Back to home page

OSCL-LXR
 
 

     

0001 /* SPDX-License-Identifier: (GPL-2.0 OR CDDL-1.0) */
0002 /*
0003  * vboxguest core guest-device handling code, VBoxGuest.cpp in upstream svn.
0004  *
0005  * Copyright (C) 2007-2016 Oracle Corporation
0006  */
0007 
0008 #include <linux/device.h>
0009 #include <linux/io.h>
0010 #include <linux/mm.h>
0011 #include <linux/sched.h>
0012 #include <linux/sizes.h>
0013 #include <linux/slab.h>
0014 #include <linux/vbox_err.h>
0015 #include <linux/vbox_utils.h>
0016 #include <linux/vmalloc.h>
0017 #include "vboxguest_core.h"
0018 #include "vboxguest_version.h"
0019 
0020 /* Get the pointer to the first HGCM parameter. */
0021 #define VBG_IOCTL_HGCM_CALL_PARMS(a) \
0022     ((struct vmmdev_hgcm_function_parameter *)( \
0023         (u8 *)(a) + sizeof(struct vbg_ioctl_hgcm_call)))
0024 /* Get the pointer to the first HGCM parameter in a 32-bit request. */
0025 #define VBG_IOCTL_HGCM_CALL_PARMS32(a) \
0026     ((struct vmmdev_hgcm_function_parameter32 *)( \
0027         (u8 *)(a) + sizeof(struct vbg_ioctl_hgcm_call)))
0028 
0029 #define GUEST_MAPPINGS_TRIES    5
0030 
0031 #define VBG_KERNEL_REQUEST \
0032     (VMMDEV_REQUESTOR_KERNEL | VMMDEV_REQUESTOR_USR_DRV | \
0033      VMMDEV_REQUESTOR_CON_DONT_KNOW | VMMDEV_REQUESTOR_TRUST_NOT_GIVEN)
0034 
0035 /**
0036  * Reserves memory in which the VMM can relocate any guest mappings
0037  * that are floating around.
0038  *
0039  * This operation is a little bit tricky since the VMM might not accept
0040  * just any address because of address clashes between the three contexts
0041  * it operates in, so we try several times.
0042  *
0043  * Failure to reserve the guest mappings is ignored.
0044  *
0045  * @gdev:       The Guest extension device.
0046  */
0047 static void vbg_guest_mappings_init(struct vbg_dev *gdev)
0048 {
0049     struct vmmdev_hypervisorinfo *req;
0050     void *guest_mappings[GUEST_MAPPINGS_TRIES];
0051     struct page **pages = NULL;
0052     u32 size, hypervisor_size;
0053     int i, rc;
0054 
0055     /* Query the required space. */
0056     req = vbg_req_alloc(sizeof(*req), VMMDEVREQ_GET_HYPERVISOR_INFO,
0057                 VBG_KERNEL_REQUEST);
0058     if (!req)
0059         return;
0060 
0061     req->hypervisor_start = 0;
0062     req->hypervisor_size = 0;
0063     rc = vbg_req_perform(gdev, req);
0064     if (rc < 0)
0065         goto out;
0066 
0067     /*
0068      * The VMM will report back if there is nothing it wants to map, like
0069      * for instance in VT-x and AMD-V mode.
0070      */
0071     if (req->hypervisor_size == 0)
0072         goto out;
0073 
0074     hypervisor_size = req->hypervisor_size;
0075     /* Add 4M so that we can align the vmap to 4MiB as the host requires. */
0076     size = PAGE_ALIGN(req->hypervisor_size) + SZ_4M;
0077 
0078     pages = kmalloc_array(size >> PAGE_SHIFT, sizeof(*pages), GFP_KERNEL);
0079     if (!pages)
0080         goto out;
0081 
0082     gdev->guest_mappings_dummy_page = alloc_page(GFP_HIGHUSER);
0083     if (!gdev->guest_mappings_dummy_page)
0084         goto out;
0085 
0086     for (i = 0; i < (size >> PAGE_SHIFT); i++)
0087         pages[i] = gdev->guest_mappings_dummy_page;
0088 
0089     /*
0090      * Try several times, the VMM might not accept some addresses because
0091      * of address clashes between the three contexts.
0092      */
0093     for (i = 0; i < GUEST_MAPPINGS_TRIES; i++) {
0094         guest_mappings[i] = vmap(pages, (size >> PAGE_SHIFT),
0095                      VM_MAP, PAGE_KERNEL_RO);
0096         if (!guest_mappings[i])
0097             break;
0098 
0099         req->header.request_type = VMMDEVREQ_SET_HYPERVISOR_INFO;
0100         req->header.rc = VERR_INTERNAL_ERROR;
0101         req->hypervisor_size = hypervisor_size;
0102         req->hypervisor_start =
0103             (unsigned long)PTR_ALIGN(guest_mappings[i], SZ_4M);
0104 
0105         rc = vbg_req_perform(gdev, req);
0106         if (rc >= 0) {
0107             gdev->guest_mappings = guest_mappings[i];
0108             break;
0109         }
0110     }
0111 
0112     /* Free vmap's from failed attempts. */
0113     while (--i >= 0)
0114         vunmap(guest_mappings[i]);
0115 
0116     /* On failure free the dummy-page backing the vmap */
0117     if (!gdev->guest_mappings) {
0118         __free_page(gdev->guest_mappings_dummy_page);
0119         gdev->guest_mappings_dummy_page = NULL;
0120     }
0121 
0122 out:
0123     vbg_req_free(req, sizeof(*req));
0124     kfree(pages);
0125 }
0126 
0127 /**
0128  * Undo what vbg_guest_mappings_init did.
0129  *
0130  * @gdev:       The Guest extension device.
0131  */
0132 static void vbg_guest_mappings_exit(struct vbg_dev *gdev)
0133 {
0134     struct vmmdev_hypervisorinfo *req;
0135     int rc;
0136 
0137     if (!gdev->guest_mappings)
0138         return;
0139 
0140     /*
0141      * Tell the host that we're going to free the memory we reserved for
0142      * it, the free it up. (Leak the memory if anything goes wrong here.)
0143      */
0144     req = vbg_req_alloc(sizeof(*req), VMMDEVREQ_SET_HYPERVISOR_INFO,
0145                 VBG_KERNEL_REQUEST);
0146     if (!req)
0147         return;
0148 
0149     req->hypervisor_start = 0;
0150     req->hypervisor_size = 0;
0151 
0152     rc = vbg_req_perform(gdev, req);
0153 
0154     vbg_req_free(req, sizeof(*req));
0155 
0156     if (rc < 0) {
0157         vbg_err("%s error: %d\n", __func__, rc);
0158         return;
0159     }
0160 
0161     vunmap(gdev->guest_mappings);
0162     gdev->guest_mappings = NULL;
0163 
0164     __free_page(gdev->guest_mappings_dummy_page);
0165     gdev->guest_mappings_dummy_page = NULL;
0166 }
0167 
0168 /**
0169  * Report the guest information to the host.
0170  * Return: 0 or negative errno value.
0171  * @gdev:       The Guest extension device.
0172  */
0173 static int vbg_report_guest_info(struct vbg_dev *gdev)
0174 {
0175     /*
0176      * Allocate and fill in the two guest info reports.
0177      */
0178     struct vmmdev_guest_info *req1 = NULL;
0179     struct vmmdev_guest_info2 *req2 = NULL;
0180     int rc, ret = -ENOMEM;
0181 
0182     req1 = vbg_req_alloc(sizeof(*req1), VMMDEVREQ_REPORT_GUEST_INFO,
0183                  VBG_KERNEL_REQUEST);
0184     req2 = vbg_req_alloc(sizeof(*req2), VMMDEVREQ_REPORT_GUEST_INFO2,
0185                  VBG_KERNEL_REQUEST);
0186     if (!req1 || !req2)
0187         goto out_free;
0188 
0189     req1->interface_version = VMMDEV_VERSION;
0190     req1->os_type = VMMDEV_OSTYPE_LINUX26;
0191 #if __BITS_PER_LONG == 64
0192     req1->os_type |= VMMDEV_OSTYPE_X64;
0193 #endif
0194 
0195     req2->additions_major = VBG_VERSION_MAJOR;
0196     req2->additions_minor = VBG_VERSION_MINOR;
0197     req2->additions_build = VBG_VERSION_BUILD;
0198     req2->additions_revision = VBG_SVN_REV;
0199     req2->additions_features =
0200         VMMDEV_GUEST_INFO2_ADDITIONS_FEATURES_REQUESTOR_INFO;
0201     strlcpy(req2->name, VBG_VERSION_STRING,
0202         sizeof(req2->name));
0203 
0204     /*
0205      * There are two protocols here:
0206      *      1. INFO2 + INFO1. Supported by >=3.2.51.
0207      *      2. INFO1 and optionally INFO2. The old protocol.
0208      *
0209      * We try protocol 2 first.  It will fail with VERR_NOT_SUPPORTED
0210      * if not supported by the VMMDev (message ordering requirement).
0211      */
0212     rc = vbg_req_perform(gdev, req2);
0213     if (rc >= 0) {
0214         rc = vbg_req_perform(gdev, req1);
0215     } else if (rc == VERR_NOT_SUPPORTED || rc == VERR_NOT_IMPLEMENTED) {
0216         rc = vbg_req_perform(gdev, req1);
0217         if (rc >= 0) {
0218             rc = vbg_req_perform(gdev, req2);
0219             if (rc == VERR_NOT_IMPLEMENTED)
0220                 rc = VINF_SUCCESS;
0221         }
0222     }
0223     ret = vbg_status_code_to_errno(rc);
0224 
0225 out_free:
0226     vbg_req_free(req2, sizeof(*req2));
0227     vbg_req_free(req1, sizeof(*req1));
0228     return ret;
0229 }
0230 
0231 /**
0232  * Report the guest driver status to the host.
0233  * Return: 0 or negative errno value.
0234  * @gdev:       The Guest extension device.
0235  * @active:     Flag whether the driver is now active or not.
0236  */
0237 static int vbg_report_driver_status(struct vbg_dev *gdev, bool active)
0238 {
0239     struct vmmdev_guest_status *req;
0240     int rc;
0241 
0242     req = vbg_req_alloc(sizeof(*req), VMMDEVREQ_REPORT_GUEST_STATUS,
0243                 VBG_KERNEL_REQUEST);
0244     if (!req)
0245         return -ENOMEM;
0246 
0247     req->facility = VBOXGUEST_FACILITY_TYPE_VBOXGUEST_DRIVER;
0248     if (active)
0249         req->status = VBOXGUEST_FACILITY_STATUS_ACTIVE;
0250     else
0251         req->status = VBOXGUEST_FACILITY_STATUS_INACTIVE;
0252     req->flags = 0;
0253 
0254     rc = vbg_req_perform(gdev, req);
0255     if (rc == VERR_NOT_IMPLEMENTED) /* Compatibility with older hosts. */
0256         rc = VINF_SUCCESS;
0257 
0258     vbg_req_free(req, sizeof(*req));
0259 
0260     return vbg_status_code_to_errno(rc);
0261 }
0262 
0263 /**
0264  * Inflate the balloon by one chunk. The caller owns the balloon mutex.
0265  * Return: 0 or negative errno value.
0266  * @gdev:       The Guest extension device.
0267  * @chunk_idx:      Index of the chunk.
0268  */
0269 static int vbg_balloon_inflate(struct vbg_dev *gdev, u32 chunk_idx)
0270 {
0271     struct vmmdev_memballoon_change *req = gdev->mem_balloon.change_req;
0272     struct page **pages;
0273     int i, rc, ret;
0274 
0275     pages = kmalloc_array(VMMDEV_MEMORY_BALLOON_CHUNK_PAGES,
0276                   sizeof(*pages),
0277                   GFP_KERNEL | __GFP_NOWARN);
0278     if (!pages)
0279         return -ENOMEM;
0280 
0281     req->header.size = sizeof(*req);
0282     req->inflate = true;
0283     req->pages = VMMDEV_MEMORY_BALLOON_CHUNK_PAGES;
0284 
0285     for (i = 0; i < VMMDEV_MEMORY_BALLOON_CHUNK_PAGES; i++) {
0286         pages[i] = alloc_page(GFP_KERNEL | __GFP_NOWARN);
0287         if (!pages[i]) {
0288             ret = -ENOMEM;
0289             goto out_error;
0290         }
0291 
0292         req->phys_page[i] = page_to_phys(pages[i]);
0293     }
0294 
0295     rc = vbg_req_perform(gdev, req);
0296     if (rc < 0) {
0297         vbg_err("%s error, rc: %d\n", __func__, rc);
0298         ret = vbg_status_code_to_errno(rc);
0299         goto out_error;
0300     }
0301 
0302     gdev->mem_balloon.pages[chunk_idx] = pages;
0303 
0304     return 0;
0305 
0306 out_error:
0307     while (--i >= 0)
0308         __free_page(pages[i]);
0309     kfree(pages);
0310 
0311     return ret;
0312 }
0313 
0314 /**
0315  * Deflate the balloon by one chunk. The caller owns the balloon mutex.
0316  * Return: 0 or negative errno value.
0317  * @gdev:       The Guest extension device.
0318  * @chunk_idx:      Index of the chunk.
0319  */
0320 static int vbg_balloon_deflate(struct vbg_dev *gdev, u32 chunk_idx)
0321 {
0322     struct vmmdev_memballoon_change *req = gdev->mem_balloon.change_req;
0323     struct page **pages = gdev->mem_balloon.pages[chunk_idx];
0324     int i, rc;
0325 
0326     req->header.size = sizeof(*req);
0327     req->inflate = false;
0328     req->pages = VMMDEV_MEMORY_BALLOON_CHUNK_PAGES;
0329 
0330     for (i = 0; i < VMMDEV_MEMORY_BALLOON_CHUNK_PAGES; i++)
0331         req->phys_page[i] = page_to_phys(pages[i]);
0332 
0333     rc = vbg_req_perform(gdev, req);
0334     if (rc < 0) {
0335         vbg_err("%s error, rc: %d\n", __func__, rc);
0336         return vbg_status_code_to_errno(rc);
0337     }
0338 
0339     for (i = 0; i < VMMDEV_MEMORY_BALLOON_CHUNK_PAGES; i++)
0340         __free_page(pages[i]);
0341     kfree(pages);
0342     gdev->mem_balloon.pages[chunk_idx] = NULL;
0343 
0344     return 0;
0345 }
0346 
0347 /**
0348  * Respond to VMMDEV_EVENT_BALLOON_CHANGE_REQUEST events, query the size
0349  * the host wants the balloon to be and adjust accordingly.
0350  */
0351 static void vbg_balloon_work(struct work_struct *work)
0352 {
0353     struct vbg_dev *gdev =
0354         container_of(work, struct vbg_dev, mem_balloon.work);
0355     struct vmmdev_memballoon_info *req = gdev->mem_balloon.get_req;
0356     u32 i, chunks;
0357     int rc, ret;
0358 
0359     /*
0360      * Setting this bit means that we request the value from the host and
0361      * change the guest memory balloon according to the returned value.
0362      */
0363     req->event_ack = VMMDEV_EVENT_BALLOON_CHANGE_REQUEST;
0364     rc = vbg_req_perform(gdev, req);
0365     if (rc < 0) {
0366         vbg_err("%s error, rc: %d)\n", __func__, rc);
0367         return;
0368     }
0369 
0370     /*
0371      * The host always returns the same maximum amount of chunks, so
0372      * we do this once.
0373      */
0374     if (!gdev->mem_balloon.max_chunks) {
0375         gdev->mem_balloon.pages =
0376             devm_kcalloc(gdev->dev, req->phys_mem_chunks,
0377                      sizeof(struct page **), GFP_KERNEL);
0378         if (!gdev->mem_balloon.pages)
0379             return;
0380 
0381         gdev->mem_balloon.max_chunks = req->phys_mem_chunks;
0382     }
0383 
0384     chunks = req->balloon_chunks;
0385     if (chunks > gdev->mem_balloon.max_chunks) {
0386         vbg_err("%s: illegal balloon size %u (max=%u)\n",
0387             __func__, chunks, gdev->mem_balloon.max_chunks);
0388         return;
0389     }
0390 
0391     if (chunks > gdev->mem_balloon.chunks) {
0392         /* inflate */
0393         for (i = gdev->mem_balloon.chunks; i < chunks; i++) {
0394             ret = vbg_balloon_inflate(gdev, i);
0395             if (ret < 0)
0396                 return;
0397 
0398             gdev->mem_balloon.chunks++;
0399         }
0400     } else {
0401         /* deflate */
0402         for (i = gdev->mem_balloon.chunks; i-- > chunks;) {
0403             ret = vbg_balloon_deflate(gdev, i);
0404             if (ret < 0)
0405                 return;
0406 
0407             gdev->mem_balloon.chunks--;
0408         }
0409     }
0410 }
0411 
0412 /**
0413  * Callback for heartbeat timer.
0414  */
0415 static void vbg_heartbeat_timer(struct timer_list *t)
0416 {
0417     struct vbg_dev *gdev = from_timer(gdev, t, heartbeat_timer);
0418 
0419     vbg_req_perform(gdev, gdev->guest_heartbeat_req);
0420     mod_timer(&gdev->heartbeat_timer,
0421           msecs_to_jiffies(gdev->heartbeat_interval_ms));
0422 }
0423 
0424 /**
0425  * Configure the host to check guest's heartbeat
0426  * and get heartbeat interval from the host.
0427  * Return: 0 or negative errno value.
0428  * @gdev:       The Guest extension device.
0429  * @enabled:        Set true to enable guest heartbeat checks on host.
0430  */
0431 static int vbg_heartbeat_host_config(struct vbg_dev *gdev, bool enabled)
0432 {
0433     struct vmmdev_heartbeat *req;
0434     int rc;
0435 
0436     req = vbg_req_alloc(sizeof(*req), VMMDEVREQ_HEARTBEAT_CONFIGURE,
0437                 VBG_KERNEL_REQUEST);
0438     if (!req)
0439         return -ENOMEM;
0440 
0441     req->enabled = enabled;
0442     req->interval_ns = 0;
0443     rc = vbg_req_perform(gdev, req);
0444     do_div(req->interval_ns, 1000000); /* ns -> ms */
0445     gdev->heartbeat_interval_ms = req->interval_ns;
0446     vbg_req_free(req, sizeof(*req));
0447 
0448     return vbg_status_code_to_errno(rc);
0449 }
0450 
0451 /**
0452  * Initializes the heartbeat timer. This feature may be disabled by the host.
0453  * Return: 0 or negative errno value.
0454  * @gdev:       The Guest extension device.
0455  */
0456 static int vbg_heartbeat_init(struct vbg_dev *gdev)
0457 {
0458     int ret;
0459 
0460     /* Make sure that heartbeat checking is disabled if we fail. */
0461     ret = vbg_heartbeat_host_config(gdev, false);
0462     if (ret < 0)
0463         return ret;
0464 
0465     ret = vbg_heartbeat_host_config(gdev, true);
0466     if (ret < 0)
0467         return ret;
0468 
0469     gdev->guest_heartbeat_req = vbg_req_alloc(
0470                     sizeof(*gdev->guest_heartbeat_req),
0471                     VMMDEVREQ_GUEST_HEARTBEAT,
0472                     VBG_KERNEL_REQUEST);
0473     if (!gdev->guest_heartbeat_req)
0474         return -ENOMEM;
0475 
0476     vbg_info("%s: Setting up heartbeat to trigger every %d milliseconds\n",
0477          __func__, gdev->heartbeat_interval_ms);
0478     mod_timer(&gdev->heartbeat_timer, 0);
0479 
0480     return 0;
0481 }
0482 
0483 /**
0484  * Cleanup hearbeat code, stop HB timer and disable host heartbeat checking.
0485  * @gdev:       The Guest extension device.
0486  */
0487 static void vbg_heartbeat_exit(struct vbg_dev *gdev)
0488 {
0489     del_timer_sync(&gdev->heartbeat_timer);
0490     vbg_heartbeat_host_config(gdev, false);
0491     vbg_req_free(gdev->guest_heartbeat_req,
0492              sizeof(*gdev->guest_heartbeat_req));
0493 }
0494 
0495 /**
0496  * Applies a change to the bit usage tracker.
0497  * Return: true if the mask changed, false if not.
0498  * @tracker:        The bit usage tracker.
0499  * @changed:        The bits to change.
0500  * @previous:       The previous value of the bits.
0501  */
0502 static bool vbg_track_bit_usage(struct vbg_bit_usage_tracker *tracker,
0503                 u32 changed, u32 previous)
0504 {
0505     bool global_change = false;
0506 
0507     while (changed) {
0508         u32 bit = ffs(changed) - 1;
0509         u32 bitmask = BIT(bit);
0510 
0511         if (bitmask & previous) {
0512             tracker->per_bit_usage[bit] -= 1;
0513             if (tracker->per_bit_usage[bit] == 0) {
0514                 global_change = true;
0515                 tracker->mask &= ~bitmask;
0516             }
0517         } else {
0518             tracker->per_bit_usage[bit] += 1;
0519             if (tracker->per_bit_usage[bit] == 1) {
0520                 global_change = true;
0521                 tracker->mask |= bitmask;
0522             }
0523         }
0524 
0525         changed &= ~bitmask;
0526     }
0527 
0528     return global_change;
0529 }
0530 
0531 /**
0532  * Init and termination worker for resetting the (host) event filter on the host
0533  * Return: 0 or negative errno value.
0534  * @gdev:          The Guest extension device.
0535  * @fixed_events:      Fixed events (init time).
0536  */
0537 static int vbg_reset_host_event_filter(struct vbg_dev *gdev,
0538                        u32 fixed_events)
0539 {
0540     struct vmmdev_mask *req;
0541     int rc;
0542 
0543     req = vbg_req_alloc(sizeof(*req), VMMDEVREQ_CTL_GUEST_FILTER_MASK,
0544                 VBG_KERNEL_REQUEST);
0545     if (!req)
0546         return -ENOMEM;
0547 
0548     req->not_mask = U32_MAX & ~fixed_events;
0549     req->or_mask = fixed_events;
0550     rc = vbg_req_perform(gdev, req);
0551     if (rc < 0)
0552         vbg_err("%s error, rc: %d\n", __func__, rc);
0553 
0554     vbg_req_free(req, sizeof(*req));
0555     return vbg_status_code_to_errno(rc);
0556 }
0557 
0558 /**
0559  * Changes the event filter mask for the given session.
0560  *
0561  * This is called in response to VBG_IOCTL_CHANGE_FILTER_MASK as well as to
0562  * do session cleanup. Takes the session mutex.
0563  *
0564  * Return: 0 or negative errno value.
0565  * @gdev:           The Guest extension device.
0566  * @session:            The session.
0567  * @or_mask:            The events to add.
0568  * @not_mask:           The events to remove.
0569  * @session_termination:    Set if we're called by the session cleanup code.
0570  *              This tweaks the error handling so we perform
0571  *              proper session cleanup even if the host
0572  *              misbehaves.
0573  */
0574 static int vbg_set_session_event_filter(struct vbg_dev *gdev,
0575                     struct vbg_session *session,
0576                     u32 or_mask, u32 not_mask,
0577                     bool session_termination)
0578 {
0579     struct vmmdev_mask *req;
0580     u32 changed, previous;
0581     int rc, ret = 0;
0582 
0583     /*
0584      * Allocate a request buffer before taking the spinlock, when
0585      * the session is being terminated the requestor is the kernel,
0586      * as we're cleaning up.
0587      */
0588     req = vbg_req_alloc(sizeof(*req), VMMDEVREQ_CTL_GUEST_FILTER_MASK,
0589                 session_termination ? VBG_KERNEL_REQUEST :
0590                           session->requestor);
0591     if (!req) {
0592         if (!session_termination)
0593             return -ENOMEM;
0594         /* Ignore allocation failure, we must do session cleanup. */
0595     }
0596 
0597     mutex_lock(&gdev->session_mutex);
0598 
0599     /* Apply the changes to the session mask. */
0600     previous = session->event_filter;
0601     session->event_filter |= or_mask;
0602     session->event_filter &= ~not_mask;
0603 
0604     /* If anything actually changed, update the global usage counters. */
0605     changed = previous ^ session->event_filter;
0606     if (!changed)
0607         goto out;
0608 
0609     vbg_track_bit_usage(&gdev->event_filter_tracker, changed, previous);
0610     or_mask = gdev->fixed_events | gdev->event_filter_tracker.mask;
0611 
0612     if (gdev->event_filter_host == or_mask || !req)
0613         goto out;
0614 
0615     gdev->event_filter_host = or_mask;
0616     req->or_mask = or_mask;
0617     req->not_mask = ~or_mask;
0618     rc = vbg_req_perform(gdev, req);
0619     if (rc < 0) {
0620         ret = vbg_status_code_to_errno(rc);
0621 
0622         /* Failed, roll back (unless it's session termination time). */
0623         gdev->event_filter_host = U32_MAX;
0624         if (session_termination)
0625             goto out;
0626 
0627         vbg_track_bit_usage(&gdev->event_filter_tracker, changed,
0628                     session->event_filter);
0629         session->event_filter = previous;
0630     }
0631 
0632 out:
0633     mutex_unlock(&gdev->session_mutex);
0634     vbg_req_free(req, sizeof(*req));
0635 
0636     return ret;
0637 }
0638 
0639 /**
0640  * Init and termination worker for set guest capabilities to zero on the host.
0641  * Return: 0 or negative errno value.
0642  * @gdev:       The Guest extension device.
0643  */
0644 static int vbg_reset_host_capabilities(struct vbg_dev *gdev)
0645 {
0646     struct vmmdev_mask *req;
0647     int rc;
0648 
0649     req = vbg_req_alloc(sizeof(*req), VMMDEVREQ_SET_GUEST_CAPABILITIES,
0650                 VBG_KERNEL_REQUEST);
0651     if (!req)
0652         return -ENOMEM;
0653 
0654     req->not_mask = U32_MAX;
0655     req->or_mask = 0;
0656     rc = vbg_req_perform(gdev, req);
0657     if (rc < 0)
0658         vbg_err("%s error, rc: %d\n", __func__, rc);
0659 
0660     vbg_req_free(req, sizeof(*req));
0661     return vbg_status_code_to_errno(rc);
0662 }
0663 
0664 /**
0665  * Set guest capabilities on the host.
0666  * Must be called with gdev->session_mutex hold.
0667  * Return: 0 or negative errno value.
0668  * @gdev:           The Guest extension device.
0669  * @session:            The session.
0670  * @session_termination:    Set if we're called by the session cleanup code.
0671  */
0672 static int vbg_set_host_capabilities(struct vbg_dev *gdev,
0673                      struct vbg_session *session,
0674                      bool session_termination)
0675 {
0676     struct vmmdev_mask *req;
0677     u32 caps;
0678     int rc;
0679 
0680     WARN_ON(!mutex_is_locked(&gdev->session_mutex));
0681 
0682     caps = gdev->acquired_guest_caps | gdev->set_guest_caps_tracker.mask;
0683 
0684     if (gdev->guest_caps_host == caps)
0685         return 0;
0686 
0687     /* On termination the requestor is the kernel, as we're cleaning up. */
0688     req = vbg_req_alloc(sizeof(*req), VMMDEVREQ_SET_GUEST_CAPABILITIES,
0689                 session_termination ? VBG_KERNEL_REQUEST :
0690                           session->requestor);
0691     if (!req) {
0692         gdev->guest_caps_host = U32_MAX;
0693         return -ENOMEM;
0694     }
0695 
0696     req->or_mask = caps;
0697     req->not_mask = ~caps;
0698     rc = vbg_req_perform(gdev, req);
0699     vbg_req_free(req, sizeof(*req));
0700 
0701     gdev->guest_caps_host = (rc >= 0) ? caps : U32_MAX;
0702 
0703     return vbg_status_code_to_errno(rc);
0704 }
0705 
0706 /**
0707  * Acquire (get exclusive access) guest capabilities for a session.
0708  * Takes the session mutex.
0709  * Return: 0 or negative errno value.
0710  * @gdev:           The Guest extension device.
0711  * @session:            The session.
0712  * @flags:          Flags (VBGL_IOC_AGC_FLAGS_XXX).
0713  * @or_mask:            The capabilities to add.
0714  * @not_mask:           The capabilities to remove.
0715  * @session_termination:    Set if we're called by the session cleanup code.
0716  *              This tweaks the error handling so we perform
0717  *              proper session cleanup even if the host
0718  *              misbehaves.
0719  */
0720 static int vbg_acquire_session_capabilities(struct vbg_dev *gdev,
0721                         struct vbg_session *session,
0722                         u32 or_mask, u32 not_mask,
0723                         u32 flags, bool session_termination)
0724 {
0725     unsigned long irqflags;
0726     bool wakeup = false;
0727     int ret = 0;
0728 
0729     mutex_lock(&gdev->session_mutex);
0730 
0731     if (gdev->set_guest_caps_tracker.mask & or_mask) {
0732         vbg_err("%s error: cannot acquire caps which are currently set\n",
0733             __func__);
0734         ret = -EINVAL;
0735         goto out;
0736     }
0737 
0738     /*
0739      * Mark any caps in the or_mask as now being in acquire-mode. Note
0740      * once caps are in acquire_mode they always stay in this mode.
0741      * This impacts event handling, so we take the event-lock.
0742      */
0743     spin_lock_irqsave(&gdev->event_spinlock, irqflags);
0744     gdev->acquire_mode_guest_caps |= or_mask;
0745     spin_unlock_irqrestore(&gdev->event_spinlock, irqflags);
0746 
0747     /* If we only have to switch the caps to acquire mode, we're done. */
0748     if (flags & VBGL_IOC_AGC_FLAGS_CONFIG_ACQUIRE_MODE)
0749         goto out;
0750 
0751     not_mask &= ~or_mask; /* or_mask takes priority over not_mask */
0752     not_mask &= session->acquired_guest_caps;
0753     or_mask &= ~session->acquired_guest_caps;
0754 
0755     if (or_mask == 0 && not_mask == 0)
0756         goto out;
0757 
0758     if (gdev->acquired_guest_caps & or_mask) {
0759         ret = -EBUSY;
0760         goto out;
0761     }
0762 
0763     gdev->acquired_guest_caps |= or_mask;
0764     gdev->acquired_guest_caps &= ~not_mask;
0765     /* session->acquired_guest_caps impacts event handling, take the lock */
0766     spin_lock_irqsave(&gdev->event_spinlock, irqflags);
0767     session->acquired_guest_caps |= or_mask;
0768     session->acquired_guest_caps &= ~not_mask;
0769     spin_unlock_irqrestore(&gdev->event_spinlock, irqflags);
0770 
0771     ret = vbg_set_host_capabilities(gdev, session, session_termination);
0772     /* Roll back on failure, unless it's session termination time. */
0773     if (ret < 0 && !session_termination) {
0774         gdev->acquired_guest_caps &= ~or_mask;
0775         gdev->acquired_guest_caps |= not_mask;
0776         spin_lock_irqsave(&gdev->event_spinlock, irqflags);
0777         session->acquired_guest_caps &= ~or_mask;
0778         session->acquired_guest_caps |= not_mask;
0779         spin_unlock_irqrestore(&gdev->event_spinlock, irqflags);
0780     }
0781 
0782     /*
0783      * If we added a capability, check if that means some other thread in
0784      * our session should be unblocked because there are events pending
0785      * (the result of vbg_get_allowed_event_mask_for_session() may change).
0786      *
0787      * HACK ALERT! When the seamless support capability is added we generate
0788      *  a seamless change event so that the ring-3 client can sync with
0789      *  the seamless state.
0790      */
0791     if (ret == 0 && or_mask != 0) {
0792         spin_lock_irqsave(&gdev->event_spinlock, irqflags);
0793 
0794         if (or_mask & VMMDEV_GUEST_SUPPORTS_SEAMLESS)
0795             gdev->pending_events |=
0796                 VMMDEV_EVENT_SEAMLESS_MODE_CHANGE_REQUEST;
0797 
0798         if (gdev->pending_events)
0799             wakeup = true;
0800 
0801         spin_unlock_irqrestore(&gdev->event_spinlock, irqflags);
0802 
0803         if (wakeup)
0804             wake_up(&gdev->event_wq);
0805     }
0806 
0807 out:
0808     mutex_unlock(&gdev->session_mutex);
0809 
0810     return ret;
0811 }
0812 
0813 /**
0814  * Sets the guest capabilities for a session. Takes the session mutex.
0815  * Return: 0 or negative errno value.
0816  * @gdev:           The Guest extension device.
0817  * @session:            The session.
0818  * @or_mask:            The capabilities to add.
0819  * @not_mask:           The capabilities to remove.
0820  * @session_termination:    Set if we're called by the session cleanup code.
0821  *              This tweaks the error handling so we perform
0822  *              proper session cleanup even if the host
0823  *              misbehaves.
0824  */
0825 static int vbg_set_session_capabilities(struct vbg_dev *gdev,
0826                     struct vbg_session *session,
0827                     u32 or_mask, u32 not_mask,
0828                     bool session_termination)
0829 {
0830     u32 changed, previous;
0831     int ret = 0;
0832 
0833     mutex_lock(&gdev->session_mutex);
0834 
0835     if (gdev->acquire_mode_guest_caps & or_mask) {
0836         vbg_err("%s error: cannot set caps which are in acquire_mode\n",
0837             __func__);
0838         ret = -EBUSY;
0839         goto out;
0840     }
0841 
0842     /* Apply the changes to the session mask. */
0843     previous = session->set_guest_caps;
0844     session->set_guest_caps |= or_mask;
0845     session->set_guest_caps &= ~not_mask;
0846 
0847     /* If anything actually changed, update the global usage counters. */
0848     changed = previous ^ session->set_guest_caps;
0849     if (!changed)
0850         goto out;
0851 
0852     vbg_track_bit_usage(&gdev->set_guest_caps_tracker, changed, previous);
0853 
0854     ret = vbg_set_host_capabilities(gdev, session, session_termination);
0855     /* Roll back on failure, unless it's session termination time. */
0856     if (ret < 0 && !session_termination) {
0857         vbg_track_bit_usage(&gdev->set_guest_caps_tracker, changed,
0858                     session->set_guest_caps);
0859         session->set_guest_caps = previous;
0860     }
0861 
0862 out:
0863     mutex_unlock(&gdev->session_mutex);
0864 
0865     return ret;
0866 }
0867 
0868 /**
0869  * vbg_query_host_version get the host feature mask and version information.
0870  * Return: 0 or negative errno value.
0871  * @gdev:       The Guest extension device.
0872  */
0873 static int vbg_query_host_version(struct vbg_dev *gdev)
0874 {
0875     struct vmmdev_host_version *req;
0876     int rc, ret;
0877 
0878     req = vbg_req_alloc(sizeof(*req), VMMDEVREQ_GET_HOST_VERSION,
0879                 VBG_KERNEL_REQUEST);
0880     if (!req)
0881         return -ENOMEM;
0882 
0883     rc = vbg_req_perform(gdev, req);
0884     ret = vbg_status_code_to_errno(rc);
0885     if (ret) {
0886         vbg_err("%s error: %d\n", __func__, rc);
0887         goto out;
0888     }
0889 
0890     snprintf(gdev->host_version, sizeof(gdev->host_version), "%u.%u.%ur%u",
0891          req->major, req->minor, req->build, req->revision);
0892     gdev->host_features = req->features;
0893 
0894     vbg_info("vboxguest: host-version: %s %#x\n", gdev->host_version,
0895          gdev->host_features);
0896 
0897     if (!(req->features & VMMDEV_HVF_HGCM_PHYS_PAGE_LIST)) {
0898         vbg_err("vboxguest: Error host too old (does not support page-lists)\n");
0899         ret = -ENODEV;
0900     }
0901 
0902 out:
0903     vbg_req_free(req, sizeof(*req));
0904     return ret;
0905 }
0906 
0907 /**
0908  * Initializes the VBoxGuest device extension when the
0909  * device driver is loaded.
0910  *
0911  * The native code locates the VMMDev on the PCI bus and retrieve
0912  * the MMIO and I/O port ranges, this function will take care of
0913  * mapping the MMIO memory (if present). Upon successful return
0914  * the native code should set up the interrupt handler.
0915  *
0916  * Return: 0 or negative errno value.
0917  *
0918  * @gdev:       The Guest extension device.
0919  * @fixed_events:   Events that will be enabled upon init and no client
0920  *          will ever be allowed to mask.
0921  */
0922 int vbg_core_init(struct vbg_dev *gdev, u32 fixed_events)
0923 {
0924     int ret = -ENOMEM;
0925 
0926     gdev->fixed_events = fixed_events | VMMDEV_EVENT_HGCM;
0927     gdev->event_filter_host = U32_MAX;  /* forces a report */
0928     gdev->guest_caps_host = U32_MAX;    /* forces a report */
0929 
0930     init_waitqueue_head(&gdev->event_wq);
0931     init_waitqueue_head(&gdev->hgcm_wq);
0932     spin_lock_init(&gdev->event_spinlock);
0933     mutex_init(&gdev->session_mutex);
0934     mutex_init(&gdev->cancel_req_mutex);
0935     timer_setup(&gdev->heartbeat_timer, vbg_heartbeat_timer, 0);
0936     INIT_WORK(&gdev->mem_balloon.work, vbg_balloon_work);
0937 
0938     gdev->mem_balloon.get_req =
0939         vbg_req_alloc(sizeof(*gdev->mem_balloon.get_req),
0940                   VMMDEVREQ_GET_MEMBALLOON_CHANGE_REQ,
0941                   VBG_KERNEL_REQUEST);
0942     gdev->mem_balloon.change_req =
0943         vbg_req_alloc(sizeof(*gdev->mem_balloon.change_req),
0944                   VMMDEVREQ_CHANGE_MEMBALLOON,
0945                   VBG_KERNEL_REQUEST);
0946     gdev->cancel_req =
0947         vbg_req_alloc(sizeof(*(gdev->cancel_req)),
0948                   VMMDEVREQ_HGCM_CANCEL2,
0949                   VBG_KERNEL_REQUEST);
0950     gdev->ack_events_req =
0951         vbg_req_alloc(sizeof(*gdev->ack_events_req),
0952                   VMMDEVREQ_ACKNOWLEDGE_EVENTS,
0953                   VBG_KERNEL_REQUEST);
0954     gdev->mouse_status_req =
0955         vbg_req_alloc(sizeof(*gdev->mouse_status_req),
0956                   VMMDEVREQ_GET_MOUSE_STATUS,
0957                   VBG_KERNEL_REQUEST);
0958 
0959     if (!gdev->mem_balloon.get_req || !gdev->mem_balloon.change_req ||
0960         !gdev->cancel_req || !gdev->ack_events_req ||
0961         !gdev->mouse_status_req)
0962         goto err_free_reqs;
0963 
0964     ret = vbg_query_host_version(gdev);
0965     if (ret)
0966         goto err_free_reqs;
0967 
0968     ret = vbg_report_guest_info(gdev);
0969     if (ret) {
0970         vbg_err("vboxguest: vbg_report_guest_info error: %d\n", ret);
0971         goto err_free_reqs;
0972     }
0973 
0974     ret = vbg_reset_host_event_filter(gdev, gdev->fixed_events);
0975     if (ret) {
0976         vbg_err("vboxguest: Error setting fixed event filter: %d\n",
0977             ret);
0978         goto err_free_reqs;
0979     }
0980 
0981     ret = vbg_reset_host_capabilities(gdev);
0982     if (ret) {
0983         vbg_err("vboxguest: Error clearing guest capabilities: %d\n",
0984             ret);
0985         goto err_free_reqs;
0986     }
0987 
0988     ret = vbg_core_set_mouse_status(gdev, 0);
0989     if (ret) {
0990         vbg_err("vboxguest: Error clearing mouse status: %d\n", ret);
0991         goto err_free_reqs;
0992     }
0993 
0994     /* These may fail without requiring the driver init to fail. */
0995     vbg_guest_mappings_init(gdev);
0996     vbg_heartbeat_init(gdev);
0997 
0998     /* All Done! */
0999     ret = vbg_report_driver_status(gdev, true);
1000     if (ret < 0)
1001         vbg_err("vboxguest: Error reporting driver status: %d\n", ret);
1002 
1003     return 0;
1004 
1005 err_free_reqs:
1006     vbg_req_free(gdev->mouse_status_req,
1007              sizeof(*gdev->mouse_status_req));
1008     vbg_req_free(gdev->ack_events_req,
1009              sizeof(*gdev->ack_events_req));
1010     vbg_req_free(gdev->cancel_req,
1011              sizeof(*gdev->cancel_req));
1012     vbg_req_free(gdev->mem_balloon.change_req,
1013              sizeof(*gdev->mem_balloon.change_req));
1014     vbg_req_free(gdev->mem_balloon.get_req,
1015              sizeof(*gdev->mem_balloon.get_req));
1016     return ret;
1017 }
1018 
1019 /**
1020  * Call this on exit to clean-up vboxguest-core managed resources.
1021  *
1022  * The native code should call this before the driver is loaded,
1023  * but don't call this on shutdown.
1024  * @gdev:       The Guest extension device.
1025  */
1026 void vbg_core_exit(struct vbg_dev *gdev)
1027 {
1028     vbg_heartbeat_exit(gdev);
1029     vbg_guest_mappings_exit(gdev);
1030 
1031     /* Clear the host flags (mouse status etc). */
1032     vbg_reset_host_event_filter(gdev, 0);
1033     vbg_reset_host_capabilities(gdev);
1034     vbg_core_set_mouse_status(gdev, 0);
1035 
1036     vbg_req_free(gdev->mouse_status_req,
1037              sizeof(*gdev->mouse_status_req));
1038     vbg_req_free(gdev->ack_events_req,
1039              sizeof(*gdev->ack_events_req));
1040     vbg_req_free(gdev->cancel_req,
1041              sizeof(*gdev->cancel_req));
1042     vbg_req_free(gdev->mem_balloon.change_req,
1043              sizeof(*gdev->mem_balloon.change_req));
1044     vbg_req_free(gdev->mem_balloon.get_req,
1045              sizeof(*gdev->mem_balloon.get_req));
1046 }
1047 
1048 /**
1049  * Creates a VBoxGuest user session.
1050  *
1051  * vboxguest_linux.c calls this when userspace opens the char-device.
1052  * Return: A pointer to the new session or an ERR_PTR on error.
1053  * @gdev:       The Guest extension device.
1054  * @requestor:      VMMDEV_REQUESTOR_* flags
1055  */
1056 struct vbg_session *vbg_core_open_session(struct vbg_dev *gdev, u32 requestor)
1057 {
1058     struct vbg_session *session;
1059 
1060     session = kzalloc(sizeof(*session), GFP_KERNEL);
1061     if (!session)
1062         return ERR_PTR(-ENOMEM);
1063 
1064     session->gdev = gdev;
1065     session->requestor = requestor;
1066 
1067     return session;
1068 }
1069 
1070 /**
1071  * Closes a VBoxGuest session.
1072  * @session:        The session to close (and free).
1073  */
1074 void vbg_core_close_session(struct vbg_session *session)
1075 {
1076     struct vbg_dev *gdev = session->gdev;
1077     int i, rc;
1078 
1079     vbg_acquire_session_capabilities(gdev, session, 0, U32_MAX, 0, true);
1080     vbg_set_session_capabilities(gdev, session, 0, U32_MAX, true);
1081     vbg_set_session_event_filter(gdev, session, 0, U32_MAX, true);
1082 
1083     for (i = 0; i < ARRAY_SIZE(session->hgcm_client_ids); i++) {
1084         if (!session->hgcm_client_ids[i])
1085             continue;
1086 
1087         /* requestor is kernel here, as we're cleaning up. */
1088         vbg_hgcm_disconnect(gdev, VBG_KERNEL_REQUEST,
1089                     session->hgcm_client_ids[i], &rc);
1090     }
1091 
1092     kfree(session);
1093 }
1094 
1095 static int vbg_ioctl_chk(struct vbg_ioctl_hdr *hdr, size_t in_size,
1096              size_t out_size)
1097 {
1098     if (hdr->size_in  != (sizeof(*hdr) + in_size) ||
1099         hdr->size_out != (sizeof(*hdr) + out_size))
1100         return -EINVAL;
1101 
1102     return 0;
1103 }
1104 
1105 static int vbg_ioctl_driver_version_info(
1106     struct vbg_ioctl_driver_version_info *info)
1107 {
1108     const u16 vbg_maj_version = VBG_IOC_VERSION >> 16;
1109     u16 min_maj_version, req_maj_version;
1110 
1111     if (vbg_ioctl_chk(&info->hdr, sizeof(info->u.in), sizeof(info->u.out)))
1112         return -EINVAL;
1113 
1114     req_maj_version = info->u.in.req_version >> 16;
1115     min_maj_version = info->u.in.min_version >> 16;
1116 
1117     if (info->u.in.min_version > info->u.in.req_version ||
1118         min_maj_version != req_maj_version)
1119         return -EINVAL;
1120 
1121     if (info->u.in.min_version <= VBG_IOC_VERSION &&
1122         min_maj_version == vbg_maj_version) {
1123         info->u.out.session_version = VBG_IOC_VERSION;
1124     } else {
1125         info->u.out.session_version = U32_MAX;
1126         info->hdr.rc = VERR_VERSION_MISMATCH;
1127     }
1128 
1129     info->u.out.driver_version  = VBG_IOC_VERSION;
1130     info->u.out.driver_revision = 0;
1131     info->u.out.reserved1      = 0;
1132     info->u.out.reserved2      = 0;
1133 
1134     return 0;
1135 }
1136 
1137 /* Must be called with the event_lock held */
1138 static u32 vbg_get_allowed_event_mask_for_session(struct vbg_dev *gdev,
1139                           struct vbg_session *session)
1140 {
1141     u32 acquire_mode_caps = gdev->acquire_mode_guest_caps;
1142     u32 session_acquired_caps = session->acquired_guest_caps;
1143     u32 allowed_events = VMMDEV_EVENT_VALID_EVENT_MASK;
1144 
1145     if ((acquire_mode_caps & VMMDEV_GUEST_SUPPORTS_GRAPHICS) &&
1146         !(session_acquired_caps & VMMDEV_GUEST_SUPPORTS_GRAPHICS))
1147         allowed_events &= ~VMMDEV_EVENT_DISPLAY_CHANGE_REQUEST;
1148 
1149     if ((acquire_mode_caps & VMMDEV_GUEST_SUPPORTS_SEAMLESS) &&
1150         !(session_acquired_caps & VMMDEV_GUEST_SUPPORTS_SEAMLESS))
1151         allowed_events &= ~VMMDEV_EVENT_SEAMLESS_MODE_CHANGE_REQUEST;
1152 
1153     return allowed_events;
1154 }
1155 
1156 static bool vbg_wait_event_cond(struct vbg_dev *gdev,
1157                 struct vbg_session *session,
1158                 u32 event_mask)
1159 {
1160     unsigned long flags;
1161     bool wakeup;
1162     u32 events;
1163 
1164     spin_lock_irqsave(&gdev->event_spinlock, flags);
1165 
1166     events = gdev->pending_events & event_mask;
1167     events &= vbg_get_allowed_event_mask_for_session(gdev, session);
1168     wakeup = events || session->cancel_waiters;
1169 
1170     spin_unlock_irqrestore(&gdev->event_spinlock, flags);
1171 
1172     return wakeup;
1173 }
1174 
1175 /* Must be called with the event_lock held */
1176 static u32 vbg_consume_events_locked(struct vbg_dev *gdev,
1177                      struct vbg_session *session,
1178                      u32 event_mask)
1179 {
1180     u32 events = gdev->pending_events & event_mask;
1181 
1182     events &= vbg_get_allowed_event_mask_for_session(gdev, session);
1183     gdev->pending_events &= ~events;
1184     return events;
1185 }
1186 
1187 static int vbg_ioctl_wait_for_events(struct vbg_dev *gdev,
1188                      struct vbg_session *session,
1189                      struct vbg_ioctl_wait_for_events *wait)
1190 {
1191     u32 timeout_ms = wait->u.in.timeout_ms;
1192     u32 event_mask = wait->u.in.events;
1193     unsigned long flags;
1194     long timeout;
1195     int ret = 0;
1196 
1197     if (vbg_ioctl_chk(&wait->hdr, sizeof(wait->u.in), sizeof(wait->u.out)))
1198         return -EINVAL;
1199 
1200     if (timeout_ms == U32_MAX)
1201         timeout = MAX_SCHEDULE_TIMEOUT;
1202     else
1203         timeout = msecs_to_jiffies(timeout_ms);
1204 
1205     wait->u.out.events = 0;
1206     do {
1207         timeout = wait_event_interruptible_timeout(
1208                 gdev->event_wq,
1209                 vbg_wait_event_cond(gdev, session, event_mask),
1210                 timeout);
1211 
1212         spin_lock_irqsave(&gdev->event_spinlock, flags);
1213 
1214         if (timeout < 0 || session->cancel_waiters) {
1215             ret = -EINTR;
1216         } else if (timeout == 0) {
1217             ret = -ETIMEDOUT;
1218         } else {
1219             wait->u.out.events =
1220                vbg_consume_events_locked(gdev, session, event_mask);
1221         }
1222 
1223         spin_unlock_irqrestore(&gdev->event_spinlock, flags);
1224 
1225         /*
1226          * Someone else may have consumed the event(s) first, in
1227          * which case we go back to waiting.
1228          */
1229     } while (ret == 0 && wait->u.out.events == 0);
1230 
1231     return ret;
1232 }
1233 
1234 static int vbg_ioctl_interrupt_all_wait_events(struct vbg_dev *gdev,
1235                            struct vbg_session *session,
1236                            struct vbg_ioctl_hdr *hdr)
1237 {
1238     unsigned long flags;
1239 
1240     if (hdr->size_in != sizeof(*hdr) || hdr->size_out != sizeof(*hdr))
1241         return -EINVAL;
1242 
1243     spin_lock_irqsave(&gdev->event_spinlock, flags);
1244     session->cancel_waiters = true;
1245     spin_unlock_irqrestore(&gdev->event_spinlock, flags);
1246 
1247     wake_up(&gdev->event_wq);
1248 
1249     return 0;
1250 }
1251 
1252 /**
1253  * Checks if the VMM request is allowed in the context of the given session.
1254  * Return: 0 or negative errno value.
1255  * @gdev:       The Guest extension device.
1256  * @session:        The calling session.
1257  * @req:        The request.
1258  */
1259 static int vbg_req_allowed(struct vbg_dev *gdev, struct vbg_session *session,
1260                const struct vmmdev_request_header *req)
1261 {
1262     const struct vmmdev_guest_status *guest_status;
1263     bool trusted_apps_only;
1264 
1265     switch (req->request_type) {
1266     /* Trusted users apps only. */
1267     case VMMDEVREQ_QUERY_CREDENTIALS:
1268     case VMMDEVREQ_REPORT_CREDENTIALS_JUDGEMENT:
1269     case VMMDEVREQ_REGISTER_SHARED_MODULE:
1270     case VMMDEVREQ_UNREGISTER_SHARED_MODULE:
1271     case VMMDEVREQ_WRITE_COREDUMP:
1272     case VMMDEVREQ_GET_CPU_HOTPLUG_REQ:
1273     case VMMDEVREQ_SET_CPU_HOTPLUG_STATUS:
1274     case VMMDEVREQ_CHECK_SHARED_MODULES:
1275     case VMMDEVREQ_GET_PAGE_SHARING_STATUS:
1276     case VMMDEVREQ_DEBUG_IS_PAGE_SHARED:
1277     case VMMDEVREQ_REPORT_GUEST_STATS:
1278     case VMMDEVREQ_REPORT_GUEST_USER_STATE:
1279     case VMMDEVREQ_GET_STATISTICS_CHANGE_REQ:
1280         trusted_apps_only = true;
1281         break;
1282 
1283     /* Anyone. */
1284     case VMMDEVREQ_GET_MOUSE_STATUS:
1285     case VMMDEVREQ_SET_MOUSE_STATUS:
1286     case VMMDEVREQ_SET_POINTER_SHAPE:
1287     case VMMDEVREQ_GET_HOST_VERSION:
1288     case VMMDEVREQ_IDLE:
1289     case VMMDEVREQ_GET_HOST_TIME:
1290     case VMMDEVREQ_SET_POWER_STATUS:
1291     case VMMDEVREQ_ACKNOWLEDGE_EVENTS:
1292     case VMMDEVREQ_CTL_GUEST_FILTER_MASK:
1293     case VMMDEVREQ_REPORT_GUEST_STATUS:
1294     case VMMDEVREQ_GET_DISPLAY_CHANGE_REQ:
1295     case VMMDEVREQ_VIDEMODE_SUPPORTED:
1296     case VMMDEVREQ_GET_HEIGHT_REDUCTION:
1297     case VMMDEVREQ_GET_DISPLAY_CHANGE_REQ2:
1298     case VMMDEVREQ_VIDEMODE_SUPPORTED2:
1299     case VMMDEVREQ_VIDEO_ACCEL_ENABLE:
1300     case VMMDEVREQ_VIDEO_ACCEL_FLUSH:
1301     case VMMDEVREQ_VIDEO_SET_VISIBLE_REGION:
1302     case VMMDEVREQ_VIDEO_UPDATE_MONITOR_POSITIONS:
1303     case VMMDEVREQ_GET_DISPLAY_CHANGE_REQEX:
1304     case VMMDEVREQ_GET_DISPLAY_CHANGE_REQ_MULTI:
1305     case VMMDEVREQ_GET_SEAMLESS_CHANGE_REQ:
1306     case VMMDEVREQ_GET_VRDPCHANGE_REQ:
1307     case VMMDEVREQ_LOG_STRING:
1308     case VMMDEVREQ_GET_SESSION_ID:
1309         trusted_apps_only = false;
1310         break;
1311 
1312     /* Depends on the request parameters... */
1313     case VMMDEVREQ_REPORT_GUEST_CAPABILITIES:
1314         guest_status = (const struct vmmdev_guest_status *)req;
1315         switch (guest_status->facility) {
1316         case VBOXGUEST_FACILITY_TYPE_ALL:
1317         case VBOXGUEST_FACILITY_TYPE_VBOXGUEST_DRIVER:
1318             vbg_err("Denying userspace vmm report guest cap. call facility %#08x\n",
1319                 guest_status->facility);
1320             return -EPERM;
1321         case VBOXGUEST_FACILITY_TYPE_VBOX_SERVICE:
1322             trusted_apps_only = true;
1323             break;
1324         case VBOXGUEST_FACILITY_TYPE_VBOX_TRAY_CLIENT:
1325         case VBOXGUEST_FACILITY_TYPE_SEAMLESS:
1326         case VBOXGUEST_FACILITY_TYPE_GRAPHICS:
1327         default:
1328             trusted_apps_only = false;
1329             break;
1330         }
1331         break;
1332 
1333     /* Anything else is not allowed. */
1334     default:
1335         vbg_err("Denying userspace vmm call type %#08x\n",
1336             req->request_type);
1337         return -EPERM;
1338     }
1339 
1340     if (trusted_apps_only &&
1341         (session->requestor & VMMDEV_REQUESTOR_USER_DEVICE)) {
1342         vbg_err("Denying userspace vmm call type %#08x through vboxuser device node\n",
1343             req->request_type);
1344         return -EPERM;
1345     }
1346 
1347     return 0;
1348 }
1349 
1350 static int vbg_ioctl_vmmrequest(struct vbg_dev *gdev,
1351                 struct vbg_session *session, void *data)
1352 {
1353     struct vbg_ioctl_hdr *hdr = data;
1354     int ret;
1355 
1356     if (hdr->size_in != hdr->size_out)
1357         return -EINVAL;
1358 
1359     if (hdr->size_in > VMMDEV_MAX_VMMDEVREQ_SIZE)
1360         return -E2BIG;
1361 
1362     if (hdr->type == VBG_IOCTL_HDR_TYPE_DEFAULT)
1363         return -EINVAL;
1364 
1365     ret = vbg_req_allowed(gdev, session, data);
1366     if (ret < 0)
1367         return ret;
1368 
1369     vbg_req_perform(gdev, data);
1370     WARN_ON(hdr->rc == VINF_HGCM_ASYNC_EXECUTE);
1371 
1372     return 0;
1373 }
1374 
1375 static int vbg_ioctl_hgcm_connect(struct vbg_dev *gdev,
1376                   struct vbg_session *session,
1377                   struct vbg_ioctl_hgcm_connect *conn)
1378 {
1379     u32 client_id;
1380     int i, ret;
1381 
1382     if (vbg_ioctl_chk(&conn->hdr, sizeof(conn->u.in), sizeof(conn->u.out)))
1383         return -EINVAL;
1384 
1385     /* Find a free place in the sessions clients array and claim it */
1386     mutex_lock(&gdev->session_mutex);
1387     for (i = 0; i < ARRAY_SIZE(session->hgcm_client_ids); i++) {
1388         if (!session->hgcm_client_ids[i]) {
1389             session->hgcm_client_ids[i] = U32_MAX;
1390             break;
1391         }
1392     }
1393     mutex_unlock(&gdev->session_mutex);
1394 
1395     if (i >= ARRAY_SIZE(session->hgcm_client_ids))
1396         return -EMFILE;
1397 
1398     ret = vbg_hgcm_connect(gdev, session->requestor, &conn->u.in.loc,
1399                    &client_id, &conn->hdr.rc);
1400 
1401     mutex_lock(&gdev->session_mutex);
1402     if (ret == 0 && conn->hdr.rc >= 0) {
1403         conn->u.out.client_id = client_id;
1404         session->hgcm_client_ids[i] = client_id;
1405     } else {
1406         conn->u.out.client_id = 0;
1407         session->hgcm_client_ids[i] = 0;
1408     }
1409     mutex_unlock(&gdev->session_mutex);
1410 
1411     return ret;
1412 }
1413 
1414 static int vbg_ioctl_hgcm_disconnect(struct vbg_dev *gdev,
1415                      struct vbg_session *session,
1416                      struct vbg_ioctl_hgcm_disconnect *disconn)
1417 {
1418     u32 client_id;
1419     int i, ret;
1420 
1421     if (vbg_ioctl_chk(&disconn->hdr, sizeof(disconn->u.in), 0))
1422         return -EINVAL;
1423 
1424     client_id = disconn->u.in.client_id;
1425     if (client_id == 0 || client_id == U32_MAX)
1426         return -EINVAL;
1427 
1428     mutex_lock(&gdev->session_mutex);
1429     for (i = 0; i < ARRAY_SIZE(session->hgcm_client_ids); i++) {
1430         if (session->hgcm_client_ids[i] == client_id) {
1431             session->hgcm_client_ids[i] = U32_MAX;
1432             break;
1433         }
1434     }
1435     mutex_unlock(&gdev->session_mutex);
1436 
1437     if (i >= ARRAY_SIZE(session->hgcm_client_ids))
1438         return -EINVAL;
1439 
1440     ret = vbg_hgcm_disconnect(gdev, session->requestor, client_id,
1441                   &disconn->hdr.rc);
1442 
1443     mutex_lock(&gdev->session_mutex);
1444     if (ret == 0 && disconn->hdr.rc >= 0)
1445         session->hgcm_client_ids[i] = 0;
1446     else
1447         session->hgcm_client_ids[i] = client_id;
1448     mutex_unlock(&gdev->session_mutex);
1449 
1450     return ret;
1451 }
1452 
1453 static bool vbg_param_valid(enum vmmdev_hgcm_function_parameter_type type)
1454 {
1455     switch (type) {
1456     case VMMDEV_HGCM_PARM_TYPE_32BIT:
1457     case VMMDEV_HGCM_PARM_TYPE_64BIT:
1458     case VMMDEV_HGCM_PARM_TYPE_LINADDR:
1459     case VMMDEV_HGCM_PARM_TYPE_LINADDR_IN:
1460     case VMMDEV_HGCM_PARM_TYPE_LINADDR_OUT:
1461         return true;
1462     default:
1463         return false;
1464     }
1465 }
1466 
1467 static int vbg_ioctl_hgcm_call(struct vbg_dev *gdev,
1468                    struct vbg_session *session, bool f32bit,
1469                    struct vbg_ioctl_hgcm_call *call)
1470 {
1471     size_t actual_size;
1472     u32 client_id;
1473     int i, ret;
1474 
1475     if (call->hdr.size_in < sizeof(*call))
1476         return -EINVAL;
1477 
1478     if (call->hdr.size_in != call->hdr.size_out)
1479         return -EINVAL;
1480 
1481     if (call->parm_count > VMMDEV_HGCM_MAX_PARMS)
1482         return -E2BIG;
1483 
1484     client_id = call->client_id;
1485     if (client_id == 0 || client_id == U32_MAX)
1486         return -EINVAL;
1487 
1488     actual_size = sizeof(*call);
1489     if (f32bit)
1490         actual_size += call->parm_count *
1491                    sizeof(struct vmmdev_hgcm_function_parameter32);
1492     else
1493         actual_size += call->parm_count *
1494                    sizeof(struct vmmdev_hgcm_function_parameter);
1495     if (call->hdr.size_in < actual_size) {
1496         vbg_debug("VBG_IOCTL_HGCM_CALL: hdr.size_in %d required size is %zd\n",
1497               call->hdr.size_in, actual_size);
1498         return -EINVAL;
1499     }
1500     call->hdr.size_out = actual_size;
1501 
1502     /* Validate parameter types */
1503     if (f32bit) {
1504         struct vmmdev_hgcm_function_parameter32 *parm =
1505             VBG_IOCTL_HGCM_CALL_PARMS32(call);
1506 
1507         for (i = 0; i < call->parm_count; i++)
1508             if (!vbg_param_valid(parm[i].type))
1509                 return -EINVAL;
1510     } else {
1511         struct vmmdev_hgcm_function_parameter *parm =
1512             VBG_IOCTL_HGCM_CALL_PARMS(call);
1513 
1514         for (i = 0; i < call->parm_count; i++)
1515             if (!vbg_param_valid(parm[i].type))
1516                 return -EINVAL;
1517     }
1518 
1519     /*
1520      * Validate the client id.
1521      */
1522     mutex_lock(&gdev->session_mutex);
1523     for (i = 0; i < ARRAY_SIZE(session->hgcm_client_ids); i++)
1524         if (session->hgcm_client_ids[i] == client_id)
1525             break;
1526     mutex_unlock(&gdev->session_mutex);
1527     if (i >= ARRAY_SIZE(session->hgcm_client_ids)) {
1528         vbg_debug("VBG_IOCTL_HGCM_CALL: INVALID handle. u32Client=%#08x\n",
1529               client_id);
1530         return -EINVAL;
1531     }
1532 
1533     if (IS_ENABLED(CONFIG_COMPAT) && f32bit)
1534         ret = vbg_hgcm_call32(gdev, session->requestor, client_id,
1535                       call->function, call->timeout_ms,
1536                       VBG_IOCTL_HGCM_CALL_PARMS32(call),
1537                       call->parm_count, &call->hdr.rc);
1538     else
1539         ret = vbg_hgcm_call(gdev, session->requestor, client_id,
1540                     call->function, call->timeout_ms,
1541                     VBG_IOCTL_HGCM_CALL_PARMS(call),
1542                     call->parm_count, &call->hdr.rc);
1543 
1544     if (ret == -E2BIG) {
1545         /* E2BIG needs to be reported through the hdr.rc field. */
1546         call->hdr.rc = VERR_OUT_OF_RANGE;
1547         ret = 0;
1548     }
1549 
1550     if (ret && ret != -EINTR && ret != -ETIMEDOUT)
1551         vbg_err("VBG_IOCTL_HGCM_CALL error: %d\n", ret);
1552 
1553     return ret;
1554 }
1555 
1556 static int vbg_ioctl_log(struct vbg_ioctl_log *log)
1557 {
1558     if (log->hdr.size_out != sizeof(log->hdr))
1559         return -EINVAL;
1560 
1561     vbg_info("%.*s", (int)(log->hdr.size_in - sizeof(log->hdr)),
1562          log->u.in.msg);
1563 
1564     return 0;
1565 }
1566 
1567 static int vbg_ioctl_change_filter_mask(struct vbg_dev *gdev,
1568                     struct vbg_session *session,
1569                     struct vbg_ioctl_change_filter *filter)
1570 {
1571     u32 or_mask, not_mask;
1572 
1573     if (vbg_ioctl_chk(&filter->hdr, sizeof(filter->u.in), 0))
1574         return -EINVAL;
1575 
1576     or_mask = filter->u.in.or_mask;
1577     not_mask = filter->u.in.not_mask;
1578 
1579     if ((or_mask | not_mask) & ~VMMDEV_EVENT_VALID_EVENT_MASK)
1580         return -EINVAL;
1581 
1582     return vbg_set_session_event_filter(gdev, session, or_mask, not_mask,
1583                         false);
1584 }
1585 
1586 static int vbg_ioctl_acquire_guest_capabilities(struct vbg_dev *gdev,
1587          struct vbg_session *session,
1588          struct vbg_ioctl_acquire_guest_caps *caps)
1589 {
1590     u32 flags, or_mask, not_mask;
1591 
1592     if (vbg_ioctl_chk(&caps->hdr, sizeof(caps->u.in), 0))
1593         return -EINVAL;
1594 
1595     flags = caps->u.in.flags;
1596     or_mask = caps->u.in.or_mask;
1597     not_mask = caps->u.in.not_mask;
1598 
1599     if (flags & ~VBGL_IOC_AGC_FLAGS_VALID_MASK)
1600         return -EINVAL;
1601 
1602     if ((or_mask | not_mask) & ~VMMDEV_GUEST_CAPABILITIES_MASK)
1603         return -EINVAL;
1604 
1605     return vbg_acquire_session_capabilities(gdev, session, or_mask,
1606                         not_mask, flags, false);
1607 }
1608 
1609 static int vbg_ioctl_change_guest_capabilities(struct vbg_dev *gdev,
1610          struct vbg_session *session, struct vbg_ioctl_set_guest_caps *caps)
1611 {
1612     u32 or_mask, not_mask;
1613     int ret;
1614 
1615     if (vbg_ioctl_chk(&caps->hdr, sizeof(caps->u.in), sizeof(caps->u.out)))
1616         return -EINVAL;
1617 
1618     or_mask = caps->u.in.or_mask;
1619     not_mask = caps->u.in.not_mask;
1620 
1621     if ((or_mask | not_mask) & ~VMMDEV_GUEST_CAPABILITIES_MASK)
1622         return -EINVAL;
1623 
1624     ret = vbg_set_session_capabilities(gdev, session, or_mask, not_mask,
1625                        false);
1626     if (ret)
1627         return ret;
1628 
1629     caps->u.out.session_caps = session->set_guest_caps;
1630     caps->u.out.global_caps = gdev->guest_caps_host;
1631 
1632     return 0;
1633 }
1634 
1635 static int vbg_ioctl_check_balloon(struct vbg_dev *gdev,
1636                    struct vbg_ioctl_check_balloon *balloon_info)
1637 {
1638     if (vbg_ioctl_chk(&balloon_info->hdr, 0, sizeof(balloon_info->u.out)))
1639         return -EINVAL;
1640 
1641     balloon_info->u.out.balloon_chunks = gdev->mem_balloon.chunks;
1642     /*
1643      * Under Linux we handle VMMDEV_EVENT_BALLOON_CHANGE_REQUEST
1644      * events entirely in the kernel, see vbg_core_isr().
1645      */
1646     balloon_info->u.out.handle_in_r3 = false;
1647 
1648     return 0;
1649 }
1650 
1651 static int vbg_ioctl_write_core_dump(struct vbg_dev *gdev,
1652                      struct vbg_session *session,
1653                      struct vbg_ioctl_write_coredump *dump)
1654 {
1655     struct vmmdev_write_core_dump *req;
1656 
1657     if (vbg_ioctl_chk(&dump->hdr, sizeof(dump->u.in), 0))
1658         return -EINVAL;
1659 
1660     req = vbg_req_alloc(sizeof(*req), VMMDEVREQ_WRITE_COREDUMP,
1661                 session->requestor);
1662     if (!req)
1663         return -ENOMEM;
1664 
1665     req->flags = dump->u.in.flags;
1666     dump->hdr.rc = vbg_req_perform(gdev, req);
1667 
1668     vbg_req_free(req, sizeof(*req));
1669     return 0;
1670 }
1671 
1672 /**
1673  * Common IOCtl for user to kernel communication.
1674  * Return: 0 or negative errno value.
1675  * @session:    The client session.
1676  * @req:    The requested function.
1677  * @data:   The i/o data buffer, minimum size sizeof(struct vbg_ioctl_hdr).
1678  */
1679 int vbg_core_ioctl(struct vbg_session *session, unsigned int req, void *data)
1680 {
1681     unsigned int req_no_size = req & ~IOCSIZE_MASK;
1682     struct vbg_dev *gdev = session->gdev;
1683     struct vbg_ioctl_hdr *hdr = data;
1684     bool f32bit = false;
1685 
1686     hdr->rc = VINF_SUCCESS;
1687     if (!hdr->size_out)
1688         hdr->size_out = hdr->size_in;
1689 
1690     /*
1691      * hdr->version and hdr->size_in / hdr->size_out minimum size are
1692      * already checked by vbg_misc_device_ioctl().
1693      */
1694 
1695     /* For VMMDEV_REQUEST hdr->type != VBG_IOCTL_HDR_TYPE_DEFAULT */
1696     if (req_no_size == VBG_IOCTL_VMMDEV_REQUEST(0) ||
1697         req == VBG_IOCTL_VMMDEV_REQUEST_BIG ||
1698         req == VBG_IOCTL_VMMDEV_REQUEST_BIG_ALT)
1699         return vbg_ioctl_vmmrequest(gdev, session, data);
1700 
1701     if (hdr->type != VBG_IOCTL_HDR_TYPE_DEFAULT)
1702         return -EINVAL;
1703 
1704     /* Fixed size requests. */
1705     switch (req) {
1706     case VBG_IOCTL_DRIVER_VERSION_INFO:
1707         return vbg_ioctl_driver_version_info(data);
1708     case VBG_IOCTL_HGCM_CONNECT:
1709         return vbg_ioctl_hgcm_connect(gdev, session, data);
1710     case VBG_IOCTL_HGCM_DISCONNECT:
1711         return vbg_ioctl_hgcm_disconnect(gdev, session, data);
1712     case VBG_IOCTL_WAIT_FOR_EVENTS:
1713         return vbg_ioctl_wait_for_events(gdev, session, data);
1714     case VBG_IOCTL_INTERRUPT_ALL_WAIT_FOR_EVENTS:
1715         return vbg_ioctl_interrupt_all_wait_events(gdev, session, data);
1716     case VBG_IOCTL_CHANGE_FILTER_MASK:
1717         return vbg_ioctl_change_filter_mask(gdev, session, data);
1718     case VBG_IOCTL_ACQUIRE_GUEST_CAPABILITIES:
1719         return vbg_ioctl_acquire_guest_capabilities(gdev, session, data);
1720     case VBG_IOCTL_CHANGE_GUEST_CAPABILITIES:
1721         return vbg_ioctl_change_guest_capabilities(gdev, session, data);
1722     case VBG_IOCTL_CHECK_BALLOON:
1723         return vbg_ioctl_check_balloon(gdev, data);
1724     case VBG_IOCTL_WRITE_CORE_DUMP:
1725         return vbg_ioctl_write_core_dump(gdev, session, data);
1726     }
1727 
1728     /* Variable sized requests. */
1729     switch (req_no_size) {
1730 #ifdef CONFIG_COMPAT
1731     case VBG_IOCTL_HGCM_CALL_32(0):
1732         f32bit = true;
1733         fallthrough;
1734 #endif
1735     case VBG_IOCTL_HGCM_CALL(0):
1736         return vbg_ioctl_hgcm_call(gdev, session, f32bit, data);
1737     case VBG_IOCTL_LOG(0):
1738     case VBG_IOCTL_LOG_ALT(0):
1739         return vbg_ioctl_log(data);
1740     }
1741 
1742     vbg_err_ratelimited("Userspace made an unknown ioctl req %#08x\n", req);
1743     return -ENOTTY;
1744 }
1745 
1746 /**
1747  * Report guest supported mouse-features to the host.
1748  *
1749  * Return: 0 or negative errno value.
1750  * @gdev:       The Guest extension device.
1751  * @features:       The set of features to report to the host.
1752  */
1753 int vbg_core_set_mouse_status(struct vbg_dev *gdev, u32 features)
1754 {
1755     struct vmmdev_mouse_status *req;
1756     int rc;
1757 
1758     req = vbg_req_alloc(sizeof(*req), VMMDEVREQ_SET_MOUSE_STATUS,
1759                 VBG_KERNEL_REQUEST);
1760     if (!req)
1761         return -ENOMEM;
1762 
1763     req->mouse_features = features;
1764     req->pointer_pos_x = 0;
1765     req->pointer_pos_y = 0;
1766 
1767     rc = vbg_req_perform(gdev, req);
1768     if (rc < 0)
1769         vbg_err("%s error, rc: %d\n", __func__, rc);
1770 
1771     vbg_req_free(req, sizeof(*req));
1772     return vbg_status_code_to_errno(rc);
1773 }
1774 
1775 /** Core interrupt service routine. */
1776 irqreturn_t vbg_core_isr(int irq, void *dev_id)
1777 {
1778     struct vbg_dev *gdev = dev_id;
1779     struct vmmdev_events *req = gdev->ack_events_req;
1780     bool mouse_position_changed = false;
1781     unsigned long flags;
1782     u32 events = 0;
1783     int rc;
1784 
1785     if (!gdev->mmio->V.V1_04.have_events)
1786         return IRQ_NONE;
1787 
1788     /* Get and acknowlegde events. */
1789     req->header.rc = VERR_INTERNAL_ERROR;
1790     req->events = 0;
1791     rc = vbg_req_perform(gdev, req);
1792     if (rc < 0) {
1793         vbg_err("Error performing events req, rc: %d\n", rc);
1794         return IRQ_NONE;
1795     }
1796 
1797     events = req->events;
1798 
1799     if (events & VMMDEV_EVENT_MOUSE_POSITION_CHANGED) {
1800         mouse_position_changed = true;
1801         events &= ~VMMDEV_EVENT_MOUSE_POSITION_CHANGED;
1802     }
1803 
1804     if (events & VMMDEV_EVENT_HGCM) {
1805         wake_up(&gdev->hgcm_wq);
1806         events &= ~VMMDEV_EVENT_HGCM;
1807     }
1808 
1809     if (events & VMMDEV_EVENT_BALLOON_CHANGE_REQUEST) {
1810         schedule_work(&gdev->mem_balloon.work);
1811         events &= ~VMMDEV_EVENT_BALLOON_CHANGE_REQUEST;
1812     }
1813 
1814     if (events) {
1815         spin_lock_irqsave(&gdev->event_spinlock, flags);
1816         gdev->pending_events |= events;
1817         spin_unlock_irqrestore(&gdev->event_spinlock, flags);
1818 
1819         wake_up(&gdev->event_wq);
1820     }
1821 
1822     if (mouse_position_changed)
1823         vbg_linux_mouse_event(gdev);
1824 
1825     return IRQ_HANDLED;
1826 }
Source navigation ] Diff markup ] Identifier search ] general search ]

This page was automatically generated by the 2.1.0 LXR engine.

The LXR team
Valid CSS 2.1! Valid HTML 4.01!