1 /* 2 * QEMU PC keyboard emulation 3 * 4 * Copyright (c) 2003 Fabrice Bellard 5 * 6 * Permission is hereby granted, free of charge, to any person obtaining a copy 7 * of this software and associated documentation files (the "Software"), to deal 8 * in the Software without restriction, including without limitation the rights 9 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 10 * copies of the Software, and to permit persons to whom the Software is 11 * furnished to do so, subject to the following conditions: 12 * 13 * The above copyright notice and this permission notice shall be included in 14 * all copies or substantial portions of the Software. 15 * 16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL 19 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 21 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 22 * THE SOFTWARE. 23 */ 24 #include "hw/hw.h" 25 #include "hw/isa/isa.h" 26 #include "hw/i386/pc.h" 27 #include "hw/input/ps2.h" 28 #include "sysemu/sysemu.h" 29 30 /* debug PC keyboard */ 31 //#define DEBUG_KBD 32 #ifdef DEBUG_KBD 33 #define DPRINTF(fmt, ...) \ 34 do { printf("KBD: " fmt , ## __VA_ARGS__); } while (0) 35 #else 36 #define DPRINTF(fmt, ...) 37 #endif 38 39 /* Keyboard Controller Commands */ 40 #define KBD_CCMD_READ_MODE 0x20 /* Read mode bits */ 41 #define KBD_CCMD_WRITE_MODE 0x60 /* Write mode bits */ 42 #define KBD_CCMD_GET_VERSION 0xA1 /* Get controller version */ 43 #define KBD_CCMD_MOUSE_DISABLE 0xA7 /* Disable mouse interface */ 44 #define KBD_CCMD_MOUSE_ENABLE 0xA8 /* Enable mouse interface */ 45 #define KBD_CCMD_TEST_MOUSE 0xA9 /* Mouse interface test */ 46 #define KBD_CCMD_SELF_TEST 0xAA /* Controller self test */ 47 #define KBD_CCMD_KBD_TEST 0xAB /* Keyboard interface test */ 48 #define KBD_CCMD_KBD_DISABLE 0xAD /* Keyboard interface disable */ 49 #define KBD_CCMD_KBD_ENABLE 0xAE /* Keyboard interface enable */ 50 #define KBD_CCMD_READ_INPORT 0xC0 /* read input port */ 51 #define KBD_CCMD_READ_OUTPORT 0xD0 /* read output port */ 52 #define KBD_CCMD_WRITE_OUTPORT 0xD1 /* write output port */ 53 #define KBD_CCMD_WRITE_OBUF 0xD2 54 #define KBD_CCMD_WRITE_AUX_OBUF 0xD3 /* Write to output buffer as if 55 initiated by the auxiliary device */ 56 #define KBD_CCMD_WRITE_MOUSE 0xD4 /* Write the following byte to the mouse */ 57 #define KBD_CCMD_DISABLE_A20 0xDD /* HP vectra only ? */ 58 #define KBD_CCMD_ENABLE_A20 0xDF /* HP vectra only ? */ 59 #define KBD_CCMD_PULSE_BITS_3_0 0xF0 /* Pulse bits 3-0 of the output port P2. */ 60 #define KBD_CCMD_RESET 0xFE /* Pulse bit 0 of the output port P2 = CPU reset. */ 61 #define KBD_CCMD_NO_OP 0xFF /* Pulse no bits of the output port P2. */ 62 63 /* Keyboard Commands */ 64 #define KBD_CMD_SET_LEDS 0xED /* Set keyboard leds */ 65 #define KBD_CMD_ECHO 0xEE 66 #define KBD_CMD_GET_ID 0xF2 /* get keyboard ID */ 67 #define KBD_CMD_SET_RATE 0xF3 /* Set typematic rate */ 68 #define KBD_CMD_ENABLE 0xF4 /* Enable scanning */ 69 #define KBD_CMD_RESET_DISABLE 0xF5 /* reset and disable scanning */ 70 #define KBD_CMD_RESET_ENABLE 0xF6 /* reset and enable scanning */ 71 #define KBD_CMD_RESET 0xFF /* Reset */ 72 73 /* Keyboard Replies */ 74 #define KBD_REPLY_POR 0xAA /* Power on reset */ 75 #define KBD_REPLY_ACK 0xFA /* Command ACK */ 76 #define KBD_REPLY_RESEND 0xFE /* Command NACK, send the cmd again */ 77 78 /* Status Register Bits */ 79 #define KBD_STAT_OBF 0x01 /* Keyboard output buffer full */ 80 #define KBD_STAT_IBF 0x02 /* Keyboard input buffer full */ 81 #define KBD_STAT_SELFTEST 0x04 /* Self test successful */ 82 #define KBD_STAT_CMD 0x08 /* Last write was a command write (0=data) */ 83 #define KBD_STAT_UNLOCKED 0x10 /* Zero if keyboard locked */ 84 #define KBD_STAT_MOUSE_OBF 0x20 /* Mouse output buffer full */ 85 #define KBD_STAT_GTO 0x40 /* General receive/xmit timeout */ 86 #define KBD_STAT_PERR 0x80 /* Parity error */ 87 88 /* Controller Mode Register Bits */ 89 #define KBD_MODE_KBD_INT 0x01 /* Keyboard data generate IRQ1 */ 90 #define KBD_MODE_MOUSE_INT 0x02 /* Mouse data generate IRQ12 */ 91 #define KBD_MODE_SYS 0x04 /* The system flag (?) */ 92 #define KBD_MODE_NO_KEYLOCK 0x08 /* The keylock doesn't affect the keyboard if set */ 93 #define KBD_MODE_DISABLE_KBD 0x10 /* Disable keyboard interface */ 94 #define KBD_MODE_DISABLE_MOUSE 0x20 /* Disable mouse interface */ 95 #define KBD_MODE_KCC 0x40 /* Scan code conversion to PC format */ 96 #define KBD_MODE_RFU 0x80 97 98 /* Output Port Bits */ 99 #define KBD_OUT_RESET 0x01 /* 1=normal mode, 0=reset */ 100 #define KBD_OUT_A20 0x02 /* x86 only */ 101 #define KBD_OUT_OBF 0x10 /* Keyboard output buffer full */ 102 #define KBD_OUT_MOUSE_OBF 0x20 /* Mouse output buffer full */ 103 104 /* Mouse Commands */ 105 #define AUX_SET_SCALE11 0xE6 /* Set 1:1 scaling */ 106 #define AUX_SET_SCALE21 0xE7 /* Set 2:1 scaling */ 107 #define AUX_SET_RES 0xE8 /* Set resolution */ 108 #define AUX_GET_SCALE 0xE9 /* Get scaling factor */ 109 #define AUX_SET_STREAM 0xEA /* Set stream mode */ 110 #define AUX_POLL 0xEB /* Poll */ 111 #define AUX_RESET_WRAP 0xEC /* Reset wrap mode */ 112 #define AUX_SET_WRAP 0xEE /* Set wrap mode */ 113 #define AUX_SET_REMOTE 0xF0 /* Set remote mode */ 114 #define AUX_GET_TYPE 0xF2 /* Get type */ 115 #define AUX_SET_SAMPLE 0xF3 /* Set sample rate */ 116 #define AUX_ENABLE_DEV 0xF4 /* Enable aux device */ 117 #define AUX_DISABLE_DEV 0xF5 /* Disable aux device */ 118 #define AUX_SET_DEFAULT 0xF6 119 #define AUX_RESET 0xFF /* Reset aux device */ 120 #define AUX_ACK 0xFA /* Command byte ACK. */ 121 122 #define MOUSE_STATUS_REMOTE 0x40 123 #define MOUSE_STATUS_ENABLED 0x20 124 #define MOUSE_STATUS_SCALE21 0x10 125 126 #define KBD_PENDING_KBD 1 127 #define KBD_PENDING_AUX 2 128 129 typedef struct KBDState { 130 uint8_t write_cmd; /* if non zero, write data to port 60 is expected */ 131 uint8_t status; 132 uint8_t mode; 133 uint8_t outport; 134 /* Bitmask of devices with data available. */ 135 uint8_t pending; 136 void *kbd; 137 void *mouse; 138 139 qemu_irq irq_kbd; 140 qemu_irq irq_mouse; 141 qemu_irq *a20_out; 142 hwaddr mask; 143 } KBDState; 144 145 /* update irq and KBD_STAT_[MOUSE_]OBF */ 146 /* XXX: not generating the irqs if KBD_MODE_DISABLE_KBD is set may be 147 incorrect, but it avoids having to simulate exact delays */ 148 static void kbd_update_irq(KBDState *s) 149 { 150 int irq_kbd_level, irq_mouse_level; 151 152 irq_kbd_level = 0; 153 irq_mouse_level = 0; 154 s->status &= ~(KBD_STAT_OBF | KBD_STAT_MOUSE_OBF); 155 s->outport &= ~(KBD_OUT_OBF | KBD_OUT_MOUSE_OBF); 156 if (s->pending) { 157 s->status |= KBD_STAT_OBF; 158 s->outport |= KBD_OUT_OBF; 159 /* kbd data takes priority over aux data. */ 160 if (s->pending == KBD_PENDING_AUX) { 161 s->status |= KBD_STAT_MOUSE_OBF; 162 s->outport |= KBD_OUT_MOUSE_OBF; 163 if (s->mode & KBD_MODE_MOUSE_INT) 164 irq_mouse_level = 1; 165 } else { 166 if ((s->mode & KBD_MODE_KBD_INT) && 167 !(s->mode & KBD_MODE_DISABLE_KBD)) 168 irq_kbd_level = 1; 169 } 170 } 171 qemu_set_irq(s->irq_kbd, irq_kbd_level); 172 qemu_set_irq(s->irq_mouse, irq_mouse_level); 173 } 174 175 static void kbd_update_kbd_irq(void *opaque, int level) 176 { 177 KBDState *s = (KBDState *)opaque; 178 179 if (level) 180 s->pending |= KBD_PENDING_KBD; 181 else 182 s->pending &= ~KBD_PENDING_KBD; 183 kbd_update_irq(s); 184 } 185 186 static void kbd_update_aux_irq(void *opaque, int level) 187 { 188 KBDState *s = (KBDState *)opaque; 189 190 if (level) 191 s->pending |= KBD_PENDING_AUX; 192 else 193 s->pending &= ~KBD_PENDING_AUX; 194 kbd_update_irq(s); 195 } 196 197 static uint64_t kbd_read_status(void *opaque, hwaddr addr, 198 unsigned size) 199 { 200 KBDState *s = opaque; 201 int val; 202 val = s->status; 203 DPRINTF("kbd: read status=0x%02x\n", val); 204 return val; 205 } 206 207 static void kbd_queue(KBDState *s, int b, int aux) 208 { 209 if (aux) 210 ps2_queue(s->mouse, b); 211 else 212 ps2_queue(s->kbd, b); 213 } 214 215 static void outport_write(KBDState *s, uint32_t val) 216 { 217 DPRINTF("kbd: write outport=0x%02x\n", val); 218 s->outport = val; 219 if (s->a20_out) { 220 qemu_set_irq(*s->a20_out, (val >> 1) & 1); 221 } 222 if (!(val & 1)) { 223 qemu_system_reset_request(); 224 } 225 } 226 227 static void kbd_write_command(void *opaque, hwaddr addr, 228 uint64_t val, unsigned size) 229 { 230 KBDState *s = opaque; 231 232 DPRINTF("kbd: write cmd=0x%02x\n", val); 233 234 /* Bits 3-0 of the output port P2 of the keyboard controller may be pulsed 235 * low for approximately 6 micro seconds. Bits 3-0 of the KBD_CCMD_PULSE 236 * command specify the output port bits to be pulsed. 237 * 0: Bit should be pulsed. 1: Bit should not be modified. 238 * The only useful version of this command is pulsing bit 0, 239 * which does a CPU reset. 240 */ 241 if((val & KBD_CCMD_PULSE_BITS_3_0) == KBD_CCMD_PULSE_BITS_3_0) { 242 if(!(val & 1)) 243 val = KBD_CCMD_RESET; 244 else 245 val = KBD_CCMD_NO_OP; 246 } 247 248 switch(val) { 249 case KBD_CCMD_READ_MODE: 250 kbd_queue(s, s->mode, 0); 251 break; 252 case KBD_CCMD_WRITE_MODE: 253 case KBD_CCMD_WRITE_OBUF: 254 case KBD_CCMD_WRITE_AUX_OBUF: 255 case KBD_CCMD_WRITE_MOUSE: 256 case KBD_CCMD_WRITE_OUTPORT: 257 s->write_cmd = val; 258 break; 259 case KBD_CCMD_MOUSE_DISABLE: 260 s->mode |= KBD_MODE_DISABLE_MOUSE; 261 break; 262 case KBD_CCMD_MOUSE_ENABLE: 263 s->mode &= ~KBD_MODE_DISABLE_MOUSE; 264 break; 265 case KBD_CCMD_TEST_MOUSE: 266 kbd_queue(s, 0x00, 0); 267 break; 268 case KBD_CCMD_SELF_TEST: 269 s->status |= KBD_STAT_SELFTEST; 270 kbd_queue(s, 0x55, 0); 271 break; 272 case KBD_CCMD_KBD_TEST: 273 kbd_queue(s, 0x00, 0); 274 break; 275 case KBD_CCMD_KBD_DISABLE: 276 s->mode |= KBD_MODE_DISABLE_KBD; 277 kbd_update_irq(s); 278 break; 279 case KBD_CCMD_KBD_ENABLE: 280 s->mode &= ~KBD_MODE_DISABLE_KBD; 281 kbd_update_irq(s); 282 break; 283 case KBD_CCMD_READ_INPORT: 284 kbd_queue(s, 0x00, 0); 285 break; 286 case KBD_CCMD_READ_OUTPORT: 287 kbd_queue(s, s->outport, 0); 288 break; 289 case KBD_CCMD_ENABLE_A20: 290 if (s->a20_out) { 291 qemu_irq_raise(*s->a20_out); 292 } 293 s->outport |= KBD_OUT_A20; 294 break; 295 case KBD_CCMD_DISABLE_A20: 296 if (s->a20_out) { 297 qemu_irq_lower(*s->a20_out); 298 } 299 s->outport &= ~KBD_OUT_A20; 300 break; 301 case KBD_CCMD_RESET: 302 qemu_system_reset_request(); 303 break; 304 case KBD_CCMD_NO_OP: 305 /* ignore that */ 306 break; 307 default: 308 fprintf(stderr, "qemu: unsupported keyboard cmd=0x%02x\n", (int)val); 309 break; 310 } 311 } 312 313 static uint64_t kbd_read_data(void *opaque, hwaddr addr, 314 unsigned size) 315 { 316 KBDState *s = opaque; 317 uint32_t val; 318 319 if (s->pending == KBD_PENDING_AUX) 320 val = ps2_read_data(s->mouse); 321 else 322 val = ps2_read_data(s->kbd); 323 324 DPRINTF("kbd: read data=0x%02x\n", val); 325 return val; 326 } 327 328 static void kbd_write_data(void *opaque, hwaddr addr, 329 uint64_t val, unsigned size) 330 { 331 KBDState *s = opaque; 332 333 DPRINTF("kbd: write data=0x%02x\n", val); 334 335 switch(s->write_cmd) { 336 case 0: 337 ps2_write_keyboard(s->kbd, val); 338 break; 339 case KBD_CCMD_WRITE_MODE: 340 s->mode = val; 341 ps2_keyboard_set_translation(s->kbd, (s->mode & KBD_MODE_KCC) != 0); 342 /* ??? */ 343 kbd_update_irq(s); 344 break; 345 case KBD_CCMD_WRITE_OBUF: 346 kbd_queue(s, val, 0); 347 break; 348 case KBD_CCMD_WRITE_AUX_OBUF: 349 kbd_queue(s, val, 1); 350 break; 351 case KBD_CCMD_WRITE_OUTPORT: 352 outport_write(s, val); 353 break; 354 case KBD_CCMD_WRITE_MOUSE: 355 ps2_write_mouse(s->mouse, val); 356 break; 357 default: 358 break; 359 } 360 s->write_cmd = 0; 361 } 362 363 static void kbd_reset(void *opaque) 364 { 365 KBDState *s = opaque; 366 367 s->mode = KBD_MODE_KBD_INT | KBD_MODE_MOUSE_INT; 368 s->status = KBD_STAT_CMD | KBD_STAT_UNLOCKED; 369 s->outport = KBD_OUT_RESET | KBD_OUT_A20; 370 } 371 372 static const VMStateDescription vmstate_kbd = { 373 .name = "pckbd", 374 .version_id = 3, 375 .minimum_version_id = 3, 376 .minimum_version_id_old = 3, 377 .fields = (VMStateField []) { 378 VMSTATE_UINT8(write_cmd, KBDState), 379 VMSTATE_UINT8(status, KBDState), 380 VMSTATE_UINT8(mode, KBDState), 381 VMSTATE_UINT8(pending, KBDState), 382 VMSTATE_END_OF_LIST() 383 } 384 }; 385 386 /* Memory mapped interface */ 387 static uint32_t kbd_mm_readb (void *opaque, hwaddr addr) 388 { 389 KBDState *s = opaque; 390 391 if (addr & s->mask) 392 return kbd_read_status(s, 0, 1) & 0xff; 393 else 394 return kbd_read_data(s, 0, 1) & 0xff; 395 } 396 397 static void kbd_mm_writeb (void *opaque, hwaddr addr, uint32_t value) 398 { 399 KBDState *s = opaque; 400 401 if (addr & s->mask) 402 kbd_write_command(s, 0, value & 0xff, 1); 403 else 404 kbd_write_data(s, 0, value & 0xff, 1); 405 } 406 407 static const MemoryRegionOps i8042_mmio_ops = { 408 .endianness = DEVICE_NATIVE_ENDIAN, 409 .old_mmio = { 410 .read = { kbd_mm_readb, kbd_mm_readb, kbd_mm_readb }, 411 .write = { kbd_mm_writeb, kbd_mm_writeb, kbd_mm_writeb }, 412 }, 413 }; 414 415 void i8042_mm_init(qemu_irq kbd_irq, qemu_irq mouse_irq, 416 MemoryRegion *region, ram_addr_t size, 417 hwaddr mask) 418 { 419 KBDState *s = g_malloc0(sizeof(KBDState)); 420 421 s->irq_kbd = kbd_irq; 422 s->irq_mouse = mouse_irq; 423 s->mask = mask; 424 425 vmstate_register(NULL, 0, &vmstate_kbd, s); 426 427 memory_region_init_io(region, NULL, &i8042_mmio_ops, s, "i8042", size); 428 429 s->kbd = ps2_kbd_init(kbd_update_kbd_irq, s); 430 s->mouse = ps2_mouse_init(kbd_update_aux_irq, s); 431 qemu_register_reset(kbd_reset, s); 432 } 433 434 #define TYPE_I8042 "i8042" 435 #define I8042(obj) OBJECT_CHECK(ISAKBDState, (obj), TYPE_I8042) 436 437 typedef struct ISAKBDState { 438 ISADevice parent_obj; 439 440 KBDState kbd; 441 MemoryRegion io[2]; 442 } ISAKBDState; 443 444 void i8042_isa_mouse_fake_event(void *opaque) 445 { 446 ISADevice *dev = opaque; 447 ISAKBDState *isa = I8042(dev); 448 KBDState *s = &isa->kbd; 449 450 ps2_mouse_fake_event(s->mouse); 451 } 452 453 void i8042_setup_a20_line(ISADevice *dev, qemu_irq *a20_out) 454 { 455 ISAKBDState *isa = I8042(dev); 456 KBDState *s = &isa->kbd; 457 458 s->a20_out = a20_out; 459 } 460 461 static const VMStateDescription vmstate_kbd_isa = { 462 .name = "pckbd", 463 .version_id = 3, 464 .minimum_version_id = 3, 465 .minimum_version_id_old = 3, 466 .fields = (VMStateField []) { 467 VMSTATE_STRUCT(kbd, ISAKBDState, 0, vmstate_kbd, KBDState), 468 VMSTATE_END_OF_LIST() 469 } 470 }; 471 472 static const MemoryRegionOps i8042_data_ops = { 473 .read = kbd_read_data, 474 .write = kbd_write_data, 475 .impl = { 476 .min_access_size = 1, 477 .max_access_size = 1, 478 }, 479 .endianness = DEVICE_LITTLE_ENDIAN, 480 }; 481 482 static const MemoryRegionOps i8042_cmd_ops = { 483 .read = kbd_read_status, 484 .write = kbd_write_command, 485 .impl = { 486 .min_access_size = 1, 487 .max_access_size = 1, 488 }, 489 .endianness = DEVICE_LITTLE_ENDIAN, 490 }; 491 492 static void i8042_initfn(Object *obj) 493 { 494 ISAKBDState *isa_s = I8042(obj); 495 KBDState *s = &isa_s->kbd; 496 497 memory_region_init_io(isa_s->io + 0, obj, &i8042_data_ops, s, 498 "i8042-data", 1); 499 memory_region_init_io(isa_s->io + 1, obj, &i8042_cmd_ops, s, 500 "i8042-cmd", 1); 501 } 502 503 static void i8042_realizefn(DeviceState *dev, Error **errp) 504 { 505 ISADevice *isadev = ISA_DEVICE(dev); 506 ISAKBDState *isa_s = I8042(dev); 507 KBDState *s = &isa_s->kbd; 508 509 isa_init_irq(isadev, &s->irq_kbd, 1); 510 isa_init_irq(isadev, &s->irq_mouse, 12); 511 512 isa_register_ioport(isadev, isa_s->io + 0, 0x60); 513 isa_register_ioport(isadev, isa_s->io + 1, 0x64); 514 515 s->kbd = ps2_kbd_init(kbd_update_kbd_irq, s); 516 s->mouse = ps2_mouse_init(kbd_update_aux_irq, s); 517 qemu_register_reset(kbd_reset, s); 518 } 519 520 static void i8042_class_initfn(ObjectClass *klass, void *data) 521 { 522 DeviceClass *dc = DEVICE_CLASS(klass); 523 524 dc->realize = i8042_realizefn; 525 dc->no_user = 1; 526 dc->vmsd = &vmstate_kbd_isa; 527 } 528 529 static const TypeInfo i8042_info = { 530 .name = TYPE_I8042, 531 .parent = TYPE_ISA_DEVICE, 532 .instance_size = sizeof(ISAKBDState), 533 .instance_init = i8042_initfn, 534 .class_init = i8042_class_initfn, 535 }; 536 537 static void i8042_register_types(void) 538 { 539 type_register_static(&i8042_info); 540 } 541 542 type_init(i8042_register_types) 543