search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
rtl8139: fix possible out of bound access
[qemu/ar7.git] / ui / spice-display.c
blob2f8adb6b9fad067b41303ed6804f43850eb58a4d
1 /*
2 * Copyright (C) 2010 Red Hat, Inc.
3 *
4 * This program is free software; you can redistribute it and/or
5 * modify it under the terms of the GNU General Public License as
6 * published by the Free Software Foundation; either version 2 or
7 * (at your option) version 3 of the License.
8 *
9 * This program is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU General Public License for more details.
13 *
14 * You should have received a copy of the GNU General Public License
15 * along with this program; if not, see <http://www.gnu.org/licenses/>.
16 */
17
18 #include "qemu/osdep.h"
19 #include "ui/qemu-spice.h"
20 #include "qemu/timer.h"
21 #include "qemu/option.h"
22 #include "qemu/queue.h"
23 #include "ui/console.h"
24 #include "sysemu/sysemu.h"
25 #include "trace.h"
26
27 #include "ui/spice-display.h"
28
29 bool spice_opengl;
30
31 int qemu_spice_rect_is_empty(const QXLRect* r)
32 {
33 return r->top == r->bottom || r->left == r->right;
34 }
35
36 void qemu_spice_rect_union(QXLRect *dest, const QXLRect *r)
37 {
38 if (qemu_spice_rect_is_empty(r)) {
39 return;
40 }
41
42 if (qemu_spice_rect_is_empty(dest)) {
43 *dest = *r;
44 return;
45 }
46
47 dest->top = MIN(dest->top, r->top);
48 dest->left = MIN(dest->left, r->left);
49 dest->bottom = MAX(dest->bottom, r->bottom);
50 dest->right = MAX(dest->right, r->right);
51 }
52
53 QXLCookie *qxl_cookie_new(int type, uint64_t io)
54 {
55 QXLCookie *cookie;
56
57 cookie = g_malloc0(sizeof(*cookie));
58 cookie->type = type;
59 cookie->io = io;
60 return cookie;
61 }
62
63 void qemu_spice_add_memslot(SimpleSpiceDisplay *ssd, QXLDevMemSlot *memslot,
64 qxl_async_io async)
65 {
66 trace_qemu_spice_add_memslot(ssd->qxl.id, memslot->slot_id,
67 memslot->virt_start, memslot->virt_end,
68 async);
69
70 if (async != QXL_SYNC) {
71 spice_qxl_add_memslot_async(&ssd->qxl, memslot,
72 (uintptr_t)qxl_cookie_new(QXL_COOKIE_TYPE_IO,
73 QXL_IO_MEMSLOT_ADD_ASYNC));
74 } else {
75 spice_qxl_add_memslot(&ssd->qxl, memslot);
76 }
77 }
78
79 void qemu_spice_del_memslot(SimpleSpiceDisplay *ssd, uint32_t gid, uint32_t sid)
80 {
81 trace_qemu_spice_del_memslot(ssd->qxl.id, gid, sid);
82 spice_qxl_del_memslot(&ssd->qxl, gid, sid);
83 }
84
85 void qemu_spice_create_primary_surface(SimpleSpiceDisplay *ssd, uint32_t id,
86 QXLDevSurfaceCreate *surface,
87 qxl_async_io async)
88 {
89 trace_qemu_spice_create_primary_surface(ssd->qxl.id, id, surface, async);
90 if (async != QXL_SYNC) {
91 spice_qxl_create_primary_surface_async(&ssd->qxl, id, surface,
92 (uintptr_t)qxl_cookie_new(QXL_COOKIE_TYPE_IO,
93 QXL_IO_CREATE_PRIMARY_ASYNC));
94 } else {
95 spice_qxl_create_primary_surface(&ssd->qxl, id, surface);
96 }
97 }
98
99 void qemu_spice_destroy_primary_surface(SimpleSpiceDisplay *ssd,
100 uint32_t id, qxl_async_io async)
101 {
102 trace_qemu_spice_destroy_primary_surface(ssd->qxl.id, id, async);
103 if (async != QXL_SYNC) {
104 spice_qxl_destroy_primary_surface_async(&ssd->qxl, id,
105 (uintptr_t)qxl_cookie_new(QXL_COOKIE_TYPE_IO,
106 QXL_IO_DESTROY_PRIMARY_ASYNC));
107 } else {
108 spice_qxl_destroy_primary_surface(&ssd->qxl, id);
109 }
110 }
111
112 void qemu_spice_wakeup(SimpleSpiceDisplay *ssd)
113 {
114 trace_qemu_spice_wakeup(ssd->qxl.id);
115 spice_qxl_wakeup(&ssd->qxl);
116 }
117
118 static void qemu_spice_create_one_update(SimpleSpiceDisplay *ssd,
119 QXLRect *rect)
120 {
121 SimpleSpiceUpdate *update;
122 QXLDrawable *drawable;
123 QXLImage *image;
124 QXLCommand *cmd;
125 int bw, bh;
126 struct timespec time_space;
127 pixman_image_t *dest;
128
129 trace_qemu_spice_create_update(
130 rect->left, rect->right,
131 rect->top, rect->bottom);
132
133 update = g_malloc0(sizeof(*update));
134 drawable = &update->drawable;
135 image = &update->image;
136 cmd = &update->ext.cmd;
137
138 bw = rect->right - rect->left;
139 bh = rect->bottom - rect->top;
140 update->bitmap = g_malloc(bw * bh * 4);
141
142 drawable->bbox = *rect;
143 drawable->clip.type = SPICE_CLIP_TYPE_NONE;
144 drawable->effect = QXL_EFFECT_OPAQUE;
145 drawable->release_info.id = (uintptr_t)(&update->ext);
146 drawable->type = QXL_DRAW_COPY;
147 drawable->surfaces_dest[0] = -1;
148 drawable->surfaces_dest[1] = -1;
149 drawable->surfaces_dest[2] = -1;
150 clock_gettime(CLOCK_MONOTONIC, &time_space);
151 /* time in milliseconds from epoch. */
152 drawable->mm_time = time_space.tv_sec * 1000
153 + time_space.tv_nsec / 1000 / 1000;
154
155 drawable->u.copy.rop_descriptor = SPICE_ROPD_OP_PUT;
156 drawable->u.copy.src_bitmap = (uintptr_t)image;
157 drawable->u.copy.src_area.right = bw;
158 drawable->u.copy.src_area.bottom = bh;
159
160 QXL_SET_IMAGE_ID(image, QXL_IMAGE_GROUP_DEVICE, ssd->unique++);
161 image->descriptor.type = SPICE_IMAGE_TYPE_BITMAP;
162 image->bitmap.flags = QXL_BITMAP_DIRECT | QXL_BITMAP_TOP_DOWN;
163 image->bitmap.stride = bw * 4;
164 image->descriptor.width = image->bitmap.x = bw;
165 image->descriptor.height = image->bitmap.y = bh;
166 image->bitmap.data = (uintptr_t)(update->bitmap);
167 image->bitmap.palette = 0;
168 image->bitmap.format = SPICE_BITMAP_FMT_32BIT;
169
170 dest = pixman_image_create_bits(PIXMAN_LE_x8r8g8b8, bw, bh,
171 (void *)update->bitmap, bw * 4);
172 pixman_image_composite(PIXMAN_OP_SRC, ssd->surface, NULL, ssd->mirror,
173 rect->left, rect->top, 0, 0,
174 rect->left, rect->top, bw, bh);
175 pixman_image_composite(PIXMAN_OP_SRC, ssd->mirror, NULL, dest,
176 rect->left, rect->top, 0, 0,
177 0, 0, bw, bh);
178 pixman_image_unref(dest);
179
180 cmd->type = QXL_CMD_DRAW;
181 cmd->data = (uintptr_t)drawable;
182
183 QTAILQ_INSERT_TAIL(&ssd->updates, update, next);
184 }
185
186 static void qemu_spice_create_update(SimpleSpiceDisplay *ssd)
187 {
188 static const int blksize = 32;
189 int blocks = DIV_ROUND_UP(surface_width(ssd->ds), blksize);
190 int dirty_top[blocks];
191 int y, yoff1, yoff2, x, xoff, blk, bw;
192 int bpp = surface_bytes_per_pixel(ssd->ds);
193 uint8_t *guest, *mirror;
194
195 if (qemu_spice_rect_is_empty(&ssd->dirty)) {
196 return;
197 };
198
199 for (blk = 0; blk < blocks; blk++) {
200 dirty_top[blk] = -1;
201 }
202
203 guest = surface_data(ssd->ds);
204 mirror = (void *)pixman_image_get_data(ssd->mirror);
205 for (y = ssd->dirty.top; y < ssd->dirty.bottom; y++) {
206 yoff1 = y * surface_stride(ssd->ds);
207 yoff2 = y * pixman_image_get_stride(ssd->mirror);
208 for (x = ssd->dirty.left; x < ssd->dirty.right; x += blksize) {
209 xoff = x * bpp;
210 blk = x / blksize;
211 bw = MIN(blksize, ssd->dirty.right - x);
212 if (memcmp(guest + yoff1 + xoff,
213 mirror + yoff2 + xoff,
214 bw * bpp) == 0) {
215 if (dirty_top[blk] != -1) {
216 QXLRect update = {
217 .top = dirty_top[blk],
218 .bottom = y,
219 .left = x,
220 .right = x + bw,
221 };
222 qemu_spice_create_one_update(ssd, &update);
223 dirty_top[blk] = -1;
224 }
225 } else {
226 if (dirty_top[blk] == -1) {
227 dirty_top[blk] = y;
228 }
229 }
230 }
231 }
232
233 for (x = ssd->dirty.left; x < ssd->dirty.right; x += blksize) {
234 blk = x / blksize;
235 bw = MIN(blksize, ssd->dirty.right - x);
236 if (dirty_top[blk] != -1) {
237 QXLRect update = {
238 .top = dirty_top[blk],
239 .bottom = ssd->dirty.bottom,
240 .left = x,
241 .right = x + bw,
242 };
243 qemu_spice_create_one_update(ssd, &update);
244 dirty_top[blk] = -1;
245 }
246 }
247
248 memset(&ssd->dirty, 0, sizeof(ssd->dirty));
249 }
250
251 static SimpleSpiceCursor*
252 qemu_spice_create_cursor_update(SimpleSpiceDisplay *ssd,
253 QEMUCursor *c,
254 int on)
255 {
256 size_t size = c ? c->width * c->height * 4 : 0;
257 SimpleSpiceCursor *update;
258 QXLCursorCmd *ccmd;
259 QXLCursor *cursor;
260 QXLCommand *cmd;
261
262 update = g_malloc0(sizeof(*update) + size);
263 ccmd = &update->cmd;
264 cursor = &update->cursor;
265 cmd = &update->ext.cmd;
266
267 if (c) {
268 ccmd->type = QXL_CURSOR_SET;
269 ccmd->u.set.position.x = ssd->ptr_x + ssd->hot_x;
270 ccmd->u.set.position.y = ssd->ptr_y + ssd->hot_y;
271 ccmd->u.set.visible = true;
272 ccmd->u.set.shape = (uintptr_t)cursor;
273 cursor->header.unique = ssd->unique++;
274 cursor->header.type = SPICE_CURSOR_TYPE_ALPHA;
275 cursor->header.width = c->width;
276 cursor->header.height = c->height;
277 cursor->header.hot_spot_x = c->hot_x;
278 cursor->header.hot_spot_y = c->hot_y;
279 cursor->data_size = size;
280 cursor->chunk.data_size = size;
281 memcpy(cursor->chunk.data, c->data, size);
282 } else if (!on) {
283 ccmd->type = QXL_CURSOR_HIDE;
284 } else {
285 ccmd->type = QXL_CURSOR_MOVE;
286 ccmd->u.position.x = ssd->ptr_x + ssd->hot_x;
287 ccmd->u.position.y = ssd->ptr_y + ssd->hot_y;
288 }
289 ccmd->release_info.id = (uintptr_t)(&update->ext);
290
291 cmd->type = QXL_CMD_CURSOR;
292 cmd->data = (uintptr_t)ccmd;
293
294 return update;
295 }
296
297 /*
298 * Called from spice server thread context (via interface_release_resource)
299 * We do *not* hold the global qemu mutex here, so extra care is needed
300 * when calling qemu functions. QEMU interfaces used:
301 * - g_free (underlying glibc free is re-entrant).
302 */
303 void qemu_spice_destroy_update(SimpleSpiceDisplay *sdpy, SimpleSpiceUpdate *update)
304 {
305 g_free(update->bitmap);
306 g_free(update);
307 }
308
309 void qemu_spice_create_host_memslot(SimpleSpiceDisplay *ssd)
310 {
311 QXLDevMemSlot memslot;
312
313 memset(&memslot, 0, sizeof(memslot));
314 memslot.slot_group_id = MEMSLOT_GROUP_HOST;
315 memslot.virt_end = ~0;
316 qemu_spice_add_memslot(ssd, &memslot, QXL_SYNC);
317 }
318
319 void qemu_spice_create_host_primary(SimpleSpiceDisplay *ssd)
320 {
321 QXLDevSurfaceCreate surface;
322 uint64_t surface_size;
323
324 memset(&surface, 0, sizeof(surface));
325
326 surface_size = (uint64_t) surface_width(ssd->ds) *
327 surface_height(ssd->ds) * 4;
328 assert(surface_size > 0);
329 assert(surface_size < INT_MAX);
330 if (ssd->bufsize < surface_size) {
331 ssd->bufsize = surface_size;
332 g_free(ssd->buf);
333 ssd->buf = g_malloc(ssd->bufsize);
334 }
335
336 surface.format = SPICE_SURFACE_FMT_32_xRGB;
337 surface.width = surface_width(ssd->ds);
338 surface.height = surface_height(ssd->ds);
339 surface.stride = -surface.width * 4;
340 surface.mouse_mode = true;
341 surface.flags = 0;
342 surface.type = 0;
343 surface.mem = (uintptr_t)ssd->buf;
344 surface.group_id = MEMSLOT_GROUP_HOST;
345
346 qemu_spice_create_primary_surface(ssd, 0, &surface, QXL_SYNC);
347 }
348
349 void qemu_spice_destroy_host_primary(SimpleSpiceDisplay *ssd)
350 {
351 qemu_spice_destroy_primary_surface(ssd, 0, QXL_SYNC);
352 }
353
354 void qemu_spice_display_init_common(SimpleSpiceDisplay *ssd)
355 {
356 qemu_mutex_init(&ssd->lock);
357 QTAILQ_INIT(&ssd->updates);
358 ssd->mouse_x = -1;
359 ssd->mouse_y = -1;
360 if (ssd->num_surfaces == 0) {
361 ssd->num_surfaces = 1024;
362 }
363 }
364
365 /* display listener callbacks */
366
367 void qemu_spice_display_update(SimpleSpiceDisplay *ssd,
368 int x, int y, int w, int h)
369 {
370 QXLRect update_area;
371
372 trace_qemu_spice_display_update(ssd->qxl.id, x, y, w, h);
373 update_area.left = x,
374 update_area.right = x + w;
375 update_area.top = y;
376 update_area.bottom = y + h;
377
378 if (qemu_spice_rect_is_empty(&ssd->dirty)) {
379 ssd->notify++;
380 }
381 qemu_spice_rect_union(&ssd->dirty, &update_area);
382 }
383
384 void qemu_spice_display_switch(SimpleSpiceDisplay *ssd,
385 DisplaySurface *surface)
386 {
387 SimpleSpiceUpdate *update;
388 bool need_destroy;
389
390 if (surface && ssd->surface &&
391 surface_width(surface) == pixman_image_get_width(ssd->surface) &&
392 surface_height(surface) == pixman_image_get_height(ssd->surface) &&
393 surface_format(surface) == pixman_image_get_format(ssd->surface)) {
394 /* no-resize fast path: just swap backing store */
395 trace_qemu_spice_display_surface(ssd->qxl.id,
396 surface_width(surface),
397 surface_height(surface),
398 true);
399 qemu_mutex_lock(&ssd->lock);
400 ssd->ds = surface;
401 pixman_image_unref(ssd->surface);
402 ssd->surface = pixman_image_ref(ssd->ds->image);
403 qemu_mutex_unlock(&ssd->lock);
404 qemu_spice_display_update(ssd, 0, 0,
405 surface_width(surface),
406 surface_height(surface));
407 return;
408 }
409
410 /* full mode switch */
411 trace_qemu_spice_display_surface(ssd->qxl.id,
412 surface ? surface_width(surface) : 0,
413 surface ? surface_height(surface) : 0,
414 false);
415
416 memset(&ssd->dirty, 0, sizeof(ssd->dirty));
417 if (ssd->surface) {
418 pixman_image_unref(ssd->surface);
419 ssd->surface = NULL;
420 pixman_image_unref(ssd->mirror);
421 ssd->mirror = NULL;
422 }
423
424 qemu_mutex_lock(&ssd->lock);
425 need_destroy = (ssd->ds != NULL);
426 ssd->ds = surface;
427 while ((update = QTAILQ_FIRST(&ssd->updates)) != NULL) {
428 QTAILQ_REMOVE(&ssd->updates, update, next);
429 qemu_spice_destroy_update(ssd, update);
430 }
431 qemu_mutex_unlock(&ssd->lock);
432 if (need_destroy) {
433 qemu_spice_destroy_host_primary(ssd);
434 }
435 if (ssd->ds) {
436 ssd->surface = pixman_image_ref(ssd->ds->image);
437 ssd->mirror = qemu_pixman_mirror_create(ssd->ds->format,
438 ssd->ds->image);
439 qemu_spice_create_host_primary(ssd);
440 }
441
442 memset(&ssd->dirty, 0, sizeof(ssd->dirty));
443 ssd->notify++;
444
445 qemu_mutex_lock(&ssd->lock);
446 if (ssd->cursor) {
447 g_free(ssd->ptr_define);
448 ssd->ptr_define = qemu_spice_create_cursor_update(ssd, ssd->cursor, 0);
449 }
450 qemu_mutex_unlock(&ssd->lock);
451 }
452
453 void qemu_spice_cursor_refresh_bh(void *opaque)
454 {
455 SimpleSpiceDisplay *ssd = opaque;
456
457 qemu_mutex_lock(&ssd->lock);
458 if (ssd->cursor) {
459 QEMUCursor *c = ssd->cursor;
460 assert(ssd->dcl.con);
461 cursor_get(c);
462 qemu_mutex_unlock(&ssd->lock);
463 dpy_cursor_define(ssd->dcl.con, c);
464 qemu_mutex_lock(&ssd->lock);
465 cursor_put(c);
466 }
467
468 if (ssd->mouse_x != -1 && ssd->mouse_y != -1) {
469 int x, y;
470 assert(ssd->dcl.con);
471 x = ssd->mouse_x;
472 y = ssd->mouse_y;
473 ssd->mouse_x = -1;
474 ssd->mouse_y = -1;
475 qemu_mutex_unlock(&ssd->lock);
476 dpy_mouse_set(ssd->dcl.con, x, y, 1);
477 } else {
478 qemu_mutex_unlock(&ssd->lock);
479 }
480 }
481
482 void qemu_spice_display_refresh(SimpleSpiceDisplay *ssd)
483 {
484 graphic_hw_update(ssd->dcl.con);
485
486 qemu_mutex_lock(&ssd->lock);
487 if (QTAILQ_EMPTY(&ssd->updates) && ssd->ds) {
488 qemu_spice_create_update(ssd);
489 ssd->notify++;
490 }
491 qemu_mutex_unlock(&ssd->lock);
492
493 trace_qemu_spice_display_refresh(ssd->qxl.id, ssd->notify);
494 if (ssd->notify) {
495 ssd->notify = 0;
496 qemu_spice_wakeup(ssd);
497 }
498 }
499
500 /* spice display interface callbacks */
501
502 static void interface_attach_worker(QXLInstance *sin, QXLWorker *qxl_worker)
503 {
504 /* nothing to do */
505 }
506
507 static void interface_set_compression_level(QXLInstance *sin, int level)
508 {
509 /* nothing to do */
510 }
511
512 #if SPICE_NEEDS_SET_MM_TIME
513 static void interface_set_mm_time(QXLInstance *sin, uint32_t mm_time)
514 {
515 /* nothing to do */
516 }
517 #endif
518
519 static void interface_get_init_info(QXLInstance *sin, QXLDevInitInfo *info)
520 {
521 SimpleSpiceDisplay *ssd = container_of(sin, SimpleSpiceDisplay, qxl);
522
523 info->memslot_gen_bits = MEMSLOT_GENERATION_BITS;
524 info->memslot_id_bits = MEMSLOT_SLOT_BITS;
525 info->num_memslots = NUM_MEMSLOTS;
526 info->num_memslots_groups = NUM_MEMSLOTS_GROUPS;
527 info->internal_groupslot_id = 0;
528 info->qxl_ram_size = 16 * 1024 * 1024;
529 info->n_surfaces = ssd->num_surfaces;
530 }
531
532 static int interface_get_command(QXLInstance *sin, QXLCommandExt *ext)
533 {
534 SimpleSpiceDisplay *ssd = container_of(sin, SimpleSpiceDisplay, qxl);
535 SimpleSpiceUpdate *update;
536 int ret = false;
537
538 qemu_mutex_lock(&ssd->lock);
539 update = QTAILQ_FIRST(&ssd->updates);
540 if (update != NULL) {
541 QTAILQ_REMOVE(&ssd->updates, update, next);
542 *ext = update->ext;
543 ret = true;
544 }
545 qemu_mutex_unlock(&ssd->lock);
546
547 return ret;
548 }
549
550 static int interface_req_cmd_notification(QXLInstance *sin)
551 {
552 return 1;
553 }
554
555 static void interface_release_resource(QXLInstance *sin,
556 QXLReleaseInfoExt rext)
557 {
558 SimpleSpiceDisplay *ssd = container_of(sin, SimpleSpiceDisplay, qxl);
559 SimpleSpiceUpdate *update;
560 SimpleSpiceCursor *cursor;
561 QXLCommandExt *ext;
562
563 ext = (void *)(intptr_t)(rext.info->id);
564 switch (ext->cmd.type) {
565 case QXL_CMD_DRAW:
566 update = container_of(ext, SimpleSpiceUpdate, ext);
567 qemu_spice_destroy_update(ssd, update);
568 break;
569 case QXL_CMD_CURSOR:
570 cursor = container_of(ext, SimpleSpiceCursor, ext);
571 g_free(cursor);
572 break;
573 default:
574 g_assert_not_reached();
575 }
576 }
577
578 static int interface_get_cursor_command(QXLInstance *sin, QXLCommandExt *ext)
579 {
580 SimpleSpiceDisplay *ssd = container_of(sin, SimpleSpiceDisplay, qxl);
581 int ret;
582
583 qemu_mutex_lock(&ssd->lock);
584 if (ssd->ptr_define) {
585 *ext = ssd->ptr_define->ext;
586 ssd->ptr_define = NULL;
587 ret = true;
588 } else if (ssd->ptr_move) {
589 *ext = ssd->ptr_move->ext;
590 ssd->ptr_move = NULL;
591 ret = true;
592 } else {
593 ret = false;
594 }
595 qemu_mutex_unlock(&ssd->lock);
596 return ret;
597 }
598
599 static int interface_req_cursor_notification(QXLInstance *sin)
600 {
601 return 1;
602 }
603
604 static void interface_notify_update(QXLInstance *sin, uint32_t update_id)
605 {
606 fprintf(stderr, "%s: abort()\n", __func__);
607 abort();
608 }
609
610 static int interface_flush_resources(QXLInstance *sin)
611 {
612 fprintf(stderr, "%s: abort()\n", __func__);
613 abort();
614 return 0;
615 }
616
617 static void interface_update_area_complete(QXLInstance *sin,
618 uint32_t surface_id,
619 QXLRect *dirty, uint32_t num_updated_rects)
620 {
621 /* should never be called, used in qxl native mode only */
622 fprintf(stderr, "%s: abort()\n", __func__);
623 abort();
624 }
625
626 /* called from spice server thread context only */
627 static void interface_async_complete(QXLInstance *sin, uint64_t cookie_token)
628 {
629 QXLCookie *cookie = (QXLCookie *)(uintptr_t)cookie_token;
630
631 switch (cookie->type) {
632 #ifdef HAVE_SPICE_GL
633 case QXL_COOKIE_TYPE_GL_DRAW_DONE:
634 {
635 SimpleSpiceDisplay *ssd = container_of(sin, SimpleSpiceDisplay, qxl);
636 qemu_bh_schedule(ssd->gl_unblock_bh);
637 break;
638 }
639 case QXL_COOKIE_TYPE_IO:
640 if (cookie->io == QXL_IO_MONITORS_CONFIG_ASYNC) {
641 g_free(cookie->u.data);
642 }
643 break;
644 #endif
645 default:
646 /* should never be called, used in qxl native mode only */
647 fprintf(stderr, "%s: abort()\n", __func__);
648 abort();
649 }
650 g_free(cookie);
651 }
652
653 static void interface_set_client_capabilities(QXLInstance *sin,
654 uint8_t client_present,
655 uint8_t caps[58])
656 {
657 /* nothing to do */
658 }
659
660 static int interface_client_monitors_config(QXLInstance *sin,
661 VDAgentMonitorsConfig *mc)
662 {
663 SimpleSpiceDisplay *ssd = container_of(sin, SimpleSpiceDisplay, qxl);
664 QemuUIInfo info;
665 int head;
666
667 if (!dpy_ui_info_supported(ssd->dcl.con)) {
668 return 0; /* == not supported by guest */
669 }
670
671 if (!mc) {
672 return 1;
673 }
674
675 memset(&info, 0, sizeof(info));
676
677 head = qemu_console_get_head(ssd->dcl.con);
678 if (mc->num_of_monitors > head) {
679 info.width = mc->monitors[head].width;
680 info.height = mc->monitors[head].height;
681 }
682
683 trace_qemu_spice_ui_info(ssd->qxl.id, info.width, info.height);
684 dpy_set_ui_info(ssd->dcl.con, &info);
685 return 1;
686 }
687
688 static const QXLInterface dpy_interface = {
689 .base.type = SPICE_INTERFACE_QXL,
690 .base.description = "qemu simple display",
691 .base.major_version = SPICE_INTERFACE_QXL_MAJOR,
692 .base.minor_version = SPICE_INTERFACE_QXL_MINOR,
693
694 .attache_worker = interface_attach_worker,
695 .set_compression_level = interface_set_compression_level,
696 #if SPICE_NEEDS_SET_MM_TIME
697 .set_mm_time = interface_set_mm_time,
698 #endif
699 .get_init_info = interface_get_init_info,
700
701 /* the callbacks below are called from spice server thread context */
702 .get_command = interface_get_command,
703 .req_cmd_notification = interface_req_cmd_notification,
704 .release_resource = interface_release_resource,
705 .get_cursor_command = interface_get_cursor_command,
706 .req_cursor_notification = interface_req_cursor_notification,
707 .notify_update = interface_notify_update,
708 .flush_resources = interface_flush_resources,
709 .async_complete = interface_async_complete,
710 .update_area_complete = interface_update_area_complete,
711 .set_client_capabilities = interface_set_client_capabilities,
712 .client_monitors_config = interface_client_monitors_config,
713 };
714
715 static void display_update(DisplayChangeListener *dcl,
716 int x, int y, int w, int h)
717 {
718 SimpleSpiceDisplay *ssd = container_of(dcl, SimpleSpiceDisplay, dcl);
719 qemu_spice_display_update(ssd, x, y, w, h);
720 }
721
722 static void display_switch(DisplayChangeListener *dcl,
723 DisplaySurface *surface)
724 {
725 SimpleSpiceDisplay *ssd = container_of(dcl, SimpleSpiceDisplay, dcl);
726 qemu_spice_display_switch(ssd, surface);
727 }
728
729 static void display_refresh(DisplayChangeListener *dcl)
730 {
731 SimpleSpiceDisplay *ssd = container_of(dcl, SimpleSpiceDisplay, dcl);
732 qemu_spice_display_refresh(ssd);
733 }
734
735 static void display_mouse_set(DisplayChangeListener *dcl,
736 int x, int y, int on)
737 {
738 SimpleSpiceDisplay *ssd = container_of(dcl, SimpleSpiceDisplay, dcl);
739
740 qemu_mutex_lock(&ssd->lock);
741 ssd->ptr_x = x;
742 ssd->ptr_y = y;
743 g_free(ssd->ptr_move);
744 ssd->ptr_move = qemu_spice_create_cursor_update(ssd, NULL, on);
745 qemu_mutex_unlock(&ssd->lock);
746 qemu_spice_wakeup(ssd);
747 }
748
749 static void display_mouse_define(DisplayChangeListener *dcl,
750 QEMUCursor *c)
751 {
752 SimpleSpiceDisplay *ssd = container_of(dcl, SimpleSpiceDisplay, dcl);
753
754 qemu_mutex_lock(&ssd->lock);
755 cursor_get(c);
756 cursor_put(ssd->cursor);
757 ssd->cursor = c;
758 ssd->hot_x = c->hot_x;
759 ssd->hot_y = c->hot_y;
760 g_free(ssd->ptr_move);
761 ssd->ptr_move = NULL;
762 g_free(ssd->ptr_define);
763 ssd->ptr_define = qemu_spice_create_cursor_update(ssd, c, 0);
764 qemu_mutex_unlock(&ssd->lock);
765 qemu_spice_wakeup(ssd);
766 }
767
768 static const DisplayChangeListenerOps display_listener_ops = {
769 .dpy_name = "spice",
770 .dpy_gfx_update = display_update,
771 .dpy_gfx_switch = display_switch,
772 .dpy_gfx_check_format = qemu_pixman_check_format,
773 .dpy_refresh = display_refresh,
774 .dpy_mouse_set = display_mouse_set,
775 .dpy_cursor_define = display_mouse_define,
776 };
777
778 #ifdef HAVE_SPICE_GL
779
780 static void qemu_spice_gl_monitor_config(SimpleSpiceDisplay *ssd,
781 int x, int y, int w, int h)
782 {
783 QXLMonitorsConfig *config;
784 QXLCookie *cookie;
785
786 config = g_malloc0(sizeof(QXLMonitorsConfig) + sizeof(QXLHead));
787 config->count = 1;
788 config->max_allowed = 1;
789 config->heads[0].x = x;
790 config->heads[0].y = y;
791 config->heads[0].width = w;
792 config->heads[0].height = h;
793 cookie = qxl_cookie_new(QXL_COOKIE_TYPE_IO,
794 QXL_IO_MONITORS_CONFIG_ASYNC);
795 cookie->u.data = config;
796
797 spice_qxl_monitors_config_async(&ssd->qxl,
798 (uintptr_t)config,
799 MEMSLOT_GROUP_HOST,
800 (uintptr_t)cookie);
801 }
802
803 static void qemu_spice_gl_block(SimpleSpiceDisplay *ssd, bool block)
804 {
805 uint64_t timeout;
806
807 if (block) {
808 timeout = qemu_clock_get_ms(QEMU_CLOCK_REALTIME);
809 timeout += 1000; /* one sec */
810 timer_mod(ssd->gl_unblock_timer, timeout);
811 } else {
812 timer_del(ssd->gl_unblock_timer);
813 }
814 graphic_hw_gl_block(ssd->dcl.con, block);
815 }
816
817 static void qemu_spice_gl_unblock_bh(void *opaque)
818 {
819 SimpleSpiceDisplay *ssd = opaque;
820
821 qemu_spice_gl_block(ssd, false);
822 }
823
824 static void qemu_spice_gl_block_timer(void *opaque)
825 {
826 warn_report("spice: no gl-draw-done within one second");
827 }
828
829 static void spice_gl_refresh(DisplayChangeListener *dcl)
830 {
831 SimpleSpiceDisplay *ssd = container_of(dcl, SimpleSpiceDisplay, dcl);
832 uint64_t cookie;
833
834 if (!ssd->ds || qemu_console_is_gl_blocked(ssd->dcl.con)) {
835 return;
836 }
837
838 graphic_hw_update(dcl->con);
839 if (ssd->gl_updates && ssd->have_surface) {
840 qemu_spice_gl_block(ssd, true);
841 cookie = (uintptr_t)qxl_cookie_new(QXL_COOKIE_TYPE_GL_DRAW_DONE, 0);
842 spice_qxl_gl_draw_async(&ssd->qxl, 0, 0,
843 surface_width(ssd->ds),
844 surface_height(ssd->ds),
845 cookie);
846 ssd->gl_updates = 0;
847 }
848 }
849
850 static void spice_gl_update(DisplayChangeListener *dcl,
851 int x, int y, int w, int h)
852 {
853 SimpleSpiceDisplay *ssd = container_of(dcl, SimpleSpiceDisplay, dcl);
854
855 surface_gl_update_texture(ssd->gls, ssd->ds, x, y, w, h);
856 ssd->gl_updates++;
857 }
858
859 static void spice_gl_switch(DisplayChangeListener *dcl,
860 struct DisplaySurface *new_surface)
861 {
862 SimpleSpiceDisplay *ssd = container_of(dcl, SimpleSpiceDisplay, dcl);
863 EGLint stride, fourcc;
864 int fd;
865
866 if (ssd->ds) {
867 surface_gl_destroy_texture(ssd->gls, ssd->ds);
868 }
869 ssd->ds = new_surface;
870 if (ssd->ds) {
871 surface_gl_create_texture(ssd->gls, ssd->ds);
872 fd = egl_get_fd_for_texture(ssd->ds->texture,
873 &stride, &fourcc);
874 if (fd < 0) {
875 surface_gl_destroy_texture(ssd->gls, ssd->ds);
876 return;
877 }
878
879 trace_qemu_spice_gl_surface(ssd->qxl.id,
880 surface_width(ssd->ds),
881 surface_height(ssd->ds),
882 fourcc);
883
884 /* note: spice server will close the fd */
885 spice_qxl_gl_scanout(&ssd->qxl, fd,
886 surface_width(ssd->ds),
887 surface_height(ssd->ds),
888 stride, fourcc, false);
889 ssd->have_surface = true;
890 ssd->have_scanout = false;
891
892 qemu_spice_gl_monitor_config(ssd, 0, 0,
893 surface_width(ssd->ds),
894 surface_height(ssd->ds));
895 }
896 }
897
898 static QEMUGLContext qemu_spice_gl_create_context(DisplayChangeListener *dcl,
899 QEMUGLParams *params)
900 {
901 eglMakeCurrent(qemu_egl_display, EGL_NO_SURFACE, EGL_NO_SURFACE,
902 qemu_egl_rn_ctx);
903 return qemu_egl_create_context(dcl, params);
904 }
905
906 static void qemu_spice_gl_scanout_disable(DisplayChangeListener *dcl)
907 {
908 SimpleSpiceDisplay *ssd = container_of(dcl, SimpleSpiceDisplay, dcl);
909
910 trace_qemu_spice_gl_scanout_disable(ssd->qxl.id);
911 spice_qxl_gl_scanout(&ssd->qxl, -1, 0, 0, 0, 0, false);
912 qemu_spice_gl_monitor_config(ssd, 0, 0, 0, 0);
913 ssd->have_surface = false;
914 ssd->have_scanout = false;
915 }
916
917 static void qemu_spice_gl_scanout_texture(DisplayChangeListener *dcl,
918 uint32_t tex_id,
919 bool y_0_top,
920 uint32_t backing_width,
921 uint32_t backing_height,
922 uint32_t x, uint32_t y,
923 uint32_t w, uint32_t h)
924 {
925 SimpleSpiceDisplay *ssd = container_of(dcl, SimpleSpiceDisplay, dcl);
926 EGLint stride = 0, fourcc = 0;
927 int fd = -1;
928
929 assert(tex_id);
930 fd = egl_get_fd_for_texture(tex_id, &stride, &fourcc);
931 if (fd < 0) {
932 fprintf(stderr, "%s: failed to get fd for texture\n", __func__);
933 return;
934 }
935 trace_qemu_spice_gl_scanout_texture(ssd->qxl.id, w, h, fourcc);
936
937 /* note: spice server will close the fd */
938 spice_qxl_gl_scanout(&ssd->qxl, fd, backing_width, backing_height,
939 stride, fourcc, y_0_top);
940 qemu_spice_gl_monitor_config(ssd, x, y, w, h);
941 ssd->have_surface = false;
942 ssd->have_scanout = true;
943 }
944
945 static void qemu_spice_gl_scanout_dmabuf(DisplayChangeListener *dcl,
946 QemuDmaBuf *dmabuf)
947 {
948 SimpleSpiceDisplay *ssd = container_of(dcl, SimpleSpiceDisplay, dcl);
949
950 ssd->guest_dmabuf = dmabuf;
951 ssd->guest_dmabuf_refresh = true;
952
953 ssd->have_surface = false;
954 ssd->have_scanout = true;
955 }
956
957 static void qemu_spice_gl_cursor_dmabuf(DisplayChangeListener *dcl,
958 QemuDmaBuf *dmabuf, bool have_hot,
959 uint32_t hot_x, uint32_t hot_y)
960 {
961 SimpleSpiceDisplay *ssd = container_of(dcl, SimpleSpiceDisplay, dcl);
962
963 ssd->have_hot = have_hot;
964 ssd->hot_x = hot_x;
965 ssd->hot_y = hot_y;
966
967 trace_qemu_spice_gl_cursor(ssd->qxl.id, dmabuf != NULL, have_hot);
968 if (dmabuf) {
969 egl_dmabuf_import_texture(dmabuf);
970 if (!dmabuf->texture) {
971 return;
972 }
973 egl_fb_setup_for_tex(&ssd->cursor_fb, dmabuf->width, dmabuf->height,
974 dmabuf->texture, false);
975 } else {
976 egl_fb_destroy(&ssd->cursor_fb);
977 }
978 }
979
980 static void qemu_spice_gl_cursor_position(DisplayChangeListener *dcl,
981 uint32_t pos_x, uint32_t pos_y)
982 {
983 SimpleSpiceDisplay *ssd = container_of(dcl, SimpleSpiceDisplay, dcl);
984
985 qemu_mutex_lock(&ssd->lock);
986 ssd->ptr_x = pos_x;
987 ssd->ptr_y = pos_y;
988 qemu_mutex_unlock(&ssd->lock);
989 }
990
991 static void qemu_spice_gl_release_dmabuf(DisplayChangeListener *dcl,
992 QemuDmaBuf *dmabuf)
993 {
994 SimpleSpiceDisplay *ssd = container_of(dcl, SimpleSpiceDisplay, dcl);
995
996 if (ssd->guest_dmabuf == dmabuf) {
997 ssd->guest_dmabuf = NULL;
998 ssd->guest_dmabuf_refresh = false;
999 }
1000 egl_dmabuf_release_texture(dmabuf);
1001 }
1002
1003 static void qemu_spice_gl_update(DisplayChangeListener *dcl,
1004 uint32_t x, uint32_t y, uint32_t w, uint32_t h)
1005 {
1006 SimpleSpiceDisplay *ssd = container_of(dcl, SimpleSpiceDisplay, dcl);
1007 EGLint stride = 0, fourcc = 0;
1008 bool render_cursor = false;
1009 bool y_0_top = false; /* FIXME */
1010 uint64_t cookie;
1011 int fd;
1012
1013 if (!ssd->have_scanout) {
1014 return;
1015 }
1016
1017 if (ssd->cursor_fb.texture) {
1018 render_cursor = true;
1019 }
1020 if (ssd->render_cursor != render_cursor) {
1021 ssd->render_cursor = render_cursor;
1022 ssd->guest_dmabuf_refresh = true;
1023 egl_fb_destroy(&ssd->blit_fb);
1024 }
1025
1026 if (ssd->guest_dmabuf_refresh) {
1027 QemuDmaBuf *dmabuf = ssd->guest_dmabuf;
1028 if (render_cursor) {
1029 egl_dmabuf_import_texture(dmabuf);
1030 if (!dmabuf->texture) {
1031 return;
1032 }
1033
1034 /* source framebuffer */
1035 egl_fb_setup_for_tex(&ssd->guest_fb,
1036 dmabuf->width, dmabuf->height,
1037 dmabuf->texture, false);
1038
1039 /* dest framebuffer */
1040 if (ssd->blit_fb.width != dmabuf->width ||
1041 ssd->blit_fb.height != dmabuf->height) {
1042 trace_qemu_spice_gl_render_dmabuf(ssd->qxl.id, dmabuf->width,
1043 dmabuf->height);
1044 egl_fb_destroy(&ssd->blit_fb);
1045 egl_fb_setup_new_tex(&ssd->blit_fb,
1046 dmabuf->width, dmabuf->height);
1047 fd = egl_get_fd_for_texture(ssd->blit_fb.texture,
1048 &stride, &fourcc);
1049 spice_qxl_gl_scanout(&ssd->qxl, fd,
1050 dmabuf->width, dmabuf->height,
1051 stride, fourcc, false);
1052 }
1053 } else {
1054 trace_qemu_spice_gl_forward_dmabuf(ssd->qxl.id,
1055 dmabuf->width, dmabuf->height);
1056 /* note: spice server will close the fd, so hand over a dup */
1057 spice_qxl_gl_scanout(&ssd->qxl, dup(dmabuf->fd),
1058 dmabuf->width, dmabuf->height,
1059 dmabuf->stride, dmabuf->fourcc,
1060 dmabuf->y0_top);
1061 }
1062 qemu_spice_gl_monitor_config(ssd, 0, 0, dmabuf->width, dmabuf->height);
1063 ssd->guest_dmabuf_refresh = false;
1064 }
1065
1066 if (render_cursor) {
1067 int x, y;
1068 qemu_mutex_lock(&ssd->lock);
1069 x = ssd->ptr_x;
1070 y = ssd->ptr_y;
1071 qemu_mutex_unlock(&ssd->lock);
1072 egl_texture_blit(ssd->gls, &ssd->blit_fb, &ssd->guest_fb,
1073 !y_0_top);
1074 egl_texture_blend(ssd->gls, &ssd->blit_fb, &ssd->cursor_fb,
1075 !y_0_top, x, y);
1076 glFlush();
1077 }
1078
1079 trace_qemu_spice_gl_update(ssd->qxl.id, w, h, x, y);
1080 qemu_spice_gl_block(ssd, true);
1081 cookie = (uintptr_t)qxl_cookie_new(QXL_COOKIE_TYPE_GL_DRAW_DONE, 0);
1082 spice_qxl_gl_draw_async(&ssd->qxl, x, y, w, h, cookie);
1083 }
1084
1085 static const DisplayChangeListenerOps display_listener_gl_ops = {
1086 .dpy_name = "spice-egl",
1087 .dpy_gfx_update = spice_gl_update,
1088 .dpy_gfx_switch = spice_gl_switch,
1089 .dpy_gfx_check_format = console_gl_check_format,
1090 .dpy_refresh = spice_gl_refresh,
1091 .dpy_mouse_set = display_mouse_set,
1092 .dpy_cursor_define = display_mouse_define,
1093
1094 .dpy_gl_ctx_create = qemu_spice_gl_create_context,
1095 .dpy_gl_ctx_destroy = qemu_egl_destroy_context,
1096 .dpy_gl_ctx_make_current = qemu_egl_make_context_current,
1097 .dpy_gl_ctx_get_current = qemu_egl_get_current_context,
1098
1099 .dpy_gl_scanout_disable = qemu_spice_gl_scanout_disable,
1100 .dpy_gl_scanout_texture = qemu_spice_gl_scanout_texture,
1101 .dpy_gl_scanout_dmabuf = qemu_spice_gl_scanout_dmabuf,
1102 .dpy_gl_cursor_dmabuf = qemu_spice_gl_cursor_dmabuf,
1103 .dpy_gl_cursor_position = qemu_spice_gl_cursor_position,
1104 .dpy_gl_release_dmabuf = qemu_spice_gl_release_dmabuf,
1105 .dpy_gl_update = qemu_spice_gl_update,
1106 };
1107
1108 #endif /* HAVE_SPICE_GL */
1109
1110 static void qemu_spice_display_init_one(QemuConsole *con)
1111 {
1112 SimpleSpiceDisplay *ssd = g_new0(SimpleSpiceDisplay, 1);
1113
1114 qemu_spice_display_init_common(ssd);
1115
1116 ssd->dcl.ops = &display_listener_ops;
1117 #ifdef HAVE_SPICE_GL
1118 if (spice_opengl) {
1119 ssd->dcl.ops = &display_listener_gl_ops;
1120 ssd->gl_unblock_bh = qemu_bh_new(qemu_spice_gl_unblock_bh, ssd);
1121 ssd->gl_unblock_timer = timer_new_ms(QEMU_CLOCK_REALTIME,
1122 qemu_spice_gl_block_timer, ssd);
1123 ssd->gls = qemu_gl_init_shader();
1124 ssd->have_surface = false;
1125 ssd->have_scanout = false;
1126 }
1127 #endif
1128 ssd->dcl.con = con;
1129
1130 ssd->qxl.base.sif = &dpy_interface.base;
1131 qemu_spice_add_display_interface(&ssd->qxl, con);
1132 qemu_spice_create_host_memslot(ssd);
1133
1134 register_displaychangelistener(&ssd->dcl);
1135 }
1136
1137 void qemu_spice_display_init(void)
1138 {
1139 QemuOptsList *olist = qemu_find_opts("spice");
1140 QemuOpts *opts = QTAILQ_FIRST(&olist->head);
1141 QemuConsole *spice_con, *con;
1142 const char *str;
1143 int i;
1144
1145 str = qemu_opt_get(opts, "display");
1146 if (str) {
1147 int head = qemu_opt_get_number(opts, "head", 0);
1148 Error *err = NULL;
1149
1150 spice_con = qemu_console_lookup_by_device_name(str, head, &err);
1151 if (err) {
1152 error_report("Failed to lookup display/head");
1153 exit(1);
1154 }
1155 } else {
1156 spice_con = NULL;
1157 }
1158
1159 for (i = 0;; i++) {
1160 con = qemu_console_lookup_by_index(i);
1161 if (!con || !qemu_console_is_graphic(con)) {
1162 break;
1163 }
1164 if (qemu_spice_have_display_interface(con)) {
1165 continue;
1166 }
1167 if (spice_con != NULL && spice_con != con) {
1168 continue;
1169 }
1170 qemu_spice_display_init_one(con);
1171 }
1172 }
AR7 emulation for QEMU