xref: /openbmc/qemu/hw/misc/mac_via.c (revision 75c5bb0b)
1 /*
2  * QEMU m68k Macintosh VIA device support
3  *
4  * Copyright (c) 2011-2018 Laurent Vivier
5  * Copyright (c) 2018 Mark Cave-Ayland
6  *
7  * Some parts from hw/misc/macio/cuda.c
8  *
9  * Copyright (c) 2004-2007 Fabrice Bellard
10  * Copyright (c) 2007 Jocelyn Mayer
11  *
12  * some parts from linux-2.6.29, arch/m68k/include/asm/mac_via.h
13  *
14  * This work is licensed under the terms of the GNU GPL, version 2 or later.
15  * See the COPYING file in the top-level directory.
16  */
17 
18 #include "qemu/osdep.h"
19 #include "qemu-common.h"
20 #include "migration/vmstate.h"
21 #include "hw/sysbus.h"
22 #include "hw/irq.h"
23 #include "qemu/timer.h"
24 #include "hw/misc/mac_via.h"
25 #include "hw/misc/mos6522.h"
26 #include "hw/input/adb.h"
27 #include "sysemu/runstate.h"
28 #include "qapi/error.h"
29 #include "qemu/cutils.h"
30 
31 
32 /*
33  * VIAs: There are two in every machine,
34  */
35 
36 #define VIA_SIZE (0x2000)
37 
38 /*
39  * Not all of these are true post MacII I think.
40  * CSA: probably the ones CHRP marks as 'unused' change purposes
41  * when the IWM becomes the SWIM.
42  * http://www.rs6000.ibm.com/resource/technology/chrpio/via5.mak.html
43  * ftp://ftp.austin.ibm.com/pub/technology/spec/chrp/inwork/CHRP_IORef_1.0.pdf
44  *
45  * also, http://developer.apple.com/technotes/hw/hw_09.html claims the
46  * following changes for IIfx:
47  * VIA1A_vSccWrReq not available and that VIA1A_vSync has moved to an IOP.
48  * Also, "All of the functionality of VIA2 has been moved to other chips".
49  */
50 
51 #define VIA1A_vSccWrReq 0x80   /*
52                                 * SCC write. (input)
53                                 * [CHRP] SCC WREQ: Reflects the state of the
54                                 * Wait/Request pins from the SCC.
55                                 * [Macintosh Family Hardware]
56                                 * as CHRP on SE/30,II,IIx,IIcx,IIci.
57                                 * on IIfx, "0 means an active request"
58                                 */
59 #define VIA1A_vRev8     0x40   /*
60                                 * Revision 8 board ???
61                                 * [CHRP] En WaitReqB: Lets the WaitReq_L
62                                 * signal from port B of the SCC appear on
63                                 * the PA7 input pin. Output.
64                                 * [Macintosh Family] On the SE/30, this
65                                 * is the bit to flip screen buffers.
66                                 * 0=alternate, 1=main.
67                                 * on II,IIx,IIcx,IIci,IIfx this is a bit
68                                 * for Rev ID. 0=II,IIx, 1=IIcx,IIci,IIfx
69                                 */
70 #define VIA1A_vHeadSel  0x20   /*
71                                 * Head select for IWM.
72                                 * [CHRP] unused.
73                                 * [Macintosh Family] "Floppy disk
74                                 * state-control line SEL" on all but IIfx
75                                 */
76 #define VIA1A_vOverlay  0x10   /*
77                                 * [Macintosh Family] On SE/30,II,IIx,IIcx
78                                 * this bit enables the "Overlay" address
79                                 * map in the address decoders as it is on
80                                 * reset for mapping the ROM over the reset
81                                 * vector. 1=use overlay map.
82                                 * On the IIci,IIfx it is another bit of the
83                                 * CPU ID: 0=normal IIci, 1=IIci with parity
84                                 * feature or IIfx.
85                                 * [CHRP] En WaitReqA: Lets the WaitReq_L
86                                 * signal from port A of the SCC appear
87                                 * on the PA7 input pin (CHRP). Output.
88                                 * [MkLinux] "Drive Select"
89                                 *  (with 0x20 being 'disk head select')
90                                 */
91 #define VIA1A_vSync     0x08   /*
92                                 * [CHRP] Sync Modem: modem clock select:
93                                 * 1: select the external serial clock to
94                                 *    drive the SCC's /RTxCA pin.
95                                 * 0: Select the 3.6864MHz clock to drive
96                                 *    the SCC cell.
97                                 * [Macintosh Family] Correct on all but IIfx
98                                 */
99 
100 /*
101  * Macintosh Family Hardware sez: bits 0-2 of VIA1A are volume control
102  * on Macs which had the PWM sound hardware.  Reserved on newer models.
103  * On IIci,IIfx, bits 1-2 are the rest of the CPU ID:
104  * bit 2: 1=IIci, 0=IIfx
105  * bit 1: 1 on both IIci and IIfx.
106  * MkLinux sez bit 0 is 'burnin flag' in this case.
107  * CHRP sez: VIA1A bits 0-2 and 5 are 'unused': if programmed as
108  * inputs, these bits will read 0.
109  */
110 #define VIA1A_vVolume   0x07    /* Audio volume mask for PWM */
111 #define VIA1A_CPUID0    0x02    /* CPU id bit 0 on RBV, others */
112 #define VIA1A_CPUID1    0x04    /* CPU id bit 0 on RBV, others */
113 #define VIA1A_CPUID2    0x10    /* CPU id bit 0 on RBV, others */
114 #define VIA1A_CPUID3    0x40    /* CPU id bit 0 on RBV, others */
115 
116 /*
117  * Info on VIA1B is from Macintosh Family Hardware & MkLinux.
118  * CHRP offers no info.
119  */
120 #define VIA1B_vSound   0x80    /*
121                                 * Sound enable (for compatibility with
122                                 * PWM hardware) 0=enabled.
123                                 * Also, on IIci w/parity, shows parity error
124                                 * 0=error, 1=OK.
125                                 */
126 #define VIA1B_vMystery 0x40    /*
127                                 * On IIci, parity enable. 0=enabled,1=disabled
128                                 * On SE/30, vertical sync interrupt enable.
129                                 * 0=enabled. This vSync interrupt shows up
130                                 * as a slot $E interrupt.
131                                 */
132 #define VIA1B_vADBS2   0x20    /* ADB state input bit 1 (unused on IIfx) */
133 #define VIA1B_vADBS1   0x10    /* ADB state input bit 0 (unused on IIfx) */
134 #define VIA1B_vADBInt  0x08    /* ADB interrupt 0=interrupt (unused on IIfx)*/
135 #define VIA1B_vRTCEnb  0x04    /* Enable Real time clock. 0=enabled. */
136 #define VIA1B_vRTCClk  0x02    /* Real time clock serial-clock line. */
137 #define VIA1B_vRTCData 0x01    /* Real time clock serial-data line. */
138 
139 /*
140  *    VIA2 A register is the interrupt lines raised off the nubus
141  *    slots.
142  *      The below info is from 'Macintosh Family Hardware.'
143  *      MkLinux calls the 'IIci internal video IRQ' below the 'RBV slot 0 irq.'
144  *      It also notes that the slot $9 IRQ is the 'Ethernet IRQ' and
145  *      defines the 'Video IRQ' as 0x40 for the 'EVR' VIA work-alike.
146  *      Perhaps OSS uses vRAM1 and vRAM2 for ADB.
147  */
148 
149 #define VIA2A_vRAM1    0x80    /* RAM size bit 1 (IIci: reserved) */
150 #define VIA2A_vRAM0    0x40    /* RAM size bit 0 (IIci: internal video IRQ) */
151 #define VIA2A_vIRQE    0x20    /* IRQ from slot $E */
152 #define VIA2A_vIRQD    0x10    /* IRQ from slot $D */
153 #define VIA2A_vIRQC    0x08    /* IRQ from slot $C */
154 #define VIA2A_vIRQB    0x04    /* IRQ from slot $B */
155 #define VIA2A_vIRQA    0x02    /* IRQ from slot $A */
156 #define VIA2A_vIRQ9    0x01    /* IRQ from slot $9 */
157 
158 /*
159  * RAM size bits decoded as follows:
160  * bit1 bit0  size of ICs in bank A
161  *  0    0    256 kbit
162  *  0    1    1 Mbit
163  *  1    0    4 Mbit
164  *  1    1   16 Mbit
165  */
166 
167 /*
168  *    Register B has the fun stuff in it
169  */
170 
171 #define VIA2B_vVBL    0x80    /*
172                                * VBL output to VIA1 (60.15Hz) driven by
173                                * timer T1.
174                                * on IIci, parity test: 0=test mode.
175                                * [MkLinux] RBV_PARODD: 1=odd,0=even.
176                                */
177 #define VIA2B_vSndJck 0x40    /*
178                                * External sound jack status.
179                                * 0=plug is inserted.  On SE/30, always 0
180                                */
181 #define VIA2B_vTfr0   0x20    /* Transfer mode bit 0 ack from NuBus */
182 #define VIA2B_vTfr1   0x10    /* Transfer mode bit 1 ack from NuBus */
183 #define VIA2B_vMode32 0x08    /*
184                                * 24/32bit switch - doubles as cache flush
185                                * on II, AMU/PMMU control.
186                                *   if AMU, 0=24bit to 32bit translation
187                                *   if PMMU, 1=PMMU is accessing page table.
188                                * on SE/30 tied low.
189                                * on IIx,IIcx,IIfx, unused.
190                                * on IIci/RBV, cache control. 0=flush cache.
191                                */
192 #define VIA2B_vPower  0x04   /*
193                               * Power off, 0=shut off power.
194                               * on SE/30 this signal sent to PDS card.
195                               */
196 #define VIA2B_vBusLk  0x02   /*
197                               * Lock NuBus transactions, 0=locked.
198                               * on SE/30 sent to PDS card.
199                               */
200 #define VIA2B_vCDis   0x01   /*
201                               * Cache control. On IIci, 1=disable cache card
202                               * on others, 0=disable processor's instruction
203                               * and data caches.
204                               */
205 
206 /* interrupt flags */
207 
208 #define IRQ_SET         0x80
209 
210 /* common */
211 
212 #define VIA_IRQ_TIMER1      0x40
213 #define VIA_IRQ_TIMER2      0x20
214 
215 /*
216  * Apple sez: http://developer.apple.com/technotes/ov/ov_04.html
217  * Another example of a valid function that has no ROM support is the use
218  * of the alternate video page for page-flipping animation. Since there
219  * is no ROM call to flip pages, it is necessary to go play with the
220  * right bit in the VIA chip (6522 Versatile Interface Adapter).
221  * [CSA: don't know which one this is, but it's one of 'em!]
222  */
223 
224 /*
225  *    6522 registers - see databook.
226  * CSA: Assignments for VIA1 confirmed from CHRP spec.
227  */
228 
229 /* partial address decode.  0xYYXX : XX part for RBV, YY part for VIA */
230 /* Note: 15 VIA regs, 8 RBV regs */
231 
232 #define vBufB    0x0000  /* [VIA/RBV]  Register B */
233 #define vBufAH   0x0200  /* [VIA only] Buffer A, with handshake. DON'T USE! */
234 #define vDirB    0x0400  /* [VIA only] Data Direction Register B. */
235 #define vDirA    0x0600  /* [VIA only] Data Direction Register A. */
236 #define vT1CL    0x0800  /* [VIA only] Timer one counter low. */
237 #define vT1CH    0x0a00  /* [VIA only] Timer one counter high. */
238 #define vT1LL    0x0c00  /* [VIA only] Timer one latches low. */
239 #define vT1LH    0x0e00  /* [VIA only] Timer one latches high. */
240 #define vT2CL    0x1000  /* [VIA only] Timer two counter low. */
241 #define vT2CH    0x1200  /* [VIA only] Timer two counter high. */
242 #define vSR      0x1400  /* [VIA only] Shift register. */
243 #define vACR     0x1600  /* [VIA only] Auxilary control register. */
244 #define vPCR     0x1800  /* [VIA only] Peripheral control register. */
245                          /*
246                           *           CHRP sez never ever to *write* this.
247                           *            Mac family says never to *change* this.
248                           * In fact we need to initialize it once at start.
249                           */
250 #define vIFR     0x1a00  /* [VIA/RBV]  Interrupt flag register. */
251 #define vIER     0x1c00  /* [VIA/RBV]  Interrupt enable register. */
252 #define vBufA    0x1e00  /* [VIA/RBV] register A (no handshake) */
253 
254 /* from linux 2.6 drivers/macintosh/via-macii.c */
255 
256 /* Bits in ACR */
257 
258 #define VIA1ACR_vShiftCtrl         0x1c        /* Shift register control bits */
259 #define VIA1ACR_vShiftExtClk       0x0c        /* Shift on external clock */
260 #define VIA1ACR_vShiftOut          0x10        /* Shift out if 1 */
261 
262 /*
263  * Apple Macintosh Family Hardware Refenece
264  * Table 19-10 ADB transaction states
265  */
266 
267 #define ADB_STATE_NEW       0
268 #define ADB_STATE_EVEN      1
269 #define ADB_STATE_ODD       2
270 #define ADB_STATE_IDLE      3
271 
272 #define VIA1B_vADB_StateMask    (VIA1B_vADBS1 | VIA1B_vADBS2)
273 #define VIA1B_vADB_StateShift   4
274 
275 #define VIA_TIMER_FREQ (783360)
276 #define VIA_ADB_POLL_FREQ 50 /* XXX: not real */
277 
278 /* VIA returns time offset from Jan 1, 1904, not 1970 */
279 #define RTC_OFFSET 2082844800
280 
281 static void via1_VBL_update(MOS6522Q800VIA1State *v1s)
282 {
283     MOS6522State *s = MOS6522(v1s);
284 
285     /* 60 Hz irq */
286     v1s->next_VBL = (qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) + 16630) /
287                     16630 * 16630;
288 
289     if (s->ier & VIA1_IRQ_VBLANK) {
290         timer_mod(v1s->VBL_timer, v1s->next_VBL);
291     } else {
292         timer_del(v1s->VBL_timer);
293     }
294 }
295 
296 static void via1_one_second_update(MOS6522Q800VIA1State *v1s)
297 {
298     MOS6522State *s = MOS6522(v1s);
299 
300     v1s->next_second = (qemu_clock_get_ms(QEMU_CLOCK_VIRTUAL) + 1000) /
301                        1000 * 1000;
302     if (s->ier & VIA1_IRQ_ONE_SECOND) {
303         timer_mod(v1s->one_second_timer, v1s->next_second);
304     } else {
305         timer_del(v1s->one_second_timer);
306     }
307 }
308 
309 static void via1_VBL(void *opaque)
310 {
311     MOS6522Q800VIA1State *v1s = opaque;
312     MOS6522State *s = MOS6522(v1s);
313     MOS6522DeviceClass *mdc = MOS6522_DEVICE_GET_CLASS(s);
314 
315     s->ifr |= VIA1_IRQ_VBLANK;
316     mdc->update_irq(s);
317 
318     via1_VBL_update(v1s);
319 }
320 
321 static void via1_one_second(void *opaque)
322 {
323     MOS6522Q800VIA1State *v1s = opaque;
324     MOS6522State *s = MOS6522(v1s);
325     MOS6522DeviceClass *mdc = MOS6522_DEVICE_GET_CLASS(s);
326 
327     s->ifr |= VIA1_IRQ_ONE_SECOND;
328     mdc->update_irq(s);
329 
330     via1_one_second_update(v1s);
331 }
332 
333 static void via1_irq_request(void *opaque, int irq, int level)
334 {
335     MOS6522Q800VIA1State *v1s = opaque;
336     MOS6522State *s = MOS6522(v1s);
337     MOS6522DeviceClass *mdc = MOS6522_DEVICE_GET_CLASS(s);
338 
339     if (level) {
340         s->ifr |= 1 << irq;
341     } else {
342         s->ifr &= ~(1 << irq);
343     }
344 
345     mdc->update_irq(s);
346 }
347 
348 static void via2_irq_request(void *opaque, int irq, int level)
349 {
350     MOS6522Q800VIA2State *v2s = opaque;
351     MOS6522State *s = MOS6522(v2s);
352     MOS6522DeviceClass *mdc = MOS6522_DEVICE_GET_CLASS(s);
353 
354     if (level) {
355         s->ifr |= 1 << irq;
356     } else {
357         s->ifr &= ~(1 << irq);
358     }
359 
360     mdc->update_irq(s);
361 }
362 
363 static void via1_rtc_update(MacVIAState *m)
364 {
365     MOS6522Q800VIA1State *v1s = &m->mos6522_via1;
366     MOS6522State *s = MOS6522(v1s);
367 
368     if (s->b & VIA1B_vRTCEnb) {
369         return;
370     }
371 
372     if (s->dirb & VIA1B_vRTCData) {
373         /* send bits to the RTC */
374         if (!(v1s->last_b & VIA1B_vRTCClk) && (s->b & VIA1B_vRTCClk)) {
375             m->data_out <<= 1;
376             m->data_out |= s->b & VIA1B_vRTCData;
377             m->data_out_cnt++;
378         }
379     } else {
380         /* receive bits from the RTC */
381         if ((v1s->last_b & VIA1B_vRTCClk) &&
382             !(s->b & VIA1B_vRTCClk) &&
383             m->data_in_cnt) {
384             s->b = (s->b & ~VIA1B_vRTCData) |
385                    ((m->data_in >> 7) & VIA1B_vRTCData);
386             m->data_in <<= 1;
387             m->data_in_cnt--;
388         }
389     }
390 
391     if (m->data_out_cnt == 8) {
392         m->data_out_cnt = 0;
393 
394         if (m->cmd == 0) {
395             if (m->data_out & 0x80) {
396                 /* this is a read command */
397                 uint32_t time = m->tick_offset +
398                                (qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) /
399                                NANOSECONDS_PER_SECOND);
400                 if (m->data_out == 0x81) {        /* seconds register 0 */
401                     m->data_in = time & 0xff;
402                     m->data_in_cnt = 8;
403                 } else if (m->data_out == 0x85) { /* seconds register 1 */
404                     m->data_in = (time >> 8) & 0xff;
405                     m->data_in_cnt = 8;
406                 } else if (m->data_out == 0x89) { /* seconds register 2 */
407                     m->data_in = (time >> 16) & 0xff;
408                     m->data_in_cnt = 8;
409                 } else if (m->data_out == 0x8d) { /* seconds register 3 */
410                     m->data_in = (time >> 24) & 0xff;
411                     m->data_in_cnt = 8;
412                 } else if ((m->data_out & 0xf3) == 0xa1) {
413                     /* PRAM address 0x10 -> 0x13 */
414                     int addr = (m->data_out >> 2) & 0x03;
415                     m->data_in = v1s->PRAM[addr];
416                     m->data_in_cnt = 8;
417                 } else if ((m->data_out & 0xf3) == 0xa1) {
418                     /* PRAM address 0x00 -> 0x0f */
419                     int addr = (m->data_out >> 2) & 0x0f;
420                     m->data_in = v1s->PRAM[addr];
421                     m->data_in_cnt = 8;
422                 } else if ((m->data_out & 0xf8) == 0xb8) {
423                     /* extended memory designator and sector number */
424                     m->cmd = m->data_out;
425                 }
426             } else {
427                 /* this is a write command */
428                 m->cmd = m->data_out;
429             }
430         } else {
431             if (m->cmd & 0x80) {
432                 if ((m->cmd & 0xf8) == 0xb8) {
433                     /* extended memory designator and sector number */
434                     int sector = m->cmd & 0x07;
435                     int addr = (m->data_out >> 2) & 0x1f;
436 
437                     m->data_in = v1s->PRAM[sector * 8 + addr];
438                     m->data_in_cnt = 8;
439                 }
440             } else if (!m->wprotect) {
441                 /* this is a write command */
442                 if (m->alt != 0) {
443                     /* extended memory designator and sector number */
444                     int sector = m->cmd & 0x07;
445                     int addr = (m->alt >> 2) & 0x1f;
446 
447                     v1s->PRAM[sector * 8 + addr] = m->data_out;
448 
449                     m->alt = 0;
450                 } else if (m->cmd == 0x01) { /* seconds register 0 */
451                     /* FIXME */
452                 } else if (m->cmd == 0x05) { /* seconds register 1 */
453                     /* FIXME */
454                 } else if (m->cmd == 0x09) { /* seconds register 2 */
455                     /* FIXME */
456                 } else if (m->cmd == 0x0d) { /* seconds register 3 */
457                     /* FIXME */
458                 } else if (m->cmd == 0x31) {
459                     /* Test Register */
460                 } else if (m->cmd == 0x35) {
461                     /* Write Protect register */
462                     m->wprotect = m->data_out & 1;
463                 } else if ((m->cmd & 0xf3) == 0xa1) {
464                     /* PRAM address 0x10 -> 0x13 */
465                     int addr = (m->cmd >> 2) & 0x03;
466                     v1s->PRAM[addr] = m->data_out;
467                 } else if ((m->cmd & 0xf3) == 0xa1) {
468                     /* PRAM address 0x00 -> 0x0f */
469                     int addr = (m->cmd >> 2) & 0x0f;
470                     v1s->PRAM[addr] = m->data_out;
471                 } else if ((m->cmd & 0xf8) == 0xb8) {
472                     /* extended memory designator and sector number */
473                     m->alt = m->cmd;
474                 }
475             }
476         }
477         m->data_out = 0;
478     }
479 }
480 
481 static int adb_via_poll(MacVIAState *s, int state, uint8_t *data)
482 {
483     if (state != ADB_STATE_IDLE) {
484         return 0;
485     }
486 
487     if (s->adb_data_in_size < s->adb_data_in_index) {
488         return 0;
489     }
490 
491     if (s->adb_data_out_index != 0) {
492         return 0;
493     }
494 
495     s->adb_data_in_index = 0;
496     s->adb_data_out_index = 0;
497     s->adb_data_in_size = adb_poll(&s->adb_bus, s->adb_data_in, 0xffff);
498 
499     if (s->adb_data_in_size) {
500         *data = s->adb_data_in[s->adb_data_in_index++];
501         qemu_irq_raise(s->adb_data_ready);
502     }
503 
504     return s->adb_data_in_size;
505 }
506 
507 static int adb_via_send(MacVIAState *s, int state, uint8_t data)
508 {
509     switch (state) {
510     case ADB_STATE_NEW:
511         s->adb_data_out_index = 0;
512         break;
513     case ADB_STATE_EVEN:
514         if ((s->adb_data_out_index & 1) == 0) {
515             return 0;
516         }
517         break;
518     case ADB_STATE_ODD:
519         if (s->adb_data_out_index & 1) {
520             return 0;
521         }
522         break;
523     case ADB_STATE_IDLE:
524         return 0;
525     }
526 
527     assert(s->adb_data_out_index < sizeof(s->adb_data_out) - 1);
528 
529     s->adb_data_out[s->adb_data_out_index++] = data;
530     qemu_irq_raise(s->adb_data_ready);
531     return 1;
532 }
533 
534 static int adb_via_receive(MacVIAState *s, int state, uint8_t *data)
535 {
536     switch (state) {
537     case ADB_STATE_NEW:
538         return 0;
539 
540     case ADB_STATE_EVEN:
541         if (s->adb_data_in_size <= 0) {
542             qemu_irq_raise(s->adb_data_ready);
543             return 0;
544         }
545 
546         if (s->adb_data_in_index >= s->adb_data_in_size) {
547             *data = 0;
548             qemu_irq_raise(s->adb_data_ready);
549             return 1;
550         }
551 
552         if ((s->adb_data_in_index & 1) == 0) {
553             return 0;
554         }
555 
556         break;
557 
558     case ADB_STATE_ODD:
559         if (s->adb_data_in_size <= 0) {
560             qemu_irq_raise(s->adb_data_ready);
561             return 0;
562         }
563 
564         if (s->adb_data_in_index >= s->adb_data_in_size) {
565             *data = 0;
566             qemu_irq_raise(s->adb_data_ready);
567             return 1;
568         }
569 
570         if (s->adb_data_in_index & 1) {
571             return 0;
572         }
573 
574         break;
575 
576     case ADB_STATE_IDLE:
577         if (s->adb_data_out_index == 0) {
578             return 0;
579         }
580 
581         s->adb_data_in_size = adb_request(&s->adb_bus, s->adb_data_in,
582                                           s->adb_data_out,
583                                           s->adb_data_out_index);
584         s->adb_data_out_index = 0;
585         s->adb_data_in_index = 0;
586         if (s->adb_data_in_size < 0) {
587             *data = 0xff;
588             qemu_irq_raise(s->adb_data_ready);
589             return -1;
590         }
591 
592         if (s->adb_data_in_size == 0) {
593             return 0;
594         }
595 
596         break;
597     }
598 
599     assert(s->adb_data_in_index < sizeof(s->adb_data_in) - 1);
600 
601     *data = s->adb_data_in[s->adb_data_in_index++];
602     qemu_irq_raise(s->adb_data_ready);
603     if (*data == 0xff || *data == 0) {
604         return 0;
605     }
606     return 1;
607 }
608 
609 static void via1_adb_update(MacVIAState *m)
610 {
611     MOS6522Q800VIA1State *v1s = MOS6522_Q800_VIA1(&m->mos6522_via1);
612     MOS6522State *s = MOS6522(v1s);
613     int state;
614     int ret;
615 
616     state = (s->b & VIA1B_vADB_StateMask) >> VIA1B_vADB_StateShift;
617 
618     if (s->acr & VIA1ACR_vShiftOut) {
619         /* output mode */
620         ret = adb_via_send(m, state, s->sr);
621         if (ret > 0) {
622             s->b &= ~VIA1B_vADBInt;
623         } else {
624             s->b |= VIA1B_vADBInt;
625         }
626     } else {
627         /* input mode */
628         ret = adb_via_receive(m, state, &s->sr);
629         if (ret > 0 && s->sr != 0xff) {
630             s->b &= ~VIA1B_vADBInt;
631         } else {
632             s->b |= VIA1B_vADBInt;
633         }
634     }
635 }
636 
637 static void via_adb_poll(void *opaque)
638 {
639     MacVIAState *m = opaque;
640     MOS6522Q800VIA1State *v1s = MOS6522_Q800_VIA1(&m->mos6522_via1);
641     MOS6522State *s = MOS6522(v1s);
642     int state;
643 
644     if (s->b & VIA1B_vADBInt) {
645         state = (s->b & VIA1B_vADB_StateMask) >> VIA1B_vADB_StateShift;
646         if (adb_via_poll(m, state, &s->sr)) {
647             s->b &= ~VIA1B_vADBInt;
648         }
649     }
650 
651     timer_mod(m->adb_poll_timer,
652               qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) +
653               (NANOSECONDS_PER_SECOND / VIA_ADB_POLL_FREQ));
654 }
655 
656 static uint64_t mos6522_q800_via1_read(void *opaque, hwaddr addr, unsigned size)
657 {
658     MOS6522Q800VIA1State *s = MOS6522_Q800_VIA1(opaque);
659     MOS6522State *ms = MOS6522(s);
660     int64_t now = qemu_clock_get_ms(QEMU_CLOCK_VIRTUAL);
661 
662     /*
663      * If IRQs are disabled, timers are disabled, but we need to update
664      * VIA1_IRQ_VBLANK and VIA1_IRQ_ONE_SECOND bits in the IFR
665      */
666 
667     if (now >= s->next_VBL) {
668         ms->ifr |= VIA1_IRQ_VBLANK;
669         via1_VBL_update(s);
670     }
671     if (now >= s->next_second) {
672         ms->ifr |= VIA1_IRQ_ONE_SECOND;
673         via1_one_second_update(s);
674     }
675 
676     addr = (addr >> 9) & 0xf;
677     return mos6522_read(ms, addr, size);
678 }
679 
680 static void mos6522_q800_via1_write(void *opaque, hwaddr addr, uint64_t val,
681                                     unsigned size)
682 {
683     MOS6522Q800VIA1State *v1s = MOS6522_Q800_VIA1(opaque);
684     MOS6522State *ms = MOS6522(v1s);
685 
686     addr = (addr >> 9) & 0xf;
687     mos6522_write(ms, addr, val, size);
688 
689     via1_one_second_update(v1s);
690     via1_VBL_update(v1s);
691 }
692 
693 static const MemoryRegionOps mos6522_q800_via1_ops = {
694     .read = mos6522_q800_via1_read,
695     .write = mos6522_q800_via1_write,
696     .endianness = DEVICE_BIG_ENDIAN,
697     .valid = {
698         .min_access_size = 1,
699         .max_access_size = 1,
700     },
701 };
702 
703 static uint64_t mos6522_q800_via2_read(void *opaque, hwaddr addr, unsigned size)
704 {
705     MOS6522Q800VIA2State *s = MOS6522_Q800_VIA2(opaque);
706     MOS6522State *ms = MOS6522(s);
707 
708     addr = (addr >> 9) & 0xf;
709     return mos6522_read(ms, addr, size);
710 }
711 
712 static void mos6522_q800_via2_write(void *opaque, hwaddr addr, uint64_t val,
713                                     unsigned size)
714 {
715     MOS6522Q800VIA2State *s = MOS6522_Q800_VIA2(opaque);
716     MOS6522State *ms = MOS6522(s);
717 
718     addr = (addr >> 9) & 0xf;
719     mos6522_write(ms, addr, val, size);
720 }
721 
722 static const MemoryRegionOps mos6522_q800_via2_ops = {
723     .read = mos6522_q800_via2_read,
724     .write = mos6522_q800_via2_write,
725     .endianness = DEVICE_BIG_ENDIAN,
726     .valid = {
727         .min_access_size = 1,
728         .max_access_size = 1,
729     },
730 };
731 
732 static void mac_via_reset(DeviceState *dev)
733 {
734     MacVIAState *m = MAC_VIA(dev);
735     MOS6522Q800VIA1State *v1s = &m->mos6522_via1;
736 
737     timer_mod(m->adb_poll_timer,
738               qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) +
739               (NANOSECONDS_PER_SECOND / VIA_ADB_POLL_FREQ));
740 
741     timer_del(v1s->VBL_timer);
742     v1s->next_VBL = 0;
743     timer_del(v1s->one_second_timer);
744     v1s->next_second = 0;
745 }
746 
747 static void mac_via_realize(DeviceState *dev, Error **errp)
748 {
749     MacVIAState *m = MAC_VIA(dev);
750     MOS6522State *ms;
751     struct tm tm;
752 
753     /* Init VIAs 1 and 2 */
754     sysbus_init_child_obj(OBJECT(dev), "via1", &m->mos6522_via1,
755                           sizeof(m->mos6522_via1), TYPE_MOS6522_Q800_VIA1);
756 
757     sysbus_init_child_obj(OBJECT(dev), "via2", &m->mos6522_via2,
758                           sizeof(m->mos6522_via2), TYPE_MOS6522_Q800_VIA2);
759 
760     /* Pass through mos6522 output IRQs */
761     ms = MOS6522(&m->mos6522_via1);
762     object_property_add_alias(OBJECT(dev), "irq[0]", OBJECT(ms),
763                               SYSBUS_DEVICE_GPIO_IRQ "[0]", &error_abort);
764     ms = MOS6522(&m->mos6522_via2);
765     object_property_add_alias(OBJECT(dev), "irq[1]", OBJECT(ms),
766                               SYSBUS_DEVICE_GPIO_IRQ "[0]", &error_abort);
767 
768     /* Pass through mos6522 input IRQs */
769     qdev_pass_gpios(DEVICE(&m->mos6522_via1), dev, "via1-irq");
770     qdev_pass_gpios(DEVICE(&m->mos6522_via2), dev, "via2-irq");
771 
772     /* VIA 1 */
773     m->mos6522_via1.one_second_timer = timer_new_ms(QEMU_CLOCK_VIRTUAL,
774                                                      via1_one_second,
775                                                      &m->mos6522_via1);
776     m->mos6522_via1.VBL_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, via1_VBL,
777                                               &m->mos6522_via1);
778 
779     qemu_get_timedate(&tm, 0);
780     m->tick_offset = (uint32_t)mktimegm(&tm) + RTC_OFFSET;
781 
782     m->adb_poll_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, via_adb_poll, m);
783     m->adb_data_ready = qdev_get_gpio_in_named(dev, "via1-irq",
784                                                VIA1_IRQ_ADB_READY_BIT);
785 }
786 
787 static void mac_via_init(Object *obj)
788 {
789     SysBusDevice *sbd = SYS_BUS_DEVICE(obj);
790     MacVIAState *m = MAC_VIA(obj);
791 
792     /* MMIO */
793     memory_region_init(&m->mmio, obj, "mac-via", 2 * VIA_SIZE);
794     sysbus_init_mmio(sbd, &m->mmio);
795 
796     memory_region_init_io(&m->via1mem, obj, &mos6522_q800_via1_ops,
797                           &m->mos6522_via1, "via1", VIA_SIZE);
798     memory_region_add_subregion(&m->mmio, 0x0, &m->via1mem);
799 
800     memory_region_init_io(&m->via2mem, obj, &mos6522_q800_via2_ops,
801                           &m->mos6522_via2, "via2", VIA_SIZE);
802     memory_region_add_subregion(&m->mmio, VIA_SIZE, &m->via2mem);
803 
804     /* ADB */
805     qbus_create_inplace((BusState *)&m->adb_bus, sizeof(m->adb_bus),
806                         TYPE_ADB_BUS, DEVICE(obj), "adb.0");
807 }
808 
809 static const VMStateDescription vmstate_mac_via = {
810     .name = "mac-via",
811     .version_id = 1,
812     .minimum_version_id = 1,
813     .fields = (VMStateField[]) {
814         /* VIAs */
815         VMSTATE_STRUCT(mos6522_via1.parent_obj, MacVIAState, 0, vmstate_mos6522,
816                        MOS6522State),
817         VMSTATE_UINT8(mos6522_via1.last_b, MacVIAState),
818         VMSTATE_BUFFER(mos6522_via1.PRAM, MacVIAState),
819         VMSTATE_TIMER_PTR(mos6522_via1.one_second_timer, MacVIAState),
820         VMSTATE_INT64(mos6522_via1.next_second, MacVIAState),
821         VMSTATE_TIMER_PTR(mos6522_via1.VBL_timer, MacVIAState),
822         VMSTATE_INT64(mos6522_via1.next_VBL, MacVIAState),
823         VMSTATE_STRUCT(mos6522_via2.parent_obj, MacVIAState, 0, vmstate_mos6522,
824                        MOS6522State),
825         /* RTC */
826         VMSTATE_UINT32(tick_offset, MacVIAState),
827         VMSTATE_UINT8(data_out, MacVIAState),
828         VMSTATE_INT32(data_out_cnt, MacVIAState),
829         VMSTATE_UINT8(data_in, MacVIAState),
830         VMSTATE_UINT8(data_in_cnt, MacVIAState),
831         VMSTATE_UINT8(cmd, MacVIAState),
832         VMSTATE_INT32(wprotect, MacVIAState),
833         VMSTATE_INT32(alt, MacVIAState),
834         /* ADB */
835         VMSTATE_TIMER_PTR(adb_poll_timer, MacVIAState),
836         VMSTATE_INT32(adb_data_in_size, MacVIAState),
837         VMSTATE_INT32(adb_data_in_index, MacVIAState),
838         VMSTATE_INT32(adb_data_out_index, MacVIAState),
839         VMSTATE_BUFFER(adb_data_in, MacVIAState),
840         VMSTATE_BUFFER(adb_data_out, MacVIAState),
841         VMSTATE_END_OF_LIST()
842     }
843 };
844 
845 static void mac_via_class_init(ObjectClass *oc, void *data)
846 {
847     DeviceClass *dc = DEVICE_CLASS(oc);
848 
849     dc->realize = mac_via_realize;
850     dc->reset = mac_via_reset;
851     dc->vmsd = &vmstate_mac_via;
852 }
853 
854 static TypeInfo mac_via_info = {
855     .name = TYPE_MAC_VIA,
856     .parent = TYPE_SYS_BUS_DEVICE,
857     .instance_size = sizeof(MacVIAState),
858     .instance_init = mac_via_init,
859     .class_init = mac_via_class_init,
860 };
861 
862 /* VIA 1 */
863 static void mos6522_q800_via1_portB_write(MOS6522State *s)
864 {
865     MOS6522Q800VIA1State *v1s = container_of(s, MOS6522Q800VIA1State,
866                                              parent_obj);
867     MacVIAState *m = container_of(v1s, MacVIAState, mos6522_via1);
868 
869     via1_rtc_update(m);
870     via1_adb_update(m);
871 
872     v1s->last_b = s->b;
873 }
874 
875 static void mos6522_q800_via1_reset(DeviceState *dev)
876 {
877     MOS6522State *ms = MOS6522(dev);
878     MOS6522DeviceClass *mdc = MOS6522_DEVICE_GET_CLASS(ms);
879 
880     mdc->parent_reset(dev);
881 
882     ms->timers[0].frequency = VIA_TIMER_FREQ;
883     ms->timers[1].frequency = VIA_TIMER_FREQ;
884 
885     ms->b = VIA1B_vADB_StateMask | VIA1B_vADBInt | VIA1B_vRTCEnb;
886 }
887 
888 static void mos6522_q800_via1_init(Object *obj)
889 {
890     qdev_init_gpio_in_named(DEVICE(obj), via1_irq_request, "via1-irq",
891                             VIA1_IRQ_NB);
892 }
893 
894 static void mos6522_q800_via1_class_init(ObjectClass *oc, void *data)
895 {
896     DeviceClass *dc = DEVICE_CLASS(oc);
897     MOS6522DeviceClass *mdc = MOS6522_DEVICE_CLASS(oc);
898 
899     dc->reset = mos6522_q800_via1_reset;
900     mdc->portB_write = mos6522_q800_via1_portB_write;
901 }
902 
903 static const TypeInfo mos6522_q800_via1_type_info = {
904     .name = TYPE_MOS6522_Q800_VIA1,
905     .parent = TYPE_MOS6522,
906     .instance_size = sizeof(MOS6522Q800VIA1State),
907     .instance_init = mos6522_q800_via1_init,
908     .class_init = mos6522_q800_via1_class_init,
909 };
910 
911 /* VIA 2 */
912 static void mos6522_q800_via2_portB_write(MOS6522State *s)
913 {
914     if (s->dirb & VIA2B_vPower && (s->b & VIA2B_vPower) == 0) {
915         /* shutdown */
916         qemu_system_shutdown_request(SHUTDOWN_CAUSE_GUEST_SHUTDOWN);
917     }
918 }
919 
920 static void mos6522_q800_via2_reset(DeviceState *dev)
921 {
922     MOS6522State *ms = MOS6522(dev);
923     MOS6522DeviceClass *mdc = MOS6522_DEVICE_GET_CLASS(ms);
924 
925     mdc->parent_reset(dev);
926 
927     ms->timers[0].frequency = VIA_TIMER_FREQ;
928     ms->timers[1].frequency = VIA_TIMER_FREQ;
929 
930     ms->dirb = 0;
931     ms->b = 0;
932 }
933 
934 static void mos6522_q800_via2_init(Object *obj)
935 {
936     qdev_init_gpio_in_named(DEVICE(obj), via2_irq_request, "via2-irq",
937                             VIA2_IRQ_NB);
938 }
939 
940 static void mos6522_q800_via2_class_init(ObjectClass *oc, void *data)
941 {
942     DeviceClass *dc = DEVICE_CLASS(oc);
943     MOS6522DeviceClass *mdc = MOS6522_DEVICE_CLASS(oc);
944 
945     dc->reset = mos6522_q800_via2_reset;
946     mdc->portB_write = mos6522_q800_via2_portB_write;
947 }
948 
949 static const TypeInfo mos6522_q800_via2_type_info = {
950     .name = TYPE_MOS6522_Q800_VIA2,
951     .parent = TYPE_MOS6522,
952     .instance_size = sizeof(MOS6522Q800VIA2State),
953     .instance_init = mos6522_q800_via2_init,
954     .class_init = mos6522_q800_via2_class_init,
955 };
956 
957 static void mac_via_register_types(void)
958 {
959     type_register_static(&mos6522_q800_via1_type_info);
960     type_register_static(&mos6522_q800_via2_type_info);
961     type_register_static(&mac_via_info);
962 }
963 
964 type_init(mac_via_register_types);
965