1
2
3
4
5
6
7
8
9
10
11
12
13
14#include "qemu/osdep.h"
15#include "qemu/units.h"
16#include "qemu/iov.h"
17#include "ui/console.h"
18#include "trace.h"
19#include "sysemu/dma.h"
20#include "sysemu/sysemu.h"
21#include "hw/virtio/virtio.h"
22#include "migration/qemu-file-types.h"
23#include "hw/virtio/virtio-gpu.h"
24#include "hw/virtio/virtio-gpu-bswap.h"
25#include "hw/virtio/virtio-gpu-pixman.h"
26#include "hw/virtio/virtio-bus.h"
27#include "hw/display/edid.h"
28#include "hw/qdev-properties.h"
29#include "qemu/log.h"
30#include "qemu/module.h"
31#include "qapi/error.h"
32#include "qemu/error-report.h"
33
34#define VIRTIO_GPU_VM_VERSION 1
35
36static struct virtio_gpu_simple_resource*
37virtio_gpu_find_resource(VirtIOGPU *g, uint32_t resource_id);
38static struct virtio_gpu_simple_resource *
39virtio_gpu_find_check_resource(VirtIOGPU *g, uint32_t resource_id,
40 bool require_backing,
41 const char *caller, uint32_t *error);
42
43static void virtio_gpu_cleanup_mapping(VirtIOGPU *g,
44 struct virtio_gpu_simple_resource *res);
45
46void virtio_gpu_update_cursor_data(VirtIOGPU *g,
47 struct virtio_gpu_scanout *s,
48 uint32_t resource_id)
49{
50 struct virtio_gpu_simple_resource *res;
51 uint32_t pixels;
52 void *data;
53
54 res = virtio_gpu_find_check_resource(g, resource_id, false,
55 __func__, NULL);
56 if (!res) {
57 return;
58 }
59
60 if (res->blob_size) {
61 if (res->blob_size < (s->current_cursor->width *
62 s->current_cursor->height * 4)) {
63 return;
64 }
65 data = res->blob;
66 } else {
67 if (pixman_image_get_width(res->image) != s->current_cursor->width ||
68 pixman_image_get_height(res->image) != s->current_cursor->height) {
69 return;
70 }
71 data = pixman_image_get_data(res->image);
72 }
73
74 pixels = s->current_cursor->width * s->current_cursor->height;
75 memcpy(s->current_cursor->data, data,
76 pixels * sizeof(uint32_t));
77}
78
79static void update_cursor(VirtIOGPU *g, struct virtio_gpu_update_cursor *cursor)
80{
81 struct virtio_gpu_scanout *s;
82 VirtIOGPUClass *vgc = VIRTIO_GPU_GET_CLASS(g);
83 bool move = cursor->hdr.type == VIRTIO_GPU_CMD_MOVE_CURSOR;
84
85 if (cursor->pos.scanout_id >= g->parent_obj.conf.max_outputs) {
86 return;
87 }
88 s = &g->parent_obj.scanout[cursor->pos.scanout_id];
89
90 trace_virtio_gpu_update_cursor(cursor->pos.scanout_id,
91 cursor->pos.x,
92 cursor->pos.y,
93 move ? "move" : "update",
94 cursor->resource_id);
95
96 if (!move) {
97 if (!s->current_cursor) {
98 s->current_cursor = cursor_alloc(64, 64);
99 }
100
101 s->current_cursor->hot_x = cursor->hot_x;
102 s->current_cursor->hot_y = cursor->hot_y;
103
104 if (cursor->resource_id > 0) {
105 vgc->update_cursor_data(g, s, cursor->resource_id);
106 }
107 dpy_cursor_define(s->con, s->current_cursor);
108
109 s->cursor = *cursor;
110 } else {
111 s->cursor.pos.x = cursor->pos.x;
112 s->cursor.pos.y = cursor->pos.y;
113 }
114 dpy_mouse_set(s->con, cursor->pos.x, cursor->pos.y,
115 cursor->resource_id ? 1 : 0);
116}
117
118static struct virtio_gpu_simple_resource *
119virtio_gpu_find_resource(VirtIOGPU *g, uint32_t resource_id)
120{
121 struct virtio_gpu_simple_resource *res;
122
123 QTAILQ_FOREACH(res, &g->reslist, next) {
124 if (res->resource_id == resource_id) {
125 return res;
126 }
127 }
128 return NULL;
129}
130
131static struct virtio_gpu_simple_resource *
132virtio_gpu_find_check_resource(VirtIOGPU *g, uint32_t resource_id,
133 bool require_backing,
134 const char *caller, uint32_t *error)
135{
136 struct virtio_gpu_simple_resource *res;
137
138 res = virtio_gpu_find_resource(g, resource_id);
139 if (!res) {
140 qemu_log_mask(LOG_GUEST_ERROR, "%s: invalid resource specified %d\n",
141 caller, resource_id);
142 if (error) {
143 *error = VIRTIO_GPU_RESP_ERR_INVALID_RESOURCE_ID;
144 }
145 return NULL;
146 }
147
148 if (require_backing) {
149 if (!res->iov || (!res->image && !res->blob)) {
150 qemu_log_mask(LOG_GUEST_ERROR, "%s: no backing storage %d\n",
151 caller, resource_id);
152 if (error) {
153 *error = VIRTIO_GPU_RESP_ERR_UNSPEC;
154 }
155 return NULL;
156 }
157 }
158
159 return res;
160}
161
162void virtio_gpu_ctrl_response(VirtIOGPU *g,
163 struct virtio_gpu_ctrl_command *cmd,
164 struct virtio_gpu_ctrl_hdr *resp,
165 size_t resp_len)
166{
167 size_t s;
168
169 if (cmd->cmd_hdr.flags & VIRTIO_GPU_FLAG_FENCE) {
170 resp->flags |= VIRTIO_GPU_FLAG_FENCE;
171 resp->fence_id = cmd->cmd_hdr.fence_id;
172 resp->ctx_id = cmd->cmd_hdr.ctx_id;
173 }
174 virtio_gpu_ctrl_hdr_bswap(resp);
175 s = iov_from_buf(cmd->elem.in_sg, cmd->elem.in_num, 0, resp, resp_len);
176 if (s != resp_len) {
177 qemu_log_mask(LOG_GUEST_ERROR,
178 "%s: response size incorrect %zu vs %zu\n",
179 __func__, s, resp_len);
180 }
181 virtqueue_push(cmd->vq, &cmd->elem, s);
182 virtio_notify(VIRTIO_DEVICE(g), cmd->vq);
183 cmd->finished = true;
184}
185
186void virtio_gpu_ctrl_response_nodata(VirtIOGPU *g,
187 struct virtio_gpu_ctrl_command *cmd,
188 enum virtio_gpu_ctrl_type type)
189{
190 struct virtio_gpu_ctrl_hdr resp;
191
192 memset(&resp, 0, sizeof(resp));
193 resp.type = type;
194 virtio_gpu_ctrl_response(g, cmd, &resp, sizeof(resp));
195}
196
197void virtio_gpu_get_display_info(VirtIOGPU *g,
198 struct virtio_gpu_ctrl_command *cmd)
199{
200 struct virtio_gpu_resp_display_info display_info;
201
202 trace_virtio_gpu_cmd_get_display_info();
203 memset(&display_info, 0, sizeof(display_info));
204 display_info.hdr.type = VIRTIO_GPU_RESP_OK_DISPLAY_INFO;
205 virtio_gpu_base_fill_display_info(VIRTIO_GPU_BASE(g), &display_info);
206 virtio_gpu_ctrl_response(g, cmd, &display_info.hdr,
207 sizeof(display_info));
208}
209
210static void
211virtio_gpu_generate_edid(VirtIOGPU *g, int scanout,
212 struct virtio_gpu_resp_edid *edid)
213{
214 VirtIOGPUBase *b = VIRTIO_GPU_BASE(g);
215 qemu_edid_info info = {
216 .width_mm = b->req_state[scanout].width_mm,
217 .height_mm = b->req_state[scanout].height_mm,
218 .prefx = b->req_state[scanout].width,
219 .prefy = b->req_state[scanout].height,
220 .refresh_rate = b->req_state[scanout].refresh_rate,
221 };
222
223 edid->size = cpu_to_le32(sizeof(edid->edid));
224 qemu_edid_generate(edid->edid, sizeof(edid->edid), &info);
225}
226
227void virtio_gpu_get_edid(VirtIOGPU *g,
228 struct virtio_gpu_ctrl_command *cmd)
229{
230 struct virtio_gpu_resp_edid edid;
231 struct virtio_gpu_cmd_get_edid get_edid;
232 VirtIOGPUBase *b = VIRTIO_GPU_BASE(g);
233
234 VIRTIO_GPU_FILL_CMD(get_edid);
235 virtio_gpu_bswap_32(&get_edid, sizeof(get_edid));
236
237 if (get_edid.scanout >= b->conf.max_outputs) {
238 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_PARAMETER;
239 return;
240 }
241
242 trace_virtio_gpu_cmd_get_edid(get_edid.scanout);
243 memset(&edid, 0, sizeof(edid));
244 edid.hdr.type = VIRTIO_GPU_RESP_OK_EDID;
245 virtio_gpu_generate_edid(g, get_edid.scanout, &edid);
246 virtio_gpu_ctrl_response(g, cmd, &edid.hdr, sizeof(edid));
247}
248
249static uint32_t calc_image_hostmem(pixman_format_code_t pformat,
250 uint32_t width, uint32_t height)
251{
252
253
254
255
256 int bpp = PIXMAN_FORMAT_BPP(pformat);
257 int stride = ((width * bpp + 0x1f) >> 5) * sizeof(uint32_t);
258 return height * stride;
259}
260
261static void virtio_gpu_resource_create_2d(VirtIOGPU *g,
262 struct virtio_gpu_ctrl_command *cmd)
263{
264 pixman_format_code_t pformat;
265 struct virtio_gpu_simple_resource *res;
266 struct virtio_gpu_resource_create_2d c2d;
267
268 VIRTIO_GPU_FILL_CMD(c2d);
269 virtio_gpu_bswap_32(&c2d, sizeof(c2d));
270 trace_virtio_gpu_cmd_res_create_2d(c2d.resource_id, c2d.format,
271 c2d.width, c2d.height);
272
273 if (c2d.resource_id == 0) {
274 qemu_log_mask(LOG_GUEST_ERROR, "%s: resource id 0 is not allowed\n",
275 __func__);
276 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_RESOURCE_ID;
277 return;
278 }
279
280 res = virtio_gpu_find_resource(g, c2d.resource_id);
281 if (res) {
282 qemu_log_mask(LOG_GUEST_ERROR, "%s: resource already exists %d\n",
283 __func__, c2d.resource_id);
284 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_RESOURCE_ID;
285 return;
286 }
287
288 res = g_new0(struct virtio_gpu_simple_resource, 1);
289
290 res->width = c2d.width;
291 res->height = c2d.height;
292 res->format = c2d.format;
293 res->resource_id = c2d.resource_id;
294
295 pformat = virtio_gpu_get_pixman_format(c2d.format);
296 if (!pformat) {
297 qemu_log_mask(LOG_GUEST_ERROR,
298 "%s: host couldn't handle guest format %d\n",
299 __func__, c2d.format);
300 g_free(res);
301 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_PARAMETER;
302 return;
303 }
304
305 res->hostmem = calc_image_hostmem(pformat, c2d.width, c2d.height);
306 if (res->hostmem + g->hostmem < g->conf_max_hostmem) {
307 res->image = pixman_image_create_bits(pformat,
308 c2d.width,
309 c2d.height,
310 NULL, 0);
311 }
312
313 if (!res->image) {
314 qemu_log_mask(LOG_GUEST_ERROR,
315 "%s: resource creation failed %d %d %d\n",
316 __func__, c2d.resource_id, c2d.width, c2d.height);
317 g_free(res);
318 cmd->error = VIRTIO_GPU_RESP_ERR_OUT_OF_MEMORY;
319 return;
320 }
321
322 QTAILQ_INSERT_HEAD(&g->reslist, res, next);
323 g->hostmem += res->hostmem;
324}
325
326static void virtio_gpu_resource_create_blob(VirtIOGPU *g,
327 struct virtio_gpu_ctrl_command *cmd)
328{
329 struct virtio_gpu_simple_resource *res;
330 struct virtio_gpu_resource_create_blob cblob;
331 int ret;
332
333 VIRTIO_GPU_FILL_CMD(cblob);
334 virtio_gpu_create_blob_bswap(&cblob);
335 trace_virtio_gpu_cmd_res_create_blob(cblob.resource_id, cblob.size);
336
337 if (cblob.resource_id == 0) {
338 qemu_log_mask(LOG_GUEST_ERROR, "%s: resource id 0 is not allowed\n",
339 __func__);
340 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_RESOURCE_ID;
341 return;
342 }
343
344 if (cblob.blob_mem != VIRTIO_GPU_BLOB_MEM_GUEST &&
345 cblob.blob_flags != VIRTIO_GPU_BLOB_FLAG_USE_SHAREABLE) {
346 qemu_log_mask(LOG_GUEST_ERROR, "%s: invalid memory type\n",
347 __func__);
348 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_PARAMETER;
349 return;
350 }
351
352 if (virtio_gpu_find_resource(g, cblob.resource_id)) {
353 qemu_log_mask(LOG_GUEST_ERROR, "%s: resource already exists %d\n",
354 __func__, cblob.resource_id);
355 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_RESOURCE_ID;
356 return;
357 }
358
359 res = g_new0(struct virtio_gpu_simple_resource, 1);
360 res->resource_id = cblob.resource_id;
361 res->blob_size = cblob.size;
362
363 ret = virtio_gpu_create_mapping_iov(g, cblob.nr_entries, sizeof(cblob),
364 cmd, &res->addrs, &res->iov,
365 &res->iov_cnt);
366 if (ret != 0) {
367 cmd->error = VIRTIO_GPU_RESP_ERR_UNSPEC;
368 g_free(res);
369 return;
370 }
371
372 virtio_gpu_init_udmabuf(res);
373 QTAILQ_INSERT_HEAD(&g->reslist, res, next);
374}
375
376static void virtio_gpu_disable_scanout(VirtIOGPU *g, int scanout_id)
377{
378 struct virtio_gpu_scanout *scanout = &g->parent_obj.scanout[scanout_id];
379 struct virtio_gpu_simple_resource *res;
380
381 if (scanout->resource_id == 0) {
382 return;
383 }
384
385 res = virtio_gpu_find_resource(g, scanout->resource_id);
386 if (res) {
387 res->scanout_bitmask &= ~(1 << scanout_id);
388 }
389
390 dpy_gfx_replace_surface(scanout->con, NULL);
391 scanout->resource_id = 0;
392 scanout->ds = NULL;
393 scanout->width = 0;
394 scanout->height = 0;
395}
396
397static void virtio_gpu_resource_destroy(VirtIOGPU *g,
398 struct virtio_gpu_simple_resource *res)
399{
400 int i;
401
402 if (res->scanout_bitmask) {
403 for (i = 0; i < g->parent_obj.conf.max_outputs; i++) {
404 if (res->scanout_bitmask & (1 << i)) {
405 virtio_gpu_disable_scanout(g, i);
406 }
407 }
408 }
409
410 qemu_pixman_image_unref(res->image);
411 virtio_gpu_cleanup_mapping(g, res);
412 QTAILQ_REMOVE(&g->reslist, res, next);
413 g->hostmem -= res->hostmem;
414 g_free(res);
415}
416
417static void virtio_gpu_resource_unref(VirtIOGPU *g,
418 struct virtio_gpu_ctrl_command *cmd)
419{
420 struct virtio_gpu_simple_resource *res;
421 struct virtio_gpu_resource_unref unref;
422
423 VIRTIO_GPU_FILL_CMD(unref);
424 virtio_gpu_bswap_32(&unref, sizeof(unref));
425 trace_virtio_gpu_cmd_res_unref(unref.resource_id);
426
427 res = virtio_gpu_find_resource(g, unref.resource_id);
428 if (!res) {
429 qemu_log_mask(LOG_GUEST_ERROR, "%s: illegal resource specified %d\n",
430 __func__, unref.resource_id);
431 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_RESOURCE_ID;
432 return;
433 }
434 virtio_gpu_resource_destroy(g, res);
435}
436
437static void virtio_gpu_transfer_to_host_2d(VirtIOGPU *g,
438 struct virtio_gpu_ctrl_command *cmd)
439{
440 struct virtio_gpu_simple_resource *res;
441 int h;
442 uint32_t src_offset, dst_offset, stride;
443 int bpp;
444 pixman_format_code_t format;
445 struct virtio_gpu_transfer_to_host_2d t2d;
446
447 VIRTIO_GPU_FILL_CMD(t2d);
448 virtio_gpu_t2d_bswap(&t2d);
449 trace_virtio_gpu_cmd_res_xfer_toh_2d(t2d.resource_id);
450
451 res = virtio_gpu_find_check_resource(g, t2d.resource_id, true,
452 __func__, &cmd->error);
453 if (!res || res->blob) {
454 return;
455 }
456
457 if (t2d.r.x > res->width ||
458 t2d.r.y > res->height ||
459 t2d.r.width > res->width ||
460 t2d.r.height > res->height ||
461 t2d.r.x + t2d.r.width > res->width ||
462 t2d.r.y + t2d.r.height > res->height) {
463 qemu_log_mask(LOG_GUEST_ERROR, "%s: transfer bounds outside resource"
464 " bounds for resource %d: %d %d %d %d vs %d %d\n",
465 __func__, t2d.resource_id, t2d.r.x, t2d.r.y,
466 t2d.r.width, t2d.r.height, res->width, res->height);
467 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_PARAMETER;
468 return;
469 }
470
471 format = pixman_image_get_format(res->image);
472 bpp = DIV_ROUND_UP(PIXMAN_FORMAT_BPP(format), 8);
473 stride = pixman_image_get_stride(res->image);
474
475 if (t2d.offset || t2d.r.x || t2d.r.y ||
476 t2d.r.width != pixman_image_get_width(res->image)) {
477 void *img_data = pixman_image_get_data(res->image);
478 for (h = 0; h < t2d.r.height; h++) {
479 src_offset = t2d.offset + stride * h;
480 dst_offset = (t2d.r.y + h) * stride + (t2d.r.x * bpp);
481
482 iov_to_buf(res->iov, res->iov_cnt, src_offset,
483 (uint8_t *)img_data
484 + dst_offset, t2d.r.width * bpp);
485 }
486 } else {
487 iov_to_buf(res->iov, res->iov_cnt, 0,
488 pixman_image_get_data(res->image),
489 pixman_image_get_stride(res->image)
490 * pixman_image_get_height(res->image));
491 }
492}
493
494static void virtio_gpu_resource_flush(VirtIOGPU *g,
495 struct virtio_gpu_ctrl_command *cmd)
496{
497 struct virtio_gpu_simple_resource *res;
498 struct virtio_gpu_resource_flush rf;
499 struct virtio_gpu_scanout *scanout;
500 pixman_region16_t flush_region;
501 int i;
502
503 VIRTIO_GPU_FILL_CMD(rf);
504 virtio_gpu_bswap_32(&rf, sizeof(rf));
505 trace_virtio_gpu_cmd_res_flush(rf.resource_id,
506 rf.r.width, rf.r.height, rf.r.x, rf.r.y);
507
508 res = virtio_gpu_find_check_resource(g, rf.resource_id, false,
509 __func__, &cmd->error);
510 if (!res) {
511 return;
512 }
513
514 if (res->blob) {
515 for (i = 0; i < g->parent_obj.conf.max_outputs; i++) {
516 scanout = &g->parent_obj.scanout[i];
517 if (scanout->resource_id == res->resource_id &&
518 rf.r.x < scanout->x + scanout->width &&
519 rf.r.x + rf.r.width >= scanout->x &&
520 rf.r.y < scanout->y + scanout->height &&
521 rf.r.y + rf.r.height >= scanout->y &&
522 console_has_gl(scanout->con)) {
523 dpy_gl_update(scanout->con, 0, 0, scanout->width,
524 scanout->height);
525 }
526 }
527 return;
528 }
529
530 if (!res->blob &&
531 (rf.r.x > res->width ||
532 rf.r.y > res->height ||
533 rf.r.width > res->width ||
534 rf.r.height > res->height ||
535 rf.r.x + rf.r.width > res->width ||
536 rf.r.y + rf.r.height > res->height)) {
537 qemu_log_mask(LOG_GUEST_ERROR, "%s: flush bounds outside resource"
538 " bounds for resource %d: %d %d %d %d vs %d %d\n",
539 __func__, rf.resource_id, rf.r.x, rf.r.y,
540 rf.r.width, rf.r.height, res->width, res->height);
541 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_PARAMETER;
542 return;
543 }
544
545 pixman_region_init_rect(&flush_region,
546 rf.r.x, rf.r.y, rf.r.width, rf.r.height);
547 for (i = 0; i < g->parent_obj.conf.max_outputs; i++) {
548 pixman_region16_t region, finalregion;
549 pixman_box16_t *extents;
550
551 if (!(res->scanout_bitmask & (1 << i))) {
552 continue;
553 }
554 scanout = &g->parent_obj.scanout[i];
555
556 pixman_region_init(&finalregion);
557 pixman_region_init_rect(®ion, scanout->x, scanout->y,
558 scanout->width, scanout->height);
559
560 pixman_region_intersect(&finalregion, &flush_region, ®ion);
561 pixman_region_translate(&finalregion, -scanout->x, -scanout->y);
562 extents = pixman_region_extents(&finalregion);
563
564 dpy_gfx_update(g->parent_obj.scanout[i].con,
565 extents->x1, extents->y1,
566 extents->x2 - extents->x1,
567 extents->y2 - extents->y1);
568
569 pixman_region_fini(®ion);
570 pixman_region_fini(&finalregion);
571 }
572 pixman_region_fini(&flush_region);
573}
574
575static void virtio_unref_resource(pixman_image_t *image, void *data)
576{
577 pixman_image_unref(data);
578}
579
580static void virtio_gpu_update_scanout(VirtIOGPU *g,
581 uint32_t scanout_id,
582 struct virtio_gpu_simple_resource *res,
583 struct virtio_gpu_rect *r)
584{
585 struct virtio_gpu_simple_resource *ores;
586 struct virtio_gpu_scanout *scanout;
587
588 scanout = &g->parent_obj.scanout[scanout_id];
589 ores = virtio_gpu_find_resource(g, scanout->resource_id);
590 if (ores) {
591 ores->scanout_bitmask &= ~(1 << scanout_id);
592 }
593
594 res->scanout_bitmask |= (1 << scanout_id);
595 scanout->resource_id = res->resource_id;
596 scanout->x = r->x;
597 scanout->y = r->y;
598 scanout->width = r->width;
599 scanout->height = r->height;
600}
601
602static void virtio_gpu_do_set_scanout(VirtIOGPU *g,
603 uint32_t scanout_id,
604 struct virtio_gpu_framebuffer *fb,
605 struct virtio_gpu_simple_resource *res,
606 struct virtio_gpu_rect *r,
607 uint32_t *error)
608{
609 struct virtio_gpu_scanout *scanout;
610 uint8_t *data;
611
612 scanout = &g->parent_obj.scanout[scanout_id];
613
614 if (r->x > fb->width ||
615 r->y > fb->height ||
616 r->width < 16 ||
617 r->height < 16 ||
618 r->width > fb->width ||
619 r->height > fb->height ||
620 r->x + r->width > fb->width ||
621 r->y + r->height > fb->height) {
622 qemu_log_mask(LOG_GUEST_ERROR, "%s: illegal scanout %d bounds for"
623 " resource %d, rect (%d,%d)+%d,%d, fb %d %d\n",
624 __func__, scanout_id, res->resource_id,
625 r->x, r->y, r->width, r->height,
626 fb->width, fb->height);
627 *error = VIRTIO_GPU_RESP_ERR_INVALID_PARAMETER;
628 return;
629 }
630
631 g->parent_obj.enable = 1;
632
633 if (res->blob) {
634 if (console_has_gl(scanout->con)) {
635 if (!virtio_gpu_update_dmabuf(g, scanout_id, res, fb, r)) {
636 virtio_gpu_update_scanout(g, scanout_id, res, r);
637 return;
638 }
639 }
640
641 data = res->blob;
642 } else {
643 data = (uint8_t *)pixman_image_get_data(res->image);
644 }
645
646
647 if ((res->blob && !console_has_gl(scanout->con)) ||
648 !scanout->ds ||
649 surface_data(scanout->ds) != data + fb->offset ||
650 scanout->width != r->width ||
651 scanout->height != r->height) {
652 pixman_image_t *rect;
653 void *ptr = data + fb->offset;
654 rect = pixman_image_create_bits(fb->format, r->width, r->height,
655 ptr, fb->stride);
656
657 if (res->image) {
658 pixman_image_ref(res->image);
659 pixman_image_set_destroy_function(rect, virtio_unref_resource,
660 res->image);
661 }
662
663
664 scanout->ds = qemu_create_displaysurface_pixman(rect);
665 if (!scanout->ds) {
666 *error = VIRTIO_GPU_RESP_ERR_UNSPEC;
667 return;
668 }
669
670 pixman_image_unref(rect);
671 dpy_gfx_replace_surface(g->parent_obj.scanout[scanout_id].con,
672 scanout->ds);
673 }
674
675 virtio_gpu_update_scanout(g, scanout_id, res, r);
676}
677
678static void virtio_gpu_set_scanout(VirtIOGPU *g,
679 struct virtio_gpu_ctrl_command *cmd)
680{
681 struct virtio_gpu_simple_resource *res;
682 struct virtio_gpu_framebuffer fb = { 0 };
683 struct virtio_gpu_set_scanout ss;
684
685 VIRTIO_GPU_FILL_CMD(ss);
686 virtio_gpu_bswap_32(&ss, sizeof(ss));
687 trace_virtio_gpu_cmd_set_scanout(ss.scanout_id, ss.resource_id,
688 ss.r.width, ss.r.height, ss.r.x, ss.r.y);
689
690 if (ss.scanout_id >= g->parent_obj.conf.max_outputs) {
691 qemu_log_mask(LOG_GUEST_ERROR, "%s: illegal scanout id specified %d",
692 __func__, ss.scanout_id);
693 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_SCANOUT_ID;
694 return;
695 }
696
697 if (ss.resource_id == 0) {
698 virtio_gpu_disable_scanout(g, ss.scanout_id);
699 return;
700 }
701
702 res = virtio_gpu_find_check_resource(g, ss.resource_id, true,
703 __func__, &cmd->error);
704 if (!res) {
705 return;
706 }
707
708 fb.format = pixman_image_get_format(res->image);
709 fb.bytes_pp = DIV_ROUND_UP(PIXMAN_FORMAT_BPP(fb.format), 8);
710 fb.width = pixman_image_get_width(res->image);
711 fb.height = pixman_image_get_height(res->image);
712 fb.stride = pixman_image_get_stride(res->image);
713 fb.offset = ss.r.x * fb.bytes_pp + ss.r.y * fb.stride;
714
715 virtio_gpu_do_set_scanout(g, ss.scanout_id,
716 &fb, res, &ss.r, &cmd->error);
717}
718
719static void virtio_gpu_set_scanout_blob(VirtIOGPU *g,
720 struct virtio_gpu_ctrl_command *cmd)
721{
722 struct virtio_gpu_simple_resource *res;
723 struct virtio_gpu_framebuffer fb = { 0 };
724 struct virtio_gpu_set_scanout_blob ss;
725 uint64_t fbend;
726
727 VIRTIO_GPU_FILL_CMD(ss);
728 virtio_gpu_scanout_blob_bswap(&ss);
729 trace_virtio_gpu_cmd_set_scanout_blob(ss.scanout_id, ss.resource_id,
730 ss.r.width, ss.r.height, ss.r.x,
731 ss.r.y);
732
733 if (ss.scanout_id >= g->parent_obj.conf.max_outputs) {
734 qemu_log_mask(LOG_GUEST_ERROR, "%s: illegal scanout id specified %d",
735 __func__, ss.scanout_id);
736 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_SCANOUT_ID;
737 return;
738 }
739
740 if (ss.resource_id == 0) {
741 virtio_gpu_disable_scanout(g, ss.scanout_id);
742 return;
743 }
744
745 res = virtio_gpu_find_check_resource(g, ss.resource_id, true,
746 __func__, &cmd->error);
747 if (!res) {
748 return;
749 }
750
751 fb.format = virtio_gpu_get_pixman_format(ss.format);
752 if (!fb.format) {
753 qemu_log_mask(LOG_GUEST_ERROR,
754 "%s: host couldn't handle guest format %d\n",
755 __func__, ss.format);
756 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_PARAMETER;
757 return;
758 }
759
760 fb.bytes_pp = DIV_ROUND_UP(PIXMAN_FORMAT_BPP(fb.format), 8);
761 fb.width = ss.width;
762 fb.height = ss.height;
763 fb.stride = ss.strides[0];
764 fb.offset = ss.offsets[0] + ss.r.x * fb.bytes_pp + ss.r.y * fb.stride;
765
766 fbend = fb.offset;
767 fbend += fb.stride * (ss.r.height - 1);
768 fbend += fb.bytes_pp * ss.r.width;
769 if (fbend > res->blob_size) {
770 qemu_log_mask(LOG_GUEST_ERROR,
771 "%s: fb end out of range\n",
772 __func__);
773 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_PARAMETER;
774 return;
775 }
776
777 virtio_gpu_do_set_scanout(g, ss.scanout_id,
778 &fb, res, &ss.r, &cmd->error);
779}
780
781int virtio_gpu_create_mapping_iov(VirtIOGPU *g,
782 uint32_t nr_entries, uint32_t offset,
783 struct virtio_gpu_ctrl_command *cmd,
784 uint64_t **addr, struct iovec **iov,
785 uint32_t *niov)
786{
787 struct virtio_gpu_mem_entry *ents;
788 size_t esize, s;
789 int e, v;
790
791 if (nr_entries > 16384) {
792 qemu_log_mask(LOG_GUEST_ERROR,
793 "%s: nr_entries is too big (%d > 16384)\n",
794 __func__, nr_entries);
795 return -1;
796 }
797
798 esize = sizeof(*ents) * nr_entries;
799 ents = g_malloc(esize);
800 s = iov_to_buf(cmd->elem.out_sg, cmd->elem.out_num,
801 offset, ents, esize);
802 if (s != esize) {
803 qemu_log_mask(LOG_GUEST_ERROR,
804 "%s: command data size incorrect %zu vs %zu\n",
805 __func__, s, esize);
806 g_free(ents);
807 return -1;
808 }
809
810 *iov = NULL;
811 if (addr) {
812 *addr = NULL;
813 }
814 for (e = 0, v = 0; e < nr_entries; e++) {
815 uint64_t a = le64_to_cpu(ents[e].addr);
816 uint32_t l = le32_to_cpu(ents[e].length);
817 hwaddr len;
818 void *map;
819
820 do {
821 len = l;
822 map = dma_memory_map(VIRTIO_DEVICE(g)->dma_as, a, &len,
823 DMA_DIRECTION_TO_DEVICE,
824 MEMTXATTRS_UNSPECIFIED);
825 if (!map) {
826 qemu_log_mask(LOG_GUEST_ERROR, "%s: failed to map MMIO memory for"
827 " element %d\n", __func__, e);
828 virtio_gpu_cleanup_mapping_iov(g, *iov, v);
829 g_free(ents);
830 *iov = NULL;
831 if (addr) {
832 g_free(*addr);
833 *addr = NULL;
834 }
835 return -1;
836 }
837
838 if (!(v % 16)) {
839 *iov = g_renew(struct iovec, *iov, v + 16);
840 if (addr) {
841 *addr = g_renew(uint64_t, *addr, v + 16);
842 }
843 }
844 (*iov)[v].iov_base = map;
845 (*iov)[v].iov_len = len;
846 if (addr) {
847 (*addr)[v] = a;
848 }
849
850 a += len;
851 l -= len;
852 v += 1;
853 } while (l > 0);
854 }
855 *niov = v;
856
857 g_free(ents);
858 return 0;
859}
860
861void virtio_gpu_cleanup_mapping_iov(VirtIOGPU *g,
862 struct iovec *iov, uint32_t count)
863{
864 int i;
865
866 for (i = 0; i < count; i++) {
867 dma_memory_unmap(VIRTIO_DEVICE(g)->dma_as,
868 iov[i].iov_base, iov[i].iov_len,
869 DMA_DIRECTION_TO_DEVICE,
870 iov[i].iov_len);
871 }
872 g_free(iov);
873}
874
875static void virtio_gpu_cleanup_mapping(VirtIOGPU *g,
876 struct virtio_gpu_simple_resource *res)
877{
878 virtio_gpu_cleanup_mapping_iov(g, res->iov, res->iov_cnt);
879 res->iov = NULL;
880 res->iov_cnt = 0;
881 g_free(res->addrs);
882 res->addrs = NULL;
883
884 if (res->blob) {
885 virtio_gpu_fini_udmabuf(res);
886 }
887}
888
889static void
890virtio_gpu_resource_attach_backing(VirtIOGPU *g,
891 struct virtio_gpu_ctrl_command *cmd)
892{
893 struct virtio_gpu_simple_resource *res;
894 struct virtio_gpu_resource_attach_backing ab;
895 int ret;
896
897 VIRTIO_GPU_FILL_CMD(ab);
898 virtio_gpu_bswap_32(&ab, sizeof(ab));
899 trace_virtio_gpu_cmd_res_back_attach(ab.resource_id);
900
901 res = virtio_gpu_find_resource(g, ab.resource_id);
902 if (!res) {
903 qemu_log_mask(LOG_GUEST_ERROR, "%s: illegal resource specified %d\n",
904 __func__, ab.resource_id);
905 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_RESOURCE_ID;
906 return;
907 }
908
909 if (res->iov) {
910 cmd->error = VIRTIO_GPU_RESP_ERR_UNSPEC;
911 return;
912 }
913
914 ret = virtio_gpu_create_mapping_iov(g, ab.nr_entries, sizeof(ab), cmd,
915 &res->addrs, &res->iov, &res->iov_cnt);
916 if (ret != 0) {
917 cmd->error = VIRTIO_GPU_RESP_ERR_UNSPEC;
918 return;
919 }
920}
921
922static void
923virtio_gpu_resource_detach_backing(VirtIOGPU *g,
924 struct virtio_gpu_ctrl_command *cmd)
925{
926 struct virtio_gpu_simple_resource *res;
927 struct virtio_gpu_resource_detach_backing detach;
928
929 VIRTIO_GPU_FILL_CMD(detach);
930 virtio_gpu_bswap_32(&detach, sizeof(detach));
931 trace_virtio_gpu_cmd_res_back_detach(detach.resource_id);
932
933 res = virtio_gpu_find_check_resource(g, detach.resource_id, true,
934 __func__, &cmd->error);
935 if (!res) {
936 return;
937 }
938 virtio_gpu_cleanup_mapping(g, res);
939}
940
941void virtio_gpu_simple_process_cmd(VirtIOGPU *g,
942 struct virtio_gpu_ctrl_command *cmd)
943{
944 VIRTIO_GPU_FILL_CMD(cmd->cmd_hdr);
945 virtio_gpu_ctrl_hdr_bswap(&cmd->cmd_hdr);
946
947 switch (cmd->cmd_hdr.type) {
948 case VIRTIO_GPU_CMD_GET_DISPLAY_INFO:
949 virtio_gpu_get_display_info(g, cmd);
950 break;
951 case VIRTIO_GPU_CMD_GET_EDID:
952 virtio_gpu_get_edid(g, cmd);
953 break;
954 case VIRTIO_GPU_CMD_RESOURCE_CREATE_2D:
955 virtio_gpu_resource_create_2d(g, cmd);
956 break;
957 case VIRTIO_GPU_CMD_RESOURCE_CREATE_BLOB:
958 if (!virtio_gpu_blob_enabled(g->parent_obj.conf)) {
959 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_PARAMETER;
960 break;
961 }
962 virtio_gpu_resource_create_blob(g, cmd);
963 break;
964 case VIRTIO_GPU_CMD_RESOURCE_UNREF:
965 virtio_gpu_resource_unref(g, cmd);
966 break;
967 case VIRTIO_GPU_CMD_RESOURCE_FLUSH:
968 virtio_gpu_resource_flush(g, cmd);
969 break;
970 case VIRTIO_GPU_CMD_TRANSFER_TO_HOST_2D:
971 virtio_gpu_transfer_to_host_2d(g, cmd);
972 break;
973 case VIRTIO_GPU_CMD_SET_SCANOUT:
974 virtio_gpu_set_scanout(g, cmd);
975 break;
976 case VIRTIO_GPU_CMD_SET_SCANOUT_BLOB:
977 if (!virtio_gpu_blob_enabled(g->parent_obj.conf)) {
978 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_PARAMETER;
979 break;
980 }
981 virtio_gpu_set_scanout_blob(g, cmd);
982 break;
983 case VIRTIO_GPU_CMD_RESOURCE_ATTACH_BACKING:
984 virtio_gpu_resource_attach_backing(g, cmd);
985 break;
986 case VIRTIO_GPU_CMD_RESOURCE_DETACH_BACKING:
987 virtio_gpu_resource_detach_backing(g, cmd);
988 break;
989 default:
990 cmd->error = VIRTIO_GPU_RESP_ERR_UNSPEC;
991 break;
992 }
993 if (!cmd->finished) {
994 if (!g->parent_obj.renderer_blocked) {
995 virtio_gpu_ctrl_response_nodata(g, cmd, cmd->error ? cmd->error :
996 VIRTIO_GPU_RESP_OK_NODATA);
997 }
998 }
999}
1000
1001static void virtio_gpu_handle_ctrl_cb(VirtIODevice *vdev, VirtQueue *vq)
1002{
1003 VirtIOGPU *g = VIRTIO_GPU(vdev);
1004 qemu_bh_schedule(g->ctrl_bh);
1005}
1006
1007static void virtio_gpu_handle_cursor_cb(VirtIODevice *vdev, VirtQueue *vq)
1008{
1009 VirtIOGPU *g = VIRTIO_GPU(vdev);
1010 qemu_bh_schedule(g->cursor_bh);
1011}
1012
1013void virtio_gpu_process_cmdq(VirtIOGPU *g)
1014{
1015 struct virtio_gpu_ctrl_command *cmd;
1016 VirtIOGPUClass *vgc = VIRTIO_GPU_GET_CLASS(g);
1017
1018 if (g->processing_cmdq) {
1019 return;
1020 }
1021 g->processing_cmdq = true;
1022 while (!QTAILQ_EMPTY(&g->cmdq)) {
1023 cmd = QTAILQ_FIRST(&g->cmdq);
1024
1025 if (g->parent_obj.renderer_blocked) {
1026 break;
1027 }
1028
1029
1030 vgc->process_cmd(g, cmd);
1031
1032 QTAILQ_REMOVE(&g->cmdq, cmd, next);
1033 if (virtio_gpu_stats_enabled(g->parent_obj.conf)) {
1034 g->stats.requests++;
1035 }
1036
1037 if (!cmd->finished) {
1038 QTAILQ_INSERT_TAIL(&g->fenceq, cmd, next);
1039 g->inflight++;
1040 if (virtio_gpu_stats_enabled(g->parent_obj.conf)) {
1041 if (g->stats.max_inflight < g->inflight) {
1042 g->stats.max_inflight = g->inflight;
1043 }
1044 fprintf(stderr, "inflight: %3d (+)\r", g->inflight);
1045 }
1046 } else {
1047 g_free(cmd);
1048 }
1049 }
1050 g->processing_cmdq = false;
1051}
1052
1053static void virtio_gpu_process_fenceq(VirtIOGPU *g)
1054{
1055 struct virtio_gpu_ctrl_command *cmd, *tmp;
1056
1057 QTAILQ_FOREACH_SAFE(cmd, &g->fenceq, next, tmp) {
1058 trace_virtio_gpu_fence_resp(cmd->cmd_hdr.fence_id);
1059 virtio_gpu_ctrl_response_nodata(g, cmd, VIRTIO_GPU_RESP_OK_NODATA);
1060 QTAILQ_REMOVE(&g->fenceq, cmd, next);
1061 g_free(cmd);
1062 g->inflight--;
1063 if (virtio_gpu_stats_enabled(g->parent_obj.conf)) {
1064 fprintf(stderr, "inflight: %3d (-)\r", g->inflight);
1065 }
1066 }
1067}
1068
1069static void virtio_gpu_handle_gl_flushed(VirtIOGPUBase *b)
1070{
1071 VirtIOGPU *g = container_of(b, VirtIOGPU, parent_obj);
1072
1073 virtio_gpu_process_fenceq(g);
1074 virtio_gpu_process_cmdq(g);
1075}
1076
1077static void virtio_gpu_handle_ctrl(VirtIODevice *vdev, VirtQueue *vq)
1078{
1079 VirtIOGPU *g = VIRTIO_GPU(vdev);
1080 struct virtio_gpu_ctrl_command *cmd;
1081
1082 if (!virtio_queue_ready(vq)) {
1083 return;
1084 }
1085
1086 cmd = virtqueue_pop(vq, sizeof(struct virtio_gpu_ctrl_command));
1087 while (cmd) {
1088 cmd->vq = vq;
1089 cmd->error = 0;
1090 cmd->finished = false;
1091 QTAILQ_INSERT_TAIL(&g->cmdq, cmd, next);
1092 cmd = virtqueue_pop(vq, sizeof(struct virtio_gpu_ctrl_command));
1093 }
1094
1095 virtio_gpu_process_cmdq(g);
1096}
1097
1098static void virtio_gpu_ctrl_bh(void *opaque)
1099{
1100 VirtIOGPU *g = opaque;
1101 VirtIOGPUClass *vgc = VIRTIO_GPU_GET_CLASS(g);
1102
1103 vgc->handle_ctrl(&g->parent_obj.parent_obj, g->ctrl_vq);
1104}
1105
1106static void virtio_gpu_handle_cursor(VirtIODevice *vdev, VirtQueue *vq)
1107{
1108 VirtIOGPU *g = VIRTIO_GPU(vdev);
1109 VirtQueueElement *elem;
1110 size_t s;
1111 struct virtio_gpu_update_cursor cursor_info;
1112
1113 if (!virtio_queue_ready(vq)) {
1114 return;
1115 }
1116 for (;;) {
1117 elem = virtqueue_pop(vq, sizeof(VirtQueueElement));
1118 if (!elem) {
1119 break;
1120 }
1121
1122 s = iov_to_buf(elem->out_sg, elem->out_num, 0,
1123 &cursor_info, sizeof(cursor_info));
1124 if (s != sizeof(cursor_info)) {
1125 qemu_log_mask(LOG_GUEST_ERROR,
1126 "%s: cursor size incorrect %zu vs %zu\n",
1127 __func__, s, sizeof(cursor_info));
1128 } else {
1129 virtio_gpu_bswap_32(&cursor_info, sizeof(cursor_info));
1130 update_cursor(g, &cursor_info);
1131 }
1132 virtqueue_push(vq, elem, 0);
1133 virtio_notify(vdev, vq);
1134 g_free(elem);
1135 }
1136}
1137
1138static void virtio_gpu_cursor_bh(void *opaque)
1139{
1140 VirtIOGPU *g = opaque;
1141 virtio_gpu_handle_cursor(&g->parent_obj.parent_obj, g->cursor_vq);
1142}
1143
1144static const VMStateDescription vmstate_virtio_gpu_scanout = {
1145 .name = "virtio-gpu-one-scanout",
1146 .version_id = 1,
1147 .fields = (VMStateField[]) {
1148 VMSTATE_UINT32(resource_id, struct virtio_gpu_scanout),
1149 VMSTATE_UINT32(width, struct virtio_gpu_scanout),
1150 VMSTATE_UINT32(height, struct virtio_gpu_scanout),
1151 VMSTATE_INT32(x, struct virtio_gpu_scanout),
1152 VMSTATE_INT32(y, struct virtio_gpu_scanout),
1153 VMSTATE_UINT32(cursor.resource_id, struct virtio_gpu_scanout),
1154 VMSTATE_UINT32(cursor.hot_x, struct virtio_gpu_scanout),
1155 VMSTATE_UINT32(cursor.hot_y, struct virtio_gpu_scanout),
1156 VMSTATE_UINT32(cursor.pos.x, struct virtio_gpu_scanout),
1157 VMSTATE_UINT32(cursor.pos.y, struct virtio_gpu_scanout),
1158 VMSTATE_END_OF_LIST()
1159 },
1160};
1161
1162static const VMStateDescription vmstate_virtio_gpu_scanouts = {
1163 .name = "virtio-gpu-scanouts",
1164 .version_id = 1,
1165 .fields = (VMStateField[]) {
1166 VMSTATE_INT32(parent_obj.enable, struct VirtIOGPU),
1167 VMSTATE_UINT32_EQUAL(parent_obj.conf.max_outputs,
1168 struct VirtIOGPU, NULL),
1169 VMSTATE_STRUCT_VARRAY_UINT32(parent_obj.scanout, struct VirtIOGPU,
1170 parent_obj.conf.max_outputs, 1,
1171 vmstate_virtio_gpu_scanout,
1172 struct virtio_gpu_scanout),
1173 VMSTATE_END_OF_LIST()
1174 },
1175};
1176
1177static int virtio_gpu_save(QEMUFile *f, void *opaque, size_t size,
1178 const VMStateField *field, JSONWriter *vmdesc)
1179{
1180 VirtIOGPU *g = opaque;
1181 struct virtio_gpu_simple_resource *res;
1182 int i;
1183
1184
1185 assert(QTAILQ_EMPTY(&g->cmdq));
1186
1187 QTAILQ_FOREACH(res, &g->reslist, next) {
1188 qemu_put_be32(f, res->resource_id);
1189 qemu_put_be32(f, res->width);
1190 qemu_put_be32(f, res->height);
1191 qemu_put_be32(f, res->format);
1192 qemu_put_be32(f, res->iov_cnt);
1193 for (i = 0; i < res->iov_cnt; i++) {
1194 qemu_put_be64(f, res->addrs[i]);
1195 qemu_put_be32(f, res->iov[i].iov_len);
1196 }
1197 qemu_put_buffer(f, (void *)pixman_image_get_data(res->image),
1198 pixman_image_get_stride(res->image) * res->height);
1199 }
1200 qemu_put_be32(f, 0);
1201
1202 return vmstate_save_state(f, &vmstate_virtio_gpu_scanouts, g, NULL);
1203}
1204
1205static int virtio_gpu_load(QEMUFile *f, void *opaque, size_t size,
1206 const VMStateField *field)
1207{
1208 VirtIOGPU *g = opaque;
1209 struct virtio_gpu_simple_resource *res;
1210 struct virtio_gpu_scanout *scanout;
1211 uint32_t resource_id, pformat;
1212 int i;
1213
1214 g->hostmem = 0;
1215
1216 resource_id = qemu_get_be32(f);
1217 while (resource_id != 0) {
1218 res = virtio_gpu_find_resource(g, resource_id);
1219 if (res) {
1220 return -EINVAL;
1221 }
1222
1223 res = g_new0(struct virtio_gpu_simple_resource, 1);
1224 res->resource_id = resource_id;
1225 res->width = qemu_get_be32(f);
1226 res->height = qemu_get_be32(f);
1227 res->format = qemu_get_be32(f);
1228 res->iov_cnt = qemu_get_be32(f);
1229
1230
1231 pformat = virtio_gpu_get_pixman_format(res->format);
1232 if (!pformat) {
1233 g_free(res);
1234 return -EINVAL;
1235 }
1236 res->image = pixman_image_create_bits(pformat,
1237 res->width, res->height,
1238 NULL, 0);
1239 if (!res->image) {
1240 g_free(res);
1241 return -EINVAL;
1242 }
1243
1244 res->hostmem = calc_image_hostmem(pformat, res->width, res->height);
1245
1246 res->addrs = g_new(uint64_t, res->iov_cnt);
1247 res->iov = g_new(struct iovec, res->iov_cnt);
1248
1249
1250 for (i = 0; i < res->iov_cnt; i++) {
1251 res->addrs[i] = qemu_get_be64(f);
1252 res->iov[i].iov_len = qemu_get_be32(f);
1253 }
1254 qemu_get_buffer(f, (void *)pixman_image_get_data(res->image),
1255 pixman_image_get_stride(res->image) * res->height);
1256
1257
1258 for (i = 0; i < res->iov_cnt; i++) {
1259 hwaddr len = res->iov[i].iov_len;
1260 res->iov[i].iov_base =
1261 dma_memory_map(VIRTIO_DEVICE(g)->dma_as, res->addrs[i], &len,
1262 DMA_DIRECTION_TO_DEVICE,
1263 MEMTXATTRS_UNSPECIFIED);
1264
1265 if (!res->iov[i].iov_base || len != res->iov[i].iov_len) {
1266
1267 if (res->iov[i].iov_base) {
1268 dma_memory_unmap(VIRTIO_DEVICE(g)->dma_as,
1269 res->iov[i].iov_base,
1270 len,
1271 DMA_DIRECTION_TO_DEVICE,
1272 0);
1273 }
1274
1275 res->iov_cnt = i;
1276 virtio_gpu_cleanup_mapping(g, res);
1277 pixman_image_unref(res->image);
1278 g_free(res);
1279 return -EINVAL;
1280 }
1281 }
1282
1283 QTAILQ_INSERT_HEAD(&g->reslist, res, next);
1284 g->hostmem += res->hostmem;
1285
1286 resource_id = qemu_get_be32(f);
1287 }
1288
1289
1290 vmstate_load_state(f, &vmstate_virtio_gpu_scanouts, g, 1);
1291 for (i = 0; i < g->parent_obj.conf.max_outputs; i++) {
1292 scanout = &g->parent_obj.scanout[i];
1293 if (!scanout->resource_id) {
1294 continue;
1295 }
1296 res = virtio_gpu_find_resource(g, scanout->resource_id);
1297 if (!res) {
1298 return -EINVAL;
1299 }
1300 scanout->ds = qemu_create_displaysurface_pixman(res->image);
1301 if (!scanout->ds) {
1302 return -EINVAL;
1303 }
1304
1305 dpy_gfx_replace_surface(scanout->con, scanout->ds);
1306 dpy_gfx_update_full(scanout->con);
1307 if (scanout->cursor.resource_id) {
1308 update_cursor(g, &scanout->cursor);
1309 }
1310 res->scanout_bitmask |= (1 << i);
1311 }
1312
1313 return 0;
1314}
1315
1316void virtio_gpu_device_realize(DeviceState *qdev, Error **errp)
1317{
1318 VirtIODevice *vdev = VIRTIO_DEVICE(qdev);
1319 VirtIOGPU *g = VIRTIO_GPU(qdev);
1320
1321 if (virtio_gpu_blob_enabled(g->parent_obj.conf)) {
1322 if (!virtio_gpu_have_udmabuf()) {
1323 error_setg(errp, "cannot enable blob resources without udmabuf");
1324 return;
1325 }
1326
1327 if (virtio_gpu_virgl_enabled(g->parent_obj.conf)) {
1328 error_setg(errp, "blobs and virgl are not compatible (yet)");
1329 return;
1330 }
1331 }
1332
1333 if (!virtio_gpu_base_device_realize(qdev,
1334 virtio_gpu_handle_ctrl_cb,
1335 virtio_gpu_handle_cursor_cb,
1336 errp)) {
1337 return;
1338 }
1339
1340 g->ctrl_vq = virtio_get_queue(vdev, 0);
1341 g->cursor_vq = virtio_get_queue(vdev, 1);
1342 g->ctrl_bh = qemu_bh_new(virtio_gpu_ctrl_bh, g);
1343 g->cursor_bh = qemu_bh_new(virtio_gpu_cursor_bh, g);
1344 QTAILQ_INIT(&g->reslist);
1345 QTAILQ_INIT(&g->cmdq);
1346 QTAILQ_INIT(&g->fenceq);
1347}
1348
1349void virtio_gpu_reset(VirtIODevice *vdev)
1350{
1351 VirtIOGPU *g = VIRTIO_GPU(vdev);
1352 struct virtio_gpu_simple_resource *res, *tmp;
1353 struct virtio_gpu_ctrl_command *cmd;
1354
1355 QTAILQ_FOREACH_SAFE(res, &g->reslist, next, tmp) {
1356 virtio_gpu_resource_destroy(g, res);
1357 }
1358
1359 while (!QTAILQ_EMPTY(&g->cmdq)) {
1360 cmd = QTAILQ_FIRST(&g->cmdq);
1361 QTAILQ_REMOVE(&g->cmdq, cmd, next);
1362 g_free(cmd);
1363 }
1364
1365 while (!QTAILQ_EMPTY(&g->fenceq)) {
1366 cmd = QTAILQ_FIRST(&g->fenceq);
1367 QTAILQ_REMOVE(&g->fenceq, cmd, next);
1368 g->inflight--;
1369 g_free(cmd);
1370 }
1371
1372 virtio_gpu_base_reset(VIRTIO_GPU_BASE(vdev));
1373}
1374
1375static void
1376virtio_gpu_get_config(VirtIODevice *vdev, uint8_t *config)
1377{
1378 VirtIOGPUBase *g = VIRTIO_GPU_BASE(vdev);
1379
1380 memcpy(config, &g->virtio_config, sizeof(g->virtio_config));
1381}
1382
1383static void
1384virtio_gpu_set_config(VirtIODevice *vdev, const uint8_t *config)
1385{
1386 VirtIOGPUBase *g = VIRTIO_GPU_BASE(vdev);
1387 const struct virtio_gpu_config *vgconfig =
1388 (const struct virtio_gpu_config *)config;
1389
1390 if (vgconfig->events_clear) {
1391 g->virtio_config.events_read &= ~vgconfig->events_clear;
1392 }
1393}
1394
1395
1396
1397
1398
1399
1400
1401
1402
1403static const VMStateDescription vmstate_virtio_gpu = {
1404 .name = "virtio-gpu",
1405 .minimum_version_id = VIRTIO_GPU_VM_VERSION,
1406 .version_id = VIRTIO_GPU_VM_VERSION,
1407 .fields = (VMStateField[]) {
1408 VMSTATE_VIRTIO_DEVICE ,
1409 {
1410 .name = "virtio-gpu",
1411 .info = &(const VMStateInfo) {
1412 .name = "virtio-gpu",
1413 .get = virtio_gpu_load,
1414 .put = virtio_gpu_save,
1415 },
1416 .flags = VMS_SINGLE,
1417 } ,
1418 VMSTATE_END_OF_LIST()
1419 },
1420};
1421
1422static Property virtio_gpu_properties[] = {
1423 VIRTIO_GPU_BASE_PROPERTIES(VirtIOGPU, parent_obj.conf),
1424 DEFINE_PROP_SIZE("max_hostmem", VirtIOGPU, conf_max_hostmem,
1425 256 * MiB),
1426 DEFINE_PROP_BIT("blob", VirtIOGPU, parent_obj.conf.flags,
1427 VIRTIO_GPU_FLAG_BLOB_ENABLED, false),
1428 DEFINE_PROP_END_OF_LIST(),
1429};
1430
1431static void virtio_gpu_class_init(ObjectClass *klass, void *data)
1432{
1433 DeviceClass *dc = DEVICE_CLASS(klass);
1434 VirtioDeviceClass *vdc = VIRTIO_DEVICE_CLASS(klass);
1435 VirtIOGPUClass *vgc = VIRTIO_GPU_CLASS(klass);
1436 VirtIOGPUBaseClass *vgbc = &vgc->parent;
1437
1438 vgc->handle_ctrl = virtio_gpu_handle_ctrl;
1439 vgc->process_cmd = virtio_gpu_simple_process_cmd;
1440 vgc->update_cursor_data = virtio_gpu_update_cursor_data;
1441 vgbc->gl_flushed = virtio_gpu_handle_gl_flushed;
1442
1443 vdc->realize = virtio_gpu_device_realize;
1444 vdc->reset = virtio_gpu_reset;
1445 vdc->get_config = virtio_gpu_get_config;
1446 vdc->set_config = virtio_gpu_set_config;
1447
1448 dc->vmsd = &vmstate_virtio_gpu;
1449 device_class_set_props(dc, virtio_gpu_properties);
1450}
1451
1452static const TypeInfo virtio_gpu_info = {
1453 .name = TYPE_VIRTIO_GPU,
1454 .parent = TYPE_VIRTIO_GPU_BASE,
1455 .instance_size = sizeof(VirtIOGPU),
1456 .class_size = sizeof(VirtIOGPUClass),
1457 .class_init = virtio_gpu_class_init,
1458};
1459module_obj(TYPE_VIRTIO_GPU);
1460module_kconfig(VIRTIO_GPU);
1461
1462static void virtio_register_types(void)
1463{
1464 type_register_static(&virtio_gpu_info);
1465}
1466
1467type_init(virtio_register_types)
1468
