static int vboxguestLinuxIOCtl(struct inode *pInode, struct file *pFilp, unsigned int uCmd, unsigned long ulArg)
#endif
{
PVBOXGUESTSESSION pSession = (PVBOXGUESTSESSION)pFilp->private_data;
uint32_t cbData = _IOC_SIZE(uCmd);
void *pvBufFree;
void *pvBuf;
int rc;
uint64_t au64Buf[32/sizeof(uint64_t)];
Log6(("vboxguestLinuxIOCtl: pFilp=%p uCmd=%#x ulArg=%p pid=%d/%d\n", pFilp, uCmd, (void *)ulArg, RTProcSelf(), current->pid));
/*
* Buffer the request.
*/
if (cbData <= sizeof(au64Buf))
{
pvBufFree = NULL;
pvBuf = &au64Buf[0];
}
else
{
pvBufFree = pvBuf = RTMemTmpAlloc(cbData);
if (RT_UNLIKELY(!pvBuf))
{
LogRel((DEVICE_NAME "::IOCtl: RTMemTmpAlloc failed to alloc %u bytes.\n", cbData));
return -ENOMEM;
}
}
if (RT_LIKELY(copy_from_user(pvBuf, (void *)ulArg, cbData) == 0))
{
/*
* Process the IOCtl.
*/
size_t cbDataReturned;
rc = VbgdCommonIoCtl(uCmd, &g_DevExt, pSession, pvBuf, cbData, &cbDataReturned);
/*
* Copy ioctl data and output buffer back to user space.
*/
if (RT_SUCCESS(rc))
{
rc = 0;
if (RT_UNLIKELY(cbDataReturned > cbData))
{
LogRel((DEVICE_NAME "::IOCtl: too much output data %u expected %u\n", cbDataReturned, cbData));
cbDataReturned = cbData;
}
if (cbDataReturned > 0)
{
if (RT_UNLIKELY(copy_to_user((void *)ulArg, pvBuf, cbDataReturned) != 0))
{
LogRel((DEVICE_NAME "::IOCtl: copy_to_user failed; pvBuf=%p ulArg=%p cbDataReturned=%u uCmd=%d\n",
pvBuf, (void *)ulArg, cbDataReturned, uCmd, rc));
rc = -EFAULT;
}
}
}
else
{
Log(("vboxguestLinuxIOCtl: pFilp=%p uCmd=%#x ulArg=%p failed, rc=%d\n", pFilp, uCmd, (void *)ulArg, rc));
rc = -rc; Assert(rc > 0); /* Positive returns == negated VBox error status codes. */
}
}
else
{
Log((DEVICE_NAME "::IOCtl: copy_from_user(,%#lx, %#x) failed; uCmd=%#x.\n", ulArg, cbData, uCmd));
rc = -EFAULT;
}
if (pvBufFree)
RTMemFree(pvBufFree);
Log6(("vboxguestLinuxIOCtl: returns %d (pid=%d/%d)\n", rc, RTProcSelf(), current->pid));
return rc;
}
/** Calls the kernel IOCtl to report mouse status to the host on behalf of
* our kernel session. */
static int vboxguestLinuxSetMouseStatus(uint32_t fStatus)
{
return VbgdCommonIoCtl(VBOXGUEST_IOCTL_SET_MOUSE_STATUS, &g_DevExt,
g_pKernelSession, &fStatus, sizeof(fStatus),
NULL);
}
/**
* Driver ioctl, an alternate entry point for this character driver.
*
* @param Dev Device number
* @param Cmd Operation identifier
* @param pArg Arguments from user to driver
* @param Mode Information bitfield (read/write, address space etc.)
* @param pCred User credentials
* @param pVal Return value for calling process.
*
* @return corresponding solaris error code.
*/
static int VBoxGuestSolarisIOCtl(dev_t Dev, int Cmd, intptr_t pArg, int Mode, cred_t *pCred, int *pVal)
{
LogFlow((DEVICE_NAME ":VBoxGuestSolarisIOCtl\n"));
/*
* Get the session from the soft state item.
*/
vboxguest_state_t *pState = ddi_get_soft_state(g_pVBoxGuestSolarisState, getminor(Dev));
if (!pState)
{
LogRel((DEVICE_NAME "::IOCtl: no state data for %d\n", getminor(Dev)));
return EINVAL;
}
PVBOXGUESTSESSION pSession = pState->pSession;
if (!pSession)
{
LogRel((DEVICE_NAME "::IOCtl: no session data for %d\n", getminor(Dev)));
return EINVAL;
}
/*
* Read and validate the request wrapper.
*/
VBGLBIGREQ ReqWrap;
if (IOCPARM_LEN(Cmd) != sizeof(ReqWrap))
{
LogRel((DEVICE_NAME "::IOCtl: bad request %#x size=%d expected=%d\n", Cmd, IOCPARM_LEN(Cmd), sizeof(ReqWrap)));
return ENOTTY;
}
int rc = ddi_copyin((void *)pArg, &ReqWrap, sizeof(ReqWrap), Mode);
if (RT_UNLIKELY(rc))
{
LogRel((DEVICE_NAME "::IOCtl: ddi_copyin failed to read header pArg=%p Cmd=%d. rc=%#x.\n", pArg, Cmd, rc));
return EINVAL;
}
if (ReqWrap.u32Magic != VBGLBIGREQ_MAGIC)
{
LogRel((DEVICE_NAME "::IOCtl: bad magic %#x; pArg=%p Cmd=%#x.\n", ReqWrap.u32Magic, pArg, Cmd));
return EINVAL;
}
if (RT_UNLIKELY(ReqWrap.cbData > _1M*16))
{
LogRel((DEVICE_NAME "::IOCtl: bad size %#x; pArg=%p Cmd=%#x.\n", ReqWrap.cbData, pArg, Cmd));
return EINVAL;
}
/*
* Read the request payload if any; requests like VBOXGUEST_IOCTL_CANCEL_ALL_WAITEVENTS have no data payload.
*/
void *pvBuf = NULL;
if (RT_LIKELY(ReqWrap.cbData > 0))
{
pvBuf = RTMemTmpAlloc(ReqWrap.cbData);
if (RT_UNLIKELY(!pvBuf))
{
LogRel((DEVICE_NAME "::IOCtl: RTMemTmpAlloc failed to alloc %d bytes.\n", ReqWrap.cbData));
return ENOMEM;
}
rc = ddi_copyin((void *)(uintptr_t)ReqWrap.pvDataR3, pvBuf, ReqWrap.cbData, Mode);
if (RT_UNLIKELY(rc))
{
RTMemTmpFree(pvBuf);
LogRel((DEVICE_NAME "::IOCtl: ddi_copyin failed; pvBuf=%p pArg=%p Cmd=%d. rc=%d\n", pvBuf, pArg, Cmd, rc));
return EFAULT;
}
if (RT_UNLIKELY(!VALID_PTR(pvBuf)))
{
RTMemTmpFree(pvBuf);
LogRel((DEVICE_NAME "::IOCtl: pvBuf invalid pointer %p\n", pvBuf));
return EINVAL;
}
}
Log((DEVICE_NAME "::IOCtl: pSession=%p pid=%d.\n", pSession, (int)RTProcSelf()));
/*
* Process the IOCtl.
*/
size_t cbDataReturned = 0;
rc = VbgdCommonIoCtl(Cmd, &g_DevExt, pSession, pvBuf, ReqWrap.cbData, &cbDataReturned);
if (RT_SUCCESS(rc))
{
rc = 0;
if (RT_UNLIKELY(cbDataReturned > ReqWrap.cbData))
{
LogRel((DEVICE_NAME "::IOCtl: too much output data %d expected %d\n", cbDataReturned, ReqWrap.cbData));
cbDataReturned = ReqWrap.cbData;
}
if (cbDataReturned > 0)
{
rc = ddi_copyout(pvBuf, (void *)(uintptr_t)ReqWrap.pvDataR3, cbDataReturned, Mode);
if (RT_UNLIKELY(rc))
{
LogRel((DEVICE_NAME "::IOCtl: ddi_copyout failed; pvBuf=%p pArg=%p cbDataReturned=%u Cmd=%d. rc=%d\n",
pvBuf, pArg, cbDataReturned, Cmd, rc));
rc = EFAULT;
}
}
}
else
{
/*
* We Log() instead of LogRel() here because VBOXGUEST_IOCTL_WAITEVENT can return VERR_TIMEOUT,
* VBOXGUEST_IOCTL_CANCEL_ALL_EVENTS can return VERR_INTERRUPTED and possibly more in the future;
* which are not really failures that require logging.
*/
Log((DEVICE_NAME "::IOCtl: VbgdCommonIoCtl failed. Cmd=%#x rc=%d\n", Cmd, rc));
if (rc == VERR_PERMISSION_DENIED) /* RTErrConvertToErrno() below will ring-0 debug assert if we don't do this. */
rc = VERR_ACCESS_DENIED;
rc = RTErrConvertToErrno(rc);
}
*pVal = rc;
if (pvBuf)
RTMemTmpFree(pvBuf);
return rc;
}
/**
* IOCTL handler
*
*/
static int VBoxGuestFreeBSDIOCtl(struct cdev *pDev, u_long ulCmd, caddr_t pvData, int fFile, struct thread *pTd)
{
LogFlow((DEVICE_NAME ":VBoxGuestFreeBSDIOCtl\n"));
int rc = 0;
/*
* Validate the input.
*/
PVBOXGUESTSESSION pSession = (PVBOXGUESTSESSION)pDev->si_drv1;
if (RT_UNLIKELY(!VALID_PTR(pSession)))
return EINVAL;
/*
* Validate the request wrapper.
*/
if (IOCPARM_LEN(ulCmd) != sizeof(VBGLBIGREQ))
{
Log((DEVICE_NAME ": VBoxGuestFreeBSDIOCtl: bad request %lu size=%lu expected=%d\n", ulCmd, IOCPARM_LEN(ulCmd), sizeof(VBGLBIGREQ)));
return ENOTTY;
}
PVBGLBIGREQ ReqWrap = (PVBGLBIGREQ)pvData;
if (ReqWrap->u32Magic != VBGLBIGREQ_MAGIC)
{
Log((DEVICE_NAME ": VBoxGuestFreeBSDIOCtl: bad magic %#x; pArg=%p Cmd=%lu.\n", ReqWrap->u32Magic, pvData, ulCmd));
return EINVAL;
}
if (RT_UNLIKELY( ReqWrap->cbData == 0
|| ReqWrap->cbData > _1M*16))
{
printf(DEVICE_NAME ": VBoxGuestFreeBSDIOCtl: bad size %#x; pArg=%p Cmd=%lu.\n", ReqWrap->cbData, pvData, ulCmd);
return EINVAL;
}
/*
* Read the request.
*/
void *pvBuf = RTMemTmpAlloc(ReqWrap->cbData);
if (RT_UNLIKELY(!pvBuf))
{
Log((DEVICE_NAME ":VBoxGuestFreeBSDIOCtl: RTMemTmpAlloc failed to alloc %d bytes.\n", ReqWrap->cbData));
return ENOMEM;
}
rc = copyin((void *)(uintptr_t)ReqWrap->pvDataR3, pvBuf, ReqWrap->cbData);
if (RT_UNLIKELY(rc))
{
RTMemTmpFree(pvBuf);
Log((DEVICE_NAME ":VBoxGuestFreeBSDIOCtl: copyin failed; pvBuf=%p pArg=%p Cmd=%lu. rc=%d\n", pvBuf, pvData, ulCmd, rc));
return EFAULT;
}
if (RT_UNLIKELY( ReqWrap->cbData != 0
&& !VALID_PTR(pvBuf)))
{
RTMemTmpFree(pvBuf);
Log((DEVICE_NAME ":VBoxGuestFreeBSDIOCtl: pvBuf invalid pointer %p\n", pvBuf));
return EINVAL;
}
Log((DEVICE_NAME ":VBoxGuestFreeBSDIOCtl: pSession=%p pid=%d.\n", pSession, (int)RTProcSelf()));
/*
* Process the IOCtl.
*/
size_t cbDataReturned;
rc = VbgdCommonIoCtl(ulCmd, &g_DevExt, pSession, pvBuf, ReqWrap->cbData, &cbDataReturned);
if (RT_SUCCESS(rc))
{
rc = 0;
if (RT_UNLIKELY(cbDataReturned > ReqWrap->cbData))
{
Log((DEVICE_NAME ":VBoxGuestFreeBSDIOCtl: too much output data %d expected %d\n", cbDataReturned, ReqWrap->cbData));
cbDataReturned = ReqWrap->cbData;
}
if (cbDataReturned > 0)
{
rc = copyout(pvBuf, (void *)(uintptr_t)ReqWrap->pvDataR3, cbDataReturned);
if (RT_UNLIKELY(rc))
{
Log((DEVICE_NAME ":VBoxGuestFreeBSDIOCtl: copyout failed; pvBuf=%p pArg=%p Cmd=%lu. rc=%d\n", pvBuf, pvData, ulCmd, rc));
rc = EFAULT;
}
}
}
else
{
Log((DEVICE_NAME ":VBoxGuestFreeBSDIOCtl: VbgdCommonIoCtl failed. rc=%d\n", rc));
rc = EFAULT;
}
RTMemTmpFree(pvBuf);
return rc;
}
/**
* Worker for VbgdDarwinIOCtl that takes the slow IOCtl functions.
*
* @returns Darwin errno.
*
* @param pSession The session.
* @param iCmd The IOCtl command.
* @param pData Pointer to the kernel copy of the data buffer.
* @param pProcess The calling process.
*/
static int VbgdDarwinIOCtlSlow(PVBOXGUESTSESSION pSession, u_long iCmd, caddr_t pData, struct proc *pProcess)
{
LogFlow(("VbgdDarwinIOCtlSlow: pSession=%p iCmd=%p pData=%p pProcess=%p\n", pSession, iCmd, pData, pProcess));
/*
* Buffered or unbuffered?
*/
void *pvReqData;
user_addr_t pUser = 0;
void *pvPageBuf = NULL;
uint32_t cbReq = IOCPARM_LEN(iCmd);
if ((IOC_DIRMASK & iCmd) == IOC_INOUT)
{
/*
* Raw buffered request data, common code validates it.
*/
pvReqData = pData;
}
else if ((IOC_DIRMASK & iCmd) == IOC_VOID && !cbReq)
{
/*
* Get the header and figure out how much we're gonna have to read.
*/
VBGLBIGREQ Hdr;
pUser = (user_addr_t)*(void **)pData;
int rc = copyin(pUser, &Hdr, sizeof(Hdr));
if (RT_UNLIKELY(rc))
{
Log(("VbgdDarwinIOCtlSlow: copyin(%llx,Hdr,) -> %#x; iCmd=%#lx\n", (unsigned long long)pUser, rc, iCmd));
return rc;
}
if (RT_UNLIKELY(Hdr.u32Magic != VBGLBIGREQ_MAGIC))
{
Log(("VbgdDarwinIOCtlSlow: bad magic u32Magic=%#x; iCmd=%#lx\n", Hdr.u32Magic, iCmd));
return EINVAL;
}
cbReq = Hdr.cbData;
if (RT_UNLIKELY(cbReq > _1M*16))
{
Log(("VbgdDarwinIOCtlSlow: %#x; iCmd=%#lx\n", Hdr.cbData, iCmd));
return EINVAL;
}
pUser = Hdr.pvDataR3;
/*
* Allocate buffer and copy in the data.
*/
pvReqData = RTMemTmpAlloc(cbReq);
if (!pvReqData)
pvPageBuf = pvReqData = IOMallocAligned(RT_ALIGN_Z(cbReq, PAGE_SIZE), 8);
if (RT_UNLIKELY(!pvReqData))
{
Log(("VbgdDarwinIOCtlSlow: failed to allocate buffer of %d bytes; iCmd=%#lx\n", cbReq, iCmd));
return ENOMEM;
}
rc = copyin(pUser, pvReqData, Hdr.cbData);
if (RT_UNLIKELY(rc))
{
Log(("VbgdDarwinIOCtlSlow: copyin(%llx,%p,%#x) -> %#x; iCmd=%#lx\n",
(unsigned long long)pUser, pvReqData, Hdr.cbData, rc, iCmd));
if (pvPageBuf)
IOFreeAligned(pvPageBuf, RT_ALIGN_Z(cbReq, PAGE_SIZE));
else
RTMemTmpFree(pvReqData);
return rc;
}
}
else
{
Log(("VbgdDarwinIOCtlSlow: huh? cbReq=%#x iCmd=%#lx\n", cbReq, iCmd));
return EINVAL;
}
/*
* Process the IOCtl.
*/
size_t cbReqRet = 0;
int rc = VbgdCommonIoCtl(iCmd, &g_DevExt, pSession, pvReqData, cbReq, &cbReqRet);
if (RT_SUCCESS(rc))
{
/*
* If not buffered, copy back the buffer before returning.
*/
if (pUser)
{
if (cbReqRet > cbReq)
{
Log(("VbgdDarwinIOCtlSlow: too much output! %#x > %#x; uCmd=%#lx!\n", cbReqRet, cbReq, iCmd));
cbReqRet = cbReq;
}
rc = copyout(pvReqData, pUser, cbReqRet);
if (RT_UNLIKELY(rc))
Log(("VbgdDarwinIOCtlSlow: copyout(%p,%llx,%#x) -> %d; uCmd=%#lx!\n",
pvReqData, (unsigned long long)pUser, cbReqRet, rc, iCmd));
/* cleanup */
if (pvPageBuf)
IOFreeAligned(pvPageBuf, RT_ALIGN_Z(cbReq, PAGE_SIZE));
else
RTMemTmpFree(pvReqData);
}
else
rc = 0;
}
else
{
/*
* The request failed, just clean up.
*/
if (pUser)
{
if (pvPageBuf)
IOFreeAligned(pvPageBuf, RT_ALIGN_Z(cbReq, PAGE_SIZE));
else
RTMemTmpFree(pvReqData);
}
Log(("VbgdDarwinIOCtlSlow: pid=%d iCmd=%lx pData=%p failed, rc=%d\n", proc_pid(pProcess), iCmd, (void *)pData, rc));
rc = EINVAL;
}
Log2(("VbgdDarwinIOCtlSlow: returns %d\n", rc));
return rc;
}
