xref: /openbmc/qemu/hw/misc/mac_via.c (revision 7893e42d5d9cafeeab30a114e8ec86517f8a1b36)
1 /*
2  * QEMU m68k Macintosh VIA device support
3  *
4  * Copyright (c) 2011-2018 Laurent Vivier
5  * Copyright (c) 2018 Mark Cave-Ayland
6  *
7  * Some parts from hw/misc/macio/cuda.c
8  *
9  * Copyright (c) 2004-2007 Fabrice Bellard
10  * Copyright (c) 2007 Jocelyn Mayer
11  *
12  * some parts from linux-2.6.29, arch/m68k/include/asm/mac_via.h
13  *
14  * This work is licensed under the terms of the GNU GPL, version 2 or later.
15  * See the COPYING file in the top-level directory.
16  */
17 
18 #include "qemu/osdep.h"
19 #include "migration/vmstate.h"
20 #include "hw/sysbus.h"
21 #include "hw/irq.h"
22 #include "qemu/timer.h"
23 #include "hw/misc/mac_via.h"
24 #include "hw/misc/mos6522.h"
25 #include "hw/input/adb.h"
26 #include "sysemu/runstate.h"
27 #include "qapi/error.h"
28 #include "qemu/cutils.h"
29 #include "hw/qdev-properties.h"
30 #include "hw/qdev-properties-system.h"
31 #include "sysemu/block-backend.h"
32 #include "sysemu/rtc.h"
33 #include "trace.h"
34 #include "qemu/log.h"
35 
36 /*
37  * VIAs: There are two in every machine
38  */
39 
40 /*
41  * Not all of these are true post MacII I think.
42  * CSA: probably the ones CHRP marks as 'unused' change purposes
43  * when the IWM becomes the SWIM.
44  * http://www.rs6000.ibm.com/resource/technology/chrpio/via5.mak.html
45  * ftp://ftp.austin.ibm.com/pub/technology/spec/chrp/inwork/CHRP_IORef_1.0.pdf
46  *
47  * also, http://developer.apple.com/technotes/hw/hw_09.html claims the
48  * following changes for IIfx:
49  * VIA1A_vSccWrReq not available and that VIA1A_vSync has moved to an IOP.
50  * Also, "All of the functionality of VIA2 has been moved to other chips".
51  */
52 
53 #define VIA1A_vSccWrReq 0x80   /*
54                                 * SCC write. (input)
55                                 * [CHRP] SCC WREQ: Reflects the state of the
56                                 * Wait/Request pins from the SCC.
57                                 * [Macintosh Family Hardware]
58                                 * as CHRP on SE/30,II,IIx,IIcx,IIci.
59                                 * on IIfx, "0 means an active request"
60                                 */
61 #define VIA1A_vRev8     0x40   /*
62                                 * Revision 8 board ???
63                                 * [CHRP] En WaitReqB: Lets the WaitReq_L
64                                 * signal from port B of the SCC appear on
65                                 * the PA7 input pin. Output.
66                                 * [Macintosh Family] On the SE/30, this
67                                 * is the bit to flip screen buffers.
68                                 * 0=alternate, 1=main.
69                                 * on II,IIx,IIcx,IIci,IIfx this is a bit
70                                 * for Rev ID. 0=II,IIx, 1=IIcx,IIci,IIfx
71                                 */
72 #define VIA1A_vHeadSel  0x20   /*
73                                 * Head select for IWM.
74                                 * [CHRP] unused.
75                                 * [Macintosh Family] "Floppy disk
76                                 * state-control line SEL" on all but IIfx
77                                 */
78 #define VIA1A_vOverlay  0x10   /*
79                                 * [Macintosh Family] On SE/30,II,IIx,IIcx
80                                 * this bit enables the "Overlay" address
81                                 * map in the address decoders as it is on
82                                 * reset for mapping the ROM over the reset
83                                 * vector. 1=use overlay map.
84                                 * On the IIci,IIfx it is another bit of the
85                                 * CPU ID: 0=normal IIci, 1=IIci with parity
86                                 * feature or IIfx.
87                                 * [CHRP] En WaitReqA: Lets the WaitReq_L
88                                 * signal from port A of the SCC appear
89                                 * on the PA7 input pin (CHRP). Output.
90                                 * [MkLinux] "Drive Select"
91                                 *  (with 0x20 being 'disk head select')
92                                 */
93 #define VIA1A_vSync     0x08   /*
94                                 * [CHRP] Sync Modem: modem clock select:
95                                 * 1: select the external serial clock to
96                                 *    drive the SCC's /RTxCA pin.
97                                 * 0: Select the 3.6864MHz clock to drive
98                                 *    the SCC cell.
99                                 * [Macintosh Family] Correct on all but IIfx
100                                 */
101 
102 /*
103  * Macintosh Family Hardware sez: bits 0-2 of VIA1A are volume control
104  * on Macs which had the PWM sound hardware.  Reserved on newer models.
105  * On IIci,IIfx, bits 1-2 are the rest of the CPU ID:
106  * bit 2: 1=IIci, 0=IIfx
107  * bit 1: 1 on both IIci and IIfx.
108  * MkLinux sez bit 0 is 'burnin flag' in this case.
109  * CHRP sez: VIA1A bits 0-2 and 5 are 'unused': if programmed as
110  * inputs, these bits will read 0.
111  */
112 #define VIA1A_vVolume   0x07    /* Audio volume mask for PWM */
113 #define VIA1A_CPUID0    0x02    /* CPU id bit 0 on RBV, others */
114 #define VIA1A_CPUID1    0x04    /* CPU id bit 0 on RBV, others */
115 #define VIA1A_CPUID2    0x10    /* CPU id bit 0 on RBV, others */
116 #define VIA1A_CPUID3    0x40    /* CPU id bit 0 on RBV, others */
117 
118 /*
119  * Info on VIA1B is from Macintosh Family Hardware & MkLinux.
120  * CHRP offers no info.
121  */
122 #define VIA1B_vSound   0x80    /*
123                                 * Sound enable (for compatibility with
124                                 * PWM hardware) 0=enabled.
125                                 * Also, on IIci w/parity, shows parity error
126                                 * 0=error, 1=OK.
127                                 */
128 #define VIA1B_vMystery 0x40    /*
129                                 * On IIci, parity enable. 0=enabled,1=disabled
130                                 * On SE/30, vertical sync interrupt enable.
131                                 * 0=enabled. This vSync interrupt shows up
132                                 * as a slot $E interrupt.
133                                 * On Quadra 800 this bit toggles A/UX mode which
134                                 * configures the glue logic to deliver some IRQs
135                                 * at different levels compared to a classic
136                                 * Mac.
137                                 */
138 #define VIA1B_vADBS2   0x20    /* ADB state input bit 1 (unused on IIfx) */
139 #define VIA1B_vADBS1   0x10    /* ADB state input bit 0 (unused on IIfx) */
140 #define VIA1B_vADBInt  0x08    /* ADB interrupt 0=interrupt (unused on IIfx)*/
141 #define VIA1B_vRTCEnb  0x04    /* Enable Real time clock. 0=enabled. */
142 #define VIA1B_vRTCClk  0x02    /* Real time clock serial-clock line. */
143 #define VIA1B_vRTCData 0x01    /* Real time clock serial-data line. */
144 
145 /*
146  *    VIA2 A register is the interrupt lines raised off the nubus
147  *    slots.
148  *      The below info is from 'Macintosh Family Hardware.'
149  *      MkLinux calls the 'IIci internal video IRQ' below the 'RBV slot 0 irq.'
150  *      It also notes that the slot $9 IRQ is the 'Ethernet IRQ' and
151  *      defines the 'Video IRQ' as 0x40 for the 'EVR' VIA work-alike.
152  *      Perhaps OSS uses vRAM1 and vRAM2 for ADB.
153  */
154 
155 #define VIA2A_vRAM1    0x80    /* RAM size bit 1 (IIci: reserved) */
156 #define VIA2A_vRAM0    0x40    /* RAM size bit 0 (IIci: internal video IRQ) */
157 #define VIA2A_vIRQE    0x20    /* IRQ from slot $E */
158 #define VIA2A_vIRQD    0x10    /* IRQ from slot $D */
159 #define VIA2A_vIRQC    0x08    /* IRQ from slot $C */
160 #define VIA2A_vIRQB    0x04    /* IRQ from slot $B */
161 #define VIA2A_vIRQA    0x02    /* IRQ from slot $A */
162 #define VIA2A_vIRQ9    0x01    /* IRQ from slot $9 */
163 
164 /*
165  * RAM size bits decoded as follows:
166  * bit1 bit0  size of ICs in bank A
167  *  0    0    256 kbit
168  *  0    1    1 Mbit
169  *  1    0    4 Mbit
170  *  1    1   16 Mbit
171  */
172 
173 /*
174  *    Register B has the fun stuff in it
175  */
176 
177 #define VIA2B_vVBL    0x80    /*
178                                * VBL output to VIA1 (60.15Hz) driven by
179                                * timer T1.
180                                * on IIci, parity test: 0=test mode.
181                                * [MkLinux] RBV_PARODD: 1=odd,0=even.
182                                */
183 #define VIA2B_vSndJck 0x40    /*
184                                * External sound jack status.
185                                * 0=plug is inserted.  On SE/30, always 0
186                                */
187 #define VIA2B_vTfr0   0x20    /* Transfer mode bit 0 ack from NuBus */
188 #define VIA2B_vTfr1   0x10    /* Transfer mode bit 1 ack from NuBus */
189 #define VIA2B_vMode32 0x08    /*
190                                * 24/32bit switch - doubles as cache flush
191                                * on II, AMU/PMMU control.
192                                *   if AMU, 0=24bit to 32bit translation
193                                *   if PMMU, 1=PMMU is accessing page table.
194                                * on SE/30 tied low.
195                                * on IIx,IIcx,IIfx, unused.
196                                * on IIci/RBV, cache control. 0=flush cache.
197                                */
198 #define VIA2B_vPower  0x04   /*
199                               * Power off, 0=shut off power.
200                               * on SE/30 this signal sent to PDS card.
201                               */
202 #define VIA2B_vBusLk  0x02   /*
203                               * Lock NuBus transactions, 0=locked.
204                               * on SE/30 sent to PDS card.
205                               */
206 #define VIA2B_vCDis   0x01   /*
207                               * Cache control. On IIci, 1=disable cache card
208                               * on others, 0=disable processor's instruction
209                               * and data caches.
210                               */
211 
212 /* interrupt flags */
213 
214 #define IRQ_SET         0x80
215 
216 /* common */
217 
218 #define VIA_IRQ_TIMER1      0x40
219 #define VIA_IRQ_TIMER2      0x20
220 
221 /*
222  * Apple sez: http://developer.apple.com/technotes/ov/ov_04.html
223  * Another example of a valid function that has no ROM support is the use
224  * of the alternate video page for page-flipping animation. Since there
225  * is no ROM call to flip pages, it is necessary to go play with the
226  * right bit in the VIA chip (6522 Versatile Interface Adapter).
227  * [CSA: don't know which one this is, but it's one of 'em!]
228  */
229 
230 /*
231  *    6522 registers - see databook.
232  * CSA: Assignments for VIA1 confirmed from CHRP spec.
233  */
234 
235 /* partial address decode.  0xYYXX : XX part for RBV, YY part for VIA */
236 /* Note: 15 VIA regs, 8 RBV regs */
237 
238 #define vBufB    0x0000  /* [VIA/RBV]  Register B */
239 #define vBufAH   0x0200  /* [VIA only] Buffer A, with handshake. DON'T USE! */
240 #define vDirB    0x0400  /* [VIA only] Data Direction Register B. */
241 #define vDirA    0x0600  /* [VIA only] Data Direction Register A. */
242 #define vT1CL    0x0800  /* [VIA only] Timer one counter low. */
243 #define vT1CH    0x0a00  /* [VIA only] Timer one counter high. */
244 #define vT1LL    0x0c00  /* [VIA only] Timer one latches low. */
245 #define vT1LH    0x0e00  /* [VIA only] Timer one latches high. */
246 #define vT2CL    0x1000  /* [VIA only] Timer two counter low. */
247 #define vT2CH    0x1200  /* [VIA only] Timer two counter high. */
248 #define vSR      0x1400  /* [VIA only] Shift register. */
249 #define vACR     0x1600  /* [VIA only] Auxiliary control register. */
250 #define vPCR     0x1800  /* [VIA only] Peripheral control register. */
251                          /*
252                           *           CHRP sez never ever to *write* this.
253                           *            Mac family says never to *change* this.
254                           * In fact we need to initialize it once at start.
255                           */
256 #define vIFR     0x1a00  /* [VIA/RBV]  Interrupt flag register. */
257 #define vIER     0x1c00  /* [VIA/RBV]  Interrupt enable register. */
258 #define vBufA    0x1e00  /* [VIA/RBV] register A (no handshake) */
259 
260 /* from linux 2.6 drivers/macintosh/via-macii.c */
261 
262 /* Bits in ACR */
263 
264 #define VIA1ACR_vShiftCtrl         0x1c        /* Shift register control bits */
265 #define VIA1ACR_vShiftExtClk       0x0c        /* Shift on external clock */
266 #define VIA1ACR_vShiftOut          0x10        /* Shift out if 1 */
267 
268 /*
269  * Apple Macintosh Family Hardware Refenece
270  * Table 19-10 ADB transaction states
271  */
272 
273 #define ADB_STATE_NEW       0
274 #define ADB_STATE_EVEN      1
275 #define ADB_STATE_ODD       2
276 #define ADB_STATE_IDLE      3
277 
278 #define VIA1B_vADB_StateMask    (VIA1B_vADBS1 | VIA1B_vADBS2)
279 #define VIA1B_vADB_StateShift   4
280 
281 #define VIA_TIMER_FREQ (783360)
282 #define VIA_ADB_POLL_FREQ 50 /* XXX: not real */
283 
284 /*
285  * Guide to the Macintosh Family Hardware ch. 12 "Displays" p. 401 gives the
286  * precise 60Hz interrupt frequency as ~60.15Hz with a period of 16625.8 us
287  */
288 #define VIA_60HZ_TIMER_PERIOD_NS   16625800
289 
290 /* VIA returns time offset from Jan 1, 1904, not 1970 */
291 #define RTC_OFFSET 2082844800
292 
293 enum {
294     REG_0,
295     REG_1,
296     REG_2,
297     REG_3,
298     REG_TEST,
299     REG_WPROTECT,
300     REG_PRAM_ADDR,
301     REG_PRAM_ADDR_LAST = REG_PRAM_ADDR + 19,
302     REG_PRAM_SECT,
303     REG_PRAM_SECT_LAST = REG_PRAM_SECT + 7,
304     REG_INVALID,
305     REG_EMPTY = 0xff,
306 };
307 
308 static void via1_sixty_hz_update(MOS6522Q800VIA1State *v1s)
309 {
310     /* 60 Hz irq */
311     v1s->next_sixty_hz = (qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) +
312                           VIA_60HZ_TIMER_PERIOD_NS) /
313                           VIA_60HZ_TIMER_PERIOD_NS * VIA_60HZ_TIMER_PERIOD_NS;
314     timer_mod(v1s->sixty_hz_timer, v1s->next_sixty_hz);
315 }
316 
317 static void via1_one_second_update(MOS6522Q800VIA1State *v1s)
318 {
319     v1s->next_second = (qemu_clock_get_ms(QEMU_CLOCK_VIRTUAL) + 1000) /
320                        1000 * 1000;
321     timer_mod(v1s->one_second_timer, v1s->next_second);
322 }
323 
324 static void via1_sixty_hz(void *opaque)
325 {
326     MOS6522Q800VIA1State *v1s = opaque;
327     MOS6522State *s = MOS6522(v1s);
328     qemu_irq irq = qdev_get_gpio_in(DEVICE(s), VIA1_IRQ_60HZ_BIT);
329 
330     /* Negative edge trigger */
331     qemu_irq_lower(irq);
332     qemu_irq_raise(irq);
333 
334     via1_sixty_hz_update(v1s);
335 }
336 
337 static void via1_one_second(void *opaque)
338 {
339     MOS6522Q800VIA1State *v1s = opaque;
340     MOS6522State *s = MOS6522(v1s);
341     qemu_irq irq = qdev_get_gpio_in(DEVICE(s), VIA1_IRQ_ONE_SECOND_BIT);
342 
343     /* Negative edge trigger */
344     qemu_irq_lower(irq);
345     qemu_irq_raise(irq);
346 
347     via1_one_second_update(v1s);
348 }
349 
350 
351 static void pram_update(MOS6522Q800VIA1State *v1s)
352 {
353     if (v1s->blk) {
354         if (blk_pwrite(v1s->blk, 0, sizeof(v1s->PRAM), v1s->PRAM, 0) < 0) {
355             qemu_log("pram_update: cannot write to file\n");
356         }
357     }
358 }
359 
360 /*
361  * RTC Commands
362  *
363  * Command byte    Register addressed by the command
364  *
365  * z00x0001        Seconds register 0 (lowest-order byte)
366  * z00x0101        Seconds register 1
367  * z00x1001        Seconds register 2
368  * z00x1101        Seconds register 3 (highest-order byte)
369  * 00110001        Test register (write-only)
370  * 00110101        Write-Protect Register (write-only)
371  * z010aa01        RAM address 100aa ($10-$13) (first 20 bytes only)
372  * z1aaaa01        RAM address 0aaaa ($00-$0F) (first 20 bytes only)
373  * z0111aaa        Extended memory designator and sector number
374  *
375  * For a read request, z=1, for a write z=0
376  * The letter x indicates don't care
377  * The letter a indicates bits whose value depend on what parameter
378  * RAM byte you want to address
379  */
380 static int via1_rtc_compact_cmd(uint8_t value)
381 {
382     uint8_t read = value & 0x80;
383 
384     value &= 0x7f;
385 
386     /* the last 2 bits of a command byte must always be 0b01 ... */
387     if ((value & 0x78) == 0x38) {
388         /* except for the extended memory designator */
389         return read | (REG_PRAM_SECT + (value & 0x07));
390     }
391     if ((value & 0x03) == 0x01) {
392         value >>= 2;
393         if ((value & 0x18) == 0) {
394             /* seconds registers */
395             return read | (REG_0 + (value & 0x03));
396         } else if ((value == 0x0c) && !read) {
397             return REG_TEST;
398         } else if ((value == 0x0d) && !read) {
399             return REG_WPROTECT;
400         } else if ((value & 0x1c) == 0x08) {
401             /* RAM address 0x10 to 0x13 */
402             return read | (REG_PRAM_ADDR + 0x10 + (value & 0x03));
403         } else if ((value & 0x10) == 0x10) {
404             /* RAM address 0x00 to 0x0f */
405             return read | (REG_PRAM_ADDR + (value & 0x0f));
406         }
407     }
408     return REG_INVALID;
409 }
410 
411 static void via1_rtc_update(MOS6522Q800VIA1State *v1s)
412 {
413     MOS6522State *s = MOS6522(v1s);
414     int cmd, sector, addr;
415     uint32_t time;
416 
417     if (s->b & VIA1B_vRTCEnb) {
418         return;
419     }
420 
421     if (s->dirb & VIA1B_vRTCData) {
422         /* send bits to the RTC */
423         if (!(v1s->last_b & VIA1B_vRTCClk) && (s->b & VIA1B_vRTCClk)) {
424             v1s->data_out <<= 1;
425             v1s->data_out |= s->b & VIA1B_vRTCData;
426             v1s->data_out_cnt++;
427         }
428         trace_via1_rtc_update_data_out(v1s->data_out_cnt, v1s->data_out);
429     } else {
430         trace_via1_rtc_update_data_in(v1s->data_in_cnt, v1s->data_in);
431         /* receive bits from the RTC */
432         if ((v1s->last_b & VIA1B_vRTCClk) &&
433             !(s->b & VIA1B_vRTCClk) &&
434             v1s->data_in_cnt) {
435             s->b = (s->b & ~VIA1B_vRTCData) |
436                    ((v1s->data_in >> 7) & VIA1B_vRTCData);
437             v1s->data_in <<= 1;
438             v1s->data_in_cnt--;
439         }
440         return;
441     }
442 
443     if (v1s->data_out_cnt != 8) {
444         return;
445     }
446 
447     v1s->data_out_cnt = 0;
448 
449     trace_via1_rtc_internal_status(v1s->cmd, v1s->alt, v1s->data_out);
450     /* first byte: it's a command */
451     if (v1s->cmd == REG_EMPTY) {
452 
453         cmd = via1_rtc_compact_cmd(v1s->data_out);
454         trace_via1_rtc_internal_cmd(cmd);
455 
456         if (cmd == REG_INVALID) {
457             trace_via1_rtc_cmd_invalid(v1s->data_out);
458             return;
459         }
460 
461         if (cmd & 0x80) { /* this is a read command */
462             switch (cmd & 0x7f) {
463             case REG_0...REG_3: /* seconds registers */
464                 /*
465                  * register 0 is lowest-order byte
466                  * register 3 is highest-order byte
467                  */
468 
469                 time = v1s->tick_offset + (qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL)
470                        / NANOSECONDS_PER_SECOND);
471                 trace_via1_rtc_internal_time(time);
472                 v1s->data_in = (time >> ((cmd & 0x03) << 3)) & 0xff;
473                 v1s->data_in_cnt = 8;
474                 trace_via1_rtc_cmd_seconds_read((cmd & 0x7f) - REG_0,
475                                                 v1s->data_in);
476                 break;
477             case REG_PRAM_ADDR...REG_PRAM_ADDR_LAST:
478                 /* PRAM address 0x00 -> 0x13 */
479                 v1s->data_in = v1s->PRAM[(cmd & 0x7f) - REG_PRAM_ADDR];
480                 v1s->data_in_cnt = 8;
481                 trace_via1_rtc_cmd_pram_read((cmd & 0x7f) - REG_PRAM_ADDR,
482                                              v1s->data_in);
483                 break;
484             case REG_PRAM_SECT...REG_PRAM_SECT_LAST:
485                 /*
486                  * extended memory designator and sector number
487                  * the only two-byte read command
488                  */
489                 trace_via1_rtc_internal_set_cmd(cmd);
490                 v1s->cmd = cmd;
491                 break;
492             default:
493                 g_assert_not_reached();
494                 break;
495             }
496             return;
497         }
498 
499         /* this is a write command, needs a parameter */
500         if (cmd == REG_WPROTECT || !v1s->wprotect) {
501             trace_via1_rtc_internal_set_cmd(cmd);
502             v1s->cmd = cmd;
503         } else {
504             trace_via1_rtc_internal_ignore_cmd(cmd);
505         }
506         return;
507     }
508 
509     /* second byte: it's a parameter */
510     if (v1s->alt == REG_EMPTY) {
511         switch (v1s->cmd & 0x7f) {
512         case REG_0...REG_3: /* seconds register */
513             /* FIXME */
514             trace_via1_rtc_cmd_seconds_write(v1s->cmd - REG_0, v1s->data_out);
515             v1s->cmd = REG_EMPTY;
516             break;
517         case REG_TEST:
518             /* device control: nothing to do */
519             trace_via1_rtc_cmd_test_write(v1s->data_out);
520             v1s->cmd = REG_EMPTY;
521             break;
522         case REG_WPROTECT:
523             /* Write Protect register */
524             trace_via1_rtc_cmd_wprotect_write(v1s->data_out);
525             v1s->wprotect = !!(v1s->data_out & 0x80);
526             v1s->cmd = REG_EMPTY;
527             break;
528         case REG_PRAM_ADDR...REG_PRAM_ADDR_LAST:
529             /* PRAM address 0x00 -> 0x13 */
530             trace_via1_rtc_cmd_pram_write(v1s->cmd - REG_PRAM_ADDR,
531                                           v1s->data_out);
532             v1s->PRAM[v1s->cmd - REG_PRAM_ADDR] = v1s->data_out;
533             pram_update(v1s);
534             v1s->cmd = REG_EMPTY;
535             break;
536         case REG_PRAM_SECT...REG_PRAM_SECT_LAST:
537             addr = (v1s->data_out >> 2) & 0x1f;
538             sector = (v1s->cmd & 0x7f) - REG_PRAM_SECT;
539             if (v1s->cmd & 0x80) {
540                 /* it's a read */
541                 v1s->data_in = v1s->PRAM[sector * 32 + addr];
542                 v1s->data_in_cnt = 8;
543                 trace_via1_rtc_cmd_pram_sect_read(sector, addr,
544                                                   sector * 32 + addr,
545                                                   v1s->data_in);
546                 v1s->cmd = REG_EMPTY;
547             } else {
548                 /* it's a write, we need one more parameter */
549                 trace_via1_rtc_internal_set_alt(addr, sector, addr);
550                 v1s->alt = addr;
551             }
552             break;
553         default:
554             g_assert_not_reached();
555             break;
556         }
557         return;
558     }
559 
560     /* third byte: it's the data of a REG_PRAM_SECT write */
561     g_assert(REG_PRAM_SECT <= v1s->cmd && v1s->cmd <= REG_PRAM_SECT_LAST);
562     sector = v1s->cmd - REG_PRAM_SECT;
563     v1s->PRAM[sector * 32 + v1s->alt] = v1s->data_out;
564     pram_update(v1s);
565     trace_via1_rtc_cmd_pram_sect_write(sector, v1s->alt, sector * 32 + v1s->alt,
566                                        v1s->data_out);
567     v1s->alt = REG_EMPTY;
568     v1s->cmd = REG_EMPTY;
569 }
570 
571 static void adb_via_poll(void *opaque)
572 {
573     MOS6522Q800VIA1State *v1s = MOS6522_Q800_VIA1(opaque);
574     MOS6522State *s = MOS6522(v1s);
575     ADBBusState *adb_bus = &v1s->adb_bus;
576     uint8_t obuf[9];
577     uint8_t *data = &s->sr;
578     int olen;
579 
580     /*
581      * Setting vADBInt below indicates that an autopoll reply has been
582      * received, however we must block autopoll until the point where
583      * the entire reply has been read back to the host
584      */
585     adb_autopoll_block(adb_bus);
586 
587     if (v1s->adb_data_in_size > 0 && v1s->adb_data_in_index == 0) {
588         /*
589          * For older Linux kernels that switch to IDLE mode after sending the
590          * ADB command, detect if there is an existing response and return that
591          * as a "fake" autopoll reply or bus timeout accordingly
592          */
593         *data = v1s->adb_data_out[0];
594         olen = v1s->adb_data_in_size;
595 
596         s->b &= ~VIA1B_vADBInt;
597         qemu_irq_raise(v1s->adb_data_ready);
598     } else {
599         /*
600          * Otherwise poll as normal
601          */
602         v1s->adb_data_in_index = 0;
603         v1s->adb_data_out_index = 0;
604         olen = adb_poll(adb_bus, obuf, adb_bus->autopoll_mask);
605 
606         if (olen > 0) {
607             /* Autopoll response */
608             *data = obuf[0];
609             olen--;
610             memcpy(v1s->adb_data_in, &obuf[1], olen);
611             v1s->adb_data_in_size = olen;
612 
613             s->b &= ~VIA1B_vADBInt;
614             qemu_irq_raise(v1s->adb_data_ready);
615         } else {
616             *data = v1s->adb_autopoll_cmd;
617             obuf[0] = 0xff;
618             obuf[1] = 0xff;
619             olen = 2;
620 
621             memcpy(v1s->adb_data_in, obuf, olen);
622             v1s->adb_data_in_size = olen;
623 
624             s->b &= ~VIA1B_vADBInt;
625             qemu_irq_raise(v1s->adb_data_ready);
626         }
627     }
628 
629     trace_via1_adb_poll(*data, (s->b & VIA1B_vADBInt) ? "+" : "-",
630                         adb_bus->status, v1s->adb_data_in_index, olen);
631 }
632 
633 static int adb_via_send_len(uint8_t data)
634 {
635     /* Determine the send length from the given ADB command */
636     uint8_t cmd = data & 0xc;
637     uint8_t reg = data & 0x3;
638 
639     switch (cmd) {
640     case 0x8:
641         /* Listen command */
642         switch (reg) {
643         case 2:
644             /* Register 2 is only used for the keyboard */
645             return 3;
646         case 3:
647             /*
648              * Fortunately our devices only implement writes
649              * to register 3 which is fixed at 2 bytes
650              */
651             return 3;
652         default:
653             qemu_log_mask(LOG_UNIMP, "ADB unknown length for register %d\n",
654                           reg);
655             return 1;
656         }
657     default:
658         /* Talk, BusReset */
659         return 1;
660     }
661 }
662 
663 static void adb_via_send(MOS6522Q800VIA1State *v1s, int state, uint8_t data)
664 {
665     MOS6522State *ms = MOS6522(v1s);
666     ADBBusState *adb_bus = &v1s->adb_bus;
667     uint16_t autopoll_mask;
668 
669     switch (state) {
670     case ADB_STATE_NEW:
671         /*
672          * Command byte: vADBInt tells host autopoll data already present
673          * in VIA shift register and ADB transceiver
674          */
675         adb_autopoll_block(adb_bus);
676 
677         if (adb_bus->status & ADB_STATUS_POLLREPLY) {
678             /* Tell the host the existing data is from autopoll */
679             ms->b &= ~VIA1B_vADBInt;
680         } else {
681             ms->b |= VIA1B_vADBInt;
682             v1s->adb_data_out_index = 0;
683             v1s->adb_data_out[v1s->adb_data_out_index++] = data;
684         }
685 
686         trace_via1_adb_send(" NEW", data, (ms->b & VIA1B_vADBInt) ? "+" : "-");
687         qemu_irq_raise(v1s->adb_data_ready);
688         break;
689 
690     case ADB_STATE_EVEN:
691     case ADB_STATE_ODD:
692         ms->b |= VIA1B_vADBInt;
693         v1s->adb_data_out[v1s->adb_data_out_index++] = data;
694 
695         trace_via1_adb_send(state == ADB_STATE_EVEN ? "EVEN" : " ODD",
696                             data, (ms->b & VIA1B_vADBInt) ? "+" : "-");
697         qemu_irq_raise(v1s->adb_data_ready);
698         break;
699 
700     case ADB_STATE_IDLE:
701         return;
702     }
703 
704     /* If the command is complete, execute it */
705     if (v1s->adb_data_out_index == adb_via_send_len(v1s->adb_data_out[0])) {
706         v1s->adb_data_in_size = adb_request(adb_bus, v1s->adb_data_in,
707                                             v1s->adb_data_out,
708                                             v1s->adb_data_out_index);
709         v1s->adb_data_in_index = 0;
710 
711         if (adb_bus->status & ADB_STATUS_BUSTIMEOUT) {
712             /*
713              * Bus timeout (but allow first EVEN and ODD byte to indicate
714              * timeout via vADBInt and SRQ status)
715              */
716             v1s->adb_data_in[0] = 0xff;
717             v1s->adb_data_in[1] = 0xff;
718             v1s->adb_data_in_size = 2;
719         }
720 
721         /*
722          * If last command is TALK, store it for use by autopoll and adjust
723          * the autopoll mask accordingly
724          */
725         if ((v1s->adb_data_out[0] & 0xc) == 0xc) {
726             v1s->adb_autopoll_cmd = v1s->adb_data_out[0];
727 
728             autopoll_mask = 1 << (v1s->adb_autopoll_cmd >> 4);
729             adb_set_autopoll_mask(adb_bus, autopoll_mask);
730         }
731     }
732 }
733 
734 static void adb_via_receive(MOS6522Q800VIA1State *v1s, int state, uint8_t *data)
735 {
736     MOS6522State *ms = MOS6522(v1s);
737     ADBBusState *adb_bus = &v1s->adb_bus;
738     uint16_t pending;
739 
740     switch (state) {
741     case ADB_STATE_NEW:
742         ms->b |= VIA1B_vADBInt;
743         return;
744 
745     case ADB_STATE_IDLE:
746         ms->b |= VIA1B_vADBInt;
747         adb_autopoll_unblock(adb_bus);
748 
749         trace_via1_adb_receive("IDLE", *data,
750                         (ms->b & VIA1B_vADBInt) ? "+" : "-", adb_bus->status,
751                         v1s->adb_data_in_index, v1s->adb_data_in_size);
752 
753         break;
754 
755     case ADB_STATE_EVEN:
756     case ADB_STATE_ODD:
757         switch (v1s->adb_data_in_index) {
758         case 0:
759             /* First EVEN byte: vADBInt indicates bus timeout */
760             *data = v1s->adb_data_in[v1s->adb_data_in_index];
761             if (adb_bus->status & ADB_STATUS_BUSTIMEOUT) {
762                 ms->b &= ~VIA1B_vADBInt;
763             } else {
764                 ms->b |= VIA1B_vADBInt;
765             }
766 
767             trace_via1_adb_receive(state == ADB_STATE_EVEN ? "EVEN" : " ODD",
768                                    *data, (ms->b & VIA1B_vADBInt) ? "+" : "-",
769                                    adb_bus->status, v1s->adb_data_in_index,
770                                    v1s->adb_data_in_size);
771 
772             v1s->adb_data_in_index++;
773             break;
774 
775         case 1:
776             /* First ODD byte: vADBInt indicates SRQ */
777             *data = v1s->adb_data_in[v1s->adb_data_in_index];
778             pending = adb_bus->pending & ~(1 << (v1s->adb_autopoll_cmd >> 4));
779             if (pending) {
780                 ms->b &= ~VIA1B_vADBInt;
781             } else {
782                 ms->b |= VIA1B_vADBInt;
783             }
784 
785             trace_via1_adb_receive(state == ADB_STATE_EVEN ? "EVEN" : " ODD",
786                                    *data, (ms->b & VIA1B_vADBInt) ? "+" : "-",
787                                    adb_bus->status, v1s->adb_data_in_index,
788                                    v1s->adb_data_in_size);
789 
790             v1s->adb_data_in_index++;
791             break;
792 
793         default:
794             /*
795              * Otherwise vADBInt indicates end of data. Note that Linux
796              * specifically checks for the sequence 0x0 0xff to confirm the
797              * end of the poll reply, so provide these extra bytes below to
798              * keep it happy
799              */
800             if (v1s->adb_data_in_index < v1s->adb_data_in_size) {
801                 /* Next data byte */
802                 *data = v1s->adb_data_in[v1s->adb_data_in_index];
803                 ms->b |= VIA1B_vADBInt;
804             } else if (v1s->adb_data_in_index == v1s->adb_data_in_size) {
805                 if (adb_bus->status & ADB_STATUS_BUSTIMEOUT) {
806                     /* Bus timeout (no more data) */
807                     *data = 0xff;
808                 } else {
809                     /* Return 0x0 after reply */
810                     *data = 0;
811                 }
812                 ms->b &= ~VIA1B_vADBInt;
813             } else {
814                 /* Bus timeout (no more data) */
815                 *data = 0xff;
816                 ms->b &= ~VIA1B_vADBInt;
817                 adb_bus->status = 0;
818                 adb_autopoll_unblock(adb_bus);
819             }
820 
821             trace_via1_adb_receive(state == ADB_STATE_EVEN ? "EVEN" : " ODD",
822                                    *data, (ms->b & VIA1B_vADBInt) ? "+" : "-",
823                                    adb_bus->status, v1s->adb_data_in_index,
824                                    v1s->adb_data_in_size);
825 
826             if (v1s->adb_data_in_index <= v1s->adb_data_in_size) {
827                 v1s->adb_data_in_index++;
828             }
829             break;
830         }
831 
832         qemu_irq_raise(v1s->adb_data_ready);
833         break;
834     }
835 }
836 
837 static void via1_adb_update(MOS6522Q800VIA1State *v1s)
838 {
839     MOS6522State *s = MOS6522(v1s);
840     int oldstate, state;
841 
842     oldstate = (v1s->last_b & VIA1B_vADB_StateMask) >> VIA1B_vADB_StateShift;
843     state = (s->b & VIA1B_vADB_StateMask) >> VIA1B_vADB_StateShift;
844 
845     if (state != oldstate) {
846         if (s->acr & VIA1ACR_vShiftOut) {
847             /* output mode */
848             adb_via_send(v1s, state, s->sr);
849         } else {
850             /* input mode */
851             adb_via_receive(v1s, state, &s->sr);
852         }
853     }
854 }
855 
856 static void via1_auxmode_update(MOS6522Q800VIA1State *v1s)
857 {
858     MOS6522State *s = MOS6522(v1s);
859     int oldirq, irq;
860 
861     oldirq = (v1s->last_b & VIA1B_vMystery) ? 1 : 0;
862     irq = (s->b & VIA1B_vMystery) ? 1 : 0;
863 
864     /* Check to see if the A/UX mode bit has changed */
865     if (irq != oldirq) {
866         trace_via1_auxmode(irq);
867         qemu_set_irq(v1s->auxmode_irq, irq);
868     }
869 }
870 
871 static uint64_t mos6522_q800_via1_read(void *opaque, hwaddr addr, unsigned size)
872 {
873     MOS6522Q800VIA1State *s = MOS6522_Q800_VIA1(opaque);
874     MOS6522State *ms = MOS6522(s);
875 
876     addr = (addr >> 9) & 0xf;
877     return mos6522_read(ms, addr, size);
878 }
879 
880 static void mos6522_q800_via1_write(void *opaque, hwaddr addr, uint64_t val,
881                                     unsigned size)
882 {
883     MOS6522Q800VIA1State *v1s = MOS6522_Q800_VIA1(opaque);
884     MOS6522State *ms = MOS6522(v1s);
885 
886     addr = (addr >> 9) & 0xf;
887     mos6522_write(ms, addr, val, size);
888 
889     switch (addr) {
890     case VIA_REG_B:
891         via1_rtc_update(v1s);
892         via1_adb_update(v1s);
893         via1_auxmode_update(v1s);
894 
895         v1s->last_b = ms->b;
896         break;
897     }
898 }
899 
900 static const MemoryRegionOps mos6522_q800_via1_ops = {
901     .read = mos6522_q800_via1_read,
902     .write = mos6522_q800_via1_write,
903     .endianness = DEVICE_BIG_ENDIAN,
904     .valid = {
905         .min_access_size = 1,
906         .max_access_size = 4,
907     },
908 };
909 
910 static uint64_t mos6522_q800_via2_read(void *opaque, hwaddr addr, unsigned size)
911 {
912     MOS6522Q800VIA2State *s = MOS6522_Q800_VIA2(opaque);
913     MOS6522State *ms = MOS6522(s);
914     uint64_t val;
915 
916     addr = (addr >> 9) & 0xf;
917     val = mos6522_read(ms, addr, size);
918 
919     switch (addr) {
920     case VIA_REG_IFR:
921         /*
922          * On a Q800 an emulated VIA2 is integrated into the onboard logic. The
923          * expectation of most OSs is that the DRQ bit is live, rather than
924          * latched as it would be on a real VIA so do the same here.
925          *
926          * Note: DRQ is negative edge triggered
927          */
928         val &= ~VIA2_IRQ_SCSI_DATA;
929         val |= (~ms->last_irq_levels & VIA2_IRQ_SCSI_DATA);
930         break;
931     }
932 
933     return val;
934 }
935 
936 static void mos6522_q800_via2_write(void *opaque, hwaddr addr, uint64_t val,
937                                     unsigned size)
938 {
939     MOS6522Q800VIA2State *s = MOS6522_Q800_VIA2(opaque);
940     MOS6522State *ms = MOS6522(s);
941 
942     addr = (addr >> 9) & 0xf;
943     mos6522_write(ms, addr, val, size);
944 }
945 
946 static const MemoryRegionOps mos6522_q800_via2_ops = {
947     .read = mos6522_q800_via2_read,
948     .write = mos6522_q800_via2_write,
949     .endianness = DEVICE_BIG_ENDIAN,
950     .valid = {
951         .min_access_size = 1,
952         .max_access_size = 4,
953     },
954 };
955 
956 static void via1_postload_update_cb(void *opaque, bool running, RunState state)
957 {
958     MOS6522Q800VIA1State *v1s = MOS6522_Q800_VIA1(opaque);
959 
960     qemu_del_vm_change_state_handler(v1s->vmstate);
961     v1s->vmstate = NULL;
962 
963     pram_update(v1s);
964 }
965 
966 static int via1_post_load(void *opaque, int version_id)
967 {
968     MOS6522Q800VIA1State *v1s = MOS6522_Q800_VIA1(opaque);
969 
970     if (v1s->blk) {
971         v1s->vmstate = qemu_add_vm_change_state_handler(
972                            via1_postload_update_cb, v1s);
973     }
974 
975     return 0;
976 }
977 
978 /* VIA 1 */
979 static void mos6522_q800_via1_reset_hold(Object *obj)
980 {
981     MOS6522Q800VIA1State *v1s = MOS6522_Q800_VIA1(obj);
982     MOS6522State *ms = MOS6522(v1s);
983     MOS6522DeviceClass *mdc = MOS6522_GET_CLASS(ms);
984     ADBBusState *adb_bus = &v1s->adb_bus;
985 
986     if (mdc->parent_phases.hold) {
987         mdc->parent_phases.hold(obj);
988     }
989 
990     ms->timers[0].frequency = VIA_TIMER_FREQ;
991     ms->timers[1].frequency = VIA_TIMER_FREQ;
992 
993     ms->b = VIA1B_vADB_StateMask | VIA1B_vADBInt | VIA1B_vRTCEnb;
994 
995     /* ADB/RTC */
996     adb_set_autopoll_enabled(adb_bus, true);
997     v1s->cmd = REG_EMPTY;
998     v1s->alt = REG_EMPTY;
999 }
1000 
1001 static void mos6522_q800_via1_realize(DeviceState *dev, Error **errp)
1002 {
1003     MOS6522Q800VIA1State *v1s = MOS6522_Q800_VIA1(dev);
1004     ADBBusState *adb_bus = &v1s->adb_bus;
1005     struct tm tm;
1006     int ret;
1007 
1008     v1s->one_second_timer = timer_new_ms(QEMU_CLOCK_VIRTUAL, via1_one_second,
1009                                          v1s);
1010     via1_one_second_update(v1s);
1011     v1s->sixty_hz_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, via1_sixty_hz,
1012                                        v1s);
1013     via1_sixty_hz_update(v1s);
1014 
1015     qemu_get_timedate(&tm, 0);
1016     v1s->tick_offset = (uint32_t)mktimegm(&tm) + RTC_OFFSET;
1017 
1018     adb_register_autopoll_callback(adb_bus, adb_via_poll, v1s);
1019     v1s->adb_data_ready = qdev_get_gpio_in(dev, VIA1_IRQ_ADB_READY_BIT);
1020 
1021     if (v1s->blk) {
1022         int64_t len = blk_getlength(v1s->blk);
1023         if (len < 0) {
1024             error_setg_errno(errp, -len,
1025                              "could not get length of backing image");
1026             return;
1027         }
1028         ret = blk_set_perm(v1s->blk,
1029                            BLK_PERM_CONSISTENT_READ | BLK_PERM_WRITE,
1030                            BLK_PERM_ALL, errp);
1031         if (ret < 0) {
1032             return;
1033         }
1034 
1035         ret = blk_pread(v1s->blk, 0, sizeof(v1s->PRAM), v1s->PRAM, 0);
1036         if (ret < 0) {
1037             error_setg(errp, "can't read PRAM contents");
1038             return;
1039         }
1040     }
1041 }
1042 
1043 static void mos6522_q800_via1_init(Object *obj)
1044 {
1045     MOS6522Q800VIA1State *v1s = MOS6522_Q800_VIA1(obj);
1046     SysBusDevice *sbd = SYS_BUS_DEVICE(v1s);
1047 
1048     memory_region_init_io(&v1s->via_mem, obj, &mos6522_q800_via1_ops, v1s,
1049                           "via1", VIA_SIZE);
1050     sysbus_init_mmio(sbd, &v1s->via_mem);
1051 
1052     /* ADB */
1053     qbus_init((BusState *)&v1s->adb_bus, sizeof(v1s->adb_bus),
1054               TYPE_ADB_BUS, DEVICE(v1s), "adb.0");
1055 
1056     /* A/UX mode */
1057     qdev_init_gpio_out(DEVICE(obj), &v1s->auxmode_irq, 1);
1058 }
1059 
1060 static const VMStateDescription vmstate_q800_via1 = {
1061     .name = "q800-via1",
1062     .version_id = 0,
1063     .minimum_version_id = 0,
1064     .post_load = via1_post_load,
1065     .fields = (VMStateField[]) {
1066         VMSTATE_STRUCT(parent_obj, MOS6522Q800VIA1State, 0, vmstate_mos6522,
1067                        MOS6522State),
1068         VMSTATE_UINT8(last_b, MOS6522Q800VIA1State),
1069         /* RTC */
1070         VMSTATE_BUFFER(PRAM, MOS6522Q800VIA1State),
1071         VMSTATE_UINT32(tick_offset, MOS6522Q800VIA1State),
1072         VMSTATE_UINT8(data_out, MOS6522Q800VIA1State),
1073         VMSTATE_INT32(data_out_cnt, MOS6522Q800VIA1State),
1074         VMSTATE_UINT8(data_in, MOS6522Q800VIA1State),
1075         VMSTATE_UINT8(data_in_cnt, MOS6522Q800VIA1State),
1076         VMSTATE_UINT8(cmd, MOS6522Q800VIA1State),
1077         VMSTATE_INT32(wprotect, MOS6522Q800VIA1State),
1078         VMSTATE_INT32(alt, MOS6522Q800VIA1State),
1079         /* ADB */
1080         VMSTATE_INT32(adb_data_in_size, MOS6522Q800VIA1State),
1081         VMSTATE_INT32(adb_data_in_index, MOS6522Q800VIA1State),
1082         VMSTATE_INT32(adb_data_out_index, MOS6522Q800VIA1State),
1083         VMSTATE_BUFFER(adb_data_in, MOS6522Q800VIA1State),
1084         VMSTATE_BUFFER(adb_data_out, MOS6522Q800VIA1State),
1085         VMSTATE_UINT8(adb_autopoll_cmd, MOS6522Q800VIA1State),
1086         /* Timers */
1087         VMSTATE_TIMER_PTR(one_second_timer, MOS6522Q800VIA1State),
1088         VMSTATE_INT64(next_second, MOS6522Q800VIA1State),
1089         VMSTATE_TIMER_PTR(sixty_hz_timer, MOS6522Q800VIA1State),
1090         VMSTATE_INT64(next_sixty_hz, MOS6522Q800VIA1State),
1091         VMSTATE_END_OF_LIST()
1092     }
1093 };
1094 
1095 static Property mos6522_q800_via1_properties[] = {
1096     DEFINE_PROP_DRIVE("drive", MOS6522Q800VIA1State, blk),
1097     DEFINE_PROP_END_OF_LIST(),
1098 };
1099 
1100 static void mos6522_q800_via1_class_init(ObjectClass *oc, void *data)
1101 {
1102     DeviceClass *dc = DEVICE_CLASS(oc);
1103     ResettableClass *rc = RESETTABLE_CLASS(oc);
1104     MOS6522DeviceClass *mdc = MOS6522_CLASS(oc);
1105 
1106     dc->realize = mos6522_q800_via1_realize;
1107     resettable_class_set_parent_phases(rc, NULL, mos6522_q800_via1_reset_hold,
1108                                        NULL, &mdc->parent_phases);
1109     dc->vmsd = &vmstate_q800_via1;
1110     device_class_set_props(dc, mos6522_q800_via1_properties);
1111 }
1112 
1113 static const TypeInfo mos6522_q800_via1_type_info = {
1114     .name = TYPE_MOS6522_Q800_VIA1,
1115     .parent = TYPE_MOS6522,
1116     .instance_size = sizeof(MOS6522Q800VIA1State),
1117     .instance_init = mos6522_q800_via1_init,
1118     .class_init = mos6522_q800_via1_class_init,
1119 };
1120 
1121 /* VIA 2 */
1122 static void mos6522_q800_via2_portB_write(MOS6522State *s)
1123 {
1124     if (s->dirb & VIA2B_vPower && (s->b & VIA2B_vPower) == 0) {
1125         /* shutdown */
1126         qemu_system_shutdown_request(SHUTDOWN_CAUSE_GUEST_SHUTDOWN);
1127     }
1128 }
1129 
1130 static void mos6522_q800_via2_reset_hold(Object *obj)
1131 {
1132     MOS6522State *ms = MOS6522(obj);
1133     MOS6522DeviceClass *mdc = MOS6522_GET_CLASS(ms);
1134 
1135     if (mdc->parent_phases.hold) {
1136         mdc->parent_phases.hold(obj);
1137     }
1138 
1139     ms->timers[0].frequency = VIA_TIMER_FREQ;
1140     ms->timers[1].frequency = VIA_TIMER_FREQ;
1141 
1142     ms->dirb = 0;
1143     ms->b = 0;
1144     ms->dira = 0;
1145     ms->a = 0x7f;
1146 }
1147 
1148 static void via2_nubus_irq_request(void *opaque, int n, int level)
1149 {
1150     MOS6522Q800VIA2State *v2s = opaque;
1151     MOS6522State *s = MOS6522(v2s);
1152     qemu_irq irq = qdev_get_gpio_in(DEVICE(s), VIA2_IRQ_NUBUS_BIT);
1153 
1154     if (level) {
1155         /* Port A nubus IRQ inputs are active LOW */
1156         s->a &= ~(1 << n);
1157     } else {
1158         s->a |= (1 << n);
1159     }
1160 
1161     /* Negative edge trigger */
1162     qemu_set_irq(irq, !level);
1163 }
1164 
1165 static void mos6522_q800_via2_init(Object *obj)
1166 {
1167     MOS6522Q800VIA2State *v2s = MOS6522_Q800_VIA2(obj);
1168     SysBusDevice *sbd = SYS_BUS_DEVICE(v2s);
1169 
1170     memory_region_init_io(&v2s->via_mem, obj, &mos6522_q800_via2_ops, v2s,
1171                           "via2", VIA_SIZE);
1172     sysbus_init_mmio(sbd, &v2s->via_mem);
1173 
1174     qdev_init_gpio_in_named(DEVICE(obj), via2_nubus_irq_request, "nubus-irq",
1175                             VIA2_NUBUS_IRQ_NB);
1176 }
1177 
1178 static const VMStateDescription vmstate_q800_via2 = {
1179     .name = "q800-via2",
1180     .version_id = 0,
1181     .minimum_version_id = 0,
1182     .fields = (VMStateField[]) {
1183         VMSTATE_STRUCT(parent_obj, MOS6522Q800VIA2State, 0, vmstate_mos6522,
1184                        MOS6522State),
1185         VMSTATE_END_OF_LIST()
1186     }
1187 };
1188 
1189 static void mos6522_q800_via2_class_init(ObjectClass *oc, void *data)
1190 {
1191     DeviceClass *dc = DEVICE_CLASS(oc);
1192     ResettableClass *rc = RESETTABLE_CLASS(oc);
1193     MOS6522DeviceClass *mdc = MOS6522_CLASS(oc);
1194 
1195     resettable_class_set_parent_phases(rc, NULL, mos6522_q800_via2_reset_hold,
1196                                        NULL, &mdc->parent_phases);
1197     dc->vmsd = &vmstate_q800_via2;
1198     mdc->portB_write = mos6522_q800_via2_portB_write;
1199 }
1200 
1201 static const TypeInfo mos6522_q800_via2_type_info = {
1202     .name = TYPE_MOS6522_Q800_VIA2,
1203     .parent = TYPE_MOS6522,
1204     .instance_size = sizeof(MOS6522Q800VIA2State),
1205     .instance_init = mos6522_q800_via2_init,
1206     .class_init = mos6522_q800_via2_class_init,
1207 };
1208 
1209 static void mac_via_register_types(void)
1210 {
1211     type_register_static(&mos6522_q800_via1_type_info);
1212     type_register_static(&mos6522_q800_via2_type_info);
1213 }
1214 
1215 type_init(mac_via_register_types);
1216