LXR linux/drivers/input/serio/hyperv-keyboard.c

   1// SPDX-License-Identifier: GPL-2.0-only
   2/*
   3 *  Copyright (c) 2013, Microsoft Corporation.
   4 */
   5
   6#include <linux/init.h>
   7#include <linux/module.h>
   8#include <linux/device.h>
   9#include <linux/completion.h>
  10#include <linux/hyperv.h>
  11#include <linux/serio.h>
  12#include <linux/slab.h>
  13
  14/*
  15 * Current version 1.0
  16 *
  17 */
  18#define SYNTH_KBD_VERSION_MAJOR 1
  19#define SYNTH_KBD_VERSION_MINOR 0
  20#define SYNTH_KBD_VERSION               (SYNTH_KBD_VERSION_MINOR | \
  21                                         (SYNTH_KBD_VERSION_MAJOR << 16))
  22
  23
  24/*
  25 * Message types in the synthetic input protocol
  26 */
  27enum synth_kbd_msg_type {
  28        SYNTH_KBD_PROTOCOL_REQUEST = 1,
  29        SYNTH_KBD_PROTOCOL_RESPONSE = 2,
  30        SYNTH_KBD_EVENT = 3,
  31        SYNTH_KBD_LED_INDICATORS = 4,
  32};
  33
  34/*
  35 * Basic message structures.
  36 */
  37struct synth_kbd_msg_hdr {
  38        __le32 type;
  39};
  40
  41struct synth_kbd_msg {
  42        struct synth_kbd_msg_hdr header;
  43        char data[]; /* Enclosed message */
  44};
  45
  46union synth_kbd_version {
  47        __le32 version;
  48};
  49
  50/*
  51 * Protocol messages
  52 */
  53struct synth_kbd_protocol_request {
  54        struct synth_kbd_msg_hdr header;
  55        union synth_kbd_version version_requested;
  56};
  57
  58#define PROTOCOL_ACCEPTED       BIT(0)
  59struct synth_kbd_protocol_response {
  60        struct synth_kbd_msg_hdr header;
  61        __le32 proto_status;
  62};
  63
  64#define IS_UNICODE      BIT(0)
  65#define IS_BREAK        BIT(1)
  66#define IS_E0           BIT(2)
  67#define IS_E1           BIT(3)
  68struct synth_kbd_keystroke {
  69        struct synth_kbd_msg_hdr header;
  70        __le16 make_code;
  71        __le16 reserved0;
  72        __le32 info; /* Additional information */
  73};
  74
  75
  76#define HK_MAXIMUM_MESSAGE_SIZE 256
  77
  78#define KBD_VSC_SEND_RING_BUFFER_SIZE           (10 * PAGE_SIZE)
  79#define KBD_VSC_RECV_RING_BUFFER_SIZE           (10 * PAGE_SIZE)
  80
  81#define XTKBD_EMUL0     0xe0
  82#define XTKBD_EMUL1     0xe1
  83#define XTKBD_RELEASE   0x80
  84
  85
  86/*
  87 * Represents a keyboard device
  88 */
  89struct hv_kbd_dev {
  90        struct hv_device *hv_dev;
  91        struct serio *hv_serio;
  92        struct synth_kbd_protocol_request protocol_req;
  93        struct synth_kbd_protocol_response protocol_resp;
  94        /* Synchronize the request/response if needed */
  95        struct completion wait_event;
  96        spinlock_t lock; /* protects 'started' field */
  97        bool started;
  98};
  99
 100static void hv_kbd_on_receive(struct hv_device *hv_dev,
 101                              struct synth_kbd_msg *msg, u32 msg_length)
 102{
 103        struct hv_kbd_dev *kbd_dev = hv_get_drvdata(hv_dev);
 104        struct synth_kbd_keystroke *ks_msg;
 105        unsigned long flags;
 106        u32 msg_type = __le32_to_cpu(msg->header.type);
 107        u32 info;
 108        u16 scan_code;
 109
 110        switch (msg_type) {
 111        case SYNTH_KBD_PROTOCOL_RESPONSE:
 112                /*
 113                 * Validate the information provided by the host.
 114                 * If the host is giving us a bogus packet,
 115                 * drop the packet (hoping the problem
 116                 * goes away).
 117                 */
 118                if (msg_length < sizeof(struct synth_kbd_protocol_response)) {
 119                        dev_err(&hv_dev->device,
 120                                "Illegal protocol response packet (len: %d)\n",
 121                                msg_length);
 122                        break;
 123                }
 124
 125                memcpy(&kbd_dev->protocol_resp, msg,
 126                        sizeof(struct synth_kbd_protocol_response));
 127                complete(&kbd_dev->wait_event);
 128                break;
 129
 130        case SYNTH_KBD_EVENT:
 131                /*
 132                 * Validate the information provided by the host.
 133                 * If the host is giving us a bogus packet,
 134                 * drop the packet (hoping the problem
 135                 * goes away).
 136                 */
 137                if (msg_length < sizeof(struct  synth_kbd_keystroke)) {
 138                        dev_err(&hv_dev->device,
 139                                "Illegal keyboard event packet (len: %d)\n",
 140                                msg_length);
 141                        break;
 142                }
 143
 144                ks_msg = (struct synth_kbd_keystroke *)msg;
 145                info = __le32_to_cpu(ks_msg->info);
 146
 147                /*
 148                 * Inject the information through the serio interrupt.
 149                 */
 150                spin_lock_irqsave(&kbd_dev->lock, flags);
 151                if (kbd_dev->started) {
 152                        if (info & IS_E0)
 153                                serio_interrupt(kbd_dev->hv_serio,
 154                                                XTKBD_EMUL0, 0);
 155                        if (info & IS_E1)
 156                                serio_interrupt(kbd_dev->hv_serio,
 157                                                XTKBD_EMUL1, 0);
 158                        scan_code = __le16_to_cpu(ks_msg->make_code);
 159                        if (info & IS_BREAK)
 160                                scan_code |= XTKBD_RELEASE;
 161
 162                        serio_interrupt(kbd_dev->hv_serio, scan_code, 0);
 163                }
 164                spin_unlock_irqrestore(&kbd_dev->lock, flags);
 165
 166                /*
 167                 * Only trigger a wakeup on key down, otherwise
 168                 * "echo freeze > /sys/power/state" can't really enter the
 169                 * state because the Enter-UP can trigger a wakeup at once.
 170                 */
 171                if (!(info & IS_BREAK))
 172                        pm_wakeup_hard_event(&hv_dev->device);
 173
 174                break;
 175
 176        default:
 177                dev_err(&hv_dev->device,
 178                        "unhandled message type %d\n", msg_type);
 179        }
 180}
 181
 182static void hv_kbd_handle_received_packet(struct hv_device *hv_dev,
 183                                          struct vmpacket_descriptor *desc,
 184                                          u32 bytes_recvd,
 185                                          u64 req_id)
 186{
 187        struct synth_kbd_msg *msg;
 188        u32 msg_sz;
 189
 190        switch (desc->type) {
 191        case VM_PKT_COMP:
 192                break;
 193
 194        case VM_PKT_DATA_INBAND:
 195                /*
 196                 * We have a packet that has "inband" data. The API used
 197                 * for retrieving the packet guarantees that the complete
 198                 * packet is read. So, minimally, we should be able to
 199                 * parse the payload header safely (assuming that the host
 200                 * can be trusted.  Trusting the host seems to be a
 201                 * reasonable assumption because in a virtualized
 202                 * environment there is not whole lot you can do if you
 203                 * don't trust the host.
 204                 *
 205                 * Nonetheless, let us validate if the host can be trusted
 206                 * (in a trivial way).  The interesting aspect of this
 207                 * validation is how do you recover if we discover that the
 208                 * host is not to be trusted? Simply dropping the packet, I
 209                 * don't think is an appropriate recovery.  In the interest
 210                 * of failing fast, it may be better to crash the guest.
 211                 * For now, I will just drop the packet!
 212                 */
 213
 214                msg_sz = bytes_recvd - (desc->offset8 << 3);
 215                if (msg_sz <= sizeof(struct synth_kbd_msg_hdr)) {
 216                        /*
 217                         * Drop the packet and hope
 218                         * the problem magically goes away.
 219                         */
 220                        dev_err(&hv_dev->device,
 221                                "Illegal packet (type: %d, tid: %llx, size: %d)\n",
 222                                desc->type, req_id, msg_sz);
 223                        break;
 224                }
 225
 226                msg = (void *)desc + (desc->offset8 << 3);
 227                hv_kbd_on_receive(hv_dev, msg, msg_sz);
 228                break;
 229
 230        default:
 231                dev_err(&hv_dev->device,
 232                        "unhandled packet type %d, tid %llx len %d\n",
 233                        desc->type, req_id, bytes_recvd);
 234                break;
 235        }
 236}
 237
 238static void hv_kbd_on_channel_callback(void *context)
 239{
 240        struct hv_device *hv_dev = context;
 241        void *buffer;
 242        int bufferlen = 0x100; /* Start with sensible size */
 243        u32 bytes_recvd;
 244        u64 req_id;
 245        int error;
 246
 247        buffer = kmalloc(bufferlen, GFP_ATOMIC);
 248        if (!buffer)
 249                return;
 250
 251        while (1) {
 252                error = vmbus_recvpacket_raw(hv_dev->channel, buffer, bufferlen,
 253                                             &bytes_recvd, &req_id);
 254                switch (error) {
 255                case 0:
 256                        if (bytes_recvd == 0) {
 257                                kfree(buffer);
 258                                return;
 259                        }
 260
 261                        hv_kbd_handle_received_packet(hv_dev, buffer,
 262                                                      bytes_recvd, req_id);
 263                        break;
 264
 265                case -ENOBUFS:
 266                        kfree(buffer);
 267                        /* Handle large packet */
 268                        bufferlen = bytes_recvd;
 269                        buffer = kmalloc(bytes_recvd, GFP_ATOMIC);
 270                        if (!buffer)
 271                                return;
 272                        break;
 273                }
 274        }
 275}
 276
 277static int hv_kbd_connect_to_vsp(struct hv_device *hv_dev)
 278{
 279        struct hv_kbd_dev *kbd_dev = hv_get_drvdata(hv_dev);
 280        struct synth_kbd_protocol_request *request;
 281        struct synth_kbd_protocol_response *response;
 282        u32 proto_status;
 283        int error;
 284
 285        request = &kbd_dev->protocol_req;
 286        memset(request, 0, sizeof(struct synth_kbd_protocol_request));
 287        request->header.type = __cpu_to_le32(SYNTH_KBD_PROTOCOL_REQUEST);
 288        request->version_requested.version = __cpu_to_le32(SYNTH_KBD_VERSION);
 289
 290        error = vmbus_sendpacket(hv_dev->channel, request,
 291                                 sizeof(struct synth_kbd_protocol_request),
 292                                 (unsigned long)request,
 293                                 VM_PKT_DATA_INBAND,
 294                                 VMBUS_DATA_PACKET_FLAG_COMPLETION_REQUESTED);
 295        if (error)
 296                return error;
 297
 298        if (!wait_for_completion_timeout(&kbd_dev->wait_event, 10 * HZ))
 299                return -ETIMEDOUT;
 300
 301        response = &kbd_dev->protocol_resp;
 302        proto_status = __le32_to_cpu(response->proto_status);
 303        if (!(proto_status & PROTOCOL_ACCEPTED)) {
 304                dev_err(&hv_dev->device,
 305                        "synth_kbd protocol request failed (version %d)\n",
 306                        SYNTH_KBD_VERSION);
 307                return -ENODEV;
 308        }
 309
 310        return 0;
 311}
 312
 313static int hv_kbd_start(struct serio *serio)
 314{
 315        struct hv_kbd_dev *kbd_dev = serio->port_data;
 316        unsigned long flags;
 317
 318        spin_lock_irqsave(&kbd_dev->lock, flags);
 319        kbd_dev->started = true;
 320        spin_unlock_irqrestore(&kbd_dev->lock, flags);
 321
 322        return 0;
 323}
 324
 325static void hv_kbd_stop(struct serio *serio)
 326{
 327        struct hv_kbd_dev *kbd_dev = serio->port_data;
 328        unsigned long flags;
 329
 330        spin_lock_irqsave(&kbd_dev->lock, flags);
 331        kbd_dev->started = false;
 332        spin_unlock_irqrestore(&kbd_dev->lock, flags);
 333}
 334
 335static int hv_kbd_probe(struct hv_device *hv_dev,
 336                        const struct hv_vmbus_device_id *dev_id)
 337{
 338        struct hv_kbd_dev *kbd_dev;
 339        struct serio *hv_serio;
 340        int error;
 341
 342        kbd_dev = kzalloc(sizeof(struct hv_kbd_dev), GFP_KERNEL);
 343        hv_serio = kzalloc(sizeof(struct serio), GFP_KERNEL);
 344        if (!kbd_dev || !hv_serio) {
 345                error = -ENOMEM;
 346                goto err_free_mem;
 347        }
 348
 349        kbd_dev->hv_dev = hv_dev;
 350        kbd_dev->hv_serio = hv_serio;
 351        spin_lock_init(&kbd_dev->lock);
 352        init_completion(&kbd_dev->wait_event);
 353        hv_set_drvdata(hv_dev, kbd_dev);
 354
 355        hv_serio->dev.parent  = &hv_dev->device;
 356        hv_serio->id.type = SERIO_8042_XL;
 357        hv_serio->port_data = kbd_dev;
 358        strlcpy(hv_serio->name, dev_name(&hv_dev->device),
 359                sizeof(hv_serio->name));
 360        strlcpy(hv_serio->phys, dev_name(&hv_dev->device),
 361                sizeof(hv_serio->phys));
 362
 363        hv_serio->start = hv_kbd_start;
 364        hv_serio->stop = hv_kbd_stop;
 365
 366        error = vmbus_open(hv_dev->channel,
 367                           KBD_VSC_SEND_RING_BUFFER_SIZE,
 368                           KBD_VSC_RECV_RING_BUFFER_SIZE,
 369                           NULL, 0,
 370                           hv_kbd_on_channel_callback,
 371                           hv_dev);
 372        if (error)
 373                goto err_free_mem;
 374
 375        error = hv_kbd_connect_to_vsp(hv_dev);
 376        if (error)
 377                goto err_close_vmbus;
 378
 379        serio_register_port(kbd_dev->hv_serio);
 380
 381        device_init_wakeup(&hv_dev->device, true);
 382
 383        return 0;
 384
 385err_close_vmbus:
 386        vmbus_close(hv_dev->channel);
 387err_free_mem:
 388        kfree(hv_serio);
 389        kfree(kbd_dev);
 390        return error;
 391}
 392
 393static int hv_kbd_remove(struct hv_device *hv_dev)
 394{
 395        struct hv_kbd_dev *kbd_dev = hv_get_drvdata(hv_dev);
 396
 397        serio_unregister_port(kbd_dev->hv_serio);
 398        vmbus_close(hv_dev->channel);
 399        kfree(kbd_dev);
 400
 401        hv_set_drvdata(hv_dev, NULL);
 402
 403        return 0;
 404}
 405
 406static const struct hv_vmbus_device_id id_table[] = {
 407        /* Keyboard guid */
 408        { HV_KBD_GUID, },
 409        { },
 410};
 411
 412MODULE_DEVICE_TABLE(vmbus, id_table);
 413
 414static struct  hv_driver hv_kbd_drv = {
 415        .name = KBUILD_MODNAME,
 416        .id_table = id_table,
 417        .probe = hv_kbd_probe,
 418        .remove = hv_kbd_remove,
 419        .driver = {
 420                .probe_type = PROBE_PREFER_ASYNCHRONOUS,
 421        },
 422};
 423
 424static int __init hv_kbd_init(void)
 425{
 426        return vmbus_driver_register(&hv_kbd_drv);
 427}
 428
 429static void __exit hv_kbd_exit(void)
 430{
 431        vmbus_driver_unregister(&hv_kbd_drv);
 432}
 433
 434MODULE_LICENSE("GPL");
 435MODULE_DESCRIPTION("Microsoft Hyper-V Synthetic Keyboard Driver");
 436
 437module_init(hv_kbd_init);
 438module_exit(hv_kbd_exit);
 439