| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 29 Nov 2017 15:16:32 +0100
From: Hans de Goede <hdegoede@...hat.com>
To: Larry Finger <Larry.Finger@...inger.net>,
Arnd Bergmann <arnd@...db.de>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Cc: Michael Thayer <michael.thayer@...cle.com>,
"Knut St . Osmundsen" <knut.osmundsen@...cle.com>,
Christoph Hellwig <hch@...radead.org>,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH resend v2 3/3] virt: Add vboxguest driver for Virtual Box
Guest integration
Hi,
On 27-11-17 20:46, Larry Finger wrote:
> On 11/26/2017 09:12 AM, Hans de Goede wrote:
>> This commit adds a driver for the Virtual Box Guest PCI device used in
>> Virtual Box virtual machines. Enabling this driver will add support for
>> Virtual Box Guest integration features such as copy-and-paste, seamless
>> mode and OpenGL pass-through.
>>
>> This driver also offers vboxguest IPC functionality which is needed
>> for the vboxfs driver which offers folder sharing support.
>>
>> Signed-off-by: Hans de Goede <hdegoede@...hat.com>
>
> Reviewed-by: Larry Finger <Larry.Finger.net>
>
>
> Smatch lists the following:
>
> CHECK drivers/virt/vboxguest/vboxguest_core.c
> drivers/virt/vboxguest/vboxguest_core.c:604 vbg_set_session_event_filter() error: we previously assumed 'req' could be null (see line 585)
> drivers/virt/vboxguest/vboxguest_core.c:606 vbg_set_session_event_filter() warn: variable dereferenced before check 'req' (see line 604)
> drivers/virt/vboxguest/vboxguest_core.c:698 vbg_set_session_capabilities() error: we previously assumed 'req' could be null (see line 679)
> drivers/virt/vboxguest/vboxguest_core.c:700 vbg_set_session_capabilities() warn: variable dereferenced before check 'req' (see line 698)
Good idea to run smatch, thank you for catching these.
> vbox_utils.c is clean.
>
> The reasons for the above errors, and other comments inline below.
>
>> ---
>> Changes in v2:
>> -Change all uapi headers to kernel coding style: Drop struct and enum typedefs
>> make type and struct-member names all lowercase, enum values all uppercase.
>> -Remove unused struct type declarations from some headers (shaving of another
>> 1000 lines)
>> -Remove or fixup doxygen style comments
>> -Get rid of CHECK macros, use a function taking in_ and out_size args instead
>> -Some other small codyingstyle fixes
>> -Split into multiple patches
>> ---
>> drivers/virt/Kconfig | 1 +
>> drivers/virt/Makefile | 1 +
>> drivers/virt/vboxguest/Kconfig | 16 +
>> drivers/virt/vboxguest/Makefile | 3 +
>> drivers/virt/vboxguest/vboxguest_core.c | 1577 ++++++++++++++++++++++++++++
>> drivers/virt/vboxguest/vboxguest_core.h | 187 ++++
>> drivers/virt/vboxguest/vboxguest_linux.c | 469 +++++++++
>> drivers/virt/vboxguest/vboxguest_version.h | 18 +
>> 8 files changed, 2272 insertions(+)
>> create mode 100644 drivers/virt/vboxguest/Kconfig
>> create mode 100644 drivers/virt/vboxguest/Makefile
>> create mode 100644 drivers/virt/vboxguest/vboxguest_core.c
>> create mode 100644 drivers/virt/vboxguest/vboxguest_core.h
>> create mode 100644 drivers/virt/vboxguest/vboxguest_linux.c
>> create mode 100644 drivers/virt/vboxguest/vboxguest_version.h
>>
>> diff --git a/drivers/virt/Kconfig b/drivers/virt/Kconfig
>> index 99ebdde590f8..8d9cdfbd6bcc 100644
>> --- a/drivers/virt/Kconfig
>> +++ b/drivers/virt/Kconfig
>> @@ -30,4 +30,5 @@ config FSL_HV_MANAGER
>> 4) A kernel interface for receiving callbacks when a managed
>> partition shuts down.
>> +source "drivers/virt/vboxguest/Kconfig"
>> endif
>> diff --git a/drivers/virt/Makefile b/drivers/virt/Makefile
>> index c47f04dd343b..d3f7b2540890 100644
>> --- a/drivers/virt/Makefile
>> +++ b/drivers/virt/Makefile
>> @@ -3,3 +3,4 @@
>> #
>> obj-$(CONFIG_FSL_HV_MANAGER) += fsl_hypervisor.o
>> +obj-y += vboxguest/
>> diff --git a/drivers/virt/vboxguest/Kconfig b/drivers/virt/vboxguest/Kconfig
>> new file mode 100644
>> index 000000000000..e88ee46c31d4
>> --- /dev/null
>> +++ b/drivers/virt/vboxguest/Kconfig
>> @@ -0,0 +1,16 @@
>> +config VBOXGUEST
>> + tristate "Virtual Box Guest integration support"
>> + depends on X86 && PCI && INPUT
>> + help
>> + This is a driver for the Virtual Box Guest PCI device used in
>> + Virtual Box virtual machines. Enabling this driver will add
>> + support for Virtual Box Guest integration features such as
>> + copy-and-paste, seamless mode and OpenGL pass-through.
>> +
>> + This driver also offers vboxguest IPC functionality which is needed
>> + for the vboxfs driver which offers folder sharing support.
>> +
>> + Although it is possible to build this module in, it is advised
>> + to build this driver as a module, so that it can be updated
>> + independently of the kernel. Select M to build this driver as a
>> + module.
>
> This Kconfig allows vboxguest to be built even though vboxvideo is not being built. That does not seem to be a useful combination.
As discussed in the cover-letter thread, I agree this is not useful, but
adding a "depends on" is also not really the answer, so I've added this
line to the help section:
If you enable this driver you should also enable the VBOXVIDEO option.
>> diff --git a/drivers/virt/vboxguest/Makefile b/drivers/virt/vboxguest/Makefile
>> new file mode 100644
>> index 000000000000..203b8f465817
>> --- /dev/null
>> +++ b/drivers/virt/vboxguest/Makefile
>> @@ -0,0 +1,3 @@
>> +vboxguest-y := vboxguest_linux.o vboxguest_core.o vboxguest_utils.o
>> +
>> +obj-$(CONFIG_VBOXGUEST) += vboxguest.o
>> diff --git a/drivers/virt/vboxguest/vboxguest_core.c b/drivers/virt/vboxguest/vboxguest_core.c
>> new file mode 100644
>> index 000000000000..4927c0d3e336
>> --- /dev/null
>> +++ b/drivers/virt/vboxguest/vboxguest_core.c
>> @@ -0,0 +1,1577 @@
>> +/*
>> + * vboxguest core guest-device handling code, VBoxGuest.cpp in upstream svn.
>> + *
>> + * Copyright (C) 2007-2016 Oracle Corporation
>> + *
>> + * This program is free software; you can redistribute it and/or modify
>> + * it under the terms of the GNU General Public License version 2 as
>> + * published by the Free Software Foundation.
>> + *
>> + * The contents of this file may alternatively be used under the terms
>> + * of the Common Development and Distribution License Version 1.0
>> + * (CDDL) only, in which case the provisions of the CDDL are applicable
>> + * instead of those of the GPL.
>> + *
>> + * You may elect to license modified versions of this file under the
>> + * terms and conditions of either the GPL or the CDDL or both.
>> + */
>> +
>> +#include <linux/device.h>
>> +#include <linux/mm.h>
>> +#include <linux/sched.h>
>> +#include <linux/sizes.h>
>> +#include <linux/slab.h>
>> +#include <linux/vbox_err.h>
>> +#include <linux/vbox_utils.h>
>> +#include <linux/vmalloc.h>
>> +#include "vboxguest_core.h"
>> +#include "vboxguest_version.h"
>> +
>> +/* Get the pointer to the first HGCM parameter. */
>> +#define VBG_IOCTL_HGCM_CALL_PARMS(a) \
>> + ((struct vmmdev_hgcm_function_parameter *)( \
>> + (u8 *)(a) + sizeof(struct vbg_ioctl_hgcm_call)))
>> +/* Get the pointer to the first HGCM parameter in a 32-bit request. */
>> +#define VBG_IOCTL_HGCM_CALL_PARMS32(a) \
>> + ((struct vmmdev_hgcm_function_parameter32 *)( \
>> + (u8 *)(a) + sizeof(struct vbg_ioctl_hgcm_call)))
>> +
>> +#define GUEST_MAPPINGS_TRIES 5
>> +
>> +/**
>> + * Reserves memory in which the VMM can relocate any guest mappings
>> + * that are floating around.
>> + *
>> + * This operation is a little bit tricky since the VMM might not accept
>> + * just any address because of address clashes between the three contexts
>> + * it operates in, so we try several times.
>> + *
>> + * Failure to reserve the guest mappings is ignored.
>> + *
>> + * @gdev: The Guest extension device.
>> + */
>> +static void vbg_guest_mappings_init(struct vbg_dev *gdev)
>> +{
>> + struct vmmdev_hypervisorinfo *req;
>> + void *guest_mappings[GUEST_MAPPINGS_TRIES];
>> + struct page **pages = NULL;
>> + u32 size, hypervisor_size;
>> + int i, rc;
>> +
>> + /* Query the required space. */
>> + req = vbg_req_alloc(sizeof(*req), VMMDEVREQ_GET_HYPERVISOR_INFO);
>> + if (!req)
>> + return;
>> +
>> + req->hypervisor_start = 0;
>> + req->hypervisor_size = 0;
>> + rc = vbg_req_perform(gdev, req);
>> + if (rc < 0)
>> + goto out;
>> +
>> + /*
>> + * The VMM will report back if there is nothing it wants to map, like
>> + * for instance in VT-x and AMD-V mode.
>> + */
>> + if (req->hypervisor_size == 0)
>> + goto out;
>> +
>> + hypervisor_size = req->hypervisor_size;
>> + /* Add 4M so that we can align the vmap to 4MiB as the host requires. */
>> + size = PAGE_ALIGN(req->hypervisor_size) + SZ_4M;
>> +
>> + pages = kmalloc(sizeof(*pages) * (size >> PAGE_SHIFT), GFP_KERNEL);
>> + if (!pages)
>> + goto out;
>> +
>> + gdev->guest_mappings_dummy_page = alloc_page(GFP_HIGHUSER);
>> + if (!gdev->guest_mappings_dummy_page)
>> + goto out;
>> +
>> + for (i = 0; i < (size >> PAGE_SHIFT); i++)
>> + pages[i] = gdev->guest_mappings_dummy_page;
>> +
>> + /* Try several times, the host can be picky about certain addresses. */
>
> This comment should repeat that address clashes could be due to the different contexts. When I read this the first time, I had missed the comment above, and I expect that other readers might make the same mistake.
Ok, fixed for v3.
>> + for (i = 0; i < GUEST_MAPPINGS_TRIES; i++) {
>> + guest_mappings[i] = vmap(pages, (size >> PAGE_SHIFT),
>> + VM_MAP, PAGE_KERNEL_RO);
>> + if (!guest_mappings[i])
>> + break;
>> +
>> + req->header.request_type = VMMDEVREQ_SET_HYPERVISOR_INFO;
>> + req->header.rc = VERR_INTERNAL_ERROR;
>> + req->hypervisor_size = hypervisor_size;
>> + req->hypervisor_start =
>> + (unsigned long)PTR_ALIGN(guest_mappings[i], SZ_4M);
>> +
>> + rc = vbg_req_perform(gdev, req);
>> + if (rc >= 0) {
>> + gdev->guest_mappings = guest_mappings[i];
>> + break;
>> + }
>> + }
>> +
>> + /* Free vmap's from failed attempts. */
>> + while (--i >= 0)
>> + vunmap(guest_mappings[i]);
>> +
>> + /* On failure free the dummy-page backing the vmap */
>> + if (!gdev->guest_mappings) {
>> + __free_page(gdev->guest_mappings_dummy_page);
>> + gdev->guest_mappings_dummy_page = NULL;
>> + }
>> +
>> +out:
>> + kfree(req);
>> + kfree(pages);
>> +}
>> +
>> +/**
>> + * Undo what vbg_guest_mappings_init did.
>> + *
>> + * @gdev: The Guest extension device.
>> + */
>> +static void vbg_guest_mappings_exit(struct vbg_dev *gdev)
>> +{
>> + struct vmmdev_hypervisorinfo *req;
>> + int rc;
>> +
>> + if (!gdev->guest_mappings)
>> + return;
>> +
>> + /*
>> + * Tell the host that we're going to free the memory we reserved for
>> + * it, the free it up. (Leak the memory if anything goes wrong here.)
>> + */
>> + req = vbg_req_alloc(sizeof(*req), VMMDEVREQ_SET_HYPERVISOR_INFO);
>> + if (!req)
>> + return;
>> +
>> + req->hypervisor_start = 0;
>> + req->hypervisor_size = 0;
>> +
>> + rc = vbg_req_perform(gdev, req);
>> +
>> + kfree(req);
>> +
>> + if (rc < 0) {
>> + vbg_err("%s error: %d\n", __func__, rc);
>> + return;
>> + }
>> +
>> + vunmap(gdev->guest_mappings);
>> + gdev->guest_mappings = NULL;
>> +
>> + __free_page(gdev->guest_mappings_dummy_page);
>> + gdev->guest_mappings_dummy_page = NULL;
>> +}
>> +
>> +/**
>> + * Report the guest information to the host.
>> + * Return: 0 or negative errno value.
>> + * @gdev: The Guest extension device.
>> + */
>> +static int vbg_report_guest_info(struct vbg_dev *gdev)
>> +{
>> + /*
>> + * Allocate and fill in the two guest info reports.
>> + */
>> + struct vmmdev_guest_info *req1 = NULL;
>> + struct vmmdev_guest_info2 *req2 = NULL;
>> + int rc, ret = -ENOMEM;
>> +
>> + req1 = vbg_req_alloc(sizeof(*req1), VMMDEVREQ_REPORT_GUEST_INFO);
>> + req2 = vbg_req_alloc(sizeof(*req2), VMMDEVREQ_REPORT_GUEST_INFO2);
>> + if (!req1 || !req2)
>> + goto out_free;
>> +
>> + req1->interface_version = VMMDEV_VERSION;
>> + req1->os_type = VMMDEV_OSTYPE_LINUX26;
>> +#if __BITS_PER_LONG == 64
>> + req1->os_type |= VMMDEV_OSTYPE_X64;
>> +#endif
>> +
>> + req2->additions_major = VBG_VERSION_MAJOR;
>> + req2->additions_minor = VBG_VERSION_MINOR;
>> + req2->additions_build = VBG_VERSION_BUILD;
>> + req2->additions_revision = VBG_SVN_REV;
>> + /* (no features defined yet) */
>> + req2->additions_features = 0;
>> + strlcpy(req2->name, VBG_VERSION_STRING,
>> + sizeof(req2->name));
>> +
>> + /*
>> + * There are two protocols here:
>> + * 1. INFO2 + INFO1. Supported by >=3.2.51.
>> + * 2. INFO1 and optionally INFO2. The old protocol.
>> + *
>> + * We try protocol 2 first. It will fail with VERR_NOT_SUPPORTED
>> + * if not supported by the VMMDev (message ordering requirement).
>> + */
>> + rc = vbg_req_perform(gdev, req2);
>> + if (rc >= 0) {
>> + rc = vbg_req_perform(gdev, req1);
>> + } else if (rc == VERR_NOT_SUPPORTED || rc == VERR_NOT_IMPLEMENTED) {
>> + rc = vbg_req_perform(gdev, req1);
>> + if (rc >= 0) {
>> + rc = vbg_req_perform(gdev, req2);
>> + if (rc == VERR_NOT_IMPLEMENTED)
>> + rc = VINF_SUCCESS;
>> + }
>> + }
>> + ret = vbg_status_code_to_errno(rc);
>> +
>> +out_free:
>> + kfree(req2);
>> + kfree(req1);
>> + return ret;
>> +}
>> +
>> +/**
>> + * Report the guest driver status to the host.
>> + * Return: 0 or negative errno value.
>> + * @gdev: The Guest extension device.
>> + * @active: Flag whether the driver is now active or not.
>> + */
>> +static int vbg_report_driver_status(struct vbg_dev *gdev, bool active)
>> +{
>> + struct vmmdev_guest_status *req;
>> + int rc;
>> +
>> + req = vbg_req_alloc(sizeof(*req), VMMDEVREQ_REPORT_GUEST_STATUS);
>> + if (!req)
>> + return -ENOMEM;
>> +
>> + req->facility = VBOXGUEST_FACILITY_TYPE_VBOXGUEST_DRIVER;
>> + if (active)
>> + req->status = VBOXGUEST_FACILITY_STATUS_ACTIVE;
>> + else
>> + req->status = VBOXGUEST_FACILITY_STATUS_INACTIVE;
>> + req->flags = 0;
>> +
>> + rc = vbg_req_perform(gdev, req);
>> + if (rc == VERR_NOT_IMPLEMENTED) /* Compatibility with older hosts. */
>> + rc = VINF_SUCCESS;
>> +
>> + kfree(req);
>> +
>> + return vbg_status_code_to_errno(rc);
>> +}
>> +
>> +/**
>> + * Inflate the balloon by one chunk. The caller owns the balloon mutex.
>> + * Return: 0 or negative errno value.
>> + * @gdev: The Guest extension device.
>> + * @chunk_idx: Index of the chunk.
>> + */
>> +static int vbg_balloon_inflate(struct vbg_dev *gdev, u32 chunk_idx)
>> +{
>> + struct vmmdev_memballoon_change *req = gdev->mem_balloon.change_req;
>> + struct page **pages;
>> + int i, rc, ret;
>> +
>> + pages = kmalloc(sizeof(*pages) * VMMDEV_MEMORY_BALLOON_CHUNK_PAGES,
>> + GFP_KERNEL | __GFP_NOWARN);
>> + if (!pages)
>> + return -ENOMEM;
>> +
>> + req->header.size = sizeof(*req);
>> + req->inflate = true;
>> + req->pages = VMMDEV_MEMORY_BALLOON_CHUNK_PAGES;
>> +
>> + for (i = 0; i < VMMDEV_MEMORY_BALLOON_CHUNK_PAGES; i++) {
>> + pages[i] = alloc_page(GFP_KERNEL | __GFP_NOWARN);
>> + if (!pages[i]) {
>> + ret = -ENOMEM;
>> + goto out_error;
>> + }
>> +
>> + req->phys_page[i] = page_to_phys(pages[i]);
>> + }
>> +
>> + rc = vbg_req_perform(gdev, req);
>> + if (rc < 0) {
>> + vbg_err("%s error, rc: %d\n", __func__, rc);
>> + ret = vbg_status_code_to_errno(rc);
>> + goto out_error;
>> + }
>> +
>> + gdev->mem_balloon.pages[chunk_idx] = pages;
>> +
>> + return 0;
>> +
>> +out_error:
>> + while (--i >= 0)
>> + __free_page(pages[i]);
>> + kfree(pages);
>> +
>> + return ret;
>> +}
>> +
>> +/**
>> + * Deflate the balloon by one chunk. The caller owns the balloon mutex.
>> + * Return: 0 or negative errno value.
>> + * @gdev: The Guest extension device.
>> + * @chunk_idx: Index of the chunk.
>> + */
>> +static int vbg_balloon_deflate(struct vbg_dev *gdev, u32 chunk_idx)
>> +{
>> + struct vmmdev_memballoon_change *req = gdev->mem_balloon.change_req;
>> + struct page **pages = gdev->mem_balloon.pages[chunk_idx];
>> + int i, rc;
>> +
>> + req->header.size = sizeof(*req);
>> + req->inflate = false;
>> + req->pages = VMMDEV_MEMORY_BALLOON_CHUNK_PAGES;
>> +
>> + for (i = 0; i < VMMDEV_MEMORY_BALLOON_CHUNK_PAGES; i++)
>> + req->phys_page[i] = page_to_phys(pages[i]);
>> +
>> + rc = vbg_req_perform(gdev, req);
>> + if (rc < 0) {
>> + vbg_err("%s error, rc: %d\n", __func__, rc);
>> + return vbg_status_code_to_errno(rc);
>> + }
>> +
>> + for (i = 0; i < VMMDEV_MEMORY_BALLOON_CHUNK_PAGES; i++)
>> + __free_page(pages[i]);
>> + kfree(pages);
>> + gdev->mem_balloon.pages[chunk_idx] = NULL;
>> +
>> + return 0;
>> +}
>> +
>> +/**
>> + * Respond to VMMDEV_EVENT_BALLOON_CHANGE_REQUEST events, query the size
>> + * the host wants the balloon to be and adjust accordingly.
>> + */
>> +static void vbg_balloon_work(struct work_struct *work)
>> +{
>> + struct vbg_dev *gdev =
>> + container_of(work, struct vbg_dev, mem_balloon.work);
>> + struct vmmdev_memballoon_info *req = gdev->mem_balloon.get_req;
>> + u32 i, chunks;
>> + int rc, ret;
>> +
>> + /*
>> + * Setting this bit means that we request the value from the host and
>> + * change the guest memory balloon according to the returned value.
>> + */
>> + req->event_ack = VMMDEV_EVENT_BALLOON_CHANGE_REQUEST;
>> + rc = vbg_req_perform(gdev, req);
>> + if (rc < 0) {
>> + vbg_err("%s error, rc: %d)\n", __func__, rc);
>> + return;
>> + }
>> +
>> + /*
>> + * The host always returns the same maximum amount of chunks, so
>> + * we do this once.
>> + */
>> + if (!gdev->mem_balloon.max_chunks) {
>> + gdev->mem_balloon.pages =
>> + devm_kcalloc(gdev->dev, req->phys_mem_chunks,
>> + sizeof(struct page **), GFP_KERNEL);
>> + if (!gdev->mem_balloon.pages)
>> + return;
>> +
>> + gdev->mem_balloon.max_chunks = req->phys_mem_chunks;
>> + }
>> +
>> + chunks = req->balloon_chunks;
>> + if (chunks > gdev->mem_balloon.max_chunks) {
>> + vbg_err("%s: illegal balloon size %u (max=%u)\n",
>> + __func__, chunks, gdev->mem_balloon.max_chunks);
>> + return;
>> + }
>> +
>> + if (chunks > gdev->mem_balloon.chunks) {
>> + /* inflate */
>> + for (i = gdev->mem_balloon.chunks; i < chunks; i++) {
>> + ret = vbg_balloon_inflate(gdev, i);
>> + if (ret < 0)
>> + return;
>> +
>> + gdev->mem_balloon.chunks++;
>> + }
>> + } else {
>> + /* deflate */
>> + for (i = gdev->mem_balloon.chunks; i-- > chunks;) {
>> + ret = vbg_balloon_deflate(gdev, i);
>> + if (ret < 0)
>> + return;
>> +
>> + gdev->mem_balloon.chunks--;
>> + }
>> + }
>> +}
>> +
>> +/**
>> + * Callback for heartbeat timer.
>> + */
>> +static void vbg_heartbeat_timer(struct timer_list *t)
>> +{
>> + struct vbg_dev *gdev = from_timer(gdev, t, heartbeat_timer);
>> +
>> + vbg_req_perform(gdev, gdev->guest_heartbeat_req);
>> + mod_timer(&gdev->heartbeat_timer,
>> + msecs_to_jiffies(gdev->heartbeat_interval_ms));
>> +}
>> +
>> +/**
>> + * Configure the host to check guest's heartbeat
>> + * and get heartbeat interval from the host.
>> + * Return: 0 or negative errno value.
>> + * @gdev: The Guest extension device.
>> + * @enabled: Set true to enable guest heartbeat checks on host.
>> + */
>> +static int vbg_heartbeat_host_config(struct vbg_dev *gdev, bool enabled)
>> +{
>> + struct vmmdev_heartbeat *req;
>> + int rc;
>> +
>> + req = vbg_req_alloc(sizeof(*req), VMMDEVREQ_HEARTBEAT_CONFIGURE);
>> + if (!req)
>> + return -ENOMEM;
>> +
>> + req->enabled = enabled;
>> + req->interval_ns = 0;
>> + rc = vbg_req_perform(gdev, req);
>> + do_div(req->interval_ns, 1000000); /* ns -> ms */
>> + gdev->heartbeat_interval_ms = req->interval_ns;
>> + kfree(req);
>> +
>> + return vbg_status_code_to_errno(rc);
>> +}
>> +
>> +/**
>> + * Initializes the heartbeat timer. This feature may be disabled by the host.
>> + * Return: 0 or negative errno value.
>> + * @gdev: The Guest extension device.
>> + */
>> +static int vbg_heartbeat_init(struct vbg_dev *gdev)
>> +{
>> + int ret;
>> +
>> + /* Make sure that heartbeat checking is disabled if we fail. */
>> + ret = vbg_heartbeat_host_config(gdev, false);
>> + if (ret < 0)
>> + return ret;
>> +
>> + ret = vbg_heartbeat_host_config(gdev, true);
>> + if (ret < 0)
>> + return ret;
>> +
>> + /*
>> + * Preallocate the request to use it from the timer callback because:
>> + * 1) on Windows vbg_req_alloc must be called at IRQL <= APC_LEVEL
>> + * and the timer callback runs at DISPATCH_LEVEL;
>> + * 2) avoid repeated allocations.
>> + */
>> + gdev->guest_heartbeat_req = vbg_req_alloc(
>> + sizeof(*gdev->guest_heartbeat_req),
>> + VMMDEVREQ_GUEST_HEARTBEAT);
>> + if (!gdev->guest_heartbeat_req)
>> + return -ENOMEM;
>> +
>> + vbg_info("%s: Setting up heartbeat to trigger every %d milliseconds\n",
>> + __func__, gdev->heartbeat_interval_ms);
>> + mod_timer(&gdev->heartbeat_timer, 0);
>> +
>> + return 0;
>> +}
>> +
>> +/**
>> + * Cleanup hearbeat code, stop HB timer and disable host heartbeat checking.
>> + * @gdev: The Guest extension device.
>> + */
>> +static void vbg_heartbeat_exit(struct vbg_dev *gdev)
>> +{
>> + del_timer_sync(&gdev->heartbeat_timer);
>> + vbg_heartbeat_host_config(gdev, false);
>> + kfree(gdev->guest_heartbeat_req);
>> +
>> +}
>> +
>> +/**
>> + * Applies a change to the bit usage tracker.
>> + * Return: true if the mask changed, false if not.
>> + * @tracker: The bit usage tracker.
>> + * @changed: The bits to change.
>> + * @previous: The previous value of the bits.
>> + */
>> +static bool vbg_track_bit_usage(struct vbg_bit_usage_tracker *tracker,
>> + u32 changed, u32 previous)
>> +{
>> + bool global_change = false;
>> +
>> + while (changed) {
>> + u32 bit = ffs(changed) - 1;
>> + u32 bitmask = BIT(bit);
>> +
>> + if (bitmask & previous) {
>> + tracker->per_bit_usage[bit] -= 1;
>> + if (tracker->per_bit_usage[bit] == 0) {
>> + global_change = true;
>> + tracker->mask &= ~bitmask;
>> + }
>> + } else {
>> + tracker->per_bit_usage[bit] += 1;
>> + if (tracker->per_bit_usage[bit] == 1) {
>> + global_change = true;
>> + tracker->mask |= bitmask;
>> + }
>> + }
>> +
>> + changed &= ~bitmask;
>> + }
>> +
>> + return global_change;
>> +}
>> +
>> +/**
>> + * Init and termination worker for resetting the (host) event filter on the host
>> + * Return: 0 or negative errno value.
>> + * @gdev: The Guest extension device.
>> + * @fixed_events: Fixed events (init time).
>> + */
>> +static int vbg_reset_host_event_filter(struct vbg_dev *gdev,
>> + u32 fixed_events)
>> +{
>> + struct vmmdev_mask *req;
>> + int rc;
>> +
>> + req = vbg_req_alloc(sizeof(*req), VMMDEVREQ_CTL_GUEST_FILTER_MASK);
>> + if (!req)
>> + return -ENOMEM;
>> +
>> + req->not_mask = U32_MAX & ~fixed_events;
>> + req->or_mask = fixed_events;
>> + rc = vbg_req_perform(gdev, req);
>> + if (rc < 0)
>> + vbg_err("%s error, rc: %d\n", __func__, rc);
>> +
>> + kfree(req);
>> + return vbg_status_code_to_errno(rc);
>> +}
>> +
>> +/**
>> + * Changes the event filter mask for the given session.
>> + *
>> + * This is called in response to VBG_IOCTL_CHANGE_FILTER_MASK as well as to
>> + * do session cleanup. Takes the session spinlock.
>> + *
>> + * Return: 0 or negative errno value.
>> + * @gdev: The Guest extension device.
>> + * @session: The session.
>> + * @or_mask: The events to add.
>> + * @not_mask: The events to remove.
>> + * @session_termination: Set if we're called by the session cleanup code.
>> + * This tweaks the error handling so we perform
>> + * proper session cleanup even if the host
>> + * misbehaves.
>> + */
>> +static int vbg_set_session_event_filter(struct vbg_dev *gdev,
>> + struct vbg_session *session,
>> + u32 or_mask, u32 not_mask,
>> + bool session_termination)
>> +{
>> + struct vmmdev_mask *req;
>> + u32 changed, previous;
>> + int rc, ret = 0;
>> +
>> + /* Allocate a request buffer before taking the spinlock */
>> + req = vbg_req_alloc(sizeof(*req), VMMDEVREQ_CTL_GUEST_FILTER_MASK);
>> + if (!req) {
>> + if (!session_termination)
>> + return -ENOMEM;
>> + /* Ignore failure, we must do session cleanup. */
>
> The comment should say "Ignore allocation failure ...", but that leads to problems below.
Ok, fixed for v3.
>> + }
>> +
>> + mutex_lock(&gdev->session_mutex);
>> +
>> + /* Apply the changes to the session mask. */
>> + previous = session->event_filter;
>> + session->event_filter |= or_mask;
>> + session->event_filter &= ~not_mask;
>> +
>> + /* If anything actually changed, update the global usage counters. */
>> + changed = previous ^ session->event_filter;
>> + if (!changed)
>> + goto out;
>> +
>> + vbg_track_bit_usage(&gdev->event_filter_tracker, changed, previous);
>> + req->or_mask = gdev->fixed_events | gdev->event_filter_tracker.mask;
>
> At this point, req could be NULL. I'm not sure what session cleanup is needed if req is NULL and session_termination is not, but it needs to be split out.
Right, I've solved this by using a local or_mask variable and ...
>> +
>> + if (gdev->event_filter_host == req->or_mask || !req)
>> + goto out;
>> +
>> + gdev->event_filter_host = req->or_mask;
>> + req->not_mask = ~req->or_mask;
Assigning that to req->or_mask here, after the !req check.
>> + rc = vbg_req_perform(gdev, req);
>> + if (rc < 0) {
>> + ret = vbg_status_code_to_errno(rc);
>> +
>> + /* Failed, roll back (unless it's session termination time). */
>> + gdev->event_filter_host = U32_MAX;
>> + if (session_termination)
>> + goto out;
>> +
>> + vbg_track_bit_usage(&gdev->event_filter_tracker, changed,
>> + session->event_filter);
>> + session->event_filter = previous;
>> + }
>> +
>> +out:
>> + mutex_unlock(&gdev->session_mutex);
>> + kfree(req);
>> +
>> + return ret;
>> +}
>> +
>> +/**
>> + * Init and termination worker for set guest capabilities to zero on the host.
>> + * Return: 0 or negative errno value.
>> + * @gdev: The Guest extension device.
>> + */
>> +static int vbg_reset_host_capabilities(struct vbg_dev *gdev)
>> +{
>> + struct vmmdev_mask *req;
>> + int rc;
>> +
>> + req = vbg_req_alloc(sizeof(*req), VMMDEVREQ_SET_GUEST_CAPABILITIES);
>> + if (!req)
>> + return -ENOMEM;
>> +
>> + req->not_mask = U32_MAX;
>> + req->or_mask = 0;
>> + rc = vbg_req_perform(gdev, req);
>> + if (rc < 0)
>> + vbg_err("%s error, rc: %d\n", __func__, rc);
>> +
>> + kfree(req);
>> + return vbg_status_code_to_errno(rc);
>> +}
>> +
>> +/**
>> + * Sets the guest capabilities for a session. Takes the session spinlock.
>> + * Return: 0 or negative errno value.
>> + * @gdev: The Guest extension device.
>> + * @session: The session.
>> + * @or_mask: The capabilities to add.
>> + * @not_mask: The capabilities to remove.
>> + * @session_termination: Set if we're called by the session cleanup code.
>> + * This tweaks the error handling so we perform
>> + * proper session cleanup even if the host
>> + * misbehaves.
>> + */
>> +static int vbg_set_session_capabilities(struct vbg_dev *gdev,
>> + struct vbg_session *session,
>> + u32 or_mask, u32 not_mask,
>> + bool session_termination)
>> +{
>> + struct vmmdev_mask *req;
>> + u32 changed, previous;
>> + int rc, ret = 0;
>> +
>> + /* Allocate a request buffer before taking the spinlock */
>> + req = vbg_req_alloc(sizeof(*req), VMMDEVREQ_SET_GUEST_CAPABILITIES);
>> + if (!req) {
>> + if (!session_termination)
>> + return -ENOMEM;
>> + /* Ignore failure, we must do session cleanup. */
>
> This comment should also be changed.
Ack, also fixed.
>> + }
>> +
>> + mutex_lock(&gdev->session_mutex);
>> +
>> + /* Apply the changes to the session mask. */
>> + previous = session->guest_caps;
>> + session->guest_caps |= or_mask;
>> + session->guest_caps &= ~not_mask;
>> +
>> + /* If anything actually changed, update the global usage counters. */
>> + changed = previous ^ session->guest_caps;
>> + if (!changed)
>> + goto out;
>> +
>> + vbg_track_bit_usage(&gdev->guest_caps_tracker, changed, previous);
>> + req->or_mask = gdev->guest_caps_tracker.mask;
>
> req can be NULL here.
Ack, fixed in the same way as above.
>> +
>> + if (gdev->guest_caps_host == req->or_mask || !req)
>> + goto out;
>> +
>> + gdev->guest_caps_host = req->or_mask;
>> + req->not_mask = ~req->or_mask;
>> + rc = vbg_req_perform(gdev, req);
>> + if (rc < 0) {
>> + ret = vbg_status_code_to_errno(rc);
>> +
>> + /* Failed, roll back (unless it's session termination time). */
>> + gdev->guest_caps_host = U32_MAX;
>> + if (session_termination)
>> + goto out;
>> +
>> + vbg_track_bit_usage(&gdev->guest_caps_tracker, changed,
>> + session->guest_caps);
>> + session->guest_caps = previous;
>> + }
>> +
>> +out:
>> + mutex_unlock(&gdev->session_mutex);
>> + kfree(req);
>> +
>> + return ret;
>> +}
<snip>
Regards,
Hans
Powered by blists - more mailing lists