1/* 2 * Copyright (c) 2013, Microsoft Corporation. 3 * 4 * This program is free software; you can redistribute it and/or modify it 5 * under the terms and conditions of the GNU General Public License, 6 * version 2, as published by the Free Software Foundation. 7 * 8 * This program is distributed in the hope it will be useful, but WITHOUT 9 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 10 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for 11 * more details. 12 */ 13 14#include <linux/init.h> 15#include <linux/module.h> 16#include <linux/device.h> 17#include <linux/completion.h> 18#include <linux/hyperv.h> 19#include <linux/serio.h> 20#include <linux/slab.h> 21 22/* 23 * Current version 1.0 24 * 25 */ 26#define SYNTH_KBD_VERSION_MAJOR 1 27#define SYNTH_KBD_VERSION_MINOR 0 28#define SYNTH_KBD_VERSION (SYNTH_KBD_VERSION_MINOR | \ 29 (SYNTH_KBD_VERSION_MAJOR << 16)) 30 31 32/* 33 * Message types in the synthetic input protocol 34 */ 35enum synth_kbd_msg_type { 36 SYNTH_KBD_PROTOCOL_REQUEST = 1, 37 SYNTH_KBD_PROTOCOL_RESPONSE = 2, 38 SYNTH_KBD_EVENT = 3, 39 SYNTH_KBD_LED_INDICATORS = 4, 40}; 41 42/* 43 * Basic message structures. 44 */ 45struct synth_kbd_msg_hdr { 46 __le32 type; 47}; 48 49struct synth_kbd_msg { 50 struct synth_kbd_msg_hdr header; 51 char data[]; /* Enclosed message */ 52}; 53 54union synth_kbd_version { 55 __le32 version; 56}; 57 58/* 59 * Protocol messages 60 */ 61struct synth_kbd_protocol_request { 62 struct synth_kbd_msg_hdr header; 63 union synth_kbd_version version_requested; 64}; 65 66#define PROTOCOL_ACCEPTED BIT(0) 67struct synth_kbd_protocol_response { 68 struct synth_kbd_msg_hdr header; 69 __le32 proto_status; 70}; 71 72#define IS_UNICODE BIT(0) 73#define IS_BREAK BIT(1) 74#define IS_E0 BIT(2) 75#define IS_E1 BIT(3) 76struct synth_kbd_keystroke { 77 struct synth_kbd_msg_hdr header; 78 __le16 make_code; 79 __le16 reserved0; 80 __le32 info; /* Additional information */ 81}; 82 83 84#define HK_MAXIMUM_MESSAGE_SIZE 256 85 86#define KBD_VSC_SEND_RING_BUFFER_SIZE (10 * PAGE_SIZE) 87#define KBD_VSC_RECV_RING_BUFFER_SIZE (10 * PAGE_SIZE) 88 89#define XTKBD_EMUL0 0xe0 90#define XTKBD_EMUL1 0xe1 91#define XTKBD_RELEASE 0x80 92 93 94/* 95 * Represents a keyboard device 96 */ 97struct hv_kbd_dev { 98 struct hv_device *hv_dev; 99 struct serio *hv_serio; 100 struct synth_kbd_protocol_request protocol_req; 101 struct synth_kbd_protocol_response protocol_resp; 102 /* Synchronize the request/response if needed */ 103 struct completion wait_event; 104 spinlock_t lock; /* protects 'started' field */ 105 bool started; 106}; 107 108static void hv_kbd_on_receive(struct hv_device *hv_dev, 109 struct synth_kbd_msg *msg, u32 msg_length) 110{ 111 struct hv_kbd_dev *kbd_dev = hv_get_drvdata(hv_dev); 112 struct synth_kbd_keystroke *ks_msg; 113 unsigned long flags; 114 u32 msg_type = __le32_to_cpu(msg->header.type); 115 u32 info; 116 u16 scan_code; 117 118 switch (msg_type) { 119 case SYNTH_KBD_PROTOCOL_RESPONSE: 120 /* 121 * Validate the information provided by the host. 122 * If the host is giving us a bogus packet, 123 * drop the packet (hoping the problem 124 * goes away). 125 */ 126 if (msg_length < sizeof(struct synth_kbd_protocol_response)) { 127 dev_err(&hv_dev->device, 128 "Illegal protocol response packet (len: %d)\n", 129 msg_length); 130 break; 131 } 132 133 memcpy(&kbd_dev->protocol_resp, msg, 134 sizeof(struct synth_kbd_protocol_response)); 135 complete(&kbd_dev->wait_event); 136 break; 137 138 case SYNTH_KBD_EVENT: 139 /* 140 * Validate the information provided by the host. 141 * If the host is giving us a bogus packet, 142 * drop the packet (hoping the problem 143 * goes away). 144 */ 145 if (msg_length < sizeof(struct synth_kbd_keystroke)) { 146 dev_err(&hv_dev->device, 147 "Illegal keyboard event packet (len: %d)\n", 148 msg_length); 149 break; 150 } 151 152 ks_msg = (struct synth_kbd_keystroke *)msg; 153 info = __le32_to_cpu(ks_msg->info); 154 155 /* 156 * Inject the information through the serio interrupt. 157 */ 158 spin_lock_irqsave(&kbd_dev->lock, flags); 159 if (kbd_dev->started) { 160 if (info & IS_E0) 161 serio_interrupt(kbd_dev->hv_serio, 162 XTKBD_EMUL0, 0); 163 if (info & IS_E1) 164 serio_interrupt(kbd_dev->hv_serio, 165 XTKBD_EMUL1, 0); 166 scan_code = __le16_to_cpu(ks_msg->make_code); 167 if (info & IS_BREAK) 168 scan_code |= XTKBD_RELEASE; 169 170 serio_interrupt(kbd_dev->hv_serio, scan_code, 0); 171 } 172 spin_unlock_irqrestore(&kbd_dev->lock, flags); 173 174 /* 175 * Only trigger a wakeup on key down, otherwise 176 * "echo freeze > /sys/power/state" can't really enter the 177 * state because the Enter-UP can trigger a wakeup at once. 178 */ 179 if (!(info & IS_BREAK)) 180 pm_wakeup_event(&hv_dev->device, 0); 181 182 break; 183 184 default: 185 dev_err(&hv_dev->device, 186 "unhandled message type %d\n", msg_type); 187 } 188} 189 190static void hv_kbd_handle_received_packet(struct hv_device *hv_dev, 191 struct vmpacket_descriptor *desc, 192 u32 bytes_recvd, 193 u64 req_id) 194{ 195 struct synth_kbd_msg *msg; 196 u32 msg_sz; 197 198 switch (desc->type) { 199 case VM_PKT_COMP: 200 break; 201 202 case VM_PKT_DATA_INBAND: 203 /* 204 * We have a packet that has "inband" data. The API used 205 * for retrieving the packet guarantees that the complete 206 * packet is read. So, minimally, we should be able to 207 * parse the payload header safely (assuming that the host 208 * can be trusted. Trusting the host seems to be a 209 * reasonable assumption because in a virtualized 210 * environment there is not whole lot you can do if you 211 * don't trust the host. 212 * 213 * Nonetheless, let us validate if the host can be trusted 214 * (in a trivial way). The interesting aspect of this 215 * validation is how do you recover if we discover that the 216 * host is not to be trusted? Simply dropping the packet, I 217 * don't think is an appropriate recovery. In the interest 218 * of failing fast, it may be better to crash the guest. 219 * For now, I will just drop the packet! 220 */ 221 222 msg_sz = bytes_recvd - (desc->offset8 << 3); 223 if (msg_sz <= sizeof(struct synth_kbd_msg_hdr)) { 224 /* 225 * Drop the packet and hope 226 * the problem magically goes away. 227 */ 228 dev_err(&hv_dev->device, 229 "Illegal packet (type: %d, tid: %llx, size: %d)\n", 230 desc->type, req_id, msg_sz); 231 break; 232 } 233 234 msg = (void *)desc + (desc->offset8 << 3); 235 hv_kbd_on_receive(hv_dev, msg, msg_sz); 236 break; 237 238 default: 239 dev_err(&hv_dev->device, 240 "unhandled packet type %d, tid %llx len %d\n", 241 desc->type, req_id, bytes_recvd); 242 break; 243 } 244} 245 246static void hv_kbd_on_channel_callback(void *context) 247{ 248 struct hv_device *hv_dev = context; 249 void *buffer; 250 int bufferlen = 0x100; /* Start with sensible size */ 251 u32 bytes_recvd; 252 u64 req_id; 253 int error; 254 255 buffer = kmalloc(bufferlen, GFP_ATOMIC); 256 if (!buffer) 257 return; 258 259 while (1) { 260 error = vmbus_recvpacket_raw(hv_dev->channel, buffer, bufferlen, 261 &bytes_recvd, &req_id); 262 switch (error) { 263 case 0: 264 if (bytes_recvd == 0) { 265 kfree(buffer); 266 return; 267 } 268 269 hv_kbd_handle_received_packet(hv_dev, buffer, 270 bytes_recvd, req_id); 271 break; 272 273 case -ENOBUFS: 274 kfree(buffer); 275 /* Handle large packet */ 276 bufferlen = bytes_recvd; 277 buffer = kmalloc(bytes_recvd, GFP_ATOMIC); 278 if (!buffer) 279 return; 280 break; 281 } 282 } 283} 284 285static int hv_kbd_connect_to_vsp(struct hv_device *hv_dev) 286{ 287 struct hv_kbd_dev *kbd_dev = hv_get_drvdata(hv_dev); 288 struct synth_kbd_protocol_request *request; 289 struct synth_kbd_protocol_response *response; 290 u32 proto_status; 291 int error; 292 293 request = &kbd_dev->protocol_req; 294 memset(request, 0, sizeof(struct synth_kbd_protocol_request)); 295 request->header.type = __cpu_to_le32(SYNTH_KBD_PROTOCOL_REQUEST); 296 request->version_requested.version = __cpu_to_le32(SYNTH_KBD_VERSION); 297 298 error = vmbus_sendpacket(hv_dev->channel, request, 299 sizeof(struct synth_kbd_protocol_request), 300 (unsigned long)request, 301 VM_PKT_DATA_INBAND, 302 VMBUS_DATA_PACKET_FLAG_COMPLETION_REQUESTED); 303 if (error) 304 return error; 305 306 if (!wait_for_completion_timeout(&kbd_dev->wait_event, 10 * HZ)) 307 return -ETIMEDOUT; 308 309 response = &kbd_dev->protocol_resp; 310 proto_status = __le32_to_cpu(response->proto_status); 311 if (!(proto_status & PROTOCOL_ACCEPTED)) { 312 dev_err(&hv_dev->device, 313 "synth_kbd protocol request failed (version %d)\n", 314 SYNTH_KBD_VERSION); 315 return -ENODEV; 316 } 317 318 return 0; 319} 320 321static int hv_kbd_start(struct serio *serio) 322{ 323 struct hv_kbd_dev *kbd_dev = serio->port_data; 324 unsigned long flags; 325 326 spin_lock_irqsave(&kbd_dev->lock, flags); 327 kbd_dev->started = true; 328 spin_unlock_irqrestore(&kbd_dev->lock, flags); 329 330 return 0; 331} 332 333static void hv_kbd_stop(struct serio *serio) 334{ 335 struct hv_kbd_dev *kbd_dev = serio->port_data; 336 unsigned long flags; 337 338 spin_lock_irqsave(&kbd_dev->lock, flags); 339 kbd_dev->started = false; 340 spin_unlock_irqrestore(&kbd_dev->lock, flags); 341} 342 343static int hv_kbd_probe(struct hv_device *hv_dev, 344 const struct hv_vmbus_device_id *dev_id) 345{ 346 struct hv_kbd_dev *kbd_dev; 347 struct serio *hv_serio; 348 int error; 349 350 kbd_dev = kzalloc(sizeof(struct hv_kbd_dev), GFP_KERNEL); 351 hv_serio = kzalloc(sizeof(struct serio), GFP_KERNEL); 352 if (!kbd_dev || !hv_serio) { 353 error = -ENOMEM; 354 goto err_free_mem; 355 } 356 357 kbd_dev->hv_dev = hv_dev; 358 kbd_dev->hv_serio = hv_serio; 359 spin_lock_init(&kbd_dev->lock); 360 init_completion(&kbd_dev->wait_event); 361 hv_set_drvdata(hv_dev, kbd_dev); 362 363 hv_serio->dev.parent = &hv_dev->device; 364 hv_serio->id.type = SERIO_8042_XL; 365 hv_serio->port_data = kbd_dev; 366 strlcpy(hv_serio->name, dev_name(&hv_dev->device), 367 sizeof(hv_serio->name)); 368 strlcpy(hv_serio->phys, dev_name(&hv_dev->device), 369 sizeof(hv_serio->phys)); 370 371 hv_serio->start = hv_kbd_start; 372 hv_serio->stop = hv_kbd_stop; 373 374 error = vmbus_open(hv_dev->channel, 375 KBD_VSC_SEND_RING_BUFFER_SIZE, 376 KBD_VSC_RECV_RING_BUFFER_SIZE, 377 NULL, 0, 378 hv_kbd_on_channel_callback, 379 hv_dev); 380 if (error) 381 goto err_free_mem; 382 383 error = hv_kbd_connect_to_vsp(hv_dev); 384 if (error) 385 goto err_close_vmbus; 386 387 serio_register_port(kbd_dev->hv_serio); 388 389 device_init_wakeup(&hv_dev->device, true); 390 391 return 0; 392 393err_close_vmbus: 394 vmbus_close(hv_dev->channel); 395err_free_mem: 396 kfree(hv_serio); 397 kfree(kbd_dev); 398 return error; 399} 400 401static int hv_kbd_remove(struct hv_device *hv_dev) 402{ 403 struct hv_kbd_dev *kbd_dev = hv_get_drvdata(hv_dev); 404 405 device_init_wakeup(&hv_dev->device, false); 406 serio_unregister_port(kbd_dev->hv_serio); 407 vmbus_close(hv_dev->channel); 408 kfree(kbd_dev); 409 410 hv_set_drvdata(hv_dev, NULL); 411 412 return 0; 413} 414 415/* 416 * Keyboard GUID 417 * {f912ad6d-2b17-48ea-bd65-f927a61c7684} 418 */ 419#define HV_KBD_GUID \ 420 .guid = { \ 421 0x6d, 0xad, 0x12, 0xf9, 0x17, 0x2b, 0xea, 0x48, \ 422 0xbd, 0x65, 0xf9, 0x27, 0xa6, 0x1c, 0x76, 0x84 \ 423 } 424 425static const struct hv_vmbus_device_id id_table[] = { 426 /* Keyboard guid */ 427 { HV_KBD_GUID, }, 428 { }, 429}; 430 431MODULE_DEVICE_TABLE(vmbus, id_table); 432 433static struct hv_driver hv_kbd_drv = { 434 .name = KBUILD_MODNAME, 435 .id_table = id_table, 436 .probe = hv_kbd_probe, 437 .remove = hv_kbd_remove, 438}; 439 440static int __init hv_kbd_init(void) 441{ 442 return vmbus_driver_register(&hv_kbd_drv); 443} 444 445static void __exit hv_kbd_exit(void) 446{ 447 vmbus_driver_unregister(&hv_kbd_drv); 448} 449 450MODULE_LICENSE("GPL"); 451module_init(hv_kbd_init); 452module_exit(hv_kbd_exit); 453