hw/misc/a9scu: Do not allow invalid CPU count
[qemu/ar7.git] / hw / display / vhost-user-gpu.c
blob51f1747c4a41baf8488089ec64cf31958807de0e
1 /*
2 * vhost-user GPU Device
4 * Copyright Red Hat, Inc. 2018
6 * Authors:
7 * Marc-André Lureau <marcandre.lureau@redhat.com>
9 * This work is licensed under the terms of the GNU GPL, version 2 or later.
10 * See the COPYING file in the top-level directory.
13 #include "qemu/osdep.h"
14 #include "hw/qdev-properties.h"
15 #include "hw/virtio/virtio-gpu.h"
16 #include "chardev/char-fe.h"
17 #include "qapi/error.h"
18 #include "migration/blocker.h"
20 typedef enum VhostUserGpuRequest {
21 VHOST_USER_GPU_NONE = 0,
22 VHOST_USER_GPU_GET_PROTOCOL_FEATURES,
23 VHOST_USER_GPU_SET_PROTOCOL_FEATURES,
24 VHOST_USER_GPU_GET_DISPLAY_INFO,
25 VHOST_USER_GPU_CURSOR_POS,
26 VHOST_USER_GPU_CURSOR_POS_HIDE,
27 VHOST_USER_GPU_CURSOR_UPDATE,
28 VHOST_USER_GPU_SCANOUT,
29 VHOST_USER_GPU_UPDATE,
30 VHOST_USER_GPU_DMABUF_SCANOUT,
31 VHOST_USER_GPU_DMABUF_UPDATE,
32 } VhostUserGpuRequest;
34 typedef struct VhostUserGpuDisplayInfoReply {
35 struct virtio_gpu_resp_display_info info;
36 } VhostUserGpuDisplayInfoReply;
38 typedef struct VhostUserGpuCursorPos {
39 uint32_t scanout_id;
40 uint32_t x;
41 uint32_t y;
42 } QEMU_PACKED VhostUserGpuCursorPos;
44 typedef struct VhostUserGpuCursorUpdate {
45 VhostUserGpuCursorPos pos;
46 uint32_t hot_x;
47 uint32_t hot_y;
48 uint32_t data[64 * 64];
49 } QEMU_PACKED VhostUserGpuCursorUpdate;
51 typedef struct VhostUserGpuScanout {
52 uint32_t scanout_id;
53 uint32_t width;
54 uint32_t height;
55 } QEMU_PACKED VhostUserGpuScanout;
57 typedef struct VhostUserGpuUpdate {
58 uint32_t scanout_id;
59 uint32_t x;
60 uint32_t y;
61 uint32_t width;
62 uint32_t height;
63 uint8_t data[];
64 } QEMU_PACKED VhostUserGpuUpdate;
66 typedef struct VhostUserGpuDMABUFScanout {
67 uint32_t scanout_id;
68 uint32_t x;
69 uint32_t y;
70 uint32_t width;
71 uint32_t height;
72 uint32_t fd_width;
73 uint32_t fd_height;
74 uint32_t fd_stride;
75 uint32_t fd_flags;
76 int fd_drm_fourcc;
77 } QEMU_PACKED VhostUserGpuDMABUFScanout;
79 typedef struct VhostUserGpuMsg {
80 uint32_t request; /* VhostUserGpuRequest */
81 uint32_t flags;
82 uint32_t size; /* the following payload size */
83 union {
84 VhostUserGpuCursorPos cursor_pos;
85 VhostUserGpuCursorUpdate cursor_update;
86 VhostUserGpuScanout scanout;
87 VhostUserGpuUpdate update;
88 VhostUserGpuDMABUFScanout dmabuf_scanout;
89 struct virtio_gpu_resp_display_info display_info;
90 uint64_t u64;
91 } payload;
92 } QEMU_PACKED VhostUserGpuMsg;
94 static VhostUserGpuMsg m __attribute__ ((unused));
95 #define VHOST_USER_GPU_HDR_SIZE \
96 (sizeof(m.request) + sizeof(m.size) + sizeof(m.flags))
98 #define VHOST_USER_GPU_MSG_FLAG_REPLY 0x4
100 static void vhost_user_gpu_update_blocked(VhostUserGPU *g, bool blocked);
102 static void
103 vhost_user_gpu_handle_cursor(VhostUserGPU *g, VhostUserGpuMsg *msg)
105 VhostUserGpuCursorPos *pos = &msg->payload.cursor_pos;
106 struct virtio_gpu_scanout *s;
108 if (pos->scanout_id >= g->parent_obj.conf.max_outputs) {
109 return;
111 s = &g->parent_obj.scanout[pos->scanout_id];
113 if (msg->request == VHOST_USER_GPU_CURSOR_UPDATE) {
114 VhostUserGpuCursorUpdate *up = &msg->payload.cursor_update;
115 if (!s->current_cursor) {
116 s->current_cursor = cursor_alloc(64, 64);
119 s->current_cursor->hot_x = up->hot_x;
120 s->current_cursor->hot_y = up->hot_y;
122 memcpy(s->current_cursor->data, up->data,
123 64 * 64 * sizeof(uint32_t));
125 dpy_cursor_define(s->con, s->current_cursor);
128 dpy_mouse_set(s->con, pos->x, pos->y,
129 msg->request != VHOST_USER_GPU_CURSOR_POS_HIDE);
132 static void
133 vhost_user_gpu_send_msg(VhostUserGPU *g, const VhostUserGpuMsg *msg)
135 qemu_chr_fe_write(&g->vhost_chr, (uint8_t *)msg,
136 VHOST_USER_GPU_HDR_SIZE + msg->size);
139 static void
140 vhost_user_gpu_unblock(VhostUserGPU *g)
142 VhostUserGpuMsg msg = {
143 .request = VHOST_USER_GPU_DMABUF_UPDATE,
144 .flags = VHOST_USER_GPU_MSG_FLAG_REPLY,
147 vhost_user_gpu_send_msg(g, &msg);
150 static void
151 vhost_user_gpu_handle_display(VhostUserGPU *g, VhostUserGpuMsg *msg)
153 QemuConsole *con = NULL;
154 struct virtio_gpu_scanout *s;
156 switch (msg->request) {
157 case VHOST_USER_GPU_GET_PROTOCOL_FEATURES: {
158 VhostUserGpuMsg reply = {
159 .request = msg->request,
160 .flags = VHOST_USER_GPU_MSG_FLAG_REPLY,
161 .size = sizeof(uint64_t),
164 vhost_user_gpu_send_msg(g, &reply);
165 break;
167 case VHOST_USER_GPU_SET_PROTOCOL_FEATURES: {
168 break;
170 case VHOST_USER_GPU_GET_DISPLAY_INFO: {
171 struct virtio_gpu_resp_display_info display_info = { {} };
172 VhostUserGpuMsg reply = {
173 .request = msg->request,
174 .flags = VHOST_USER_GPU_MSG_FLAG_REPLY,
175 .size = sizeof(struct virtio_gpu_resp_display_info),
178 display_info.hdr.type = VIRTIO_GPU_RESP_OK_DISPLAY_INFO;
179 virtio_gpu_base_fill_display_info(VIRTIO_GPU_BASE(g), &display_info);
180 memcpy(&reply.payload.display_info, &display_info,
181 sizeof(display_info));
182 vhost_user_gpu_send_msg(g, &reply);
183 break;
185 case VHOST_USER_GPU_SCANOUT: {
186 VhostUserGpuScanout *m = &msg->payload.scanout;
188 if (m->scanout_id >= g->parent_obj.conf.max_outputs) {
189 return;
192 g->parent_obj.enable = 1;
193 s = &g->parent_obj.scanout[m->scanout_id];
194 con = s->con;
196 if (m->scanout_id == 0 && m->width == 0) {
197 s->ds = qemu_create_message_surface(640, 480,
198 "Guest disabled display.");
199 dpy_gfx_replace_surface(con, s->ds);
200 } else {
201 s->ds = qemu_create_displaysurface(m->width, m->height);
202 /* replace surface on next update */
205 break;
207 case VHOST_USER_GPU_DMABUF_SCANOUT: {
208 VhostUserGpuDMABUFScanout *m = &msg->payload.dmabuf_scanout;
209 int fd = qemu_chr_fe_get_msgfd(&g->vhost_chr);
210 QemuDmaBuf *dmabuf;
212 if (m->scanout_id >= g->parent_obj.conf.max_outputs) {
213 error_report("invalid scanout: %d", m->scanout_id);
214 if (fd >= 0) {
215 close(fd);
217 break;
220 g->parent_obj.enable = 1;
221 con = g->parent_obj.scanout[m->scanout_id].con;
222 dmabuf = &g->dmabuf[m->scanout_id];
223 if (dmabuf->fd >= 0) {
224 close(dmabuf->fd);
225 dmabuf->fd = -1;
227 if (!console_has_gl_dmabuf(con)) {
228 /* it would be nice to report that error earlier */
229 error_report("console doesn't support dmabuf!");
230 break;
232 dpy_gl_release_dmabuf(con, dmabuf);
233 if (fd == -1) {
234 dpy_gl_scanout_disable(con);
235 break;
237 *dmabuf = (QemuDmaBuf) {
238 .fd = fd,
239 .width = m->fd_width,
240 .height = m->fd_height,
241 .stride = m->fd_stride,
242 .fourcc = m->fd_drm_fourcc,
243 .y0_top = m->fd_flags & VIRTIO_GPU_RESOURCE_FLAG_Y_0_TOP,
245 dpy_gl_scanout_dmabuf(con, dmabuf);
246 break;
248 case VHOST_USER_GPU_DMABUF_UPDATE: {
249 VhostUserGpuUpdate *m = &msg->payload.update;
251 if (m->scanout_id >= g->parent_obj.conf.max_outputs ||
252 !g->parent_obj.scanout[m->scanout_id].con) {
253 error_report("invalid scanout update: %d", m->scanout_id);
254 vhost_user_gpu_unblock(g);
255 break;
258 con = g->parent_obj.scanout[m->scanout_id].con;
259 if (!console_has_gl(con)) {
260 error_report("console doesn't support GL!");
261 vhost_user_gpu_unblock(g);
262 break;
264 dpy_gl_update(con, m->x, m->y, m->width, m->height);
265 g->backend_blocked = true;
266 break;
268 case VHOST_USER_GPU_UPDATE: {
269 VhostUserGpuUpdate *m = &msg->payload.update;
271 if (m->scanout_id >= g->parent_obj.conf.max_outputs) {
272 break;
274 s = &g->parent_obj.scanout[m->scanout_id];
275 con = s->con;
276 pixman_image_t *image =
277 pixman_image_create_bits(PIXMAN_x8r8g8b8,
278 m->width,
279 m->height,
280 (uint32_t *)m->data,
281 m->width * 4);
283 pixman_image_composite(PIXMAN_OP_SRC,
284 image, NULL, s->ds->image,
285 0, 0, 0, 0, m->x, m->y, m->width, m->height);
287 pixman_image_unref(image);
288 if (qemu_console_surface(con) != s->ds) {
289 dpy_gfx_replace_surface(con, s->ds);
290 } else {
291 dpy_gfx_update(con, m->x, m->y, m->width, m->height);
293 break;
295 default:
296 g_warning("unhandled message %d %d", msg->request, msg->size);
299 if (con && qemu_console_is_gl_blocked(con)) {
300 vhost_user_gpu_update_blocked(g, true);
304 static void
305 vhost_user_gpu_chr_read(void *opaque)
307 VhostUserGPU *g = opaque;
308 VhostUserGpuMsg *msg = NULL;
309 VhostUserGpuRequest request;
310 uint32_t size, flags;
311 int r;
313 r = qemu_chr_fe_read_all(&g->vhost_chr,
314 (uint8_t *)&request, sizeof(uint32_t));
315 if (r != sizeof(uint32_t)) {
316 error_report("failed to read msg header: %d, %d", r, errno);
317 goto end;
320 r = qemu_chr_fe_read_all(&g->vhost_chr,
321 (uint8_t *)&flags, sizeof(uint32_t));
322 if (r != sizeof(uint32_t)) {
323 error_report("failed to read msg flags");
324 goto end;
327 r = qemu_chr_fe_read_all(&g->vhost_chr,
328 (uint8_t *)&size, sizeof(uint32_t));
329 if (r != sizeof(uint32_t)) {
330 error_report("failed to read msg size");
331 goto end;
334 msg = g_malloc(VHOST_USER_GPU_HDR_SIZE + size);
335 g_return_if_fail(msg != NULL);
337 r = qemu_chr_fe_read_all(&g->vhost_chr,
338 (uint8_t *)&msg->payload, size);
339 if (r != size) {
340 error_report("failed to read msg payload %d != %d", r, size);
341 goto end;
344 msg->request = request;
345 msg->flags = size;
346 msg->size = size;
348 if (request == VHOST_USER_GPU_CURSOR_UPDATE ||
349 request == VHOST_USER_GPU_CURSOR_POS ||
350 request == VHOST_USER_GPU_CURSOR_POS_HIDE) {
351 vhost_user_gpu_handle_cursor(g, msg);
352 } else {
353 vhost_user_gpu_handle_display(g, msg);
356 end:
357 g_free(msg);
360 static void
361 vhost_user_gpu_update_blocked(VhostUserGPU *g, bool blocked)
363 qemu_set_fd_handler(g->vhost_gpu_fd,
364 blocked ? NULL : vhost_user_gpu_chr_read, NULL, g);
367 static void
368 vhost_user_gpu_gl_unblock(VirtIOGPUBase *b)
370 VhostUserGPU *g = VHOST_USER_GPU(b);
372 if (g->backend_blocked) {
373 vhost_user_gpu_unblock(VHOST_USER_GPU(g));
374 g->backend_blocked = false;
377 vhost_user_gpu_update_blocked(VHOST_USER_GPU(g), false);
380 static bool
381 vhost_user_gpu_do_set_socket(VhostUserGPU *g, Error **errp)
383 Chardev *chr;
384 int sv[2];
386 if (socketpair(PF_UNIX, SOCK_STREAM, 0, sv) == -1) {
387 error_setg_errno(errp, errno, "socketpair() failed");
388 return false;
391 chr = CHARDEV(object_new(TYPE_CHARDEV_SOCKET));
392 if (!chr || qemu_chr_add_client(chr, sv[0]) == -1) {
393 error_setg(errp, "Failed to make socket chardev");
394 goto err;
396 if (!qemu_chr_fe_init(&g->vhost_chr, chr, errp)) {
397 goto err;
399 if (vhost_user_gpu_set_socket(&g->vhost->dev, sv[1]) < 0) {
400 error_setg(errp, "Failed to set vhost-user-gpu socket");
401 qemu_chr_fe_deinit(&g->vhost_chr, false);
402 goto err;
405 g->vhost_gpu_fd = sv[0];
406 vhost_user_gpu_update_blocked(g, false);
407 close(sv[1]);
408 return true;
410 err:
411 close(sv[0]);
412 close(sv[1]);
413 if (chr) {
414 object_unref(OBJECT(chr));
416 return false;
419 static void
420 vhost_user_gpu_get_config(VirtIODevice *vdev, uint8_t *config_data)
422 VhostUserGPU *g = VHOST_USER_GPU(vdev);
423 VirtIOGPUBase *b = VIRTIO_GPU_BASE(vdev);
424 struct virtio_gpu_config *vgconfig =
425 (struct virtio_gpu_config *)config_data;
426 int ret;
428 memset(config_data, 0, sizeof(struct virtio_gpu_config));
430 ret = vhost_dev_get_config(&g->vhost->dev,
431 config_data, sizeof(struct virtio_gpu_config));
432 if (ret) {
433 error_report("vhost-user-gpu: get device config space failed");
434 return;
437 /* those fields are managed by qemu */
438 vgconfig->num_scanouts = b->virtio_config.num_scanouts;
439 vgconfig->events_read = b->virtio_config.events_read;
440 vgconfig->events_clear = b->virtio_config.events_clear;
443 static void
444 vhost_user_gpu_set_config(VirtIODevice *vdev,
445 const uint8_t *config_data)
447 VhostUserGPU *g = VHOST_USER_GPU(vdev);
448 VirtIOGPUBase *b = VIRTIO_GPU_BASE(vdev);
449 const struct virtio_gpu_config *vgconfig =
450 (const struct virtio_gpu_config *)config_data;
451 int ret;
453 if (vgconfig->events_clear) {
454 b->virtio_config.events_read &= ~vgconfig->events_clear;
457 ret = vhost_dev_set_config(&g->vhost->dev, config_data,
458 0, sizeof(struct virtio_gpu_config),
459 VHOST_SET_CONFIG_TYPE_MASTER);
460 if (ret) {
461 error_report("vhost-user-gpu: set device config space failed");
462 return;
466 static void
467 vhost_user_gpu_set_status(VirtIODevice *vdev, uint8_t val)
469 VhostUserGPU *g = VHOST_USER_GPU(vdev);
470 Error *err = NULL;
472 if (val & VIRTIO_CONFIG_S_DRIVER_OK && vdev->vm_running) {
473 if (!vhost_user_gpu_do_set_socket(g, &err)) {
474 error_report_err(err);
475 return;
477 vhost_user_backend_start(g->vhost);
478 } else {
479 /* unblock any wait and stop processing */
480 if (g->vhost_gpu_fd != -1) {
481 vhost_user_gpu_update_blocked(g, true);
482 qemu_chr_fe_deinit(&g->vhost_chr, true);
483 g->vhost_gpu_fd = -1;
485 vhost_user_backend_stop(g->vhost);
489 static bool
490 vhost_user_gpu_guest_notifier_pending(VirtIODevice *vdev, int idx)
492 VhostUserGPU *g = VHOST_USER_GPU(vdev);
494 return vhost_virtqueue_pending(&g->vhost->dev, idx);
497 static void
498 vhost_user_gpu_guest_notifier_mask(VirtIODevice *vdev, int idx, bool mask)
500 VhostUserGPU *g = VHOST_USER_GPU(vdev);
502 vhost_virtqueue_mask(&g->vhost->dev, vdev, idx, mask);
505 static void
506 vhost_user_gpu_instance_init(Object *obj)
508 VhostUserGPU *g = VHOST_USER_GPU(obj);
510 g->vhost = VHOST_USER_BACKEND(object_new(TYPE_VHOST_USER_BACKEND));
511 object_property_add_alias(obj, "chardev",
512 OBJECT(g->vhost), "chardev");
515 static void
516 vhost_user_gpu_instance_finalize(Object *obj)
518 VhostUserGPU *g = VHOST_USER_GPU(obj);
520 object_unref(OBJECT(g->vhost));
523 static void
524 vhost_user_gpu_reset(VirtIODevice *vdev)
526 VhostUserGPU *g = VHOST_USER_GPU(vdev);
528 virtio_gpu_base_reset(VIRTIO_GPU_BASE(vdev));
530 vhost_user_backend_stop(g->vhost);
533 static int
534 vhost_user_gpu_config_change(struct vhost_dev *dev)
536 error_report("vhost-user-gpu: unhandled backend config change");
537 return -1;
540 static const VhostDevConfigOps config_ops = {
541 .vhost_dev_config_notifier = vhost_user_gpu_config_change,
544 static void
545 vhost_user_gpu_device_realize(DeviceState *qdev, Error **errp)
547 VhostUserGPU *g = VHOST_USER_GPU(qdev);
548 VirtIODevice *vdev = VIRTIO_DEVICE(g);
550 vhost_dev_set_config_notifier(&g->vhost->dev, &config_ops);
551 if (vhost_user_backend_dev_init(g->vhost, vdev, 2, errp) < 0) {
552 return;
555 if (virtio_has_feature(g->vhost->dev.features, VIRTIO_GPU_F_VIRGL)) {
556 g->parent_obj.conf.flags |= 1 << VIRTIO_GPU_FLAG_VIRGL_ENABLED;
559 if (!virtio_gpu_base_device_realize(qdev, NULL, NULL, errp)) {
560 return;
563 g->vhost_gpu_fd = -1;
566 static Property vhost_user_gpu_properties[] = {
567 VIRTIO_GPU_BASE_PROPERTIES(VhostUserGPU, parent_obj.conf),
568 DEFINE_PROP_END_OF_LIST(),
571 static void
572 vhost_user_gpu_class_init(ObjectClass *klass, void *data)
574 DeviceClass *dc = DEVICE_CLASS(klass);
575 VirtioDeviceClass *vdc = VIRTIO_DEVICE_CLASS(klass);
576 VirtIOGPUBaseClass *vgc = VIRTIO_GPU_BASE_CLASS(klass);
578 vgc->gl_unblock = vhost_user_gpu_gl_unblock;
580 vdc->realize = vhost_user_gpu_device_realize;
581 vdc->reset = vhost_user_gpu_reset;
582 vdc->set_status = vhost_user_gpu_set_status;
583 vdc->guest_notifier_mask = vhost_user_gpu_guest_notifier_mask;
584 vdc->guest_notifier_pending = vhost_user_gpu_guest_notifier_pending;
585 vdc->get_config = vhost_user_gpu_get_config;
586 vdc->set_config = vhost_user_gpu_set_config;
588 device_class_set_props(dc, vhost_user_gpu_properties);
591 static const TypeInfo vhost_user_gpu_info = {
592 .name = TYPE_VHOST_USER_GPU,
593 .parent = TYPE_VIRTIO_GPU_BASE,
594 .instance_size = sizeof(VhostUserGPU),
595 .instance_init = vhost_user_gpu_instance_init,
596 .instance_finalize = vhost_user_gpu_instance_finalize,
597 .class_init = vhost_user_gpu_class_init,
600 static void vhost_user_gpu_register_types(void)
602 type_register_static(&vhost_user_gpu_info);
605 type_init(vhost_user_gpu_register_types)