Index: /trunk/include/VBox/Graphics/HGSMIDefs.h =================================================================== --- /trunk/include/VBox/Graphics/HGSMIDefs.h (revision 70603) +++ /trunk/include/VBox/Graphics/HGSMIDefs.h (revision 70604) @@ -41,15 +41,15 @@ #define HGSMIOFFSET_VOID ((HGSMIOFFSET)~0) -/* Describes a shared memory area buffer. +/** + * Describes a shared memory area buffer. + * * Used for calculations with offsets and for buffers verification. */ typedef struct HGSMIAREA { - uint8_t *pu8Base; /* The starting address of the area. Corresponds to offset 'offBase'. */ - HGSMIOFFSET offBase; /* The starting offset of the area. */ - HGSMIOFFSET offLast; /* The last valid offset: - * offBase + cbArea - 1 - (sizeof(header) + sizeof(tail)). - */ - HGSMISIZE cbArea; /* Size of the area. */ + uint8_t *pu8Base; /**< The starting address of the area. Corresponds to offset 'offBase'. */ + HGSMIOFFSET offBase; /**< The starting offset of the area. */ + HGSMIOFFSET offLast; /**< The last valid offset: offBase + cbArea - 1 - (sizeof(header) + sizeof(tail)). */ + HGSMISIZE cbArea; /**< Size of the area. */ } HGSMIAREA; Index: /trunk/src/VBox/Devices/Graphics/DevVGA_VBVA.cpp =================================================================== --- /trunk/src/VBox/Devices/Graphics/DevVGA_VBVA.cpp (revision 70603) +++ /trunk/src/VBox/Devices/Graphics/DevVGA_VBVA.cpp (revision 70604) @@ -729,4 +729,5 @@ { const VBVAMOUSEPOINTERSHAPE parms = *pShape; + ASMCompilerBarrier(); LogFlowFunc(("VBVA_MOUSE_POINTER_SHAPE: i32Result 0x%x, fu32Flags 0x%x, hot spot %d,%d, size %dx%d\n", @@ -748,6 +749,5 @@ if (parms.u32Width > 8192 || parms.u32Height > 8192) { - Log(("vbvaMousePointerShape: unsupported size %ux%u\n", - parms.u32Width, parms.u32Height)); + Log(("vbvaMousePointerShape: unsupported size %ux%u\n", parms.u32Width, parms.u32Height)); return VERR_INVALID_PARAMETER; } @@ -760,5 +760,5 @@ { Log(("vbvaMousePointerShape: calculated pointer data size is too big (%d bytes, limit %d)\n", - cbPointerData, cbShape - RT_UOFFSETOF(VBVAMOUSEPOINTERSHAPE, au8Data))); + cbPointerData, cbShape - RT_UOFFSETOF(VBVAMOUSEPOINTERSHAPE, au8Data))); return VERR_INVALID_PARAMETER; } @@ -1057,5 +1057,5 @@ return true; /* command will be completed asynchronously, return right away */ } - else if (rc == VERR_INVALID_STATE) + if (rc == VERR_INVALID_STATE) { Log(("VGA Command --- Trying Pend %#p, %d\n", pCommand, pCommand->enmCmd)); @@ -2105,5 +2105,5 @@ } -static int vbvaHandleQueryConf32(PVGASTATE pVGAState, VBVACONF32 *pConf32) +static int vbvaHandleQueryConf32(PVGASTATE pVGAState, VBVACONF32 volatile *pConf32) { int rc = VINF_SUCCESS; @@ -2161,4 +2161,5 @@ int rc = VINF_SUCCESS; const VBVACONF32 parms = *pConf32; + ASMCompilerBarrier(); LogFlowFunc(("VBVA_SET_CONF32: u32Index %d, u32Value 0x%x\n", @@ -2185,11 +2186,10 @@ static int vbvaHandleInfoHeap(PVGASTATE pVGAState, const VBVAINFOHEAP *pInfoHeap) { - PHGSMIINSTANCE pIns = pVGAState->pHGSMI; - const VBVAINFOHEAP parms = *pInfoHeap; + ASMCompilerBarrier(); LogFlowFunc(("VBVA_INFO_HEAP: offset 0x%x, size 0x%x\n", parms.u32HeapOffset, parms.u32HeapSize)); - return HGSMIHostHeapSetup(pIns, parms.u32HeapOffset, parms.u32HeapSize); + return HGSMIHostHeapSetup(pVGAState->pHGSMI, parms.u32HeapOffset, parms.u32HeapSize); } @@ -2197,4 +2197,5 @@ { const VBVAINFOVIEW view = *pView; + ASMCompilerBarrier(); LogFlowFunc(("VBVA_INFO_VIEW: u32ViewIndex %d, u32ViewOffset 0x%x, u32ViewSize 0x%x, u32MaxScreenSize 0x%x\n", @@ -2279,5 +2280,5 @@ } -static int vbvaHandleEnable(PVGASTATE pVGAState, const VBVAENABLE *pVbvaEnable, uint32_t u32ScreenId) +static int vbvaHandleEnable(PVGASTATE pVGAState, VBVAENABLE const volatile *pVbvaEnable, uint32_t u32ScreenId) { int rc = VINF_SUCCESS; @@ -2286,24 +2287,22 @@ if (u32ScreenId > pCtx->cViews) - { return VERR_INVALID_PARAMETER; - } - - const VBVAENABLE parms = *pVbvaEnable; - - LogFlowFunc(("VBVA_ENABLE[%d]: u32Flags 0x%x u32Offset 0x%x\n", - u32ScreenId, parms.u32Flags, parms.u32Offset)); - - if ((parms.u32Flags & (VBVA_F_ENABLE | VBVA_F_DISABLE)) == VBVA_F_ENABLE) - { - uint32_t u32Offset = parms.u32Offset; - if (u32Offset < pVGAState->vram_size) + + uint32_t fEnableFlags = pVbvaEnable->u32Flags; + uint32_t offEnable = pVbvaEnable->u32Offset; + ASMCompilerBarrier(); + + LogFlowFunc(("VBVA_ENABLE[%d]: u32Flags 0x%x u32Offset %#x\n", u32ScreenId, fEnableFlags, offEnable)); + + if ((fEnableFlags & (VBVA_F_ENABLE | VBVA_F_DISABLE)) == VBVA_F_ENABLE) + { + if (offEnable < pVGAState->vram_size) { /* Guest reported offset either absolute or relative to view. */ - if (parms.u32Flags & VBVA_F_ABSOFFSET) + if (fEnableFlags & VBVA_F_ABSOFFSET) { /* Offset from VRAM start. */ if ( pVGAState->vram_size < RT_UOFFSETOF(VBVABUFFER, au8Data) - || u32Offset > pVGAState->vram_size - RT_UOFFSETOF(VBVABUFFER, au8Data)) + || offEnable > pVGAState->vram_size - RT_UOFFSETOF(VBVABUFFER, au8Data)) { rc = VERR_INVALID_PARAMETER; @@ -2314,7 +2313,7 @@ /* Offset from the view start. */ const VBVAINFOVIEW *pView = &pCtx->aViews[u32ScreenId].view; - if ( pVGAState->vram_size - u32Offset < pView->u32ViewOffset + if ( pVGAState->vram_size - offEnable < pView->u32ViewOffset || pView->u32ViewSize < RT_UOFFSETOF(VBVABUFFER, au8Data) - || u32Offset > pView->u32ViewSize - RT_UOFFSETOF(VBVABUFFER, au8Data)) + || offEnable > pView->u32ViewSize - RT_UOFFSETOF(VBVABUFFER, au8Data)) { rc = VERR_INVALID_PARAMETER; @@ -2322,5 +2321,5 @@ else { - u32Offset += pView->u32ViewOffset; + offEnable += pView->u32ViewOffset; } } @@ -2333,5 +2332,5 @@ if (RT_SUCCESS(rc)) { - VBVABUFFER *pVBVA = (VBVABUFFER *)HGSMIOffsetToPointerHost(pIns, u32Offset); + VBVABUFFER *pVBVA = (VBVABUFFER *)HGSMIOffsetToPointerHost(pIns, offEnable); if (pVBVA) { @@ -2339,10 +2338,9 @@ vbvaFlush(pVGAState, pCtx); - rc = vbvaEnable(u32ScreenId, pVGAState, pCtx, pVBVA, u32Offset, false /* fRestored */); + rc = vbvaEnable(u32ScreenId, pVGAState, pCtx, pVBVA, offEnable, false /* fRestored */); } else { - Log(("Invalid VBVABUFFER offset 0x%x!!!\n", - parms.u32Offset)); + Log(("Invalid VBVABUFFER offset 0x%x!!!\n", offEnable)); rc = VERR_INVALID_PARAMETER; } @@ -2350,9 +2348,7 @@ if (RT_FAILURE(rc)) - { LogRelMax(8, ("VBVA: can not enable: %Rrc\n", rc)); - } - } - else if ((parms.u32Flags & (VBVA_F_ENABLE | VBVA_F_DISABLE)) == VBVA_F_DISABLE) + } + else if ((fEnableFlags & (VBVA_F_ENABLE | VBVA_F_DISABLE)) == VBVA_F_DISABLE) { rc = vbvaDisable(u32ScreenId, pVGAState, pCtx); @@ -2360,6 +2356,5 @@ else { - Log(("Invalid VBVA_ENABLE flags 0x%x!!!\n", - parms.u32Flags)); + Log(("Invalid VBVA_ENABLE flags 0x%x!!!\n", fEnableFlags)); rc = VERR_INVALID_PARAMETER; } @@ -2368,30 +2363,25 @@ } -static int vbvaHandleQueryModeHints(PVGASTATE pVGAState, const VBVAQUERYMODEHINTS *pQueryModeHints, HGSMISIZE cbBuffer) +static int vbvaHandleQueryModeHints(PVGASTATE pVGAState, VBVAQUERYMODEHINTS volatile *pQueryModeHints, HGSMISIZE cbBuffer) { PHGSMIINSTANCE pIns = pVGAState->pHGSMI; - VBVACONTEXT *pCtx = (VBVACONTEXT *)HGSMIContext(pIns); - - const VBVAQUERYMODEHINTS parms = *pQueryModeHints; + VBVACONTEXT *pCtx = (VBVACONTEXT *)HGSMIContext(pIns); + + uint16_t const cHintsQueried = pQueryModeHints->cHintsQueried; + uint16_t const cbHintStructureGuest = pQueryModeHints->cbHintStructureGuest; + ASMCompilerBarrier(); LogRelFlowFunc(("VBVA: HandleQueryModeHints: cHintsQueried=%RU16, cbHintStructureGuest=%RU16\n", - parms.cHintsQueried, parms.cbHintStructureGuest)); - - if (cbBuffer < sizeof(VBVAQUERYMODEHINTS) - + (uint64_t)parms.cHintsQueried * parms.cbHintStructureGuest) - { + cHintsQueried, cbHintStructureGuest)); + if (cbBuffer < sizeof(VBVAQUERYMODEHINTS) + (uint32_t)cHintsQueried * cbHintStructureGuest) return VERR_INVALID_PARAMETER; - } - - uint8_t *pbHint = (uint8_t *)pQueryModeHints + sizeof(VBVAQUERYMODEHINTS); + + uint8_t *pbHint = (uint8_t *)(pQueryModeHints + 1); memset(pbHint, ~0, cbBuffer - sizeof(VBVAQUERYMODEHINTS)); - unsigned iHint; - for (iHint = 0; iHint < parms.cHintsQueried - && iHint < VBOX_VIDEO_MAX_SCREENS; ++iHint) - { - memcpy(pbHint, &pCtx->aModeHints[iHint], - RT_MIN(parms.cbHintStructureGuest, sizeof(VBVAMODEHINT))); - pbHint += parms.cbHintStructureGuest; + for (unsigned iHint = 0; iHint < cHintsQueried && iHint < VBOX_VIDEO_MAX_SCREENS; ++iHint) + { + memcpy(pbHint, &pCtx->aModeHints[iHint], RT_MIN(cbHintStructureGuest, sizeof(VBVAMODEHINT))); + pbHint += cbHintStructureGuest; Assert((uintptr_t)(pbHint - (uint8_t *)pQueryModeHints) <= cbBuffer); } @@ -2422,11 +2412,16 @@ } -/** The guest submitted a command buffer. Verify the buffer size and invoke corresponding handler. +/** + * The guest submitted a command buffer (hit VGA_PORT_HGSMI_GUEST). + * + * Verify the buffer size and invoke corresponding handler. * * @return VBox status code. * @param pvHandler The VBVA channel context. * @param u16ChannelInfo Command code. - * @param pvBuffer HGSMI buffer with command data. + * @param pvBuffer HGSMI buffer with command data. Considered volatile! * @param cbBuffer Size of command data. + * + * @thread EMT */ static DECLCALLBACK(int) vbvaChannelHandler(void *pvHandler, uint16_t u16ChannelInfo, void *pvBuffer, HGSMISIZE cbBuffer) @@ -2434,10 +2429,9 @@ int rc = VINF_SUCCESS; - LogFlowFunc(("pvHandler %p, u16ChannelInfo %d, pvBuffer %p, cbBuffer %u\n", - pvHandler, u16ChannelInfo, pvBuffer, cbBuffer)); - - PVGASTATE pVGAState = (PVGASTATE)pvHandler; - PHGSMIINSTANCE pIns = pVGAState->pHGSMI; - VBVACONTEXT *pCtx = (VBVACONTEXT *)HGSMIContext(pIns); + LogFlowFunc(("pvHandler %p, u16ChannelInfo %d, pvBuffer %p, cbBuffer %u\n", pvHandler, u16ChannelInfo, pvBuffer, cbBuffer)); + + PVGASTATE pVGAState = (PVGASTATE)pvHandler; + PHGSMIINSTANCE pIns = pVGAState->pHGSMI; + VBVACONTEXT *pCtx = (VBVACONTEXT *)HGSMIContext(pIns); switch (u16ChannelInfo) @@ -2487,252 +2481,186 @@ case VBVA_QUERY_CONF32: - { - if (cbBuffer < sizeof(VBVACONF32)) - { + if (cbBuffer >= sizeof(VBVACONF32)) + rc = vbvaHandleQueryConf32(pVGAState, (VBVACONF32 *)pvBuffer); + else rc = VERR_INVALID_PARAMETER; - break; - } - - VBVACONF32 *pConf32 = (VBVACONF32 *)pvBuffer; - rc = vbvaHandleQueryConf32(pVGAState, pConf32); - } break; + break; case VBVA_SET_CONF32: - { - if (cbBuffer < sizeof(VBVACONF32)) - { + if (cbBuffer >= sizeof(VBVACONF32)) + rc = vbvaHandleSetConf32(pVGAState, (VBVACONF32 *)pvBuffer); + else rc = VERR_INVALID_PARAMETER; - break; - } - - VBVACONF32 *pConf32 = (VBVACONF32 *)pvBuffer; - rc = vbvaHandleSetConf32(pVGAState, pConf32); - } break; + break; case VBVA_INFO_VIEW: - { + /* Expect at least one VBVAINFOVIEW structure. */ + rc = VERR_INVALID_PARAMETER; + if (cbBuffer >= sizeof(VBVAINFOVIEW)) + { #ifdef VBOX_WITH_CRHGSMI - if (vboxCmdVBVAIsEnabled(pVGAState)) - { - AssertMsgFailed(("VBVA_INFO_VIEW is not acceptible for CmdVbva\n")); + AssertMsgBreak(!vboxCmdVBVAIsEnabled(pVGAState), ("VBVA_INFO_VIEW is not acceptible for CmdVbva\n")); +#endif + /* Guest submits an array of VBVAINFOVIEW structures. */ + const VBVAINFOVIEW *pView = (VBVAINFOVIEW *)pvBuffer; + for (; + cbBuffer >= sizeof(VBVAINFOVIEW); + ++pView, cbBuffer -= sizeof(VBVAINFOVIEW)) + { + rc = VBVAInfoView(pVGAState, pView); + if (RT_FAILURE(rc)) + break; + } + } + break; + + case VBVA_INFO_HEAP: + if (cbBuffer >= sizeof(VBVAINFOHEAP)) + rc = vbvaHandleInfoHeap(pVGAState, (VBVAINFOHEAP *)pvBuffer); + else rc = VERR_INVALID_PARAMETER; - break; - } + break; + + case VBVA_FLUSH: + if (cbBuffer >= sizeof(VBVAFLUSH)) + rc = vbvaFlush(pVGAState, pCtx); + else + rc = VERR_INVALID_PARAMETER; + break; + + case VBVA_INFO_SCREEN: + rc = VERR_INVALID_PARAMETER; +#ifdef VBOX_WITH_CRHGSMI + AssertMsgBreak(!vboxCmdVBVAIsEnabled(pVGAState), ("VBVA_INFO_SCREEN is not acceptible for CmdVbva\n")); +#endif + if (cbBuffer >= sizeof(VBVAINFOSCREEN)) + rc = VBVAInfoScreen(pVGAState, (VBVAINFOSCREEN *)pvBuffer); + break; + + case VBVA_ENABLE: + rc = VERR_INVALID_PARAMETER; +#ifdef VBOX_WITH_CRHGSMI + AssertMsgBreak(!vboxCmdVBVAIsEnabled(pVGAState), ("VBVA_ENABLE is not acceptible for CmdVbva\n")); #endif /* VBOX_WITH_CRHGSMI */ - - /* Expect at least one VBVAINFOVIEW structure. */ - if (cbBuffer < sizeof(VBVAINFOVIEW)) - { + if (cbBuffer >= sizeof(VBVAENABLE)) + { + VBVAENABLE volatile *pVbvaEnable = (VBVAENABLE volatile *)pvBuffer; + + uint32_t u32ScreenId; + const uint32_t u32Flags = pVbvaEnable->u32Flags; + if (u32Flags & VBVA_F_EXTENDED) + { + if (cbBuffer >= sizeof(VBVAENABLE_EX)) + u32ScreenId = ((VBVAENABLE_EX volatile *)pvBuffer)->u32ScreenId; + else + { + rc = VERR_INVALID_PARAMETER; + break; + } + } + else + u32ScreenId = vbvaViewFromBufferPtr(pIns, pCtx, pvBuffer); + + rc = vbvaHandleEnable(pVGAState, pVbvaEnable, u32ScreenId); + pVbvaEnable->i32Result = rc; + } + break; + + case VBVA_MOUSE_POINTER_SHAPE: + if (cbBuffer >= sizeof(VBVAMOUSEPOINTERSHAPE)) + { + VBVAMOUSEPOINTERSHAPE *pShape = (VBVAMOUSEPOINTERSHAPE *)pvBuffer; + rc = vbvaMousePointerShape(pVGAState, pCtx, pShape, cbBuffer); + pShape->i32Result = rc; + } + else rc = VERR_INVALID_PARAMETER; - break; - } - - /* Guest submits an array of VBVAINFOVIEW structures. */ - const VBVAINFOVIEW *pView = (VBVAINFOVIEW *)pvBuffer; - for (; - cbBuffer >= sizeof(VBVAINFOVIEW); - ++pView, cbBuffer -= sizeof(VBVAINFOVIEW)) - { - rc = VBVAInfoView(pVGAState, pView); - if (RT_FAILURE(rc)) - break; - } - } break; - - case VBVA_INFO_HEAP: - { - if (cbBuffer < sizeof(VBVAINFOHEAP)) - { - rc = VERR_INVALID_PARAMETER; - break; - } - - const VBVAINFOHEAP *pInfoHeap = (VBVAINFOHEAP *)pvBuffer; - rc = vbvaHandleInfoHeap(pVGAState, pInfoHeap); - } break; - - case VBVA_FLUSH: - { - if (cbBuffer < sizeof(VBVAFLUSH)) - { - rc = VERR_INVALID_PARAMETER; - break; - } - - // const VBVAFLUSH *pVbvaFlush = (VBVAFLUSH *)pvBuffer; - rc = vbvaFlush(pVGAState, pCtx); - } break; - - case VBVA_INFO_SCREEN: - { -#ifdef VBOX_WITH_CRHGSMI - if (vboxCmdVBVAIsEnabled(pVGAState)) - { - AssertMsgFailed(("VBVA_INFO_SCREEN is not acceptible for CmdVbva\n")); - rc = VERR_INVALID_PARAMETER; - break; - } -#endif /* VBOX_WITH_CRHGSMI */ - - if (cbBuffer < sizeof(VBVAINFOSCREEN)) - { - rc = VERR_INVALID_PARAMETER; - break; - } - - const VBVAINFOSCREEN *pInfoScreen = (VBVAINFOSCREEN *)pvBuffer; - rc = VBVAInfoScreen(pVGAState, pInfoScreen); - } break; - - case VBVA_ENABLE: - { -#ifdef VBOX_WITH_CRHGSMI - if (vboxCmdVBVAIsEnabled(pVGAState)) - { - AssertMsgFailed(("VBVA_ENABLE is not acceptible for CmdVbva\n")); - rc = VERR_INVALID_PARAMETER; - break; - } -#endif /* VBOX_WITH_CRHGSMI */ - - if (cbBuffer < sizeof(VBVAENABLE)) - { - rc = VERR_INVALID_PARAMETER; - break; - } - - VBVAENABLE *pVbvaEnable = (VBVAENABLE *)pvBuffer; - - uint32_t u32ScreenId; - const uint32_t u32Flags = pVbvaEnable->u32Flags; - if (u32Flags & VBVA_F_EXTENDED) - { - if (cbBuffer < sizeof(VBVAENABLE_EX)) - { - rc = VERR_INVALID_PARAMETER; - break; - } - - const VBVAENABLE_EX *pEnableEx = (VBVAENABLE_EX *)pvBuffer; - u32ScreenId = pEnableEx->u32ScreenId; - } - else - { - u32ScreenId = vbvaViewFromBufferPtr(pIns, pCtx, pvBuffer); - } - - rc = vbvaHandleEnable(pVGAState, pVbvaEnable, u32ScreenId); - - pVbvaEnable->i32Result = rc; - } break; - - case VBVA_MOUSE_POINTER_SHAPE: - { - if (cbBuffer < sizeof(VBVAMOUSEPOINTERSHAPE)) - { - rc = VERR_INVALID_PARAMETER; - break; - } - - VBVAMOUSEPOINTERSHAPE *pShape = (VBVAMOUSEPOINTERSHAPE *)pvBuffer; - rc = vbvaMousePointerShape(pVGAState, pCtx, pShape, cbBuffer); - - pShape->i32Result = rc; - } break; + break; #ifdef VBOX_WITH_VIDEOHWACCEL case VBVA_VHWA_CMD: - { - if (cbBuffer < VBOXVHWACMD_HEADSIZE()) - { + if (cbBuffer >= VBOXVHWACMD_HEADSIZE()) + { + vbvaVHWAHandleCommand(pVGAState, (PVBOXVHWACMD)pvBuffer); + rc = VINF_SUCCESS; + } + else rc = VERR_INVALID_PARAMETER; - break; - } - vbvaVHWAHandleCommand(pVGAState, (PVBOXVHWACMD)pvBuffer); - } break; -#endif /* VBOX_WITH_VIDEOHWACCEL */ + break; +#endif #ifdef VBOX_WITH_WDDM case VBVA_INFO_CAPS: - { - if (cbBuffer < sizeof(VBVACAPS)) - { + if (cbBuffer >= sizeof(VBVACAPS)) + { + VBVACAPS volatile *pCaps = (VBVACAPS volatile *)pvBuffer; + pVGAState->fGuestCaps = pCaps->fCaps; + pVGAState->pDrv->pfnVBVAGuestCapabilityUpdate(pVGAState->pDrv, pVGAState->fGuestCaps); + pCaps->rc = rc = VINF_SUCCESS; + } + else rc = VERR_INVALID_PARAMETER; - break; - } - - VBVACAPS *pCaps = (VBVACAPS*)pvBuffer; - pVGAState->fGuestCaps = pCaps->fCaps; - pVGAState->pDrv->pfnVBVAGuestCapabilityUpdate(pVGAState->pDrv, - pVGAState->fGuestCaps); - pCaps->rc = VINF_SUCCESS; - } break; -#endif /* VBOX_WITH_WDDM */ + break; +#endif case VBVA_SCANLINE_CFG: - { - if (cbBuffer < sizeof(VBVASCANLINECFG)) - { + if (cbBuffer >= sizeof(VBVASCANLINECFG)) + { + VBVASCANLINECFG volatile *pCfg = (VBVASCANLINECFG volatile *)pvBuffer; + pVGAState->fScanLineCfg = pCfg->fFlags; + pCfg->rc = rc = VINF_SUCCESS; + } + else rc = VERR_INVALID_PARAMETER; - break; - } - - VBVASCANLINECFG *pCfg = (VBVASCANLINECFG*)pvBuffer; - pVGAState->fScanLineCfg = pCfg->fFlags; - pCfg->rc = VINF_SUCCESS; - } break; + break; case VBVA_QUERY_MODE_HINTS: - { - if (cbBuffer < sizeof(VBVAQUERYMODEHINTS)) - { + if (cbBuffer >= sizeof(VBVAQUERYMODEHINTS)) + { + VBVAQUERYMODEHINTS volatile *pQueryModeHints = (VBVAQUERYMODEHINTS volatile *)pvBuffer; + rc = vbvaHandleQueryModeHints(pVGAState, pQueryModeHints, cbBuffer); + pQueryModeHints->rc = rc; + } + else rc = VERR_INVALID_PARAMETER; - break; - } - - VBVAQUERYMODEHINTS *pQueryModeHints = (VBVAQUERYMODEHINTS*)pvBuffer; - rc = vbvaHandleQueryModeHints(pVGAState, pQueryModeHints, cbBuffer); - pQueryModeHints->rc = rc; - } break; + break; case VBVA_REPORT_INPUT_MAPPING: - { - if (cbBuffer < sizeof(VBVAREPORTINPUTMAPPING)) - { + if (cbBuffer >= sizeof(VBVAREPORTINPUTMAPPING)) + { + const VBVAREPORTINPUTMAPPING inputMapping = *(VBVAREPORTINPUTMAPPING *)pvBuffer; + ASMCompilerBarrier(); + LogRelFlowFunc(("VBVA: ChannelHandler: VBVA_REPORT_INPUT_MAPPING: x=%RI32, y=%RI32, cx=%RU32, cy=%RU32\n", + inputMapping.x, inputMapping.y, inputMapping.cx, inputMapping.cy)); + pVGAState->pDrv->pfnVBVAInputMappingUpdate(pVGAState->pDrv, + inputMapping.x, inputMapping.y, + inputMapping.cx, inputMapping.cy); + rc = VINF_SUCCESS; + } + else rc = VERR_INVALID_PARAMETER; - break; - } - - const VBVAREPORTINPUTMAPPING inputMapping = *(VBVAREPORTINPUTMAPPING *)pvBuffer; - LogRelFlowFunc(("VBVA: ChannelHandler: VBVA_REPORT_INPUT_MAPPING: x=%RI32, y=%RI32, cx=%RU32, cy=%RU32\n", - inputMapping.x, inputMapping.y, inputMapping.cx, inputMapping.cy)); - pVGAState->pDrv->pfnVBVAInputMappingUpdate(pVGAState->pDrv, - inputMapping.x, inputMapping.y, - inputMapping.cx, inputMapping.cy); - } break; + break; case VBVA_CURSOR_POSITION: - { - if (cbBuffer < sizeof(VBVACURSORPOSITION)) - { + if (cbBuffer >= sizeof(VBVACURSORPOSITION)) + { + VBVACURSORPOSITION volatile *pReport = (VBVACURSORPOSITION volatile *)pvBuffer; + + LogRelFlowFunc(("VBVA: ChannelHandler: VBVA_CURSOR_POSITION: fReportPosition=%RTbool, x=%RU32, y=%RU32\n", + RT_BOOL(pReport->fReportPosition), pReport->x, pReport->y)); + + pVGAState->pDrv->pfnVBVAReportCursorPosition(pVGAState->pDrv, RT_BOOL(pReport->fReportPosition), + pReport->x, pReport->y); + pReport->x = pCtx->xCursor; + pReport->y = pCtx->yCursor; + rc = VINF_SUCCESS; + } + else rc = VERR_INVALID_PARAMETER; - break; - } - - VBVACURSORPOSITION *pReport = (VBVACURSORPOSITION *)pvBuffer; - - LogRelFlowFunc(("VBVA: ChannelHandler: VBVA_CURSOR_POSITION: fReportPosition=%RTbool, x=%RU32, y=%RU32\n", - RT_BOOL(pReport->fReportPosition), pReport->x, pReport->y)); - - pVGAState->pDrv->pfnVBVAReportCursorPosition(pVGAState->pDrv, RT_BOOL(pReport->fReportPosition), - pReport->x, pReport->y); - pReport->x = pCtx->xCursor; - pReport->y = pCtx->yCursor; - } break; + break; default: - Log(("Unsupported VBVA guest command %d!!!\n", - u16ChannelInfo)); + Log(("Unsupported VBVA guest command %d (%#x)!!!\n", u16ChannelInfo, u16ChannelInfo)); break; }