summaryrefslogtreecommitdiffstats
path: root/src/VBox/Devices/VMMDev/VMMDevHGCM.cpp
diff options
context:
space:
mode:
Diffstat (limited to 'src/VBox/Devices/VMMDev/VMMDevHGCM.cpp')
-rw-r--r--src/VBox/Devices/VMMDev/VMMDevHGCM.cpp2776
1 files changed, 2776 insertions, 0 deletions
diff --git a/src/VBox/Devices/VMMDev/VMMDevHGCM.cpp b/src/VBox/Devices/VMMDev/VMMDevHGCM.cpp
new file mode 100644
index 00000000..9a0cbac6
--- /dev/null
+++ b/src/VBox/Devices/VMMDev/VMMDevHGCM.cpp
@@ -0,0 +1,2776 @@
+/* $Id: VMMDevHGCM.cpp $ */
+/** @file
+ * VMMDev - HGCM - Host-Guest Communication Manager Device.
+ */
+
+/*
+ * Copyright (C) 2006-2022 Oracle and/or its affiliates.
+ *
+ * This file is part of VirtualBox base platform packages, as
+ * available from https://www.virtualbox.org.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation, in version 3 of the
+ * License.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <https://www.gnu.org/licenses>.
+ *
+ * SPDX-License-Identifier: GPL-3.0-only
+ */
+
+
+/*********************************************************************************************************************************
+* Header Files *
+*********************************************************************************************************************************/
+#define LOG_GROUP LOG_GROUP_DEV_VMM
+#include <iprt/alloc.h>
+#include <iprt/asm.h>
+#include <iprt/assert.h>
+#include <iprt/param.h>
+#include <iprt/string.h>
+
+#include <VBox/AssertGuest.h>
+#include <VBox/err.h>
+#include <VBox/hgcmsvc.h>
+#include <VBox/log.h>
+
+#include "VMMDevHGCM.h"
+
+#ifdef DEBUG
+# define VBOX_STRICT_GUEST
+#endif
+
+#ifdef VBOX_WITH_DTRACE
+# include "dtrace/VBoxDD.h"
+#else
+# define VBOXDD_HGCMCALL_ENTER(a,b,c,d) do { } while (0)
+# define VBOXDD_HGCMCALL_COMPLETED_REQ(a,b) do { } while (0)
+# define VBOXDD_HGCMCALL_COMPLETED_EMT(a,b) do { } while (0)
+# define VBOXDD_HGCMCALL_COMPLETED_DONE(a,b,c,d) do { } while (0)
+#endif
+
+
+/*********************************************************************************************************************************
+* Structures and Typedefs *
+*********************************************************************************************************************************/
+typedef enum VBOXHGCMCMDTYPE
+{
+ VBOXHGCMCMDTYPE_LOADSTATE = 0,
+ VBOXHGCMCMDTYPE_CONNECT,
+ VBOXHGCMCMDTYPE_DISCONNECT,
+ VBOXHGCMCMDTYPE_CALL,
+ VBOXHGCMCMDTYPE_SizeHack = 0x7fffffff
+} VBOXHGCMCMDTYPE;
+
+/**
+ * Information about a 32 or 64 bit parameter.
+ */
+typedef struct VBOXHGCMPARMVAL
+{
+ /** Actual value. Both 32 and 64 bit is saved here. */
+ uint64_t u64Value;
+
+ /** Offset from the start of the request where the value is stored. */
+ uint32_t offValue;
+
+ /** Size of the value: 4 for 32 bit and 8 for 64 bit. */
+ uint32_t cbValue;
+
+} VBOXHGCMPARMVAL;
+
+/**
+ * Information about a pointer parameter.
+ */
+typedef struct VBOXHGCMPARMPTR
+{
+ /** Size of the buffer described by the pointer parameter. */
+ uint32_t cbData;
+
+/** @todo save 8 bytes here by putting offFirstPage, cPages, and f32Direction
+ * into a bitfields like in VBOXHGCMPARMPAGES. */
+ /** Offset in the first physical page of the region. */
+ uint32_t offFirstPage;
+
+ /** How many pages. */
+ uint32_t cPages;
+
+ /** How the buffer should be copied VBOX_HGCM_F_PARM_*. */
+ uint32_t fu32Direction;
+
+ /** Pointer to array of the GC physical addresses for these pages.
+ * It is assumed that the physical address of the locked resident guest page
+ * does not change. */
+ RTGCPHYS *paPages;
+
+ /** For single page requests. */
+ RTGCPHYS GCPhysSinglePage;
+
+} VBOXHGCMPARMPTR;
+
+
+/**
+ * Pages w/o bounce buffering.
+ */
+typedef struct VBOXHGCMPARMPAGES
+{
+ /** The buffer size. */
+ uint32_t cbData;
+ /** Start of buffer offset into the first page. */
+ uint32_t offFirstPage : 12;
+ /** VBOX_HGCM_F_PARM_XXX flags. */
+ uint32_t fFlags : 3;
+ /** Set if we've locked all the pages. */
+ uint32_t fLocked : 1;
+ /** Number of pages. */
+ uint32_t cPages : 16;
+ /**< Array of page locks followed by array of page pointers, the first page
+ * pointer is adjusted by offFirstPage. */
+ PPGMPAGEMAPLOCK paPgLocks;
+} VBOXHGCMPARMPAGES;
+
+/**
+ * Information about a guest HGCM parameter.
+ */
+typedef struct VBOXHGCMGUESTPARM
+{
+ /** The parameter type. */
+ HGCMFunctionParameterType enmType;
+
+ union
+ {
+ VBOXHGCMPARMVAL val;
+ VBOXHGCMPARMPTR ptr;
+ VBOXHGCMPARMPAGES Pages;
+ } u;
+
+} VBOXHGCMGUESTPARM;
+
+typedef struct VBOXHGCMCMD
+{
+ /** Active commands, list is protected by critsectHGCMCmdList. */
+ RTLISTNODE node;
+
+ /** The type of the command (VBOXHGCMCMDTYPE). */
+ uint8_t enmCmdType;
+
+ /** Whether the command was cancelled by the guest. */
+ bool fCancelled;
+
+ /** Set if allocated from the memory cache, clear if heap. */
+ bool fMemCache;
+
+ /** Whether the command was restored from saved state. */
+ bool fRestored : 1;
+ /** Whether this command has a no-bounce page list and needs to be restored
+ * from guest memory the old fashioned way. */
+ bool fRestoreFromGuestMem : 1;
+
+ /** Copy of VMMDevRequestHeader::fRequestor.
+ * @note Only valid if VBOXGSTINFO2_F_REQUESTOR_INFO is set in
+ * VMMDevState.guestInfo2.fFeatures. */
+ uint32_t fRequestor;
+
+ /** GC physical address of the guest request. */
+ RTGCPHYS GCPhys;
+
+ /** Request packet size. */
+ uint32_t cbRequest;
+
+ /** The type of the guest request. */
+ VMMDevRequestType enmRequestType;
+
+ /** Pointer to the locked request, NULL if not locked. */
+ void *pvReqLocked;
+ /** The PGM lock for GCPhys if pvReqLocked is not NULL. */
+ PGMPAGEMAPLOCK ReqMapLock;
+
+ /** The accounting index (into VMMDEVR3::aHgcmAcc). */
+ uint8_t idxHeapAcc;
+ uint8_t abPadding[3];
+ /** The heap cost of this command. */
+ uint32_t cbHeapCost;
+
+ /** The STAM_GET_TS() value when the request arrived. */
+ uint64_t tsArrival;
+ /** The STAM_GET_TS() value when the hgcmR3Completed() is called. */
+ uint64_t tsComplete;
+
+ union
+ {
+ struct
+ {
+ uint32_t u32ClientID;
+ HGCMServiceLocation *pLoc; /**< Allocated after this structure. */
+ } connect;
+
+ struct
+ {
+ uint32_t u32ClientID;
+ } disconnect;
+
+ struct
+ {
+ /* Number of elements in paGuestParms and paHostParms arrays. */
+ uint32_t cParms;
+
+ uint32_t u32ClientID;
+
+ uint32_t u32Function;
+
+ /** Pointer to information about guest parameters in case of a Call request.
+ * Follows this structure in the same memory block.
+ */
+ VBOXHGCMGUESTPARM *paGuestParms;
+
+ /** Pointer to converted host parameters in case of a Call request.
+ * Follows this structure in the same memory block.
+ */
+ VBOXHGCMSVCPARM *paHostParms;
+
+ /* VBOXHGCMGUESTPARM[] */
+ /* VBOXHGCMSVCPARM[] */
+ } call;
+ } u;
+} VBOXHGCMCMD;
+
+
+/**
+ * Version for the memory cache.
+ */
+typedef struct VBOXHGCMCMDCACHED
+{
+ VBOXHGCMCMD Core; /**< 120 */
+ VBOXHGCMGUESTPARM aGuestParms[6]; /**< 40 * 6 = 240 */
+ VBOXHGCMSVCPARM aHostParms[6]; /**< 24 * 6 = 144 */
+} VBOXHGCMCMDCACHED; /**< 120+240+144 = 504 */
+AssertCompile(sizeof(VBOXHGCMCMD) <= 120);
+AssertCompile(sizeof(VBOXHGCMGUESTPARM) <= 40);
+AssertCompile(sizeof(VBOXHGCMSVCPARM) <= 24);
+AssertCompile(sizeof(VBOXHGCMCMDCACHED) <= 512);
+AssertCompile(sizeof(VBOXHGCMCMDCACHED) > sizeof(VBOXHGCMCMD) + sizeof(HGCMServiceLocation));
+
+
+/*********************************************************************************************************************************
+* Internal Functions *
+*********************************************************************************************************************************/
+DECLINLINE(void *) vmmdevR3HgcmCallMemAllocZ(PVMMDEVCC pThisCC, PVBOXHGCMCMD pCmd, size_t cbRequested);
+
+
+
+DECLINLINE(int) vmmdevR3HgcmCmdListLock(PVMMDEVCC pThisCC)
+{
+ int rc = RTCritSectEnter(&pThisCC->critsectHGCMCmdList);
+ AssertRC(rc);
+ return rc;
+}
+
+DECLINLINE(void) vmmdevR3HgcmCmdListUnlock(PVMMDEVCC pThisCC)
+{
+ int rc = RTCritSectLeave(&pThisCC->critsectHGCMCmdList);
+ AssertRC(rc);
+}
+
+/** Allocate and initialize VBOXHGCMCMD structure for HGCM request.
+ *
+ * @returns Pointer to the command on success, NULL otherwise.
+ * @param pThisCC The VMMDev ring-3 instance data.
+ * @param enmCmdType Type of the command.
+ * @param GCPhys The guest physical address of the HGCM request.
+ * @param cbRequest The size of the HGCM request.
+ * @param cParms Number of HGCM parameters for VBOXHGCMCMDTYPE_CALL command.
+ * @param fRequestor The VMMDevRequestHeader::fRequestor value.
+ */
+static PVBOXHGCMCMD vmmdevR3HgcmCmdAlloc(PVMMDEVCC pThisCC, VBOXHGCMCMDTYPE enmCmdType, RTGCPHYS GCPhys,
+ uint32_t cbRequest, uint32_t cParms, uint32_t fRequestor)
+{
+ /*
+ * Pick the heap accounting category.
+ *
+ * Initial idea was to just use what VMMDEV_REQUESTOR_USR_MASK yields directly,
+ * but there are so many unused categories then (DRV, RESERVED1, GUEST). Better
+ * to have fewer and more heap available in each.
+ */
+ uintptr_t idxHeapAcc;
+ if (fRequestor != VMMDEV_REQUESTOR_LEGACY)
+ switch (fRequestor & VMMDEV_REQUESTOR_USR_MASK)
+ {
+ case VMMDEV_REQUESTOR_USR_NOT_GIVEN:
+ case VMMDEV_REQUESTOR_USR_DRV:
+ case VMMDEV_REQUESTOR_USR_DRV_OTHER:
+ idxHeapAcc = VMMDEV_HGCM_CATEGORY_KERNEL;
+ break;
+ case VMMDEV_REQUESTOR_USR_ROOT:
+ case VMMDEV_REQUESTOR_USR_SYSTEM:
+ idxHeapAcc = VMMDEV_HGCM_CATEGORY_ROOT;
+ break;
+ default:
+ AssertFailed(); RT_FALL_THRU();
+ case VMMDEV_REQUESTOR_USR_RESERVED1:
+ case VMMDEV_REQUESTOR_USR_USER:
+ case VMMDEV_REQUESTOR_USR_GUEST:
+ idxHeapAcc = VMMDEV_HGCM_CATEGORY_USER;
+ break;
+ }
+ else
+ idxHeapAcc = VMMDEV_HGCM_CATEGORY_KERNEL;
+
+#if 1
+ /*
+ * Try use the cache.
+ */
+ VBOXHGCMCMDCACHED *pCmdCached;
+ AssertCompile(sizeof(*pCmdCached) >= sizeof(VBOXHGCMCMD) + sizeof(HGCMServiceLocation));
+ if (cParms <= RT_ELEMENTS(pCmdCached->aGuestParms))
+ {
+ if (sizeof(*pCmdCached) <= pThisCC->aHgcmAcc[idxHeapAcc].cbHeapBudget)
+ {
+ int rc = RTMemCacheAllocEx(pThisCC->hHgcmCmdCache, (void **)&pCmdCached);
+ if (RT_SUCCESS(rc))
+ {
+ RT_ZERO(*pCmdCached);
+ pCmdCached->Core.fMemCache = true;
+ pCmdCached->Core.GCPhys = GCPhys;
+ pCmdCached->Core.cbRequest = cbRequest;
+ pCmdCached->Core.enmCmdType = enmCmdType;
+ pCmdCached->Core.fRequestor = fRequestor;
+ pCmdCached->Core.idxHeapAcc = (uint8_t)idxHeapAcc;
+ pCmdCached->Core.cbHeapCost = sizeof(*pCmdCached);
+ Log5Func(("aHgcmAcc[%zu] %#RX64 -= %#zx (%p)\n",
+ idxHeapAcc, pThisCC->aHgcmAcc[idxHeapAcc].cbHeapBudget, sizeof(*pCmdCached), &pCmdCached->Core));
+ pThisCC->aHgcmAcc[idxHeapAcc].cbHeapBudget -= sizeof(*pCmdCached);
+
+ if (enmCmdType == VBOXHGCMCMDTYPE_CALL)
+ {
+ pCmdCached->Core.u.call.cParms = cParms;
+ pCmdCached->Core.u.call.paGuestParms = pCmdCached->aGuestParms;
+ pCmdCached->Core.u.call.paHostParms = pCmdCached->aHostParms;
+ }
+ else if (enmCmdType == VBOXHGCMCMDTYPE_CONNECT)
+ pCmdCached->Core.u.connect.pLoc = (HGCMServiceLocation *)(&pCmdCached->Core + 1);
+
+ Assert(!pCmdCached->Core.pvReqLocked);
+
+ Log3Func(("returns %p (enmCmdType=%d GCPhys=%RGp)\n", &pCmdCached->Core, enmCmdType, GCPhys));
+ return &pCmdCached->Core;
+ }
+ }
+ else
+ LogFunc(("Heap budget overrun: sizeof(*pCmdCached)=%#zx aHgcmAcc[%zu].cbHeapBudget=%#RX64 - enmCmdType=%d\n",
+ sizeof(*pCmdCached), idxHeapAcc, pThisCC->aHgcmAcc[idxHeapAcc].cbHeapBudget, enmCmdType));
+ STAM_REL_COUNTER_INC(&pThisCC->aHgcmAcc[idxHeapAcc].StatBudgetOverruns);
+ return NULL;
+ }
+ STAM_REL_COUNTER_INC(&pThisCC->StatHgcmLargeCmdAllocs);
+
+#else
+ RT_NOREF(pThisCC);
+#endif
+
+ /* Size of required memory buffer. */
+ const uint32_t cbCmd = sizeof(VBOXHGCMCMD) + cParms * (sizeof(VBOXHGCMGUESTPARM) + sizeof(VBOXHGCMSVCPARM))
+ + (enmCmdType == VBOXHGCMCMDTYPE_CONNECT ? sizeof(HGCMServiceLocation) : 0);
+ if (cbCmd <= pThisCC->aHgcmAcc[idxHeapAcc].cbHeapBudget)
+ {
+ PVBOXHGCMCMD pCmd = (PVBOXHGCMCMD)RTMemAllocZ(cbCmd);
+ if (pCmd)
+ {
+ pCmd->enmCmdType = enmCmdType;
+ pCmd->GCPhys = GCPhys;
+ pCmd->cbRequest = cbRequest;
+ pCmd->fRequestor = fRequestor;
+ pCmd->idxHeapAcc = (uint8_t)idxHeapAcc;
+ pCmd->cbHeapCost = cbCmd;
+ Log5Func(("aHgcmAcc[%zu] %#RX64 -= %#x (%p)\n", idxHeapAcc, pThisCC->aHgcmAcc[idxHeapAcc].cbHeapBudget, cbCmd, pCmd));
+ pThisCC->aHgcmAcc[idxHeapAcc].cbHeapBudget -= cbCmd;
+
+ if (enmCmdType == VBOXHGCMCMDTYPE_CALL)
+ {
+ pCmd->u.call.cParms = cParms;
+ if (cParms)
+ {
+ pCmd->u.call.paGuestParms = (VBOXHGCMGUESTPARM *)((uint8_t *)pCmd
+ + sizeof(struct VBOXHGCMCMD));
+ pCmd->u.call.paHostParms = (VBOXHGCMSVCPARM *)((uint8_t *)pCmd->u.call.paGuestParms
+ + cParms * sizeof(VBOXHGCMGUESTPARM));
+ }
+ }
+ else if (enmCmdType == VBOXHGCMCMDTYPE_CONNECT)
+ pCmd->u.connect.pLoc = (HGCMServiceLocation *)(pCmd + 1);
+ }
+ Log3Func(("returns %p (enmCmdType=%d GCPhys=%RGp cbCmd=%#x)\n", pCmd, enmCmdType, GCPhys, cbCmd));
+ return pCmd;
+ }
+ STAM_REL_COUNTER_INC(&pThisCC->aHgcmAcc[idxHeapAcc].StatBudgetOverruns);
+ LogFunc(("Heap budget overrun: cbCmd=%#x aHgcmAcc[%zu].cbHeapBudget=%#RX64 - enmCmdType=%d\n",
+ cbCmd, idxHeapAcc, pThisCC->aHgcmAcc[idxHeapAcc].cbHeapBudget, enmCmdType));
+ return NULL;
+}
+
+/** Deallocate VBOXHGCMCMD memory.
+ *
+ * @param pDevIns The device instance.
+ * @param pThis The VMMDev shared instance data.
+ * @param pThisCC The VMMDev ring-3 instance data.
+ * @param pCmd Command to deallocate.
+ */
+static void vmmdevR3HgcmCmdFree(PPDMDEVINS pDevIns, PVMMDEV pThis, PVMMDEVCC pThisCC, PVBOXHGCMCMD pCmd)
+{
+ if (pCmd)
+ {
+ Assert( pCmd->enmCmdType == VBOXHGCMCMDTYPE_CALL
+ || pCmd->enmCmdType == VBOXHGCMCMDTYPE_CONNECT
+ || pCmd->enmCmdType == VBOXHGCMCMDTYPE_DISCONNECT
+ || pCmd->enmCmdType == VBOXHGCMCMDTYPE_LOADSTATE);
+ if (pCmd->enmCmdType == VBOXHGCMCMDTYPE_CALL)
+ {
+ uint32_t i;
+ for (i = 0; i < pCmd->u.call.cParms; ++i)
+ {
+ VBOXHGCMSVCPARM * const pHostParm = &pCmd->u.call.paHostParms[i];
+ VBOXHGCMGUESTPARM * const pGuestParm = &pCmd->u.call.paGuestParms[i];
+
+ if ( pGuestParm->enmType == VMMDevHGCMParmType_LinAddr_In
+ || pGuestParm->enmType == VMMDevHGCMParmType_LinAddr_Out
+ || pGuestParm->enmType == VMMDevHGCMParmType_LinAddr
+ || pGuestParm->enmType == VMMDevHGCMParmType_PageList
+ || pGuestParm->enmType == VMMDevHGCMParmType_ContiguousPageList)
+ {
+ Assert(pHostParm->type == VBOX_HGCM_SVC_PARM_PTR);
+ if (pGuestParm->u.ptr.paPages != &pGuestParm->u.ptr.GCPhysSinglePage)
+ RTMemFree(pGuestParm->u.ptr.paPages);
+ RTMemFreeZ(pHostParm->u.pointer.addr, pGuestParm->u.ptr.cbData);
+ }
+ else if (pGuestParm->enmType == VMMDevHGCMParmType_Embedded)
+ {
+ Assert(pHostParm->type == VBOX_HGCM_SVC_PARM_PTR);
+ RTMemFreeZ(pHostParm->u.pointer.addr, pGuestParm->u.ptr.cbData);
+ }
+ else if (pGuestParm->enmType == VMMDevHGCMParmType_NoBouncePageList)
+ {
+ Assert(pHostParm->type == VBOX_HGCM_SVC_PARM_PAGES);
+ if (pGuestParm->u.Pages.paPgLocks)
+ {
+ if (pGuestParm->u.Pages.fLocked)
+ PDMDevHlpPhysBulkReleasePageMappingLocks(pDevIns, pGuestParm->u.Pages.cPages,
+ pGuestParm->u.Pages.paPgLocks);
+ RTMemFree(pGuestParm->u.Pages.paPgLocks);
+ pGuestParm->u.Pages.paPgLocks = NULL;
+ }
+ }
+ else
+ Assert(pHostParm->type != VBOX_HGCM_SVC_PARM_PTR && pHostParm->type != VBOX_HGCM_SVC_PARM_PAGES);
+ }
+ }
+
+ if (pCmd->pvReqLocked)
+ {
+ PDMDevHlpPhysReleasePageMappingLock(pDevIns, &pCmd->ReqMapLock);
+ pCmd->pvReqLocked = NULL;
+ }
+
+ pCmd->enmCmdType = UINT8_MAX; /* poison */
+
+ /* Update heap budget. Need the critsect to do this safely. */
+ Assert(pCmd->cbHeapCost != 0);
+ uintptr_t idx = pCmd->idxHeapAcc;
+ AssertStmt(idx < RT_ELEMENTS(pThisCC->aHgcmAcc), idx %= RT_ELEMENTS(pThisCC->aHgcmAcc));
+
+ int const rcLock = PDMDevHlpCritSectEnter(pDevIns, &pThis->CritSect, VERR_IGNORED);
+ PDM_CRITSECT_RELEASE_ASSERT_RC_DEV(pDevIns, &pThis->CritSect, rcLock);
+
+ Log5Func(("aHgcmAcc[%zu] %#RX64 += %#x (%p)\n", idx, pThisCC->aHgcmAcc[idx].cbHeapBudget, pCmd->cbHeapCost, pCmd));
+ pThisCC->aHgcmAcc[idx].cbHeapBudget += pCmd->cbHeapCost;
+ AssertMsg(pThisCC->aHgcmAcc[idx].cbHeapBudget <= pThisCC->aHgcmAcc[idx].cbHeapBudgetConfig,
+ ("idx=%d (%d) fRequestor=%#x pCmd=%p: %#RX64 vs %#RX64 -> %#RX64\n", idx, pCmd->idxHeapAcc, pCmd->fRequestor, pCmd,
+ pThisCC->aHgcmAcc[idx].cbHeapBudget, pThisCC->aHgcmAcc[idx].cbHeapBudgetConfig,
+ pThisCC->aHgcmAcc[idx].cbHeapBudget - pThisCC->aHgcmAcc[idx].cbHeapBudgetConfig));
+ pCmd->cbHeapCost = 0;
+
+#if 1
+ if (pCmd->fMemCache)
+ {
+ RTMemCacheFree(pThisCC->hHgcmCmdCache, pCmd);
+ PDMDevHlpCritSectLeave(pDevIns, &pThis->CritSect); /* releasing it after just to be on the safe side. */
+ }
+ else
+#endif
+ {
+ PDMDevHlpCritSectLeave(pDevIns, &pThis->CritSect);
+ RTMemFree(pCmd);
+ }
+ }
+}
+
+/** Add VBOXHGCMCMD to the list of pending commands.
+ *
+ * @returns VBox status code.
+ * @param pDevIns The device instance.
+ * @param pThis The VMMDev shared instance data.
+ * @param pThisCC The VMMDev ring-3 instance data.
+ * @param pCmd Command to add.
+ */
+static int vmmdevR3HgcmAddCommand(PPDMDEVINS pDevIns, PVMMDEV pThis, PVMMDEVCC pThisCC, PVBOXHGCMCMD pCmd)
+{
+ int rc = vmmdevR3HgcmCmdListLock(pThisCC);
+ AssertRCReturn(rc, rc);
+
+ LogFlowFunc(("%p type %d\n", pCmd, pCmd->enmCmdType));
+
+ RTListPrepend(&pThisCC->listHGCMCmd, &pCmd->node);
+
+ /* stats */
+ uintptr_t idx = pCmd->idxHeapAcc;
+ AssertStmt(idx < RT_ELEMENTS(pThisCC->aHgcmAcc), idx %= RT_ELEMENTS(pThisCC->aHgcmAcc));
+ STAM_REL_PROFILE_ADD_PERIOD(&pThisCC->aHgcmAcc[idx].StateMsgHeapUsage, pCmd->cbHeapCost);
+
+ /* Automatically enable HGCM events, if there are HGCM commands. */
+ if ( pCmd->enmCmdType == VBOXHGCMCMDTYPE_CONNECT
+ || pCmd->enmCmdType == VBOXHGCMCMDTYPE_DISCONNECT
+ || pCmd->enmCmdType == VBOXHGCMCMDTYPE_CALL)
+ {
+ LogFunc(("u32HGCMEnabled = %d\n", pThisCC->u32HGCMEnabled));
+ if (ASMAtomicCmpXchgU32(&pThisCC->u32HGCMEnabled, 1, 0))
+ VMMDevCtlSetGuestFilterMask(pDevIns, pThis, pThisCC, VMMDEV_EVENT_HGCM, 0);
+ }
+
+ vmmdevR3HgcmCmdListUnlock(pThisCC);
+ return rc;
+}
+
+/** Remove VBOXHGCMCMD from the list of pending commands.
+ *
+ * @returns VBox status code.
+ * @param pThisCC The VMMDev ring-3 instance data.
+ * @param pCmd Command to remove.
+ */
+static int vmmdevR3HgcmRemoveCommand(PVMMDEVCC pThisCC, PVBOXHGCMCMD pCmd)
+{
+ int rc = vmmdevR3HgcmCmdListLock(pThisCC);
+ AssertRCReturn(rc, rc);
+
+ LogFlowFunc(("%p\n", pCmd));
+
+ RTListNodeRemove(&pCmd->node);
+
+ vmmdevR3HgcmCmdListUnlock(pThisCC);
+ return rc;
+}
+
+/**
+ * Find a HGCM command by its physical address.
+ *
+ * The caller is responsible for taking the command list lock before calling
+ * this function.
+ *
+ * @returns Pointer to the command on success, NULL otherwise.
+ * @param pThisCC The VMMDev ring-3 instance data.
+ * @param GCPhys The physical address of the command we're looking for.
+ */
+DECLINLINE(PVBOXHGCMCMD) vmmdevR3HgcmFindCommandLocked(PVMMDEVCC pThisCC, RTGCPHYS GCPhys)
+{
+ PVBOXHGCMCMD pCmd;
+ RTListForEach(&pThisCC->listHGCMCmd, pCmd, VBOXHGCMCMD, node)
+ {
+ if (pCmd->GCPhys == GCPhys)
+ return pCmd;
+ }
+ return NULL;
+}
+
+/** Copy VMMDevHGCMConnect request data from the guest to VBOXHGCMCMD command.
+ *
+ * @param pHGCMConnect The source guest request (cached in host memory).
+ * @param pCmd Destination command.
+ */
+static void vmmdevR3HgcmConnectFetch(const VMMDevHGCMConnect *pHGCMConnect, PVBOXHGCMCMD pCmd)
+{
+ pCmd->enmRequestType = pHGCMConnect->header.header.requestType;
+ pCmd->u.connect.u32ClientID = pHGCMConnect->u32ClientID;
+ *pCmd->u.connect.pLoc = pHGCMConnect->loc;
+}
+
+/** Handle VMMDevHGCMConnect request.
+ *
+ * @param pDevIns The device instance.
+ * @param pThis The VMMDev shared instance data.
+ * @param pThisCC The VMMDev ring-3 instance data.
+ * @param pHGCMConnect The guest request (cached in host memory).
+ * @param GCPhys The physical address of the request.
+ */
+int vmmdevR3HgcmConnect(PPDMDEVINS pDevIns, PVMMDEV pThis, PVMMDEVCC pThisCC,
+ const VMMDevHGCMConnect *pHGCMConnect, RTGCPHYS GCPhys)
+{
+ int rc;
+ PVBOXHGCMCMD pCmd = vmmdevR3HgcmCmdAlloc(pThisCC, VBOXHGCMCMDTYPE_CONNECT, GCPhys, pHGCMConnect->header.header.size, 0,
+ pHGCMConnect->header.header.fRequestor);
+ if (pCmd)
+ {
+ vmmdevR3HgcmConnectFetch(pHGCMConnect, pCmd);
+
+ /* Only allow the guest to use existing services! */
+ ASSERT_GUEST(pHGCMConnect->loc.type == VMMDevHGCMLoc_LocalHost_Existing);
+ pCmd->u.connect.pLoc->type = VMMDevHGCMLoc_LocalHost_Existing;
+
+ vmmdevR3HgcmAddCommand(pDevIns, pThis, pThisCC, pCmd);
+ rc = pThisCC->pHGCMDrv->pfnConnect(pThisCC->pHGCMDrv, pCmd, pCmd->u.connect.pLoc, &pCmd->u.connect.u32ClientID);
+ if (RT_FAILURE(rc))
+ vmmdevR3HgcmRemoveCommand(pThisCC, pCmd);
+ }
+ else
+ rc = VERR_NO_MEMORY;
+
+ return rc;
+}
+
+/** Copy VMMDevHGCMDisconnect request data from the guest to VBOXHGCMCMD command.
+ *
+ * @param pHGCMDisconnect The source guest request (cached in host memory).
+ * @param pCmd Destination command.
+ */
+static void vmmdevR3HgcmDisconnectFetch(const VMMDevHGCMDisconnect *pHGCMDisconnect, PVBOXHGCMCMD pCmd)
+{
+ pCmd->enmRequestType = pHGCMDisconnect->header.header.requestType;
+ pCmd->u.disconnect.u32ClientID = pHGCMDisconnect->u32ClientID;
+}
+
+/** Handle VMMDevHGCMDisconnect request.
+ *
+ * @param pDevIns The device instance.
+ * @param pThis The VMMDev shared instance data.
+ * @param pThisCC The VMMDev ring-3 instance data.
+ * @param pHGCMDisconnect The guest request (cached in host memory).
+ * @param GCPhys The physical address of the request.
+ */
+int vmmdevR3HgcmDisconnect(PPDMDEVINS pDevIns, PVMMDEV pThis, PVMMDEVCC pThisCC,
+ const VMMDevHGCMDisconnect *pHGCMDisconnect, RTGCPHYS GCPhys)
+{
+ int rc;
+ PVBOXHGCMCMD pCmd = vmmdevR3HgcmCmdAlloc(pThisCC, VBOXHGCMCMDTYPE_DISCONNECT, GCPhys, pHGCMDisconnect->header.header.size, 0,
+ pHGCMDisconnect->header.header.fRequestor);
+ if (pCmd)
+ {
+ vmmdevR3HgcmDisconnectFetch(pHGCMDisconnect, pCmd);
+
+ vmmdevR3HgcmAddCommand(pDevIns, pThis, pThisCC, pCmd);
+ rc = pThisCC->pHGCMDrv->pfnDisconnect(pThisCC->pHGCMDrv, pCmd, pCmd->u.disconnect.u32ClientID);
+ if (RT_FAILURE(rc))
+ vmmdevR3HgcmRemoveCommand(pThisCC, pCmd);
+ }
+ else
+ rc = VERR_NO_MEMORY;
+
+ return rc;
+}
+
+/** Translate LinAddr parameter type to the direction of data transfer.
+ *
+ * @returns VBOX_HGCM_F_PARM_DIRECTION_* flags.
+ * @param enmType Type of the LinAddr parameter.
+ */
+static uint32_t vmmdevR3HgcmParmTypeToDirection(HGCMFunctionParameterType enmType)
+{
+ if (enmType == VMMDevHGCMParmType_LinAddr_In) return VBOX_HGCM_F_PARM_DIRECTION_TO_HOST;
+ if (enmType == VMMDevHGCMParmType_LinAddr_Out) return VBOX_HGCM_F_PARM_DIRECTION_FROM_HOST;
+ return VBOX_HGCM_F_PARM_DIRECTION_BOTH;
+}
+
+/** Check if list of pages in a HGCM pointer parameter corresponds to a contiguous buffer.
+ *
+ * @returns true if pages are contiguous, false otherwise.
+ * @param pPtr Information about a pointer HGCM parameter.
+ */
+DECLINLINE(bool) vmmdevR3HgcmGuestBufferIsContiguous(const VBOXHGCMPARMPTR *pPtr)
+{
+ if (pPtr->cPages == 1)
+ return true;
+ RTGCPHYS64 Phys = pPtr->paPages[0] + GUEST_PAGE_SIZE;
+ if (Phys != pPtr->paPages[1])
+ return false;
+ if (pPtr->cPages > 2)
+ {
+ uint32_t iPage = 2;
+ do
+ {
+ Phys += GUEST_PAGE_SIZE;
+ if (Phys != pPtr->paPages[iPage])
+ return false;
+ ++iPage;
+ } while (iPage < pPtr->cPages);
+ }
+ return true;
+}
+
+/** Copy data from guest memory to the host buffer.
+ *
+ * @returns VBox status code.
+ * @param pDevIns The device instance for PDMDevHlp.
+ * @param pvDst The destination host buffer.
+ * @param cbDst Size of the destination host buffer.
+ * @param pPtr Description of the source HGCM pointer parameter.
+ */
+static int vmmdevR3HgcmGuestBufferRead(PPDMDEVINSR3 pDevIns, void *pvDst, uint32_t cbDst, const VBOXHGCMPARMPTR *pPtr)
+{
+ /*
+ * Try detect contiguous buffers.
+ */
+ /** @todo We need a flag for indicating this. */
+ if (vmmdevR3HgcmGuestBufferIsContiguous(pPtr))
+ return PDMDevHlpPhysRead(pDevIns, pPtr->paPages[0] | pPtr->offFirstPage, pvDst, cbDst);
+
+ /*
+ * Page by page fallback.
+ */
+ uint8_t *pu8Dst = (uint8_t *)pvDst;
+ uint32_t offPage = pPtr->offFirstPage;
+ uint32_t cbRemaining = cbDst;
+
+ for (uint32_t iPage = 0; iPage < pPtr->cPages && cbRemaining > 0; ++iPage)
+ {
+ uint32_t cbToRead = GUEST_PAGE_SIZE - offPage;
+ if (cbToRead > cbRemaining)
+ cbToRead = cbRemaining;
+
+ /* Skip invalid pages. */
+ const RTGCPHYS GCPhys = pPtr->paPages[iPage];
+ if (GCPhys != NIL_RTGCPHYS)
+ {
+ int rc = PDMDevHlpPhysRead(pDevIns, GCPhys + offPage, pu8Dst, cbToRead);
+ AssertMsgReturn(RT_SUCCESS(rc), ("rc=%Rrc GCPhys=%RGp offPage=%#x cbToRead=%#x\n", rc, GCPhys, offPage, cbToRead), rc);
+ }
+
+ offPage = 0; /* A next page is read from 0 offset. */
+ cbRemaining -= cbToRead;
+ pu8Dst += cbToRead;
+ }
+
+ return VINF_SUCCESS;
+}
+
+/** Copy data from the host buffer to guest memory.
+ *
+ * @returns VBox status code.
+ * @param pDevIns The device instance for PDMDevHlp.
+ * @param pPtr Description of the destination HGCM pointer parameter.
+ * @param pvSrc The source host buffer.
+ * @param cbSrc Size of the source host buffer.
+ */
+static int vmmdevR3HgcmGuestBufferWrite(PPDMDEVINSR3 pDevIns, const VBOXHGCMPARMPTR *pPtr, const void *pvSrc, uint32_t cbSrc)
+{
+ int rc = VINF_SUCCESS;
+
+ uint8_t *pu8Src = (uint8_t *)pvSrc;
+ uint32_t offPage = pPtr->offFirstPage;
+ uint32_t cbRemaining = RT_MIN(cbSrc, pPtr->cbData);
+
+ uint32_t iPage;
+ for (iPage = 0; iPage < pPtr->cPages && cbRemaining > 0; ++iPage)
+ {
+ uint32_t cbToWrite = GUEST_PAGE_SIZE - offPage;
+ if (cbToWrite > cbRemaining)
+ cbToWrite = cbRemaining;
+
+ /* Skip invalid pages. */
+ const RTGCPHYS GCPhys = pPtr->paPages[iPage];
+ if (GCPhys != NIL_RTGCPHYS)
+ {
+ rc = PDMDevHlpPhysWrite(pDevIns, GCPhys + offPage, pu8Src, cbToWrite);
+ AssertRCBreak(rc);
+ }
+
+ offPage = 0; /* A next page is written at 0 offset. */
+ cbRemaining -= cbToWrite;
+ pu8Src += cbToWrite;
+ }
+
+ return rc;
+}
+
+/** Initializes pCmd->paHostParms from already initialized pCmd->paGuestParms.
+ * Allocates memory for pointer parameters and copies data from the guest.
+ *
+ * @returns VBox status code that the guest should see.
+ * @param pDevIns The device instance.
+ * @param pThisCC The VMMDev ring-3 instance data.
+ * @param pCmd Command structure where host parameters needs initialization.
+ * @param pbReq The request buffer.
+ */
+static int vmmdevR3HgcmInitHostParameters(PPDMDEVINS pDevIns, PVMMDEVCC pThisCC, PVBOXHGCMCMD pCmd, uint8_t const *pbReq)
+{
+ AssertReturn(pCmd->enmCmdType == VBOXHGCMCMDTYPE_CALL, VERR_INTERNAL_ERROR);
+
+ for (uint32_t i = 0; i < pCmd->u.call.cParms; ++i)
+ {
+ VBOXHGCMGUESTPARM * const pGuestParm = &pCmd->u.call.paGuestParms[i];
+ VBOXHGCMSVCPARM * const pHostParm = &pCmd->u.call.paHostParms[i];
+
+ switch (pGuestParm->enmType)
+ {
+ case VMMDevHGCMParmType_32bit:
+ {
+ pHostParm->type = VBOX_HGCM_SVC_PARM_32BIT;
+ pHostParm->u.uint32 = (uint32_t)pGuestParm->u.val.u64Value;
+
+ break;
+ }
+
+ case VMMDevHGCMParmType_64bit:
+ {
+ pHostParm->type = VBOX_HGCM_SVC_PARM_64BIT;
+ pHostParm->u.uint64 = pGuestParm->u.val.u64Value;
+
+ break;
+ }
+
+ case VMMDevHGCMParmType_PageList:
+ case VMMDevHGCMParmType_LinAddr_In:
+ case VMMDevHGCMParmType_LinAddr_Out:
+ case VMMDevHGCMParmType_LinAddr:
+ case VMMDevHGCMParmType_Embedded:
+ case VMMDevHGCMParmType_ContiguousPageList:
+ {
+ const uint32_t cbData = pGuestParm->u.ptr.cbData;
+
+ pHostParm->type = VBOX_HGCM_SVC_PARM_PTR;
+ pHostParm->u.pointer.size = cbData;
+
+ if (cbData)
+ {
+ /* Zero memory, the buffer content is potentially copied to the guest. */
+ void *pv = vmmdevR3HgcmCallMemAllocZ(pThisCC, pCmd, cbData);
+ AssertReturn(pv, VERR_NO_MEMORY);
+ pHostParm->u.pointer.addr = pv;
+
+ if (pGuestParm->u.ptr.fu32Direction & VBOX_HGCM_F_PARM_DIRECTION_TO_HOST)
+ {
+ if (pGuestParm->enmType != VMMDevHGCMParmType_Embedded)
+ {
+ if (pGuestParm->enmType != VMMDevHGCMParmType_ContiguousPageList)
+ {
+ int rc = vmmdevR3HgcmGuestBufferRead(pDevIns, pv, cbData, &pGuestParm->u.ptr);
+ ASSERT_GUEST_RETURN(RT_SUCCESS(rc), rc);
+ RT_UNTRUSTED_NONVOLATILE_COPY_FENCE();
+ }
+ else
+ {
+ int rc = PDMDevHlpPhysRead(pDevIns,
+ pGuestParm->u.ptr.paPages[0] | pGuestParm->u.ptr.offFirstPage,
+ pv, cbData);
+ ASSERT_GUEST_RETURN(RT_SUCCESS(rc), rc);
+ RT_UNTRUSTED_NONVOLATILE_COPY_FENCE();
+ }
+ }
+ else
+ {
+ memcpy(pv, &pbReq[pGuestParm->u.ptr.offFirstPage], cbData);
+ RT_UNTRUSTED_NONVOLATILE_COPY_FENCE();
+ }
+ }
+ }
+ else
+ {
+ pHostParm->u.pointer.addr = NULL;
+ }
+
+ break;
+ }
+
+ case VMMDevHGCMParmType_NoBouncePageList:
+ {
+ pHostParm->type = VBOX_HGCM_SVC_PARM_PAGES;
+ pHostParm->u.Pages.cb = pGuestParm->u.Pages.cbData;
+ pHostParm->u.Pages.cPages = pGuestParm->u.Pages.cPages;
+ pHostParm->u.Pages.papvPages = (void **)&pGuestParm->u.Pages.paPgLocks[pGuestParm->u.Pages.cPages];
+
+ break;
+ }
+
+ default:
+ ASSERT_GUEST_FAILED_RETURN(VERR_INVALID_PARAMETER);
+ }
+ }
+
+ return VINF_SUCCESS;
+}
+
+
+/** Allocate and initialize VBOXHGCMCMD structure for a HGCMCall request.
+ *
+ * @returns VBox status code that the guest should see.
+ * @param pThisCC The VMMDev ring-3 instance data.
+ * @param pHGCMCall The HGCMCall request (cached in host memory).
+ * @param cbHGCMCall Size of the request.
+ * @param GCPhys Guest physical address of the request.
+ * @param enmRequestType The request type. Distinguishes 64 and 32 bit calls.
+ * @param ppCmd Where to store pointer to allocated command.
+ * @param pcbHGCMParmStruct Where to store size of used HGCM parameter structure.
+ */
+static int vmmdevR3HgcmCallAlloc(PVMMDEVCC pThisCC, const VMMDevHGCMCall *pHGCMCall, uint32_t cbHGCMCall, RTGCPHYS GCPhys,
+ VMMDevRequestType enmRequestType, PVBOXHGCMCMD *ppCmd, uint32_t *pcbHGCMParmStruct)
+{
+#ifdef VBOX_WITH_64_BITS_GUESTS
+ const uint32_t cbHGCMParmStruct = enmRequestType == VMMDevReq_HGCMCall64 ? sizeof(HGCMFunctionParameter64)
+ : sizeof(HGCMFunctionParameter32);
+#else
+ const uint32_t cbHGCMParmStruct = sizeof(HGCMFunctionParameter);
+#endif
+
+ const uint32_t cParms = pHGCMCall->cParms;
+
+ /* Whether there is enough space for parameters and sane upper limit. */
+ ASSERT_GUEST_STMT_RETURN( cParms <= (cbHGCMCall - sizeof(VMMDevHGCMCall)) / cbHGCMParmStruct
+ && cParms <= VMMDEV_MAX_HGCM_PARMS,
+ LogRelMax(50, ("VMMDev: request packet with invalid number of HGCM parameters: %d vs %d. Refusing operation.\n",
+ (cbHGCMCall - sizeof(VMMDevHGCMCall)) / cbHGCMParmStruct, cParms)),
+ VERR_INVALID_PARAMETER);
+ RT_UNTRUSTED_VALIDATED_FENCE();
+
+ PVBOXHGCMCMD pCmd = vmmdevR3HgcmCmdAlloc(pThisCC, VBOXHGCMCMDTYPE_CALL, GCPhys, cbHGCMCall, cParms,
+ pHGCMCall->header.header.fRequestor);
+ if (pCmd == NULL)
+ return VERR_NO_MEMORY;
+
+ /* Request type has been validated in vmmdevReqDispatcher. */
+ pCmd->enmRequestType = enmRequestType;
+ pCmd->u.call.u32ClientID = pHGCMCall->u32ClientID;
+ pCmd->u.call.u32Function = pHGCMCall->u32Function;
+
+ *ppCmd = pCmd;
+ *pcbHGCMParmStruct = cbHGCMParmStruct;
+ return VINF_SUCCESS;
+}
+
+/**
+ * Heap budget wrapper around RTMemAlloc and RTMemAllocZ.
+ */
+static void *vmmdevR3HgcmCallMemAllocEx(PVMMDEVCC pThisCC, PVBOXHGCMCMD pCmd, size_t cbRequested, bool fZero)
+{
+ uintptr_t idx = pCmd->idxHeapAcc;
+ AssertStmt(idx < RT_ELEMENTS(pThisCC->aHgcmAcc), idx %= RT_ELEMENTS(pThisCC->aHgcmAcc));
+
+ /* Check against max heap costs for this request. */
+ Assert(pCmd->cbHeapCost <= VMMDEV_MAX_HGCM_DATA_SIZE);
+ if (cbRequested <= VMMDEV_MAX_HGCM_DATA_SIZE - pCmd->cbHeapCost)
+ {
+ /* Check heap budget (we're under lock). */
+ if (cbRequested <= pThisCC->aHgcmAcc[idx].cbHeapBudget)
+ {
+ /* Do the actual allocation. */
+ void *pv = fZero ? RTMemAllocZ(cbRequested) : RTMemAlloc(cbRequested);
+ if (pv)
+ {
+ /* Update the request cost and heap budget. */
+ Log5Func(("aHgcmAcc[%zu] %#RX64 += %#x (%p)\n", idx, pThisCC->aHgcmAcc[idx].cbHeapBudget, cbRequested, pCmd));
+ pThisCC->aHgcmAcc[idx].cbHeapBudget -= cbRequested;
+ pCmd->cbHeapCost += (uint32_t)cbRequested;
+ return pv;
+ }
+ LogFunc(("Heap alloc failed: cbRequested=%#zx - enmCmdType=%d\n", cbRequested, pCmd->enmCmdType));
+ }
+ else
+ LogFunc(("Heap budget overrun: cbRequested=%#zx cbHeapCost=%#x aHgcmAcc[%u].cbHeapBudget=%#RX64 - enmCmdType=%d\n",
+ cbRequested, pCmd->cbHeapCost, pCmd->idxHeapAcc, pThisCC->aHgcmAcc[idx].cbHeapBudget, pCmd->enmCmdType));
+ }
+ else
+ LogFunc(("Request too big: cbRequested=%#zx cbHeapCost=%#x - enmCmdType=%d\n",
+ cbRequested, pCmd->cbHeapCost, pCmd->enmCmdType));
+ STAM_REL_COUNTER_INC(&pThisCC->aHgcmAcc[idx].StatBudgetOverruns);
+ return NULL;
+}
+
+/**
+ * Heap budget wrapper around RTMemAlloc.
+ */
+DECLINLINE(void *) vmmdevR3HgcmCallMemAlloc(PVMMDEVCC pThisCC, PVBOXHGCMCMD pCmd, size_t cbRequested)
+{
+ return vmmdevR3HgcmCallMemAllocEx(pThisCC, pCmd, cbRequested, false /*fZero*/);
+}
+
+/**
+ * Heap budget wrapper around RTMemAllocZ.
+ */
+DECLINLINE(void *) vmmdevR3HgcmCallMemAllocZ(PVMMDEVCC pThisCC, PVBOXHGCMCMD pCmd, size_t cbRequested)
+{
+ return vmmdevR3HgcmCallMemAllocEx(pThisCC, pCmd, cbRequested, true /*fZero*/);
+}
+
+/** Copy VMMDevHGCMCall request data from the guest to VBOXHGCMCMD command.
+ *
+ * @returns VBox status code that the guest should see.
+ * @param pDevIns The device instance.
+ * @param pThisCC The VMMDev ring-3 instance data.
+ * @param pCmd The destination command.
+ * @param pHGCMCall The HGCMCall request (cached in host memory).
+ * @param cbHGCMCall Size of the request.
+ * @param enmRequestType The request type. Distinguishes 64 and 32 bit calls.
+ * @param cbHGCMParmStruct Size of used HGCM parameter structure.
+ */
+static int vmmdevR3HgcmCallFetchGuestParms(PPDMDEVINS pDevIns, PVMMDEVCC pThisCC, PVBOXHGCMCMD pCmd,
+ const VMMDevHGCMCall *pHGCMCall, uint32_t cbHGCMCall,
+ VMMDevRequestType enmRequestType, uint32_t cbHGCMParmStruct)
+{
+ /*
+ * Go over all guest parameters and initialize relevant VBOXHGCMCMD fields.
+ * VBOXHGCMCMD must contain all information about the request,
+ * the request will be not read from the guest memory again.
+ */
+#ifdef VBOX_WITH_64_BITS_GUESTS
+ const bool f64Bits = (enmRequestType == VMMDevReq_HGCMCall64);
+#endif
+
+ const uint32_t cParms = pCmd->u.call.cParms;
+
+ /* Offsets in the request buffer to HGCM parameters and additional data. */
+ const uint32_t offHGCMParms = sizeof(VMMDevHGCMCall);
+ const uint32_t offExtra = offHGCMParms + cParms * cbHGCMParmStruct;
+
+ /* Pointer to the next HGCM parameter of the request. */
+ const uint8_t *pu8HGCMParm = (uint8_t *)pHGCMCall + offHGCMParms;
+
+ for (uint32_t i = 0; i < cParms; ++i, pu8HGCMParm += cbHGCMParmStruct)
+ {
+ VBOXHGCMGUESTPARM * const pGuestParm = &pCmd->u.call.paGuestParms[i];
+
+#ifdef VBOX_WITH_64_BITS_GUESTS
+ AssertCompileMembersSameSizeAndOffset(HGCMFunctionParameter64, type, HGCMFunctionParameter32, type);
+ pGuestParm->enmType = ((HGCMFunctionParameter64 *)pu8HGCMParm)->type;
+#else
+ pGuestParm->enmType = ((HGCMFunctionParameter *)pu8HGCMParm)->type;
+#endif
+
+ switch (pGuestParm->enmType)
+ {
+ case VMMDevHGCMParmType_32bit:
+ {
+#ifdef VBOX_WITH_64_BITS_GUESTS
+ AssertCompileMembersSameSizeAndOffset(HGCMFunctionParameter64, u.value32, HGCMFunctionParameter32, u.value32);
+ uint32_t *pu32 = &((HGCMFunctionParameter64 *)pu8HGCMParm)->u.value32;
+#else
+ uint32_t *pu32 = &((HGCMFunctionParameter *)pu8HGCMParm)->u.value32;
+#endif
+ LogFunc(("uint32 guest parameter %RI32\n", *pu32));
+
+ pGuestParm->u.val.u64Value = *pu32;
+ pGuestParm->u.val.offValue = (uint32_t)((uintptr_t)pu32 - (uintptr_t)pHGCMCall);
+ pGuestParm->u.val.cbValue = sizeof(uint32_t);
+
+ break;
+ }
+
+ case VMMDevHGCMParmType_64bit:
+ {
+#ifdef VBOX_WITH_64_BITS_GUESTS
+ AssertCompileMembersSameSizeAndOffset(HGCMFunctionParameter64, u.value64, HGCMFunctionParameter32, u.value64);
+ uint64_t *pu64 = (uint64_t *)(uintptr_t)&((HGCMFunctionParameter64 *)pu8HGCMParm)->u.value64; /* MSC detect misalignment, thus casts. */
+#else
+ uint64_t *pu64 = &((HGCMFunctionParameter *)pu8HGCMParm)->u.value64;
+#endif
+ LogFunc(("uint64 guest parameter %RI64\n", *pu64));
+
+ pGuestParm->u.val.u64Value = *pu64;
+ pGuestParm->u.val.offValue = (uint32_t)((uintptr_t)pu64 - (uintptr_t)pHGCMCall);
+ pGuestParm->u.val.cbValue = sizeof(uint64_t);
+
+ break;
+ }
+
+ case VMMDevHGCMParmType_LinAddr_In: /* In (read) */
+ case VMMDevHGCMParmType_LinAddr_Out: /* Out (write) */
+ case VMMDevHGCMParmType_LinAddr: /* In & Out */
+ {
+#ifdef VBOX_WITH_64_BITS_GUESTS
+ uint32_t cbData = f64Bits ? ((HGCMFunctionParameter64 *)pu8HGCMParm)->u.Pointer.size
+ : ((HGCMFunctionParameter32 *)pu8HGCMParm)->u.Pointer.size;
+ RTGCPTR GCPtr = f64Bits ? ((HGCMFunctionParameter64 *)pu8HGCMParm)->u.Pointer.u.linearAddr
+ : ((HGCMFunctionParameter32 *)pu8HGCMParm)->u.Pointer.u.linearAddr;
+#else
+ uint32_t cbData = ((HGCMFunctionParameter *)pu8HGCMParm)->u.Pointer.size;
+ RTGCPTR GCPtr = ((HGCMFunctionParameter *)pu8HGCMParm)->u.Pointer.u.linearAddr;
+#endif
+ LogFunc(("LinAddr guest parameter %RGv, cb %u\n", GCPtr, cbData));
+
+ ASSERT_GUEST_RETURN(cbData <= VMMDEV_MAX_HGCM_DATA_SIZE, VERR_INVALID_PARAMETER);
+
+ const uint32_t offFirstPage = cbData > 0 ? GCPtr & GUEST_PAGE_OFFSET_MASK : 0;
+ const uint32_t cPages = cbData > 0 ? (offFirstPage + cbData + GUEST_PAGE_SIZE - 1) / GUEST_PAGE_SIZE : 0;
+
+ pGuestParm->u.ptr.cbData = cbData;
+ pGuestParm->u.ptr.offFirstPage = offFirstPage;
+ pGuestParm->u.ptr.cPages = cPages;
+ pGuestParm->u.ptr.fu32Direction = vmmdevR3HgcmParmTypeToDirection(pGuestParm->enmType);
+
+ if (cbData > 0)
+ {
+ if (cPages == 1)
+ pGuestParm->u.ptr.paPages = &pGuestParm->u.ptr.GCPhysSinglePage;
+ else
+ {
+ /* (Max 262144 bytes with current limits.) */
+ pGuestParm->u.ptr.paPages = (RTGCPHYS *)vmmdevR3HgcmCallMemAlloc(pThisCC, pCmd,
+ cPages * sizeof(RTGCPHYS));
+ AssertReturn(pGuestParm->u.ptr.paPages, VERR_NO_MEMORY);
+ }
+
+ /* Gonvert the guest linear pointers of pages to physical addresses. */
+ GCPtr &= ~(RTGCPTR)GUEST_PAGE_OFFSET_MASK;
+ for (uint32_t iPage = 0; iPage < cPages; ++iPage)
+ {
+ /* The guest might specify invalid GCPtr, just skip such addresses.
+ * Also if the guest parameters are fetched when restoring an old saved state,
+ * then GCPtr may become invalid and do not have a corresponding GCPhys.
+ * The command restoration routine will take care of this.
+ */
+ RTGCPHYS GCPhys;
+ int rc2 = PDMDevHlpPhysGCPtr2GCPhys(pDevIns, GCPtr, &GCPhys);
+ if (RT_FAILURE(rc2))
+ GCPhys = NIL_RTGCPHYS;
+ LogFunc(("Page %d: %RGv -> %RGp. %Rrc\n", iPage, GCPtr, GCPhys, rc2));
+
+ pGuestParm->u.ptr.paPages[iPage] = GCPhys;
+ GCPtr += GUEST_PAGE_SIZE;
+ }
+ }
+
+ break;
+ }
+
+ case VMMDevHGCMParmType_PageList:
+ case VMMDevHGCMParmType_ContiguousPageList:
+ case VMMDevHGCMParmType_NoBouncePageList:
+ {
+#ifdef VBOX_WITH_64_BITS_GUESTS
+ AssertCompileMembersSameSizeAndOffset(HGCMFunctionParameter64, u.PageList.size, HGCMFunctionParameter32, u.PageList.size);
+ AssertCompileMembersSameSizeAndOffset(HGCMFunctionParameter64, u.PageList.offset, HGCMFunctionParameter32, u.PageList.offset);
+ uint32_t cbData = ((HGCMFunctionParameter64 *)pu8HGCMParm)->u.PageList.size;
+ uint32_t offPageListInfo = ((HGCMFunctionParameter64 *)pu8HGCMParm)->u.PageList.offset;
+#else
+ uint32_t cbData = ((HGCMFunctionParameter *)pu8HGCMParm)->u.PageList.size;
+ uint32_t offPageListInfo = ((HGCMFunctionParameter *)pu8HGCMParm)->u.PageList.offset;
+#endif
+ LogFunc(("PageList guest parameter cb %u, offset %u\n", cbData, offPageListInfo));
+
+ ASSERT_GUEST_RETURN(cbData <= VMMDEV_MAX_HGCM_DATA_SIZE, VERR_INVALID_PARAMETER);
+
+/** @todo respect zero byte page lists... */
+ /* Check that the page list info is within the request. */
+ ASSERT_GUEST_RETURN( offPageListInfo >= offExtra
+ && cbHGCMCall >= sizeof(HGCMPageListInfo)
+ && offPageListInfo <= cbHGCMCall - sizeof(HGCMPageListInfo),
+ VERR_INVALID_PARAMETER);
+ RT_UNTRUSTED_VALIDATED_FENCE();
+
+ /* The HGCMPageListInfo structure is within the request. */
+ const HGCMPageListInfo *pPageListInfo = (HGCMPageListInfo *)((uint8_t *)pHGCMCall + offPageListInfo);
+
+ /* Enough space for page pointers? */
+ const uint32_t cMaxPages = 1 + (cbHGCMCall - offPageListInfo - sizeof(HGCMPageListInfo)) / sizeof(RTGCPHYS);
+ ASSERT_GUEST_RETURN( pPageListInfo->cPages > 0
+ && pPageListInfo->cPages <= cMaxPages,
+ VERR_INVALID_PARAMETER);
+
+ /* Flags. */
+ ASSERT_GUEST_MSG_RETURN(VBOX_HGCM_F_PARM_ARE_VALID(pPageListInfo->flags),
+ ("%#x\n", pPageListInfo->flags), VERR_INVALID_FLAGS);
+ /* First page offset. */
+ ASSERT_GUEST_MSG_RETURN(pPageListInfo->offFirstPage < GUEST_PAGE_SIZE,
+ ("%#x\n", pPageListInfo->offFirstPage), VERR_INVALID_PARAMETER);
+
+ /* Contiguous page lists only ever have a single page and
+ no-bounce page list requires cPages to match the size exactly.
+ Plain page list does not impose any restrictions on cPages currently. */
+ ASSERT_GUEST_MSG_RETURN( pPageListInfo->cPages
+ == (pGuestParm->enmType == VMMDevHGCMParmType_ContiguousPageList ? 1
+ : RT_ALIGN_32(pPageListInfo->offFirstPage + cbData, GUEST_PAGE_SIZE)
+ >> GUEST_PAGE_SHIFT)
+ || pGuestParm->enmType == VMMDevHGCMParmType_PageList,
+ ("offFirstPage=%#x cbData=%#x cPages=%#x enmType=%d\n",
+ pPageListInfo->offFirstPage, cbData, pPageListInfo->cPages, pGuestParm->enmType),
+ VERR_INVALID_PARAMETER);
+
+ RT_UNTRUSTED_VALIDATED_FENCE();
+
+ /*
+ * Deal with no-bounce buffers first, as
+ * VMMDevHGCMParmType_PageList is the fallback.
+ */
+ if (pGuestParm->enmType == VMMDevHGCMParmType_NoBouncePageList)
+ {
+ /* Validate page offsets */
+ ASSERT_GUEST_MSG_RETURN( !(pPageListInfo->aPages[0] & GUEST_PAGE_OFFSET_MASK)
+ || (pPageListInfo->aPages[0] & GUEST_PAGE_OFFSET_MASK) == pPageListInfo->offFirstPage,
+ ("%#RX64 offFirstPage=%#x\n", pPageListInfo->aPages[0], pPageListInfo->offFirstPage),
+ VERR_INVALID_POINTER);
+ uint32_t const cPages = pPageListInfo->cPages;
+ for (uint32_t iPage = 1; iPage < cPages; iPage++)
+ ASSERT_GUEST_MSG_RETURN(!(pPageListInfo->aPages[iPage] & GUEST_PAGE_OFFSET_MASK),
+ ("[%#zx]=%#RX64\n", iPage, pPageListInfo->aPages[iPage]), VERR_INVALID_POINTER);
+ RT_UNTRUSTED_VALIDATED_FENCE();
+
+ pGuestParm->u.Pages.cbData = cbData;
+ pGuestParm->u.Pages.offFirstPage = pPageListInfo->offFirstPage;
+ pGuestParm->u.Pages.fFlags = pPageListInfo->flags;
+ pGuestParm->u.Pages.cPages = (uint16_t)cPages;
+ pGuestParm->u.Pages.fLocked = false;
+ pGuestParm->u.Pages.paPgLocks = (PPGMPAGEMAPLOCK)vmmdevR3HgcmCallMemAllocZ(pThisCC, pCmd,
+ ( sizeof(PGMPAGEMAPLOCK)
+ + sizeof(void *)) * cPages);
+ AssertReturn(pGuestParm->u.Pages.paPgLocks, VERR_NO_MEMORY);
+
+ /* Make sure the page offsets are sensible. */
+ int rc = VINF_SUCCESS;
+ void **papvPages = (void **)&pGuestParm->u.Pages.paPgLocks[cPages];
+ if (pPageListInfo->flags & VBOX_HGCM_F_PARM_DIRECTION_FROM_HOST)
+ rc = PDMDevHlpPhysBulkGCPhys2CCPtr(pDevIns, cPages, pPageListInfo->aPages, 0 /*fFlags*/,
+ papvPages, pGuestParm->u.Pages.paPgLocks);
+ else
+ rc = PDMDevHlpPhysBulkGCPhys2CCPtrReadOnly(pDevIns, cPages, pPageListInfo->aPages, 0 /*fFlags*/,
+ (void const **)papvPages, pGuestParm->u.Pages.paPgLocks);
+ if (RT_SUCCESS(rc))
+ {
+ papvPages[0] = (void *)((uintptr_t)papvPages[0] | pPageListInfo->offFirstPage);
+ pGuestParm->u.Pages.fLocked = true;
+ break;
+ }
+
+ /* Locking failed, bail out. In case of MMIO we fall back on regular page list handling. */
+ RTMemFree(pGuestParm->u.Pages.paPgLocks);
+ pGuestParm->u.Pages.paPgLocks = NULL;
+ STAM_REL_COUNTER_INC(&pThisCC->StatHgcmFailedPageListLocking);
+ ASSERT_GUEST_MSG_RETURN(rc == VERR_PGM_PHYS_PAGE_RESERVED, ("cPages=%u %Rrc\n", cPages, rc), rc);
+ pGuestParm->enmType = VMMDevHGCMParmType_PageList;
+ }
+
+ /*
+ * Regular page list or contiguous page list.
+ */
+ pGuestParm->u.ptr.cbData = cbData;
+ pGuestParm->u.ptr.offFirstPage = pPageListInfo->offFirstPage;
+ pGuestParm->u.ptr.cPages = pPageListInfo->cPages;
+ pGuestParm->u.ptr.fu32Direction = pPageListInfo->flags;
+ if (pPageListInfo->cPages == 1)
+ {
+ pGuestParm->u.ptr.paPages = &pGuestParm->u.ptr.GCPhysSinglePage;
+ pGuestParm->u.ptr.GCPhysSinglePage = pPageListInfo->aPages[0];
+ }
+ else
+ {
+ pGuestParm->u.ptr.paPages = (RTGCPHYS *)vmmdevR3HgcmCallMemAlloc(pThisCC, pCmd,
+ pPageListInfo->cPages * sizeof(RTGCPHYS));
+ AssertReturn(pGuestParm->u.ptr.paPages, VERR_NO_MEMORY);
+
+ for (uint32_t iPage = 0; iPage < pGuestParm->u.ptr.cPages; ++iPage)
+ pGuestParm->u.ptr.paPages[iPage] = pPageListInfo->aPages[iPage];
+ }
+ break;
+ }
+
+ case VMMDevHGCMParmType_Embedded:
+ {
+#ifdef VBOX_WITH_64_BITS_GUESTS
+ AssertCompileMembersSameSizeAndOffset(HGCMFunctionParameter64, u.Embedded.cbData, HGCMFunctionParameter32, u.Embedded.cbData);
+ uint32_t const cbData = ((HGCMFunctionParameter64 *)pu8HGCMParm)->u.Embedded.cbData;
+ uint32_t const offData = ((HGCMFunctionParameter64 *)pu8HGCMParm)->u.Embedded.offData;
+ uint32_t const fFlags = ((HGCMFunctionParameter64 *)pu8HGCMParm)->u.Embedded.fFlags;
+#else
+ uint32_t const cbData = ((HGCMFunctionParameter *)pu8HGCMParm)->u.Embedded.cbData;
+ uint32_t const offData = ((HGCMFunctionParameter *)pu8HGCMParm)->u.Embedded.offData;
+ uint32_t const fFlags = ((HGCMFunctionParameter *)pu8HGCMParm)->u.Embedded.fFlags;
+#endif
+ LogFunc(("Embedded guest parameter cb %u, offset %u, flags %#x\n", cbData, offData, fFlags));
+
+ ASSERT_GUEST_RETURN(cbData <= VMMDEV_MAX_HGCM_DATA_SIZE, VERR_INVALID_PARAMETER);
+
+ /* Check flags and buffer range. */
+ ASSERT_GUEST_MSG_RETURN(VBOX_HGCM_F_PARM_ARE_VALID(fFlags), ("%#x\n", fFlags), VERR_INVALID_FLAGS);
+ ASSERT_GUEST_MSG_RETURN( offData >= offExtra
+ && offData <= cbHGCMCall
+ && cbData <= cbHGCMCall - offData,
+ ("offData=%#x cbData=%#x cbHGCMCall=%#x offExtra=%#x\n", offData, cbData, cbHGCMCall, offExtra),
+ VERR_INVALID_PARAMETER);
+ RT_UNTRUSTED_VALIDATED_FENCE();
+
+ /* We use part of the ptr member. */
+ pGuestParm->u.ptr.fu32Direction = fFlags;
+ pGuestParm->u.ptr.cbData = cbData;
+ pGuestParm->u.ptr.offFirstPage = offData;
+ pGuestParm->u.ptr.GCPhysSinglePage = pCmd->GCPhys + offData;
+ pGuestParm->u.ptr.cPages = 1;
+ pGuestParm->u.ptr.paPages = &pGuestParm->u.ptr.GCPhysSinglePage;
+ break;
+ }
+
+ default:
+ ASSERT_GUEST_FAILED_RETURN(VERR_INVALID_PARAMETER);
+ }
+ }
+
+ return VINF_SUCCESS;
+}
+
+/**
+ * Handles VMMDevHGCMCall request.
+ *
+ * @returns VBox status code that the guest should see.
+ * @param pDevIns The device instance.
+ * @param pThis The VMMDev shared instance data.
+ * @param pThisCC The VMMDev ring-3 instance data.
+ * @param pHGCMCall The request to handle (cached in host memory).
+ * @param cbHGCMCall Size of the entire request (including HGCM parameters).
+ * @param GCPhys The guest physical address of the request.
+ * @param enmRequestType The request type. Distinguishes 64 and 32 bit calls.
+ * @param tsArrival The STAM_GET_TS() value when the request arrived.
+ * @param ppLock Pointer to the lock info pointer (latter can be
+ * NULL). Set to NULL if HGCM takes lock ownership.
+ */
+int vmmdevR3HgcmCall(PPDMDEVINS pDevIns, PVMMDEV pThis, PVMMDEVCC pThisCC, const VMMDevHGCMCall *pHGCMCall, uint32_t cbHGCMCall,
+ RTGCPHYS GCPhys, VMMDevRequestType enmRequestType, uint64_t tsArrival, PVMMDEVREQLOCK *ppLock)
+{
+ LogFunc(("client id = %d, function = %d, cParms = %d, enmRequestType = %d, fRequestor = %#x\n", pHGCMCall->u32ClientID,
+ pHGCMCall->u32Function, pHGCMCall->cParms, enmRequestType, pHGCMCall->header.header.fRequestor));
+
+ /*
+ * Validation.
+ */
+ ASSERT_GUEST_RETURN(cbHGCMCall >= sizeof(VMMDevHGCMCall), VERR_INVALID_PARAMETER);
+#ifdef VBOX_WITH_64_BITS_GUESTS
+ ASSERT_GUEST_RETURN( enmRequestType == VMMDevReq_HGCMCall32
+ || enmRequestType == VMMDevReq_HGCMCall64, VERR_INVALID_PARAMETER);
+#else
+ ASSERT_GUEST_RETURN(enmRequestType == VMMDevReq_HGCMCall32, VERR_INVALID_PARAMETER);
+#endif
+ RT_UNTRUSTED_VALIDATED_FENCE();
+
+ /*
+ * Create a command structure.
+ */
+ PVBOXHGCMCMD pCmd;
+ uint32_t cbHGCMParmStruct;
+ int rc = vmmdevR3HgcmCallAlloc(pThisCC, pHGCMCall, cbHGCMCall, GCPhys, enmRequestType, &pCmd, &cbHGCMParmStruct);
+ if (RT_SUCCESS(rc))
+ {
+ pCmd->tsArrival = tsArrival;
+ PVMMDEVREQLOCK pLock = *ppLock;
+ if (pLock)
+ {
+ pCmd->ReqMapLock = pLock->Lock;
+ pCmd->pvReqLocked = pLock->pvReq;
+ *ppLock = NULL;
+ }
+
+ rc = vmmdevR3HgcmCallFetchGuestParms(pDevIns, pThisCC, pCmd, pHGCMCall, cbHGCMCall, enmRequestType, cbHGCMParmStruct);
+ if (RT_SUCCESS(rc))
+ {
+ /* Copy guest data to host parameters, so HGCM services can use the data. */
+ rc = vmmdevR3HgcmInitHostParameters(pDevIns, pThisCC, pCmd, (uint8_t const *)pHGCMCall);
+ if (RT_SUCCESS(rc))
+ {
+ /*
+ * Pass the function call to HGCM connector for actual processing
+ */
+ vmmdevR3HgcmAddCommand(pDevIns, pThis, pThisCC, pCmd);
+
+#if 0 /* DONT ENABLE - for performance hacking. */
+ if ( pCmd->u.call.u32Function == 9
+ && pCmd->u.call.cParms == 5)
+ {
+ vmmdevR3HgcmRemoveCommand(pThisCC, pCmd);
+
+ if (pCmd->pvReqLocked)
+ {
+ VMMDevHGCMRequestHeader volatile *pHeader = (VMMDevHGCMRequestHeader volatile *)pCmd->pvReqLocked;
+ pHeader->header.rc = VINF_SUCCESS;
+ pHeader->result = VINF_SUCCESS;
+ pHeader->fu32Flags |= VBOX_HGCM_REQ_DONE;
+ }
+ else
+ {
+ VMMDevHGCMRequestHeader *pHeader = (VMMDevHGCMRequestHeader *)pHGCMCall;
+ pHeader->header.rc = VINF_SUCCESS;
+ pHeader->result = VINF_SUCCESS;
+ pHeader->fu32Flags |= VBOX_HGCM_REQ_DONE;
+ PDMDevHlpPhysWrite(pDevIns, GCPhys, pHeader, sizeof(*pHeader));
+ }
+ vmmdevR3HgcmCmdFree(pDevIns, pThisCC, pCmd);
+ return VINF_HGCM_ASYNC_EXECUTE; /* ignored, but avoids assertions. */
+ }
+#endif
+
+ rc = pThisCC->pHGCMDrv->pfnCall(pThisCC->pHGCMDrv, pCmd,
+ pCmd->u.call.u32ClientID, pCmd->u.call.u32Function,
+ pCmd->u.call.cParms, pCmd->u.call.paHostParms, tsArrival);
+
+ if (rc == VINF_HGCM_ASYNC_EXECUTE)
+ {
+ /*
+ * Done. Just update statistics and return.
+ */
+#ifndef VBOX_WITHOUT_RELEASE_STATISTICS
+ uint64_t tsNow;
+ STAM_GET_TS(tsNow);
+ STAM_REL_PROFILE_ADD_PERIOD(&pThisCC->StatHgcmCmdArrival, tsNow - tsArrival);
+#endif
+ return rc;
+ }
+
+ /*
+ * Failed, bail out.
+ */
+ LogFunc(("pfnCall rc = %Rrc\n", rc));
+ vmmdevR3HgcmRemoveCommand(pThisCC, pCmd);
+ }
+ }
+ vmmdevR3HgcmCmdFree(pDevIns, pThis, pThisCC, pCmd);
+ }
+ return rc;
+}
+
+/**
+ * VMMDevReq_HGCMCancel worker.
+ *
+ * @returns VBox status code that the guest should see.
+ * @param pThisCC The VMMDev ring-3 instance data.
+ * @param pHGCMCancel The request to handle (cached in host memory).
+ * @param GCPhys The address of the request.
+ *
+ * @thread EMT
+ */
+int vmmdevR3HgcmCancel(PVMMDEVCC pThisCC, const VMMDevHGCMCancel *pHGCMCancel, RTGCPHYS GCPhys)
+{
+ NOREF(pHGCMCancel);
+ int rc = vmmdevR3HgcmCancel2(pThisCC, GCPhys);
+ return rc == VERR_NOT_FOUND ? VERR_INVALID_PARAMETER : rc;
+}
+
+/**
+ * VMMDevReq_HGCMCancel2 worker.
+ *
+ * @retval VINF_SUCCESS on success.
+ * @retval VERR_NOT_FOUND if the request was not found.
+ * @retval VERR_INVALID_PARAMETER if the request address is invalid.
+ *
+ * @param pThisCC The VMMDev ring-3 instance data.
+ * @param GCPhys The address of the request that should be cancelled.
+ *
+ * @thread EMT
+ */
+int vmmdevR3HgcmCancel2(PVMMDEVCC pThisCC, RTGCPHYS GCPhys)
+{
+ if ( GCPhys == 0
+ || GCPhys == NIL_RTGCPHYS
+ || GCPhys == NIL_RTGCPHYS32)
+ {
+ Log(("vmmdevR3HgcmCancel2: GCPhys=%#x\n", GCPhys));
+ return VERR_INVALID_PARAMETER;
+ }
+
+ /*
+ * Locate the command and cancel it while under the protection of
+ * the lock. hgcmCompletedWorker makes assumptions about this.
+ */
+ int rc = vmmdevR3HgcmCmdListLock(pThisCC);
+ AssertRCReturn(rc, rc);
+
+ PVBOXHGCMCMD pCmd = vmmdevR3HgcmFindCommandLocked(pThisCC, GCPhys);
+ if (pCmd)
+ {
+ pCmd->fCancelled = true;
+
+ Log(("vmmdevR3HgcmCancel2: Cancelled pCmd=%p / GCPhys=%#x\n", pCmd, GCPhys));
+ if (pThisCC->pHGCMDrv)
+ pThisCC->pHGCMDrv->pfnCancelled(pThisCC->pHGCMDrv, pCmd,
+ pCmd->enmCmdType == VBOXHGCMCMDTYPE_CALL ? pCmd->u.call.u32ClientID
+ : pCmd->enmCmdType == VBOXHGCMCMDTYPE_CONNECT ? pCmd->u.connect.u32ClientID
+ : pCmd->enmCmdType == VBOXHGCMCMDTYPE_DISCONNECT ? pCmd->u.disconnect.u32ClientID
+ : 0);
+ }
+ else
+ rc = VERR_NOT_FOUND;
+
+ vmmdevR3HgcmCmdListUnlock(pThisCC);
+ return rc;
+}
+
+/** Write HGCM call parameters and buffers back to the guest request and memory.
+ *
+ * @returns VBox status code that the guest should see.
+ * @param pDevIns The device instance.
+ * @param pCmd Completed call command.
+ * @param pHGCMCall The guestrequest which needs updating (cached in the host memory).
+ * @param pbReq The request copy or locked memory for handling
+ * embedded buffers.
+ */
+static int vmmdevR3HgcmCompleteCallRequest(PPDMDEVINS pDevIns, PVBOXHGCMCMD pCmd, VMMDevHGCMCall *pHGCMCall, uint8_t *pbReq)
+{
+ AssertReturn(pCmd->enmCmdType == VBOXHGCMCMDTYPE_CALL, VERR_INTERNAL_ERROR);
+
+ /*
+ * Go over parameter descriptions saved in pCmd.
+ */
+#ifdef VBOX_WITH_64_BITS_GUESTS
+ HGCMFunctionParameter64 *pReqParm = (HGCMFunctionParameter64 *)(pbReq + sizeof(VMMDevHGCMCall));
+ size_t const cbHGCMParmStruct = pCmd->enmRequestType == VMMDevReq_HGCMCall64
+ ? sizeof(HGCMFunctionParameter64) : sizeof(HGCMFunctionParameter32);
+#else
+ HGCMFunctionParameter *pReqParm = (HGCMFunctionParameter *)(pbReq + sizeof(VMMDevHGCMCall));
+ size_t const cbHGCMParmStruct = sizeof(HGCMFunctionParameter);
+#endif
+ for (uint32_t i = 0;
+ i < pCmd->u.call.cParms;
+#ifdef VBOX_WITH_64_BITS_GUESTS
+ ++i, pReqParm = (HGCMFunctionParameter64 *)((uint8_t *)pReqParm + cbHGCMParmStruct)
+#else
+ ++i, pReqParm = (HGCMFunctionParameter *)((uint8_t *)pReqParm + cbHGCMParmStruct)
+#endif
+ )
+ {
+ VBOXHGCMGUESTPARM * const pGuestParm = &pCmd->u.call.paGuestParms[i];
+ VBOXHGCMSVCPARM * const pHostParm = &pCmd->u.call.paHostParms[i];
+
+ const HGCMFunctionParameterType enmType = pGuestParm->enmType;
+ switch (enmType)
+ {
+ case VMMDevHGCMParmType_32bit:
+ case VMMDevHGCMParmType_64bit:
+ {
+ const VBOXHGCMPARMVAL * const pVal = &pGuestParm->u.val;
+ const void *pvSrc = enmType == VMMDevHGCMParmType_32bit ? (void *)&pHostParm->u.uint32
+ : (void *)&pHostParm->u.uint64;
+/** @todo optimize memcpy away here. */
+ memcpy((uint8_t *)pHGCMCall + pVal->offValue, pvSrc, pVal->cbValue);
+ break;
+ }
+
+ case VMMDevHGCMParmType_LinAddr_In:
+ case VMMDevHGCMParmType_LinAddr_Out:
+ case VMMDevHGCMParmType_LinAddr:
+ case VMMDevHGCMParmType_PageList:
+ {
+/** @todo Update the return buffer size? */
+ const VBOXHGCMPARMPTR * const pPtr = &pGuestParm->u.ptr;
+ if ( pPtr->cbData > 0
+ && (pPtr->fu32Direction & VBOX_HGCM_F_PARM_DIRECTION_FROM_HOST))
+ {
+ const void *pvSrc = pHostParm->u.pointer.addr;
+ uint32_t cbSrc = pHostParm->u.pointer.size;
+ int rc = vmmdevR3HgcmGuestBufferWrite(pDevIns, pPtr, pvSrc, cbSrc);
+ if (RT_FAILURE(rc))
+ break;
+ }
+ break;
+ }
+
+ case VMMDevHGCMParmType_Embedded:
+ {
+ const VBOXHGCMPARMPTR * const pPtr = &pGuestParm->u.ptr;
+
+ /* Update size. */
+#ifdef VBOX_WITH_64_BITS_GUESTS
+ AssertCompileMembersSameSizeAndOffset(HGCMFunctionParameter64, u.Embedded.cbData, HGCMFunctionParameter32, u.Embedded.cbData);
+#endif
+ pReqParm->u.Embedded.cbData = pHostParm->u.pointer.size;
+
+ /* Copy out data. */
+ if ( pPtr->cbData > 0
+ && (pPtr->fu32Direction & VBOX_HGCM_F_PARM_DIRECTION_FROM_HOST))
+ {
+ const void *pvSrc = pHostParm->u.pointer.addr;
+ uint32_t cbSrc = pHostParm->u.pointer.size;
+ uint32_t cbToCopy = RT_MIN(cbSrc, pPtr->cbData);
+ memcpy(pbReq + pPtr->offFirstPage, pvSrc, cbToCopy);
+ }
+ break;
+ }
+
+ case VMMDevHGCMParmType_ContiguousPageList:
+ {
+ const VBOXHGCMPARMPTR * const pPtr = &pGuestParm->u.ptr;
+
+ /* Update size. */
+#ifdef VBOX_WITH_64_BITS_GUESTS
+ AssertCompileMembersSameSizeAndOffset(HGCMFunctionParameter64, u.PageList.size, HGCMFunctionParameter32, u.PageList.size);
+#endif
+ pReqParm->u.PageList.size = pHostParm->u.pointer.size;
+
+ /* Copy out data. */
+ if ( pPtr->cbData > 0
+ && (pPtr->fu32Direction & VBOX_HGCM_F_PARM_DIRECTION_FROM_HOST))
+ {
+ const void *pvSrc = pHostParm->u.pointer.addr;
+ uint32_t cbSrc = pHostParm->u.pointer.size;
+ uint32_t cbToCopy = RT_MIN(cbSrc, pPtr->cbData);
+ int rc = PDMDevHlpPhysWrite(pDevIns, pGuestParm->u.ptr.paPages[0] | pGuestParm->u.ptr.offFirstPage,
+ pvSrc, cbToCopy);
+ if (RT_FAILURE(rc))
+ break;
+ }
+ break;
+ }
+
+ case VMMDevHGCMParmType_NoBouncePageList:
+ {
+ /* Update size. */
+#ifdef VBOX_WITH_64_BITS_GUESTS
+ AssertCompileMembersSameSizeAndOffset(HGCMFunctionParameter64, u.PageList.size, HGCMFunctionParameter32, u.PageList.size);
+#endif
+ pReqParm->u.PageList.size = pHostParm->u.Pages.cb;
+
+ /* unlock early. */
+ if (pGuestParm->u.Pages.fLocked)
+ {
+ PDMDevHlpPhysBulkReleasePageMappingLocks(pDevIns, pGuestParm->u.Pages.cPages,
+ pGuestParm->u.Pages.paPgLocks);
+ pGuestParm->u.Pages.fLocked = false;
+ }
+ break;
+ }
+
+ default:
+ break;
+ }
+ }
+
+ return VINF_SUCCESS;
+}
+
+/** Update HGCM request in the guest memory and mark it as completed.
+ *
+ * @returns VINF_SUCCESS or VERR_CANCELLED.
+ * @param pInterface Pointer to this PDM interface.
+ * @param result HGCM completion status code (VBox status code).
+ * @param pCmd Completed command, which contains updated host parameters.
+ *
+ * @thread EMT
+ */
+static int hgcmCompletedWorker(PPDMIHGCMPORT pInterface, int32_t result, PVBOXHGCMCMD pCmd)
+{
+ PVMMDEVCC pThisCC = RT_FROM_MEMBER(pInterface, VMMDEVCC, IHGCMPort);
+ PPDMDEVINS pDevIns = pThisCC->pDevIns;
+ PVMMDEV pThis = PDMDEVINS_2_DATA(pDevIns, PVMMDEV);
+#ifdef VBOX_WITH_DTRACE
+ uint32_t idFunction = 0;
+ uint32_t idClient = 0;
+#endif
+
+ if (result == VINF_HGCM_SAVE_STATE)
+ {
+ /* If the completion routine was called while the HGCM service saves its state,
+ * then currently nothing to be done here. The pCmd stays in the list and will
+ * be saved later when the VMMDev state will be saved and re-submitted on load.
+ *
+ * It it assumed that VMMDev saves state after the HGCM services (VMMDev driver
+ * attached by constructor before it registers its SSM state), and, therefore,
+ * VBOXHGCMCMD structures are not removed by vmmdevR3HgcmSaveState from the list,
+ * while HGCM uses them.
+ */
+ LogFlowFunc(("VINF_HGCM_SAVE_STATE for command %p\n", pCmd));
+ return VINF_SUCCESS;
+ }
+
+ VBOXDD_HGCMCALL_COMPLETED_EMT(pCmd, result);
+
+ int rc = VINF_SUCCESS;
+
+ /*
+ * The cancellation protocol requires us to remove the command here
+ * and then check the flag. Cancelled commands must not be written
+ * back to guest memory.
+ */
+ vmmdevR3HgcmRemoveCommand(pThisCC, pCmd);
+
+ if (RT_LIKELY(!pCmd->fCancelled))
+ {
+ if (!pCmd->pvReqLocked)
+ {
+ /*
+ * Request is not locked:
+ */
+ VMMDevHGCMRequestHeader *pHeader = (VMMDevHGCMRequestHeader *)RTMemAlloc(pCmd->cbRequest);
+ if (pHeader)
+ {
+ /*
+ * Read the request from the guest memory for updating.
+ * The request data is not be used for anything but checking the request type.
+ */
+ PDMDevHlpPhysRead(pDevIns, pCmd->GCPhys, pHeader, pCmd->cbRequest);
+ RT_UNTRUSTED_NONVOLATILE_COPY_FENCE();
+
+ /* Verify the request type. This is the only field which is used from the guest memory. */
+ const VMMDevRequestType enmRequestType = pHeader->header.requestType;
+ if ( enmRequestType == pCmd->enmRequestType
+ || enmRequestType == VMMDevReq_HGCMCancel)
+ {
+ RT_UNTRUSTED_VALIDATED_FENCE();
+
+ /*
+ * Update parameters and data buffers.
+ */
+ switch (enmRequestType)
+ {
+#ifdef VBOX_WITH_64_BITS_GUESTS
+ case VMMDevReq_HGCMCall64:
+#endif
+ case VMMDevReq_HGCMCall32:
+ {
+ VMMDevHGCMCall *pHGCMCall = (VMMDevHGCMCall *)pHeader;
+ rc = vmmdevR3HgcmCompleteCallRequest(pDevIns, pCmd, pHGCMCall, (uint8_t *)pHeader);
+#ifdef VBOX_WITH_DTRACE
+ idFunction = pCmd->u.call.u32Function;
+ idClient = pCmd->u.call.u32ClientID;
+#endif
+ break;
+ }
+
+ case VMMDevReq_HGCMConnect:
+ {
+ /* save the client id in the guest request packet */
+ VMMDevHGCMConnect *pHGCMConnect = (VMMDevHGCMConnect *)pHeader;
+ pHGCMConnect->u32ClientID = pCmd->u.connect.u32ClientID;
+ break;
+ }
+
+ default:
+ /* make compiler happy */
+ break;
+ }
+ }
+ else
+ {
+ /* Guest has changed the command type. */
+ LogRelMax(50, ("VMMDEV: Invalid HGCM command: pCmd->enmCmdType = 0x%08X, pHeader->header.requestType = 0x%08X\n",
+ pCmd->enmCmdType, pHeader->header.requestType));
+
+ ASSERT_GUEST_FAILED_STMT(rc = VERR_INVALID_PARAMETER);
+ }
+
+ /* Setup return code for the guest. */
+ if (RT_SUCCESS(rc))
+ pHeader->result = result;
+ else
+ pHeader->result = rc;
+
+ /* First write back the request. */
+ PDMDevHlpPhysWrite(pDevIns, pCmd->GCPhys, pHeader, pCmd->cbRequest);
+
+ /* Mark request as processed. */
+ pHeader->fu32Flags |= VBOX_HGCM_REQ_DONE;
+
+ /* Second write the flags to mark the request as processed. */
+ PDMDevHlpPhysWrite(pDevIns, pCmd->GCPhys + RT_UOFFSETOF(VMMDevHGCMRequestHeader, fu32Flags),
+ &pHeader->fu32Flags, sizeof(pHeader->fu32Flags));
+
+ /* Now, when the command was removed from the internal list, notify the guest. */
+ VMMDevNotifyGuest(pDevIns, pThis, pThisCC, VMMDEV_EVENT_HGCM);
+
+ RTMemFreeZ(pHeader, pCmd->cbRequest);
+ }
+ else
+ {
+ LogRelMax(10, ("VMMDev: Failed to allocate %u bytes for HGCM request completion!!!\n", pCmd->cbRequest));
+ }
+ }
+ /*
+ * Request was locked:
+ */
+ else
+ {
+ VMMDevHGCMRequestHeader volatile *pHeader = (VMMDevHGCMRequestHeader volatile *)pCmd->pvReqLocked;
+
+ /* Verify the request type. This is the only field which is used from the guest memory. */
+ const VMMDevRequestType enmRequestType = pHeader->header.requestType;
+ if ( enmRequestType == pCmd->enmRequestType
+ || enmRequestType == VMMDevReq_HGCMCancel)
+ {
+ RT_UNTRUSTED_VALIDATED_FENCE();
+
+ /*
+ * Update parameters and data buffers.
+ */
+ switch (enmRequestType)
+ {
+#ifdef VBOX_WITH_64_BITS_GUESTS
+ case VMMDevReq_HGCMCall64:
+#endif
+ case VMMDevReq_HGCMCall32:
+ {
+ VMMDevHGCMCall *pHGCMCall = (VMMDevHGCMCall *)pHeader;
+ rc = vmmdevR3HgcmCompleteCallRequest(pDevIns, pCmd, pHGCMCall, (uint8_t *)pHeader);
+#ifdef VBOX_WITH_DTRACE
+ idFunction = pCmd->u.call.u32Function;
+ idClient = pCmd->u.call.u32ClientID;
+#endif
+ break;
+ }
+
+ case VMMDevReq_HGCMConnect:
+ {
+ /* save the client id in the guest request packet */
+ VMMDevHGCMConnect *pHGCMConnect = (VMMDevHGCMConnect *)pHeader;
+ pHGCMConnect->u32ClientID = pCmd->u.connect.u32ClientID;
+ break;
+ }
+
+ default:
+ /* make compiler happy */
+ break;
+ }
+ }
+ else
+ {
+ /* Guest has changed the command type. */
+ LogRelMax(50, ("VMMDEV: Invalid HGCM command: pCmd->enmCmdType = 0x%08X, pHeader->header.requestType = 0x%08X\n",
+ pCmd->enmCmdType, pHeader->header.requestType));
+
+ ASSERT_GUEST_FAILED_STMT(rc = VERR_INVALID_PARAMETER);
+ }
+
+ /* Setup return code for the guest. */
+ if (RT_SUCCESS(rc))
+ pHeader->result = result;
+ else
+ pHeader->result = rc;
+
+ /* Mark request as processed. */
+ ASMAtomicOrU32(&pHeader->fu32Flags, VBOX_HGCM_REQ_DONE);
+
+ /* Now, when the command was removed from the internal list, notify the guest. */
+ VMMDevNotifyGuest(pDevIns, pThis, pThisCC, VMMDEV_EVENT_HGCM);
+ }
+
+ /* Set the status to success for now, though we might consider passing
+ along the vmmdevR3HgcmCompleteCallRequest errors... */
+ rc = VINF_SUCCESS;
+ }
+ else
+ {
+ LogFlowFunc(("Cancelled command %p\n", pCmd));
+ rc = VERR_CANCELLED;
+ }
+
+#ifndef VBOX_WITHOUT_RELEASE_STATISTICS
+ /* Save for final stats. */
+ uint64_t const tsArrival = pCmd->tsArrival;
+ uint64_t const tsComplete = pCmd->tsComplete;
+#endif
+
+ /* Deallocate the command memory. Enter the critsect for proper */
+ VBOXDD_HGCMCALL_COMPLETED_DONE(pCmd, idFunction, idClient, result);
+ vmmdevR3HgcmCmdFree(pDevIns, pThis, pThisCC, pCmd);
+
+#ifndef VBOX_WITHOUT_RELEASE_STATISTICS
+ /* Update stats. */
+ uint64_t tsNow;
+ STAM_GET_TS(tsNow);
+ STAM_REL_PROFILE_ADD_PERIOD(&pThisCC->StatHgcmCmdCompletion, tsNow - tsComplete);
+ if (tsArrival != 0)
+ STAM_REL_PROFILE_ADD_PERIOD(&pThisCC->StatHgcmCmdTotal, tsNow - tsArrival);
+#endif
+
+ return rc;
+}
+
+/**
+ * HGCM callback for request completion. Forwards to hgcmCompletedWorker.
+ *
+ * @returns VINF_SUCCESS or VERR_CANCELLED.
+ * @param pInterface Pointer to this PDM interface.
+ * @param result HGCM completion status code (VBox status code).
+ * @param pCmd Completed command, which contains updated host parameters.
+ */
+DECLCALLBACK(int) hgcmR3Completed(PPDMIHGCMPORT pInterface, int32_t result, PVBOXHGCMCMD pCmd)
+{
+#if 0 /* This seems to be significantly slower. Half of MsgTotal time seems to be spend here. */
+ PVMMDEVCC pThisCC = RT_FROM_MEMBER(pInterface, VMMDEVCC, IHGCMPort);
+ STAM_GET_TS(pCmd->tsComplete);
+
+ VBOXDD_HGCMCALL_COMPLETED_REQ(pCmd, result);
+
+/** @todo no longer necessary to forward to EMT, but it might be more
+ * efficient...? */
+ /* Not safe to execute asynchronously; forward to EMT */
+ int rc = VMR3ReqCallVoidNoWait(PDMDevHlpGetVM(pDevIns), VMCPUID_ANY,
+ (PFNRT)hgcmCompletedWorker, 3, pInterface, result, pCmd);
+ AssertRC(rc);
+ return VINF_SUCCESS; /* cannot tell if canceled or not... */
+#else
+ STAM_GET_TS(pCmd->tsComplete);
+ VBOXDD_HGCMCALL_COMPLETED_REQ(pCmd, result);
+ return hgcmCompletedWorker(pInterface, result, pCmd);
+#endif
+}
+
+/**
+ * @interface_method_impl{PDMIHGCMPORT,pfnIsCmdRestored}
+ */
+DECLCALLBACK(bool) hgcmR3IsCmdRestored(PPDMIHGCMPORT pInterface, PVBOXHGCMCMD pCmd)
+{
+ RT_NOREF(pInterface);
+ return pCmd && pCmd->fRestored;
+}
+
+/**
+ * @interface_method_impl{PDMIHGCMPORT,pfnIsCmdCancelled}
+ */
+DECLCALLBACK(bool) hgcmR3IsCmdCancelled(PPDMIHGCMPORT pInterface, PVBOXHGCMCMD pCmd)
+{
+ RT_NOREF(pInterface);
+ return pCmd && pCmd->fCancelled;
+}
+
+/**
+ * @interface_method_impl{PDMIHGCMPORT,pfnGetRequestor}
+ */
+DECLCALLBACK(uint32_t) hgcmR3GetRequestor(PPDMIHGCMPORT pInterface, PVBOXHGCMCMD pCmd)
+{
+ PVMMDEVCC pThisCC = RT_FROM_MEMBER(pInterface, VMMDEVCC, IHGCMPort);
+ PVMMDEV pThis = PDMDEVINS_2_DATA(pThisCC->pDevIns, PVMMDEV);
+ AssertPtrReturn(pCmd, VMMDEV_REQUESTOR_LOWEST);
+ if (pThis->guestInfo2.fFeatures & VBOXGSTINFO2_F_REQUESTOR_INFO)
+ return pCmd->fRequestor;
+ return VMMDEV_REQUESTOR_LEGACY;
+}
+
+/**
+ * @interface_method_impl{PDMIHGCMPORT,pfnGetVMMDevSessionId}
+ */
+DECLCALLBACK(uint64_t) hgcmR3GetVMMDevSessionId(PPDMIHGCMPORT pInterface)
+{
+ PVMMDEVCC pThisCC = RT_FROM_MEMBER(pInterface, VMMDEVCC, IHGCMPort);
+ PVMMDEV pThis = PDMDEVINS_2_DATA(pThisCC->pDevIns, PVMMDEV);
+ return pThis->idSession;
+}
+
+/** Save information about pending HGCM requests from pThisCC->listHGCMCmd.
+ *
+ * @returns VBox status code that the guest should see.
+ * @param pThisCC The VMMDev ring-3 instance data.
+ * @param pSSM SSM handle for SSM functions.
+ *
+ * @thread EMT
+ */
+int vmmdevR3HgcmSaveState(PVMMDEVCC pThisCC, PSSMHANDLE pSSM)
+{
+ PCPDMDEVHLPR3 pHlp = pThisCC->pDevIns->pHlpR3;
+
+ LogFlowFunc(("\n"));
+
+ /* Compute how many commands are pending. */
+ uint32_t cCmds = 0;
+ PVBOXHGCMCMD pCmd;
+ RTListForEach(&pThisCC->listHGCMCmd, pCmd, VBOXHGCMCMD, node)
+ {
+ LogFlowFunc(("pCmd %p\n", pCmd));
+ ++cCmds;
+ }
+ LogFlowFunc(("cCmds = %d\n", cCmds));
+
+ /* Save number of commands. */
+ int rc = pHlp->pfnSSMPutU32(pSSM, cCmds);
+ AssertRCReturn(rc, rc);
+
+ if (cCmds > 0)
+ {
+ RTListForEach(&pThisCC->listHGCMCmd, pCmd, VBOXHGCMCMD, node)
+ {
+ LogFlowFunc(("Saving %RGp, size %d\n", pCmd->GCPhys, pCmd->cbRequest));
+
+ /** @todo Don't save cancelled requests! It serves no purpose. See restore and
+ * @bugref{4032#c4} for details. */
+ pHlp->pfnSSMPutU32 (pSSM, (uint32_t)pCmd->enmCmdType);
+ pHlp->pfnSSMPutBool (pSSM, pCmd->fCancelled);
+ pHlp->pfnSSMPutGCPhys (pSSM, pCmd->GCPhys);
+ pHlp->pfnSSMPutU32 (pSSM, pCmd->cbRequest);
+ pHlp->pfnSSMPutU32 (pSSM, (uint32_t)pCmd->enmRequestType);
+ const uint32_t cParms = pCmd->enmCmdType == VBOXHGCMCMDTYPE_CALL ? pCmd->u.call.cParms : 0;
+ rc = pHlp->pfnSSMPutU32(pSSM, cParms);
+ AssertRCReturn(rc, rc);
+
+ if (pCmd->enmCmdType == VBOXHGCMCMDTYPE_CALL)
+ {
+ pHlp->pfnSSMPutU32 (pSSM, pCmd->u.call.u32ClientID);
+ rc = pHlp->pfnSSMPutU32(pSSM, pCmd->u.call.u32Function);
+ AssertRCReturn(rc, rc);
+
+ /* Guest parameters. */
+ uint32_t i;
+ for (i = 0; i < pCmd->u.call.cParms; ++i)
+ {
+ VBOXHGCMGUESTPARM * const pGuestParm = &pCmd->u.call.paGuestParms[i];
+
+ rc = pHlp->pfnSSMPutU32(pSSM, (uint32_t)pGuestParm->enmType);
+ AssertRCReturn(rc, rc);
+
+ if ( pGuestParm->enmType == VMMDevHGCMParmType_32bit
+ || pGuestParm->enmType == VMMDevHGCMParmType_64bit)
+ {
+ const VBOXHGCMPARMVAL * const pVal = &pGuestParm->u.val;
+ pHlp->pfnSSMPutU64 (pSSM, pVal->u64Value);
+ pHlp->pfnSSMPutU32 (pSSM, pVal->offValue);
+ rc = pHlp->pfnSSMPutU32(pSSM, pVal->cbValue);
+ }
+ else if ( pGuestParm->enmType == VMMDevHGCMParmType_LinAddr_In
+ || pGuestParm->enmType == VMMDevHGCMParmType_LinAddr_Out
+ || pGuestParm->enmType == VMMDevHGCMParmType_LinAddr
+ || pGuestParm->enmType == VMMDevHGCMParmType_PageList
+ || pGuestParm->enmType == VMMDevHGCMParmType_Embedded
+ || pGuestParm->enmType == VMMDevHGCMParmType_ContiguousPageList)
+ {
+ const VBOXHGCMPARMPTR * const pPtr = &pGuestParm->u.ptr;
+ pHlp->pfnSSMPutU32 (pSSM, pPtr->cbData);
+ pHlp->pfnSSMPutU32 (pSSM, pPtr->offFirstPage);
+ pHlp->pfnSSMPutU32 (pSSM, pPtr->cPages);
+ rc = pHlp->pfnSSMPutU32(pSSM, pPtr->fu32Direction);
+
+ uint32_t iPage;
+ for (iPage = 0; RT_SUCCESS(rc) && iPage < pPtr->cPages; ++iPage)
+ rc = pHlp->pfnSSMPutGCPhys(pSSM, pPtr->paPages[iPage]);
+ }
+ else if (pGuestParm->enmType == VMMDevHGCMParmType_NoBouncePageList)
+ {
+ /* We don't have the page addresses here, so it will need to be
+ restored from guest memory. This isn't an issue as it is only
+ use with services which won't survive a save/restore anyway. */
+ }
+ else
+ {
+ AssertFailedStmt(rc = VERR_INTERNAL_ERROR);
+ }
+ AssertRCReturn(rc, rc);
+ }
+ }
+ else if (pCmd->enmCmdType == VBOXHGCMCMDTYPE_CONNECT)
+ {
+ pHlp->pfnSSMPutU32(pSSM, pCmd->u.connect.u32ClientID);
+ pHlp->pfnSSMPutMem(pSSM, pCmd->u.connect.pLoc, sizeof(*pCmd->u.connect.pLoc));
+ }
+ else if (pCmd->enmCmdType == VBOXHGCMCMDTYPE_DISCONNECT)
+ {
+ pHlp->pfnSSMPutU32(pSSM, pCmd->u.disconnect.u32ClientID);
+ }
+ else
+ {
+ AssertFailedReturn(VERR_INTERNAL_ERROR);
+ }
+
+ /* A reserved field, will allow to extend saved data for a command. */
+ rc = pHlp->pfnSSMPutU32(pSSM, 0);
+ AssertRCReturn(rc, rc);
+ }
+ }
+
+ /* A reserved field, will allow to extend saved data for VMMDevHGCM. */
+ rc = pHlp->pfnSSMPutU32(pSSM, 0);
+ AssertRCReturn(rc, rc);
+
+ return rc;
+}
+
+/** Load information about pending HGCM requests.
+ *
+ * Allocate VBOXHGCMCMD commands and add them to pThisCC->listHGCMCmd
+ * temporarily. vmmdevR3HgcmLoadStateDone will process the temporary list. This
+ * includes loading the correct fRequestor fields.
+ *
+ * @returns VBox status code that the guest should see.
+ * @param pDevIns The device instance.
+ * @param pThis The VMMDev shared instance data.
+ * @param pThisCC The VMMDev ring-3 instance data.
+ * @param pSSM SSM handle for SSM functions.
+ * @param uVersion Saved state version.
+ *
+ * @thread EMT
+ */
+int vmmdevR3HgcmLoadState(PPDMDEVINS pDevIns, PVMMDEV pThis, PVMMDEVCC pThisCC, PSSMHANDLE pSSM, uint32_t uVersion)
+{
+ PCPDMDEVHLPR3 pHlp = pDevIns->pHlpR3;
+
+ LogFlowFunc(("\n"));
+
+ pThisCC->uSavedStateVersion = uVersion; /* For vmmdevR3HgcmLoadStateDone */
+
+ /* Read how many commands were pending. */
+ uint32_t cCmds = 0;
+ int rc = pHlp->pfnSSMGetU32(pSSM, &cCmds);
+ AssertRCReturn(rc, rc);
+
+ LogFlowFunc(("cCmds = %d\n", cCmds));
+
+ if (uVersion >= VMMDEV_SAVED_STATE_VERSION_HGCM_PARAMS)
+ {
+ /* Saved information about all HGCM parameters. */
+ uint32_t u32;
+
+ uint32_t iCmd;
+ for (iCmd = 0; iCmd < cCmds; ++iCmd)
+ {
+ /* Command fields. */
+ VBOXHGCMCMDTYPE enmCmdType;
+ bool fCancelled;
+ RTGCPHYS GCPhys;
+ uint32_t cbRequest;
+ VMMDevRequestType enmRequestType;
+ uint32_t cParms;
+
+ pHlp->pfnSSMGetU32 (pSSM, &u32);
+ enmCmdType = (VBOXHGCMCMDTYPE)u32;
+ pHlp->pfnSSMGetBool (pSSM, &fCancelled);
+ pHlp->pfnSSMGetGCPhys (pSSM, &GCPhys);
+ pHlp->pfnSSMGetU32 (pSSM, &cbRequest);
+ pHlp->pfnSSMGetU32 (pSSM, &u32);
+ enmRequestType = (VMMDevRequestType)u32;
+ rc = pHlp->pfnSSMGetU32(pSSM, &cParms);
+ AssertRCReturn(rc, rc);
+
+ PVBOXHGCMCMD pCmd = vmmdevR3HgcmCmdAlloc(pThisCC, enmCmdType, GCPhys, cbRequest, cParms, 0 /*fRequestor*/);
+ AssertReturn(pCmd, VERR_NO_MEMORY);
+
+ pCmd->fCancelled = fCancelled;
+ pCmd->GCPhys = GCPhys;
+ pCmd->cbRequest = cbRequest;
+ pCmd->enmRequestType = enmRequestType;
+
+ if (enmCmdType == VBOXHGCMCMDTYPE_CALL)
+ {
+ pHlp->pfnSSMGetU32 (pSSM, &pCmd->u.call.u32ClientID);
+ rc = pHlp->pfnSSMGetU32(pSSM, &pCmd->u.call.u32Function);
+ AssertRCReturn(rc, rc);
+
+ /* Guest parameters. */
+ uint32_t i;
+ for (i = 0; i < cParms; ++i)
+ {
+ VBOXHGCMGUESTPARM * const pGuestParm = &pCmd->u.call.paGuestParms[i];
+
+ rc = pHlp->pfnSSMGetU32(pSSM, &u32);
+ AssertRCReturn(rc, rc);
+ pGuestParm->enmType = (HGCMFunctionParameterType)u32;
+
+ if ( pGuestParm->enmType == VMMDevHGCMParmType_32bit
+ || pGuestParm->enmType == VMMDevHGCMParmType_64bit)
+ {
+ VBOXHGCMPARMVAL * const pVal = &pGuestParm->u.val;
+ pHlp->pfnSSMGetU64 (pSSM, &pVal->u64Value);
+ pHlp->pfnSSMGetU32 (pSSM, &pVal->offValue);
+ rc = pHlp->pfnSSMGetU32(pSSM, &pVal->cbValue);
+ }
+ else if ( pGuestParm->enmType == VMMDevHGCMParmType_LinAddr_In
+ || pGuestParm->enmType == VMMDevHGCMParmType_LinAddr_Out
+ || pGuestParm->enmType == VMMDevHGCMParmType_LinAddr
+ || pGuestParm->enmType == VMMDevHGCMParmType_PageList
+ || pGuestParm->enmType == VMMDevHGCMParmType_Embedded
+ || pGuestParm->enmType == VMMDevHGCMParmType_ContiguousPageList)
+ {
+ VBOXHGCMPARMPTR * const pPtr = &pGuestParm->u.ptr;
+ pHlp->pfnSSMGetU32 (pSSM, &pPtr->cbData);
+ pHlp->pfnSSMGetU32 (pSSM, &pPtr->offFirstPage);
+ pHlp->pfnSSMGetU32 (pSSM, &pPtr->cPages);
+ rc = pHlp->pfnSSMGetU32(pSSM, &pPtr->fu32Direction);
+ if (RT_SUCCESS(rc))
+ {
+ if (pPtr->cPages == 1)
+ pPtr->paPages = &pPtr->GCPhysSinglePage;
+ else
+ {
+ AssertReturn( pGuestParm->enmType != VMMDevHGCMParmType_Embedded
+ && pGuestParm->enmType != VMMDevHGCMParmType_ContiguousPageList, VERR_INTERNAL_ERROR_3);
+ pPtr->paPages = (RTGCPHYS *)vmmdevR3HgcmCallMemAlloc(pThisCC, pCmd,
+ pPtr->cPages * sizeof(RTGCPHYS));
+ AssertStmt(pPtr->paPages, rc = VERR_NO_MEMORY);
+ }
+
+ if (RT_SUCCESS(rc))
+ {
+ uint32_t iPage;
+ for (iPage = 0; iPage < pPtr->cPages; ++iPage)
+ rc = pHlp->pfnSSMGetGCPhys(pSSM, &pPtr->paPages[iPage]);
+ }
+ }
+ }
+ else if (pGuestParm->enmType == VMMDevHGCMParmType_NoBouncePageList)
+ {
+ /* This request type can only be stored from guest memory for now. */
+ pCmd->fRestoreFromGuestMem = true;
+ }
+ else
+ {
+ AssertFailedStmt(rc = VERR_INTERNAL_ERROR);
+ }
+ AssertRCReturn(rc, rc);
+ }
+ }
+ else if (enmCmdType == VBOXHGCMCMDTYPE_CONNECT)
+ {
+ pHlp->pfnSSMGetU32(pSSM, &pCmd->u.connect.u32ClientID);
+ rc = pHlp->pfnSSMGetMem(pSSM, pCmd->u.connect.pLoc, sizeof(*pCmd->u.connect.pLoc));
+ AssertRCReturn(rc, rc);
+ }
+ else if (enmCmdType == VBOXHGCMCMDTYPE_DISCONNECT)
+ {
+ rc = pHlp->pfnSSMGetU32(pSSM, &pCmd->u.disconnect.u32ClientID);
+ AssertRCReturn(rc, rc);
+ }
+ else
+ {
+ AssertFailedReturn(VERR_INTERNAL_ERROR);
+ }
+
+ /* A reserved field, will allow to extend saved data for a command. */
+ rc = pHlp->pfnSSMGetU32(pSSM, &u32);
+ AssertRCReturn(rc, rc);
+
+ /*
+ * Do not restore cancelled calls. Why do we save them to start with?
+ *
+ * The guest memory no longer contains a valid request! So, it is not
+ * possible to restore it. The memory is often reused for a new request
+ * by now and we will end up trying to complete that more than once if
+ * we restore a cancelled call. In some cases VERR_HGCM_INVALID_CLIENT_ID
+ * is returned, though it might just be silent memory corruption.
+ */
+ /* See current version above. */
+ if (!fCancelled)
+ vmmdevR3HgcmAddCommand(pDevIns, pThis, pThisCC, pCmd);
+ else
+ {
+ Log(("vmmdevR3HgcmLoadState: Skipping cancelled request: enmCmdType=%d GCPhys=%#RX32 LB %#x\n",
+ enmCmdType, GCPhys, cbRequest));
+ vmmdevR3HgcmCmdFree(pDevIns, pThis, pThisCC, pCmd);
+ }
+ }
+
+ /* A reserved field, will allow to extend saved data for VMMDevHGCM. */
+ rc = pHlp->pfnSSMGetU32(pSSM, &u32);
+ AssertRCReturn(rc, rc);
+ }
+ else if (uVersion >= 9)
+ {
+ /* Version 9+: Load information about commands. Pre-rewrite. */
+ uint32_t u32;
+
+ uint32_t iCmd;
+ for (iCmd = 0; iCmd < cCmds; ++iCmd)
+ {
+ VBOXHGCMCMDTYPE enmCmdType;
+ bool fCancelled;
+ RTGCPHYS GCPhys;
+ uint32_t cbRequest;
+ uint32_t cLinAddrs;
+
+ pHlp->pfnSSMGetGCPhys (pSSM, &GCPhys);
+ rc = pHlp->pfnSSMGetU32(pSSM, &cbRequest);
+ AssertRCReturn(rc, rc);
+
+ LogFlowFunc(("Restoring %RGp size %x bytes\n", GCPhys, cbRequest));
+
+ /* For uVersion <= 12, this was the size of entire command.
+ * Now the command is reconstructed in vmmdevR3HgcmLoadStateDone.
+ */
+ if (uVersion <= 12)
+ pHlp->pfnSSMSkip(pSSM, sizeof (uint32_t));
+
+ pHlp->pfnSSMGetU32 (pSSM, &u32);
+ enmCmdType = (VBOXHGCMCMDTYPE)u32;
+ pHlp->pfnSSMGetBool (pSSM, &fCancelled);
+ /* How many linear pointers. Always 0 if not a call command. */
+ rc = pHlp->pfnSSMGetU32(pSSM, &cLinAddrs);
+ AssertRCReturn(rc, rc);
+
+ PVBOXHGCMCMD pCmd = vmmdevR3HgcmCmdAlloc(pThisCC, enmCmdType, GCPhys, cbRequest, cLinAddrs, 0 /*fRequestor*/);
+ AssertReturn(pCmd, VERR_NO_MEMORY);
+
+ pCmd->fCancelled = fCancelled;
+ pCmd->GCPhys = GCPhys;
+ pCmd->cbRequest = cbRequest;
+
+ if (cLinAddrs > 0)
+ {
+ /* Skip number of pages for all LinAddrs in this command. */
+ pHlp->pfnSSMSkip(pSSM, sizeof(uint32_t));
+
+ uint32_t i;
+ for (i = 0; i < cLinAddrs; ++i)
+ {
+ VBOXHGCMPARMPTR * const pPtr = &pCmd->u.call.paGuestParms[i].u.ptr;
+
+ /* Index of the parameter. Use cbData field to store the index. */
+ pHlp->pfnSSMGetU32 (pSSM, &pPtr->cbData);
+ pHlp->pfnSSMGetU32 (pSSM, &pPtr->offFirstPage);
+ rc = pHlp->pfnSSMGetU32(pSSM, &pPtr->cPages);
+ AssertRCReturn(rc, rc);
+
+ pPtr->paPages = (RTGCPHYS *)vmmdevR3HgcmCallMemAlloc(pThisCC, pCmd, pPtr->cPages * sizeof(RTGCPHYS));
+ AssertReturn(pPtr->paPages, VERR_NO_MEMORY);
+
+ uint32_t iPage;
+ for (iPage = 0; iPage < pPtr->cPages; ++iPage)
+ rc = pHlp->pfnSSMGetGCPhys(pSSM, &pPtr->paPages[iPage]);
+ }
+ }
+
+ /* A reserved field, will allow to extend saved data for a command. */
+ rc = pHlp->pfnSSMGetU32(pSSM, &u32);
+ AssertRCReturn(rc, rc);
+
+ /* See current version above. */
+ if (!fCancelled)
+ vmmdevR3HgcmAddCommand(pDevIns, pThis, pThisCC, pCmd);
+ else
+ {
+ Log(("vmmdevR3HgcmLoadState: Skipping cancelled request: enmCmdType=%d GCPhys=%#RX32 LB %#x\n",
+ enmCmdType, GCPhys, cbRequest));
+ vmmdevR3HgcmCmdFree(pDevIns, pThis, pThisCC, pCmd);
+ }
+ }
+
+ /* A reserved field, will allow to extend saved data for VMMDevHGCM. */
+ rc = pHlp->pfnSSMGetU32(pSSM, &u32);
+ AssertRCReturn(rc, rc);
+ }
+ else
+ {
+ /* Ancient. Only the guest physical address is saved. */
+ uint32_t iCmd;
+ for (iCmd = 0; iCmd < cCmds; ++iCmd)
+ {
+ RTGCPHYS GCPhys;
+ uint32_t cbRequest;
+
+ pHlp->pfnSSMGetGCPhys(pSSM, &GCPhys);
+ rc = pHlp->pfnSSMGetU32(pSSM, &cbRequest);
+ AssertRCReturn(rc, rc);
+
+ LogFlowFunc(("Restoring %RGp size %x bytes\n", GCPhys, cbRequest));
+
+ PVBOXHGCMCMD pCmd = vmmdevR3HgcmCmdAlloc(pThisCC, VBOXHGCMCMDTYPE_LOADSTATE, GCPhys, cbRequest, 0, 0 /*fRequestor*/);
+ AssertReturn(pCmd, VERR_NO_MEMORY);
+
+ vmmdevR3HgcmAddCommand(pDevIns, pThis, pThisCC, pCmd);
+ }
+ }
+
+ return rc;
+}
+
+/** Restore HGCM connect command loaded from old saved state.
+ *
+ * @returns VBox status code that the guest should see.
+ * @param pThisCC The VMMDev ring-3 instance data.
+ * @param uSavedStateVersion The saved state version the command has been loaded from.
+ * @param pLoadedCmd Command loaded from saved state, it is imcomplete and needs restoration.
+ * @param pReq The guest request (cached in host memory).
+ * @param cbReq Size of the guest request.
+ * @param enmRequestType Type of the HGCM request.
+ * @param ppRestoredCmd Where to store pointer to newly allocated restored command.
+ */
+static int vmmdevR3HgcmRestoreConnect(PVMMDEVCC pThisCC, uint32_t uSavedStateVersion, const VBOXHGCMCMD *pLoadedCmd,
+ VMMDevHGCMConnect *pReq, uint32_t cbReq, VMMDevRequestType enmRequestType,
+ VBOXHGCMCMD **ppRestoredCmd)
+{
+ /* Verify the request. */
+ ASSERT_GUEST_RETURN(cbReq >= sizeof(*pReq), VERR_MISMATCH);
+ if (uSavedStateVersion >= 9)
+ ASSERT_GUEST_RETURN(pLoadedCmd->enmCmdType == VBOXHGCMCMDTYPE_CONNECT, VERR_MISMATCH);
+
+ PVBOXHGCMCMD pCmd = vmmdevR3HgcmCmdAlloc(pThisCC, VBOXHGCMCMDTYPE_CONNECT, pLoadedCmd->GCPhys, cbReq, 0,
+ pReq->header.header.fRequestor);
+ AssertReturn(pCmd, VERR_NO_MEMORY);
+
+ Assert(pLoadedCmd->fCancelled == false);
+ pCmd->fCancelled = false;
+ pCmd->fRestored = true;
+ pCmd->enmRequestType = enmRequestType;
+
+ vmmdevR3HgcmConnectFetch(pReq, pCmd);
+
+ *ppRestoredCmd = pCmd;
+ return VINF_SUCCESS;
+}
+
+/** Restore HGCM disconnect command loaded from old saved state.
+ *
+ * @returns VBox status code that the guest should see.
+ * @param pThisCC The VMMDev ring-3 instance data.
+ * @param uSavedStateVersion The saved state version the command has been loaded from.
+ * @param pLoadedCmd Command loaded from saved state, it is imcomplete and needs restoration.
+ * @param pReq The guest request (cached in host memory).
+ * @param cbReq Size of the guest request.
+ * @param enmRequestType Type of the HGCM request.
+ * @param ppRestoredCmd Where to store pointer to newly allocated restored command.
+ */
+static int vmmdevR3HgcmRestoreDisconnect(PVMMDEVCC pThisCC, uint32_t uSavedStateVersion, const VBOXHGCMCMD *pLoadedCmd,
+ VMMDevHGCMDisconnect *pReq, uint32_t cbReq, VMMDevRequestType enmRequestType,
+ VBOXHGCMCMD **ppRestoredCmd)
+{
+ /* Verify the request. */
+ ASSERT_GUEST_RETURN(cbReq >= sizeof(*pReq), VERR_MISMATCH);
+ if (uSavedStateVersion >= 9)
+ ASSERT_GUEST_RETURN(pLoadedCmd->enmCmdType == VBOXHGCMCMDTYPE_DISCONNECT, VERR_MISMATCH);
+
+ PVBOXHGCMCMD pCmd = vmmdevR3HgcmCmdAlloc(pThisCC, VBOXHGCMCMDTYPE_DISCONNECT, pLoadedCmd->GCPhys, cbReq, 0,
+ pReq->header.header.fRequestor);
+ AssertReturn(pCmd, VERR_NO_MEMORY);
+
+ Assert(pLoadedCmd->fCancelled == false);
+ pCmd->fCancelled = false;
+ pCmd->fRestored = true;
+ pCmd->enmRequestType = enmRequestType;
+
+ vmmdevR3HgcmDisconnectFetch(pReq, pCmd);
+
+ *ppRestoredCmd = pCmd;
+ return VINF_SUCCESS;
+}
+
+/** Restore HGCM call command loaded from old saved state.
+ *
+ * @returns VBox status code that the guest should see.
+ * @param pDevIns The device instance.
+ * @param pThis The VMMDev shared instance data.
+ * @param pThisCC The VMMDev ring-3 instance data.
+ * @param uSavedStateVersion The saved state version the command has been loaded from.
+ * @param pLoadedCmd Command loaded from saved state, it is imcomplete and needs restoration.
+ * @param pReq The guest request (cached in host memory).
+ * @param cbReq Size of the guest request.
+ * @param enmRequestType Type of the HGCM request.
+ * @param ppRestoredCmd Where to store pointer to newly allocated restored command.
+ */
+static int vmmdevR3HgcmRestoreCall(PPDMDEVINS pDevIns, PVMMDEV pThis, PVMMDEVCC pThisCC, uint32_t uSavedStateVersion,
+ const VBOXHGCMCMD *pLoadedCmd, VMMDevHGCMCall *pReq, uint32_t cbReq,
+ VMMDevRequestType enmRequestType, VBOXHGCMCMD **ppRestoredCmd)
+{
+ /* Verify the request. */
+ ASSERT_GUEST_RETURN(cbReq >= sizeof(*pReq), VERR_MISMATCH);
+ if (uSavedStateVersion >= 9)
+ {
+ ASSERT_GUEST_RETURN(pLoadedCmd->enmCmdType == VBOXHGCMCMDTYPE_CALL, VERR_MISMATCH);
+ Assert(pLoadedCmd->fCancelled == false);
+ }
+
+ PVBOXHGCMCMD pCmd;
+ uint32_t cbHGCMParmStruct;
+ int rc = vmmdevR3HgcmCallAlloc(pThisCC, pReq, cbReq, pLoadedCmd->GCPhys, enmRequestType, &pCmd, &cbHGCMParmStruct);
+ if (RT_FAILURE(rc))
+ return rc;
+
+ /* pLoadedCmd is fake, it does not contain actual call parameters. Only pagelists for LinAddr. */
+ pCmd->fCancelled = false;
+ pCmd->fRestored = true;
+ pCmd->enmRequestType = enmRequestType;
+
+ rc = vmmdevR3HgcmCallFetchGuestParms(pDevIns, pThisCC, pCmd, pReq, cbReq, enmRequestType, cbHGCMParmStruct);
+ if (RT_SUCCESS(rc))
+ {
+ /* Update LinAddr parameters from pLoadedCmd.
+ * pLoadedCmd->u.call.cParms is actually the number of LinAddrs, see vmmdevR3HgcmLoadState.
+ */
+ uint32_t iLinAddr;
+ for (iLinAddr = 0; iLinAddr < pLoadedCmd->u.call.cParms; ++iLinAddr)
+ {
+ VBOXHGCMGUESTPARM * const pLoadedParm = &pLoadedCmd->u.call.paGuestParms[iLinAddr];
+ /* pLoadedParm->cbData is actually index of the LinAddr parameter, see vmmdevR3HgcmLoadState. */
+ const uint32_t iParm = pLoadedParm->u.ptr.cbData;
+ ASSERT_GUEST_STMT_BREAK(iParm < pCmd->u.call.cParms, rc = VERR_MISMATCH);
+
+ VBOXHGCMGUESTPARM * const pGuestParm = &pCmd->u.call.paGuestParms[iParm];
+ ASSERT_GUEST_STMT_BREAK( pGuestParm->enmType == VMMDevHGCMParmType_LinAddr_In
+ || pGuestParm->enmType == VMMDevHGCMParmType_LinAddr_Out
+ || pGuestParm->enmType == VMMDevHGCMParmType_LinAddr,
+ rc = VERR_MISMATCH);
+ ASSERT_GUEST_STMT_BREAK( pLoadedParm->u.ptr.offFirstPage == pGuestParm->u.ptr.offFirstPage
+ && pLoadedParm->u.ptr.cPages == pGuestParm->u.ptr.cPages,
+ rc = VERR_MISMATCH);
+ memcpy(pGuestParm->u.ptr.paPages, pLoadedParm->u.ptr.paPages, pGuestParm->u.ptr.cPages * sizeof(RTGCPHYS));
+ }
+ }
+
+ if (RT_SUCCESS(rc))
+ *ppRestoredCmd = pCmd;
+ else
+ vmmdevR3HgcmCmdFree(pDevIns, pThis, pThisCC, pCmd);
+
+ return rc;
+}
+
+/** Allocate and initialize a HGCM command using the given request (pReqHdr)
+ * and command loaded from saved state (pCmd).
+ *
+ * @returns VBox status code that the guest should see.
+ * @param pDevIns The device instance.
+ * @param pThis The VMMDev shared instance data.
+ * @param pThisCC The VMMDev ring-3 instance data.
+ * @param uSavedStateVersion Saved state version.
+ * @param pLoadedCmd HGCM command which needs restoration.
+ * @param pReqHdr The request (cached in host memory).
+ * @param cbReq Size of the entire request (including HGCM parameters).
+ * @param ppRestoredCmd Where to store pointer to restored command.
+ */
+static int vmmdevR3HgcmRestoreCommand(PPDMDEVINS pDevIns, PVMMDEV pThis, PVMMDEVCC pThisCC, uint32_t uSavedStateVersion,
+ const VBOXHGCMCMD *pLoadedCmd, const VMMDevHGCMRequestHeader *pReqHdr, uint32_t cbReq,
+ VBOXHGCMCMD **ppRestoredCmd)
+{
+ int rc;
+
+ /* Verify the request. */
+ ASSERT_GUEST_RETURN(cbReq >= sizeof(VMMDevHGCMRequestHeader), VERR_MISMATCH);
+ ASSERT_GUEST_RETURN(cbReq == pReqHdr->header.size, VERR_MISMATCH);
+
+ const VMMDevRequestType enmRequestType = pReqHdr->header.requestType;
+ switch (enmRequestType)
+ {
+ case VMMDevReq_HGCMConnect:
+ {
+ VMMDevHGCMConnect *pReq = (VMMDevHGCMConnect *)pReqHdr;
+ rc = vmmdevR3HgcmRestoreConnect(pThisCC, uSavedStateVersion, pLoadedCmd, pReq, cbReq, enmRequestType, ppRestoredCmd);
+ break;
+ }
+
+ case VMMDevReq_HGCMDisconnect:
+ {
+ VMMDevHGCMDisconnect *pReq = (VMMDevHGCMDisconnect *)pReqHdr;
+ rc = vmmdevR3HgcmRestoreDisconnect(pThisCC, uSavedStateVersion, pLoadedCmd, pReq, cbReq, enmRequestType, ppRestoredCmd);
+ break;
+ }
+
+#ifdef VBOX_WITH_64_BITS_GUESTS
+ case VMMDevReq_HGCMCall64:
+#endif
+ case VMMDevReq_HGCMCall32:
+ {
+ VMMDevHGCMCall *pReq = (VMMDevHGCMCall *)pReqHdr;
+ rc = vmmdevR3HgcmRestoreCall(pDevIns, pThis, pThisCC, uSavedStateVersion, pLoadedCmd,
+ pReq, cbReq, enmRequestType, ppRestoredCmd);
+ break;
+ }
+
+ default:
+ ASSERT_GUEST_FAILED_RETURN(VERR_MISMATCH);
+ }
+
+ return rc;
+}
+
+/** Resubmit pending HGCM commands which were loaded form saved state.
+ *
+ * @returns VBox status code.
+ * @param pDevIns The device instance.
+ * @param pThis The VMMDev shared instance data.
+ * @param pThisCC The VMMDev ring-3 instance data.
+ *
+ * @thread EMT
+ */
+int vmmdevR3HgcmLoadStateDone(PPDMDEVINS pDevIns, PVMMDEV pThis, PVMMDEVCC pThisCC)
+{
+ /*
+ * Resubmit pending HGCM commands to services.
+ *
+ * pThisCC->pHGCMCmdList contains commands loaded by vmmdevR3HgcmLoadState.
+ *
+ * Legacy saved states (pre VMMDEV_SAVED_STATE_VERSION_HGCM_PARAMS)
+ * do not have enough information about the command parameters,
+ * therefore it is necessary to reload at least some data from the
+ * guest memory to construct commands.
+ *
+ * There are two types of legacy saved states which contain:
+ * 1) the guest physical address and size of request;
+ * 2) additionally page lists for LinAddr parameters.
+ *
+ * Legacy commands have enmCmdType = VBOXHGCMCMDTYPE_LOADSTATE?
+ */
+
+ int rcFunc = VINF_SUCCESS; /* This status code will make the function fail. I.e. VM will not start. */
+
+ /* Get local copy of the list of loaded commands. */
+ RTLISTANCHOR listLoadedCommands;
+ RTListMove(&listLoadedCommands, &pThisCC->listHGCMCmd);
+
+ /* Resubmit commands. */
+ PVBOXHGCMCMD pCmd, pNext;
+ RTListForEachSafe(&listLoadedCommands, pCmd, pNext, VBOXHGCMCMD, node)
+ {
+ int rcCmd = VINF_SUCCESS; /* This status code will make the HGCM command fail for the guest. */
+
+ RTListNodeRemove(&pCmd->node);
+
+ /*
+ * Re-read the request from the guest memory.
+ * It will be used to:
+ * * reconstruct commands if legacy saved state has been restored;
+ * * report an error to the guest if resubmit failed.
+ */
+ VMMDevHGCMRequestHeader *pReqHdr = (VMMDevHGCMRequestHeader *)RTMemAlloc(pCmd->cbRequest);
+ AssertBreakStmt(pReqHdr, vmmdevR3HgcmCmdFree(pDevIns, pThis, pThisCC, pCmd); rcFunc = VERR_NO_MEMORY);
+
+ PDMDevHlpPhysRead(pDevIns, pCmd->GCPhys, pReqHdr, pCmd->cbRequest);
+ RT_UNTRUSTED_NONVOLATILE_COPY_FENCE();
+
+ if (pThisCC->pHGCMDrv)
+ {
+ /*
+ * Reconstruct legacy commands.
+ */
+ if (RT_LIKELY( pThisCC->uSavedStateVersion >= VMMDEV_SAVED_STATE_VERSION_HGCM_PARAMS
+ && !pCmd->fRestoreFromGuestMem))
+ { /* likely */ }
+ else
+ {
+ PVBOXHGCMCMD pRestoredCmd = NULL;
+ rcCmd = vmmdevR3HgcmRestoreCommand(pDevIns, pThis, pThisCC, pThisCC->uSavedStateVersion, pCmd,
+ pReqHdr, pCmd->cbRequest, &pRestoredCmd);
+ if (RT_SUCCESS(rcCmd))
+ {
+ Assert(pCmd != pRestoredCmd); /* vmmdevR3HgcmRestoreCommand must allocate restored command. */
+ vmmdevR3HgcmCmdFree(pDevIns, pThis, pThisCC, pCmd);
+ pCmd = pRestoredCmd;
+ }
+ }
+
+ /* Resubmit commands. */
+ if (RT_SUCCESS(rcCmd))
+ {
+ switch (pCmd->enmCmdType)
+ {
+ case VBOXHGCMCMDTYPE_CONNECT:
+ {
+ vmmdevR3HgcmAddCommand(pDevIns, pThis, pThisCC, pCmd);
+ rcCmd = pThisCC->pHGCMDrv->pfnConnect(pThisCC->pHGCMDrv, pCmd, pCmd->u.connect.pLoc,
+ &pCmd->u.connect.u32ClientID);
+ if (RT_FAILURE(rcCmd))
+ vmmdevR3HgcmRemoveCommand(pThisCC, pCmd);
+ break;
+ }
+
+ case VBOXHGCMCMDTYPE_DISCONNECT:
+ {
+ vmmdevR3HgcmAddCommand(pDevIns, pThis, pThisCC, pCmd);
+ rcCmd = pThisCC->pHGCMDrv->pfnDisconnect(pThisCC->pHGCMDrv, pCmd, pCmd->u.disconnect.u32ClientID);
+ if (RT_FAILURE(rcCmd))
+ vmmdevR3HgcmRemoveCommand(pThisCC, pCmd);
+ break;
+ }
+
+ case VBOXHGCMCMDTYPE_CALL:
+ {
+ rcCmd = vmmdevR3HgcmInitHostParameters(pDevIns, pThisCC, pCmd, (uint8_t const *)pReqHdr);
+ if (RT_SUCCESS(rcCmd))
+ {
+ vmmdevR3HgcmAddCommand(pDevIns, pThis, pThisCC, pCmd);
+
+ /* Pass the function call to HGCM connector for actual processing */
+ uint64_t tsNow;
+ STAM_GET_TS(tsNow);
+ rcCmd = pThisCC->pHGCMDrv->pfnCall(pThisCC->pHGCMDrv, pCmd,
+ pCmd->u.call.u32ClientID, pCmd->u.call.u32Function,
+ pCmd->u.call.cParms, pCmd->u.call.paHostParms, tsNow);
+ if (RT_FAILURE(rcCmd))
+ {
+ LogFunc(("pfnCall rc = %Rrc\n", rcCmd));
+ vmmdevR3HgcmRemoveCommand(pThisCC, pCmd);
+ }
+ }
+ break;
+ }
+
+ default:
+ AssertFailedStmt(rcCmd = VERR_INTERNAL_ERROR);
+ }
+ }
+ }
+ else
+ AssertFailedStmt(rcCmd = VERR_INTERNAL_ERROR);
+
+ if (RT_SUCCESS(rcCmd))
+ { /* likely */ }
+ else
+ {
+ /* Return the error to the guest. Guest may try to repeat the call. */
+ pReqHdr->result = rcCmd;
+ pReqHdr->header.rc = rcCmd;
+ pReqHdr->fu32Flags |= VBOX_HGCM_REQ_DONE;
+
+ /* Write back only the header. */
+ PDMDevHlpPhysWrite(pDevIns, pCmd->GCPhys, pReqHdr, sizeof(*pReqHdr));
+
+ VMMDevNotifyGuest(pDevIns, pThis, pThisCC, VMMDEV_EVENT_HGCM);
+
+ /* Deallocate the command memory. */
+ vmmdevR3HgcmCmdFree(pDevIns, pThis, pThisCC, pCmd);
+ }
+
+ RTMemFree(pReqHdr);
+ }
+
+ if (RT_FAILURE(rcFunc))
+ {
+ RTListForEachSafe(&listLoadedCommands, pCmd, pNext, VBOXHGCMCMD, node)
+ {
+ RTListNodeRemove(&pCmd->node);
+ vmmdevR3HgcmCmdFree(pDevIns, pThis, pThisCC, pCmd);
+ }
+ }
+
+ return rcFunc;
+}
+
+
+/**
+ * Counterpart to vmmdevR3HgcmInit().
+ *
+ * @param pDevIns The device instance.
+ * @param pThis The VMMDev shared instance data.
+ * @param pThisCC The VMMDev ring-3 instance data.
+ */
+void vmmdevR3HgcmDestroy(PPDMDEVINS pDevIns, PVMMDEV pThis, PVMMDEVCC pThisCC)
+{
+ LogFlowFunc(("\n"));
+
+ if (RTCritSectIsInitialized(&pThisCC->critsectHGCMCmdList))
+ {
+ PVBOXHGCMCMD pCmd, pNext;
+ RTListForEachSafe(&pThisCC->listHGCMCmd, pCmd, pNext, VBOXHGCMCMD, node)
+ {
+ vmmdevR3HgcmRemoveCommand(pThisCC, pCmd);
+ vmmdevR3HgcmCmdFree(pDevIns, pThis, pThisCC, pCmd);
+ }
+
+ RTCritSectDelete(&pThisCC->critsectHGCMCmdList);
+ }
+
+ AssertCompile(NIL_RTMEMCACHE == (RTMEMCACHE)0);
+ if (pThisCC->hHgcmCmdCache != NIL_RTMEMCACHE)
+ {
+ RTMemCacheDestroy(pThisCC->hHgcmCmdCache);
+ pThisCC->hHgcmCmdCache = NIL_RTMEMCACHE;
+ }
+}
+
+
+/**
+ * Initializes the HGCM specific state.
+ *
+ * Keeps VBOXHGCMCMDCACHED and friends local.
+ *
+ * @returns VBox status code.
+ * @param pThisCC The VMMDev ring-3 instance data.
+ */
+int vmmdevR3HgcmInit(PVMMDEVCC pThisCC)
+{
+ LogFlowFunc(("\n"));
+
+ RTListInit(&pThisCC->listHGCMCmd);
+
+ int rc = RTCritSectInit(&pThisCC->critsectHGCMCmdList);
+ AssertLogRelRCReturn(rc, rc);
+
+ rc = RTMemCacheCreate(&pThisCC->hHgcmCmdCache, sizeof(VBOXHGCMCMDCACHED), 64, _1M, NULL, NULL, NULL, 0);
+ AssertLogRelRCReturn(rc, rc);
+
+ pThisCC->u32HGCMEnabled = 0;
+
+ return VINF_SUCCESS;
+}
+