1 /* 2 * Copyright (c) 2013, Microsoft Corporation. 3 * 4 * This program is free software; you can redistribute it and/or modify it 5 * under the terms and conditions of the GNU General Public License, 6 * version 2, as published by the Free Software Foundation. 7 * 8 * This program is distributed in the hope it will be useful, but WITHOUT 9 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 10 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for 11 * more details. 12 */ 13 14 #include <linux/init.h> 15 #include <linux/module.h> 16 #include <linux/device.h> 17 #include <linux/completion.h> 18 #include <linux/hyperv.h> 19 #include <linux/serio.h> 20 #include <linux/slab.h> 21 22 /* 23 * Current version 1.0 24 * 25 */ 26 #define SYNTH_KBD_VERSION_MAJOR 1 27 #define SYNTH_KBD_VERSION_MINOR 0 28 #define SYNTH_KBD_VERSION (SYNTH_KBD_VERSION_MINOR | \ 29 (SYNTH_KBD_VERSION_MAJOR << 16)) 30 31 32 /* 33 * Message types in the synthetic input protocol 34 */ 35 enum synth_kbd_msg_type { 36 SYNTH_KBD_PROTOCOL_REQUEST = 1, 37 SYNTH_KBD_PROTOCOL_RESPONSE = 2, 38 SYNTH_KBD_EVENT = 3, 39 SYNTH_KBD_LED_INDICATORS = 4, 40 }; 41 42 /* 43 * Basic message structures. 44 */ 45 struct synth_kbd_msg_hdr { 46 __le32 type; 47 }; 48 49 struct synth_kbd_msg { 50 struct synth_kbd_msg_hdr header; 51 char data[]; /* Enclosed message */ 52 }; 53 54 union synth_kbd_version { 55 __le32 version; 56 }; 57 58 /* 59 * Protocol messages 60 */ 61 struct synth_kbd_protocol_request { 62 struct synth_kbd_msg_hdr header; 63 union synth_kbd_version version_requested; 64 }; 65 66 #define PROTOCOL_ACCEPTED BIT(0) 67 struct synth_kbd_protocol_response { 68 struct synth_kbd_msg_hdr header; 69 __le32 proto_status; 70 }; 71 72 #define IS_UNICODE BIT(0) 73 #define IS_BREAK BIT(1) 74 #define IS_E0 BIT(2) 75 #define IS_E1 BIT(3) 76 struct synth_kbd_keystroke { 77 struct synth_kbd_msg_hdr header; 78 __le16 make_code; 79 __le16 reserved0; 80 __le32 info; /* Additional information */ 81 }; 82 83 84 #define HK_MAXIMUM_MESSAGE_SIZE 256 85 86 #define KBD_VSC_SEND_RING_BUFFER_SIZE (10 * PAGE_SIZE) 87 #define KBD_VSC_RECV_RING_BUFFER_SIZE (10 * PAGE_SIZE) 88 89 #define XTKBD_EMUL0 0xe0 90 #define XTKBD_EMUL1 0xe1 91 #define XTKBD_RELEASE 0x80 92 93 94 /* 95 * Represents a keyboard device 96 */ 97 struct hv_kbd_dev { 98 struct hv_device *hv_dev; 99 struct serio *hv_serio; 100 struct synth_kbd_protocol_request protocol_req; 101 struct synth_kbd_protocol_response protocol_resp; 102 /* Synchronize the request/response if needed */ 103 struct completion wait_event; 104 spinlock_t lock; /* protects 'started' field */ 105 bool started; 106 }; 107 108 static void hv_kbd_on_receive(struct hv_device *hv_dev, 109 struct synth_kbd_msg *msg, u32 msg_length) 110 { 111 struct hv_kbd_dev *kbd_dev = hv_get_drvdata(hv_dev); 112 struct synth_kbd_keystroke *ks_msg; 113 unsigned long flags; 114 u32 msg_type = __le32_to_cpu(msg->header.type); 115 u32 info; 116 u16 scan_code; 117 118 switch (msg_type) { 119 case SYNTH_KBD_PROTOCOL_RESPONSE: 120 /* 121 * Validate the information provided by the host. 122 * If the host is giving us a bogus packet, 123 * drop the packet (hoping the problem 124 * goes away). 125 */ 126 if (msg_length < sizeof(struct synth_kbd_protocol_response)) { 127 dev_err(&hv_dev->device, 128 "Illegal protocol response packet (len: %d)\n", 129 msg_length); 130 break; 131 } 132 133 memcpy(&kbd_dev->protocol_resp, msg, 134 sizeof(struct synth_kbd_protocol_response)); 135 complete(&kbd_dev->wait_event); 136 break; 137 138 case SYNTH_KBD_EVENT: 139 /* 140 * Validate the information provided by the host. 141 * If the host is giving us a bogus packet, 142 * drop the packet (hoping the problem 143 * goes away). 144 */ 145 if (msg_length < sizeof(struct synth_kbd_keystroke)) { 146 dev_err(&hv_dev->device, 147 "Illegal keyboard event packet (len: %d)\n", 148 msg_length); 149 break; 150 } 151 152 ks_msg = (struct synth_kbd_keystroke *)msg; 153 info = __le32_to_cpu(ks_msg->info); 154 155 /* 156 * Inject the information through the serio interrupt. 157 */ 158 spin_lock_irqsave(&kbd_dev->lock, flags); 159 if (kbd_dev->started) { 160 if (info & IS_E0) 161 serio_interrupt(kbd_dev->hv_serio, 162 XTKBD_EMUL0, 0); 163 164 scan_code = __le16_to_cpu(ks_msg->make_code); 165 if (info & IS_BREAK) 166 scan_code |= XTKBD_RELEASE; 167 168 serio_interrupt(kbd_dev->hv_serio, scan_code, 0); 169 } 170 spin_unlock_irqrestore(&kbd_dev->lock, flags); 171 break; 172 173 default: 174 dev_err(&hv_dev->device, 175 "unhandled message type %d\n", msg_type); 176 } 177 } 178 179 static void hv_kbd_handle_received_packet(struct hv_device *hv_dev, 180 struct vmpacket_descriptor *desc, 181 u32 bytes_recvd, 182 u64 req_id) 183 { 184 struct synth_kbd_msg *msg; 185 u32 msg_sz; 186 187 switch (desc->type) { 188 case VM_PKT_COMP: 189 break; 190 191 case VM_PKT_DATA_INBAND: 192 /* 193 * We have a packet that has "inband" data. The API used 194 * for retrieving the packet guarantees that the complete 195 * packet is read. So, minimally, we should be able to 196 * parse the payload header safely (assuming that the host 197 * can be trusted. Trusting the host seems to be a 198 * reasonable assumption because in a virtualized 199 * environment there is not whole lot you can do if you 200 * don't trust the host. 201 * 202 * Nonetheless, let us validate if the host can be trusted 203 * (in a trivial way). The interesting aspect of this 204 * validation is how do you recover if we discover that the 205 * host is not to be trusted? Simply dropping the packet, I 206 * don't think is an appropriate recovery. In the interest 207 * of failing fast, it may be better to crash the guest. 208 * For now, I will just drop the packet! 209 */ 210 211 msg_sz = bytes_recvd - (desc->offset8 << 3); 212 if (msg_sz <= sizeof(struct synth_kbd_msg_hdr)) { 213 /* 214 * Drop the packet and hope 215 * the problem magically goes away. 216 */ 217 dev_err(&hv_dev->device, 218 "Illegal packet (type: %d, tid: %llx, size: %d)\n", 219 desc->type, req_id, msg_sz); 220 break; 221 } 222 223 msg = (void *)desc + (desc->offset8 << 3); 224 hv_kbd_on_receive(hv_dev, msg, msg_sz); 225 break; 226 227 default: 228 dev_err(&hv_dev->device, 229 "unhandled packet type %d, tid %llx len %d\n", 230 desc->type, req_id, bytes_recvd); 231 break; 232 } 233 } 234 235 static void hv_kbd_on_channel_callback(void *context) 236 { 237 struct hv_device *hv_dev = context; 238 void *buffer; 239 int bufferlen = 0x100; /* Start with sensible size */ 240 u32 bytes_recvd; 241 u64 req_id; 242 int error; 243 244 buffer = kmalloc(bufferlen, GFP_ATOMIC); 245 if (!buffer) 246 return; 247 248 while (1) { 249 error = vmbus_recvpacket_raw(hv_dev->channel, buffer, bufferlen, 250 &bytes_recvd, &req_id); 251 switch (error) { 252 case 0: 253 if (bytes_recvd == 0) { 254 kfree(buffer); 255 return; 256 } 257 258 hv_kbd_handle_received_packet(hv_dev, buffer, 259 bytes_recvd, req_id); 260 break; 261 262 case -ENOBUFS: 263 kfree(buffer); 264 /* Handle large packet */ 265 bufferlen = bytes_recvd; 266 buffer = kmalloc(bytes_recvd, GFP_ATOMIC); 267 if (!buffer) 268 return; 269 break; 270 } 271 } 272 } 273 274 static int hv_kbd_connect_to_vsp(struct hv_device *hv_dev) 275 { 276 struct hv_kbd_dev *kbd_dev = hv_get_drvdata(hv_dev); 277 struct synth_kbd_protocol_request *request; 278 struct synth_kbd_protocol_response *response; 279 u32 proto_status; 280 int error; 281 282 request = &kbd_dev->protocol_req; 283 memset(request, 0, sizeof(struct synth_kbd_protocol_request)); 284 request->header.type = __cpu_to_le32(SYNTH_KBD_PROTOCOL_REQUEST); 285 request->version_requested.version = __cpu_to_le32(SYNTH_KBD_VERSION); 286 287 error = vmbus_sendpacket(hv_dev->channel, request, 288 sizeof(struct synth_kbd_protocol_request), 289 (unsigned long)request, 290 VM_PKT_DATA_INBAND, 291 VMBUS_DATA_PACKET_FLAG_COMPLETION_REQUESTED); 292 if (error) 293 return error; 294 295 if (!wait_for_completion_timeout(&kbd_dev->wait_event, 10 * HZ)) 296 return -ETIMEDOUT; 297 298 response = &kbd_dev->protocol_resp; 299 proto_status = __le32_to_cpu(response->proto_status); 300 if (!(proto_status & PROTOCOL_ACCEPTED)) { 301 dev_err(&hv_dev->device, 302 "synth_kbd protocol request failed (version %d)\n", 303 SYNTH_KBD_VERSION); 304 return -ENODEV; 305 } 306 307 return 0; 308 } 309 310 static int hv_kbd_start(struct serio *serio) 311 { 312 struct hv_kbd_dev *kbd_dev = serio->port_data; 313 unsigned long flags; 314 315 spin_lock_irqsave(&kbd_dev->lock, flags); 316 kbd_dev->started = true; 317 spin_unlock_irqrestore(&kbd_dev->lock, flags); 318 319 return 0; 320 } 321 322 static void hv_kbd_stop(struct serio *serio) 323 { 324 struct hv_kbd_dev *kbd_dev = serio->port_data; 325 unsigned long flags; 326 327 spin_lock_irqsave(&kbd_dev->lock, flags); 328 kbd_dev->started = false; 329 spin_unlock_irqrestore(&kbd_dev->lock, flags); 330 } 331 332 static int hv_kbd_probe(struct hv_device *hv_dev, 333 const struct hv_vmbus_device_id *dev_id) 334 { 335 struct hv_kbd_dev *kbd_dev; 336 struct serio *hv_serio; 337 int error; 338 339 kbd_dev = kzalloc(sizeof(struct hv_kbd_dev), GFP_KERNEL); 340 hv_serio = kzalloc(sizeof(struct serio), GFP_KERNEL); 341 if (!kbd_dev || !hv_serio) { 342 error = -ENOMEM; 343 goto err_free_mem; 344 } 345 346 kbd_dev->hv_dev = hv_dev; 347 kbd_dev->hv_serio = hv_serio; 348 spin_lock_init(&kbd_dev->lock); 349 init_completion(&kbd_dev->wait_event); 350 hv_set_drvdata(hv_dev, kbd_dev); 351 352 hv_serio->dev.parent = &hv_dev->device; 353 hv_serio->id.type = SERIO_8042_XL; 354 hv_serio->port_data = kbd_dev; 355 strlcpy(hv_serio->name, dev_name(&hv_dev->device), 356 sizeof(hv_serio->name)); 357 strlcpy(hv_serio->phys, dev_name(&hv_dev->device), 358 sizeof(hv_serio->phys)); 359 360 hv_serio->start = hv_kbd_start; 361 hv_serio->stop = hv_kbd_stop; 362 363 error = vmbus_open(hv_dev->channel, 364 KBD_VSC_SEND_RING_BUFFER_SIZE, 365 KBD_VSC_RECV_RING_BUFFER_SIZE, 366 NULL, 0, 367 hv_kbd_on_channel_callback, 368 hv_dev); 369 if (error) 370 goto err_free_mem; 371 372 error = hv_kbd_connect_to_vsp(hv_dev); 373 if (error) 374 goto err_close_vmbus; 375 376 serio_register_port(kbd_dev->hv_serio); 377 return 0; 378 379 err_close_vmbus: 380 vmbus_close(hv_dev->channel); 381 err_free_mem: 382 kfree(hv_serio); 383 kfree(kbd_dev); 384 return error; 385 } 386 387 static int hv_kbd_remove(struct hv_device *hv_dev) 388 { 389 struct hv_kbd_dev *kbd_dev = hv_get_drvdata(hv_dev); 390 391 serio_unregister_port(kbd_dev->hv_serio); 392 vmbus_close(hv_dev->channel); 393 kfree(kbd_dev); 394 395 hv_set_drvdata(hv_dev, NULL); 396 397 return 0; 398 } 399 400 /* 401 * Keyboard GUID 402 * {f912ad6d-2b17-48ea-bd65-f927a61c7684} 403 */ 404 #define HV_KBD_GUID \ 405 .guid = { \ 406 0x6d, 0xad, 0x12, 0xf9, 0x17, 0x2b, 0xea, 0x48, \ 407 0xbd, 0x65, 0xf9, 0x27, 0xa6, 0x1c, 0x76, 0x84 \ 408 } 409 410 static const struct hv_vmbus_device_id id_table[] = { 411 /* Keyboard guid */ 412 { HV_KBD_GUID, }, 413 { }, 414 }; 415 416 MODULE_DEVICE_TABLE(vmbus, id_table); 417 418 static struct hv_driver hv_kbd_drv = { 419 .name = KBUILD_MODNAME, 420 .id_table = id_table, 421 .probe = hv_kbd_probe, 422 .remove = hv_kbd_remove, 423 }; 424 425 static int __init hv_kbd_init(void) 426 { 427 return vmbus_driver_register(&hv_kbd_drv); 428 } 429 430 static void __exit hv_kbd_exit(void) 431 { 432 vmbus_driver_unregister(&hv_kbd_drv); 433 } 434 435 MODULE_LICENSE("GPL"); 436 module_init(hv_kbd_init); 437 module_exit(hv_kbd_exit); 438