Changeset 44785 in vbox

Timestamp:

Feb 21, 2013 3:24:21 PM (12 years ago)

Author:

vboxsync

Message:

VMMDev.cpp: Delay critsect exit for HGCM requests to avoid race between EMT writing back and HGCM read+writing back the request.

File:

• trunk/src/VBox/Devices/VMMDev/VMMDev.cpp (modified) (9 diffs)

trunk/src/VBox/Devices/VMMDev/VMMDev.cpp

@@ -2187 +2187 @@
 
 
-static int vmmdevReqDispatcher(PVMMDEV pThis, VMMDevRequestHeader *pReqHdr, RTGCPHYS GCPhysReqHdr)
+/**
+ * Dispatch the request to the appropriate handler function.
+ *
+ * @returns Port I/O handler exit code.
+ * @param   pThis           The VMM device instance data.
+ * @param   pReqHdr         The request header (cached in host memory).
+ * @param   GCPhysReqHdr    The guest physical address of the request (for
+ *                          HGCM).
+ * @param   pfDelayedUnlock Where to indicate whether the critical section exit
+ *                          needs to be delayed till after the request has been
+ *                          written back. This is a HGCM kludge, see critsect
+ *                          work in hgcmCompletedWorker for more details.
+ */
+static int vmmdevReqDispatcher(PVMMDEV pThis, VMMDevRequestHeader *pReqHdr, RTGCPHYS GCPhysReqHdr, bool *pfDelayedUnlock)
 {
     int rcRet = VINF_SUCCESS;
+    *pfDelayedUnlock = false;
 
     switch (pReqHdr->requestType)
@@ -2292 +2306 @@
         case VMMDevReq_HGCMConnect:
             pReqHdr->rc = vmmdevReqHandler_HGCMConnect(pThis, pReqHdr, GCPhysReqHdr);
+            *pfDelayedUnlock = true;
             break;
 
         case VMMDevReq_HGCMDisconnect:
             pReqHdr->rc = vmmdevReqHandler_HGCMDisconnect(pThis, pReqHdr, GCPhysReqHdr);
+            *pfDelayedUnlock = true;
             break;
 
@@ -2305 +2321 @@
 # endif /* VBOX_WITH_64_BITS_GUESTS */
             pReqHdr->rc = vmmdevReqHandler_HGCMCall(pThis, pReqHdr, GCPhysReqHdr);
+            *pfDelayedUnlock = true;
             break;
 #endif /* VBOX_WITH_HGCM */
@@ -2310 +2327 @@
         case VMMDevReq_HGCMCancel:
             pReqHdr->rc = vmmdevReqHandler_HGCMCancel(pThis, pReqHdr, GCPhysReqHdr);
+            *pfDelayedUnlock = true;
             break;
 
@@ -2460 +2478 @@
     Log2(("VMMDev request issued: %d\n", requestHeader.requestType));
 
+    bool                 fDelayedUnlock = false;
     int                  rcRet          = VINF_SUCCESS;
     VMMDevRequestHeader *pRequestHeader = NULL;
@@ -2483 +2502 @@
                 PDMDevHlpPhysRead(pDevIns, (RTGCPHYS)u32, pRequestHeader, requestHeader.size);
 
-                rcRet = vmmdevReqDispatcher(pThis, pRequestHeader, u32);
+                rcRet = vmmdevReqDispatcher(pThis, pRequestHeader, u32, &fDelayedUnlock);
             }
             else
@@ -2503 +2522 @@
         }
 
-        PDMCritSectLeave(&pThis->CritSect);
+        if (!fDelayedUnlock)
+            PDMCritSectLeave(&pThis->CritSect);
     }
     else
@@ -2522 +2542 @@
     {
         PDMDevHlpPhysWrite(pDevIns, u32, pRequestHeader, pRequestHeader->size);
+        if (fDelayedUnlock)
+            PDMCritSectLeave(&pThis->CritSect);
         RTMemFree(pRequestHeader);
     }
@@ -2528 +2550 @@
         /* early error case; write back header only */
         PDMDevHlpPhysWrite(pDevIns, u32, &requestHeader, sizeof(requestHeader));
+        Assert(!fDelayedUnlock);
     }