1 | /* SPDX-License-Identifier: GPL-2.0 */ |
2 | /* |
3 | * vboxguest linux pci driver, char-dev and input-device code, |
4 | * |
5 | * Copyright (C) 2006-2016 Oracle Corporation |
6 | */ |
7 | |
8 | #include <linux/cred.h> |
9 | #include <linux/input.h> |
10 | #include <linux/kernel.h> |
11 | #include <linux/miscdevice.h> |
12 | #include <linux/module.h> |
13 | #include <linux/pci.h> |
14 | #include <linux/poll.h> |
15 | #include <linux/vbox_utils.h> |
16 | #include "vboxguest_core.h" |
17 | |
18 | /** The device name. */ |
19 | #define DEVICE_NAME "vboxguest" |
20 | /** The device name for the device node open to everyone. */ |
21 | #define DEVICE_NAME_USER "vboxuser" |
22 | /** VirtualBox PCI vendor ID. */ |
23 | #define VBOX_VENDORID 0x80ee |
24 | /** VMMDev PCI card product ID. */ |
25 | #define VMMDEV_DEVICEID 0xcafe |
26 | |
27 | /** Mutex protecting the global vbg_gdev pointer used by vbg_get/put_gdev. */ |
28 | static DEFINE_MUTEX(vbg_gdev_mutex); |
29 | /** Global vbg_gdev pointer used by vbg_get/put_gdev. */ |
30 | static struct vbg_dev *vbg_gdev; |
31 | |
32 | static u32 vbg_misc_device_requestor(struct inode *inode) |
33 | { |
34 | u32 requestor = VMMDEV_REQUESTOR_USERMODE | |
35 | VMMDEV_REQUESTOR_CON_DONT_KNOW | |
36 | VMMDEV_REQUESTOR_TRUST_NOT_GIVEN; |
37 | |
38 | if (from_kuid(current_user_ns(), current_uid()) == 0) |
39 | requestor |= VMMDEV_REQUESTOR_USR_ROOT; |
40 | else |
41 | requestor |= VMMDEV_REQUESTOR_USR_USER; |
42 | |
43 | if (in_egroup_p(inode->i_gid)) |
44 | requestor |= VMMDEV_REQUESTOR_GRP_VBOX; |
45 | |
46 | return requestor; |
47 | } |
48 | |
49 | static int vbg_misc_device_open(struct inode *inode, struct file *filp) |
50 | { |
51 | struct vbg_session *session; |
52 | struct vbg_dev *gdev; |
53 | |
54 | /* misc_open sets filp->private_data to our misc device */ |
55 | gdev = container_of(filp->private_data, struct vbg_dev, misc_device); |
56 | |
57 | session = vbg_core_open_session(gdev, requestor: vbg_misc_device_requestor(inode)); |
58 | if (IS_ERR(ptr: session)) |
59 | return PTR_ERR(ptr: session); |
60 | |
61 | filp->private_data = session; |
62 | return 0; |
63 | } |
64 | |
65 | static int vbg_misc_device_user_open(struct inode *inode, struct file *filp) |
66 | { |
67 | struct vbg_session *session; |
68 | struct vbg_dev *gdev; |
69 | |
70 | /* misc_open sets filp->private_data to our misc device */ |
71 | gdev = container_of(filp->private_data, struct vbg_dev, |
72 | misc_device_user); |
73 | |
74 | session = vbg_core_open_session(gdev, requestor: vbg_misc_device_requestor(inode) | |
75 | VMMDEV_REQUESTOR_USER_DEVICE); |
76 | if (IS_ERR(ptr: session)) |
77 | return PTR_ERR(ptr: session); |
78 | |
79 | filp->private_data = session; |
80 | return 0; |
81 | } |
82 | |
83 | /** |
84 | * vbg_misc_device_close - Close device. |
85 | * @inode: Pointer to inode info structure. |
86 | * @filp: Associated file pointer. |
87 | * |
88 | * Return: %0 on success, negated errno on failure. |
89 | */ |
90 | static int vbg_misc_device_close(struct inode *inode, struct file *filp) |
91 | { |
92 | vbg_core_close_session(session: filp->private_data); |
93 | filp->private_data = NULL; |
94 | return 0; |
95 | } |
96 | |
97 | /** |
98 | * vbg_misc_device_ioctl - Device I/O Control entry point. |
99 | * @filp: Associated file pointer. |
100 | * @req: The request specified to ioctl(). |
101 | * @arg: The argument specified to ioctl(). |
102 | * |
103 | * Return: %0 on success, negated errno on failure. |
104 | */ |
105 | static long vbg_misc_device_ioctl(struct file *filp, unsigned int req, |
106 | unsigned long arg) |
107 | { |
108 | struct vbg_session *session = filp->private_data; |
109 | size_t returned_size, size; |
110 | struct vbg_ioctl_hdr hdr; |
111 | bool is_vmmdev_req; |
112 | int ret = 0; |
113 | void *buf; |
114 | |
115 | if (copy_from_user(to: &hdr, from: (void *)arg, n: sizeof(hdr))) |
116 | return -EFAULT; |
117 | |
118 | if (hdr.version != VBG_IOCTL_HDR_VERSION) |
119 | return -EINVAL; |
120 | |
121 | if (hdr.size_in < sizeof(hdr) || |
122 | (hdr.size_out && hdr.size_out < sizeof(hdr))) |
123 | return -EINVAL; |
124 | |
125 | size = max(hdr.size_in, hdr.size_out); |
126 | if (_IOC_SIZE(req) && _IOC_SIZE(req) != size) |
127 | return -EINVAL; |
128 | if (size > SZ_16M) |
129 | return -E2BIG; |
130 | |
131 | /* |
132 | * IOCTL_VMMDEV_REQUEST needs the buffer to be below 4G to avoid |
133 | * the need for a bounce-buffer and another copy later on. |
134 | */ |
135 | is_vmmdev_req = (req & ~IOCSIZE_MASK) == VBG_IOCTL_VMMDEV_REQUEST(0) || |
136 | req == VBG_IOCTL_VMMDEV_REQUEST_BIG || |
137 | req == VBG_IOCTL_VMMDEV_REQUEST_BIG_ALT; |
138 | |
139 | if (is_vmmdev_req) |
140 | buf = vbg_req_alloc(len: size, VBG_IOCTL_HDR_TYPE_DEFAULT, |
141 | requestor: session->requestor); |
142 | else |
143 | buf = kmalloc(size, GFP_KERNEL); |
144 | if (!buf) |
145 | return -ENOMEM; |
146 | |
147 | *((struct vbg_ioctl_hdr *)buf) = hdr; |
148 | if (copy_from_user(to: buf + sizeof(hdr), from: (void *)arg + sizeof(hdr), |
149 | n: hdr.size_in - sizeof(hdr))) { |
150 | ret = -EFAULT; |
151 | goto out; |
152 | } |
153 | if (hdr.size_in < size) |
154 | memset(buf + hdr.size_in, 0, size - hdr.size_in); |
155 | |
156 | ret = vbg_core_ioctl(session, req, data: buf); |
157 | if (ret) |
158 | goto out; |
159 | |
160 | returned_size = ((struct vbg_ioctl_hdr *)buf)->size_out; |
161 | if (returned_size > size) { |
162 | vbg_debug("%s: too much output data %zu > %zu\n" , |
163 | __func__, returned_size, size); |
164 | returned_size = size; |
165 | } |
166 | if (copy_to_user(to: (void *)arg, from: buf, n: returned_size) != 0) |
167 | ret = -EFAULT; |
168 | |
169 | out: |
170 | if (is_vmmdev_req) |
171 | vbg_req_free(req: buf, len: size); |
172 | else |
173 | kfree(objp: buf); |
174 | |
175 | return ret; |
176 | } |
177 | |
178 | /* The file_operations structures. */ |
179 | static const struct file_operations vbg_misc_device_fops = { |
180 | .owner = THIS_MODULE, |
181 | .open = vbg_misc_device_open, |
182 | .release = vbg_misc_device_close, |
183 | .unlocked_ioctl = vbg_misc_device_ioctl, |
184 | #ifdef CONFIG_COMPAT |
185 | .compat_ioctl = vbg_misc_device_ioctl, |
186 | #endif |
187 | }; |
188 | static const struct file_operations vbg_misc_device_user_fops = { |
189 | .owner = THIS_MODULE, |
190 | .open = vbg_misc_device_user_open, |
191 | .release = vbg_misc_device_close, |
192 | .unlocked_ioctl = vbg_misc_device_ioctl, |
193 | #ifdef CONFIG_COMPAT |
194 | .compat_ioctl = vbg_misc_device_ioctl, |
195 | #endif |
196 | }; |
197 | |
198 | /* |
199 | * Called when the input device is first opened. |
200 | * |
201 | * Sets up absolute mouse reporting. |
202 | */ |
203 | static int vbg_input_open(struct input_dev *input) |
204 | { |
205 | struct vbg_dev *gdev = input_get_drvdata(dev: input); |
206 | u32 feat = VMMDEV_MOUSE_GUEST_CAN_ABSOLUTE | VMMDEV_MOUSE_NEW_PROTOCOL; |
207 | |
208 | return vbg_core_set_mouse_status(gdev, features: feat); |
209 | } |
210 | |
211 | /* |
212 | * Called if all open handles to the input device are closed. |
213 | * |
214 | * Disables absolute reporting. |
215 | */ |
216 | static void vbg_input_close(struct input_dev *input) |
217 | { |
218 | struct vbg_dev *gdev = input_get_drvdata(dev: input); |
219 | |
220 | vbg_core_set_mouse_status(gdev, features: 0); |
221 | } |
222 | |
223 | /* |
224 | * Creates the kernel input device. |
225 | * |
226 | * Return: 0 on success, negated errno on failure. |
227 | */ |
228 | static int vbg_create_input_device(struct vbg_dev *gdev) |
229 | { |
230 | struct input_dev *input; |
231 | |
232 | input = devm_input_allocate_device(gdev->dev); |
233 | if (!input) |
234 | return -ENOMEM; |
235 | |
236 | input->id.bustype = BUS_PCI; |
237 | input->id.vendor = VBOX_VENDORID; |
238 | input->id.product = VMMDEV_DEVICEID; |
239 | input->open = vbg_input_open; |
240 | input->close = vbg_input_close; |
241 | input->dev.parent = gdev->dev; |
242 | input->name = "VirtualBox mouse integration" ; |
243 | |
244 | input_set_abs_params(dev: input, ABS_X, VMMDEV_MOUSE_RANGE_MIN, |
245 | VMMDEV_MOUSE_RANGE_MAX, fuzz: 0, flat: 0); |
246 | input_set_abs_params(dev: input, ABS_Y, VMMDEV_MOUSE_RANGE_MIN, |
247 | VMMDEV_MOUSE_RANGE_MAX, fuzz: 0, flat: 0); |
248 | input_set_capability(dev: input, EV_KEY, BTN_MOUSE); |
249 | input_set_drvdata(dev: input, data: gdev); |
250 | |
251 | gdev->input = input; |
252 | |
253 | return input_register_device(gdev->input); |
254 | } |
255 | |
256 | static ssize_t host_version_show(struct device *dev, |
257 | struct device_attribute *attr, char *buf) |
258 | { |
259 | struct vbg_dev *gdev = dev_get_drvdata(dev); |
260 | |
261 | return sprintf(buf, fmt: "%s\n" , gdev->host_version); |
262 | } |
263 | |
264 | static ssize_t host_features_show(struct device *dev, |
265 | struct device_attribute *attr, char *buf) |
266 | { |
267 | struct vbg_dev *gdev = dev_get_drvdata(dev); |
268 | |
269 | return sprintf(buf, fmt: "%#x\n" , gdev->host_features); |
270 | } |
271 | |
272 | static DEVICE_ATTR_RO(host_version); |
273 | static DEVICE_ATTR_RO(host_features); |
274 | |
275 | static struct attribute *vbg_pci_attrs[] = { |
276 | &dev_attr_host_version.attr, |
277 | &dev_attr_host_features.attr, |
278 | NULL, |
279 | }; |
280 | ATTRIBUTE_GROUPS(vbg_pci); |
281 | |
282 | /* |
283 | * Does the PCI detection and init of the device. |
284 | * |
285 | * Return: 0 on success, negated errno on failure. |
286 | */ |
287 | static int vbg_pci_probe(struct pci_dev *pci, const struct pci_device_id *id) |
288 | { |
289 | struct device *dev = &pci->dev; |
290 | resource_size_t io, io_len, mmio, mmio_len; |
291 | struct vmmdev_memory *vmmdev; |
292 | struct vbg_dev *gdev; |
293 | int ret; |
294 | |
295 | gdev = devm_kzalloc(dev, size: sizeof(*gdev), GFP_KERNEL); |
296 | if (!gdev) |
297 | return -ENOMEM; |
298 | |
299 | ret = pci_enable_device(dev: pci); |
300 | if (ret != 0) { |
301 | vbg_err(fmt: "vboxguest: Error enabling device: %d\n" , ret); |
302 | return ret; |
303 | } |
304 | |
305 | ret = -ENODEV; |
306 | |
307 | io = pci_resource_start(pci, 0); |
308 | io_len = pci_resource_len(pci, 0); |
309 | if (!io || !io_len) { |
310 | vbg_err(fmt: "vboxguest: Error IO-port resource (0) is missing\n" ); |
311 | goto err_disable_pcidev; |
312 | } |
313 | if (devm_request_region(dev, io, io_len, DEVICE_NAME) == NULL) { |
314 | vbg_err(fmt: "vboxguest: Error could not claim IO resource\n" ); |
315 | ret = -EBUSY; |
316 | goto err_disable_pcidev; |
317 | } |
318 | |
319 | mmio = pci_resource_start(pci, 1); |
320 | mmio_len = pci_resource_len(pci, 1); |
321 | if (!mmio || !mmio_len) { |
322 | vbg_err(fmt: "vboxguest: Error MMIO resource (1) is missing\n" ); |
323 | goto err_disable_pcidev; |
324 | } |
325 | |
326 | if (devm_request_mem_region(dev, mmio, mmio_len, DEVICE_NAME) == NULL) { |
327 | vbg_err(fmt: "vboxguest: Error could not claim MMIO resource\n" ); |
328 | ret = -EBUSY; |
329 | goto err_disable_pcidev; |
330 | } |
331 | |
332 | vmmdev = devm_ioremap(dev, offset: mmio, size: mmio_len); |
333 | if (!vmmdev) { |
334 | vbg_err(fmt: "vboxguest: Error ioremap failed; MMIO addr=%pap size=%pap\n" , |
335 | &mmio, &mmio_len); |
336 | goto err_disable_pcidev; |
337 | } |
338 | |
339 | /* Validate MMIO region version and size. */ |
340 | if (vmmdev->version != VMMDEV_MEMORY_VERSION || |
341 | vmmdev->size < 32 || vmmdev->size > mmio_len) { |
342 | vbg_err(fmt: "vboxguest: Bogus VMMDev memory; version=%08x (expected %08x) size=%d (expected <= %d)\n" , |
343 | vmmdev->version, VMMDEV_MEMORY_VERSION, |
344 | vmmdev->size, (int)mmio_len); |
345 | goto err_disable_pcidev; |
346 | } |
347 | |
348 | gdev->io_port = io; |
349 | gdev->mmio = vmmdev; |
350 | gdev->dev = dev; |
351 | gdev->misc_device.minor = MISC_DYNAMIC_MINOR; |
352 | gdev->misc_device.name = DEVICE_NAME; |
353 | gdev->misc_device.fops = &vbg_misc_device_fops; |
354 | gdev->misc_device_user.minor = MISC_DYNAMIC_MINOR; |
355 | gdev->misc_device_user.name = DEVICE_NAME_USER; |
356 | gdev->misc_device_user.fops = &vbg_misc_device_user_fops; |
357 | |
358 | ret = vbg_core_init(gdev, VMMDEV_EVENT_MOUSE_POSITION_CHANGED); |
359 | if (ret) |
360 | goto err_disable_pcidev; |
361 | |
362 | ret = vbg_create_input_device(gdev); |
363 | if (ret) { |
364 | vbg_err(fmt: "vboxguest: Error creating input device: %d\n" , ret); |
365 | goto err_vbg_core_exit; |
366 | } |
367 | |
368 | ret = request_irq(irq: pci->irq, handler: vbg_core_isr, IRQF_SHARED, DEVICE_NAME, |
369 | dev: gdev); |
370 | if (ret) { |
371 | vbg_err(fmt: "vboxguest: Error requesting irq: %d\n" , ret); |
372 | goto err_vbg_core_exit; |
373 | } |
374 | |
375 | ret = misc_register(misc: &gdev->misc_device); |
376 | if (ret) { |
377 | vbg_err(fmt: "vboxguest: Error misc_register %s failed: %d\n" , |
378 | DEVICE_NAME, ret); |
379 | goto err_free_irq; |
380 | } |
381 | |
382 | ret = misc_register(misc: &gdev->misc_device_user); |
383 | if (ret) { |
384 | vbg_err(fmt: "vboxguest: Error misc_register %s failed: %d\n" , |
385 | DEVICE_NAME_USER, ret); |
386 | goto err_unregister_misc_device; |
387 | } |
388 | |
389 | mutex_lock(&vbg_gdev_mutex); |
390 | if (!vbg_gdev) |
391 | vbg_gdev = gdev; |
392 | else |
393 | ret = -EBUSY; |
394 | mutex_unlock(lock: &vbg_gdev_mutex); |
395 | |
396 | if (ret) { |
397 | vbg_err(fmt: "vboxguest: Error more then 1 vbox guest pci device\n" ); |
398 | goto err_unregister_misc_device_user; |
399 | } |
400 | |
401 | pci_set_drvdata(pdev: pci, data: gdev); |
402 | |
403 | return 0; |
404 | |
405 | err_unregister_misc_device_user: |
406 | misc_deregister(misc: &gdev->misc_device_user); |
407 | err_unregister_misc_device: |
408 | misc_deregister(misc: &gdev->misc_device); |
409 | err_free_irq: |
410 | free_irq(pci->irq, gdev); |
411 | err_vbg_core_exit: |
412 | vbg_core_exit(gdev); |
413 | err_disable_pcidev: |
414 | pci_disable_device(dev: pci); |
415 | |
416 | return ret; |
417 | } |
418 | |
419 | static void vbg_pci_remove(struct pci_dev *pci) |
420 | { |
421 | struct vbg_dev *gdev = pci_get_drvdata(pdev: pci); |
422 | |
423 | mutex_lock(&vbg_gdev_mutex); |
424 | vbg_gdev = NULL; |
425 | mutex_unlock(lock: &vbg_gdev_mutex); |
426 | |
427 | free_irq(pci->irq, gdev); |
428 | misc_deregister(misc: &gdev->misc_device_user); |
429 | misc_deregister(misc: &gdev->misc_device); |
430 | vbg_core_exit(gdev); |
431 | pci_disable_device(dev: pci); |
432 | } |
433 | |
434 | struct vbg_dev *vbg_get_gdev(void) |
435 | { |
436 | mutex_lock(&vbg_gdev_mutex); |
437 | |
438 | /* |
439 | * Note on success we keep the mutex locked until vbg_put_gdev(), |
440 | * this stops vbg_pci_remove from removing the device from underneath |
441 | * vboxsf. vboxsf will only hold a reference for a short while. |
442 | */ |
443 | if (vbg_gdev) |
444 | return vbg_gdev; |
445 | |
446 | mutex_unlock(lock: &vbg_gdev_mutex); |
447 | return ERR_PTR(error: -ENODEV); |
448 | } |
449 | EXPORT_SYMBOL(vbg_get_gdev); |
450 | |
451 | void vbg_put_gdev(struct vbg_dev *gdev) |
452 | { |
453 | WARN_ON(gdev != vbg_gdev); |
454 | mutex_unlock(lock: &vbg_gdev_mutex); |
455 | } |
456 | EXPORT_SYMBOL(vbg_put_gdev); |
457 | |
458 | /* |
459 | * Callback for mouse events. |
460 | * |
461 | * This is called at the end of the ISR, after leaving the event spinlock, if |
462 | * VMMDEV_EVENT_MOUSE_POSITION_CHANGED was raised by the host. |
463 | * |
464 | * @gdev: The device extension. |
465 | */ |
466 | void vbg_linux_mouse_event(struct vbg_dev *gdev) |
467 | { |
468 | int rc; |
469 | |
470 | /* Report events to the kernel input device */ |
471 | gdev->mouse_status_req->mouse_features = 0; |
472 | gdev->mouse_status_req->pointer_pos_x = 0; |
473 | gdev->mouse_status_req->pointer_pos_y = 0; |
474 | rc = vbg_req_perform(gdev, req: gdev->mouse_status_req); |
475 | if (rc >= 0) { |
476 | input_report_abs(dev: gdev->input, ABS_X, |
477 | value: gdev->mouse_status_req->pointer_pos_x); |
478 | input_report_abs(dev: gdev->input, ABS_Y, |
479 | value: gdev->mouse_status_req->pointer_pos_y); |
480 | input_sync(dev: gdev->input); |
481 | } |
482 | } |
483 | |
484 | static const struct pci_device_id vbg_pci_ids[] = { |
485 | { .vendor = VBOX_VENDORID, .device = VMMDEV_DEVICEID }, |
486 | {} |
487 | }; |
488 | MODULE_DEVICE_TABLE(pci, vbg_pci_ids); |
489 | |
490 | static struct pci_driver vbg_pci_driver = { |
491 | .name = DEVICE_NAME, |
492 | .dev_groups = vbg_pci_groups, |
493 | .id_table = vbg_pci_ids, |
494 | .probe = vbg_pci_probe, |
495 | .remove = vbg_pci_remove, |
496 | }; |
497 | |
498 | module_pci_driver(vbg_pci_driver); |
499 | |
500 | MODULE_AUTHOR("Oracle Corporation" ); |
501 | MODULE_DESCRIPTION("Oracle VM VirtualBox Guest Additions for Linux Module" ); |
502 | MODULE_LICENSE("GPL" ); |
503 | |