Changeset 40311 in vbox

Timestamp:

Mar 1, 2012 12:09:56 PM (13 years ago)

Author:

vboxsync

Message:

Additions/VBoxGuest: first drop of streams-based Solaris version, not yet tested or even compiled under Solaris.

Location:

trunk/src/VBox/Additions/common/VBoxGuest

Files:

• Makefile.kmk (modified) (1 diff)
• VBoxGuest-solaris-streams.c (copied) (copied from trunk/src/VBox/Additions/common/VBoxGuest/VBoxGuest-solaris.c ) (34 diffs)
• testcase (added)
• testcase/solaris.h (added)
• testcase/tstVBoxGuest-solaris.cpp (added)

trunk/src/VBox/Additions/common/VBoxGuest/Makefile.kmk

@@ -208 +208 @@
 endif
 
+if defined(VBOX_WITH_TESTCASES) && !defined(VBOX_ONLY_ADDITIONS) && !defined(VBOX_ONLY_SDK)
+ PROGRAMS += tstVBoxGuest-solaris
+ tstVBoxGuest-solaris_TEMPLATE = VBOXR3TSTEXE
+ tstVBoxGuest-solaris_SOURCES  = \
+        VBoxGuest-solaris-streams.c \
+        testcase/tstVBoxGuest-solaris.cpp
+ tstVBoxGuest-solaris_DEFS     = TESTCASE
+ tstVBoxGuest-solaris_LIBS     = $(LIB_RUNTIME)
+endif
+
 include $(KBUILD_PATH)/subfooter.kmk
 

trunk/src/VBox/Additions/common/VBoxGuest/VBoxGuest-solaris-streams.c

@@ -5 +5 @@
 
 /*
- * Copyright (C) 2007 Oracle Corporation
+ * Copyright (C) 2012 Oracle Corporation
  *
  * This file is part of VirtualBox Open Source Edition (OSE), as
@@ -17 +17 @@
 
 
-/*******************************************************************************
-*   Header Files                                                               *
-*******************************************************************************/
-#include <sys/conf.h>
-#include <sys/modctl.h>
-#include <sys/mutex.h>
-#include <sys/pci.h>
-#include <sys/stat.h>
-#include <sys/ddi.h>
-#include <sys/ddi_intr.h>
-#include <sys/sunddi.h>
-#include <sys/open.h>
-#include <sys/sunldi.h>
-#include <sys/file.h>
+/******************************************************************************
+*   Header Files                                                              *
+******************************************************************************/
+
+#ifndef TESTCASE
+# include <sys/conf.h>
+# include <sys/modctl.h>
+# include <sys/mutex.h>
+# include <sys/pci.h>
+# include <sys/stat.h>
+# include <sys/ddi.h>
+# include <sys/ddi_intr.h>
+# include <sys/sunddi.h>
+# include <sys/open.h>
+# include <sys/sunldi.h>
+# include <sys/file.h>
 #undef u /* /usr/include/sys/user.h:249:1 is where this is defined to (curproc->p_user). very cool. */
+#else  /* TESTCASE */
+# undef IN_RING3
+# define IN_RING0
+#endif  /* TESTCASE */
 
 #include "VBoxGuestInternal.h"
@@ -43 +49 @@
 #include <iprt/asm.h>
 
-
-/*******************************************************************************
-*   Defined Constants And Macros                                               *
-*******************************************************************************/
+#ifdef TESTCASE  /* Include this last as we . */
+# include "testcase/solaris.h"
+# include <iprt/test.h>
+#endif  /* TESTCASE */
+
+
+/******************************************************************************
+*   Defined Constants And Macros                                              *
+******************************************************************************/
+
 /** The module name. */
 #define DEVICE_NAME              "vboxguest"
@@ -53 +65 @@
 
 
-/*******************************************************************************
-*   Internal Functions                                                         *
-*******************************************************************************/
-static int VBoxGuestSolarisOpen(dev_t *pDev, int fFlag, int fType, cred_t *pCred);
-static int VBoxGuestSolarisClose(dev_t Dev, int fFlag, int fType, cred_t *pCred);
-static int VBoxGuestSolarisRead(dev_t Dev, struct uio *pUio, cred_t *pCred);
-static int VBoxGuestSolarisWrite(dev_t Dev, struct uio *pUio, cred_t *pCred);
-static int VBoxGuestSolarisIOCtl(dev_t Dev, int Cmd, intptr_t pArg, int Mode, cred_t *pCred, int *pVal);
-static int VBoxGuestSolarisPoll(dev_t Dev, short fEvents, int fAnyYet, short *pReqEvents, struct pollhead **ppPollHead);
-
-static int VBoxGuestSolarisGetInfo(dev_info_t *pDip, ddi_info_cmd_t enmCmd, void *pArg, void **ppResult);
-static int VBoxGuestSolarisAttach(dev_info_t *pDip, ddi_attach_cmd_t enmCmd);
-static int VBoxGuestSolarisDetach(dev_info_t *pDip, ddi_detach_cmd_t enmCmd);
-
-static int VBoxGuestSolarisAddIRQ(dev_info_t *pDip);
-static void VBoxGuestSolarisRemoveIRQ(dev_info_t *pDip);
-static uint_t VBoxGuestSolarisISR(caddr_t Arg);
-
-
-/*******************************************************************************
-*   Structures and Typedefs                                                    *
-*******************************************************************************/
-/**
- * cb_ops: for drivers that support char/block entry points
+/******************************************************************************
+*   Internal functions used in global structures                              *
+******************************************************************************/
+
+static int vboxGuestSolarisOpen(queue_t *pReadQueue, dev_t *pDev, int fFlag,
+                                int fMode, cred_t *pCred);
+static int vboxGuestSolarisClose(queue_t *pReadQueue, int fFlag, cred_t *pCred);
+static int vboxGuestSolarisWPut(queue_t *pWriteQueue, mblk_t *pMBlk);
+
+static int vboxGuestSolarisGetInfo(dev_info_t *pDip, ddi_info_cmd_t enmCmd, void *pArg, void **ppResult);
+static int vboxGuestSolarisAttach(dev_info_t *pDip, ddi_attach_cmd_t enmCmd);
+static int vboxGuestSolarisDetach(dev_info_t *pDip, ddi_detach_cmd_t enmCmd);
+
+
+/******************************************************************************
+*   Driver global structures                                                  *
+******************************************************************************/
+
+#ifndef TESTCASE  /* I see no value in including these. */
+
+/*
+ * mod_info: STREAMS module information.
+ */
+static struct module_info g_VBoxGuestSolarisModInfo =
+{
+    0x0ffff,                /* module id number */
+    "vboxguest",
+    0,                      /* minimum packet size */
+    INFPSZ,                 /* maximum packet size accepted */
+    512,                    /* high water mark for data flow control */
+    128                     /* low water mark */
+};
+
+/*
+ * rinit: read queue structure for handling messages coming from below.  In
+ * our case this means the host and the virtual hardware, so we do not need
+ * the put and service procedures.
+ */
+static struct qinit g_VBoxGuestSolarisRInit =
+{
+    NULL,                /* put */
+    NULL,                /* service thread procedure */
+    vboxGuestSolarisOpen,
+    vboxGuestSolarisClose,
+    NULL,                /* reserved */
+    &g_VBoxGuestSolarisModInfo,
+    NULL                 /* module statistics structure */
+};
+
+/* 
+ * winit: write queue structure for handling messages coming from above.  Above
+ * means user space applications: either Guest Additions user space tools or
+ * applications reading pointer input.  Messages from the last most likely pass
+ * through at least the "consms" console mouse streams module which multiplexes
+ * hardware pointer drivers to a single virtual pointer.
+ */
+static struct qinit g_VBoxGuestSolarisWInit =
+{
+    vboxGuestSolarisWPut,
+    NULL,                   /* service thread procedure */
+    NULL,                   /* open */
+    NULL,                   /* close */
+    NULL,                   /* reserved */
+    &g_VBoxGuestSolarisModInfo,
+    NULL                    /* module statistics structure */
+};
+
+/**
+ * streamtab: for drivers that support char/block entry points.
+ */
+static struct streamtab g_VBoxGuestSolarisStreamTab =
+{
+    &g_VBoxGuestSolarisRInit,
+    &g_VBoxGuestSolarisWInit,
+    NULL,                   /* MUX rinit */
+    NULL                    /* MUX winit */
+};
+
+/**
+ * cb_ops: for drivers that support char/block entry points.
  */
 static struct cb_ops g_VBoxGuestSolarisCbOps =
 {
-    VBoxGuestSolarisOpen,
-    VBoxGuestSolarisClose,
-    nodev,                  /* b strategy */
-    nodev,                  /* b dump */
-    nodev,                  /* b print */
-    VBoxGuestSolarisRead,
-    VBoxGuestSolarisWrite,
-    VBoxGuestSolarisIOCtl,
-    nodev,                  /* c devmap */
-    nodev,                  /* c mmap */
-    nodev,                  /* c segmap */
-    VBoxGuestSolarisPoll,
+    nulldev,                /* open */
+    nulldev,                /* close */
+    nulldev,                /* b strategy */
+    nulldev,                /* b dump */
+    nulldev,                /* b print */
+    nulldev,                /* c read */
+    nulldev,                /* c write */
+    nulldev,                /* c ioctl */
+    nulldev,                /* c devmap */
+    nulldev,                /* c mmap */
+    nulldev,                /* c segmap */
+    nochpoll,               /* c poll */
     ddi_prop_op,            /* property ops */
-    NULL,                   /* streamtab  */
+    g_VBoxGuestSolarisStreamTab,
     D_NEW | D_MP,           /* compat. flag */
-    CB_REV                  /* revision */
 };
 
 /**
- * dev_ops: for driver device operations
+ * dev_ops: for driver device operations.
  */
 static struct dev_ops g_VBoxGuestSolarisDevOps =
@@ -105 +172 @@
     DEVO_REV,               /* driver build revision */
     0,                      /* ref count */
-    VBoxGuestSolarisGetInfo,
+    vboxGuestSolarisGetInfo,
     nulldev,                /* identify */
     nulldev,                /* probe */
-    VBoxGuestSolarisAttach,
-    VBoxGuestSolarisDetach,
+    vboxGuestSolarisAttach,
+    vboxGuestSolarisDetach,
     nodev,                  /* reset */
     &g_VBoxGuestSolarisCbOps,
@@ -117 +184 @@
 
 /**
- * modldrv: export driver specifics to the kernel
+ * modldrv: export driver specifics to the kernel.
  */
 static struct modldrv g_VBoxGuestSolarisModule =
@@ -127 +194 @@
 
 /**
- * modlinkage: export install/remove/info to the kernel
+ * modlinkage: export install/remove/info to the kernel.
  */
 static struct modlinkage g_VBoxGuestSolarisModLinkage =
@@ -136 +203 @@
 };
 
+#else  /* TESTCASE */
+static void *g_VBoxGuestSolarisModLinkage;
+#endif  /* TESTCASE */
+
 /**
  * State info for each open file handle.
@@ -142 +213 @@
 {
     /** Pointer to the session handle. */
-    PVBOXGUESTSESSION       pSession;
-    /** The process reference for posting signals */
-    void                   *pvProcRef;
+    PVBOXGUESTSESSION  pSession;
+    /** The STREAMS write queue which we need for sending messages up to
+     * user-space. */
+    queue_t           *pWriteQueue;
+    /** Our minor number. */
+    unsigned           cMinor;
+    /* The current greatest horizontal pixel offset on the screen, used for
+     * absolute mouse position reporting.
+     */
+    unsigned           cMaxScreenX;
+    /* The current greatest vertical pixel offset on the screen, used for
+     * absolute mouse position reporting.
+     */
+    unsigned           cMaxScreenY;
 } vboxguest_state_t;
 
 
-/*******************************************************************************
-*   Global Variables                                                           *
-*******************************************************************************/
+/******************************************************************************
+*   Global Variables                                                          *
+******************************************************************************/
+
 /** Device handle (we support only one instance). */
 static dev_info_t          *g_pDip = NULL;
@@ -164 +247 @@
 static uint16_t             g_uIOPortBase;
 /** Address of the MMIO region.*/
-static caddr_t              g_pMMIOBase;
+static char                *g_pMMIOBase;  /* Actually caddr_t. */
 /** Size of the MMIO region. */
 static off_t                g_cbMMIO;
@@ -171 +254 @@
 /** Number of actually allocated interrupt handles */
 static size_t               g_cIntrAllocated;
-/** The pollhead structure */
-static pollhead_t           g_PollHead;
 /** The IRQ Mutex */
 static kmutex_t             g_IrqMtx;
-/** Layered device handle for kernel keep-attached opens */
-static ldi_handle_t         g_LdiHandle = NULL;
-/** Ref counting for IDCOpen calls */
-static uint64_t             g_cLdiOpens = 0;
-/** The Mutex protecting the LDI handle in IDC opens */
-static kmutex_t             g_LdiMtx;
-
-/**
- * Kernel entry points
- */
+/** Our global state.
+ * @todo Make this into an opaque pointer in the device extension structure.
+ * @todo Can't we make do without all these globals anyway?
+ */
+static vboxguest_state_t   *g_pState;
+
+
+/******************************************************************************
+*   Kernel entry points                                                       *
+******************************************************************************/
+
+/** Driver initialisation. */
 int _init(void)
 {
@@ -195 +278 @@
         PRTLOGGER pRelLogger;
         static const char * const s_apszGroups[] = VBOX_LOGGROUP_NAMES;
+        modctl_t *pModCtl;
+
         rc = RTLogCreate(&pRelLogger, 0 /* fFlags */, "all",
                          "VBOX_RELEASE_LOG", RT_ELEMENTS(s_apszGroups), s_apszGroups,
@@ -203 +288 @@
             cmn_err(CE_NOTE, "failed to initialize driver logging rc=%d!\n", rc);
 
-        mutex_init(&g_LdiMtx, NULL, MUTEX_DRIVER, NULL);
-
         /*
          * Prevent module autounloading.
          */
-        modctl_t *pModCtl = mod_getctl(&g_VBoxGuestSolarisModLinkage);
+        pModCtl = mod_getctl(&g_VBoxGuestSolarisModLinkage);
         if (pModCtl)
             pModCtl->mod_loadflags |= MOD_NOAUTOUNLOAD;
@@ -232 +315 @@
 
 
+#ifdef TESTCASE
+/* Nothing in these three really worth testing, plus we would have to stub
+ * around the IPRT log functions. */
+#endif
+
+
+/** Driver cleanup. */
 int _fini(void)
 {
+    int rc;
+
     LogFlow((DEVICE_NAME ":_fini\n"));
-    int rc = mod_remove(&g_VBoxGuestSolarisModLinkage);
+    rc = mod_remove(&g_VBoxGuestSolarisModLinkage);
     if (!rc)
         ddi_soft_state_fini(&g_pVBoxGuestSolarisState);
@@ -242 +334 @@
     RTLogDestroy(RTLogSetDefaultInstance(NULL));
 
-    mutex_destroy(&g_LdiMtx);
-
     RTR0Term();
     return rc;
@@ -249 +339 @@
 
 
+/** Driver identification. */
 int _info(struct modinfo *pModInfo)
 {
@@ -255 +346 @@
 }
 
+
+/******************************************************************************
+*   Main code                                                                 *
+******************************************************************************/
+
+/**
+ * Open callback for the read queue, which we use as a generic device open
+ * handler.
+ */
+int vboxGuestSolarisOpen(queue_t *pReadQueue, dev_t *pDev, int fFlag, int fMode,
+                         cred_t *pCred)
+{
+    int                 rc;
+    PVBOXGUESTSESSION   pSession = NULL;
+    vboxguest_state_t *pState = NULL;
+    unsigned cInstance;
+
+    NOREF(fFlag);
+    NOREF(pCred);
+    LogFlow((DEVICE_NAME "::Open\n"));
+
+    /*
+     * Sanity check on the mode parameter.
+     */
+    if (fMode)
+        return EINVAL;
+
+    for (cInstance = 0; cInstance < 4096; cInstance++)
+    {
+        if (    !ddi_get_soft_state(g_pVBoxGuestSolarisState, cInstance) /* faster */
+            &&  ddi_soft_state_zalloc(g_pVBoxGuestSolarisState, cInstance) == DDI_SUCCESS)
+        {
+            pState = ddi_get_soft_state(g_pVBoxGuestSolarisState, cInstance);
+            break;
+        }
+    }
+    if (!pState)
+    {
+        Log((DEVICE_NAME "::Open: too many open instances."));
+        return ENXIO;
+    }
+
+    /*
+     * Create a new session.
+     */
+    rc = VBoxGuestCreateUserSession(&g_DevExt, &pSession);
+    if (RT_SUCCESS(rc))
+    {
+        pState->pSession = pSession;
+        *pDev = makedevice(getmajor(*pDev), cInstance);
+        /* Initialise user data for the queues to our state and vice-versa. */
+        WR(pReadQueue)->q_ptr = (char *)pState;
+        pReadQueue->q_ptr = (char *)pState;
+        pState->pWriteQueue = WR(pReadQueue);
+        pState->cMinor = cInstance;
+        g_pState = pState;
+        qprocson(pState->pWriteQueue);
+        Log((DEVICE_NAME "::Open: pSession=%p pState=%p pid=%d\n", pSession, pState, (int)RTProcSelf()));
+        return 0;
+    }
+
+    /* Failed, clean up. */
+    ddi_soft_state_free(g_pVBoxGuestSolarisState, cInstance);
+
+    LogRel((DEVICE_NAME "::Open: VBoxGuestCreateUserSession failed. rc=%d\n", rc));
+    return EFAULT;
+}
+
+
+/**
+ * Close callback for the read queue, which we use as a generic device close
+ * handler.
+ */
+int vboxGuestSolarisClose(queue_t *pReadQueue, int fFlag, cred_t *pCred)
+{
+    PVBOXGUESTSESSION pSession = NULL;
+    vboxguest_state_t *pState = (vboxguest_state_t *)pReadQueue->q_ptr;
+
+    LogFlow((DEVICE_NAME "::Close pid=%d\n", (int)RTProcSelf()));
+    NOREF(fFlag);
+    NOREF(pCred);
+
+    if (!pState)
+    {
+        Log((DEVICE_NAME "::Close: failed to get pState.\n"));
+        return EFAULT;
+    }
+    qprocsoff(pState->pWriteQueue);
+    pState->pWriteQueue = NULL;
+    g_pState = NULL;
+    pReadQueue->q_ptr = NULL;
+
+    pSession = pState->pSession;
+    pState->pSession = NULL;
+    Log((DEVICE_NAME "::Close: pSession=%p pState=%p\n", pSession, pState));
+    ddi_soft_state_free(g_pVBoxGuestSolarisState, pState->cMinor);
+    if (!pSession)
+    {
+        Log((DEVICE_NAME "::Close: failed to get pSession.\n"));
+        return EFAULT;
+    }
+
+    /*
+     * Close the session.
+     */
+    VBoxGuestCloseSession(&g_DevExt, pSession);
+    return 0;
+}
+
+
+/* Helper for vboxGuestSolarisWPut. */
+static int vboxGuestSolarisDispatchIOCtl(queue_t *pWriteQueue, mblk_t *pMBlk);
+
+/**
+ * Handler for messages sent from above (user-space and upper modules) which
+ * land in our write queue.
+ */
+int vboxGuestSolarisWPut(queue_t *pWriteQueue, mblk_t *pMBlk)
+{
+    vboxguest_state_t *pState = (vboxguest_state_t *)pWriteQueue->q_ptr;
+    
+    LogFlowFunc(("\n"));
+    switch (pMBlk->b_datap->db_type)
+    {
+        case M_FLUSH:
+            /* Flush the write queue if so requested. */
+            if (*pMBlk->b_rptr & FLUSHW)
+                flushq(pWriteQueue, FLUSHDATA);
+
+            /* Flush the read queue if so requested. */
+            if (*pMBlk->b_rptr & FLUSHR)
+                flushq(RD(pWriteQueue), FLUSHDATA);
+
+            /* We have no one below us to pass the message on to. */
+            return 0;
+        /* M_IOCDATA is additional data attached to (at least) transparent
+         * IOCtls.  We handle the two together here and separate them further
+         * down. */
+        case M_IOCTL:
+        case M_IOCDATA:
+        {
+            int err = vboxGuestSolarisDispatchIOCtl(pWriteQueue, pMBlk);
+            if (!err)
+                qreply(pWriteQueue, pMBlk);
+            else
+                miocnak(pWriteQueue, pMBlk, 0, err);
+            break;
+        }
+    }
+    return 0;
+}
+
+
+/** Data transfer direction of an IOCtl.  This is used for describing
+ * transparent IOCtls, and @a UNSPECIFIED is not a valid value for them. */
+enum IOCTLDIRECTION
+{
+    /** This IOCtl transfers no data. */
+    NONE,
+    /** This IOCtl only transfers data from user to kernel. */
+    IN,
+    /** This IOCtl only transfers data from kernel to user. */
+    OUT,
+    /** This IOCtl transfers data from user to kernel and back. */
+    BOTH,
+    /** We aren't saying anything about how the IOCtl transfers data. */
+    UNSPECIFIED
+};
+
+/**
+ * IOCtl handler function.
+ * @returns 0 on success, error code on failure.
+ * @param cCmd      The IOCtl command number.
+ * @param pvData    Buffer for the user data.
+ * @param cbBuffer  Size of the buffer in @a pvData or zero.
+ * @param pcbData   Where to set the size of the data returned.  Required for
+ *                  handlers which return data.
+ * @param prc       Where to store the return code.  Default is zero.  Only
+ *                  used for IOCtls without data for convenience of
+ *                  implemention.
+ */
+typedef int FNVBOXGUESTSOLARISIOCTL(vboxguest_state_t *pState, int cCmd,
+                                    void *pvData, size_t cbBuffer,
+                                    size_t *pcbData, int *prc);
+typedef FNVBOXGUESTSOLARISIOCTL *PFNVBOXGUESTSOLARISIOCTL;
+
+/* Helpers for vboxGuestSolarisDispatchIOCtl. */
+static int vboxGuestSolarisHandleIOCtl(queue_t *pWriteQueue, mblk_t *pMBlk,
+                                       PFNVBOXGUESTSOLARISIOCTL pfnHandler,
+                                       int cCmd, size_t cbTransparent,
+                                       enum IOCTLDIRECTION enmDirection);
+static int vboxGuestSolarisVUIDIOCtl(vboxguest_state_t *pState, int cCmd,
+                                     void *pvData, size_t cbBuffer,
+                                     size_t *pcbData, int *prc);
+static int vboxGuestSolarisGuestIOCtl(vboxguest_state_t *pState, int cCmd,
+                                      void *pvData, size_t cbBuffer,
+                                      size_t *pcbData, int *prc);
+
+/** Table of supported VUID IOCtls. */
+struct
+{
+    /** The IOCtl number. */
+    int cCmd;
+    /** The size of the buffer which needs to be copied between user and kernel
+     * space, or zero if unknown (must be known for tranparent IOCtls). */
+    size_t cbBuffer;
+    /** The direction the buffer data needs to be copied.  This must be
+     * specified for transparent IOCtls. */
+    enum IOCTLDIRECTION enmDirection;
+} s_aVUIDIOCtlDescriptions[] =
+{
+   { VUIDGFORMAT,     sizeof(int),                  OUT         },
+   { VUIDSFORMAT,     0,                            NONE        },
+   { VUIDGADDR,       0,                            UNSPECIFIED },
+   { MSIOGETPARMS,    sizeof(Ms_parms),             OUT         },
+   { MSIOSETPARMS,    0,                            NONE        },
+   { MSIOSRESOLUTION, sizeof(Ms_screen_resolution), IN          },
+   { MSIOBUTTONS,     sizeof(int),                  OUT         },
+   { VUIDGWHEELCOUNT, sizeof(int),                  OUT         },
+   { VUIDGWHEELINFO,  0,                            UNSPECIFIED },
+   { VUIDGWHEELSTATE, 0,                            UNSPECIFIED },
+   { VUIDSWHEELSTATE, 0,                            UNSPECIFIED }
+};
+
+/**
+ * Handle a STREAMS IOCtl message for our driver on the write stream.  This
+ * function takes care of the IOCtl logic only and does not call qreply() or
+ * miocnak() at all - the caller must call these on success or failure
+ * respectively.
+ * @returns  0 on success or the IOCtl error code on failure.
+ * @param  pWriteQueue  pointer to the STREAMS write queue structure.
+ * @param  pMBlk        pointer to the STREAMS message block structure.
+ */
+static int vboxGuestSolarisDispatchIOCtl(queue_t *pWriteQueue, mblk_t *pMBlk)
+{
+    struct iocblk *pIOCBlk = (struct iocblk *)pMBlk->b_rptr;
+    int cCmd = pIOCBlk->ioc_cmd, cCmdType = (cCmd >> 8) & ~0xff;
+    size_t cbBuffer;
+    enum IOCTLDIRECTION enmDirection;
+
+    LogFlowFunc(("cCmdType=%c, cCmd=%d\n", cCmdType, cCmd));
+    switch (cCmdType)
+    {
+        case MSIOC:
+        case VUIOC:
+        {
+            unsigned i;
+            
+            for (i = 0; i < RT_ELEMENTS(s_aVUIDIOCtlDescriptions); ++i)
+                if (s_aVUIDIOCtlDescriptions[i].cCmd == cCmd)
+                {
+                    cbBuffer     = s_aVUIDIOCtlDescriptions[i].cbBuffer;
+                    enmDirection = s_aVUIDIOCtlDescriptions[i].enmDirection;
+                    return vboxGuestSolarisHandleIOCtl(pWriteQueue, pMBlk,
+                                                     vboxGuestSolarisVUIDIOCtl,
+                                                       cCmd, cbBuffer,
+                                                       enmDirection);
+                }
+            return EINVAL;
+        }
+        case 'V':
+            return vboxGuestSolarisHandleIOCtl(pWriteQueue, pMBlk,
+                                               vboxGuestSolarisGuestIOCtl,
+                                               cCmd, 0, UNSPECIFIED);
+        default:
+            return ENOTTY;
+    }
+}
+
+
+/* Helpers for vboxGuestSolarisHandleIOCtl. */
+static int vboxGuestSolarisHandleIOCtlData
+               (queue_t *pWriteQueue, mblk_t *pMBlk,
+                PFNVBOXGUESTSOLARISIOCTL pfnHandler, int cCmd,
+                size_t cbTransparent, enum IOCTLDIRECTION enmDirection);
+
+static int vboxGuestSolarisHandleTransparentIOCtl
+                (queue_t *pWriteQueue, mblk_t *pMBlk,
+                 PFNVBOXGUESTSOLARISIOCTL pfnHandler, int cCmd,
+                size_t cbTransparent, enum IOCTLDIRECTION enmDirection);
+
+static int vboxGuestSolarisHandleIStrIOCtl
+                (queue_t *pWriteQueue, mblk_t *pMBlk,
+                 PFNVBOXGUESTSOLARISIOCTL pfnHandler, int cCmd);
+
+/**
+ * Generic code for handling STREAMS-specific IOCtl logic and boilerplate.  It
+ * calls the IOCtl handler passed to it without the handler having to be aware
+ * of STREAMS structures, or whether this is a transparent (traditional) or an
+ * I_STR (using a STREAMS structure to describe the data) IOCtl.  With the
+ * caveat that we only support transparent IOCtls which pass all data in a
+ * single buffer of a fixed size (I_STR IOCtls are restricted to a single
+ * buffer anyway, but the caller can choose the buffer size).
+ * @returns  0 on success or the IOCtl error code on failure.
+ * @param  pWriteQueue    pointer to the STREAMS write queue structure.
+ * @param  pMBlk          pointer to the STREAMS message block structure.
+ * @param  pfnHandler     pointer to the right IOCtl handler function for this
+ *                        IOCtl number.
+ * @param  cCmd           IOCtl command number.
+ * @param  cbTransparent  size of the user space buffer for this IOCtl number,
+ *                        used for processing transparent IOCtls.  Pass zero
+ *                        for IOCtls with no maximum buffer size (which will
+ *                        not be able to be handled as transparent) or with
+ *                        no argument.
+ * @param  enmDirection   data transfer direction of the IOCtl.
+ */
+static int vboxGuestSolarisHandleIOCtl(queue_t *pWriteQueue, mblk_t *pMBlk,
+                                       PFNVBOXGUESTSOLARISIOCTL pfnHandler,
+                                       int cCmd, size_t cbTransparent,
+                                       enum IOCTLDIRECTION enmDirection)
+{
+    struct iocblk *pIOCBlk = (struct iocblk *)pMBlk->b_rptr;
+    vboxguest_state_t *pState = (vboxguest_state_t *)pWriteQueue->q_ptr;
+
+    if (pMBlk->b_datap->db_type == M_IOCDATA)
+        return vboxGuestSolarisHandleIOCtlData(pWriteQueue, pMBlk, pfnHandler,
+                                               cCmd, cbTransparent,
+                                               enmDirection);
+    else if (pIOCBlk->ioc_count == TRANSPARENT)
+        return vboxGuestSolarisHandleTransparentIOCtl(pWriteQueue, pMBlk,
+                                                      pfnHandler, cCmd,
+                                                      cbTransparent,
+                                                      enmDirection);
+    else
+        return vboxGuestSolarisHandleIStrIOCtl(pWriteQueue, pMBlk, pfnHandler,
+                                               cCmd);
+}
+
+
+/**
+ * Helper for vboxGuestSolarisHandleIOCtl.  This rather complicated-looking
+ * code is basically the standard boilerplate for handling any streams IOCtl
+ * additional data, which we currently only use for transparent IOCtls.
+ * @copydoc vboxGuestSolarisHandleIOCtl
+ */
+static int vboxGuestSolarisHandleIOCtlData(queue_t *pWriteQueue, mblk_t *pMBlk,
+                                           PFNVBOXGUESTSOLARISIOCTL pfnHandler,
+                                           int cCmd, size_t cbTransparent,
+                                           enum IOCTLDIRECTION enmDirection)
+{
+    struct copyresp *pCopyResp = (struct copyresp *)pMBlk->b_rptr;
+    struct iocblk   *pIOCBlk   = (struct iocblk *)pMBlk->b_rptr;
+    vboxguest_state_t *pState = (vboxguest_state_t *)pWriteQueue->q_ptr;
+
+    if (pCopyResp->cp_rval)
+    {
+        freemsg(pMBlk);
+        return EAGAIN;  /* cp_rval is a pointer but should be the error. */
+    }
+    if ((pCopyResp->cp_private && enmDirection == BOTH) || enmDirection == IN)
+    {
+        size_t cbBuffer = pIOCBlk->ioc_count, cbData = 0;
+        void *pvData = NULL;
+        int err;
+
+        if (cbData < cbTransparent)
+            return EINVAL;
+        if (!pMBlk->b_cont)
+            return EINVAL;
+        if (enmDirection == BOTH && !pCopyResp->cp_private)
+            return EINVAL;
+        pvData = pMBlk->b_cont->b_rptr;
+        err = pfnHandler(pState, cCmd, pvData, cbBuffer, &cbData, NULL);
+        if (!err && enmDirection == BOTH)
+            mcopyout(pMBlk, NULL, cbData, pCopyResp->cp_private, NULL);
+        else if (!err && enmDirection == IN)
+            miocack(pWriteQueue, pMBlk, 0, 0);
+        return err;
+    }
+    else
+    {
+        AssertReturn(enmDirection == OUT || enmDirection == BOTH, EINVAL);
+        miocack(pWriteQueue, pMBlk, 0, 0);
+        return 0;
+    }
+}
+
+/**
+ * Helper for vboxGuestSolarisHandleIOCtl.  This rather complicated-looking
+ * code is basically the standard boilerplate for handling transparent IOCtls,
+ * that is, IOCtls which are not re-packed inside STREAMS IOCtls.
+ * @copydoc vboxGuestSolarisHandleIOCtl
+ */
+int vboxGuestSolarisHandleTransparentIOCtl
+                (queue_t *pWriteQueue, mblk_t *pMBlk,
+                 PFNVBOXGUESTSOLARISIOCTL pfnHandler, int cCmd,
+                 size_t cbTransparent, enum IOCTLDIRECTION enmDirection)
+{
+    int err = 0, rc = 0;
+    size_t cbData = 0;
+    vboxguest_state_t *pState = (vboxguest_state_t *)pWriteQueue->q_ptr;
+
+    if (   (enmDirection != NONE && !pMBlk->b_cont)
+        || enmDirection == UNSPECIFIED)
+        return EINVAL;
+    if (enmDirection == IN || enmDirection == BOTH)
+    {
+        void *pUserAddr = NULL;
+        /* We only need state data if there is something to copy back. */
+        if (enmDirection == BOTH)
+            pUserAddr = *(void **)pMBlk->b_cont->b_rptr;
+            mcopyin(pMBlk, pUserAddr /* state data */, cbTransparent, NULL);
+        }
+        else if (enmDirection == OUT)
+    {
+        mblk_t *pMBlkOut = allocb(cbOut, BPRI_MED);
+        void *pvData;
+
+        if (!pMBlkOut)
+            return EAGAIN;
+        pvData = pMBlkOut->b_rptr;
+        err = pfnHandler(pState, cCmd, pvData, cbTransparent, &cbData, NULL);
+        if (!err)
+            mcopyout(pMBlk, NULL, cbData, NULL, pMBlkOut);
+        else
+            freemsg(pMBlkOut);
+    }
+    else
+    {
+        AssertReturn(enmDirection == NONE, EINVAL);
+        err = pfnHandler(pState, cCmd, NULL, 0, NULL, &rc);
+        if (!err)
+            miocack(pWriteQueue, pMBlk, 0, rc);
+    }
+    return err;
+}
+                 
+/**
+ * Helper for vboxGuestSolarisHandleIOCtl.  This rather complicated-looking
+ * code is basically the standard boilerplate for handling any streams IOCtl.
+ * @copydoc vboxGuestSolarisHandleIOCtl
+ */
+static int vboxGuestSolarisHandleIStrIOCtl(queue_t *pWriteQueue, mblk_t *pMBlk,
+                                           PFNVBOXGUESTSOLARISIOCTL pfnHandler,
+                                           int cCmd)
+{
+    struct iocblk *pIOCBlk = (struct iocblk *)pMBlk->b_rptr;
+    vboxguest_state_t *pState = (vboxguest_state_t *)pWriteQueue->q_ptr;
+    uint_t cbBuffer = pIOCBlk->ioc_count;
+    void *pvData = NULL;
+    int err, rc = 0;
+    size_t cbData = 0;
+    
+    if (cbBuffer && !pMBlk->b_cont)
+        return EINVAL;
+    /* Repack the whole buffer into a single message block if needed. */
+    if (cbBuffer)
+    {
+        err = miocpullup(pMBlk, cbBuffer);
+        if (err)
+            return err;
+        pvData = pMBlk->b_cont->b_rptr;
+    }
+    err = pfnHandler(pState, cCmd, pvData, cbBuffer, &cbData, &rc);
+    if (!err)
+        miocack(pWriteQueue, pMBlk, cbData, rc);
+    return err;
+}
+
+
+/**
+ * Handle a VUID input device IOCtl.
+ * @copydoc FNVBOXGUESTSOLARISIOCTL
+ */
+static int vboxGuestSolarisVUIDIOCtl(vboxguest_state_t *pState, int cCmd,
+                                     void *pvData, size_t cbBuffer,
+                                     size_t *pcbData, int *prc)
+{
+    LogFlowFunc((": " /* no '\n' */));
+    switch (cCmd)
+    {
+        case VUIDGFORMAT:
+        {
+            LogFlowFunc(("VUIDGFORMAT\n"));
+            AssertReturn(cbBuffer >= sizeof(int), EINVAL);
+            *(int *)pvData = VUID_FIRM_EVENT;
+            *pcbData = sizeof(int);
+            return 0;
+        }
+        case VUIDSFORMAT:
+            LogFlowFunc(("VUIDSFORMAT\n"));
+            /* We define our native format to be VUID_FIRM_EVENT, so there
+             * is nothing more to do and we exit here on success or on
+             * failure. */
+            return 0;
+        case VUIDGADDR:
+        case VUIDSADDR:
+            LogFlowFunc(("VUIDGADDR/VUIDSADDR\n"));
+            return ENOTTY;
+        case MSIOGETPARMS:
+        {
+            Ms_parms parms = { 0 };
+
+            LogFlowFunc(("MSIOGETPARMS\n"));
+            AssertReturn(cbBuffer >= sizeof(Ms_parms), EINVAL);
+            *(Ms_parms *)pvData = parms;
+            *pcbData = sizeof(Ms_parms);
+            return 0;
+        }
+        case MSIOSETPARMS:
+            LogFlowFunc(("MSIOSETPARMS\n"));
+            return 0;
+        case MSIOSRESOLUTION:
+        {
+            Ms_screen_resolution *pResolution = (Ms_screen_resolution *)pvData;
+            LogFlowFunc(("MSIOSRESOLUTION\n"));
+            AssertReturn(cbBuffer >= sizeof(Ms_screen_resolution), EINVAL);
+            pState->cMaxScreenX = pResolution->width  - 1;
+            pState->cMaxScreenY = pResolution->height - 1;
+            return 0;
+        }
+        case MSIOBUTTONS:
+        {
+            LogFlowFunc(("MSIOBUTTONS\n"));
+            AssertReturn(cbBuffer >= sizeof(int), EINVAL);
+            *(int *)pvData = 0;
+            *pcbData = sizeof(int);
+            return 0;
+        }
+        case VUIDGWHEELCOUNT:
+        {
+            LogFlowFunc(("VUIDGWHEELCOUNT\n"));
+            AssertReturn(cbBuffer >= sizeof(int), EINVAL);
+            *(int *)pvData = 0;
+            *pcbData = sizeof(int);
+            return 0;
+        }
+        case VUIDGWHEELINFO:
+        case VUIDGWHEELSTATE:
+        case VUIDSWHEELSTATE:
+            LogFlowFunc(("VUIDGWHEELINFO/VUIDGWHEELSTATE/VUIDSWHEELSTATE\n"));
+            return EINVAL;
+        default:
+            LogFlowFunc(("Invalid IOCtl command %x\n", cCmd));
+            return EINVAL;
+    }
+}
+
+
+/**
+ * Handle a VBoxGuest IOCtl.
+ * @copydoc FNVBOXGUESTSOLARISIOCTL
+ */
+static int vboxGuestSolarisGuestIOCtl(vboxguest_state_t *pState, int cCmd,
+                                      void *pvData, size_t cbBuffer,
+                                      size_t *pcbData, int *prc)
+{
+    int rc = VBoxGuestCommonIOCtl(cCmd, &g_DevExt, pState->pSession, pvData, cbBuffer, pcbData);
+    if (RT_SUCCESS(rc))
+    {
+        *prc = rc;
+        return 0;
+    }
+    else
+    {
+        /*
+         * We Log() instead of LogRel() here because VBOXGUEST_IOCTL_WAITEVENT can return VERR_TIMEOUT,
+         * VBOXGUEST_IOCTL_CANCEL_ALL_EVENTS can return VERR_INTERRUPTED and possibly more in the future;
+         * which are not really failures that require logging.
+         */
+        Log((DEVICE_NAME "::IOCtl: VBoxGuestCommonIOCtl failed. Cmd=%#x rc=%d\n", cCmd, rc));
+        rc = RTErrConvertToErrno(rc);
+        return rc;
+    }
+}
+
+
+/**
+ * Info entry point, called by solaris kernel for obtaining driver info.
+ *
+ * @param   pDip            The module structure instance (do not use).
+ * @param   enmCmd          Information request type.
+ * @param   pvArg           Type specific argument.
+ * @param   ppvResult       Where to store the requested info.
+ *
+ * @return  corresponding solaris error code.
+ */
+int vboxGuestSolarisGetInfo(dev_info_t *pDip, ddi_info_cmd_t enmCmd,
+                            void *pvArg, void **ppvResult)
+{
+    int rc = DDI_SUCCESS;
+
+    LogFlow((DEVICE_NAME "::GetInfo\n"));
+    switch (enmCmd)
+    {
+        case DDI_INFO_DEVT2DEVINFO:
+            *ppvResult = (void *)g_pDip;
+            break;
+
+        case DDI_INFO_DEVT2INSTANCE:
+            *ppvResult = (void *)(uintptr_t)ddi_get_instance(g_pDip);
+            break;
+
+        default:
+            rc = DDI_FAILURE;
+            break;
+    }
+
+    NOREF(pvArg);
+    return rc;
+}
+
+
+/* Helpers for vboxGuestSolarisAttach and vboxGuestSolarisDetach. */
+static int vboxGuestSolarisAddIRQ(dev_info_t *pDip);
+static void vboxGuestSolarisRemoveIRQ(dev_info_t *pDip);
 
 /**
@@ -264 +961 @@
  * @return  corresponding solaris error code.
  */
-static int VBoxGuestSolarisAttach(dev_info_t *pDip, ddi_attach_cmd_t enmCmd)
+int vboxGuestSolarisAttach(dev_info_t *pDip, ddi_attach_cmd_t enmCmd)
 {
     LogFlow((DEVICE_NAME "::Attach\n"));
@@ -271 +968 @@
         case DDI_ATTACH:
         {
+            int instance, rc;
+            ddi_acc_handle_t PciHandle;
+
             if (g_pDip)
             {
@@ -276 +976 @@
                 return DDI_FAILURE;
             }
-
-            int instance = ddi_get_instance(pDip);
+            instance = ddi_get_instance(pDip);
 
             /*
              * Enable resources for PCI access.
              */
-            ddi_acc_handle_t PciHandle;
-            int rc = pci_config_setup(pDip, &PciHandle);
+            rc = pci_config_setup(pDip, &PciHandle);
             if (rc == DDI_SUCCESS)
             {
@@ -289 +987 @@
                  * Map the register address space.
                  */
-                caddr_t baseAddr;
+                char *baseAddr;  /* Actually caddr_t. */
                 ddi_device_acc_attr_t deviceAttr;
                 deviceAttr.devacc_attr_version = DDI_DEVICE_ATTR_V0;
@@ -312 +1010 @@
                              * Add IRQ of VMMDev.
                              */
-                            rc = VBoxGuestSolarisAddIRQ(pDip);
+                            rc = vboxGuestSolarisAddIRQ(pDip);
                             if (rc == DDI_SUCCESS)
                             {
@@ -318 +1016 @@
                                  * Call the common device extension initializer.
                                  */
-                                rc = VBoxGuestInitDevExt(&g_DevExt, g_uIOPortBase, g_pMMIOBase, g_cbMMIO,
 #if ARCH_BITS == 64
-                                                         VBOXOSTYPE_Solaris_x64,
+# define VBOXGUEST_OS_TYPE VBOXOSTYPE_Solaris_x64
 #else
-                                                         VBOXOSTYPE_Solaris,
+# define VBOXGUEST_OS_TYPE VBOXOSTYPE_Solaris
 #endif
-                                                         VMMDEV_EVENT_MOUSE_POSITION_CHANGED);
+                                rc = VBoxGuestInitDevExt(&g_DevExt,
+                                                         g_uIOPortBase,
+                                                         g_pMMIOBase, g_cbMMIO,
+                                                         VBOXGUEST_OS_TYPE,
+                                          VMMDEV_EVENT_MOUSE_POSITION_CHANGED);
+#undef VBOXGUEST_OS_TYPE
                                 if (RT_SUCCESS(rc))
                                 {
@@ -340 +1042 @@
                                 else
                                     LogRel((DEVICE_NAME "::Attach: VBoxGuestInitDevExt failed.\n"));
-                                VBoxGuestSolarisRemoveIRQ(pDip);
+                                vboxGuestSolarisRemoveIRQ(pDip);
                             }
                             else
-                                LogRel((DEVICE_NAME "::Attach: VBoxGuestSolarisAddIRQ failed.\n"));
+                                LogRel((DEVICE_NAME "::Attach: vboxGuestSolarisAddIRQ failed.\n"));
                             ddi_regs_map_free(&g_PciMMIOHandle);
                         }
@@ -382 +1084 @@
  * @return  corresponding solaris error code.
  */
-static int VBoxGuestSolarisDetach(dev_info_t *pDip, ddi_detach_cmd_t enmCmd)
+int vboxGuestSolarisDetach(dev_info_t *pDip, ddi_detach_cmd_t enmCmd)
 {
     LogFlow((DEVICE_NAME "::Detach\n"));
@@ -389 +1091 @@
         case DDI_DETACH:
         {
-            VBoxGuestSolarisRemoveIRQ(pDip);
+            vboxGuestSolarisRemoveIRQ(pDip);
             ddi_regs_map_free(&g_PciIOHandle);
             ddi_regs_map_free(&g_PciMMIOHandle);
@@ -410 +1112 @@
 
 
-/**
- * Info entry point, called by solaris kernel for obtaining driver info.
- *
- * @param   pDip            The module structure instance (do not use).
- * @param   enmCmd          Information request type.
- * @param   pvArg           Type specific argument.
- * @param   ppvResult       Where to store the requested info.
- *
- * @return  corresponding solaris error code.
- */
-static int VBoxGuestSolarisGetInfo(dev_info_t *pDip, ddi_info_cmd_t enmCmd, void *pvArg, void **ppvResult)
-{
-    LogFlow((DEVICE_NAME "::GetInfo\n"));
-
-    int rc = DDI_SUCCESS;
-    switch (enmCmd)
-    {
-        case DDI_INFO_DEVT2DEVINFO:
-            *ppvResult = (void *)g_pDip;
-            break;
-
-        case DDI_INFO_DEVT2INSTANCE:
-            *ppvResult = (void *)(uintptr_t)ddi_get_instance(g_pDip);
-            break;
-
-        default:
-            rc = DDI_FAILURE;
-            break;
-    }
-
-    NOREF(pvArg);
-    return rc;
-}
-
-
-/**
- * User context entry points
- */
-static int VBoxGuestSolarisOpen(dev_t *pDev, int fFlag, int fType, cred_t *pCred)
-{
-    int                 rc;
-    PVBOXGUESTSESSION   pSession = NULL;
-
-    LogFlow((DEVICE_NAME "::Open\n"));
-
-    /*
-     * Verify we are being opened as a character device.
-     */
-    if (fType != OTYP_CHR)
-        return EINVAL;
-
-    vboxguest_state_t *pState = NULL;
-    unsigned iOpenInstance;
-    for (iOpenInstance = 0; iOpenInstance < 4096; iOpenInstance++)
-    {
-        if (    !ddi_get_soft_state(g_pVBoxGuestSolarisState, iOpenInstance) /* faster */
-            &&  ddi_soft_state_zalloc(g_pVBoxGuestSolarisState, iOpenInstance) == DDI_SUCCESS)
-        {
-            pState = ddi_get_soft_state(g_pVBoxGuestSolarisState, iOpenInstance);
-            break;
-        }
-    }
-    if (!pState)
-    {
-        Log((DEVICE_NAME "::Open: too many open instances."));
-        return ENXIO;
-    }
-
-    /*
-     * Create a new session.
-     */
-    rc = VBoxGuestCreateUserSession(&g_DevExt, &pSession);
-    if (RT_SUCCESS(rc))
-    {
-        pState->pvProcRef = proc_ref();
-        pState->pSession = pSession;
-        *pDev = makedevice(getmajor(*pDev), iOpenInstance);
-        Log((DEVICE_NAME "::Open: pSession=%p pState=%p pid=%d\n", pSession, pState, (int)RTProcSelf()));
-        return 0;
-    }
-
-    /* Failed, clean up. */
-    ddi_soft_state_free(g_pVBoxGuestSolarisState, iOpenInstance);
-
-    LogRel((DEVICE_NAME "::Open: VBoxGuestCreateUserSession failed. rc=%d\n", rc));
-    return EFAULT;
-}
-
-
-static int VBoxGuestSolarisClose(dev_t Dev, int flag, int fType, cred_t *pCred)
-{
-    LogFlow((DEVICE_NAME "::Close pid=%d\n", (int)RTProcSelf()));
-
-    PVBOXGUESTSESSION pSession = NULL;
-    vboxguest_state_t *pState = ddi_get_soft_state(g_pVBoxGuestSolarisState, getminor(Dev));
-    if (!pState)
-    {
-        Log((DEVICE_NAME "::Close: failed to get pState.\n"));
-        return EFAULT;
-    }
-
-    proc_unref(pState->pvProcRef);
-    pSession = pState->pSession;
-    pState->pSession = NULL;
-    Log((DEVICE_NAME "::Close: pSession=%p pState=%p\n", pSession, pState));
-    ddi_soft_state_free(g_pVBoxGuestSolarisState, getminor(Dev));
-    if (!pSession)
-    {
-        Log((DEVICE_NAME "::Close: failed to get pSession.\n"));
-        return EFAULT;
-    }
-
-    /*
-     * Close the session.
-     */
-    VBoxGuestCloseSession(&g_DevExt, pSession);
-    return 0;
-}
-
-
-static int VBoxGuestSolarisRead(dev_t Dev, struct uio *pUio, cred_t *pCred)
-{
-    LogFlow((DEVICE_NAME "::Read\n"));
-
-    vboxguest_state_t *pState = ddi_get_soft_state(g_pVBoxGuestSolarisState, getminor(Dev));
-    if (!pState)
-    {
-        Log((DEVICE_NAME "::Close: failed to get pState.\n"));
-        return EFAULT;
-    }
-
-    PVBOXGUESTSESSION pSession = pState->pSession;
-    uint32_t u32CurSeq = ASMAtomicUoReadU32(&g_DevExt.u32MousePosChangedSeq);
-    if (pSession->u32MousePosChangedSeq != u32CurSeq)
-        pSession->u32MousePosChangedSeq = u32CurSeq;
-
-    return 0;
-}
-
-
-static int VBoxGuestSolarisWrite(dev_t Dev, struct uio *pUio, cred_t *pCred)
-{
-    LogFlow((DEVICE_NAME "::Write\n"));
-    return 0;
-}
-
-
-/** @def IOCPARM_LEN
- * Gets the length from the ioctl number.
- * This is normally defined by sys/ioccom.h on BSD systems...
- */
-#ifndef IOCPARM_LEN
-# define IOCPARM_LEN(Code)                      (((Code) >> 16) & IOCPARM_MASK)
-#endif
-
-
-/**
- * Driver ioctl, an alternate entry point for this character driver.
- *
- * @param   Dev             Device number
- * @param   Cmd             Operation identifier
- * @param   pArg            Arguments from user to driver
- * @param   Mode            Information bitfield (read/write, address space etc.)
- * @param   pCred           User credentials
- * @param   pVal            Return value for calling process.
- *
- * @return  corresponding solaris error code.
- */
-static int VBoxGuestSolarisIOCtl(dev_t Dev, int Cmd, intptr_t pArg, int Mode, cred_t *pCred, int *pVal)
-{
-    LogFlow((DEVICE_NAME ":VBoxGuestSolarisIOCtl\n"));
-
-    /*
-     * Get the session from the soft state item.
-     */
-    vboxguest_state_t *pState = ddi_get_soft_state(g_pVBoxGuestSolarisState, getminor(Dev));
-    if (!pState)
-    {
-        LogRel((DEVICE_NAME "::IOCtl: no state data for %d\n", getminor(Dev)));
-        return EINVAL;
-    }
-
-    PVBOXGUESTSESSION pSession = pState->pSession;
-    if (!pSession)
-    {
-        LogRel((DEVICE_NAME "::IOCtl: no session data for %d\n", getminor(Dev)));
-        return EINVAL;
-    }
-
-    /*
-     * Read and validate the request wrapper.
-     */
-    VBGLBIGREQ ReqWrap;
-    if (IOCPARM_LEN(Cmd) != sizeof(ReqWrap))
-    {
-        LogRel((DEVICE_NAME "::IOCtl: bad request %#x size=%d expected=%d\n", Cmd, IOCPARM_LEN(Cmd), sizeof(ReqWrap)));
-        return ENOTTY;
-    }
-
-    int rc = ddi_copyin((void *)pArg, &ReqWrap, sizeof(ReqWrap), Mode);
-    if (RT_UNLIKELY(rc))
-    {
-        LogRel((DEVICE_NAME "::IOCtl: ddi_copyin failed to read header pArg=%p Cmd=%d. rc=%#x.\n", pArg, Cmd, rc));
-        return EINVAL;
-    }
-
-    if (ReqWrap.u32Magic != VBGLBIGREQ_MAGIC)
-    {
-        LogRel((DEVICE_NAME "::IOCtl: bad magic %#x; pArg=%p Cmd=%#x.\n", ReqWrap.u32Magic, pArg, Cmd));
-        return EINVAL;
-    }
-    if (RT_UNLIKELY(ReqWrap.cbData > _1M*16))
-    {
-        LogRel((DEVICE_NAME "::IOCtl: bad size %#x; pArg=%p Cmd=%#x.\n", ReqWrap.cbData, pArg, Cmd));
-        return EINVAL;
-    }
-
-    /*
-     * Read the request payload if any; requests like VBOXGUEST_IOCTL_CANCEL_ALL_WAITEVENTS have no data payload.
-     */
-    void *pvBuf = NULL;
-    if (RT_LIKELY(ReqWrap.cbData > 0))
-    {
-        pvBuf = RTMemTmpAlloc(ReqWrap.cbData);
-        if (RT_UNLIKELY(!pvBuf))
-        {
-            LogRel((DEVICE_NAME "::IOCtl: RTMemTmpAlloc failed to alloc %d bytes.\n", ReqWrap.cbData));
-            return ENOMEM;
-        }
-
-        rc = ddi_copyin((void *)(uintptr_t)ReqWrap.pvDataR3, pvBuf, ReqWrap.cbData, Mode);
-        if (RT_UNLIKELY(rc))
-        {
-            RTMemTmpFree(pvBuf);
-            LogRel((DEVICE_NAME "::IOCtl: ddi_copyin failed; pvBuf=%p pArg=%p Cmd=%d. rc=%d\n", pvBuf, pArg, Cmd, rc));
-            return EFAULT;
-        }
-        if (RT_UNLIKELY(!VALID_PTR(pvBuf)))
-        {
-            RTMemTmpFree(pvBuf);
-            LogRel((DEVICE_NAME "::IOCtl: pvBuf invalid pointer %p\n", pvBuf));
-            return EINVAL;
-        }
-    }
-    Log((DEVICE_NAME "::IOCtl: pSession=%p pid=%d.\n", pSession, (int)RTProcSelf()));
-
-    /*
-     * Process the IOCtl.
-     */
-    size_t cbDataReturned = 0;
-    rc = VBoxGuestCommonIOCtl(Cmd, &g_DevExt, pSession, pvBuf, ReqWrap.cbData, &cbDataReturned);
-    if (RT_SUCCESS(rc))
-    {
-        rc = 0;
-        if (RT_UNLIKELY(cbDataReturned > ReqWrap.cbData))
-        {
-            LogRel((DEVICE_NAME "::IOCtl: too much output data %d expected %d\n", cbDataReturned, ReqWrap.cbData));
-            cbDataReturned = ReqWrap.cbData;
-        }
-        if (cbDataReturned > 0)
-        {
-            rc = ddi_copyout(pvBuf, (void *)(uintptr_t)ReqWrap.pvDataR3, cbDataReturned, Mode);
-            if (RT_UNLIKELY(rc))
-            {
-                LogRel((DEVICE_NAME "::IOCtl: ddi_copyout failed; pvBuf=%p pArg=%p cbDataReturned=%u Cmd=%d. rc=%d\n",
-                        pvBuf, pArg, cbDataReturned, Cmd, rc));
-                rc = EFAULT;
-            }
-        }
-    }
-    else
-    {
-        /*
-         * We Log() instead of LogRel() here because VBOXGUEST_IOCTL_WAITEVENT can return VERR_TIMEOUT,
-         * VBOXGUEST_IOCTL_CANCEL_ALL_EVENTS can return VERR_INTERRUPTED and possibly more in the future;
-         * which are not really failures that require logging.
-         */
-        Log((DEVICE_NAME "::IOCtl: VBoxGuestCommonIOCtl failed. Cmd=%#x rc=%d\n", Cmd, rc));
-        rc = RTErrConvertToErrno(rc);
-    }
-    *pVal = rc;
-    if (pvBuf)
-        RTMemTmpFree(pvBuf);
-    return rc;
-}
-
-
-static int VBoxGuestSolarisPoll(dev_t Dev, short fEvents, int fAnyYet, short *pReqEvents, struct pollhead **ppPollHead)
-{
-    LogFlow((DEVICE_NAME "::Poll: fEvents=%d fAnyYet=%d\n", fEvents, fAnyYet));
-
-    vboxguest_state_t *pState = ddi_get_soft_state(g_pVBoxGuestSolarisState, getminor(Dev));
-    if (RT_LIKELY(pState))
-    {
-        PVBOXGUESTSESSION pSession  = (PVBOXGUESTSESSION)pState->pSession;
-        uint32_t u32CurSeq = ASMAtomicUoReadU32(&g_DevExt.u32MousePosChangedSeq);
-        if (pSession->u32MousePosChangedSeq != u32CurSeq)
-        {
-            *pReqEvents |= (POLLIN | POLLRDNORM);
-            pSession->u32MousePosChangedSeq = u32CurSeq;
-        }
-        else
-        {
-            *pReqEvents = 0;
-            if (!fAnyYet)
-                *ppPollHead = &g_PollHead;
-        }
-
-        return 0;
-    }
-    else
-    {
-        Log((DEVICE_NAME "::Poll: no state data for %d\n", getminor(Dev)));
-        return EINVAL;
-    }
-}
-
+/* Interrupt service routine installed by vboxGuestSolarisAddIRQ. */
+static uint_t vboxGuestSolarisISR(char *Arg /* Actually caddr_t. */);
 
 /**
@@ -734 +1121 @@
  * @param   pDip     Pointer to the device info structure.
  */
-static int VBoxGuestSolarisAddIRQ(dev_info_t *pDip)
-{
+static int vboxGuestSolarisAddIRQ(dev_info_t *pDip)
+{
+    int IntrType = 0, rc;
+
     LogFlow((DEVICE_NAME "::AddIRQ: pDip=%p\n", pDip));
-
-    int IntrType = 0;
-    int rc = ddi_intr_get_supported_types(pDip, &IntrType);
+    rc = ddi_intr_get_supported_types(pDip, &IntrType);
     if (rc == DDI_SUCCESS)
     {
@@ -759 +1146 @@
                     if (g_pIntr)
                     {
-                        int IntrAllocated;
+                        size_t IntrAllocated;
+                        unsigned i;
                         rc = ddi_intr_alloc(pDip, g_pIntr, IntrType, 0, IntrCount, &IntrAllocated, DDI_INTR_ALLOC_NORMAL);
                         if (   rc == DDI_SUCCESS
                             && IntrAllocated > 0)
                         {
+                            uint_t uIntrPriority;
                             g_cIntrAllocated = IntrAllocated;
-                            uint_t uIntrPriority;
                             rc = ddi_intr_get_pri(g_pIntr[0], &uIntrPriority);
                             if (rc == DDI_SUCCESS)
@@ -773 +1161 @@
 
                                 /* Assign interrupt handler functions and enable interrupts. */
-                                for (int i = 0; i < IntrAllocated; i++)
+                                for (i = 0; i < IntrAllocated; i++)
                                 {
-                                    rc = ddi_intr_add_handler(g_pIntr[i], (ddi_intr_handler_t *)VBoxGuestSolarisISR,
+                                    rc = ddi_intr_add_handler(g_pIntr[i], (ddi_intr_handler_t *)vboxGuestSolarisISR,
                                                             NULL /* No Private Data */, NULL);
                                     if (rc == DDI_SUCCESS)
@@ -791 +1179 @@
                                 /* Remove any assigned handlers */
                                 LogRel((DEVICE_NAME ":failed to assign IRQs allocated=%d\n", IntrAllocated));
-                                for (int x = 0; x < IntrAllocated; x++)
-                                    ddi_intr_remove_handler(g_pIntr[x]);
+                                for (i = 0; i < IntrAllocated; i++)
+                                    ddi_intr_remove_handler(g_pIntr[i]);
                             }
                             else
@@ -798 +1186 @@
 
                             /* Remove allocated IRQs, too bad we can free only one handle at a time. */
-                            for (int k = 0; k < g_cIntrAllocated; k++)
-                                ddi_intr_free(g_pIntr[k]);
+                            for (i = 0; i < g_cIntrAllocated; i++)
+                                ddi_intr_free(g_pIntr[i]);
                         }
                         else
@@ -828 +1216 @@
  * @param   pDip     Pointer to the device info structure.
  */
-static void VBoxGuestSolarisRemoveIRQ(dev_info_t *pDip)
-{
+static void vboxGuestSolarisRemoveIRQ(dev_info_t *pDip)
+{
+    unsigned i;
+
     LogFlow((DEVICE_NAME "::RemoveIRQ:\n"));
-
-    for (int i = 0; i < g_cIntrAllocated; i++)
+    for (i = 0; i < g_cIntrAllocated; i++)
     {
         int rc = ddi_intr_disable(g_pIntr[i]);
@@ -853 +1242 @@
  * @returns DDI_INTR_CLAIMED if it's our interrupt, DDI_INTR_UNCLAIMED if it isn't.
  */
-static uint_t VBoxGuestSolarisISR(caddr_t Arg)
-{
+static uint_t vboxGuestSolarisISR(char *Arg /* Actually caddr_t. */)
+{
+    bool fOurIRQ;
+
     LogFlow((DEVICE_NAME "::ISR:\n"));
-
     mutex_enter(&g_IrqMtx);
-    bool fOurIRQ = VBoxGuestCommonISR(&g_DevExt);
+    fOurIRQ = VBoxGuestCommonISR(&g_DevExt);
     mutex_exit(&g_IrqMtx);
-
     return fOurIRQ ? DDI_INTR_CLAIMED : DDI_INTR_UNCLAIMED;
 }
 
 
+/* Helper for VBoxGuestNativeISRMousePollEvent. */
+static void VBoxGuestVUIDPutAbsEvent(ushort_t cEvent, int cValue);
+
+/**
+ * Native part of the IRQ service routine, called when the VBoxGuest mouse
+ * pointer is moved.  We send a VUID event up to user space.
+ */
 void VBoxGuestNativeISRMousePollEvent(PVBOXGUESTDEVEXT pDevExt)
 {
+    VMMDevReqMouseStatus *pReq;
+    int rc;
     LogFlow((DEVICE_NAME "::NativeISRMousePollEvent:\n"));
 
-    /*
-     * Wake up poll waiters.
-     */
-    pollwakeup(&g_PollHead, POLLIN | POLLRDNORM);
-}
-
-
-/* Common code that depend on g_DevExt. */
+    rc = VbglGRAlloc((VMMDevRequestHeader **)&pReq, sizeof(*pReq),
+                     VMMDevReq_GetMouseStatus);
+    if (RT_FAILURE(rc))
+        return;  /* If kernel memory is short a missed event is acceptable! */
+    pReq->mouseFeatures = 0;
+    pReq->pointerXPos = 0;
+    pReq->pointerYPos = 0;
+    rc = VbglGRPerform(&pReq->header);
+    if (RT_SUCCESS(rc))
+    {
+        int cMaxScreenX  = g_pState->cMaxScreenX;
+        int cMaxScreenY  = g_pState->cMaxScreenY;
+
+        VBoxGuestVUIDPutAbsEvent(LOC_X_ABSOLUTE,
+                                   pReq->pointerXPos * cMaxScreenX
+                                 / VMMDEV_MOUSE_RANGE_MAX);
+        VBoxGuestVUIDPutAbsEvent(LOC_Y_ABSOLUTE,
+                                   pReq->pointerYPos * cMaxScreenY
+                                 / VMMDEV_MOUSE_RANGE_MAX);
+    }
+    VbglGRFree(&pReq->header);
+}
+
+
+void VBoxGuestVUIDPutAbsEvent(ushort_t cEvent, int cValue)
+{
+    queue_t *pReadQueue = RD(g_pState->pWriteQueue);
+    mblk_t *pMBlk = allocb(sizeof(Firm_event, BPRI_HI));
+    Firm_event *pEvent;
+    AssertReturnVoid(cEvent == LOC_X_ABSOLUTE || cEvent == LOC_Y_ABSOLUTE);
+    if (!pMBlk)
+        return;  /* If kernel memory is short a missed event is acceptable! */
+    pEvent = (Firm_event *)pMBlk->b_wptr;
+    pEvent->id        = cEvent;
+    pEvent->pair_type = FE_PAIR_DELTA;
+    pEvent->pair      = cEvent == LOC_X_ABSOLUTE ? LOC_X_DELTA : LOC_Y_DELTA;
+    pEvent->value     = cValue;
+    uniqtime32(&pEvent->time);
+    pMBlk->b_wptr += sizeof(Firm_event);
+    /* Put the message on the queue immediately if it is not blocked. */
+    if (canput(pReadQueue->q_next))
+        putnext(pReadQueue, pMBlk);
+    else
+        putbq(pReadQueue, pMBlk);
+}
+
+
+/* Common code that depends on g_DevExt. */
 #include "VBoxGuestIDC-unix.c.h"