VirtualBox

Changeset 2027 in vbox for trunk/src/VBox/Devices/VMMDev


Ignore:
Timestamp:
Apr 11, 2007 1:12:07 PM (18 years ago)
Author:
vboxsync
Message:

Check types of HGCM commands.

Location:
trunk/src/VBox/Devices/VMMDev
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/VBox/Devices/VMMDev/VBoxDev.cpp

    r1681 r2027  
    953953            break;
    954954        }
    955 #endif
     955#endif /* VBOX_HGCM */
    956956
    957957        case VMMDevReq_VideoAccelEnable:
  • trunk/src/VBox/Devices/VMMDev/VMMDevHGCM.cpp

    r1687 r2027  
    3535#include "VMMDevHGCM.h"
    3636
     37typedef enum _VBOXHGCMCMDTYPE
     38{
     39    VBOXHGCMCMDTYPE_LOADSTATE,
     40    VBOXHGCMCMDTYPE_CONNECT,
     41    VBOXHGCMCMDTYPE_DISCONNECT,
     42    VBOXHGCMCMDTYPE_CALL,
     43    VBOXHGCMCMDTYPE_SizeHack = 0x7fffffff
     44} VBOXHGCMCMDTYPE;
     45
    3746/* Information about a linear ptr parameter. */
    3847typedef struct _VBOXHGCMLINPTR
     
    6069    struct VBOXHGCMCMD *pNext;
    6170    struct VBOXHGCMCMD *pPrev;
    62    
    63     /* GC ptr of the command header. */
     71
     72    /* The type of the command. */
     73    VBOXHGCMCMDTYPE enmCmdType;
     74
     75    /* GC pointer of the guest request. */
    6476    RTGCPHYS GCPtr;
    6577
    66     /* Pointer to guest request. */
     78    /* HC pointer to guest request. */
    6779    VMMDevHGCMRequestHeader *pHeader;
    6880
     
    90102}
    91103
    92 static int vmmdevHGCMAddCommand (VMMDevState *pVMMDevState, PVBOXHGCMCMD pCmd, RTGCPHYS GCPtr)
     104static int vmmdevHGCMAddCommand (VMMDevState *pVMMDevState, PVBOXHGCMCMD pCmd, RTGCPHYS GCPtr, VBOXHGCMCMDTYPE enmCmdType)
    93105{
    94106    /* PPDMDEVINS pDevIns = pVMMDevState->pDevIns; */
     
    111123        pVMMDevState->pHGCMCmdList = pCmd;
    112124       
     125        pCmd->enmCmdType = enmCmdType;
    113126        pCmd->GCPtr = GCPtr;
    114127
     
    274287    if (pCmd)
    275288    {
    276         vmmdevHGCMAddCommand (pVMMDevState, pCmd, GCPtr);
     289        vmmdevHGCMAddCommand (pVMMDevState, pCmd, GCPtr, VBOXHGCMCMDTYPE_CONNECT);
    277290
    278291        pCmd->pHeader = &pHGCMConnect->header;
     
    303316    if (pCmd)
    304317    {
    305         vmmdevHGCMAddCommand (pVMMDevState, pCmd, GCPtr);
     318        vmmdevHGCMAddCommand (pVMMDevState, pCmd, GCPtr, VBOXHGCMCMDTYPE_DISCONNECT);
    306319
    307320        pCmd->pHeader = &pHGCMDisconnect->header;
     
    531544    if (VBOX_SUCCESS (rc))
    532545    {
    533         vmmdevHGCMAddCommand (pVMMDevState, pCmd, GCPtr);
     546        vmmdevHGCMAddCommand (pVMMDevState, pCmd, GCPtr, VBOXHGCMCMDTYPE_CALL);
    534547
    535548        /* Pass the function call to HGCM connector for actual processing */
     
    549562}
    550563
     564static int vmmdevHGCMCmdVerify (PVBOXHGCMCMD pCmd)
     565{
     566    VMMDevHGCMRequestHeader *pHeader = pCmd->pHeader;
     567
     568    switch (pCmd->enmCmdType)
     569    {
     570        case VBOXHGCMCMDTYPE_CONNECT:
     571            if (pHeader->header.requestType == VMMDevReq_HGCMConnect) return VINF_SUCCESS;
     572            break;
     573
     574        case VBOXHGCMCMDTYPE_DISCONNECT:
     575            if (pHeader->header.requestType == VMMDevReq_HGCMDisconnect) return VINF_SUCCESS;
     576            break;
     577
     578        case VBOXHGCMCMDTYPE_CALL:
     579            if (pHeader->header.requestType == VMMDevReq_HGCMCall) return VINF_SUCCESS;
     580            break;
     581
     582        default:
     583            AssertFailed ();
     584    }
     585
     586    LogRel(("VMMDEV: Invalid HGCM command: pCmd->enmCmdType = 0x%08X, pHeader->header.requestType = 0x%08X\n",
     587          pCmd->enmCmdType, pHeader->header.requestType));
     588    return VERR_INVALID_PARAMETER;
     589}
     590
    551591#define PDMIHGCMPORT_2_VMMDEVSTATE(pInterface) ( (VMMDevState *) ((uintptr_t)pInterface - RT_OFFSETOF(VMMDevState, HGCMPort)) )
    552592
     
    563603        /* Setup return codes. */
    564604        pHeader->result = result;
    565 
    566         /* Update parameters and data buffers. */
    567 
    568         if (pHeader->header.requestType == VMMDevReq_HGCMCall)
    569         {
    570             VMMDevHGCMCall *pHGCMCall = (VMMDevHGCMCall *)pHeader;
    571 
    572             uint32_t cParms = pHGCMCall->cParms;
    573 
    574             HGCMFunctionParameter *pGuestParm = VMMDEV_HGCM_CALL_PARMS(pHGCMCall);
    575 
    576             VBOXHGCMSVCPARM *pHostParm = pCmd->paHostParms;
    577 
    578             uint32_t i;
    579             uint32_t iLinPtr = 0;
    580 
    581             for (i = 0; i < cParms; i++, pGuestParm++, pHostParm++)
     605       
     606        /* Verify the request type. */
     607        rc = vmmdevHGCMCmdVerify (pCmd);
     608
     609        if (VBOX_SUCCESS (rc))
     610        {
     611            /* Update parameters and data buffers. */
     612
     613            if (pHeader->header.requestType == VMMDevReq_HGCMCall)
    582614            {
    583                 switch (pGuestParm->type)
     615                VMMDevHGCMCall *pHGCMCall = (VMMDevHGCMCall *)pHeader;
     616
     617                uint32_t cParms = pHGCMCall->cParms;
     618
     619                HGCMFunctionParameter *pGuestParm = VMMDEV_HGCM_CALL_PARMS(pHGCMCall);
     620
     621                VBOXHGCMSVCPARM *pHostParm = pCmd->paHostParms;
     622
     623                uint32_t i;
     624                uint32_t iLinPtr = 0;
     625
     626                for (i = 0; i < cParms; i++, pGuestParm++, pHostParm++)
    584627                {
    585                     case VMMDevHGCMParmType_32bit:
     628                    switch (pGuestParm->type)
    586629                    {
    587                         pGuestParm->u.value32 = pHostParm->u.uint32;
    588                     } break;
    589 
    590                     case VMMDevHGCMParmType_64bit:
    591                     {
    592                         pGuestParm->u.value64 = pHostParm->u.uint64;
    593                     } break;
    594 
    595                     case VMMDevHGCMParmType_PhysAddr:
    596                     {
    597                         /* do nothing */
    598                     } break;
    599 
    600                     case VMMDevHGCMParmType_LinAddr_In:  /* In (read) */
    601                     case VMMDevHGCMParmType_LinAddr_Out: /* Out (write) */
    602                     case VMMDevHGCMParmType_LinAddr:     /* In & Out */
    603                     {
    604                         /* Copy buffer back to guest memory. */
    605                         uint32_t size = pGuestParm->u.Pointer.size;
    606 
    607                         if (size > 0 && pGuestParm->type != VMMDevHGCMParmType_LinAddr_In)
     630                        case VMMDevHGCMParmType_32bit:
    608631                        {
    609                             /* Use the saved page list. */
    610                             rc = vmmdevHGCMWriteLinPtr (pVMMDevState->pDevIns, i, pHostParm->u.pointer.addr, size, iLinPtr++, pCmd->paLinPtrs);
    611                             AssertReleaseRC(rc);
     632                            pGuestParm->u.value32 = pHostParm->u.uint32;
     633                        } break;
     634
     635                        case VMMDevHGCMParmType_64bit:
     636                        {
     637                            pGuestParm->u.value64 = pHostParm->u.uint64;
     638                        } break;
     639
     640                        case VMMDevHGCMParmType_PhysAddr:
     641                        {
     642                            /* do nothing */
     643                        } break;
     644
     645                        case VMMDevHGCMParmType_LinAddr_In:  /* In (read) */
     646                        case VMMDevHGCMParmType_LinAddr_Out: /* Out (write) */
     647                        case VMMDevHGCMParmType_LinAddr:     /* In & Out */
     648                        {
     649                            /* Copy buffer back to guest memory. */
     650                            uint32_t size = pGuestParm->u.Pointer.size;
     651
     652                            if (size > 0 && pGuestParm->type != VMMDevHGCMParmType_LinAddr_In)
     653                            {
     654                                /* Use the saved page list. */
     655                                rc = vmmdevHGCMWriteLinPtr (pVMMDevState->pDevIns, i, pHostParm->u.pointer.addr, size, iLinPtr++, pCmd->paLinPtrs);
     656                                AssertReleaseRC(rc);
     657                            }
     658                        } break;
     659
     660                        default:
     661                        {
     662                            /* This indicates that the guest request memory was corrupted. */
     663                            AssertReleaseMsgFailed(("hgcmCompleted: invalid parameter type %08X\n", pGuestParm->type));
    612664                        }
    613                     } break;
    614 
    615                     default:
    616                     {
    617                         /* This indicates that the guest request memory was corrupted. */
    618                         AssertReleaseMsgFailed(("hgcmCompleted: invalid parameter type %08X\n", pGuestParm->type));
    619665                    }
    620666                }
    621667            }
     668        }
     669        else
     670        {
     671            /* Return error to the guest. */
     672            pHeader->header.rc = rc;
    622673        }
    623674
     
    715766        AssertReturn(pCmd, VERR_NO_MEMORY);
    716767
    717         vmmdevHGCMAddCommand (pVMMDevState, pCmd, GCPtr);
     768        vmmdevHGCMAddCommand (pVMMDevState, pCmd, GCPtr, VBOXHGCMCMDTYPE_LOADSTATE);
    718769    }
    719770
Note: See TracChangeset for help on using the changeset viewer.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette