xref: /openbmc/qemu/hw/input/pckbd.c (revision bfb27e60)
1 /*
2  * QEMU PC keyboard emulation
3  *
4  * Copyright (c) 2003 Fabrice Bellard
5  *
6  * Permission is hereby granted, free of charge, to any person obtaining a copy
7  * of this software and associated documentation files (the "Software"), to deal
8  * in the Software without restriction, including without limitation the rights
9  * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
10  * copies of the Software, and to permit persons to whom the Software is
11  * furnished to do so, subject to the following conditions:
12  *
13  * The above copyright notice and this permission notice shall be included in
14  * all copies or substantial portions of the Software.
15  *
16  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17  * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18  * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
19  * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20  * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
21  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
22  * THE SOFTWARE.
23  */
24 #include "hw/hw.h"
25 #include "hw/isa/isa.h"
26 #include "hw/i386/pc.h"
27 #include "hw/input/ps2.h"
28 #include "sysemu/sysemu.h"
29 
30 /* debug PC keyboard */
31 //#define DEBUG_KBD
32 #ifdef DEBUG_KBD
33 #define DPRINTF(fmt, ...)                                       \
34     do { printf("KBD: " fmt , ## __VA_ARGS__); } while (0)
35 #else
36 #define DPRINTF(fmt, ...)
37 #endif
38 
39 /*	Keyboard Controller Commands */
40 #define KBD_CCMD_READ_MODE	0x20	/* Read mode bits */
41 #define KBD_CCMD_WRITE_MODE	0x60	/* Write mode bits */
42 #define KBD_CCMD_GET_VERSION	0xA1	/* Get controller version */
43 #define KBD_CCMD_MOUSE_DISABLE	0xA7	/* Disable mouse interface */
44 #define KBD_CCMD_MOUSE_ENABLE	0xA8	/* Enable mouse interface */
45 #define KBD_CCMD_TEST_MOUSE	0xA9	/* Mouse interface test */
46 #define KBD_CCMD_SELF_TEST	0xAA	/* Controller self test */
47 #define KBD_CCMD_KBD_TEST	0xAB	/* Keyboard interface test */
48 #define KBD_CCMD_KBD_DISABLE	0xAD	/* Keyboard interface disable */
49 #define KBD_CCMD_KBD_ENABLE	0xAE	/* Keyboard interface enable */
50 #define KBD_CCMD_READ_INPORT    0xC0    /* read input port */
51 #define KBD_CCMD_READ_OUTPORT	0xD0    /* read output port */
52 #define KBD_CCMD_WRITE_OUTPORT	0xD1    /* write output port */
53 #define KBD_CCMD_WRITE_OBUF	0xD2
54 #define KBD_CCMD_WRITE_AUX_OBUF	0xD3    /* Write to output buffer as if
55 					   initiated by the auxiliary device */
56 #define KBD_CCMD_WRITE_MOUSE	0xD4	/* Write the following byte to the mouse */
57 #define KBD_CCMD_DISABLE_A20    0xDD    /* HP vectra only ? */
58 #define KBD_CCMD_ENABLE_A20     0xDF    /* HP vectra only ? */
59 #define KBD_CCMD_PULSE_BITS_3_0 0xF0    /* Pulse bits 3-0 of the output port P2. */
60 #define KBD_CCMD_RESET          0xFE    /* Pulse bit 0 of the output port P2 = CPU reset. */
61 #define KBD_CCMD_NO_OP          0xFF    /* Pulse no bits of the output port P2. */
62 
63 /* Keyboard Commands */
64 #define KBD_CMD_SET_LEDS	0xED	/* Set keyboard leds */
65 #define KBD_CMD_ECHO     	0xEE
66 #define KBD_CMD_GET_ID 	        0xF2	/* get keyboard ID */
67 #define KBD_CMD_SET_RATE	0xF3	/* Set typematic rate */
68 #define KBD_CMD_ENABLE		0xF4	/* Enable scanning */
69 #define KBD_CMD_RESET_DISABLE	0xF5	/* reset and disable scanning */
70 #define KBD_CMD_RESET_ENABLE   	0xF6    /* reset and enable scanning */
71 #define KBD_CMD_RESET		0xFF	/* Reset */
72 
73 /* Keyboard Replies */
74 #define KBD_REPLY_POR		0xAA	/* Power on reset */
75 #define KBD_REPLY_ACK		0xFA	/* Command ACK */
76 #define KBD_REPLY_RESEND	0xFE	/* Command NACK, send the cmd again */
77 
78 /* Status Register Bits */
79 #define KBD_STAT_OBF 		0x01	/* Keyboard output buffer full */
80 #define KBD_STAT_IBF 		0x02	/* Keyboard input buffer full */
81 #define KBD_STAT_SELFTEST	0x04	/* Self test successful */
82 #define KBD_STAT_CMD		0x08	/* Last write was a command write (0=data) */
83 #define KBD_STAT_UNLOCKED	0x10	/* Zero if keyboard locked */
84 #define KBD_STAT_MOUSE_OBF	0x20	/* Mouse output buffer full */
85 #define KBD_STAT_GTO 		0x40	/* General receive/xmit timeout */
86 #define KBD_STAT_PERR 		0x80	/* Parity error */
87 
88 /* Controller Mode Register Bits */
89 #define KBD_MODE_KBD_INT	0x01	/* Keyboard data generate IRQ1 */
90 #define KBD_MODE_MOUSE_INT	0x02	/* Mouse data generate IRQ12 */
91 #define KBD_MODE_SYS 		0x04	/* The system flag (?) */
92 #define KBD_MODE_NO_KEYLOCK	0x08	/* The keylock doesn't affect the keyboard if set */
93 #define KBD_MODE_DISABLE_KBD	0x10	/* Disable keyboard interface */
94 #define KBD_MODE_DISABLE_MOUSE	0x20	/* Disable mouse interface */
95 #define KBD_MODE_KCC 		0x40	/* Scan code conversion to PC format */
96 #define KBD_MODE_RFU		0x80
97 
98 /* Output Port Bits */
99 #define KBD_OUT_RESET           0x01    /* 1=normal mode, 0=reset */
100 #define KBD_OUT_A20             0x02    /* x86 only */
101 #define KBD_OUT_OBF             0x10    /* Keyboard output buffer full */
102 #define KBD_OUT_MOUSE_OBF       0x20    /* Mouse output buffer full */
103 
104 /* Mouse Commands */
105 #define AUX_SET_SCALE11		0xE6	/* Set 1:1 scaling */
106 #define AUX_SET_SCALE21		0xE7	/* Set 2:1 scaling */
107 #define AUX_SET_RES		0xE8	/* Set resolution */
108 #define AUX_GET_SCALE		0xE9	/* Get scaling factor */
109 #define AUX_SET_STREAM		0xEA	/* Set stream mode */
110 #define AUX_POLL		0xEB	/* Poll */
111 #define AUX_RESET_WRAP		0xEC	/* Reset wrap mode */
112 #define AUX_SET_WRAP		0xEE	/* Set wrap mode */
113 #define AUX_SET_REMOTE		0xF0	/* Set remote mode */
114 #define AUX_GET_TYPE		0xF2	/* Get type */
115 #define AUX_SET_SAMPLE		0xF3	/* Set sample rate */
116 #define AUX_ENABLE_DEV		0xF4	/* Enable aux device */
117 #define AUX_DISABLE_DEV		0xF5	/* Disable aux device */
118 #define AUX_SET_DEFAULT		0xF6
119 #define AUX_RESET		0xFF	/* Reset aux device */
120 #define AUX_ACK			0xFA	/* Command byte ACK. */
121 
122 #define MOUSE_STATUS_REMOTE     0x40
123 #define MOUSE_STATUS_ENABLED    0x20
124 #define MOUSE_STATUS_SCALE21    0x10
125 
126 #define KBD_PENDING_KBD         1
127 #define KBD_PENDING_AUX         2
128 
129 typedef struct KBDState {
130     uint8_t write_cmd; /* if non zero, write data to port 60 is expected */
131     uint8_t status;
132     uint8_t mode;
133     uint8_t outport;
134     /* Bitmask of devices with data available.  */
135     uint8_t pending;
136     void *kbd;
137     void *mouse;
138 
139     qemu_irq irq_kbd;
140     qemu_irq irq_mouse;
141     qemu_irq *a20_out;
142     hwaddr mask;
143 } KBDState;
144 
145 /* update irq and KBD_STAT_[MOUSE_]OBF */
146 /* XXX: not generating the irqs if KBD_MODE_DISABLE_KBD is set may be
147    incorrect, but it avoids having to simulate exact delays */
148 static void kbd_update_irq(KBDState *s)
149 {
150     int irq_kbd_level, irq_mouse_level;
151 
152     irq_kbd_level = 0;
153     irq_mouse_level = 0;
154     s->status &= ~(KBD_STAT_OBF | KBD_STAT_MOUSE_OBF);
155     s->outport &= ~(KBD_OUT_OBF | KBD_OUT_MOUSE_OBF);
156     if (s->pending) {
157         s->status |= KBD_STAT_OBF;
158         s->outport |= KBD_OUT_OBF;
159         /* kbd data takes priority over aux data.  */
160         if (s->pending == KBD_PENDING_AUX) {
161             s->status |= KBD_STAT_MOUSE_OBF;
162             s->outport |= KBD_OUT_MOUSE_OBF;
163             if (s->mode & KBD_MODE_MOUSE_INT)
164                 irq_mouse_level = 1;
165         } else {
166             if ((s->mode & KBD_MODE_KBD_INT) &&
167                 !(s->mode & KBD_MODE_DISABLE_KBD))
168                 irq_kbd_level = 1;
169         }
170     }
171     qemu_set_irq(s->irq_kbd, irq_kbd_level);
172     qemu_set_irq(s->irq_mouse, irq_mouse_level);
173 }
174 
175 static void kbd_update_kbd_irq(void *opaque, int level)
176 {
177     KBDState *s = (KBDState *)opaque;
178 
179     if (level)
180         s->pending |= KBD_PENDING_KBD;
181     else
182         s->pending &= ~KBD_PENDING_KBD;
183     kbd_update_irq(s);
184 }
185 
186 static void kbd_update_aux_irq(void *opaque, int level)
187 {
188     KBDState *s = (KBDState *)opaque;
189 
190     if (level)
191         s->pending |= KBD_PENDING_AUX;
192     else
193         s->pending &= ~KBD_PENDING_AUX;
194     kbd_update_irq(s);
195 }
196 
197 static uint64_t kbd_read_status(void *opaque, hwaddr addr,
198                                 unsigned size)
199 {
200     KBDState *s = opaque;
201     int val;
202     val = s->status;
203     DPRINTF("kbd: read status=0x%02x\n", val);
204     return val;
205 }
206 
207 static void kbd_queue(KBDState *s, int b, int aux)
208 {
209     if (aux)
210         ps2_queue(s->mouse, b);
211     else
212         ps2_queue(s->kbd, b);
213 }
214 
215 static void outport_write(KBDState *s, uint32_t val)
216 {
217     DPRINTF("kbd: write outport=0x%02x\n", val);
218     s->outport = val;
219     if (s->a20_out) {
220         qemu_set_irq(*s->a20_out, (val >> 1) & 1);
221     }
222     if (!(val & 1)) {
223         qemu_system_reset_request();
224     }
225 }
226 
227 static void kbd_write_command(void *opaque, hwaddr addr,
228                               uint64_t val, unsigned size)
229 {
230     KBDState *s = opaque;
231 
232     DPRINTF("kbd: write cmd=0x%02" PRIx64 "\n", val);
233 
234     /* Bits 3-0 of the output port P2 of the keyboard controller may be pulsed
235      * low for approximately 6 micro seconds. Bits 3-0 of the KBD_CCMD_PULSE
236      * command specify the output port bits to be pulsed.
237      * 0: Bit should be pulsed. 1: Bit should not be modified.
238      * The only useful version of this command is pulsing bit 0,
239      * which does a CPU reset.
240      */
241     if((val & KBD_CCMD_PULSE_BITS_3_0) == KBD_CCMD_PULSE_BITS_3_0) {
242         if(!(val & 1))
243             val = KBD_CCMD_RESET;
244         else
245             val = KBD_CCMD_NO_OP;
246     }
247 
248     switch(val) {
249     case KBD_CCMD_READ_MODE:
250         kbd_queue(s, s->mode, 0);
251         break;
252     case KBD_CCMD_WRITE_MODE:
253     case KBD_CCMD_WRITE_OBUF:
254     case KBD_CCMD_WRITE_AUX_OBUF:
255     case KBD_CCMD_WRITE_MOUSE:
256     case KBD_CCMD_WRITE_OUTPORT:
257         s->write_cmd = val;
258         break;
259     case KBD_CCMD_MOUSE_DISABLE:
260         s->mode |= KBD_MODE_DISABLE_MOUSE;
261         break;
262     case KBD_CCMD_MOUSE_ENABLE:
263         s->mode &= ~KBD_MODE_DISABLE_MOUSE;
264         break;
265     case KBD_CCMD_TEST_MOUSE:
266         kbd_queue(s, 0x00, 0);
267         break;
268     case KBD_CCMD_SELF_TEST:
269         s->status |= KBD_STAT_SELFTEST;
270         kbd_queue(s, 0x55, 0);
271         break;
272     case KBD_CCMD_KBD_TEST:
273         kbd_queue(s, 0x00, 0);
274         break;
275     case KBD_CCMD_KBD_DISABLE:
276         s->mode |= KBD_MODE_DISABLE_KBD;
277         kbd_update_irq(s);
278         break;
279     case KBD_CCMD_KBD_ENABLE:
280         s->mode &= ~KBD_MODE_DISABLE_KBD;
281         kbd_update_irq(s);
282         break;
283     case KBD_CCMD_READ_INPORT:
284         kbd_queue(s, 0x80, 0);
285         break;
286     case KBD_CCMD_READ_OUTPORT:
287         kbd_queue(s, s->outport, 0);
288         break;
289     case KBD_CCMD_ENABLE_A20:
290         if (s->a20_out) {
291             qemu_irq_raise(*s->a20_out);
292         }
293         s->outport |= KBD_OUT_A20;
294         break;
295     case KBD_CCMD_DISABLE_A20:
296         if (s->a20_out) {
297             qemu_irq_lower(*s->a20_out);
298         }
299         s->outport &= ~KBD_OUT_A20;
300         break;
301     case KBD_CCMD_RESET:
302         qemu_system_reset_request();
303         break;
304     case KBD_CCMD_NO_OP:
305         /* ignore that */
306         break;
307     default:
308         fprintf(stderr, "qemu: unsupported keyboard cmd=0x%02x\n", (int)val);
309         break;
310     }
311 }
312 
313 static uint64_t kbd_read_data(void *opaque, hwaddr addr,
314                               unsigned size)
315 {
316     KBDState *s = opaque;
317     uint32_t val;
318 
319     if (s->pending == KBD_PENDING_AUX)
320         val = ps2_read_data(s->mouse);
321     else
322         val = ps2_read_data(s->kbd);
323 
324     DPRINTF("kbd: read data=0x%02x\n", val);
325     return val;
326 }
327 
328 static void kbd_write_data(void *opaque, hwaddr addr,
329                            uint64_t val, unsigned size)
330 {
331     KBDState *s = opaque;
332 
333     DPRINTF("kbd: write data=0x%02" PRIx64 "\n", val);
334 
335     switch(s->write_cmd) {
336     case 0:
337         ps2_write_keyboard(s->kbd, val);
338         break;
339     case KBD_CCMD_WRITE_MODE:
340         s->mode = val;
341         ps2_keyboard_set_translation(s->kbd, (s->mode & KBD_MODE_KCC) != 0);
342         /* ??? */
343         kbd_update_irq(s);
344         break;
345     case KBD_CCMD_WRITE_OBUF:
346         kbd_queue(s, val, 0);
347         break;
348     case KBD_CCMD_WRITE_AUX_OBUF:
349         kbd_queue(s, val, 1);
350         break;
351     case KBD_CCMD_WRITE_OUTPORT:
352         outport_write(s, val);
353         break;
354     case KBD_CCMD_WRITE_MOUSE:
355         ps2_write_mouse(s->mouse, val);
356         break;
357     default:
358         break;
359     }
360     s->write_cmd = 0;
361 }
362 
363 static void kbd_reset(void *opaque)
364 {
365     KBDState *s = opaque;
366 
367     s->mode = KBD_MODE_KBD_INT | KBD_MODE_MOUSE_INT;
368     s->status = KBD_STAT_CMD | KBD_STAT_UNLOCKED;
369     s->outport = KBD_OUT_RESET | KBD_OUT_A20;
370 }
371 
372 static const VMStateDescription vmstate_kbd = {
373     .name = "pckbd",
374     .version_id = 3,
375     .minimum_version_id = 3,
376     .fields = (VMStateField[]) {
377         VMSTATE_UINT8(write_cmd, KBDState),
378         VMSTATE_UINT8(status, KBDState),
379         VMSTATE_UINT8(mode, KBDState),
380         VMSTATE_UINT8(pending, KBDState),
381         VMSTATE_END_OF_LIST()
382     }
383 };
384 
385 /* Memory mapped interface */
386 static uint32_t kbd_mm_readb (void *opaque, hwaddr addr)
387 {
388     KBDState *s = opaque;
389 
390     if (addr & s->mask)
391         return kbd_read_status(s, 0, 1) & 0xff;
392     else
393         return kbd_read_data(s, 0, 1) & 0xff;
394 }
395 
396 static void kbd_mm_writeb (void *opaque, hwaddr addr, uint32_t value)
397 {
398     KBDState *s = opaque;
399 
400     if (addr & s->mask)
401         kbd_write_command(s, 0, value & 0xff, 1);
402     else
403         kbd_write_data(s, 0, value & 0xff, 1);
404 }
405 
406 static const MemoryRegionOps i8042_mmio_ops = {
407     .endianness = DEVICE_NATIVE_ENDIAN,
408     .old_mmio = {
409         .read = { kbd_mm_readb, kbd_mm_readb, kbd_mm_readb },
410         .write = { kbd_mm_writeb, kbd_mm_writeb, kbd_mm_writeb },
411     },
412 };
413 
414 void i8042_mm_init(qemu_irq kbd_irq, qemu_irq mouse_irq,
415                    MemoryRegion *region, ram_addr_t size,
416                    hwaddr mask)
417 {
418     KBDState *s = g_malloc0(sizeof(KBDState));
419 
420     s->irq_kbd = kbd_irq;
421     s->irq_mouse = mouse_irq;
422     s->mask = mask;
423 
424     vmstate_register(NULL, 0, &vmstate_kbd, s);
425 
426     memory_region_init_io(region, NULL, &i8042_mmio_ops, s, "i8042", size);
427 
428     s->kbd = ps2_kbd_init(kbd_update_kbd_irq, s);
429     s->mouse = ps2_mouse_init(kbd_update_aux_irq, s);
430     qemu_register_reset(kbd_reset, s);
431 }
432 
433 #define TYPE_I8042 "i8042"
434 #define I8042(obj) OBJECT_CHECK(ISAKBDState, (obj), TYPE_I8042)
435 
436 typedef struct ISAKBDState {
437     ISADevice parent_obj;
438 
439     KBDState kbd;
440     MemoryRegion io[2];
441 } ISAKBDState;
442 
443 void i8042_isa_mouse_fake_event(void *opaque)
444 {
445     ISADevice *dev = opaque;
446     ISAKBDState *isa = I8042(dev);
447     KBDState *s = &isa->kbd;
448 
449     ps2_mouse_fake_event(s->mouse);
450 }
451 
452 void i8042_setup_a20_line(ISADevice *dev, qemu_irq *a20_out)
453 {
454     ISAKBDState *isa = I8042(dev);
455     KBDState *s = &isa->kbd;
456 
457     s->a20_out = a20_out;
458 }
459 
460 static const VMStateDescription vmstate_kbd_isa = {
461     .name = "pckbd",
462     .version_id = 3,
463     .minimum_version_id = 3,
464     .fields = (VMStateField[]) {
465         VMSTATE_STRUCT(kbd, ISAKBDState, 0, vmstate_kbd, KBDState),
466         VMSTATE_END_OF_LIST()
467     }
468 };
469 
470 static const MemoryRegionOps i8042_data_ops = {
471     .read = kbd_read_data,
472     .write = kbd_write_data,
473     .impl = {
474         .min_access_size = 1,
475         .max_access_size = 1,
476     },
477     .endianness = DEVICE_LITTLE_ENDIAN,
478 };
479 
480 static const MemoryRegionOps i8042_cmd_ops = {
481     .read = kbd_read_status,
482     .write = kbd_write_command,
483     .impl = {
484         .min_access_size = 1,
485         .max_access_size = 1,
486     },
487     .endianness = DEVICE_LITTLE_ENDIAN,
488 };
489 
490 static void i8042_initfn(Object *obj)
491 {
492     ISAKBDState *isa_s = I8042(obj);
493     KBDState *s = &isa_s->kbd;
494 
495     memory_region_init_io(isa_s->io + 0, obj, &i8042_data_ops, s,
496                           "i8042-data", 1);
497     memory_region_init_io(isa_s->io + 1, obj, &i8042_cmd_ops, s,
498                           "i8042-cmd", 1);
499 }
500 
501 static void i8042_realizefn(DeviceState *dev, Error **errp)
502 {
503     ISADevice *isadev = ISA_DEVICE(dev);
504     ISAKBDState *isa_s = I8042(dev);
505     KBDState *s = &isa_s->kbd;
506 
507     isa_init_irq(isadev, &s->irq_kbd, 1);
508     isa_init_irq(isadev, &s->irq_mouse, 12);
509 
510     isa_register_ioport(isadev, isa_s->io + 0, 0x60);
511     isa_register_ioport(isadev, isa_s->io + 1, 0x64);
512 
513     s->kbd = ps2_kbd_init(kbd_update_kbd_irq, s);
514     s->mouse = ps2_mouse_init(kbd_update_aux_irq, s);
515     qemu_register_reset(kbd_reset, s);
516 }
517 
518 static void i8042_class_initfn(ObjectClass *klass, void *data)
519 {
520     DeviceClass *dc = DEVICE_CLASS(klass);
521 
522     dc->realize = i8042_realizefn;
523     dc->vmsd = &vmstate_kbd_isa;
524 }
525 
526 static const TypeInfo i8042_info = {
527     .name          = TYPE_I8042,
528     .parent        = TYPE_ISA_DEVICE,
529     .instance_size = sizeof(ISAKBDState),
530     .instance_init = i8042_initfn,
531     .class_init    = i8042_class_initfn,
532 };
533 
534 static void i8042_register_types(void)
535 {
536     type_register_static(&i8042_info);
537 }
538 
539 type_init(i8042_register_types)
540