xref: /openbmc/qemu/hw/char/escc.c (revision 52f2b8961409be834abaee5189bff2cc9e372851)
1 /*
2  * QEMU ESCC (Z8030/Z8530/Z85C30/SCC/ESCC) serial port emulation
3  *
4  * Copyright (c) 2003-2005 Fabrice Bellard
5  *
6  * Permission is hereby granted, free of charge, to any person obtaining a copy
7  * of this software and associated documentation files (the "Software"), to deal
8  * in the Software without restriction, including without limitation the rights
9  * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
10  * copies of the Software, and to permit persons to whom the Software is
11  * furnished to do so, subject to the following conditions:
12  *
13  * The above copyright notice and this permission notice shall be included in
14  * all copies or substantial portions of the Software.
15  *
16  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17  * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18  * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
19  * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20  * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
21  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
22  * THE SOFTWARE.
23  */
24 
25 #include "qemu/osdep.h"
26 #include "hw/hw.h"
27 #include "hw/sysbus.h"
28 #include "hw/char/escc.h"
29 #include "ui/console.h"
30 #include "trace.h"
31 
32 /*
33  * Chipset docs:
34  * "Z80C30/Z85C30/Z80230/Z85230/Z85233 SCC/ESCC User Manual",
35  * http://www.zilog.com/docs/serial/scc_escc_um.pdf
36  *
37  * On Sparc32 this is the serial port, mouse and keyboard part of chip STP2001
38  * (Slave I/O), also produced as NCR89C105. See
39  * http://www.ibiblio.org/pub/historic-linux/early-ports/Sparc/NCR/NCR89C105.txt
40  *
41  * The serial ports implement full AMD AM8530 or Zilog Z8530 chips,
42  * mouse and keyboard ports don't implement all functions and they are
43  * only asynchronous. There is no DMA.
44  *
45  * Z85C30 is also used on PowerMacs. There are some small differences
46  * between Sparc version (sunzilog) and PowerMac (pmac):
47  *  Offset between control and data registers
48  *  There is some kind of lockup bug, but we can ignore it
49  *  CTS is inverted
50  *  DMA on pmac using DBDMA chip
51  *  pmac can do IRDA and faster rates, sunzilog can only do 38400
52  *  pmac baud rate generator clock is 3.6864 MHz, sunzilog 4.9152 MHz
53  */
54 
55 /*
56  * Modifications:
57  *  2006-Aug-10  Igor Kovalenko :   Renamed KBDQueue to SERIOQueue, implemented
58  *                                  serial mouse queue.
59  *                                  Implemented serial mouse protocol.
60  *
61  *  2010-May-23  Artyom Tarasenko:  Reworked IUS logic
62  */
63 
64 #define CHN_C(s) ((s)->chn == escc_chn_b ? 'b' : 'a')
65 
66 #define SERIAL_CTRL 0
67 #define SERIAL_DATA 1
68 
69 #define W_CMD     0
70 #define CMD_PTR_MASK   0x07
71 #define CMD_CMD_MASK   0x38
72 #define CMD_HI         0x08
73 #define CMD_CLR_TXINT  0x28
74 #define CMD_CLR_IUS    0x38
75 #define W_INTR    1
76 #define INTR_INTALL    0x01
77 #define INTR_TXINT     0x02
78 #define INTR_RXMODEMSK 0x18
79 #define INTR_RXINT1ST  0x08
80 #define INTR_RXINTALL  0x10
81 #define W_IVEC    2
82 #define W_RXCTRL  3
83 #define RXCTRL_RXEN    0x01
84 #define W_TXCTRL1 4
85 #define TXCTRL1_PAREN  0x01
86 #define TXCTRL1_PAREV  0x02
87 #define TXCTRL1_1STOP  0x04
88 #define TXCTRL1_1HSTOP 0x08
89 #define TXCTRL1_2STOP  0x0c
90 #define TXCTRL1_STPMSK 0x0c
91 #define TXCTRL1_CLK1X  0x00
92 #define TXCTRL1_CLK16X 0x40
93 #define TXCTRL1_CLK32X 0x80
94 #define TXCTRL1_CLK64X 0xc0
95 #define TXCTRL1_CLKMSK 0xc0
96 #define W_TXCTRL2 5
97 #define TXCTRL2_TXEN   0x08
98 #define TXCTRL2_BITMSK 0x60
99 #define TXCTRL2_5BITS  0x00
100 #define TXCTRL2_7BITS  0x20
101 #define TXCTRL2_6BITS  0x40
102 #define TXCTRL2_8BITS  0x60
103 #define W_SYNC1   6
104 #define W_SYNC2   7
105 #define W_TXBUF   8
106 #define W_MINTR   9
107 #define MINTR_STATUSHI 0x10
108 #define MINTR_RST_MASK 0xc0
109 #define MINTR_RST_B    0x40
110 #define MINTR_RST_A    0x80
111 #define MINTR_RST_ALL  0xc0
112 #define W_MISC1  10
113 #define W_CLOCK  11
114 #define CLOCK_TRXC     0x08
115 #define W_BRGLO  12
116 #define W_BRGHI  13
117 #define W_MISC2  14
118 #define MISC2_PLLDIS   0x30
119 #define W_EXTINT 15
120 #define EXTINT_DCD     0x08
121 #define EXTINT_SYNCINT 0x10
122 #define EXTINT_CTSINT  0x20
123 #define EXTINT_TXUNDRN 0x40
124 #define EXTINT_BRKINT  0x80
125 
126 #define R_STATUS  0
127 #define STATUS_RXAV    0x01
128 #define STATUS_ZERO    0x02
129 #define STATUS_TXEMPTY 0x04
130 #define STATUS_DCD     0x08
131 #define STATUS_SYNC    0x10
132 #define STATUS_CTS     0x20
133 #define STATUS_TXUNDRN 0x40
134 #define STATUS_BRK     0x80
135 #define R_SPEC    1
136 #define SPEC_ALLSENT   0x01
137 #define SPEC_BITS8     0x06
138 #define R_IVEC    2
139 #define IVEC_TXINTB    0x00
140 #define IVEC_LONOINT   0x06
141 #define IVEC_LORXINTA  0x0c
142 #define IVEC_LORXINTB  0x04
143 #define IVEC_LOTXINTA  0x08
144 #define IVEC_HINOINT   0x60
145 #define IVEC_HIRXINTA  0x30
146 #define IVEC_HIRXINTB  0x20
147 #define IVEC_HITXINTA  0x10
148 #define R_INTR    3
149 #define INTR_EXTINTB   0x01
150 #define INTR_TXINTB    0x02
151 #define INTR_RXINTB    0x04
152 #define INTR_EXTINTA   0x08
153 #define INTR_TXINTA    0x10
154 #define INTR_RXINTA    0x20
155 #define R_IPEN    4
156 #define R_TXCTRL1 5
157 #define R_TXCTRL2 6
158 #define R_BC      7
159 #define R_RXBUF   8
160 #define R_RXCTRL  9
161 #define R_MISC   10
162 #define R_MISC1  11
163 #define R_BRGLO  12
164 #define R_BRGHI  13
165 #define R_MISC1I 14
166 #define R_EXTINT 15
167 
168 static void handle_kbd_command(ESCCChannelState *s, int val);
169 static int serial_can_receive(void *opaque);
170 static void serial_receive_byte(ESCCChannelState *s, int ch);
171 
172 static void clear_queue(void *opaque)
173 {
174     ESCCChannelState *s = opaque;
175     ESCCSERIOQueue *q = &s->queue;
176     q->rptr = q->wptr = q->count = 0;
177 }
178 
179 static void put_queue(void *opaque, int b)
180 {
181     ESCCChannelState *s = opaque;
182     ESCCSERIOQueue *q = &s->queue;
183 
184     trace_escc_put_queue(CHN_C(s), b);
185     if (q->count >= ESCC_SERIO_QUEUE_SIZE) {
186         return;
187     }
188     q->data[q->wptr] = b;
189     if (++q->wptr == ESCC_SERIO_QUEUE_SIZE) {
190         q->wptr = 0;
191     }
192     q->count++;
193     serial_receive_byte(s, 0);
194 }
195 
196 static uint32_t get_queue(void *opaque)
197 {
198     ESCCChannelState *s = opaque;
199     ESCCSERIOQueue *q = &s->queue;
200     int val;
201 
202     if (q->count == 0) {
203         return 0;
204     } else {
205         val = q->data[q->rptr];
206         if (++q->rptr == ESCC_SERIO_QUEUE_SIZE) {
207             q->rptr = 0;
208         }
209         q->count--;
210     }
211     trace_escc_get_queue(CHN_C(s), val);
212     if (q->count > 0)
213         serial_receive_byte(s, 0);
214     return val;
215 }
216 
217 static int escc_update_irq_chn(ESCCChannelState *s)
218 {
219     if ((((s->wregs[W_INTR] & INTR_TXINT) && (s->txint == 1)) ||
220          // tx ints enabled, pending
221          ((((s->wregs[W_INTR] & INTR_RXMODEMSK) == INTR_RXINT1ST) ||
222            ((s->wregs[W_INTR] & INTR_RXMODEMSK) == INTR_RXINTALL)) &&
223           s->rxint == 1) || // rx ints enabled, pending
224          ((s->wregs[W_EXTINT] & EXTINT_BRKINT) &&
225           (s->rregs[R_STATUS] & STATUS_BRK)))) { // break int e&p
226         return 1;
227     }
228     return 0;
229 }
230 
231 static void escc_update_irq(ESCCChannelState *s)
232 {
233     int irq;
234 
235     irq = escc_update_irq_chn(s);
236     irq |= escc_update_irq_chn(s->otherchn);
237 
238     trace_escc_update_irq(irq);
239     qemu_set_irq(s->irq, irq);
240 }
241 
242 static void escc_reset_chn(ESCCChannelState *s)
243 {
244     int i;
245 
246     s->reg = 0;
247     for (i = 0; i < ESCC_SERIAL_REGS; i++) {
248         s->rregs[i] = 0;
249         s->wregs[i] = 0;
250     }
251     s->wregs[W_TXCTRL1] = TXCTRL1_1STOP; // 1X divisor, 1 stop bit, no parity
252     s->wregs[W_MINTR] = MINTR_RST_ALL;
253     s->wregs[W_CLOCK] = CLOCK_TRXC; // Synch mode tx clock = TRxC
254     s->wregs[W_MISC2] = MISC2_PLLDIS; // PLL disabled
255     s->wregs[W_EXTINT] = EXTINT_DCD | EXTINT_SYNCINT | EXTINT_CTSINT |
256         EXTINT_TXUNDRN | EXTINT_BRKINT; // Enable most interrupts
257     if (s->disabled)
258         s->rregs[R_STATUS] = STATUS_TXEMPTY | STATUS_DCD | STATUS_SYNC |
259             STATUS_CTS | STATUS_TXUNDRN;
260     else
261         s->rregs[R_STATUS] = STATUS_TXEMPTY | STATUS_TXUNDRN;
262     s->rregs[R_SPEC] = SPEC_BITS8 | SPEC_ALLSENT;
263 
264     s->rx = s->tx = 0;
265     s->rxint = s->txint = 0;
266     s->rxint_under_svc = s->txint_under_svc = 0;
267     s->e0_mode = s->led_mode = s->caps_lock_mode = s->num_lock_mode = 0;
268     clear_queue(s);
269 }
270 
271 static void escc_reset(DeviceState *d)
272 {
273     ESCCState *s = ESCC(d);
274 
275     escc_reset_chn(&s->chn[0]);
276     escc_reset_chn(&s->chn[1]);
277 }
278 
279 static inline void set_rxint(ESCCChannelState *s)
280 {
281     s->rxint = 1;
282     /* XXX: missing daisy chainnig: escc_chn_b rx should have a lower priority
283        than chn_a rx/tx/special_condition service*/
284     s->rxint_under_svc = 1;
285     if (s->chn == escc_chn_a) {
286         s->rregs[R_INTR] |= INTR_RXINTA;
287         if (s->wregs[W_MINTR] & MINTR_STATUSHI)
288             s->otherchn->rregs[R_IVEC] = IVEC_HIRXINTA;
289         else
290             s->otherchn->rregs[R_IVEC] = IVEC_LORXINTA;
291     } else {
292         s->otherchn->rregs[R_INTR] |= INTR_RXINTB;
293         if (s->wregs[W_MINTR] & MINTR_STATUSHI)
294             s->rregs[R_IVEC] = IVEC_HIRXINTB;
295         else
296             s->rregs[R_IVEC] = IVEC_LORXINTB;
297     }
298     escc_update_irq(s);
299 }
300 
301 static inline void set_txint(ESCCChannelState *s)
302 {
303     s->txint = 1;
304     if (!s->rxint_under_svc) {
305         s->txint_under_svc = 1;
306         if (s->chn == escc_chn_a) {
307             if (s->wregs[W_INTR] & INTR_TXINT) {
308                 s->rregs[R_INTR] |= INTR_TXINTA;
309             }
310             if (s->wregs[W_MINTR] & MINTR_STATUSHI)
311                 s->otherchn->rregs[R_IVEC] = IVEC_HITXINTA;
312             else
313                 s->otherchn->rregs[R_IVEC] = IVEC_LOTXINTA;
314         } else {
315             s->rregs[R_IVEC] = IVEC_TXINTB;
316             if (s->wregs[W_INTR] & INTR_TXINT) {
317                 s->otherchn->rregs[R_INTR] |= INTR_TXINTB;
318             }
319         }
320     escc_update_irq(s);
321     }
322 }
323 
324 static inline void clr_rxint(ESCCChannelState *s)
325 {
326     s->rxint = 0;
327     s->rxint_under_svc = 0;
328     if (s->chn == escc_chn_a) {
329         if (s->wregs[W_MINTR] & MINTR_STATUSHI)
330             s->otherchn->rregs[R_IVEC] = IVEC_HINOINT;
331         else
332             s->otherchn->rregs[R_IVEC] = IVEC_LONOINT;
333         s->rregs[R_INTR] &= ~INTR_RXINTA;
334     } else {
335         if (s->wregs[W_MINTR] & MINTR_STATUSHI)
336             s->rregs[R_IVEC] = IVEC_HINOINT;
337         else
338             s->rregs[R_IVEC] = IVEC_LONOINT;
339         s->otherchn->rregs[R_INTR] &= ~INTR_RXINTB;
340     }
341     if (s->txint)
342         set_txint(s);
343     escc_update_irq(s);
344 }
345 
346 static inline void clr_txint(ESCCChannelState *s)
347 {
348     s->txint = 0;
349     s->txint_under_svc = 0;
350     if (s->chn == escc_chn_a) {
351         if (s->wregs[W_MINTR] & MINTR_STATUSHI)
352             s->otherchn->rregs[R_IVEC] = IVEC_HINOINT;
353         else
354             s->otherchn->rregs[R_IVEC] = IVEC_LONOINT;
355         s->rregs[R_INTR] &= ~INTR_TXINTA;
356     } else {
357         s->otherchn->rregs[R_INTR] &= ~INTR_TXINTB;
358         if (s->wregs[W_MINTR] & MINTR_STATUSHI)
359             s->rregs[R_IVEC] = IVEC_HINOINT;
360         else
361             s->rregs[R_IVEC] = IVEC_LONOINT;
362         s->otherchn->rregs[R_INTR] &= ~INTR_TXINTB;
363     }
364     if (s->rxint)
365         set_rxint(s);
366     escc_update_irq(s);
367 }
368 
369 static void escc_update_parameters(ESCCChannelState *s)
370 {
371     int speed, parity, data_bits, stop_bits;
372     QEMUSerialSetParams ssp;
373 
374     if (!qemu_chr_fe_backend_connected(&s->chr) || s->type != escc_serial)
375         return;
376 
377     if (s->wregs[W_TXCTRL1] & TXCTRL1_PAREN) {
378         if (s->wregs[W_TXCTRL1] & TXCTRL1_PAREV)
379             parity = 'E';
380         else
381             parity = 'O';
382     } else {
383         parity = 'N';
384     }
385     if ((s->wregs[W_TXCTRL1] & TXCTRL1_STPMSK) == TXCTRL1_2STOP)
386         stop_bits = 2;
387     else
388         stop_bits = 1;
389     switch (s->wregs[W_TXCTRL2] & TXCTRL2_BITMSK) {
390     case TXCTRL2_5BITS:
391         data_bits = 5;
392         break;
393     case TXCTRL2_7BITS:
394         data_bits = 7;
395         break;
396     case TXCTRL2_6BITS:
397         data_bits = 6;
398         break;
399     default:
400     case TXCTRL2_8BITS:
401         data_bits = 8;
402         break;
403     }
404     speed = s->clock / ((s->wregs[W_BRGLO] | (s->wregs[W_BRGHI] << 8)) + 2);
405     switch (s->wregs[W_TXCTRL1] & TXCTRL1_CLKMSK) {
406     case TXCTRL1_CLK1X:
407         break;
408     case TXCTRL1_CLK16X:
409         speed /= 16;
410         break;
411     case TXCTRL1_CLK32X:
412         speed /= 32;
413         break;
414     default:
415     case TXCTRL1_CLK64X:
416         speed /= 64;
417         break;
418     }
419     ssp.speed = speed;
420     ssp.parity = parity;
421     ssp.data_bits = data_bits;
422     ssp.stop_bits = stop_bits;
423     trace_escc_update_parameters(CHN_C(s), speed, parity, data_bits, stop_bits);
424     qemu_chr_fe_ioctl(&s->chr, CHR_IOCTL_SERIAL_SET_PARAMS, &ssp);
425 }
426 
427 static void escc_mem_write(void *opaque, hwaddr addr,
428                            uint64_t val, unsigned size)
429 {
430     ESCCState *serial = opaque;
431     ESCCChannelState *s;
432     uint32_t saddr;
433     int newreg, channel;
434 
435     val &= 0xff;
436     saddr = (addr >> serial->it_shift) & 1;
437     channel = (addr >> (serial->it_shift + 1)) & 1;
438     s = &serial->chn[channel];
439     switch (saddr) {
440     case SERIAL_CTRL:
441         trace_escc_mem_writeb_ctrl(CHN_C(s), s->reg, val & 0xff);
442         newreg = 0;
443         switch (s->reg) {
444         case W_CMD:
445             newreg = val & CMD_PTR_MASK;
446             val &= CMD_CMD_MASK;
447             switch (val) {
448             case CMD_HI:
449                 newreg |= CMD_HI;
450                 break;
451             case CMD_CLR_TXINT:
452                 clr_txint(s);
453                 break;
454             case CMD_CLR_IUS:
455                 if (s->rxint_under_svc) {
456                     s->rxint_under_svc = 0;
457                     if (s->txint) {
458                         set_txint(s);
459                     }
460                 } else if (s->txint_under_svc) {
461                     s->txint_under_svc = 0;
462                 }
463                 escc_update_irq(s);
464                 break;
465             default:
466                 break;
467             }
468             break;
469         case W_INTR ... W_RXCTRL:
470         case W_SYNC1 ... W_TXBUF:
471         case W_MISC1 ... W_CLOCK:
472         case W_MISC2 ... W_EXTINT:
473             s->wregs[s->reg] = val;
474             break;
475         case W_TXCTRL1:
476         case W_TXCTRL2:
477             s->wregs[s->reg] = val;
478             escc_update_parameters(s);
479             break;
480         case W_BRGLO:
481         case W_BRGHI:
482             s->wregs[s->reg] = val;
483             s->rregs[s->reg] = val;
484             escc_update_parameters(s);
485             break;
486         case W_MINTR:
487             switch (val & MINTR_RST_MASK) {
488             case 0:
489             default:
490                 break;
491             case MINTR_RST_B:
492                 escc_reset_chn(&serial->chn[0]);
493                 return;
494             case MINTR_RST_A:
495                 escc_reset_chn(&serial->chn[1]);
496                 return;
497             case MINTR_RST_ALL:
498                 escc_reset(DEVICE(serial));
499                 return;
500             }
501             break;
502         default:
503             break;
504         }
505         if (s->reg == 0)
506             s->reg = newreg;
507         else
508             s->reg = 0;
509         break;
510     case SERIAL_DATA:
511         trace_escc_mem_writeb_data(CHN_C(s), val);
512         /*
513          * Lower the irq when data is written to the Tx buffer and no other
514          * interrupts are currently pending. The irq will be raised again once
515          * the Tx buffer becomes empty below.
516          */
517         s->txint = 0;
518         escc_update_irq(s);
519         s->tx = val;
520         if (s->wregs[W_TXCTRL2] & TXCTRL2_TXEN) { // tx enabled
521             if (qemu_chr_fe_backend_connected(&s->chr)) {
522                 /* XXX this blocks entire thread. Rewrite to use
523                  * qemu_chr_fe_write and background I/O callbacks */
524                 qemu_chr_fe_write_all(&s->chr, &s->tx, 1);
525             } else if (s->type == escc_kbd && !s->disabled) {
526                 handle_kbd_command(s, val);
527             }
528         }
529         s->rregs[R_STATUS] |= STATUS_TXEMPTY; // Tx buffer empty
530         s->rregs[R_SPEC] |= SPEC_ALLSENT; // All sent
531         set_txint(s);
532         break;
533     default:
534         break;
535     }
536 }
537 
538 static uint64_t escc_mem_read(void *opaque, hwaddr addr,
539                               unsigned size)
540 {
541     ESCCState *serial = opaque;
542     ESCCChannelState *s;
543     uint32_t saddr;
544     uint32_t ret;
545     int channel;
546 
547     saddr = (addr >> serial->it_shift) & 1;
548     channel = (addr >> (serial->it_shift + 1)) & 1;
549     s = &serial->chn[channel];
550     switch (saddr) {
551     case SERIAL_CTRL:
552         trace_escc_mem_readb_ctrl(CHN_C(s), s->reg, s->rregs[s->reg]);
553         ret = s->rregs[s->reg];
554         s->reg = 0;
555         return ret;
556     case SERIAL_DATA:
557         s->rregs[R_STATUS] &= ~STATUS_RXAV;
558         clr_rxint(s);
559         if (s->type == escc_kbd || s->type == escc_mouse) {
560             ret = get_queue(s);
561         } else {
562             ret = s->rx;
563         }
564         trace_escc_mem_readb_data(CHN_C(s), ret);
565         qemu_chr_fe_accept_input(&s->chr);
566         return ret;
567     default:
568         break;
569     }
570     return 0;
571 }
572 
573 static const MemoryRegionOps escc_mem_ops = {
574     .read = escc_mem_read,
575     .write = escc_mem_write,
576     .endianness = DEVICE_NATIVE_ENDIAN,
577     .valid = {
578         .min_access_size = 1,
579         .max_access_size = 1,
580     },
581 };
582 
583 static int serial_can_receive(void *opaque)
584 {
585     ESCCChannelState *s = opaque;
586     int ret;
587 
588     if (((s->wregs[W_RXCTRL] & RXCTRL_RXEN) == 0) // Rx not enabled
589         || ((s->rregs[R_STATUS] & STATUS_RXAV) == STATUS_RXAV))
590         // char already available
591         ret = 0;
592     else
593         ret = 1;
594     return ret;
595 }
596 
597 static void serial_receive_byte(ESCCChannelState *s, int ch)
598 {
599     trace_escc_serial_receive_byte(CHN_C(s), ch);
600     s->rregs[R_STATUS] |= STATUS_RXAV;
601     s->rx = ch;
602     set_rxint(s);
603 }
604 
605 static void serial_receive_break(ESCCChannelState *s)
606 {
607     s->rregs[R_STATUS] |= STATUS_BRK;
608     escc_update_irq(s);
609 }
610 
611 static void serial_receive1(void *opaque, const uint8_t *buf, int size)
612 {
613     ESCCChannelState *s = opaque;
614     serial_receive_byte(s, buf[0]);
615 }
616 
617 static void serial_event(void *opaque, int event)
618 {
619     ESCCChannelState *s = opaque;
620     if (event == CHR_EVENT_BREAK)
621         serial_receive_break(s);
622 }
623 
624 static const VMStateDescription vmstate_escc_chn = {
625     .name ="escc_chn",
626     .version_id = 2,
627     .minimum_version_id = 1,
628     .fields = (VMStateField[]) {
629         VMSTATE_UINT32(vmstate_dummy, ESCCChannelState),
630         VMSTATE_UINT32(reg, ESCCChannelState),
631         VMSTATE_UINT32(rxint, ESCCChannelState),
632         VMSTATE_UINT32(txint, ESCCChannelState),
633         VMSTATE_UINT32(rxint_under_svc, ESCCChannelState),
634         VMSTATE_UINT32(txint_under_svc, ESCCChannelState),
635         VMSTATE_UINT8(rx, ESCCChannelState),
636         VMSTATE_UINT8(tx, ESCCChannelState),
637         VMSTATE_BUFFER(wregs, ESCCChannelState),
638         VMSTATE_BUFFER(rregs, ESCCChannelState),
639         VMSTATE_END_OF_LIST()
640     }
641 };
642 
643 static const VMStateDescription vmstate_escc = {
644     .name ="escc",
645     .version_id = 2,
646     .minimum_version_id = 1,
647     .fields = (VMStateField[]) {
648         VMSTATE_STRUCT_ARRAY(chn, ESCCState, 2, 2, vmstate_escc_chn,
649                              ESCCChannelState),
650         VMSTATE_END_OF_LIST()
651     }
652 };
653 
654 static void sunkbd_handle_event(DeviceState *dev, QemuConsole *src,
655                                 InputEvent *evt)
656 {
657     ESCCChannelState *s = (ESCCChannelState *)dev;
658     int qcode, keycode;
659     InputKeyEvent *key;
660 
661     assert(evt->type == INPUT_EVENT_KIND_KEY);
662     key = evt->u.key.data;
663     qcode = qemu_input_key_value_to_qcode(key->key);
664     trace_escc_sunkbd_event_in(qcode, QKeyCode_str(qcode),
665                                key->down);
666 
667     if (qcode == Q_KEY_CODE_CAPS_LOCK) {
668         if (key->down) {
669             s->caps_lock_mode ^= 1;
670             if (s->caps_lock_mode == 2) {
671                 return; /* Drop second press */
672             }
673         } else {
674             s->caps_lock_mode ^= 2;
675             if (s->caps_lock_mode == 3) {
676                 return; /* Drop first release */
677             }
678         }
679     }
680 
681     if (qcode == Q_KEY_CODE_NUM_LOCK) {
682         if (key->down) {
683             s->num_lock_mode ^= 1;
684             if (s->num_lock_mode == 2) {
685                 return; /* Drop second press */
686             }
687         } else {
688             s->num_lock_mode ^= 2;
689             if (s->num_lock_mode == 3) {
690                 return; /* Drop first release */
691             }
692         }
693     }
694 
695     if (qcode > qemu_input_map_qcode_to_sun_len) {
696         return;
697     }
698 
699     keycode = qemu_input_map_qcode_to_sun[qcode];
700     if (!key->down) {
701         keycode |= 0x80;
702     }
703     trace_escc_sunkbd_event_out(keycode);
704     put_queue(s, keycode);
705 }
706 
707 static QemuInputHandler sunkbd_handler = {
708     .name  = "sun keyboard",
709     .mask  = INPUT_EVENT_MASK_KEY,
710     .event = sunkbd_handle_event,
711 };
712 
713 static void handle_kbd_command(ESCCChannelState *s, int val)
714 {
715     trace_escc_kbd_command(val);
716     if (s->led_mode) { // Ignore led byte
717         s->led_mode = 0;
718         return;
719     }
720     switch (val) {
721     case 1: // Reset, return type code
722         clear_queue(s);
723         put_queue(s, 0xff);
724         put_queue(s, 4); // Type 4
725         put_queue(s, 0x7f);
726         break;
727     case 0xe: // Set leds
728         s->led_mode = 1;
729         break;
730     case 7: // Query layout
731     case 0xf:
732         clear_queue(s);
733         put_queue(s, 0xfe);
734         put_queue(s, 0x21); /*  en-us layout */
735         break;
736     default:
737         break;
738     }
739 }
740 
741 static void sunmouse_event(void *opaque,
742                                int dx, int dy, int dz, int buttons_state)
743 {
744     ESCCChannelState *s = opaque;
745     int ch;
746 
747     trace_escc_sunmouse_event(dx, dy, buttons_state);
748     ch = 0x80 | 0x7; /* protocol start byte, no buttons pressed */
749 
750     if (buttons_state & MOUSE_EVENT_LBUTTON)
751         ch ^= 0x4;
752     if (buttons_state & MOUSE_EVENT_MBUTTON)
753         ch ^= 0x2;
754     if (buttons_state & MOUSE_EVENT_RBUTTON)
755         ch ^= 0x1;
756 
757     put_queue(s, ch);
758 
759     ch = dx;
760 
761     if (ch > 127)
762         ch = 127;
763     else if (ch < -127)
764         ch = -127;
765 
766     put_queue(s, ch & 0xff);
767 
768     ch = -dy;
769 
770     if (ch > 127)
771         ch = 127;
772     else if (ch < -127)
773         ch = -127;
774 
775     put_queue(s, ch & 0xff);
776 
777     // MSC protocol specify two extra motion bytes
778 
779     put_queue(s, 0);
780     put_queue(s, 0);
781 }
782 
783 static void escc_init1(Object *obj)
784 {
785     ESCCState *s = ESCC(obj);
786     SysBusDevice *dev = SYS_BUS_DEVICE(obj);
787     unsigned int i;
788 
789     for (i = 0; i < 2; i++) {
790         sysbus_init_irq(dev, &s->chn[i].irq);
791         s->chn[i].chn = 1 - i;
792     }
793     s->chn[0].otherchn = &s->chn[1];
794     s->chn[1].otherchn = &s->chn[0];
795 
796     sysbus_init_mmio(dev, &s->mmio);
797 }
798 
799 static void escc_realize(DeviceState *dev, Error **errp)
800 {
801     ESCCState *s = ESCC(dev);
802     unsigned int i;
803 
804     s->chn[0].disabled = s->disabled;
805     s->chn[1].disabled = s->disabled;
806 
807     memory_region_init_io(&s->mmio, OBJECT(dev), &escc_mem_ops, s, "escc",
808                           ESCC_SIZE << s->it_shift);
809 
810     for (i = 0; i < 2; i++) {
811         if (qemu_chr_fe_backend_connected(&s->chn[i].chr)) {
812             s->chn[i].clock = s->frequency / 2;
813             qemu_chr_fe_set_handlers(&s->chn[i].chr, serial_can_receive,
814                                      serial_receive1, serial_event, NULL,
815                                      &s->chn[i], NULL, true);
816         }
817     }
818 
819     if (s->chn[0].type == escc_mouse) {
820         qemu_add_mouse_event_handler(sunmouse_event, &s->chn[0], 0,
821                                      "QEMU Sun Mouse");
822     }
823     if (s->chn[1].type == escc_kbd) {
824         s->chn[1].hs = qemu_input_handler_register((DeviceState *)(&s->chn[1]),
825                                                    &sunkbd_handler);
826     }
827 }
828 
829 static Property escc_properties[] = {
830     DEFINE_PROP_UINT32("frequency", ESCCState, frequency,   0),
831     DEFINE_PROP_UINT32("it_shift",  ESCCState, it_shift,    0),
832     DEFINE_PROP_UINT32("disabled",  ESCCState, disabled,    0),
833     DEFINE_PROP_UINT32("chnBtype",  ESCCState, chn[0].type, 0),
834     DEFINE_PROP_UINT32("chnAtype",  ESCCState, chn[1].type, 0),
835     DEFINE_PROP_CHR("chrB", ESCCState, chn[0].chr),
836     DEFINE_PROP_CHR("chrA", ESCCState, chn[1].chr),
837     DEFINE_PROP_END_OF_LIST(),
838 };
839 
840 static void escc_class_init(ObjectClass *klass, void *data)
841 {
842     DeviceClass *dc = DEVICE_CLASS(klass);
843 
844     dc->reset = escc_reset;
845     dc->realize = escc_realize;
846     dc->vmsd = &vmstate_escc;
847     dc->props = escc_properties;
848     set_bit(DEVICE_CATEGORY_INPUT, dc->categories);
849 }
850 
851 static const TypeInfo escc_info = {
852     .name          = TYPE_ESCC,
853     .parent        = TYPE_SYS_BUS_DEVICE,
854     .instance_size = sizeof(ESCCState),
855     .instance_init = escc_init1,
856     .class_init    = escc_class_init,
857 };
858 
859 static void escc_register_types(void)
860 {
861     type_register_static(&escc_info);
862 }
863 
864 type_init(escc_register_types)
865