Changeset 71607 in vbox for trunk/src/VBox/HostServices

Timestamp:

Apr 1, 2018 11:38:00 PM (7 years ago)

Author:

vboxsync

svn:sync-xref-src-repo-rev:

121634

Message:

DevVGA,SharedOpenGL: Code cleanup in progress. bugref:9094

Location:

trunk/src/VBox/HostServices/SharedOpenGL/crserverlib

Files:

• presenter/Makefile.kup (added)
• presenter/server_presenter.cpp (modified) (3 diffs)
• server.h (modified) (1 diff)
• server_main.c (modified) (8 diffs)

trunk/src/VBox/HostServices/SharedOpenGL/crserverlib/presenter/server_presenter.cpp

@@ -3888 +3888 @@
 }
 
-int8_t crVBoxServerCrCmdClrFillProcess(const VBOXCMDVBVA_CLRFILL_HDR *pCmd, uint32_t cbCmd)
-{
+/** @todo RT_UNTRUSTED_VOLATILE_GUEST */
+int8_t crVBoxServerCrCmdClrFillProcess(VBOXCMDVBVA_CLRFILL_HDR const RT_UNTRUSTED_VOLATILE_GUEST *pCmdTodo, uint32_t cbCmd)
+{
+    VBOXCMDVBVA_CLRFILL_HDR const *pCmd = (VBOXCMDVBVA_CLRFILL_HDR const *)pCmdTodo;
     uint8_t u8Flags = pCmd->Hdr.u8Flags;
     uint8_t u8Cmd = (VBOXCMDVBVA_OPF_CLRFILL_TYPE_MASK & u8Flags);
@@ -3912 +3914 @@
 }
 
-int8_t crVBoxServerCrCmdBltProcess(const VBOXCMDVBVA_BLT_HDR *pCmd, uint32_t cbCmd)
-{
+/** @todo RT_UNTRUSTED_VOLATILE_GUEST */
+int8_t crVBoxServerCrCmdBltProcess(VBOXCMDVBVA_BLT_HDR const RT_UNTRUSTED_VOLATILE_GUEST *pCmdTodo, uint32_t cbCmd)
+{
+    VBOXCMDVBVA_BLT_HDR const *pCmd = (VBOXCMDVBVA_BLT_HDR const *)pCmdTodo;
     uint8_t u8Flags = pCmd->Hdr.u8Flags;
     uint8_t u8Cmd = (VBOXCMDVBVA_OPF_BLT_TYPE_MASK & u8Flags);
@@ -3955 +3959 @@
 }
 
-int8_t crVBoxServerCrCmdFlipProcess(const VBOXCMDVBVA_FLIP *pFlip, uint32_t cbCmd)
-{
+/** @todo RT_UNTRUSTED_VOLATILE_GUEST   */
+int8_t crVBoxServerCrCmdFlipProcess(VBOXCMDVBVA_FLIP const RT_UNTRUSTED_VOLATILE_GUEST *pFlipTodo, uint32_t cbCmd)
+{
+    VBOXCMDVBVA_FLIP const *pFlip = (VBOXCMDVBVA_FLIP const *)pFlipTodo;
     uint32_t hostId;
     const VBOXCMDVBVA_RECT *pPRects = pFlip->aRects;

trunk/src/VBox/HostServices/SharedOpenGL/crserverlib/server.h

@@ -470 +470 @@
 void CrFbTexDataInit(CR_TEXDATA* pFbTex, const VBOXVR_TEXTURE *pTex, PFNCRTEXDATA_RELEASED pfnTextureReleased);
 
-int8_t crVBoxServerCrCmdBltProcess(const VBOXCMDVBVA_BLT_HDR *pCmd, uint32_t cbCmd);
-int8_t crVBoxServerCrCmdClrFillProcess(const VBOXCMDVBVA_CLRFILL_HDR *pCmd, uint32_t cbCmd);
-int8_t crVBoxServerCrCmdFlipProcess(const VBOXCMDVBVA_FLIP *pFlip, uint32_t cbCmd);
+int8_t crVBoxServerCrCmdBltProcess(VBOXCMDVBVA_BLT_HDR const RT_UNTRUSTED_VOLATILE_GUEST *pCmd, uint32_t cbCmd);
+int8_t crVBoxServerCrCmdClrFillProcess(VBOXCMDVBVA_CLRFILL_HDR const RT_UNTRUSTED_VOLATILE_GUEST *pCmd, uint32_t cbCmd);
+int8_t crVBoxServerCrCmdFlipProcess(VBOXCMDVBVA_FLIP const RT_UNTRUSTED_VOLATILE_GUEST *pFlip, uint32_t cbCmd);
 
 

trunk/src/VBox/HostServices/SharedOpenGL/crserverlib/server_main.c

@@ -34 +34 @@
 #include <VBox/err.h>
 #include <VBox/log.h>
+#include <VBox/AssertGuest.h>
 
 #ifdef VBOXCR_LOGFPS
@@ -67 +68 @@
 int tearingdown = 0; /* can't be static */
 
-static DECLCALLBACK(int8_t) crVBoxCrCmdCmd(HVBOXCRCMDSVR hSvr, const VBOXCMDVBVA_HDR *pCmd, uint32_t cbCmd);
+static DECLCALLBACK(int8_t) crVBoxCrCmdCmd(HVBOXCRCMDSVR hSvr,
+                                           const VBOXCMDVBVA_HDR RT_UNTRUSTED_VOLATILE_GUEST *pCmd, uint32_t cbCmd);
 
 DECLINLINE(CRClient*) crVBoxServerClientById(uint32_t u32ClientID)
@@ -2873 +2875 @@
 #ifdef VBOX_WITH_CRHGSMI
 
-static int32_t crVBoxServerCmdVbvaCrCmdProcess(const struct VBOXCMDVBVA_CRCMD_CMD *pCmd, uint32_t cbCmd)
-{
+/** @todo RT_UNTRUSTED_VOLATILE_GUEST   */
+static int32_t crVBoxServerCmdVbvaCrCmdProcess(VBOXCMDVBVA_CRCMD_CMD const RT_UNTRUSTED_VOLATILE_GUEST *pCmdTodo, uint32_t cbCmd)
+{
+    VBOXCMDVBVA_CRCMD_CMD const *pCmd = (VBOXCMDVBVA_CRCMD_CMD const *)pCmdTodo;
     int32_t rc;
     uint32_t cBuffers = pCmd->cBuffers;
@@ -3233 +3237 @@
 }
 
-static int crVBoxCrConnectEx(VBOXCMDVBVA_3DCTL_CONNECT *pConnect, uint32_t u32ClientId)
+static int crVBoxCrConnectEx(VBOXCMDVBVA_3DCTL_CONNECT RT_UNTRUSTED_VOLATILE_GUEST *pConnect, uint32_t u32ClientId)
 {
     CRClient *pClient;
     int rc;
+    uint32_t const uMajorVersion = pConnect->u32MajorVersion;
+    uint32_t const uMinorVersion = pConnect->u32MinorVersion;
+    uint64_t const uPid          = pConnect->u64Pid;
+    RT_UNTRUSTED_NONVOLATILE_COPY_FENCE();
 
     if (u32ClientId == CRHTABLE_HANDLE_INVALID)
@@ -3252 +3260 @@
     if (RT_SUCCESS(rc))
     {
-        rc = crVBoxServerClientObjSetVersion(pClient, pConnect->u32MajorVersion, pConnect->u32MinorVersion);
+        rc = crVBoxServerClientObjSetVersion(pClient, uMajorVersion, uMinorVersion);
         if (RT_SUCCESS(rc))
         {
-            rc = crVBoxServerClientObjSetPID(pClient, pConnect->u64Pid);
+            rc = crVBoxServerClientObjSetPID(pClient, uPid);
             if (RT_SUCCESS(rc))
             {
@@ -3264 +3272 @@
                     return VINF_SUCCESS;
                 }
-                else
-                    WARN(("CrHTablePutToSlot failed %d", rc));
+                WARN(("CrHTablePutToSlot failed %d", rc));
             }
             else
@@ -3283 +3290 @@
 }
 
-static int crVBoxCrConnect(VBOXCMDVBVA_3DCTL_CONNECT *pConnect)
+static int crVBoxCrConnect(VBOXCMDVBVA_3DCTL_CONNECT RT_UNTRUSTED_VOLATILE_GUEST *pConnect)
 {
     return crVBoxCrConnectEx(pConnect, CRHTABLE_HANDLE_INVALID);
 }
 
-static DECLCALLBACK(int) crVBoxCrCmdGuestCtl(HVBOXCRCMDSVR hSvr, uint8_t* pCmd, uint32_t cbCmd)
-{
-    VBOXCMDVBVA_3DCTL *pCtl = (VBOXCMDVBVA_3DCTL*)pCmd;
-    if (cbCmd < sizeof (VBOXCMDVBVA_3DCTL))
-    {
-        WARN(("invalid buffer size"));
-        return VERR_INVALID_PARAMETER;
-    }
-
-    switch (pCtl->u32Type)
-    {
-        case VBOXCMDVBVA3DCTL_TYPE_CONNECT:
-        {
-            if (cbCmd != sizeof (VBOXCMDVBVA_3DCTL_CONNECT))
-            {
-                WARN(("invalid command size"));
-                return VERR_INVALID_PARAMETER;
-            }
-
-            return crVBoxCrConnect((VBOXCMDVBVA_3DCTL_CONNECT*)pCtl);
-        }
-        case VBOXCMDVBVA3DCTL_TYPE_DISCONNECT:
-        {
-            if (cbCmd != sizeof (VBOXCMDVBVA_3DCTL))
-            {
-                WARN(("invalid command size"));
-                return VERR_INVALID_PARAMETER;
-            }
-
-            return crVBoxCrDisconnect(pCtl->u32CmdClientId);
-        }
-        case VBOXCMDVBVA3DCTL_TYPE_CMD:
-        {
-            VBOXCMDVBVA_3DCTL_CMD *p3DCmd;
-            if (cbCmd < sizeof (VBOXCMDVBVA_3DCTL_CMD))
-            {
-                WARN(("invalid size"));
-                return VERR_INVALID_PARAMETER;
-            }
-
-            p3DCmd = (VBOXCMDVBVA_3DCTL_CMD*)pCmd;
-
-            return crVBoxCrCmdCmd(NULL, &p3DCmd->Cmd, cbCmd - RT_OFFSETOF(VBOXCMDVBVA_3DCTL_CMD, Cmd));
-        }
-        default:
-            WARN(("crVBoxCrCmdGuestCtl: invalid function %d", pCtl->u32Type));
-            return VERR_INVALID_PARAMETER;
+/**
+ * @interface_method_impl{VBOXCRCMD_SVRINFO,pfnGuestCtl}
+ */
+static DECLCALLBACK(int) crVBoxCrCmdGuestCtl(HVBOXCRCMDSVR hSvr, uint8_t RT_UNTRUSTED_VOLATILE_GUEST *pbCmd, uint32_t cbCmd)
+{
+    /*
+     * Toplevel input validation.
+     */
+    ASSERT_GUEST_LOGREL_RETURN(cbCmd >= sizeof(VBOXCMDVBVA_3DCTL), VERR_INVALID_PARAMETER);
+    {
+        VBOXCMDVBVA_3DCTL RT_UNTRUSTED_VOLATILE_GUEST *pCtl = (VBOXCMDVBVA_3DCTL RT_UNTRUSTED_VOLATILE_GUEST*)pbCmd;
+        const uint32_t uType = pCtl->u32Type;
+        RT_UNTRUSTED_NONVOLATILE_COPY_FENCE();
+
+        ASSERT_GUEST_LOGREL_RETURN(   uType == VBOXCMDVBVA3DCTL_TYPE_CMD
+                                   || uType == VBOXCMDVBVA3DCTL_TYPE_CONNECT
+                                   || uType == VBOXCMDVBVA3DCTL_TYPE_DISCONNECT
+                                   , VERR_INVALID_PARAMETER);
+        RT_UNTRUSTED_VALIDATED_FENCE();
+
+        /*
+         * Call worker abd process the request.
+         */
+        switch (uType)
+        {
+            case VBOXCMDVBVA3DCTL_TYPE_CMD:
+                ASSERT_GUEST_LOGREL_RETURN(cbCmd >= sizeof(VBOXCMDVBVA_3DCTL_CMD), VERR_INVALID_PARAMETER);
+                {
+                    VBOXCMDVBVA_3DCTL_CMD RT_UNTRUSTED_VOLATILE_GUEST *p3DCmd
+                        = (VBOXCMDVBVA_3DCTL_CMD RT_UNTRUSTED_VOLATILE_GUEST *)pbCmd;
+                    return crVBoxCrCmdCmd(NULL, &p3DCmd->Cmd, cbCmd - RT_OFFSETOF(VBOXCMDVBVA_3DCTL_CMD, Cmd));
+                }
+
+            case VBOXCMDVBVA3DCTL_TYPE_CONNECT:
+                ASSERT_GUEST_LOGREL_RETURN(cbCmd == sizeof(VBOXCMDVBVA_3DCTL_CONNECT), VERR_INVALID_PARAMETER);
+                return crVBoxCrConnect((VBOXCMDVBVA_3DCTL_CONNECT RT_UNTRUSTED_VOLATILE_GUEST *)pCtl);
+
+            case VBOXCMDVBVA3DCTL_TYPE_DISCONNECT:
+                ASSERT_GUEST_LOGREL_RETURN(cbCmd == sizeof(VBOXCMDVBVA_3DCTL), VERR_INVALID_PARAMETER);
+                {
+                    uint32_t idClient = pCtl->u32CmdClientId;
+                    RT_UNTRUSTED_NONVOLATILE_COPY_FENCE();
+                    return crVBoxCrDisconnect(idClient);
+                }
+
+            default:
+                AssertFailedReturn(VERR_IPE_NOT_REACHED_DEFAULT_CASE);
+        }
     }
 }
@@ -3512 +3520 @@
 
 
-static DECLCALLBACK(int8_t) crVBoxCrCmdCmd(HVBOXCRCMDSVR hSvr, const VBOXCMDVBVA_HDR *pCmd, uint32_t cbCmd)
-{
-    switch (pCmd->u8OpCode)
+/**
+ * @interface_method_impl{VBOXCRCMD_SVRINFO,pfnCmd}
+ */
+static DECLCALLBACK(int8_t) crVBoxCrCmdCmd(HVBOXCRCMDSVR hSvr,
+                                           const VBOXCMDVBVA_HDR RT_UNTRUSTED_VOLATILE_GUEST *pCmd, uint32_t cbCmd)
+{
+    uint8_t bOpcode = pCmd->u8OpCode;
+    RT_UNTRUSTED_NONVOLATILE_COPY_FENCE();
+    ASSERT_GUEST_LOGREL_MSG_RETURN(   bOpcode == VBOXCMDVBVA_OPTYPE_CRCMD
+                                   || bOpcode == VBOXCMDVBVA_OPTYPE_FLIP
+                                   || bOpcode == VBOXCMDVBVA_OPTYPE_BLT
+                                   || bOpcode == VBOXCMDVBVA_OPTYPE_CLRFILL,
+                                   ("%#x\n", bOpcode), -1);
+    RT_UNTRUSTED_VALIDATED_FENCE();
+
+    switch (bOpcode)
     {
         case VBOXCMDVBVA_OPTYPE_CRCMD:
-        {
-            const VBOXCMDVBVA_CRCMD *pCrCmdDr;
-            const VBOXCMDVBVA_CRCMD_CMD *pCrCmd;
-            int rc;
-            pCrCmdDr = (const VBOXCMDVBVA_CRCMD*)pCmd;
-            pCrCmd = &pCrCmdDr->Cmd;
-            if (cbCmd < sizeof (VBOXCMDVBVA_CRCMD))
+            ASSERT_GUEST_LOGREL_MSG_RETURN(cbCmd >= sizeof(VBOXCMDVBVA_CRCMD), ("cbCmd=%u\n", cbCmd), -1);
             {
-                WARN(("invalid buffer size"));
-                return -1;
-            }
-            rc = crVBoxServerCmdVbvaCrCmdProcess(pCrCmd, cbCmd - RT_OFFSETOF(VBOXCMDVBVA_CRCMD, Cmd));
-            if (RT_SUCCESS(rc))
-            {
-                /* success */
+                VBOXCMDVBVA_CRCMD const RT_UNTRUSTED_VOLATILE_GUEST *pCrCmdDr
+                    = (VBOXCMDVBVA_CRCMD const RT_UNTRUSTED_VOLATILE_GUEST *)pCmd;
+                VBOXCMDVBVA_CRCMD_CMD const RT_UNTRUSTED_VOLATILE_GUEST *pCrCmd = &pCrCmdDr->Cmd;
+                int rc = crVBoxServerCmdVbvaCrCmdProcess(pCrCmd, cbCmd - RT_OFFSETOF(VBOXCMDVBVA_CRCMD, Cmd));
+                ASSERT_GUEST_LOGREL_RC_RETURN(rc, -1);
                 return 0;
             }
 
-            WARN(("crVBoxServerCmdVbvaCrCmdProcess failed, rc %d", rc));
-            return -1;
-        }
         case VBOXCMDVBVA_OPTYPE_FLIP:
-        {
-            const VBOXCMDVBVA_FLIP *pFlip;
-
-            if (cbCmd < VBOXCMDVBVA_SIZEOF_FLIPSTRUCT_MIN)
+            ASSERT_GUEST_LOGREL_MSG_RETURN(cbCmd >= VBOXCMDVBVA_SIZEOF_FLIPSTRUCT_MIN, ("cbCmd=%u\n", cbCmd), -1);
             {
-                WARN(("invalid buffer size (cbCmd(%u) < sizeof(VBOXCMDVBVA_FLIP)(%u))", cbCmd, sizeof(VBOXCMDVBVA_FLIP)));
-                return -1;
+                VBOXCMDVBVA_FLIP const RT_UNTRUSTED_VOLATILE_GUEST *pFlip
+                    = (VBOXCMDVBVA_FLIP const RT_UNTRUSTED_VOLATILE_GUEST *)pCmd;
+                return crVBoxServerCrCmdFlipProcess(pFlip, cbCmd);
             }
 
-            pFlip = (const VBOXCMDVBVA_FLIP*)pCmd;
-            return crVBoxServerCrCmdFlipProcess(pFlip, cbCmd);
-        }
         case VBOXCMDVBVA_OPTYPE_BLT:
-        {
-            if (cbCmd < sizeof (VBOXCMDVBVA_BLT_HDR))
-            {
-                WARN(("invalid buffer size"));
-                return -1;
-            }
-
-            return crVBoxServerCrCmdBltProcess((const VBOXCMDVBVA_BLT_HDR*)pCmd, cbCmd);
-        }
+            ASSERT_GUEST_LOGREL_MSG_RETURN(cbCmd >= sizeof(VBOXCMDVBVA_BLT_HDR), ("cbCmd=%u\n", cbCmd), -1);
+            return crVBoxServerCrCmdBltProcess((VBOXCMDVBVA_BLT_HDR const RT_UNTRUSTED_VOLATILE_GUEST *)pCmd, cbCmd);
+
         case VBOXCMDVBVA_OPTYPE_CLRFILL:
-        {
-            if (cbCmd < sizeof (VBOXCMDVBVA_CLRFILL_HDR))
-            {
-                WARN(("invalid buffer size"));
-                return -1;
-            }
-
-            return crVBoxServerCrCmdClrFillProcess((const VBOXCMDVBVA_CLRFILL_HDR*)pCmd, cbCmd);
-        }
+            ASSERT_GUEST_LOGREL_MSG_RETURN(cbCmd >= sizeof(VBOXCMDVBVA_CLRFILL_HDR), ("cbCmd=%u\n", cbCmd), -1);
+            return crVBoxServerCrCmdClrFillProcess((VBOXCMDVBVA_CLRFILL_HDR const RT_UNTRUSTED_VOLATILE_GUEST *)pCmd, cbCmd);
+
         default:
-            WARN(("unsupported command"));
-            return -1;
+            AssertFailedReturn(VERR_IPE_NOT_REACHED_DEFAULT_CASE);
     }
     /* not reached */