tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Merge tag 'char-misc-5.1-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc

Pull char/misc driver fixes from Greg KH:
"Here are some binder, habanalabs, and vboxguest driver fixes for
5.1-rc3.

The Binder fixes resolve some reported issues found by testing, first
by the selinux developers, and then earlier today by syzbot.

The habanalabs fixes are all minor, resolving a number of tiny things.

The vboxguest patches are a bit larger. They resolve the fact that
virtual box decided to change their api in their latest release in a
way that broke the existing kernel code, despite saying that they were
never going to do that. So this is a bit of a "new feature", but is
good to get merged so that 5.1 will work with the latest release. The
changes are not large and of course virtual box "swears" they will not
break this again, but no one is holding their breath here.

All of these have been in linux-next for a while with no reported
issues"

* tag 'char-misc-5.1-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc:
virt: vbox: Implement passing requestor info to the host for VirtualBox 6.0.x
binder: fix race between munmap() and direct reclaim
binder: fix BUG_ON found by selinux-testsuite
habanalabs: cast to expected type
habanalabs: prevent host crash during suspend/resume
habanalabs: perform accounting for active CS
habanalabs: fix mapping with page size bigger than 4KB
habanalabs: complete user context cleanup before hard reset
habanalabs: fix bug when mapping very large memory area
habanalabs: fix MMU number of pages calculation

Linus Torvalds 6f510923 3467b907

+324 -184
+2 -1
drivers/android/binder.c
··· 2057 2057 size_t object_size = 0; 2058 2058 2059 2059 read_size = min_t(size_t, sizeof(*object), buffer->data_size - offset); 2060 - if (read_size < sizeof(*hdr) || !IS_ALIGNED(offset, sizeof(u32))) 2060 + if (offset > buffer->data_size || read_size < sizeof(*hdr) || 2061 + !IS_ALIGNED(offset, sizeof(u32))) 2061 2062 return 0; 2062 2063 binder_alloc_copy_from_buffer(&proc->alloc, object, buffer, 2063 2064 offset, read_size);
+8 -10
drivers/android/binder_alloc.c
··· 927 927 928 928 index = page - alloc->pages; 929 929 page_addr = (uintptr_t)alloc->buffer + index * PAGE_SIZE; 930 + 931 + mm = alloc->vma_vm_mm; 932 + if (!mmget_not_zero(mm)) 933 + goto err_mmget; 934 + if (!down_write_trylock(&mm->mmap_sem)) 935 + goto err_down_write_mmap_sem_failed; 930 936 vma = binder_alloc_get_vma(alloc); 931 - if (vma) { 932 - if (!mmget_not_zero(alloc->vma_vm_mm)) 933 - goto err_mmget; 934 - mm = alloc->vma_vm_mm; 935 - if (!down_read_trylock(&mm->mmap_sem)) 936 - goto err_down_write_mmap_sem_failed; 937 - } 938 937 939 938 list_lru_isolate(lru, item); 940 939 spin_unlock(lock); ··· 944 945 zap_page_range(vma, page_addr, PAGE_SIZE); 945 946 946 947 trace_binder_unmap_user_end(alloc, index); 947 - 948 - up_read(&mm->mmap_sem); 949 - mmput(mm); 950 948 } 949 + up_write(&mm->mmap_sem); 950 + mmput(mm); 951 951 952 952 trace_binder_unmap_kernel_start(alloc, index); 953 953
+6
drivers/misc/habanalabs/command_submission.c
··· 179 179 180 180 /* We also need to update CI for internal queues */ 181 181 if (cs->submitted) { 182 + int cs_cnt = atomic_dec_return(&hdev->cs_active_cnt); 183 + 184 + WARN_ONCE((cs_cnt < 0), 185 + "hl%d: error in CS active cnt %d\n", 186 + hdev->id, cs_cnt); 187 + 182 188 hl_int_hw_queue_update_ci(cs); 183 189 184 190 spin_lock(&hdev->hw_queues_mirror_lock);
+4 -3
drivers/misc/habanalabs/debugfs.c
··· 232 232 struct hl_vm_phys_pg_pack *phys_pg_pack = NULL; 233 233 enum vm_type_t *vm_type; 234 234 bool once = true; 235 + u64 j; 235 236 int i; 236 237 237 238 if (!dev_entry->hdev->mmu_enable) ··· 261 260 } else { 262 261 phys_pg_pack = hnode->ptr; 263 262 seq_printf(s, 264 - " 0x%-14llx %-10u %-4u\n", 263 + " 0x%-14llx %-10llu %-4u\n", 265 264 hnode->vaddr, phys_pg_pack->total_size, 266 265 phys_pg_pack->handle); 267 266 } ··· 283 282 phys_pg_pack->page_size); 284 283 seq_puts(s, " physical address\n"); 285 284 seq_puts(s, "---------------------\n"); 286 - for (i = 0 ; i < phys_pg_pack->npages ; i++) { 285 + for (j = 0 ; j < phys_pg_pack->npages ; j++) { 287 286 seq_printf(s, " 0x%-14llx\n", 288 - phys_pg_pack->pages[i]); 287 + phys_pg_pack->pages[j]); 289 288 } 290 289 } 291 290 spin_unlock(&vm->idr_lock);
+66 -5
drivers/misc/habanalabs/device.c
··· 11 11 #include <linux/sched/signal.h> 12 12 #include <linux/hwmon.h> 13 13 14 + #define HL_PLDM_PENDING_RESET_PER_SEC (HL_PENDING_RESET_PER_SEC * 10) 15 + 14 16 bool hl_device_disabled_or_in_reset(struct hl_device *hdev) 15 17 { 16 18 if ((hdev->disabled) || (atomic_read(&hdev->in_reset))) ··· 218 216 spin_lock_init(&hdev->hw_queues_mirror_lock); 219 217 atomic_set(&hdev->in_reset, 0); 220 218 atomic_set(&hdev->fd_open_cnt, 0); 219 + atomic_set(&hdev->cs_active_cnt, 0); 221 220 222 221 return 0; 223 222 ··· 416 413 417 414 pci_save_state(hdev->pdev); 418 415 416 + /* Block future CS/VM/JOB completion operations */ 417 + rc = atomic_cmpxchg(&hdev->in_reset, 0, 1); 418 + if (rc) { 419 + dev_err(hdev->dev, "Can't suspend while in reset\n"); 420 + return -EIO; 421 + } 422 + 423 + /* This blocks all other stuff that is not blocked by in_reset */ 424 + hdev->disabled = true; 425 + 426 + /* 427 + * Flush anyone that is inside the critical section of enqueue 428 + * jobs to the H/W 429 + */ 430 + hdev->asic_funcs->hw_queues_lock(hdev); 431 + hdev->asic_funcs->hw_queues_unlock(hdev); 432 + 433 + /* Flush processes that are sending message to CPU */ 434 + mutex_lock(&hdev->send_cpu_message_lock); 435 + mutex_unlock(&hdev->send_cpu_message_lock); 436 + 419 437 rc = hdev->asic_funcs->suspend(hdev); 420 438 if (rc) 421 439 dev_err(hdev->dev, ··· 464 440 465 441 pci_set_power_state(hdev->pdev, PCI_D0); 466 442 pci_restore_state(hdev->pdev); 467 - rc = pci_enable_device(hdev->pdev); 443 + rc = pci_enable_device_mem(hdev->pdev); 468 444 if (rc) { 469 445 dev_err(hdev->dev, 470 446 "Failed to enable PCI device in resume\n"); 471 447 return rc; 472 448 } 473 449 450 + pci_set_master(hdev->pdev); 451 + 474 452 rc = hdev->asic_funcs->resume(hdev); 475 453 if (rc) { 476 - dev_err(hdev->dev, 477 - "Failed to enable PCI access from device CPU\n"); 478 - return rc; 454 + dev_err(hdev->dev, "Failed to resume device after suspend\n"); 455 + goto disable_device; 456 + } 457 + 458 + 459 + hdev->disabled = false; 460 + atomic_set(&hdev->in_reset, 0); 461 + 462 + rc = hl_device_reset(hdev, true, false); 463 + if (rc) { 464 + dev_err(hdev->dev, "Failed to reset device during resume\n"); 465 + goto disable_device; 479 466 } 480 467 481 468 return 0; 469 + 470 + disable_device: 471 + pci_clear_master(hdev->pdev); 472 + pci_disable_device(hdev->pdev); 473 + 474 + return rc; 482 475 } 483 476 484 477 static void hl_device_hard_reset_pending(struct work_struct *work) ··· 503 462 struct hl_device_reset_work *device_reset_work = 504 463 container_of(work, struct hl_device_reset_work, reset_work); 505 464 struct hl_device *hdev = device_reset_work->hdev; 506 - u16 pending_cnt = HL_PENDING_RESET_PER_SEC; 465 + u16 pending_total, pending_cnt; 507 466 struct task_struct *task = NULL; 467 + 468 + if (hdev->pldm) 469 + pending_total = HL_PLDM_PENDING_RESET_PER_SEC; 470 + else 471 + pending_total = HL_PENDING_RESET_PER_SEC; 472 + 473 + pending_cnt = pending_total; 508 474 509 475 /* Flush all processes that are inside hl_open */ 510 476 mutex_lock(&hdev->fd_open_cnt_lock); ··· 536 488 put_task_struct(task); 537 489 } 538 490 } 491 + 492 + pending_cnt = pending_total; 493 + 494 + while ((atomic_read(&hdev->fd_open_cnt)) && (pending_cnt)) { 495 + 496 + pending_cnt--; 497 + 498 + ssleep(1); 499 + } 500 + 501 + if (atomic_read(&hdev->fd_open_cnt)) 502 + dev_crit(hdev->dev, 503 + "Going to hard reset with open user contexts\n"); 539 504 540 505 mutex_unlock(&hdev->fd_open_cnt_lock); 541 506
+2 -63
drivers/misc/habanalabs/goya/goya.c
··· 1201 1201 return retval; 1202 1202 } 1203 1203 1204 - static void goya_resume_external_queues(struct hl_device *hdev) 1205 - { 1206 - WREG32(mmDMA_QM_0_GLBL_CFG1, 0); 1207 - WREG32(mmDMA_QM_1_GLBL_CFG1, 0); 1208 - WREG32(mmDMA_QM_2_GLBL_CFG1, 0); 1209 - WREG32(mmDMA_QM_3_GLBL_CFG1, 0); 1210 - WREG32(mmDMA_QM_4_GLBL_CFG1, 0); 1211 - } 1212 - 1213 1204 /* 1214 1205 * goya_init_cpu_queues - Initialize PQ/CQ/EQ of CPU 1215 1206 * ··· 2169 2178 return retval; 2170 2179 } 2171 2180 2172 - static void goya_resume_internal_queues(struct hl_device *hdev) 2173 - { 2174 - WREG32(mmMME_QM_GLBL_CFG1, 0); 2175 - WREG32(mmMME_CMDQ_GLBL_CFG1, 0); 2176 - 2177 - WREG32(mmTPC0_QM_GLBL_CFG1, 0); 2178 - WREG32(mmTPC0_CMDQ_GLBL_CFG1, 0); 2179 - 2180 - WREG32(mmTPC1_QM_GLBL_CFG1, 0); 2181 - WREG32(mmTPC1_CMDQ_GLBL_CFG1, 0); 2182 - 2183 - WREG32(mmTPC2_QM_GLBL_CFG1, 0); 2184 - WREG32(mmTPC2_CMDQ_GLBL_CFG1, 0); 2185 - 2186 - WREG32(mmTPC3_QM_GLBL_CFG1, 0); 2187 - WREG32(mmTPC3_CMDQ_GLBL_CFG1, 0); 2188 - 2189 - WREG32(mmTPC4_QM_GLBL_CFG1, 0); 2190 - WREG32(mmTPC4_CMDQ_GLBL_CFG1, 0); 2191 - 2192 - WREG32(mmTPC5_QM_GLBL_CFG1, 0); 2193 - WREG32(mmTPC5_CMDQ_GLBL_CFG1, 0); 2194 - 2195 - WREG32(mmTPC6_QM_GLBL_CFG1, 0); 2196 - WREG32(mmTPC6_CMDQ_GLBL_CFG1, 0); 2197 - 2198 - WREG32(mmTPC7_QM_GLBL_CFG1, 0); 2199 - WREG32(mmTPC7_CMDQ_GLBL_CFG1, 0); 2200 - } 2201 - 2202 2181 static void goya_dma_stall(struct hl_device *hdev) 2203 2182 { 2204 2183 WREG32(mmDMA_QM_0_GLBL_CFG1, 1 << DMA_QM_0_GLBL_CFG1_DMA_STOP_SHIFT); ··· 2866 2905 { 2867 2906 int rc; 2868 2907 2869 - rc = goya_stop_internal_queues(hdev); 2870 - 2871 - if (rc) { 2872 - dev_err(hdev->dev, "failed to stop internal queues\n"); 2873 - return rc; 2874 - } 2875 - 2876 - rc = goya_stop_external_queues(hdev); 2877 - 2878 - if (rc) { 2879 - dev_err(hdev->dev, "failed to stop external queues\n"); 2880 - return rc; 2881 - } 2882 - 2883 2908 rc = goya_send_pci_access_msg(hdev, ARMCP_PACKET_DISABLE_PCI_ACCESS); 2884 2909 if (rc) 2885 2910 dev_err(hdev->dev, "Failed to disable PCI access from CPU\n"); ··· 2875 2928 2876 2929 int goya_resume(struct hl_device *hdev) 2877 2930 { 2878 - int rc; 2879 - 2880 - goya_resume_external_queues(hdev); 2881 - goya_resume_internal_queues(hdev); 2882 - 2883 - rc = goya_send_pci_access_msg(hdev, ARMCP_PACKET_ENABLE_PCI_ACCESS); 2884 - if (rc) 2885 - dev_err(hdev->dev, "Failed to enable PCI access from CPU\n"); 2886 - return rc; 2931 + return goya_init_iatu(hdev); 2887 2932 } 2888 2933 2889 2934 static int goya_cb_mmap(struct hl_device *hdev, struct vm_area_struct *vma, ··· 3009 3070 3010 3071 *dma_handle = hdev->asic_prop.sram_base_address; 3011 3072 3012 - base = hdev->pcie_bar[SRAM_CFG_BAR_ID]; 3073 + base = (void *) hdev->pcie_bar[SRAM_CFG_BAR_ID]; 3013 3074 3014 3075 switch (queue_id) { 3015 3076 case GOYA_QUEUE_ID_MME:
+12 -9
drivers/misc/habanalabs/habanalabs.h
··· 793 793 * struct hl_vm_phys_pg_pack - physical page pack. 794 794 * @vm_type: describes the type of the virtual area descriptor. 795 795 * @pages: the physical page array. 796 + * @npages: num physical pages in the pack. 797 + * @total_size: total size of all the pages in this list. 796 798 * @mapping_cnt: number of shared mappings. 797 799 * @asid: the context related to this list. 798 - * @npages: num physical pages in the pack. 799 800 * @page_size: size of each page in the pack. 800 - * @total_size: total size of all the pages in this list. 801 801 * @flags: HL_MEM_* flags related to this list. 802 802 * @handle: the provided handle related to this list. 803 803 * @offset: offset from the first page. ··· 807 807 struct hl_vm_phys_pg_pack { 808 808 enum vm_type_t vm_type; /* must be first */ 809 809 u64 *pages; 810 + u64 npages; 811 + u64 total_size; 810 812 atomic_t mapping_cnt; 811 813 u32 asid; 812 - u32 npages; 813 814 u32 page_size; 814 - u32 total_size; 815 815 u32 flags; 816 816 u32 handle; 817 817 u32 offset; ··· 1056 1056 * @cb_pool_lock: protects the CB pool. 1057 1057 * @user_ctx: current user context executing. 1058 1058 * @dram_used_mem: current DRAM memory consumption. 1059 - * @in_reset: is device in reset flow. 1060 - * @curr_pll_profile: current PLL profile. 1061 - * @fd_open_cnt: number of open user processes. 1062 1059 * @timeout_jiffies: device CS timeout value. 1063 1060 * @max_power: the max power of the device, as configured by the sysadmin. This 1064 1061 * value is saved so in case of hard-reset, KMD will restore this 1065 1062 * value and update the F/W after the re-initialization 1063 + * @in_reset: is device in reset flow. 1064 + * @curr_pll_profile: current PLL profile. 1065 + * @fd_open_cnt: number of open user processes. 1066 + * @cs_active_cnt: number of active command submissions on this device (active 1067 + * means already in H/W queues) 1066 1068 * @major: habanalabs KMD major. 1067 1069 * @high_pll: high PLL profile frequency. 1068 1070 * @soft_reset_cnt: number of soft reset since KMD loading. ··· 1130 1128 struct hl_ctx *user_ctx; 1131 1129 1132 1130 atomic64_t dram_used_mem; 1131 + u64 timeout_jiffies; 1132 + u64 max_power; 1133 1133 atomic_t in_reset; 1134 1134 atomic_t curr_pll_profile; 1135 1135 atomic_t fd_open_cnt; 1136 - u64 timeout_jiffies; 1137 - u64 max_power; 1136 + atomic_t cs_active_cnt; 1138 1137 u32 major; 1139 1138 u32 high_pll; 1140 1139 u32 soft_reset_cnt;
+3 -2
drivers/misc/habanalabs/hw_queue.c
··· 370 370 spin_unlock(&hdev->hw_queues_mirror_lock); 371 371 } 372 372 373 - list_for_each_entry_safe(job, tmp, &cs->job_list, cs_node) { 373 + atomic_inc(&hdev->cs_active_cnt); 374 + 375 + list_for_each_entry_safe(job, tmp, &cs->job_list, cs_node) 374 376 if (job->ext_queue) 375 377 ext_hw_queue_schedule_job(job); 376 378 else 377 379 int_hw_queue_schedule_job(job); 378 - } 379 380 380 381 cs->submitted = true; 381 382
+20 -18
drivers/misc/habanalabs/memory.c
··· 56 56 struct hl_device *hdev = ctx->hdev; 57 57 struct hl_vm *vm = &hdev->vm; 58 58 struct hl_vm_phys_pg_pack *phys_pg_pack; 59 - u64 paddr = 0; 60 - u32 total_size, num_pgs, num_curr_pgs, page_size, page_shift; 61 - int handle, rc, i; 59 + u64 paddr = 0, total_size, num_pgs, i; 60 + u32 num_curr_pgs, page_size, page_shift; 61 + int handle, rc; 62 62 bool contiguous; 63 63 64 64 num_curr_pgs = 0; ··· 73 73 paddr = (u64) gen_pool_alloc(vm->dram_pg_pool, total_size); 74 74 if (!paddr) { 75 75 dev_err(hdev->dev, 76 - "failed to allocate %u huge contiguous pages\n", 76 + "failed to allocate %llu huge contiguous pages\n", 77 77 num_pgs); 78 78 return -ENOMEM; 79 79 } ··· 93 93 phys_pg_pack->flags = args->flags; 94 94 phys_pg_pack->contiguous = contiguous; 95 95 96 - phys_pg_pack->pages = kcalloc(num_pgs, sizeof(u64), GFP_KERNEL); 96 + phys_pg_pack->pages = kvmalloc_array(num_pgs, sizeof(u64), GFP_KERNEL); 97 97 if (!phys_pg_pack->pages) { 98 98 rc = -ENOMEM; 99 99 goto pages_arr_err; ··· 148 148 gen_pool_free(vm->dram_pg_pool, phys_pg_pack->pages[i], 149 149 page_size); 150 150 151 - kfree(phys_pg_pack->pages); 151 + kvfree(phys_pg_pack->pages); 152 152 pages_arr_err: 153 153 kfree(phys_pg_pack); 154 154 pages_pack_err: ··· 267 267 struct hl_vm_phys_pg_pack *phys_pg_pack) 268 268 { 269 269 struct hl_vm *vm = &hdev->vm; 270 - int i; 270 + u64 i; 271 271 272 272 if (!phys_pg_pack->created_from_userptr) { 273 273 if (phys_pg_pack->contiguous) { ··· 288 288 } 289 289 } 290 290 291 - kfree(phys_pg_pack->pages); 291 + kvfree(phys_pg_pack->pages); 292 292 kfree(phys_pg_pack); 293 293 } 294 294 ··· 519 519 * - Return the start address of the virtual block 520 520 */ 521 521 static u64 get_va_block(struct hl_device *hdev, 522 - struct hl_va_range *va_range, u32 size, u64 hint_addr, 522 + struct hl_va_range *va_range, u64 size, u64 hint_addr, 523 523 bool is_userptr) 524 524 { 525 525 struct hl_vm_va_block *va_block, *new_va_block = NULL; ··· 577 577 } 578 578 579 579 if (!new_va_block) { 580 - dev_err(hdev->dev, "no available va block for size %u\n", size); 580 + dev_err(hdev->dev, "no available va block for size %llu\n", 581 + size); 581 582 goto out; 582 583 } 583 584 ··· 649 648 struct hl_vm_phys_pg_pack *phys_pg_pack; 650 649 struct scatterlist *sg; 651 650 dma_addr_t dma_addr; 652 - u64 page_mask; 653 - u32 npages, total_npages, page_size = PAGE_SIZE; 651 + u64 page_mask, total_npages; 652 + u32 npages, page_size = PAGE_SIZE; 654 653 bool first = true, is_huge_page_opt = true; 655 654 int rc, i, j; 656 655 ··· 692 691 693 692 page_mask = ~(((u64) page_size) - 1); 694 693 695 - phys_pg_pack->pages = kcalloc(total_npages, sizeof(u64), GFP_KERNEL); 694 + phys_pg_pack->pages = kvmalloc_array(total_npages, sizeof(u64), 695 + GFP_KERNEL); 696 696 if (!phys_pg_pack->pages) { 697 697 rc = -ENOMEM; 698 698 goto page_pack_arr_mem_err; ··· 752 750 struct hl_vm_phys_pg_pack *phys_pg_pack) 753 751 { 754 752 struct hl_device *hdev = ctx->hdev; 755 - u64 next_vaddr = vaddr, paddr; 753 + u64 next_vaddr = vaddr, paddr, mapped_pg_cnt = 0, i; 756 754 u32 page_size = phys_pg_pack->page_size; 757 - int i, rc = 0, mapped_pg_cnt = 0; 755 + int rc = 0; 758 756 759 757 for (i = 0 ; i < phys_pg_pack->npages ; i++) { 760 758 paddr = phys_pg_pack->pages[i]; ··· 766 764 rc = hl_mmu_map(ctx, next_vaddr, paddr, page_size); 767 765 if (rc) { 768 766 dev_err(hdev->dev, 769 - "map failed for handle %u, npages: %d, mapped: %d", 767 + "map failed for handle %u, npages: %llu, mapped: %llu", 770 768 phys_pg_pack->handle, phys_pg_pack->npages, 771 769 mapped_pg_cnt); 772 770 goto err; ··· 987 985 struct hl_vm_hash_node *hnode = NULL; 988 986 struct hl_userptr *userptr = NULL; 989 987 enum vm_type_t *vm_type; 990 - u64 next_vaddr; 988 + u64 next_vaddr, i; 991 989 u32 page_size; 992 990 bool is_userptr; 993 - int i, rc; 991 + int rc; 994 992 995 993 /* protect from double entrance */ 996 994 mutex_lock(&ctx->mem_hash_lock);
+4 -2
drivers/misc/habanalabs/mmu.c
··· 832 832 int hl_mmu_map(struct hl_ctx *ctx, u64 virt_addr, u64 phys_addr, u32 page_size) 833 833 { 834 834 struct hl_device *hdev = ctx->hdev; 835 - u64 real_virt_addr; 835 + u64 real_virt_addr, real_phys_addr; 836 836 u32 real_page_size, npages; 837 837 int i, rc, mapped_cnt = 0; 838 838 ··· 857 857 858 858 npages = page_size / real_page_size; 859 859 real_virt_addr = virt_addr; 860 + real_phys_addr = phys_addr; 860 861 861 862 for (i = 0 ; i < npages ; i++) { 862 - rc = _hl_mmu_map(ctx, real_virt_addr, phys_addr, 863 + rc = _hl_mmu_map(ctx, real_virt_addr, real_phys_addr, 863 864 real_page_size); 864 865 if (rc) 865 866 goto err; 866 867 867 868 real_virt_addr += real_page_size; 869 + real_phys_addr += real_page_size; 868 870 mapped_cnt++; 869 871 } 870 872
+72 -34
drivers/virt/vboxguest/vboxguest_core.c
··· 27 27 28 28 #define GUEST_MAPPINGS_TRIES 5 29 29 30 + #define VBG_KERNEL_REQUEST \ 31 + (VMMDEV_REQUESTOR_KERNEL | VMMDEV_REQUESTOR_USR_DRV | \ 32 + VMMDEV_REQUESTOR_CON_DONT_KNOW | VMMDEV_REQUESTOR_TRUST_NOT_GIVEN) 33 + 30 34 /** 31 35 * Reserves memory in which the VMM can relocate any guest mappings 32 36 * that are floating around. ··· 52 48 int i, rc; 53 49 54 50 /* Query the required space. */ 55 - req = vbg_req_alloc(sizeof(*req), VMMDEVREQ_GET_HYPERVISOR_INFO); 51 + req = vbg_req_alloc(sizeof(*req), VMMDEVREQ_GET_HYPERVISOR_INFO, 52 + VBG_KERNEL_REQUEST); 56 53 if (!req) 57 54 return; 58 55 ··· 140 135 * Tell the host that we're going to free the memory we reserved for 141 136 * it, the free it up. (Leak the memory if anything goes wrong here.) 142 137 */ 143 - req = vbg_req_alloc(sizeof(*req), VMMDEVREQ_SET_HYPERVISOR_INFO); 138 + req = vbg_req_alloc(sizeof(*req), VMMDEVREQ_SET_HYPERVISOR_INFO, 139 + VBG_KERNEL_REQUEST); 144 140 if (!req) 145 141 return; 146 142 ··· 178 172 struct vmmdev_guest_info2 *req2 = NULL; 179 173 int rc, ret = -ENOMEM; 180 174 181 - req1 = vbg_req_alloc(sizeof(*req1), VMMDEVREQ_REPORT_GUEST_INFO); 182 - req2 = vbg_req_alloc(sizeof(*req2), VMMDEVREQ_REPORT_GUEST_INFO2); 175 + req1 = vbg_req_alloc(sizeof(*req1), VMMDEVREQ_REPORT_GUEST_INFO, 176 + VBG_KERNEL_REQUEST); 177 + req2 = vbg_req_alloc(sizeof(*req2), VMMDEVREQ_REPORT_GUEST_INFO2, 178 + VBG_KERNEL_REQUEST); 183 179 if (!req1 || !req2) 184 180 goto out_free; 185 181 ··· 195 187 req2->additions_minor = VBG_VERSION_MINOR; 196 188 req2->additions_build = VBG_VERSION_BUILD; 197 189 req2->additions_revision = VBG_SVN_REV; 198 - /* (no features defined yet) */ 199 - req2->additions_features = 0; 190 + req2->additions_features = 191 + VMMDEV_GUEST_INFO2_ADDITIONS_FEATURES_REQUESTOR_INFO; 200 192 strlcpy(req2->name, VBG_VERSION_STRING, 201 193 sizeof(req2->name)); 202 194 ··· 238 230 struct vmmdev_guest_status *req; 239 231 int rc; 240 232 241 - req = vbg_req_alloc(sizeof(*req), VMMDEVREQ_REPORT_GUEST_STATUS); 233 + req = vbg_req_alloc(sizeof(*req), VMMDEVREQ_REPORT_GUEST_STATUS, 234 + VBG_KERNEL_REQUEST); 242 235 if (!req) 243 236 return -ENOMEM; 244 237 ··· 432 423 struct vmmdev_heartbeat *req; 433 424 int rc; 434 425 435 - req = vbg_req_alloc(sizeof(*req), VMMDEVREQ_HEARTBEAT_CONFIGURE); 426 + req = vbg_req_alloc(sizeof(*req), VMMDEVREQ_HEARTBEAT_CONFIGURE, 427 + VBG_KERNEL_REQUEST); 436 428 if (!req) 437 429 return -ENOMEM; 438 430 ··· 467 457 468 458 gdev->guest_heartbeat_req = vbg_req_alloc( 469 459 sizeof(*gdev->guest_heartbeat_req), 470 - VMMDEVREQ_GUEST_HEARTBEAT); 460 + VMMDEVREQ_GUEST_HEARTBEAT, 461 + VBG_KERNEL_REQUEST); 471 462 if (!gdev->guest_heartbeat_req) 472 463 return -ENOMEM; 473 464 ··· 539 528 struct vmmdev_mask *req; 540 529 int rc; 541 530 542 - req = vbg_req_alloc(sizeof(*req), VMMDEVREQ_CTL_GUEST_FILTER_MASK); 531 + req = vbg_req_alloc(sizeof(*req), VMMDEVREQ_CTL_GUEST_FILTER_MASK, 532 + VBG_KERNEL_REQUEST); 543 533 if (!req) 544 534 return -ENOMEM; 545 535 ··· 579 567 u32 changed, previous; 580 568 int rc, ret = 0; 581 569 582 - /* Allocate a request buffer before taking the spinlock */ 583 - req = vbg_req_alloc(sizeof(*req), VMMDEVREQ_CTL_GUEST_FILTER_MASK); 570 + /* 571 + * Allocate a request buffer before taking the spinlock, when 572 + * the session is being terminated the requestor is the kernel, 573 + * as we're cleaning up. 574 + */ 575 + req = vbg_req_alloc(sizeof(*req), VMMDEVREQ_CTL_GUEST_FILTER_MASK, 576 + session_termination ? VBG_KERNEL_REQUEST : 577 + session->requestor); 584 578 if (!req) { 585 579 if (!session_termination) 586 580 return -ENOMEM; ··· 645 627 struct vmmdev_mask *req; 646 628 int rc; 647 629 648 - req = vbg_req_alloc(sizeof(*req), VMMDEVREQ_SET_GUEST_CAPABILITIES); 630 + req = vbg_req_alloc(sizeof(*req), VMMDEVREQ_SET_GUEST_CAPABILITIES, 631 + VBG_KERNEL_REQUEST); 649 632 if (!req) 650 633 return -ENOMEM; 651 634 ··· 681 662 u32 changed, previous; 682 663 int rc, ret = 0; 683 664 684 - /* Allocate a request buffer before taking the spinlock */ 685 - req = vbg_req_alloc(sizeof(*req), VMMDEVREQ_SET_GUEST_CAPABILITIES); 665 + /* 666 + * Allocate a request buffer before taking the spinlock, when 667 + * the session is being terminated the requestor is the kernel, 668 + * as we're cleaning up. 669 + */ 670 + req = vbg_req_alloc(sizeof(*req), VMMDEVREQ_SET_GUEST_CAPABILITIES, 671 + session_termination ? VBG_KERNEL_REQUEST : 672 + session->requestor); 686 673 if (!req) { 687 674 if (!session_termination) 688 675 return -ENOMEM; ··· 747 722 struct vmmdev_host_version *req; 748 723 int rc, ret; 749 724 750 - req = vbg_req_alloc(sizeof(*req), VMMDEVREQ_GET_HOST_VERSION); 725 + req = vbg_req_alloc(sizeof(*req), VMMDEVREQ_GET_HOST_VERSION, 726 + VBG_KERNEL_REQUEST); 751 727 if (!req) 752 728 return -ENOMEM; 753 729 ··· 809 783 810 784 gdev->mem_balloon.get_req = 811 785 vbg_req_alloc(sizeof(*gdev->mem_balloon.get_req), 812 - VMMDEVREQ_GET_MEMBALLOON_CHANGE_REQ); 786 + VMMDEVREQ_GET_MEMBALLOON_CHANGE_REQ, 787 + VBG_KERNEL_REQUEST); 813 788 gdev->mem_balloon.change_req = 814 789 vbg_req_alloc(sizeof(*gdev->mem_balloon.change_req), 815 - VMMDEVREQ_CHANGE_MEMBALLOON); 790 + VMMDEVREQ_CHANGE_MEMBALLOON, 791 + VBG_KERNEL_REQUEST); 816 792 gdev->cancel_req = 817 793 vbg_req_alloc(sizeof(*(gdev->cancel_req)), 818 - VMMDEVREQ_HGCM_CANCEL2); 794 + VMMDEVREQ_HGCM_CANCEL2, 795 + VBG_KERNEL_REQUEST); 819 796 gdev->ack_events_req = 820 797 vbg_req_alloc(sizeof(*gdev->ack_events_req), 821 - VMMDEVREQ_ACKNOWLEDGE_EVENTS); 798 + VMMDEVREQ_ACKNOWLEDGE_EVENTS, 799 + VBG_KERNEL_REQUEST); 822 800 gdev->mouse_status_req = 823 801 vbg_req_alloc(sizeof(*gdev->mouse_status_req), 824 - VMMDEVREQ_GET_MOUSE_STATUS); 802 + VMMDEVREQ_GET_MOUSE_STATUS, 803 + VBG_KERNEL_REQUEST); 825 804 826 805 if (!gdev->mem_balloon.get_req || !gdev->mem_balloon.change_req || 827 806 !gdev->cancel_req || !gdev->ack_events_req || ··· 923 892 * vboxguest_linux.c calls this when userspace opens the char-device. 924 893 * Return: A pointer to the new session or an ERR_PTR on error. 925 894 * @gdev: The Guest extension device. 926 - * @user: Set if this is a session for the vboxuser device. 895 + * @requestor: VMMDEV_REQUESTOR_* flags 927 896 */ 928 - struct vbg_session *vbg_core_open_session(struct vbg_dev *gdev, bool user) 897 + struct vbg_session *vbg_core_open_session(struct vbg_dev *gdev, u32 requestor) 929 898 { 930 899 struct vbg_session *session; 931 900 ··· 934 903 return ERR_PTR(-ENOMEM); 935 904 936 905 session->gdev = gdev; 937 - session->user_session = user; 906 + session->requestor = requestor; 938 907 939 908 return session; 940 909 } ··· 955 924 if (!session->hgcm_client_ids[i]) 956 925 continue; 957 926 958 - vbg_hgcm_disconnect(gdev, session->hgcm_client_ids[i], &rc); 927 + /* requestor is kernel here, as we're cleaning up. */ 928 + vbg_hgcm_disconnect(gdev, VBG_KERNEL_REQUEST, 929 + session->hgcm_client_ids[i], &rc); 959 930 } 960 931 961 932 kfree(session); ··· 1185 1152 return -EPERM; 1186 1153 } 1187 1154 1188 - if (trusted_apps_only && session->user_session) { 1155 + if (trusted_apps_only && 1156 + (session->requestor & VMMDEV_REQUESTOR_USER_DEVICE)) { 1189 1157 vbg_err("Denying userspace vmm call type %#08x through vboxuser device node\n", 1190 1158 req->request_type); 1191 1159 return -EPERM; ··· 1243 1209 if (i >= ARRAY_SIZE(session->hgcm_client_ids)) 1244 1210 return -EMFILE; 1245 1211 1246 - ret = vbg_hgcm_connect(gdev, &conn->u.in.loc, &client_id, 1247 - &conn->hdr.rc); 1212 + ret = vbg_hgcm_connect(gdev, session->requestor, &conn->u.in.loc, 1213 + &client_id, &conn->hdr.rc); 1248 1214 1249 1215 mutex_lock(&gdev->session_mutex); 1250 1216 if (ret == 0 && conn->hdr.rc >= 0) { ··· 1285 1251 if (i >= ARRAY_SIZE(session->hgcm_client_ids)) 1286 1252 return -EINVAL; 1287 1253 1288 - ret = vbg_hgcm_disconnect(gdev, client_id, &disconn->hdr.rc); 1254 + ret = vbg_hgcm_disconnect(gdev, session->requestor, client_id, 1255 + &disconn->hdr.rc); 1289 1256 1290 1257 mutex_lock(&gdev->session_mutex); 1291 1258 if (ret == 0 && disconn->hdr.rc >= 0) ··· 1348 1313 } 1349 1314 1350 1315 if (IS_ENABLED(CONFIG_COMPAT) && f32bit) 1351 - ret = vbg_hgcm_call32(gdev, client_id, 1316 + ret = vbg_hgcm_call32(gdev, session->requestor, client_id, 1352 1317 call->function, call->timeout_ms, 1353 1318 VBG_IOCTL_HGCM_CALL_PARMS32(call), 1354 1319 call->parm_count, &call->hdr.rc); 1355 1320 else 1356 - ret = vbg_hgcm_call(gdev, client_id, 1321 + ret = vbg_hgcm_call(gdev, session->requestor, client_id, 1357 1322 call->function, call->timeout_ms, 1358 1323 VBG_IOCTL_HGCM_CALL_PARMS(call), 1359 1324 call->parm_count, &call->hdr.rc); ··· 1443 1408 } 1444 1409 1445 1410 static int vbg_ioctl_write_core_dump(struct vbg_dev *gdev, 1411 + struct vbg_session *session, 1446 1412 struct vbg_ioctl_write_coredump *dump) 1447 1413 { 1448 1414 struct vmmdev_write_core_dump *req; ··· 1451 1415 if (vbg_ioctl_chk(&dump->hdr, sizeof(dump->u.in), 0)) 1452 1416 return -EINVAL; 1453 1417 1454 - req = vbg_req_alloc(sizeof(*req), VMMDEVREQ_WRITE_COREDUMP); 1418 + req = vbg_req_alloc(sizeof(*req), VMMDEVREQ_WRITE_COREDUMP, 1419 + session->requestor); 1455 1420 if (!req) 1456 1421 return -ENOMEM; 1457 1422 ··· 1513 1476 case VBG_IOCTL_CHECK_BALLOON: 1514 1477 return vbg_ioctl_check_balloon(gdev, data); 1515 1478 case VBG_IOCTL_WRITE_CORE_DUMP: 1516 - return vbg_ioctl_write_core_dump(gdev, data); 1479 + return vbg_ioctl_write_core_dump(gdev, session, data); 1517 1480 } 1518 1481 1519 1482 /* Variable sized requests. */ ··· 1545 1508 struct vmmdev_mouse_status *req; 1546 1509 int rc; 1547 1510 1548 - req = vbg_req_alloc(sizeof(*req), VMMDEVREQ_SET_MOUSE_STATUS); 1511 + req = vbg_req_alloc(sizeof(*req), VMMDEVREQ_SET_MOUSE_STATUS, 1512 + VBG_KERNEL_REQUEST); 1549 1513 if (!req) 1550 1514 return -ENOMEM; 1551 1515
+8 -7
drivers/virt/vboxguest/vboxguest_core.h
··· 154 154 * host. Protected by vbg_gdev.session_mutex. 155 155 */ 156 156 u32 guest_caps; 157 - /** Does this session belong to a root process or a user one? */ 158 - bool user_session; 157 + /** VMMDEV_REQUESTOR_* flags */ 158 + u32 requestor; 159 159 /** Set on CANCEL_ALL_WAITEVENTS, protected by vbg_devevent_spinlock. */ 160 160 bool cancel_waiters; 161 161 }; 162 162 163 163 int vbg_core_init(struct vbg_dev *gdev, u32 fixed_events); 164 164 void vbg_core_exit(struct vbg_dev *gdev); 165 - struct vbg_session *vbg_core_open_session(struct vbg_dev *gdev, bool user); 165 + struct vbg_session *vbg_core_open_session(struct vbg_dev *gdev, u32 requestor); 166 166 void vbg_core_close_session(struct vbg_session *session); 167 167 int vbg_core_ioctl(struct vbg_session *session, unsigned int req, void *data); 168 168 int vbg_core_set_mouse_status(struct vbg_dev *gdev, u32 features); ··· 172 172 void vbg_linux_mouse_event(struct vbg_dev *gdev); 173 173 174 174 /* Private (non exported) functions form vboxguest_utils.c */ 175 - void *vbg_req_alloc(size_t len, enum vmmdev_request_type req_type); 175 + void *vbg_req_alloc(size_t len, enum vmmdev_request_type req_type, 176 + u32 requestor); 176 177 void vbg_req_free(void *req, size_t len); 177 178 int vbg_req_perform(struct vbg_dev *gdev, void *req); 178 179 int vbg_hgcm_call32( 179 - struct vbg_dev *gdev, u32 client_id, u32 function, u32 timeout_ms, 180 - struct vmmdev_hgcm_function_parameter32 *parm32, u32 parm_count, 181 - int *vbox_status); 180 + struct vbg_dev *gdev, u32 requestor, u32 client_id, u32 function, 181 + u32 timeout_ms, struct vmmdev_hgcm_function_parameter32 *parm32, 182 + u32 parm_count, int *vbox_status); 182 183 183 184 #endif
+23 -3
drivers/virt/vboxguest/vboxguest_linux.c
··· 5 5 * Copyright (C) 2006-2016 Oracle Corporation 6 6 */ 7 7 8 + #include <linux/cred.h> 8 9 #include <linux/input.h> 9 10 #include <linux/kernel.h> 10 11 #include <linux/miscdevice.h> ··· 29 28 /** Global vbg_gdev pointer used by vbg_get/put_gdev. */ 30 29 static struct vbg_dev *vbg_gdev; 31 30 31 + static u32 vbg_misc_device_requestor(struct inode *inode) 32 + { 33 + u32 requestor = VMMDEV_REQUESTOR_USERMODE | 34 + VMMDEV_REQUESTOR_CON_DONT_KNOW | 35 + VMMDEV_REQUESTOR_TRUST_NOT_GIVEN; 36 + 37 + if (from_kuid(current_user_ns(), current->cred->uid) == 0) 38 + requestor |= VMMDEV_REQUESTOR_USR_ROOT; 39 + else 40 + requestor |= VMMDEV_REQUESTOR_USR_USER; 41 + 42 + if (in_egroup_p(inode->i_gid)) 43 + requestor |= VMMDEV_REQUESTOR_GRP_VBOX; 44 + 45 + return requestor; 46 + } 47 + 32 48 static int vbg_misc_device_open(struct inode *inode, struct file *filp) 33 49 { 34 50 struct vbg_session *session; ··· 54 36 /* misc_open sets filp->private_data to our misc device */ 55 37 gdev = container_of(filp->private_data, struct vbg_dev, misc_device); 56 38 57 - session = vbg_core_open_session(gdev, false); 39 + session = vbg_core_open_session(gdev, vbg_misc_device_requestor(inode)); 58 40 if (IS_ERR(session)) 59 41 return PTR_ERR(session); 60 42 ··· 71 53 gdev = container_of(filp->private_data, struct vbg_dev, 72 54 misc_device_user); 73 55 74 - session = vbg_core_open_session(gdev, false); 56 + session = vbg_core_open_session(gdev, vbg_misc_device_requestor(inode) | 57 + VMMDEV_REQUESTOR_USER_DEVICE); 75 58 if (IS_ERR(session)) 76 59 return PTR_ERR(session); 77 60 ··· 134 115 req == VBG_IOCTL_VMMDEV_REQUEST_BIG; 135 116 136 117 if (is_vmmdev_req) 137 - buf = vbg_req_alloc(size, VBG_IOCTL_HDR_TYPE_DEFAULT); 118 + buf = vbg_req_alloc(size, VBG_IOCTL_HDR_TYPE_DEFAULT, 119 + session->requestor); 138 120 else 139 121 buf = kmalloc(size, GFP_KERNEL); 140 122 if (!buf)
+18 -14
drivers/virt/vboxguest/vboxguest_utils.c
··· 62 62 VBG_LOG(vbg_debug, pr_debug); 63 63 #endif 64 64 65 - void *vbg_req_alloc(size_t len, enum vmmdev_request_type req_type) 65 + void *vbg_req_alloc(size_t len, enum vmmdev_request_type req_type, 66 + u32 requestor) 66 67 { 67 68 struct vmmdev_request_header *req; 68 69 int order = get_order(PAGE_ALIGN(len)); ··· 79 78 req->request_type = req_type; 80 79 req->rc = VERR_GENERAL_FAILURE; 81 80 req->reserved1 = 0; 82 - req->reserved2 = 0; 81 + req->requestor = requestor; 83 82 84 83 return req; 85 84 } ··· 120 119 return done; 121 120 } 122 121 123 - int vbg_hgcm_connect(struct vbg_dev *gdev, 122 + int vbg_hgcm_connect(struct vbg_dev *gdev, u32 requestor, 124 123 struct vmmdev_hgcm_service_location *loc, 125 124 u32 *client_id, int *vbox_status) 126 125 { ··· 128 127 int rc; 129 128 130 129 hgcm_connect = vbg_req_alloc(sizeof(*hgcm_connect), 131 - VMMDEVREQ_HGCM_CONNECT); 130 + VMMDEVREQ_HGCM_CONNECT, requestor); 132 131 if (!hgcm_connect) 133 132 return -ENOMEM; 134 133 ··· 154 153 } 155 154 EXPORT_SYMBOL(vbg_hgcm_connect); 156 155 157 - int vbg_hgcm_disconnect(struct vbg_dev *gdev, u32 client_id, int *vbox_status) 156 + int vbg_hgcm_disconnect(struct vbg_dev *gdev, u32 requestor, 157 + u32 client_id, int *vbox_status) 158 158 { 159 159 struct vmmdev_hgcm_disconnect *hgcm_disconnect = NULL; 160 160 int rc; 161 161 162 162 hgcm_disconnect = vbg_req_alloc(sizeof(*hgcm_disconnect), 163 - VMMDEVREQ_HGCM_DISCONNECT); 163 + VMMDEVREQ_HGCM_DISCONNECT, 164 + requestor); 164 165 if (!hgcm_disconnect) 165 166 return -ENOMEM; 166 167 ··· 596 593 return 0; 597 594 } 598 595 599 - int vbg_hgcm_call(struct vbg_dev *gdev, u32 client_id, u32 function, 600 - u32 timeout_ms, struct vmmdev_hgcm_function_parameter *parms, 601 - u32 parm_count, int *vbox_status) 596 + int vbg_hgcm_call(struct vbg_dev *gdev, u32 requestor, u32 client_id, 597 + u32 function, u32 timeout_ms, 598 + struct vmmdev_hgcm_function_parameter *parms, u32 parm_count, 599 + int *vbox_status) 602 600 { 603 601 struct vmmdev_hgcm_call *call; 604 602 void **bounce_bufs = NULL; ··· 619 615 goto free_bounce_bufs; 620 616 } 621 617 622 - call = vbg_req_alloc(size, VMMDEVREQ_HGCM_CALL); 618 + call = vbg_req_alloc(size, VMMDEVREQ_HGCM_CALL, requestor); 623 619 if (!call) { 624 620 ret = -ENOMEM; 625 621 goto free_bounce_bufs; ··· 651 647 652 648 #ifdef CONFIG_COMPAT 653 649 int vbg_hgcm_call32( 654 - struct vbg_dev *gdev, u32 client_id, u32 function, u32 timeout_ms, 655 - struct vmmdev_hgcm_function_parameter32 *parm32, u32 parm_count, 656 - int *vbox_status) 650 + struct vbg_dev *gdev, u32 requestor, u32 client_id, u32 function, 651 + u32 timeout_ms, struct vmmdev_hgcm_function_parameter32 *parm32, 652 + u32 parm_count, int *vbox_status) 657 653 { 658 654 struct vmmdev_hgcm_function_parameter *parm64 = NULL; 659 655 u32 i, size; ··· 693 689 goto out_free; 694 690 } 695 691 696 - ret = vbg_hgcm_call(gdev, client_id, function, timeout_ms, 692 + ret = vbg_hgcm_call(gdev, requestor, client_id, function, timeout_ms, 697 693 parm64, parm_count, vbox_status); 698 694 if (ret < 0) 699 695 goto out_free;
+4 -5
drivers/virt/vboxguest/vboxguest_version.h
··· 9 9 #ifndef __VBOX_VERSION_H__ 10 10 #define __VBOX_VERSION_H__ 11 11 12 - /* Last synced October 4th 2017 */ 13 - #define VBG_VERSION_MAJOR 5 14 - #define VBG_VERSION_MINOR 2 12 + #define VBG_VERSION_MAJOR 6 13 + #define VBG_VERSION_MINOR 0 15 14 #define VBG_VERSION_BUILD 0 16 - #define VBG_SVN_REV 68940 17 - #define VBG_VERSION_STRING "5.2.0" 15 + #define VBG_SVN_REV 127566 16 + #define VBG_VERSION_STRING "6.0.0" 18 17 19 18 #endif
+5 -3
drivers/virt/vboxguest/vmmdev.h
··· 98 98 s32 rc; 99 99 /** Reserved field no.1. MBZ. */ 100 100 u32 reserved1; 101 - /** Reserved field no.2. MBZ. */ 102 - u32 reserved2; 101 + /** IN: Requestor information (VMMDEV_REQUESTOR_*) */ 102 + u32 requestor; 103 103 }; 104 104 VMMDEV_ASSERT_SIZE(vmmdev_request_header, 24); 105 105 ··· 247 247 }; 248 248 VMMDEV_ASSERT_SIZE(vmmdev_guest_info, 24 + 8); 249 249 250 + #define VMMDEV_GUEST_INFO2_ADDITIONS_FEATURES_REQUESTOR_INFO BIT(0) 251 + 250 252 /** struct vmmdev_guestinfo2 - Guest information report, version 2. */ 251 253 struct vmmdev_guest_info2 { 252 254 /** Header. */ ··· 261 259 u32 additions_build; 262 260 /** SVN revision. */ 263 261 u32 additions_revision; 264 - /** Feature mask, currently unused. */ 262 + /** Feature mask. */ 265 263 u32 additions_features; 266 264 /** 267 265 * The intentional meaning of this field was:
+7 -5
include/linux/vbox_utils.h
··· 24 24 #define vbg_debug pr_debug 25 25 #endif 26 26 27 - int vbg_hgcm_connect(struct vbg_dev *gdev, 27 + int vbg_hgcm_connect(struct vbg_dev *gdev, u32 requestor, 28 28 struct vmmdev_hgcm_service_location *loc, 29 29 u32 *client_id, int *vbox_status); 30 30 31 - int vbg_hgcm_disconnect(struct vbg_dev *gdev, u32 client_id, int *vbox_status); 31 + int vbg_hgcm_disconnect(struct vbg_dev *gdev, u32 requestor, 32 + u32 client_id, int *vbox_status); 32 33 33 - int vbg_hgcm_call(struct vbg_dev *gdev, u32 client_id, u32 function, 34 - u32 timeout_ms, struct vmmdev_hgcm_function_parameter *parms, 35 - u32 parm_count, int *vbox_status); 34 + int vbg_hgcm_call(struct vbg_dev *gdev, u32 requestor, u32 client_id, 35 + u32 function, u32 timeout_ms, 36 + struct vmmdev_hgcm_function_parameter *parms, u32 parm_count, 37 + int *vbox_status); 36 38 37 39 /** 38 40 * Convert a VirtualBox status code to a standard Linux kernel return value.
+60
include/uapi/linux/vbox_vmmdev_types.h
··· 102 102 #define VMMDEVREQ_HGCM_CALL VMMDEVREQ_HGCM_CALL32 103 103 #endif 104 104 105 + /* vmmdev_request_header.requestor defines */ 106 + 107 + /* Requestor user not given. */ 108 + #define VMMDEV_REQUESTOR_USR_NOT_GIVEN 0x00000000 109 + /* The kernel driver (vboxguest) is the requestor. */ 110 + #define VMMDEV_REQUESTOR_USR_DRV 0x00000001 111 + /* Some other kernel driver is the requestor. */ 112 + #define VMMDEV_REQUESTOR_USR_DRV_OTHER 0x00000002 113 + /* The root or a admin user is the requestor. */ 114 + #define VMMDEV_REQUESTOR_USR_ROOT 0x00000003 115 + /* Regular joe user is making the request. */ 116 + #define VMMDEV_REQUESTOR_USR_USER 0x00000006 117 + /* User classification mask. */ 118 + #define VMMDEV_REQUESTOR_USR_MASK 0x00000007 119 + 120 + /* Kernel mode request. Note this is 0, check for !USERMODE instead. */ 121 + #define VMMDEV_REQUESTOR_KERNEL 0x00000000 122 + /* User mode request. */ 123 + #define VMMDEV_REQUESTOR_USERMODE 0x00000008 124 + /* User or kernel mode classification mask. */ 125 + #define VMMDEV_REQUESTOR_MODE_MASK 0x00000008 126 + 127 + /* Don't know the physical console association of the requestor. */ 128 + #define VMMDEV_REQUESTOR_CON_DONT_KNOW 0x00000000 129 + /* 130 + * The request originates with a process that is NOT associated with the 131 + * physical console. 132 + */ 133 + #define VMMDEV_REQUESTOR_CON_NO 0x00000010 134 + /* Requestor process is associated with the physical console. */ 135 + #define VMMDEV_REQUESTOR_CON_YES 0x00000020 136 + /* Console classification mask. */ 137 + #define VMMDEV_REQUESTOR_CON_MASK 0x00000030 138 + 139 + /* Requestor is member of special VirtualBox user group. */ 140 + #define VMMDEV_REQUESTOR_GRP_VBOX 0x00000080 141 + 142 + /* Note: trust level is for windows guests only, linux always uses not-given */ 143 + /* Requestor trust level: Unspecified */ 144 + #define VMMDEV_REQUESTOR_TRUST_NOT_GIVEN 0x00000000 145 + /* Requestor trust level: Untrusted (SID S-1-16-0) */ 146 + #define VMMDEV_REQUESTOR_TRUST_UNTRUSTED 0x00001000 147 + /* Requestor trust level: Untrusted (SID S-1-16-4096) */ 148 + #define VMMDEV_REQUESTOR_TRUST_LOW 0x00002000 149 + /* Requestor trust level: Medium (SID S-1-16-8192) */ 150 + #define VMMDEV_REQUESTOR_TRUST_MEDIUM 0x00003000 151 + /* Requestor trust level: Medium plus (SID S-1-16-8448) */ 152 + #define VMMDEV_REQUESTOR_TRUST_MEDIUM_PLUS 0x00004000 153 + /* Requestor trust level: High (SID S-1-16-12288) */ 154 + #define VMMDEV_REQUESTOR_TRUST_HIGH 0x00005000 155 + /* Requestor trust level: System (SID S-1-16-16384) */ 156 + #define VMMDEV_REQUESTOR_TRUST_SYSTEM 0x00006000 157 + /* Requestor trust level >= Protected (SID S-1-16-20480, S-1-16-28672) */ 158 + #define VMMDEV_REQUESTOR_TRUST_PROTECTED 0x00007000 159 + /* Requestor trust level mask */ 160 + #define VMMDEV_REQUESTOR_TRUST_MASK 0x00007000 161 + 162 + /* Requestor is using the less trusted user device node (/dev/vboxuser) */ 163 + #define VMMDEV_REQUESTOR_USER_DEVICE 0x00008000 164 + 105 165 /** HGCM service location types. */ 106 166 enum vmmdev_hgcm_service_location_type { 107 167 VMMDEV_HGCM_LOC_INVALID = 0,