xref: /titanic_41/usr/src/uts/common/io/conskbd.c (revision 3010f05b8e7c41a103780aa9306659706e47f207)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 
22 /*
23  * Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
24  * Use is subject to license terms.
25  */
26 
27 #pragma ident	"%Z%%M%	%I%	%E% SMI"
28 
29 /*
30  * Console kbd multiplexor driver for Sun.
31  * The console "zs" port is linked under us, with the "kbd" module pushed
32  * on top of it.
33  * Minor device 0 is what programs normally use.
34  * Minor device 1 is used to feed predigested keystrokes to the "workstation
35  * console" driver, which it is linked beneath.
36  *
37  *
38  *     This module can support multiple keyboards to be used simultaneously.
39  * and enable users to use at a time multiple keyboards connected to the
40  * same system. All the keyboards are linked under conskbd, and act as a
41  * keyboard with replicated keys.
42  *
43  *     The DIN keyboards of SUN, for exmple , type 3/4/5,  are supported via
44  * a two-level architecure. The lower one is one of serialport drivers, such
45  * as zs, se, and the upper is  "kb" STREAMS module. Currenly, the serialport
46  * drivers don't support polled I/O interfaces, we couldn't group the keyboard
47  * of this kind under conskbd. So we do as the follows:
48  *
49  *         A new ioctl CONSSETKBDTYPE interface between conskbd and lower
50  *     keyboard drivers is added. When conskbd receives I_LINK or I_PLINK
51  *     ioctl, it will send a CONSSETKBDTYPE ioctl to the driver which is
52  *     requesting to be linked under conskbd. If the lower driver does't
53  *     recognize this ioctl, the virtual keyboard will be disabled so that
54  *     only one keyboard instance could be linked under conskbd.
55  */
56 #define	KEYMAP_SIZE_VARIABLE
57 
58 #include <sys/types.h>
59 #include <sys/param.h>
60 #include <sys/stropts.h>
61 #include <sys/stream.h>
62 #include <sys/strsubr.h>
63 #include <sys/strsun.h>
64 #include <sys/conf.h>
65 #include <sys/stat.h>
66 #include <sys/errno.h>
67 #include <sys/modctl.h>
68 #include <sys/kbio.h>
69 #include <sys/ddi.h>
70 #include <sys/sunddi.h>
71 #include <sys/consdev.h>
72 #include <sys/note.h>
73 #include <sys/kmem.h>
74 #include <sys/kstat.h>
75 #include <sys/policy.h>
76 #include <sys/kbd.h>
77 #include <sys/kbtrans.h>
78 #include <sys/promif.h>
79 #include <sys/vuid_event.h>
80 #include <sys/conskbd.h>
81 
82 extern struct keyboard *kbtrans_usbkb_maptab_init(void);
83 extern void kbtrans_usbkb_maptab_fini(struct keyboard **);
84 extern int ddi_create_internal_pathname(dev_info_t *, char *, int, minor_t);
85 
86 /*
87  * Module linkage routines for the kernel
88  */
89 static int conskbd_attach(dev_info_t *, ddi_attach_cmd_t);
90 static int conskbd_detach(dev_info_t *, ddi_detach_cmd_t);
91 static int conskbd_info(dev_info_t *, ddi_info_cmd_t, void *, void **);
92 
93 /*
94  * STREAMS queue processing procedures
95  */
96 static void	conskbduwsrv(queue_t *);
97 static void	conskbdlwserv(queue_t *);
98 static void	conskbdlrput(queue_t *, mblk_t *);
99 static void	conskbdioctl(queue_t *, mblk_t *);
100 static int	conskbdclose(queue_t *, int, cred_t *);
101 static int	conskbdopen(queue_t *, dev_t *, int, int, cred_t *);
102 
103 
104 /* STREAMS driver id and limit value struct */
105 static struct module_info conskbdm_info = {
106 	0,		/* mi_idnum */
107 	"conskbd",	/* mi_idname */
108 	0,		/* mi_minpsz */
109 	1024,		/* mi_maxpsz */
110 	2048,		/* mi_hiwat */
111 	128		/* mi_lowat */
112 };
113 
114 /*
115  * STREAMS queue processing procedure structures
116  */
117 /* upper read queue processing procedure structures */
118 static struct qinit conskbdurinit = {
119 	NULL,			/* qi_putp */
120 	(int (*)())NULL,	/* qi_srvp */
121 	conskbdopen,		/* qi_qopen */
122 	conskbdclose,		/* qi_qclose */
123 	(int (*)())NULL,	/* qi_qadmin */
124 	&conskbdm_info,		/* qi_minfo */
125 	NULL			/* qi_mstat */
126 };
127 
128 /* upper write queue processing procedures structuresi */
129 static struct qinit conskbduwinit = {
130 	(int (*)())putq,		/* qi_putp */
131 	(int (*)())conskbduwsrv,	/* qi_srvp */
132 	conskbdopen,			/* qi_qopen */
133 	conskbdclose,			/* qi_qclose */
134 	(int (*)())NULL,		/* qi_qadmin */
135 	&conskbdm_info,			/* qi_minfo */
136 	NULL				/* qi_mstat */
137 };
138 
139 /* lower read queue processing procedures structures */
140 static struct qinit conskbdlrinit = {
141 	(int (*)())conskbdlrput,	/* qi_putp */
142 	(int (*)())NULL,		/* qi_srvp */
143 	(int (*)())NULL,		/* qi_qopen */
144 	(int (*)())NULL,		/* qi_qclose */
145 	(int (*)())NULL,		/* qi_qadmin */
146 	&conskbdm_info,			/* qi_minfo */
147 	NULL				/* qi_mstat */
148 };
149 
150 /* lower write processing procedures structures */
151 static struct qinit conskbdlwinit = {
152 	putq,				/* qi_putp */
153 	(int (*)())conskbdlwserv,	/* qi_srvp */
154 	(int (*)())NULL,		/* qi_qopen */
155 	(int (*)())NULL,		/* qi_qclose */
156 	(int (*)())NULL,		/* qi_qadmin */
157 	&conskbdm_info,			/* qi_minfo */
158 	NULL				/* qi_mstat */
159 };
160 
161 /* STREAMS entity declaration structure */
162 static struct streamtab conskbd_str_info = {
163 	&conskbdurinit,		/* st_rdinit */
164 	&conskbduwinit,		/* st_wrinit */
165 	&conskbdlrinit,		/* st_muxrinit */
166 	&conskbdlwinit,		/* st_muxwinit */
167 };
168 
169 
170 /* Entry points structure */
171 static 	struct cb_ops cb_conskbd_ops = {
172 	nulldev,		/* cb_open */
173 	nulldev,		/* cb_close */
174 	nodev,			/* cb_strategy */
175 	nodev,			/* cb_print */
176 	nodev,			/* cb_dump */
177 	nodev,			/* cb_read */
178 	nodev,			/* cb_write */
179 	nodev,			/* cb_ioctl */
180 	nodev,			/* cb_devmap */
181 	nodev,			/* cb_mmap */
182 	nodev,			/* cb_segmap */
183 	nochpoll,		/* cb_chpoll */
184 	ddi_prop_op,		/* cb_prop_op */
185 	&conskbd_str_info,	/* cb_stream */
186 	D_MP | D_MTOUTPERIM	/* cb_flag */
187 };
188 
189 
190 /*
191  * Device operations structure
192  */
193 static struct dev_ops conskbd_ops = {
194 	DEVO_REV,		/* devo_rev */
195 	0,			/* devo_refcnt */
196 	conskbd_info,		/* devo_getinfo */
197 	nulldev,		/* devo_identify */
198 	nulldev,		/* devo_probe */
199 	conskbd_attach,		/* devo_attach */
200 	conskbd_detach,		/* devo_detach */
201 	nodev,			/* devo_reset */
202 	&(cb_conskbd_ops),	/* devo_cb_ops */
203 	(struct bus_ops *)NULL,	/* devo_bus_ops */
204 	NULL			/* devo_power */
205 };
206 
207 /*
208  * Module linkage information for the kernel.
209  */
210 static struct modldrv modldrv = {
211 	&mod_driverops, /* Type of module.  This one is a pseudo driver */
212 	"Console kbd Multiplexer driver 'conskbd' %I%",
213 	&conskbd_ops,	/* driver ops */
214 };
215 
216 /*
217  * Module linkage structure
218  */
219 static struct modlinkage modlinkage = {
220 	MODREV_1,	/* ml_rev */
221 	&modldrv,	/* ml_linkage */
222 	NULL		/* NULL terminates the list */
223 };
224 
225 /*
226  * Debug printing
227  */
228 #ifndef DPRINTF
229 #ifdef DEBUG
230 void	conskbd_dprintf(const char *fmt, ...);
231 #define	DPRINTF(l, m, args) \
232 	(((l) >= conskbd_errlevel) && ((m) & conskbd_errmask) ?	\
233 		conskbd_dprintf args :				\
234 		(void) 0)
235 
236 /*
237  * Severity levels for printing
238  */
239 #define	PRINT_L0	0	/* print every message */
240 #define	PRINT_L1	1	/* debug */
241 #define	PRINT_L2	2	/* quiet */
242 
243 /*
244  * Masks
245  */
246 #define	PRINT_MASK_ALL		0xFFFFFFFFU
247 uint_t	conskbd_errmask = PRINT_MASK_ALL;
248 uint_t	conskbd_errlevel = PRINT_L2;
249 
250 #else
251 #define	DPRINTF(l, m, args)	/* NOTHING */
252 #endif
253 #endif
254 
255 /*
256  * Module global data are protected by the per-module inner perimeter
257  */
258 static	queue_t	*conskbd_regqueue; /* regular keyboard queue above us */
259 static	queue_t	*conskbd_consqueue; /* console queue above us */
260 
261 
262 static dev_info_t *conskbd_dip;		/* private copy of devinfo pointer */
263 static long	conskbd_idle_stamp;	/* seconds tstamp of latest keystroke */
264 static struct keyboard *conskbd_keyindex;
265 
266 /*
267  * Normally, kstats of type KSTAT_TYPE_NAMED have multiple elements.  In
268  * this case we use this type for a single element because the ioctl code
269  * for it knows how to handle mixed kernel/user data models.  Also, it
270  * will be easier to add new statistics later.
271  */
272 static struct {
273 	kstat_named_t idle_sec;		/* seconds since last keystroke */
274 } conskbd_kstat = {
275 	{ "idle_sec", KSTAT_DATA_LONG, }
276 };
277 
278 /*
279  * Local routines prototypes
280  */
281 static int conskbd_kstat_update(kstat_t *, int);
282 
283 static void conskbd_ioc_plink(queue_t *, mblk_t *);
284 static void conskbd_legacy_kbd_ioctl(queue_t *, mblk_t *);
285 static void conskbd_virtual_kbd_ioctl(queue_t *, mblk_t *);
286 static mblk_t *conskbd_alloc_firm_event(int, int);
287 
288 static conskbd_pending_msg_t *conskbd_mux_find_msg(mblk_t *);
289 static void conskbd_mux_enqueue_msg(conskbd_pending_msg_t *);
290 static void conskbd_mux_dequeue_msg(conskbd_pending_msg_t *);
291 static void conskbd_link_lower_queue(conskbd_lower_queue_t *);
292 
293 static void conskbd_handle_downstream_msg(queue_t *, mblk_t *);
294 static void conskbd_kioctype_complete(conskbd_lower_queue_t *, mblk_t *);
295 static void conskbd_kioctrans_complete(conskbd_lower_queue_t *, mblk_t *);
296 static void conskbd_kioclayout_complete(conskbd_lower_queue_t *, mblk_t *);
297 static void conskbd_kiocsled_complete(conskbd_lower_queue_t *, mblk_t *);
298 static void conskbd_mux_upstream_msg(conskbd_lower_queue_t *, mblk_t *);
299 static void conskbd_legacy_upstream_msg(conskbd_lower_queue_t *, mblk_t *);
300 static void conskbd_lqs_ack_complete(conskbd_lower_queue_t *, mblk_t *);
301 
302 static void conskbd_polledio_enter(struct cons_polledio_arg *);
303 static void conskbd_polledio_exit(struct cons_polledio_arg *);
304 static int  conskbd_polledio_ischar(struct cons_polledio_arg *);
305 static int  conskbd_polledio_getchar(struct cons_polledio_arg *);
306 static void conskbd_polledio_setled(struct kbtrans_hardware *, int);
307 
308 static void conskbd_streams_setled(struct kbtrans_hardware *, int);
309 static boolean_t conskbd_override_kbtrans(queue_t *, mblk_t *);
310 static boolean_t
311 conskbd_polled_keycheck(struct kbtrans_hardware *,
312 		kbtrans_key_t *, enum keystate *);
313 
314 /*
315  * Callbacks needed by kbtrans
316  */
317 static struct kbtrans_callbacks conskbd_callbacks = {
318 	conskbd_streams_setled,
319 	conskbd_polledio_setled,
320 	conskbd_polled_keycheck,
321 };
322 
323 /*
324  * Single private "global" lock for the few rare conditions
325  * we want single-threaded.
326  */
327 static	kmutex_t	conskbd_lq_lock;
328 static	kmutex_t	conskbd_msgq_lock;
329 static	conskbd_pending_msg_t	*conskbd_msg_queue;
330 
331 /*
332  * The software state structure of virtual keyboard.
333  * Currently, only one virtual keyboard is support.
334  */
335 static conskbd_state_t	conskbd = { 0 };
336 
337 /* This variable backs up the layout state for non-self-ID keyboards */
338 static int kbd_layout_bak = 0;
339 
340 /*
341  * _init()
342  *
343  * Description:
344  *      Driver initialization, called when driver is first loaded.
345  *      This is how access is initially given to all the static structures.
346  *
347  * Arguments:
348  *      None
349  *
350  * Returns:
351  *      ddi_soft_state_init() status, see ddi_soft_state_init(9f), or
352  *      mod_install() status, see mod_install(9f)
353  */
354 int
355 _init(void)
356 {
357 	int	error;
358 
359 	error = mod_install(&modlinkage);
360 	if (error != 0) {
361 		return (error);
362 	}
363 
364 	conskbd_keyindex = kbtrans_usbkb_maptab_init();
365 
366 	mutex_init(&conskbd_lq_lock, NULL, MUTEX_DRIVER, NULL);
367 	mutex_init(&conskbd_msgq_lock, NULL, MUTEX_DRIVER, NULL);
368 
369 	return (error);
370 
371 }	/* _init() */
372 
373 /*
374  * _fini()
375  *
376  * Description:
377  *      Module de-initialization, called when the driver is to be unloaded.
378  *
379  * Arguments:
380  *      None
381  *
382  * Returns:
383  *      mod_remove() status, see mod_remove(9f)
384  */
385 int
386 _fini(void)
387 {
388 	int	error;
389 
390 	error = mod_remove(&modlinkage);
391 	if (error != 0)
392 		return (error);
393 	mutex_destroy(&conskbd_lq_lock);
394 	mutex_destroy(&conskbd_msgq_lock);
395 	kbtrans_usbkb_maptab_fini(&conskbd_keyindex);
396 
397 	return (0);
398 
399 }	/* _fini() */
400 
401 /*
402  * _info()
403  *
404  * Description:
405  *      Module information, returns information about the driver.
406  *
407  * Arguments:
408  *      modinfo         *modinfop       Pointer to the opaque modinfo structure
409  *
410  * Returns:
411  *      mod_info() status, see mod_info(9f)
412  */
413 int
414 _info(struct modinfo *modinfop)
415 {
416 	return (mod_info(&modlinkage, modinfop));
417 
418 }	/* _info() */
419 
420 
421 /*
422  * conskbd_attach()
423  *
424  * Description:
425  * 	This routine creates two device nodes. One is the "kbd" node, which
426  * is used by user application programs(such as Xserver).The other is the
427  * "conskbd" node, which is an internal node. consconfig_dacf module will
428  * open this internal node, and link the conskbd under the wc (workstaion
429  * console).
430  *
431  * Arguments:
432  *      dev_info_t      *dip    Pointer to the device's dev_info struct
433  *      ddi_attach_cmd_t cmd    Attach command
434  *
435  * Returns:
436  *      DDI_SUCCESS             The driver was initialized properly
437  *      DDI_FAILURE             The driver couldn't be initialized properly
438  */
439 /*ARGSUSED*/
440 static int
441 conskbd_attach(dev_info_t *devi, ddi_attach_cmd_t cmd)
442 {
443 	kstat_t	*ksp;
444 
445 	switch (cmd) {
446 	case DDI_ATTACH:
447 		break;
448 
449 	default:
450 		return (DDI_FAILURE);
451 
452 	}
453 	if ((ddi_create_minor_node(devi, "kbd", S_IFCHR,
454 	    0, DDI_PSEUDO, NULL) == DDI_FAILURE) ||
455 	    (ddi_create_internal_pathname(devi, "conskbd", S_IFCHR,
456 	    1) == DDI_FAILURE)) {
457 		ddi_remove_minor_node(devi, NULL);
458 		return (DDI_FAILURE);
459 	}
460 	conskbd_dip = devi;
461 
462 	ksp = kstat_create("conskbd", 0, "activity", "misc", KSTAT_TYPE_NAMED,
463 	    sizeof (conskbd_kstat) / sizeof (kstat_named_t),
464 	    KSTAT_FLAG_VIRTUAL);
465 	if (ksp) {
466 		ksp->ks_data = (void *) &conskbd_kstat;
467 		ksp->ks_update = conskbd_kstat_update;
468 		kstat_install(ksp);
469 		conskbd_idle_stamp = gethrestime_sec();	/* initial value */
470 	}
471 
472 	conskbd.conskbd_layout = -1;	/* invalid layout */
473 	conskbd.conskbd_led_state = -1;
474 	conskbd.conskbd_bypassed = B_FALSE;
475 
476 	return (DDI_SUCCESS);
477 
478 }	/* conskbd_attach() */
479 
480 /*
481  * conskbd_detach()
482  *
483  * Description:
484  *      Detach an instance of the conskbd driver. In fact, the driver can not
485  * be detached.
486  *
487  * Arguments:
488  *      dev_info_t              *dip    Pointer to the device's dev_info struct
489  *      ddi_detach_cmd_t        cmd     Detach command
490  *
491  * Returns:
492  *      DDI_SUCCESS     The driver was detached
493  *      DDI_FAILURE     The driver couldn't be detached
494  */
495 /*ARGSUSED*/
496 static int
497 conskbd_detach(dev_info_t *devi, ddi_detach_cmd_t cmd)
498 {
499 	return (DDI_FAILURE);
500 
501 }	/* conskbd_detach() */
502 
503 /* ARGSUSED */
504 static int
505 conskbd_info(dev_info_t *dip, ddi_info_cmd_t infocmd, void *arg,
506 	void **result)
507 {
508 	register int error;
509 
510 	switch (infocmd) {
511 	case DDI_INFO_DEVT2DEVINFO:
512 		if (conskbd_dip == NULL) {
513 			error = DDI_FAILURE;
514 		} else {
515 			*result = (void *) conskbd_dip;
516 			error = DDI_SUCCESS;
517 		}
518 		break;
519 	case DDI_INFO_DEVT2INSTANCE:
520 		*result = (void *)0;
521 		error = DDI_SUCCESS;
522 		break;
523 	default:
524 		error = DDI_FAILURE;
525 	}
526 	return (error);
527 
528 }	/* conskbd_info() */
529 
530 /*ARGSUSED*/
531 static int
532 conskbdopen(queue_t *q, dev_t *devp, int flag, int sflag, cred_t *crp)
533 {
534 	dev_t	unit;
535 	int	err;
536 
537 	unit = getminor(*devp);
538 
539 	if (unit == 0) {
540 		/*
541 		 * Opening "/dev/kbd".
542 		 */
543 		conskbd_regqueue = q;
544 		qprocson(q);
545 		return (0);
546 	} else if (unit != 1) {
547 		/* we don't do that under Bozo's Big Tent */
548 		return (ENODEV);
549 	}
550 
551 	/*
552 	 * Opening the device to be linked under the console.
553 	 */
554 	conskbd_consqueue = q;
555 
556 	/*
557 	 * initialize kbtrans module for conskbd
558 	 */
559 	err = kbtrans_streams_init(q, sflag, crp, (struct kbtrans_hardware *)
560 	    &conskbd, &conskbd_callbacks, &conskbd.conskbd_kbtrans, 0, 0);
561 	if (err != 0)
562 		return (err);
563 	kbtrans_streams_set_keyboard(conskbd.conskbd_kbtrans, KB_USB,
564 	    conskbd_keyindex);
565 
566 	conskbd.conskbd_polledio.cons_polledio_version = CONSPOLLEDIO_V1;
567 	conskbd.conskbd_polledio.cons_polledio_argument =
568 	    (struct cons_polledio_arg *)&conskbd;
569 	conskbd.conskbd_polledio.cons_polledio_putchar = NULL;
570 	conskbd.conskbd_polledio.cons_polledio_getchar =
571 	    (int (*)(struct cons_polledio_arg *)) conskbd_polledio_getchar;
572 	conskbd.conskbd_polledio.cons_polledio_ischar =
573 	    (boolean_t (*)(struct cons_polledio_arg *))conskbd_polledio_ischar;
574 	conskbd.conskbd_polledio.cons_polledio_enter = conskbd_polledio_enter;
575 	conskbd.conskbd_polledio.cons_polledio_exit = conskbd_polledio_exit;
576 	qprocson(q);
577 
578 	return (0);
579 
580 }	/* conskbd_open() */
581 
582 
583 /*ARGSUSED*/
584 static int
585 conskbdclose(queue_t *q, int flag, cred_t *crp)
586 {
587 	if (q == conskbd_regqueue) {
588 
589 		/* switch the input stream back to conskbd_consqueue */
590 		conskbd.conskbd_directio = B_FALSE;
591 
592 		kbtrans_streams_untimeout(conskbd.conskbd_kbtrans);
593 		kbtrans_streams_set_queue(conskbd.conskbd_kbtrans,
594 		    conskbd_consqueue);
595 		qprocsoff(q);
596 		conskbd_regqueue = NULL;
597 	} else if (q == conskbd_consqueue) {
598 		/*
599 		 * Well, this is probably a mistake, but we will permit you
600 		 * to close the path to the console if you really insist.
601 		 */
602 		qprocsoff(q);
603 		conskbd_consqueue = NULL;
604 	}
605 
606 	return (0);
607 
608 }	/* conskbd_close() */
609 
610 /*
611  * Service procedure for upper write queue.
612  *	To make sure the order of messages, we don't process any
613  * message in qi_putq() routine of upper write queue, instead the
614  * qi_putq() routine, which is a standard putq() routine, puts all
615  * messages into a queue, and lets the following service procedure
616  * deal with all messages.
617  * 	This routine is invoked when ioctl commands are send down
618  * by a consumer of the keyboard device, eg, when the keyboard
619  * consumer tries to determine the keyboard layout type, or sets
620  * the led states.
621  */
622 static void
623 conskbduwsrv(queue_t *q)
624 {
625 	mblk_t	*mp;
626 	queue_t	*oldq;
627 	enum kbtrans_message_response ret;
628 
629 	while ((mp = getq(q)) != NULL) {
630 
631 		/*
632 		 * if the virtual keyboard is supported
633 		 */
634 		if (conskbd.conskbd_bypassed == B_FALSE) {
635 
636 			if (conskbd_override_kbtrans(q, mp) == B_TRUE)
637 				continue;
638 			/*
639 			 * The conskbd driver is a psaudo driver. It has two
640 			 * devcice nodes, one is used by kernel, and the other
641 			 * is used by end-users. There are two STREAMS queues
642 			 * corresponding to the two device nodes, console queue
643 			 * and regular queue.
644 			 * In conskbd_override_kbtrans() routine, when receives
645 			 * KIOCSDIRECT ioctl, we need change the direction of
646 			 * keyboard input messages, and direct the input stream
647 			 * from keyboard into right queue. It causes this queue
648 			 * to be switched between regular queue and console
649 			 * queue. And here, in this routine, the in-parameter
650 			 * "q" can be any one of the two. Moreover, this module
651 			 * is executed in multithreaded environment, even if the
652 			 * q is switched to regular queue, it is possible that
653 			 * the in-parameter is still the console queue, and we
654 			 * need to return response to right queue.
655 			 * The response is sent to upstream by the kbtrans
656 			 * module. so we need to save the old queue, and wait
657 			 * kbtrans to proces message and to send response out,
658 			 * and then switch back to old queue.
659 			 */
660 			oldq = kbtrans_streams_get_queue(
661 			    conskbd.conskbd_kbtrans);
662 			kbtrans_streams_set_queue(
663 			    conskbd.conskbd_kbtrans, RD(q));
664 			ret = kbtrans_streams_message(
665 			    conskbd.conskbd_kbtrans, mp);
666 			kbtrans_streams_set_queue(
667 			    conskbd.conskbd_kbtrans, oldq);
668 
669 			switch (ret) {
670 				case KBTRANS_MESSAGE_HANDLED:
671 					continue;
672 				case KBTRANS_MESSAGE_NOT_HANDLED:
673 					break;
674 			}
675 		}
676 
677 		switch (mp->b_datap->db_type) {
678 
679 		case M_IOCTL:
680 			conskbdioctl(q, mp);
681 			break;
682 
683 		case M_FLUSH:
684 			if (*mp->b_rptr & FLUSHW) {
685 				flushq(q, FLUSHDATA);
686 			}
687 			/*
688 			 * here, if flush read queue, some key-up messages
689 			 * may be lost so that upper module or applications
690 			 * treat corresponding keys as being held down for
691 			 * ever.
692 			 */
693 			freemsg(mp);
694 			break;
695 
696 		case M_DATA:
697 			/*
698 			 * virtual keyboard doesn't support this interface.
699 			 * only when it is disabled, we pass the message
700 			 * down to lower queue.
701 			 */
702 			if ((conskbd.conskbd_bypassed) &&
703 			    (conskbd.conskbd_lqueue_nums > 0)) {
704 				if (putq(conskbd.conskbd_lqueue_list->
705 				    lqs_queue, mp) != 1)
706 					freemsg(mp);
707 			} else {
708 				freemsg(mp);
709 			}
710 			break;
711 
712 		default:
713 			/*
714 			 * Pass an error message up.
715 			 */
716 			mp->b_datap->db_type = M_ERROR;
717 			if (mp->b_cont) {
718 				freemsg(mp->b_cont);
719 				mp->b_cont = NULL;
720 			}
721 			mp->b_rptr = mp->b_datap->db_base;
722 			mp->b_wptr = mp->b_rptr + sizeof (char);
723 			*mp->b_rptr = EINVAL;
724 			qreply(q, mp);
725 		}
726 	}	/* end of while */
727 
728 }	/* conskbduwsrv() */
729 
730 static void
731 conskbdioctl(queue_t *q, mblk_t *mp)
732 {
733 	conskbd_lower_queue_t		*prev;
734 	conskbd_lower_queue_t		*lqs;
735 	struct	iocblk			*iocp;
736 	struct	linkblk			*linkp;
737 	int	index;
738 	int	error = 0;
739 
740 	iocp = (struct iocblk *)mp->b_rptr;
741 
742 	switch (iocp->ioc_cmd) {
743 
744 	case I_LINK:
745 	case I_PLINK:
746 		if (conskbd.conskbd_bypassed == B_TRUE) {
747 		/*
748 		 * A legacy keyboard can NOT be connected to conskbd together
749 		 * with other keyboards. So when a legacy keyboard is already
750 		 * linked under conkbd, we just reject all others.
751 		 */
752 			miocnak(q, mp, 0, EAGAIN);
753 			break;
754 		}
755 
756 		mutex_enter(&conskbd_lq_lock);
757 		conskbd_ioc_plink(q, mp);
758 		mutex_exit(&conskbd_lq_lock);
759 		break;
760 
761 	case I_UNLINK:
762 	case I_PUNLINK:
763 		mutex_enter(&conskbd_lq_lock);
764 		linkp = (struct linkblk *)mp->b_cont->b_rptr;
765 		prev = conskbd.conskbd_lqueue_list;
766 		for (lqs = prev; lqs; lqs = lqs->lqs_next) {
767 			if (lqs->lqs_queue == linkp->l_qbot) {
768 				if (prev == lqs)
769 					conskbd.conskbd_lqueue_list =
770 					    lqs->lqs_next;
771 				else
772 					prev->lqs_next = lqs->lqs_next;
773 
774 				lqs->lqs_queue->q_ptr =  NULL;
775 				conskbd.conskbd_lqueue_nums --;
776 				if (conskbd.conskbd_lqueue_nums == 0) {
777 					kbd_layout_bak = conskbd.conskbd_layout;
778 					conskbd.conskbd_layout = -1;
779 				}
780 
781 				mutex_exit(&conskbd_lq_lock);
782 
783 				for (index = 0; index < KBTRANS_KEYNUMS_MAX;
784 				    index ++) {
785 					if (lqs->lqs_key_state[index] ==
786 					    KEY_PRESSED)
787 						kbtrans_streams_key(
788 						    conskbd.conskbd_kbtrans,
789 						    index,
790 						    KEY_RELEASED);
791 				}
792 
793 				kmem_free(lqs, sizeof (*lqs));
794 				miocack(q, mp, 0, 0);
795 				return;
796 			}
797 			prev = lqs;
798 		}
799 		mutex_exit(&conskbd_lq_lock);
800 		miocnak(q, mp, 0, EINVAL);
801 		break;
802 
803 	case KIOCSKABORTEN:
804 		/*
805 		 * Check if privileged
806 		 */
807 		if ((error = secpolicy_sys_config(iocp->ioc_cr, B_FALSE))) {
808 			miocnak(q, mp, 0, error);
809 			return;
810 		}
811 
812 		error = miocpullup(mp, sizeof (int));
813 		if (error != 0) {
814 			miocnak(q, mp, 0, error);
815 			return;
816 		}
817 
818 		abort_enable = *(int *)mp->b_cont->b_rptr;
819 		miocack(q, mp, 0, 0);
820 		break;
821 
822 	default:
823 		if (conskbd.conskbd_bypassed == B_TRUE) {
824 			conskbd_legacy_kbd_ioctl(q, mp);
825 		} else {
826 			conskbd_virtual_kbd_ioctl(q, mp);
827 		}
828 	}
829 
830 }	/* conskbdioctl() */
831 
832 
833 static void
834 conskbd_virtual_kbd_ioctl(queue_t *q, mblk_t *mp)
835 {
836 	struct iocblk		*iocp;
837 	mblk_t			*datap;
838 	int			cmd;
839 	int			error = 0;
840 
841 	iocp = (struct iocblk *)mp->b_rptr;
842 
843 	switch (iocp->ioc_cmd) {
844 	case KIOCLAYOUT:
845 		if ((datap = allocb(sizeof (int), BPRI_HI)) == NULL) {
846 			miocnak(q, mp, 0, ENOMEM);
847 			break;
848 		}
849 
850 		if (conskbd.conskbd_layout == -1)
851 			*(int *)datap->b_wptr = KBTRANS_USBKB_DEFAULT_LAYOUT;
852 		else
853 			*(int *)datap->b_wptr = conskbd.conskbd_layout;
854 
855 		datap->b_wptr += sizeof (int);
856 		if (mp->b_cont)
857 			freemsg(mp->b_cont);
858 		mp->b_cont = datap;
859 		miocack(q, mp, sizeof (int), 0);
860 		break;
861 
862 	case KIOCSLAYOUT:
863 		if (iocp->ioc_count != TRANSPARENT) {
864 			miocnak(q, mp, 0, EINVAL);
865 			break;
866 		}
867 		conskbd.conskbd_layout = *(intptr_t *)(mp->b_cont->b_rptr);
868 		miocack(q, mp, 0, 0);
869 		break;
870 
871 	case CONSOPENPOLLEDIO:
872 		error = miocpullup(mp, sizeof (struct cons_polledio *));
873 		if (error != 0) {
874 			miocnak(q, mp, 0, error);
875 			break;
876 		}
877 		if (conskbd.conskbd_lqueue_list == NULL) {
878 			miocnak(q, mp, 0, EINVAL);
879 			break;
880 		}
881 		conskbd_handle_downstream_msg(q, mp);
882 		break;
883 
884 	case CONSCLOSEPOLLEDIO:
885 		if (conskbd.conskbd_lqueue_list == NULL) {
886 			miocnak(q, mp, 0, EINVAL);
887 			break;
888 		}
889 		conskbd_handle_downstream_msg(q, mp);
890 		break;
891 
892 	case CONSSETABORTENABLE:
893 		/*
894 		 * To enable combined STOP-A(or F1-A) to trap into kmdb,
895 		 * the lower physical keyboard drivers are always told not
896 		 * to parse abort sequence(refer to consconfig_dacf module).
897 		 * Instead, lower drivers always send all keydown & keyup
898 		 * messages up to conskbd, so that when key STOP(or F1) is
899 		 * pressed on one keyboard and key A is pressed on another
900 		 * keyboard, the system could trap into kmdb.
901 		 *
902 		 * When we by kbtrans_streams_message() invoked kbtrans to
903 		 * handle ioctls in conskbduwsrv() routine, kbtrans module
904 		 * already handle the message though it returned to us a
905 		 * KBTRANS_MESSAGE_NOT_HANDLED. For virtual keyboard, no
906 		 * special initialization or un-initialization is needed.
907 		 * So we just return ACK to upper module.
908 		 */
909 		miocack(q, mp, 0, 0);
910 		break;
911 
912 	case KIOCCMD:
913 		if (conskbd.conskbd_lqueue_list == NULL ||
914 		    mp->b_cont == NULL) {
915 			miocnak(q, mp, 0, EINVAL);
916 			break;
917 		}
918 		cmd = *(int *)mp->b_cont->b_rptr;
919 		if (cmd == KBD_CMD_GETLAYOUT) {
920 			freemsg(mp->b_cont);
921 			datap = allocb(sizeof (int), BPRI_HI);
922 			if (datap == NULL) {
923 				miocnak(q, mp, 0, ENOMEM);
924 				return;
925 			}
926 			if (conskbd.conskbd_layout == -1)
927 				*(int *)datap->b_wptr =
928 				    KBTRANS_USBKB_DEFAULT_LAYOUT;
929 			else
930 				*(int *)datap->b_wptr = conskbd.conskbd_layout;
931 
932 			mp->b_cont = datap;
933 			miocack(q, mp, sizeof (int), 0);
934 			return;
935 		}
936 
937 		conskbd_handle_downstream_msg(q, mp);
938 		break;
939 
940 	default:
941 		miocnak(q, mp, 0, EINVAL);
942 		break;
943 	}
944 
945 }	/* conskbd_virtual_kbd_ioctl() */
946 
947 static void
948 conskbd_legacy_kbd_ioctl(queue_t *q, mblk_t *mp)
949 {
950 	conskbd_lower_queue_t	*lq;
951 	struct	iocblk		*iocp;
952 	int	error = 0;
953 
954 	iocp = (struct iocblk *)mp->b_rptr;
955 
956 	ASSERT(conskbd.conskbd_lqueue_nums == 1);
957 	switch (iocp->ioc_cmd) {
958 
959 	case KIOCGDIRECT: {
960 		mblk_t *datap;
961 
962 		if ((datap = allocb(sizeof (int), BPRI_MED)) == NULL) {
963 			miocnak(q, mp, 0, ENOMEM);
964 			break;
965 		}
966 
967 		*(int *)datap->b_wptr = conskbd.conskbd_directio;
968 		datap->b_wptr += sizeof (int);
969 		if (mp->b_cont != NULL) {
970 			freemsg(mp->b_cont);
971 			mp->b_cont = NULL;
972 		}
973 		mp->b_cont = datap;
974 		miocack(q, mp, sizeof (int), 0);
975 		break;
976 	}
977 
978 	case KIOCSDIRECT:
979 		error = miocpullup(mp, sizeof (int));
980 		if (error != 0) {
981 			miocnak(q, mp, 0, error);
982 			break;
983 		}
984 		conskbd.conskbd_directio = *(int *)mp->b_cont->b_rptr;
985 
986 		/*
987 		 * Pass this through, if there's something to pass
988 		 * it through to, so the system keyboard can reset
989 		 * itself.
990 		 */
991 		if (conskbd.conskbd_lqueue_nums > 0) {
992 			lq = conskbd.conskbd_lqueue_list;
993 			ASSERT(lq && lq->lqs_next == NULL);
994 			if (putq(lq->lqs_queue, mp) != 1) {
995 				miocnak(q, mp, 0, ENOMEM);
996 				return;
997 			}
998 			break;
999 		}
1000 
1001 		miocack(q, mp, 0, 0);
1002 		break;
1003 
1004 	default:
1005 		/*
1006 		 * Pass this through, if there's something to pass it
1007 		 * through to; otherwise, reject it.
1008 		 */
1009 		if (conskbd.conskbd_lqueue_nums > 0) {
1010 			lq = conskbd.conskbd_lqueue_list;
1011 			ASSERT(lq && lq->lqs_next == NULL);
1012 			if (putq(lq->lqs_queue, mp) != 1) {
1013 				miocnak(q, mp, 0, ENOMEM);
1014 				return;
1015 			}
1016 			break;
1017 		}
1018 
1019 		/* nobody below us; reject it */
1020 		miocnak(q, mp, 0, EINVAL);
1021 		break;
1022 	}
1023 
1024 }	/* conskbd_legacy_kbd_ioctl() */
1025 
1026 
1027 /*
1028  * Service procedure for lower write queue.
1029  * Puts things on the queue below us, if it lets us.
1030  */
1031 static void
1032 conskbdlwserv(queue_t *q)
1033 {
1034 	register mblk_t *mp;
1035 
1036 	while (canput(q->q_next) && (mp = getq(q)) != NULL)
1037 		putnext(q, mp);
1038 
1039 }	/* conskbdlwserv() */
1040 
1041 /*
1042  * Put procedure for lower read queue.
1043  * Pass everything up to minor device 0 if "directio" set, otherwise to minor
1044  * device 1.
1045  */
1046 static void
1047 conskbdlrput(queue_t *q, mblk_t *mp)
1048 {
1049 	conskbd_lower_queue_t	*lqs;
1050 	struct iocblk 	*iocp;
1051 	Firm_event	*fe;
1052 
1053 	DPRINTF(PRINT_L1, PRINT_MASK_ALL, ("conskbdlrput\n"));
1054 
1055 	switch (mp->b_datap->db_type) {
1056 
1057 	case M_FLUSH:
1058 		if (*mp->b_rptr == FLUSHR) {
1059 			flushq(q, FLUSHDATA);	/* XXX doesn't flush M_DELAY */
1060 			*mp->b_rptr &= ~FLUSHR;	/* it has been flushed */
1061 		}
1062 		if (*mp->b_rptr == FLUSHW) {
1063 			flushq(WR(q), FLUSHDATA);
1064 			qreply(q, mp);	/* give the read queues a crack at it */
1065 		} else
1066 			freemsg(mp);
1067 		break;
1068 
1069 	case M_DATA:
1070 		if (conskbd.conskbd_bypassed == B_FALSE) {
1071 
1072 			fe = (Firm_event *)mp->b_rptr;
1073 
1074 			/*
1075 			 * This is a workaround.
1076 			 *
1077 			 * According to HID specification, there are the
1078 			 * following keycode mapping between PS2 and USB,
1079 			 *
1080 			 *	PS2 AT-101 keycode(29)  --->    USB(49)
1081 			 *	PS2 AT-102 keycode(42)  --->    USB(50)
1082 			 *
1083 			 * However, the two keys, AT-101(29) and AT-102(42),
1084 			 * have the same scancode,0x2B, in PS2 scancode SET1
1085 			 * which we are using. The Kb8042 driver always
1086 			 * recognizes the two keys as PS2(29) so that we could
1087 			 * not know which is being pressed or released when we
1088 			 * receive scancode 0x2B. Fortunately, the two keys can
1089 			 * not co-exist in a specific layout. In other words,
1090 			 * in the table of keycode-to-symbol mapping, either
1091 			 * entry 49 or 50 is a hole. So, if we're processing a
1092 			 * keycode 49, we look at the entry for 49.  If it's
1093 			 * HOLE, remap the key to 50; If we're processing a 50,
1094 			 * look at the entry for 50.  If it's HOLE, we remap
1095 			 * the key to 49.
1096 			 */
1097 			if (fe->id == 49 || fe->id == 50) {
1098 				if (conskbd_keyindex->k_normal[50] == HOLE)
1099 					fe->id = 49;
1100 				else
1101 					fe->id = 50;
1102 			}
1103 
1104 			/*
1105 			 * Remember key state of each key of lower physical
1106 			 * keyboard. When a keyboard is umplumbed from conskbd,
1107 			 * we will check all key states. By then,  we will fake
1108 			 * a KEY_RELEASED message for each key in KEY_PRESSED
1109 			 * state. Otherwise, upper module will treat these keys
1110 			 * as held-down for ever.
1111 			 */
1112 			iocp = (struct iocblk *)mp->b_rptr;
1113 			lqs = (conskbd_lower_queue_t *)q->q_ptr;
1114 			if (fe->value)
1115 				lqs->lqs_key_state[fe->id] = KEY_PRESSED;
1116 			else
1117 				lqs->lqs_key_state[fe->id] = KEY_RELEASED;
1118 
1119 			kbtrans_streams_key(conskbd.conskbd_kbtrans,
1120 			    fe->id, fe->value ? KEY_PRESSED : KEY_RELEASED);
1121 			freemsg(mp);
1122 		} else {
1123 			if (conskbd.conskbd_directio)
1124 				putnext(conskbd_regqueue, mp);
1125 			else if (conskbd_consqueue != NULL)
1126 				putnext(conskbd_consqueue, mp);
1127 			else
1128 				freemsg(mp);
1129 		}
1130 		conskbd_idle_stamp = gethrestime_sec();
1131 		break;
1132 
1133 	case M_IOCACK:
1134 	case M_IOCNAK:
1135 		iocp = (struct iocblk *)mp->b_rptr;
1136 		lqs = (conskbd_lower_queue_t *)q->q_ptr;
1137 
1138 		DPRINTF(PRINT_L1, PRINT_MASK_ALL, ("conskbdlrput: "
1139 		    "ACK/NAK - cmd 0x%x\n", iocp->ioc_cmd));
1140 
1141 		conskbd_lqs_ack_complete(lqs, mp);
1142 		break;
1143 
1144 	case M_ERROR:
1145 	case M_HANGUP:
1146 	default:
1147 		freemsg(mp);	/* anything useful here? */
1148 		break;
1149 	}
1150 
1151 }	/* conskbdlrput() */
1152 
1153 
1154 /* ARGSUSED */
1155 static int
1156 conskbd_kstat_update(kstat_t *ksp, int rw)
1157 {
1158 	if (rw == KSTAT_WRITE)
1159 		return (EACCES);
1160 
1161 	conskbd_kstat.idle_sec.value.l = gethrestime_sec() - conskbd_idle_stamp;
1162 
1163 	return (0);
1164 
1165 }	/* conskbd_kstat_update() */
1166 
1167 /*
1168  * STREAMS architecuture provides guarantee that the ID of each
1169  * message, iocblk.ioc_id, in a stream is unique. The following
1170  * routine performes the task: When receive request from upstream,
1171  * it saves the request in a global link list, clones the request,
1172  * and then sends a copy of the request to each of lower queues
1173  * which are plumbed into conskbd. And then, when receives responses
1174  * from lower queues in conskbdlrput() routine, we can know the
1175  * request matching received responses by searching the global linked
1176  * list to find the request which has the same message ID of the
1177  * response. Then, when all lower queues response this request, we
1178  * give a response to upstreams based the following policy:
1179  * If any one of lower queues acks our reuqest, then we return ack
1180  * to upstreams; only if all lower queues nak our request, we return
1181  * nak to upstreams. If all responses are nak, the error number of
1182  * the first response is sent to upstream.
1183  */
1184 static void
1185 conskbd_handle_downstream_msg(queue_t *q, mblk_t *mp)
1186 {
1187 	conskbd_pending_msg_t	*msg;
1188 	conskbd_lower_queue_t	*lqs;
1189 	struct iocblk	*iocp;
1190 	mblk_t		*clonemp;
1191 	int		retry;
1192 
1193 	if (conskbd.conskbd_lqueue_nums == 0) {
1194 		miocnak(q, mp, 0, EINVAL);
1195 		return;
1196 	}
1197 
1198 	msg = (conskbd_pending_msg_t *)
1199 	    kmem_zalloc(sizeof (conskbd_pending_msg_t), KM_SLEEP);
1200 	mutex_init(&msg->kpm_lock, NULL, MUTEX_DRIVER, NULL);
1201 	lqs = conskbd.conskbd_lqueue_list;
1202 	iocp = (struct iocblk *)mp->b_rptr;
1203 
1204 	ASSERT(iocp->ioc_cmd == CONSOPENPOLLEDIO ||
1205 	    iocp->ioc_cmd == CONSCLOSEPOLLEDIO ||
1206 	    iocp->ioc_cmd == KIOCCMD);
1207 
1208 	msg->kpm_upper_queue = q;
1209 	msg->kpm_req_msg = mp;
1210 	msg->kpm_req_id = iocp->ioc_id;
1211 	msg->kpm_req_cmd = iocp->ioc_cmd;
1212 	msg->kpm_req_nums = conskbd.conskbd_lqueue_nums;
1213 	conskbd_mux_enqueue_msg(msg);
1214 
1215 	for (retry = 0, lqs = conskbd.conskbd_lqueue_list; lqs; ) {
1216 
1217 		/*
1218 		 * if a lower physical keyboard is not in polled I/O
1219 		 * mode, we couldn't send CONSCLOSEPOLLEDIO to it,
1220 		 * otherwise, system will panic.
1221 		 */
1222 		if (iocp->ioc_cmd == CONSCLOSEPOLLEDIO &&
1223 		    lqs->lqs_polledio == NULL) {
1224 			lqs = lqs->lqs_next;
1225 			msg->kpm_req_nums --;
1226 			retry = 0;
1227 			continue;
1228 		}
1229 
1230 		clonemp = copymsg(mp);
1231 		if (clonemp != NULL) {
1232 			if (putq(lqs->lqs_queue, clonemp) == 1) {
1233 				lqs = lqs->lqs_next;
1234 				retry = 0;
1235 				continue;
1236 			}
1237 
1238 			/*
1239 			 * failed to invoke putq(), retry.
1240 			 */
1241 			freemsg(clonemp);
1242 		}
1243 
1244 		/*
1245 		 * During testing it was observed that occasionally
1246 		 * copymsg() would fail during boot. The reason for
1247 		 * these failures is unknown. Since we really want
1248 		 * to successfully plumb up all the attached keyboards
1249 		 * during boot we do a best effort here by retrying
1250 		 * the copymsg() call in the hopes that it will
1251 		 * succeeded upon subsequent invocations.
1252 		 *
1253 		 * If all the calls to copymsg() fails, it will cause
1254 		 * the corresponding keyboard to be unavailable, or
1255 		 * or behave weirdly,
1256 		 *
1257 		 * 1) for CONSOPENPOLLEDIO
1258 		 *	if copymsg()fails, the corresponding keyboard
1259 		 *	is not available in polled I/O mode once
1260 		 *	entering kmdb;
1261 		 * 2) for CONSCLOSEPOLLEDIO
1262 		 *	if copymsg() fails, the corresponding keyboard
1263 		 *	is not available in normal mode once returning
1264 		 *	from kmdb;
1265 		 * 3) for KIOCCMD
1266 		 * 	3.1) for KBD_CMD_NOBELL
1267 		 * 		there's no beep in USB and PS2 keyboard,
1268 		 * 		this ioctl actually disables the beep on
1269 		 * 		system mainboard. Note that all the cloned
1270 		 * 		messages sent down to lower queues do the
1271 		 * 		same job for system mainboard. Therefore,
1272 		 * 		even if we fail to send this ioctl to most
1273 		 * 		of lower queues, the beep still would be
1274 		 * 		disabled. So, no trouble exists here.
1275 		 *	3.2) for others
1276 		 *		nothing;
1277 		 *
1278 		 * However, all cases could be resume next time when the
1279 		 * same request comes again.
1280 		 */
1281 		if (retry ++ >= 5) {
1282 			dev_t	devt;
1283 			char	path[MAXPATHLEN + 1];
1284 
1285 			devt = lqs->lqs_queue->q_stream->sd_vnode->v_rdev;
1286 			switch (iocp->ioc_cmd) {
1287 			case CONSOPENPOLLEDIO:
1288 				if (ddi_dev_pathname(devt, S_IFCHR,
1289 				    path) == DDI_SUCCESS)
1290 					cmn_err(CE_WARN, "conskbd: "
1291 					    "keyboard is not available"
1292 					    " for system debugging: %s",
1293 					    path);
1294 				break;
1295 
1296 			case CONSCLOSEPOLLEDIO:
1297 				if (ddi_dev_pathname(devt, S_IFCHR,
1298 				    path) == DDI_SUCCESS)
1299 					cmn_err(CE_WARN, "conskbd: "
1300 					    "keyboard is not available:"
1301 					    " %s", path);
1302 				break;
1303 
1304 			default:
1305 				break;
1306 			}
1307 			msg->kpm_req_nums --;
1308 			lqs = lqs->lqs_next;
1309 			retry = 0;
1310 		}
1311 	}
1312 
1313 	if (msg->kpm_req_nums == 0) {
1314 		conskbd_mux_dequeue_msg(msg);
1315 		kmem_free(msg, sizeof (*msg));
1316 		miocnak(q, mp, 0, ENOMEM);
1317 	}
1318 
1319 }	/* conskbd_handle_downstream_msg() */
1320 
1321 
1322 static void
1323 conskbd_ioc_plink(queue_t *q, mblk_t *mp)
1324 {
1325 	mblk_t		*req;
1326 	queue_t		*lowque;
1327 	struct iocblk		*iocp;
1328 	struct linkblk		*linkp;
1329 	conskbd_lower_queue_t	*lqs;
1330 
1331 	ASSERT(mutex_owned(&conskbd_lq_lock));
1332 
1333 	lqs = kmem_zalloc(sizeof (*lqs), KM_SLEEP);
1334 	ASSERT(lqs->lqs_state == LQS_UNINITIALIZED);
1335 
1336 	iocp = (struct iocblk *)mp->b_rptr;
1337 	linkp = (struct linkblk *)mp->b_cont->b_rptr;
1338 	lowque = linkp->l_qbot;
1339 
1340 	lowque->q_ptr = (void *)lqs;
1341 	OTHERQ(lowque)->q_ptr = (void *)lqs;
1342 
1343 	lqs->lqs_queue = lowque;
1344 	lqs->lqs_pending_plink = mp;
1345 	lqs->lqs_pending_queue = q;
1346 
1347 	req = mkiocb(CONSSETKBDTYPE);
1348 	if (req == NULL) {
1349 		miocnak(q, mp, 0, ENOMEM);
1350 		lowque->q_ptr = NULL;
1351 		kmem_free(lqs, sizeof (*lqs));
1352 		return;
1353 	}
1354 
1355 	req->b_cont = allocb(sizeof (int), BPRI_MED);
1356 	if (req->b_cont == NULL) {
1357 		freemsg(req);
1358 		miocnak(q, mp, 0, ENOMEM);
1359 		lowque->q_ptr = NULL;
1360 		kmem_free(lqs, sizeof (*lqs));
1361 		return;
1362 	}
1363 
1364 	iocp->ioc_count = 0;
1365 	iocp->ioc_rval = 0;
1366 
1367 	*(int *)req->b_cont->b_wptr = KB_USB;
1368 	req->b_cont->b_wptr += sizeof (int);
1369 
1370 	lqs->lqs_state = LQS_KIOCTYPE_ACK_PENDING;
1371 
1372 	if (putq(lowque, req) != 1) {
1373 		freemsg(req);
1374 		miocnak(lqs->lqs_pending_queue,
1375 		    lqs->lqs_pending_plink, 0, ENOMEM);
1376 		lowque->q_ptr = NULL;
1377 		kmem_free(lqs, sizeof (*lqs));
1378 	}
1379 
1380 }	/* conskbd_ioc_plink() */
1381 
1382 
1383 /*
1384  * Every physical keyboard has a corresponding STREAMS queue. We call this
1385  * queue lower queue. Every lower queue has a state, refer to conskbd.h file
1386  * about "enum conskbd_lqs_state".
1387  * The following routine is used to handle response messages from lower queue.
1388  * When receiving ack/nak message from lower queue(s), the routine determines
1389  * the passage for it according to the current state of this lower queue.
1390  */
1391 static void
1392 conskbd_lqs_ack_complete(conskbd_lower_queue_t *lqs, mblk_t *mp)
1393 {
1394 	switch (lqs->lqs_state) {
1395 
1396 	/* S6: working in virtual keyboard mode, multi-keyboards are usable */
1397 	case LQS_INITIALIZED:
1398 		conskbd_mux_upstream_msg(lqs, mp);
1399 		break;
1400 
1401 	/* S5: working in legacy mode, only one keyboard is usable */
1402 	case LQS_INITIALIZED_LEGACY:
1403 		conskbd_legacy_upstream_msg(lqs, mp);
1404 		break;
1405 
1406 	/* S4: wait lower queue to acknowledge KIOCSLED/KIOCGLED  message */
1407 	case LQS_KIOCSLED_ACK_PENDING:
1408 		conskbd_kiocsled_complete(lqs, mp);
1409 		break;
1410 
1411 	/* S3: wait lower queue to acknowledge KIOCLAYOUT  message */
1412 	case LQS_KIOCLAYOUT_ACK_PENDING:
1413 		conskbd_kioclayout_complete(lqs, mp);
1414 		break;
1415 
1416 	/* S2: wait lower queue to acknowledge KIOCTRANS  message */
1417 	case LQS_KIOCTRANS_ACK_PENDING:
1418 		conskbd_kioctrans_complete(lqs, mp);
1419 		break;
1420 
1421 	/* S1: wait lower queue to acknowledge KIOCTYPE  message */
1422 	case LQS_KIOCTYPE_ACK_PENDING:
1423 		conskbd_kioctype_complete(lqs, mp);
1424 		break;
1425 
1426 	/* if reaching here, there must be a error */
1427 	default:
1428 		freemsg(mp);
1429 		cmn_err(CE_WARN, "conskbd: lqs_ack_complete() state error");
1430 		break;
1431 	}
1432 
1433 }	/* conskbd_lqs_ack_complete() */
1434 
1435 
1436 static void
1437 conskbd_kioctype_complete(conskbd_lower_queue_t *lqs, mblk_t *mp)
1438 {
1439 	struct iocblk	*iocp;
1440 	mblk_t		*msg;
1441 	mblk_t		*req;
1442 	queue_t		*lowerque;
1443 
1444 	ASSERT(lqs->lqs_pending_plink);
1445 	ASSERT(lqs->lqs_state == LQS_KIOCTYPE_ACK_PENDING);
1446 
1447 	lowerque = lqs->lqs_queue;
1448 
1449 	switch (mp->b_datap->db_type) {
1450 	case M_IOCACK:
1451 		req = mkiocb(KIOCTRANS);
1452 		if (req == NULL) {
1453 			miocnak(lqs->lqs_pending_queue, lqs->lqs_pending_plink,
1454 			    0, ENOMEM);
1455 			lowerque->q_ptr = NULL;
1456 			kmem_free(lqs, sizeof (*lqs));
1457 			freemsg(mp);
1458 			return;
1459 		}
1460 
1461 		req->b_cont = allocb(sizeof (int), BPRI_MED);
1462 		if (req->b_cont == NULL) {
1463 			miocnak(lqs->lqs_pending_queue, lqs->lqs_pending_plink,
1464 			    0, ENOMEM);
1465 			lowerque->q_ptr = NULL;
1466 			kmem_free(lqs, sizeof (*lqs));
1467 			freemsg(req);
1468 			freemsg(mp);
1469 			return;
1470 		}
1471 
1472 		/* Set the translate mode to TR_UNTRANS_EVENT */
1473 		*(int *)req->b_cont->b_wptr = TR_UNTRANS_EVENT;
1474 		req->b_cont->b_wptr += sizeof (int);
1475 
1476 		/* Ready to handle the response to KIOCTRANS */
1477 		lqs->lqs_state = LQS_KIOCTRANS_ACK_PENDING;
1478 
1479 		if (putq(lowerque, req) != 1) {
1480 			freemsg(req);
1481 			miocnak(lqs->lqs_pending_queue,
1482 			    lqs->lqs_pending_plink, 0, ENOMEM);
1483 			lowerque->q_ptr = NULL;
1484 			kmem_free(lqs, sizeof (*lqs));
1485 		}
1486 		break;
1487 
1488 	case M_IOCNAK:
1489 		/*
1490 		 * The lower keyboard driver can't mimic USB keyboard,
1491 		 * that's say, the physical keyboard is an old one, such
1492 		 * as TYPE 3/4/5 one. In this case, the virtual keyboard
1493 		 * is disabled, and the data from lower keyboard driver
1494 		 * will bypass the conskbd module.
1495 		 */
1496 
1497 		/*
1498 		 * if there is any other keyborad already linked under the
1499 		 * conskbd, we reject the current one.
1500 		 */
1501 		if (conskbd.conskbd_lqueue_nums > 0) {
1502 			iocp = (struct iocblk *)mp->b_rptr;
1503 			miocnak(lqs->lqs_pending_queue, lqs->lqs_pending_plink,
1504 			    0, iocp->ioc_error);
1505 			lowerque->q_ptr = NULL;
1506 			kmem_free(lqs, sizeof (*lqs));
1507 			break;
1508 		}
1509 
1510 		/*
1511 		 * Bypass the virutal keyboard for old hardware
1512 		 */
1513 		conskbd.conskbd_bypassed = B_TRUE;
1514 
1515 		msg = lqs->lqs_pending_plink;
1516 		msg->b_datap->db_type = M_IOCACK;
1517 		iocp = (struct iocblk *)msg->b_rptr;
1518 		iocp->ioc_error = 0;
1519 
1520 		/*
1521 		 * link this keyboard under conskbd
1522 		 */
1523 		mutex_enter(&conskbd_lq_lock);
1524 		lqs->lqs_next = conskbd.conskbd_lqueue_list;
1525 		conskbd.conskbd_lqueue_list = lqs;
1526 		conskbd.conskbd_lqueue_nums++;
1527 		mutex_exit(&conskbd_lq_lock);
1528 
1529 		lqs->lqs_state = LQS_INITIALIZED_LEGACY;
1530 
1531 		qreply(lqs->lqs_pending_queue, lqs->lqs_pending_plink);
1532 		break;
1533 	}
1534 
1535 	freemsg(mp);
1536 
1537 }	/* conskbd_kioctype_complete() */
1538 
1539 static void
1540 conskbd_kioctrans_complete(conskbd_lower_queue_t *lqs, mblk_t *mp)
1541 {
1542 	struct iocblk 	*iocp;
1543 	mblk_t		*req;
1544 	queue_t		*lowerque;
1545 
1546 	ASSERT(lqs->lqs_pending_plink != NULL);
1547 	ASSERT(lqs->lqs_state == LQS_KIOCTRANS_ACK_PENDING);
1548 
1549 	lowerque = lqs->lqs_queue;
1550 
1551 	switch (mp->b_datap->db_type) {
1552 	case M_IOCACK:
1553 		req = mkiocb(KIOCLAYOUT);
1554 		if (req == NULL) {
1555 			miocnak(lqs->lqs_pending_queue, lqs->lqs_pending_plink,
1556 			    0, ENOMEM);
1557 			lowerque->q_ptr = NULL;
1558 			kmem_free(lqs, sizeof (*lqs));
1559 			freemsg(mp);
1560 			return;
1561 		}
1562 
1563 		req->b_cont = allocb(sizeof (int), BPRI_MED);
1564 		if (req->b_cont == NULL) {
1565 			miocnak(lqs->lqs_pending_queue, lqs->lqs_pending_plink,
1566 			    0, ENOMEM);
1567 			kmem_free(lqs, sizeof (*lqs));
1568 			freemsg(req);
1569 			freemsg(mp);
1570 			return;
1571 		}
1572 
1573 		/* waiting for response to KIOCLAYOUT */
1574 		lqs->lqs_state = LQS_KIOCLAYOUT_ACK_PENDING;
1575 		if (putq(lqs->lqs_queue, req) != 1) {
1576 			freemsg(req);
1577 			miocnak(lqs->lqs_pending_queue,
1578 			    lqs->lqs_pending_plink, 0, ENOMEM);
1579 			lowerque->q_ptr = NULL;
1580 			kmem_free(lqs, sizeof (*lqs));
1581 		}
1582 		break;
1583 
1584 	case M_IOCNAK:
1585 		iocp = (struct iocblk *)mp->b_rptr;
1586 		miocnak(lqs->lqs_pending_queue, lqs->lqs_pending_plink,
1587 		    0, iocp->ioc_error);
1588 		lowerque->q_ptr = NULL;
1589 		kmem_free(lqs, sizeof (*lqs));
1590 		break;
1591 	}
1592 
1593 	freemsg(mp);
1594 
1595 }	/* conskbd_kioctrans_complete() */
1596 
1597 /*
1598  * Allocate a firm event
1599  */
1600 static mblk_t *
1601 conskbd_alloc_firm_event(int id, int value)
1602 {
1603 	mblk_t	*mb;
1604 	Firm_event *fe;
1605 
1606 	if ((mb = allocb(sizeof (Firm_event), BPRI_HI)) != NULL) {
1607 		fe = (Firm_event *)mb->b_wptr;
1608 		fe->id = id;
1609 		fe->pair_type = FE_PAIR_NONE;
1610 		fe->pair = NULL;
1611 		fe->value = value;
1612 		mb->b_wptr += sizeof (Firm_event);
1613 	}
1614 
1615 	return (mb);
1616 }
1617 
1618 static void
1619 conskbd_kioclayout_complete(conskbd_lower_queue_t *lqs, mblk_t *mp)
1620 {
1621 	mblk_t		*req;
1622 	int		layout;
1623 	boolean_t	fail;
1624 
1625 	ASSERT(lqs->lqs_pending_plink != NULL);
1626 	ASSERT(lqs->lqs_state == LQS_KIOCLAYOUT_ACK_PENDING);
1627 
1628 	switch (mp->b_datap->db_type) {
1629 	case M_IOCACK:
1630 		if (miocpullup(mp, sizeof (int)) == 0) {
1631 			layout = *(int *)mp->b_cont->b_rptr;
1632 			/*
1633 			 * We just accept the layout of the first keyboard
1634 			 * requesting to be linked under conskbd. If current
1635 			 * keyboard is the first one, and if we get right
1636 			 * layout from it, we set conskbd's layout
1637 			 */
1638 			if (layout != -1 && conskbd.conskbd_layout == -1) {
1639 				if (layout == 0) {
1640 					conskbd.conskbd_layout = kbd_layout_bak;
1641 				} else {
1642 					conskbd.conskbd_layout = layout;
1643 					if (layout == kbd_layout_bak) {
1644 						break;
1645 					}
1646 					if ((req = conskbd_alloc_firm_event(
1647 						KEYBOARD_LAYOUT_CHANGE,
1648 						layout)) != NULL) {
1649 						if (conskbd.conskbd_directio)
1650 							putnext(
1651 							    conskbd_regqueue,
1652 							    req);
1653 						else if (conskbd_consqueue
1654 							    != NULL)
1655 							putnext(
1656 							    conskbd_consqueue,
1657 							    req);
1658 					}
1659 				}
1660 			}
1661 		}
1662 		break;
1663 
1664 
1665 	/* if fail, leave conskbd's layout as it is */
1666 	case M_IOCNAK:
1667 		break;
1668 	}
1669 
1670 	freemsg(mp);
1671 
1672 	fail = B_TRUE;
1673 
1674 	if (conskbd.conskbd_led_state == -1)
1675 		req = mkiocb(KIOCGLED);
1676 	else
1677 		req = mkiocb(KIOCSLED);
1678 
1679 	if (req) {
1680 		req->b_cont = allocb(sizeof (uchar_t), BPRI_MED);
1681 		if (req->b_cont) {
1682 			if (conskbd.conskbd_led_state != -1) {
1683 				*(uchar_t *)req->b_cont->b_wptr =
1684 				    conskbd.conskbd_led_state;
1685 				req->b_cont->b_wptr += sizeof (uchar_t);
1686 			}
1687 
1688 			/* waiting for response to KIOCSLED */
1689 			lqs->lqs_state = LQS_KIOCSLED_ACK_PENDING;
1690 			if (putq(lqs->lqs_queue, req) == 1) {
1691 				fail = B_FALSE;
1692 			} else {
1693 				freemsg(req);
1694 			}
1695 
1696 		} else {
1697 			freemsg(req);
1698 		}
1699 	}
1700 
1701 	if (fail) {
1702 		/*
1703 		 * If fail to allocate KIOCSLED/KIOCGLED message or put
1704 		 * the message into lower queue, we immediately link
1705 		 * current keyboard under conskbd. Thus, even if fails
1706 		 * to set/get LED, this keyboard could be available.
1707 		 */
1708 		conskbd_link_lower_queue(lqs);
1709 	}
1710 
1711 }	/* conskbd_kioclayout_complete() */
1712 
1713 
1714 static void
1715 conskbd_kiocsled_complete(conskbd_lower_queue_t *lqs, mblk_t *mp)
1716 {
1717 	int	led_state;
1718 
1719 	ASSERT(lqs->lqs_pending_plink != NULL);
1720 	ASSERT(lqs->lqs_state == LQS_KIOCSLED_ACK_PENDING);
1721 
1722 	if (conskbd.conskbd_led_state == -1) {
1723 		switch (mp->b_datap->db_type) {
1724 		case M_IOCACK:
1725 			if (miocpullup(mp, sizeof (uchar_t)) == 0) {
1726 				led_state = *(uchar_t *)mp->b_cont->b_rptr;
1727 				conskbd.conskbd_led_state = led_state;
1728 				kbtrans_streams_setled(conskbd.conskbd_kbtrans,
1729 				    led_state);
1730 			}
1731 			break;
1732 
1733 		/* if fail, leave conskbd's led_state as it is */
1734 		case M_IOCNAK:
1735 			break;
1736 		}
1737 	}
1738 
1739 	/*
1740 	 * Basically, failure of setting/getting LED is not a fatal
1741 	 * error, so we will plumb the lower queue into conskbd whether
1742 	 * setting/getting LED succeeds or fails.
1743 	 */
1744 	freemsg(mp);
1745 	conskbd_link_lower_queue(lqs);
1746 
1747 }	/* conskbd_kiocsled_complete() */
1748 
1749 
1750 static void
1751 conskbd_mux_upstream_msg(conskbd_lower_queue_t *lqs, mblk_t *mp)
1752 {
1753 	conskbd_pending_msg_t	*msg;
1754 	struct iocblk		*iocp;
1755 	int			error;
1756 	dev_t			devt;
1757 	char			path[MAXPATHLEN + 1];
1758 
1759 	ASSERT(lqs->lqs_state == LQS_INITIALIZED);
1760 	msg = conskbd_mux_find_msg(mp);
1761 
1762 	if (!msg) {
1763 		/*
1764 		 * Here, we just discard the responses to KIOCSLED request.
1765 		 * Please refer to conskbd_streams_setled().
1766 		 */
1767 		ASSERT(((struct iocblk *)mp->b_rptr)->ioc_cmd == KIOCSLED);
1768 		freemsg(mp);
1769 		return;
1770 	}
1771 
1772 	/*
1773 	 * We use the b_next field of mblk_t structure to link all
1774 	 * response coming from lower queues into a linkage list,
1775 	 * and make use of the b_prev field to save a pointer to
1776 	 * the lower queue from which the current response message
1777 	 * comes.
1778 	 */
1779 	ASSERT(mp->b_next == NULL && mp->b_prev == NULL);
1780 	mutex_enter(&msg->kpm_lock);
1781 	mp->b_next = msg->kpm_resp_list;
1782 	mp->b_prev = (mblk_t *)lqs;
1783 	msg->kpm_resp_list = mp;
1784 	msg->kpm_resp_nums ++;
1785 	mutex_exit(&msg->kpm_lock);
1786 
1787 	if (msg->kpm_resp_nums < msg->kpm_req_nums)
1788 		return;
1789 
1790 	ASSERT(msg->kpm_resp_nums == msg->kpm_req_nums);
1791 	ASSERT(mp == msg->kpm_resp_list);
1792 
1793 	conskbd_mux_dequeue_msg(msg);
1794 
1795 
1796 	/*
1797 	 * Here, we have the policy that, if any one lower queue ACK
1798 	 * our reuqest, then we return ACK to upstreams; only if all
1799 	 * lower queues NAK our request, we return NAK to upstreams.
1800 	 * if all responses are nak, the errno of the  first response
1801 	 * is sent to upstreams
1802 	 */
1803 	ASSERT(mp->b_rptr);
1804 	error = ((struct iocblk *)mp->b_rptr)->ioc_error;
1805 
1806 	switch (msg->kpm_req_cmd) {
1807 	case CONSOPENPOLLEDIO:
1808 		/*
1809 		 * Here, we can safely ignore the NAK message. If any one lower
1810 		 * queue returns NAK, the pointer to the corresponding polledio
1811 		 * structure will remain null, that's say lqs->lqs_polledio =
1812 		 * null. When we need to invoke polled I/O interface, we will
1813 		 * check if the pointer is null.
1814 		 */
1815 		for (mp = msg->kpm_resp_list; mp; ) {
1816 			cons_polledio_t		*polledio;
1817 
1818 			msg->kpm_resp_list = mp->b_next;
1819 			lqs = (conskbd_lower_queue_t *)mp->b_prev;
1820 			devt = lqs->lqs_queue->q_stream->sd_vnode->v_rdev;
1821 			if (mp->b_datap->db_type == M_IOCACK) {
1822 				polledio = *(struct cons_polledio **)
1823 				    mp->b_cont->b_rptr;
1824 				if (polledio->cons_polledio_version ==
1825 				    CONSPOLLEDIO_V1) {
1826 					lqs->lqs_polledio = polledio;
1827 					error = 0;
1828 				} else {
1829 					/*
1830 					 * USB and PS2 keyboard drivers should
1831 					 * use the same cons_polledio structure
1832 					 * as conskbd.
1833 					 */
1834 					if (ddi_dev_pathname(devt, S_IFCHR,
1835 					    path) == DDI_SUCCESS) {
1836 						cmn_err(CE_WARN, "keyboard "
1837 						    "driver does not support "
1838 						    "system debugging: %s",
1839 						    path);
1840 					}
1841 					error = EINVAL;
1842 				}
1843 			} else {
1844 				if (ddi_dev_pathname(devt, S_IFCHR, path) ==
1845 				    DDI_SUCCESS) {
1846 					cmn_err(CE_WARN, "conskbd: keyboard is"
1847 					    " not available for system"
1848 					    " debugging:  %s", path);
1849 				}
1850 			}
1851 			mp->b_next = NULL;
1852 			mp->b_prev = NULL;
1853 			freemsg(mp);
1854 			mp = msg->kpm_resp_list;
1855 		}
1856 
1857 		mp = msg->kpm_req_msg;
1858 		if (error == 0) {
1859 			*(struct cons_polledio **)mp->b_cont->b_rptr =
1860 			    &conskbd.conskbd_polledio;
1861 		}
1862 		break;
1863 
1864 	case CONSCLOSEPOLLEDIO:
1865 		for (mp = msg->kpm_resp_list; mp; ) {
1866 			msg->kpm_resp_list = mp->b_next;
1867 			lqs = (conskbd_lower_queue_t *)mp->b_prev;
1868 			if (mp->b_datap->db_type == M_IOCACK) {
1869 				lqs->lqs_polledio = NULL;
1870 				error = 0;
1871 			} else {
1872 				devt =
1873 				    lqs->lqs_queue->q_stream->sd_vnode->v_rdev;
1874 
1875 				if (ddi_dev_pathname(devt, S_IFCHR, path) ==
1876 				    DDI_SUCCESS) {
1877 					cmn_err(CE_WARN, "conskbd: keyboard is"
1878 					    " not available: %s", path);
1879 				}
1880 			}
1881 
1882 			mp->b_next = NULL;
1883 			mp->b_prev = NULL;
1884 			freemsg(mp);
1885 			mp = msg->kpm_resp_list;
1886 		}
1887 		break;
1888 
1889 	case KIOCCMD:
1890 		for (mp = msg->kpm_resp_list; mp; ) {
1891 			msg->kpm_resp_list = mp->b_next;
1892 
1893 			if (mp->b_datap->db_type == M_IOCACK)
1894 				error = 0;
1895 			mp->b_next = NULL;
1896 			mp->b_prev = NULL;
1897 			freemsg(mp);
1898 			mp = msg->kpm_resp_list;
1899 		}
1900 		break;
1901 
1902 	default:  /* it is impossible to reach here */
1903 		cmn_err(CE_WARN, "conskbd: unexpected ioctl reply");
1904 	}
1905 
1906 	mp = msg->kpm_req_msg;
1907 	if (error == 0) {
1908 		mp->b_datap->db_type = M_IOCACK;
1909 	} else {
1910 		mp->b_datap->db_type = M_IOCNAK;
1911 	}
1912 	iocp = (struct iocblk *)mp->b_rptr;
1913 	iocp->ioc_error = error;
1914 	qreply(msg->kpm_upper_queue, mp);
1915 	mutex_destroy(&msg->kpm_lock);
1916 	kmem_free(msg, sizeof (*msg));
1917 
1918 }	/* conskbd_mux_upstream_msg() */
1919 
1920 
1921 static void
1922 conskbd_link_lower_queue(conskbd_lower_queue_t *lqs)
1923 {
1924 	struct iocblk 	*iocp;
1925 	mblk_t		*msg;
1926 	int		index;
1927 
1928 	ASSERT(lqs->lqs_pending_plink != NULL);
1929 
1930 	msg = lqs->lqs_pending_plink;
1931 	msg->b_datap->db_type = M_IOCACK;
1932 	iocp = (struct iocblk *)msg->b_rptr;
1933 	iocp->ioc_error = 0;
1934 
1935 	/*
1936 	 * Now, link the lower queue under conskbd
1937 	 */
1938 	mutex_enter(&conskbd_lq_lock);
1939 	conskbd.conskbd_lqueue_nums++;
1940 	lqs->lqs_next = conskbd.conskbd_lqueue_list;
1941 	conskbd.conskbd_lqueue_list = lqs;
1942 	for (index = 0; index < KBTRANS_KEYNUMS_MAX; index ++) {
1943 		lqs->lqs_key_state[index] = KEY_RELEASED;
1944 	}
1945 	lqs->lqs_state = LQS_INITIALIZED;
1946 	mutex_exit(&conskbd_lq_lock);
1947 	qreply(lqs->lqs_pending_queue, lqs->lqs_pending_plink);
1948 
1949 }	/* conskbd_kiocsled_complete() */
1950 
1951 
1952 
1953 /*ARGSUSED*/
1954 static void
1955 conskbd_legacy_upstream_msg(conskbd_lower_queue_t *lqs, mblk_t *mp)
1956 {
1957 	struct iocblk	*iocp;
1958 
1959 	ASSERT(lqs && lqs->lqs_state == LQS_INITIALIZED_LEGACY);
1960 
1961 	/*
1962 	 * We assume that all of the ioctls are headed to the
1963 	 * conskbd_regqueue if it is open.  We are intercepting a few ioctls
1964 	 * that we know belong to conskbd_consqueue, and sending them there.
1965 	 * Any other, new ioctls that have to be routed to conskbd_consqueue
1966 	 * should be added to this list.
1967 	 */
1968 	iocp = (struct iocblk *)mp->b_rptr;
1969 
1970 	if ((iocp->ioc_cmd == CONSOPENPOLLEDIO) ||
1971 			(iocp->ioc_cmd == CONSCLOSEPOLLEDIO)) {
1972 
1973 		DPRINTF(PRINT_L1, PRINT_MASK_ALL,
1974 			("conskbd_legacy_upstream_msg: "
1975 			"CONSOPEN/CLOSEPOLLEDIO ACK/NAK\n"));
1976 		putnext(conskbd_consqueue, mp);
1977 
1978 	} else if (conskbd_regqueue != NULL) {
1979 		DPRINTF(PRINT_L1, PRINT_MASK_ALL,
1980 		    ("conskbd_legacy_upstream_msg: conskbd_regqueue != NULL"));
1981 
1982 		putnext(conskbd_regqueue, mp);
1983 
1984 	} else if (conskbd_consqueue != NULL) {
1985 		DPRINTF(PRINT_L1, PRINT_MASK_ALL,
1986 		    ("conskbd_legacy_upstream_msg: conskbd_consqueue != NULL"));
1987 		putnext(conskbd_consqueue, mp);
1988 	} else {
1989 		/* if reached here, it must be a error */
1990 		cmn_err(CE_WARN,
1991 		    "kb:  no destination for IOCACK/IOCNAK!");
1992 		freemsg(mp);
1993 	}
1994 
1995 }	/* conskbd_legacy_upstream_msg() */
1996 
1997 /*
1998  * This routine is a callback routine for kbtrans module to set LED.
1999  * Kbtrans will invoke it in two cases:
2000  *
2001  * 1) application initiated request
2002  * 	A KIOCSLED ioctl is sent by an application. The ioctl will be
2003  * 	be prcoessed by queue service procedure conskbduwsrv(), which
2004  * 	in turn calls kbtrans to process the ioctl. Then kbtrans invokes
2005  * 	conskbd_streams_setled() to set LED, after that,  kbtrans will
2006  * 	return an ACK message to upper module.
2007  *
2008  * 2) Kbtrans initiated the request
2009  *	When conskbd works in TR_ASCII translation mode, if anyone of
2010  *	CapsLock, NumberLock and Compose keys is pressed, kbtrans need
2011  *	to set LED. In this case, there is no ioctl from upper module.
2012  *	There is no requirement to send response to somebody.
2013  *
2014  * In first case, kbtrans will send response to upper module; and in the
2015  * second, we don't need to send response. So conskbd_streams_setled()
2016  * has no return value.
2017  */
2018 static void
2019 conskbd_streams_setled(struct kbtrans_hardware *hw, int led_state)
2020 {
2021 	conskbd_state_t  *conskbdp = (conskbd_state_t *)hw;
2022 	conskbd_lower_queue_t *lqs;
2023 	mblk_t		*req;
2024 
2025 	ASSERT(&conskbd == conskbdp);
2026 
2027 	if (led_state == -1)
2028 		return;
2029 
2030 	conskbdp->conskbd_led_state = led_state;
2031 
2032 	/*
2033 	 * Basically, failing to set LED is not a fatal error, we just skip
2034 	 * it if this happens.
2035 	 */
2036 	for (lqs = conskbdp->conskbd_lqueue_list; lqs; lqs = lqs->lqs_next) {
2037 		req = mkiocb(KIOCSLED);
2038 
2039 		if (!req) {
2040 			continue;
2041 		}
2042 
2043 		req->b_cont = allocb(sizeof (uchar_t), BPRI_MED);
2044 		if (!req->b_cont) {
2045 			freemsg(req);
2046 			continue;
2047 		}
2048 		*(uchar_t *)req->b_cont->b_wptr = led_state;
2049 		req->b_cont->b_wptr += sizeof (uchar_t);
2050 		if (putq(lqs->lqs_queue, req) != 1)
2051 			freemsg(req);
2052 	}
2053 
2054 }	/* conskbd_streams_setled() */
2055 
2056 static void
2057 conskbd_polledio_setled(struct kbtrans_hardware *hw, int led_state)
2058 {
2059 	conskbd_state_t  *conskbdp = (conskbd_state_t *)hw;
2060 	struct cons_polledio		*cb;
2061 	conskbd_lower_queue_t	*lqs;
2062 
2063 	for (lqs = conskbdp->conskbd_lqueue_list; lqs; lqs = lqs->lqs_next) {
2064 		cb = lqs->lqs_polledio;
2065 		if ((cb != NULL) && (cb->cons_polledio_setled != NULL)) {
2066 			cb->cons_polledio_setled(cb->cons_polledio_argument,
2067 			    led_state);
2068 		}
2069 	}
2070 
2071 }	/* conskbd_polledio_setled() */
2072 
2073 static boolean_t
2074 conskbd_polled_keycheck(struct kbtrans_hardware *hw,
2075 		kbtrans_key_t *keycode, enum keystate *state)
2076 {
2077 	conskbd_state_t  *conskbdp = (conskbd_state_t *)hw;
2078 	struct cons_polledio 		*cb;
2079 	conskbd_lower_queue_t	*lqs;
2080 	boolean_t	ret = B_FALSE;
2081 
2082 	for (ret = B_FALSE, lqs = conskbdp->conskbd_lqueue_list; lqs != NULL;
2083 	    lqs = lqs->lqs_next) {
2084 		cb = lqs->lqs_polledio;
2085 		if ((cb != NULL) &&
2086 		    (cb->cons_polledio_keycheck != NULL)) {
2087 			ret = cb->cons_polledio_keycheck(
2088 			    cb->cons_polledio_argument, keycode, state);
2089 		}
2090 
2091 		/* Get a char from lower queue(hardware) ? */
2092 		if (ret == B_TRUE) {
2093 
2094 			/* A legacy keyboard ? */
2095 			if (conskbd.conskbd_bypassed == B_TRUE)
2096 				break;
2097 
2098 			/*
2099 			 * This is the PS2 scancode 0x2B -> USB(49) /
2100 			 * USB(50) keycode mapping workaround, for
2101 			 * polled mode.
2102 			 *
2103 			 * There are two possible USB keycode mappings
2104 			 * for PS2 scancode 0x2B and this workaround
2105 			 * makes sure that we use the USB keycode that
2106 			 * does not end up being mapped to a HOLE key
2107 			 * using the current keyboard translation
2108 			 * tables.
2109 			 *
2110 			 * See conskbdlrput() for a detailed
2111 			 * explanation of the problem.
2112 			 */
2113 			if (*keycode == 49 || *keycode == 50) {
2114 				if (conskbd_keyindex->k_normal[50] == HOLE)
2115 					*keycode = 49;
2116 				else
2117 					*keycode = 50;
2118 			}
2119 
2120 			break;
2121 		}
2122 	}
2123 
2124 	return (ret);
2125 
2126 }	/* conskbd_polled_keycheck() */
2127 
2128 static boolean_t
2129 conskbd_override_kbtrans(queue_t *q, mblk_t *mp)
2130 {
2131 	struct iocblk		*iocp;
2132 	int		directio;
2133 	int		error;
2134 
2135 	if (mp->b_datap->db_type != M_IOCTL)
2136 		return (B_FALSE);
2137 
2138 	iocp = (struct iocblk *)mp->b_rptr;
2139 
2140 	switch (iocp->ioc_cmd) {
2141 	case KIOCGDIRECT: {
2142 		/*
2143 		 * Don't let the kbtrans-based code see this; it will
2144 		 * respond incorrectly.
2145 		 */
2146 		register mblk_t *datap;
2147 
2148 		if ((datap = allocb((int)sizeof (int), BPRI_MED)) == NULL) {
2149 			miocnak(q, mp, 0, ENOMEM);
2150 			return (B_TRUE);
2151 		}
2152 
2153 		*(int *)datap->b_wptr = conskbd.conskbd_directio;
2154 		datap->b_wptr += sizeof (int);
2155 		if (mp->b_cont) {
2156 			freemsg(mp->b_cont);
2157 			mp->b_cont = NULL;
2158 		}
2159 		mp->b_cont = datap;
2160 		miocack(q, mp, sizeof (int), 0);
2161 		return (B_TRUE);
2162 	}
2163 
2164 	case KIOCSDIRECT:
2165 		/*
2166 		 * Peek at this, set our variables, and then let the kbtrans
2167 		 * based code see it and respond to it.
2168 		 */
2169 		error = miocpullup(mp, sizeof (int));
2170 		if (error != 0) {
2171 			return (B_FALSE);
2172 		}
2173 
2174 		directio = *(int *)mp->b_cont->b_rptr;
2175 		if (directio != 0 && directio != 1) {
2176 			miocnak(q, mp, 0, EINVAL);
2177 			return (B_TRUE);
2178 		}
2179 		conskbd.conskbd_directio = directio;
2180 
2181 		if (conskbd.conskbd_directio) {
2182 			kbtrans_streams_set_queue(
2183 			    conskbd.conskbd_kbtrans, conskbd_regqueue);
2184 		} else {
2185 			kbtrans_streams_set_queue(
2186 			    conskbd.conskbd_kbtrans, conskbd_consqueue);
2187 		}
2188 
2189 		/*
2190 		 * Let the kbtrans-based code see this and respond to it.
2191 		 */
2192 		return (B_FALSE);
2193 
2194 	default:
2195 		return (B_FALSE);
2196 	}
2197 
2198 }	/* conskbd_override_kbtrans() */
2199 
2200 
2201 static void
2202 conskbd_polledio_enter(struct cons_polledio_arg *arg)
2203 {
2204 	conskbd_state_t		*conskbdp;
2205 	struct cons_polledio		*cb;
2206 	conskbd_lower_queue_t	*lqs;
2207 
2208 	conskbdp = (conskbd_state_t *)arg;
2209 	for (lqs = conskbdp->conskbd_lqueue_list; lqs; lqs = lqs->lqs_next) {
2210 		cb = lqs->lqs_polledio;
2211 		if ((cb != NULL) && (cb->cons_polledio_enter != NULL)) {
2212 			cb->cons_polledio_enter(cb->cons_polledio_argument);
2213 		}
2214 	}
2215 
2216 }	/* conskbd_polledio_enter() */
2217 
2218 static void
2219 conskbd_polledio_exit(struct cons_polledio_arg *arg)
2220 {
2221 	conskbd_state_t		*conskbdp;
2222 	struct cons_polledio		*cb;
2223 	conskbd_lower_queue_t	*lqs;
2224 
2225 	conskbdp = (conskbd_state_t *)arg;
2226 	for (lqs = conskbdp->conskbd_lqueue_list; lqs; lqs = lqs->lqs_next) {
2227 		cb = lqs->lqs_polledio;
2228 		if ((cb != NULL) && (cb->cons_polledio_exit != NULL)) {
2229 			cb->cons_polledio_exit(cb->cons_polledio_argument);
2230 		}
2231 	}
2232 
2233 }	/* conskbd_polledio_exit() */
2234 
2235 static int
2236 conskbd_polledio_getchar(struct cons_polledio_arg *arg)
2237 {
2238 	conskbd_state_t  *conskbdp;
2239 
2240 	conskbdp = (conskbd_state_t *)arg;
2241 
2242 	return (kbtrans_getchar(conskbdp->conskbd_kbtrans));
2243 
2244 }	/* conskbd_polledio_getchar() */
2245 
2246 static int
2247 conskbd_polledio_ischar(struct cons_polledio_arg *arg)
2248 {
2249 	conskbd_state_t  *conskbdp;
2250 
2251 	conskbdp = (conskbd_state_t *)arg;
2252 
2253 	return (kbtrans_ischar(conskbdp->conskbd_kbtrans));
2254 
2255 }	/* conskbd_polledio_ischar() */
2256 
2257 
2258 static void
2259 conskbd_mux_enqueue_msg(conskbd_pending_msg_t *msg)
2260 {
2261 	mutex_enter(&conskbd_msgq_lock);
2262 	msg->kpm_next = conskbd_msg_queue;
2263 	conskbd_msg_queue = msg;
2264 	mutex_exit(&conskbd_msgq_lock);
2265 
2266 }	/* conskbd_mux_enqueue_msg() */
2267 
2268 /*
2269  * the messages in conskbd_msg_queue we just enqueue
2270  */
2271 static conskbd_pending_msg_t *
2272 conskbd_mux_find_msg(mblk_t *mp)
2273 {
2274 	conskbd_pending_msg_t	*msg;
2275 	struct iocblk		*iocp;
2276 	uint_t	id;
2277 
2278 	mutex_enter(&conskbd_msgq_lock);
2279 	msg = conskbd_msg_queue;
2280 
2281 	iocp = (struct iocblk *)mp->b_rptr;
2282 	ASSERT(iocp);
2283 	id = iocp->ioc_id;
2284 	while (msg && msg->kpm_req_id != id) {
2285 		msg = msg->kpm_next;
2286 	}
2287 	mutex_exit(&conskbd_msgq_lock);
2288 
2289 	return (msg);
2290 
2291 }	/* conskbd_mux_find_msg() */
2292 
2293 
2294 static void
2295 conskbd_mux_dequeue_msg(conskbd_pending_msg_t *msg)
2296 {
2297 	conskbd_pending_msg_t *prev;
2298 	conskbd_pending_msg_t *p;
2299 
2300 	mutex_enter(&conskbd_msgq_lock);
2301 	prev = conskbd_msg_queue;
2302 
2303 	for (p = prev; p != msg; p = p->kpm_next)
2304 		prev = p;
2305 	ASSERT(p && p == msg);
2306 	if (prev == p) {
2307 		conskbd_msg_queue = msg->kpm_next;
2308 	} else {
2309 		prev->kpm_next = p->kpm_next;
2310 	}
2311 	p->kpm_next = NULL;
2312 	mutex_exit(&conskbd_msgq_lock);
2313 
2314 }	/* conskbd_mux_dequeue_msg() */
2315 
2316 #ifdef DEBUG
2317 /*ARGSUSED*/
2318 void
2319 conskbd_dprintf(const char *fmt, ...)
2320 {
2321 	char buf[256];
2322 	va_list ap;
2323 
2324 	va_start(ap, fmt);
2325 	(void) vsprintf(buf, fmt, ap);
2326 	va_end(ap);
2327 
2328 	cmn_err(CE_CONT, "conskbd: %s", buf);
2329 
2330 }	/* conskbd_dprintf() */
2331 #endif
2332