drivers/input/serio/hyperv-keyboard.c

   1 /*
   2  *  Copyright (c) 2013, Microsoft Corporation.
   3  *
   4  *  This program is free software; you can redistribute it and/or modify it
   5  *  under the terms and conditions of the GNU General Public License,
   6  *  version 2, as published by the Free Software Foundation.
   7  *
   8  *  This program is distributed in the hope it will be useful, but WITHOUT
   9  *  ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  10  *  FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
  11  *  more details.
  12  */
  13
  14 #include <linux/init.h>
  15 #include <linux/module.h>
  16 #include <linux/device.h>
  17 #include <linux/completion.h>
  18 #include <linux/hyperv.h>
  19 #include <linux/serio.h>
  20 #include <linux/slab.h>
  21
  22 /*
  23  * Current version 1.0
  24  *
  25  */
  26 #define SYNTH_KBD_VERSION_MAJOR 1
  27 #define SYNTH_KBD_VERSION_MINOR 0
  28 #define SYNTH_KBD_VERSION               (SYNTH_KBD_VERSION_MINOR | \
  29                                          (SYNTH_KBD_VERSION_MAJOR << 16))
  30
  31
  32 /*
  33  * Message types in the synthetic input protocol
  34  */
  35 enum synth_kbd_msg_type {
  36         SYNTH_KBD_PROTOCOL_REQUEST = 1,
  37         SYNTH_KBD_PROTOCOL_RESPONSE = 2,
  38         SYNTH_KBD_EVENT = 3,
  39         SYNTH_KBD_LED_INDICATORS = 4,
  40 };
  41
  42 /*
  43  * Basic message structures.
  44  */
  45 struct synth_kbd_msg_hdr {
  46         __le32 type;
  47 };
  48
  49 struct synth_kbd_msg {
  50         struct synth_kbd_msg_hdr header;
  51         char data[]; /* Enclosed message */
  52 };
  53
  54 union synth_kbd_version {
  55         __le32 version;
  56 };
  57
  58 /*
  59  * Protocol messages
  60  */
  61 struct synth_kbd_protocol_request {
  62         struct synth_kbd_msg_hdr header;
  63         union synth_kbd_version version_requested;
  64 };
  65
  66 #define PROTOCOL_ACCEPTED       BIT(0)
  67 struct synth_kbd_protocol_response {
  68         struct synth_kbd_msg_hdr header;
  69         __le32 proto_status;
  70 };
  71
  72 #define IS_UNICODE      BIT(0)
  73 #define IS_BREAK        BIT(1)
  74 #define IS_E0           BIT(2)
  75 #define IS_E1           BIT(3)
  76 struct synth_kbd_keystroke {
  77         struct synth_kbd_msg_hdr header;
  78         __le16 make_code;
  79         __le16 reserved0;
  80         __le32 info; /* Additional information */
  81 };
  82
  83
  84 #define HK_MAXIMUM_MESSAGE_SIZE 256
  85
  86 #define KBD_VSC_SEND_RING_BUFFER_SIZE           (10 * PAGE_SIZE)
  87 #define KBD_VSC_RECV_RING_BUFFER_SIZE           (10 * PAGE_SIZE)
  88
  89 #define XTKBD_EMUL0     0xe0
  90 #define XTKBD_EMUL1     0xe1
  91 #define XTKBD_RELEASE   0x80
  92
  93
  94 /*
  95  * Represents a keyboard device
  96  */
  97 struct hv_kbd_dev {
  98         struct hv_device *hv_dev;
  99         struct serio *hv_serio;
 100         struct synth_kbd_protocol_request protocol_req;
 101         struct synth_kbd_protocol_response protocol_resp;
 102         /* Synchronize the request/response if needed */
 103         struct completion wait_event;
 104         spinlock_t lock; /* protects 'started' field */
 105         bool started;
 106 };
 107
 108 static void hv_kbd_on_receive(struct hv_device *hv_dev,
 109                               struct synth_kbd_msg *msg, u32 msg_length)
 110 {
 111         struct hv_kbd_dev *kbd_dev = hv_get_drvdata(hv_dev);
 112         struct synth_kbd_keystroke *ks_msg;
 113         unsigned long flags;
 114         u32 msg_type = __le32_to_cpu(msg->header.type);
 115         u32 info;
 116         u16 scan_code;
 117
 118         switch (msg_type) {
 119         case SYNTH_KBD_PROTOCOL_RESPONSE:
 120                 /*
 121                  * Validate the information provided by the host.
 122                  * If the host is giving us a bogus packet,
 123                  * drop the packet (hoping the problem
 124                  * goes away).
 125                  */
 126                 if (msg_length < sizeof(struct synth_kbd_protocol_response)) {
 127                         dev_err(&hv_dev->device,
 128                                 "Illegal protocol response packet (len: %d)\n",
 129                                 msg_length);
 130                         break;
 131                 }
 132
 133                 memcpy(&kbd_dev->protocol_resp, msg,
 134                         sizeof(struct synth_kbd_protocol_response));
 135                 complete(&kbd_dev->wait_event);
 136                 break;
 137
 138         case SYNTH_KBD_EVENT:
 139                 /*
 140                  * Validate the information provided by the host.
 141                  * If the host is giving us a bogus packet,
 142                  * drop the packet (hoping the problem
 143                  * goes away).
 144                  */
 145                 if (msg_length < sizeof(struct  synth_kbd_keystroke)) {
 146                         dev_err(&hv_dev->device,
 147                                 "Illegal keyboard event packet (len: %d)\n",
 148                                 msg_length);
 149                         break;
 150                 }
 151
 152                 ks_msg = (struct synth_kbd_keystroke *)msg;
 153                 info = __le32_to_cpu(ks_msg->info);
 154
 155                 /*
 156                  * Inject the information through the serio interrupt.
 157                  */
 158                 spin_lock_irqsave(&kbd_dev->lock, flags);
 159                 if (kbd_dev->started) {
 160                         if (info & IS_E0)
 161                                 serio_interrupt(kbd_dev->hv_serio,
 162                                                 XTKBD_EMUL0, 0);
 163                         if (info & IS_E1)
 164                                 serio_interrupt(kbd_dev->hv_serio,
 165                                                 XTKBD_EMUL1, 0);
 166                         scan_code = __le16_to_cpu(ks_msg->make_code);
 167                         if (info & IS_BREAK)
 168                                 scan_code |= XTKBD_RELEASE;
 169
 170                         serio_interrupt(kbd_dev->hv_serio, scan_code, 0);
 171                 }
 172                 spin_unlock_irqrestore(&kbd_dev->lock, flags);
 173                 break;
 174
 175         default:
 176                 dev_err(&hv_dev->device,
 177                         "unhandled message type %d\n", msg_type);
 178         }
 179 }
 180
 181 static void hv_kbd_handle_received_packet(struct hv_device *hv_dev,
 182                                           struct vmpacket_descriptor *desc,
 183                                           u32 bytes_recvd,
 184                                           u64 req_id)
 185 {
 186         struct synth_kbd_msg *msg;
 187         u32 msg_sz;
 188
 189         switch (desc->type) {
 190         case VM_PKT_COMP:
 191                 break;
 192
 193         case VM_PKT_DATA_INBAND:
 194                 /*
 195                  * We have a packet that has "inband" data. The API used
 196                  * for retrieving the packet guarantees that the complete
 197                  * packet is read. So, minimally, we should be able to
 198                  * parse the payload header safely (assuming that the host
 199                  * can be trusted.  Trusting the host seems to be a
 200                  * reasonable assumption because in a virtualized
 201                  * environment there is not whole lot you can do if you
 202                  * don't trust the host.
 203                  *
 204                  * Nonetheless, let us validate if the host can be trusted
 205                  * (in a trivial way).  The interesting aspect of this
 206                  * validation is how do you recover if we discover that the
 207                  * host is not to be trusted? Simply dropping the packet, I
 208                  * don't think is an appropriate recovery.  In the interest
 209                  * of failing fast, it may be better to crash the guest.
 210                  * For now, I will just drop the packet!
 211                  */
 212
 213                 msg_sz = bytes_recvd - (desc->offset8 << 3);
 214                 if (msg_sz <= sizeof(struct synth_kbd_msg_hdr)) {
 215                         /*
 216                          * Drop the packet and hope
 217                          * the problem magically goes away.
 218                          */
 219                         dev_err(&hv_dev->device,
 220                                 "Illegal packet (type: %d, tid: %llx, size: %d)\n",
 221                                 desc->type, req_id, msg_sz);
 222                         break;
 223                 }
 224
 225                 msg = (void *)desc + (desc->offset8 << 3);
 226                 hv_kbd_on_receive(hv_dev, msg, msg_sz);
 227                 break;
 228
 229         default:
 230                 dev_err(&hv_dev->device,
 231                         "unhandled packet type %d, tid %llx len %d\n",
 232                         desc->type, req_id, bytes_recvd);
 233                 break;
 234         }
 235 }
 236
 237 static void hv_kbd_on_channel_callback(void *context)
 238 {
 239         struct hv_device *hv_dev = context;
 240         void *buffer;
 241         int bufferlen = 0x100; /* Start with sensible size */
 242         u32 bytes_recvd;
 243         u64 req_id;
 244         int error;
 245
 246         buffer = kmalloc(bufferlen, GFP_ATOMIC);
 247         if (!buffer)
 248                 return;
 249
 250         while (1) {
 251                 error = vmbus_recvpacket_raw(hv_dev->channel, buffer, bufferlen,
 252                                              &bytes_recvd, &req_id);
 253                 switch (error) {
 254                 case 0:
 255                         if (bytes_recvd == 0) {
 256                                 kfree(buffer);
 257                                 return;
 258                         }
 259
 260                         hv_kbd_handle_received_packet(hv_dev, buffer,
 261                                                       bytes_recvd, req_id);
 262                         break;
 263
 264                 case -ENOBUFS:
 265                         kfree(buffer);
 266                         /* Handle large packet */
 267                         bufferlen = bytes_recvd;
 268                         buffer = kmalloc(bytes_recvd, GFP_ATOMIC);
 269                         if (!buffer)
 270                                 return;
 271                         break;
 272                 }
 273         }
 274 }
 275
 276 static int hv_kbd_connect_to_vsp(struct hv_device *hv_dev)
 277 {
 278         struct hv_kbd_dev *kbd_dev = hv_get_drvdata(hv_dev);
 279         struct synth_kbd_protocol_request *request;
 280         struct synth_kbd_protocol_response *response;
 281         u32 proto_status;
 282         int error;
 283
 284         request = &kbd_dev->protocol_req;
 285         memset(request, 0, sizeof(struct synth_kbd_protocol_request));
 286         request->header.type = __cpu_to_le32(SYNTH_KBD_PROTOCOL_REQUEST);
 287         request->version_requested.version = __cpu_to_le32(SYNTH_KBD_VERSION);
 288
 289         error = vmbus_sendpacket(hv_dev->channel, request,
 290                                  sizeof(struct synth_kbd_protocol_request),
 291                                  (unsigned long)request,
 292                                  VM_PKT_DATA_INBAND,
 293                                  VMBUS_DATA_PACKET_FLAG_COMPLETION_REQUESTED);
 294         if (error)
 295                 return error;
 296
 297         if (!wait_for_completion_timeout(&kbd_dev->wait_event, 10 * HZ))
 298                 return -ETIMEDOUT;
 299
 300         response = &kbd_dev->protocol_resp;
 301         proto_status = __le32_to_cpu(response->proto_status);
 302         if (!(proto_status & PROTOCOL_ACCEPTED)) {
 303                 dev_err(&hv_dev->device,
 304                         "synth_kbd protocol request failed (version %d)\n",
 305                         SYNTH_KBD_VERSION);
 306                 return -ENODEV;
 307         }
 308
 309         return 0;
 310 }
 311
 312 static int hv_kbd_start(struct serio *serio)
 313 {
 314         struct hv_kbd_dev *kbd_dev = serio->port_data;
 315         unsigned long flags;
 316
 317         spin_lock_irqsave(&kbd_dev->lock, flags);
 318         kbd_dev->started = true;
 319         spin_unlock_irqrestore(&kbd_dev->lock, flags);
 320
 321         return 0;
 322 }
 323
 324 static void hv_kbd_stop(struct serio *serio)
 325 {
 326         struct hv_kbd_dev *kbd_dev = serio->port_data;
 327         unsigned long flags;
 328
 329         spin_lock_irqsave(&kbd_dev->lock, flags);
 330         kbd_dev->started = false;
 331         spin_unlock_irqrestore(&kbd_dev->lock, flags);
 332 }
 333
 334 static int hv_kbd_probe(struct hv_device *hv_dev,
 335                         const struct hv_vmbus_device_id *dev_id)
 336 {
 337         struct hv_kbd_dev *kbd_dev;
 338         struct serio *hv_serio;
 339         int error;
 340
 341         kbd_dev = kzalloc(sizeof(struct hv_kbd_dev), GFP_KERNEL);
 342         hv_serio = kzalloc(sizeof(struct serio), GFP_KERNEL);
 343         if (!kbd_dev || !hv_serio) {
 344                 error = -ENOMEM;
 345                 goto err_free_mem;
 346         }
 347
 348         kbd_dev->hv_dev = hv_dev;
 349         kbd_dev->hv_serio = hv_serio;
 350         spin_lock_init(&kbd_dev->lock);
 351         init_completion(&kbd_dev->wait_event);
 352         hv_set_drvdata(hv_dev, kbd_dev);
 353
 354         hv_serio->dev.parent  = &hv_dev->device;
 355         hv_serio->id.type = SERIO_8042_XL;
 356         hv_serio->port_data = kbd_dev;
 357         strlcpy(hv_serio->name, dev_name(&hv_dev->device),
 358                 sizeof(hv_serio->name));
 359         strlcpy(hv_serio->phys, dev_name(&hv_dev->device),
 360                 sizeof(hv_serio->phys));
 361
 362         hv_serio->start = hv_kbd_start;
 363         hv_serio->stop = hv_kbd_stop;
 364
 365         error = vmbus_open(hv_dev->channel,
 366                            KBD_VSC_SEND_RING_BUFFER_SIZE,
 367                            KBD_VSC_RECV_RING_BUFFER_SIZE,
 368                            NULL, 0,
 369                            hv_kbd_on_channel_callback,
 370                            hv_dev);
 371         if (error)
 372                 goto err_free_mem;
 373
 374         error = hv_kbd_connect_to_vsp(hv_dev);
 375         if (error)
 376                 goto err_close_vmbus;
 377
 378         serio_register_port(kbd_dev->hv_serio);
 379         return 0;
 380
 381 err_close_vmbus:
 382         vmbus_close(hv_dev->channel);
 383 err_free_mem:
 384         kfree(hv_serio);
 385         kfree(kbd_dev);
 386         return error;
 387 }
 388
 389 static int hv_kbd_remove(struct hv_device *hv_dev)
 390 {
 391         struct hv_kbd_dev *kbd_dev = hv_get_drvdata(hv_dev);
 392
 393         serio_unregister_port(kbd_dev->hv_serio);
 394         vmbus_close(hv_dev->channel);
 395         kfree(kbd_dev);
 396
 397         hv_set_drvdata(hv_dev, NULL);
 398
 399         return 0;
 400 }
 401
 402 /*
 403  * Keyboard GUID
 404  * {f912ad6d-2b17-48ea-bd65-f927a61c7684}
 405  */
 406 #define HV_KBD_GUID \
 407         .guid = { \
 408                         0x6d, 0xad, 0x12, 0xf9, 0x17, 0x2b, 0xea, 0x48, \
 409                         0xbd, 0x65, 0xf9, 0x27, 0xa6, 0x1c, 0x76, 0x84 \
 410         }
 411
 412 static const struct hv_vmbus_device_id id_table[] = {
 413         /* Keyboard guid */
 414         { HV_KBD_GUID, },
 415         { },
 416 };
 417
 418 MODULE_DEVICE_TABLE(vmbus, id_table);
 419
 420 static struct  hv_driver hv_kbd_drv = {
 421         .name = KBUILD_MODNAME,
 422         .id_table = id_table,
 423         .probe = hv_kbd_probe,
 424         .remove = hv_kbd_remove,
 425 };
 426
 427 static int __init hv_kbd_init(void)
 428 {
 429         return vmbus_driver_register(&hv_kbd_drv);
 430 }
 431
 432 static void __exit hv_kbd_exit(void)
 433 {
 434         vmbus_driver_unregister(&hv_kbd_drv);
 435 }
 436
 437 MODULE_LICENSE("GPL");
 438 module_init(hv_kbd_init);
 439 module_exit(hv_kbd_exit);