iscsi: always query max WRITE SAME length
[qemu/ar7.git] / hw / display / vmware_vga.c
blob6ae3348deb057ca229d7fdb4d55f585fa633d53e
1 /*
2 * QEMU VMware-SVGA "chipset".
4 * Copyright (c) 2007 Andrzej Zaborowski <balrog@zabor.org>
6 * Permission is hereby granted, free of charge, to any person obtaining a copy
7 * of this software and associated documentation files (the "Software"), to deal
8 * in the Software without restriction, including without limitation the rights
9 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
10 * copies of the Software, and to permit persons to whom the Software is
11 * furnished to do so, subject to the following conditions:
13 * The above copyright notice and this permission notice shall be included in
14 * all copies or substantial portions of the Software.
16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
19 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
21 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
22 * THE SOFTWARE.
24 #include "hw/hw.h"
25 #include "hw/loader.h"
26 #include "trace.h"
27 #include "ui/console.h"
28 #include "ui/vnc.h"
29 #include "hw/pci/pci.h"
31 #undef VERBOSE
32 #define HW_RECT_ACCEL
33 #define HW_FILL_ACCEL
34 #define HW_MOUSE_ACCEL
36 #include "vga_int.h"
38 /* See http://vmware-svga.sf.net/ for some documentation on VMWare SVGA */
40 struct vmsvga_state_s {
41 VGACommonState vga;
43 int invalidated;
44 int enable;
45 int config;
46 struct {
47 int id;
48 int x;
49 int y;
50 int on;
51 } cursor;
53 int index;
54 int scratch_size;
55 uint32_t *scratch;
56 int new_width;
57 int new_height;
58 int new_depth;
59 uint32_t guest;
60 uint32_t svgaid;
61 int syncing;
63 MemoryRegion fifo_ram;
64 uint8_t *fifo_ptr;
65 unsigned int fifo_size;
67 union {
68 uint32_t *fifo;
69 struct QEMU_PACKED {
70 uint32_t min;
71 uint32_t max;
72 uint32_t next_cmd;
73 uint32_t stop;
74 /* Add registers here when adding capabilities. */
75 uint32_t fifo[0];
76 } *cmd;
79 #define REDRAW_FIFO_LEN 512
80 struct vmsvga_rect_s {
81 int x, y, w, h;
82 } redraw_fifo[REDRAW_FIFO_LEN];
83 int redraw_fifo_first, redraw_fifo_last;
86 #define TYPE_VMWARE_SVGA "vmware-svga"
88 #define VMWARE_SVGA(obj) \
89 OBJECT_CHECK(struct pci_vmsvga_state_s, (obj), TYPE_VMWARE_SVGA)
91 struct pci_vmsvga_state_s {
92 /*< private >*/
93 PCIDevice parent_obj;
94 /*< public >*/
96 struct vmsvga_state_s chip;
97 MemoryRegion io_bar;
100 #define SVGA_MAGIC 0x900000UL
101 #define SVGA_MAKE_ID(ver) (SVGA_MAGIC << 8 | (ver))
102 #define SVGA_ID_0 SVGA_MAKE_ID(0)
103 #define SVGA_ID_1 SVGA_MAKE_ID(1)
104 #define SVGA_ID_2 SVGA_MAKE_ID(2)
106 #define SVGA_LEGACY_BASE_PORT 0x4560
107 #define SVGA_INDEX_PORT 0x0
108 #define SVGA_VALUE_PORT 0x1
109 #define SVGA_BIOS_PORT 0x2
111 #define SVGA_VERSION_2
113 #ifdef SVGA_VERSION_2
114 # define SVGA_ID SVGA_ID_2
115 # define SVGA_IO_BASE SVGA_LEGACY_BASE_PORT
116 # define SVGA_IO_MUL 1
117 # define SVGA_FIFO_SIZE 0x10000
118 # define SVGA_PCI_DEVICE_ID PCI_DEVICE_ID_VMWARE_SVGA2
119 #else
120 # define SVGA_ID SVGA_ID_1
121 # define SVGA_IO_BASE SVGA_LEGACY_BASE_PORT
122 # define SVGA_IO_MUL 4
123 # define SVGA_FIFO_SIZE 0x10000
124 # define SVGA_PCI_DEVICE_ID PCI_DEVICE_ID_VMWARE_SVGA
125 #endif
127 enum {
128 /* ID 0, 1 and 2 registers */
129 SVGA_REG_ID = 0,
130 SVGA_REG_ENABLE = 1,
131 SVGA_REG_WIDTH = 2,
132 SVGA_REG_HEIGHT = 3,
133 SVGA_REG_MAX_WIDTH = 4,
134 SVGA_REG_MAX_HEIGHT = 5,
135 SVGA_REG_DEPTH = 6,
136 SVGA_REG_BITS_PER_PIXEL = 7, /* Current bpp in the guest */
137 SVGA_REG_PSEUDOCOLOR = 8,
138 SVGA_REG_RED_MASK = 9,
139 SVGA_REG_GREEN_MASK = 10,
140 SVGA_REG_BLUE_MASK = 11,
141 SVGA_REG_BYTES_PER_LINE = 12,
142 SVGA_REG_FB_START = 13,
143 SVGA_REG_FB_OFFSET = 14,
144 SVGA_REG_VRAM_SIZE = 15,
145 SVGA_REG_FB_SIZE = 16,
147 /* ID 1 and 2 registers */
148 SVGA_REG_CAPABILITIES = 17,
149 SVGA_REG_MEM_START = 18, /* Memory for command FIFO */
150 SVGA_REG_MEM_SIZE = 19,
151 SVGA_REG_CONFIG_DONE = 20, /* Set when memory area configured */
152 SVGA_REG_SYNC = 21, /* Write to force synchronization */
153 SVGA_REG_BUSY = 22, /* Read to check if sync is done */
154 SVGA_REG_GUEST_ID = 23, /* Set guest OS identifier */
155 SVGA_REG_CURSOR_ID = 24, /* ID of cursor */
156 SVGA_REG_CURSOR_X = 25, /* Set cursor X position */
157 SVGA_REG_CURSOR_Y = 26, /* Set cursor Y position */
158 SVGA_REG_CURSOR_ON = 27, /* Turn cursor on/off */
159 SVGA_REG_HOST_BITS_PER_PIXEL = 28, /* Current bpp in the host */
160 SVGA_REG_SCRATCH_SIZE = 29, /* Number of scratch registers */
161 SVGA_REG_MEM_REGS = 30, /* Number of FIFO registers */
162 SVGA_REG_NUM_DISPLAYS = 31, /* Number of guest displays */
163 SVGA_REG_PITCHLOCK = 32, /* Fixed pitch for all modes */
165 SVGA_PALETTE_BASE = 1024, /* Base of SVGA color map */
166 SVGA_PALETTE_END = SVGA_PALETTE_BASE + 767,
167 SVGA_SCRATCH_BASE = SVGA_PALETTE_BASE + 768,
170 #define SVGA_CAP_NONE 0
171 #define SVGA_CAP_RECT_FILL (1 << 0)
172 #define SVGA_CAP_RECT_COPY (1 << 1)
173 #define SVGA_CAP_RECT_PAT_FILL (1 << 2)
174 #define SVGA_CAP_LEGACY_OFFSCREEN (1 << 3)
175 #define SVGA_CAP_RASTER_OP (1 << 4)
176 #define SVGA_CAP_CURSOR (1 << 5)
177 #define SVGA_CAP_CURSOR_BYPASS (1 << 6)
178 #define SVGA_CAP_CURSOR_BYPASS_2 (1 << 7)
179 #define SVGA_CAP_8BIT_EMULATION (1 << 8)
180 #define SVGA_CAP_ALPHA_CURSOR (1 << 9)
181 #define SVGA_CAP_GLYPH (1 << 10)
182 #define SVGA_CAP_GLYPH_CLIPPING (1 << 11)
183 #define SVGA_CAP_OFFSCREEN_1 (1 << 12)
184 #define SVGA_CAP_ALPHA_BLEND (1 << 13)
185 #define SVGA_CAP_3D (1 << 14)
186 #define SVGA_CAP_EXTENDED_FIFO (1 << 15)
187 #define SVGA_CAP_MULTIMON (1 << 16)
188 #define SVGA_CAP_PITCHLOCK (1 << 17)
191 * FIFO offsets (seen as an array of 32-bit words)
193 enum {
195 * The original defined FIFO offsets
197 SVGA_FIFO_MIN = 0,
198 SVGA_FIFO_MAX, /* The distance from MIN to MAX must be at least 10K */
199 SVGA_FIFO_NEXT_CMD,
200 SVGA_FIFO_STOP,
203 * Additional offsets added as of SVGA_CAP_EXTENDED_FIFO
205 SVGA_FIFO_CAPABILITIES = 4,
206 SVGA_FIFO_FLAGS,
207 SVGA_FIFO_FENCE,
208 SVGA_FIFO_3D_HWVERSION,
209 SVGA_FIFO_PITCHLOCK,
212 #define SVGA_FIFO_CAP_NONE 0
213 #define SVGA_FIFO_CAP_FENCE (1 << 0)
214 #define SVGA_FIFO_CAP_ACCELFRONT (1 << 1)
215 #define SVGA_FIFO_CAP_PITCHLOCK (1 << 2)
217 #define SVGA_FIFO_FLAG_NONE 0
218 #define SVGA_FIFO_FLAG_ACCELFRONT (1 << 0)
220 /* These values can probably be changed arbitrarily. */
221 #define SVGA_SCRATCH_SIZE 0x8000
222 #define SVGA_MAX_WIDTH ROUND_UP(2360, VNC_DIRTY_PIXELS_PER_BIT)
223 #define SVGA_MAX_HEIGHT 1770
225 #ifdef VERBOSE
226 # define GUEST_OS_BASE 0x5001
227 static const char *vmsvga_guest_id[] = {
228 [0x00] = "Dos",
229 [0x01] = "Windows 3.1",
230 [0x02] = "Windows 95",
231 [0x03] = "Windows 98",
232 [0x04] = "Windows ME",
233 [0x05] = "Windows NT",
234 [0x06] = "Windows 2000",
235 [0x07] = "Linux",
236 [0x08] = "OS/2",
237 [0x09] = "an unknown OS",
238 [0x0a] = "BSD",
239 [0x0b] = "Whistler",
240 [0x0c] = "an unknown OS",
241 [0x0d] = "an unknown OS",
242 [0x0e] = "an unknown OS",
243 [0x0f] = "an unknown OS",
244 [0x10] = "an unknown OS",
245 [0x11] = "an unknown OS",
246 [0x12] = "an unknown OS",
247 [0x13] = "an unknown OS",
248 [0x14] = "an unknown OS",
249 [0x15] = "Windows 2003",
251 #endif
253 enum {
254 SVGA_CMD_INVALID_CMD = 0,
255 SVGA_CMD_UPDATE = 1,
256 SVGA_CMD_RECT_FILL = 2,
257 SVGA_CMD_RECT_COPY = 3,
258 SVGA_CMD_DEFINE_BITMAP = 4,
259 SVGA_CMD_DEFINE_BITMAP_SCANLINE = 5,
260 SVGA_CMD_DEFINE_PIXMAP = 6,
261 SVGA_CMD_DEFINE_PIXMAP_SCANLINE = 7,
262 SVGA_CMD_RECT_BITMAP_FILL = 8,
263 SVGA_CMD_RECT_PIXMAP_FILL = 9,
264 SVGA_CMD_RECT_BITMAP_COPY = 10,
265 SVGA_CMD_RECT_PIXMAP_COPY = 11,
266 SVGA_CMD_FREE_OBJECT = 12,
267 SVGA_CMD_RECT_ROP_FILL = 13,
268 SVGA_CMD_RECT_ROP_COPY = 14,
269 SVGA_CMD_RECT_ROP_BITMAP_FILL = 15,
270 SVGA_CMD_RECT_ROP_PIXMAP_FILL = 16,
271 SVGA_CMD_RECT_ROP_BITMAP_COPY = 17,
272 SVGA_CMD_RECT_ROP_PIXMAP_COPY = 18,
273 SVGA_CMD_DEFINE_CURSOR = 19,
274 SVGA_CMD_DISPLAY_CURSOR = 20,
275 SVGA_CMD_MOVE_CURSOR = 21,
276 SVGA_CMD_DEFINE_ALPHA_CURSOR = 22,
277 SVGA_CMD_DRAW_GLYPH = 23,
278 SVGA_CMD_DRAW_GLYPH_CLIPPED = 24,
279 SVGA_CMD_UPDATE_VERBOSE = 25,
280 SVGA_CMD_SURFACE_FILL = 26,
281 SVGA_CMD_SURFACE_COPY = 27,
282 SVGA_CMD_SURFACE_ALPHA_BLEND = 28,
283 SVGA_CMD_FRONT_ROP_FILL = 29,
284 SVGA_CMD_FENCE = 30,
287 /* Legal values for the SVGA_REG_CURSOR_ON register in cursor bypass mode */
288 enum {
289 SVGA_CURSOR_ON_HIDE = 0,
290 SVGA_CURSOR_ON_SHOW = 1,
291 SVGA_CURSOR_ON_REMOVE_FROM_FB = 2,
292 SVGA_CURSOR_ON_RESTORE_TO_FB = 3,
295 static inline void vmsvga_update_rect(struct vmsvga_state_s *s,
296 int x, int y, int w, int h)
298 DisplaySurface *surface = qemu_console_surface(s->vga.con);
299 int line;
300 int bypl;
301 int width;
302 int start;
303 uint8_t *src;
304 uint8_t *dst;
306 if (x < 0) {
307 fprintf(stderr, "%s: update x was < 0 (%d)\n", __func__, x);
308 w += x;
309 x = 0;
311 if (w < 0) {
312 fprintf(stderr, "%s: update w was < 0 (%d)\n", __func__, w);
313 w = 0;
315 if (x + w > surface_width(surface)) {
316 fprintf(stderr, "%s: update width too large x: %d, w: %d\n",
317 __func__, x, w);
318 x = MIN(x, surface_width(surface));
319 w = surface_width(surface) - x;
322 if (y < 0) {
323 fprintf(stderr, "%s: update y was < 0 (%d)\n", __func__, y);
324 h += y;
325 y = 0;
327 if (h < 0) {
328 fprintf(stderr, "%s: update h was < 0 (%d)\n", __func__, h);
329 h = 0;
331 if (y + h > surface_height(surface)) {
332 fprintf(stderr, "%s: update height too large y: %d, h: %d\n",
333 __func__, y, h);
334 y = MIN(y, surface_height(surface));
335 h = surface_height(surface) - y;
338 bypl = surface_stride(surface);
339 width = surface_bytes_per_pixel(surface) * w;
340 start = surface_bytes_per_pixel(surface) * x + bypl * y;
341 src = s->vga.vram_ptr + start;
342 dst = surface_data(surface) + start;
344 for (line = h; line > 0; line--, src += bypl, dst += bypl) {
345 memcpy(dst, src, width);
347 dpy_gfx_update(s->vga.con, x, y, w, h);
350 static inline void vmsvga_update_rect_delayed(struct vmsvga_state_s *s,
351 int x, int y, int w, int h)
353 struct vmsvga_rect_s *rect = &s->redraw_fifo[s->redraw_fifo_last++];
355 s->redraw_fifo_last &= REDRAW_FIFO_LEN - 1;
356 rect->x = x;
357 rect->y = y;
358 rect->w = w;
359 rect->h = h;
362 static inline void vmsvga_update_rect_flush(struct vmsvga_state_s *s)
364 struct vmsvga_rect_s *rect;
366 if (s->invalidated) {
367 s->redraw_fifo_first = s->redraw_fifo_last;
368 return;
370 /* Overlapping region updates can be optimised out here - if someone
371 * knows a smart algorithm to do that, please share. */
372 while (s->redraw_fifo_first != s->redraw_fifo_last) {
373 rect = &s->redraw_fifo[s->redraw_fifo_first++];
374 s->redraw_fifo_first &= REDRAW_FIFO_LEN - 1;
375 vmsvga_update_rect(s, rect->x, rect->y, rect->w, rect->h);
379 #ifdef HW_RECT_ACCEL
380 static inline void vmsvga_copy_rect(struct vmsvga_state_s *s,
381 int x0, int y0, int x1, int y1, int w, int h)
383 DisplaySurface *surface = qemu_console_surface(s->vga.con);
384 uint8_t *vram = s->vga.vram_ptr;
385 int bypl = surface_stride(surface);
386 int bypp = surface_bytes_per_pixel(surface);
387 int width = bypp * w;
388 int line = h;
389 uint8_t *ptr[2];
391 if (y1 > y0) {
392 ptr[0] = vram + bypp * x0 + bypl * (y0 + h - 1);
393 ptr[1] = vram + bypp * x1 + bypl * (y1 + h - 1);
394 for (; line > 0; line --, ptr[0] -= bypl, ptr[1] -= bypl) {
395 memmove(ptr[1], ptr[0], width);
397 } else {
398 ptr[0] = vram + bypp * x0 + bypl * y0;
399 ptr[1] = vram + bypp * x1 + bypl * y1;
400 for (; line > 0; line --, ptr[0] += bypl, ptr[1] += bypl) {
401 memmove(ptr[1], ptr[0], width);
405 vmsvga_update_rect_delayed(s, x1, y1, w, h);
407 #endif
409 #ifdef HW_FILL_ACCEL
410 static inline void vmsvga_fill_rect(struct vmsvga_state_s *s,
411 uint32_t c, int x, int y, int w, int h)
413 DisplaySurface *surface = qemu_console_surface(s->vga.con);
414 int bypl = surface_stride(surface);
415 int width = surface_bytes_per_pixel(surface) * w;
416 int line = h;
417 int column;
418 uint8_t *fst;
419 uint8_t *dst;
420 uint8_t *src;
421 uint8_t col[4];
423 col[0] = c;
424 col[1] = c >> 8;
425 col[2] = c >> 16;
426 col[3] = c >> 24;
428 fst = s->vga.vram_ptr + surface_bytes_per_pixel(surface) * x + bypl * y;
430 if (line--) {
431 dst = fst;
432 src = col;
433 for (column = width; column > 0; column--) {
434 *(dst++) = *(src++);
435 if (src - col == surface_bytes_per_pixel(surface)) {
436 src = col;
439 dst = fst;
440 for (; line > 0; line--) {
441 dst += bypl;
442 memcpy(dst, fst, width);
446 vmsvga_update_rect_delayed(s, x, y, w, h);
448 #endif
450 struct vmsvga_cursor_definition_s {
451 int width;
452 int height;
453 int id;
454 int bpp;
455 int hot_x;
456 int hot_y;
457 uint32_t mask[1024];
458 uint32_t image[4096];
461 #define SVGA_BITMAP_SIZE(w, h) ((((w) + 31) >> 5) * (h))
462 #define SVGA_PIXMAP_SIZE(w, h, bpp) (((((w) * (bpp)) + 31) >> 5) * (h))
464 #ifdef HW_MOUSE_ACCEL
465 static inline void vmsvga_cursor_define(struct vmsvga_state_s *s,
466 struct vmsvga_cursor_definition_s *c)
468 QEMUCursor *qc;
469 int i, pixels;
471 qc = cursor_alloc(c->width, c->height);
472 qc->hot_x = c->hot_x;
473 qc->hot_y = c->hot_y;
474 switch (c->bpp) {
475 case 1:
476 cursor_set_mono(qc, 0xffffff, 0x000000, (void *)c->image,
477 1, (void *)c->mask);
478 #ifdef DEBUG
479 cursor_print_ascii_art(qc, "vmware/mono");
480 #endif
481 break;
482 case 32:
483 /* fill alpha channel from mask, set color to zero */
484 cursor_set_mono(qc, 0x000000, 0x000000, (void *)c->mask,
485 1, (void *)c->mask);
486 /* add in rgb values */
487 pixels = c->width * c->height;
488 for (i = 0; i < pixels; i++) {
489 qc->data[i] |= c->image[i] & 0xffffff;
491 #ifdef DEBUG
492 cursor_print_ascii_art(qc, "vmware/32bit");
493 #endif
494 break;
495 default:
496 fprintf(stderr, "%s: unhandled bpp %d, using fallback cursor\n",
497 __func__, c->bpp);
498 cursor_put(qc);
499 qc = cursor_builtin_left_ptr();
502 dpy_cursor_define(s->vga.con, qc);
503 cursor_put(qc);
505 #endif
507 #define CMD(f) le32_to_cpu(s->cmd->f)
509 static inline int vmsvga_fifo_length(struct vmsvga_state_s *s)
511 int num;
513 if (!s->config || !s->enable) {
514 return 0;
516 num = CMD(next_cmd) - CMD(stop);
517 if (num < 0) {
518 num += CMD(max) - CMD(min);
520 return num >> 2;
523 static inline uint32_t vmsvga_fifo_read_raw(struct vmsvga_state_s *s)
525 uint32_t cmd = s->fifo[CMD(stop) >> 2];
527 s->cmd->stop = cpu_to_le32(CMD(stop) + 4);
528 if (CMD(stop) >= CMD(max)) {
529 s->cmd->stop = s->cmd->min;
531 return cmd;
534 static inline uint32_t vmsvga_fifo_read(struct vmsvga_state_s *s)
536 return le32_to_cpu(vmsvga_fifo_read_raw(s));
539 static void vmsvga_fifo_run(struct vmsvga_state_s *s)
541 uint32_t cmd, colour;
542 int args, len;
543 int x, y, dx, dy, width, height;
544 struct vmsvga_cursor_definition_s cursor;
545 uint32_t cmd_start;
547 len = vmsvga_fifo_length(s);
548 while (len > 0) {
549 /* May need to go back to the start of the command if incomplete */
550 cmd_start = s->cmd->stop;
552 switch (cmd = vmsvga_fifo_read(s)) {
553 case SVGA_CMD_UPDATE:
554 case SVGA_CMD_UPDATE_VERBOSE:
555 len -= 5;
556 if (len < 0) {
557 goto rewind;
560 x = vmsvga_fifo_read(s);
561 y = vmsvga_fifo_read(s);
562 width = vmsvga_fifo_read(s);
563 height = vmsvga_fifo_read(s);
564 vmsvga_update_rect_delayed(s, x, y, width, height);
565 break;
567 case SVGA_CMD_RECT_FILL:
568 len -= 6;
569 if (len < 0) {
570 goto rewind;
573 colour = vmsvga_fifo_read(s);
574 x = vmsvga_fifo_read(s);
575 y = vmsvga_fifo_read(s);
576 width = vmsvga_fifo_read(s);
577 height = vmsvga_fifo_read(s);
578 #ifdef HW_FILL_ACCEL
579 vmsvga_fill_rect(s, colour, x, y, width, height);
580 break;
581 #else
582 args = 0;
583 goto badcmd;
584 #endif
586 case SVGA_CMD_RECT_COPY:
587 len -= 7;
588 if (len < 0) {
589 goto rewind;
592 x = vmsvga_fifo_read(s);
593 y = vmsvga_fifo_read(s);
594 dx = vmsvga_fifo_read(s);
595 dy = vmsvga_fifo_read(s);
596 width = vmsvga_fifo_read(s);
597 height = vmsvga_fifo_read(s);
598 #ifdef HW_RECT_ACCEL
599 vmsvga_copy_rect(s, x, y, dx, dy, width, height);
600 break;
601 #else
602 args = 0;
603 goto badcmd;
604 #endif
606 case SVGA_CMD_DEFINE_CURSOR:
607 len -= 8;
608 if (len < 0) {
609 goto rewind;
612 cursor.id = vmsvga_fifo_read(s);
613 cursor.hot_x = vmsvga_fifo_read(s);
614 cursor.hot_y = vmsvga_fifo_read(s);
615 cursor.width = x = vmsvga_fifo_read(s);
616 cursor.height = y = vmsvga_fifo_read(s);
617 vmsvga_fifo_read(s);
618 cursor.bpp = vmsvga_fifo_read(s);
620 args = SVGA_BITMAP_SIZE(x, y) + SVGA_PIXMAP_SIZE(x, y, cursor.bpp);
621 if (SVGA_BITMAP_SIZE(x, y) > sizeof cursor.mask ||
622 SVGA_PIXMAP_SIZE(x, y, cursor.bpp) > sizeof cursor.image) {
623 goto badcmd;
626 len -= args;
627 if (len < 0) {
628 goto rewind;
631 for (args = 0; args < SVGA_BITMAP_SIZE(x, y); args++) {
632 cursor.mask[args] = vmsvga_fifo_read_raw(s);
634 for (args = 0; args < SVGA_PIXMAP_SIZE(x, y, cursor.bpp); args++) {
635 cursor.image[args] = vmsvga_fifo_read_raw(s);
637 #ifdef HW_MOUSE_ACCEL
638 vmsvga_cursor_define(s, &cursor);
639 break;
640 #else
641 args = 0;
642 goto badcmd;
643 #endif
646 * Other commands that we at least know the number of arguments
647 * for so we can avoid FIFO desync if driver uses them illegally.
649 case SVGA_CMD_DEFINE_ALPHA_CURSOR:
650 len -= 6;
651 if (len < 0) {
652 goto rewind;
654 vmsvga_fifo_read(s);
655 vmsvga_fifo_read(s);
656 vmsvga_fifo_read(s);
657 x = vmsvga_fifo_read(s);
658 y = vmsvga_fifo_read(s);
659 args = x * y;
660 goto badcmd;
661 case SVGA_CMD_RECT_ROP_FILL:
662 args = 6;
663 goto badcmd;
664 case SVGA_CMD_RECT_ROP_COPY:
665 args = 7;
666 goto badcmd;
667 case SVGA_CMD_DRAW_GLYPH_CLIPPED:
668 len -= 4;
669 if (len < 0) {
670 goto rewind;
672 vmsvga_fifo_read(s);
673 vmsvga_fifo_read(s);
674 args = 7 + (vmsvga_fifo_read(s) >> 2);
675 goto badcmd;
676 case SVGA_CMD_SURFACE_ALPHA_BLEND:
677 args = 12;
678 goto badcmd;
681 * Other commands that are not listed as depending on any
682 * CAPABILITIES bits, but are not described in the README either.
684 case SVGA_CMD_SURFACE_FILL:
685 case SVGA_CMD_SURFACE_COPY:
686 case SVGA_CMD_FRONT_ROP_FILL:
687 case SVGA_CMD_FENCE:
688 case SVGA_CMD_INVALID_CMD:
689 break; /* Nop */
691 default:
692 args = 0;
693 badcmd:
694 len -= args;
695 if (len < 0) {
696 goto rewind;
698 while (args--) {
699 vmsvga_fifo_read(s);
701 printf("%s: Unknown command 0x%02x in SVGA command FIFO\n",
702 __func__, cmd);
703 break;
705 rewind:
706 s->cmd->stop = cmd_start;
707 break;
711 s->syncing = 0;
714 static uint32_t vmsvga_index_read(void *opaque, uint32_t address)
716 struct vmsvga_state_s *s = opaque;
718 return s->index;
721 static void vmsvga_index_write(void *opaque, uint32_t address, uint32_t index)
723 struct vmsvga_state_s *s = opaque;
725 s->index = index;
728 static uint32_t vmsvga_value_read(void *opaque, uint32_t address)
730 uint32_t caps;
731 struct vmsvga_state_s *s = opaque;
732 DisplaySurface *surface = qemu_console_surface(s->vga.con);
733 PixelFormat pf;
734 uint32_t ret;
736 switch (s->index) {
737 case SVGA_REG_ID:
738 ret = s->svgaid;
739 break;
741 case SVGA_REG_ENABLE:
742 ret = s->enable;
743 break;
745 case SVGA_REG_WIDTH:
746 ret = s->new_width ? s->new_width : surface_width(surface);
747 break;
749 case SVGA_REG_HEIGHT:
750 ret = s->new_height ? s->new_height : surface_height(surface);
751 break;
753 case SVGA_REG_MAX_WIDTH:
754 ret = SVGA_MAX_WIDTH;
755 break;
757 case SVGA_REG_MAX_HEIGHT:
758 ret = SVGA_MAX_HEIGHT;
759 break;
761 case SVGA_REG_DEPTH:
762 ret = (s->new_depth == 32) ? 24 : s->new_depth;
763 break;
765 case SVGA_REG_BITS_PER_PIXEL:
766 case SVGA_REG_HOST_BITS_PER_PIXEL:
767 ret = s->new_depth;
768 break;
770 case SVGA_REG_PSEUDOCOLOR:
771 ret = 0x0;
772 break;
774 case SVGA_REG_RED_MASK:
775 pf = qemu_default_pixelformat(s->new_depth);
776 ret = pf.rmask;
777 break;
779 case SVGA_REG_GREEN_MASK:
780 pf = qemu_default_pixelformat(s->new_depth);
781 ret = pf.gmask;
782 break;
784 case SVGA_REG_BLUE_MASK:
785 pf = qemu_default_pixelformat(s->new_depth);
786 ret = pf.bmask;
787 break;
789 case SVGA_REG_BYTES_PER_LINE:
790 if (s->new_width) {
791 ret = (s->new_depth * s->new_width) / 8;
792 } else {
793 ret = surface_stride(surface);
795 break;
797 case SVGA_REG_FB_START: {
798 struct pci_vmsvga_state_s *pci_vmsvga
799 = container_of(s, struct pci_vmsvga_state_s, chip);
800 ret = pci_get_bar_addr(PCI_DEVICE(pci_vmsvga), 1);
801 break;
804 case SVGA_REG_FB_OFFSET:
805 ret = 0x0;
806 break;
808 case SVGA_REG_VRAM_SIZE:
809 ret = s->vga.vram_size; /* No physical VRAM besides the framebuffer */
810 break;
812 case SVGA_REG_FB_SIZE:
813 ret = s->vga.vram_size;
814 break;
816 case SVGA_REG_CAPABILITIES:
817 caps = SVGA_CAP_NONE;
818 #ifdef HW_RECT_ACCEL
819 caps |= SVGA_CAP_RECT_COPY;
820 #endif
821 #ifdef HW_FILL_ACCEL
822 caps |= SVGA_CAP_RECT_FILL;
823 #endif
824 #ifdef HW_MOUSE_ACCEL
825 if (dpy_cursor_define_supported(s->vga.con)) {
826 caps |= SVGA_CAP_CURSOR | SVGA_CAP_CURSOR_BYPASS_2 |
827 SVGA_CAP_CURSOR_BYPASS;
829 #endif
830 ret = caps;
831 break;
833 case SVGA_REG_MEM_START: {
834 struct pci_vmsvga_state_s *pci_vmsvga
835 = container_of(s, struct pci_vmsvga_state_s, chip);
836 ret = pci_get_bar_addr(PCI_DEVICE(pci_vmsvga), 2);
837 break;
840 case SVGA_REG_MEM_SIZE:
841 ret = s->fifo_size;
842 break;
844 case SVGA_REG_CONFIG_DONE:
845 ret = s->config;
846 break;
848 case SVGA_REG_SYNC:
849 case SVGA_REG_BUSY:
850 ret = s->syncing;
851 break;
853 case SVGA_REG_GUEST_ID:
854 ret = s->guest;
855 break;
857 case SVGA_REG_CURSOR_ID:
858 ret = s->cursor.id;
859 break;
861 case SVGA_REG_CURSOR_X:
862 ret = s->cursor.x;
863 break;
865 case SVGA_REG_CURSOR_Y:
866 ret = s->cursor.x;
867 break;
869 case SVGA_REG_CURSOR_ON:
870 ret = s->cursor.on;
871 break;
873 case SVGA_REG_SCRATCH_SIZE:
874 ret = s->scratch_size;
875 break;
877 case SVGA_REG_MEM_REGS:
878 case SVGA_REG_NUM_DISPLAYS:
879 case SVGA_REG_PITCHLOCK:
880 case SVGA_PALETTE_BASE ... SVGA_PALETTE_END:
881 ret = 0;
882 break;
884 default:
885 if (s->index >= SVGA_SCRATCH_BASE &&
886 s->index < SVGA_SCRATCH_BASE + s->scratch_size) {
887 ret = s->scratch[s->index - SVGA_SCRATCH_BASE];
888 break;
890 printf("%s: Bad register %02x\n", __func__, s->index);
891 ret = 0;
892 break;
895 if (s->index >= SVGA_SCRATCH_BASE) {
896 trace_vmware_scratch_read(s->index, ret);
897 } else if (s->index >= SVGA_PALETTE_BASE) {
898 trace_vmware_palette_read(s->index, ret);
899 } else {
900 trace_vmware_value_read(s->index, ret);
902 return ret;
905 static void vmsvga_value_write(void *opaque, uint32_t address, uint32_t value)
907 struct vmsvga_state_s *s = opaque;
909 if (s->index >= SVGA_SCRATCH_BASE) {
910 trace_vmware_scratch_write(s->index, value);
911 } else if (s->index >= SVGA_PALETTE_BASE) {
912 trace_vmware_palette_write(s->index, value);
913 } else {
914 trace_vmware_value_write(s->index, value);
916 switch (s->index) {
917 case SVGA_REG_ID:
918 if (value == SVGA_ID_2 || value == SVGA_ID_1 || value == SVGA_ID_0) {
919 s->svgaid = value;
921 break;
923 case SVGA_REG_ENABLE:
924 s->enable = !!value;
925 s->invalidated = 1;
926 s->vga.hw_ops->invalidate(&s->vga);
927 if (s->enable && s->config) {
928 vga_dirty_log_stop(&s->vga);
929 } else {
930 vga_dirty_log_start(&s->vga);
932 break;
934 case SVGA_REG_WIDTH:
935 if (value <= SVGA_MAX_WIDTH) {
936 s->new_width = value;
937 s->invalidated = 1;
938 } else {
939 printf("%s: Bad width: %i\n", __func__, value);
941 break;
943 case SVGA_REG_HEIGHT:
944 if (value <= SVGA_MAX_HEIGHT) {
945 s->new_height = value;
946 s->invalidated = 1;
947 } else {
948 printf("%s: Bad height: %i\n", __func__, value);
950 break;
952 case SVGA_REG_BITS_PER_PIXEL:
953 if (value != 32) {
954 printf("%s: Bad bits per pixel: %i bits\n", __func__, value);
955 s->config = 0;
956 s->invalidated = 1;
958 break;
960 case SVGA_REG_CONFIG_DONE:
961 if (value) {
962 s->fifo = (uint32_t *) s->fifo_ptr;
963 /* Check range and alignment. */
964 if ((CMD(min) | CMD(max) | CMD(next_cmd) | CMD(stop)) & 3) {
965 break;
967 if (CMD(min) < (uint8_t *) s->cmd->fifo - (uint8_t *) s->fifo) {
968 break;
970 if (CMD(max) > SVGA_FIFO_SIZE) {
971 break;
973 if (CMD(max) < CMD(min) + 10 * 1024) {
974 break;
976 vga_dirty_log_stop(&s->vga);
978 s->config = !!value;
979 break;
981 case SVGA_REG_SYNC:
982 s->syncing = 1;
983 vmsvga_fifo_run(s); /* Or should we just wait for update_display? */
984 break;
986 case SVGA_REG_GUEST_ID:
987 s->guest = value;
988 #ifdef VERBOSE
989 if (value >= GUEST_OS_BASE && value < GUEST_OS_BASE +
990 ARRAY_SIZE(vmsvga_guest_id)) {
991 printf("%s: guest runs %s.\n", __func__,
992 vmsvga_guest_id[value - GUEST_OS_BASE]);
994 #endif
995 break;
997 case SVGA_REG_CURSOR_ID:
998 s->cursor.id = value;
999 break;
1001 case SVGA_REG_CURSOR_X:
1002 s->cursor.x = value;
1003 break;
1005 case SVGA_REG_CURSOR_Y:
1006 s->cursor.y = value;
1007 break;
1009 case SVGA_REG_CURSOR_ON:
1010 s->cursor.on |= (value == SVGA_CURSOR_ON_SHOW);
1011 s->cursor.on &= (value != SVGA_CURSOR_ON_HIDE);
1012 #ifdef HW_MOUSE_ACCEL
1013 if (value <= SVGA_CURSOR_ON_SHOW) {
1014 dpy_mouse_set(s->vga.con, s->cursor.x, s->cursor.y, s->cursor.on);
1016 #endif
1017 break;
1019 case SVGA_REG_DEPTH:
1020 case SVGA_REG_MEM_REGS:
1021 case SVGA_REG_NUM_DISPLAYS:
1022 case SVGA_REG_PITCHLOCK:
1023 case SVGA_PALETTE_BASE ... SVGA_PALETTE_END:
1024 break;
1026 default:
1027 if (s->index >= SVGA_SCRATCH_BASE &&
1028 s->index < SVGA_SCRATCH_BASE + s->scratch_size) {
1029 s->scratch[s->index - SVGA_SCRATCH_BASE] = value;
1030 break;
1032 printf("%s: Bad register %02x\n", __func__, s->index);
1036 static uint32_t vmsvga_bios_read(void *opaque, uint32_t address)
1038 printf("%s: what are we supposed to return?\n", __func__);
1039 return 0xcafe;
1042 static void vmsvga_bios_write(void *opaque, uint32_t address, uint32_t data)
1044 printf("%s: what are we supposed to do with (%08x)?\n", __func__, data);
1047 static inline void vmsvga_check_size(struct vmsvga_state_s *s)
1049 DisplaySurface *surface = qemu_console_surface(s->vga.con);
1051 if (s->new_width != surface_width(surface) ||
1052 s->new_height != surface_height(surface) ||
1053 s->new_depth != surface_bits_per_pixel(surface)) {
1054 int stride = (s->new_depth * s->new_width) / 8;
1055 trace_vmware_setmode(s->new_width, s->new_height, s->new_depth);
1056 surface = qemu_create_displaysurface_from(s->new_width, s->new_height,
1057 s->new_depth, stride,
1058 s->vga.vram_ptr, false);
1059 dpy_gfx_replace_surface(s->vga.con, surface);
1060 s->invalidated = 1;
1064 static void vmsvga_update_display(void *opaque)
1066 struct vmsvga_state_s *s = opaque;
1067 DisplaySurface *surface;
1068 bool dirty = false;
1070 if (!s->enable) {
1071 s->vga.hw_ops->gfx_update(&s->vga);
1072 return;
1075 vmsvga_check_size(s);
1076 surface = qemu_console_surface(s->vga.con);
1078 vmsvga_fifo_run(s);
1079 vmsvga_update_rect_flush(s);
1082 * Is it more efficient to look at vram VGA-dirty bits or wait
1083 * for the driver to issue SVGA_CMD_UPDATE?
1085 if (memory_region_is_logging(&s->vga.vram)) {
1086 vga_sync_dirty_bitmap(&s->vga);
1087 dirty = memory_region_get_dirty(&s->vga.vram, 0,
1088 surface_stride(surface) * surface_height(surface),
1089 DIRTY_MEMORY_VGA);
1091 if (s->invalidated || dirty) {
1092 s->invalidated = 0;
1093 dpy_gfx_update(s->vga.con, 0, 0,
1094 surface_width(surface), surface_height(surface));
1096 if (dirty) {
1097 memory_region_reset_dirty(&s->vga.vram, 0,
1098 surface_stride(surface) * surface_height(surface),
1099 DIRTY_MEMORY_VGA);
1103 static void vmsvga_reset(DeviceState *dev)
1105 struct pci_vmsvga_state_s *pci = VMWARE_SVGA(dev);
1106 struct vmsvga_state_s *s = &pci->chip;
1108 s->index = 0;
1109 s->enable = 0;
1110 s->config = 0;
1111 s->svgaid = SVGA_ID;
1112 s->cursor.on = 0;
1113 s->redraw_fifo_first = 0;
1114 s->redraw_fifo_last = 0;
1115 s->syncing = 0;
1117 vga_dirty_log_start(&s->vga);
1120 static void vmsvga_invalidate_display(void *opaque)
1122 struct vmsvga_state_s *s = opaque;
1123 if (!s->enable) {
1124 s->vga.hw_ops->invalidate(&s->vga);
1125 return;
1128 s->invalidated = 1;
1131 static void vmsvga_text_update(void *opaque, console_ch_t *chardata)
1133 struct vmsvga_state_s *s = opaque;
1135 if (s->vga.hw_ops->text_update) {
1136 s->vga.hw_ops->text_update(&s->vga, chardata);
1140 static int vmsvga_post_load(void *opaque, int version_id)
1142 struct vmsvga_state_s *s = opaque;
1144 s->invalidated = 1;
1145 if (s->config) {
1146 s->fifo = (uint32_t *) s->fifo_ptr;
1148 return 0;
1151 static const VMStateDescription vmstate_vmware_vga_internal = {
1152 .name = "vmware_vga_internal",
1153 .version_id = 0,
1154 .minimum_version_id = 0,
1155 .minimum_version_id_old = 0,
1156 .post_load = vmsvga_post_load,
1157 .fields = (VMStateField[]) {
1158 VMSTATE_INT32_EQUAL(new_depth, struct vmsvga_state_s),
1159 VMSTATE_INT32(enable, struct vmsvga_state_s),
1160 VMSTATE_INT32(config, struct vmsvga_state_s),
1161 VMSTATE_INT32(cursor.id, struct vmsvga_state_s),
1162 VMSTATE_INT32(cursor.x, struct vmsvga_state_s),
1163 VMSTATE_INT32(cursor.y, struct vmsvga_state_s),
1164 VMSTATE_INT32(cursor.on, struct vmsvga_state_s),
1165 VMSTATE_INT32(index, struct vmsvga_state_s),
1166 VMSTATE_VARRAY_INT32(scratch, struct vmsvga_state_s,
1167 scratch_size, 0, vmstate_info_uint32, uint32_t),
1168 VMSTATE_INT32(new_width, struct vmsvga_state_s),
1169 VMSTATE_INT32(new_height, struct vmsvga_state_s),
1170 VMSTATE_UINT32(guest, struct vmsvga_state_s),
1171 VMSTATE_UINT32(svgaid, struct vmsvga_state_s),
1172 VMSTATE_INT32(syncing, struct vmsvga_state_s),
1173 VMSTATE_UNUSED(4), /* was fb_size */
1174 VMSTATE_END_OF_LIST()
1178 static const VMStateDescription vmstate_vmware_vga = {
1179 .name = "vmware_vga",
1180 .version_id = 0,
1181 .minimum_version_id = 0,
1182 .minimum_version_id_old = 0,
1183 .fields = (VMStateField[]) {
1184 VMSTATE_PCI_DEVICE(parent_obj, struct pci_vmsvga_state_s),
1185 VMSTATE_STRUCT(chip, struct pci_vmsvga_state_s, 0,
1186 vmstate_vmware_vga_internal, struct vmsvga_state_s),
1187 VMSTATE_END_OF_LIST()
1191 static const GraphicHwOps vmsvga_ops = {
1192 .invalidate = vmsvga_invalidate_display,
1193 .gfx_update = vmsvga_update_display,
1194 .text_update = vmsvga_text_update,
1197 static void vmsvga_init(DeviceState *dev, struct vmsvga_state_s *s,
1198 MemoryRegion *address_space, MemoryRegion *io)
1200 s->scratch_size = SVGA_SCRATCH_SIZE;
1201 s->scratch = g_malloc(s->scratch_size * 4);
1203 s->vga.con = graphic_console_init(dev, 0, &vmsvga_ops, s);
1205 s->fifo_size = SVGA_FIFO_SIZE;
1206 memory_region_init_ram(&s->fifo_ram, NULL, "vmsvga.fifo", s->fifo_size);
1207 vmstate_register_ram_global(&s->fifo_ram);
1208 s->fifo_ptr = memory_region_get_ram_ptr(&s->fifo_ram);
1210 vga_common_init(&s->vga, OBJECT(dev));
1211 vga_init(&s->vga, OBJECT(dev), address_space, io, true);
1212 vmstate_register(NULL, 0, &vmstate_vga_common, &s->vga);
1213 s->new_depth = 32;
1216 static uint64_t vmsvga_io_read(void *opaque, hwaddr addr, unsigned size)
1218 struct vmsvga_state_s *s = opaque;
1220 switch (addr) {
1221 case SVGA_IO_MUL * SVGA_INDEX_PORT: return vmsvga_index_read(s, addr);
1222 case SVGA_IO_MUL * SVGA_VALUE_PORT: return vmsvga_value_read(s, addr);
1223 case SVGA_IO_MUL * SVGA_BIOS_PORT: return vmsvga_bios_read(s, addr);
1224 default: return -1u;
1228 static void vmsvga_io_write(void *opaque, hwaddr addr,
1229 uint64_t data, unsigned size)
1231 struct vmsvga_state_s *s = opaque;
1233 switch (addr) {
1234 case SVGA_IO_MUL * SVGA_INDEX_PORT:
1235 vmsvga_index_write(s, addr, data);
1236 break;
1237 case SVGA_IO_MUL * SVGA_VALUE_PORT:
1238 vmsvga_value_write(s, addr, data);
1239 break;
1240 case SVGA_IO_MUL * SVGA_BIOS_PORT:
1241 vmsvga_bios_write(s, addr, data);
1242 break;
1246 static const MemoryRegionOps vmsvga_io_ops = {
1247 .read = vmsvga_io_read,
1248 .write = vmsvga_io_write,
1249 .endianness = DEVICE_LITTLE_ENDIAN,
1250 .valid = {
1251 .min_access_size = 4,
1252 .max_access_size = 4,
1253 .unaligned = true,
1255 .impl = {
1256 .unaligned = true,
1260 static int pci_vmsvga_initfn(PCIDevice *dev)
1262 struct pci_vmsvga_state_s *s = VMWARE_SVGA(dev);
1264 dev->config[PCI_CACHE_LINE_SIZE] = 0x08;
1265 dev->config[PCI_LATENCY_TIMER] = 0x40;
1266 dev->config[PCI_INTERRUPT_LINE] = 0xff; /* End */
1268 memory_region_init_io(&s->io_bar, NULL, &vmsvga_io_ops, &s->chip,
1269 "vmsvga-io", 0x10);
1270 memory_region_set_flush_coalesced(&s->io_bar);
1271 pci_register_bar(dev, 0, PCI_BASE_ADDRESS_SPACE_IO, &s->io_bar);
1273 vmsvga_init(DEVICE(dev), &s->chip,
1274 pci_address_space(dev), pci_address_space_io(dev));
1276 pci_register_bar(dev, 1, PCI_BASE_ADDRESS_MEM_PREFETCH,
1277 &s->chip.vga.vram);
1278 pci_register_bar(dev, 2, PCI_BASE_ADDRESS_MEM_PREFETCH,
1279 &s->chip.fifo_ram);
1281 if (!dev->rom_bar) {
1282 /* compatibility with pc-0.13 and older */
1283 vga_init_vbe(&s->chip.vga, OBJECT(dev), pci_address_space(dev));
1286 return 0;
1289 static Property vga_vmware_properties[] = {
1290 DEFINE_PROP_UINT32("vgamem_mb", struct pci_vmsvga_state_s,
1291 chip.vga.vram_size_mb, 16),
1292 DEFINE_PROP_END_OF_LIST(),
1295 static void vmsvga_class_init(ObjectClass *klass, void *data)
1297 DeviceClass *dc = DEVICE_CLASS(klass);
1298 PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
1300 k->init = pci_vmsvga_initfn;
1301 k->romfile = "vgabios-vmware.bin";
1302 k->vendor_id = PCI_VENDOR_ID_VMWARE;
1303 k->device_id = SVGA_PCI_DEVICE_ID;
1304 k->class_id = PCI_CLASS_DISPLAY_VGA;
1305 k->subsystem_vendor_id = PCI_VENDOR_ID_VMWARE;
1306 k->subsystem_id = SVGA_PCI_DEVICE_ID;
1307 dc->reset = vmsvga_reset;
1308 dc->vmsd = &vmstate_vmware_vga;
1309 dc->props = vga_vmware_properties;
1310 dc->hotpluggable = false;
1311 set_bit(DEVICE_CATEGORY_DISPLAY, dc->categories);
1314 static const TypeInfo vmsvga_info = {
1315 .name = TYPE_VMWARE_SVGA,
1316 .parent = TYPE_PCI_DEVICE,
1317 .instance_size = sizeof(struct pci_vmsvga_state_s),
1318 .class_init = vmsvga_class_init,
1321 static void vmsvga_register_types(void)
1323 type_register_static(&vmsvga_info);
1326 type_init(vmsvga_register_types)