2 * Copyright (c) 2013, Microsoft Corporation.
4 * This program is free software; you can redistribute it and/or modify it
5 * under the terms and conditions of the GNU General Public License,
6 * version 2, as published by the Free Software Foundation.
8 * This program is distributed in the hope it will be useful, but WITHOUT
9 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
10 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
14 #include <linux/init.h>
15 #include <linux/module.h>
16 #include <linux/device.h>
17 #include <linux/completion.h>
18 #include <linux/hyperv.h>
19 #include <linux/serio.h>
20 #include <linux/slab.h>
26 #define SYNTH_KBD_VERSION_MAJOR 1
27 #define SYNTH_KBD_VERSION_MINOR 0
28 #define SYNTH_KBD_VERSION (SYNTH_KBD_VERSION_MINOR | \
29 (SYNTH_KBD_VERSION_MAJOR << 16))
33 * Message types in the synthetic input protocol
35 enum synth_kbd_msg_type {
36 SYNTH_KBD_PROTOCOL_REQUEST = 1,
37 SYNTH_KBD_PROTOCOL_RESPONSE = 2,
39 SYNTH_KBD_LED_INDICATORS = 4,
43 * Basic message structures.
45 struct synth_kbd_msg_hdr {
49 struct synth_kbd_msg {
50 struct synth_kbd_msg_hdr header;
51 char data[]; /* Enclosed message */
54 union synth_kbd_version {
61 struct synth_kbd_protocol_request {
62 struct synth_kbd_msg_hdr header;
63 union synth_kbd_version version_requested;
66 #define PROTOCOL_ACCEPTED BIT(0)
67 struct synth_kbd_protocol_response {
68 struct synth_kbd_msg_hdr header;
72 #define IS_UNICODE BIT(0)
73 #define IS_BREAK BIT(1)
76 struct synth_kbd_keystroke {
77 struct synth_kbd_msg_hdr header;
80 __le32 info; /* Additional information */
84 #define HK_MAXIMUM_MESSAGE_SIZE 256
86 #define KBD_VSC_SEND_RING_BUFFER_SIZE (10 * PAGE_SIZE)
87 #define KBD_VSC_RECV_RING_BUFFER_SIZE (10 * PAGE_SIZE)
89 #define XTKBD_EMUL0 0xe0
90 #define XTKBD_EMUL1 0xe1
91 #define XTKBD_RELEASE 0x80
95 * Represents a keyboard device
98 struct hv_device *hv_dev;
99 struct serio *hv_serio;
100 struct synth_kbd_protocol_request protocol_req;
101 struct synth_kbd_protocol_response protocol_resp;
102 /* Synchronize the request/response if needed */
103 struct completion wait_event;
104 spinlock_t lock; /* protects 'started' field */
108 static void hv_kbd_on_receive(struct hv_device *hv_dev,
109 struct synth_kbd_msg *msg, u32 msg_length)
111 struct hv_kbd_dev *kbd_dev = hv_get_drvdata(hv_dev);
112 struct synth_kbd_keystroke *ks_msg;
114 u32 msg_type = __le32_to_cpu(msg->header.type);
119 case SYNTH_KBD_PROTOCOL_RESPONSE:
121 * Validate the information provided by the host.
122 * If the host is giving us a bogus packet,
123 * drop the packet (hoping the problem
126 if (msg_length < sizeof(struct synth_kbd_protocol_response)) {
127 dev_err(&hv_dev->device,
128 "Illegal protocol response packet (len: %d)\n",
133 memcpy(&kbd_dev->protocol_resp, msg,
134 sizeof(struct synth_kbd_protocol_response));
135 complete(&kbd_dev->wait_event);
138 case SYNTH_KBD_EVENT:
140 * Validate the information provided by the host.
141 * If the host is giving us a bogus packet,
142 * drop the packet (hoping the problem
145 if (msg_length < sizeof(struct synth_kbd_keystroke)) {
146 dev_err(&hv_dev->device,
147 "Illegal keyboard event packet (len: %d)\n",
152 ks_msg = (struct synth_kbd_keystroke *)msg;
153 info = __le32_to_cpu(ks_msg->info);
156 * Inject the information through the serio interrupt.
158 spin_lock_irqsave(&kbd_dev->lock, flags);
159 if (kbd_dev->started) {
161 serio_interrupt(kbd_dev->hv_serio,
164 scan_code = __le16_to_cpu(ks_msg->make_code);
166 scan_code |= XTKBD_RELEASE;
168 serio_interrupt(kbd_dev->hv_serio, scan_code, 0);
170 spin_unlock_irqrestore(&kbd_dev->lock, flags);
174 dev_err(&hv_dev->device,
175 "unhandled message type %d\n", msg_type);
179 static void hv_kbd_handle_received_packet(struct hv_device *hv_dev,
180 struct vmpacket_descriptor *desc,
184 struct synth_kbd_msg *msg;
187 switch (desc->type) {
191 case VM_PKT_DATA_INBAND:
193 * We have a packet that has "inband" data. The API used
194 * for retrieving the packet guarantees that the complete
195 * packet is read. So, minimally, we should be able to
196 * parse the payload header safely (assuming that the host
197 * can be trusted. Trusting the host seems to be a
198 * reasonable assumption because in a virtualized
199 * environment there is not whole lot you can do if you
200 * don't trust the host.
202 * Nonetheless, let us validate if the host can be trusted
203 * (in a trivial way). The interesting aspect of this
204 * validation is how do you recover if we discover that the
205 * host is not to be trusted? Simply dropping the packet, I
206 * don't think is an appropriate recovery. In the interest
207 * of failing fast, it may be better to crash the guest.
208 * For now, I will just drop the packet!
211 msg_sz = bytes_recvd - (desc->offset8 << 3);
212 if (msg_sz <= sizeof(struct synth_kbd_msg_hdr)) {
214 * Drop the packet and hope
215 * the problem magically goes away.
217 dev_err(&hv_dev->device,
218 "Illegal packet (type: %d, tid: %llx, size: %d)\n",
219 desc->type, req_id, msg_sz);
223 msg = (void *)desc + (desc->offset8 << 3);
224 hv_kbd_on_receive(hv_dev, msg, msg_sz);
228 dev_err(&hv_dev->device,
229 "unhandled packet type %d, tid %llx len %d\n",
230 desc->type, req_id, bytes_recvd);
235 static void hv_kbd_on_channel_callback(void *context)
237 struct hv_device *hv_dev = context;
239 int bufferlen = 0x100; /* Start with sensible size */
244 buffer = kmalloc(bufferlen, GFP_ATOMIC);
249 error = vmbus_recvpacket_raw(hv_dev->channel, buffer, bufferlen,
250 &bytes_recvd, &req_id);
253 if (bytes_recvd == 0) {
258 hv_kbd_handle_received_packet(hv_dev, buffer,
259 bytes_recvd, req_id);
264 /* Handle large packet */
265 bufferlen = bytes_recvd;
266 buffer = kmalloc(bytes_recvd, GFP_ATOMIC);
274 static int hv_kbd_connect_to_vsp(struct hv_device *hv_dev)
276 struct hv_kbd_dev *kbd_dev = hv_get_drvdata(hv_dev);
277 struct synth_kbd_protocol_request *request;
278 struct synth_kbd_protocol_response *response;
282 request = &kbd_dev->protocol_req;
283 memset(request, 0, sizeof(struct synth_kbd_protocol_request));
284 request->header.type = __cpu_to_le32(SYNTH_KBD_PROTOCOL_REQUEST);
285 request->version_requested.version = __cpu_to_le32(SYNTH_KBD_VERSION);
287 error = vmbus_sendpacket(hv_dev->channel, request,
288 sizeof(struct synth_kbd_protocol_request),
289 (unsigned long)request,
291 VMBUS_DATA_PACKET_FLAG_COMPLETION_REQUESTED);
295 if (!wait_for_completion_timeout(&kbd_dev->wait_event, 10 * HZ))
298 response = &kbd_dev->protocol_resp;
299 proto_status = __le32_to_cpu(response->proto_status);
300 if (!(proto_status & PROTOCOL_ACCEPTED)) {
301 dev_err(&hv_dev->device,
302 "synth_kbd protocol request failed (version %d)\n",
310 static int hv_kbd_start(struct serio *serio)
312 struct hv_kbd_dev *kbd_dev = serio->port_data;
315 spin_lock_irqsave(&kbd_dev->lock, flags);
316 kbd_dev->started = true;
317 spin_unlock_irqrestore(&kbd_dev->lock, flags);
322 static void hv_kbd_stop(struct serio *serio)
324 struct hv_kbd_dev *kbd_dev = serio->port_data;
327 spin_lock_irqsave(&kbd_dev->lock, flags);
328 kbd_dev->started = false;
329 spin_unlock_irqrestore(&kbd_dev->lock, flags);
332 static int hv_kbd_probe(struct hv_device *hv_dev,
333 const struct hv_vmbus_device_id *dev_id)
335 struct hv_kbd_dev *kbd_dev;
336 struct serio *hv_serio;
339 kbd_dev = kzalloc(sizeof(struct hv_kbd_dev), GFP_KERNEL);
340 hv_serio = kzalloc(sizeof(struct serio), GFP_KERNEL);
341 if (!kbd_dev || !hv_serio) {
346 kbd_dev->hv_dev = hv_dev;
347 kbd_dev->hv_serio = hv_serio;
348 spin_lock_init(&kbd_dev->lock);
349 init_completion(&kbd_dev->wait_event);
350 hv_set_drvdata(hv_dev, kbd_dev);
352 hv_serio->dev.parent = &hv_dev->device;
353 hv_serio->id.type = SERIO_8042_XL;
354 hv_serio->port_data = kbd_dev;
355 strlcpy(hv_serio->name, dev_name(&hv_dev->device),
356 sizeof(hv_serio->name));
357 strlcpy(hv_serio->phys, dev_name(&hv_dev->device),
358 sizeof(hv_serio->phys));
360 hv_serio->start = hv_kbd_start;
361 hv_serio->stop = hv_kbd_stop;
363 error = vmbus_open(hv_dev->channel,
364 KBD_VSC_SEND_RING_BUFFER_SIZE,
365 KBD_VSC_RECV_RING_BUFFER_SIZE,
367 hv_kbd_on_channel_callback,
372 error = hv_kbd_connect_to_vsp(hv_dev);
374 goto err_close_vmbus;
376 serio_register_port(kbd_dev->hv_serio);
380 vmbus_close(hv_dev->channel);
387 static int hv_kbd_remove(struct hv_device *hv_dev)
389 struct hv_kbd_dev *kbd_dev = hv_get_drvdata(hv_dev);
391 serio_unregister_port(kbd_dev->hv_serio);
392 vmbus_close(hv_dev->channel);
395 hv_set_drvdata(hv_dev, NULL);
402 * {f912ad6d-2b17-48ea-bd65-f927a61c7684}
404 #define HV_KBD_GUID \
406 0x6d, 0xad, 0x12, 0xf9, 0x17, 0x2b, 0xea, 0x48, \
407 0xbd, 0x65, 0xf9, 0x27, 0xa6, 0x1c, 0x76, 0x84 \
410 static const struct hv_vmbus_device_id id_table[] = {
416 MODULE_DEVICE_TABLE(vmbus, id_table);
418 static struct hv_driver hv_kbd_drv = {
419 .name = KBUILD_MODNAME,
420 .id_table = id_table,
421 .probe = hv_kbd_probe,
422 .remove = hv_kbd_remove,
425 static int __init hv_kbd_init(void)
427 return vmbus_driver_register(&hv_kbd_drv);
430 static void __exit hv_kbd_exit(void)
432 vmbus_driver_unregister(&hv_kbd_drv);
435 MODULE_LICENSE("GPL");
436 module_init(hv_kbd_init);
437 module_exit(hv_kbd_exit);