1 /*
2 * Copyright (c) 2013, Microsoft Corporation.
3 *
4 * This program is free software; you can redistribute it and/or modify it
5 * under the terms and conditions of the GNU General Public License,
6 * version 2, as published by the Free Software Foundation.
7 *
8 * This program is distributed in the hope it will be useful, but WITHOUT
9 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
10 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
11 * more details.
12 */
13
14 #include <linux/init.h>
15 #include <linux/module.h>
16 #include <linux/device.h>
17 #include <linux/completion.h>
18 #include <linux/hyperv.h>
19 #include <linux/serio.h>
20 #include <linux/slab.h>
21
22 /*
23 * Current version 1.0
24 *
25 */
26 #define SYNTH_KBD_VERSION_MAJOR 1
27 #define SYNTH_KBD_VERSION_MINOR 0
28 #define SYNTH_KBD_VERSION (SYNTH_KBD_VERSION_MINOR | \
29 (SYNTH_KBD_VERSION_MAJOR << 16))
30
31
32 /*
33 * Message types in the synthetic input protocol
34 */
35 enum synth_kbd_msg_type {
36 SYNTH_KBD_PROTOCOL_REQUEST = 1,
37 SYNTH_KBD_PROTOCOL_RESPONSE = 2,
38 SYNTH_KBD_EVENT = 3,
39 SYNTH_KBD_LED_INDICATORS = 4,
40 };
41
42 /*
43 * Basic message structures.
44 */
45 struct synth_kbd_msg_hdr {
46 __le32 type;
47 };
48
49 struct synth_kbd_msg {
50 struct synth_kbd_msg_hdr header;
51 char data[]; /* Enclosed message */
52 };
53
54 union synth_kbd_version {
55 __le32 version;
56 };
57
58 /*
59 * Protocol messages
60 */
61 struct synth_kbd_protocol_request {
62 struct synth_kbd_msg_hdr header;
63 union synth_kbd_version version_requested;
64 };
65
66 #define PROTOCOL_ACCEPTED BIT(0)
67 struct synth_kbd_protocol_response {
68 struct synth_kbd_msg_hdr header;
69 __le32 proto_status;
70 };
71
72 #define IS_UNICODE BIT(0)
73 #define IS_BREAK BIT(1)
74 #define IS_E0 BIT(2)
75 #define IS_E1 BIT(3)
76 struct synth_kbd_keystroke {
77 struct synth_kbd_msg_hdr header;
78 __le16 make_code;
79 __le16 reserved0;
80 __le32 info; /* Additional information */
81 };
82
83
84 #define HK_MAXIMUM_MESSAGE_SIZE 256
85
86 #define KBD_VSC_SEND_RING_BUFFER_SIZE (10 * PAGE_SIZE)
87 #define KBD_VSC_RECV_RING_BUFFER_SIZE (10 * PAGE_SIZE)
88
89 #define XTKBD_EMUL0 0xe0
90 #define XTKBD_EMUL1 0xe1
91 #define XTKBD_RELEASE 0x80
92
93
94 /*
95 * Represents a keyboard device
96 */
97 struct hv_kbd_dev {
98 struct hv_device *hv_dev;
99 struct serio *hv_serio;
100 struct synth_kbd_protocol_request protocol_req;
101 struct synth_kbd_protocol_response protocol_resp;
102 /* Synchronize the request/response if needed */
103 struct completion wait_event;
104 spinlock_t lock; /* protects 'started' field */
105 bool started;
106 };
107
hv_kbd_on_receive(struct hv_device * hv_dev,struct synth_kbd_msg * msg,u32 msg_length)108 static void hv_kbd_on_receive(struct hv_device *hv_dev,
109 struct synth_kbd_msg *msg, u32 msg_length)
110 {
111 struct hv_kbd_dev *kbd_dev = hv_get_drvdata(hv_dev);
112 struct synth_kbd_keystroke *ks_msg;
113 unsigned long flags;
114 u32 msg_type = __le32_to_cpu(msg->header.type);
115 u32 info;
116 u16 scan_code;
117
118 switch (msg_type) {
119 case SYNTH_KBD_PROTOCOL_RESPONSE:
120 /*
121 * Validate the information provided by the host.
122 * If the host is giving us a bogus packet,
123 * drop the packet (hoping the problem
124 * goes away).
125 */
126 if (msg_length < sizeof(struct synth_kbd_protocol_response)) {
127 dev_err(&hv_dev->device,
128 "Illegal protocol response packet (len: %d)\n",
129 msg_length);
130 break;
131 }
132
133 memcpy(&kbd_dev->protocol_resp, msg,
134 sizeof(struct synth_kbd_protocol_response));
135 complete(&kbd_dev->wait_event);
136 break;
137
138 case SYNTH_KBD_EVENT:
139 /*
140 * Validate the information provided by the host.
141 * If the host is giving us a bogus packet,
142 * drop the packet (hoping the problem
143 * goes away).
144 */
145 if (msg_length < sizeof(struct synth_kbd_keystroke)) {
146 dev_err(&hv_dev->device,
147 "Illegal keyboard event packet (len: %d)\n",
148 msg_length);
149 break;
150 }
151
152 ks_msg = (struct synth_kbd_keystroke *)msg;
153 info = __le32_to_cpu(ks_msg->info);
154
155 /*
156 * Inject the information through the serio interrupt.
157 */
158 spin_lock_irqsave(&kbd_dev->lock, flags);
159 if (kbd_dev->started) {
160 if (info & IS_E0)
161 serio_interrupt(kbd_dev->hv_serio,
162 XTKBD_EMUL0, 0);
163 if (info & IS_E1)
164 serio_interrupt(kbd_dev->hv_serio,
165 XTKBD_EMUL1, 0);
166 scan_code = __le16_to_cpu(ks_msg->make_code);
167 if (info & IS_BREAK)
168 scan_code |= XTKBD_RELEASE;
169
170 serio_interrupt(kbd_dev->hv_serio, scan_code, 0);
171 }
172 spin_unlock_irqrestore(&kbd_dev->lock, flags);
173
174 /*
175 * Only trigger a wakeup on key down, otherwise
176 * "echo freeze > /sys/power/state" can't really enter the
177 * state because the Enter-UP can trigger a wakeup at once.
178 */
179 if (!(info & IS_BREAK))
180 pm_wakeup_hard_event(&hv_dev->device);
181
182 break;
183
184 default:
185 dev_err(&hv_dev->device,
186 "unhandled message type %d\n", msg_type);
187 }
188 }
189
hv_kbd_handle_received_packet(struct hv_device * hv_dev,struct vmpacket_descriptor * desc,u32 bytes_recvd,u64 req_id)190 static void hv_kbd_handle_received_packet(struct hv_device *hv_dev,
191 struct vmpacket_descriptor *desc,
192 u32 bytes_recvd,
193 u64 req_id)
194 {
195 struct synth_kbd_msg *msg;
196 u32 msg_sz;
197
198 switch (desc->type) {
199 case VM_PKT_COMP:
200 break;
201
202 case VM_PKT_DATA_INBAND:
203 /*
204 * We have a packet that has "inband" data. The API used
205 * for retrieving the packet guarantees that the complete
206 * packet is read. So, minimally, we should be able to
207 * parse the payload header safely (assuming that the host
208 * can be trusted. Trusting the host seems to be a
209 * reasonable assumption because in a virtualized
210 * environment there is not whole lot you can do if you
211 * don't trust the host.
212 *
213 * Nonetheless, let us validate if the host can be trusted
214 * (in a trivial way). The interesting aspect of this
215 * validation is how do you recover if we discover that the
216 * host is not to be trusted? Simply dropping the packet, I
217 * don't think is an appropriate recovery. In the interest
218 * of failing fast, it may be better to crash the guest.
219 * For now, I will just drop the packet!
220 */
221
222 msg_sz = bytes_recvd - (desc->offset8 << 3);
223 if (msg_sz <= sizeof(struct synth_kbd_msg_hdr)) {
224 /*
225 * Drop the packet and hope
226 * the problem magically goes away.
227 */
228 dev_err(&hv_dev->device,
229 "Illegal packet (type: %d, tid: %llx, size: %d)\n",
230 desc->type, req_id, msg_sz);
231 break;
232 }
233
234 msg = (void *)desc + (desc->offset8 << 3);
235 hv_kbd_on_receive(hv_dev, msg, msg_sz);
236 break;
237
238 default:
239 dev_err(&hv_dev->device,
240 "unhandled packet type %d, tid %llx len %d\n",
241 desc->type, req_id, bytes_recvd);
242 break;
243 }
244 }
245
hv_kbd_on_channel_callback(void * context)246 static void hv_kbd_on_channel_callback(void *context)
247 {
248 struct vmpacket_descriptor *desc;
249 struct hv_device *hv_dev = context;
250 u32 bytes_recvd;
251 u64 req_id;
252
253 foreach_vmbus_pkt(desc, hv_dev->channel) {
254 bytes_recvd = desc->len8 * 8;
255 req_id = desc->trans_id;
256
257 hv_kbd_handle_received_packet(hv_dev, desc, bytes_recvd,
258 req_id);
259 }
260 }
261
hv_kbd_connect_to_vsp(struct hv_device * hv_dev)262 static int hv_kbd_connect_to_vsp(struct hv_device *hv_dev)
263 {
264 struct hv_kbd_dev *kbd_dev = hv_get_drvdata(hv_dev);
265 struct synth_kbd_protocol_request *request;
266 struct synth_kbd_protocol_response *response;
267 u32 proto_status;
268 int error;
269
270 request = &kbd_dev->protocol_req;
271 memset(request, 0, sizeof(struct synth_kbd_protocol_request));
272 request->header.type = __cpu_to_le32(SYNTH_KBD_PROTOCOL_REQUEST);
273 request->version_requested.version = __cpu_to_le32(SYNTH_KBD_VERSION);
274
275 error = vmbus_sendpacket(hv_dev->channel, request,
276 sizeof(struct synth_kbd_protocol_request),
277 (unsigned long)request,
278 VM_PKT_DATA_INBAND,
279 VMBUS_DATA_PACKET_FLAG_COMPLETION_REQUESTED);
280 if (error)
281 return error;
282
283 if (!wait_for_completion_timeout(&kbd_dev->wait_event, 10 * HZ))
284 return -ETIMEDOUT;
285
286 response = &kbd_dev->protocol_resp;
287 proto_status = __le32_to_cpu(response->proto_status);
288 if (!(proto_status & PROTOCOL_ACCEPTED)) {
289 dev_err(&hv_dev->device,
290 "synth_kbd protocol request failed (version %d)\n",
291 SYNTH_KBD_VERSION);
292 return -ENODEV;
293 }
294
295 return 0;
296 }
297
hv_kbd_start(struct serio * serio)298 static int hv_kbd_start(struct serio *serio)
299 {
300 struct hv_kbd_dev *kbd_dev = serio->port_data;
301 unsigned long flags;
302
303 spin_lock_irqsave(&kbd_dev->lock, flags);
304 kbd_dev->started = true;
305 spin_unlock_irqrestore(&kbd_dev->lock, flags);
306
307 return 0;
308 }
309
hv_kbd_stop(struct serio * serio)310 static void hv_kbd_stop(struct serio *serio)
311 {
312 struct hv_kbd_dev *kbd_dev = serio->port_data;
313 unsigned long flags;
314
315 spin_lock_irqsave(&kbd_dev->lock, flags);
316 kbd_dev->started = false;
317 spin_unlock_irqrestore(&kbd_dev->lock, flags);
318 }
319
hv_kbd_probe(struct hv_device * hv_dev,const struct hv_vmbus_device_id * dev_id)320 static int hv_kbd_probe(struct hv_device *hv_dev,
321 const struct hv_vmbus_device_id *dev_id)
322 {
323 struct hv_kbd_dev *kbd_dev;
324 struct serio *hv_serio;
325 int error;
326
327 kbd_dev = kzalloc(sizeof(struct hv_kbd_dev), GFP_KERNEL);
328 hv_serio = kzalloc(sizeof(struct serio), GFP_KERNEL);
329 if (!kbd_dev || !hv_serio) {
330 error = -ENOMEM;
331 goto err_free_mem;
332 }
333
334 kbd_dev->hv_dev = hv_dev;
335 kbd_dev->hv_serio = hv_serio;
336 spin_lock_init(&kbd_dev->lock);
337 init_completion(&kbd_dev->wait_event);
338 hv_set_drvdata(hv_dev, kbd_dev);
339
340 hv_serio->dev.parent = &hv_dev->device;
341 hv_serio->id.type = SERIO_8042_XL;
342 hv_serio->port_data = kbd_dev;
343 strlcpy(hv_serio->name, dev_name(&hv_dev->device),
344 sizeof(hv_serio->name));
345 strlcpy(hv_serio->phys, dev_name(&hv_dev->device),
346 sizeof(hv_serio->phys));
347
348 hv_serio->start = hv_kbd_start;
349 hv_serio->stop = hv_kbd_stop;
350
351 error = vmbus_open(hv_dev->channel,
352 KBD_VSC_SEND_RING_BUFFER_SIZE,
353 KBD_VSC_RECV_RING_BUFFER_SIZE,
354 NULL, 0,
355 hv_kbd_on_channel_callback,
356 hv_dev);
357 if (error)
358 goto err_free_mem;
359
360 error = hv_kbd_connect_to_vsp(hv_dev);
361 if (error)
362 goto err_close_vmbus;
363
364 serio_register_port(kbd_dev->hv_serio);
365
366 device_init_wakeup(&hv_dev->device, true);
367
368 return 0;
369
370 err_close_vmbus:
371 vmbus_close(hv_dev->channel);
372 err_free_mem:
373 kfree(hv_serio);
374 kfree(kbd_dev);
375 return error;
376 }
377
hv_kbd_remove(struct hv_device * hv_dev)378 static int hv_kbd_remove(struct hv_device *hv_dev)
379 {
380 struct hv_kbd_dev *kbd_dev = hv_get_drvdata(hv_dev);
381
382 serio_unregister_port(kbd_dev->hv_serio);
383 vmbus_close(hv_dev->channel);
384 kfree(kbd_dev);
385
386 hv_set_drvdata(hv_dev, NULL);
387
388 return 0;
389 }
390
391 static const struct hv_vmbus_device_id id_table[] = {
392 /* Keyboard guid */
393 { HV_KBD_GUID, },
394 { },
395 };
396
397 MODULE_DEVICE_TABLE(vmbus, id_table);
398
399 static struct hv_driver hv_kbd_drv = {
400 .name = KBUILD_MODNAME,
401 .id_table = id_table,
402 .probe = hv_kbd_probe,
403 .remove = hv_kbd_remove,
404 .driver = {
405 .probe_type = PROBE_PREFER_ASYNCHRONOUS,
406 },
407 };
408
hv_kbd_init(void)409 static int __init hv_kbd_init(void)
410 {
411 return vmbus_driver_register(&hv_kbd_drv);
412 }
413
hv_kbd_exit(void)414 static void __exit hv_kbd_exit(void)
415 {
416 vmbus_driver_unregister(&hv_kbd_drv);
417 }
418
419 MODULE_LICENSE("GPL");
420 module_init(hv_kbd_init);
421 module_exit(hv_kbd_exit);
422