xref: /openbmc/qemu/hw/char/escc.c (revision 97d348cc1585eaca1d49703ca8094f47380b72ec)
1 /*
2  * QEMU ESCC (Z8030/Z8530/Z85C30/SCC/ESCC) serial port emulation
3  *
4  * Copyright (c) 2003-2005 Fabrice Bellard
5  *
6  * Permission is hereby granted, free of charge, to any person obtaining a copy
7  * of this software and associated documentation files (the "Software"), to deal
8  * in the Software without restriction, including without limitation the rights
9  * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
10  * copies of the Software, and to permit persons to whom the Software is
11  * furnished to do so, subject to the following conditions:
12  *
13  * The above copyright notice and this permission notice shall be included in
14  * all copies or substantial portions of the Software.
15  *
16  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17  * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18  * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
19  * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20  * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
21  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
22  * THE SOFTWARE.
23  */
24 
25 #include "qemu/osdep.h"
26 #include "hw/irq.h"
27 #include "hw/qdev-properties.h"
28 #include "hw/qdev-properties-system.h"
29 #include "hw/sysbus.h"
30 #include "migration/vmstate.h"
31 #include "qemu/module.h"
32 #include "hw/char/escc.h"
33 #include "ui/console.h"
34 
35 #include "qemu/cutils.h"
36 #include "trace.h"
37 
38 /*
39  * Chipset docs:
40  * "Z80C30/Z85C30/Z80230/Z85230/Z85233 SCC/ESCC User Manual",
41  * http://www.zilog.com/docs/serial/scc_escc_um.pdf
42  *
43  * On Sparc32 this is the serial port, mouse and keyboard part of chip STP2001
44  * (Slave I/O), also produced as NCR89C105. See
45  * http://www.ibiblio.org/pub/historic-linux/early-ports/Sparc/NCR/NCR89C105.txt
46  *
47  * The serial ports implement full AMD AM8530 or Zilog Z8530 chips,
48  * mouse and keyboard ports don't implement all functions and they are
49  * only asynchronous. There is no DMA.
50  *
51  * Z85C30 is also used on PowerMacs and m68k Macs.
52  *
53  * There are some small differences between Sparc version (sunzilog)
54  * and PowerMac (pmac):
55  *  Offset between control and data registers
56  *  There is some kind of lockup bug, but we can ignore it
57  *  CTS is inverted
58  *  DMA on pmac using DBDMA chip
59  *  pmac can do IRDA and faster rates, sunzilog can only do 38400
60  *  pmac baud rate generator clock is 3.6864 MHz, sunzilog 4.9152 MHz
61  *
62  * Linux driver for m68k Macs is the same as for PowerMac (pmac_zilog),
63  * but registers are grouped by type and not by channel:
64  * channel is selected by bit 0 of the address (instead of bit 1)
65  * and register is selected by bit 1 of the address (instead of bit 0).
66  */
67 
68 /*
69  * Modifications:
70  *  2006-Aug-10  Igor Kovalenko :   Renamed KBDQueue to SERIOQueue, implemented
71  *                                  serial mouse queue.
72  *                                  Implemented serial mouse protocol.
73  *
74  *  2010-May-23  Artyom Tarasenko:  Reworked IUS logic
75  */
76 
77 #define CHN_C(s) ((s)->chn == escc_chn_b ? 'b' : 'a')
78 
79 #define SERIAL_CTRL 0
80 #define SERIAL_DATA 1
81 
82 #define W_CMD     0
83 #define CMD_PTR_MASK   0x07
84 #define CMD_CMD_MASK   0x38
85 #define CMD_HI         0x08
86 #define CMD_CLR_TXINT  0x28
87 #define CMD_CLR_IUS    0x38
88 #define W_INTR    1
89 #define INTR_INTALL    0x01
90 #define INTR_TXINT     0x02
91 #define INTR_PAR_SPEC  0x04
92 #define INTR_RXMODEMSK 0x18
93 #define INTR_RXINT1ST  0x08
94 #define INTR_RXINTALL  0x10
95 #define INTR_WTRQ_TXRX 0x20
96 #define W_IVEC    2
97 #define W_RXCTRL  3
98 #define RXCTRL_RXEN    0x01
99 #define RXCTRL_HUNT    0x10
100 #define W_TXCTRL1 4
101 #define TXCTRL1_PAREN  0x01
102 #define TXCTRL1_PAREV  0x02
103 #define TXCTRL1_1STOP  0x04
104 #define TXCTRL1_1HSTOP 0x08
105 #define TXCTRL1_2STOP  0x0c
106 #define TXCTRL1_STPMSK 0x0c
107 #define TXCTRL1_CLK1X  0x00
108 #define TXCTRL1_CLK16X 0x40
109 #define TXCTRL1_CLK32X 0x80
110 #define TXCTRL1_CLK64X 0xc0
111 #define TXCTRL1_CLKMSK 0xc0
112 #define W_TXCTRL2 5
113 #define TXCTRL2_TXCRC  0x01
114 #define TXCTRL2_TXEN   0x08
115 #define TXCTRL2_BITMSK 0x60
116 #define TXCTRL2_5BITS  0x00
117 #define TXCTRL2_7BITS  0x20
118 #define TXCTRL2_6BITS  0x40
119 #define TXCTRL2_8BITS  0x60
120 #define W_SYNC1   6
121 #define W_SYNC2   7
122 #define W_TXBUF   8
123 #define W_MINTR   9
124 #define MINTR_VIS      0x01
125 #define MINTR_NV       0x02
126 #define MINTR_STATUSHI 0x10
127 #define MINTR_SOFTIACK 0x20
128 #define MINTR_RST_MASK 0xc0
129 #define MINTR_RST_B    0x40
130 #define MINTR_RST_A    0x80
131 #define MINTR_RST_ALL  0xc0
132 #define W_MISC1  10
133 #define MISC1_ENC_MASK 0x60
134 #define W_CLOCK  11
135 #define CLOCK_TRXC     0x08
136 #define W_BRGLO  12
137 #define W_BRGHI  13
138 #define W_MISC2  14
139 #define MISC2_BRG_EN   0x01
140 #define MISC2_BRG_SRC  0x02
141 #define MISC2_LCL_LOOP 0x10
142 #define MISC2_PLLCMD0  0x20
143 #define MISC2_PLLCMD1  0x40
144 #define MISC2_PLLCMD2  0x80
145 #define W_EXTINT 15
146 #define EXTINT_DCD     0x08
147 #define EXTINT_SYNCINT 0x10
148 #define EXTINT_CTSINT  0x20
149 #define EXTINT_TXUNDRN 0x40
150 #define EXTINT_BRKINT  0x80
151 
152 #define R_STATUS  0
153 #define STATUS_RXAV    0x01
154 #define STATUS_ZERO    0x02
155 #define STATUS_TXEMPTY 0x04
156 #define STATUS_DCD     0x08
157 #define STATUS_SYNC    0x10
158 #define STATUS_CTS     0x20
159 #define STATUS_TXUNDRN 0x40
160 #define STATUS_BRK     0x80
161 #define R_SPEC    1
162 #define SPEC_ALLSENT   0x01
163 #define SPEC_BITS8     0x06
164 #define R_IVEC    2
165 #define IVEC_TXINTB    0x00
166 #define IVEC_LONOINT   0x06
167 #define IVEC_LORXINTA  0x0c
168 #define IVEC_LORXINTB  0x04
169 #define IVEC_LOTXINTA  0x08
170 #define IVEC_HINOINT   0x60
171 #define IVEC_HIRXINTA  0x30
172 #define IVEC_HIRXINTB  0x20
173 #define IVEC_HITXINTA  0x10
174 #define R_INTR    3
175 #define INTR_EXTINTB   0x01
176 #define INTR_TXINTB    0x02
177 #define INTR_RXINTB    0x04
178 #define INTR_EXTINTA   0x08
179 #define INTR_TXINTA    0x10
180 #define INTR_RXINTA    0x20
181 #define R_IPEN    4
182 #define R_TXCTRL1 5
183 #define R_TXCTRL2 6
184 #define R_BC      7
185 #define R_RXBUF   8
186 #define R_RXCTRL  9
187 #define R_MISC   10
188 #define MISC_2CLKMISS  0x40
189 #define R_MISC1  11
190 #define R_BRGLO  12
191 #define R_BRGHI  13
192 #define R_MISC1I 14
193 #define R_EXTINT 15
194 
195 static uint8_t sunkbd_layout_dip_switch(const char *sunkbd_layout);
196 static void handle_kbd_command(ESCCChannelState *s, int val);
197 static int serial_can_receive(void *opaque);
198 static void serial_receive_byte(ESCCChannelState *s, int ch);
199 
200 static int reg_shift(ESCCState *s)
201 {
202     return s->bit_swap ? s->it_shift + 1 : s->it_shift;
203 }
204 
205 static int chn_shift(ESCCState *s)
206 {
207     return s->bit_swap ? s->it_shift : s->it_shift + 1;
208 }
209 
210 static void clear_queue(void *opaque)
211 {
212     ESCCChannelState *s = opaque;
213     ESCCSERIOQueue *q = &s->queue;
214     q->rptr = q->wptr = q->count = 0;
215 }
216 
217 static void put_queue(void *opaque, int b)
218 {
219     ESCCChannelState *s = opaque;
220     ESCCSERIOQueue *q = &s->queue;
221 
222     trace_escc_put_queue(CHN_C(s), b);
223     if (q->count >= ESCC_SERIO_QUEUE_SIZE) {
224         return;
225     }
226     q->data[q->wptr] = b;
227     if (++q->wptr == ESCC_SERIO_QUEUE_SIZE) {
228         q->wptr = 0;
229     }
230     q->count++;
231     serial_receive_byte(s, 0);
232 }
233 
234 static uint32_t get_queue(void *opaque)
235 {
236     ESCCChannelState *s = opaque;
237     ESCCSERIOQueue *q = &s->queue;
238     int val;
239 
240     if (q->count == 0) {
241         return 0;
242     } else {
243         val = q->data[q->rptr];
244         if (++q->rptr == ESCC_SERIO_QUEUE_SIZE) {
245             q->rptr = 0;
246         }
247         q->count--;
248     }
249     trace_escc_get_queue(CHN_C(s), val);
250     if (q->count > 0) {
251         serial_receive_byte(s, 0);
252     }
253     return val;
254 }
255 
256 static int escc_update_irq_chn(ESCCChannelState *s)
257 {
258     if ((((s->wregs[W_INTR] & INTR_TXINT) && (s->txint == 1)) ||
259         /* tx ints enabled, pending */
260         ((((s->wregs[W_INTR] & INTR_RXMODEMSK) == INTR_RXINT1ST) ||
261         ((s->wregs[W_INTR] & INTR_RXMODEMSK) == INTR_RXINTALL)) &&
262             s->rxint == 1) ||
263         /* rx ints enabled, pending */
264         ((s->wregs[W_EXTINT] & EXTINT_BRKINT) &&
265             (s->rregs[R_STATUS] & STATUS_BRK)))) {
266         /* break int e&p */
267         return 1;
268     }
269     return 0;
270 }
271 
272 static void escc_update_irq(ESCCChannelState *s)
273 {
274     int irq;
275 
276     irq = escc_update_irq_chn(s);
277     irq |= escc_update_irq_chn(s->otherchn);
278 
279     trace_escc_update_irq(irq);
280     qemu_set_irq(s->irq, irq);
281 }
282 
283 static void escc_reset_chn(ESCCChannelState *s)
284 {
285     s->reg = 0;
286     s->rx = s->tx = 0;
287     s->rxint = s->txint = 0;
288     s->rxint_under_svc = s->txint_under_svc = 0;
289     s->e0_mode = s->led_mode = s->caps_lock_mode = s->num_lock_mode = 0;
290     s->sunmouse_dx = s->sunmouse_dy = s->sunmouse_buttons = 0;
291     clear_queue(s);
292 }
293 
294 static void escc_soft_reset_chn(ESCCChannelState *s)
295 {
296     escc_reset_chn(s);
297 
298     s->wregs[W_CMD] = 0;
299     s->wregs[W_INTR] &= INTR_PAR_SPEC | INTR_WTRQ_TXRX;
300     s->wregs[W_RXCTRL] &= ~RXCTRL_RXEN;
301     /* 1 stop bit */
302     s->wregs[W_TXCTRL1] |= TXCTRL1_1STOP;
303     s->wregs[W_TXCTRL2] &= TXCTRL2_TXCRC | TXCTRL2_8BITS;
304     s->wregs[W_MINTR] &= ~MINTR_SOFTIACK;
305     s->wregs[W_MISC1] &= MISC1_ENC_MASK;
306     /* PLL disabled */
307     s->wregs[W_MISC2] &= MISC2_BRG_EN | MISC2_BRG_SRC |
308                          MISC2_PLLCMD1 | MISC2_PLLCMD2;
309     s->wregs[W_MISC2] |= MISC2_PLLCMD0;
310     /* Enable most interrupts */
311     s->wregs[W_EXTINT] = EXTINT_DCD | EXTINT_SYNCINT | EXTINT_CTSINT |
312                          EXTINT_TXUNDRN | EXTINT_BRKINT;
313 
314     s->rregs[R_STATUS] &= STATUS_DCD | STATUS_SYNC | STATUS_CTS | STATUS_BRK;
315     s->rregs[R_STATUS] |= STATUS_TXEMPTY | STATUS_TXUNDRN;
316     if (s->disabled) {
317         s->rregs[R_STATUS] |= STATUS_DCD | STATUS_SYNC | STATUS_CTS;
318     }
319     s->rregs[R_SPEC] &= SPEC_ALLSENT;
320     s->rregs[R_SPEC] |= SPEC_BITS8;
321     s->rregs[R_INTR] = 0;
322     s->rregs[R_MISC] &= MISC_2CLKMISS;
323 }
324 
325 static void escc_hard_reset_chn(ESCCChannelState *s)
326 {
327     escc_soft_reset_chn(s);
328 
329     /*
330      * Hard reset is almost identical to soft reset above, except that the
331      * values of WR9 (W_MINTR), WR10 (W_MISC1), WR11 (W_CLOCK) and WR14
332      * (W_MISC2) have extra bits forced to 0/1
333      */
334     s->wregs[W_MINTR] &= MINTR_VIS | MINTR_NV;
335     s->wregs[W_MINTR] |= MINTR_RST_B | MINTR_RST_A;
336     s->wregs[W_MISC1] = 0;
337     s->wregs[W_CLOCK] = CLOCK_TRXC;
338     s->wregs[W_MISC2] &= MISC2_PLLCMD1 | MISC2_PLLCMD2;
339     s->wregs[W_MISC2] |= MISC2_LCL_LOOP | MISC2_PLLCMD0;
340 }
341 
342 static void escc_reset(DeviceState *d)
343 {
344     ESCCState *s = ESCC(d);
345     int i, j;
346 
347     for (i = 0; i < 2; i++) {
348         ESCCChannelState *cs = &s->chn[i];
349 
350         /*
351          * According to the ESCC datasheet "Miscellaneous Questions" section
352          * on page 384, the values of the ESCC registers are not guaranteed on
353          * power-on until an explicit hardware or software reset has been
354          * issued. For now we zero the registers so that a device reset always
355          * returns the emulated device to a fixed state.
356          */
357         for (j = 0; j < ESCC_SERIAL_REGS; j++) {
358             cs->rregs[j] = 0;
359             cs->wregs[j] = 0;
360         }
361 
362         /*
363          * ...but there is an exception. The "Transmit Interrupts and Transmit
364          * Buffer Empty Bit" section on page 50 of the ESCC datasheet says of
365          * the STATUS_TXEMPTY bit in R_STATUS: "After a hardware reset
366          * (including a hardware reset by software), or a channel reset, this
367          * bit is set to 1". The Sun PROM checks this bit early on startup and
368          * gets stuck in an infinite loop if it is not set.
369          */
370         cs->rregs[R_STATUS] |= STATUS_TXEMPTY;
371 
372         escc_reset_chn(cs);
373     }
374 }
375 
376 static inline void set_rxint(ESCCChannelState *s)
377 {
378     s->rxint = 1;
379     /*
380      * XXX: missing daisy chaining: escc_chn_b rx should have a lower priority
381      * than chn_a rx/tx/special_condition service
382      */
383     s->rxint_under_svc = 1;
384     if (s->chn == escc_chn_a) {
385         s->rregs[R_INTR] |= INTR_RXINTA;
386         if (s->wregs[W_MINTR] & MINTR_STATUSHI) {
387             s->otherchn->rregs[R_IVEC] = IVEC_HIRXINTA;
388         } else {
389             s->otherchn->rregs[R_IVEC] = IVEC_LORXINTA;
390         }
391     } else {
392         s->otherchn->rregs[R_INTR] |= INTR_RXINTB;
393         if (s->wregs[W_MINTR] & MINTR_STATUSHI) {
394             s->rregs[R_IVEC] = IVEC_HIRXINTB;
395         } else {
396             s->rregs[R_IVEC] = IVEC_LORXINTB;
397         }
398     }
399     escc_update_irq(s);
400 }
401 
402 static inline void set_txint(ESCCChannelState *s)
403 {
404     s->txint = 1;
405     if (!s->rxint_under_svc) {
406         s->txint_under_svc = 1;
407         if (s->chn == escc_chn_a) {
408             if (s->wregs[W_INTR] & INTR_TXINT) {
409                 s->rregs[R_INTR] |= INTR_TXINTA;
410             }
411             if (s->wregs[W_MINTR] & MINTR_STATUSHI) {
412                 s->otherchn->rregs[R_IVEC] = IVEC_HITXINTA;
413             } else {
414                 s->otherchn->rregs[R_IVEC] = IVEC_LOTXINTA;
415             }
416         } else {
417             s->rregs[R_IVEC] = IVEC_TXINTB;
418             if (s->wregs[W_INTR] & INTR_TXINT) {
419                 s->otherchn->rregs[R_INTR] |= INTR_TXINTB;
420             }
421         }
422         escc_update_irq(s);
423     }
424 }
425 
426 static inline void clr_rxint(ESCCChannelState *s)
427 {
428     s->rxint = 0;
429     s->rxint_under_svc = 0;
430     if (s->chn == escc_chn_a) {
431         if (s->wregs[W_MINTR] & MINTR_STATUSHI) {
432             s->otherchn->rregs[R_IVEC] = IVEC_HINOINT;
433         } else {
434             s->otherchn->rregs[R_IVEC] = IVEC_LONOINT;
435         }
436         s->rregs[R_INTR] &= ~INTR_RXINTA;
437     } else {
438         if (s->wregs[W_MINTR] & MINTR_STATUSHI) {
439             s->rregs[R_IVEC] = IVEC_HINOINT;
440         } else {
441             s->rregs[R_IVEC] = IVEC_LONOINT;
442         }
443         s->otherchn->rregs[R_INTR] &= ~INTR_RXINTB;
444     }
445     if (s->txint) {
446         set_txint(s);
447     }
448     escc_update_irq(s);
449 }
450 
451 static inline void clr_txint(ESCCChannelState *s)
452 {
453     s->txint = 0;
454     s->txint_under_svc = 0;
455     if (s->chn == escc_chn_a) {
456         if (s->wregs[W_MINTR] & MINTR_STATUSHI) {
457             s->otherchn->rregs[R_IVEC] = IVEC_HINOINT;
458         } else {
459             s->otherchn->rregs[R_IVEC] = IVEC_LONOINT;
460         }
461         s->rregs[R_INTR] &= ~INTR_TXINTA;
462     } else {
463         s->otherchn->rregs[R_INTR] &= ~INTR_TXINTB;
464         if (s->wregs[W_MINTR] & MINTR_STATUSHI) {
465             s->rregs[R_IVEC] = IVEC_HINOINT;
466         } else {
467             s->rregs[R_IVEC] = IVEC_LONOINT;
468         }
469         s->otherchn->rregs[R_INTR] &= ~INTR_TXINTB;
470     }
471     if (s->rxint) {
472         set_rxint(s);
473     }
474     escc_update_irq(s);
475 }
476 
477 static void escc_update_parameters(ESCCChannelState *s)
478 {
479     int speed, parity, data_bits, stop_bits;
480     QEMUSerialSetParams ssp;
481 
482     if (!qemu_chr_fe_backend_connected(&s->chr) || s->type != escc_serial) {
483         return;
484     }
485 
486     if (s->wregs[W_TXCTRL1] & TXCTRL1_PAREN) {
487         if (s->wregs[W_TXCTRL1] & TXCTRL1_PAREV) {
488             parity = 'E';
489         } else {
490             parity = 'O';
491         }
492     } else {
493         parity = 'N';
494     }
495     if ((s->wregs[W_TXCTRL1] & TXCTRL1_STPMSK) == TXCTRL1_2STOP) {
496         stop_bits = 2;
497     } else {
498         stop_bits = 1;
499     }
500     switch (s->wregs[W_TXCTRL2] & TXCTRL2_BITMSK) {
501     case TXCTRL2_5BITS:
502         data_bits = 5;
503         break;
504     case TXCTRL2_7BITS:
505         data_bits = 7;
506         break;
507     case TXCTRL2_6BITS:
508         data_bits = 6;
509         break;
510     default:
511     case TXCTRL2_8BITS:
512         data_bits = 8;
513         break;
514     }
515     speed = s->clock / ((s->wregs[W_BRGLO] | (s->wregs[W_BRGHI] << 8)) + 2);
516     switch (s->wregs[W_TXCTRL1] & TXCTRL1_CLKMSK) {
517     case TXCTRL1_CLK1X:
518         break;
519     case TXCTRL1_CLK16X:
520         speed /= 16;
521         break;
522     case TXCTRL1_CLK32X:
523         speed /= 32;
524         break;
525     default:
526     case TXCTRL1_CLK64X:
527         speed /= 64;
528         break;
529     }
530     ssp.speed = speed;
531     ssp.parity = parity;
532     ssp.data_bits = data_bits;
533     ssp.stop_bits = stop_bits;
534     trace_escc_update_parameters(CHN_C(s), speed, parity, data_bits, stop_bits);
535     qemu_chr_fe_ioctl(&s->chr, CHR_IOCTL_SERIAL_SET_PARAMS, &ssp);
536 }
537 
538 static void escc_mem_write(void *opaque, hwaddr addr,
539                            uint64_t val, unsigned size)
540 {
541     ESCCState *serial = opaque;
542     ESCCChannelState *s;
543     uint32_t saddr;
544     int newreg, channel;
545 
546     val &= 0xff;
547     saddr = (addr >> reg_shift(serial)) & 1;
548     channel = (addr >> chn_shift(serial)) & 1;
549     s = &serial->chn[channel];
550     switch (saddr) {
551     case SERIAL_CTRL:
552         trace_escc_mem_writeb_ctrl(CHN_C(s), s->reg, val & 0xff);
553         newreg = 0;
554         switch (s->reg) {
555         case W_CMD:
556             newreg = val & CMD_PTR_MASK;
557             val &= CMD_CMD_MASK;
558             switch (val) {
559             case CMD_HI:
560                 newreg |= CMD_HI;
561                 break;
562             case CMD_CLR_TXINT:
563                 clr_txint(s);
564                 break;
565             case CMD_CLR_IUS:
566                 if (s->rxint_under_svc) {
567                     s->rxint_under_svc = 0;
568                     if (s->txint) {
569                         set_txint(s);
570                     }
571                 } else if (s->txint_under_svc) {
572                     s->txint_under_svc = 0;
573                 }
574                 escc_update_irq(s);
575                 break;
576             default:
577                 break;
578             }
579             break;
580         case W_RXCTRL:
581             s->wregs[s->reg] = val;
582             if (val & RXCTRL_HUNT) {
583                 s->rregs[R_STATUS] |= STATUS_SYNC;
584             }
585             break;
586         case W_INTR ... W_IVEC:
587         case W_SYNC1 ... W_TXBUF:
588         case W_MISC1 ... W_CLOCK:
589         case W_MISC2 ... W_EXTINT:
590             s->wregs[s->reg] = val;
591             break;
592         case W_TXCTRL1:
593             s->wregs[s->reg] = val;
594             /*
595              * The ESCC datasheet states that SPEC_ALLSENT is always set in
596              * sync mode, and set in async mode when all characters have
597              * cleared the transmitter. Since writes to SERIAL_DATA use the
598              * blocking qemu_chr_fe_write_all() function to write each
599              * character, the guest can never see the state when async data
600              * is in the process of being transmitted so we can set this bit
601              * unconditionally regardless of the state of the W_TXCTRL1 mode
602              * bits.
603              */
604             s->rregs[R_SPEC] |= SPEC_ALLSENT;
605             escc_update_parameters(s);
606             break;
607         case W_TXCTRL2:
608             s->wregs[s->reg] = val;
609             escc_update_parameters(s);
610             break;
611         case W_BRGLO:
612         case W_BRGHI:
613             s->wregs[s->reg] = val;
614             s->rregs[s->reg] = val;
615             escc_update_parameters(s);
616             break;
617         case W_MINTR:
618             switch (val & MINTR_RST_MASK) {
619             case 0:
620             default:
621                 break;
622             case MINTR_RST_B:
623                 trace_escc_soft_reset_chn(CHN_C(&serial->chn[0]));
624                 escc_soft_reset_chn(&serial->chn[0]);
625                 return;
626             case MINTR_RST_A:
627                 trace_escc_soft_reset_chn(CHN_C(&serial->chn[1]));
628                 escc_soft_reset_chn(&serial->chn[1]);
629                 return;
630             case MINTR_RST_ALL:
631                 trace_escc_hard_reset();
632                 escc_hard_reset_chn(&serial->chn[0]);
633                 escc_hard_reset_chn(&serial->chn[1]);
634                 return;
635             }
636             break;
637         default:
638             break;
639         }
640         if (s->reg == 0) {
641             s->reg = newreg;
642         } else {
643             s->reg = 0;
644         }
645         break;
646     case SERIAL_DATA:
647         trace_escc_mem_writeb_data(CHN_C(s), val);
648         /*
649          * Lower the irq when data is written to the Tx buffer and no other
650          * interrupts are currently pending. The irq will be raised again once
651          * the Tx buffer becomes empty below.
652          */
653         s->txint = 0;
654         escc_update_irq(s);
655         s->tx = val;
656         if (s->wregs[W_TXCTRL2] & TXCTRL2_TXEN) { /* tx enabled */
657             if (s->wregs[W_MISC2] & MISC2_LCL_LOOP) {
658                 serial_receive_byte(s, s->tx);
659             } else if (qemu_chr_fe_backend_connected(&s->chr)) {
660                 /*
661                  * XXX this blocks entire thread. Rewrite to use
662                  * qemu_chr_fe_write and background I/O callbacks
663                  */
664                 qemu_chr_fe_write_all(&s->chr, &s->tx, 1);
665             } else if (s->type == escc_kbd && !s->disabled) {
666                 handle_kbd_command(s, val);
667             }
668         }
669         s->rregs[R_STATUS] |= STATUS_TXEMPTY; /* Tx buffer empty */
670         s->rregs[R_SPEC] |= SPEC_ALLSENT; /* All sent */
671         set_txint(s);
672         break;
673     default:
674         break;
675     }
676 }
677 
678 static uint64_t escc_mem_read(void *opaque, hwaddr addr,
679                               unsigned size)
680 {
681     ESCCState *serial = opaque;
682     ESCCChannelState *s;
683     uint32_t saddr;
684     uint32_t ret;
685     int channel;
686 
687     saddr = (addr >> reg_shift(serial)) & 1;
688     channel = (addr >> chn_shift(serial)) & 1;
689     s = &serial->chn[channel];
690     switch (saddr) {
691     case SERIAL_CTRL:
692         trace_escc_mem_readb_ctrl(CHN_C(s), s->reg, s->rregs[s->reg]);
693         ret = s->rregs[s->reg];
694         s->reg = 0;
695         return ret;
696     case SERIAL_DATA:
697         s->rregs[R_STATUS] &= ~STATUS_RXAV;
698         clr_rxint(s);
699         if (s->type == escc_kbd || s->type == escc_mouse) {
700             ret = get_queue(s);
701         } else {
702             ret = s->rx;
703         }
704         trace_escc_mem_readb_data(CHN_C(s), ret);
705         qemu_chr_fe_accept_input(&s->chr);
706         return ret;
707     default:
708         break;
709     }
710     return 0;
711 }
712 
713 static const MemoryRegionOps escc_mem_ops = {
714     .read = escc_mem_read,
715     .write = escc_mem_write,
716     .endianness = DEVICE_NATIVE_ENDIAN,
717     .valid = {
718         .min_access_size = 1,
719         .max_access_size = 1,
720     },
721 };
722 
723 static int serial_can_receive(void *opaque)
724 {
725     ESCCChannelState *s = opaque;
726     int ret;
727 
728     if (((s->wregs[W_RXCTRL] & RXCTRL_RXEN) == 0) /* Rx not enabled */
729         || ((s->rregs[R_STATUS] & STATUS_RXAV) == STATUS_RXAV)) {
730         /* char already available */
731         ret = 0;
732     } else {
733         ret = 1;
734     }
735     return ret;
736 }
737 
738 static void serial_receive_byte(ESCCChannelState *s, int ch)
739 {
740     trace_escc_serial_receive_byte(CHN_C(s), ch);
741     s->rregs[R_STATUS] |= STATUS_RXAV;
742     s->rx = ch;
743     set_rxint(s);
744 }
745 
746 static void serial_receive_break(ESCCChannelState *s)
747 {
748     s->rregs[R_STATUS] |= STATUS_BRK;
749     escc_update_irq(s);
750 }
751 
752 static void serial_receive1(void *opaque, const uint8_t *buf, int size)
753 {
754     ESCCChannelState *s = opaque;
755     serial_receive_byte(s, buf[0]);
756 }
757 
758 static void serial_event(void *opaque, QEMUChrEvent event)
759 {
760     ESCCChannelState *s = opaque;
761     if (event == CHR_EVENT_BREAK) {
762         serial_receive_break(s);
763     }
764 }
765 
766 static const VMStateDescription vmstate_escc_chn = {
767     .name = "escc_chn",
768     .version_id = 2,
769     .minimum_version_id = 1,
770     .fields = (const VMStateField[]) {
771         VMSTATE_UINT32(vmstate_dummy, ESCCChannelState),
772         VMSTATE_UINT32(reg, ESCCChannelState),
773         VMSTATE_UINT32(rxint, ESCCChannelState),
774         VMSTATE_UINT32(txint, ESCCChannelState),
775         VMSTATE_UINT32(rxint_under_svc, ESCCChannelState),
776         VMSTATE_UINT32(txint_under_svc, ESCCChannelState),
777         VMSTATE_UINT8(rx, ESCCChannelState),
778         VMSTATE_UINT8(tx, ESCCChannelState),
779         VMSTATE_BUFFER(wregs, ESCCChannelState),
780         VMSTATE_BUFFER(rregs, ESCCChannelState),
781         VMSTATE_END_OF_LIST()
782     }
783 };
784 
785 static const VMStateDescription vmstate_escc = {
786     .name = "escc",
787     .version_id = 2,
788     .minimum_version_id = 1,
789     .fields = (const VMStateField[]) {
790         VMSTATE_STRUCT_ARRAY(chn, ESCCState, 2, 2, vmstate_escc_chn,
791                              ESCCChannelState),
792         VMSTATE_END_OF_LIST()
793     }
794 };
795 
796 static void sunkbd_handle_event(DeviceState *dev, QemuConsole *src,
797                                 InputEvent *evt)
798 {
799     ESCCChannelState *s = (ESCCChannelState *)dev;
800     int qcode, keycode;
801     InputKeyEvent *key;
802 
803     assert(evt->type == INPUT_EVENT_KIND_KEY);
804     key = evt->u.key.data;
805     qcode = qemu_input_key_value_to_qcode(key->key);
806     trace_escc_sunkbd_event_in(qcode, QKeyCode_str(qcode),
807                                key->down);
808 
809     if (qcode == Q_KEY_CODE_CAPS_LOCK) {
810         if (key->down) {
811             s->caps_lock_mode ^= 1;
812             if (s->caps_lock_mode == 2) {
813                 return; /* Drop second press */
814             }
815         } else {
816             s->caps_lock_mode ^= 2;
817             if (s->caps_lock_mode == 3) {
818                 return; /* Drop first release */
819             }
820         }
821     }
822 
823     if (qcode == Q_KEY_CODE_NUM_LOCK) {
824         if (key->down) {
825             s->num_lock_mode ^= 1;
826             if (s->num_lock_mode == 2) {
827                 return; /* Drop second press */
828             }
829         } else {
830             s->num_lock_mode ^= 2;
831             if (s->num_lock_mode == 3) {
832                 return; /* Drop first release */
833             }
834         }
835     }
836 
837     if (qcode >= qemu_input_map_qcode_to_sun_len) {
838         return;
839     }
840 
841     keycode = qemu_input_map_qcode_to_sun[qcode];
842     if (!key->down) {
843         keycode |= 0x80;
844     }
845     trace_escc_sunkbd_event_out(keycode);
846     put_queue(s, keycode);
847 }
848 
849 static const QemuInputHandler sunkbd_handler = {
850     .name  = "sun keyboard",
851     .mask  = INPUT_EVENT_MASK_KEY,
852     .event = sunkbd_handle_event,
853 };
854 
855 static uint8_t sunkbd_layout_dip_switch(const char *kbd_layout)
856 {
857     /* Return the value of the dip-switches in a SUN Type 5 keyboard */
858     static uint8_t ret = 0xff;
859 
860     if ((ret == 0xff) && kbd_layout) {
861         int i;
862         struct layout_values {
863             const char *lang;
864             uint8_t dip;
865         } languages[] =
866             /*
867              * Dip values from table 3-16 Layouts for Type 4, 5 and 5c Keyboards
868              */
869             {
870                 {"en-us", 0x21}, /* U.S.A. (US5.kt) */
871                                  /* 0x22 is some other US (US_UNIX5.kt) */
872                 {"fr",    0x23}, /* France (France5.kt) */
873                 {"da",    0x24}, /* Denmark (Denmark5.kt) */
874                 {"de",    0x25}, /* Germany (Germany5.kt) */
875                 {"it",    0x26}, /* Italy (Italy5.kt) */
876                 {"nl",    0x27}, /* The Netherlands (Netherland5.kt) */
877                 {"no",    0x28}, /* Norway (Norway.kt) */
878                 {"pt",    0x29}, /* Portugal (Portugal5.kt) */
879                 {"es",    0x2a}, /* Spain (Spain5.kt) */
880                 {"sv",    0x2b}, /* Sweden (Sweden5.kt) */
881                 {"fr-ch", 0x2c}, /* Switzerland/French (Switzer_Fr5.kt) */
882                 {"de-ch", 0x2d}, /* Switzerland/German (Switzer_Ge5.kt) */
883                 {"en-gb", 0x2e}, /* Great Britain (UK5.kt) */
884                 {"ko",    0x2f}, /* Korea (Korea5.kt) */
885                 {"tw",    0x30}, /* Taiwan (Taiwan5.kt) */
886                 {"ja",    0x31}, /* Japan (Japan5.kt) */
887                 {"fr-ca", 0x32}, /* Canada/French (Canada_Fr5.kt) */
888                 {"hu",    0x33}, /* Hungary (Hungary5.kt) */
889                 {"pl",    0x34}, /* Poland (Poland5.kt) */
890                 {"cz",    0x35}, /* Czech (Czech5.kt) */
891                 {"ru",    0x36}, /* Russia (Russia5.kt) */
892                 {"lv",    0x37}, /* Latvia (Latvia5.kt) */
893                 {"tr",    0x38}, /* Turkey-Q5 (TurkeyQ5.kt) */
894                 {"gr",    0x39}, /* Greece (Greece5.kt) */
895                 {"ar",    0x3a}, /* Arabic (Arabic5.kt) */
896                 {"lt",    0x3b}, /* Lithuania (Lithuania5.kt) */
897                 {"nl-be", 0x3c}, /* Belgium (Belgian5.kt) */
898                 {"be",    0x3c}, /* Belgium (Belgian5.kt) */
899             };
900 
901         for (i = 0;
902              i < sizeof(languages) / sizeof(struct layout_values);
903              i++) {
904             if (!strcmp(kbd_layout, languages[i].lang)) {
905                 ret = languages[i].dip;
906                 return ret;
907             }
908         }
909 
910         /* Found no known language code */
911         if ((kbd_layout[0] >= '0') && (kbd_layout[0] <= '9')) {
912             unsigned int tmp;
913 
914             /* As a fallback we also accept numeric dip switch value */
915             if (!qemu_strtoui(kbd_layout, NULL, 0, &tmp)) {
916                 ret = tmp;
917             }
918         }
919     }
920 
921     if (ret == 0xff) {
922         /* Final fallback if keyboard_layout was not set or recognized */
923         ret = 0x21; /* en-us layout */
924     }
925     return ret;
926 }
927 
928 static void handle_kbd_command(ESCCChannelState *s, int val)
929 {
930     trace_escc_kbd_command(val);
931     if (s->led_mode) { /* Ignore led byte */
932         s->led_mode = 0;
933         return;
934     }
935     switch (val) {
936     case 1: /* Reset, return type code */
937         clear_queue(s);
938         put_queue(s, 0xff);
939         put_queue(s, 4); /* Type 4 */
940         put_queue(s, 0x7f);
941         break;
942     case 0xe: /* Set leds */
943         s->led_mode = 1;
944         break;
945     case 7: /* Query layout */
946     case 0xf:
947         clear_queue(s);
948         put_queue(s, 0xfe);
949         put_queue(s, sunkbd_layout_dip_switch(s->sunkbd_layout));
950         break;
951     default:
952         break;
953     }
954 }
955 
956 static void sunmouse_handle_event(DeviceState *dev, QemuConsole *src,
957                                   InputEvent *evt)
958 {
959     ESCCChannelState *s = (ESCCChannelState *)dev;
960     InputMoveEvent *move;
961     InputBtnEvent *btn;
962     static const int bmap[INPUT_BUTTON__MAX] = {
963         [INPUT_BUTTON_LEFT]   = 0x4,
964         [INPUT_BUTTON_MIDDLE] = 0x2,
965         [INPUT_BUTTON_RIGHT]  = 0x1,
966     };
967 
968     switch (evt->type) {
969     case INPUT_EVENT_KIND_REL:
970         move = evt->u.rel.data;
971         if (move->axis == INPUT_AXIS_X) {
972             s->sunmouse_dx += move->value;
973         } else if (move->axis == INPUT_AXIS_Y) {
974             s->sunmouse_dy -= move->value;
975         }
976         break;
977 
978     case INPUT_EVENT_KIND_BTN:
979         btn = evt->u.btn.data;
980         if (bmap[btn->button]) {
981             if (btn->down) {
982                 s->sunmouse_buttons |= bmap[btn->button];
983             } else {
984                 s->sunmouse_buttons &= ~bmap[btn->button];
985             }
986             /* Indicate we have a supported button event */
987             s->sunmouse_buttons |= 0x80;
988         }
989         break;
990 
991     default:
992         /* keep gcc happy */
993         break;
994     }
995 }
996 
997 static void sunmouse_sync(DeviceState *dev)
998 {
999     ESCCChannelState *s = (ESCCChannelState *)dev;
1000     int ch;
1001 
1002     if (s->sunmouse_dx == 0 && s->sunmouse_dy == 0 &&
1003         (s->sunmouse_buttons & 0x80) == 0) {
1004             /* Nothing to do after button event filter */
1005             return;
1006     }
1007 
1008     /* Clear our button event flag */
1009     s->sunmouse_buttons &= ~0x80;
1010     trace_escc_sunmouse_event(s->sunmouse_dx, s->sunmouse_dy,
1011                               s->sunmouse_buttons);
1012     ch = 0x80 | 0x7; /* protocol start byte, no buttons pressed */
1013     ch ^= s->sunmouse_buttons;
1014     put_queue(s, ch);
1015 
1016     ch = s->sunmouse_dx;
1017     if (ch > 127) {
1018         ch = 127;
1019     } else if (ch < -127) {
1020         ch = -127;
1021     }
1022     put_queue(s, ch & 0xff);
1023     s->sunmouse_dx -= ch;
1024 
1025     ch = s->sunmouse_dy;
1026     if (ch > 127) {
1027         ch = 127;
1028     } else if (ch < -127) {
1029         ch = -127;
1030     }
1031     put_queue(s, ch & 0xff);
1032     s->sunmouse_dy -= ch;
1033 
1034     /* MSC protocol specifies two extra motion bytes */
1035     put_queue(s, 0);
1036     put_queue(s, 0);
1037 }
1038 
1039 static const QemuInputHandler sunmouse_handler = {
1040     .name  = "QEMU Sun Mouse",
1041     .mask  = INPUT_EVENT_MASK_BTN | INPUT_EVENT_MASK_REL,
1042     .event = sunmouse_handle_event,
1043     .sync  = sunmouse_sync,
1044 };
1045 
1046 static void escc_init1(Object *obj)
1047 {
1048     ESCCState *s = ESCC(obj);
1049     SysBusDevice *dev = SYS_BUS_DEVICE(obj);
1050     unsigned int i;
1051 
1052     for (i = 0; i < 2; i++) {
1053         sysbus_init_irq(dev, &s->chn[i].irq);
1054         s->chn[i].chn = 1 - i;
1055     }
1056     s->chn[0].otherchn = &s->chn[1];
1057     s->chn[1].otherchn = &s->chn[0];
1058 
1059     sysbus_init_mmio(dev, &s->mmio);
1060 }
1061 
1062 static void escc_realize(DeviceState *dev, Error **errp)
1063 {
1064     ESCCState *s = ESCC(dev);
1065     unsigned int i;
1066 
1067     s->chn[0].disabled = s->disabled;
1068     s->chn[1].disabled = s->disabled;
1069 
1070     memory_region_init_io(&s->mmio, OBJECT(dev), &escc_mem_ops, s, "escc",
1071                           ESCC_SIZE << s->it_shift);
1072 
1073     for (i = 0; i < 2; i++) {
1074         if (qemu_chr_fe_backend_connected(&s->chn[i].chr)) {
1075             s->chn[i].clock = s->frequency / 2;
1076             qemu_chr_fe_set_handlers(&s->chn[i].chr, serial_can_receive,
1077                                      serial_receive1, serial_event, NULL,
1078                                      &s->chn[i], NULL, true);
1079         }
1080     }
1081 
1082     if (s->chn[0].type == escc_mouse) {
1083         s->chn[0].hs = qemu_input_handler_register((DeviceState *)(&s->chn[0]),
1084                                                    &sunmouse_handler);
1085     }
1086     if (s->chn[1].type == escc_kbd) {
1087         s->chn[1].hs = qemu_input_handler_register((DeviceState *)(&s->chn[1]),
1088                                                    &sunkbd_handler);
1089     }
1090 }
1091 
1092 static Property escc_properties[] = {
1093     DEFINE_PROP_UINT32("frequency", ESCCState, frequency,   0),
1094     DEFINE_PROP_UINT32("it_shift",  ESCCState, it_shift,    0),
1095     DEFINE_PROP_BOOL("bit_swap",    ESCCState, bit_swap,    false),
1096     DEFINE_PROP_UINT32("disabled",  ESCCState, disabled,    0),
1097     DEFINE_PROP_UINT32("chnBtype",  ESCCState, chn[0].type, 0),
1098     DEFINE_PROP_UINT32("chnAtype",  ESCCState, chn[1].type, 0),
1099     DEFINE_PROP_CHR("chrB", ESCCState, chn[0].chr),
1100     DEFINE_PROP_CHR("chrA", ESCCState, chn[1].chr),
1101     DEFINE_PROP_STRING("chnA-sunkbd-layout", ESCCState, chn[1].sunkbd_layout),
1102     DEFINE_PROP_END_OF_LIST(),
1103 };
1104 
1105 static void escc_class_init(ObjectClass *klass, void *data)
1106 {
1107     DeviceClass *dc = DEVICE_CLASS(klass);
1108 
1109     device_class_set_legacy_reset(dc, escc_reset);
1110     dc->realize = escc_realize;
1111     dc->vmsd = &vmstate_escc;
1112     device_class_set_props(dc, escc_properties);
1113     set_bit(DEVICE_CATEGORY_INPUT, dc->categories);
1114 }
1115 
1116 static const TypeInfo escc_info = {
1117     .name          = TYPE_ESCC,
1118     .parent        = TYPE_SYS_BUS_DEVICE,
1119     .instance_size = sizeof(ESCCState),
1120     .instance_init = escc_init1,
1121     .class_init    = escc_class_init,
1122 };
1123 
1124 static void escc_register_types(void)
1125 {
1126     type_register_static(&escc_info);
1127 }
1128 
1129 type_init(escc_register_types)
1130