xref: /openbmc/qemu/hw/display/cirrus_vga.c (revision ae3c12a0)
1 /*
2  * QEMU Cirrus CLGD 54xx VGA Emulator.
3  *
4  * Copyright (c) 2004 Fabrice Bellard
5  * Copyright (c) 2004 Makoto Suzuki (suzu)
6  *
7  * Permission is hereby granted, free of charge, to any person obtaining a copy
8  * of this software and associated documentation files (the "Software"), to deal
9  * in the Software without restriction, including without limitation the rights
10  * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
11  * copies of the Software, and to permit persons to whom the Software is
12  * furnished to do so, subject to the following conditions:
13  *
14  * The above copyright notice and this permission notice shall be included in
15  * all copies or substantial portions of the Software.
16  *
17  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
18  * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
19  * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
20  * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
21  * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
22  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
23  * THE SOFTWARE.
24  */
25 /*
26  * Reference: Finn Thogersons' VGADOC4b:
27  *
28  *  http://web.archive.org/web/20021019054927/http://home.worldonline.dk/finth/
29  *
30  * VGADOC4b.ZIP content available at:
31  *
32  *  https://pdos.csail.mit.edu/6.828/2005/readings/hardware/vgadoc
33  */
34 #include "qemu/osdep.h"
35 #include "qemu/units.h"
36 #include "qapi/error.h"
37 #include "trace.h"
38 #include "hw/hw.h"
39 #include "hw/pci/pci.h"
40 #include "ui/pixel_ops.h"
41 #include "cirrus_vga_internal.h"
42 
43 /*
44  * TODO:
45  *    - destination write mask support not complete (bits 5..7)
46  *    - optimize linear mappings
47  *    - optimize bitblt functions
48  */
49 
50 //#define DEBUG_CIRRUS
51 //#define DEBUG_BITBLT
52 
53 /***************************************
54  *
55  *  definitions
56  *
57  ***************************************/
58 
59 // sequencer 0x07
60 #define CIRRUS_SR7_BPP_VGA            0x00
61 #define CIRRUS_SR7_BPP_SVGA           0x01
62 #define CIRRUS_SR7_BPP_MASK           0x0e
63 #define CIRRUS_SR7_BPP_8              0x00
64 #define CIRRUS_SR7_BPP_16_DOUBLEVCLK  0x02
65 #define CIRRUS_SR7_BPP_24             0x04
66 #define CIRRUS_SR7_BPP_16             0x06
67 #define CIRRUS_SR7_BPP_32             0x08
68 #define CIRRUS_SR7_ISAADDR_MASK       0xe0
69 
70 // sequencer 0x0f
71 #define CIRRUS_MEMSIZE_512k        0x08
72 #define CIRRUS_MEMSIZE_1M          0x10
73 #define CIRRUS_MEMSIZE_2M          0x18
74 #define CIRRUS_MEMFLAGS_BANKSWITCH 0x80	// bank switching is enabled.
75 
76 // sequencer 0x12
77 #define CIRRUS_CURSOR_SHOW         0x01
78 #define CIRRUS_CURSOR_HIDDENPEL    0x02
79 #define CIRRUS_CURSOR_LARGE        0x04	// 64x64 if set, 32x32 if clear
80 
81 // sequencer 0x17
82 #define CIRRUS_BUSTYPE_VLBFAST   0x10
83 #define CIRRUS_BUSTYPE_PCI       0x20
84 #define CIRRUS_BUSTYPE_VLBSLOW   0x30
85 #define CIRRUS_BUSTYPE_ISA       0x38
86 #define CIRRUS_MMIO_ENABLE       0x04
87 #define CIRRUS_MMIO_USE_PCIADDR  0x40	// 0xb8000 if cleared.
88 #define CIRRUS_MEMSIZEEXT_DOUBLE 0x80
89 
90 // control 0x0b
91 #define CIRRUS_BANKING_DUAL             0x01
92 #define CIRRUS_BANKING_GRANULARITY_16K  0x20	// set:16k, clear:4k
93 
94 // control 0x30
95 #define CIRRUS_BLTMODE_BACKWARDS        0x01
96 #define CIRRUS_BLTMODE_MEMSYSDEST       0x02
97 #define CIRRUS_BLTMODE_MEMSYSSRC        0x04
98 #define CIRRUS_BLTMODE_TRANSPARENTCOMP  0x08
99 #define CIRRUS_BLTMODE_PATTERNCOPY      0x40
100 #define CIRRUS_BLTMODE_COLOREXPAND      0x80
101 #define CIRRUS_BLTMODE_PIXELWIDTHMASK   0x30
102 #define CIRRUS_BLTMODE_PIXELWIDTH8      0x00
103 #define CIRRUS_BLTMODE_PIXELWIDTH16     0x10
104 #define CIRRUS_BLTMODE_PIXELWIDTH24     0x20
105 #define CIRRUS_BLTMODE_PIXELWIDTH32     0x30
106 
107 // control 0x31
108 #define CIRRUS_BLT_BUSY                 0x01
109 #define CIRRUS_BLT_START                0x02
110 #define CIRRUS_BLT_RESET                0x04
111 #define CIRRUS_BLT_FIFOUSED             0x10
112 #define CIRRUS_BLT_AUTOSTART            0x80
113 
114 // control 0x32
115 #define CIRRUS_ROP_0                    0x00
116 #define CIRRUS_ROP_SRC_AND_DST          0x05
117 #define CIRRUS_ROP_NOP                  0x06
118 #define CIRRUS_ROP_SRC_AND_NOTDST       0x09
119 #define CIRRUS_ROP_NOTDST               0x0b
120 #define CIRRUS_ROP_SRC                  0x0d
121 #define CIRRUS_ROP_1                    0x0e
122 #define CIRRUS_ROP_NOTSRC_AND_DST       0x50
123 #define CIRRUS_ROP_SRC_XOR_DST          0x59
124 #define CIRRUS_ROP_SRC_OR_DST           0x6d
125 #define CIRRUS_ROP_NOTSRC_OR_NOTDST     0x90
126 #define CIRRUS_ROP_SRC_NOTXOR_DST       0x95
127 #define CIRRUS_ROP_SRC_OR_NOTDST        0xad
128 #define CIRRUS_ROP_NOTSRC               0xd0
129 #define CIRRUS_ROP_NOTSRC_OR_DST        0xd6
130 #define CIRRUS_ROP_NOTSRC_AND_NOTDST    0xda
131 
132 #define CIRRUS_ROP_NOP_INDEX 2
133 #define CIRRUS_ROP_SRC_INDEX 5
134 
135 // control 0x33
136 #define CIRRUS_BLTMODEEXT_SOLIDFILL        0x04
137 #define CIRRUS_BLTMODEEXT_COLOREXPINV      0x02
138 #define CIRRUS_BLTMODEEXT_DWORDGRANULARITY 0x01
139 
140 // memory-mapped IO
141 #define CIRRUS_MMIO_BLTBGCOLOR        0x00	// dword
142 #define CIRRUS_MMIO_BLTFGCOLOR        0x04	// dword
143 #define CIRRUS_MMIO_BLTWIDTH          0x08	// word
144 #define CIRRUS_MMIO_BLTHEIGHT         0x0a	// word
145 #define CIRRUS_MMIO_BLTDESTPITCH      0x0c	// word
146 #define CIRRUS_MMIO_BLTSRCPITCH       0x0e	// word
147 #define CIRRUS_MMIO_BLTDESTADDR       0x10	// dword
148 #define CIRRUS_MMIO_BLTSRCADDR        0x14	// dword
149 #define CIRRUS_MMIO_BLTWRITEMASK      0x17	// byte
150 #define CIRRUS_MMIO_BLTMODE           0x18	// byte
151 #define CIRRUS_MMIO_BLTROP            0x1a	// byte
152 #define CIRRUS_MMIO_BLTMODEEXT        0x1b	// byte
153 #define CIRRUS_MMIO_BLTTRANSPARENTCOLOR 0x1c	// word?
154 #define CIRRUS_MMIO_BLTTRANSPARENTCOLORMASK 0x20	// word?
155 #define CIRRUS_MMIO_LINEARDRAW_START_X 0x24	// word
156 #define CIRRUS_MMIO_LINEARDRAW_START_Y 0x26	// word
157 #define CIRRUS_MMIO_LINEARDRAW_END_X  0x28	// word
158 #define CIRRUS_MMIO_LINEARDRAW_END_Y  0x2a	// word
159 #define CIRRUS_MMIO_LINEARDRAW_LINESTYLE_INC 0x2c	// byte
160 #define CIRRUS_MMIO_LINEARDRAW_LINESTYLE_ROLLOVER 0x2d	// byte
161 #define CIRRUS_MMIO_LINEARDRAW_LINESTYLE_MASK 0x2e	// byte
162 #define CIRRUS_MMIO_LINEARDRAW_LINESTYLE_ACCUM 0x2f	// byte
163 #define CIRRUS_MMIO_BRESENHAM_K1      0x30	// word
164 #define CIRRUS_MMIO_BRESENHAM_K3      0x32	// word
165 #define CIRRUS_MMIO_BRESENHAM_ERROR   0x34	// word
166 #define CIRRUS_MMIO_BRESENHAM_DELTA_MAJOR 0x36	// word
167 #define CIRRUS_MMIO_BRESENHAM_DIRECTION 0x38	// byte
168 #define CIRRUS_MMIO_LINEDRAW_MODE     0x39	// byte
169 #define CIRRUS_MMIO_BLTSTATUS         0x40	// byte
170 
171 #define CIRRUS_PNPMMIO_SIZE         0x1000
172 
173 typedef void (*cirrus_fill_t)(struct CirrusVGAState *s,
174                               uint32_t dstaddr, int dst_pitch,
175                               int width, int height);
176 
177 typedef struct PCICirrusVGAState {
178     PCIDevice dev;
179     CirrusVGAState cirrus_vga;
180 } PCICirrusVGAState;
181 
182 #define TYPE_PCI_CIRRUS_VGA "cirrus-vga"
183 #define PCI_CIRRUS_VGA(obj) \
184     OBJECT_CHECK(PCICirrusVGAState, (obj), TYPE_PCI_CIRRUS_VGA)
185 
186 static uint8_t rop_to_index[256];
187 
188 /***************************************
189  *
190  *  prototypes.
191  *
192  ***************************************/
193 
194 
195 static void cirrus_bitblt_reset(CirrusVGAState *s);
196 static void cirrus_update_memory_access(CirrusVGAState *s);
197 
198 /***************************************
199  *
200  *  raster operations
201  *
202  ***************************************/
203 
204 static bool blit_region_is_unsafe(struct CirrusVGAState *s,
205                                   int32_t pitch, int32_t addr)
206 {
207     if (!pitch) {
208         return true;
209     }
210     if (pitch < 0) {
211         int64_t min = addr
212             + ((int64_t)s->cirrus_blt_height - 1) * pitch
213             - s->cirrus_blt_width;
214         if (min < -1 || addr >= s->vga.vram_size) {
215             return true;
216         }
217     } else {
218         int64_t max = addr
219             + ((int64_t)s->cirrus_blt_height-1) * pitch
220             + s->cirrus_blt_width;
221         if (max > s->vga.vram_size) {
222             return true;
223         }
224     }
225     return false;
226 }
227 
228 static bool blit_is_unsafe(struct CirrusVGAState *s, bool dst_only)
229 {
230     /* should be the case, see cirrus_bitblt_start */
231     assert(s->cirrus_blt_width > 0);
232     assert(s->cirrus_blt_height > 0);
233 
234     if (s->cirrus_blt_width > CIRRUS_BLTBUFSIZE) {
235         return true;
236     }
237 
238     if (blit_region_is_unsafe(s, s->cirrus_blt_dstpitch,
239                               s->cirrus_blt_dstaddr)) {
240         return true;
241     }
242     if (dst_only) {
243         return false;
244     }
245     if (blit_region_is_unsafe(s, s->cirrus_blt_srcpitch,
246                               s->cirrus_blt_srcaddr)) {
247         return true;
248     }
249 
250     return false;
251 }
252 
253 static void cirrus_bitblt_rop_nop(CirrusVGAState *s,
254                                   uint32_t dstaddr, uint32_t srcaddr,
255                                   int dstpitch,int srcpitch,
256                                   int bltwidth,int bltheight)
257 {
258 }
259 
260 static void cirrus_bitblt_fill_nop(CirrusVGAState *s,
261                                    uint32_t dstaddr,
262                                    int dstpitch, int bltwidth,int bltheight)
263 {
264 }
265 
266 static inline uint8_t cirrus_src(CirrusVGAState *s, uint32_t srcaddr)
267 {
268     if (s->cirrus_srccounter) {
269         /* cputovideo */
270         return s->cirrus_bltbuf[srcaddr & (CIRRUS_BLTBUFSIZE - 1)];
271     } else {
272         /* videotovideo */
273         return s->vga.vram_ptr[srcaddr & s->cirrus_addr_mask];
274     }
275 }
276 
277 static inline uint16_t cirrus_src16(CirrusVGAState *s, uint32_t srcaddr)
278 {
279     uint16_t *src;
280 
281     if (s->cirrus_srccounter) {
282         /* cputovideo */
283         src = (void *)&s->cirrus_bltbuf[srcaddr & (CIRRUS_BLTBUFSIZE - 1) & ~1];
284     } else {
285         /* videotovideo */
286         src = (void *)&s->vga.vram_ptr[srcaddr & s->cirrus_addr_mask & ~1];
287     }
288     return *src;
289 }
290 
291 static inline uint32_t cirrus_src32(CirrusVGAState *s, uint32_t srcaddr)
292 {
293     uint32_t *src;
294 
295     if (s->cirrus_srccounter) {
296         /* cputovideo */
297         src = (void *)&s->cirrus_bltbuf[srcaddr & (CIRRUS_BLTBUFSIZE - 1) & ~3];
298     } else {
299         /* videotovideo */
300         src = (void *)&s->vga.vram_ptr[srcaddr & s->cirrus_addr_mask & ~3];
301     }
302     return *src;
303 }
304 
305 #define ROP_NAME 0
306 #define ROP_FN(d, s) 0
307 #include "cirrus_vga_rop.h"
308 
309 #define ROP_NAME src_and_dst
310 #define ROP_FN(d, s) (s) & (d)
311 #include "cirrus_vga_rop.h"
312 
313 #define ROP_NAME src_and_notdst
314 #define ROP_FN(d, s) (s) & (~(d))
315 #include "cirrus_vga_rop.h"
316 
317 #define ROP_NAME notdst
318 #define ROP_FN(d, s) ~(d)
319 #include "cirrus_vga_rop.h"
320 
321 #define ROP_NAME src
322 #define ROP_FN(d, s) s
323 #include "cirrus_vga_rop.h"
324 
325 #define ROP_NAME 1
326 #define ROP_FN(d, s) ~0
327 #include "cirrus_vga_rop.h"
328 
329 #define ROP_NAME notsrc_and_dst
330 #define ROP_FN(d, s) (~(s)) & (d)
331 #include "cirrus_vga_rop.h"
332 
333 #define ROP_NAME src_xor_dst
334 #define ROP_FN(d, s) (s) ^ (d)
335 #include "cirrus_vga_rop.h"
336 
337 #define ROP_NAME src_or_dst
338 #define ROP_FN(d, s) (s) | (d)
339 #include "cirrus_vga_rop.h"
340 
341 #define ROP_NAME notsrc_or_notdst
342 #define ROP_FN(d, s) (~(s)) | (~(d))
343 #include "cirrus_vga_rop.h"
344 
345 #define ROP_NAME src_notxor_dst
346 #define ROP_FN(d, s) ~((s) ^ (d))
347 #include "cirrus_vga_rop.h"
348 
349 #define ROP_NAME src_or_notdst
350 #define ROP_FN(d, s) (s) | (~(d))
351 #include "cirrus_vga_rop.h"
352 
353 #define ROP_NAME notsrc
354 #define ROP_FN(d, s) (~(s))
355 #include "cirrus_vga_rop.h"
356 
357 #define ROP_NAME notsrc_or_dst
358 #define ROP_FN(d, s) (~(s)) | (d)
359 #include "cirrus_vga_rop.h"
360 
361 #define ROP_NAME notsrc_and_notdst
362 #define ROP_FN(d, s) (~(s)) & (~(d))
363 #include "cirrus_vga_rop.h"
364 
365 static const cirrus_bitblt_rop_t cirrus_fwd_rop[16] = {
366     cirrus_bitblt_rop_fwd_0,
367     cirrus_bitblt_rop_fwd_src_and_dst,
368     cirrus_bitblt_rop_nop,
369     cirrus_bitblt_rop_fwd_src_and_notdst,
370     cirrus_bitblt_rop_fwd_notdst,
371     cirrus_bitblt_rop_fwd_src,
372     cirrus_bitblt_rop_fwd_1,
373     cirrus_bitblt_rop_fwd_notsrc_and_dst,
374     cirrus_bitblt_rop_fwd_src_xor_dst,
375     cirrus_bitblt_rop_fwd_src_or_dst,
376     cirrus_bitblt_rop_fwd_notsrc_or_notdst,
377     cirrus_bitblt_rop_fwd_src_notxor_dst,
378     cirrus_bitblt_rop_fwd_src_or_notdst,
379     cirrus_bitblt_rop_fwd_notsrc,
380     cirrus_bitblt_rop_fwd_notsrc_or_dst,
381     cirrus_bitblt_rop_fwd_notsrc_and_notdst,
382 };
383 
384 static const cirrus_bitblt_rop_t cirrus_bkwd_rop[16] = {
385     cirrus_bitblt_rop_bkwd_0,
386     cirrus_bitblt_rop_bkwd_src_and_dst,
387     cirrus_bitblt_rop_nop,
388     cirrus_bitblt_rop_bkwd_src_and_notdst,
389     cirrus_bitblt_rop_bkwd_notdst,
390     cirrus_bitblt_rop_bkwd_src,
391     cirrus_bitblt_rop_bkwd_1,
392     cirrus_bitblt_rop_bkwd_notsrc_and_dst,
393     cirrus_bitblt_rop_bkwd_src_xor_dst,
394     cirrus_bitblt_rop_bkwd_src_or_dst,
395     cirrus_bitblt_rop_bkwd_notsrc_or_notdst,
396     cirrus_bitblt_rop_bkwd_src_notxor_dst,
397     cirrus_bitblt_rop_bkwd_src_or_notdst,
398     cirrus_bitblt_rop_bkwd_notsrc,
399     cirrus_bitblt_rop_bkwd_notsrc_or_dst,
400     cirrus_bitblt_rop_bkwd_notsrc_and_notdst,
401 };
402 
403 #define TRANSP_ROP(name) {\
404     name ## _8,\
405     name ## _16,\
406         }
407 #define TRANSP_NOP(func) {\
408     func,\
409     func,\
410         }
411 
412 static const cirrus_bitblt_rop_t cirrus_fwd_transp_rop[16][2] = {
413     TRANSP_ROP(cirrus_bitblt_rop_fwd_transp_0),
414     TRANSP_ROP(cirrus_bitblt_rop_fwd_transp_src_and_dst),
415     TRANSP_NOP(cirrus_bitblt_rop_nop),
416     TRANSP_ROP(cirrus_bitblt_rop_fwd_transp_src_and_notdst),
417     TRANSP_ROP(cirrus_bitblt_rop_fwd_transp_notdst),
418     TRANSP_ROP(cirrus_bitblt_rop_fwd_transp_src),
419     TRANSP_ROP(cirrus_bitblt_rop_fwd_transp_1),
420     TRANSP_ROP(cirrus_bitblt_rop_fwd_transp_notsrc_and_dst),
421     TRANSP_ROP(cirrus_bitblt_rop_fwd_transp_src_xor_dst),
422     TRANSP_ROP(cirrus_bitblt_rop_fwd_transp_src_or_dst),
423     TRANSP_ROP(cirrus_bitblt_rop_fwd_transp_notsrc_or_notdst),
424     TRANSP_ROP(cirrus_bitblt_rop_fwd_transp_src_notxor_dst),
425     TRANSP_ROP(cirrus_bitblt_rop_fwd_transp_src_or_notdst),
426     TRANSP_ROP(cirrus_bitblt_rop_fwd_transp_notsrc),
427     TRANSP_ROP(cirrus_bitblt_rop_fwd_transp_notsrc_or_dst),
428     TRANSP_ROP(cirrus_bitblt_rop_fwd_transp_notsrc_and_notdst),
429 };
430 
431 static const cirrus_bitblt_rop_t cirrus_bkwd_transp_rop[16][2] = {
432     TRANSP_ROP(cirrus_bitblt_rop_bkwd_transp_0),
433     TRANSP_ROP(cirrus_bitblt_rop_bkwd_transp_src_and_dst),
434     TRANSP_NOP(cirrus_bitblt_rop_nop),
435     TRANSP_ROP(cirrus_bitblt_rop_bkwd_transp_src_and_notdst),
436     TRANSP_ROP(cirrus_bitblt_rop_bkwd_transp_notdst),
437     TRANSP_ROP(cirrus_bitblt_rop_bkwd_transp_src),
438     TRANSP_ROP(cirrus_bitblt_rop_bkwd_transp_1),
439     TRANSP_ROP(cirrus_bitblt_rop_bkwd_transp_notsrc_and_dst),
440     TRANSP_ROP(cirrus_bitblt_rop_bkwd_transp_src_xor_dst),
441     TRANSP_ROP(cirrus_bitblt_rop_bkwd_transp_src_or_dst),
442     TRANSP_ROP(cirrus_bitblt_rop_bkwd_transp_notsrc_or_notdst),
443     TRANSP_ROP(cirrus_bitblt_rop_bkwd_transp_src_notxor_dst),
444     TRANSP_ROP(cirrus_bitblt_rop_bkwd_transp_src_or_notdst),
445     TRANSP_ROP(cirrus_bitblt_rop_bkwd_transp_notsrc),
446     TRANSP_ROP(cirrus_bitblt_rop_bkwd_transp_notsrc_or_dst),
447     TRANSP_ROP(cirrus_bitblt_rop_bkwd_transp_notsrc_and_notdst),
448 };
449 
450 #define ROP2(name) {\
451     name ## _8,\
452     name ## _16,\
453     name ## _24,\
454     name ## _32,\
455         }
456 
457 #define ROP_NOP2(func) {\
458     func,\
459     func,\
460     func,\
461     func,\
462         }
463 
464 static const cirrus_bitblt_rop_t cirrus_patternfill[16][4] = {
465     ROP2(cirrus_patternfill_0),
466     ROP2(cirrus_patternfill_src_and_dst),
467     ROP_NOP2(cirrus_bitblt_rop_nop),
468     ROP2(cirrus_patternfill_src_and_notdst),
469     ROP2(cirrus_patternfill_notdst),
470     ROP2(cirrus_patternfill_src),
471     ROP2(cirrus_patternfill_1),
472     ROP2(cirrus_patternfill_notsrc_and_dst),
473     ROP2(cirrus_patternfill_src_xor_dst),
474     ROP2(cirrus_patternfill_src_or_dst),
475     ROP2(cirrus_patternfill_notsrc_or_notdst),
476     ROP2(cirrus_patternfill_src_notxor_dst),
477     ROP2(cirrus_patternfill_src_or_notdst),
478     ROP2(cirrus_patternfill_notsrc),
479     ROP2(cirrus_patternfill_notsrc_or_dst),
480     ROP2(cirrus_patternfill_notsrc_and_notdst),
481 };
482 
483 static const cirrus_bitblt_rop_t cirrus_colorexpand_transp[16][4] = {
484     ROP2(cirrus_colorexpand_transp_0),
485     ROP2(cirrus_colorexpand_transp_src_and_dst),
486     ROP_NOP2(cirrus_bitblt_rop_nop),
487     ROP2(cirrus_colorexpand_transp_src_and_notdst),
488     ROP2(cirrus_colorexpand_transp_notdst),
489     ROP2(cirrus_colorexpand_transp_src),
490     ROP2(cirrus_colorexpand_transp_1),
491     ROP2(cirrus_colorexpand_transp_notsrc_and_dst),
492     ROP2(cirrus_colorexpand_transp_src_xor_dst),
493     ROP2(cirrus_colorexpand_transp_src_or_dst),
494     ROP2(cirrus_colorexpand_transp_notsrc_or_notdst),
495     ROP2(cirrus_colorexpand_transp_src_notxor_dst),
496     ROP2(cirrus_colorexpand_transp_src_or_notdst),
497     ROP2(cirrus_colorexpand_transp_notsrc),
498     ROP2(cirrus_colorexpand_transp_notsrc_or_dst),
499     ROP2(cirrus_colorexpand_transp_notsrc_and_notdst),
500 };
501 
502 static const cirrus_bitblt_rop_t cirrus_colorexpand[16][4] = {
503     ROP2(cirrus_colorexpand_0),
504     ROP2(cirrus_colorexpand_src_and_dst),
505     ROP_NOP2(cirrus_bitblt_rop_nop),
506     ROP2(cirrus_colorexpand_src_and_notdst),
507     ROP2(cirrus_colorexpand_notdst),
508     ROP2(cirrus_colorexpand_src),
509     ROP2(cirrus_colorexpand_1),
510     ROP2(cirrus_colorexpand_notsrc_and_dst),
511     ROP2(cirrus_colorexpand_src_xor_dst),
512     ROP2(cirrus_colorexpand_src_or_dst),
513     ROP2(cirrus_colorexpand_notsrc_or_notdst),
514     ROP2(cirrus_colorexpand_src_notxor_dst),
515     ROP2(cirrus_colorexpand_src_or_notdst),
516     ROP2(cirrus_colorexpand_notsrc),
517     ROP2(cirrus_colorexpand_notsrc_or_dst),
518     ROP2(cirrus_colorexpand_notsrc_and_notdst),
519 };
520 
521 static const cirrus_bitblt_rop_t cirrus_colorexpand_pattern_transp[16][4] = {
522     ROP2(cirrus_colorexpand_pattern_transp_0),
523     ROP2(cirrus_colorexpand_pattern_transp_src_and_dst),
524     ROP_NOP2(cirrus_bitblt_rop_nop),
525     ROP2(cirrus_colorexpand_pattern_transp_src_and_notdst),
526     ROP2(cirrus_colorexpand_pattern_transp_notdst),
527     ROP2(cirrus_colorexpand_pattern_transp_src),
528     ROP2(cirrus_colorexpand_pattern_transp_1),
529     ROP2(cirrus_colorexpand_pattern_transp_notsrc_and_dst),
530     ROP2(cirrus_colorexpand_pattern_transp_src_xor_dst),
531     ROP2(cirrus_colorexpand_pattern_transp_src_or_dst),
532     ROP2(cirrus_colorexpand_pattern_transp_notsrc_or_notdst),
533     ROP2(cirrus_colorexpand_pattern_transp_src_notxor_dst),
534     ROP2(cirrus_colorexpand_pattern_transp_src_or_notdst),
535     ROP2(cirrus_colorexpand_pattern_transp_notsrc),
536     ROP2(cirrus_colorexpand_pattern_transp_notsrc_or_dst),
537     ROP2(cirrus_colorexpand_pattern_transp_notsrc_and_notdst),
538 };
539 
540 static const cirrus_bitblt_rop_t cirrus_colorexpand_pattern[16][4] = {
541     ROP2(cirrus_colorexpand_pattern_0),
542     ROP2(cirrus_colorexpand_pattern_src_and_dst),
543     ROP_NOP2(cirrus_bitblt_rop_nop),
544     ROP2(cirrus_colorexpand_pattern_src_and_notdst),
545     ROP2(cirrus_colorexpand_pattern_notdst),
546     ROP2(cirrus_colorexpand_pattern_src),
547     ROP2(cirrus_colorexpand_pattern_1),
548     ROP2(cirrus_colorexpand_pattern_notsrc_and_dst),
549     ROP2(cirrus_colorexpand_pattern_src_xor_dst),
550     ROP2(cirrus_colorexpand_pattern_src_or_dst),
551     ROP2(cirrus_colorexpand_pattern_notsrc_or_notdst),
552     ROP2(cirrus_colorexpand_pattern_src_notxor_dst),
553     ROP2(cirrus_colorexpand_pattern_src_or_notdst),
554     ROP2(cirrus_colorexpand_pattern_notsrc),
555     ROP2(cirrus_colorexpand_pattern_notsrc_or_dst),
556     ROP2(cirrus_colorexpand_pattern_notsrc_and_notdst),
557 };
558 
559 static const cirrus_fill_t cirrus_fill[16][4] = {
560     ROP2(cirrus_fill_0),
561     ROP2(cirrus_fill_src_and_dst),
562     ROP_NOP2(cirrus_bitblt_fill_nop),
563     ROP2(cirrus_fill_src_and_notdst),
564     ROP2(cirrus_fill_notdst),
565     ROP2(cirrus_fill_src),
566     ROP2(cirrus_fill_1),
567     ROP2(cirrus_fill_notsrc_and_dst),
568     ROP2(cirrus_fill_src_xor_dst),
569     ROP2(cirrus_fill_src_or_dst),
570     ROP2(cirrus_fill_notsrc_or_notdst),
571     ROP2(cirrus_fill_src_notxor_dst),
572     ROP2(cirrus_fill_src_or_notdst),
573     ROP2(cirrus_fill_notsrc),
574     ROP2(cirrus_fill_notsrc_or_dst),
575     ROP2(cirrus_fill_notsrc_and_notdst),
576 };
577 
578 static inline void cirrus_bitblt_fgcol(CirrusVGAState *s)
579 {
580     unsigned int color;
581     switch (s->cirrus_blt_pixelwidth) {
582     case 1:
583         s->cirrus_blt_fgcol = s->cirrus_shadow_gr1;
584         break;
585     case 2:
586         color = s->cirrus_shadow_gr1 | (s->vga.gr[0x11] << 8);
587         s->cirrus_blt_fgcol = le16_to_cpu(color);
588         break;
589     case 3:
590         s->cirrus_blt_fgcol = s->cirrus_shadow_gr1 |
591             (s->vga.gr[0x11] << 8) | (s->vga.gr[0x13] << 16);
592         break;
593     default:
594     case 4:
595         color = s->cirrus_shadow_gr1 | (s->vga.gr[0x11] << 8) |
596             (s->vga.gr[0x13] << 16) | (s->vga.gr[0x15] << 24);
597         s->cirrus_blt_fgcol = le32_to_cpu(color);
598         break;
599     }
600 }
601 
602 static inline void cirrus_bitblt_bgcol(CirrusVGAState *s)
603 {
604     unsigned int color;
605     switch (s->cirrus_blt_pixelwidth) {
606     case 1:
607         s->cirrus_blt_bgcol = s->cirrus_shadow_gr0;
608         break;
609     case 2:
610         color = s->cirrus_shadow_gr0 | (s->vga.gr[0x10] << 8);
611         s->cirrus_blt_bgcol = le16_to_cpu(color);
612         break;
613     case 3:
614         s->cirrus_blt_bgcol = s->cirrus_shadow_gr0 |
615             (s->vga.gr[0x10] << 8) | (s->vga.gr[0x12] << 16);
616         break;
617     default:
618     case 4:
619         color = s->cirrus_shadow_gr0 | (s->vga.gr[0x10] << 8) |
620             (s->vga.gr[0x12] << 16) | (s->vga.gr[0x14] << 24);
621         s->cirrus_blt_bgcol = le32_to_cpu(color);
622         break;
623     }
624 }
625 
626 static void cirrus_invalidate_region(CirrusVGAState * s, int off_begin,
627 				     int off_pitch, int bytesperline,
628 				     int lines)
629 {
630     int y;
631     int off_cur;
632     int off_cur_end;
633 
634     if (off_pitch < 0) {
635         off_begin -= bytesperline - 1;
636     }
637 
638     for (y = 0; y < lines; y++) {
639         off_cur = off_begin;
640         off_cur_end = ((off_cur + bytesperline - 1) & s->cirrus_addr_mask) + 1;
641         assert(off_cur_end >= off_cur);
642         memory_region_set_dirty(&s->vga.vram, off_cur, off_cur_end - off_cur);
643         off_begin += off_pitch;
644     }
645 }
646 
647 static int cirrus_bitblt_common_patterncopy(CirrusVGAState *s)
648 {
649     uint32_t patternsize;
650     bool videosrc = !s->cirrus_srccounter;
651 
652     if (videosrc) {
653         switch (s->vga.get_bpp(&s->vga)) {
654         case 8:
655             patternsize = 64;
656             break;
657         case 15:
658         case 16:
659             patternsize = 128;
660             break;
661         case 24:
662         case 32:
663         default:
664             patternsize = 256;
665             break;
666         }
667         s->cirrus_blt_srcaddr &= ~(patternsize - 1);
668         if (s->cirrus_blt_srcaddr + patternsize > s->vga.vram_size) {
669             return 0;
670         }
671     }
672 
673     if (blit_is_unsafe(s, true)) {
674         return 0;
675     }
676 
677     (*s->cirrus_rop) (s, s->cirrus_blt_dstaddr,
678                       videosrc ? s->cirrus_blt_srcaddr : 0,
679                       s->cirrus_blt_dstpitch, 0,
680                       s->cirrus_blt_width, s->cirrus_blt_height);
681     cirrus_invalidate_region(s, s->cirrus_blt_dstaddr,
682                              s->cirrus_blt_dstpitch, s->cirrus_blt_width,
683                              s->cirrus_blt_height);
684     return 1;
685 }
686 
687 /* fill */
688 
689 static int cirrus_bitblt_solidfill(CirrusVGAState *s, int blt_rop)
690 {
691     cirrus_fill_t rop_func;
692 
693     if (blit_is_unsafe(s, true)) {
694         return 0;
695     }
696     rop_func = cirrus_fill[rop_to_index[blt_rop]][s->cirrus_blt_pixelwidth - 1];
697     rop_func(s, s->cirrus_blt_dstaddr,
698              s->cirrus_blt_dstpitch,
699              s->cirrus_blt_width, s->cirrus_blt_height);
700     cirrus_invalidate_region(s, s->cirrus_blt_dstaddr,
701 			     s->cirrus_blt_dstpitch, s->cirrus_blt_width,
702 			     s->cirrus_blt_height);
703     cirrus_bitblt_reset(s);
704     return 1;
705 }
706 
707 /***************************************
708  *
709  *  bitblt (video-to-video)
710  *
711  ***************************************/
712 
713 static int cirrus_bitblt_videotovideo_patterncopy(CirrusVGAState * s)
714 {
715     return cirrus_bitblt_common_patterncopy(s);
716 }
717 
718 static int cirrus_do_copy(CirrusVGAState *s, int dst, int src, int w, int h)
719 {
720     int sx = 0, sy = 0;
721     int dx = 0, dy = 0;
722     int depth = 0;
723     int notify = 0;
724 
725     /* make sure to only copy if it's a plain copy ROP */
726     if (*s->cirrus_rop == cirrus_bitblt_rop_fwd_src ||
727         *s->cirrus_rop == cirrus_bitblt_rop_bkwd_src) {
728 
729         int width, height;
730 
731         depth = s->vga.get_bpp(&s->vga) / 8;
732         if (!depth) {
733             return 0;
734         }
735         s->vga.get_resolution(&s->vga, &width, &height);
736 
737         /* extra x, y */
738         sx = (src % ABS(s->cirrus_blt_srcpitch)) / depth;
739         sy = (src / ABS(s->cirrus_blt_srcpitch));
740         dx = (dst % ABS(s->cirrus_blt_dstpitch)) / depth;
741         dy = (dst / ABS(s->cirrus_blt_dstpitch));
742 
743         /* normalize width */
744         w /= depth;
745 
746         /* if we're doing a backward copy, we have to adjust
747            our x/y to be the upper left corner (instead of the lower
748            right corner) */
749         if (s->cirrus_blt_dstpitch < 0) {
750             sx -= (s->cirrus_blt_width / depth) - 1;
751             dx -= (s->cirrus_blt_width / depth) - 1;
752             sy -= s->cirrus_blt_height - 1;
753             dy -= s->cirrus_blt_height - 1;
754         }
755 
756         /* are we in the visible portion of memory? */
757         if (sx >= 0 && sy >= 0 && dx >= 0 && dy >= 0 &&
758             (sx + w) <= width && (sy + h) <= height &&
759             (dx + w) <= width && (dy + h) <= height) {
760             notify = 1;
761         }
762     }
763 
764     (*s->cirrus_rop) (s, s->cirrus_blt_dstaddr,
765                       s->cirrus_blt_srcaddr,
766 		      s->cirrus_blt_dstpitch, s->cirrus_blt_srcpitch,
767 		      s->cirrus_blt_width, s->cirrus_blt_height);
768 
769     if (notify) {
770         dpy_gfx_update(s->vga.con, dx, dy,
771                        s->cirrus_blt_width / depth,
772                        s->cirrus_blt_height);
773     }
774 
775     /* we don't have to notify the display that this portion has
776        changed since qemu_console_copy implies this */
777 
778     cirrus_invalidate_region(s, s->cirrus_blt_dstaddr,
779 				s->cirrus_blt_dstpitch, s->cirrus_blt_width,
780 				s->cirrus_blt_height);
781 
782     return 1;
783 }
784 
785 static int cirrus_bitblt_videotovideo_copy(CirrusVGAState * s)
786 {
787     if (blit_is_unsafe(s, false))
788         return 0;
789 
790     return cirrus_do_copy(s, s->cirrus_blt_dstaddr - s->vga.start_addr,
791             s->cirrus_blt_srcaddr - s->vga.start_addr,
792             s->cirrus_blt_width, s->cirrus_blt_height);
793 }
794 
795 /***************************************
796  *
797  *  bitblt (cpu-to-video)
798  *
799  ***************************************/
800 
801 static void cirrus_bitblt_cputovideo_next(CirrusVGAState * s)
802 {
803     int copy_count;
804     uint8_t *end_ptr;
805 
806     if (s->cirrus_srccounter > 0) {
807         if (s->cirrus_blt_mode & CIRRUS_BLTMODE_PATTERNCOPY) {
808             cirrus_bitblt_common_patterncopy(s);
809         the_end:
810             s->cirrus_srccounter = 0;
811             cirrus_bitblt_reset(s);
812         } else {
813             /* at least one scan line */
814             do {
815                 (*s->cirrus_rop)(s, s->cirrus_blt_dstaddr,
816                                  0, 0, 0, s->cirrus_blt_width, 1);
817                 cirrus_invalidate_region(s, s->cirrus_blt_dstaddr, 0,
818                                          s->cirrus_blt_width, 1);
819                 s->cirrus_blt_dstaddr += s->cirrus_blt_dstpitch;
820                 s->cirrus_srccounter -= s->cirrus_blt_srcpitch;
821                 if (s->cirrus_srccounter <= 0)
822                     goto the_end;
823                 /* more bytes than needed can be transferred because of
824                    word alignment, so we keep them for the next line */
825                 /* XXX: keep alignment to speed up transfer */
826                 end_ptr = s->cirrus_bltbuf + s->cirrus_blt_srcpitch;
827                 copy_count = s->cirrus_srcptr_end - end_ptr;
828                 memmove(s->cirrus_bltbuf, end_ptr, copy_count);
829                 s->cirrus_srcptr = s->cirrus_bltbuf + copy_count;
830                 s->cirrus_srcptr_end = s->cirrus_bltbuf + s->cirrus_blt_srcpitch;
831             } while (s->cirrus_srcptr >= s->cirrus_srcptr_end);
832         }
833     }
834 }
835 
836 /***************************************
837  *
838  *  bitblt wrapper
839  *
840  ***************************************/
841 
842 static void cirrus_bitblt_reset(CirrusVGAState * s)
843 {
844     int need_update;
845 
846     s->vga.gr[0x31] &=
847 	~(CIRRUS_BLT_START | CIRRUS_BLT_BUSY | CIRRUS_BLT_FIFOUSED);
848     need_update = s->cirrus_srcptr != &s->cirrus_bltbuf[0]
849         || s->cirrus_srcptr_end != &s->cirrus_bltbuf[0];
850     s->cirrus_srcptr = &s->cirrus_bltbuf[0];
851     s->cirrus_srcptr_end = &s->cirrus_bltbuf[0];
852     s->cirrus_srccounter = 0;
853     if (!need_update)
854         return;
855     cirrus_update_memory_access(s);
856 }
857 
858 static int cirrus_bitblt_cputovideo(CirrusVGAState * s)
859 {
860     int w;
861 
862     if (blit_is_unsafe(s, true)) {
863         return 0;
864     }
865 
866     s->cirrus_blt_mode &= ~CIRRUS_BLTMODE_MEMSYSSRC;
867     s->cirrus_srcptr = &s->cirrus_bltbuf[0];
868     s->cirrus_srcptr_end = &s->cirrus_bltbuf[0];
869 
870     if (s->cirrus_blt_mode & CIRRUS_BLTMODE_PATTERNCOPY) {
871 	if (s->cirrus_blt_mode & CIRRUS_BLTMODE_COLOREXPAND) {
872 	    s->cirrus_blt_srcpitch = 8;
873 	} else {
874             /* XXX: check for 24 bpp */
875 	    s->cirrus_blt_srcpitch = 8 * 8 * s->cirrus_blt_pixelwidth;
876 	}
877 	s->cirrus_srccounter = s->cirrus_blt_srcpitch;
878     } else {
879 	if (s->cirrus_blt_mode & CIRRUS_BLTMODE_COLOREXPAND) {
880             w = s->cirrus_blt_width / s->cirrus_blt_pixelwidth;
881             if (s->cirrus_blt_modeext & CIRRUS_BLTMODEEXT_DWORDGRANULARITY)
882                 s->cirrus_blt_srcpitch = ((w + 31) >> 5);
883             else
884                 s->cirrus_blt_srcpitch = ((w + 7) >> 3);
885 	} else {
886             /* always align input size to 32 bits */
887 	    s->cirrus_blt_srcpitch = (s->cirrus_blt_width + 3) & ~3;
888 	}
889         s->cirrus_srccounter = s->cirrus_blt_srcpitch * s->cirrus_blt_height;
890     }
891 
892     /* the blit_is_unsafe call above should catch this */
893     assert(s->cirrus_blt_srcpitch <= CIRRUS_BLTBUFSIZE);
894 
895     s->cirrus_srcptr = s->cirrus_bltbuf;
896     s->cirrus_srcptr_end = s->cirrus_bltbuf + s->cirrus_blt_srcpitch;
897     cirrus_update_memory_access(s);
898     return 1;
899 }
900 
901 static int cirrus_bitblt_videotocpu(CirrusVGAState * s)
902 {
903     /* XXX */
904 #ifdef DEBUG_BITBLT
905     printf("cirrus: bitblt (video to cpu) is not implemented yet\n");
906 #endif
907     return 0;
908 }
909 
910 static int cirrus_bitblt_videotovideo(CirrusVGAState * s)
911 {
912     int ret;
913 
914     if (s->cirrus_blt_mode & CIRRUS_BLTMODE_PATTERNCOPY) {
915 	ret = cirrus_bitblt_videotovideo_patterncopy(s);
916     } else {
917 	ret = cirrus_bitblt_videotovideo_copy(s);
918     }
919     if (ret)
920 	cirrus_bitblt_reset(s);
921     return ret;
922 }
923 
924 static void cirrus_bitblt_start(CirrusVGAState * s)
925 {
926     uint8_t blt_rop;
927 
928     if (!s->enable_blitter) {
929         goto bitblt_ignore;
930     }
931 
932     s->vga.gr[0x31] |= CIRRUS_BLT_BUSY;
933 
934     s->cirrus_blt_width = (s->vga.gr[0x20] | (s->vga.gr[0x21] << 8)) + 1;
935     s->cirrus_blt_height = (s->vga.gr[0x22] | (s->vga.gr[0x23] << 8)) + 1;
936     s->cirrus_blt_dstpitch = (s->vga.gr[0x24] | (s->vga.gr[0x25] << 8));
937     s->cirrus_blt_srcpitch = (s->vga.gr[0x26] | (s->vga.gr[0x27] << 8));
938     s->cirrus_blt_dstaddr =
939 	(s->vga.gr[0x28] | (s->vga.gr[0x29] << 8) | (s->vga.gr[0x2a] << 16));
940     s->cirrus_blt_srcaddr =
941 	(s->vga.gr[0x2c] | (s->vga.gr[0x2d] << 8) | (s->vga.gr[0x2e] << 16));
942     s->cirrus_blt_mode = s->vga.gr[0x30];
943     s->cirrus_blt_modeext = s->vga.gr[0x33];
944     blt_rop = s->vga.gr[0x32];
945 
946     s->cirrus_blt_dstaddr &= s->cirrus_addr_mask;
947     s->cirrus_blt_srcaddr &= s->cirrus_addr_mask;
948 
949 #ifdef DEBUG_BITBLT
950     printf("rop=0x%02x mode=0x%02x modeext=0x%02x w=%d h=%d dpitch=%d spitch=%d daddr=0x%08x saddr=0x%08x writemask=0x%02x\n",
951            blt_rop,
952            s->cirrus_blt_mode,
953            s->cirrus_blt_modeext,
954            s->cirrus_blt_width,
955            s->cirrus_blt_height,
956            s->cirrus_blt_dstpitch,
957            s->cirrus_blt_srcpitch,
958            s->cirrus_blt_dstaddr,
959            s->cirrus_blt_srcaddr,
960            s->vga.gr[0x2f]);
961 #endif
962 
963     switch (s->cirrus_blt_mode & CIRRUS_BLTMODE_PIXELWIDTHMASK) {
964     case CIRRUS_BLTMODE_PIXELWIDTH8:
965 	s->cirrus_blt_pixelwidth = 1;
966 	break;
967     case CIRRUS_BLTMODE_PIXELWIDTH16:
968 	s->cirrus_blt_pixelwidth = 2;
969 	break;
970     case CIRRUS_BLTMODE_PIXELWIDTH24:
971 	s->cirrus_blt_pixelwidth = 3;
972 	break;
973     case CIRRUS_BLTMODE_PIXELWIDTH32:
974 	s->cirrus_blt_pixelwidth = 4;
975 	break;
976     default:
977 #ifdef DEBUG_BITBLT
978 	printf("cirrus: bitblt - pixel width is unknown\n");
979 #endif
980 	goto bitblt_ignore;
981     }
982     s->cirrus_blt_mode &= ~CIRRUS_BLTMODE_PIXELWIDTHMASK;
983 
984     if ((s->
985 	 cirrus_blt_mode & (CIRRUS_BLTMODE_MEMSYSSRC |
986 			    CIRRUS_BLTMODE_MEMSYSDEST))
987 	== (CIRRUS_BLTMODE_MEMSYSSRC | CIRRUS_BLTMODE_MEMSYSDEST)) {
988 #ifdef DEBUG_BITBLT
989 	printf("cirrus: bitblt - memory-to-memory copy is requested\n");
990 #endif
991 	goto bitblt_ignore;
992     }
993 
994     if ((s->cirrus_blt_modeext & CIRRUS_BLTMODEEXT_SOLIDFILL) &&
995         (s->cirrus_blt_mode & (CIRRUS_BLTMODE_MEMSYSDEST |
996                                CIRRUS_BLTMODE_TRANSPARENTCOMP |
997                                CIRRUS_BLTMODE_PATTERNCOPY |
998                                CIRRUS_BLTMODE_COLOREXPAND)) ==
999          (CIRRUS_BLTMODE_PATTERNCOPY | CIRRUS_BLTMODE_COLOREXPAND)) {
1000         cirrus_bitblt_fgcol(s);
1001         cirrus_bitblt_solidfill(s, blt_rop);
1002     } else {
1003         if ((s->cirrus_blt_mode & (CIRRUS_BLTMODE_COLOREXPAND |
1004                                    CIRRUS_BLTMODE_PATTERNCOPY)) ==
1005             CIRRUS_BLTMODE_COLOREXPAND) {
1006 
1007             if (s->cirrus_blt_mode & CIRRUS_BLTMODE_TRANSPARENTCOMP) {
1008                 if (s->cirrus_blt_modeext & CIRRUS_BLTMODEEXT_COLOREXPINV)
1009                     cirrus_bitblt_bgcol(s);
1010                 else
1011                     cirrus_bitblt_fgcol(s);
1012                 s->cirrus_rop = cirrus_colorexpand_transp[rop_to_index[blt_rop]][s->cirrus_blt_pixelwidth - 1];
1013             } else {
1014                 cirrus_bitblt_fgcol(s);
1015                 cirrus_bitblt_bgcol(s);
1016                 s->cirrus_rop = cirrus_colorexpand[rop_to_index[blt_rop]][s->cirrus_blt_pixelwidth - 1];
1017             }
1018         } else if (s->cirrus_blt_mode & CIRRUS_BLTMODE_PATTERNCOPY) {
1019             if (s->cirrus_blt_mode & CIRRUS_BLTMODE_COLOREXPAND) {
1020                 if (s->cirrus_blt_mode & CIRRUS_BLTMODE_TRANSPARENTCOMP) {
1021                     if (s->cirrus_blt_modeext & CIRRUS_BLTMODEEXT_COLOREXPINV)
1022                         cirrus_bitblt_bgcol(s);
1023                     else
1024                         cirrus_bitblt_fgcol(s);
1025                     s->cirrus_rop = cirrus_colorexpand_pattern_transp[rop_to_index[blt_rop]][s->cirrus_blt_pixelwidth - 1];
1026                 } else {
1027                     cirrus_bitblt_fgcol(s);
1028                     cirrus_bitblt_bgcol(s);
1029                     s->cirrus_rop = cirrus_colorexpand_pattern[rop_to_index[blt_rop]][s->cirrus_blt_pixelwidth - 1];
1030                 }
1031             } else {
1032                 s->cirrus_rop = cirrus_patternfill[rop_to_index[blt_rop]][s->cirrus_blt_pixelwidth - 1];
1033             }
1034         } else {
1035 	    if (s->cirrus_blt_mode & CIRRUS_BLTMODE_TRANSPARENTCOMP) {
1036 		if (s->cirrus_blt_pixelwidth > 2) {
1037 		    printf("src transparent without colorexpand must be 8bpp or 16bpp\n");
1038 		    goto bitblt_ignore;
1039 		}
1040 		if (s->cirrus_blt_mode & CIRRUS_BLTMODE_BACKWARDS) {
1041 		    s->cirrus_blt_dstpitch = -s->cirrus_blt_dstpitch;
1042 		    s->cirrus_blt_srcpitch = -s->cirrus_blt_srcpitch;
1043 		    s->cirrus_rop = cirrus_bkwd_transp_rop[rop_to_index[blt_rop]][s->cirrus_blt_pixelwidth - 1];
1044 		} else {
1045 		    s->cirrus_rop = cirrus_fwd_transp_rop[rop_to_index[blt_rop]][s->cirrus_blt_pixelwidth - 1];
1046 		}
1047 	    } else {
1048 		if (s->cirrus_blt_mode & CIRRUS_BLTMODE_BACKWARDS) {
1049 		    s->cirrus_blt_dstpitch = -s->cirrus_blt_dstpitch;
1050 		    s->cirrus_blt_srcpitch = -s->cirrus_blt_srcpitch;
1051 		    s->cirrus_rop = cirrus_bkwd_rop[rop_to_index[blt_rop]];
1052 		} else {
1053 		    s->cirrus_rop = cirrus_fwd_rop[rop_to_index[blt_rop]];
1054 		}
1055 	    }
1056 	}
1057         // setup bitblt engine.
1058         if (s->cirrus_blt_mode & CIRRUS_BLTMODE_MEMSYSSRC) {
1059             if (!cirrus_bitblt_cputovideo(s))
1060                 goto bitblt_ignore;
1061         } else if (s->cirrus_blt_mode & CIRRUS_BLTMODE_MEMSYSDEST) {
1062             if (!cirrus_bitblt_videotocpu(s))
1063                 goto bitblt_ignore;
1064         } else {
1065             if (!cirrus_bitblt_videotovideo(s))
1066                 goto bitblt_ignore;
1067         }
1068     }
1069     return;
1070   bitblt_ignore:;
1071     cirrus_bitblt_reset(s);
1072 }
1073 
1074 static void cirrus_write_bitblt(CirrusVGAState * s, unsigned reg_value)
1075 {
1076     unsigned old_value;
1077 
1078     old_value = s->vga.gr[0x31];
1079     s->vga.gr[0x31] = reg_value;
1080 
1081     if (((old_value & CIRRUS_BLT_RESET) != 0) &&
1082 	((reg_value & CIRRUS_BLT_RESET) == 0)) {
1083 	cirrus_bitblt_reset(s);
1084     } else if (((old_value & CIRRUS_BLT_START) == 0) &&
1085 	       ((reg_value & CIRRUS_BLT_START) != 0)) {
1086 	cirrus_bitblt_start(s);
1087     }
1088 }
1089 
1090 
1091 /***************************************
1092  *
1093  *  basic parameters
1094  *
1095  ***************************************/
1096 
1097 static void cirrus_get_offsets(VGACommonState *s1,
1098                                uint32_t *pline_offset,
1099                                uint32_t *pstart_addr,
1100                                uint32_t *pline_compare)
1101 {
1102     CirrusVGAState * s = container_of(s1, CirrusVGAState, vga);
1103     uint32_t start_addr, line_offset, line_compare;
1104 
1105     line_offset = s->vga.cr[0x13]
1106 	| ((s->vga.cr[0x1b] & 0x10) << 4);
1107     line_offset <<= 3;
1108     *pline_offset = line_offset;
1109 
1110     start_addr = (s->vga.cr[0x0c] << 8)
1111 	| s->vga.cr[0x0d]
1112 	| ((s->vga.cr[0x1b] & 0x01) << 16)
1113 	| ((s->vga.cr[0x1b] & 0x0c) << 15)
1114 	| ((s->vga.cr[0x1d] & 0x80) << 12);
1115     *pstart_addr = start_addr;
1116 
1117     line_compare = s->vga.cr[0x18] |
1118         ((s->vga.cr[0x07] & 0x10) << 4) |
1119         ((s->vga.cr[0x09] & 0x40) << 3);
1120     *pline_compare = line_compare;
1121 }
1122 
1123 static uint32_t cirrus_get_bpp16_depth(CirrusVGAState * s)
1124 {
1125     uint32_t ret = 16;
1126 
1127     switch (s->cirrus_hidden_dac_data & 0xf) {
1128     case 0:
1129 	ret = 15;
1130 	break;			/* Sierra HiColor */
1131     case 1:
1132 	ret = 16;
1133 	break;			/* XGA HiColor */
1134     default:
1135 #ifdef DEBUG_CIRRUS
1136 	printf("cirrus: invalid DAC value %x in 16bpp\n",
1137 	       (s->cirrus_hidden_dac_data & 0xf));
1138 #endif
1139 	ret = 15;		/* XXX */
1140 	break;
1141     }
1142     return ret;
1143 }
1144 
1145 static int cirrus_get_bpp(VGACommonState *s1)
1146 {
1147     CirrusVGAState * s = container_of(s1, CirrusVGAState, vga);
1148     uint32_t ret = 8;
1149 
1150     if ((s->vga.sr[0x07] & 0x01) != 0) {
1151 	/* Cirrus SVGA */
1152 	switch (s->vga.sr[0x07] & CIRRUS_SR7_BPP_MASK) {
1153 	case CIRRUS_SR7_BPP_8:
1154 	    ret = 8;
1155 	    break;
1156 	case CIRRUS_SR7_BPP_16_DOUBLEVCLK:
1157 	    ret = cirrus_get_bpp16_depth(s);
1158 	    break;
1159 	case CIRRUS_SR7_BPP_24:
1160 	    ret = 24;
1161 	    break;
1162 	case CIRRUS_SR7_BPP_16:
1163 	    ret = cirrus_get_bpp16_depth(s);
1164 	    break;
1165 	case CIRRUS_SR7_BPP_32:
1166 	    ret = 32;
1167 	    break;
1168 	default:
1169 #ifdef DEBUG_CIRRUS
1170 	    printf("cirrus: unknown bpp - sr7=%x\n", s->vga.sr[0x7]);
1171 #endif
1172 	    ret = 8;
1173 	    break;
1174 	}
1175     } else {
1176 	/* VGA */
1177 	ret = 0;
1178     }
1179 
1180     return ret;
1181 }
1182 
1183 static void cirrus_get_resolution(VGACommonState *s, int *pwidth, int *pheight)
1184 {
1185     int width, height;
1186 
1187     width = (s->cr[0x01] + 1) * 8;
1188     height = s->cr[0x12] |
1189         ((s->cr[0x07] & 0x02) << 7) |
1190         ((s->cr[0x07] & 0x40) << 3);
1191     height = (height + 1);
1192     /* interlace support */
1193     if (s->cr[0x1a] & 0x01)
1194         height = height * 2;
1195     *pwidth = width;
1196     *pheight = height;
1197 }
1198 
1199 /***************************************
1200  *
1201  * bank memory
1202  *
1203  ***************************************/
1204 
1205 static void cirrus_update_bank_ptr(CirrusVGAState * s, unsigned bank_index)
1206 {
1207     unsigned offset;
1208     unsigned limit;
1209 
1210     if ((s->vga.gr[0x0b] & 0x01) != 0)	/* dual bank */
1211 	offset = s->vga.gr[0x09 + bank_index];
1212     else			/* single bank */
1213 	offset = s->vga.gr[0x09];
1214 
1215     if ((s->vga.gr[0x0b] & 0x20) != 0)
1216 	offset <<= 14;
1217     else
1218 	offset <<= 12;
1219 
1220     if (s->real_vram_size <= offset)
1221 	limit = 0;
1222     else
1223 	limit = s->real_vram_size - offset;
1224 
1225     if (((s->vga.gr[0x0b] & 0x01) == 0) && (bank_index != 0)) {
1226 	if (limit > 0x8000) {
1227 	    offset += 0x8000;
1228 	    limit -= 0x8000;
1229 	} else {
1230 	    limit = 0;
1231 	}
1232     }
1233 
1234     if (limit > 0) {
1235 	s->cirrus_bank_base[bank_index] = offset;
1236 	s->cirrus_bank_limit[bank_index] = limit;
1237     } else {
1238 	s->cirrus_bank_base[bank_index] = 0;
1239 	s->cirrus_bank_limit[bank_index] = 0;
1240     }
1241 }
1242 
1243 /***************************************
1244  *
1245  *  I/O access between 0x3c4-0x3c5
1246  *
1247  ***************************************/
1248 
1249 static int cirrus_vga_read_sr(CirrusVGAState * s)
1250 {
1251     switch (s->vga.sr_index) {
1252     case 0x00:			// Standard VGA
1253     case 0x01:			// Standard VGA
1254     case 0x02:			// Standard VGA
1255     case 0x03:			// Standard VGA
1256     case 0x04:			// Standard VGA
1257 	return s->vga.sr[s->vga.sr_index];
1258     case 0x06:			// Unlock Cirrus extensions
1259 	return s->vga.sr[s->vga.sr_index];
1260     case 0x10:
1261     case 0x30:
1262     case 0x50:
1263     case 0x70:			// Graphics Cursor X
1264     case 0x90:
1265     case 0xb0:
1266     case 0xd0:
1267     case 0xf0:			// Graphics Cursor X
1268 	return s->vga.sr[0x10];
1269     case 0x11:
1270     case 0x31:
1271     case 0x51:
1272     case 0x71:			// Graphics Cursor Y
1273     case 0x91:
1274     case 0xb1:
1275     case 0xd1:
1276     case 0xf1:			// Graphics Cursor Y
1277 	return s->vga.sr[0x11];
1278     case 0x05:			// ???
1279     case 0x07:			// Extended Sequencer Mode
1280     case 0x08:			// EEPROM Control
1281     case 0x09:			// Scratch Register 0
1282     case 0x0a:			// Scratch Register 1
1283     case 0x0b:			// VCLK 0
1284     case 0x0c:			// VCLK 1
1285     case 0x0d:			// VCLK 2
1286     case 0x0e:			// VCLK 3
1287     case 0x0f:			// DRAM Control
1288     case 0x12:			// Graphics Cursor Attribute
1289     case 0x13:			// Graphics Cursor Pattern Address
1290     case 0x14:			// Scratch Register 2
1291     case 0x15:			// Scratch Register 3
1292     case 0x16:			// Performance Tuning Register
1293     case 0x17:			// Configuration Readback and Extended Control
1294     case 0x18:			// Signature Generator Control
1295     case 0x19:			// Signal Generator Result
1296     case 0x1a:			// Signal Generator Result
1297     case 0x1b:			// VCLK 0 Denominator & Post
1298     case 0x1c:			// VCLK 1 Denominator & Post
1299     case 0x1d:			// VCLK 2 Denominator & Post
1300     case 0x1e:			// VCLK 3 Denominator & Post
1301     case 0x1f:			// BIOS Write Enable and MCLK select
1302 #ifdef DEBUG_CIRRUS
1303 	printf("cirrus: handled inport sr_index %02x\n", s->vga.sr_index);
1304 #endif
1305 	return s->vga.sr[s->vga.sr_index];
1306     default:
1307 #ifdef DEBUG_CIRRUS
1308 	printf("cirrus: inport sr_index %02x\n", s->vga.sr_index);
1309 #endif
1310 	return 0xff;
1311 	break;
1312     }
1313 }
1314 
1315 static void cirrus_vga_write_sr(CirrusVGAState * s, uint32_t val)
1316 {
1317     switch (s->vga.sr_index) {
1318     case 0x00:			// Standard VGA
1319     case 0x01:			// Standard VGA
1320     case 0x02:			// Standard VGA
1321     case 0x03:			// Standard VGA
1322     case 0x04:			// Standard VGA
1323 	s->vga.sr[s->vga.sr_index] = val & sr_mask[s->vga.sr_index];
1324 	if (s->vga.sr_index == 1)
1325             s->vga.update_retrace_info(&s->vga);
1326         break;
1327     case 0x06:			// Unlock Cirrus extensions
1328 	val &= 0x17;
1329 	if (val == 0x12) {
1330 	    s->vga.sr[s->vga.sr_index] = 0x12;
1331 	} else {
1332 	    s->vga.sr[s->vga.sr_index] = 0x0f;
1333 	}
1334 	break;
1335     case 0x10:
1336     case 0x30:
1337     case 0x50:
1338     case 0x70:			// Graphics Cursor X
1339     case 0x90:
1340     case 0xb0:
1341     case 0xd0:
1342     case 0xf0:			// Graphics Cursor X
1343 	s->vga.sr[0x10] = val;
1344         s->vga.hw_cursor_x = (val << 3) | (s->vga.sr_index >> 5);
1345 	break;
1346     case 0x11:
1347     case 0x31:
1348     case 0x51:
1349     case 0x71:			// Graphics Cursor Y
1350     case 0x91:
1351     case 0xb1:
1352     case 0xd1:
1353     case 0xf1:			// Graphics Cursor Y
1354 	s->vga.sr[0x11] = val;
1355         s->vga.hw_cursor_y = (val << 3) | (s->vga.sr_index >> 5);
1356 	break;
1357     case 0x07:			// Extended Sequencer Mode
1358         cirrus_update_memory_access(s);
1359         /* fall through */
1360     case 0x08:			// EEPROM Control
1361     case 0x09:			// Scratch Register 0
1362     case 0x0a:			// Scratch Register 1
1363     case 0x0b:			// VCLK 0
1364     case 0x0c:			// VCLK 1
1365     case 0x0d:			// VCLK 2
1366     case 0x0e:			// VCLK 3
1367     case 0x0f:			// DRAM Control
1368     case 0x13:			// Graphics Cursor Pattern Address
1369     case 0x14:			// Scratch Register 2
1370     case 0x15:			// Scratch Register 3
1371     case 0x16:			// Performance Tuning Register
1372     case 0x18:			// Signature Generator Control
1373     case 0x19:			// Signature Generator Result
1374     case 0x1a:			// Signature Generator Result
1375     case 0x1b:			// VCLK 0 Denominator & Post
1376     case 0x1c:			// VCLK 1 Denominator & Post
1377     case 0x1d:			// VCLK 2 Denominator & Post
1378     case 0x1e:			// VCLK 3 Denominator & Post
1379     case 0x1f:			// BIOS Write Enable and MCLK select
1380 	s->vga.sr[s->vga.sr_index] = val;
1381 #ifdef DEBUG_CIRRUS
1382 	printf("cirrus: handled outport sr_index %02x, sr_value %02x\n",
1383 	       s->vga.sr_index, val);
1384 #endif
1385 	break;
1386     case 0x12:			// Graphics Cursor Attribute
1387 	s->vga.sr[0x12] = val;
1388         s->vga.force_shadow = !!(val & CIRRUS_CURSOR_SHOW);
1389 #ifdef DEBUG_CIRRUS
1390         printf("cirrus: cursor ctl SR12=%02x (force shadow: %d)\n",
1391                val, s->vga.force_shadow);
1392 #endif
1393         break;
1394     case 0x17:			// Configuration Readback and Extended Control
1395 	s->vga.sr[s->vga.sr_index] = (s->vga.sr[s->vga.sr_index] & 0x38)
1396                                    | (val & 0xc7);
1397         cirrus_update_memory_access(s);
1398         break;
1399     default:
1400 #ifdef DEBUG_CIRRUS
1401 	printf("cirrus: outport sr_index %02x, sr_value %02x\n",
1402                s->vga.sr_index, val);
1403 #endif
1404 	break;
1405     }
1406 }
1407 
1408 /***************************************
1409  *
1410  *  I/O access at 0x3c6
1411  *
1412  ***************************************/
1413 
1414 static int cirrus_read_hidden_dac(CirrusVGAState * s)
1415 {
1416     if (++s->cirrus_hidden_dac_lockindex == 5) {
1417         s->cirrus_hidden_dac_lockindex = 0;
1418         return s->cirrus_hidden_dac_data;
1419     }
1420     return 0xff;
1421 }
1422 
1423 static void cirrus_write_hidden_dac(CirrusVGAState * s, int reg_value)
1424 {
1425     if (s->cirrus_hidden_dac_lockindex == 4) {
1426 	s->cirrus_hidden_dac_data = reg_value;
1427 #if defined(DEBUG_CIRRUS)
1428 	printf("cirrus: outport hidden DAC, value %02x\n", reg_value);
1429 #endif
1430     }
1431     s->cirrus_hidden_dac_lockindex = 0;
1432 }
1433 
1434 /***************************************
1435  *
1436  *  I/O access at 0x3c9
1437  *
1438  ***************************************/
1439 
1440 static int cirrus_vga_read_palette(CirrusVGAState * s)
1441 {
1442     int val;
1443 
1444     if ((s->vga.sr[0x12] & CIRRUS_CURSOR_HIDDENPEL)) {
1445         val = s->cirrus_hidden_palette[(s->vga.dac_read_index & 0x0f) * 3 +
1446                                        s->vga.dac_sub_index];
1447     } else {
1448         val = s->vga.palette[s->vga.dac_read_index * 3 + s->vga.dac_sub_index];
1449     }
1450     if (++s->vga.dac_sub_index == 3) {
1451 	s->vga.dac_sub_index = 0;
1452 	s->vga.dac_read_index++;
1453     }
1454     return val;
1455 }
1456 
1457 static void cirrus_vga_write_palette(CirrusVGAState * s, int reg_value)
1458 {
1459     s->vga.dac_cache[s->vga.dac_sub_index] = reg_value;
1460     if (++s->vga.dac_sub_index == 3) {
1461         if ((s->vga.sr[0x12] & CIRRUS_CURSOR_HIDDENPEL)) {
1462             memcpy(&s->cirrus_hidden_palette[(s->vga.dac_write_index & 0x0f) * 3],
1463                    s->vga.dac_cache, 3);
1464         } else {
1465             memcpy(&s->vga.palette[s->vga.dac_write_index * 3], s->vga.dac_cache, 3);
1466         }
1467         /* XXX update cursor */
1468 	s->vga.dac_sub_index = 0;
1469 	s->vga.dac_write_index++;
1470     }
1471 }
1472 
1473 /***************************************
1474  *
1475  *  I/O access between 0x3ce-0x3cf
1476  *
1477  ***************************************/
1478 
1479 static int cirrus_vga_read_gr(CirrusVGAState * s, unsigned reg_index)
1480 {
1481     switch (reg_index) {
1482     case 0x00: // Standard VGA, BGCOLOR 0x000000ff
1483         return s->cirrus_shadow_gr0;
1484     case 0x01: // Standard VGA, FGCOLOR 0x000000ff
1485         return s->cirrus_shadow_gr1;
1486     case 0x02:			// Standard VGA
1487     case 0x03:			// Standard VGA
1488     case 0x04:			// Standard VGA
1489     case 0x06:			// Standard VGA
1490     case 0x07:			// Standard VGA
1491     case 0x08:			// Standard VGA
1492         return s->vga.gr[s->vga.gr_index];
1493     case 0x05:			// Standard VGA, Cirrus extended mode
1494     default:
1495 	break;
1496     }
1497 
1498     if (reg_index < 0x3a) {
1499 	return s->vga.gr[reg_index];
1500     } else {
1501 #ifdef DEBUG_CIRRUS
1502 	printf("cirrus: inport gr_index %02x\n", reg_index);
1503 #endif
1504 	return 0xff;
1505     }
1506 }
1507 
1508 static void
1509 cirrus_vga_write_gr(CirrusVGAState * s, unsigned reg_index, int reg_value)
1510 {
1511 #if defined(DEBUG_BITBLT) && 0
1512     printf("gr%02x: %02x\n", reg_index, reg_value);
1513 #endif
1514     switch (reg_index) {
1515     case 0x00:			// Standard VGA, BGCOLOR 0x000000ff
1516 	s->vga.gr[reg_index] = reg_value & gr_mask[reg_index];
1517 	s->cirrus_shadow_gr0 = reg_value;
1518 	break;
1519     case 0x01:			// Standard VGA, FGCOLOR 0x000000ff
1520 	s->vga.gr[reg_index] = reg_value & gr_mask[reg_index];
1521 	s->cirrus_shadow_gr1 = reg_value;
1522 	break;
1523     case 0x02:			// Standard VGA
1524     case 0x03:			// Standard VGA
1525     case 0x04:			// Standard VGA
1526     case 0x06:			// Standard VGA
1527     case 0x07:			// Standard VGA
1528     case 0x08:			// Standard VGA
1529 	s->vga.gr[reg_index] = reg_value & gr_mask[reg_index];
1530         break;
1531     case 0x05:			// Standard VGA, Cirrus extended mode
1532 	s->vga.gr[reg_index] = reg_value & 0x7f;
1533         cirrus_update_memory_access(s);
1534 	break;
1535     case 0x09:			// bank offset #0
1536     case 0x0A:			// bank offset #1
1537 	s->vga.gr[reg_index] = reg_value;
1538 	cirrus_update_bank_ptr(s, 0);
1539 	cirrus_update_bank_ptr(s, 1);
1540         cirrus_update_memory_access(s);
1541         break;
1542     case 0x0B:
1543 	s->vga.gr[reg_index] = reg_value;
1544 	cirrus_update_bank_ptr(s, 0);
1545 	cirrus_update_bank_ptr(s, 1);
1546         cirrus_update_memory_access(s);
1547 	break;
1548     case 0x10:			// BGCOLOR 0x0000ff00
1549     case 0x11:			// FGCOLOR 0x0000ff00
1550     case 0x12:			// BGCOLOR 0x00ff0000
1551     case 0x13:			// FGCOLOR 0x00ff0000
1552     case 0x14:			// BGCOLOR 0xff000000
1553     case 0x15:			// FGCOLOR 0xff000000
1554     case 0x20:			// BLT WIDTH 0x0000ff
1555     case 0x22:			// BLT HEIGHT 0x0000ff
1556     case 0x24:			// BLT DEST PITCH 0x0000ff
1557     case 0x26:			// BLT SRC PITCH 0x0000ff
1558     case 0x28:			// BLT DEST ADDR 0x0000ff
1559     case 0x29:			// BLT DEST ADDR 0x00ff00
1560     case 0x2c:			// BLT SRC ADDR 0x0000ff
1561     case 0x2d:			// BLT SRC ADDR 0x00ff00
1562     case 0x2f:                  // BLT WRITEMASK
1563     case 0x30:			// BLT MODE
1564     case 0x32:			// RASTER OP
1565     case 0x33:			// BLT MODEEXT
1566     case 0x34:			// BLT TRANSPARENT COLOR 0x00ff
1567     case 0x35:			// BLT TRANSPARENT COLOR 0xff00
1568     case 0x38:			// BLT TRANSPARENT COLOR MASK 0x00ff
1569     case 0x39:			// BLT TRANSPARENT COLOR MASK 0xff00
1570 	s->vga.gr[reg_index] = reg_value;
1571 	break;
1572     case 0x21:			// BLT WIDTH 0x001f00
1573     case 0x23:			// BLT HEIGHT 0x001f00
1574     case 0x25:			// BLT DEST PITCH 0x001f00
1575     case 0x27:			// BLT SRC PITCH 0x001f00
1576 	s->vga.gr[reg_index] = reg_value & 0x1f;
1577 	break;
1578     case 0x2a:			// BLT DEST ADDR 0x3f0000
1579 	s->vga.gr[reg_index] = reg_value & 0x3f;
1580         /* if auto start mode, starts bit blt now */
1581         if (s->vga.gr[0x31] & CIRRUS_BLT_AUTOSTART) {
1582             cirrus_bitblt_start(s);
1583         }
1584 	break;
1585     case 0x2e:			// BLT SRC ADDR 0x3f0000
1586 	s->vga.gr[reg_index] = reg_value & 0x3f;
1587 	break;
1588     case 0x31:			// BLT STATUS/START
1589 	cirrus_write_bitblt(s, reg_value);
1590 	break;
1591     default:
1592 #ifdef DEBUG_CIRRUS
1593 	printf("cirrus: outport gr_index %02x, gr_value %02x\n", reg_index,
1594 	       reg_value);
1595 #endif
1596 	break;
1597     }
1598 }
1599 
1600 /***************************************
1601  *
1602  *  I/O access between 0x3d4-0x3d5
1603  *
1604  ***************************************/
1605 
1606 static int cirrus_vga_read_cr(CirrusVGAState * s, unsigned reg_index)
1607 {
1608     switch (reg_index) {
1609     case 0x00:			// Standard VGA
1610     case 0x01:			// Standard VGA
1611     case 0x02:			// Standard VGA
1612     case 0x03:			// Standard VGA
1613     case 0x04:			// Standard VGA
1614     case 0x05:			// Standard VGA
1615     case 0x06:			// Standard VGA
1616     case 0x07:			// Standard VGA
1617     case 0x08:			// Standard VGA
1618     case 0x09:			// Standard VGA
1619     case 0x0a:			// Standard VGA
1620     case 0x0b:			// Standard VGA
1621     case 0x0c:			// Standard VGA
1622     case 0x0d:			// Standard VGA
1623     case 0x0e:			// Standard VGA
1624     case 0x0f:			// Standard VGA
1625     case 0x10:			// Standard VGA
1626     case 0x11:			// Standard VGA
1627     case 0x12:			// Standard VGA
1628     case 0x13:			// Standard VGA
1629     case 0x14:			// Standard VGA
1630     case 0x15:			// Standard VGA
1631     case 0x16:			// Standard VGA
1632     case 0x17:			// Standard VGA
1633     case 0x18:			// Standard VGA
1634 	return s->vga.cr[s->vga.cr_index];
1635     case 0x24:			// Attribute Controller Toggle Readback (R)
1636         return (s->vga.ar_flip_flop << 7);
1637     case 0x19:			// Interlace End
1638     case 0x1a:			// Miscellaneous Control
1639     case 0x1b:			// Extended Display Control
1640     case 0x1c:			// Sync Adjust and Genlock
1641     case 0x1d:			// Overlay Extended Control
1642     case 0x22:			// Graphics Data Latches Readback (R)
1643     case 0x25:			// Part Status
1644     case 0x27:			// Part ID (R)
1645 	return s->vga.cr[s->vga.cr_index];
1646     case 0x26:			// Attribute Controller Index Readback (R)
1647 	return s->vga.ar_index & 0x3f;
1648 	break;
1649     default:
1650 #ifdef DEBUG_CIRRUS
1651 	printf("cirrus: inport cr_index %02x\n", reg_index);
1652 #endif
1653 	return 0xff;
1654     }
1655 }
1656 
1657 static void cirrus_vga_write_cr(CirrusVGAState * s, int reg_value)
1658 {
1659     switch (s->vga.cr_index) {
1660     case 0x00:			// Standard VGA
1661     case 0x01:			// Standard VGA
1662     case 0x02:			// Standard VGA
1663     case 0x03:			// Standard VGA
1664     case 0x04:			// Standard VGA
1665     case 0x05:			// Standard VGA
1666     case 0x06:			// Standard VGA
1667     case 0x07:			// Standard VGA
1668     case 0x08:			// Standard VGA
1669     case 0x09:			// Standard VGA
1670     case 0x0a:			// Standard VGA
1671     case 0x0b:			// Standard VGA
1672     case 0x0c:			// Standard VGA
1673     case 0x0d:			// Standard VGA
1674     case 0x0e:			// Standard VGA
1675     case 0x0f:			// Standard VGA
1676     case 0x10:			// Standard VGA
1677     case 0x11:			// Standard VGA
1678     case 0x12:			// Standard VGA
1679     case 0x13:			// Standard VGA
1680     case 0x14:			// Standard VGA
1681     case 0x15:			// Standard VGA
1682     case 0x16:			// Standard VGA
1683     case 0x17:			// Standard VGA
1684     case 0x18:			// Standard VGA
1685 	/* handle CR0-7 protection */
1686 	if ((s->vga.cr[0x11] & 0x80) && s->vga.cr_index <= 7) {
1687 	    /* can always write bit 4 of CR7 */
1688 	    if (s->vga.cr_index == 7)
1689 		s->vga.cr[7] = (s->vga.cr[7] & ~0x10) | (reg_value & 0x10);
1690 	    return;
1691 	}
1692 	s->vga.cr[s->vga.cr_index] = reg_value;
1693 	switch(s->vga.cr_index) {
1694 	case 0x00:
1695 	case 0x04:
1696 	case 0x05:
1697 	case 0x06:
1698 	case 0x07:
1699 	case 0x11:
1700 	case 0x17:
1701 	    s->vga.update_retrace_info(&s->vga);
1702 	    break;
1703 	}
1704         break;
1705     case 0x19:			// Interlace End
1706     case 0x1a:			// Miscellaneous Control
1707     case 0x1b:			// Extended Display Control
1708     case 0x1c:			// Sync Adjust and Genlock
1709     case 0x1d:			// Overlay Extended Control
1710 	s->vga.cr[s->vga.cr_index] = reg_value;
1711 #ifdef DEBUG_CIRRUS
1712 	printf("cirrus: handled outport cr_index %02x, cr_value %02x\n",
1713 	       s->vga.cr_index, reg_value);
1714 #endif
1715 	break;
1716     case 0x22:			// Graphics Data Latches Readback (R)
1717     case 0x24:			// Attribute Controller Toggle Readback (R)
1718     case 0x26:			// Attribute Controller Index Readback (R)
1719     case 0x27:			// Part ID (R)
1720 	break;
1721     case 0x25:			// Part Status
1722     default:
1723 #ifdef DEBUG_CIRRUS
1724 	printf("cirrus: outport cr_index %02x, cr_value %02x\n",
1725                s->vga.cr_index, reg_value);
1726 #endif
1727 	break;
1728     }
1729 }
1730 
1731 /***************************************
1732  *
1733  *  memory-mapped I/O (bitblt)
1734  *
1735  ***************************************/
1736 
1737 static uint8_t cirrus_mmio_blt_read(CirrusVGAState * s, unsigned address)
1738 {
1739     int value = 0xff;
1740 
1741     switch (address) {
1742     case (CIRRUS_MMIO_BLTBGCOLOR + 0):
1743 	value = cirrus_vga_read_gr(s, 0x00);
1744 	break;
1745     case (CIRRUS_MMIO_BLTBGCOLOR + 1):
1746 	value = cirrus_vga_read_gr(s, 0x10);
1747 	break;
1748     case (CIRRUS_MMIO_BLTBGCOLOR + 2):
1749 	value = cirrus_vga_read_gr(s, 0x12);
1750 	break;
1751     case (CIRRUS_MMIO_BLTBGCOLOR + 3):
1752 	value = cirrus_vga_read_gr(s, 0x14);
1753 	break;
1754     case (CIRRUS_MMIO_BLTFGCOLOR + 0):
1755 	value = cirrus_vga_read_gr(s, 0x01);
1756 	break;
1757     case (CIRRUS_MMIO_BLTFGCOLOR + 1):
1758 	value = cirrus_vga_read_gr(s, 0x11);
1759 	break;
1760     case (CIRRUS_MMIO_BLTFGCOLOR + 2):
1761 	value = cirrus_vga_read_gr(s, 0x13);
1762 	break;
1763     case (CIRRUS_MMIO_BLTFGCOLOR + 3):
1764 	value = cirrus_vga_read_gr(s, 0x15);
1765 	break;
1766     case (CIRRUS_MMIO_BLTWIDTH + 0):
1767 	value = cirrus_vga_read_gr(s, 0x20);
1768 	break;
1769     case (CIRRUS_MMIO_BLTWIDTH + 1):
1770 	value = cirrus_vga_read_gr(s, 0x21);
1771 	break;
1772     case (CIRRUS_MMIO_BLTHEIGHT + 0):
1773 	value = cirrus_vga_read_gr(s, 0x22);
1774 	break;
1775     case (CIRRUS_MMIO_BLTHEIGHT + 1):
1776 	value = cirrus_vga_read_gr(s, 0x23);
1777 	break;
1778     case (CIRRUS_MMIO_BLTDESTPITCH + 0):
1779 	value = cirrus_vga_read_gr(s, 0x24);
1780 	break;
1781     case (CIRRUS_MMIO_BLTDESTPITCH + 1):
1782 	value = cirrus_vga_read_gr(s, 0x25);
1783 	break;
1784     case (CIRRUS_MMIO_BLTSRCPITCH + 0):
1785 	value = cirrus_vga_read_gr(s, 0x26);
1786 	break;
1787     case (CIRRUS_MMIO_BLTSRCPITCH + 1):
1788 	value = cirrus_vga_read_gr(s, 0x27);
1789 	break;
1790     case (CIRRUS_MMIO_BLTDESTADDR + 0):
1791 	value = cirrus_vga_read_gr(s, 0x28);
1792 	break;
1793     case (CIRRUS_MMIO_BLTDESTADDR + 1):
1794 	value = cirrus_vga_read_gr(s, 0x29);
1795 	break;
1796     case (CIRRUS_MMIO_BLTDESTADDR + 2):
1797 	value = cirrus_vga_read_gr(s, 0x2a);
1798 	break;
1799     case (CIRRUS_MMIO_BLTSRCADDR + 0):
1800 	value = cirrus_vga_read_gr(s, 0x2c);
1801 	break;
1802     case (CIRRUS_MMIO_BLTSRCADDR + 1):
1803 	value = cirrus_vga_read_gr(s, 0x2d);
1804 	break;
1805     case (CIRRUS_MMIO_BLTSRCADDR + 2):
1806 	value = cirrus_vga_read_gr(s, 0x2e);
1807 	break;
1808     case CIRRUS_MMIO_BLTWRITEMASK:
1809 	value = cirrus_vga_read_gr(s, 0x2f);
1810 	break;
1811     case CIRRUS_MMIO_BLTMODE:
1812 	value = cirrus_vga_read_gr(s, 0x30);
1813 	break;
1814     case CIRRUS_MMIO_BLTROP:
1815 	value = cirrus_vga_read_gr(s, 0x32);
1816 	break;
1817     case CIRRUS_MMIO_BLTMODEEXT:
1818 	value = cirrus_vga_read_gr(s, 0x33);
1819 	break;
1820     case (CIRRUS_MMIO_BLTTRANSPARENTCOLOR + 0):
1821 	value = cirrus_vga_read_gr(s, 0x34);
1822 	break;
1823     case (CIRRUS_MMIO_BLTTRANSPARENTCOLOR + 1):
1824 	value = cirrus_vga_read_gr(s, 0x35);
1825 	break;
1826     case (CIRRUS_MMIO_BLTTRANSPARENTCOLORMASK + 0):
1827 	value = cirrus_vga_read_gr(s, 0x38);
1828 	break;
1829     case (CIRRUS_MMIO_BLTTRANSPARENTCOLORMASK + 1):
1830 	value = cirrus_vga_read_gr(s, 0x39);
1831 	break;
1832     case CIRRUS_MMIO_BLTSTATUS:
1833 	value = cirrus_vga_read_gr(s, 0x31);
1834 	break;
1835     default:
1836 #ifdef DEBUG_CIRRUS
1837 	printf("cirrus: mmio read - address 0x%04x\n", address);
1838 #endif
1839 	break;
1840     }
1841 
1842     trace_vga_cirrus_write_blt(address, value);
1843     return (uint8_t) value;
1844 }
1845 
1846 static void cirrus_mmio_blt_write(CirrusVGAState * s, unsigned address,
1847 				  uint8_t value)
1848 {
1849     trace_vga_cirrus_write_blt(address, value);
1850     switch (address) {
1851     case (CIRRUS_MMIO_BLTBGCOLOR + 0):
1852 	cirrus_vga_write_gr(s, 0x00, value);
1853 	break;
1854     case (CIRRUS_MMIO_BLTBGCOLOR + 1):
1855 	cirrus_vga_write_gr(s, 0x10, value);
1856 	break;
1857     case (CIRRUS_MMIO_BLTBGCOLOR + 2):
1858 	cirrus_vga_write_gr(s, 0x12, value);
1859 	break;
1860     case (CIRRUS_MMIO_BLTBGCOLOR + 3):
1861 	cirrus_vga_write_gr(s, 0x14, value);
1862 	break;
1863     case (CIRRUS_MMIO_BLTFGCOLOR + 0):
1864 	cirrus_vga_write_gr(s, 0x01, value);
1865 	break;
1866     case (CIRRUS_MMIO_BLTFGCOLOR + 1):
1867 	cirrus_vga_write_gr(s, 0x11, value);
1868 	break;
1869     case (CIRRUS_MMIO_BLTFGCOLOR + 2):
1870 	cirrus_vga_write_gr(s, 0x13, value);
1871 	break;
1872     case (CIRRUS_MMIO_BLTFGCOLOR + 3):
1873 	cirrus_vga_write_gr(s, 0x15, value);
1874 	break;
1875     case (CIRRUS_MMIO_BLTWIDTH + 0):
1876 	cirrus_vga_write_gr(s, 0x20, value);
1877 	break;
1878     case (CIRRUS_MMIO_BLTWIDTH + 1):
1879 	cirrus_vga_write_gr(s, 0x21, value);
1880 	break;
1881     case (CIRRUS_MMIO_BLTHEIGHT + 0):
1882 	cirrus_vga_write_gr(s, 0x22, value);
1883 	break;
1884     case (CIRRUS_MMIO_BLTHEIGHT + 1):
1885 	cirrus_vga_write_gr(s, 0x23, value);
1886 	break;
1887     case (CIRRUS_MMIO_BLTDESTPITCH + 0):
1888 	cirrus_vga_write_gr(s, 0x24, value);
1889 	break;
1890     case (CIRRUS_MMIO_BLTDESTPITCH + 1):
1891 	cirrus_vga_write_gr(s, 0x25, value);
1892 	break;
1893     case (CIRRUS_MMIO_BLTSRCPITCH + 0):
1894 	cirrus_vga_write_gr(s, 0x26, value);
1895 	break;
1896     case (CIRRUS_MMIO_BLTSRCPITCH + 1):
1897 	cirrus_vga_write_gr(s, 0x27, value);
1898 	break;
1899     case (CIRRUS_MMIO_BLTDESTADDR + 0):
1900 	cirrus_vga_write_gr(s, 0x28, value);
1901 	break;
1902     case (CIRRUS_MMIO_BLTDESTADDR + 1):
1903 	cirrus_vga_write_gr(s, 0x29, value);
1904 	break;
1905     case (CIRRUS_MMIO_BLTDESTADDR + 2):
1906 	cirrus_vga_write_gr(s, 0x2a, value);
1907 	break;
1908     case (CIRRUS_MMIO_BLTDESTADDR + 3):
1909 	/* ignored */
1910 	break;
1911     case (CIRRUS_MMIO_BLTSRCADDR + 0):
1912 	cirrus_vga_write_gr(s, 0x2c, value);
1913 	break;
1914     case (CIRRUS_MMIO_BLTSRCADDR + 1):
1915 	cirrus_vga_write_gr(s, 0x2d, value);
1916 	break;
1917     case (CIRRUS_MMIO_BLTSRCADDR + 2):
1918 	cirrus_vga_write_gr(s, 0x2e, value);
1919 	break;
1920     case CIRRUS_MMIO_BLTWRITEMASK:
1921 	cirrus_vga_write_gr(s, 0x2f, value);
1922 	break;
1923     case CIRRUS_MMIO_BLTMODE:
1924 	cirrus_vga_write_gr(s, 0x30, value);
1925 	break;
1926     case CIRRUS_MMIO_BLTROP:
1927 	cirrus_vga_write_gr(s, 0x32, value);
1928 	break;
1929     case CIRRUS_MMIO_BLTMODEEXT:
1930 	cirrus_vga_write_gr(s, 0x33, value);
1931 	break;
1932     case (CIRRUS_MMIO_BLTTRANSPARENTCOLOR + 0):
1933 	cirrus_vga_write_gr(s, 0x34, value);
1934 	break;
1935     case (CIRRUS_MMIO_BLTTRANSPARENTCOLOR + 1):
1936 	cirrus_vga_write_gr(s, 0x35, value);
1937 	break;
1938     case (CIRRUS_MMIO_BLTTRANSPARENTCOLORMASK + 0):
1939 	cirrus_vga_write_gr(s, 0x38, value);
1940 	break;
1941     case (CIRRUS_MMIO_BLTTRANSPARENTCOLORMASK + 1):
1942 	cirrus_vga_write_gr(s, 0x39, value);
1943 	break;
1944     case CIRRUS_MMIO_BLTSTATUS:
1945 	cirrus_vga_write_gr(s, 0x31, value);
1946 	break;
1947     default:
1948 #ifdef DEBUG_CIRRUS
1949 	printf("cirrus: mmio write - addr 0x%04x val 0x%02x (ignored)\n",
1950 	       address, value);
1951 #endif
1952 	break;
1953     }
1954 }
1955 
1956 /***************************************
1957  *
1958  *  write mode 4/5
1959  *
1960  ***************************************/
1961 
1962 static void cirrus_mem_writeb_mode4and5_8bpp(CirrusVGAState * s,
1963 					     unsigned mode,
1964 					     unsigned offset,
1965 					     uint32_t mem_value)
1966 {
1967     int x;
1968     unsigned val = mem_value;
1969     uint8_t *dst;
1970 
1971     for (x = 0; x < 8; x++) {
1972         dst = s->vga.vram_ptr + ((offset + x) & s->cirrus_addr_mask);
1973 	if (val & 0x80) {
1974 	    *dst = s->cirrus_shadow_gr1;
1975 	} else if (mode == 5) {
1976 	    *dst = s->cirrus_shadow_gr0;
1977 	}
1978 	val <<= 1;
1979     }
1980     memory_region_set_dirty(&s->vga.vram, offset, 8);
1981 }
1982 
1983 static void cirrus_mem_writeb_mode4and5_16bpp(CirrusVGAState * s,
1984 					      unsigned mode,
1985 					      unsigned offset,
1986 					      uint32_t mem_value)
1987 {
1988     int x;
1989     unsigned val = mem_value;
1990     uint8_t *dst;
1991 
1992     for (x = 0; x < 8; x++) {
1993         dst = s->vga.vram_ptr + ((offset + 2 * x) & s->cirrus_addr_mask & ~1);
1994 	if (val & 0x80) {
1995 	    *dst = s->cirrus_shadow_gr1;
1996 	    *(dst + 1) = s->vga.gr[0x11];
1997 	} else if (mode == 5) {
1998 	    *dst = s->cirrus_shadow_gr0;
1999 	    *(dst + 1) = s->vga.gr[0x10];
2000 	}
2001 	val <<= 1;
2002     }
2003     memory_region_set_dirty(&s->vga.vram, offset, 16);
2004 }
2005 
2006 /***************************************
2007  *
2008  *  memory access between 0xa0000-0xbffff
2009  *
2010  ***************************************/
2011 
2012 static uint64_t cirrus_vga_mem_read(void *opaque,
2013                                     hwaddr addr,
2014                                     uint32_t size)
2015 {
2016     CirrusVGAState *s = opaque;
2017     unsigned bank_index;
2018     unsigned bank_offset;
2019     uint32_t val;
2020 
2021     if ((s->vga.sr[0x07] & 0x01) == 0) {
2022         return vga_mem_readb(&s->vga, addr);
2023     }
2024 
2025     if (addr < 0x10000) {
2026 	/* XXX handle bitblt */
2027 	/* video memory */
2028 	bank_index = addr >> 15;
2029 	bank_offset = addr & 0x7fff;
2030 	if (bank_offset < s->cirrus_bank_limit[bank_index]) {
2031 	    bank_offset += s->cirrus_bank_base[bank_index];
2032 	    if ((s->vga.gr[0x0B] & 0x14) == 0x14) {
2033 		bank_offset <<= 4;
2034 	    } else if (s->vga.gr[0x0B] & 0x02) {
2035 		bank_offset <<= 3;
2036 	    }
2037 	    bank_offset &= s->cirrus_addr_mask;
2038 	    val = *(s->vga.vram_ptr + bank_offset);
2039 	} else
2040 	    val = 0xff;
2041     } else if (addr >= 0x18000 && addr < 0x18100) {
2042 	/* memory-mapped I/O */
2043 	val = 0xff;
2044 	if ((s->vga.sr[0x17] & 0x44) == 0x04) {
2045 	    val = cirrus_mmio_blt_read(s, addr & 0xff);
2046 	}
2047     } else {
2048 	val = 0xff;
2049 #ifdef DEBUG_CIRRUS
2050 	printf("cirrus: mem_readb " TARGET_FMT_plx "\n", addr);
2051 #endif
2052     }
2053     return val;
2054 }
2055 
2056 static void cirrus_vga_mem_write(void *opaque,
2057                                  hwaddr addr,
2058                                  uint64_t mem_value,
2059                                  uint32_t size)
2060 {
2061     CirrusVGAState *s = opaque;
2062     unsigned bank_index;
2063     unsigned bank_offset;
2064     unsigned mode;
2065 
2066     if ((s->vga.sr[0x07] & 0x01) == 0) {
2067         vga_mem_writeb(&s->vga, addr, mem_value);
2068         return;
2069     }
2070 
2071     if (addr < 0x10000) {
2072 	if (s->cirrus_srcptr != s->cirrus_srcptr_end) {
2073 	    /* bitblt */
2074 	    *s->cirrus_srcptr++ = (uint8_t) mem_value;
2075 	    if (s->cirrus_srcptr >= s->cirrus_srcptr_end) {
2076 		cirrus_bitblt_cputovideo_next(s);
2077 	    }
2078 	} else {
2079 	    /* video memory */
2080 	    bank_index = addr >> 15;
2081 	    bank_offset = addr & 0x7fff;
2082 	    if (bank_offset < s->cirrus_bank_limit[bank_index]) {
2083 		bank_offset += s->cirrus_bank_base[bank_index];
2084 		if ((s->vga.gr[0x0B] & 0x14) == 0x14) {
2085 		    bank_offset <<= 4;
2086 		} else if (s->vga.gr[0x0B] & 0x02) {
2087 		    bank_offset <<= 3;
2088 		}
2089 		bank_offset &= s->cirrus_addr_mask;
2090 		mode = s->vga.gr[0x05] & 0x7;
2091 		if (mode < 4 || mode > 5 || ((s->vga.gr[0x0B] & 0x4) == 0)) {
2092 		    *(s->vga.vram_ptr + bank_offset) = mem_value;
2093                     memory_region_set_dirty(&s->vga.vram, bank_offset,
2094                                             sizeof(mem_value));
2095 		} else {
2096 		    if ((s->vga.gr[0x0B] & 0x14) != 0x14) {
2097 			cirrus_mem_writeb_mode4and5_8bpp(s, mode,
2098 							 bank_offset,
2099 							 mem_value);
2100 		    } else {
2101 			cirrus_mem_writeb_mode4and5_16bpp(s, mode,
2102 							  bank_offset,
2103 							  mem_value);
2104 		    }
2105 		}
2106 	    }
2107 	}
2108     } else if (addr >= 0x18000 && addr < 0x18100) {
2109 	/* memory-mapped I/O */
2110 	if ((s->vga.sr[0x17] & 0x44) == 0x04) {
2111 	    cirrus_mmio_blt_write(s, addr & 0xff, mem_value);
2112 	}
2113     } else {
2114 #ifdef DEBUG_CIRRUS
2115         printf("cirrus: mem_writeb " TARGET_FMT_plx " value 0x%02" PRIu64 "\n", addr,
2116                mem_value);
2117 #endif
2118     }
2119 }
2120 
2121 static const MemoryRegionOps cirrus_vga_mem_ops = {
2122     .read = cirrus_vga_mem_read,
2123     .write = cirrus_vga_mem_write,
2124     .endianness = DEVICE_LITTLE_ENDIAN,
2125     .impl = {
2126         .min_access_size = 1,
2127         .max_access_size = 1,
2128     },
2129 };
2130 
2131 /***************************************
2132  *
2133  *  hardware cursor
2134  *
2135  ***************************************/
2136 
2137 static inline void invalidate_cursor1(CirrusVGAState *s)
2138 {
2139     if (s->last_hw_cursor_size) {
2140         vga_invalidate_scanlines(&s->vga,
2141                                  s->last_hw_cursor_y + s->last_hw_cursor_y_start,
2142                                  s->last_hw_cursor_y + s->last_hw_cursor_y_end);
2143     }
2144 }
2145 
2146 static inline void cirrus_cursor_compute_yrange(CirrusVGAState *s)
2147 {
2148     const uint8_t *src;
2149     uint32_t content;
2150     int y, y_min, y_max;
2151 
2152     src = s->vga.vram_ptr + s->real_vram_size - 16 * KiB;
2153     if (s->vga.sr[0x12] & CIRRUS_CURSOR_LARGE) {
2154         src += (s->vga.sr[0x13] & 0x3c) * 256;
2155         y_min = 64;
2156         y_max = -1;
2157         for(y = 0; y < 64; y++) {
2158             content = ((uint32_t *)src)[0] |
2159                 ((uint32_t *)src)[1] |
2160                 ((uint32_t *)src)[2] |
2161                 ((uint32_t *)src)[3];
2162             if (content) {
2163                 if (y < y_min)
2164                     y_min = y;
2165                 if (y > y_max)
2166                     y_max = y;
2167             }
2168             src += 16;
2169         }
2170     } else {
2171         src += (s->vga.sr[0x13] & 0x3f) * 256;
2172         y_min = 32;
2173         y_max = -1;
2174         for(y = 0; y < 32; y++) {
2175             content = ((uint32_t *)src)[0] |
2176                 ((uint32_t *)(src + 128))[0];
2177             if (content) {
2178                 if (y < y_min)
2179                     y_min = y;
2180                 if (y > y_max)
2181                     y_max = y;
2182             }
2183             src += 4;
2184         }
2185     }
2186     if (y_min > y_max) {
2187         s->last_hw_cursor_y_start = 0;
2188         s->last_hw_cursor_y_end = 0;
2189     } else {
2190         s->last_hw_cursor_y_start = y_min;
2191         s->last_hw_cursor_y_end = y_max + 1;
2192     }
2193 }
2194 
2195 /* NOTE: we do not currently handle the cursor bitmap change, so we
2196    update the cursor only if it moves. */
2197 static void cirrus_cursor_invalidate(VGACommonState *s1)
2198 {
2199     CirrusVGAState *s = container_of(s1, CirrusVGAState, vga);
2200     int size;
2201 
2202     if (!(s->vga.sr[0x12] & CIRRUS_CURSOR_SHOW)) {
2203         size = 0;
2204     } else {
2205         if (s->vga.sr[0x12] & CIRRUS_CURSOR_LARGE)
2206             size = 64;
2207         else
2208             size = 32;
2209     }
2210     /* invalidate last cursor and new cursor if any change */
2211     if (s->last_hw_cursor_size != size ||
2212         s->last_hw_cursor_x != s->vga.hw_cursor_x ||
2213         s->last_hw_cursor_y != s->vga.hw_cursor_y) {
2214 
2215         invalidate_cursor1(s);
2216 
2217         s->last_hw_cursor_size = size;
2218         s->last_hw_cursor_x = s->vga.hw_cursor_x;
2219         s->last_hw_cursor_y = s->vga.hw_cursor_y;
2220         /* compute the real cursor min and max y */
2221         cirrus_cursor_compute_yrange(s);
2222         invalidate_cursor1(s);
2223     }
2224 }
2225 
2226 static void vga_draw_cursor_line(uint8_t *d1,
2227                                  const uint8_t *src1,
2228                                  int poffset, int w,
2229                                  unsigned int color0,
2230                                  unsigned int color1,
2231                                  unsigned int color_xor)
2232 {
2233     const uint8_t *plane0, *plane1;
2234     int x, b0, b1;
2235     uint8_t *d;
2236 
2237     d = d1;
2238     plane0 = src1;
2239     plane1 = src1 + poffset;
2240     for (x = 0; x < w; x++) {
2241         b0 = (plane0[x >> 3] >> (7 - (x & 7))) & 1;
2242         b1 = (plane1[x >> 3] >> (7 - (x & 7))) & 1;
2243         switch (b0 | (b1 << 1)) {
2244         case 0:
2245             break;
2246         case 1:
2247             ((uint32_t *)d)[0] ^= color_xor;
2248             break;
2249         case 2:
2250             ((uint32_t *)d)[0] = color0;
2251             break;
2252         case 3:
2253             ((uint32_t *)d)[0] = color1;
2254             break;
2255         }
2256         d += 4;
2257     }
2258 }
2259 
2260 static void cirrus_cursor_draw_line(VGACommonState *s1, uint8_t *d1, int scr_y)
2261 {
2262     CirrusVGAState *s = container_of(s1, CirrusVGAState, vga);
2263     int w, h, x1, x2, poffset;
2264     unsigned int color0, color1;
2265     const uint8_t *palette, *src;
2266     uint32_t content;
2267 
2268     if (!(s->vga.sr[0x12] & CIRRUS_CURSOR_SHOW))
2269         return;
2270     /* fast test to see if the cursor intersects with the scan line */
2271     if (s->vga.sr[0x12] & CIRRUS_CURSOR_LARGE) {
2272         h = 64;
2273     } else {
2274         h = 32;
2275     }
2276     if (scr_y < s->vga.hw_cursor_y ||
2277         scr_y >= (s->vga.hw_cursor_y + h)) {
2278         return;
2279     }
2280 
2281     src = s->vga.vram_ptr + s->real_vram_size - 16 * KiB;
2282     if (s->vga.sr[0x12] & CIRRUS_CURSOR_LARGE) {
2283         src += (s->vga.sr[0x13] & 0x3c) * 256;
2284         src += (scr_y - s->vga.hw_cursor_y) * 16;
2285         poffset = 8;
2286         content = ((uint32_t *)src)[0] |
2287             ((uint32_t *)src)[1] |
2288             ((uint32_t *)src)[2] |
2289             ((uint32_t *)src)[3];
2290     } else {
2291         src += (s->vga.sr[0x13] & 0x3f) * 256;
2292         src += (scr_y - s->vga.hw_cursor_y) * 4;
2293 
2294 
2295         poffset = 128;
2296         content = ((uint32_t *)src)[0] |
2297             ((uint32_t *)(src + 128))[0];
2298     }
2299     /* if nothing to draw, no need to continue */
2300     if (!content)
2301         return;
2302     w = h;
2303 
2304     x1 = s->vga.hw_cursor_x;
2305     if (x1 >= s->vga.last_scr_width)
2306         return;
2307     x2 = s->vga.hw_cursor_x + w;
2308     if (x2 > s->vga.last_scr_width)
2309         x2 = s->vga.last_scr_width;
2310     w = x2 - x1;
2311     palette = s->cirrus_hidden_palette;
2312     color0 = rgb_to_pixel32(c6_to_8(palette[0x0 * 3]),
2313                             c6_to_8(palette[0x0 * 3 + 1]),
2314                             c6_to_8(palette[0x0 * 3 + 2]));
2315     color1 = rgb_to_pixel32(c6_to_8(palette[0xf * 3]),
2316                             c6_to_8(palette[0xf * 3 + 1]),
2317                             c6_to_8(palette[0xf * 3 + 2]));
2318     d1 += x1 * 4;
2319     vga_draw_cursor_line(d1, src, poffset, w, color0, color1, 0xffffff);
2320 }
2321 
2322 /***************************************
2323  *
2324  *  LFB memory access
2325  *
2326  ***************************************/
2327 
2328 static uint64_t cirrus_linear_read(void *opaque, hwaddr addr,
2329                                    unsigned size)
2330 {
2331     CirrusVGAState *s = opaque;
2332     uint32_t ret;
2333 
2334     addr &= s->cirrus_addr_mask;
2335 
2336     if (((s->vga.sr[0x17] & 0x44) == 0x44) &&
2337         ((addr & s->linear_mmio_mask) == s->linear_mmio_mask)) {
2338 	/* memory-mapped I/O */
2339 	ret = cirrus_mmio_blt_read(s, addr & 0xff);
2340     } else if (0) {
2341 	/* XXX handle bitblt */
2342 	ret = 0xff;
2343     } else {
2344 	/* video memory */
2345 	if ((s->vga.gr[0x0B] & 0x14) == 0x14) {
2346 	    addr <<= 4;
2347 	} else if (s->vga.gr[0x0B] & 0x02) {
2348 	    addr <<= 3;
2349 	}
2350 	addr &= s->cirrus_addr_mask;
2351 	ret = *(s->vga.vram_ptr + addr);
2352     }
2353 
2354     return ret;
2355 }
2356 
2357 static void cirrus_linear_write(void *opaque, hwaddr addr,
2358                                 uint64_t val, unsigned size)
2359 {
2360     CirrusVGAState *s = opaque;
2361     unsigned mode;
2362 
2363     addr &= s->cirrus_addr_mask;
2364 
2365     if (((s->vga.sr[0x17] & 0x44) == 0x44) &&
2366         ((addr & s->linear_mmio_mask) ==  s->linear_mmio_mask)) {
2367 	/* memory-mapped I/O */
2368 	cirrus_mmio_blt_write(s, addr & 0xff, val);
2369     } else if (s->cirrus_srcptr != s->cirrus_srcptr_end) {
2370 	/* bitblt */
2371 	*s->cirrus_srcptr++ = (uint8_t) val;
2372 	if (s->cirrus_srcptr >= s->cirrus_srcptr_end) {
2373 	    cirrus_bitblt_cputovideo_next(s);
2374 	}
2375     } else {
2376 	/* video memory */
2377 	if ((s->vga.gr[0x0B] & 0x14) == 0x14) {
2378 	    addr <<= 4;
2379 	} else if (s->vga.gr[0x0B] & 0x02) {
2380 	    addr <<= 3;
2381 	}
2382 	addr &= s->cirrus_addr_mask;
2383 
2384 	mode = s->vga.gr[0x05] & 0x7;
2385 	if (mode < 4 || mode > 5 || ((s->vga.gr[0x0B] & 0x4) == 0)) {
2386 	    *(s->vga.vram_ptr + addr) = (uint8_t) val;
2387             memory_region_set_dirty(&s->vga.vram, addr, 1);
2388 	} else {
2389 	    if ((s->vga.gr[0x0B] & 0x14) != 0x14) {
2390 		cirrus_mem_writeb_mode4and5_8bpp(s, mode, addr, val);
2391 	    } else {
2392 		cirrus_mem_writeb_mode4and5_16bpp(s, mode, addr, val);
2393 	    }
2394 	}
2395     }
2396 }
2397 
2398 /***************************************
2399  *
2400  *  system to screen memory access
2401  *
2402  ***************************************/
2403 
2404 
2405 static uint64_t cirrus_linear_bitblt_read(void *opaque,
2406                                           hwaddr addr,
2407                                           unsigned size)
2408 {
2409     CirrusVGAState *s = opaque;
2410     uint32_t ret;
2411 
2412     /* XXX handle bitblt */
2413     (void)s;
2414     ret = 0xff;
2415     return ret;
2416 }
2417 
2418 static void cirrus_linear_bitblt_write(void *opaque,
2419                                        hwaddr addr,
2420                                        uint64_t val,
2421                                        unsigned size)
2422 {
2423     CirrusVGAState *s = opaque;
2424 
2425     if (s->cirrus_srcptr != s->cirrus_srcptr_end) {
2426 	/* bitblt */
2427 	*s->cirrus_srcptr++ = (uint8_t) val;
2428 	if (s->cirrus_srcptr >= s->cirrus_srcptr_end) {
2429 	    cirrus_bitblt_cputovideo_next(s);
2430 	}
2431     }
2432 }
2433 
2434 static const MemoryRegionOps cirrus_linear_bitblt_io_ops = {
2435     .read = cirrus_linear_bitblt_read,
2436     .write = cirrus_linear_bitblt_write,
2437     .endianness = DEVICE_LITTLE_ENDIAN,
2438     .impl = {
2439         .min_access_size = 1,
2440         .max_access_size = 1,
2441     },
2442 };
2443 
2444 static void map_linear_vram_bank(CirrusVGAState *s, unsigned bank)
2445 {
2446     MemoryRegion *mr = &s->cirrus_bank[bank];
2447     bool enabled = !(s->cirrus_srcptr != s->cirrus_srcptr_end)
2448         && !((s->vga.sr[0x07] & 0x01) == 0)
2449         && !((s->vga.gr[0x0B] & 0x14) == 0x14)
2450         && !(s->vga.gr[0x0B] & 0x02);
2451 
2452     memory_region_set_enabled(mr, enabled);
2453     memory_region_set_alias_offset(mr, s->cirrus_bank_base[bank]);
2454 }
2455 
2456 static void map_linear_vram(CirrusVGAState *s)
2457 {
2458     if (s->bustype == CIRRUS_BUSTYPE_PCI && !s->linear_vram) {
2459         s->linear_vram = true;
2460         memory_region_add_subregion_overlap(&s->pci_bar, 0, &s->vga.vram, 1);
2461     }
2462     map_linear_vram_bank(s, 0);
2463     map_linear_vram_bank(s, 1);
2464 }
2465 
2466 static void unmap_linear_vram(CirrusVGAState *s)
2467 {
2468     if (s->bustype == CIRRUS_BUSTYPE_PCI && s->linear_vram) {
2469         s->linear_vram = false;
2470         memory_region_del_subregion(&s->pci_bar, &s->vga.vram);
2471     }
2472     memory_region_set_enabled(&s->cirrus_bank[0], false);
2473     memory_region_set_enabled(&s->cirrus_bank[1], false);
2474 }
2475 
2476 /* Compute the memory access functions */
2477 static void cirrus_update_memory_access(CirrusVGAState *s)
2478 {
2479     unsigned mode;
2480 
2481     memory_region_transaction_begin();
2482     if ((s->vga.sr[0x17] & 0x44) == 0x44) {
2483         goto generic_io;
2484     } else if (s->cirrus_srcptr != s->cirrus_srcptr_end) {
2485         goto generic_io;
2486     } else {
2487 	if ((s->vga.gr[0x0B] & 0x14) == 0x14) {
2488             goto generic_io;
2489 	} else if (s->vga.gr[0x0B] & 0x02) {
2490             goto generic_io;
2491         }
2492 
2493 	mode = s->vga.gr[0x05] & 0x7;
2494 	if (mode < 4 || mode > 5 || ((s->vga.gr[0x0B] & 0x4) == 0)) {
2495             map_linear_vram(s);
2496         } else {
2497         generic_io:
2498             unmap_linear_vram(s);
2499         }
2500     }
2501     memory_region_transaction_commit();
2502 }
2503 
2504 
2505 /* I/O ports */
2506 
2507 static uint64_t cirrus_vga_ioport_read(void *opaque, hwaddr addr,
2508                                        unsigned size)
2509 {
2510     CirrusVGAState *c = opaque;
2511     VGACommonState *s = &c->vga;
2512     int val, index;
2513 
2514     addr += 0x3b0;
2515 
2516     if (vga_ioport_invalid(s, addr)) {
2517 	val = 0xff;
2518     } else {
2519 	switch (addr) {
2520 	case 0x3c0:
2521 	    if (s->ar_flip_flop == 0) {
2522 		val = s->ar_index;
2523 	    } else {
2524 		val = 0;
2525 	    }
2526 	    break;
2527 	case 0x3c1:
2528 	    index = s->ar_index & 0x1f;
2529 	    if (index < 21)
2530 		val = s->ar[index];
2531 	    else
2532 		val = 0;
2533 	    break;
2534 	case 0x3c2:
2535 	    val = s->st00;
2536 	    break;
2537 	case 0x3c4:
2538 	    val = s->sr_index;
2539 	    break;
2540 	case 0x3c5:
2541 	    val = cirrus_vga_read_sr(c);
2542             break;
2543 #ifdef DEBUG_VGA_REG
2544 	    printf("vga: read SR%x = 0x%02x\n", s->sr_index, val);
2545 #endif
2546 	    break;
2547 	case 0x3c6:
2548 	    val = cirrus_read_hidden_dac(c);
2549 	    break;
2550 	case 0x3c7:
2551 	    val = s->dac_state;
2552 	    break;
2553 	case 0x3c8:
2554 	    val = s->dac_write_index;
2555 	    c->cirrus_hidden_dac_lockindex = 0;
2556 	    break;
2557         case 0x3c9:
2558             val = cirrus_vga_read_palette(c);
2559             break;
2560 	case 0x3ca:
2561 	    val = s->fcr;
2562 	    break;
2563 	case 0x3cc:
2564 	    val = s->msr;
2565 	    break;
2566 	case 0x3ce:
2567 	    val = s->gr_index;
2568 	    break;
2569 	case 0x3cf:
2570 	    val = cirrus_vga_read_gr(c, s->gr_index);
2571 #ifdef DEBUG_VGA_REG
2572 	    printf("vga: read GR%x = 0x%02x\n", s->gr_index, val);
2573 #endif
2574 	    break;
2575 	case 0x3b4:
2576 	case 0x3d4:
2577 	    val = s->cr_index;
2578 	    break;
2579 	case 0x3b5:
2580 	case 0x3d5:
2581             val = cirrus_vga_read_cr(c, s->cr_index);
2582 #ifdef DEBUG_VGA_REG
2583 	    printf("vga: read CR%x = 0x%02x\n", s->cr_index, val);
2584 #endif
2585 	    break;
2586 	case 0x3ba:
2587 	case 0x3da:
2588 	    /* just toggle to fool polling */
2589 	    val = s->st01 = s->retrace(s);
2590 	    s->ar_flip_flop = 0;
2591 	    break;
2592 	default:
2593 	    val = 0x00;
2594 	    break;
2595 	}
2596     }
2597     trace_vga_cirrus_read_io(addr, val);
2598     return val;
2599 }
2600 
2601 static void cirrus_vga_ioport_write(void *opaque, hwaddr addr, uint64_t val,
2602                                     unsigned size)
2603 {
2604     CirrusVGAState *c = opaque;
2605     VGACommonState *s = &c->vga;
2606     int index;
2607 
2608     addr += 0x3b0;
2609 
2610     /* check port range access depending on color/monochrome mode */
2611     if (vga_ioport_invalid(s, addr)) {
2612 	return;
2613     }
2614     trace_vga_cirrus_write_io(addr, val);
2615 
2616     switch (addr) {
2617     case 0x3c0:
2618 	if (s->ar_flip_flop == 0) {
2619 	    val &= 0x3f;
2620 	    s->ar_index = val;
2621 	} else {
2622 	    index = s->ar_index & 0x1f;
2623 	    switch (index) {
2624 	    case 0x00 ... 0x0f:
2625 		s->ar[index] = val & 0x3f;
2626 		break;
2627 	    case 0x10:
2628 		s->ar[index] = val & ~0x10;
2629 		break;
2630 	    case 0x11:
2631 		s->ar[index] = val;
2632 		break;
2633 	    case 0x12:
2634 		s->ar[index] = val & ~0xc0;
2635 		break;
2636 	    case 0x13:
2637 		s->ar[index] = val & ~0xf0;
2638 		break;
2639 	    case 0x14:
2640 		s->ar[index] = val & ~0xf0;
2641 		break;
2642 	    default:
2643 		break;
2644 	    }
2645 	}
2646 	s->ar_flip_flop ^= 1;
2647 	break;
2648     case 0x3c2:
2649 	s->msr = val & ~0x10;
2650 	s->update_retrace_info(s);
2651 	break;
2652     case 0x3c4:
2653 	s->sr_index = val;
2654 	break;
2655     case 0x3c5:
2656 #ifdef DEBUG_VGA_REG
2657 	printf("vga: write SR%x = 0x%02" PRIu64 "\n", s->sr_index, val);
2658 #endif
2659 	cirrus_vga_write_sr(c, val);
2660         break;
2661     case 0x3c6:
2662 	cirrus_write_hidden_dac(c, val);
2663 	break;
2664     case 0x3c7:
2665 	s->dac_read_index = val;
2666 	s->dac_sub_index = 0;
2667 	s->dac_state = 3;
2668 	break;
2669     case 0x3c8:
2670 	s->dac_write_index = val;
2671 	s->dac_sub_index = 0;
2672 	s->dac_state = 0;
2673 	break;
2674     case 0x3c9:
2675         cirrus_vga_write_palette(c, val);
2676         break;
2677     case 0x3ce:
2678 	s->gr_index = val;
2679 	break;
2680     case 0x3cf:
2681 #ifdef DEBUG_VGA_REG
2682 	printf("vga: write GR%x = 0x%02" PRIu64 "\n", s->gr_index, val);
2683 #endif
2684 	cirrus_vga_write_gr(c, s->gr_index, val);
2685 	break;
2686     case 0x3b4:
2687     case 0x3d4:
2688 	s->cr_index = val;
2689 	break;
2690     case 0x3b5:
2691     case 0x3d5:
2692 #ifdef DEBUG_VGA_REG
2693 	printf("vga: write CR%x = 0x%02"PRIu64"\n", s->cr_index, val);
2694 #endif
2695 	cirrus_vga_write_cr(c, val);
2696 	break;
2697     case 0x3ba:
2698     case 0x3da:
2699 	s->fcr = val & 0x10;
2700 	break;
2701     }
2702 }
2703 
2704 /***************************************
2705  *
2706  *  memory-mapped I/O access
2707  *
2708  ***************************************/
2709 
2710 static uint64_t cirrus_mmio_read(void *opaque, hwaddr addr,
2711                                  unsigned size)
2712 {
2713     CirrusVGAState *s = opaque;
2714 
2715     if (addr >= 0x100) {
2716         return cirrus_mmio_blt_read(s, addr - 0x100);
2717     } else {
2718         return cirrus_vga_ioport_read(s, addr + 0x10, size);
2719     }
2720 }
2721 
2722 static void cirrus_mmio_write(void *opaque, hwaddr addr,
2723                               uint64_t val, unsigned size)
2724 {
2725     CirrusVGAState *s = opaque;
2726 
2727     if (addr >= 0x100) {
2728 	cirrus_mmio_blt_write(s, addr - 0x100, val);
2729     } else {
2730         cirrus_vga_ioport_write(s, addr + 0x10, val, size);
2731     }
2732 }
2733 
2734 static const MemoryRegionOps cirrus_mmio_io_ops = {
2735     .read = cirrus_mmio_read,
2736     .write = cirrus_mmio_write,
2737     .endianness = DEVICE_LITTLE_ENDIAN,
2738     .impl = {
2739         .min_access_size = 1,
2740         .max_access_size = 1,
2741     },
2742 };
2743 
2744 /* load/save state */
2745 
2746 static int cirrus_post_load(void *opaque, int version_id)
2747 {
2748     CirrusVGAState *s = opaque;
2749 
2750     s->vga.gr[0x00] = s->cirrus_shadow_gr0 & 0x0f;
2751     s->vga.gr[0x01] = s->cirrus_shadow_gr1 & 0x0f;
2752 
2753     cirrus_update_bank_ptr(s, 0);
2754     cirrus_update_bank_ptr(s, 1);
2755     cirrus_update_memory_access(s);
2756     /* force refresh */
2757     s->vga.graphic_mode = -1;
2758 
2759     return 0;
2760 }
2761 
2762 const VMStateDescription vmstate_cirrus_vga = {
2763     .name = "cirrus_vga",
2764     .version_id = 2,
2765     .minimum_version_id = 1,
2766     .post_load = cirrus_post_load,
2767     .fields = (VMStateField[]) {
2768         VMSTATE_UINT32(vga.latch, CirrusVGAState),
2769         VMSTATE_UINT8(vga.sr_index, CirrusVGAState),
2770         VMSTATE_BUFFER(vga.sr, CirrusVGAState),
2771         VMSTATE_UINT8(vga.gr_index, CirrusVGAState),
2772         VMSTATE_UINT8(cirrus_shadow_gr0, CirrusVGAState),
2773         VMSTATE_UINT8(cirrus_shadow_gr1, CirrusVGAState),
2774         VMSTATE_BUFFER_START_MIDDLE(vga.gr, CirrusVGAState, 2),
2775         VMSTATE_UINT8(vga.ar_index, CirrusVGAState),
2776         VMSTATE_BUFFER(vga.ar, CirrusVGAState),
2777         VMSTATE_INT32(vga.ar_flip_flop, CirrusVGAState),
2778         VMSTATE_UINT8(vga.cr_index, CirrusVGAState),
2779         VMSTATE_BUFFER(vga.cr, CirrusVGAState),
2780         VMSTATE_UINT8(vga.msr, CirrusVGAState),
2781         VMSTATE_UINT8(vga.fcr, CirrusVGAState),
2782         VMSTATE_UINT8(vga.st00, CirrusVGAState),
2783         VMSTATE_UINT8(vga.st01, CirrusVGAState),
2784         VMSTATE_UINT8(vga.dac_state, CirrusVGAState),
2785         VMSTATE_UINT8(vga.dac_sub_index, CirrusVGAState),
2786         VMSTATE_UINT8(vga.dac_read_index, CirrusVGAState),
2787         VMSTATE_UINT8(vga.dac_write_index, CirrusVGAState),
2788         VMSTATE_BUFFER(vga.dac_cache, CirrusVGAState),
2789         VMSTATE_BUFFER(vga.palette, CirrusVGAState),
2790         VMSTATE_INT32(vga.bank_offset, CirrusVGAState),
2791         VMSTATE_UINT8(cirrus_hidden_dac_lockindex, CirrusVGAState),
2792         VMSTATE_UINT8(cirrus_hidden_dac_data, CirrusVGAState),
2793         VMSTATE_UINT32(vga.hw_cursor_x, CirrusVGAState),
2794         VMSTATE_UINT32(vga.hw_cursor_y, CirrusVGAState),
2795         /* XXX: we do not save the bitblt state - we assume we do not save
2796            the state when the blitter is active */
2797         VMSTATE_END_OF_LIST()
2798     }
2799 };
2800 
2801 static const VMStateDescription vmstate_pci_cirrus_vga = {
2802     .name = "cirrus_vga",
2803     .version_id = 2,
2804     .minimum_version_id = 2,
2805     .fields = (VMStateField[]) {
2806         VMSTATE_PCI_DEVICE(dev, PCICirrusVGAState),
2807         VMSTATE_STRUCT(cirrus_vga, PCICirrusVGAState, 0,
2808                        vmstate_cirrus_vga, CirrusVGAState),
2809         VMSTATE_END_OF_LIST()
2810     }
2811 };
2812 
2813 /***************************************
2814  *
2815  *  initialize
2816  *
2817  ***************************************/
2818 
2819 static void cirrus_reset(void *opaque)
2820 {
2821     CirrusVGAState *s = opaque;
2822 
2823     vga_common_reset(&s->vga);
2824     unmap_linear_vram(s);
2825     s->vga.sr[0x06] = 0x0f;
2826     if (s->device_id == CIRRUS_ID_CLGD5446) {
2827         /* 4MB 64 bit memory config, always PCI */
2828         s->vga.sr[0x1F] = 0x2d;		// MemClock
2829         s->vga.gr[0x18] = 0x0f;             // fastest memory configuration
2830         s->vga.sr[0x0f] = 0x98;
2831         s->vga.sr[0x17] = 0x20;
2832         s->vga.sr[0x15] = 0x04; /* memory size, 3=2MB, 4=4MB */
2833     } else {
2834         s->vga.sr[0x1F] = 0x22;		// MemClock
2835         s->vga.sr[0x0F] = CIRRUS_MEMSIZE_2M;
2836         s->vga.sr[0x17] = s->bustype;
2837         s->vga.sr[0x15] = 0x03; /* memory size, 3=2MB, 4=4MB */
2838     }
2839     s->vga.cr[0x27] = s->device_id;
2840 
2841     s->cirrus_hidden_dac_lockindex = 5;
2842     s->cirrus_hidden_dac_data = 0;
2843 }
2844 
2845 static const MemoryRegionOps cirrus_linear_io_ops = {
2846     .read = cirrus_linear_read,
2847     .write = cirrus_linear_write,
2848     .endianness = DEVICE_LITTLE_ENDIAN,
2849     .impl = {
2850         .min_access_size = 1,
2851         .max_access_size = 1,
2852     },
2853 };
2854 
2855 static const MemoryRegionOps cirrus_vga_io_ops = {
2856     .read = cirrus_vga_ioport_read,
2857     .write = cirrus_vga_ioport_write,
2858     .endianness = DEVICE_LITTLE_ENDIAN,
2859     .impl = {
2860         .min_access_size = 1,
2861         .max_access_size = 1,
2862     },
2863 };
2864 
2865 void cirrus_init_common(CirrusVGAState *s, Object *owner,
2866                         int device_id, int is_pci,
2867                         MemoryRegion *system_memory, MemoryRegion *system_io)
2868 {
2869     int i;
2870     static int inited;
2871 
2872     if (!inited) {
2873         inited = 1;
2874         for(i = 0;i < 256; i++)
2875             rop_to_index[i] = CIRRUS_ROP_NOP_INDEX; /* nop rop */
2876         rop_to_index[CIRRUS_ROP_0] = 0;
2877         rop_to_index[CIRRUS_ROP_SRC_AND_DST] = 1;
2878         rop_to_index[CIRRUS_ROP_NOP] = 2;
2879         rop_to_index[CIRRUS_ROP_SRC_AND_NOTDST] = 3;
2880         rop_to_index[CIRRUS_ROP_NOTDST] = 4;
2881         rop_to_index[CIRRUS_ROP_SRC] = 5;
2882         rop_to_index[CIRRUS_ROP_1] = 6;
2883         rop_to_index[CIRRUS_ROP_NOTSRC_AND_DST] = 7;
2884         rop_to_index[CIRRUS_ROP_SRC_XOR_DST] = 8;
2885         rop_to_index[CIRRUS_ROP_SRC_OR_DST] = 9;
2886         rop_to_index[CIRRUS_ROP_NOTSRC_OR_NOTDST] = 10;
2887         rop_to_index[CIRRUS_ROP_SRC_NOTXOR_DST] = 11;
2888         rop_to_index[CIRRUS_ROP_SRC_OR_NOTDST] = 12;
2889         rop_to_index[CIRRUS_ROP_NOTSRC] = 13;
2890         rop_to_index[CIRRUS_ROP_NOTSRC_OR_DST] = 14;
2891         rop_to_index[CIRRUS_ROP_NOTSRC_AND_NOTDST] = 15;
2892         s->device_id = device_id;
2893         if (is_pci)
2894             s->bustype = CIRRUS_BUSTYPE_PCI;
2895         else
2896             s->bustype = CIRRUS_BUSTYPE_ISA;
2897     }
2898 
2899     /* Register ioport 0x3b0 - 0x3df */
2900     memory_region_init_io(&s->cirrus_vga_io, owner, &cirrus_vga_io_ops, s,
2901                           "cirrus-io", 0x30);
2902     memory_region_set_flush_coalesced(&s->cirrus_vga_io);
2903     memory_region_add_subregion(system_io, 0x3b0, &s->cirrus_vga_io);
2904 
2905     memory_region_init(&s->low_mem_container, owner,
2906                        "cirrus-lowmem-container",
2907                        0x20000);
2908 
2909     memory_region_init_io(&s->low_mem, owner, &cirrus_vga_mem_ops, s,
2910                           "cirrus-low-memory", 0x20000);
2911     memory_region_add_subregion(&s->low_mem_container, 0, &s->low_mem);
2912     for (i = 0; i < 2; ++i) {
2913         static const char *names[] = { "vga.bank0", "vga.bank1" };
2914         MemoryRegion *bank = &s->cirrus_bank[i];
2915         memory_region_init_alias(bank, owner, names[i], &s->vga.vram,
2916                                  0, 0x8000);
2917         memory_region_set_enabled(bank, false);
2918         memory_region_add_subregion_overlap(&s->low_mem_container, i * 0x8000,
2919                                             bank, 1);
2920     }
2921     memory_region_add_subregion_overlap(system_memory,
2922                                         0x000a0000,
2923                                         &s->low_mem_container,
2924                                         1);
2925     memory_region_set_coalescing(&s->low_mem);
2926 
2927     /* I/O handler for LFB */
2928     memory_region_init_io(&s->cirrus_linear_io, owner, &cirrus_linear_io_ops, s,
2929                           "cirrus-linear-io", s->vga.vram_size_mb * MiB);
2930     memory_region_set_flush_coalesced(&s->cirrus_linear_io);
2931 
2932     /* I/O handler for LFB */
2933     memory_region_init_io(&s->cirrus_linear_bitblt_io, owner,
2934                           &cirrus_linear_bitblt_io_ops,
2935                           s,
2936                           "cirrus-bitblt-mmio",
2937                           0x400000);
2938     memory_region_set_flush_coalesced(&s->cirrus_linear_bitblt_io);
2939 
2940     /* I/O handler for memory-mapped I/O */
2941     memory_region_init_io(&s->cirrus_mmio_io, owner, &cirrus_mmio_io_ops, s,
2942                           "cirrus-mmio", CIRRUS_PNPMMIO_SIZE);
2943     memory_region_set_flush_coalesced(&s->cirrus_mmio_io);
2944 
2945     s->real_vram_size =
2946         (s->device_id == CIRRUS_ID_CLGD5446) ? 4 * MiB : 2 * MiB;
2947 
2948     /* XXX: s->vga.vram_size must be a power of two */
2949     s->cirrus_addr_mask = s->real_vram_size - 1;
2950     s->linear_mmio_mask = s->real_vram_size - 256;
2951 
2952     s->vga.get_bpp = cirrus_get_bpp;
2953     s->vga.get_offsets = cirrus_get_offsets;
2954     s->vga.get_resolution = cirrus_get_resolution;
2955     s->vga.cursor_invalidate = cirrus_cursor_invalidate;
2956     s->vga.cursor_draw_line = cirrus_cursor_draw_line;
2957 
2958     qemu_register_reset(cirrus_reset, s);
2959 }
2960 
2961 /***************************************
2962  *
2963  *  PCI bus support
2964  *
2965  ***************************************/
2966 
2967 static void pci_cirrus_vga_realize(PCIDevice *dev, Error **errp)
2968 {
2969      PCICirrusVGAState *d = PCI_CIRRUS_VGA(dev);
2970      CirrusVGAState *s = &d->cirrus_vga;
2971      PCIDeviceClass *pc = PCI_DEVICE_GET_CLASS(dev);
2972      int16_t device_id = pc->device_id;
2973 
2974      /* follow real hardware, cirrus card emulated has 4 MB video memory.
2975        Also accept 8 MB/16 MB for backward compatibility. */
2976      if (s->vga.vram_size_mb != 4 && s->vga.vram_size_mb != 8 &&
2977          s->vga.vram_size_mb != 16) {
2978          error_setg(errp, "Invalid cirrus_vga ram size '%u'",
2979                     s->vga.vram_size_mb);
2980          return;
2981      }
2982      /* setup VGA */
2983      vga_common_init(&s->vga, OBJECT(dev));
2984      cirrus_init_common(s, OBJECT(dev), device_id, 1, pci_address_space(dev),
2985                         pci_address_space_io(dev));
2986      s->vga.con = graphic_console_init(DEVICE(dev), 0, s->vga.hw_ops, &s->vga);
2987 
2988      /* setup PCI */
2989 
2990     memory_region_init(&s->pci_bar, OBJECT(dev), "cirrus-pci-bar0", 0x2000000);
2991 
2992     /* XXX: add byte swapping apertures */
2993     memory_region_add_subregion(&s->pci_bar, 0, &s->cirrus_linear_io);
2994     memory_region_add_subregion(&s->pci_bar, 0x1000000,
2995                                 &s->cirrus_linear_bitblt_io);
2996 
2997      /* setup memory space */
2998      /* memory #0 LFB */
2999      /* memory #1 memory-mapped I/O */
3000      /* XXX: s->vga.vram_size must be a power of two */
3001      pci_register_bar(&d->dev, 0, PCI_BASE_ADDRESS_MEM_PREFETCH, &s->pci_bar);
3002      if (device_id == CIRRUS_ID_CLGD5446) {
3003          pci_register_bar(&d->dev, 1, 0, &s->cirrus_mmio_io);
3004      }
3005 }
3006 
3007 static Property pci_vga_cirrus_properties[] = {
3008     DEFINE_PROP_UINT32("vgamem_mb", struct PCICirrusVGAState,
3009                        cirrus_vga.vga.vram_size_mb, 4),
3010     DEFINE_PROP_BOOL("blitter", struct PCICirrusVGAState,
3011                      cirrus_vga.enable_blitter, true),
3012     DEFINE_PROP_BOOL("global-vmstate", struct PCICirrusVGAState,
3013                      cirrus_vga.vga.global_vmstate, false),
3014     DEFINE_PROP_END_OF_LIST(),
3015 };
3016 
3017 static void cirrus_vga_class_init(ObjectClass *klass, void *data)
3018 {
3019     DeviceClass *dc = DEVICE_CLASS(klass);
3020     PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
3021 
3022     k->realize = pci_cirrus_vga_realize;
3023     k->romfile = VGABIOS_CIRRUS_FILENAME;
3024     k->vendor_id = PCI_VENDOR_ID_CIRRUS;
3025     k->device_id = CIRRUS_ID_CLGD5446;
3026     k->class_id = PCI_CLASS_DISPLAY_VGA;
3027     set_bit(DEVICE_CATEGORY_DISPLAY, dc->categories);
3028     dc->desc = "Cirrus CLGD 54xx VGA";
3029     dc->vmsd = &vmstate_pci_cirrus_vga;
3030     dc->props = pci_vga_cirrus_properties;
3031     dc->hotpluggable = false;
3032 }
3033 
3034 static const TypeInfo cirrus_vga_info = {
3035     .name          = TYPE_PCI_CIRRUS_VGA,
3036     .parent        = TYPE_PCI_DEVICE,
3037     .instance_size = sizeof(PCICirrusVGAState),
3038     .class_init    = cirrus_vga_class_init,
3039     .interfaces = (InterfaceInfo[]) {
3040         { INTERFACE_CONVENTIONAL_PCI_DEVICE },
3041         { },
3042     },
3043 };
3044 
3045 static void cirrus_vga_register_types(void)
3046 {
3047     type_register_static(&cirrus_vga_info);
3048 }
3049 
3050 type_init(cirrus_vga_register_types)
3051