From patchwork Sun May 17 16:00:52 2015
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: penghao122@sina.com
X-Patchwork-Id: 473185
Return-Path: <qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from lists.gnu.org (lists.gnu.org [IPv6:2001:4830:134:3::11])
	(using TLSv1 with cipher AES256-SHA (256/256 bits))
	(No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id EDFAD140283
	for <incoming@patchwork.ozlabs.org>;
	Mon, 18 May 2015 02:23:07 +1000 (AEST)
Received: from localhost ([::1]:37983 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71) (envelope-from
	<qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>)
	id 1Yu1LD-00018u-Fl
	for incoming@patchwork.ozlabs.org; Sun, 17 May 2015 12:23:03 -0400
Received: from eggs.gnu.org ([208.118.235.92]:37960)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <penghao122@sina.com>) id 1Yu1Ku-0000lH-G7
	for qemu-devel@nongnu.org; Sun, 17 May 2015 12:22:46 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <penghao122@sina.com>) id 1Yu1Kp-0002Kx-Mc
	for qemu-devel@nongnu.org; Sun, 17 May 2015 12:22:44 -0400
Received: from mail228-171.sinamail.sina.com.cn ([60.28.228.171]:40967
	helo=smtp2911-208.mail.sina.com.cn)
	by eggs.gnu.org with smtp (Exim 4.71)
	(envelope-from <penghao122@sina.com>) id 1Yu1Ko-0002JC-Q8
	for qemu-devel@nongnu.org; Sun, 17 May 2015 12:22:39 -0400
Received: from webmail13.fmail.tg.sinanode.com (HELO
	webmail.sinamail.sina.com.cn)([172.16.201.35]) by sina.com with SMTP
	18 May 2015 00:00:52 +0800 (CST)
X-Sender: penghao122@sina.com
X-SMAIL-MID: 72682113001916
Received: by webmail.sinamail.sina.com.cn (Postfix, from userid 80)
	id 6B12849ED81; Mon, 18 May 2015 00:00:52 +0800 (CST)
Date: Mon, 18 May 2015 00:00:52 +0800
Received: from penghao122@sina.com([218.89.219.97]) by m0.mail.sina.com.cn
	via HTTP; Mon, 18 May 2015 00:00:52 +0800 (CST)
From: <penghao122@sina.com>
To: "qemu-devel" <qemu-devel@nongnu.org>
MIME-Version: 1.0
X-Priority: 3
X-MessageID: 5558bb343735037
X-Originating-IP: [172.16.201.35]
X-Mailer: Sina WebMail 4.0
Message-Id: <20150517160052.6B12849ED81@webmail.sinamail.sina.com.cn>
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x [fuzzy]
X-Received-From: 60.28.228.171
Cc: qemu-stable <qemu-stable@nongnu.org>
Subject: [Qemu-devel]   [PATCH] keyboard: handle ps2 typing buffer overrun
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.14
Precedence: list
Reply-To: penghao122@sina.com
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org
Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org

Subject: [PATCH] keyboard: handle ps2 typing buffer overrun
Starting a linux guest with ps2 keyboard, if you type many times during leaving
grub and into linux kernel,then you can't use keyboard after linux initialization finished.
Specally when you setup linux guest from iso file,you will type in grub.
During grub,the work method of ps2 keyboard is like this:
First, ps2 keyboard driver send command KBD_CCMD_KBD_ENABLE.
Second, if there is a keyboard input, then ps2 keyboard driver read data.
Third, ps2 keyboard driver send command KBD_CCMD_KBD_ENABLE again.
After leaving grub and before finishing linux kernel ps2 driver initialization,
if you type many times, the input data keep saving in ps2 queue of qemu.
Before linux kernel initialize ps2 keyboard,linux call i8042_controller_check,
if i8042_controller_check return fail, then ps2 keyboard driver will never initialize.
(i8042.c in kernel 2.6.32 )
static int i8042_controller_check(void)
{
    if (i8042_flush() == I8042_BUFFER_SIZE)
        return -ENODEV;
    return 0;
}
static int i8042_flush(void)
{
  ...
    while (((str = i8042_read_status()) & I8042_STR_OBF) && (i < I8042_BUFFER_SIZE)) {
        udelay(50);
        data = i8042_read_data();
        i++;
     }
    return i;
}
During calling i8042_flush it is full in ps2 queue of qemu. ps_read_data will execute
kbd_update_irq(s->update_arg, q->count != 0). Because q->count!=0, kbd_update_irq can set
I8042_STR_OBF. Then i8042_flush() will return I8042_BUFFER_SIZE.
Signed-off-by: Hao Peng <penghao122@sina.com>
---
 hw/input/pckbd.c       | 11 +++++++++--
 hw/input/ps2.c         |  7 +++++++
 include/hw/input/ps2.h |  1 +
 3 files changed, 17 insertions(+), 2 deletions(-)

diff --git a/hw/input/pckbd.c b/hw/input/pckbd.c
index 9b9a7d7..1253b04 100644
--- a/hw/input/pckbd.c
+++ b/hw/input/pckbd.c
@@ -207,6 +207,8 @@ static uint64_t kbd_read_status(void *opaque, hwaddr addr,
     KBDState *s = opaque;
     int val;
     val = s->status;
+    if(s->write_cmd == KBD_CCMD_KBD_ENABLE)
+        val &= ~KBD_STAT_OBF;
     DPRINTF("kbd: read status=0x%02x\n", val);
     return val;
 }
@@ -251,9 +253,10 @@ static void kbd_write_command(void *opaque, hwaddr addr,
         else
             val = KBD_CCMD_NO_OP;
     }
-
+    s->write_cmd = 0;
     switch(val) {
     case KBD_CCMD_READ_MODE:
+        ps2_clear_queue(s->kbd);
         kbd_queue(s, s->mode, 0);
         break;
     case KBD_CCMD_WRITE_MODE:
@@ -284,6 +287,7 @@ static void kbd_write_command(void *opaque, hwaddr addr,
         kbd_update_irq(s);
         break;
     case KBD_CCMD_KBD_ENABLE:
+        s->write_cmd = KBD_CCMD_KBD_ENABLE;
         s->mode &= ~KBD_MODE_DISABLE_KBD;
         kbd_update_irq(s);
         break;
@@ -364,7 +368,10 @@ static void kbd_write_data(void *opaque, hwaddr addr,
     default:
         break;
     }
-    s->write_cmd = 0;
+    if(s->write_cmd == KBD_CCMD_WRITE_MODE && s->mode == 0x61)
+        s->write_cmd = KBD_CCMD_KBD_ENABLE;
+    else
+        s->write_cmd = 0;
 }
 
 static void kbd_reset(void *opaque)
diff --git a/hw/input/ps2.c b/hw/input/ps2.c
index 4baeea2..b7c72bb 100644
--- a/hw/input/ps2.c
+++ b/hw/input/ps2.c
@@ -151,6 +151,13 @@ void ps2_queue(void *opaque, int b)
     s->update_irq(s->update_arg, 1);
 }
 
+void ps2_clear_queue(void *opaque)
+{
+    PS2State *s = (PS2State *)opaque;
+    PS2Queue *q = &s->queue;
+    q->wptr = q->rptr = q->count = 0;
+}
+
 /*
    keycode is expressed as follow:
    bit 7    - 0 key pressed, 1 = key released
diff --git a/include/hw/input/ps2.h b/include/hw/input/ps2.h
index 7c45ce7..7bd9158 100644
--- a/include/hw/input/ps2.h
+++ b/include/hw/input/ps2.h
@@ -32,6 +32,7 @@ void ps2_write_mouse(void *, int val);
 void ps2_write_keyboard(void *, int val);
 uint32_t ps2_read_data(void *);
 void ps2_queue(void *, int b);
+void ps2_clear_queue(void *opaque);
 void ps2_keyboard_set_translation(void *opaque, int mode);
 void ps2_mouse_fake_event(void *opaque);