454 /* first byte: it's a command */
741258b0 455 if (v1s->cmd == REG_EMPTY) {
b2619c15 456
741258b0 457 cmd = via1_rtc_compact_cmd(v1s->data_out);
b2619c15
LV		 458 trace_via1_rtc_internal_cmd(cmd);
459
460 if (cmd == REG_INVALID) {
741258b0 461 trace_via1_rtc_cmd_invalid(v1s->data_out);
b2619c15
LV		 462 return;
463 }
464
465 if (cmd & 0x80) { /* this is a read command */
466 switch (cmd & 0x7f) {
467 case REG_0...REG_3: /* seconds registers */
468 /*
469 * register 0 is lowest-order byte
470 * register 3 is highest-order byte
471 */
472
741258b0 473 time = v1s->tick_offset + (qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL)
b2619c15
LV		 474 / NANOSECONDS_PER_SECOND);
475 trace_via1_rtc_internal_time(time);
741258b0
MCA		 476 v1s->data_in = (time >> ((cmd & 0x03) << 3)) & 0xff;
477 v1s->data_in_cnt = 8;
b2619c15 478 trace_via1_rtc_cmd_seconds_read((cmd & 0x7f) - REG_0,
741258b0 479 v1s->data_in);
b2619c15
LV		 480 break;
481 case REG_PRAM_ADDR...REG_PRAM_ADDR_LAST:
482 /* PRAM address 0x00 -> 0x13 */
741258b0
MCA		 483 v1s->data_in = v1s->PRAM[(cmd & 0x7f) - REG_PRAM_ADDR];
484 v1s->data_in_cnt = 8;
b2619c15 485 trace_via1_rtc_cmd_pram_read((cmd & 0x7f) - REG_PRAM_ADDR,
741258b0 486 v1s->data_in);
b2619c15
LV		 487 break;
488 case REG_PRAM_SECT...REG_PRAM_SECT_LAST:
489 /*
490 * extended memory designator and sector number
491 * the only two-byte read command
492 */
493 trace_via1_rtc_internal_set_cmd(cmd);
741258b0 494 v1s->cmd = cmd;
b2619c15
LV		 495 break;
496 default:
497 g_assert_not_reached();
498 break;
6dca62a0 499 }
b2619c15
LV		 500 return;
501 }
502
503 /* this is a write command, needs a parameter */
741258b0 504 if (cmd == REG_WPROTECT || !v1s->wprotect) {
b2619c15 505 trace_via1_rtc_internal_set_cmd(cmd);
741258b0 506 v1s->cmd = cmd;
6dca62a0 507 } else {
b2619c15
LV		 508 trace_via1_rtc_internal_ignore_cmd(cmd);
509 }
510 return;
511 }
512
513 /* second byte: it's a parameter */
741258b0
MCA		 514 if (v1s->alt == REG_EMPTY) {
515 switch (v1s->cmd & 0x7f) {
b2619c15
LV		 516 case REG_0...REG_3: /* seconds register */
517 /* FIXME */
741258b0
MCA		 518 trace_via1_rtc_cmd_seconds_write(v1s->cmd - REG_0, v1s->data_out);
519 v1s->cmd = REG_EMPTY;
b2619c15
LV		 520 break;
521 case REG_TEST:
522 /* device control: nothing to do */
741258b0
MCA		 523 trace_via1_rtc_cmd_test_write(v1s->data_out);
524 v1s->cmd = REG_EMPTY;
b2619c15
LV		 525 break;
526 case REG_WPROTECT:
527 /* Write Protect register */
741258b0
MCA		 528 trace_via1_rtc_cmd_wprotect_write(v1s->data_out);
529 v1s->wprotect = !!(v1s->data_out & 0x80);
530 v1s->cmd = REG_EMPTY;
b2619c15
LV		 531 break;
532 case REG_PRAM_ADDR...REG_PRAM_ADDR_LAST:
533 /* PRAM address 0x00 -> 0x13 */
741258b0
MCA		 534 trace_via1_rtc_cmd_pram_write(v1s->cmd - REG_PRAM_ADDR,
535 v1s->data_out);
536 v1s->PRAM[v1s->cmd - REG_PRAM_ADDR] = v1s->data_out;
8064d7bb 537 pram_update(v1s);
741258b0 538 v1s->cmd = REG_EMPTY;
b2619c15
LV		 539 break;
540 case REG_PRAM_SECT...REG_PRAM_SECT_LAST:
741258b0
MCA		 541 addr = (v1s->data_out >> 2) & 0x1f;
542 sector = (v1s->cmd & 0x7f) - REG_PRAM_SECT;
543 if (v1s->cmd & 0x80) {
b2619c15 544 /* it's a read */
741258b0
MCA		 545 v1s->data_in = v1s->PRAM[sector * 32 + addr];
546 v1s->data_in_cnt = 8;
b2619c15
LV		 547 trace_via1_rtc_cmd_pram_sect_read(sector, addr,
548 sector * 32 + addr,
741258b0
MCA		 549 v1s->data_in);
550 v1s->cmd = REG_EMPTY;
b2619c15
LV		 551 } else {
552 /* it's a write, we need one more parameter */
553 trace_via1_rtc_internal_set_alt(addr, sector, addr);
741258b0 554 v1s->alt = addr;
6dca62a0 555 }
b2619c15
LV		 556 break;
557 default:
558 g_assert_not_reached();
559 break;
6dca62a0 560 }
b2619c15 561 return;
6dca62a0 562 }
b2619c15
LV		 563
564 /* third byte: it's the data of a REG_PRAM_SECT write */
741258b0
MCA		 565 g_assert(REG_PRAM_SECT <= v1s->cmd && v1s->cmd <= REG_PRAM_SECT_LAST);
566 sector = v1s->cmd - REG_PRAM_SECT;
567 v1s->PRAM[sector * 32 + v1s->alt] = v1s->data_out;
8064d7bb 568 pram_update(v1s);
741258b0
MCA		 569 trace_via1_rtc_cmd_pram_sect_write(sector, v1s->alt, sector * 32 + v1s->alt,
570 v1s->data_out);
571 v1s->alt = REG_EMPTY;
572 v1s->cmd = REG_EMPTY;
6dca62a0
LV		 573}
574
975fcedd 575static void adb_via_poll(void *opaque)
87a34e2a 576{
5f083d42 577 MOS6522Q800VIA1State *v1s = MOS6522_Q800_VIA1(opaque);
975fcedd 578 MOS6522State *s = MOS6522(v1s);
5f083d42 579 ADBBusState *adb_bus = &v1s->adb_bus;
975fcedd
MCA		 580 uint8_t obuf[9];
581 uint8_t *data = &s->sr;
582 int olen;
f3d61457 583
975fcedd
MCA		 584 /*
585 * Setting vADBInt below indicates that an autopoll reply has been
586 * received, however we must block autopoll until the point where
587 * the entire reply has been read back to the host
588 */
913f47ef 589 adb_autopoll_block(adb_bus);
87a34e2a 590
5f083d42 591 if (v1s->adb_data_in_size > 0 && v1s->adb_data_in_index == 0) {
a67ffaf0
MCA		 592 /*
593 * For older Linux kernels that switch to IDLE mode after sending the
594 * ADB command, detect if there is an existing response and return that
a07d9df0 595 * as a "fake" autopoll reply or bus timeout accordingly
a67ffaf0 596 */
5f083d42
MCA		 597 *data = v1s->adb_data_out[0];
598 olen = v1s->adb_data_in_size;
975fcedd
MCA		 599
600 s->b &= ~VIA1B_vADBInt;
5f083d42 601 qemu_irq_raise(v1s->adb_data_ready);
975fcedd 602 } else {
a67ffaf0
MCA		 603 /*
604 * Otherwise poll as normal
605 */
5f083d42
MCA		 606 v1s->adb_data_in_index = 0;
607 v1s->adb_data_out_index = 0;
a67ffaf0
MCA		 608 olen = adb_poll(adb_bus, obuf, adb_bus->autopoll_mask);
609
610 if (olen > 0) {
611 /* Autopoll response */
612 *data = obuf[0];
613 olen--;
5f083d42
MCA		 614 memcpy(v1s->adb_data_in, &obuf[1], olen);
615 v1s->adb_data_in_size = olen;
975fcedd 616
975fcedd 617 s->b &= ~VIA1B_vADBInt;
5f083d42 618 qemu_irq_raise(v1s->adb_data_ready);
a67ffaf0 619 } else {
5f083d42 620 *data = v1s->adb_autopoll_cmd;
975fcedd
MCA		 621 obuf[0] = 0xff;
622 obuf[1] = 0xff;
623 olen = 2;
87a34e2a 624
5f083d42
MCA		 625 memcpy(v1s->adb_data_in, obuf, olen);
626 v1s->adb_data_in_size = olen;
87a34e2a 627
a67ffaf0 628 s->b &= ~VIA1B_vADBInt;
5f083d42 629 qemu_irq_raise(v1s->adb_data_ready);
975fcedd 630 }
87a34e2a
LV		 631 }
632
975fcedd 633 trace_via1_adb_poll(*data, (s->b & VIA1B_vADBInt) ? "+" : "-",
5f083d42 634 adb_bus->status, v1s->adb_data_in_index, olen);
87a34e2a
LV		 635}
636
975fcedd 637static int adb_via_send_len(uint8_t data)
87a34e2a 638{
975fcedd
MCA		 639 /* Determine the send length from the given ADB command */
640 uint8_t cmd = data & 0xc;
641 uint8_t reg = data & 0x3;
642
643 switch (cmd) {
644 case 0x8:
645 /* Listen command */
646 switch (reg) {
647 case 2:
648 /* Register 2 is only used for the keyboard */
649 return 3;
650 case 3:
651 /*
652 * Fortunately our devices only implement writes
653 * to register 3 which is fixed at 2 bytes
654 */
655 return 3;
656 default:
657 qemu_log_mask(LOG_UNIMP, "ADB unknown length for register %d\n",
658 reg);
659 return 1;
87a34e2a 660 }
975fcedd
MCA		 661 default:
662 /* Talk, BusReset */
663 return 1;
87a34e2a 664 }
87a34e2a
LV		 665}
666
5f083d42 667static void adb_via_send(MOS6522Q800VIA1State *v1s, int state, uint8_t data)
87a34e2a 668{
975fcedd 669 MOS6522State *ms = MOS6522(v1s);
5f083d42 670 ADBBusState *adb_bus = &v1s->adb_bus;
975fcedd
MCA		 671 uint16_t autopoll_mask;
672
87a34e2a
LV		 673 switch (state) {
674 case ADB_STATE_NEW:
975fcedd
MCA		 675 /*
676 * Command byte: vADBInt tells host autopoll data already present
677 * in VIA shift register and ADB transceiver
678 */
679 adb_autopoll_block(adb_bus);
680
681 if (adb_bus->status & ADB_STATUS_POLLREPLY) {
682 /* Tell the host the existing data is from autopoll */
683 ms->b &= ~VIA1B_vADBInt;
684 } else {
685 ms->b |= VIA1B_vADBInt;
5f083d42
MCA		 686 v1s->adb_data_out_index = 0;
687 v1s->adb_data_out[v1s->adb_data_out_index++] = data;
87a34e2a
LV		 688 }
689
975fcedd 690 trace_via1_adb_send(" NEW", data, (ms->b & VIA1B_vADBInt) ? "+" : "-");
5f083d42 691 qemu_irq_raise(v1s->adb_data_ready);
87a34e2a
LV		 692 break;
693
975fcedd 694 case ADB_STATE_EVEN:
87a34e2a 695 case ADB_STATE_ODD:
975fcedd 696 ms->b |= VIA1B_vADBInt;
5f083d42 697 v1s->adb_data_out[v1s->adb_data_out_index++] = data;
87a34e2a 698
975fcedd
MCA		 699 trace_via1_adb_send(state == ADB_STATE_EVEN ? "EVEN" : " ODD",
700 data, (ms->b & VIA1B_vADBInt) ? "+" : "-");
5f083d42 701 qemu_irq_raise(v1s->adb_data_ready);
87a34e2a
LV		 702 break;
703
704 case ADB_STATE_IDLE:
7ebfb91d
MCA		 705 ms->b |= VIA1B_vADBInt;
706 adb_autopoll_unblock(adb_bus);
707
708 trace_via1_adb_send("IDLE", data,
709 (ms->b & VIA1B_vADBInt) ? "+" : "-");
710
975fcedd
MCA		 711 return;
712 }
87a34e2a 713
975fcedd 714 /* If the command is complete, execute it */
5f083d42
MCA		 715 if (v1s->adb_data_out_index == adb_via_send_len(v1s->adb_data_out[0])) {
716 v1s->adb_data_in_size = adb_request(adb_bus, v1s->adb_data_in,
717 v1s->adb_data_out,
718 v1s->adb_data_out_index);
719 v1s->adb_data_in_index = 0;
87a34e2a 720
975fcedd
MCA		 721 if (adb_bus->status & ADB_STATUS_BUSTIMEOUT) {
722 /*
723 * Bus timeout (but allow first EVEN and ODD byte to indicate
724 * timeout via vADBInt and SRQ status)
725 */
5f083d42
MCA		 726 v1s->adb_data_in[0] = 0xff;
727 v1s->adb_data_in[1] = 0xff;
728 v1s->adb_data_in_size = 2;
87a34e2a
LV		 729 }
730
975fcedd
MCA		 731 /*
732 * If last command is TALK, store it for use by autopoll and adjust
733 * the autopoll mask accordingly
734 */
5f083d42
MCA		 735 if ((v1s->adb_data_out[0] & 0xc) == 0xc) {
736 v1s->adb_autopoll_cmd = v1s->adb_data_out[0];
87a34e2a 737
5f083d42 738 autopoll_mask = 1 << (v1s->adb_autopoll_cmd >> 4);
975fcedd
MCA		 739 adb_set_autopoll_mask(adb_bus, autopoll_mask);
740 }
87a34e2a 741 }
87a34e2a
LV		 742}
743
5f083d42 744static void adb_via_receive(MOS6522Q800VIA1State *v1s, int state, uint8_t *data)
87a34e2a 745{
975fcedd 746 MOS6522State *ms = MOS6522(v1s);
5f083d42 747 ADBBusState *adb_bus = &v1s->adb_bus;
975fcedd 748 uint16_t pending;
87a34e2a 749
975fcedd
MCA		 750 switch (state) {
751 case ADB_STATE_NEW:
752 ms->b |= VIA1B_vADBInt;
753 return;
87a34e2a 754
975fcedd 755 case ADB_STATE_IDLE:
a67ffaf0
MCA		 756 ms->b |= VIA1B_vADBInt;
757 adb_autopoll_unblock(adb_bus);
975fcedd
MCA		 758
759 trace_via1_adb_receive("IDLE", *data,
760 (ms->b & VIA1B_vADBInt) ? "+" : "-", adb_bus->status,
5f083d42 761 v1s->adb_data_in_index, v1s->adb_data_in_size);
975fcedd
MCA		 762
763 break;
764
765 case ADB_STATE_EVEN:
766 case ADB_STATE_ODD:
5f083d42 767 switch (v1s->adb_data_in_index) {
975fcedd
MCA		 768 case 0:
769 /* First EVEN byte: vADBInt indicates bus timeout */
5f083d42 770 *data = v1s->adb_data_in[v1s->adb_data_in_index];
975fcedd
MCA		 771 if (adb_bus->status & ADB_STATUS_BUSTIMEOUT) {
772 ms->b &= ~VIA1B_vADBInt;
773 } else {
774 ms->b |= VIA1B_vADBInt;
775 }
975fcedd 776
975fcedd
MCA		 777 trace_via1_adb_receive(state == ADB_STATE_EVEN ? "EVEN" : " ODD",
778 *data, (ms->b & VIA1B_vADBInt) ? "+" : "-",
5f083d42
MCA		 779 adb_bus->status, v1s->adb_data_in_index,
780 v1s->adb_data_in_size);
975fcedd 781
5f083d42 782 v1s->adb_data_in_index++;
9d39ec70
MCA		 783 break;
784
785 case 1:
786 /* First ODD byte: vADBInt indicates SRQ */
5f083d42
MCA		 787 *data = v1s->adb_data_in[v1s->adb_data_in_index];
788 pending = adb_bus->pending & ~(1 << (v1s->adb_autopoll_cmd >> 4));
975fcedd
MCA		 789 if (pending) {
790 ms->b &= ~VIA1B_vADBInt;
791 } else {
792 ms->b |= VIA1B_vADBInt;
793 }
9d39ec70
MCA		 794
795 trace_via1_adb_receive(state == ADB_STATE_EVEN ? "EVEN" : " ODD",
796 *data, (ms->b & VIA1B_vADBInt) ? "+" : "-",
5f083d42
MCA		 797 adb_bus->status, v1s->adb_data_in_index,
798 v1s->adb_data_in_size);
9d39ec70 799
5f083d42 800 v1s->adb_data_in_index++;
975fcedd
MCA		 801 break;
802
803 default:
804 /*
805 * Otherwise vADBInt indicates end of data. Note that Linux
806 * specifically checks for the sequence 0x0 0xff to confirm the
807 * end of the poll reply, so provide these extra bytes below to
808 * keep it happy
809 */
5f083d42 810 if (v1s->adb_data_in_index < v1s->adb_data_in_size) {
975fcedd 811 /* Next data byte */
5f083d42 812 *data = v1s->adb_data_in[v1s->adb_data_in_index];
975fcedd 813 ms->b |= VIA1B_vADBInt;
5f083d42 814 } else if (v1s->adb_data_in_index == v1s->adb_data_in_size) {
975fcedd
MCA		 815 if (adb_bus->status & ADB_STATUS_BUSTIMEOUT) {
816 /* Bus timeout (no more data) */
817 *data = 0xff;
818 } else {
819 /* Return 0x0 after reply */
820 *data = 0;
821 }
975fcedd
MCA		 822 ms->b &= ~VIA1B_vADBInt;
823 } else {
824 /* Bus timeout (no more data) */
825 *data = 0xff;
826 ms->b &= ~VIA1B_vADBInt;
827 adb_bus->status = 0;
828 adb_autopoll_unblock(adb_bus);
829 }
9d39ec70
MCA		 830
831 trace_via1_adb_receive(state == ADB_STATE_EVEN ? "EVEN" : " ODD",
832 *data, (ms->b & VIA1B_vADBInt) ? "+" : "-",
5f083d42
MCA		 833 adb_bus->status, v1s->adb_data_in_index,
834 v1s->adb_data_in_size);
9d39ec70 835
5f083d42
MCA		 836 if (v1s->adb_data_in_index <= v1s->adb_data_in_size) {
837 v1s->adb_data_in_index++;
9d39ec70 838 }
975fcedd 839 break;
87a34e2a 840 }
975fcedd 841
5f083d42 842 qemu_irq_raise(v1s->adb_data_ready);
975fcedd 843 break;
87a34e2a
LV		 844 }
845}
846
5f083d42 847static void via1_adb_update(MOS6522Q800VIA1State *v1s)
87a34e2a 848{
87a34e2a 849 MOS6522State *s = MOS6522(v1s);
975fcedd 850 int oldstate, state;
87a34e2a 851
975fcedd
MCA		 852 oldstate = (v1s->last_b & VIA1B_vADB_StateMask) >> VIA1B_vADB_StateShift;
853 state = (s->b & VIA1B_vADB_StateMask) >> VIA1B_vADB_StateShift;
854
855 if (state != oldstate) {
856 if (s->acr & VIA1ACR_vShiftOut) {
857 /* output mode */
5f083d42 858 adb_via_send(v1s, state, s->sr);
975fcedd
MCA		 859 } else {
860 /* input mode */
5f083d42 861 adb_via_receive(v1s, state, &s->sr);
87a34e2a
LV		 862 }
863 }
87a34e2a
LV		 864}
865
291bc180
MCA		 866static void via1_auxmode_update(MOS6522Q800VIA1State *v1s)
867{
868 MOS6522State *s = MOS6522(v1s);
869 int oldirq, irq;
870
871 oldirq = (v1s->last_b & VIA1B_vMystery) ? 1 : 0;
872 irq = (s->b & VIA1B_vMystery) ? 1 : 0;
873
874 /* Check to see if the A/UX mode bit has changed */
875 if (irq != oldirq) {
876 trace_via1_auxmode(irq);
877 qemu_set_irq(v1s->auxmode_irq, irq);
878 }
879}
880
366d2779
MCA		 881/*
882 * Addresses and real values for TimeDBRA/TimeSCCB to allow timer calibration
883 * to succeed (NOTE: both values have been multiplied by 3 to cope with the
884 * speed of QEMU execution on a modern host
885 */
886#define MACOS_TIMEDBRA 0xd00
887#define MACOS_TIMESCCB 0xd02
888
889#define MACOS_TIMEDBRA_VALUE (0x2a00 * 3)
890#define MACOS_TIMESCCB_VALUE (0x079d * 3)
891
892static bool via1_is_toolbox_timer_calibrated(void)
893{
894 /*
895 * Indicate whether the MacOS toolbox has been calibrated by checking
896 * for the value of our magic constants
897 */
898 uint16_t timedbra = lduw_be_phys(&address_space_memory, MACOS_TIMEDBRA);
899 uint16_t timesccdb = lduw_be_phys(&address_space_memory, MACOS_TIMESCCB);
900
901 return (timedbra == MACOS_TIMEDBRA_VALUE &&
902 timesccdb == MACOS_TIMESCCB_VALUE);
903}
904
905static void via1_timer_calibration_hack(MOS6522Q800VIA1State *v1s, int addr,
906 uint64_t val, int size)
907{
908 /*
909 * Work around timer calibration to ensure we that we have non-zero and
910 * known good values for TIMEDRBA and TIMESCCDB.
911 *
912 * This works by attempting to detect the reset and calibration sequence
913 * of writes to VIA1
914 */
915 int old_timer_hack_state = v1s->timer_hack_state;
916
917 switch (v1s->timer_hack_state) {
918 case 0:
919 if (addr == VIA_REG_PCR && val == 0x22) {
920 /* VIA_REG_PCR: configure VIA1 edge triggering */
921 v1s->timer_hack_state = 1;
922 }
923 break;
924 case 1:
925 if (addr == VIA_REG_T2CL && val == 0xc) {
926 /* VIA_REG_T2CL: low byte of 1ms counter */
927 if (!via1_is_toolbox_timer_calibrated()) {
928 v1s->timer_hack_state = 2;
929 } else {
930 v1s->timer_hack_state = 0;
931 }
932 }
933 break;
934 case 2:
935 if (addr == VIA_REG_T2CH && val == 0x3) {
936 /*
937 * VIA_REG_T2CH: high byte of 1ms counter (very likely at the
938 * start of SETUPTIMEK)
939 */
940 if (!via1_is_toolbox_timer_calibrated()) {
941 v1s->timer_hack_state = 3;
942 } else {
943 v1s->timer_hack_state = 0;
944 }
945 }
946 break;
947 case 3:
948 if (addr == VIA_REG_IER && val == 0x20) {
949 /*
950 * VIA_REG_IER: update at end of SETUPTIMEK
951 *
952 * Timer calibration has finished: unfortunately the values in
953 * TIMEDBRA (0xd00) and TIMESCCDB (0xd02) are so far out they
954 * cause divide by zero errors.
955 *
956 * Update them with values obtained from a real Q800 but with
957 * a x3 scaling factor which seems to work well
958 */
959 stw_be_phys(&address_space_memory, MACOS_TIMEDBRA,
960 MACOS_TIMEDBRA_VALUE);
961 stw_be_phys(&address_space_memory, MACOS_TIMESCCB,
962 MACOS_TIMESCCB_VALUE);
963
964 v1s->timer_hack_state = 4;
965 }
966 break;
967 case 4:
968 /*
969 * This is the normal post-calibration timer state: we should
970 * generally remain here unless we detect the A/UX calibration
971 * loop, or a write to VIA_REG_PCR suggesting a reset
972 */
973 if (addr == VIA_REG_PCR && val == 0x22) {
974 /* Looks like there has been a reset? */
975 v1s->timer_hack_state = 1;
976 }
977 break;
978 default:
979 g_assert_not_reached();
980 }
981
982 if (old_timer_hack_state != v1s->timer_hack_state) {
983 trace_via1_timer_hack_state(v1s->timer_hack_state);
984 }
985}
986
6dca62a0
LV		 987static uint64_t mos6522_q800_via1_read(void *opaque, hwaddr addr, unsigned size)
988{
989 MOS6522Q800VIA1State *s = MOS6522_Q800_VIA1(opaque);
990 MOS6522State *ms = MOS6522(s);
0f03047c 991 uint64_t ret;
6dca62a0
LV		 992
993 addr = (addr >> 9) & 0xf;
0f03047c
MCA		 994 ret = mos6522_read(ms, addr, size);
995 switch (addr) {
996 case VIA_REG_A:
997 case VIA_REG_ANH:
998 /* Quadra 800 Id */
999 ret = (ret & ~VIA1A_CPUID_MASK) | VIA1A_CPUID_Q800;
1000 break;
1001 }
1002 return ret;
6dca62a0
LV		 1003}
1004
1005static void mos6522_q800_via1_write(void *opaque, hwaddr addr, uint64_t val,
1006 unsigned size)
1007{
1008 MOS6522Q800VIA1State *v1s = MOS6522_Q800_VIA1(opaque);
1009 MOS6522State *ms = MOS6522(v1s);
20069049
MCA		 1010 int oldstate, state;
1011 int oldsr = ms->sr;
6dca62a0
LV		 1012
1013 addr = (addr >> 9) & 0xf;
366d2779
MCA		 1014
1015 via1_timer_calibration_hack(v1s, addr, val, size);
1016
6dca62a0
LV		 1017 mos6522_write(ms, addr, val, size);
1018
378a5034
MCA		 1019 switch (addr) {
1020 case VIA_REG_B:
741258b0 1021 via1_rtc_update(v1s);
5f083d42 1022 via1_adb_update(v1s);
291bc180 1023 via1_auxmode_update(v1s);
378a5034
MCA		 1024
1025 v1s->last_b = ms->b;
1026 break;
20069049
MCA		 1027
1028 case VIA_REG_SR:
1029 {
1030 /*
1031 * NetBSD assumes it can send its first ADB command after sending
1032 * the ADB_BUSRESET command in ADB_STATE_NEW without changing the
1033 * state back to ADB_STATE_IDLE first as detailed in the ADB
1034 * protocol.
1035 *
1036 * Add a workaround to detect this condition at the start of ADB
1037 * enumeration and send the next command written to SR after a
1038 * ADB_BUSRESET onto the bus regardless, even if we don't detect a
1039 * state transition to ADB_STATE_NEW.
1040 *
1041 * Note that in my tests the NetBSD state machine takes one ADB
1042 * operation to recover which means the probe for an ADB device at
1043 * address 1 always fails. However since the first device is at
1044 * address 2 then this will work fine, without having to come up
1045 * with a more complicated and invasive solution.
1046 */
1047 oldstate = (v1s->last_b & VIA1B_vADB_StateMask) >>
1048 VIA1B_vADB_StateShift;
1049 state = (ms->b & VIA1B_vADB_StateMask) >> VIA1B_vADB_StateShift;
1050
1051 if (oldstate == ADB_STATE_NEW && state == ADB_STATE_NEW &&
1052 (ms->acr & VIA1ACR_vShiftOut) &&
1053 oldsr == 0 /* ADB_BUSRESET */) {
1054 trace_via1_adb_netbsd_enum_hack();
1055 adb_via_send(v1s, state, ms->sr);
1056 }
1057 }
1058 break;
378a5034 1059 }
6dca62a0
LV		 1060}
1061
1062static const MemoryRegionOps mos6522_q800_via1_ops = {
1063 .read = mos6522_q800_via1_read,
1064 .write = mos6522_q800_via1_write,
1065 .endianness = DEVICE_BIG_ENDIAN,
1066 .valid = {
1067 .min_access_size = 1,
add4dbfb 1068 .max_access_size = 4,
6dca62a0
LV		 1069 },
1070};
1071
1072static uint64_t mos6522_q800_via2_read(void *opaque, hwaddr addr, unsigned size)
1073{
1074 MOS6522Q800VIA2State *s = MOS6522_Q800_VIA2(opaque);
1075 MOS6522State *ms = MOS6522(s);
677a4725 1076 uint64_t val;
6dca62a0
LV		 1077
1078 addr = (addr >> 9) & 0xf;
677a4725
MCA		 1079 val = mos6522_read(ms, addr, size);
1080
1081 switch (addr) {
1082 case VIA_REG_IFR:
1083 /*
1084 * On a Q800 an emulated VIA2 is integrated into the onboard logic. The
1085 * expectation of most OSs is that the DRQ bit is live, rather than
1086 * latched as it would be on a real VIA so do the same here.
b793b4ef
MCA		 1087 *
1088 * Note: DRQ is negative edge triggered
677a4725
MCA		 1089 */
1090 val &= ~VIA2_IRQ_SCSI_DATA;
b793b4ef 1091 val |= (~ms->last_irq_levels & VIA2_IRQ_SCSI_DATA);
677a4725
MCA		 1092 break;
1093 }
1094
1095 return val;
6dca62a0
LV		 1096}
1097
1098static void mos6522_q800_via2_write(void *opaque, hwaddr addr, uint64_t val,
1099 unsigned size)
1100{
1101 MOS6522Q800VIA2State *s = MOS6522_Q800_VIA2(opaque);
1102 MOS6522State *ms = MOS6522(s);
1103
1104 addr = (addr >> 9) & 0xf;
1105 mos6522_write(ms, addr, val, size);
1106}
1107
1108static const MemoryRegionOps mos6522_q800_via2_ops = {
1109 .read = mos6522_q800_via2_read,
1110 .write = mos6522_q800_via2_write,
1111 .endianness = DEVICE_BIG_ENDIAN,
1112 .valid = {
1113 .min_access_size = 1,
add4dbfb 1114 .max_access_size = 4,
6dca62a0
LV		 1115 },
1116};
1117
8064d7bb 1118static void via1_postload_update_cb(void *opaque, bool running, RunState state)
eb064db9 1119{
8064d7bb 1120 MOS6522Q800VIA1State *v1s = MOS6522_Q800_VIA1(opaque);
eb064db9 1121
8064d7bb
MCA		 1122 qemu_del_vm_change_state_handler(v1s->vmstate);
1123 v1s->vmstate = NULL;
eb064db9 1124
8064d7bb 1125 pram_update(v1s);
eb064db9
LV		 1126}
1127
8064d7bb 1128static int via1_post_load(void *opaque, int version_id)
eb064db9 1129{
8064d7bb 1130 MOS6522Q800VIA1State *v1s = MOS6522_Q800_VIA1(opaque);
eb064db9 1131
8064d7bb
MCA		 1132 if (v1s->blk) {
1133 v1s->vmstate = qemu_add_vm_change_state_handler(
1134 via1_postload_update_cb, v1s);
eb064db9
LV		 1135 }
1136
1137 return 0;
1138}
1139
6dca62a0 1140/* VIA 1 */
ed053e89 1141static void mos6522_q800_via1_reset_hold(Object *obj)
6dca62a0 1142{
ed053e89 1143 MOS6522Q800VIA1State *v1s = MOS6522_Q800_VIA1(obj);
14562b37 1144 MOS6522State *ms = MOS6522(v1s);
9db70dac 1145 MOS6522DeviceClass *mdc = MOS6522_GET_CLASS(ms);
14562b37 1146 ADBBusState *adb_bus = &v1s->adb_bus;
6dca62a0 1147
ed053e89
PM		 1148 if (mdc->parent_phases.hold) {
1149 mdc->parent_phases.hold(obj);
1150 }
6dca62a0
LV		 1151
1152 ms->timers[0].frequency = VIA_TIMER_FREQ;
1153 ms->timers[1].frequency = VIA_TIMER_FREQ;
1154
1155 ms->b = VIA1B_vADB_StateMask | VIA1B_vADBInt | VIA1B_vRTCEnb;
14562b37
MCA		 1156
1157 /* ADB/RTC */
1158 adb_set_autopoll_enabled(adb_bus, true);
1159 v1s->cmd = REG_EMPTY;
1160 v1s->alt = REG_EMPTY;
366d2779
MCA		 1161
1162 /* Timer calibration hack */
1163 v1s->timer_hack_state = 0;
6dca62a0
LV		 1164}
1165
846ae7c6
MCA		 1166static void mos6522_q800_via1_realize(DeviceState *dev, Error **errp)
1167{
1168 MOS6522Q800VIA1State *v1s = MOS6522_Q800_VIA1(dev);
1169 ADBBusState *adb_bus = &v1s->adb_bus;
1170 struct tm tm;
1171 int ret;
1172
1173 v1s->one_second_timer = timer_new_ms(QEMU_CLOCK_VIRTUAL, via1_one_second,
1174 v1s);
1175 via1_one_second_update(v1s);
1176 v1s->sixty_hz_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, via1_sixty_hz,
1177 v1s);
1178 via1_sixty_hz_update(v1s);
1179
1180 qemu_get_timedate(&tm, 0);
1181 v1s->tick_offset = (uint32_t)mktimegm(&tm) + RTC_OFFSET;
1182
1183 adb_register_autopoll_callback(adb_bus, adb_via_poll, v1s);
323f9849 1184 v1s->adb_data_ready = qdev_get_gpio_in(dev, VIA1_IRQ_ADB_READY_BIT);
846ae7c6
MCA		 1185
1186 if (v1s->blk) {
1187 int64_t len = blk_getlength(v1s->blk);
1188 if (len < 0) {
1189 error_setg_errno(errp, -len,
1190 "could not get length of backing image");
1191 return;
1192 }
1193 ret = blk_set_perm(v1s->blk,
1194 BLK_PERM_CONSISTENT_READ | BLK_PERM_WRITE,
1195 BLK_PERM_ALL, errp);
1196 if (ret < 0) {
1197 return;
1198 }
1199
a9262f55 1200 ret = blk_pread(v1s->blk, 0, sizeof(v1s->PRAM), v1s->PRAM, 0);
bf5b16fa 1201 if (ret < 0) {
846ae7c6
MCA		 1202 error_setg(errp, "can't read PRAM contents");
1203 return;
1204 }
1205 }
1206}
1207
6dca62a0
LV		 1208static void mos6522_q800_via1_init(Object *obj)
1209{
5f083d42 1210 MOS6522Q800VIA1State *v1s = MOS6522_Q800_VIA1(obj);
02a68a3e
MCA		 1211 SysBusDevice *sbd = SYS_BUS_DEVICE(v1s);
1212
1213 memory_region_init_io(&v1s->via_mem, obj, &mos6522_q800_via1_ops, v1s,
1214 "via1", VIA_SIZE);
1215 sysbus_init_mmio(sbd, &v1s->via_mem);
5f083d42
MCA		 1216
1217 /* ADB */
d637e1dc
PM		 1218 qbus_init((BusState *)&v1s->adb_bus, sizeof(v1s->adb_bus),
1219 TYPE_ADB_BUS, DEVICE(v1s), "adb.0");
5f083d42 1220
291bc180
MCA		 1221 /* A/UX mode */
1222 qdev_init_gpio_out(DEVICE(obj), &v1s->auxmode_irq, 1);
6dca62a0
LV		 1223}
1224
17de3d57
MCA		 1225static const VMStateDescription vmstate_q800_via1 = {
1226 .name = "q800-via1",
1227 .version_id = 0,
1228 .minimum_version_id = 0,
8064d7bb 1229 .post_load = via1_post_load,
17de3d57
MCA		 1230 .fields = (VMStateField[]) {
1231 VMSTATE_STRUCT(parent_obj, MOS6522Q800VIA1State, 0, vmstate_mos6522,
1232 MOS6522State),
ae6f236f 1233 VMSTATE_UINT8(last_b, MOS6522Q800VIA1State),
8064d7bb
MCA		 1234 /* RTC */
1235 VMSTATE_BUFFER(PRAM, MOS6522Q800VIA1State),
741258b0
MCA		 1236 VMSTATE_UINT32(tick_offset, MOS6522Q800VIA1State),
1237 VMSTATE_UINT8(data_out, MOS6522Q800VIA1State),
1238 VMSTATE_INT32(data_out_cnt, MOS6522Q800VIA1State),
1239 VMSTATE_UINT8(data_in, MOS6522Q800VIA1State),
1240 VMSTATE_UINT8(data_in_cnt, MOS6522Q800VIA1State),
1241 VMSTATE_UINT8(cmd, MOS6522Q800VIA1State),
1242 VMSTATE_INT32(wprotect, MOS6522Q800VIA1State),
1243 VMSTATE_INT32(alt, MOS6522Q800VIA1State),
5f083d42
MCA		 1244 /* ADB */
1245 VMSTATE_INT32(adb_data_in_size, MOS6522Q800VIA1State),
1246 VMSTATE_INT32(adb_data_in_index, MOS6522Q800VIA1State),
1247 VMSTATE_INT32(adb_data_out_index, MOS6522Q800VIA1State),
1248 VMSTATE_BUFFER(adb_data_in, MOS6522Q800VIA1State),
1249 VMSTATE_BUFFER(adb_data_out, MOS6522Q800VIA1State),
1250 VMSTATE_UINT8(adb_autopoll_cmd, MOS6522Q800VIA1State),
84e944b2
MCA		 1251 /* Timers */
1252 VMSTATE_TIMER_PTR(one_second_timer, MOS6522Q800VIA1State),
1253 VMSTATE_INT64(next_second, MOS6522Q800VIA1State),
1254 VMSTATE_TIMER_PTR(sixty_hz_timer, MOS6522Q800VIA1State),
1255 VMSTATE_INT64(next_sixty_hz, MOS6522Q800VIA1State),
366d2779
MCA		 1256 /* Timer hack */
1257 VMSTATE_INT32(timer_hack_state, MOS6522Q800VIA1State),
17de3d57
MCA		 1258 VMSTATE_END_OF_LIST()
1259 }
1260};
1261
8064d7bb
MCA		 1262static Property mos6522_q800_via1_properties[] = {
1263 DEFINE_PROP_DRIVE("drive", MOS6522Q800VIA1State, blk),
1264 DEFINE_PROP_END_OF_LIST(),
1265};
1266
6dca62a0
LV		 1267static void mos6522_q800_via1_class_init(ObjectClass *oc, void *data)
1268{
1269 DeviceClass *dc = DEVICE_CLASS(oc);
ed053e89 1270 ResettableClass *rc = RESETTABLE_CLASS(oc);
c697fc80 1271 MOS6522DeviceClass *mdc = MOS6522_CLASS(oc);
6dca62a0 1272
846ae7c6 1273 dc->realize = mos6522_q800_via1_realize;
ed053e89
PM		 1274 resettable_class_set_parent_phases(rc, NULL, mos6522_q800_via1_reset_hold,
1275 NULL, &mdc->parent_phases);
17de3d57 1276 dc->vmsd = &vmstate_q800_via1;
8064d7bb 1277 device_class_set_props(dc, mos6522_q800_via1_properties);
6dca62a0
LV		 1278}
1279
1280static const TypeInfo mos6522_q800_via1_type_info = {
1281 .name = TYPE_MOS6522_Q800_VIA1,
1282 .parent = TYPE_MOS6522,
1283 .instance_size = sizeof(MOS6522Q800VIA1State),
1284 .instance_init = mos6522_q800_via1_init,
1285 .class_init = mos6522_q800_via1_class_init,
1286};
1287
1288/* VIA 2 */
1289static void mos6522_q800_via2_portB_write(MOS6522State *s)
1290{
1291 if (s->dirb & VIA2B_vPower && (s->b & VIA2B_vPower) == 0) {
1292 /* shutdown */
1293 qemu_system_shutdown_request(SHUTDOWN_CAUSE_GUEST_SHUTDOWN);
1294 }
1295}
1296
ed053e89 1297static void mos6522_q800_via2_reset_hold(Object *obj)
6dca62a0 1298{
ed053e89 1299 MOS6522State *ms = MOS6522(obj);
9db70dac 1300 MOS6522DeviceClass *mdc = MOS6522_GET_CLASS(ms);
6dca62a0 1301
ed053e89
PM		 1302 if (mdc->parent_phases.hold) {
1303 mdc->parent_phases.hold(obj);
1304 }
6dca62a0
LV		 1305
1306 ms->timers[0].frequency = VIA_TIMER_FREQ;
1307 ms->timers[1].frequency = VIA_TIMER_FREQ;
1308
1309 ms->dirb = 0;
1310 ms->b = 0;
dde602ae
MCA		 1311 ms->dira = 0;
1312 ms->a = 0x7f;
1313}
1314
ebe5bca2 1315static void via2_nubus_irq_request(void *opaque, int n, int level)
dde602ae
MCA		 1316{
1317 MOS6522Q800VIA2State *v2s = opaque;
1318 MOS6522State *s = MOS6522(v2s);
ebe5bca2 1319 qemu_irq irq = qdev_get_gpio_in(DEVICE(s), VIA2_IRQ_NUBUS_BIT);
dde602ae
MCA		 1320
1321 if (level) {
1322 /* Port A nubus IRQ inputs are active LOW */
ebe5bca2 1323 s->a &= ~(1 << n);
dde602ae 1324 } else {
ebe5bca2 1325 s->a |= (1 << n);
dde602ae
MCA		 1326 }
1327
b793b4ef
MCA		 1328 /* Negative edge trigger */
1329 qemu_set_irq(irq, !level);
6dca62a0
LV		 1330}
1331
1332static void mos6522_q800_via2_init(Object *obj)
1333{
02a68a3e
MCA		 1334 MOS6522Q800VIA2State *v2s = MOS6522_Q800_VIA2(obj);
1335 SysBusDevice *sbd = SYS_BUS_DEVICE(v2s);
1336
1337 memory_region_init_io(&v2s->via_mem, obj, &mos6522_q800_via2_ops, v2s,
1338 "via2", VIA_SIZE);
1339 sysbus_init_mmio(sbd, &v2s->via_mem);
1340
dde602ae
MCA		 1341 qdev_init_gpio_in_named(DEVICE(obj), via2_nubus_irq_request, "nubus-irq",
1342 VIA2_NUBUS_IRQ_NB);
6dca62a0
LV		 1343}
1344
17de3d57
MCA		 1345static const VMStateDescription vmstate_q800_via2 = {
1346 .name = "q800-via2",
1347 .version_id = 0,
1348 .minimum_version_id = 0,
1349 .fields = (VMStateField[]) {
1350 VMSTATE_STRUCT(parent_obj, MOS6522Q800VIA2State, 0, vmstate_mos6522,
1351 MOS6522State),
1352 VMSTATE_END_OF_LIST()
1353 }
1354};
1355
6dca62a0
LV		 1356static void mos6522_q800_via2_class_init(ObjectClass *oc, void *data)
1357{
1358 DeviceClass *dc = DEVICE_CLASS(oc);
ed053e89 1359 ResettableClass *rc = RESETTABLE_CLASS(oc);
9db70dac 1360 MOS6522DeviceClass *mdc = MOS6522_CLASS(oc);
6dca62a0 1361
ed053e89
PM		 1362 resettable_class_set_parent_phases(rc, NULL, mos6522_q800_via2_reset_hold,
1363 NULL, &mdc->parent_phases);
17de3d57 1364 dc->vmsd = &vmstate_q800_via2;
6dca62a0
LV		 1365 mdc->portB_write = mos6522_q800_via2_portB_write;
1366}
1367
1368static const TypeInfo mos6522_q800_via2_type_info = {
1369 .name = TYPE_MOS6522_Q800_VIA2,
1370 .parent = TYPE_MOS6522,
1371 .instance_size = sizeof(MOS6522Q800VIA2State),
1372 .instance_init = mos6522_q800_via2_init,
1373 .class_init = mos6522_q800_via2_class_init,
1374};
1375
1376static void mac_via_register_types(void)
1377{
1378 type_register_static(&mos6522_q800_via1_type_info);
1379 type_register_static(&mos6522_q800_via2_type_info);
6dca62a0
LV		 1380}
1381
1382type_init(mac_via_register_types);
QEMU mirror