1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3  * VMware VMCI Driver
4  *
5  * Copyright (C) 2012 VMware, Inc. All rights reserved.
6  */
7 
8 #include <linux/vmw_vmci_defs.h>
9 #include <linux/vmw_vmci_api.h>
10 
11 #include "vmci_context.h"
12 #include "vmci_driver.h"
13 #include "vmci_route.h"
14 
15 /*
16  * Make a routing decision for the given source and destination handles.
17  * This will try to determine the route using the handles and the available
18  * devices.  Will set the source context if it is invalid.
19  */
vmci_route(struct vmci_handle * src,const struct vmci_handle * dst,bool from_guest,enum vmci_route * route)20 int vmci_route(struct vmci_handle *src,
21 	       const struct vmci_handle *dst,
22 	       bool from_guest,
23 	       enum vmci_route *route)
24 {
25 	bool has_host_device = vmci_host_code_active();
26 	bool has_guest_device = vmci_guest_code_active();
27 
28 	*route = VMCI_ROUTE_NONE;
29 
30 	/*
31 	 * "from_guest" is only ever set to true by
32 	 * IOCTL_VMCI_DATAGRAM_SEND (or by the vmkernel equivalent),
33 	 * which comes from the VMX, so we know it is coming from a
34 	 * guest.
35 	 *
36 	 * To avoid inconsistencies, test these once.  We will test
37 	 * them again when we do the actual send to ensure that we do
38 	 * not touch a non-existent device.
39 	 */
40 
41 	/* Must have a valid destination context. */
42 	if (VMCI_INVALID_ID == dst->context)
43 		return VMCI_ERROR_INVALID_ARGS;
44 
45 	/* Anywhere to hypervisor. */
46 	if (VMCI_HYPERVISOR_CONTEXT_ID == dst->context) {
47 
48 		/*
49 		 * If this message already came from a guest then we
50 		 * cannot send it to the hypervisor.  It must come
51 		 * from a local client.
52 		 */
53 		if (from_guest)
54 			return VMCI_ERROR_DST_UNREACHABLE;
55 
56 		/*
57 		 * We must be acting as a guest in order to send to
58 		 * the hypervisor.
59 		 */
60 		if (!has_guest_device)
61 			return VMCI_ERROR_DEVICE_NOT_FOUND;
62 
63 		/* And we cannot send if the source is the host context. */
64 		if (VMCI_HOST_CONTEXT_ID == src->context)
65 			return VMCI_ERROR_INVALID_ARGS;
66 
67 		/*
68 		 * If the client passed the ANON source handle then
69 		 * respect it (both context and resource are invalid).
70 		 * However, if they passed only an invalid context,
71 		 * then they probably mean ANY, in which case we
72 		 * should set the real context here before passing it
73 		 * down.
74 		 */
75 		if (VMCI_INVALID_ID == src->context &&
76 		    VMCI_INVALID_ID != src->resource)
77 			src->context = vmci_get_context_id();
78 
79 		/* Send from local client down to the hypervisor. */
80 		*route = VMCI_ROUTE_AS_GUEST;
81 		return VMCI_SUCCESS;
82 	}
83 
84 	/* Anywhere to local client on host. */
85 	if (VMCI_HOST_CONTEXT_ID == dst->context) {
86 		/*
87 		 * If it is not from a guest but we are acting as a
88 		 * guest, then we need to send it down to the host.
89 		 * Note that if we are also acting as a host then this
90 		 * will prevent us from sending from local client to
91 		 * local client, but we accept that restriction as a
92 		 * way to remove any ambiguity from the host context.
93 		 */
94 		if (src->context == VMCI_HYPERVISOR_CONTEXT_ID) {
95 			/*
96 			 * If the hypervisor is the source, this is
97 			 * host local communication. The hypervisor
98 			 * may send vmci event datagrams to the host
99 			 * itself, but it will never send datagrams to
100 			 * an "outer host" through the guest device.
101 			 */
102 
103 			if (has_host_device) {
104 				*route = VMCI_ROUTE_AS_HOST;
105 				return VMCI_SUCCESS;
106 			} else {
107 				return VMCI_ERROR_DEVICE_NOT_FOUND;
108 			}
109 		}
110 
111 		if (!from_guest && has_guest_device) {
112 			/* If no source context then use the current. */
113 			if (VMCI_INVALID_ID == src->context)
114 				src->context = vmci_get_context_id();
115 
116 			/* Send it from local client down to the host. */
117 			*route = VMCI_ROUTE_AS_GUEST;
118 			return VMCI_SUCCESS;
119 		}
120 
121 		/*
122 		 * Otherwise we already received it from a guest and
123 		 * it is destined for a local client on this host, or
124 		 * it is from another local client on this host.  We
125 		 * must be acting as a host to service it.
126 		 */
127 		if (!has_host_device)
128 			return VMCI_ERROR_DEVICE_NOT_FOUND;
129 
130 		if (VMCI_INVALID_ID == src->context) {
131 			/*
132 			 * If it came from a guest then it must have a
133 			 * valid context.  Otherwise we can use the
134 			 * host context.
135 			 */
136 			if (from_guest)
137 				return VMCI_ERROR_INVALID_ARGS;
138 
139 			src->context = VMCI_HOST_CONTEXT_ID;
140 		}
141 
142 		/* Route to local client. */
143 		*route = VMCI_ROUTE_AS_HOST;
144 		return VMCI_SUCCESS;
145 	}
146 
147 	/*
148 	 * If we are acting as a host then this might be destined for
149 	 * a guest.
150 	 */
151 	if (has_host_device) {
152 		/* It will have a context if it is meant for a guest. */
153 		if (vmci_ctx_exists(dst->context)) {
154 			if (VMCI_INVALID_ID == src->context) {
155 				/*
156 				 * If it came from a guest then it
157 				 * must have a valid context.
158 				 * Otherwise we can use the host
159 				 * context.
160 				 */
161 
162 				if (from_guest)
163 					return VMCI_ERROR_INVALID_ARGS;
164 
165 				src->context = VMCI_HOST_CONTEXT_ID;
166 			} else if (VMCI_CONTEXT_IS_VM(src->context) &&
167 				   src->context != dst->context) {
168 				/*
169 				 * VM to VM communication is not
170 				 * allowed. Since we catch all
171 				 * communication destined for the host
172 				 * above, this must be destined for a
173 				 * VM since there is a valid context.
174 				 */
175 
176 				return VMCI_ERROR_DST_UNREACHABLE;
177 			}
178 
179 			/* Pass it up to the guest. */
180 			*route = VMCI_ROUTE_AS_HOST;
181 			return VMCI_SUCCESS;
182 		} else if (!has_guest_device) {
183 			/*
184 			 * The host is attempting to reach a CID
185 			 * without an active context, and we can't
186 			 * send it down, since we have no guest
187 			 * device.
188 			 */
189 
190 			return VMCI_ERROR_DST_UNREACHABLE;
191 		}
192 	}
193 
194 	/*
195 	 * We must be a guest trying to send to another guest, which means
196 	 * we need to send it down to the host. We do not filter out VM to
197 	 * VM communication here, since we want to be able to use the guest
198 	 * driver on older versions that do support VM to VM communication.
199 	 */
200 	if (!has_guest_device) {
201 		/*
202 		 * Ending up here means we have neither guest nor host
203 		 * device.
204 		 */
205 		return VMCI_ERROR_DEVICE_NOT_FOUND;
206 	}
207 
208 	/* If no source context then use the current context. */
209 	if (VMCI_INVALID_ID == src->context)
210 		src->context = vmci_get_context_id();
211 
212 	/*
213 	 * Send it from local client down to the host, which will
214 	 * route it to the other guest for us.
215 	 */
216 	*route = VMCI_ROUTE_AS_GUEST;
217 	return VMCI_SUCCESS;
218 }
219