vmt_subr.c revision 1.3.16.1
1 1.3.16.1 martin /* $NetBSD: vmt_subr.c,v 1.3.16.1 2024/09/11 15:52:17 martin Exp $ */ 2 1.1 ryo /* $OpenBSD: vmt.c,v 1.11 2011/01/27 21:29:25 dtucker Exp $ */ 3 1.1 ryo 4 1.1 ryo /* 5 1.1 ryo * Copyright (c) 2007 David Crawshaw <david (at) zentus.com> 6 1.1 ryo * Copyright (c) 2008 David Gwynne <dlg (at) openbsd.org> 7 1.1 ryo * 8 1.1 ryo * Permission to use, copy, modify, and distribute this software for any 9 1.1 ryo * purpose with or without fee is hereby granted, provided that the above 10 1.1 ryo * copyright notice and this permission notice appear in all copies. 11 1.1 ryo * 12 1.1 ryo * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 13 1.1 ryo * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 14 1.1 ryo * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 15 1.1 ryo * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 16 1.1 ryo * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 17 1.1 ryo * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 18 1.1 ryo * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 19 1.1 ryo */ 20 1.1 ryo 21 1.1 ryo /* 22 1.1 ryo * Protocol reverse engineered by Ken Kato: 23 1.1 ryo * https://sites.google.com/site/chitchatvmback/backdoor 24 1.1 ryo */ 25 1.1 ryo 26 1.1 ryo #include <sys/param.h> 27 1.1 ryo #include <sys/types.h> 28 1.1 ryo #include <sys/callout.h> 29 1.1 ryo #include <sys/device.h> 30 1.1 ryo #include <sys/endian.h> 31 1.1 ryo #include <sys/kernel.h> 32 1.1 ryo #include <sys/kmem.h> 33 1.1 ryo #include <sys/module.h> 34 1.1 ryo #include <sys/proc.h> 35 1.1 ryo #include <sys/reboot.h> 36 1.1 ryo #include <sys/socket.h> 37 1.1 ryo #include <sys/sysctl.h> 38 1.1 ryo #include <sys/syslog.h> 39 1.1 ryo #include <sys/systm.h> 40 1.1 ryo #include <sys/timetc.h> 41 1.1 ryo 42 1.1 ryo #include <net/if.h> 43 1.1 ryo #include <netinet/in.h> 44 1.1 ryo 45 1.1 ryo #include <dev/sysmon/sysmonvar.h> 46 1.1 ryo #include <dev/sysmon/sysmon_taskq.h> 47 1.1 ryo #include <dev/vmt/vmtreg.h> 48 1.1 ryo #include <dev/vmt/vmtvar.h> 49 1.1 ryo 50 1.1 ryo /* #define VMT_DEBUG */ 51 1.1 ryo 52 1.1 ryo static int vmt_sysctl_setup_root(device_t); 53 1.1 ryo static int vmt_sysctl_setup_clock_sync(device_t, const struct sysctlnode *); 54 1.1 ryo static int vmt_sysctl_update_clock_sync_period(SYSCTLFN_PROTO); 55 1.1 ryo 56 1.1 ryo static void vm_cmd(struct vm_backdoor *); 57 1.1 ryo static void vm_ins(struct vm_backdoor *); 58 1.1 ryo static void vm_outs(struct vm_backdoor *); 59 1.1 ryo 60 1.1 ryo /* Functions for communicating with the VM Host. */ 61 1.1 ryo static int vm_rpc_open(struct vm_rpc *, uint32_t); 62 1.1 ryo static int vm_rpc_close(struct vm_rpc *); 63 1.1 ryo static int vm_rpc_send(const struct vm_rpc *, const uint8_t *, uint32_t); 64 1.1 ryo static int vm_rpc_send_str(const struct vm_rpc *, const uint8_t *); 65 1.1 ryo static int vm_rpc_get_length(const struct vm_rpc *, uint32_t *, uint16_t *); 66 1.1 ryo static int vm_rpc_get_data(const struct vm_rpc *, char *, uint32_t, uint16_t); 67 1.1 ryo static int vm_rpc_send_rpci_tx_buf(struct vmt_softc *, const uint8_t *, uint32_t); 68 1.1 ryo static int vm_rpc_send_rpci_tx(struct vmt_softc *, const char *, ...) 69 1.1 ryo __printflike(2, 3); 70 1.1 ryo static int vm_rpci_response_successful(struct vmt_softc *); 71 1.1 ryo 72 1.1 ryo static void vmt_tclo_state_change_success(struct vmt_softc *, int, char); 73 1.1 ryo static void vmt_do_reboot(struct vmt_softc *); 74 1.1 ryo static void vmt_do_shutdown(struct vmt_softc *); 75 1.3.16.1 martin static bool vmt_shutdown(device_t, int); 76 1.1 ryo 77 1.1 ryo static void vmt_update_guest_info(struct vmt_softc *); 78 1.1 ryo static void vmt_update_guest_uptime(struct vmt_softc *); 79 1.1 ryo static void vmt_sync_guest_clock(struct vmt_softc *); 80 1.1 ryo 81 1.1 ryo static void vmt_tick(void *); 82 1.1 ryo static void vmt_clock_sync_tick(void *); 83 1.1 ryo static void vmt_pswitch_event(void *); 84 1.1 ryo 85 1.3.16.1 martin static void vmt_tclo_tick(void *); 86 1.3.16.1 martin static int vmt_tclo_process(struct vmt_softc *, const char *); 87 1.3.16.1 martin static void vmt_tclo_reset(struct vmt_softc *); 88 1.3.16.1 martin static void vmt_tclo_ping(struct vmt_softc *); 89 1.3.16.1 martin static void vmt_tclo_halt(struct vmt_softc *); 90 1.3.16.1 martin static void vmt_tclo_reboot(struct vmt_softc *); 91 1.3.16.1 martin static void vmt_tclo_poweron(struct vmt_softc *); 92 1.3.16.1 martin static void vmt_tclo_suspend(struct vmt_softc *); 93 1.3.16.1 martin static void vmt_tclo_resume(struct vmt_softc *); 94 1.3.16.1 martin static void vmt_tclo_capreg(struct vmt_softc *); 95 1.3.16.1 martin static void vmt_tclo_broadcastip(struct vmt_softc *); 96 1.3.16.1 martin 97 1.3.16.1 martin struct vmt_tclo_rpc { 98 1.3.16.1 martin const char *name; 99 1.3.16.1 martin void (*cb)(struct vmt_softc *); 100 1.3.16.1 martin } vmt_tclo_rpc[] = { 101 1.3.16.1 martin /* Keep sorted by name (case-sensitive) */ 102 1.3.16.1 martin { "Capabilities_Register", vmt_tclo_capreg }, 103 1.3.16.1 martin { "OS_Halt", vmt_tclo_halt }, 104 1.3.16.1 martin { "OS_PowerOn", vmt_tclo_poweron }, 105 1.3.16.1 martin { "OS_Reboot", vmt_tclo_reboot }, 106 1.3.16.1 martin { "OS_Resume", vmt_tclo_resume }, 107 1.3.16.1 martin { "OS_Suspend", vmt_tclo_suspend }, 108 1.3.16.1 martin { "Set_Option broadcastIP 1", vmt_tclo_broadcastip }, 109 1.3.16.1 martin { "ping", vmt_tclo_ping }, 110 1.3.16.1 martin { "reset", vmt_tclo_reset }, 111 1.3.16.1 martin #if 0 112 1.3.16.1 martin /* Various unsupported commands */ 113 1.3.16.1 martin { "Set_Option autohide 0" }, 114 1.3.16.1 martin { "Set_Option copypaste 1" }, 115 1.3.16.1 martin { "Set_Option enableDnD 1" }, 116 1.3.16.1 martin { "Set_Option enableMessageBusTunnel 0" }, 117 1.3.16.1 martin { "Set_Option linkRootHgfsShare 0" }, 118 1.3.16.1 martin { "Set_Option mapRootHgfsShare 0" }, 119 1.3.16.1 martin { "Set_Option synctime 1" }, 120 1.3.16.1 martin { "Set_Option synctime.period 0" }, 121 1.3.16.1 martin { "Set_Option time.synchronize.tools.enable 1" }, 122 1.3.16.1 martin { "Set_Option time.synchronize.tools.percentCorrection 0" }, 123 1.3.16.1 martin { "Set_Option time.synchronize.tools.slewCorrection 1" }, 124 1.3.16.1 martin { "Set_Option time.synchronize.tools.startup 1" }, 125 1.3.16.1 martin { "Set_Option toolScripts.afterPowerOn 1" }, 126 1.3.16.1 martin { "Set_Option toolScripts.afterResume 1" }, 127 1.3.16.1 martin { "Set_Option toolScripts.beforePowerOff 1" }, 128 1.3.16.1 martin { "Set_Option toolScripts.beforeSuspend 1" }, 129 1.3.16.1 martin { "Time_Synchronize 0" }, 130 1.3.16.1 martin { "Vix_1_Relayed_Command \"38cdcae40e075d66\"" }, 131 1.3.16.1 martin #endif 132 1.3.16.1 martin { NULL, NULL }, 133 1.3.16.1 martin }; 134 1.3.16.1 martin 135 1.1 ryo extern char hostname[MAXHOSTNAMELEN]; 136 1.1 ryo 137 1.1 ryo static void 138 1.1 ryo vmt_probe_cmd(struct vm_backdoor *frame, uint16_t cmd) 139 1.1 ryo { 140 1.1 ryo memset(frame, 0, sizeof(*frame)); 141 1.1 ryo 142 1.3 ryo frame->eax = VM_MAGIC; 143 1.3 ryo frame->ebx = ~VM_MAGIC & VM_REG_WORD_MASK; 144 1.3 ryo frame->ecx = VM_REG_CMD(0xffff, cmd); 145 1.3 ryo frame->edx = VM_REG_CMD(0, VM_PORT_CMD); 146 1.1 ryo 147 1.1 ryo vm_cmd(frame); 148 1.1 ryo } 149 1.1 ryo 150 1.1 ryo bool 151 1.1 ryo vmt_probe(void) 152 1.1 ryo { 153 1.1 ryo struct vm_backdoor frame; 154 1.1 ryo 155 1.1 ryo vmt_probe_cmd(&frame, VM_CMD_GET_VERSION); 156 1.3 ryo if (__SHIFTOUT(frame.eax, VM_REG_WORD_MASK) == 0xffffffff || 157 1.3 ryo __SHIFTOUT(frame.ebx, VM_REG_WORD_MASK) != VM_MAGIC) 158 1.1 ryo return false; 159 1.1 ryo 160 1.1 ryo vmt_probe_cmd(&frame, VM_CMD_GET_SPEED); 161 1.3 ryo if (__SHIFTOUT(frame.eax, VM_REG_WORD_MASK) == VM_MAGIC) 162 1.1 ryo return false; 163 1.1 ryo 164 1.1 ryo return true; 165 1.1 ryo } 166 1.1 ryo 167 1.1 ryo void 168 1.1 ryo vmt_common_attach(struct vmt_softc *sc) 169 1.1 ryo { 170 1.1 ryo device_t self; 171 1.1 ryo struct vm_backdoor frame; 172 1.1 ryo int rv; 173 1.1 ryo 174 1.1 ryo self = sc->sc_dev; 175 1.1 ryo sc->sc_log = NULL; 176 1.1 ryo 177 1.1 ryo /* check again */ 178 1.1 ryo vmt_probe_cmd(&frame, VM_CMD_GET_VERSION); 179 1.3 ryo if (__SHIFTOUT(frame.eax, VM_REG_WORD_MASK) == 0xffffffff || 180 1.3 ryo __SHIFTOUT(frame.ebx, VM_REG_WORD_MASK) != VM_MAGIC) { 181 1.1 ryo aprint_error_dev(self, "failed to get VMware version\n"); 182 1.1 ryo return; 183 1.1 ryo } 184 1.1 ryo 185 1.1 ryo /* show uuid */ 186 1.1 ryo { 187 1.1 ryo struct uuid uuid; 188 1.1 ryo uint32_t u; 189 1.1 ryo 190 1.1 ryo vmt_probe_cmd(&frame, VM_CMD_GET_BIOS_UUID); 191 1.3 ryo uuid.time_low = 192 1.3 ryo bswap32(__SHIFTOUT(frame.eax, VM_REG_WORD_MASK)); 193 1.3 ryo u = bswap32(__SHIFTOUT(frame.ebx, VM_REG_WORD_MASK)); 194 1.1 ryo uuid.time_mid = u >> 16; 195 1.1 ryo uuid.time_hi_and_version = u; 196 1.3 ryo u = bswap32(__SHIFTOUT(frame.ecx, VM_REG_WORD_MASK)); 197 1.1 ryo uuid.clock_seq_hi_and_reserved = u >> 24; 198 1.1 ryo uuid.clock_seq_low = u >> 16; 199 1.1 ryo uuid.node[0] = u >> 8; 200 1.1 ryo uuid.node[1] = u; 201 1.3 ryo u = bswap32(__SHIFTOUT(frame.edx, VM_REG_WORD_MASK)); 202 1.1 ryo uuid.node[2] = u >> 24; 203 1.1 ryo uuid.node[3] = u >> 16; 204 1.1 ryo uuid.node[4] = u >> 8; 205 1.1 ryo uuid.node[5] = u; 206 1.1 ryo 207 1.1 ryo uuid_snprintf(sc->sc_uuid, sizeof(sc->sc_uuid), &uuid); 208 1.2 ryo aprint_verbose_dev(sc->sc_dev, "UUID: %s\n", sc->sc_uuid); 209 1.1 ryo } 210 1.1 ryo 211 1.1 ryo callout_init(&sc->sc_tick, 0); 212 1.1 ryo callout_init(&sc->sc_tclo_tick, 0); 213 1.1 ryo callout_init(&sc->sc_clock_sync_tick, 0); 214 1.1 ryo 215 1.1 ryo sc->sc_clock_sync_period_seconds = VMT_CLOCK_SYNC_PERIOD_SECONDS; 216 1.1 ryo 217 1.1 ryo rv = vmt_sysctl_setup_root(self); 218 1.1 ryo if (rv != 0) { 219 1.1 ryo aprint_error_dev(self, "failed to initialize sysctl " 220 1.1 ryo "(err %d)\n", rv); 221 1.1 ryo goto free; 222 1.1 ryo } 223 1.1 ryo 224 1.1 ryo sc->sc_rpc_buf = kmem_alloc(VMT_RPC_BUFLEN, KM_SLEEP); 225 1.1 ryo 226 1.1 ryo if (vm_rpc_open(&sc->sc_tclo_rpc, VM_RPC_OPEN_TCLO) != 0) { 227 1.3.16.1 martin aprint_error_dev(self, "failed to open backdoor RPC channel " 228 1.3.16.1 martin "(TCLO protocol)\n"); 229 1.1 ryo goto free; 230 1.1 ryo } 231 1.1 ryo sc->sc_tclo_rpc_open = true; 232 1.1 ryo 233 1.1 ryo /* don't know if this is important at all yet */ 234 1.3.16.1 martin if (vm_rpc_send_rpci_tx(sc, 235 1.3.16.1 martin "tools.capability.hgfs_server toolbox 1") != 0) { 236 1.3.16.1 martin aprint_error_dev(self, 237 1.3.16.1 martin "failed to set HGFS server capability\n"); 238 1.1 ryo goto free; 239 1.1 ryo } 240 1.1 ryo 241 1.1 ryo pmf_device_register1(self, NULL, NULL, vmt_shutdown); 242 1.1 ryo 243 1.1 ryo sysmon_task_queue_init(); 244 1.1 ryo 245 1.1 ryo sc->sc_ev_power.ev_smpsw.smpsw_type = PSWITCH_TYPE_POWER; 246 1.1 ryo sc->sc_ev_power.ev_smpsw.smpsw_name = device_xname(self); 247 1.1 ryo sc->sc_ev_power.ev_code = PSWITCH_EVENT_PRESSED; 248 1.1 ryo sysmon_pswitch_register(&sc->sc_ev_power.ev_smpsw); 249 1.1 ryo sc->sc_ev_reset.ev_smpsw.smpsw_type = PSWITCH_TYPE_RESET; 250 1.1 ryo sc->sc_ev_reset.ev_smpsw.smpsw_name = device_xname(self); 251 1.1 ryo sc->sc_ev_reset.ev_code = PSWITCH_EVENT_PRESSED; 252 1.1 ryo sysmon_pswitch_register(&sc->sc_ev_reset.ev_smpsw); 253 1.1 ryo sc->sc_ev_sleep.ev_smpsw.smpsw_type = PSWITCH_TYPE_SLEEP; 254 1.1 ryo sc->sc_ev_sleep.ev_smpsw.smpsw_name = device_xname(self); 255 1.1 ryo sc->sc_ev_sleep.ev_code = PSWITCH_EVENT_RELEASED; 256 1.1 ryo sysmon_pswitch_register(&sc->sc_ev_sleep.ev_smpsw); 257 1.1 ryo sc->sc_smpsw_valid = true; 258 1.1 ryo 259 1.1 ryo callout_setfunc(&sc->sc_tick, vmt_tick, sc); 260 1.1 ryo callout_schedule(&sc->sc_tick, hz); 261 1.1 ryo 262 1.1 ryo callout_setfunc(&sc->sc_tclo_tick, vmt_tclo_tick, sc); 263 1.1 ryo callout_schedule(&sc->sc_tclo_tick, hz); 264 1.1 ryo sc->sc_tclo_ping = 1; 265 1.1 ryo 266 1.1 ryo callout_setfunc(&sc->sc_clock_sync_tick, vmt_clock_sync_tick, sc); 267 1.1 ryo callout_schedule(&sc->sc_clock_sync_tick, 268 1.1 ryo mstohz(sc->sc_clock_sync_period_seconds * 1000)); 269 1.1 ryo 270 1.1 ryo vmt_sync_guest_clock(sc); 271 1.1 ryo 272 1.1 ryo return; 273 1.1 ryo 274 1.1 ryo free: 275 1.1 ryo if (sc->sc_rpc_buf) 276 1.1 ryo kmem_free(sc->sc_rpc_buf, VMT_RPC_BUFLEN); 277 1.1 ryo pmf_device_register(self, NULL, NULL); 278 1.1 ryo if (sc->sc_log) 279 1.1 ryo sysctl_teardown(&sc->sc_log); 280 1.1 ryo } 281 1.1 ryo 282 1.1 ryo int 283 1.1 ryo vmt_common_detach(struct vmt_softc *sc) 284 1.1 ryo { 285 1.1 ryo if (sc->sc_tclo_rpc_open) 286 1.1 ryo vm_rpc_close(&sc->sc_tclo_rpc); 287 1.1 ryo 288 1.1 ryo if (sc->sc_smpsw_valid) { 289 1.1 ryo sysmon_pswitch_unregister(&sc->sc_ev_sleep.ev_smpsw); 290 1.1 ryo sysmon_pswitch_unregister(&sc->sc_ev_reset.ev_smpsw); 291 1.1 ryo sysmon_pswitch_unregister(&sc->sc_ev_power.ev_smpsw); 292 1.1 ryo } 293 1.1 ryo 294 1.1 ryo callout_halt(&sc->sc_tick, NULL); 295 1.1 ryo callout_destroy(&sc->sc_tick); 296 1.1 ryo 297 1.1 ryo callout_halt(&sc->sc_tclo_tick, NULL); 298 1.1 ryo callout_destroy(&sc->sc_tclo_tick); 299 1.1 ryo 300 1.1 ryo callout_halt(&sc->sc_clock_sync_tick, NULL); 301 1.1 ryo callout_destroy(&sc->sc_clock_sync_tick); 302 1.1 ryo 303 1.1 ryo if (sc->sc_rpc_buf) 304 1.1 ryo kmem_free(sc->sc_rpc_buf, VMT_RPC_BUFLEN); 305 1.1 ryo 306 1.1 ryo if (sc->sc_log) { 307 1.1 ryo sysctl_teardown(&sc->sc_log); 308 1.1 ryo sc->sc_log = NULL; 309 1.1 ryo } 310 1.1 ryo 311 1.1 ryo return 0; 312 1.1 ryo } 313 1.1 ryo 314 1.1 ryo static int 315 1.1 ryo vmt_sysctl_setup_root(device_t self) 316 1.1 ryo { 317 1.1 ryo const struct sysctlnode *machdep_node, *vmt_node; 318 1.1 ryo struct vmt_softc *sc = device_private(self); 319 1.1 ryo int rv; 320 1.1 ryo 321 1.1 ryo rv = sysctl_createv(&sc->sc_log, 0, NULL, &machdep_node, 322 1.1 ryo CTLFLAG_PERMANENT, CTLTYPE_NODE, "machdep", NULL, 323 1.1 ryo NULL, 0, NULL, 0, CTL_MACHDEP, CTL_EOL); 324 1.1 ryo if (rv != 0) 325 1.1 ryo goto fail; 326 1.1 ryo 327 1.1 ryo rv = sysctl_createv(&sc->sc_log, 0, &machdep_node, &vmt_node, 328 1.1 ryo 0, CTLTYPE_NODE, device_xname(self), NULL, 329 1.1 ryo NULL, 0, NULL, 0, CTL_CREATE, CTL_EOL); 330 1.1 ryo if (rv != 0) 331 1.1 ryo goto fail; 332 1.1 ryo 333 1.1 ryo rv = sysctl_createv(&sc->sc_log, 0, &vmt_node, NULL, 334 1.1 ryo CTLFLAG_READONLY, CTLTYPE_STRING, "uuid", 335 1.1 ryo SYSCTL_DESCR("UUID of virtual machine"), 336 1.1 ryo NULL, 0, sc->sc_uuid, 0, 337 1.1 ryo CTL_CREATE, CTL_EOL); 338 1.1 ryo 339 1.1 ryo rv = vmt_sysctl_setup_clock_sync(self, vmt_node); 340 1.1 ryo if (rv != 0) 341 1.1 ryo goto fail; 342 1.1 ryo 343 1.1 ryo return 0; 344 1.1 ryo 345 1.1 ryo fail: 346 1.1 ryo sysctl_teardown(&sc->sc_log); 347 1.1 ryo sc->sc_log = NULL; 348 1.1 ryo 349 1.1 ryo return rv; 350 1.1 ryo } 351 1.1 ryo 352 1.1 ryo static int 353 1.1 ryo vmt_sysctl_setup_clock_sync(device_t self, const struct sysctlnode *root_node) 354 1.1 ryo { 355 1.1 ryo const struct sysctlnode *node, *period_node; 356 1.1 ryo struct vmt_softc *sc = device_private(self); 357 1.1 ryo int rv; 358 1.1 ryo 359 1.1 ryo rv = sysctl_createv(&sc->sc_log, 0, &root_node, &node, 360 1.1 ryo 0, CTLTYPE_NODE, "clock_sync", NULL, 361 1.1 ryo NULL, 0, NULL, 0, CTL_CREATE, CTL_EOL); 362 1.1 ryo if (rv != 0) 363 1.1 ryo return rv; 364 1.1 ryo 365 1.1 ryo rv = sysctl_createv(&sc->sc_log, 0, &node, &period_node, 366 1.1 ryo CTLFLAG_READWRITE, CTLTYPE_INT, "period", 367 1.1 ryo SYSCTL_DESCR("Period, in seconds, at which to update the " 368 1.3.16.1 martin "guest's clock"), 369 1.1 ryo vmt_sysctl_update_clock_sync_period, 0, (void *)sc, 0, 370 1.1 ryo CTL_CREATE, CTL_EOL); 371 1.1 ryo return rv; 372 1.1 ryo } 373 1.1 ryo 374 1.1 ryo static int 375 1.1 ryo vmt_sysctl_update_clock_sync_period(SYSCTLFN_ARGS) 376 1.1 ryo { 377 1.1 ryo int error, period; 378 1.1 ryo struct sysctlnode node; 379 1.1 ryo struct vmt_softc *sc; 380 1.1 ryo 381 1.1 ryo node = *rnode; 382 1.1 ryo sc = (struct vmt_softc *)node.sysctl_data; 383 1.1 ryo 384 1.1 ryo period = sc->sc_clock_sync_period_seconds; 385 1.1 ryo node.sysctl_data = . 386 1.1 ryo error = sysctl_lookup(SYSCTLFN_CALL(&node)); 387 1.1 ryo if (error || newp == NULL) 388 1.1 ryo return error; 389 1.1 ryo 390 1.1 ryo if (sc->sc_clock_sync_period_seconds != period) { 391 1.1 ryo callout_halt(&sc->sc_clock_sync_tick, NULL); 392 1.1 ryo sc->sc_clock_sync_period_seconds = period; 393 1.1 ryo if (sc->sc_clock_sync_period_seconds > 0) 394 1.1 ryo callout_schedule(&sc->sc_clock_sync_tick, 395 1.1 ryo mstohz(sc->sc_clock_sync_period_seconds * 1000)); 396 1.1 ryo } 397 1.1 ryo return 0; 398 1.1 ryo } 399 1.1 ryo 400 1.1 ryo static void 401 1.1 ryo vmt_clock_sync_tick(void *xarg) 402 1.1 ryo { 403 1.1 ryo struct vmt_softc *sc = xarg; 404 1.1 ryo 405 1.1 ryo vmt_sync_guest_clock(sc); 406 1.1 ryo 407 1.1 ryo callout_schedule(&sc->sc_clock_sync_tick, 408 1.1 ryo mstohz(sc->sc_clock_sync_period_seconds * 1000)); 409 1.1 ryo } 410 1.1 ryo 411 1.1 ryo static void 412 1.1 ryo vmt_update_guest_uptime(struct vmt_softc *sc) 413 1.1 ryo { 414 1.1 ryo /* host wants uptime in hundredths of a second */ 415 1.1 ryo if (vm_rpc_send_rpci_tx(sc, "SetGuestInfo %d %" PRId64 "00", 416 1.1 ryo VM_GUEST_INFO_UPTIME, time_uptime) != 0) { 417 1.1 ryo device_printf(sc->sc_dev, "unable to set guest uptime\n"); 418 1.1 ryo sc->sc_rpc_error = 1; 419 1.1 ryo } 420 1.1 ryo } 421 1.1 ryo 422 1.1 ryo static void 423 1.1 ryo vmt_update_guest_info(struct vmt_softc *sc) 424 1.1 ryo { 425 1.1 ryo if (strncmp(sc->sc_hostname, hostname, sizeof(sc->sc_hostname)) != 0) { 426 1.1 ryo strlcpy(sc->sc_hostname, hostname, sizeof(sc->sc_hostname)); 427 1.1 ryo if (vm_rpc_send_rpci_tx(sc, "SetGuestInfo %d %s", 428 1.1 ryo VM_GUEST_INFO_DNS_NAME, sc->sc_hostname) != 0) { 429 1.1 ryo device_printf(sc->sc_dev, "unable to set hostname\n"); 430 1.1 ryo sc->sc_rpc_error = 1; 431 1.1 ryo } 432 1.1 ryo } 433 1.1 ryo 434 1.1 ryo /* 435 1.3.16.1 martin * we're supposed to pass the full network address information back 436 1.3.16.1 martin * here, but that involves xdr (sunrpc) data encoding, which seems 437 1.3.16.1 martin * a bit unreasonable. 438 1.1 ryo */ 439 1.1 ryo 440 1.1 ryo if (sc->sc_set_guest_os == 0) { 441 1.1 ryo if (vm_rpc_send_rpci_tx(sc, "SetGuestInfo %d %s %s %s", 442 1.3.16.1 martin VM_GUEST_INFO_OS_NAME_FULL, 443 1.3.16.1 martin ostype, osrelease, machine_arch) != 0) { 444 1.3.16.1 martin device_printf(sc->sc_dev, 445 1.3.16.1 martin "unable to set full guest OS\n"); 446 1.1 ryo sc->sc_rpc_error = 1; 447 1.1 ryo } 448 1.1 ryo 449 1.1 ryo /* 450 1.3.16.1 martin * Host doesn't like it if we send an OS name it doesn't 451 1.3.16.1 martin * recognise, so use "other" for i386 and "other-64" for amd64. 452 1.1 ryo */ 453 1.1 ryo if (vm_rpc_send_rpci_tx(sc, "SetGuestInfo %d %s", 454 1.1 ryo VM_GUEST_INFO_OS_NAME, VM_OS_NAME) != 0) { 455 1.1 ryo device_printf(sc->sc_dev, "unable to set guest OS\n"); 456 1.1 ryo sc->sc_rpc_error = 1; 457 1.1 ryo } 458 1.1 ryo 459 1.1 ryo sc->sc_set_guest_os = 1; 460 1.1 ryo } 461 1.1 ryo } 462 1.1 ryo 463 1.1 ryo static void 464 1.1 ryo vmt_sync_guest_clock(struct vmt_softc *sc) 465 1.1 ryo { 466 1.1 ryo struct vm_backdoor frame; 467 1.1 ryo struct timespec ts; 468 1.1 ryo 469 1.1 ryo memset(&frame, 0, sizeof(frame)); 470 1.3 ryo frame.eax = VM_MAGIC; 471 1.3 ryo frame.ecx = VM_CMD_GET_TIME_FULL; 472 1.3 ryo frame.edx = VM_REG_CMD(0, VM_PORT_CMD); 473 1.1 ryo vm_cmd(&frame); 474 1.1 ryo 475 1.3 ryo if (__SHIFTOUT(frame.eax, VM_REG_WORD_MASK) != 0xffffffff) { 476 1.3 ryo ts.tv_sec = ((uint64_t)( 477 1.3 ryo __SHIFTOUT(frame.esi, VM_REG_WORD_MASK) << 32)) | 478 1.3 ryo __SHIFTOUT(frame.edx, VM_REG_WORD_MASK); 479 1.3 ryo ts.tv_nsec = __SHIFTOUT(frame.ebx, VM_REG_WORD_MASK) * 1000; 480 1.1 ryo tc_setclock(&ts); 481 1.1 ryo } 482 1.1 ryo } 483 1.1 ryo 484 1.1 ryo static void 485 1.1 ryo vmt_tick(void *xarg) 486 1.1 ryo { 487 1.1 ryo struct vmt_softc *sc = xarg; 488 1.1 ryo 489 1.1 ryo vmt_update_guest_info(sc); 490 1.1 ryo vmt_update_guest_uptime(sc); 491 1.1 ryo 492 1.1 ryo callout_schedule(&sc->sc_tick, hz * 15); 493 1.1 ryo } 494 1.1 ryo 495 1.1 ryo static void 496 1.1 ryo vmt_tclo_state_change_success(struct vmt_softc *sc, int success, char state) 497 1.1 ryo { 498 1.1 ryo if (vm_rpc_send_rpci_tx(sc, "tools.os.statechange.status %d %d", 499 1.1 ryo success, state) != 0) { 500 1.3.16.1 martin device_printf(sc->sc_dev, 501 1.3.16.1 martin "unable to send state change result\n"); 502 1.1 ryo sc->sc_rpc_error = 1; 503 1.1 ryo } 504 1.1 ryo } 505 1.1 ryo 506 1.1 ryo static void 507 1.1 ryo vmt_do_shutdown(struct vmt_softc *sc) 508 1.1 ryo { 509 1.1 ryo vmt_tclo_state_change_success(sc, 1, VM_STATE_CHANGE_HALT); 510 1.1 ryo vm_rpc_send_str(&sc->sc_tclo_rpc, VM_RPC_REPLY_OK); 511 1.1 ryo 512 1.1 ryo device_printf(sc->sc_dev, "host requested shutdown\n"); 513 1.1 ryo sysmon_task_queue_sched(0, vmt_pswitch_event, &sc->sc_ev_power); 514 1.1 ryo } 515 1.1 ryo 516 1.1 ryo static void 517 1.1 ryo vmt_do_reboot(struct vmt_softc *sc) 518 1.1 ryo { 519 1.1 ryo vmt_tclo_state_change_success(sc, 1, VM_STATE_CHANGE_REBOOT); 520 1.1 ryo vm_rpc_send_str(&sc->sc_tclo_rpc, VM_RPC_REPLY_OK); 521 1.1 ryo 522 1.1 ryo device_printf(sc->sc_dev, "host requested reboot\n"); 523 1.1 ryo sysmon_task_queue_sched(0, vmt_pswitch_event, &sc->sc_ev_reset); 524 1.1 ryo } 525 1.1 ryo 526 1.1 ryo static void 527 1.1 ryo vmt_do_resume(struct vmt_softc *sc) 528 1.1 ryo { 529 1.1 ryo device_printf(sc->sc_dev, "guest resuming from suspended state\n"); 530 1.1 ryo 531 1.1 ryo vmt_sync_guest_clock(sc); 532 1.1 ryo 533 1.1 ryo /* force guest info update */ 534 1.1 ryo sc->sc_hostname[0] = '\0'; 535 1.1 ryo sc->sc_set_guest_os = 0; 536 1.1 ryo vmt_update_guest_info(sc); 537 1.1 ryo 538 1.1 ryo vmt_tclo_state_change_success(sc, 1, VM_STATE_CHANGE_RESUME); 539 1.1 ryo if (vm_rpc_send_str(&sc->sc_tclo_rpc, VM_RPC_REPLY_OK) != 0) { 540 1.1 ryo device_printf(sc->sc_dev, "error sending resume response\n"); 541 1.1 ryo sc->sc_rpc_error = 1; 542 1.1 ryo } 543 1.1 ryo 544 1.1 ryo sysmon_task_queue_sched(0, vmt_pswitch_event, &sc->sc_ev_sleep); 545 1.1 ryo } 546 1.1 ryo 547 1.1 ryo static bool 548 1.1 ryo vmt_shutdown(device_t self, int flags) 549 1.1 ryo { 550 1.1 ryo struct vmt_softc *sc = device_private(self); 551 1.1 ryo 552 1.3.16.1 martin if (vm_rpc_send_rpci_tx(sc, 553 1.3.16.1 martin "tools.capability.hgfs_server toolbox 0") != 0) { 554 1.3.16.1 martin device_printf(sc->sc_dev, 555 1.3.16.1 martin "failed to disable hgfs server capability\n"); 556 1.1 ryo } 557 1.1 ryo 558 1.1 ryo if (vm_rpc_send(&sc->sc_tclo_rpc, NULL, 0) != 0) { 559 1.1 ryo device_printf(sc->sc_dev, "failed to send shutdown ping\n"); 560 1.1 ryo } 561 1.1 ryo 562 1.1 ryo vm_rpc_close(&sc->sc_tclo_rpc); 563 1.1 ryo 564 1.1 ryo return true; 565 1.1 ryo } 566 1.1 ryo 567 1.1 ryo static void 568 1.1 ryo vmt_pswitch_event(void *xarg) 569 1.1 ryo { 570 1.1 ryo struct vmt_event *ev = xarg; 571 1.1 ryo 572 1.1 ryo sysmon_pswitch_event(&ev->ev_smpsw, ev->ev_code); 573 1.1 ryo } 574 1.1 ryo 575 1.1 ryo static void 576 1.3.16.1 martin vmt_tclo_reset(struct vmt_softc *sc) 577 1.3.16.1 martin { 578 1.3.16.1 martin 579 1.3.16.1 martin if (sc->sc_rpc_error != 0) { 580 1.3.16.1 martin device_printf(sc->sc_dev, "resetting rpc\n"); 581 1.3.16.1 martin vm_rpc_close(&sc->sc_tclo_rpc); 582 1.3.16.1 martin 583 1.3.16.1 martin /* reopen and send the reset reply next time around */ 584 1.3.16.1 martin return; 585 1.3.16.1 martin } 586 1.3.16.1 martin 587 1.3.16.1 martin if (vm_rpc_send_str(&sc->sc_tclo_rpc, VM_RPC_RESET_REPLY) != 0) { 588 1.3.16.1 martin device_printf(sc->sc_dev, "failed to send reset reply\n"); 589 1.3.16.1 martin sc->sc_rpc_error = 1; 590 1.3.16.1 martin } 591 1.3.16.1 martin 592 1.3.16.1 martin } 593 1.3.16.1 martin 594 1.3.16.1 martin static void 595 1.3.16.1 martin vmt_tclo_ping(struct vmt_softc *sc) 596 1.3.16.1 martin { 597 1.3.16.1 martin 598 1.3.16.1 martin vmt_update_guest_info(sc); 599 1.3.16.1 martin if (vm_rpc_send_str(&sc->sc_tclo_rpc, VM_RPC_REPLY_OK) != 0) { 600 1.3.16.1 martin device_printf(sc->sc_dev, "error sending ping response\n"); 601 1.3.16.1 martin sc->sc_rpc_error = 1; 602 1.3.16.1 martin } 603 1.3.16.1 martin } 604 1.3.16.1 martin 605 1.3.16.1 martin static void 606 1.3.16.1 martin vmt_tclo_halt(struct vmt_softc *sc) 607 1.3.16.1 martin { 608 1.3.16.1 martin 609 1.3.16.1 martin vmt_do_shutdown(sc); 610 1.3.16.1 martin } 611 1.3.16.1 martin 612 1.3.16.1 martin static void 613 1.3.16.1 martin vmt_tclo_reboot(struct vmt_softc *sc) 614 1.3.16.1 martin { 615 1.3.16.1 martin 616 1.3.16.1 martin vmt_do_reboot(sc); 617 1.3.16.1 martin } 618 1.3.16.1 martin 619 1.3.16.1 martin static void 620 1.3.16.1 martin vmt_tclo_poweron(struct vmt_softc *sc) 621 1.3.16.1 martin { 622 1.3.16.1 martin 623 1.3.16.1 martin vmt_tclo_state_change_success(sc, 1, VM_STATE_CHANGE_POWERON); 624 1.3.16.1 martin if (vm_rpc_send_str(&sc->sc_tclo_rpc, VM_RPC_REPLY_OK) != 0) { 625 1.3.16.1 martin device_printf(sc->sc_dev, "error sending poweron response\n"); 626 1.3.16.1 martin sc->sc_rpc_error = 1; 627 1.3.16.1 martin } 628 1.3.16.1 martin } 629 1.3.16.1 martin 630 1.3.16.1 martin static void 631 1.3.16.1 martin vmt_tclo_suspend(struct vmt_softc *sc) 632 1.3.16.1 martin { 633 1.3.16.1 martin 634 1.3.16.1 martin log(LOG_KERN | LOG_NOTICE, 635 1.3.16.1 martin "VMware guest entering suspended state\n"); 636 1.3.16.1 martin 637 1.3.16.1 martin vmt_tclo_state_change_success(sc, 1, VM_STATE_CHANGE_SUSPEND); 638 1.3.16.1 martin if (vm_rpc_send_str(&sc->sc_tclo_rpc, VM_RPC_REPLY_OK) != 0) { 639 1.3.16.1 martin device_printf(sc->sc_dev, "error sending suspend response\n"); 640 1.3.16.1 martin sc->sc_rpc_error = 1; 641 1.3.16.1 martin } 642 1.3.16.1 martin } 643 1.3.16.1 martin 644 1.3.16.1 martin static void 645 1.3.16.1 martin vmt_tclo_resume(struct vmt_softc *sc) 646 1.3.16.1 martin { 647 1.3.16.1 martin 648 1.3.16.1 martin vmt_do_resume(sc); /* XXX msaitoh extract */ 649 1.3.16.1 martin } 650 1.3.16.1 martin 651 1.3.16.1 martin static void 652 1.3.16.1 martin vmt_tclo_capreg(struct vmt_softc *sc) 653 1.3.16.1 martin { 654 1.3.16.1 martin 655 1.3.16.1 martin /* don't know if this is important at all */ 656 1.3.16.1 martin if (vm_rpc_send_rpci_tx(sc, 657 1.3.16.1 martin "vmx.capability.unified_loop toolbox") != 0) { 658 1.3.16.1 martin device_printf(sc->sc_dev, "unable to set unified loop\n"); 659 1.3.16.1 martin sc->sc_rpc_error = 1; 660 1.3.16.1 martin } 661 1.3.16.1 martin if (vm_rpci_response_successful(sc) == 0) { 662 1.3.16.1 martin device_printf(sc->sc_dev, 663 1.3.16.1 martin "host rejected unified loop setting\n"); 664 1.3.16.1 martin } 665 1.3.16.1 martin 666 1.3.16.1 martin /* the trailing space is apparently important here */ 667 1.3.16.1 martin if (vm_rpc_send_rpci_tx(sc, 668 1.3.16.1 martin "tools.capability.statechange ") != 0) { 669 1.3.16.1 martin device_printf(sc->sc_dev, 670 1.3.16.1 martin "unable to send statechange capability\n"); 671 1.3.16.1 martin sc->sc_rpc_error = 1; 672 1.3.16.1 martin } 673 1.3.16.1 martin if (vm_rpci_response_successful(sc) == 0) { 674 1.3.16.1 martin device_printf(sc->sc_dev, 675 1.3.16.1 martin "host rejected statechange capability\n"); 676 1.3.16.1 martin } 677 1.3.16.1 martin 678 1.3.16.1 martin if (vm_rpc_send_rpci_tx(sc, 679 1.3.16.1 martin "tools.set.version %u", VM_VERSION_UNMANAGED) != 0) { 680 1.3.16.1 martin device_printf(sc->sc_dev, "unable to set tools version\n"); 681 1.3.16.1 martin sc->sc_rpc_error = 1; 682 1.3.16.1 martin } 683 1.3.16.1 martin 684 1.3.16.1 martin vmt_update_guest_uptime(sc); 685 1.3.16.1 martin 686 1.3.16.1 martin if (vm_rpc_send_str(&sc->sc_tclo_rpc, VM_RPC_REPLY_OK) != 0) { 687 1.3.16.1 martin device_printf(sc->sc_dev, 688 1.3.16.1 martin "error sending capabilities_register response\n"); 689 1.3.16.1 martin sc->sc_rpc_error = 1; 690 1.3.16.1 martin } 691 1.3.16.1 martin } 692 1.3.16.1 martin 693 1.3.16.1 martin static void 694 1.3.16.1 martin vmt_tclo_broadcastip(struct vmt_softc *sc) 695 1.3.16.1 martin { 696 1.3.16.1 martin struct ifaddr *iface_addr = NULL; 697 1.3.16.1 martin struct ifnet *iface; 698 1.3.16.1 martin struct sockaddr_in *guest_ip; 699 1.3.16.1 martin int s; 700 1.3.16.1 martin struct psref psref; 701 1.3.16.1 martin 702 1.3.16.1 martin /* find first available ipv4 address */ 703 1.3.16.1 martin guest_ip = NULL; 704 1.3.16.1 martin s = pserialize_read_enter(); 705 1.3.16.1 martin IFNET_READER_FOREACH(iface) { 706 1.3.16.1 martin 707 1.3.16.1 martin /* skip loopback */ 708 1.3.16.1 martin if (strncmp(iface->if_xname, "lo", 2) == 0 && 709 1.3.16.1 martin iface->if_xname[2] >= '0' && 710 1.3.16.1 martin iface->if_xname[2] <= '9') { 711 1.3.16.1 martin continue; 712 1.3.16.1 martin } 713 1.3.16.1 martin 714 1.3.16.1 martin IFADDR_READER_FOREACH(iface_addr, iface) { 715 1.3.16.1 martin if (iface_addr->ifa_addr->sa_family != AF_INET) { 716 1.3.16.1 martin continue; 717 1.3.16.1 martin } 718 1.3.16.1 martin 719 1.3.16.1 martin guest_ip = satosin(iface_addr->ifa_addr); 720 1.3.16.1 martin ifa_acquire(iface_addr, &psref); 721 1.3.16.1 martin goto got; 722 1.3.16.1 martin } 723 1.3.16.1 martin } 724 1.3.16.1 martin got: 725 1.3.16.1 martin pserialize_read_exit(s); 726 1.3.16.1 martin 727 1.3.16.1 martin if (guest_ip != NULL) { 728 1.3.16.1 martin if (vm_rpc_send_rpci_tx(sc, "info-set guestinfo.ip %s", 729 1.3.16.1 martin inet_ntoa(guest_ip->sin_addr)) != 0) { 730 1.3.16.1 martin device_printf(sc->sc_dev, 731 1.3.16.1 martin "unable to send guest IP address\n"); 732 1.3.16.1 martin sc->sc_rpc_error = 1; 733 1.3.16.1 martin } 734 1.3.16.1 martin ifa_release(iface_addr, &psref); 735 1.3.16.1 martin 736 1.3.16.1 martin if (vm_rpc_send_str(&sc->sc_tclo_rpc, 737 1.3.16.1 martin VM_RPC_REPLY_OK) != 0) { 738 1.3.16.1 martin device_printf(sc->sc_dev, 739 1.3.16.1 martin "error sending broadcastIP response\n"); 740 1.3.16.1 martin sc->sc_rpc_error = 1; 741 1.3.16.1 martin } 742 1.3.16.1 martin } else { 743 1.3.16.1 martin if (vm_rpc_send_str(&sc->sc_tclo_rpc, 744 1.3.16.1 martin VM_RPC_REPLY_ERROR_IP_ADDR) != 0) { 745 1.3.16.1 martin device_printf(sc->sc_dev, 746 1.3.16.1 martin "error sending broadcastIP" 747 1.3.16.1 martin " error response\n"); 748 1.3.16.1 martin sc->sc_rpc_error = 1; 749 1.3.16.1 martin } 750 1.3.16.1 martin } 751 1.3.16.1 martin } 752 1.3.16.1 martin 753 1.3.16.1 martin int 754 1.3.16.1 martin vmt_tclo_process(struct vmt_softc *sc, const char *name) 755 1.3.16.1 martin { 756 1.3.16.1 martin int i; 757 1.3.16.1 martin 758 1.3.16.1 martin /* Search for rpc command and call handler */ 759 1.3.16.1 martin for (i = 0; vmt_tclo_rpc[i].name != NULL; i++) { 760 1.3.16.1 martin if (strcmp(vmt_tclo_rpc[i].name, sc->sc_rpc_buf) == 0) { 761 1.3.16.1 martin vmt_tclo_rpc[i].cb(sc); 762 1.3.16.1 martin return (0); 763 1.3.16.1 martin } 764 1.3.16.1 martin } 765 1.3.16.1 martin 766 1.3.16.1 martin device_printf(sc->sc_dev, "unknown command: \"%s\"\n", name); 767 1.3.16.1 martin 768 1.3.16.1 martin return (-1); 769 1.3.16.1 martin } 770 1.3.16.1 martin 771 1.3.16.1 martin static void 772 1.1 ryo vmt_tclo_tick(void *xarg) 773 1.1 ryo { 774 1.1 ryo struct vmt_softc *sc = xarg; 775 1.1 ryo u_int32_t rlen; 776 1.1 ryo u_int16_t ack; 777 1.3.16.1 martin int delay; 778 1.1 ryo 779 1.3.16.1 martin /* By default, poll every second for new messages */ 780 1.3.16.1 martin delay = 1; 781 1.3.16.1 martin 782 1.1 ryo /* reopen tclo channel if it's currently closed */ 783 1.1 ryo if (sc->sc_tclo_rpc.channel == 0 && 784 1.1 ryo sc->sc_tclo_rpc.cookie1 == 0 && 785 1.1 ryo sc->sc_tclo_rpc.cookie2 == 0) { 786 1.1 ryo if (vm_rpc_open(&sc->sc_tclo_rpc, VM_RPC_OPEN_TCLO) != 0) { 787 1.3.16.1 martin device_printf(sc->sc_dev, 788 1.3.16.1 martin "unable to reopen TCLO channel\n"); 789 1.3.16.1 martin delay = 15; 790 1.3.16.1 martin goto out; 791 1.1 ryo } 792 1.1 ryo 793 1.3.16.1 martin if (vm_rpc_send_str(&sc->sc_tclo_rpc, 794 1.3.16.1 martin VM_RPC_RESET_REPLY) != 0) { 795 1.3.16.1 martin device_printf(sc->sc_dev, 796 1.3.16.1 martin "failed to send reset reply\n"); 797 1.1 ryo sc->sc_rpc_error = 1; 798 1.1 ryo goto out; 799 1.1 ryo } else { 800 1.1 ryo sc->sc_rpc_error = 0; 801 1.1 ryo } 802 1.1 ryo } 803 1.1 ryo 804 1.1 ryo if (sc->sc_tclo_ping) { 805 1.1 ryo if (vm_rpc_send(&sc->sc_tclo_rpc, NULL, 0) != 0) { 806 1.3.16.1 martin device_printf(sc->sc_dev, 807 1.3.16.1 martin "failed to send TCLO outgoing ping\n"); 808 1.1 ryo sc->sc_rpc_error = 1; 809 1.1 ryo goto out; 810 1.1 ryo } 811 1.1 ryo } 812 1.1 ryo 813 1.1 ryo if (vm_rpc_get_length(&sc->sc_tclo_rpc, &rlen, &ack) != 0) { 814 1.3.16.1 martin device_printf(sc->sc_dev, 815 1.3.16.1 martin "failed to get length of incoming TCLO data\n"); 816 1.1 ryo sc->sc_rpc_error = 1; 817 1.1 ryo goto out; 818 1.1 ryo } 819 1.1 ryo 820 1.1 ryo if (rlen == 0) { 821 1.1 ryo sc->sc_tclo_ping = 1; 822 1.1 ryo goto out; 823 1.1 ryo } 824 1.1 ryo 825 1.1 ryo if (rlen >= VMT_RPC_BUFLEN) { 826 1.1 ryo rlen = VMT_RPC_BUFLEN - 1; 827 1.1 ryo } 828 1.1 ryo if (vm_rpc_get_data(&sc->sc_tclo_rpc, sc->sc_rpc_buf, rlen, ack) != 0) { 829 1.3.16.1 martin device_printf(sc->sc_dev, 830 1.3.16.1 martin "failed to get incoming TCLO data\n"); 831 1.1 ryo sc->sc_rpc_error = 1; 832 1.1 ryo goto out; 833 1.1 ryo } 834 1.1 ryo sc->sc_tclo_ping = 0; 835 1.1 ryo 836 1.3.16.1 martin /* The VM host can queue multiple messages; continue without delay */ 837 1.3.16.1 martin delay = 0; 838 1.3.16.1 martin 839 1.1 ryo #ifdef VMT_DEBUG 840 1.1 ryo printf("vmware: received message '%s'\n", sc->sc_rpc_buf); 841 1.1 ryo #endif 842 1.1 ryo 843 1.3.16.1 martin if (vmt_tclo_process(sc, sc->sc_rpc_buf) != 0) { 844 1.3.16.1 martin if (vm_rpc_send_str(&sc->sc_tclo_rpc, 845 1.3.16.1 martin VM_RPC_REPLY_ERROR) != 0) { 846 1.3.16.1 martin device_printf(sc->sc_dev, 847 1.3.16.1 martin "error sending unknown command reply\n"); 848 1.1 ryo sc->sc_rpc_error = 1; 849 1.1 ryo } 850 1.3.16.1 martin } 851 1.1 ryo 852 1.3.16.1 martin if (sc->sc_rpc_error == 1) { 853 1.3.16.1 martin /* On error, give time to recover and wait a second */ 854 1.3.16.1 martin delay = 1; 855 1.1 ryo } 856 1.1 ryo 857 1.1 ryo out: 858 1.3.16.1 martin callout_schedule(&sc->sc_tclo_tick, hz * delay); 859 1.1 ryo } 860 1.1 ryo 861 1.1 ryo static void 862 1.1 ryo vm_cmd(struct vm_backdoor *frame) 863 1.1 ryo { 864 1.1 ryo BACKDOOR_OP(BACKDOOR_OP_CMD, frame); 865 1.1 ryo } 866 1.1 ryo 867 1.1 ryo static void 868 1.1 ryo vm_ins(struct vm_backdoor *frame) 869 1.1 ryo { 870 1.1 ryo BACKDOOR_OP(BACKDOOR_OP_IN, frame); 871 1.1 ryo } 872 1.1 ryo 873 1.1 ryo static void 874 1.1 ryo vm_outs(struct vm_backdoor *frame) 875 1.1 ryo { 876 1.1 ryo BACKDOOR_OP(BACKDOOR_OP_OUT, frame); 877 1.1 ryo } 878 1.1 ryo 879 1.1 ryo static int 880 1.1 ryo vm_rpc_open(struct vm_rpc *rpc, uint32_t proto) 881 1.1 ryo { 882 1.1 ryo struct vm_backdoor frame; 883 1.1 ryo 884 1.1 ryo memset(&frame, 0, sizeof(frame)); 885 1.3 ryo frame.eax = VM_MAGIC; 886 1.3 ryo frame.ebx = proto | VM_RPC_FLAG_COOKIE; 887 1.3 ryo frame.ecx = VM_REG_CMD_RPC(VM_RPC_OPEN); 888 1.3 ryo frame.edx = VM_REG_PORT_CMD(0); 889 1.1 ryo 890 1.1 ryo vm_cmd(&frame); 891 1.1 ryo 892 1.3 ryo if (__SHIFTOUT(frame.ecx, VM_REG_HIGH_MASK) != 1 || 893 1.3 ryo __SHIFTOUT(frame.edx, VM_REG_LOW_MASK) != 0) { 894 1.1 ryo /* open-vm-tools retries without VM_RPC_FLAG_COOKIE here.. */ 895 1.3 ryo printf("vmware: open failed, eax=%#"PRIxREGISTER 896 1.3 ryo ", ecx=%#"PRIxREGISTER", edx=%#"PRIxREGISTER"\n", 897 1.3 ryo frame.eax, frame.ecx, frame.edx); 898 1.1 ryo return EIO; 899 1.1 ryo } 900 1.1 ryo 901 1.3 ryo rpc->channel = __SHIFTOUT(frame.edx, VM_REG_HIGH_MASK); 902 1.3 ryo rpc->cookie1 = __SHIFTOUT(frame.esi, VM_REG_WORD_MASK); 903 1.3 ryo rpc->cookie2 = __SHIFTOUT(frame.edi, VM_REG_WORD_MASK); 904 1.1 ryo 905 1.1 ryo return 0; 906 1.1 ryo } 907 1.1 ryo 908 1.1 ryo static int 909 1.1 ryo vm_rpc_close(struct vm_rpc *rpc) 910 1.1 ryo { 911 1.1 ryo struct vm_backdoor frame; 912 1.1 ryo 913 1.1 ryo memset(&frame, 0, sizeof(frame)); 914 1.3 ryo frame.eax = VM_MAGIC; 915 1.3 ryo frame.ebx = 0; 916 1.3 ryo frame.ecx = VM_REG_CMD_RPC(VM_RPC_CLOSE); 917 1.3 ryo frame.edx = VM_REG_PORT_CMD(rpc->channel); 918 1.3 ryo frame.edi = rpc->cookie2; 919 1.3 ryo frame.esi = rpc->cookie1; 920 1.1 ryo 921 1.1 ryo vm_cmd(&frame); 922 1.1 ryo 923 1.3 ryo if (__SHIFTOUT(frame.ecx, VM_REG_HIGH_MASK) == 0 || 924 1.3 ryo __SHIFTOUT(frame.ecx, VM_REG_LOW_MASK) != 0) { 925 1.3 ryo printf("vmware: close failed, " 926 1.3 ryo "eax=%#"PRIxREGISTER", ecx=%#"PRIxREGISTER"\n", 927 1.3 ryo frame.eax, frame.ecx); 928 1.1 ryo return EIO; 929 1.1 ryo } 930 1.1 ryo 931 1.1 ryo rpc->channel = 0; 932 1.1 ryo rpc->cookie1 = 0; 933 1.1 ryo rpc->cookie2 = 0; 934 1.1 ryo 935 1.1 ryo return 0; 936 1.1 ryo } 937 1.1 ryo 938 1.1 ryo static int 939 1.1 ryo vm_rpc_send(const struct vm_rpc *rpc, const uint8_t *buf, uint32_t length) 940 1.1 ryo { 941 1.1 ryo struct vm_backdoor frame; 942 1.1 ryo 943 1.1 ryo /* Send the length of the command. */ 944 1.1 ryo memset(&frame, 0, sizeof(frame)); 945 1.3 ryo frame.eax = VM_MAGIC; 946 1.3 ryo frame.ebx = length; 947 1.3 ryo frame.ecx = VM_REG_CMD_RPC(VM_RPC_SET_LENGTH); 948 1.3 ryo frame.edx = VM_REG_PORT_CMD(rpc->channel); 949 1.3 ryo frame.esi = rpc->cookie1; 950 1.3 ryo frame.edi = rpc->cookie2; 951 1.1 ryo 952 1.1 ryo vm_cmd(&frame); 953 1.1 ryo 954 1.3 ryo if ((__SHIFTOUT(frame.ecx, VM_REG_HIGH_MASK) & VM_RPC_REPLY_SUCCESS) == 955 1.3 ryo 0) { 956 1.3 ryo printf("vmware: sending length failed, " 957 1.3 ryo "eax=%#"PRIxREGISTER", ecx=%#"PRIxREGISTER"\n", 958 1.3 ryo frame.eax, frame.ecx); 959 1.1 ryo return EIO; 960 1.1 ryo } 961 1.1 ryo 962 1.1 ryo if (length == 0) 963 1.1 ryo return 0; /* Only need to poke once if command is null. */ 964 1.1 ryo 965 1.1 ryo /* Send the command using enhanced RPC. */ 966 1.1 ryo memset(&frame, 0, sizeof(frame)); 967 1.3 ryo frame.eax = VM_MAGIC; 968 1.3 ryo frame.ebx = VM_RPC_ENH_DATA; 969 1.3 ryo frame.ecx = length; 970 1.3 ryo frame.edx = VM_REG_PORT_RPC(rpc->channel); 971 1.3 ryo frame.ebp = rpc->cookie1; 972 1.3 ryo frame.edi = rpc->cookie2; 973 1.3 ryo frame.esi = (register_t)buf; 974 1.1 ryo 975 1.1 ryo vm_outs(&frame); 976 1.1 ryo 977 1.3 ryo if (__SHIFTOUT(frame.ebx, VM_REG_WORD_MASK) != VM_RPC_ENH_DATA) { 978 1.1 ryo /* open-vm-tools retries on VM_RPC_REPLY_CHECKPOINT */ 979 1.3 ryo printf("vmware: send failed, ebx=%#"PRIxREGISTER"\n", 980 1.3 ryo frame.ebx); 981 1.1 ryo return EIO; 982 1.1 ryo } 983 1.1 ryo 984 1.1 ryo return 0; 985 1.1 ryo } 986 1.1 ryo 987 1.1 ryo static int 988 1.1 ryo vm_rpc_send_str(const struct vm_rpc *rpc, const uint8_t *str) 989 1.1 ryo { 990 1.1 ryo return vm_rpc_send(rpc, str, strlen(str)); 991 1.1 ryo } 992 1.1 ryo 993 1.1 ryo static int 994 1.1 ryo vm_rpc_get_data(const struct vm_rpc *rpc, char *data, uint32_t length, 995 1.1 ryo uint16_t dataid) 996 1.1 ryo { 997 1.1 ryo struct vm_backdoor frame; 998 1.1 ryo 999 1.1 ryo /* Get data using enhanced RPC. */ 1000 1.1 ryo memset(&frame, 0, sizeof(frame)); 1001 1.3 ryo frame.eax = VM_MAGIC; 1002 1.3 ryo frame.ebx = VM_RPC_ENH_DATA; 1003 1.3 ryo frame.ecx = length; 1004 1.3 ryo frame.edx = VM_REG_PORT_RPC(rpc->channel); 1005 1.3 ryo frame.esi = rpc->cookie1; 1006 1.3 ryo frame.edi = (register_t)data; 1007 1.3 ryo frame.ebp = rpc->cookie2; 1008 1.1 ryo 1009 1.1 ryo vm_ins(&frame); 1010 1.1 ryo 1011 1.1 ryo /* NUL-terminate the data */ 1012 1.1 ryo data[length] = '\0'; 1013 1.1 ryo 1014 1.3 ryo if (__SHIFTOUT(frame.ebx, VM_REG_WORD_MASK) != VM_RPC_ENH_DATA) { 1015 1.3 ryo printf("vmware: get data failed, ebx=%#"PRIxREGISTER"\n", 1016 1.3 ryo frame.ebx); 1017 1.1 ryo return EIO; 1018 1.1 ryo } 1019 1.1 ryo 1020 1.1 ryo /* Acknowledge data received. */ 1021 1.1 ryo memset(&frame, 0, sizeof(frame)); 1022 1.3 ryo frame.eax = VM_MAGIC; 1023 1.3 ryo frame.ebx = dataid; 1024 1.3 ryo frame.ecx = VM_REG_CMD_RPC(VM_RPC_GET_END); 1025 1.3 ryo frame.edx = VM_REG_PORT_CMD(rpc->channel); 1026 1.3 ryo frame.esi = rpc->cookie1; 1027 1.3 ryo frame.edi = rpc->cookie2; 1028 1.1 ryo 1029 1.1 ryo vm_cmd(&frame); 1030 1.1 ryo 1031 1.3 ryo if (__SHIFTOUT(frame.ecx, VM_REG_HIGH_MASK) == 0) { 1032 1.3 ryo printf("vmware: ack data failed, " 1033 1.3 ryo "eax=%#"PRIxREGISTER", ecx=%#"PRIxREGISTER"\n", 1034 1.3 ryo frame.eax, frame.ecx); 1035 1.1 ryo return EIO; 1036 1.1 ryo } 1037 1.1 ryo 1038 1.1 ryo return 0; 1039 1.1 ryo } 1040 1.1 ryo 1041 1.1 ryo static int 1042 1.1 ryo vm_rpc_get_length(const struct vm_rpc *rpc, uint32_t *length, uint16_t *dataid) 1043 1.1 ryo { 1044 1.1 ryo struct vm_backdoor frame; 1045 1.1 ryo 1046 1.1 ryo memset(&frame, 0, sizeof(frame)); 1047 1.3 ryo frame.eax = VM_MAGIC; 1048 1.3 ryo frame.ebx = 0; 1049 1.3 ryo frame.ecx = VM_REG_CMD_RPC(VM_RPC_GET_LENGTH); 1050 1.3 ryo frame.edx = VM_REG_PORT_CMD(rpc->channel); 1051 1.3 ryo frame.esi = rpc->cookie1; 1052 1.3 ryo frame.edi = rpc->cookie2; 1053 1.1 ryo 1054 1.1 ryo vm_cmd(&frame); 1055 1.1 ryo 1056 1.3 ryo if ((__SHIFTOUT(frame.ecx, VM_REG_HIGH_MASK) & VM_RPC_REPLY_SUCCESS) == 1057 1.3 ryo 0) { 1058 1.3 ryo printf("vmware: get length failed, " 1059 1.3 ryo "eax=%#"PRIxREGISTER", ecx=%#"PRIxREGISTER"\n", 1060 1.3 ryo frame.eax, frame.ecx); 1061 1.1 ryo return EIO; 1062 1.1 ryo } 1063 1.3 ryo if ((__SHIFTOUT(frame.ecx, VM_REG_HIGH_MASK) & VM_RPC_REPLY_DORECV) == 1064 1.3 ryo 0) { 1065 1.1 ryo *length = 0; 1066 1.1 ryo *dataid = 0; 1067 1.1 ryo } else { 1068 1.3 ryo *length = __SHIFTOUT(frame.ebx, VM_REG_WORD_MASK); 1069 1.3 ryo *dataid = __SHIFTOUT(frame.edx, VM_REG_HIGH_MASK); 1070 1.1 ryo } 1071 1.1 ryo 1072 1.1 ryo return 0; 1073 1.1 ryo } 1074 1.1 ryo 1075 1.1 ryo static int 1076 1.1 ryo vm_rpci_response_successful(struct vmt_softc *sc) 1077 1.1 ryo { 1078 1.1 ryo return (sc->sc_rpc_buf[0] == '1' && sc->sc_rpc_buf[1] == ' '); 1079 1.1 ryo } 1080 1.1 ryo 1081 1.1 ryo static int 1082 1.3.16.1 martin vm_rpc_send_rpci_tx_buf(struct vmt_softc *sc, const uint8_t *buf, 1083 1.3.16.1 martin uint32_t length) 1084 1.1 ryo { 1085 1.1 ryo struct vm_rpc rpci; 1086 1.1 ryo u_int32_t rlen; 1087 1.1 ryo u_int16_t ack; 1088 1.1 ryo int result = 0; 1089 1.1 ryo 1090 1.1 ryo if (vm_rpc_open(&rpci, VM_RPC_OPEN_RPCI) != 0) { 1091 1.1 ryo device_printf(sc->sc_dev, "rpci channel open failed\n"); 1092 1.1 ryo return EIO; 1093 1.1 ryo } 1094 1.1 ryo 1095 1.1 ryo if (vm_rpc_send(&rpci, sc->sc_rpc_buf, length) != 0) { 1096 1.1 ryo device_printf(sc->sc_dev, "unable to send rpci command\n"); 1097 1.1 ryo result = EIO; 1098 1.1 ryo goto out; 1099 1.1 ryo } 1100 1.1 ryo 1101 1.1 ryo if (vm_rpc_get_length(&rpci, &rlen, &ack) != 0) { 1102 1.3.16.1 martin device_printf(sc->sc_dev, 1103 1.3.16.1 martin "failed to get length of rpci response data\n"); 1104 1.1 ryo result = EIO; 1105 1.1 ryo goto out; 1106 1.1 ryo } 1107 1.1 ryo 1108 1.1 ryo if (rlen > 0) { 1109 1.1 ryo if (rlen >= VMT_RPC_BUFLEN) { 1110 1.1 ryo rlen = VMT_RPC_BUFLEN - 1; 1111 1.1 ryo } 1112 1.1 ryo 1113 1.1 ryo if (vm_rpc_get_data(&rpci, sc->sc_rpc_buf, rlen, ack) != 0) { 1114 1.3.16.1 martin device_printf(sc->sc_dev, 1115 1.3.16.1 martin "failed to get rpci response data\n"); 1116 1.1 ryo result = EIO; 1117 1.1 ryo goto out; 1118 1.1 ryo } 1119 1.1 ryo } 1120 1.1 ryo 1121 1.1 ryo out: 1122 1.1 ryo if (vm_rpc_close(&rpci) != 0) { 1123 1.1 ryo device_printf(sc->sc_dev, "unable to close rpci channel\n"); 1124 1.1 ryo } 1125 1.1 ryo 1126 1.1 ryo return result; 1127 1.1 ryo } 1128 1.1 ryo 1129 1.1 ryo static int 1130 1.1 ryo vm_rpc_send_rpci_tx(struct vmt_softc *sc, const char *fmt, ...) 1131 1.1 ryo { 1132 1.1 ryo va_list args; 1133 1.1 ryo int len; 1134 1.1 ryo 1135 1.1 ryo va_start(args, fmt); 1136 1.1 ryo len = vsnprintf(sc->sc_rpc_buf, VMT_RPC_BUFLEN, fmt, args); 1137 1.1 ryo va_end(args); 1138 1.1 ryo 1139 1.1 ryo if (len >= VMT_RPC_BUFLEN) { 1140 1.3.16.1 martin device_printf(sc->sc_dev, 1141 1.3.16.1 martin "rpci command didn't fit in buffer\n"); 1142 1.1 ryo return EIO; 1143 1.1 ryo } 1144 1.1 ryo 1145 1.1 ryo return vm_rpc_send_rpci_tx_buf(sc, sc->sc_rpc_buf, len); 1146 1.1 ryo } 1147 1.1 ryo 1148 1.1 ryo #if 0 1149 1.1 ryo struct vm_backdoor frame; 1150 1.1 ryo 1151 1.1 ryo memset(&frame, 0, sizeof(frame)); 1152 1.1 ryo 1153 1.3 ryo frame.eax = VM_MAGIC; 1154 1.3 ryo frame.ecx = VM_CMD_GET_VERSION; 1155 1.3 ryo frame.edx = VM_PORT_CMD; 1156 1.1 ryo 1157 1.1 ryo printf("\n"); 1158 1.3 ryo printf("eax %#"PRIxREGISTER"\n", frame.eax); 1159 1.3 ryo printf("ebx %#"PRIxREGISTER"\n", frame.ebx); 1160 1.3 ryo printf("ecx %#"PRIxREGISTER"\n", frame.ecx); 1161 1.3 ryo printf("edx %#"PRIxREGISTER"\n", frame.edx) 1162 1.3 ryo printf("ebp %#"PRIxREGISTER"\n", frame.ebp); 1163 1.3 ryo printf("edi %#"PRIxREGISTER"\n", frame.edi); 1164 1.3 ryo printf("esi %#"PRIxREGISTER"\n", frame.esi); 1165 1.1 ryo 1166 1.1 ryo vm_cmd(&frame); 1167 1.1 ryo 1168 1.1 ryo printf("-\n"); 1169 1.3 ryo printf("eax %#"PRIxREGISTER"\n", frame.eax); 1170 1.3 ryo printf("ebx %#"PRIxREGISTER"\n", frame.ebx); 1171 1.3 ryo printf("ecx %#"PRIxREGISTER"\n", frame.ecx); 1172 1.3 ryo printf("edx %#"PRIxREGISTER"\n", frame.edx); 1173 1.3 ryo printf("ebp %#"PRIxREGISTER"\n", frame.ebp); 1174 1.3 ryo printf("edi %#"PRIxREGISTER"\n", frame.edi); 1175 1.3 ryo printf("esi %#"PRIxREGISTER"\n", frame.esi); 1176 1.1 ryo #endif 1177 1.1 ryo 1178 1.1 ryo /* 1179 1.1 ryo * Notes on tracing backdoor activity in vmware-guestd: 1180 1.1 ryo * 1181 1.1 ryo * - Find the addresses of the inl / rep insb / rep outsb 1182 1.1 ryo * instructions used to perform backdoor operations. 1183 1.1 ryo * One way to do this is to disassemble vmware-guestd: 1184 1.1 ryo * 1185 1.1 ryo * $ objdump -S /emul/freebsd/sbin/vmware-guestd > vmware-guestd.S 1186 1.1 ryo * 1187 1.1 ryo * and search for '<tab>in ' in the resulting file. The rep insb and 1188 1.1 ryo * rep outsb code is directly below that. 1189 1.1 ryo * 1190 1.1 ryo * - Run vmware-guestd under gdb, setting up breakpoints as follows: 1191 1.1 ryo * (the addresses shown here are the ones from VMware-server-1.0.10-203137, 1192 1.1 ryo * the last version that actually works in FreeBSD emulation on OpenBSD) 1193 1.1 ryo * 1194 1.1 ryo * break *0x805497b (address of 'in' instruction) 1195 1.1 ryo * commands 1 1196 1.1 ryo * silent 1197 1.1 ryo * echo INOUT\n 1198 1.1 ryo * print/x $ecx 1199 1.1 ryo * print/x $ebx 1200 1.1 ryo * print/x $edx 1201 1.1 ryo * continue 1202 1.1 ryo * end 1203 1.1 ryo * break *0x805497c (address of instruction after 'in') 1204 1.1 ryo * commands 2 1205 1.1 ryo * silent 1206 1.1 ryo * echo ===\n 1207 1.1 ryo * print/x $ecx 1208 1.1 ryo * print/x $ebx 1209 1.1 ryo * print/x $edx 1210 1.1 ryo * echo \n 1211 1.1 ryo * continue 1212 1.1 ryo * end 1213 1.1 ryo * break *0x80549b7 (address of instruction before 'rep insb') 1214 1.1 ryo * commands 3 1215 1.1 ryo * silent 1216 1.1 ryo * set variable $inaddr = $edi 1217 1.1 ryo * set variable $incount = $ecx 1218 1.1 ryo * continue 1219 1.1 ryo * end 1220 1.1 ryo * break *0x80549ba (address of instruction after 'rep insb') 1221 1.1 ryo * commands 4 1222 1.1 ryo * silent 1223 1.1 ryo * echo IN\n 1224 1.1 ryo * print $incount 1225 1.1 ryo * x/s $inaddr 1226 1.1 ryo * echo \n 1227 1.1 ryo * continue 1228 1.1 ryo * end 1229 1.1 ryo * break *0x80549fb (address of instruction before 'rep outsb') 1230 1.1 ryo * commands 5 1231 1.1 ryo * silent 1232 1.1 ryo * echo OUT\n 1233 1.1 ryo * print $ecx 1234 1.1 ryo * x/s $esi 1235 1.1 ryo * echo \n 1236 1.1 ryo * continue 1237 1.1 ryo * end 1238 1.1 ryo * 1239 1.1 ryo * This will produce a log of the backdoor operations, including the 1240 1.1 ryo * data sent and received and the relevant register values. You can then 1241 1.1 ryo * match the register values to the various constants in this file. 1242 1.1 ryo */ 1243
Indexes created Wed Oct 01 18:09:54 GMT 2025