vboxguest_core.c 49 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061106210631064106510661067106810691070107110721073107410751076107710781079108010811082108310841085108610871088108910901091109210931094109510961097109810991100110111021103110411051106110711081109111011111112111311141115111611171118111911201121112211231124112511261127112811291130113111321133113411351136113711381139114011411142114311441145114611471148114911501151115211531154115511561157115811591160116111621163116411651166116711681169117011711172117311741175117611771178117911801181118211831184118511861187118811891190119111921193119411951196119711981199120012011202120312041205120612071208120912101211121212131214121512161217121812191220122112221223122412251226122712281229123012311232123312341235123612371238123912401241124212431244124512461247124812491250125112521253125412551256125712581259126012611262126312641265126612671268126912701271127212731274127512761277127812791280128112821283128412851286128712881289129012911292129312941295129612971298129913001301130213031304130513061307130813091310131113121313131413151316131713181319132013211322132313241325132613271328132913301331133213331334133513361337133813391340134113421343134413451346134713481349135013511352135313541355135613571358135913601361136213631364136513661367136813691370137113721373137413751376137713781379138013811382138313841385138613871388138913901391139213931394139513961397139813991400140114021403140414051406140714081409141014111412141314141415141614171418141914201421142214231424142514261427142814291430143114321433143414351436143714381439144014411442144314441445144614471448144914501451145214531454145514561457145814591460146114621463146414651466146714681469147014711472147314741475147614771478147914801481148214831484148514861487148814891490149114921493149414951496149714981499150015011502150315041505150615071508150915101511151215131514151515161517151815191520152115221523152415251526152715281529153015311532153315341535153615371538153915401541154215431544154515461547154815491550155115521553155415551556155715581559156015611562156315641565156615671568156915701571157215731574157515761577157815791580158115821583158415851586158715881589159015911592159315941595159615971598159916001601160216031604160516061607160816091610161116121613161416151616161716181619162016211622162316241625162616271628162916301631163216331634163516361637163816391640164116421643164416451646164716481649165016511652165316541655165616571658165916601661166216631664166516661667166816691670167116721673167416751676167716781679168016811682168316841685168616871688168916901691169216931694169516961697169816991700170117021703170417051706170717081709171017111712171317141715171617171718171917201721172217231724172517261727172817291730173117321733173417351736173717381739174017411742174317441745174617471748174917501751175217531754175517561757175817591760176117621763176417651766176717681769177017711772177317741775177617771778177917801781178217831784178517861787178817891790179117921793179417951796179717981799180018011802180318041805180618071808180918101811181218131814181518161817181818191820182118221823182418251826182718281829183018311832183318341835183618371838183918401841184218431844184518461847184818491850185118521853
  1. /* SPDX-License-Identifier: (GPL-2.0 OR CDDL-1.0) */
  2. /*
  3. * vboxguest core guest-device handling code, VBoxGuest.cpp in upstream svn.
  4. *
  5. * Copyright (C) 2007-2016 Oracle Corporation
  6. */
  7. #include <linux/device.h>
  8. #include <linux/io.h>
  9. #include <linux/mm.h>
  10. #include <linux/sched.h>
  11. #include <linux/sizes.h>
  12. #include <linux/slab.h>
  13. #include <linux/vbox_err.h>
  14. #include <linux/vbox_utils.h>
  15. #include <linux/vmalloc.h>
  16. #include "vboxguest_core.h"
  17. #include "vboxguest_version.h"
  18. /* Get the pointer to the first HGCM parameter. */
  19. #define VBG_IOCTL_HGCM_CALL_PARMS(a) \
  20. ((struct vmmdev_hgcm_function_parameter *)( \
  21. (u8 *)(a) + sizeof(struct vbg_ioctl_hgcm_call)))
  22. /* Get the pointer to the first HGCM parameter in a 32-bit request. */
  23. #define VBG_IOCTL_HGCM_CALL_PARMS32(a) \
  24. ((struct vmmdev_hgcm_function_parameter32 *)( \
  25. (u8 *)(a) + sizeof(struct vbg_ioctl_hgcm_call)))
  26. #define GUEST_MAPPINGS_TRIES 5
  27. #define VBG_KERNEL_REQUEST \
  28. (VMMDEV_REQUESTOR_KERNEL | VMMDEV_REQUESTOR_USR_DRV | \
  29. VMMDEV_REQUESTOR_CON_DONT_KNOW | VMMDEV_REQUESTOR_TRUST_NOT_GIVEN)
  30. /**
  31. * vbg_guest_mappings_init - Reserves memory in which the VMM can
  32. * relocate any guest mappings that are floating around.
  33. * @gdev: The Guest extension device.
  34. *
  35. * This operation is a little bit tricky since the VMM might not accept
  36. * just any address because of address clashes between the three contexts
  37. * it operates in, so we try several times.
  38. *
  39. * Failure to reserve the guest mappings is ignored.
  40. */
  41. static void vbg_guest_mappings_init(struct vbg_dev *gdev)
  42. {
  43. struct vmmdev_hypervisorinfo *req;
  44. void *guest_mappings[GUEST_MAPPINGS_TRIES];
  45. struct page **pages = NULL;
  46. u32 size, hypervisor_size;
  47. int i, rc;
  48. /* Query the required space. */
  49. req = vbg_req_alloc(sizeof(*req), VMMDEVREQ_GET_HYPERVISOR_INFO,
  50. VBG_KERNEL_REQUEST);
  51. if (!req)
  52. return;
  53. req->hypervisor_start = 0;
  54. req->hypervisor_size = 0;
  55. rc = vbg_req_perform(gdev, req);
  56. if (rc < 0)
  57. goto out;
  58. /*
  59. * The VMM will report back if there is nothing it wants to map, like
  60. * for instance in VT-x and AMD-V mode.
  61. */
  62. if (req->hypervisor_size == 0)
  63. goto out;
  64. hypervisor_size = req->hypervisor_size;
  65. /* Add 4M so that we can align the vmap to 4MiB as the host requires. */
  66. size = PAGE_ALIGN(req->hypervisor_size) + SZ_4M;
  67. pages = kmalloc_objs(*pages, size >> PAGE_SHIFT);
  68. if (!pages)
  69. goto out;
  70. gdev->guest_mappings_dummy_page = alloc_page(GFP_HIGHUSER);
  71. if (!gdev->guest_mappings_dummy_page)
  72. goto out;
  73. for (i = 0; i < (size >> PAGE_SHIFT); i++)
  74. pages[i] = gdev->guest_mappings_dummy_page;
  75. /*
  76. * Try several times, the VMM might not accept some addresses because
  77. * of address clashes between the three contexts.
  78. */
  79. for (i = 0; i < GUEST_MAPPINGS_TRIES; i++) {
  80. guest_mappings[i] = vmap(pages, (size >> PAGE_SHIFT),
  81. VM_MAP, PAGE_KERNEL_RO);
  82. if (!guest_mappings[i])
  83. break;
  84. req->header.request_type = VMMDEVREQ_SET_HYPERVISOR_INFO;
  85. req->header.rc = VERR_INTERNAL_ERROR;
  86. req->hypervisor_size = hypervisor_size;
  87. req->hypervisor_start =
  88. (unsigned long)PTR_ALIGN(guest_mappings[i], SZ_4M);
  89. rc = vbg_req_perform(gdev, req);
  90. if (rc >= 0) {
  91. gdev->guest_mappings = guest_mappings[i];
  92. break;
  93. }
  94. }
  95. /* Free vmap's from failed attempts. */
  96. while (--i >= 0)
  97. vunmap(guest_mappings[i]);
  98. /* On failure free the dummy-page backing the vmap */
  99. if (!gdev->guest_mappings) {
  100. __free_page(gdev->guest_mappings_dummy_page);
  101. gdev->guest_mappings_dummy_page = NULL;
  102. }
  103. out:
  104. vbg_req_free(req, sizeof(*req));
  105. kfree(pages);
  106. }
  107. /**
  108. * vbg_guest_mappings_exit - Undo what vbg_guest_mappings_init did.
  109. *
  110. * @gdev: The Guest extension device.
  111. */
  112. static void vbg_guest_mappings_exit(struct vbg_dev *gdev)
  113. {
  114. struct vmmdev_hypervisorinfo *req;
  115. int rc;
  116. if (!gdev->guest_mappings)
  117. return;
  118. /*
  119. * Tell the host that we're going to free the memory we reserved for
  120. * it, the free it up. (Leak the memory if anything goes wrong here.)
  121. */
  122. req = vbg_req_alloc(sizeof(*req), VMMDEVREQ_SET_HYPERVISOR_INFO,
  123. VBG_KERNEL_REQUEST);
  124. if (!req)
  125. return;
  126. req->hypervisor_start = 0;
  127. req->hypervisor_size = 0;
  128. rc = vbg_req_perform(gdev, req);
  129. vbg_req_free(req, sizeof(*req));
  130. if (rc < 0) {
  131. vbg_err("%s error: %d\n", __func__, rc);
  132. return;
  133. }
  134. vunmap(gdev->guest_mappings);
  135. gdev->guest_mappings = NULL;
  136. __free_page(gdev->guest_mappings_dummy_page);
  137. gdev->guest_mappings_dummy_page = NULL;
  138. }
  139. /**
  140. * vbg_report_guest_info - Report the guest information to the host.
  141. * @gdev: The Guest extension device.
  142. *
  143. * Return: %0 or negative errno value.
  144. */
  145. static int vbg_report_guest_info(struct vbg_dev *gdev)
  146. {
  147. /*
  148. * Allocate and fill in the two guest info reports.
  149. */
  150. struct vmmdev_guest_info *req1 = NULL;
  151. struct vmmdev_guest_info2 *req2 = NULL;
  152. int rc, ret = -ENOMEM;
  153. req1 = vbg_req_alloc(sizeof(*req1), VMMDEVREQ_REPORT_GUEST_INFO,
  154. VBG_KERNEL_REQUEST);
  155. req2 = vbg_req_alloc(sizeof(*req2), VMMDEVREQ_REPORT_GUEST_INFO2,
  156. VBG_KERNEL_REQUEST);
  157. if (!req1 || !req2)
  158. goto out_free;
  159. req1->interface_version = VMMDEV_VERSION;
  160. req1->os_type = VMMDEV_OSTYPE_LINUX26;
  161. #if __BITS_PER_LONG == 64
  162. req1->os_type |= VMMDEV_OSTYPE_X64;
  163. #endif
  164. req2->additions_major = VBG_VERSION_MAJOR;
  165. req2->additions_minor = VBG_VERSION_MINOR;
  166. req2->additions_build = VBG_VERSION_BUILD;
  167. req2->additions_revision = VBG_SVN_REV;
  168. req2->additions_features =
  169. VMMDEV_GUEST_INFO2_ADDITIONS_FEATURES_REQUESTOR_INFO;
  170. strscpy(req2->name, VBG_VERSION_STRING,
  171. sizeof(req2->name));
  172. /*
  173. * There are two protocols here:
  174. * 1. INFO2 + INFO1. Supported by >=3.2.51.
  175. * 2. INFO1 and optionally INFO2. The old protocol.
  176. *
  177. * We try protocol 2 first. It will fail with VERR_NOT_SUPPORTED
  178. * if not supported by the VMMDev (message ordering requirement).
  179. */
  180. rc = vbg_req_perform(gdev, req2);
  181. if (rc >= 0) {
  182. rc = vbg_req_perform(gdev, req1);
  183. } else if (rc == VERR_NOT_SUPPORTED || rc == VERR_NOT_IMPLEMENTED) {
  184. rc = vbg_req_perform(gdev, req1);
  185. if (rc >= 0) {
  186. rc = vbg_req_perform(gdev, req2);
  187. if (rc == VERR_NOT_IMPLEMENTED)
  188. rc = VINF_SUCCESS;
  189. }
  190. }
  191. ret = vbg_status_code_to_errno(rc);
  192. out_free:
  193. vbg_req_free(req2, sizeof(*req2));
  194. vbg_req_free(req1, sizeof(*req1));
  195. return ret;
  196. }
  197. /**
  198. * vbg_report_driver_status - Report the guest driver status to the host.
  199. * @gdev: The Guest extension device.
  200. * @active: Flag whether the driver is now active or not.
  201. *
  202. * Return: 0 or negative errno value.
  203. */
  204. static int vbg_report_driver_status(struct vbg_dev *gdev, bool active)
  205. {
  206. struct vmmdev_guest_status *req;
  207. int rc;
  208. req = vbg_req_alloc(sizeof(*req), VMMDEVREQ_REPORT_GUEST_STATUS,
  209. VBG_KERNEL_REQUEST);
  210. if (!req)
  211. return -ENOMEM;
  212. req->facility = VBOXGUEST_FACILITY_TYPE_VBOXGUEST_DRIVER;
  213. if (active)
  214. req->status = VBOXGUEST_FACILITY_STATUS_ACTIVE;
  215. else
  216. req->status = VBOXGUEST_FACILITY_STATUS_INACTIVE;
  217. req->flags = 0;
  218. rc = vbg_req_perform(gdev, req);
  219. if (rc == VERR_NOT_IMPLEMENTED) /* Compatibility with older hosts. */
  220. rc = VINF_SUCCESS;
  221. vbg_req_free(req, sizeof(*req));
  222. return vbg_status_code_to_errno(rc);
  223. }
  224. /**
  225. * vbg_balloon_inflate - Inflate the balloon by one chunk. The caller
  226. * owns the balloon mutex.
  227. * @gdev: The Guest extension device.
  228. * @chunk_idx: Index of the chunk.
  229. *
  230. * Return: %0 or negative errno value.
  231. */
  232. static int vbg_balloon_inflate(struct vbg_dev *gdev, u32 chunk_idx)
  233. {
  234. struct vmmdev_memballoon_change *req = gdev->mem_balloon.change_req;
  235. struct page **pages;
  236. int i, rc, ret;
  237. pages = kmalloc_objs(*pages, VMMDEV_MEMORY_BALLOON_CHUNK_PAGES,
  238. GFP_KERNEL | __GFP_NOWARN);
  239. if (!pages)
  240. return -ENOMEM;
  241. req->header.size = sizeof(*req);
  242. req->inflate = true;
  243. req->pages = VMMDEV_MEMORY_BALLOON_CHUNK_PAGES;
  244. for (i = 0; i < VMMDEV_MEMORY_BALLOON_CHUNK_PAGES; i++) {
  245. pages[i] = alloc_page(GFP_KERNEL | __GFP_NOWARN);
  246. if (!pages[i]) {
  247. ret = -ENOMEM;
  248. goto out_error;
  249. }
  250. req->phys_page[i] = page_to_phys(pages[i]);
  251. }
  252. rc = vbg_req_perform(gdev, req);
  253. if (rc < 0) {
  254. vbg_err("%s error, rc: %d\n", __func__, rc);
  255. ret = vbg_status_code_to_errno(rc);
  256. goto out_error;
  257. }
  258. gdev->mem_balloon.pages[chunk_idx] = pages;
  259. return 0;
  260. out_error:
  261. while (--i >= 0)
  262. __free_page(pages[i]);
  263. kfree(pages);
  264. return ret;
  265. }
  266. /**
  267. * vbg_balloon_deflate - Deflate the balloon by one chunk. The caller
  268. * owns the balloon mutex.
  269. * @gdev: The Guest extension device.
  270. * @chunk_idx: Index of the chunk.
  271. *
  272. * Return: %0 or negative errno value.
  273. */
  274. static int vbg_balloon_deflate(struct vbg_dev *gdev, u32 chunk_idx)
  275. {
  276. struct vmmdev_memballoon_change *req = gdev->mem_balloon.change_req;
  277. struct page **pages = gdev->mem_balloon.pages[chunk_idx];
  278. int i, rc;
  279. req->header.size = sizeof(*req);
  280. req->inflate = false;
  281. req->pages = VMMDEV_MEMORY_BALLOON_CHUNK_PAGES;
  282. for (i = 0; i < VMMDEV_MEMORY_BALLOON_CHUNK_PAGES; i++)
  283. req->phys_page[i] = page_to_phys(pages[i]);
  284. rc = vbg_req_perform(gdev, req);
  285. if (rc < 0) {
  286. vbg_err("%s error, rc: %d\n", __func__, rc);
  287. return vbg_status_code_to_errno(rc);
  288. }
  289. for (i = 0; i < VMMDEV_MEMORY_BALLOON_CHUNK_PAGES; i++)
  290. __free_page(pages[i]);
  291. kfree(pages);
  292. gdev->mem_balloon.pages[chunk_idx] = NULL;
  293. return 0;
  294. }
  295. /*
  296. * Respond to VMMDEV_EVENT_BALLOON_CHANGE_REQUEST events, query the size
  297. * the host wants the balloon to be and adjust accordingly.
  298. */
  299. static void vbg_balloon_work(struct work_struct *work)
  300. {
  301. struct vbg_dev *gdev =
  302. container_of(work, struct vbg_dev, mem_balloon.work);
  303. struct vmmdev_memballoon_info *req = gdev->mem_balloon.get_req;
  304. u32 i, chunks;
  305. int rc, ret;
  306. /*
  307. * Setting this bit means that we request the value from the host and
  308. * change the guest memory balloon according to the returned value.
  309. */
  310. req->event_ack = VMMDEV_EVENT_BALLOON_CHANGE_REQUEST;
  311. rc = vbg_req_perform(gdev, req);
  312. if (rc < 0) {
  313. vbg_err("%s error, rc: %d)\n", __func__, rc);
  314. return;
  315. }
  316. /*
  317. * The host always returns the same maximum amount of chunks, so
  318. * we do this once.
  319. */
  320. if (!gdev->mem_balloon.max_chunks) {
  321. gdev->mem_balloon.pages =
  322. devm_kcalloc(gdev->dev, req->phys_mem_chunks,
  323. sizeof(struct page **), GFP_KERNEL);
  324. if (!gdev->mem_balloon.pages)
  325. return;
  326. gdev->mem_balloon.max_chunks = req->phys_mem_chunks;
  327. }
  328. chunks = req->balloon_chunks;
  329. if (chunks > gdev->mem_balloon.max_chunks) {
  330. vbg_err("%s: illegal balloon size %u (max=%u)\n",
  331. __func__, chunks, gdev->mem_balloon.max_chunks);
  332. return;
  333. }
  334. if (chunks > gdev->mem_balloon.chunks) {
  335. /* inflate */
  336. for (i = gdev->mem_balloon.chunks; i < chunks; i++) {
  337. ret = vbg_balloon_inflate(gdev, i);
  338. if (ret < 0)
  339. return;
  340. gdev->mem_balloon.chunks++;
  341. }
  342. } else {
  343. /* deflate */
  344. for (i = gdev->mem_balloon.chunks; i-- > chunks;) {
  345. ret = vbg_balloon_deflate(gdev, i);
  346. if (ret < 0)
  347. return;
  348. gdev->mem_balloon.chunks--;
  349. }
  350. }
  351. }
  352. /*
  353. * Callback for heartbeat timer.
  354. */
  355. static void vbg_heartbeat_timer(struct timer_list *t)
  356. {
  357. struct vbg_dev *gdev = timer_container_of(gdev, t, heartbeat_timer);
  358. vbg_req_perform(gdev, gdev->guest_heartbeat_req);
  359. mod_timer(&gdev->heartbeat_timer,
  360. msecs_to_jiffies(gdev->heartbeat_interval_ms));
  361. }
  362. /**
  363. * vbg_heartbeat_host_config - Configure the host to check guest's heartbeat
  364. * and get heartbeat interval from the host.
  365. * @gdev: The Guest extension device.
  366. * @enabled: Set true to enable guest heartbeat checks on host.
  367. *
  368. * Return: %0 or negative errno value.
  369. */
  370. static int vbg_heartbeat_host_config(struct vbg_dev *gdev, bool enabled)
  371. {
  372. struct vmmdev_heartbeat *req;
  373. int rc;
  374. req = vbg_req_alloc(sizeof(*req), VMMDEVREQ_HEARTBEAT_CONFIGURE,
  375. VBG_KERNEL_REQUEST);
  376. if (!req)
  377. return -ENOMEM;
  378. req->enabled = enabled;
  379. req->interval_ns = 0;
  380. rc = vbg_req_perform(gdev, req);
  381. do_div(req->interval_ns, 1000000); /* ns -> ms */
  382. gdev->heartbeat_interval_ms = req->interval_ns;
  383. vbg_req_free(req, sizeof(*req));
  384. return vbg_status_code_to_errno(rc);
  385. }
  386. /**
  387. * vbg_heartbeat_init - Initializes the heartbeat timer. This feature
  388. * may be disabled by the host.
  389. * @gdev: The Guest extension device.
  390. *
  391. * Return: %0 or negative errno value.
  392. */
  393. static int vbg_heartbeat_init(struct vbg_dev *gdev)
  394. {
  395. int ret;
  396. /* Make sure that heartbeat checking is disabled if we fail. */
  397. ret = vbg_heartbeat_host_config(gdev, false);
  398. if (ret < 0)
  399. return ret;
  400. ret = vbg_heartbeat_host_config(gdev, true);
  401. if (ret < 0)
  402. return ret;
  403. gdev->guest_heartbeat_req = vbg_req_alloc(
  404. sizeof(*gdev->guest_heartbeat_req),
  405. VMMDEVREQ_GUEST_HEARTBEAT,
  406. VBG_KERNEL_REQUEST);
  407. if (!gdev->guest_heartbeat_req)
  408. return -ENOMEM;
  409. vbg_info("%s: Setting up heartbeat to trigger every %d milliseconds\n",
  410. __func__, gdev->heartbeat_interval_ms);
  411. mod_timer(&gdev->heartbeat_timer, 0);
  412. return 0;
  413. }
  414. /**
  415. * vbg_heartbeat_exit - Cleanup heartbeat code, stop HB timer and disable
  416. * host heartbeat checking.
  417. * @gdev: The Guest extension device.
  418. */
  419. static void vbg_heartbeat_exit(struct vbg_dev *gdev)
  420. {
  421. timer_delete_sync(&gdev->heartbeat_timer);
  422. vbg_heartbeat_host_config(gdev, false);
  423. vbg_req_free(gdev->guest_heartbeat_req,
  424. sizeof(*gdev->guest_heartbeat_req));
  425. }
  426. /**
  427. * vbg_track_bit_usage - Applies a change to the bit usage tracker.
  428. * @tracker: The bit usage tracker.
  429. * @changed: The bits to change.
  430. * @previous: The previous value of the bits.
  431. *
  432. * Return: %true if the mask changed, %false if not.
  433. */
  434. static bool vbg_track_bit_usage(struct vbg_bit_usage_tracker *tracker,
  435. u32 changed, u32 previous)
  436. {
  437. bool global_change = false;
  438. while (changed) {
  439. u32 bit = ffs(changed) - 1;
  440. u32 bitmask = BIT(bit);
  441. if (bitmask & previous) {
  442. tracker->per_bit_usage[bit] -= 1;
  443. if (tracker->per_bit_usage[bit] == 0) {
  444. global_change = true;
  445. tracker->mask &= ~bitmask;
  446. }
  447. } else {
  448. tracker->per_bit_usage[bit] += 1;
  449. if (tracker->per_bit_usage[bit] == 1) {
  450. global_change = true;
  451. tracker->mask |= bitmask;
  452. }
  453. }
  454. changed &= ~bitmask;
  455. }
  456. return global_change;
  457. }
  458. /**
  459. * vbg_reset_host_event_filter - Init and termination worker for
  460. * resetting the (host) event filter on the host
  461. * @gdev: The Guest extension device.
  462. * @fixed_events: Fixed events (init time).
  463. *
  464. * Return: %0 or negative errno value.
  465. */
  466. static int vbg_reset_host_event_filter(struct vbg_dev *gdev,
  467. u32 fixed_events)
  468. {
  469. struct vmmdev_mask *req;
  470. int rc;
  471. req = vbg_req_alloc(sizeof(*req), VMMDEVREQ_CTL_GUEST_FILTER_MASK,
  472. VBG_KERNEL_REQUEST);
  473. if (!req)
  474. return -ENOMEM;
  475. req->not_mask = U32_MAX & ~fixed_events;
  476. req->or_mask = fixed_events;
  477. rc = vbg_req_perform(gdev, req);
  478. if (rc < 0)
  479. vbg_err("%s error, rc: %d\n", __func__, rc);
  480. vbg_req_free(req, sizeof(*req));
  481. return vbg_status_code_to_errno(rc);
  482. }
  483. /**
  484. * vbg_set_session_event_filter - Changes the event filter mask for the
  485. * given session.
  486. * @gdev: The Guest extension device.
  487. * @session: The session.
  488. * @or_mask: The events to add.
  489. * @not_mask: The events to remove.
  490. * @session_termination: Set if we're called by the session cleanup code.
  491. * This tweaks the error handling so we perform
  492. * proper session cleanup even if the host
  493. * misbehaves.
  494. *
  495. * This is called in response to VBG_IOCTL_CHANGE_FILTER_MASK as well as to
  496. * do session cleanup. Takes the session mutex.
  497. *
  498. * Return: 0 or negative errno value.
  499. */
  500. static int vbg_set_session_event_filter(struct vbg_dev *gdev,
  501. struct vbg_session *session,
  502. u32 or_mask, u32 not_mask,
  503. bool session_termination)
  504. {
  505. struct vmmdev_mask *req;
  506. u32 changed, previous;
  507. int rc, ret = 0;
  508. /*
  509. * Allocate a request buffer before taking the spinlock, when
  510. * the session is being terminated the requestor is the kernel,
  511. * as we're cleaning up.
  512. */
  513. req = vbg_req_alloc(sizeof(*req), VMMDEVREQ_CTL_GUEST_FILTER_MASK,
  514. session_termination ? VBG_KERNEL_REQUEST :
  515. session->requestor);
  516. if (!req) {
  517. if (!session_termination)
  518. return -ENOMEM;
  519. /* Ignore allocation failure, we must do session cleanup. */
  520. }
  521. mutex_lock(&gdev->session_mutex);
  522. /* Apply the changes to the session mask. */
  523. previous = session->event_filter;
  524. session->event_filter |= or_mask;
  525. session->event_filter &= ~not_mask;
  526. /* If anything actually changed, update the global usage counters. */
  527. changed = previous ^ session->event_filter;
  528. if (!changed)
  529. goto out;
  530. vbg_track_bit_usage(&gdev->event_filter_tracker, changed, previous);
  531. or_mask = gdev->fixed_events | gdev->event_filter_tracker.mask;
  532. if (gdev->event_filter_host == or_mask || !req)
  533. goto out;
  534. gdev->event_filter_host = or_mask;
  535. req->or_mask = or_mask;
  536. req->not_mask = ~or_mask;
  537. rc = vbg_req_perform(gdev, req);
  538. if (rc < 0) {
  539. ret = vbg_status_code_to_errno(rc);
  540. /* Failed, roll back (unless it's session termination time). */
  541. gdev->event_filter_host = U32_MAX;
  542. if (session_termination)
  543. goto out;
  544. vbg_track_bit_usage(&gdev->event_filter_tracker, changed,
  545. session->event_filter);
  546. session->event_filter = previous;
  547. }
  548. out:
  549. mutex_unlock(&gdev->session_mutex);
  550. vbg_req_free(req, sizeof(*req));
  551. return ret;
  552. }
  553. /**
  554. * vbg_reset_host_capabilities - Init and termination worker for set
  555. * guest capabilities to zero on the host.
  556. * @gdev: The Guest extension device.
  557. *
  558. * Return: %0 or negative errno value.
  559. */
  560. static int vbg_reset_host_capabilities(struct vbg_dev *gdev)
  561. {
  562. struct vmmdev_mask *req;
  563. int rc;
  564. req = vbg_req_alloc(sizeof(*req), VMMDEVREQ_SET_GUEST_CAPABILITIES,
  565. VBG_KERNEL_REQUEST);
  566. if (!req)
  567. return -ENOMEM;
  568. req->not_mask = U32_MAX;
  569. req->or_mask = 0;
  570. rc = vbg_req_perform(gdev, req);
  571. if (rc < 0)
  572. vbg_err("%s error, rc: %d\n", __func__, rc);
  573. vbg_req_free(req, sizeof(*req));
  574. return vbg_status_code_to_errno(rc);
  575. }
  576. /**
  577. * vbg_set_host_capabilities - Set guest capabilities on the host.
  578. * @gdev: The Guest extension device.
  579. * @session: The session.
  580. * @session_termination: Set if we're called by the session cleanup code.
  581. *
  582. * Must be called with gdev->session_mutex hold.
  583. *
  584. * Return: %0 or negative errno value.
  585. */
  586. static int vbg_set_host_capabilities(struct vbg_dev *gdev,
  587. struct vbg_session *session,
  588. bool session_termination)
  589. {
  590. struct vmmdev_mask *req;
  591. u32 caps;
  592. int rc;
  593. WARN_ON(!mutex_is_locked(&gdev->session_mutex));
  594. caps = gdev->acquired_guest_caps | gdev->set_guest_caps_tracker.mask;
  595. if (gdev->guest_caps_host == caps)
  596. return 0;
  597. /* On termination the requestor is the kernel, as we're cleaning up. */
  598. req = vbg_req_alloc(sizeof(*req), VMMDEVREQ_SET_GUEST_CAPABILITIES,
  599. session_termination ? VBG_KERNEL_REQUEST :
  600. session->requestor);
  601. if (!req) {
  602. gdev->guest_caps_host = U32_MAX;
  603. return -ENOMEM;
  604. }
  605. req->or_mask = caps;
  606. req->not_mask = ~caps;
  607. rc = vbg_req_perform(gdev, req);
  608. vbg_req_free(req, sizeof(*req));
  609. gdev->guest_caps_host = (rc >= 0) ? caps : U32_MAX;
  610. return vbg_status_code_to_errno(rc);
  611. }
  612. /**
  613. * vbg_acquire_session_capabilities - Acquire (get exclusive access)
  614. * guest capabilities for a session.
  615. * @gdev: The Guest extension device.
  616. * @session: The session.
  617. * @flags: Flags (VBGL_IOC_AGC_FLAGS_XXX).
  618. * @or_mask: The capabilities to add.
  619. * @not_mask: The capabilities to remove.
  620. * @session_termination: Set if we're called by the session cleanup code.
  621. * This tweaks the error handling so we perform
  622. * proper session cleanup even if the host
  623. * misbehaves.
  624. *
  625. * Takes the session mutex.
  626. *
  627. * Return: %0 or negative errno value.
  628. */
  629. static int vbg_acquire_session_capabilities(struct vbg_dev *gdev,
  630. struct vbg_session *session,
  631. u32 or_mask, u32 not_mask,
  632. u32 flags, bool session_termination)
  633. {
  634. unsigned long irqflags;
  635. bool wakeup = false;
  636. int ret = 0;
  637. mutex_lock(&gdev->session_mutex);
  638. if (gdev->set_guest_caps_tracker.mask & or_mask) {
  639. vbg_err("%s error: cannot acquire caps which are currently set\n",
  640. __func__);
  641. ret = -EINVAL;
  642. goto out;
  643. }
  644. /*
  645. * Mark any caps in the or_mask as now being in acquire-mode. Note
  646. * once caps are in acquire_mode they always stay in this mode.
  647. * This impacts event handling, so we take the event-lock.
  648. */
  649. spin_lock_irqsave(&gdev->event_spinlock, irqflags);
  650. gdev->acquire_mode_guest_caps |= or_mask;
  651. spin_unlock_irqrestore(&gdev->event_spinlock, irqflags);
  652. /* If we only have to switch the caps to acquire mode, we're done. */
  653. if (flags & VBGL_IOC_AGC_FLAGS_CONFIG_ACQUIRE_MODE)
  654. goto out;
  655. not_mask &= ~or_mask; /* or_mask takes priority over not_mask */
  656. not_mask &= session->acquired_guest_caps;
  657. or_mask &= ~session->acquired_guest_caps;
  658. if (or_mask == 0 && not_mask == 0)
  659. goto out;
  660. if (gdev->acquired_guest_caps & or_mask) {
  661. ret = -EBUSY;
  662. goto out;
  663. }
  664. gdev->acquired_guest_caps |= or_mask;
  665. gdev->acquired_guest_caps &= ~not_mask;
  666. /* session->acquired_guest_caps impacts event handling, take the lock */
  667. spin_lock_irqsave(&gdev->event_spinlock, irqflags);
  668. session->acquired_guest_caps |= or_mask;
  669. session->acquired_guest_caps &= ~not_mask;
  670. spin_unlock_irqrestore(&gdev->event_spinlock, irqflags);
  671. ret = vbg_set_host_capabilities(gdev, session, session_termination);
  672. /* Roll back on failure, unless it's session termination time. */
  673. if (ret < 0 && !session_termination) {
  674. gdev->acquired_guest_caps &= ~or_mask;
  675. gdev->acquired_guest_caps |= not_mask;
  676. spin_lock_irqsave(&gdev->event_spinlock, irqflags);
  677. session->acquired_guest_caps &= ~or_mask;
  678. session->acquired_guest_caps |= not_mask;
  679. spin_unlock_irqrestore(&gdev->event_spinlock, irqflags);
  680. }
  681. /*
  682. * If we added a capability, check if that means some other thread in
  683. * our session should be unblocked because there are events pending
  684. * (the result of vbg_get_allowed_event_mask_for_session() may change).
  685. *
  686. * HACK ALERT! When the seamless support capability is added we generate
  687. * a seamless change event so that the ring-3 client can sync with
  688. * the seamless state.
  689. */
  690. if (ret == 0 && or_mask != 0) {
  691. spin_lock_irqsave(&gdev->event_spinlock, irqflags);
  692. if (or_mask & VMMDEV_GUEST_SUPPORTS_SEAMLESS)
  693. gdev->pending_events |=
  694. VMMDEV_EVENT_SEAMLESS_MODE_CHANGE_REQUEST;
  695. if (gdev->pending_events)
  696. wakeup = true;
  697. spin_unlock_irqrestore(&gdev->event_spinlock, irqflags);
  698. if (wakeup)
  699. wake_up(&gdev->event_wq);
  700. }
  701. out:
  702. mutex_unlock(&gdev->session_mutex);
  703. return ret;
  704. }
  705. /**
  706. * vbg_set_session_capabilities - Sets the guest capabilities for a
  707. * session. Takes the session mutex.
  708. * @gdev: The Guest extension device.
  709. * @session: The session.
  710. * @or_mask: The capabilities to add.
  711. * @not_mask: The capabilities to remove.
  712. * @session_termination: Set if we're called by the session cleanup code.
  713. * This tweaks the error handling so we perform
  714. * proper session cleanup even if the host
  715. * misbehaves.
  716. *
  717. * Return: %0 or negative errno value.
  718. */
  719. static int vbg_set_session_capabilities(struct vbg_dev *gdev,
  720. struct vbg_session *session,
  721. u32 or_mask, u32 not_mask,
  722. bool session_termination)
  723. {
  724. u32 changed, previous;
  725. int ret = 0;
  726. mutex_lock(&gdev->session_mutex);
  727. if (gdev->acquire_mode_guest_caps & or_mask) {
  728. vbg_err("%s error: cannot set caps which are in acquire_mode\n",
  729. __func__);
  730. ret = -EBUSY;
  731. goto out;
  732. }
  733. /* Apply the changes to the session mask. */
  734. previous = session->set_guest_caps;
  735. session->set_guest_caps |= or_mask;
  736. session->set_guest_caps &= ~not_mask;
  737. /* If anything actually changed, update the global usage counters. */
  738. changed = previous ^ session->set_guest_caps;
  739. if (!changed)
  740. goto out;
  741. vbg_track_bit_usage(&gdev->set_guest_caps_tracker, changed, previous);
  742. ret = vbg_set_host_capabilities(gdev, session, session_termination);
  743. /* Roll back on failure, unless it's session termination time. */
  744. if (ret < 0 && !session_termination) {
  745. vbg_track_bit_usage(&gdev->set_guest_caps_tracker, changed,
  746. session->set_guest_caps);
  747. session->set_guest_caps = previous;
  748. }
  749. out:
  750. mutex_unlock(&gdev->session_mutex);
  751. return ret;
  752. }
  753. /**
  754. * vbg_query_host_version - get the host feature mask and version information.
  755. * @gdev: The Guest extension device.
  756. *
  757. * Return: %0 or negative errno value.
  758. */
  759. static int vbg_query_host_version(struct vbg_dev *gdev)
  760. {
  761. struct vmmdev_host_version *req;
  762. int rc, ret;
  763. req = vbg_req_alloc(sizeof(*req), VMMDEVREQ_GET_HOST_VERSION,
  764. VBG_KERNEL_REQUEST);
  765. if (!req)
  766. return -ENOMEM;
  767. rc = vbg_req_perform(gdev, req);
  768. ret = vbg_status_code_to_errno(rc);
  769. if (ret) {
  770. vbg_err("%s error: %d\n", __func__, rc);
  771. goto out;
  772. }
  773. snprintf(gdev->host_version, sizeof(gdev->host_version), "%u.%u.%ur%u",
  774. req->major, req->minor, req->build, req->revision);
  775. gdev->host_features = req->features;
  776. vbg_info("vboxguest: host-version: %s %#x\n", gdev->host_version,
  777. gdev->host_features);
  778. if (!(req->features & VMMDEV_HVF_HGCM_PHYS_PAGE_LIST)) {
  779. vbg_err("vboxguest: Error host too old (does not support page-lists)\n");
  780. ret = -ENODEV;
  781. }
  782. out:
  783. vbg_req_free(req, sizeof(*req));
  784. return ret;
  785. }
  786. /**
  787. * vbg_core_init - Initializes the VBoxGuest device extension when the
  788. * device driver is loaded.
  789. * @gdev: The Guest extension device.
  790. * @fixed_events: Events that will be enabled upon init and no client
  791. * will ever be allowed to mask.
  792. *
  793. * The native code locates the VMMDev on the PCI bus and retrieve
  794. * the MMIO and I/O port ranges, this function will take care of
  795. * mapping the MMIO memory (if present). Upon successful return
  796. * the native code should set up the interrupt handler.
  797. *
  798. * Return: %0 or negative errno value.
  799. */
  800. int vbg_core_init(struct vbg_dev *gdev, u32 fixed_events)
  801. {
  802. int ret = -ENOMEM;
  803. gdev->fixed_events = fixed_events | VMMDEV_EVENT_HGCM;
  804. gdev->event_filter_host = U32_MAX; /* forces a report */
  805. gdev->guest_caps_host = U32_MAX; /* forces a report */
  806. init_waitqueue_head(&gdev->event_wq);
  807. init_waitqueue_head(&gdev->hgcm_wq);
  808. spin_lock_init(&gdev->event_spinlock);
  809. mutex_init(&gdev->session_mutex);
  810. mutex_init(&gdev->cancel_req_mutex);
  811. timer_setup(&gdev->heartbeat_timer, vbg_heartbeat_timer, 0);
  812. INIT_WORK(&gdev->mem_balloon.work, vbg_balloon_work);
  813. gdev->mem_balloon.get_req =
  814. vbg_req_alloc(sizeof(*gdev->mem_balloon.get_req),
  815. VMMDEVREQ_GET_MEMBALLOON_CHANGE_REQ,
  816. VBG_KERNEL_REQUEST);
  817. gdev->mem_balloon.change_req =
  818. vbg_req_alloc(sizeof(*gdev->mem_balloon.change_req),
  819. VMMDEVREQ_CHANGE_MEMBALLOON,
  820. VBG_KERNEL_REQUEST);
  821. gdev->cancel_req =
  822. vbg_req_alloc(sizeof(*(gdev->cancel_req)),
  823. VMMDEVREQ_HGCM_CANCEL2,
  824. VBG_KERNEL_REQUEST);
  825. gdev->ack_events_req =
  826. vbg_req_alloc(sizeof(*gdev->ack_events_req),
  827. VMMDEVREQ_ACKNOWLEDGE_EVENTS,
  828. VBG_KERNEL_REQUEST);
  829. gdev->mouse_status_req =
  830. vbg_req_alloc(sizeof(*gdev->mouse_status_req),
  831. VMMDEVREQ_GET_MOUSE_STATUS,
  832. VBG_KERNEL_REQUEST);
  833. if (!gdev->mem_balloon.get_req || !gdev->mem_balloon.change_req ||
  834. !gdev->cancel_req || !gdev->ack_events_req ||
  835. !gdev->mouse_status_req)
  836. goto err_free_reqs;
  837. ret = vbg_query_host_version(gdev);
  838. if (ret)
  839. goto err_free_reqs;
  840. ret = vbg_report_guest_info(gdev);
  841. if (ret) {
  842. vbg_err("vboxguest: vbg_report_guest_info error: %d\n", ret);
  843. goto err_free_reqs;
  844. }
  845. ret = vbg_reset_host_event_filter(gdev, gdev->fixed_events);
  846. if (ret) {
  847. vbg_err("vboxguest: Error setting fixed event filter: %d\n",
  848. ret);
  849. goto err_free_reqs;
  850. }
  851. ret = vbg_reset_host_capabilities(gdev);
  852. if (ret) {
  853. vbg_err("vboxguest: Error clearing guest capabilities: %d\n",
  854. ret);
  855. goto err_free_reqs;
  856. }
  857. ret = vbg_core_set_mouse_status(gdev, 0);
  858. if (ret) {
  859. vbg_err("vboxguest: Error clearing mouse status: %d\n", ret);
  860. goto err_free_reqs;
  861. }
  862. /* These may fail without requiring the driver init to fail. */
  863. vbg_guest_mappings_init(gdev);
  864. vbg_heartbeat_init(gdev);
  865. /* All Done! */
  866. ret = vbg_report_driver_status(gdev, true);
  867. if (ret < 0)
  868. vbg_err("vboxguest: Error reporting driver status: %d\n", ret);
  869. return 0;
  870. err_free_reqs:
  871. vbg_req_free(gdev->mouse_status_req,
  872. sizeof(*gdev->mouse_status_req));
  873. vbg_req_free(gdev->ack_events_req,
  874. sizeof(*gdev->ack_events_req));
  875. vbg_req_free(gdev->cancel_req,
  876. sizeof(*gdev->cancel_req));
  877. vbg_req_free(gdev->mem_balloon.change_req,
  878. sizeof(*gdev->mem_balloon.change_req));
  879. vbg_req_free(gdev->mem_balloon.get_req,
  880. sizeof(*gdev->mem_balloon.get_req));
  881. return ret;
  882. }
  883. /**
  884. * vbg_core_exit - Call this on exit to clean-up vboxguest-core managed
  885. * resources.
  886. * @gdev: The Guest extension device.
  887. *
  888. * The native code should call this before the driver is loaded,
  889. * but don't call this on shutdown.
  890. */
  891. void vbg_core_exit(struct vbg_dev *gdev)
  892. {
  893. vbg_heartbeat_exit(gdev);
  894. vbg_guest_mappings_exit(gdev);
  895. /* Clear the host flags (mouse status etc). */
  896. vbg_reset_host_event_filter(gdev, 0);
  897. vbg_reset_host_capabilities(gdev);
  898. vbg_core_set_mouse_status(gdev, 0);
  899. vbg_req_free(gdev->mouse_status_req,
  900. sizeof(*gdev->mouse_status_req));
  901. vbg_req_free(gdev->ack_events_req,
  902. sizeof(*gdev->ack_events_req));
  903. vbg_req_free(gdev->cancel_req,
  904. sizeof(*gdev->cancel_req));
  905. vbg_req_free(gdev->mem_balloon.change_req,
  906. sizeof(*gdev->mem_balloon.change_req));
  907. vbg_req_free(gdev->mem_balloon.get_req,
  908. sizeof(*gdev->mem_balloon.get_req));
  909. }
  910. /**
  911. * vbg_core_open_session - Creates a VBoxGuest user session.
  912. * @gdev: The Guest extension device.
  913. * @requestor: VMMDEV_REQUESTOR_* flags
  914. *
  915. * vboxguest_linux.c calls this when userspace opens the char-device.
  916. *
  917. * Return: A pointer to the new session or an ERR_PTR on error.
  918. */
  919. struct vbg_session *vbg_core_open_session(struct vbg_dev *gdev, u32 requestor)
  920. {
  921. struct vbg_session *session;
  922. session = kzalloc_obj(*session);
  923. if (!session)
  924. return ERR_PTR(-ENOMEM);
  925. session->gdev = gdev;
  926. session->requestor = requestor;
  927. return session;
  928. }
  929. /**
  930. * vbg_core_close_session - Closes a VBoxGuest session.
  931. * @session: The session to close (and free).
  932. */
  933. void vbg_core_close_session(struct vbg_session *session)
  934. {
  935. struct vbg_dev *gdev = session->gdev;
  936. int i, rc;
  937. vbg_acquire_session_capabilities(gdev, session, 0, U32_MAX, 0, true);
  938. vbg_set_session_capabilities(gdev, session, 0, U32_MAX, true);
  939. vbg_set_session_event_filter(gdev, session, 0, U32_MAX, true);
  940. for (i = 0; i < ARRAY_SIZE(session->hgcm_client_ids); i++) {
  941. if (!session->hgcm_client_ids[i])
  942. continue;
  943. /* requestor is kernel here, as we're cleaning up. */
  944. vbg_hgcm_disconnect(gdev, VBG_KERNEL_REQUEST,
  945. session->hgcm_client_ids[i], &rc);
  946. }
  947. kfree(session);
  948. }
  949. static int vbg_ioctl_chk(struct vbg_ioctl_hdr *hdr, size_t in_size,
  950. size_t out_size)
  951. {
  952. if (hdr->size_in != (sizeof(*hdr) + in_size) ||
  953. hdr->size_out != (sizeof(*hdr) + out_size))
  954. return -EINVAL;
  955. return 0;
  956. }
  957. static int vbg_ioctl_driver_version_info(
  958. struct vbg_ioctl_driver_version_info *info)
  959. {
  960. const u16 vbg_maj_version = VBG_IOC_VERSION >> 16;
  961. u16 min_maj_version, req_maj_version;
  962. if (vbg_ioctl_chk(&info->hdr, sizeof(info->u.in), sizeof(info->u.out)))
  963. return -EINVAL;
  964. req_maj_version = info->u.in.req_version >> 16;
  965. min_maj_version = info->u.in.min_version >> 16;
  966. if (info->u.in.min_version > info->u.in.req_version ||
  967. min_maj_version != req_maj_version)
  968. return -EINVAL;
  969. if (info->u.in.min_version <= VBG_IOC_VERSION &&
  970. min_maj_version == vbg_maj_version) {
  971. info->u.out.session_version = VBG_IOC_VERSION;
  972. } else {
  973. info->u.out.session_version = U32_MAX;
  974. info->hdr.rc = VERR_VERSION_MISMATCH;
  975. }
  976. info->u.out.driver_version = VBG_IOC_VERSION;
  977. info->u.out.driver_revision = 0;
  978. info->u.out.reserved1 = 0;
  979. info->u.out.reserved2 = 0;
  980. return 0;
  981. }
  982. /* Must be called with the event_lock held */
  983. static u32 vbg_get_allowed_event_mask_for_session(struct vbg_dev *gdev,
  984. struct vbg_session *session)
  985. {
  986. u32 acquire_mode_caps = gdev->acquire_mode_guest_caps;
  987. u32 session_acquired_caps = session->acquired_guest_caps;
  988. u32 allowed_events = VMMDEV_EVENT_VALID_EVENT_MASK;
  989. if ((acquire_mode_caps & VMMDEV_GUEST_SUPPORTS_GRAPHICS) &&
  990. !(session_acquired_caps & VMMDEV_GUEST_SUPPORTS_GRAPHICS))
  991. allowed_events &= ~VMMDEV_EVENT_DISPLAY_CHANGE_REQUEST;
  992. if ((acquire_mode_caps & VMMDEV_GUEST_SUPPORTS_SEAMLESS) &&
  993. !(session_acquired_caps & VMMDEV_GUEST_SUPPORTS_SEAMLESS))
  994. allowed_events &= ~VMMDEV_EVENT_SEAMLESS_MODE_CHANGE_REQUEST;
  995. return allowed_events;
  996. }
  997. static bool vbg_wait_event_cond(struct vbg_dev *gdev,
  998. struct vbg_session *session,
  999. u32 event_mask)
  1000. {
  1001. unsigned long flags;
  1002. bool wakeup;
  1003. u32 events;
  1004. spin_lock_irqsave(&gdev->event_spinlock, flags);
  1005. events = gdev->pending_events & event_mask;
  1006. events &= vbg_get_allowed_event_mask_for_session(gdev, session);
  1007. wakeup = events || session->cancel_waiters;
  1008. spin_unlock_irqrestore(&gdev->event_spinlock, flags);
  1009. return wakeup;
  1010. }
  1011. /* Must be called with the event_lock held */
  1012. static u32 vbg_consume_events_locked(struct vbg_dev *gdev,
  1013. struct vbg_session *session,
  1014. u32 event_mask)
  1015. {
  1016. u32 events = gdev->pending_events & event_mask;
  1017. events &= vbg_get_allowed_event_mask_for_session(gdev, session);
  1018. gdev->pending_events &= ~events;
  1019. return events;
  1020. }
  1021. static int vbg_ioctl_wait_for_events(struct vbg_dev *gdev,
  1022. struct vbg_session *session,
  1023. struct vbg_ioctl_wait_for_events *wait)
  1024. {
  1025. u32 timeout_ms = wait->u.in.timeout_ms;
  1026. u32 event_mask = wait->u.in.events;
  1027. unsigned long flags;
  1028. long timeout;
  1029. int ret = 0;
  1030. if (vbg_ioctl_chk(&wait->hdr, sizeof(wait->u.in), sizeof(wait->u.out)))
  1031. return -EINVAL;
  1032. if (timeout_ms == U32_MAX)
  1033. timeout = MAX_SCHEDULE_TIMEOUT;
  1034. else
  1035. timeout = msecs_to_jiffies(timeout_ms);
  1036. wait->u.out.events = 0;
  1037. do {
  1038. timeout = wait_event_interruptible_timeout(
  1039. gdev->event_wq,
  1040. vbg_wait_event_cond(gdev, session, event_mask),
  1041. timeout);
  1042. spin_lock_irqsave(&gdev->event_spinlock, flags);
  1043. if (timeout < 0 || session->cancel_waiters) {
  1044. ret = -EINTR;
  1045. } else if (timeout == 0) {
  1046. ret = -ETIMEDOUT;
  1047. } else {
  1048. wait->u.out.events =
  1049. vbg_consume_events_locked(gdev, session, event_mask);
  1050. }
  1051. spin_unlock_irqrestore(&gdev->event_spinlock, flags);
  1052. /*
  1053. * Someone else may have consumed the event(s) first, in
  1054. * which case we go back to waiting.
  1055. */
  1056. } while (ret == 0 && wait->u.out.events == 0);
  1057. return ret;
  1058. }
  1059. static int vbg_ioctl_interrupt_all_wait_events(struct vbg_dev *gdev,
  1060. struct vbg_session *session,
  1061. struct vbg_ioctl_hdr *hdr)
  1062. {
  1063. unsigned long flags;
  1064. if (hdr->size_in != sizeof(*hdr) || hdr->size_out != sizeof(*hdr))
  1065. return -EINVAL;
  1066. spin_lock_irqsave(&gdev->event_spinlock, flags);
  1067. session->cancel_waiters = true;
  1068. spin_unlock_irqrestore(&gdev->event_spinlock, flags);
  1069. wake_up(&gdev->event_wq);
  1070. return 0;
  1071. }
  1072. /**
  1073. * vbg_req_allowed - Checks if the VMM request is allowed in the
  1074. * context of the given session.
  1075. * @gdev: The Guest extension device.
  1076. * @session: The calling session.
  1077. * @req: The request.
  1078. *
  1079. * Return: %0 or negative errno value.
  1080. */
  1081. static int vbg_req_allowed(struct vbg_dev *gdev, struct vbg_session *session,
  1082. const struct vmmdev_request_header *req)
  1083. {
  1084. const struct vmmdev_guest_status *guest_status;
  1085. bool trusted_apps_only;
  1086. switch (req->request_type) {
  1087. /* Trusted users apps only. */
  1088. case VMMDEVREQ_QUERY_CREDENTIALS:
  1089. case VMMDEVREQ_REPORT_CREDENTIALS_JUDGEMENT:
  1090. case VMMDEVREQ_REGISTER_SHARED_MODULE:
  1091. case VMMDEVREQ_UNREGISTER_SHARED_MODULE:
  1092. case VMMDEVREQ_WRITE_COREDUMP:
  1093. case VMMDEVREQ_GET_CPU_HOTPLUG_REQ:
  1094. case VMMDEVREQ_SET_CPU_HOTPLUG_STATUS:
  1095. case VMMDEVREQ_CHECK_SHARED_MODULES:
  1096. case VMMDEVREQ_GET_PAGE_SHARING_STATUS:
  1097. case VMMDEVREQ_DEBUG_IS_PAGE_SHARED:
  1098. case VMMDEVREQ_REPORT_GUEST_STATS:
  1099. case VMMDEVREQ_REPORT_GUEST_USER_STATE:
  1100. case VMMDEVREQ_GET_STATISTICS_CHANGE_REQ:
  1101. trusted_apps_only = true;
  1102. break;
  1103. /* Anyone. */
  1104. case VMMDEVREQ_GET_MOUSE_STATUS:
  1105. case VMMDEVREQ_SET_MOUSE_STATUS:
  1106. case VMMDEVREQ_SET_POINTER_SHAPE:
  1107. case VMMDEVREQ_GET_HOST_VERSION:
  1108. case VMMDEVREQ_IDLE:
  1109. case VMMDEVREQ_GET_HOST_TIME:
  1110. case VMMDEVREQ_SET_POWER_STATUS:
  1111. case VMMDEVREQ_ACKNOWLEDGE_EVENTS:
  1112. case VMMDEVREQ_CTL_GUEST_FILTER_MASK:
  1113. case VMMDEVREQ_REPORT_GUEST_STATUS:
  1114. case VMMDEVREQ_GET_DISPLAY_CHANGE_REQ:
  1115. case VMMDEVREQ_VIDEMODE_SUPPORTED:
  1116. case VMMDEVREQ_GET_HEIGHT_REDUCTION:
  1117. case VMMDEVREQ_GET_DISPLAY_CHANGE_REQ2:
  1118. case VMMDEVREQ_VIDEMODE_SUPPORTED2:
  1119. case VMMDEVREQ_VIDEO_ACCEL_ENABLE:
  1120. case VMMDEVREQ_VIDEO_ACCEL_FLUSH:
  1121. case VMMDEVREQ_VIDEO_SET_VISIBLE_REGION:
  1122. case VMMDEVREQ_VIDEO_UPDATE_MONITOR_POSITIONS:
  1123. case VMMDEVREQ_GET_DISPLAY_CHANGE_REQEX:
  1124. case VMMDEVREQ_GET_DISPLAY_CHANGE_REQ_MULTI:
  1125. case VMMDEVREQ_GET_SEAMLESS_CHANGE_REQ:
  1126. case VMMDEVREQ_GET_VRDPCHANGE_REQ:
  1127. case VMMDEVREQ_LOG_STRING:
  1128. case VMMDEVREQ_GET_SESSION_ID:
  1129. trusted_apps_only = false;
  1130. break;
  1131. /* Depends on the request parameters... */
  1132. case VMMDEVREQ_REPORT_GUEST_CAPABILITIES:
  1133. guest_status = (const struct vmmdev_guest_status *)req;
  1134. switch (guest_status->facility) {
  1135. case VBOXGUEST_FACILITY_TYPE_ALL:
  1136. case VBOXGUEST_FACILITY_TYPE_VBOXGUEST_DRIVER:
  1137. vbg_err("Denying userspace vmm report guest cap. call facility %#08x\n",
  1138. guest_status->facility);
  1139. return -EPERM;
  1140. case VBOXGUEST_FACILITY_TYPE_VBOX_SERVICE:
  1141. trusted_apps_only = true;
  1142. break;
  1143. case VBOXGUEST_FACILITY_TYPE_VBOX_TRAY_CLIENT:
  1144. case VBOXGUEST_FACILITY_TYPE_SEAMLESS:
  1145. case VBOXGUEST_FACILITY_TYPE_GRAPHICS:
  1146. default:
  1147. trusted_apps_only = false;
  1148. break;
  1149. }
  1150. break;
  1151. /* Anything else is not allowed. */
  1152. default:
  1153. vbg_err("Denying userspace vmm call type %#08x\n",
  1154. req->request_type);
  1155. return -EPERM;
  1156. }
  1157. if (trusted_apps_only &&
  1158. (session->requestor & VMMDEV_REQUESTOR_USER_DEVICE)) {
  1159. vbg_err("Denying userspace vmm call type %#08x through vboxuser device node\n",
  1160. req->request_type);
  1161. return -EPERM;
  1162. }
  1163. return 0;
  1164. }
  1165. static int vbg_ioctl_vmmrequest(struct vbg_dev *gdev,
  1166. struct vbg_session *session, void *data)
  1167. {
  1168. struct vbg_ioctl_hdr *hdr = data;
  1169. int ret;
  1170. if (hdr->size_in != hdr->size_out)
  1171. return -EINVAL;
  1172. if (hdr->size_in > VMMDEV_MAX_VMMDEVREQ_SIZE)
  1173. return -E2BIG;
  1174. if (hdr->type == VBG_IOCTL_HDR_TYPE_DEFAULT)
  1175. return -EINVAL;
  1176. ret = vbg_req_allowed(gdev, session, data);
  1177. if (ret < 0)
  1178. return ret;
  1179. vbg_req_perform(gdev, data);
  1180. WARN_ON(hdr->rc == VINF_HGCM_ASYNC_EXECUTE);
  1181. return 0;
  1182. }
  1183. static int vbg_ioctl_hgcm_connect(struct vbg_dev *gdev,
  1184. struct vbg_session *session,
  1185. struct vbg_ioctl_hgcm_connect *conn)
  1186. {
  1187. u32 client_id;
  1188. int i, ret;
  1189. if (vbg_ioctl_chk(&conn->hdr, sizeof(conn->u.in), sizeof(conn->u.out)))
  1190. return -EINVAL;
  1191. /* Find a free place in the sessions clients array and claim it */
  1192. mutex_lock(&gdev->session_mutex);
  1193. for (i = 0; i < ARRAY_SIZE(session->hgcm_client_ids); i++) {
  1194. if (!session->hgcm_client_ids[i]) {
  1195. session->hgcm_client_ids[i] = U32_MAX;
  1196. break;
  1197. }
  1198. }
  1199. mutex_unlock(&gdev->session_mutex);
  1200. if (i >= ARRAY_SIZE(session->hgcm_client_ids))
  1201. return -EMFILE;
  1202. ret = vbg_hgcm_connect(gdev, session->requestor, &conn->u.in.loc,
  1203. &client_id, &conn->hdr.rc);
  1204. mutex_lock(&gdev->session_mutex);
  1205. if (ret == 0 && conn->hdr.rc >= 0) {
  1206. conn->u.out.client_id = client_id;
  1207. session->hgcm_client_ids[i] = client_id;
  1208. } else {
  1209. conn->u.out.client_id = 0;
  1210. session->hgcm_client_ids[i] = 0;
  1211. }
  1212. mutex_unlock(&gdev->session_mutex);
  1213. return ret;
  1214. }
  1215. static int vbg_ioctl_hgcm_disconnect(struct vbg_dev *gdev,
  1216. struct vbg_session *session,
  1217. struct vbg_ioctl_hgcm_disconnect *disconn)
  1218. {
  1219. u32 client_id;
  1220. int i, ret;
  1221. if (vbg_ioctl_chk(&disconn->hdr, sizeof(disconn->u.in), 0))
  1222. return -EINVAL;
  1223. client_id = disconn->u.in.client_id;
  1224. if (client_id == 0 || client_id == U32_MAX)
  1225. return -EINVAL;
  1226. mutex_lock(&gdev->session_mutex);
  1227. for (i = 0; i < ARRAY_SIZE(session->hgcm_client_ids); i++) {
  1228. if (session->hgcm_client_ids[i] == client_id) {
  1229. session->hgcm_client_ids[i] = U32_MAX;
  1230. break;
  1231. }
  1232. }
  1233. mutex_unlock(&gdev->session_mutex);
  1234. if (i >= ARRAY_SIZE(session->hgcm_client_ids))
  1235. return -EINVAL;
  1236. ret = vbg_hgcm_disconnect(gdev, session->requestor, client_id,
  1237. &disconn->hdr.rc);
  1238. mutex_lock(&gdev->session_mutex);
  1239. if (ret == 0 && disconn->hdr.rc >= 0)
  1240. session->hgcm_client_ids[i] = 0;
  1241. else
  1242. session->hgcm_client_ids[i] = client_id;
  1243. mutex_unlock(&gdev->session_mutex);
  1244. return ret;
  1245. }
  1246. static bool vbg_param_valid(enum vmmdev_hgcm_function_parameter_type type)
  1247. {
  1248. switch (type) {
  1249. case VMMDEV_HGCM_PARM_TYPE_32BIT:
  1250. case VMMDEV_HGCM_PARM_TYPE_64BIT:
  1251. case VMMDEV_HGCM_PARM_TYPE_LINADDR:
  1252. case VMMDEV_HGCM_PARM_TYPE_LINADDR_IN:
  1253. case VMMDEV_HGCM_PARM_TYPE_LINADDR_OUT:
  1254. return true;
  1255. default:
  1256. return false;
  1257. }
  1258. }
  1259. static int vbg_ioctl_hgcm_call(struct vbg_dev *gdev,
  1260. struct vbg_session *session, bool f32bit,
  1261. struct vbg_ioctl_hgcm_call *call)
  1262. {
  1263. size_t actual_size;
  1264. u32 client_id;
  1265. int i, ret;
  1266. if (call->hdr.size_in < sizeof(*call))
  1267. return -EINVAL;
  1268. if (call->hdr.size_in != call->hdr.size_out)
  1269. return -EINVAL;
  1270. if (call->parm_count > VMMDEV_HGCM_MAX_PARMS)
  1271. return -E2BIG;
  1272. client_id = call->client_id;
  1273. if (client_id == 0 || client_id == U32_MAX)
  1274. return -EINVAL;
  1275. actual_size = sizeof(*call);
  1276. if (f32bit)
  1277. actual_size += call->parm_count *
  1278. sizeof(struct vmmdev_hgcm_function_parameter32);
  1279. else
  1280. actual_size += call->parm_count *
  1281. sizeof(struct vmmdev_hgcm_function_parameter);
  1282. if (call->hdr.size_in < actual_size) {
  1283. vbg_debug("VBG_IOCTL_HGCM_CALL: hdr.size_in %d required size is %zd\n",
  1284. call->hdr.size_in, actual_size);
  1285. return -EINVAL;
  1286. }
  1287. call->hdr.size_out = actual_size;
  1288. /* Validate parameter types */
  1289. if (f32bit) {
  1290. struct vmmdev_hgcm_function_parameter32 *parm =
  1291. VBG_IOCTL_HGCM_CALL_PARMS32(call);
  1292. for (i = 0; i < call->parm_count; i++)
  1293. if (!vbg_param_valid(parm[i].type))
  1294. return -EINVAL;
  1295. } else {
  1296. struct vmmdev_hgcm_function_parameter *parm =
  1297. VBG_IOCTL_HGCM_CALL_PARMS(call);
  1298. for (i = 0; i < call->parm_count; i++)
  1299. if (!vbg_param_valid(parm[i].type))
  1300. return -EINVAL;
  1301. }
  1302. /*
  1303. * Validate the client id.
  1304. */
  1305. mutex_lock(&gdev->session_mutex);
  1306. for (i = 0; i < ARRAY_SIZE(session->hgcm_client_ids); i++)
  1307. if (session->hgcm_client_ids[i] == client_id)
  1308. break;
  1309. mutex_unlock(&gdev->session_mutex);
  1310. if (i >= ARRAY_SIZE(session->hgcm_client_ids)) {
  1311. vbg_debug("VBG_IOCTL_HGCM_CALL: INVALID handle. u32Client=%#08x\n",
  1312. client_id);
  1313. return -EINVAL;
  1314. }
  1315. if (IS_ENABLED(CONFIG_COMPAT) && f32bit)
  1316. ret = vbg_hgcm_call32(gdev, session->requestor, client_id,
  1317. call->function, call->timeout_ms,
  1318. VBG_IOCTL_HGCM_CALL_PARMS32(call),
  1319. call->parm_count, &call->hdr.rc);
  1320. else
  1321. ret = vbg_hgcm_call(gdev, session->requestor, client_id,
  1322. call->function, call->timeout_ms,
  1323. VBG_IOCTL_HGCM_CALL_PARMS(call),
  1324. call->parm_count, &call->hdr.rc);
  1325. if (ret == -E2BIG) {
  1326. /* E2BIG needs to be reported through the hdr.rc field. */
  1327. call->hdr.rc = VERR_OUT_OF_RANGE;
  1328. ret = 0;
  1329. }
  1330. if (ret && ret != -EINTR && ret != -ETIMEDOUT)
  1331. vbg_err("VBG_IOCTL_HGCM_CALL error: %d\n", ret);
  1332. return ret;
  1333. }
  1334. static int vbg_ioctl_log(struct vbg_ioctl_log *log)
  1335. {
  1336. if (log->hdr.size_out != sizeof(log->hdr))
  1337. return -EINVAL;
  1338. vbg_info("%.*s", (int)(log->hdr.size_in - sizeof(log->hdr)),
  1339. log->u.in.msg);
  1340. return 0;
  1341. }
  1342. static int vbg_ioctl_change_filter_mask(struct vbg_dev *gdev,
  1343. struct vbg_session *session,
  1344. struct vbg_ioctl_change_filter *filter)
  1345. {
  1346. u32 or_mask, not_mask;
  1347. if (vbg_ioctl_chk(&filter->hdr, sizeof(filter->u.in), 0))
  1348. return -EINVAL;
  1349. or_mask = filter->u.in.or_mask;
  1350. not_mask = filter->u.in.not_mask;
  1351. if ((or_mask | not_mask) & ~VMMDEV_EVENT_VALID_EVENT_MASK)
  1352. return -EINVAL;
  1353. return vbg_set_session_event_filter(gdev, session, or_mask, not_mask,
  1354. false);
  1355. }
  1356. static int vbg_ioctl_acquire_guest_capabilities(struct vbg_dev *gdev,
  1357. struct vbg_session *session,
  1358. struct vbg_ioctl_acquire_guest_caps *caps)
  1359. {
  1360. u32 flags, or_mask, not_mask;
  1361. if (vbg_ioctl_chk(&caps->hdr, sizeof(caps->u.in), 0))
  1362. return -EINVAL;
  1363. flags = caps->u.in.flags;
  1364. or_mask = caps->u.in.or_mask;
  1365. not_mask = caps->u.in.not_mask;
  1366. if (flags & ~VBGL_IOC_AGC_FLAGS_VALID_MASK)
  1367. return -EINVAL;
  1368. if ((or_mask | not_mask) & ~VMMDEV_GUEST_CAPABILITIES_MASK)
  1369. return -EINVAL;
  1370. return vbg_acquire_session_capabilities(gdev, session, or_mask,
  1371. not_mask, flags, false);
  1372. }
  1373. static int vbg_ioctl_change_guest_capabilities(struct vbg_dev *gdev,
  1374. struct vbg_session *session, struct vbg_ioctl_set_guest_caps *caps)
  1375. {
  1376. u32 or_mask, not_mask;
  1377. int ret;
  1378. if (vbg_ioctl_chk(&caps->hdr, sizeof(caps->u.in), sizeof(caps->u.out)))
  1379. return -EINVAL;
  1380. or_mask = caps->u.in.or_mask;
  1381. not_mask = caps->u.in.not_mask;
  1382. if ((or_mask | not_mask) & ~VMMDEV_GUEST_CAPABILITIES_MASK)
  1383. return -EINVAL;
  1384. ret = vbg_set_session_capabilities(gdev, session, or_mask, not_mask,
  1385. false);
  1386. if (ret)
  1387. return ret;
  1388. caps->u.out.session_caps = session->set_guest_caps;
  1389. caps->u.out.global_caps = gdev->guest_caps_host;
  1390. return 0;
  1391. }
  1392. static int vbg_ioctl_check_balloon(struct vbg_dev *gdev,
  1393. struct vbg_ioctl_check_balloon *balloon_info)
  1394. {
  1395. if (vbg_ioctl_chk(&balloon_info->hdr, 0, sizeof(balloon_info->u.out)))
  1396. return -EINVAL;
  1397. balloon_info->u.out.balloon_chunks = gdev->mem_balloon.chunks;
  1398. /*
  1399. * Under Linux we handle VMMDEV_EVENT_BALLOON_CHANGE_REQUEST
  1400. * events entirely in the kernel, see vbg_core_isr().
  1401. */
  1402. balloon_info->u.out.handle_in_r3 = false;
  1403. return 0;
  1404. }
  1405. static int vbg_ioctl_write_core_dump(struct vbg_dev *gdev,
  1406. struct vbg_session *session,
  1407. struct vbg_ioctl_write_coredump *dump)
  1408. {
  1409. struct vmmdev_write_core_dump *req;
  1410. if (vbg_ioctl_chk(&dump->hdr, sizeof(dump->u.in), 0))
  1411. return -EINVAL;
  1412. req = vbg_req_alloc(sizeof(*req), VMMDEVREQ_WRITE_COREDUMP,
  1413. session->requestor);
  1414. if (!req)
  1415. return -ENOMEM;
  1416. req->flags = dump->u.in.flags;
  1417. dump->hdr.rc = vbg_req_perform(gdev, req);
  1418. vbg_req_free(req, sizeof(*req));
  1419. return 0;
  1420. }
  1421. /**
  1422. * vbg_core_ioctl - Common IOCtl for user to kernel communication.
  1423. * @session: The client session.
  1424. * @req: The requested function.
  1425. * @data: The i/o data buffer, minimum size sizeof(struct vbg_ioctl_hdr).
  1426. *
  1427. * Return: %0 or negative errno value.
  1428. */
  1429. int vbg_core_ioctl(struct vbg_session *session, unsigned int req, void *data)
  1430. {
  1431. unsigned int req_no_size = req & ~IOCSIZE_MASK;
  1432. struct vbg_dev *gdev = session->gdev;
  1433. struct vbg_ioctl_hdr *hdr = data;
  1434. bool f32bit = false;
  1435. hdr->rc = VINF_SUCCESS;
  1436. if (!hdr->size_out)
  1437. hdr->size_out = hdr->size_in;
  1438. /*
  1439. * hdr->version and hdr->size_in / hdr->size_out minimum size are
  1440. * already checked by vbg_misc_device_ioctl().
  1441. */
  1442. /* For VMMDEV_REQUEST hdr->type != VBG_IOCTL_HDR_TYPE_DEFAULT */
  1443. if (req_no_size == VBG_IOCTL_VMMDEV_REQUEST(0) ||
  1444. req == VBG_IOCTL_VMMDEV_REQUEST_BIG ||
  1445. req == VBG_IOCTL_VMMDEV_REQUEST_BIG_ALT)
  1446. return vbg_ioctl_vmmrequest(gdev, session, data);
  1447. if (hdr->type != VBG_IOCTL_HDR_TYPE_DEFAULT)
  1448. return -EINVAL;
  1449. /* Fixed size requests. */
  1450. switch (req) {
  1451. case VBG_IOCTL_DRIVER_VERSION_INFO:
  1452. return vbg_ioctl_driver_version_info(data);
  1453. case VBG_IOCTL_HGCM_CONNECT:
  1454. return vbg_ioctl_hgcm_connect(gdev, session, data);
  1455. case VBG_IOCTL_HGCM_DISCONNECT:
  1456. return vbg_ioctl_hgcm_disconnect(gdev, session, data);
  1457. case VBG_IOCTL_WAIT_FOR_EVENTS:
  1458. return vbg_ioctl_wait_for_events(gdev, session, data);
  1459. case VBG_IOCTL_INTERRUPT_ALL_WAIT_FOR_EVENTS:
  1460. return vbg_ioctl_interrupt_all_wait_events(gdev, session, data);
  1461. case VBG_IOCTL_CHANGE_FILTER_MASK:
  1462. return vbg_ioctl_change_filter_mask(gdev, session, data);
  1463. case VBG_IOCTL_ACQUIRE_GUEST_CAPABILITIES:
  1464. return vbg_ioctl_acquire_guest_capabilities(gdev, session, data);
  1465. case VBG_IOCTL_CHANGE_GUEST_CAPABILITIES:
  1466. return vbg_ioctl_change_guest_capabilities(gdev, session, data);
  1467. case VBG_IOCTL_CHECK_BALLOON:
  1468. return vbg_ioctl_check_balloon(gdev, data);
  1469. case VBG_IOCTL_WRITE_CORE_DUMP:
  1470. return vbg_ioctl_write_core_dump(gdev, session, data);
  1471. }
  1472. /* Variable sized requests. */
  1473. switch (req_no_size) {
  1474. #ifdef CONFIG_COMPAT
  1475. case VBG_IOCTL_HGCM_CALL_32(0):
  1476. f32bit = true;
  1477. fallthrough;
  1478. #endif
  1479. case VBG_IOCTL_HGCM_CALL(0):
  1480. return vbg_ioctl_hgcm_call(gdev, session, f32bit, data);
  1481. case VBG_IOCTL_LOG(0):
  1482. case VBG_IOCTL_LOG_ALT(0):
  1483. return vbg_ioctl_log(data);
  1484. }
  1485. vbg_err_ratelimited("Userspace made an unknown ioctl req %#08x\n", req);
  1486. return -ENOTTY;
  1487. }
  1488. /**
  1489. * vbg_core_set_mouse_status - Report guest supported mouse-features to the host.
  1490. *
  1491. * @gdev: The Guest extension device.
  1492. * @features: The set of features to report to the host.
  1493. *
  1494. * Return: %0 or negative errno value.
  1495. */
  1496. int vbg_core_set_mouse_status(struct vbg_dev *gdev, u32 features)
  1497. {
  1498. struct vmmdev_mouse_status *req;
  1499. int rc;
  1500. req = vbg_req_alloc(sizeof(*req), VMMDEVREQ_SET_MOUSE_STATUS,
  1501. VBG_KERNEL_REQUEST);
  1502. if (!req)
  1503. return -ENOMEM;
  1504. req->mouse_features = features;
  1505. req->pointer_pos_x = 0;
  1506. req->pointer_pos_y = 0;
  1507. rc = vbg_req_perform(gdev, req);
  1508. if (rc < 0)
  1509. vbg_err("%s error, rc: %d\n", __func__, rc);
  1510. vbg_req_free(req, sizeof(*req));
  1511. return vbg_status_code_to_errno(rc);
  1512. }
  1513. /* Core interrupt service routine. */
  1514. irqreturn_t vbg_core_isr(int irq, void *dev_id)
  1515. {
  1516. struct vbg_dev *gdev = dev_id;
  1517. struct vmmdev_events *req = gdev->ack_events_req;
  1518. bool mouse_position_changed = false;
  1519. unsigned long flags;
  1520. u32 events = 0;
  1521. int rc;
  1522. if (!gdev->mmio->V.V1_04.have_events)
  1523. return IRQ_NONE;
  1524. /* Get and acknowlegde events. */
  1525. req->header.rc = VERR_INTERNAL_ERROR;
  1526. req->events = 0;
  1527. rc = vbg_req_perform(gdev, req);
  1528. if (rc < 0) {
  1529. vbg_err("Error performing events req, rc: %d\n", rc);
  1530. return IRQ_NONE;
  1531. }
  1532. events = req->events;
  1533. if (events & VMMDEV_EVENT_MOUSE_POSITION_CHANGED) {
  1534. mouse_position_changed = true;
  1535. events &= ~VMMDEV_EVENT_MOUSE_POSITION_CHANGED;
  1536. }
  1537. if (events & VMMDEV_EVENT_HGCM) {
  1538. wake_up(&gdev->hgcm_wq);
  1539. events &= ~VMMDEV_EVENT_HGCM;
  1540. }
  1541. if (events & VMMDEV_EVENT_BALLOON_CHANGE_REQUEST) {
  1542. schedule_work(&gdev->mem_balloon.work);
  1543. events &= ~VMMDEV_EVENT_BALLOON_CHANGE_REQUEST;
  1544. }
  1545. if (events) {
  1546. spin_lock_irqsave(&gdev->event_spinlock, flags);
  1547. gdev->pending_events |= events;
  1548. spin_unlock_irqrestore(&gdev->event_spinlock, flags);
  1549. wake_up(&gdev->event_wq);
  1550. }
  1551. if (mouse_position_changed)
  1552. vbg_linux_mouse_event(gdev);
  1553. return IRQ_HANDLED;
  1554. }