1 /* 2 * Copyright (c) 2013, Microsoft Corporation. 3 * 4 * This program is free software; you can redistribute it and/or modify it 5 * under the terms and conditions of the GNU General Public License, 6 * version 2, as published by the Free Software Foundation. 7 * 8 * This program is distributed in the hope it will be useful, but WITHOUT 9 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 10 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for 11 * more details. 12 */ 13 14 #include <linux/init.h> 15 #include <linux/module.h> 16 #include <linux/device.h> 17 #include <linux/completion.h> 18 #include <linux/hyperv.h> 19 #include <linux/serio.h> 20 #include <linux/slab.h> 21 22 /* 23 * Current version 1.0 24 * 25 */ 26 #define SYNTH_KBD_VERSION_MAJOR 1 27 #define SYNTH_KBD_VERSION_MINOR 0 28 #define SYNTH_KBD_VERSION (SYNTH_KBD_VERSION_MINOR | \ 29 (SYNTH_KBD_VERSION_MAJOR << 16)) 30 31 32 /* 33 * Message types in the synthetic input protocol 34 */ 35 enum synth_kbd_msg_type { 36 SYNTH_KBD_PROTOCOL_REQUEST = 1, 37 SYNTH_KBD_PROTOCOL_RESPONSE = 2, 38 SYNTH_KBD_EVENT = 3, 39 SYNTH_KBD_LED_INDICATORS = 4, 40 }; 41 42 /* 43 * Basic message structures. 44 */ 45 struct synth_kbd_msg_hdr { 46 __le32 type; 47 }; 48 49 struct synth_kbd_msg { 50 struct synth_kbd_msg_hdr header; 51 char data[]; /* Enclosed message */ 52 }; 53 54 union synth_kbd_version { 55 __le32 version; 56 }; 57 58 /* 59 * Protocol messages 60 */ 61 struct synth_kbd_protocol_request { 62 struct synth_kbd_msg_hdr header; 63 union synth_kbd_version version_requested; 64 }; 65 66 #define PROTOCOL_ACCEPTED BIT(0) 67 struct synth_kbd_protocol_response { 68 struct synth_kbd_msg_hdr header; 69 __le32 proto_status; 70 }; 71 72 #define IS_UNICODE BIT(0) 73 #define IS_BREAK BIT(1) 74 #define IS_E0 BIT(2) 75 #define IS_E1 BIT(3) 76 struct synth_kbd_keystroke { 77 struct synth_kbd_msg_hdr header; 78 __le16 make_code; 79 __le16 reserved0; 80 __le32 info; /* Additional information */ 81 }; 82 83 84 #define HK_MAXIMUM_MESSAGE_SIZE 256 85 86 #define KBD_VSC_SEND_RING_BUFFER_SIZE (10 * PAGE_SIZE) 87 #define KBD_VSC_RECV_RING_BUFFER_SIZE (10 * PAGE_SIZE) 88 89 #define XTKBD_EMUL0 0xe0 90 #define XTKBD_EMUL1 0xe1 91 #define XTKBD_RELEASE 0x80 92 93 94 /* 95 * Represents a keyboard device 96 */ 97 struct hv_kbd_dev { 98 struct hv_device *hv_dev; 99 struct serio *hv_serio; 100 struct synth_kbd_protocol_request protocol_req; 101 struct synth_kbd_protocol_response protocol_resp; 102 /* Synchronize the request/response if needed */ 103 struct completion wait_event; 104 spinlock_t lock; /* protects 'started' field */ 105 bool started; 106 }; 107 108 static void hv_kbd_on_receive(struct hv_device *hv_dev, 109 struct synth_kbd_msg *msg, u32 msg_length) 110 { 111 struct hv_kbd_dev *kbd_dev = hv_get_drvdata(hv_dev); 112 struct synth_kbd_keystroke *ks_msg; 113 unsigned long flags; 114 u32 msg_type = __le32_to_cpu(msg->header.type); 115 u32 info; 116 u16 scan_code; 117 118 switch (msg_type) { 119 case SYNTH_KBD_PROTOCOL_RESPONSE: 120 /* 121 * Validate the information provided by the host. 122 * If the host is giving us a bogus packet, 123 * drop the packet (hoping the problem 124 * goes away). 125 */ 126 if (msg_length < sizeof(struct synth_kbd_protocol_response)) { 127 dev_err(&hv_dev->device, 128 "Illegal protocol response packet (len: %d)\n", 129 msg_length); 130 break; 131 } 132 133 memcpy(&kbd_dev->protocol_resp, msg, 134 sizeof(struct synth_kbd_protocol_response)); 135 complete(&kbd_dev->wait_event); 136 break; 137 138 case SYNTH_KBD_EVENT: 139 /* 140 * Validate the information provided by the host. 141 * If the host is giving us a bogus packet, 142 * drop the packet (hoping the problem 143 * goes away). 144 */ 145 if (msg_length < sizeof(struct synth_kbd_keystroke)) { 146 dev_err(&hv_dev->device, 147 "Illegal keyboard event packet (len: %d)\n", 148 msg_length); 149 break; 150 } 151 152 ks_msg = (struct synth_kbd_keystroke *)msg; 153 info = __le32_to_cpu(ks_msg->info); 154 155 /* 156 * Inject the information through the serio interrupt. 157 */ 158 spin_lock_irqsave(&kbd_dev->lock, flags); 159 if (kbd_dev->started) { 160 if (info & IS_E0) 161 serio_interrupt(kbd_dev->hv_serio, 162 XTKBD_EMUL0, 0); 163 if (info & IS_E1) 164 serio_interrupt(kbd_dev->hv_serio, 165 XTKBD_EMUL1, 0); 166 scan_code = __le16_to_cpu(ks_msg->make_code); 167 if (info & IS_BREAK) 168 scan_code |= XTKBD_RELEASE; 169 170 serio_interrupt(kbd_dev->hv_serio, scan_code, 0); 171 } 172 spin_unlock_irqrestore(&kbd_dev->lock, flags); 173 break; 174 175 default: 176 dev_err(&hv_dev->device, 177 "unhandled message type %d\n", msg_type); 178 } 179 } 180 181 static void hv_kbd_handle_received_packet(struct hv_device *hv_dev, 182 struct vmpacket_descriptor *desc, 183 u32 bytes_recvd, 184 u64 req_id) 185 { 186 struct synth_kbd_msg *msg; 187 u32 msg_sz; 188 189 switch (desc->type) { 190 case VM_PKT_COMP: 191 break; 192 193 case VM_PKT_DATA_INBAND: 194 /* 195 * We have a packet that has "inband" data. The API used 196 * for retrieving the packet guarantees that the complete 197 * packet is read. So, minimally, we should be able to 198 * parse the payload header safely (assuming that the host 199 * can be trusted. Trusting the host seems to be a 200 * reasonable assumption because in a virtualized 201 * environment there is not whole lot you can do if you 202 * don't trust the host. 203 * 204 * Nonetheless, let us validate if the host can be trusted 205 * (in a trivial way). The interesting aspect of this 206 * validation is how do you recover if we discover that the 207 * host is not to be trusted? Simply dropping the packet, I 208 * don't think is an appropriate recovery. In the interest 209 * of failing fast, it may be better to crash the guest. 210 * For now, I will just drop the packet! 211 */ 212 213 msg_sz = bytes_recvd - (desc->offset8 << 3); 214 if (msg_sz <= sizeof(struct synth_kbd_msg_hdr)) { 215 /* 216 * Drop the packet and hope 217 * the problem magically goes away. 218 */ 219 dev_err(&hv_dev->device, 220 "Illegal packet (type: %d, tid: %llx, size: %d)\n", 221 desc->type, req_id, msg_sz); 222 break; 223 } 224 225 msg = (void *)desc + (desc->offset8 << 3); 226 hv_kbd_on_receive(hv_dev, msg, msg_sz); 227 break; 228 229 default: 230 dev_err(&hv_dev->device, 231 "unhandled packet type %d, tid %llx len %d\n", 232 desc->type, req_id, bytes_recvd); 233 break; 234 } 235 } 236 237 static void hv_kbd_on_channel_callback(void *context) 238 { 239 struct hv_device *hv_dev = context; 240 void *buffer; 241 int bufferlen = 0x100; /* Start with sensible size */ 242 u32 bytes_recvd; 243 u64 req_id; 244 int error; 245 246 buffer = kmalloc(bufferlen, GFP_ATOMIC); 247 if (!buffer) 248 return; 249 250 while (1) { 251 error = vmbus_recvpacket_raw(hv_dev->channel, buffer, bufferlen, 252 &bytes_recvd, &req_id); 253 switch (error) { 254 case 0: 255 if (bytes_recvd == 0) { 256 kfree(buffer); 257 return; 258 } 259 260 hv_kbd_handle_received_packet(hv_dev, buffer, 261 bytes_recvd, req_id); 262 break; 263 264 case -ENOBUFS: 265 kfree(buffer); 266 /* Handle large packet */ 267 bufferlen = bytes_recvd; 268 buffer = kmalloc(bytes_recvd, GFP_ATOMIC); 269 if (!buffer) 270 return; 271 break; 272 } 273 } 274 } 275 276 static int hv_kbd_connect_to_vsp(struct hv_device *hv_dev) 277 { 278 struct hv_kbd_dev *kbd_dev = hv_get_drvdata(hv_dev); 279 struct synth_kbd_protocol_request *request; 280 struct synth_kbd_protocol_response *response; 281 u32 proto_status; 282 int error; 283 284 request = &kbd_dev->protocol_req; 285 memset(request, 0, sizeof(struct synth_kbd_protocol_request)); 286 request->header.type = __cpu_to_le32(SYNTH_KBD_PROTOCOL_REQUEST); 287 request->version_requested.version = __cpu_to_le32(SYNTH_KBD_VERSION); 288 289 error = vmbus_sendpacket(hv_dev->channel, request, 290 sizeof(struct synth_kbd_protocol_request), 291 (unsigned long)request, 292 VM_PKT_DATA_INBAND, 293 VMBUS_DATA_PACKET_FLAG_COMPLETION_REQUESTED); 294 if (error) 295 return error; 296 297 if (!wait_for_completion_timeout(&kbd_dev->wait_event, 10 * HZ)) 298 return -ETIMEDOUT; 299 300 response = &kbd_dev->protocol_resp; 301 proto_status = __le32_to_cpu(response->proto_status); 302 if (!(proto_status & PROTOCOL_ACCEPTED)) { 303 dev_err(&hv_dev->device, 304 "synth_kbd protocol request failed (version %d)\n", 305 SYNTH_KBD_VERSION); 306 return -ENODEV; 307 } 308 309 return 0; 310 } 311 312 static int hv_kbd_start(struct serio *serio) 313 { 314 struct hv_kbd_dev *kbd_dev = serio->port_data; 315 unsigned long flags; 316 317 spin_lock_irqsave(&kbd_dev->lock, flags); 318 kbd_dev->started = true; 319 spin_unlock_irqrestore(&kbd_dev->lock, flags); 320 321 return 0; 322 } 323 324 static void hv_kbd_stop(struct serio *serio) 325 { 326 struct hv_kbd_dev *kbd_dev = serio->port_data; 327 unsigned long flags; 328 329 spin_lock_irqsave(&kbd_dev->lock, flags); 330 kbd_dev->started = false; 331 spin_unlock_irqrestore(&kbd_dev->lock, flags); 332 } 333 334 static int hv_kbd_probe(struct hv_device *hv_dev, 335 const struct hv_vmbus_device_id *dev_id) 336 { 337 struct hv_kbd_dev *kbd_dev; 338 struct serio *hv_serio; 339 int error; 340 341 kbd_dev = kzalloc(sizeof(struct hv_kbd_dev), GFP_KERNEL); 342 hv_serio = kzalloc(sizeof(struct serio), GFP_KERNEL); 343 if (!kbd_dev || !hv_serio) { 344 error = -ENOMEM; 345 goto err_free_mem; 346 } 347 348 kbd_dev->hv_dev = hv_dev; 349 kbd_dev->hv_serio = hv_serio; 350 spin_lock_init(&kbd_dev->lock); 351 init_completion(&kbd_dev->wait_event); 352 hv_set_drvdata(hv_dev, kbd_dev); 353 354 hv_serio->dev.parent = &hv_dev->device; 355 hv_serio->id.type = SERIO_8042_XL; 356 hv_serio->port_data = kbd_dev; 357 strlcpy(hv_serio->name, dev_name(&hv_dev->device), 358 sizeof(hv_serio->name)); 359 strlcpy(hv_serio->phys, dev_name(&hv_dev->device), 360 sizeof(hv_serio->phys)); 361 362 hv_serio->start = hv_kbd_start; 363 hv_serio->stop = hv_kbd_stop; 364 365 error = vmbus_open(hv_dev->channel, 366 KBD_VSC_SEND_RING_BUFFER_SIZE, 367 KBD_VSC_RECV_RING_BUFFER_SIZE, 368 NULL, 0, 369 hv_kbd_on_channel_callback, 370 hv_dev); 371 if (error) 372 goto err_free_mem; 373 374 error = hv_kbd_connect_to_vsp(hv_dev); 375 if (error) 376 goto err_close_vmbus; 377 378 serio_register_port(kbd_dev->hv_serio); 379 return 0; 380 381 err_close_vmbus: 382 vmbus_close(hv_dev->channel); 383 err_free_mem: 384 kfree(hv_serio); 385 kfree(kbd_dev); 386 return error; 387 } 388 389 static int hv_kbd_remove(struct hv_device *hv_dev) 390 { 391 struct hv_kbd_dev *kbd_dev = hv_get_drvdata(hv_dev); 392 393 serio_unregister_port(kbd_dev->hv_serio); 394 vmbus_close(hv_dev->channel); 395 kfree(kbd_dev); 396 397 hv_set_drvdata(hv_dev, NULL); 398 399 return 0; 400 } 401 402 /* 403 * Keyboard GUID 404 * {f912ad6d-2b17-48ea-bd65-f927a61c7684} 405 */ 406 #define HV_KBD_GUID \ 407 .guid = { \ 408 0x6d, 0xad, 0x12, 0xf9, 0x17, 0x2b, 0xea, 0x48, \ 409 0xbd, 0x65, 0xf9, 0x27, 0xa6, 0x1c, 0x76, 0x84 \ 410 } 411 412 static const struct hv_vmbus_device_id id_table[] = { 413 /* Keyboard guid */ 414 { HV_KBD_GUID, }, 415 { }, 416 }; 417 418 MODULE_DEVICE_TABLE(vmbus, id_table); 419 420 static struct hv_driver hv_kbd_drv = { 421 .name = KBUILD_MODNAME, 422 .id_table = id_table, 423 .probe = hv_kbd_probe, 424 .remove = hv_kbd_remove, 425 }; 426 427 static int __init hv_kbd_init(void) 428 { 429 return vmbus_driver_register(&hv_kbd_drv); 430 } 431 432 static void __exit hv_kbd_exit(void) 433 { 434 vmbus_driver_unregister(&hv_kbd_drv); 435 } 436 437 MODULE_LICENSE("GPL"); 438 module_init(hv_kbd_init); 439 module_exit(hv_kbd_exit); 440