2 * QEMU m68k Macintosh VIA device support
4 * Copyright (c) 2011-2018 Laurent Vivier
5 * Copyright (c) 2018 Mark Cave-Ayland
7 * Some parts from hw/misc/macio/cuda.c
9 * Copyright (c) 2004-2007 Fabrice Bellard
10 * Copyright (c) 2007 Jocelyn Mayer
12 * some parts from linux-2.6.29, arch/m68k/include/asm/mac_via.h
14 * This work is licensed under the terms of the GNU GPL, version 2 or later.
15 * See the COPYING file in the top-level directory.
18 #include "qemu/osdep.h"
19 #include "migration/vmstate.h"
20 #include "hw/sysbus.h"
22 #include "qemu/timer.h"
23 #include "hw/misc/mac_via.h"
24 #include "hw/misc/mos6522.h"
25 #include "hw/input/adb.h"
26 #include "sysemu/runstate.h"
27 #include "qapi/error.h"
28 #include "qemu/cutils.h"
29 #include "hw/qdev-properties.h"
30 #include "hw/qdev-properties-system.h"
31 #include "sysemu/block-backend.h"
32 #include "sysemu/rtc.h"
37 * VIAs: There are two in every machine
41 * Not all of these are true post MacII I think.
42 * CSA: probably the ones CHRP marks as 'unused' change purposes
43 * when the IWM becomes the SWIM.
44 * http://www.rs6000.ibm.com/resource/technology/chrpio/via5.mak.html
45 * ftp://ftp.austin.ibm.com/pub/technology/spec/chrp/inwork/CHRP_IORef_1.0.pdf
47 * also, http://developer.apple.com/technotes/hw/hw_09.html claims the
48 * following changes for IIfx:
49 * VIA1A_vSccWrReq not available and that VIA1A_vSync has moved to an IOP.
50 * Also, "All of the functionality of VIA2 has been moved to other chips".
53 #define VIA1A_vSccWrReq 0x80 /*
55 * [CHRP] SCC WREQ: Reflects the state of the
56 * Wait/Request pins from the SCC.
57 * [Macintosh Family Hardware]
58 * as CHRP on SE/30,II,IIx,IIcx,IIci.
59 * on IIfx, "0 means an active request"
61 #define VIA1A_vRev8 0x40 /*
62 * Revision 8 board ???
63 * [CHRP] En WaitReqB: Lets the WaitReq_L
64 * signal from port B of the SCC appear on
65 * the PA7 input pin. Output.
66 * [Macintosh Family] On the SE/30, this
67 * is the bit to flip screen buffers.
68 * 0=alternate, 1=main.
69 * on II,IIx,IIcx,IIci,IIfx this is a bit
70 * for Rev ID. 0=II,IIx, 1=IIcx,IIci,IIfx
72 #define VIA1A_vHeadSel 0x20 /*
73 * Head select for IWM.
75 * [Macintosh Family] "Floppy disk
76 * state-control line SEL" on all but IIfx
78 #define VIA1A_vOverlay 0x10 /*
79 * [Macintosh Family] On SE/30,II,IIx,IIcx
80 * this bit enables the "Overlay" address
81 * map in the address decoders as it is on
82 * reset for mapping the ROM over the reset
83 * vector. 1=use overlay map.
84 * On the IIci,IIfx it is another bit of the
85 * CPU ID: 0=normal IIci, 1=IIci with parity
87 * [CHRP] En WaitReqA: Lets the WaitReq_L
88 * signal from port A of the SCC appear
89 * on the PA7 input pin (CHRP). Output.
90 * [MkLinux] "Drive Select"
91 * (with 0x20 being 'disk head select')
93 #define VIA1A_vSync 0x08 /*
94 * [CHRP] Sync Modem: modem clock select:
95 * 1: select the external serial clock to
96 * drive the SCC's /RTxCA pin.
97 * 0: Select the 3.6864MHz clock to drive
99 * [Macintosh Family] Correct on all but IIfx
103 * Macintosh Family Hardware sez: bits 0-2 of VIA1A are volume control
104 * on Macs which had the PWM sound hardware. Reserved on newer models.
105 * On IIci,IIfx, bits 1-2 are the rest of the CPU ID:
106 * bit 2: 1=IIci, 0=IIfx
107 * bit 1: 1 on both IIci and IIfx.
108 * MkLinux sez bit 0 is 'burnin flag' in this case.
109 * CHRP sez: VIA1A bits 0-2 and 5 are 'unused': if programmed as
110 * inputs, these bits will read 0.
112 #define VIA1A_vVolume 0x07 /* Audio volume mask for PWM */
113 #define VIA1A_CPUID0 0x02 /* CPU id bit 0 on RBV, others */
114 #define VIA1A_CPUID1 0x04 /* CPU id bit 0 on RBV, others */
115 #define VIA1A_CPUID2 0x10 /* CPU id bit 0 on RBV, others */
116 #define VIA1A_CPUID3 0x40 /* CPU id bit 0 on RBV, others */
119 * Info on VIA1B is from Macintosh Family Hardware & MkLinux.
120 * CHRP offers no info.
122 #define VIA1B_vSound 0x80 /*
123 * Sound enable (for compatibility with
124 * PWM hardware) 0=enabled.
125 * Also, on IIci w/parity, shows parity error
128 #define VIA1B_vMystery 0x40 /*
129 * On IIci, parity enable. 0=enabled,1=disabled
130 * On SE/30, vertical sync interrupt enable.
131 * 0=enabled. This vSync interrupt shows up
132 * as a slot $E interrupt.
133 * On Quadra 800 this bit toggles A/UX mode which
134 * configures the glue logic to deliver some IRQs
135 * at different levels compared to a classic
138 #define VIA1B_vADBS2 0x20 /* ADB state input bit 1 (unused on IIfx) */
139 #define VIA1B_vADBS1 0x10 /* ADB state input bit 0 (unused on IIfx) */
140 #define VIA1B_vADBInt 0x08 /* ADB interrupt 0=interrupt (unused on IIfx)*/
141 #define VIA1B_vRTCEnb 0x04 /* Enable Real time clock. 0=enabled. */
142 #define VIA1B_vRTCClk 0x02 /* Real time clock serial-clock line. */
143 #define VIA1B_vRTCData 0x01 /* Real time clock serial-data line. */
146 * VIA2 A register is the interrupt lines raised off the nubus
148 * The below info is from 'Macintosh Family Hardware.'
149 * MkLinux calls the 'IIci internal video IRQ' below the 'RBV slot 0 irq.'
150 * It also notes that the slot $9 IRQ is the 'Ethernet IRQ' and
151 * defines the 'Video IRQ' as 0x40 for the 'EVR' VIA work-alike.
152 * Perhaps OSS uses vRAM1 and vRAM2 for ADB.
155 #define VIA2A_vRAM1 0x80 /* RAM size bit 1 (IIci: reserved) */
156 #define VIA2A_vRAM0 0x40 /* RAM size bit 0 (IIci: internal video IRQ) */
157 #define VIA2A_vIRQE 0x20 /* IRQ from slot $E */
158 #define VIA2A_vIRQD 0x10 /* IRQ from slot $D */
159 #define VIA2A_vIRQC 0x08 /* IRQ from slot $C */
160 #define VIA2A_vIRQB 0x04 /* IRQ from slot $B */
161 #define VIA2A_vIRQA 0x02 /* IRQ from slot $A */
162 #define VIA2A_vIRQ9 0x01 /* IRQ from slot $9 */
165 * RAM size bits decoded as follows:
166 * bit1 bit0 size of ICs in bank A
174 * Register B has the fun stuff in it
177 #define VIA2B_vVBL 0x80 /*
178 * VBL output to VIA1 (60.15Hz) driven by
180 * on IIci, parity test: 0=test mode.
181 * [MkLinux] RBV_PARODD: 1=odd,0=even.
183 #define VIA2B_vSndJck 0x40 /*
184 * External sound jack status.
185 * 0=plug is inserted. On SE/30, always 0
187 #define VIA2B_vTfr0 0x20 /* Transfer mode bit 0 ack from NuBus */
188 #define VIA2B_vTfr1 0x10 /* Transfer mode bit 1 ack from NuBus */
189 #define VIA2B_vMode32 0x08 /*
190 * 24/32bit switch - doubles as cache flush
191 * on II, AMU/PMMU control.
192 * if AMU, 0=24bit to 32bit translation
193 * if PMMU, 1=PMMU is accessing page table.
195 * on IIx,IIcx,IIfx, unused.
196 * on IIci/RBV, cache control. 0=flush cache.
198 #define VIA2B_vPower 0x04 /*
199 * Power off, 0=shut off power.
200 * on SE/30 this signal sent to PDS card.
202 #define VIA2B_vBusLk 0x02 /*
203 * Lock NuBus transactions, 0=locked.
204 * on SE/30 sent to PDS card.
206 #define VIA2B_vCDis 0x01 /*
207 * Cache control. On IIci, 1=disable cache card
208 * on others, 0=disable processor's instruction
212 /* interrupt flags */
218 #define VIA_IRQ_TIMER1 0x40
219 #define VIA_IRQ_TIMER2 0x20
222 * Apple sez: http://developer.apple.com/technotes/ov/ov_04.html
223 * Another example of a valid function that has no ROM support is the use
224 * of the alternate video page for page-flipping animation. Since there
225 * is no ROM call to flip pages, it is necessary to go play with the
226 * right bit in the VIA chip (6522 Versatile Interface Adapter).
227 * [CSA: don't know which one this is, but it's one of 'em!]
231 * 6522 registers - see databook.
232 * CSA: Assignments for VIA1 confirmed from CHRP spec.
235 /* partial address decode. 0xYYXX : XX part for RBV, YY part for VIA */
236 /* Note: 15 VIA regs, 8 RBV regs */
238 #define vBufB 0x0000 /* [VIA/RBV] Register B */
239 #define vBufAH 0x0200 /* [VIA only] Buffer A, with handshake. DON'T USE! */
240 #define vDirB 0x0400 /* [VIA only] Data Direction Register B. */
241 #define vDirA 0x0600 /* [VIA only] Data Direction Register A. */
242 #define vT1CL 0x0800 /* [VIA only] Timer one counter low. */
243 #define vT1CH 0x0a00 /* [VIA only] Timer one counter high. */
244 #define vT1LL 0x0c00 /* [VIA only] Timer one latches low. */
245 #define vT1LH 0x0e00 /* [VIA only] Timer one latches high. */
246 #define vT2CL 0x1000 /* [VIA only] Timer two counter low. */
247 #define vT2CH 0x1200 /* [VIA only] Timer two counter high. */
248 #define vSR 0x1400 /* [VIA only] Shift register. */
249 #define vACR 0x1600 /* [VIA only] Auxilary control register. */
250 #define vPCR 0x1800 /* [VIA only] Peripheral control register. */
252 * CHRP sez never ever to *write* this.
253 * Mac family says never to *change* this.
254 * In fact we need to initialize it once at start.
256 #define vIFR 0x1a00 /* [VIA/RBV] Interrupt flag register. */
257 #define vIER 0x1c00 /* [VIA/RBV] Interrupt enable register. */
258 #define vBufA 0x1e00 /* [VIA/RBV] register A (no handshake) */
260 /* from linux 2.6 drivers/macintosh/via-macii.c */
264 #define VIA1ACR_vShiftCtrl 0x1c /* Shift register control bits */
265 #define VIA1ACR_vShiftExtClk 0x0c /* Shift on external clock */
266 #define VIA1ACR_vShiftOut 0x10 /* Shift out if 1 */
269 * Apple Macintosh Family Hardware Refenece
270 * Table 19-10 ADB transaction states
273 #define ADB_STATE_NEW 0
274 #define ADB_STATE_EVEN 1
275 #define ADB_STATE_ODD 2
276 #define ADB_STATE_IDLE 3
278 #define VIA1B_vADB_StateMask (VIA1B_vADBS1 | VIA1B_vADBS2)
279 #define VIA1B_vADB_StateShift 4
281 #define VIA_TIMER_FREQ (783360)
282 #define VIA_ADB_POLL_FREQ 50 /* XXX: not real */
285 * Guide to the Macintosh Family Hardware ch. 12 "Displays" p. 401 gives the
286 * precise 60Hz interrupt frequency as ~60.15Hz with a period of 16625.8 us
288 #define VIA_60HZ_TIMER_PERIOD_NS 16625800
290 /* VIA returns time offset from Jan 1, 1904, not 1970 */
291 #define RTC_OFFSET 2082844800
301 REG_PRAM_ADDR_LAST
= REG_PRAM_ADDR
+ 19,
303 REG_PRAM_SECT_LAST
= REG_PRAM_SECT
+ 7,
308 static void via1_sixty_hz_update(MOS6522Q800VIA1State
*v1s
)
311 v1s
->next_sixty_hz
= (qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL
) +
312 VIA_60HZ_TIMER_PERIOD_NS
) /
313 VIA_60HZ_TIMER_PERIOD_NS
* VIA_60HZ_TIMER_PERIOD_NS
;
314 timer_mod(v1s
->sixty_hz_timer
, v1s
->next_sixty_hz
);
317 static void via1_one_second_update(MOS6522Q800VIA1State
*v1s
)
319 v1s
->next_second
= (qemu_clock_get_ms(QEMU_CLOCK_VIRTUAL
) + 1000) /
321 timer_mod(v1s
->one_second_timer
, v1s
->next_second
);
324 static void via1_sixty_hz(void *opaque
)
326 MOS6522Q800VIA1State
*v1s
= opaque
;
327 MOS6522State
*s
= MOS6522(v1s
);
328 qemu_irq irq
= qdev_get_gpio_in(DEVICE(s
), VIA1_IRQ_60HZ_BIT
);
330 /* Negative edge trigger */
334 via1_sixty_hz_update(v1s
);
337 static void via1_one_second(void *opaque
)
339 MOS6522Q800VIA1State
*v1s
= opaque
;
340 MOS6522State
*s
= MOS6522(v1s
);
341 qemu_irq irq
= qdev_get_gpio_in(DEVICE(s
), VIA1_IRQ_ONE_SECOND_BIT
);
343 /* Negative edge trigger */
347 via1_one_second_update(v1s
);
351 static void pram_update(MOS6522Q800VIA1State
*v1s
)
354 if (blk_pwrite(v1s
->blk
, 0, sizeof(v1s
->PRAM
), v1s
->PRAM
, 0) < 0) {
355 qemu_log("pram_update: cannot write to file\n");
363 * Command byte Register addressed by the command
365 * z0000001 Seconds register 0 (lowest-order byte)
366 * z0000101 Seconds register 1
367 * z0001001 Seconds register 2
368 * z0001101 Seconds register 3 (highest-order byte)
369 * 00110001 Test register (write-only)
370 * 00110101 Write-Protect Register (write-only)
371 * z010aa01 RAM address 100aa ($10-$13) (first 20 bytes only)
372 * z1aaaa01 RAM address 0aaaa ($00-$0F) (first 20 bytes only)
373 * z0111aaa Extended memory designator and sector number
375 * For a read request, z=1, for a write z=0
376 * The letter a indicates bits whose value depend on what parameter
377 * RAM byte you want to address
379 static int via1_rtc_compact_cmd(uint8_t value
)
381 uint8_t read
= value
& 0x80;
385 /* the last 2 bits of a command byte must always be 0b01 ... */
386 if ((value
& 0x78) == 0x38) {
387 /* except for the extended memory designator */
388 return read
| (REG_PRAM_SECT
+ (value
& 0x07));
390 if ((value
& 0x03) == 0x01) {
392 if ((value
& 0x1c) == 0) {
393 /* seconds registers */
394 return read
| (REG_0
+ (value
& 0x03));
395 } else if ((value
== 0x0c) && !read
) {
397 } else if ((value
== 0x0d) && !read
) {
399 } else if ((value
& 0x1c) == 0x08) {
400 /* RAM address 0x10 to 0x13 */
401 return read
| (REG_PRAM_ADDR
+ 0x10 + (value
& 0x03));
402 } else if ((value
& 0x43) == 0x41) {
403 /* RAM address 0x00 to 0x0f */
404 return read
| (REG_PRAM_ADDR
+ (value
& 0x0f));
410 static void via1_rtc_update(MOS6522Q800VIA1State
*v1s
)
412 MOS6522State
*s
= MOS6522(v1s
);
413 int cmd
, sector
, addr
;
416 if (s
->b
& VIA1B_vRTCEnb
) {
420 if (s
->dirb
& VIA1B_vRTCData
) {
421 /* send bits to the RTC */
422 if (!(v1s
->last_b
& VIA1B_vRTCClk
) && (s
->b
& VIA1B_vRTCClk
)) {
424 v1s
->data_out
|= s
->b
& VIA1B_vRTCData
;
427 trace_via1_rtc_update_data_out(v1s
->data_out_cnt
, v1s
->data_out
);
429 trace_via1_rtc_update_data_in(v1s
->data_in_cnt
, v1s
->data_in
);
430 /* receive bits from the RTC */
431 if ((v1s
->last_b
& VIA1B_vRTCClk
) &&
432 !(s
->b
& VIA1B_vRTCClk
) &&
434 s
->b
= (s
->b
& ~VIA1B_vRTCData
) |
435 ((v1s
->data_in
>> 7) & VIA1B_vRTCData
);
442 if (v1s
->data_out_cnt
!= 8) {
446 v1s
->data_out_cnt
= 0;
448 trace_via1_rtc_internal_status(v1s
->cmd
, v1s
->alt
, v1s
->data_out
);
449 /* first byte: it's a command */
450 if (v1s
->cmd
== REG_EMPTY
) {
452 cmd
= via1_rtc_compact_cmd(v1s
->data_out
);
453 trace_via1_rtc_internal_cmd(cmd
);
455 if (cmd
== REG_INVALID
) {
456 trace_via1_rtc_cmd_invalid(v1s
->data_out
);
460 if (cmd
& 0x80) { /* this is a read command */
461 switch (cmd
& 0x7f) {
462 case REG_0
...REG_3
: /* seconds registers */
464 * register 0 is lowest-order byte
465 * register 3 is highest-order byte
468 time
= v1s
->tick_offset
+ (qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL
)
469 / NANOSECONDS_PER_SECOND
);
470 trace_via1_rtc_internal_time(time
);
471 v1s
->data_in
= (time
>> ((cmd
& 0x03) << 3)) & 0xff;
472 v1s
->data_in_cnt
= 8;
473 trace_via1_rtc_cmd_seconds_read((cmd
& 0x7f) - REG_0
,
476 case REG_PRAM_ADDR
...REG_PRAM_ADDR_LAST
:
477 /* PRAM address 0x00 -> 0x13 */
478 v1s
->data_in
= v1s
->PRAM
[(cmd
& 0x7f) - REG_PRAM_ADDR
];
479 v1s
->data_in_cnt
= 8;
480 trace_via1_rtc_cmd_pram_read((cmd
& 0x7f) - REG_PRAM_ADDR
,
483 case REG_PRAM_SECT
...REG_PRAM_SECT_LAST
:
485 * extended memory designator and sector number
486 * the only two-byte read command
488 trace_via1_rtc_internal_set_cmd(cmd
);
492 g_assert_not_reached();
498 /* this is a write command, needs a parameter */
499 if (cmd
== REG_WPROTECT
|| !v1s
->wprotect
) {
500 trace_via1_rtc_internal_set_cmd(cmd
);
503 trace_via1_rtc_internal_ignore_cmd(cmd
);
508 /* second byte: it's a parameter */
509 if (v1s
->alt
== REG_EMPTY
) {
510 switch (v1s
->cmd
& 0x7f) {
511 case REG_0
...REG_3
: /* seconds register */
513 trace_via1_rtc_cmd_seconds_write(v1s
->cmd
- REG_0
, v1s
->data_out
);
514 v1s
->cmd
= REG_EMPTY
;
517 /* device control: nothing to do */
518 trace_via1_rtc_cmd_test_write(v1s
->data_out
);
519 v1s
->cmd
= REG_EMPTY
;
522 /* Write Protect register */
523 trace_via1_rtc_cmd_wprotect_write(v1s
->data_out
);
524 v1s
->wprotect
= !!(v1s
->data_out
& 0x80);
525 v1s
->cmd
= REG_EMPTY
;
527 case REG_PRAM_ADDR
...REG_PRAM_ADDR_LAST
:
528 /* PRAM address 0x00 -> 0x13 */
529 trace_via1_rtc_cmd_pram_write(v1s
->cmd
- REG_PRAM_ADDR
,
531 v1s
->PRAM
[v1s
->cmd
- REG_PRAM_ADDR
] = v1s
->data_out
;
533 v1s
->cmd
= REG_EMPTY
;
535 case REG_PRAM_SECT
...REG_PRAM_SECT_LAST
:
536 addr
= (v1s
->data_out
>> 2) & 0x1f;
537 sector
= (v1s
->cmd
& 0x7f) - REG_PRAM_SECT
;
538 if (v1s
->cmd
& 0x80) {
540 v1s
->data_in
= v1s
->PRAM
[sector
* 32 + addr
];
541 v1s
->data_in_cnt
= 8;
542 trace_via1_rtc_cmd_pram_sect_read(sector
, addr
,
545 v1s
->cmd
= REG_EMPTY
;
547 /* it's a write, we need one more parameter */
548 trace_via1_rtc_internal_set_alt(addr
, sector
, addr
);
553 g_assert_not_reached();
559 /* third byte: it's the data of a REG_PRAM_SECT write */
560 g_assert(REG_PRAM_SECT
<= v1s
->cmd
&& v1s
->cmd
<= REG_PRAM_SECT_LAST
);
561 sector
= v1s
->cmd
- REG_PRAM_SECT
;
562 v1s
->PRAM
[sector
* 32 + v1s
->alt
] = v1s
->data_out
;
564 trace_via1_rtc_cmd_pram_sect_write(sector
, v1s
->alt
, sector
* 32 + v1s
->alt
,
566 v1s
->alt
= REG_EMPTY
;
567 v1s
->cmd
= REG_EMPTY
;
570 static void adb_via_poll(void *opaque
)
572 MOS6522Q800VIA1State
*v1s
= MOS6522_Q800_VIA1(opaque
);
573 MOS6522State
*s
= MOS6522(v1s
);
574 ADBBusState
*adb_bus
= &v1s
->adb_bus
;
576 uint8_t *data
= &s
->sr
;
580 * Setting vADBInt below indicates that an autopoll reply has been
581 * received, however we must block autopoll until the point where
582 * the entire reply has been read back to the host
584 adb_autopoll_block(adb_bus
);
586 if (v1s
->adb_data_in_size
> 0 && v1s
->adb_data_in_index
== 0) {
588 * For older Linux kernels that switch to IDLE mode after sending the
589 * ADB command, detect if there is an existing response and return that
590 * as a "fake" autopoll reply or bus timeout accordingly
592 *data
= v1s
->adb_data_out
[0];
593 olen
= v1s
->adb_data_in_size
;
595 s
->b
&= ~VIA1B_vADBInt
;
596 qemu_irq_raise(v1s
->adb_data_ready
);
599 * Otherwise poll as normal
601 v1s
->adb_data_in_index
= 0;
602 v1s
->adb_data_out_index
= 0;
603 olen
= adb_poll(adb_bus
, obuf
, adb_bus
->autopoll_mask
);
606 /* Autopoll response */
609 memcpy(v1s
->adb_data_in
, &obuf
[1], olen
);
610 v1s
->adb_data_in_size
= olen
;
612 s
->b
&= ~VIA1B_vADBInt
;
613 qemu_irq_raise(v1s
->adb_data_ready
);
615 *data
= v1s
->adb_autopoll_cmd
;
620 memcpy(v1s
->adb_data_in
, obuf
, olen
);
621 v1s
->adb_data_in_size
= olen
;
623 s
->b
&= ~VIA1B_vADBInt
;
624 qemu_irq_raise(v1s
->adb_data_ready
);
628 trace_via1_adb_poll(*data
, (s
->b
& VIA1B_vADBInt
) ? "+" : "-",
629 adb_bus
->status
, v1s
->adb_data_in_index
, olen
);
632 static int adb_via_send_len(uint8_t data
)
634 /* Determine the send length from the given ADB command */
635 uint8_t cmd
= data
& 0xc;
636 uint8_t reg
= data
& 0x3;
643 /* Register 2 is only used for the keyboard */
647 * Fortunately our devices only implement writes
648 * to register 3 which is fixed at 2 bytes
652 qemu_log_mask(LOG_UNIMP
, "ADB unknown length for register %d\n",
662 static void adb_via_send(MOS6522Q800VIA1State
*v1s
, int state
, uint8_t data
)
664 MOS6522State
*ms
= MOS6522(v1s
);
665 ADBBusState
*adb_bus
= &v1s
->adb_bus
;
666 uint16_t autopoll_mask
;
671 * Command byte: vADBInt tells host autopoll data already present
672 * in VIA shift register and ADB transceiver
674 adb_autopoll_block(adb_bus
);
676 if (adb_bus
->status
& ADB_STATUS_POLLREPLY
) {
677 /* Tell the host the existing data is from autopoll */
678 ms
->b
&= ~VIA1B_vADBInt
;
680 ms
->b
|= VIA1B_vADBInt
;
681 v1s
->adb_data_out_index
= 0;
682 v1s
->adb_data_out
[v1s
->adb_data_out_index
++] = data
;
685 trace_via1_adb_send(" NEW", data
, (ms
->b
& VIA1B_vADBInt
) ? "+" : "-");
686 qemu_irq_raise(v1s
->adb_data_ready
);
691 ms
->b
|= VIA1B_vADBInt
;
692 v1s
->adb_data_out
[v1s
->adb_data_out_index
++] = data
;
694 trace_via1_adb_send(state
== ADB_STATE_EVEN
? "EVEN" : " ODD",
695 data
, (ms
->b
& VIA1B_vADBInt
) ? "+" : "-");
696 qemu_irq_raise(v1s
->adb_data_ready
);
703 /* If the command is complete, execute it */
704 if (v1s
->adb_data_out_index
== adb_via_send_len(v1s
->adb_data_out
[0])) {
705 v1s
->adb_data_in_size
= adb_request(adb_bus
, v1s
->adb_data_in
,
707 v1s
->adb_data_out_index
);
708 v1s
->adb_data_in_index
= 0;
710 if (adb_bus
->status
& ADB_STATUS_BUSTIMEOUT
) {
712 * Bus timeout (but allow first EVEN and ODD byte to indicate
713 * timeout via vADBInt and SRQ status)
715 v1s
->adb_data_in
[0] = 0xff;
716 v1s
->adb_data_in
[1] = 0xff;
717 v1s
->adb_data_in_size
= 2;
721 * If last command is TALK, store it for use by autopoll and adjust
722 * the autopoll mask accordingly
724 if ((v1s
->adb_data_out
[0] & 0xc) == 0xc) {
725 v1s
->adb_autopoll_cmd
= v1s
->adb_data_out
[0];
727 autopoll_mask
= 1 << (v1s
->adb_autopoll_cmd
>> 4);
728 adb_set_autopoll_mask(adb_bus
, autopoll_mask
);
733 static void adb_via_receive(MOS6522Q800VIA1State
*v1s
, int state
, uint8_t *data
)
735 MOS6522State
*ms
= MOS6522(v1s
);
736 ADBBusState
*adb_bus
= &v1s
->adb_bus
;
741 ms
->b
|= VIA1B_vADBInt
;
745 ms
->b
|= VIA1B_vADBInt
;
746 adb_autopoll_unblock(adb_bus
);
748 trace_via1_adb_receive("IDLE", *data
,
749 (ms
->b
& VIA1B_vADBInt
) ? "+" : "-", adb_bus
->status
,
750 v1s
->adb_data_in_index
, v1s
->adb_data_in_size
);
756 switch (v1s
->adb_data_in_index
) {
758 /* First EVEN byte: vADBInt indicates bus timeout */
759 *data
= v1s
->adb_data_in
[v1s
->adb_data_in_index
];
760 if (adb_bus
->status
& ADB_STATUS_BUSTIMEOUT
) {
761 ms
->b
&= ~VIA1B_vADBInt
;
763 ms
->b
|= VIA1B_vADBInt
;
766 trace_via1_adb_receive(state
== ADB_STATE_EVEN
? "EVEN" : " ODD",
767 *data
, (ms
->b
& VIA1B_vADBInt
) ? "+" : "-",
768 adb_bus
->status
, v1s
->adb_data_in_index
,
769 v1s
->adb_data_in_size
);
771 v1s
->adb_data_in_index
++;
775 /* First ODD byte: vADBInt indicates SRQ */
776 *data
= v1s
->adb_data_in
[v1s
->adb_data_in_index
];
777 pending
= adb_bus
->pending
& ~(1 << (v1s
->adb_autopoll_cmd
>> 4));
779 ms
->b
&= ~VIA1B_vADBInt
;
781 ms
->b
|= VIA1B_vADBInt
;
784 trace_via1_adb_receive(state
== ADB_STATE_EVEN
? "EVEN" : " ODD",
785 *data
, (ms
->b
& VIA1B_vADBInt
) ? "+" : "-",
786 adb_bus
->status
, v1s
->adb_data_in_index
,
787 v1s
->adb_data_in_size
);
789 v1s
->adb_data_in_index
++;
794 * Otherwise vADBInt indicates end of data. Note that Linux
795 * specifically checks for the sequence 0x0 0xff to confirm the
796 * end of the poll reply, so provide these extra bytes below to
799 if (v1s
->adb_data_in_index
< v1s
->adb_data_in_size
) {
801 *data
= v1s
->adb_data_in
[v1s
->adb_data_in_index
];
802 ms
->b
|= VIA1B_vADBInt
;
803 } else if (v1s
->adb_data_in_index
== v1s
->adb_data_in_size
) {
804 if (adb_bus
->status
& ADB_STATUS_BUSTIMEOUT
) {
805 /* Bus timeout (no more data) */
808 /* Return 0x0 after reply */
811 ms
->b
&= ~VIA1B_vADBInt
;
813 /* Bus timeout (no more data) */
815 ms
->b
&= ~VIA1B_vADBInt
;
817 adb_autopoll_unblock(adb_bus
);
820 trace_via1_adb_receive(state
== ADB_STATE_EVEN
? "EVEN" : " ODD",
821 *data
, (ms
->b
& VIA1B_vADBInt
) ? "+" : "-",
822 adb_bus
->status
, v1s
->adb_data_in_index
,
823 v1s
->adb_data_in_size
);
825 if (v1s
->adb_data_in_index
<= v1s
->adb_data_in_size
) {
826 v1s
->adb_data_in_index
++;
831 qemu_irq_raise(v1s
->adb_data_ready
);
836 static void via1_adb_update(MOS6522Q800VIA1State
*v1s
)
838 MOS6522State
*s
= MOS6522(v1s
);
841 oldstate
= (v1s
->last_b
& VIA1B_vADB_StateMask
) >> VIA1B_vADB_StateShift
;
842 state
= (s
->b
& VIA1B_vADB_StateMask
) >> VIA1B_vADB_StateShift
;
844 if (state
!= oldstate
) {
845 if (s
->acr
& VIA1ACR_vShiftOut
) {
847 adb_via_send(v1s
, state
, s
->sr
);
850 adb_via_receive(v1s
, state
, &s
->sr
);
855 static void via1_auxmode_update(MOS6522Q800VIA1State
*v1s
)
857 MOS6522State
*s
= MOS6522(v1s
);
860 oldirq
= (v1s
->last_b
& VIA1B_vMystery
) ? 1 : 0;
861 irq
= (s
->b
& VIA1B_vMystery
) ? 1 : 0;
863 /* Check to see if the A/UX mode bit has changed */
865 trace_via1_auxmode(irq
);
866 qemu_set_irq(v1s
->auxmode_irq
, irq
);
870 static uint64_t mos6522_q800_via1_read(void *opaque
, hwaddr addr
, unsigned size
)
872 MOS6522Q800VIA1State
*s
= MOS6522_Q800_VIA1(opaque
);
873 MOS6522State
*ms
= MOS6522(s
);
875 addr
= (addr
>> 9) & 0xf;
876 return mos6522_read(ms
, addr
, size
);
879 static void mos6522_q800_via1_write(void *opaque
, hwaddr addr
, uint64_t val
,
882 MOS6522Q800VIA1State
*v1s
= MOS6522_Q800_VIA1(opaque
);
883 MOS6522State
*ms
= MOS6522(v1s
);
885 addr
= (addr
>> 9) & 0xf;
886 mos6522_write(ms
, addr
, val
, size
);
890 via1_rtc_update(v1s
);
891 via1_adb_update(v1s
);
892 via1_auxmode_update(v1s
);
899 static const MemoryRegionOps mos6522_q800_via1_ops
= {
900 .read
= mos6522_q800_via1_read
,
901 .write
= mos6522_q800_via1_write
,
902 .endianness
= DEVICE_BIG_ENDIAN
,
904 .min_access_size
= 1,
905 .max_access_size
= 4,
909 static uint64_t mos6522_q800_via2_read(void *opaque
, hwaddr addr
, unsigned size
)
911 MOS6522Q800VIA2State
*s
= MOS6522_Q800_VIA2(opaque
);
912 MOS6522State
*ms
= MOS6522(s
);
915 addr
= (addr
>> 9) & 0xf;
916 val
= mos6522_read(ms
, addr
, size
);
921 * On a Q800 an emulated VIA2 is integrated into the onboard logic. The
922 * expectation of most OSs is that the DRQ bit is live, rather than
923 * latched as it would be on a real VIA so do the same here.
925 * Note: DRQ is negative edge triggered
927 val
&= ~VIA2_IRQ_SCSI_DATA
;
928 val
|= (~ms
->last_irq_levels
& VIA2_IRQ_SCSI_DATA
);
935 static void mos6522_q800_via2_write(void *opaque
, hwaddr addr
, uint64_t val
,
938 MOS6522Q800VIA2State
*s
= MOS6522_Q800_VIA2(opaque
);
939 MOS6522State
*ms
= MOS6522(s
);
941 addr
= (addr
>> 9) & 0xf;
942 mos6522_write(ms
, addr
, val
, size
);
945 static const MemoryRegionOps mos6522_q800_via2_ops
= {
946 .read
= mos6522_q800_via2_read
,
947 .write
= mos6522_q800_via2_write
,
948 .endianness
= DEVICE_BIG_ENDIAN
,
950 .min_access_size
= 1,
951 .max_access_size
= 4,
955 static void via1_postload_update_cb(void *opaque
, bool running
, RunState state
)
957 MOS6522Q800VIA1State
*v1s
= MOS6522_Q800_VIA1(opaque
);
959 qemu_del_vm_change_state_handler(v1s
->vmstate
);
965 static int via1_post_load(void *opaque
, int version_id
)
967 MOS6522Q800VIA1State
*v1s
= MOS6522_Q800_VIA1(opaque
);
970 v1s
->vmstate
= qemu_add_vm_change_state_handler(
971 via1_postload_update_cb
, v1s
);
978 static void mos6522_q800_via1_reset_hold(Object
*obj
)
980 MOS6522Q800VIA1State
*v1s
= MOS6522_Q800_VIA1(obj
);
981 MOS6522State
*ms
= MOS6522(v1s
);
982 MOS6522DeviceClass
*mdc
= MOS6522_GET_CLASS(ms
);
983 ADBBusState
*adb_bus
= &v1s
->adb_bus
;
985 if (mdc
->parent_phases
.hold
) {
986 mdc
->parent_phases
.hold(obj
);
989 ms
->timers
[0].frequency
= VIA_TIMER_FREQ
;
990 ms
->timers
[1].frequency
= VIA_TIMER_FREQ
;
992 ms
->b
= VIA1B_vADB_StateMask
| VIA1B_vADBInt
| VIA1B_vRTCEnb
;
995 adb_set_autopoll_enabled(adb_bus
, true);
996 v1s
->cmd
= REG_EMPTY
;
997 v1s
->alt
= REG_EMPTY
;
1000 static void mos6522_q800_via1_realize(DeviceState
*dev
, Error
**errp
)
1002 MOS6522Q800VIA1State
*v1s
= MOS6522_Q800_VIA1(dev
);
1003 ADBBusState
*adb_bus
= &v1s
->adb_bus
;
1007 v1s
->one_second_timer
= timer_new_ms(QEMU_CLOCK_VIRTUAL
, via1_one_second
,
1009 via1_one_second_update(v1s
);
1010 v1s
->sixty_hz_timer
= timer_new_ns(QEMU_CLOCK_VIRTUAL
, via1_sixty_hz
,
1012 via1_sixty_hz_update(v1s
);
1014 qemu_get_timedate(&tm
, 0);
1015 v1s
->tick_offset
= (uint32_t)mktimegm(&tm
) + RTC_OFFSET
;
1017 adb_register_autopoll_callback(adb_bus
, adb_via_poll
, v1s
);
1018 v1s
->adb_data_ready
= qdev_get_gpio_in(dev
, VIA1_IRQ_ADB_READY_BIT
);
1021 int64_t len
= blk_getlength(v1s
->blk
);
1023 error_setg_errno(errp
, -len
,
1024 "could not get length of backing image");
1027 ret
= blk_set_perm(v1s
->blk
,
1028 BLK_PERM_CONSISTENT_READ
| BLK_PERM_WRITE
,
1029 BLK_PERM_ALL
, errp
);
1034 ret
= blk_pread(v1s
->blk
, 0, sizeof(v1s
->PRAM
), v1s
->PRAM
, 0);
1036 error_setg(errp
, "can't read PRAM contents");
1042 static void mos6522_q800_via1_init(Object
*obj
)
1044 MOS6522Q800VIA1State
*v1s
= MOS6522_Q800_VIA1(obj
);
1045 SysBusDevice
*sbd
= SYS_BUS_DEVICE(v1s
);
1047 memory_region_init_io(&v1s
->via_mem
, obj
, &mos6522_q800_via1_ops
, v1s
,
1049 sysbus_init_mmio(sbd
, &v1s
->via_mem
);
1052 qbus_init((BusState
*)&v1s
->adb_bus
, sizeof(v1s
->adb_bus
),
1053 TYPE_ADB_BUS
, DEVICE(v1s
), "adb.0");
1056 qdev_init_gpio_out(DEVICE(obj
), &v1s
->auxmode_irq
, 1);
1059 static const VMStateDescription vmstate_q800_via1
= {
1060 .name
= "q800-via1",
1062 .minimum_version_id
= 0,
1063 .post_load
= via1_post_load
,
1064 .fields
= (VMStateField
[]) {
1065 VMSTATE_STRUCT(parent_obj
, MOS6522Q800VIA1State
, 0, vmstate_mos6522
,
1067 VMSTATE_UINT8(last_b
, MOS6522Q800VIA1State
),
1069 VMSTATE_BUFFER(PRAM
, MOS6522Q800VIA1State
),
1070 VMSTATE_UINT32(tick_offset
, MOS6522Q800VIA1State
),
1071 VMSTATE_UINT8(data_out
, MOS6522Q800VIA1State
),
1072 VMSTATE_INT32(data_out_cnt
, MOS6522Q800VIA1State
),
1073 VMSTATE_UINT8(data_in
, MOS6522Q800VIA1State
),
1074 VMSTATE_UINT8(data_in_cnt
, MOS6522Q800VIA1State
),
1075 VMSTATE_UINT8(cmd
, MOS6522Q800VIA1State
),
1076 VMSTATE_INT32(wprotect
, MOS6522Q800VIA1State
),
1077 VMSTATE_INT32(alt
, MOS6522Q800VIA1State
),
1079 VMSTATE_INT32(adb_data_in_size
, MOS6522Q800VIA1State
),
1080 VMSTATE_INT32(adb_data_in_index
, MOS6522Q800VIA1State
),
1081 VMSTATE_INT32(adb_data_out_index
, MOS6522Q800VIA1State
),
1082 VMSTATE_BUFFER(adb_data_in
, MOS6522Q800VIA1State
),
1083 VMSTATE_BUFFER(adb_data_out
, MOS6522Q800VIA1State
),
1084 VMSTATE_UINT8(adb_autopoll_cmd
, MOS6522Q800VIA1State
),
1086 VMSTATE_TIMER_PTR(one_second_timer
, MOS6522Q800VIA1State
),
1087 VMSTATE_INT64(next_second
, MOS6522Q800VIA1State
),
1088 VMSTATE_TIMER_PTR(sixty_hz_timer
, MOS6522Q800VIA1State
),
1089 VMSTATE_INT64(next_sixty_hz
, MOS6522Q800VIA1State
),
1090 VMSTATE_END_OF_LIST()
1094 static Property mos6522_q800_via1_properties
[] = {
1095 DEFINE_PROP_DRIVE("drive", MOS6522Q800VIA1State
, blk
),
1096 DEFINE_PROP_END_OF_LIST(),
1099 static void mos6522_q800_via1_class_init(ObjectClass
*oc
, void *data
)
1101 DeviceClass
*dc
= DEVICE_CLASS(oc
);
1102 ResettableClass
*rc
= RESETTABLE_CLASS(oc
);
1103 MOS6522DeviceClass
*mdc
= MOS6522_CLASS(oc
);
1105 dc
->realize
= mos6522_q800_via1_realize
;
1106 resettable_class_set_parent_phases(rc
, NULL
, mos6522_q800_via1_reset_hold
,
1107 NULL
, &mdc
->parent_phases
);
1108 dc
->vmsd
= &vmstate_q800_via1
;
1109 device_class_set_props(dc
, mos6522_q800_via1_properties
);
1112 static const TypeInfo mos6522_q800_via1_type_info
= {
1113 .name
= TYPE_MOS6522_Q800_VIA1
,
1114 .parent
= TYPE_MOS6522
,
1115 .instance_size
= sizeof(MOS6522Q800VIA1State
),
1116 .instance_init
= mos6522_q800_via1_init
,
1117 .class_init
= mos6522_q800_via1_class_init
,
1121 static void mos6522_q800_via2_portB_write(MOS6522State
*s
)
1123 if (s
->dirb
& VIA2B_vPower
&& (s
->b
& VIA2B_vPower
) == 0) {
1125 qemu_system_shutdown_request(SHUTDOWN_CAUSE_GUEST_SHUTDOWN
);
1129 static void mos6522_q800_via2_reset_hold(Object
*obj
)
1131 MOS6522State
*ms
= MOS6522(obj
);
1132 MOS6522DeviceClass
*mdc
= MOS6522_GET_CLASS(ms
);
1134 if (mdc
->parent_phases
.hold
) {
1135 mdc
->parent_phases
.hold(obj
);
1138 ms
->timers
[0].frequency
= VIA_TIMER_FREQ
;
1139 ms
->timers
[1].frequency
= VIA_TIMER_FREQ
;
1147 static void via2_nubus_irq_request(void *opaque
, int n
, int level
)
1149 MOS6522Q800VIA2State
*v2s
= opaque
;
1150 MOS6522State
*s
= MOS6522(v2s
);
1151 qemu_irq irq
= qdev_get_gpio_in(DEVICE(s
), VIA2_IRQ_NUBUS_BIT
);
1154 /* Port A nubus IRQ inputs are active LOW */
1160 /* Negative edge trigger */
1161 qemu_set_irq(irq
, !level
);
1164 static void mos6522_q800_via2_init(Object
*obj
)
1166 MOS6522Q800VIA2State
*v2s
= MOS6522_Q800_VIA2(obj
);
1167 SysBusDevice
*sbd
= SYS_BUS_DEVICE(v2s
);
1169 memory_region_init_io(&v2s
->via_mem
, obj
, &mos6522_q800_via2_ops
, v2s
,
1171 sysbus_init_mmio(sbd
, &v2s
->via_mem
);
1173 qdev_init_gpio_in_named(DEVICE(obj
), via2_nubus_irq_request
, "nubus-irq",
1177 static const VMStateDescription vmstate_q800_via2
= {
1178 .name
= "q800-via2",
1180 .minimum_version_id
= 0,
1181 .fields
= (VMStateField
[]) {
1182 VMSTATE_STRUCT(parent_obj
, MOS6522Q800VIA2State
, 0, vmstate_mos6522
,
1184 VMSTATE_END_OF_LIST()
1188 static void mos6522_q800_via2_class_init(ObjectClass
*oc
, void *data
)
1190 DeviceClass
*dc
= DEVICE_CLASS(oc
);
1191 ResettableClass
*rc
= RESETTABLE_CLASS(oc
);
1192 MOS6522DeviceClass
*mdc
= MOS6522_CLASS(oc
);
1194 resettable_class_set_parent_phases(rc
, NULL
, mos6522_q800_via2_reset_hold
,
1195 NULL
, &mdc
->parent_phases
);
1196 dc
->vmsd
= &vmstate_q800_via2
;
1197 mdc
->portB_write
= mos6522_q800_via2_portB_write
;
1200 static const TypeInfo mos6522_q800_via2_type_info
= {
1201 .name
= TYPE_MOS6522_Q800_VIA2
,
1202 .parent
= TYPE_MOS6522
,
1203 .instance_size
= sizeof(MOS6522Q800VIA2State
),
1204 .instance_init
= mos6522_q800_via2_init
,
1205 .class_init
= mos6522_q800_via2_class_init
,
1208 static void mac_via_register_types(void)
1210 type_register_static(&mos6522_q800_via1_type_info
);
1211 type_register_static(&mos6522_q800_via2_type_info
);
1214 type_init(mac_via_register_types
);