qemu/hw/display/vmware_vga.c
<<
>>
Prefs
   1/*
   2 * QEMU VMware-SVGA "chipset".
   3 *
   4 * Copyright (c) 2007 Andrzej Zaborowski  <balrog@zabor.org>
   5 *
   6 * Permission is hereby granted, free of charge, to any person obtaining a copy
   7 * of this software and associated documentation files (the "Software"), to deal
   8 * in the Software without restriction, including without limitation the rights
   9 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
  10 * copies of the Software, and to permit persons to whom the Software is
  11 * furnished to do so, subject to the following conditions:
  12 *
  13 * The above copyright notice and this permission notice shall be included in
  14 * all copies or substantial portions of the Software.
  15 *
  16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
  17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
  18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
  19 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
  20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
  21 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
  22 * THE SOFTWARE.
  23 */
  24#include "qemu/osdep.h"
  25#include "qapi/error.h"
  26#include "hw/hw.h"
  27#include "hw/loader.h"
  28#include "trace.h"
  29#include "ui/console.h"
  30#include "ui/vnc.h"
  31#include "hw/pci/pci.h"
  32
  33#undef VERBOSE
  34#define HW_RECT_ACCEL
  35#define HW_FILL_ACCEL
  36#define HW_MOUSE_ACCEL
  37
  38#include "vga_int.h"
  39
  40/* See http://vmware-svga.sf.net/ for some documentation on VMWare SVGA */
  41
  42struct vmsvga_state_s {
  43    VGACommonState vga;
  44
  45    int invalidated;
  46    int enable;
  47    int config;
  48    struct {
  49        int id;
  50        int x;
  51        int y;
  52        int on;
  53    } cursor;
  54
  55    int index;
  56    int scratch_size;
  57    uint32_t *scratch;
  58    int new_width;
  59    int new_height;
  60    int new_depth;
  61    uint32_t guest;
  62    uint32_t svgaid;
  63    int syncing;
  64
  65    MemoryRegion fifo_ram;
  66    uint8_t *fifo_ptr;
  67    unsigned int fifo_size;
  68
  69    uint32_t *fifo;
  70    uint32_t fifo_min;
  71    uint32_t fifo_max;
  72    uint32_t fifo_next;
  73    uint32_t fifo_stop;
  74
  75#define REDRAW_FIFO_LEN  512
  76    struct vmsvga_rect_s {
  77        int x, y, w, h;
  78    } redraw_fifo[REDRAW_FIFO_LEN];
  79    int redraw_fifo_first, redraw_fifo_last;
  80};
  81
  82#define TYPE_VMWARE_SVGA "vmware-svga"
  83
  84#define VMWARE_SVGA(obj) \
  85    OBJECT_CHECK(struct pci_vmsvga_state_s, (obj), TYPE_VMWARE_SVGA)
  86
  87struct pci_vmsvga_state_s {
  88    /*< private >*/
  89    PCIDevice parent_obj;
  90    /*< public >*/
  91
  92    struct vmsvga_state_s chip;
  93    MemoryRegion io_bar;
  94};
  95
  96#define SVGA_MAGIC              0x900000UL
  97#define SVGA_MAKE_ID(ver)       (SVGA_MAGIC << 8 | (ver))
  98#define SVGA_ID_0               SVGA_MAKE_ID(0)
  99#define SVGA_ID_1               SVGA_MAKE_ID(1)
 100#define SVGA_ID_2               SVGA_MAKE_ID(2)
 101
 102#define SVGA_LEGACY_BASE_PORT   0x4560
 103#define SVGA_INDEX_PORT         0x0
 104#define SVGA_VALUE_PORT         0x1
 105#define SVGA_BIOS_PORT          0x2
 106
 107#define SVGA_VERSION_2
 108
 109#ifdef SVGA_VERSION_2
 110# define SVGA_ID                SVGA_ID_2
 111# define SVGA_IO_BASE           SVGA_LEGACY_BASE_PORT
 112# define SVGA_IO_MUL            1
 113# define SVGA_FIFO_SIZE         0x10000
 114# define SVGA_PCI_DEVICE_ID     PCI_DEVICE_ID_VMWARE_SVGA2
 115#else
 116# define SVGA_ID                SVGA_ID_1
 117# define SVGA_IO_BASE           SVGA_LEGACY_BASE_PORT
 118# define SVGA_IO_MUL            4
 119# define SVGA_FIFO_SIZE         0x10000
 120# define SVGA_PCI_DEVICE_ID     PCI_DEVICE_ID_VMWARE_SVGA
 121#endif
 122
 123enum {
 124    /* ID 0, 1 and 2 registers */
 125    SVGA_REG_ID = 0,
 126    SVGA_REG_ENABLE = 1,
 127    SVGA_REG_WIDTH = 2,
 128    SVGA_REG_HEIGHT = 3,
 129    SVGA_REG_MAX_WIDTH = 4,
 130    SVGA_REG_MAX_HEIGHT = 5,
 131    SVGA_REG_DEPTH = 6,
 132    SVGA_REG_BITS_PER_PIXEL = 7,        /* Current bpp in the guest */
 133    SVGA_REG_PSEUDOCOLOR = 8,
 134    SVGA_REG_RED_MASK = 9,
 135    SVGA_REG_GREEN_MASK = 10,
 136    SVGA_REG_BLUE_MASK = 11,
 137    SVGA_REG_BYTES_PER_LINE = 12,
 138    SVGA_REG_FB_START = 13,
 139    SVGA_REG_FB_OFFSET = 14,
 140    SVGA_REG_VRAM_SIZE = 15,
 141    SVGA_REG_FB_SIZE = 16,
 142
 143    /* ID 1 and 2 registers */
 144    SVGA_REG_CAPABILITIES = 17,
 145    SVGA_REG_MEM_START = 18,            /* Memory for command FIFO */
 146    SVGA_REG_MEM_SIZE = 19,
 147    SVGA_REG_CONFIG_DONE = 20,          /* Set when memory area configured */
 148    SVGA_REG_SYNC = 21,                 /* Write to force synchronization */
 149    SVGA_REG_BUSY = 22,                 /* Read to check if sync is done */
 150    SVGA_REG_GUEST_ID = 23,             /* Set guest OS identifier */
 151    SVGA_REG_CURSOR_ID = 24,            /* ID of cursor */
 152    SVGA_REG_CURSOR_X = 25,             /* Set cursor X position */
 153    SVGA_REG_CURSOR_Y = 26,             /* Set cursor Y position */
 154    SVGA_REG_CURSOR_ON = 27,            /* Turn cursor on/off */
 155    SVGA_REG_HOST_BITS_PER_PIXEL = 28,  /* Current bpp in the host */
 156    SVGA_REG_SCRATCH_SIZE = 29,         /* Number of scratch registers */
 157    SVGA_REG_MEM_REGS = 30,             /* Number of FIFO registers */
 158    SVGA_REG_NUM_DISPLAYS = 31,         /* Number of guest displays */
 159    SVGA_REG_PITCHLOCK = 32,            /* Fixed pitch for all modes */
 160
 161    SVGA_PALETTE_BASE = 1024,           /* Base of SVGA color map */
 162    SVGA_PALETTE_END  = SVGA_PALETTE_BASE + 767,
 163    SVGA_SCRATCH_BASE = SVGA_PALETTE_BASE + 768,
 164};
 165
 166#define SVGA_CAP_NONE                   0
 167#define SVGA_CAP_RECT_FILL              (1 << 0)
 168#define SVGA_CAP_RECT_COPY              (1 << 1)
 169#define SVGA_CAP_RECT_PAT_FILL          (1 << 2)
 170#define SVGA_CAP_LEGACY_OFFSCREEN       (1 << 3)
 171#define SVGA_CAP_RASTER_OP              (1 << 4)
 172#define SVGA_CAP_CURSOR                 (1 << 5)
 173#define SVGA_CAP_CURSOR_BYPASS          (1 << 6)
 174#define SVGA_CAP_CURSOR_BYPASS_2        (1 << 7)
 175#define SVGA_CAP_8BIT_EMULATION         (1 << 8)
 176#define SVGA_CAP_ALPHA_CURSOR           (1 << 9)
 177#define SVGA_CAP_GLYPH                  (1 << 10)
 178#define SVGA_CAP_GLYPH_CLIPPING         (1 << 11)
 179#define SVGA_CAP_OFFSCREEN_1            (1 << 12)
 180#define SVGA_CAP_ALPHA_BLEND            (1 << 13)
 181#define SVGA_CAP_3D                     (1 << 14)
 182#define SVGA_CAP_EXTENDED_FIFO          (1 << 15)
 183#define SVGA_CAP_MULTIMON               (1 << 16)
 184#define SVGA_CAP_PITCHLOCK              (1 << 17)
 185
 186/*
 187 * FIFO offsets (seen as an array of 32-bit words)
 188 */
 189enum {
 190    /*
 191     * The original defined FIFO offsets
 192     */
 193    SVGA_FIFO_MIN = 0,
 194    SVGA_FIFO_MAX,      /* The distance from MIN to MAX must be at least 10K */
 195    SVGA_FIFO_NEXT,
 196    SVGA_FIFO_STOP,
 197
 198    /*
 199     * Additional offsets added as of SVGA_CAP_EXTENDED_FIFO
 200     */
 201    SVGA_FIFO_CAPABILITIES = 4,
 202    SVGA_FIFO_FLAGS,
 203    SVGA_FIFO_FENCE,
 204    SVGA_FIFO_3D_HWVERSION,
 205    SVGA_FIFO_PITCHLOCK,
 206};
 207
 208#define SVGA_FIFO_CAP_NONE              0
 209#define SVGA_FIFO_CAP_FENCE             (1 << 0)
 210#define SVGA_FIFO_CAP_ACCELFRONT        (1 << 1)
 211#define SVGA_FIFO_CAP_PITCHLOCK         (1 << 2)
 212
 213#define SVGA_FIFO_FLAG_NONE             0
 214#define SVGA_FIFO_FLAG_ACCELFRONT       (1 << 0)
 215
 216/* These values can probably be changed arbitrarily.  */
 217#define SVGA_SCRATCH_SIZE               0x8000
 218#define SVGA_MAX_WIDTH                  ROUND_UP(2360, VNC_DIRTY_PIXELS_PER_BIT)
 219#define SVGA_MAX_HEIGHT                 1770
 220
 221#ifdef VERBOSE
 222# define GUEST_OS_BASE          0x5001
 223static const char *vmsvga_guest_id[] = {
 224    [0x00] = "Dos",
 225    [0x01] = "Windows 3.1",
 226    [0x02] = "Windows 95",
 227    [0x03] = "Windows 98",
 228    [0x04] = "Windows ME",
 229    [0x05] = "Windows NT",
 230    [0x06] = "Windows 2000",
 231    [0x07] = "Linux",
 232    [0x08] = "OS/2",
 233    [0x09] = "an unknown OS",
 234    [0x0a] = "BSD",
 235    [0x0b] = "Whistler",
 236    [0x0c] = "an unknown OS",
 237    [0x0d] = "an unknown OS",
 238    [0x0e] = "an unknown OS",
 239    [0x0f] = "an unknown OS",
 240    [0x10] = "an unknown OS",
 241    [0x11] = "an unknown OS",
 242    [0x12] = "an unknown OS",
 243    [0x13] = "an unknown OS",
 244    [0x14] = "an unknown OS",
 245    [0x15] = "Windows 2003",
 246};
 247#endif
 248
 249enum {
 250    SVGA_CMD_INVALID_CMD = 0,
 251    SVGA_CMD_UPDATE = 1,
 252    SVGA_CMD_RECT_FILL = 2,
 253    SVGA_CMD_RECT_COPY = 3,
 254    SVGA_CMD_DEFINE_BITMAP = 4,
 255    SVGA_CMD_DEFINE_BITMAP_SCANLINE = 5,
 256    SVGA_CMD_DEFINE_PIXMAP = 6,
 257    SVGA_CMD_DEFINE_PIXMAP_SCANLINE = 7,
 258    SVGA_CMD_RECT_BITMAP_FILL = 8,
 259    SVGA_CMD_RECT_PIXMAP_FILL = 9,
 260    SVGA_CMD_RECT_BITMAP_COPY = 10,
 261    SVGA_CMD_RECT_PIXMAP_COPY = 11,
 262    SVGA_CMD_FREE_OBJECT = 12,
 263    SVGA_CMD_RECT_ROP_FILL = 13,
 264    SVGA_CMD_RECT_ROP_COPY = 14,
 265    SVGA_CMD_RECT_ROP_BITMAP_FILL = 15,
 266    SVGA_CMD_RECT_ROP_PIXMAP_FILL = 16,
 267    SVGA_CMD_RECT_ROP_BITMAP_COPY = 17,
 268    SVGA_CMD_RECT_ROP_PIXMAP_COPY = 18,
 269    SVGA_CMD_DEFINE_CURSOR = 19,
 270    SVGA_CMD_DISPLAY_CURSOR = 20,
 271    SVGA_CMD_MOVE_CURSOR = 21,
 272    SVGA_CMD_DEFINE_ALPHA_CURSOR = 22,
 273    SVGA_CMD_DRAW_GLYPH = 23,
 274    SVGA_CMD_DRAW_GLYPH_CLIPPED = 24,
 275    SVGA_CMD_UPDATE_VERBOSE = 25,
 276    SVGA_CMD_SURFACE_FILL = 26,
 277    SVGA_CMD_SURFACE_COPY = 27,
 278    SVGA_CMD_SURFACE_ALPHA_BLEND = 28,
 279    SVGA_CMD_FRONT_ROP_FILL = 29,
 280    SVGA_CMD_FENCE = 30,
 281};
 282
 283/* Legal values for the SVGA_REG_CURSOR_ON register in cursor bypass mode */
 284enum {
 285    SVGA_CURSOR_ON_HIDE = 0,
 286    SVGA_CURSOR_ON_SHOW = 1,
 287    SVGA_CURSOR_ON_REMOVE_FROM_FB = 2,
 288    SVGA_CURSOR_ON_RESTORE_TO_FB = 3,
 289};
 290
 291static inline bool vmsvga_verify_rect(DisplaySurface *surface,
 292                                      const char *name,
 293                                      int x, int y, int w, int h)
 294{
 295    if (x < 0) {
 296        fprintf(stderr, "%s: x was < 0 (%d)\n", name, x);
 297        return false;
 298    }
 299    if (x > SVGA_MAX_WIDTH) {
 300        fprintf(stderr, "%s: x was > %d (%d)\n", name, SVGA_MAX_WIDTH, x);
 301        return false;
 302    }
 303    if (w < 0) {
 304        fprintf(stderr, "%s: w was < 0 (%d)\n", name, w);
 305        return false;
 306    }
 307    if (w > SVGA_MAX_WIDTH) {
 308        fprintf(stderr, "%s: w was > %d (%d)\n", name, SVGA_MAX_WIDTH, w);
 309        return false;
 310    }
 311    if (x + w > surface_width(surface)) {
 312        fprintf(stderr, "%s: width was > %d (x: %d, w: %d)\n",
 313                name, surface_width(surface), x, w);
 314        return false;
 315    }
 316
 317    if (y < 0) {
 318        fprintf(stderr, "%s: y was < 0 (%d)\n", name, y);
 319        return false;
 320    }
 321    if (y > SVGA_MAX_HEIGHT) {
 322        fprintf(stderr, "%s: y was > %d (%d)\n", name, SVGA_MAX_HEIGHT, y);
 323        return false;
 324    }
 325    if (h < 0) {
 326        fprintf(stderr, "%s: h was < 0 (%d)\n", name, h);
 327        return false;
 328    }
 329    if (h > SVGA_MAX_HEIGHT) {
 330        fprintf(stderr, "%s: h was > %d (%d)\n", name, SVGA_MAX_HEIGHT, h);
 331        return false;
 332    }
 333    if (y + h > surface_height(surface)) {
 334        fprintf(stderr, "%s: update height > %d (y: %d, h: %d)\n",
 335                name, surface_height(surface), y, h);
 336        return false;
 337    }
 338
 339    return true;
 340}
 341
 342static inline void vmsvga_update_rect(struct vmsvga_state_s *s,
 343                                      int x, int y, int w, int h)
 344{
 345    DisplaySurface *surface = qemu_console_surface(s->vga.con);
 346    int line;
 347    int bypl;
 348    int width;
 349    int start;
 350    uint8_t *src;
 351    uint8_t *dst;
 352
 353    if (!vmsvga_verify_rect(surface, __func__, x, y, w, h)) {
 354        /* go for a fullscreen update as fallback */
 355        x = 0;
 356        y = 0;
 357        w = surface_width(surface);
 358        h = surface_height(surface);
 359    }
 360
 361    bypl = surface_stride(surface);
 362    width = surface_bytes_per_pixel(surface) * w;
 363    start = surface_bytes_per_pixel(surface) * x + bypl * y;
 364    src = s->vga.vram_ptr + start;
 365    dst = surface_data(surface) + start;
 366
 367    for (line = h; line > 0; line--, src += bypl, dst += bypl) {
 368        memcpy(dst, src, width);
 369    }
 370    dpy_gfx_update(s->vga.con, x, y, w, h);
 371}
 372
 373static inline void vmsvga_update_rect_delayed(struct vmsvga_state_s *s,
 374                int x, int y, int w, int h)
 375{
 376    struct vmsvga_rect_s *rect = &s->redraw_fifo[s->redraw_fifo_last++];
 377
 378    s->redraw_fifo_last &= REDRAW_FIFO_LEN - 1;
 379    rect->x = x;
 380    rect->y = y;
 381    rect->w = w;
 382    rect->h = h;
 383}
 384
 385static inline void vmsvga_update_rect_flush(struct vmsvga_state_s *s)
 386{
 387    struct vmsvga_rect_s *rect;
 388
 389    if (s->invalidated) {
 390        s->redraw_fifo_first = s->redraw_fifo_last;
 391        return;
 392    }
 393    /* Overlapping region updates can be optimised out here - if someone
 394     * knows a smart algorithm to do that, please share.  */
 395    while (s->redraw_fifo_first != s->redraw_fifo_last) {
 396        rect = &s->redraw_fifo[s->redraw_fifo_first++];
 397        s->redraw_fifo_first &= REDRAW_FIFO_LEN - 1;
 398        vmsvga_update_rect(s, rect->x, rect->y, rect->w, rect->h);
 399    }
 400}
 401
 402#ifdef HW_RECT_ACCEL
 403static inline int vmsvga_copy_rect(struct vmsvga_state_s *s,
 404                int x0, int y0, int x1, int y1, int w, int h)
 405{
 406    DisplaySurface *surface = qemu_console_surface(s->vga.con);
 407    uint8_t *vram = s->vga.vram_ptr;
 408    int bypl = surface_stride(surface);
 409    int bypp = surface_bytes_per_pixel(surface);
 410    int width = bypp * w;
 411    int line = h;
 412    uint8_t *ptr[2];
 413
 414    if (!vmsvga_verify_rect(surface, "vmsvga_copy_rect/src", x0, y0, w, h)) {
 415        return -1;
 416    }
 417    if (!vmsvga_verify_rect(surface, "vmsvga_copy_rect/dst", x1, y1, w, h)) {
 418        return -1;
 419    }
 420
 421    if (y1 > y0) {
 422        ptr[0] = vram + bypp * x0 + bypl * (y0 + h - 1);
 423        ptr[1] = vram + bypp * x1 + bypl * (y1 + h - 1);
 424        for (; line > 0; line --, ptr[0] -= bypl, ptr[1] -= bypl) {
 425            memmove(ptr[1], ptr[0], width);
 426        }
 427    } else {
 428        ptr[0] = vram + bypp * x0 + bypl * y0;
 429        ptr[1] = vram + bypp * x1 + bypl * y1;
 430        for (; line > 0; line --, ptr[0] += bypl, ptr[1] += bypl) {
 431            memmove(ptr[1], ptr[0], width);
 432        }
 433    }
 434
 435    vmsvga_update_rect_delayed(s, x1, y1, w, h);
 436    return 0;
 437}
 438#endif
 439
 440#ifdef HW_FILL_ACCEL
 441static inline int vmsvga_fill_rect(struct vmsvga_state_s *s,
 442                uint32_t c, int x, int y, int w, int h)
 443{
 444    DisplaySurface *surface = qemu_console_surface(s->vga.con);
 445    int bypl = surface_stride(surface);
 446    int width = surface_bytes_per_pixel(surface) * w;
 447    int line = h;
 448    int column;
 449    uint8_t *fst;
 450    uint8_t *dst;
 451    uint8_t *src;
 452    uint8_t col[4];
 453
 454    if (!vmsvga_verify_rect(surface, __func__, x, y, w, h)) {
 455        return -1;
 456    }
 457
 458    col[0] = c;
 459    col[1] = c >> 8;
 460    col[2] = c >> 16;
 461    col[3] = c >> 24;
 462
 463    fst = s->vga.vram_ptr + surface_bytes_per_pixel(surface) * x + bypl * y;
 464
 465    if (line--) {
 466        dst = fst;
 467        src = col;
 468        for (column = width; column > 0; column--) {
 469            *(dst++) = *(src++);
 470            if (src - col == surface_bytes_per_pixel(surface)) {
 471                src = col;
 472            }
 473        }
 474        dst = fst;
 475        for (; line > 0; line--) {
 476            dst += bypl;
 477            memcpy(dst, fst, width);
 478        }
 479    }
 480
 481    vmsvga_update_rect_delayed(s, x, y, w, h);
 482    return 0;
 483}
 484#endif
 485
 486struct vmsvga_cursor_definition_s {
 487    uint32_t width;
 488    uint32_t height;
 489    int id;
 490    uint32_t bpp;
 491    int hot_x;
 492    int hot_y;
 493    uint32_t mask[1024];
 494    uint32_t image[4096];
 495};
 496
 497#define SVGA_BITMAP_SIZE(w, h)          ((((w) + 31) >> 5) * (h))
 498#define SVGA_PIXMAP_SIZE(w, h, bpp)     (((((w) * (bpp)) + 31) >> 5) * (h))
 499
 500#ifdef HW_MOUSE_ACCEL
 501static inline void vmsvga_cursor_define(struct vmsvga_state_s *s,
 502                struct vmsvga_cursor_definition_s *c)
 503{
 504    QEMUCursor *qc;
 505    int i, pixels;
 506
 507    qc = cursor_alloc(c->width, c->height);
 508    qc->hot_x = c->hot_x;
 509    qc->hot_y = c->hot_y;
 510    switch (c->bpp) {
 511    case 1:
 512        cursor_set_mono(qc, 0xffffff, 0x000000, (void *)c->image,
 513                        1, (void *)c->mask);
 514#ifdef DEBUG
 515        cursor_print_ascii_art(qc, "vmware/mono");
 516#endif
 517        break;
 518    case 32:
 519        /* fill alpha channel from mask, set color to zero */
 520        cursor_set_mono(qc, 0x000000, 0x000000, (void *)c->mask,
 521                        1, (void *)c->mask);
 522        /* add in rgb values */
 523        pixels = c->width * c->height;
 524        for (i = 0; i < pixels; i++) {
 525            qc->data[i] |= c->image[i] & 0xffffff;
 526        }
 527#ifdef DEBUG
 528        cursor_print_ascii_art(qc, "vmware/32bit");
 529#endif
 530        break;
 531    default:
 532        fprintf(stderr, "%s: unhandled bpp %d, using fallback cursor\n",
 533                __func__, c->bpp);
 534        cursor_put(qc);
 535        qc = cursor_builtin_left_ptr();
 536    }
 537
 538    dpy_cursor_define(s->vga.con, qc);
 539    cursor_put(qc);
 540}
 541#endif
 542
 543static inline int vmsvga_fifo_length(struct vmsvga_state_s *s)
 544{
 545    int num;
 546
 547    if (!s->config || !s->enable) {
 548        return 0;
 549    }
 550
 551    s->fifo_min  = le32_to_cpu(s->fifo[SVGA_FIFO_MIN]);
 552    s->fifo_max  = le32_to_cpu(s->fifo[SVGA_FIFO_MAX]);
 553    s->fifo_next = le32_to_cpu(s->fifo[SVGA_FIFO_NEXT]);
 554    s->fifo_stop = le32_to_cpu(s->fifo[SVGA_FIFO_STOP]);
 555
 556    /* Check range and alignment.  */
 557    if ((s->fifo_min | s->fifo_max | s->fifo_next | s->fifo_stop) & 3) {
 558        return 0;
 559    }
 560    if (s->fifo_min < sizeof(uint32_t) * 4) {
 561        return 0;
 562    }
 563    if (s->fifo_max > SVGA_FIFO_SIZE ||
 564        s->fifo_min >= SVGA_FIFO_SIZE ||
 565        s->fifo_stop >= SVGA_FIFO_SIZE ||
 566        s->fifo_next >= SVGA_FIFO_SIZE) {
 567        return 0;
 568    }
 569    if (s->fifo_max < s->fifo_min + 10 * 1024) {
 570        return 0;
 571    }
 572
 573    num = s->fifo_next - s->fifo_stop;
 574    if (num < 0) {
 575        num += s->fifo_max - s->fifo_min;
 576    }
 577    return num >> 2;
 578}
 579
 580static inline uint32_t vmsvga_fifo_read_raw(struct vmsvga_state_s *s)
 581{
 582    uint32_t cmd = s->fifo[s->fifo_stop >> 2];
 583
 584    s->fifo_stop += 4;
 585    if (s->fifo_stop >= s->fifo_max) {
 586        s->fifo_stop = s->fifo_min;
 587    }
 588    s->fifo[SVGA_FIFO_STOP] = cpu_to_le32(s->fifo_stop);
 589    return cmd;
 590}
 591
 592static inline uint32_t vmsvga_fifo_read(struct vmsvga_state_s *s)
 593{
 594    return le32_to_cpu(vmsvga_fifo_read_raw(s));
 595}
 596
 597static void vmsvga_fifo_run(struct vmsvga_state_s *s)
 598{
 599    uint32_t cmd, colour;
 600    int args, len, maxloop = 1024;
 601    int x, y, dx, dy, width, height;
 602    struct vmsvga_cursor_definition_s cursor;
 603    uint32_t cmd_start;
 604
 605    len = vmsvga_fifo_length(s);
 606    while (len > 0 && --maxloop > 0) {
 607        /* May need to go back to the start of the command if incomplete */
 608        cmd_start = s->fifo_stop;
 609
 610        switch (cmd = vmsvga_fifo_read(s)) {
 611        case SVGA_CMD_UPDATE:
 612        case SVGA_CMD_UPDATE_VERBOSE:
 613            len -= 5;
 614            if (len < 0) {
 615                goto rewind;
 616            }
 617
 618            x = vmsvga_fifo_read(s);
 619            y = vmsvga_fifo_read(s);
 620            width = vmsvga_fifo_read(s);
 621            height = vmsvga_fifo_read(s);
 622            vmsvga_update_rect_delayed(s, x, y, width, height);
 623            break;
 624
 625        case SVGA_CMD_RECT_FILL:
 626            len -= 6;
 627            if (len < 0) {
 628                goto rewind;
 629            }
 630
 631            colour = vmsvga_fifo_read(s);
 632            x = vmsvga_fifo_read(s);
 633            y = vmsvga_fifo_read(s);
 634            width = vmsvga_fifo_read(s);
 635            height = vmsvga_fifo_read(s);
 636#ifdef HW_FILL_ACCEL
 637            if (vmsvga_fill_rect(s, colour, x, y, width, height) == 0) {
 638                break;
 639            }
 640#endif
 641            args = 0;
 642            goto badcmd;
 643
 644        case SVGA_CMD_RECT_COPY:
 645            len -= 7;
 646            if (len < 0) {
 647                goto rewind;
 648            }
 649
 650            x = vmsvga_fifo_read(s);
 651            y = vmsvga_fifo_read(s);
 652            dx = vmsvga_fifo_read(s);
 653            dy = vmsvga_fifo_read(s);
 654            width = vmsvga_fifo_read(s);
 655            height = vmsvga_fifo_read(s);
 656#ifdef HW_RECT_ACCEL
 657            if (vmsvga_copy_rect(s, x, y, dx, dy, width, height) == 0) {
 658                break;
 659            }
 660#endif
 661            args = 0;
 662            goto badcmd;
 663
 664        case SVGA_CMD_DEFINE_CURSOR:
 665            len -= 8;
 666            if (len < 0) {
 667                goto rewind;
 668            }
 669
 670            cursor.id = vmsvga_fifo_read(s);
 671            cursor.hot_x = vmsvga_fifo_read(s);
 672            cursor.hot_y = vmsvga_fifo_read(s);
 673            cursor.width = x = vmsvga_fifo_read(s);
 674            cursor.height = y = vmsvga_fifo_read(s);
 675            vmsvga_fifo_read(s);
 676            cursor.bpp = vmsvga_fifo_read(s);
 677
 678            args = SVGA_BITMAP_SIZE(x, y) + SVGA_PIXMAP_SIZE(x, y, cursor.bpp);
 679            if (cursor.width > 256
 680                || cursor.height > 256
 681                || cursor.bpp > 32
 682                || SVGA_BITMAP_SIZE(x, y)
 683                    > sizeof(cursor.mask) / sizeof(cursor.mask[0])
 684                || SVGA_PIXMAP_SIZE(x, y, cursor.bpp)
 685                    > sizeof(cursor.image) / sizeof(cursor.image[0])) {
 686                    goto badcmd;
 687            }
 688
 689            len -= args;
 690            if (len < 0) {
 691                goto rewind;
 692            }
 693
 694            for (args = 0; args < SVGA_BITMAP_SIZE(x, y); args++) {
 695                cursor.mask[args] = vmsvga_fifo_read_raw(s);
 696            }
 697            for (args = 0; args < SVGA_PIXMAP_SIZE(x, y, cursor.bpp); args++) {
 698                cursor.image[args] = vmsvga_fifo_read_raw(s);
 699            }
 700#ifdef HW_MOUSE_ACCEL
 701            vmsvga_cursor_define(s, &cursor);
 702            break;
 703#else
 704            args = 0;
 705            goto badcmd;
 706#endif
 707
 708        /*
 709         * Other commands that we at least know the number of arguments
 710         * for so we can avoid FIFO desync if driver uses them illegally.
 711         */
 712        case SVGA_CMD_DEFINE_ALPHA_CURSOR:
 713            len -= 6;
 714            if (len < 0) {
 715                goto rewind;
 716            }
 717            vmsvga_fifo_read(s);
 718            vmsvga_fifo_read(s);
 719            vmsvga_fifo_read(s);
 720            x = vmsvga_fifo_read(s);
 721            y = vmsvga_fifo_read(s);
 722            args = x * y;
 723            goto badcmd;
 724        case SVGA_CMD_RECT_ROP_FILL:
 725            args = 6;
 726            goto badcmd;
 727        case SVGA_CMD_RECT_ROP_COPY:
 728            args = 7;
 729            goto badcmd;
 730        case SVGA_CMD_DRAW_GLYPH_CLIPPED:
 731            len -= 4;
 732            if (len < 0) {
 733                goto rewind;
 734            }
 735            vmsvga_fifo_read(s);
 736            vmsvga_fifo_read(s);
 737            args = 7 + (vmsvga_fifo_read(s) >> 2);
 738            goto badcmd;
 739        case SVGA_CMD_SURFACE_ALPHA_BLEND:
 740            args = 12;
 741            goto badcmd;
 742
 743        /*
 744         * Other commands that are not listed as depending on any
 745         * CAPABILITIES bits, but are not described in the README either.
 746         */
 747        case SVGA_CMD_SURFACE_FILL:
 748        case SVGA_CMD_SURFACE_COPY:
 749        case SVGA_CMD_FRONT_ROP_FILL:
 750        case SVGA_CMD_FENCE:
 751        case SVGA_CMD_INVALID_CMD:
 752            break; /* Nop */
 753
 754        default:
 755            args = 0;
 756        badcmd:
 757            len -= args;
 758            if (len < 0) {
 759                goto rewind;
 760            }
 761            while (args--) {
 762                vmsvga_fifo_read(s);
 763            }
 764            printf("%s: Unknown command 0x%02x in SVGA command FIFO\n",
 765                   __func__, cmd);
 766            break;
 767
 768        rewind:
 769            s->fifo_stop = cmd_start;
 770            s->fifo[SVGA_FIFO_STOP] = cpu_to_le32(s->fifo_stop);
 771            break;
 772        }
 773    }
 774
 775    s->syncing = 0;
 776}
 777
 778static uint32_t vmsvga_index_read(void *opaque, uint32_t address)
 779{
 780    struct vmsvga_state_s *s = opaque;
 781
 782    return s->index;
 783}
 784
 785static void vmsvga_index_write(void *opaque, uint32_t address, uint32_t index)
 786{
 787    struct vmsvga_state_s *s = opaque;
 788
 789    s->index = index;
 790}
 791
 792static uint32_t vmsvga_value_read(void *opaque, uint32_t address)
 793{
 794    uint32_t caps;
 795    struct vmsvga_state_s *s = opaque;
 796    DisplaySurface *surface = qemu_console_surface(s->vga.con);
 797    PixelFormat pf;
 798    uint32_t ret;
 799
 800    switch (s->index) {
 801    case SVGA_REG_ID:
 802        ret = s->svgaid;
 803        break;
 804
 805    case SVGA_REG_ENABLE:
 806        ret = s->enable;
 807        break;
 808
 809    case SVGA_REG_WIDTH:
 810        ret = s->new_width ? s->new_width : surface_width(surface);
 811        break;
 812
 813    case SVGA_REG_HEIGHT:
 814        ret = s->new_height ? s->new_height : surface_height(surface);
 815        break;
 816
 817    case SVGA_REG_MAX_WIDTH:
 818        ret = SVGA_MAX_WIDTH;
 819        break;
 820
 821    case SVGA_REG_MAX_HEIGHT:
 822        ret = SVGA_MAX_HEIGHT;
 823        break;
 824
 825    case SVGA_REG_DEPTH:
 826        ret = (s->new_depth == 32) ? 24 : s->new_depth;
 827        break;
 828
 829    case SVGA_REG_BITS_PER_PIXEL:
 830    case SVGA_REG_HOST_BITS_PER_PIXEL:
 831        ret = s->new_depth;
 832        break;
 833
 834    case SVGA_REG_PSEUDOCOLOR:
 835        ret = 0x0;
 836        break;
 837
 838    case SVGA_REG_RED_MASK:
 839        pf = qemu_default_pixelformat(s->new_depth);
 840        ret = pf.rmask;
 841        break;
 842
 843    case SVGA_REG_GREEN_MASK:
 844        pf = qemu_default_pixelformat(s->new_depth);
 845        ret = pf.gmask;
 846        break;
 847
 848    case SVGA_REG_BLUE_MASK:
 849        pf = qemu_default_pixelformat(s->new_depth);
 850        ret = pf.bmask;
 851        break;
 852
 853    case SVGA_REG_BYTES_PER_LINE:
 854        if (s->new_width) {
 855            ret = (s->new_depth * s->new_width) / 8;
 856        } else {
 857            ret = surface_stride(surface);
 858        }
 859        break;
 860
 861    case SVGA_REG_FB_START: {
 862        struct pci_vmsvga_state_s *pci_vmsvga
 863            = container_of(s, struct pci_vmsvga_state_s, chip);
 864        ret = pci_get_bar_addr(PCI_DEVICE(pci_vmsvga), 1);
 865        break;
 866    }
 867
 868    case SVGA_REG_FB_OFFSET:
 869        ret = 0x0;
 870        break;
 871
 872    case SVGA_REG_VRAM_SIZE:
 873        ret = s->vga.vram_size; /* No physical VRAM besides the framebuffer */
 874        break;
 875
 876    case SVGA_REG_FB_SIZE:
 877        ret = s->vga.vram_size;
 878        break;
 879
 880    case SVGA_REG_CAPABILITIES:
 881        caps = SVGA_CAP_NONE;
 882#ifdef HW_RECT_ACCEL
 883        caps |= SVGA_CAP_RECT_COPY;
 884#endif
 885#ifdef HW_FILL_ACCEL
 886        caps |= SVGA_CAP_RECT_FILL;
 887#endif
 888#ifdef HW_MOUSE_ACCEL
 889        if (dpy_cursor_define_supported(s->vga.con)) {
 890            caps |= SVGA_CAP_CURSOR | SVGA_CAP_CURSOR_BYPASS_2 |
 891                    SVGA_CAP_CURSOR_BYPASS;
 892        }
 893#endif
 894        ret = caps;
 895        break;
 896
 897    case SVGA_REG_MEM_START: {
 898        struct pci_vmsvga_state_s *pci_vmsvga
 899            = container_of(s, struct pci_vmsvga_state_s, chip);
 900        ret = pci_get_bar_addr(PCI_DEVICE(pci_vmsvga), 2);
 901        break;
 902    }
 903
 904    case SVGA_REG_MEM_SIZE:
 905        ret = s->fifo_size;
 906        break;
 907
 908    case SVGA_REG_CONFIG_DONE:
 909        ret = s->config;
 910        break;
 911
 912    case SVGA_REG_SYNC:
 913    case SVGA_REG_BUSY:
 914        ret = s->syncing;
 915        break;
 916
 917    case SVGA_REG_GUEST_ID:
 918        ret = s->guest;
 919        break;
 920
 921    case SVGA_REG_CURSOR_ID:
 922        ret = s->cursor.id;
 923        break;
 924
 925    case SVGA_REG_CURSOR_X:
 926        ret = s->cursor.x;
 927        break;
 928
 929    case SVGA_REG_CURSOR_Y:
 930        ret = s->cursor.y;
 931        break;
 932
 933    case SVGA_REG_CURSOR_ON:
 934        ret = s->cursor.on;
 935        break;
 936
 937    case SVGA_REG_SCRATCH_SIZE:
 938        ret = s->scratch_size;
 939        break;
 940
 941    case SVGA_REG_MEM_REGS:
 942    case SVGA_REG_NUM_DISPLAYS:
 943    case SVGA_REG_PITCHLOCK:
 944    case SVGA_PALETTE_BASE ... SVGA_PALETTE_END:
 945        ret = 0;
 946        break;
 947
 948    default:
 949        if (s->index >= SVGA_SCRATCH_BASE &&
 950            s->index < SVGA_SCRATCH_BASE + s->scratch_size) {
 951            ret = s->scratch[s->index - SVGA_SCRATCH_BASE];
 952            break;
 953        }
 954        printf("%s: Bad register %02x\n", __func__, s->index);
 955        ret = 0;
 956        break;
 957    }
 958
 959    if (s->index >= SVGA_SCRATCH_BASE) {
 960        trace_vmware_scratch_read(s->index, ret);
 961    } else if (s->index >= SVGA_PALETTE_BASE) {
 962        trace_vmware_palette_read(s->index, ret);
 963    } else {
 964        trace_vmware_value_read(s->index, ret);
 965    }
 966    return ret;
 967}
 968
 969static void vmsvga_value_write(void *opaque, uint32_t address, uint32_t value)
 970{
 971    struct vmsvga_state_s *s = opaque;
 972
 973    if (s->index >= SVGA_SCRATCH_BASE) {
 974        trace_vmware_scratch_write(s->index, value);
 975    } else if (s->index >= SVGA_PALETTE_BASE) {
 976        trace_vmware_palette_write(s->index, value);
 977    } else {
 978        trace_vmware_value_write(s->index, value);
 979    }
 980    switch (s->index) {
 981    case SVGA_REG_ID:
 982        if (value == SVGA_ID_2 || value == SVGA_ID_1 || value == SVGA_ID_0) {
 983            s->svgaid = value;
 984        }
 985        break;
 986
 987    case SVGA_REG_ENABLE:
 988        s->enable = !!value;
 989        s->invalidated = 1;
 990        s->vga.hw_ops->invalidate(&s->vga);
 991        if (s->enable && s->config) {
 992            vga_dirty_log_stop(&s->vga);
 993        } else {
 994            vga_dirty_log_start(&s->vga);
 995        }
 996        break;
 997
 998    case SVGA_REG_WIDTH:
 999        if (value <= SVGA_MAX_WIDTH) {
1000            s->new_width = value;
1001            s->invalidated = 1;
1002        } else {
1003            printf("%s: Bad width: %i\n", __func__, value);
1004        }
1005        break;
1006
1007    case SVGA_REG_HEIGHT:
1008        if (value <= SVGA_MAX_HEIGHT) {
1009            s->new_height = value;
1010            s->invalidated = 1;
1011        } else {
1012            printf("%s: Bad height: %i\n", __func__, value);
1013        }
1014        break;
1015
1016    case SVGA_REG_BITS_PER_PIXEL:
1017        if (value != 32) {
1018            printf("%s: Bad bits per pixel: %i bits\n", __func__, value);
1019            s->config = 0;
1020            s->invalidated = 1;
1021        }
1022        break;
1023
1024    case SVGA_REG_CONFIG_DONE:
1025        if (value) {
1026            s->fifo = (uint32_t *) s->fifo_ptr;
1027            vga_dirty_log_stop(&s->vga);
1028        }
1029        s->config = !!value;
1030        break;
1031
1032    case SVGA_REG_SYNC:
1033        s->syncing = 1;
1034        vmsvga_fifo_run(s); /* Or should we just wait for update_display? */
1035        break;
1036
1037    case SVGA_REG_GUEST_ID:
1038        s->guest = value;
1039#ifdef VERBOSE
1040        if (value >= GUEST_OS_BASE && value < GUEST_OS_BASE +
1041            ARRAY_SIZE(vmsvga_guest_id)) {
1042            printf("%s: guest runs %s.\n", __func__,
1043                   vmsvga_guest_id[value - GUEST_OS_BASE]);
1044        }
1045#endif
1046        break;
1047
1048    case SVGA_REG_CURSOR_ID:
1049        s->cursor.id = value;
1050        break;
1051
1052    case SVGA_REG_CURSOR_X:
1053        s->cursor.x = value;
1054        break;
1055
1056    case SVGA_REG_CURSOR_Y:
1057        s->cursor.y = value;
1058        break;
1059
1060    case SVGA_REG_CURSOR_ON:
1061        s->cursor.on |= (value == SVGA_CURSOR_ON_SHOW);
1062        s->cursor.on &= (value != SVGA_CURSOR_ON_HIDE);
1063#ifdef HW_MOUSE_ACCEL
1064        if (value <= SVGA_CURSOR_ON_SHOW) {
1065            dpy_mouse_set(s->vga.con, s->cursor.x, s->cursor.y, s->cursor.on);
1066        }
1067#endif
1068        break;
1069
1070    case SVGA_REG_DEPTH:
1071    case SVGA_REG_MEM_REGS:
1072    case SVGA_REG_NUM_DISPLAYS:
1073    case SVGA_REG_PITCHLOCK:
1074    case SVGA_PALETTE_BASE ... SVGA_PALETTE_END:
1075        break;
1076
1077    default:
1078        if (s->index >= SVGA_SCRATCH_BASE &&
1079                s->index < SVGA_SCRATCH_BASE + s->scratch_size) {
1080            s->scratch[s->index - SVGA_SCRATCH_BASE] = value;
1081            break;
1082        }
1083        printf("%s: Bad register %02x\n", __func__, s->index);
1084    }
1085}
1086
1087static uint32_t vmsvga_bios_read(void *opaque, uint32_t address)
1088{
1089    printf("%s: what are we supposed to return?\n", __func__);
1090    return 0xcafe;
1091}
1092
1093static void vmsvga_bios_write(void *opaque, uint32_t address, uint32_t data)
1094{
1095    printf("%s: what are we supposed to do with (%08x)?\n", __func__, data);
1096}
1097
1098static inline void vmsvga_check_size(struct vmsvga_state_s *s)
1099{
1100    DisplaySurface *surface = qemu_console_surface(s->vga.con);
1101
1102    if (s->new_width != surface_width(surface) ||
1103        s->new_height != surface_height(surface) ||
1104        s->new_depth != surface_bits_per_pixel(surface)) {
1105        int stride = (s->new_depth * s->new_width) / 8;
1106        pixman_format_code_t format =
1107            qemu_default_pixman_format(s->new_depth, true);
1108        trace_vmware_setmode(s->new_width, s->new_height, s->new_depth);
1109        surface = qemu_create_displaysurface_from(s->new_width, s->new_height,
1110                                                  format, stride,
1111                                                  s->vga.vram_ptr);
1112        dpy_gfx_replace_surface(s->vga.con, surface);
1113        s->invalidated = 1;
1114    }
1115}
1116
1117static void vmsvga_update_display(void *opaque)
1118{
1119    struct vmsvga_state_s *s = opaque;
1120    DisplaySurface *surface;
1121
1122    if (!s->enable || !s->config) {
1123        /* in standard vga mode */
1124        s->vga.hw_ops->gfx_update(&s->vga);
1125        return;
1126    }
1127
1128    vmsvga_check_size(s);
1129    surface = qemu_console_surface(s->vga.con);
1130
1131    vmsvga_fifo_run(s);
1132    vmsvga_update_rect_flush(s);
1133
1134    if (s->invalidated) {
1135        s->invalidated = 0;
1136        dpy_gfx_update(s->vga.con, 0, 0,
1137                   surface_width(surface), surface_height(surface));
1138    }
1139}
1140
1141static void vmsvga_reset(DeviceState *dev)
1142{
1143    struct pci_vmsvga_state_s *pci = VMWARE_SVGA(dev);
1144    struct vmsvga_state_s *s = &pci->chip;
1145
1146    s->index = 0;
1147    s->enable = 0;
1148    s->config = 0;
1149    s->svgaid = SVGA_ID;
1150    s->cursor.on = 0;
1151    s->redraw_fifo_first = 0;
1152    s->redraw_fifo_last = 0;
1153    s->syncing = 0;
1154
1155    vga_dirty_log_start(&s->vga);
1156}
1157
1158static void vmsvga_invalidate_display(void *opaque)
1159{
1160    struct vmsvga_state_s *s = opaque;
1161    if (!s->enable) {
1162        s->vga.hw_ops->invalidate(&s->vga);
1163        return;
1164    }
1165
1166    s->invalidated = 1;
1167}
1168
1169static void vmsvga_text_update(void *opaque, console_ch_t *chardata)
1170{
1171    struct vmsvga_state_s *s = opaque;
1172
1173    if (s->vga.hw_ops->text_update) {
1174        s->vga.hw_ops->text_update(&s->vga, chardata);
1175    }
1176}
1177
1178static int vmsvga_post_load(void *opaque, int version_id)
1179{
1180    struct vmsvga_state_s *s = opaque;
1181
1182    s->invalidated = 1;
1183    if (s->config) {
1184        s->fifo = (uint32_t *) s->fifo_ptr;
1185    }
1186    return 0;
1187}
1188
1189static const VMStateDescription vmstate_vmware_vga_internal = {
1190    .name = "vmware_vga_internal",
1191    .version_id = 0,
1192    .minimum_version_id = 0,
1193    .post_load = vmsvga_post_load,
1194    .fields = (VMStateField[]) {
1195        VMSTATE_INT32_EQUAL(new_depth, struct vmsvga_state_s, NULL),
1196        VMSTATE_INT32(enable, struct vmsvga_state_s),
1197        VMSTATE_INT32(config, struct vmsvga_state_s),
1198        VMSTATE_INT32(cursor.id, struct vmsvga_state_s),
1199        VMSTATE_INT32(cursor.x, struct vmsvga_state_s),
1200        VMSTATE_INT32(cursor.y, struct vmsvga_state_s),
1201        VMSTATE_INT32(cursor.on, struct vmsvga_state_s),
1202        VMSTATE_INT32(index, struct vmsvga_state_s),
1203        VMSTATE_VARRAY_INT32(scratch, struct vmsvga_state_s,
1204                             scratch_size, 0, vmstate_info_uint32, uint32_t),
1205        VMSTATE_INT32(new_width, struct vmsvga_state_s),
1206        VMSTATE_INT32(new_height, struct vmsvga_state_s),
1207        VMSTATE_UINT32(guest, struct vmsvga_state_s),
1208        VMSTATE_UINT32(svgaid, struct vmsvga_state_s),
1209        VMSTATE_INT32(syncing, struct vmsvga_state_s),
1210        VMSTATE_UNUSED(4), /* was fb_size */
1211        VMSTATE_END_OF_LIST()
1212    }
1213};
1214
1215static const VMStateDescription vmstate_vmware_vga = {
1216    .name = "vmware_vga",
1217    .version_id = 0,
1218    .minimum_version_id = 0,
1219    .fields = (VMStateField[]) {
1220        VMSTATE_PCI_DEVICE(parent_obj, struct pci_vmsvga_state_s),
1221        VMSTATE_STRUCT(chip, struct pci_vmsvga_state_s, 0,
1222                       vmstate_vmware_vga_internal, struct vmsvga_state_s),
1223        VMSTATE_END_OF_LIST()
1224    }
1225};
1226
1227static const GraphicHwOps vmsvga_ops = {
1228    .invalidate  = vmsvga_invalidate_display,
1229    .gfx_update  = vmsvga_update_display,
1230    .text_update = vmsvga_text_update,
1231};
1232
1233static void vmsvga_init(DeviceState *dev, struct vmsvga_state_s *s,
1234                        MemoryRegion *address_space, MemoryRegion *io)
1235{
1236    s->scratch_size = SVGA_SCRATCH_SIZE;
1237    s->scratch = g_malloc(s->scratch_size * 4);
1238
1239    s->vga.con = graphic_console_init(dev, 0, &vmsvga_ops, s);
1240
1241    s->fifo_size = SVGA_FIFO_SIZE;
1242    memory_region_init_ram(&s->fifo_ram, NULL, "vmsvga.fifo", s->fifo_size,
1243                           &error_fatal);
1244    s->fifo_ptr = memory_region_get_ram_ptr(&s->fifo_ram);
1245
1246    vga_common_init(&s->vga, OBJECT(dev), true);
1247    vga_init(&s->vga, OBJECT(dev), address_space, io, true);
1248    vmstate_register(NULL, 0, &vmstate_vga_common, &s->vga);
1249    s->new_depth = 32;
1250}
1251
1252static uint64_t vmsvga_io_read(void *opaque, hwaddr addr, unsigned size)
1253{
1254    struct vmsvga_state_s *s = opaque;
1255
1256    switch (addr) {
1257    case SVGA_IO_MUL * SVGA_INDEX_PORT: return vmsvga_index_read(s, addr);
1258    case SVGA_IO_MUL * SVGA_VALUE_PORT: return vmsvga_value_read(s, addr);
1259    case SVGA_IO_MUL * SVGA_BIOS_PORT: return vmsvga_bios_read(s, addr);
1260    default: return -1u;
1261    }
1262}
1263
1264static void vmsvga_io_write(void *opaque, hwaddr addr,
1265                            uint64_t data, unsigned size)
1266{
1267    struct vmsvga_state_s *s = opaque;
1268
1269    switch (addr) {
1270    case SVGA_IO_MUL * SVGA_INDEX_PORT:
1271        vmsvga_index_write(s, addr, data);
1272        break;
1273    case SVGA_IO_MUL * SVGA_VALUE_PORT:
1274        vmsvga_value_write(s, addr, data);
1275        break;
1276    case SVGA_IO_MUL * SVGA_BIOS_PORT:
1277        vmsvga_bios_write(s, addr, data);
1278        break;
1279    }
1280}
1281
1282static const MemoryRegionOps vmsvga_io_ops = {
1283    .read = vmsvga_io_read,
1284    .write = vmsvga_io_write,
1285    .endianness = DEVICE_LITTLE_ENDIAN,
1286    .valid = {
1287        .min_access_size = 4,
1288        .max_access_size = 4,
1289        .unaligned = true,
1290    },
1291    .impl = {
1292        .unaligned = true,
1293    },
1294};
1295
1296static void pci_vmsvga_realize(PCIDevice *dev, Error **errp)
1297{
1298    struct pci_vmsvga_state_s *s = VMWARE_SVGA(dev);
1299
1300    dev->config[PCI_CACHE_LINE_SIZE] = 0x08;
1301    dev->config[PCI_LATENCY_TIMER] = 0x40;
1302    dev->config[PCI_INTERRUPT_LINE] = 0xff;          /* End */
1303
1304    memory_region_init_io(&s->io_bar, NULL, &vmsvga_io_ops, &s->chip,
1305                          "vmsvga-io", 0x10);
1306    memory_region_set_flush_coalesced(&s->io_bar);
1307    pci_register_bar(dev, 0, PCI_BASE_ADDRESS_SPACE_IO, &s->io_bar);
1308
1309    vmsvga_init(DEVICE(dev), &s->chip,
1310                pci_address_space(dev), pci_address_space_io(dev));
1311
1312    pci_register_bar(dev, 1, PCI_BASE_ADDRESS_MEM_PREFETCH,
1313                     &s->chip.vga.vram);
1314    pci_register_bar(dev, 2, PCI_BASE_ADDRESS_MEM_PREFETCH,
1315                     &s->chip.fifo_ram);
1316
1317    if (!dev->rom_bar) {
1318        /* compatibility with pc-0.13 and older */
1319        vga_init_vbe(&s->chip.vga, OBJECT(dev), pci_address_space(dev));
1320    }
1321}
1322
1323static Property vga_vmware_properties[] = {
1324    DEFINE_PROP_UINT32("vgamem_mb", struct pci_vmsvga_state_s,
1325                       chip.vga.vram_size_mb, 16),
1326    DEFINE_PROP_END_OF_LIST(),
1327};
1328
1329static void vmsvga_class_init(ObjectClass *klass, void *data)
1330{
1331    DeviceClass *dc = DEVICE_CLASS(klass);
1332    PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
1333
1334    k->realize = pci_vmsvga_realize;
1335    k->romfile = "vgabios-vmware.bin";
1336    k->vendor_id = PCI_VENDOR_ID_VMWARE;
1337    k->device_id = SVGA_PCI_DEVICE_ID;
1338    k->class_id = PCI_CLASS_DISPLAY_VGA;
1339    k->subsystem_vendor_id = PCI_VENDOR_ID_VMWARE;
1340    k->subsystem_id = SVGA_PCI_DEVICE_ID;
1341    dc->reset = vmsvga_reset;
1342    dc->vmsd = &vmstate_vmware_vga;
1343    dc->props = vga_vmware_properties;
1344    dc->hotpluggable = false;
1345    set_bit(DEVICE_CATEGORY_DISPLAY, dc->categories);
1346}
1347
1348static const TypeInfo vmsvga_info = {
1349    .name          = TYPE_VMWARE_SVGA,
1350    .parent        = TYPE_PCI_DEVICE,
1351    .instance_size = sizeof(struct pci_vmsvga_state_s),
1352    .class_init    = vmsvga_class_init,
1353};
1354
1355static void vmsvga_register_types(void)
1356{
1357    type_register_static(&vmsvga_info);
1358}
1359
1360type_init(vmsvga_register_types)
1361