1
2
3
4
5
6
7
8
9
10
11
12
13
14#include "qemu/osdep.h"
15#include "qemu/units.h"
16#include "qemu/iov.h"
17#include "ui/console.h"
18#include "trace.h"
19#include "sysemu/dma.h"
20#include "sysemu/sysemu.h"
21#include "hw/virtio/virtio.h"
22#include "migration/qemu-file-types.h"
23#include "hw/virtio/virtio-gpu.h"
24#include "hw/virtio/virtio-gpu-bswap.h"
25#include "hw/virtio/virtio-gpu-pixman.h"
26#include "hw/virtio/virtio-bus.h"
27#include "hw/display/edid.h"
28#include "hw/qdev-properties.h"
29#include "qemu/log.h"
30#include "qemu/module.h"
31#include "qapi/error.h"
32#include "qemu/error-report.h"
33
34#define VIRTIO_GPU_VM_VERSION 1
35
36static struct virtio_gpu_simple_resource*
37virtio_gpu_find_resource(VirtIOGPU *g, uint32_t resource_id);
38static struct virtio_gpu_simple_resource *
39virtio_gpu_find_check_resource(VirtIOGPU *g, uint32_t resource_id,
40 bool require_backing,
41 const char *caller, uint32_t *error);
42
43static void virtio_gpu_cleanup_mapping(VirtIOGPU *g,
44 struct virtio_gpu_simple_resource *res);
45
46void virtio_gpu_update_cursor_data(VirtIOGPU *g,
47 struct virtio_gpu_scanout *s,
48 uint32_t resource_id)
49{
50 struct virtio_gpu_simple_resource *res;
51 uint32_t pixels;
52 void *data;
53
54 res = virtio_gpu_find_check_resource(g, resource_id, false,
55 __func__, NULL);
56 if (!res) {
57 return;
58 }
59
60 if (res->blob_size) {
61 if (res->blob_size < (s->current_cursor->width *
62 s->current_cursor->height * 4)) {
63 return;
64 }
65 data = res->blob;
66 } else {
67 if (pixman_image_get_width(res->image) != s->current_cursor->width ||
68 pixman_image_get_height(res->image) != s->current_cursor->height) {
69 return;
70 }
71 data = pixman_image_get_data(res->image);
72 }
73
74 pixels = s->current_cursor->width * s->current_cursor->height;
75 memcpy(s->current_cursor->data, data,
76 pixels * sizeof(uint32_t));
77}
78
79static void update_cursor(VirtIOGPU *g, struct virtio_gpu_update_cursor *cursor)
80{
81 struct virtio_gpu_scanout *s;
82 VirtIOGPUClass *vgc = VIRTIO_GPU_GET_CLASS(g);
83 bool move = cursor->hdr.type == VIRTIO_GPU_CMD_MOVE_CURSOR;
84
85 if (cursor->pos.scanout_id >= g->parent_obj.conf.max_outputs) {
86 return;
87 }
88 s = &g->parent_obj.scanout[cursor->pos.scanout_id];
89
90 trace_virtio_gpu_update_cursor(cursor->pos.scanout_id,
91 cursor->pos.x,
92 cursor->pos.y,
93 move ? "move" : "update",
94 cursor->resource_id);
95
96 if (!move) {
97 if (!s->current_cursor) {
98 s->current_cursor = cursor_alloc(64, 64);
99 }
100
101 s->current_cursor->hot_x = cursor->hot_x;
102 s->current_cursor->hot_y = cursor->hot_y;
103
104 if (cursor->resource_id > 0) {
105 vgc->update_cursor_data(g, s, cursor->resource_id);
106 }
107 dpy_cursor_define(s->con, s->current_cursor);
108
109 s->cursor = *cursor;
110 } else {
111 s->cursor.pos.x = cursor->pos.x;
112 s->cursor.pos.y = cursor->pos.y;
113 }
114 dpy_mouse_set(s->con, cursor->pos.x, cursor->pos.y,
115 cursor->resource_id ? 1 : 0);
116}
117
118static struct virtio_gpu_simple_resource *
119virtio_gpu_find_resource(VirtIOGPU *g, uint32_t resource_id)
120{
121 struct virtio_gpu_simple_resource *res;
122
123 QTAILQ_FOREACH(res, &g->reslist, next) {
124 if (res->resource_id == resource_id) {
125 return res;
126 }
127 }
128 return NULL;
129}
130
131static struct virtio_gpu_simple_resource *
132virtio_gpu_find_check_resource(VirtIOGPU *g, uint32_t resource_id,
133 bool require_backing,
134 const char *caller, uint32_t *error)
135{
136 struct virtio_gpu_simple_resource *res;
137
138 res = virtio_gpu_find_resource(g, resource_id);
139 if (!res) {
140 qemu_log_mask(LOG_GUEST_ERROR, "%s: invalid resource specified %d\n",
141 caller, resource_id);
142 if (error) {
143 *error = VIRTIO_GPU_RESP_ERR_INVALID_RESOURCE_ID;
144 }
145 return NULL;
146 }
147
148 if (require_backing) {
149 if (!res->iov || (!res->image && !res->blob)) {
150 qemu_log_mask(LOG_GUEST_ERROR, "%s: no backing storage %d\n",
151 caller, resource_id);
152 if (error) {
153 *error = VIRTIO_GPU_RESP_ERR_UNSPEC;
154 }
155 return NULL;
156 }
157 }
158
159 return res;
160}
161
162void virtio_gpu_ctrl_response(VirtIOGPU *g,
163 struct virtio_gpu_ctrl_command *cmd,
164 struct virtio_gpu_ctrl_hdr *resp,
165 size_t resp_len)
166{
167 size_t s;
168
169 if (cmd->cmd_hdr.flags & VIRTIO_GPU_FLAG_FENCE) {
170 resp->flags |= VIRTIO_GPU_FLAG_FENCE;
171 resp->fence_id = cmd->cmd_hdr.fence_id;
172 resp->ctx_id = cmd->cmd_hdr.ctx_id;
173 }
174 virtio_gpu_ctrl_hdr_bswap(resp);
175 s = iov_from_buf(cmd->elem.in_sg, cmd->elem.in_num, 0, resp, resp_len);
176 if (s != resp_len) {
177 qemu_log_mask(LOG_GUEST_ERROR,
178 "%s: response size incorrect %zu vs %zu\n",
179 __func__, s, resp_len);
180 }
181 virtqueue_push(cmd->vq, &cmd->elem, s);
182 virtio_notify(VIRTIO_DEVICE(g), cmd->vq);
183 cmd->finished = true;
184}
185
186void virtio_gpu_ctrl_response_nodata(VirtIOGPU *g,
187 struct virtio_gpu_ctrl_command *cmd,
188 enum virtio_gpu_ctrl_type type)
189{
190 struct virtio_gpu_ctrl_hdr resp;
191
192 memset(&resp, 0, sizeof(resp));
193 resp.type = type;
194 virtio_gpu_ctrl_response(g, cmd, &resp, sizeof(resp));
195}
196
197void virtio_gpu_get_display_info(VirtIOGPU *g,
198 struct virtio_gpu_ctrl_command *cmd)
199{
200 struct virtio_gpu_resp_display_info display_info;
201
202 trace_virtio_gpu_cmd_get_display_info();
203 memset(&display_info, 0, sizeof(display_info));
204 display_info.hdr.type = VIRTIO_GPU_RESP_OK_DISPLAY_INFO;
205 virtio_gpu_base_fill_display_info(VIRTIO_GPU_BASE(g), &display_info);
206 virtio_gpu_ctrl_response(g, cmd, &display_info.hdr,
207 sizeof(display_info));
208}
209
210static void
211virtio_gpu_generate_edid(VirtIOGPU *g, int scanout,
212 struct virtio_gpu_resp_edid *edid)
213{
214 VirtIOGPUBase *b = VIRTIO_GPU_BASE(g);
215 qemu_edid_info info = {
216 .width_mm = b->req_state[scanout].width_mm,
217 .height_mm = b->req_state[scanout].height_mm,
218 .prefx = b->req_state[scanout].width,
219 .prefy = b->req_state[scanout].height,
220 };
221
222 edid->size = cpu_to_le32(sizeof(edid->edid));
223 qemu_edid_generate(edid->edid, sizeof(edid->edid), &info);
224}
225
226void virtio_gpu_get_edid(VirtIOGPU *g,
227 struct virtio_gpu_ctrl_command *cmd)
228{
229 struct virtio_gpu_resp_edid edid;
230 struct virtio_gpu_cmd_get_edid get_edid;
231 VirtIOGPUBase *b = VIRTIO_GPU_BASE(g);
232
233 VIRTIO_GPU_FILL_CMD(get_edid);
234 virtio_gpu_bswap_32(&get_edid, sizeof(get_edid));
235
236 if (get_edid.scanout >= b->conf.max_outputs) {
237 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_PARAMETER;
238 return;
239 }
240
241 trace_virtio_gpu_cmd_get_edid(get_edid.scanout);
242 memset(&edid, 0, sizeof(edid));
243 edid.hdr.type = VIRTIO_GPU_RESP_OK_EDID;
244 virtio_gpu_generate_edid(g, get_edid.scanout, &edid);
245 virtio_gpu_ctrl_response(g, cmd, &edid.hdr, sizeof(edid));
246}
247
248static uint32_t calc_image_hostmem(pixman_format_code_t pformat,
249 uint32_t width, uint32_t height)
250{
251
252
253
254
255 int bpp = PIXMAN_FORMAT_BPP(pformat);
256 int stride = ((width * bpp + 0x1f) >> 5) * sizeof(uint32_t);
257 return height * stride;
258}
259
260static void virtio_gpu_resource_create_2d(VirtIOGPU *g,
261 struct virtio_gpu_ctrl_command *cmd)
262{
263 pixman_format_code_t pformat;
264 struct virtio_gpu_simple_resource *res;
265 struct virtio_gpu_resource_create_2d c2d;
266
267 VIRTIO_GPU_FILL_CMD(c2d);
268 virtio_gpu_bswap_32(&c2d, sizeof(c2d));
269 trace_virtio_gpu_cmd_res_create_2d(c2d.resource_id, c2d.format,
270 c2d.width, c2d.height);
271
272 if (c2d.resource_id == 0) {
273 qemu_log_mask(LOG_GUEST_ERROR, "%s: resource id 0 is not allowed\n",
274 __func__);
275 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_RESOURCE_ID;
276 return;
277 }
278
279 res = virtio_gpu_find_resource(g, c2d.resource_id);
280 if (res) {
281 qemu_log_mask(LOG_GUEST_ERROR, "%s: resource already exists %d\n",
282 __func__, c2d.resource_id);
283 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_RESOURCE_ID;
284 return;
285 }
286
287 res = g_new0(struct virtio_gpu_simple_resource, 1);
288
289 res->width = c2d.width;
290 res->height = c2d.height;
291 res->format = c2d.format;
292 res->resource_id = c2d.resource_id;
293
294 pformat = virtio_gpu_get_pixman_format(c2d.format);
295 if (!pformat) {
296 qemu_log_mask(LOG_GUEST_ERROR,
297 "%s: host couldn't handle guest format %d\n",
298 __func__, c2d.format);
299 g_free(res);
300 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_PARAMETER;
301 return;
302 }
303
304 res->hostmem = calc_image_hostmem(pformat, c2d.width, c2d.height);
305 if (res->hostmem + g->hostmem < g->conf_max_hostmem) {
306 res->image = pixman_image_create_bits(pformat,
307 c2d.width,
308 c2d.height,
309 NULL, 0);
310 }
311
312 if (!res->image) {
313 qemu_log_mask(LOG_GUEST_ERROR,
314 "%s: resource creation failed %d %d %d\n",
315 __func__, c2d.resource_id, c2d.width, c2d.height);
316 g_free(res);
317 cmd->error = VIRTIO_GPU_RESP_ERR_OUT_OF_MEMORY;
318 return;
319 }
320
321 QTAILQ_INSERT_HEAD(&g->reslist, res, next);
322 g->hostmem += res->hostmem;
323}
324
325static void virtio_gpu_resource_create_blob(VirtIOGPU *g,
326 struct virtio_gpu_ctrl_command *cmd)
327{
328 struct virtio_gpu_simple_resource *res;
329 struct virtio_gpu_resource_create_blob cblob;
330 int ret;
331
332 VIRTIO_GPU_FILL_CMD(cblob);
333 virtio_gpu_create_blob_bswap(&cblob);
334 trace_virtio_gpu_cmd_res_create_blob(cblob.resource_id, cblob.size);
335
336 if (cblob.resource_id == 0) {
337 qemu_log_mask(LOG_GUEST_ERROR, "%s: resource id 0 is not allowed\n",
338 __func__);
339 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_RESOURCE_ID;
340 return;
341 }
342
343 if (cblob.blob_mem != VIRTIO_GPU_BLOB_MEM_GUEST &&
344 cblob.blob_flags != VIRTIO_GPU_BLOB_FLAG_USE_SHAREABLE) {
345 qemu_log_mask(LOG_GUEST_ERROR, "%s: invalid memory type\n",
346 __func__);
347 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_PARAMETER;
348 return;
349 }
350
351 if (virtio_gpu_find_resource(g, cblob.resource_id)) {
352 qemu_log_mask(LOG_GUEST_ERROR, "%s: resource already exists %d\n",
353 __func__, cblob.resource_id);
354 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_RESOURCE_ID;
355 return;
356 }
357
358 res = g_new0(struct virtio_gpu_simple_resource, 1);
359 res->resource_id = cblob.resource_id;
360 res->blob_size = cblob.size;
361
362 ret = virtio_gpu_create_mapping_iov(g, cblob.nr_entries, sizeof(cblob),
363 cmd, &res->addrs, &res->iov,
364 &res->iov_cnt);
365 if (ret != 0) {
366 cmd->error = VIRTIO_GPU_RESP_ERR_UNSPEC;
367 g_free(res);
368 return;
369 }
370
371 virtio_gpu_init_udmabuf(res);
372 QTAILQ_INSERT_HEAD(&g->reslist, res, next);
373}
374
375static void virtio_gpu_disable_scanout(VirtIOGPU *g, int scanout_id)
376{
377 struct virtio_gpu_scanout *scanout = &g->parent_obj.scanout[scanout_id];
378 struct virtio_gpu_simple_resource *res;
379
380 if (scanout->resource_id == 0) {
381 return;
382 }
383
384 res = virtio_gpu_find_resource(g, scanout->resource_id);
385 if (res) {
386 res->scanout_bitmask &= ~(1 << scanout_id);
387 }
388
389 dpy_gfx_replace_surface(scanout->con, NULL);
390 scanout->resource_id = 0;
391 scanout->ds = NULL;
392 scanout->width = 0;
393 scanout->height = 0;
394}
395
396static void virtio_gpu_resource_destroy(VirtIOGPU *g,
397 struct virtio_gpu_simple_resource *res)
398{
399 int i;
400
401 if (res->scanout_bitmask) {
402 for (i = 0; i < g->parent_obj.conf.max_outputs; i++) {
403 if (res->scanout_bitmask & (1 << i)) {
404 virtio_gpu_disable_scanout(g, i);
405 }
406 }
407 }
408
409 qemu_pixman_image_unref(res->image);
410 virtio_gpu_cleanup_mapping(g, res);
411 QTAILQ_REMOVE(&g->reslist, res, next);
412 g->hostmem -= res->hostmem;
413 g_free(res);
414}
415
416static void virtio_gpu_resource_unref(VirtIOGPU *g,
417 struct virtio_gpu_ctrl_command *cmd)
418{
419 struct virtio_gpu_simple_resource *res;
420 struct virtio_gpu_resource_unref unref;
421
422 VIRTIO_GPU_FILL_CMD(unref);
423 virtio_gpu_bswap_32(&unref, sizeof(unref));
424 trace_virtio_gpu_cmd_res_unref(unref.resource_id);
425
426 res = virtio_gpu_find_resource(g, unref.resource_id);
427 if (!res) {
428 qemu_log_mask(LOG_GUEST_ERROR, "%s: illegal resource specified %d\n",
429 __func__, unref.resource_id);
430 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_RESOURCE_ID;
431 return;
432 }
433 virtio_gpu_resource_destroy(g, res);
434}
435
436static void virtio_gpu_transfer_to_host_2d(VirtIOGPU *g,
437 struct virtio_gpu_ctrl_command *cmd)
438{
439 struct virtio_gpu_simple_resource *res;
440 int h;
441 uint32_t src_offset, dst_offset, stride;
442 int bpp;
443 pixman_format_code_t format;
444 struct virtio_gpu_transfer_to_host_2d t2d;
445
446 VIRTIO_GPU_FILL_CMD(t2d);
447 virtio_gpu_t2d_bswap(&t2d);
448 trace_virtio_gpu_cmd_res_xfer_toh_2d(t2d.resource_id);
449
450 res = virtio_gpu_find_check_resource(g, t2d.resource_id, true,
451 __func__, &cmd->error);
452 if (!res || res->blob) {
453 return;
454 }
455
456 if (t2d.r.x > res->width ||
457 t2d.r.y > res->height ||
458 t2d.r.width > res->width ||
459 t2d.r.height > res->height ||
460 t2d.r.x + t2d.r.width > res->width ||
461 t2d.r.y + t2d.r.height > res->height) {
462 qemu_log_mask(LOG_GUEST_ERROR, "%s: transfer bounds outside resource"
463 " bounds for resource %d: %d %d %d %d vs %d %d\n",
464 __func__, t2d.resource_id, t2d.r.x, t2d.r.y,
465 t2d.r.width, t2d.r.height, res->width, res->height);
466 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_PARAMETER;
467 return;
468 }
469
470 format = pixman_image_get_format(res->image);
471 bpp = DIV_ROUND_UP(PIXMAN_FORMAT_BPP(format), 8);
472 stride = pixman_image_get_stride(res->image);
473
474 if (t2d.offset || t2d.r.x || t2d.r.y ||
475 t2d.r.width != pixman_image_get_width(res->image)) {
476 void *img_data = pixman_image_get_data(res->image);
477 for (h = 0; h < t2d.r.height; h++) {
478 src_offset = t2d.offset + stride * h;
479 dst_offset = (t2d.r.y + h) * stride + (t2d.r.x * bpp);
480
481 iov_to_buf(res->iov, res->iov_cnt, src_offset,
482 (uint8_t *)img_data
483 + dst_offset, t2d.r.width * bpp);
484 }
485 } else {
486 iov_to_buf(res->iov, res->iov_cnt, 0,
487 pixman_image_get_data(res->image),
488 pixman_image_get_stride(res->image)
489 * pixman_image_get_height(res->image));
490 }
491}
492
493static void virtio_gpu_resource_flush(VirtIOGPU *g,
494 struct virtio_gpu_ctrl_command *cmd)
495{
496 struct virtio_gpu_simple_resource *res;
497 struct virtio_gpu_resource_flush rf;
498 struct virtio_gpu_scanout *scanout;
499 pixman_region16_t flush_region;
500 int i;
501
502 VIRTIO_GPU_FILL_CMD(rf);
503 virtio_gpu_bswap_32(&rf, sizeof(rf));
504 trace_virtio_gpu_cmd_res_flush(rf.resource_id,
505 rf.r.width, rf.r.height, rf.r.x, rf.r.y);
506
507 res = virtio_gpu_find_check_resource(g, rf.resource_id, false,
508 __func__, &cmd->error);
509 if (!res) {
510 return;
511 }
512
513 if (res->blob) {
514 for (i = 0; i < g->parent_obj.conf.max_outputs; i++) {
515 scanout = &g->parent_obj.scanout[i];
516 if (scanout->resource_id == res->resource_id &&
517 console_has_gl(scanout->con)) {
518 dpy_gl_update(scanout->con, 0, 0, scanout->width,
519 scanout->height);
520 }
521 }
522 return;
523 }
524
525 if (!res->blob &&
526 (rf.r.x > res->width ||
527 rf.r.y > res->height ||
528 rf.r.width > res->width ||
529 rf.r.height > res->height ||
530 rf.r.x + rf.r.width > res->width ||
531 rf.r.y + rf.r.height > res->height)) {
532 qemu_log_mask(LOG_GUEST_ERROR, "%s: flush bounds outside resource"
533 " bounds for resource %d: %d %d %d %d vs %d %d\n",
534 __func__, rf.resource_id, rf.r.x, rf.r.y,
535 rf.r.width, rf.r.height, res->width, res->height);
536 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_PARAMETER;
537 return;
538 }
539
540 pixman_region_init_rect(&flush_region,
541 rf.r.x, rf.r.y, rf.r.width, rf.r.height);
542 for (i = 0; i < g->parent_obj.conf.max_outputs; i++) {
543 pixman_region16_t region, finalregion;
544 pixman_box16_t *extents;
545
546 if (!(res->scanout_bitmask & (1 << i))) {
547 continue;
548 }
549 scanout = &g->parent_obj.scanout[i];
550
551 pixman_region_init(&finalregion);
552 pixman_region_init_rect(®ion, scanout->x, scanout->y,
553 scanout->width, scanout->height);
554
555 pixman_region_intersect(&finalregion, &flush_region, ®ion);
556 pixman_region_translate(&finalregion, -scanout->x, -scanout->y);
557 extents = pixman_region_extents(&finalregion);
558
559 dpy_gfx_update(g->parent_obj.scanout[i].con,
560 extents->x1, extents->y1,
561 extents->x2 - extents->x1,
562 extents->y2 - extents->y1);
563
564 pixman_region_fini(®ion);
565 pixman_region_fini(&finalregion);
566 }
567 pixman_region_fini(&flush_region);
568}
569
570static void virtio_unref_resource(pixman_image_t *image, void *data)
571{
572 pixman_image_unref(data);
573}
574
575static void virtio_gpu_update_scanout(VirtIOGPU *g,
576 uint32_t scanout_id,
577 struct virtio_gpu_simple_resource *res,
578 struct virtio_gpu_rect *r)
579{
580 struct virtio_gpu_simple_resource *ores;
581 struct virtio_gpu_scanout *scanout;
582
583 scanout = &g->parent_obj.scanout[scanout_id];
584 ores = virtio_gpu_find_resource(g, scanout->resource_id);
585 if (ores) {
586 ores->scanout_bitmask &= ~(1 << scanout_id);
587 }
588
589 res->scanout_bitmask |= (1 << scanout_id);
590 scanout->resource_id = res->resource_id;
591 scanout->x = r->x;
592 scanout->y = r->y;
593 scanout->width = r->width;
594 scanout->height = r->height;
595}
596
597static void virtio_gpu_do_set_scanout(VirtIOGPU *g,
598 uint32_t scanout_id,
599 struct virtio_gpu_framebuffer *fb,
600 struct virtio_gpu_simple_resource *res,
601 struct virtio_gpu_rect *r,
602 uint32_t *error)
603{
604 struct virtio_gpu_scanout *scanout;
605 uint8_t *data;
606
607 scanout = &g->parent_obj.scanout[scanout_id];
608
609 if (r->x > fb->width ||
610 r->y > fb->height ||
611 r->width < 16 ||
612 r->height < 16 ||
613 r->width > fb->width ||
614 r->height > fb->height ||
615 r->x + r->width > fb->width ||
616 r->y + r->height > fb->height) {
617 qemu_log_mask(LOG_GUEST_ERROR, "%s: illegal scanout %d bounds for"
618 " resource %d, rect (%d,%d)+%d,%d, fb %d %d\n",
619 __func__, scanout_id, res->resource_id,
620 r->x, r->y, r->width, r->height,
621 fb->width, fb->height);
622 *error = VIRTIO_GPU_RESP_ERR_INVALID_PARAMETER;
623 return;
624 }
625
626 g->parent_obj.enable = 1;
627
628 if (res->blob) {
629 if (console_has_gl(scanout->con)) {
630 if (!virtio_gpu_update_dmabuf(g, scanout_id, res, fb, r)) {
631 virtio_gpu_update_scanout(g, scanout_id, res, r);
632 return;
633 }
634 }
635
636 data = res->blob;
637 } else {
638 data = (uint8_t *)pixman_image_get_data(res->image);
639 }
640
641
642 if ((res->blob && !console_has_gl(scanout->con)) ||
643 !scanout->ds ||
644 surface_data(scanout->ds) != data + fb->offset ||
645 scanout->width != r->width ||
646 scanout->height != r->height) {
647 pixman_image_t *rect;
648 void *ptr = data + fb->offset;
649 rect = pixman_image_create_bits(fb->format, r->width, r->height,
650 ptr, fb->stride);
651
652 if (res->image) {
653 pixman_image_ref(res->image);
654 pixman_image_set_destroy_function(rect, virtio_unref_resource,
655 res->image);
656 }
657
658
659 scanout->ds = qemu_create_displaysurface_pixman(rect);
660 if (!scanout->ds) {
661 *error = VIRTIO_GPU_RESP_ERR_UNSPEC;
662 return;
663 }
664
665 pixman_image_unref(rect);
666 dpy_gfx_replace_surface(g->parent_obj.scanout[scanout_id].con,
667 scanout->ds);
668 }
669
670 virtio_gpu_update_scanout(g, scanout_id, res, r);
671}
672
673static void virtio_gpu_set_scanout(VirtIOGPU *g,
674 struct virtio_gpu_ctrl_command *cmd)
675{
676 struct virtio_gpu_simple_resource *res;
677 struct virtio_gpu_framebuffer fb = { 0 };
678 struct virtio_gpu_set_scanout ss;
679
680 VIRTIO_GPU_FILL_CMD(ss);
681 virtio_gpu_bswap_32(&ss, sizeof(ss));
682 trace_virtio_gpu_cmd_set_scanout(ss.scanout_id, ss.resource_id,
683 ss.r.width, ss.r.height, ss.r.x, ss.r.y);
684
685 if (ss.scanout_id >= g->parent_obj.conf.max_outputs) {
686 qemu_log_mask(LOG_GUEST_ERROR, "%s: illegal scanout id specified %d",
687 __func__, ss.scanout_id);
688 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_SCANOUT_ID;
689 return;
690 }
691
692 if (ss.resource_id == 0) {
693 virtio_gpu_disable_scanout(g, ss.scanout_id);
694 return;
695 }
696
697 res = virtio_gpu_find_check_resource(g, ss.resource_id, true,
698 __func__, &cmd->error);
699 if (!res) {
700 return;
701 }
702
703 fb.format = pixman_image_get_format(res->image);
704 fb.bytes_pp = DIV_ROUND_UP(PIXMAN_FORMAT_BPP(fb.format), 8);
705 fb.width = pixman_image_get_width(res->image);
706 fb.height = pixman_image_get_height(res->image);
707 fb.stride = pixman_image_get_stride(res->image);
708 fb.offset = ss.r.x * fb.bytes_pp + ss.r.y * fb.stride;
709
710 virtio_gpu_do_set_scanout(g, ss.scanout_id,
711 &fb, res, &ss.r, &cmd->error);
712}
713
714static void virtio_gpu_set_scanout_blob(VirtIOGPU *g,
715 struct virtio_gpu_ctrl_command *cmd)
716{
717 struct virtio_gpu_simple_resource *res;
718 struct virtio_gpu_framebuffer fb = { 0 };
719 struct virtio_gpu_set_scanout_blob ss;
720 uint64_t fbend;
721
722 VIRTIO_GPU_FILL_CMD(ss);
723 virtio_gpu_scanout_blob_bswap(&ss);
724 trace_virtio_gpu_cmd_set_scanout_blob(ss.scanout_id, ss.resource_id,
725 ss.r.width, ss.r.height, ss.r.x,
726 ss.r.y);
727
728 if (ss.scanout_id >= g->parent_obj.conf.max_outputs) {
729 qemu_log_mask(LOG_GUEST_ERROR, "%s: illegal scanout id specified %d",
730 __func__, ss.scanout_id);
731 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_SCANOUT_ID;
732 return;
733 }
734
735 if (ss.resource_id == 0) {
736 virtio_gpu_disable_scanout(g, ss.scanout_id);
737 return;
738 }
739
740 res = virtio_gpu_find_check_resource(g, ss.resource_id, true,
741 __func__, &cmd->error);
742 if (!res) {
743 return;
744 }
745
746 fb.format = virtio_gpu_get_pixman_format(ss.format);
747 if (!fb.format) {
748 qemu_log_mask(LOG_GUEST_ERROR,
749 "%s: host couldn't handle guest format %d\n",
750 __func__, ss.format);
751 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_PARAMETER;
752 return;
753 }
754
755 fb.bytes_pp = DIV_ROUND_UP(PIXMAN_FORMAT_BPP(fb.format), 8);
756 fb.width = ss.width;
757 fb.height = ss.height;
758 fb.stride = ss.strides[0];
759 fb.offset = ss.offsets[0] + ss.r.x * fb.bytes_pp + ss.r.y * fb.stride;
760
761 fbend = fb.offset;
762 fbend += fb.stride * (ss.r.height - 1);
763 fbend += fb.bytes_pp * ss.r.width;
764 if (fbend > res->blob_size) {
765 qemu_log_mask(LOG_GUEST_ERROR,
766 "%s: fb end out of range\n",
767 __func__);
768 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_PARAMETER;
769 return;
770 }
771
772 virtio_gpu_do_set_scanout(g, ss.scanout_id,
773 &fb, res, &ss.r, &cmd->error);
774}
775
776int virtio_gpu_create_mapping_iov(VirtIOGPU *g,
777 uint32_t nr_entries, uint32_t offset,
778 struct virtio_gpu_ctrl_command *cmd,
779 uint64_t **addr, struct iovec **iov,
780 uint32_t *niov)
781{
782 struct virtio_gpu_mem_entry *ents;
783 size_t esize, s;
784 int e, v;
785
786 if (nr_entries > 16384) {
787 qemu_log_mask(LOG_GUEST_ERROR,
788 "%s: nr_entries is too big (%d > 16384)\n",
789 __func__, nr_entries);
790 return -1;
791 }
792
793 esize = sizeof(*ents) * nr_entries;
794 ents = g_malloc(esize);
795 s = iov_to_buf(cmd->elem.out_sg, cmd->elem.out_num,
796 offset, ents, esize);
797 if (s != esize) {
798 qemu_log_mask(LOG_GUEST_ERROR,
799 "%s: command data size incorrect %zu vs %zu\n",
800 __func__, s, esize);
801 g_free(ents);
802 return -1;
803 }
804
805 *iov = NULL;
806 if (addr) {
807 *addr = NULL;
808 }
809 for (e = 0, v = 0; e < nr_entries; e++) {
810 uint64_t a = le64_to_cpu(ents[e].addr);
811 uint32_t l = le32_to_cpu(ents[e].length);
812 hwaddr len;
813 void *map;
814
815 do {
816 len = l;
817 map = dma_memory_map(VIRTIO_DEVICE(g)->dma_as, a, &len,
818 DMA_DIRECTION_TO_DEVICE,
819 MEMTXATTRS_UNSPECIFIED);
820 if (!map) {
821 qemu_log_mask(LOG_GUEST_ERROR, "%s: failed to map MMIO memory for"
822 " element %d\n", __func__, e);
823 virtio_gpu_cleanup_mapping_iov(g, *iov, v);
824 g_free(ents);
825 *iov = NULL;
826 if (addr) {
827 g_free(*addr);
828 *addr = NULL;
829 }
830 return -1;
831 }
832
833 if (!(v % 16)) {
834 *iov = g_renew(struct iovec, *iov, v + 16);
835 if (addr) {
836 *addr = g_renew(uint64_t, *addr, v + 16);
837 }
838 }
839 (*iov)[v].iov_base = map;
840 (*iov)[v].iov_len = len;
841 if (addr) {
842 (*addr)[v] = a;
843 }
844
845 a += len;
846 l -= len;
847 v += 1;
848 } while (l > 0);
849 }
850 *niov = v;
851
852 g_free(ents);
853 return 0;
854}
855
856void virtio_gpu_cleanup_mapping_iov(VirtIOGPU *g,
857 struct iovec *iov, uint32_t count)
858{
859 int i;
860
861 for (i = 0; i < count; i++) {
862 dma_memory_unmap(VIRTIO_DEVICE(g)->dma_as,
863 iov[i].iov_base, iov[i].iov_len,
864 DMA_DIRECTION_TO_DEVICE,
865 iov[i].iov_len);
866 }
867 g_free(iov);
868}
869
870static void virtio_gpu_cleanup_mapping(VirtIOGPU *g,
871 struct virtio_gpu_simple_resource *res)
872{
873 virtio_gpu_cleanup_mapping_iov(g, res->iov, res->iov_cnt);
874 res->iov = NULL;
875 res->iov_cnt = 0;
876 g_free(res->addrs);
877 res->addrs = NULL;
878
879 if (res->blob) {
880 virtio_gpu_fini_udmabuf(res);
881 }
882}
883
884static void
885virtio_gpu_resource_attach_backing(VirtIOGPU *g,
886 struct virtio_gpu_ctrl_command *cmd)
887{
888 struct virtio_gpu_simple_resource *res;
889 struct virtio_gpu_resource_attach_backing ab;
890 int ret;
891
892 VIRTIO_GPU_FILL_CMD(ab);
893 virtio_gpu_bswap_32(&ab, sizeof(ab));
894 trace_virtio_gpu_cmd_res_back_attach(ab.resource_id);
895
896 res = virtio_gpu_find_resource(g, ab.resource_id);
897 if (!res) {
898 qemu_log_mask(LOG_GUEST_ERROR, "%s: illegal resource specified %d\n",
899 __func__, ab.resource_id);
900 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_RESOURCE_ID;
901 return;
902 }
903
904 if (res->iov) {
905 cmd->error = VIRTIO_GPU_RESP_ERR_UNSPEC;
906 return;
907 }
908
909 ret = virtio_gpu_create_mapping_iov(g, ab.nr_entries, sizeof(ab), cmd,
910 &res->addrs, &res->iov, &res->iov_cnt);
911 if (ret != 0) {
912 cmd->error = VIRTIO_GPU_RESP_ERR_UNSPEC;
913 return;
914 }
915}
916
917static void
918virtio_gpu_resource_detach_backing(VirtIOGPU *g,
919 struct virtio_gpu_ctrl_command *cmd)
920{
921 struct virtio_gpu_simple_resource *res;
922 struct virtio_gpu_resource_detach_backing detach;
923
924 VIRTIO_GPU_FILL_CMD(detach);
925 virtio_gpu_bswap_32(&detach, sizeof(detach));
926 trace_virtio_gpu_cmd_res_back_detach(detach.resource_id);
927
928 res = virtio_gpu_find_check_resource(g, detach.resource_id, true,
929 __func__, &cmd->error);
930 if (!res) {
931 return;
932 }
933 virtio_gpu_cleanup_mapping(g, res);
934}
935
936void virtio_gpu_simple_process_cmd(VirtIOGPU *g,
937 struct virtio_gpu_ctrl_command *cmd)
938{
939 VIRTIO_GPU_FILL_CMD(cmd->cmd_hdr);
940 virtio_gpu_ctrl_hdr_bswap(&cmd->cmd_hdr);
941
942 switch (cmd->cmd_hdr.type) {
943 case VIRTIO_GPU_CMD_GET_DISPLAY_INFO:
944 virtio_gpu_get_display_info(g, cmd);
945 break;
946 case VIRTIO_GPU_CMD_GET_EDID:
947 virtio_gpu_get_edid(g, cmd);
948 break;
949 case VIRTIO_GPU_CMD_RESOURCE_CREATE_2D:
950 virtio_gpu_resource_create_2d(g, cmd);
951 break;
952 case VIRTIO_GPU_CMD_RESOURCE_CREATE_BLOB:
953 if (!virtio_gpu_blob_enabled(g->parent_obj.conf)) {
954 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_PARAMETER;
955 break;
956 }
957 virtio_gpu_resource_create_blob(g, cmd);
958 break;
959 case VIRTIO_GPU_CMD_RESOURCE_UNREF:
960 virtio_gpu_resource_unref(g, cmd);
961 break;
962 case VIRTIO_GPU_CMD_RESOURCE_FLUSH:
963 virtio_gpu_resource_flush(g, cmd);
964 break;
965 case VIRTIO_GPU_CMD_TRANSFER_TO_HOST_2D:
966 virtio_gpu_transfer_to_host_2d(g, cmd);
967 break;
968 case VIRTIO_GPU_CMD_SET_SCANOUT:
969 virtio_gpu_set_scanout(g, cmd);
970 break;
971 case VIRTIO_GPU_CMD_SET_SCANOUT_BLOB:
972 if (!virtio_gpu_blob_enabled(g->parent_obj.conf)) {
973 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_PARAMETER;
974 break;
975 }
976 virtio_gpu_set_scanout_blob(g, cmd);
977 break;
978 case VIRTIO_GPU_CMD_RESOURCE_ATTACH_BACKING:
979 virtio_gpu_resource_attach_backing(g, cmd);
980 break;
981 case VIRTIO_GPU_CMD_RESOURCE_DETACH_BACKING:
982 virtio_gpu_resource_detach_backing(g, cmd);
983 break;
984 default:
985 cmd->error = VIRTIO_GPU_RESP_ERR_UNSPEC;
986 break;
987 }
988 if (!cmd->finished) {
989 if (!g->parent_obj.renderer_blocked) {
990 virtio_gpu_ctrl_response_nodata(g, cmd, cmd->error ? cmd->error :
991 VIRTIO_GPU_RESP_OK_NODATA);
992 }
993 }
994}
995
996static void virtio_gpu_handle_ctrl_cb(VirtIODevice *vdev, VirtQueue *vq)
997{
998 VirtIOGPU *g = VIRTIO_GPU(vdev);
999 qemu_bh_schedule(g->ctrl_bh);
1000}
1001
1002static void virtio_gpu_handle_cursor_cb(VirtIODevice *vdev, VirtQueue *vq)
1003{
1004 VirtIOGPU *g = VIRTIO_GPU(vdev);
1005 qemu_bh_schedule(g->cursor_bh);
1006}
1007
1008void virtio_gpu_process_cmdq(VirtIOGPU *g)
1009{
1010 struct virtio_gpu_ctrl_command *cmd;
1011 VirtIOGPUClass *vgc = VIRTIO_GPU_GET_CLASS(g);
1012
1013 if (g->processing_cmdq) {
1014 return;
1015 }
1016 g->processing_cmdq = true;
1017 while (!QTAILQ_EMPTY(&g->cmdq)) {
1018 cmd = QTAILQ_FIRST(&g->cmdq);
1019
1020 if (g->parent_obj.renderer_blocked) {
1021 break;
1022 }
1023
1024
1025 vgc->process_cmd(g, cmd);
1026
1027 QTAILQ_REMOVE(&g->cmdq, cmd, next);
1028 if (virtio_gpu_stats_enabled(g->parent_obj.conf)) {
1029 g->stats.requests++;
1030 }
1031
1032 if (!cmd->finished) {
1033 QTAILQ_INSERT_TAIL(&g->fenceq, cmd, next);
1034 g->inflight++;
1035 if (virtio_gpu_stats_enabled(g->parent_obj.conf)) {
1036 if (g->stats.max_inflight < g->inflight) {
1037 g->stats.max_inflight = g->inflight;
1038 }
1039 fprintf(stderr, "inflight: %3d (+)\r", g->inflight);
1040 }
1041 } else {
1042 g_free(cmd);
1043 }
1044 }
1045 g->processing_cmdq = false;
1046}
1047
1048static void virtio_gpu_process_fenceq(VirtIOGPU *g)
1049{
1050 struct virtio_gpu_ctrl_command *cmd, *tmp;
1051
1052 QTAILQ_FOREACH_SAFE(cmd, &g->fenceq, next, tmp) {
1053 trace_virtio_gpu_fence_resp(cmd->cmd_hdr.fence_id);
1054 virtio_gpu_ctrl_response_nodata(g, cmd, VIRTIO_GPU_RESP_OK_NODATA);
1055 QTAILQ_REMOVE(&g->fenceq, cmd, next);
1056 g_free(cmd);
1057 g->inflight--;
1058 if (virtio_gpu_stats_enabled(g->parent_obj.conf)) {
1059 fprintf(stderr, "inflight: %3d (-)\r", g->inflight);
1060 }
1061 }
1062}
1063
1064static void virtio_gpu_handle_gl_flushed(VirtIOGPUBase *b)
1065{
1066 VirtIOGPU *g = container_of(b, VirtIOGPU, parent_obj);
1067
1068 virtio_gpu_process_fenceq(g);
1069 virtio_gpu_process_cmdq(g);
1070}
1071
1072static void virtio_gpu_handle_ctrl(VirtIODevice *vdev, VirtQueue *vq)
1073{
1074 VirtIOGPU *g = VIRTIO_GPU(vdev);
1075 struct virtio_gpu_ctrl_command *cmd;
1076
1077 if (!virtio_queue_ready(vq)) {
1078 return;
1079 }
1080
1081 cmd = virtqueue_pop(vq, sizeof(struct virtio_gpu_ctrl_command));
1082 while (cmd) {
1083 cmd->vq = vq;
1084 cmd->error = 0;
1085 cmd->finished = false;
1086 QTAILQ_INSERT_TAIL(&g->cmdq, cmd, next);
1087 cmd = virtqueue_pop(vq, sizeof(struct virtio_gpu_ctrl_command));
1088 }
1089
1090 virtio_gpu_process_cmdq(g);
1091}
1092
1093static void virtio_gpu_ctrl_bh(void *opaque)
1094{
1095 VirtIOGPU *g = opaque;
1096 VirtIOGPUClass *vgc = VIRTIO_GPU_GET_CLASS(g);
1097
1098 vgc->handle_ctrl(&g->parent_obj.parent_obj, g->ctrl_vq);
1099}
1100
1101static void virtio_gpu_handle_cursor(VirtIODevice *vdev, VirtQueue *vq)
1102{
1103 VirtIOGPU *g = VIRTIO_GPU(vdev);
1104 VirtQueueElement *elem;
1105 size_t s;
1106 struct virtio_gpu_update_cursor cursor_info;
1107
1108 if (!virtio_queue_ready(vq)) {
1109 return;
1110 }
1111 for (;;) {
1112 elem = virtqueue_pop(vq, sizeof(VirtQueueElement));
1113 if (!elem) {
1114 break;
1115 }
1116
1117 s = iov_to_buf(elem->out_sg, elem->out_num, 0,
1118 &cursor_info, sizeof(cursor_info));
1119 if (s != sizeof(cursor_info)) {
1120 qemu_log_mask(LOG_GUEST_ERROR,
1121 "%s: cursor size incorrect %zu vs %zu\n",
1122 __func__, s, sizeof(cursor_info));
1123 } else {
1124 virtio_gpu_bswap_32(&cursor_info, sizeof(cursor_info));
1125 update_cursor(g, &cursor_info);
1126 }
1127 virtqueue_push(vq, elem, 0);
1128 virtio_notify(vdev, vq);
1129 g_free(elem);
1130 }
1131}
1132
1133static void virtio_gpu_cursor_bh(void *opaque)
1134{
1135 VirtIOGPU *g = opaque;
1136 virtio_gpu_handle_cursor(&g->parent_obj.parent_obj, g->cursor_vq);
1137}
1138
1139static const VMStateDescription vmstate_virtio_gpu_scanout = {
1140 .name = "virtio-gpu-one-scanout",
1141 .version_id = 1,
1142 .fields = (VMStateField[]) {
1143 VMSTATE_UINT32(resource_id, struct virtio_gpu_scanout),
1144 VMSTATE_UINT32(width, struct virtio_gpu_scanout),
1145 VMSTATE_UINT32(height, struct virtio_gpu_scanout),
1146 VMSTATE_INT32(x, struct virtio_gpu_scanout),
1147 VMSTATE_INT32(y, struct virtio_gpu_scanout),
1148 VMSTATE_UINT32(cursor.resource_id, struct virtio_gpu_scanout),
1149 VMSTATE_UINT32(cursor.hot_x, struct virtio_gpu_scanout),
1150 VMSTATE_UINT32(cursor.hot_y, struct virtio_gpu_scanout),
1151 VMSTATE_UINT32(cursor.pos.x, struct virtio_gpu_scanout),
1152 VMSTATE_UINT32(cursor.pos.y, struct virtio_gpu_scanout),
1153 VMSTATE_END_OF_LIST()
1154 },
1155};
1156
1157static const VMStateDescription vmstate_virtio_gpu_scanouts = {
1158 .name = "virtio-gpu-scanouts",
1159 .version_id = 1,
1160 .fields = (VMStateField[]) {
1161 VMSTATE_INT32(parent_obj.enable, struct VirtIOGPU),
1162 VMSTATE_UINT32_EQUAL(parent_obj.conf.max_outputs,
1163 struct VirtIOGPU, NULL),
1164 VMSTATE_STRUCT_VARRAY_UINT32(parent_obj.scanout, struct VirtIOGPU,
1165 parent_obj.conf.max_outputs, 1,
1166 vmstate_virtio_gpu_scanout,
1167 struct virtio_gpu_scanout),
1168 VMSTATE_END_OF_LIST()
1169 },
1170};
1171
1172static int virtio_gpu_save(QEMUFile *f, void *opaque, size_t size,
1173 const VMStateField *field, JSONWriter *vmdesc)
1174{
1175 VirtIOGPU *g = opaque;
1176 struct virtio_gpu_simple_resource *res;
1177 int i;
1178
1179
1180 assert(QTAILQ_EMPTY(&g->cmdq));
1181
1182 QTAILQ_FOREACH(res, &g->reslist, next) {
1183 qemu_put_be32(f, res->resource_id);
1184 qemu_put_be32(f, res->width);
1185 qemu_put_be32(f, res->height);
1186 qemu_put_be32(f, res->format);
1187 qemu_put_be32(f, res->iov_cnt);
1188 for (i = 0; i < res->iov_cnt; i++) {
1189 qemu_put_be64(f, res->addrs[i]);
1190 qemu_put_be32(f, res->iov[i].iov_len);
1191 }
1192 qemu_put_buffer(f, (void *)pixman_image_get_data(res->image),
1193 pixman_image_get_stride(res->image) * res->height);
1194 }
1195 qemu_put_be32(f, 0);
1196
1197 return vmstate_save_state(f, &vmstate_virtio_gpu_scanouts, g, NULL);
1198}
1199
1200static int virtio_gpu_load(QEMUFile *f, void *opaque, size_t size,
1201 const VMStateField *field)
1202{
1203 VirtIOGPU *g = opaque;
1204 struct virtio_gpu_simple_resource *res;
1205 struct virtio_gpu_scanout *scanout;
1206 uint32_t resource_id, pformat;
1207 int i;
1208
1209 g->hostmem = 0;
1210
1211 resource_id = qemu_get_be32(f);
1212 while (resource_id != 0) {
1213 res = virtio_gpu_find_resource(g, resource_id);
1214 if (res) {
1215 return -EINVAL;
1216 }
1217
1218 res = g_new0(struct virtio_gpu_simple_resource, 1);
1219 res->resource_id = resource_id;
1220 res->width = qemu_get_be32(f);
1221 res->height = qemu_get_be32(f);
1222 res->format = qemu_get_be32(f);
1223 res->iov_cnt = qemu_get_be32(f);
1224
1225
1226 pformat = virtio_gpu_get_pixman_format(res->format);
1227 if (!pformat) {
1228 g_free(res);
1229 return -EINVAL;
1230 }
1231 res->image = pixman_image_create_bits(pformat,
1232 res->width, res->height,
1233 NULL, 0);
1234 if (!res->image) {
1235 g_free(res);
1236 return -EINVAL;
1237 }
1238
1239 res->hostmem = calc_image_hostmem(pformat, res->width, res->height);
1240
1241 res->addrs = g_new(uint64_t, res->iov_cnt);
1242 res->iov = g_new(struct iovec, res->iov_cnt);
1243
1244
1245 for (i = 0; i < res->iov_cnt; i++) {
1246 res->addrs[i] = qemu_get_be64(f);
1247 res->iov[i].iov_len = qemu_get_be32(f);
1248 }
1249 qemu_get_buffer(f, (void *)pixman_image_get_data(res->image),
1250 pixman_image_get_stride(res->image) * res->height);
1251
1252
1253 for (i = 0; i < res->iov_cnt; i++) {
1254 hwaddr len = res->iov[i].iov_len;
1255 res->iov[i].iov_base =
1256 dma_memory_map(VIRTIO_DEVICE(g)->dma_as, res->addrs[i], &len,
1257 DMA_DIRECTION_TO_DEVICE,
1258 MEMTXATTRS_UNSPECIFIED);
1259
1260 if (!res->iov[i].iov_base || len != res->iov[i].iov_len) {
1261
1262 if (res->iov[i].iov_base) {
1263 dma_memory_unmap(VIRTIO_DEVICE(g)->dma_as,
1264 res->iov[i].iov_base,
1265 len,
1266 DMA_DIRECTION_TO_DEVICE,
1267 0);
1268 }
1269
1270 res->iov_cnt = i;
1271 virtio_gpu_cleanup_mapping(g, res);
1272 pixman_image_unref(res->image);
1273 g_free(res);
1274 return -EINVAL;
1275 }
1276 }
1277
1278 QTAILQ_INSERT_HEAD(&g->reslist, res, next);
1279 g->hostmem += res->hostmem;
1280
1281 resource_id = qemu_get_be32(f);
1282 }
1283
1284
1285 vmstate_load_state(f, &vmstate_virtio_gpu_scanouts, g, 1);
1286 for (i = 0; i < g->parent_obj.conf.max_outputs; i++) {
1287 scanout = &g->parent_obj.scanout[i];
1288 if (!scanout->resource_id) {
1289 continue;
1290 }
1291 res = virtio_gpu_find_resource(g, scanout->resource_id);
1292 if (!res) {
1293 return -EINVAL;
1294 }
1295 scanout->ds = qemu_create_displaysurface_pixman(res->image);
1296 if (!scanout->ds) {
1297 return -EINVAL;
1298 }
1299
1300 dpy_gfx_replace_surface(scanout->con, scanout->ds);
1301 dpy_gfx_update_full(scanout->con);
1302 if (scanout->cursor.resource_id) {
1303 update_cursor(g, &scanout->cursor);
1304 }
1305 res->scanout_bitmask |= (1 << i);
1306 }
1307
1308 return 0;
1309}
1310
1311void virtio_gpu_device_realize(DeviceState *qdev, Error **errp)
1312{
1313 VirtIODevice *vdev = VIRTIO_DEVICE(qdev);
1314 VirtIOGPU *g = VIRTIO_GPU(qdev);
1315
1316 if (virtio_gpu_blob_enabled(g->parent_obj.conf)) {
1317 if (!virtio_gpu_have_udmabuf()) {
1318 error_setg(errp, "cannot enable blob resources without udmabuf");
1319 return;
1320 }
1321
1322 if (virtio_gpu_virgl_enabled(g->parent_obj.conf)) {
1323 error_setg(errp, "blobs and virgl are not compatible (yet)");
1324 return;
1325 }
1326 }
1327
1328 if (!virtio_gpu_base_device_realize(qdev,
1329 virtio_gpu_handle_ctrl_cb,
1330 virtio_gpu_handle_cursor_cb,
1331 errp)) {
1332 return;
1333 }
1334
1335 g->ctrl_vq = virtio_get_queue(vdev, 0);
1336 g->cursor_vq = virtio_get_queue(vdev, 1);
1337 g->ctrl_bh = qemu_bh_new(virtio_gpu_ctrl_bh, g);
1338 g->cursor_bh = qemu_bh_new(virtio_gpu_cursor_bh, g);
1339 QTAILQ_INIT(&g->reslist);
1340 QTAILQ_INIT(&g->cmdq);
1341 QTAILQ_INIT(&g->fenceq);
1342}
1343
1344void virtio_gpu_reset(VirtIODevice *vdev)
1345{
1346 VirtIOGPU *g = VIRTIO_GPU(vdev);
1347 struct virtio_gpu_simple_resource *res, *tmp;
1348 struct virtio_gpu_ctrl_command *cmd;
1349
1350 QTAILQ_FOREACH_SAFE(res, &g->reslist, next, tmp) {
1351 virtio_gpu_resource_destroy(g, res);
1352 }
1353
1354 while (!QTAILQ_EMPTY(&g->cmdq)) {
1355 cmd = QTAILQ_FIRST(&g->cmdq);
1356 QTAILQ_REMOVE(&g->cmdq, cmd, next);
1357 g_free(cmd);
1358 }
1359
1360 while (!QTAILQ_EMPTY(&g->fenceq)) {
1361 cmd = QTAILQ_FIRST(&g->fenceq);
1362 QTAILQ_REMOVE(&g->fenceq, cmd, next);
1363 g->inflight--;
1364 g_free(cmd);
1365 }
1366
1367 virtio_gpu_base_reset(VIRTIO_GPU_BASE(vdev));
1368}
1369
1370static void
1371virtio_gpu_get_config(VirtIODevice *vdev, uint8_t *config)
1372{
1373 VirtIOGPUBase *g = VIRTIO_GPU_BASE(vdev);
1374
1375 memcpy(config, &g->virtio_config, sizeof(g->virtio_config));
1376}
1377
1378static void
1379virtio_gpu_set_config(VirtIODevice *vdev, const uint8_t *config)
1380{
1381 VirtIOGPUBase *g = VIRTIO_GPU_BASE(vdev);
1382 const struct virtio_gpu_config *vgconfig =
1383 (const struct virtio_gpu_config *)config;
1384
1385 if (vgconfig->events_clear) {
1386 g->virtio_config.events_read &= ~vgconfig->events_clear;
1387 }
1388}
1389
1390
1391
1392
1393
1394
1395
1396
1397
1398static const VMStateDescription vmstate_virtio_gpu = {
1399 .name = "virtio-gpu",
1400 .minimum_version_id = VIRTIO_GPU_VM_VERSION,
1401 .version_id = VIRTIO_GPU_VM_VERSION,
1402 .fields = (VMStateField[]) {
1403 VMSTATE_VIRTIO_DEVICE ,
1404 {
1405 .name = "virtio-gpu",
1406 .info = &(const VMStateInfo) {
1407 .name = "virtio-gpu",
1408 .get = virtio_gpu_load,
1409 .put = virtio_gpu_save,
1410 },
1411 .flags = VMS_SINGLE,
1412 } ,
1413 VMSTATE_END_OF_LIST()
1414 },
1415};
1416
1417static Property virtio_gpu_properties[] = {
1418 VIRTIO_GPU_BASE_PROPERTIES(VirtIOGPU, parent_obj.conf),
1419 DEFINE_PROP_SIZE("max_hostmem", VirtIOGPU, conf_max_hostmem,
1420 256 * MiB),
1421 DEFINE_PROP_BIT("blob", VirtIOGPU, parent_obj.conf.flags,
1422 VIRTIO_GPU_FLAG_BLOB_ENABLED, false),
1423 DEFINE_PROP_END_OF_LIST(),
1424};
1425
1426static void virtio_gpu_class_init(ObjectClass *klass, void *data)
1427{
1428 DeviceClass *dc = DEVICE_CLASS(klass);
1429 VirtioDeviceClass *vdc = VIRTIO_DEVICE_CLASS(klass);
1430 VirtIOGPUClass *vgc = VIRTIO_GPU_CLASS(klass);
1431 VirtIOGPUBaseClass *vgbc = &vgc->parent;
1432
1433 vgc->handle_ctrl = virtio_gpu_handle_ctrl;
1434 vgc->process_cmd = virtio_gpu_simple_process_cmd;
1435 vgc->update_cursor_data = virtio_gpu_update_cursor_data;
1436 vgbc->gl_flushed = virtio_gpu_handle_gl_flushed;
1437
1438 vdc->realize = virtio_gpu_device_realize;
1439 vdc->reset = virtio_gpu_reset;
1440 vdc->get_config = virtio_gpu_get_config;
1441 vdc->set_config = virtio_gpu_set_config;
1442
1443 dc->vmsd = &vmstate_virtio_gpu;
1444 device_class_set_props(dc, virtio_gpu_properties);
1445}
1446
1447static const TypeInfo virtio_gpu_info = {
1448 .name = TYPE_VIRTIO_GPU,
1449 .parent = TYPE_VIRTIO_GPU_BASE,
1450 .instance_size = sizeof(VirtIOGPU),
1451 .class_size = sizeof(VirtIOGPUClass),
1452 .class_init = virtio_gpu_class_init,
1453};
1454module_obj(TYPE_VIRTIO_GPU);
1455
1456static void virtio_register_types(void)
1457{
1458 type_register_static(&virtio_gpu_info);
1459}
1460
1461type_init(virtio_register_types)
1462
