1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21#include "qemu/osdep.h"
22#include <zlib.h>
23
24#include "qemu-common.h"
25#include "qemu/timer.h"
26#include "qemu/queue.h"
27#include "qemu/atomic.h"
28#include "sysemu/sysemu.h"
29#include "migration/blocker.h"
30#include "trace.h"
31
32#include "qxl.h"
33
34
35
36
37
38
39
40#undef SPICE_RING_PROD_ITEM
41#define SPICE_RING_PROD_ITEM(qxl, r, ret) { \
42 uint32_t prod = (r)->prod & SPICE_RING_INDEX_MASK(r); \
43 if (prod >= ARRAY_SIZE((r)->items)) { \
44 qxl_set_guest_bug(qxl, "SPICE_RING_PROD_ITEM indices mismatch " \
45 "%u >= %zu", prod, ARRAY_SIZE((r)->items)); \
46 ret = NULL; \
47 } else { \
48 ret = &(r)->items[prod].el; \
49 } \
50 }
51
52#undef SPICE_RING_CONS_ITEM
53#define SPICE_RING_CONS_ITEM(qxl, r, ret) { \
54 uint32_t cons = (r)->cons & SPICE_RING_INDEX_MASK(r); \
55 if (cons >= ARRAY_SIZE((r)->items)) { \
56 qxl_set_guest_bug(qxl, "SPICE_RING_CONS_ITEM indices mismatch " \
57 "%u >= %zu", cons, ARRAY_SIZE((r)->items)); \
58 ret = NULL; \
59 } else { \
60 ret = &(r)->items[cons].el; \
61 } \
62 }
63
64#undef ALIGN
65#define ALIGN(a, b) (((a) + ((b) - 1)) & ~((b) - 1))
66
67#define PIXEL_SIZE 0.2936875
68
69#define QXL_MODE(_x, _y, _b, _o) \
70 { .x_res = _x, \
71 .y_res = _y, \
72 .bits = _b, \
73 .stride = (_x) * (_b) / 8, \
74 .x_mili = PIXEL_SIZE * (_x), \
75 .y_mili = PIXEL_SIZE * (_y), \
76 .orientation = _o, \
77 }
78
79#define QXL_MODE_16_32(x_res, y_res, orientation) \
80 QXL_MODE(x_res, y_res, 16, orientation), \
81 QXL_MODE(x_res, y_res, 32, orientation)
82
83#define QXL_MODE_EX(x_res, y_res) \
84 QXL_MODE_16_32(x_res, y_res, 0), \
85 QXL_MODE_16_32(x_res, y_res, 1)
86
87static QXLMode qxl_modes[] = {
88 QXL_MODE_EX(640, 480),
89 QXL_MODE_EX(800, 480),
90 QXL_MODE_EX(800, 600),
91 QXL_MODE_EX(832, 624),
92 QXL_MODE_EX(960, 640),
93 QXL_MODE_EX(1024, 600),
94 QXL_MODE_EX(1024, 768),
95 QXL_MODE_EX(1152, 864),
96 QXL_MODE_EX(1152, 870),
97 QXL_MODE_EX(1280, 720),
98 QXL_MODE_EX(1280, 760),
99 QXL_MODE_EX(1280, 768),
100 QXL_MODE_EX(1280, 800),
101 QXL_MODE_EX(1280, 960),
102 QXL_MODE_EX(1280, 1024),
103 QXL_MODE_EX(1360, 768),
104 QXL_MODE_EX(1366, 768),
105 QXL_MODE_EX(1400, 1050),
106 QXL_MODE_EX(1440, 900),
107 QXL_MODE_EX(1600, 900),
108 QXL_MODE_EX(1600, 1200),
109 QXL_MODE_EX(1680, 1050),
110 QXL_MODE_EX(1920, 1080),
111
112 QXL_MODE_EX(1920, 1200),
113 QXL_MODE_EX(1920, 1440),
114 QXL_MODE_EX(2000, 2000),
115 QXL_MODE_EX(2048, 1536),
116 QXL_MODE_EX(2048, 2048),
117 QXL_MODE_EX(2560, 1440),
118 QXL_MODE_EX(2560, 1600),
119
120 QXL_MODE_EX(2560, 2048),
121 QXL_MODE_EX(2800, 2100),
122 QXL_MODE_EX(3200, 2400),
123
124 QXL_MODE_EX(3840, 2160),
125 QXL_MODE_EX(4096, 2160),
126
127 QXL_MODE_EX(7680, 4320),
128
129 QXL_MODE_EX(8192, 4320),
130};
131
132static void qxl_send_events(PCIQXLDevice *d, uint32_t events);
133static int qxl_destroy_primary(PCIQXLDevice *d, qxl_async_io async);
134static void qxl_reset_memslots(PCIQXLDevice *d);
135static void qxl_reset_surfaces(PCIQXLDevice *d);
136static void qxl_ring_set_dirty(PCIQXLDevice *qxl);
137
138static void qxl_hw_update(void *opaque);
139
140void qxl_set_guest_bug(PCIQXLDevice *qxl, const char *msg, ...)
141{
142 trace_qxl_set_guest_bug(qxl->id);
143 qxl_send_events(qxl, QXL_INTERRUPT_ERROR);
144 qxl->guest_bug = 1;
145 if (qxl->guestdebug) {
146 va_list ap;
147 va_start(ap, msg);
148 fprintf(stderr, "qxl-%d: guest bug: ", qxl->id);
149 vfprintf(stderr, msg, ap);
150 fprintf(stderr, "\n");
151 va_end(ap);
152 }
153}
154
155static void qxl_clear_guest_bug(PCIQXLDevice *qxl)
156{
157 qxl->guest_bug = 0;
158}
159
160void qxl_spice_update_area(PCIQXLDevice *qxl, uint32_t surface_id,
161 struct QXLRect *area, struct QXLRect *dirty_rects,
162 uint32_t num_dirty_rects,
163 uint32_t clear_dirty_region,
164 qxl_async_io async, struct QXLCookie *cookie)
165{
166 trace_qxl_spice_update_area(qxl->id, surface_id, area->left, area->right,
167 area->top, area->bottom);
168 trace_qxl_spice_update_area_rest(qxl->id, num_dirty_rects,
169 clear_dirty_region);
170 if (async == QXL_SYNC) {
171 spice_qxl_update_area(&qxl->ssd.qxl, surface_id, area,
172 dirty_rects, num_dirty_rects, clear_dirty_region);
173 } else {
174 assert(cookie != NULL);
175 spice_qxl_update_area_async(&qxl->ssd.qxl, surface_id, area,
176 clear_dirty_region, (uintptr_t)cookie);
177 }
178}
179
180static void qxl_spice_destroy_surface_wait_complete(PCIQXLDevice *qxl,
181 uint32_t id)
182{
183 trace_qxl_spice_destroy_surface_wait_complete(qxl->id, id);
184 qemu_mutex_lock(&qxl->track_lock);
185 qxl->guest_surfaces.cmds[id] = 0;
186 qxl->guest_surfaces.count--;
187 qemu_mutex_unlock(&qxl->track_lock);
188}
189
190static void qxl_spice_destroy_surface_wait(PCIQXLDevice *qxl, uint32_t id,
191 qxl_async_io async)
192{
193 QXLCookie *cookie;
194
195 trace_qxl_spice_destroy_surface_wait(qxl->id, id, async);
196 if (async) {
197 cookie = qxl_cookie_new(QXL_COOKIE_TYPE_IO,
198 QXL_IO_DESTROY_SURFACE_ASYNC);
199 cookie->u.surface_id = id;
200 spice_qxl_destroy_surface_async(&qxl->ssd.qxl, id, (uintptr_t)cookie);
201 } else {
202 spice_qxl_destroy_surface_wait(&qxl->ssd.qxl, id);
203 qxl_spice_destroy_surface_wait_complete(qxl, id);
204 }
205}
206
207static void qxl_spice_flush_surfaces_async(PCIQXLDevice *qxl)
208{
209 trace_qxl_spice_flush_surfaces_async(qxl->id, qxl->guest_surfaces.count,
210 qxl->num_free_res);
211 spice_qxl_flush_surfaces_async(&qxl->ssd.qxl,
212 (uintptr_t)qxl_cookie_new(QXL_COOKIE_TYPE_IO,
213 QXL_IO_FLUSH_SURFACES_ASYNC));
214}
215
216void qxl_spice_loadvm_commands(PCIQXLDevice *qxl, struct QXLCommandExt *ext,
217 uint32_t count)
218{
219 trace_qxl_spice_loadvm_commands(qxl->id, ext, count);
220 spice_qxl_loadvm_commands(&qxl->ssd.qxl, ext, count);
221}
222
223void qxl_spice_oom(PCIQXLDevice *qxl)
224{
225 trace_qxl_spice_oom(qxl->id);
226 spice_qxl_oom(&qxl->ssd.qxl);
227}
228
229void qxl_spice_reset_memslots(PCIQXLDevice *qxl)
230{
231 trace_qxl_spice_reset_memslots(qxl->id);
232 spice_qxl_reset_memslots(&qxl->ssd.qxl);
233}
234
235static void qxl_spice_destroy_surfaces_complete(PCIQXLDevice *qxl)
236{
237 trace_qxl_spice_destroy_surfaces_complete(qxl->id);
238 qemu_mutex_lock(&qxl->track_lock);
239 memset(qxl->guest_surfaces.cmds, 0,
240 sizeof(qxl->guest_surfaces.cmds[0]) * qxl->ssd.num_surfaces);
241 qxl->guest_surfaces.count = 0;
242 qemu_mutex_unlock(&qxl->track_lock);
243}
244
245static void qxl_spice_destroy_surfaces(PCIQXLDevice *qxl, qxl_async_io async)
246{
247 trace_qxl_spice_destroy_surfaces(qxl->id, async);
248 if (async) {
249 spice_qxl_destroy_surfaces_async(&qxl->ssd.qxl,
250 (uintptr_t)qxl_cookie_new(QXL_COOKIE_TYPE_IO,
251 QXL_IO_DESTROY_ALL_SURFACES_ASYNC));
252 } else {
253 spice_qxl_destroy_surfaces(&qxl->ssd.qxl);
254 qxl_spice_destroy_surfaces_complete(qxl);
255 }
256}
257
258static void qxl_spice_monitors_config_async(PCIQXLDevice *qxl, int replay)
259{
260 trace_qxl_spice_monitors_config(qxl->id);
261 if (replay) {
262
263
264
265
266
267
268 spice_qxl_monitors_config_async(&qxl->ssd.qxl,
269 qxl->guest_monitors_config,
270 MEMSLOT_GROUP_GUEST,
271 (uintptr_t)qxl_cookie_new(
272 QXL_COOKIE_TYPE_POST_LOAD_MONITORS_CONFIG,
273 0));
274 } else {
275#if SPICE_SERVER_VERSION >= 0x000c06
276 if (qxl->max_outputs) {
277 spice_qxl_set_max_monitors(&qxl->ssd.qxl, qxl->max_outputs);
278 }
279#endif
280 qxl->guest_monitors_config = qxl->ram->monitors_config;
281 spice_qxl_monitors_config_async(&qxl->ssd.qxl,
282 qxl->ram->monitors_config,
283 MEMSLOT_GROUP_GUEST,
284 (uintptr_t)qxl_cookie_new(QXL_COOKIE_TYPE_IO,
285 QXL_IO_MONITORS_CONFIG_ASYNC));
286 }
287}
288
289void qxl_spice_reset_image_cache(PCIQXLDevice *qxl)
290{
291 trace_qxl_spice_reset_image_cache(qxl->id);
292 spice_qxl_reset_image_cache(&qxl->ssd.qxl);
293}
294
295void qxl_spice_reset_cursor(PCIQXLDevice *qxl)
296{
297 trace_qxl_spice_reset_cursor(qxl->id);
298 spice_qxl_reset_cursor(&qxl->ssd.qxl);
299 qemu_mutex_lock(&qxl->track_lock);
300 qxl->guest_cursor = 0;
301 qemu_mutex_unlock(&qxl->track_lock);
302 if (qxl->ssd.cursor) {
303 cursor_put(qxl->ssd.cursor);
304 }
305 qxl->ssd.cursor = cursor_builtin_hidden();
306}
307
308static uint32_t qxl_crc32(const uint8_t *p, unsigned len)
309{
310
311
312
313
314
315 return crc32(0xffffffff, p, len) ^ 0xffffffff;
316}
317
318static ram_addr_t qxl_rom_size(void)
319{
320#define QXL_REQUIRED_SZ (sizeof(QXLRom) + sizeof(QXLModes) + sizeof(qxl_modes))
321#define QXL_ROM_SZ 8192
322
323 QEMU_BUILD_BUG_ON(QXL_REQUIRED_SZ > QXL_ROM_SZ);
324 return QXL_ROM_SZ;
325}
326
327static void init_qxl_rom(PCIQXLDevice *d)
328{
329 QXLRom *rom = memory_region_get_ram_ptr(&d->rom_bar);
330 QXLModes *modes = (QXLModes *)(rom + 1);
331 uint32_t ram_header_size;
332 uint32_t surface0_area_size;
333 uint32_t num_pages;
334 uint32_t fb;
335 int i, n;
336
337 memset(rom, 0, d->rom_size);
338
339 rom->magic = cpu_to_le32(QXL_ROM_MAGIC);
340 rom->id = cpu_to_le32(d->id);
341 rom->log_level = cpu_to_le32(d->guestdebug);
342 rom->modes_offset = cpu_to_le32(sizeof(QXLRom));
343
344 rom->slot_gen_bits = MEMSLOT_GENERATION_BITS;
345 rom->slot_id_bits = MEMSLOT_SLOT_BITS;
346 rom->slots_start = 1;
347 rom->slots_end = NUM_MEMSLOTS - 1;
348 rom->n_surfaces = cpu_to_le32(d->ssd.num_surfaces);
349
350 for (i = 0, n = 0; i < ARRAY_SIZE(qxl_modes); i++) {
351 fb = qxl_modes[i].y_res * qxl_modes[i].stride;
352 if (fb > d->vgamem_size) {
353 continue;
354 }
355 modes->modes[n].id = cpu_to_le32(i);
356 modes->modes[n].x_res = cpu_to_le32(qxl_modes[i].x_res);
357 modes->modes[n].y_res = cpu_to_le32(qxl_modes[i].y_res);
358 modes->modes[n].bits = cpu_to_le32(qxl_modes[i].bits);
359 modes->modes[n].stride = cpu_to_le32(qxl_modes[i].stride);
360 modes->modes[n].x_mili = cpu_to_le32(qxl_modes[i].x_mili);
361 modes->modes[n].y_mili = cpu_to_le32(qxl_modes[i].y_mili);
362 modes->modes[n].orientation = cpu_to_le32(qxl_modes[i].orientation);
363 n++;
364 }
365 modes->n_modes = cpu_to_le32(n);
366
367 ram_header_size = ALIGN(sizeof(QXLRam), 4096);
368 surface0_area_size = ALIGN(d->vgamem_size, 4096);
369 num_pages = d->vga.vram_size;
370 num_pages -= ram_header_size;
371 num_pages -= surface0_area_size;
372 num_pages = num_pages / QXL_PAGE_SIZE;
373
374 assert(ram_header_size + surface0_area_size <= d->vga.vram_size);
375
376 rom->draw_area_offset = cpu_to_le32(0);
377 rom->surface0_area_size = cpu_to_le32(surface0_area_size);
378 rom->pages_offset = cpu_to_le32(surface0_area_size);
379 rom->num_pages = cpu_to_le32(num_pages);
380 rom->ram_header_offset = cpu_to_le32(d->vga.vram_size - ram_header_size);
381
382 if (d->xres && d->yres) {
383
384 rom->client_monitors_config.count = 1;
385 rom->client_monitors_config.heads[0].left = 0;
386 rom->client_monitors_config.heads[0].top = 0;
387 rom->client_monitors_config.heads[0].right = cpu_to_le32(d->xres);
388 rom->client_monitors_config.heads[0].bottom = cpu_to_le32(d->yres);
389 rom->client_monitors_config_crc = qxl_crc32(
390 (const uint8_t *)&rom->client_monitors_config,
391 sizeof(rom->client_monitors_config));
392 }
393
394 d->shadow_rom = *rom;
395 d->rom = rom;
396 d->modes = modes;
397}
398
399static void init_qxl_ram(PCIQXLDevice *d)
400{
401 uint8_t *buf;
402 uint64_t *item;
403
404 buf = d->vga.vram_ptr;
405 d->ram = (QXLRam *)(buf + le32_to_cpu(d->shadow_rom.ram_header_offset));
406 d->ram->magic = cpu_to_le32(QXL_RAM_MAGIC);
407 d->ram->int_pending = cpu_to_le32(0);
408 d->ram->int_mask = cpu_to_le32(0);
409 d->ram->update_surface = 0;
410 d->ram->monitors_config = 0;
411 SPICE_RING_INIT(&d->ram->cmd_ring);
412 SPICE_RING_INIT(&d->ram->cursor_ring);
413 SPICE_RING_INIT(&d->ram->release_ring);
414 SPICE_RING_PROD_ITEM(d, &d->ram->release_ring, item);
415 assert(item);
416 *item = 0;
417 qxl_ring_set_dirty(d);
418}
419
420
421static void qxl_set_dirty(MemoryRegion *mr, ram_addr_t addr, ram_addr_t end)
422{
423 memory_region_set_dirty(mr, addr, end - addr);
424}
425
426static void qxl_rom_set_dirty(PCIQXLDevice *qxl)
427{
428 qxl_set_dirty(&qxl->rom_bar, 0, qxl->rom_size);
429}
430
431
432static void qxl_ram_set_dirty(PCIQXLDevice *qxl, void *ptr)
433{
434 void *base = qxl->vga.vram_ptr;
435 intptr_t offset;
436
437 offset = ptr - base;
438 assert(offset < qxl->vga.vram_size);
439 qxl_set_dirty(&qxl->vga.vram, offset, offset + 3);
440}
441
442
443static void qxl_ring_set_dirty(PCIQXLDevice *qxl)
444{
445 ram_addr_t addr = qxl->shadow_rom.ram_header_offset;
446 ram_addr_t end = qxl->vga.vram_size;
447 qxl_set_dirty(&qxl->vga.vram, addr, end);
448}
449
450
451
452
453
454static int qxl_track_command(PCIQXLDevice *qxl, struct QXLCommandExt *ext)
455{
456 switch (le32_to_cpu(ext->cmd.type)) {
457 case QXL_CMD_SURFACE:
458 {
459 QXLSurfaceCmd *cmd = qxl_phys2virt(qxl, ext->cmd.data, ext->group_id);
460
461 if (!cmd) {
462 return 1;
463 }
464 uint32_t id = le32_to_cpu(cmd->surface_id);
465
466 if (id >= qxl->ssd.num_surfaces) {
467 qxl_set_guest_bug(qxl, "QXL_CMD_SURFACE id %d >= %d", id,
468 qxl->ssd.num_surfaces);
469 return 1;
470 }
471 if (cmd->type == QXL_SURFACE_CMD_CREATE &&
472 (cmd->u.surface_create.stride & 0x03) != 0) {
473 qxl_set_guest_bug(qxl, "QXL_CMD_SURFACE stride = %d %% 4 != 0\n",
474 cmd->u.surface_create.stride);
475 return 1;
476 }
477 qemu_mutex_lock(&qxl->track_lock);
478 if (cmd->type == QXL_SURFACE_CMD_CREATE) {
479 qxl->guest_surfaces.cmds[id] = ext->cmd.data;
480 qxl->guest_surfaces.count++;
481 if (qxl->guest_surfaces.max < qxl->guest_surfaces.count)
482 qxl->guest_surfaces.max = qxl->guest_surfaces.count;
483 }
484 if (cmd->type == QXL_SURFACE_CMD_DESTROY) {
485 qxl->guest_surfaces.cmds[id] = 0;
486 qxl->guest_surfaces.count--;
487 }
488 qemu_mutex_unlock(&qxl->track_lock);
489 break;
490 }
491 case QXL_CMD_CURSOR:
492 {
493 QXLCursorCmd *cmd = qxl_phys2virt(qxl, ext->cmd.data, ext->group_id);
494
495 if (!cmd) {
496 return 1;
497 }
498 if (cmd->type == QXL_CURSOR_SET) {
499 qemu_mutex_lock(&qxl->track_lock);
500 qxl->guest_cursor = ext->cmd.data;
501 qemu_mutex_unlock(&qxl->track_lock);
502 }
503 if (cmd->type == QXL_CURSOR_HIDE) {
504 qemu_mutex_lock(&qxl->track_lock);
505 qxl->guest_cursor = 0;
506 qemu_mutex_unlock(&qxl->track_lock);
507 }
508 break;
509 }
510 }
511 return 0;
512}
513
514
515
516static void interface_attach_worker(QXLInstance *sin, QXLWorker *qxl_worker)
517{
518 PCIQXLDevice *qxl = container_of(sin, PCIQXLDevice, ssd.qxl);
519
520 trace_qxl_interface_attach_worker(qxl->id);
521 qxl->ssd.worker = qxl_worker;
522}
523
524static void interface_set_compression_level(QXLInstance *sin, int level)
525{
526 PCIQXLDevice *qxl = container_of(sin, PCIQXLDevice, ssd.qxl);
527
528 trace_qxl_interface_set_compression_level(qxl->id, level);
529 qxl->shadow_rom.compression_level = cpu_to_le32(level);
530 qxl->rom->compression_level = cpu_to_le32(level);
531 qxl_rom_set_dirty(qxl);
532}
533
534#if SPICE_NEEDS_SET_MM_TIME
535static void interface_set_mm_time(QXLInstance *sin, uint32_t mm_time)
536{
537 PCIQXLDevice *qxl = container_of(sin, PCIQXLDevice, ssd.qxl);
538
539 if (!qemu_spice_display_is_running(&qxl->ssd)) {
540 return;
541 }
542
543 trace_qxl_interface_set_mm_time(qxl->id, mm_time);
544 qxl->shadow_rom.mm_clock = cpu_to_le32(mm_time);
545 qxl->rom->mm_clock = cpu_to_le32(mm_time);
546 qxl_rom_set_dirty(qxl);
547}
548#endif
549
550static void interface_get_init_info(QXLInstance *sin, QXLDevInitInfo *info)
551{
552 PCIQXLDevice *qxl = container_of(sin, PCIQXLDevice, ssd.qxl);
553
554 trace_qxl_interface_get_init_info(qxl->id);
555 info->memslot_gen_bits = MEMSLOT_GENERATION_BITS;
556 info->memslot_id_bits = MEMSLOT_SLOT_BITS;
557 info->num_memslots = NUM_MEMSLOTS;
558 info->num_memslots_groups = NUM_MEMSLOTS_GROUPS;
559 info->internal_groupslot_id = 0;
560 info->qxl_ram_size =
561 le32_to_cpu(qxl->shadow_rom.num_pages) << QXL_PAGE_BITS;
562 info->n_surfaces = qxl->ssd.num_surfaces;
563}
564
565static const char *qxl_mode_to_string(int mode)
566{
567 switch (mode) {
568 case QXL_MODE_COMPAT:
569 return "compat";
570 case QXL_MODE_NATIVE:
571 return "native";
572 case QXL_MODE_UNDEFINED:
573 return "undefined";
574 case QXL_MODE_VGA:
575 return "vga";
576 }
577 return "INVALID";
578}
579
580static const char *io_port_to_string(uint32_t io_port)
581{
582 if (io_port >= QXL_IO_RANGE_SIZE) {
583 return "out of range";
584 }
585 static const char *io_port_to_string[QXL_IO_RANGE_SIZE + 1] = {
586 [QXL_IO_NOTIFY_CMD] = "QXL_IO_NOTIFY_CMD",
587 [QXL_IO_NOTIFY_CURSOR] = "QXL_IO_NOTIFY_CURSOR",
588 [QXL_IO_UPDATE_AREA] = "QXL_IO_UPDATE_AREA",
589 [QXL_IO_UPDATE_IRQ] = "QXL_IO_UPDATE_IRQ",
590 [QXL_IO_NOTIFY_OOM] = "QXL_IO_NOTIFY_OOM",
591 [QXL_IO_RESET] = "QXL_IO_RESET",
592 [QXL_IO_SET_MODE] = "QXL_IO_SET_MODE",
593 [QXL_IO_LOG] = "QXL_IO_LOG",
594 [QXL_IO_MEMSLOT_ADD] = "QXL_IO_MEMSLOT_ADD",
595 [QXL_IO_MEMSLOT_DEL] = "QXL_IO_MEMSLOT_DEL",
596 [QXL_IO_DETACH_PRIMARY] = "QXL_IO_DETACH_PRIMARY",
597 [QXL_IO_ATTACH_PRIMARY] = "QXL_IO_ATTACH_PRIMARY",
598 [QXL_IO_CREATE_PRIMARY] = "QXL_IO_CREATE_PRIMARY",
599 [QXL_IO_DESTROY_PRIMARY] = "QXL_IO_DESTROY_PRIMARY",
600 [QXL_IO_DESTROY_SURFACE_WAIT] = "QXL_IO_DESTROY_SURFACE_WAIT",
601 [QXL_IO_DESTROY_ALL_SURFACES] = "QXL_IO_DESTROY_ALL_SURFACES",
602 [QXL_IO_UPDATE_AREA_ASYNC] = "QXL_IO_UPDATE_AREA_ASYNC",
603 [QXL_IO_MEMSLOT_ADD_ASYNC] = "QXL_IO_MEMSLOT_ADD_ASYNC",
604 [QXL_IO_CREATE_PRIMARY_ASYNC] = "QXL_IO_CREATE_PRIMARY_ASYNC",
605 [QXL_IO_DESTROY_PRIMARY_ASYNC] = "QXL_IO_DESTROY_PRIMARY_ASYNC",
606 [QXL_IO_DESTROY_SURFACE_ASYNC] = "QXL_IO_DESTROY_SURFACE_ASYNC",
607 [QXL_IO_DESTROY_ALL_SURFACES_ASYNC]
608 = "QXL_IO_DESTROY_ALL_SURFACES_ASYNC",
609 [QXL_IO_FLUSH_SURFACES_ASYNC] = "QXL_IO_FLUSH_SURFACES_ASYNC",
610 [QXL_IO_FLUSH_RELEASE] = "QXL_IO_FLUSH_RELEASE",
611 [QXL_IO_MONITORS_CONFIG_ASYNC] = "QXL_IO_MONITORS_CONFIG_ASYNC",
612 };
613 return io_port_to_string[io_port];
614}
615
616
617static int interface_get_command(QXLInstance *sin, struct QXLCommandExt *ext)
618{
619 PCIQXLDevice *qxl = container_of(sin, PCIQXLDevice, ssd.qxl);
620 SimpleSpiceUpdate *update;
621 QXLCommandRing *ring;
622 QXLCommand *cmd;
623 int notify, ret;
624
625 trace_qxl_ring_command_check(qxl->id, qxl_mode_to_string(qxl->mode));
626
627 switch (qxl->mode) {
628 case QXL_MODE_VGA:
629 ret = false;
630 qemu_mutex_lock(&qxl->ssd.lock);
631 update = QTAILQ_FIRST(&qxl->ssd.updates);
632 if (update != NULL) {
633 QTAILQ_REMOVE(&qxl->ssd.updates, update, next);
634 *ext = update->ext;
635 ret = true;
636 }
637 qemu_mutex_unlock(&qxl->ssd.lock);
638 if (ret) {
639 trace_qxl_ring_command_get(qxl->id, qxl_mode_to_string(qxl->mode));
640 qxl_log_command(qxl, "vga", ext);
641 }
642 return ret;
643 case QXL_MODE_COMPAT:
644 case QXL_MODE_NATIVE:
645 case QXL_MODE_UNDEFINED:
646 ring = &qxl->ram->cmd_ring;
647 if (qxl->guest_bug || SPICE_RING_IS_EMPTY(ring)) {
648 return false;
649 }
650 SPICE_RING_CONS_ITEM(qxl, ring, cmd);
651 if (!cmd) {
652 return false;
653 }
654 ext->cmd = *cmd;
655 ext->group_id = MEMSLOT_GROUP_GUEST;
656 ext->flags = qxl->cmdflags;
657 SPICE_RING_POP(ring, notify);
658 qxl_ring_set_dirty(qxl);
659 if (notify) {
660 qxl_send_events(qxl, QXL_INTERRUPT_DISPLAY);
661 }
662 qxl->guest_primary.commands++;
663 qxl_track_command(qxl, ext);
664 qxl_log_command(qxl, "cmd", ext);
665 {
666
667
668
669
670
671
672
673
674 void *msg = qxl_phys2virt(qxl, ext->cmd.data, ext->group_id);
675 if (msg != NULL && (
676 msg < (void *)qxl->vga.vram_ptr ||
677 msg > ((void *)qxl->vga.vram_ptr + qxl->vga.vram_size))) {
678 if (!qxl->migration_blocker) {
679 Error *local_err = NULL;
680 error_setg(&qxl->migration_blocker,
681 "qxl: guest bug: command not in ram bar");
682 migrate_add_blocker(qxl->migration_blocker, &local_err);
683 if (local_err) {
684 error_report_err(local_err);
685 }
686 }
687 }
688 }
689 trace_qxl_ring_command_get(qxl->id, qxl_mode_to_string(qxl->mode));
690 return true;
691 default:
692 return false;
693 }
694}
695
696
697static int interface_req_cmd_notification(QXLInstance *sin)
698{
699 PCIQXLDevice *qxl = container_of(sin, PCIQXLDevice, ssd.qxl);
700 int wait = 1;
701
702 trace_qxl_ring_command_req_notification(qxl->id);
703 switch (qxl->mode) {
704 case QXL_MODE_COMPAT:
705 case QXL_MODE_NATIVE:
706 case QXL_MODE_UNDEFINED:
707 SPICE_RING_CONS_WAIT(&qxl->ram->cmd_ring, wait);
708 qxl_ring_set_dirty(qxl);
709 break;
710 default:
711
712 break;
713 }
714 return wait;
715}
716
717
718static inline void qxl_push_free_res(PCIQXLDevice *d, int flush)
719{
720 QXLReleaseRing *ring = &d->ram->release_ring;
721 uint64_t *item;
722 int notify;
723
724#define QXL_FREE_BUNCH_SIZE 32
725
726 if (ring->prod - ring->cons + 1 == ring->num_items) {
727
728 return;
729 }
730 if (!flush && d->oom_running) {
731
732 return;
733 }
734 if (!flush && d->num_free_res < QXL_FREE_BUNCH_SIZE) {
735
736 return;
737 }
738
739 SPICE_RING_PUSH(ring, notify);
740 trace_qxl_ring_res_push(d->id, qxl_mode_to_string(d->mode),
741 d->guest_surfaces.count, d->num_free_res,
742 d->last_release, notify ? "yes" : "no");
743 trace_qxl_ring_res_push_rest(d->id, ring->prod - ring->cons,
744 ring->num_items, ring->prod, ring->cons);
745 if (notify) {
746 qxl_send_events(d, QXL_INTERRUPT_DISPLAY);
747 }
748 SPICE_RING_PROD_ITEM(d, ring, item);
749 if (!item) {
750 return;
751 }
752 *item = 0;
753 d->num_free_res = 0;
754 d->last_release = NULL;
755 qxl_ring_set_dirty(d);
756}
757
758
759static void interface_release_resource(QXLInstance *sin,
760 QXLReleaseInfoExt ext)
761{
762 PCIQXLDevice *qxl = container_of(sin, PCIQXLDevice, ssd.qxl);
763 QXLReleaseRing *ring;
764 uint64_t *item, id;
765
766 if (ext.group_id == MEMSLOT_GROUP_HOST) {
767
768 QXLCommandExt *cmdext = (void *)(intptr_t)(ext.info->id);
769 SimpleSpiceUpdate *update;
770 g_assert(cmdext->cmd.type == QXL_CMD_DRAW);
771 update = container_of(cmdext, SimpleSpiceUpdate, ext);
772 qemu_spice_destroy_update(&qxl->ssd, update);
773 return;
774 }
775
776
777
778
779
780 ring = &qxl->ram->release_ring;
781 SPICE_RING_PROD_ITEM(qxl, ring, item);
782 if (!item) {
783 return;
784 }
785 if (*item == 0) {
786
787 id = ext.info->id;
788 ext.info->next = 0;
789 qxl_ram_set_dirty(qxl, &ext.info->next);
790 *item = id;
791 qxl_ring_set_dirty(qxl);
792 } else {
793
794 qxl->last_release->next = ext.info->id;
795 qxl_ram_set_dirty(qxl, &qxl->last_release->next);
796 ext.info->next = 0;
797 qxl_ram_set_dirty(qxl, &ext.info->next);
798 }
799 qxl->last_release = ext.info;
800 qxl->num_free_res++;
801 trace_qxl_ring_res_put(qxl->id, qxl->num_free_res);
802 qxl_push_free_res(qxl, 0);
803}
804
805
806static int interface_get_cursor_command(QXLInstance *sin, struct QXLCommandExt *ext)
807{
808 PCIQXLDevice *qxl = container_of(sin, PCIQXLDevice, ssd.qxl);
809 QXLCursorRing *ring;
810 QXLCommand *cmd;
811 int notify;
812
813 trace_qxl_ring_cursor_check(qxl->id, qxl_mode_to_string(qxl->mode));
814
815 switch (qxl->mode) {
816 case QXL_MODE_COMPAT:
817 case QXL_MODE_NATIVE:
818 case QXL_MODE_UNDEFINED:
819 ring = &qxl->ram->cursor_ring;
820 if (SPICE_RING_IS_EMPTY(ring)) {
821 return false;
822 }
823 SPICE_RING_CONS_ITEM(qxl, ring, cmd);
824 if (!cmd) {
825 return false;
826 }
827 ext->cmd = *cmd;
828 ext->group_id = MEMSLOT_GROUP_GUEST;
829 ext->flags = qxl->cmdflags;
830 SPICE_RING_POP(ring, notify);
831 qxl_ring_set_dirty(qxl);
832 if (notify) {
833 qxl_send_events(qxl, QXL_INTERRUPT_CURSOR);
834 }
835 qxl->guest_primary.commands++;
836 qxl_track_command(qxl, ext);
837 qxl_log_command(qxl, "csr", ext);
838 if (qxl->id == 0) {
839 qxl_render_cursor(qxl, ext);
840 }
841 trace_qxl_ring_cursor_get(qxl->id, qxl_mode_to_string(qxl->mode));
842 return true;
843 default:
844 return false;
845 }
846}
847
848
849static int interface_req_cursor_notification(QXLInstance *sin)
850{
851 PCIQXLDevice *qxl = container_of(sin, PCIQXLDevice, ssd.qxl);
852 int wait = 1;
853
854 trace_qxl_ring_cursor_req_notification(qxl->id);
855 switch (qxl->mode) {
856 case QXL_MODE_COMPAT:
857 case QXL_MODE_NATIVE:
858 case QXL_MODE_UNDEFINED:
859 SPICE_RING_CONS_WAIT(&qxl->ram->cursor_ring, wait);
860 qxl_ring_set_dirty(qxl);
861 break;
862 default:
863
864 break;
865 }
866 return wait;
867}
868
869
870static void interface_notify_update(QXLInstance *sin, uint32_t update_id)
871{
872
873
874
875
876
877
878 fprintf(stderr, "%s: deprecated\n", __func__);
879}
880
881
882static int interface_flush_resources(QXLInstance *sin)
883{
884 PCIQXLDevice *qxl = container_of(sin, PCIQXLDevice, ssd.qxl);
885 int ret;
886
887 ret = qxl->num_free_res;
888 if (ret) {
889 qxl_push_free_res(qxl, 1);
890 }
891 return ret;
892}
893
894static void qxl_create_guest_primary_complete(PCIQXLDevice *d);
895
896
897static void interface_async_complete_io(PCIQXLDevice *qxl, QXLCookie *cookie)
898{
899 uint32_t current_async;
900
901 qemu_mutex_lock(&qxl->async_lock);
902 current_async = qxl->current_async;
903 qxl->current_async = QXL_UNDEFINED_IO;
904 qemu_mutex_unlock(&qxl->async_lock);
905
906 trace_qxl_interface_async_complete_io(qxl->id, current_async, cookie);
907 if (!cookie) {
908 fprintf(stderr, "qxl: %s: error, cookie is NULL\n", __func__);
909 return;
910 }
911 if (cookie && current_async != cookie->io) {
912 fprintf(stderr,
913 "qxl: %s: error: current_async = %d != %"
914 PRId64 " = cookie->io\n", __func__, current_async, cookie->io);
915 }
916 switch (current_async) {
917 case QXL_IO_MEMSLOT_ADD_ASYNC:
918 case QXL_IO_DESTROY_PRIMARY_ASYNC:
919 case QXL_IO_UPDATE_AREA_ASYNC:
920 case QXL_IO_FLUSH_SURFACES_ASYNC:
921 case QXL_IO_MONITORS_CONFIG_ASYNC:
922 break;
923 case QXL_IO_CREATE_PRIMARY_ASYNC:
924 qxl_create_guest_primary_complete(qxl);
925 break;
926 case QXL_IO_DESTROY_ALL_SURFACES_ASYNC:
927 qxl_spice_destroy_surfaces_complete(qxl);
928 break;
929 case QXL_IO_DESTROY_SURFACE_ASYNC:
930 qxl_spice_destroy_surface_wait_complete(qxl, cookie->u.surface_id);
931 break;
932 default:
933 fprintf(stderr, "qxl: %s: unexpected current_async %d\n", __func__,
934 current_async);
935 }
936 qxl_send_events(qxl, QXL_INTERRUPT_IO_CMD);
937}
938
939
940static void interface_update_area_complete(QXLInstance *sin,
941 uint32_t surface_id,
942 QXLRect *dirty, uint32_t num_updated_rects)
943{
944 PCIQXLDevice *qxl = container_of(sin, PCIQXLDevice, ssd.qxl);
945 int i;
946 int qxl_i;
947
948 qemu_mutex_lock(&qxl->ssd.lock);
949 if (surface_id != 0 || !num_updated_rects ||
950 !qxl->render_update_cookie_num) {
951 qemu_mutex_unlock(&qxl->ssd.lock);
952 return;
953 }
954 trace_qxl_interface_update_area_complete(qxl->id, surface_id, dirty->left,
955 dirty->right, dirty->top, dirty->bottom);
956 trace_qxl_interface_update_area_complete_rest(qxl->id, num_updated_rects);
957 if (qxl->num_dirty_rects + num_updated_rects > QXL_NUM_DIRTY_RECTS) {
958
959
960
961 trace_qxl_interface_update_area_complete_overflow(qxl->id,
962 QXL_NUM_DIRTY_RECTS);
963 qxl->guest_primary.resized = 1;
964 }
965 if (qxl->guest_primary.resized) {
966
967
968
969
970 qemu_mutex_unlock(&qxl->ssd.lock);
971 return;
972 }
973 qxl_i = qxl->num_dirty_rects;
974 for (i = 0; i < num_updated_rects; i++) {
975 qxl->dirty[qxl_i++] = dirty[i];
976 }
977 qxl->num_dirty_rects += num_updated_rects;
978 trace_qxl_interface_update_area_complete_schedule_bh(qxl->id,
979 qxl->num_dirty_rects);
980 qemu_bh_schedule(qxl->update_area_bh);
981 qemu_mutex_unlock(&qxl->ssd.lock);
982}
983
984
985static void interface_async_complete(QXLInstance *sin, uint64_t cookie_token)
986{
987 PCIQXLDevice *qxl = container_of(sin, PCIQXLDevice, ssd.qxl);
988 QXLCookie *cookie = (QXLCookie *)(uintptr_t)cookie_token;
989
990 switch (cookie->type) {
991 case QXL_COOKIE_TYPE_IO:
992 interface_async_complete_io(qxl, cookie);
993 g_free(cookie);
994 break;
995 case QXL_COOKIE_TYPE_RENDER_UPDATE_AREA:
996 qxl_render_update_area_done(qxl, cookie);
997 break;
998 case QXL_COOKIE_TYPE_POST_LOAD_MONITORS_CONFIG:
999 break;
1000 default:
1001 fprintf(stderr, "qxl: %s: unexpected cookie type %d\n",
1002 __func__, cookie->type);
1003 g_free(cookie);
1004 }
1005}
1006
1007
1008static void interface_set_client_capabilities(QXLInstance *sin,
1009 uint8_t client_present,
1010 uint8_t caps[58])
1011{
1012 PCIQXLDevice *qxl = container_of(sin, PCIQXLDevice, ssd.qxl);
1013
1014 if (qxl->revision < 4) {
1015 trace_qxl_set_client_capabilities_unsupported_by_revision(qxl->id,
1016 qxl->revision);
1017 return;
1018 }
1019
1020 if (runstate_check(RUN_STATE_INMIGRATE) ||
1021 runstate_check(RUN_STATE_POSTMIGRATE)) {
1022 return;
1023 }
1024
1025 qxl->shadow_rom.client_present = client_present;
1026 memcpy(qxl->shadow_rom.client_capabilities, caps,
1027 sizeof(qxl->shadow_rom.client_capabilities));
1028 qxl->rom->client_present = client_present;
1029 memcpy(qxl->rom->client_capabilities, caps,
1030 sizeof(qxl->rom->client_capabilities));
1031 qxl_rom_set_dirty(qxl);
1032
1033 qxl_send_events(qxl, QXL_INTERRUPT_CLIENT);
1034}
1035
1036static bool qxl_rom_monitors_config_changed(QXLRom *rom,
1037 VDAgentMonitorsConfig *monitors_config,
1038 unsigned int max_outputs)
1039{
1040 int i;
1041 unsigned int monitors_count;
1042
1043 monitors_count = MIN(monitors_config->num_of_monitors, max_outputs);
1044
1045 if (rom->client_monitors_config.count != monitors_count) {
1046 return true;
1047 }
1048
1049 for (i = 0 ; i < rom->client_monitors_config.count ; ++i) {
1050 VDAgentMonConfig *monitor = &monitors_config->monitors[i];
1051 QXLURect *rect = &rom->client_monitors_config.heads[i];
1052
1053 if ((rect->left != monitor->x) ||
1054 (rect->top != monitor->y) ||
1055 (rect->right != monitor->x + monitor->width) ||
1056 (rect->bottom != monitor->y + monitor->height)) {
1057 return true;
1058 }
1059 }
1060
1061 return false;
1062}
1063
1064
1065static int interface_client_monitors_config(QXLInstance *sin,
1066 VDAgentMonitorsConfig *monitors_config)
1067{
1068 PCIQXLDevice *qxl = container_of(sin, PCIQXLDevice, ssd.qxl);
1069 QXLRom *rom = memory_region_get_ram_ptr(&qxl->rom_bar);
1070 int i;
1071 unsigned max_outputs = ARRAY_SIZE(rom->client_monitors_config.heads);
1072 bool config_changed = false;
1073
1074 if (qxl->revision < 4) {
1075 trace_qxl_client_monitors_config_unsupported_by_device(qxl->id,
1076 qxl->revision);
1077 return 0;
1078 }
1079
1080
1081
1082
1083
1084
1085 if (qxl->ram->int_mask == 0 || qxl->ram->int_mask == ~0 ||
1086 !(qxl->ram->int_mask & QXL_INTERRUPT_CLIENT_MONITORS_CONFIG)) {
1087 trace_qxl_client_monitors_config_unsupported_by_guest(qxl->id,
1088 qxl->ram->int_mask,
1089 monitors_config);
1090 return 0;
1091 }
1092 if (!monitors_config) {
1093 return 1;
1094 }
1095
1096#if SPICE_SERVER_VERSION >= 0x000c06
1097
1098 if (qxl->max_outputs && qxl->max_outputs <= max_outputs) {
1099 max_outputs = qxl->max_outputs;
1100 }
1101#endif
1102
1103 config_changed = qxl_rom_monitors_config_changed(rom,
1104 monitors_config,
1105 max_outputs);
1106
1107 memset(&rom->client_monitors_config, 0,
1108 sizeof(rom->client_monitors_config));
1109 rom->client_monitors_config.count = monitors_config->num_of_monitors;
1110
1111 if (rom->client_monitors_config.count >= max_outputs) {
1112 trace_qxl_client_monitors_config_capped(qxl->id,
1113 monitors_config->num_of_monitors,
1114 max_outputs);
1115 rom->client_monitors_config.count = max_outputs;
1116 }
1117 for (i = 0 ; i < rom->client_monitors_config.count ; ++i) {
1118 VDAgentMonConfig *monitor = &monitors_config->monitors[i];
1119 QXLURect *rect = &rom->client_monitors_config.heads[i];
1120
1121 rect->left = monitor->x;
1122 rect->top = monitor->y;
1123 rect->right = monitor->x + monitor->width;
1124 rect->bottom = monitor->y + monitor->height;
1125 }
1126 rom->client_monitors_config_crc = qxl_crc32(
1127 (const uint8_t *)&rom->client_monitors_config,
1128 sizeof(rom->client_monitors_config));
1129 trace_qxl_client_monitors_config_crc(qxl->id,
1130 sizeof(rom->client_monitors_config),
1131 rom->client_monitors_config_crc);
1132
1133 trace_qxl_interrupt_client_monitors_config(qxl->id,
1134 rom->client_monitors_config.count,
1135 rom->client_monitors_config.heads);
1136 if (config_changed) {
1137 qxl_send_events(qxl, QXL_INTERRUPT_CLIENT_MONITORS_CONFIG);
1138 }
1139 return 1;
1140}
1141
1142static const QXLInterface qxl_interface = {
1143 .base.type = SPICE_INTERFACE_QXL,
1144 .base.description = "qxl gpu",
1145 .base.major_version = SPICE_INTERFACE_QXL_MAJOR,
1146 .base.minor_version = SPICE_INTERFACE_QXL_MINOR,
1147
1148 .attache_worker = interface_attach_worker,
1149 .set_compression_level = interface_set_compression_level,
1150#if SPICE_NEEDS_SET_MM_TIME
1151 .set_mm_time = interface_set_mm_time,
1152#endif
1153 .get_init_info = interface_get_init_info,
1154
1155
1156 .get_command = interface_get_command,
1157 .req_cmd_notification = interface_req_cmd_notification,
1158 .release_resource = interface_release_resource,
1159 .get_cursor_command = interface_get_cursor_command,
1160 .req_cursor_notification = interface_req_cursor_notification,
1161 .notify_update = interface_notify_update,
1162 .flush_resources = interface_flush_resources,
1163 .async_complete = interface_async_complete,
1164 .update_area_complete = interface_update_area_complete,
1165 .set_client_capabilities = interface_set_client_capabilities,
1166 .client_monitors_config = interface_client_monitors_config,
1167};
1168
1169static const GraphicHwOps qxl_ops = {
1170 .gfx_update = qxl_hw_update,
1171};
1172
1173static void qxl_enter_vga_mode(PCIQXLDevice *d)
1174{
1175 if (d->mode == QXL_MODE_VGA) {
1176 return;
1177 }
1178 trace_qxl_enter_vga_mode(d->id);
1179#if SPICE_SERVER_VERSION >= 0x000c03
1180 spice_qxl_driver_unload(&d->ssd.qxl);
1181#endif
1182 graphic_console_set_hwops(d->ssd.dcl.con, d->vga.hw_ops, &d->vga);
1183 update_displaychangelistener(&d->ssd.dcl, GUI_REFRESH_INTERVAL_DEFAULT);
1184 qemu_spice_create_host_primary(&d->ssd);
1185 d->mode = QXL_MODE_VGA;
1186 qemu_spice_display_switch(&d->ssd, d->ssd.ds);
1187 vga_dirty_log_start(&d->vga);
1188 graphic_hw_update(d->vga.con);
1189}
1190
1191static void qxl_exit_vga_mode(PCIQXLDevice *d)
1192{
1193 if (d->mode != QXL_MODE_VGA) {
1194 return;
1195 }
1196 trace_qxl_exit_vga_mode(d->id);
1197 graphic_console_set_hwops(d->ssd.dcl.con, &qxl_ops, d);
1198 update_displaychangelistener(&d->ssd.dcl, GUI_REFRESH_INTERVAL_IDLE);
1199 vga_dirty_log_stop(&d->vga);
1200 qxl_destroy_primary(d, QXL_SYNC);
1201}
1202
1203static void qxl_update_irq(PCIQXLDevice *d)
1204{
1205 uint32_t pending = le32_to_cpu(d->ram->int_pending);
1206 uint32_t mask = le32_to_cpu(d->ram->int_mask);
1207 int level = !!(pending & mask);
1208 pci_set_irq(&d->pci, level);
1209 qxl_ring_set_dirty(d);
1210}
1211
1212static void qxl_check_state(PCIQXLDevice *d)
1213{
1214 QXLRam *ram = d->ram;
1215 int spice_display_running = qemu_spice_display_is_running(&d->ssd);
1216
1217 assert(!spice_display_running || SPICE_RING_IS_EMPTY(&ram->cmd_ring));
1218 assert(!spice_display_running || SPICE_RING_IS_EMPTY(&ram->cursor_ring));
1219}
1220
1221static void qxl_reset_state(PCIQXLDevice *d)
1222{
1223 QXLRom *rom = d->rom;
1224
1225 qxl_check_state(d);
1226 d->shadow_rom.update_id = cpu_to_le32(0);
1227 *rom = d->shadow_rom;
1228 qxl_rom_set_dirty(d);
1229 init_qxl_ram(d);
1230 d->num_free_res = 0;
1231 d->last_release = NULL;
1232 memset(&d->ssd.dirty, 0, sizeof(d->ssd.dirty));
1233 qxl_update_irq(d);
1234}
1235
1236static void qxl_soft_reset(PCIQXLDevice *d)
1237{
1238 trace_qxl_soft_reset(d->id);
1239 qxl_check_state(d);
1240 qxl_clear_guest_bug(d);
1241 qemu_mutex_lock(&d->async_lock);
1242 d->current_async = QXL_UNDEFINED_IO;
1243 qemu_mutex_unlock(&d->async_lock);
1244
1245 if (d->id == 0) {
1246 qxl_enter_vga_mode(d);
1247 } else {
1248 d->mode = QXL_MODE_UNDEFINED;
1249 }
1250}
1251
1252static void qxl_hard_reset(PCIQXLDevice *d, int loadvm)
1253{
1254 bool startstop = qemu_spice_display_is_running(&d->ssd);
1255
1256 trace_qxl_hard_reset(d->id, loadvm);
1257
1258 if (startstop) {
1259 qemu_spice_display_stop();
1260 }
1261
1262 qxl_spice_reset_cursor(d);
1263 qxl_spice_reset_image_cache(d);
1264 qxl_reset_surfaces(d);
1265 qxl_reset_memslots(d);
1266
1267
1268
1269
1270 if (!loadvm) {
1271 qxl_reset_state(d);
1272 }
1273 qemu_spice_create_host_memslot(&d->ssd);
1274 qxl_soft_reset(d);
1275
1276 if (d->migration_blocker) {
1277 migrate_del_blocker(d->migration_blocker);
1278 error_free(d->migration_blocker);
1279 d->migration_blocker = NULL;
1280 }
1281
1282 if (startstop) {
1283 qemu_spice_display_start();
1284 }
1285}
1286
1287static void qxl_reset_handler(DeviceState *dev)
1288{
1289 PCIQXLDevice *d = PCI_QXL(PCI_DEVICE(dev));
1290
1291 qxl_hard_reset(d, 0);
1292}
1293
1294static void qxl_vga_ioport_write(void *opaque, uint32_t addr, uint32_t val)
1295{
1296 VGACommonState *vga = opaque;
1297 PCIQXLDevice *qxl = container_of(vga, PCIQXLDevice, vga);
1298
1299 trace_qxl_io_write_vga(qxl->id, qxl_mode_to_string(qxl->mode), addr, val);
1300 if (qxl->mode != QXL_MODE_VGA) {
1301 qxl_destroy_primary(qxl, QXL_SYNC);
1302 qxl_soft_reset(qxl);
1303 }
1304 vga_ioport_write(opaque, addr, val);
1305}
1306
1307static const MemoryRegionPortio qxl_vga_portio_list[] = {
1308 { 0x04, 2, 1, .read = vga_ioport_read,
1309 .write = qxl_vga_ioport_write },
1310 { 0x0a, 1, 1, .read = vga_ioport_read,
1311 .write = qxl_vga_ioport_write },
1312 { 0x10, 16, 1, .read = vga_ioport_read,
1313 .write = qxl_vga_ioport_write },
1314 { 0x24, 2, 1, .read = vga_ioport_read,
1315 .write = qxl_vga_ioport_write },
1316 { 0x2a, 1, 1, .read = vga_ioport_read,
1317 .write = qxl_vga_ioport_write },
1318 PORTIO_END_OF_LIST(),
1319};
1320
1321static int qxl_add_memslot(PCIQXLDevice *d, uint32_t slot_id, uint64_t delta,
1322 qxl_async_io async)
1323{
1324 static const int regions[] = {
1325 QXL_RAM_RANGE_INDEX,
1326 QXL_VRAM_RANGE_INDEX,
1327 QXL_VRAM64_RANGE_INDEX,
1328 };
1329 uint64_t guest_start;
1330 uint64_t guest_end;
1331 int pci_region;
1332 pcibus_t pci_start;
1333 pcibus_t pci_end;
1334 MemoryRegion *mr;
1335 intptr_t virt_start;
1336 QXLDevMemSlot memslot;
1337 int i;
1338
1339 guest_start = le64_to_cpu(d->guest_slots[slot_id].slot.mem_start);
1340 guest_end = le64_to_cpu(d->guest_slots[slot_id].slot.mem_end);
1341
1342 trace_qxl_memslot_add_guest(d->id, slot_id, guest_start, guest_end);
1343
1344 if (slot_id >= NUM_MEMSLOTS) {
1345 qxl_set_guest_bug(d, "%s: slot_id >= NUM_MEMSLOTS %d >= %d", __func__,
1346 slot_id, NUM_MEMSLOTS);
1347 return 1;
1348 }
1349 if (guest_start > guest_end) {
1350 qxl_set_guest_bug(d, "%s: guest_start > guest_end 0x%" PRIx64
1351 " > 0x%" PRIx64, __func__, guest_start, guest_end);
1352 return 1;
1353 }
1354
1355 for (i = 0; i < ARRAY_SIZE(regions); i++) {
1356 pci_region = regions[i];
1357 pci_start = d->pci.io_regions[pci_region].addr;
1358 pci_end = pci_start + d->pci.io_regions[pci_region].size;
1359
1360 if (pci_start == -1) {
1361 continue;
1362 }
1363
1364 if (guest_start < pci_start || guest_start > pci_end) {
1365 continue;
1366 }
1367
1368 if (guest_end > pci_end) {
1369 continue;
1370 }
1371
1372 break;
1373 }
1374 if (i == ARRAY_SIZE(regions)) {
1375 qxl_set_guest_bug(d, "%s: finished loop without match", __func__);
1376 return 1;
1377 }
1378
1379 switch (pci_region) {
1380 case QXL_RAM_RANGE_INDEX:
1381 mr = &d->vga.vram;
1382 break;
1383 case QXL_VRAM_RANGE_INDEX:
1384 case 4 :
1385 mr = &d->vram_bar;
1386 break;
1387 default:
1388
1389 qxl_set_guest_bug(d, "%s: pci_region = %d", __func__, pci_region);
1390 return 1;
1391 }
1392
1393 virt_start = (intptr_t)memory_region_get_ram_ptr(mr);
1394 memslot.slot_id = slot_id;
1395 memslot.slot_group_id = MEMSLOT_GROUP_GUEST;
1396 memslot.virt_start = virt_start + (guest_start - pci_start);
1397 memslot.virt_end = virt_start + (guest_end - pci_start);
1398 memslot.addr_delta = memslot.virt_start - delta;
1399 memslot.generation = d->rom->slot_generation = 0;
1400 qxl_rom_set_dirty(d);
1401
1402 qemu_spice_add_memslot(&d->ssd, &memslot, async);
1403 d->guest_slots[slot_id].mr = mr;
1404 d->guest_slots[slot_id].offset = memslot.virt_start - virt_start;
1405 d->guest_slots[slot_id].size = memslot.virt_end - memslot.virt_start;
1406 d->guest_slots[slot_id].delta = delta;
1407 d->guest_slots[slot_id].active = 1;
1408 return 0;
1409}
1410
1411static void qxl_del_memslot(PCIQXLDevice *d, uint32_t slot_id)
1412{
1413 qemu_spice_del_memslot(&d->ssd, MEMSLOT_GROUP_HOST, slot_id);
1414 d->guest_slots[slot_id].active = 0;
1415}
1416
1417static void qxl_reset_memslots(PCIQXLDevice *d)
1418{
1419 qxl_spice_reset_memslots(d);
1420 memset(&d->guest_slots, 0, sizeof(d->guest_slots));
1421}
1422
1423static void qxl_reset_surfaces(PCIQXLDevice *d)
1424{
1425 trace_qxl_reset_surfaces(d->id);
1426 d->mode = QXL_MODE_UNDEFINED;
1427 qxl_spice_destroy_surfaces(d, QXL_SYNC);
1428}
1429
1430
1431static bool qxl_get_check_slot_offset(PCIQXLDevice *qxl, QXLPHYSICAL pqxl,
1432 uint32_t *s, uint64_t *o)
1433{
1434 uint64_t phys = le64_to_cpu(pqxl);
1435 uint32_t slot = (phys >> (64 - 8)) & 0xff;
1436 uint64_t offset = phys & 0xffffffffffff;
1437
1438 if (slot >= NUM_MEMSLOTS) {
1439 qxl_set_guest_bug(qxl, "slot too large %d >= %d", slot,
1440 NUM_MEMSLOTS);
1441 return false;
1442 }
1443 if (!qxl->guest_slots[slot].active) {
1444 qxl_set_guest_bug(qxl, "inactive slot %d\n", slot);
1445 return false;
1446 }
1447 if (offset < qxl->guest_slots[slot].delta) {
1448 qxl_set_guest_bug(qxl,
1449 "slot %d offset %"PRIu64" < delta %"PRIu64"\n",
1450 slot, offset, qxl->guest_slots[slot].delta);
1451 return false;
1452 }
1453 offset -= qxl->guest_slots[slot].delta;
1454 if (offset > qxl->guest_slots[slot].size) {
1455 qxl_set_guest_bug(qxl,
1456 "slot %d offset %"PRIu64" > size %"PRIu64"\n",
1457 slot, offset, qxl->guest_slots[slot].size);
1458 return false;
1459 }
1460
1461 *s = slot;
1462 *o = offset;
1463 return true;
1464}
1465
1466
1467void *qxl_phys2virt(PCIQXLDevice *qxl, QXLPHYSICAL pqxl, int group_id)
1468{
1469 uint64_t offset;
1470 uint32_t slot;
1471 void *ptr;
1472
1473 switch (group_id) {
1474 case MEMSLOT_GROUP_HOST:
1475 offset = le64_to_cpu(pqxl) & 0xffffffffffff;
1476 return (void *)(intptr_t)offset;
1477 case MEMSLOT_GROUP_GUEST:
1478 if (!qxl_get_check_slot_offset(qxl, pqxl, &slot, &offset)) {
1479 return NULL;
1480 }
1481 ptr = memory_region_get_ram_ptr(qxl->guest_slots[slot].mr);
1482 ptr += qxl->guest_slots[slot].offset;
1483 ptr += offset;
1484 return ptr;
1485 }
1486 return NULL;
1487}
1488
1489static void qxl_create_guest_primary_complete(PCIQXLDevice *qxl)
1490{
1491
1492 qxl_render_resize(qxl);
1493}
1494
1495static void qxl_create_guest_primary(PCIQXLDevice *qxl, int loadvm,
1496 qxl_async_io async)
1497{
1498 QXLDevSurfaceCreate surface;
1499 QXLSurfaceCreate *sc = &qxl->guest_primary.surface;
1500 uint32_t requested_height = le32_to_cpu(sc->height);
1501 int requested_stride = le32_to_cpu(sc->stride);
1502
1503 if (requested_stride == INT32_MIN ||
1504 abs(requested_stride) * (uint64_t)requested_height
1505 > qxl->vgamem_size) {
1506 qxl_set_guest_bug(qxl, "%s: requested primary larger than framebuffer"
1507 " stride %d x height %" PRIu32 " > %" PRIu32,
1508 __func__, requested_stride, requested_height,
1509 qxl->vgamem_size);
1510 return;
1511 }
1512
1513 if (qxl->mode == QXL_MODE_NATIVE) {
1514 qxl_set_guest_bug(qxl, "%s: nop since already in QXL_MODE_NATIVE",
1515 __func__);
1516 }
1517 qxl_exit_vga_mode(qxl);
1518
1519 surface.format = le32_to_cpu(sc->format);
1520 surface.height = le32_to_cpu(sc->height);
1521 surface.mem = le64_to_cpu(sc->mem);
1522 surface.position = le32_to_cpu(sc->position);
1523 surface.stride = le32_to_cpu(sc->stride);
1524 surface.width = le32_to_cpu(sc->width);
1525 surface.type = le32_to_cpu(sc->type);
1526 surface.flags = le32_to_cpu(sc->flags);
1527 trace_qxl_create_guest_primary(qxl->id, sc->width, sc->height, sc->mem,
1528 sc->format, sc->position);
1529 trace_qxl_create_guest_primary_rest(qxl->id, sc->stride, sc->type,
1530 sc->flags);
1531
1532 if ((surface.stride & 0x3) != 0) {
1533 qxl_set_guest_bug(qxl, "primary surface stride = %d %% 4 != 0",
1534 surface.stride);
1535 return;
1536 }
1537
1538 surface.mouse_mode = true;
1539 surface.group_id = MEMSLOT_GROUP_GUEST;
1540 if (loadvm) {
1541 surface.flags |= QXL_SURF_FLAG_KEEP_DATA;
1542 }
1543
1544 qxl->mode = QXL_MODE_NATIVE;
1545 qxl->cmdflags = 0;
1546 qemu_spice_create_primary_surface(&qxl->ssd, 0, &surface, async);
1547
1548 if (async == QXL_SYNC) {
1549 qxl_create_guest_primary_complete(qxl);
1550 }
1551}
1552
1553
1554
1555static int qxl_destroy_primary(PCIQXLDevice *d, qxl_async_io async)
1556{
1557 if (d->mode == QXL_MODE_UNDEFINED) {
1558 return 0;
1559 }
1560 trace_qxl_destroy_primary(d->id);
1561 d->mode = QXL_MODE_UNDEFINED;
1562 qemu_spice_destroy_primary_surface(&d->ssd, 0, async);
1563 qxl_spice_reset_cursor(d);
1564 return 1;
1565}
1566
1567static void qxl_set_mode(PCIQXLDevice *d, unsigned int modenr, int loadvm)
1568{
1569 pcibus_t start = d->pci.io_regions[QXL_RAM_RANGE_INDEX].addr;
1570 pcibus_t end = d->pci.io_regions[QXL_RAM_RANGE_INDEX].size + start;
1571 QXLMode *mode = d->modes->modes + modenr;
1572 uint64_t devmem = d->pci.io_regions[QXL_RAM_RANGE_INDEX].addr;
1573 QXLMemSlot slot = {
1574 .mem_start = start,
1575 .mem_end = end
1576 };
1577
1578 if (modenr >= d->modes->n_modes) {
1579 qxl_set_guest_bug(d, "mode number out of range");
1580 return;
1581 }
1582
1583 QXLSurfaceCreate surface = {
1584 .width = mode->x_res,
1585 .height = mode->y_res,
1586 .stride = -mode->x_res * 4,
1587 .format = SPICE_SURFACE_FMT_32_xRGB,
1588 .flags = loadvm ? QXL_SURF_FLAG_KEEP_DATA : 0,
1589 .mouse_mode = true,
1590 .mem = devmem + d->shadow_rom.draw_area_offset,
1591 };
1592
1593 trace_qxl_set_mode(d->id, modenr, mode->x_res, mode->y_res, mode->bits,
1594 devmem);
1595 if (!loadvm) {
1596 qxl_hard_reset(d, 0);
1597 }
1598
1599 d->guest_slots[0].slot = slot;
1600 assert(qxl_add_memslot(d, 0, devmem, QXL_SYNC) == 0);
1601
1602 d->guest_primary.surface = surface;
1603 qxl_create_guest_primary(d, 0, QXL_SYNC);
1604
1605 d->mode = QXL_MODE_COMPAT;
1606 d->cmdflags = QXL_COMMAND_FLAG_COMPAT;
1607 if (mode->bits == 16) {
1608 d->cmdflags |= QXL_COMMAND_FLAG_COMPAT_16BPP;
1609 }
1610 d->shadow_rom.mode = cpu_to_le32(modenr);
1611 d->rom->mode = cpu_to_le32(modenr);
1612 qxl_rom_set_dirty(d);
1613}
1614
1615static void ioport_write(void *opaque, hwaddr addr,
1616 uint64_t val, unsigned size)
1617{
1618 PCIQXLDevice *d = opaque;
1619 uint32_t io_port = addr;
1620 qxl_async_io async = QXL_SYNC;
1621 uint32_t orig_io_port = io_port;
1622
1623 if (d->guest_bug && io_port != QXL_IO_RESET) {
1624 return;
1625 }
1626
1627 if (d->revision <= QXL_REVISION_STABLE_V10 &&
1628 io_port > QXL_IO_FLUSH_RELEASE) {
1629 qxl_set_guest_bug(d, "unsupported io %d for revision %d\n",
1630 io_port, d->revision);
1631 return;
1632 }
1633
1634 switch (io_port) {
1635 case QXL_IO_RESET:
1636 case QXL_IO_SET_MODE:
1637 case QXL_IO_MEMSLOT_ADD:
1638 case QXL_IO_MEMSLOT_DEL:
1639 case QXL_IO_CREATE_PRIMARY:
1640 case QXL_IO_UPDATE_IRQ:
1641 case QXL_IO_LOG:
1642 case QXL_IO_MEMSLOT_ADD_ASYNC:
1643 case QXL_IO_CREATE_PRIMARY_ASYNC:
1644 break;
1645 default:
1646 if (d->mode != QXL_MODE_VGA) {
1647 break;
1648 }
1649 trace_qxl_io_unexpected_vga_mode(d->id,
1650 addr, val, io_port_to_string(io_port));
1651
1652 if (io_port >= QXL_IO_UPDATE_AREA_ASYNC &&
1653 io_port < QXL_IO_RANGE_SIZE) {
1654 qxl_send_events(d, QXL_INTERRUPT_IO_CMD);
1655 }
1656 return;
1657 }
1658
1659
1660 orig_io_port = io_port;
1661 switch (io_port) {
1662 case QXL_IO_UPDATE_AREA_ASYNC:
1663 io_port = QXL_IO_UPDATE_AREA;
1664 goto async_common;
1665 case QXL_IO_MEMSLOT_ADD_ASYNC:
1666 io_port = QXL_IO_MEMSLOT_ADD;
1667 goto async_common;
1668 case QXL_IO_CREATE_PRIMARY_ASYNC:
1669 io_port = QXL_IO_CREATE_PRIMARY;
1670 goto async_common;
1671 case QXL_IO_DESTROY_PRIMARY_ASYNC:
1672 io_port = QXL_IO_DESTROY_PRIMARY;
1673 goto async_common;
1674 case QXL_IO_DESTROY_SURFACE_ASYNC:
1675 io_port = QXL_IO_DESTROY_SURFACE_WAIT;
1676 goto async_common;
1677 case QXL_IO_DESTROY_ALL_SURFACES_ASYNC:
1678 io_port = QXL_IO_DESTROY_ALL_SURFACES;
1679 goto async_common;
1680 case QXL_IO_FLUSH_SURFACES_ASYNC:
1681 case QXL_IO_MONITORS_CONFIG_ASYNC:
1682async_common:
1683 async = QXL_ASYNC;
1684 qemu_mutex_lock(&d->async_lock);
1685 if (d->current_async != QXL_UNDEFINED_IO) {
1686 qxl_set_guest_bug(d, "%d async started before last (%d) complete",
1687 io_port, d->current_async);
1688 qemu_mutex_unlock(&d->async_lock);
1689 return;
1690 }
1691 d->current_async = orig_io_port;
1692 qemu_mutex_unlock(&d->async_lock);
1693 break;
1694 default:
1695 break;
1696 }
1697 trace_qxl_io_write(d->id, qxl_mode_to_string(d->mode),
1698 addr, io_port_to_string(addr),
1699 val, size, async);
1700
1701 switch (io_port) {
1702 case QXL_IO_UPDATE_AREA:
1703 {
1704 QXLCookie *cookie = NULL;
1705 QXLRect update = d->ram->update_area;
1706
1707 if (d->ram->update_surface > d->ssd.num_surfaces) {
1708 qxl_set_guest_bug(d, "QXL_IO_UPDATE_AREA: invalid surface id %d\n",
1709 d->ram->update_surface);
1710 break;
1711 }
1712 if (update.left >= update.right || update.top >= update.bottom ||
1713 update.left < 0 || update.top < 0) {
1714 qxl_set_guest_bug(d,
1715 "QXL_IO_UPDATE_AREA: invalid area (%ux%u)x(%ux%u)\n",
1716 update.left, update.top, update.right, update.bottom);
1717 if (update.left == update.right || update.top == update.bottom) {
1718
1719 qxl_clear_guest_bug(d);
1720 goto cancel_async;
1721 }
1722 break;
1723 }
1724 if (async == QXL_ASYNC) {
1725 cookie = qxl_cookie_new(QXL_COOKIE_TYPE_IO,
1726 QXL_IO_UPDATE_AREA_ASYNC);
1727 cookie->u.area = update;
1728 }
1729 qxl_spice_update_area(d, d->ram->update_surface,
1730 cookie ? &cookie->u.area : &update,
1731 NULL, 0, 0, async, cookie);
1732 break;
1733 }
1734 case QXL_IO_NOTIFY_CMD:
1735 qemu_spice_wakeup(&d->ssd);
1736 break;
1737 case QXL_IO_NOTIFY_CURSOR:
1738 qemu_spice_wakeup(&d->ssd);
1739 break;
1740 case QXL_IO_UPDATE_IRQ:
1741 qxl_update_irq(d);
1742 break;
1743 case QXL_IO_NOTIFY_OOM:
1744 if (!SPICE_RING_IS_EMPTY(&d->ram->release_ring)) {
1745 break;
1746 }
1747 d->oom_running = 1;
1748 qxl_spice_oom(d);
1749 d->oom_running = 0;
1750 break;
1751 case QXL_IO_SET_MODE:
1752 qxl_set_mode(d, val, 0);
1753 break;
1754 case QXL_IO_LOG:
1755 trace_qxl_io_log(d->id, d->ram->log_buf);
1756 if (d->guestdebug) {
1757 fprintf(stderr, "qxl/guest-%d: %" PRId64 ": %s", d->id,
1758 qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL), d->ram->log_buf);
1759 }
1760 break;
1761 case QXL_IO_RESET:
1762 qxl_hard_reset(d, 0);
1763 break;
1764 case QXL_IO_MEMSLOT_ADD:
1765 if (val >= NUM_MEMSLOTS) {
1766 qxl_set_guest_bug(d, "QXL_IO_MEMSLOT_ADD: val out of range");
1767 break;
1768 }
1769 if (d->guest_slots[val].active) {
1770 qxl_set_guest_bug(d,
1771 "QXL_IO_MEMSLOT_ADD: memory slot already active");
1772 break;
1773 }
1774 d->guest_slots[val].slot = d->ram->mem_slot;
1775 qxl_add_memslot(d, val, 0, async);
1776 break;
1777 case QXL_IO_MEMSLOT_DEL:
1778 if (val >= NUM_MEMSLOTS) {
1779 qxl_set_guest_bug(d, "QXL_IO_MEMSLOT_DEL: val out of range");
1780 break;
1781 }
1782 qxl_del_memslot(d, val);
1783 break;
1784 case QXL_IO_CREATE_PRIMARY:
1785 if (val != 0) {
1786 qxl_set_guest_bug(d, "QXL_IO_CREATE_PRIMARY (async=%d): val != 0",
1787 async);
1788 goto cancel_async;
1789 }
1790 d->guest_primary.surface = d->ram->create_surface;
1791 qxl_create_guest_primary(d, 0, async);
1792 break;
1793 case QXL_IO_DESTROY_PRIMARY:
1794 if (val != 0) {
1795 qxl_set_guest_bug(d, "QXL_IO_DESTROY_PRIMARY (async=%d): val != 0",
1796 async);
1797 goto cancel_async;
1798 }
1799 if (!qxl_destroy_primary(d, async)) {
1800 trace_qxl_io_destroy_primary_ignored(d->id,
1801 qxl_mode_to_string(d->mode));
1802 goto cancel_async;
1803 }
1804 break;
1805 case QXL_IO_DESTROY_SURFACE_WAIT:
1806 if (val >= d->ssd.num_surfaces) {
1807 qxl_set_guest_bug(d, "QXL_IO_DESTROY_SURFACE (async=%d):"
1808 "%" PRIu64 " >= NUM_SURFACES", async, val);
1809 goto cancel_async;
1810 }
1811 qxl_spice_destroy_surface_wait(d, val, async);
1812 break;
1813 case QXL_IO_FLUSH_RELEASE: {
1814 QXLReleaseRing *ring = &d->ram->release_ring;
1815 if (ring->prod - ring->cons + 1 == ring->num_items) {
1816 fprintf(stderr,
1817 "ERROR: no flush, full release ring [p%d,%dc]\n",
1818 ring->prod, ring->cons);
1819 }
1820 qxl_push_free_res(d, 1 );
1821 break;
1822 }
1823 case QXL_IO_FLUSH_SURFACES_ASYNC:
1824 qxl_spice_flush_surfaces_async(d);
1825 break;
1826 case QXL_IO_DESTROY_ALL_SURFACES:
1827 d->mode = QXL_MODE_UNDEFINED;
1828 qxl_spice_destroy_surfaces(d, async);
1829 break;
1830 case QXL_IO_MONITORS_CONFIG_ASYNC:
1831 qxl_spice_monitors_config_async(d, 0);
1832 break;
1833 default:
1834 qxl_set_guest_bug(d, "%s: unexpected ioport=0x%x\n", __func__, io_port);
1835 }
1836 return;
1837cancel_async:
1838 if (async) {
1839 qxl_send_events(d, QXL_INTERRUPT_IO_CMD);
1840 qemu_mutex_lock(&d->async_lock);
1841 d->current_async = QXL_UNDEFINED_IO;
1842 qemu_mutex_unlock(&d->async_lock);
1843 }
1844}
1845
1846static uint64_t ioport_read(void *opaque, hwaddr addr,
1847 unsigned size)
1848{
1849 PCIQXLDevice *qxl = opaque;
1850
1851 trace_qxl_io_read_unexpected(qxl->id);
1852 return 0xff;
1853}
1854
1855static const MemoryRegionOps qxl_io_ops = {
1856 .read = ioport_read,
1857 .write = ioport_write,
1858 .valid = {
1859 .min_access_size = 1,
1860 .max_access_size = 1,
1861 },
1862};
1863
1864static void qxl_update_irq_bh(void *opaque)
1865{
1866 PCIQXLDevice *d = opaque;
1867 qxl_update_irq(d);
1868}
1869
1870static void qxl_send_events(PCIQXLDevice *d, uint32_t events)
1871{
1872 uint32_t old_pending;
1873 uint32_t le_events = cpu_to_le32(events);
1874
1875 trace_qxl_send_events(d->id, events);
1876 if (!qemu_spice_display_is_running(&d->ssd)) {
1877
1878 fprintf(stderr, "%s: spice-server bug: guest stopped, ignoring\n",
1879 __func__);
1880 trace_qxl_send_events_vm_stopped(d->id, events);
1881 return;
1882 }
1883 old_pending = atomic_fetch_or(&d->ram->int_pending, le_events);
1884 if ((old_pending & le_events) == le_events) {
1885 return;
1886 }
1887 qemu_bh_schedule(d->update_irq);
1888}
1889
1890
1891
1892static void qxl_hw_update(void *opaque)
1893{
1894 PCIQXLDevice *qxl = opaque;
1895
1896 qxl_render_update(qxl);
1897}
1898
1899static void qxl_dirty_one_surface(PCIQXLDevice *qxl, QXLPHYSICAL pqxl,
1900 uint32_t height, int32_t stride)
1901{
1902 uint64_t offset, size;
1903 uint32_t slot;
1904 bool rc;
1905
1906 rc = qxl_get_check_slot_offset(qxl, pqxl, &slot, &offset);
1907 assert(rc == true);
1908 size = (uint64_t)height * abs(stride);
1909 trace_qxl_surfaces_dirty(qxl->id, offset, size);
1910 qxl_set_dirty(qxl->guest_slots[slot].mr,
1911 qxl->guest_slots[slot].offset + offset,
1912 qxl->guest_slots[slot].offset + offset + size);
1913}
1914
1915static void qxl_dirty_surfaces(PCIQXLDevice *qxl)
1916{
1917 int i;
1918
1919 if (qxl->mode != QXL_MODE_NATIVE && qxl->mode != QXL_MODE_COMPAT) {
1920 return;
1921 }
1922
1923
1924 qxl_dirty_one_surface(qxl, qxl->guest_primary.surface.mem,
1925 qxl->guest_primary.surface.height,
1926 qxl->guest_primary.surface.stride);
1927
1928
1929 for (i = 0; i < qxl->ssd.num_surfaces; i++) {
1930 QXLSurfaceCmd *cmd;
1931
1932 if (qxl->guest_surfaces.cmds[i] == 0) {
1933 continue;
1934 }
1935
1936 cmd = qxl_phys2virt(qxl, qxl->guest_surfaces.cmds[i],
1937 MEMSLOT_GROUP_GUEST);
1938 assert(cmd);
1939 assert(cmd->type == QXL_SURFACE_CMD_CREATE);
1940 qxl_dirty_one_surface(qxl, cmd->u.surface_create.data,
1941 cmd->u.surface_create.height,
1942 cmd->u.surface_create.stride);
1943 }
1944}
1945
1946static void qxl_vm_change_state_handler(void *opaque, int running,
1947 RunState state)
1948{
1949 PCIQXLDevice *qxl = opaque;
1950
1951 if (running) {
1952
1953
1954
1955
1956
1957 qxl_update_irq(qxl);
1958 } else {
1959
1960 qxl_dirty_surfaces(qxl);
1961 }
1962}
1963
1964
1965
1966static void display_update(DisplayChangeListener *dcl,
1967 int x, int y, int w, int h)
1968{
1969 PCIQXLDevice *qxl = container_of(dcl, PCIQXLDevice, ssd.dcl);
1970
1971 if (qxl->mode == QXL_MODE_VGA) {
1972 qemu_spice_display_update(&qxl->ssd, x, y, w, h);
1973 }
1974}
1975
1976static void display_switch(DisplayChangeListener *dcl,
1977 struct DisplaySurface *surface)
1978{
1979 PCIQXLDevice *qxl = container_of(dcl, PCIQXLDevice, ssd.dcl);
1980
1981 qxl->ssd.ds = surface;
1982 if (qxl->mode == QXL_MODE_VGA) {
1983 qemu_spice_display_switch(&qxl->ssd, surface);
1984 }
1985}
1986
1987static void display_refresh(DisplayChangeListener *dcl)
1988{
1989 PCIQXLDevice *qxl = container_of(dcl, PCIQXLDevice, ssd.dcl);
1990
1991 if (qxl->mode == QXL_MODE_VGA) {
1992 qemu_spice_display_refresh(&qxl->ssd);
1993 }
1994}
1995
1996static DisplayChangeListenerOps display_listener_ops = {
1997 .dpy_name = "spice/qxl",
1998 .dpy_gfx_update = display_update,
1999 .dpy_gfx_switch = display_switch,
2000 .dpy_refresh = display_refresh,
2001};
2002
2003static void qxl_init_ramsize(PCIQXLDevice *qxl)
2004{
2005
2006 if (qxl->vgamem_size_mb < 8) {
2007 qxl->vgamem_size_mb = 8;
2008 }
2009
2010
2011
2012 if (qxl->vgamem_size_mb > 256) {
2013 qxl->vgamem_size_mb = 256;
2014 }
2015 qxl->vgamem_size = qxl->vgamem_size_mb * 1024 * 1024;
2016
2017
2018 if (qxl->ram_size_mb != -1) {
2019 qxl->vga.vram_size = qxl->ram_size_mb * 1024 * 1024;
2020 }
2021 if (qxl->vga.vram_size < qxl->vgamem_size * 2) {
2022 qxl->vga.vram_size = qxl->vgamem_size * 2;
2023 }
2024
2025
2026 if (qxl->vram32_size_mb != -1) {
2027 qxl->vram32_size = qxl->vram32_size_mb * 1024 * 1024;
2028 }
2029 if (qxl->vram32_size < 4096) {
2030 qxl->vram32_size = 4096;
2031 }
2032
2033
2034 if (qxl->vram_size_mb != -1) {
2035 qxl->vram_size = (uint64_t)qxl->vram_size_mb * 1024 * 1024;
2036 }
2037 if (qxl->vram_size < qxl->vram32_size) {
2038 qxl->vram_size = qxl->vram32_size;
2039 }
2040
2041 if (qxl->revision == 1) {
2042 qxl->vram32_size = 4096;
2043 qxl->vram_size = 4096;
2044 }
2045 qxl->vgamem_size = pow2ceil(qxl->vgamem_size);
2046 qxl->vga.vram_size = pow2ceil(qxl->vga.vram_size);
2047 qxl->vram32_size = pow2ceil(qxl->vram32_size);
2048 qxl->vram_size = pow2ceil(qxl->vram_size);
2049}
2050
2051static void qxl_realize_common(PCIQXLDevice *qxl, Error **errp)
2052{
2053 uint8_t* config = qxl->pci.config;
2054 uint32_t pci_device_rev;
2055 uint32_t io_size;
2056
2057 qemu_spice_display_init_common(&qxl->ssd);
2058 qxl->mode = QXL_MODE_UNDEFINED;
2059 qxl->generation = 1;
2060 qxl->num_memslots = NUM_MEMSLOTS;
2061 qemu_mutex_init(&qxl->track_lock);
2062 qemu_mutex_init(&qxl->async_lock);
2063 qxl->current_async = QXL_UNDEFINED_IO;
2064 qxl->guest_bug = 0;
2065
2066 switch (qxl->revision) {
2067 case 1:
2068 pci_device_rev = QXL_REVISION_STABLE_V04;
2069 io_size = 8;
2070 break;
2071 case 2:
2072 pci_device_rev = QXL_REVISION_STABLE_V06;
2073 io_size = 16;
2074 break;
2075 case 3:
2076 pci_device_rev = QXL_REVISION_STABLE_V10;
2077 io_size = 32;
2078 break;
2079 case 4:
2080 pci_device_rev = QXL_REVISION_STABLE_V12;
2081 io_size = pow2ceil(QXL_IO_RANGE_SIZE);
2082 break;
2083 default:
2084 error_setg(errp, "Invalid revision %d for qxl device (max %d)",
2085 qxl->revision, QXL_DEFAULT_REVISION);
2086 return;
2087 }
2088
2089 pci_set_byte(&config[PCI_REVISION_ID], pci_device_rev);
2090 pci_set_byte(&config[PCI_INTERRUPT_PIN], 1);
2091
2092 qxl->rom_size = qxl_rom_size();
2093 memory_region_init_ram(&qxl->rom_bar, OBJECT(qxl), "qxl.vrom",
2094 qxl->rom_size, &error_fatal);
2095 init_qxl_rom(qxl);
2096 init_qxl_ram(qxl);
2097
2098 qxl->guest_surfaces.cmds = g_new0(QXLPHYSICAL, qxl->ssd.num_surfaces);
2099 memory_region_init_ram(&qxl->vram_bar, OBJECT(qxl), "qxl.vram",
2100 qxl->vram_size, &error_fatal);
2101 memory_region_init_alias(&qxl->vram32_bar, OBJECT(qxl), "qxl.vram32",
2102 &qxl->vram_bar, 0, qxl->vram32_size);
2103
2104 memory_region_init_io(&qxl->io_bar, OBJECT(qxl), &qxl_io_ops, qxl,
2105 "qxl-ioports", io_size);
2106 if (qxl->id == 0) {
2107 vga_dirty_log_start(&qxl->vga);
2108 }
2109 memory_region_set_flush_coalesced(&qxl->io_bar);
2110
2111
2112 pci_register_bar(&qxl->pci, QXL_IO_RANGE_INDEX,
2113 PCI_BASE_ADDRESS_SPACE_IO, &qxl->io_bar);
2114
2115 pci_register_bar(&qxl->pci, QXL_ROM_RANGE_INDEX,
2116 PCI_BASE_ADDRESS_SPACE_MEMORY, &qxl->rom_bar);
2117
2118 pci_register_bar(&qxl->pci, QXL_RAM_RANGE_INDEX,
2119 PCI_BASE_ADDRESS_SPACE_MEMORY, &qxl->vga.vram);
2120
2121 pci_register_bar(&qxl->pci, QXL_VRAM_RANGE_INDEX,
2122 PCI_BASE_ADDRESS_SPACE_MEMORY, &qxl->vram32_bar);
2123
2124 if (qxl->vram32_size < qxl->vram_size) {
2125
2126
2127
2128
2129 pci_register_bar(&qxl->pci, QXL_VRAM64_RANGE_INDEX,
2130 PCI_BASE_ADDRESS_SPACE_MEMORY |
2131 PCI_BASE_ADDRESS_MEM_TYPE_64 |
2132 PCI_BASE_ADDRESS_MEM_PREFETCH,
2133 &qxl->vram_bar);
2134 }
2135
2136
2137 dprint(qxl, 1, "ram/%s: %d MB [region 0]\n",
2138 qxl->id == 0 ? "pri" : "sec",
2139 qxl->vga.vram_size / (1024*1024));
2140 dprint(qxl, 1, "vram/32: %" PRIx64 "d MB [region 1]\n",
2141 qxl->vram32_size / (1024*1024));
2142 dprint(qxl, 1, "vram/64: %" PRIx64 "d MB %s\n",
2143 qxl->vram_size / (1024*1024),
2144 qxl->vram32_size < qxl->vram_size ? "[region 4]" : "[unmapped]");
2145
2146 qxl->ssd.qxl.base.sif = &qxl_interface.base;
2147 if (qemu_spice_add_display_interface(&qxl->ssd.qxl, qxl->vga.con) != 0) {
2148 error_setg(errp, "qxl interface %d.%d not supported by spice-server",
2149 SPICE_INTERFACE_QXL_MAJOR, SPICE_INTERFACE_QXL_MINOR);
2150 return;
2151 }
2152 qemu_add_vm_change_state_handler(qxl_vm_change_state_handler, qxl);
2153
2154 qxl->update_irq = qemu_bh_new(qxl_update_irq_bh, qxl);
2155 qxl_reset_state(qxl);
2156
2157 qxl->update_area_bh = qemu_bh_new(qxl_render_update_area_bh, qxl);
2158 qxl->ssd.cursor_bh = qemu_bh_new(qemu_spice_cursor_refresh_bh, &qxl->ssd);
2159}
2160
2161static void qxl_realize_primary(PCIDevice *dev, Error **errp)
2162{
2163 PCIQXLDevice *qxl = PCI_QXL(dev);
2164 VGACommonState *vga = &qxl->vga;
2165 Error *local_err = NULL;
2166
2167 qxl->id = 0;
2168 qxl_init_ramsize(qxl);
2169 vga->vbe_size = qxl->vgamem_size;
2170 vga->vram_size_mb = qxl->vga.vram_size >> 20;
2171 vga_common_init(vga, OBJECT(dev), true);
2172 vga_init(vga, OBJECT(dev),
2173 pci_address_space(dev), pci_address_space_io(dev), false);
2174 portio_list_init(&qxl->vga_port_list, OBJECT(dev), qxl_vga_portio_list,
2175 vga, "vga");
2176 portio_list_set_flush_coalesced(&qxl->vga_port_list);
2177 portio_list_add(&qxl->vga_port_list, pci_address_space_io(dev), 0x3b0);
2178
2179 vga->con = graphic_console_init(DEVICE(dev), 0, &qxl_ops, qxl);
2180
2181 qxl_realize_common(qxl, &local_err);
2182 if (local_err) {
2183 error_propagate(errp, local_err);
2184 return;
2185 }
2186
2187 qxl->ssd.dcl.ops = &display_listener_ops;
2188 qxl->ssd.dcl.con = vga->con;
2189 register_displaychangelistener(&qxl->ssd.dcl);
2190}
2191
2192static void qxl_realize_secondary(PCIDevice *dev, Error **errp)
2193{
2194 static int device_id = 1;
2195 PCIQXLDevice *qxl = PCI_QXL(dev);
2196
2197 qxl->id = device_id++;
2198 qxl_init_ramsize(qxl);
2199 memory_region_init_ram(&qxl->vga.vram, OBJECT(dev), "qxl.vgavram",
2200 qxl->vga.vram_size, &error_fatal);
2201 qxl->vga.vram_ptr = memory_region_get_ram_ptr(&qxl->vga.vram);
2202 qxl->vga.con = graphic_console_init(DEVICE(dev), 0, &qxl_ops, qxl);
2203
2204 qxl_realize_common(qxl, errp);
2205}
2206
2207static void qxl_pre_save(void *opaque)
2208{
2209 PCIQXLDevice* d = opaque;
2210 uint8_t *ram_start = d->vga.vram_ptr;
2211
2212 trace_qxl_pre_save(d->id);
2213 if (d->last_release == NULL) {
2214 d->last_release_offset = 0;
2215 } else {
2216 d->last_release_offset = (uint8_t *)d->last_release - ram_start;
2217 }
2218 assert(d->last_release_offset < d->vga.vram_size);
2219}
2220
2221static int qxl_pre_load(void *opaque)
2222{
2223 PCIQXLDevice* d = opaque;
2224
2225 trace_qxl_pre_load(d->id);
2226 qxl_hard_reset(d, 1);
2227 qxl_exit_vga_mode(d);
2228 return 0;
2229}
2230
2231static void qxl_create_memslots(PCIQXLDevice *d)
2232{
2233 int i;
2234
2235 for (i = 0; i < NUM_MEMSLOTS; i++) {
2236 if (!d->guest_slots[i].active) {
2237 continue;
2238 }
2239 qxl_add_memslot(d, i, 0, QXL_SYNC);
2240 }
2241}
2242
2243static int qxl_post_load(void *opaque, int version)
2244{
2245 PCIQXLDevice* d = opaque;
2246 uint8_t *ram_start = d->vga.vram_ptr;
2247 QXLCommandExt *cmds;
2248 int in, out, newmode;
2249
2250 assert(d->last_release_offset < d->vga.vram_size);
2251 if (d->last_release_offset == 0) {
2252 d->last_release = NULL;
2253 } else {
2254 d->last_release = (QXLReleaseInfo *)(ram_start + d->last_release_offset);
2255 }
2256
2257 d->modes = (QXLModes*)((uint8_t*)d->rom + d->rom->modes_offset);
2258
2259 trace_qxl_post_load(d->id, qxl_mode_to_string(d->mode));
2260 newmode = d->mode;
2261 d->mode = QXL_MODE_UNDEFINED;
2262
2263 switch (newmode) {
2264 case QXL_MODE_UNDEFINED:
2265 qxl_create_memslots(d);
2266 break;
2267 case QXL_MODE_VGA:
2268 qxl_create_memslots(d);
2269 qxl_enter_vga_mode(d);
2270 break;
2271 case QXL_MODE_NATIVE:
2272 qxl_create_memslots(d);
2273 qxl_create_guest_primary(d, 1, QXL_SYNC);
2274
2275
2276 cmds = g_new0(QXLCommandExt, d->ssd.num_surfaces + 1);
2277 for (in = 0, out = 0; in < d->ssd.num_surfaces; in++) {
2278 if (d->guest_surfaces.cmds[in] == 0) {
2279 continue;
2280 }
2281 cmds[out].cmd.data = d->guest_surfaces.cmds[in];
2282 cmds[out].cmd.type = QXL_CMD_SURFACE;
2283 cmds[out].group_id = MEMSLOT_GROUP_GUEST;
2284 out++;
2285 }
2286 if (d->guest_cursor) {
2287 cmds[out].cmd.data = d->guest_cursor;
2288 cmds[out].cmd.type = QXL_CMD_CURSOR;
2289 cmds[out].group_id = MEMSLOT_GROUP_GUEST;
2290 out++;
2291 }
2292 qxl_spice_loadvm_commands(d, cmds, out);
2293 g_free(cmds);
2294 if (d->guest_monitors_config) {
2295 qxl_spice_monitors_config_async(d, 1);
2296 }
2297 break;
2298 case QXL_MODE_COMPAT:
2299
2300
2301 qxl_set_mode(d, d->shadow_rom.mode, 1);
2302 break;
2303 }
2304 return 0;
2305}
2306
2307#define QXL_SAVE_VERSION 21
2308
2309static bool qxl_monitors_config_needed(void *opaque)
2310{
2311 PCIQXLDevice *qxl = opaque;
2312
2313 return qxl->guest_monitors_config != 0;
2314}
2315
2316
2317static VMStateDescription qxl_memslot = {
2318 .name = "qxl-memslot",
2319 .version_id = QXL_SAVE_VERSION,
2320 .minimum_version_id = QXL_SAVE_VERSION,
2321 .fields = (VMStateField[]) {
2322 VMSTATE_UINT64(slot.mem_start, struct guest_slots),
2323 VMSTATE_UINT64(slot.mem_end, struct guest_slots),
2324 VMSTATE_UINT32(active, struct guest_slots),
2325 VMSTATE_END_OF_LIST()
2326 }
2327};
2328
2329static VMStateDescription qxl_surface = {
2330 .name = "qxl-surface",
2331 .version_id = QXL_SAVE_VERSION,
2332 .minimum_version_id = QXL_SAVE_VERSION,
2333 .fields = (VMStateField[]) {
2334 VMSTATE_UINT32(width, QXLSurfaceCreate),
2335 VMSTATE_UINT32(height, QXLSurfaceCreate),
2336 VMSTATE_INT32(stride, QXLSurfaceCreate),
2337 VMSTATE_UINT32(format, QXLSurfaceCreate),
2338 VMSTATE_UINT32(position, QXLSurfaceCreate),
2339 VMSTATE_UINT32(mouse_mode, QXLSurfaceCreate),
2340 VMSTATE_UINT32(flags, QXLSurfaceCreate),
2341 VMSTATE_UINT32(type, QXLSurfaceCreate),
2342 VMSTATE_UINT64(mem, QXLSurfaceCreate),
2343 VMSTATE_END_OF_LIST()
2344 }
2345};
2346
2347static VMStateDescription qxl_vmstate_monitors_config = {
2348 .name = "qxl/monitors-config",
2349 .version_id = 1,
2350 .minimum_version_id = 1,
2351 .needed = qxl_monitors_config_needed,
2352 .fields = (VMStateField[]) {
2353 VMSTATE_UINT64(guest_monitors_config, PCIQXLDevice),
2354 VMSTATE_END_OF_LIST()
2355 },
2356};
2357
2358static VMStateDescription qxl_vmstate = {
2359 .name = "qxl",
2360 .version_id = QXL_SAVE_VERSION,
2361 .minimum_version_id = QXL_SAVE_VERSION,
2362 .pre_save = qxl_pre_save,
2363 .pre_load = qxl_pre_load,
2364 .post_load = qxl_post_load,
2365 .fields = (VMStateField[]) {
2366 VMSTATE_PCI_DEVICE(pci, PCIQXLDevice),
2367 VMSTATE_STRUCT(vga, PCIQXLDevice, 0, vmstate_vga_common, VGACommonState),
2368 VMSTATE_UINT32(shadow_rom.mode, PCIQXLDevice),
2369 VMSTATE_UINT32(num_free_res, PCIQXLDevice),
2370 VMSTATE_UINT32(last_release_offset, PCIQXLDevice),
2371 VMSTATE_UINT32(mode, PCIQXLDevice),
2372 VMSTATE_UINT32(ssd.unique, PCIQXLDevice),
2373 VMSTATE_INT32_EQUAL(num_memslots, PCIQXLDevice, NULL),
2374 VMSTATE_STRUCT_ARRAY(guest_slots, PCIQXLDevice, NUM_MEMSLOTS, 0,
2375 qxl_memslot, struct guest_slots),
2376 VMSTATE_STRUCT(guest_primary.surface, PCIQXLDevice, 0,
2377 qxl_surface, QXLSurfaceCreate),
2378 VMSTATE_INT32_EQUAL(ssd.num_surfaces, PCIQXLDevice, NULL),
2379 VMSTATE_VARRAY_INT32(guest_surfaces.cmds, PCIQXLDevice,
2380 ssd.num_surfaces, 0,
2381 vmstate_info_uint64, uint64_t),
2382 VMSTATE_UINT64(guest_cursor, PCIQXLDevice),
2383 VMSTATE_END_OF_LIST()
2384 },
2385 .subsections = (const VMStateDescription*[]) {
2386 &qxl_vmstate_monitors_config,
2387 NULL
2388 }
2389};
2390
2391static Property qxl_properties[] = {
2392 DEFINE_PROP_UINT32("ram_size", PCIQXLDevice, vga.vram_size,
2393 64 * 1024 * 1024),
2394 DEFINE_PROP_UINT64("vram_size", PCIQXLDevice, vram32_size,
2395 64 * 1024 * 1024),
2396 DEFINE_PROP_UINT32("revision", PCIQXLDevice, revision,
2397 QXL_DEFAULT_REVISION),
2398 DEFINE_PROP_UINT32("debug", PCIQXLDevice, debug, 0),
2399 DEFINE_PROP_UINT32("guestdebug", PCIQXLDevice, guestdebug, 0),
2400 DEFINE_PROP_UINT32("cmdlog", PCIQXLDevice, cmdlog, 0),
2401 DEFINE_PROP_UINT32("ram_size_mb", PCIQXLDevice, ram_size_mb, -1),
2402 DEFINE_PROP_UINT32("vram_size_mb", PCIQXLDevice, vram32_size_mb, -1),
2403 DEFINE_PROP_UINT32("vram64_size_mb", PCIQXLDevice, vram_size_mb, -1),
2404 DEFINE_PROP_UINT32("vgamem_mb", PCIQXLDevice, vgamem_size_mb, 16),
2405 DEFINE_PROP_INT32("surfaces", PCIQXLDevice, ssd.num_surfaces, 1024),
2406#if SPICE_SERVER_VERSION >= 0x000c06
2407 DEFINE_PROP_UINT16("max_outputs", PCIQXLDevice, max_outputs, 0),
2408#endif
2409 DEFINE_PROP_UINT32("xres", PCIQXLDevice, xres, 0),
2410 DEFINE_PROP_UINT32("yres", PCIQXLDevice, yres, 0),
2411 DEFINE_PROP_END_OF_LIST(),
2412};
2413
2414static void qxl_pci_class_init(ObjectClass *klass, void *data)
2415{
2416 DeviceClass *dc = DEVICE_CLASS(klass);
2417 PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
2418
2419 k->vendor_id = REDHAT_PCI_VENDOR_ID;
2420 k->device_id = QXL_DEVICE_ID_STABLE;
2421 set_bit(DEVICE_CATEGORY_DISPLAY, dc->categories);
2422 dc->reset = qxl_reset_handler;
2423 dc->vmsd = &qxl_vmstate;
2424 dc->props = qxl_properties;
2425}
2426
2427static const TypeInfo qxl_pci_type_info = {
2428 .name = TYPE_PCI_QXL,
2429 .parent = TYPE_PCI_DEVICE,
2430 .instance_size = sizeof(PCIQXLDevice),
2431 .abstract = true,
2432 .class_init = qxl_pci_class_init,
2433};
2434
2435static void qxl_primary_class_init(ObjectClass *klass, void *data)
2436{
2437 DeviceClass *dc = DEVICE_CLASS(klass);
2438 PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
2439
2440 k->realize = qxl_realize_primary;
2441 k->romfile = "vgabios-qxl.bin";
2442 k->class_id = PCI_CLASS_DISPLAY_VGA;
2443 dc->desc = "Spice QXL GPU (primary, vga compatible)";
2444 dc->hotpluggable = false;
2445}
2446
2447static const TypeInfo qxl_primary_info = {
2448 .name = "qxl-vga",
2449 .parent = TYPE_PCI_QXL,
2450 .class_init = qxl_primary_class_init,
2451};
2452
2453static void qxl_secondary_class_init(ObjectClass *klass, void *data)
2454{
2455 DeviceClass *dc = DEVICE_CLASS(klass);
2456 PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
2457
2458 k->realize = qxl_realize_secondary;
2459 k->class_id = PCI_CLASS_DISPLAY_OTHER;
2460 dc->desc = "Spice QXL GPU (secondary)";
2461}
2462
2463static const TypeInfo qxl_secondary_info = {
2464 .name = "qxl",
2465 .parent = TYPE_PCI_QXL,
2466 .class_init = qxl_secondary_class_init,
2467};
2468
2469static void qxl_register_types(void)
2470{
2471 type_register_static(&qxl_pci_type_info);
2472 type_register_static(&qxl_primary_info);
2473 type_register_static(&qxl_secondary_info);
2474}
2475
2476type_init(qxl_register_types)
2477
