Changeset 49421 in vbox for trunk/src/VBox/Devices/VMMDev

Timestamp:

Nov 8, 2013 3:55:56 PM (11 years ago)

Author:

vboxsync

svn:sync-xref-src-repo-rev:

90502

Message:

VMMDev: removed obsolete assertions, cleanup.

File:

• trunk/src/VBox/Devices/VMMDev/VMMDevHGCM.cpp (modified) (22 diffs)

trunk/src/VBox/Devices/VMMDev/VMMDevHGCM.cpp

@@ -106 +106 @@
      */
     VBOXHGCMSVCPARM *paHostParms;
+
+    /* Number of elements in paHostParms */
+    uint32_t cHostParms;
 
     /** Linear pointer parameters information. */
@@ -262 +265 @@
     int rc = VINF_SUCCESS;
 
-    AssertRelease (u32Size > 0);
-
     VBOXHGCMLINPTR *pLinPtr = &paLinPtrs[iLinPtr];
 
@@ -305 +306 @@
         GCPtr += PAGE_SIZE;
     }
-
-    AssertRelease (iPage == cPages);
 
     return rc;
@@ -322 +321 @@
     VBOXHGCMLINPTR *pLinPtr = &paLinPtrs[iLinPtr];
 
-    AssertRelease (u32Size > 0 && iParm == (uint32_t)pLinPtr->iParm);
+    AssertLogRelReturn(u32Size > 0 && iParm == (uint32_t)pLinPtr->iParm, VERR_INVALID_PARAMETER);
 
     RTGCPHYS GCPhysDst = pLinPtr->paPages[0] + pLinPtr->offFirstPage;
@@ -344 +343 @@
         if (cbWrite >= u32Size)
         {
-            PDMDevHlpPhysWrite(pDevIns, GCPhysDst, pu8Src, u32Size);
+            rc = PDMDevHlpPhysWrite(pDevIns, GCPhysDst, pu8Src, u32Size);
+            if (RT_FAILURE(rc))
+                break;
+
             u32Size = 0;
             break;
         }
 
-        PDMDevHlpPhysWrite(pDevIns, GCPhysDst, pu8Src, cbWrite);
+        rc = PDMDevHlpPhysWrite(pDevIns, GCPhysDst, pu8Src, cbWrite);
+        if (RT_FAILURE(rc))
+            break;
 
         /* next */
@@ -358 +362 @@
     }
 
-    AssertRelease (iPage == pLinPtr->cPages);
-    Assert(u32Size == 0);
+    if (RT_SUCCESS(rc))
+    {
+        AssertLogRelReturn(iPage == pLinPtr->cPages, VERR_INVALID_PARAMETER);
+    }
 
     return rc;
@@ -813 +819 @@
 
         pCmd->paHostParms = pHostParm;
+        pCmd->cHostParms  = cParms;
 
         uint32_t iLinPtr = 0;
@@ -1329 +1336 @@
 
         pCmd->paHostParms = pHostParm;
+        pCmd->cHostParms = cParms;
 
         uint32_t iParm;
@@ -1798 +1806 @@
 }
 
+#ifdef VBOX_WITH_64_BITS_GUESTS
+static int vmmdevHGCMParmVerify64(HGCMFunctionParameter64 *pGuestParm, VBOXHGCMSVCPARM *pHostParm)
+{
+    int rc = VERR_INVALID_PARAMETER;
+
+    switch (pGuestParm->type)
+    {
+        case VMMDevHGCMParmType_32bit:
+            if (pHostParm->type == VBOX_HGCM_SVC_PARM_32BIT)
+                rc = VINF_SUCCESS;
+            break;
+
+        case VMMDevHGCMParmType_64bit:
+            if (pHostParm->type == VBOX_HGCM_SVC_PARM_64BIT)
+                rc = VINF_SUCCESS;
+            break;
+
+        case VMMDevHGCMParmType_LinAddr_In:  /* In (read) */
+        case VMMDevHGCMParmType_LinAddr_Out: /* Out (write) */
+        case VMMDevHGCMParmType_LinAddr:     /* In & Out */
+            if (   pHostParm->type == VBOX_HGCM_SVC_PARM_PTR
+                && pGuestParm->u.Pointer.size == pHostParm->u.pointer.size)
+                rc = VINF_SUCCESS;
+            break;
+
+        case VMMDevHGCMParmType_PageList:
+            if (   pHostParm->type == VBOX_HGCM_SVC_PARM_PTR
+                && pGuestParm->u.PageList.size == pHostParm->u.pointer.size)
+                rc = VINF_SUCCESS;
+            break;
+
+        default:
+            AssertLogRelMsgFailed(("hgcmCompleted: invalid parameter type %08X\n", pGuestParm->type));
+            break;
+    }
+
+    return rc;
+}
+#endif /* VBOX_WITH_64_BITS_GUESTS */
+
+#ifdef VBOX_WITH_64_BITS_GUESTS
+static int vmmdevHGCMParmVerify32(HGCMFunctionParameter32 *pGuestParm, VBOXHGCMSVCPARM *pHostParm)
+#else
+static int vmmdevHGCMParmVerify32(HGCMFunctionParameter *pGuestParm, VBOXHGCMSVCPARM *pHostParm)
+#endif
+{
+    int rc = VERR_INVALID_PARAMETER;
+
+    switch (pGuestParm->type)
+    {
+        case VMMDevHGCMParmType_32bit:
+            if (pHostParm->type == VBOX_HGCM_SVC_PARM_32BIT)
+                rc = VINF_SUCCESS;
+            break;
+
+        case VMMDevHGCMParmType_64bit:
+            if (pHostParm->type == VBOX_HGCM_SVC_PARM_64BIT)
+                rc = VINF_SUCCESS;
+            break;
+
+        case VMMDevHGCMParmType_LinAddr_In:  /* In (read) */
+        case VMMDevHGCMParmType_LinAddr_Out: /* Out (write) */
+        case VMMDevHGCMParmType_LinAddr:     /* In & Out */
+            if (   pHostParm->type == VBOX_HGCM_SVC_PARM_PTR
+                && pGuestParm->u.Pointer.size == pHostParm->u.pointer.size)
+                rc = VINF_SUCCESS;
+            break;
+
+        case VMMDevHGCMParmType_PageList:
+            if (   pHostParm->type == VBOX_HGCM_SVC_PARM_PTR
+                && pGuestParm->u.PageList.size == pHostParm->u.pointer.size)
+                rc = VINF_SUCCESS;
+            break;
+
+        default:
+            AssertLogRelMsgFailed(("hgcmCompleted: invalid parameter type %08X\n", pGuestParm->type));
+            break;
+    }
+
+    return rc;
+}
+
 DECLCALLBACK(void) hgcmCompletedWorker (PPDMIHGCMPORT pInterface, int32_t result, PVBOXHGCMCMD pCmd)
 {
@@ -1895 +1985 @@
 
                 uint32_t cParms = pHGCMCall->cParms;
+                if (cParms != pCmd->cHostParms)
+                    rc = VERR_INVALID_PARAMETER;
 
                 VBOXHGCMSVCPARM *pHostParm = pCmd->paHostParms;
@@ -1903 +1995 @@
                 HGCMFunctionParameter64 *pGuestParm = VMMDEV_HGCM_CALL_PARMS64(pHGCMCall);
 
-                for (i = 0; i < cParms; i++, pGuestParm++, pHostParm++)
+                for (i = 0; i < cParms && RT_SUCCESS(rc); i++, pGuestParm++, pHostParm++)
                 {
+                    rc = vmmdevHGCMParmVerify64(pGuestParm, pHostParm);
+                    if (RT_FAILURE(rc))
+                        break;
+
                     switch (pGuestParm->type)
                     {
@@ -1931 +2027 @@
                                     rc = vmmdevHGCMWriteLinPtr (pThis->pDevIns, i, pHostParm->u.pointer.addr,
                                                                 size, iLinPtr, pCmd->paLinPtrs);
-                                    AssertReleaseRC(rc);
                                 }
 
@@ -1982 +2077 @@
                         {
                             /* This indicates that the guest request memory was corrupted. */
-                            AssertReleaseMsgFailed(("hgcmCompleted: invalid parameter type %08X\n", pGuestParm->type));
+                            rc = VERR_INVALID_PARAMETER;
+                            break;
                         }
                     }
@@ -1998 +2094 @@
 
                 uint32_t cParms = pHGCMCall->cParms;
+                if (cParms != pCmd->cHostParms)
+                    rc = VERR_INVALID_PARAMETER;
 
                 VBOXHGCMSVCPARM *pHostParm = pCmd->paHostParms;
@@ -2006 +2104 @@
                 HGCMFunctionParameter32 *pGuestParm = VMMDEV_HGCM_CALL_PARMS32(pHGCMCall);
 
-                for (i = 0; i < cParms; i++, pGuestParm++, pHostParm++)
+                for (i = 0; i < cParms && RT_SUCCESS(rc); i++, pGuestParm++, pHostParm++)
                 {
+                    rc = vmmdevHGCMParmVerify32(pGuestParm, pHostParm);
+                    if (RT_FAILURE(rc))
+                        break;
+
                     switch (pGuestParm->type)
                     {
@@ -2033 +2135 @@
                                     /* Use the saved page list to write data back to the guest RAM. */
                                     rc = vmmdevHGCMWriteLinPtr (pThis->pDevIns, i, pHostParm->u.pointer.addr, size, iLinPtr, pCmd->paLinPtrs);
-                                    AssertReleaseRC(rc);
                                 }
 
@@ -2084 +2185 @@
                         {
                             /* This indicates that the guest request memory was corrupted. */
-                            AssertReleaseMsgFailed(("hgcmCompleted: invalid parameter type %08X\n", pGuestParm->type));
+                            rc = VERR_INVALID_PARAMETER;
+                            break;
                         }
                     }
@@ -2100 +2202 @@
 
                 uint32_t cParms = pHGCMCall->cParms;
+                if (cParms != pCmd->cHostParms)
+                    rc = VERR_INVALID_PARAMETER;
 
                 VBOXHGCMSVCPARM *pHostParm = pCmd->paHostParms;
@@ -2108 +2212 @@
                 HGCMFunctionParameter *pGuestParm = VMMDEV_HGCM_CALL_PARMS(pHGCMCall);
 
-                for (i = 0; i < cParms; i++, pGuestParm++, pHostParm++)
+                for (i = 0; i < cParms && RT_SUCCESS(rc); i++, pGuestParm++, pHostParm++)
                 {
+                    rc = vmmdevHGCMParmVerify32(pGuestParm, pHostParm);
+                    if (RT_FAILURE(rc))
+                        break;
+
                     switch (pGuestParm->type)
                     {
@@ -2135 +2243 @@
                                     /* Use the saved page list to write data back to the guest RAM. */
                                     rc = vmmdevHGCMWriteLinPtr (pThis->pDevIns, i, pHostParm->u.pointer.addr, size, iLinPtr, pCmd->paLinPtrs);
-                                    AssertReleaseRC(rc);
                                 }
 
@@ -2186 +2293 @@
                         {
                             /* This indicates that the guest request memory was corrupted. */
-                            AssertReleaseMsgFailed(("hgcmCompleted: invalid parameter type %08X\n", pGuestParm->type));
+                            rc = VERR_INVALID_PARAMETER;
+                            break;
                         }
                     }
@@ -2212 +2320 @@
             }
         }
-        else
-        {
-            /* Command type is wrong. Return error to the guest. */
-            pHeader->header.rc = rc;
+
+        if (RT_FAILURE(rc))
+        {
+            /* Command is wrong. Return HGCM error result to the guest. */
+            pHeader->result = rc;
         }