xref: /openbmc/qemu/hw/display/cirrus_vga.c (revision 892609056ddff373f8c8c55525a53dd932ee403d)
1 /*
2  * QEMU Cirrus CLGD 54xx VGA Emulator.
3  *
4  * Copyright (c) 2004 Fabrice Bellard
5  * Copyright (c) 2004 Makoto Suzuki (suzu)
6  *
7  * Permission is hereby granted, free of charge, to any person obtaining a copy
8  * of this software and associated documentation files (the "Software"), to deal
9  * in the Software without restriction, including without limitation the rights
10  * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
11  * copies of the Software, and to permit persons to whom the Software is
12  * furnished to do so, subject to the following conditions:
13  *
14  * The above copyright notice and this permission notice shall be included in
15  * all copies or substantial portions of the Software.
16  *
17  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
18  * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
19  * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
20  * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
21  * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
22  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
23  * THE SOFTWARE.
24  */
25 /*
26  * Reference: Finn Thogersons' VGADOC4b:
27  *
28  *  http://web.archive.org/web/20021019054927/http://home.worldonline.dk/finth/
29  *
30  * VGADOC4b.ZIP content available at:
31  *
32  *  https://pdos.csail.mit.edu/6.828/2005/readings/hardware/vgadoc
33  */
34 
35 #include "qemu/osdep.h"
36 #include "qemu/module.h"
37 #include "qemu/units.h"
38 #include "sysemu/reset.h"
39 #include "qapi/error.h"
40 #include "trace.h"
41 #include "hw/pci/pci.h"
42 #include "hw/qdev-properties.h"
43 #include "migration/vmstate.h"
44 #include "ui/pixel_ops.h"
45 #include "cirrus_vga_internal.h"
46 
47 /*
48  * TODO:
49  *    - destination write mask support not complete (bits 5..7)
50  *    - optimize linear mappings
51  *    - optimize bitblt functions
52  */
53 
54 //#define DEBUG_CIRRUS
55 //#define DEBUG_BITBLT
56 
57 /***************************************
58  *
59  *  definitions
60  *
61  ***************************************/
62 
63 // sequencer 0x07
64 #define CIRRUS_SR7_BPP_VGA            0x00
65 #define CIRRUS_SR7_BPP_SVGA           0x01
66 #define CIRRUS_SR7_BPP_MASK           0x0e
67 #define CIRRUS_SR7_BPP_8              0x00
68 #define CIRRUS_SR7_BPP_16_DOUBLEVCLK  0x02
69 #define CIRRUS_SR7_BPP_24             0x04
70 #define CIRRUS_SR7_BPP_16             0x06
71 #define CIRRUS_SR7_BPP_32             0x08
72 #define CIRRUS_SR7_ISAADDR_MASK       0xe0
73 
74 // sequencer 0x0f
75 #define CIRRUS_MEMSIZE_512k        0x08
76 #define CIRRUS_MEMSIZE_1M          0x10
77 #define CIRRUS_MEMSIZE_2M          0x18
78 #define CIRRUS_MEMFLAGS_BANKSWITCH 0x80	// bank switching is enabled.
79 
80 // sequencer 0x12
81 #define CIRRUS_CURSOR_SHOW         0x01
82 #define CIRRUS_CURSOR_HIDDENPEL    0x02
83 #define CIRRUS_CURSOR_LARGE        0x04	// 64x64 if set, 32x32 if clear
84 
85 // sequencer 0x17
86 #define CIRRUS_BUSTYPE_VLBFAST   0x10
87 #define CIRRUS_BUSTYPE_PCI       0x20
88 #define CIRRUS_BUSTYPE_VLBSLOW   0x30
89 #define CIRRUS_BUSTYPE_ISA       0x38
90 #define CIRRUS_MMIO_ENABLE       0x04
91 #define CIRRUS_MMIO_USE_PCIADDR  0x40	// 0xb8000 if cleared.
92 #define CIRRUS_MEMSIZEEXT_DOUBLE 0x80
93 
94 // control 0x0b
95 #define CIRRUS_BANKING_DUAL             0x01
96 #define CIRRUS_BANKING_GRANULARITY_16K  0x20	// set:16k, clear:4k
97 
98 // control 0x30
99 #define CIRRUS_BLTMODE_BACKWARDS        0x01
100 #define CIRRUS_BLTMODE_MEMSYSDEST       0x02
101 #define CIRRUS_BLTMODE_MEMSYSSRC        0x04
102 #define CIRRUS_BLTMODE_TRANSPARENTCOMP  0x08
103 #define CIRRUS_BLTMODE_PATTERNCOPY      0x40
104 #define CIRRUS_BLTMODE_COLOREXPAND      0x80
105 #define CIRRUS_BLTMODE_PIXELWIDTHMASK   0x30
106 #define CIRRUS_BLTMODE_PIXELWIDTH8      0x00
107 #define CIRRUS_BLTMODE_PIXELWIDTH16     0x10
108 #define CIRRUS_BLTMODE_PIXELWIDTH24     0x20
109 #define CIRRUS_BLTMODE_PIXELWIDTH32     0x30
110 
111 // control 0x31
112 #define CIRRUS_BLT_BUSY                 0x01
113 #define CIRRUS_BLT_START                0x02
114 #define CIRRUS_BLT_RESET                0x04
115 #define CIRRUS_BLT_FIFOUSED             0x10
116 #define CIRRUS_BLT_AUTOSTART            0x80
117 
118 // control 0x32
119 #define CIRRUS_ROP_0                    0x00
120 #define CIRRUS_ROP_SRC_AND_DST          0x05
121 #define CIRRUS_ROP_NOP                  0x06
122 #define CIRRUS_ROP_SRC_AND_NOTDST       0x09
123 #define CIRRUS_ROP_NOTDST               0x0b
124 #define CIRRUS_ROP_SRC                  0x0d
125 #define CIRRUS_ROP_1                    0x0e
126 #define CIRRUS_ROP_NOTSRC_AND_DST       0x50
127 #define CIRRUS_ROP_SRC_XOR_DST          0x59
128 #define CIRRUS_ROP_SRC_OR_DST           0x6d
129 #define CIRRUS_ROP_NOTSRC_OR_NOTDST     0x90
130 #define CIRRUS_ROP_SRC_NOTXOR_DST       0x95
131 #define CIRRUS_ROP_SRC_OR_NOTDST        0xad
132 #define CIRRUS_ROP_NOTSRC               0xd0
133 #define CIRRUS_ROP_NOTSRC_OR_DST        0xd6
134 #define CIRRUS_ROP_NOTSRC_AND_NOTDST    0xda
135 
136 #define CIRRUS_ROP_NOP_INDEX 2
137 #define CIRRUS_ROP_SRC_INDEX 5
138 
139 // control 0x33
140 #define CIRRUS_BLTMODEEXT_SOLIDFILL        0x04
141 #define CIRRUS_BLTMODEEXT_COLOREXPINV      0x02
142 #define CIRRUS_BLTMODEEXT_DWORDGRANULARITY 0x01
143 
144 // memory-mapped IO
145 #define CIRRUS_MMIO_BLTBGCOLOR        0x00	// dword
146 #define CIRRUS_MMIO_BLTFGCOLOR        0x04	// dword
147 #define CIRRUS_MMIO_BLTWIDTH          0x08	// word
148 #define CIRRUS_MMIO_BLTHEIGHT         0x0a	// word
149 #define CIRRUS_MMIO_BLTDESTPITCH      0x0c	// word
150 #define CIRRUS_MMIO_BLTSRCPITCH       0x0e	// word
151 #define CIRRUS_MMIO_BLTDESTADDR       0x10	// dword
152 #define CIRRUS_MMIO_BLTSRCADDR        0x14	// dword
153 #define CIRRUS_MMIO_BLTWRITEMASK      0x17	// byte
154 #define CIRRUS_MMIO_BLTMODE           0x18	// byte
155 #define CIRRUS_MMIO_BLTROP            0x1a	// byte
156 #define CIRRUS_MMIO_BLTMODEEXT        0x1b	// byte
157 #define CIRRUS_MMIO_BLTTRANSPARENTCOLOR 0x1c	// word?
158 #define CIRRUS_MMIO_BLTTRANSPARENTCOLORMASK 0x20	// word?
159 #define CIRRUS_MMIO_LINEARDRAW_START_X 0x24	// word
160 #define CIRRUS_MMIO_LINEARDRAW_START_Y 0x26	// word
161 #define CIRRUS_MMIO_LINEARDRAW_END_X  0x28	// word
162 #define CIRRUS_MMIO_LINEARDRAW_END_Y  0x2a	// word
163 #define CIRRUS_MMIO_LINEARDRAW_LINESTYLE_INC 0x2c	// byte
164 #define CIRRUS_MMIO_LINEARDRAW_LINESTYLE_ROLLOVER 0x2d	// byte
165 #define CIRRUS_MMIO_LINEARDRAW_LINESTYLE_MASK 0x2e	// byte
166 #define CIRRUS_MMIO_LINEARDRAW_LINESTYLE_ACCUM 0x2f	// byte
167 #define CIRRUS_MMIO_BRESENHAM_K1      0x30	// word
168 #define CIRRUS_MMIO_BRESENHAM_K3      0x32	// word
169 #define CIRRUS_MMIO_BRESENHAM_ERROR   0x34	// word
170 #define CIRRUS_MMIO_BRESENHAM_DELTA_MAJOR 0x36	// word
171 #define CIRRUS_MMIO_BRESENHAM_DIRECTION 0x38	// byte
172 #define CIRRUS_MMIO_LINEDRAW_MODE     0x39	// byte
173 #define CIRRUS_MMIO_BLTSTATUS         0x40	// byte
174 
175 #define CIRRUS_PNPMMIO_SIZE         0x1000
176 
177 typedef void (*cirrus_fill_t)(struct CirrusVGAState *s,
178                               uint32_t dstaddr, int dst_pitch,
179                               int width, int height);
180 
181 typedef struct PCICirrusVGAState {
182     PCIDevice dev;
183     CirrusVGAState cirrus_vga;
184 } PCICirrusVGAState;
185 
186 #define TYPE_PCI_CIRRUS_VGA "cirrus-vga"
187 #define PCI_CIRRUS_VGA(obj) \
188     OBJECT_CHECK(PCICirrusVGAState, (obj), TYPE_PCI_CIRRUS_VGA)
189 
190 static uint8_t rop_to_index[256];
191 
192 /***************************************
193  *
194  *  prototypes.
195  *
196  ***************************************/
197 
198 
199 static void cirrus_bitblt_reset(CirrusVGAState *s);
200 static void cirrus_update_memory_access(CirrusVGAState *s);
201 
202 /***************************************
203  *
204  *  raster operations
205  *
206  ***************************************/
207 
208 static bool blit_region_is_unsafe(struct CirrusVGAState *s,
209                                   int32_t pitch, int32_t addr)
210 {
211     if (!pitch) {
212         return true;
213     }
214     if (pitch < 0) {
215         int64_t min = addr
216             + ((int64_t)s->cirrus_blt_height - 1) * pitch
217             - s->cirrus_blt_width;
218         if (min < -1 || addr >= s->vga.vram_size) {
219             return true;
220         }
221     } else {
222         int64_t max = addr
223             + ((int64_t)s->cirrus_blt_height-1) * pitch
224             + s->cirrus_blt_width;
225         if (max > s->vga.vram_size) {
226             return true;
227         }
228     }
229     return false;
230 }
231 
232 static bool blit_is_unsafe(struct CirrusVGAState *s, bool dst_only)
233 {
234     /* should be the case, see cirrus_bitblt_start */
235     assert(s->cirrus_blt_width > 0);
236     assert(s->cirrus_blt_height > 0);
237 
238     if (s->cirrus_blt_width > CIRRUS_BLTBUFSIZE) {
239         return true;
240     }
241 
242     if (blit_region_is_unsafe(s, s->cirrus_blt_dstpitch,
243                               s->cirrus_blt_dstaddr)) {
244         return true;
245     }
246     if (dst_only) {
247         return false;
248     }
249     if (blit_region_is_unsafe(s, s->cirrus_blt_srcpitch,
250                               s->cirrus_blt_srcaddr)) {
251         return true;
252     }
253 
254     return false;
255 }
256 
257 static void cirrus_bitblt_rop_nop(CirrusVGAState *s,
258                                   uint32_t dstaddr, uint32_t srcaddr,
259                                   int dstpitch,int srcpitch,
260                                   int bltwidth,int bltheight)
261 {
262 }
263 
264 static void cirrus_bitblt_fill_nop(CirrusVGAState *s,
265                                    uint32_t dstaddr,
266                                    int dstpitch, int bltwidth,int bltheight)
267 {
268 }
269 
270 static inline uint8_t cirrus_src(CirrusVGAState *s, uint32_t srcaddr)
271 {
272     if (s->cirrus_srccounter) {
273         /* cputovideo */
274         return s->cirrus_bltbuf[srcaddr & (CIRRUS_BLTBUFSIZE - 1)];
275     } else {
276         /* videotovideo */
277         return s->vga.vram_ptr[srcaddr & s->cirrus_addr_mask];
278     }
279 }
280 
281 static inline uint16_t cirrus_src16(CirrusVGAState *s, uint32_t srcaddr)
282 {
283     uint16_t *src;
284 
285     if (s->cirrus_srccounter) {
286         /* cputovideo */
287         src = (void *)&s->cirrus_bltbuf[srcaddr & (CIRRUS_BLTBUFSIZE - 1) & ~1];
288     } else {
289         /* videotovideo */
290         src = (void *)&s->vga.vram_ptr[srcaddr & s->cirrus_addr_mask & ~1];
291     }
292     return *src;
293 }
294 
295 static inline uint32_t cirrus_src32(CirrusVGAState *s, uint32_t srcaddr)
296 {
297     uint32_t *src;
298 
299     if (s->cirrus_srccounter) {
300         /* cputovideo */
301         src = (void *)&s->cirrus_bltbuf[srcaddr & (CIRRUS_BLTBUFSIZE - 1) & ~3];
302     } else {
303         /* videotovideo */
304         src = (void *)&s->vga.vram_ptr[srcaddr & s->cirrus_addr_mask & ~3];
305     }
306     return *src;
307 }
308 
309 #define ROP_NAME 0
310 #define ROP_FN(d, s) 0
311 #include "cirrus_vga_rop.h"
312 
313 #define ROP_NAME src_and_dst
314 #define ROP_FN(d, s) (s) & (d)
315 #include "cirrus_vga_rop.h"
316 
317 #define ROP_NAME src_and_notdst
318 #define ROP_FN(d, s) (s) & (~(d))
319 #include "cirrus_vga_rop.h"
320 
321 #define ROP_NAME notdst
322 #define ROP_FN(d, s) ~(d)
323 #include "cirrus_vga_rop.h"
324 
325 #define ROP_NAME src
326 #define ROP_FN(d, s) s
327 #include "cirrus_vga_rop.h"
328 
329 #define ROP_NAME 1
330 #define ROP_FN(d, s) ~0
331 #include "cirrus_vga_rop.h"
332 
333 #define ROP_NAME notsrc_and_dst
334 #define ROP_FN(d, s) (~(s)) & (d)
335 #include "cirrus_vga_rop.h"
336 
337 #define ROP_NAME src_xor_dst
338 #define ROP_FN(d, s) (s) ^ (d)
339 #include "cirrus_vga_rop.h"
340 
341 #define ROP_NAME src_or_dst
342 #define ROP_FN(d, s) (s) | (d)
343 #include "cirrus_vga_rop.h"
344 
345 #define ROP_NAME notsrc_or_notdst
346 #define ROP_FN(d, s) (~(s)) | (~(d))
347 #include "cirrus_vga_rop.h"
348 
349 #define ROP_NAME src_notxor_dst
350 #define ROP_FN(d, s) ~((s) ^ (d))
351 #include "cirrus_vga_rop.h"
352 
353 #define ROP_NAME src_or_notdst
354 #define ROP_FN(d, s) (s) | (~(d))
355 #include "cirrus_vga_rop.h"
356 
357 #define ROP_NAME notsrc
358 #define ROP_FN(d, s) (~(s))
359 #include "cirrus_vga_rop.h"
360 
361 #define ROP_NAME notsrc_or_dst
362 #define ROP_FN(d, s) (~(s)) | (d)
363 #include "cirrus_vga_rop.h"
364 
365 #define ROP_NAME notsrc_and_notdst
366 #define ROP_FN(d, s) (~(s)) & (~(d))
367 #include "cirrus_vga_rop.h"
368 
369 static const cirrus_bitblt_rop_t cirrus_fwd_rop[16] = {
370     cirrus_bitblt_rop_fwd_0,
371     cirrus_bitblt_rop_fwd_src_and_dst,
372     cirrus_bitblt_rop_nop,
373     cirrus_bitblt_rop_fwd_src_and_notdst,
374     cirrus_bitblt_rop_fwd_notdst,
375     cirrus_bitblt_rop_fwd_src,
376     cirrus_bitblt_rop_fwd_1,
377     cirrus_bitblt_rop_fwd_notsrc_and_dst,
378     cirrus_bitblt_rop_fwd_src_xor_dst,
379     cirrus_bitblt_rop_fwd_src_or_dst,
380     cirrus_bitblt_rop_fwd_notsrc_or_notdst,
381     cirrus_bitblt_rop_fwd_src_notxor_dst,
382     cirrus_bitblt_rop_fwd_src_or_notdst,
383     cirrus_bitblt_rop_fwd_notsrc,
384     cirrus_bitblt_rop_fwd_notsrc_or_dst,
385     cirrus_bitblt_rop_fwd_notsrc_and_notdst,
386 };
387 
388 static const cirrus_bitblt_rop_t cirrus_bkwd_rop[16] = {
389     cirrus_bitblt_rop_bkwd_0,
390     cirrus_bitblt_rop_bkwd_src_and_dst,
391     cirrus_bitblt_rop_nop,
392     cirrus_bitblt_rop_bkwd_src_and_notdst,
393     cirrus_bitblt_rop_bkwd_notdst,
394     cirrus_bitblt_rop_bkwd_src,
395     cirrus_bitblt_rop_bkwd_1,
396     cirrus_bitblt_rop_bkwd_notsrc_and_dst,
397     cirrus_bitblt_rop_bkwd_src_xor_dst,
398     cirrus_bitblt_rop_bkwd_src_or_dst,
399     cirrus_bitblt_rop_bkwd_notsrc_or_notdst,
400     cirrus_bitblt_rop_bkwd_src_notxor_dst,
401     cirrus_bitblt_rop_bkwd_src_or_notdst,
402     cirrus_bitblt_rop_bkwd_notsrc,
403     cirrus_bitblt_rop_bkwd_notsrc_or_dst,
404     cirrus_bitblt_rop_bkwd_notsrc_and_notdst,
405 };
406 
407 #define TRANSP_ROP(name) {\
408     name ## _8,\
409     name ## _16,\
410         }
411 #define TRANSP_NOP(func) {\
412     func,\
413     func,\
414         }
415 
416 static const cirrus_bitblt_rop_t cirrus_fwd_transp_rop[16][2] = {
417     TRANSP_ROP(cirrus_bitblt_rop_fwd_transp_0),
418     TRANSP_ROP(cirrus_bitblt_rop_fwd_transp_src_and_dst),
419     TRANSP_NOP(cirrus_bitblt_rop_nop),
420     TRANSP_ROP(cirrus_bitblt_rop_fwd_transp_src_and_notdst),
421     TRANSP_ROP(cirrus_bitblt_rop_fwd_transp_notdst),
422     TRANSP_ROP(cirrus_bitblt_rop_fwd_transp_src),
423     TRANSP_ROP(cirrus_bitblt_rop_fwd_transp_1),
424     TRANSP_ROP(cirrus_bitblt_rop_fwd_transp_notsrc_and_dst),
425     TRANSP_ROP(cirrus_bitblt_rop_fwd_transp_src_xor_dst),
426     TRANSP_ROP(cirrus_bitblt_rop_fwd_transp_src_or_dst),
427     TRANSP_ROP(cirrus_bitblt_rop_fwd_transp_notsrc_or_notdst),
428     TRANSP_ROP(cirrus_bitblt_rop_fwd_transp_src_notxor_dst),
429     TRANSP_ROP(cirrus_bitblt_rop_fwd_transp_src_or_notdst),
430     TRANSP_ROP(cirrus_bitblt_rop_fwd_transp_notsrc),
431     TRANSP_ROP(cirrus_bitblt_rop_fwd_transp_notsrc_or_dst),
432     TRANSP_ROP(cirrus_bitblt_rop_fwd_transp_notsrc_and_notdst),
433 };
434 
435 static const cirrus_bitblt_rop_t cirrus_bkwd_transp_rop[16][2] = {
436     TRANSP_ROP(cirrus_bitblt_rop_bkwd_transp_0),
437     TRANSP_ROP(cirrus_bitblt_rop_bkwd_transp_src_and_dst),
438     TRANSP_NOP(cirrus_bitblt_rop_nop),
439     TRANSP_ROP(cirrus_bitblt_rop_bkwd_transp_src_and_notdst),
440     TRANSP_ROP(cirrus_bitblt_rop_bkwd_transp_notdst),
441     TRANSP_ROP(cirrus_bitblt_rop_bkwd_transp_src),
442     TRANSP_ROP(cirrus_bitblt_rop_bkwd_transp_1),
443     TRANSP_ROP(cirrus_bitblt_rop_bkwd_transp_notsrc_and_dst),
444     TRANSP_ROP(cirrus_bitblt_rop_bkwd_transp_src_xor_dst),
445     TRANSP_ROP(cirrus_bitblt_rop_bkwd_transp_src_or_dst),
446     TRANSP_ROP(cirrus_bitblt_rop_bkwd_transp_notsrc_or_notdst),
447     TRANSP_ROP(cirrus_bitblt_rop_bkwd_transp_src_notxor_dst),
448     TRANSP_ROP(cirrus_bitblt_rop_bkwd_transp_src_or_notdst),
449     TRANSP_ROP(cirrus_bitblt_rop_bkwd_transp_notsrc),
450     TRANSP_ROP(cirrus_bitblt_rop_bkwd_transp_notsrc_or_dst),
451     TRANSP_ROP(cirrus_bitblt_rop_bkwd_transp_notsrc_and_notdst),
452 };
453 
454 #define ROP2(name) {\
455     name ## _8,\
456     name ## _16,\
457     name ## _24,\
458     name ## _32,\
459         }
460 
461 #define ROP_NOP2(func) {\
462     func,\
463     func,\
464     func,\
465     func,\
466         }
467 
468 static const cirrus_bitblt_rop_t cirrus_patternfill[16][4] = {
469     ROP2(cirrus_patternfill_0),
470     ROP2(cirrus_patternfill_src_and_dst),
471     ROP_NOP2(cirrus_bitblt_rop_nop),
472     ROP2(cirrus_patternfill_src_and_notdst),
473     ROP2(cirrus_patternfill_notdst),
474     ROP2(cirrus_patternfill_src),
475     ROP2(cirrus_patternfill_1),
476     ROP2(cirrus_patternfill_notsrc_and_dst),
477     ROP2(cirrus_patternfill_src_xor_dst),
478     ROP2(cirrus_patternfill_src_or_dst),
479     ROP2(cirrus_patternfill_notsrc_or_notdst),
480     ROP2(cirrus_patternfill_src_notxor_dst),
481     ROP2(cirrus_patternfill_src_or_notdst),
482     ROP2(cirrus_patternfill_notsrc),
483     ROP2(cirrus_patternfill_notsrc_or_dst),
484     ROP2(cirrus_patternfill_notsrc_and_notdst),
485 };
486 
487 static const cirrus_bitblt_rop_t cirrus_colorexpand_transp[16][4] = {
488     ROP2(cirrus_colorexpand_transp_0),
489     ROP2(cirrus_colorexpand_transp_src_and_dst),
490     ROP_NOP2(cirrus_bitblt_rop_nop),
491     ROP2(cirrus_colorexpand_transp_src_and_notdst),
492     ROP2(cirrus_colorexpand_transp_notdst),
493     ROP2(cirrus_colorexpand_transp_src),
494     ROP2(cirrus_colorexpand_transp_1),
495     ROP2(cirrus_colorexpand_transp_notsrc_and_dst),
496     ROP2(cirrus_colorexpand_transp_src_xor_dst),
497     ROP2(cirrus_colorexpand_transp_src_or_dst),
498     ROP2(cirrus_colorexpand_transp_notsrc_or_notdst),
499     ROP2(cirrus_colorexpand_transp_src_notxor_dst),
500     ROP2(cirrus_colorexpand_transp_src_or_notdst),
501     ROP2(cirrus_colorexpand_transp_notsrc),
502     ROP2(cirrus_colorexpand_transp_notsrc_or_dst),
503     ROP2(cirrus_colorexpand_transp_notsrc_and_notdst),
504 };
505 
506 static const cirrus_bitblt_rop_t cirrus_colorexpand[16][4] = {
507     ROP2(cirrus_colorexpand_0),
508     ROP2(cirrus_colorexpand_src_and_dst),
509     ROP_NOP2(cirrus_bitblt_rop_nop),
510     ROP2(cirrus_colorexpand_src_and_notdst),
511     ROP2(cirrus_colorexpand_notdst),
512     ROP2(cirrus_colorexpand_src),
513     ROP2(cirrus_colorexpand_1),
514     ROP2(cirrus_colorexpand_notsrc_and_dst),
515     ROP2(cirrus_colorexpand_src_xor_dst),
516     ROP2(cirrus_colorexpand_src_or_dst),
517     ROP2(cirrus_colorexpand_notsrc_or_notdst),
518     ROP2(cirrus_colorexpand_src_notxor_dst),
519     ROP2(cirrus_colorexpand_src_or_notdst),
520     ROP2(cirrus_colorexpand_notsrc),
521     ROP2(cirrus_colorexpand_notsrc_or_dst),
522     ROP2(cirrus_colorexpand_notsrc_and_notdst),
523 };
524 
525 static const cirrus_bitblt_rop_t cirrus_colorexpand_pattern_transp[16][4] = {
526     ROP2(cirrus_colorexpand_pattern_transp_0),
527     ROP2(cirrus_colorexpand_pattern_transp_src_and_dst),
528     ROP_NOP2(cirrus_bitblt_rop_nop),
529     ROP2(cirrus_colorexpand_pattern_transp_src_and_notdst),
530     ROP2(cirrus_colorexpand_pattern_transp_notdst),
531     ROP2(cirrus_colorexpand_pattern_transp_src),
532     ROP2(cirrus_colorexpand_pattern_transp_1),
533     ROP2(cirrus_colorexpand_pattern_transp_notsrc_and_dst),
534     ROP2(cirrus_colorexpand_pattern_transp_src_xor_dst),
535     ROP2(cirrus_colorexpand_pattern_transp_src_or_dst),
536     ROP2(cirrus_colorexpand_pattern_transp_notsrc_or_notdst),
537     ROP2(cirrus_colorexpand_pattern_transp_src_notxor_dst),
538     ROP2(cirrus_colorexpand_pattern_transp_src_or_notdst),
539     ROP2(cirrus_colorexpand_pattern_transp_notsrc),
540     ROP2(cirrus_colorexpand_pattern_transp_notsrc_or_dst),
541     ROP2(cirrus_colorexpand_pattern_transp_notsrc_and_notdst),
542 };
543 
544 static const cirrus_bitblt_rop_t cirrus_colorexpand_pattern[16][4] = {
545     ROP2(cirrus_colorexpand_pattern_0),
546     ROP2(cirrus_colorexpand_pattern_src_and_dst),
547     ROP_NOP2(cirrus_bitblt_rop_nop),
548     ROP2(cirrus_colorexpand_pattern_src_and_notdst),
549     ROP2(cirrus_colorexpand_pattern_notdst),
550     ROP2(cirrus_colorexpand_pattern_src),
551     ROP2(cirrus_colorexpand_pattern_1),
552     ROP2(cirrus_colorexpand_pattern_notsrc_and_dst),
553     ROP2(cirrus_colorexpand_pattern_src_xor_dst),
554     ROP2(cirrus_colorexpand_pattern_src_or_dst),
555     ROP2(cirrus_colorexpand_pattern_notsrc_or_notdst),
556     ROP2(cirrus_colorexpand_pattern_src_notxor_dst),
557     ROP2(cirrus_colorexpand_pattern_src_or_notdst),
558     ROP2(cirrus_colorexpand_pattern_notsrc),
559     ROP2(cirrus_colorexpand_pattern_notsrc_or_dst),
560     ROP2(cirrus_colorexpand_pattern_notsrc_and_notdst),
561 };
562 
563 static const cirrus_fill_t cirrus_fill[16][4] = {
564     ROP2(cirrus_fill_0),
565     ROP2(cirrus_fill_src_and_dst),
566     ROP_NOP2(cirrus_bitblt_fill_nop),
567     ROP2(cirrus_fill_src_and_notdst),
568     ROP2(cirrus_fill_notdst),
569     ROP2(cirrus_fill_src),
570     ROP2(cirrus_fill_1),
571     ROP2(cirrus_fill_notsrc_and_dst),
572     ROP2(cirrus_fill_src_xor_dst),
573     ROP2(cirrus_fill_src_or_dst),
574     ROP2(cirrus_fill_notsrc_or_notdst),
575     ROP2(cirrus_fill_src_notxor_dst),
576     ROP2(cirrus_fill_src_or_notdst),
577     ROP2(cirrus_fill_notsrc),
578     ROP2(cirrus_fill_notsrc_or_dst),
579     ROP2(cirrus_fill_notsrc_and_notdst),
580 };
581 
582 static inline void cirrus_bitblt_fgcol(CirrusVGAState *s)
583 {
584     unsigned int color;
585     switch (s->cirrus_blt_pixelwidth) {
586     case 1:
587         s->cirrus_blt_fgcol = s->cirrus_shadow_gr1;
588         break;
589     case 2:
590         color = s->cirrus_shadow_gr1 | (s->vga.gr[0x11] << 8);
591         s->cirrus_blt_fgcol = le16_to_cpu(color);
592         break;
593     case 3:
594         s->cirrus_blt_fgcol = s->cirrus_shadow_gr1 |
595             (s->vga.gr[0x11] << 8) | (s->vga.gr[0x13] << 16);
596         break;
597     default:
598     case 4:
599         color = s->cirrus_shadow_gr1 | (s->vga.gr[0x11] << 8) |
600             (s->vga.gr[0x13] << 16) | (s->vga.gr[0x15] << 24);
601         s->cirrus_blt_fgcol = le32_to_cpu(color);
602         break;
603     }
604 }
605 
606 static inline void cirrus_bitblt_bgcol(CirrusVGAState *s)
607 {
608     unsigned int color;
609     switch (s->cirrus_blt_pixelwidth) {
610     case 1:
611         s->cirrus_blt_bgcol = s->cirrus_shadow_gr0;
612         break;
613     case 2:
614         color = s->cirrus_shadow_gr0 | (s->vga.gr[0x10] << 8);
615         s->cirrus_blt_bgcol = le16_to_cpu(color);
616         break;
617     case 3:
618         s->cirrus_blt_bgcol = s->cirrus_shadow_gr0 |
619             (s->vga.gr[0x10] << 8) | (s->vga.gr[0x12] << 16);
620         break;
621     default:
622     case 4:
623         color = s->cirrus_shadow_gr0 | (s->vga.gr[0x10] << 8) |
624             (s->vga.gr[0x12] << 16) | (s->vga.gr[0x14] << 24);
625         s->cirrus_blt_bgcol = le32_to_cpu(color);
626         break;
627     }
628 }
629 
630 static void cirrus_invalidate_region(CirrusVGAState * s, int off_begin,
631 				     int off_pitch, int bytesperline,
632 				     int lines)
633 {
634     int y;
635     int off_cur;
636     int off_cur_end;
637 
638     if (off_pitch < 0) {
639         off_begin -= bytesperline - 1;
640     }
641 
642     for (y = 0; y < lines; y++) {
643         off_cur = off_begin;
644         off_cur_end = ((off_cur + bytesperline - 1) & s->cirrus_addr_mask) + 1;
645         assert(off_cur_end >= off_cur);
646         memory_region_set_dirty(&s->vga.vram, off_cur, off_cur_end - off_cur);
647         off_begin += off_pitch;
648     }
649 }
650 
651 static int cirrus_bitblt_common_patterncopy(CirrusVGAState *s)
652 {
653     uint32_t patternsize;
654     bool videosrc = !s->cirrus_srccounter;
655 
656     if (videosrc) {
657         switch (s->vga.get_bpp(&s->vga)) {
658         case 8:
659             patternsize = 64;
660             break;
661         case 15:
662         case 16:
663             patternsize = 128;
664             break;
665         case 24:
666         case 32:
667         default:
668             patternsize = 256;
669             break;
670         }
671         s->cirrus_blt_srcaddr &= ~(patternsize - 1);
672         if (s->cirrus_blt_srcaddr + patternsize > s->vga.vram_size) {
673             return 0;
674         }
675     }
676 
677     if (blit_is_unsafe(s, true)) {
678         return 0;
679     }
680 
681     (*s->cirrus_rop) (s, s->cirrus_blt_dstaddr,
682                       videosrc ? s->cirrus_blt_srcaddr : 0,
683                       s->cirrus_blt_dstpitch, 0,
684                       s->cirrus_blt_width, s->cirrus_blt_height);
685     cirrus_invalidate_region(s, s->cirrus_blt_dstaddr,
686                              s->cirrus_blt_dstpitch, s->cirrus_blt_width,
687                              s->cirrus_blt_height);
688     return 1;
689 }
690 
691 /* fill */
692 
693 static int cirrus_bitblt_solidfill(CirrusVGAState *s, int blt_rop)
694 {
695     cirrus_fill_t rop_func;
696 
697     if (blit_is_unsafe(s, true)) {
698         return 0;
699     }
700     rop_func = cirrus_fill[rop_to_index[blt_rop]][s->cirrus_blt_pixelwidth - 1];
701     rop_func(s, s->cirrus_blt_dstaddr,
702              s->cirrus_blt_dstpitch,
703              s->cirrus_blt_width, s->cirrus_blt_height);
704     cirrus_invalidate_region(s, s->cirrus_blt_dstaddr,
705 			     s->cirrus_blt_dstpitch, s->cirrus_blt_width,
706 			     s->cirrus_blt_height);
707     cirrus_bitblt_reset(s);
708     return 1;
709 }
710 
711 /***************************************
712  *
713  *  bitblt (video-to-video)
714  *
715  ***************************************/
716 
717 static int cirrus_bitblt_videotovideo_patterncopy(CirrusVGAState * s)
718 {
719     return cirrus_bitblt_common_patterncopy(s);
720 }
721 
722 static int cirrus_do_copy(CirrusVGAState *s, int dst, int src, int w, int h)
723 {
724     int sx = 0, sy = 0;
725     int dx = 0, dy = 0;
726     int depth = 0;
727     int notify = 0;
728 
729     /* make sure to only copy if it's a plain copy ROP */
730     if (*s->cirrus_rop == cirrus_bitblt_rop_fwd_src ||
731         *s->cirrus_rop == cirrus_bitblt_rop_bkwd_src) {
732 
733         int width, height;
734 
735         depth = s->vga.get_bpp(&s->vga) / 8;
736         if (!depth) {
737             return 0;
738         }
739         s->vga.get_resolution(&s->vga, &width, &height);
740 
741         /* extra x, y */
742         sx = (src % ABS(s->cirrus_blt_srcpitch)) / depth;
743         sy = (src / ABS(s->cirrus_blt_srcpitch));
744         dx = (dst % ABS(s->cirrus_blt_dstpitch)) / depth;
745         dy = (dst / ABS(s->cirrus_blt_dstpitch));
746 
747         /* normalize width */
748         w /= depth;
749 
750         /* if we're doing a backward copy, we have to adjust
751            our x/y to be the upper left corner (instead of the lower
752            right corner) */
753         if (s->cirrus_blt_dstpitch < 0) {
754             sx -= (s->cirrus_blt_width / depth) - 1;
755             dx -= (s->cirrus_blt_width / depth) - 1;
756             sy -= s->cirrus_blt_height - 1;
757             dy -= s->cirrus_blt_height - 1;
758         }
759 
760         /* are we in the visible portion of memory? */
761         if (sx >= 0 && sy >= 0 && dx >= 0 && dy >= 0 &&
762             (sx + w) <= width && (sy + h) <= height &&
763             (dx + w) <= width && (dy + h) <= height) {
764             notify = 1;
765         }
766     }
767 
768     (*s->cirrus_rop) (s, s->cirrus_blt_dstaddr,
769                       s->cirrus_blt_srcaddr,
770 		      s->cirrus_blt_dstpitch, s->cirrus_blt_srcpitch,
771 		      s->cirrus_blt_width, s->cirrus_blt_height);
772 
773     if (notify) {
774         dpy_gfx_update(s->vga.con, dx, dy,
775                        s->cirrus_blt_width / depth,
776                        s->cirrus_blt_height);
777     }
778 
779     /* we don't have to notify the display that this portion has
780        changed since qemu_console_copy implies this */
781 
782     cirrus_invalidate_region(s, s->cirrus_blt_dstaddr,
783 				s->cirrus_blt_dstpitch, s->cirrus_blt_width,
784 				s->cirrus_blt_height);
785 
786     return 1;
787 }
788 
789 static int cirrus_bitblt_videotovideo_copy(CirrusVGAState * s)
790 {
791     if (blit_is_unsafe(s, false))
792         return 0;
793 
794     return cirrus_do_copy(s, s->cirrus_blt_dstaddr - s->vga.start_addr,
795             s->cirrus_blt_srcaddr - s->vga.start_addr,
796             s->cirrus_blt_width, s->cirrus_blt_height);
797 }
798 
799 /***************************************
800  *
801  *  bitblt (cpu-to-video)
802  *
803  ***************************************/
804 
805 static void cirrus_bitblt_cputovideo_next(CirrusVGAState * s)
806 {
807     int copy_count;
808     uint8_t *end_ptr;
809 
810     if (s->cirrus_srccounter > 0) {
811         if (s->cirrus_blt_mode & CIRRUS_BLTMODE_PATTERNCOPY) {
812             cirrus_bitblt_common_patterncopy(s);
813         the_end:
814             s->cirrus_srccounter = 0;
815             cirrus_bitblt_reset(s);
816         } else {
817             /* at least one scan line */
818             do {
819                 (*s->cirrus_rop)(s, s->cirrus_blt_dstaddr,
820                                  0, 0, 0, s->cirrus_blt_width, 1);
821                 cirrus_invalidate_region(s, s->cirrus_blt_dstaddr, 0,
822                                          s->cirrus_blt_width, 1);
823                 s->cirrus_blt_dstaddr += s->cirrus_blt_dstpitch;
824                 s->cirrus_srccounter -= s->cirrus_blt_srcpitch;
825                 if (s->cirrus_srccounter <= 0)
826                     goto the_end;
827                 /* more bytes than needed can be transferred because of
828                    word alignment, so we keep them for the next line */
829                 /* XXX: keep alignment to speed up transfer */
830                 end_ptr = s->cirrus_bltbuf + s->cirrus_blt_srcpitch;
831                 copy_count = s->cirrus_srcptr_end - end_ptr;
832                 memmove(s->cirrus_bltbuf, end_ptr, copy_count);
833                 s->cirrus_srcptr = s->cirrus_bltbuf + copy_count;
834                 s->cirrus_srcptr_end = s->cirrus_bltbuf + s->cirrus_blt_srcpitch;
835             } while (s->cirrus_srcptr >= s->cirrus_srcptr_end);
836         }
837     }
838 }
839 
840 /***************************************
841  *
842  *  bitblt wrapper
843  *
844  ***************************************/
845 
846 static void cirrus_bitblt_reset(CirrusVGAState * s)
847 {
848     int need_update;
849 
850     s->vga.gr[0x31] &=
851 	~(CIRRUS_BLT_START | CIRRUS_BLT_BUSY | CIRRUS_BLT_FIFOUSED);
852     need_update = s->cirrus_srcptr != &s->cirrus_bltbuf[0]
853         || s->cirrus_srcptr_end != &s->cirrus_bltbuf[0];
854     s->cirrus_srcptr = &s->cirrus_bltbuf[0];
855     s->cirrus_srcptr_end = &s->cirrus_bltbuf[0];
856     s->cirrus_srccounter = 0;
857     if (!need_update)
858         return;
859     cirrus_update_memory_access(s);
860 }
861 
862 static int cirrus_bitblt_cputovideo(CirrusVGAState * s)
863 {
864     int w;
865 
866     if (blit_is_unsafe(s, true)) {
867         return 0;
868     }
869 
870     s->cirrus_blt_mode &= ~CIRRUS_BLTMODE_MEMSYSSRC;
871     s->cirrus_srcptr = &s->cirrus_bltbuf[0];
872     s->cirrus_srcptr_end = &s->cirrus_bltbuf[0];
873 
874     if (s->cirrus_blt_mode & CIRRUS_BLTMODE_PATTERNCOPY) {
875 	if (s->cirrus_blt_mode & CIRRUS_BLTMODE_COLOREXPAND) {
876 	    s->cirrus_blt_srcpitch = 8;
877 	} else {
878             /* XXX: check for 24 bpp */
879 	    s->cirrus_blt_srcpitch = 8 * 8 * s->cirrus_blt_pixelwidth;
880 	}
881 	s->cirrus_srccounter = s->cirrus_blt_srcpitch;
882     } else {
883 	if (s->cirrus_blt_mode & CIRRUS_BLTMODE_COLOREXPAND) {
884             w = s->cirrus_blt_width / s->cirrus_blt_pixelwidth;
885             if (s->cirrus_blt_modeext & CIRRUS_BLTMODEEXT_DWORDGRANULARITY)
886                 s->cirrus_blt_srcpitch = ((w + 31) >> 5);
887             else
888                 s->cirrus_blt_srcpitch = ((w + 7) >> 3);
889 	} else {
890             /* always align input size to 32 bits */
891 	    s->cirrus_blt_srcpitch = (s->cirrus_blt_width + 3) & ~3;
892 	}
893         s->cirrus_srccounter = s->cirrus_blt_srcpitch * s->cirrus_blt_height;
894     }
895 
896     /* the blit_is_unsafe call above should catch this */
897     assert(s->cirrus_blt_srcpitch <= CIRRUS_BLTBUFSIZE);
898 
899     s->cirrus_srcptr = s->cirrus_bltbuf;
900     s->cirrus_srcptr_end = s->cirrus_bltbuf + s->cirrus_blt_srcpitch;
901     cirrus_update_memory_access(s);
902     return 1;
903 }
904 
905 static int cirrus_bitblt_videotocpu(CirrusVGAState * s)
906 {
907     /* XXX */
908 #ifdef DEBUG_BITBLT
909     printf("cirrus: bitblt (video to cpu) is not implemented yet\n");
910 #endif
911     return 0;
912 }
913 
914 static int cirrus_bitblt_videotovideo(CirrusVGAState * s)
915 {
916     int ret;
917 
918     if (s->cirrus_blt_mode & CIRRUS_BLTMODE_PATTERNCOPY) {
919 	ret = cirrus_bitblt_videotovideo_patterncopy(s);
920     } else {
921 	ret = cirrus_bitblt_videotovideo_copy(s);
922     }
923     if (ret)
924 	cirrus_bitblt_reset(s);
925     return ret;
926 }
927 
928 static void cirrus_bitblt_start(CirrusVGAState * s)
929 {
930     uint8_t blt_rop;
931 
932     if (!s->enable_blitter) {
933         goto bitblt_ignore;
934     }
935 
936     s->vga.gr[0x31] |= CIRRUS_BLT_BUSY;
937 
938     s->cirrus_blt_width = (s->vga.gr[0x20] | (s->vga.gr[0x21] << 8)) + 1;
939     s->cirrus_blt_height = (s->vga.gr[0x22] | (s->vga.gr[0x23] << 8)) + 1;
940     s->cirrus_blt_dstpitch = (s->vga.gr[0x24] | (s->vga.gr[0x25] << 8));
941     s->cirrus_blt_srcpitch = (s->vga.gr[0x26] | (s->vga.gr[0x27] << 8));
942     s->cirrus_blt_dstaddr =
943 	(s->vga.gr[0x28] | (s->vga.gr[0x29] << 8) | (s->vga.gr[0x2a] << 16));
944     s->cirrus_blt_srcaddr =
945 	(s->vga.gr[0x2c] | (s->vga.gr[0x2d] << 8) | (s->vga.gr[0x2e] << 16));
946     s->cirrus_blt_mode = s->vga.gr[0x30];
947     s->cirrus_blt_modeext = s->vga.gr[0x33];
948     blt_rop = s->vga.gr[0x32];
949 
950     s->cirrus_blt_dstaddr &= s->cirrus_addr_mask;
951     s->cirrus_blt_srcaddr &= s->cirrus_addr_mask;
952 
953 #ifdef DEBUG_BITBLT
954     printf("rop=0x%02x mode=0x%02x modeext=0x%02x w=%d h=%d dpitch=%d spitch=%d daddr=0x%08x saddr=0x%08x writemask=0x%02x\n",
955            blt_rop,
956            s->cirrus_blt_mode,
957            s->cirrus_blt_modeext,
958            s->cirrus_blt_width,
959            s->cirrus_blt_height,
960            s->cirrus_blt_dstpitch,
961            s->cirrus_blt_srcpitch,
962            s->cirrus_blt_dstaddr,
963            s->cirrus_blt_srcaddr,
964            s->vga.gr[0x2f]);
965 #endif
966 
967     switch (s->cirrus_blt_mode & CIRRUS_BLTMODE_PIXELWIDTHMASK) {
968     case CIRRUS_BLTMODE_PIXELWIDTH8:
969 	s->cirrus_blt_pixelwidth = 1;
970 	break;
971     case CIRRUS_BLTMODE_PIXELWIDTH16:
972 	s->cirrus_blt_pixelwidth = 2;
973 	break;
974     case CIRRUS_BLTMODE_PIXELWIDTH24:
975 	s->cirrus_blt_pixelwidth = 3;
976 	break;
977     case CIRRUS_BLTMODE_PIXELWIDTH32:
978 	s->cirrus_blt_pixelwidth = 4;
979 	break;
980     default:
981 #ifdef DEBUG_BITBLT
982 	printf("cirrus: bitblt - pixel width is unknown\n");
983 #endif
984 	goto bitblt_ignore;
985     }
986     s->cirrus_blt_mode &= ~CIRRUS_BLTMODE_PIXELWIDTHMASK;
987 
988     if ((s->
989 	 cirrus_blt_mode & (CIRRUS_BLTMODE_MEMSYSSRC |
990 			    CIRRUS_BLTMODE_MEMSYSDEST))
991 	== (CIRRUS_BLTMODE_MEMSYSSRC | CIRRUS_BLTMODE_MEMSYSDEST)) {
992 #ifdef DEBUG_BITBLT
993 	printf("cirrus: bitblt - memory-to-memory copy is requested\n");
994 #endif
995 	goto bitblt_ignore;
996     }
997 
998     if ((s->cirrus_blt_modeext & CIRRUS_BLTMODEEXT_SOLIDFILL) &&
999         (s->cirrus_blt_mode & (CIRRUS_BLTMODE_MEMSYSDEST |
1000                                CIRRUS_BLTMODE_TRANSPARENTCOMP |
1001                                CIRRUS_BLTMODE_PATTERNCOPY |
1002                                CIRRUS_BLTMODE_COLOREXPAND)) ==
1003          (CIRRUS_BLTMODE_PATTERNCOPY | CIRRUS_BLTMODE_COLOREXPAND)) {
1004         cirrus_bitblt_fgcol(s);
1005         cirrus_bitblt_solidfill(s, blt_rop);
1006     } else {
1007         if ((s->cirrus_blt_mode & (CIRRUS_BLTMODE_COLOREXPAND |
1008                                    CIRRUS_BLTMODE_PATTERNCOPY)) ==
1009             CIRRUS_BLTMODE_COLOREXPAND) {
1010 
1011             if (s->cirrus_blt_mode & CIRRUS_BLTMODE_TRANSPARENTCOMP) {
1012                 if (s->cirrus_blt_modeext & CIRRUS_BLTMODEEXT_COLOREXPINV)
1013                     cirrus_bitblt_bgcol(s);
1014                 else
1015                     cirrus_bitblt_fgcol(s);
1016                 s->cirrus_rop = cirrus_colorexpand_transp[rop_to_index[blt_rop]][s->cirrus_blt_pixelwidth - 1];
1017             } else {
1018                 cirrus_bitblt_fgcol(s);
1019                 cirrus_bitblt_bgcol(s);
1020                 s->cirrus_rop = cirrus_colorexpand[rop_to_index[blt_rop]][s->cirrus_blt_pixelwidth - 1];
1021             }
1022         } else if (s->cirrus_blt_mode & CIRRUS_BLTMODE_PATTERNCOPY) {
1023             if (s->cirrus_blt_mode & CIRRUS_BLTMODE_COLOREXPAND) {
1024                 if (s->cirrus_blt_mode & CIRRUS_BLTMODE_TRANSPARENTCOMP) {
1025                     if (s->cirrus_blt_modeext & CIRRUS_BLTMODEEXT_COLOREXPINV)
1026                         cirrus_bitblt_bgcol(s);
1027                     else
1028                         cirrus_bitblt_fgcol(s);
1029                     s->cirrus_rop = cirrus_colorexpand_pattern_transp[rop_to_index[blt_rop]][s->cirrus_blt_pixelwidth - 1];
1030                 } else {
1031                     cirrus_bitblt_fgcol(s);
1032                     cirrus_bitblt_bgcol(s);
1033                     s->cirrus_rop = cirrus_colorexpand_pattern[rop_to_index[blt_rop]][s->cirrus_blt_pixelwidth - 1];
1034                 }
1035             } else {
1036                 s->cirrus_rop = cirrus_patternfill[rop_to_index[blt_rop]][s->cirrus_blt_pixelwidth - 1];
1037             }
1038         } else {
1039 	    if (s->cirrus_blt_mode & CIRRUS_BLTMODE_TRANSPARENTCOMP) {
1040 		if (s->cirrus_blt_pixelwidth > 2) {
1041 		    printf("src transparent without colorexpand must be 8bpp or 16bpp\n");
1042 		    goto bitblt_ignore;
1043 		}
1044 		if (s->cirrus_blt_mode & CIRRUS_BLTMODE_BACKWARDS) {
1045 		    s->cirrus_blt_dstpitch = -s->cirrus_blt_dstpitch;
1046 		    s->cirrus_blt_srcpitch = -s->cirrus_blt_srcpitch;
1047 		    s->cirrus_rop = cirrus_bkwd_transp_rop[rop_to_index[blt_rop]][s->cirrus_blt_pixelwidth - 1];
1048 		} else {
1049 		    s->cirrus_rop = cirrus_fwd_transp_rop[rop_to_index[blt_rop]][s->cirrus_blt_pixelwidth - 1];
1050 		}
1051 	    } else {
1052 		if (s->cirrus_blt_mode & CIRRUS_BLTMODE_BACKWARDS) {
1053 		    s->cirrus_blt_dstpitch = -s->cirrus_blt_dstpitch;
1054 		    s->cirrus_blt_srcpitch = -s->cirrus_blt_srcpitch;
1055 		    s->cirrus_rop = cirrus_bkwd_rop[rop_to_index[blt_rop]];
1056 		} else {
1057 		    s->cirrus_rop = cirrus_fwd_rop[rop_to_index[blt_rop]];
1058 		}
1059 	    }
1060 	}
1061         // setup bitblt engine.
1062         if (s->cirrus_blt_mode & CIRRUS_BLTMODE_MEMSYSSRC) {
1063             if (!cirrus_bitblt_cputovideo(s))
1064                 goto bitblt_ignore;
1065         } else if (s->cirrus_blt_mode & CIRRUS_BLTMODE_MEMSYSDEST) {
1066             if (!cirrus_bitblt_videotocpu(s))
1067                 goto bitblt_ignore;
1068         } else {
1069             if (!cirrus_bitblt_videotovideo(s))
1070                 goto bitblt_ignore;
1071         }
1072     }
1073     return;
1074   bitblt_ignore:;
1075     cirrus_bitblt_reset(s);
1076 }
1077 
1078 static void cirrus_write_bitblt(CirrusVGAState * s, unsigned reg_value)
1079 {
1080     unsigned old_value;
1081 
1082     old_value = s->vga.gr[0x31];
1083     s->vga.gr[0x31] = reg_value;
1084 
1085     if (((old_value & CIRRUS_BLT_RESET) != 0) &&
1086 	((reg_value & CIRRUS_BLT_RESET) == 0)) {
1087 	cirrus_bitblt_reset(s);
1088     } else if (((old_value & CIRRUS_BLT_START) == 0) &&
1089 	       ((reg_value & CIRRUS_BLT_START) != 0)) {
1090 	cirrus_bitblt_start(s);
1091     }
1092 }
1093 
1094 
1095 /***************************************
1096  *
1097  *  basic parameters
1098  *
1099  ***************************************/
1100 
1101 static void cirrus_get_offsets(VGACommonState *s1,
1102                                uint32_t *pline_offset,
1103                                uint32_t *pstart_addr,
1104                                uint32_t *pline_compare)
1105 {
1106     CirrusVGAState * s = container_of(s1, CirrusVGAState, vga);
1107     uint32_t start_addr, line_offset, line_compare;
1108 
1109     line_offset = s->vga.cr[0x13]
1110 	| ((s->vga.cr[0x1b] & 0x10) << 4);
1111     line_offset <<= 3;
1112     *pline_offset = line_offset;
1113 
1114     start_addr = (s->vga.cr[0x0c] << 8)
1115 	| s->vga.cr[0x0d]
1116 	| ((s->vga.cr[0x1b] & 0x01) << 16)
1117 	| ((s->vga.cr[0x1b] & 0x0c) << 15)
1118 	| ((s->vga.cr[0x1d] & 0x80) << 12);
1119     *pstart_addr = start_addr;
1120 
1121     line_compare = s->vga.cr[0x18] |
1122         ((s->vga.cr[0x07] & 0x10) << 4) |
1123         ((s->vga.cr[0x09] & 0x40) << 3);
1124     *pline_compare = line_compare;
1125 }
1126 
1127 static uint32_t cirrus_get_bpp16_depth(CirrusVGAState * s)
1128 {
1129     uint32_t ret = 16;
1130 
1131     switch (s->cirrus_hidden_dac_data & 0xf) {
1132     case 0:
1133 	ret = 15;
1134 	break;			/* Sierra HiColor */
1135     case 1:
1136 	ret = 16;
1137 	break;			/* XGA HiColor */
1138     default:
1139 #ifdef DEBUG_CIRRUS
1140 	printf("cirrus: invalid DAC value %x in 16bpp\n",
1141 	       (s->cirrus_hidden_dac_data & 0xf));
1142 #endif
1143 	ret = 15;		/* XXX */
1144 	break;
1145     }
1146     return ret;
1147 }
1148 
1149 static int cirrus_get_bpp(VGACommonState *s1)
1150 {
1151     CirrusVGAState * s = container_of(s1, CirrusVGAState, vga);
1152     uint32_t ret = 8;
1153 
1154     if ((s->vga.sr[0x07] & 0x01) != 0) {
1155 	/* Cirrus SVGA */
1156 	switch (s->vga.sr[0x07] & CIRRUS_SR7_BPP_MASK) {
1157 	case CIRRUS_SR7_BPP_8:
1158 	    ret = 8;
1159 	    break;
1160 	case CIRRUS_SR7_BPP_16_DOUBLEVCLK:
1161 	    ret = cirrus_get_bpp16_depth(s);
1162 	    break;
1163 	case CIRRUS_SR7_BPP_24:
1164 	    ret = 24;
1165 	    break;
1166 	case CIRRUS_SR7_BPP_16:
1167 	    ret = cirrus_get_bpp16_depth(s);
1168 	    break;
1169 	case CIRRUS_SR7_BPP_32:
1170 	    ret = 32;
1171 	    break;
1172 	default:
1173 #ifdef DEBUG_CIRRUS
1174 	    printf("cirrus: unknown bpp - sr7=%x\n", s->vga.sr[0x7]);
1175 #endif
1176 	    ret = 8;
1177 	    break;
1178 	}
1179     } else {
1180 	/* VGA */
1181 	ret = 0;
1182     }
1183 
1184     return ret;
1185 }
1186 
1187 static void cirrus_get_resolution(VGACommonState *s, int *pwidth, int *pheight)
1188 {
1189     int width, height;
1190 
1191     width = (s->cr[0x01] + 1) * 8;
1192     height = s->cr[0x12] |
1193         ((s->cr[0x07] & 0x02) << 7) |
1194         ((s->cr[0x07] & 0x40) << 3);
1195     height = (height + 1);
1196     /* interlace support */
1197     if (s->cr[0x1a] & 0x01)
1198         height = height * 2;
1199     *pwidth = width;
1200     *pheight = height;
1201 }
1202 
1203 /***************************************
1204  *
1205  * bank memory
1206  *
1207  ***************************************/
1208 
1209 static void cirrus_update_bank_ptr(CirrusVGAState * s, unsigned bank_index)
1210 {
1211     unsigned offset;
1212     unsigned limit;
1213 
1214     if ((s->vga.gr[0x0b] & 0x01) != 0)	/* dual bank */
1215 	offset = s->vga.gr[0x09 + bank_index];
1216     else			/* single bank */
1217 	offset = s->vga.gr[0x09];
1218 
1219     if ((s->vga.gr[0x0b] & 0x20) != 0)
1220 	offset <<= 14;
1221     else
1222 	offset <<= 12;
1223 
1224     if (s->real_vram_size <= offset)
1225 	limit = 0;
1226     else
1227 	limit = s->real_vram_size - offset;
1228 
1229     if (((s->vga.gr[0x0b] & 0x01) == 0) && (bank_index != 0)) {
1230 	if (limit > 0x8000) {
1231 	    offset += 0x8000;
1232 	    limit -= 0x8000;
1233 	} else {
1234 	    limit = 0;
1235 	}
1236     }
1237 
1238     if (limit > 0) {
1239 	s->cirrus_bank_base[bank_index] = offset;
1240 	s->cirrus_bank_limit[bank_index] = limit;
1241     } else {
1242 	s->cirrus_bank_base[bank_index] = 0;
1243 	s->cirrus_bank_limit[bank_index] = 0;
1244     }
1245 }
1246 
1247 /***************************************
1248  *
1249  *  I/O access between 0x3c4-0x3c5
1250  *
1251  ***************************************/
1252 
1253 static int cirrus_vga_read_sr(CirrusVGAState * s)
1254 {
1255     switch (s->vga.sr_index) {
1256     case 0x00:			// Standard VGA
1257     case 0x01:			// Standard VGA
1258     case 0x02:			// Standard VGA
1259     case 0x03:			// Standard VGA
1260     case 0x04:			// Standard VGA
1261 	return s->vga.sr[s->vga.sr_index];
1262     case 0x06:			// Unlock Cirrus extensions
1263 	return s->vga.sr[s->vga.sr_index];
1264     case 0x10:
1265     case 0x30:
1266     case 0x50:
1267     case 0x70:			// Graphics Cursor X
1268     case 0x90:
1269     case 0xb0:
1270     case 0xd0:
1271     case 0xf0:			// Graphics Cursor X
1272 	return s->vga.sr[0x10];
1273     case 0x11:
1274     case 0x31:
1275     case 0x51:
1276     case 0x71:			// Graphics Cursor Y
1277     case 0x91:
1278     case 0xb1:
1279     case 0xd1:
1280     case 0xf1:			// Graphics Cursor Y
1281 	return s->vga.sr[0x11];
1282     case 0x05:			// ???
1283     case 0x07:			// Extended Sequencer Mode
1284     case 0x08:			// EEPROM Control
1285     case 0x09:			// Scratch Register 0
1286     case 0x0a:			// Scratch Register 1
1287     case 0x0b:			// VCLK 0
1288     case 0x0c:			// VCLK 1
1289     case 0x0d:			// VCLK 2
1290     case 0x0e:			// VCLK 3
1291     case 0x0f:			// DRAM Control
1292     case 0x12:			// Graphics Cursor Attribute
1293     case 0x13:			// Graphics Cursor Pattern Address
1294     case 0x14:			// Scratch Register 2
1295     case 0x15:			// Scratch Register 3
1296     case 0x16:			// Performance Tuning Register
1297     case 0x17:			// Configuration Readback and Extended Control
1298     case 0x18:			// Signature Generator Control
1299     case 0x19:			// Signal Generator Result
1300     case 0x1a:			// Signal Generator Result
1301     case 0x1b:			// VCLK 0 Denominator & Post
1302     case 0x1c:			// VCLK 1 Denominator & Post
1303     case 0x1d:			// VCLK 2 Denominator & Post
1304     case 0x1e:			// VCLK 3 Denominator & Post
1305     case 0x1f:			// BIOS Write Enable and MCLK select
1306 #ifdef DEBUG_CIRRUS
1307 	printf("cirrus: handled inport sr_index %02x\n", s->vga.sr_index);
1308 #endif
1309 	return s->vga.sr[s->vga.sr_index];
1310     default:
1311 #ifdef DEBUG_CIRRUS
1312 	printf("cirrus: inport sr_index %02x\n", s->vga.sr_index);
1313 #endif
1314 	return 0xff;
1315 	break;
1316     }
1317 }
1318 
1319 static void cirrus_vga_write_sr(CirrusVGAState * s, uint32_t val)
1320 {
1321     switch (s->vga.sr_index) {
1322     case 0x00:			// Standard VGA
1323     case 0x01:			// Standard VGA
1324     case 0x02:			// Standard VGA
1325     case 0x03:			// Standard VGA
1326     case 0x04:			// Standard VGA
1327 	s->vga.sr[s->vga.sr_index] = val & sr_mask[s->vga.sr_index];
1328 	if (s->vga.sr_index == 1)
1329             s->vga.update_retrace_info(&s->vga);
1330         break;
1331     case 0x06:			// Unlock Cirrus extensions
1332 	val &= 0x17;
1333 	if (val == 0x12) {
1334 	    s->vga.sr[s->vga.sr_index] = 0x12;
1335 	} else {
1336 	    s->vga.sr[s->vga.sr_index] = 0x0f;
1337 	}
1338 	break;
1339     case 0x10:
1340     case 0x30:
1341     case 0x50:
1342     case 0x70:			// Graphics Cursor X
1343     case 0x90:
1344     case 0xb0:
1345     case 0xd0:
1346     case 0xf0:			// Graphics Cursor X
1347 	s->vga.sr[0x10] = val;
1348         s->vga.hw_cursor_x = (val << 3) | (s->vga.sr_index >> 5);
1349 	break;
1350     case 0x11:
1351     case 0x31:
1352     case 0x51:
1353     case 0x71:			// Graphics Cursor Y
1354     case 0x91:
1355     case 0xb1:
1356     case 0xd1:
1357     case 0xf1:			// Graphics Cursor Y
1358 	s->vga.sr[0x11] = val;
1359         s->vga.hw_cursor_y = (val << 3) | (s->vga.sr_index >> 5);
1360 	break;
1361     case 0x07:			// Extended Sequencer Mode
1362         cirrus_update_memory_access(s);
1363         /* fall through */
1364     case 0x08:			// EEPROM Control
1365     case 0x09:			// Scratch Register 0
1366     case 0x0a:			// Scratch Register 1
1367     case 0x0b:			// VCLK 0
1368     case 0x0c:			// VCLK 1
1369     case 0x0d:			// VCLK 2
1370     case 0x0e:			// VCLK 3
1371     case 0x0f:			// DRAM Control
1372     case 0x13:			// Graphics Cursor Pattern Address
1373     case 0x14:			// Scratch Register 2
1374     case 0x15:			// Scratch Register 3
1375     case 0x16:			// Performance Tuning Register
1376     case 0x18:			// Signature Generator Control
1377     case 0x19:			// Signature Generator Result
1378     case 0x1a:			// Signature Generator Result
1379     case 0x1b:			// VCLK 0 Denominator & Post
1380     case 0x1c:			// VCLK 1 Denominator & Post
1381     case 0x1d:			// VCLK 2 Denominator & Post
1382     case 0x1e:			// VCLK 3 Denominator & Post
1383     case 0x1f:			// BIOS Write Enable and MCLK select
1384 	s->vga.sr[s->vga.sr_index] = val;
1385 #ifdef DEBUG_CIRRUS
1386 	printf("cirrus: handled outport sr_index %02x, sr_value %02x\n",
1387 	       s->vga.sr_index, val);
1388 #endif
1389 	break;
1390     case 0x12:			// Graphics Cursor Attribute
1391 	s->vga.sr[0x12] = val;
1392         s->vga.force_shadow = !!(val & CIRRUS_CURSOR_SHOW);
1393 #ifdef DEBUG_CIRRUS
1394         printf("cirrus: cursor ctl SR12=%02x (force shadow: %d)\n",
1395                val, s->vga.force_shadow);
1396 #endif
1397         break;
1398     case 0x17:			// Configuration Readback and Extended Control
1399 	s->vga.sr[s->vga.sr_index] = (s->vga.sr[s->vga.sr_index] & 0x38)
1400                                    | (val & 0xc7);
1401         cirrus_update_memory_access(s);
1402         break;
1403     default:
1404 #ifdef DEBUG_CIRRUS
1405 	printf("cirrus: outport sr_index %02x, sr_value %02x\n",
1406                s->vga.sr_index, val);
1407 #endif
1408 	break;
1409     }
1410 }
1411 
1412 /***************************************
1413  *
1414  *  I/O access at 0x3c6
1415  *
1416  ***************************************/
1417 
1418 static int cirrus_read_hidden_dac(CirrusVGAState * s)
1419 {
1420     if (++s->cirrus_hidden_dac_lockindex == 5) {
1421         s->cirrus_hidden_dac_lockindex = 0;
1422         return s->cirrus_hidden_dac_data;
1423     }
1424     return 0xff;
1425 }
1426 
1427 static void cirrus_write_hidden_dac(CirrusVGAState * s, int reg_value)
1428 {
1429     if (s->cirrus_hidden_dac_lockindex == 4) {
1430 	s->cirrus_hidden_dac_data = reg_value;
1431 #if defined(DEBUG_CIRRUS)
1432 	printf("cirrus: outport hidden DAC, value %02x\n", reg_value);
1433 #endif
1434     }
1435     s->cirrus_hidden_dac_lockindex = 0;
1436 }
1437 
1438 /***************************************
1439  *
1440  *  I/O access at 0x3c9
1441  *
1442  ***************************************/
1443 
1444 static int cirrus_vga_read_palette(CirrusVGAState * s)
1445 {
1446     int val;
1447 
1448     if ((s->vga.sr[0x12] & CIRRUS_CURSOR_HIDDENPEL)) {
1449         val = s->cirrus_hidden_palette[(s->vga.dac_read_index & 0x0f) * 3 +
1450                                        s->vga.dac_sub_index];
1451     } else {
1452         val = s->vga.palette[s->vga.dac_read_index * 3 + s->vga.dac_sub_index];
1453     }
1454     if (++s->vga.dac_sub_index == 3) {
1455 	s->vga.dac_sub_index = 0;
1456 	s->vga.dac_read_index++;
1457     }
1458     return val;
1459 }
1460 
1461 static void cirrus_vga_write_palette(CirrusVGAState * s, int reg_value)
1462 {
1463     s->vga.dac_cache[s->vga.dac_sub_index] = reg_value;
1464     if (++s->vga.dac_sub_index == 3) {
1465         if ((s->vga.sr[0x12] & CIRRUS_CURSOR_HIDDENPEL)) {
1466             memcpy(&s->cirrus_hidden_palette[(s->vga.dac_write_index & 0x0f) * 3],
1467                    s->vga.dac_cache, 3);
1468         } else {
1469             memcpy(&s->vga.palette[s->vga.dac_write_index * 3], s->vga.dac_cache, 3);
1470         }
1471         /* XXX update cursor */
1472 	s->vga.dac_sub_index = 0;
1473 	s->vga.dac_write_index++;
1474     }
1475 }
1476 
1477 /***************************************
1478  *
1479  *  I/O access between 0x3ce-0x3cf
1480  *
1481  ***************************************/
1482 
1483 static int cirrus_vga_read_gr(CirrusVGAState * s, unsigned reg_index)
1484 {
1485     switch (reg_index) {
1486     case 0x00: // Standard VGA, BGCOLOR 0x000000ff
1487         return s->cirrus_shadow_gr0;
1488     case 0x01: // Standard VGA, FGCOLOR 0x000000ff
1489         return s->cirrus_shadow_gr1;
1490     case 0x02:			// Standard VGA
1491     case 0x03:			// Standard VGA
1492     case 0x04:			// Standard VGA
1493     case 0x06:			// Standard VGA
1494     case 0x07:			// Standard VGA
1495     case 0x08:			// Standard VGA
1496         return s->vga.gr[s->vga.gr_index];
1497     case 0x05:			// Standard VGA, Cirrus extended mode
1498     default:
1499 	break;
1500     }
1501 
1502     if (reg_index < 0x3a) {
1503 	return s->vga.gr[reg_index];
1504     } else {
1505 #ifdef DEBUG_CIRRUS
1506 	printf("cirrus: inport gr_index %02x\n", reg_index);
1507 #endif
1508 	return 0xff;
1509     }
1510 }
1511 
1512 static void
1513 cirrus_vga_write_gr(CirrusVGAState * s, unsigned reg_index, int reg_value)
1514 {
1515 #if defined(DEBUG_BITBLT) && 0
1516     printf("gr%02x: %02x\n", reg_index, reg_value);
1517 #endif
1518     switch (reg_index) {
1519     case 0x00:			// Standard VGA, BGCOLOR 0x000000ff
1520 	s->vga.gr[reg_index] = reg_value & gr_mask[reg_index];
1521 	s->cirrus_shadow_gr0 = reg_value;
1522 	break;
1523     case 0x01:			// Standard VGA, FGCOLOR 0x000000ff
1524 	s->vga.gr[reg_index] = reg_value & gr_mask[reg_index];
1525 	s->cirrus_shadow_gr1 = reg_value;
1526 	break;
1527     case 0x02:			// Standard VGA
1528     case 0x03:			// Standard VGA
1529     case 0x04:			// Standard VGA
1530     case 0x06:			// Standard VGA
1531     case 0x07:			// Standard VGA
1532     case 0x08:			// Standard VGA
1533 	s->vga.gr[reg_index] = reg_value & gr_mask[reg_index];
1534         break;
1535     case 0x05:			// Standard VGA, Cirrus extended mode
1536 	s->vga.gr[reg_index] = reg_value & 0x7f;
1537         cirrus_update_memory_access(s);
1538 	break;
1539     case 0x09:			// bank offset #0
1540     case 0x0A:			// bank offset #1
1541 	s->vga.gr[reg_index] = reg_value;
1542 	cirrus_update_bank_ptr(s, 0);
1543 	cirrus_update_bank_ptr(s, 1);
1544         cirrus_update_memory_access(s);
1545         break;
1546     case 0x0B:
1547 	s->vga.gr[reg_index] = reg_value;
1548 	cirrus_update_bank_ptr(s, 0);
1549 	cirrus_update_bank_ptr(s, 1);
1550         cirrus_update_memory_access(s);
1551 	break;
1552     case 0x10:			// BGCOLOR 0x0000ff00
1553     case 0x11:			// FGCOLOR 0x0000ff00
1554     case 0x12:			// BGCOLOR 0x00ff0000
1555     case 0x13:			// FGCOLOR 0x00ff0000
1556     case 0x14:			// BGCOLOR 0xff000000
1557     case 0x15:			// FGCOLOR 0xff000000
1558     case 0x20:			// BLT WIDTH 0x0000ff
1559     case 0x22:			// BLT HEIGHT 0x0000ff
1560     case 0x24:			// BLT DEST PITCH 0x0000ff
1561     case 0x26:			// BLT SRC PITCH 0x0000ff
1562     case 0x28:			// BLT DEST ADDR 0x0000ff
1563     case 0x29:			// BLT DEST ADDR 0x00ff00
1564     case 0x2c:			// BLT SRC ADDR 0x0000ff
1565     case 0x2d:			// BLT SRC ADDR 0x00ff00
1566     case 0x2f:                  // BLT WRITEMASK
1567     case 0x30:			// BLT MODE
1568     case 0x32:			// RASTER OP
1569     case 0x33:			// BLT MODEEXT
1570     case 0x34:			// BLT TRANSPARENT COLOR 0x00ff
1571     case 0x35:			// BLT TRANSPARENT COLOR 0xff00
1572     case 0x38:			// BLT TRANSPARENT COLOR MASK 0x00ff
1573     case 0x39:			// BLT TRANSPARENT COLOR MASK 0xff00
1574 	s->vga.gr[reg_index] = reg_value;
1575 	break;
1576     case 0x21:			// BLT WIDTH 0x001f00
1577     case 0x23:			// BLT HEIGHT 0x001f00
1578     case 0x25:			// BLT DEST PITCH 0x001f00
1579     case 0x27:			// BLT SRC PITCH 0x001f00
1580 	s->vga.gr[reg_index] = reg_value & 0x1f;
1581 	break;
1582     case 0x2a:			// BLT DEST ADDR 0x3f0000
1583 	s->vga.gr[reg_index] = reg_value & 0x3f;
1584         /* if auto start mode, starts bit blt now */
1585         if (s->vga.gr[0x31] & CIRRUS_BLT_AUTOSTART) {
1586             cirrus_bitblt_start(s);
1587         }
1588 	break;
1589     case 0x2e:			// BLT SRC ADDR 0x3f0000
1590 	s->vga.gr[reg_index] = reg_value & 0x3f;
1591 	break;
1592     case 0x31:			// BLT STATUS/START
1593 	cirrus_write_bitblt(s, reg_value);
1594 	break;
1595     default:
1596 #ifdef DEBUG_CIRRUS
1597 	printf("cirrus: outport gr_index %02x, gr_value %02x\n", reg_index,
1598 	       reg_value);
1599 #endif
1600 	break;
1601     }
1602 }
1603 
1604 /***************************************
1605  *
1606  *  I/O access between 0x3d4-0x3d5
1607  *
1608  ***************************************/
1609 
1610 static int cirrus_vga_read_cr(CirrusVGAState * s, unsigned reg_index)
1611 {
1612     switch (reg_index) {
1613     case 0x00:			// Standard VGA
1614     case 0x01:			// Standard VGA
1615     case 0x02:			// Standard VGA
1616     case 0x03:			// Standard VGA
1617     case 0x04:			// Standard VGA
1618     case 0x05:			// Standard VGA
1619     case 0x06:			// Standard VGA
1620     case 0x07:			// Standard VGA
1621     case 0x08:			// Standard VGA
1622     case 0x09:			// Standard VGA
1623     case 0x0a:			// Standard VGA
1624     case 0x0b:			// Standard VGA
1625     case 0x0c:			// Standard VGA
1626     case 0x0d:			// Standard VGA
1627     case 0x0e:			// Standard VGA
1628     case 0x0f:			// Standard VGA
1629     case 0x10:			// Standard VGA
1630     case 0x11:			// Standard VGA
1631     case 0x12:			// Standard VGA
1632     case 0x13:			// Standard VGA
1633     case 0x14:			// Standard VGA
1634     case 0x15:			// Standard VGA
1635     case 0x16:			// Standard VGA
1636     case 0x17:			// Standard VGA
1637     case 0x18:			// Standard VGA
1638 	return s->vga.cr[s->vga.cr_index];
1639     case 0x24:			// Attribute Controller Toggle Readback (R)
1640         return (s->vga.ar_flip_flop << 7);
1641     case 0x19:			// Interlace End
1642     case 0x1a:			// Miscellaneous Control
1643     case 0x1b:			// Extended Display Control
1644     case 0x1c:			// Sync Adjust and Genlock
1645     case 0x1d:			// Overlay Extended Control
1646     case 0x22:			// Graphics Data Latches Readback (R)
1647     case 0x25:			// Part Status
1648     case 0x27:			// Part ID (R)
1649 	return s->vga.cr[s->vga.cr_index];
1650     case 0x26:			// Attribute Controller Index Readback (R)
1651 	return s->vga.ar_index & 0x3f;
1652 	break;
1653     default:
1654 #ifdef DEBUG_CIRRUS
1655 	printf("cirrus: inport cr_index %02x\n", reg_index);
1656 #endif
1657 	return 0xff;
1658     }
1659 }
1660 
1661 static void cirrus_vga_write_cr(CirrusVGAState * s, int reg_value)
1662 {
1663     switch (s->vga.cr_index) {
1664     case 0x00:			// Standard VGA
1665     case 0x01:			// Standard VGA
1666     case 0x02:			// Standard VGA
1667     case 0x03:			// Standard VGA
1668     case 0x04:			// Standard VGA
1669     case 0x05:			// Standard VGA
1670     case 0x06:			// Standard VGA
1671     case 0x07:			// Standard VGA
1672     case 0x08:			// Standard VGA
1673     case 0x09:			// Standard VGA
1674     case 0x0a:			// Standard VGA
1675     case 0x0b:			// Standard VGA
1676     case 0x0c:			// Standard VGA
1677     case 0x0d:			// Standard VGA
1678     case 0x0e:			// Standard VGA
1679     case 0x0f:			// Standard VGA
1680     case 0x10:			// Standard VGA
1681     case 0x11:			// Standard VGA
1682     case 0x12:			// Standard VGA
1683     case 0x13:			// Standard VGA
1684     case 0x14:			// Standard VGA
1685     case 0x15:			// Standard VGA
1686     case 0x16:			// Standard VGA
1687     case 0x17:			// Standard VGA
1688     case 0x18:			// Standard VGA
1689 	/* handle CR0-7 protection */
1690 	if ((s->vga.cr[0x11] & 0x80) && s->vga.cr_index <= 7) {
1691 	    /* can always write bit 4 of CR7 */
1692 	    if (s->vga.cr_index == 7)
1693 		s->vga.cr[7] = (s->vga.cr[7] & ~0x10) | (reg_value & 0x10);
1694 	    return;
1695 	}
1696 	s->vga.cr[s->vga.cr_index] = reg_value;
1697 	switch(s->vga.cr_index) {
1698 	case 0x00:
1699 	case 0x04:
1700 	case 0x05:
1701 	case 0x06:
1702 	case 0x07:
1703 	case 0x11:
1704 	case 0x17:
1705 	    s->vga.update_retrace_info(&s->vga);
1706 	    break;
1707 	}
1708         break;
1709     case 0x19:			// Interlace End
1710     case 0x1a:			// Miscellaneous Control
1711     case 0x1b:			// Extended Display Control
1712     case 0x1c:			// Sync Adjust and Genlock
1713     case 0x1d:			// Overlay Extended Control
1714 	s->vga.cr[s->vga.cr_index] = reg_value;
1715 #ifdef DEBUG_CIRRUS
1716 	printf("cirrus: handled outport cr_index %02x, cr_value %02x\n",
1717 	       s->vga.cr_index, reg_value);
1718 #endif
1719 	break;
1720     case 0x22:			// Graphics Data Latches Readback (R)
1721     case 0x24:			// Attribute Controller Toggle Readback (R)
1722     case 0x26:			// Attribute Controller Index Readback (R)
1723     case 0x27:			// Part ID (R)
1724 	break;
1725     case 0x25:			// Part Status
1726     default:
1727 #ifdef DEBUG_CIRRUS
1728 	printf("cirrus: outport cr_index %02x, cr_value %02x\n",
1729                s->vga.cr_index, reg_value);
1730 #endif
1731 	break;
1732     }
1733 }
1734 
1735 /***************************************
1736  *
1737  *  memory-mapped I/O (bitblt)
1738  *
1739  ***************************************/
1740 
1741 static uint8_t cirrus_mmio_blt_read(CirrusVGAState * s, unsigned address)
1742 {
1743     int value = 0xff;
1744 
1745     switch (address) {
1746     case (CIRRUS_MMIO_BLTBGCOLOR + 0):
1747 	value = cirrus_vga_read_gr(s, 0x00);
1748 	break;
1749     case (CIRRUS_MMIO_BLTBGCOLOR + 1):
1750 	value = cirrus_vga_read_gr(s, 0x10);
1751 	break;
1752     case (CIRRUS_MMIO_BLTBGCOLOR + 2):
1753 	value = cirrus_vga_read_gr(s, 0x12);
1754 	break;
1755     case (CIRRUS_MMIO_BLTBGCOLOR + 3):
1756 	value = cirrus_vga_read_gr(s, 0x14);
1757 	break;
1758     case (CIRRUS_MMIO_BLTFGCOLOR + 0):
1759 	value = cirrus_vga_read_gr(s, 0x01);
1760 	break;
1761     case (CIRRUS_MMIO_BLTFGCOLOR + 1):
1762 	value = cirrus_vga_read_gr(s, 0x11);
1763 	break;
1764     case (CIRRUS_MMIO_BLTFGCOLOR + 2):
1765 	value = cirrus_vga_read_gr(s, 0x13);
1766 	break;
1767     case (CIRRUS_MMIO_BLTFGCOLOR + 3):
1768 	value = cirrus_vga_read_gr(s, 0x15);
1769 	break;
1770     case (CIRRUS_MMIO_BLTWIDTH + 0):
1771 	value = cirrus_vga_read_gr(s, 0x20);
1772 	break;
1773     case (CIRRUS_MMIO_BLTWIDTH + 1):
1774 	value = cirrus_vga_read_gr(s, 0x21);
1775 	break;
1776     case (CIRRUS_MMIO_BLTHEIGHT + 0):
1777 	value = cirrus_vga_read_gr(s, 0x22);
1778 	break;
1779     case (CIRRUS_MMIO_BLTHEIGHT + 1):
1780 	value = cirrus_vga_read_gr(s, 0x23);
1781 	break;
1782     case (CIRRUS_MMIO_BLTDESTPITCH + 0):
1783 	value = cirrus_vga_read_gr(s, 0x24);
1784 	break;
1785     case (CIRRUS_MMIO_BLTDESTPITCH + 1):
1786 	value = cirrus_vga_read_gr(s, 0x25);
1787 	break;
1788     case (CIRRUS_MMIO_BLTSRCPITCH + 0):
1789 	value = cirrus_vga_read_gr(s, 0x26);
1790 	break;
1791     case (CIRRUS_MMIO_BLTSRCPITCH + 1):
1792 	value = cirrus_vga_read_gr(s, 0x27);
1793 	break;
1794     case (CIRRUS_MMIO_BLTDESTADDR + 0):
1795 	value = cirrus_vga_read_gr(s, 0x28);
1796 	break;
1797     case (CIRRUS_MMIO_BLTDESTADDR + 1):
1798 	value = cirrus_vga_read_gr(s, 0x29);
1799 	break;
1800     case (CIRRUS_MMIO_BLTDESTADDR + 2):
1801 	value = cirrus_vga_read_gr(s, 0x2a);
1802 	break;
1803     case (CIRRUS_MMIO_BLTSRCADDR + 0):
1804 	value = cirrus_vga_read_gr(s, 0x2c);
1805 	break;
1806     case (CIRRUS_MMIO_BLTSRCADDR + 1):
1807 	value = cirrus_vga_read_gr(s, 0x2d);
1808 	break;
1809     case (CIRRUS_MMIO_BLTSRCADDR + 2):
1810 	value = cirrus_vga_read_gr(s, 0x2e);
1811 	break;
1812     case CIRRUS_MMIO_BLTWRITEMASK:
1813 	value = cirrus_vga_read_gr(s, 0x2f);
1814 	break;
1815     case CIRRUS_MMIO_BLTMODE:
1816 	value = cirrus_vga_read_gr(s, 0x30);
1817 	break;
1818     case CIRRUS_MMIO_BLTROP:
1819 	value = cirrus_vga_read_gr(s, 0x32);
1820 	break;
1821     case CIRRUS_MMIO_BLTMODEEXT:
1822 	value = cirrus_vga_read_gr(s, 0x33);
1823 	break;
1824     case (CIRRUS_MMIO_BLTTRANSPARENTCOLOR + 0):
1825 	value = cirrus_vga_read_gr(s, 0x34);
1826 	break;
1827     case (CIRRUS_MMIO_BLTTRANSPARENTCOLOR + 1):
1828 	value = cirrus_vga_read_gr(s, 0x35);
1829 	break;
1830     case (CIRRUS_MMIO_BLTTRANSPARENTCOLORMASK + 0):
1831 	value = cirrus_vga_read_gr(s, 0x38);
1832 	break;
1833     case (CIRRUS_MMIO_BLTTRANSPARENTCOLORMASK + 1):
1834 	value = cirrus_vga_read_gr(s, 0x39);
1835 	break;
1836     case CIRRUS_MMIO_BLTSTATUS:
1837 	value = cirrus_vga_read_gr(s, 0x31);
1838 	break;
1839     default:
1840 #ifdef DEBUG_CIRRUS
1841 	printf("cirrus: mmio read - address 0x%04x\n", address);
1842 #endif
1843 	break;
1844     }
1845 
1846     trace_vga_cirrus_write_blt(address, value);
1847     return (uint8_t) value;
1848 }
1849 
1850 static void cirrus_mmio_blt_write(CirrusVGAState * s, unsigned address,
1851 				  uint8_t value)
1852 {
1853     trace_vga_cirrus_write_blt(address, value);
1854     switch (address) {
1855     case (CIRRUS_MMIO_BLTBGCOLOR + 0):
1856 	cirrus_vga_write_gr(s, 0x00, value);
1857 	break;
1858     case (CIRRUS_MMIO_BLTBGCOLOR + 1):
1859 	cirrus_vga_write_gr(s, 0x10, value);
1860 	break;
1861     case (CIRRUS_MMIO_BLTBGCOLOR + 2):
1862 	cirrus_vga_write_gr(s, 0x12, value);
1863 	break;
1864     case (CIRRUS_MMIO_BLTBGCOLOR + 3):
1865 	cirrus_vga_write_gr(s, 0x14, value);
1866 	break;
1867     case (CIRRUS_MMIO_BLTFGCOLOR + 0):
1868 	cirrus_vga_write_gr(s, 0x01, value);
1869 	break;
1870     case (CIRRUS_MMIO_BLTFGCOLOR + 1):
1871 	cirrus_vga_write_gr(s, 0x11, value);
1872 	break;
1873     case (CIRRUS_MMIO_BLTFGCOLOR + 2):
1874 	cirrus_vga_write_gr(s, 0x13, value);
1875 	break;
1876     case (CIRRUS_MMIO_BLTFGCOLOR + 3):
1877 	cirrus_vga_write_gr(s, 0x15, value);
1878 	break;
1879     case (CIRRUS_MMIO_BLTWIDTH + 0):
1880 	cirrus_vga_write_gr(s, 0x20, value);
1881 	break;
1882     case (CIRRUS_MMIO_BLTWIDTH + 1):
1883 	cirrus_vga_write_gr(s, 0x21, value);
1884 	break;
1885     case (CIRRUS_MMIO_BLTHEIGHT + 0):
1886 	cirrus_vga_write_gr(s, 0x22, value);
1887 	break;
1888     case (CIRRUS_MMIO_BLTHEIGHT + 1):
1889 	cirrus_vga_write_gr(s, 0x23, value);
1890 	break;
1891     case (CIRRUS_MMIO_BLTDESTPITCH + 0):
1892 	cirrus_vga_write_gr(s, 0x24, value);
1893 	break;
1894     case (CIRRUS_MMIO_BLTDESTPITCH + 1):
1895 	cirrus_vga_write_gr(s, 0x25, value);
1896 	break;
1897     case (CIRRUS_MMIO_BLTSRCPITCH + 0):
1898 	cirrus_vga_write_gr(s, 0x26, value);
1899 	break;
1900     case (CIRRUS_MMIO_BLTSRCPITCH + 1):
1901 	cirrus_vga_write_gr(s, 0x27, value);
1902 	break;
1903     case (CIRRUS_MMIO_BLTDESTADDR + 0):
1904 	cirrus_vga_write_gr(s, 0x28, value);
1905 	break;
1906     case (CIRRUS_MMIO_BLTDESTADDR + 1):
1907 	cirrus_vga_write_gr(s, 0x29, value);
1908 	break;
1909     case (CIRRUS_MMIO_BLTDESTADDR + 2):
1910 	cirrus_vga_write_gr(s, 0x2a, value);
1911 	break;
1912     case (CIRRUS_MMIO_BLTDESTADDR + 3):
1913 	/* ignored */
1914 	break;
1915     case (CIRRUS_MMIO_BLTSRCADDR + 0):
1916 	cirrus_vga_write_gr(s, 0x2c, value);
1917 	break;
1918     case (CIRRUS_MMIO_BLTSRCADDR + 1):
1919 	cirrus_vga_write_gr(s, 0x2d, value);
1920 	break;
1921     case (CIRRUS_MMIO_BLTSRCADDR + 2):
1922 	cirrus_vga_write_gr(s, 0x2e, value);
1923 	break;
1924     case CIRRUS_MMIO_BLTWRITEMASK:
1925 	cirrus_vga_write_gr(s, 0x2f, value);
1926 	break;
1927     case CIRRUS_MMIO_BLTMODE:
1928 	cirrus_vga_write_gr(s, 0x30, value);
1929 	break;
1930     case CIRRUS_MMIO_BLTROP:
1931 	cirrus_vga_write_gr(s, 0x32, value);
1932 	break;
1933     case CIRRUS_MMIO_BLTMODEEXT:
1934 	cirrus_vga_write_gr(s, 0x33, value);
1935 	break;
1936     case (CIRRUS_MMIO_BLTTRANSPARENTCOLOR + 0):
1937 	cirrus_vga_write_gr(s, 0x34, value);
1938 	break;
1939     case (CIRRUS_MMIO_BLTTRANSPARENTCOLOR + 1):
1940 	cirrus_vga_write_gr(s, 0x35, value);
1941 	break;
1942     case (CIRRUS_MMIO_BLTTRANSPARENTCOLORMASK + 0):
1943 	cirrus_vga_write_gr(s, 0x38, value);
1944 	break;
1945     case (CIRRUS_MMIO_BLTTRANSPARENTCOLORMASK + 1):
1946 	cirrus_vga_write_gr(s, 0x39, value);
1947 	break;
1948     case CIRRUS_MMIO_BLTSTATUS:
1949 	cirrus_vga_write_gr(s, 0x31, value);
1950 	break;
1951     default:
1952 #ifdef DEBUG_CIRRUS
1953 	printf("cirrus: mmio write - addr 0x%04x val 0x%02x (ignored)\n",
1954 	       address, value);
1955 #endif
1956 	break;
1957     }
1958 }
1959 
1960 /***************************************
1961  *
1962  *  write mode 4/5
1963  *
1964  ***************************************/
1965 
1966 static void cirrus_mem_writeb_mode4and5_8bpp(CirrusVGAState * s,
1967 					     unsigned mode,
1968 					     unsigned offset,
1969 					     uint32_t mem_value)
1970 {
1971     int x;
1972     unsigned val = mem_value;
1973     uint8_t *dst;
1974 
1975     for (x = 0; x < 8; x++) {
1976         dst = s->vga.vram_ptr + ((offset + x) & s->cirrus_addr_mask);
1977 	if (val & 0x80) {
1978 	    *dst = s->cirrus_shadow_gr1;
1979 	} else if (mode == 5) {
1980 	    *dst = s->cirrus_shadow_gr0;
1981 	}
1982 	val <<= 1;
1983     }
1984     memory_region_set_dirty(&s->vga.vram, offset, 8);
1985 }
1986 
1987 static void cirrus_mem_writeb_mode4and5_16bpp(CirrusVGAState * s,
1988 					      unsigned mode,
1989 					      unsigned offset,
1990 					      uint32_t mem_value)
1991 {
1992     int x;
1993     unsigned val = mem_value;
1994     uint8_t *dst;
1995 
1996     for (x = 0; x < 8; x++) {
1997         dst = s->vga.vram_ptr + ((offset + 2 * x) & s->cirrus_addr_mask & ~1);
1998 	if (val & 0x80) {
1999 	    *dst = s->cirrus_shadow_gr1;
2000 	    *(dst + 1) = s->vga.gr[0x11];
2001 	} else if (mode == 5) {
2002 	    *dst = s->cirrus_shadow_gr0;
2003 	    *(dst + 1) = s->vga.gr[0x10];
2004 	}
2005 	val <<= 1;
2006     }
2007     memory_region_set_dirty(&s->vga.vram, offset, 16);
2008 }
2009 
2010 /***************************************
2011  *
2012  *  memory access between 0xa0000-0xbffff
2013  *
2014  ***************************************/
2015 
2016 static uint64_t cirrus_vga_mem_read(void *opaque,
2017                                     hwaddr addr,
2018                                     uint32_t size)
2019 {
2020     CirrusVGAState *s = opaque;
2021     unsigned bank_index;
2022     unsigned bank_offset;
2023     uint32_t val;
2024 
2025     if ((s->vga.sr[0x07] & 0x01) == 0) {
2026         return vga_mem_readb(&s->vga, addr);
2027     }
2028 
2029     if (addr < 0x10000) {
2030 	/* XXX handle bitblt */
2031 	/* video memory */
2032 	bank_index = addr >> 15;
2033 	bank_offset = addr & 0x7fff;
2034 	if (bank_offset < s->cirrus_bank_limit[bank_index]) {
2035 	    bank_offset += s->cirrus_bank_base[bank_index];
2036 	    if ((s->vga.gr[0x0B] & 0x14) == 0x14) {
2037 		bank_offset <<= 4;
2038 	    } else if (s->vga.gr[0x0B] & 0x02) {
2039 		bank_offset <<= 3;
2040 	    }
2041 	    bank_offset &= s->cirrus_addr_mask;
2042 	    val = *(s->vga.vram_ptr + bank_offset);
2043 	} else
2044 	    val = 0xff;
2045     } else if (addr >= 0x18000 && addr < 0x18100) {
2046 	/* memory-mapped I/O */
2047 	val = 0xff;
2048 	if ((s->vga.sr[0x17] & 0x44) == 0x04) {
2049 	    val = cirrus_mmio_blt_read(s, addr & 0xff);
2050 	}
2051     } else {
2052 	val = 0xff;
2053 #ifdef DEBUG_CIRRUS
2054 	printf("cirrus: mem_readb " TARGET_FMT_plx "\n", addr);
2055 #endif
2056     }
2057     return val;
2058 }
2059 
2060 static void cirrus_vga_mem_write(void *opaque,
2061                                  hwaddr addr,
2062                                  uint64_t mem_value,
2063                                  uint32_t size)
2064 {
2065     CirrusVGAState *s = opaque;
2066     unsigned bank_index;
2067     unsigned bank_offset;
2068     unsigned mode;
2069 
2070     if ((s->vga.sr[0x07] & 0x01) == 0) {
2071         vga_mem_writeb(&s->vga, addr, mem_value);
2072         return;
2073     }
2074 
2075     if (addr < 0x10000) {
2076 	if (s->cirrus_srcptr != s->cirrus_srcptr_end) {
2077 	    /* bitblt */
2078 	    *s->cirrus_srcptr++ = (uint8_t) mem_value;
2079 	    if (s->cirrus_srcptr >= s->cirrus_srcptr_end) {
2080 		cirrus_bitblt_cputovideo_next(s);
2081 	    }
2082 	} else {
2083 	    /* video memory */
2084 	    bank_index = addr >> 15;
2085 	    bank_offset = addr & 0x7fff;
2086 	    if (bank_offset < s->cirrus_bank_limit[bank_index]) {
2087 		bank_offset += s->cirrus_bank_base[bank_index];
2088 		if ((s->vga.gr[0x0B] & 0x14) == 0x14) {
2089 		    bank_offset <<= 4;
2090 		} else if (s->vga.gr[0x0B] & 0x02) {
2091 		    bank_offset <<= 3;
2092 		}
2093 		bank_offset &= s->cirrus_addr_mask;
2094 		mode = s->vga.gr[0x05] & 0x7;
2095 		if (mode < 4 || mode > 5 || ((s->vga.gr[0x0B] & 0x4) == 0)) {
2096 		    *(s->vga.vram_ptr + bank_offset) = mem_value;
2097                     memory_region_set_dirty(&s->vga.vram, bank_offset,
2098                                             sizeof(mem_value));
2099 		} else {
2100 		    if ((s->vga.gr[0x0B] & 0x14) != 0x14) {
2101 			cirrus_mem_writeb_mode4and5_8bpp(s, mode,
2102 							 bank_offset,
2103 							 mem_value);
2104 		    } else {
2105 			cirrus_mem_writeb_mode4and5_16bpp(s, mode,
2106 							  bank_offset,
2107 							  mem_value);
2108 		    }
2109 		}
2110 	    }
2111 	}
2112     } else if (addr >= 0x18000 && addr < 0x18100) {
2113 	/* memory-mapped I/O */
2114 	if ((s->vga.sr[0x17] & 0x44) == 0x04) {
2115 	    cirrus_mmio_blt_write(s, addr & 0xff, mem_value);
2116 	}
2117     } else {
2118 #ifdef DEBUG_CIRRUS
2119         printf("cirrus: mem_writeb " TARGET_FMT_plx " value 0x%02" PRIu64 "\n", addr,
2120                mem_value);
2121 #endif
2122     }
2123 }
2124 
2125 static const MemoryRegionOps cirrus_vga_mem_ops = {
2126     .read = cirrus_vga_mem_read,
2127     .write = cirrus_vga_mem_write,
2128     .endianness = DEVICE_LITTLE_ENDIAN,
2129     .impl = {
2130         .min_access_size = 1,
2131         .max_access_size = 1,
2132     },
2133 };
2134 
2135 /***************************************
2136  *
2137  *  hardware cursor
2138  *
2139  ***************************************/
2140 
2141 static inline void invalidate_cursor1(CirrusVGAState *s)
2142 {
2143     if (s->last_hw_cursor_size) {
2144         vga_invalidate_scanlines(&s->vga,
2145                                  s->last_hw_cursor_y + s->last_hw_cursor_y_start,
2146                                  s->last_hw_cursor_y + s->last_hw_cursor_y_end);
2147     }
2148 }
2149 
2150 static inline void cirrus_cursor_compute_yrange(CirrusVGAState *s)
2151 {
2152     const uint8_t *src;
2153     uint32_t content;
2154     int y, y_min, y_max;
2155 
2156     src = s->vga.vram_ptr + s->real_vram_size - 16 * KiB;
2157     if (s->vga.sr[0x12] & CIRRUS_CURSOR_LARGE) {
2158         src += (s->vga.sr[0x13] & 0x3c) * 256;
2159         y_min = 64;
2160         y_max = -1;
2161         for(y = 0; y < 64; y++) {
2162             content = ((uint32_t *)src)[0] |
2163                 ((uint32_t *)src)[1] |
2164                 ((uint32_t *)src)[2] |
2165                 ((uint32_t *)src)[3];
2166             if (content) {
2167                 if (y < y_min)
2168                     y_min = y;
2169                 if (y > y_max)
2170                     y_max = y;
2171             }
2172             src += 16;
2173         }
2174     } else {
2175         src += (s->vga.sr[0x13] & 0x3f) * 256;
2176         y_min = 32;
2177         y_max = -1;
2178         for(y = 0; y < 32; y++) {
2179             content = ((uint32_t *)src)[0] |
2180                 ((uint32_t *)(src + 128))[0];
2181             if (content) {
2182                 if (y < y_min)
2183                     y_min = y;
2184                 if (y > y_max)
2185                     y_max = y;
2186             }
2187             src += 4;
2188         }
2189     }
2190     if (y_min > y_max) {
2191         s->last_hw_cursor_y_start = 0;
2192         s->last_hw_cursor_y_end = 0;
2193     } else {
2194         s->last_hw_cursor_y_start = y_min;
2195         s->last_hw_cursor_y_end = y_max + 1;
2196     }
2197 }
2198 
2199 /* NOTE: we do not currently handle the cursor bitmap change, so we
2200    update the cursor only if it moves. */
2201 static void cirrus_cursor_invalidate(VGACommonState *s1)
2202 {
2203     CirrusVGAState *s = container_of(s1, CirrusVGAState, vga);
2204     int size;
2205 
2206     if (!(s->vga.sr[0x12] & CIRRUS_CURSOR_SHOW)) {
2207         size = 0;
2208     } else {
2209         if (s->vga.sr[0x12] & CIRRUS_CURSOR_LARGE)
2210             size = 64;
2211         else
2212             size = 32;
2213     }
2214     /* invalidate last cursor and new cursor if any change */
2215     if (s->last_hw_cursor_size != size ||
2216         s->last_hw_cursor_x != s->vga.hw_cursor_x ||
2217         s->last_hw_cursor_y != s->vga.hw_cursor_y) {
2218 
2219         invalidate_cursor1(s);
2220 
2221         s->last_hw_cursor_size = size;
2222         s->last_hw_cursor_x = s->vga.hw_cursor_x;
2223         s->last_hw_cursor_y = s->vga.hw_cursor_y;
2224         /* compute the real cursor min and max y */
2225         cirrus_cursor_compute_yrange(s);
2226         invalidate_cursor1(s);
2227     }
2228 }
2229 
2230 static void vga_draw_cursor_line(uint8_t *d1,
2231                                  const uint8_t *src1,
2232                                  int poffset, int w,
2233                                  unsigned int color0,
2234                                  unsigned int color1,
2235                                  unsigned int color_xor)
2236 {
2237     const uint8_t *plane0, *plane1;
2238     int x, b0, b1;
2239     uint8_t *d;
2240 
2241     d = d1;
2242     plane0 = src1;
2243     plane1 = src1 + poffset;
2244     for (x = 0; x < w; x++) {
2245         b0 = (plane0[x >> 3] >> (7 - (x & 7))) & 1;
2246         b1 = (plane1[x >> 3] >> (7 - (x & 7))) & 1;
2247         switch (b0 | (b1 << 1)) {
2248         case 0:
2249             break;
2250         case 1:
2251             ((uint32_t *)d)[0] ^= color_xor;
2252             break;
2253         case 2:
2254             ((uint32_t *)d)[0] = color0;
2255             break;
2256         case 3:
2257             ((uint32_t *)d)[0] = color1;
2258             break;
2259         }
2260         d += 4;
2261     }
2262 }
2263 
2264 static void cirrus_cursor_draw_line(VGACommonState *s1, uint8_t *d1, int scr_y)
2265 {
2266     CirrusVGAState *s = container_of(s1, CirrusVGAState, vga);
2267     int w, h, x1, x2, poffset;
2268     unsigned int color0, color1;
2269     const uint8_t *palette, *src;
2270     uint32_t content;
2271 
2272     if (!(s->vga.sr[0x12] & CIRRUS_CURSOR_SHOW))
2273         return;
2274     /* fast test to see if the cursor intersects with the scan line */
2275     if (s->vga.sr[0x12] & CIRRUS_CURSOR_LARGE) {
2276         h = 64;
2277     } else {
2278         h = 32;
2279     }
2280     if (scr_y < s->vga.hw_cursor_y ||
2281         scr_y >= (s->vga.hw_cursor_y + h)) {
2282         return;
2283     }
2284 
2285     src = s->vga.vram_ptr + s->real_vram_size - 16 * KiB;
2286     if (s->vga.sr[0x12] & CIRRUS_CURSOR_LARGE) {
2287         src += (s->vga.sr[0x13] & 0x3c) * 256;
2288         src += (scr_y - s->vga.hw_cursor_y) * 16;
2289         poffset = 8;
2290         content = ((uint32_t *)src)[0] |
2291             ((uint32_t *)src)[1] |
2292             ((uint32_t *)src)[2] |
2293             ((uint32_t *)src)[3];
2294     } else {
2295         src += (s->vga.sr[0x13] & 0x3f) * 256;
2296         src += (scr_y - s->vga.hw_cursor_y) * 4;
2297 
2298 
2299         poffset = 128;
2300         content = ((uint32_t *)src)[0] |
2301             ((uint32_t *)(src + 128))[0];
2302     }
2303     /* if nothing to draw, no need to continue */
2304     if (!content)
2305         return;
2306     w = h;
2307 
2308     x1 = s->vga.hw_cursor_x;
2309     if (x1 >= s->vga.last_scr_width)
2310         return;
2311     x2 = s->vga.hw_cursor_x + w;
2312     if (x2 > s->vga.last_scr_width)
2313         x2 = s->vga.last_scr_width;
2314     w = x2 - x1;
2315     palette = s->cirrus_hidden_palette;
2316     color0 = rgb_to_pixel32(c6_to_8(palette[0x0 * 3]),
2317                             c6_to_8(palette[0x0 * 3 + 1]),
2318                             c6_to_8(palette[0x0 * 3 + 2]));
2319     color1 = rgb_to_pixel32(c6_to_8(palette[0xf * 3]),
2320                             c6_to_8(palette[0xf * 3 + 1]),
2321                             c6_to_8(palette[0xf * 3 + 2]));
2322     d1 += x1 * 4;
2323     vga_draw_cursor_line(d1, src, poffset, w, color0, color1, 0xffffff);
2324 }
2325 
2326 /***************************************
2327  *
2328  *  LFB memory access
2329  *
2330  ***************************************/
2331 
2332 static uint64_t cirrus_linear_read(void *opaque, hwaddr addr,
2333                                    unsigned size)
2334 {
2335     CirrusVGAState *s = opaque;
2336     uint32_t ret;
2337 
2338     addr &= s->cirrus_addr_mask;
2339 
2340     if (((s->vga.sr[0x17] & 0x44) == 0x44) &&
2341         ((addr & s->linear_mmio_mask) == s->linear_mmio_mask)) {
2342 	/* memory-mapped I/O */
2343 	ret = cirrus_mmio_blt_read(s, addr & 0xff);
2344     } else if (0) {
2345 	/* XXX handle bitblt */
2346 	ret = 0xff;
2347     } else {
2348 	/* video memory */
2349 	if ((s->vga.gr[0x0B] & 0x14) == 0x14) {
2350 	    addr <<= 4;
2351 	} else if (s->vga.gr[0x0B] & 0x02) {
2352 	    addr <<= 3;
2353 	}
2354 	addr &= s->cirrus_addr_mask;
2355 	ret = *(s->vga.vram_ptr + addr);
2356     }
2357 
2358     return ret;
2359 }
2360 
2361 static void cirrus_linear_write(void *opaque, hwaddr addr,
2362                                 uint64_t val, unsigned size)
2363 {
2364     CirrusVGAState *s = opaque;
2365     unsigned mode;
2366 
2367     addr &= s->cirrus_addr_mask;
2368 
2369     if (((s->vga.sr[0x17] & 0x44) == 0x44) &&
2370         ((addr & s->linear_mmio_mask) ==  s->linear_mmio_mask)) {
2371 	/* memory-mapped I/O */
2372 	cirrus_mmio_blt_write(s, addr & 0xff, val);
2373     } else if (s->cirrus_srcptr != s->cirrus_srcptr_end) {
2374 	/* bitblt */
2375 	*s->cirrus_srcptr++ = (uint8_t) val;
2376 	if (s->cirrus_srcptr >= s->cirrus_srcptr_end) {
2377 	    cirrus_bitblt_cputovideo_next(s);
2378 	}
2379     } else {
2380 	/* video memory */
2381 	if ((s->vga.gr[0x0B] & 0x14) == 0x14) {
2382 	    addr <<= 4;
2383 	} else if (s->vga.gr[0x0B] & 0x02) {
2384 	    addr <<= 3;
2385 	}
2386 	addr &= s->cirrus_addr_mask;
2387 
2388 	mode = s->vga.gr[0x05] & 0x7;
2389 	if (mode < 4 || mode > 5 || ((s->vga.gr[0x0B] & 0x4) == 0)) {
2390 	    *(s->vga.vram_ptr + addr) = (uint8_t) val;
2391             memory_region_set_dirty(&s->vga.vram, addr, 1);
2392 	} else {
2393 	    if ((s->vga.gr[0x0B] & 0x14) != 0x14) {
2394 		cirrus_mem_writeb_mode4and5_8bpp(s, mode, addr, val);
2395 	    } else {
2396 		cirrus_mem_writeb_mode4and5_16bpp(s, mode, addr, val);
2397 	    }
2398 	}
2399     }
2400 }
2401 
2402 /***************************************
2403  *
2404  *  system to screen memory access
2405  *
2406  ***************************************/
2407 
2408 
2409 static uint64_t cirrus_linear_bitblt_read(void *opaque,
2410                                           hwaddr addr,
2411                                           unsigned size)
2412 {
2413     CirrusVGAState *s = opaque;
2414     uint32_t ret;
2415 
2416     /* XXX handle bitblt */
2417     (void)s;
2418     ret = 0xff;
2419     return ret;
2420 }
2421 
2422 static void cirrus_linear_bitblt_write(void *opaque,
2423                                        hwaddr addr,
2424                                        uint64_t val,
2425                                        unsigned size)
2426 {
2427     CirrusVGAState *s = opaque;
2428 
2429     if (s->cirrus_srcptr != s->cirrus_srcptr_end) {
2430 	/* bitblt */
2431 	*s->cirrus_srcptr++ = (uint8_t) val;
2432 	if (s->cirrus_srcptr >= s->cirrus_srcptr_end) {
2433 	    cirrus_bitblt_cputovideo_next(s);
2434 	}
2435     }
2436 }
2437 
2438 static const MemoryRegionOps cirrus_linear_bitblt_io_ops = {
2439     .read = cirrus_linear_bitblt_read,
2440     .write = cirrus_linear_bitblt_write,
2441     .endianness = DEVICE_LITTLE_ENDIAN,
2442     .impl = {
2443         .min_access_size = 1,
2444         .max_access_size = 1,
2445     },
2446 };
2447 
2448 static void map_linear_vram_bank(CirrusVGAState *s, unsigned bank)
2449 {
2450     MemoryRegion *mr = &s->cirrus_bank[bank];
2451     bool enabled = !(s->cirrus_srcptr != s->cirrus_srcptr_end)
2452         && !((s->vga.sr[0x07] & 0x01) == 0)
2453         && !((s->vga.gr[0x0B] & 0x14) == 0x14)
2454         && !(s->vga.gr[0x0B] & 0x02);
2455 
2456     memory_region_set_enabled(mr, enabled);
2457     memory_region_set_alias_offset(mr, s->cirrus_bank_base[bank]);
2458 }
2459 
2460 static void map_linear_vram(CirrusVGAState *s)
2461 {
2462     if (s->bustype == CIRRUS_BUSTYPE_PCI && !s->linear_vram) {
2463         s->linear_vram = true;
2464         memory_region_add_subregion_overlap(&s->pci_bar, 0, &s->vga.vram, 1);
2465     }
2466     map_linear_vram_bank(s, 0);
2467     map_linear_vram_bank(s, 1);
2468 }
2469 
2470 static void unmap_linear_vram(CirrusVGAState *s)
2471 {
2472     if (s->bustype == CIRRUS_BUSTYPE_PCI && s->linear_vram) {
2473         s->linear_vram = false;
2474         memory_region_del_subregion(&s->pci_bar, &s->vga.vram);
2475     }
2476     memory_region_set_enabled(&s->cirrus_bank[0], false);
2477     memory_region_set_enabled(&s->cirrus_bank[1], false);
2478 }
2479 
2480 /* Compute the memory access functions */
2481 static void cirrus_update_memory_access(CirrusVGAState *s)
2482 {
2483     unsigned mode;
2484 
2485     memory_region_transaction_begin();
2486     if ((s->vga.sr[0x17] & 0x44) == 0x44) {
2487         goto generic_io;
2488     } else if (s->cirrus_srcptr != s->cirrus_srcptr_end) {
2489         goto generic_io;
2490     } else {
2491 	if ((s->vga.gr[0x0B] & 0x14) == 0x14) {
2492             goto generic_io;
2493 	} else if (s->vga.gr[0x0B] & 0x02) {
2494             goto generic_io;
2495         }
2496 
2497 	mode = s->vga.gr[0x05] & 0x7;
2498 	if (mode < 4 || mode > 5 || ((s->vga.gr[0x0B] & 0x4) == 0)) {
2499             map_linear_vram(s);
2500         } else {
2501         generic_io:
2502             unmap_linear_vram(s);
2503         }
2504     }
2505     memory_region_transaction_commit();
2506 }
2507 
2508 
2509 /* I/O ports */
2510 
2511 static uint64_t cirrus_vga_ioport_read(void *opaque, hwaddr addr,
2512                                        unsigned size)
2513 {
2514     CirrusVGAState *c = opaque;
2515     VGACommonState *s = &c->vga;
2516     int val, index;
2517 
2518     addr += 0x3b0;
2519 
2520     if (vga_ioport_invalid(s, addr)) {
2521 	val = 0xff;
2522     } else {
2523 	switch (addr) {
2524 	case 0x3c0:
2525 	    if (s->ar_flip_flop == 0) {
2526 		val = s->ar_index;
2527 	    } else {
2528 		val = 0;
2529 	    }
2530 	    break;
2531 	case 0x3c1:
2532 	    index = s->ar_index & 0x1f;
2533 	    if (index < 21)
2534 		val = s->ar[index];
2535 	    else
2536 		val = 0;
2537 	    break;
2538 	case 0x3c2:
2539 	    val = s->st00;
2540 	    break;
2541 	case 0x3c4:
2542 	    val = s->sr_index;
2543 	    break;
2544 	case 0x3c5:
2545 	    val = cirrus_vga_read_sr(c);
2546             break;
2547 #ifdef DEBUG_VGA_REG
2548 	    printf("vga: read SR%x = 0x%02x\n", s->sr_index, val);
2549 #endif
2550 	    break;
2551 	case 0x3c6:
2552 	    val = cirrus_read_hidden_dac(c);
2553 	    break;
2554 	case 0x3c7:
2555 	    val = s->dac_state;
2556 	    break;
2557 	case 0x3c8:
2558 	    val = s->dac_write_index;
2559 	    c->cirrus_hidden_dac_lockindex = 0;
2560 	    break;
2561         case 0x3c9:
2562             val = cirrus_vga_read_palette(c);
2563             break;
2564 	case 0x3ca:
2565 	    val = s->fcr;
2566 	    break;
2567 	case 0x3cc:
2568 	    val = s->msr;
2569 	    break;
2570 	case 0x3ce:
2571 	    val = s->gr_index;
2572 	    break;
2573 	case 0x3cf:
2574 	    val = cirrus_vga_read_gr(c, s->gr_index);
2575 #ifdef DEBUG_VGA_REG
2576 	    printf("vga: read GR%x = 0x%02x\n", s->gr_index, val);
2577 #endif
2578 	    break;
2579 	case 0x3b4:
2580 	case 0x3d4:
2581 	    val = s->cr_index;
2582 	    break;
2583 	case 0x3b5:
2584 	case 0x3d5:
2585             val = cirrus_vga_read_cr(c, s->cr_index);
2586 #ifdef DEBUG_VGA_REG
2587 	    printf("vga: read CR%x = 0x%02x\n", s->cr_index, val);
2588 #endif
2589 	    break;
2590 	case 0x3ba:
2591 	case 0x3da:
2592 	    /* just toggle to fool polling */
2593 	    val = s->st01 = s->retrace(s);
2594 	    s->ar_flip_flop = 0;
2595 	    break;
2596 	default:
2597 	    val = 0x00;
2598 	    break;
2599 	}
2600     }
2601     trace_vga_cirrus_read_io(addr, val);
2602     return val;
2603 }
2604 
2605 static void cirrus_vga_ioport_write(void *opaque, hwaddr addr, uint64_t val,
2606                                     unsigned size)
2607 {
2608     CirrusVGAState *c = opaque;
2609     VGACommonState *s = &c->vga;
2610     int index;
2611 
2612     addr += 0x3b0;
2613 
2614     /* check port range access depending on color/monochrome mode */
2615     if (vga_ioport_invalid(s, addr)) {
2616 	return;
2617     }
2618     trace_vga_cirrus_write_io(addr, val);
2619 
2620     switch (addr) {
2621     case 0x3c0:
2622 	if (s->ar_flip_flop == 0) {
2623 	    val &= 0x3f;
2624 	    s->ar_index = val;
2625 	} else {
2626 	    index = s->ar_index & 0x1f;
2627 	    switch (index) {
2628 	    case 0x00 ... 0x0f:
2629 		s->ar[index] = val & 0x3f;
2630 		break;
2631 	    case 0x10:
2632 		s->ar[index] = val & ~0x10;
2633 		break;
2634 	    case 0x11:
2635 		s->ar[index] = val;
2636 		break;
2637 	    case 0x12:
2638 		s->ar[index] = val & ~0xc0;
2639 		break;
2640 	    case 0x13:
2641 		s->ar[index] = val & ~0xf0;
2642 		break;
2643 	    case 0x14:
2644 		s->ar[index] = val & ~0xf0;
2645 		break;
2646 	    default:
2647 		break;
2648 	    }
2649 	}
2650 	s->ar_flip_flop ^= 1;
2651 	break;
2652     case 0x3c2:
2653 	s->msr = val & ~0x10;
2654 	s->update_retrace_info(s);
2655 	break;
2656     case 0x3c4:
2657 	s->sr_index = val;
2658 	break;
2659     case 0x3c5:
2660 #ifdef DEBUG_VGA_REG
2661 	printf("vga: write SR%x = 0x%02" PRIu64 "\n", s->sr_index, val);
2662 #endif
2663 	cirrus_vga_write_sr(c, val);
2664         break;
2665     case 0x3c6:
2666 	cirrus_write_hidden_dac(c, val);
2667 	break;
2668     case 0x3c7:
2669 	s->dac_read_index = val;
2670 	s->dac_sub_index = 0;
2671 	s->dac_state = 3;
2672 	break;
2673     case 0x3c8:
2674 	s->dac_write_index = val;
2675 	s->dac_sub_index = 0;
2676 	s->dac_state = 0;
2677 	break;
2678     case 0x3c9:
2679         cirrus_vga_write_palette(c, val);
2680         break;
2681     case 0x3ce:
2682 	s->gr_index = val;
2683 	break;
2684     case 0x3cf:
2685 #ifdef DEBUG_VGA_REG
2686 	printf("vga: write GR%x = 0x%02" PRIu64 "\n", s->gr_index, val);
2687 #endif
2688 	cirrus_vga_write_gr(c, s->gr_index, val);
2689 	break;
2690     case 0x3b4:
2691     case 0x3d4:
2692 	s->cr_index = val;
2693 	break;
2694     case 0x3b5:
2695     case 0x3d5:
2696 #ifdef DEBUG_VGA_REG
2697 	printf("vga: write CR%x = 0x%02"PRIu64"\n", s->cr_index, val);
2698 #endif
2699 	cirrus_vga_write_cr(c, val);
2700 	break;
2701     case 0x3ba:
2702     case 0x3da:
2703 	s->fcr = val & 0x10;
2704 	break;
2705     }
2706 }
2707 
2708 /***************************************
2709  *
2710  *  memory-mapped I/O access
2711  *
2712  ***************************************/
2713 
2714 static uint64_t cirrus_mmio_read(void *opaque, hwaddr addr,
2715                                  unsigned size)
2716 {
2717     CirrusVGAState *s = opaque;
2718 
2719     if (addr >= 0x100) {
2720         return cirrus_mmio_blt_read(s, addr - 0x100);
2721     } else {
2722         return cirrus_vga_ioport_read(s, addr + 0x10, size);
2723     }
2724 }
2725 
2726 static void cirrus_mmio_write(void *opaque, hwaddr addr,
2727                               uint64_t val, unsigned size)
2728 {
2729     CirrusVGAState *s = opaque;
2730 
2731     if (addr >= 0x100) {
2732 	cirrus_mmio_blt_write(s, addr - 0x100, val);
2733     } else {
2734         cirrus_vga_ioport_write(s, addr + 0x10, val, size);
2735     }
2736 }
2737 
2738 static const MemoryRegionOps cirrus_mmio_io_ops = {
2739     .read = cirrus_mmio_read,
2740     .write = cirrus_mmio_write,
2741     .endianness = DEVICE_LITTLE_ENDIAN,
2742     .impl = {
2743         .min_access_size = 1,
2744         .max_access_size = 1,
2745     },
2746 };
2747 
2748 /* load/save state */
2749 
2750 static int cirrus_post_load(void *opaque, int version_id)
2751 {
2752     CirrusVGAState *s = opaque;
2753 
2754     s->vga.gr[0x00] = s->cirrus_shadow_gr0 & 0x0f;
2755     s->vga.gr[0x01] = s->cirrus_shadow_gr1 & 0x0f;
2756 
2757     cirrus_update_bank_ptr(s, 0);
2758     cirrus_update_bank_ptr(s, 1);
2759     cirrus_update_memory_access(s);
2760     /* force refresh */
2761     s->vga.graphic_mode = -1;
2762 
2763     return 0;
2764 }
2765 
2766 const VMStateDescription vmstate_cirrus_vga = {
2767     .name = "cirrus_vga",
2768     .version_id = 2,
2769     .minimum_version_id = 1,
2770     .post_load = cirrus_post_load,
2771     .fields = (VMStateField[]) {
2772         VMSTATE_UINT32(vga.latch, CirrusVGAState),
2773         VMSTATE_UINT8(vga.sr_index, CirrusVGAState),
2774         VMSTATE_BUFFER(vga.sr, CirrusVGAState),
2775         VMSTATE_UINT8(vga.gr_index, CirrusVGAState),
2776         VMSTATE_UINT8(cirrus_shadow_gr0, CirrusVGAState),
2777         VMSTATE_UINT8(cirrus_shadow_gr1, CirrusVGAState),
2778         VMSTATE_BUFFER_START_MIDDLE(vga.gr, CirrusVGAState, 2),
2779         VMSTATE_UINT8(vga.ar_index, CirrusVGAState),
2780         VMSTATE_BUFFER(vga.ar, CirrusVGAState),
2781         VMSTATE_INT32(vga.ar_flip_flop, CirrusVGAState),
2782         VMSTATE_UINT8(vga.cr_index, CirrusVGAState),
2783         VMSTATE_BUFFER(vga.cr, CirrusVGAState),
2784         VMSTATE_UINT8(vga.msr, CirrusVGAState),
2785         VMSTATE_UINT8(vga.fcr, CirrusVGAState),
2786         VMSTATE_UINT8(vga.st00, CirrusVGAState),
2787         VMSTATE_UINT8(vga.st01, CirrusVGAState),
2788         VMSTATE_UINT8(vga.dac_state, CirrusVGAState),
2789         VMSTATE_UINT8(vga.dac_sub_index, CirrusVGAState),
2790         VMSTATE_UINT8(vga.dac_read_index, CirrusVGAState),
2791         VMSTATE_UINT8(vga.dac_write_index, CirrusVGAState),
2792         VMSTATE_BUFFER(vga.dac_cache, CirrusVGAState),
2793         VMSTATE_BUFFER(vga.palette, CirrusVGAState),
2794         VMSTATE_INT32(vga.bank_offset, CirrusVGAState),
2795         VMSTATE_UINT8(cirrus_hidden_dac_lockindex, CirrusVGAState),
2796         VMSTATE_UINT8(cirrus_hidden_dac_data, CirrusVGAState),
2797         VMSTATE_UINT32(vga.hw_cursor_x, CirrusVGAState),
2798         VMSTATE_UINT32(vga.hw_cursor_y, CirrusVGAState),
2799         /* XXX: we do not save the bitblt state - we assume we do not save
2800            the state when the blitter is active */
2801         VMSTATE_END_OF_LIST()
2802     }
2803 };
2804 
2805 static const VMStateDescription vmstate_pci_cirrus_vga = {
2806     .name = "cirrus_vga",
2807     .version_id = 2,
2808     .minimum_version_id = 2,
2809     .fields = (VMStateField[]) {
2810         VMSTATE_PCI_DEVICE(dev, PCICirrusVGAState),
2811         VMSTATE_STRUCT(cirrus_vga, PCICirrusVGAState, 0,
2812                        vmstate_cirrus_vga, CirrusVGAState),
2813         VMSTATE_END_OF_LIST()
2814     }
2815 };
2816 
2817 /***************************************
2818  *
2819  *  initialize
2820  *
2821  ***************************************/
2822 
2823 static void cirrus_reset(void *opaque)
2824 {
2825     CirrusVGAState *s = opaque;
2826 
2827     vga_common_reset(&s->vga);
2828     unmap_linear_vram(s);
2829     s->vga.sr[0x06] = 0x0f;
2830     if (s->device_id == CIRRUS_ID_CLGD5446) {
2831         /* 4MB 64 bit memory config, always PCI */
2832         s->vga.sr[0x1F] = 0x2d;		// MemClock
2833         s->vga.gr[0x18] = 0x0f;             // fastest memory configuration
2834         s->vga.sr[0x0f] = 0x98;
2835         s->vga.sr[0x17] = 0x20;
2836         s->vga.sr[0x15] = 0x04; /* memory size, 3=2MB, 4=4MB */
2837     } else {
2838         s->vga.sr[0x1F] = 0x22;		// MemClock
2839         s->vga.sr[0x0F] = CIRRUS_MEMSIZE_2M;
2840         s->vga.sr[0x17] = s->bustype;
2841         s->vga.sr[0x15] = 0x03; /* memory size, 3=2MB, 4=4MB */
2842     }
2843     s->vga.cr[0x27] = s->device_id;
2844 
2845     s->cirrus_hidden_dac_lockindex = 5;
2846     s->cirrus_hidden_dac_data = 0;
2847 }
2848 
2849 static const MemoryRegionOps cirrus_linear_io_ops = {
2850     .read = cirrus_linear_read,
2851     .write = cirrus_linear_write,
2852     .endianness = DEVICE_LITTLE_ENDIAN,
2853     .impl = {
2854         .min_access_size = 1,
2855         .max_access_size = 1,
2856     },
2857 };
2858 
2859 static const MemoryRegionOps cirrus_vga_io_ops = {
2860     .read = cirrus_vga_ioport_read,
2861     .write = cirrus_vga_ioport_write,
2862     .endianness = DEVICE_LITTLE_ENDIAN,
2863     .impl = {
2864         .min_access_size = 1,
2865         .max_access_size = 1,
2866     },
2867 };
2868 
2869 void cirrus_init_common(CirrusVGAState *s, Object *owner,
2870                         int device_id, int is_pci,
2871                         MemoryRegion *system_memory, MemoryRegion *system_io)
2872 {
2873     int i;
2874     static int inited;
2875 
2876     if (!inited) {
2877         inited = 1;
2878         for(i = 0;i < 256; i++)
2879             rop_to_index[i] = CIRRUS_ROP_NOP_INDEX; /* nop rop */
2880         rop_to_index[CIRRUS_ROP_0] = 0;
2881         rop_to_index[CIRRUS_ROP_SRC_AND_DST] = 1;
2882         rop_to_index[CIRRUS_ROP_NOP] = 2;
2883         rop_to_index[CIRRUS_ROP_SRC_AND_NOTDST] = 3;
2884         rop_to_index[CIRRUS_ROP_NOTDST] = 4;
2885         rop_to_index[CIRRUS_ROP_SRC] = 5;
2886         rop_to_index[CIRRUS_ROP_1] = 6;
2887         rop_to_index[CIRRUS_ROP_NOTSRC_AND_DST] = 7;
2888         rop_to_index[CIRRUS_ROP_SRC_XOR_DST] = 8;
2889         rop_to_index[CIRRUS_ROP_SRC_OR_DST] = 9;
2890         rop_to_index[CIRRUS_ROP_NOTSRC_OR_NOTDST] = 10;
2891         rop_to_index[CIRRUS_ROP_SRC_NOTXOR_DST] = 11;
2892         rop_to_index[CIRRUS_ROP_SRC_OR_NOTDST] = 12;
2893         rop_to_index[CIRRUS_ROP_NOTSRC] = 13;
2894         rop_to_index[CIRRUS_ROP_NOTSRC_OR_DST] = 14;
2895         rop_to_index[CIRRUS_ROP_NOTSRC_AND_NOTDST] = 15;
2896         s->device_id = device_id;
2897         if (is_pci)
2898             s->bustype = CIRRUS_BUSTYPE_PCI;
2899         else
2900             s->bustype = CIRRUS_BUSTYPE_ISA;
2901     }
2902 
2903     /* Register ioport 0x3b0 - 0x3df */
2904     memory_region_init_io(&s->cirrus_vga_io, owner, &cirrus_vga_io_ops, s,
2905                           "cirrus-io", 0x30);
2906     memory_region_set_flush_coalesced(&s->cirrus_vga_io);
2907     memory_region_add_subregion(system_io, 0x3b0, &s->cirrus_vga_io);
2908 
2909     memory_region_init(&s->low_mem_container, owner,
2910                        "cirrus-lowmem-container",
2911                        0x20000);
2912 
2913     memory_region_init_io(&s->low_mem, owner, &cirrus_vga_mem_ops, s,
2914                           "cirrus-low-memory", 0x20000);
2915     memory_region_add_subregion(&s->low_mem_container, 0, &s->low_mem);
2916     for (i = 0; i < 2; ++i) {
2917         static const char *names[] = { "vga.bank0", "vga.bank1" };
2918         MemoryRegion *bank = &s->cirrus_bank[i];
2919         memory_region_init_alias(bank, owner, names[i], &s->vga.vram,
2920                                  0, 0x8000);
2921         memory_region_set_enabled(bank, false);
2922         memory_region_add_subregion_overlap(&s->low_mem_container, i * 0x8000,
2923                                             bank, 1);
2924     }
2925     memory_region_add_subregion_overlap(system_memory,
2926                                         0x000a0000,
2927                                         &s->low_mem_container,
2928                                         1);
2929     memory_region_set_coalescing(&s->low_mem);
2930 
2931     /* I/O handler for LFB */
2932     memory_region_init_io(&s->cirrus_linear_io, owner, &cirrus_linear_io_ops, s,
2933                           "cirrus-linear-io", s->vga.vram_size_mb * MiB);
2934     memory_region_set_flush_coalesced(&s->cirrus_linear_io);
2935 
2936     /* I/O handler for LFB */
2937     memory_region_init_io(&s->cirrus_linear_bitblt_io, owner,
2938                           &cirrus_linear_bitblt_io_ops,
2939                           s,
2940                           "cirrus-bitblt-mmio",
2941                           0x400000);
2942     memory_region_set_flush_coalesced(&s->cirrus_linear_bitblt_io);
2943 
2944     /* I/O handler for memory-mapped I/O */
2945     memory_region_init_io(&s->cirrus_mmio_io, owner, &cirrus_mmio_io_ops, s,
2946                           "cirrus-mmio", CIRRUS_PNPMMIO_SIZE);
2947     memory_region_set_flush_coalesced(&s->cirrus_mmio_io);
2948 
2949     s->real_vram_size =
2950         (s->device_id == CIRRUS_ID_CLGD5446) ? 4 * MiB : 2 * MiB;
2951 
2952     /* XXX: s->vga.vram_size must be a power of two */
2953     s->cirrus_addr_mask = s->real_vram_size - 1;
2954     s->linear_mmio_mask = s->real_vram_size - 256;
2955 
2956     s->vga.get_bpp = cirrus_get_bpp;
2957     s->vga.get_offsets = cirrus_get_offsets;
2958     s->vga.get_resolution = cirrus_get_resolution;
2959     s->vga.cursor_invalidate = cirrus_cursor_invalidate;
2960     s->vga.cursor_draw_line = cirrus_cursor_draw_line;
2961 
2962     qemu_register_reset(cirrus_reset, s);
2963 }
2964 
2965 /***************************************
2966  *
2967  *  PCI bus support
2968  *
2969  ***************************************/
2970 
2971 static void pci_cirrus_vga_realize(PCIDevice *dev, Error **errp)
2972 {
2973      PCICirrusVGAState *d = PCI_CIRRUS_VGA(dev);
2974      CirrusVGAState *s = &d->cirrus_vga;
2975      PCIDeviceClass *pc = PCI_DEVICE_GET_CLASS(dev);
2976      int16_t device_id = pc->device_id;
2977 
2978      /* follow real hardware, cirrus card emulated has 4 MB video memory.
2979        Also accept 8 MB/16 MB for backward compatibility. */
2980      if (s->vga.vram_size_mb != 4 && s->vga.vram_size_mb != 8 &&
2981          s->vga.vram_size_mb != 16) {
2982          error_setg(errp, "Invalid cirrus_vga ram size '%u'",
2983                     s->vga.vram_size_mb);
2984          return;
2985      }
2986      /* setup VGA */
2987      vga_common_init(&s->vga, OBJECT(dev));
2988      cirrus_init_common(s, OBJECT(dev), device_id, 1, pci_address_space(dev),
2989                         pci_address_space_io(dev));
2990      s->vga.con = graphic_console_init(DEVICE(dev), 0, s->vga.hw_ops, &s->vga);
2991 
2992      /* setup PCI */
2993 
2994     memory_region_init(&s->pci_bar, OBJECT(dev), "cirrus-pci-bar0", 0x2000000);
2995 
2996     /* XXX: add byte swapping apertures */
2997     memory_region_add_subregion(&s->pci_bar, 0, &s->cirrus_linear_io);
2998     memory_region_add_subregion(&s->pci_bar, 0x1000000,
2999                                 &s->cirrus_linear_bitblt_io);
3000 
3001      /* setup memory space */
3002      /* memory #0 LFB */
3003      /* memory #1 memory-mapped I/O */
3004      /* XXX: s->vga.vram_size must be a power of two */
3005      pci_register_bar(&d->dev, 0, PCI_BASE_ADDRESS_MEM_PREFETCH, &s->pci_bar);
3006      if (device_id == CIRRUS_ID_CLGD5446) {
3007          pci_register_bar(&d->dev, 1, 0, &s->cirrus_mmio_io);
3008      }
3009 }
3010 
3011 static Property pci_vga_cirrus_properties[] = {
3012     DEFINE_PROP_UINT32("vgamem_mb", struct PCICirrusVGAState,
3013                        cirrus_vga.vga.vram_size_mb, 4),
3014     DEFINE_PROP_BOOL("blitter", struct PCICirrusVGAState,
3015                      cirrus_vga.enable_blitter, true),
3016     DEFINE_PROP_BOOL("global-vmstate", struct PCICirrusVGAState,
3017                      cirrus_vga.vga.global_vmstate, false),
3018     DEFINE_PROP_END_OF_LIST(),
3019 };
3020 
3021 static void cirrus_vga_class_init(ObjectClass *klass, void *data)
3022 {
3023     DeviceClass *dc = DEVICE_CLASS(klass);
3024     PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
3025 
3026     k->realize = pci_cirrus_vga_realize;
3027     k->romfile = VGABIOS_CIRRUS_FILENAME;
3028     k->vendor_id = PCI_VENDOR_ID_CIRRUS;
3029     k->device_id = CIRRUS_ID_CLGD5446;
3030     k->class_id = PCI_CLASS_DISPLAY_VGA;
3031     set_bit(DEVICE_CATEGORY_DISPLAY, dc->categories);
3032     dc->desc = "Cirrus CLGD 54xx VGA";
3033     dc->vmsd = &vmstate_pci_cirrus_vga;
3034     dc->props = pci_vga_cirrus_properties;
3035     dc->hotpluggable = false;
3036 }
3037 
3038 static const TypeInfo cirrus_vga_info = {
3039     .name          = TYPE_PCI_CIRRUS_VGA,
3040     .parent        = TYPE_PCI_DEVICE,
3041     .instance_size = sizeof(PCICirrusVGAState),
3042     .class_init    = cirrus_vga_class_init,
3043     .interfaces = (InterfaceInfo[]) {
3044         { INTERFACE_CONVENTIONAL_PCI_DEVICE },
3045         { },
3046     },
3047 };
3048 
3049 static void cirrus_vga_register_types(void)
3050 {
3051     type_register_static(&cirrus_vga_info);
3052 }
3053 
3054 type_init(cirrus_vga_register_types)
3055