xref: /openbmc/qemu/hw/misc/mac_via.c (revision 2f93d8b0)
1 /*
2  * QEMU m68k Macintosh VIA device support
3  *
4  * Copyright (c) 2011-2018 Laurent Vivier
5  * Copyright (c) 2018 Mark Cave-Ayland
6  *
7  * Some parts from hw/misc/macio/cuda.c
8  *
9  * Copyright (c) 2004-2007 Fabrice Bellard
10  * Copyright (c) 2007 Jocelyn Mayer
11  *
12  * some parts from linux-2.6.29, arch/m68k/include/asm/mac_via.h
13  *
14  * This work is licensed under the terms of the GNU GPL, version 2 or later.
15  * See the COPYING file in the top-level directory.
16  */
17 
18 #include "qemu/osdep.h"
19 #include "migration/vmstate.h"
20 #include "hw/sysbus.h"
21 #include "hw/irq.h"
22 #include "qemu/timer.h"
23 #include "hw/misc/mac_via.h"
24 #include "hw/misc/mos6522.h"
25 #include "hw/input/adb.h"
26 #include "sysemu/runstate.h"
27 #include "qapi/error.h"
28 #include "qemu/cutils.h"
29 #include "hw/qdev-properties.h"
30 #include "hw/qdev-properties-system.h"
31 #include "sysemu/block-backend.h"
32 #include "sysemu/rtc.h"
33 #include "trace.h"
34 #include "qemu/log.h"
35 
36 /*
37  * VIAs: There are two in every machine
38  */
39 
40 /*
41  * Not all of these are true post MacII I think.
42  * CSA: probably the ones CHRP marks as 'unused' change purposes
43  * when the IWM becomes the SWIM.
44  * http://www.rs6000.ibm.com/resource/technology/chrpio/via5.mak.html
45  * ftp://ftp.austin.ibm.com/pub/technology/spec/chrp/inwork/CHRP_IORef_1.0.pdf
46  *
47  * also, http://developer.apple.com/technotes/hw/hw_09.html claims the
48  * following changes for IIfx:
49  * VIA1A_vSccWrReq not available and that VIA1A_vSync has moved to an IOP.
50  * Also, "All of the functionality of VIA2 has been moved to other chips".
51  */
52 
53 #define VIA1A_vSccWrReq 0x80   /*
54                                 * SCC write. (input)
55                                 * [CHRP] SCC WREQ: Reflects the state of the
56                                 * Wait/Request pins from the SCC.
57                                 * [Macintosh Family Hardware]
58                                 * as CHRP on SE/30,II,IIx,IIcx,IIci.
59                                 * on IIfx, "0 means an active request"
60                                 */
61 #define VIA1A_vRev8     0x40   /*
62                                 * Revision 8 board ???
63                                 * [CHRP] En WaitReqB: Lets the WaitReq_L
64                                 * signal from port B of the SCC appear on
65                                 * the PA7 input pin. Output.
66                                 * [Macintosh Family] On the SE/30, this
67                                 * is the bit to flip screen buffers.
68                                 * 0=alternate, 1=main.
69                                 * on II,IIx,IIcx,IIci,IIfx this is a bit
70                                 * for Rev ID. 0=II,IIx, 1=IIcx,IIci,IIfx
71                                 */
72 #define VIA1A_vHeadSel  0x20   /*
73                                 * Head select for IWM.
74                                 * [CHRP] unused.
75                                 * [Macintosh Family] "Floppy disk
76                                 * state-control line SEL" on all but IIfx
77                                 */
78 #define VIA1A_vOverlay  0x10   /*
79                                 * [Macintosh Family] On SE/30,II,IIx,IIcx
80                                 * this bit enables the "Overlay" address
81                                 * map in the address decoders as it is on
82                                 * reset for mapping the ROM over the reset
83                                 * vector. 1=use overlay map.
84                                 * On the IIci,IIfx it is another bit of the
85                                 * CPU ID: 0=normal IIci, 1=IIci with parity
86                                 * feature or IIfx.
87                                 * [CHRP] En WaitReqA: Lets the WaitReq_L
88                                 * signal from port A of the SCC appear
89                                 * on the PA7 input pin (CHRP). Output.
90                                 * [MkLinux] "Drive Select"
91                                 *  (with 0x20 being 'disk head select')
92                                 */
93 #define VIA1A_vSync     0x08   /*
94                                 * [CHRP] Sync Modem: modem clock select:
95                                 * 1: select the external serial clock to
96                                 *    drive the SCC's /RTxCA pin.
97                                 * 0: Select the 3.6864MHz clock to drive
98                                 *    the SCC cell.
99                                 * [Macintosh Family] Correct on all but IIfx
100                                 */
101 
102 /*
103  * Macintosh Family Hardware sez: bits 0-2 of VIA1A are volume control
104  * on Macs which had the PWM sound hardware.  Reserved on newer models.
105  * On IIci,IIfx, bits 1-2 are the rest of the CPU ID:
106  * bit 2: 1=IIci, 0=IIfx
107  * bit 1: 1 on both IIci and IIfx.
108  * MkLinux sez bit 0 is 'burnin flag' in this case.
109  * CHRP sez: VIA1A bits 0-2 and 5 are 'unused': if programmed as
110  * inputs, these bits will read 0.
111  */
112 #define VIA1A_vVolume   0x07    /* Audio volume mask for PWM */
113 #define VIA1A_CPUID0    0x02    /* CPU id bit 0 on RBV, others */
114 #define VIA1A_CPUID1    0x04    /* CPU id bit 0 on RBV, others */
115 #define VIA1A_CPUID2    0x10    /* CPU id bit 0 on RBV, others */
116 #define VIA1A_CPUID3    0x40    /* CPU id bit 0 on RBV, others */
117 
118 /*
119  * Info on VIA1B is from Macintosh Family Hardware & MkLinux.
120  * CHRP offers no info.
121  */
122 #define VIA1B_vSound   0x80    /*
123                                 * Sound enable (for compatibility with
124                                 * PWM hardware) 0=enabled.
125                                 * Also, on IIci w/parity, shows parity error
126                                 * 0=error, 1=OK.
127                                 */
128 #define VIA1B_vMystery 0x40    /*
129                                 * On IIci, parity enable. 0=enabled,1=disabled
130                                 * On SE/30, vertical sync interrupt enable.
131                                 * 0=enabled. This vSync interrupt shows up
132                                 * as a slot $E interrupt.
133                                 * On Quadra 800 this bit toggles A/UX mode which
134                                 * configures the glue logic to deliver some IRQs
135                                 * at different levels compared to a classic
136                                 * Mac.
137                                 */
138 #define VIA1B_vADBS2   0x20    /* ADB state input bit 1 (unused on IIfx) */
139 #define VIA1B_vADBS1   0x10    /* ADB state input bit 0 (unused on IIfx) */
140 #define VIA1B_vADBInt  0x08    /* ADB interrupt 0=interrupt (unused on IIfx)*/
141 #define VIA1B_vRTCEnb  0x04    /* Enable Real time clock. 0=enabled. */
142 #define VIA1B_vRTCClk  0x02    /* Real time clock serial-clock line. */
143 #define VIA1B_vRTCData 0x01    /* Real time clock serial-data line. */
144 
145 /*
146  *    VIA2 A register is the interrupt lines raised off the nubus
147  *    slots.
148  *      The below info is from 'Macintosh Family Hardware.'
149  *      MkLinux calls the 'IIci internal video IRQ' below the 'RBV slot 0 irq.'
150  *      It also notes that the slot $9 IRQ is the 'Ethernet IRQ' and
151  *      defines the 'Video IRQ' as 0x40 for the 'EVR' VIA work-alike.
152  *      Perhaps OSS uses vRAM1 and vRAM2 for ADB.
153  */
154 
155 #define VIA2A_vRAM1    0x80    /* RAM size bit 1 (IIci: reserved) */
156 #define VIA2A_vRAM0    0x40    /* RAM size bit 0 (IIci: internal video IRQ) */
157 #define VIA2A_vIRQE    0x20    /* IRQ from slot $E */
158 #define VIA2A_vIRQD    0x10    /* IRQ from slot $D */
159 #define VIA2A_vIRQC    0x08    /* IRQ from slot $C */
160 #define VIA2A_vIRQB    0x04    /* IRQ from slot $B */
161 #define VIA2A_vIRQA    0x02    /* IRQ from slot $A */
162 #define VIA2A_vIRQ9    0x01    /* IRQ from slot $9 */
163 
164 /*
165  * RAM size bits decoded as follows:
166  * bit1 bit0  size of ICs in bank A
167  *  0    0    256 kbit
168  *  0    1    1 Mbit
169  *  1    0    4 Mbit
170  *  1    1   16 Mbit
171  */
172 
173 /*
174  *    Register B has the fun stuff in it
175  */
176 
177 #define VIA2B_vVBL    0x80    /*
178                                * VBL output to VIA1 (60.15Hz) driven by
179                                * timer T1.
180                                * on IIci, parity test: 0=test mode.
181                                * [MkLinux] RBV_PARODD: 1=odd,0=even.
182                                */
183 #define VIA2B_vSndJck 0x40    /*
184                                * External sound jack status.
185                                * 0=plug is inserted.  On SE/30, always 0
186                                */
187 #define VIA2B_vTfr0   0x20    /* Transfer mode bit 0 ack from NuBus */
188 #define VIA2B_vTfr1   0x10    /* Transfer mode bit 1 ack from NuBus */
189 #define VIA2B_vMode32 0x08    /*
190                                * 24/32bit switch - doubles as cache flush
191                                * on II, AMU/PMMU control.
192                                *   if AMU, 0=24bit to 32bit translation
193                                *   if PMMU, 1=PMMU is accessing page table.
194                                * on SE/30 tied low.
195                                * on IIx,IIcx,IIfx, unused.
196                                * on IIci/RBV, cache control. 0=flush cache.
197                                */
198 #define VIA2B_vPower  0x04   /*
199                               * Power off, 0=shut off power.
200                               * on SE/30 this signal sent to PDS card.
201                               */
202 #define VIA2B_vBusLk  0x02   /*
203                               * Lock NuBus transactions, 0=locked.
204                               * on SE/30 sent to PDS card.
205                               */
206 #define VIA2B_vCDis   0x01   /*
207                               * Cache control. On IIci, 1=disable cache card
208                               * on others, 0=disable processor's instruction
209                               * and data caches.
210                               */
211 
212 /* interrupt flags */
213 
214 #define IRQ_SET         0x80
215 
216 /* common */
217 
218 #define VIA_IRQ_TIMER1      0x40
219 #define VIA_IRQ_TIMER2      0x20
220 
221 /*
222  * Apple sez: http://developer.apple.com/technotes/ov/ov_04.html
223  * Another example of a valid function that has no ROM support is the use
224  * of the alternate video page for page-flipping animation. Since there
225  * is no ROM call to flip pages, it is necessary to go play with the
226  * right bit in the VIA chip (6522 Versatile Interface Adapter).
227  * [CSA: don't know which one this is, but it's one of 'em!]
228  */
229 
230 /*
231  *    6522 registers - see databook.
232  * CSA: Assignments for VIA1 confirmed from CHRP spec.
233  */
234 
235 /* partial address decode.  0xYYXX : XX part for RBV, YY part for VIA */
236 /* Note: 15 VIA regs, 8 RBV regs */
237 
238 #define vBufB    0x0000  /* [VIA/RBV]  Register B */
239 #define vBufAH   0x0200  /* [VIA only] Buffer A, with handshake. DON'T USE! */
240 #define vDirB    0x0400  /* [VIA only] Data Direction Register B. */
241 #define vDirA    0x0600  /* [VIA only] Data Direction Register A. */
242 #define vT1CL    0x0800  /* [VIA only] Timer one counter low. */
243 #define vT1CH    0x0a00  /* [VIA only] Timer one counter high. */
244 #define vT1LL    0x0c00  /* [VIA only] Timer one latches low. */
245 #define vT1LH    0x0e00  /* [VIA only] Timer one latches high. */
246 #define vT2CL    0x1000  /* [VIA only] Timer two counter low. */
247 #define vT2CH    0x1200  /* [VIA only] Timer two counter high. */
248 #define vSR      0x1400  /* [VIA only] Shift register. */
249 #define vACR     0x1600  /* [VIA only] Auxilary control register. */
250 #define vPCR     0x1800  /* [VIA only] Peripheral control register. */
251                          /*
252                           *           CHRP sez never ever to *write* this.
253                           *            Mac family says never to *change* this.
254                           * In fact we need to initialize it once at start.
255                           */
256 #define vIFR     0x1a00  /* [VIA/RBV]  Interrupt flag register. */
257 #define vIER     0x1c00  /* [VIA/RBV]  Interrupt enable register. */
258 #define vBufA    0x1e00  /* [VIA/RBV] register A (no handshake) */
259 
260 /* from linux 2.6 drivers/macintosh/via-macii.c */
261 
262 /* Bits in ACR */
263 
264 #define VIA1ACR_vShiftCtrl         0x1c        /* Shift register control bits */
265 #define VIA1ACR_vShiftExtClk       0x0c        /* Shift on external clock */
266 #define VIA1ACR_vShiftOut          0x10        /* Shift out if 1 */
267 
268 /*
269  * Apple Macintosh Family Hardware Refenece
270  * Table 19-10 ADB transaction states
271  */
272 
273 #define ADB_STATE_NEW       0
274 #define ADB_STATE_EVEN      1
275 #define ADB_STATE_ODD       2
276 #define ADB_STATE_IDLE      3
277 
278 #define VIA1B_vADB_StateMask    (VIA1B_vADBS1 | VIA1B_vADBS2)
279 #define VIA1B_vADB_StateShift   4
280 
281 #define VIA_TIMER_FREQ (783360)
282 #define VIA_ADB_POLL_FREQ 50 /* XXX: not real */
283 
284 /*
285  * Guide to the Macintosh Family Hardware ch. 12 "Displays" p. 401 gives the
286  * precise 60Hz interrupt frequency as ~60.15Hz with a period of 16625.8 us
287  */
288 #define VIA_60HZ_TIMER_PERIOD_NS   16625800
289 
290 /* VIA returns time offset from Jan 1, 1904, not 1970 */
291 #define RTC_OFFSET 2082844800
292 
293 enum {
294     REG_0,
295     REG_1,
296     REG_2,
297     REG_3,
298     REG_TEST,
299     REG_WPROTECT,
300     REG_PRAM_ADDR,
301     REG_PRAM_ADDR_LAST = REG_PRAM_ADDR + 19,
302     REG_PRAM_SECT,
303     REG_PRAM_SECT_LAST = REG_PRAM_SECT + 7,
304     REG_INVALID,
305     REG_EMPTY = 0xff,
306 };
307 
308 static void via1_sixty_hz_update(MOS6522Q800VIA1State *v1s)
309 {
310     /* 60 Hz irq */
311     v1s->next_sixty_hz = (qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) +
312                           VIA_60HZ_TIMER_PERIOD_NS) /
313                           VIA_60HZ_TIMER_PERIOD_NS * VIA_60HZ_TIMER_PERIOD_NS;
314     timer_mod(v1s->sixty_hz_timer, v1s->next_sixty_hz);
315 }
316 
317 static void via1_one_second_update(MOS6522Q800VIA1State *v1s)
318 {
319     v1s->next_second = (qemu_clock_get_ms(QEMU_CLOCK_VIRTUAL) + 1000) /
320                        1000 * 1000;
321     timer_mod(v1s->one_second_timer, v1s->next_second);
322 }
323 
324 static void via1_sixty_hz(void *opaque)
325 {
326     MOS6522Q800VIA1State *v1s = opaque;
327     MOS6522State *s = MOS6522(v1s);
328     MOS6522DeviceClass *mdc = MOS6522_GET_CLASS(s);
329 
330     s->ifr |= VIA1_IRQ_60HZ;
331     mdc->update_irq(s);
332 
333     via1_sixty_hz_update(v1s);
334 }
335 
336 static void via1_one_second(void *opaque)
337 {
338     MOS6522Q800VIA1State *v1s = opaque;
339     MOS6522State *s = MOS6522(v1s);
340     MOS6522DeviceClass *mdc = MOS6522_GET_CLASS(s);
341 
342     s->ifr |= VIA1_IRQ_ONE_SECOND;
343     mdc->update_irq(s);
344 
345     via1_one_second_update(v1s);
346 }
347 
348 static void via1_irq_request(void *opaque, int irq, int level)
349 {
350     MOS6522Q800VIA1State *v1s = opaque;
351     MOS6522State *s = MOS6522(v1s);
352     MOS6522DeviceClass *mdc = MOS6522_GET_CLASS(s);
353 
354     if (level) {
355         s->ifr |= 1 << irq;
356     } else {
357         s->ifr &= ~(1 << irq);
358     }
359 
360     mdc->update_irq(s);
361 }
362 
363 static void via2_irq_request(void *opaque, int irq, int level)
364 {
365     MOS6522Q800VIA2State *v2s = opaque;
366     MOS6522State *s = MOS6522(v2s);
367     MOS6522DeviceClass *mdc = MOS6522_GET_CLASS(s);
368 
369     if (level) {
370         s->ifr |= 1 << irq;
371     } else {
372         s->ifr &= ~(1 << irq);
373     }
374 
375     mdc->update_irq(s);
376 }
377 
378 
379 static void pram_update(MOS6522Q800VIA1State *v1s)
380 {
381     if (v1s->blk) {
382         if (blk_pwrite(v1s->blk, 0, v1s->PRAM, sizeof(v1s->PRAM), 0) < 0) {
383             qemu_log("pram_update: cannot write to file\n");
384         }
385     }
386 }
387 
388 /*
389  * RTC Commands
390  *
391  * Command byte    Register addressed by the command
392  *
393  * z0000001        Seconds register 0 (lowest-order byte)
394  * z0000101        Seconds register 1
395  * z0001001        Seconds register 2
396  * z0001101        Seconds register 3 (highest-order byte)
397  * 00110001        Test register (write-only)
398  * 00110101        Write-Protect Register (write-only)
399  * z010aa01        RAM address 100aa ($10-$13) (first 20 bytes only)
400  * z1aaaa01        RAM address 0aaaa ($00-$0F) (first 20 bytes only)
401  * z0111aaa        Extended memory designator and sector number
402  *
403  * For a read request, z=1, for a write z=0
404  * The letter a indicates bits whose value depend on what parameter
405  * RAM byte you want to address
406  */
407 static int via1_rtc_compact_cmd(uint8_t value)
408 {
409     uint8_t read = value & 0x80;
410 
411     value &= 0x7f;
412 
413     /* the last 2 bits of a command byte must always be 0b01 ... */
414     if ((value & 0x78) == 0x38) {
415         /* except for the extended memory designator */
416         return read | (REG_PRAM_SECT + (value & 0x07));
417     }
418     if ((value & 0x03) == 0x01) {
419         value >>= 2;
420         if ((value & 0x1c) == 0) {
421             /* seconds registers */
422             return read | (REG_0 + (value & 0x03));
423         } else if ((value == 0x0c) && !read) {
424             return REG_TEST;
425         } else if ((value == 0x0d) && !read) {
426             return REG_WPROTECT;
427         } else if ((value & 0x1c) == 0x08) {
428             /* RAM address 0x10 to 0x13 */
429             return read | (REG_PRAM_ADDR + 0x10 + (value & 0x03));
430         } else if ((value & 0x43) == 0x41) {
431             /* RAM address 0x00 to 0x0f */
432             return read | (REG_PRAM_ADDR + (value & 0x0f));
433         }
434     }
435     return REG_INVALID;
436 }
437 
438 static void via1_rtc_update(MOS6522Q800VIA1State *v1s)
439 {
440     MOS6522State *s = MOS6522(v1s);
441     int cmd, sector, addr;
442     uint32_t time;
443 
444     if (s->b & VIA1B_vRTCEnb) {
445         return;
446     }
447 
448     if (s->dirb & VIA1B_vRTCData) {
449         /* send bits to the RTC */
450         if (!(v1s->last_b & VIA1B_vRTCClk) && (s->b & VIA1B_vRTCClk)) {
451             v1s->data_out <<= 1;
452             v1s->data_out |= s->b & VIA1B_vRTCData;
453             v1s->data_out_cnt++;
454         }
455         trace_via1_rtc_update_data_out(v1s->data_out_cnt, v1s->data_out);
456     } else {
457         trace_via1_rtc_update_data_in(v1s->data_in_cnt, v1s->data_in);
458         /* receive bits from the RTC */
459         if ((v1s->last_b & VIA1B_vRTCClk) &&
460             !(s->b & VIA1B_vRTCClk) &&
461             v1s->data_in_cnt) {
462             s->b = (s->b & ~VIA1B_vRTCData) |
463                    ((v1s->data_in >> 7) & VIA1B_vRTCData);
464             v1s->data_in <<= 1;
465             v1s->data_in_cnt--;
466         }
467         return;
468     }
469 
470     if (v1s->data_out_cnt != 8) {
471         return;
472     }
473 
474     v1s->data_out_cnt = 0;
475 
476     trace_via1_rtc_internal_status(v1s->cmd, v1s->alt, v1s->data_out);
477     /* first byte: it's a command */
478     if (v1s->cmd == REG_EMPTY) {
479 
480         cmd = via1_rtc_compact_cmd(v1s->data_out);
481         trace_via1_rtc_internal_cmd(cmd);
482 
483         if (cmd == REG_INVALID) {
484             trace_via1_rtc_cmd_invalid(v1s->data_out);
485             return;
486         }
487 
488         if (cmd & 0x80) { /* this is a read command */
489             switch (cmd & 0x7f) {
490             case REG_0...REG_3: /* seconds registers */
491                 /*
492                  * register 0 is lowest-order byte
493                  * register 3 is highest-order byte
494                  */
495 
496                 time = v1s->tick_offset + (qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL)
497                        / NANOSECONDS_PER_SECOND);
498                 trace_via1_rtc_internal_time(time);
499                 v1s->data_in = (time >> ((cmd & 0x03) << 3)) & 0xff;
500                 v1s->data_in_cnt = 8;
501                 trace_via1_rtc_cmd_seconds_read((cmd & 0x7f) - REG_0,
502                                                 v1s->data_in);
503                 break;
504             case REG_PRAM_ADDR...REG_PRAM_ADDR_LAST:
505                 /* PRAM address 0x00 -> 0x13 */
506                 v1s->data_in = v1s->PRAM[(cmd & 0x7f) - REG_PRAM_ADDR];
507                 v1s->data_in_cnt = 8;
508                 trace_via1_rtc_cmd_pram_read((cmd & 0x7f) - REG_PRAM_ADDR,
509                                              v1s->data_in);
510                 break;
511             case REG_PRAM_SECT...REG_PRAM_SECT_LAST:
512                 /*
513                  * extended memory designator and sector number
514                  * the only two-byte read command
515                  */
516                 trace_via1_rtc_internal_set_cmd(cmd);
517                 v1s->cmd = cmd;
518                 break;
519             default:
520                 g_assert_not_reached();
521                 break;
522             }
523             return;
524         }
525 
526         /* this is a write command, needs a parameter */
527         if (cmd == REG_WPROTECT || !v1s->wprotect) {
528             trace_via1_rtc_internal_set_cmd(cmd);
529             v1s->cmd = cmd;
530         } else {
531             trace_via1_rtc_internal_ignore_cmd(cmd);
532         }
533         return;
534     }
535 
536     /* second byte: it's a parameter */
537     if (v1s->alt == REG_EMPTY) {
538         switch (v1s->cmd & 0x7f) {
539         case REG_0...REG_3: /* seconds register */
540             /* FIXME */
541             trace_via1_rtc_cmd_seconds_write(v1s->cmd - REG_0, v1s->data_out);
542             v1s->cmd = REG_EMPTY;
543             break;
544         case REG_TEST:
545             /* device control: nothing to do */
546             trace_via1_rtc_cmd_test_write(v1s->data_out);
547             v1s->cmd = REG_EMPTY;
548             break;
549         case REG_WPROTECT:
550             /* Write Protect register */
551             trace_via1_rtc_cmd_wprotect_write(v1s->data_out);
552             v1s->wprotect = !!(v1s->data_out & 0x80);
553             v1s->cmd = REG_EMPTY;
554             break;
555         case REG_PRAM_ADDR...REG_PRAM_ADDR_LAST:
556             /* PRAM address 0x00 -> 0x13 */
557             trace_via1_rtc_cmd_pram_write(v1s->cmd - REG_PRAM_ADDR,
558                                           v1s->data_out);
559             v1s->PRAM[v1s->cmd - REG_PRAM_ADDR] = v1s->data_out;
560             pram_update(v1s);
561             v1s->cmd = REG_EMPTY;
562             break;
563         case REG_PRAM_SECT...REG_PRAM_SECT_LAST:
564             addr = (v1s->data_out >> 2) & 0x1f;
565             sector = (v1s->cmd & 0x7f) - REG_PRAM_SECT;
566             if (v1s->cmd & 0x80) {
567                 /* it's a read */
568                 v1s->data_in = v1s->PRAM[sector * 32 + addr];
569                 v1s->data_in_cnt = 8;
570                 trace_via1_rtc_cmd_pram_sect_read(sector, addr,
571                                                   sector * 32 + addr,
572                                                   v1s->data_in);
573                 v1s->cmd = REG_EMPTY;
574             } else {
575                 /* it's a write, we need one more parameter */
576                 trace_via1_rtc_internal_set_alt(addr, sector, addr);
577                 v1s->alt = addr;
578             }
579             break;
580         default:
581             g_assert_not_reached();
582             break;
583         }
584         return;
585     }
586 
587     /* third byte: it's the data of a REG_PRAM_SECT write */
588     g_assert(REG_PRAM_SECT <= v1s->cmd && v1s->cmd <= REG_PRAM_SECT_LAST);
589     sector = v1s->cmd - REG_PRAM_SECT;
590     v1s->PRAM[sector * 32 + v1s->alt] = v1s->data_out;
591     pram_update(v1s);
592     trace_via1_rtc_cmd_pram_sect_write(sector, v1s->alt, sector * 32 + v1s->alt,
593                                        v1s->data_out);
594     v1s->alt = REG_EMPTY;
595     v1s->cmd = REG_EMPTY;
596 }
597 
598 static void adb_via_poll(void *opaque)
599 {
600     MOS6522Q800VIA1State *v1s = MOS6522_Q800_VIA1(opaque);
601     MOS6522State *s = MOS6522(v1s);
602     ADBBusState *adb_bus = &v1s->adb_bus;
603     uint8_t obuf[9];
604     uint8_t *data = &s->sr;
605     int olen;
606 
607     /*
608      * Setting vADBInt below indicates that an autopoll reply has been
609      * received, however we must block autopoll until the point where
610      * the entire reply has been read back to the host
611      */
612     adb_autopoll_block(adb_bus);
613 
614     if (v1s->adb_data_in_size > 0 && v1s->adb_data_in_index == 0) {
615         /*
616          * For older Linux kernels that switch to IDLE mode after sending the
617          * ADB command, detect if there is an existing response and return that
618          * as a a "fake" autopoll reply or bus timeout accordingly
619          */
620         *data = v1s->adb_data_out[0];
621         olen = v1s->adb_data_in_size;
622 
623         s->b &= ~VIA1B_vADBInt;
624         qemu_irq_raise(v1s->adb_data_ready);
625     } else {
626         /*
627          * Otherwise poll as normal
628          */
629         v1s->adb_data_in_index = 0;
630         v1s->adb_data_out_index = 0;
631         olen = adb_poll(adb_bus, obuf, adb_bus->autopoll_mask);
632 
633         if (olen > 0) {
634             /* Autopoll response */
635             *data = obuf[0];
636             olen--;
637             memcpy(v1s->adb_data_in, &obuf[1], olen);
638             v1s->adb_data_in_size = olen;
639 
640             s->b &= ~VIA1B_vADBInt;
641             qemu_irq_raise(v1s->adb_data_ready);
642         } else {
643             *data = v1s->adb_autopoll_cmd;
644             obuf[0] = 0xff;
645             obuf[1] = 0xff;
646             olen = 2;
647 
648             memcpy(v1s->adb_data_in, obuf, olen);
649             v1s->adb_data_in_size = olen;
650 
651             s->b &= ~VIA1B_vADBInt;
652             qemu_irq_raise(v1s->adb_data_ready);
653         }
654     }
655 
656     trace_via1_adb_poll(*data, (s->b & VIA1B_vADBInt) ? "+" : "-",
657                         adb_bus->status, v1s->adb_data_in_index, olen);
658 }
659 
660 static int adb_via_send_len(uint8_t data)
661 {
662     /* Determine the send length from the given ADB command */
663     uint8_t cmd = data & 0xc;
664     uint8_t reg = data & 0x3;
665 
666     switch (cmd) {
667     case 0x8:
668         /* Listen command */
669         switch (reg) {
670         case 2:
671             /* Register 2 is only used for the keyboard */
672             return 3;
673         case 3:
674             /*
675              * Fortunately our devices only implement writes
676              * to register 3 which is fixed at 2 bytes
677              */
678             return 3;
679         default:
680             qemu_log_mask(LOG_UNIMP, "ADB unknown length for register %d\n",
681                           reg);
682             return 1;
683         }
684     default:
685         /* Talk, BusReset */
686         return 1;
687     }
688 }
689 
690 static void adb_via_send(MOS6522Q800VIA1State *v1s, int state, uint8_t data)
691 {
692     MOS6522State *ms = MOS6522(v1s);
693     ADBBusState *adb_bus = &v1s->adb_bus;
694     uint16_t autopoll_mask;
695 
696     switch (state) {
697     case ADB_STATE_NEW:
698         /*
699          * Command byte: vADBInt tells host autopoll data already present
700          * in VIA shift register and ADB transceiver
701          */
702         adb_autopoll_block(adb_bus);
703 
704         if (adb_bus->status & ADB_STATUS_POLLREPLY) {
705             /* Tell the host the existing data is from autopoll */
706             ms->b &= ~VIA1B_vADBInt;
707         } else {
708             ms->b |= VIA1B_vADBInt;
709             v1s->adb_data_out_index = 0;
710             v1s->adb_data_out[v1s->adb_data_out_index++] = data;
711         }
712 
713         trace_via1_adb_send(" NEW", data, (ms->b & VIA1B_vADBInt) ? "+" : "-");
714         qemu_irq_raise(v1s->adb_data_ready);
715         break;
716 
717     case ADB_STATE_EVEN:
718     case ADB_STATE_ODD:
719         ms->b |= VIA1B_vADBInt;
720         v1s->adb_data_out[v1s->adb_data_out_index++] = data;
721 
722         trace_via1_adb_send(state == ADB_STATE_EVEN ? "EVEN" : " ODD",
723                             data, (ms->b & VIA1B_vADBInt) ? "+" : "-");
724         qemu_irq_raise(v1s->adb_data_ready);
725         break;
726 
727     case ADB_STATE_IDLE:
728         return;
729     }
730 
731     /* If the command is complete, execute it */
732     if (v1s->adb_data_out_index == adb_via_send_len(v1s->adb_data_out[0])) {
733         v1s->adb_data_in_size = adb_request(adb_bus, v1s->adb_data_in,
734                                             v1s->adb_data_out,
735                                             v1s->adb_data_out_index);
736         v1s->adb_data_in_index = 0;
737 
738         if (adb_bus->status & ADB_STATUS_BUSTIMEOUT) {
739             /*
740              * Bus timeout (but allow first EVEN and ODD byte to indicate
741              * timeout via vADBInt and SRQ status)
742              */
743             v1s->adb_data_in[0] = 0xff;
744             v1s->adb_data_in[1] = 0xff;
745             v1s->adb_data_in_size = 2;
746         }
747 
748         /*
749          * If last command is TALK, store it for use by autopoll and adjust
750          * the autopoll mask accordingly
751          */
752         if ((v1s->adb_data_out[0] & 0xc) == 0xc) {
753             v1s->adb_autopoll_cmd = v1s->adb_data_out[0];
754 
755             autopoll_mask = 1 << (v1s->adb_autopoll_cmd >> 4);
756             adb_set_autopoll_mask(adb_bus, autopoll_mask);
757         }
758     }
759 }
760 
761 static void adb_via_receive(MOS6522Q800VIA1State *v1s, int state, uint8_t *data)
762 {
763     MOS6522State *ms = MOS6522(v1s);
764     ADBBusState *adb_bus = &v1s->adb_bus;
765     uint16_t pending;
766 
767     switch (state) {
768     case ADB_STATE_NEW:
769         ms->b |= VIA1B_vADBInt;
770         return;
771 
772     case ADB_STATE_IDLE:
773         ms->b |= VIA1B_vADBInt;
774         adb_autopoll_unblock(adb_bus);
775 
776         trace_via1_adb_receive("IDLE", *data,
777                         (ms->b & VIA1B_vADBInt) ? "+" : "-", adb_bus->status,
778                         v1s->adb_data_in_index, v1s->adb_data_in_size);
779 
780         break;
781 
782     case ADB_STATE_EVEN:
783     case ADB_STATE_ODD:
784         switch (v1s->adb_data_in_index) {
785         case 0:
786             /* First EVEN byte: vADBInt indicates bus timeout */
787             *data = v1s->adb_data_in[v1s->adb_data_in_index];
788             if (adb_bus->status & ADB_STATUS_BUSTIMEOUT) {
789                 ms->b &= ~VIA1B_vADBInt;
790             } else {
791                 ms->b |= VIA1B_vADBInt;
792             }
793 
794             trace_via1_adb_receive(state == ADB_STATE_EVEN ? "EVEN" : " ODD",
795                                    *data, (ms->b & VIA1B_vADBInt) ? "+" : "-",
796                                    adb_bus->status, v1s->adb_data_in_index,
797                                    v1s->adb_data_in_size);
798 
799             v1s->adb_data_in_index++;
800             break;
801 
802         case 1:
803             /* First ODD byte: vADBInt indicates SRQ */
804             *data = v1s->adb_data_in[v1s->adb_data_in_index];
805             pending = adb_bus->pending & ~(1 << (v1s->adb_autopoll_cmd >> 4));
806             if (pending) {
807                 ms->b &= ~VIA1B_vADBInt;
808             } else {
809                 ms->b |= VIA1B_vADBInt;
810             }
811 
812             trace_via1_adb_receive(state == ADB_STATE_EVEN ? "EVEN" : " ODD",
813                                    *data, (ms->b & VIA1B_vADBInt) ? "+" : "-",
814                                    adb_bus->status, v1s->adb_data_in_index,
815                                    v1s->adb_data_in_size);
816 
817             v1s->adb_data_in_index++;
818             break;
819 
820         default:
821             /*
822              * Otherwise vADBInt indicates end of data. Note that Linux
823              * specifically checks for the sequence 0x0 0xff to confirm the
824              * end of the poll reply, so provide these extra bytes below to
825              * keep it happy
826              */
827             if (v1s->adb_data_in_index < v1s->adb_data_in_size) {
828                 /* Next data byte */
829                 *data = v1s->adb_data_in[v1s->adb_data_in_index];
830                 ms->b |= VIA1B_vADBInt;
831             } else if (v1s->adb_data_in_index == v1s->adb_data_in_size) {
832                 if (adb_bus->status & ADB_STATUS_BUSTIMEOUT) {
833                     /* Bus timeout (no more data) */
834                     *data = 0xff;
835                 } else {
836                     /* Return 0x0 after reply */
837                     *data = 0;
838                 }
839                 ms->b &= ~VIA1B_vADBInt;
840             } else {
841                 /* Bus timeout (no more data) */
842                 *data = 0xff;
843                 ms->b &= ~VIA1B_vADBInt;
844                 adb_bus->status = 0;
845                 adb_autopoll_unblock(adb_bus);
846             }
847 
848             trace_via1_adb_receive(state == ADB_STATE_EVEN ? "EVEN" : " ODD",
849                                    *data, (ms->b & VIA1B_vADBInt) ? "+" : "-",
850                                    adb_bus->status, v1s->adb_data_in_index,
851                                    v1s->adb_data_in_size);
852 
853             if (v1s->adb_data_in_index <= v1s->adb_data_in_size) {
854                 v1s->adb_data_in_index++;
855             }
856             break;
857         }
858 
859         qemu_irq_raise(v1s->adb_data_ready);
860         break;
861     }
862 }
863 
864 static void via1_adb_update(MOS6522Q800VIA1State *v1s)
865 {
866     MOS6522State *s = MOS6522(v1s);
867     int oldstate, state;
868 
869     oldstate = (v1s->last_b & VIA1B_vADB_StateMask) >> VIA1B_vADB_StateShift;
870     state = (s->b & VIA1B_vADB_StateMask) >> VIA1B_vADB_StateShift;
871 
872     if (state != oldstate) {
873         if (s->acr & VIA1ACR_vShiftOut) {
874             /* output mode */
875             adb_via_send(v1s, state, s->sr);
876         } else {
877             /* input mode */
878             adb_via_receive(v1s, state, &s->sr);
879         }
880     }
881 }
882 
883 static void via1_auxmode_update(MOS6522Q800VIA1State *v1s)
884 {
885     MOS6522State *s = MOS6522(v1s);
886     int oldirq, irq;
887 
888     oldirq = (v1s->last_b & VIA1B_vMystery) ? 1 : 0;
889     irq = (s->b & VIA1B_vMystery) ? 1 : 0;
890 
891     /* Check to see if the A/UX mode bit has changed */
892     if (irq != oldirq) {
893         trace_via1_auxmode(irq);
894         qemu_set_irq(v1s->auxmode_irq, irq);
895     }
896 }
897 
898 static uint64_t mos6522_q800_via1_read(void *opaque, hwaddr addr, unsigned size)
899 {
900     MOS6522Q800VIA1State *s = MOS6522_Q800_VIA1(opaque);
901     MOS6522State *ms = MOS6522(s);
902 
903     addr = (addr >> 9) & 0xf;
904     return mos6522_read(ms, addr, size);
905 }
906 
907 static void mos6522_q800_via1_write(void *opaque, hwaddr addr, uint64_t val,
908                                     unsigned size)
909 {
910     MOS6522Q800VIA1State *v1s = MOS6522_Q800_VIA1(opaque);
911     MOS6522State *ms = MOS6522(v1s);
912 
913     addr = (addr >> 9) & 0xf;
914     mos6522_write(ms, addr, val, size);
915 
916     switch (addr) {
917     case VIA_REG_B:
918         via1_rtc_update(v1s);
919         via1_adb_update(v1s);
920         via1_auxmode_update(v1s);
921 
922         v1s->last_b = ms->b;
923         break;
924     }
925 }
926 
927 static const MemoryRegionOps mos6522_q800_via1_ops = {
928     .read = mos6522_q800_via1_read,
929     .write = mos6522_q800_via1_write,
930     .endianness = DEVICE_BIG_ENDIAN,
931     .valid = {
932         .min_access_size = 1,
933         .max_access_size = 4,
934     },
935 };
936 
937 static uint64_t mos6522_q800_via2_read(void *opaque, hwaddr addr, unsigned size)
938 {
939     MOS6522Q800VIA2State *s = MOS6522_Q800_VIA2(opaque);
940     MOS6522State *ms = MOS6522(s);
941 
942     addr = (addr >> 9) & 0xf;
943     return mos6522_read(ms, addr, size);
944 }
945 
946 static void mos6522_q800_via2_write(void *opaque, hwaddr addr, uint64_t val,
947                                     unsigned size)
948 {
949     MOS6522Q800VIA2State *s = MOS6522_Q800_VIA2(opaque);
950     MOS6522State *ms = MOS6522(s);
951 
952     addr = (addr >> 9) & 0xf;
953     mos6522_write(ms, addr, val, size);
954 }
955 
956 static const MemoryRegionOps mos6522_q800_via2_ops = {
957     .read = mos6522_q800_via2_read,
958     .write = mos6522_q800_via2_write,
959     .endianness = DEVICE_BIG_ENDIAN,
960     .valid = {
961         .min_access_size = 1,
962         .max_access_size = 4,
963     },
964 };
965 
966 static void via1_postload_update_cb(void *opaque, bool running, RunState state)
967 {
968     MOS6522Q800VIA1State *v1s = MOS6522_Q800_VIA1(opaque);
969 
970     qemu_del_vm_change_state_handler(v1s->vmstate);
971     v1s->vmstate = NULL;
972 
973     pram_update(v1s);
974 }
975 
976 static int via1_post_load(void *opaque, int version_id)
977 {
978     MOS6522Q800VIA1State *v1s = MOS6522_Q800_VIA1(opaque);
979 
980     if (v1s->blk) {
981         v1s->vmstate = qemu_add_vm_change_state_handler(
982                            via1_postload_update_cb, v1s);
983     }
984 
985     return 0;
986 }
987 
988 /* VIA 1 */
989 static void mos6522_q800_via1_reset(DeviceState *dev)
990 {
991     MOS6522Q800VIA1State *v1s = MOS6522_Q800_VIA1(dev);
992     MOS6522State *ms = MOS6522(v1s);
993     MOS6522DeviceClass *mdc = MOS6522_GET_CLASS(ms);
994     ADBBusState *adb_bus = &v1s->adb_bus;
995 
996     mdc->parent_reset(dev);
997 
998     ms->timers[0].frequency = VIA_TIMER_FREQ;
999     ms->timers[1].frequency = VIA_TIMER_FREQ;
1000 
1001     ms->b = VIA1B_vADB_StateMask | VIA1B_vADBInt | VIA1B_vRTCEnb;
1002 
1003     /* ADB/RTC */
1004     adb_set_autopoll_enabled(adb_bus, true);
1005     v1s->cmd = REG_EMPTY;
1006     v1s->alt = REG_EMPTY;
1007 }
1008 
1009 static void mos6522_q800_via1_realize(DeviceState *dev, Error **errp)
1010 {
1011     MOS6522Q800VIA1State *v1s = MOS6522_Q800_VIA1(dev);
1012     ADBBusState *adb_bus = &v1s->adb_bus;
1013     struct tm tm;
1014     int ret;
1015 
1016     v1s->one_second_timer = timer_new_ms(QEMU_CLOCK_VIRTUAL, via1_one_second,
1017                                          v1s);
1018     via1_one_second_update(v1s);
1019     v1s->sixty_hz_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, via1_sixty_hz,
1020                                        v1s);
1021     via1_sixty_hz_update(v1s);
1022 
1023     qemu_get_timedate(&tm, 0);
1024     v1s->tick_offset = (uint32_t)mktimegm(&tm) + RTC_OFFSET;
1025 
1026     adb_register_autopoll_callback(adb_bus, adb_via_poll, v1s);
1027     v1s->adb_data_ready = qdev_get_gpio_in(dev, VIA1_IRQ_ADB_READY_BIT);
1028 
1029     if (v1s->blk) {
1030         int64_t len = blk_getlength(v1s->blk);
1031         if (len < 0) {
1032             error_setg_errno(errp, -len,
1033                              "could not get length of backing image");
1034             return;
1035         }
1036         ret = blk_set_perm(v1s->blk,
1037                            BLK_PERM_CONSISTENT_READ | BLK_PERM_WRITE,
1038                            BLK_PERM_ALL, errp);
1039         if (ret < 0) {
1040             return;
1041         }
1042 
1043         len = blk_pread(v1s->blk, 0, v1s->PRAM, sizeof(v1s->PRAM));
1044         if (len != sizeof(v1s->PRAM)) {
1045             error_setg(errp, "can't read PRAM contents");
1046             return;
1047         }
1048     }
1049 }
1050 
1051 static void mos6522_q800_via1_init(Object *obj)
1052 {
1053     MOS6522Q800VIA1State *v1s = MOS6522_Q800_VIA1(obj);
1054     SysBusDevice *sbd = SYS_BUS_DEVICE(v1s);
1055 
1056     memory_region_init_io(&v1s->via_mem, obj, &mos6522_q800_via1_ops, v1s,
1057                           "via1", VIA_SIZE);
1058     sysbus_init_mmio(sbd, &v1s->via_mem);
1059 
1060     /* ADB */
1061     qbus_init((BusState *)&v1s->adb_bus, sizeof(v1s->adb_bus),
1062               TYPE_ADB_BUS, DEVICE(v1s), "adb.0");
1063 
1064     qdev_init_gpio_in(DEVICE(obj), via1_irq_request, VIA1_IRQ_NB);
1065 
1066     /* A/UX mode */
1067     qdev_init_gpio_out(DEVICE(obj), &v1s->auxmode_irq, 1);
1068 }
1069 
1070 static const VMStateDescription vmstate_q800_via1 = {
1071     .name = "q800-via1",
1072     .version_id = 0,
1073     .minimum_version_id = 0,
1074     .post_load = via1_post_load,
1075     .fields = (VMStateField[]) {
1076         VMSTATE_STRUCT(parent_obj, MOS6522Q800VIA1State, 0, vmstate_mos6522,
1077                        MOS6522State),
1078         VMSTATE_UINT8(last_b, MOS6522Q800VIA1State),
1079         /* RTC */
1080         VMSTATE_BUFFER(PRAM, MOS6522Q800VIA1State),
1081         VMSTATE_UINT32(tick_offset, MOS6522Q800VIA1State),
1082         VMSTATE_UINT8(data_out, MOS6522Q800VIA1State),
1083         VMSTATE_INT32(data_out_cnt, MOS6522Q800VIA1State),
1084         VMSTATE_UINT8(data_in, MOS6522Q800VIA1State),
1085         VMSTATE_UINT8(data_in_cnt, MOS6522Q800VIA1State),
1086         VMSTATE_UINT8(cmd, MOS6522Q800VIA1State),
1087         VMSTATE_INT32(wprotect, MOS6522Q800VIA1State),
1088         VMSTATE_INT32(alt, MOS6522Q800VIA1State),
1089         /* ADB */
1090         VMSTATE_INT32(adb_data_in_size, MOS6522Q800VIA1State),
1091         VMSTATE_INT32(adb_data_in_index, MOS6522Q800VIA1State),
1092         VMSTATE_INT32(adb_data_out_index, MOS6522Q800VIA1State),
1093         VMSTATE_BUFFER(adb_data_in, MOS6522Q800VIA1State),
1094         VMSTATE_BUFFER(adb_data_out, MOS6522Q800VIA1State),
1095         VMSTATE_UINT8(adb_autopoll_cmd, MOS6522Q800VIA1State),
1096         /* Timers */
1097         VMSTATE_TIMER_PTR(one_second_timer, MOS6522Q800VIA1State),
1098         VMSTATE_INT64(next_second, MOS6522Q800VIA1State),
1099         VMSTATE_TIMER_PTR(sixty_hz_timer, MOS6522Q800VIA1State),
1100         VMSTATE_INT64(next_sixty_hz, MOS6522Q800VIA1State),
1101         VMSTATE_END_OF_LIST()
1102     }
1103 };
1104 
1105 static Property mos6522_q800_via1_properties[] = {
1106     DEFINE_PROP_DRIVE("drive", MOS6522Q800VIA1State, blk),
1107     DEFINE_PROP_END_OF_LIST(),
1108 };
1109 
1110 static void mos6522_q800_via1_class_init(ObjectClass *oc, void *data)
1111 {
1112     DeviceClass *dc = DEVICE_CLASS(oc);
1113 
1114     dc->realize = mos6522_q800_via1_realize;
1115     dc->reset = mos6522_q800_via1_reset;
1116     dc->vmsd = &vmstate_q800_via1;
1117     device_class_set_props(dc, mos6522_q800_via1_properties);
1118 }
1119 
1120 static const TypeInfo mos6522_q800_via1_type_info = {
1121     .name = TYPE_MOS6522_Q800_VIA1,
1122     .parent = TYPE_MOS6522,
1123     .instance_size = sizeof(MOS6522Q800VIA1State),
1124     .instance_init = mos6522_q800_via1_init,
1125     .class_init = mos6522_q800_via1_class_init,
1126 };
1127 
1128 /* VIA 2 */
1129 static void mos6522_q800_via2_portB_write(MOS6522State *s)
1130 {
1131     if (s->dirb & VIA2B_vPower && (s->b & VIA2B_vPower) == 0) {
1132         /* shutdown */
1133         qemu_system_shutdown_request(SHUTDOWN_CAUSE_GUEST_SHUTDOWN);
1134     }
1135 }
1136 
1137 static void mos6522_q800_via2_reset(DeviceState *dev)
1138 {
1139     MOS6522State *ms = MOS6522(dev);
1140     MOS6522DeviceClass *mdc = MOS6522_GET_CLASS(ms);
1141 
1142     mdc->parent_reset(dev);
1143 
1144     ms->timers[0].frequency = VIA_TIMER_FREQ;
1145     ms->timers[1].frequency = VIA_TIMER_FREQ;
1146 
1147     ms->dirb = 0;
1148     ms->b = 0;
1149     ms->dira = 0;
1150     ms->a = 0x7f;
1151 }
1152 
1153 static void via2_nubus_irq_request(void *opaque, int irq, int level)
1154 {
1155     MOS6522Q800VIA2State *v2s = opaque;
1156     MOS6522State *s = MOS6522(v2s);
1157     MOS6522DeviceClass *mdc = MOS6522_GET_CLASS(s);
1158 
1159     if (level) {
1160         /* Port A nubus IRQ inputs are active LOW */
1161         s->a &= ~(1 << irq);
1162         s->ifr |= 1 << VIA2_IRQ_NUBUS_BIT;
1163     } else {
1164         s->a |= (1 << irq);
1165         s->ifr &= ~(1 << VIA2_IRQ_NUBUS_BIT);
1166     }
1167 
1168     mdc->update_irq(s);
1169 }
1170 
1171 static void mos6522_q800_via2_init(Object *obj)
1172 {
1173     MOS6522Q800VIA2State *v2s = MOS6522_Q800_VIA2(obj);
1174     SysBusDevice *sbd = SYS_BUS_DEVICE(v2s);
1175 
1176     memory_region_init_io(&v2s->via_mem, obj, &mos6522_q800_via2_ops, v2s,
1177                           "via2", VIA_SIZE);
1178     sysbus_init_mmio(sbd, &v2s->via_mem);
1179 
1180     qdev_init_gpio_in(DEVICE(obj), via2_irq_request, VIA2_IRQ_NB);
1181 
1182     qdev_init_gpio_in_named(DEVICE(obj), via2_nubus_irq_request, "nubus-irq",
1183                             VIA2_NUBUS_IRQ_NB);
1184 }
1185 
1186 static const VMStateDescription vmstate_q800_via2 = {
1187     .name = "q800-via2",
1188     .version_id = 0,
1189     .minimum_version_id = 0,
1190     .fields = (VMStateField[]) {
1191         VMSTATE_STRUCT(parent_obj, MOS6522Q800VIA2State, 0, vmstate_mos6522,
1192                        MOS6522State),
1193         VMSTATE_END_OF_LIST()
1194     }
1195 };
1196 
1197 static void mos6522_q800_via2_class_init(ObjectClass *oc, void *data)
1198 {
1199     DeviceClass *dc = DEVICE_CLASS(oc);
1200     MOS6522DeviceClass *mdc = MOS6522_CLASS(oc);
1201 
1202     dc->reset = mos6522_q800_via2_reset;
1203     dc->vmsd = &vmstate_q800_via2;
1204     mdc->portB_write = mos6522_q800_via2_portB_write;
1205 }
1206 
1207 static const TypeInfo mos6522_q800_via2_type_info = {
1208     .name = TYPE_MOS6522_Q800_VIA2,
1209     .parent = TYPE_MOS6522,
1210     .instance_size = sizeof(MOS6522Q800VIA2State),
1211     .instance_init = mos6522_q800_via2_init,
1212     .class_init = mos6522_q800_via2_class_init,
1213 };
1214 
1215 static void mac_via_register_types(void)
1216 {
1217     type_register_static(&mos6522_q800_via1_type_info);
1218     type_register_static(&mos6522_q800_via2_type_info);
1219 }
1220 
1221 type_init(mac_via_register_types);
1222