search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Merge tag 'pull-riscv-to-apply-20240806-2' of https://github.com/alistair23/qemu...
[qemu/kevin.git] / hw / display / virtio-gpu.c
blob3281842bfe1b465b674b310710a5d3805da3e5b3
1 /*
2 * Virtio GPU Device
3 *
4 * Copyright Red Hat, Inc. 2013-2014
5 *
6 * Authors:
7 * Dave Airlie <airlied@redhat.com>
8 * Gerd Hoffmann <kraxel@redhat.com>
9 *
10 * This work is licensed under the terms of the GNU GPL, version 2 or later.
11 * See the COPYING file in the top-level directory.
12 */
13
14 #include "qemu/osdep.h"
15 #include "qemu/units.h"
16 #include "qemu/iov.h"
17 #include "sysemu/cpus.h"
18 #include "ui/console.h"
19 #include "ui/rect.h"
20 #include "trace.h"
21 #include "sysemu/dma.h"
22 #include "sysemu/sysemu.h"
23 #include "hw/virtio/virtio.h"
24 #include "migration/qemu-file-types.h"
25 #include "hw/virtio/virtio-gpu.h"
26 #include "hw/virtio/virtio-gpu-bswap.h"
27 #include "hw/virtio/virtio-gpu-pixman.h"
28 #include "hw/virtio/virtio-bus.h"
29 #include "hw/qdev-properties.h"
30 #include "qemu/log.h"
31 #include "qemu/module.h"
32 #include "qapi/error.h"
33 #include "qemu/error-report.h"
34
35 #define VIRTIO_GPU_VM_VERSION 1
36
37 static struct virtio_gpu_simple_resource *
38 virtio_gpu_find_check_resource(VirtIOGPU *g, uint32_t resource_id,
39 bool require_backing,
40 const char *caller, uint32_t *error);
41
42 static void virtio_gpu_reset_bh(void *opaque);
43
44 void virtio_gpu_update_cursor_data(VirtIOGPU *g,
45 struct virtio_gpu_scanout *s,
46 uint32_t resource_id)
47 {
48 struct virtio_gpu_simple_resource *res;
49 uint32_t pixels;
50 void *data;
51
52 res = virtio_gpu_find_check_resource(g, resource_id, false,
53 __func__, NULL);
54 if (!res) {
55 return;
56 }
57
58 if (res->blob_size) {
59 if (res->blob_size < (s->current_cursor->width *
60 s->current_cursor->height * 4)) {
61 return;
62 }
63 data = res->blob;
64 } else {
65 if (pixman_image_get_width(res->image) != s->current_cursor->width ||
66 pixman_image_get_height(res->image) != s->current_cursor->height) {
67 return;
68 }
69 data = pixman_image_get_data(res->image);
70 }
71
72 pixels = s->current_cursor->width * s->current_cursor->height;
73 memcpy(s->current_cursor->data, data,
74 pixels * sizeof(uint32_t));
75 }
76
77 static void update_cursor(VirtIOGPU *g, struct virtio_gpu_update_cursor *cursor)
78 {
79 struct virtio_gpu_scanout *s;
80 VirtIOGPUClass *vgc = VIRTIO_GPU_GET_CLASS(g);
81 bool move = cursor->hdr.type == VIRTIO_GPU_CMD_MOVE_CURSOR;
82
83 if (cursor->pos.scanout_id >= g->parent_obj.conf.max_outputs) {
84 return;
85 }
86 s = &g->parent_obj.scanout[cursor->pos.scanout_id];
87
88 trace_virtio_gpu_update_cursor(cursor->pos.scanout_id,
89 cursor->pos.x,
90 cursor->pos.y,
91 move ? "move" : "update",
92 cursor->resource_id);
93
94 if (!move) {
95 if (!s->current_cursor) {
96 s->current_cursor = cursor_alloc(64, 64);
97 }
98
99 s->current_cursor->hot_x = cursor->hot_x;
100 s->current_cursor->hot_y = cursor->hot_y;
101
102 if (cursor->resource_id > 0) {
103 vgc->update_cursor_data(g, s, cursor->resource_id);
104 }
105 dpy_cursor_define(s->con, s->current_cursor);
106
107 s->cursor = *cursor;
108 } else {
109 s->cursor.pos.x = cursor->pos.x;
110 s->cursor.pos.y = cursor->pos.y;
111 }
112 dpy_mouse_set(s->con, cursor->pos.x, cursor->pos.y, cursor->resource_id);
113 }
114
115 struct virtio_gpu_simple_resource *
116 virtio_gpu_find_resource(VirtIOGPU *g, uint32_t resource_id)
117 {
118 struct virtio_gpu_simple_resource *res;
119
120 QTAILQ_FOREACH(res, &g->reslist, next) {
121 if (res->resource_id == resource_id) {
122 return res;
123 }
124 }
125 return NULL;
126 }
127
128 static struct virtio_gpu_simple_resource *
129 virtio_gpu_find_check_resource(VirtIOGPU *g, uint32_t resource_id,
130 bool require_backing,
131 const char *caller, uint32_t *error)
132 {
133 struct virtio_gpu_simple_resource *res;
134
135 res = virtio_gpu_find_resource(g, resource_id);
136 if (!res) {
137 qemu_log_mask(LOG_GUEST_ERROR, "%s: invalid resource specified %d\n",
138 caller, resource_id);
139 if (error) {
140 *error = VIRTIO_GPU_RESP_ERR_INVALID_RESOURCE_ID;
141 }
142 return NULL;
143 }
144
145 if (require_backing) {
146 if (!res->iov || (!res->image && !res->blob)) {
147 qemu_log_mask(LOG_GUEST_ERROR, "%s: no backing storage %d\n",
148 caller, resource_id);
149 if (error) {
150 *error = VIRTIO_GPU_RESP_ERR_UNSPEC;
151 }
152 return NULL;
153 }
154 }
155
156 return res;
157 }
158
159 void virtio_gpu_ctrl_response(VirtIOGPU *g,
160 struct virtio_gpu_ctrl_command *cmd,
161 struct virtio_gpu_ctrl_hdr *resp,
162 size_t resp_len)
163 {
164 size_t s;
165
166 if (cmd->cmd_hdr.flags & VIRTIO_GPU_FLAG_FENCE) {
167 resp->flags |= VIRTIO_GPU_FLAG_FENCE;
168 resp->fence_id = cmd->cmd_hdr.fence_id;
169 resp->ctx_id = cmd->cmd_hdr.ctx_id;
170 }
171 virtio_gpu_ctrl_hdr_bswap(resp);
172 s = iov_from_buf(cmd->elem.in_sg, cmd->elem.in_num, 0, resp, resp_len);
173 if (s != resp_len) {
174 qemu_log_mask(LOG_GUEST_ERROR,
175 "%s: response size incorrect %zu vs %zu\n",
176 __func__, s, resp_len);
177 }
178 virtqueue_push(cmd->vq, &cmd->elem, s);
179 virtio_notify(VIRTIO_DEVICE(g), cmd->vq);
180 cmd->finished = true;
181 }
182
183 void virtio_gpu_ctrl_response_nodata(VirtIOGPU *g,
184 struct virtio_gpu_ctrl_command *cmd,
185 enum virtio_gpu_ctrl_type type)
186 {
187 struct virtio_gpu_ctrl_hdr resp;
188
189 memset(&resp, 0, sizeof(resp));
190 resp.type = type;
191 virtio_gpu_ctrl_response(g, cmd, &resp, sizeof(resp));
192 }
193
194 void virtio_gpu_get_display_info(VirtIOGPU *g,
195 struct virtio_gpu_ctrl_command *cmd)
196 {
197 struct virtio_gpu_resp_display_info display_info;
198
199 trace_virtio_gpu_cmd_get_display_info();
200 memset(&display_info, 0, sizeof(display_info));
201 display_info.hdr.type = VIRTIO_GPU_RESP_OK_DISPLAY_INFO;
202 virtio_gpu_base_fill_display_info(VIRTIO_GPU_BASE(g), &display_info);
203 virtio_gpu_ctrl_response(g, cmd, &display_info.hdr,
204 sizeof(display_info));
205 }
206
207 void virtio_gpu_get_edid(VirtIOGPU *g,
208 struct virtio_gpu_ctrl_command *cmd)
209 {
210 struct virtio_gpu_resp_edid edid;
211 struct virtio_gpu_cmd_get_edid get_edid;
212 VirtIOGPUBase *b = VIRTIO_GPU_BASE(g);
213
214 VIRTIO_GPU_FILL_CMD(get_edid);
215 virtio_gpu_bswap_32(&get_edid, sizeof(get_edid));
216
217 if (get_edid.scanout >= b->conf.max_outputs) {
218 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_PARAMETER;
219 return;
220 }
221
222 trace_virtio_gpu_cmd_get_edid(get_edid.scanout);
223 memset(&edid, 0, sizeof(edid));
224 edid.hdr.type = VIRTIO_GPU_RESP_OK_EDID;
225 virtio_gpu_base_generate_edid(VIRTIO_GPU_BASE(g), get_edid.scanout, &edid);
226 virtio_gpu_ctrl_response(g, cmd, &edid.hdr, sizeof(edid));
227 }
228
229 static uint32_t calc_image_hostmem(pixman_format_code_t pformat,
230 uint32_t width, uint32_t height)
231 {
232 /* Copied from pixman/pixman-bits-image.c, skip integer overflow check.
233 * pixman_image_create_bits will fail in case it overflow.
234 */
235
236 int bpp = PIXMAN_FORMAT_BPP(pformat);
237 int stride = ((width * bpp + 0x1f) >> 5) * sizeof(uint32_t);
238 return height * stride;
239 }
240
241 #ifdef WIN32
242 static void
243 win32_pixman_image_destroy(pixman_image_t *image, void *data)
244 {
245 HANDLE handle = data;
246
247 qemu_win32_map_free(pixman_image_get_data(image), handle, &error_warn);
248 }
249 #endif
250
251 static void virtio_gpu_resource_create_2d(VirtIOGPU *g,
252 struct virtio_gpu_ctrl_command *cmd)
253 {
254 pixman_format_code_t pformat;
255 struct virtio_gpu_simple_resource *res;
256 struct virtio_gpu_resource_create_2d c2d;
257
258 VIRTIO_GPU_FILL_CMD(c2d);
259 virtio_gpu_bswap_32(&c2d, sizeof(c2d));
260 trace_virtio_gpu_cmd_res_create_2d(c2d.resource_id, c2d.format,
261 c2d.width, c2d.height);
262
263 if (c2d.resource_id == 0) {
264 qemu_log_mask(LOG_GUEST_ERROR, "%s: resource id 0 is not allowed\n",
265 __func__);
266 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_RESOURCE_ID;
267 return;
268 }
269
270 res = virtio_gpu_find_resource(g, c2d.resource_id);
271 if (res) {
272 qemu_log_mask(LOG_GUEST_ERROR, "%s: resource already exists %d\n",
273 __func__, c2d.resource_id);
274 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_RESOURCE_ID;
275 return;
276 }
277
278 res = g_new0(struct virtio_gpu_simple_resource, 1);
279
280 res->width = c2d.width;
281 res->height = c2d.height;
282 res->format = c2d.format;
283 res->resource_id = c2d.resource_id;
284
285 pformat = virtio_gpu_get_pixman_format(c2d.format);
286 if (!pformat) {
287 qemu_log_mask(LOG_GUEST_ERROR,
288 "%s: host couldn't handle guest format %d\n",
289 __func__, c2d.format);
290 g_free(res);
291 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_PARAMETER;
292 return;
293 }
294
295 res->hostmem = calc_image_hostmem(pformat, c2d.width, c2d.height);
296 if (res->hostmem + g->hostmem < g->conf_max_hostmem) {
297 void *bits = NULL;
298 #ifdef WIN32
299 bits = qemu_win32_map_alloc(res->hostmem, &res->handle, &error_warn);
300 if (!bits) {
301 goto end;
302 }
303 #endif
304 res->image = pixman_image_create_bits(
305 pformat,
306 c2d.width,
307 c2d.height,
308 bits, c2d.height ? res->hostmem / c2d.height : 0);
309 #ifdef WIN32
310 if (res->image) {
311 pixman_image_set_destroy_function(res->image, win32_pixman_image_destroy, res->handle);
312 }
313 #endif
314 }
315
316 #ifdef WIN32
317 end:
318 #endif
319 if (!res->image) {
320 qemu_log_mask(LOG_GUEST_ERROR,
321 "%s: resource creation failed %d %d %d\n",
322 __func__, c2d.resource_id, c2d.width, c2d.height);
323 g_free(res);
324 cmd->error = VIRTIO_GPU_RESP_ERR_OUT_OF_MEMORY;
325 return;
326 }
327
328 QTAILQ_INSERT_HEAD(&g->reslist, res, next);
329 g->hostmem += res->hostmem;
330 }
331
332 static void virtio_gpu_resource_create_blob(VirtIOGPU *g,
333 struct virtio_gpu_ctrl_command *cmd)
334 {
335 struct virtio_gpu_simple_resource *res;
336 struct virtio_gpu_resource_create_blob cblob;
337 int ret;
338
339 VIRTIO_GPU_FILL_CMD(cblob);
340 virtio_gpu_create_blob_bswap(&cblob);
341 trace_virtio_gpu_cmd_res_create_blob(cblob.resource_id, cblob.size);
342
343 if (cblob.resource_id == 0) {
344 qemu_log_mask(LOG_GUEST_ERROR, "%s: resource id 0 is not allowed\n",
345 __func__);
346 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_RESOURCE_ID;
347 return;
348 }
349
350 if (cblob.blob_mem != VIRTIO_GPU_BLOB_MEM_GUEST &&
351 cblob.blob_flags != VIRTIO_GPU_BLOB_FLAG_USE_SHAREABLE) {
352 qemu_log_mask(LOG_GUEST_ERROR, "%s: invalid memory type\n",
353 __func__);
354 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_PARAMETER;
355 return;
356 }
357
358 if (virtio_gpu_find_resource(g, cblob.resource_id)) {
359 qemu_log_mask(LOG_GUEST_ERROR, "%s: resource already exists %d\n",
360 __func__, cblob.resource_id);
361 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_RESOURCE_ID;
362 return;
363 }
364
365 res = g_new0(struct virtio_gpu_simple_resource, 1);
366 res->resource_id = cblob.resource_id;
367 res->blob_size = cblob.size;
368
369 ret = virtio_gpu_create_mapping_iov(g, cblob.nr_entries, sizeof(cblob),
370 cmd, &res->addrs, &res->iov,
371 &res->iov_cnt);
372 if (ret != 0) {
373 cmd->error = VIRTIO_GPU_RESP_ERR_UNSPEC;
374 g_free(res);
375 return;
376 }
377
378 virtio_gpu_init_udmabuf(res);
379 QTAILQ_INSERT_HEAD(&g->reslist, res, next);
380 }
381
382 static void virtio_gpu_disable_scanout(VirtIOGPU *g, int scanout_id)
383 {
384 struct virtio_gpu_scanout *scanout = &g->parent_obj.scanout[scanout_id];
385 struct virtio_gpu_simple_resource *res;
386
387 if (scanout->resource_id == 0) {
388 return;
389 }
390
391 res = virtio_gpu_find_resource(g, scanout->resource_id);
392 if (res) {
393 res->scanout_bitmask &= ~(1 << scanout_id);
394 }
395
396 dpy_gfx_replace_surface(scanout->con, NULL);
397 scanout->resource_id = 0;
398 scanout->ds = NULL;
399 scanout->width = 0;
400 scanout->height = 0;
401 }
402
403 static void virtio_gpu_resource_destroy(VirtIOGPU *g,
404 struct virtio_gpu_simple_resource *res,
405 Error **errp)
406 {
407 int i;
408
409 if (res->scanout_bitmask) {
410 for (i = 0; i < g->parent_obj.conf.max_outputs; i++) {
411 if (res->scanout_bitmask & (1 << i)) {
412 virtio_gpu_disable_scanout(g, i);
413 }
414 }
415 }
416
417 qemu_pixman_image_unref(res->image);
418 virtio_gpu_cleanup_mapping(g, res);
419 QTAILQ_REMOVE(&g->reslist, res, next);
420 g->hostmem -= res->hostmem;
421 g_free(res);
422 }
423
424 static void virtio_gpu_resource_unref(VirtIOGPU *g,
425 struct virtio_gpu_ctrl_command *cmd)
426 {
427 struct virtio_gpu_simple_resource *res;
428 struct virtio_gpu_resource_unref unref;
429
430 VIRTIO_GPU_FILL_CMD(unref);
431 virtio_gpu_bswap_32(&unref, sizeof(unref));
432 trace_virtio_gpu_cmd_res_unref(unref.resource_id);
433
434 res = virtio_gpu_find_resource(g, unref.resource_id);
435 if (!res) {
436 qemu_log_mask(LOG_GUEST_ERROR, "%s: illegal resource specified %d\n",
437 __func__, unref.resource_id);
438 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_RESOURCE_ID;
439 return;
440 }
441 /*
442 * virtio_gpu_resource_destroy does not set any errors, so pass a NULL errp
443 * to ignore them.
444 */
445 virtio_gpu_resource_destroy(g, res, NULL);
446 }
447
448 static void virtio_gpu_transfer_to_host_2d(VirtIOGPU *g,
449 struct virtio_gpu_ctrl_command *cmd)
450 {
451 struct virtio_gpu_simple_resource *res;
452 int h, bpp;
453 uint32_t src_offset, dst_offset, stride;
454 pixman_format_code_t format;
455 struct virtio_gpu_transfer_to_host_2d t2d;
456 void *img_data;
457
458 VIRTIO_GPU_FILL_CMD(t2d);
459 virtio_gpu_t2d_bswap(&t2d);
460 trace_virtio_gpu_cmd_res_xfer_toh_2d(t2d.resource_id);
461
462 res = virtio_gpu_find_check_resource(g, t2d.resource_id, true,
463 __func__, &cmd->error);
464 if (!res || res->blob) {
465 return;
466 }
467
468 if (t2d.r.x > res->width ||
469 t2d.r.y > res->height ||
470 t2d.r.width > res->width ||
471 t2d.r.height > res->height ||
472 t2d.r.x + t2d.r.width > res->width ||
473 t2d.r.y + t2d.r.height > res->height) {
474 qemu_log_mask(LOG_GUEST_ERROR, "%s: transfer bounds outside resource"
475 " bounds for resource %d: %d %d %d %d vs %d %d\n",
476 __func__, t2d.resource_id, t2d.r.x, t2d.r.y,
477 t2d.r.width, t2d.r.height, res->width, res->height);
478 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_PARAMETER;
479 return;
480 }
481
482 format = pixman_image_get_format(res->image);
483 bpp = DIV_ROUND_UP(PIXMAN_FORMAT_BPP(format), 8);
484 stride = pixman_image_get_stride(res->image);
485 img_data = pixman_image_get_data(res->image);
486
487 if (t2d.r.x || t2d.r.width != pixman_image_get_width(res->image)) {
488 for (h = 0; h < t2d.r.height; h++) {
489 src_offset = t2d.offset + stride * h;
490 dst_offset = (t2d.r.y + h) * stride + (t2d.r.x * bpp);
491
492 iov_to_buf(res->iov, res->iov_cnt, src_offset,
493 (uint8_t *)img_data + dst_offset,
494 t2d.r.width * bpp);
495 }
496 } else {
497 src_offset = t2d.offset;
498 dst_offset = t2d.r.y * stride + t2d.r.x * bpp;
499 iov_to_buf(res->iov, res->iov_cnt, src_offset,
500 (uint8_t *)img_data + dst_offset,
501 stride * t2d.r.height);
502 }
503 }
504
505 static void virtio_gpu_resource_flush(VirtIOGPU *g,
506 struct virtio_gpu_ctrl_command *cmd)
507 {
508 struct virtio_gpu_simple_resource *res;
509 struct virtio_gpu_resource_flush rf;
510 struct virtio_gpu_scanout *scanout;
511 QemuRect flush_rect;
512 bool within_bounds = false;
513 bool update_submitted = false;
514 int i;
515
516 VIRTIO_GPU_FILL_CMD(rf);
517 virtio_gpu_bswap_32(&rf, sizeof(rf));
518 trace_virtio_gpu_cmd_res_flush(rf.resource_id,
519 rf.r.width, rf.r.height, rf.r.x, rf.r.y);
520
521 res = virtio_gpu_find_check_resource(g, rf.resource_id, false,
522 __func__, &cmd->error);
523 if (!res) {
524 return;
525 }
526
527 if (res->blob) {
528 for (i = 0; i < g->parent_obj.conf.max_outputs; i++) {
529 scanout = &g->parent_obj.scanout[i];
530 if (scanout->resource_id == res->resource_id &&
531 rf.r.x < scanout->x + scanout->width &&
532 rf.r.x + rf.r.width >= scanout->x &&
533 rf.r.y < scanout->y + scanout->height &&
534 rf.r.y + rf.r.height >= scanout->y) {
535 within_bounds = true;
536
537 if (console_has_gl(scanout->con)) {
538 dpy_gl_update(scanout->con, 0, 0, scanout->width,
539 scanout->height);
540 update_submitted = true;
541 }
542 }
543 }
544
545 if (update_submitted) {
546 return;
547 }
548 if (!within_bounds) {
549 qemu_log_mask(LOG_GUEST_ERROR, "%s: flush bounds outside scanouts"
550 " bounds for flush %d: %d %d %d %d\n",
551 __func__, rf.resource_id, rf.r.x, rf.r.y,
552 rf.r.width, rf.r.height);
553 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_PARAMETER;
554 return;
555 }
556 }
557
558 if (!res->blob &&
559 (rf.r.x > res->width ||
560 rf.r.y > res->height ||
561 rf.r.width > res->width ||
562 rf.r.height > res->height ||
563 rf.r.x + rf.r.width > res->width ||
564 rf.r.y + rf.r.height > res->height)) {
565 qemu_log_mask(LOG_GUEST_ERROR, "%s: flush bounds outside resource"
566 " bounds for resource %d: %d %d %d %d vs %d %d\n",
567 __func__, rf.resource_id, rf.r.x, rf.r.y,
568 rf.r.width, rf.r.height, res->width, res->height);
569 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_PARAMETER;
570 return;
571 }
572
573 qemu_rect_init(&flush_rect, rf.r.x, rf.r.y, rf.r.width, rf.r.height);
574 for (i = 0; i < g->parent_obj.conf.max_outputs; i++) {
575 QemuRect rect;
576
577 if (!(res->scanout_bitmask & (1 << i))) {
578 continue;
579 }
580 scanout = &g->parent_obj.scanout[i];
581
582 qemu_rect_init(&rect, scanout->x, scanout->y,
583 scanout->width, scanout->height);
584
585 /* work out the area we need to update for each console */
586 if (qemu_rect_intersect(&flush_rect, &rect, &rect)) {
587 qemu_rect_translate(&rect, -scanout->x, -scanout->y);
588 dpy_gfx_update(g->parent_obj.scanout[i].con,
589 rect.x, rect.y, rect.width, rect.height);
590 }
591 }
592 }
593
594 static void virtio_unref_resource(pixman_image_t *image, void *data)
595 {
596 pixman_image_unref(data);
597 }
598
599 static void virtio_gpu_update_scanout(VirtIOGPU *g,
600 uint32_t scanout_id,
601 struct virtio_gpu_simple_resource *res,
602 struct virtio_gpu_framebuffer *fb,
603 struct virtio_gpu_rect *r)
604 {
605 struct virtio_gpu_simple_resource *ores;
606 struct virtio_gpu_scanout *scanout;
607
608 scanout = &g->parent_obj.scanout[scanout_id];
609 ores = virtio_gpu_find_resource(g, scanout->resource_id);
610 if (ores) {
611 ores->scanout_bitmask &= ~(1 << scanout_id);
612 }
613
614 res->scanout_bitmask |= (1 << scanout_id);
615 scanout->resource_id = res->resource_id;
616 scanout->x = r->x;
617 scanout->y = r->y;
618 scanout->width = r->width;
619 scanout->height = r->height;
620 scanout->fb = *fb;
621 }
622
623 static bool virtio_gpu_do_set_scanout(VirtIOGPU *g,
624 uint32_t scanout_id,
625 struct virtio_gpu_framebuffer *fb,
626 struct virtio_gpu_simple_resource *res,
627 struct virtio_gpu_rect *r,
628 uint32_t *error)
629 {
630 struct virtio_gpu_scanout *scanout;
631 uint8_t *data;
632
633 scanout = &g->parent_obj.scanout[scanout_id];
634
635 if (r->x > fb->width ||
636 r->y > fb->height ||
637 r->width < 16 ||
638 r->height < 16 ||
639 r->width > fb->width ||
640 r->height > fb->height ||
641 r->x + r->width > fb->width ||
642 r->y + r->height > fb->height) {
643 qemu_log_mask(LOG_GUEST_ERROR, "%s: illegal scanout %d bounds for"
644 " resource %d, rect (%d,%d)+%d,%d, fb %d %d\n",
645 __func__, scanout_id, res->resource_id,
646 r->x, r->y, r->width, r->height,
647 fb->width, fb->height);
648 *error = VIRTIO_GPU_RESP_ERR_INVALID_PARAMETER;
649 return false;
650 }
651
652 g->parent_obj.enable = 1;
653
654 if (res->blob) {
655 if (console_has_gl(scanout->con)) {
656 if (!virtio_gpu_update_dmabuf(g, scanout_id, res, fb, r)) {
657 virtio_gpu_update_scanout(g, scanout_id, res, fb, r);
658 } else {
659 *error = VIRTIO_GPU_RESP_ERR_OUT_OF_MEMORY;
660 return false;
661 }
662 return true;
663 }
664
665 data = res->blob;
666 } else {
667 data = (uint8_t *)pixman_image_get_data(res->image);
668 }
669
670 /* create a surface for this scanout */
671 if ((res->blob && !console_has_gl(scanout->con)) ||
672 !scanout->ds ||
673 surface_data(scanout->ds) != data + fb->offset ||
674 scanout->width != r->width ||
675 scanout->height != r->height) {
676 pixman_image_t *rect;
677 void *ptr = data + fb->offset;
678 rect = pixman_image_create_bits(fb->format, r->width, r->height,
679 ptr, fb->stride);
680
681 if (res->image) {
682 pixman_image_ref(res->image);
683 pixman_image_set_destroy_function(rect, virtio_unref_resource,
684 res->image);
685 }
686
687 /* realloc the surface ptr */
688 scanout->ds = qemu_create_displaysurface_pixman(rect);
689 #ifdef WIN32
690 qemu_displaysurface_win32_set_handle(scanout->ds, res->handle, fb->offset);
691 #endif
692
693 pixman_image_unref(rect);
694 dpy_gfx_replace_surface(g->parent_obj.scanout[scanout_id].con,
695 scanout->ds);
696 }
697
698 virtio_gpu_update_scanout(g, scanout_id, res, fb, r);
699 return true;
700 }
701
702 static void virtio_gpu_set_scanout(VirtIOGPU *g,
703 struct virtio_gpu_ctrl_command *cmd)
704 {
705 struct virtio_gpu_simple_resource *res;
706 struct virtio_gpu_framebuffer fb = { 0 };
707 struct virtio_gpu_set_scanout ss;
708
709 VIRTIO_GPU_FILL_CMD(ss);
710 virtio_gpu_bswap_32(&ss, sizeof(ss));
711 trace_virtio_gpu_cmd_set_scanout(ss.scanout_id, ss.resource_id,
712 ss.r.width, ss.r.height, ss.r.x, ss.r.y);
713
714 if (ss.scanout_id >= g->parent_obj.conf.max_outputs) {
715 qemu_log_mask(LOG_GUEST_ERROR, "%s: illegal scanout id specified %d",
716 __func__, ss.scanout_id);
717 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_SCANOUT_ID;
718 return;
719 }
720
721 if (ss.resource_id == 0) {
722 virtio_gpu_disable_scanout(g, ss.scanout_id);
723 return;
724 }
725
726 res = virtio_gpu_find_check_resource(g, ss.resource_id, true,
727 __func__, &cmd->error);
728 if (!res) {
729 return;
730 }
731
732 fb.format = pixman_image_get_format(res->image);
733 fb.bytes_pp = DIV_ROUND_UP(PIXMAN_FORMAT_BPP(fb.format), 8);
734 fb.width = pixman_image_get_width(res->image);
735 fb.height = pixman_image_get_height(res->image);
736 fb.stride = pixman_image_get_stride(res->image);
737 fb.offset = ss.r.x * fb.bytes_pp + ss.r.y * fb.stride;
738
739 virtio_gpu_do_set_scanout(g, ss.scanout_id,
740 &fb, res, &ss.r, &cmd->error);
741 }
742
743 static void virtio_gpu_set_scanout_blob(VirtIOGPU *g,
744 struct virtio_gpu_ctrl_command *cmd)
745 {
746 struct virtio_gpu_simple_resource *res;
747 struct virtio_gpu_framebuffer fb = { 0 };
748 struct virtio_gpu_set_scanout_blob ss;
749 uint64_t fbend;
750
751 VIRTIO_GPU_FILL_CMD(ss);
752 virtio_gpu_scanout_blob_bswap(&ss);
753 trace_virtio_gpu_cmd_set_scanout_blob(ss.scanout_id, ss.resource_id,
754 ss.r.width, ss.r.height, ss.r.x,
755 ss.r.y);
756
757 if (ss.scanout_id >= g->parent_obj.conf.max_outputs) {
758 qemu_log_mask(LOG_GUEST_ERROR, "%s: illegal scanout id specified %d",
759 __func__, ss.scanout_id);
760 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_SCANOUT_ID;
761 return;
762 }
763
764 if (ss.resource_id == 0) {
765 virtio_gpu_disable_scanout(g, ss.scanout_id);
766 return;
767 }
768
769 res = virtio_gpu_find_check_resource(g, ss.resource_id, true,
770 __func__, &cmd->error);
771 if (!res) {
772 return;
773 }
774
775 fb.format = virtio_gpu_get_pixman_format(ss.format);
776 if (!fb.format) {
777 qemu_log_mask(LOG_GUEST_ERROR,
778 "%s: host couldn't handle guest format %d\n",
779 __func__, ss.format);
780 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_PARAMETER;
781 return;
782 }
783
784 fb.bytes_pp = DIV_ROUND_UP(PIXMAN_FORMAT_BPP(fb.format), 8);
785 fb.width = ss.width;
786 fb.height = ss.height;
787 fb.stride = ss.strides[0];
788 fb.offset = ss.offsets[0] + ss.r.x * fb.bytes_pp + ss.r.y * fb.stride;
789
790 fbend = fb.offset;
791 fbend += fb.stride * (ss.r.height - 1);
792 fbend += fb.bytes_pp * ss.r.width;
793 if (fbend > res->blob_size) {
794 qemu_log_mask(LOG_GUEST_ERROR,
795 "%s: fb end out of range\n",
796 __func__);
797 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_PARAMETER;
798 return;
799 }
800
801 virtio_gpu_do_set_scanout(g, ss.scanout_id,
802 &fb, res, &ss.r, &cmd->error);
803 }
804
805 int virtio_gpu_create_mapping_iov(VirtIOGPU *g,
806 uint32_t nr_entries, uint32_t offset,
807 struct virtio_gpu_ctrl_command *cmd,
808 uint64_t **addr, struct iovec **iov,
809 uint32_t *niov)
810 {
811 struct virtio_gpu_mem_entry *ents;
812 size_t esize, s;
813 int e, v;
814
815 if (nr_entries > 16384) {
816 qemu_log_mask(LOG_GUEST_ERROR,
817 "%s: nr_entries is too big (%d > 16384)\n",
818 __func__, nr_entries);
819 return -1;
820 }
821
822 esize = sizeof(*ents) * nr_entries;
823 ents = g_malloc(esize);
824 s = iov_to_buf(cmd->elem.out_sg, cmd->elem.out_num,
825 offset, ents, esize);
826 if (s != esize) {
827 qemu_log_mask(LOG_GUEST_ERROR,
828 "%s: command data size incorrect %zu vs %zu\n",
829 __func__, s, esize);
830 g_free(ents);
831 return -1;
832 }
833
834 *iov = NULL;
835 if (addr) {
836 *addr = NULL;
837 }
838 for (e = 0, v = 0; e < nr_entries; e++) {
839 uint64_t a = le64_to_cpu(ents[e].addr);
840 uint32_t l = le32_to_cpu(ents[e].length);
841 hwaddr len;
842 void *map;
843
844 do {
845 len = l;
846 map = dma_memory_map(VIRTIO_DEVICE(g)->dma_as, a, &len,
847 DMA_DIRECTION_TO_DEVICE,
848 MEMTXATTRS_UNSPECIFIED);
849 if (!map) {
850 qemu_log_mask(LOG_GUEST_ERROR, "%s: failed to map MMIO memory for"
851 " element %d\n", __func__, e);
852 virtio_gpu_cleanup_mapping_iov(g, *iov, v);
853 g_free(ents);
854 *iov = NULL;
855 if (addr) {
856 g_free(*addr);
857 *addr = NULL;
858 }
859 return -1;
860 }
861
862 if (!(v % 16)) {
863 *iov = g_renew(struct iovec, *iov, v + 16);
864 if (addr) {
865 *addr = g_renew(uint64_t, *addr, v + 16);
866 }
867 }
868 (*iov)[v].iov_base = map;
869 (*iov)[v].iov_len = len;
870 if (addr) {
871 (*addr)[v] = a;
872 }
873
874 a += len;
875 l -= len;
876 v += 1;
877 } while (l > 0);
878 }
879 *niov = v;
880
881 g_free(ents);
882 return 0;
883 }
884
885 void virtio_gpu_cleanup_mapping_iov(VirtIOGPU *g,
886 struct iovec *iov, uint32_t count)
887 {
888 int i;
889
890 for (i = 0; i < count; i++) {
891 dma_memory_unmap(VIRTIO_DEVICE(g)->dma_as,
892 iov[i].iov_base, iov[i].iov_len,
893 DMA_DIRECTION_TO_DEVICE,
894 iov[i].iov_len);
895 }
896 g_free(iov);
897 }
898
899 void virtio_gpu_cleanup_mapping(VirtIOGPU *g,
900 struct virtio_gpu_simple_resource *res)
901 {
902 virtio_gpu_cleanup_mapping_iov(g, res->iov, res->iov_cnt);
903 res->iov = NULL;
904 res->iov_cnt = 0;
905 g_free(res->addrs);
906 res->addrs = NULL;
907
908 if (res->blob) {
909 virtio_gpu_fini_udmabuf(res);
910 }
911 }
912
913 static void
914 virtio_gpu_resource_attach_backing(VirtIOGPU *g,
915 struct virtio_gpu_ctrl_command *cmd)
916 {
917 struct virtio_gpu_simple_resource *res;
918 struct virtio_gpu_resource_attach_backing ab;
919 int ret;
920
921 VIRTIO_GPU_FILL_CMD(ab);
922 virtio_gpu_bswap_32(&ab, sizeof(ab));
923 trace_virtio_gpu_cmd_res_back_attach(ab.resource_id);
924
925 res = virtio_gpu_find_resource(g, ab.resource_id);
926 if (!res) {
927 qemu_log_mask(LOG_GUEST_ERROR, "%s: illegal resource specified %d\n",
928 __func__, ab.resource_id);
929 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_RESOURCE_ID;
930 return;
931 }
932
933 if (res->iov) {
934 cmd->error = VIRTIO_GPU_RESP_ERR_UNSPEC;
935 return;
936 }
937
938 ret = virtio_gpu_create_mapping_iov(g, ab.nr_entries, sizeof(ab), cmd,
939 &res->addrs, &res->iov, &res->iov_cnt);
940 if (ret != 0) {
941 cmd->error = VIRTIO_GPU_RESP_ERR_UNSPEC;
942 return;
943 }
944 }
945
946 static void
947 virtio_gpu_resource_detach_backing(VirtIOGPU *g,
948 struct virtio_gpu_ctrl_command *cmd)
949 {
950 struct virtio_gpu_simple_resource *res;
951 struct virtio_gpu_resource_detach_backing detach;
952
953 VIRTIO_GPU_FILL_CMD(detach);
954 virtio_gpu_bswap_32(&detach, sizeof(detach));
955 trace_virtio_gpu_cmd_res_back_detach(detach.resource_id);
956
957 res = virtio_gpu_find_check_resource(g, detach.resource_id, true,
958 __func__, &cmd->error);
959 if (!res) {
960 return;
961 }
962 virtio_gpu_cleanup_mapping(g, res);
963 }
964
965 void virtio_gpu_simple_process_cmd(VirtIOGPU *g,
966 struct virtio_gpu_ctrl_command *cmd)
967 {
968 VIRTIO_GPU_FILL_CMD(cmd->cmd_hdr);
969 virtio_gpu_ctrl_hdr_bswap(&cmd->cmd_hdr);
970
971 switch (cmd->cmd_hdr.type) {
972 case VIRTIO_GPU_CMD_GET_DISPLAY_INFO:
973 virtio_gpu_get_display_info(g, cmd);
974 break;
975 case VIRTIO_GPU_CMD_GET_EDID:
976 virtio_gpu_get_edid(g, cmd);
977 break;
978 case VIRTIO_GPU_CMD_RESOURCE_CREATE_2D:
979 virtio_gpu_resource_create_2d(g, cmd);
980 break;
981 case VIRTIO_GPU_CMD_RESOURCE_CREATE_BLOB:
982 if (!virtio_gpu_blob_enabled(g->parent_obj.conf)) {
983 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_PARAMETER;
984 break;
985 }
986 virtio_gpu_resource_create_blob(g, cmd);
987 break;
988 case VIRTIO_GPU_CMD_RESOURCE_UNREF:
989 virtio_gpu_resource_unref(g, cmd);
990 break;
991 case VIRTIO_GPU_CMD_RESOURCE_FLUSH:
992 virtio_gpu_resource_flush(g, cmd);
993 break;
994 case VIRTIO_GPU_CMD_TRANSFER_TO_HOST_2D:
995 virtio_gpu_transfer_to_host_2d(g, cmd);
996 break;
997 case VIRTIO_GPU_CMD_SET_SCANOUT:
998 virtio_gpu_set_scanout(g, cmd);
999 break;
1000 case VIRTIO_GPU_CMD_SET_SCANOUT_BLOB:
1001 if (!virtio_gpu_blob_enabled(g->parent_obj.conf)) {
1002 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_PARAMETER;
1003 break;
1004 }
1005 virtio_gpu_set_scanout_blob(g, cmd);
1006 break;
1007 case VIRTIO_GPU_CMD_RESOURCE_ATTACH_BACKING:
1008 virtio_gpu_resource_attach_backing(g, cmd);
1009 break;
1010 case VIRTIO_GPU_CMD_RESOURCE_DETACH_BACKING:
1011 virtio_gpu_resource_detach_backing(g, cmd);
1012 break;
1013 default:
1014 cmd->error = VIRTIO_GPU_RESP_ERR_UNSPEC;
1015 break;
1016 }
1017 if (!cmd->finished) {
1018 if (!g->parent_obj.renderer_blocked) {
1019 virtio_gpu_ctrl_response_nodata(g, cmd, cmd->error ? cmd->error :
1020 VIRTIO_GPU_RESP_OK_NODATA);
1021 }
1022 }
1023 }
1024
1025 static void virtio_gpu_handle_ctrl_cb(VirtIODevice *vdev, VirtQueue *vq)
1026 {
1027 VirtIOGPU *g = VIRTIO_GPU(vdev);
1028 qemu_bh_schedule(g->ctrl_bh);
1029 }
1030
1031 static void virtio_gpu_handle_cursor_cb(VirtIODevice *vdev, VirtQueue *vq)
1032 {
1033 VirtIOGPU *g = VIRTIO_GPU(vdev);
1034 qemu_bh_schedule(g->cursor_bh);
1035 }
1036
1037 void virtio_gpu_process_cmdq(VirtIOGPU *g)
1038 {
1039 struct virtio_gpu_ctrl_command *cmd;
1040 VirtIOGPUClass *vgc = VIRTIO_GPU_GET_CLASS(g);
1041
1042 if (g->processing_cmdq) {
1043 return;
1044 }
1045 g->processing_cmdq = true;
1046 while (!QTAILQ_EMPTY(&g->cmdq)) {
1047 cmd = QTAILQ_FIRST(&g->cmdq);
1048
1049 if (g->parent_obj.renderer_blocked) {
1050 break;
1051 }
1052
1053 /* process command */
1054 vgc->process_cmd(g, cmd);
1055
1056 QTAILQ_REMOVE(&g->cmdq, cmd, next);
1057 if (virtio_gpu_stats_enabled(g->parent_obj.conf)) {
1058 g->stats.requests++;
1059 }
1060
1061 if (!cmd->finished) {
1062 QTAILQ_INSERT_TAIL(&g->fenceq, cmd, next);
1063 g->inflight++;
1064 if (virtio_gpu_stats_enabled(g->parent_obj.conf)) {
1065 if (g->stats.max_inflight < g->inflight) {
1066 g->stats.max_inflight = g->inflight;
1067 }
1068 fprintf(stderr, "inflight: %3d (+)\r", g->inflight);
1069 }
1070 } else {
1071 g_free(cmd);
1072 }
1073 }
1074 g->processing_cmdq = false;
1075 }
1076
1077 static void virtio_gpu_process_fenceq(VirtIOGPU *g)
1078 {
1079 struct virtio_gpu_ctrl_command *cmd, *tmp;
1080
1081 QTAILQ_FOREACH_SAFE(cmd, &g->fenceq, next, tmp) {
1082 trace_virtio_gpu_fence_resp(cmd->cmd_hdr.fence_id);
1083 virtio_gpu_ctrl_response_nodata(g, cmd, VIRTIO_GPU_RESP_OK_NODATA);
1084 QTAILQ_REMOVE(&g->fenceq, cmd, next);
1085 g_free(cmd);
1086 g->inflight--;
1087 if (virtio_gpu_stats_enabled(g->parent_obj.conf)) {
1088 fprintf(stderr, "inflight: %3d (-)\r", g->inflight);
1089 }
1090 }
1091 }
1092
1093 static void virtio_gpu_handle_gl_flushed(VirtIOGPUBase *b)
1094 {
1095 VirtIOGPU *g = container_of(b, VirtIOGPU, parent_obj);
1096
1097 virtio_gpu_process_fenceq(g);
1098 virtio_gpu_process_cmdq(g);
1099 }
1100
1101 static void virtio_gpu_handle_ctrl(VirtIODevice *vdev, VirtQueue *vq)
1102 {
1103 VirtIOGPU *g = VIRTIO_GPU(vdev);
1104 struct virtio_gpu_ctrl_command *cmd;
1105
1106 if (!virtio_queue_ready(vq)) {
1107 return;
1108 }
1109
1110 cmd = virtqueue_pop(vq, sizeof(struct virtio_gpu_ctrl_command));
1111 while (cmd) {
1112 cmd->vq = vq;
1113 cmd->error = 0;
1114 cmd->finished = false;
1115 QTAILQ_INSERT_TAIL(&g->cmdq, cmd, next);
1116 cmd = virtqueue_pop(vq, sizeof(struct virtio_gpu_ctrl_command));
1117 }
1118
1119 virtio_gpu_process_cmdq(g);
1120 }
1121
1122 static void virtio_gpu_ctrl_bh(void *opaque)
1123 {
1124 VirtIOGPU *g = opaque;
1125 VirtIOGPUClass *vgc = VIRTIO_GPU_GET_CLASS(g);
1126
1127 vgc->handle_ctrl(VIRTIO_DEVICE(g), g->ctrl_vq);
1128 }
1129
1130 static void virtio_gpu_handle_cursor(VirtIODevice *vdev, VirtQueue *vq)
1131 {
1132 VirtIOGPU *g = VIRTIO_GPU(vdev);
1133 VirtQueueElement *elem;
1134 size_t s;
1135 struct virtio_gpu_update_cursor cursor_info;
1136
1137 if (!virtio_queue_ready(vq)) {
1138 return;
1139 }
1140 for (;;) {
1141 elem = virtqueue_pop(vq, sizeof(VirtQueueElement));
1142 if (!elem) {
1143 break;
1144 }
1145
1146 s = iov_to_buf(elem->out_sg, elem->out_num, 0,
1147 &cursor_info, sizeof(cursor_info));
1148 if (s != sizeof(cursor_info)) {
1149 qemu_log_mask(LOG_GUEST_ERROR,
1150 "%s: cursor size incorrect %zu vs %zu\n",
1151 __func__, s, sizeof(cursor_info));
1152 } else {
1153 virtio_gpu_bswap_32(&cursor_info, sizeof(cursor_info));
1154 update_cursor(g, &cursor_info);
1155 }
1156 virtqueue_push(vq, elem, 0);
1157 virtio_notify(vdev, vq);
1158 g_free(elem);
1159 }
1160 }
1161
1162 static void virtio_gpu_cursor_bh(void *opaque)
1163 {
1164 VirtIOGPU *g = opaque;
1165 virtio_gpu_handle_cursor(&g->parent_obj.parent_obj, g->cursor_vq);
1166 }
1167
1168 static bool scanout_vmstate_after_v2(void *opaque, int version)
1169 {
1170 struct VirtIOGPUBase *base = container_of(opaque, VirtIOGPUBase, scanout);
1171 struct VirtIOGPU *gpu = container_of(base, VirtIOGPU, parent_obj);
1172
1173 return gpu->scanout_vmstate_version >= 2;
1174 }
1175
1176 static const VMStateDescription vmstate_virtio_gpu_scanout = {
1177 .name = "virtio-gpu-one-scanout",
1178 .version_id = 1,
1179 .fields = (const VMStateField[]) {
1180 VMSTATE_UINT32(resource_id, struct virtio_gpu_scanout),
1181 VMSTATE_UINT32(width, struct virtio_gpu_scanout),
1182 VMSTATE_UINT32(height, struct virtio_gpu_scanout),
1183 VMSTATE_INT32(x, struct virtio_gpu_scanout),
1184 VMSTATE_INT32(y, struct virtio_gpu_scanout),
1185 VMSTATE_UINT32(cursor.resource_id, struct virtio_gpu_scanout),
1186 VMSTATE_UINT32(cursor.hot_x, struct virtio_gpu_scanout),
1187 VMSTATE_UINT32(cursor.hot_y, struct virtio_gpu_scanout),
1188 VMSTATE_UINT32(cursor.pos.x, struct virtio_gpu_scanout),
1189 VMSTATE_UINT32(cursor.pos.y, struct virtio_gpu_scanout),
1190 VMSTATE_UINT32_TEST(fb.format, struct virtio_gpu_scanout,
1191 scanout_vmstate_after_v2),
1192 VMSTATE_UINT32_TEST(fb.bytes_pp, struct virtio_gpu_scanout,
1193 scanout_vmstate_after_v2),
1194 VMSTATE_UINT32_TEST(fb.width, struct virtio_gpu_scanout,
1195 scanout_vmstate_after_v2),
1196 VMSTATE_UINT32_TEST(fb.height, struct virtio_gpu_scanout,
1197 scanout_vmstate_after_v2),
1198 VMSTATE_UINT32_TEST(fb.stride, struct virtio_gpu_scanout,
1199 scanout_vmstate_after_v2),
1200 VMSTATE_UINT32_TEST(fb.offset, struct virtio_gpu_scanout,
1201 scanout_vmstate_after_v2),
1202 VMSTATE_END_OF_LIST()
1203 },
1204 };
1205
1206 static const VMStateDescription vmstate_virtio_gpu_scanouts = {
1207 .name = "virtio-gpu-scanouts",
1208 .version_id = 1,
1209 .fields = (const VMStateField[]) {
1210 VMSTATE_INT32(parent_obj.enable, struct VirtIOGPU),
1211 VMSTATE_UINT32_EQUAL(parent_obj.conf.max_outputs,
1212 struct VirtIOGPU, NULL),
1213 VMSTATE_STRUCT_VARRAY_UINT32(parent_obj.scanout, struct VirtIOGPU,
1214 parent_obj.conf.max_outputs, 1,
1215 vmstate_virtio_gpu_scanout,
1216 struct virtio_gpu_scanout),
1217 VMSTATE_END_OF_LIST()
1218 },
1219 };
1220
1221 static int virtio_gpu_save(QEMUFile *f, void *opaque, size_t size,
1222 const VMStateField *field, JSONWriter *vmdesc)
1223 {
1224 VirtIOGPU *g = opaque;
1225 struct virtio_gpu_simple_resource *res;
1226 int i;
1227
1228 /* in 2d mode we should never find unprocessed commands here */
1229 assert(QTAILQ_EMPTY(&g->cmdq));
1230
1231 QTAILQ_FOREACH(res, &g->reslist, next) {
1232 if (res->blob_size) {
1233 continue;
1234 }
1235 qemu_put_be32(f, res->resource_id);
1236 qemu_put_be32(f, res->width);
1237 qemu_put_be32(f, res->height);
1238 qemu_put_be32(f, res->format);
1239 qemu_put_be32(f, res->iov_cnt);
1240 for (i = 0; i < res->iov_cnt; i++) {
1241 qemu_put_be64(f, res->addrs[i]);
1242 qemu_put_be32(f, res->iov[i].iov_len);
1243 }
1244 qemu_put_buffer(f, (void *)pixman_image_get_data(res->image),
1245 pixman_image_get_stride(res->image) * res->height);
1246 }
1247 qemu_put_be32(f, 0); /* end of list */
1248
1249 return vmstate_save_state(f, &vmstate_virtio_gpu_scanouts, g, NULL);
1250 }
1251
1252 static bool virtio_gpu_load_restore_mapping(VirtIOGPU *g,
1253 struct virtio_gpu_simple_resource *res)
1254 {
1255 int i;
1256
1257 for (i = 0; i < res->iov_cnt; i++) {
1258 hwaddr len = res->iov[i].iov_len;
1259 res->iov[i].iov_base =
1260 dma_memory_map(VIRTIO_DEVICE(g)->dma_as, res->addrs[i], &len,
1261 DMA_DIRECTION_TO_DEVICE, MEMTXATTRS_UNSPECIFIED);
1262
1263 if (!res->iov[i].iov_base || len != res->iov[i].iov_len) {
1264 /* Clean up the half-a-mapping we just created... */
1265 if (res->iov[i].iov_base) {
1266 dma_memory_unmap(VIRTIO_DEVICE(g)->dma_as, res->iov[i].iov_base,
1267 len, DMA_DIRECTION_TO_DEVICE, 0);
1268 }
1269 /* ...and the mappings for previous loop iterations */
1270 res->iov_cnt = i;
1271 virtio_gpu_cleanup_mapping(g, res);
1272 return false;
1273 }
1274 }
1275
1276 QTAILQ_INSERT_HEAD(&g->reslist, res, next);
1277 g->hostmem += res->hostmem;
1278 return true;
1279 }
1280
1281 static int virtio_gpu_load(QEMUFile *f, void *opaque, size_t size,
1282 const VMStateField *field)
1283 {
1284 VirtIOGPU *g = opaque;
1285 struct virtio_gpu_simple_resource *res;
1286 uint32_t resource_id, pformat;
1287 void *bits = NULL;
1288 int i;
1289
1290 g->hostmem = 0;
1291
1292 resource_id = qemu_get_be32(f);
1293 while (resource_id != 0) {
1294 res = virtio_gpu_find_resource(g, resource_id);
1295 if (res) {
1296 return -EINVAL;
1297 }
1298
1299 res = g_new0(struct virtio_gpu_simple_resource, 1);
1300 res->resource_id = resource_id;
1301 res->width = qemu_get_be32(f);
1302 res->height = qemu_get_be32(f);
1303 res->format = qemu_get_be32(f);
1304 res->iov_cnt = qemu_get_be32(f);
1305
1306 /* allocate */
1307 pformat = virtio_gpu_get_pixman_format(res->format);
1308 if (!pformat) {
1309 g_free(res);
1310 return -EINVAL;
1311 }
1312
1313 res->hostmem = calc_image_hostmem(pformat, res->width, res->height);
1314 #ifdef WIN32
1315 bits = qemu_win32_map_alloc(res->hostmem, &res->handle, &error_warn);
1316 if (!bits) {
1317 g_free(res);
1318 return -EINVAL;
1319 }
1320 #endif
1321 res->image = pixman_image_create_bits(
1322 pformat,
1323 res->width, res->height,
1324 bits, res->height ? res->hostmem / res->height : 0);
1325 if (!res->image) {
1326 g_free(res);
1327 return -EINVAL;
1328 }
1329 #ifdef WIN32
1330 pixman_image_set_destroy_function(res->image, win32_pixman_image_destroy, res->handle);
1331 #endif
1332
1333 res->addrs = g_new(uint64_t, res->iov_cnt);
1334 res->iov = g_new(struct iovec, res->iov_cnt);
1335
1336 /* read data */
1337 for (i = 0; i < res->iov_cnt; i++) {
1338 res->addrs[i] = qemu_get_be64(f);
1339 res->iov[i].iov_len = qemu_get_be32(f);
1340 }
1341 qemu_get_buffer(f, (void *)pixman_image_get_data(res->image),
1342 pixman_image_get_stride(res->image) * res->height);
1343
1344 if (!virtio_gpu_load_restore_mapping(g, res)) {
1345 pixman_image_unref(res->image);
1346 g_free(res);
1347 return -EINVAL;
1348 }
1349
1350 resource_id = qemu_get_be32(f);
1351 }
1352
1353 /* load & apply scanout state */
1354 vmstate_load_state(f, &vmstate_virtio_gpu_scanouts, g, 1);
1355
1356 return 0;
1357 }
1358
1359 static int virtio_gpu_blob_save(QEMUFile *f, void *opaque, size_t size,
1360 const VMStateField *field, JSONWriter *vmdesc)
1361 {
1362 VirtIOGPU *g = opaque;
1363 struct virtio_gpu_simple_resource *res;
1364 int i;
1365
1366 /* in 2d mode we should never find unprocessed commands here */
1367 assert(QTAILQ_EMPTY(&g->cmdq));
1368
1369 QTAILQ_FOREACH(res, &g->reslist, next) {
1370 if (!res->blob_size) {
1371 continue;
1372 }
1373 assert(!res->image);
1374 qemu_put_be32(f, res->resource_id);
1375 qemu_put_be32(f, res->blob_size);
1376 qemu_put_be32(f, res->iov_cnt);
1377 for (i = 0; i < res->iov_cnt; i++) {
1378 qemu_put_be64(f, res->addrs[i]);
1379 qemu_put_be32(f, res->iov[i].iov_len);
1380 }
1381 }
1382 qemu_put_be32(f, 0); /* end of list */
1383
1384 return 0;
1385 }
1386
1387 static int virtio_gpu_blob_load(QEMUFile *f, void *opaque, size_t size,
1388 const VMStateField *field)
1389 {
1390 VirtIOGPU *g = opaque;
1391 struct virtio_gpu_simple_resource *res;
1392 uint32_t resource_id;
1393 int i;
1394
1395 resource_id = qemu_get_be32(f);
1396 while (resource_id != 0) {
1397 res = virtio_gpu_find_resource(g, resource_id);
1398 if (res) {
1399 return -EINVAL;
1400 }
1401
1402 res = g_new0(struct virtio_gpu_simple_resource, 1);
1403 res->resource_id = resource_id;
1404 res->blob_size = qemu_get_be32(f);
1405 res->iov_cnt = qemu_get_be32(f);
1406 res->addrs = g_new(uint64_t, res->iov_cnt);
1407 res->iov = g_new(struct iovec, res->iov_cnt);
1408
1409 /* read data */
1410 for (i = 0; i < res->iov_cnt; i++) {
1411 res->addrs[i] = qemu_get_be64(f);
1412 res->iov[i].iov_len = qemu_get_be32(f);
1413 }
1414
1415 if (!virtio_gpu_load_restore_mapping(g, res)) {
1416 g_free(res);
1417 return -EINVAL;
1418 }
1419
1420 virtio_gpu_init_udmabuf(res);
1421
1422 resource_id = qemu_get_be32(f);
1423 }
1424
1425 return 0;
1426 }
1427
1428 static int virtio_gpu_post_load(void *opaque, int version_id)
1429 {
1430 VirtIOGPU *g = opaque;
1431 struct virtio_gpu_scanout *scanout;
1432 struct virtio_gpu_simple_resource *res;
1433 int i;
1434
1435 for (i = 0; i < g->parent_obj.conf.max_outputs; i++) {
1436 scanout = &g->parent_obj.scanout[i];
1437 if (!scanout->resource_id) {
1438 continue;
1439 }
1440
1441 res = virtio_gpu_find_resource(g, scanout->resource_id);
1442 if (!res) {
1443 return -EINVAL;
1444 }
1445
1446 if (scanout->fb.format != 0) {
1447 uint32_t error = 0;
1448 struct virtio_gpu_rect r = {
1449 .x = scanout->x,
1450 .y = scanout->y,
1451 .width = scanout->width,
1452 .height = scanout->height
1453 };
1454
1455 if (!virtio_gpu_do_set_scanout(g, i, &scanout->fb, res, &r, &error)) {
1456 return -EINVAL;
1457 }
1458 } else {
1459 /* legacy v1 migration support */
1460 if (!res->image) {
1461 return -EINVAL;
1462 }
1463 scanout->ds = qemu_create_displaysurface_pixman(res->image);
1464 #ifdef WIN32
1465 qemu_displaysurface_win32_set_handle(scanout->ds, res->handle, 0);
1466 #endif
1467 dpy_gfx_replace_surface(scanout->con, scanout->ds);
1468 }
1469
1470 dpy_gfx_update_full(scanout->con);
1471 if (scanout->cursor.resource_id) {
1472 update_cursor(g, &scanout->cursor);
1473 }
1474 res->scanout_bitmask |= (1 << i);
1475 }
1476
1477 return 0;
1478 }
1479
1480 void virtio_gpu_device_realize(DeviceState *qdev, Error **errp)
1481 {
1482 VirtIODevice *vdev = VIRTIO_DEVICE(qdev);
1483 VirtIOGPU *g = VIRTIO_GPU(qdev);
1484
1485 if (virtio_gpu_blob_enabled(g->parent_obj.conf)) {
1486 if (!virtio_gpu_rutabaga_enabled(g->parent_obj.conf) &&
1487 !virtio_gpu_have_udmabuf()) {
1488 error_setg(errp, "need rutabaga or udmabuf for blob resources");
1489 return;
1490 }
1491
1492 if (virtio_gpu_virgl_enabled(g->parent_obj.conf)) {
1493 error_setg(errp, "blobs and virgl are not compatible (yet)");
1494 return;
1495 }
1496 }
1497
1498 if (!virtio_gpu_base_device_realize(qdev,
1499 virtio_gpu_handle_ctrl_cb,
1500 virtio_gpu_handle_cursor_cb,
1501 errp)) {
1502 return;
1503 }
1504
1505 g->ctrl_vq = virtio_get_queue(vdev, 0);
1506 g->cursor_vq = virtio_get_queue(vdev, 1);
1507 g->ctrl_bh = virtio_bh_new_guarded(qdev, virtio_gpu_ctrl_bh, g);
1508 g->cursor_bh = virtio_bh_new_guarded(qdev, virtio_gpu_cursor_bh, g);
1509 g->reset_bh = qemu_bh_new(virtio_gpu_reset_bh, g);
1510 qemu_cond_init(&g->reset_cond);
1511 QTAILQ_INIT(&g->reslist);
1512 QTAILQ_INIT(&g->cmdq);
1513 QTAILQ_INIT(&g->fenceq);
1514 }
1515
1516 static void virtio_gpu_device_unrealize(DeviceState *qdev)
1517 {
1518 VirtIOGPU *g = VIRTIO_GPU(qdev);
1519
1520 g_clear_pointer(&g->ctrl_bh, qemu_bh_delete);
1521 g_clear_pointer(&g->cursor_bh, qemu_bh_delete);
1522 g_clear_pointer(&g->reset_bh, qemu_bh_delete);
1523 qemu_cond_destroy(&g->reset_cond);
1524 virtio_gpu_base_device_unrealize(qdev);
1525 }
1526
1527 static void virtio_gpu_reset_bh(void *opaque)
1528 {
1529 VirtIOGPU *g = VIRTIO_GPU(opaque);
1530 VirtIOGPUClass *vgc = VIRTIO_GPU_GET_CLASS(g);
1531 struct virtio_gpu_simple_resource *res, *tmp;
1532 uint32_t resource_id;
1533 Error *local_err = NULL;
1534 int i = 0;
1535
1536 QTAILQ_FOREACH_SAFE(res, &g->reslist, next, tmp) {
1537 resource_id = res->resource_id;
1538 vgc->resource_destroy(g, res, &local_err);
1539 if (local_err) {
1540 error_append_hint(&local_err, "%s: %s resource_destroy"
1541 "for resource_id = %"PRIu32" failed.\n",
1542 __func__, object_get_typename(OBJECT(g)),
1543 resource_id);
1544 /* error_report_err frees the error object for us */
1545 error_report_err(local_err);
1546 local_err = NULL;
1547 }
1548 }
1549
1550 for (i = 0; i < g->parent_obj.conf.max_outputs; i++) {
1551 dpy_gfx_replace_surface(g->parent_obj.scanout[i].con, NULL);
1552 }
1553
1554 g->reset_finished = true;
1555 qemu_cond_signal(&g->reset_cond);
1556 }
1557
1558 void virtio_gpu_reset(VirtIODevice *vdev)
1559 {
1560 VirtIOGPU *g = VIRTIO_GPU(vdev);
1561 struct virtio_gpu_ctrl_command *cmd;
1562
1563 if (qemu_in_vcpu_thread()) {
1564 g->reset_finished = false;
1565 qemu_bh_schedule(g->reset_bh);
1566 while (!g->reset_finished) {
1567 qemu_cond_wait_bql(&g->reset_cond);
1568 }
1569 } else {
1570 aio_bh_call(g->reset_bh);
1571 }
1572
1573 while (!QTAILQ_EMPTY(&g->cmdq)) {
1574 cmd = QTAILQ_FIRST(&g->cmdq);
1575 QTAILQ_REMOVE(&g->cmdq, cmd, next);
1576 g_free(cmd);
1577 }
1578
1579 while (!QTAILQ_EMPTY(&g->fenceq)) {
1580 cmd = QTAILQ_FIRST(&g->fenceq);
1581 QTAILQ_REMOVE(&g->fenceq, cmd, next);
1582 g->inflight--;
1583 g_free(cmd);
1584 }
1585
1586 virtio_gpu_base_reset(VIRTIO_GPU_BASE(vdev));
1587 }
1588
1589 static void
1590 virtio_gpu_get_config(VirtIODevice *vdev, uint8_t *config)
1591 {
1592 VirtIOGPUBase *g = VIRTIO_GPU_BASE(vdev);
1593
1594 memcpy(config, &g->virtio_config, sizeof(g->virtio_config));
1595 }
1596
1597 static void
1598 virtio_gpu_set_config(VirtIODevice *vdev, const uint8_t *config)
1599 {
1600 VirtIOGPUBase *g = VIRTIO_GPU_BASE(vdev);
1601 const struct virtio_gpu_config *vgconfig =
1602 (const struct virtio_gpu_config *)config;
1603
1604 if (vgconfig->events_clear) {
1605 g->virtio_config.events_read &= ~vgconfig->events_clear;
1606 }
1607 }
1608
1609 static bool virtio_gpu_blob_state_needed(void *opaque)
1610 {
1611 VirtIOGPU *g = VIRTIO_GPU(opaque);
1612
1613 return virtio_gpu_blob_enabled(g->parent_obj.conf);
1614 }
1615
1616 const VMStateDescription vmstate_virtio_gpu_blob_state = {
1617 .name = "virtio-gpu/blob",
1618 .minimum_version_id = VIRTIO_GPU_VM_VERSION,
1619 .version_id = VIRTIO_GPU_VM_VERSION,
1620 .needed = virtio_gpu_blob_state_needed,
1621 .fields = (const VMStateField[]){
1622 {
1623 .name = "virtio-gpu/blob",
1624 .info = &(const VMStateInfo) {
1625 .name = "blob",
1626 .get = virtio_gpu_blob_load,
1627 .put = virtio_gpu_blob_save,
1628 },
1629 .flags = VMS_SINGLE,
1630 } /* device */,
1631 VMSTATE_END_OF_LIST()
1632 },
1633 };
1634
1635 /*
1636 * For historical reasons virtio_gpu does not adhere to virtio migration
1637 * scheme as described in doc/virtio-migration.txt, in a sense that no
1638 * save/load callback are provided to the core. Instead the device data
1639 * is saved/loaded after the core data.
1640 *
1641 * Because of this we need a special vmsd.
1642 */
1643 static const VMStateDescription vmstate_virtio_gpu = {
1644 .name = "virtio-gpu",
1645 .minimum_version_id = VIRTIO_GPU_VM_VERSION,
1646 .version_id = VIRTIO_GPU_VM_VERSION,
1647 .fields = (const VMStateField[]) {
1648 VMSTATE_VIRTIO_DEVICE /* core */,
1649 {
1650 .name = "virtio-gpu",
1651 .info = &(const VMStateInfo) {
1652 .name = "virtio-gpu",
1653 .get = virtio_gpu_load,
1654 .put = virtio_gpu_save,
1655 },
1656 .flags = VMS_SINGLE,
1657 } /* device */,
1658 VMSTATE_END_OF_LIST()
1659 },
1660 .subsections = (const VMStateDescription * const []) {
1661 &vmstate_virtio_gpu_blob_state,
1662 NULL
1663 },
1664 .post_load = virtio_gpu_post_load,
1665 };
1666
1667 static Property virtio_gpu_properties[] = {
1668 VIRTIO_GPU_BASE_PROPERTIES(VirtIOGPU, parent_obj.conf),
1669 DEFINE_PROP_SIZE("max_hostmem", VirtIOGPU, conf_max_hostmem,
1670 256 * MiB),
1671 DEFINE_PROP_BIT("blob", VirtIOGPU, parent_obj.conf.flags,
1672 VIRTIO_GPU_FLAG_BLOB_ENABLED, false),
1673 DEFINE_PROP_SIZE("hostmem", VirtIOGPU, parent_obj.conf.hostmem, 0),
1674 DEFINE_PROP_UINT8("x-scanout-vmstate-version", VirtIOGPU, scanout_vmstate_version, 2),
1675 DEFINE_PROP_END_OF_LIST(),
1676 };
1677
1678 static void virtio_gpu_class_init(ObjectClass *klass, void *data)
1679 {
1680 DeviceClass *dc = DEVICE_CLASS(klass);
1681 VirtioDeviceClass *vdc = VIRTIO_DEVICE_CLASS(klass);
1682 VirtIOGPUClass *vgc = VIRTIO_GPU_CLASS(klass);
1683 VirtIOGPUBaseClass *vgbc = &vgc->parent;
1684
1685 vgc->handle_ctrl = virtio_gpu_handle_ctrl;
1686 vgc->process_cmd = virtio_gpu_simple_process_cmd;
1687 vgc->update_cursor_data = virtio_gpu_update_cursor_data;
1688 vgc->resource_destroy = virtio_gpu_resource_destroy;
1689 vgbc->gl_flushed = virtio_gpu_handle_gl_flushed;
1690
1691 vdc->realize = virtio_gpu_device_realize;
1692 vdc->unrealize = virtio_gpu_device_unrealize;
1693 vdc->reset = virtio_gpu_reset;
1694 vdc->get_config = virtio_gpu_get_config;
1695 vdc->set_config = virtio_gpu_set_config;
1696
1697 dc->vmsd = &vmstate_virtio_gpu;
1698 device_class_set_props(dc, virtio_gpu_properties);
1699 }
1700
1701 static const TypeInfo virtio_gpu_info = {
1702 .name = TYPE_VIRTIO_GPU,
1703 .parent = TYPE_VIRTIO_GPU_BASE,
1704 .instance_size = sizeof(VirtIOGPU),
1705 .class_size = sizeof(VirtIOGPUClass),
1706 .class_init = virtio_gpu_class_init,
1707 };
1708 module_obj(TYPE_VIRTIO_GPU);
1709 module_kconfig(VIRTIO_GPU);
1710
1711 static void virtio_register_types(void)
1712 {
1713 type_register_static(&virtio_gpu_info);
1714 }
1715
1716 type_init(virtio_register_types)
Random patches