1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3  *  Copyright (c) 2013, Microsoft Corporation.
4  */
5 
6 #include <linux/init.h>
7 #include <linux/module.h>
8 #include <linux/device.h>
9 #include <linux/completion.h>
10 #include <linux/hyperv.h>
11 #include <linux/serio.h>
12 #include <linux/slab.h>
13 
14 /*
15  * Current version 1.0
16  *
17  */
18 #define SYNTH_KBD_VERSION_MAJOR 1
19 #define SYNTH_KBD_VERSION_MINOR	0
20 #define SYNTH_KBD_VERSION		(SYNTH_KBD_VERSION_MINOR | \
21 					 (SYNTH_KBD_VERSION_MAJOR << 16))
22 
23 
24 /*
25  * Message types in the synthetic input protocol
26  */
27 enum synth_kbd_msg_type {
28 	SYNTH_KBD_PROTOCOL_REQUEST = 1,
29 	SYNTH_KBD_PROTOCOL_RESPONSE = 2,
30 	SYNTH_KBD_EVENT = 3,
31 	SYNTH_KBD_LED_INDICATORS = 4,
32 };
33 
34 /*
35  * Basic message structures.
36  */
37 struct synth_kbd_msg_hdr {
38 	__le32 type;
39 };
40 
41 struct synth_kbd_msg {
42 	struct synth_kbd_msg_hdr header;
43 	char data[]; /* Enclosed message */
44 };
45 
46 union synth_kbd_version {
47 	__le32 version;
48 };
49 
50 /*
51  * Protocol messages
52  */
53 struct synth_kbd_protocol_request {
54 	struct synth_kbd_msg_hdr header;
55 	union synth_kbd_version version_requested;
56 };
57 
58 #define PROTOCOL_ACCEPTED	BIT(0)
59 struct synth_kbd_protocol_response {
60 	struct synth_kbd_msg_hdr header;
61 	__le32 proto_status;
62 };
63 
64 #define IS_UNICODE	BIT(0)
65 #define IS_BREAK	BIT(1)
66 #define IS_E0		BIT(2)
67 #define IS_E1		BIT(3)
68 struct synth_kbd_keystroke {
69 	struct synth_kbd_msg_hdr header;
70 	__le16 make_code;
71 	__le16 reserved0;
72 	__le32 info; /* Additional information */
73 };
74 
75 
76 #define HK_MAXIMUM_MESSAGE_SIZE 256
77 
78 #define KBD_VSC_SEND_RING_BUFFER_SIZE		(40 * 1024)
79 #define KBD_VSC_RECV_RING_BUFFER_SIZE		(40 * 1024)
80 
81 #define XTKBD_EMUL0     0xe0
82 #define XTKBD_EMUL1     0xe1
83 #define XTKBD_RELEASE   0x80
84 
85 
86 /*
87  * Represents a keyboard device
88  */
89 struct hv_kbd_dev {
90 	struct hv_device *hv_dev;
91 	struct serio *hv_serio;
92 	struct synth_kbd_protocol_request protocol_req;
93 	struct synth_kbd_protocol_response protocol_resp;
94 	/* Synchronize the request/response if needed */
95 	struct completion wait_event;
96 	spinlock_t lock; /* protects 'started' field */
97 	bool started;
98 };
99 
100 static void hv_kbd_on_receive(struct hv_device *hv_dev,
101 			      struct synth_kbd_msg *msg, u32 msg_length)
102 {
103 	struct hv_kbd_dev *kbd_dev = hv_get_drvdata(hv_dev);
104 	struct synth_kbd_keystroke *ks_msg;
105 	unsigned long flags;
106 	u32 msg_type = __le32_to_cpu(msg->header.type);
107 	u32 info;
108 	u16 scan_code;
109 
110 	switch (msg_type) {
111 	case SYNTH_KBD_PROTOCOL_RESPONSE:
112 		/*
113 		 * Validate the information provided by the host.
114 		 * If the host is giving us a bogus packet,
115 		 * drop the packet (hoping the problem
116 		 * goes away).
117 		 */
118 		if (msg_length < sizeof(struct synth_kbd_protocol_response)) {
119 			dev_err(&hv_dev->device,
120 				"Illegal protocol response packet (len: %d)\n",
121 				msg_length);
122 			break;
123 		}
124 
125 		memcpy(&kbd_dev->protocol_resp, msg,
126 			sizeof(struct synth_kbd_protocol_response));
127 		complete(&kbd_dev->wait_event);
128 		break;
129 
130 	case SYNTH_KBD_EVENT:
131 		/*
132 		 * Validate the information provided by the host.
133 		 * If the host is giving us a bogus packet,
134 		 * drop the packet (hoping the problem
135 		 * goes away).
136 		 */
137 		if (msg_length < sizeof(struct  synth_kbd_keystroke)) {
138 			dev_err(&hv_dev->device,
139 				"Illegal keyboard event packet (len: %d)\n",
140 				msg_length);
141 			break;
142 		}
143 
144 		ks_msg = (struct synth_kbd_keystroke *)msg;
145 		info = __le32_to_cpu(ks_msg->info);
146 
147 		/*
148 		 * Inject the information through the serio interrupt.
149 		 */
150 		spin_lock_irqsave(&kbd_dev->lock, flags);
151 		if (kbd_dev->started) {
152 			if (info & IS_E0)
153 				serio_interrupt(kbd_dev->hv_serio,
154 						XTKBD_EMUL0, 0);
155 			if (info & IS_E1)
156 				serio_interrupt(kbd_dev->hv_serio,
157 						XTKBD_EMUL1, 0);
158 			scan_code = __le16_to_cpu(ks_msg->make_code);
159 			if (info & IS_BREAK)
160 				scan_code |= XTKBD_RELEASE;
161 
162 			serio_interrupt(kbd_dev->hv_serio, scan_code, 0);
163 		}
164 		spin_unlock_irqrestore(&kbd_dev->lock, flags);
165 
166 		/*
167 		 * Only trigger a wakeup on key down, otherwise
168 		 * "echo freeze > /sys/power/state" can't really enter the
169 		 * state because the Enter-UP can trigger a wakeup at once.
170 		 */
171 		if (!(info & IS_BREAK))
172 			pm_wakeup_hard_event(&hv_dev->device);
173 
174 		break;
175 
176 	default:
177 		dev_err(&hv_dev->device,
178 			"unhandled message type %d\n", msg_type);
179 	}
180 }
181 
182 static void hv_kbd_handle_received_packet(struct hv_device *hv_dev,
183 					  struct vmpacket_descriptor *desc,
184 					  u32 bytes_recvd,
185 					  u64 req_id)
186 {
187 	struct synth_kbd_msg *msg;
188 	u32 msg_sz;
189 
190 	switch (desc->type) {
191 	case VM_PKT_COMP:
192 		break;
193 
194 	case VM_PKT_DATA_INBAND:
195 		/*
196 		 * We have a packet that has "inband" data. The API used
197 		 * for retrieving the packet guarantees that the complete
198 		 * packet is read. So, minimally, we should be able to
199 		 * parse the payload header safely (assuming that the host
200 		 * can be trusted.  Trusting the host seems to be a
201 		 * reasonable assumption because in a virtualized
202 		 * environment there is not whole lot you can do if you
203 		 * don't trust the host.
204 		 *
205 		 * Nonetheless, let us validate if the host can be trusted
206 		 * (in a trivial way).  The interesting aspect of this
207 		 * validation is how do you recover if we discover that the
208 		 * host is not to be trusted? Simply dropping the packet, I
209 		 * don't think is an appropriate recovery.  In the interest
210 		 * of failing fast, it may be better to crash the guest.
211 		 * For now, I will just drop the packet!
212 		 */
213 
214 		msg_sz = bytes_recvd - (desc->offset8 << 3);
215 		if (msg_sz <= sizeof(struct synth_kbd_msg_hdr)) {
216 			/*
217 			 * Drop the packet and hope
218 			 * the problem magically goes away.
219 			 */
220 			dev_err(&hv_dev->device,
221 				"Illegal packet (type: %d, tid: %llx, size: %d)\n",
222 				desc->type, req_id, msg_sz);
223 			break;
224 		}
225 
226 		msg = (void *)desc + (desc->offset8 << 3);
227 		hv_kbd_on_receive(hv_dev, msg, msg_sz);
228 		break;
229 
230 	default:
231 		dev_err(&hv_dev->device,
232 			"unhandled packet type %d, tid %llx len %d\n",
233 			desc->type, req_id, bytes_recvd);
234 		break;
235 	}
236 }
237 
238 static void hv_kbd_on_channel_callback(void *context)
239 {
240 	struct vmpacket_descriptor *desc;
241 	struct hv_device *hv_dev = context;
242 	u32 bytes_recvd;
243 	u64 req_id;
244 
245 	foreach_vmbus_pkt(desc, hv_dev->channel) {
246 		bytes_recvd = desc->len8 * 8;
247 		req_id = desc->trans_id;
248 
249 		hv_kbd_handle_received_packet(hv_dev, desc, bytes_recvd,
250 					      req_id);
251 	}
252 }
253 
254 static int hv_kbd_connect_to_vsp(struct hv_device *hv_dev)
255 {
256 	struct hv_kbd_dev *kbd_dev = hv_get_drvdata(hv_dev);
257 	struct synth_kbd_protocol_request *request;
258 	struct synth_kbd_protocol_response *response;
259 	u32 proto_status;
260 	int error;
261 
262 	reinit_completion(&kbd_dev->wait_event);
263 
264 	request = &kbd_dev->protocol_req;
265 	memset(request, 0, sizeof(struct synth_kbd_protocol_request));
266 	request->header.type = __cpu_to_le32(SYNTH_KBD_PROTOCOL_REQUEST);
267 	request->version_requested.version = __cpu_to_le32(SYNTH_KBD_VERSION);
268 
269 	error = vmbus_sendpacket(hv_dev->channel, request,
270 				 sizeof(struct synth_kbd_protocol_request),
271 				 (unsigned long)request,
272 				 VM_PKT_DATA_INBAND,
273 				 VMBUS_DATA_PACKET_FLAG_COMPLETION_REQUESTED);
274 	if (error)
275 		return error;
276 
277 	if (!wait_for_completion_timeout(&kbd_dev->wait_event, 10 * HZ))
278 		return -ETIMEDOUT;
279 
280 	response = &kbd_dev->protocol_resp;
281 	proto_status = __le32_to_cpu(response->proto_status);
282 	if (!(proto_status & PROTOCOL_ACCEPTED)) {
283 		dev_err(&hv_dev->device,
284 			"synth_kbd protocol request failed (version %d)\n",
285 		        SYNTH_KBD_VERSION);
286 		return -ENODEV;
287 	}
288 
289 	return 0;
290 }
291 
292 static int hv_kbd_start(struct serio *serio)
293 {
294 	struct hv_kbd_dev *kbd_dev = serio->port_data;
295 	unsigned long flags;
296 
297 	spin_lock_irqsave(&kbd_dev->lock, flags);
298 	kbd_dev->started = true;
299 	spin_unlock_irqrestore(&kbd_dev->lock, flags);
300 
301 	return 0;
302 }
303 
304 static void hv_kbd_stop(struct serio *serio)
305 {
306 	struct hv_kbd_dev *kbd_dev = serio->port_data;
307 	unsigned long flags;
308 
309 	spin_lock_irqsave(&kbd_dev->lock, flags);
310 	kbd_dev->started = false;
311 	spin_unlock_irqrestore(&kbd_dev->lock, flags);
312 }
313 
314 static int hv_kbd_probe(struct hv_device *hv_dev,
315 			const struct hv_vmbus_device_id *dev_id)
316 {
317 	struct hv_kbd_dev *kbd_dev;
318 	struct serio *hv_serio;
319 	int error;
320 
321 	kbd_dev = kzalloc(sizeof(struct hv_kbd_dev), GFP_KERNEL);
322 	hv_serio = kzalloc(sizeof(struct serio), GFP_KERNEL);
323 	if (!kbd_dev || !hv_serio) {
324 		error = -ENOMEM;
325 		goto err_free_mem;
326 	}
327 
328 	kbd_dev->hv_dev = hv_dev;
329 	kbd_dev->hv_serio = hv_serio;
330 	spin_lock_init(&kbd_dev->lock);
331 	init_completion(&kbd_dev->wait_event);
332 	hv_set_drvdata(hv_dev, kbd_dev);
333 
334 	hv_serio->dev.parent  = &hv_dev->device;
335 	hv_serio->id.type = SERIO_8042_XL;
336 	hv_serio->port_data = kbd_dev;
337 	strlcpy(hv_serio->name, dev_name(&hv_dev->device),
338 		sizeof(hv_serio->name));
339 	strlcpy(hv_serio->phys, dev_name(&hv_dev->device),
340 		sizeof(hv_serio->phys));
341 
342 	hv_serio->start = hv_kbd_start;
343 	hv_serio->stop = hv_kbd_stop;
344 
345 	error = vmbus_open(hv_dev->channel,
346 			   KBD_VSC_SEND_RING_BUFFER_SIZE,
347 			   KBD_VSC_RECV_RING_BUFFER_SIZE,
348 			   NULL, 0,
349 			   hv_kbd_on_channel_callback,
350 			   hv_dev);
351 	if (error)
352 		goto err_free_mem;
353 
354 	error = hv_kbd_connect_to_vsp(hv_dev);
355 	if (error)
356 		goto err_close_vmbus;
357 
358 	serio_register_port(kbd_dev->hv_serio);
359 
360 	device_init_wakeup(&hv_dev->device, true);
361 
362 	return 0;
363 
364 err_close_vmbus:
365 	vmbus_close(hv_dev->channel);
366 err_free_mem:
367 	kfree(hv_serio);
368 	kfree(kbd_dev);
369 	return error;
370 }
371 
372 static int hv_kbd_remove(struct hv_device *hv_dev)
373 {
374 	struct hv_kbd_dev *kbd_dev = hv_get_drvdata(hv_dev);
375 
376 	serio_unregister_port(kbd_dev->hv_serio);
377 	vmbus_close(hv_dev->channel);
378 	kfree(kbd_dev);
379 
380 	hv_set_drvdata(hv_dev, NULL);
381 
382 	return 0;
383 }
384 
385 static int hv_kbd_suspend(struct hv_device *hv_dev)
386 {
387 	vmbus_close(hv_dev->channel);
388 
389 	return 0;
390 }
391 
392 static int hv_kbd_resume(struct hv_device *hv_dev)
393 {
394 	int ret;
395 
396 	ret = vmbus_open(hv_dev->channel,
397 			 KBD_VSC_SEND_RING_BUFFER_SIZE,
398 			 KBD_VSC_RECV_RING_BUFFER_SIZE,
399 			 NULL, 0,
400 			 hv_kbd_on_channel_callback,
401 			 hv_dev);
402 	if (ret == 0)
403 		ret = hv_kbd_connect_to_vsp(hv_dev);
404 
405 	return ret;
406 }
407 
408 static const struct hv_vmbus_device_id id_table[] = {
409 	/* Keyboard guid */
410 	{ HV_KBD_GUID, },
411 	{ },
412 };
413 
414 MODULE_DEVICE_TABLE(vmbus, id_table);
415 
416 static struct  hv_driver hv_kbd_drv = {
417 	.name = KBUILD_MODNAME,
418 	.id_table = id_table,
419 	.probe = hv_kbd_probe,
420 	.remove = hv_kbd_remove,
421 	.suspend = hv_kbd_suspend,
422 	.resume = hv_kbd_resume,
423 	.driver = {
424 		.probe_type = PROBE_PREFER_ASYNCHRONOUS,
425 	},
426 };
427 
428 static int __init hv_kbd_init(void)
429 {
430 	return vmbus_driver_register(&hv_kbd_drv);
431 }
432 
433 static void __exit hv_kbd_exit(void)
434 {
435 	vmbus_driver_unregister(&hv_kbd_drv);
436 }
437 
438 MODULE_LICENSE("GPL");
439 MODULE_DESCRIPTION("Microsoft Hyper-V Synthetic Keyboard Driver");
440 
441 module_init(hv_kbd_init);
442 module_exit(hv_kbd_exit);
443