1 /* 2 * QEMU m68k Macintosh VIA device support 3 * 4 * Copyright (c) 2011-2018 Laurent Vivier 5 * Copyright (c) 2018 Mark Cave-Ayland 6 * 7 * Some parts from hw/misc/macio/cuda.c 8 * 9 * Copyright (c) 2004-2007 Fabrice Bellard 10 * Copyright (c) 2007 Jocelyn Mayer 11 * 12 * some parts from linux-2.6.29, arch/m68k/include/asm/mac_via.h 13 * 14 * This work is licensed under the terms of the GNU GPL, version 2 or later. 15 * See the COPYING file in the top-level directory. 16 */ 17 18 #include "qemu/osdep.h" 19 #include "qemu-common.h" 20 #include "migration/vmstate.h" 21 #include "hw/sysbus.h" 22 #include "hw/irq.h" 23 #include "qemu/timer.h" 24 #include "hw/misc/mac_via.h" 25 #include "hw/misc/mos6522.h" 26 #include "hw/input/adb.h" 27 #include "sysemu/runstate.h" 28 #include "qapi/error.h" 29 #include "qemu/cutils.h" 30 #include "hw/qdev-properties.h" 31 #include "sysemu/block-backend.h" 32 #include "trace.h" 33 34 /* 35 * VIAs: There are two in every machine, 36 */ 37 38 #define VIA_SIZE (0x2000) 39 40 /* 41 * Not all of these are true post MacII I think. 42 * CSA: probably the ones CHRP marks as 'unused' change purposes 43 * when the IWM becomes the SWIM. 44 * http://www.rs6000.ibm.com/resource/technology/chrpio/via5.mak.html 45 * ftp://ftp.austin.ibm.com/pub/technology/spec/chrp/inwork/CHRP_IORef_1.0.pdf 46 * 47 * also, http://developer.apple.com/technotes/hw/hw_09.html claims the 48 * following changes for IIfx: 49 * VIA1A_vSccWrReq not available and that VIA1A_vSync has moved to an IOP. 50 * Also, "All of the functionality of VIA2 has been moved to other chips". 51 */ 52 53 #define VIA1A_vSccWrReq 0x80 /* 54 * SCC write. (input) 55 * [CHRP] SCC WREQ: Reflects the state of the 56 * Wait/Request pins from the SCC. 57 * [Macintosh Family Hardware] 58 * as CHRP on SE/30,II,IIx,IIcx,IIci. 59 * on IIfx, "0 means an active request" 60 */ 61 #define VIA1A_vRev8 0x40 /* 62 * Revision 8 board ??? 63 * [CHRP] En WaitReqB: Lets the WaitReq_L 64 * signal from port B of the SCC appear on 65 * the PA7 input pin. Output. 66 * [Macintosh Family] On the SE/30, this 67 * is the bit to flip screen buffers. 68 * 0=alternate, 1=main. 69 * on II,IIx,IIcx,IIci,IIfx this is a bit 70 * for Rev ID. 0=II,IIx, 1=IIcx,IIci,IIfx 71 */ 72 #define VIA1A_vHeadSel 0x20 /* 73 * Head select for IWM. 74 * [CHRP] unused. 75 * [Macintosh Family] "Floppy disk 76 * state-control line SEL" on all but IIfx 77 */ 78 #define VIA1A_vOverlay 0x10 /* 79 * [Macintosh Family] On SE/30,II,IIx,IIcx 80 * this bit enables the "Overlay" address 81 * map in the address decoders as it is on 82 * reset for mapping the ROM over the reset 83 * vector. 1=use overlay map. 84 * On the IIci,IIfx it is another bit of the 85 * CPU ID: 0=normal IIci, 1=IIci with parity 86 * feature or IIfx. 87 * [CHRP] En WaitReqA: Lets the WaitReq_L 88 * signal from port A of the SCC appear 89 * on the PA7 input pin (CHRP). Output. 90 * [MkLinux] "Drive Select" 91 * (with 0x20 being 'disk head select') 92 */ 93 #define VIA1A_vSync 0x08 /* 94 * [CHRP] Sync Modem: modem clock select: 95 * 1: select the external serial clock to 96 * drive the SCC's /RTxCA pin. 97 * 0: Select the 3.6864MHz clock to drive 98 * the SCC cell. 99 * [Macintosh Family] Correct on all but IIfx 100 */ 101 102 /* 103 * Macintosh Family Hardware sez: bits 0-2 of VIA1A are volume control 104 * on Macs which had the PWM sound hardware. Reserved on newer models. 105 * On IIci,IIfx, bits 1-2 are the rest of the CPU ID: 106 * bit 2: 1=IIci, 0=IIfx 107 * bit 1: 1 on both IIci and IIfx. 108 * MkLinux sez bit 0 is 'burnin flag' in this case. 109 * CHRP sez: VIA1A bits 0-2 and 5 are 'unused': if programmed as 110 * inputs, these bits will read 0. 111 */ 112 #define VIA1A_vVolume 0x07 /* Audio volume mask for PWM */ 113 #define VIA1A_CPUID0 0x02 /* CPU id bit 0 on RBV, others */ 114 #define VIA1A_CPUID1 0x04 /* CPU id bit 0 on RBV, others */ 115 #define VIA1A_CPUID2 0x10 /* CPU id bit 0 on RBV, others */ 116 #define VIA1A_CPUID3 0x40 /* CPU id bit 0 on RBV, others */ 117 118 /* 119 * Info on VIA1B is from Macintosh Family Hardware & MkLinux. 120 * CHRP offers no info. 121 */ 122 #define VIA1B_vSound 0x80 /* 123 * Sound enable (for compatibility with 124 * PWM hardware) 0=enabled. 125 * Also, on IIci w/parity, shows parity error 126 * 0=error, 1=OK. 127 */ 128 #define VIA1B_vMystery 0x40 /* 129 * On IIci, parity enable. 0=enabled,1=disabled 130 * On SE/30, vertical sync interrupt enable. 131 * 0=enabled. This vSync interrupt shows up 132 * as a slot $E interrupt. 133 */ 134 #define VIA1B_vADBS2 0x20 /* ADB state input bit 1 (unused on IIfx) */ 135 #define VIA1B_vADBS1 0x10 /* ADB state input bit 0 (unused on IIfx) */ 136 #define VIA1B_vADBInt 0x08 /* ADB interrupt 0=interrupt (unused on IIfx)*/ 137 #define VIA1B_vRTCEnb 0x04 /* Enable Real time clock. 0=enabled. */ 138 #define VIA1B_vRTCClk 0x02 /* Real time clock serial-clock line. */ 139 #define VIA1B_vRTCData 0x01 /* Real time clock serial-data line. */ 140 141 /* 142 * VIA2 A register is the interrupt lines raised off the nubus 143 * slots. 144 * The below info is from 'Macintosh Family Hardware.' 145 * MkLinux calls the 'IIci internal video IRQ' below the 'RBV slot 0 irq.' 146 * It also notes that the slot $9 IRQ is the 'Ethernet IRQ' and 147 * defines the 'Video IRQ' as 0x40 for the 'EVR' VIA work-alike. 148 * Perhaps OSS uses vRAM1 and vRAM2 for ADB. 149 */ 150 151 #define VIA2A_vRAM1 0x80 /* RAM size bit 1 (IIci: reserved) */ 152 #define VIA2A_vRAM0 0x40 /* RAM size bit 0 (IIci: internal video IRQ) */ 153 #define VIA2A_vIRQE 0x20 /* IRQ from slot $E */ 154 #define VIA2A_vIRQD 0x10 /* IRQ from slot $D */ 155 #define VIA2A_vIRQC 0x08 /* IRQ from slot $C */ 156 #define VIA2A_vIRQB 0x04 /* IRQ from slot $B */ 157 #define VIA2A_vIRQA 0x02 /* IRQ from slot $A */ 158 #define VIA2A_vIRQ9 0x01 /* IRQ from slot $9 */ 159 160 /* 161 * RAM size bits decoded as follows: 162 * bit1 bit0 size of ICs in bank A 163 * 0 0 256 kbit 164 * 0 1 1 Mbit 165 * 1 0 4 Mbit 166 * 1 1 16 Mbit 167 */ 168 169 /* 170 * Register B has the fun stuff in it 171 */ 172 173 #define VIA2B_vVBL 0x80 /* 174 * VBL output to VIA1 (60.15Hz) driven by 175 * timer T1. 176 * on IIci, parity test: 0=test mode. 177 * [MkLinux] RBV_PARODD: 1=odd,0=even. 178 */ 179 #define VIA2B_vSndJck 0x40 /* 180 * External sound jack status. 181 * 0=plug is inserted. On SE/30, always 0 182 */ 183 #define VIA2B_vTfr0 0x20 /* Transfer mode bit 0 ack from NuBus */ 184 #define VIA2B_vTfr1 0x10 /* Transfer mode bit 1 ack from NuBus */ 185 #define VIA2B_vMode32 0x08 /* 186 * 24/32bit switch - doubles as cache flush 187 * on II, AMU/PMMU control. 188 * if AMU, 0=24bit to 32bit translation 189 * if PMMU, 1=PMMU is accessing page table. 190 * on SE/30 tied low. 191 * on IIx,IIcx,IIfx, unused. 192 * on IIci/RBV, cache control. 0=flush cache. 193 */ 194 #define VIA2B_vPower 0x04 /* 195 * Power off, 0=shut off power. 196 * on SE/30 this signal sent to PDS card. 197 */ 198 #define VIA2B_vBusLk 0x02 /* 199 * Lock NuBus transactions, 0=locked. 200 * on SE/30 sent to PDS card. 201 */ 202 #define VIA2B_vCDis 0x01 /* 203 * Cache control. On IIci, 1=disable cache card 204 * on others, 0=disable processor's instruction 205 * and data caches. 206 */ 207 208 /* interrupt flags */ 209 210 #define IRQ_SET 0x80 211 212 /* common */ 213 214 #define VIA_IRQ_TIMER1 0x40 215 #define VIA_IRQ_TIMER2 0x20 216 217 /* 218 * Apple sez: http://developer.apple.com/technotes/ov/ov_04.html 219 * Another example of a valid function that has no ROM support is the use 220 * of the alternate video page for page-flipping animation. Since there 221 * is no ROM call to flip pages, it is necessary to go play with the 222 * right bit in the VIA chip (6522 Versatile Interface Adapter). 223 * [CSA: don't know which one this is, but it's one of 'em!] 224 */ 225 226 /* 227 * 6522 registers - see databook. 228 * CSA: Assignments for VIA1 confirmed from CHRP spec. 229 */ 230 231 /* partial address decode. 0xYYXX : XX part for RBV, YY part for VIA */ 232 /* Note: 15 VIA regs, 8 RBV regs */ 233 234 #define vBufB 0x0000 /* [VIA/RBV] Register B */ 235 #define vBufAH 0x0200 /* [VIA only] Buffer A, with handshake. DON'T USE! */ 236 #define vDirB 0x0400 /* [VIA only] Data Direction Register B. */ 237 #define vDirA 0x0600 /* [VIA only] Data Direction Register A. */ 238 #define vT1CL 0x0800 /* [VIA only] Timer one counter low. */ 239 #define vT1CH 0x0a00 /* [VIA only] Timer one counter high. */ 240 #define vT1LL 0x0c00 /* [VIA only] Timer one latches low. */ 241 #define vT1LH 0x0e00 /* [VIA only] Timer one latches high. */ 242 #define vT2CL 0x1000 /* [VIA only] Timer two counter low. */ 243 #define vT2CH 0x1200 /* [VIA only] Timer two counter high. */ 244 #define vSR 0x1400 /* [VIA only] Shift register. */ 245 #define vACR 0x1600 /* [VIA only] Auxilary control register. */ 246 #define vPCR 0x1800 /* [VIA only] Peripheral control register. */ 247 /* 248 * CHRP sez never ever to *write* this. 249 * Mac family says never to *change* this. 250 * In fact we need to initialize it once at start. 251 */ 252 #define vIFR 0x1a00 /* [VIA/RBV] Interrupt flag register. */ 253 #define vIER 0x1c00 /* [VIA/RBV] Interrupt enable register. */ 254 #define vBufA 0x1e00 /* [VIA/RBV] register A (no handshake) */ 255 256 /* from linux 2.6 drivers/macintosh/via-macii.c */ 257 258 /* Bits in ACR */ 259 260 #define VIA1ACR_vShiftCtrl 0x1c /* Shift register control bits */ 261 #define VIA1ACR_vShiftExtClk 0x0c /* Shift on external clock */ 262 #define VIA1ACR_vShiftOut 0x10 /* Shift out if 1 */ 263 264 /* 265 * Apple Macintosh Family Hardware Refenece 266 * Table 19-10 ADB transaction states 267 */ 268 269 #define ADB_STATE_NEW 0 270 #define ADB_STATE_EVEN 1 271 #define ADB_STATE_ODD 2 272 #define ADB_STATE_IDLE 3 273 274 #define VIA1B_vADB_StateMask (VIA1B_vADBS1 | VIA1B_vADBS2) 275 #define VIA1B_vADB_StateShift 4 276 277 #define VIA_TIMER_FREQ (783360) 278 #define VIA_ADB_POLL_FREQ 50 /* XXX: not real */ 279 280 /* VIA returns time offset from Jan 1, 1904, not 1970 */ 281 #define RTC_OFFSET 2082844800 282 283 enum { 284 REG_0, 285 REG_1, 286 REG_2, 287 REG_3, 288 REG_TEST, 289 REG_WPROTECT, 290 REG_PRAM_ADDR, 291 REG_PRAM_ADDR_LAST = REG_PRAM_ADDR + 19, 292 REG_PRAM_SECT, 293 REG_PRAM_SECT_LAST = REG_PRAM_SECT + 7, 294 REG_INVALID, 295 REG_EMPTY = 0xff, 296 }; 297 298 static void via1_VBL_update(MOS6522Q800VIA1State *v1s) 299 { 300 MOS6522State *s = MOS6522(v1s); 301 302 /* 60 Hz irq */ 303 v1s->next_VBL = (qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) + 16630) / 304 16630 * 16630; 305 306 if (s->ier & VIA1_IRQ_VBLANK) { 307 timer_mod(v1s->VBL_timer, v1s->next_VBL); 308 } else { 309 timer_del(v1s->VBL_timer); 310 } 311 } 312 313 static void via1_one_second_update(MOS6522Q800VIA1State *v1s) 314 { 315 MOS6522State *s = MOS6522(v1s); 316 317 v1s->next_second = (qemu_clock_get_ms(QEMU_CLOCK_VIRTUAL) + 1000) / 318 1000 * 1000; 319 if (s->ier & VIA1_IRQ_ONE_SECOND) { 320 timer_mod(v1s->one_second_timer, v1s->next_second); 321 } else { 322 timer_del(v1s->one_second_timer); 323 } 324 } 325 326 static void via1_VBL(void *opaque) 327 { 328 MOS6522Q800VIA1State *v1s = opaque; 329 MOS6522State *s = MOS6522(v1s); 330 MOS6522DeviceClass *mdc = MOS6522_DEVICE_GET_CLASS(s); 331 332 s->ifr |= VIA1_IRQ_VBLANK; 333 mdc->update_irq(s); 334 335 via1_VBL_update(v1s); 336 } 337 338 static void via1_one_second(void *opaque) 339 { 340 MOS6522Q800VIA1State *v1s = opaque; 341 MOS6522State *s = MOS6522(v1s); 342 MOS6522DeviceClass *mdc = MOS6522_DEVICE_GET_CLASS(s); 343 344 s->ifr |= VIA1_IRQ_ONE_SECOND; 345 mdc->update_irq(s); 346 347 via1_one_second_update(v1s); 348 } 349 350 static void via1_irq_request(void *opaque, int irq, int level) 351 { 352 MOS6522Q800VIA1State *v1s = opaque; 353 MOS6522State *s = MOS6522(v1s); 354 MOS6522DeviceClass *mdc = MOS6522_DEVICE_GET_CLASS(s); 355 356 if (level) { 357 s->ifr |= 1 << irq; 358 } else { 359 s->ifr &= ~(1 << irq); 360 } 361 362 mdc->update_irq(s); 363 } 364 365 static void via2_irq_request(void *opaque, int irq, int level) 366 { 367 MOS6522Q800VIA2State *v2s = opaque; 368 MOS6522State *s = MOS6522(v2s); 369 MOS6522DeviceClass *mdc = MOS6522_DEVICE_GET_CLASS(s); 370 371 if (level) { 372 s->ifr |= 1 << irq; 373 } else { 374 s->ifr &= ~(1 << irq); 375 } 376 377 mdc->update_irq(s); 378 } 379 380 381 static void pram_update(MacVIAState *m) 382 { 383 if (m->blk) { 384 blk_pwrite(m->blk, 0, m->mos6522_via1.PRAM, 385 sizeof(m->mos6522_via1.PRAM), 0); 386 } 387 } 388 389 /* 390 * RTC Commands 391 * 392 * Command byte Register addressed by the command 393 * 394 * z0000001 Seconds register 0 (lowest-order byte) 395 * z0000101 Seconds register 1 396 * z0001001 Seconds register 2 397 * z0001101 Seconds register 3 (highest-order byte) 398 * 00110001 Test register (write-only) 399 * 00110101 Write-Protect Register (write-only) 400 * z010aa01 RAM address 100aa ($10-$13) (first 20 bytes only) 401 * z1aaaa01 RAM address 0aaaa ($00-$0F) (first 20 bytes only) 402 * z0111aaa Extended memory designator and sector number 403 * 404 * For a read request, z=1, for a write z=0 405 * The letter a indicates bits whose value depend on what parameter 406 * RAM byte you want to address 407 */ 408 static int via1_rtc_compact_cmd(uint8_t value) 409 { 410 uint8_t read = value & 0x80; 411 412 value &= 0x7f; 413 414 /* the last 2 bits of a command byte must always be 0b01 ... */ 415 if ((value & 0x78) == 0x38) { 416 /* except for the extended memory designator */ 417 return read | (REG_PRAM_SECT + (value & 0x07)); 418 } 419 if ((value & 0x03) == 0x01) { 420 value >>= 2; 421 if ((value & 0x1c) == 0) { 422 /* seconds registers */ 423 return read | (REG_0 + (value & 0x03)); 424 } else if ((value == 0x0c) && !read) { 425 return REG_TEST; 426 } else if ((value == 0x0d) && !read) { 427 return REG_WPROTECT; 428 } else if ((value & 0x1c) == 0x08) { 429 /* RAM address 0x10 to 0x13 */ 430 return read | (REG_PRAM_ADDR + 0x10 + (value & 0x03)); 431 } else if ((value & 0x43) == 0x41) { 432 /* RAM address 0x00 to 0x0f */ 433 return read | (REG_PRAM_ADDR + (value & 0x0f)); 434 } 435 } 436 return REG_INVALID; 437 } 438 439 static void via1_rtc_update(MacVIAState *m) 440 { 441 MOS6522Q800VIA1State *v1s = &m->mos6522_via1; 442 MOS6522State *s = MOS6522(v1s); 443 int cmd, sector, addr; 444 uint32_t time; 445 446 if (s->b & VIA1B_vRTCEnb) { 447 return; 448 } 449 450 if (s->dirb & VIA1B_vRTCData) { 451 /* send bits to the RTC */ 452 if (!(v1s->last_b & VIA1B_vRTCClk) && (s->b & VIA1B_vRTCClk)) { 453 m->data_out <<= 1; 454 m->data_out |= s->b & VIA1B_vRTCData; 455 m->data_out_cnt++; 456 } 457 trace_via1_rtc_update_data_out(m->data_out_cnt, m->data_out); 458 } else { 459 trace_via1_rtc_update_data_in(m->data_in_cnt, m->data_in); 460 /* receive bits from the RTC */ 461 if ((v1s->last_b & VIA1B_vRTCClk) && 462 !(s->b & VIA1B_vRTCClk) && 463 m->data_in_cnt) { 464 s->b = (s->b & ~VIA1B_vRTCData) | 465 ((m->data_in >> 7) & VIA1B_vRTCData); 466 m->data_in <<= 1; 467 m->data_in_cnt--; 468 } 469 return; 470 } 471 472 if (m->data_out_cnt != 8) { 473 return; 474 } 475 476 m->data_out_cnt = 0; 477 478 trace_via1_rtc_internal_status(m->cmd, m->alt, m->data_out); 479 /* first byte: it's a command */ 480 if (m->cmd == REG_EMPTY) { 481 482 cmd = via1_rtc_compact_cmd(m->data_out); 483 trace_via1_rtc_internal_cmd(cmd); 484 485 if (cmd == REG_INVALID) { 486 trace_via1_rtc_cmd_invalid(m->data_out); 487 return; 488 } 489 490 if (cmd & 0x80) { /* this is a read command */ 491 switch (cmd & 0x7f) { 492 case REG_0...REG_3: /* seconds registers */ 493 /* 494 * register 0 is lowest-order byte 495 * register 3 is highest-order byte 496 */ 497 498 time = m->tick_offset + (qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) 499 / NANOSECONDS_PER_SECOND); 500 trace_via1_rtc_internal_time(time); 501 m->data_in = (time >> ((cmd & 0x03) << 3)) & 0xff; 502 m->data_in_cnt = 8; 503 trace_via1_rtc_cmd_seconds_read((cmd & 0x7f) - REG_0, 504 m->data_in); 505 break; 506 case REG_PRAM_ADDR...REG_PRAM_ADDR_LAST: 507 /* PRAM address 0x00 -> 0x13 */ 508 m->data_in = v1s->PRAM[(cmd & 0x7f) - REG_PRAM_ADDR]; 509 m->data_in_cnt = 8; 510 trace_via1_rtc_cmd_pram_read((cmd & 0x7f) - REG_PRAM_ADDR, 511 m->data_in); 512 break; 513 case REG_PRAM_SECT...REG_PRAM_SECT_LAST: 514 /* 515 * extended memory designator and sector number 516 * the only two-byte read command 517 */ 518 trace_via1_rtc_internal_set_cmd(cmd); 519 m->cmd = cmd; 520 break; 521 default: 522 g_assert_not_reached(); 523 break; 524 } 525 return; 526 } 527 528 /* this is a write command, needs a parameter */ 529 if (cmd == REG_WPROTECT || !m->wprotect) { 530 trace_via1_rtc_internal_set_cmd(cmd); 531 m->cmd = cmd; 532 } else { 533 trace_via1_rtc_internal_ignore_cmd(cmd); 534 } 535 return; 536 } 537 538 /* second byte: it's a parameter */ 539 if (m->alt == REG_EMPTY) { 540 switch (m->cmd & 0x7f) { 541 case REG_0...REG_3: /* seconds register */ 542 /* FIXME */ 543 trace_via1_rtc_cmd_seconds_write(m->cmd - REG_0, m->data_out); 544 m->cmd = REG_EMPTY; 545 break; 546 case REG_TEST: 547 /* device control: nothing to do */ 548 trace_via1_rtc_cmd_test_write(m->data_out); 549 m->cmd = REG_EMPTY; 550 break; 551 case REG_WPROTECT: 552 /* Write Protect register */ 553 trace_via1_rtc_cmd_wprotect_write(m->data_out); 554 m->wprotect = !!(m->data_out & 0x80); 555 m->cmd = REG_EMPTY; 556 break; 557 case REG_PRAM_ADDR...REG_PRAM_ADDR_LAST: 558 /* PRAM address 0x00 -> 0x13 */ 559 trace_via1_rtc_cmd_pram_write(m->cmd - REG_PRAM_ADDR, m->data_out); 560 v1s->PRAM[m->cmd - REG_PRAM_ADDR] = m->data_out; 561 pram_update(m); 562 m->cmd = REG_EMPTY; 563 break; 564 case REG_PRAM_SECT...REG_PRAM_SECT_LAST: 565 addr = (m->data_out >> 2) & 0x1f; 566 sector = (m->cmd & 0x7f) - REG_PRAM_SECT; 567 if (m->cmd & 0x80) { 568 /* it's a read */ 569 m->data_in = v1s->PRAM[sector * 32 + addr]; 570 m->data_in_cnt = 8; 571 trace_via1_rtc_cmd_pram_sect_read(sector, addr, 572 sector * 32 + addr, 573 m->data_in); 574 m->cmd = REG_EMPTY; 575 } else { 576 /* it's a write, we need one more parameter */ 577 trace_via1_rtc_internal_set_alt(addr, sector, addr); 578 m->alt = addr; 579 } 580 break; 581 default: 582 g_assert_not_reached(); 583 break; 584 } 585 return; 586 } 587 588 /* third byte: it's the data of a REG_PRAM_SECT write */ 589 g_assert(REG_PRAM_SECT <= m->cmd && m->cmd <= REG_PRAM_SECT_LAST); 590 sector = m->cmd - REG_PRAM_SECT; 591 v1s->PRAM[sector * 32 + m->alt] = m->data_out; 592 pram_update(m); 593 trace_via1_rtc_cmd_pram_sect_write(sector, m->alt, sector * 32 + m->alt, 594 m->data_out); 595 m->alt = REG_EMPTY; 596 m->cmd = REG_EMPTY; 597 } 598 599 static int adb_via_poll(MacVIAState *s, int state, uint8_t *data) 600 { 601 if (state != ADB_STATE_IDLE) { 602 return 0; 603 } 604 605 if (s->adb_data_in_size < s->adb_data_in_index) { 606 return 0; 607 } 608 609 if (s->adb_data_out_index != 0) { 610 return 0; 611 } 612 613 s->adb_data_in_index = 0; 614 s->adb_data_out_index = 0; 615 s->adb_data_in_size = adb_poll(&s->adb_bus, s->adb_data_in, 0xffff); 616 617 if (s->adb_data_in_size) { 618 *data = s->adb_data_in[s->adb_data_in_index++]; 619 qemu_irq_raise(s->adb_data_ready); 620 } 621 622 return s->adb_data_in_size; 623 } 624 625 static int adb_via_send(MacVIAState *s, int state, uint8_t data) 626 { 627 switch (state) { 628 case ADB_STATE_NEW: 629 s->adb_data_out_index = 0; 630 break; 631 case ADB_STATE_EVEN: 632 if ((s->adb_data_out_index & 1) == 0) { 633 return 0; 634 } 635 break; 636 case ADB_STATE_ODD: 637 if (s->adb_data_out_index & 1) { 638 return 0; 639 } 640 break; 641 case ADB_STATE_IDLE: 642 return 0; 643 } 644 645 assert(s->adb_data_out_index < sizeof(s->adb_data_out) - 1); 646 647 s->adb_data_out[s->adb_data_out_index++] = data; 648 qemu_irq_raise(s->adb_data_ready); 649 return 1; 650 } 651 652 static int adb_via_receive(MacVIAState *s, int state, uint8_t *data) 653 { 654 switch (state) { 655 case ADB_STATE_NEW: 656 return 0; 657 658 case ADB_STATE_EVEN: 659 if (s->adb_data_in_size <= 0) { 660 qemu_irq_raise(s->adb_data_ready); 661 return 0; 662 } 663 664 if (s->adb_data_in_index >= s->adb_data_in_size) { 665 *data = 0; 666 qemu_irq_raise(s->adb_data_ready); 667 return 1; 668 } 669 670 if ((s->adb_data_in_index & 1) == 0) { 671 return 0; 672 } 673 674 break; 675 676 case ADB_STATE_ODD: 677 if (s->adb_data_in_size <= 0) { 678 qemu_irq_raise(s->adb_data_ready); 679 return 0; 680 } 681 682 if (s->adb_data_in_index >= s->adb_data_in_size) { 683 *data = 0; 684 qemu_irq_raise(s->adb_data_ready); 685 return 1; 686 } 687 688 if (s->adb_data_in_index & 1) { 689 return 0; 690 } 691 692 break; 693 694 case ADB_STATE_IDLE: 695 if (s->adb_data_out_index == 0) { 696 return 0; 697 } 698 699 s->adb_data_in_size = adb_request(&s->adb_bus, s->adb_data_in, 700 s->adb_data_out, 701 s->adb_data_out_index); 702 s->adb_data_out_index = 0; 703 s->adb_data_in_index = 0; 704 if (s->adb_data_in_size < 0) { 705 *data = 0xff; 706 qemu_irq_raise(s->adb_data_ready); 707 return -1; 708 } 709 710 if (s->adb_data_in_size == 0) { 711 return 0; 712 } 713 714 break; 715 } 716 717 assert(s->adb_data_in_index < sizeof(s->adb_data_in) - 1); 718 719 *data = s->adb_data_in[s->adb_data_in_index++]; 720 qemu_irq_raise(s->adb_data_ready); 721 if (*data == 0xff || *data == 0) { 722 return 0; 723 } 724 return 1; 725 } 726 727 static void via1_adb_update(MacVIAState *m) 728 { 729 MOS6522Q800VIA1State *v1s = MOS6522_Q800_VIA1(&m->mos6522_via1); 730 MOS6522State *s = MOS6522(v1s); 731 int state; 732 int ret; 733 734 state = (s->b & VIA1B_vADB_StateMask) >> VIA1B_vADB_StateShift; 735 736 if (s->acr & VIA1ACR_vShiftOut) { 737 /* output mode */ 738 ret = adb_via_send(m, state, s->sr); 739 if (ret > 0) { 740 s->b &= ~VIA1B_vADBInt; 741 } else { 742 s->b |= VIA1B_vADBInt; 743 } 744 } else { 745 /* input mode */ 746 ret = adb_via_receive(m, state, &s->sr); 747 if (ret > 0 && s->sr != 0xff) { 748 s->b &= ~VIA1B_vADBInt; 749 } else { 750 s->b |= VIA1B_vADBInt; 751 } 752 } 753 } 754 755 static void via_adb_poll(void *opaque) 756 { 757 MacVIAState *m = opaque; 758 MOS6522Q800VIA1State *v1s = MOS6522_Q800_VIA1(&m->mos6522_via1); 759 MOS6522State *s = MOS6522(v1s); 760 int state; 761 762 if (s->b & VIA1B_vADBInt) { 763 state = (s->b & VIA1B_vADB_StateMask) >> VIA1B_vADB_StateShift; 764 if (adb_via_poll(m, state, &s->sr)) { 765 s->b &= ~VIA1B_vADBInt; 766 } 767 } 768 769 timer_mod(m->adb_poll_timer, 770 qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) + 771 (NANOSECONDS_PER_SECOND / VIA_ADB_POLL_FREQ)); 772 } 773 774 static uint64_t mos6522_q800_via1_read(void *opaque, hwaddr addr, unsigned size) 775 { 776 MOS6522Q800VIA1State *s = MOS6522_Q800_VIA1(opaque); 777 MOS6522State *ms = MOS6522(s); 778 int64_t now = qemu_clock_get_ms(QEMU_CLOCK_VIRTUAL); 779 780 /* 781 * If IRQs are disabled, timers are disabled, but we need to update 782 * VIA1_IRQ_VBLANK and VIA1_IRQ_ONE_SECOND bits in the IFR 783 */ 784 785 if (now >= s->next_VBL) { 786 ms->ifr |= VIA1_IRQ_VBLANK; 787 via1_VBL_update(s); 788 } 789 if (now >= s->next_second) { 790 ms->ifr |= VIA1_IRQ_ONE_SECOND; 791 via1_one_second_update(s); 792 } 793 794 addr = (addr >> 9) & 0xf; 795 return mos6522_read(ms, addr, size); 796 } 797 798 static void mos6522_q800_via1_write(void *opaque, hwaddr addr, uint64_t val, 799 unsigned size) 800 { 801 MOS6522Q800VIA1State *v1s = MOS6522_Q800_VIA1(opaque); 802 MOS6522State *ms = MOS6522(v1s); 803 804 addr = (addr >> 9) & 0xf; 805 mos6522_write(ms, addr, val, size); 806 807 via1_one_second_update(v1s); 808 via1_VBL_update(v1s); 809 } 810 811 static const MemoryRegionOps mos6522_q800_via1_ops = { 812 .read = mos6522_q800_via1_read, 813 .write = mos6522_q800_via1_write, 814 .endianness = DEVICE_BIG_ENDIAN, 815 .valid = { 816 .min_access_size = 1, 817 .max_access_size = 1, 818 }, 819 }; 820 821 static uint64_t mos6522_q800_via2_read(void *opaque, hwaddr addr, unsigned size) 822 { 823 MOS6522Q800VIA2State *s = MOS6522_Q800_VIA2(opaque); 824 MOS6522State *ms = MOS6522(s); 825 826 addr = (addr >> 9) & 0xf; 827 return mos6522_read(ms, addr, size); 828 } 829 830 static void mos6522_q800_via2_write(void *opaque, hwaddr addr, uint64_t val, 831 unsigned size) 832 { 833 MOS6522Q800VIA2State *s = MOS6522_Q800_VIA2(opaque); 834 MOS6522State *ms = MOS6522(s); 835 836 addr = (addr >> 9) & 0xf; 837 mos6522_write(ms, addr, val, size); 838 } 839 840 static const MemoryRegionOps mos6522_q800_via2_ops = { 841 .read = mos6522_q800_via2_read, 842 .write = mos6522_q800_via2_write, 843 .endianness = DEVICE_BIG_ENDIAN, 844 .valid = { 845 .min_access_size = 1, 846 .max_access_size = 1, 847 }, 848 }; 849 850 static void mac_via_reset(DeviceState *dev) 851 { 852 MacVIAState *m = MAC_VIA(dev); 853 MOS6522Q800VIA1State *v1s = &m->mos6522_via1; 854 855 timer_mod(m->adb_poll_timer, 856 qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) + 857 (NANOSECONDS_PER_SECOND / VIA_ADB_POLL_FREQ)); 858 859 timer_del(v1s->VBL_timer); 860 v1s->next_VBL = 0; 861 timer_del(v1s->one_second_timer); 862 v1s->next_second = 0; 863 864 m->cmd = REG_EMPTY; 865 m->alt = REG_EMPTY; 866 } 867 868 static void mac_via_realize(DeviceState *dev, Error **errp) 869 { 870 MacVIAState *m = MAC_VIA(dev); 871 MOS6522State *ms; 872 struct tm tm; 873 int ret; 874 875 /* Init VIAs 1 and 2 */ 876 sysbus_init_child_obj(OBJECT(dev), "via1", &m->mos6522_via1, 877 sizeof(m->mos6522_via1), TYPE_MOS6522_Q800_VIA1); 878 879 sysbus_init_child_obj(OBJECT(dev), "via2", &m->mos6522_via2, 880 sizeof(m->mos6522_via2), TYPE_MOS6522_Q800_VIA2); 881 882 /* Pass through mos6522 output IRQs */ 883 ms = MOS6522(&m->mos6522_via1); 884 object_property_add_alias(OBJECT(dev), "irq[0]", OBJECT(ms), 885 SYSBUS_DEVICE_GPIO_IRQ "[0]", &error_abort); 886 ms = MOS6522(&m->mos6522_via2); 887 object_property_add_alias(OBJECT(dev), "irq[1]", OBJECT(ms), 888 SYSBUS_DEVICE_GPIO_IRQ "[0]", &error_abort); 889 890 /* Pass through mos6522 input IRQs */ 891 qdev_pass_gpios(DEVICE(&m->mos6522_via1), dev, "via1-irq"); 892 qdev_pass_gpios(DEVICE(&m->mos6522_via2), dev, "via2-irq"); 893 894 /* VIA 1 */ 895 m->mos6522_via1.one_second_timer = timer_new_ms(QEMU_CLOCK_VIRTUAL, 896 via1_one_second, 897 &m->mos6522_via1); 898 m->mos6522_via1.VBL_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, via1_VBL, 899 &m->mos6522_via1); 900 901 qemu_get_timedate(&tm, 0); 902 m->tick_offset = (uint32_t)mktimegm(&tm) + RTC_OFFSET; 903 904 m->adb_poll_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, via_adb_poll, m); 905 m->adb_data_ready = qdev_get_gpio_in_named(dev, "via1-irq", 906 VIA1_IRQ_ADB_READY_BIT); 907 908 if (m->blk) { 909 int64_t len = blk_getlength(m->blk); 910 if (len < 0) { 911 error_setg_errno(errp, -len, 912 "could not get length of backing image"); 913 return; 914 } 915 ret = blk_set_perm(m->blk, 916 BLK_PERM_CONSISTENT_READ | BLK_PERM_WRITE, 917 BLK_PERM_ALL, errp); 918 if (ret < 0) { 919 return; 920 } 921 922 len = blk_pread(m->blk, 0, m->mos6522_via1.PRAM, 923 sizeof(m->mos6522_via1.PRAM)); 924 if (len != sizeof(m->mos6522_via1.PRAM)) { 925 error_setg(errp, "can't read PRAM contents"); 926 return; 927 } 928 } 929 } 930 931 static void mac_via_init(Object *obj) 932 { 933 SysBusDevice *sbd = SYS_BUS_DEVICE(obj); 934 MacVIAState *m = MAC_VIA(obj); 935 936 /* MMIO */ 937 memory_region_init(&m->mmio, obj, "mac-via", 2 * VIA_SIZE); 938 sysbus_init_mmio(sbd, &m->mmio); 939 940 memory_region_init_io(&m->via1mem, obj, &mos6522_q800_via1_ops, 941 &m->mos6522_via1, "via1", VIA_SIZE); 942 memory_region_add_subregion(&m->mmio, 0x0, &m->via1mem); 943 944 memory_region_init_io(&m->via2mem, obj, &mos6522_q800_via2_ops, 945 &m->mos6522_via2, "via2", VIA_SIZE); 946 memory_region_add_subregion(&m->mmio, VIA_SIZE, &m->via2mem); 947 948 /* ADB */ 949 qbus_create_inplace((BusState *)&m->adb_bus, sizeof(m->adb_bus), 950 TYPE_ADB_BUS, DEVICE(obj), "adb.0"); 951 } 952 953 static void postload_update_cb(void *opaque, int running, RunState state) 954 { 955 MacVIAState *m = MAC_VIA(opaque); 956 957 qemu_del_vm_change_state_handler(m->vmstate); 958 m->vmstate = NULL; 959 960 pram_update(m); 961 } 962 963 static int mac_via_post_load(void *opaque, int version_id) 964 { 965 MacVIAState *m = MAC_VIA(opaque); 966 967 if (m->blk) { 968 m->vmstate = qemu_add_vm_change_state_handler(postload_update_cb, 969 m); 970 } 971 972 return 0; 973 } 974 975 static const VMStateDescription vmstate_mac_via = { 976 .name = "mac-via", 977 .version_id = 1, 978 .minimum_version_id = 1, 979 .post_load = mac_via_post_load, 980 .fields = (VMStateField[]) { 981 /* VIAs */ 982 VMSTATE_STRUCT(mos6522_via1.parent_obj, MacVIAState, 0, vmstate_mos6522, 983 MOS6522State), 984 VMSTATE_UINT8(mos6522_via1.last_b, MacVIAState), 985 VMSTATE_BUFFER(mos6522_via1.PRAM, MacVIAState), 986 VMSTATE_TIMER_PTR(mos6522_via1.one_second_timer, MacVIAState), 987 VMSTATE_INT64(mos6522_via1.next_second, MacVIAState), 988 VMSTATE_TIMER_PTR(mos6522_via1.VBL_timer, MacVIAState), 989 VMSTATE_INT64(mos6522_via1.next_VBL, MacVIAState), 990 VMSTATE_STRUCT(mos6522_via2.parent_obj, MacVIAState, 0, vmstate_mos6522, 991 MOS6522State), 992 /* RTC */ 993 VMSTATE_UINT32(tick_offset, MacVIAState), 994 VMSTATE_UINT8(data_out, MacVIAState), 995 VMSTATE_INT32(data_out_cnt, MacVIAState), 996 VMSTATE_UINT8(data_in, MacVIAState), 997 VMSTATE_UINT8(data_in_cnt, MacVIAState), 998 VMSTATE_UINT8(cmd, MacVIAState), 999 VMSTATE_INT32(wprotect, MacVIAState), 1000 VMSTATE_INT32(alt, MacVIAState), 1001 /* ADB */ 1002 VMSTATE_TIMER_PTR(adb_poll_timer, MacVIAState), 1003 VMSTATE_INT32(adb_data_in_size, MacVIAState), 1004 VMSTATE_INT32(adb_data_in_index, MacVIAState), 1005 VMSTATE_INT32(adb_data_out_index, MacVIAState), 1006 VMSTATE_BUFFER(adb_data_in, MacVIAState), 1007 VMSTATE_BUFFER(adb_data_out, MacVIAState), 1008 VMSTATE_END_OF_LIST() 1009 } 1010 }; 1011 1012 static Property mac_via_properties[] = { 1013 DEFINE_PROP_DRIVE("drive", MacVIAState, blk), 1014 DEFINE_PROP_END_OF_LIST(), 1015 }; 1016 1017 static void mac_via_class_init(ObjectClass *oc, void *data) 1018 { 1019 DeviceClass *dc = DEVICE_CLASS(oc); 1020 1021 dc->realize = mac_via_realize; 1022 dc->reset = mac_via_reset; 1023 dc->vmsd = &vmstate_mac_via; 1024 device_class_set_props(dc, mac_via_properties); 1025 } 1026 1027 static TypeInfo mac_via_info = { 1028 .name = TYPE_MAC_VIA, 1029 .parent = TYPE_SYS_BUS_DEVICE, 1030 .instance_size = sizeof(MacVIAState), 1031 .instance_init = mac_via_init, 1032 .class_init = mac_via_class_init, 1033 }; 1034 1035 /* VIA 1 */ 1036 static void mos6522_q800_via1_portB_write(MOS6522State *s) 1037 { 1038 MOS6522Q800VIA1State *v1s = container_of(s, MOS6522Q800VIA1State, 1039 parent_obj); 1040 MacVIAState *m = container_of(v1s, MacVIAState, mos6522_via1); 1041 1042 via1_rtc_update(m); 1043 via1_adb_update(m); 1044 1045 v1s->last_b = s->b; 1046 } 1047 1048 static void mos6522_q800_via1_reset(DeviceState *dev) 1049 { 1050 MOS6522State *ms = MOS6522(dev); 1051 MOS6522DeviceClass *mdc = MOS6522_DEVICE_GET_CLASS(ms); 1052 1053 mdc->parent_reset(dev); 1054 1055 ms->timers[0].frequency = VIA_TIMER_FREQ; 1056 ms->timers[1].frequency = VIA_TIMER_FREQ; 1057 1058 ms->b = VIA1B_vADB_StateMask | VIA1B_vADBInt | VIA1B_vRTCEnb; 1059 } 1060 1061 static void mos6522_q800_via1_init(Object *obj) 1062 { 1063 qdev_init_gpio_in_named(DEVICE(obj), via1_irq_request, "via1-irq", 1064 VIA1_IRQ_NB); 1065 } 1066 1067 static void mos6522_q800_via1_class_init(ObjectClass *oc, void *data) 1068 { 1069 DeviceClass *dc = DEVICE_CLASS(oc); 1070 MOS6522DeviceClass *mdc = MOS6522_DEVICE_CLASS(oc); 1071 1072 dc->reset = mos6522_q800_via1_reset; 1073 mdc->portB_write = mos6522_q800_via1_portB_write; 1074 } 1075 1076 static const TypeInfo mos6522_q800_via1_type_info = { 1077 .name = TYPE_MOS6522_Q800_VIA1, 1078 .parent = TYPE_MOS6522, 1079 .instance_size = sizeof(MOS6522Q800VIA1State), 1080 .instance_init = mos6522_q800_via1_init, 1081 .class_init = mos6522_q800_via1_class_init, 1082 }; 1083 1084 /* VIA 2 */ 1085 static void mos6522_q800_via2_portB_write(MOS6522State *s) 1086 { 1087 if (s->dirb & VIA2B_vPower && (s->b & VIA2B_vPower) == 0) { 1088 /* shutdown */ 1089 qemu_system_shutdown_request(SHUTDOWN_CAUSE_GUEST_SHUTDOWN); 1090 } 1091 } 1092 1093 static void mos6522_q800_via2_reset(DeviceState *dev) 1094 { 1095 MOS6522State *ms = MOS6522(dev); 1096 MOS6522DeviceClass *mdc = MOS6522_DEVICE_GET_CLASS(ms); 1097 1098 mdc->parent_reset(dev); 1099 1100 ms->timers[0].frequency = VIA_TIMER_FREQ; 1101 ms->timers[1].frequency = VIA_TIMER_FREQ; 1102 1103 ms->dirb = 0; 1104 ms->b = 0; 1105 } 1106 1107 static void mos6522_q800_via2_init(Object *obj) 1108 { 1109 qdev_init_gpio_in_named(DEVICE(obj), via2_irq_request, "via2-irq", 1110 VIA2_IRQ_NB); 1111 } 1112 1113 static void mos6522_q800_via2_class_init(ObjectClass *oc, void *data) 1114 { 1115 DeviceClass *dc = DEVICE_CLASS(oc); 1116 MOS6522DeviceClass *mdc = MOS6522_DEVICE_CLASS(oc); 1117 1118 dc->reset = mos6522_q800_via2_reset; 1119 mdc->portB_write = mos6522_q800_via2_portB_write; 1120 } 1121 1122 static const TypeInfo mos6522_q800_via2_type_info = { 1123 .name = TYPE_MOS6522_Q800_VIA2, 1124 .parent = TYPE_MOS6522, 1125 .instance_size = sizeof(MOS6522Q800VIA2State), 1126 .instance_init = mos6522_q800_via2_init, 1127 .class_init = mos6522_q800_via2_class_init, 1128 }; 1129 1130 static void mac_via_register_types(void) 1131 { 1132 type_register_static(&mos6522_q800_via1_type_info); 1133 type_register_static(&mos6522_q800_via2_type_info); 1134 type_register_static(&mac_via_info); 1135 } 1136 1137 type_init(mac_via_register_types); 1138