1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3 * PS/2 driver library
4 *
5 * Copyright (c) 1999-2002 Vojtech Pavlik
6 * Copyright (c) 2004 Dmitry Torokhov
7 */
8
9
10 #include <linux/delay.h>
11 #include <linux/module.h>
12 #include <linux/sched.h>
13 #include <linux/interrupt.h>
14 #include <linux/input.h>
15 #include <linux/kmsan-checks.h>
16 #include <linux/serio.h>
17 #include <linux/i8042.h>
18 #include <linux/libps2.h>
19
20 #define DRIVER_DESC "PS/2 driver library"
21
22 MODULE_AUTHOR("Dmitry Torokhov <dtor@mail.ru>");
23 MODULE_DESCRIPTION("PS/2 driver library");
24 MODULE_LICENSE("GPL");
25
ps2_do_sendbyte(struct ps2dev * ps2dev,u8 byte,unsigned int timeout,unsigned int max_attempts)26 static int ps2_do_sendbyte(struct ps2dev *ps2dev, u8 byte,
27 unsigned int timeout, unsigned int max_attempts)
28 __releases(&ps2dev->serio->lock) __acquires(&ps2dev->serio->lock)
29 {
30 int attempt = 0;
31 int error;
32
33 lockdep_assert_held(&ps2dev->serio->lock);
34
35 do {
36 ps2dev->nak = 1;
37 ps2dev->flags |= PS2_FLAG_ACK;
38
39 serio_continue_rx(ps2dev->serio);
40
41 error = serio_write(ps2dev->serio, byte);
42 if (error)
43 dev_dbg(&ps2dev->serio->dev,
44 "failed to write %#02x: %d\n", byte, error);
45 else
46 wait_event_timeout(ps2dev->wait,
47 !(ps2dev->flags & PS2_FLAG_ACK),
48 msecs_to_jiffies(timeout));
49
50 serio_pause_rx(ps2dev->serio);
51 } while (ps2dev->nak == PS2_RET_NAK && ++attempt < max_attempts);
52
53 ps2dev->flags &= ~PS2_FLAG_ACK;
54
55 if (!error) {
56 switch (ps2dev->nak) {
57 case 0:
58 break;
59 case PS2_RET_NAK:
60 error = -EAGAIN;
61 break;
62 case PS2_RET_ERR:
63 error = -EPROTO;
64 break;
65 default:
66 error = -EIO;
67 break;
68 }
69 }
70
71 if (error || attempt > 1)
72 dev_dbg(&ps2dev->serio->dev,
73 "%02x - %d (%x), attempt %d\n",
74 byte, error, ps2dev->nak, attempt);
75
76 return error;
77 }
78
79 /*
80 * ps2_sendbyte() sends a byte to the device and waits for acknowledge.
81 * It doesn't handle retransmission, the caller is expected to handle
82 * it when needed.
83 *
84 * ps2_sendbyte() can only be called from a process context.
85 */
86
ps2_sendbyte(struct ps2dev * ps2dev,u8 byte,unsigned int timeout)87 int ps2_sendbyte(struct ps2dev *ps2dev, u8 byte, unsigned int timeout)
88 {
89 int retval;
90
91 serio_pause_rx(ps2dev->serio);
92
93 retval = ps2_do_sendbyte(ps2dev, byte, timeout, 1);
94 dev_dbg(&ps2dev->serio->dev, "%02x - %x\n", byte, ps2dev->nak);
95
96 serio_continue_rx(ps2dev->serio);
97
98 return retval;
99 }
100 EXPORT_SYMBOL(ps2_sendbyte);
101
ps2_begin_command(struct ps2dev * ps2dev)102 void ps2_begin_command(struct ps2dev *ps2dev)
103 {
104 struct mutex *m = ps2dev->serio->ps2_cmd_mutex ?: &ps2dev->cmd_mutex;
105
106 mutex_lock(m);
107 }
108 EXPORT_SYMBOL(ps2_begin_command);
109
ps2_end_command(struct ps2dev * ps2dev)110 void ps2_end_command(struct ps2dev *ps2dev)
111 {
112 struct mutex *m = ps2dev->serio->ps2_cmd_mutex ?: &ps2dev->cmd_mutex;
113
114 mutex_unlock(m);
115 }
116 EXPORT_SYMBOL(ps2_end_command);
117
118 /*
119 * ps2_drain() waits for device to transmit requested number of bytes
120 * and discards them.
121 */
122
ps2_drain(struct ps2dev * ps2dev,size_t maxbytes,unsigned int timeout)123 void ps2_drain(struct ps2dev *ps2dev, size_t maxbytes, unsigned int timeout)
124 {
125 if (maxbytes > sizeof(ps2dev->cmdbuf)) {
126 WARN_ON(1);
127 maxbytes = sizeof(ps2dev->cmdbuf);
128 }
129
130 ps2_begin_command(ps2dev);
131
132 serio_pause_rx(ps2dev->serio);
133 ps2dev->flags = PS2_FLAG_CMD;
134 ps2dev->cmdcnt = maxbytes;
135 serio_continue_rx(ps2dev->serio);
136
137 wait_event_timeout(ps2dev->wait,
138 !(ps2dev->flags & PS2_FLAG_CMD),
139 msecs_to_jiffies(timeout));
140
141 ps2_end_command(ps2dev);
142 }
143 EXPORT_SYMBOL(ps2_drain);
144
145 /*
146 * ps2_is_keyboard_id() checks received ID byte against the list of
147 * known keyboard IDs.
148 */
149
ps2_is_keyboard_id(u8 id_byte)150 bool ps2_is_keyboard_id(u8 id_byte)
151 {
152 static const u8 keyboard_ids[] = {
153 0xab, /* Regular keyboards */
154 0xac, /* NCD Sun keyboard */
155 0x2b, /* Trust keyboard, translated */
156 0x5d, /* Trust keyboard */
157 0x60, /* NMB SGI keyboard, translated */
158 0x47, /* NMB SGI keyboard */
159 };
160
161 return memchr(keyboard_ids, id_byte, sizeof(keyboard_ids)) != NULL;
162 }
163 EXPORT_SYMBOL(ps2_is_keyboard_id);
164
165 /*
166 * ps2_adjust_timeout() is called after receiving 1st byte of command
167 * response and tries to reduce remaining timeout to speed up command
168 * completion.
169 */
170
ps2_adjust_timeout(struct ps2dev * ps2dev,unsigned int command,unsigned int timeout)171 static int ps2_adjust_timeout(struct ps2dev *ps2dev,
172 unsigned int command, unsigned int timeout)
173 {
174 switch (command) {
175 case PS2_CMD_RESET_BAT:
176 /*
177 * Device has sent the first response byte after
178 * reset command, reset is thus done, so we can
179 * shorten the timeout.
180 * The next byte will come soon (keyboard) or not
181 * at all (mouse).
182 */
183 if (timeout > msecs_to_jiffies(100))
184 timeout = msecs_to_jiffies(100);
185 break;
186
187 case PS2_CMD_GETID:
188 /*
189 * Microsoft Natural Elite keyboard responds to
190 * the GET ID command as it were a mouse, with
191 * a single byte. Fail the command so atkbd will
192 * use alternative probe to detect it.
193 */
194 if (ps2dev->cmdbuf[1] == 0xaa) {
195 serio_pause_rx(ps2dev->serio);
196 ps2dev->flags = 0;
197 serio_continue_rx(ps2dev->serio);
198 timeout = 0;
199 }
200
201 /*
202 * If device behind the port is not a keyboard there
203 * won't be 2nd byte of ID response.
204 */
205 if (!ps2_is_keyboard_id(ps2dev->cmdbuf[1])) {
206 serio_pause_rx(ps2dev->serio);
207 ps2dev->flags = ps2dev->cmdcnt = 0;
208 serio_continue_rx(ps2dev->serio);
209 timeout = 0;
210 }
211 break;
212
213 default:
214 break;
215 }
216
217 return timeout;
218 }
219
220 /*
221 * ps2_command() sends a command and its parameters to the mouse,
222 * then waits for the response and puts it in the param array.
223 *
224 * ps2_command() can only be called from a process context
225 */
226
__ps2_command(struct ps2dev * ps2dev,u8 * param,unsigned int command)227 int __ps2_command(struct ps2dev *ps2dev, u8 *param, unsigned int command)
228 {
229 unsigned int timeout;
230 unsigned int send = (command >> 12) & 0xf;
231 unsigned int receive = (command >> 8) & 0xf;
232 int rc;
233 int i;
234 u8 send_param[16];
235
236 if (receive > sizeof(ps2dev->cmdbuf)) {
237 WARN_ON(1);
238 return -EINVAL;
239 }
240
241 if (send && !param) {
242 WARN_ON(1);
243 return -EINVAL;
244 }
245
246 memcpy(send_param, param, send);
247
248 serio_pause_rx(ps2dev->serio);
249
250 ps2dev->flags = command == PS2_CMD_GETID ? PS2_FLAG_WAITID : 0;
251 ps2dev->cmdcnt = receive;
252 if (receive && param)
253 for (i = 0; i < receive; i++)
254 ps2dev->cmdbuf[(receive - 1) - i] = param[i];
255
256 /* Signal that we are sending the command byte */
257 ps2dev->flags |= PS2_FLAG_ACK_CMD;
258
259 /*
260 * Some devices (Synaptics) peform the reset before
261 * ACKing the reset command, and so it can take a long
262 * time before the ACK arrives.
263 */
264 timeout = command == PS2_CMD_RESET_BAT ? 1000 : 200;
265
266 rc = ps2_do_sendbyte(ps2dev, command & 0xff, timeout, 2);
267 if (rc)
268 goto out_reset_flags;
269
270 /* Now we are sending command parameters, if any */
271 ps2dev->flags &= ~PS2_FLAG_ACK_CMD;
272
273 for (i = 0; i < send; i++) {
274 rc = ps2_do_sendbyte(ps2dev, param[i], 200, 2);
275 if (rc)
276 goto out_reset_flags;
277 }
278
279 serio_continue_rx(ps2dev->serio);
280
281 /*
282 * The reset command takes a long time to execute.
283 */
284 timeout = msecs_to_jiffies(command == PS2_CMD_RESET_BAT ? 4000 : 500);
285
286 timeout = wait_event_timeout(ps2dev->wait,
287 !(ps2dev->flags & PS2_FLAG_CMD1), timeout);
288
289 if (ps2dev->cmdcnt && !(ps2dev->flags & PS2_FLAG_CMD1)) {
290
291 timeout = ps2_adjust_timeout(ps2dev, command, timeout);
292 wait_event_timeout(ps2dev->wait,
293 !(ps2dev->flags & PS2_FLAG_CMD), timeout);
294 }
295
296 serio_pause_rx(ps2dev->serio);
297
298 if (param) {
299 for (i = 0; i < receive; i++)
300 param[i] = ps2dev->cmdbuf[(receive - 1) - i];
301 kmsan_unpoison_memory(param, receive);
302 }
303
304 if (ps2dev->cmdcnt &&
305 (command != PS2_CMD_RESET_BAT || ps2dev->cmdcnt != 1)) {
306 rc = -EPROTO;
307 goto out_reset_flags;
308 }
309
310 rc = 0;
311
312 out_reset_flags:
313 ps2dev->flags = 0;
314 serio_continue_rx(ps2dev->serio);
315
316 dev_dbg(&ps2dev->serio->dev,
317 "%02x [%*ph] - %x/%08lx [%*ph]\n",
318 command & 0xff, send, send_param,
319 ps2dev->nak, ps2dev->flags,
320 receive, param ?: send_param);
321
322 /*
323 * ps_command() handles resends itself, so do not leak -EAGAIN
324 * to the callers.
325 */
326 return rc != -EAGAIN ? rc : -EPROTO;
327 }
328 EXPORT_SYMBOL(__ps2_command);
329
ps2_command(struct ps2dev * ps2dev,u8 * param,unsigned int command)330 int ps2_command(struct ps2dev *ps2dev, u8 *param, unsigned int command)
331 {
332 int rc;
333
334 ps2_begin_command(ps2dev);
335 rc = __ps2_command(ps2dev, param, command);
336 ps2_end_command(ps2dev);
337
338 return rc;
339 }
340 EXPORT_SYMBOL(ps2_command);
341
342 /*
343 * ps2_sliced_command() sends an extended PS/2 command to the mouse
344 * using sliced syntax, understood by advanced devices, such as Logitech
345 * or Synaptics touchpads. The command is encoded as:
346 * 0xE6 0xE8 rr 0xE8 ss 0xE8 tt 0xE8 uu where (rr*64)+(ss*16)+(tt*4)+uu
347 * is the command.
348 */
349
ps2_sliced_command(struct ps2dev * ps2dev,u8 command)350 int ps2_sliced_command(struct ps2dev *ps2dev, u8 command)
351 {
352 int i;
353 int retval;
354
355 ps2_begin_command(ps2dev);
356
357 retval = __ps2_command(ps2dev, NULL, PS2_CMD_SETSCALE11);
358 if (retval)
359 goto out;
360
361 for (i = 6; i >= 0; i -= 2) {
362 u8 d = (command >> i) & 3;
363 retval = __ps2_command(ps2dev, &d, PS2_CMD_SETRES);
364 if (retval)
365 break;
366 }
367
368 out:
369 dev_dbg(&ps2dev->serio->dev, "%02x - %d\n", command, retval);
370 ps2_end_command(ps2dev);
371 return retval;
372 }
373 EXPORT_SYMBOL(ps2_sliced_command);
374
375 /*
376 * ps2_init() initializes ps2dev structure
377 */
378
ps2_init(struct ps2dev * ps2dev,struct serio * serio)379 void ps2_init(struct ps2dev *ps2dev, struct serio *serio)
380 {
381 mutex_init(&ps2dev->cmd_mutex);
382 lockdep_set_subclass(&ps2dev->cmd_mutex, serio->depth);
383 init_waitqueue_head(&ps2dev->wait);
384 ps2dev->serio = serio;
385 }
386 EXPORT_SYMBOL(ps2_init);
387
388 /*
389 * ps2_handle_ack() is supposed to be used in interrupt handler
390 * to properly process ACK/NAK of a command from a PS/2 device.
391 */
392
ps2_handle_ack(struct ps2dev * ps2dev,u8 data)393 bool ps2_handle_ack(struct ps2dev *ps2dev, u8 data)
394 {
395 switch (data) {
396 case PS2_RET_ACK:
397 ps2dev->nak = 0;
398 break;
399
400 case PS2_RET_NAK:
401 ps2dev->flags |= PS2_FLAG_NAK;
402 ps2dev->nak = PS2_RET_NAK;
403 break;
404
405 case PS2_RET_ERR:
406 if (ps2dev->flags & PS2_FLAG_NAK) {
407 ps2dev->flags &= ~PS2_FLAG_NAK;
408 ps2dev->nak = PS2_RET_ERR;
409 break;
410 }
411 fallthrough;
412
413 /*
414 * Workaround for mice which don't ACK the Get ID command.
415 * These are valid mouse IDs that we recognize.
416 */
417 case 0x00:
418 case 0x03:
419 case 0x04:
420 if (ps2dev->flags & PS2_FLAG_WAITID) {
421 ps2dev->nak = 0;
422 break;
423 }
424 fallthrough;
425 default:
426 /*
427 * Do not signal errors if we get unexpected reply while
428 * waiting for an ACK to the initial (first) command byte:
429 * the device might not be quiesced yet and continue
430 * delivering data.
431 * Note that we reset PS2_FLAG_WAITID flag, so the workaround
432 * for mice not acknowledging the Get ID command only triggers
433 * on the 1st byte; if device spews data we really want to see
434 * a real ACK from it.
435 */
436 dev_dbg(&ps2dev->serio->dev, "unexpected %#02x\n", data);
437 ps2dev->flags &= ~PS2_FLAG_WAITID;
438 return ps2dev->flags & PS2_FLAG_ACK_CMD;
439 }
440
441 if (!ps2dev->nak) {
442 ps2dev->flags &= ~PS2_FLAG_NAK;
443 if (ps2dev->cmdcnt)
444 ps2dev->flags |= PS2_FLAG_CMD | PS2_FLAG_CMD1;
445 }
446
447 ps2dev->flags &= ~PS2_FLAG_ACK;
448 wake_up(&ps2dev->wait);
449
450 if (data != PS2_RET_ACK)
451 ps2_handle_response(ps2dev, data);
452
453 return true;
454 }
455 EXPORT_SYMBOL(ps2_handle_ack);
456
457 /*
458 * ps2_handle_response() is supposed to be used in interrupt handler
459 * to properly store device's response to a command and notify process
460 * waiting for completion of the command.
461 */
462
ps2_handle_response(struct ps2dev * ps2dev,u8 data)463 bool ps2_handle_response(struct ps2dev *ps2dev, u8 data)
464 {
465 if (ps2dev->cmdcnt)
466 ps2dev->cmdbuf[--ps2dev->cmdcnt] = data;
467
468 if (ps2dev->flags & PS2_FLAG_CMD1) {
469 ps2dev->flags &= ~PS2_FLAG_CMD1;
470 if (ps2dev->cmdcnt)
471 wake_up(&ps2dev->wait);
472 }
473
474 if (!ps2dev->cmdcnt) {
475 ps2dev->flags &= ~PS2_FLAG_CMD;
476 wake_up(&ps2dev->wait);
477 }
478
479 return true;
480 }
481 EXPORT_SYMBOL(ps2_handle_response);
482
ps2_cmd_aborted(struct ps2dev * ps2dev)483 void ps2_cmd_aborted(struct ps2dev *ps2dev)
484 {
485 if (ps2dev->flags & PS2_FLAG_ACK)
486 ps2dev->nak = 1;
487
488 if (ps2dev->flags & (PS2_FLAG_ACK | PS2_FLAG_CMD))
489 wake_up(&ps2dev->wait);
490
491 /* reset all flags except last nack */
492 ps2dev->flags &= PS2_FLAG_NAK;
493 }
494 EXPORT_SYMBOL(ps2_cmd_aborted);
495