1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27#include <linux/frame.h>
28#include <linux/kernel.h>
29#include <linux/module.h>
30#include <linux/slab.h>
31#include <linux/mem_encrypt.h>
32
33#include <asm/hypervisor.h>
34
35#include "vmwgfx_drv.h"
36#include "vmwgfx_msg.h"
37
38#define MESSAGE_STATUS_SUCCESS 0x0001
39#define MESSAGE_STATUS_DORECV 0x0002
40#define MESSAGE_STATUS_CPT 0x0010
41#define MESSAGE_STATUS_HB 0x0080
42
43#define RPCI_PROTOCOL_NUM 0x49435052
44#define GUESTMSG_FLAG_COOKIE 0x80000000
45
46#define RETRIES 3
47
48#define VMW_HYPERVISOR_MAGIC 0x564D5868
49
50#define VMW_PORT_CMD_MSG 30
51#define VMW_PORT_CMD_HB_MSG 0
52#define VMW_PORT_CMD_OPEN_CHANNEL (MSG_TYPE_OPEN << 16 | VMW_PORT_CMD_MSG)
53#define VMW_PORT_CMD_CLOSE_CHANNEL (MSG_TYPE_CLOSE << 16 | VMW_PORT_CMD_MSG)
54#define VMW_PORT_CMD_SENDSIZE (MSG_TYPE_SENDSIZE << 16 | VMW_PORT_CMD_MSG)
55#define VMW_PORT_CMD_RECVSIZE (MSG_TYPE_RECVSIZE << 16 | VMW_PORT_CMD_MSG)
56#define VMW_PORT_CMD_RECVSTATUS (MSG_TYPE_RECVSTATUS << 16 | VMW_PORT_CMD_MSG)
57
58#define HIGH_WORD(X) ((X & 0xFFFF0000) >> 16)
59
60#define MAX_USER_MSG_LENGTH PAGE_SIZE
61
62static u32 vmw_msg_enabled = 1;
63
64enum rpc_msg_type {
65 MSG_TYPE_OPEN,
66 MSG_TYPE_SENDSIZE,
67 MSG_TYPE_SENDPAYLOAD,
68 MSG_TYPE_RECVSIZE,
69 MSG_TYPE_RECVPAYLOAD,
70 MSG_TYPE_RECVSTATUS,
71 MSG_TYPE_CLOSE,
72};
73
74struct rpc_channel {
75 u16 channel_id;
76 u32 cookie_high;
77 u32 cookie_low;
78};
79
80
81
82
83
84
85
86
87
88
89
90static int vmw_open_channel(struct rpc_channel *channel, unsigned int protocol)
91{
92 unsigned long eax, ebx, ecx, edx, si = 0, di = 0;
93
94 VMW_PORT(VMW_PORT_CMD_OPEN_CHANNEL,
95 (protocol | GUESTMSG_FLAG_COOKIE), si, di,
96 0,
97 VMW_HYPERVISOR_MAGIC,
98 eax, ebx, ecx, edx, si, di);
99
100 if ((HIGH_WORD(ecx) & MESSAGE_STATUS_SUCCESS) == 0)
101 return -EINVAL;
102
103 channel->channel_id = HIGH_WORD(edx);
104 channel->cookie_high = si;
105 channel->cookie_low = di;
106
107 return 0;
108}
109
110
111
112
113
114
115
116
117
118
119static int vmw_close_channel(struct rpc_channel *channel)
120{
121 unsigned long eax, ebx, ecx, edx, si, di;
122
123
124 si = channel->cookie_high;
125 di = channel->cookie_low;
126
127 VMW_PORT(VMW_PORT_CMD_CLOSE_CHANNEL,
128 0, si, di,
129 channel->channel_id << 16,
130 VMW_HYPERVISOR_MAGIC,
131 eax, ebx, ecx, edx, si, di);
132
133 if ((HIGH_WORD(ecx) & MESSAGE_STATUS_SUCCESS) == 0)
134 return -EINVAL;
135
136 return 0;
137}
138
139
140
141
142
143
144
145
146
147
148static unsigned long vmw_port_hb_out(struct rpc_channel *channel,
149 const char *msg, bool hb)
150{
151 unsigned long si, di, eax, ebx, ecx, edx;
152 unsigned long msg_len = strlen(msg);
153
154
155 if (hb && !mem_encrypt_active()) {
156 unsigned long bp = channel->cookie_high;
157
158 si = (uintptr_t) msg;
159 di = channel->cookie_low;
160
161 VMW_PORT_HB_OUT(
162 (MESSAGE_STATUS_SUCCESS << 16) | VMW_PORT_CMD_HB_MSG,
163 msg_len, si, di,
164 VMWARE_HYPERVISOR_HB | (channel->channel_id << 16) |
165 VMWARE_HYPERVISOR_OUT,
166 VMW_HYPERVISOR_MAGIC, bp,
167 eax, ebx, ecx, edx, si, di);
168
169 return ebx;
170 }
171
172
173 ecx = MESSAGE_STATUS_SUCCESS << 16;
174 while (msg_len && (HIGH_WORD(ecx) & MESSAGE_STATUS_SUCCESS)) {
175 unsigned int bytes = min_t(size_t, msg_len, 4);
176 unsigned long word = 0;
177
178 memcpy(&word, msg, bytes);
179 msg_len -= bytes;
180 msg += bytes;
181 si = channel->cookie_high;
182 di = channel->cookie_low;
183
184 VMW_PORT(VMW_PORT_CMD_MSG | (MSG_TYPE_SENDPAYLOAD << 16),
185 word, si, di,
186 channel->channel_id << 16,
187 VMW_HYPERVISOR_MAGIC,
188 eax, ebx, ecx, edx, si, di);
189 }
190
191 return ecx;
192}
193
194
195
196
197
198
199
200
201
202
203
204static unsigned long vmw_port_hb_in(struct rpc_channel *channel, char *reply,
205 unsigned long reply_len, bool hb)
206{
207 unsigned long si, di, eax, ebx, ecx, edx;
208
209
210 if (hb && !mem_encrypt_active()) {
211 unsigned long bp = channel->cookie_low;
212
213 si = channel->cookie_high;
214 di = (uintptr_t) reply;
215
216 VMW_PORT_HB_IN(
217 (MESSAGE_STATUS_SUCCESS << 16) | VMW_PORT_CMD_HB_MSG,
218 reply_len, si, di,
219 VMWARE_HYPERVISOR_HB | (channel->channel_id << 16),
220 VMW_HYPERVISOR_MAGIC, bp,
221 eax, ebx, ecx, edx, si, di);
222
223 return ebx;
224 }
225
226
227 ecx = MESSAGE_STATUS_SUCCESS << 16;
228 while (reply_len) {
229 unsigned int bytes = min_t(unsigned long, reply_len, 4);
230
231 si = channel->cookie_high;
232 di = channel->cookie_low;
233
234 VMW_PORT(VMW_PORT_CMD_MSG | (MSG_TYPE_RECVPAYLOAD << 16),
235 MESSAGE_STATUS_SUCCESS, si, di,
236 channel->channel_id << 16,
237 VMW_HYPERVISOR_MAGIC,
238 eax, ebx, ecx, edx, si, di);
239
240 if ((HIGH_WORD(ecx) & MESSAGE_STATUS_SUCCESS) == 0)
241 break;
242
243 memcpy(reply, &ebx, bytes);
244 reply_len -= bytes;
245 reply += bytes;
246 }
247
248 return ecx;
249}
250
251
252
253
254
255
256
257
258
259
260static int vmw_send_msg(struct rpc_channel *channel, const char *msg)
261{
262 unsigned long eax, ebx, ecx, edx, si, di;
263 size_t msg_len = strlen(msg);
264 int retries = 0;
265
266 while (retries < RETRIES) {
267 retries++;
268
269
270 si = channel->cookie_high;
271 di = channel->cookie_low;
272
273 VMW_PORT(VMW_PORT_CMD_SENDSIZE,
274 msg_len, si, di,
275 channel->channel_id << 16,
276 VMW_HYPERVISOR_MAGIC,
277 eax, ebx, ecx, edx, si, di);
278
279 if ((HIGH_WORD(ecx) & MESSAGE_STATUS_SUCCESS) == 0) {
280
281 return -EINVAL;
282 }
283
284
285 ebx = vmw_port_hb_out(channel, msg,
286 !!(HIGH_WORD(ecx) & MESSAGE_STATUS_HB));
287
288 if ((HIGH_WORD(ebx) & MESSAGE_STATUS_SUCCESS) != 0) {
289 return 0;
290 } else if ((HIGH_WORD(ebx) & MESSAGE_STATUS_CPT) != 0) {
291
292 continue;
293 } else {
294 break;
295 }
296 }
297
298 return -EINVAL;
299}
300STACK_FRAME_NON_STANDARD(vmw_send_msg);
301
302
303
304
305
306
307
308
309
310
311
312static int vmw_recv_msg(struct rpc_channel *channel, void **msg,
313 size_t *msg_len)
314{
315 unsigned long eax, ebx, ecx, edx, si, di;
316 char *reply;
317 size_t reply_len;
318 int retries = 0;
319
320
321 *msg_len = 0;
322 *msg = NULL;
323
324 while (retries < RETRIES) {
325 retries++;
326
327
328 si = channel->cookie_high;
329 di = channel->cookie_low;
330
331 VMW_PORT(VMW_PORT_CMD_RECVSIZE,
332 0, si, di,
333 channel->channel_id << 16,
334 VMW_HYPERVISOR_MAGIC,
335 eax, ebx, ecx, edx, si, di);
336
337 if ((HIGH_WORD(ecx) & MESSAGE_STATUS_SUCCESS) == 0) {
338 DRM_ERROR("Failed to get reply size for host message.\n");
339 return -EINVAL;
340 }
341
342
343 if ((HIGH_WORD(ecx) & MESSAGE_STATUS_DORECV) == 0)
344 return 0;
345
346 reply_len = ebx;
347 reply = kzalloc(reply_len + 1, GFP_KERNEL);
348 if (!reply) {
349 DRM_ERROR("Cannot allocate memory for host message reply.\n");
350 return -ENOMEM;
351 }
352
353
354
355 ebx = vmw_port_hb_in(channel, reply, reply_len,
356 !!(HIGH_WORD(ecx) & MESSAGE_STATUS_HB));
357 if ((HIGH_WORD(ebx) & MESSAGE_STATUS_SUCCESS) == 0) {
358 kfree(reply);
359 reply = NULL;
360 if ((HIGH_WORD(ebx) & MESSAGE_STATUS_CPT) != 0) {
361
362 continue;
363 }
364
365 return -EINVAL;
366 }
367
368 reply[reply_len] = '\0';
369
370
371
372 si = channel->cookie_high;
373 di = channel->cookie_low;
374
375 VMW_PORT(VMW_PORT_CMD_RECVSTATUS,
376 MESSAGE_STATUS_SUCCESS, si, di,
377 channel->channel_id << 16,
378 VMW_HYPERVISOR_MAGIC,
379 eax, ebx, ecx, edx, si, di);
380
381 if ((HIGH_WORD(ecx) & MESSAGE_STATUS_SUCCESS) == 0) {
382 kfree(reply);
383 reply = NULL;
384 if ((HIGH_WORD(ecx) & MESSAGE_STATUS_CPT) != 0) {
385
386 continue;
387 }
388
389 return -EINVAL;
390 }
391
392 break;
393 }
394
395 if (!reply)
396 return -EINVAL;
397
398 *msg_len = reply_len;
399 *msg = reply;
400
401 return 0;
402}
403STACK_FRAME_NON_STANDARD(vmw_recv_msg);
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418int vmw_host_get_guestinfo(const char *guest_info_param,
419 char *buffer, size_t *length)
420{
421 struct rpc_channel channel;
422 char *msg, *reply = NULL;
423 size_t reply_len = 0;
424
425 if (!vmw_msg_enabled)
426 return -ENODEV;
427
428 if (!guest_info_param || !length)
429 return -EINVAL;
430
431 msg = kasprintf(GFP_KERNEL, "info-get %s", guest_info_param);
432 if (!msg) {
433 DRM_ERROR("Cannot allocate memory to get guest info \"%s\".",
434 guest_info_param);
435 return -ENOMEM;
436 }
437
438 if (vmw_open_channel(&channel, RPCI_PROTOCOL_NUM))
439 goto out_open;
440
441 if (vmw_send_msg(&channel, msg) ||
442 vmw_recv_msg(&channel, (void *) &reply, &reply_len))
443 goto out_msg;
444
445 vmw_close_channel(&channel);
446 if (buffer && reply && reply_len > 0) {
447
448
449
450 reply_len = max(reply_len - 2, (size_t) 0);
451 reply_len = min(reply_len, *length);
452
453 if (reply_len > 0)
454 memcpy(buffer, reply + 2, reply_len);
455 }
456
457 *length = reply_len;
458
459 kfree(reply);
460 kfree(msg);
461
462 return 0;
463
464out_msg:
465 vmw_close_channel(&channel);
466 kfree(reply);
467out_open:
468 *length = 0;
469 kfree(msg);
470 DRM_ERROR("Failed to get guest info \"%s\".", guest_info_param);
471
472 return -EINVAL;
473}
474
475
476
477
478
479
480
481
482
483
484int vmw_host_log(const char *log)
485{
486 struct rpc_channel channel;
487 char *msg;
488 int ret = 0;
489
490
491 if (!vmw_msg_enabled)
492 return -ENODEV;
493
494 if (!log)
495 return ret;
496
497 msg = kasprintf(GFP_KERNEL, "log %s", log);
498 if (!msg) {
499 DRM_ERROR("Cannot allocate memory for host log message.\n");
500 return -ENOMEM;
501 }
502
503 if (vmw_open_channel(&channel, RPCI_PROTOCOL_NUM))
504 goto out_open;
505
506 if (vmw_send_msg(&channel, msg))
507 goto out_msg;
508
509 vmw_close_channel(&channel);
510 kfree(msg);
511
512 return 0;
513
514out_msg:
515 vmw_close_channel(&channel);
516out_open:
517 kfree(msg);
518 DRM_ERROR("Failed to send host log message.\n");
519
520 return -EINVAL;
521}
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536int vmw_msg_ioctl(struct drm_device *dev, void *data,
537 struct drm_file *file_priv)
538{
539 struct drm_vmw_msg_arg *arg =
540 (struct drm_vmw_msg_arg *) data;
541 struct rpc_channel channel;
542 char *msg;
543 int length;
544
545 msg = kmalloc(MAX_USER_MSG_LENGTH, GFP_KERNEL);
546 if (!msg) {
547 DRM_ERROR("Cannot allocate memory for log message.\n");
548 return -ENOMEM;
549 }
550
551 length = strncpy_from_user(msg, (void __user *)((unsigned long)arg->send),
552 MAX_USER_MSG_LENGTH);
553 if (length < 0 || length >= MAX_USER_MSG_LENGTH) {
554 DRM_ERROR("Userspace message access failure.\n");
555 kfree(msg);
556 return -EINVAL;
557 }
558
559
560 if (vmw_open_channel(&channel, RPCI_PROTOCOL_NUM)) {
561 DRM_ERROR("Failed to open channel.\n");
562 goto out_open;
563 }
564
565 if (vmw_send_msg(&channel, msg)) {
566 DRM_ERROR("Failed to send message to host.\n");
567 goto out_msg;
568 }
569
570 if (!arg->send_only) {
571 char *reply = NULL;
572 size_t reply_len = 0;
573
574 if (vmw_recv_msg(&channel, (void *) &reply, &reply_len)) {
575 DRM_ERROR("Failed to receive message from host.\n");
576 goto out_msg;
577 }
578 if (reply && reply_len > 0) {
579 if (copy_to_user((void __user *)((unsigned long)arg->receive),
580 reply, reply_len)) {
581 DRM_ERROR("Failed to copy message to userspace.\n");
582 kfree(reply);
583 goto out_msg;
584 }
585 arg->receive_len = (__u32)reply_len;
586 }
587 kfree(reply);
588 }
589
590 vmw_close_channel(&channel);
591 kfree(msg);
592
593 return 0;
594
595out_msg:
596 vmw_close_channel(&channel);
597out_open:
598 kfree(msg);
599
600 return -EINVAL;
601}
602
603