jcs.org
qemu with hax to log dma reads & writes
jcs.org/2018/11/12/vfio
1/*
2 * Definitions for talking to the PMU. The PMU is a microcontroller
3 * which controls battery charging and system power on PowerBook 3400
4 * and 2400 models as well as the RTC and various other things.
5 *
6 * Copyright (C) 1998 Paul Mackerras.
7 * Copyright (C) 2016 Ben Herrenschmidt
8 */
9
10#ifndef PMU_H
11#define PMU_H
12
13#include "hw/misc/mos6522.h"
14#include "hw/misc/macio/gpio.h"
15
16/*
17 * PMU commands
18 */
19
20#define PMU_POWER_CTRL0 0x10 /* control power of some devices */
21#define PMU_POWER_CTRL 0x11 /* control power of some devices */
22#define PMU_ADB_CMD 0x20 /* send ADB packet */
23#define PMU_ADB_POLL_OFF 0x21 /* disable ADB auto-poll */
24#define PMU_WRITE_NVRAM 0x33 /* write non-volatile RAM */
25#define PMU_READ_NVRAM 0x3b /* read non-volatile RAM */
26#define PMU_SET_RTC 0x30 /* set real-time clock */
27#define PMU_READ_RTC 0x38 /* read real-time clock */
28#define PMU_SET_VOLBUTTON 0x40 /* set volume up/down position */
29#define PMU_BACKLIGHT_BRIGHT 0x41 /* set backlight brightness */
30#define PMU_GET_VOLBUTTON 0x48 /* get volume up/down position */
31#define PMU_PCEJECT 0x4c /* eject PC-card from slot */
32#define PMU_BATTERY_STATE 0x6b /* report battery state etc. */
33#define PMU_SMART_BATTERY_STATE 0x6f /* report battery state (new way) */
34#define PMU_SET_INTR_MASK 0x70 /* set PMU interrupt mask */
35#define PMU_INT_ACK 0x78 /* read interrupt bits */
36#define PMU_SHUTDOWN 0x7e /* turn power off */
37#define PMU_CPU_SPEED 0x7d /* control CPU speed on some models */
38#define PMU_SLEEP 0x7f /* put CPU to sleep */
39#define PMU_POWER_EVENTS 0x8f /* Send power-event commands to PMU */
40#define PMU_I2C_CMD 0x9a /* I2C operations */
41#define PMU_RESET 0xd0 /* reset CPU */
42#define PMU_GET_BRIGHTBUTTON 0xd9 /* report brightness up/down pos */
43#define PMU_GET_COVER 0xdc /* report cover open/closed */
44#define PMU_SYSTEM_READY 0xdf /* tell PMU we are awake */
45#define PMU_DOWNLOAD_STATUS 0xe2 /* Called by MacOS during boot... */
46#define PMU_READ_PMU_RAM 0xe8 /* read the PMU RAM... ??? */
47#define PMU_GET_VERSION 0xea /* read the PMU version */
48
49/* Bits to use with the PMU_POWER_CTRL0 command */
50#define PMU_POW0_ON 0x80 /* OR this to power ON the device */
51#define PMU_POW0_OFF 0x00 /* leave bit 7 to 0 to power it OFF */
52#define PMU_POW0_HARD_DRIVE 0x04 /* Hard drive power
53 * (on wallstreet/lombard ?) */
54
55/* Bits to use with the PMU_POWER_CTRL command */
56#define PMU_POW_ON 0x80 /* OR this to power ON the device */
57#define PMU_POW_OFF 0x00 /* leave bit 7 to 0 to power it OFF */
58#define PMU_POW_BACKLIGHT 0x01 /* backlight power */
59#define PMU_POW_CHARGER 0x02 /* battery charger power */
60#define PMU_POW_IRLED 0x04 /* IR led power (on wallstreet) */
61#define PMU_POW_MEDIABAY 0x08 /* media bay power
62 * (wallstreet/lombard ?) */
63
64/* Bits in PMU interrupt and interrupt mask bytes */
65#define PMU_INT_PCEJECT 0x04 /* PC-card eject buttons */
66#define PMU_INT_SNDBRT 0x08 /* sound/brightness up/down buttons */
67#define PMU_INT_ADB 0x10 /* ADB autopoll or reply data */
68#define PMU_INT_BATTERY 0x20 /* Battery state change */
69#define PMU_INT_ENVIRONMENT 0x40 /* Environment interrupts */
70#define PMU_INT_TICK 0x80 /* 1-second tick interrupt */
71
72/* Other bits in PMU interrupt valid when PMU_INT_ADB is set */
73#define PMU_INT_ADB_AUTO 0x04 /* ADB autopoll, when PMU_INT_ADB */
74#define PMU_INT_WAITING_CHARGER 0x01 /* ??? */
75#define PMU_INT_AUTO_SRQ_POLL 0x02 /* ??? */
76
77/* Bits in the environement message (either obtained via PMU_GET_COVER,
78 * or via PMU_INT_ENVIRONMENT on core99 */
79#define PMU_ENV_LID_CLOSED 0x01 /* The lid is closed */
80
81/* I2C related definitions */
82#define PMU_I2C_MODE_SIMPLE 0
83#define PMU_I2C_MODE_STDSUB 1
84#define PMU_I2C_MODE_COMBINED 2
85
86#define PMU_I2C_BUS_STATUS 0
87#define PMU_I2C_BUS_SYSCLK 1
88#define PMU_I2C_BUS_POWER 2
89
90#define PMU_I2C_STATUS_OK 0
91#define PMU_I2C_STATUS_DATAREAD 1
92#define PMU_I2C_STATUS_BUSY 0xfe
93
94/* Kind of PMU (model) */
95enum {
96 PMU_UNKNOWN,
97 PMU_OHARE_BASED, /* 2400, 3400, 3500 (old G3 powerbook) */
98 PMU_HEATHROW_BASED, /* PowerBook G3 series */
99 PMU_PADDINGTON_BASED, /* 1999 PowerBook G3 */
100 PMU_KEYLARGO_BASED, /* Core99 motherboard (PMU99) */
101 PMU_68K_V1, /* 68K PMU, version 1 */
102 PMU_68K_V2, /* 68K PMU, version 2 */
103};
104
105/* PMU PMU_POWER_EVENTS commands */
106enum {
107 PMU_PWR_GET_POWERUP_EVENTS = 0x00,
108 PMU_PWR_SET_POWERUP_EVENTS = 0x01,
109 PMU_PWR_CLR_POWERUP_EVENTS = 0x02,
110 PMU_PWR_GET_WAKEUP_EVENTS = 0x03,
111 PMU_PWR_SET_WAKEUP_EVENTS = 0x04,
112 PMU_PWR_CLR_WAKEUP_EVENTS = 0x05,
113};
114
115/* Power events wakeup bits */
116enum {
117 PMU_PWR_WAKEUP_KEY = 0x01, /* Wake on key press */
118 PMU_PWR_WAKEUP_AC_INSERT = 0x02, /* Wake on AC adapter plug */
119 PMU_PWR_WAKEUP_AC_CHANGE = 0x04,
120 PMU_PWR_WAKEUP_LID_OPEN = 0x08,
121 PMU_PWR_WAKEUP_RING = 0x10,
122};
123
124/*
125 * This table indicates for each PMU opcode:
126 * - the number of data bytes to be sent with the command, or -1
127 * if a length byte should be sent,
128 * - the number of response bytes which the PMU will return, or
129 * -1 if it will send a length byte.
130 */
131
132static const int8_t pmu_data_len[256][2] = {
133/* 0 1 2 3 4 5 6 7 */
134 {-1, 0},{-1, 0},{-1, 0},{-1, 0},{-1, 0},{-1, 0},{-1, 0},{-1, 0},
135 {-1, -1},{-1, -1},{-1, -1},{-1, -1},{-1, -1},{-1, -1},{-1, -1},{-1, -1},
136 { 1, 0},{ 1, 0},{-1, 0},{-1, 0},{-1, 0},{-1, 0},{-1, 0},{-1, 0},
137 { 0, 1},{ 0, 1},{-1, -1},{-1, -1},{-1, -1},{-1, -1},{-1, -1},{ 0, 0},
138 {-1, 0},{ 0, 0},{ 2, 0},{ 1, 0},{ 1, 0},{-1, 0},{-1, 0},{-1, 0},
139 { 0, -1},{ 0, -1},{-1, -1},{-1, -1},{-1, -1},{-1, -1},{-1, -1},{ 0, -1},
140 { 4, 0},{20, 0},{-1, 0},{ 3, 0},{-1, 0},{-1, 0},{-1, 0},{-1, 0},
141 { 0, 4},{ 0, 20},{ 2, -1},{ 2, 1},{ 3, -1},{-1, -1},{-1, -1},{ 4, 0},
142 { 1, 0},{ 1, 0},{-1, 0},{-1, 0},{-1, 0},{-1, 0},{-1, 0},{-1, 0},
143 { 0, 1},{ 0, 1},{-1, -1},{ 1, 0},{ 1, 0},{-1, -1},{-1, -1},{-1, -1},
144 { 1, 0},{ 0, 0},{ 2, 0},{ 2, 0},{-1, 0},{ 1, 0},{ 3, 0},{ 1, 0},
145 { 0, 1},{ 1, 0},{ 0, 2},{ 0, 2},{ 0, -1},{-1, -1},{-1, -1},{-1, -1},
146 { 2, 0},{-1, 0},{-1, 0},{-1, 0},{-1, 0},{-1, 0},{-1, 0},{-1, 0},
147 { 0, 3},{ 0, 3},{ 0, 2},{ 0, 8},{ 0, -1},{ 0, -1},{-1, -1},{-1, -1},
148 { 1, 0},{ 1, 0},{ 1, 0},{-1, 0},{-1, 0},{-1, 0},{-1, 0},{-1, 0},
149 { 0, -1},{ 0, -1},{-1, -1},{-1, -1},{-1, -1},{ 5, 1},{ 4, 1},{ 4, 1},
150 { 4, 0},{-1, 0},{ 0, 0},{-1, 0},{-1, 0},{-1, 0},{-1, 0},{-1, 0},
151 { 0, 5},{-1, -1},{-1, -1},{-1, -1},{-1, -1},{-1, -1},{-1, -1},{-1, -1},
152 { 1, 0},{ 2, 0},{-1, 0},{-1, 0},{-1, 0},{-1, 0},{-1, 0},{-1, 0},
153 { 0, 1},{ 0, 1},{-1, -1},{-1, -1},{-1, -1},{-1, -1},{-1, -1},{-1, -1},
154 { 2, 0},{ 2, 0},{ 2, 0},{ 4, 0},{-1, 0},{ 0, 0},{-1, 0},{-1, 0},
155 { 1, 1},{ 1, 0},{ 3, 0},{ 2, 0},{-1, -1},{-1, -1},{-1, -1},{-1, -1},
156 {-1, 0},{-1, 0},{-1, 0},{-1, 0},{-1, 0},{-1, 0},{-1, 0},{-1, 0},
157 {-1, -1},{-1, -1},{-1, -1},{-1, -1},{-1, -1},{-1, -1},{-1, -1},{-1, -1},
158 {-1, 0},{-1, 0},{-1, 0},{-1, 0},{-1, 0},{-1, 0},{-1, 0},{-1, 0},
159 {-1, -1},{-1, -1},{-1, -1},{-1, -1},{-1, -1},{-1, -1},{-1, -1},{-1, -1},
160 { 0, 0},{-1, 0},{-1, 0},{-1, 0},{-1, 0},{-1, 0},{-1, 0},{-1, 0},
161 { 1, 1},{ 1, 1},{-1, -1},{-1, -1},{ 0, 1},{ 0, -1},{-1, -1},{-1, -1},
162 {-1, 0},{ 4, 0},{ 0, 1},{-1, 0},{-1, 0},{ 4, 0},{-1, 0},{-1, 0},
163 { 3, -1},{-1, -1},{ 0, 1},{-1, -1},{ 0, -1},{-1, -1},{-1, -1},{ 0, 0},
164 {-1, 0},{-1, 0},{-1, 0},{-1, 0},{-1, 0},{-1, 0},{-1, 0},{-1, 0},
165 {-1, -1},{-1, -1},{-1, -1},{-1, -1},{-1, -1},{-1, -1},{-1, -1},{-1, -1},
166};
167
168/* Command protocol state machine */
169typedef enum {
170 pmu_state_idle, /* Waiting for command */
171 pmu_state_cmd, /* Receiving command */
172 pmu_state_rsp, /* Responding to command */
173} PMUCmdState;
174
175/* MOS6522 PMU */
176typedef struct MOS6522PMUState {
177 /*< private >*/
178 MOS6522State parent_obj;
179} MOS6522PMUState;
180
181#define TYPE_MOS6522_PMU "mos6522-pmu"
182#define MOS6522_PMU(obj) OBJECT_CHECK(MOS6522PMUState, (obj), \
183 TYPE_MOS6522_PMU)
184/**
185 * PMUState:
186 * @last_b: last value of B register
187 */
188
189typedef struct PMUState {
190 /*< private >*/
191 SysBusDevice parent_obj;
192 /*< public >*/
193
194 MemoryRegion mem;
195 uint64_t frequency;
196 qemu_irq via_irq;
197 bool via_irq_state;
198
199 /* PMU state */
200 MOS6522PMUState mos6522_pmu;
201
202 /* PMU low level protocol state */
203 PMUCmdState cmd_state;
204 uint8_t last_b;
205 uint8_t cmd;
206 uint32_t cmdlen;
207 uint32_t rsplen;
208 uint8_t cmd_buf_pos;
209 uint8_t cmd_buf[128];
210 uint8_t cmd_rsp_pos;
211 uint8_t cmd_rsp_sz;
212 uint8_t cmd_rsp[128];
213
214 /* PMU events/interrupts */
215 uint8_t intbits;
216 uint8_t intmask;
217
218 /* ADB */
219 bool has_adb;
220 ADBBusState adb_bus;
221 uint8_t adb_reply_size;
222 uint8_t adb_reply[ADB_MAX_OUT_LEN];
223
224 /* RTC */
225 uint32_t tick_offset;
226 QEMUTimer *one_sec_timer;
227 int64_t one_sec_target;
228
229 /* GPIO */
230 MacIOGPIOState *gpio;
231} PMUState;
232
233#define TYPE_VIA_PMU "via-pmu"
234#define VIA_PMU(obj) OBJECT_CHECK(PMUState, (obj), TYPE_VIA_PMU)
235
236#endif /* PMU_H */