1 /* SPDX-License-Identifier: (GPL-2.0 OR CDDL-1.0) */ 2 /* 3 * vboxguest core guest-device handling code, VBoxGuest.cpp in upstream svn. 4 * 5 * Copyright (C) 2007-2016 Oracle Corporation 6 */ 7 8 #include <linux/device.h> 9 #include <linux/mm.h> 10 #include <linux/sched.h> 11 #include <linux/sizes.h> 12 #include <linux/slab.h> 13 #include <linux/vbox_err.h> 14 #include <linux/vbox_utils.h> 15 #include <linux/vmalloc.h> 16 #include "vboxguest_core.h" 17 #include "vboxguest_version.h" 18 19 /* Get the pointer to the first HGCM parameter. */ 20 #define VBG_IOCTL_HGCM_CALL_PARMS(a) \ 21 ((struct vmmdev_hgcm_function_parameter *)( \ 22 (u8 *)(a) + sizeof(struct vbg_ioctl_hgcm_call))) 23 /* Get the pointer to the first HGCM parameter in a 32-bit request. */ 24 #define VBG_IOCTL_HGCM_CALL_PARMS32(a) \ 25 ((struct vmmdev_hgcm_function_parameter32 *)( \ 26 (u8 *)(a) + sizeof(struct vbg_ioctl_hgcm_call))) 27 28 #define GUEST_MAPPINGS_TRIES 5 29 30 /** 31 * Reserves memory in which the VMM can relocate any guest mappings 32 * that are floating around. 33 * 34 * This operation is a little bit tricky since the VMM might not accept 35 * just any address because of address clashes between the three contexts 36 * it operates in, so we try several times. 37 * 38 * Failure to reserve the guest mappings is ignored. 39 * 40 * @gdev: The Guest extension device. 41 */ 42 static void vbg_guest_mappings_init(struct vbg_dev *gdev) 43 { 44 struct vmmdev_hypervisorinfo *req; 45 void *guest_mappings[GUEST_MAPPINGS_TRIES]; 46 struct page **pages = NULL; 47 u32 size, hypervisor_size; 48 int i, rc; 49 50 /* Query the required space. */ 51 req = vbg_req_alloc(sizeof(*req), VMMDEVREQ_GET_HYPERVISOR_INFO); 52 if (!req) 53 return; 54 55 req->hypervisor_start = 0; 56 req->hypervisor_size = 0; 57 rc = vbg_req_perform(gdev, req); 58 if (rc < 0) 59 goto out; 60 61 /* 62 * The VMM will report back if there is nothing it wants to map, like 63 * for instance in VT-x and AMD-V mode. 64 */ 65 if (req->hypervisor_size == 0) 66 goto out; 67 68 hypervisor_size = req->hypervisor_size; 69 /* Add 4M so that we can align the vmap to 4MiB as the host requires. */ 70 size = PAGE_ALIGN(req->hypervisor_size) + SZ_4M; 71 72 pages = kmalloc(sizeof(*pages) * (size >> PAGE_SHIFT), GFP_KERNEL); 73 if (!pages) 74 goto out; 75 76 gdev->guest_mappings_dummy_page = alloc_page(GFP_HIGHUSER); 77 if (!gdev->guest_mappings_dummy_page) 78 goto out; 79 80 for (i = 0; i < (size >> PAGE_SHIFT); i++) 81 pages[i] = gdev->guest_mappings_dummy_page; 82 83 /* 84 * Try several times, the VMM might not accept some addresses because 85 * of address clashes between the three contexts. 86 */ 87 for (i = 0; i < GUEST_MAPPINGS_TRIES; i++) { 88 guest_mappings[i] = vmap(pages, (size >> PAGE_SHIFT), 89 VM_MAP, PAGE_KERNEL_RO); 90 if (!guest_mappings[i]) 91 break; 92 93 req->header.request_type = VMMDEVREQ_SET_HYPERVISOR_INFO; 94 req->header.rc = VERR_INTERNAL_ERROR; 95 req->hypervisor_size = hypervisor_size; 96 req->hypervisor_start = 97 (unsigned long)PTR_ALIGN(guest_mappings[i], SZ_4M); 98 99 rc = vbg_req_perform(gdev, req); 100 if (rc >= 0) { 101 gdev->guest_mappings = guest_mappings[i]; 102 break; 103 } 104 } 105 106 /* Free vmap's from failed attempts. */ 107 while (--i >= 0) 108 vunmap(guest_mappings[i]); 109 110 /* On failure free the dummy-page backing the vmap */ 111 if (!gdev->guest_mappings) { 112 __free_page(gdev->guest_mappings_dummy_page); 113 gdev->guest_mappings_dummy_page = NULL; 114 } 115 116 out: 117 kfree(req); 118 kfree(pages); 119 } 120 121 /** 122 * Undo what vbg_guest_mappings_init did. 123 * 124 * @gdev: The Guest extension device. 125 */ 126 static void vbg_guest_mappings_exit(struct vbg_dev *gdev) 127 { 128 struct vmmdev_hypervisorinfo *req; 129 int rc; 130 131 if (!gdev->guest_mappings) 132 return; 133 134 /* 135 * Tell the host that we're going to free the memory we reserved for 136 * it, the free it up. (Leak the memory if anything goes wrong here.) 137 */ 138 req = vbg_req_alloc(sizeof(*req), VMMDEVREQ_SET_HYPERVISOR_INFO); 139 if (!req) 140 return; 141 142 req->hypervisor_start = 0; 143 req->hypervisor_size = 0; 144 145 rc = vbg_req_perform(gdev, req); 146 147 kfree(req); 148 149 if (rc < 0) { 150 vbg_err("%s error: %d\n", __func__, rc); 151 return; 152 } 153 154 vunmap(gdev->guest_mappings); 155 gdev->guest_mappings = NULL; 156 157 __free_page(gdev->guest_mappings_dummy_page); 158 gdev->guest_mappings_dummy_page = NULL; 159 } 160 161 /** 162 * Report the guest information to the host. 163 * Return: 0 or negative errno value. 164 * @gdev: The Guest extension device. 165 */ 166 static int vbg_report_guest_info(struct vbg_dev *gdev) 167 { 168 /* 169 * Allocate and fill in the two guest info reports. 170 */ 171 struct vmmdev_guest_info *req1 = NULL; 172 struct vmmdev_guest_info2 *req2 = NULL; 173 int rc, ret = -ENOMEM; 174 175 req1 = vbg_req_alloc(sizeof(*req1), VMMDEVREQ_REPORT_GUEST_INFO); 176 req2 = vbg_req_alloc(sizeof(*req2), VMMDEVREQ_REPORT_GUEST_INFO2); 177 if (!req1 || !req2) 178 goto out_free; 179 180 req1->interface_version = VMMDEV_VERSION; 181 req1->os_type = VMMDEV_OSTYPE_LINUX26; 182 #if __BITS_PER_LONG == 64 183 req1->os_type |= VMMDEV_OSTYPE_X64; 184 #endif 185 186 req2->additions_major = VBG_VERSION_MAJOR; 187 req2->additions_minor = VBG_VERSION_MINOR; 188 req2->additions_build = VBG_VERSION_BUILD; 189 req2->additions_revision = VBG_SVN_REV; 190 /* (no features defined yet) */ 191 req2->additions_features = 0; 192 strlcpy(req2->name, VBG_VERSION_STRING, 193 sizeof(req2->name)); 194 195 /* 196 * There are two protocols here: 197 * 1. INFO2 + INFO1. Supported by >=3.2.51. 198 * 2. INFO1 and optionally INFO2. The old protocol. 199 * 200 * We try protocol 2 first. It will fail with VERR_NOT_SUPPORTED 201 * if not supported by the VMMDev (message ordering requirement). 202 */ 203 rc = vbg_req_perform(gdev, req2); 204 if (rc >= 0) { 205 rc = vbg_req_perform(gdev, req1); 206 } else if (rc == VERR_NOT_SUPPORTED || rc == VERR_NOT_IMPLEMENTED) { 207 rc = vbg_req_perform(gdev, req1); 208 if (rc >= 0) { 209 rc = vbg_req_perform(gdev, req2); 210 if (rc == VERR_NOT_IMPLEMENTED) 211 rc = VINF_SUCCESS; 212 } 213 } 214 ret = vbg_status_code_to_errno(rc); 215 216 out_free: 217 kfree(req2); 218 kfree(req1); 219 return ret; 220 } 221 222 /** 223 * Report the guest driver status to the host. 224 * Return: 0 or negative errno value. 225 * @gdev: The Guest extension device. 226 * @active: Flag whether the driver is now active or not. 227 */ 228 static int vbg_report_driver_status(struct vbg_dev *gdev, bool active) 229 { 230 struct vmmdev_guest_status *req; 231 int rc; 232 233 req = vbg_req_alloc(sizeof(*req), VMMDEVREQ_REPORT_GUEST_STATUS); 234 if (!req) 235 return -ENOMEM; 236 237 req->facility = VBOXGUEST_FACILITY_TYPE_VBOXGUEST_DRIVER; 238 if (active) 239 req->status = VBOXGUEST_FACILITY_STATUS_ACTIVE; 240 else 241 req->status = VBOXGUEST_FACILITY_STATUS_INACTIVE; 242 req->flags = 0; 243 244 rc = vbg_req_perform(gdev, req); 245 if (rc == VERR_NOT_IMPLEMENTED) /* Compatibility with older hosts. */ 246 rc = VINF_SUCCESS; 247 248 kfree(req); 249 250 return vbg_status_code_to_errno(rc); 251 } 252 253 /** 254 * Inflate the balloon by one chunk. The caller owns the balloon mutex. 255 * Return: 0 or negative errno value. 256 * @gdev: The Guest extension device. 257 * @chunk_idx: Index of the chunk. 258 */ 259 static int vbg_balloon_inflate(struct vbg_dev *gdev, u32 chunk_idx) 260 { 261 struct vmmdev_memballoon_change *req = gdev->mem_balloon.change_req; 262 struct page **pages; 263 int i, rc, ret; 264 265 pages = kmalloc(sizeof(*pages) * VMMDEV_MEMORY_BALLOON_CHUNK_PAGES, 266 GFP_KERNEL | __GFP_NOWARN); 267 if (!pages) 268 return -ENOMEM; 269 270 req->header.size = sizeof(*req); 271 req->inflate = true; 272 req->pages = VMMDEV_MEMORY_BALLOON_CHUNK_PAGES; 273 274 for (i = 0; i < VMMDEV_MEMORY_BALLOON_CHUNK_PAGES; i++) { 275 pages[i] = alloc_page(GFP_KERNEL | __GFP_NOWARN); 276 if (!pages[i]) { 277 ret = -ENOMEM; 278 goto out_error; 279 } 280 281 req->phys_page[i] = page_to_phys(pages[i]); 282 } 283 284 rc = vbg_req_perform(gdev, req); 285 if (rc < 0) { 286 vbg_err("%s error, rc: %d\n", __func__, rc); 287 ret = vbg_status_code_to_errno(rc); 288 goto out_error; 289 } 290 291 gdev->mem_balloon.pages[chunk_idx] = pages; 292 293 return 0; 294 295 out_error: 296 while (--i >= 0) 297 __free_page(pages[i]); 298 kfree(pages); 299 300 return ret; 301 } 302 303 /** 304 * Deflate the balloon by one chunk. The caller owns the balloon mutex. 305 * Return: 0 or negative errno value. 306 * @gdev: The Guest extension device. 307 * @chunk_idx: Index of the chunk. 308 */ 309 static int vbg_balloon_deflate(struct vbg_dev *gdev, u32 chunk_idx) 310 { 311 struct vmmdev_memballoon_change *req = gdev->mem_balloon.change_req; 312 struct page **pages = gdev->mem_balloon.pages[chunk_idx]; 313 int i, rc; 314 315 req->header.size = sizeof(*req); 316 req->inflate = false; 317 req->pages = VMMDEV_MEMORY_BALLOON_CHUNK_PAGES; 318 319 for (i = 0; i < VMMDEV_MEMORY_BALLOON_CHUNK_PAGES; i++) 320 req->phys_page[i] = page_to_phys(pages[i]); 321 322 rc = vbg_req_perform(gdev, req); 323 if (rc < 0) { 324 vbg_err("%s error, rc: %d\n", __func__, rc); 325 return vbg_status_code_to_errno(rc); 326 } 327 328 for (i = 0; i < VMMDEV_MEMORY_BALLOON_CHUNK_PAGES; i++) 329 __free_page(pages[i]); 330 kfree(pages); 331 gdev->mem_balloon.pages[chunk_idx] = NULL; 332 333 return 0; 334 } 335 336 /** 337 * Respond to VMMDEV_EVENT_BALLOON_CHANGE_REQUEST events, query the size 338 * the host wants the balloon to be and adjust accordingly. 339 */ 340 static void vbg_balloon_work(struct work_struct *work) 341 { 342 struct vbg_dev *gdev = 343 container_of(work, struct vbg_dev, mem_balloon.work); 344 struct vmmdev_memballoon_info *req = gdev->mem_balloon.get_req; 345 u32 i, chunks; 346 int rc, ret; 347 348 /* 349 * Setting this bit means that we request the value from the host and 350 * change the guest memory balloon according to the returned value. 351 */ 352 req->event_ack = VMMDEV_EVENT_BALLOON_CHANGE_REQUEST; 353 rc = vbg_req_perform(gdev, req); 354 if (rc < 0) { 355 vbg_err("%s error, rc: %d)\n", __func__, rc); 356 return; 357 } 358 359 /* 360 * The host always returns the same maximum amount of chunks, so 361 * we do this once. 362 */ 363 if (!gdev->mem_balloon.max_chunks) { 364 gdev->mem_balloon.pages = 365 devm_kcalloc(gdev->dev, req->phys_mem_chunks, 366 sizeof(struct page **), GFP_KERNEL); 367 if (!gdev->mem_balloon.pages) 368 return; 369 370 gdev->mem_balloon.max_chunks = req->phys_mem_chunks; 371 } 372 373 chunks = req->balloon_chunks; 374 if (chunks > gdev->mem_balloon.max_chunks) { 375 vbg_err("%s: illegal balloon size %u (max=%u)\n", 376 __func__, chunks, gdev->mem_balloon.max_chunks); 377 return; 378 } 379 380 if (chunks > gdev->mem_balloon.chunks) { 381 /* inflate */ 382 for (i = gdev->mem_balloon.chunks; i < chunks; i++) { 383 ret = vbg_balloon_inflate(gdev, i); 384 if (ret < 0) 385 return; 386 387 gdev->mem_balloon.chunks++; 388 } 389 } else { 390 /* deflate */ 391 for (i = gdev->mem_balloon.chunks; i-- > chunks;) { 392 ret = vbg_balloon_deflate(gdev, i); 393 if (ret < 0) 394 return; 395 396 gdev->mem_balloon.chunks--; 397 } 398 } 399 } 400 401 /** 402 * Callback for heartbeat timer. 403 */ 404 static void vbg_heartbeat_timer(struct timer_list *t) 405 { 406 struct vbg_dev *gdev = from_timer(gdev, t, heartbeat_timer); 407 408 vbg_req_perform(gdev, gdev->guest_heartbeat_req); 409 mod_timer(&gdev->heartbeat_timer, 410 msecs_to_jiffies(gdev->heartbeat_interval_ms)); 411 } 412 413 /** 414 * Configure the host to check guest's heartbeat 415 * and get heartbeat interval from the host. 416 * Return: 0 or negative errno value. 417 * @gdev: The Guest extension device. 418 * @enabled: Set true to enable guest heartbeat checks on host. 419 */ 420 static int vbg_heartbeat_host_config(struct vbg_dev *gdev, bool enabled) 421 { 422 struct vmmdev_heartbeat *req; 423 int rc; 424 425 req = vbg_req_alloc(sizeof(*req), VMMDEVREQ_HEARTBEAT_CONFIGURE); 426 if (!req) 427 return -ENOMEM; 428 429 req->enabled = enabled; 430 req->interval_ns = 0; 431 rc = vbg_req_perform(gdev, req); 432 do_div(req->interval_ns, 1000000); /* ns -> ms */ 433 gdev->heartbeat_interval_ms = req->interval_ns; 434 kfree(req); 435 436 return vbg_status_code_to_errno(rc); 437 } 438 439 /** 440 * Initializes the heartbeat timer. This feature may be disabled by the host. 441 * Return: 0 or negative errno value. 442 * @gdev: The Guest extension device. 443 */ 444 static int vbg_heartbeat_init(struct vbg_dev *gdev) 445 { 446 int ret; 447 448 /* Make sure that heartbeat checking is disabled if we fail. */ 449 ret = vbg_heartbeat_host_config(gdev, false); 450 if (ret < 0) 451 return ret; 452 453 ret = vbg_heartbeat_host_config(gdev, true); 454 if (ret < 0) 455 return ret; 456 457 /* 458 * Preallocate the request to use it from the timer callback because: 459 * 1) on Windows vbg_req_alloc must be called at IRQL <= APC_LEVEL 460 * and the timer callback runs at DISPATCH_LEVEL; 461 * 2) avoid repeated allocations. 462 */ 463 gdev->guest_heartbeat_req = vbg_req_alloc( 464 sizeof(*gdev->guest_heartbeat_req), 465 VMMDEVREQ_GUEST_HEARTBEAT); 466 if (!gdev->guest_heartbeat_req) 467 return -ENOMEM; 468 469 vbg_info("%s: Setting up heartbeat to trigger every %d milliseconds\n", 470 __func__, gdev->heartbeat_interval_ms); 471 mod_timer(&gdev->heartbeat_timer, 0); 472 473 return 0; 474 } 475 476 /** 477 * Cleanup hearbeat code, stop HB timer and disable host heartbeat checking. 478 * @gdev: The Guest extension device. 479 */ 480 static void vbg_heartbeat_exit(struct vbg_dev *gdev) 481 { 482 del_timer_sync(&gdev->heartbeat_timer); 483 vbg_heartbeat_host_config(gdev, false); 484 kfree(gdev->guest_heartbeat_req); 485 486 } 487 488 /** 489 * Applies a change to the bit usage tracker. 490 * Return: true if the mask changed, false if not. 491 * @tracker: The bit usage tracker. 492 * @changed: The bits to change. 493 * @previous: The previous value of the bits. 494 */ 495 static bool vbg_track_bit_usage(struct vbg_bit_usage_tracker *tracker, 496 u32 changed, u32 previous) 497 { 498 bool global_change = false; 499 500 while (changed) { 501 u32 bit = ffs(changed) - 1; 502 u32 bitmask = BIT(bit); 503 504 if (bitmask & previous) { 505 tracker->per_bit_usage[bit] -= 1; 506 if (tracker->per_bit_usage[bit] == 0) { 507 global_change = true; 508 tracker->mask &= ~bitmask; 509 } 510 } else { 511 tracker->per_bit_usage[bit] += 1; 512 if (tracker->per_bit_usage[bit] == 1) { 513 global_change = true; 514 tracker->mask |= bitmask; 515 } 516 } 517 518 changed &= ~bitmask; 519 } 520 521 return global_change; 522 } 523 524 /** 525 * Init and termination worker for resetting the (host) event filter on the host 526 * Return: 0 or negative errno value. 527 * @gdev: The Guest extension device. 528 * @fixed_events: Fixed events (init time). 529 */ 530 static int vbg_reset_host_event_filter(struct vbg_dev *gdev, 531 u32 fixed_events) 532 { 533 struct vmmdev_mask *req; 534 int rc; 535 536 req = vbg_req_alloc(sizeof(*req), VMMDEVREQ_CTL_GUEST_FILTER_MASK); 537 if (!req) 538 return -ENOMEM; 539 540 req->not_mask = U32_MAX & ~fixed_events; 541 req->or_mask = fixed_events; 542 rc = vbg_req_perform(gdev, req); 543 if (rc < 0) 544 vbg_err("%s error, rc: %d\n", __func__, rc); 545 546 kfree(req); 547 return vbg_status_code_to_errno(rc); 548 } 549 550 /** 551 * Changes the event filter mask for the given session. 552 * 553 * This is called in response to VBG_IOCTL_CHANGE_FILTER_MASK as well as to 554 * do session cleanup. Takes the session spinlock. 555 * 556 * Return: 0 or negative errno value. 557 * @gdev: The Guest extension device. 558 * @session: The session. 559 * @or_mask: The events to add. 560 * @not_mask: The events to remove. 561 * @session_termination: Set if we're called by the session cleanup code. 562 * This tweaks the error handling so we perform 563 * proper session cleanup even if the host 564 * misbehaves. 565 */ 566 static int vbg_set_session_event_filter(struct vbg_dev *gdev, 567 struct vbg_session *session, 568 u32 or_mask, u32 not_mask, 569 bool session_termination) 570 { 571 struct vmmdev_mask *req; 572 u32 changed, previous; 573 int rc, ret = 0; 574 575 /* Allocate a request buffer before taking the spinlock */ 576 req = vbg_req_alloc(sizeof(*req), VMMDEVREQ_CTL_GUEST_FILTER_MASK); 577 if (!req) { 578 if (!session_termination) 579 return -ENOMEM; 580 /* Ignore allocation failure, we must do session cleanup. */ 581 } 582 583 mutex_lock(&gdev->session_mutex); 584 585 /* Apply the changes to the session mask. */ 586 previous = session->event_filter; 587 session->event_filter |= or_mask; 588 session->event_filter &= ~not_mask; 589 590 /* If anything actually changed, update the global usage counters. */ 591 changed = previous ^ session->event_filter; 592 if (!changed) 593 goto out; 594 595 vbg_track_bit_usage(&gdev->event_filter_tracker, changed, previous); 596 or_mask = gdev->fixed_events | gdev->event_filter_tracker.mask; 597 598 if (gdev->event_filter_host == or_mask || !req) 599 goto out; 600 601 gdev->event_filter_host = or_mask; 602 req->or_mask = or_mask; 603 req->not_mask = ~or_mask; 604 rc = vbg_req_perform(gdev, req); 605 if (rc < 0) { 606 ret = vbg_status_code_to_errno(rc); 607 608 /* Failed, roll back (unless it's session termination time). */ 609 gdev->event_filter_host = U32_MAX; 610 if (session_termination) 611 goto out; 612 613 vbg_track_bit_usage(&gdev->event_filter_tracker, changed, 614 session->event_filter); 615 session->event_filter = previous; 616 } 617 618 out: 619 mutex_unlock(&gdev->session_mutex); 620 kfree(req); 621 622 return ret; 623 } 624 625 /** 626 * Init and termination worker for set guest capabilities to zero on the host. 627 * Return: 0 or negative errno value. 628 * @gdev: The Guest extension device. 629 */ 630 static int vbg_reset_host_capabilities(struct vbg_dev *gdev) 631 { 632 struct vmmdev_mask *req; 633 int rc; 634 635 req = vbg_req_alloc(sizeof(*req), VMMDEVREQ_SET_GUEST_CAPABILITIES); 636 if (!req) 637 return -ENOMEM; 638 639 req->not_mask = U32_MAX; 640 req->or_mask = 0; 641 rc = vbg_req_perform(gdev, req); 642 if (rc < 0) 643 vbg_err("%s error, rc: %d\n", __func__, rc); 644 645 kfree(req); 646 return vbg_status_code_to_errno(rc); 647 } 648 649 /** 650 * Sets the guest capabilities for a session. Takes the session spinlock. 651 * Return: 0 or negative errno value. 652 * @gdev: The Guest extension device. 653 * @session: The session. 654 * @or_mask: The capabilities to add. 655 * @not_mask: The capabilities to remove. 656 * @session_termination: Set if we're called by the session cleanup code. 657 * This tweaks the error handling so we perform 658 * proper session cleanup even if the host 659 * misbehaves. 660 */ 661 static int vbg_set_session_capabilities(struct vbg_dev *gdev, 662 struct vbg_session *session, 663 u32 or_mask, u32 not_mask, 664 bool session_termination) 665 { 666 struct vmmdev_mask *req; 667 u32 changed, previous; 668 int rc, ret = 0; 669 670 /* Allocate a request buffer before taking the spinlock */ 671 req = vbg_req_alloc(sizeof(*req), VMMDEVREQ_SET_GUEST_CAPABILITIES); 672 if (!req) { 673 if (!session_termination) 674 return -ENOMEM; 675 /* Ignore allocation failure, we must do session cleanup. */ 676 } 677 678 mutex_lock(&gdev->session_mutex); 679 680 /* Apply the changes to the session mask. */ 681 previous = session->guest_caps; 682 session->guest_caps |= or_mask; 683 session->guest_caps &= ~not_mask; 684 685 /* If anything actually changed, update the global usage counters. */ 686 changed = previous ^ session->guest_caps; 687 if (!changed) 688 goto out; 689 690 vbg_track_bit_usage(&gdev->guest_caps_tracker, changed, previous); 691 or_mask = gdev->guest_caps_tracker.mask; 692 693 if (gdev->guest_caps_host == or_mask || !req) 694 goto out; 695 696 gdev->guest_caps_host = or_mask; 697 req->or_mask = or_mask; 698 req->not_mask = ~or_mask; 699 rc = vbg_req_perform(gdev, req); 700 if (rc < 0) { 701 ret = vbg_status_code_to_errno(rc); 702 703 /* Failed, roll back (unless it's session termination time). */ 704 gdev->guest_caps_host = U32_MAX; 705 if (session_termination) 706 goto out; 707 708 vbg_track_bit_usage(&gdev->guest_caps_tracker, changed, 709 session->guest_caps); 710 session->guest_caps = previous; 711 } 712 713 out: 714 mutex_unlock(&gdev->session_mutex); 715 kfree(req); 716 717 return ret; 718 } 719 720 /** 721 * vbg_query_host_version get the host feature mask and version information. 722 * Return: 0 or negative errno value. 723 * @gdev: The Guest extension device. 724 */ 725 static int vbg_query_host_version(struct vbg_dev *gdev) 726 { 727 struct vmmdev_host_version *req; 728 int rc, ret; 729 730 req = vbg_req_alloc(sizeof(*req), VMMDEVREQ_GET_HOST_VERSION); 731 if (!req) 732 return -ENOMEM; 733 734 rc = vbg_req_perform(gdev, req); 735 ret = vbg_status_code_to_errno(rc); 736 if (ret) 737 goto out; 738 739 snprintf(gdev->host_version, sizeof(gdev->host_version), "%u.%u.%ur%u", 740 req->major, req->minor, req->build, req->revision); 741 gdev->host_features = req->features; 742 743 vbg_info("vboxguest: host-version: %s %#x\n", gdev->host_version, 744 gdev->host_features); 745 746 if (!(req->features & VMMDEV_HVF_HGCM_PHYS_PAGE_LIST)) { 747 vbg_err("vboxguest: Error host too old (does not support page-lists)\n"); 748 ret = -ENODEV; 749 } 750 751 out: 752 kfree(req); 753 return ret; 754 } 755 756 /** 757 * Initializes the VBoxGuest device extension when the 758 * device driver is loaded. 759 * 760 * The native code locates the VMMDev on the PCI bus and retrieve 761 * the MMIO and I/O port ranges, this function will take care of 762 * mapping the MMIO memory (if present). Upon successful return 763 * the native code should set up the interrupt handler. 764 * 765 * Return: 0 or negative errno value. 766 * 767 * @gdev: The Guest extension device. 768 * @fixed_events: Events that will be enabled upon init and no client 769 * will ever be allowed to mask. 770 */ 771 int vbg_core_init(struct vbg_dev *gdev, u32 fixed_events) 772 { 773 int ret = -ENOMEM; 774 775 gdev->fixed_events = fixed_events | VMMDEV_EVENT_HGCM; 776 gdev->event_filter_host = U32_MAX; /* forces a report */ 777 gdev->guest_caps_host = U32_MAX; /* forces a report */ 778 779 init_waitqueue_head(&gdev->event_wq); 780 init_waitqueue_head(&gdev->hgcm_wq); 781 spin_lock_init(&gdev->event_spinlock); 782 mutex_init(&gdev->session_mutex); 783 mutex_init(&gdev->cancel_req_mutex); 784 timer_setup(&gdev->heartbeat_timer, vbg_heartbeat_timer, 0); 785 INIT_WORK(&gdev->mem_balloon.work, vbg_balloon_work); 786 787 gdev->mem_balloon.get_req = 788 vbg_req_alloc(sizeof(*gdev->mem_balloon.get_req), 789 VMMDEVREQ_GET_MEMBALLOON_CHANGE_REQ); 790 gdev->mem_balloon.change_req = 791 vbg_req_alloc(sizeof(*gdev->mem_balloon.change_req), 792 VMMDEVREQ_CHANGE_MEMBALLOON); 793 gdev->cancel_req = 794 vbg_req_alloc(sizeof(*(gdev->cancel_req)), 795 VMMDEVREQ_HGCM_CANCEL2); 796 gdev->ack_events_req = 797 vbg_req_alloc(sizeof(*gdev->ack_events_req), 798 VMMDEVREQ_ACKNOWLEDGE_EVENTS); 799 gdev->mouse_status_req = 800 vbg_req_alloc(sizeof(*gdev->mouse_status_req), 801 VMMDEVREQ_GET_MOUSE_STATUS); 802 803 if (!gdev->mem_balloon.get_req || !gdev->mem_balloon.change_req || 804 !gdev->cancel_req || !gdev->ack_events_req || 805 !gdev->mouse_status_req) 806 goto err_free_reqs; 807 808 ret = vbg_query_host_version(gdev); 809 if (ret) 810 goto err_free_reqs; 811 812 ret = vbg_report_guest_info(gdev); 813 if (ret) { 814 vbg_err("vboxguest: vbg_report_guest_info error: %d\n", ret); 815 goto err_free_reqs; 816 } 817 818 ret = vbg_reset_host_event_filter(gdev, gdev->fixed_events); 819 if (ret) { 820 vbg_err("vboxguest: Error setting fixed event filter: %d\n", 821 ret); 822 goto err_free_reqs; 823 } 824 825 ret = vbg_reset_host_capabilities(gdev); 826 if (ret) { 827 vbg_err("vboxguest: Error clearing guest capabilities: %d\n", 828 ret); 829 goto err_free_reqs; 830 } 831 832 ret = vbg_core_set_mouse_status(gdev, 0); 833 if (ret) { 834 vbg_err("vboxguest: Error clearing mouse status: %d\n", ret); 835 goto err_free_reqs; 836 } 837 838 /* These may fail without requiring the driver init to fail. */ 839 vbg_guest_mappings_init(gdev); 840 vbg_heartbeat_init(gdev); 841 842 /* All Done! */ 843 ret = vbg_report_driver_status(gdev, true); 844 if (ret < 0) 845 vbg_err("vboxguest: Error reporting driver status: %d\n", ret); 846 847 return 0; 848 849 err_free_reqs: 850 kfree(gdev->mouse_status_req); 851 kfree(gdev->ack_events_req); 852 kfree(gdev->cancel_req); 853 kfree(gdev->mem_balloon.change_req); 854 kfree(gdev->mem_balloon.get_req); 855 return ret; 856 } 857 858 /** 859 * Call this on exit to clean-up vboxguest-core managed resources. 860 * 861 * The native code should call this before the driver is loaded, 862 * but don't call this on shutdown. 863 * @gdev: The Guest extension device. 864 */ 865 void vbg_core_exit(struct vbg_dev *gdev) 866 { 867 vbg_heartbeat_exit(gdev); 868 vbg_guest_mappings_exit(gdev); 869 870 /* Clear the host flags (mouse status etc). */ 871 vbg_reset_host_event_filter(gdev, 0); 872 vbg_reset_host_capabilities(gdev); 873 vbg_core_set_mouse_status(gdev, 0); 874 875 kfree(gdev->mouse_status_req); 876 kfree(gdev->ack_events_req); 877 kfree(gdev->cancel_req); 878 kfree(gdev->mem_balloon.change_req); 879 kfree(gdev->mem_balloon.get_req); 880 } 881 882 /** 883 * Creates a VBoxGuest user session. 884 * 885 * vboxguest_linux.c calls this when userspace opens the char-device. 886 * Return: A pointer to the new session or an ERR_PTR on error. 887 * @gdev: The Guest extension device. 888 * @user: Set if this is a session for the vboxuser device. 889 */ 890 struct vbg_session *vbg_core_open_session(struct vbg_dev *gdev, bool user) 891 { 892 struct vbg_session *session; 893 894 session = kzalloc(sizeof(*session), GFP_KERNEL); 895 if (!session) 896 return ERR_PTR(-ENOMEM); 897 898 session->gdev = gdev; 899 session->user_session = user; 900 901 return session; 902 } 903 904 /** 905 * Closes a VBoxGuest session. 906 * @session: The session to close (and free). 907 */ 908 void vbg_core_close_session(struct vbg_session *session) 909 { 910 struct vbg_dev *gdev = session->gdev; 911 int i, rc; 912 913 vbg_set_session_capabilities(gdev, session, 0, U32_MAX, true); 914 vbg_set_session_event_filter(gdev, session, 0, U32_MAX, true); 915 916 for (i = 0; i < ARRAY_SIZE(session->hgcm_client_ids); i++) { 917 if (!session->hgcm_client_ids[i]) 918 continue; 919 920 vbg_hgcm_disconnect(gdev, session->hgcm_client_ids[i], &rc); 921 } 922 923 kfree(session); 924 } 925 926 static int vbg_ioctl_chk(struct vbg_ioctl_hdr *hdr, size_t in_size, 927 size_t out_size) 928 { 929 if (hdr->size_in != (sizeof(*hdr) + in_size) || 930 hdr->size_out != (sizeof(*hdr) + out_size)) 931 return -EINVAL; 932 933 return 0; 934 } 935 936 static int vbg_ioctl_driver_version_info( 937 struct vbg_ioctl_driver_version_info *info) 938 { 939 const u16 vbg_maj_version = VBG_IOC_VERSION >> 16; 940 u16 min_maj_version, req_maj_version; 941 942 if (vbg_ioctl_chk(&info->hdr, sizeof(info->u.in), sizeof(info->u.out))) 943 return -EINVAL; 944 945 req_maj_version = info->u.in.req_version >> 16; 946 min_maj_version = info->u.in.min_version >> 16; 947 948 if (info->u.in.min_version > info->u.in.req_version || 949 min_maj_version != req_maj_version) 950 return -EINVAL; 951 952 if (info->u.in.min_version <= VBG_IOC_VERSION && 953 min_maj_version == vbg_maj_version) { 954 info->u.out.session_version = VBG_IOC_VERSION; 955 } else { 956 info->u.out.session_version = U32_MAX; 957 info->hdr.rc = VERR_VERSION_MISMATCH; 958 } 959 960 info->u.out.driver_version = VBG_IOC_VERSION; 961 info->u.out.driver_revision = 0; 962 info->u.out.reserved1 = 0; 963 info->u.out.reserved2 = 0; 964 965 return 0; 966 } 967 968 static bool vbg_wait_event_cond(struct vbg_dev *gdev, 969 struct vbg_session *session, 970 u32 event_mask) 971 { 972 unsigned long flags; 973 bool wakeup; 974 u32 events; 975 976 spin_lock_irqsave(&gdev->event_spinlock, flags); 977 978 events = gdev->pending_events & event_mask; 979 wakeup = events || session->cancel_waiters; 980 981 spin_unlock_irqrestore(&gdev->event_spinlock, flags); 982 983 return wakeup; 984 } 985 986 /* Must be called with the event_lock held */ 987 static u32 vbg_consume_events_locked(struct vbg_dev *gdev, 988 struct vbg_session *session, 989 u32 event_mask) 990 { 991 u32 events = gdev->pending_events & event_mask; 992 993 gdev->pending_events &= ~events; 994 return events; 995 } 996 997 static int vbg_ioctl_wait_for_events(struct vbg_dev *gdev, 998 struct vbg_session *session, 999 struct vbg_ioctl_wait_for_events *wait) 1000 { 1001 u32 timeout_ms = wait->u.in.timeout_ms; 1002 u32 event_mask = wait->u.in.events; 1003 unsigned long flags; 1004 long timeout; 1005 int ret = 0; 1006 1007 if (vbg_ioctl_chk(&wait->hdr, sizeof(wait->u.in), sizeof(wait->u.out))) 1008 return -EINVAL; 1009 1010 if (timeout_ms == U32_MAX) 1011 timeout = MAX_SCHEDULE_TIMEOUT; 1012 else 1013 timeout = msecs_to_jiffies(timeout_ms); 1014 1015 wait->u.out.events = 0; 1016 do { 1017 timeout = wait_event_interruptible_timeout( 1018 gdev->event_wq, 1019 vbg_wait_event_cond(gdev, session, event_mask), 1020 timeout); 1021 1022 spin_lock_irqsave(&gdev->event_spinlock, flags); 1023 1024 if (timeout < 0 || session->cancel_waiters) { 1025 ret = -EINTR; 1026 } else if (timeout == 0) { 1027 ret = -ETIMEDOUT; 1028 } else { 1029 wait->u.out.events = 1030 vbg_consume_events_locked(gdev, session, event_mask); 1031 } 1032 1033 spin_unlock_irqrestore(&gdev->event_spinlock, flags); 1034 1035 /* 1036 * Someone else may have consumed the event(s) first, in 1037 * which case we go back to waiting. 1038 */ 1039 } while (ret == 0 && wait->u.out.events == 0); 1040 1041 return ret; 1042 } 1043 1044 static int vbg_ioctl_interrupt_all_wait_events(struct vbg_dev *gdev, 1045 struct vbg_session *session, 1046 struct vbg_ioctl_hdr *hdr) 1047 { 1048 unsigned long flags; 1049 1050 if (hdr->size_in != sizeof(*hdr) || hdr->size_out != sizeof(*hdr)) 1051 return -EINVAL; 1052 1053 spin_lock_irqsave(&gdev->event_spinlock, flags); 1054 session->cancel_waiters = true; 1055 spin_unlock_irqrestore(&gdev->event_spinlock, flags); 1056 1057 wake_up(&gdev->event_wq); 1058 1059 return 0; 1060 } 1061 1062 /** 1063 * Checks if the VMM request is allowed in the context of the given session. 1064 * Return: 0 or negative errno value. 1065 * @gdev: The Guest extension device. 1066 * @session: The calling session. 1067 * @req: The request. 1068 */ 1069 static int vbg_req_allowed(struct vbg_dev *gdev, struct vbg_session *session, 1070 const struct vmmdev_request_header *req) 1071 { 1072 const struct vmmdev_guest_status *guest_status; 1073 bool trusted_apps_only; 1074 1075 switch (req->request_type) { 1076 /* Trusted users apps only. */ 1077 case VMMDEVREQ_QUERY_CREDENTIALS: 1078 case VMMDEVREQ_REPORT_CREDENTIALS_JUDGEMENT: 1079 case VMMDEVREQ_REGISTER_SHARED_MODULE: 1080 case VMMDEVREQ_UNREGISTER_SHARED_MODULE: 1081 case VMMDEVREQ_WRITE_COREDUMP: 1082 case VMMDEVREQ_GET_CPU_HOTPLUG_REQ: 1083 case VMMDEVREQ_SET_CPU_HOTPLUG_STATUS: 1084 case VMMDEVREQ_CHECK_SHARED_MODULES: 1085 case VMMDEVREQ_GET_PAGE_SHARING_STATUS: 1086 case VMMDEVREQ_DEBUG_IS_PAGE_SHARED: 1087 case VMMDEVREQ_REPORT_GUEST_STATS: 1088 case VMMDEVREQ_REPORT_GUEST_USER_STATE: 1089 case VMMDEVREQ_GET_STATISTICS_CHANGE_REQ: 1090 trusted_apps_only = true; 1091 break; 1092 1093 /* Anyone. */ 1094 case VMMDEVREQ_GET_MOUSE_STATUS: 1095 case VMMDEVREQ_SET_MOUSE_STATUS: 1096 case VMMDEVREQ_SET_POINTER_SHAPE: 1097 case VMMDEVREQ_GET_HOST_VERSION: 1098 case VMMDEVREQ_IDLE: 1099 case VMMDEVREQ_GET_HOST_TIME: 1100 case VMMDEVREQ_SET_POWER_STATUS: 1101 case VMMDEVREQ_ACKNOWLEDGE_EVENTS: 1102 case VMMDEVREQ_CTL_GUEST_FILTER_MASK: 1103 case VMMDEVREQ_REPORT_GUEST_STATUS: 1104 case VMMDEVREQ_GET_DISPLAY_CHANGE_REQ: 1105 case VMMDEVREQ_VIDEMODE_SUPPORTED: 1106 case VMMDEVREQ_GET_HEIGHT_REDUCTION: 1107 case VMMDEVREQ_GET_DISPLAY_CHANGE_REQ2: 1108 case VMMDEVREQ_VIDEMODE_SUPPORTED2: 1109 case VMMDEVREQ_VIDEO_ACCEL_ENABLE: 1110 case VMMDEVREQ_VIDEO_ACCEL_FLUSH: 1111 case VMMDEVREQ_VIDEO_SET_VISIBLE_REGION: 1112 case VMMDEVREQ_GET_DISPLAY_CHANGE_REQEX: 1113 case VMMDEVREQ_GET_SEAMLESS_CHANGE_REQ: 1114 case VMMDEVREQ_GET_VRDPCHANGE_REQ: 1115 case VMMDEVREQ_LOG_STRING: 1116 case VMMDEVREQ_GET_SESSION_ID: 1117 trusted_apps_only = false; 1118 break; 1119 1120 /* Depends on the request parameters... */ 1121 case VMMDEVREQ_REPORT_GUEST_CAPABILITIES: 1122 guest_status = (const struct vmmdev_guest_status *)req; 1123 switch (guest_status->facility) { 1124 case VBOXGUEST_FACILITY_TYPE_ALL: 1125 case VBOXGUEST_FACILITY_TYPE_VBOXGUEST_DRIVER: 1126 vbg_err("Denying userspace vmm report guest cap. call facility %#08x\n", 1127 guest_status->facility); 1128 return -EPERM; 1129 case VBOXGUEST_FACILITY_TYPE_VBOX_SERVICE: 1130 trusted_apps_only = true; 1131 break; 1132 case VBOXGUEST_FACILITY_TYPE_VBOX_TRAY_CLIENT: 1133 case VBOXGUEST_FACILITY_TYPE_SEAMLESS: 1134 case VBOXGUEST_FACILITY_TYPE_GRAPHICS: 1135 default: 1136 trusted_apps_only = false; 1137 break; 1138 } 1139 break; 1140 1141 /* Anything else is not allowed. */ 1142 default: 1143 vbg_err("Denying userspace vmm call type %#08x\n", 1144 req->request_type); 1145 return -EPERM; 1146 } 1147 1148 if (trusted_apps_only && session->user_session) { 1149 vbg_err("Denying userspace vmm call type %#08x through vboxuser device node\n", 1150 req->request_type); 1151 return -EPERM; 1152 } 1153 1154 return 0; 1155 } 1156 1157 static int vbg_ioctl_vmmrequest(struct vbg_dev *gdev, 1158 struct vbg_session *session, void *data) 1159 { 1160 struct vbg_ioctl_hdr *hdr = data; 1161 int ret; 1162 1163 if (hdr->size_in != hdr->size_out) 1164 return -EINVAL; 1165 1166 if (hdr->size_in > VMMDEV_MAX_VMMDEVREQ_SIZE) 1167 return -E2BIG; 1168 1169 if (hdr->type == VBG_IOCTL_HDR_TYPE_DEFAULT) 1170 return -EINVAL; 1171 1172 ret = vbg_req_allowed(gdev, session, data); 1173 if (ret < 0) 1174 return ret; 1175 1176 vbg_req_perform(gdev, data); 1177 WARN_ON(hdr->rc == VINF_HGCM_ASYNC_EXECUTE); 1178 1179 return 0; 1180 } 1181 1182 static int vbg_ioctl_hgcm_connect(struct vbg_dev *gdev, 1183 struct vbg_session *session, 1184 struct vbg_ioctl_hgcm_connect *conn) 1185 { 1186 u32 client_id; 1187 int i, ret; 1188 1189 if (vbg_ioctl_chk(&conn->hdr, sizeof(conn->u.in), sizeof(conn->u.out))) 1190 return -EINVAL; 1191 1192 /* Find a free place in the sessions clients array and claim it */ 1193 mutex_lock(&gdev->session_mutex); 1194 for (i = 0; i < ARRAY_SIZE(session->hgcm_client_ids); i++) { 1195 if (!session->hgcm_client_ids[i]) { 1196 session->hgcm_client_ids[i] = U32_MAX; 1197 break; 1198 } 1199 } 1200 mutex_unlock(&gdev->session_mutex); 1201 1202 if (i >= ARRAY_SIZE(session->hgcm_client_ids)) 1203 return -EMFILE; 1204 1205 ret = vbg_hgcm_connect(gdev, &conn->u.in.loc, &client_id, 1206 &conn->hdr.rc); 1207 1208 mutex_lock(&gdev->session_mutex); 1209 if (ret == 0 && conn->hdr.rc >= 0) { 1210 conn->u.out.client_id = client_id; 1211 session->hgcm_client_ids[i] = client_id; 1212 } else { 1213 conn->u.out.client_id = 0; 1214 session->hgcm_client_ids[i] = 0; 1215 } 1216 mutex_unlock(&gdev->session_mutex); 1217 1218 return ret; 1219 } 1220 1221 static int vbg_ioctl_hgcm_disconnect(struct vbg_dev *gdev, 1222 struct vbg_session *session, 1223 struct vbg_ioctl_hgcm_disconnect *disconn) 1224 { 1225 u32 client_id; 1226 int i, ret; 1227 1228 if (vbg_ioctl_chk(&disconn->hdr, sizeof(disconn->u.in), 0)) 1229 return -EINVAL; 1230 1231 client_id = disconn->u.in.client_id; 1232 if (client_id == 0 || client_id == U32_MAX) 1233 return -EINVAL; 1234 1235 mutex_lock(&gdev->session_mutex); 1236 for (i = 0; i < ARRAY_SIZE(session->hgcm_client_ids); i++) { 1237 if (session->hgcm_client_ids[i] == client_id) { 1238 session->hgcm_client_ids[i] = U32_MAX; 1239 break; 1240 } 1241 } 1242 mutex_unlock(&gdev->session_mutex); 1243 1244 if (i >= ARRAY_SIZE(session->hgcm_client_ids)) 1245 return -EINVAL; 1246 1247 ret = vbg_hgcm_disconnect(gdev, client_id, &disconn->hdr.rc); 1248 1249 mutex_lock(&gdev->session_mutex); 1250 if (ret == 0 && disconn->hdr.rc >= 0) 1251 session->hgcm_client_ids[i] = 0; 1252 else 1253 session->hgcm_client_ids[i] = client_id; 1254 mutex_unlock(&gdev->session_mutex); 1255 1256 return ret; 1257 } 1258 1259 static int vbg_ioctl_hgcm_call(struct vbg_dev *gdev, 1260 struct vbg_session *session, bool f32bit, 1261 struct vbg_ioctl_hgcm_call *call) 1262 { 1263 size_t actual_size; 1264 u32 client_id; 1265 int i, ret; 1266 1267 if (call->hdr.size_in < sizeof(*call)) 1268 return -EINVAL; 1269 1270 if (call->hdr.size_in != call->hdr.size_out) 1271 return -EINVAL; 1272 1273 if (call->parm_count > VMMDEV_HGCM_MAX_PARMS) 1274 return -E2BIG; 1275 1276 client_id = call->client_id; 1277 if (client_id == 0 || client_id == U32_MAX) 1278 return -EINVAL; 1279 1280 actual_size = sizeof(*call); 1281 if (f32bit) 1282 actual_size += call->parm_count * 1283 sizeof(struct vmmdev_hgcm_function_parameter32); 1284 else 1285 actual_size += call->parm_count * 1286 sizeof(struct vmmdev_hgcm_function_parameter); 1287 if (call->hdr.size_in < actual_size) { 1288 vbg_debug("VBG_IOCTL_HGCM_CALL: hdr.size_in %d required size is %zd\n", 1289 call->hdr.size_in, actual_size); 1290 return -EINVAL; 1291 } 1292 call->hdr.size_out = actual_size; 1293 1294 /* 1295 * Validate the client id. 1296 */ 1297 mutex_lock(&gdev->session_mutex); 1298 for (i = 0; i < ARRAY_SIZE(session->hgcm_client_ids); i++) 1299 if (session->hgcm_client_ids[i] == client_id) 1300 break; 1301 mutex_unlock(&gdev->session_mutex); 1302 if (i >= ARRAY_SIZE(session->hgcm_client_ids)) { 1303 vbg_debug("VBG_IOCTL_HGCM_CALL: INVALID handle. u32Client=%#08x\n", 1304 client_id); 1305 return -EINVAL; 1306 } 1307 1308 if (f32bit) 1309 ret = vbg_hgcm_call32(gdev, client_id, 1310 call->function, call->timeout_ms, 1311 VBG_IOCTL_HGCM_CALL_PARMS32(call), 1312 call->parm_count, &call->hdr.rc); 1313 else 1314 ret = vbg_hgcm_call(gdev, client_id, 1315 call->function, call->timeout_ms, 1316 VBG_IOCTL_HGCM_CALL_PARMS(call), 1317 call->parm_count, &call->hdr.rc); 1318 1319 if (ret == -E2BIG) { 1320 /* E2BIG needs to be reported through the hdr.rc field. */ 1321 call->hdr.rc = VERR_OUT_OF_RANGE; 1322 ret = 0; 1323 } 1324 1325 if (ret && ret != -EINTR && ret != -ETIMEDOUT) 1326 vbg_err("VBG_IOCTL_HGCM_CALL error: %d\n", ret); 1327 1328 return ret; 1329 } 1330 1331 static int vbg_ioctl_log(struct vbg_ioctl_log *log) 1332 { 1333 if (log->hdr.size_out != sizeof(log->hdr)) 1334 return -EINVAL; 1335 1336 vbg_info("%.*s", (int)(log->hdr.size_in - sizeof(log->hdr)), 1337 log->u.in.msg); 1338 1339 return 0; 1340 } 1341 1342 static int vbg_ioctl_change_filter_mask(struct vbg_dev *gdev, 1343 struct vbg_session *session, 1344 struct vbg_ioctl_change_filter *filter) 1345 { 1346 u32 or_mask, not_mask; 1347 1348 if (vbg_ioctl_chk(&filter->hdr, sizeof(filter->u.in), 0)) 1349 return -EINVAL; 1350 1351 or_mask = filter->u.in.or_mask; 1352 not_mask = filter->u.in.not_mask; 1353 1354 if ((or_mask | not_mask) & ~VMMDEV_EVENT_VALID_EVENT_MASK) 1355 return -EINVAL; 1356 1357 return vbg_set_session_event_filter(gdev, session, or_mask, not_mask, 1358 false); 1359 } 1360 1361 static int vbg_ioctl_change_guest_capabilities(struct vbg_dev *gdev, 1362 struct vbg_session *session, struct vbg_ioctl_set_guest_caps *caps) 1363 { 1364 u32 or_mask, not_mask; 1365 int ret; 1366 1367 if (vbg_ioctl_chk(&caps->hdr, sizeof(caps->u.in), sizeof(caps->u.out))) 1368 return -EINVAL; 1369 1370 or_mask = caps->u.in.or_mask; 1371 not_mask = caps->u.in.not_mask; 1372 1373 if ((or_mask | not_mask) & ~VMMDEV_EVENT_VALID_EVENT_MASK) 1374 return -EINVAL; 1375 1376 ret = vbg_set_session_capabilities(gdev, session, or_mask, not_mask, 1377 false); 1378 if (ret) 1379 return ret; 1380 1381 caps->u.out.session_caps = session->guest_caps; 1382 caps->u.out.global_caps = gdev->guest_caps_host; 1383 1384 return 0; 1385 } 1386 1387 static int vbg_ioctl_check_balloon(struct vbg_dev *gdev, 1388 struct vbg_ioctl_check_balloon *balloon_info) 1389 { 1390 if (vbg_ioctl_chk(&balloon_info->hdr, 0, sizeof(balloon_info->u.out))) 1391 return -EINVAL; 1392 1393 balloon_info->u.out.balloon_chunks = gdev->mem_balloon.chunks; 1394 /* 1395 * Under Linux we handle VMMDEV_EVENT_BALLOON_CHANGE_REQUEST 1396 * events entirely in the kernel, see vbg_core_isr(). 1397 */ 1398 balloon_info->u.out.handle_in_r3 = false; 1399 1400 return 0; 1401 } 1402 1403 static int vbg_ioctl_write_core_dump(struct vbg_dev *gdev, 1404 struct vbg_ioctl_write_coredump *dump) 1405 { 1406 struct vmmdev_write_core_dump *req; 1407 1408 if (vbg_ioctl_chk(&dump->hdr, sizeof(dump->u.in), 0)) 1409 return -EINVAL; 1410 1411 req = vbg_req_alloc(sizeof(*req), VMMDEVREQ_WRITE_COREDUMP); 1412 if (!req) 1413 return -ENOMEM; 1414 1415 req->flags = dump->u.in.flags; 1416 dump->hdr.rc = vbg_req_perform(gdev, req); 1417 1418 kfree(req); 1419 return 0; 1420 } 1421 1422 /** 1423 * Common IOCtl for user to kernel communication. 1424 * Return: 0 or negative errno value. 1425 * @session: The client session. 1426 * @req: The requested function. 1427 * @data: The i/o data buffer, minimum size sizeof(struct vbg_ioctl_hdr). 1428 */ 1429 int vbg_core_ioctl(struct vbg_session *session, unsigned int req, void *data) 1430 { 1431 unsigned int req_no_size = req & ~IOCSIZE_MASK; 1432 struct vbg_dev *gdev = session->gdev; 1433 struct vbg_ioctl_hdr *hdr = data; 1434 bool f32bit = false; 1435 1436 hdr->rc = VINF_SUCCESS; 1437 if (!hdr->size_out) 1438 hdr->size_out = hdr->size_in; 1439 1440 /* 1441 * hdr->version and hdr->size_in / hdr->size_out minimum size are 1442 * already checked by vbg_misc_device_ioctl(). 1443 */ 1444 1445 /* For VMMDEV_REQUEST hdr->type != VBG_IOCTL_HDR_TYPE_DEFAULT */ 1446 if (req_no_size == VBG_IOCTL_VMMDEV_REQUEST(0) || 1447 req == VBG_IOCTL_VMMDEV_REQUEST_BIG) 1448 return vbg_ioctl_vmmrequest(gdev, session, data); 1449 1450 if (hdr->type != VBG_IOCTL_HDR_TYPE_DEFAULT) 1451 return -EINVAL; 1452 1453 /* Fixed size requests. */ 1454 switch (req) { 1455 case VBG_IOCTL_DRIVER_VERSION_INFO: 1456 return vbg_ioctl_driver_version_info(data); 1457 case VBG_IOCTL_HGCM_CONNECT: 1458 return vbg_ioctl_hgcm_connect(gdev, session, data); 1459 case VBG_IOCTL_HGCM_DISCONNECT: 1460 return vbg_ioctl_hgcm_disconnect(gdev, session, data); 1461 case VBG_IOCTL_WAIT_FOR_EVENTS: 1462 return vbg_ioctl_wait_for_events(gdev, session, data); 1463 case VBG_IOCTL_INTERRUPT_ALL_WAIT_FOR_EVENTS: 1464 return vbg_ioctl_interrupt_all_wait_events(gdev, session, data); 1465 case VBG_IOCTL_CHANGE_FILTER_MASK: 1466 return vbg_ioctl_change_filter_mask(gdev, session, data); 1467 case VBG_IOCTL_CHANGE_GUEST_CAPABILITIES: 1468 return vbg_ioctl_change_guest_capabilities(gdev, session, data); 1469 case VBG_IOCTL_CHECK_BALLOON: 1470 return vbg_ioctl_check_balloon(gdev, data); 1471 case VBG_IOCTL_WRITE_CORE_DUMP: 1472 return vbg_ioctl_write_core_dump(gdev, data); 1473 } 1474 1475 /* Variable sized requests. */ 1476 switch (req_no_size) { 1477 #ifdef CONFIG_COMPAT 1478 case VBG_IOCTL_HGCM_CALL_32(0): 1479 f32bit = true; 1480 /* Fall through */ 1481 #endif 1482 case VBG_IOCTL_HGCM_CALL(0): 1483 return vbg_ioctl_hgcm_call(gdev, session, f32bit, data); 1484 case VBG_IOCTL_LOG(0): 1485 return vbg_ioctl_log(data); 1486 } 1487 1488 vbg_debug("VGDrvCommonIoCtl: Unknown req %#08x\n", req); 1489 return -ENOTTY; 1490 } 1491 1492 /** 1493 * Report guest supported mouse-features to the host. 1494 * 1495 * Return: 0 or negative errno value. 1496 * @gdev: The Guest extension device. 1497 * @features: The set of features to report to the host. 1498 */ 1499 int vbg_core_set_mouse_status(struct vbg_dev *gdev, u32 features) 1500 { 1501 struct vmmdev_mouse_status *req; 1502 int rc; 1503 1504 req = vbg_req_alloc(sizeof(*req), VMMDEVREQ_SET_MOUSE_STATUS); 1505 if (!req) 1506 return -ENOMEM; 1507 1508 req->mouse_features = features; 1509 req->pointer_pos_x = 0; 1510 req->pointer_pos_y = 0; 1511 1512 rc = vbg_req_perform(gdev, req); 1513 if (rc < 0) 1514 vbg_err("%s error, rc: %d\n", __func__, rc); 1515 1516 kfree(req); 1517 return vbg_status_code_to_errno(rc); 1518 } 1519 1520 /** Core interrupt service routine. */ 1521 irqreturn_t vbg_core_isr(int irq, void *dev_id) 1522 { 1523 struct vbg_dev *gdev = dev_id; 1524 struct vmmdev_events *req = gdev->ack_events_req; 1525 bool mouse_position_changed = false; 1526 unsigned long flags; 1527 u32 events = 0; 1528 int rc; 1529 1530 if (!gdev->mmio->V.V1_04.have_events) 1531 return IRQ_NONE; 1532 1533 /* Get and acknowlegde events. */ 1534 req->header.rc = VERR_INTERNAL_ERROR; 1535 req->events = 0; 1536 rc = vbg_req_perform(gdev, req); 1537 if (rc < 0) { 1538 vbg_err("Error performing events req, rc: %d\n", rc); 1539 return IRQ_NONE; 1540 } 1541 1542 events = req->events; 1543 1544 if (events & VMMDEV_EVENT_MOUSE_POSITION_CHANGED) { 1545 mouse_position_changed = true; 1546 events &= ~VMMDEV_EVENT_MOUSE_POSITION_CHANGED; 1547 } 1548 1549 if (events & VMMDEV_EVENT_HGCM) { 1550 wake_up(&gdev->hgcm_wq); 1551 events &= ~VMMDEV_EVENT_HGCM; 1552 } 1553 1554 if (events & VMMDEV_EVENT_BALLOON_CHANGE_REQUEST) { 1555 schedule_work(&gdev->mem_balloon.work); 1556 events &= ~VMMDEV_EVENT_BALLOON_CHANGE_REQUEST; 1557 } 1558 1559 if (events) { 1560 spin_lock_irqsave(&gdev->event_spinlock, flags); 1561 gdev->pending_events |= events; 1562 spin_unlock_irqrestore(&gdev->event_spinlock, flags); 1563 1564 wake_up(&gdev->event_wq); 1565 } 1566 1567 if (mouse_position_changed) 1568 vbg_linux_mouse_event(gdev); 1569 1570 return IRQ_HANDLED; 1571 } 1572