1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21#include "qemu/osdep.h"
22#include "qemu/units.h"
23#include <zlib.h>
24
25#include "qapi/error.h"
26#include "qemu-common.h"
27#include "qemu/timer.h"
28#include "qemu/queue.h"
29#include "qemu/atomic.h"
30#include "sysemu/sysemu.h"
31#include "migration/blocker.h"
32#include "trace.h"
33
34#include "qxl.h"
35
36
37
38
39
40
41
42#undef SPICE_RING_PROD_ITEM
43#define SPICE_RING_PROD_ITEM(qxl, r, ret) { \
44 uint32_t prod = (r)->prod & SPICE_RING_INDEX_MASK(r); \
45 if (prod >= ARRAY_SIZE((r)->items)) { \
46 qxl_set_guest_bug(qxl, "SPICE_RING_PROD_ITEM indices mismatch " \
47 "%u >= %zu", prod, ARRAY_SIZE((r)->items)); \
48 ret = NULL; \
49 } else { \
50 ret = &(r)->items[prod].el; \
51 } \
52 }
53
54#undef SPICE_RING_CONS_ITEM
55#define SPICE_RING_CONS_ITEM(qxl, r, ret) { \
56 uint32_t cons = (r)->cons & SPICE_RING_INDEX_MASK(r); \
57 if (cons >= ARRAY_SIZE((r)->items)) { \
58 qxl_set_guest_bug(qxl, "SPICE_RING_CONS_ITEM indices mismatch " \
59 "%u >= %zu", cons, ARRAY_SIZE((r)->items)); \
60 ret = NULL; \
61 } else { \
62 ret = &(r)->items[cons].el; \
63 } \
64 }
65
66#undef ALIGN
67#define ALIGN(a, b) (((a) + ((b) - 1)) & ~((b) - 1))
68
69#define PIXEL_SIZE 0.2936875
70
71#define QXL_MODE(_x, _y, _b, _o) \
72 { .x_res = _x, \
73 .y_res = _y, \
74 .bits = _b, \
75 .stride = (_x) * (_b) / 8, \
76 .x_mili = PIXEL_SIZE * (_x), \
77 .y_mili = PIXEL_SIZE * (_y), \
78 .orientation = _o, \
79 }
80
81#define QXL_MODE_16_32(x_res, y_res, orientation) \
82 QXL_MODE(x_res, y_res, 16, orientation), \
83 QXL_MODE(x_res, y_res, 32, orientation)
84
85#define QXL_MODE_EX(x_res, y_res) \
86 QXL_MODE_16_32(x_res, y_res, 0), \
87 QXL_MODE_16_32(x_res, y_res, 1)
88
89static QXLMode qxl_modes[] = {
90 QXL_MODE_EX(640, 480),
91 QXL_MODE_EX(800, 480),
92 QXL_MODE_EX(800, 600),
93 QXL_MODE_EX(832, 624),
94 QXL_MODE_EX(960, 640),
95 QXL_MODE_EX(1024, 600),
96 QXL_MODE_EX(1024, 768),
97 QXL_MODE_EX(1152, 864),
98 QXL_MODE_EX(1152, 870),
99 QXL_MODE_EX(1280, 720),
100 QXL_MODE_EX(1280, 760),
101 QXL_MODE_EX(1280, 768),
102 QXL_MODE_EX(1280, 800),
103 QXL_MODE_EX(1280, 960),
104 QXL_MODE_EX(1280, 1024),
105 QXL_MODE_EX(1360, 768),
106 QXL_MODE_EX(1366, 768),
107 QXL_MODE_EX(1400, 1050),
108 QXL_MODE_EX(1440, 900),
109 QXL_MODE_EX(1600, 900),
110 QXL_MODE_EX(1600, 1200),
111 QXL_MODE_EX(1680, 1050),
112 QXL_MODE_EX(1920, 1080),
113
114 QXL_MODE_EX(1920, 1200),
115 QXL_MODE_EX(1920, 1440),
116 QXL_MODE_EX(2000, 2000),
117 QXL_MODE_EX(2048, 1536),
118 QXL_MODE_EX(2048, 2048),
119 QXL_MODE_EX(2560, 1440),
120 QXL_MODE_EX(2560, 1600),
121
122 QXL_MODE_EX(2560, 2048),
123 QXL_MODE_EX(2800, 2100),
124 QXL_MODE_EX(3200, 2400),
125
126 QXL_MODE_EX(3840, 2160),
127 QXL_MODE_EX(4096, 2160),
128
129 QXL_MODE_EX(7680, 4320),
130
131 QXL_MODE_EX(8192, 4320),
132};
133
134static void qxl_send_events(PCIQXLDevice *d, uint32_t events);
135static int qxl_destroy_primary(PCIQXLDevice *d, qxl_async_io async);
136static void qxl_reset_memslots(PCIQXLDevice *d);
137static void qxl_reset_surfaces(PCIQXLDevice *d);
138static void qxl_ring_set_dirty(PCIQXLDevice *qxl);
139
140static void qxl_hw_update(void *opaque);
141
142void qxl_set_guest_bug(PCIQXLDevice *qxl, const char *msg, ...)
143{
144 trace_qxl_set_guest_bug(qxl->id);
145 qxl_send_events(qxl, QXL_INTERRUPT_ERROR);
146 qxl->guest_bug = 1;
147 if (qxl->guestdebug) {
148 va_list ap;
149 va_start(ap, msg);
150 fprintf(stderr, "qxl-%d: guest bug: ", qxl->id);
151 vfprintf(stderr, msg, ap);
152 fprintf(stderr, "\n");
153 va_end(ap);
154 }
155}
156
157static void qxl_clear_guest_bug(PCIQXLDevice *qxl)
158{
159 qxl->guest_bug = 0;
160}
161
162void qxl_spice_update_area(PCIQXLDevice *qxl, uint32_t surface_id,
163 struct QXLRect *area, struct QXLRect *dirty_rects,
164 uint32_t num_dirty_rects,
165 uint32_t clear_dirty_region,
166 qxl_async_io async, struct QXLCookie *cookie)
167{
168 trace_qxl_spice_update_area(qxl->id, surface_id, area->left, area->right,
169 area->top, area->bottom);
170 trace_qxl_spice_update_area_rest(qxl->id, num_dirty_rects,
171 clear_dirty_region);
172 if (async == QXL_SYNC) {
173 spice_qxl_update_area(&qxl->ssd.qxl, surface_id, area,
174 dirty_rects, num_dirty_rects, clear_dirty_region);
175 } else {
176 assert(cookie != NULL);
177 spice_qxl_update_area_async(&qxl->ssd.qxl, surface_id, area,
178 clear_dirty_region, (uintptr_t)cookie);
179 }
180}
181
182static void qxl_spice_destroy_surface_wait_complete(PCIQXLDevice *qxl,
183 uint32_t id)
184{
185 trace_qxl_spice_destroy_surface_wait_complete(qxl->id, id);
186 qemu_mutex_lock(&qxl->track_lock);
187 qxl->guest_surfaces.cmds[id] = 0;
188 qxl->guest_surfaces.count--;
189 qemu_mutex_unlock(&qxl->track_lock);
190}
191
192static void qxl_spice_destroy_surface_wait(PCIQXLDevice *qxl, uint32_t id,
193 qxl_async_io async)
194{
195 QXLCookie *cookie;
196
197 trace_qxl_spice_destroy_surface_wait(qxl->id, id, async);
198 if (async) {
199 cookie = qxl_cookie_new(QXL_COOKIE_TYPE_IO,
200 QXL_IO_DESTROY_SURFACE_ASYNC);
201 cookie->u.surface_id = id;
202 spice_qxl_destroy_surface_async(&qxl->ssd.qxl, id, (uintptr_t)cookie);
203 } else {
204 spice_qxl_destroy_surface_wait(&qxl->ssd.qxl, id);
205 qxl_spice_destroy_surface_wait_complete(qxl, id);
206 }
207}
208
209static void qxl_spice_flush_surfaces_async(PCIQXLDevice *qxl)
210{
211 trace_qxl_spice_flush_surfaces_async(qxl->id, qxl->guest_surfaces.count,
212 qxl->num_free_res);
213 spice_qxl_flush_surfaces_async(&qxl->ssd.qxl,
214 (uintptr_t)qxl_cookie_new(QXL_COOKIE_TYPE_IO,
215 QXL_IO_FLUSH_SURFACES_ASYNC));
216}
217
218void qxl_spice_loadvm_commands(PCIQXLDevice *qxl, struct QXLCommandExt *ext,
219 uint32_t count)
220{
221 trace_qxl_spice_loadvm_commands(qxl->id, ext, count);
222 spice_qxl_loadvm_commands(&qxl->ssd.qxl, ext, count);
223}
224
225void qxl_spice_oom(PCIQXLDevice *qxl)
226{
227 trace_qxl_spice_oom(qxl->id);
228 spice_qxl_oom(&qxl->ssd.qxl);
229}
230
231void qxl_spice_reset_memslots(PCIQXLDevice *qxl)
232{
233 trace_qxl_spice_reset_memslots(qxl->id);
234 spice_qxl_reset_memslots(&qxl->ssd.qxl);
235}
236
237static void qxl_spice_destroy_surfaces_complete(PCIQXLDevice *qxl)
238{
239 trace_qxl_spice_destroy_surfaces_complete(qxl->id);
240 qemu_mutex_lock(&qxl->track_lock);
241 memset(qxl->guest_surfaces.cmds, 0,
242 sizeof(qxl->guest_surfaces.cmds[0]) * qxl->ssd.num_surfaces);
243 qxl->guest_surfaces.count = 0;
244 qemu_mutex_unlock(&qxl->track_lock);
245}
246
247static void qxl_spice_destroy_surfaces(PCIQXLDevice *qxl, qxl_async_io async)
248{
249 trace_qxl_spice_destroy_surfaces(qxl->id, async);
250 if (async) {
251 spice_qxl_destroy_surfaces_async(&qxl->ssd.qxl,
252 (uintptr_t)qxl_cookie_new(QXL_COOKIE_TYPE_IO,
253 QXL_IO_DESTROY_ALL_SURFACES_ASYNC));
254 } else {
255 spice_qxl_destroy_surfaces(&qxl->ssd.qxl);
256 qxl_spice_destroy_surfaces_complete(qxl);
257 }
258}
259
260static void qxl_spice_monitors_config_async(PCIQXLDevice *qxl, int replay)
261{
262 trace_qxl_spice_monitors_config(qxl->id);
263 if (replay) {
264
265
266
267
268
269
270 spice_qxl_monitors_config_async(&qxl->ssd.qxl,
271 qxl->guest_monitors_config,
272 MEMSLOT_GROUP_GUEST,
273 (uintptr_t)qxl_cookie_new(
274 QXL_COOKIE_TYPE_POST_LOAD_MONITORS_CONFIG,
275 0));
276 } else {
277#if SPICE_SERVER_VERSION >= 0x000c06
278 if (qxl->max_outputs) {
279 spice_qxl_set_max_monitors(&qxl->ssd.qxl, qxl->max_outputs);
280 }
281#endif
282 qxl->guest_monitors_config = qxl->ram->monitors_config;
283 spice_qxl_monitors_config_async(&qxl->ssd.qxl,
284 qxl->ram->monitors_config,
285 MEMSLOT_GROUP_GUEST,
286 (uintptr_t)qxl_cookie_new(QXL_COOKIE_TYPE_IO,
287 QXL_IO_MONITORS_CONFIG_ASYNC));
288 }
289}
290
291void qxl_spice_reset_image_cache(PCIQXLDevice *qxl)
292{
293 trace_qxl_spice_reset_image_cache(qxl->id);
294 spice_qxl_reset_image_cache(&qxl->ssd.qxl);
295}
296
297void qxl_spice_reset_cursor(PCIQXLDevice *qxl)
298{
299 trace_qxl_spice_reset_cursor(qxl->id);
300 spice_qxl_reset_cursor(&qxl->ssd.qxl);
301 qemu_mutex_lock(&qxl->track_lock);
302 qxl->guest_cursor = 0;
303 qemu_mutex_unlock(&qxl->track_lock);
304 if (qxl->ssd.cursor) {
305 cursor_put(qxl->ssd.cursor);
306 }
307 qxl->ssd.cursor = cursor_builtin_hidden();
308}
309
310static uint32_t qxl_crc32(const uint8_t *p, unsigned len)
311{
312
313
314
315
316
317 return crc32(0xffffffff, p, len) ^ 0xffffffff;
318}
319
320static ram_addr_t qxl_rom_size(void)
321{
322#define QXL_REQUIRED_SZ (sizeof(QXLRom) + sizeof(QXLModes) + sizeof(qxl_modes))
323#define QXL_ROM_SZ 8192
324
325 QEMU_BUILD_BUG_ON(QXL_REQUIRED_SZ > QXL_ROM_SZ);
326 return QXL_ROM_SZ;
327}
328
329static void init_qxl_rom(PCIQXLDevice *d)
330{
331 QXLRom *rom = memory_region_get_ram_ptr(&d->rom_bar);
332 QXLModes *modes = (QXLModes *)(rom + 1);
333 uint32_t ram_header_size;
334 uint32_t surface0_area_size;
335 uint32_t num_pages;
336 uint32_t fb;
337 int i, n;
338
339 memset(rom, 0, d->rom_size);
340
341 rom->magic = cpu_to_le32(QXL_ROM_MAGIC);
342 rom->id = cpu_to_le32(d->id);
343 rom->log_level = cpu_to_le32(d->guestdebug);
344 rom->modes_offset = cpu_to_le32(sizeof(QXLRom));
345
346 rom->slot_gen_bits = MEMSLOT_GENERATION_BITS;
347 rom->slot_id_bits = MEMSLOT_SLOT_BITS;
348 rom->slots_start = 1;
349 rom->slots_end = NUM_MEMSLOTS - 1;
350 rom->n_surfaces = cpu_to_le32(d->ssd.num_surfaces);
351
352 for (i = 0, n = 0; i < ARRAY_SIZE(qxl_modes); i++) {
353 fb = qxl_modes[i].y_res * qxl_modes[i].stride;
354 if (fb > d->vgamem_size) {
355 continue;
356 }
357 modes->modes[n].id = cpu_to_le32(i);
358 modes->modes[n].x_res = cpu_to_le32(qxl_modes[i].x_res);
359 modes->modes[n].y_res = cpu_to_le32(qxl_modes[i].y_res);
360 modes->modes[n].bits = cpu_to_le32(qxl_modes[i].bits);
361 modes->modes[n].stride = cpu_to_le32(qxl_modes[i].stride);
362 modes->modes[n].x_mili = cpu_to_le32(qxl_modes[i].x_mili);
363 modes->modes[n].y_mili = cpu_to_le32(qxl_modes[i].y_mili);
364 modes->modes[n].orientation = cpu_to_le32(qxl_modes[i].orientation);
365 n++;
366 }
367 modes->n_modes = cpu_to_le32(n);
368
369 ram_header_size = ALIGN(sizeof(QXLRam), 4096);
370 surface0_area_size = ALIGN(d->vgamem_size, 4096);
371 num_pages = d->vga.vram_size;
372 num_pages -= ram_header_size;
373 num_pages -= surface0_area_size;
374 num_pages = num_pages / QXL_PAGE_SIZE;
375
376 assert(ram_header_size + surface0_area_size <= d->vga.vram_size);
377
378 rom->draw_area_offset = cpu_to_le32(0);
379 rom->surface0_area_size = cpu_to_le32(surface0_area_size);
380 rom->pages_offset = cpu_to_le32(surface0_area_size);
381 rom->num_pages = cpu_to_le32(num_pages);
382 rom->ram_header_offset = cpu_to_le32(d->vga.vram_size - ram_header_size);
383
384 if (d->xres && d->yres) {
385
386 rom->client_monitors_config.count = 1;
387 rom->client_monitors_config.heads[0].left = 0;
388 rom->client_monitors_config.heads[0].top = 0;
389 rom->client_monitors_config.heads[0].right = cpu_to_le32(d->xres);
390 rom->client_monitors_config.heads[0].bottom = cpu_to_le32(d->yres);
391 rom->client_monitors_config_crc = qxl_crc32(
392 (const uint8_t *)&rom->client_monitors_config,
393 sizeof(rom->client_monitors_config));
394 }
395
396 d->shadow_rom = *rom;
397 d->rom = rom;
398 d->modes = modes;
399}
400
401static void init_qxl_ram(PCIQXLDevice *d)
402{
403 uint8_t *buf;
404 uint64_t *item;
405
406 buf = d->vga.vram_ptr;
407 d->ram = (QXLRam *)(buf + le32_to_cpu(d->shadow_rom.ram_header_offset));
408 d->ram->magic = cpu_to_le32(QXL_RAM_MAGIC);
409 d->ram->int_pending = cpu_to_le32(0);
410 d->ram->int_mask = cpu_to_le32(0);
411 d->ram->update_surface = 0;
412 d->ram->monitors_config = 0;
413 SPICE_RING_INIT(&d->ram->cmd_ring);
414 SPICE_RING_INIT(&d->ram->cursor_ring);
415 SPICE_RING_INIT(&d->ram->release_ring);
416 SPICE_RING_PROD_ITEM(d, &d->ram->release_ring, item);
417 assert(item);
418 *item = 0;
419 qxl_ring_set_dirty(d);
420}
421
422
423static void qxl_set_dirty(MemoryRegion *mr, ram_addr_t addr, ram_addr_t end)
424{
425 memory_region_set_dirty(mr, addr, end - addr);
426}
427
428static void qxl_rom_set_dirty(PCIQXLDevice *qxl)
429{
430 qxl_set_dirty(&qxl->rom_bar, 0, qxl->rom_size);
431}
432
433
434static void qxl_ram_set_dirty(PCIQXLDevice *qxl, void *ptr)
435{
436 void *base = qxl->vga.vram_ptr;
437 intptr_t offset;
438
439 offset = ptr - base;
440 assert(offset < qxl->vga.vram_size);
441 qxl_set_dirty(&qxl->vga.vram, offset, offset + 3);
442}
443
444
445static void qxl_ring_set_dirty(PCIQXLDevice *qxl)
446{
447 ram_addr_t addr = qxl->shadow_rom.ram_header_offset;
448 ram_addr_t end = qxl->vga.vram_size;
449 qxl_set_dirty(&qxl->vga.vram, addr, end);
450}
451
452
453
454
455
456static int qxl_track_command(PCIQXLDevice *qxl, struct QXLCommandExt *ext)
457{
458 switch (le32_to_cpu(ext->cmd.type)) {
459 case QXL_CMD_SURFACE:
460 {
461 QXLSurfaceCmd *cmd = qxl_phys2virt(qxl, ext->cmd.data, ext->group_id);
462
463 if (!cmd) {
464 return 1;
465 }
466 uint32_t id = le32_to_cpu(cmd->surface_id);
467
468 if (id >= qxl->ssd.num_surfaces) {
469 qxl_set_guest_bug(qxl, "QXL_CMD_SURFACE id %d >= %d", id,
470 qxl->ssd.num_surfaces);
471 return 1;
472 }
473 if (cmd->type == QXL_SURFACE_CMD_CREATE &&
474 (cmd->u.surface_create.stride & 0x03) != 0) {
475 qxl_set_guest_bug(qxl, "QXL_CMD_SURFACE stride = %d %% 4 != 0\n",
476 cmd->u.surface_create.stride);
477 return 1;
478 }
479 qemu_mutex_lock(&qxl->track_lock);
480 if (cmd->type == QXL_SURFACE_CMD_CREATE) {
481 qxl->guest_surfaces.cmds[id] = ext->cmd.data;
482 qxl->guest_surfaces.count++;
483 if (qxl->guest_surfaces.max < qxl->guest_surfaces.count)
484 qxl->guest_surfaces.max = qxl->guest_surfaces.count;
485 }
486 if (cmd->type == QXL_SURFACE_CMD_DESTROY) {
487 qxl->guest_surfaces.cmds[id] = 0;
488 qxl->guest_surfaces.count--;
489 }
490 qemu_mutex_unlock(&qxl->track_lock);
491 break;
492 }
493 case QXL_CMD_CURSOR:
494 {
495 QXLCursorCmd *cmd = qxl_phys2virt(qxl, ext->cmd.data, ext->group_id);
496
497 if (!cmd) {
498 return 1;
499 }
500 if (cmd->type == QXL_CURSOR_SET) {
501 qemu_mutex_lock(&qxl->track_lock);
502 qxl->guest_cursor = ext->cmd.data;
503 qemu_mutex_unlock(&qxl->track_lock);
504 }
505 if (cmd->type == QXL_CURSOR_HIDE) {
506 qemu_mutex_lock(&qxl->track_lock);
507 qxl->guest_cursor = 0;
508 qemu_mutex_unlock(&qxl->track_lock);
509 }
510 break;
511 }
512 }
513 return 0;
514}
515
516
517
518static void interface_attach_worker(QXLInstance *sin, QXLWorker *qxl_worker)
519{
520 PCIQXLDevice *qxl = container_of(sin, PCIQXLDevice, ssd.qxl);
521
522 trace_qxl_interface_attach_worker(qxl->id);
523}
524
525static void interface_set_compression_level(QXLInstance *sin, int level)
526{
527 PCIQXLDevice *qxl = container_of(sin, PCIQXLDevice, ssd.qxl);
528
529 trace_qxl_interface_set_compression_level(qxl->id, level);
530 qxl->shadow_rom.compression_level = cpu_to_le32(level);
531 qxl->rom->compression_level = cpu_to_le32(level);
532 qxl_rom_set_dirty(qxl);
533}
534
535#if SPICE_NEEDS_SET_MM_TIME
536static void interface_set_mm_time(QXLInstance *sin, uint32_t mm_time)
537{
538 PCIQXLDevice *qxl = container_of(sin, PCIQXLDevice, ssd.qxl);
539
540 if (!qemu_spice_display_is_running(&qxl->ssd)) {
541 return;
542 }
543
544 trace_qxl_interface_set_mm_time(qxl->id, mm_time);
545 qxl->shadow_rom.mm_clock = cpu_to_le32(mm_time);
546 qxl->rom->mm_clock = cpu_to_le32(mm_time);
547 qxl_rom_set_dirty(qxl);
548}
549#endif
550
551static void interface_get_init_info(QXLInstance *sin, QXLDevInitInfo *info)
552{
553 PCIQXLDevice *qxl = container_of(sin, PCIQXLDevice, ssd.qxl);
554
555 trace_qxl_interface_get_init_info(qxl->id);
556 info->memslot_gen_bits = MEMSLOT_GENERATION_BITS;
557 info->memslot_id_bits = MEMSLOT_SLOT_BITS;
558 info->num_memslots = NUM_MEMSLOTS;
559 info->num_memslots_groups = NUM_MEMSLOTS_GROUPS;
560 info->internal_groupslot_id = 0;
561 info->qxl_ram_size =
562 le32_to_cpu(qxl->shadow_rom.num_pages) << QXL_PAGE_BITS;
563 info->n_surfaces = qxl->ssd.num_surfaces;
564}
565
566static const char *qxl_mode_to_string(int mode)
567{
568 switch (mode) {
569 case QXL_MODE_COMPAT:
570 return "compat";
571 case QXL_MODE_NATIVE:
572 return "native";
573 case QXL_MODE_UNDEFINED:
574 return "undefined";
575 case QXL_MODE_VGA:
576 return "vga";
577 }
578 return "INVALID";
579}
580
581static const char *io_port_to_string(uint32_t io_port)
582{
583 if (io_port >= QXL_IO_RANGE_SIZE) {
584 return "out of range";
585 }
586 static const char *io_port_to_string[QXL_IO_RANGE_SIZE + 1] = {
587 [QXL_IO_NOTIFY_CMD] = "QXL_IO_NOTIFY_CMD",
588 [QXL_IO_NOTIFY_CURSOR] = "QXL_IO_NOTIFY_CURSOR",
589 [QXL_IO_UPDATE_AREA] = "QXL_IO_UPDATE_AREA",
590 [QXL_IO_UPDATE_IRQ] = "QXL_IO_UPDATE_IRQ",
591 [QXL_IO_NOTIFY_OOM] = "QXL_IO_NOTIFY_OOM",
592 [QXL_IO_RESET] = "QXL_IO_RESET",
593 [QXL_IO_SET_MODE] = "QXL_IO_SET_MODE",
594 [QXL_IO_LOG] = "QXL_IO_LOG",
595 [QXL_IO_MEMSLOT_ADD] = "QXL_IO_MEMSLOT_ADD",
596 [QXL_IO_MEMSLOT_DEL] = "QXL_IO_MEMSLOT_DEL",
597 [QXL_IO_DETACH_PRIMARY] = "QXL_IO_DETACH_PRIMARY",
598 [QXL_IO_ATTACH_PRIMARY] = "QXL_IO_ATTACH_PRIMARY",
599 [QXL_IO_CREATE_PRIMARY] = "QXL_IO_CREATE_PRIMARY",
600 [QXL_IO_DESTROY_PRIMARY] = "QXL_IO_DESTROY_PRIMARY",
601 [QXL_IO_DESTROY_SURFACE_WAIT] = "QXL_IO_DESTROY_SURFACE_WAIT",
602 [QXL_IO_DESTROY_ALL_SURFACES] = "QXL_IO_DESTROY_ALL_SURFACES",
603 [QXL_IO_UPDATE_AREA_ASYNC] = "QXL_IO_UPDATE_AREA_ASYNC",
604 [QXL_IO_MEMSLOT_ADD_ASYNC] = "QXL_IO_MEMSLOT_ADD_ASYNC",
605 [QXL_IO_CREATE_PRIMARY_ASYNC] = "QXL_IO_CREATE_PRIMARY_ASYNC",
606 [QXL_IO_DESTROY_PRIMARY_ASYNC] = "QXL_IO_DESTROY_PRIMARY_ASYNC",
607 [QXL_IO_DESTROY_SURFACE_ASYNC] = "QXL_IO_DESTROY_SURFACE_ASYNC",
608 [QXL_IO_DESTROY_ALL_SURFACES_ASYNC]
609 = "QXL_IO_DESTROY_ALL_SURFACES_ASYNC",
610 [QXL_IO_FLUSH_SURFACES_ASYNC] = "QXL_IO_FLUSH_SURFACES_ASYNC",
611 [QXL_IO_FLUSH_RELEASE] = "QXL_IO_FLUSH_RELEASE",
612 [QXL_IO_MONITORS_CONFIG_ASYNC] = "QXL_IO_MONITORS_CONFIG_ASYNC",
613 };
614 return io_port_to_string[io_port];
615}
616
617
618static int interface_get_command(QXLInstance *sin, struct QXLCommandExt *ext)
619{
620 PCIQXLDevice *qxl = container_of(sin, PCIQXLDevice, ssd.qxl);
621 SimpleSpiceUpdate *update;
622 QXLCommandRing *ring;
623 QXLCommand *cmd;
624 int notify, ret;
625
626 trace_qxl_ring_command_check(qxl->id, qxl_mode_to_string(qxl->mode));
627
628 switch (qxl->mode) {
629 case QXL_MODE_VGA:
630 ret = false;
631 qemu_mutex_lock(&qxl->ssd.lock);
632 update = QTAILQ_FIRST(&qxl->ssd.updates);
633 if (update != NULL) {
634 QTAILQ_REMOVE(&qxl->ssd.updates, update, next);
635 *ext = update->ext;
636 ret = true;
637 }
638 qemu_mutex_unlock(&qxl->ssd.lock);
639 if (ret) {
640 trace_qxl_ring_command_get(qxl->id, qxl_mode_to_string(qxl->mode));
641 qxl_log_command(qxl, "vga", ext);
642 }
643 return ret;
644 case QXL_MODE_COMPAT:
645 case QXL_MODE_NATIVE:
646 case QXL_MODE_UNDEFINED:
647 ring = &qxl->ram->cmd_ring;
648 if (qxl->guest_bug || SPICE_RING_IS_EMPTY(ring)) {
649 return false;
650 }
651 SPICE_RING_CONS_ITEM(qxl, ring, cmd);
652 if (!cmd) {
653 return false;
654 }
655 ext->cmd = *cmd;
656 ext->group_id = MEMSLOT_GROUP_GUEST;
657 ext->flags = qxl->cmdflags;
658 SPICE_RING_POP(ring, notify);
659 qxl_ring_set_dirty(qxl);
660 if (notify) {
661 qxl_send_events(qxl, QXL_INTERRUPT_DISPLAY);
662 }
663 qxl->guest_primary.commands++;
664 qxl_track_command(qxl, ext);
665 qxl_log_command(qxl, "cmd", ext);
666 {
667
668
669
670
671
672
673
674
675 void *msg = qxl_phys2virt(qxl, ext->cmd.data, ext->group_id);
676 if (msg != NULL && (
677 msg < (void *)qxl->vga.vram_ptr ||
678 msg > ((void *)qxl->vga.vram_ptr + qxl->vga.vram_size))) {
679 if (!qxl->migration_blocker) {
680 Error *local_err = NULL;
681 error_setg(&qxl->migration_blocker,
682 "qxl: guest bug: command not in ram bar");
683 migrate_add_blocker(qxl->migration_blocker, &local_err);
684 if (local_err) {
685 error_report_err(local_err);
686 }
687 }
688 }
689 }
690 trace_qxl_ring_command_get(qxl->id, qxl_mode_to_string(qxl->mode));
691 return true;
692 default:
693 return false;
694 }
695}
696
697
698static int interface_req_cmd_notification(QXLInstance *sin)
699{
700 PCIQXLDevice *qxl = container_of(sin, PCIQXLDevice, ssd.qxl);
701 int wait = 1;
702
703 trace_qxl_ring_command_req_notification(qxl->id);
704 switch (qxl->mode) {
705 case QXL_MODE_COMPAT:
706 case QXL_MODE_NATIVE:
707 case QXL_MODE_UNDEFINED:
708 SPICE_RING_CONS_WAIT(&qxl->ram->cmd_ring, wait);
709 qxl_ring_set_dirty(qxl);
710 break;
711 default:
712
713 break;
714 }
715 return wait;
716}
717
718
719static inline void qxl_push_free_res(PCIQXLDevice *d, int flush)
720{
721 QXLReleaseRing *ring = &d->ram->release_ring;
722 uint64_t *item;
723 int notify;
724
725#define QXL_FREE_BUNCH_SIZE 32
726
727 if (ring->prod - ring->cons + 1 == ring->num_items) {
728
729 return;
730 }
731 if (!flush && d->oom_running) {
732
733 return;
734 }
735 if (!flush && d->num_free_res < QXL_FREE_BUNCH_SIZE) {
736
737 return;
738 }
739
740 SPICE_RING_PUSH(ring, notify);
741 trace_qxl_ring_res_push(d->id, qxl_mode_to_string(d->mode),
742 d->guest_surfaces.count, d->num_free_res,
743 d->last_release, notify ? "yes" : "no");
744 trace_qxl_ring_res_push_rest(d->id, ring->prod - ring->cons,
745 ring->num_items, ring->prod, ring->cons);
746 if (notify) {
747 qxl_send_events(d, QXL_INTERRUPT_DISPLAY);
748 }
749 SPICE_RING_PROD_ITEM(d, ring, item);
750 if (!item) {
751 return;
752 }
753 *item = 0;
754 d->num_free_res = 0;
755 d->last_release = NULL;
756 qxl_ring_set_dirty(d);
757}
758
759
760static void interface_release_resource(QXLInstance *sin,
761 QXLReleaseInfoExt ext)
762{
763 PCIQXLDevice *qxl = container_of(sin, PCIQXLDevice, ssd.qxl);
764 QXLReleaseRing *ring;
765 uint64_t *item, id;
766
767 if (ext.group_id == MEMSLOT_GROUP_HOST) {
768
769 QXLCommandExt *cmdext = (void *)(intptr_t)(ext.info->id);
770 SimpleSpiceUpdate *update;
771 g_assert(cmdext->cmd.type == QXL_CMD_DRAW);
772 update = container_of(cmdext, SimpleSpiceUpdate, ext);
773 qemu_spice_destroy_update(&qxl->ssd, update);
774 return;
775 }
776
777
778
779
780
781 ring = &qxl->ram->release_ring;
782 SPICE_RING_PROD_ITEM(qxl, ring, item);
783 if (!item) {
784 return;
785 }
786 if (*item == 0) {
787
788 id = ext.info->id;
789 ext.info->next = 0;
790 qxl_ram_set_dirty(qxl, &ext.info->next);
791 *item = id;
792 qxl_ring_set_dirty(qxl);
793 } else {
794
795 qxl->last_release->next = ext.info->id;
796 qxl_ram_set_dirty(qxl, &qxl->last_release->next);
797 ext.info->next = 0;
798 qxl_ram_set_dirty(qxl, &ext.info->next);
799 }
800 qxl->last_release = ext.info;
801 qxl->num_free_res++;
802 trace_qxl_ring_res_put(qxl->id, qxl->num_free_res);
803 qxl_push_free_res(qxl, 0);
804}
805
806
807static int interface_get_cursor_command(QXLInstance *sin, struct QXLCommandExt *ext)
808{
809 PCIQXLDevice *qxl = container_of(sin, PCIQXLDevice, ssd.qxl);
810 QXLCursorRing *ring;
811 QXLCommand *cmd;
812 int notify;
813
814 trace_qxl_ring_cursor_check(qxl->id, qxl_mode_to_string(qxl->mode));
815
816 switch (qxl->mode) {
817 case QXL_MODE_COMPAT:
818 case QXL_MODE_NATIVE:
819 case QXL_MODE_UNDEFINED:
820 ring = &qxl->ram->cursor_ring;
821 if (SPICE_RING_IS_EMPTY(ring)) {
822 return false;
823 }
824 SPICE_RING_CONS_ITEM(qxl, ring, cmd);
825 if (!cmd) {
826 return false;
827 }
828 ext->cmd = *cmd;
829 ext->group_id = MEMSLOT_GROUP_GUEST;
830 ext->flags = qxl->cmdflags;
831 SPICE_RING_POP(ring, notify);
832 qxl_ring_set_dirty(qxl);
833 if (notify) {
834 qxl_send_events(qxl, QXL_INTERRUPT_CURSOR);
835 }
836 qxl->guest_primary.commands++;
837 qxl_track_command(qxl, ext);
838 qxl_log_command(qxl, "csr", ext);
839 if (qxl->id == 0) {
840 qxl_render_cursor(qxl, ext);
841 }
842 trace_qxl_ring_cursor_get(qxl->id, qxl_mode_to_string(qxl->mode));
843 return true;
844 default:
845 return false;
846 }
847}
848
849
850static int interface_req_cursor_notification(QXLInstance *sin)
851{
852 PCIQXLDevice *qxl = container_of(sin, PCIQXLDevice, ssd.qxl);
853 int wait = 1;
854
855 trace_qxl_ring_cursor_req_notification(qxl->id);
856 switch (qxl->mode) {
857 case QXL_MODE_COMPAT:
858 case QXL_MODE_NATIVE:
859 case QXL_MODE_UNDEFINED:
860 SPICE_RING_CONS_WAIT(&qxl->ram->cursor_ring, wait);
861 qxl_ring_set_dirty(qxl);
862 break;
863 default:
864
865 break;
866 }
867 return wait;
868}
869
870
871static void interface_notify_update(QXLInstance *sin, uint32_t update_id)
872{
873
874
875
876
877
878
879 fprintf(stderr, "%s: deprecated\n", __func__);
880}
881
882
883static int interface_flush_resources(QXLInstance *sin)
884{
885 PCIQXLDevice *qxl = container_of(sin, PCIQXLDevice, ssd.qxl);
886 int ret;
887
888 ret = qxl->num_free_res;
889 if (ret) {
890 qxl_push_free_res(qxl, 1);
891 }
892 return ret;
893}
894
895static void qxl_create_guest_primary_complete(PCIQXLDevice *d);
896
897
898static void interface_async_complete_io(PCIQXLDevice *qxl, QXLCookie *cookie)
899{
900 uint32_t current_async;
901
902 qemu_mutex_lock(&qxl->async_lock);
903 current_async = qxl->current_async;
904 qxl->current_async = QXL_UNDEFINED_IO;
905 qemu_mutex_unlock(&qxl->async_lock);
906
907 trace_qxl_interface_async_complete_io(qxl->id, current_async, cookie);
908 if (!cookie) {
909 fprintf(stderr, "qxl: %s: error, cookie is NULL\n", __func__);
910 return;
911 }
912 if (cookie && current_async != cookie->io) {
913 fprintf(stderr,
914 "qxl: %s: error: current_async = %d != %"
915 PRId64 " = cookie->io\n", __func__, current_async, cookie->io);
916 }
917 switch (current_async) {
918 case QXL_IO_MEMSLOT_ADD_ASYNC:
919 case QXL_IO_DESTROY_PRIMARY_ASYNC:
920 case QXL_IO_UPDATE_AREA_ASYNC:
921 case QXL_IO_FLUSH_SURFACES_ASYNC:
922 case QXL_IO_MONITORS_CONFIG_ASYNC:
923 break;
924 case QXL_IO_CREATE_PRIMARY_ASYNC:
925 qxl_create_guest_primary_complete(qxl);
926 break;
927 case QXL_IO_DESTROY_ALL_SURFACES_ASYNC:
928 qxl_spice_destroy_surfaces_complete(qxl);
929 break;
930 case QXL_IO_DESTROY_SURFACE_ASYNC:
931 qxl_spice_destroy_surface_wait_complete(qxl, cookie->u.surface_id);
932 break;
933 default:
934 fprintf(stderr, "qxl: %s: unexpected current_async %d\n", __func__,
935 current_async);
936 }
937 qxl_send_events(qxl, QXL_INTERRUPT_IO_CMD);
938}
939
940
941static void interface_update_area_complete(QXLInstance *sin,
942 uint32_t surface_id,
943 QXLRect *dirty, uint32_t num_updated_rects)
944{
945 PCIQXLDevice *qxl = container_of(sin, PCIQXLDevice, ssd.qxl);
946 int i;
947 int qxl_i;
948
949 qemu_mutex_lock(&qxl->ssd.lock);
950 if (surface_id != 0 || !num_updated_rects ||
951 !qxl->render_update_cookie_num) {
952 qemu_mutex_unlock(&qxl->ssd.lock);
953 return;
954 }
955 trace_qxl_interface_update_area_complete(qxl->id, surface_id, dirty->left,
956 dirty->right, dirty->top, dirty->bottom);
957 trace_qxl_interface_update_area_complete_rest(qxl->id, num_updated_rects);
958 if (qxl->num_dirty_rects + num_updated_rects > QXL_NUM_DIRTY_RECTS) {
959
960
961
962 trace_qxl_interface_update_area_complete_overflow(qxl->id,
963 QXL_NUM_DIRTY_RECTS);
964 qxl->guest_primary.resized = 1;
965 }
966 if (qxl->guest_primary.resized) {
967
968
969
970
971 qemu_mutex_unlock(&qxl->ssd.lock);
972 return;
973 }
974 qxl_i = qxl->num_dirty_rects;
975 for (i = 0; i < num_updated_rects; i++) {
976 qxl->dirty[qxl_i++] = dirty[i];
977 }
978 qxl->num_dirty_rects += num_updated_rects;
979 trace_qxl_interface_update_area_complete_schedule_bh(qxl->id,
980 qxl->num_dirty_rects);
981 qemu_bh_schedule(qxl->update_area_bh);
982 qemu_mutex_unlock(&qxl->ssd.lock);
983}
984
985
986static void interface_async_complete(QXLInstance *sin, uint64_t cookie_token)
987{
988 PCIQXLDevice *qxl = container_of(sin, PCIQXLDevice, ssd.qxl);
989 QXLCookie *cookie = (QXLCookie *)(uintptr_t)cookie_token;
990
991 switch (cookie->type) {
992 case QXL_COOKIE_TYPE_IO:
993 interface_async_complete_io(qxl, cookie);
994 g_free(cookie);
995 break;
996 case QXL_COOKIE_TYPE_RENDER_UPDATE_AREA:
997 qxl_render_update_area_done(qxl, cookie);
998 break;
999 case QXL_COOKIE_TYPE_POST_LOAD_MONITORS_CONFIG:
1000 break;
1001 default:
1002 fprintf(stderr, "qxl: %s: unexpected cookie type %d\n",
1003 __func__, cookie->type);
1004 g_free(cookie);
1005 }
1006}
1007
1008
1009static void interface_set_client_capabilities(QXLInstance *sin,
1010 uint8_t client_present,
1011 uint8_t caps[58])
1012{
1013 PCIQXLDevice *qxl = container_of(sin, PCIQXLDevice, ssd.qxl);
1014
1015 if (qxl->revision < 4) {
1016 trace_qxl_set_client_capabilities_unsupported_by_revision(qxl->id,
1017 qxl->revision);
1018 return;
1019 }
1020
1021 if (runstate_check(RUN_STATE_INMIGRATE) ||
1022 runstate_check(RUN_STATE_POSTMIGRATE)) {
1023 return;
1024 }
1025
1026 qxl->shadow_rom.client_present = client_present;
1027 memcpy(qxl->shadow_rom.client_capabilities, caps,
1028 sizeof(qxl->shadow_rom.client_capabilities));
1029 qxl->rom->client_present = client_present;
1030 memcpy(qxl->rom->client_capabilities, caps,
1031 sizeof(qxl->rom->client_capabilities));
1032 qxl_rom_set_dirty(qxl);
1033
1034 qxl_send_events(qxl, QXL_INTERRUPT_CLIENT);
1035}
1036
1037static bool qxl_rom_monitors_config_changed(QXLRom *rom,
1038 VDAgentMonitorsConfig *monitors_config,
1039 unsigned int max_outputs)
1040{
1041 int i;
1042 unsigned int monitors_count;
1043
1044 monitors_count = MIN(monitors_config->num_of_monitors, max_outputs);
1045
1046 if (rom->client_monitors_config.count != monitors_count) {
1047 return true;
1048 }
1049
1050 for (i = 0 ; i < rom->client_monitors_config.count ; ++i) {
1051 VDAgentMonConfig *monitor = &monitors_config->monitors[i];
1052 QXLURect *rect = &rom->client_monitors_config.heads[i];
1053
1054 if ((rect->left != monitor->x) ||
1055 (rect->top != monitor->y) ||
1056 (rect->right != monitor->x + monitor->width) ||
1057 (rect->bottom != monitor->y + monitor->height)) {
1058 return true;
1059 }
1060 }
1061
1062 return false;
1063}
1064
1065
1066static int interface_client_monitors_config(QXLInstance *sin,
1067 VDAgentMonitorsConfig *monitors_config)
1068{
1069 PCIQXLDevice *qxl = container_of(sin, PCIQXLDevice, ssd.qxl);
1070 QXLRom *rom = memory_region_get_ram_ptr(&qxl->rom_bar);
1071 int i;
1072 unsigned max_outputs = ARRAY_SIZE(rom->client_monitors_config.heads);
1073 bool config_changed = false;
1074
1075 if (qxl->revision < 4) {
1076 trace_qxl_client_monitors_config_unsupported_by_device(qxl->id,
1077 qxl->revision);
1078 return 0;
1079 }
1080
1081
1082
1083
1084
1085
1086 if (qxl->ram->int_mask == 0 || qxl->ram->int_mask == ~0 ||
1087 !(qxl->ram->int_mask & QXL_INTERRUPT_CLIENT_MONITORS_CONFIG)) {
1088 trace_qxl_client_monitors_config_unsupported_by_guest(qxl->id,
1089 qxl->ram->int_mask,
1090 monitors_config);
1091 return 0;
1092 }
1093 if (!monitors_config) {
1094 return 1;
1095 }
1096
1097#if SPICE_SERVER_VERSION >= 0x000c06
1098
1099 if (qxl->max_outputs && qxl->max_outputs <= max_outputs) {
1100 max_outputs = qxl->max_outputs;
1101 }
1102#endif
1103
1104 config_changed = qxl_rom_monitors_config_changed(rom,
1105 monitors_config,
1106 max_outputs);
1107
1108 memset(&rom->client_monitors_config, 0,
1109 sizeof(rom->client_monitors_config));
1110 rom->client_monitors_config.count = monitors_config->num_of_monitors;
1111
1112 if (rom->client_monitors_config.count >= max_outputs) {
1113 trace_qxl_client_monitors_config_capped(qxl->id,
1114 monitors_config->num_of_monitors,
1115 max_outputs);
1116 rom->client_monitors_config.count = max_outputs;
1117 }
1118 for (i = 0 ; i < rom->client_monitors_config.count ; ++i) {
1119 VDAgentMonConfig *monitor = &monitors_config->monitors[i];
1120 QXLURect *rect = &rom->client_monitors_config.heads[i];
1121
1122 rect->left = monitor->x;
1123 rect->top = monitor->y;
1124 rect->right = monitor->x + monitor->width;
1125 rect->bottom = monitor->y + monitor->height;
1126 }
1127 rom->client_monitors_config_crc = qxl_crc32(
1128 (const uint8_t *)&rom->client_monitors_config,
1129 sizeof(rom->client_monitors_config));
1130 trace_qxl_client_monitors_config_crc(qxl->id,
1131 sizeof(rom->client_monitors_config),
1132 rom->client_monitors_config_crc);
1133
1134 trace_qxl_interrupt_client_monitors_config(qxl->id,
1135 rom->client_monitors_config.count,
1136 rom->client_monitors_config.heads);
1137 if (config_changed) {
1138 qxl_send_events(qxl, QXL_INTERRUPT_CLIENT_MONITORS_CONFIG);
1139 }
1140 return 1;
1141}
1142
1143static const QXLInterface qxl_interface = {
1144 .base.type = SPICE_INTERFACE_QXL,
1145 .base.description = "qxl gpu",
1146 .base.major_version = SPICE_INTERFACE_QXL_MAJOR,
1147 .base.minor_version = SPICE_INTERFACE_QXL_MINOR,
1148
1149 .attache_worker = interface_attach_worker,
1150 .set_compression_level = interface_set_compression_level,
1151#if SPICE_NEEDS_SET_MM_TIME
1152 .set_mm_time = interface_set_mm_time,
1153#endif
1154 .get_init_info = interface_get_init_info,
1155
1156
1157 .get_command = interface_get_command,
1158 .req_cmd_notification = interface_req_cmd_notification,
1159 .release_resource = interface_release_resource,
1160 .get_cursor_command = interface_get_cursor_command,
1161 .req_cursor_notification = interface_req_cursor_notification,
1162 .notify_update = interface_notify_update,
1163 .flush_resources = interface_flush_resources,
1164 .async_complete = interface_async_complete,
1165 .update_area_complete = interface_update_area_complete,
1166 .set_client_capabilities = interface_set_client_capabilities,
1167 .client_monitors_config = interface_client_monitors_config,
1168};
1169
1170static const GraphicHwOps qxl_ops = {
1171 .gfx_update = qxl_hw_update,
1172};
1173
1174static void qxl_enter_vga_mode(PCIQXLDevice *d)
1175{
1176 if (d->mode == QXL_MODE_VGA) {
1177 return;
1178 }
1179 trace_qxl_enter_vga_mode(d->id);
1180#if SPICE_SERVER_VERSION >= 0x000c03
1181 spice_qxl_driver_unload(&d->ssd.qxl);
1182#endif
1183 graphic_console_set_hwops(d->ssd.dcl.con, d->vga.hw_ops, &d->vga);
1184 update_displaychangelistener(&d->ssd.dcl, GUI_REFRESH_INTERVAL_DEFAULT);
1185 qemu_spice_create_host_primary(&d->ssd);
1186 d->mode = QXL_MODE_VGA;
1187 qemu_spice_display_switch(&d->ssd, d->ssd.ds);
1188 vga_dirty_log_start(&d->vga);
1189 graphic_hw_update(d->vga.con);
1190}
1191
1192static void qxl_exit_vga_mode(PCIQXLDevice *d)
1193{
1194 if (d->mode != QXL_MODE_VGA) {
1195 return;
1196 }
1197 trace_qxl_exit_vga_mode(d->id);
1198 graphic_console_set_hwops(d->ssd.dcl.con, &qxl_ops, d);
1199 update_displaychangelistener(&d->ssd.dcl, GUI_REFRESH_INTERVAL_IDLE);
1200 vga_dirty_log_stop(&d->vga);
1201 qxl_destroy_primary(d, QXL_SYNC);
1202}
1203
1204static void qxl_update_irq(PCIQXLDevice *d)
1205{
1206 uint32_t pending = le32_to_cpu(d->ram->int_pending);
1207 uint32_t mask = le32_to_cpu(d->ram->int_mask);
1208 int level = !!(pending & mask);
1209 pci_set_irq(&d->pci, level);
1210 qxl_ring_set_dirty(d);
1211}
1212
1213static void qxl_check_state(PCIQXLDevice *d)
1214{
1215 QXLRam *ram = d->ram;
1216 int spice_display_running = qemu_spice_display_is_running(&d->ssd);
1217
1218 assert(!spice_display_running || SPICE_RING_IS_EMPTY(&ram->cmd_ring));
1219 assert(!spice_display_running || SPICE_RING_IS_EMPTY(&ram->cursor_ring));
1220}
1221
1222static void qxl_reset_state(PCIQXLDevice *d)
1223{
1224 QXLRom *rom = d->rom;
1225
1226 qxl_check_state(d);
1227 d->shadow_rom.update_id = cpu_to_le32(0);
1228 *rom = d->shadow_rom;
1229 qxl_rom_set_dirty(d);
1230 init_qxl_ram(d);
1231 d->num_free_res = 0;
1232 d->last_release = NULL;
1233 memset(&d->ssd.dirty, 0, sizeof(d->ssd.dirty));
1234 qxl_update_irq(d);
1235}
1236
1237static void qxl_soft_reset(PCIQXLDevice *d)
1238{
1239 trace_qxl_soft_reset(d->id);
1240 qxl_check_state(d);
1241 qxl_clear_guest_bug(d);
1242 qemu_mutex_lock(&d->async_lock);
1243 d->current_async = QXL_UNDEFINED_IO;
1244 qemu_mutex_unlock(&d->async_lock);
1245
1246 if (d->id == 0) {
1247 qxl_enter_vga_mode(d);
1248 } else {
1249 d->mode = QXL_MODE_UNDEFINED;
1250 }
1251}
1252
1253static void qxl_hard_reset(PCIQXLDevice *d, int loadvm)
1254{
1255 bool startstop = qemu_spice_display_is_running(&d->ssd);
1256
1257 trace_qxl_hard_reset(d->id, loadvm);
1258
1259 if (startstop) {
1260 qemu_spice_display_stop();
1261 }
1262
1263 qxl_spice_reset_cursor(d);
1264 qxl_spice_reset_image_cache(d);
1265 qxl_reset_surfaces(d);
1266 qxl_reset_memslots(d);
1267
1268
1269
1270
1271 if (!loadvm) {
1272 qxl_reset_state(d);
1273 }
1274 qemu_spice_create_host_memslot(&d->ssd);
1275 qxl_soft_reset(d);
1276
1277 if (d->migration_blocker) {
1278 migrate_del_blocker(d->migration_blocker);
1279 error_free(d->migration_blocker);
1280 d->migration_blocker = NULL;
1281 }
1282
1283 if (startstop) {
1284 qemu_spice_display_start();
1285 }
1286}
1287
1288static void qxl_reset_handler(DeviceState *dev)
1289{
1290 PCIQXLDevice *d = PCI_QXL(PCI_DEVICE(dev));
1291
1292 qxl_hard_reset(d, 0);
1293}
1294
1295static void qxl_vga_ioport_write(void *opaque, uint32_t addr, uint32_t val)
1296{
1297 VGACommonState *vga = opaque;
1298 PCIQXLDevice *qxl = container_of(vga, PCIQXLDevice, vga);
1299
1300 trace_qxl_io_write_vga(qxl->id, qxl_mode_to_string(qxl->mode), addr, val);
1301 if (qxl->mode != QXL_MODE_VGA) {
1302 qxl_destroy_primary(qxl, QXL_SYNC);
1303 qxl_soft_reset(qxl);
1304 }
1305 vga_ioport_write(opaque, addr, val);
1306}
1307
1308static const MemoryRegionPortio qxl_vga_portio_list[] = {
1309 { 0x04, 2, 1, .read = vga_ioport_read,
1310 .write = qxl_vga_ioport_write },
1311 { 0x0a, 1, 1, .read = vga_ioport_read,
1312 .write = qxl_vga_ioport_write },
1313 { 0x10, 16, 1, .read = vga_ioport_read,
1314 .write = qxl_vga_ioport_write },
1315 { 0x24, 2, 1, .read = vga_ioport_read,
1316 .write = qxl_vga_ioport_write },
1317 { 0x2a, 1, 1, .read = vga_ioport_read,
1318 .write = qxl_vga_ioport_write },
1319 PORTIO_END_OF_LIST(),
1320};
1321
1322static int qxl_add_memslot(PCIQXLDevice *d, uint32_t slot_id, uint64_t delta,
1323 qxl_async_io async)
1324{
1325 static const int regions[] = {
1326 QXL_RAM_RANGE_INDEX,
1327 QXL_VRAM_RANGE_INDEX,
1328 QXL_VRAM64_RANGE_INDEX,
1329 };
1330 uint64_t guest_start;
1331 uint64_t guest_end;
1332 int pci_region;
1333 pcibus_t pci_start;
1334 pcibus_t pci_end;
1335 MemoryRegion *mr;
1336 intptr_t virt_start;
1337 QXLDevMemSlot memslot;
1338 int i;
1339
1340 guest_start = le64_to_cpu(d->guest_slots[slot_id].slot.mem_start);
1341 guest_end = le64_to_cpu(d->guest_slots[slot_id].slot.mem_end);
1342
1343 trace_qxl_memslot_add_guest(d->id, slot_id, guest_start, guest_end);
1344
1345 if (slot_id >= NUM_MEMSLOTS) {
1346 qxl_set_guest_bug(d, "%s: slot_id >= NUM_MEMSLOTS %d >= %d", __func__,
1347 slot_id, NUM_MEMSLOTS);
1348 return 1;
1349 }
1350 if (guest_start > guest_end) {
1351 qxl_set_guest_bug(d, "%s: guest_start > guest_end 0x%" PRIx64
1352 " > 0x%" PRIx64, __func__, guest_start, guest_end);
1353 return 1;
1354 }
1355
1356 for (i = 0; i < ARRAY_SIZE(regions); i++) {
1357 pci_region = regions[i];
1358 pci_start = d->pci.io_regions[pci_region].addr;
1359 pci_end = pci_start + d->pci.io_regions[pci_region].size;
1360
1361 if (pci_start == -1) {
1362 continue;
1363 }
1364
1365 if (guest_start < pci_start || guest_start > pci_end) {
1366 continue;
1367 }
1368
1369 if (guest_end > pci_end) {
1370 continue;
1371 }
1372
1373 break;
1374 }
1375 if (i == ARRAY_SIZE(regions)) {
1376 qxl_set_guest_bug(d, "%s: finished loop without match", __func__);
1377 return 1;
1378 }
1379
1380 switch (pci_region) {
1381 case QXL_RAM_RANGE_INDEX:
1382 mr = &d->vga.vram;
1383 break;
1384 case QXL_VRAM_RANGE_INDEX:
1385 case 4 :
1386 mr = &d->vram_bar;
1387 break;
1388 default:
1389
1390 qxl_set_guest_bug(d, "%s: pci_region = %d", __func__, pci_region);
1391 return 1;
1392 }
1393
1394 virt_start = (intptr_t)memory_region_get_ram_ptr(mr);
1395 memslot.slot_id = slot_id;
1396 memslot.slot_group_id = MEMSLOT_GROUP_GUEST;
1397 memslot.virt_start = virt_start + (guest_start - pci_start);
1398 memslot.virt_end = virt_start + (guest_end - pci_start);
1399 memslot.addr_delta = memslot.virt_start - delta;
1400 memslot.generation = d->rom->slot_generation = 0;
1401 qxl_rom_set_dirty(d);
1402
1403 qemu_spice_add_memslot(&d->ssd, &memslot, async);
1404 d->guest_slots[slot_id].mr = mr;
1405 d->guest_slots[slot_id].offset = memslot.virt_start - virt_start;
1406 d->guest_slots[slot_id].size = memslot.virt_end - memslot.virt_start;
1407 d->guest_slots[slot_id].delta = delta;
1408 d->guest_slots[slot_id].active = 1;
1409 return 0;
1410}
1411
1412static void qxl_del_memslot(PCIQXLDevice *d, uint32_t slot_id)
1413{
1414 qemu_spice_del_memslot(&d->ssd, MEMSLOT_GROUP_HOST, slot_id);
1415 d->guest_slots[slot_id].active = 0;
1416}
1417
1418static void qxl_reset_memslots(PCIQXLDevice *d)
1419{
1420 qxl_spice_reset_memslots(d);
1421 memset(&d->guest_slots, 0, sizeof(d->guest_slots));
1422}
1423
1424static void qxl_reset_surfaces(PCIQXLDevice *d)
1425{
1426 trace_qxl_reset_surfaces(d->id);
1427 d->mode = QXL_MODE_UNDEFINED;
1428 qxl_spice_destroy_surfaces(d, QXL_SYNC);
1429}
1430
1431
1432static bool qxl_get_check_slot_offset(PCIQXLDevice *qxl, QXLPHYSICAL pqxl,
1433 uint32_t *s, uint64_t *o)
1434{
1435 uint64_t phys = le64_to_cpu(pqxl);
1436 uint32_t slot = (phys >> (64 - 8)) & 0xff;
1437 uint64_t offset = phys & 0xffffffffffff;
1438
1439 if (slot >= NUM_MEMSLOTS) {
1440 qxl_set_guest_bug(qxl, "slot too large %d >= %d", slot,
1441 NUM_MEMSLOTS);
1442 return false;
1443 }
1444 if (!qxl->guest_slots[slot].active) {
1445 qxl_set_guest_bug(qxl, "inactive slot %d\n", slot);
1446 return false;
1447 }
1448 if (offset < qxl->guest_slots[slot].delta) {
1449 qxl_set_guest_bug(qxl,
1450 "slot %d offset %"PRIu64" < delta %"PRIu64"\n",
1451 slot, offset, qxl->guest_slots[slot].delta);
1452 return false;
1453 }
1454 offset -= qxl->guest_slots[slot].delta;
1455 if (offset > qxl->guest_slots[slot].size) {
1456 qxl_set_guest_bug(qxl,
1457 "slot %d offset %"PRIu64" > size %"PRIu64"\n",
1458 slot, offset, qxl->guest_slots[slot].size);
1459 return false;
1460 }
1461
1462 *s = slot;
1463 *o = offset;
1464 return true;
1465}
1466
1467
1468void *qxl_phys2virt(PCIQXLDevice *qxl, QXLPHYSICAL pqxl, int group_id)
1469{
1470 uint64_t offset;
1471 uint32_t slot;
1472 void *ptr;
1473
1474 switch (group_id) {
1475 case MEMSLOT_GROUP_HOST:
1476 offset = le64_to_cpu(pqxl) & 0xffffffffffff;
1477 return (void *)(intptr_t)offset;
1478 case MEMSLOT_GROUP_GUEST:
1479 if (!qxl_get_check_slot_offset(qxl, pqxl, &slot, &offset)) {
1480 return NULL;
1481 }
1482 ptr = memory_region_get_ram_ptr(qxl->guest_slots[slot].mr);
1483 ptr += qxl->guest_slots[slot].offset;
1484 ptr += offset;
1485 return ptr;
1486 }
1487 return NULL;
1488}
1489
1490static void qxl_create_guest_primary_complete(PCIQXLDevice *qxl)
1491{
1492
1493 qxl_render_resize(qxl);
1494}
1495
1496static void qxl_create_guest_primary(PCIQXLDevice *qxl, int loadvm,
1497 qxl_async_io async)
1498{
1499 QXLDevSurfaceCreate surface;
1500 QXLSurfaceCreate *sc = &qxl->guest_primary.surface;
1501 uint32_t requested_height = le32_to_cpu(sc->height);
1502 int requested_stride = le32_to_cpu(sc->stride);
1503
1504 if (requested_stride == INT32_MIN ||
1505 abs(requested_stride) * (uint64_t)requested_height
1506 > qxl->vgamem_size) {
1507 qxl_set_guest_bug(qxl, "%s: requested primary larger than framebuffer"
1508 " stride %d x height %" PRIu32 " > %" PRIu32,
1509 __func__, requested_stride, requested_height,
1510 qxl->vgamem_size);
1511 return;
1512 }
1513
1514 if (qxl->mode == QXL_MODE_NATIVE) {
1515 qxl_set_guest_bug(qxl, "%s: nop since already in QXL_MODE_NATIVE",
1516 __func__);
1517 }
1518 qxl_exit_vga_mode(qxl);
1519
1520 surface.format = le32_to_cpu(sc->format);
1521 surface.height = le32_to_cpu(sc->height);
1522 surface.mem = le64_to_cpu(sc->mem);
1523 surface.position = le32_to_cpu(sc->position);
1524 surface.stride = le32_to_cpu(sc->stride);
1525 surface.width = le32_to_cpu(sc->width);
1526 surface.type = le32_to_cpu(sc->type);
1527 surface.flags = le32_to_cpu(sc->flags);
1528 trace_qxl_create_guest_primary(qxl->id, sc->width, sc->height, sc->mem,
1529 sc->format, sc->position);
1530 trace_qxl_create_guest_primary_rest(qxl->id, sc->stride, sc->type,
1531 sc->flags);
1532
1533 if ((surface.stride & 0x3) != 0) {
1534 qxl_set_guest_bug(qxl, "primary surface stride = %d %% 4 != 0",
1535 surface.stride);
1536 return;
1537 }
1538
1539 surface.mouse_mode = true;
1540 surface.group_id = MEMSLOT_GROUP_GUEST;
1541 if (loadvm) {
1542 surface.flags |= QXL_SURF_FLAG_KEEP_DATA;
1543 }
1544
1545 qxl->mode = QXL_MODE_NATIVE;
1546 qxl->cmdflags = 0;
1547 qemu_spice_create_primary_surface(&qxl->ssd, 0, &surface, async);
1548
1549 if (async == QXL_SYNC) {
1550 qxl_create_guest_primary_complete(qxl);
1551 }
1552}
1553
1554
1555
1556static int qxl_destroy_primary(PCIQXLDevice *d, qxl_async_io async)
1557{
1558 if (d->mode == QXL_MODE_UNDEFINED) {
1559 return 0;
1560 }
1561 trace_qxl_destroy_primary(d->id);
1562 d->mode = QXL_MODE_UNDEFINED;
1563 qemu_spice_destroy_primary_surface(&d->ssd, 0, async);
1564 qxl_spice_reset_cursor(d);
1565 return 1;
1566}
1567
1568static void qxl_set_mode(PCIQXLDevice *d, unsigned int modenr, int loadvm)
1569{
1570 pcibus_t start = d->pci.io_regions[QXL_RAM_RANGE_INDEX].addr;
1571 pcibus_t end = d->pci.io_regions[QXL_RAM_RANGE_INDEX].size + start;
1572 QXLMode *mode = d->modes->modes + modenr;
1573 uint64_t devmem = d->pci.io_regions[QXL_RAM_RANGE_INDEX].addr;
1574 QXLMemSlot slot = {
1575 .mem_start = start,
1576 .mem_end = end
1577 };
1578
1579 if (modenr >= d->modes->n_modes) {
1580 qxl_set_guest_bug(d, "mode number out of range");
1581 return;
1582 }
1583
1584 QXLSurfaceCreate surface = {
1585 .width = mode->x_res,
1586 .height = mode->y_res,
1587 .stride = -mode->x_res * 4,
1588 .format = SPICE_SURFACE_FMT_32_xRGB,
1589 .flags = loadvm ? QXL_SURF_FLAG_KEEP_DATA : 0,
1590 .mouse_mode = true,
1591 .mem = devmem + d->shadow_rom.draw_area_offset,
1592 };
1593
1594 trace_qxl_set_mode(d->id, modenr, mode->x_res, mode->y_res, mode->bits,
1595 devmem);
1596 if (!loadvm) {
1597 qxl_hard_reset(d, 0);
1598 }
1599
1600 d->guest_slots[0].slot = slot;
1601 assert(qxl_add_memslot(d, 0, devmem, QXL_SYNC) == 0);
1602
1603 d->guest_primary.surface = surface;
1604 qxl_create_guest_primary(d, 0, QXL_SYNC);
1605
1606 d->mode = QXL_MODE_COMPAT;
1607 d->cmdflags = QXL_COMMAND_FLAG_COMPAT;
1608 if (mode->bits == 16) {
1609 d->cmdflags |= QXL_COMMAND_FLAG_COMPAT_16BPP;
1610 }
1611 d->shadow_rom.mode = cpu_to_le32(modenr);
1612 d->rom->mode = cpu_to_le32(modenr);
1613 qxl_rom_set_dirty(d);
1614}
1615
1616static void ioport_write(void *opaque, hwaddr addr,
1617 uint64_t val, unsigned size)
1618{
1619 PCIQXLDevice *d = opaque;
1620 uint32_t io_port = addr;
1621 qxl_async_io async = QXL_SYNC;
1622 uint32_t orig_io_port = io_port;
1623
1624 if (d->guest_bug && io_port != QXL_IO_RESET) {
1625 return;
1626 }
1627
1628 if (d->revision <= QXL_REVISION_STABLE_V10 &&
1629 io_port > QXL_IO_FLUSH_RELEASE) {
1630 qxl_set_guest_bug(d, "unsupported io %d for revision %d\n",
1631 io_port, d->revision);
1632 return;
1633 }
1634
1635 switch (io_port) {
1636 case QXL_IO_RESET:
1637 case QXL_IO_SET_MODE:
1638 case QXL_IO_MEMSLOT_ADD:
1639 case QXL_IO_MEMSLOT_DEL:
1640 case QXL_IO_CREATE_PRIMARY:
1641 case QXL_IO_UPDATE_IRQ:
1642 case QXL_IO_LOG:
1643 case QXL_IO_MEMSLOT_ADD_ASYNC:
1644 case QXL_IO_CREATE_PRIMARY_ASYNC:
1645 break;
1646 default:
1647 if (d->mode != QXL_MODE_VGA) {
1648 break;
1649 }
1650 trace_qxl_io_unexpected_vga_mode(d->id,
1651 addr, val, io_port_to_string(io_port));
1652
1653 if (io_port >= QXL_IO_UPDATE_AREA_ASYNC &&
1654 io_port < QXL_IO_RANGE_SIZE) {
1655 qxl_send_events(d, QXL_INTERRUPT_IO_CMD);
1656 }
1657 return;
1658 }
1659
1660
1661 orig_io_port = io_port;
1662 switch (io_port) {
1663 case QXL_IO_UPDATE_AREA_ASYNC:
1664 io_port = QXL_IO_UPDATE_AREA;
1665 goto async_common;
1666 case QXL_IO_MEMSLOT_ADD_ASYNC:
1667 io_port = QXL_IO_MEMSLOT_ADD;
1668 goto async_common;
1669 case QXL_IO_CREATE_PRIMARY_ASYNC:
1670 io_port = QXL_IO_CREATE_PRIMARY;
1671 goto async_common;
1672 case QXL_IO_DESTROY_PRIMARY_ASYNC:
1673 io_port = QXL_IO_DESTROY_PRIMARY;
1674 goto async_common;
1675 case QXL_IO_DESTROY_SURFACE_ASYNC:
1676 io_port = QXL_IO_DESTROY_SURFACE_WAIT;
1677 goto async_common;
1678 case QXL_IO_DESTROY_ALL_SURFACES_ASYNC:
1679 io_port = QXL_IO_DESTROY_ALL_SURFACES;
1680 goto async_common;
1681 case QXL_IO_FLUSH_SURFACES_ASYNC:
1682 case QXL_IO_MONITORS_CONFIG_ASYNC:
1683async_common:
1684 async = QXL_ASYNC;
1685 qemu_mutex_lock(&d->async_lock);
1686 if (d->current_async != QXL_UNDEFINED_IO) {
1687 qxl_set_guest_bug(d, "%d async started before last (%d) complete",
1688 io_port, d->current_async);
1689 qemu_mutex_unlock(&d->async_lock);
1690 return;
1691 }
1692 d->current_async = orig_io_port;
1693 qemu_mutex_unlock(&d->async_lock);
1694 break;
1695 default:
1696 break;
1697 }
1698 trace_qxl_io_write(d->id, qxl_mode_to_string(d->mode),
1699 addr, io_port_to_string(addr),
1700 val, size, async);
1701
1702 switch (io_port) {
1703 case QXL_IO_UPDATE_AREA:
1704 {
1705 QXLCookie *cookie = NULL;
1706 QXLRect update = d->ram->update_area;
1707
1708 if (d->ram->update_surface > d->ssd.num_surfaces) {
1709 qxl_set_guest_bug(d, "QXL_IO_UPDATE_AREA: invalid surface id %d\n",
1710 d->ram->update_surface);
1711 break;
1712 }
1713 if (update.left >= update.right || update.top >= update.bottom ||
1714 update.left < 0 || update.top < 0) {
1715 qxl_set_guest_bug(d,
1716 "QXL_IO_UPDATE_AREA: invalid area (%ux%u)x(%ux%u)\n",
1717 update.left, update.top, update.right, update.bottom);
1718 if (update.left == update.right || update.top == update.bottom) {
1719
1720 qxl_clear_guest_bug(d);
1721 goto cancel_async;
1722 }
1723 break;
1724 }
1725 if (async == QXL_ASYNC) {
1726 cookie = qxl_cookie_new(QXL_COOKIE_TYPE_IO,
1727 QXL_IO_UPDATE_AREA_ASYNC);
1728 cookie->u.area = update;
1729 }
1730 qxl_spice_update_area(d, d->ram->update_surface,
1731 cookie ? &cookie->u.area : &update,
1732 NULL, 0, 0, async, cookie);
1733 break;
1734 }
1735 case QXL_IO_NOTIFY_CMD:
1736 qemu_spice_wakeup(&d->ssd);
1737 break;
1738 case QXL_IO_NOTIFY_CURSOR:
1739 qemu_spice_wakeup(&d->ssd);
1740 break;
1741 case QXL_IO_UPDATE_IRQ:
1742 qxl_update_irq(d);
1743 break;
1744 case QXL_IO_NOTIFY_OOM:
1745 if (!SPICE_RING_IS_EMPTY(&d->ram->release_ring)) {
1746 break;
1747 }
1748 d->oom_running = 1;
1749 qxl_spice_oom(d);
1750 d->oom_running = 0;
1751 break;
1752 case QXL_IO_SET_MODE:
1753 qxl_set_mode(d, val, 0);
1754 break;
1755 case QXL_IO_LOG:
1756 trace_qxl_io_log(d->id, d->ram->log_buf);
1757 if (d->guestdebug) {
1758 fprintf(stderr, "qxl/guest-%d: %" PRId64 ": %s", d->id,
1759 qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL), d->ram->log_buf);
1760 }
1761 break;
1762 case QXL_IO_RESET:
1763 qxl_hard_reset(d, 0);
1764 break;
1765 case QXL_IO_MEMSLOT_ADD:
1766 if (val >= NUM_MEMSLOTS) {
1767 qxl_set_guest_bug(d, "QXL_IO_MEMSLOT_ADD: val out of range");
1768 break;
1769 }
1770 if (d->guest_slots[val].active) {
1771 qxl_set_guest_bug(d,
1772 "QXL_IO_MEMSLOT_ADD: memory slot already active");
1773 break;
1774 }
1775 d->guest_slots[val].slot = d->ram->mem_slot;
1776 qxl_add_memslot(d, val, 0, async);
1777 break;
1778 case QXL_IO_MEMSLOT_DEL:
1779 if (val >= NUM_MEMSLOTS) {
1780 qxl_set_guest_bug(d, "QXL_IO_MEMSLOT_DEL: val out of range");
1781 break;
1782 }
1783 qxl_del_memslot(d, val);
1784 break;
1785 case QXL_IO_CREATE_PRIMARY:
1786 if (val != 0) {
1787 qxl_set_guest_bug(d, "QXL_IO_CREATE_PRIMARY (async=%d): val != 0",
1788 async);
1789 goto cancel_async;
1790 }
1791 d->guest_primary.surface = d->ram->create_surface;
1792 qxl_create_guest_primary(d, 0, async);
1793 break;
1794 case QXL_IO_DESTROY_PRIMARY:
1795 if (val != 0) {
1796 qxl_set_guest_bug(d, "QXL_IO_DESTROY_PRIMARY (async=%d): val != 0",
1797 async);
1798 goto cancel_async;
1799 }
1800 if (!qxl_destroy_primary(d, async)) {
1801 trace_qxl_io_destroy_primary_ignored(d->id,
1802 qxl_mode_to_string(d->mode));
1803 goto cancel_async;
1804 }
1805 break;
1806 case QXL_IO_DESTROY_SURFACE_WAIT:
1807 if (val >= d->ssd.num_surfaces) {
1808 qxl_set_guest_bug(d, "QXL_IO_DESTROY_SURFACE (async=%d):"
1809 "%" PRIu64 " >= NUM_SURFACES", async, val);
1810 goto cancel_async;
1811 }
1812 qxl_spice_destroy_surface_wait(d, val, async);
1813 break;
1814 case QXL_IO_FLUSH_RELEASE: {
1815 QXLReleaseRing *ring = &d->ram->release_ring;
1816 if (ring->prod - ring->cons + 1 == ring->num_items) {
1817 fprintf(stderr,
1818 "ERROR: no flush, full release ring [p%d,%dc]\n",
1819 ring->prod, ring->cons);
1820 }
1821 qxl_push_free_res(d, 1 );
1822 break;
1823 }
1824 case QXL_IO_FLUSH_SURFACES_ASYNC:
1825 qxl_spice_flush_surfaces_async(d);
1826 break;
1827 case QXL_IO_DESTROY_ALL_SURFACES:
1828 d->mode = QXL_MODE_UNDEFINED;
1829 qxl_spice_destroy_surfaces(d, async);
1830 break;
1831 case QXL_IO_MONITORS_CONFIG_ASYNC:
1832 qxl_spice_monitors_config_async(d, 0);
1833 break;
1834 default:
1835 qxl_set_guest_bug(d, "%s: unexpected ioport=0x%x\n", __func__, io_port);
1836 }
1837 return;
1838cancel_async:
1839 if (async) {
1840 qxl_send_events(d, QXL_INTERRUPT_IO_CMD);
1841 qemu_mutex_lock(&d->async_lock);
1842 d->current_async = QXL_UNDEFINED_IO;
1843 qemu_mutex_unlock(&d->async_lock);
1844 }
1845}
1846
1847static uint64_t ioport_read(void *opaque, hwaddr addr,
1848 unsigned size)
1849{
1850 PCIQXLDevice *qxl = opaque;
1851
1852 trace_qxl_io_read_unexpected(qxl->id);
1853 return 0xff;
1854}
1855
1856static const MemoryRegionOps qxl_io_ops = {
1857 .read = ioport_read,
1858 .write = ioport_write,
1859 .valid = {
1860 .min_access_size = 1,
1861 .max_access_size = 1,
1862 },
1863};
1864
1865static void qxl_update_irq_bh(void *opaque)
1866{
1867 PCIQXLDevice *d = opaque;
1868 qxl_update_irq(d);
1869}
1870
1871static void qxl_send_events(PCIQXLDevice *d, uint32_t events)
1872{
1873 uint32_t old_pending;
1874 uint32_t le_events = cpu_to_le32(events);
1875
1876 trace_qxl_send_events(d->id, events);
1877 if (!qemu_spice_display_is_running(&d->ssd)) {
1878
1879 fprintf(stderr, "%s: spice-server bug: guest stopped, ignoring\n",
1880 __func__);
1881 trace_qxl_send_events_vm_stopped(d->id, events);
1882 return;
1883 }
1884 old_pending = atomic_fetch_or(&d->ram->int_pending, le_events);
1885 if ((old_pending & le_events) == le_events) {
1886 return;
1887 }
1888 qemu_bh_schedule(d->update_irq);
1889}
1890
1891
1892
1893static void qxl_hw_update(void *opaque)
1894{
1895 PCIQXLDevice *qxl = opaque;
1896
1897 qxl_render_update(qxl);
1898}
1899
1900static void qxl_dirty_one_surface(PCIQXLDevice *qxl, QXLPHYSICAL pqxl,
1901 uint32_t height, int32_t stride)
1902{
1903 uint64_t offset, size;
1904 uint32_t slot;
1905 bool rc;
1906
1907 rc = qxl_get_check_slot_offset(qxl, pqxl, &slot, &offset);
1908 assert(rc == true);
1909 size = (uint64_t)height * abs(stride);
1910 trace_qxl_surfaces_dirty(qxl->id, offset, size);
1911 qxl_set_dirty(qxl->guest_slots[slot].mr,
1912 qxl->guest_slots[slot].offset + offset,
1913 qxl->guest_slots[slot].offset + offset + size);
1914}
1915
1916static void qxl_dirty_surfaces(PCIQXLDevice *qxl)
1917{
1918 int i;
1919
1920 if (qxl->mode != QXL_MODE_NATIVE && qxl->mode != QXL_MODE_COMPAT) {
1921 return;
1922 }
1923
1924
1925 qxl_dirty_one_surface(qxl, qxl->guest_primary.surface.mem,
1926 qxl->guest_primary.surface.height,
1927 qxl->guest_primary.surface.stride);
1928
1929
1930 for (i = 0; i < qxl->ssd.num_surfaces; i++) {
1931 QXLSurfaceCmd *cmd;
1932
1933 if (qxl->guest_surfaces.cmds[i] == 0) {
1934 continue;
1935 }
1936
1937 cmd = qxl_phys2virt(qxl, qxl->guest_surfaces.cmds[i],
1938 MEMSLOT_GROUP_GUEST);
1939 assert(cmd);
1940 assert(cmd->type == QXL_SURFACE_CMD_CREATE);
1941 qxl_dirty_one_surface(qxl, cmd->u.surface_create.data,
1942 cmd->u.surface_create.height,
1943 cmd->u.surface_create.stride);
1944 }
1945}
1946
1947static void qxl_vm_change_state_handler(void *opaque, int running,
1948 RunState state)
1949{
1950 PCIQXLDevice *qxl = opaque;
1951
1952 if (running) {
1953
1954
1955
1956
1957
1958 qxl_update_irq(qxl);
1959 } else {
1960
1961 qxl_dirty_surfaces(qxl);
1962 }
1963}
1964
1965
1966
1967static void display_update(DisplayChangeListener *dcl,
1968 int x, int y, int w, int h)
1969{
1970 PCIQXLDevice *qxl = container_of(dcl, PCIQXLDevice, ssd.dcl);
1971
1972 if (qxl->mode == QXL_MODE_VGA) {
1973 qemu_spice_display_update(&qxl->ssd, x, y, w, h);
1974 }
1975}
1976
1977static void display_switch(DisplayChangeListener *dcl,
1978 struct DisplaySurface *surface)
1979{
1980 PCIQXLDevice *qxl = container_of(dcl, PCIQXLDevice, ssd.dcl);
1981
1982 qxl->ssd.ds = surface;
1983 if (qxl->mode == QXL_MODE_VGA) {
1984 qemu_spice_display_switch(&qxl->ssd, surface);
1985 }
1986}
1987
1988static void display_refresh(DisplayChangeListener *dcl)
1989{
1990 PCIQXLDevice *qxl = container_of(dcl, PCIQXLDevice, ssd.dcl);
1991
1992 if (qxl->mode == QXL_MODE_VGA) {
1993 qemu_spice_display_refresh(&qxl->ssd);
1994 }
1995}
1996
1997static DisplayChangeListenerOps display_listener_ops = {
1998 .dpy_name = "spice/qxl",
1999 .dpy_gfx_update = display_update,
2000 .dpy_gfx_switch = display_switch,
2001 .dpy_refresh = display_refresh,
2002};
2003
2004static void qxl_init_ramsize(PCIQXLDevice *qxl)
2005{
2006
2007 if (qxl->vgamem_size_mb < 8) {
2008 qxl->vgamem_size_mb = 8;
2009 }
2010
2011
2012
2013 if (qxl->vgamem_size_mb > 256) {
2014 qxl->vgamem_size_mb = 256;
2015 }
2016 qxl->vgamem_size = qxl->vgamem_size_mb * MiB;
2017
2018
2019 if (qxl->ram_size_mb != -1) {
2020 qxl->vga.vram_size = qxl->ram_size_mb * MiB;
2021 }
2022 if (qxl->vga.vram_size < qxl->vgamem_size * 2) {
2023 qxl->vga.vram_size = qxl->vgamem_size * 2;
2024 }
2025
2026
2027 if (qxl->vram32_size_mb != -1) {
2028 qxl->vram32_size = qxl->vram32_size_mb * MiB;
2029 }
2030 if (qxl->vram32_size < 4096) {
2031 qxl->vram32_size = 4096;
2032 }
2033
2034
2035 if (qxl->vram_size_mb != -1) {
2036 qxl->vram_size = (uint64_t)qxl->vram_size_mb * MiB;
2037 }
2038 if (qxl->vram_size < qxl->vram32_size) {
2039 qxl->vram_size = qxl->vram32_size;
2040 }
2041
2042 if (qxl->revision == 1) {
2043 qxl->vram32_size = 4096;
2044 qxl->vram_size = 4096;
2045 }
2046 qxl->vgamem_size = pow2ceil(qxl->vgamem_size);
2047 qxl->vga.vram_size = pow2ceil(qxl->vga.vram_size);
2048 qxl->vram32_size = pow2ceil(qxl->vram32_size);
2049 qxl->vram_size = pow2ceil(qxl->vram_size);
2050}
2051
2052static void qxl_realize_common(PCIQXLDevice *qxl, Error **errp)
2053{
2054 uint8_t* config = qxl->pci.config;
2055 uint32_t pci_device_rev;
2056 uint32_t io_size;
2057
2058 qemu_spice_display_init_common(&qxl->ssd);
2059 qxl->mode = QXL_MODE_UNDEFINED;
2060 qxl->generation = 1;
2061 qxl->num_memslots = NUM_MEMSLOTS;
2062 qemu_mutex_init(&qxl->track_lock);
2063 qemu_mutex_init(&qxl->async_lock);
2064 qxl->current_async = QXL_UNDEFINED_IO;
2065 qxl->guest_bug = 0;
2066
2067 switch (qxl->revision) {
2068 case 1:
2069 pci_device_rev = QXL_REVISION_STABLE_V04;
2070 io_size = 8;
2071 break;
2072 case 2:
2073 pci_device_rev = QXL_REVISION_STABLE_V06;
2074 io_size = 16;
2075 break;
2076 case 3:
2077 pci_device_rev = QXL_REVISION_STABLE_V10;
2078 io_size = 32;
2079 break;
2080 case 4:
2081 pci_device_rev = QXL_REVISION_STABLE_V12;
2082 io_size = pow2ceil(QXL_IO_RANGE_SIZE);
2083 break;
2084 default:
2085 error_setg(errp, "Invalid revision %d for qxl device (max %d)",
2086 qxl->revision, QXL_DEFAULT_REVISION);
2087 return;
2088 }
2089
2090 pci_set_byte(&config[PCI_REVISION_ID], pci_device_rev);
2091 pci_set_byte(&config[PCI_INTERRUPT_PIN], 1);
2092
2093 qxl->rom_size = qxl_rom_size();
2094 memory_region_init_ram(&qxl->rom_bar, OBJECT(qxl), "qxl.vrom",
2095 qxl->rom_size, &error_fatal);
2096 init_qxl_rom(qxl);
2097 init_qxl_ram(qxl);
2098
2099 qxl->guest_surfaces.cmds = g_new0(QXLPHYSICAL, qxl->ssd.num_surfaces);
2100 memory_region_init_ram(&qxl->vram_bar, OBJECT(qxl), "qxl.vram",
2101 qxl->vram_size, &error_fatal);
2102 memory_region_init_alias(&qxl->vram32_bar, OBJECT(qxl), "qxl.vram32",
2103 &qxl->vram_bar, 0, qxl->vram32_size);
2104
2105 memory_region_init_io(&qxl->io_bar, OBJECT(qxl), &qxl_io_ops, qxl,
2106 "qxl-ioports", io_size);
2107 if (qxl->id == 0) {
2108 vga_dirty_log_start(&qxl->vga);
2109 }
2110 memory_region_set_flush_coalesced(&qxl->io_bar);
2111
2112
2113 pci_register_bar(&qxl->pci, QXL_IO_RANGE_INDEX,
2114 PCI_BASE_ADDRESS_SPACE_IO, &qxl->io_bar);
2115
2116 pci_register_bar(&qxl->pci, QXL_ROM_RANGE_INDEX,
2117 PCI_BASE_ADDRESS_SPACE_MEMORY, &qxl->rom_bar);
2118
2119 pci_register_bar(&qxl->pci, QXL_RAM_RANGE_INDEX,
2120 PCI_BASE_ADDRESS_SPACE_MEMORY, &qxl->vga.vram);
2121
2122 pci_register_bar(&qxl->pci, QXL_VRAM_RANGE_INDEX,
2123 PCI_BASE_ADDRESS_SPACE_MEMORY, &qxl->vram32_bar);
2124
2125 if (qxl->vram32_size < qxl->vram_size) {
2126
2127
2128
2129
2130 pci_register_bar(&qxl->pci, QXL_VRAM64_RANGE_INDEX,
2131 PCI_BASE_ADDRESS_SPACE_MEMORY |
2132 PCI_BASE_ADDRESS_MEM_TYPE_64 |
2133 PCI_BASE_ADDRESS_MEM_PREFETCH,
2134 &qxl->vram_bar);
2135 }
2136
2137
2138 dprint(qxl, 1, "ram/%s: %" PRId64 " MB [region 0]\n",
2139 qxl->id == 0 ? "pri" : "sec", qxl->vga.vram_size / MiB);
2140 dprint(qxl, 1, "vram/32: %" PRIx64 " MB [region 1]\n",
2141 qxl->vram32_size / MiB);
2142 dprint(qxl, 1, "vram/64: %" PRIx64 " MB %s\n",
2143 qxl->vram_size / MiB,
2144 qxl->vram32_size < qxl->vram_size ? "[region 4]" : "[unmapped]");
2145
2146 qxl->ssd.qxl.base.sif = &qxl_interface.base;
2147 if (qemu_spice_add_display_interface(&qxl->ssd.qxl, qxl->vga.con) != 0) {
2148 error_setg(errp, "qxl interface %d.%d not supported by spice-server",
2149 SPICE_INTERFACE_QXL_MAJOR, SPICE_INTERFACE_QXL_MINOR);
2150 return;
2151 }
2152 qemu_add_vm_change_state_handler(qxl_vm_change_state_handler, qxl);
2153
2154 qxl->update_irq = qemu_bh_new(qxl_update_irq_bh, qxl);
2155 qxl_reset_state(qxl);
2156
2157 qxl->update_area_bh = qemu_bh_new(qxl_render_update_area_bh, qxl);
2158 qxl->ssd.cursor_bh = qemu_bh_new(qemu_spice_cursor_refresh_bh, &qxl->ssd);
2159}
2160
2161static void qxl_realize_primary(PCIDevice *dev, Error **errp)
2162{
2163 PCIQXLDevice *qxl = PCI_QXL(dev);
2164 VGACommonState *vga = &qxl->vga;
2165 Error *local_err = NULL;
2166
2167 qxl->id = 0;
2168 qxl_init_ramsize(qxl);
2169 vga->vbe_size = qxl->vgamem_size;
2170 vga->vram_size_mb = qxl->vga.vram_size / MiB;
2171 vga_common_init(vga, OBJECT(dev));
2172 vga_init(vga, OBJECT(dev),
2173 pci_address_space(dev), pci_address_space_io(dev), false);
2174 portio_list_init(&qxl->vga_port_list, OBJECT(dev), qxl_vga_portio_list,
2175 vga, "vga");
2176 portio_list_set_flush_coalesced(&qxl->vga_port_list);
2177 portio_list_add(&qxl->vga_port_list, pci_address_space_io(dev), 0x3b0);
2178
2179 vga->con = graphic_console_init(DEVICE(dev), 0, &qxl_ops, qxl);
2180
2181 qxl_realize_common(qxl, &local_err);
2182 if (local_err) {
2183 error_propagate(errp, local_err);
2184 return;
2185 }
2186
2187 qxl->ssd.dcl.ops = &display_listener_ops;
2188 qxl->ssd.dcl.con = vga->con;
2189 register_displaychangelistener(&qxl->ssd.dcl);
2190}
2191
2192static void qxl_realize_secondary(PCIDevice *dev, Error **errp)
2193{
2194 static int device_id = 1;
2195 PCIQXLDevice *qxl = PCI_QXL(dev);
2196
2197 qxl->id = device_id++;
2198 qxl_init_ramsize(qxl);
2199 memory_region_init_ram(&qxl->vga.vram, OBJECT(dev), "qxl.vgavram",
2200 qxl->vga.vram_size, &error_fatal);
2201 qxl->vga.vram_ptr = memory_region_get_ram_ptr(&qxl->vga.vram);
2202 qxl->vga.con = graphic_console_init(DEVICE(dev), 0, &qxl_ops, qxl);
2203
2204 qxl_realize_common(qxl, errp);
2205}
2206
2207static int qxl_pre_save(void *opaque)
2208{
2209 PCIQXLDevice* d = opaque;
2210 uint8_t *ram_start = d->vga.vram_ptr;
2211
2212 trace_qxl_pre_save(d->id);
2213 if (d->last_release == NULL) {
2214 d->last_release_offset = 0;
2215 } else {
2216 d->last_release_offset = (uint8_t *)d->last_release - ram_start;
2217 }
2218 assert(d->last_release_offset < d->vga.vram_size);
2219
2220 return 0;
2221}
2222
2223static int qxl_pre_load(void *opaque)
2224{
2225 PCIQXLDevice* d = opaque;
2226
2227 trace_qxl_pre_load(d->id);
2228 qxl_hard_reset(d, 1);
2229 qxl_exit_vga_mode(d);
2230 return 0;
2231}
2232
2233static void qxl_create_memslots(PCIQXLDevice *d)
2234{
2235 int i;
2236
2237 for (i = 0; i < NUM_MEMSLOTS; i++) {
2238 if (!d->guest_slots[i].active) {
2239 continue;
2240 }
2241 qxl_add_memslot(d, i, 0, QXL_SYNC);
2242 }
2243}
2244
2245static int qxl_post_load(void *opaque, int version)
2246{
2247 PCIQXLDevice* d = opaque;
2248 uint8_t *ram_start = d->vga.vram_ptr;
2249 QXLCommandExt *cmds;
2250 int in, out, newmode;
2251
2252 assert(d->last_release_offset < d->vga.vram_size);
2253 if (d->last_release_offset == 0) {
2254 d->last_release = NULL;
2255 } else {
2256 d->last_release = (QXLReleaseInfo *)(ram_start + d->last_release_offset);
2257 }
2258
2259 d->modes = (QXLModes*)((uint8_t*)d->rom + d->rom->modes_offset);
2260
2261 trace_qxl_post_load(d->id, qxl_mode_to_string(d->mode));
2262 newmode = d->mode;
2263 d->mode = QXL_MODE_UNDEFINED;
2264
2265 switch (newmode) {
2266 case QXL_MODE_UNDEFINED:
2267 qxl_create_memslots(d);
2268 break;
2269 case QXL_MODE_VGA:
2270 qxl_create_memslots(d);
2271 qxl_enter_vga_mode(d);
2272 break;
2273 case QXL_MODE_NATIVE:
2274 qxl_create_memslots(d);
2275 qxl_create_guest_primary(d, 1, QXL_SYNC);
2276
2277
2278 cmds = g_new0(QXLCommandExt, d->ssd.num_surfaces + 1);
2279 for (in = 0, out = 0; in < d->ssd.num_surfaces; in++) {
2280 if (d->guest_surfaces.cmds[in] == 0) {
2281 continue;
2282 }
2283 cmds[out].cmd.data = d->guest_surfaces.cmds[in];
2284 cmds[out].cmd.type = QXL_CMD_SURFACE;
2285 cmds[out].group_id = MEMSLOT_GROUP_GUEST;
2286 out++;
2287 }
2288 if (d->guest_cursor) {
2289 cmds[out].cmd.data = d->guest_cursor;
2290 cmds[out].cmd.type = QXL_CMD_CURSOR;
2291 cmds[out].group_id = MEMSLOT_GROUP_GUEST;
2292 out++;
2293 }
2294 qxl_spice_loadvm_commands(d, cmds, out);
2295 g_free(cmds);
2296 if (d->guest_monitors_config) {
2297 qxl_spice_monitors_config_async(d, 1);
2298 }
2299 break;
2300 case QXL_MODE_COMPAT:
2301
2302
2303 qxl_set_mode(d, d->shadow_rom.mode, 1);
2304 break;
2305 }
2306 return 0;
2307}
2308
2309#define QXL_SAVE_VERSION 21
2310
2311static bool qxl_monitors_config_needed(void *opaque)
2312{
2313 PCIQXLDevice *qxl = opaque;
2314
2315 return qxl->guest_monitors_config != 0;
2316}
2317
2318
2319static VMStateDescription qxl_memslot = {
2320 .name = "qxl-memslot",
2321 .version_id = QXL_SAVE_VERSION,
2322 .minimum_version_id = QXL_SAVE_VERSION,
2323 .fields = (VMStateField[]) {
2324 VMSTATE_UINT64(slot.mem_start, struct guest_slots),
2325 VMSTATE_UINT64(slot.mem_end, struct guest_slots),
2326 VMSTATE_UINT32(active, struct guest_slots),
2327 VMSTATE_END_OF_LIST()
2328 }
2329};
2330
2331static VMStateDescription qxl_surface = {
2332 .name = "qxl-surface",
2333 .version_id = QXL_SAVE_VERSION,
2334 .minimum_version_id = QXL_SAVE_VERSION,
2335 .fields = (VMStateField[]) {
2336 VMSTATE_UINT32(width, QXLSurfaceCreate),
2337 VMSTATE_UINT32(height, QXLSurfaceCreate),
2338 VMSTATE_INT32(stride, QXLSurfaceCreate),
2339 VMSTATE_UINT32(format, QXLSurfaceCreate),
2340 VMSTATE_UINT32(position, QXLSurfaceCreate),
2341 VMSTATE_UINT32(mouse_mode, QXLSurfaceCreate),
2342 VMSTATE_UINT32(flags, QXLSurfaceCreate),
2343 VMSTATE_UINT32(type, QXLSurfaceCreate),
2344 VMSTATE_UINT64(mem, QXLSurfaceCreate),
2345 VMSTATE_END_OF_LIST()
2346 }
2347};
2348
2349static VMStateDescription qxl_vmstate_monitors_config = {
2350 .name = "qxl/monitors-config",
2351 .version_id = 1,
2352 .minimum_version_id = 1,
2353 .needed = qxl_monitors_config_needed,
2354 .fields = (VMStateField[]) {
2355 VMSTATE_UINT64(guest_monitors_config, PCIQXLDevice),
2356 VMSTATE_END_OF_LIST()
2357 },
2358};
2359
2360static VMStateDescription qxl_vmstate = {
2361 .name = "qxl",
2362 .version_id = QXL_SAVE_VERSION,
2363 .minimum_version_id = QXL_SAVE_VERSION,
2364 .pre_save = qxl_pre_save,
2365 .pre_load = qxl_pre_load,
2366 .post_load = qxl_post_load,
2367 .fields = (VMStateField[]) {
2368 VMSTATE_PCI_DEVICE(pci, PCIQXLDevice),
2369 VMSTATE_STRUCT(vga, PCIQXLDevice, 0, vmstate_vga_common, VGACommonState),
2370 VMSTATE_UINT32(shadow_rom.mode, PCIQXLDevice),
2371 VMSTATE_UINT32(num_free_res, PCIQXLDevice),
2372 VMSTATE_UINT32(last_release_offset, PCIQXLDevice),
2373 VMSTATE_UINT32(mode, PCIQXLDevice),
2374 VMSTATE_UINT32(ssd.unique, PCIQXLDevice),
2375 VMSTATE_INT32_EQUAL(num_memslots, PCIQXLDevice, NULL),
2376 VMSTATE_STRUCT_ARRAY(guest_slots, PCIQXLDevice, NUM_MEMSLOTS, 0,
2377 qxl_memslot, struct guest_slots),
2378 VMSTATE_STRUCT(guest_primary.surface, PCIQXLDevice, 0,
2379 qxl_surface, QXLSurfaceCreate),
2380 VMSTATE_INT32_EQUAL(ssd.num_surfaces, PCIQXLDevice, NULL),
2381 VMSTATE_VARRAY_INT32(guest_surfaces.cmds, PCIQXLDevice,
2382 ssd.num_surfaces, 0,
2383 vmstate_info_uint64, uint64_t),
2384 VMSTATE_UINT64(guest_cursor, PCIQXLDevice),
2385 VMSTATE_END_OF_LIST()
2386 },
2387 .subsections = (const VMStateDescription*[]) {
2388 &qxl_vmstate_monitors_config,
2389 NULL
2390 }
2391};
2392
2393static Property qxl_properties[] = {
2394 DEFINE_PROP_UINT32("ram_size", PCIQXLDevice, vga.vram_size, 64 * MiB),
2395 DEFINE_PROP_UINT64("vram_size", PCIQXLDevice, vram32_size, 64 * MiB),
2396 DEFINE_PROP_UINT32("revision", PCIQXLDevice, revision,
2397 QXL_DEFAULT_REVISION),
2398 DEFINE_PROP_UINT32("debug", PCIQXLDevice, debug, 0),
2399 DEFINE_PROP_UINT32("guestdebug", PCIQXLDevice, guestdebug, 0),
2400 DEFINE_PROP_UINT32("cmdlog", PCIQXLDevice, cmdlog, 0),
2401 DEFINE_PROP_UINT32("ram_size_mb", PCIQXLDevice, ram_size_mb, -1),
2402 DEFINE_PROP_UINT32("vram_size_mb", PCIQXLDevice, vram32_size_mb, -1),
2403 DEFINE_PROP_UINT32("vram64_size_mb", PCIQXLDevice, vram_size_mb, -1),
2404 DEFINE_PROP_UINT32("vgamem_mb", PCIQXLDevice, vgamem_size_mb, 16),
2405 DEFINE_PROP_INT32("surfaces", PCIQXLDevice, ssd.num_surfaces, 1024),
2406#if SPICE_SERVER_VERSION >= 0x000c06
2407 DEFINE_PROP_UINT16("max_outputs", PCIQXLDevice, max_outputs, 0),
2408#endif
2409 DEFINE_PROP_UINT32("xres", PCIQXLDevice, xres, 0),
2410 DEFINE_PROP_UINT32("yres", PCIQXLDevice, yres, 0),
2411 DEFINE_PROP_BOOL("global-vmstate", PCIQXLDevice, vga.global_vmstate, false),
2412 DEFINE_PROP_END_OF_LIST(),
2413};
2414
2415static void qxl_pci_class_init(ObjectClass *klass, void *data)
2416{
2417 DeviceClass *dc = DEVICE_CLASS(klass);
2418 PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
2419
2420 k->vendor_id = REDHAT_PCI_VENDOR_ID;
2421 k->device_id = QXL_DEVICE_ID_STABLE;
2422 set_bit(DEVICE_CATEGORY_DISPLAY, dc->categories);
2423 dc->reset = qxl_reset_handler;
2424 dc->vmsd = &qxl_vmstate;
2425 dc->props = qxl_properties;
2426}
2427
2428static const TypeInfo qxl_pci_type_info = {
2429 .name = TYPE_PCI_QXL,
2430 .parent = TYPE_PCI_DEVICE,
2431 .instance_size = sizeof(PCIQXLDevice),
2432 .abstract = true,
2433 .class_init = qxl_pci_class_init,
2434 .interfaces = (InterfaceInfo[]) {
2435 { INTERFACE_CONVENTIONAL_PCI_DEVICE },
2436 { },
2437 },
2438};
2439
2440static void qxl_primary_class_init(ObjectClass *klass, void *data)
2441{
2442 DeviceClass *dc = DEVICE_CLASS(klass);
2443 PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
2444
2445 k->realize = qxl_realize_primary;
2446 k->romfile = "vgabios-qxl.bin";
2447 k->class_id = PCI_CLASS_DISPLAY_VGA;
2448 dc->desc = "Spice QXL GPU (primary, vga compatible)";
2449 dc->hotpluggable = false;
2450}
2451
2452static const TypeInfo qxl_primary_info = {
2453 .name = "qxl-vga",
2454 .parent = TYPE_PCI_QXL,
2455 .class_init = qxl_primary_class_init,
2456};
2457
2458static void qxl_secondary_class_init(ObjectClass *klass, void *data)
2459{
2460 DeviceClass *dc = DEVICE_CLASS(klass);
2461 PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
2462
2463 k->realize = qxl_realize_secondary;
2464 k->class_id = PCI_CLASS_DISPLAY_OTHER;
2465 dc->desc = "Spice QXL GPU (secondary)";
2466}
2467
2468static const TypeInfo qxl_secondary_info = {
2469 .name = "qxl",
2470 .parent = TYPE_PCI_QXL,
2471 .class_init = qxl_secondary_class_init,
2472};
2473
2474static void qxl_register_types(void)
2475{
2476 type_register_static(&qxl_pci_type_info);
2477 type_register_static(&qxl_primary_info);
2478 type_register_static(&qxl_secondary_info);
2479}
2480
2481type_init(qxl_register_types)
2482
