search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
treewide: remove redundant IS_ERR() before error code check
[linux/fpc-iii.git] / drivers / virt / vboxguest / vboxguest_core.c
blobd823d558c0c4315a8aaae146c623a721861f6846
1 /* SPDX-License-Identifier: (GPL-2.0 OR CDDL-1.0) */
2 /*
3 * vboxguest core guest-device handling code, VBoxGuest.cpp in upstream svn.
4 *
5 * Copyright (C) 2007-2016 Oracle Corporation
6 */
7
8 #include <linux/device.h>
9 #include <linux/io.h>
10 #include <linux/mm.h>
11 #include <linux/sched.h>
12 #include <linux/sizes.h>
13 #include <linux/slab.h>
14 #include <linux/vbox_err.h>
15 #include <linux/vbox_utils.h>
16 #include <linux/vmalloc.h>
17 #include "vboxguest_core.h"
18 #include "vboxguest_version.h"
19
20 /* Get the pointer to the first HGCM parameter. */
21 #define VBG_IOCTL_HGCM_CALL_PARMS(a) \
22 ((struct vmmdev_hgcm_function_parameter *)( \
23 (u8 *)(a) + sizeof(struct vbg_ioctl_hgcm_call)))
24 /* Get the pointer to the first HGCM parameter in a 32-bit request. */
25 #define VBG_IOCTL_HGCM_CALL_PARMS32(a) \
26 ((struct vmmdev_hgcm_function_parameter32 *)( \
27 (u8 *)(a) + sizeof(struct vbg_ioctl_hgcm_call)))
28
29 #define GUEST_MAPPINGS_TRIES 5
30
31 #define VBG_KERNEL_REQUEST \
32 (VMMDEV_REQUESTOR_KERNEL | VMMDEV_REQUESTOR_USR_DRV | \
33 VMMDEV_REQUESTOR_CON_DONT_KNOW | VMMDEV_REQUESTOR_TRUST_NOT_GIVEN)
34
35 /**
36 * Reserves memory in which the VMM can relocate any guest mappings
37 * that are floating around.
38 *
39 * This operation is a little bit tricky since the VMM might not accept
40 * just any address because of address clashes between the three contexts
41 * it operates in, so we try several times.
42 *
43 * Failure to reserve the guest mappings is ignored.
44 *
45 * @gdev: The Guest extension device.
46 */
47 static void vbg_guest_mappings_init(struct vbg_dev *gdev)
48 {
49 struct vmmdev_hypervisorinfo *req;
50 void *guest_mappings[GUEST_MAPPINGS_TRIES];
51 struct page **pages = NULL;
52 u32 size, hypervisor_size;
53 int i, rc;
54
55 /* Query the required space. */
56 req = vbg_req_alloc(sizeof(*req), VMMDEVREQ_GET_HYPERVISOR_INFO,
57 VBG_KERNEL_REQUEST);
58 if (!req)
59 return;
60
61 req->hypervisor_start = 0;
62 req->hypervisor_size = 0;
63 rc = vbg_req_perform(gdev, req);
64 if (rc < 0)
65 goto out;
66
67 /*
68 * The VMM will report back if there is nothing it wants to map, like
69 * for instance in VT-x and AMD-V mode.
70 */
71 if (req->hypervisor_size == 0)
72 goto out;
73
74 hypervisor_size = req->hypervisor_size;
75 /* Add 4M so that we can align the vmap to 4MiB as the host requires. */
76 size = PAGE_ALIGN(req->hypervisor_size) + SZ_4M;
77
78 pages = kmalloc_array(size >> PAGE_SHIFT, sizeof(*pages), GFP_KERNEL);
79 if (!pages)
80 goto out;
81
82 gdev->guest_mappings_dummy_page = alloc_page(GFP_HIGHUSER);
83 if (!gdev->guest_mappings_dummy_page)
84 goto out;
85
86 for (i = 0; i < (size >> PAGE_SHIFT); i++)
87 pages[i] = gdev->guest_mappings_dummy_page;
88
89 /*
90 * Try several times, the VMM might not accept some addresses because
91 * of address clashes between the three contexts.
92 */
93 for (i = 0; i < GUEST_MAPPINGS_TRIES; i++) {
94 guest_mappings[i] = vmap(pages, (size >> PAGE_SHIFT),
95 VM_MAP, PAGE_KERNEL_RO);
96 if (!guest_mappings[i])
97 break;
98
99 req->header.request_type = VMMDEVREQ_SET_HYPERVISOR_INFO;
100 req->header.rc = VERR_INTERNAL_ERROR;
101 req->hypervisor_size = hypervisor_size;
102 req->hypervisor_start =
103 (unsigned long)PTR_ALIGN(guest_mappings[i], SZ_4M);
104
105 rc = vbg_req_perform(gdev, req);
106 if (rc >= 0) {
107 gdev->guest_mappings = guest_mappings[i];
108 break;
109 }
110 }
111
112 /* Free vmap's from failed attempts. */
113 while (--i >= 0)
114 vunmap(guest_mappings[i]);
115
116 /* On failure free the dummy-page backing the vmap */
117 if (!gdev->guest_mappings) {
118 __free_page(gdev->guest_mappings_dummy_page);
119 gdev->guest_mappings_dummy_page = NULL;
120 }
121
122 out:
123 vbg_req_free(req, sizeof(*req));
124 kfree(pages);
125 }
126
127 /**
128 * Undo what vbg_guest_mappings_init did.
129 *
130 * @gdev: The Guest extension device.
131 */
132 static void vbg_guest_mappings_exit(struct vbg_dev *gdev)
133 {
134 struct vmmdev_hypervisorinfo *req;
135 int rc;
136
137 if (!gdev->guest_mappings)
138 return;
139
140 /*
141 * Tell the host that we're going to free the memory we reserved for
142 * it, the free it up. (Leak the memory if anything goes wrong here.)
143 */
144 req = vbg_req_alloc(sizeof(*req), VMMDEVREQ_SET_HYPERVISOR_INFO,
145 VBG_KERNEL_REQUEST);
146 if (!req)
147 return;
148
149 req->hypervisor_start = 0;
150 req->hypervisor_size = 0;
151
152 rc = vbg_req_perform(gdev, req);
153
154 vbg_req_free(req, sizeof(*req));
155
156 if (rc < 0) {
157 vbg_err("%s error: %d\n", __func__, rc);
158 return;
159 }
160
161 vunmap(gdev->guest_mappings);
162 gdev->guest_mappings = NULL;
163
164 __free_page(gdev->guest_mappings_dummy_page);
165 gdev->guest_mappings_dummy_page = NULL;
166 }
167
168 /**
169 * Report the guest information to the host.
170 * Return: 0 or negative errno value.
171 * @gdev: The Guest extension device.
172 */
173 static int vbg_report_guest_info(struct vbg_dev *gdev)
174 {
175 /*
176 * Allocate and fill in the two guest info reports.
177 */
178 struct vmmdev_guest_info *req1 = NULL;
179 struct vmmdev_guest_info2 *req2 = NULL;
180 int rc, ret = -ENOMEM;
181
182 req1 = vbg_req_alloc(sizeof(*req1), VMMDEVREQ_REPORT_GUEST_INFO,
183 VBG_KERNEL_REQUEST);
184 req2 = vbg_req_alloc(sizeof(*req2), VMMDEVREQ_REPORT_GUEST_INFO2,
185 VBG_KERNEL_REQUEST);
186 if (!req1 || !req2)
187 goto out_free;
188
189 req1->interface_version = VMMDEV_VERSION;
190 req1->os_type = VMMDEV_OSTYPE_LINUX26;
191 #if __BITS_PER_LONG == 64
192 req1->os_type |= VMMDEV_OSTYPE_X64;
193 #endif
194
195 req2->additions_major = VBG_VERSION_MAJOR;
196 req2->additions_minor = VBG_VERSION_MINOR;
197 req2->additions_build = VBG_VERSION_BUILD;
198 req2->additions_revision = VBG_SVN_REV;
199 req2->additions_features =
200 VMMDEV_GUEST_INFO2_ADDITIONS_FEATURES_REQUESTOR_INFO;
201 strlcpy(req2->name, VBG_VERSION_STRING,
202 sizeof(req2->name));
203
204 /*
205 * There are two protocols here:
206 * 1. INFO2 + INFO1. Supported by >=3.2.51.
207 * 2. INFO1 and optionally INFO2. The old protocol.
208 *
209 * We try protocol 2 first. It will fail with VERR_NOT_SUPPORTED
210 * if not supported by the VMMDev (message ordering requirement).
211 */
212 rc = vbg_req_perform(gdev, req2);
213 if (rc >= 0) {
214 rc = vbg_req_perform(gdev, req1);
215 } else if (rc == VERR_NOT_SUPPORTED || rc == VERR_NOT_IMPLEMENTED) {
216 rc = vbg_req_perform(gdev, req1);
217 if (rc >= 0) {
218 rc = vbg_req_perform(gdev, req2);
219 if (rc == VERR_NOT_IMPLEMENTED)
220 rc = VINF_SUCCESS;
221 }
222 }
223 ret = vbg_status_code_to_errno(rc);
224
225 out_free:
226 vbg_req_free(req2, sizeof(*req2));
227 vbg_req_free(req1, sizeof(*req1));
228 return ret;
229 }
230
231 /**
232 * Report the guest driver status to the host.
233 * Return: 0 or negative errno value.
234 * @gdev: The Guest extension device.
235 * @active: Flag whether the driver is now active or not.
236 */
237 static int vbg_report_driver_status(struct vbg_dev *gdev, bool active)
238 {
239 struct vmmdev_guest_status *req;
240 int rc;
241
242 req = vbg_req_alloc(sizeof(*req), VMMDEVREQ_REPORT_GUEST_STATUS,
243 VBG_KERNEL_REQUEST);
244 if (!req)
245 return -ENOMEM;
246
247 req->facility = VBOXGUEST_FACILITY_TYPE_VBOXGUEST_DRIVER;
248 if (active)
249 req->status = VBOXGUEST_FACILITY_STATUS_ACTIVE;
250 else
251 req->status = VBOXGUEST_FACILITY_STATUS_INACTIVE;
252 req->flags = 0;
253
254 rc = vbg_req_perform(gdev, req);
255 if (rc == VERR_NOT_IMPLEMENTED) /* Compatibility with older hosts. */
256 rc = VINF_SUCCESS;
257
258 vbg_req_free(req, sizeof(*req));
259
260 return vbg_status_code_to_errno(rc);
261 }
262
263 /**
264 * Inflate the balloon by one chunk. The caller owns the balloon mutex.
265 * Return: 0 or negative errno value.
266 * @gdev: The Guest extension device.
267 * @chunk_idx: Index of the chunk.
268 */
269 static int vbg_balloon_inflate(struct vbg_dev *gdev, u32 chunk_idx)
270 {
271 struct vmmdev_memballoon_change *req = gdev->mem_balloon.change_req;
272 struct page **pages;
273 int i, rc, ret;
274
275 pages = kmalloc_array(VMMDEV_MEMORY_BALLOON_CHUNK_PAGES,
276 sizeof(*pages),
277 GFP_KERNEL | __GFP_NOWARN);
278 if (!pages)
279 return -ENOMEM;
280
281 req->header.size = sizeof(*req);
282 req->inflate = true;
283 req->pages = VMMDEV_MEMORY_BALLOON_CHUNK_PAGES;
284
285 for (i = 0; i < VMMDEV_MEMORY_BALLOON_CHUNK_PAGES; i++) {
286 pages[i] = alloc_page(GFP_KERNEL | __GFP_NOWARN);
287 if (!pages[i]) {
288 ret = -ENOMEM;
289 goto out_error;
290 }
291
292 req->phys_page[i] = page_to_phys(pages[i]);
293 }
294
295 rc = vbg_req_perform(gdev, req);
296 if (rc < 0) {
297 vbg_err("%s error, rc: %d\n", __func__, rc);
298 ret = vbg_status_code_to_errno(rc);
299 goto out_error;
300 }
301
302 gdev->mem_balloon.pages[chunk_idx] = pages;
303
304 return 0;
305
306 out_error:
307 while (--i >= 0)
308 __free_page(pages[i]);
309 kfree(pages);
310
311 return ret;
312 }
313
314 /**
315 * Deflate the balloon by one chunk. The caller owns the balloon mutex.
316 * Return: 0 or negative errno value.
317 * @gdev: The Guest extension device.
318 * @chunk_idx: Index of the chunk.
319 */
320 static int vbg_balloon_deflate(struct vbg_dev *gdev, u32 chunk_idx)
321 {
322 struct vmmdev_memballoon_change *req = gdev->mem_balloon.change_req;
323 struct page **pages = gdev->mem_balloon.pages[chunk_idx];
324 int i, rc;
325
326 req->header.size = sizeof(*req);
327 req->inflate = false;
328 req->pages = VMMDEV_MEMORY_BALLOON_CHUNK_PAGES;
329
330 for (i = 0; i < VMMDEV_MEMORY_BALLOON_CHUNK_PAGES; i++)
331 req->phys_page[i] = page_to_phys(pages[i]);
332
333 rc = vbg_req_perform(gdev, req);
334 if (rc < 0) {
335 vbg_err("%s error, rc: %d\n", __func__, rc);
336 return vbg_status_code_to_errno(rc);
337 }
338
339 for (i = 0; i < VMMDEV_MEMORY_BALLOON_CHUNK_PAGES; i++)
340 __free_page(pages[i]);
341 kfree(pages);
342 gdev->mem_balloon.pages[chunk_idx] = NULL;
343
344 return 0;
345 }
346
347 /**
348 * Respond to VMMDEV_EVENT_BALLOON_CHANGE_REQUEST events, query the size
349 * the host wants the balloon to be and adjust accordingly.
350 */
351 static void vbg_balloon_work(struct work_struct *work)
352 {
353 struct vbg_dev *gdev =
354 container_of(work, struct vbg_dev, mem_balloon.work);
355 struct vmmdev_memballoon_info *req = gdev->mem_balloon.get_req;
356 u32 i, chunks;
357 int rc, ret;
358
359 /*
360 * Setting this bit means that we request the value from the host and
361 * change the guest memory balloon according to the returned value.
362 */
363 req->event_ack = VMMDEV_EVENT_BALLOON_CHANGE_REQUEST;
364 rc = vbg_req_perform(gdev, req);
365 if (rc < 0) {
366 vbg_err("%s error, rc: %d)\n", __func__, rc);
367 return;
368 }
369
370 /*
371 * The host always returns the same maximum amount of chunks, so
372 * we do this once.
373 */
374 if (!gdev->mem_balloon.max_chunks) {
375 gdev->mem_balloon.pages =
376 devm_kcalloc(gdev->dev, req->phys_mem_chunks,
377 sizeof(struct page **), GFP_KERNEL);
378 if (!gdev->mem_balloon.pages)
379 return;
380
381 gdev->mem_balloon.max_chunks = req->phys_mem_chunks;
382 }
383
384 chunks = req->balloon_chunks;
385 if (chunks > gdev->mem_balloon.max_chunks) {
386 vbg_err("%s: illegal balloon size %u (max=%u)\n",
387 __func__, chunks, gdev->mem_balloon.max_chunks);
388 return;
389 }
390
391 if (chunks > gdev->mem_balloon.chunks) {
392 /* inflate */
393 for (i = gdev->mem_balloon.chunks; i < chunks; i++) {
394 ret = vbg_balloon_inflate(gdev, i);
395 if (ret < 0)
396 return;
397
398 gdev->mem_balloon.chunks++;
399 }
400 } else {
401 /* deflate */
402 for (i = gdev->mem_balloon.chunks; i-- > chunks;) {
403 ret = vbg_balloon_deflate(gdev, i);
404 if (ret < 0)
405 return;
406
407 gdev->mem_balloon.chunks--;
408 }
409 }
410 }
411
412 /**
413 * Callback for heartbeat timer.
414 */
415 static void vbg_heartbeat_timer(struct timer_list *t)
416 {
417 struct vbg_dev *gdev = from_timer(gdev, t, heartbeat_timer);
418
419 vbg_req_perform(gdev, gdev->guest_heartbeat_req);
420 mod_timer(&gdev->heartbeat_timer,
421 msecs_to_jiffies(gdev->heartbeat_interval_ms));
422 }
423
424 /**
425 * Configure the host to check guest's heartbeat
426 * and get heartbeat interval from the host.
427 * Return: 0 or negative errno value.
428 * @gdev: The Guest extension device.
429 * @enabled: Set true to enable guest heartbeat checks on host.
430 */
431 static int vbg_heartbeat_host_config(struct vbg_dev *gdev, bool enabled)
432 {
433 struct vmmdev_heartbeat *req;
434 int rc;
435
436 req = vbg_req_alloc(sizeof(*req), VMMDEVREQ_HEARTBEAT_CONFIGURE,
437 VBG_KERNEL_REQUEST);
438 if (!req)
439 return -ENOMEM;
440
441 req->enabled = enabled;
442 req->interval_ns = 0;
443 rc = vbg_req_perform(gdev, req);
444 do_div(req->interval_ns, 1000000); /* ns -> ms */
445 gdev->heartbeat_interval_ms = req->interval_ns;
446 vbg_req_free(req, sizeof(*req));
447
448 return vbg_status_code_to_errno(rc);
449 }
450
451 /**
452 * Initializes the heartbeat timer. This feature may be disabled by the host.
453 * Return: 0 or negative errno value.
454 * @gdev: The Guest extension device.
455 */
456 static int vbg_heartbeat_init(struct vbg_dev *gdev)
457 {
458 int ret;
459
460 /* Make sure that heartbeat checking is disabled if we fail. */
461 ret = vbg_heartbeat_host_config(gdev, false);
462 if (ret < 0)
463 return ret;
464
465 ret = vbg_heartbeat_host_config(gdev, true);
466 if (ret < 0)
467 return ret;
468
469 gdev->guest_heartbeat_req = vbg_req_alloc(
470 sizeof(*gdev->guest_heartbeat_req),
471 VMMDEVREQ_GUEST_HEARTBEAT,
472 VBG_KERNEL_REQUEST);
473 if (!gdev->guest_heartbeat_req)
474 return -ENOMEM;
475
476 vbg_info("%s: Setting up heartbeat to trigger every %d milliseconds\n",
477 __func__, gdev->heartbeat_interval_ms);
478 mod_timer(&gdev->heartbeat_timer, 0);
479
480 return 0;
481 }
482
483 /**
484 * Cleanup hearbeat code, stop HB timer and disable host heartbeat checking.
485 * @gdev: The Guest extension device.
486 */
487 static void vbg_heartbeat_exit(struct vbg_dev *gdev)
488 {
489 del_timer_sync(&gdev->heartbeat_timer);
490 vbg_heartbeat_host_config(gdev, false);
491 vbg_req_free(gdev->guest_heartbeat_req,
492 sizeof(*gdev->guest_heartbeat_req));
493 }
494
495 /**
496 * Applies a change to the bit usage tracker.
497 * Return: true if the mask changed, false if not.
498 * @tracker: The bit usage tracker.
499 * @changed: The bits to change.
500 * @previous: The previous value of the bits.
501 */
502 static bool vbg_track_bit_usage(struct vbg_bit_usage_tracker *tracker,
503 u32 changed, u32 previous)
504 {
505 bool global_change = false;
506
507 while (changed) {
508 u32 bit = ffs(changed) - 1;
509 u32 bitmask = BIT(bit);
510
511 if (bitmask & previous) {
512 tracker->per_bit_usage[bit] -= 1;
513 if (tracker->per_bit_usage[bit] == 0) {
514 global_change = true;
515 tracker->mask &= ~bitmask;
516 }
517 } else {
518 tracker->per_bit_usage[bit] += 1;
519 if (tracker->per_bit_usage[bit] == 1) {
520 global_change = true;
521 tracker->mask |= bitmask;
522 }
523 }
524
525 changed &= ~bitmask;
526 }
527
528 return global_change;
529 }
530
531 /**
532 * Init and termination worker for resetting the (host) event filter on the host
533 * Return: 0 or negative errno value.
534 * @gdev: The Guest extension device.
535 * @fixed_events: Fixed events (init time).
536 */
537 static int vbg_reset_host_event_filter(struct vbg_dev *gdev,
538 u32 fixed_events)
539 {
540 struct vmmdev_mask *req;
541 int rc;
542
543 req = vbg_req_alloc(sizeof(*req), VMMDEVREQ_CTL_GUEST_FILTER_MASK,
544 VBG_KERNEL_REQUEST);
545 if (!req)
546 return -ENOMEM;
547
548 req->not_mask = U32_MAX & ~fixed_events;
549 req->or_mask = fixed_events;
550 rc = vbg_req_perform(gdev, req);
551 if (rc < 0)
552 vbg_err("%s error, rc: %d\n", __func__, rc);
553
554 vbg_req_free(req, sizeof(*req));
555 return vbg_status_code_to_errno(rc);
556 }
557
558 /**
559 * Changes the event filter mask for the given session.
560 *
561 * This is called in response to VBG_IOCTL_CHANGE_FILTER_MASK as well as to
562 * do session cleanup. Takes the session spinlock.
563 *
564 * Return: 0 or negative errno value.
565 * @gdev: The Guest extension device.
566 * @session: The session.
567 * @or_mask: The events to add.
568 * @not_mask: The events to remove.
569 * @session_termination: Set if we're called by the session cleanup code.
570 * This tweaks the error handling so we perform
571 * proper session cleanup even if the host
572 * misbehaves.
573 */
574 static int vbg_set_session_event_filter(struct vbg_dev *gdev,
575 struct vbg_session *session,
576 u32 or_mask, u32 not_mask,
577 bool session_termination)
578 {
579 struct vmmdev_mask *req;
580 u32 changed, previous;
581 int rc, ret = 0;
582
583 /*
584 * Allocate a request buffer before taking the spinlock, when
585 * the session is being terminated the requestor is the kernel,
586 * as we're cleaning up.
587 */
588 req = vbg_req_alloc(sizeof(*req), VMMDEVREQ_CTL_GUEST_FILTER_MASK,
589 session_termination ? VBG_KERNEL_REQUEST :
590 session->requestor);
591 if (!req) {
592 if (!session_termination)
593 return -ENOMEM;
594 /* Ignore allocation failure, we must do session cleanup. */
595 }
596
597 mutex_lock(&gdev->session_mutex);
598
599 /* Apply the changes to the session mask. */
600 previous = session->event_filter;
601 session->event_filter |= or_mask;
602 session->event_filter &= ~not_mask;
603
604 /* If anything actually changed, update the global usage counters. */
605 changed = previous ^ session->event_filter;
606 if (!changed)
607 goto out;
608
609 vbg_track_bit_usage(&gdev->event_filter_tracker, changed, previous);
610 or_mask = gdev->fixed_events | gdev->event_filter_tracker.mask;
611
612 if (gdev->event_filter_host == or_mask || !req)
613 goto out;
614
615 gdev->event_filter_host = or_mask;
616 req->or_mask = or_mask;
617 req->not_mask = ~or_mask;
618 rc = vbg_req_perform(gdev, req);
619 if (rc < 0) {
620 ret = vbg_status_code_to_errno(rc);
621
622 /* Failed, roll back (unless it's session termination time). */
623 gdev->event_filter_host = U32_MAX;
624 if (session_termination)
625 goto out;
626
627 vbg_track_bit_usage(&gdev->event_filter_tracker, changed,
628 session->event_filter);
629 session->event_filter = previous;
630 }
631
632 out:
633 mutex_unlock(&gdev->session_mutex);
634 vbg_req_free(req, sizeof(*req));
635
636 return ret;
637 }
638
639 /**
640 * Init and termination worker for set guest capabilities to zero on the host.
641 * Return: 0 or negative errno value.
642 * @gdev: The Guest extension device.
643 */
644 static int vbg_reset_host_capabilities(struct vbg_dev *gdev)
645 {
646 struct vmmdev_mask *req;
647 int rc;
648
649 req = vbg_req_alloc(sizeof(*req), VMMDEVREQ_SET_GUEST_CAPABILITIES,
650 VBG_KERNEL_REQUEST);
651 if (!req)
652 return -ENOMEM;
653
654 req->not_mask = U32_MAX;
655 req->or_mask = 0;
656 rc = vbg_req_perform(gdev, req);
657 if (rc < 0)
658 vbg_err("%s error, rc: %d\n", __func__, rc);
659
660 vbg_req_free(req, sizeof(*req));
661 return vbg_status_code_to_errno(rc);
662 }
663
664 /**
665 * Sets the guest capabilities for a session. Takes the session spinlock.
666 * Return: 0 or negative errno value.
667 * @gdev: The Guest extension device.
668 * @session: The session.
669 * @or_mask: The capabilities to add.
670 * @not_mask: The capabilities to remove.
671 * @session_termination: Set if we're called by the session cleanup code.
672 * This tweaks the error handling so we perform
673 * proper session cleanup even if the host
674 * misbehaves.
675 */
676 static int vbg_set_session_capabilities(struct vbg_dev *gdev,
677 struct vbg_session *session,
678 u32 or_mask, u32 not_mask,
679 bool session_termination)
680 {
681 struct vmmdev_mask *req;
682 u32 changed, previous;
683 int rc, ret = 0;
684
685 /*
686 * Allocate a request buffer before taking the spinlock, when
687 * the session is being terminated the requestor is the kernel,
688 * as we're cleaning up.
689 */
690 req = vbg_req_alloc(sizeof(*req), VMMDEVREQ_SET_GUEST_CAPABILITIES,
691 session_termination ? VBG_KERNEL_REQUEST :
692 session->requestor);
693 if (!req) {
694 if (!session_termination)
695 return -ENOMEM;
696 /* Ignore allocation failure, we must do session cleanup. */
697 }
698
699 mutex_lock(&gdev->session_mutex);
700
701 /* Apply the changes to the session mask. */
702 previous = session->guest_caps;
703 session->guest_caps |= or_mask;
704 session->guest_caps &= ~not_mask;
705
706 /* If anything actually changed, update the global usage counters. */
707 changed = previous ^ session->guest_caps;
708 if (!changed)
709 goto out;
710
711 vbg_track_bit_usage(&gdev->guest_caps_tracker, changed, previous);
712 or_mask = gdev->guest_caps_tracker.mask;
713
714 if (gdev->guest_caps_host == or_mask || !req)
715 goto out;
716
717 gdev->guest_caps_host = or_mask;
718 req->or_mask = or_mask;
719 req->not_mask = ~or_mask;
720 rc = vbg_req_perform(gdev, req);
721 if (rc < 0) {
722 ret = vbg_status_code_to_errno(rc);
723
724 /* Failed, roll back (unless it's session termination time). */
725 gdev->guest_caps_host = U32_MAX;
726 if (session_termination)
727 goto out;
728
729 vbg_track_bit_usage(&gdev->guest_caps_tracker, changed,
730 session->guest_caps);
731 session->guest_caps = previous;
732 }
733
734 out:
735 mutex_unlock(&gdev->session_mutex);
736 vbg_req_free(req, sizeof(*req));
737
738 return ret;
739 }
740
741 /**
742 * vbg_query_host_version get the host feature mask and version information.
743 * Return: 0 or negative errno value.
744 * @gdev: The Guest extension device.
745 */
746 static int vbg_query_host_version(struct vbg_dev *gdev)
747 {
748 struct vmmdev_host_version *req;
749 int rc, ret;
750
751 req = vbg_req_alloc(sizeof(*req), VMMDEVREQ_GET_HOST_VERSION,
752 VBG_KERNEL_REQUEST);
753 if (!req)
754 return -ENOMEM;
755
756 rc = vbg_req_perform(gdev, req);
757 ret = vbg_status_code_to_errno(rc);
758 if (ret) {
759 vbg_err("%s error: %d\n", __func__, rc);
760 goto out;
761 }
762
763 snprintf(gdev->host_version, sizeof(gdev->host_version), "%u.%u.%ur%u",
764 req->major, req->minor, req->build, req->revision);
765 gdev->host_features = req->features;
766
767 vbg_info("vboxguest: host-version: %s %#x\n", gdev->host_version,
768 gdev->host_features);
769
770 if (!(req->features & VMMDEV_HVF_HGCM_PHYS_PAGE_LIST)) {
771 vbg_err("vboxguest: Error host too old (does not support page-lists)\n");
772 ret = -ENODEV;
773 }
774
775 out:
776 vbg_req_free(req, sizeof(*req));
777 return ret;
778 }
779
780 /**
781 * Initializes the VBoxGuest device extension when the
782 * device driver is loaded.
783 *
784 * The native code locates the VMMDev on the PCI bus and retrieve
785 * the MMIO and I/O port ranges, this function will take care of
786 * mapping the MMIO memory (if present). Upon successful return
787 * the native code should set up the interrupt handler.
788 *
789 * Return: 0 or negative errno value.
790 *
791 * @gdev: The Guest extension device.
792 * @fixed_events: Events that will be enabled upon init and no client
793 * will ever be allowed to mask.
794 */
795 int vbg_core_init(struct vbg_dev *gdev, u32 fixed_events)
796 {
797 int ret = -ENOMEM;
798
799 gdev->fixed_events = fixed_events | VMMDEV_EVENT_HGCM;
800 gdev->event_filter_host = U32_MAX; /* forces a report */
801 gdev->guest_caps_host = U32_MAX; /* forces a report */
802
803 init_waitqueue_head(&gdev->event_wq);
804 init_waitqueue_head(&gdev->hgcm_wq);
805 spin_lock_init(&gdev->event_spinlock);
806 mutex_init(&gdev->session_mutex);
807 mutex_init(&gdev->cancel_req_mutex);
808 timer_setup(&gdev->heartbeat_timer, vbg_heartbeat_timer, 0);
809 INIT_WORK(&gdev->mem_balloon.work, vbg_balloon_work);
810
811 gdev->mem_balloon.get_req =
812 vbg_req_alloc(sizeof(*gdev->mem_balloon.get_req),
813 VMMDEVREQ_GET_MEMBALLOON_CHANGE_REQ,
814 VBG_KERNEL_REQUEST);
815 gdev->mem_balloon.change_req =
816 vbg_req_alloc(sizeof(*gdev->mem_balloon.change_req),
817 VMMDEVREQ_CHANGE_MEMBALLOON,
818 VBG_KERNEL_REQUEST);
819 gdev->cancel_req =
820 vbg_req_alloc(sizeof(*(gdev->cancel_req)),
821 VMMDEVREQ_HGCM_CANCEL2,
822 VBG_KERNEL_REQUEST);
823 gdev->ack_events_req =
824 vbg_req_alloc(sizeof(*gdev->ack_events_req),
825 VMMDEVREQ_ACKNOWLEDGE_EVENTS,
826 VBG_KERNEL_REQUEST);
827 gdev->mouse_status_req =
828 vbg_req_alloc(sizeof(*gdev->mouse_status_req),
829 VMMDEVREQ_GET_MOUSE_STATUS,
830 VBG_KERNEL_REQUEST);
831
832 if (!gdev->mem_balloon.get_req || !gdev->mem_balloon.change_req ||
833 !gdev->cancel_req || !gdev->ack_events_req ||
834 !gdev->mouse_status_req)
835 goto err_free_reqs;
836
837 ret = vbg_query_host_version(gdev);
838 if (ret)
839 goto err_free_reqs;
840
841 ret = vbg_report_guest_info(gdev);
842 if (ret) {
843 vbg_err("vboxguest: vbg_report_guest_info error: %d\n", ret);
844 goto err_free_reqs;
845 }
846
847 ret = vbg_reset_host_event_filter(gdev, gdev->fixed_events);
848 if (ret) {
849 vbg_err("vboxguest: Error setting fixed event filter: %d\n",
850 ret);
851 goto err_free_reqs;
852 }
853
854 ret = vbg_reset_host_capabilities(gdev);
855 if (ret) {
856 vbg_err("vboxguest: Error clearing guest capabilities: %d\n",
857 ret);
858 goto err_free_reqs;
859 }
860
861 ret = vbg_core_set_mouse_status(gdev, 0);
862 if (ret) {
863 vbg_err("vboxguest: Error clearing mouse status: %d\n", ret);
864 goto err_free_reqs;
865 }
866
867 /* These may fail without requiring the driver init to fail. */
868 vbg_guest_mappings_init(gdev);
869 vbg_heartbeat_init(gdev);
870
871 /* All Done! */
872 ret = vbg_report_driver_status(gdev, true);
873 if (ret < 0)
874 vbg_err("vboxguest: Error reporting driver status: %d\n", ret);
875
876 return 0;
877
878 err_free_reqs:
879 vbg_req_free(gdev->mouse_status_req,
880 sizeof(*gdev->mouse_status_req));
881 vbg_req_free(gdev->ack_events_req,
882 sizeof(*gdev->ack_events_req));
883 vbg_req_free(gdev->cancel_req,
884 sizeof(*gdev->cancel_req));
885 vbg_req_free(gdev->mem_balloon.change_req,
886 sizeof(*gdev->mem_balloon.change_req));
887 vbg_req_free(gdev->mem_balloon.get_req,
888 sizeof(*gdev->mem_balloon.get_req));
889 return ret;
890 }
891
892 /**
893 * Call this on exit to clean-up vboxguest-core managed resources.
894 *
895 * The native code should call this before the driver is loaded,
896 * but don't call this on shutdown.
897 * @gdev: The Guest extension device.
898 */
899 void vbg_core_exit(struct vbg_dev *gdev)
900 {
901 vbg_heartbeat_exit(gdev);
902 vbg_guest_mappings_exit(gdev);
903
904 /* Clear the host flags (mouse status etc). */
905 vbg_reset_host_event_filter(gdev, 0);
906 vbg_reset_host_capabilities(gdev);
907 vbg_core_set_mouse_status(gdev, 0);
908
909 vbg_req_free(gdev->mouse_status_req,
910 sizeof(*gdev->mouse_status_req));
911 vbg_req_free(gdev->ack_events_req,
912 sizeof(*gdev->ack_events_req));
913 vbg_req_free(gdev->cancel_req,
914 sizeof(*gdev->cancel_req));
915 vbg_req_free(gdev->mem_balloon.change_req,
916 sizeof(*gdev->mem_balloon.change_req));
917 vbg_req_free(gdev->mem_balloon.get_req,
918 sizeof(*gdev->mem_balloon.get_req));
919 }
920
921 /**
922 * Creates a VBoxGuest user session.
923 *
924 * vboxguest_linux.c calls this when userspace opens the char-device.
925 * Return: A pointer to the new session or an ERR_PTR on error.
926 * @gdev: The Guest extension device.
927 * @requestor: VMMDEV_REQUESTOR_* flags
928 */
929 struct vbg_session *vbg_core_open_session(struct vbg_dev *gdev, u32 requestor)
930 {
931 struct vbg_session *session;
932
933 session = kzalloc(sizeof(*session), GFP_KERNEL);
934 if (!session)
935 return ERR_PTR(-ENOMEM);
936
937 session->gdev = gdev;
938 session->requestor = requestor;
939
940 return session;
941 }
942
943 /**
944 * Closes a VBoxGuest session.
945 * @session: The session to close (and free).
946 */
947 void vbg_core_close_session(struct vbg_session *session)
948 {
949 struct vbg_dev *gdev = session->gdev;
950 int i, rc;
951
952 vbg_set_session_capabilities(gdev, session, 0, U32_MAX, true);
953 vbg_set_session_event_filter(gdev, session, 0, U32_MAX, true);
954
955 for (i = 0; i < ARRAY_SIZE(session->hgcm_client_ids); i++) {
956 if (!session->hgcm_client_ids[i])
957 continue;
958
959 /* requestor is kernel here, as we're cleaning up. */
960 vbg_hgcm_disconnect(gdev, VBG_KERNEL_REQUEST,
961 session->hgcm_client_ids[i], &rc);
962 }
963
964 kfree(session);
965 }
966
967 static int vbg_ioctl_chk(struct vbg_ioctl_hdr *hdr, size_t in_size,
968 size_t out_size)
969 {
970 if (hdr->size_in != (sizeof(*hdr) + in_size) ||
971 hdr->size_out != (sizeof(*hdr) + out_size))
972 return -EINVAL;
973
974 return 0;
975 }
976
977 static int vbg_ioctl_driver_version_info(
978 struct vbg_ioctl_driver_version_info *info)
979 {
980 const u16 vbg_maj_version = VBG_IOC_VERSION >> 16;
981 u16 min_maj_version, req_maj_version;
982
983 if (vbg_ioctl_chk(&info->hdr, sizeof(info->u.in), sizeof(info->u.out)))
984 return -EINVAL;
985
986 req_maj_version = info->u.in.req_version >> 16;
987 min_maj_version = info->u.in.min_version >> 16;
988
989 if (info->u.in.min_version > info->u.in.req_version ||
990 min_maj_version != req_maj_version)
991 return -EINVAL;
992
993 if (info->u.in.min_version <= VBG_IOC_VERSION &&
994 min_maj_version == vbg_maj_version) {
995 info->u.out.session_version = VBG_IOC_VERSION;
996 } else {
997 info->u.out.session_version = U32_MAX;
998 info->hdr.rc = VERR_VERSION_MISMATCH;
999 }
1000
1001 info->u.out.driver_version = VBG_IOC_VERSION;
1002 info->u.out.driver_revision = 0;
1003 info->u.out.reserved1 = 0;
1004 info->u.out.reserved2 = 0;
1005
1006 return 0;
1007 }
1008
1009 static bool vbg_wait_event_cond(struct vbg_dev *gdev,
1010 struct vbg_session *session,
1011 u32 event_mask)
1012 {
1013 unsigned long flags;
1014 bool wakeup;
1015 u32 events;
1016
1017 spin_lock_irqsave(&gdev->event_spinlock, flags);
1018
1019 events = gdev->pending_events & event_mask;
1020 wakeup = events || session->cancel_waiters;
1021
1022 spin_unlock_irqrestore(&gdev->event_spinlock, flags);
1023
1024 return wakeup;
1025 }
1026
1027 /* Must be called with the event_lock held */
1028 static u32 vbg_consume_events_locked(struct vbg_dev *gdev,
1029 struct vbg_session *session,
1030 u32 event_mask)
1031 {
1032 u32 events = gdev->pending_events & event_mask;
1033
1034 gdev->pending_events &= ~events;
1035 return events;
1036 }
1037
1038 static int vbg_ioctl_wait_for_events(struct vbg_dev *gdev,
1039 struct vbg_session *session,
1040 struct vbg_ioctl_wait_for_events *wait)
1041 {
1042 u32 timeout_ms = wait->u.in.timeout_ms;
1043 u32 event_mask = wait->u.in.events;
1044 unsigned long flags;
1045 long timeout;
1046 int ret = 0;
1047
1048 if (vbg_ioctl_chk(&wait->hdr, sizeof(wait->u.in), sizeof(wait->u.out)))
1049 return -EINVAL;
1050
1051 if (timeout_ms == U32_MAX)
1052 timeout = MAX_SCHEDULE_TIMEOUT;
1053 else
1054 timeout = msecs_to_jiffies(timeout_ms);
1055
1056 wait->u.out.events = 0;
1057 do {
1058 timeout = wait_event_interruptible_timeout(
1059 gdev->event_wq,
1060 vbg_wait_event_cond(gdev, session, event_mask),
1061 timeout);
1062
1063 spin_lock_irqsave(&gdev->event_spinlock, flags);
1064
1065 if (timeout < 0 || session->cancel_waiters) {
1066 ret = -EINTR;
1067 } else if (timeout == 0) {
1068 ret = -ETIMEDOUT;
1069 } else {
1070 wait->u.out.events =
1071 vbg_consume_events_locked(gdev, session, event_mask);
1072 }
1073
1074 spin_unlock_irqrestore(&gdev->event_spinlock, flags);
1075
1076 /*
1077 * Someone else may have consumed the event(s) first, in
1078 * which case we go back to waiting.
1079 */
1080 } while (ret == 0 && wait->u.out.events == 0);
1081
1082 return ret;
1083 }
1084
1085 static int vbg_ioctl_interrupt_all_wait_events(struct vbg_dev *gdev,
1086 struct vbg_session *session,
1087 struct vbg_ioctl_hdr *hdr)
1088 {
1089 unsigned long flags;
1090
1091 if (hdr->size_in != sizeof(*hdr) || hdr->size_out != sizeof(*hdr))
1092 return -EINVAL;
1093
1094 spin_lock_irqsave(&gdev->event_spinlock, flags);
1095 session->cancel_waiters = true;
1096 spin_unlock_irqrestore(&gdev->event_spinlock, flags);
1097
1098 wake_up(&gdev->event_wq);
1099
1100 return 0;
1101 }
1102
1103 /**
1104 * Checks if the VMM request is allowed in the context of the given session.
1105 * Return: 0 or negative errno value.
1106 * @gdev: The Guest extension device.
1107 * @session: The calling session.
1108 * @req: The request.
1109 */
1110 static int vbg_req_allowed(struct vbg_dev *gdev, struct vbg_session *session,
1111 const struct vmmdev_request_header *req)
1112 {
1113 const struct vmmdev_guest_status *guest_status;
1114 bool trusted_apps_only;
1115
1116 switch (req->request_type) {
1117 /* Trusted users apps only. */
1118 case VMMDEVREQ_QUERY_CREDENTIALS:
1119 case VMMDEVREQ_REPORT_CREDENTIALS_JUDGEMENT:
1120 case VMMDEVREQ_REGISTER_SHARED_MODULE:
1121 case VMMDEVREQ_UNREGISTER_SHARED_MODULE:
1122 case VMMDEVREQ_WRITE_COREDUMP:
1123 case VMMDEVREQ_GET_CPU_HOTPLUG_REQ:
1124 case VMMDEVREQ_SET_CPU_HOTPLUG_STATUS:
1125 case VMMDEVREQ_CHECK_SHARED_MODULES:
1126 case VMMDEVREQ_GET_PAGE_SHARING_STATUS:
1127 case VMMDEVREQ_DEBUG_IS_PAGE_SHARED:
1128 case VMMDEVREQ_REPORT_GUEST_STATS:
1129 case VMMDEVREQ_REPORT_GUEST_USER_STATE:
1130 case VMMDEVREQ_GET_STATISTICS_CHANGE_REQ:
1131 trusted_apps_only = true;
1132 break;
1133
1134 /* Anyone. */
1135 case VMMDEVREQ_GET_MOUSE_STATUS:
1136 case VMMDEVREQ_SET_MOUSE_STATUS:
1137 case VMMDEVREQ_SET_POINTER_SHAPE:
1138 case VMMDEVREQ_GET_HOST_VERSION:
1139 case VMMDEVREQ_IDLE:
1140 case VMMDEVREQ_GET_HOST_TIME:
1141 case VMMDEVREQ_SET_POWER_STATUS:
1142 case VMMDEVREQ_ACKNOWLEDGE_EVENTS:
1143 case VMMDEVREQ_CTL_GUEST_FILTER_MASK:
1144 case VMMDEVREQ_REPORT_GUEST_STATUS:
1145 case VMMDEVREQ_GET_DISPLAY_CHANGE_REQ:
1146 case VMMDEVREQ_VIDEMODE_SUPPORTED:
1147 case VMMDEVREQ_GET_HEIGHT_REDUCTION:
1148 case VMMDEVREQ_GET_DISPLAY_CHANGE_REQ2:
1149 case VMMDEVREQ_VIDEMODE_SUPPORTED2:
1150 case VMMDEVREQ_VIDEO_ACCEL_ENABLE:
1151 case VMMDEVREQ_VIDEO_ACCEL_FLUSH:
1152 case VMMDEVREQ_VIDEO_SET_VISIBLE_REGION:
1153 case VMMDEVREQ_GET_DISPLAY_CHANGE_REQEX:
1154 case VMMDEVREQ_GET_SEAMLESS_CHANGE_REQ:
1155 case VMMDEVREQ_GET_VRDPCHANGE_REQ:
1156 case VMMDEVREQ_LOG_STRING:
1157 case VMMDEVREQ_GET_SESSION_ID:
1158 trusted_apps_only = false;
1159 break;
1160
1161 /* Depends on the request parameters... */
1162 case VMMDEVREQ_REPORT_GUEST_CAPABILITIES:
1163 guest_status = (const struct vmmdev_guest_status *)req;
1164 switch (guest_status->facility) {
1165 case VBOXGUEST_FACILITY_TYPE_ALL:
1166 case VBOXGUEST_FACILITY_TYPE_VBOXGUEST_DRIVER:
1167 vbg_err("Denying userspace vmm report guest cap. call facility %#08x\n",
1168 guest_status->facility);
1169 return -EPERM;
1170 case VBOXGUEST_FACILITY_TYPE_VBOX_SERVICE:
1171 trusted_apps_only = true;
1172 break;
1173 case VBOXGUEST_FACILITY_TYPE_VBOX_TRAY_CLIENT:
1174 case VBOXGUEST_FACILITY_TYPE_SEAMLESS:
1175 case VBOXGUEST_FACILITY_TYPE_GRAPHICS:
1176 default:
1177 trusted_apps_only = false;
1178 break;
1179 }
1180 break;
1181
1182 /* Anything else is not allowed. */
1183 default:
1184 vbg_err("Denying userspace vmm call type %#08x\n",
1185 req->request_type);
1186 return -EPERM;
1187 }
1188
1189 if (trusted_apps_only &&
1190 (session->requestor & VMMDEV_REQUESTOR_USER_DEVICE)) {
1191 vbg_err("Denying userspace vmm call type %#08x through vboxuser device node\n",
1192 req->request_type);
1193 return -EPERM;
1194 }
1195
1196 return 0;
1197 }
1198
1199 static int vbg_ioctl_vmmrequest(struct vbg_dev *gdev,
1200 struct vbg_session *session, void *data)
1201 {
1202 struct vbg_ioctl_hdr *hdr = data;
1203 int ret;
1204
1205 if (hdr->size_in != hdr->size_out)
1206 return -EINVAL;
1207
1208 if (hdr->size_in > VMMDEV_MAX_VMMDEVREQ_SIZE)
1209 return -E2BIG;
1210
1211 if (hdr->type == VBG_IOCTL_HDR_TYPE_DEFAULT)
1212 return -EINVAL;
1213
1214 ret = vbg_req_allowed(gdev, session, data);
1215 if (ret < 0)
1216 return ret;
1217
1218 vbg_req_perform(gdev, data);
1219 WARN_ON(hdr->rc == VINF_HGCM_ASYNC_EXECUTE);
1220
1221 return 0;
1222 }
1223
1224 static int vbg_ioctl_hgcm_connect(struct vbg_dev *gdev,
1225 struct vbg_session *session,
1226 struct vbg_ioctl_hgcm_connect *conn)
1227 {
1228 u32 client_id;
1229 int i, ret;
1230
1231 if (vbg_ioctl_chk(&conn->hdr, sizeof(conn->u.in), sizeof(conn->u.out)))
1232 return -EINVAL;
1233
1234 /* Find a free place in the sessions clients array and claim it */
1235 mutex_lock(&gdev->session_mutex);
1236 for (i = 0; i < ARRAY_SIZE(session->hgcm_client_ids); i++) {
1237 if (!session->hgcm_client_ids[i]) {
1238 session->hgcm_client_ids[i] = U32_MAX;
1239 break;
1240 }
1241 }
1242 mutex_unlock(&gdev->session_mutex);
1243
1244 if (i >= ARRAY_SIZE(session->hgcm_client_ids))
1245 return -EMFILE;
1246
1247 ret = vbg_hgcm_connect(gdev, session->requestor, &conn->u.in.loc,
1248 &client_id, &conn->hdr.rc);
1249
1250 mutex_lock(&gdev->session_mutex);
1251 if (ret == 0 && conn->hdr.rc >= 0) {
1252 conn->u.out.client_id = client_id;
1253 session->hgcm_client_ids[i] = client_id;
1254 } else {
1255 conn->u.out.client_id = 0;
1256 session->hgcm_client_ids[i] = 0;
1257 }
1258 mutex_unlock(&gdev->session_mutex);
1259
1260 return ret;
1261 }
1262
1263 static int vbg_ioctl_hgcm_disconnect(struct vbg_dev *gdev,
1264 struct vbg_session *session,
1265 struct vbg_ioctl_hgcm_disconnect *disconn)
1266 {
1267 u32 client_id;
1268 int i, ret;
1269
1270 if (vbg_ioctl_chk(&disconn->hdr, sizeof(disconn->u.in), 0))
1271 return -EINVAL;
1272
1273 client_id = disconn->u.in.client_id;
1274 if (client_id == 0 || client_id == U32_MAX)
1275 return -EINVAL;
1276
1277 mutex_lock(&gdev->session_mutex);
1278 for (i = 0; i < ARRAY_SIZE(session->hgcm_client_ids); i++) {
1279 if (session->hgcm_client_ids[i] == client_id) {
1280 session->hgcm_client_ids[i] = U32_MAX;
1281 break;
1282 }
1283 }
1284 mutex_unlock(&gdev->session_mutex);
1285
1286 if (i >= ARRAY_SIZE(session->hgcm_client_ids))
1287 return -EINVAL;
1288
1289 ret = vbg_hgcm_disconnect(gdev, session->requestor, client_id,
1290 &disconn->hdr.rc);
1291
1292 mutex_lock(&gdev->session_mutex);
1293 if (ret == 0 && disconn->hdr.rc >= 0)
1294 session->hgcm_client_ids[i] = 0;
1295 else
1296 session->hgcm_client_ids[i] = client_id;
1297 mutex_unlock(&gdev->session_mutex);
1298
1299 return ret;
1300 }
1301
1302 static bool vbg_param_valid(enum vmmdev_hgcm_function_parameter_type type)
1303 {
1304 switch (type) {
1305 case VMMDEV_HGCM_PARM_TYPE_32BIT:
1306 case VMMDEV_HGCM_PARM_TYPE_64BIT:
1307 case VMMDEV_HGCM_PARM_TYPE_LINADDR:
1308 case VMMDEV_HGCM_PARM_TYPE_LINADDR_IN:
1309 case VMMDEV_HGCM_PARM_TYPE_LINADDR_OUT:
1310 return true;
1311 default:
1312 return false;
1313 }
1314 }
1315
1316 static int vbg_ioctl_hgcm_call(struct vbg_dev *gdev,
1317 struct vbg_session *session, bool f32bit,
1318 struct vbg_ioctl_hgcm_call *call)
1319 {
1320 size_t actual_size;
1321 u32 client_id;
1322 int i, ret;
1323
1324 if (call->hdr.size_in < sizeof(*call))
1325 return -EINVAL;
1326
1327 if (call->hdr.size_in != call->hdr.size_out)
1328 return -EINVAL;
1329
1330 if (call->parm_count > VMMDEV_HGCM_MAX_PARMS)
1331 return -E2BIG;
1332
1333 client_id = call->client_id;
1334 if (client_id == 0 || client_id == U32_MAX)
1335 return -EINVAL;
1336
1337 actual_size = sizeof(*call);
1338 if (f32bit)
1339 actual_size += call->parm_count *
1340 sizeof(struct vmmdev_hgcm_function_parameter32);
1341 else
1342 actual_size += call->parm_count *
1343 sizeof(struct vmmdev_hgcm_function_parameter);
1344 if (call->hdr.size_in < actual_size) {
1345 vbg_debug("VBG_IOCTL_HGCM_CALL: hdr.size_in %d required size is %zd\n",
1346 call->hdr.size_in, actual_size);
1347 return -EINVAL;
1348 }
1349 call->hdr.size_out = actual_size;
1350
1351 /* Validate parameter types */
1352 if (f32bit) {
1353 struct vmmdev_hgcm_function_parameter32 *parm =
1354 VBG_IOCTL_HGCM_CALL_PARMS32(call);
1355
1356 for (i = 0; i < call->parm_count; i++)
1357 if (!vbg_param_valid(parm[i].type))
1358 return -EINVAL;
1359 } else {
1360 struct vmmdev_hgcm_function_parameter *parm =
1361 VBG_IOCTL_HGCM_CALL_PARMS(call);
1362
1363 for (i = 0; i < call->parm_count; i++)
1364 if (!vbg_param_valid(parm[i].type))
1365 return -EINVAL;
1366 }
1367
1368 /*
1369 * Validate the client id.
1370 */
1371 mutex_lock(&gdev->session_mutex);
1372 for (i = 0; i < ARRAY_SIZE(session->hgcm_client_ids); i++)
1373 if (session->hgcm_client_ids[i] == client_id)
1374 break;
1375 mutex_unlock(&gdev->session_mutex);
1376 if (i >= ARRAY_SIZE(session->hgcm_client_ids)) {
1377 vbg_debug("VBG_IOCTL_HGCM_CALL: INVALID handle. u32Client=%#08x\n",
1378 client_id);
1379 return -EINVAL;
1380 }
1381
1382 if (IS_ENABLED(CONFIG_COMPAT) && f32bit)
1383 ret = vbg_hgcm_call32(gdev, session->requestor, client_id,
1384 call->function, call->timeout_ms,
1385 VBG_IOCTL_HGCM_CALL_PARMS32(call),
1386 call->parm_count, &call->hdr.rc);
1387 else
1388 ret = vbg_hgcm_call(gdev, session->requestor, client_id,
1389 call->function, call->timeout_ms,
1390 VBG_IOCTL_HGCM_CALL_PARMS(call),
1391 call->parm_count, &call->hdr.rc);
1392
1393 if (ret == -E2BIG) {
1394 /* E2BIG needs to be reported through the hdr.rc field. */
1395 call->hdr.rc = VERR_OUT_OF_RANGE;
1396 ret = 0;
1397 }
1398
1399 if (ret && ret != -EINTR && ret != -ETIMEDOUT)
1400 vbg_err("VBG_IOCTL_HGCM_CALL error: %d\n", ret);
1401
1402 return ret;
1403 }
1404
1405 static int vbg_ioctl_log(struct vbg_ioctl_log *log)
1406 {
1407 if (log->hdr.size_out != sizeof(log->hdr))
1408 return -EINVAL;
1409
1410 vbg_info("%.*s", (int)(log->hdr.size_in - sizeof(log->hdr)),
1411 log->u.in.msg);
1412
1413 return 0;
1414 }
1415
1416 static int vbg_ioctl_change_filter_mask(struct vbg_dev *gdev,
1417 struct vbg_session *session,
1418 struct vbg_ioctl_change_filter *filter)
1419 {
1420 u32 or_mask, not_mask;
1421
1422 if (vbg_ioctl_chk(&filter->hdr, sizeof(filter->u.in), 0))
1423 return -EINVAL;
1424
1425 or_mask = filter->u.in.or_mask;
1426 not_mask = filter->u.in.not_mask;
1427
1428 if ((or_mask | not_mask) & ~VMMDEV_EVENT_VALID_EVENT_MASK)
1429 return -EINVAL;
1430
1431 return vbg_set_session_event_filter(gdev, session, or_mask, not_mask,
1432 false);
1433 }
1434
1435 static int vbg_ioctl_change_guest_capabilities(struct vbg_dev *gdev,
1436 struct vbg_session *session, struct vbg_ioctl_set_guest_caps *caps)
1437 {
1438 u32 or_mask, not_mask;
1439 int ret;
1440
1441 if (vbg_ioctl_chk(&caps->hdr, sizeof(caps->u.in), sizeof(caps->u.out)))
1442 return -EINVAL;
1443
1444 or_mask = caps->u.in.or_mask;
1445 not_mask = caps->u.in.not_mask;
1446
1447 if ((or_mask | not_mask) & ~VMMDEV_EVENT_VALID_EVENT_MASK)
1448 return -EINVAL;
1449
1450 ret = vbg_set_session_capabilities(gdev, session, or_mask, not_mask,
1451 false);
1452 if (ret)
1453 return ret;
1454
1455 caps->u.out.session_caps = session->guest_caps;
1456 caps->u.out.global_caps = gdev->guest_caps_host;
1457
1458 return 0;
1459 }
1460
1461 static int vbg_ioctl_check_balloon(struct vbg_dev *gdev,
1462 struct vbg_ioctl_check_balloon *balloon_info)
1463 {
1464 if (vbg_ioctl_chk(&balloon_info->hdr, 0, sizeof(balloon_info->u.out)))
1465 return -EINVAL;
1466
1467 balloon_info->u.out.balloon_chunks = gdev->mem_balloon.chunks;
1468 /*
1469 * Under Linux we handle VMMDEV_EVENT_BALLOON_CHANGE_REQUEST
1470 * events entirely in the kernel, see vbg_core_isr().
1471 */
1472 balloon_info->u.out.handle_in_r3 = false;
1473
1474 return 0;
1475 }
1476
1477 static int vbg_ioctl_write_core_dump(struct vbg_dev *gdev,
1478 struct vbg_session *session,
1479 struct vbg_ioctl_write_coredump *dump)
1480 {
1481 struct vmmdev_write_core_dump *req;
1482
1483 if (vbg_ioctl_chk(&dump->hdr, sizeof(dump->u.in), 0))
1484 return -EINVAL;
1485
1486 req = vbg_req_alloc(sizeof(*req), VMMDEVREQ_WRITE_COREDUMP,
1487 session->requestor);
1488 if (!req)
1489 return -ENOMEM;
1490
1491 req->flags = dump->u.in.flags;
1492 dump->hdr.rc = vbg_req_perform(gdev, req);
1493
1494 vbg_req_free(req, sizeof(*req));
1495 return 0;
1496 }
1497
1498 /**
1499 * Common IOCtl for user to kernel communication.
1500 * Return: 0 or negative errno value.
1501 * @session: The client session.
1502 * @req: The requested function.
1503 * @data: The i/o data buffer, minimum size sizeof(struct vbg_ioctl_hdr).
1504 */
1505 int vbg_core_ioctl(struct vbg_session *session, unsigned int req, void *data)
1506 {
1507 unsigned int req_no_size = req & ~IOCSIZE_MASK;
1508 struct vbg_dev *gdev = session->gdev;
1509 struct vbg_ioctl_hdr *hdr = data;
1510 bool f32bit = false;
1511
1512 hdr->rc = VINF_SUCCESS;
1513 if (!hdr->size_out)
1514 hdr->size_out = hdr->size_in;
1515
1516 /*
1517 * hdr->version and hdr->size_in / hdr->size_out minimum size are
1518 * already checked by vbg_misc_device_ioctl().
1519 */
1520
1521 /* For VMMDEV_REQUEST hdr->type != VBG_IOCTL_HDR_TYPE_DEFAULT */
1522 if (req_no_size == VBG_IOCTL_VMMDEV_REQUEST(0) ||
1523 req == VBG_IOCTL_VMMDEV_REQUEST_BIG)
1524 return vbg_ioctl_vmmrequest(gdev, session, data);
1525
1526 if (hdr->type != VBG_IOCTL_HDR_TYPE_DEFAULT)
1527 return -EINVAL;
1528
1529 /* Fixed size requests. */
1530 switch (req) {
1531 case VBG_IOCTL_DRIVER_VERSION_INFO:
1532 return vbg_ioctl_driver_version_info(data);
1533 case VBG_IOCTL_HGCM_CONNECT:
1534 return vbg_ioctl_hgcm_connect(gdev, session, data);
1535 case VBG_IOCTL_HGCM_DISCONNECT:
1536 return vbg_ioctl_hgcm_disconnect(gdev, session, data);
1537 case VBG_IOCTL_WAIT_FOR_EVENTS:
1538 return vbg_ioctl_wait_for_events(gdev, session, data);
1539 case VBG_IOCTL_INTERRUPT_ALL_WAIT_FOR_EVENTS:
1540 return vbg_ioctl_interrupt_all_wait_events(gdev, session, data);
1541 case VBG_IOCTL_CHANGE_FILTER_MASK:
1542 return vbg_ioctl_change_filter_mask(gdev, session, data);
1543 case VBG_IOCTL_CHANGE_GUEST_CAPABILITIES:
1544 return vbg_ioctl_change_guest_capabilities(gdev, session, data);
1545 case VBG_IOCTL_CHECK_BALLOON:
1546 return vbg_ioctl_check_balloon(gdev, data);
1547 case VBG_IOCTL_WRITE_CORE_DUMP:
1548 return vbg_ioctl_write_core_dump(gdev, session, data);
1549 }
1550
1551 /* Variable sized requests. */
1552 switch (req_no_size) {
1553 #ifdef CONFIG_COMPAT
1554 case VBG_IOCTL_HGCM_CALL_32(0):
1555 f32bit = true;
1556 #endif
1557 /* Fall through */
1558 case VBG_IOCTL_HGCM_CALL(0):
1559 return vbg_ioctl_hgcm_call(gdev, session, f32bit, data);
1560 case VBG_IOCTL_LOG(0):
1561 return vbg_ioctl_log(data);
1562 }
1563
1564 vbg_debug("VGDrvCommonIoCtl: Unknown req %#08x\n", req);
1565 return -ENOTTY;
1566 }
1567
1568 /**
1569 * Report guest supported mouse-features to the host.
1570 *
1571 * Return: 0 or negative errno value.
1572 * @gdev: The Guest extension device.
1573 * @features: The set of features to report to the host.
1574 */
1575 int vbg_core_set_mouse_status(struct vbg_dev *gdev, u32 features)
1576 {
1577 struct vmmdev_mouse_status *req;
1578 int rc;
1579
1580 req = vbg_req_alloc(sizeof(*req), VMMDEVREQ_SET_MOUSE_STATUS,
1581 VBG_KERNEL_REQUEST);
1582 if (!req)
1583 return -ENOMEM;
1584
1585 req->mouse_features = features;
1586 req->pointer_pos_x = 0;
1587 req->pointer_pos_y = 0;
1588
1589 rc = vbg_req_perform(gdev, req);
1590 if (rc < 0)
1591 vbg_err("%s error, rc: %d\n", __func__, rc);
1592
1593 vbg_req_free(req, sizeof(*req));
1594 return vbg_status_code_to_errno(rc);
1595 }
1596
1597 /** Core interrupt service routine. */
1598 irqreturn_t vbg_core_isr(int irq, void *dev_id)
1599 {
1600 struct vbg_dev *gdev = dev_id;
1601 struct vmmdev_events *req = gdev->ack_events_req;
1602 bool mouse_position_changed = false;
1603 unsigned long flags;
1604 u32 events = 0;
1605 int rc;
1606
1607 if (!gdev->mmio->V.V1_04.have_events)
1608 return IRQ_NONE;
1609
1610 /* Get and acknowlegde events. */
1611 req->header.rc = VERR_INTERNAL_ERROR;
1612 req->events = 0;
1613 rc = vbg_req_perform(gdev, req);
1614 if (rc < 0) {
1615 vbg_err("Error performing events req, rc: %d\n", rc);
1616 return IRQ_NONE;
1617 }
1618
1619 events = req->events;
1620
1621 if (events & VMMDEV_EVENT_MOUSE_POSITION_CHANGED) {
1622 mouse_position_changed = true;
1623 events &= ~VMMDEV_EVENT_MOUSE_POSITION_CHANGED;
1624 }
1625
1626 if (events & VMMDEV_EVENT_HGCM) {
1627 wake_up(&gdev->hgcm_wq);
1628 events &= ~VMMDEV_EVENT_HGCM;
1629 }
1630
1631 if (events & VMMDEV_EVENT_BALLOON_CHANGE_REQUEST) {
1632 schedule_work(&gdev->mem_balloon.work);
1633 events &= ~VMMDEV_EVENT_BALLOON_CHANGE_REQUEST;
1634 }
1635
1636 if (events) {
1637 spin_lock_irqsave(&gdev->event_spinlock, flags);
1638 gdev->pending_events |= events;
1639 spin_unlock_irqrestore(&gdev->event_spinlock, flags);
1640
1641 wake_up(&gdev->event_wq);
1642 }
1643
1644 if (mouse_position_changed)
1645 vbg_linux_mouse_event(gdev);
1646
1647 return IRQ_HANDLED;
1648 }
Linux with added FPC-III support