search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
e1000: bounds packet size against buffer size
[qemu.git] / hw / vmware_vga.c
blobaf70bdee094a0035f4e6797b1e5583bff38e506f
1 /*
2 * QEMU VMware-SVGA "chipset".
3 *
4 * Copyright (c) 2007 Andrzej Zaborowski <balrog@zabor.org>
5 *
6 * Permission is hereby granted, free of charge, to any person obtaining a copy
7 * of this software and associated documentation files (the "Software"), to deal
8 * in the Software without restriction, including without limitation the rights
9 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
10 * copies of the Software, and to permit persons to whom the Software is
11 * furnished to do so, subject to the following conditions:
12 *
13 * The above copyright notice and this permission notice shall be included in
14 * all copies or substantial portions of the Software.
15 *
16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
19 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
21 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
22 * THE SOFTWARE.
23 */
24 #include "hw.h"
25 #include "loader.h"
26 #include "console.h"
27 #include "pci.h"
28 #include "vmware_vga.h"
29
30 #undef VERBOSE
31 #define HW_RECT_ACCEL
32 #define HW_FILL_ACCEL
33 #define HW_MOUSE_ACCEL
34
35 # include "vga_int.h"
36
37 struct vmsvga_state_s {
38 VGACommonState vga;
39
40 int width;
41 int height;
42 int invalidated;
43 int depth;
44 int bypp;
45 int enable;
46 int config;
47 struct {
48 int id;
49 int x;
50 int y;
51 int on;
52 } cursor;
53
54 int index;
55 int scratch_size;
56 uint32_t *scratch;
57 int new_width;
58 int new_height;
59 uint32_t guest;
60 uint32_t svgaid;
61 uint32_t wred;
62 uint32_t wgreen;
63 uint32_t wblue;
64 int syncing;
65 int fb_size;
66
67 MemoryRegion fifo_ram;
68 uint8_t *fifo_ptr;
69 unsigned int fifo_size;
70
71 union {
72 uint32_t *fifo;
73 struct QEMU_PACKED {
74 uint32_t min;
75 uint32_t max;
76 uint32_t next_cmd;
77 uint32_t stop;
78 /* Add registers here when adding capabilities. */
79 uint32_t fifo[0];
80 } *cmd;
81 };
82
83 #define REDRAW_FIFO_LEN 512
84 struct vmsvga_rect_s {
85 int x, y, w, h;
86 } redraw_fifo[REDRAW_FIFO_LEN];
87 int redraw_fifo_first, redraw_fifo_last;
88 };
89
90 struct pci_vmsvga_state_s {
91 PCIDevice card;
92 struct vmsvga_state_s chip;
93 MemoryRegion io_bar;
94 };
95
96 #define SVGA_MAGIC 0x900000UL
97 #define SVGA_MAKE_ID(ver) (SVGA_MAGIC << 8 | (ver))
98 #define SVGA_ID_0 SVGA_MAKE_ID(0)
99 #define SVGA_ID_1 SVGA_MAKE_ID(1)
100 #define SVGA_ID_2 SVGA_MAKE_ID(2)
101
102 #define SVGA_LEGACY_BASE_PORT 0x4560
103 #define SVGA_INDEX_PORT 0x0
104 #define SVGA_VALUE_PORT 0x1
105 #define SVGA_BIOS_PORT 0x2
106
107 #define SVGA_VERSION_2
108
109 #ifdef SVGA_VERSION_2
110 # define SVGA_ID SVGA_ID_2
111 # define SVGA_IO_BASE SVGA_LEGACY_BASE_PORT
112 # define SVGA_IO_MUL 1
113 # define SVGA_FIFO_SIZE 0x10000
114 # define SVGA_PCI_DEVICE_ID PCI_DEVICE_ID_VMWARE_SVGA2
115 #else
116 # define SVGA_ID SVGA_ID_1
117 # define SVGA_IO_BASE SVGA_LEGACY_BASE_PORT
118 # define SVGA_IO_MUL 4
119 # define SVGA_FIFO_SIZE 0x10000
120 # define SVGA_PCI_DEVICE_ID PCI_DEVICE_ID_VMWARE_SVGA
121 #endif
122
123 enum {
124 /* ID 0, 1 and 2 registers */
125 SVGA_REG_ID = 0,
126 SVGA_REG_ENABLE = 1,
127 SVGA_REG_WIDTH = 2,
128 SVGA_REG_HEIGHT = 3,
129 SVGA_REG_MAX_WIDTH = 4,
130 SVGA_REG_MAX_HEIGHT = 5,
131 SVGA_REG_DEPTH = 6,
132 SVGA_REG_BITS_PER_PIXEL = 7, /* Current bpp in the guest */
133 SVGA_REG_PSEUDOCOLOR = 8,
134 SVGA_REG_RED_MASK = 9,
135 SVGA_REG_GREEN_MASK = 10,
136 SVGA_REG_BLUE_MASK = 11,
137 SVGA_REG_BYTES_PER_LINE = 12,
138 SVGA_REG_FB_START = 13,
139 SVGA_REG_FB_OFFSET = 14,
140 SVGA_REG_VRAM_SIZE = 15,
141 SVGA_REG_FB_SIZE = 16,
142
143 /* ID 1 and 2 registers */
144 SVGA_REG_CAPABILITIES = 17,
145 SVGA_REG_MEM_START = 18, /* Memory for command FIFO */
146 SVGA_REG_MEM_SIZE = 19,
147 SVGA_REG_CONFIG_DONE = 20, /* Set when memory area configured */
148 SVGA_REG_SYNC = 21, /* Write to force synchronization */
149 SVGA_REG_BUSY = 22, /* Read to check if sync is done */
150 SVGA_REG_GUEST_ID = 23, /* Set guest OS identifier */
151 SVGA_REG_CURSOR_ID = 24, /* ID of cursor */
152 SVGA_REG_CURSOR_X = 25, /* Set cursor X position */
153 SVGA_REG_CURSOR_Y = 26, /* Set cursor Y position */
154 SVGA_REG_CURSOR_ON = 27, /* Turn cursor on/off */
155 SVGA_REG_HOST_BITS_PER_PIXEL = 28, /* Current bpp in the host */
156 SVGA_REG_SCRATCH_SIZE = 29, /* Number of scratch registers */
157 SVGA_REG_MEM_REGS = 30, /* Number of FIFO registers */
158 SVGA_REG_NUM_DISPLAYS = 31, /* Number of guest displays */
159 SVGA_REG_PITCHLOCK = 32, /* Fixed pitch for all modes */
160
161 SVGA_PALETTE_BASE = 1024, /* Base of SVGA color map */
162 SVGA_PALETTE_END = SVGA_PALETTE_BASE + 767,
163 SVGA_SCRATCH_BASE = SVGA_PALETTE_BASE + 768,
164 };
165
166 #define SVGA_CAP_NONE 0
167 #define SVGA_CAP_RECT_FILL (1 << 0)
168 #define SVGA_CAP_RECT_COPY (1 << 1)
169 #define SVGA_CAP_RECT_PAT_FILL (1 << 2)
170 #define SVGA_CAP_LEGACY_OFFSCREEN (1 << 3)
171 #define SVGA_CAP_RASTER_OP (1 << 4)
172 #define SVGA_CAP_CURSOR (1 << 5)
173 #define SVGA_CAP_CURSOR_BYPASS (1 << 6)
174 #define SVGA_CAP_CURSOR_BYPASS_2 (1 << 7)
175 #define SVGA_CAP_8BIT_EMULATION (1 << 8)
176 #define SVGA_CAP_ALPHA_CURSOR (1 << 9)
177 #define SVGA_CAP_GLYPH (1 << 10)
178 #define SVGA_CAP_GLYPH_CLIPPING (1 << 11)
179 #define SVGA_CAP_OFFSCREEN_1 (1 << 12)
180 #define SVGA_CAP_ALPHA_BLEND (1 << 13)
181 #define SVGA_CAP_3D (1 << 14)
182 #define SVGA_CAP_EXTENDED_FIFO (1 << 15)
183 #define SVGA_CAP_MULTIMON (1 << 16)
184 #define SVGA_CAP_PITCHLOCK (1 << 17)
185
186 /*
187 * FIFO offsets (seen as an array of 32-bit words)
188 */
189 enum {
190 /*
191 * The original defined FIFO offsets
192 */
193 SVGA_FIFO_MIN = 0,
194 SVGA_FIFO_MAX, /* The distance from MIN to MAX must be at least 10K */
195 SVGA_FIFO_NEXT_CMD,
196 SVGA_FIFO_STOP,
197
198 /*
199 * Additional offsets added as of SVGA_CAP_EXTENDED_FIFO
200 */
201 SVGA_FIFO_CAPABILITIES = 4,
202 SVGA_FIFO_FLAGS,
203 SVGA_FIFO_FENCE,
204 SVGA_FIFO_3D_HWVERSION,
205 SVGA_FIFO_PITCHLOCK,
206 };
207
208 #define SVGA_FIFO_CAP_NONE 0
209 #define SVGA_FIFO_CAP_FENCE (1 << 0)
210 #define SVGA_FIFO_CAP_ACCELFRONT (1 << 1)
211 #define SVGA_FIFO_CAP_PITCHLOCK (1 << 2)
212
213 #define SVGA_FIFO_FLAG_NONE 0
214 #define SVGA_FIFO_FLAG_ACCELFRONT (1 << 0)
215
216 /* These values can probably be changed arbitrarily. */
217 #define SVGA_SCRATCH_SIZE 0x8000
218 #define SVGA_MAX_WIDTH 2360
219 #define SVGA_MAX_HEIGHT 1770
220
221 #ifdef VERBOSE
222 # define GUEST_OS_BASE 0x5001
223 static const char *vmsvga_guest_id[] = {
224 [0x00] = "Dos",
225 [0x01] = "Windows 3.1",
226 [0x02] = "Windows 95",
227 [0x03] = "Windows 98",
228 [0x04] = "Windows ME",
229 [0x05] = "Windows NT",
230 [0x06] = "Windows 2000",
231 [0x07] = "Linux",
232 [0x08] = "OS/2",
233 [0x09] = "an unknown OS",
234 [0x0a] = "BSD",
235 [0x0b] = "Whistler",
236 [0x0c] = "an unknown OS",
237 [0x0d] = "an unknown OS",
238 [0x0e] = "an unknown OS",
239 [0x0f] = "an unknown OS",
240 [0x10] = "an unknown OS",
241 [0x11] = "an unknown OS",
242 [0x12] = "an unknown OS",
243 [0x13] = "an unknown OS",
244 [0x14] = "an unknown OS",
245 [0x15] = "Windows 2003",
246 };
247 #endif
248
249 enum {
250 SVGA_CMD_INVALID_CMD = 0,
251 SVGA_CMD_UPDATE = 1,
252 SVGA_CMD_RECT_FILL = 2,
253 SVGA_CMD_RECT_COPY = 3,
254 SVGA_CMD_DEFINE_BITMAP = 4,
255 SVGA_CMD_DEFINE_BITMAP_SCANLINE = 5,
256 SVGA_CMD_DEFINE_PIXMAP = 6,
257 SVGA_CMD_DEFINE_PIXMAP_SCANLINE = 7,
258 SVGA_CMD_RECT_BITMAP_FILL = 8,
259 SVGA_CMD_RECT_PIXMAP_FILL = 9,
260 SVGA_CMD_RECT_BITMAP_COPY = 10,
261 SVGA_CMD_RECT_PIXMAP_COPY = 11,
262 SVGA_CMD_FREE_OBJECT = 12,
263 SVGA_CMD_RECT_ROP_FILL = 13,
264 SVGA_CMD_RECT_ROP_COPY = 14,
265 SVGA_CMD_RECT_ROP_BITMAP_FILL = 15,
266 SVGA_CMD_RECT_ROP_PIXMAP_FILL = 16,
267 SVGA_CMD_RECT_ROP_BITMAP_COPY = 17,
268 SVGA_CMD_RECT_ROP_PIXMAP_COPY = 18,
269 SVGA_CMD_DEFINE_CURSOR = 19,
270 SVGA_CMD_DISPLAY_CURSOR = 20,
271 SVGA_CMD_MOVE_CURSOR = 21,
272 SVGA_CMD_DEFINE_ALPHA_CURSOR = 22,
273 SVGA_CMD_DRAW_GLYPH = 23,
274 SVGA_CMD_DRAW_GLYPH_CLIPPED = 24,
275 SVGA_CMD_UPDATE_VERBOSE = 25,
276 SVGA_CMD_SURFACE_FILL = 26,
277 SVGA_CMD_SURFACE_COPY = 27,
278 SVGA_CMD_SURFACE_ALPHA_BLEND = 28,
279 SVGA_CMD_FRONT_ROP_FILL = 29,
280 SVGA_CMD_FENCE = 30,
281 };
282
283 /* Legal values for the SVGA_REG_CURSOR_ON register in cursor bypass mode */
284 enum {
285 SVGA_CURSOR_ON_HIDE = 0,
286 SVGA_CURSOR_ON_SHOW = 1,
287 SVGA_CURSOR_ON_REMOVE_FROM_FB = 2,
288 SVGA_CURSOR_ON_RESTORE_TO_FB = 3,
289 };
290
291 static inline void vmsvga_update_rect(struct vmsvga_state_s *s,
292 int x, int y, int w, int h)
293 {
294 int line;
295 int bypl;
296 int width;
297 int start;
298 uint8_t *src;
299 uint8_t *dst;
300
301 if (x + w > s->width) {
302 fprintf(stderr, "%s: update width too large x: %d, w: %d\n",
303 __FUNCTION__, x, w);
304 x = MIN(x, s->width);
305 w = s->width - x;
306 }
307
308 if (y + h > s->height) {
309 fprintf(stderr, "%s: update height too large y: %d, h: %d\n",
310 __FUNCTION__, y, h);
311 y = MIN(y, s->height);
312 h = s->height - y;
313 }
314
315 line = h;
316 bypl = s->bypp * s->width;
317 width = s->bypp * w;
318 start = s->bypp * x + bypl * y;
319 src = s->vga.vram_ptr + start;
320 dst = ds_get_data(s->vga.ds) + start;
321
322 for (; line > 0; line --, src += bypl, dst += bypl)
323 memcpy(dst, src, width);
324
325 dpy_update(s->vga.ds, x, y, w, h);
326 }
327
328 static inline void vmsvga_update_screen(struct vmsvga_state_s *s)
329 {
330 memcpy(ds_get_data(s->vga.ds), s->vga.vram_ptr,
331 s->bypp * s->width * s->height);
332 dpy_update(s->vga.ds, 0, 0, s->width, s->height);
333 }
334
335 static inline void vmsvga_update_rect_delayed(struct vmsvga_state_s *s,
336 int x, int y, int w, int h)
337 {
338 struct vmsvga_rect_s *rect = &s->redraw_fifo[s->redraw_fifo_last ++];
339 s->redraw_fifo_last &= REDRAW_FIFO_LEN - 1;
340 rect->x = x;
341 rect->y = y;
342 rect->w = w;
343 rect->h = h;
344 }
345
346 static inline void vmsvga_update_rect_flush(struct vmsvga_state_s *s)
347 {
348 struct vmsvga_rect_s *rect;
349 if (s->invalidated) {
350 s->redraw_fifo_first = s->redraw_fifo_last;
351 return;
352 }
353 /* Overlapping region updates can be optimised out here - if someone
354 * knows a smart algorithm to do that, please share. */
355 while (s->redraw_fifo_first != s->redraw_fifo_last) {
356 rect = &s->redraw_fifo[s->redraw_fifo_first ++];
357 s->redraw_fifo_first &= REDRAW_FIFO_LEN - 1;
358 vmsvga_update_rect(s, rect->x, rect->y, rect->w, rect->h);
359 }
360 }
361
362 #ifdef HW_RECT_ACCEL
363 static inline void vmsvga_copy_rect(struct vmsvga_state_s *s,
364 int x0, int y0, int x1, int y1, int w, int h)
365 {
366 uint8_t *vram = s->vga.vram_ptr;
367 int bypl = s->bypp * s->width;
368 int width = s->bypp * w;
369 int line = h;
370 uint8_t *ptr[2];
371
372 if (y1 > y0) {
373 ptr[0] = vram + s->bypp * x0 + bypl * (y0 + h - 1);
374 ptr[1] = vram + s->bypp * x1 + bypl * (y1 + h - 1);
375 for (; line > 0; line --, ptr[0] -= bypl, ptr[1] -= bypl) {
376 memmove(ptr[1], ptr[0], width);
377 }
378 } else {
379 ptr[0] = vram + s->bypp * x0 + bypl * y0;
380 ptr[1] = vram + s->bypp * x1 + bypl * y1;
381 for (; line > 0; line --, ptr[0] += bypl, ptr[1] += bypl) {
382 memmove(ptr[1], ptr[0], width);
383 }
384 }
385
386 vmsvga_update_rect_delayed(s, x1, y1, w, h);
387 }
388 #endif
389
390 #ifdef HW_FILL_ACCEL
391 static inline void vmsvga_fill_rect(struct vmsvga_state_s *s,
392 uint32_t c, int x, int y, int w, int h)
393 {
394 uint8_t *vram = s->vga.vram_ptr;
395 int bypp = s->bypp;
396 int bypl = bypp * s->width;
397 int width = bypp * w;
398 int line = h;
399 int column;
400 uint8_t *fst = vram + bypp * x + bypl * y;
401 uint8_t *dst;
402 uint8_t *src;
403 uint8_t col[4];
404
405 col[0] = c;
406 col[1] = c >> 8;
407 col[2] = c >> 16;
408 col[3] = c >> 24;
409
410 if (line--) {
411 dst = fst;
412 src = col;
413 for (column = width; column > 0; column--) {
414 *(dst++) = *(src++);
415 if (src - col == bypp) {
416 src = col;
417 }
418 }
419 dst = fst;
420 for (; line > 0; line--) {
421 dst += bypl;
422 memcpy(dst, fst, width);
423 }
424 }
425
426 vmsvga_update_rect_delayed(s, x, y, w, h);
427 }
428 #endif
429
430 struct vmsvga_cursor_definition_s {
431 int width;
432 int height;
433 int id;
434 int bpp;
435 int hot_x;
436 int hot_y;
437 uint32_t mask[1024];
438 uint32_t image[4096];
439 };
440
441 #define SVGA_BITMAP_SIZE(w, h) ((((w) + 31) >> 5) * (h))
442 #define SVGA_PIXMAP_SIZE(w, h, bpp) (((((w) * (bpp)) + 31) >> 5) * (h))
443
444 #ifdef HW_MOUSE_ACCEL
445 static inline void vmsvga_cursor_define(struct vmsvga_state_s *s,
446 struct vmsvga_cursor_definition_s *c)
447 {
448 QEMUCursor *qc;
449 int i, pixels;
450
451 qc = cursor_alloc(c->width, c->height);
452 qc->hot_x = c->hot_x;
453 qc->hot_y = c->hot_y;
454 switch (c->bpp) {
455 case 1:
456 cursor_set_mono(qc, 0xffffff, 0x000000, (void*)c->image,
457 1, (void*)c->mask);
458 #ifdef DEBUG
459 cursor_print_ascii_art(qc, "vmware/mono");
460 #endif
461 break;
462 case 32:
463 /* fill alpha channel from mask, set color to zero */
464 cursor_set_mono(qc, 0x000000, 0x000000, (void*)c->mask,
465 1, (void*)c->mask);
466 /* add in rgb values */
467 pixels = c->width * c->height;
468 for (i = 0; i < pixels; i++) {
469 qc->data[i] |= c->image[i] & 0xffffff;
470 }
471 #ifdef DEBUG
472 cursor_print_ascii_art(qc, "vmware/32bit");
473 #endif
474 break;
475 default:
476 fprintf(stderr, "%s: unhandled bpp %d, using fallback cursor\n",
477 __FUNCTION__, c->bpp);
478 cursor_put(qc);
479 qc = cursor_builtin_left_ptr();
480 }
481
482 if (s->vga.ds->cursor_define)
483 s->vga.ds->cursor_define(qc);
484 cursor_put(qc);
485 }
486 #endif
487
488 #define CMD(f) le32_to_cpu(s->cmd->f)
489
490 static inline int vmsvga_fifo_length(struct vmsvga_state_s *s)
491 {
492 int num;
493 if (!s->config || !s->enable)
494 return 0;
495 num = CMD(next_cmd) - CMD(stop);
496 if (num < 0)
497 num += CMD(max) - CMD(min);
498 return num >> 2;
499 }
500
501 static inline uint32_t vmsvga_fifo_read_raw(struct vmsvga_state_s *s)
502 {
503 uint32_t cmd = s->fifo[CMD(stop) >> 2];
504 s->cmd->stop = cpu_to_le32(CMD(stop) + 4);
505 if (CMD(stop) >= CMD(max))
506 s->cmd->stop = s->cmd->min;
507 return cmd;
508 }
509
510 static inline uint32_t vmsvga_fifo_read(struct vmsvga_state_s *s)
511 {
512 return le32_to_cpu(vmsvga_fifo_read_raw(s));
513 }
514
515 static void vmsvga_fifo_run(struct vmsvga_state_s *s)
516 {
517 uint32_t cmd, colour;
518 int args, len;
519 int x, y, dx, dy, width, height;
520 struct vmsvga_cursor_definition_s cursor;
521 uint32_t cmd_start;
522
523 len = vmsvga_fifo_length(s);
524 while (len > 0) {
525 /* May need to go back to the start of the command if incomplete */
526 cmd_start = s->cmd->stop;
527
528 switch (cmd = vmsvga_fifo_read(s)) {
529 case SVGA_CMD_UPDATE:
530 case SVGA_CMD_UPDATE_VERBOSE:
531 len -= 5;
532 if (len < 0)
533 goto rewind;
534
535 x = vmsvga_fifo_read(s);
536 y = vmsvga_fifo_read(s);
537 width = vmsvga_fifo_read(s);
538 height = vmsvga_fifo_read(s);
539 vmsvga_update_rect_delayed(s, x, y, width, height);
540 break;
541
542 case SVGA_CMD_RECT_FILL:
543 len -= 6;
544 if (len < 0)
545 goto rewind;
546
547 colour = vmsvga_fifo_read(s);
548 x = vmsvga_fifo_read(s);
549 y = vmsvga_fifo_read(s);
550 width = vmsvga_fifo_read(s);
551 height = vmsvga_fifo_read(s);
552 #ifdef HW_FILL_ACCEL
553 vmsvga_fill_rect(s, colour, x, y, width, height);
554 break;
555 #else
556 args = 0;
557 goto badcmd;
558 #endif
559
560 case SVGA_CMD_RECT_COPY:
561 len -= 7;
562 if (len < 0)
563 goto rewind;
564
565 x = vmsvga_fifo_read(s);
566 y = vmsvga_fifo_read(s);
567 dx = vmsvga_fifo_read(s);
568 dy = vmsvga_fifo_read(s);
569 width = vmsvga_fifo_read(s);
570 height = vmsvga_fifo_read(s);
571 #ifdef HW_RECT_ACCEL
572 vmsvga_copy_rect(s, x, y, dx, dy, width, height);
573 break;
574 #else
575 args = 0;
576 goto badcmd;
577 #endif
578
579 case SVGA_CMD_DEFINE_CURSOR:
580 len -= 8;
581 if (len < 0)
582 goto rewind;
583
584 cursor.id = vmsvga_fifo_read(s);
585 cursor.hot_x = vmsvga_fifo_read(s);
586 cursor.hot_y = vmsvga_fifo_read(s);
587 cursor.width = x = vmsvga_fifo_read(s);
588 cursor.height = y = vmsvga_fifo_read(s);
589 vmsvga_fifo_read(s);
590 cursor.bpp = vmsvga_fifo_read(s);
591
592 args = SVGA_BITMAP_SIZE(x, y) + SVGA_PIXMAP_SIZE(x, y, cursor.bpp);
593 if (SVGA_BITMAP_SIZE(x, y) > sizeof cursor.mask ||
594 SVGA_PIXMAP_SIZE(x, y, cursor.bpp) > sizeof cursor.image)
595 goto badcmd;
596
597 len -= args;
598 if (len < 0)
599 goto rewind;
600
601 for (args = 0; args < SVGA_BITMAP_SIZE(x, y); args ++)
602 cursor.mask[args] = vmsvga_fifo_read_raw(s);
603 for (args = 0; args < SVGA_PIXMAP_SIZE(x, y, cursor.bpp); args ++)
604 cursor.image[args] = vmsvga_fifo_read_raw(s);
605 #ifdef HW_MOUSE_ACCEL
606 vmsvga_cursor_define(s, &cursor);
607 break;
608 #else
609 args = 0;
610 goto badcmd;
611 #endif
612
613 /*
614 * Other commands that we at least know the number of arguments
615 * for so we can avoid FIFO desync if driver uses them illegally.
616 */
617 case SVGA_CMD_DEFINE_ALPHA_CURSOR:
618 len -= 6;
619 if (len < 0)
620 goto rewind;
621
622 vmsvga_fifo_read(s);
623 vmsvga_fifo_read(s);
624 vmsvga_fifo_read(s);
625 x = vmsvga_fifo_read(s);
626 y = vmsvga_fifo_read(s);
627 args = x * y;
628 goto badcmd;
629 case SVGA_CMD_RECT_ROP_FILL:
630 args = 6;
631 goto badcmd;
632 case SVGA_CMD_RECT_ROP_COPY:
633 args = 7;
634 goto badcmd;
635 case SVGA_CMD_DRAW_GLYPH_CLIPPED:
636 len -= 4;
637 if (len < 0)
638 goto rewind;
639
640 vmsvga_fifo_read(s);
641 vmsvga_fifo_read(s);
642 args = 7 + (vmsvga_fifo_read(s) >> 2);
643 goto badcmd;
644 case SVGA_CMD_SURFACE_ALPHA_BLEND:
645 args = 12;
646 goto badcmd;
647
648 /*
649 * Other commands that are not listed as depending on any
650 * CAPABILITIES bits, but are not described in the README either.
651 */
652 case SVGA_CMD_SURFACE_FILL:
653 case SVGA_CMD_SURFACE_COPY:
654 case SVGA_CMD_FRONT_ROP_FILL:
655 case SVGA_CMD_FENCE:
656 case SVGA_CMD_INVALID_CMD:
657 break; /* Nop */
658
659 default:
660 args = 0;
661 badcmd:
662 len -= args;
663 if (len < 0)
664 goto rewind;
665 while (args --)
666 vmsvga_fifo_read(s);
667 printf("%s: Unknown command 0x%02x in SVGA command FIFO\n",
668 __FUNCTION__, cmd);
669 break;
670
671 rewind:
672 s->cmd->stop = cmd_start;
673 break;
674 }
675 }
676
677 s->syncing = 0;
678 }
679
680 static uint32_t vmsvga_index_read(void *opaque, uint32_t address)
681 {
682 struct vmsvga_state_s *s = opaque;
683 return s->index;
684 }
685
686 static void vmsvga_index_write(void *opaque, uint32_t address, uint32_t index)
687 {
688 struct vmsvga_state_s *s = opaque;
689 s->index = index;
690 }
691
692 static uint32_t vmsvga_value_read(void *opaque, uint32_t address)
693 {
694 uint32_t caps;
695 struct vmsvga_state_s *s = opaque;
696 switch (s->index) {
697 case SVGA_REG_ID:
698 return s->svgaid;
699
700 case SVGA_REG_ENABLE:
701 return s->enable;
702
703 case SVGA_REG_WIDTH:
704 return s->width;
705
706 case SVGA_REG_HEIGHT:
707 return s->height;
708
709 case SVGA_REG_MAX_WIDTH:
710 return SVGA_MAX_WIDTH;
711
712 case SVGA_REG_MAX_HEIGHT:
713 return SVGA_MAX_HEIGHT;
714
715 case SVGA_REG_DEPTH:
716 return s->depth;
717
718 case SVGA_REG_BITS_PER_PIXEL:
719 return (s->depth + 7) & ~7;
720
721 case SVGA_REG_PSEUDOCOLOR:
722 return 0x0;
723
724 case SVGA_REG_RED_MASK:
725 return s->wred;
726 case SVGA_REG_GREEN_MASK:
727 return s->wgreen;
728 case SVGA_REG_BLUE_MASK:
729 return s->wblue;
730
731 case SVGA_REG_BYTES_PER_LINE:
732 return ((s->depth + 7) >> 3) * s->new_width;
733
734 case SVGA_REG_FB_START: {
735 struct pci_vmsvga_state_s *pci_vmsvga
736 = container_of(s, struct pci_vmsvga_state_s, chip);
737 return pci_get_bar_addr(&pci_vmsvga->card, 1);
738 }
739
740 case SVGA_REG_FB_OFFSET:
741 return 0x0;
742
743 case SVGA_REG_VRAM_SIZE:
744 return s->vga.vram_size;
745
746 case SVGA_REG_FB_SIZE:
747 return s->fb_size;
748
749 case SVGA_REG_CAPABILITIES:
750 caps = SVGA_CAP_NONE;
751 #ifdef HW_RECT_ACCEL
752 caps |= SVGA_CAP_RECT_COPY;
753 #endif
754 #ifdef HW_FILL_ACCEL
755 caps |= SVGA_CAP_RECT_FILL;
756 #endif
757 #ifdef HW_MOUSE_ACCEL
758 if (s->vga.ds->mouse_set)
759 caps |= SVGA_CAP_CURSOR | SVGA_CAP_CURSOR_BYPASS_2 |
760 SVGA_CAP_CURSOR_BYPASS;
761 #endif
762 return caps;
763
764 case SVGA_REG_MEM_START: {
765 struct pci_vmsvga_state_s *pci_vmsvga
766 = container_of(s, struct pci_vmsvga_state_s, chip);
767 return pci_get_bar_addr(&pci_vmsvga->card, 2);
768 }
769
770 case SVGA_REG_MEM_SIZE:
771 return s->fifo_size;
772
773 case SVGA_REG_CONFIG_DONE:
774 return s->config;
775
776 case SVGA_REG_SYNC:
777 case SVGA_REG_BUSY:
778 return s->syncing;
779
780 case SVGA_REG_GUEST_ID:
781 return s->guest;
782
783 case SVGA_REG_CURSOR_ID:
784 return s->cursor.id;
785
786 case SVGA_REG_CURSOR_X:
787 return s->cursor.x;
788
789 case SVGA_REG_CURSOR_Y:
790 return s->cursor.x;
791
792 case SVGA_REG_CURSOR_ON:
793 return s->cursor.on;
794
795 case SVGA_REG_HOST_BITS_PER_PIXEL:
796 return (s->depth + 7) & ~7;
797
798 case SVGA_REG_SCRATCH_SIZE:
799 return s->scratch_size;
800
801 case SVGA_REG_MEM_REGS:
802 case SVGA_REG_NUM_DISPLAYS:
803 case SVGA_REG_PITCHLOCK:
804 case SVGA_PALETTE_BASE ... SVGA_PALETTE_END:
805 return 0;
806
807 default:
808 if (s->index >= SVGA_SCRATCH_BASE &&
809 s->index < SVGA_SCRATCH_BASE + s->scratch_size)
810 return s->scratch[s->index - SVGA_SCRATCH_BASE];
811 printf("%s: Bad register %02x\n", __FUNCTION__, s->index);
812 }
813
814 return 0;
815 }
816
817 static void vmsvga_value_write(void *opaque, uint32_t address, uint32_t value)
818 {
819 struct vmsvga_state_s *s = opaque;
820 switch (s->index) {
821 case SVGA_REG_ID:
822 if (value == SVGA_ID_2 || value == SVGA_ID_1 || value == SVGA_ID_0)
823 s->svgaid = value;
824 break;
825
826 case SVGA_REG_ENABLE:
827 s->enable = value;
828 s->config &= !!value;
829 s->width = -1;
830 s->height = -1;
831 s->invalidated = 1;
832 s->vga.invalidate(&s->vga);
833 if (s->enable) {
834 s->fb_size = ((s->depth + 7) >> 3) * s->new_width * s->new_height;
835 vga_dirty_log_stop(&s->vga);
836 } else {
837 vga_dirty_log_start(&s->vga);
838 }
839 break;
840
841 case SVGA_REG_WIDTH:
842 s->new_width = value;
843 s->invalidated = 1;
844 break;
845
846 case SVGA_REG_HEIGHT:
847 s->new_height = value;
848 s->invalidated = 1;
849 break;
850
851 case SVGA_REG_DEPTH:
852 case SVGA_REG_BITS_PER_PIXEL:
853 if (value != s->depth) {
854 printf("%s: Bad colour depth: %i bits\n", __FUNCTION__, value);
855 s->config = 0;
856 }
857 break;
858
859 case SVGA_REG_CONFIG_DONE:
860 if (value) {
861 s->fifo = (uint32_t *) s->fifo_ptr;
862 /* Check range and alignment. */
863 if ((CMD(min) | CMD(max) |
864 CMD(next_cmd) | CMD(stop)) & 3)
865 break;
866 if (CMD(min) < (uint8_t *) s->cmd->fifo - (uint8_t *) s->fifo)
867 break;
868 if (CMD(max) > SVGA_FIFO_SIZE)
869 break;
870 if (CMD(max) < CMD(min) + 10 * 1024)
871 break;
872 }
873 s->config = !!value;
874 break;
875
876 case SVGA_REG_SYNC:
877 s->syncing = 1;
878 vmsvga_fifo_run(s); /* Or should we just wait for update_display? */
879 break;
880
881 case SVGA_REG_GUEST_ID:
882 s->guest = value;
883 #ifdef VERBOSE
884 if (value >= GUEST_OS_BASE && value < GUEST_OS_BASE +
885 ARRAY_SIZE(vmsvga_guest_id))
886 printf("%s: guest runs %s.\n", __FUNCTION__,
887 vmsvga_guest_id[value - GUEST_OS_BASE]);
888 #endif
889 break;
890
891 case SVGA_REG_CURSOR_ID:
892 s->cursor.id = value;
893 break;
894
895 case SVGA_REG_CURSOR_X:
896 s->cursor.x = value;
897 break;
898
899 case SVGA_REG_CURSOR_Y:
900 s->cursor.y = value;
901 break;
902
903 case SVGA_REG_CURSOR_ON:
904 s->cursor.on |= (value == SVGA_CURSOR_ON_SHOW);
905 s->cursor.on &= (value != SVGA_CURSOR_ON_HIDE);
906 #ifdef HW_MOUSE_ACCEL
907 if (s->vga.ds->mouse_set && value <= SVGA_CURSOR_ON_SHOW)
908 s->vga.ds->mouse_set(s->cursor.x, s->cursor.y, s->cursor.on);
909 #endif
910 break;
911
912 case SVGA_REG_MEM_REGS:
913 case SVGA_REG_NUM_DISPLAYS:
914 case SVGA_REG_PITCHLOCK:
915 case SVGA_PALETTE_BASE ... SVGA_PALETTE_END:
916 break;
917
918 default:
919 if (s->index >= SVGA_SCRATCH_BASE &&
920 s->index < SVGA_SCRATCH_BASE + s->scratch_size) {
921 s->scratch[s->index - SVGA_SCRATCH_BASE] = value;
922 break;
923 }
924 printf("%s: Bad register %02x\n", __FUNCTION__, s->index);
925 }
926 }
927
928 static uint32_t vmsvga_bios_read(void *opaque, uint32_t address)
929 {
930 printf("%s: what are we supposed to return?\n", __FUNCTION__);
931 return 0xcafe;
932 }
933
934 static void vmsvga_bios_write(void *opaque, uint32_t address, uint32_t data)
935 {
936 printf("%s: what are we supposed to do with (%08x)?\n",
937 __FUNCTION__, data);
938 }
939
940 static inline void vmsvga_size(struct vmsvga_state_s *s)
941 {
942 if (s->new_width != s->width || s->new_height != s->height) {
943 s->width = s->new_width;
944 s->height = s->new_height;
945 qemu_console_resize(s->vga.ds, s->width, s->height);
946 s->invalidated = 1;
947 }
948 }
949
950 static void vmsvga_update_display(void *opaque)
951 {
952 struct vmsvga_state_s *s = opaque;
953 if (!s->enable) {
954 s->vga.update(&s->vga);
955 return;
956 }
957
958 vmsvga_size(s);
959
960 vmsvga_fifo_run(s);
961 vmsvga_update_rect_flush(s);
962
963 /*
964 * Is it more efficient to look at vram VGA-dirty bits or wait
965 * for the driver to issue SVGA_CMD_UPDATE?
966 */
967 if (s->invalidated) {
968 s->invalidated = 0;
969 vmsvga_update_screen(s);
970 }
971 }
972
973 static void vmsvga_reset(DeviceState *dev)
974 {
975 struct pci_vmsvga_state_s *pci =
976 DO_UPCAST(struct pci_vmsvga_state_s, card.qdev, dev);
977 struct vmsvga_state_s *s = &pci->chip;
978
979 s->index = 0;
980 s->enable = 0;
981 s->config = 0;
982 s->width = -1;
983 s->height = -1;
984 s->svgaid = SVGA_ID;
985 s->cursor.on = 0;
986 s->redraw_fifo_first = 0;
987 s->redraw_fifo_last = 0;
988 s->syncing = 0;
989
990 vga_dirty_log_start(&s->vga);
991 }
992
993 static void vmsvga_invalidate_display(void *opaque)
994 {
995 struct vmsvga_state_s *s = opaque;
996 if (!s->enable) {
997 s->vga.invalidate(&s->vga);
998 return;
999 }
1000
1001 s->invalidated = 1;
1002 }
1003
1004 /* save the vga display in a PPM image even if no display is
1005 available */
1006 static void vmsvga_screen_dump(void *opaque, const char *filename)
1007 {
1008 struct vmsvga_state_s *s = opaque;
1009 if (!s->enable) {
1010 s->vga.screen_dump(&s->vga, filename);
1011 return;
1012 }
1013
1014 if (s->depth == 32) {
1015 DisplaySurface *ds = qemu_create_displaysurface_from(s->width,
1016 s->height, 32, ds_get_linesize(s->vga.ds), s->vga.vram_ptr);
1017 ppm_save(filename, ds);
1018 g_free(ds);
1019 }
1020 }
1021
1022 static void vmsvga_text_update(void *opaque, console_ch_t *chardata)
1023 {
1024 struct vmsvga_state_s *s = opaque;
1025
1026 if (s->vga.text_update)
1027 s->vga.text_update(&s->vga, chardata);
1028 }
1029
1030 static int vmsvga_post_load(void *opaque, int version_id)
1031 {
1032 struct vmsvga_state_s *s = opaque;
1033
1034 s->invalidated = 1;
1035 if (s->config)
1036 s->fifo = (uint32_t *) s->fifo_ptr;
1037
1038 return 0;
1039 }
1040
1041 static const VMStateDescription vmstate_vmware_vga_internal = {
1042 .name = "vmware_vga_internal",
1043 .version_id = 0,
1044 .minimum_version_id = 0,
1045 .minimum_version_id_old = 0,
1046 .post_load = vmsvga_post_load,
1047 .fields = (VMStateField []) {
1048 VMSTATE_INT32_EQUAL(depth, struct vmsvga_state_s),
1049 VMSTATE_INT32(enable, struct vmsvga_state_s),
1050 VMSTATE_INT32(config, struct vmsvga_state_s),
1051 VMSTATE_INT32(cursor.id, struct vmsvga_state_s),
1052 VMSTATE_INT32(cursor.x, struct vmsvga_state_s),
1053 VMSTATE_INT32(cursor.y, struct vmsvga_state_s),
1054 VMSTATE_INT32(cursor.on, struct vmsvga_state_s),
1055 VMSTATE_INT32(index, struct vmsvga_state_s),
1056 VMSTATE_VARRAY_INT32(scratch, struct vmsvga_state_s,
1057 scratch_size, 0, vmstate_info_uint32, uint32_t),
1058 VMSTATE_INT32(new_width, struct vmsvga_state_s),
1059 VMSTATE_INT32(new_height, struct vmsvga_state_s),
1060 VMSTATE_UINT32(guest, struct vmsvga_state_s),
1061 VMSTATE_UINT32(svgaid, struct vmsvga_state_s),
1062 VMSTATE_INT32(syncing, struct vmsvga_state_s),
1063 VMSTATE_INT32(fb_size, struct vmsvga_state_s),
1064 VMSTATE_END_OF_LIST()
1065 }
1066 };
1067
1068 static const VMStateDescription vmstate_vmware_vga = {
1069 .name = "vmware_vga",
1070 .version_id = 0,
1071 .minimum_version_id = 0,
1072 .minimum_version_id_old = 0,
1073 .fields = (VMStateField []) {
1074 VMSTATE_PCI_DEVICE(card, struct pci_vmsvga_state_s),
1075 VMSTATE_STRUCT(chip, struct pci_vmsvga_state_s, 0,
1076 vmstate_vmware_vga_internal, struct vmsvga_state_s),
1077 VMSTATE_END_OF_LIST()
1078 }
1079 };
1080
1081 static void vmsvga_init(struct vmsvga_state_s *s, int vga_ram_size,
1082 MemoryRegion *address_space, MemoryRegion *io)
1083 {
1084 s->scratch_size = SVGA_SCRATCH_SIZE;
1085 s->scratch = g_malloc(s->scratch_size * 4);
1086
1087 s->vga.ds = graphic_console_init(vmsvga_update_display,
1088 vmsvga_invalidate_display,
1089 vmsvga_screen_dump,
1090 vmsvga_text_update, s);
1091
1092
1093 s->fifo_size = SVGA_FIFO_SIZE;
1094 memory_region_init_ram(&s->fifo_ram, NULL, "vmsvga.fifo", s->fifo_size);
1095 s->fifo_ptr = memory_region_get_ram_ptr(&s->fifo_ram);
1096
1097 vga_common_init(&s->vga, vga_ram_size);
1098 vga_init(&s->vga, address_space, io, true);
1099 vmstate_register(NULL, 0, &vmstate_vga_common, &s->vga);
1100
1101 s->depth = ds_get_bits_per_pixel(s->vga.ds);
1102 s->bypp = ds_get_bytes_per_pixel(s->vga.ds);
1103 switch (s->depth) {
1104 case 8:
1105 s->wred = 0x00000007;
1106 s->wgreen = 0x00000038;
1107 s->wblue = 0x000000c0;
1108 break;
1109 case 15:
1110 s->wred = 0x0000001f;
1111 s->wgreen = 0x000003e0;
1112 s->wblue = 0x00007c00;
1113 break;
1114 case 16:
1115 s->wred = 0x0000001f;
1116 s->wgreen = 0x000007e0;
1117 s->wblue = 0x0000f800;
1118 break;
1119 case 24:
1120 s->wred = 0x00ff0000;
1121 s->wgreen = 0x0000ff00;
1122 s->wblue = 0x000000ff;
1123 break;
1124 case 32:
1125 s->wred = 0x00ff0000;
1126 s->wgreen = 0x0000ff00;
1127 s->wblue = 0x000000ff;
1128 break;
1129 }
1130 }
1131
1132 static uint64_t vmsvga_io_read(void *opaque, target_phys_addr_t addr,
1133 unsigned size)
1134 {
1135 struct vmsvga_state_s *s = opaque;
1136
1137 switch (addr) {
1138 case SVGA_IO_MUL * SVGA_INDEX_PORT: return vmsvga_index_read(s, addr);
1139 case SVGA_IO_MUL * SVGA_VALUE_PORT: return vmsvga_value_read(s, addr);
1140 case SVGA_IO_MUL * SVGA_BIOS_PORT: return vmsvga_bios_read(s, addr);
1141 default: return -1u;
1142 }
1143 }
1144
1145 static void vmsvga_io_write(void *opaque, target_phys_addr_t addr,
1146 uint64_t data, unsigned size)
1147 {
1148 struct vmsvga_state_s *s = opaque;
1149
1150 switch (addr) {
1151 case SVGA_IO_MUL * SVGA_INDEX_PORT:
1152 return vmsvga_index_write(s, addr, data);
1153 case SVGA_IO_MUL * SVGA_VALUE_PORT:
1154 return vmsvga_value_write(s, addr, data);
1155 case SVGA_IO_MUL * SVGA_BIOS_PORT:
1156 return vmsvga_bios_write(s, addr, data);
1157 }
1158 }
1159
1160 static const MemoryRegionOps vmsvga_io_ops = {
1161 .read = vmsvga_io_read,
1162 .write = vmsvga_io_write,
1163 .endianness = DEVICE_LITTLE_ENDIAN,
1164 .valid = {
1165 .min_access_size = 4,
1166 .max_access_size = 4,
1167 },
1168 };
1169
1170 static int pci_vmsvga_initfn(PCIDevice *dev)
1171 {
1172 struct pci_vmsvga_state_s *s =
1173 DO_UPCAST(struct pci_vmsvga_state_s, card, dev);
1174 MemoryRegion *iomem;
1175
1176 iomem = &s->chip.vga.vram;
1177
1178 s->card.config[PCI_CACHE_LINE_SIZE] = 0x08; /* Cache line size */
1179 s->card.config[PCI_LATENCY_TIMER] = 0x40; /* Latency timer */
1180 s->card.config[PCI_INTERRUPT_LINE] = 0xff; /* End */
1181
1182 memory_region_init_io(&s->io_bar, &vmsvga_io_ops, &s->chip,
1183 "vmsvga-io", 0x10);
1184 pci_register_bar(&s->card, 0, PCI_BASE_ADDRESS_SPACE_IO, &s->io_bar);
1185
1186 vmsvga_init(&s->chip, VGA_RAM_SIZE, pci_address_space(dev),
1187 pci_address_space_io(dev));
1188
1189 pci_register_bar(&s->card, 1, PCI_BASE_ADDRESS_MEM_PREFETCH, iomem);
1190 pci_register_bar(&s->card, 2, PCI_BASE_ADDRESS_MEM_PREFETCH,
1191 &s->chip.fifo_ram);
1192
1193 if (!dev->rom_bar) {
1194 /* compatibility with pc-0.13 and older */
1195 vga_init_vbe(&s->chip.vga, pci_address_space(dev));
1196 }
1197
1198 return 0;
1199 }
1200
1201 static PCIDeviceInfo vmsvga_info = {
1202 .qdev.name = "vmware-svga",
1203 .qdev.size = sizeof(struct pci_vmsvga_state_s),
1204 .qdev.vmsd = &vmstate_vmware_vga,
1205 .qdev.reset = vmsvga_reset,
1206 .no_hotplug = 1,
1207 .init = pci_vmsvga_initfn,
1208 .romfile = "vgabios-vmware.bin",
1209
1210 .vendor_id = PCI_VENDOR_ID_VMWARE,
1211 .device_id = SVGA_PCI_DEVICE_ID,
1212 .class_id = PCI_CLASS_DISPLAY_VGA,
1213 .subsystem_vendor_id = PCI_VENDOR_ID_VMWARE,
1214 .subsystem_id = SVGA_PCI_DEVICE_ID,
1215 };
1216
1217 static void vmsvga_register(void)
1218 {
1219 pci_qdev_register(&vmsvga_info);
1220 }
1221 device_init(vmsvga_register);
QEmu