1 /* 2 * QEMU m68k Macintosh VIA device support 3 * 4 * Copyright (c) 2011-2018 Laurent Vivier 5 * Copyright (c) 2018 Mark Cave-Ayland 6 * 7 * Some parts from hw/misc/macio/cuda.c 8 * 9 * Copyright (c) 2004-2007 Fabrice Bellard 10 * Copyright (c) 2007 Jocelyn Mayer 11 * 12 * some parts from linux-2.6.29, arch/m68k/include/asm/mac_via.h 13 * 14 * This work is licensed under the terms of the GNU GPL, version 2 or later. 15 * See the COPYING file in the top-level directory. 16 */ 17 18 #include "qemu/osdep.h" 19 #include "exec/address-spaces.h" 20 #include "migration/vmstate.h" 21 #include "hw/sysbus.h" 22 #include "hw/irq.h" 23 #include "qemu/timer.h" 24 #include "hw/misc/mac_via.h" 25 #include "hw/misc/mos6522.h" 26 #include "hw/input/adb.h" 27 #include "sysemu/runstate.h" 28 #include "qapi/error.h" 29 #include "qemu/cutils.h" 30 #include "hw/qdev-properties.h" 31 #include "hw/qdev-properties-system.h" 32 #include "sysemu/block-backend.h" 33 #include "sysemu/rtc.h" 34 #include "trace.h" 35 #include "qemu/log.h" 36 37 /* 38 * VIAs: There are two in every machine 39 */ 40 41 /* 42 * Not all of these are true post MacII I think. 43 * CSA: probably the ones CHRP marks as 'unused' change purposes 44 * when the IWM becomes the SWIM. 45 * http://www.rs6000.ibm.com/resource/technology/chrpio/via5.mak.html 46 * ftp://ftp.austin.ibm.com/pub/technology/spec/chrp/inwork/CHRP_IORef_1.0.pdf 47 * 48 * also, http://developer.apple.com/technotes/hw/hw_09.html claims the 49 * following changes for IIfx: 50 * VIA1A_vSccWrReq not available and that VIA1A_vSync has moved to an IOP. 51 * Also, "All of the functionality of VIA2 has been moved to other chips". 52 */ 53 54 #define VIA1A_vSccWrReq 0x80 /* 55 * SCC write. (input) 56 * [CHRP] SCC WREQ: Reflects the state of the 57 * Wait/Request pins from the SCC. 58 * [Macintosh Family Hardware] 59 * as CHRP on SE/30,II,IIx,IIcx,IIci. 60 * on IIfx, "0 means an active request" 61 */ 62 #define VIA1A_vRev8 0x40 /* 63 * Revision 8 board ??? 64 * [CHRP] En WaitReqB: Lets the WaitReq_L 65 * signal from port B of the SCC appear on 66 * the PA7 input pin. Output. 67 * [Macintosh Family] On the SE/30, this 68 * is the bit to flip screen buffers. 69 * 0=alternate, 1=main. 70 * on II,IIx,IIcx,IIci,IIfx this is a bit 71 * for Rev ID. 0=II,IIx, 1=IIcx,IIci,IIfx 72 */ 73 #define VIA1A_vHeadSel 0x20 /* 74 * Head select for IWM. 75 * [CHRP] unused. 76 * [Macintosh Family] "Floppy disk 77 * state-control line SEL" on all but IIfx 78 */ 79 #define VIA1A_vOverlay 0x10 /* 80 * [Macintosh Family] On SE/30,II,IIx,IIcx 81 * this bit enables the "Overlay" address 82 * map in the address decoders as it is on 83 * reset for mapping the ROM over the reset 84 * vector. 1=use overlay map. 85 * On the IIci,IIfx it is another bit of the 86 * CPU ID: 0=normal IIci, 1=IIci with parity 87 * feature or IIfx. 88 * [CHRP] En WaitReqA: Lets the WaitReq_L 89 * signal from port A of the SCC appear 90 * on the PA7 input pin (CHRP). Output. 91 * [MkLinux] "Drive Select" 92 * (with 0x20 being 'disk head select') 93 */ 94 #define VIA1A_vSync 0x08 /* 95 * [CHRP] Sync Modem: modem clock select: 96 * 1: select the external serial clock to 97 * drive the SCC's /RTxCA pin. 98 * 0: Select the 3.6864MHz clock to drive 99 * the SCC cell. 100 * [Macintosh Family] Correct on all but IIfx 101 */ 102 103 /* 104 * Macintosh Family Hardware sez: bits 0-2 of VIA1A are volume control 105 * on Macs which had the PWM sound hardware. Reserved on newer models. 106 * On IIci,IIfx, bits 1-2 are the rest of the CPU ID: 107 * bit 2: 1=IIci, 0=IIfx 108 * bit 1: 1 on both IIci and IIfx. 109 * MkLinux sez bit 0 is 'burnin flag' in this case. 110 * CHRP sez: VIA1A bits 0-2 and 5 are 'unused': if programmed as 111 * inputs, these bits will read 0. 112 */ 113 #define VIA1A_vVolume 0x07 /* Audio volume mask for PWM */ 114 #define VIA1A_CPUID0 0x02 /* CPU id bit 0 on RBV, others */ 115 #define VIA1A_CPUID1 0x04 /* CPU id bit 0 on RBV, others */ 116 #define VIA1A_CPUID2 0x10 /* CPU id bit 0 on RBV, others */ 117 #define VIA1A_CPUID3 0x40 /* CPU id bit 0 on RBV, others */ 118 #define VIA1A_CPUID_MASK (VIA1A_CPUID0 | VIA1A_CPUID1 | \ 119 VIA1A_CPUID2 | VIA1A_CPUID3) 120 #define VIA1A_CPUID_Q800 (VIA1A_CPUID0 | VIA1A_CPUID2) 121 122 /* 123 * Info on VIA1B is from Macintosh Family Hardware & MkLinux. 124 * CHRP offers no info. 125 */ 126 #define VIA1B_vSound 0x80 /* 127 * Sound enable (for compatibility with 128 * PWM hardware) 0=enabled. 129 * Also, on IIci w/parity, shows parity error 130 * 0=error, 1=OK. 131 */ 132 #define VIA1B_vMystery 0x40 /* 133 * On IIci, parity enable. 0=enabled,1=disabled 134 * On SE/30, vertical sync interrupt enable. 135 * 0=enabled. This vSync interrupt shows up 136 * as a slot $E interrupt. 137 * On Quadra 800 this bit toggles A/UX mode which 138 * configures the glue logic to deliver some IRQs 139 * at different levels compared to a classic 140 * Mac. 141 */ 142 #define VIA1B_vADBS2 0x20 /* ADB state input bit 1 (unused on IIfx) */ 143 #define VIA1B_vADBS1 0x10 /* ADB state input bit 0 (unused on IIfx) */ 144 #define VIA1B_vADBInt 0x08 /* ADB interrupt 0=interrupt (unused on IIfx)*/ 145 #define VIA1B_vRTCEnb 0x04 /* Enable Real time clock. 0=enabled. */ 146 #define VIA1B_vRTCClk 0x02 /* Real time clock serial-clock line. */ 147 #define VIA1B_vRTCData 0x01 /* Real time clock serial-data line. */ 148 149 /* 150 * VIA2 A register is the interrupt lines raised off the nubus 151 * slots. 152 * The below info is from 'Macintosh Family Hardware.' 153 * MkLinux calls the 'IIci internal video IRQ' below the 'RBV slot 0 irq.' 154 * It also notes that the slot $9 IRQ is the 'Ethernet IRQ' and 155 * defines the 'Video IRQ' as 0x40 for the 'EVR' VIA work-alike. 156 * Perhaps OSS uses vRAM1 and vRAM2 for ADB. 157 */ 158 159 #define VIA2A_vRAM1 0x80 /* RAM size bit 1 (IIci: reserved) */ 160 #define VIA2A_vRAM0 0x40 /* RAM size bit 0 (IIci: internal video IRQ) */ 161 #define VIA2A_vIRQE 0x20 /* IRQ from slot $E */ 162 #define VIA2A_vIRQD 0x10 /* IRQ from slot $D */ 163 #define VIA2A_vIRQC 0x08 /* IRQ from slot $C */ 164 #define VIA2A_vIRQB 0x04 /* IRQ from slot $B */ 165 #define VIA2A_vIRQA 0x02 /* IRQ from slot $A */ 166 #define VIA2A_vIRQ9 0x01 /* IRQ from slot $9 */ 167 168 /* 169 * RAM size bits decoded as follows: 170 * bit1 bit0 size of ICs in bank A 171 * 0 0 256 kbit 172 * 0 1 1 Mbit 173 * 1 0 4 Mbit 174 * 1 1 16 Mbit 175 */ 176 177 /* 178 * Register B has the fun stuff in it 179 */ 180 181 #define VIA2B_vVBL 0x80 /* 182 * VBL output to VIA1 (60.15Hz) driven by 183 * timer T1. 184 * on IIci, parity test: 0=test mode. 185 * [MkLinux] RBV_PARODD: 1=odd,0=even. 186 */ 187 #define VIA2B_vSndJck 0x40 /* 188 * External sound jack status. 189 * 0=plug is inserted. On SE/30, always 0 190 */ 191 #define VIA2B_vTfr0 0x20 /* Transfer mode bit 0 ack from NuBus */ 192 #define VIA2B_vTfr1 0x10 /* Transfer mode bit 1 ack from NuBus */ 193 #define VIA2B_vMode32 0x08 /* 194 * 24/32bit switch - doubles as cache flush 195 * on II, AMU/PMMU control. 196 * if AMU, 0=24bit to 32bit translation 197 * if PMMU, 1=PMMU is accessing page table. 198 * on SE/30 tied low. 199 * on IIx,IIcx,IIfx, unused. 200 * on IIci/RBV, cache control. 0=flush cache. 201 */ 202 #define VIA2B_vPower 0x04 /* 203 * Power off, 0=shut off power. 204 * on SE/30 this signal sent to PDS card. 205 */ 206 #define VIA2B_vBusLk 0x02 /* 207 * Lock NuBus transactions, 0=locked. 208 * on SE/30 sent to PDS card. 209 */ 210 #define VIA2B_vCDis 0x01 /* 211 * Cache control. On IIci, 1=disable cache card 212 * on others, 0=disable processor's instruction 213 * and data caches. 214 */ 215 216 /* interrupt flags */ 217 218 #define IRQ_SET 0x80 219 220 /* common */ 221 222 #define VIA_IRQ_TIMER1 0x40 223 #define VIA_IRQ_TIMER2 0x20 224 225 /* 226 * Apple sez: http://developer.apple.com/technotes/ov/ov_04.html 227 * Another example of a valid function that has no ROM support is the use 228 * of the alternate video page for page-flipping animation. Since there 229 * is no ROM call to flip pages, it is necessary to go play with the 230 * right bit in the VIA chip (6522 Versatile Interface Adapter). 231 * [CSA: don't know which one this is, but it's one of 'em!] 232 */ 233 234 /* 235 * 6522 registers - see databook. 236 * CSA: Assignments for VIA1 confirmed from CHRP spec. 237 */ 238 239 /* partial address decode. 0xYYXX : XX part for RBV, YY part for VIA */ 240 /* Note: 15 VIA regs, 8 RBV regs */ 241 242 #define vBufB 0x0000 /* [VIA/RBV] Register B */ 243 #define vBufAH 0x0200 /* [VIA only] Buffer A, with handshake. DON'T USE! */ 244 #define vDirB 0x0400 /* [VIA only] Data Direction Register B. */ 245 #define vDirA 0x0600 /* [VIA only] Data Direction Register A. */ 246 #define vT1CL 0x0800 /* [VIA only] Timer one counter low. */ 247 #define vT1CH 0x0a00 /* [VIA only] Timer one counter high. */ 248 #define vT1LL 0x0c00 /* [VIA only] Timer one latches low. */ 249 #define vT1LH 0x0e00 /* [VIA only] Timer one latches high. */ 250 #define vT2CL 0x1000 /* [VIA only] Timer two counter low. */ 251 #define vT2CH 0x1200 /* [VIA only] Timer two counter high. */ 252 #define vSR 0x1400 /* [VIA only] Shift register. */ 253 #define vACR 0x1600 /* [VIA only] Auxiliary control register. */ 254 #define vPCR 0x1800 /* [VIA only] Peripheral control register. */ 255 /* 256 * CHRP sez never ever to *write* this. 257 * Mac family says never to *change* this. 258 * In fact we need to initialize it once at start. 259 */ 260 #define vIFR 0x1a00 /* [VIA/RBV] Interrupt flag register. */ 261 #define vIER 0x1c00 /* [VIA/RBV] Interrupt enable register. */ 262 #define vBufA 0x1e00 /* [VIA/RBV] register A (no handshake) */ 263 264 /* from linux 2.6 drivers/macintosh/via-macii.c */ 265 266 /* Bits in ACR */ 267 268 #define VIA1ACR_vShiftCtrl 0x1c /* Shift register control bits */ 269 #define VIA1ACR_vShiftExtClk 0x0c /* Shift on external clock */ 270 #define VIA1ACR_vShiftOut 0x10 /* Shift out if 1 */ 271 272 /* 273 * Apple Macintosh Family Hardware Refenece 274 * Table 19-10 ADB transaction states 275 */ 276 277 #define ADB_STATE_NEW 0 278 #define ADB_STATE_EVEN 1 279 #define ADB_STATE_ODD 2 280 #define ADB_STATE_IDLE 3 281 282 #define VIA1B_vADB_StateMask (VIA1B_vADBS1 | VIA1B_vADBS2) 283 #define VIA1B_vADB_StateShift 4 284 285 #define VIA_TIMER_FREQ (783360) 286 #define VIA_ADB_POLL_FREQ 50 /* XXX: not real */ 287 288 /* 289 * Guide to the Macintosh Family Hardware ch. 12 "Displays" p. 401 gives the 290 * precise 60Hz interrupt frequency as ~60.15Hz with a period of 16625.8 us 291 */ 292 #define VIA_60HZ_TIMER_PERIOD_NS 16625800 293 294 /* VIA returns time offset from Jan 1, 1904, not 1970 */ 295 #define RTC_OFFSET 2082844800 296 297 enum { 298 REG_0, 299 REG_1, 300 REG_2, 301 REG_3, 302 REG_TEST, 303 REG_WPROTECT, 304 REG_PRAM_ADDR, 305 REG_PRAM_ADDR_LAST = REG_PRAM_ADDR + 19, 306 REG_PRAM_SECT, 307 REG_PRAM_SECT_LAST = REG_PRAM_SECT + 7, 308 REG_INVALID, 309 REG_EMPTY = 0xff, 310 }; 311 312 static void via1_sixty_hz_update(MOS6522Q800VIA1State *v1s) 313 { 314 /* 60 Hz irq */ 315 v1s->next_sixty_hz = (qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) + 316 VIA_60HZ_TIMER_PERIOD_NS) / 317 VIA_60HZ_TIMER_PERIOD_NS * VIA_60HZ_TIMER_PERIOD_NS; 318 timer_mod(v1s->sixty_hz_timer, v1s->next_sixty_hz); 319 } 320 321 static void via1_one_second_update(MOS6522Q800VIA1State *v1s) 322 { 323 v1s->next_second = (qemu_clock_get_ms(QEMU_CLOCK_VIRTUAL) + 1000) / 324 1000 * 1000; 325 timer_mod(v1s->one_second_timer, v1s->next_second); 326 } 327 328 static void via1_sixty_hz(void *opaque) 329 { 330 MOS6522Q800VIA1State *v1s = opaque; 331 MOS6522State *s = MOS6522(v1s); 332 qemu_irq irq = qdev_get_gpio_in(DEVICE(s), VIA1_IRQ_60HZ_BIT); 333 334 /* Negative edge trigger */ 335 qemu_irq_lower(irq); 336 qemu_irq_raise(irq); 337 338 via1_sixty_hz_update(v1s); 339 } 340 341 static void via1_one_second(void *opaque) 342 { 343 MOS6522Q800VIA1State *v1s = opaque; 344 MOS6522State *s = MOS6522(v1s); 345 qemu_irq irq = qdev_get_gpio_in(DEVICE(s), VIA1_IRQ_ONE_SECOND_BIT); 346 347 /* Negative edge trigger */ 348 qemu_irq_lower(irq); 349 qemu_irq_raise(irq); 350 351 via1_one_second_update(v1s); 352 } 353 354 355 static void pram_update(MOS6522Q800VIA1State *v1s) 356 { 357 if (v1s->blk) { 358 if (blk_pwrite(v1s->blk, 0, sizeof(v1s->PRAM), v1s->PRAM, 0) < 0) { 359 qemu_log("pram_update: cannot write to file\n"); 360 } 361 } 362 } 363 364 /* 365 * RTC Commands 366 * 367 * Command byte Register addressed by the command 368 * 369 * z00x0001 Seconds register 0 (lowest-order byte) 370 * z00x0101 Seconds register 1 371 * z00x1001 Seconds register 2 372 * z00x1101 Seconds register 3 (highest-order byte) 373 * 00110001 Test register (write-only) 374 * 00110101 Write-Protect Register (write-only) 375 * z010aa01 RAM address 100aa ($10-$13) (first 20 bytes only) 376 * z1aaaa01 RAM address 0aaaa ($00-$0F) (first 20 bytes only) 377 * z0111aaa Extended memory designator and sector number 378 * 379 * For a read request, z=1, for a write z=0 380 * The letter x indicates don't care 381 * The letter a indicates bits whose value depend on what parameter 382 * RAM byte you want to address 383 */ 384 static int via1_rtc_compact_cmd(uint8_t value) 385 { 386 uint8_t read = value & 0x80; 387 388 value &= 0x7f; 389 390 /* the last 2 bits of a command byte must always be 0b01 ... */ 391 if ((value & 0x78) == 0x38) { 392 /* except for the extended memory designator */ 393 return read | (REG_PRAM_SECT + (value & 0x07)); 394 } 395 if ((value & 0x03) == 0x01) { 396 value >>= 2; 397 if ((value & 0x18) == 0) { 398 /* seconds registers */ 399 return read | (REG_0 + (value & 0x03)); 400 } else if ((value == 0x0c) && !read) { 401 return REG_TEST; 402 } else if ((value == 0x0d) && !read) { 403 return REG_WPROTECT; 404 } else if ((value & 0x1c) == 0x08) { 405 /* RAM address 0x10 to 0x13 */ 406 return read | (REG_PRAM_ADDR + 0x10 + (value & 0x03)); 407 } else if ((value & 0x10) == 0x10) { 408 /* RAM address 0x00 to 0x0f */ 409 return read | (REG_PRAM_ADDR + (value & 0x0f)); 410 } 411 } 412 return REG_INVALID; 413 } 414 415 static void via1_rtc_update(MOS6522Q800VIA1State *v1s) 416 { 417 MOS6522State *s = MOS6522(v1s); 418 int cmd, sector, addr; 419 uint32_t time; 420 421 if (s->b & VIA1B_vRTCEnb) { 422 return; 423 } 424 425 if (s->dirb & VIA1B_vRTCData) { 426 /* send bits to the RTC */ 427 if (!(v1s->last_b & VIA1B_vRTCClk) && (s->b & VIA1B_vRTCClk)) { 428 v1s->data_out <<= 1; 429 v1s->data_out |= s->b & VIA1B_vRTCData; 430 v1s->data_out_cnt++; 431 } 432 trace_via1_rtc_update_data_out(v1s->data_out_cnt, v1s->data_out); 433 } else { 434 trace_via1_rtc_update_data_in(v1s->data_in_cnt, v1s->data_in); 435 /* receive bits from the RTC */ 436 if ((v1s->last_b & VIA1B_vRTCClk) && 437 !(s->b & VIA1B_vRTCClk) && 438 v1s->data_in_cnt) { 439 s->b = (s->b & ~VIA1B_vRTCData) | 440 ((v1s->data_in >> 7) & VIA1B_vRTCData); 441 v1s->data_in <<= 1; 442 v1s->data_in_cnt--; 443 } 444 return; 445 } 446 447 if (v1s->data_out_cnt != 8) { 448 return; 449 } 450 451 v1s->data_out_cnt = 0; 452 453 trace_via1_rtc_internal_status(v1s->cmd, v1s->alt, v1s->data_out); 454 /* first byte: it's a command */ 455 if (v1s->cmd == REG_EMPTY) { 456 457 cmd = via1_rtc_compact_cmd(v1s->data_out); 458 trace_via1_rtc_internal_cmd(cmd); 459 460 if (cmd == REG_INVALID) { 461 trace_via1_rtc_cmd_invalid(v1s->data_out); 462 return; 463 } 464 465 if (cmd & 0x80) { /* this is a read command */ 466 switch (cmd & 0x7f) { 467 case REG_0...REG_3: /* seconds registers */ 468 /* 469 * register 0 is lowest-order byte 470 * register 3 is highest-order byte 471 */ 472 473 time = v1s->tick_offset + (qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) 474 / NANOSECONDS_PER_SECOND); 475 trace_via1_rtc_internal_time(time); 476 v1s->data_in = (time >> ((cmd & 0x03) << 3)) & 0xff; 477 v1s->data_in_cnt = 8; 478 trace_via1_rtc_cmd_seconds_read((cmd & 0x7f) - REG_0, 479 v1s->data_in); 480 break; 481 case REG_PRAM_ADDR...REG_PRAM_ADDR_LAST: 482 /* PRAM address 0x00 -> 0x13 */ 483 v1s->data_in = v1s->PRAM[(cmd & 0x7f) - REG_PRAM_ADDR]; 484 v1s->data_in_cnt = 8; 485 trace_via1_rtc_cmd_pram_read((cmd & 0x7f) - REG_PRAM_ADDR, 486 v1s->data_in); 487 break; 488 case REG_PRAM_SECT...REG_PRAM_SECT_LAST: 489 /* 490 * extended memory designator and sector number 491 * the only two-byte read command 492 */ 493 trace_via1_rtc_internal_set_cmd(cmd); 494 v1s->cmd = cmd; 495 break; 496 default: 497 g_assert_not_reached(); 498 } 499 return; 500 } 501 502 /* this is a write command, needs a parameter */ 503 if (cmd == REG_WPROTECT || !v1s->wprotect) { 504 trace_via1_rtc_internal_set_cmd(cmd); 505 v1s->cmd = cmd; 506 } else { 507 trace_via1_rtc_internal_ignore_cmd(cmd); 508 } 509 return; 510 } 511 512 /* second byte: it's a parameter */ 513 if (v1s->alt == REG_EMPTY) { 514 switch (v1s->cmd & 0x7f) { 515 case REG_0...REG_3: /* seconds register */ 516 /* FIXME */ 517 trace_via1_rtc_cmd_seconds_write(v1s->cmd - REG_0, v1s->data_out); 518 v1s->cmd = REG_EMPTY; 519 break; 520 case REG_TEST: 521 /* device control: nothing to do */ 522 trace_via1_rtc_cmd_test_write(v1s->data_out); 523 v1s->cmd = REG_EMPTY; 524 break; 525 case REG_WPROTECT: 526 /* Write Protect register */ 527 trace_via1_rtc_cmd_wprotect_write(v1s->data_out); 528 v1s->wprotect = !!(v1s->data_out & 0x80); 529 v1s->cmd = REG_EMPTY; 530 break; 531 case REG_PRAM_ADDR...REG_PRAM_ADDR_LAST: 532 /* PRAM address 0x00 -> 0x13 */ 533 trace_via1_rtc_cmd_pram_write(v1s->cmd - REG_PRAM_ADDR, 534 v1s->data_out); 535 v1s->PRAM[v1s->cmd - REG_PRAM_ADDR] = v1s->data_out; 536 pram_update(v1s); 537 v1s->cmd = REG_EMPTY; 538 break; 539 case REG_PRAM_SECT...REG_PRAM_SECT_LAST: 540 addr = (v1s->data_out >> 2) & 0x1f; 541 sector = (v1s->cmd & 0x7f) - REG_PRAM_SECT; 542 if (v1s->cmd & 0x80) { 543 /* it's a read */ 544 v1s->data_in = v1s->PRAM[sector * 32 + addr]; 545 v1s->data_in_cnt = 8; 546 trace_via1_rtc_cmd_pram_sect_read(sector, addr, 547 sector * 32 + addr, 548 v1s->data_in); 549 v1s->cmd = REG_EMPTY; 550 } else { 551 /* it's a write, we need one more parameter */ 552 trace_via1_rtc_internal_set_alt(addr, sector, addr); 553 v1s->alt = addr; 554 } 555 break; 556 default: 557 g_assert_not_reached(); 558 } 559 return; 560 } 561 562 /* third byte: it's the data of a REG_PRAM_SECT write */ 563 g_assert(REG_PRAM_SECT <= v1s->cmd && v1s->cmd <= REG_PRAM_SECT_LAST); 564 sector = v1s->cmd - REG_PRAM_SECT; 565 v1s->PRAM[sector * 32 + v1s->alt] = v1s->data_out; 566 pram_update(v1s); 567 trace_via1_rtc_cmd_pram_sect_write(sector, v1s->alt, sector * 32 + v1s->alt, 568 v1s->data_out); 569 v1s->alt = REG_EMPTY; 570 v1s->cmd = REG_EMPTY; 571 } 572 573 static void adb_via_poll(void *opaque) 574 { 575 MOS6522Q800VIA1State *v1s = MOS6522_Q800_VIA1(opaque); 576 MOS6522State *s = MOS6522(v1s); 577 ADBBusState *adb_bus = &v1s->adb_bus; 578 uint8_t obuf[9]; 579 uint8_t *data = &s->sr; 580 int olen; 581 582 /* 583 * Setting vADBInt below indicates that an autopoll reply has been 584 * received, however we must block autopoll until the point where 585 * the entire reply has been read back to the host 586 */ 587 adb_autopoll_block(adb_bus); 588 589 if (v1s->adb_data_in_size > 0 && v1s->adb_data_in_index == 0) { 590 /* 591 * For older Linux kernels that switch to IDLE mode after sending the 592 * ADB command, detect if there is an existing response and return that 593 * as a "fake" autopoll reply or bus timeout accordingly 594 */ 595 *data = v1s->adb_data_out[0]; 596 olen = v1s->adb_data_in_size; 597 598 s->b &= ~VIA1B_vADBInt; 599 qemu_irq_raise(v1s->adb_data_ready); 600 } else { 601 /* 602 * Otherwise poll as normal 603 */ 604 v1s->adb_data_in_index = 0; 605 v1s->adb_data_out_index = 0; 606 olen = adb_poll(adb_bus, obuf, adb_bus->autopoll_mask); 607 608 if (olen > 0) { 609 /* Autopoll response */ 610 *data = obuf[0]; 611 olen--; 612 memcpy(v1s->adb_data_in, &obuf[1], olen); 613 v1s->adb_data_in_size = olen; 614 615 s->b &= ~VIA1B_vADBInt; 616 qemu_irq_raise(v1s->adb_data_ready); 617 } else { 618 *data = v1s->adb_autopoll_cmd; 619 obuf[0] = 0xff; 620 obuf[1] = 0xff; 621 olen = 2; 622 623 memcpy(v1s->adb_data_in, obuf, olen); 624 v1s->adb_data_in_size = olen; 625 626 s->b &= ~VIA1B_vADBInt; 627 qemu_irq_raise(v1s->adb_data_ready); 628 } 629 } 630 631 trace_via1_adb_poll(*data, (s->b & VIA1B_vADBInt) ? "+" : "-", 632 adb_bus->status, v1s->adb_data_in_index, olen); 633 } 634 635 static int adb_via_send_len(uint8_t data) 636 { 637 /* Determine the send length from the given ADB command */ 638 uint8_t cmd = data & 0xc; 639 uint8_t reg = data & 0x3; 640 641 switch (cmd) { 642 case 0x8: 643 /* Listen command */ 644 switch (reg) { 645 case 2: 646 /* Register 2 is only used for the keyboard */ 647 return 3; 648 case 3: 649 /* 650 * Fortunately our devices only implement writes 651 * to register 3 which is fixed at 2 bytes 652 */ 653 return 3; 654 default: 655 qemu_log_mask(LOG_UNIMP, "ADB unknown length for register %d\n", 656 reg); 657 return 1; 658 } 659 default: 660 /* Talk, BusReset */ 661 return 1; 662 } 663 } 664 665 static void adb_via_send(MOS6522Q800VIA1State *v1s, int state, uint8_t data) 666 { 667 MOS6522State *ms = MOS6522(v1s); 668 ADBBusState *adb_bus = &v1s->adb_bus; 669 uint16_t autopoll_mask; 670 671 switch (state) { 672 case ADB_STATE_NEW: 673 /* 674 * Command byte: vADBInt tells host autopoll data already present 675 * in VIA shift register and ADB transceiver 676 */ 677 adb_autopoll_block(adb_bus); 678 679 if (adb_bus->status & ADB_STATUS_POLLREPLY) { 680 /* Tell the host the existing data is from autopoll */ 681 ms->b &= ~VIA1B_vADBInt; 682 } else { 683 ms->b |= VIA1B_vADBInt; 684 v1s->adb_data_out_index = 0; 685 v1s->adb_data_out[v1s->adb_data_out_index++] = data; 686 } 687 688 trace_via1_adb_send(" NEW", data, (ms->b & VIA1B_vADBInt) ? "+" : "-"); 689 qemu_irq_raise(v1s->adb_data_ready); 690 break; 691 692 case ADB_STATE_EVEN: 693 case ADB_STATE_ODD: 694 ms->b |= VIA1B_vADBInt; 695 v1s->adb_data_out[v1s->adb_data_out_index++] = data; 696 697 trace_via1_adb_send(state == ADB_STATE_EVEN ? "EVEN" : " ODD", 698 data, (ms->b & VIA1B_vADBInt) ? "+" : "-"); 699 qemu_irq_raise(v1s->adb_data_ready); 700 break; 701 702 case ADB_STATE_IDLE: 703 ms->b |= VIA1B_vADBInt; 704 adb_autopoll_unblock(adb_bus); 705 706 trace_via1_adb_send("IDLE", data, 707 (ms->b & VIA1B_vADBInt) ? "+" : "-"); 708 709 return; 710 } 711 712 /* If the command is complete, execute it */ 713 if (v1s->adb_data_out_index == adb_via_send_len(v1s->adb_data_out[0])) { 714 v1s->adb_data_in_size = adb_request(adb_bus, v1s->adb_data_in, 715 v1s->adb_data_out, 716 v1s->adb_data_out_index); 717 v1s->adb_data_in_index = 0; 718 719 if (adb_bus->status & ADB_STATUS_BUSTIMEOUT) { 720 /* 721 * Bus timeout (but allow first EVEN and ODD byte to indicate 722 * timeout via vADBInt and SRQ status) 723 */ 724 v1s->adb_data_in[0] = 0xff; 725 v1s->adb_data_in[1] = 0xff; 726 v1s->adb_data_in_size = 2; 727 } 728 729 /* 730 * If last command is TALK, store it for use by autopoll and adjust 731 * the autopoll mask accordingly 732 */ 733 if ((v1s->adb_data_out[0] & 0xc) == 0xc) { 734 v1s->adb_autopoll_cmd = v1s->adb_data_out[0]; 735 736 autopoll_mask = 1 << (v1s->adb_autopoll_cmd >> 4); 737 adb_set_autopoll_mask(adb_bus, autopoll_mask); 738 } 739 } 740 } 741 742 static void adb_via_receive(MOS6522Q800VIA1State *v1s, int state, uint8_t *data) 743 { 744 MOS6522State *ms = MOS6522(v1s); 745 ADBBusState *adb_bus = &v1s->adb_bus; 746 uint16_t pending; 747 748 switch (state) { 749 case ADB_STATE_NEW: 750 ms->b |= VIA1B_vADBInt; 751 return; 752 753 case ADB_STATE_IDLE: 754 ms->b |= VIA1B_vADBInt; 755 adb_autopoll_unblock(adb_bus); 756 757 trace_via1_adb_receive("IDLE", *data, 758 (ms->b & VIA1B_vADBInt) ? "+" : "-", adb_bus->status, 759 v1s->adb_data_in_index, v1s->adb_data_in_size); 760 761 break; 762 763 case ADB_STATE_EVEN: 764 case ADB_STATE_ODD: 765 switch (v1s->adb_data_in_index) { 766 case 0: 767 /* First EVEN byte: vADBInt indicates bus timeout */ 768 *data = v1s->adb_data_in[v1s->adb_data_in_index]; 769 if (adb_bus->status & ADB_STATUS_BUSTIMEOUT) { 770 ms->b &= ~VIA1B_vADBInt; 771 } else { 772 ms->b |= VIA1B_vADBInt; 773 } 774 775 trace_via1_adb_receive(state == ADB_STATE_EVEN ? "EVEN" : " ODD", 776 *data, (ms->b & VIA1B_vADBInt) ? "+" : "-", 777 adb_bus->status, v1s->adb_data_in_index, 778 v1s->adb_data_in_size); 779 780 v1s->adb_data_in_index++; 781 break; 782 783 case 1: 784 /* First ODD byte: vADBInt indicates SRQ */ 785 *data = v1s->adb_data_in[v1s->adb_data_in_index]; 786 pending = adb_bus->pending & ~(1 << (v1s->adb_autopoll_cmd >> 4)); 787 if (pending) { 788 ms->b &= ~VIA1B_vADBInt; 789 } else { 790 ms->b |= VIA1B_vADBInt; 791 } 792 793 trace_via1_adb_receive(state == ADB_STATE_EVEN ? "EVEN" : " ODD", 794 *data, (ms->b & VIA1B_vADBInt) ? "+" : "-", 795 adb_bus->status, v1s->adb_data_in_index, 796 v1s->adb_data_in_size); 797 798 v1s->adb_data_in_index++; 799 break; 800 801 default: 802 /* 803 * Otherwise vADBInt indicates end of data. Note that Linux 804 * specifically checks for the sequence 0x0 0xff to confirm the 805 * end of the poll reply, so provide these extra bytes below to 806 * keep it happy 807 */ 808 if (v1s->adb_data_in_index < v1s->adb_data_in_size) { 809 /* Next data byte */ 810 *data = v1s->adb_data_in[v1s->adb_data_in_index]; 811 ms->b |= VIA1B_vADBInt; 812 } else if (v1s->adb_data_in_index == v1s->adb_data_in_size) { 813 if (adb_bus->status & ADB_STATUS_BUSTIMEOUT) { 814 /* Bus timeout (no more data) */ 815 *data = 0xff; 816 } else { 817 /* Return 0x0 after reply */ 818 *data = 0; 819 } 820 ms->b &= ~VIA1B_vADBInt; 821 } else { 822 /* Bus timeout (no more data) */ 823 *data = 0xff; 824 ms->b &= ~VIA1B_vADBInt; 825 adb_bus->status = 0; 826 adb_autopoll_unblock(adb_bus); 827 } 828 829 trace_via1_adb_receive(state == ADB_STATE_EVEN ? "EVEN" : " ODD", 830 *data, (ms->b & VIA1B_vADBInt) ? "+" : "-", 831 adb_bus->status, v1s->adb_data_in_index, 832 v1s->adb_data_in_size); 833 834 if (v1s->adb_data_in_index <= v1s->adb_data_in_size) { 835 v1s->adb_data_in_index++; 836 } 837 break; 838 } 839 840 qemu_irq_raise(v1s->adb_data_ready); 841 break; 842 } 843 } 844 845 static void via1_adb_update(MOS6522Q800VIA1State *v1s) 846 { 847 MOS6522State *s = MOS6522(v1s); 848 int oldstate, state; 849 850 oldstate = (v1s->last_b & VIA1B_vADB_StateMask) >> VIA1B_vADB_StateShift; 851 state = (s->b & VIA1B_vADB_StateMask) >> VIA1B_vADB_StateShift; 852 853 if (state != oldstate) { 854 if (s->acr & VIA1ACR_vShiftOut) { 855 /* output mode */ 856 adb_via_send(v1s, state, s->sr); 857 } else { 858 /* input mode */ 859 adb_via_receive(v1s, state, &s->sr); 860 } 861 } 862 } 863 864 static void via1_auxmode_update(MOS6522Q800VIA1State *v1s) 865 { 866 MOS6522State *s = MOS6522(v1s); 867 int oldirq, irq; 868 869 oldirq = (v1s->last_b & VIA1B_vMystery) ? 1 : 0; 870 irq = (s->b & VIA1B_vMystery) ? 1 : 0; 871 872 /* Check to see if the A/UX mode bit has changed */ 873 if (irq != oldirq) { 874 trace_via1_auxmode(irq); 875 qemu_set_irq(v1s->auxmode_irq, irq); 876 877 /* 878 * Clear the ADB interrupt. MacOS can leave VIA1B_vADBInt asserted 879 * (low) if a poll sequence doesn't complete before NetBSD disables 880 * interrupts upon boot. Fortunately NetBSD switches to the so-called 881 * "A/UX" interrupt mode after it initialises, so we can use this as 882 * a convenient place to clear the ADB interrupt for now. 883 */ 884 s->b |= VIA1B_vADBInt; 885 } 886 } 887 888 /* 889 * Addresses and real values for TimeDBRA/TimeSCCB to allow timer calibration 890 * to succeed (NOTE: both values have been multiplied by 3 to cope with the 891 * speed of QEMU execution on a modern host 892 */ 893 #define MACOS_TIMEDBRA 0xd00 894 #define MACOS_TIMESCCB 0xd02 895 896 #define MACOS_TIMEDBRA_VALUE (0x2a00 * 3) 897 #define MACOS_TIMESCCB_VALUE (0x079d * 3) 898 899 static bool via1_is_toolbox_timer_calibrated(void) 900 { 901 /* 902 * Indicate whether the MacOS toolbox has been calibrated by checking 903 * for the value of our magic constants 904 */ 905 uint16_t timedbra = lduw_be_phys(&address_space_memory, MACOS_TIMEDBRA); 906 uint16_t timesccdb = lduw_be_phys(&address_space_memory, MACOS_TIMESCCB); 907 908 return (timedbra == MACOS_TIMEDBRA_VALUE && 909 timesccdb == MACOS_TIMESCCB_VALUE); 910 } 911 912 static void via1_timer_calibration_hack(MOS6522Q800VIA1State *v1s, int addr, 913 uint64_t val, int size) 914 { 915 /* 916 * Work around timer calibration to ensure we that we have non-zero and 917 * known good values for TIMEDRBA and TIMESCCDB. 918 * 919 * This works by attempting to detect the reset and calibration sequence 920 * of writes to VIA1 921 */ 922 int old_timer_hack_state = v1s->timer_hack_state; 923 924 switch (v1s->timer_hack_state) { 925 case 0: 926 if (addr == VIA_REG_PCR && val == 0x22) { 927 /* VIA_REG_PCR: configure VIA1 edge triggering */ 928 v1s->timer_hack_state = 1; 929 } 930 break; 931 case 1: 932 if (addr == VIA_REG_T2CL && val == 0xc) { 933 /* VIA_REG_T2CL: low byte of 1ms counter */ 934 if (!via1_is_toolbox_timer_calibrated()) { 935 v1s->timer_hack_state = 2; 936 } else { 937 v1s->timer_hack_state = 0; 938 } 939 } 940 break; 941 case 2: 942 if (addr == VIA_REG_T2CH && val == 0x3) { 943 /* 944 * VIA_REG_T2CH: high byte of 1ms counter (very likely at the 945 * start of SETUPTIMEK) 946 */ 947 if (!via1_is_toolbox_timer_calibrated()) { 948 v1s->timer_hack_state = 3; 949 } else { 950 v1s->timer_hack_state = 0; 951 } 952 } 953 break; 954 case 3: 955 if (addr == VIA_REG_IER && val == 0x20) { 956 /* 957 * VIA_REG_IER: update at end of SETUPTIMEK 958 * 959 * Timer calibration has finished: unfortunately the values in 960 * TIMEDBRA (0xd00) and TIMESCCDB (0xd02) are so far out they 961 * cause divide by zero errors. 962 * 963 * Update them with values obtained from a real Q800 but with 964 * a x3 scaling factor which seems to work well 965 */ 966 stw_be_phys(&address_space_memory, MACOS_TIMEDBRA, 967 MACOS_TIMEDBRA_VALUE); 968 stw_be_phys(&address_space_memory, MACOS_TIMESCCB, 969 MACOS_TIMESCCB_VALUE); 970 971 v1s->timer_hack_state = 4; 972 } 973 break; 974 case 4: 975 /* 976 * This is the normal post-calibration timer state: we should 977 * generally remain here unless we detect the A/UX calibration 978 * loop, or a write to VIA_REG_PCR suggesting a reset 979 */ 980 if (addr == VIA_REG_PCR && val == 0x22) { 981 /* Looks like there has been a reset? */ 982 v1s->timer_hack_state = 1; 983 } 984 985 if (addr == VIA_REG_T2CL && val == 0xf0) { 986 /* VIA_REG_T2CL: low byte of counter (A/UX) */ 987 v1s->timer_hack_state = 5; 988 } 989 break; 990 case 5: 991 if (addr == VIA_REG_T2CH && val == 0x3c) { 992 /* 993 * VIA_REG_T2CH: high byte of counter (A/UX). We are now extremely 994 * likely to be in the A/UX timer calibration routine, so move to 995 * the next state where we enable the calibration hack. 996 */ 997 v1s->timer_hack_state = 6; 998 } else if ((addr == VIA_REG_IER && val == 0x20) || 999 addr == VIA_REG_T2CH) { 1000 /* We're doing something else with the timer, not calibration */ 1001 v1s->timer_hack_state = 0; 1002 } 1003 break; 1004 case 6: 1005 if ((addr == VIA_REG_IER && val == 0x20) || addr == VIA_REG_T2CH) { 1006 /* End of A/UX timer calibration routine, or another write */ 1007 v1s->timer_hack_state = 7; 1008 } else { 1009 v1s->timer_hack_state = 0; 1010 } 1011 break; 1012 case 7: 1013 /* 1014 * This is the normal post-calibration timer state once both the 1015 * MacOS toolbox and A/UX have been calibrated, until we see a write 1016 * to VIA_REG_PCR to suggest a reset 1017 */ 1018 if (addr == VIA_REG_PCR && val == 0x22) { 1019 /* Looks like there has been a reset? */ 1020 v1s->timer_hack_state = 1; 1021 } 1022 break; 1023 default: 1024 g_assert_not_reached(); 1025 } 1026 1027 if (old_timer_hack_state != v1s->timer_hack_state) { 1028 trace_via1_timer_hack_state(v1s->timer_hack_state); 1029 } 1030 } 1031 1032 static uint64_t mos6522_q800_via1_read(void *opaque, hwaddr addr, unsigned size) 1033 { 1034 MOS6522Q800VIA1State *s = MOS6522_Q800_VIA1(opaque); 1035 MOS6522State *ms = MOS6522(s); 1036 uint64_t ret; 1037 int64_t now; 1038 1039 addr = (addr >> 9) & 0xf; 1040 ret = mos6522_read(ms, addr, size); 1041 switch (addr) { 1042 case VIA_REG_A: 1043 case VIA_REG_ANH: 1044 /* Quadra 800 Id */ 1045 ret = (ret & ~VIA1A_CPUID_MASK) | VIA1A_CPUID_Q800; 1046 break; 1047 case VIA_REG_T2CH: 1048 if (s->timer_hack_state == 6) { 1049 /* 1050 * The A/UX timer calibration loop runs continuously until 2 1051 * consecutive iterations differ by at least 0x492 timer ticks. 1052 * Modern hosts execute the timer calibration loop so fast that 1053 * this situation never occurs causing a hang on boot. Use a 1054 * similar method to Shoebill which is to randomly add 0x500 to 1055 * the T2 counter value during calibration to enable it to 1056 * eventually succeed. 1057 */ 1058 now = qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL); 1059 if (now & 1) { 1060 ret += 0x5; 1061 } 1062 } 1063 break; 1064 } 1065 return ret; 1066 } 1067 1068 static void mos6522_q800_via1_write(void *opaque, hwaddr addr, uint64_t val, 1069 unsigned size) 1070 { 1071 MOS6522Q800VIA1State *v1s = MOS6522_Q800_VIA1(opaque); 1072 MOS6522State *ms = MOS6522(v1s); 1073 int oldstate, state; 1074 int oldsr = ms->sr; 1075 1076 addr = (addr >> 9) & 0xf; 1077 1078 via1_timer_calibration_hack(v1s, addr, val, size); 1079 1080 mos6522_write(ms, addr, val, size); 1081 1082 switch (addr) { 1083 case VIA_REG_B: 1084 via1_rtc_update(v1s); 1085 via1_adb_update(v1s); 1086 via1_auxmode_update(v1s); 1087 1088 v1s->last_b = ms->b; 1089 break; 1090 1091 case VIA_REG_SR: 1092 { 1093 /* 1094 * NetBSD assumes it can send its first ADB command after sending 1095 * the ADB_BUSRESET command in ADB_STATE_NEW without changing the 1096 * state back to ADB_STATE_IDLE first as detailed in the ADB 1097 * protocol. 1098 * 1099 * Add a workaround to detect this condition at the start of ADB 1100 * enumeration and send the next command written to SR after a 1101 * ADB_BUSRESET onto the bus regardless, even if we don't detect a 1102 * state transition to ADB_STATE_NEW. 1103 * 1104 * Note that in my tests the NetBSD state machine takes one ADB 1105 * operation to recover which means the probe for an ADB device at 1106 * address 1 always fails. However since the first device is at 1107 * address 2 then this will work fine, without having to come up 1108 * with a more complicated and invasive solution. 1109 */ 1110 oldstate = (v1s->last_b & VIA1B_vADB_StateMask) >> 1111 VIA1B_vADB_StateShift; 1112 state = (ms->b & VIA1B_vADB_StateMask) >> VIA1B_vADB_StateShift; 1113 1114 if (oldstate == ADB_STATE_NEW && state == ADB_STATE_NEW && 1115 (ms->acr & VIA1ACR_vShiftOut) && 1116 oldsr == 0 /* ADB_BUSRESET */) { 1117 trace_via1_adb_netbsd_enum_hack(); 1118 adb_via_send(v1s, state, ms->sr); 1119 } 1120 } 1121 break; 1122 } 1123 } 1124 1125 static const MemoryRegionOps mos6522_q800_via1_ops = { 1126 .read = mos6522_q800_via1_read, 1127 .write = mos6522_q800_via1_write, 1128 .endianness = DEVICE_BIG_ENDIAN, 1129 .valid = { 1130 .min_access_size = 1, 1131 .max_access_size = 4, 1132 }, 1133 }; 1134 1135 static uint64_t mos6522_q800_via2_read(void *opaque, hwaddr addr, unsigned size) 1136 { 1137 MOS6522Q800VIA2State *s = MOS6522_Q800_VIA2(opaque); 1138 MOS6522State *ms = MOS6522(s); 1139 uint64_t val; 1140 1141 addr = (addr >> 9) & 0xf; 1142 val = mos6522_read(ms, addr, size); 1143 1144 switch (addr) { 1145 case VIA_REG_IFR: 1146 /* 1147 * On a Q800 an emulated VIA2 is integrated into the onboard logic. The 1148 * expectation of most OSs is that the DRQ bit is live, rather than 1149 * latched as it would be on a real VIA so do the same here. 1150 * 1151 * Note: DRQ is negative edge triggered 1152 */ 1153 val &= ~VIA2_IRQ_SCSI_DATA; 1154 val |= (~ms->last_irq_levels & VIA2_IRQ_SCSI_DATA); 1155 break; 1156 } 1157 1158 return val; 1159 } 1160 1161 static void mos6522_q800_via2_write(void *opaque, hwaddr addr, uint64_t val, 1162 unsigned size) 1163 { 1164 MOS6522Q800VIA2State *s = MOS6522_Q800_VIA2(opaque); 1165 MOS6522State *ms = MOS6522(s); 1166 1167 addr = (addr >> 9) & 0xf; 1168 mos6522_write(ms, addr, val, size); 1169 } 1170 1171 static const MemoryRegionOps mos6522_q800_via2_ops = { 1172 .read = mos6522_q800_via2_read, 1173 .write = mos6522_q800_via2_write, 1174 .endianness = DEVICE_BIG_ENDIAN, 1175 .valid = { 1176 .min_access_size = 1, 1177 .max_access_size = 4, 1178 }, 1179 }; 1180 1181 static void via1_postload_update_cb(void *opaque, bool running, RunState state) 1182 { 1183 MOS6522Q800VIA1State *v1s = MOS6522_Q800_VIA1(opaque); 1184 1185 qemu_del_vm_change_state_handler(v1s->vmstate); 1186 v1s->vmstate = NULL; 1187 1188 pram_update(v1s); 1189 } 1190 1191 static int via1_post_load(void *opaque, int version_id) 1192 { 1193 MOS6522Q800VIA1State *v1s = MOS6522_Q800_VIA1(opaque); 1194 1195 if (v1s->blk) { 1196 v1s->vmstate = qemu_add_vm_change_state_handler( 1197 via1_postload_update_cb, v1s); 1198 } 1199 1200 return 0; 1201 } 1202 1203 /* VIA 1 */ 1204 static void mos6522_q800_via1_reset_hold(Object *obj, ResetType type) 1205 { 1206 MOS6522Q800VIA1State *v1s = MOS6522_Q800_VIA1(obj); 1207 MOS6522State *ms = MOS6522(v1s); 1208 MOS6522DeviceClass *mdc = MOS6522_GET_CLASS(ms); 1209 ADBBusState *adb_bus = &v1s->adb_bus; 1210 1211 if (mdc->parent_phases.hold) { 1212 mdc->parent_phases.hold(obj, type); 1213 } 1214 1215 ms->timers[0].frequency = VIA_TIMER_FREQ; 1216 ms->timers[1].frequency = VIA_TIMER_FREQ; 1217 1218 ms->b = VIA1B_vADB_StateMask | VIA1B_vADBInt | VIA1B_vRTCEnb; 1219 1220 /* ADB/RTC */ 1221 adb_set_autopoll_enabled(adb_bus, true); 1222 v1s->cmd = REG_EMPTY; 1223 v1s->alt = REG_EMPTY; 1224 1225 /* Timer calibration hack */ 1226 v1s->timer_hack_state = 0; 1227 } 1228 1229 static void mos6522_q800_via1_realize(DeviceState *dev, Error **errp) 1230 { 1231 MOS6522Q800VIA1State *v1s = MOS6522_Q800_VIA1(dev); 1232 ADBBusState *adb_bus = &v1s->adb_bus; 1233 struct tm tm; 1234 int ret; 1235 1236 v1s->one_second_timer = timer_new_ms(QEMU_CLOCK_VIRTUAL, via1_one_second, 1237 v1s); 1238 via1_one_second_update(v1s); 1239 v1s->sixty_hz_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, via1_sixty_hz, 1240 v1s); 1241 via1_sixty_hz_update(v1s); 1242 1243 qemu_get_timedate(&tm, 0); 1244 v1s->tick_offset = (uint32_t)mktimegm(&tm) + RTC_OFFSET; 1245 1246 adb_register_autopoll_callback(adb_bus, adb_via_poll, v1s); 1247 v1s->adb_data_ready = qdev_get_gpio_in(dev, VIA1_IRQ_ADB_READY_BIT); 1248 1249 if (v1s->blk) { 1250 int64_t len = blk_getlength(v1s->blk); 1251 if (len < 0) { 1252 error_setg_errno(errp, -len, 1253 "could not get length of backing image"); 1254 return; 1255 } 1256 ret = blk_set_perm(v1s->blk, 1257 BLK_PERM_CONSISTENT_READ | BLK_PERM_WRITE, 1258 BLK_PERM_ALL, errp); 1259 if (ret < 0) { 1260 return; 1261 } 1262 1263 ret = blk_pread(v1s->blk, 0, sizeof(v1s->PRAM), v1s->PRAM, 0); 1264 if (ret < 0) { 1265 error_setg(errp, "can't read PRAM contents"); 1266 return; 1267 } 1268 } 1269 } 1270 1271 static void mos6522_q800_via1_init(Object *obj) 1272 { 1273 MOS6522Q800VIA1State *v1s = MOS6522_Q800_VIA1(obj); 1274 SysBusDevice *sbd = SYS_BUS_DEVICE(v1s); 1275 1276 memory_region_init_io(&v1s->via_mem, obj, &mos6522_q800_via1_ops, v1s, 1277 "via1", VIA_SIZE); 1278 sysbus_init_mmio(sbd, &v1s->via_mem); 1279 1280 /* ADB */ 1281 qbus_init((BusState *)&v1s->adb_bus, sizeof(v1s->adb_bus), 1282 TYPE_ADB_BUS, DEVICE(v1s), "adb.0"); 1283 1284 /* A/UX mode */ 1285 qdev_init_gpio_out(DEVICE(obj), &v1s->auxmode_irq, 1); 1286 } 1287 1288 static const VMStateDescription vmstate_q800_via1 = { 1289 .name = "q800-via1", 1290 .version_id = 0, 1291 .minimum_version_id = 0, 1292 .post_load = via1_post_load, 1293 .fields = (const VMStateField[]) { 1294 VMSTATE_STRUCT(parent_obj, MOS6522Q800VIA1State, 0, vmstate_mos6522, 1295 MOS6522State), 1296 VMSTATE_UINT8(last_b, MOS6522Q800VIA1State), 1297 /* RTC */ 1298 VMSTATE_BUFFER(PRAM, MOS6522Q800VIA1State), 1299 VMSTATE_UINT32(tick_offset, MOS6522Q800VIA1State), 1300 VMSTATE_UINT8(data_out, MOS6522Q800VIA1State), 1301 VMSTATE_INT32(data_out_cnt, MOS6522Q800VIA1State), 1302 VMSTATE_UINT8(data_in, MOS6522Q800VIA1State), 1303 VMSTATE_UINT8(data_in_cnt, MOS6522Q800VIA1State), 1304 VMSTATE_UINT8(cmd, MOS6522Q800VIA1State), 1305 VMSTATE_INT32(wprotect, MOS6522Q800VIA1State), 1306 VMSTATE_INT32(alt, MOS6522Q800VIA1State), 1307 /* ADB */ 1308 VMSTATE_INT32(adb_data_in_size, MOS6522Q800VIA1State), 1309 VMSTATE_INT32(adb_data_in_index, MOS6522Q800VIA1State), 1310 VMSTATE_INT32(adb_data_out_index, MOS6522Q800VIA1State), 1311 VMSTATE_BUFFER(adb_data_in, MOS6522Q800VIA1State), 1312 VMSTATE_BUFFER(adb_data_out, MOS6522Q800VIA1State), 1313 VMSTATE_UINT8(adb_autopoll_cmd, MOS6522Q800VIA1State), 1314 /* Timers */ 1315 VMSTATE_TIMER_PTR(one_second_timer, MOS6522Q800VIA1State), 1316 VMSTATE_INT64(next_second, MOS6522Q800VIA1State), 1317 VMSTATE_TIMER_PTR(sixty_hz_timer, MOS6522Q800VIA1State), 1318 VMSTATE_INT64(next_sixty_hz, MOS6522Q800VIA1State), 1319 /* Timer hack */ 1320 VMSTATE_INT32(timer_hack_state, MOS6522Q800VIA1State), 1321 VMSTATE_END_OF_LIST() 1322 } 1323 }; 1324 1325 static Property mos6522_q800_via1_properties[] = { 1326 DEFINE_PROP_DRIVE("drive", MOS6522Q800VIA1State, blk), 1327 DEFINE_PROP_END_OF_LIST(), 1328 }; 1329 1330 static void mos6522_q800_via1_class_init(ObjectClass *oc, void *data) 1331 { 1332 DeviceClass *dc = DEVICE_CLASS(oc); 1333 ResettableClass *rc = RESETTABLE_CLASS(oc); 1334 MOS6522DeviceClass *mdc = MOS6522_CLASS(oc); 1335 1336 dc->realize = mos6522_q800_via1_realize; 1337 resettable_class_set_parent_phases(rc, NULL, mos6522_q800_via1_reset_hold, 1338 NULL, &mdc->parent_phases); 1339 dc->vmsd = &vmstate_q800_via1; 1340 device_class_set_props(dc, mos6522_q800_via1_properties); 1341 } 1342 1343 static const TypeInfo mos6522_q800_via1_type_info = { 1344 .name = TYPE_MOS6522_Q800_VIA1, 1345 .parent = TYPE_MOS6522, 1346 .instance_size = sizeof(MOS6522Q800VIA1State), 1347 .instance_init = mos6522_q800_via1_init, 1348 .class_init = mos6522_q800_via1_class_init, 1349 }; 1350 1351 /* VIA 2 */ 1352 static void mos6522_q800_via2_portB_write(MOS6522State *s) 1353 { 1354 if (s->dirb & VIA2B_vPower && (s->b & VIA2B_vPower) == 0) { 1355 /* shutdown */ 1356 qemu_system_shutdown_request(SHUTDOWN_CAUSE_GUEST_SHUTDOWN); 1357 } 1358 } 1359 1360 static void mos6522_q800_via2_reset_hold(Object *obj, ResetType type) 1361 { 1362 MOS6522State *ms = MOS6522(obj); 1363 MOS6522DeviceClass *mdc = MOS6522_GET_CLASS(ms); 1364 1365 if (mdc->parent_phases.hold) { 1366 mdc->parent_phases.hold(obj, type); 1367 } 1368 1369 ms->timers[0].frequency = VIA_TIMER_FREQ; 1370 ms->timers[1].frequency = VIA_TIMER_FREQ; 1371 1372 ms->dirb = 0; 1373 ms->b = 0; 1374 ms->dira = 0; 1375 ms->a = 0x7f; 1376 } 1377 1378 static void via2_nubus_irq_request(void *opaque, int n, int level) 1379 { 1380 MOS6522Q800VIA2State *v2s = opaque; 1381 MOS6522State *s = MOS6522(v2s); 1382 qemu_irq irq = qdev_get_gpio_in(DEVICE(s), VIA2_IRQ_NUBUS_BIT); 1383 1384 if (level) { 1385 /* Port A nubus IRQ inputs are active LOW */ 1386 s->a &= ~(1 << n); 1387 } else { 1388 s->a |= (1 << n); 1389 } 1390 1391 /* Negative edge trigger */ 1392 qemu_set_irq(irq, !level); 1393 } 1394 1395 static void mos6522_q800_via2_init(Object *obj) 1396 { 1397 MOS6522Q800VIA2State *v2s = MOS6522_Q800_VIA2(obj); 1398 SysBusDevice *sbd = SYS_BUS_DEVICE(v2s); 1399 1400 memory_region_init_io(&v2s->via_mem, obj, &mos6522_q800_via2_ops, v2s, 1401 "via2", VIA_SIZE); 1402 sysbus_init_mmio(sbd, &v2s->via_mem); 1403 1404 qdev_init_gpio_in_named(DEVICE(obj), via2_nubus_irq_request, "nubus-irq", 1405 VIA2_NUBUS_IRQ_NB); 1406 } 1407 1408 static const VMStateDescription vmstate_q800_via2 = { 1409 .name = "q800-via2", 1410 .version_id = 0, 1411 .minimum_version_id = 0, 1412 .fields = (const VMStateField[]) { 1413 VMSTATE_STRUCT(parent_obj, MOS6522Q800VIA2State, 0, vmstate_mos6522, 1414 MOS6522State), 1415 VMSTATE_END_OF_LIST() 1416 } 1417 }; 1418 1419 static void mos6522_q800_via2_class_init(ObjectClass *oc, void *data) 1420 { 1421 DeviceClass *dc = DEVICE_CLASS(oc); 1422 ResettableClass *rc = RESETTABLE_CLASS(oc); 1423 MOS6522DeviceClass *mdc = MOS6522_CLASS(oc); 1424 1425 resettable_class_set_parent_phases(rc, NULL, mos6522_q800_via2_reset_hold, 1426 NULL, &mdc->parent_phases); 1427 dc->vmsd = &vmstate_q800_via2; 1428 mdc->portB_write = mos6522_q800_via2_portB_write; 1429 } 1430 1431 static const TypeInfo mos6522_q800_via2_type_info = { 1432 .name = TYPE_MOS6522_Q800_VIA2, 1433 .parent = TYPE_MOS6522, 1434 .instance_size = sizeof(MOS6522Q800VIA2State), 1435 .instance_init = mos6522_q800_via2_init, 1436 .class_init = mos6522_q800_via2_class_init, 1437 }; 1438 1439 static void mac_via_register_types(void) 1440 { 1441 type_register_static(&mos6522_q800_via1_type_info); 1442 type_register_static(&mos6522_q800_via2_type_info); 1443 } 1444 1445 type_init(mac_via_register_types); 1446