1 /* 2 * Copyright (c) 2013, Microsoft Corporation. 3 * 4 * This program is free software; you can redistribute it and/or modify it 5 * under the terms and conditions of the GNU General Public License, 6 * version 2, as published by the Free Software Foundation. 7 * 8 * This program is distributed in the hope it will be useful, but WITHOUT 9 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 10 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for 11 * more details. 12 */ 13 14 #include <linux/init.h> 15 #include <linux/module.h> 16 #include <linux/device.h> 17 #include <linux/completion.h> 18 #include <linux/hyperv.h> 19 #include <linux/serio.h> 20 #include <linux/slab.h> 21 22 /* 23 * Current version 1.0 24 * 25 */ 26 #define SYNTH_KBD_VERSION_MAJOR 1 27 #define SYNTH_KBD_VERSION_MINOR 0 28 #define SYNTH_KBD_VERSION (SYNTH_KBD_VERSION_MINOR | \ 29 (SYNTH_KBD_VERSION_MAJOR << 16)) 30 31 32 /* 33 * Message types in the synthetic input protocol 34 */ 35 enum synth_kbd_msg_type { 36 SYNTH_KBD_PROTOCOL_REQUEST = 1, 37 SYNTH_KBD_PROTOCOL_RESPONSE = 2, 38 SYNTH_KBD_EVENT = 3, 39 SYNTH_KBD_LED_INDICATORS = 4, 40 }; 41 42 /* 43 * Basic message structures. 44 */ 45 struct synth_kbd_msg_hdr { 46 __le32 type; 47 }; 48 49 struct synth_kbd_msg { 50 struct synth_kbd_msg_hdr header; 51 char data[]; /* Enclosed message */ 52 }; 53 54 union synth_kbd_version { 55 __le32 version; 56 }; 57 58 /* 59 * Protocol messages 60 */ 61 struct synth_kbd_protocol_request { 62 struct synth_kbd_msg_hdr header; 63 union synth_kbd_version version_requested; 64 }; 65 66 #define PROTOCOL_ACCEPTED BIT(0) 67 struct synth_kbd_protocol_response { 68 struct synth_kbd_msg_hdr header; 69 __le32 proto_status; 70 }; 71 72 #define IS_UNICODE BIT(0) 73 #define IS_BREAK BIT(1) 74 #define IS_E0 BIT(2) 75 #define IS_E1 BIT(3) 76 struct synth_kbd_keystroke { 77 struct synth_kbd_msg_hdr header; 78 __le16 make_code; 79 __le16 reserved0; 80 __le32 info; /* Additional information */ 81 }; 82 83 84 #define HK_MAXIMUM_MESSAGE_SIZE 256 85 86 #define KBD_VSC_SEND_RING_BUFFER_SIZE (10 * PAGE_SIZE) 87 #define KBD_VSC_RECV_RING_BUFFER_SIZE (10 * PAGE_SIZE) 88 89 #define XTKBD_EMUL0 0xe0 90 #define XTKBD_EMUL1 0xe1 91 #define XTKBD_RELEASE 0x80 92 93 94 /* 95 * Represents a keyboard device 96 */ 97 struct hv_kbd_dev { 98 struct hv_device *hv_dev; 99 struct serio *hv_serio; 100 struct synth_kbd_protocol_request protocol_req; 101 struct synth_kbd_protocol_response protocol_resp; 102 /* Synchronize the request/response if needed */ 103 struct completion wait_event; 104 spinlock_t lock; /* protects 'started' field */ 105 bool started; 106 }; 107 108 static void hv_kbd_on_receive(struct hv_device *hv_dev, 109 struct synth_kbd_msg *msg, u32 msg_length) 110 { 111 struct hv_kbd_dev *kbd_dev = hv_get_drvdata(hv_dev); 112 struct synth_kbd_keystroke *ks_msg; 113 unsigned long flags; 114 u32 msg_type = __le32_to_cpu(msg->header.type); 115 u32 info; 116 u16 scan_code; 117 118 switch (msg_type) { 119 case SYNTH_KBD_PROTOCOL_RESPONSE: 120 /* 121 * Validate the information provided by the host. 122 * If the host is giving us a bogus packet, 123 * drop the packet (hoping the problem 124 * goes away). 125 */ 126 if (msg_length < sizeof(struct synth_kbd_protocol_response)) { 127 dev_err(&hv_dev->device, 128 "Illegal protocol response packet (len: %d)\n", 129 msg_length); 130 break; 131 } 132 133 memcpy(&kbd_dev->protocol_resp, msg, 134 sizeof(struct synth_kbd_protocol_response)); 135 complete(&kbd_dev->wait_event); 136 break; 137 138 case SYNTH_KBD_EVENT: 139 /* 140 * Validate the information provided by the host. 141 * If the host is giving us a bogus packet, 142 * drop the packet (hoping the problem 143 * goes away). 144 */ 145 if (msg_length < sizeof(struct synth_kbd_keystroke)) { 146 dev_err(&hv_dev->device, 147 "Illegal keyboard event packet (len: %d)\n", 148 msg_length); 149 break; 150 } 151 152 ks_msg = (struct synth_kbd_keystroke *)msg; 153 info = __le32_to_cpu(ks_msg->info); 154 155 /* 156 * Inject the information through the serio interrupt. 157 */ 158 spin_lock_irqsave(&kbd_dev->lock, flags); 159 if (kbd_dev->started) { 160 if (info & IS_E0) 161 serio_interrupt(kbd_dev->hv_serio, 162 XTKBD_EMUL0, 0); 163 if (info & IS_E1) 164 serio_interrupt(kbd_dev->hv_serio, 165 XTKBD_EMUL1, 0); 166 scan_code = __le16_to_cpu(ks_msg->make_code); 167 if (info & IS_BREAK) 168 scan_code |= XTKBD_RELEASE; 169 170 serio_interrupt(kbd_dev->hv_serio, scan_code, 0); 171 } 172 spin_unlock_irqrestore(&kbd_dev->lock, flags); 173 174 /* 175 * Only trigger a wakeup on key down, otherwise 176 * "echo freeze > /sys/power/state" can't really enter the 177 * state because the Enter-UP can trigger a wakeup at once. 178 */ 179 if (!(info & IS_BREAK)) 180 pm_wakeup_event(&hv_dev->device, 0); 181 182 break; 183 184 default: 185 dev_err(&hv_dev->device, 186 "unhandled message type %d\n", msg_type); 187 } 188 } 189 190 static void hv_kbd_handle_received_packet(struct hv_device *hv_dev, 191 struct vmpacket_descriptor *desc, 192 u32 bytes_recvd, 193 u64 req_id) 194 { 195 struct synth_kbd_msg *msg; 196 u32 msg_sz; 197 198 switch (desc->type) { 199 case VM_PKT_COMP: 200 break; 201 202 case VM_PKT_DATA_INBAND: 203 /* 204 * We have a packet that has "inband" data. The API used 205 * for retrieving the packet guarantees that the complete 206 * packet is read. So, minimally, we should be able to 207 * parse the payload header safely (assuming that the host 208 * can be trusted. Trusting the host seems to be a 209 * reasonable assumption because in a virtualized 210 * environment there is not whole lot you can do if you 211 * don't trust the host. 212 * 213 * Nonetheless, let us validate if the host can be trusted 214 * (in a trivial way). The interesting aspect of this 215 * validation is how do you recover if we discover that the 216 * host is not to be trusted? Simply dropping the packet, I 217 * don't think is an appropriate recovery. In the interest 218 * of failing fast, it may be better to crash the guest. 219 * For now, I will just drop the packet! 220 */ 221 222 msg_sz = bytes_recvd - (desc->offset8 << 3); 223 if (msg_sz <= sizeof(struct synth_kbd_msg_hdr)) { 224 /* 225 * Drop the packet and hope 226 * the problem magically goes away. 227 */ 228 dev_err(&hv_dev->device, 229 "Illegal packet (type: %d, tid: %llx, size: %d)\n", 230 desc->type, req_id, msg_sz); 231 break; 232 } 233 234 msg = (void *)desc + (desc->offset8 << 3); 235 hv_kbd_on_receive(hv_dev, msg, msg_sz); 236 break; 237 238 default: 239 dev_err(&hv_dev->device, 240 "unhandled packet type %d, tid %llx len %d\n", 241 desc->type, req_id, bytes_recvd); 242 break; 243 } 244 } 245 246 static void hv_kbd_on_channel_callback(void *context) 247 { 248 struct hv_device *hv_dev = context; 249 void *buffer; 250 int bufferlen = 0x100; /* Start with sensible size */ 251 u32 bytes_recvd; 252 u64 req_id; 253 int error; 254 255 buffer = kmalloc(bufferlen, GFP_ATOMIC); 256 if (!buffer) 257 return; 258 259 while (1) { 260 error = vmbus_recvpacket_raw(hv_dev->channel, buffer, bufferlen, 261 &bytes_recvd, &req_id); 262 switch (error) { 263 case 0: 264 if (bytes_recvd == 0) { 265 kfree(buffer); 266 return; 267 } 268 269 hv_kbd_handle_received_packet(hv_dev, buffer, 270 bytes_recvd, req_id); 271 break; 272 273 case -ENOBUFS: 274 kfree(buffer); 275 /* Handle large packet */ 276 bufferlen = bytes_recvd; 277 buffer = kmalloc(bytes_recvd, GFP_ATOMIC); 278 if (!buffer) 279 return; 280 break; 281 } 282 } 283 } 284 285 static int hv_kbd_connect_to_vsp(struct hv_device *hv_dev) 286 { 287 struct hv_kbd_dev *kbd_dev = hv_get_drvdata(hv_dev); 288 struct synth_kbd_protocol_request *request; 289 struct synth_kbd_protocol_response *response; 290 u32 proto_status; 291 int error; 292 293 request = &kbd_dev->protocol_req; 294 memset(request, 0, sizeof(struct synth_kbd_protocol_request)); 295 request->header.type = __cpu_to_le32(SYNTH_KBD_PROTOCOL_REQUEST); 296 request->version_requested.version = __cpu_to_le32(SYNTH_KBD_VERSION); 297 298 error = vmbus_sendpacket(hv_dev->channel, request, 299 sizeof(struct synth_kbd_protocol_request), 300 (unsigned long)request, 301 VM_PKT_DATA_INBAND, 302 VMBUS_DATA_PACKET_FLAG_COMPLETION_REQUESTED); 303 if (error) 304 return error; 305 306 if (!wait_for_completion_timeout(&kbd_dev->wait_event, 10 * HZ)) 307 return -ETIMEDOUT; 308 309 response = &kbd_dev->protocol_resp; 310 proto_status = __le32_to_cpu(response->proto_status); 311 if (!(proto_status & PROTOCOL_ACCEPTED)) { 312 dev_err(&hv_dev->device, 313 "synth_kbd protocol request failed (version %d)\n", 314 SYNTH_KBD_VERSION); 315 return -ENODEV; 316 } 317 318 return 0; 319 } 320 321 static int hv_kbd_start(struct serio *serio) 322 { 323 struct hv_kbd_dev *kbd_dev = serio->port_data; 324 unsigned long flags; 325 326 spin_lock_irqsave(&kbd_dev->lock, flags); 327 kbd_dev->started = true; 328 spin_unlock_irqrestore(&kbd_dev->lock, flags); 329 330 return 0; 331 } 332 333 static void hv_kbd_stop(struct serio *serio) 334 { 335 struct hv_kbd_dev *kbd_dev = serio->port_data; 336 unsigned long flags; 337 338 spin_lock_irqsave(&kbd_dev->lock, flags); 339 kbd_dev->started = false; 340 spin_unlock_irqrestore(&kbd_dev->lock, flags); 341 } 342 343 static int hv_kbd_probe(struct hv_device *hv_dev, 344 const struct hv_vmbus_device_id *dev_id) 345 { 346 struct hv_kbd_dev *kbd_dev; 347 struct serio *hv_serio; 348 int error; 349 350 kbd_dev = kzalloc(sizeof(struct hv_kbd_dev), GFP_KERNEL); 351 hv_serio = kzalloc(sizeof(struct serio), GFP_KERNEL); 352 if (!kbd_dev || !hv_serio) { 353 error = -ENOMEM; 354 goto err_free_mem; 355 } 356 357 kbd_dev->hv_dev = hv_dev; 358 kbd_dev->hv_serio = hv_serio; 359 spin_lock_init(&kbd_dev->lock); 360 init_completion(&kbd_dev->wait_event); 361 hv_set_drvdata(hv_dev, kbd_dev); 362 363 hv_serio->dev.parent = &hv_dev->device; 364 hv_serio->id.type = SERIO_8042_XL; 365 hv_serio->port_data = kbd_dev; 366 strlcpy(hv_serio->name, dev_name(&hv_dev->device), 367 sizeof(hv_serio->name)); 368 strlcpy(hv_serio->phys, dev_name(&hv_dev->device), 369 sizeof(hv_serio->phys)); 370 371 hv_serio->start = hv_kbd_start; 372 hv_serio->stop = hv_kbd_stop; 373 374 error = vmbus_open(hv_dev->channel, 375 KBD_VSC_SEND_RING_BUFFER_SIZE, 376 KBD_VSC_RECV_RING_BUFFER_SIZE, 377 NULL, 0, 378 hv_kbd_on_channel_callback, 379 hv_dev); 380 if (error) 381 goto err_free_mem; 382 383 error = hv_kbd_connect_to_vsp(hv_dev); 384 if (error) 385 goto err_close_vmbus; 386 387 serio_register_port(kbd_dev->hv_serio); 388 389 device_init_wakeup(&hv_dev->device, true); 390 391 return 0; 392 393 err_close_vmbus: 394 vmbus_close(hv_dev->channel); 395 err_free_mem: 396 kfree(hv_serio); 397 kfree(kbd_dev); 398 return error; 399 } 400 401 static int hv_kbd_remove(struct hv_device *hv_dev) 402 { 403 struct hv_kbd_dev *kbd_dev = hv_get_drvdata(hv_dev); 404 405 serio_unregister_port(kbd_dev->hv_serio); 406 vmbus_close(hv_dev->channel); 407 kfree(kbd_dev); 408 409 hv_set_drvdata(hv_dev, NULL); 410 411 return 0; 412 } 413 414 static const struct hv_vmbus_device_id id_table[] = { 415 /* Keyboard guid */ 416 { HV_KBD_GUID, }, 417 { }, 418 }; 419 420 MODULE_DEVICE_TABLE(vmbus, id_table); 421 422 static struct hv_driver hv_kbd_drv = { 423 .name = KBUILD_MODNAME, 424 .id_table = id_table, 425 .probe = hv_kbd_probe, 426 .remove = hv_kbd_remove, 427 }; 428 429 static int __init hv_kbd_init(void) 430 { 431 return vmbus_driver_register(&hv_kbd_drv); 432 } 433 434 static void __exit hv_kbd_exit(void) 435 { 436 vmbus_driver_unregister(&hv_kbd_drv); 437 } 438 439 MODULE_LICENSE("GPL"); 440 module_init(hv_kbd_init); 441 module_exit(hv_kbd_exit); 442