1 /* 2 * VMware VMCI Driver 3 * 4 * Copyright (C) 2012 VMware, Inc. All rights reserved. 5 * 6 * This program is free software; you can redistribute it and/or modify it 7 * under the terms of the GNU General Public License as published by the 8 * Free Software Foundation version 2 and no later version. 9 * 10 * This program is distributed in the hope that it will be useful, but 11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY 12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 13 * for more details. 14 */ 15 16 #include <linux/vmw_vmci_defs.h> 17 #include <linux/vmw_vmci_api.h> 18 #include <linux/moduleparam.h> 19 #include <linux/miscdevice.h> 20 #include <linux/interrupt.h> 21 #include <linux/highmem.h> 22 #include <linux/atomic.h> 23 #include <linux/kernel.h> 24 #include <linux/module.h> 25 #include <linux/mutex.h> 26 #include <linux/sched.h> 27 #include <linux/slab.h> 28 #include <linux/file.h> 29 #include <linux/init.h> 30 #include <linux/poll.h> 31 #include <linux/pci.h> 32 #include <linux/smp.h> 33 #include <linux/fs.h> 34 #include <linux/io.h> 35 36 #include "vmci_handle_array.h" 37 #include "vmci_queue_pair.h" 38 #include "vmci_datagram.h" 39 #include "vmci_doorbell.h" 40 #include "vmci_resource.h" 41 #include "vmci_context.h" 42 #include "vmci_driver.h" 43 #include "vmci_event.h" 44 45 #define VMCI_UTIL_NUM_RESOURCES 1 46 47 enum { 48 VMCI_NOTIFY_RESOURCE_QUEUE_PAIR = 0, 49 VMCI_NOTIFY_RESOURCE_DOOR_BELL = 1, 50 }; 51 52 enum { 53 VMCI_NOTIFY_RESOURCE_ACTION_NOTIFY = 0, 54 VMCI_NOTIFY_RESOURCE_ACTION_CREATE = 1, 55 VMCI_NOTIFY_RESOURCE_ACTION_DESTROY = 2, 56 }; 57 58 /* 59 * VMCI driver initialization. This block can also be used to 60 * pass initial group membership etc. 61 */ 62 struct vmci_init_blk { 63 u32 cid; 64 u32 flags; 65 }; 66 67 /* VMCIqueue_pairAllocInfo_VMToVM */ 68 struct vmci_qp_alloc_info_vmvm { 69 struct vmci_handle handle; 70 u32 peer; 71 u32 flags; 72 u64 produce_size; 73 u64 consume_size; 74 u64 produce_page_file; /* User VA. */ 75 u64 consume_page_file; /* User VA. */ 76 u64 produce_page_file_size; /* Size of the file name array. */ 77 u64 consume_page_file_size; /* Size of the file name array. */ 78 s32 result; 79 u32 _pad; 80 }; 81 82 /* VMCISetNotifyInfo: Used to pass notify flag's address to the host driver. */ 83 struct vmci_set_notify_info { 84 u64 notify_uva; 85 s32 result; 86 u32 _pad; 87 }; 88 89 /* 90 * Per-instance host state 91 */ 92 struct vmci_host_dev { 93 struct vmci_ctx *context; 94 int user_version; 95 enum vmci_obj_type ct_type; 96 struct mutex lock; /* Mutex lock for vmci context access */ 97 }; 98 99 static struct vmci_ctx *host_context; 100 static bool vmci_host_device_initialized; 101 static atomic_t vmci_host_active_users = ATOMIC_INIT(0); 102 103 /* 104 * Determines whether the VMCI host personality is 105 * available. Since the core functionality of the host driver is 106 * always present, all guests could possibly use the host 107 * personality. However, to minimize the deviation from the 108 * pre-unified driver state of affairs, we only consider the host 109 * device active if there is no active guest device or if there 110 * are VMX'en with active VMCI contexts using the host device. 111 */ 112 bool vmci_host_code_active(void) 113 { 114 return vmci_host_device_initialized && 115 (!vmci_guest_code_active() || 116 atomic_read(&vmci_host_active_users) > 0); 117 } 118 119 /* 120 * Called on open of /dev/vmci. 121 */ 122 static int vmci_host_open(struct inode *inode, struct file *filp) 123 { 124 struct vmci_host_dev *vmci_host_dev; 125 126 vmci_host_dev = kzalloc(sizeof(struct vmci_host_dev), GFP_KERNEL); 127 if (vmci_host_dev == NULL) 128 return -ENOMEM; 129 130 vmci_host_dev->ct_type = VMCIOBJ_NOT_SET; 131 mutex_init(&vmci_host_dev->lock); 132 filp->private_data = vmci_host_dev; 133 134 return 0; 135 } 136 137 /* 138 * Called on close of /dev/vmci, most often when the process 139 * exits. 140 */ 141 static int vmci_host_close(struct inode *inode, struct file *filp) 142 { 143 struct vmci_host_dev *vmci_host_dev = filp->private_data; 144 145 if (vmci_host_dev->ct_type == VMCIOBJ_CONTEXT) { 146 vmci_ctx_destroy(vmci_host_dev->context); 147 vmci_host_dev->context = NULL; 148 149 /* 150 * The number of active contexts is used to track whether any 151 * VMX'en are using the host personality. It is incremented when 152 * a context is created through the IOCTL_VMCI_INIT_CONTEXT 153 * ioctl. 154 */ 155 atomic_dec(&vmci_host_active_users); 156 } 157 vmci_host_dev->ct_type = VMCIOBJ_NOT_SET; 158 159 kfree(vmci_host_dev); 160 filp->private_data = NULL; 161 return 0; 162 } 163 164 /* 165 * This is used to wake up the VMX when a VMCI call arrives, or 166 * to wake up select() or poll() at the next clock tick. 167 */ 168 static unsigned int vmci_host_poll(struct file *filp, poll_table *wait) 169 { 170 struct vmci_host_dev *vmci_host_dev = filp->private_data; 171 struct vmci_ctx *context = vmci_host_dev->context; 172 unsigned int mask = 0; 173 174 if (vmci_host_dev->ct_type == VMCIOBJ_CONTEXT) { 175 /* Check for VMCI calls to this VM context. */ 176 if (wait) 177 poll_wait(filp, &context->host_context.wait_queue, 178 wait); 179 180 spin_lock(&context->lock); 181 if (context->pending_datagrams > 0 || 182 vmci_handle_arr_get_size( 183 context->pending_doorbell_array) > 0) { 184 mask = POLLIN; 185 } 186 spin_unlock(&context->lock); 187 } 188 return mask; 189 } 190 191 /* 192 * Copies the handles of a handle array into a user buffer, and 193 * returns the new length in userBufferSize. If the copy to the 194 * user buffer fails, the functions still returns VMCI_SUCCESS, 195 * but retval != 0. 196 */ 197 static int drv_cp_harray_to_user(void __user *user_buf_uva, 198 u64 *user_buf_size, 199 struct vmci_handle_arr *handle_array, 200 int *retval) 201 { 202 u32 array_size = 0; 203 struct vmci_handle *handles; 204 205 if (handle_array) 206 array_size = vmci_handle_arr_get_size(handle_array); 207 208 if (array_size * sizeof(*handles) > *user_buf_size) 209 return VMCI_ERROR_MORE_DATA; 210 211 *user_buf_size = array_size * sizeof(*handles); 212 if (*user_buf_size) 213 *retval = copy_to_user(user_buf_uva, 214 vmci_handle_arr_get_handles 215 (handle_array), *user_buf_size); 216 217 return VMCI_SUCCESS; 218 } 219 220 /* 221 * Sets up a given context for notify to work. Maps the notify 222 * boolean in user VA into kernel space. 223 */ 224 static int vmci_host_setup_notify(struct vmci_ctx *context, 225 unsigned long uva) 226 { 227 int retval; 228 229 if (context->notify_page) { 230 pr_devel("%s: Notify mechanism is already set up\n", __func__); 231 return VMCI_ERROR_DUPLICATE_ENTRY; 232 } 233 234 /* 235 * We are using 'bool' internally, but let's make sure we explicit 236 * about the size. 237 */ 238 BUILD_BUG_ON(sizeof(bool) != sizeof(u8)); 239 if (!access_ok(VERIFY_WRITE, (void __user *)uva, sizeof(u8))) 240 return VMCI_ERROR_GENERIC; 241 242 /* 243 * Lock physical page backing a given user VA. 244 */ 245 retval = get_user_pages_fast(uva, 1, 1, &context->notify_page); 246 if (retval != 1) { 247 context->notify_page = NULL; 248 return VMCI_ERROR_GENERIC; 249 } 250 251 /* 252 * Map the locked page and set up notify pointer. 253 */ 254 context->notify = kmap(context->notify_page) + (uva & (PAGE_SIZE - 1)); 255 vmci_ctx_check_signal_notify(context); 256 257 return VMCI_SUCCESS; 258 } 259 260 static int vmci_host_get_version(struct vmci_host_dev *vmci_host_dev, 261 unsigned int cmd, void __user *uptr) 262 { 263 if (cmd == IOCTL_VMCI_VERSION2) { 264 int __user *vptr = uptr; 265 if (get_user(vmci_host_dev->user_version, vptr)) 266 return -EFAULT; 267 } 268 269 /* 270 * The basic logic here is: 271 * 272 * If the user sends in a version of 0 tell it our version. 273 * If the user didn't send in a version, tell it our version. 274 * If the user sent in an old version, tell it -its- version. 275 * If the user sent in an newer version, tell it our version. 276 * 277 * The rationale behind telling the caller its version is that 278 * Workstation 6.5 required that VMX and VMCI kernel module were 279 * version sync'd. All new VMX users will be programmed to 280 * handle the VMCI kernel module version. 281 */ 282 283 if (vmci_host_dev->user_version > 0 && 284 vmci_host_dev->user_version < VMCI_VERSION_HOSTQP) { 285 return vmci_host_dev->user_version; 286 } 287 288 return VMCI_VERSION; 289 } 290 291 #define vmci_ioctl_err(fmt, ...) \ 292 pr_devel("%s: " fmt, ioctl_name, ##__VA_ARGS__) 293 294 static int vmci_host_do_init_context(struct vmci_host_dev *vmci_host_dev, 295 const char *ioctl_name, 296 void __user *uptr) 297 { 298 struct vmci_init_blk init_block; 299 const struct cred *cred; 300 int retval; 301 302 if (copy_from_user(&init_block, uptr, sizeof(init_block))) { 303 vmci_ioctl_err("error reading init block\n"); 304 return -EFAULT; 305 } 306 307 mutex_lock(&vmci_host_dev->lock); 308 309 if (vmci_host_dev->ct_type != VMCIOBJ_NOT_SET) { 310 vmci_ioctl_err("received VMCI init on initialized handle\n"); 311 retval = -EINVAL; 312 goto out; 313 } 314 315 if (init_block.flags & ~VMCI_PRIVILEGE_FLAG_RESTRICTED) { 316 vmci_ioctl_err("unsupported VMCI restriction flag\n"); 317 retval = -EINVAL; 318 goto out; 319 } 320 321 cred = get_current_cred(); 322 vmci_host_dev->context = vmci_ctx_create(init_block.cid, 323 init_block.flags, 0, 324 vmci_host_dev->user_version, 325 cred); 326 put_cred(cred); 327 if (IS_ERR(vmci_host_dev->context)) { 328 retval = PTR_ERR(vmci_host_dev->context); 329 vmci_ioctl_err("error initializing context\n"); 330 goto out; 331 } 332 333 /* 334 * Copy cid to userlevel, we do this to allow the VMX 335 * to enforce its policy on cid generation. 336 */ 337 init_block.cid = vmci_ctx_get_id(vmci_host_dev->context); 338 if (copy_to_user(uptr, &init_block, sizeof(init_block))) { 339 vmci_ctx_destroy(vmci_host_dev->context); 340 vmci_host_dev->context = NULL; 341 vmci_ioctl_err("error writing init block\n"); 342 retval = -EFAULT; 343 goto out; 344 } 345 346 vmci_host_dev->ct_type = VMCIOBJ_CONTEXT; 347 atomic_inc(&vmci_host_active_users); 348 349 retval = 0; 350 351 out: 352 mutex_unlock(&vmci_host_dev->lock); 353 return retval; 354 } 355 356 static int vmci_host_do_send_datagram(struct vmci_host_dev *vmci_host_dev, 357 const char *ioctl_name, 358 void __user *uptr) 359 { 360 struct vmci_datagram_snd_rcv_info send_info; 361 struct vmci_datagram *dg = NULL; 362 u32 cid; 363 364 if (vmci_host_dev->ct_type != VMCIOBJ_CONTEXT) { 365 vmci_ioctl_err("only valid for contexts\n"); 366 return -EINVAL; 367 } 368 369 if (copy_from_user(&send_info, uptr, sizeof(send_info))) 370 return -EFAULT; 371 372 if (send_info.len > VMCI_MAX_DG_SIZE) { 373 vmci_ioctl_err("datagram is too big (size=%d)\n", 374 send_info.len); 375 return -EINVAL; 376 } 377 378 if (send_info.len < sizeof(*dg)) { 379 vmci_ioctl_err("datagram is too small (size=%d)\n", 380 send_info.len); 381 return -EINVAL; 382 } 383 384 dg = kmalloc(send_info.len, GFP_KERNEL); 385 if (!dg) { 386 vmci_ioctl_err( 387 "cannot allocate memory to dispatch datagram\n"); 388 return -ENOMEM; 389 } 390 391 if (copy_from_user(dg, (void __user *)(uintptr_t)send_info.addr, 392 send_info.len)) { 393 vmci_ioctl_err("error getting datagram\n"); 394 kfree(dg); 395 return -EFAULT; 396 } 397 398 if (VMCI_DG_SIZE(dg) != send_info.len) { 399 vmci_ioctl_err("datagram size mismatch\n"); 400 kfree(dg); 401 return -EINVAL; 402 } 403 404 pr_devel("Datagram dst (handle=0x%x:0x%x) src (handle=0x%x:0x%x), payload (size=%llu bytes)\n", 405 dg->dst.context, dg->dst.resource, 406 dg->src.context, dg->src.resource, 407 (unsigned long long)dg->payload_size); 408 409 /* Get source context id. */ 410 cid = vmci_ctx_get_id(vmci_host_dev->context); 411 send_info.result = vmci_datagram_dispatch(cid, dg, true); 412 kfree(dg); 413 414 return copy_to_user(uptr, &send_info, sizeof(send_info)) ? -EFAULT : 0; 415 } 416 417 static int vmci_host_do_receive_datagram(struct vmci_host_dev *vmci_host_dev, 418 const char *ioctl_name, 419 void __user *uptr) 420 { 421 struct vmci_datagram_snd_rcv_info recv_info; 422 struct vmci_datagram *dg = NULL; 423 int retval; 424 size_t size; 425 426 if (vmci_host_dev->ct_type != VMCIOBJ_CONTEXT) { 427 vmci_ioctl_err("only valid for contexts\n"); 428 return -EINVAL; 429 } 430 431 if (copy_from_user(&recv_info, uptr, sizeof(recv_info))) 432 return -EFAULT; 433 434 size = recv_info.len; 435 recv_info.result = vmci_ctx_dequeue_datagram(vmci_host_dev->context, 436 &size, &dg); 437 438 if (recv_info.result >= VMCI_SUCCESS) { 439 void __user *ubuf = (void __user *)(uintptr_t)recv_info.addr; 440 retval = copy_to_user(ubuf, dg, VMCI_DG_SIZE(dg)); 441 kfree(dg); 442 if (retval != 0) 443 return -EFAULT; 444 } 445 446 return copy_to_user(uptr, &recv_info, sizeof(recv_info)) ? -EFAULT : 0; 447 } 448 449 static int vmci_host_do_alloc_queuepair(struct vmci_host_dev *vmci_host_dev, 450 const char *ioctl_name, 451 void __user *uptr) 452 { 453 struct vmci_handle handle; 454 int vmci_status; 455 int __user *retptr; 456 u32 cid; 457 458 if (vmci_host_dev->ct_type != VMCIOBJ_CONTEXT) { 459 vmci_ioctl_err("only valid for contexts\n"); 460 return -EINVAL; 461 } 462 463 cid = vmci_ctx_get_id(vmci_host_dev->context); 464 465 if (vmci_host_dev->user_version < VMCI_VERSION_NOVMVM) { 466 struct vmci_qp_alloc_info_vmvm alloc_info; 467 struct vmci_qp_alloc_info_vmvm __user *info = uptr; 468 469 if (copy_from_user(&alloc_info, uptr, sizeof(alloc_info))) 470 return -EFAULT; 471 472 handle = alloc_info.handle; 473 retptr = &info->result; 474 475 vmci_status = vmci_qp_broker_alloc(alloc_info.handle, 476 alloc_info.peer, 477 alloc_info.flags, 478 VMCI_NO_PRIVILEGE_FLAGS, 479 alloc_info.produce_size, 480 alloc_info.consume_size, 481 NULL, 482 vmci_host_dev->context); 483 484 if (vmci_status == VMCI_SUCCESS) 485 vmci_status = VMCI_SUCCESS_QUEUEPAIR_CREATE; 486 } else { 487 struct vmci_qp_alloc_info alloc_info; 488 struct vmci_qp_alloc_info __user *info = uptr; 489 struct vmci_qp_page_store page_store; 490 491 if (copy_from_user(&alloc_info, uptr, sizeof(alloc_info))) 492 return -EFAULT; 493 494 handle = alloc_info.handle; 495 retptr = &info->result; 496 497 page_store.pages = alloc_info.ppn_va; 498 page_store.len = alloc_info.num_ppns; 499 500 vmci_status = vmci_qp_broker_alloc(alloc_info.handle, 501 alloc_info.peer, 502 alloc_info.flags, 503 VMCI_NO_PRIVILEGE_FLAGS, 504 alloc_info.produce_size, 505 alloc_info.consume_size, 506 &page_store, 507 vmci_host_dev->context); 508 } 509 510 if (put_user(vmci_status, retptr)) { 511 if (vmci_status >= VMCI_SUCCESS) { 512 vmci_status = vmci_qp_broker_detach(handle, 513 vmci_host_dev->context); 514 } 515 return -EFAULT; 516 } 517 518 return 0; 519 } 520 521 static int vmci_host_do_queuepair_setva(struct vmci_host_dev *vmci_host_dev, 522 const char *ioctl_name, 523 void __user *uptr) 524 { 525 struct vmci_qp_set_va_info set_va_info; 526 struct vmci_qp_set_va_info __user *info = uptr; 527 s32 result; 528 529 if (vmci_host_dev->ct_type != VMCIOBJ_CONTEXT) { 530 vmci_ioctl_err("only valid for contexts\n"); 531 return -EINVAL; 532 } 533 534 if (vmci_host_dev->user_version < VMCI_VERSION_NOVMVM) { 535 vmci_ioctl_err("is not allowed\n"); 536 return -EINVAL; 537 } 538 539 if (copy_from_user(&set_va_info, uptr, sizeof(set_va_info))) 540 return -EFAULT; 541 542 if (set_va_info.va) { 543 /* 544 * VMX is passing down a new VA for the queue 545 * pair mapping. 546 */ 547 result = vmci_qp_broker_map(set_va_info.handle, 548 vmci_host_dev->context, 549 set_va_info.va); 550 } else { 551 /* 552 * The queue pair is about to be unmapped by 553 * the VMX. 554 */ 555 result = vmci_qp_broker_unmap(set_va_info.handle, 556 vmci_host_dev->context, 0); 557 } 558 559 return put_user(result, &info->result) ? -EFAULT : 0; 560 } 561 562 static int vmci_host_do_queuepair_setpf(struct vmci_host_dev *vmci_host_dev, 563 const char *ioctl_name, 564 void __user *uptr) 565 { 566 struct vmci_qp_page_file_info page_file_info; 567 struct vmci_qp_page_file_info __user *info = uptr; 568 s32 result; 569 570 if (vmci_host_dev->user_version < VMCI_VERSION_HOSTQP || 571 vmci_host_dev->user_version >= VMCI_VERSION_NOVMVM) { 572 vmci_ioctl_err("not supported on this VMX (version=%d)\n", 573 vmci_host_dev->user_version); 574 return -EINVAL; 575 } 576 577 if (vmci_host_dev->ct_type != VMCIOBJ_CONTEXT) { 578 vmci_ioctl_err("only valid for contexts\n"); 579 return -EINVAL; 580 } 581 582 if (copy_from_user(&page_file_info, uptr, sizeof(*info))) 583 return -EFAULT; 584 585 /* 586 * Communicate success pre-emptively to the caller. Note that the 587 * basic premise is that it is incumbent upon the caller not to look at 588 * the info.result field until after the ioctl() returns. And then, 589 * only if the ioctl() result indicates no error. We send up the 590 * SUCCESS status before calling SetPageStore() store because failing 591 * to copy up the result code means unwinding the SetPageStore(). 592 * 593 * It turns out the logic to unwind a SetPageStore() opens a can of 594 * worms. For example, if a host had created the queue_pair and a 595 * guest attaches and SetPageStore() is successful but writing success 596 * fails, then ... the host has to be stopped from writing (anymore) 597 * data into the queue_pair. That means an additional test in the 598 * VMCI_Enqueue() code path. Ugh. 599 */ 600 601 if (put_user(VMCI_SUCCESS, &info->result)) { 602 /* 603 * In this case, we can't write a result field of the 604 * caller's info block. So, we don't even try to 605 * SetPageStore(). 606 */ 607 return -EFAULT; 608 } 609 610 result = vmci_qp_broker_set_page_store(page_file_info.handle, 611 page_file_info.produce_va, 612 page_file_info.consume_va, 613 vmci_host_dev->context); 614 if (result < VMCI_SUCCESS) { 615 if (put_user(result, &info->result)) { 616 /* 617 * Note that in this case the SetPageStore() 618 * call failed but we were unable to 619 * communicate that to the caller (because the 620 * copy_to_user() call failed). So, if we 621 * simply return an error (in this case 622 * -EFAULT) then the caller will know that the 623 * SetPageStore failed even though we couldn't 624 * put the result code in the result field and 625 * indicate exactly why it failed. 626 * 627 * That says nothing about the issue where we 628 * were once able to write to the caller's info 629 * memory and now can't. Something more 630 * serious is probably going on than the fact 631 * that SetPageStore() didn't work. 632 */ 633 return -EFAULT; 634 } 635 } 636 637 return 0; 638 } 639 640 static int vmci_host_do_qp_detach(struct vmci_host_dev *vmci_host_dev, 641 const char *ioctl_name, 642 void __user *uptr) 643 { 644 struct vmci_qp_dtch_info detach_info; 645 struct vmci_qp_dtch_info __user *info = uptr; 646 s32 result; 647 648 if (vmci_host_dev->ct_type != VMCIOBJ_CONTEXT) { 649 vmci_ioctl_err("only valid for contexts\n"); 650 return -EINVAL; 651 } 652 653 if (copy_from_user(&detach_info, uptr, sizeof(detach_info))) 654 return -EFAULT; 655 656 result = vmci_qp_broker_detach(detach_info.handle, 657 vmci_host_dev->context); 658 if (result == VMCI_SUCCESS && 659 vmci_host_dev->user_version < VMCI_VERSION_NOVMVM) { 660 result = VMCI_SUCCESS_LAST_DETACH; 661 } 662 663 return put_user(result, &info->result) ? -EFAULT : 0; 664 } 665 666 static int vmci_host_do_ctx_add_notify(struct vmci_host_dev *vmci_host_dev, 667 const char *ioctl_name, 668 void __user *uptr) 669 { 670 struct vmci_ctx_info ar_info; 671 struct vmci_ctx_info __user *info = uptr; 672 s32 result; 673 u32 cid; 674 675 if (vmci_host_dev->ct_type != VMCIOBJ_CONTEXT) { 676 vmci_ioctl_err("only valid for contexts\n"); 677 return -EINVAL; 678 } 679 680 if (copy_from_user(&ar_info, uptr, sizeof(ar_info))) 681 return -EFAULT; 682 683 cid = vmci_ctx_get_id(vmci_host_dev->context); 684 result = vmci_ctx_add_notification(cid, ar_info.remote_cid); 685 686 return put_user(result, &info->result) ? -EFAULT : 0; 687 } 688 689 static int vmci_host_do_ctx_remove_notify(struct vmci_host_dev *vmci_host_dev, 690 const char *ioctl_name, 691 void __user *uptr) 692 { 693 struct vmci_ctx_info ar_info; 694 struct vmci_ctx_info __user *info = uptr; 695 u32 cid; 696 int result; 697 698 if (vmci_host_dev->ct_type != VMCIOBJ_CONTEXT) { 699 vmci_ioctl_err("only valid for contexts\n"); 700 return -EINVAL; 701 } 702 703 if (copy_from_user(&ar_info, uptr, sizeof(ar_info))) 704 return -EFAULT; 705 706 cid = vmci_ctx_get_id(vmci_host_dev->context); 707 result = vmci_ctx_remove_notification(cid, 708 ar_info.remote_cid); 709 710 return put_user(result, &info->result) ? -EFAULT : 0; 711 } 712 713 static int vmci_host_do_ctx_get_cpt_state(struct vmci_host_dev *vmci_host_dev, 714 const char *ioctl_name, 715 void __user *uptr) 716 { 717 struct vmci_ctx_chkpt_buf_info get_info; 718 u32 cid; 719 void *cpt_buf; 720 int retval; 721 722 if (vmci_host_dev->ct_type != VMCIOBJ_CONTEXT) { 723 vmci_ioctl_err("only valid for contexts\n"); 724 return -EINVAL; 725 } 726 727 if (copy_from_user(&get_info, uptr, sizeof(get_info))) 728 return -EFAULT; 729 730 cid = vmci_ctx_get_id(vmci_host_dev->context); 731 get_info.result = vmci_ctx_get_chkpt_state(cid, get_info.cpt_type, 732 &get_info.buf_size, &cpt_buf); 733 if (get_info.result == VMCI_SUCCESS && get_info.buf_size) { 734 void __user *ubuf = (void __user *)(uintptr_t)get_info.cpt_buf; 735 retval = copy_to_user(ubuf, cpt_buf, get_info.buf_size); 736 kfree(cpt_buf); 737 738 if (retval) 739 return -EFAULT; 740 } 741 742 return copy_to_user(uptr, &get_info, sizeof(get_info)) ? -EFAULT : 0; 743 } 744 745 static int vmci_host_do_ctx_set_cpt_state(struct vmci_host_dev *vmci_host_dev, 746 const char *ioctl_name, 747 void __user *uptr) 748 { 749 struct vmci_ctx_chkpt_buf_info set_info; 750 u32 cid; 751 void *cpt_buf; 752 int retval; 753 754 if (vmci_host_dev->ct_type != VMCIOBJ_CONTEXT) { 755 vmci_ioctl_err("only valid for contexts\n"); 756 return -EINVAL; 757 } 758 759 if (copy_from_user(&set_info, uptr, sizeof(set_info))) 760 return -EFAULT; 761 762 cpt_buf = kmalloc(set_info.buf_size, GFP_KERNEL); 763 if (!cpt_buf) { 764 vmci_ioctl_err( 765 "cannot allocate memory to set cpt state (type=%d)\n", 766 set_info.cpt_type); 767 return -ENOMEM; 768 } 769 770 if (copy_from_user(cpt_buf, (void __user *)(uintptr_t)set_info.cpt_buf, 771 set_info.buf_size)) { 772 retval = -EFAULT; 773 goto out; 774 } 775 776 cid = vmci_ctx_get_id(vmci_host_dev->context); 777 set_info.result = vmci_ctx_set_chkpt_state(cid, set_info.cpt_type, 778 set_info.buf_size, cpt_buf); 779 780 retval = copy_to_user(uptr, &set_info, sizeof(set_info)) ? -EFAULT : 0; 781 782 out: 783 kfree(cpt_buf); 784 return retval; 785 } 786 787 static int vmci_host_do_get_context_id(struct vmci_host_dev *vmci_host_dev, 788 const char *ioctl_name, 789 void __user *uptr) 790 { 791 u32 __user *u32ptr = uptr; 792 793 return put_user(VMCI_HOST_CONTEXT_ID, u32ptr) ? -EFAULT : 0; 794 } 795 796 static int vmci_host_do_set_notify(struct vmci_host_dev *vmci_host_dev, 797 const char *ioctl_name, 798 void __user *uptr) 799 { 800 struct vmci_set_notify_info notify_info; 801 802 if (vmci_host_dev->ct_type != VMCIOBJ_CONTEXT) { 803 vmci_ioctl_err("only valid for contexts\n"); 804 return -EINVAL; 805 } 806 807 if (copy_from_user(¬ify_info, uptr, sizeof(notify_info))) 808 return -EFAULT; 809 810 if (notify_info.notify_uva) { 811 notify_info.result = 812 vmci_host_setup_notify(vmci_host_dev->context, 813 notify_info.notify_uva); 814 } else { 815 vmci_ctx_unset_notify(vmci_host_dev->context); 816 notify_info.result = VMCI_SUCCESS; 817 } 818 819 return copy_to_user(uptr, ¬ify_info, sizeof(notify_info)) ? 820 -EFAULT : 0; 821 } 822 823 static int vmci_host_do_notify_resource(struct vmci_host_dev *vmci_host_dev, 824 const char *ioctl_name, 825 void __user *uptr) 826 { 827 struct vmci_dbell_notify_resource_info info; 828 u32 cid; 829 830 if (vmci_host_dev->user_version < VMCI_VERSION_NOTIFY) { 831 vmci_ioctl_err("invalid for current VMX versions\n"); 832 return -EINVAL; 833 } 834 835 if (vmci_host_dev->ct_type != VMCIOBJ_CONTEXT) { 836 vmci_ioctl_err("only valid for contexts\n"); 837 return -EINVAL; 838 } 839 840 if (copy_from_user(&info, uptr, sizeof(info))) 841 return -EFAULT; 842 843 cid = vmci_ctx_get_id(vmci_host_dev->context); 844 845 switch (info.action) { 846 case VMCI_NOTIFY_RESOURCE_ACTION_NOTIFY: 847 if (info.resource == VMCI_NOTIFY_RESOURCE_DOOR_BELL) { 848 u32 flags = VMCI_NO_PRIVILEGE_FLAGS; 849 info.result = vmci_ctx_notify_dbell(cid, info.handle, 850 flags); 851 } else { 852 info.result = VMCI_ERROR_UNAVAILABLE; 853 } 854 break; 855 856 case VMCI_NOTIFY_RESOURCE_ACTION_CREATE: 857 info.result = vmci_ctx_dbell_create(cid, info.handle); 858 break; 859 860 case VMCI_NOTIFY_RESOURCE_ACTION_DESTROY: 861 info.result = vmci_ctx_dbell_destroy(cid, info.handle); 862 break; 863 864 default: 865 vmci_ioctl_err("got unknown action (action=%d)\n", 866 info.action); 867 info.result = VMCI_ERROR_INVALID_ARGS; 868 } 869 870 return copy_to_user(uptr, &info, sizeof(info)) ? -EFAULT : 0; 871 } 872 873 static int vmci_host_do_recv_notifications(struct vmci_host_dev *vmci_host_dev, 874 const char *ioctl_name, 875 void __user *uptr) 876 { 877 struct vmci_ctx_notify_recv_info info; 878 struct vmci_handle_arr *db_handle_array; 879 struct vmci_handle_arr *qp_handle_array; 880 void __user *ubuf; 881 u32 cid; 882 int retval = 0; 883 884 if (vmci_host_dev->ct_type != VMCIOBJ_CONTEXT) { 885 vmci_ioctl_err("only valid for contexts\n"); 886 return -EINVAL; 887 } 888 889 if (vmci_host_dev->user_version < VMCI_VERSION_NOTIFY) { 890 vmci_ioctl_err("not supported for the current vmx version\n"); 891 return -EINVAL; 892 } 893 894 if (copy_from_user(&info, uptr, sizeof(info))) 895 return -EFAULT; 896 897 if ((info.db_handle_buf_size && !info.db_handle_buf_uva) || 898 (info.qp_handle_buf_size && !info.qp_handle_buf_uva)) { 899 return -EINVAL; 900 } 901 902 cid = vmci_ctx_get_id(vmci_host_dev->context); 903 904 info.result = vmci_ctx_rcv_notifications_get(cid, 905 &db_handle_array, &qp_handle_array); 906 if (info.result != VMCI_SUCCESS) 907 return copy_to_user(uptr, &info, sizeof(info)) ? -EFAULT : 0; 908 909 ubuf = (void __user *)(uintptr_t)info.db_handle_buf_uva; 910 info.result = drv_cp_harray_to_user(ubuf, &info.db_handle_buf_size, 911 db_handle_array, &retval); 912 if (info.result == VMCI_SUCCESS && !retval) { 913 ubuf = (void __user *)(uintptr_t)info.qp_handle_buf_uva; 914 info.result = drv_cp_harray_to_user(ubuf, 915 &info.qp_handle_buf_size, 916 qp_handle_array, &retval); 917 } 918 919 if (!retval && copy_to_user(uptr, &info, sizeof(info))) 920 retval = -EFAULT; 921 922 vmci_ctx_rcv_notifications_release(cid, 923 db_handle_array, qp_handle_array, 924 info.result == VMCI_SUCCESS && !retval); 925 926 return retval; 927 } 928 929 static long vmci_host_unlocked_ioctl(struct file *filp, 930 unsigned int iocmd, unsigned long ioarg) 931 { 932 #define VMCI_DO_IOCTL(ioctl_name, ioctl_fn) do { \ 933 char *name = __stringify(IOCTL_VMCI_ ## ioctl_name); \ 934 return vmci_host_do_ ## ioctl_fn( \ 935 vmci_host_dev, name, uptr); \ 936 } while (0) 937 938 struct vmci_host_dev *vmci_host_dev = filp->private_data; 939 void __user *uptr = (void __user *)ioarg; 940 941 switch (iocmd) { 942 case IOCTL_VMCI_INIT_CONTEXT: 943 VMCI_DO_IOCTL(INIT_CONTEXT, init_context); 944 case IOCTL_VMCI_DATAGRAM_SEND: 945 VMCI_DO_IOCTL(DATAGRAM_SEND, send_datagram); 946 case IOCTL_VMCI_DATAGRAM_RECEIVE: 947 VMCI_DO_IOCTL(DATAGRAM_RECEIVE, receive_datagram); 948 case IOCTL_VMCI_QUEUEPAIR_ALLOC: 949 VMCI_DO_IOCTL(QUEUEPAIR_ALLOC, alloc_queuepair); 950 case IOCTL_VMCI_QUEUEPAIR_SETVA: 951 VMCI_DO_IOCTL(QUEUEPAIR_SETVA, queuepair_setva); 952 case IOCTL_VMCI_QUEUEPAIR_SETPAGEFILE: 953 VMCI_DO_IOCTL(QUEUEPAIR_SETPAGEFILE, queuepair_setpf); 954 case IOCTL_VMCI_QUEUEPAIR_DETACH: 955 VMCI_DO_IOCTL(QUEUEPAIR_DETACH, qp_detach); 956 case IOCTL_VMCI_CTX_ADD_NOTIFICATION: 957 VMCI_DO_IOCTL(CTX_ADD_NOTIFICATION, ctx_add_notify); 958 case IOCTL_VMCI_CTX_REMOVE_NOTIFICATION: 959 VMCI_DO_IOCTL(CTX_REMOVE_NOTIFICATION, ctx_remove_notify); 960 case IOCTL_VMCI_CTX_GET_CPT_STATE: 961 VMCI_DO_IOCTL(CTX_GET_CPT_STATE, ctx_get_cpt_state); 962 case IOCTL_VMCI_CTX_SET_CPT_STATE: 963 VMCI_DO_IOCTL(CTX_SET_CPT_STATE, ctx_set_cpt_state); 964 case IOCTL_VMCI_GET_CONTEXT_ID: 965 VMCI_DO_IOCTL(GET_CONTEXT_ID, get_context_id); 966 case IOCTL_VMCI_SET_NOTIFY: 967 VMCI_DO_IOCTL(SET_NOTIFY, set_notify); 968 case IOCTL_VMCI_NOTIFY_RESOURCE: 969 VMCI_DO_IOCTL(NOTIFY_RESOURCE, notify_resource); 970 case IOCTL_VMCI_NOTIFICATIONS_RECEIVE: 971 VMCI_DO_IOCTL(NOTIFICATIONS_RECEIVE, recv_notifications); 972 973 case IOCTL_VMCI_VERSION: 974 case IOCTL_VMCI_VERSION2: 975 return vmci_host_get_version(vmci_host_dev, iocmd, uptr); 976 977 default: 978 pr_devel("%s: Unknown ioctl (iocmd=%d)\n", __func__, iocmd); 979 return -EINVAL; 980 } 981 982 #undef VMCI_DO_IOCTL 983 } 984 985 static const struct file_operations vmuser_fops = { 986 .owner = THIS_MODULE, 987 .open = vmci_host_open, 988 .release = vmci_host_close, 989 .poll = vmci_host_poll, 990 .unlocked_ioctl = vmci_host_unlocked_ioctl, 991 .compat_ioctl = vmci_host_unlocked_ioctl, 992 }; 993 994 static struct miscdevice vmci_host_miscdev = { 995 .name = "vmci", 996 .minor = MISC_DYNAMIC_MINOR, 997 .fops = &vmuser_fops, 998 }; 999 1000 int __init vmci_host_init(void) 1001 { 1002 int error; 1003 1004 host_context = vmci_ctx_create(VMCI_HOST_CONTEXT_ID, 1005 VMCI_DEFAULT_PROC_PRIVILEGE_FLAGS, 1006 -1, VMCI_VERSION, NULL); 1007 if (IS_ERR(host_context)) { 1008 error = PTR_ERR(host_context); 1009 pr_warn("Failed to initialize VMCIContext (error%d)\n", 1010 error); 1011 return error; 1012 } 1013 1014 error = misc_register(&vmci_host_miscdev); 1015 if (error) { 1016 pr_warn("Module registration error (name=%s, major=%d, minor=%d, err=%d)\n", 1017 vmci_host_miscdev.name, 1018 MISC_MAJOR, vmci_host_miscdev.minor, 1019 error); 1020 pr_warn("Unable to initialize host personality\n"); 1021 vmci_ctx_destroy(host_context); 1022 return error; 1023 } 1024 1025 pr_info("VMCI host device registered (name=%s, major=%d, minor=%d)\n", 1026 vmci_host_miscdev.name, MISC_MAJOR, vmci_host_miscdev.minor); 1027 1028 vmci_host_device_initialized = true; 1029 return 0; 1030 } 1031 1032 void __exit vmci_host_exit(void) 1033 { 1034 vmci_host_device_initialized = false; 1035 1036 misc_deregister(&vmci_host_miscdev); 1037 vmci_ctx_destroy(host_context); 1038 vmci_qp_broker_exit(); 1039 1040 pr_debug("VMCI host driver module unloaded\n"); 1041 } 1042