search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Merge tag 'pull-loongarch-20241016' of https://gitlab.com/gaosong/qemu into staging
[qemu/armbru.git] / hw / display / virtio-gpu.c
blob49fd80339340923995e93661e47fd1b80f221448
1 /*
2 * Virtio GPU Device
3 *
4 * Copyright Red Hat, Inc. 2013-2014
5 *
6 * Authors:
7 * Dave Airlie <airlied@redhat.com>
8 * Gerd Hoffmann <kraxel@redhat.com>
9 *
10 * This work is licensed under the terms of the GNU GPL, version 2 or later.
11 * See the COPYING file in the top-level directory.
12 */
13
14 #include "qemu/osdep.h"
15 #include "qemu/units.h"
16 #include "qemu/iov.h"
17 #include "sysemu/cpus.h"
18 #include "ui/console.h"
19 #include "ui/rect.h"
20 #include "trace.h"
21 #include "sysemu/dma.h"
22 #include "sysemu/sysemu.h"
23 #include "hw/virtio/virtio.h"
24 #include "migration/qemu-file-types.h"
25 #include "hw/virtio/virtio-gpu.h"
26 #include "hw/virtio/virtio-gpu-bswap.h"
27 #include "hw/virtio/virtio-gpu-pixman.h"
28 #include "hw/virtio/virtio-bus.h"
29 #include "hw/qdev-properties.h"
30 #include "qemu/log.h"
31 #include "qemu/memfd.h"
32 #include "qemu/module.h"
33 #include "qapi/error.h"
34 #include "qemu/error-report.h"
35
36 #define VIRTIO_GPU_VM_VERSION 1
37
38 static struct virtio_gpu_simple_resource *
39 virtio_gpu_find_check_resource(VirtIOGPU *g, uint32_t resource_id,
40 bool require_backing,
41 const char *caller, uint32_t *error);
42
43 static void virtio_gpu_reset_bh(void *opaque);
44
45 void virtio_gpu_update_cursor_data(VirtIOGPU *g,
46 struct virtio_gpu_scanout *s,
47 uint32_t resource_id)
48 {
49 struct virtio_gpu_simple_resource *res;
50 uint32_t pixels;
51 void *data;
52
53 res = virtio_gpu_find_check_resource(g, resource_id, false,
54 __func__, NULL);
55 if (!res) {
56 return;
57 }
58
59 if (res->blob_size) {
60 if (res->blob_size < (s->current_cursor->width *
61 s->current_cursor->height * 4)) {
62 return;
63 }
64 data = res->blob;
65 } else {
66 if (pixman_image_get_width(res->image) != s->current_cursor->width ||
67 pixman_image_get_height(res->image) != s->current_cursor->height) {
68 return;
69 }
70 data = pixman_image_get_data(res->image);
71 }
72
73 pixels = s->current_cursor->width * s->current_cursor->height;
74 memcpy(s->current_cursor->data, data,
75 pixels * sizeof(uint32_t));
76 }
77
78 static void update_cursor(VirtIOGPU *g, struct virtio_gpu_update_cursor *cursor)
79 {
80 struct virtio_gpu_scanout *s;
81 VirtIOGPUClass *vgc = VIRTIO_GPU_GET_CLASS(g);
82 bool move = cursor->hdr.type == VIRTIO_GPU_CMD_MOVE_CURSOR;
83
84 if (cursor->pos.scanout_id >= g->parent_obj.conf.max_outputs) {
85 return;
86 }
87 s = &g->parent_obj.scanout[cursor->pos.scanout_id];
88
89 trace_virtio_gpu_update_cursor(cursor->pos.scanout_id,
90 cursor->pos.x,
91 cursor->pos.y,
92 move ? "move" : "update",
93 cursor->resource_id);
94
95 if (!move) {
96 if (!s->current_cursor) {
97 s->current_cursor = cursor_alloc(64, 64);
98 }
99
100 s->current_cursor->hot_x = cursor->hot_x;
101 s->current_cursor->hot_y = cursor->hot_y;
102
103 if (cursor->resource_id > 0) {
104 vgc->update_cursor_data(g, s, cursor->resource_id);
105 }
106 dpy_cursor_define(s->con, s->current_cursor);
107
108 s->cursor = *cursor;
109 } else {
110 s->cursor.pos.x = cursor->pos.x;
111 s->cursor.pos.y = cursor->pos.y;
112 }
113 dpy_mouse_set(s->con, cursor->pos.x, cursor->pos.y, cursor->resource_id);
114 }
115
116 struct virtio_gpu_simple_resource *
117 virtio_gpu_find_resource(VirtIOGPU *g, uint32_t resource_id)
118 {
119 struct virtio_gpu_simple_resource *res;
120
121 QTAILQ_FOREACH(res, &g->reslist, next) {
122 if (res->resource_id == resource_id) {
123 return res;
124 }
125 }
126 return NULL;
127 }
128
129 static struct virtio_gpu_simple_resource *
130 virtio_gpu_find_check_resource(VirtIOGPU *g, uint32_t resource_id,
131 bool require_backing,
132 const char *caller, uint32_t *error)
133 {
134 struct virtio_gpu_simple_resource *res;
135
136 res = virtio_gpu_find_resource(g, resource_id);
137 if (!res) {
138 qemu_log_mask(LOG_GUEST_ERROR, "%s: invalid resource specified %d\n",
139 caller, resource_id);
140 if (error) {
141 *error = VIRTIO_GPU_RESP_ERR_INVALID_RESOURCE_ID;
142 }
143 return NULL;
144 }
145
146 if (require_backing) {
147 if (!res->iov || (!res->image && !res->blob)) {
148 qemu_log_mask(LOG_GUEST_ERROR, "%s: no backing storage %d\n",
149 caller, resource_id);
150 if (error) {
151 *error = VIRTIO_GPU_RESP_ERR_UNSPEC;
152 }
153 return NULL;
154 }
155 }
156
157 return res;
158 }
159
160 void virtio_gpu_ctrl_response(VirtIOGPU *g,
161 struct virtio_gpu_ctrl_command *cmd,
162 struct virtio_gpu_ctrl_hdr *resp,
163 size_t resp_len)
164 {
165 size_t s;
166
167 if (cmd->cmd_hdr.flags & VIRTIO_GPU_FLAG_FENCE) {
168 resp->flags |= VIRTIO_GPU_FLAG_FENCE;
169 resp->fence_id = cmd->cmd_hdr.fence_id;
170 resp->ctx_id = cmd->cmd_hdr.ctx_id;
171 }
172 virtio_gpu_ctrl_hdr_bswap(resp);
173 s = iov_from_buf(cmd->elem.in_sg, cmd->elem.in_num, 0, resp, resp_len);
174 if (s != resp_len) {
175 qemu_log_mask(LOG_GUEST_ERROR,
176 "%s: response size incorrect %zu vs %zu\n",
177 __func__, s, resp_len);
178 }
179 virtqueue_push(cmd->vq, &cmd->elem, s);
180 virtio_notify(VIRTIO_DEVICE(g), cmd->vq);
181 cmd->finished = true;
182 }
183
184 void virtio_gpu_ctrl_response_nodata(VirtIOGPU *g,
185 struct virtio_gpu_ctrl_command *cmd,
186 enum virtio_gpu_ctrl_type type)
187 {
188 struct virtio_gpu_ctrl_hdr resp;
189
190 memset(&resp, 0, sizeof(resp));
191 resp.type = type;
192 virtio_gpu_ctrl_response(g, cmd, &resp, sizeof(resp));
193 }
194
195 void virtio_gpu_get_display_info(VirtIOGPU *g,
196 struct virtio_gpu_ctrl_command *cmd)
197 {
198 struct virtio_gpu_resp_display_info display_info;
199
200 trace_virtio_gpu_cmd_get_display_info();
201 memset(&display_info, 0, sizeof(display_info));
202 display_info.hdr.type = VIRTIO_GPU_RESP_OK_DISPLAY_INFO;
203 virtio_gpu_base_fill_display_info(VIRTIO_GPU_BASE(g), &display_info);
204 virtio_gpu_ctrl_response(g, cmd, &display_info.hdr,
205 sizeof(display_info));
206 }
207
208 void virtio_gpu_get_edid(VirtIOGPU *g,
209 struct virtio_gpu_ctrl_command *cmd)
210 {
211 struct virtio_gpu_resp_edid edid;
212 struct virtio_gpu_cmd_get_edid get_edid;
213 VirtIOGPUBase *b = VIRTIO_GPU_BASE(g);
214
215 VIRTIO_GPU_FILL_CMD(get_edid);
216 virtio_gpu_bswap_32(&get_edid, sizeof(get_edid));
217
218 if (get_edid.scanout >= b->conf.max_outputs) {
219 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_PARAMETER;
220 return;
221 }
222
223 trace_virtio_gpu_cmd_get_edid(get_edid.scanout);
224 memset(&edid, 0, sizeof(edid));
225 edid.hdr.type = VIRTIO_GPU_RESP_OK_EDID;
226 virtio_gpu_base_generate_edid(VIRTIO_GPU_BASE(g), get_edid.scanout, &edid);
227 virtio_gpu_ctrl_response(g, cmd, &edid.hdr, sizeof(edid));
228 }
229
230 static uint32_t calc_image_hostmem(pixman_format_code_t pformat,
231 uint32_t width, uint32_t height)
232 {
233 /* Copied from pixman/pixman-bits-image.c, skip integer overflow check.
234 * pixman_image_create_bits will fail in case it overflow.
235 */
236
237 int bpp = PIXMAN_FORMAT_BPP(pformat);
238 int stride = ((width * bpp + 0x1f) >> 5) * sizeof(uint32_t);
239 return height * stride;
240 }
241
242 static void virtio_gpu_resource_create_2d(VirtIOGPU *g,
243 struct virtio_gpu_ctrl_command *cmd)
244 {
245 pixman_format_code_t pformat;
246 struct virtio_gpu_simple_resource *res;
247 struct virtio_gpu_resource_create_2d c2d;
248
249 VIRTIO_GPU_FILL_CMD(c2d);
250 virtio_gpu_bswap_32(&c2d, sizeof(c2d));
251 trace_virtio_gpu_cmd_res_create_2d(c2d.resource_id, c2d.format,
252 c2d.width, c2d.height);
253
254 if (c2d.resource_id == 0) {
255 qemu_log_mask(LOG_GUEST_ERROR, "%s: resource id 0 is not allowed\n",
256 __func__);
257 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_RESOURCE_ID;
258 return;
259 }
260
261 res = virtio_gpu_find_resource(g, c2d.resource_id);
262 if (res) {
263 qemu_log_mask(LOG_GUEST_ERROR, "%s: resource already exists %d\n",
264 __func__, c2d.resource_id);
265 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_RESOURCE_ID;
266 return;
267 }
268
269 res = g_new0(struct virtio_gpu_simple_resource, 1);
270
271 res->width = c2d.width;
272 res->height = c2d.height;
273 res->format = c2d.format;
274 res->resource_id = c2d.resource_id;
275
276 pformat = virtio_gpu_get_pixman_format(c2d.format);
277 if (!pformat) {
278 qemu_log_mask(LOG_GUEST_ERROR,
279 "%s: host couldn't handle guest format %d\n",
280 __func__, c2d.format);
281 g_free(res);
282 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_PARAMETER;
283 return;
284 }
285
286 res->hostmem = calc_image_hostmem(pformat, c2d.width, c2d.height);
287 if (res->hostmem + g->hostmem < g->conf_max_hostmem) {
288 if (!qemu_pixman_image_new_shareable(
289 &res->image,
290 &res->share_handle,
291 "virtio-gpu res",
292 pformat,
293 c2d.width,
294 c2d.height,
295 c2d.height ? res->hostmem / c2d.height : 0,
296 &error_warn)) {
297 goto end;
298 }
299 }
300
301 end:
302 if (!res->image) {
303 qemu_log_mask(LOG_GUEST_ERROR,
304 "%s: resource creation failed %d %d %d\n",
305 __func__, c2d.resource_id, c2d.width, c2d.height);
306 g_free(res);
307 cmd->error = VIRTIO_GPU_RESP_ERR_OUT_OF_MEMORY;
308 return;
309 }
310
311 QTAILQ_INSERT_HEAD(&g->reslist, res, next);
312 g->hostmem += res->hostmem;
313 }
314
315 static void virtio_gpu_resource_create_blob(VirtIOGPU *g,
316 struct virtio_gpu_ctrl_command *cmd)
317 {
318 struct virtio_gpu_simple_resource *res;
319 struct virtio_gpu_resource_create_blob cblob;
320 int ret;
321
322 VIRTIO_GPU_FILL_CMD(cblob);
323 virtio_gpu_create_blob_bswap(&cblob);
324 trace_virtio_gpu_cmd_res_create_blob(cblob.resource_id, cblob.size);
325
326 if (cblob.resource_id == 0) {
327 qemu_log_mask(LOG_GUEST_ERROR, "%s: resource id 0 is not allowed\n",
328 __func__);
329 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_RESOURCE_ID;
330 return;
331 }
332
333 if (cblob.blob_mem != VIRTIO_GPU_BLOB_MEM_GUEST &&
334 cblob.blob_flags != VIRTIO_GPU_BLOB_FLAG_USE_SHAREABLE) {
335 qemu_log_mask(LOG_GUEST_ERROR, "%s: invalid memory type\n",
336 __func__);
337 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_PARAMETER;
338 return;
339 }
340
341 if (virtio_gpu_find_resource(g, cblob.resource_id)) {
342 qemu_log_mask(LOG_GUEST_ERROR, "%s: resource already exists %d\n",
343 __func__, cblob.resource_id);
344 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_RESOURCE_ID;
345 return;
346 }
347
348 res = g_new0(struct virtio_gpu_simple_resource, 1);
349 res->resource_id = cblob.resource_id;
350 res->blob_size = cblob.size;
351
352 ret = virtio_gpu_create_mapping_iov(g, cblob.nr_entries, sizeof(cblob),
353 cmd, &res->addrs, &res->iov,
354 &res->iov_cnt);
355 if (ret != 0) {
356 cmd->error = VIRTIO_GPU_RESP_ERR_UNSPEC;
357 g_free(res);
358 return;
359 }
360
361 virtio_gpu_init_udmabuf(res);
362 QTAILQ_INSERT_HEAD(&g->reslist, res, next);
363 }
364
365 static void virtio_gpu_disable_scanout(VirtIOGPU *g, int scanout_id)
366 {
367 struct virtio_gpu_scanout *scanout = &g->parent_obj.scanout[scanout_id];
368 struct virtio_gpu_simple_resource *res;
369
370 if (scanout->resource_id == 0) {
371 return;
372 }
373
374 res = virtio_gpu_find_resource(g, scanout->resource_id);
375 if (res) {
376 res->scanout_bitmask &= ~(1 << scanout_id);
377 }
378
379 dpy_gfx_replace_surface(scanout->con, NULL);
380 scanout->resource_id = 0;
381 scanout->ds = NULL;
382 scanout->width = 0;
383 scanout->height = 0;
384 }
385
386 static void virtio_gpu_resource_destroy(VirtIOGPU *g,
387 struct virtio_gpu_simple_resource *res,
388 Error **errp)
389 {
390 int i;
391
392 if (res->scanout_bitmask) {
393 for (i = 0; i < g->parent_obj.conf.max_outputs; i++) {
394 if (res->scanout_bitmask & (1 << i)) {
395 virtio_gpu_disable_scanout(g, i);
396 }
397 }
398 }
399
400 qemu_pixman_image_unref(res->image);
401 virtio_gpu_cleanup_mapping(g, res);
402 QTAILQ_REMOVE(&g->reslist, res, next);
403 g->hostmem -= res->hostmem;
404 g_free(res);
405 }
406
407 static void virtio_gpu_resource_unref(VirtIOGPU *g,
408 struct virtio_gpu_ctrl_command *cmd)
409 {
410 struct virtio_gpu_simple_resource *res;
411 struct virtio_gpu_resource_unref unref;
412
413 VIRTIO_GPU_FILL_CMD(unref);
414 virtio_gpu_bswap_32(&unref, sizeof(unref));
415 trace_virtio_gpu_cmd_res_unref(unref.resource_id);
416
417 res = virtio_gpu_find_resource(g, unref.resource_id);
418 if (!res) {
419 qemu_log_mask(LOG_GUEST_ERROR, "%s: illegal resource specified %d\n",
420 __func__, unref.resource_id);
421 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_RESOURCE_ID;
422 return;
423 }
424 /*
425 * virtio_gpu_resource_destroy does not set any errors, so pass a NULL errp
426 * to ignore them.
427 */
428 virtio_gpu_resource_destroy(g, res, NULL);
429 }
430
431 static void virtio_gpu_transfer_to_host_2d(VirtIOGPU *g,
432 struct virtio_gpu_ctrl_command *cmd)
433 {
434 struct virtio_gpu_simple_resource *res;
435 int h, bpp;
436 uint32_t src_offset, dst_offset, stride;
437 pixman_format_code_t format;
438 struct virtio_gpu_transfer_to_host_2d t2d;
439 void *img_data;
440
441 VIRTIO_GPU_FILL_CMD(t2d);
442 virtio_gpu_t2d_bswap(&t2d);
443 trace_virtio_gpu_cmd_res_xfer_toh_2d(t2d.resource_id);
444
445 res = virtio_gpu_find_check_resource(g, t2d.resource_id, true,
446 __func__, &cmd->error);
447 if (!res || res->blob) {
448 return;
449 }
450
451 if (t2d.r.x > res->width ||
452 t2d.r.y > res->height ||
453 t2d.r.width > res->width ||
454 t2d.r.height > res->height ||
455 t2d.r.x + t2d.r.width > res->width ||
456 t2d.r.y + t2d.r.height > res->height) {
457 qemu_log_mask(LOG_GUEST_ERROR, "%s: transfer bounds outside resource"
458 " bounds for resource %d: %d %d %d %d vs %d %d\n",
459 __func__, t2d.resource_id, t2d.r.x, t2d.r.y,
460 t2d.r.width, t2d.r.height, res->width, res->height);
461 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_PARAMETER;
462 return;
463 }
464
465 format = pixman_image_get_format(res->image);
466 bpp = DIV_ROUND_UP(PIXMAN_FORMAT_BPP(format), 8);
467 stride = pixman_image_get_stride(res->image);
468 img_data = pixman_image_get_data(res->image);
469
470 if (t2d.r.x || t2d.r.width != pixman_image_get_width(res->image)) {
471 for (h = 0; h < t2d.r.height; h++) {
472 src_offset = t2d.offset + stride * h;
473 dst_offset = (t2d.r.y + h) * stride + (t2d.r.x * bpp);
474
475 iov_to_buf(res->iov, res->iov_cnt, src_offset,
476 (uint8_t *)img_data + dst_offset,
477 t2d.r.width * bpp);
478 }
479 } else {
480 src_offset = t2d.offset;
481 dst_offset = t2d.r.y * stride + t2d.r.x * bpp;
482 iov_to_buf(res->iov, res->iov_cnt, src_offset,
483 (uint8_t *)img_data + dst_offset,
484 stride * t2d.r.height);
485 }
486 }
487
488 static void virtio_gpu_resource_flush(VirtIOGPU *g,
489 struct virtio_gpu_ctrl_command *cmd)
490 {
491 struct virtio_gpu_simple_resource *res;
492 struct virtio_gpu_resource_flush rf;
493 struct virtio_gpu_scanout *scanout;
494 QemuRect flush_rect;
495 bool within_bounds = false;
496 bool update_submitted = false;
497 int i;
498
499 VIRTIO_GPU_FILL_CMD(rf);
500 virtio_gpu_bswap_32(&rf, sizeof(rf));
501 trace_virtio_gpu_cmd_res_flush(rf.resource_id,
502 rf.r.width, rf.r.height, rf.r.x, rf.r.y);
503
504 res = virtio_gpu_find_check_resource(g, rf.resource_id, false,
505 __func__, &cmd->error);
506 if (!res) {
507 return;
508 }
509
510 if (res->blob) {
511 for (i = 0; i < g->parent_obj.conf.max_outputs; i++) {
512 scanout = &g->parent_obj.scanout[i];
513 if (scanout->resource_id == res->resource_id &&
514 rf.r.x < scanout->x + scanout->width &&
515 rf.r.x + rf.r.width >= scanout->x &&
516 rf.r.y < scanout->y + scanout->height &&
517 rf.r.y + rf.r.height >= scanout->y) {
518 within_bounds = true;
519
520 if (console_has_gl(scanout->con)) {
521 dpy_gl_update(scanout->con, 0, 0, scanout->width,
522 scanout->height);
523 update_submitted = true;
524 }
525 }
526 }
527
528 if (update_submitted) {
529 return;
530 }
531 if (!within_bounds) {
532 qemu_log_mask(LOG_GUEST_ERROR, "%s: flush bounds outside scanouts"
533 " bounds for flush %d: %d %d %d %d\n",
534 __func__, rf.resource_id, rf.r.x, rf.r.y,
535 rf.r.width, rf.r.height);
536 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_PARAMETER;
537 return;
538 }
539 }
540
541 if (!res->blob &&
542 (rf.r.x > res->width ||
543 rf.r.y > res->height ||
544 rf.r.width > res->width ||
545 rf.r.height > res->height ||
546 rf.r.x + rf.r.width > res->width ||
547 rf.r.y + rf.r.height > res->height)) {
548 qemu_log_mask(LOG_GUEST_ERROR, "%s: flush bounds outside resource"
549 " bounds for resource %d: %d %d %d %d vs %d %d\n",
550 __func__, rf.resource_id, rf.r.x, rf.r.y,
551 rf.r.width, rf.r.height, res->width, res->height);
552 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_PARAMETER;
553 return;
554 }
555
556 qemu_rect_init(&flush_rect, rf.r.x, rf.r.y, rf.r.width, rf.r.height);
557 for (i = 0; i < g->parent_obj.conf.max_outputs; i++) {
558 QemuRect rect;
559
560 if (!(res->scanout_bitmask & (1 << i))) {
561 continue;
562 }
563 scanout = &g->parent_obj.scanout[i];
564
565 qemu_rect_init(&rect, scanout->x, scanout->y,
566 scanout->width, scanout->height);
567
568 /* work out the area we need to update for each console */
569 if (qemu_rect_intersect(&flush_rect, &rect, &rect)) {
570 qemu_rect_translate(&rect, -scanout->x, -scanout->y);
571 dpy_gfx_update(g->parent_obj.scanout[i].con,
572 rect.x, rect.y, rect.width, rect.height);
573 }
574 }
575 }
576
577 static void virtio_unref_resource(pixman_image_t *image, void *data)
578 {
579 pixman_image_unref(data);
580 }
581
582 static void virtio_gpu_update_scanout(VirtIOGPU *g,
583 uint32_t scanout_id,
584 struct virtio_gpu_simple_resource *res,
585 struct virtio_gpu_framebuffer *fb,
586 struct virtio_gpu_rect *r)
587 {
588 struct virtio_gpu_simple_resource *ores;
589 struct virtio_gpu_scanout *scanout;
590
591 scanout = &g->parent_obj.scanout[scanout_id];
592 ores = virtio_gpu_find_resource(g, scanout->resource_id);
593 if (ores) {
594 ores->scanout_bitmask &= ~(1 << scanout_id);
595 }
596
597 res->scanout_bitmask |= (1 << scanout_id);
598 scanout->resource_id = res->resource_id;
599 scanout->x = r->x;
600 scanout->y = r->y;
601 scanout->width = r->width;
602 scanout->height = r->height;
603 scanout->fb = *fb;
604 }
605
606 static bool virtio_gpu_do_set_scanout(VirtIOGPU *g,
607 uint32_t scanout_id,
608 struct virtio_gpu_framebuffer *fb,
609 struct virtio_gpu_simple_resource *res,
610 struct virtio_gpu_rect *r,
611 uint32_t *error)
612 {
613 struct virtio_gpu_scanout *scanout;
614 uint8_t *data;
615
616 scanout = &g->parent_obj.scanout[scanout_id];
617
618 if (r->x > fb->width ||
619 r->y > fb->height ||
620 r->width < 16 ||
621 r->height < 16 ||
622 r->width > fb->width ||
623 r->height > fb->height ||
624 r->x + r->width > fb->width ||
625 r->y + r->height > fb->height) {
626 qemu_log_mask(LOG_GUEST_ERROR, "%s: illegal scanout %d bounds for"
627 " resource %d, rect (%d,%d)+%d,%d, fb %d %d\n",
628 __func__, scanout_id, res->resource_id,
629 r->x, r->y, r->width, r->height,
630 fb->width, fb->height);
631 *error = VIRTIO_GPU_RESP_ERR_INVALID_PARAMETER;
632 return false;
633 }
634
635 g->parent_obj.enable = 1;
636
637 if (res->blob) {
638 if (console_has_gl(scanout->con)) {
639 if (!virtio_gpu_update_dmabuf(g, scanout_id, res, fb, r)) {
640 virtio_gpu_update_scanout(g, scanout_id, res, fb, r);
641 } else {
642 *error = VIRTIO_GPU_RESP_ERR_OUT_OF_MEMORY;
643 return false;
644 }
645 return true;
646 }
647
648 data = res->blob;
649 } else {
650 data = (uint8_t *)pixman_image_get_data(res->image);
651 }
652
653 /* create a surface for this scanout */
654 if ((res->blob && !console_has_gl(scanout->con)) ||
655 !scanout->ds ||
656 surface_data(scanout->ds) != data + fb->offset ||
657 scanout->width != r->width ||
658 scanout->height != r->height) {
659 pixman_image_t *rect;
660 void *ptr = data + fb->offset;
661 rect = pixman_image_create_bits(fb->format, r->width, r->height,
662 ptr, fb->stride);
663
664 if (res->image) {
665 pixman_image_ref(res->image);
666 pixman_image_set_destroy_function(rect, virtio_unref_resource,
667 res->image);
668 }
669
670 /* realloc the surface ptr */
671 scanout->ds = qemu_create_displaysurface_pixman(rect);
672 qemu_displaysurface_set_share_handle(scanout->ds, res->share_handle, fb->offset);
673
674 pixman_image_unref(rect);
675 dpy_gfx_replace_surface(g->parent_obj.scanout[scanout_id].con,
676 scanout->ds);
677 }
678
679 virtio_gpu_update_scanout(g, scanout_id, res, fb, r);
680 return true;
681 }
682
683 static void virtio_gpu_set_scanout(VirtIOGPU *g,
684 struct virtio_gpu_ctrl_command *cmd)
685 {
686 struct virtio_gpu_simple_resource *res;
687 struct virtio_gpu_framebuffer fb = { 0 };
688 struct virtio_gpu_set_scanout ss;
689
690 VIRTIO_GPU_FILL_CMD(ss);
691 virtio_gpu_bswap_32(&ss, sizeof(ss));
692 trace_virtio_gpu_cmd_set_scanout(ss.scanout_id, ss.resource_id,
693 ss.r.width, ss.r.height, ss.r.x, ss.r.y);
694
695 if (ss.scanout_id >= g->parent_obj.conf.max_outputs) {
696 qemu_log_mask(LOG_GUEST_ERROR, "%s: illegal scanout id specified %d",
697 __func__, ss.scanout_id);
698 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_SCANOUT_ID;
699 return;
700 }
701
702 if (ss.resource_id == 0) {
703 virtio_gpu_disable_scanout(g, ss.scanout_id);
704 return;
705 }
706
707 res = virtio_gpu_find_check_resource(g, ss.resource_id, true,
708 __func__, &cmd->error);
709 if (!res) {
710 return;
711 }
712
713 fb.format = pixman_image_get_format(res->image);
714 fb.bytes_pp = DIV_ROUND_UP(PIXMAN_FORMAT_BPP(fb.format), 8);
715 fb.width = pixman_image_get_width(res->image);
716 fb.height = pixman_image_get_height(res->image);
717 fb.stride = pixman_image_get_stride(res->image);
718 fb.offset = ss.r.x * fb.bytes_pp + ss.r.y * fb.stride;
719
720 virtio_gpu_do_set_scanout(g, ss.scanout_id,
721 &fb, res, &ss.r, &cmd->error);
722 }
723
724 static void virtio_gpu_set_scanout_blob(VirtIOGPU *g,
725 struct virtio_gpu_ctrl_command *cmd)
726 {
727 struct virtio_gpu_simple_resource *res;
728 struct virtio_gpu_framebuffer fb = { 0 };
729 struct virtio_gpu_set_scanout_blob ss;
730 uint64_t fbend;
731
732 VIRTIO_GPU_FILL_CMD(ss);
733 virtio_gpu_scanout_blob_bswap(&ss);
734 trace_virtio_gpu_cmd_set_scanout_blob(ss.scanout_id, ss.resource_id,
735 ss.r.width, ss.r.height, ss.r.x,
736 ss.r.y);
737
738 if (ss.scanout_id >= g->parent_obj.conf.max_outputs) {
739 qemu_log_mask(LOG_GUEST_ERROR, "%s: illegal scanout id specified %d",
740 __func__, ss.scanout_id);
741 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_SCANOUT_ID;
742 return;
743 }
744
745 if (ss.resource_id == 0) {
746 virtio_gpu_disable_scanout(g, ss.scanout_id);
747 return;
748 }
749
750 res = virtio_gpu_find_check_resource(g, ss.resource_id, true,
751 __func__, &cmd->error);
752 if (!res) {
753 return;
754 }
755
756 fb.format = virtio_gpu_get_pixman_format(ss.format);
757 if (!fb.format) {
758 qemu_log_mask(LOG_GUEST_ERROR,
759 "%s: host couldn't handle guest format %d\n",
760 __func__, ss.format);
761 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_PARAMETER;
762 return;
763 }
764
765 fb.bytes_pp = DIV_ROUND_UP(PIXMAN_FORMAT_BPP(fb.format), 8);
766 fb.width = ss.width;
767 fb.height = ss.height;
768 fb.stride = ss.strides[0];
769 fb.offset = ss.offsets[0] + ss.r.x * fb.bytes_pp + ss.r.y * fb.stride;
770
771 fbend = fb.offset;
772 fbend += fb.stride * (ss.r.height - 1);
773 fbend += fb.bytes_pp * ss.r.width;
774 if (fbend > res->blob_size) {
775 qemu_log_mask(LOG_GUEST_ERROR,
776 "%s: fb end out of range\n",
777 __func__);
778 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_PARAMETER;
779 return;
780 }
781
782 virtio_gpu_do_set_scanout(g, ss.scanout_id,
783 &fb, res, &ss.r, &cmd->error);
784 }
785
786 int virtio_gpu_create_mapping_iov(VirtIOGPU *g,
787 uint32_t nr_entries, uint32_t offset,
788 struct virtio_gpu_ctrl_command *cmd,
789 uint64_t **addr, struct iovec **iov,
790 uint32_t *niov)
791 {
792 struct virtio_gpu_mem_entry *ents;
793 size_t esize, s;
794 int e, v;
795
796 if (nr_entries > 16384) {
797 qemu_log_mask(LOG_GUEST_ERROR,
798 "%s: nr_entries is too big (%d > 16384)\n",
799 __func__, nr_entries);
800 return -1;
801 }
802
803 esize = sizeof(*ents) * nr_entries;
804 ents = g_malloc(esize);
805 s = iov_to_buf(cmd->elem.out_sg, cmd->elem.out_num,
806 offset, ents, esize);
807 if (s != esize) {
808 qemu_log_mask(LOG_GUEST_ERROR,
809 "%s: command data size incorrect %zu vs %zu\n",
810 __func__, s, esize);
811 g_free(ents);
812 return -1;
813 }
814
815 *iov = NULL;
816 if (addr) {
817 *addr = NULL;
818 }
819 for (e = 0, v = 0; e < nr_entries; e++) {
820 uint64_t a = le64_to_cpu(ents[e].addr);
821 uint32_t l = le32_to_cpu(ents[e].length);
822 hwaddr len;
823 void *map;
824
825 do {
826 len = l;
827 map = dma_memory_map(VIRTIO_DEVICE(g)->dma_as, a, &len,
828 DMA_DIRECTION_TO_DEVICE,
829 MEMTXATTRS_UNSPECIFIED);
830 if (!map) {
831 qemu_log_mask(LOG_GUEST_ERROR, "%s: failed to map MMIO memory for"
832 " element %d\n", __func__, e);
833 virtio_gpu_cleanup_mapping_iov(g, *iov, v);
834 g_free(ents);
835 *iov = NULL;
836 if (addr) {
837 g_free(*addr);
838 *addr = NULL;
839 }
840 return -1;
841 }
842
843 if (!(v % 16)) {
844 *iov = g_renew(struct iovec, *iov, v + 16);
845 if (addr) {
846 *addr = g_renew(uint64_t, *addr, v + 16);
847 }
848 }
849 (*iov)[v].iov_base = map;
850 (*iov)[v].iov_len = len;
851 if (addr) {
852 (*addr)[v] = a;
853 }
854
855 a += len;
856 l -= len;
857 v += 1;
858 } while (l > 0);
859 }
860 *niov = v;
861
862 g_free(ents);
863 return 0;
864 }
865
866 void virtio_gpu_cleanup_mapping_iov(VirtIOGPU *g,
867 struct iovec *iov, uint32_t count)
868 {
869 int i;
870
871 for (i = 0; i < count; i++) {
872 dma_memory_unmap(VIRTIO_DEVICE(g)->dma_as,
873 iov[i].iov_base, iov[i].iov_len,
874 DMA_DIRECTION_TO_DEVICE,
875 iov[i].iov_len);
876 }
877 g_free(iov);
878 }
879
880 void virtio_gpu_cleanup_mapping(VirtIOGPU *g,
881 struct virtio_gpu_simple_resource *res)
882 {
883 virtio_gpu_cleanup_mapping_iov(g, res->iov, res->iov_cnt);
884 res->iov = NULL;
885 res->iov_cnt = 0;
886 g_free(res->addrs);
887 res->addrs = NULL;
888
889 if (res->blob) {
890 virtio_gpu_fini_udmabuf(res);
891 }
892 }
893
894 static void
895 virtio_gpu_resource_attach_backing(VirtIOGPU *g,
896 struct virtio_gpu_ctrl_command *cmd)
897 {
898 struct virtio_gpu_simple_resource *res;
899 struct virtio_gpu_resource_attach_backing ab;
900 int ret;
901
902 VIRTIO_GPU_FILL_CMD(ab);
903 virtio_gpu_bswap_32(&ab, sizeof(ab));
904 trace_virtio_gpu_cmd_res_back_attach(ab.resource_id);
905
906 res = virtio_gpu_find_resource(g, ab.resource_id);
907 if (!res) {
908 qemu_log_mask(LOG_GUEST_ERROR, "%s: illegal resource specified %d\n",
909 __func__, ab.resource_id);
910 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_RESOURCE_ID;
911 return;
912 }
913
914 if (res->iov) {
915 cmd->error = VIRTIO_GPU_RESP_ERR_UNSPEC;
916 return;
917 }
918
919 ret = virtio_gpu_create_mapping_iov(g, ab.nr_entries, sizeof(ab), cmd,
920 &res->addrs, &res->iov, &res->iov_cnt);
921 if (ret != 0) {
922 cmd->error = VIRTIO_GPU_RESP_ERR_UNSPEC;
923 return;
924 }
925 }
926
927 static void
928 virtio_gpu_resource_detach_backing(VirtIOGPU *g,
929 struct virtio_gpu_ctrl_command *cmd)
930 {
931 struct virtio_gpu_simple_resource *res;
932 struct virtio_gpu_resource_detach_backing detach;
933
934 VIRTIO_GPU_FILL_CMD(detach);
935 virtio_gpu_bswap_32(&detach, sizeof(detach));
936 trace_virtio_gpu_cmd_res_back_detach(detach.resource_id);
937
938 res = virtio_gpu_find_check_resource(g, detach.resource_id, true,
939 __func__, &cmd->error);
940 if (!res) {
941 return;
942 }
943 virtio_gpu_cleanup_mapping(g, res);
944 }
945
946 void virtio_gpu_simple_process_cmd(VirtIOGPU *g,
947 struct virtio_gpu_ctrl_command *cmd)
948 {
949 VIRTIO_GPU_FILL_CMD(cmd->cmd_hdr);
950 virtio_gpu_ctrl_hdr_bswap(&cmd->cmd_hdr);
951
952 switch (cmd->cmd_hdr.type) {
953 case VIRTIO_GPU_CMD_GET_DISPLAY_INFO:
954 virtio_gpu_get_display_info(g, cmd);
955 break;
956 case VIRTIO_GPU_CMD_GET_EDID:
957 virtio_gpu_get_edid(g, cmd);
958 break;
959 case VIRTIO_GPU_CMD_RESOURCE_CREATE_2D:
960 virtio_gpu_resource_create_2d(g, cmd);
961 break;
962 case VIRTIO_GPU_CMD_RESOURCE_CREATE_BLOB:
963 if (!virtio_gpu_blob_enabled(g->parent_obj.conf)) {
964 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_PARAMETER;
965 break;
966 }
967 virtio_gpu_resource_create_blob(g, cmd);
968 break;
969 case VIRTIO_GPU_CMD_RESOURCE_UNREF:
970 virtio_gpu_resource_unref(g, cmd);
971 break;
972 case VIRTIO_GPU_CMD_RESOURCE_FLUSH:
973 virtio_gpu_resource_flush(g, cmd);
974 break;
975 case VIRTIO_GPU_CMD_TRANSFER_TO_HOST_2D:
976 virtio_gpu_transfer_to_host_2d(g, cmd);
977 break;
978 case VIRTIO_GPU_CMD_SET_SCANOUT:
979 virtio_gpu_set_scanout(g, cmd);
980 break;
981 case VIRTIO_GPU_CMD_SET_SCANOUT_BLOB:
982 if (!virtio_gpu_blob_enabled(g->parent_obj.conf)) {
983 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_PARAMETER;
984 break;
985 }
986 virtio_gpu_set_scanout_blob(g, cmd);
987 break;
988 case VIRTIO_GPU_CMD_RESOURCE_ATTACH_BACKING:
989 virtio_gpu_resource_attach_backing(g, cmd);
990 break;
991 case VIRTIO_GPU_CMD_RESOURCE_DETACH_BACKING:
992 virtio_gpu_resource_detach_backing(g, cmd);
993 break;
994 default:
995 cmd->error = VIRTIO_GPU_RESP_ERR_UNSPEC;
996 break;
997 }
998 if (!cmd->finished) {
999 if (!g->parent_obj.renderer_blocked) {
1000 virtio_gpu_ctrl_response_nodata(g, cmd, cmd->error ? cmd->error :
1001 VIRTIO_GPU_RESP_OK_NODATA);
1002 }
1003 }
1004 }
1005
1006 static void virtio_gpu_handle_ctrl_cb(VirtIODevice *vdev, VirtQueue *vq)
1007 {
1008 VirtIOGPU *g = VIRTIO_GPU(vdev);
1009 qemu_bh_schedule(g->ctrl_bh);
1010 }
1011
1012 static void virtio_gpu_handle_cursor_cb(VirtIODevice *vdev, VirtQueue *vq)
1013 {
1014 VirtIOGPU *g = VIRTIO_GPU(vdev);
1015 qemu_bh_schedule(g->cursor_bh);
1016 }
1017
1018 void virtio_gpu_process_cmdq(VirtIOGPU *g)
1019 {
1020 struct virtio_gpu_ctrl_command *cmd;
1021 VirtIOGPUClass *vgc = VIRTIO_GPU_GET_CLASS(g);
1022
1023 if (g->processing_cmdq) {
1024 return;
1025 }
1026 g->processing_cmdq = true;
1027 while (!QTAILQ_EMPTY(&g->cmdq)) {
1028 cmd = QTAILQ_FIRST(&g->cmdq);
1029
1030 if (g->parent_obj.renderer_blocked) {
1031 break;
1032 }
1033
1034 /* process command */
1035 vgc->process_cmd(g, cmd);
1036
1037 QTAILQ_REMOVE(&g->cmdq, cmd, next);
1038 if (virtio_gpu_stats_enabled(g->parent_obj.conf)) {
1039 g->stats.requests++;
1040 }
1041
1042 if (!cmd->finished) {
1043 QTAILQ_INSERT_TAIL(&g->fenceq, cmd, next);
1044 g->inflight++;
1045 if (virtio_gpu_stats_enabled(g->parent_obj.conf)) {
1046 if (g->stats.max_inflight < g->inflight) {
1047 g->stats.max_inflight = g->inflight;
1048 }
1049 fprintf(stderr, "inflight: %3d (+)\r", g->inflight);
1050 }
1051 } else {
1052 g_free(cmd);
1053 }
1054 }
1055 g->processing_cmdq = false;
1056 }
1057
1058 static void virtio_gpu_process_fenceq(VirtIOGPU *g)
1059 {
1060 struct virtio_gpu_ctrl_command *cmd, *tmp;
1061
1062 QTAILQ_FOREACH_SAFE(cmd, &g->fenceq, next, tmp) {
1063 trace_virtio_gpu_fence_resp(cmd->cmd_hdr.fence_id);
1064 virtio_gpu_ctrl_response_nodata(g, cmd, VIRTIO_GPU_RESP_OK_NODATA);
1065 QTAILQ_REMOVE(&g->fenceq, cmd, next);
1066 g_free(cmd);
1067 g->inflight--;
1068 if (virtio_gpu_stats_enabled(g->parent_obj.conf)) {
1069 fprintf(stderr, "inflight: %3d (-)\r", g->inflight);
1070 }
1071 }
1072 }
1073
1074 static void virtio_gpu_handle_gl_flushed(VirtIOGPUBase *b)
1075 {
1076 VirtIOGPU *g = container_of(b, VirtIOGPU, parent_obj);
1077
1078 virtio_gpu_process_fenceq(g);
1079 virtio_gpu_process_cmdq(g);
1080 }
1081
1082 static void virtio_gpu_handle_ctrl(VirtIODevice *vdev, VirtQueue *vq)
1083 {
1084 VirtIOGPU *g = VIRTIO_GPU(vdev);
1085 struct virtio_gpu_ctrl_command *cmd;
1086
1087 if (!virtio_queue_ready(vq)) {
1088 return;
1089 }
1090
1091 cmd = virtqueue_pop(vq, sizeof(struct virtio_gpu_ctrl_command));
1092 while (cmd) {
1093 cmd->vq = vq;
1094 cmd->error = 0;
1095 cmd->finished = false;
1096 QTAILQ_INSERT_TAIL(&g->cmdq, cmd, next);
1097 cmd = virtqueue_pop(vq, sizeof(struct virtio_gpu_ctrl_command));
1098 }
1099
1100 virtio_gpu_process_cmdq(g);
1101 }
1102
1103 static void virtio_gpu_ctrl_bh(void *opaque)
1104 {
1105 VirtIOGPU *g = opaque;
1106 VirtIOGPUClass *vgc = VIRTIO_GPU_GET_CLASS(g);
1107
1108 vgc->handle_ctrl(VIRTIO_DEVICE(g), g->ctrl_vq);
1109 }
1110
1111 static void virtio_gpu_handle_cursor(VirtIODevice *vdev, VirtQueue *vq)
1112 {
1113 VirtIOGPU *g = VIRTIO_GPU(vdev);
1114 VirtQueueElement *elem;
1115 size_t s;
1116 struct virtio_gpu_update_cursor cursor_info;
1117
1118 if (!virtio_queue_ready(vq)) {
1119 return;
1120 }
1121 for (;;) {
1122 elem = virtqueue_pop(vq, sizeof(VirtQueueElement));
1123 if (!elem) {
1124 break;
1125 }
1126
1127 s = iov_to_buf(elem->out_sg, elem->out_num, 0,
1128 &cursor_info, sizeof(cursor_info));
1129 if (s != sizeof(cursor_info)) {
1130 qemu_log_mask(LOG_GUEST_ERROR,
1131 "%s: cursor size incorrect %zu vs %zu\n",
1132 __func__, s, sizeof(cursor_info));
1133 } else {
1134 virtio_gpu_bswap_32(&cursor_info, sizeof(cursor_info));
1135 update_cursor(g, &cursor_info);
1136 }
1137 virtqueue_push(vq, elem, 0);
1138 virtio_notify(vdev, vq);
1139 g_free(elem);
1140 }
1141 }
1142
1143 static void virtio_gpu_cursor_bh(void *opaque)
1144 {
1145 VirtIOGPU *g = opaque;
1146 virtio_gpu_handle_cursor(&g->parent_obj.parent_obj, g->cursor_vq);
1147 }
1148
1149 static bool scanout_vmstate_after_v2(void *opaque, int version)
1150 {
1151 struct VirtIOGPUBase *base = container_of(opaque, VirtIOGPUBase, scanout);
1152 struct VirtIOGPU *gpu = container_of(base, VirtIOGPU, parent_obj);
1153
1154 return gpu->scanout_vmstate_version >= 2;
1155 }
1156
1157 static const VMStateDescription vmstate_virtio_gpu_scanout = {
1158 .name = "virtio-gpu-one-scanout",
1159 .version_id = 1,
1160 .fields = (const VMStateField[]) {
1161 VMSTATE_UINT32(resource_id, struct virtio_gpu_scanout),
1162 VMSTATE_UINT32(width, struct virtio_gpu_scanout),
1163 VMSTATE_UINT32(height, struct virtio_gpu_scanout),
1164 VMSTATE_INT32(x, struct virtio_gpu_scanout),
1165 VMSTATE_INT32(y, struct virtio_gpu_scanout),
1166 VMSTATE_UINT32(cursor.resource_id, struct virtio_gpu_scanout),
1167 VMSTATE_UINT32(cursor.hot_x, struct virtio_gpu_scanout),
1168 VMSTATE_UINT32(cursor.hot_y, struct virtio_gpu_scanout),
1169 VMSTATE_UINT32(cursor.pos.x, struct virtio_gpu_scanout),
1170 VMSTATE_UINT32(cursor.pos.y, struct virtio_gpu_scanout),
1171 VMSTATE_UINT32_TEST(fb.format, struct virtio_gpu_scanout,
1172 scanout_vmstate_after_v2),
1173 VMSTATE_UINT32_TEST(fb.bytes_pp, struct virtio_gpu_scanout,
1174 scanout_vmstate_after_v2),
1175 VMSTATE_UINT32_TEST(fb.width, struct virtio_gpu_scanout,
1176 scanout_vmstate_after_v2),
1177 VMSTATE_UINT32_TEST(fb.height, struct virtio_gpu_scanout,
1178 scanout_vmstate_after_v2),
1179 VMSTATE_UINT32_TEST(fb.stride, struct virtio_gpu_scanout,
1180 scanout_vmstate_after_v2),
1181 VMSTATE_UINT32_TEST(fb.offset, struct virtio_gpu_scanout,
1182 scanout_vmstate_after_v2),
1183 VMSTATE_END_OF_LIST()
1184 },
1185 };
1186
1187 static const VMStateDescription vmstate_virtio_gpu_scanouts = {
1188 .name = "virtio-gpu-scanouts",
1189 .version_id = 1,
1190 .fields = (const VMStateField[]) {
1191 VMSTATE_INT32(parent_obj.enable, struct VirtIOGPU),
1192 VMSTATE_UINT32_EQUAL(parent_obj.conf.max_outputs,
1193 struct VirtIOGPU, NULL),
1194 VMSTATE_STRUCT_VARRAY_UINT32(parent_obj.scanout, struct VirtIOGPU,
1195 parent_obj.conf.max_outputs, 1,
1196 vmstate_virtio_gpu_scanout,
1197 struct virtio_gpu_scanout),
1198 VMSTATE_END_OF_LIST()
1199 },
1200 };
1201
1202 static int virtio_gpu_save(QEMUFile *f, void *opaque, size_t size,
1203 const VMStateField *field, JSONWriter *vmdesc)
1204 {
1205 VirtIOGPU *g = opaque;
1206 struct virtio_gpu_simple_resource *res;
1207 int i;
1208
1209 /* in 2d mode we should never find unprocessed commands here */
1210 assert(QTAILQ_EMPTY(&g->cmdq));
1211
1212 QTAILQ_FOREACH(res, &g->reslist, next) {
1213 if (res->blob_size) {
1214 continue;
1215 }
1216 qemu_put_be32(f, res->resource_id);
1217 qemu_put_be32(f, res->width);
1218 qemu_put_be32(f, res->height);
1219 qemu_put_be32(f, res->format);
1220 qemu_put_be32(f, res->iov_cnt);
1221 for (i = 0; i < res->iov_cnt; i++) {
1222 qemu_put_be64(f, res->addrs[i]);
1223 qemu_put_be32(f, res->iov[i].iov_len);
1224 }
1225 qemu_put_buffer(f, (void *)pixman_image_get_data(res->image),
1226 pixman_image_get_stride(res->image) * res->height);
1227 }
1228 qemu_put_be32(f, 0); /* end of list */
1229
1230 return vmstate_save_state(f, &vmstate_virtio_gpu_scanouts, g, NULL);
1231 }
1232
1233 static bool virtio_gpu_load_restore_mapping(VirtIOGPU *g,
1234 struct virtio_gpu_simple_resource *res)
1235 {
1236 int i;
1237
1238 for (i = 0; i < res->iov_cnt; i++) {
1239 hwaddr len = res->iov[i].iov_len;
1240 res->iov[i].iov_base =
1241 dma_memory_map(VIRTIO_DEVICE(g)->dma_as, res->addrs[i], &len,
1242 DMA_DIRECTION_TO_DEVICE, MEMTXATTRS_UNSPECIFIED);
1243
1244 if (!res->iov[i].iov_base || len != res->iov[i].iov_len) {
1245 /* Clean up the half-a-mapping we just created... */
1246 if (res->iov[i].iov_base) {
1247 dma_memory_unmap(VIRTIO_DEVICE(g)->dma_as, res->iov[i].iov_base,
1248 len, DMA_DIRECTION_TO_DEVICE, 0);
1249 }
1250 /* ...and the mappings for previous loop iterations */
1251 res->iov_cnt = i;
1252 virtio_gpu_cleanup_mapping(g, res);
1253 return false;
1254 }
1255 }
1256
1257 QTAILQ_INSERT_HEAD(&g->reslist, res, next);
1258 g->hostmem += res->hostmem;
1259 return true;
1260 }
1261
1262 static int virtio_gpu_load(QEMUFile *f, void *opaque, size_t size,
1263 const VMStateField *field)
1264 {
1265 VirtIOGPU *g = opaque;
1266 struct virtio_gpu_simple_resource *res;
1267 uint32_t resource_id, pformat;
1268 int i;
1269
1270 g->hostmem = 0;
1271
1272 resource_id = qemu_get_be32(f);
1273 while (resource_id != 0) {
1274 res = virtio_gpu_find_resource(g, resource_id);
1275 if (res) {
1276 return -EINVAL;
1277 }
1278
1279 res = g_new0(struct virtio_gpu_simple_resource, 1);
1280 res->resource_id = resource_id;
1281 res->width = qemu_get_be32(f);
1282 res->height = qemu_get_be32(f);
1283 res->format = qemu_get_be32(f);
1284 res->iov_cnt = qemu_get_be32(f);
1285
1286 /* allocate */
1287 pformat = virtio_gpu_get_pixman_format(res->format);
1288 if (!pformat) {
1289 g_free(res);
1290 return -EINVAL;
1291 }
1292
1293 res->hostmem = calc_image_hostmem(pformat, res->width, res->height);
1294 if (!qemu_pixman_image_new_shareable(&res->image,
1295 &res->share_handle,
1296 "virtio-gpu res",
1297 pformat,
1298 res->width,
1299 res->height,
1300 res->height ? res->hostmem / res->height : 0,
1301 &error_warn)) {
1302 g_free(res);
1303 return -EINVAL;
1304 }
1305
1306 res->addrs = g_new(uint64_t, res->iov_cnt);
1307 res->iov = g_new(struct iovec, res->iov_cnt);
1308
1309 /* read data */
1310 for (i = 0; i < res->iov_cnt; i++) {
1311 res->addrs[i] = qemu_get_be64(f);
1312 res->iov[i].iov_len = qemu_get_be32(f);
1313 }
1314 qemu_get_buffer(f, (void *)pixman_image_get_data(res->image),
1315 pixman_image_get_stride(res->image) * res->height);
1316
1317 if (!virtio_gpu_load_restore_mapping(g, res)) {
1318 pixman_image_unref(res->image);
1319 g_free(res);
1320 return -EINVAL;
1321 }
1322
1323 resource_id = qemu_get_be32(f);
1324 }
1325
1326 /* load & apply scanout state */
1327 vmstate_load_state(f, &vmstate_virtio_gpu_scanouts, g, 1);
1328
1329 return 0;
1330 }
1331
1332 static int virtio_gpu_blob_save(QEMUFile *f, void *opaque, size_t size,
1333 const VMStateField *field, JSONWriter *vmdesc)
1334 {
1335 VirtIOGPU *g = opaque;
1336 struct virtio_gpu_simple_resource *res;
1337 int i;
1338
1339 /* in 2d mode we should never find unprocessed commands here */
1340 assert(QTAILQ_EMPTY(&g->cmdq));
1341
1342 QTAILQ_FOREACH(res, &g->reslist, next) {
1343 if (!res->blob_size) {
1344 continue;
1345 }
1346 assert(!res->image);
1347 qemu_put_be32(f, res->resource_id);
1348 qemu_put_be32(f, res->blob_size);
1349 qemu_put_be32(f, res->iov_cnt);
1350 for (i = 0; i < res->iov_cnt; i++) {
1351 qemu_put_be64(f, res->addrs[i]);
1352 qemu_put_be32(f, res->iov[i].iov_len);
1353 }
1354 }
1355 qemu_put_be32(f, 0); /* end of list */
1356
1357 return 0;
1358 }
1359
1360 static int virtio_gpu_blob_load(QEMUFile *f, void *opaque, size_t size,
1361 const VMStateField *field)
1362 {
1363 VirtIOGPU *g = opaque;
1364 struct virtio_gpu_simple_resource *res;
1365 uint32_t resource_id;
1366 int i;
1367
1368 resource_id = qemu_get_be32(f);
1369 while (resource_id != 0) {
1370 res = virtio_gpu_find_resource(g, resource_id);
1371 if (res) {
1372 return -EINVAL;
1373 }
1374
1375 res = g_new0(struct virtio_gpu_simple_resource, 1);
1376 res->resource_id = resource_id;
1377 res->blob_size = qemu_get_be32(f);
1378 res->iov_cnt = qemu_get_be32(f);
1379 res->addrs = g_new(uint64_t, res->iov_cnt);
1380 res->iov = g_new(struct iovec, res->iov_cnt);
1381
1382 /* read data */
1383 for (i = 0; i < res->iov_cnt; i++) {
1384 res->addrs[i] = qemu_get_be64(f);
1385 res->iov[i].iov_len = qemu_get_be32(f);
1386 }
1387
1388 if (!virtio_gpu_load_restore_mapping(g, res)) {
1389 g_free(res);
1390 return -EINVAL;
1391 }
1392
1393 virtio_gpu_init_udmabuf(res);
1394
1395 resource_id = qemu_get_be32(f);
1396 }
1397
1398 return 0;
1399 }
1400
1401 static int virtio_gpu_post_load(void *opaque, int version_id)
1402 {
1403 VirtIOGPU *g = opaque;
1404 struct virtio_gpu_scanout *scanout;
1405 struct virtio_gpu_simple_resource *res;
1406 int i;
1407
1408 for (i = 0; i < g->parent_obj.conf.max_outputs; i++) {
1409 scanout = &g->parent_obj.scanout[i];
1410 if (!scanout->resource_id) {
1411 continue;
1412 }
1413
1414 res = virtio_gpu_find_resource(g, scanout->resource_id);
1415 if (!res) {
1416 return -EINVAL;
1417 }
1418
1419 if (scanout->fb.format != 0) {
1420 uint32_t error = 0;
1421 struct virtio_gpu_rect r = {
1422 .x = scanout->x,
1423 .y = scanout->y,
1424 .width = scanout->width,
1425 .height = scanout->height
1426 };
1427
1428 if (!virtio_gpu_do_set_scanout(g, i, &scanout->fb, res, &r, &error)) {
1429 return -EINVAL;
1430 }
1431 } else {
1432 /* legacy v1 migration support */
1433 if (!res->image) {
1434 return -EINVAL;
1435 }
1436 scanout->ds = qemu_create_displaysurface_pixman(res->image);
1437 qemu_displaysurface_set_share_handle(scanout->ds, res->share_handle, 0);
1438 dpy_gfx_replace_surface(scanout->con, scanout->ds);
1439 }
1440
1441 dpy_gfx_update_full(scanout->con);
1442 if (scanout->cursor.resource_id) {
1443 update_cursor(g, &scanout->cursor);
1444 }
1445 res->scanout_bitmask |= (1 << i);
1446 }
1447
1448 return 0;
1449 }
1450
1451 void virtio_gpu_device_realize(DeviceState *qdev, Error **errp)
1452 {
1453 VirtIODevice *vdev = VIRTIO_DEVICE(qdev);
1454 VirtIOGPU *g = VIRTIO_GPU(qdev);
1455
1456 if (virtio_gpu_blob_enabled(g->parent_obj.conf)) {
1457 if (!virtio_gpu_rutabaga_enabled(g->parent_obj.conf) &&
1458 !virtio_gpu_have_udmabuf()) {
1459 error_setg(errp, "need rutabaga or udmabuf for blob resources");
1460 return;
1461 }
1462
1463 if (virtio_gpu_virgl_enabled(g->parent_obj.conf)) {
1464 error_setg(errp, "blobs and virgl are not compatible (yet)");
1465 return;
1466 }
1467 }
1468
1469 if (!virtio_gpu_base_device_realize(qdev,
1470 virtio_gpu_handle_ctrl_cb,
1471 virtio_gpu_handle_cursor_cb,
1472 errp)) {
1473 return;
1474 }
1475
1476 g->ctrl_vq = virtio_get_queue(vdev, 0);
1477 g->cursor_vq = virtio_get_queue(vdev, 1);
1478 g->ctrl_bh = virtio_bh_new_guarded(qdev, virtio_gpu_ctrl_bh, g);
1479 g->cursor_bh = virtio_bh_new_guarded(qdev, virtio_gpu_cursor_bh, g);
1480 g->reset_bh = qemu_bh_new(virtio_gpu_reset_bh, g);
1481 qemu_cond_init(&g->reset_cond);
1482 QTAILQ_INIT(&g->reslist);
1483 QTAILQ_INIT(&g->cmdq);
1484 QTAILQ_INIT(&g->fenceq);
1485 }
1486
1487 static void virtio_gpu_device_unrealize(DeviceState *qdev)
1488 {
1489 VirtIOGPU *g = VIRTIO_GPU(qdev);
1490
1491 g_clear_pointer(&g->ctrl_bh, qemu_bh_delete);
1492 g_clear_pointer(&g->cursor_bh, qemu_bh_delete);
1493 g_clear_pointer(&g->reset_bh, qemu_bh_delete);
1494 qemu_cond_destroy(&g->reset_cond);
1495 virtio_gpu_base_device_unrealize(qdev);
1496 }
1497
1498 static void virtio_gpu_reset_bh(void *opaque)
1499 {
1500 VirtIOGPU *g = VIRTIO_GPU(opaque);
1501 VirtIOGPUClass *vgc = VIRTIO_GPU_GET_CLASS(g);
1502 struct virtio_gpu_simple_resource *res, *tmp;
1503 uint32_t resource_id;
1504 Error *local_err = NULL;
1505 int i = 0;
1506
1507 QTAILQ_FOREACH_SAFE(res, &g->reslist, next, tmp) {
1508 resource_id = res->resource_id;
1509 vgc->resource_destroy(g, res, &local_err);
1510 if (local_err) {
1511 error_append_hint(&local_err, "%s: %s resource_destroy"
1512 "for resource_id = %"PRIu32" failed.\n",
1513 __func__, object_get_typename(OBJECT(g)),
1514 resource_id);
1515 /* error_report_err frees the error object for us */
1516 error_report_err(local_err);
1517 local_err = NULL;
1518 }
1519 }
1520
1521 for (i = 0; i < g->parent_obj.conf.max_outputs; i++) {
1522 dpy_gfx_replace_surface(g->parent_obj.scanout[i].con, NULL);
1523 }
1524
1525 g->reset_finished = true;
1526 qemu_cond_signal(&g->reset_cond);
1527 }
1528
1529 void virtio_gpu_reset(VirtIODevice *vdev)
1530 {
1531 VirtIOGPU *g = VIRTIO_GPU(vdev);
1532 struct virtio_gpu_ctrl_command *cmd;
1533
1534 if (qemu_in_vcpu_thread()) {
1535 g->reset_finished = false;
1536 qemu_bh_schedule(g->reset_bh);
1537 while (!g->reset_finished) {
1538 qemu_cond_wait_bql(&g->reset_cond);
1539 }
1540 } else {
1541 aio_bh_call(g->reset_bh);
1542 }
1543
1544 while (!QTAILQ_EMPTY(&g->cmdq)) {
1545 cmd = QTAILQ_FIRST(&g->cmdq);
1546 QTAILQ_REMOVE(&g->cmdq, cmd, next);
1547 g_free(cmd);
1548 }
1549
1550 while (!QTAILQ_EMPTY(&g->fenceq)) {
1551 cmd = QTAILQ_FIRST(&g->fenceq);
1552 QTAILQ_REMOVE(&g->fenceq, cmd, next);
1553 g->inflight--;
1554 g_free(cmd);
1555 }
1556
1557 virtio_gpu_base_reset(VIRTIO_GPU_BASE(vdev));
1558 }
1559
1560 static void
1561 virtio_gpu_get_config(VirtIODevice *vdev, uint8_t *config)
1562 {
1563 VirtIOGPUBase *g = VIRTIO_GPU_BASE(vdev);
1564
1565 memcpy(config, &g->virtio_config, sizeof(g->virtio_config));
1566 }
1567
1568 static void
1569 virtio_gpu_set_config(VirtIODevice *vdev, const uint8_t *config)
1570 {
1571 VirtIOGPUBase *g = VIRTIO_GPU_BASE(vdev);
1572 const struct virtio_gpu_config *vgconfig =
1573 (const struct virtio_gpu_config *)config;
1574
1575 if (vgconfig->events_clear) {
1576 g->virtio_config.events_read &= ~vgconfig->events_clear;
1577 }
1578 }
1579
1580 static bool virtio_gpu_blob_state_needed(void *opaque)
1581 {
1582 VirtIOGPU *g = VIRTIO_GPU(opaque);
1583
1584 return virtio_gpu_blob_enabled(g->parent_obj.conf);
1585 }
1586
1587 const VMStateDescription vmstate_virtio_gpu_blob_state = {
1588 .name = "virtio-gpu/blob",
1589 .minimum_version_id = VIRTIO_GPU_VM_VERSION,
1590 .version_id = VIRTIO_GPU_VM_VERSION,
1591 .needed = virtio_gpu_blob_state_needed,
1592 .fields = (const VMStateField[]){
1593 {
1594 .name = "virtio-gpu/blob",
1595 .info = &(const VMStateInfo) {
1596 .name = "blob",
1597 .get = virtio_gpu_blob_load,
1598 .put = virtio_gpu_blob_save,
1599 },
1600 .flags = VMS_SINGLE,
1601 } /* device */,
1602 VMSTATE_END_OF_LIST()
1603 },
1604 };
1605
1606 /*
1607 * For historical reasons virtio_gpu does not adhere to virtio migration
1608 * scheme as described in doc/virtio-migration.txt, in a sense that no
1609 * save/load callback are provided to the core. Instead the device data
1610 * is saved/loaded after the core data.
1611 *
1612 * Because of this we need a special vmsd.
1613 */
1614 static const VMStateDescription vmstate_virtio_gpu = {
1615 .name = "virtio-gpu",
1616 .minimum_version_id = VIRTIO_GPU_VM_VERSION,
1617 .version_id = VIRTIO_GPU_VM_VERSION,
1618 .fields = (const VMStateField[]) {
1619 VMSTATE_VIRTIO_DEVICE /* core */,
1620 {
1621 .name = "virtio-gpu",
1622 .info = &(const VMStateInfo) {
1623 .name = "virtio-gpu",
1624 .get = virtio_gpu_load,
1625 .put = virtio_gpu_save,
1626 },
1627 .flags = VMS_SINGLE,
1628 } /* device */,
1629 VMSTATE_END_OF_LIST()
1630 },
1631 .subsections = (const VMStateDescription * const []) {
1632 &vmstate_virtio_gpu_blob_state,
1633 NULL
1634 },
1635 .post_load = virtio_gpu_post_load,
1636 };
1637
1638 static Property virtio_gpu_properties[] = {
1639 VIRTIO_GPU_BASE_PROPERTIES(VirtIOGPU, parent_obj.conf),
1640 DEFINE_PROP_SIZE("max_hostmem", VirtIOGPU, conf_max_hostmem,
1641 256 * MiB),
1642 DEFINE_PROP_BIT("blob", VirtIOGPU, parent_obj.conf.flags,
1643 VIRTIO_GPU_FLAG_BLOB_ENABLED, false),
1644 DEFINE_PROP_SIZE("hostmem", VirtIOGPU, parent_obj.conf.hostmem, 0),
1645 DEFINE_PROP_UINT8("x-scanout-vmstate-version", VirtIOGPU, scanout_vmstate_version, 2),
1646 DEFINE_PROP_END_OF_LIST(),
1647 };
1648
1649 static void virtio_gpu_class_init(ObjectClass *klass, void *data)
1650 {
1651 DeviceClass *dc = DEVICE_CLASS(klass);
1652 VirtioDeviceClass *vdc = VIRTIO_DEVICE_CLASS(klass);
1653 VirtIOGPUClass *vgc = VIRTIO_GPU_CLASS(klass);
1654 VirtIOGPUBaseClass *vgbc = &vgc->parent;
1655
1656 vgc->handle_ctrl = virtio_gpu_handle_ctrl;
1657 vgc->process_cmd = virtio_gpu_simple_process_cmd;
1658 vgc->update_cursor_data = virtio_gpu_update_cursor_data;
1659 vgc->resource_destroy = virtio_gpu_resource_destroy;
1660 vgbc->gl_flushed = virtio_gpu_handle_gl_flushed;
1661
1662 vdc->realize = virtio_gpu_device_realize;
1663 vdc->unrealize = virtio_gpu_device_unrealize;
1664 vdc->reset = virtio_gpu_reset;
1665 vdc->get_config = virtio_gpu_get_config;
1666 vdc->set_config = virtio_gpu_set_config;
1667
1668 dc->vmsd = &vmstate_virtio_gpu;
1669 device_class_set_props(dc, virtio_gpu_properties);
1670 }
1671
1672 static const TypeInfo virtio_gpu_info = {
1673 .name = TYPE_VIRTIO_GPU,
1674 .parent = TYPE_VIRTIO_GPU_BASE,
1675 .instance_size = sizeof(VirtIOGPU),
1676 .class_size = sizeof(VirtIOGPUClass),
1677 .class_init = virtio_gpu_class_init,
1678 };
1679 module_obj(TYPE_VIRTIO_GPU);
1680 module_kconfig(VIRTIO_GPU);
1681
1682 static void virtio_register_types(void)
1683 {
1684 type_register_static(&virtio_gpu_info);
1685 }
1686
1687 type_init(virtio_register_types)
armbru's QEMU hackery