]> git.proxmox.com Git - mirror_qemu.git/blob - hw/display/virtio-gpu.c
projects / mirror_qemu.git / blob
? search:


506cda944d419c37cb48924f26792e74c905669d
[mirror_qemu.git] / hw / display / virtio-gpu.c
1 /*
2 * Virtio GPU Device
3 *
4 * Copyright Red Hat, Inc. 2013-2014
5 *
6 * Authors:
7 * Dave Airlie <airlied@redhat.com>
8 * Gerd Hoffmann <kraxel@redhat.com>
9 *
10 * This work is licensed under the terms of the GNU GPL, version 2 or later.
11 * See the COPYING file in the top-level directory.
12 */
13
14 #include "qemu/osdep.h"
15 #include "qemu/units.h"
16 #include "qemu/iov.h"
17 #include "ui/console.h"
18 #include "trace.h"
19 #include "sysemu/dma.h"
20 #include "sysemu/sysemu.h"
21 #include "hw/virtio/virtio.h"
22 #include "migration/qemu-file-types.h"
23 #include "hw/virtio/virtio-gpu.h"
24 #include "hw/virtio/virtio-gpu-bswap.h"
25 #include "hw/virtio/virtio-gpu-pixman.h"
26 #include "hw/virtio/virtio-bus.h"
27 #include "hw/display/edid.h"
28 #include "hw/qdev-properties.h"
29 #include "qemu/log.h"
30 #include "qemu/module.h"
31 #include "qapi/error.h"
32 #include "qemu/error-report.h"
33
34 #define VIRTIO_GPU_VM_VERSION 1
35
36 static struct virtio_gpu_simple_resource*
37 virtio_gpu_find_resource(VirtIOGPU *g, uint32_t resource_id);
38 static struct virtio_gpu_simple_resource *
39 virtio_gpu_find_check_resource(VirtIOGPU *g, uint32_t resource_id,
40 bool require_backing,
41 const char *caller, uint32_t *error);
42
43 static void virtio_gpu_cleanup_mapping(VirtIOGPU *g,
44 struct virtio_gpu_simple_resource *res);
45
46 void virtio_gpu_update_cursor_data(VirtIOGPU *g,
47 struct virtio_gpu_scanout *s,
48 uint32_t resource_id)
49 {
50 struct virtio_gpu_simple_resource *res;
51 uint32_t pixels;
52 void *data;
53
54 res = virtio_gpu_find_check_resource(g, resource_id, false,
55 __func__, NULL);
56 if (!res) {
57 return;
58 }
59
60 if (res->blob_size) {
61 if (res->blob_size < (s->current_cursor->width *
62 s->current_cursor->height * 4)) {
63 return;
64 }
65 data = res->blob;
66 } else {
67 if (pixman_image_get_width(res->image) != s->current_cursor->width ||
68 pixman_image_get_height(res->image) != s->current_cursor->height) {
69 return;
70 }
71 data = pixman_image_get_data(res->image);
72 }
73
74 pixels = s->current_cursor->width * s->current_cursor->height;
75 memcpy(s->current_cursor->data, data,
76 pixels * sizeof(uint32_t));
77 }
78
79 static void update_cursor(VirtIOGPU *g, struct virtio_gpu_update_cursor *cursor)
80 {
81 struct virtio_gpu_scanout *s;
82 VirtIOGPUClass *vgc = VIRTIO_GPU_GET_CLASS(g);
83 bool move = cursor->hdr.type == VIRTIO_GPU_CMD_MOVE_CURSOR;
84
85 if (cursor->pos.scanout_id >= g->parent_obj.conf.max_outputs) {
86 return;
87 }
88 s = &g->parent_obj.scanout[cursor->pos.scanout_id];
89
90 trace_virtio_gpu_update_cursor(cursor->pos.scanout_id,
91 cursor->pos.x,
92 cursor->pos.y,
93 move ? "move" : "update",
94 cursor->resource_id);
95
96 if (!move) {
97 if (!s->current_cursor) {
98 s->current_cursor = cursor_alloc(64, 64);
99 }
100
101 s->current_cursor->hot_x = cursor->hot_x;
102 s->current_cursor->hot_y = cursor->hot_y;
103
104 if (cursor->resource_id > 0) {
105 vgc->update_cursor_data(g, s, cursor->resource_id);
106 }
107 dpy_cursor_define(s->con, s->current_cursor);
108
109 s->cursor = *cursor;
110 } else {
111 s->cursor.pos.x = cursor->pos.x;
112 s->cursor.pos.y = cursor->pos.y;
113 }
114 dpy_mouse_set(s->con, cursor->pos.x, cursor->pos.y,
115 cursor->resource_id ? 1 : 0);
116 }
117
118 static struct virtio_gpu_simple_resource *
119 virtio_gpu_find_resource(VirtIOGPU *g, uint32_t resource_id)
120 {
121 struct virtio_gpu_simple_resource *res;
122
123 QTAILQ_FOREACH(res, &g->reslist, next) {
124 if (res->resource_id == resource_id) {
125 return res;
126 }
127 }
128 return NULL;
129 }
130
131 static struct virtio_gpu_simple_resource *
132 virtio_gpu_find_check_resource(VirtIOGPU *g, uint32_t resource_id,
133 bool require_backing,
134 const char *caller, uint32_t *error)
135 {
136 struct virtio_gpu_simple_resource *res;
137
138 res = virtio_gpu_find_resource(g, resource_id);
139 if (!res) {
140 qemu_log_mask(LOG_GUEST_ERROR, "%s: invalid resource specified %d\n",
141 caller, resource_id);
142 if (error) {
143 *error = VIRTIO_GPU_RESP_ERR_INVALID_RESOURCE_ID;
144 }
145 return NULL;
146 }
147
148 if (require_backing) {
149 if (!res->iov || (!res->image && !res->blob)) {
150 qemu_log_mask(LOG_GUEST_ERROR, "%s: no backing storage %d\n",
151 caller, resource_id);
152 if (error) {
153 *error = VIRTIO_GPU_RESP_ERR_UNSPEC;
154 }
155 return NULL;
156 }
157 }
158
159 return res;
160 }
161
162 void virtio_gpu_ctrl_response(VirtIOGPU *g,
163 struct virtio_gpu_ctrl_command *cmd,
164 struct virtio_gpu_ctrl_hdr *resp,
165 size_t resp_len)
166 {
167 size_t s;
168
169 if (cmd->cmd_hdr.flags & VIRTIO_GPU_FLAG_FENCE) {
170 resp->flags |= VIRTIO_GPU_FLAG_FENCE;
171 resp->fence_id = cmd->cmd_hdr.fence_id;
172 resp->ctx_id = cmd->cmd_hdr.ctx_id;
173 }
174 virtio_gpu_ctrl_hdr_bswap(resp);
175 s = iov_from_buf(cmd->elem.in_sg, cmd->elem.in_num, 0, resp, resp_len);
176 if (s != resp_len) {
177 qemu_log_mask(LOG_GUEST_ERROR,
178 "%s: response size incorrect %zu vs %zu\n",
179 __func__, s, resp_len);
180 }
181 virtqueue_push(cmd->vq, &cmd->elem, s);
182 virtio_notify(VIRTIO_DEVICE(g), cmd->vq);
183 cmd->finished = true;
184 }
185
186 void virtio_gpu_ctrl_response_nodata(VirtIOGPU *g,
187 struct virtio_gpu_ctrl_command *cmd,
188 enum virtio_gpu_ctrl_type type)
189 {
190 struct virtio_gpu_ctrl_hdr resp;
191
192 memset(&resp, 0, sizeof(resp));
193 resp.type = type;
194 virtio_gpu_ctrl_response(g, cmd, &resp, sizeof(resp));
195 }
196
197 void virtio_gpu_get_display_info(VirtIOGPU *g,
198 struct virtio_gpu_ctrl_command *cmd)
199 {
200 struct virtio_gpu_resp_display_info display_info;
201
202 trace_virtio_gpu_cmd_get_display_info();
203 memset(&display_info, 0, sizeof(display_info));
204 display_info.hdr.type = VIRTIO_GPU_RESP_OK_DISPLAY_INFO;
205 virtio_gpu_base_fill_display_info(VIRTIO_GPU_BASE(g), &display_info);
206 virtio_gpu_ctrl_response(g, cmd, &display_info.hdr,
207 sizeof(display_info));
208 }
209
210 static void
211 virtio_gpu_generate_edid(VirtIOGPU *g, int scanout,
212 struct virtio_gpu_resp_edid *edid)
213 {
214 VirtIOGPUBase *b = VIRTIO_GPU_BASE(g);
215 qemu_edid_info info = {
216 .width_mm = b->req_state[scanout].width_mm,
217 .height_mm = b->req_state[scanout].height_mm,
218 .prefx = b->req_state[scanout].width,
219 .prefy = b->req_state[scanout].height,
220 .refresh_rate = b->req_state[scanout].refresh_rate,
221 };
222
223 edid->size = cpu_to_le32(sizeof(edid->edid));
224 qemu_edid_generate(edid->edid, sizeof(edid->edid), &info);
225 }
226
227 void virtio_gpu_get_edid(VirtIOGPU *g,
228 struct virtio_gpu_ctrl_command *cmd)
229 {
230 struct virtio_gpu_resp_edid edid;
231 struct virtio_gpu_cmd_get_edid get_edid;
232 VirtIOGPUBase *b = VIRTIO_GPU_BASE(g);
233
234 VIRTIO_GPU_FILL_CMD(get_edid);
235 virtio_gpu_bswap_32(&get_edid, sizeof(get_edid));
236
237 if (get_edid.scanout >= b->conf.max_outputs) {
238 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_PARAMETER;
239 return;
240 }
241
242 trace_virtio_gpu_cmd_get_edid(get_edid.scanout);
243 memset(&edid, 0, sizeof(edid));
244 edid.hdr.type = VIRTIO_GPU_RESP_OK_EDID;
245 virtio_gpu_generate_edid(g, get_edid.scanout, &edid);
246 virtio_gpu_ctrl_response(g, cmd, &edid.hdr, sizeof(edid));
247 }
248
249 static uint32_t calc_image_hostmem(pixman_format_code_t pformat,
250 uint32_t width, uint32_t height)
251 {
252 /* Copied from pixman/pixman-bits-image.c, skip integer overflow check.
253 * pixman_image_create_bits will fail in case it overflow.
254 */
255
256 int bpp = PIXMAN_FORMAT_BPP(pformat);
257 int stride = ((width * bpp + 0x1f) >> 5) * sizeof(uint32_t);
258 return height * stride;
259 }
260
261 static void virtio_gpu_resource_create_2d(VirtIOGPU *g,
262 struct virtio_gpu_ctrl_command *cmd)
263 {
264 pixman_format_code_t pformat;
265 struct virtio_gpu_simple_resource *res;
266 struct virtio_gpu_resource_create_2d c2d;
267
268 VIRTIO_GPU_FILL_CMD(c2d);
269 virtio_gpu_bswap_32(&c2d, sizeof(c2d));
270 trace_virtio_gpu_cmd_res_create_2d(c2d.resource_id, c2d.format,
271 c2d.width, c2d.height);
272
273 if (c2d.resource_id == 0) {
274 qemu_log_mask(LOG_GUEST_ERROR, "%s: resource id 0 is not allowed\n",
275 __func__);
276 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_RESOURCE_ID;
277 return;
278 }
279
280 res = virtio_gpu_find_resource(g, c2d.resource_id);
281 if (res) {
282 qemu_log_mask(LOG_GUEST_ERROR, "%s: resource already exists %d\n",
283 __func__, c2d.resource_id);
284 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_RESOURCE_ID;
285 return;
286 }
287
288 res = g_new0(struct virtio_gpu_simple_resource, 1);
289
290 res->width = c2d.width;
291 res->height = c2d.height;
292 res->format = c2d.format;
293 res->resource_id = c2d.resource_id;
294
295 pformat = virtio_gpu_get_pixman_format(c2d.format);
296 if (!pformat) {
297 qemu_log_mask(LOG_GUEST_ERROR,
298 "%s: host couldn't handle guest format %d\n",
299 __func__, c2d.format);
300 g_free(res);
301 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_PARAMETER;
302 return;
303 }
304
305 res->hostmem = calc_image_hostmem(pformat, c2d.width, c2d.height);
306 if (res->hostmem + g->hostmem < g->conf_max_hostmem) {
307 res->image = pixman_image_create_bits(pformat,
308 c2d.width,
309 c2d.height,
310 NULL, 0);
311 }
312
313 if (!res->image) {
314 qemu_log_mask(LOG_GUEST_ERROR,
315 "%s: resource creation failed %d %d %d\n",
316 __func__, c2d.resource_id, c2d.width, c2d.height);
317 g_free(res);
318 cmd->error = VIRTIO_GPU_RESP_ERR_OUT_OF_MEMORY;
319 return;
320 }
321
322 QTAILQ_INSERT_HEAD(&g->reslist, res, next);
323 g->hostmem += res->hostmem;
324 }
325
326 static void virtio_gpu_resource_create_blob(VirtIOGPU *g,
327 struct virtio_gpu_ctrl_command *cmd)
328 {
329 struct virtio_gpu_simple_resource *res;
330 struct virtio_gpu_resource_create_blob cblob;
331 int ret;
332
333 VIRTIO_GPU_FILL_CMD(cblob);
334 virtio_gpu_create_blob_bswap(&cblob);
335 trace_virtio_gpu_cmd_res_create_blob(cblob.resource_id, cblob.size);
336
337 if (cblob.resource_id == 0) {
338 qemu_log_mask(LOG_GUEST_ERROR, "%s: resource id 0 is not allowed\n",
339 __func__);
340 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_RESOURCE_ID;
341 return;
342 }
343
344 if (cblob.blob_mem != VIRTIO_GPU_BLOB_MEM_GUEST &&
345 cblob.blob_flags != VIRTIO_GPU_BLOB_FLAG_USE_SHAREABLE) {
346 qemu_log_mask(LOG_GUEST_ERROR, "%s: invalid memory type\n",
347 __func__);
348 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_PARAMETER;
349 return;
350 }
351
352 if (virtio_gpu_find_resource(g, cblob.resource_id)) {
353 qemu_log_mask(LOG_GUEST_ERROR, "%s: resource already exists %d\n",
354 __func__, cblob.resource_id);
355 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_RESOURCE_ID;
356 return;
357 }
358
359 res = g_new0(struct virtio_gpu_simple_resource, 1);
360 res->resource_id = cblob.resource_id;
361 res->blob_size = cblob.size;
362
363 ret = virtio_gpu_create_mapping_iov(g, cblob.nr_entries, sizeof(cblob),
364 cmd, &res->addrs, &res->iov,
365 &res->iov_cnt);
366 if (ret != 0) {
367 cmd->error = VIRTIO_GPU_RESP_ERR_UNSPEC;
368 g_free(res);
369 return;
370 }
371
372 virtio_gpu_init_udmabuf(res);
373 QTAILQ_INSERT_HEAD(&g->reslist, res, next);
374 }
375
376 static void virtio_gpu_disable_scanout(VirtIOGPU *g, int scanout_id)
377 {
378 struct virtio_gpu_scanout *scanout = &g->parent_obj.scanout[scanout_id];
379 struct virtio_gpu_simple_resource *res;
380
381 if (scanout->resource_id == 0) {
382 return;
383 }
384
385 res = virtio_gpu_find_resource(g, scanout->resource_id);
386 if (res) {
387 res->scanout_bitmask &= ~(1 << scanout_id);
388 }
389
390 dpy_gfx_replace_surface(scanout->con, NULL);
391 scanout->resource_id = 0;
392 scanout->ds = NULL;
393 scanout->width = 0;
394 scanout->height = 0;
395 }
396
397 static void virtio_gpu_resource_destroy(VirtIOGPU *g,
398 struct virtio_gpu_simple_resource *res)
399 {
400 int i;
401
402 if (res->scanout_bitmask) {
403 for (i = 0; i < g->parent_obj.conf.max_outputs; i++) {
404 if (res->scanout_bitmask & (1 << i)) {
405 virtio_gpu_disable_scanout(g, i);
406 }
407 }
408 }
409
410 qemu_pixman_image_unref(res->image);
411 virtio_gpu_cleanup_mapping(g, res);
412 QTAILQ_REMOVE(&g->reslist, res, next);
413 g->hostmem -= res->hostmem;
414 g_free(res);
415 }
416
417 static void virtio_gpu_resource_unref(VirtIOGPU *g,
418 struct virtio_gpu_ctrl_command *cmd)
419 {
420 struct virtio_gpu_simple_resource *res;
421 struct virtio_gpu_resource_unref unref;
422
423 VIRTIO_GPU_FILL_CMD(unref);
424 virtio_gpu_bswap_32(&unref, sizeof(unref));
425 trace_virtio_gpu_cmd_res_unref(unref.resource_id);
426
427 res = virtio_gpu_find_resource(g, unref.resource_id);
428 if (!res) {
429 qemu_log_mask(LOG_GUEST_ERROR, "%s: illegal resource specified %d\n",
430 __func__, unref.resource_id);
431 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_RESOURCE_ID;
432 return;
433 }
434 virtio_gpu_resource_destroy(g, res);
435 }
436
437 static void virtio_gpu_transfer_to_host_2d(VirtIOGPU *g,
438 struct virtio_gpu_ctrl_command *cmd)
439 {
440 struct virtio_gpu_simple_resource *res;
441 int h, bpp;
442 uint32_t src_offset, dst_offset, stride;
443 pixman_format_code_t format;
444 struct virtio_gpu_transfer_to_host_2d t2d;
445 void *img_data;
446
447 VIRTIO_GPU_FILL_CMD(t2d);
448 virtio_gpu_t2d_bswap(&t2d);
449 trace_virtio_gpu_cmd_res_xfer_toh_2d(t2d.resource_id);
450
451 res = virtio_gpu_find_check_resource(g, t2d.resource_id, true,
452 __func__, &cmd->error);
453 if (!res || res->blob) {
454 return;
455 }
456
457 if (t2d.r.x > res->width ||
458 t2d.r.y > res->height ||
459 t2d.r.width > res->width ||
460 t2d.r.height > res->height ||
461 t2d.r.x + t2d.r.width > res->width ||
462 t2d.r.y + t2d.r.height > res->height) {
463 qemu_log_mask(LOG_GUEST_ERROR, "%s: transfer bounds outside resource"
464 " bounds for resource %d: %d %d %d %d vs %d %d\n",
465 __func__, t2d.resource_id, t2d.r.x, t2d.r.y,
466 t2d.r.width, t2d.r.height, res->width, res->height);
467 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_PARAMETER;
468 return;
469 }
470
471 format = pixman_image_get_format(res->image);
472 bpp = DIV_ROUND_UP(PIXMAN_FORMAT_BPP(format), 8);
473 stride = pixman_image_get_stride(res->image);
474 img_data = pixman_image_get_data(res->image);
475
476 if (t2d.r.x || t2d.r.width != pixman_image_get_width(res->image)) {
477 for (h = 0; h < t2d.r.height; h++) {
478 src_offset = t2d.offset + stride * h;
479 dst_offset = (t2d.r.y + h) * stride + (t2d.r.x * bpp);
480
481 iov_to_buf(res->iov, res->iov_cnt, src_offset,
482 (uint8_t *)img_data + dst_offset,
483 t2d.r.width * bpp);
484 }
485 } else {
486 src_offset = t2d.offset;
487 dst_offset = t2d.r.y * stride + t2d.r.x * bpp;
488 iov_to_buf(res->iov, res->iov_cnt, src_offset,
489 (uint8_t *)img_data + dst_offset,
490 stride * t2d.r.height);
491 }
492 }
493
494 static void virtio_gpu_resource_flush(VirtIOGPU *g,
495 struct virtio_gpu_ctrl_command *cmd)
496 {
497 struct virtio_gpu_simple_resource *res;
498 struct virtio_gpu_resource_flush rf;
499 struct virtio_gpu_scanout *scanout;
500 pixman_region16_t flush_region;
501 bool within_bounds = false;
502 bool update_submitted = false;
503 int i;
504
505 VIRTIO_GPU_FILL_CMD(rf);
506 virtio_gpu_bswap_32(&rf, sizeof(rf));
507 trace_virtio_gpu_cmd_res_flush(rf.resource_id,
508 rf.r.width, rf.r.height, rf.r.x, rf.r.y);
509
510 res = virtio_gpu_find_check_resource(g, rf.resource_id, false,
511 __func__, &cmd->error);
512 if (!res) {
513 return;
514 }
515
516 if (res->blob) {
517 for (i = 0; i < g->parent_obj.conf.max_outputs; i++) {
518 scanout = &g->parent_obj.scanout[i];
519 if (scanout->resource_id == res->resource_id &&
520 rf.r.x < scanout->x + scanout->width &&
521 rf.r.x + rf.r.width >= scanout->x &&
522 rf.r.y < scanout->y + scanout->height &&
523 rf.r.y + rf.r.height >= scanout->y) {
524 within_bounds = true;
525
526 if (console_has_gl(scanout->con)) {
527 dpy_gl_update(scanout->con, 0, 0, scanout->width,
528 scanout->height);
529 update_submitted = true;
530 }
531 }
532 }
533
534 if (update_submitted) {
535 return;
536 }
537 if (!within_bounds) {
538 qemu_log_mask(LOG_GUEST_ERROR, "%s: flush bounds outside scanouts"
539 " bounds for flush %d: %d %d %d %d\n",
540 __func__, rf.resource_id, rf.r.x, rf.r.y,
541 rf.r.width, rf.r.height);
542 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_PARAMETER;
543 return;
544 }
545 }
546
547 if (!res->blob &&
548 (rf.r.x > res->width ||
549 rf.r.y > res->height ||
550 rf.r.width > res->width ||
551 rf.r.height > res->height ||
552 rf.r.x + rf.r.width > res->width ||
553 rf.r.y + rf.r.height > res->height)) {
554 qemu_log_mask(LOG_GUEST_ERROR, "%s: flush bounds outside resource"
555 " bounds for resource %d: %d %d %d %d vs %d %d\n",
556 __func__, rf.resource_id, rf.r.x, rf.r.y,
557 rf.r.width, rf.r.height, res->width, res->height);
558 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_PARAMETER;
559 return;
560 }
561
562 pixman_region_init_rect(&flush_region,
563 rf.r.x, rf.r.y, rf.r.width, rf.r.height);
564 for (i = 0; i < g->parent_obj.conf.max_outputs; i++) {
565 pixman_region16_t region, finalregion;
566 pixman_box16_t *extents;
567
568 if (!(res->scanout_bitmask & (1 << i))) {
569 continue;
570 }
571 scanout = &g->parent_obj.scanout[i];
572
573 pixman_region_init(&finalregion);
574 pixman_region_init_rect(&region, scanout->x, scanout->y,
575 scanout->width, scanout->height);
576
577 pixman_region_intersect(&finalregion, &flush_region, &region);
578 pixman_region_translate(&finalregion, -scanout->x, -scanout->y);
579 extents = pixman_region_extents(&finalregion);
580 /* work out the area we need to update for each console */
581 dpy_gfx_update(g->parent_obj.scanout[i].con,
582 extents->x1, extents->y1,
583 extents->x2 - extents->x1,
584 extents->y2 - extents->y1);
585
586 pixman_region_fini(&region);
587 pixman_region_fini(&finalregion);
588 }
589 pixman_region_fini(&flush_region);
590 }
591
592 static void virtio_unref_resource(pixman_image_t *image, void *data)
593 {
594 pixman_image_unref(data);
595 }
596
597 static void virtio_gpu_update_scanout(VirtIOGPU *g,
598 uint32_t scanout_id,
599 struct virtio_gpu_simple_resource *res,
600 struct virtio_gpu_rect *r)
601 {
602 struct virtio_gpu_simple_resource *ores;
603 struct virtio_gpu_scanout *scanout;
604
605 scanout = &g->parent_obj.scanout[scanout_id];
606 ores = virtio_gpu_find_resource(g, scanout->resource_id);
607 if (ores) {
608 ores->scanout_bitmask &= ~(1 << scanout_id);
609 }
610
611 res->scanout_bitmask |= (1 << scanout_id);
612 scanout->resource_id = res->resource_id;
613 scanout->x = r->x;
614 scanout->y = r->y;
615 scanout->width = r->width;
616 scanout->height = r->height;
617 }
618
619 static void virtio_gpu_do_set_scanout(VirtIOGPU *g,
620 uint32_t scanout_id,
621 struct virtio_gpu_framebuffer *fb,
622 struct virtio_gpu_simple_resource *res,
623 struct virtio_gpu_rect *r,
624 uint32_t *error)
625 {
626 struct virtio_gpu_scanout *scanout;
627 uint8_t *data;
628
629 scanout = &g->parent_obj.scanout[scanout_id];
630
631 if (r->x > fb->width ||
632 r->y > fb->height ||
633 r->width < 16 ||
634 r->height < 16 ||
635 r->width > fb->width ||
636 r->height > fb->height ||
637 r->x + r->width > fb->width ||
638 r->y + r->height > fb->height) {
639 qemu_log_mask(LOG_GUEST_ERROR, "%s: illegal scanout %d bounds for"
640 " resource %d, rect (%d,%d)+%d,%d, fb %d %d\n",
641 __func__, scanout_id, res->resource_id,
642 r->x, r->y, r->width, r->height,
643 fb->width, fb->height);
644 *error = VIRTIO_GPU_RESP_ERR_INVALID_PARAMETER;
645 return;
646 }
647
648 g->parent_obj.enable = 1;
649
650 if (res->blob) {
651 if (console_has_gl(scanout->con)) {
652 if (!virtio_gpu_update_dmabuf(g, scanout_id, res, fb, r)) {
653 virtio_gpu_update_scanout(g, scanout_id, res, r);
654 return;
655 }
656 }
657
658 data = res->blob;
659 } else {
660 data = (uint8_t *)pixman_image_get_data(res->image);
661 }
662
663 /* create a surface for this scanout */
664 if ((res->blob && !console_has_gl(scanout->con)) ||
665 !scanout->ds ||
666 surface_data(scanout->ds) != data + fb->offset ||
667 scanout->width != r->width ||
668 scanout->height != r->height) {
669 pixman_image_t *rect;
670 void *ptr = data + fb->offset;
671 rect = pixman_image_create_bits(fb->format, r->width, r->height,
672 ptr, fb->stride);
673
674 if (res->image) {
675 pixman_image_ref(res->image);
676 pixman_image_set_destroy_function(rect, virtio_unref_resource,
677 res->image);
678 }
679
680 /* realloc the surface ptr */
681 scanout->ds = qemu_create_displaysurface_pixman(rect);
682 if (!scanout->ds) {
683 *error = VIRTIO_GPU_RESP_ERR_UNSPEC;
684 return;
685 }
686
687 pixman_image_unref(rect);
688 dpy_gfx_replace_surface(g->parent_obj.scanout[scanout_id].con,
689 scanout->ds);
690 }
691
692 virtio_gpu_update_scanout(g, scanout_id, res, r);
693 }
694
695 static void virtio_gpu_set_scanout(VirtIOGPU *g,
696 struct virtio_gpu_ctrl_command *cmd)
697 {
698 struct virtio_gpu_simple_resource *res;
699 struct virtio_gpu_framebuffer fb = { 0 };
700 struct virtio_gpu_set_scanout ss;
701
702 VIRTIO_GPU_FILL_CMD(ss);
703 virtio_gpu_bswap_32(&ss, sizeof(ss));
704 trace_virtio_gpu_cmd_set_scanout(ss.scanout_id, ss.resource_id,
705 ss.r.width, ss.r.height, ss.r.x, ss.r.y);
706
707 if (ss.scanout_id >= g->parent_obj.conf.max_outputs) {
708 qemu_log_mask(LOG_GUEST_ERROR, "%s: illegal scanout id specified %d",
709 __func__, ss.scanout_id);
710 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_SCANOUT_ID;
711 return;
712 }
713
714 if (ss.resource_id == 0) {
715 virtio_gpu_disable_scanout(g, ss.scanout_id);
716 return;
717 }
718
719 res = virtio_gpu_find_check_resource(g, ss.resource_id, true,
720 __func__, &cmd->error);
721 if (!res) {
722 return;
723 }
724
725 fb.format = pixman_image_get_format(res->image);
726 fb.bytes_pp = DIV_ROUND_UP(PIXMAN_FORMAT_BPP(fb.format), 8);
727 fb.width = pixman_image_get_width(res->image);
728 fb.height = pixman_image_get_height(res->image);
729 fb.stride = pixman_image_get_stride(res->image);
730 fb.offset = ss.r.x * fb.bytes_pp + ss.r.y * fb.stride;
731
732 virtio_gpu_do_set_scanout(g, ss.scanout_id,
733 &fb, res, &ss.r, &cmd->error);
734 }
735
736 static void virtio_gpu_set_scanout_blob(VirtIOGPU *g,
737 struct virtio_gpu_ctrl_command *cmd)
738 {
739 struct virtio_gpu_simple_resource *res;
740 struct virtio_gpu_framebuffer fb = { 0 };
741 struct virtio_gpu_set_scanout_blob ss;
742 uint64_t fbend;
743
744 VIRTIO_GPU_FILL_CMD(ss);
745 virtio_gpu_scanout_blob_bswap(&ss);
746 trace_virtio_gpu_cmd_set_scanout_blob(ss.scanout_id, ss.resource_id,
747 ss.r.width, ss.r.height, ss.r.x,
748 ss.r.y);
749
750 if (ss.scanout_id >= g->parent_obj.conf.max_outputs) {
751 qemu_log_mask(LOG_GUEST_ERROR, "%s: illegal scanout id specified %d",
752 __func__, ss.scanout_id);
753 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_SCANOUT_ID;
754 return;
755 }
756
757 if (ss.resource_id == 0) {
758 virtio_gpu_disable_scanout(g, ss.scanout_id);
759 return;
760 }
761
762 res = virtio_gpu_find_check_resource(g, ss.resource_id, true,
763 __func__, &cmd->error);
764 if (!res) {
765 return;
766 }
767
768 fb.format = virtio_gpu_get_pixman_format(ss.format);
769 if (!fb.format) {
770 qemu_log_mask(LOG_GUEST_ERROR,
771 "%s: host couldn't handle guest format %d\n",
772 __func__, ss.format);
773 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_PARAMETER;
774 return;
775 }
776
777 fb.bytes_pp = DIV_ROUND_UP(PIXMAN_FORMAT_BPP(fb.format), 8);
778 fb.width = ss.width;
779 fb.height = ss.height;
780 fb.stride = ss.strides[0];
781 fb.offset = ss.offsets[0] + ss.r.x * fb.bytes_pp + ss.r.y * fb.stride;
782
783 fbend = fb.offset;
784 fbend += fb.stride * (ss.r.height - 1);
785 fbend += fb.bytes_pp * ss.r.width;
786 if (fbend > res->blob_size) {
787 qemu_log_mask(LOG_GUEST_ERROR,
788 "%s: fb end out of range\n",
789 __func__);
790 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_PARAMETER;
791 return;
792 }
793
794 virtio_gpu_do_set_scanout(g, ss.scanout_id,
795 &fb, res, &ss.r, &cmd->error);
796 }
797
798 int virtio_gpu_create_mapping_iov(VirtIOGPU *g,
799 uint32_t nr_entries, uint32_t offset,
800 struct virtio_gpu_ctrl_command *cmd,
801 uint64_t **addr, struct iovec **iov,
802 uint32_t *niov)
803 {
804 struct virtio_gpu_mem_entry *ents;
805 size_t esize, s;
806 int e, v;
807
808 if (nr_entries > 16384) {
809 qemu_log_mask(LOG_GUEST_ERROR,
810 "%s: nr_entries is too big (%d > 16384)\n",
811 __func__, nr_entries);
812 return -1;
813 }
814
815 esize = sizeof(*ents) * nr_entries;
816 ents = g_malloc(esize);
817 s = iov_to_buf(cmd->elem.out_sg, cmd->elem.out_num,
818 offset, ents, esize);
819 if (s != esize) {
820 qemu_log_mask(LOG_GUEST_ERROR,
821 "%s: command data size incorrect %zu vs %zu\n",
822 __func__, s, esize);
823 g_free(ents);
824 return -1;
825 }
826
827 *iov = NULL;
828 if (addr) {
829 *addr = NULL;
830 }
831 for (e = 0, v = 0; e < nr_entries; e++) {
832 uint64_t a = le64_to_cpu(ents[e].addr);
833 uint32_t l = le32_to_cpu(ents[e].length);
834 hwaddr len;
835 void *map;
836
837 do {
838 len = l;
839 map = dma_memory_map(VIRTIO_DEVICE(g)->dma_as, a, &len,
840 DMA_DIRECTION_TO_DEVICE,
841 MEMTXATTRS_UNSPECIFIED);
842 if (!map) {
843 qemu_log_mask(LOG_GUEST_ERROR, "%s: failed to map MMIO memory for"
844 " element %d\n", __func__, e);
845 virtio_gpu_cleanup_mapping_iov(g, *iov, v);
846 g_free(ents);
847 *iov = NULL;
848 if (addr) {
849 g_free(*addr);
850 *addr = NULL;
851 }
852 return -1;
853 }
854
855 if (!(v % 16)) {
856 *iov = g_renew(struct iovec, *iov, v + 16);
857 if (addr) {
858 *addr = g_renew(uint64_t, *addr, v + 16);
859 }
860 }
861 (*iov)[v].iov_base = map;
862 (*iov)[v].iov_len = len;
863 if (addr) {
864 (*addr)[v] = a;
865 }
866
867 a += len;
868 l -= len;
869 v += 1;
870 } while (l > 0);
871 }
872 *niov = v;
873
874 g_free(ents);
875 return 0;
876 }
877
878 void virtio_gpu_cleanup_mapping_iov(VirtIOGPU *g,
879 struct iovec *iov, uint32_t count)
880 {
881 int i;
882
883 for (i = 0; i < count; i++) {
884 dma_memory_unmap(VIRTIO_DEVICE(g)->dma_as,
885 iov[i].iov_base, iov[i].iov_len,
886 DMA_DIRECTION_TO_DEVICE,
887 iov[i].iov_len);
888 }
889 g_free(iov);
890 }
891
892 static void virtio_gpu_cleanup_mapping(VirtIOGPU *g,
893 struct virtio_gpu_simple_resource *res)
894 {
895 virtio_gpu_cleanup_mapping_iov(g, res->iov, res->iov_cnt);
896 res->iov = NULL;
897 res->iov_cnt = 0;
898 g_free(res->addrs);
899 res->addrs = NULL;
900
901 if (res->blob) {
902 virtio_gpu_fini_udmabuf(res);
903 }
904 }
905
906 static void
907 virtio_gpu_resource_attach_backing(VirtIOGPU *g,
908 struct virtio_gpu_ctrl_command *cmd)
909 {
910 struct virtio_gpu_simple_resource *res;
911 struct virtio_gpu_resource_attach_backing ab;
912 int ret;
913
914 VIRTIO_GPU_FILL_CMD(ab);
915 virtio_gpu_bswap_32(&ab, sizeof(ab));
916 trace_virtio_gpu_cmd_res_back_attach(ab.resource_id);
917
918 res = virtio_gpu_find_resource(g, ab.resource_id);
919 if (!res) {
920 qemu_log_mask(LOG_GUEST_ERROR, "%s: illegal resource specified %d\n",
921 __func__, ab.resource_id);
922 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_RESOURCE_ID;
923 return;
924 }
925
926 if (res->iov) {
927 cmd->error = VIRTIO_GPU_RESP_ERR_UNSPEC;
928 return;
929 }
930
931 ret = virtio_gpu_create_mapping_iov(g, ab.nr_entries, sizeof(ab), cmd,
932 &res->addrs, &res->iov, &res->iov_cnt);
933 if (ret != 0) {
934 cmd->error = VIRTIO_GPU_RESP_ERR_UNSPEC;
935 return;
936 }
937 }
938
939 static void
940 virtio_gpu_resource_detach_backing(VirtIOGPU *g,
941 struct virtio_gpu_ctrl_command *cmd)
942 {
943 struct virtio_gpu_simple_resource *res;
944 struct virtio_gpu_resource_detach_backing detach;
945
946 VIRTIO_GPU_FILL_CMD(detach);
947 virtio_gpu_bswap_32(&detach, sizeof(detach));
948 trace_virtio_gpu_cmd_res_back_detach(detach.resource_id);
949
950 res = virtio_gpu_find_check_resource(g, detach.resource_id, true,
951 __func__, &cmd->error);
952 if (!res) {
953 return;
954 }
955 virtio_gpu_cleanup_mapping(g, res);
956 }
957
958 void virtio_gpu_simple_process_cmd(VirtIOGPU *g,
959 struct virtio_gpu_ctrl_command *cmd)
960 {
961 VIRTIO_GPU_FILL_CMD(cmd->cmd_hdr);
962 virtio_gpu_ctrl_hdr_bswap(&cmd->cmd_hdr);
963
964 switch (cmd->cmd_hdr.type) {
965 case VIRTIO_GPU_CMD_GET_DISPLAY_INFO:
966 virtio_gpu_get_display_info(g, cmd);
967 break;
968 case VIRTIO_GPU_CMD_GET_EDID:
969 virtio_gpu_get_edid(g, cmd);
970 break;
971 case VIRTIO_GPU_CMD_RESOURCE_CREATE_2D:
972 virtio_gpu_resource_create_2d(g, cmd);
973 break;
974 case VIRTIO_GPU_CMD_RESOURCE_CREATE_BLOB:
975 if (!virtio_gpu_blob_enabled(g->parent_obj.conf)) {
976 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_PARAMETER;
977 break;
978 }
979 virtio_gpu_resource_create_blob(g, cmd);
980 break;
981 case VIRTIO_GPU_CMD_RESOURCE_UNREF:
982 virtio_gpu_resource_unref(g, cmd);
983 break;
984 case VIRTIO_GPU_CMD_RESOURCE_FLUSH:
985 virtio_gpu_resource_flush(g, cmd);
986 break;
987 case VIRTIO_GPU_CMD_TRANSFER_TO_HOST_2D:
988 virtio_gpu_transfer_to_host_2d(g, cmd);
989 break;
990 case VIRTIO_GPU_CMD_SET_SCANOUT:
991 virtio_gpu_set_scanout(g, cmd);
992 break;
993 case VIRTIO_GPU_CMD_SET_SCANOUT_BLOB:
994 if (!virtio_gpu_blob_enabled(g->parent_obj.conf)) {
995 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_PARAMETER;
996 break;
997 }
998 virtio_gpu_set_scanout_blob(g, cmd);
999 break;
1000 case VIRTIO_GPU_CMD_RESOURCE_ATTACH_BACKING:
1001 virtio_gpu_resource_attach_backing(g, cmd);
1002 break;
1003 case VIRTIO_GPU_CMD_RESOURCE_DETACH_BACKING:
1004 virtio_gpu_resource_detach_backing(g, cmd);
1005 break;
1006 default:
1007 cmd->error = VIRTIO_GPU_RESP_ERR_UNSPEC;
1008 break;
1009 }
1010 if (!cmd->finished) {
1011 if (!g->parent_obj.renderer_blocked) {
1012 virtio_gpu_ctrl_response_nodata(g, cmd, cmd->error ? cmd->error :
1013 VIRTIO_GPU_RESP_OK_NODATA);
1014 }
1015 }
1016 }
1017
1018 static void virtio_gpu_handle_ctrl_cb(VirtIODevice *vdev, VirtQueue *vq)
1019 {
1020 VirtIOGPU *g = VIRTIO_GPU(vdev);
1021 qemu_bh_schedule(g->ctrl_bh);
1022 }
1023
1024 static void virtio_gpu_handle_cursor_cb(VirtIODevice *vdev, VirtQueue *vq)
1025 {
1026 VirtIOGPU *g = VIRTIO_GPU(vdev);
1027 qemu_bh_schedule(g->cursor_bh);
1028 }
1029
1030 void virtio_gpu_process_cmdq(VirtIOGPU *g)
1031 {
1032 struct virtio_gpu_ctrl_command *cmd;
1033 VirtIOGPUClass *vgc = VIRTIO_GPU_GET_CLASS(g);
1034
1035 if (g->processing_cmdq) {
1036 return;
1037 }
1038 g->processing_cmdq = true;
1039 while (!QTAILQ_EMPTY(&g->cmdq)) {
1040 cmd = QTAILQ_FIRST(&g->cmdq);
1041
1042 if (g->parent_obj.renderer_blocked) {
1043 break;
1044 }
1045
1046 /* process command */
1047 vgc->process_cmd(g, cmd);
1048
1049 QTAILQ_REMOVE(&g->cmdq, cmd, next);
1050 if (virtio_gpu_stats_enabled(g->parent_obj.conf)) {
1051 g->stats.requests++;
1052 }
1053
1054 if (!cmd->finished) {
1055 QTAILQ_INSERT_TAIL(&g->fenceq, cmd, next);
1056 g->inflight++;
1057 if (virtio_gpu_stats_enabled(g->parent_obj.conf)) {
1058 if (g->stats.max_inflight < g->inflight) {
1059 g->stats.max_inflight = g->inflight;
1060 }
1061 fprintf(stderr, "inflight: %3d (+)\r", g->inflight);
1062 }
1063 } else {
1064 g_free(cmd);
1065 }
1066 }
1067 g->processing_cmdq = false;
1068 }
1069
1070 static void virtio_gpu_process_fenceq(VirtIOGPU *g)
1071 {
1072 struct virtio_gpu_ctrl_command *cmd, *tmp;
1073
1074 QTAILQ_FOREACH_SAFE(cmd, &g->fenceq, next, tmp) {
1075 trace_virtio_gpu_fence_resp(cmd->cmd_hdr.fence_id);
1076 virtio_gpu_ctrl_response_nodata(g, cmd, VIRTIO_GPU_RESP_OK_NODATA);
1077 QTAILQ_REMOVE(&g->fenceq, cmd, next);
1078 g_free(cmd);
1079 g->inflight--;
1080 if (virtio_gpu_stats_enabled(g->parent_obj.conf)) {
1081 fprintf(stderr, "inflight: %3d (-)\r", g->inflight);
1082 }
1083 }
1084 }
1085
1086 static void virtio_gpu_handle_gl_flushed(VirtIOGPUBase *b)
1087 {
1088 VirtIOGPU *g = container_of(b, VirtIOGPU, parent_obj);
1089
1090 virtio_gpu_process_fenceq(g);
1091 virtio_gpu_process_cmdq(g);
1092 }
1093
1094 static void virtio_gpu_handle_ctrl(VirtIODevice *vdev, VirtQueue *vq)
1095 {
1096 VirtIOGPU *g = VIRTIO_GPU(vdev);
1097 struct virtio_gpu_ctrl_command *cmd;
1098
1099 if (!virtio_queue_ready(vq)) {
1100 return;
1101 }
1102
1103 cmd = virtqueue_pop(vq, sizeof(struct virtio_gpu_ctrl_command));
1104 while (cmd) {
1105 cmd->vq = vq;
1106 cmd->error = 0;
1107 cmd->finished = false;
1108 QTAILQ_INSERT_TAIL(&g->cmdq, cmd, next);
1109 cmd = virtqueue_pop(vq, sizeof(struct virtio_gpu_ctrl_command));
1110 }
1111
1112 virtio_gpu_process_cmdq(g);
1113 }
1114
1115 static void virtio_gpu_ctrl_bh(void *opaque)
1116 {
1117 VirtIOGPU *g = opaque;
1118 VirtIOGPUClass *vgc = VIRTIO_GPU_GET_CLASS(g);
1119
1120 vgc->handle_ctrl(&g->parent_obj.parent_obj, g->ctrl_vq);
1121 }
1122
1123 static void virtio_gpu_handle_cursor(VirtIODevice *vdev, VirtQueue *vq)
1124 {
1125 VirtIOGPU *g = VIRTIO_GPU(vdev);
1126 VirtQueueElement *elem;
1127 size_t s;
1128 struct virtio_gpu_update_cursor cursor_info;
1129
1130 if (!virtio_queue_ready(vq)) {
1131 return;
1132 }
1133 for (;;) {
1134 elem = virtqueue_pop(vq, sizeof(VirtQueueElement));
1135 if (!elem) {
1136 break;
1137 }
1138
1139 s = iov_to_buf(elem->out_sg, elem->out_num, 0,
1140 &cursor_info, sizeof(cursor_info));
1141 if (s != sizeof(cursor_info)) {
1142 qemu_log_mask(LOG_GUEST_ERROR,
1143 "%s: cursor size incorrect %zu vs %zu\n",
1144 __func__, s, sizeof(cursor_info));
1145 } else {
1146 virtio_gpu_bswap_32(&cursor_info, sizeof(cursor_info));
1147 update_cursor(g, &cursor_info);
1148 }
1149 virtqueue_push(vq, elem, 0);
1150 virtio_notify(vdev, vq);
1151 g_free(elem);
1152 }
1153 }
1154
1155 static void virtio_gpu_cursor_bh(void *opaque)
1156 {
1157 VirtIOGPU *g = opaque;
1158 virtio_gpu_handle_cursor(&g->parent_obj.parent_obj, g->cursor_vq);
1159 }
1160
1161 static const VMStateDescription vmstate_virtio_gpu_scanout = {
1162 .name = "virtio-gpu-one-scanout",
1163 .version_id = 1,
1164 .fields = (VMStateField[]) {
1165 VMSTATE_UINT32(resource_id, struct virtio_gpu_scanout),
1166 VMSTATE_UINT32(width, struct virtio_gpu_scanout),
1167 VMSTATE_UINT32(height, struct virtio_gpu_scanout),
1168 VMSTATE_INT32(x, struct virtio_gpu_scanout),
1169 VMSTATE_INT32(y, struct virtio_gpu_scanout),
1170 VMSTATE_UINT32(cursor.resource_id, struct virtio_gpu_scanout),
1171 VMSTATE_UINT32(cursor.hot_x, struct virtio_gpu_scanout),
1172 VMSTATE_UINT32(cursor.hot_y, struct virtio_gpu_scanout),
1173 VMSTATE_UINT32(cursor.pos.x, struct virtio_gpu_scanout),
1174 VMSTATE_UINT32(cursor.pos.y, struct virtio_gpu_scanout),
1175 VMSTATE_END_OF_LIST()
1176 },
1177 };
1178
1179 static const VMStateDescription vmstate_virtio_gpu_scanouts = {
1180 .name = "virtio-gpu-scanouts",
1181 .version_id = 1,
1182 .fields = (VMStateField[]) {
1183 VMSTATE_INT32(parent_obj.enable, struct VirtIOGPU),
1184 VMSTATE_UINT32_EQUAL(parent_obj.conf.max_outputs,
1185 struct VirtIOGPU, NULL),
1186 VMSTATE_STRUCT_VARRAY_UINT32(parent_obj.scanout, struct VirtIOGPU,
1187 parent_obj.conf.max_outputs, 1,
1188 vmstate_virtio_gpu_scanout,
1189 struct virtio_gpu_scanout),
1190 VMSTATE_END_OF_LIST()
1191 },
1192 };
1193
1194 static int virtio_gpu_save(QEMUFile *f, void *opaque, size_t size,
1195 const VMStateField *field, JSONWriter *vmdesc)
1196 {
1197 VirtIOGPU *g = opaque;
1198 struct virtio_gpu_simple_resource *res;
1199 int i;
1200
1201 /* in 2d mode we should never find unprocessed commands here */
1202 assert(QTAILQ_EMPTY(&g->cmdq));
1203
1204 QTAILQ_FOREACH(res, &g->reslist, next) {
1205 qemu_put_be32(f, res->resource_id);
1206 qemu_put_be32(f, res->width);
1207 qemu_put_be32(f, res->height);
1208 qemu_put_be32(f, res->format);
1209 qemu_put_be32(f, res->iov_cnt);
1210 for (i = 0; i < res->iov_cnt; i++) {
1211 qemu_put_be64(f, res->addrs[i]);
1212 qemu_put_be32(f, res->iov[i].iov_len);
1213 }
1214 qemu_put_buffer(f, (void *)pixman_image_get_data(res->image),
1215 pixman_image_get_stride(res->image) * res->height);
1216 }
1217 qemu_put_be32(f, 0); /* end of list */
1218
1219 return vmstate_save_state(f, &vmstate_virtio_gpu_scanouts, g, NULL);
1220 }
1221
1222 static int virtio_gpu_load(QEMUFile *f, void *opaque, size_t size,
1223 const VMStateField *field)
1224 {
1225 VirtIOGPU *g = opaque;
1226 struct virtio_gpu_simple_resource *res;
1227 struct virtio_gpu_scanout *scanout;
1228 uint32_t resource_id, pformat;
1229 int i;
1230
1231 g->hostmem = 0;
1232
1233 resource_id = qemu_get_be32(f);
1234 while (resource_id != 0) {
1235 res = virtio_gpu_find_resource(g, resource_id);
1236 if (res) {
1237 return -EINVAL;
1238 }
1239
1240 res = g_new0(struct virtio_gpu_simple_resource, 1);
1241 res->resource_id = resource_id;
1242 res->width = qemu_get_be32(f);
1243 res->height = qemu_get_be32(f);
1244 res->format = qemu_get_be32(f);
1245 res->iov_cnt = qemu_get_be32(f);
1246
1247 /* allocate */
1248 pformat = virtio_gpu_get_pixman_format(res->format);
1249 if (!pformat) {
1250 g_free(res);
1251 return -EINVAL;
1252 }
1253 res->image = pixman_image_create_bits(pformat,
1254 res->width, res->height,
1255 NULL, 0);
1256 if (!res->image) {
1257 g_free(res);
1258 return -EINVAL;
1259 }
1260
1261 res->hostmem = calc_image_hostmem(pformat, res->width, res->height);
1262
1263 res->addrs = g_new(uint64_t, res->iov_cnt);
1264 res->iov = g_new(struct iovec, res->iov_cnt);
1265
1266 /* read data */
1267 for (i = 0; i < res->iov_cnt; i++) {
1268 res->addrs[i] = qemu_get_be64(f);
1269 res->iov[i].iov_len = qemu_get_be32(f);
1270 }
1271 qemu_get_buffer(f, (void *)pixman_image_get_data(res->image),
1272 pixman_image_get_stride(res->image) * res->height);
1273
1274 /* restore mapping */
1275 for (i = 0; i < res->iov_cnt; i++) {
1276 hwaddr len = res->iov[i].iov_len;
1277 res->iov[i].iov_base =
1278 dma_memory_map(VIRTIO_DEVICE(g)->dma_as, res->addrs[i], &len,
1279 DMA_DIRECTION_TO_DEVICE,
1280 MEMTXATTRS_UNSPECIFIED);
1281
1282 if (!res->iov[i].iov_base || len != res->iov[i].iov_len) {
1283 /* Clean up the half-a-mapping we just created... */
1284 if (res->iov[i].iov_base) {
1285 dma_memory_unmap(VIRTIO_DEVICE(g)->dma_as,
1286 res->iov[i].iov_base,
1287 len,
1288 DMA_DIRECTION_TO_DEVICE,
1289 0);
1290 }
1291 /* ...and the mappings for previous loop iterations */
1292 res->iov_cnt = i;
1293 virtio_gpu_cleanup_mapping(g, res);
1294 pixman_image_unref(res->image);
1295 g_free(res);
1296 return -EINVAL;
1297 }
1298 }
1299
1300 QTAILQ_INSERT_HEAD(&g->reslist, res, next);
1301 g->hostmem += res->hostmem;
1302
1303 resource_id = qemu_get_be32(f);
1304 }
1305
1306 /* load & apply scanout state */
1307 vmstate_load_state(f, &vmstate_virtio_gpu_scanouts, g, 1);
1308 for (i = 0; i < g->parent_obj.conf.max_outputs; i++) {
1309 /* FIXME: should take scanout.r.{x,y} into account */
1310 scanout = &g->parent_obj.scanout[i];
1311 if (!scanout->resource_id) {
1312 continue;
1313 }
1314 res = virtio_gpu_find_resource(g, scanout->resource_id);
1315 if (!res) {
1316 return -EINVAL;
1317 }
1318 scanout->ds = qemu_create_displaysurface_pixman(res->image);
1319 if (!scanout->ds) {
1320 return -EINVAL;
1321 }
1322
1323 dpy_gfx_replace_surface(scanout->con, scanout->ds);
1324 dpy_gfx_update_full(scanout->con);
1325 if (scanout->cursor.resource_id) {
1326 update_cursor(g, &scanout->cursor);
1327 }
1328 res->scanout_bitmask |= (1 << i);
1329 }
1330
1331 return 0;
1332 }
1333
1334 void virtio_gpu_device_realize(DeviceState *qdev, Error **errp)
1335 {
1336 VirtIODevice *vdev = VIRTIO_DEVICE(qdev);
1337 VirtIOGPU *g = VIRTIO_GPU(qdev);
1338
1339 if (virtio_gpu_blob_enabled(g->parent_obj.conf)) {
1340 if (!virtio_gpu_have_udmabuf()) {
1341 error_setg(errp, "cannot enable blob resources without udmabuf");
1342 return;
1343 }
1344
1345 if (virtio_gpu_virgl_enabled(g->parent_obj.conf)) {
1346 error_setg(errp, "blobs and virgl are not compatible (yet)");
1347 return;
1348 }
1349 }
1350
1351 if (!virtio_gpu_base_device_realize(qdev,
1352 virtio_gpu_handle_ctrl_cb,
1353 virtio_gpu_handle_cursor_cb,
1354 errp)) {
1355 return;
1356 }
1357
1358 g->ctrl_vq = virtio_get_queue(vdev, 0);
1359 g->cursor_vq = virtio_get_queue(vdev, 1);
1360 g->ctrl_bh = qemu_bh_new_guarded(virtio_gpu_ctrl_bh, g,
1361 &qdev->mem_reentrancy_guard);
1362 g->cursor_bh = qemu_bh_new_guarded(virtio_gpu_cursor_bh, g,
1363 &qdev->mem_reentrancy_guard);
1364 QTAILQ_INIT(&g->reslist);
1365 QTAILQ_INIT(&g->cmdq);
1366 QTAILQ_INIT(&g->fenceq);
1367 }
1368
1369 void virtio_gpu_reset(VirtIODevice *vdev)
1370 {
1371 VirtIOGPU *g = VIRTIO_GPU(vdev);
1372 struct virtio_gpu_simple_resource *res, *tmp;
1373 struct virtio_gpu_ctrl_command *cmd;
1374
1375 QTAILQ_FOREACH_SAFE(res, &g->reslist, next, tmp) {
1376 virtio_gpu_resource_destroy(g, res);
1377 }
1378
1379 while (!QTAILQ_EMPTY(&g->cmdq)) {
1380 cmd = QTAILQ_FIRST(&g->cmdq);
1381 QTAILQ_REMOVE(&g->cmdq, cmd, next);
1382 g_free(cmd);
1383 }
1384
1385 while (!QTAILQ_EMPTY(&g->fenceq)) {
1386 cmd = QTAILQ_FIRST(&g->fenceq);
1387 QTAILQ_REMOVE(&g->fenceq, cmd, next);
1388 g->inflight--;
1389 g_free(cmd);
1390 }
1391
1392 virtio_gpu_base_reset(VIRTIO_GPU_BASE(vdev));
1393 }
1394
1395 static void
1396 virtio_gpu_get_config(VirtIODevice *vdev, uint8_t *config)
1397 {
1398 VirtIOGPUBase *g = VIRTIO_GPU_BASE(vdev);
1399
1400 memcpy(config, &g->virtio_config, sizeof(g->virtio_config));
1401 }
1402
1403 static void
1404 virtio_gpu_set_config(VirtIODevice *vdev, const uint8_t *config)
1405 {
1406 VirtIOGPUBase *g = VIRTIO_GPU_BASE(vdev);
1407 const struct virtio_gpu_config *vgconfig =
1408 (const struct virtio_gpu_config *)config;
1409
1410 if (vgconfig->events_clear) {
1411 g->virtio_config.events_read &= ~vgconfig->events_clear;
1412 }
1413 }
1414
1415 /*
1416 * For historical reasons virtio_gpu does not adhere to virtio migration
1417 * scheme as described in doc/virtio-migration.txt, in a sense that no
1418 * save/load callback are provided to the core. Instead the device data
1419 * is saved/loaded after the core data.
1420 *
1421 * Because of this we need a special vmsd.
1422 */
1423 static const VMStateDescription vmstate_virtio_gpu = {
1424 .name = "virtio-gpu",
1425 .minimum_version_id = VIRTIO_GPU_VM_VERSION,
1426 .version_id = VIRTIO_GPU_VM_VERSION,
1427 .fields = (VMStateField[]) {
1428 VMSTATE_VIRTIO_DEVICE /* core */,
1429 {
1430 .name = "virtio-gpu",
1431 .info = &(const VMStateInfo) {
1432 .name = "virtio-gpu",
1433 .get = virtio_gpu_load,
1434 .put = virtio_gpu_save,
1435 },
1436 .flags = VMS_SINGLE,
1437 } /* device */,
1438 VMSTATE_END_OF_LIST()
1439 },
1440 };
1441
1442 static Property virtio_gpu_properties[] = {
1443 VIRTIO_GPU_BASE_PROPERTIES(VirtIOGPU, parent_obj.conf),
1444 DEFINE_PROP_SIZE("max_hostmem", VirtIOGPU, conf_max_hostmem,
1445 256 * MiB),
1446 DEFINE_PROP_BIT("blob", VirtIOGPU, parent_obj.conf.flags,
1447 VIRTIO_GPU_FLAG_BLOB_ENABLED, false),
1448 DEFINE_PROP_END_OF_LIST(),
1449 };
1450
1451 static void virtio_gpu_class_init(ObjectClass *klass, void *data)
1452 {
1453 DeviceClass *dc = DEVICE_CLASS(klass);
1454 VirtioDeviceClass *vdc = VIRTIO_DEVICE_CLASS(klass);
1455 VirtIOGPUClass *vgc = VIRTIO_GPU_CLASS(klass);
1456 VirtIOGPUBaseClass *vgbc = &vgc->parent;
1457
1458 vgc->handle_ctrl = virtio_gpu_handle_ctrl;
1459 vgc->process_cmd = virtio_gpu_simple_process_cmd;
1460 vgc->update_cursor_data = virtio_gpu_update_cursor_data;
1461 vgbc->gl_flushed = virtio_gpu_handle_gl_flushed;
1462
1463 vdc->realize = virtio_gpu_device_realize;
1464 vdc->reset = virtio_gpu_reset;
1465 vdc->get_config = virtio_gpu_get_config;
1466 vdc->set_config = virtio_gpu_set_config;
1467
1468 dc->vmsd = &vmstate_virtio_gpu;
1469 device_class_set_props(dc, virtio_gpu_properties);
1470 }
1471
1472 static const TypeInfo virtio_gpu_info = {
1473 .name = TYPE_VIRTIO_GPU,
1474 .parent = TYPE_VIRTIO_GPU_BASE,
1475 .instance_size = sizeof(VirtIOGPU),
1476 .class_size = sizeof(VirtIOGPUClass),
1477 .class_init = virtio_gpu_class_init,
1478 };
1479 module_obj(TYPE_VIRTIO_GPU);
1480 module_kconfig(VIRTIO_GPU);
1481
1482 static void virtio_register_types(void)
1483 {
1484 type_register_static(&virtio_gpu_info);
1485 }
1486
1487 type_init(virtio_register_types)
QEMU mirror