xref: /openbmc/qemu/hw/char/escc.c (revision 26111a30adac00c814af6672b8d99716949613e8)
1  /*
2   * QEMU ESCC (Z8030/Z8530/Z85C30/SCC/ESCC) serial port emulation
3   *
4   * Copyright (c) 2003-2005 Fabrice Bellard
5   *
6   * Permission is hereby granted, free of charge, to any person obtaining a copy
7   * of this software and associated documentation files (the "Software"), to deal
8   * in the Software without restriction, including without limitation the rights
9   * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
10   * copies of the Software, and to permit persons to whom the Software is
11   * furnished to do so, subject to the following conditions:
12   *
13   * The above copyright notice and this permission notice shall be included in
14   * all copies or substantial portions of the Software.
15   *
16   * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17   * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18   * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
19   * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20   * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
21   * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
22   * THE SOFTWARE.
23   */
24  
25  #include "qemu/osdep.h"
26  #include "hw/irq.h"
27  #include "hw/qdev-properties.h"
28  #include "hw/qdev-properties-system.h"
29  #include "hw/sysbus.h"
30  #include "migration/vmstate.h"
31  #include "qemu/module.h"
32  #include "hw/char/escc.h"
33  #include "ui/console.h"
34  
35  #include "qemu/cutils.h"
36  #include "trace.h"
37  
38  /*
39   * Chipset docs:
40   * "Z80C30/Z85C30/Z80230/Z85230/Z85233 SCC/ESCC User Manual",
41   * http://www.zilog.com/docs/serial/scc_escc_um.pdf
42   *
43   * On Sparc32 this is the serial port, mouse and keyboard part of chip STP2001
44   * (Slave I/O), also produced as NCR89C105. See
45   * http://www.ibiblio.org/pub/historic-linux/early-ports/Sparc/NCR/NCR89C105.txt
46   *
47   * The serial ports implement full AMD AM8530 or Zilog Z8530 chips,
48   * mouse and keyboard ports don't implement all functions and they are
49   * only asynchronous. There is no DMA.
50   *
51   * Z85C30 is also used on PowerMacs and m68k Macs.
52   *
53   * There are some small differences between Sparc version (sunzilog)
54   * and PowerMac (pmac):
55   *  Offset between control and data registers
56   *  There is some kind of lockup bug, but we can ignore it
57   *  CTS is inverted
58   *  DMA on pmac using DBDMA chip
59   *  pmac can do IRDA and faster rates, sunzilog can only do 38400
60   *  pmac baud rate generator clock is 3.6864 MHz, sunzilog 4.9152 MHz
61   *
62   * Linux driver for m68k Macs is the same as for PowerMac (pmac_zilog),
63   * but registers are grouped by type and not by channel:
64   * channel is selected by bit 0 of the address (instead of bit 1)
65   * and register is selected by bit 1 of the address (instead of bit 0).
66   */
67  
68  /*
69   * Modifications:
70   *  2006-Aug-10  Igor Kovalenko :   Renamed KBDQueue to SERIOQueue, implemented
71   *                                  serial mouse queue.
72   *                                  Implemented serial mouse protocol.
73   *
74   *  2010-May-23  Artyom Tarasenko:  Reworked IUS logic
75   */
76  
77  #define CHN_C(s) ((s)->chn == escc_chn_b ? 'b' : 'a')
78  
79  #define SERIAL_CTRL 0
80  #define SERIAL_DATA 1
81  
82  #define W_CMD     0
83  #define CMD_PTR_MASK   0x07
84  #define CMD_CMD_MASK   0x38
85  #define CMD_HI         0x08
86  #define CMD_CLR_TXINT  0x28
87  #define CMD_CLR_IUS    0x38
88  #define W_INTR    1
89  #define INTR_INTALL    0x01
90  #define INTR_TXINT     0x02
91  #define INTR_PAR_SPEC  0x04
92  #define INTR_RXMODEMSK 0x18
93  #define INTR_RXINT1ST  0x08
94  #define INTR_RXINTALL  0x10
95  #define INTR_WTRQ_TXRX 0x20
96  #define W_IVEC    2
97  #define W_RXCTRL  3
98  #define RXCTRL_RXEN    0x01
99  #define RXCTRL_HUNT    0x10
100  #define W_TXCTRL1 4
101  #define TXCTRL1_PAREN  0x01
102  #define TXCTRL1_PAREV  0x02
103  #define TXCTRL1_1STOP  0x04
104  #define TXCTRL1_1HSTOP 0x08
105  #define TXCTRL1_2STOP  0x0c
106  #define TXCTRL1_STPMSK 0x0c
107  #define TXCTRL1_CLK1X  0x00
108  #define TXCTRL1_CLK16X 0x40
109  #define TXCTRL1_CLK32X 0x80
110  #define TXCTRL1_CLK64X 0xc0
111  #define TXCTRL1_CLKMSK 0xc0
112  #define W_TXCTRL2 5
113  #define TXCTRL2_TXCRC  0x01
114  #define TXCTRL2_TXEN   0x08
115  #define TXCTRL2_BITMSK 0x60
116  #define TXCTRL2_5BITS  0x00
117  #define TXCTRL2_7BITS  0x20
118  #define TXCTRL2_6BITS  0x40
119  #define TXCTRL2_8BITS  0x60
120  #define W_SYNC1   6
121  #define W_SYNC2   7
122  #define W_TXBUF   8
123  #define W_MINTR   9
124  #define MINTR_VIS      0x01
125  #define MINTR_NV       0x02
126  #define MINTR_STATUSHI 0x10
127  #define MINTR_SOFTIACK 0x20
128  #define MINTR_RST_MASK 0xc0
129  #define MINTR_RST_B    0x40
130  #define MINTR_RST_A    0x80
131  #define MINTR_RST_ALL  0xc0
132  #define W_MISC1  10
133  #define MISC1_ENC_MASK 0x60
134  #define W_CLOCK  11
135  #define CLOCK_TRXC     0x08
136  #define W_BRGLO  12
137  #define W_BRGHI  13
138  #define W_MISC2  14
139  #define MISC2_BRG_EN   0x01
140  #define MISC2_BRG_SRC  0x02
141  #define MISC2_LCL_LOOP 0x10
142  #define MISC2_PLLCMD0  0x20
143  #define MISC2_PLLCMD1  0x40
144  #define MISC2_PLLCMD2  0x80
145  #define W_EXTINT 15
146  #define EXTINT_DCD     0x08
147  #define EXTINT_SYNCINT 0x10
148  #define EXTINT_CTSINT  0x20
149  #define EXTINT_TXUNDRN 0x40
150  #define EXTINT_BRKINT  0x80
151  
152  #define R_STATUS  0
153  #define STATUS_RXAV    0x01
154  #define STATUS_ZERO    0x02
155  #define STATUS_TXEMPTY 0x04
156  #define STATUS_DCD     0x08
157  #define STATUS_SYNC    0x10
158  #define STATUS_CTS     0x20
159  #define STATUS_TXUNDRN 0x40
160  #define STATUS_BRK     0x80
161  #define R_SPEC    1
162  #define SPEC_ALLSENT   0x01
163  #define SPEC_BITS8     0x06
164  #define R_IVEC    2
165  #define IVEC_TXINTB    0x00
166  #define IVEC_LONOINT   0x06
167  #define IVEC_LORXINTA  0x0c
168  #define IVEC_LORXINTB  0x04
169  #define IVEC_LOTXINTA  0x08
170  #define IVEC_HINOINT   0x60
171  #define IVEC_HIRXINTA  0x30
172  #define IVEC_HIRXINTB  0x20
173  #define IVEC_HITXINTA  0x10
174  #define R_INTR    3
175  #define INTR_EXTINTB   0x01
176  #define INTR_TXINTB    0x02
177  #define INTR_RXINTB    0x04
178  #define INTR_EXTINTA   0x08
179  #define INTR_TXINTA    0x10
180  #define INTR_RXINTA    0x20
181  #define R_IPEN    4
182  #define R_TXCTRL1 5
183  #define R_TXCTRL2 6
184  #define R_BC      7
185  #define R_RXBUF   8
186  #define R_RXCTRL  9
187  #define R_MISC   10
188  #define MISC_2CLKMISS  0x40
189  #define R_MISC1  11
190  #define R_BRGLO  12
191  #define R_BRGHI  13
192  #define R_MISC1I 14
193  #define R_EXTINT 15
194  
195  static uint8_t sunkbd_layout_dip_switch(const char *sunkbd_layout);
196  static void handle_kbd_command(ESCCChannelState *s, int val);
197  static int serial_can_receive(void *opaque);
198  static void serial_receive_byte(ESCCChannelState *s, int ch);
199  
200  static int reg_shift(ESCCState *s)
201  {
202      return s->bit_swap ? s->it_shift + 1 : s->it_shift;
203  }
204  
205  static int chn_shift(ESCCState *s)
206  {
207      return s->bit_swap ? s->it_shift : s->it_shift + 1;
208  }
209  
210  static void clear_queue(void *opaque)
211  {
212      ESCCChannelState *s = opaque;
213      ESCCSERIOQueue *q = &s->queue;
214      q->rptr = q->wptr = q->count = 0;
215  }
216  
217  static void put_queue(void *opaque, int b)
218  {
219      ESCCChannelState *s = opaque;
220      ESCCSERIOQueue *q = &s->queue;
221  
222      trace_escc_put_queue(CHN_C(s), b);
223      if (q->count >= ESCC_SERIO_QUEUE_SIZE) {
224          return;
225      }
226      q->data[q->wptr] = b;
227      if (++q->wptr == ESCC_SERIO_QUEUE_SIZE) {
228          q->wptr = 0;
229      }
230      q->count++;
231      serial_receive_byte(s, 0);
232  }
233  
234  static uint32_t get_queue(void *opaque)
235  {
236      ESCCChannelState *s = opaque;
237      ESCCSERIOQueue *q = &s->queue;
238      int val;
239  
240      if (q->count == 0) {
241          return 0;
242      } else {
243          val = q->data[q->rptr];
244          if (++q->rptr == ESCC_SERIO_QUEUE_SIZE) {
245              q->rptr = 0;
246          }
247          q->count--;
248      }
249      trace_escc_get_queue(CHN_C(s), val);
250      if (q->count > 0) {
251          serial_receive_byte(s, 0);
252      }
253      return val;
254  }
255  
256  static int escc_update_irq_chn(ESCCChannelState *s)
257  {
258      if ((((s->wregs[W_INTR] & INTR_TXINT) && (s->txint == 1)) ||
259          /* tx ints enabled, pending */
260          ((((s->wregs[W_INTR] & INTR_RXMODEMSK) == INTR_RXINT1ST) ||
261          ((s->wregs[W_INTR] & INTR_RXMODEMSK) == INTR_RXINTALL)) &&
262              s->rxint == 1) ||
263          /* rx ints enabled, pending */
264          ((s->wregs[W_EXTINT] & EXTINT_BRKINT) &&
265              (s->rregs[R_STATUS] & STATUS_BRK)))) {
266          /* break int e&p */
267          return 1;
268      }
269      return 0;
270  }
271  
272  static void escc_update_irq(ESCCChannelState *s)
273  {
274      int irq;
275  
276      irq = escc_update_irq_chn(s);
277      irq |= escc_update_irq_chn(s->otherchn);
278  
279      trace_escc_update_irq(irq);
280      qemu_set_irq(s->irq, irq);
281  }
282  
283  static void escc_reset_chn(ESCCChannelState *s)
284  {
285      s->reg = 0;
286      s->rx = s->tx = 0;
287      s->rxint = s->txint = 0;
288      s->rxint_under_svc = s->txint_under_svc = 0;
289      s->e0_mode = s->led_mode = s->caps_lock_mode = s->num_lock_mode = 0;
290      s->sunmouse_dx = s->sunmouse_dy = s->sunmouse_buttons = 0;
291      clear_queue(s);
292  }
293  
294  static void escc_soft_reset_chn(ESCCChannelState *s)
295  {
296      escc_reset_chn(s);
297  
298      s->wregs[W_CMD] = 0;
299      s->wregs[W_INTR] &= INTR_PAR_SPEC | INTR_WTRQ_TXRX;
300      s->wregs[W_RXCTRL] &= ~RXCTRL_RXEN;
301      /* 1 stop bit */
302      s->wregs[W_TXCTRL1] |= TXCTRL1_1STOP;
303      s->wregs[W_TXCTRL2] &= TXCTRL2_TXCRC | TXCTRL2_8BITS;
304      s->wregs[W_MINTR] &= ~MINTR_SOFTIACK;
305      s->wregs[W_MISC1] &= MISC1_ENC_MASK;
306      /* PLL disabled */
307      s->wregs[W_MISC2] &= MISC2_BRG_EN | MISC2_BRG_SRC |
308                           MISC2_PLLCMD1 | MISC2_PLLCMD2;
309      s->wregs[W_MISC2] |= MISC2_PLLCMD0;
310      /* Enable most interrupts */
311      s->wregs[W_EXTINT] = EXTINT_DCD | EXTINT_SYNCINT | EXTINT_CTSINT |
312                           EXTINT_TXUNDRN | EXTINT_BRKINT;
313  
314      s->rregs[R_STATUS] &= STATUS_DCD | STATUS_SYNC | STATUS_CTS | STATUS_BRK;
315      s->rregs[R_STATUS] |= STATUS_TXEMPTY | STATUS_TXUNDRN;
316      if (s->disabled) {
317          s->rregs[R_STATUS] |= STATUS_DCD | STATUS_SYNC | STATUS_CTS;
318      }
319      s->rregs[R_SPEC] &= SPEC_ALLSENT;
320      s->rregs[R_SPEC] |= SPEC_BITS8;
321      s->rregs[R_INTR] = 0;
322      s->rregs[R_MISC] &= MISC_2CLKMISS;
323  }
324  
325  static void escc_hard_reset_chn(ESCCChannelState *s)
326  {
327      escc_soft_reset_chn(s);
328  
329      /*
330       * Hard reset is almost identical to soft reset above, except that the
331       * values of WR9 (W_MINTR), WR10 (W_MISC1), WR11 (W_CLOCK) and WR14
332       * (W_MISC2) have extra bits forced to 0/1
333       */
334      s->wregs[W_MINTR] &= MINTR_VIS | MINTR_NV;
335      s->wregs[W_MINTR] |= MINTR_RST_B | MINTR_RST_A;
336      s->wregs[W_MISC1] = 0;
337      s->wregs[W_CLOCK] = CLOCK_TRXC;
338      s->wregs[W_MISC2] &= MISC2_PLLCMD1 | MISC2_PLLCMD2;
339      s->wregs[W_MISC2] |= MISC2_LCL_LOOP | MISC2_PLLCMD0;
340  }
341  
342  static void escc_reset(DeviceState *d)
343  {
344      ESCCState *s = ESCC(d);
345      int i, j;
346  
347      for (i = 0; i < 2; i++) {
348          ESCCChannelState *cs = &s->chn[i];
349  
350          /*
351           * According to the ESCC datasheet "Miscellaneous Questions" section
352           * on page 384, the values of the ESCC registers are not guaranteed on
353           * power-on until an explicit hardware or software reset has been
354           * issued. For now we zero the registers so that a device reset always
355           * returns the emulated device to a fixed state.
356           */
357          for (j = 0; j < ESCC_SERIAL_REGS; j++) {
358              cs->rregs[j] = 0;
359              cs->wregs[j] = 0;
360          }
361  
362          /*
363           * ...but there is an exception. The "Transmit Interrupts and Transmit
364           * Buffer Empty Bit" section on page 50 of the ESCC datasheet says of
365           * the STATUS_TXEMPTY bit in R_STATUS: "After a hardware reset
366           * (including a hardware reset by software), or a channel reset, this
367           * bit is set to 1". The Sun PROM checks this bit early on startup and
368           * gets stuck in an infinite loop if it is not set.
369           */
370          cs->rregs[R_STATUS] |= STATUS_TXEMPTY;
371  
372          escc_reset_chn(cs);
373      }
374  }
375  
376  static inline void set_rxint(ESCCChannelState *s)
377  {
378      s->rxint = 1;
379      /*
380       * XXX: missing daisy chaining: escc_chn_b rx should have a lower priority
381       * than chn_a rx/tx/special_condition service
382       */
383      s->rxint_under_svc = 1;
384      if (s->chn == escc_chn_a) {
385          s->rregs[R_INTR] |= INTR_RXINTA;
386          if (s->wregs[W_MINTR] & MINTR_STATUSHI) {
387              s->otherchn->rregs[R_IVEC] = IVEC_HIRXINTA;
388          } else {
389              s->otherchn->rregs[R_IVEC] = IVEC_LORXINTA;
390          }
391      } else {
392          s->otherchn->rregs[R_INTR] |= INTR_RXINTB;
393          if (s->wregs[W_MINTR] & MINTR_STATUSHI) {
394              s->rregs[R_IVEC] = IVEC_HIRXINTB;
395          } else {
396              s->rregs[R_IVEC] = IVEC_LORXINTB;
397          }
398      }
399      escc_update_irq(s);
400  }
401  
402  static inline void set_txint(ESCCChannelState *s)
403  {
404      s->txint = 1;
405      if (!s->rxint_under_svc) {
406          s->txint_under_svc = 1;
407          if (s->chn == escc_chn_a) {
408              if (s->wregs[W_INTR] & INTR_TXINT) {
409                  s->rregs[R_INTR] |= INTR_TXINTA;
410              }
411              if (s->wregs[W_MINTR] & MINTR_STATUSHI) {
412                  s->otherchn->rregs[R_IVEC] = IVEC_HITXINTA;
413              } else {
414                  s->otherchn->rregs[R_IVEC] = IVEC_LOTXINTA;
415              }
416          } else {
417              s->rregs[R_IVEC] = IVEC_TXINTB;
418              if (s->wregs[W_INTR] & INTR_TXINT) {
419                  s->otherchn->rregs[R_INTR] |= INTR_TXINTB;
420              }
421          }
422          escc_update_irq(s);
423      }
424  }
425  
426  static inline void clr_rxint(ESCCChannelState *s)
427  {
428      s->rxint = 0;
429      s->rxint_under_svc = 0;
430      if (s->chn == escc_chn_a) {
431          if (s->wregs[W_MINTR] & MINTR_STATUSHI) {
432              s->otherchn->rregs[R_IVEC] = IVEC_HINOINT;
433          } else {
434              s->otherchn->rregs[R_IVEC] = IVEC_LONOINT;
435          }
436          s->rregs[R_INTR] &= ~INTR_RXINTA;
437      } else {
438          if (s->wregs[W_MINTR] & MINTR_STATUSHI) {
439              s->rregs[R_IVEC] = IVEC_HINOINT;
440          } else {
441              s->rregs[R_IVEC] = IVEC_LONOINT;
442          }
443          s->otherchn->rregs[R_INTR] &= ~INTR_RXINTB;
444      }
445      if (s->txint) {
446          set_txint(s);
447      }
448      escc_update_irq(s);
449  }
450  
451  static inline void clr_txint(ESCCChannelState *s)
452  {
453      s->txint = 0;
454      s->txint_under_svc = 0;
455      if (s->chn == escc_chn_a) {
456          if (s->wregs[W_MINTR] & MINTR_STATUSHI) {
457              s->otherchn->rregs[R_IVEC] = IVEC_HINOINT;
458          } else {
459              s->otherchn->rregs[R_IVEC] = IVEC_LONOINT;
460          }
461          s->rregs[R_INTR] &= ~INTR_TXINTA;
462      } else {
463          s->otherchn->rregs[R_INTR] &= ~INTR_TXINTB;
464          if (s->wregs[W_MINTR] & MINTR_STATUSHI) {
465              s->rregs[R_IVEC] = IVEC_HINOINT;
466          } else {
467              s->rregs[R_IVEC] = IVEC_LONOINT;
468          }
469          s->otherchn->rregs[R_INTR] &= ~INTR_TXINTB;
470      }
471      if (s->rxint) {
472          set_rxint(s);
473      }
474      escc_update_irq(s);
475  }
476  
477  static void escc_update_parameters(ESCCChannelState *s)
478  {
479      int speed, parity, data_bits, stop_bits;
480      QEMUSerialSetParams ssp;
481  
482      if (!qemu_chr_fe_backend_connected(&s->chr) || s->type != escc_serial) {
483          return;
484      }
485  
486      if (s->wregs[W_TXCTRL1] & TXCTRL1_PAREN) {
487          if (s->wregs[W_TXCTRL1] & TXCTRL1_PAREV) {
488              parity = 'E';
489          } else {
490              parity = 'O';
491          }
492      } else {
493          parity = 'N';
494      }
495      if ((s->wregs[W_TXCTRL1] & TXCTRL1_STPMSK) == TXCTRL1_2STOP) {
496          stop_bits = 2;
497      } else {
498          stop_bits = 1;
499      }
500      switch (s->wregs[W_TXCTRL2] & TXCTRL2_BITMSK) {
501      case TXCTRL2_5BITS:
502          data_bits = 5;
503          break;
504      case TXCTRL2_7BITS:
505          data_bits = 7;
506          break;
507      case TXCTRL2_6BITS:
508          data_bits = 6;
509          break;
510      default:
511      case TXCTRL2_8BITS:
512          data_bits = 8;
513          break;
514      }
515      speed = s->clock / ((s->wregs[W_BRGLO] | (s->wregs[W_BRGHI] << 8)) + 2);
516      switch (s->wregs[W_TXCTRL1] & TXCTRL1_CLKMSK) {
517      case TXCTRL1_CLK1X:
518          break;
519      case TXCTRL1_CLK16X:
520          speed /= 16;
521          break;
522      case TXCTRL1_CLK32X:
523          speed /= 32;
524          break;
525      default:
526      case TXCTRL1_CLK64X:
527          speed /= 64;
528          break;
529      }
530      ssp.speed = speed;
531      ssp.parity = parity;
532      ssp.data_bits = data_bits;
533      ssp.stop_bits = stop_bits;
534      trace_escc_update_parameters(CHN_C(s), speed, parity, data_bits, stop_bits);
535      qemu_chr_fe_ioctl(&s->chr, CHR_IOCTL_SERIAL_SET_PARAMS, &ssp);
536  }
537  
538  static void escc_mem_write(void *opaque, hwaddr addr,
539                             uint64_t val, unsigned size)
540  {
541      ESCCState *serial = opaque;
542      ESCCChannelState *s;
543      uint32_t saddr;
544      int newreg, channel;
545  
546      val &= 0xff;
547      saddr = (addr >> reg_shift(serial)) & 1;
548      channel = (addr >> chn_shift(serial)) & 1;
549      s = &serial->chn[channel];
550      switch (saddr) {
551      case SERIAL_CTRL:
552          trace_escc_mem_writeb_ctrl(CHN_C(s), s->reg, val & 0xff);
553          newreg = 0;
554          switch (s->reg) {
555          case W_CMD:
556              newreg = val & CMD_PTR_MASK;
557              val &= CMD_CMD_MASK;
558              switch (val) {
559              case CMD_HI:
560                  newreg |= CMD_HI;
561                  break;
562              case CMD_CLR_TXINT:
563                  clr_txint(s);
564                  break;
565              case CMD_CLR_IUS:
566                  if (s->rxint_under_svc) {
567                      s->rxint_under_svc = 0;
568                      if (s->txint) {
569                          set_txint(s);
570                      }
571                  } else if (s->txint_under_svc) {
572                      s->txint_under_svc = 0;
573                  }
574                  escc_update_irq(s);
575                  break;
576              default:
577                  break;
578              }
579              break;
580          case W_RXCTRL:
581              s->wregs[s->reg] = val;
582              if (val & RXCTRL_HUNT) {
583                  s->rregs[R_STATUS] |= STATUS_SYNC;
584              }
585              break;
586          case W_INTR ... W_IVEC:
587          case W_SYNC1 ... W_TXBUF:
588          case W_MISC1 ... W_CLOCK:
589          case W_MISC2 ... W_EXTINT:
590              s->wregs[s->reg] = val;
591              break;
592          case W_TXCTRL1:
593              s->wregs[s->reg] = val;
594              /*
595               * The ESCC datasheet states that SPEC_ALLSENT is always set in
596               * sync mode, and set in async mode when all characters have
597               * cleared the transmitter. Since writes to SERIAL_DATA use the
598               * blocking qemu_chr_fe_write_all() function to write each
599               * character, the guest can never see the state when async data
600               * is in the process of being transmitted so we can set this bit
601               * unconditionally regardless of the state of the W_TXCTRL1 mode
602               * bits.
603               */
604              s->rregs[R_SPEC] |= SPEC_ALLSENT;
605              escc_update_parameters(s);
606              break;
607          case W_TXCTRL2:
608              s->wregs[s->reg] = val;
609              escc_update_parameters(s);
610              break;
611          case W_BRGLO:
612          case W_BRGHI:
613              s->wregs[s->reg] = val;
614              s->rregs[s->reg] = val;
615              escc_update_parameters(s);
616              break;
617          case W_MINTR:
618              switch (val & MINTR_RST_MASK) {
619              case 0:
620              default:
621                  break;
622              case MINTR_RST_B:
623                  trace_escc_soft_reset_chn(CHN_C(&serial->chn[0]));
624                  escc_soft_reset_chn(&serial->chn[0]);
625                  return;
626              case MINTR_RST_A:
627                  trace_escc_soft_reset_chn(CHN_C(&serial->chn[1]));
628                  escc_soft_reset_chn(&serial->chn[1]);
629                  return;
630              case MINTR_RST_ALL:
631                  trace_escc_hard_reset();
632                  escc_hard_reset_chn(&serial->chn[0]);
633                  escc_hard_reset_chn(&serial->chn[1]);
634                  return;
635              }
636              break;
637          default:
638              break;
639          }
640          if (s->reg == 0) {
641              s->reg = newreg;
642          } else {
643              s->reg = 0;
644          }
645          break;
646      case SERIAL_DATA:
647          trace_escc_mem_writeb_data(CHN_C(s), val);
648          /*
649           * Lower the irq when data is written to the Tx buffer and no other
650           * interrupts are currently pending. The irq will be raised again once
651           * the Tx buffer becomes empty below.
652           */
653          s->txint = 0;
654          escc_update_irq(s);
655          s->tx = val;
656          if (s->wregs[W_TXCTRL2] & TXCTRL2_TXEN) { /* tx enabled */
657              if (s->wregs[W_MISC2] & MISC2_LCL_LOOP) {
658                  serial_receive_byte(s, s->tx);
659              } else if (qemu_chr_fe_backend_connected(&s->chr)) {
660                  /*
661                   * XXX this blocks entire thread. Rewrite to use
662                   * qemu_chr_fe_write and background I/O callbacks
663                   */
664                  qemu_chr_fe_write_all(&s->chr, &s->tx, 1);
665              } else if (s->type == escc_kbd && !s->disabled) {
666                  handle_kbd_command(s, val);
667              }
668          }
669          s->rregs[R_STATUS] |= STATUS_TXEMPTY; /* Tx buffer empty */
670          s->rregs[R_SPEC] |= SPEC_ALLSENT; /* All sent */
671          set_txint(s);
672          break;
673      default:
674          break;
675      }
676  }
677  
678  static uint64_t escc_mem_read(void *opaque, hwaddr addr,
679                                unsigned size)
680  {
681      ESCCState *serial = opaque;
682      ESCCChannelState *s;
683      uint32_t saddr;
684      uint32_t ret;
685      int channel;
686  
687      saddr = (addr >> reg_shift(serial)) & 1;
688      channel = (addr >> chn_shift(serial)) & 1;
689      s = &serial->chn[channel];
690      switch (saddr) {
691      case SERIAL_CTRL:
692          trace_escc_mem_readb_ctrl(CHN_C(s), s->reg, s->rregs[s->reg]);
693          ret = s->rregs[s->reg];
694          s->reg = 0;
695          return ret;
696      case SERIAL_DATA:
697          s->rregs[R_STATUS] &= ~STATUS_RXAV;
698          clr_rxint(s);
699          if (s->type == escc_kbd || s->type == escc_mouse) {
700              ret = get_queue(s);
701          } else {
702              ret = s->rx;
703          }
704          trace_escc_mem_readb_data(CHN_C(s), ret);
705          qemu_chr_fe_accept_input(&s->chr);
706          return ret;
707      default:
708          break;
709      }
710      return 0;
711  }
712  
713  static const MemoryRegionOps escc_mem_ops = {
714      .read = escc_mem_read,
715      .write = escc_mem_write,
716      .endianness = DEVICE_NATIVE_ENDIAN,
717      .valid = {
718          .min_access_size = 1,
719          .max_access_size = 1,
720      },
721  };
722  
723  static int serial_can_receive(void *opaque)
724  {
725      ESCCChannelState *s = opaque;
726      int ret;
727  
728      if (((s->wregs[W_RXCTRL] & RXCTRL_RXEN) == 0) /* Rx not enabled */
729          || ((s->rregs[R_STATUS] & STATUS_RXAV) == STATUS_RXAV)) {
730          /* char already available */
731          ret = 0;
732      } else {
733          ret = 1;
734      }
735      return ret;
736  }
737  
738  static void serial_receive_byte(ESCCChannelState *s, int ch)
739  {
740      trace_escc_serial_receive_byte(CHN_C(s), ch);
741      s->rregs[R_STATUS] |= STATUS_RXAV;
742      s->rx = ch;
743      set_rxint(s);
744  }
745  
746  static void serial_receive_break(ESCCChannelState *s)
747  {
748      s->rregs[R_STATUS] |= STATUS_BRK;
749      escc_update_irq(s);
750  }
751  
752  static void serial_receive1(void *opaque, const uint8_t *buf, int size)
753  {
754      ESCCChannelState *s = opaque;
755      serial_receive_byte(s, buf[0]);
756  }
757  
758  static void serial_event(void *opaque, QEMUChrEvent event)
759  {
760      ESCCChannelState *s = opaque;
761      if (event == CHR_EVENT_BREAK) {
762          serial_receive_break(s);
763      }
764  }
765  
766  static const VMStateDescription vmstate_escc_chn = {
767      .name = "escc_chn",
768      .version_id = 2,
769      .minimum_version_id = 1,
770      .fields = (const VMStateField[]) {
771          VMSTATE_UINT32(vmstate_dummy, ESCCChannelState),
772          VMSTATE_UINT32(reg, ESCCChannelState),
773          VMSTATE_UINT32(rxint, ESCCChannelState),
774          VMSTATE_UINT32(txint, ESCCChannelState),
775          VMSTATE_UINT32(rxint_under_svc, ESCCChannelState),
776          VMSTATE_UINT32(txint_under_svc, ESCCChannelState),
777          VMSTATE_UINT8(rx, ESCCChannelState),
778          VMSTATE_UINT8(tx, ESCCChannelState),
779          VMSTATE_BUFFER(wregs, ESCCChannelState),
780          VMSTATE_BUFFER(rregs, ESCCChannelState),
781          VMSTATE_END_OF_LIST()
782      }
783  };
784  
785  static const VMStateDescription vmstate_escc = {
786      .name = "escc",
787      .version_id = 2,
788      .minimum_version_id = 1,
789      .fields = (const VMStateField[]) {
790          VMSTATE_STRUCT_ARRAY(chn, ESCCState, 2, 2, vmstate_escc_chn,
791                               ESCCChannelState),
792          VMSTATE_END_OF_LIST()
793      }
794  };
795  
796  static void sunkbd_handle_event(DeviceState *dev, QemuConsole *src,
797                                  InputEvent *evt)
798  {
799      ESCCChannelState *s = (ESCCChannelState *)dev;
800      int qcode, keycode;
801      InputKeyEvent *key;
802  
803      assert(evt->type == INPUT_EVENT_KIND_KEY);
804      key = evt->u.key.data;
805      qcode = qemu_input_key_value_to_qcode(key->key);
806      trace_escc_sunkbd_event_in(qcode, QKeyCode_str(qcode),
807                                 key->down);
808  
809      if (qcode == Q_KEY_CODE_CAPS_LOCK) {
810          if (key->down) {
811              s->caps_lock_mode ^= 1;
812              if (s->caps_lock_mode == 2) {
813                  return; /* Drop second press */
814              }
815          } else {
816              s->caps_lock_mode ^= 2;
817              if (s->caps_lock_mode == 3) {
818                  return; /* Drop first release */
819              }
820          }
821      }
822  
823      if (qcode == Q_KEY_CODE_NUM_LOCK) {
824          if (key->down) {
825              s->num_lock_mode ^= 1;
826              if (s->num_lock_mode == 2) {
827                  return; /* Drop second press */
828              }
829          } else {
830              s->num_lock_mode ^= 2;
831              if (s->num_lock_mode == 3) {
832                  return; /* Drop first release */
833              }
834          }
835      }
836  
837      if (qcode >= qemu_input_map_qcode_to_sun_len) {
838          return;
839      }
840  
841      keycode = qemu_input_map_qcode_to_sun[qcode];
842      if (!key->down) {
843          keycode |= 0x80;
844      }
845      trace_escc_sunkbd_event_out(keycode);
846      put_queue(s, keycode);
847  }
848  
849  static const QemuInputHandler sunkbd_handler = {
850      .name  = "sun keyboard",
851      .mask  = INPUT_EVENT_MASK_KEY,
852      .event = sunkbd_handle_event,
853  };
854  
855  static uint8_t sunkbd_layout_dip_switch(const char *kbd_layout)
856  {
857      /* Return the value of the dip-switches in a SUN Type 5 keyboard */
858      static uint8_t ret = 0xff;
859  
860      if ((ret == 0xff) && kbd_layout) {
861          int i;
862          struct layout_values {
863              const char *lang;
864              uint8_t dip;
865          } languages[] =
866              /*
867               * Dip values from table 3-16 Layouts for Type 4, 5 and 5c Keyboards
868               */
869              {
870                  {"en-us", 0x21}, /* U.S.A. (US5.kt) */
871                                   /* 0x22 is some other US (US_UNIX5.kt) */
872                  {"fr",    0x23}, /* France (France5.kt) */
873                  {"da",    0x24}, /* Denmark (Denmark5.kt) */
874                  {"de",    0x25}, /* Germany (Germany5.kt) */
875                  {"it",    0x26}, /* Italy (Italy5.kt) */
876                  {"nl",    0x27}, /* The Netherlands (Netherland5.kt) */
877                  {"no",    0x28}, /* Norway (Norway.kt) */
878                  {"pt",    0x29}, /* Portugal (Portugal5.kt) */
879                  {"es",    0x2a}, /* Spain (Spain5.kt) */
880                  {"sv",    0x2b}, /* Sweden (Sweden5.kt) */
881                  {"fr-ch", 0x2c}, /* Switzerland/French (Switzer_Fr5.kt) */
882                  {"de-ch", 0x2d}, /* Switzerland/German (Switzer_Ge5.kt) */
883                  {"en-gb", 0x2e}, /* Great Britain (UK5.kt) */
884                  {"ko",    0x2f}, /* Korea (Korea5.kt) */
885                  {"tw",    0x30}, /* Taiwan (Taiwan5.kt) */
886                  {"ja",    0x31}, /* Japan (Japan5.kt) */
887                  {"fr-ca", 0x32}, /* Canada/French (Canada_Fr5.kt) */
888                  {"hu",    0x33}, /* Hungary (Hungary5.kt) */
889                  {"pl",    0x34}, /* Poland (Poland5.kt) */
890                  {"cz",    0x35}, /* Czech (Czech5.kt) */
891                  {"ru",    0x36}, /* Russia (Russia5.kt) */
892                  {"lv",    0x37}, /* Latvia (Latvia5.kt) */
893                  {"tr",    0x38}, /* Turkey-Q5 (TurkeyQ5.kt) */
894                  {"gr",    0x39}, /* Greece (Greece5.kt) */
895                  {"ar",    0x3a}, /* Arabic (Arabic5.kt) */
896                  {"lt",    0x3b}, /* Lithuania (Lithuania5.kt) */
897                  {"nl-be", 0x3c}, /* Belgium (Belgian5.kt) */
898                  {"be",    0x3c}, /* Belgium (Belgian5.kt) */
899              };
900  
901          for (i = 0;
902               i < sizeof(languages) / sizeof(struct layout_values);
903               i++) {
904              if (!strcmp(kbd_layout, languages[i].lang)) {
905                  ret = languages[i].dip;
906                  return ret;
907              }
908          }
909  
910          /* Found no known language code */
911          if ((kbd_layout[0] >= '0') && (kbd_layout[0] <= '9')) {
912              unsigned int tmp;
913  
914              /* As a fallback we also accept numeric dip switch value */
915              if (!qemu_strtoui(kbd_layout, NULL, 0, &tmp)) {
916                  ret = tmp;
917              }
918          }
919      }
920  
921      if (ret == 0xff) {
922          /* Final fallback if keyboard_layout was not set or recognized */
923          ret = 0x21; /* en-us layout */
924      }
925      return ret;
926  }
927  
928  static void handle_kbd_command(ESCCChannelState *s, int val)
929  {
930      trace_escc_kbd_command(val);
931      if (s->led_mode) { /* Ignore led byte */
932          s->led_mode = 0;
933          return;
934      }
935      switch (val) {
936      case 1: /* Reset, return type code */
937          clear_queue(s);
938          put_queue(s, 0xff);
939          put_queue(s, 4); /* Type 4 */
940          put_queue(s, 0x7f);
941          break;
942      case 0xe: /* Set leds */
943          s->led_mode = 1;
944          break;
945      case 7: /* Query layout */
946      case 0xf:
947          clear_queue(s);
948          put_queue(s, 0xfe);
949          put_queue(s, sunkbd_layout_dip_switch(s->sunkbd_layout));
950          break;
951      default:
952          break;
953      }
954  }
955  
956  static void sunmouse_handle_event(DeviceState *dev, QemuConsole *src,
957                                    InputEvent *evt)
958  {
959      ESCCChannelState *s = (ESCCChannelState *)dev;
960      InputMoveEvent *move;
961      InputBtnEvent *btn;
962      static const int bmap[INPUT_BUTTON__MAX] = {
963          [INPUT_BUTTON_LEFT]   = 0x4,
964          [INPUT_BUTTON_MIDDLE] = 0x2,
965          [INPUT_BUTTON_RIGHT]  = 0x1,
966      };
967  
968      switch (evt->type) {
969      case INPUT_EVENT_KIND_REL:
970          move = evt->u.rel.data;
971          if (move->axis == INPUT_AXIS_X) {
972              s->sunmouse_dx += move->value;
973          } else if (move->axis == INPUT_AXIS_Y) {
974              s->sunmouse_dy -= move->value;
975          }
976          break;
977  
978      case INPUT_EVENT_KIND_BTN:
979          btn = evt->u.btn.data;
980          if (bmap[btn->button]) {
981              if (btn->down) {
982                  s->sunmouse_buttons |= bmap[btn->button];
983              } else {
984                  s->sunmouse_buttons &= ~bmap[btn->button];
985              }
986              /* Indicate we have a supported button event */
987              s->sunmouse_buttons |= 0x80;
988          }
989          break;
990  
991      default:
992          /* keep gcc happy */
993          break;
994      }
995  }
996  
997  static void sunmouse_sync(DeviceState *dev)
998  {
999      ESCCChannelState *s = (ESCCChannelState *)dev;
1000      int ch;
1001  
1002      if (s->sunmouse_dx == 0 && s->sunmouse_dy == 0 &&
1003          (s->sunmouse_buttons & 0x80) == 0) {
1004              /* Nothing to do after button event filter */
1005              return;
1006      }
1007  
1008      /* Clear our button event flag */
1009      s->sunmouse_buttons &= ~0x80;
1010      trace_escc_sunmouse_event(s->sunmouse_dx, s->sunmouse_dy,
1011                                s->sunmouse_buttons);
1012      ch = 0x80 | 0x7; /* protocol start byte, no buttons pressed */
1013      ch ^= s->sunmouse_buttons;
1014      put_queue(s, ch);
1015  
1016      ch = s->sunmouse_dx;
1017      if (ch > 127) {
1018          ch = 127;
1019      } else if (ch < -127) {
1020          ch = -127;
1021      }
1022      put_queue(s, ch & 0xff);
1023      s->sunmouse_dx -= ch;
1024  
1025      ch = s->sunmouse_dy;
1026      if (ch > 127) {
1027          ch = 127;
1028      } else if (ch < -127) {
1029          ch = -127;
1030      }
1031      put_queue(s, ch & 0xff);
1032      s->sunmouse_dy -= ch;
1033  
1034      /* MSC protocol specifies two extra motion bytes */
1035      put_queue(s, 0);
1036      put_queue(s, 0);
1037  }
1038  
1039  static const QemuInputHandler sunmouse_handler = {
1040      .name  = "QEMU Sun Mouse",
1041      .mask  = INPUT_EVENT_MASK_BTN | INPUT_EVENT_MASK_REL,
1042      .event = sunmouse_handle_event,
1043      .sync  = sunmouse_sync,
1044  };
1045  
1046  static void escc_init1(Object *obj)
1047  {
1048      ESCCState *s = ESCC(obj);
1049      SysBusDevice *dev = SYS_BUS_DEVICE(obj);
1050      unsigned int i;
1051  
1052      for (i = 0; i < 2; i++) {
1053          sysbus_init_irq(dev, &s->chn[i].irq);
1054          s->chn[i].chn = 1 - i;
1055      }
1056      s->chn[0].otherchn = &s->chn[1];
1057      s->chn[1].otherchn = &s->chn[0];
1058  
1059      sysbus_init_mmio(dev, &s->mmio);
1060  }
1061  
1062  static void escc_realize(DeviceState *dev, Error **errp)
1063  {
1064      ESCCState *s = ESCC(dev);
1065      unsigned int i;
1066  
1067      s->chn[0].disabled = s->disabled;
1068      s->chn[1].disabled = s->disabled;
1069  
1070      memory_region_init_io(&s->mmio, OBJECT(dev), &escc_mem_ops, s, "escc",
1071                            ESCC_SIZE << s->it_shift);
1072  
1073      for (i = 0; i < 2; i++) {
1074          if (qemu_chr_fe_backend_connected(&s->chn[i].chr)) {
1075              s->chn[i].clock = s->frequency / 2;
1076              qemu_chr_fe_set_handlers(&s->chn[i].chr, serial_can_receive,
1077                                       serial_receive1, serial_event, NULL,
1078                                       &s->chn[i], NULL, true);
1079          }
1080      }
1081  
1082      if (s->chn[0].type == escc_mouse) {
1083          s->chn[0].hs = qemu_input_handler_register((DeviceState *)(&s->chn[0]),
1084                                                     &sunmouse_handler);
1085      }
1086      if (s->chn[1].type == escc_kbd) {
1087          s->chn[1].hs = qemu_input_handler_register((DeviceState *)(&s->chn[1]),
1088                                                     &sunkbd_handler);
1089      }
1090  }
1091  
1092  static Property escc_properties[] = {
1093      DEFINE_PROP_UINT32("frequency", ESCCState, frequency,   0),
1094      DEFINE_PROP_UINT32("it_shift",  ESCCState, it_shift,    0),
1095      DEFINE_PROP_BOOL("bit_swap",    ESCCState, bit_swap,    false),
1096      DEFINE_PROP_UINT32("disabled",  ESCCState, disabled,    0),
1097      DEFINE_PROP_UINT32("chnBtype",  ESCCState, chn[0].type, 0),
1098      DEFINE_PROP_UINT32("chnAtype",  ESCCState, chn[1].type, 0),
1099      DEFINE_PROP_CHR("chrB", ESCCState, chn[0].chr),
1100      DEFINE_PROP_CHR("chrA", ESCCState, chn[1].chr),
1101      DEFINE_PROP_STRING("chnA-sunkbd-layout", ESCCState, chn[1].sunkbd_layout),
1102      DEFINE_PROP_END_OF_LIST(),
1103  };
1104  
1105  static void escc_class_init(ObjectClass *klass, void *data)
1106  {
1107      DeviceClass *dc = DEVICE_CLASS(klass);
1108  
1109      device_class_set_legacy_reset(dc, escc_reset);
1110      dc->realize = escc_realize;
1111      dc->vmsd = &vmstate_escc;
1112      device_class_set_props(dc, escc_properties);
1113      set_bit(DEVICE_CATEGORY_INPUT, dc->categories);
1114  }
1115  
1116  static const TypeInfo escc_info = {
1117      .name          = TYPE_ESCC,
1118      .parent        = TYPE_SYS_BUS_DEVICE,
1119      .instance_size = sizeof(ESCCState),
1120      .instance_init = escc_init1,
1121      .class_init    = escc_class_init,
1122  };
1123  
1124  static void escc_register_types(void)
1125  {
1126      type_register_static(&escc_info);
1127  }
1128  
1129  type_init(escc_register_types)
1130