VirtualBox

source: vbox/trunk/src/VBox/Devices/VMMDev/VMMDevHGCM.cpp@ 64468

Last change on this file since 64468 was 62891, checked in by vboxsync, 8 years ago

Devices: warnings

  • Property svn:eol-style set to native
  • Property svn:keywords set to Author Date Id Revision
File size: 109.0 KB
Line 
1/* $Id: VMMDevHGCM.cpp 62891 2016-08-02 23:57:32Z vboxsync $ */
2/** @file
3 * VMMDev - HGCM - Host-Guest Communication Manager Device.
4 */
5
6/*
7 * Copyright (C) 2006-2016 Oracle Corporation
8 *
9 * This file is part of VirtualBox Open Source Edition (OSE), as
10 * available from http://www.virtualbox.org. This file is free software;
11 * you can redistribute it and/or modify it under the terms of the GNU
12 * General Public License (GPL) as published by the Free Software
13 * Foundation, in version 2 as it comes in the "COPYING" file of the
14 * VirtualBox OSE distribution. VirtualBox OSE is distributed in the
15 * hope that it will be useful, but WITHOUT ANY WARRANTY of any kind.
16 */
17
18
19/*********************************************************************************************************************************
20* Header Files *
21*********************************************************************************************************************************/
22#define LOG_GROUP LOG_GROUP_DEV_VMM
23#include <iprt/alloc.h>
24#include <iprt/asm.h>
25#include <iprt/assert.h>
26#include <iprt/param.h>
27#include <iprt/string.h>
28
29#include <VBox/err.h>
30#include <VBox/hgcmsvc.h>
31
32#include <VBox/log.h>
33
34#include "VMMDevHGCM.h"
35
36#ifdef VBOX_WITH_DTRACE
37# include "dtrace/VBoxDD.h"
38#else
39# define VBOXDD_HGCMCALL_ENTER(a,b,c,d) do { } while (0)
40# define VBOXDD_HGCMCALL_COMPLETED_REQ(a,b) do { } while (0)
41# define VBOXDD_HGCMCALL_COMPLETED_EMT(a,b) do { } while (0)
42# define VBOXDD_HGCMCALL_COMPLETED_DONE(a,b,c,d) do { } while (0)
43#endif
44
45
46/*********************************************************************************************************************************
47* Structures and Typedefs *
48*********************************************************************************************************************************/
49typedef enum VBOXHGCMCMDTYPE
50{
51 VBOXHGCMCMDTYPE_LOADSTATE = 0,
52 VBOXHGCMCMDTYPE_CONNECT,
53 VBOXHGCMCMDTYPE_DISCONNECT,
54 VBOXHGCMCMDTYPE_CALL,
55 VBOXHGCMCMDTYPE_SizeHack = 0x7fffffff
56} VBOXHGCMCMDTYPE;
57
58/**
59 * Information about a linear ptr parameter.
60 */
61typedef struct VBOXHGCMLINPTR
62{
63 /** Index of the parameter. */
64 uint32_t iParm;
65
66 /** Offset in the first physical page of the region. */
67 uint32_t offFirstPage;
68
69 /** How many pages. */
70 uint32_t cPages;
71
72 /** Pointer to array of the GC physical addresses for these pages.
73 * It is assumed that the physical address of the locked resident guest page
74 * does not change.
75 */
76 RTGCPHYS *paPages;
77
78} VBOXHGCMLINPTR;
79
80struct VBOXHGCMCMD
81{
82 /** Active commands, list is protected by critsectHGCMCmdList. */
83 struct VBOXHGCMCMD *pNext;
84 struct VBOXHGCMCMD *pPrev;
85
86 /** The type of the command. */
87 VBOXHGCMCMDTYPE enmCmdType;
88
89 /** Whether the command was cancelled by the guest. */
90 bool fCancelled;
91
92 /** Whether the command is in the active commands list. */
93 bool fInList;
94
95 /** GC physical address of the guest request. */
96 RTGCPHYS GCPhys;
97
98 /** Request packet size */
99 uint32_t cbSize;
100
101 /** Pointer to converted host parameters in case of a Call request.
102 * Parameters follow this structure in the same memory block.
103 */
104 VBOXHGCMSVCPARM *paHostParms;
105
106 /* Number of elements in paHostParms */
107 uint32_t cHostParms;
108
109 /** Linear pointer parameters information. */
110 int cLinPtrs;
111
112 /** How many pages for all linptrs of this command.
113 * Only valid if cLinPtrs > 0. This field simplifies loading of saved state.
114 */
115 int cLinPtrPages;
116
117 /** Pointer to descriptions of linear pointers. */
118 VBOXHGCMLINPTR *paLinPtrs;
119};
120
121
122
123static int vmmdevHGCMCmdListLock (PVMMDEV pThis)
124{
125 int rc = RTCritSectEnter (&pThis->critsectHGCMCmdList);
126 AssertRC (rc);
127 return rc;
128}
129
130static void vmmdevHGCMCmdListUnlock (PVMMDEV pThis)
131{
132 int rc = RTCritSectLeave (&pThis->critsectHGCMCmdList);
133 AssertRC (rc);
134}
135
136static int vmmdevHGCMAddCommand (PVMMDEV pThis, PVBOXHGCMCMD pCmd, RTGCPHYS GCPhys, uint32_t cbSize, VBOXHGCMCMDTYPE enmCmdType)
137{
138 /* PPDMDEVINS pDevIns = pThis->pDevIns; */
139
140 int rc = vmmdevHGCMCmdListLock (pThis);
141
142 if (RT_SUCCESS (rc))
143 {
144 LogFlowFunc(("%p type %d\n", pCmd, enmCmdType));
145
146 /* Insert at the head of the list. The vmmdevHGCMLoadStateDone depends on this. */
147 pCmd->pNext = pThis->pHGCMCmdList;
148 pCmd->pPrev = NULL;
149
150 if (pThis->pHGCMCmdList)
151 {
152 pThis->pHGCMCmdList->pPrev = pCmd;
153 }
154
155 pThis->pHGCMCmdList = pCmd;
156
157 pCmd->fInList = true;
158
159 if (enmCmdType != VBOXHGCMCMDTYPE_LOADSTATE)
160 {
161 /* Loaded commands already have the right type. */
162 pCmd->enmCmdType = enmCmdType;
163 }
164 pCmd->GCPhys = GCPhys;
165 pCmd->cbSize = cbSize;
166
167 /* Automatically enable HGCM events, if there are HGCM commands. */
168 if ( enmCmdType == VBOXHGCMCMDTYPE_CONNECT
169 || enmCmdType == VBOXHGCMCMDTYPE_DISCONNECT
170 || enmCmdType == VBOXHGCMCMDTYPE_CALL)
171 {
172 Log(("vmmdevHGCMAddCommand: u32HGCMEnabled = %d\n", pThis->u32HGCMEnabled));
173 if (ASMAtomicCmpXchgU32(&pThis->u32HGCMEnabled, 1, 0))
174 {
175 VMMDevCtlSetGuestFilterMask (pThis, VMMDEV_EVENT_HGCM, 0);
176 }
177 }
178
179 vmmdevHGCMCmdListUnlock (pThis);
180 }
181
182 return rc;
183}
184
185static int vmmdevHGCMRemoveCommand (PVMMDEV pThis, PVBOXHGCMCMD pCmd)
186{
187 /* PPDMDEVINS pDevIns = pThis->pDevIns; */
188
189 int rc = vmmdevHGCMCmdListLock (pThis);
190
191 if (RT_SUCCESS (rc))
192 {
193 LogFlowFunc(("%p\n", pCmd));
194
195 if (!pCmd->fInList)
196 {
197 LogFlowFunc(("%p not in the list\n", pCmd));
198 vmmdevHGCMCmdListUnlock (pThis);
199 return VINF_SUCCESS;
200 }
201
202 if (pCmd->pNext)
203 {
204 pCmd->pNext->pPrev = pCmd->pPrev;
205 }
206 else
207 {
208 /* Tail, do nothing. */
209 }
210
211 if (pCmd->pPrev)
212 {
213 pCmd->pPrev->pNext = pCmd->pNext;
214 }
215 else
216 {
217 pThis->pHGCMCmdList = pCmd->pNext;
218 }
219
220 pCmd->pNext = NULL;
221 pCmd->pPrev = NULL;
222 pCmd->fInList = false;
223
224 vmmdevHGCMCmdListUnlock (pThis);
225 }
226
227 return rc;
228}
229
230
231/**
232 * Find a HGCM command by its physical address.
233 *
234 * The caller is responsible for taking the command list lock before calling
235 * this function.
236 *
237 * @returns Pointer to the command on success, NULL otherwise.
238 * @param pThis The VMMDev instance data.
239 * @param GCPhys The physical address of the command we're looking
240 * for.
241 */
242DECLINLINE(PVBOXHGCMCMD) vmmdevHGCMFindCommandLocked (PVMMDEV pThis, RTGCPHYS GCPhys)
243{
244 for (PVBOXHGCMCMD pCmd = pThis->pHGCMCmdList;
245 pCmd;
246 pCmd = pCmd->pNext)
247 {
248 if (pCmd->GCPhys == GCPhys)
249 return pCmd;
250 }
251 return NULL;
252}
253
254static int vmmdevHGCMSaveLinPtr (PPDMDEVINS pDevIns,
255 uint32_t iParm,
256 RTGCPTR GCPtr,
257 uint32_t u32Size,
258 uint32_t iLinPtr,
259 VBOXHGCMLINPTR *paLinPtrs,
260 RTGCPHYS **ppPages)
261{
262 int rc = VINF_SUCCESS;
263
264 VBOXHGCMLINPTR *pLinPtr = &paLinPtrs[iLinPtr];
265
266 /* Take the offset into the current page also into account! */
267 u32Size += GCPtr & PAGE_OFFSET_MASK;
268
269 uint32_t cPages = (u32Size + PAGE_SIZE - 1) / PAGE_SIZE;
270
271 Log(("vmmdevHGCMSaveLinPtr: parm %d: %RGv %d = %d pages\n", iParm, GCPtr, u32Size, cPages));
272
273 pLinPtr->iParm = iParm;
274 pLinPtr->offFirstPage = GCPtr & PAGE_OFFSET_MASK;
275 pLinPtr->cPages = cPages;
276 pLinPtr->paPages = *ppPages;
277
278 *ppPages += cPages;
279
280 uint32_t iPage = 0;
281
282 GCPtr &= PAGE_BASE_GC_MASK;
283
284 /* Gonvert the guest linear pointers of pages to HC addresses. */
285 while (iPage < cPages)
286 {
287 /* convert */
288 RTGCPHYS GCPhys;
289
290 rc = PDMDevHlpPhysGCPtr2GCPhys(pDevIns, GCPtr, &GCPhys);
291
292 Log(("vmmdevHGCMSaveLinPtr: Page %d: %RGv -> %RGp. %Rrc\n", iPage, GCPtr, GCPhys, rc));
293
294 if (RT_FAILURE (rc))
295 {
296 break;
297 }
298
299 /* store */
300 pLinPtr->paPages[iPage++] = GCPhys;
301
302 /* next */
303 GCPtr += PAGE_SIZE;
304 }
305
306 return rc;
307}
308
309static int vmmdevHGCMWriteLinPtr (PPDMDEVINS pDevIns,
310 uint32_t iParm,
311 void *pvHost,
312 uint32_t u32Size,
313 uint32_t iLinPtr,
314 VBOXHGCMLINPTR *paLinPtrs)
315{
316 int rc = VINF_SUCCESS;
317
318 VBOXHGCMLINPTR *pLinPtr = &paLinPtrs[iLinPtr];
319
320 AssertLogRelReturn(u32Size > 0 && iParm == (uint32_t)pLinPtr->iParm, VERR_INVALID_PARAMETER);
321
322 RTGCPHYS GCPhysDst = pLinPtr->paPages[0] + pLinPtr->offFirstPage;
323 uint8_t *pu8Src = (uint8_t *)pvHost;
324
325 Log(("vmmdevHGCMWriteLinPtr: parm %d: size %d, cPages = %d\n", iParm, u32Size, pLinPtr->cPages));
326
327 uint32_t iPage = 0;
328
329 while (iPage < pLinPtr->cPages)
330 {
331 /* copy */
332 uint32_t cbWrite = iPage == 0?
333 PAGE_SIZE - pLinPtr->offFirstPage:
334 PAGE_SIZE;
335
336 Log(("vmmdevHGCMWriteLinPtr: page %d: dst %RGp, src %p, cbWrite %d\n", iPage, GCPhysDst, pu8Src, cbWrite));
337
338 iPage++;
339
340 if (cbWrite >= u32Size)
341 {
342 rc = PDMDevHlpPhysWrite(pDevIns, GCPhysDst, pu8Src, u32Size);
343 if (RT_FAILURE(rc))
344 break;
345
346 u32Size = 0;
347 break;
348 }
349
350 rc = PDMDevHlpPhysWrite(pDevIns, GCPhysDst, pu8Src, cbWrite);
351 if (RT_FAILURE(rc))
352 break;
353
354 /* next */
355 u32Size -= cbWrite;
356 pu8Src += cbWrite;
357
358 GCPhysDst = pLinPtr->paPages[iPage];
359 }
360
361 if (RT_SUCCESS(rc))
362 {
363 AssertLogRelReturn(iPage == pLinPtr->cPages, VERR_INVALID_PARAMETER);
364 }
365
366 return rc;
367}
368
369DECLINLINE(bool) vmmdevHGCMPageListIsContiguous(const HGCMPageListInfo *pPgLst)
370{
371 if (pPgLst->cPages == 1)
372 return true;
373 RTGCPHYS64 Phys = pPgLst->aPages[0] + PAGE_SIZE;
374 if (Phys != pPgLst->aPages[1])
375 return false;
376 if (pPgLst->cPages > 2)
377 {
378 uint32_t iPage = 2;
379 do
380 {
381 Phys += PAGE_SIZE;
382 if (Phys != pPgLst->aPages[iPage])
383 return false;
384 iPage++;
385 } while (iPage < pPgLst->cPages);
386 }
387 return true;
388}
389
390static int vmmdevHGCMPageListRead(PPDMDEVINSR3 pDevIns, void *pvDst, uint32_t cbDst, const HGCMPageListInfo *pPageListInfo)
391{
392 /*
393 * Try detect contiguous buffers.
394 */
395 /** @todo We need a flag for indicating this. */
396 if (vmmdevHGCMPageListIsContiguous(pPageListInfo))
397 return PDMDevHlpPhysRead(pDevIns, pPageListInfo->aPages[0] | pPageListInfo->offFirstPage, pvDst, cbDst);
398
399 /*
400 * Page by page fallback
401 */
402 int rc = VINF_SUCCESS;
403
404 uint8_t *pu8Dst = (uint8_t *)pvDst;
405 uint32_t offPage = pPageListInfo->offFirstPage;
406 size_t cbRemaining = (size_t)cbDst;
407
408 uint32_t iPage;
409
410 for (iPage = 0; iPage < pPageListInfo->cPages; iPage++)
411 {
412 if (cbRemaining == 0)
413 {
414 break;
415 }
416
417 size_t cbChunk = PAGE_SIZE - offPage;
418
419 if (cbChunk > cbRemaining)
420 {
421 cbChunk = cbRemaining;
422 }
423
424 rc = PDMDevHlpPhysRead(pDevIns,
425 pPageListInfo->aPages[iPage] + offPage,
426 pu8Dst, cbChunk);
427
428 AssertRCBreak(rc);
429
430 offPage = 0; /* A next page is read from 0 offset. */
431 cbRemaining -= cbChunk;
432 pu8Dst += cbChunk;
433 }
434
435 return rc;
436}
437
438static int vmmdevHGCMPageListWrite(PPDMDEVINSR3 pDevIns, const HGCMPageListInfo *pPageListInfo, const void *pvSrc, uint32_t cbSrc)
439{
440 int rc = VINF_SUCCESS;
441
442 uint8_t *pu8Src = (uint8_t *)pvSrc;
443 uint32_t offPage = pPageListInfo->offFirstPage;
444 size_t cbRemaining = (size_t)cbSrc;
445
446 uint32_t iPage;
447 for (iPage = 0; iPage < pPageListInfo->cPages; iPage++)
448 {
449 if (cbRemaining == 0)
450 {
451 break;
452 }
453
454 size_t cbChunk = PAGE_SIZE - offPage;
455
456 if (cbChunk > cbRemaining)
457 {
458 cbChunk = cbRemaining;
459 }
460
461 rc = PDMDevHlpPhysWrite(pDevIns,
462 pPageListInfo->aPages[iPage] + offPage,
463 pu8Src, cbChunk);
464
465 AssertRCBreak(rc);
466
467 offPage = 0; /* A next page is read from 0 offset. */
468 cbRemaining -= cbChunk;
469 pu8Src += cbChunk;
470 }
471
472 return rc;
473}
474
475static void vmmdevRestoreSavedCommand(VBOXHGCMCMD *pCmd, VBOXHGCMCMD *pSavedCmd)
476{
477 /* Copy relevant saved command information to the new allocated structure. */
478 pCmd->enmCmdType = pSavedCmd->enmCmdType;
479 pCmd->fCancelled = pSavedCmd->fCancelled;
480 pCmd->GCPhys = pSavedCmd->GCPhys;
481 pCmd->cbSize = pSavedCmd->cbSize;
482 pCmd->cLinPtrs = pSavedCmd->cLinPtrs;
483 pCmd->cLinPtrPages = pSavedCmd->cLinPtrPages;
484 pCmd->paLinPtrs = pSavedCmd->paLinPtrs;
485
486 /* The new allocated command owns the 'paLinPtrs' pointer. */
487 pSavedCmd->paLinPtrs = NULL;
488}
489
490int vmmdevHGCMConnect (PVMMDEV pThis, VMMDevHGCMConnect *pHGCMConnect, RTGCPHYS GCPhys)
491{
492 int rc = VINF_SUCCESS;
493
494 uint32_t cbCmdSize = sizeof (struct VBOXHGCMCMD) + pHGCMConnect->header.header.size;
495
496 PVBOXHGCMCMD pCmd = (PVBOXHGCMCMD)RTMemAllocZ (cbCmdSize);
497
498 if (pCmd)
499 {
500 VMMDevHGCMConnect *pHGCMConnectCopy = (VMMDevHGCMConnect *)(pCmd+1);
501
502 vmmdevHGCMAddCommand (pThis, pCmd, GCPhys, pHGCMConnect->header.header.size, VBOXHGCMCMDTYPE_CONNECT);
503
504 memcpy(pHGCMConnectCopy, pHGCMConnect, pHGCMConnect->header.header.size);
505
506 pCmd->paHostParms = NULL;
507 pCmd->cLinPtrs = 0;
508 pCmd->paLinPtrs = NULL;
509
510 /* Only allow the guest to use existing services! */
511 Assert(pHGCMConnectCopy->loc.type == VMMDevHGCMLoc_LocalHost_Existing);
512 pHGCMConnectCopy->loc.type = VMMDevHGCMLoc_LocalHost_Existing;
513
514 rc = pThis->pHGCMDrv->pfnConnect (pThis->pHGCMDrv, pCmd, &pHGCMConnectCopy->loc, &pHGCMConnectCopy->u32ClientID);
515
516 if (RT_FAILURE(rc))
517 vmmdevHGCMRemoveCommand(pThis, pCmd);
518 }
519 else
520 {
521 rc = VERR_NO_MEMORY;
522 }
523
524 return rc;
525}
526
527static int vmmdevHGCMConnectSaved (PVMMDEV pThis, VMMDevHGCMConnect *pHGCMConnect, RTGCPHYS GCPhys, bool *pfHGCMCalled, VBOXHGCMCMD *pSavedCmd, VBOXHGCMCMD **ppCmd)
528{
529 int rc = VINF_SUCCESS;
530
531 /* Allocate buffer for the new command. */
532 uint32_t cbCmdSize = sizeof (struct VBOXHGCMCMD) + pHGCMConnect->header.header.size;
533
534 PVBOXHGCMCMD pCmd = (PVBOXHGCMCMD)RTMemAllocZ (cbCmdSize);
535
536 if (pCmd)
537 {
538 vmmdevRestoreSavedCommand(pCmd, pSavedCmd);
539 *ppCmd = pCmd;
540
541 VMMDevHGCMConnect *pHGCMConnectCopy = (VMMDevHGCMConnect *)(pCmd+1);
542
543 vmmdevHGCMAddCommand (pThis, pCmd, GCPhys, pHGCMConnect->header.header.size, VBOXHGCMCMDTYPE_CONNECT);
544
545 memcpy(pHGCMConnectCopy, pHGCMConnect, pHGCMConnect->header.header.size);
546
547 /* Only allow the guest to use existing services! */
548 Assert(pHGCMConnectCopy->loc.type == VMMDevHGCMLoc_LocalHost_Existing);
549 pHGCMConnectCopy->loc.type = VMMDevHGCMLoc_LocalHost_Existing;
550
551 rc = pThis->pHGCMDrv->pfnConnect (pThis->pHGCMDrv, pCmd, &pHGCMConnectCopy->loc, &pHGCMConnectCopy->u32ClientID);
552
553 if (RT_SUCCESS (rc))
554 {
555 *pfHGCMCalled = true;
556 }
557 /* else
558 * ... the caller will also execute vmmdevHGCMRemoveCommand() for us */
559 }
560 else
561 {
562 rc = VERR_NO_MEMORY;
563 }
564
565 return rc;
566}
567
568int vmmdevHGCMDisconnect (PVMMDEV pThis, VMMDevHGCMDisconnect *pHGCMDisconnect, RTGCPHYS GCPhys)
569{
570 int rc = VINF_SUCCESS;
571
572 uint32_t cbCmdSize = sizeof (struct VBOXHGCMCMD);
573
574 PVBOXHGCMCMD pCmd = (PVBOXHGCMCMD)RTMemAllocZ (cbCmdSize);
575
576 if (pCmd)
577 {
578 vmmdevHGCMAddCommand (pThis, pCmd, GCPhys, pHGCMDisconnect->header.header.size, VBOXHGCMCMDTYPE_DISCONNECT);
579
580 pCmd->paHostParms = NULL;
581 pCmd->cLinPtrs = 0;
582 pCmd->paLinPtrs = NULL;
583
584 rc = pThis->pHGCMDrv->pfnDisconnect (pThis->pHGCMDrv, pCmd, pHGCMDisconnect->u32ClientID);
585
586 if (RT_FAILURE(rc))
587 vmmdevHGCMRemoveCommand(pThis, pCmd);
588 }
589 else
590 {
591 rc = VERR_NO_MEMORY;
592 }
593
594 return rc;
595}
596
597static int vmmdevHGCMDisconnectSaved (PVMMDEV pThis, VMMDevHGCMDisconnect *pHGCMDisconnect, RTGCPHYS GCPhys, bool *pfHGCMCalled, VBOXHGCMCMD *pSavedCmd, VBOXHGCMCMD **ppCmd)
598{
599 int rc = VINF_SUCCESS;
600
601 uint32_t cbCmdSize = sizeof (struct VBOXHGCMCMD);
602
603 PVBOXHGCMCMD pCmd = (PVBOXHGCMCMD)RTMemAllocZ (cbCmdSize);
604
605 if (pCmd)
606 {
607 vmmdevRestoreSavedCommand(pCmd, pSavedCmd);
608 *ppCmd = pCmd;
609
610 vmmdevHGCMAddCommand (pThis, pCmd, GCPhys, pHGCMDisconnect->header.header.size, VBOXHGCMCMDTYPE_DISCONNECT);
611
612 pCmd->paHostParms = NULL;
613 pCmd->cLinPtrs = 0;
614 pCmd->paLinPtrs = NULL;
615
616 rc = pThis->pHGCMDrv->pfnDisconnect (pThis->pHGCMDrv, pCmd, pHGCMDisconnect->u32ClientID);
617
618 if (RT_SUCCESS (rc))
619 {
620 *pfHGCMCalled = true;
621 }
622 /* else
623 * ... the caller will also execute vmmdevHGCMRemoveCommand() for us */
624 }
625 else
626 {
627 rc = VERR_NO_MEMORY;
628 }
629
630 return rc;
631}
632
633int vmmdevHGCMCall (PVMMDEV pThis, VMMDevHGCMCall *pHGCMCall, uint32_t cbHGCMCall, RTGCPHYS GCPhys, bool f64Bits)
634{
635 int rc = VINF_SUCCESS;
636
637 Log(("vmmdevHGCMCall: client id = %d, function = %d, %s bit\n", pHGCMCall->u32ClientID, pHGCMCall->u32Function, f64Bits? "64": "32"));
638
639 /* Compute size and allocate memory block to hold:
640 * struct VBOXHGCMCMD
641 * VBOXHGCMSVCPARM[cParms]
642 * memory buffers for pointer parameters.
643 */
644
645 uint32_t cParms = pHGCMCall->cParms;
646
647 Log(("vmmdevHGCMCall: cParms = %d\n", cParms));
648
649 /*
650 * Sane upper limit.
651 */
652 if (cParms > VMMDEV_MAX_HGCM_PARMS)
653 {
654 LogRelMax(50, ("VMMDev: request packet with too many parameters (%d). Refusing operation.\n", cParms));
655 return VERR_INVALID_PARAMETER;
656 }
657
658 /*
659 * Compute size of required memory buffer.
660 */
661
662 uint32_t cbCmdSize = sizeof (struct VBOXHGCMCMD) + cParms * sizeof (VBOXHGCMSVCPARM);
663
664 uint32_t i;
665
666 uint32_t cLinPtrs = 0;
667 uint32_t cLinPtrPages = 0;
668
669 if (f64Bits)
670 {
671#ifdef VBOX_WITH_64_BITS_GUESTS
672 HGCMFunctionParameter64 *pGuestParm = VMMDEV_HGCM_CALL_PARMS64(pHGCMCall);
673#else
674 HGCMFunctionParameter *pGuestParm = VMMDEV_HGCM_CALL_PARMS(pHGCMCall);
675 AssertFailed (); /* This code should not be called in this case */
676#endif /* VBOX_WITH_64_BITS_GUESTS */
677
678 /* Look for pointer parameters, which require a host buffer. */
679 for (i = 0; i < cParms && RT_SUCCESS(rc); i++, pGuestParm++)
680 {
681 switch (pGuestParm->type)
682 {
683 case VMMDevHGCMParmType_LinAddr_In: /* In (read) */
684 case VMMDevHGCMParmType_LinAddr_Out: /* Out (write) */
685 case VMMDevHGCMParmType_LinAddr: /* In & Out */
686 {
687 if (pGuestParm->u.Pointer.size > 0)
688 {
689 /* Only pointers with some actual data are counted. */
690 if (pGuestParm->u.Pointer.size > VMMDEV_MAX_HGCM_DATA_SIZE - cbCmdSize)
691 {
692 rc = VERR_INVALID_PARAMETER;
693 break;
694 }
695
696 cbCmdSize += pGuestParm->u.Pointer.size;
697
698 cLinPtrs++;
699 /* Take the offset into the current page also into account! */
700 cLinPtrPages += ((pGuestParm->u.Pointer.u.linearAddr & PAGE_OFFSET_MASK)
701 + pGuestParm->u.Pointer.size + PAGE_SIZE - 1) / PAGE_SIZE;
702 }
703
704 Log(("vmmdevHGCMCall: linptr size = %d\n", pGuestParm->u.Pointer.size));
705 } break;
706
707 case VMMDevHGCMParmType_PageList:
708 {
709 if (pGuestParm->u.PageList.size > VMMDEV_MAX_HGCM_DATA_SIZE - cbCmdSize)
710 {
711 rc = VERR_INVALID_PARAMETER;
712 break;
713 }
714
715 cbCmdSize += pGuestParm->u.PageList.size;
716 Log(("vmmdevHGCMCall: pagelist size = %d\n", pGuestParm->u.PageList.size));
717 } break;
718
719 case VMMDevHGCMParmType_32bit:
720 case VMMDevHGCMParmType_64bit:
721 {
722 } break;
723
724 default:
725 case VMMDevHGCMParmType_PhysAddr:
726 {
727 AssertMsgFailed(("vmmdevHGCMCall: invalid parameter type %x\n", pGuestParm->type));
728 rc = VERR_INVALID_PARAMETER;
729 break;
730 }
731 }
732 }
733 }
734 else
735 {
736#ifdef VBOX_WITH_64_BITS_GUESTS
737 HGCMFunctionParameter32 *pGuestParm = VMMDEV_HGCM_CALL_PARMS32(pHGCMCall);
738#else
739 HGCMFunctionParameter *pGuestParm = VMMDEV_HGCM_CALL_PARMS(pHGCMCall);
740#endif /* VBOX_WITH_64_BITS_GUESTS */
741
742 /* Look for pointer parameters, which require a host buffer. */
743 for (i = 0; i < cParms && RT_SUCCESS(rc); i++, pGuestParm++)
744 {
745 switch (pGuestParm->type)
746 {
747 case VMMDevHGCMParmType_LinAddr_In: /* In (read) */
748 case VMMDevHGCMParmType_LinAddr_Out: /* Out (write) */
749 case VMMDevHGCMParmType_LinAddr: /* In & Out */
750 {
751 if (pGuestParm->u.Pointer.size > 0)
752 {
753 /* Only pointers with some actual data are counted. */
754 if (pGuestParm->u.Pointer.size > VMMDEV_MAX_HGCM_DATA_SIZE - cbCmdSize)
755 {
756 rc = VERR_INVALID_PARAMETER;
757 break;
758 }
759
760 cbCmdSize += pGuestParm->u.Pointer.size;
761
762 cLinPtrs++;
763 /* Take the offset into the current page also into account! */
764 cLinPtrPages += ((pGuestParm->u.Pointer.u.linearAddr & PAGE_OFFSET_MASK)
765 + pGuestParm->u.Pointer.size + PAGE_SIZE - 1) / PAGE_SIZE;
766 }
767
768 Log(("vmmdevHGCMCall: linptr size = %d\n", pGuestParm->u.Pointer.size));
769 } break;
770
771 case VMMDevHGCMParmType_PageList:
772 {
773 if (pGuestParm->u.PageList.size > VMMDEV_MAX_HGCM_DATA_SIZE - cbCmdSize)
774 {
775 rc = VERR_INVALID_PARAMETER;
776 break;
777 }
778
779 cbCmdSize += pGuestParm->u.PageList.size;
780 Log(("vmmdevHGCMCall: pagelist size = %d\n", pGuestParm->u.PageList.size));
781 } break;
782
783 case VMMDevHGCMParmType_32bit:
784 case VMMDevHGCMParmType_64bit:
785 {
786 } break;
787
788 default:
789 {
790 AssertMsgFailed(("vmmdevHGCMCall: invalid parameter type %x\n", pGuestParm->type));
791 rc = VERR_INVALID_PARAMETER;
792 break;
793 }
794 }
795 }
796 }
797
798 if (RT_FAILURE (rc))
799 {
800 return rc;
801 }
802
803 PVBOXHGCMCMD pCmd = (PVBOXHGCMCMD)RTMemAllocZ(cbCmdSize);
804
805 if (pCmd == NULL)
806 {
807 return VERR_NO_MEMORY;
808 }
809
810 pCmd->paHostParms = NULL;
811 pCmd->cLinPtrs = cLinPtrs;
812 pCmd->cLinPtrPages = cLinPtrPages;
813
814 if (cLinPtrs > 0)
815 {
816 pCmd->paLinPtrs = (VBOXHGCMLINPTR *)RTMemAllocZ( sizeof (VBOXHGCMLINPTR) * cLinPtrs
817 + sizeof (RTGCPHYS) * cLinPtrPages);
818
819 if (pCmd->paLinPtrs == NULL)
820 {
821 RTMemFree (pCmd);
822 return VERR_NO_MEMORY;
823 }
824 }
825 else
826 {
827 pCmd->paLinPtrs = NULL;
828 }
829
830 VBOXDD_HGCMCALL_ENTER(pCmd, pHGCMCall->u32Function, pHGCMCall->u32ClientID, cbCmdSize);
831
832 /* Process parameters, changing them to host context pointers for easy
833 * processing by connector. Guest must insure that the pointed data is actually
834 * in the guest RAM and remains locked there for entire request processing.
835 */
836
837 if (cParms != 0)
838 {
839 /* Compute addresses of host parms array and first memory buffer. */
840 VBOXHGCMSVCPARM *pHostParm = (VBOXHGCMSVCPARM *)((char *)pCmd + sizeof (struct VBOXHGCMCMD));
841
842 uint8_t *pcBuf = (uint8_t *)pHostParm + cParms * sizeof (VBOXHGCMSVCPARM);
843
844 pCmd->paHostParms = pHostParm;
845 pCmd->cHostParms = cParms;
846
847 uint32_t iLinPtr = 0;
848 RTGCPHYS *pPages = (RTGCPHYS *)((uint8_t *)pCmd->paLinPtrs + sizeof (VBOXHGCMLINPTR) *cLinPtrs);
849
850 if (f64Bits)
851 {
852#ifdef VBOX_WITH_64_BITS_GUESTS
853 HGCMFunctionParameter64 *pGuestParm = VMMDEV_HGCM_CALL_PARMS64(pHGCMCall);
854#else
855 HGCMFunctionParameter *pGuestParm = VMMDEV_HGCM_CALL_PARMS(pHGCMCall);
856 AssertFailed (); /* This code should not be called in this case */
857#endif /* VBOX_WITH_64_BITS_GUESTS */
858
859
860 for (i = 0; i < cParms && RT_SUCCESS(rc); i++, pGuestParm++, pHostParm++)
861 {
862 switch (pGuestParm->type)
863 {
864 case VMMDevHGCMParmType_32bit:
865 {
866 uint32_t u32 = pGuestParm->u.value32;
867
868 pHostParm->type = VBOX_HGCM_SVC_PARM_32BIT;
869 pHostParm->u.uint32 = u32;
870
871 Log(("vmmdevHGCMCall: uint32 guest parameter %u\n", u32));
872 break;
873 }
874
875 case VMMDevHGCMParmType_64bit:
876 {
877 uint64_t u64 = pGuestParm->u.value64;
878
879 pHostParm->type = VBOX_HGCM_SVC_PARM_64BIT;
880 pHostParm->u.uint64 = u64;
881
882 Log(("vmmdevHGCMCall: uint64 guest parameter %llu\n", u64));
883 break;
884 }
885
886 case VMMDevHGCMParmType_LinAddr_In: /* In (read) */
887 case VMMDevHGCMParmType_LinAddr_Out: /* Out (write) */
888 case VMMDevHGCMParmType_LinAddr: /* In & Out */
889 {
890 uint32_t size = pGuestParm->u.Pointer.size;
891 RTGCPTR linearAddr = pGuestParm->u.Pointer.u.linearAddr;
892
893 pHostParm->type = VBOX_HGCM_SVC_PARM_PTR;
894 pHostParm->u.pointer.size = size;
895
896 /* Copy guest data to an allocated buffer, so
897 * services can use the data.
898 */
899
900 if (size == 0)
901 {
902 pHostParm->u.pointer.addr = NULL;
903 }
904 else
905 {
906 /* Don't overdo it */
907 if (pGuestParm->type != VMMDevHGCMParmType_LinAddr_Out)
908 rc = PDMDevHlpPhysReadGCVirt(pThis->pDevIns, pcBuf, linearAddr, size);
909 else
910 rc = VINF_SUCCESS;
911
912 if (RT_SUCCESS(rc))
913 {
914 pHostParm->u.pointer.addr = pcBuf;
915 pcBuf += size;
916
917 /* Remember the guest physical pages that belong to the virtual address region.
918 * Do it for all linear pointers because load state will require In pointer info too.
919 */
920 rc = vmmdevHGCMSaveLinPtr (pThis->pDevIns, i, linearAddr, size, iLinPtr, pCmd->paLinPtrs, &pPages);
921
922 iLinPtr++;
923 }
924 }
925
926 Log(("vmmdevHGCMCall: LinAddr guest parameter %RGv, rc = %Rrc\n", linearAddr, rc));
927 break;
928 }
929
930 case VMMDevHGCMParmType_PageList:
931 {
932 uint32_t size = pGuestParm->u.PageList.size;
933
934 /* Check that the page list info is within the request. */
935 if ( cbHGCMCall < sizeof (HGCMPageListInfo)
936 || pGuestParm->u.PageList.offset > cbHGCMCall - sizeof (HGCMPageListInfo))
937 {
938 rc = VERR_INVALID_PARAMETER;
939 break;
940 }
941
942 /* At least the structure is within. */
943 HGCMPageListInfo *pPageListInfo = (HGCMPageListInfo *)((uint8_t *)pHGCMCall + pGuestParm->u.PageList.offset);
944
945 uint32_t cbPageListInfo = sizeof (HGCMPageListInfo) + (pPageListInfo->cPages - 1) * sizeof (pPageListInfo->aPages[0]);
946
947 if ( pPageListInfo->cPages == 0
948 || cbHGCMCall < pGuestParm->u.PageList.offset + cbPageListInfo)
949 {
950 rc = VERR_INVALID_PARAMETER;
951 break;
952 }
953
954 pHostParm->type = VBOX_HGCM_SVC_PARM_PTR;
955 pHostParm->u.pointer.size = size;
956
957 /* Copy guest data to an allocated buffer, so
958 * services can use the data.
959 */
960
961 if (size == 0)
962 {
963 pHostParm->u.pointer.addr = NULL;
964 }
965 else
966 {
967 if (pPageListInfo->flags & VBOX_HGCM_F_PARM_DIRECTION_TO_HOST)
968 {
969 /* Copy pages to the pcBuf[size]. */
970 rc = vmmdevHGCMPageListRead(pThis->pDevIns, pcBuf, size, pPageListInfo);
971 }
972 else
973 rc = VINF_SUCCESS;
974
975 if (RT_SUCCESS(rc))
976 {
977 pHostParm->u.pointer.addr = pcBuf;
978 pcBuf += size;
979 }
980 }
981
982 Log(("vmmdevHGCMCall: PageList guest parameter rc = %Rrc\n", rc));
983 break;
984 }
985
986 /* just to shut up gcc */
987 default:
988 AssertFailed();
989 break;
990 }
991 }
992 }
993 else
994 {
995#ifdef VBOX_WITH_64_BITS_GUESTS
996 HGCMFunctionParameter32 *pGuestParm = VMMDEV_HGCM_CALL_PARMS32(pHGCMCall);
997#else
998 HGCMFunctionParameter *pGuestParm = VMMDEV_HGCM_CALL_PARMS(pHGCMCall);
999#endif /* VBOX_WITH_64_BITS_GUESTS */
1000
1001 for (i = 0; i < cParms && RT_SUCCESS(rc); i++, pGuestParm++, pHostParm++)
1002 {
1003 switch (pGuestParm->type)
1004 {
1005 case VMMDevHGCMParmType_32bit:
1006 {
1007 uint32_t u32 = pGuestParm->u.value32;
1008
1009 pHostParm->type = VBOX_HGCM_SVC_PARM_32BIT;
1010 pHostParm->u.uint32 = u32;
1011
1012 Log(("vmmdevHGCMCall: uint32 guest parameter %u\n", u32));
1013 break;
1014 }
1015
1016 case VMMDevHGCMParmType_64bit:
1017 {
1018 uint64_t u64 = pGuestParm->u.value64;
1019
1020 pHostParm->type = VBOX_HGCM_SVC_PARM_64BIT;
1021 pHostParm->u.uint64 = u64;
1022
1023 Log(("vmmdevHGCMCall: uint64 guest parameter %llu\n", u64));
1024 break;
1025 }
1026
1027 case VMMDevHGCMParmType_LinAddr_In: /* In (read) */
1028 case VMMDevHGCMParmType_LinAddr_Out: /* Out (write) */
1029 case VMMDevHGCMParmType_LinAddr: /* In & Out */
1030 {
1031 uint32_t size = pGuestParm->u.Pointer.size;
1032 RTGCPTR linearAddr = pGuestParm->u.Pointer.u.linearAddr;
1033
1034 pHostParm->type = VBOX_HGCM_SVC_PARM_PTR;
1035 pHostParm->u.pointer.size = size;
1036
1037 /* Copy guest data to an allocated buffer, so
1038 * services can use the data.
1039 */
1040
1041 if (size == 0)
1042 {
1043 pHostParm->u.pointer.addr = NULL;
1044 }
1045 else
1046 {
1047 /* Don't overdo it */
1048 if (pGuestParm->type != VMMDevHGCMParmType_LinAddr_Out)
1049 rc = PDMDevHlpPhysReadGCVirt(pThis->pDevIns, pcBuf, linearAddr, size);
1050 else
1051 rc = VINF_SUCCESS;
1052
1053 if (RT_SUCCESS(rc))
1054 {
1055 pHostParm->u.pointer.addr = pcBuf;
1056 pcBuf += size;
1057
1058 /* Remember the guest physical pages that belong to the virtual address region.
1059 * Do it for all linear pointers because load state will require In pointer info too.
1060 */
1061 rc = vmmdevHGCMSaveLinPtr (pThis->pDevIns, i, linearAddr, size, iLinPtr, pCmd->paLinPtrs, &pPages);
1062
1063 iLinPtr++;
1064 }
1065 }
1066
1067 Log(("vmmdevHGCMCall: LinAddr guest parameter %RGv, rc = %Rrc\n", linearAddr, rc));
1068 break;
1069 }
1070
1071 case VMMDevHGCMParmType_PageList:
1072 {
1073 uint32_t size = pGuestParm->u.PageList.size;
1074
1075 /* Check that the page list info is within the request. */
1076 if ( cbHGCMCall < sizeof (HGCMPageListInfo)
1077 || pGuestParm->u.PageList.offset > cbHGCMCall - sizeof (HGCMPageListInfo))
1078 {
1079 rc = VERR_INVALID_PARAMETER;
1080 break;
1081 }
1082
1083 /* At least the structure is within. */
1084 HGCMPageListInfo *pPageListInfo = (HGCMPageListInfo *)((uint8_t *)pHGCMCall + pGuestParm->u.PageList.offset);
1085
1086 uint32_t cbPageListInfo = sizeof (HGCMPageListInfo) + (pPageListInfo->cPages - 1) * sizeof (pPageListInfo->aPages[0]);
1087
1088 if ( pPageListInfo->cPages == 0
1089 || cbHGCMCall < pGuestParm->u.PageList.offset + cbPageListInfo)
1090 {
1091 rc = VERR_INVALID_PARAMETER;
1092 break;
1093 }
1094
1095 pHostParm->type = VBOX_HGCM_SVC_PARM_PTR;
1096 pHostParm->u.pointer.size = size;
1097
1098 /* Copy guest data to an allocated buffer, so
1099 * services can use the data.
1100 */
1101
1102 if (size == 0)
1103 {
1104 pHostParm->u.pointer.addr = NULL;
1105 }
1106 else
1107 {
1108 if (pPageListInfo->flags & VBOX_HGCM_F_PARM_DIRECTION_TO_HOST)
1109 {
1110 /* Copy pages to the pcBuf[size]. */
1111 rc = vmmdevHGCMPageListRead(pThis->pDevIns, pcBuf, size, pPageListInfo);
1112 }
1113 else
1114 rc = VINF_SUCCESS;
1115
1116 if (RT_SUCCESS(rc))
1117 {
1118 pHostParm->u.pointer.addr = pcBuf;
1119 pcBuf += size;
1120 }
1121 }
1122
1123 Log(("vmmdevHGCMCall: PageList guest parameter rc = %Rrc\n", rc));
1124 break;
1125 }
1126
1127 /* just to shut up gcc */
1128 default:
1129 AssertFailed();
1130 break;
1131 }
1132 }
1133 }
1134 }
1135
1136 if (RT_SUCCESS (rc))
1137 {
1138 vmmdevHGCMAddCommand (pThis, pCmd, GCPhys, pHGCMCall->header.header.size, VBOXHGCMCMDTYPE_CALL);
1139
1140 /* Pass the function call to HGCM connector for actual processing */
1141 rc = pThis->pHGCMDrv->pfnCall (pThis->pHGCMDrv, pCmd, pHGCMCall->u32ClientID,
1142 pHGCMCall->u32Function, cParms, pCmd->paHostParms);
1143
1144 if (RT_FAILURE (rc))
1145 {
1146 Log(("vmmdevHGCMCall: pfnCall failed rc = %Rrc\n", rc));
1147 vmmdevHGCMRemoveCommand (pThis, pCmd);
1148 }
1149 }
1150
1151 if (RT_FAILURE (rc))
1152 {
1153 if (pCmd->paLinPtrs)
1154 {
1155 RTMemFree (pCmd->paLinPtrs);
1156 }
1157
1158 RTMemFree (pCmd);
1159 }
1160
1161 return rc;
1162}
1163
1164static void logRelLoadStatePointerIndexMismatch (uint32_t iParm, uint32_t iSavedParm, int iLinPtr, int cLinPtrs)
1165{
1166 LogRel(("Warning: VMMDev load state: a pointer parameter index mismatch %d (expected %d) (%d/%d)\n",
1167 (int)iParm, (int)iSavedParm, iLinPtr, cLinPtrs));
1168}
1169
1170static void logRelLoadStateBufferSizeMismatch (uint32_t size, uint32_t iPage, uint32_t cPages)
1171{
1172 LogRel(("Warning: VMMDev load state: buffer size mismatch: size %d, page %d/%d\n",
1173 (int)size, (int)iPage, (int)cPages));
1174}
1175
1176
1177static int vmmdevHGCMCallSaved (PVMMDEV pThis, VMMDevHGCMCall *pHGCMCall, RTGCPHYS GCPhys, uint32_t cbHGCMCall, bool f64Bits, bool *pfHGCMCalled, VBOXHGCMCMD *pSavedCmd, VBOXHGCMCMD **ppCmd)
1178{
1179 int rc = VINF_SUCCESS;
1180
1181 Log(("vmmdevHGCMCallSaved: client id = %d, function = %d, %s bit\n", pHGCMCall->u32ClientID, pHGCMCall->u32Function, f64Bits? "64": "32"));
1182
1183 /* Compute size and allocate memory block to hold:
1184 * struct VBOXHGCMCMD
1185 * VBOXHGCMSVCPARM[cParms]
1186 * memory buffers for pointer parameters.
1187 */
1188
1189 uint32_t cParms = pHGCMCall->cParms;
1190
1191 Log(("vmmdevHGCMCall: cParms = %d\n", cParms));
1192
1193 /*
1194 * Sane upper limit.
1195 */
1196 if (cParms > VMMDEV_MAX_HGCM_PARMS)
1197 {
1198 LogRelMax(50, ("VMMDev: request packet with too many parameters (%d). Refusing operation.\n", cParms));
1199 return VERR_INVALID_PARAMETER;
1200 }
1201
1202 /*
1203 * Compute size of required memory buffer.
1204 */
1205
1206 uint32_t cbCmdSize = sizeof (struct VBOXHGCMCMD) + cParms * sizeof (VBOXHGCMSVCPARM);
1207
1208 uint32_t i;
1209
1210 int32_t cLinPtrs = 0;
1211 int32_t cLinPtrPages = 0;
1212
1213 if (f64Bits)
1214 {
1215#ifdef VBOX_WITH_64_BITS_GUESTS
1216 HGCMFunctionParameter64 *pGuestParm = VMMDEV_HGCM_CALL_PARMS64(pHGCMCall);
1217#else
1218 HGCMFunctionParameter *pGuestParm = VMMDEV_HGCM_CALL_PARMS(pHGCMCall);
1219 AssertFailed (); /* This code should not be called in this case */
1220#endif /* VBOX_WITH_64_BITS_GUESTS */
1221
1222 /* Look for pointer parameters, which require a host buffer. */
1223 for (i = 0; i < cParms && RT_SUCCESS(rc); i++, pGuestParm++)
1224 {
1225 switch (pGuestParm->type)
1226 {
1227 case VMMDevHGCMParmType_LinAddr_In: /* In (read) */
1228 case VMMDevHGCMParmType_LinAddr_Out: /* Out (write) */
1229 case VMMDevHGCMParmType_LinAddr: /* In & Out */
1230 {
1231 if (pGuestParm->u.Pointer.size > 0)
1232 {
1233 /* Only pointers with some actual data are counted. */
1234 cbCmdSize += pGuestParm->u.Pointer.size;
1235
1236 cLinPtrs++;
1237 /* Take the offset into the current page also into account! */
1238 cLinPtrPages += ((pGuestParm->u.Pointer.u.linearAddr & PAGE_OFFSET_MASK)
1239 + pGuestParm->u.Pointer.size + PAGE_SIZE - 1) / PAGE_SIZE;
1240 }
1241
1242 Log(("vmmdevHGCMCall: linptr size = %d\n", pGuestParm->u.Pointer.size));
1243 } break;
1244
1245 case VMMDevHGCMParmType_PageList:
1246 {
1247 cbCmdSize += pGuestParm->u.PageList.size;
1248 Log(("vmmdevHGCMCall: pagelist size = %d\n", pGuestParm->u.PageList.size));
1249 } break;
1250
1251 case VMMDevHGCMParmType_32bit:
1252 case VMMDevHGCMParmType_64bit:
1253 {
1254 } break;
1255
1256 default:
1257 case VMMDevHGCMParmType_PhysAddr:
1258 {
1259 AssertMsgFailed(("vmmdevHGCMCall: invalid parameter type %x\n", pGuestParm->type));
1260 rc = VERR_INVALID_PARAMETER;
1261 break;
1262 }
1263 }
1264 }
1265 }
1266 else
1267 {
1268#ifdef VBOX_WITH_64_BITS_GUESTS
1269 HGCMFunctionParameter32 *pGuestParm = VMMDEV_HGCM_CALL_PARMS32(pHGCMCall);
1270#else
1271 HGCMFunctionParameter *pGuestParm = VMMDEV_HGCM_CALL_PARMS(pHGCMCall);
1272#endif /* VBOX_WITH_64_BITS_GUESTS */
1273
1274 /* Look for pointer parameters, which require a host buffer. */
1275 for (i = 0; i < cParms && RT_SUCCESS(rc); i++, pGuestParm++)
1276 {
1277 switch (pGuestParm->type)
1278 {
1279 case VMMDevHGCMParmType_LinAddr_In: /* In (read) */
1280 case VMMDevHGCMParmType_LinAddr_Out: /* Out (write) */
1281 case VMMDevHGCMParmType_LinAddr: /* In & Out */
1282 {
1283 if (pGuestParm->u.Pointer.size > 0)
1284 {
1285 /* Only pointers with some actual data are counted. */
1286 cbCmdSize += pGuestParm->u.Pointer.size;
1287
1288 cLinPtrs++;
1289 /* Take the offset into the current page also into account! */
1290 cLinPtrPages += ((pGuestParm->u.Pointer.u.linearAddr & PAGE_OFFSET_MASK)
1291 + pGuestParm->u.Pointer.size + PAGE_SIZE - 1) / PAGE_SIZE;
1292 }
1293
1294 Log(("vmmdevHGCMCall: linptr size = %d\n", pGuestParm->u.Pointer.size));
1295 } break;
1296
1297 case VMMDevHGCMParmType_PageList:
1298 {
1299 cbCmdSize += pGuestParm->u.PageList.size;
1300 Log(("vmmdevHGCMCall: pagelist size = %d\n", pGuestParm->u.PageList.size));
1301 } break;
1302
1303 case VMMDevHGCMParmType_32bit:
1304 case VMMDevHGCMParmType_64bit:
1305 {
1306 } break;
1307
1308 default:
1309 {
1310 AssertMsgFailed(("vmmdevHGCMCall: invalid parameter type %x\n", pGuestParm->type));
1311 rc = VERR_INVALID_PARAMETER;
1312 break;
1313 }
1314 }
1315 }
1316 }
1317
1318 if (RT_FAILURE (rc))
1319 {
1320 return rc;
1321 }
1322
1323 if ( pSavedCmd->cLinPtrs != cLinPtrs
1324 || pSavedCmd->cLinPtrPages != cLinPtrPages)
1325 {
1326 LogRel(("VMMDev: invalid saved command ptrs: %d/%d, pages %d/%d\n",
1327 pSavedCmd->cLinPtrs, cLinPtrs, pSavedCmd->cLinPtrPages, cLinPtrPages));
1328 AssertFailed();
1329 return VERR_INVALID_PARAMETER;
1330 }
1331
1332 PVBOXHGCMCMD pCmd = (PVBOXHGCMCMD)RTMemAllocZ (cbCmdSize);
1333
1334 if (pCmd == NULL)
1335 {
1336 return VERR_NO_MEMORY;
1337 }
1338
1339 vmmdevRestoreSavedCommand(pCmd, pSavedCmd);
1340 *ppCmd = pCmd;
1341
1342 vmmdevHGCMAddCommand (pThis, pCmd, GCPhys, pHGCMCall->header.header.size, VBOXHGCMCMDTYPE_CALL);
1343
1344 /* Process parameters, changing them to host context pointers for easy
1345 * processing by connector. Guest must insure that the pointed data is actually
1346 * in the guest RAM and remains locked there for entire request processing.
1347 */
1348
1349 if (cParms != 0)
1350 {
1351 /* Compute addresses of host parms array and first memory buffer. */
1352 VBOXHGCMSVCPARM *pHostParm = (VBOXHGCMSVCPARM *)((uint8_t *)pCmd + sizeof (struct VBOXHGCMCMD));
1353
1354 uint8_t *pu8Buf = (uint8_t *)pHostParm + cParms * sizeof (VBOXHGCMSVCPARM);
1355
1356 pCmd->paHostParms = pHostParm;
1357 pCmd->cHostParms = cParms;
1358
1359 uint32_t iParm;
1360 int iLinPtr = 0;
1361
1362 if (f64Bits)
1363 {
1364#ifdef VBOX_WITH_64_BITS_GUESTS
1365 HGCMFunctionParameter64 *pGuestParm = VMMDEV_HGCM_CALL_PARMS64(pHGCMCall);
1366#else
1367 HGCMFunctionParameter *pGuestParm = VMMDEV_HGCM_CALL_PARMS(pHGCMCall);
1368 AssertFailed (); /* This code should not be called in this case */
1369#endif /* VBOX_WITH_64_BITS_GUESTS */
1370
1371 for (iParm = 0; iParm < cParms && RT_SUCCESS(rc); iParm++, pGuestParm++, pHostParm++)
1372 {
1373 switch (pGuestParm->type)
1374 {
1375 case VMMDevHGCMParmType_32bit:
1376 {
1377 uint32_t u32 = pGuestParm->u.value32;
1378
1379 pHostParm->type = VBOX_HGCM_SVC_PARM_32BIT;
1380 pHostParm->u.uint32 = u32;
1381
1382 Log(("vmmdevHGCMCall: uint32 guest parameter %u\n", u32));
1383 break;
1384 }
1385
1386 case VMMDevHGCMParmType_64bit:
1387 {
1388 uint64_t u64 = pGuestParm->u.value64;
1389
1390 pHostParm->type = VBOX_HGCM_SVC_PARM_64BIT;
1391 pHostParm->u.uint64 = u64;
1392
1393 Log(("vmmdevHGCMCall: uint64 guest parameter %llu\n", u64));
1394 break;
1395 }
1396
1397 case VMMDevHGCMParmType_LinAddr_In: /* In (read) */
1398 case VMMDevHGCMParmType_LinAddr_Out: /* Out (write) */
1399 case VMMDevHGCMParmType_LinAddr: /* In & Out */
1400 {
1401 uint32_t size = pGuestParm->u.Pointer.size;
1402
1403 pHostParm->type = VBOX_HGCM_SVC_PARM_PTR;
1404 pHostParm->u.pointer.size = size;
1405
1406 /* Copy guest data to an allocated buffer, so
1407 * services can use the data.
1408 */
1409
1410 if (size == 0)
1411 {
1412 pHostParm->u.pointer.addr = NULL;
1413 }
1414 else
1415 {
1416 /* The saved command already have the page list in pCmd->paLinPtrs.
1417 * Read data from guest pages.
1418 */
1419 /* Don't overdo it */
1420 if (pGuestParm->type != VMMDevHGCMParmType_LinAddr_Out)
1421 {
1422 if ( iLinPtr >= pCmd->cLinPtrs
1423 || pCmd->paLinPtrs[iLinPtr].iParm != iParm)
1424 {
1425 logRelLoadStatePointerIndexMismatch (iParm, pCmd->paLinPtrs[iLinPtr].iParm, iLinPtr, pCmd->cLinPtrs);
1426 rc = VERR_INVALID_PARAMETER;
1427 }
1428 else
1429 {
1430 VBOXHGCMLINPTR *pLinPtr = &pCmd->paLinPtrs[iLinPtr];
1431
1432 uint32_t iPage;
1433 uint32_t offPage = pLinPtr->offFirstPage;
1434 size_t cbRemaining = size;
1435 uint8_t *pu8Dst = pu8Buf;
1436 for (iPage = 0; iPage < pLinPtr->cPages; iPage++)
1437 {
1438 if (cbRemaining == 0)
1439 {
1440 logRelLoadStateBufferSizeMismatch (size, iPage, pLinPtr->cPages);
1441 break;
1442 }
1443
1444 size_t cbChunk = PAGE_SIZE - offPage;
1445
1446 if (cbChunk > cbRemaining)
1447 {
1448 cbChunk = cbRemaining;
1449 }
1450
1451 rc = PDMDevHlpPhysRead(pThis->pDevIns,
1452 pLinPtr->paPages[iPage] + offPage,
1453 pu8Dst, cbChunk);
1454
1455 AssertRCBreak(rc);
1456
1457 offPage = 0; /* A next page is read from 0 offset. */
1458 cbRemaining -= cbChunk;
1459 pu8Dst += cbChunk;
1460 }
1461 }
1462 }
1463 else
1464 rc = VINF_SUCCESS;
1465
1466 if (RT_SUCCESS(rc))
1467 {
1468 pHostParm->u.pointer.addr = pu8Buf;
1469 pu8Buf += size;
1470
1471 iLinPtr++;
1472 }
1473 }
1474
1475 Log(("vmmdevHGCMCall: LinAddr guest parameter %RGv, rc = %Rrc\n",
1476 pGuestParm->u.Pointer.u.linearAddr, rc));
1477 break;
1478 }
1479
1480 case VMMDevHGCMParmType_PageList:
1481 {
1482 uint32_t size = pGuestParm->u.PageList.size;
1483
1484 /* Check that the page list info is within the request. */
1485 if ( cbHGCMCall < sizeof (HGCMPageListInfo)
1486 || pGuestParm->u.PageList.offset > cbHGCMCall - sizeof (HGCMPageListInfo))
1487 {
1488 rc = VERR_INVALID_PARAMETER;
1489 break;
1490 }
1491
1492 /* At least the structure is within. */
1493 HGCMPageListInfo *pPageListInfo = (HGCMPageListInfo *)((uint8_t *)pHGCMCall + pGuestParm->u.PageList.offset);
1494
1495 uint32_t cbPageListInfo = sizeof (HGCMPageListInfo) + (pPageListInfo->cPages - 1) * sizeof (pPageListInfo->aPages[0]);
1496
1497 if ( pPageListInfo->cPages == 0
1498 || cbHGCMCall < pGuestParm->u.PageList.offset + cbPageListInfo)
1499 {
1500 rc = VERR_INVALID_PARAMETER;
1501 break;
1502 }
1503
1504 pHostParm->type = VBOX_HGCM_SVC_PARM_PTR;
1505 pHostParm->u.pointer.size = size;
1506
1507 /* Copy guest data to an allocated buffer, so
1508 * services can use the data.
1509 */
1510
1511 if (size == 0)
1512 {
1513 pHostParm->u.pointer.addr = NULL;
1514 }
1515 else
1516 {
1517 if (pPageListInfo->flags & VBOX_HGCM_F_PARM_DIRECTION_TO_HOST)
1518 {
1519 /* Copy pages to the pcBuf[size]. */
1520 rc = vmmdevHGCMPageListRead(pThis->pDevIns, pu8Buf, size, pPageListInfo);
1521 }
1522 else
1523 rc = VINF_SUCCESS;
1524
1525 if (RT_SUCCESS(rc))
1526 {
1527 pHostParm->u.pointer.addr = pu8Buf;
1528 pu8Buf += size;
1529 }
1530 }
1531
1532 Log(("vmmdevHGCMCall: PageList guest parameter rc = %Rrc\n", rc));
1533 break;
1534 }
1535
1536 /* just to shut up gcc */
1537 default:
1538 AssertFailed();
1539 break;
1540 }
1541 }
1542 }
1543 else
1544 {
1545#ifdef VBOX_WITH_64_BITS_GUESTS
1546 HGCMFunctionParameter32 *pGuestParm = VMMDEV_HGCM_CALL_PARMS32(pHGCMCall);
1547#else
1548 HGCMFunctionParameter *pGuestParm = VMMDEV_HGCM_CALL_PARMS(pHGCMCall);
1549#endif /* VBOX_WITH_64_BITS_GUESTS */
1550
1551 for (iParm = 0; iParm < cParms && RT_SUCCESS(rc); iParm++, pGuestParm++, pHostParm++)
1552 {
1553 switch (pGuestParm->type)
1554 {
1555 case VMMDevHGCMParmType_32bit:
1556 {
1557 uint32_t u32 = pGuestParm->u.value32;
1558
1559 pHostParm->type = VBOX_HGCM_SVC_PARM_32BIT;
1560 pHostParm->u.uint32 = u32;
1561
1562 Log(("vmmdevHGCMCall: uint32 guest parameter %u\n", u32));
1563 break;
1564 }
1565
1566 case VMMDevHGCMParmType_64bit:
1567 {
1568 uint64_t u64 = pGuestParm->u.value64;
1569
1570 pHostParm->type = VBOX_HGCM_SVC_PARM_64BIT;
1571 pHostParm->u.uint64 = u64;
1572
1573 Log(("vmmdevHGCMCall: uint64 guest parameter %llu\n", u64));
1574 break;
1575 }
1576
1577 case VMMDevHGCMParmType_LinAddr_In: /* In (read) */
1578 case VMMDevHGCMParmType_LinAddr_Out: /* Out (write) */
1579 case VMMDevHGCMParmType_LinAddr: /* In & Out */
1580 {
1581 uint32_t size = pGuestParm->u.Pointer.size;
1582
1583 pHostParm->type = VBOX_HGCM_SVC_PARM_PTR;
1584 pHostParm->u.pointer.size = size;
1585
1586 /* Copy guest data to an allocated buffer, so
1587 * services can use the data.
1588 */
1589
1590 if (size == 0)
1591 {
1592 pHostParm->u.pointer.addr = NULL;
1593 }
1594 else
1595 {
1596 /* The saved command already have the page list in pCmd->paLinPtrs.
1597 * Read data from guest pages.
1598 */
1599 /* Don't overdo it */
1600 if (pGuestParm->type != VMMDevHGCMParmType_LinAddr_Out)
1601 {
1602 if ( iLinPtr >= pCmd->cLinPtrs
1603 || pCmd->paLinPtrs[iLinPtr].iParm != iParm)
1604 {
1605 logRelLoadStatePointerIndexMismatch (iParm, pCmd->paLinPtrs[iLinPtr].iParm, iLinPtr, pCmd->cLinPtrs);
1606 rc = VERR_INVALID_PARAMETER;
1607 }
1608 else
1609 {
1610 VBOXHGCMLINPTR *pLinPtr = &pCmd->paLinPtrs[iLinPtr];
1611
1612 uint32_t iPage;
1613 uint32_t offPage = pLinPtr->offFirstPage;
1614 size_t cbRemaining = size;
1615 uint8_t *pu8Dst = pu8Buf;
1616 for (iPage = 0; iPage < pLinPtr->cPages; iPage++)
1617 {
1618 if (cbRemaining == 0)
1619 {
1620 logRelLoadStateBufferSizeMismatch (size, iPage, pLinPtr->cPages);
1621 break;
1622 }
1623
1624 size_t cbChunk = PAGE_SIZE - offPage;
1625
1626 if (cbChunk > cbRemaining)
1627 {
1628 cbChunk = cbRemaining;
1629 }
1630
1631 rc = PDMDevHlpPhysRead(pThis->pDevIns,
1632 pLinPtr->paPages[iPage] + offPage,
1633 pu8Dst, cbChunk);
1634
1635 AssertRCBreak(rc);
1636
1637 offPage = 0; /* A next page is read from 0 offset. */
1638 cbRemaining -= cbChunk;
1639 pu8Dst += cbChunk;
1640 }
1641 }
1642 }
1643 else
1644 rc = VINF_SUCCESS;
1645
1646 if (RT_SUCCESS(rc))
1647 {
1648 pHostParm->u.pointer.addr = pu8Buf;
1649 pu8Buf += size;
1650
1651 iLinPtr++;
1652 }
1653 }
1654
1655 Log(("vmmdevHGCMCall: LinAddr guest parameter %RGv, rc = %Rrc\n",
1656 pGuestParm->u.Pointer.u.linearAddr, rc));
1657 break;
1658 }
1659
1660 case VMMDevHGCMParmType_PageList:
1661 {
1662 uint32_t size = pGuestParm->u.PageList.size;
1663
1664 /* Check that the page list info is within the request. */
1665 if ( cbHGCMCall < sizeof (HGCMPageListInfo)
1666 || pGuestParm->u.PageList.offset > cbHGCMCall - sizeof (HGCMPageListInfo))
1667 {
1668 rc = VERR_INVALID_PARAMETER;
1669 break;
1670 }
1671
1672 /* At least the structure is within. */
1673 HGCMPageListInfo *pPageListInfo = (HGCMPageListInfo *)((uint8_t *)pHGCMCall + pGuestParm->u.PageList.offset);
1674
1675 uint32_t cbPageListInfo = sizeof (HGCMPageListInfo) + (pPageListInfo->cPages - 1) * sizeof (pPageListInfo->aPages[0]);
1676
1677 if ( pPageListInfo->cPages == 0
1678 || cbHGCMCall < pGuestParm->u.PageList.offset + cbPageListInfo)
1679 {
1680 rc = VERR_INVALID_PARAMETER;
1681 break;
1682 }
1683
1684 pHostParm->type = VBOX_HGCM_SVC_PARM_PTR;
1685 pHostParm->u.pointer.size = size;
1686
1687 /* Copy guest data to an allocated buffer, so
1688 * services can use the data.
1689 */
1690
1691 if (size == 0)
1692 {
1693 pHostParm->u.pointer.addr = NULL;
1694 }
1695 else
1696 {
1697 if (pPageListInfo->flags & VBOX_HGCM_F_PARM_DIRECTION_TO_HOST)
1698 {
1699 /* Copy pages to the pcBuf[size]. */
1700 rc = vmmdevHGCMPageListRead(pThis->pDevIns, pu8Buf, size, pPageListInfo);
1701 }
1702 else
1703 rc = VINF_SUCCESS;
1704
1705 if (RT_SUCCESS(rc))
1706 {
1707 pHostParm->u.pointer.addr = pu8Buf;
1708 pu8Buf += size;
1709 }
1710 }
1711
1712 Log(("vmmdevHGCMCall: PageList guest parameter rc = %Rrc\n", rc));
1713 break;
1714 }
1715
1716 /* just to shut up gcc */
1717 default:
1718 AssertFailed();
1719 break;
1720 }
1721 }
1722 }
1723 }
1724
1725 if (RT_SUCCESS (rc))
1726 {
1727 /* Pass the function call to HGCM connector for actual processing */
1728 rc = pThis->pHGCMDrv->pfnCall (pThis->pHGCMDrv, pCmd, pHGCMCall->u32ClientID, pHGCMCall->u32Function, cParms, pCmd->paHostParms);
1729 if (RT_SUCCESS (rc))
1730 {
1731 *pfHGCMCalled = true;
1732 }
1733 /* else
1734 * ... the caller will also execute vmmdevHGCMRemoveCommand() for us */
1735 }
1736
1737 return rc;
1738}
1739
1740/**
1741 * VMMDevReq_HGCMCancel worker.
1742 *
1743 * @thread EMT
1744 */
1745int vmmdevHGCMCancel (PVMMDEV pThis, VMMDevHGCMCancel *pHGCMCancel, RTGCPHYS GCPhys)
1746{
1747 NOREF(pHGCMCancel);
1748 int rc = vmmdevHGCMCancel2(pThis, GCPhys);
1749 return rc == VERR_NOT_FOUND ? VERR_INVALID_PARAMETER : rc;
1750}
1751
1752/**
1753 * VMMDevReq_HGCMCancel2 worker.
1754 *
1755 * @retval VINF_SUCCESS on success.
1756 * @retval VERR_NOT_FOUND if the request was not found.
1757 * @retval VERR_INVALID_PARAMETER if the request address is invalid.
1758 *
1759 * @param pThis The VMMDev instance data.
1760 * @param GCPhys The address of the request that should be cancelled.
1761 *
1762 * @thread EMT
1763 */
1764int vmmdevHGCMCancel2 (PVMMDEV pThis, RTGCPHYS GCPhys)
1765{
1766 if ( GCPhys == 0
1767 || GCPhys == NIL_RTGCPHYS
1768 || GCPhys == NIL_RTGCPHYS32)
1769 {
1770 Log(("vmmdevHGCMCancel2: GCPhys=%#x\n", GCPhys));
1771 return VERR_INVALID_PARAMETER;
1772 }
1773
1774 /*
1775 * Locate the command and cancel it while under the protection of
1776 * the lock. hgcmCompletedWorker makes assumptions about this.
1777 */
1778 int rc = vmmdevHGCMCmdListLock (pThis);
1779 AssertRCReturn(rc, rc);
1780
1781 PVBOXHGCMCMD pCmd = vmmdevHGCMFindCommandLocked (pThis, GCPhys);
1782 if (pCmd)
1783 {
1784 pCmd->fCancelled = true;
1785 Log(("vmmdevHGCMCancel2: Cancelled pCmd=%p / GCPhys=%#x\n", pCmd, GCPhys));
1786 }
1787 else
1788 rc = VERR_NOT_FOUND;
1789
1790 vmmdevHGCMCmdListUnlock (pThis);
1791 return rc;
1792}
1793
1794static int vmmdevHGCMCmdVerify (PVBOXHGCMCMD pCmd, VMMDevHGCMRequestHeader *pHeader)
1795{
1796 switch (pCmd->enmCmdType)
1797 {
1798 case VBOXHGCMCMDTYPE_CONNECT:
1799 if ( pHeader->header.requestType == VMMDevReq_HGCMConnect
1800 || pHeader->header.requestType == VMMDevReq_HGCMCancel) return VINF_SUCCESS;
1801 break;
1802
1803 case VBOXHGCMCMDTYPE_DISCONNECT:
1804 if ( pHeader->header.requestType == VMMDevReq_HGCMDisconnect
1805 || pHeader->header.requestType == VMMDevReq_HGCMCancel) return VINF_SUCCESS;
1806 break;
1807
1808 case VBOXHGCMCMDTYPE_CALL:
1809#ifdef VBOX_WITH_64_BITS_GUESTS
1810 if ( pHeader->header.requestType == VMMDevReq_HGCMCall32
1811 || pHeader->header.requestType == VMMDevReq_HGCMCall64
1812 || pHeader->header.requestType == VMMDevReq_HGCMCancel) return VINF_SUCCESS;
1813#else
1814 if ( pHeader->header.requestType == VMMDevReq_HGCMCall
1815 || pHeader->header.requestType == VMMDevReq_HGCMCancel) return VINF_SUCCESS;
1816#endif /* VBOX_WITH_64_BITS_GUESTS */
1817
1818 break;
1819
1820 default:
1821 AssertFailed ();
1822 }
1823
1824 LogRel(("VMMDEV: Invalid HGCM command: pCmd->enmCmdType = 0x%08X, pHeader->header.requestType = 0x%08X\n",
1825 pCmd->enmCmdType, pHeader->header.requestType));
1826 return VERR_INVALID_PARAMETER;
1827}
1828
1829#ifdef VBOX_WITH_64_BITS_GUESTS
1830static int vmmdevHGCMParmVerify64(HGCMFunctionParameter64 *pGuestParm, VBOXHGCMSVCPARM *pHostParm)
1831{
1832 int rc = VERR_INVALID_PARAMETER;
1833
1834 switch (pGuestParm->type)
1835 {
1836 case VMMDevHGCMParmType_32bit:
1837 if (pHostParm->type == VBOX_HGCM_SVC_PARM_32BIT)
1838 rc = VINF_SUCCESS;
1839 break;
1840
1841 case VMMDevHGCMParmType_64bit:
1842 if (pHostParm->type == VBOX_HGCM_SVC_PARM_64BIT)
1843 rc = VINF_SUCCESS;
1844 break;
1845
1846 case VMMDevHGCMParmType_LinAddr_In: /* In (read) */
1847 case VMMDevHGCMParmType_LinAddr_Out: /* Out (write) */
1848 case VMMDevHGCMParmType_LinAddr: /* In & Out */
1849 if ( pHostParm->type == VBOX_HGCM_SVC_PARM_PTR
1850 && pGuestParm->u.Pointer.size >= pHostParm->u.pointer.size)
1851 rc = VINF_SUCCESS;
1852 break;
1853
1854 case VMMDevHGCMParmType_PageList:
1855 if ( pHostParm->type == VBOX_HGCM_SVC_PARM_PTR
1856 && pGuestParm->u.PageList.size >= pHostParm->u.pointer.size)
1857 rc = VINF_SUCCESS;
1858 break;
1859
1860 default:
1861 AssertLogRelMsgFailed(("hgcmCompleted: invalid parameter type %08X\n", pGuestParm->type));
1862 break;
1863 }
1864
1865 return rc;
1866}
1867#endif /* VBOX_WITH_64_BITS_GUESTS */
1868
1869#ifdef VBOX_WITH_64_BITS_GUESTS
1870static int vmmdevHGCMParmVerify32(HGCMFunctionParameter32 *pGuestParm, VBOXHGCMSVCPARM *pHostParm)
1871#else
1872static int vmmdevHGCMParmVerify32(HGCMFunctionParameter *pGuestParm, VBOXHGCMSVCPARM *pHostParm)
1873#endif
1874{
1875 int rc = VERR_INVALID_PARAMETER;
1876
1877 switch (pGuestParm->type)
1878 {
1879 case VMMDevHGCMParmType_32bit:
1880 if (pHostParm->type == VBOX_HGCM_SVC_PARM_32BIT)
1881 rc = VINF_SUCCESS;
1882 break;
1883
1884 case VMMDevHGCMParmType_64bit:
1885 if (pHostParm->type == VBOX_HGCM_SVC_PARM_64BIT)
1886 rc = VINF_SUCCESS;
1887 break;
1888
1889 case VMMDevHGCMParmType_LinAddr_In: /* In (read) */
1890 case VMMDevHGCMParmType_LinAddr_Out: /* Out (write) */
1891 case VMMDevHGCMParmType_LinAddr: /* In & Out */
1892 if ( pHostParm->type == VBOX_HGCM_SVC_PARM_PTR
1893 && pGuestParm->u.Pointer.size >= pHostParm->u.pointer.size)
1894 rc = VINF_SUCCESS;
1895 break;
1896
1897 case VMMDevHGCMParmType_PageList:
1898 if ( pHostParm->type == VBOX_HGCM_SVC_PARM_PTR
1899 && pGuestParm->u.PageList.size >= pHostParm->u.pointer.size)
1900 rc = VINF_SUCCESS;
1901 break;
1902
1903 default:
1904 AssertLogRelMsgFailed(("hgcmCompleted: invalid parameter type %08X\n", pGuestParm->type));
1905 break;
1906 }
1907
1908 return rc;
1909}
1910
1911DECLCALLBACK(void) hgcmCompletedWorker (PPDMIHGCMPORT pInterface, int32_t result, PVBOXHGCMCMD pCmd)
1912{
1913 PVMMDEV pThis = RT_FROM_MEMBER(pInterface, VMMDevState, IHGCMPort);
1914#ifdef VBOX_WITH_DTRACE
1915 uint32_t idFunction = 0;
1916 uint32_t idClient = 0;
1917#endif
1918
1919 int rc = VINF_SUCCESS;
1920
1921 if (result == VINF_HGCM_SAVE_STATE)
1922 {
1923 /* If the completion routine was called because HGCM saves its state,
1924 * then currently nothing to be done here. The pCmd stays in the list
1925 * and will be saved later when the VMMDev state will be saved.
1926 *
1927 * It it assumed that VMMDev saves state after the HGCM services,
1928 * and, therefore, VBOXHGCMCMD structures are not removed by
1929 * vmmdevHGCMSaveState from the list, while HGCM uses them.
1930 */
1931 LogFlowFunc(("VINF_HGCM_SAVE_STATE for command %p\n", pCmd));
1932 return;
1933 }
1934
1935 /*
1936 * The cancellation protocol requires us to remove the command here
1937 * and then check the flag. Cancelled commands must not be written
1938 * back to guest memory.
1939 */
1940 VBOXDD_HGCMCALL_COMPLETED_EMT(pCmd, result);
1941 vmmdevHGCMRemoveCommand (pThis, pCmd);
1942
1943 if (pCmd->fCancelled)
1944 {
1945 LogFlowFunc(("A cancelled command %p: %d\n", pCmd, pCmd->fCancelled));
1946 }
1947 else
1948 {
1949 /* Preallocated block for requests which have up to 8 parameters (most of requests). */
1950#ifdef VBOX_WITH_64_BITS_GUESTS
1951 uint8_t au8Prealloc[sizeof (VMMDevHGCMCall) + 8 * sizeof (HGCMFunctionParameter64)];
1952#else
1953 uint8_t au8Prealloc[sizeof (VMMDevHGCMCall) + 8 * sizeof (HGCMFunctionParameter)];
1954#endif /* VBOX_WITH_64_BITS_GUESTS */
1955
1956 VMMDevHGCMRequestHeader *pHeader;
1957
1958 if (pCmd->cbSize <= sizeof (au8Prealloc))
1959 {
1960 pHeader = (VMMDevHGCMRequestHeader *)&au8Prealloc[0];
1961 }
1962 else
1963 {
1964 pHeader = (VMMDevHGCMRequestHeader *)RTMemAlloc (pCmd->cbSize);
1965 if (pHeader == NULL)
1966 {
1967 LogRel(("VMMDev: Failed to allocate %u bytes for HGCM request completion!!!\n", pCmd->cbSize));
1968
1969 /* Free it. The command have to be excluded from list of active commands anyway. */
1970 RTMemFree (pCmd);
1971 return;
1972 }
1973 }
1974
1975 /*
1976 * Enter and leave the critical section here so we make sure
1977 * vmmdevRequestHandler has completed before we read & write
1978 * the request. (This isn't 100% optimal, but it solves the
1979 * 3.0 blocker.)
1980 */
1981 /** @todo It would be faster if this interface would use MMIO2 memory and we
1982 * didn't have to mess around with PDMDevHlpPhysRead/Write. We're
1983 * reading the header 3 times now and writing the request back twice. */
1984
1985 PDMCritSectEnter(&pThis->CritSect, VERR_SEM_BUSY);
1986 PDMCritSectLeave(&pThis->CritSect);
1987
1988 PDMDevHlpPhysRead(pThis->pDevIns, pCmd->GCPhys, pHeader, pCmd->cbSize);
1989
1990 /* Setup return codes. */
1991 pHeader->result = result;
1992
1993 /* Verify the request type. */
1994 rc = vmmdevHGCMCmdVerify (pCmd, pHeader);
1995
1996 if (RT_SUCCESS (rc))
1997 {
1998 /* Update parameters and data buffers. */
1999
2000 switch (pHeader->header.requestType)
2001 {
2002#ifdef VBOX_WITH_64_BITS_GUESTS
2003 case VMMDevReq_HGCMCall64:
2004 {
2005 VMMDevHGCMCall *pHGCMCall = (VMMDevHGCMCall *)pHeader;
2006
2007 uint32_t cParms = pHGCMCall->cParms;
2008 if (cParms != pCmd->cHostParms)
2009 rc = VERR_INVALID_PARAMETER;
2010
2011 VBOXHGCMSVCPARM *pHostParm = pCmd->paHostParms;
2012
2013 uint32_t i;
2014 uint32_t iLinPtr = 0;
2015
2016 HGCMFunctionParameter64 *pGuestParm = VMMDEV_HGCM_CALL_PARMS64(pHGCMCall);
2017
2018 for (i = 0; i < cParms && RT_SUCCESS(rc); i++, pGuestParm++, pHostParm++)
2019 {
2020 rc = vmmdevHGCMParmVerify64(pGuestParm, pHostParm);
2021 if (RT_FAILURE(rc))
2022 break;
2023
2024 switch (pGuestParm->type)
2025 {
2026 case VMMDevHGCMParmType_32bit:
2027 {
2028 pGuestParm->u.value32 = pHostParm->u.uint32;
2029 } break;
2030
2031 case VMMDevHGCMParmType_64bit:
2032 {
2033 pGuestParm->u.value64 = pHostParm->u.uint64;
2034 } break;
2035
2036 case VMMDevHGCMParmType_LinAddr_In: /* In (read) */
2037 case VMMDevHGCMParmType_LinAddr_Out: /* Out (write) */
2038 case VMMDevHGCMParmType_LinAddr: /* In & Out */
2039 {
2040 /* Copy buffer back to guest memory. */
2041 uint32_t size = pGuestParm->u.Pointer.size;
2042
2043 if (size > 0)
2044 {
2045 if (pGuestParm->type != VMMDevHGCMParmType_LinAddr_In)
2046 {
2047 /* Use the saved page list to write data back to the guest RAM. */
2048 rc = vmmdevHGCMWriteLinPtr (pThis->pDevIns, i, pHostParm->u.pointer.addr,
2049 size, iLinPtr, pCmd->paLinPtrs);
2050 }
2051
2052 /* All linptrs with size > 0 were saved. Advance the index to the next linptr. */
2053 iLinPtr++;
2054 }
2055 } break;
2056
2057 case VMMDevHGCMParmType_PageList:
2058 {
2059 uint32_t cbHGCMCall = pCmd->cbSize; /* Size of the request. */
2060
2061 uint32_t size = pGuestParm->u.PageList.size;
2062
2063 /* Check that the page list info is within the request. */
2064 if ( cbHGCMCall < sizeof (HGCMPageListInfo)
2065 || pGuestParm->u.PageList.offset > cbHGCMCall - sizeof (HGCMPageListInfo))
2066 {
2067 rc = VERR_INVALID_PARAMETER;
2068 break;
2069 }
2070
2071 /* At least the structure is within. */
2072 HGCMPageListInfo *pPageListInfo = (HGCMPageListInfo *)((uint8_t *)pHGCMCall + pGuestParm->u.PageList.offset);
2073
2074 uint32_t cbPageListInfo = sizeof (HGCMPageListInfo) + (pPageListInfo->cPages - 1) * sizeof (pPageListInfo->aPages[0]);
2075
2076 if ( pPageListInfo->cPages == 0
2077 || cbHGCMCall < pGuestParm->u.PageList.offset + cbPageListInfo)
2078 {
2079 rc = VERR_INVALID_PARAMETER;
2080 break;
2081 }
2082
2083 if (size > 0)
2084 {
2085 if (pPageListInfo->flags & VBOX_HGCM_F_PARM_DIRECTION_FROM_HOST)
2086 {
2087 /* Copy pHostParm->u.pointer.addr[pHostParm->u.pointer.size] to pages. */
2088 rc = vmmdevHGCMPageListWrite(pThis->pDevIns, pPageListInfo, pHostParm->u.pointer.addr, size);
2089 }
2090 else
2091 rc = VINF_SUCCESS;
2092 }
2093
2094 Log(("vmmdevHGCMCall: PageList guest parameter rc = %Rrc\n", rc));
2095 } break;
2096
2097 default:
2098 {
2099 /* This indicates that the guest request memory was corrupted. */
2100 rc = VERR_INVALID_PARAMETER;
2101 break;
2102 }
2103 }
2104 }
2105# ifdef VBOX_WITH_DTRACE
2106 idFunction = pHGCMCall->u32Function;
2107 idClient = pHGCMCall->u32ClientID;
2108# endif
2109 break;
2110 }
2111
2112 case VMMDevReq_HGCMCall32:
2113 {
2114 VMMDevHGCMCall *pHGCMCall = (VMMDevHGCMCall *)pHeader;
2115
2116 uint32_t cParms = pHGCMCall->cParms;
2117 if (cParms != pCmd->cHostParms)
2118 rc = VERR_INVALID_PARAMETER;
2119
2120 VBOXHGCMSVCPARM *pHostParm = pCmd->paHostParms;
2121
2122 uint32_t i;
2123 uint32_t iLinPtr = 0;
2124
2125 HGCMFunctionParameter32 *pGuestParm = VMMDEV_HGCM_CALL_PARMS32(pHGCMCall);
2126
2127 for (i = 0; i < cParms && RT_SUCCESS(rc); i++, pGuestParm++, pHostParm++)
2128 {
2129 rc = vmmdevHGCMParmVerify32(pGuestParm, pHostParm);
2130 if (RT_FAILURE(rc))
2131 break;
2132
2133 switch (pGuestParm->type)
2134 {
2135 case VMMDevHGCMParmType_32bit:
2136 {
2137 pGuestParm->u.value32 = pHostParm->u.uint32;
2138 } break;
2139
2140 case VMMDevHGCMParmType_64bit:
2141 {
2142 pGuestParm->u.value64 = pHostParm->u.uint64;
2143 } break;
2144
2145 case VMMDevHGCMParmType_LinAddr_In: /* In (read) */
2146 case VMMDevHGCMParmType_LinAddr_Out: /* Out (write) */
2147 case VMMDevHGCMParmType_LinAddr: /* In & Out */
2148 {
2149 /* Copy buffer back to guest memory. */
2150 uint32_t size = pGuestParm->u.Pointer.size;
2151
2152 if (size > 0)
2153 {
2154 if (pGuestParm->type != VMMDevHGCMParmType_LinAddr_In)
2155 {
2156 /* Use the saved page list to write data back to the guest RAM. */
2157 rc = vmmdevHGCMWriteLinPtr (pThis->pDevIns, i, pHostParm->u.pointer.addr, size, iLinPtr, pCmd->paLinPtrs);
2158 }
2159
2160 /* All linptrs with size > 0 were saved. Advance the index to the next linptr. */
2161 iLinPtr++;
2162 }
2163 } break;
2164
2165 case VMMDevHGCMParmType_PageList:
2166 {
2167 uint32_t cbHGCMCall = pCmd->cbSize; /* Size of the request. */
2168
2169 uint32_t size = pGuestParm->u.PageList.size;
2170
2171 /* Check that the page list info is within the request. */
2172 if ( cbHGCMCall < sizeof (HGCMPageListInfo)
2173 || pGuestParm->u.PageList.offset > cbHGCMCall - sizeof (HGCMPageListInfo))
2174 {
2175 rc = VERR_INVALID_PARAMETER;
2176 break;
2177 }
2178
2179 /* At least the structure is within. */
2180 HGCMPageListInfo *pPageListInfo = (HGCMPageListInfo *)((uint8_t *)pHGCMCall + pGuestParm->u.PageList.offset);
2181
2182 uint32_t cbPageListInfo = sizeof (HGCMPageListInfo) + (pPageListInfo->cPages - 1) * sizeof (pPageListInfo->aPages[0]);
2183
2184 if ( pPageListInfo->cPages == 0
2185 || cbHGCMCall < pGuestParm->u.PageList.offset + cbPageListInfo)
2186 {
2187 rc = VERR_INVALID_PARAMETER;
2188 break;
2189 }
2190
2191 if (size > 0)
2192 {
2193 if (pPageListInfo->flags & VBOX_HGCM_F_PARM_DIRECTION_FROM_HOST)
2194 {
2195 /* Copy pHostParm->u.pointer.addr[pHostParm->u.pointer.size] to pages. */
2196 rc = vmmdevHGCMPageListWrite(pThis->pDevIns, pPageListInfo, pHostParm->u.pointer.addr, size);
2197 }
2198 else
2199 rc = VINF_SUCCESS;
2200 }
2201
2202 Log(("vmmdevHGCMCall: PageList guest parameter rc = %Rrc\n", rc));
2203 } break;
2204
2205 default:
2206 {
2207 /* This indicates that the guest request memory was corrupted. */
2208 rc = VERR_INVALID_PARAMETER;
2209 break;
2210 }
2211 }
2212 }
2213# ifdef VBOX_WITH_DTRACE
2214 idFunction = pHGCMCall->u32Function;
2215 idClient = pHGCMCall->u32ClientID;
2216# endif
2217 break;
2218 }
2219#else
2220 case VMMDevReq_HGCMCall:
2221 {
2222 VMMDevHGCMCall *pHGCMCall = (VMMDevHGCMCall *)pHeader;
2223
2224 uint32_t cParms = pHGCMCall->cParms;
2225 if (cParms != pCmd->cHostParms)
2226 rc = VERR_INVALID_PARAMETER;
2227
2228 VBOXHGCMSVCPARM *pHostParm = pCmd->paHostParms;
2229
2230 uint32_t i;
2231 uint32_t iLinPtr = 0;
2232
2233 HGCMFunctionParameter *pGuestParm = VMMDEV_HGCM_CALL_PARMS(pHGCMCall);
2234
2235 for (i = 0; i < cParms && RT_SUCCESS(rc); i++, pGuestParm++, pHostParm++)
2236 {
2237 rc = vmmdevHGCMParmVerify32(pGuestParm, pHostParm);
2238 if (RT_FAILURE(rc))
2239 break;
2240
2241 switch (pGuestParm->type)
2242 {
2243 case VMMDevHGCMParmType_32bit:
2244 {
2245 pGuestParm->u.value32 = pHostParm->u.uint32;
2246 } break;
2247
2248 case VMMDevHGCMParmType_64bit:
2249 {
2250 pGuestParm->u.value64 = pHostParm->u.uint64;
2251 } break;
2252
2253 case VMMDevHGCMParmType_LinAddr_In: /* In (read) */
2254 case VMMDevHGCMParmType_LinAddr_Out: /* Out (write) */
2255 case VMMDevHGCMParmType_LinAddr: /* In & Out */
2256 {
2257 /* Copy buffer back to guest memory. */
2258 uint32_t size = pGuestParm->u.Pointer.size;
2259
2260 if (size > 0)
2261 {
2262 if (pGuestParm->type != VMMDevHGCMParmType_LinAddr_In)
2263 {
2264 /* Use the saved page list to write data back to the guest RAM. */
2265 rc = vmmdevHGCMWriteLinPtr (pThis->pDevIns, i, pHostParm->u.pointer.addr, size, iLinPtr, pCmd->paLinPtrs);
2266 }
2267
2268 /* All linptrs with size > 0 were saved. Advance the index to the next linptr. */
2269 iLinPtr++;
2270 }
2271 } break;
2272
2273 case VMMDevHGCMParmType_PageList:
2274 {
2275 uint32_t cbHGCMCall = pCmd->cbSize; /* Size of the request. */
2276
2277 uint32_t size = pGuestParm->u.PageList.size;
2278
2279 /* Check that the page list info is within the request. */
2280 if ( cbHGCMCall < sizeof (HGCMPageListInfo)
2281 || pGuestParm->u.PageList.offset > cbHGCMCall - sizeof (HGCMPageListInfo))
2282 {
2283 rc = VERR_INVALID_PARAMETER;
2284 break;
2285 }
2286
2287 /* At least the structure is within. */
2288 HGCMPageListInfo *pPageListInfo = (HGCMPageListInfo *)((uint8_t *)pHGCMCall + pGuestParm->u.PageList.offset);
2289
2290 uint32_t cbPageListInfo = sizeof (HGCMPageListInfo) + (pPageListInfo->cPages - 1) * sizeof (pPageListInfo->aPages[0]);
2291
2292 if ( pPageListInfo->cPages == 0
2293 || cbHGCMCall < pGuestParm->u.PageList.offset + cbPageListInfo)
2294 {
2295 rc = VERR_INVALID_PARAMETER;
2296 break;
2297 }
2298
2299 if (size > 0)
2300 {
2301 if (pPageListInfo->flags & VBOX_HGCM_F_PARM_DIRECTION_FROM_HOST)
2302 {
2303 /* Copy pHostParm->u.pointer.addr[pHostParm->u.pointer.size] to pages. */
2304 rc = vmmdevHGCMPageListWrite(pThis->pDevIns, pPageListInfo, pHostParm->u.pointer.addr, size);
2305 }
2306 else
2307 rc = VINF_SUCCESS;
2308 }
2309
2310 Log(("vmmdevHGCMCall: PageList guest parameter rc = %Rrc\n", rc));
2311 } break;
2312
2313 default:
2314 {
2315 /* This indicates that the guest request memory was corrupted. */
2316 rc = VERR_INVALID_PARAMETER;
2317 break;
2318 }
2319 }
2320 }
2321# ifdef VBOX_WITH_DTRACE
2322 idFunction = pHGCMCall->u32Function;
2323 idClient = pHGCMCall->u32ClientID;
2324# endif
2325 break;
2326 }
2327#endif /* VBOX_WITH_64_BITS_GUESTS */
2328 case VMMDevReq_HGCMConnect:
2329 {
2330 VMMDevHGCMConnect *pHGCMConnectCopy = (VMMDevHGCMConnect *)(pCmd+1);
2331
2332 /* save the client id in the guest request packet */
2333 VMMDevHGCMConnect *pHGCMConnect = (VMMDevHGCMConnect *)pHeader;
2334 pHGCMConnect->u32ClientID = pHGCMConnectCopy->u32ClientID;
2335 break;
2336 }
2337
2338 default:
2339 /* make gcc happy */
2340 break;
2341 }
2342 }
2343
2344 if (RT_FAILURE(rc))
2345 {
2346 /* Command is wrong. Return HGCM error result to the guest. */
2347 pHeader->result = rc;
2348 }
2349
2350 /* Mark request as processed. */
2351 pHeader->fu32Flags |= VBOX_HGCM_REQ_DONE;
2352
2353 /* Write back the request */
2354 PDMDevHlpPhysWrite(pThis->pDevIns, pCmd->GCPhys, pHeader, pCmd->cbSize);
2355
2356 /* Now, when the command was removed from the internal list, notify the guest. */
2357 VMMDevNotifyGuest (pThis, VMMDEV_EVENT_HGCM);
2358
2359 if ((uint8_t *)pHeader != &au8Prealloc[0])
2360 {
2361 /* Only if it was allocated from heap. */
2362 RTMemFree (pHeader);
2363 }
2364 }
2365
2366 /* Deallocate the command memory. */
2367 if (pCmd->paLinPtrs)
2368 {
2369 RTMemFree (pCmd->paLinPtrs);
2370 }
2371
2372 RTMemFree (pCmd);
2373
2374 VBOXDD_HGCMCALL_COMPLETED_DONE(pCmd, idFunction, idClient, result);
2375 return;
2376}
2377
2378DECLCALLBACK(void) hgcmCompleted (PPDMIHGCMPORT pInterface, int32_t result, PVBOXHGCMCMD pCmd)
2379{
2380 PVMMDEV pThis = RT_FROM_MEMBER(pInterface, VMMDevState, IHGCMPort);
2381
2382 VBOXDD_HGCMCALL_COMPLETED_REQ(pCmd, result);
2383
2384/** @todo no longer necessary to forward to EMT, but it might be more
2385 * efficient...? */
2386 /* Not safe to execute asynchronously; forward to EMT */
2387 int rc = VMR3ReqCallVoidNoWait(PDMDevHlpGetVM(pThis->pDevIns), VMCPUID_ANY,
2388 (PFNRT)hgcmCompletedWorker, 3, pInterface, result, pCmd);
2389 AssertRC(rc);
2390}
2391
2392/** @thread EMT */
2393int vmmdevHGCMSaveState(PVMMDEV pThis, PSSMHANDLE pSSM)
2394{
2395 /* Save information about pending requests.
2396 * Only GCPtrs are of interest.
2397 */
2398 int rc = VINF_SUCCESS;
2399
2400 LogFlowFunc(("\n"));
2401
2402 /* Compute how many commands are pending. */
2403 uint32_t cCmds = 0;
2404
2405 PVBOXHGCMCMD pIter = pThis->pHGCMCmdList;
2406
2407 while (pIter)
2408 {
2409 LogFlowFunc (("pIter %p\n", pIter));
2410 cCmds++;
2411 pIter = pIter->pNext;
2412 }
2413
2414 LogFlowFunc(("cCmds = %d\n", cCmds));
2415
2416 /* Save number of commands. */
2417 rc = SSMR3PutU32(pSSM, cCmds);
2418 AssertRCReturn(rc, rc);
2419
2420 if (cCmds > 0)
2421 {
2422 pIter = pThis->pHGCMCmdList;
2423
2424 while (pIter)
2425 {
2426 PVBOXHGCMCMD pNext = pIter->pNext;
2427
2428 LogFlowFunc (("Saving %RGp, size %d\n", pIter->GCPhys, pIter->cbSize));
2429
2430 /* GC physical address of the guest request. */
2431 rc = SSMR3PutGCPhys(pSSM, pIter->GCPhys);
2432 AssertRCReturn(rc, rc);
2433
2434 /* Request packet size */
2435 rc = SSMR3PutU32(pSSM, pIter->cbSize);
2436 AssertRCReturn(rc, rc);
2437
2438 /*
2439 * Version 9+: save complete information about commands.
2440 */
2441
2442 /* The type of the command. */
2443 rc = SSMR3PutU32(pSSM, (uint32_t)pIter->enmCmdType);
2444 AssertRCReturn(rc, rc);
2445
2446 /* Whether the command was cancelled by the guest. */
2447 rc = SSMR3PutBool(pSSM, pIter->fCancelled);
2448 AssertRCReturn(rc, rc);
2449
2450 /* Linear pointer parameters information. How many pointers. Always 0 if not a call command. */
2451 rc = SSMR3PutU32(pSSM, (uint32_t)pIter->cLinPtrs);
2452 AssertRCReturn(rc, rc);
2453
2454 if (pIter->cLinPtrs > 0)
2455 {
2456 /* How many pages for all linptrs in this command. */
2457 rc = SSMR3PutU32(pSSM, (uint32_t)pIter->cLinPtrPages);
2458 AssertRCReturn(rc, rc);
2459 }
2460
2461 int i;
2462 for (i = 0; i < pIter->cLinPtrs; i++)
2463 {
2464 /* Pointer to descriptions of linear pointers. */
2465 VBOXHGCMLINPTR *pLinPtr = &pIter->paLinPtrs[i];
2466
2467 /* Index of the parameter. */
2468 rc = SSMR3PutU32(pSSM, (uint32_t)pLinPtr->iParm);
2469 AssertRCReturn(rc, rc);
2470
2471 /* Offset in the first physical page of the region. */
2472 rc = SSMR3PutU32(pSSM, pLinPtr->offFirstPage);
2473 AssertRCReturn(rc, rc);
2474
2475 /* How many pages. */
2476 rc = SSMR3PutU32(pSSM, pLinPtr->cPages);
2477 AssertRCReturn(rc, rc);
2478
2479 uint32_t iPage;
2480 for (iPage = 0; iPage < pLinPtr->cPages; iPage++)
2481 {
2482 /* Array of the GC physical addresses for these pages.
2483 * It is assumed that the physical address of the locked resident
2484 * guest page does not change.
2485 */
2486 rc = SSMR3PutGCPhys(pSSM, pLinPtr->paPages[iPage]);
2487 AssertRCReturn(rc, rc);
2488 }
2489 }
2490
2491 /* A reserved field, will allow to extend saved data for a command. */
2492 rc = SSMR3PutU32(pSSM, 0);
2493 AssertRCReturn(rc, rc);
2494
2495 pIter = pNext;
2496 }
2497 }
2498
2499 /* A reserved field, will allow to extend saved data for VMMDevHGCM. */
2500 rc = SSMR3PutU32(pSSM, 0);
2501 AssertRCReturn(rc, rc);
2502
2503 return rc;
2504}
2505
2506/** @thread EMT(0) */
2507int vmmdevHGCMLoadState(PVMMDEV pThis, PSSMHANDLE pSSM, uint32_t uVersion)
2508{
2509 int rc = VINF_SUCCESS;
2510
2511 LogFlowFunc(("\n"));
2512
2513 /* Read how many commands were pending. */
2514 uint32_t cCmds = 0;
2515 rc = SSMR3GetU32(pSSM, &cCmds);
2516 AssertRCReturn(rc, rc);
2517
2518 LogFlowFunc(("cCmds = %d\n", cCmds));
2519
2520 if (uVersion < 9)
2521 {
2522 /* Only the guest physical address is saved. */
2523 while (cCmds--)
2524 {
2525 RTGCPHYS GCPhys;
2526 uint32_t cbSize;
2527
2528 rc = SSMR3GetGCPhys(pSSM, &GCPhys);
2529 AssertRCReturn(rc, rc);
2530
2531 rc = SSMR3GetU32(pSSM, &cbSize);
2532 AssertRCReturn(rc, rc);
2533
2534 LogFlowFunc (("Restoring %RGp size %x bytes\n", GCPhys, cbSize));
2535
2536 PVBOXHGCMCMD pCmd = (PVBOXHGCMCMD)RTMemAllocZ (sizeof (struct VBOXHGCMCMD));
2537 AssertReturn(pCmd, VERR_NO_MEMORY);
2538
2539 pCmd->enmCmdType = VBOXHGCMCMDTYPE_LOADSTATE; /* This marks the "old" saved command. */
2540
2541 vmmdevHGCMAddCommand (pThis, pCmd, GCPhys, cbSize, VBOXHGCMCMDTYPE_LOADSTATE);
2542 }
2543 }
2544 else
2545 {
2546 /*
2547 * Version 9+: Load complete information about commands.
2548 */
2549 uint32_t u32;
2550 bool f;
2551
2552 while (cCmds--)
2553 {
2554 RTGCPHYS GCPhys;
2555 uint32_t cbSize;
2556
2557 /* GC physical address of the guest request. */
2558 rc = SSMR3GetGCPhys(pSSM, &GCPhys);
2559 AssertRCReturn(rc, rc);
2560
2561 /* The request packet size */
2562 rc = SSMR3GetU32(pSSM, &cbSize);
2563 AssertRCReturn(rc, rc);
2564
2565 LogFlowFunc (("Restoring %RGp size %x bytes\n", GCPhys, cbSize));
2566
2567 /* For uVersion <= 12, this was the size of entire command.
2568 * Now the size is recalculated in vmmdevHGCMLoadStateDone.
2569 */
2570 if (uVersion <= 12)
2571 {
2572 rc = SSMR3Skip(pSSM, sizeof (uint32_t));
2573 AssertRCReturn(rc, rc);
2574 }
2575
2576 /* Allocate only VBOXHGCMCMD structure. vmmdevHGCMLoadStateDone will reallocate the command
2577 * with additional space for parameters and for pointer/pagelists buffer.
2578 */
2579 PVBOXHGCMCMD pCmd = (PVBOXHGCMCMD)RTMemAllocZ (sizeof (VBOXHGCMCMD));
2580 AssertReturn(pCmd, VERR_NO_MEMORY);
2581
2582 /* The type of the command. */
2583 rc = SSMR3GetU32(pSSM, &u32);
2584 AssertRCReturn(rc, rc);
2585 pCmd->enmCmdType = (VBOXHGCMCMDTYPE)u32;
2586
2587 /* Whether the command was cancelled by the guest. */
2588 rc = SSMR3GetBool(pSSM, &f);
2589 AssertRCReturn(rc, rc);
2590 pCmd->fCancelled = f;
2591
2592 /* Linear pointer parameters information. How many pointers. Always 0 if not a call command. */
2593 rc = SSMR3GetU32(pSSM, &u32);
2594 AssertRCReturn(rc, rc);
2595 pCmd->cLinPtrs = u32;
2596
2597 if (pCmd->cLinPtrs > 0)
2598 {
2599 /* How many pages for all linptrs in this command. */
2600 rc = SSMR3GetU32(pSSM, &u32);
2601 AssertRCReturn(rc, rc);
2602 pCmd->cLinPtrPages = u32;
2603
2604 pCmd->paLinPtrs = (VBOXHGCMLINPTR *)RTMemAllocZ ( sizeof (VBOXHGCMLINPTR) * pCmd->cLinPtrs
2605 + sizeof (RTGCPHYS) * pCmd->cLinPtrPages);
2606 AssertReturn(pCmd->paLinPtrs, VERR_NO_MEMORY);
2607
2608 RTGCPHYS *pPages = (RTGCPHYS *)((uint8_t *)pCmd->paLinPtrs + sizeof (VBOXHGCMLINPTR) * pCmd->cLinPtrs);
2609 int cPages = 0;
2610
2611 int i;
2612 for (i = 0; i < pCmd->cLinPtrs; i++)
2613 {
2614 /* Pointer to descriptions of linear pointers. */
2615 VBOXHGCMLINPTR *pLinPtr = &pCmd->paLinPtrs[i];
2616
2617 pLinPtr->paPages = pPages;
2618
2619 /* Index of the parameter. */
2620 rc = SSMR3GetU32(pSSM, &u32);
2621 AssertRCReturn(rc, rc);
2622 pLinPtr->iParm = u32;
2623
2624 /* Offset in the first physical page of the region. */
2625 rc = SSMR3GetU32(pSSM, &u32);
2626 AssertRCReturn(rc, rc);
2627 pLinPtr->offFirstPage = u32;
2628
2629 /* How many pages. */
2630 rc = SSMR3GetU32(pSSM, &u32);
2631 AssertRCReturn(rc, rc);
2632 pLinPtr->cPages = u32;
2633
2634 uint32_t iPage;
2635 for (iPage = 0; iPage < pLinPtr->cPages; iPage++)
2636 {
2637 /* Array of the GC physical addresses for these pages.
2638 * It is assumed that the physical address of the locked resident
2639 * guest page does not change.
2640 */
2641 RTGCPHYS GCPhysPage;
2642 rc = SSMR3GetGCPhys(pSSM, &GCPhysPage);
2643 AssertRCReturn(rc, rc);
2644
2645 /* Verify that the number of loaded pages is valid. */
2646 cPages++;
2647 if (cPages > pCmd->cLinPtrPages)
2648 {
2649 LogRel(("VMMDevHGCM load state failure: cPages %d, expected %d, ptr %d/%d\n",
2650 cPages, pCmd->cLinPtrPages, i, pCmd->cLinPtrs));
2651 return VERR_SSM_UNEXPECTED_DATA;
2652 }
2653
2654 *pPages++ = GCPhysPage;
2655 }
2656 }
2657 }
2658
2659 /* A reserved field, will allow to extend saved data for a command. */
2660 rc = SSMR3GetU32(pSSM, &u32);
2661 AssertRCReturn(rc, rc);
2662
2663 vmmdevHGCMAddCommand (pThis, pCmd, GCPhys, cbSize, VBOXHGCMCMDTYPE_LOADSTATE);
2664 }
2665
2666 /* A reserved field, will allow to extend saved data for VMMDevHGCM. */
2667 rc = SSMR3GetU32(pSSM, &u32);
2668 AssertRCReturn(rc, rc);
2669 }
2670
2671 return rc;
2672}
2673
2674/** @thread EMT */
2675int vmmdevHGCMLoadStateDone(PVMMDEV pThis)
2676{
2677 LogFlowFunc(("\n"));
2678
2679 /* Reissue pending requests. */
2680 PPDMDEVINS pDevIns = pThis->pDevIns;
2681
2682 int rc = vmmdevHGCMCmdListLock (pThis);
2683
2684 if (RT_SUCCESS (rc))
2685 {
2686 /* Start from the current list head and commands loaded from saved state.
2687 * New commands will be inserted at the list head, so they will not be seen by
2688 * this loop.
2689 *
2690 * Note: The list contains only VBOXHGCMCMD structures, place for HGCM parameters
2691 * and for data buffers has not been allocated.
2692 * Command handlers compute the command size and reallocate it before
2693 * resubmitting the command to HGCM services.
2694 * New commands will be inserted to the list.
2695 */
2696 PVBOXHGCMCMD pIter = pThis->pHGCMCmdList;
2697
2698 pThis->pHGCMCmdList = NULL; /* Reset the list. Saved commands will be processed and deallocated. */
2699
2700 while (pIter)
2701 {
2702 /* This will remove the command from the list if resubmitting fails. */
2703 bool fHGCMCalled = false;
2704
2705 LogFlowFunc (("pIter %p\n", pIter));
2706
2707 PVBOXHGCMCMD pNext = pIter->pNext;
2708
2709 PVBOXHGCMCMD pCmd = NULL; /* Resubmitted command. */
2710
2711 VMMDevHGCMRequestHeader *requestHeader = (VMMDevHGCMRequestHeader *)RTMemAllocZ (pIter->cbSize);
2712 Assert(requestHeader);
2713 if (requestHeader == NULL)
2714 return VERR_NO_MEMORY;
2715
2716 PDMDevHlpPhysRead(pDevIns, pIter->GCPhys, requestHeader, pIter->cbSize);
2717
2718 /* the structure size must be greater or equal to the header size */
2719 if (requestHeader->header.size < sizeof(VMMDevHGCMRequestHeader))
2720 {
2721 Log(("VMMDev request header size too small! size = %d\n", requestHeader->header.size));
2722 }
2723 else
2724 {
2725 /* check the version of the header structure */
2726 if (requestHeader->header.version != VMMDEV_REQUEST_HEADER_VERSION)
2727 {
2728 Log(("VMMDev: guest header version (0x%08X) differs from ours (0x%08X)\n", requestHeader->header.version, VMMDEV_REQUEST_HEADER_VERSION));
2729 }
2730 else
2731 {
2732 Log(("VMMDev request issued: %d, command type %d\n", requestHeader->header.requestType, pIter->enmCmdType));
2733
2734 /* Use the saved command type. Even if the guest has changed the memory already,
2735 * HGCM should see the same command as it was before saving state.
2736 */
2737 switch (pIter->enmCmdType)
2738 {
2739 case VBOXHGCMCMDTYPE_CONNECT:
2740 {
2741 if (requestHeader->header.size < sizeof(VMMDevHGCMConnect))
2742 {
2743 AssertMsgFailed(("VMMDevReq_HGCMConnect structure has invalid size!\n"));
2744 requestHeader->header.rc = VERR_INVALID_PARAMETER;
2745 }
2746 else if (!pThis->pHGCMDrv)
2747 {
2748 Log(("VMMDevReq_HGCMConnect HGCM Connector is NULL!\n"));
2749 requestHeader->header.rc = VERR_NOT_SUPPORTED;
2750 }
2751 else
2752 {
2753 VMMDevHGCMConnect *pHGCMConnect = (VMMDevHGCMConnect *)requestHeader;
2754
2755 Log(("VMMDevReq_HGCMConnect\n"));
2756
2757 requestHeader->header.rc = vmmdevHGCMConnectSaved (pThis, pHGCMConnect, pIter->GCPhys, &fHGCMCalled, pIter, &pCmd);
2758 }
2759 break;
2760 }
2761
2762 case VBOXHGCMCMDTYPE_DISCONNECT:
2763 {
2764 if (requestHeader->header.size < sizeof(VMMDevHGCMDisconnect))
2765 {
2766 AssertMsgFailed(("VMMDevReq_HGCMDisconnect structure has invalid size!\n"));
2767 requestHeader->header.rc = VERR_INVALID_PARAMETER;
2768 }
2769 else if (!pThis->pHGCMDrv)
2770 {
2771 Log(("VMMDevReq_HGCMDisconnect HGCM Connector is NULL!\n"));
2772 requestHeader->header.rc = VERR_NOT_SUPPORTED;
2773 }
2774 else
2775 {
2776 VMMDevHGCMDisconnect *pHGCMDisconnect = (VMMDevHGCMDisconnect *)requestHeader;
2777
2778 Log(("VMMDevReq_VMMDevHGCMDisconnect\n"));
2779 requestHeader->header.rc = vmmdevHGCMDisconnectSaved (pThis, pHGCMDisconnect, pIter->GCPhys, &fHGCMCalled, pIter, &pCmd);
2780 }
2781 break;
2782 }
2783
2784 case VBOXHGCMCMDTYPE_CALL:
2785 {
2786 if (requestHeader->header.size < sizeof(VMMDevHGCMCall))
2787 {
2788 AssertMsgFailed(("VMMDevReq_HGCMCall structure has invalid size!\n"));
2789 requestHeader->header.rc = VERR_INVALID_PARAMETER;
2790 }
2791 else if (!pThis->pHGCMDrv)
2792 {
2793 Log(("VMMDevReq_HGCMCall HGCM Connector is NULL!\n"));
2794 requestHeader->header.rc = VERR_NOT_SUPPORTED;
2795 }
2796 else
2797 {
2798 VMMDevHGCMCall *pHGCMCall = (VMMDevHGCMCall *)requestHeader;
2799
2800 Log(("VMMDevReq_HGCMCall: sizeof (VMMDevHGCMRequest) = %04X\n", sizeof (VMMDevHGCMCall)));
2801
2802 Log(("%.*Rhxd\n", requestHeader->header.size, requestHeader));
2803
2804#ifdef VBOX_WITH_64_BITS_GUESTS
2805 bool f64Bits = (requestHeader->header.requestType == VMMDevReq_HGCMCall64);
2806#else
2807 bool f64Bits = false;
2808#endif /* VBOX_WITH_64_BITS_GUESTS */
2809 requestHeader->header.rc = vmmdevHGCMCallSaved (pThis, pHGCMCall, pIter->GCPhys, requestHeader->header.size, f64Bits, &fHGCMCalled, pIter, &pCmd);
2810 }
2811 break;
2812 }
2813 case VBOXHGCMCMDTYPE_LOADSTATE:
2814 {
2815 /* Old saved state. */
2816 switch (requestHeader->header.requestType)
2817 {
2818 case VMMDevReq_HGCMConnect:
2819 {
2820 if (requestHeader->header.size < sizeof(VMMDevHGCMConnect))
2821 {
2822 AssertMsgFailed(("VMMDevReq_HGCMConnect structure has invalid size!\n"));
2823 requestHeader->header.rc = VERR_INVALID_PARAMETER;
2824 }
2825 else if (!pThis->pHGCMDrv)
2826 {
2827 Log(("VMMDevReq_HGCMConnect HGCM Connector is NULL!\n"));
2828 requestHeader->header.rc = VERR_NOT_SUPPORTED;
2829 }
2830 else
2831 {
2832 VMMDevHGCMConnect *pHGCMConnect = (VMMDevHGCMConnect *)requestHeader;
2833
2834 Log(("VMMDevReq_HGCMConnect\n"));
2835
2836 requestHeader->header.rc = vmmdevHGCMConnect (pThis, pHGCMConnect, pIter->GCPhys);
2837 }
2838 break;
2839 }
2840
2841 case VMMDevReq_HGCMDisconnect:
2842 {
2843 if (requestHeader->header.size < sizeof(VMMDevHGCMDisconnect))
2844 {
2845 AssertMsgFailed(("VMMDevReq_HGCMDisconnect structure has invalid size!\n"));
2846 requestHeader->header.rc = VERR_INVALID_PARAMETER;
2847 }
2848 else if (!pThis->pHGCMDrv)
2849 {
2850 Log(("VMMDevReq_HGCMDisconnect HGCM Connector is NULL!\n"));
2851 requestHeader->header.rc = VERR_NOT_SUPPORTED;
2852 }
2853 else
2854 {
2855 VMMDevHGCMDisconnect *pHGCMDisconnect = (VMMDevHGCMDisconnect *)requestHeader;
2856
2857 Log(("VMMDevReq_VMMDevHGCMDisconnect\n"));
2858 requestHeader->header.rc = vmmdevHGCMDisconnect (pThis, pHGCMDisconnect, pIter->GCPhys);
2859 }
2860 break;
2861 }
2862
2863#ifdef VBOX_WITH_64_BITS_GUESTS
2864 case VMMDevReq_HGCMCall64:
2865 case VMMDevReq_HGCMCall32:
2866#else
2867 case VMMDevReq_HGCMCall:
2868#endif /* VBOX_WITH_64_BITS_GUESTS */
2869 {
2870 if (requestHeader->header.size < sizeof(VMMDevHGCMCall))
2871 {
2872 AssertMsgFailed(("VMMDevReq_HGCMCall structure has invalid size!\n"));
2873 requestHeader->header.rc = VERR_INVALID_PARAMETER;
2874 }
2875 else if (!pThis->pHGCMDrv)
2876 {
2877 Log(("VMMDevReq_HGCMCall HGCM Connector is NULL!\n"));
2878 requestHeader->header.rc = VERR_NOT_SUPPORTED;
2879 }
2880 else
2881 {
2882 VMMDevHGCMCall *pHGCMCall = (VMMDevHGCMCall *)requestHeader;
2883
2884 Log(("VMMDevReq_HGCMCall: sizeof (VMMDevHGCMRequest) = %04X\n", sizeof (VMMDevHGCMCall)));
2885
2886 Log(("%.*Rhxd\n", requestHeader->header.size, requestHeader));
2887
2888#ifdef VBOX_WITH_64_BITS_GUESTS
2889 bool f64Bits = (requestHeader->header.requestType == VMMDevReq_HGCMCall64);
2890#else
2891 bool f64Bits = false;
2892#endif /* VBOX_WITH_64_BITS_GUESTS */
2893 requestHeader->header.rc = vmmdevHGCMCall (pThis, pHGCMCall, requestHeader->header.size, pIter->GCPhys, f64Bits);
2894 }
2895 break;
2896 }
2897 default:
2898 AssertMsgFailed(("Unknown request type %x during LoadState\n", requestHeader->header.requestType));
2899 LogRel(("VMMDEV: Ignoring unknown request type %x during LoadState\n", requestHeader->header.requestType));
2900 }
2901 } break;
2902
2903 default:
2904 AssertMsgFailed(("Unknown request type %x during LoadState\n", requestHeader->header.requestType));
2905 LogRel(("VMMDEV: Ignoring unknown request type %x during LoadState\n", requestHeader->header.requestType));
2906 }
2907 }
2908 }
2909
2910 if (pIter->enmCmdType == VBOXHGCMCMDTYPE_LOADSTATE)
2911 {
2912 /* Old saved state. */
2913
2914 /* Write back the request */
2915 PDMDevHlpPhysWrite(pDevIns, pIter->GCPhys, requestHeader, pIter->cbSize);
2916 RTMemFree(requestHeader);
2917 requestHeader = NULL;
2918 }
2919 else
2920 {
2921 if (!fHGCMCalled)
2922 {
2923 /* HGCM was not called. Return the error to the guest. Guest may try to repeat the call. */
2924 requestHeader->header.rc = VERR_TRY_AGAIN;
2925 requestHeader->fu32Flags |= VBOX_HGCM_REQ_DONE;
2926 }
2927
2928 /* Write back the request */
2929 PDMDevHlpPhysWrite(pDevIns, pIter->GCPhys, requestHeader, pIter->cbSize);
2930 RTMemFree(requestHeader);
2931 requestHeader = NULL;
2932
2933 if (!fHGCMCalled)
2934 {
2935 /* HGCM was not called. Deallocate the current command and then notify guest. */
2936 if (pCmd)
2937 {
2938 vmmdevHGCMRemoveCommand (pThis, pCmd);
2939
2940 if (pCmd->paLinPtrs != NULL)
2941 {
2942 RTMemFree(pCmd->paLinPtrs);
2943 }
2944
2945 RTMemFree(pCmd);
2946 pCmd = NULL;
2947 }
2948
2949 VMMDevNotifyGuest (pThis, VMMDEV_EVENT_HGCM);
2950 }
2951 }
2952
2953 /* Deallocate the saved command structure. */
2954 if (pIter->paLinPtrs != NULL)
2955 {
2956 RTMemFree(pIter->paLinPtrs);
2957 }
2958
2959 RTMemFree(pIter);
2960
2961 pIter = pNext;
2962 }
2963
2964 vmmdevHGCMCmdListUnlock (pThis);
2965 }
2966
2967 return rc;
2968}
2969
2970void vmmdevHGCMDestroy(PVMMDEV pThis)
2971{
2972 LogFlowFunc(("\n"));
2973
2974 PVBOXHGCMCMD pIter = pThis->pHGCMCmdList;
2975
2976 while (pIter)
2977 {
2978 PVBOXHGCMCMD pNext = pIter->pNext;
2979
2980 vmmdevHGCMRemoveCommand(pThis, pIter);
2981
2982 /* Deallocate the command memory. */
2983 RTMemFree(pIter->paLinPtrs);
2984 RTMemFree(pIter);
2985
2986 pIter = pNext;
2987 }
2988
2989 return;
2990}
Note: See TracBrowser for help on using the repository browser.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette