VirtualBox

source: vbox/trunk/src/VBox/Additions/common/VBoxGuest/lib/VBoxGuestR0LibHGCMInternal.cpp@ 107079

Last change on this file since 107079 was 107079, checked in by vboxsync, 2 months ago

Additions: Linux: Fix UBSAN warnings, bugref:10585.

  • Property svn:eol-style set to native
  • Property svn:keywords set to Author Date Id Revision
File size: 50.5 KB
Line 
1/* $Id: VBoxGuestR0LibHGCMInternal.cpp 107079 2024-11-21 11:19:14Z vboxsync $ */
2/** @file
3 * VBoxGuestLib - Host-Guest Communication Manager internal functions, implemented by VBoxGuest
4 */
5
6/*
7 * Copyright (C) 2006-2024 Oracle and/or its affiliates.
8 *
9 * Permission is hereby granted, free of charge, to any person
10 * obtaining a copy of this software and associated documentation
11 * files (the "Software"), to deal in the Software without
12 * restriction, including without limitation the rights to use,
13 * copy, modify, merge, publish, distribute, sublicense, and/or sell
14 * copies of the Software, and to permit persons to whom the
15 * Software is furnished to do so, subject to the following
16 * conditions:
17 *
18 * The above copyright notice and this permission notice shall be
19 * included in all copies or substantial portions of the Software.
20 *
21 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
22 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
23 * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
24 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
25 * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
26 * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
27 * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
28 * OTHER DEALINGS IN THE SOFTWARE.
29 */
30
31
32/*********************************************************************************************************************************
33* Header Files *
34*********************************************************************************************************************************/
35#define LOG_GROUP LOG_GROUP_HGCM
36
37#include "VBoxGuestR0LibInternal.h"
38#include <iprt/asm.h>
39#include <iprt/assert.h>
40#include <iprt/mem.h>
41#include <iprt/memobj.h>
42#include <iprt/string.h>
43#include <iprt/thread.h>
44#include <iprt/time.h>
45#include <VBox/err.h>
46
47#ifndef VBGL_VBOXGUEST
48# error "This file should only be part of the VBoxGuestR0LibBase library that is linked into VBoxGuest."
49#endif
50
51
52/*********************************************************************************************************************************
53* Defined Constants And Macros *
54*********************************************************************************************************************************/
55/** The max parameter buffer size for a user request. */
56#define VBGLR0_MAX_HGCM_USER_PARM (24*_1M)
57/** The max parameter buffer size for a kernel request. */
58#define VBGLR0_MAX_HGCM_KERNEL_PARM (16*_1M)
59/** The max embedded buffer size. */
60#define VBGLR0_MAX_HGCM_EMBEDDED_BUFFER _64K
61
62#if defined(RT_OS_LINUX) || defined(RT_OS_DARWIN)
63/** Linux needs to use bounce buffers since RTR0MemObjLockUser has unwanted
64 * side effects.
65 * Darwin 32bit & 64bit also needs this because of 4GB/4GB user/kernel space. */
66# define USE_BOUNCE_BUFFERS
67#endif
68
69
70/*********************************************************************************************************************************
71* Structures and Typedefs *
72*********************************************************************************************************************************/
73/**
74 * Lock info structure used by VbglR0HGCMInternalCall and its helpers.
75 */
76struct VbglR0ParmInfo
77{
78 uint32_t cLockBufs;
79 struct
80 {
81 uint32_t iParm;
82 RTR0MEMOBJ hObj;
83#ifdef USE_BOUNCE_BUFFERS
84 void *pvSmallBuf;
85#endif
86 } aLockBufs[10];
87};
88
89
90
91/* These functions can be only used by VBoxGuest. */
92
93DECLR0VBGL(int) VbglR0HGCMInternalConnect(HGCMServiceLocation const *pLoc, uint32_t fRequestor, HGCMCLIENTID *pidClient,
94 PFNVBGLHGCMCALLBACK pfnAsyncCallback, void *pvAsyncData, uint32_t u32AsyncData)
95{
96 int rc;
97 if ( RT_VALID_PTR(pLoc)
98 && RT_VALID_PTR(pidClient)
99 && RT_VALID_PTR(pfnAsyncCallback))
100 {
101 /* Allocate request */
102 VMMDevHGCMConnect *pHGCMConnect = NULL;
103 rc = VbglR0GRAlloc((VMMDevRequestHeader **)&pHGCMConnect, sizeof(VMMDevHGCMConnect), VMMDevReq_HGCMConnect);
104 if (RT_SUCCESS(rc))
105 {
106 /* Initialize request memory */
107 pHGCMConnect->header.header.fRequestor = fRequestor;
108
109 pHGCMConnect->header.fu32Flags = 0;
110
111 memcpy(&pHGCMConnect->loc, pLoc, sizeof(pHGCMConnect->loc));
112 pHGCMConnect->u32ClientID = 0;
113
114 /* Issue request */
115 rc = VbglR0GRPerform (&pHGCMConnect->header.header);
116 if (RT_SUCCESS(rc))
117 {
118 /* Check if host decides to process the request asynchronously. */
119 if (rc == VINF_HGCM_ASYNC_EXECUTE)
120 {
121 /* Wait for request completion interrupt notification from host */
122 pfnAsyncCallback(&pHGCMConnect->header, pvAsyncData, u32AsyncData);
123 }
124
125 rc = pHGCMConnect->header.result;
126 if (RT_SUCCESS(rc))
127 *pidClient = pHGCMConnect->u32ClientID;
128 }
129 VbglR0GRFree(&pHGCMConnect->header.header);
130 }
131 }
132 else
133 rc = VERR_INVALID_PARAMETER;
134 return rc;
135}
136
137
138DECLR0VBGL(int) VbglR0HGCMInternalDisconnect(HGCMCLIENTID idClient, uint32_t fRequestor,
139 PFNVBGLHGCMCALLBACK pfnAsyncCallback, void *pvAsyncData, uint32_t u32AsyncData)
140{
141 int rc;
142 if ( idClient != 0
143 && pfnAsyncCallback)
144 {
145 /* Allocate request */
146 VMMDevHGCMDisconnect *pHGCMDisconnect = NULL;
147 rc = VbglR0GRAlloc ((VMMDevRequestHeader **)&pHGCMDisconnect, sizeof (VMMDevHGCMDisconnect), VMMDevReq_HGCMDisconnect);
148 if (RT_SUCCESS(rc))
149 {
150 /* Initialize request memory */
151 pHGCMDisconnect->header.header.fRequestor = fRequestor;
152
153 pHGCMDisconnect->header.fu32Flags = 0;
154
155 pHGCMDisconnect->u32ClientID = idClient;
156
157 /* Issue request */
158 rc = VbglR0GRPerform(&pHGCMDisconnect->header.header);
159 if (RT_SUCCESS(rc))
160 {
161 /* Check if host decides to process the request asynchronously. */
162 if (rc == VINF_HGCM_ASYNC_EXECUTE)
163 {
164 /* Wait for request completion interrupt notification from host */
165 pfnAsyncCallback(&pHGCMDisconnect->header, pvAsyncData, u32AsyncData);
166 }
167
168 rc = pHGCMDisconnect->header.result;
169 }
170
171 VbglR0GRFree(&pHGCMDisconnect->header.header);
172 }
173 }
174 else
175 rc = VERR_INVALID_PARAMETER;
176 return rc;
177}
178
179
180/**
181 * Preprocesses the HGCM call, validating and locking/buffering parameters.
182 *
183 * @returns VBox status code.
184 *
185 * @param pCallInfo The call info.
186 * @param cbCallInfo The size of the call info structure.
187 * @param fIsUser Is it a user request or kernel request.
188 * @param pcbExtra Where to return the extra request space needed for
189 * physical page lists.
190 */
191static int vbglR0HGCMInternalPreprocessCall(PCVBGLIOCHGCMCALL pCallInfo, uint32_t cbCallInfo,
192 bool fIsUser, struct VbglR0ParmInfo *pParmInfo, size_t *pcbExtra)
193{
194 HGCMFunctionParameter const *pSrcParm = VBGL_HGCM_GET_CALL_PARMS(pCallInfo);
195 uint32_t const cParms = pCallInfo->cParms;
196 uint32_t iParm;
197 uint32_t cb;
198
199 /*
200 * Lock down the any linear buffers so we can get their addresses
201 * and figure out how much extra storage we need for page lists.
202 *
203 * Note! With kernel mode users we can be assertive. For user mode users
204 * we should just (debug) log it and fail without any fanfare.
205 */
206 *pcbExtra = 0;
207 pParmInfo->cLockBufs = 0;
208 for (iParm = 0; iParm < cParms; iParm++, pSrcParm++)
209 {
210 switch (pSrcParm->type)
211 {
212 case VMMDevHGCMParmType_32bit:
213 Log4(("GstHGCMCall: parm=%u type=32bit: %#010x\n", iParm, pSrcParm->u.value32));
214 break;
215
216 case VMMDevHGCMParmType_64bit:
217 Log4(("GstHGCMCall: parm=%u type=64bit: %#018RX64\n", iParm, pSrcParm->u.value64));
218 break;
219
220 case VMMDevHGCMParmType_PageList:
221 case VMMDevHGCMParmType_ContiguousPageList:
222 if (fIsUser)
223 return VERR_INVALID_PARAMETER;
224 cb = pSrcParm->u.PageList.size;
225 if (cb)
226 {
227 uint32_t off = pSrcParm->u.PageList.offset;
228 HGCMPageListInfo *pPgLst;
229 uint32_t cPages;
230 uint32_t u32;
231
232 AssertMsgReturn(cb <= VBGLR0_MAX_HGCM_KERNEL_PARM, ("%#x > %#x\n", cb, VBGLR0_MAX_HGCM_KERNEL_PARM),
233 VERR_OUT_OF_RANGE);
234 AssertMsgReturn( off >= cParms * sizeof(HGCMFunctionParameter)
235 && off <= cbCallInfo - sizeof(HGCMPageListInfo),
236 ("offset=%#x cParms=%#x cbCallInfo=%#x\n", off, cParms, cbCallInfo),
237 VERR_INVALID_PARAMETER);
238
239 pPgLst = (HGCMPageListInfo *)((uint8_t *)pCallInfo + off);
240 cPages = pPgLst->cPages;
241 u32 = RT_UOFFSETOF_DYN(HGCMPageListInfo, aPages[cPages]) + off;
242 AssertMsgReturn(u32 <= cbCallInfo,
243 ("u32=%#x (cPages=%#x offset=%#x) cbCallInfo=%#x\n", u32, cPages, off, cbCallInfo),
244 VERR_INVALID_PARAMETER);
245 AssertMsgReturn(pPgLst->offFirstPage < PAGE_SIZE, ("#x\n", pPgLst->offFirstPage), VERR_INVALID_PARAMETER);
246 u32 = RT_ALIGN_32(pPgLst->offFirstPage + cb, PAGE_SIZE) >> PAGE_SHIFT;
247 AssertMsgReturn(cPages == u32, ("cPages=%#x u32=%#x\n", cPages, u32), VERR_INVALID_PARAMETER);
248 AssertMsgReturn(VBOX_HGCM_F_PARM_ARE_VALID(pPgLst->flags), ("%#x\n", pPgLst->flags), VERR_INVALID_PARAMETER);
249 Log4(("GstHGCMCall: parm=%u type=pglst: cb=%#010x cPgs=%u offPg0=%#x flags=%#x\n",
250 iParm, cb, cPages, pPgLst->offFirstPage, pPgLst->flags));
251 u32 = cPages;
252 while (u32-- > 0)
253 {
254 Log4(("GstHGCMCall: pg#%u=%RHp\n", u32, pPgLst->aPages[u32]));
255 AssertMsgReturn(!(pPgLst->aPages[u32] & (PAGE_OFFSET_MASK | UINT64_C(0xfff0000000000000))),
256 ("pg#%u=%RHp\n", u32, pPgLst->aPages[u32]),
257 VERR_INVALID_PARAMETER);
258 }
259
260 *pcbExtra += RT_UOFFSETOF_DYN(HGCMPageListInfo, aPages[pPgLst->cPages]);
261 }
262 else
263 Log4(("GstHGCMCall: parm=%u type=pglst: cb=0\n", iParm));
264 break;
265
266 case VMMDevHGCMParmType_Embedded:
267 if (fIsUser) /// @todo relax this.
268 return VERR_INVALID_PARAMETER;
269 cb = pSrcParm->u.Embedded.cbData;
270 if (cb)
271 {
272 uint32_t off = pSrcParm->u.Embedded.offData;
273 AssertMsgReturn(cb <= VBGLR0_MAX_HGCM_EMBEDDED_BUFFER, ("%#x > %#x\n", cb, VBGLR0_MAX_HGCM_EMBEDDED_BUFFER),
274 VERR_INVALID_PARAMETER);
275 AssertMsgReturn(cb <= cbCallInfo - cParms * sizeof(HGCMFunctionParameter),
276 ("cb=%#x cParms=%#x cbCallInfo=%3x\n", cb, cParms, cbCallInfo),
277 VERR_INVALID_PARAMETER);
278 AssertMsgReturn( off >= cParms * sizeof(HGCMFunctionParameter)
279 && off <= cbCallInfo - cb,
280 ("offData=%#x cParms=%#x cbCallInfo=%#x\n", off, cParms, cbCallInfo),
281 VERR_INVALID_PARAMETER);
282 AssertMsgReturn(VBOX_HGCM_F_PARM_ARE_VALID(pSrcParm->u.Embedded.fFlags),
283 ("%#x\n", pSrcParm->u.Embedded.fFlags), VERR_INVALID_PARAMETER);
284
285 *pcbExtra += RT_ALIGN_32(cb, 8);
286 }
287 else
288 Log4(("GstHGCMCall: parm=%u type=embed: cb=0\n", iParm));
289 break;
290
291
292 case VMMDevHGCMParmType_LinAddr_Locked_In:
293 case VMMDevHGCMParmType_LinAddr_Locked_Out:
294 case VMMDevHGCMParmType_LinAddr_Locked:
295 if (fIsUser)
296 return VERR_INVALID_PARAMETER;
297 if (!VBGLR0_CAN_USE_PHYS_PAGE_LIST(/*a_fLocked =*/ true))
298 {
299 cb = pSrcParm->u.Pointer.size;
300 AssertMsgReturn(cb <= VBGLR0_MAX_HGCM_KERNEL_PARM, ("%#x > %#x\n", cb, VBGLR0_MAX_HGCM_KERNEL_PARM),
301 VERR_OUT_OF_RANGE);
302 if (cb != 0)
303 Log4(("GstHGCMCall: parm=%u type=%#x: cb=%#010x pv=%p\n",
304 iParm, pSrcParm->type, cb, pSrcParm->u.Pointer.u.linearAddr));
305 else
306 Log4(("GstHGCMCall: parm=%u type=%#x: cb=0\n", iParm, pSrcParm->type));
307 break;
308 }
309 RT_FALL_THRU();
310
311 case VMMDevHGCMParmType_LinAddr_In:
312 case VMMDevHGCMParmType_LinAddr_Out:
313 case VMMDevHGCMParmType_LinAddr:
314 cb = pSrcParm->u.Pointer.size;
315 if (cb != 0)
316 {
317#ifdef USE_BOUNCE_BUFFERS
318 void *pvSmallBuf = NULL;
319#endif
320 uint32_t iLockBuf = pParmInfo->cLockBufs;
321 RTR0MEMOBJ hObj;
322 int rc;
323 uint32_t fAccess = pSrcParm->type == VMMDevHGCMParmType_LinAddr_In
324 || pSrcParm->type == VMMDevHGCMParmType_LinAddr_Locked_In
325 ? RTMEM_PROT_READ
326 : RTMEM_PROT_READ | RTMEM_PROT_WRITE;
327
328 AssertReturn(iLockBuf < RT_ELEMENTS(pParmInfo->aLockBufs), VERR_INVALID_PARAMETER);
329 if (!fIsUser)
330 {
331 AssertMsgReturn(cb <= VBGLR0_MAX_HGCM_KERNEL_PARM, ("%#x > %#x\n", cb, VBGLR0_MAX_HGCM_KERNEL_PARM),
332 VERR_OUT_OF_RANGE);
333 rc = RTR0MemObjLockKernel(&hObj, (void *)pSrcParm->u.Pointer.u.linearAddr, cb, fAccess);
334 if (RT_FAILURE(rc))
335 {
336 Log(("GstHGCMCall: id=%#x fn=%u parm=%u RTR0MemObjLockKernel(,%p,%#x) -> %Rrc\n",
337 pCallInfo->u32ClientID, pCallInfo->u32Function, iParm, pSrcParm->u.Pointer.u.linearAddr, cb, rc));
338 return rc;
339 }
340 Log3(("GstHGCMCall: parm=%u type=%#x: cb=%#010x pv=%p locked kernel -> %p\n",
341 iParm, pSrcParm->type, cb, pSrcParm->u.Pointer.u.linearAddr, hObj));
342 }
343 else if (cb > VBGLR0_MAX_HGCM_USER_PARM)
344 {
345 Log(("GstHGCMCall: id=%#x fn=%u parm=%u pv=%p cb=%#x > %#x -> out of range\n",
346 pCallInfo->u32ClientID, pCallInfo->u32Function, iParm, pSrcParm->u.Pointer.u.linearAddr,
347 cb, VBGLR0_MAX_HGCM_USER_PARM));
348 return VERR_OUT_OF_RANGE;
349 }
350 else
351 {
352#ifndef USE_BOUNCE_BUFFERS
353 rc = RTR0MemObjLockUser(&hObj, (RTR3PTR)pSrcParm->u.Pointer.u.linearAddr, cb, fAccess, NIL_RTR0PROCESS);
354 if (RT_FAILURE(rc))
355 {
356 Log(("GstHGCMCall: id=%#x fn=%u parm=%u RTR0MemObjLockUser(,%p,%#x,nil) -> %Rrc\n",
357 pCallInfo->u32ClientID, pCallInfo->u32Function, iParm, pSrcParm->u.Pointer.u.linearAddr, cb, rc));
358 return rc;
359 }
360 Log3(("GstHGCMCall: parm=%u type=%#x: cb=%#010x pv=%p locked user -> %p\n",
361 iParm, pSrcParm->type, cb, pSrcParm->u.Pointer.u.linearAddr, hObj));
362
363#else /* USE_BOUNCE_BUFFERS */
364 /*
365 * This is a bit massive, but we don't want to waste a
366 * whole page for a 3 byte string buffer (guest props).
367 *
368 * The threshold is ASSUMING sizeof(RTMEMHDR) == 16 and
369 * the system is using some power of two allocator.
370 */
371 /** @todo A more efficient strategy would be to combine buffers. However it
372 * is probably going to be more massive than the current code, so
373 * it can wait till later. */
374 bool fCopyIn = pSrcParm->type != VMMDevHGCMParmType_LinAddr_Out
375 && pSrcParm->type != VMMDevHGCMParmType_LinAddr_Locked_Out;
376 if (cb <= PAGE_SIZE / 2 - 16)
377 {
378 pvSmallBuf = fCopyIn ? RTMemTmpAlloc(cb) : RTMemTmpAllocZ(cb);
379 if (RT_UNLIKELY(!pvSmallBuf))
380 return VERR_NO_MEMORY;
381 if (fCopyIn)
382 {
383 rc = RTR0MemUserCopyFrom(pvSmallBuf, pSrcParm->u.Pointer.u.linearAddr, cb);
384 if (RT_FAILURE(rc))
385 {
386 RTMemTmpFree(pvSmallBuf);
387 Log(("GstHGCMCall: id=%#x fn=%u parm=%u RTR0MemUserCopyFrom(,%p,%#x) -> %Rrc\n",
388 pCallInfo->u32ClientID, pCallInfo->u32Function, iParm,
389 pSrcParm->u.Pointer.u.linearAddr, cb, rc));
390 return rc;
391 }
392 }
393 rc = RTR0MemObjLockKernel(&hObj, pvSmallBuf, cb, fAccess);
394 if (RT_FAILURE(rc))
395 {
396 RTMemTmpFree(pvSmallBuf);
397 Log(("GstHGCMCall: RTR0MemObjLockKernel failed for small buffer: rc=%Rrc pvSmallBuf=%p cb=%#x\n",
398 rc, pvSmallBuf, cb));
399 return rc;
400 }
401 Log3(("GstHGCMCall: parm=%u type=%#x: cb=%#010x pv=%p small buffer %p -> %p\n",
402 iParm, pSrcParm->type, cb, pSrcParm->u.Pointer.u.linearAddr, pvSmallBuf, hObj));
403 }
404 else
405 {
406 rc = RTR0MemObjAllocPage(&hObj, cb, false /*fExecutable*/);
407 if (RT_FAILURE(rc))
408 return rc;
409 if (!fCopyIn)
410 memset(RTR0MemObjAddress(hObj), '\0', cb);
411 else
412 {
413 rc = RTR0MemUserCopyFrom(RTR0MemObjAddress(hObj), pSrcParm->u.Pointer.u.linearAddr, cb);
414 if (RT_FAILURE(rc))
415 {
416 RTR0MemObjFree(hObj, false /*fFreeMappings*/);
417 Log(("GstHGCMCall: id=%#x fn=%u parm=%u RTR0MemUserCopyFrom(,%p,%#x) -> %Rrc\n",
418 pCallInfo->u32ClientID, pCallInfo->u32Function, iParm,
419 pSrcParm->u.Pointer.u.linearAddr, cb, rc));
420 return rc;
421 }
422 }
423 Log3(("GstHGCMCall: parm=%u type=%#x: cb=%#010x pv=%p big buffer -> %p\n",
424 iParm, pSrcParm->type, cb, pSrcParm->u.Pointer.u.linearAddr, hObj));
425 }
426#endif /* USE_BOUNCE_BUFFERS */
427 }
428
429 pParmInfo->aLockBufs[iLockBuf].iParm = iParm;
430 pParmInfo->aLockBufs[iLockBuf].hObj = hObj;
431#ifdef USE_BOUNCE_BUFFERS
432 pParmInfo->aLockBufs[iLockBuf].pvSmallBuf = pvSmallBuf;
433#endif
434 pParmInfo->cLockBufs = iLockBuf + 1;
435
436 if (VBGLR0_CAN_USE_PHYS_PAGE_LIST(/*a_fLocked =*/ false))
437 {
438 size_t const cPages = RTR0MemObjSize(hObj) >> PAGE_SHIFT;
439 *pcbExtra += RT_UOFFSETOF_DYN(HGCMPageListInfo, aPages) +
440 RT_SIZEOFMEMB(HGCMPageListInfo, aPages) * cPages;
441 }
442 }
443 else
444 Log4(("GstHGCMCall: parm=%u type=%#x: cb=0\n", iParm, pSrcParm->type));
445 break;
446
447 default:
448 return VERR_INVALID_PARAMETER;
449 }
450 }
451
452 return VINF_SUCCESS;
453}
454
455
456/**
457 * Translates locked linear address to the normal type.
458 * The locked types are only for the guest side and not handled by the host.
459 *
460 * @returns normal linear address type.
461 * @param enmType The type.
462 */
463static HGCMFunctionParameterType vbglR0HGCMInternalConvertLinAddrType(HGCMFunctionParameterType enmType)
464{
465 switch (enmType)
466 {
467 case VMMDevHGCMParmType_LinAddr_Locked_In:
468 return VMMDevHGCMParmType_LinAddr_In;
469 case VMMDevHGCMParmType_LinAddr_Locked_Out:
470 return VMMDevHGCMParmType_LinAddr_Out;
471 case VMMDevHGCMParmType_LinAddr_Locked:
472 return VMMDevHGCMParmType_LinAddr;
473 default:
474 return enmType;
475 }
476}
477
478
479/**
480 * Translates linear address types to page list direction flags.
481 *
482 * @returns page list flags.
483 * @param enmType The type.
484 */
485static uint32_t vbglR0HGCMInternalLinAddrTypeToPageListFlags(HGCMFunctionParameterType enmType)
486{
487 switch (enmType)
488 {
489 case VMMDevHGCMParmType_LinAddr_In:
490 case VMMDevHGCMParmType_LinAddr_Locked_In:
491 return VBOX_HGCM_F_PARM_DIRECTION_TO_HOST;
492
493 case VMMDevHGCMParmType_LinAddr_Out:
494 case VMMDevHGCMParmType_LinAddr_Locked_Out:
495 return VBOX_HGCM_F_PARM_DIRECTION_FROM_HOST;
496
497 default: AssertFailed(); RT_FALL_THRU();
498 case VMMDevHGCMParmType_LinAddr:
499 case VMMDevHGCMParmType_LinAddr_Locked:
500 return VBOX_HGCM_F_PARM_DIRECTION_BOTH;
501 }
502}
503
504
505/**
506 * Initializes the call request that we're sending to the host.
507 *
508 * @returns VBox status code.
509 *
510 * @param pCallInfo The call info.
511 * @param cbCallInfo The size of the call info structure.
512 * @param fRequestor VMMDEV_REQUESTOR_XXX.
513 * @param fIsUser Is it a user request or kernel request.
514 * @param pcbExtra Where to return the extra request space needed for
515 * physical page lists.
516 */
517static void vbglR0HGCMInternalInitCall(VMMDevHGCMCall *pHGCMCall, PCVBGLIOCHGCMCALL pCallInfo,
518 uint32_t cbCallInfo, uint32_t fRequestor, bool fIsUser, struct VbglR0ParmInfo *pParmInfo)
519{
520 HGCMFunctionParameter const *pSrcParm = VBGL_HGCM_GET_CALL_PARMS(pCallInfo);
521 HGCMFunctionParameter *pDstParm = VMMDEV_HGCM_CALL_PARMS(pHGCMCall);
522 uint32_t const cParms = pCallInfo->cParms;
523 uint32_t offExtra = (uint32_t)((uintptr_t)(pDstParm + cParms) - (uintptr_t)pHGCMCall);
524 uint32_t iLockBuf = 0;
525 uint32_t iParm;
526 RT_NOREF1(cbCallInfo);
527#ifndef USE_BOUNCE_BUFFERS
528 RT_NOREF1(fIsUser);
529#endif
530
531 /*
532 * The call request headers.
533 */
534 pHGCMCall->header.header.fRequestor = !fIsUser || (fRequestor & VMMDEV_REQUESTOR_USERMODE) ? fRequestor
535 : VMMDEV_REQUESTOR_USERMODE | VMMDEV_REQUESTOR_USR_NOT_GIVEN
536 | VMMDEV_REQUESTOR_TRUST_NOT_GIVEN | VMMDEV_REQUESTOR_CON_DONT_KNOW;
537
538 pHGCMCall->header.fu32Flags = 0;
539 pHGCMCall->header.result = VINF_SUCCESS;
540
541 pHGCMCall->u32ClientID = pCallInfo->u32ClientID;
542 pHGCMCall->u32Function = pCallInfo->u32Function;
543 pHGCMCall->cParms = cParms;
544
545 /*
546 * The parameters.
547 */
548 for (iParm = 0; iParm < cParms; iParm++, pSrcParm++, pDstParm++)
549 {
550 switch (pSrcParm->type)
551 {
552 case VMMDevHGCMParmType_32bit:
553 case VMMDevHGCMParmType_64bit:
554 *pDstParm = *pSrcParm;
555 break;
556
557 case VMMDevHGCMParmType_PageList:
558 case VMMDevHGCMParmType_ContiguousPageList:
559 pDstParm->type = pSrcParm->type;
560 pDstParm->u.PageList.size = pSrcParm->u.PageList.size;
561 if (pSrcParm->u.PageList.size)
562 {
563 HGCMPageListInfo const *pSrcPgLst = (HGCMPageListInfo *)((uint8_t *)pCallInfo + pSrcParm->u.PageList.offset);
564 HGCMPageListInfo *pDstPgLst = (HGCMPageListInfo *)((uint8_t *)pHGCMCall + offExtra);
565 uint32_t const cPages = pSrcPgLst->cPages;
566 uint32_t iPage;
567
568 pDstParm->u.PageList.offset = offExtra;
569 pDstPgLst->flags = pSrcPgLst->flags;
570 pDstPgLst->offFirstPage = pSrcPgLst->offFirstPage;
571 pDstPgLst->cPages = (uint16_t)cPages;
572 for (iPage = 0; iPage < cPages; iPage++)
573 pDstPgLst->aPages[iPage] = pSrcPgLst->aPages[iPage];
574
575 offExtra += RT_UOFFSETOF_DYN(HGCMPageListInfo, aPages[cPages]);
576 }
577 else
578 pDstParm->u.PageList.offset = 0; /** @todo will fail on the host side now */
579 break;
580
581 case VMMDevHGCMParmType_Embedded:
582 {
583 uint32_t const cb = pSrcParm->u.Embedded.cbData;
584 pDstParm->type = VMMDevHGCMParmType_Embedded;
585 pDstParm->u.Embedded.cbData = cb;
586 pDstParm->u.Embedded.offData = offExtra;
587 if (cb > 0)
588 {
589 uint8_t *pbDst = (uint8_t *)pHGCMCall + offExtra;
590 if (pSrcParm->u.Embedded.fFlags & VBOX_HGCM_F_PARM_DIRECTION_TO_HOST)
591 {
592 memcpy(pbDst, (uint8_t const *)pCallInfo + pSrcParm->u.Embedded.offData, cb);
593 if (RT_ALIGN(cb, 8) != cb)
594 memset(pbDst + cb, 0, RT_ALIGN(cb, 8) - cb);
595 }
596 else
597 RT_BZERO(pbDst, RT_ALIGN(cb, 8));
598 offExtra += RT_ALIGN(cb, 8);
599 }
600 break;
601 }
602
603 case VMMDevHGCMParmType_LinAddr_Locked_In:
604 case VMMDevHGCMParmType_LinAddr_Locked_Out:
605 case VMMDevHGCMParmType_LinAddr_Locked:
606 if (!VBGLR0_CAN_USE_PHYS_PAGE_LIST(/*a_fLocked =*/ true))
607 {
608 *pDstParm = *pSrcParm;
609 pDstParm->type = vbglR0HGCMInternalConvertLinAddrType(pSrcParm->type);
610 break;
611 }
612 RT_FALL_THRU();
613
614 case VMMDevHGCMParmType_LinAddr_In:
615 case VMMDevHGCMParmType_LinAddr_Out:
616 case VMMDevHGCMParmType_LinAddr:
617 if (pSrcParm->u.Pointer.size != 0)
618 {
619#ifdef USE_BOUNCE_BUFFERS
620 void *pvSmallBuf = pParmInfo->aLockBufs[iLockBuf].pvSmallBuf;
621#endif
622 RTR0MEMOBJ hObj = pParmInfo->aLockBufs[iLockBuf].hObj;
623 Assert(iParm == pParmInfo->aLockBufs[iLockBuf].iParm);
624
625 if (VBGLR0_CAN_USE_PHYS_PAGE_LIST(/*a_fLocked =*/ false))
626 {
627 HGCMPageListInfo *pDstPgLst = (HGCMPageListInfo *)((uint8_t *)pHGCMCall + offExtra);
628 size_t const cPages = RTR0MemObjSize(hObj) >> PAGE_SHIFT;
629 size_t iPage;
630
631 pDstParm->type = VMMDevHGCMParmType_PageList;
632 pDstParm->u.PageList.size = pSrcParm->u.Pointer.size;
633 pDstParm->u.PageList.offset = offExtra;
634 pDstPgLst->flags = vbglR0HGCMInternalLinAddrTypeToPageListFlags(pSrcParm->type);
635#ifdef USE_BOUNCE_BUFFERS
636 if (fIsUser)
637 pDstPgLst->offFirstPage = (uintptr_t)pvSmallBuf & PAGE_OFFSET_MASK;
638 else
639#endif
640 pDstPgLst->offFirstPage = (uint16_t)(pSrcParm->u.Pointer.u.linearAddr & PAGE_OFFSET_MASK);
641 pDstPgLst->cPages = (uint16_t)cPages; Assert(pDstPgLst->cPages == cPages);
642 for (iPage = 0; iPage < cPages; iPage++)
643 {
644 RTGCPHYS64 * paPages = pDstPgLst->aPages;
645 paPages[iPage] = RTR0MemObjGetPagePhysAddr(hObj, iPage);
646 Assert(paPages[iPage] != NIL_RTHCPHYS);
647 }
648
649 offExtra += RT_UOFFSETOF_DYN(HGCMPageListInfo, aPages) +
650 RT_SIZEOFMEMB(HGCMPageListInfo, aPages) * cPages;
651 }
652 else
653 {
654 pDstParm->type = vbglR0HGCMInternalConvertLinAddrType(pSrcParm->type);
655 pDstParm->u.Pointer.size = pSrcParm->u.Pointer.size;
656#ifdef USE_BOUNCE_BUFFERS
657 if (fIsUser)
658 pDstParm->u.Pointer.u.linearAddr = pvSmallBuf
659 ? (uintptr_t)pvSmallBuf
660 : (uintptr_t)RTR0MemObjAddress(hObj);
661 else
662#endif
663 pDstParm->u.Pointer.u.linearAddr = pSrcParm->u.Pointer.u.linearAddr;
664 }
665 iLockBuf++;
666 }
667 else
668 {
669 pDstParm->type = vbglR0HGCMInternalConvertLinAddrType(pSrcParm->type);
670 pDstParm->u.Pointer.size = 0;
671 pDstParm->u.Pointer.u.linearAddr = 0;
672 }
673 break;
674
675 default:
676 AssertFailed();
677 pDstParm->type = VMMDevHGCMParmType_Invalid;
678 break;
679 }
680 }
681}
682
683
684/**
685 * Performs the call and completion wait.
686 *
687 * @returns VBox status code of this operation, not necessarily the call.
688 *
689 * @param pHGCMCall The HGCM call info.
690 * @param pfnAsyncCallback The async callback that will wait for the call
691 * to complete.
692 * @param pvAsyncData Argument for the callback.
693 * @param u32AsyncData Argument for the callback.
694 * @param pfLeakIt Where to return the leak it / free it,
695 * indicator. Cancellation fun.
696 */
697static int vbglR0HGCMInternalDoCall(VMMDevHGCMCall *pHGCMCall, PFNVBGLHGCMCALLBACK pfnAsyncCallback,
698 void *pvAsyncData, uint32_t u32AsyncData, bool *pfLeakIt)
699{
700 int rc;
701
702 Log(("calling VbglR0GRPerform\n"));
703 rc = VbglR0GRPerform(&pHGCMCall->header.header);
704 Log(("VbglR0GRPerform rc = %Rrc (header rc=%d)\n", rc, pHGCMCall->header.result));
705
706 /*
707 * If the call failed, but as a result of the request itself, then pretend
708 * success. Upper layers will interpret the result code in the packet.
709 */
710 if ( RT_FAILURE(rc)
711 && rc == pHGCMCall->header.result)
712 {
713 Assert(pHGCMCall->header.fu32Flags & VBOX_HGCM_REQ_DONE);
714 rc = VINF_SUCCESS;
715 }
716
717 /*
718 * Check if host decides to process the request asynchronously,
719 * if so, we wait for it to complete using the caller supplied callback.
720 */
721 *pfLeakIt = false;
722 if (rc == VINF_HGCM_ASYNC_EXECUTE)
723 {
724 Log(("Processing HGCM call asynchronously\n"));
725 rc = pfnAsyncCallback(&pHGCMCall->header, pvAsyncData, u32AsyncData);
726 if (pHGCMCall->header.fu32Flags & VBOX_HGCM_REQ_DONE)
727 {
728 Assert(!(pHGCMCall->header.fu32Flags & VBOX_HGCM_REQ_CANCELLED));
729 rc = VINF_SUCCESS;
730 }
731 else
732 {
733 /*
734 * The request didn't complete in time or the call was interrupted,
735 * the RC from the callback indicates which. Try cancel the request.
736 *
737 * This is a bit messy because we're racing request completion. Sorry.
738 *
739 * Note! The VMMDevHGCMCancel2 request size was increased in 7.1 to fully
740 * handle 64-bit addresses. Using the new structure size with older
741 * VBox host versions will work, though, since they check for a
742 * minimum request size and will ignore any extra stuff they don't
743 * understand. Both ARM and x86 guests are little endian, this
744 * naturally wouldn't work for big-endian guests.
745 *
746 * Of course, they won't find requests with addresses above 4GB, but
747 * that's not a real issue since it is used by ARM guests only.
748 */
749 /** @todo It would be nice if we could use the waiter callback to do further
750 * waiting in case of a completion race. If it wasn't for WINNT having its own
751 * version of all that stuff, I would've done it already. */
752 VMMDevHGCMCancel2 *pCancelReq;
753 int rc2 = VbglR0GRAlloc((VMMDevRequestHeader **)&pCancelReq, sizeof(*pCancelReq), VMMDevReq_HGCMCancel2);
754 if (RT_SUCCESS(rc2))
755 {
756 pCancelReq->physReqToCancel = VbglR0PhysHeapGetPhysAddr(pHGCMCall);
757 rc2 = VbglR0GRPerform(&pCancelReq->header);
758 VbglR0GRFree(&pCancelReq->header);
759 }
760 if (RT_SUCCESS(rc)) rc = VERR_INTERRUPTED; /** @todo weed this out from the WINNT VBoxGuest code. */
761 if (RT_SUCCESS(rc2))
762 {
763 Log(("vbglR0HGCMInternalDoCall: successfully cancelled\n"));
764 pHGCMCall->header.fu32Flags |= VBOX_HGCM_REQ_CANCELLED;
765 }
766 else
767 {
768 /*
769 * Wait for a bit while the host (hopefully) completes it.
770 */
771 uint64_t u64Start = RTTimeSystemMilliTS();
772 uint32_t cMilliesToWait = rc2 == VERR_NOT_FOUND || rc2 == VERR_SEM_DESTROYED ? 500 : 2000;
773 uint64_t cElapsed = 0;
774 if (rc2 != VERR_NOT_FOUND)
775 {
776 static unsigned s_cErrors = 0;
777 if (s_cErrors++ < 32)
778 LogRel(("vbglR0HGCMInternalDoCall: Failed to cancel the HGCM call on %Rrc: rc2=%Rrc\n", rc, rc2));
779 }
780 else
781 Log(("vbglR0HGCMInternalDoCall: Cancel race rc=%Rrc rc2=%Rrc\n", rc, rc2));
782
783 do
784 {
785 ASMCompilerBarrier(); /* paranoia */
786 if (pHGCMCall->header.fu32Flags & VBOX_HGCM_REQ_DONE)
787 break;
788 RTThreadSleep(1);
789 cElapsed = RTTimeSystemMilliTS() - u64Start;
790 } while (cElapsed < cMilliesToWait);
791
792 ASMCompilerBarrier(); /* paranoia^2 */
793 if (pHGCMCall->header.fu32Flags & VBOX_HGCM_REQ_DONE)
794 rc = VINF_SUCCESS;
795 else
796 {
797 LogRel(("vbglR0HGCMInternalDoCall: Leaking %u bytes. Pending call to %u with %u parms. (rc2=%Rrc)\n",
798 pHGCMCall->header.header.size, pHGCMCall->u32Function, pHGCMCall->cParms, rc2));
799 *pfLeakIt = true;
800 }
801 Log(("vbglR0HGCMInternalDoCall: Cancel race ended with rc=%Rrc (rc2=%Rrc) after %llu ms\n", rc, rc2, cElapsed));
802 }
803 }
804 }
805
806 Log(("GstHGCMCall: rc=%Rrc result=%Rrc fu32Flags=%#x fLeakIt=%d\n",
807 rc, pHGCMCall->header.result, pHGCMCall->header.fu32Flags, *pfLeakIt));
808 return rc;
809}
810
811
812/**
813 * Copies the result of the call back to the caller info structure and user
814 * buffers (if using bounce buffers).
815 *
816 * @returns rc, unless RTR0MemUserCopyTo fails.
817 * @param pCallInfo Call info structure to update.
818 * @param cbCallInfo The size of the client request.
819 * @param pHGCMCall HGCM call request.
820 * @param cbHGCMCall The size of the HGCM call request.
821 * @param pParmInfo Parameter locking/buffering info.
822 * @param fIsUser Is it a user (true) or kernel request.
823 * @param rc The current result code. Passed along to
824 * preserve informational status codes.
825 */
826static int vbglR0HGCMInternalCopyBackResult(PVBGLIOCHGCMCALL pCallInfo, uint32_t cbCallInfo,
827 VMMDevHGCMCall const *pHGCMCall, uint32_t cbHGCMCall,
828 struct VbglR0ParmInfo *pParmInfo, bool fIsUser, int rc)
829{
830 HGCMFunctionParameter const *pSrcParm = VMMDEV_HGCM_CALL_PARMS(pHGCMCall);
831 HGCMFunctionParameter *pDstParm = VBGL_HGCM_GET_CALL_PARMS(pCallInfo);
832 uint32_t const cParms = pCallInfo->cParms;
833#ifdef USE_BOUNCE_BUFFERS
834 uint32_t iLockBuf = 0;
835#endif
836 uint32_t iParm;
837 RT_NOREF1(pParmInfo);
838#ifndef USE_BOUNCE_BUFFERS
839 RT_NOREF1(fIsUser);
840#endif
841
842 /*
843 * The call result.
844 */
845 pCallInfo->Hdr.rc = pHGCMCall->header.result;
846
847 /*
848 * Copy back parameters.
849 */
850 /** @todo This is assuming user data (pDstParm) is buffered. Not true
851 * on OS/2, though I'm not sure we care... */
852 for (iParm = 0; iParm < cParms; iParm++, pSrcParm++, pDstParm++)
853 {
854 switch (pDstParm->type)
855 {
856 case VMMDevHGCMParmType_32bit:
857 case VMMDevHGCMParmType_64bit:
858 *pDstParm = *pSrcParm;
859 break;
860
861 case VMMDevHGCMParmType_PageList:
862 case VMMDevHGCMParmType_ContiguousPageList:
863 pDstParm->u.PageList.size = pSrcParm->u.PageList.size;
864 break;
865
866 case VMMDevHGCMParmType_Embedded:
867 {
868 uint32_t const cbDst = pDstParm->u.Embedded.cbData;
869 uint32_t cbSrc;
870 pDstParm->u.Embedded.cbData = cbSrc = pSrcParm->u.Embedded.cbData;
871 if ( cbSrc > 0
872 && (pDstParm->u.Embedded.fFlags & VBOX_HGCM_F_PARM_DIRECTION_FROM_HOST))
873 {
874 uint32_t const offDst = pDstParm->u.Embedded.offData;
875 uint32_t const offSrc = pSrcParm->u.Embedded.offData;
876
877 AssertReturn(offDst < cbCallInfo, VERR_INTERNAL_ERROR_2);
878 AssertReturn(offDst >= sizeof(*pCallInfo) + cParms * sizeof(*pDstParm), VERR_INTERNAL_ERROR_2);
879 AssertReturn(cbDst <= cbCallInfo - offDst , VERR_INTERNAL_ERROR_2);
880
881 AssertReturn(offSrc < cbCallInfo, VERR_INTERNAL_ERROR_2);
882 AssertReturn(offSrc >= sizeof(*pHGCMCall) + cParms * sizeof(*pSrcParm), VERR_INTERNAL_ERROR_2);
883 if (cbSrc <= cbHGCMCall - offSrc)
884 { /* likely */ }
885 else
886 {
887 /* Special case: Buffer overflow w/ correct size given. */
888 AssertReturn(RT_FAILURE_NP(rc), VERR_INTERNAL_ERROR_2);
889 cbSrc = cbHGCMCall - offSrc;
890 }
891 memcpy((uint8_t *)pCallInfo + offDst, (uint8_t const *)pHGCMCall + offSrc, RT_MIN(cbSrc, cbDst));
892 }
893 break;
894 }
895
896 case VMMDevHGCMParmType_LinAddr_Locked_In:
897 case VMMDevHGCMParmType_LinAddr_In:
898#ifdef USE_BOUNCE_BUFFERS
899 if ( fIsUser
900 && iLockBuf < pParmInfo->cLockBufs
901 && iParm == pParmInfo->aLockBufs[iLockBuf].iParm)
902 iLockBuf++;
903#endif
904 pDstParm->u.Pointer.size = pSrcParm->u.Pointer.size;
905 break;
906
907 case VMMDevHGCMParmType_LinAddr_Locked_Out:
908 case VMMDevHGCMParmType_LinAddr_Locked:
909 if (!VBGLR0_CAN_USE_PHYS_PAGE_LIST(/*a_fLocked =*/ true))
910 {
911 pDstParm->u.Pointer.size = pSrcParm->u.Pointer.size;
912 break;
913 }
914 RT_FALL_THRU();
915
916 case VMMDevHGCMParmType_LinAddr_Out:
917 case VMMDevHGCMParmType_LinAddr:
918 {
919#ifdef USE_BOUNCE_BUFFERS
920 if (fIsUser)
921 {
922 size_t cbOut = RT_MIN(pSrcParm->u.Pointer.size, pDstParm->u.Pointer.size);
923 if (cbOut)
924 {
925 int rc2;
926 Assert(pParmInfo->aLockBufs[iLockBuf].iParm == iParm);
927 rc2 = RTR0MemUserCopyTo((RTR3PTR)pDstParm->u.Pointer.u.linearAddr,
928 pParmInfo->aLockBufs[iLockBuf].pvSmallBuf
929 ? pParmInfo->aLockBufs[iLockBuf].pvSmallBuf
930 : RTR0MemObjAddress(pParmInfo->aLockBufs[iLockBuf].hObj),
931 cbOut);
932 if (RT_FAILURE(rc2))
933 return rc2;
934 iLockBuf++;
935 }
936 else if ( iLockBuf < pParmInfo->cLockBufs
937 && iParm == pParmInfo->aLockBufs[iLockBuf].iParm)
938 iLockBuf++;
939 }
940#endif
941 pDstParm->u.Pointer.size = pSrcParm->u.Pointer.size;
942 break;
943 }
944
945 default:
946 AssertFailed();
947 rc = VERR_INTERNAL_ERROR_4;
948 break;
949 }
950 }
951
952#ifdef USE_BOUNCE_BUFFERS
953 Assert(!fIsUser || pParmInfo->cLockBufs == iLockBuf);
954#endif
955 return rc;
956}
957
958
959DECLR0VBGL(int) VbglR0HGCMInternalCall(PVBGLIOCHGCMCALL pCallInfo, uint32_t cbCallInfo, uint32_t fFlags, uint32_t fRequestor,
960 PFNVBGLHGCMCALLBACK pfnAsyncCallback, void *pvAsyncData, uint32_t u32AsyncData)
961{
962 bool fIsUser = (fFlags & VBGLR0_HGCMCALL_F_MODE_MASK) == VBGLR0_HGCMCALL_F_USER;
963 struct VbglR0ParmInfo ParmInfo;
964 size_t cbExtra;
965 int rc;
966
967 /*
968 * Basic validation.
969 */
970 AssertMsgReturn( !pCallInfo
971 || !pfnAsyncCallback
972 || pCallInfo->cParms > VBOX_HGCM_MAX_PARMS
973 || !(fFlags & ~VBGLR0_HGCMCALL_F_MODE_MASK),
974 ("pCallInfo=%p pfnAsyncCallback=%p fFlags=%#x\n", pCallInfo, pfnAsyncCallback, fFlags),
975 VERR_INVALID_PARAMETER);
976 AssertReturn( cbCallInfo >= sizeof(VBGLIOCHGCMCALL)
977 || cbCallInfo >= pCallInfo->cParms * sizeof(HGCMFunctionParameter),
978 VERR_INVALID_PARAMETER);
979
980 Log(("GstHGCMCall: u32ClientID=%#x u32Function=%u cParms=%u cbCallInfo=%#x fFlags=%#x\n",
981 pCallInfo->u32ClientID, pCallInfo->u32ClientID, pCallInfo->u32Function, pCallInfo->cParms, cbCallInfo, fFlags));
982
983 /*
984 * Validate, lock and buffer the parameters for the call.
985 * This will calculate the amount of extra space for physical page list.
986 */
987 rc = vbglR0HGCMInternalPreprocessCall(pCallInfo, cbCallInfo, fIsUser, &ParmInfo, &cbExtra);
988 if (RT_SUCCESS(rc))
989 {
990 /*
991 * Allocate the request buffer and recreate the call request.
992 */
993 VMMDevHGCMCall *pHGCMCall;
994 uint32_t const cbHGCMCall = sizeof(VMMDevHGCMCall) + pCallInfo->cParms * sizeof(HGCMFunctionParameter) + (uint32_t)cbExtra;
995 rc = VbglR0GRAlloc((VMMDevRequestHeader **)&pHGCMCall, cbHGCMCall, VMMDevReq_HGCMCall);
996 if (RT_SUCCESS(rc))
997 {
998 bool fLeakIt;
999 vbglR0HGCMInternalInitCall(pHGCMCall, pCallInfo, cbCallInfo, fRequestor, fIsUser, &ParmInfo);
1000
1001 /*
1002 * Perform the call.
1003 */
1004 rc = vbglR0HGCMInternalDoCall(pHGCMCall, pfnAsyncCallback, pvAsyncData, u32AsyncData, &fLeakIt);
1005 if (RT_SUCCESS(rc))
1006 {
1007 /*
1008 * Copy back the result (parameters and buffers that changed).
1009 */
1010 rc = vbglR0HGCMInternalCopyBackResult(pCallInfo, cbCallInfo, pHGCMCall, cbHGCMCall, &ParmInfo, fIsUser, rc);
1011 }
1012 else
1013 {
1014 if ( rc != VERR_INTERRUPTED
1015 && rc != VERR_TIMEOUT)
1016 {
1017 static unsigned s_cErrors = 0;
1018 if (s_cErrors++ < 32)
1019 LogRel(("VbglR0HGCMInternalCall: vbglR0HGCMInternalDoCall failed. rc=%Rrc\n", rc));
1020 }
1021 }
1022
1023 if (!fLeakIt)
1024 VbglR0GRFree(&pHGCMCall->header.header);
1025 }
1026 }
1027 else
1028 LogRel(("VbglR0HGCMInternalCall: vbglR0HGCMInternalPreprocessCall failed. rc=%Rrc\n", rc));
1029
1030 /*
1031 * Release locks and free bounce buffers.
1032 */
1033 if (ParmInfo.cLockBufs)
1034 while (ParmInfo.cLockBufs-- > 0)
1035 {
1036 RTR0MemObjFree(ParmInfo.aLockBufs[ParmInfo.cLockBufs].hObj, false /*fFreeMappings*/);
1037#ifdef USE_BOUNCE_BUFFERS
1038 RTMemTmpFree(ParmInfo.aLockBufs[ParmInfo.cLockBufs].pvSmallBuf);
1039#endif
1040 }
1041
1042 return rc;
1043}
1044
1045
1046#if ARCH_BITS == 64
1047DECLR0VBGL(int) VbglR0HGCMInternalCall32(PVBGLIOCHGCMCALL pCallInfo, uint32_t cbCallInfo, uint32_t fFlags, uint32_t fRequestor,
1048 PFNVBGLHGCMCALLBACK pfnAsyncCallback, void *pvAsyncData, uint32_t u32AsyncData)
1049{
1050 PVBGLIOCHGCMCALL pCallInfo64 = NULL;
1051 HGCMFunctionParameter *pParm64 = NULL;
1052 HGCMFunctionParameter32 *pParm32 = NULL;
1053 uint32_t cParms = 0;
1054 uint32_t iParm = 0;
1055 int rc = VINF_SUCCESS;
1056
1057 /*
1058 * Input validation.
1059 */
1060 AssertMsgReturn( !pCallInfo
1061 || !pfnAsyncCallback
1062 || pCallInfo->cParms > VBOX_HGCM_MAX_PARMS
1063 || !(fFlags & ~VBGLR0_HGCMCALL_F_MODE_MASK),
1064 ("pCallInfo=%p pfnAsyncCallback=%p fFlags=%#x\n", pCallInfo, pfnAsyncCallback, fFlags),
1065 VERR_INVALID_PARAMETER);
1066 AssertReturn( cbCallInfo >= sizeof(VBGLIOCHGCMCALL)
1067 || cbCallInfo >= pCallInfo->cParms * sizeof(HGCMFunctionParameter32),
1068 VERR_INVALID_PARAMETER);
1069
1070 /* This Assert does not work on Solaris/Windows 64/32 mixed mode, not sure why, skipping for now */
1071#if !defined(RT_OS_SOLARIS) && !defined(RT_OS_WINDOWS)
1072 AssertReturn((fFlags & VBGLR0_HGCMCALL_F_MODE_MASK) == VBGLR0_HGCMCALL_F_KERNEL, VERR_WRONG_ORDER);
1073#endif
1074
1075 cParms = pCallInfo->cParms;
1076 Log(("VbglR0HGCMInternalCall32: cParms=%d, u32Function=%d, fFlags=%#x\n", cParms, pCallInfo->u32Function, fFlags));
1077
1078 /*
1079 * The simple approach, allocate a temporary request and convert the parameters.
1080 */
1081 pCallInfo64 = (PVBGLIOCHGCMCALL)RTMemTmpAllocZ(sizeof(*pCallInfo64) + cParms * sizeof(HGCMFunctionParameter));
1082 if (!pCallInfo64)
1083 return VERR_NO_TMP_MEMORY;
1084
1085 *pCallInfo64 = *pCallInfo;
1086 pParm32 = VBGL_HGCM_GET_CALL_PARMS32(pCallInfo);
1087 pParm64 = VBGL_HGCM_GET_CALL_PARMS(pCallInfo64);
1088 for (iParm = 0; iParm < cParms; iParm++, pParm32++, pParm64++)
1089 {
1090 switch (pParm32->type)
1091 {
1092 case VMMDevHGCMParmType_32bit:
1093 pParm64->type = VMMDevHGCMParmType_32bit;
1094 pParm64->u.value32 = pParm32->u.value32;
1095 break;
1096
1097 case VMMDevHGCMParmType_64bit:
1098 pParm64->type = VMMDevHGCMParmType_64bit;
1099 pParm64->u.value64 = pParm32->u.value64;
1100 break;
1101
1102 case VMMDevHGCMParmType_LinAddr_Out:
1103 case VMMDevHGCMParmType_LinAddr:
1104 case VMMDevHGCMParmType_LinAddr_In:
1105 pParm64->type = pParm32->type;
1106 pParm64->u.Pointer.size = pParm32->u.Pointer.size;
1107 pParm64->u.Pointer.u.linearAddr = pParm32->u.Pointer.u.linearAddr;
1108 break;
1109
1110 default:
1111 rc = VERR_INVALID_PARAMETER;
1112 LogRel(("VbglR0HGCMInternalCall32: pParm32 type %#x invalid.\n", pParm32->type));
1113 break;
1114 }
1115 if (RT_FAILURE(rc))
1116 break;
1117 }
1118 if (RT_SUCCESS(rc))
1119 {
1120 rc = VbglR0HGCMInternalCall(pCallInfo64, sizeof(*pCallInfo64) + cParms * sizeof(HGCMFunctionParameter), fFlags,
1121 fRequestor, pfnAsyncCallback, pvAsyncData, u32AsyncData);
1122
1123 if (RT_SUCCESS(rc))
1124 {
1125 *pCallInfo = *pCallInfo64;
1126
1127 /*
1128 * Copy back.
1129 */
1130 pParm32 = VBGL_HGCM_GET_CALL_PARMS32(pCallInfo);
1131 pParm64 = VBGL_HGCM_GET_CALL_PARMS(pCallInfo64);
1132 for (iParm = 0; iParm < cParms; iParm++, pParm32++, pParm64++)
1133 {
1134 switch (pParm64->type)
1135 {
1136 case VMMDevHGCMParmType_32bit:
1137 pParm32->u.value32 = pParm64->u.value32;
1138 break;
1139
1140 case VMMDevHGCMParmType_64bit:
1141 pParm32->u.value64 = pParm64->u.value64;
1142 break;
1143
1144 case VMMDevHGCMParmType_LinAddr_Out:
1145 case VMMDevHGCMParmType_LinAddr:
1146 case VMMDevHGCMParmType_LinAddr_In:
1147 pParm32->u.Pointer.size = pParm64->u.Pointer.size;
1148 break;
1149
1150 default:
1151 LogRel(("VbglR0HGCMInternalCall32: failed invalid pParm32 type %d\n", pParm32->type));
1152 rc = VERR_INTERNAL_ERROR_3;
1153 break;
1154 }
1155 }
1156 }
1157 else
1158 {
1159 static unsigned s_cErrors = 0;
1160 if (s_cErrors++ < 32)
1161 LogRel(("VbglR0HGCMInternalCall32: VbglR0HGCMInternalCall failed. rc=%Rrc\n", rc));
1162 }
1163 }
1164 else
1165 {
1166 static unsigned s_cErrors = 0;
1167 if (s_cErrors++ < 32)
1168 LogRel(("VbglR0HGCMInternalCall32: failed. rc=%Rrc\n", rc));
1169 }
1170
1171 RTMemTmpFree(pCallInfo64);
1172 return rc;
1173}
1174#endif /* ARCH_BITS == 64 */
1175
Note: See TracBrowser for help on using the repository browser.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette