input/serio/hyperv-keyboard.c

0001 // SPDX-License-Identifier: GPL-2.0-only
0002 /*
0003  *  Copyright (c) 2013, Microsoft Corporation.
0004  */
0005
0006 #include <linux/init.h>
0007 #include <linux/module.h>
0008 #include <linux/device.h>
0009 #include <linux/completion.h>
0010 #include <linux/hyperv.h>
0011 #include <linux/serio.h>
0012 #include <linux/slab.h>
0013
0014 /*
0015  * Current version 1.0
0016  *
0017  */
0018 #define SYNTH_KBD_VERSION_MAJOR 1
0019 #define SYNTH_KBD_VERSION_MINOR 0
0020 #define SYNTH_KBD_VERSION       (SYNTH_KBD_VERSION_MINOR | \
0021                      (SYNTH_KBD_VERSION_MAJOR << 16))
0022
0023
0024 /*
0025  * Message types in the synthetic input protocol
0026  */
0027 enum synth_kbd_msg_type {
0028     SYNTH_KBD_PROTOCOL_REQUEST = 1,
0029     SYNTH_KBD_PROTOCOL_RESPONSE = 2,
0030     SYNTH_KBD_EVENT = 3,
0031     SYNTH_KBD_LED_INDICATORS = 4,
0032 };
0033
0034 /*
0035  * Basic message structures.
0036  */
0037 struct synth_kbd_msg_hdr {
0038     __le32 type;
0039 };
0040
0041 struct synth_kbd_msg {
0042     struct synth_kbd_msg_hdr header;
0043     char data[]; /* Enclosed message */
0044 };
0045
0046 union synth_kbd_version {
0047     __le32 version;
0048 };
0049
0050 /*
0051  * Protocol messages
0052  */
0053 struct synth_kbd_protocol_request {
0054     struct synth_kbd_msg_hdr header;
0055     union synth_kbd_version version_requested;
0056 };
0057
0058 #define PROTOCOL_ACCEPTED   BIT(0)
0059 struct synth_kbd_protocol_response {
0060     struct synth_kbd_msg_hdr header;
0061     __le32 proto_status;
0062 };
0063
0064 #define IS_UNICODE  BIT(0)
0065 #define IS_BREAK    BIT(1)
0066 #define IS_E0       BIT(2)
0067 #define IS_E1       BIT(3)
0068 struct synth_kbd_keystroke {
0069     struct synth_kbd_msg_hdr header;
0070     __le16 make_code;
0071     __le16 reserved0;
0072     __le32 info; /* Additional information */
0073 };
0074
0075
0076 #define HK_MAXIMUM_MESSAGE_SIZE 256
0077
0078 #define KBD_VSC_SEND_RING_BUFFER_SIZE   VMBUS_RING_SIZE(36 * 1024)
0079 #define KBD_VSC_RECV_RING_BUFFER_SIZE   VMBUS_RING_SIZE(36 * 1024)
0080
0081 #define XTKBD_EMUL0     0xe0
0082 #define XTKBD_EMUL1     0xe1
0083 #define XTKBD_RELEASE   0x80
0084
0085
0086 /*
0087  * Represents a keyboard device
0088  */
0089 struct hv_kbd_dev {
0090     struct hv_device *hv_dev;
0091     struct serio *hv_serio;
0092     struct synth_kbd_protocol_request protocol_req;
0093     struct synth_kbd_protocol_response protocol_resp;
0094     /* Synchronize the request/response if needed */
0095     struct completion wait_event;
0096     spinlock_t lock; /* protects 'started' field */
0097     bool started;
0098 };
0099
0100 static void hv_kbd_on_receive(struct hv_device *hv_dev,
0101                   struct synth_kbd_msg *msg, u32 msg_length)
0102 {
0103     struct hv_kbd_dev *kbd_dev = hv_get_drvdata(hv_dev);
0104     struct synth_kbd_keystroke *ks_msg;
0105     unsigned long flags;
0106     u32 msg_type = __le32_to_cpu(msg->header.type);
0107     u32 info;
0108     u16 scan_code;
0109
0110     switch (msg_type) {
0111     case SYNTH_KBD_PROTOCOL_RESPONSE:
0112         /*
0113          * Validate the information provided by the host.
0114          * If the host is giving us a bogus packet,
0115          * drop the packet (hoping the problem
0116          * goes away).
0117          */
0118         if (msg_length < sizeof(struct synth_kbd_protocol_response)) {
0119             dev_err(&hv_dev->device,
0120                 "Illegal protocol response packet (len: %d)\n",
0121                 msg_length);
0122             break;
0123         }
0124
0125         memcpy(&kbd_dev->protocol_resp, msg,
0126             sizeof(struct synth_kbd_protocol_response));
0127         complete(&kbd_dev->wait_event);
0128         break;
0129
0130     case SYNTH_KBD_EVENT:
0131         /*
0132          * Validate the information provided by the host.
0133          * If the host is giving us a bogus packet,
0134          * drop the packet (hoping the problem
0135          * goes away).
0136          */
0137         if (msg_length < sizeof(struct  synth_kbd_keystroke)) {
0138             dev_err(&hv_dev->device,
0139                 "Illegal keyboard event packet (len: %d)\n",
0140                 msg_length);
0141             break;
0142         }
0143
0144         ks_msg = (struct synth_kbd_keystroke *)msg;
0145         info = __le32_to_cpu(ks_msg->info);
0146
0147         /*
0148          * Inject the information through the serio interrupt.
0149          */
0150         spin_lock_irqsave(&kbd_dev->lock, flags);
0151         if (kbd_dev->started) {
0152             if (info & IS_E0)
0153                 serio_interrupt(kbd_dev->hv_serio,
0154                         XTKBD_EMUL0, 0);
0155             if (info & IS_E1)
0156                 serio_interrupt(kbd_dev->hv_serio,
0157                         XTKBD_EMUL1, 0);
0158             scan_code = __le16_to_cpu(ks_msg->make_code);
0159             if (info & IS_BREAK)
0160                 scan_code |= XTKBD_RELEASE;
0161
0162             serio_interrupt(kbd_dev->hv_serio, scan_code, 0);
0163         }
0164         spin_unlock_irqrestore(&kbd_dev->lock, flags);
0165
0166         /*
0167          * Only trigger a wakeup on key down, otherwise
0168          * "echo freeze > /sys/power/state" can't really enter the
0169          * state because the Enter-UP can trigger a wakeup at once.
0170          */
0171         if (!(info & IS_BREAK))
0172             pm_wakeup_hard_event(&hv_dev->device);
0173
0174         break;
0175
0176     default:
0177         dev_err(&hv_dev->device,
0178             "unhandled message type %d\n", msg_type);
0179     }
0180 }
0181
0182 static void hv_kbd_handle_received_packet(struct hv_device *hv_dev,
0183                       struct vmpacket_descriptor *desc,
0184                       u32 bytes_recvd,
0185                       u64 req_id)
0186 {
0187     struct synth_kbd_msg *msg;
0188     u32 msg_sz;
0189
0190     switch (desc->type) {
0191     case VM_PKT_COMP:
0192         break;
0193
0194     case VM_PKT_DATA_INBAND:
0195         /*
0196          * We have a packet that has "inband" data. The API used
0197          * for retrieving the packet guarantees that the complete
0198          * packet is read. So, minimally, we should be able to
0199          * parse the payload header safely (assuming that the host
0200          * can be trusted.  Trusting the host seems to be a
0201          * reasonable assumption because in a virtualized
0202          * environment there is not whole lot you can do if you
0203          * don't trust the host.
0204          *
0205          * Nonetheless, let us validate if the host can be trusted
0206          * (in a trivial way).  The interesting aspect of this
0207          * validation is how do you recover if we discover that the
0208          * host is not to be trusted? Simply dropping the packet, I
0209          * don't think is an appropriate recovery.  In the interest
0210          * of failing fast, it may be better to crash the guest.
0211          * For now, I will just drop the packet!
0212          */
0213
0214         msg_sz = bytes_recvd - (desc->offset8 << 3);
0215         if (msg_sz <= sizeof(struct synth_kbd_msg_hdr)) {
0216             /*
0217              * Drop the packet and hope
0218              * the problem magically goes away.
0219              */
0220             dev_err(&hv_dev->device,
0221                 "Illegal packet (type: %d, tid: %llx, size: %d)\n",
0222                 desc->type, req_id, msg_sz);
0223             break;
0224         }
0225
0226         msg = (void *)desc + (desc->offset8 << 3);
0227         hv_kbd_on_receive(hv_dev, msg, msg_sz);
0228         break;
0229
0230     default:
0231         dev_err(&hv_dev->device,
0232             "unhandled packet type %d, tid %llx len %d\n",
0233             desc->type, req_id, bytes_recvd);
0234         break;
0235     }
0236 }
0237
0238 static void hv_kbd_on_channel_callback(void *context)
0239 {
0240     struct vmpacket_descriptor *desc;
0241     struct hv_device *hv_dev = context;
0242     u32 bytes_recvd;
0243     u64 req_id;
0244
0245     foreach_vmbus_pkt(desc, hv_dev->channel) {
0246         bytes_recvd = desc->len8 * 8;
0247         req_id = desc->trans_id;
0248
0249         hv_kbd_handle_received_packet(hv_dev, desc, bytes_recvd,
0250                           req_id);
0251     }
0252 }
0253
0254 static int hv_kbd_connect_to_vsp(struct hv_device *hv_dev)
0255 {
0256     struct hv_kbd_dev *kbd_dev = hv_get_drvdata(hv_dev);
0257     struct synth_kbd_protocol_request *request;
0258     struct synth_kbd_protocol_response *response;
0259     u32 proto_status;
0260     int error;
0261
0262     reinit_completion(&kbd_dev->wait_event);
0263
0264     request = &kbd_dev->protocol_req;
0265     memset(request, 0, sizeof(struct synth_kbd_protocol_request));
0266     request->header.type = __cpu_to_le32(SYNTH_KBD_PROTOCOL_REQUEST);
0267     request->version_requested.version = __cpu_to_le32(SYNTH_KBD_VERSION);
0268
0269     error = vmbus_sendpacket(hv_dev->channel, request,
0270                  sizeof(struct synth_kbd_protocol_request),
0271                  (unsigned long)request,
0272                  VM_PKT_DATA_INBAND,
0273                  VMBUS_DATA_PACKET_FLAG_COMPLETION_REQUESTED);
0274     if (error)
0275         return error;
0276
0277     if (!wait_for_completion_timeout(&kbd_dev->wait_event, 10 * HZ))
0278         return -ETIMEDOUT;
0279
0280     response = &kbd_dev->protocol_resp;
0281     proto_status = __le32_to_cpu(response->proto_status);
0282     if (!(proto_status & PROTOCOL_ACCEPTED)) {
0283         dev_err(&hv_dev->device,
0284             "synth_kbd protocol request failed (version %d)\n",
0285                 SYNTH_KBD_VERSION);
0286         return -ENODEV;
0287     }
0288
0289     return 0;
0290 }
0291
0292 static int hv_kbd_start(struct serio *serio)
0293 {
0294     struct hv_kbd_dev *kbd_dev = serio->port_data;
0295     unsigned long flags;
0296
0297     spin_lock_irqsave(&kbd_dev->lock, flags);
0298     kbd_dev->started = true;
0299     spin_unlock_irqrestore(&kbd_dev->lock, flags);
0300
0301     return 0;
0302 }
0303
0304 static void hv_kbd_stop(struct serio *serio)
0305 {
0306     struct hv_kbd_dev *kbd_dev = serio->port_data;
0307     unsigned long flags;
0308
0309     spin_lock_irqsave(&kbd_dev->lock, flags);
0310     kbd_dev->started = false;
0311     spin_unlock_irqrestore(&kbd_dev->lock, flags);
0312 }
0313
0314 static int hv_kbd_probe(struct hv_device *hv_dev,
0315             const struct hv_vmbus_device_id *dev_id)
0316 {
0317     struct hv_kbd_dev *kbd_dev;
0318     struct serio *hv_serio;
0319     int error;
0320
0321     kbd_dev = kzalloc(sizeof(struct hv_kbd_dev), GFP_KERNEL);
0322     hv_serio = kzalloc(sizeof(struct serio), GFP_KERNEL);
0323     if (!kbd_dev || !hv_serio) {
0324         error = -ENOMEM;
0325         goto err_free_mem;
0326     }
0327
0328     kbd_dev->hv_dev = hv_dev;
0329     kbd_dev->hv_serio = hv_serio;
0330     spin_lock_init(&kbd_dev->lock);
0331     init_completion(&kbd_dev->wait_event);
0332     hv_set_drvdata(hv_dev, kbd_dev);
0333
0334     hv_serio->dev.parent  = &hv_dev->device;
0335     hv_serio->id.type = SERIO_8042_XL;
0336     hv_serio->port_data = kbd_dev;
0337     strlcpy(hv_serio->name, dev_name(&hv_dev->device),
0338         sizeof(hv_serio->name));
0339     strlcpy(hv_serio->phys, dev_name(&hv_dev->device),
0340         sizeof(hv_serio->phys));
0341
0342     hv_serio->start = hv_kbd_start;
0343     hv_serio->stop = hv_kbd_stop;
0344
0345     error = vmbus_open(hv_dev->channel,
0346                KBD_VSC_SEND_RING_BUFFER_SIZE,
0347                KBD_VSC_RECV_RING_BUFFER_SIZE,
0348                NULL, 0,
0349                hv_kbd_on_channel_callback,
0350                hv_dev);
0351     if (error)
0352         goto err_free_mem;
0353
0354     error = hv_kbd_connect_to_vsp(hv_dev);
0355     if (error)
0356         goto err_close_vmbus;
0357
0358     serio_register_port(kbd_dev->hv_serio);
0359
0360     device_init_wakeup(&hv_dev->device, true);
0361
0362     return 0;
0363
0364 err_close_vmbus:
0365     vmbus_close(hv_dev->channel);
0366 err_free_mem:
0367     kfree(hv_serio);
0368     kfree(kbd_dev);
0369     return error;
0370 }
0371
0372 static int hv_kbd_remove(struct hv_device *hv_dev)
0373 {
0374     struct hv_kbd_dev *kbd_dev = hv_get_drvdata(hv_dev);
0375
0376     serio_unregister_port(kbd_dev->hv_serio);
0377     vmbus_close(hv_dev->channel);
0378     kfree(kbd_dev);
0379
0380     hv_set_drvdata(hv_dev, NULL);
0381
0382     return 0;
0383 }
0384
0385 static int hv_kbd_suspend(struct hv_device *hv_dev)
0386 {
0387     vmbus_close(hv_dev->channel);
0388
0389     return 0;
0390 }
0391
0392 static int hv_kbd_resume(struct hv_device *hv_dev)
0393 {
0394     int ret;
0395
0396     ret = vmbus_open(hv_dev->channel,
0397              KBD_VSC_SEND_RING_BUFFER_SIZE,
0398              KBD_VSC_RECV_RING_BUFFER_SIZE,
0399              NULL, 0,
0400              hv_kbd_on_channel_callback,
0401              hv_dev);
0402     if (ret == 0)
0403         ret = hv_kbd_connect_to_vsp(hv_dev);
0404
0405     return ret;
0406 }
0407
0408 static const struct hv_vmbus_device_id id_table[] = {
0409     /* Keyboard guid */
0410     { HV_KBD_GUID, },
0411     { },
0412 };
0413
0414 MODULE_DEVICE_TABLE(vmbus, id_table);
0415
0416 static struct  hv_driver hv_kbd_drv = {
0417     .name = KBUILD_MODNAME,
0418     .id_table = id_table,
0419     .probe = hv_kbd_probe,
0420     .remove = hv_kbd_remove,
0421     .suspend = hv_kbd_suspend,
0422     .resume = hv_kbd_resume,
0423     .driver = {
0424         .probe_type = PROBE_PREFER_ASYNCHRONOUS,
0425     },
0426 };
0427
0428 static int __init hv_kbd_init(void)
0429 {
0430     return vmbus_driver_register(&hv_kbd_drv);
0431 }
0432
0433 static void __exit hv_kbd_exit(void)
0434 {
0435     vmbus_driver_unregister(&hv_kbd_drv);
0436 }
0437
0438 MODULE_LICENSE("GPL");
0439 MODULE_DESCRIPTION("Microsoft Hyper-V Synthetic Keyboard Driver");
0440
0441 module_init(hv_kbd_init);
0442 module_exit(hv_kbd_exit);