1/* SPDX-License-Identifier: GPL-2.0 */
2/*
3 * vboxguest linux pci driver, char-dev and input-device code,
4 *
5 * Copyright (C) 2006-2016 Oracle Corporation
6 */
7
8#include <linux/cred.h>
9#include <linux/input.h>
10#include <linux/kernel.h>
11#include <linux/miscdevice.h>
12#include <linux/module.h>
13#include <linux/pci.h>
14#include <linux/poll.h>
15#include <linux/vbox_utils.h>
16#include "vboxguest_core.h"
17
18/** The device name. */
19#define DEVICE_NAME "vboxguest"
20/** The device name for the device node open to everyone. */
21#define DEVICE_NAME_USER "vboxuser"
22/** VirtualBox PCI vendor ID. */
23#define VBOX_VENDORID 0x80ee
24/** VMMDev PCI card product ID. */
25#define VMMDEV_DEVICEID 0xcafe
26
27/** Mutex protecting the global vbg_gdev pointer used by vbg_get/put_gdev. */
28static DEFINE_MUTEX(vbg_gdev_mutex);
29/** Global vbg_gdev pointer used by vbg_get/put_gdev. */
30static struct vbg_dev *vbg_gdev;
31
32static u32 vbg_misc_device_requestor(struct inode *inode)
33{
34 u32 requestor = VMMDEV_REQUESTOR_USERMODE |
35 VMMDEV_REQUESTOR_CON_DONT_KNOW |
36 VMMDEV_REQUESTOR_TRUST_NOT_GIVEN;
37
38 if (from_kuid(current_user_ns(), current_uid()) == 0)
39 requestor |= VMMDEV_REQUESTOR_USR_ROOT;
40 else
41 requestor |= VMMDEV_REQUESTOR_USR_USER;
42
43 if (in_egroup_p(inode->i_gid))
44 requestor |= VMMDEV_REQUESTOR_GRP_VBOX;
45
46 return requestor;
47}
48
49static int vbg_misc_device_open(struct inode *inode, struct file *filp)
50{
51 struct vbg_session *session;
52 struct vbg_dev *gdev;
53
54 /* misc_open sets filp->private_data to our misc device */
55 gdev = container_of(filp->private_data, struct vbg_dev, misc_device);
56
57 session = vbg_core_open_session(gdev, requestor: vbg_misc_device_requestor(inode));
58 if (IS_ERR(ptr: session))
59 return PTR_ERR(ptr: session);
60
61 filp->private_data = session;
62 return 0;
63}
64
65static int vbg_misc_device_user_open(struct inode *inode, struct file *filp)
66{
67 struct vbg_session *session;
68 struct vbg_dev *gdev;
69
70 /* misc_open sets filp->private_data to our misc device */
71 gdev = container_of(filp->private_data, struct vbg_dev,
72 misc_device_user);
73
74 session = vbg_core_open_session(gdev, requestor: vbg_misc_device_requestor(inode) |
75 VMMDEV_REQUESTOR_USER_DEVICE);
76 if (IS_ERR(ptr: session))
77 return PTR_ERR(ptr: session);
78
79 filp->private_data = session;
80 return 0;
81}
82
83/**
84 * vbg_misc_device_close - Close device.
85 * @inode: Pointer to inode info structure.
86 * @filp: Associated file pointer.
87 *
88 * Return: %0 on success, negated errno on failure.
89 */
90static int vbg_misc_device_close(struct inode *inode, struct file *filp)
91{
92 vbg_core_close_session(session: filp->private_data);
93 filp->private_data = NULL;
94 return 0;
95}
96
97/**
98 * vbg_misc_device_ioctl - Device I/O Control entry point.
99 * @filp: Associated file pointer.
100 * @req: The request specified to ioctl().
101 * @arg: The argument specified to ioctl().
102 *
103 * Return: %0 on success, negated errno on failure.
104 */
105static long vbg_misc_device_ioctl(struct file *filp, unsigned int req,
106 unsigned long arg)
107{
108 struct vbg_session *session = filp->private_data;
109 size_t returned_size, size;
110 struct vbg_ioctl_hdr hdr;
111 bool is_vmmdev_req;
112 int ret = 0;
113 void *buf;
114
115 if (copy_from_user(to: &hdr, from: (void *)arg, n: sizeof(hdr)))
116 return -EFAULT;
117
118 if (hdr.version != VBG_IOCTL_HDR_VERSION)
119 return -EINVAL;
120
121 if (hdr.size_in < sizeof(hdr) ||
122 (hdr.size_out && hdr.size_out < sizeof(hdr)))
123 return -EINVAL;
124
125 size = max(hdr.size_in, hdr.size_out);
126 if (_IOC_SIZE(req) && _IOC_SIZE(req) != size)
127 return -EINVAL;
128 if (size > SZ_16M)
129 return -E2BIG;
130
131 /*
132 * IOCTL_VMMDEV_REQUEST needs the buffer to be below 4G to avoid
133 * the need for a bounce-buffer and another copy later on.
134 */
135 is_vmmdev_req = (req & ~IOCSIZE_MASK) == VBG_IOCTL_VMMDEV_REQUEST(0) ||
136 req == VBG_IOCTL_VMMDEV_REQUEST_BIG ||
137 req == VBG_IOCTL_VMMDEV_REQUEST_BIG_ALT;
138
139 if (is_vmmdev_req)
140 buf = vbg_req_alloc(len: size, VBG_IOCTL_HDR_TYPE_DEFAULT,
141 requestor: session->requestor);
142 else
143 buf = kmalloc(size, GFP_KERNEL);
144 if (!buf)
145 return -ENOMEM;
146
147 *((struct vbg_ioctl_hdr *)buf) = hdr;
148 if (copy_from_user(to: buf + sizeof(hdr), from: (void *)arg + sizeof(hdr),
149 n: hdr.size_in - sizeof(hdr))) {
150 ret = -EFAULT;
151 goto out;
152 }
153 if (hdr.size_in < size)
154 memset(buf + hdr.size_in, 0, size - hdr.size_in);
155
156 ret = vbg_core_ioctl(session, req, data: buf);
157 if (ret)
158 goto out;
159
160 returned_size = ((struct vbg_ioctl_hdr *)buf)->size_out;
161 if (returned_size > size) {
162 vbg_debug("%s: too much output data %zu > %zu\n",
163 __func__, returned_size, size);
164 returned_size = size;
165 }
166 if (copy_to_user(to: (void *)arg, from: buf, n: returned_size) != 0)
167 ret = -EFAULT;
168
169out:
170 if (is_vmmdev_req)
171 vbg_req_free(req: buf, len: size);
172 else
173 kfree(objp: buf);
174
175 return ret;
176}
177
178/* The file_operations structures. */
179static const struct file_operations vbg_misc_device_fops = {
180 .owner = THIS_MODULE,
181 .open = vbg_misc_device_open,
182 .release = vbg_misc_device_close,
183 .unlocked_ioctl = vbg_misc_device_ioctl,
184#ifdef CONFIG_COMPAT
185 .compat_ioctl = vbg_misc_device_ioctl,
186#endif
187};
188static const struct file_operations vbg_misc_device_user_fops = {
189 .owner = THIS_MODULE,
190 .open = vbg_misc_device_user_open,
191 .release = vbg_misc_device_close,
192 .unlocked_ioctl = vbg_misc_device_ioctl,
193#ifdef CONFIG_COMPAT
194 .compat_ioctl = vbg_misc_device_ioctl,
195#endif
196};
197
198/*
199 * Called when the input device is first opened.
200 *
201 * Sets up absolute mouse reporting.
202 */
203static int vbg_input_open(struct input_dev *input)
204{
205 struct vbg_dev *gdev = input_get_drvdata(dev: input);
206 u32 feat = VMMDEV_MOUSE_GUEST_CAN_ABSOLUTE | VMMDEV_MOUSE_NEW_PROTOCOL;
207
208 return vbg_core_set_mouse_status(gdev, features: feat);
209}
210
211/*
212 * Called if all open handles to the input device are closed.
213 *
214 * Disables absolute reporting.
215 */
216static void vbg_input_close(struct input_dev *input)
217{
218 struct vbg_dev *gdev = input_get_drvdata(dev: input);
219
220 vbg_core_set_mouse_status(gdev, features: 0);
221}
222
223/*
224 * Creates the kernel input device.
225 *
226 * Return: 0 on success, negated errno on failure.
227 */
228static int vbg_create_input_device(struct vbg_dev *gdev)
229{
230 struct input_dev *input;
231
232 input = devm_input_allocate_device(gdev->dev);
233 if (!input)
234 return -ENOMEM;
235
236 input->id.bustype = BUS_PCI;
237 input->id.vendor = VBOX_VENDORID;
238 input->id.product = VMMDEV_DEVICEID;
239 input->open = vbg_input_open;
240 input->close = vbg_input_close;
241 input->dev.parent = gdev->dev;
242 input->name = "VirtualBox mouse integration";
243
244 input_set_abs_params(dev: input, ABS_X, VMMDEV_MOUSE_RANGE_MIN,
245 VMMDEV_MOUSE_RANGE_MAX, fuzz: 0, flat: 0);
246 input_set_abs_params(dev: input, ABS_Y, VMMDEV_MOUSE_RANGE_MIN,
247 VMMDEV_MOUSE_RANGE_MAX, fuzz: 0, flat: 0);
248 input_set_capability(dev: input, EV_KEY, BTN_MOUSE);
249 input_set_drvdata(dev: input, data: gdev);
250
251 gdev->input = input;
252
253 return input_register_device(gdev->input);
254}
255
256static ssize_t host_version_show(struct device *dev,
257 struct device_attribute *attr, char *buf)
258{
259 struct vbg_dev *gdev = dev_get_drvdata(dev);
260
261 return sprintf(buf, fmt: "%s\n", gdev->host_version);
262}
263
264static ssize_t host_features_show(struct device *dev,
265 struct device_attribute *attr, char *buf)
266{
267 struct vbg_dev *gdev = dev_get_drvdata(dev);
268
269 return sprintf(buf, fmt: "%#x\n", gdev->host_features);
270}
271
272static DEVICE_ATTR_RO(host_version);
273static DEVICE_ATTR_RO(host_features);
274
275static struct attribute *vbg_pci_attrs[] = {
276 &dev_attr_host_version.attr,
277 &dev_attr_host_features.attr,
278 NULL,
279};
280ATTRIBUTE_GROUPS(vbg_pci);
281
282/*
283 * Does the PCI detection and init of the device.
284 *
285 * Return: 0 on success, negated errno on failure.
286 */
287static int vbg_pci_probe(struct pci_dev *pci, const struct pci_device_id *id)
288{
289 struct device *dev = &pci->dev;
290 resource_size_t io, io_len, mmio, mmio_len;
291 struct vmmdev_memory *vmmdev;
292 struct vbg_dev *gdev;
293 int ret;
294
295 gdev = devm_kzalloc(dev, size: sizeof(*gdev), GFP_KERNEL);
296 if (!gdev)
297 return -ENOMEM;
298
299 ret = pci_enable_device(dev: pci);
300 if (ret != 0) {
301 vbg_err(fmt: "vboxguest: Error enabling device: %d\n", ret);
302 return ret;
303 }
304
305 ret = -ENODEV;
306
307 io = pci_resource_start(pci, 0);
308 io_len = pci_resource_len(pci, 0);
309 if (!io || !io_len) {
310 vbg_err(fmt: "vboxguest: Error IO-port resource (0) is missing\n");
311 goto err_disable_pcidev;
312 }
313 if (devm_request_region(dev, io, io_len, DEVICE_NAME) == NULL) {
314 vbg_err(fmt: "vboxguest: Error could not claim IO resource\n");
315 ret = -EBUSY;
316 goto err_disable_pcidev;
317 }
318
319 mmio = pci_resource_start(pci, 1);
320 mmio_len = pci_resource_len(pci, 1);
321 if (!mmio || !mmio_len) {
322 vbg_err(fmt: "vboxguest: Error MMIO resource (1) is missing\n");
323 goto err_disable_pcidev;
324 }
325
326 if (devm_request_mem_region(dev, mmio, mmio_len, DEVICE_NAME) == NULL) {
327 vbg_err(fmt: "vboxguest: Error could not claim MMIO resource\n");
328 ret = -EBUSY;
329 goto err_disable_pcidev;
330 }
331
332 vmmdev = devm_ioremap(dev, offset: mmio, size: mmio_len);
333 if (!vmmdev) {
334 vbg_err(fmt: "vboxguest: Error ioremap failed; MMIO addr=%pap size=%pap\n",
335 &mmio, &mmio_len);
336 goto err_disable_pcidev;
337 }
338
339 /* Validate MMIO region version and size. */
340 if (vmmdev->version != VMMDEV_MEMORY_VERSION ||
341 vmmdev->size < 32 || vmmdev->size > mmio_len) {
342 vbg_err(fmt: "vboxguest: Bogus VMMDev memory; version=%08x (expected %08x) size=%d (expected <= %d)\n",
343 vmmdev->version, VMMDEV_MEMORY_VERSION,
344 vmmdev->size, (int)mmio_len);
345 goto err_disable_pcidev;
346 }
347
348 gdev->io_port = io;
349 gdev->mmio = vmmdev;
350 gdev->dev = dev;
351 gdev->misc_device.minor = MISC_DYNAMIC_MINOR;
352 gdev->misc_device.name = DEVICE_NAME;
353 gdev->misc_device.fops = &vbg_misc_device_fops;
354 gdev->misc_device_user.minor = MISC_DYNAMIC_MINOR;
355 gdev->misc_device_user.name = DEVICE_NAME_USER;
356 gdev->misc_device_user.fops = &vbg_misc_device_user_fops;
357
358 ret = vbg_core_init(gdev, VMMDEV_EVENT_MOUSE_POSITION_CHANGED);
359 if (ret)
360 goto err_disable_pcidev;
361
362 ret = vbg_create_input_device(gdev);
363 if (ret) {
364 vbg_err(fmt: "vboxguest: Error creating input device: %d\n", ret);
365 goto err_vbg_core_exit;
366 }
367
368 ret = request_irq(irq: pci->irq, handler: vbg_core_isr, IRQF_SHARED, DEVICE_NAME,
369 dev: gdev);
370 if (ret) {
371 vbg_err(fmt: "vboxguest: Error requesting irq: %d\n", ret);
372 goto err_vbg_core_exit;
373 }
374
375 ret = misc_register(misc: &gdev->misc_device);
376 if (ret) {
377 vbg_err(fmt: "vboxguest: Error misc_register %s failed: %d\n",
378 DEVICE_NAME, ret);
379 goto err_free_irq;
380 }
381
382 ret = misc_register(misc: &gdev->misc_device_user);
383 if (ret) {
384 vbg_err(fmt: "vboxguest: Error misc_register %s failed: %d\n",
385 DEVICE_NAME_USER, ret);
386 goto err_unregister_misc_device;
387 }
388
389 mutex_lock(&vbg_gdev_mutex);
390 if (!vbg_gdev)
391 vbg_gdev = gdev;
392 else
393 ret = -EBUSY;
394 mutex_unlock(lock: &vbg_gdev_mutex);
395
396 if (ret) {
397 vbg_err(fmt: "vboxguest: Error more then 1 vbox guest pci device\n");
398 goto err_unregister_misc_device_user;
399 }
400
401 pci_set_drvdata(pdev: pci, data: gdev);
402
403 return 0;
404
405err_unregister_misc_device_user:
406 misc_deregister(misc: &gdev->misc_device_user);
407err_unregister_misc_device:
408 misc_deregister(misc: &gdev->misc_device);
409err_free_irq:
410 free_irq(pci->irq, gdev);
411err_vbg_core_exit:
412 vbg_core_exit(gdev);
413err_disable_pcidev:
414 pci_disable_device(dev: pci);
415
416 return ret;
417}
418
419static void vbg_pci_remove(struct pci_dev *pci)
420{
421 struct vbg_dev *gdev = pci_get_drvdata(pdev: pci);
422
423 mutex_lock(&vbg_gdev_mutex);
424 vbg_gdev = NULL;
425 mutex_unlock(lock: &vbg_gdev_mutex);
426
427 free_irq(pci->irq, gdev);
428 misc_deregister(misc: &gdev->misc_device_user);
429 misc_deregister(misc: &gdev->misc_device);
430 vbg_core_exit(gdev);
431 pci_disable_device(dev: pci);
432}
433
434struct vbg_dev *vbg_get_gdev(void)
435{
436 mutex_lock(&vbg_gdev_mutex);
437
438 /*
439 * Note on success we keep the mutex locked until vbg_put_gdev(),
440 * this stops vbg_pci_remove from removing the device from underneath
441 * vboxsf. vboxsf will only hold a reference for a short while.
442 */
443 if (vbg_gdev)
444 return vbg_gdev;
445
446 mutex_unlock(lock: &vbg_gdev_mutex);
447 return ERR_PTR(error: -ENODEV);
448}
449EXPORT_SYMBOL(vbg_get_gdev);
450
451void vbg_put_gdev(struct vbg_dev *gdev)
452{
453 WARN_ON(gdev != vbg_gdev);
454 mutex_unlock(lock: &vbg_gdev_mutex);
455}
456EXPORT_SYMBOL(vbg_put_gdev);
457
458/*
459 * Callback for mouse events.
460 *
461 * This is called at the end of the ISR, after leaving the event spinlock, if
462 * VMMDEV_EVENT_MOUSE_POSITION_CHANGED was raised by the host.
463 *
464 * @gdev: The device extension.
465 */
466void vbg_linux_mouse_event(struct vbg_dev *gdev)
467{
468 int rc;
469
470 /* Report events to the kernel input device */
471 gdev->mouse_status_req->mouse_features = 0;
472 gdev->mouse_status_req->pointer_pos_x = 0;
473 gdev->mouse_status_req->pointer_pos_y = 0;
474 rc = vbg_req_perform(gdev, req: gdev->mouse_status_req);
475 if (rc >= 0) {
476 input_report_abs(dev: gdev->input, ABS_X,
477 value: gdev->mouse_status_req->pointer_pos_x);
478 input_report_abs(dev: gdev->input, ABS_Y,
479 value: gdev->mouse_status_req->pointer_pos_y);
480 input_sync(dev: gdev->input);
481 }
482}
483
484static const struct pci_device_id vbg_pci_ids[] = {
485 { .vendor = VBOX_VENDORID, .device = VMMDEV_DEVICEID },
486 {}
487};
488MODULE_DEVICE_TABLE(pci, vbg_pci_ids);
489
490static struct pci_driver vbg_pci_driver = {
491 .name = DEVICE_NAME,
492 .dev_groups = vbg_pci_groups,
493 .id_table = vbg_pci_ids,
494 .probe = vbg_pci_probe,
495 .remove = vbg_pci_remove,
496};
497
498module_pci_driver(vbg_pci_driver);
499
500MODULE_AUTHOR("Oracle Corporation");
501MODULE_DESCRIPTION("Oracle VM VirtualBox Guest Additions for Linux Module");
502MODULE_LICENSE("GPL");
503

source code of linux/drivers/virt/vboxguest/vboxguest_linux.c