1 /* 2 * Virtio GPU Device 3 * 4 * Copyright Red Hat, Inc. 2013-2014 5 * 6 * Authors: 7 * Dave Airlie <airlied@redhat.com> 8 * Gerd Hoffmann <kraxel@redhat.com> 9 * 10 * This work is licensed under the terms of the GNU GPL, version 2 or later. 11 * See the COPYING file in the top-level directory. 12 */ 13 14 #include "qemu/osdep.h" 15 #include "qemu/units.h" 16 #include "qemu/iov.h" 17 #include "ui/console.h" 18 #include "trace.h" 19 #include "sysemu/dma.h" 20 #include "sysemu/sysemu.h" 21 #include "hw/virtio/virtio.h" 22 #include "migration/qemu-file-types.h" 23 #include "hw/virtio/virtio-gpu.h" 24 #include "hw/virtio/virtio-gpu-bswap.h" 25 #include "hw/virtio/virtio-gpu-pixman.h" 26 #include "hw/virtio/virtio-bus.h" 27 #include "hw/display/edid.h" 28 #include "hw/qdev-properties.h" 29 #include "qemu/log.h" 30 #include "qemu/module.h" 31 #include "qapi/error.h" 32 #include "qemu/error-report.h" 33 34 #define VIRTIO_GPU_VM_VERSION 1 35 36 static struct virtio_gpu_simple_resource* 37 virtio_gpu_find_resource(VirtIOGPU *g, uint32_t resource_id); 38 static struct virtio_gpu_simple_resource * 39 virtio_gpu_find_check_resource(VirtIOGPU *g, uint32_t resource_id, 40 bool require_backing, 41 const char *caller, uint32_t *error); 42 43 static void virtio_gpu_cleanup_mapping(VirtIOGPU *g, 44 struct virtio_gpu_simple_resource *res); 45 46 void virtio_gpu_update_cursor_data(VirtIOGPU *g, 47 struct virtio_gpu_scanout *s, 48 uint32_t resource_id) 49 { 50 struct virtio_gpu_simple_resource *res; 51 uint32_t pixels; 52 53 res = virtio_gpu_find_check_resource(g, resource_id, false, 54 __func__, NULL); 55 if (!res) { 56 return; 57 } 58 59 if (pixman_image_get_width(res->image) != s->current_cursor->width || 60 pixman_image_get_height(res->image) != s->current_cursor->height) { 61 return; 62 } 63 64 pixels = s->current_cursor->width * s->current_cursor->height; 65 memcpy(s->current_cursor->data, 66 pixman_image_get_data(res->image), 67 pixels * sizeof(uint32_t)); 68 } 69 70 static void update_cursor(VirtIOGPU *g, struct virtio_gpu_update_cursor *cursor) 71 { 72 struct virtio_gpu_scanout *s; 73 VirtIOGPUClass *vgc = VIRTIO_GPU_GET_CLASS(g); 74 bool move = cursor->hdr.type == VIRTIO_GPU_CMD_MOVE_CURSOR; 75 76 if (cursor->pos.scanout_id >= g->parent_obj.conf.max_outputs) { 77 return; 78 } 79 s = &g->parent_obj.scanout[cursor->pos.scanout_id]; 80 81 trace_virtio_gpu_update_cursor(cursor->pos.scanout_id, 82 cursor->pos.x, 83 cursor->pos.y, 84 move ? "move" : "update", 85 cursor->resource_id); 86 87 if (!move) { 88 if (!s->current_cursor) { 89 s->current_cursor = cursor_alloc(64, 64); 90 } 91 92 s->current_cursor->hot_x = cursor->hot_x; 93 s->current_cursor->hot_y = cursor->hot_y; 94 95 if (cursor->resource_id > 0) { 96 vgc->update_cursor_data(g, s, cursor->resource_id); 97 } 98 dpy_cursor_define(s->con, s->current_cursor); 99 100 s->cursor = *cursor; 101 } else { 102 s->cursor.pos.x = cursor->pos.x; 103 s->cursor.pos.y = cursor->pos.y; 104 } 105 dpy_mouse_set(s->con, cursor->pos.x, cursor->pos.y, 106 cursor->resource_id ? 1 : 0); 107 } 108 109 static struct virtio_gpu_simple_resource * 110 virtio_gpu_find_resource(VirtIOGPU *g, uint32_t resource_id) 111 { 112 struct virtio_gpu_simple_resource *res; 113 114 QTAILQ_FOREACH(res, &g->reslist, next) { 115 if (res->resource_id == resource_id) { 116 return res; 117 } 118 } 119 return NULL; 120 } 121 122 static struct virtio_gpu_simple_resource * 123 virtio_gpu_find_check_resource(VirtIOGPU *g, uint32_t resource_id, 124 bool require_backing, 125 const char *caller, uint32_t *error) 126 { 127 struct virtio_gpu_simple_resource *res; 128 129 res = virtio_gpu_find_resource(g, resource_id); 130 if (!res) { 131 qemu_log_mask(LOG_GUEST_ERROR, "%s: invalid resource specified %d\n", 132 caller, resource_id); 133 if (error) { 134 *error = VIRTIO_GPU_RESP_ERR_INVALID_RESOURCE_ID; 135 } 136 return NULL; 137 } 138 139 if (require_backing) { 140 if (!res->iov || !res->image) { 141 qemu_log_mask(LOG_GUEST_ERROR, "%s: no backing storage %d\n", 142 caller, resource_id); 143 if (error) { 144 *error = VIRTIO_GPU_RESP_ERR_UNSPEC; 145 } 146 return NULL; 147 } 148 } 149 150 return res; 151 } 152 153 void virtio_gpu_ctrl_response(VirtIOGPU *g, 154 struct virtio_gpu_ctrl_command *cmd, 155 struct virtio_gpu_ctrl_hdr *resp, 156 size_t resp_len) 157 { 158 size_t s; 159 160 if (cmd->cmd_hdr.flags & VIRTIO_GPU_FLAG_FENCE) { 161 resp->flags |= VIRTIO_GPU_FLAG_FENCE; 162 resp->fence_id = cmd->cmd_hdr.fence_id; 163 resp->ctx_id = cmd->cmd_hdr.ctx_id; 164 } 165 virtio_gpu_ctrl_hdr_bswap(resp); 166 s = iov_from_buf(cmd->elem.in_sg, cmd->elem.in_num, 0, resp, resp_len); 167 if (s != resp_len) { 168 qemu_log_mask(LOG_GUEST_ERROR, 169 "%s: response size incorrect %zu vs %zu\n", 170 __func__, s, resp_len); 171 } 172 virtqueue_push(cmd->vq, &cmd->elem, s); 173 virtio_notify(VIRTIO_DEVICE(g), cmd->vq); 174 cmd->finished = true; 175 } 176 177 void virtio_gpu_ctrl_response_nodata(VirtIOGPU *g, 178 struct virtio_gpu_ctrl_command *cmd, 179 enum virtio_gpu_ctrl_type type) 180 { 181 struct virtio_gpu_ctrl_hdr resp; 182 183 memset(&resp, 0, sizeof(resp)); 184 resp.type = type; 185 virtio_gpu_ctrl_response(g, cmd, &resp, sizeof(resp)); 186 } 187 188 void virtio_gpu_get_display_info(VirtIOGPU *g, 189 struct virtio_gpu_ctrl_command *cmd) 190 { 191 struct virtio_gpu_resp_display_info display_info; 192 193 trace_virtio_gpu_cmd_get_display_info(); 194 memset(&display_info, 0, sizeof(display_info)); 195 display_info.hdr.type = VIRTIO_GPU_RESP_OK_DISPLAY_INFO; 196 virtio_gpu_base_fill_display_info(VIRTIO_GPU_BASE(g), &display_info); 197 virtio_gpu_ctrl_response(g, cmd, &display_info.hdr, 198 sizeof(display_info)); 199 } 200 201 static void 202 virtio_gpu_generate_edid(VirtIOGPU *g, int scanout, 203 struct virtio_gpu_resp_edid *edid) 204 { 205 VirtIOGPUBase *b = VIRTIO_GPU_BASE(g); 206 qemu_edid_info info = { 207 .width_mm = b->req_state[scanout].width_mm, 208 .height_mm = b->req_state[scanout].height_mm, 209 .prefx = b->req_state[scanout].width, 210 .prefy = b->req_state[scanout].height, 211 }; 212 213 edid->size = cpu_to_le32(sizeof(edid->edid)); 214 qemu_edid_generate(edid->edid, sizeof(edid->edid), &info); 215 } 216 217 void virtio_gpu_get_edid(VirtIOGPU *g, 218 struct virtio_gpu_ctrl_command *cmd) 219 { 220 struct virtio_gpu_resp_edid edid; 221 struct virtio_gpu_cmd_get_edid get_edid; 222 VirtIOGPUBase *b = VIRTIO_GPU_BASE(g); 223 224 VIRTIO_GPU_FILL_CMD(get_edid); 225 virtio_gpu_bswap_32(&get_edid, sizeof(get_edid)); 226 227 if (get_edid.scanout >= b->conf.max_outputs) { 228 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_PARAMETER; 229 return; 230 } 231 232 trace_virtio_gpu_cmd_get_edid(get_edid.scanout); 233 memset(&edid, 0, sizeof(edid)); 234 edid.hdr.type = VIRTIO_GPU_RESP_OK_EDID; 235 virtio_gpu_generate_edid(g, get_edid.scanout, &edid); 236 virtio_gpu_ctrl_response(g, cmd, &edid.hdr, sizeof(edid)); 237 } 238 239 static uint32_t calc_image_hostmem(pixman_format_code_t pformat, 240 uint32_t width, uint32_t height) 241 { 242 /* Copied from pixman/pixman-bits-image.c, skip integer overflow check. 243 * pixman_image_create_bits will fail in case it overflow. 244 */ 245 246 int bpp = PIXMAN_FORMAT_BPP(pformat); 247 int stride = ((width * bpp + 0x1f) >> 5) * sizeof(uint32_t); 248 return height * stride; 249 } 250 251 static void virtio_gpu_resource_create_2d(VirtIOGPU *g, 252 struct virtio_gpu_ctrl_command *cmd) 253 { 254 pixman_format_code_t pformat; 255 struct virtio_gpu_simple_resource *res; 256 struct virtio_gpu_resource_create_2d c2d; 257 258 VIRTIO_GPU_FILL_CMD(c2d); 259 virtio_gpu_bswap_32(&c2d, sizeof(c2d)); 260 trace_virtio_gpu_cmd_res_create_2d(c2d.resource_id, c2d.format, 261 c2d.width, c2d.height); 262 263 if (c2d.resource_id == 0) { 264 qemu_log_mask(LOG_GUEST_ERROR, "%s: resource id 0 is not allowed\n", 265 __func__); 266 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_RESOURCE_ID; 267 return; 268 } 269 270 res = virtio_gpu_find_resource(g, c2d.resource_id); 271 if (res) { 272 qemu_log_mask(LOG_GUEST_ERROR, "%s: resource already exists %d\n", 273 __func__, c2d.resource_id); 274 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_RESOURCE_ID; 275 return; 276 } 277 278 res = g_new0(struct virtio_gpu_simple_resource, 1); 279 280 res->width = c2d.width; 281 res->height = c2d.height; 282 res->format = c2d.format; 283 res->resource_id = c2d.resource_id; 284 285 pformat = virtio_gpu_get_pixman_format(c2d.format); 286 if (!pformat) { 287 qemu_log_mask(LOG_GUEST_ERROR, 288 "%s: host couldn't handle guest format %d\n", 289 __func__, c2d.format); 290 g_free(res); 291 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_PARAMETER; 292 return; 293 } 294 295 res->hostmem = calc_image_hostmem(pformat, c2d.width, c2d.height); 296 if (res->hostmem + g->hostmem < g->conf_max_hostmem) { 297 res->image = pixman_image_create_bits(pformat, 298 c2d.width, 299 c2d.height, 300 NULL, 0); 301 } 302 303 if (!res->image) { 304 qemu_log_mask(LOG_GUEST_ERROR, 305 "%s: resource creation failed %d %d %d\n", 306 __func__, c2d.resource_id, c2d.width, c2d.height); 307 g_free(res); 308 cmd->error = VIRTIO_GPU_RESP_ERR_OUT_OF_MEMORY; 309 return; 310 } 311 312 QTAILQ_INSERT_HEAD(&g->reslist, res, next); 313 g->hostmem += res->hostmem; 314 } 315 316 static void virtio_gpu_disable_scanout(VirtIOGPU *g, int scanout_id) 317 { 318 struct virtio_gpu_scanout *scanout = &g->parent_obj.scanout[scanout_id]; 319 struct virtio_gpu_simple_resource *res; 320 321 if (scanout->resource_id == 0) { 322 return; 323 } 324 325 res = virtio_gpu_find_resource(g, scanout->resource_id); 326 if (res) { 327 res->scanout_bitmask &= ~(1 << scanout_id); 328 } 329 330 dpy_gfx_replace_surface(scanout->con, NULL); 331 scanout->resource_id = 0; 332 scanout->ds = NULL; 333 scanout->width = 0; 334 scanout->height = 0; 335 } 336 337 static void virtio_gpu_resource_destroy(VirtIOGPU *g, 338 struct virtio_gpu_simple_resource *res) 339 { 340 int i; 341 342 if (res->scanout_bitmask) { 343 for (i = 0; i < g->parent_obj.conf.max_outputs; i++) { 344 if (res->scanout_bitmask & (1 << i)) { 345 virtio_gpu_disable_scanout(g, i); 346 } 347 } 348 } 349 350 pixman_image_unref(res->image); 351 virtio_gpu_cleanup_mapping(g, res); 352 QTAILQ_REMOVE(&g->reslist, res, next); 353 g->hostmem -= res->hostmem; 354 g_free(res); 355 } 356 357 static void virtio_gpu_resource_unref(VirtIOGPU *g, 358 struct virtio_gpu_ctrl_command *cmd) 359 { 360 struct virtio_gpu_simple_resource *res; 361 struct virtio_gpu_resource_unref unref; 362 363 VIRTIO_GPU_FILL_CMD(unref); 364 virtio_gpu_bswap_32(&unref, sizeof(unref)); 365 trace_virtio_gpu_cmd_res_unref(unref.resource_id); 366 367 res = virtio_gpu_find_resource(g, unref.resource_id); 368 if (!res) { 369 qemu_log_mask(LOG_GUEST_ERROR, "%s: illegal resource specified %d\n", 370 __func__, unref.resource_id); 371 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_RESOURCE_ID; 372 return; 373 } 374 virtio_gpu_resource_destroy(g, res); 375 } 376 377 static void virtio_gpu_transfer_to_host_2d(VirtIOGPU *g, 378 struct virtio_gpu_ctrl_command *cmd) 379 { 380 struct virtio_gpu_simple_resource *res; 381 int h; 382 uint32_t src_offset, dst_offset, stride; 383 int bpp; 384 pixman_format_code_t format; 385 struct virtio_gpu_transfer_to_host_2d t2d; 386 387 VIRTIO_GPU_FILL_CMD(t2d); 388 virtio_gpu_t2d_bswap(&t2d); 389 trace_virtio_gpu_cmd_res_xfer_toh_2d(t2d.resource_id); 390 391 res = virtio_gpu_find_check_resource(g, t2d.resource_id, true, 392 __func__, &cmd->error); 393 if (!res) { 394 return; 395 } 396 397 if (t2d.r.x > res->width || 398 t2d.r.y > res->height || 399 t2d.r.width > res->width || 400 t2d.r.height > res->height || 401 t2d.r.x + t2d.r.width > res->width || 402 t2d.r.y + t2d.r.height > res->height) { 403 qemu_log_mask(LOG_GUEST_ERROR, "%s: transfer bounds outside resource" 404 " bounds for resource %d: %d %d %d %d vs %d %d\n", 405 __func__, t2d.resource_id, t2d.r.x, t2d.r.y, 406 t2d.r.width, t2d.r.height, res->width, res->height); 407 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_PARAMETER; 408 return; 409 } 410 411 format = pixman_image_get_format(res->image); 412 bpp = DIV_ROUND_UP(PIXMAN_FORMAT_BPP(format), 8); 413 stride = pixman_image_get_stride(res->image); 414 415 if (t2d.offset || t2d.r.x || t2d.r.y || 416 t2d.r.width != pixman_image_get_width(res->image)) { 417 void *img_data = pixman_image_get_data(res->image); 418 for (h = 0; h < t2d.r.height; h++) { 419 src_offset = t2d.offset + stride * h; 420 dst_offset = (t2d.r.y + h) * stride + (t2d.r.x * bpp); 421 422 iov_to_buf(res->iov, res->iov_cnt, src_offset, 423 (uint8_t *)img_data 424 + dst_offset, t2d.r.width * bpp); 425 } 426 } else { 427 iov_to_buf(res->iov, res->iov_cnt, 0, 428 pixman_image_get_data(res->image), 429 pixman_image_get_stride(res->image) 430 * pixman_image_get_height(res->image)); 431 } 432 } 433 434 static void virtio_gpu_resource_flush(VirtIOGPU *g, 435 struct virtio_gpu_ctrl_command *cmd) 436 { 437 struct virtio_gpu_simple_resource *res; 438 struct virtio_gpu_resource_flush rf; 439 pixman_region16_t flush_region; 440 int i; 441 442 VIRTIO_GPU_FILL_CMD(rf); 443 virtio_gpu_bswap_32(&rf, sizeof(rf)); 444 trace_virtio_gpu_cmd_res_flush(rf.resource_id, 445 rf.r.width, rf.r.height, rf.r.x, rf.r.y); 446 447 res = virtio_gpu_find_check_resource(g, rf.resource_id, false, 448 __func__, &cmd->error); 449 if (!res) { 450 return; 451 } 452 453 if (rf.r.x > res->width || 454 rf.r.y > res->height || 455 rf.r.width > res->width || 456 rf.r.height > res->height || 457 rf.r.x + rf.r.width > res->width || 458 rf.r.y + rf.r.height > res->height) { 459 qemu_log_mask(LOG_GUEST_ERROR, "%s: flush bounds outside resource" 460 " bounds for resource %d: %d %d %d %d vs %d %d\n", 461 __func__, rf.resource_id, rf.r.x, rf.r.y, 462 rf.r.width, rf.r.height, res->width, res->height); 463 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_PARAMETER; 464 return; 465 } 466 467 pixman_region_init_rect(&flush_region, 468 rf.r.x, rf.r.y, rf.r.width, rf.r.height); 469 for (i = 0; i < g->parent_obj.conf.max_outputs; i++) { 470 struct virtio_gpu_scanout *scanout; 471 pixman_region16_t region, finalregion; 472 pixman_box16_t *extents; 473 474 if (!(res->scanout_bitmask & (1 << i))) { 475 continue; 476 } 477 scanout = &g->parent_obj.scanout[i]; 478 479 pixman_region_init(&finalregion); 480 pixman_region_init_rect(®ion, scanout->x, scanout->y, 481 scanout->width, scanout->height); 482 483 pixman_region_intersect(&finalregion, &flush_region, ®ion); 484 pixman_region_translate(&finalregion, -scanout->x, -scanout->y); 485 extents = pixman_region_extents(&finalregion); 486 /* work out the area we need to update for each console */ 487 dpy_gfx_update(g->parent_obj.scanout[i].con, 488 extents->x1, extents->y1, 489 extents->x2 - extents->x1, 490 extents->y2 - extents->y1); 491 492 pixman_region_fini(®ion); 493 pixman_region_fini(&finalregion); 494 } 495 pixman_region_fini(&flush_region); 496 } 497 498 static void virtio_unref_resource(pixman_image_t *image, void *data) 499 { 500 pixman_image_unref(data); 501 } 502 503 static void virtio_gpu_set_scanout(VirtIOGPU *g, 504 struct virtio_gpu_ctrl_command *cmd) 505 { 506 struct virtio_gpu_simple_resource *res, *ores; 507 struct virtio_gpu_scanout *scanout; 508 pixman_format_code_t format; 509 uint32_t offset; 510 int bpp; 511 struct virtio_gpu_set_scanout ss; 512 513 VIRTIO_GPU_FILL_CMD(ss); 514 virtio_gpu_bswap_32(&ss, sizeof(ss)); 515 trace_virtio_gpu_cmd_set_scanout(ss.scanout_id, ss.resource_id, 516 ss.r.width, ss.r.height, ss.r.x, ss.r.y); 517 518 if (ss.scanout_id >= g->parent_obj.conf.max_outputs) { 519 qemu_log_mask(LOG_GUEST_ERROR, "%s: illegal scanout id specified %d", 520 __func__, ss.scanout_id); 521 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_SCANOUT_ID; 522 return; 523 } 524 525 g->parent_obj.enable = 1; 526 if (ss.resource_id == 0) { 527 virtio_gpu_disable_scanout(g, ss.scanout_id); 528 return; 529 } 530 531 /* create a surface for this scanout */ 532 res = virtio_gpu_find_check_resource(g, ss.resource_id, true, 533 __func__, &cmd->error); 534 if (!res) { 535 return; 536 } 537 538 if (ss.r.x > res->width || 539 ss.r.y > res->height || 540 ss.r.width < 16 || 541 ss.r.height < 16 || 542 ss.r.width > res->width || 543 ss.r.height > res->height || 544 ss.r.x + ss.r.width > res->width || 545 ss.r.y + ss.r.height > res->height) { 546 qemu_log_mask(LOG_GUEST_ERROR, "%s: illegal scanout %d bounds for" 547 " resource %d, (%d,%d)+%d,%d vs %d %d\n", 548 __func__, ss.scanout_id, ss.resource_id, ss.r.x, ss.r.y, 549 ss.r.width, ss.r.height, res->width, res->height); 550 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_PARAMETER; 551 return; 552 } 553 554 scanout = &g->parent_obj.scanout[ss.scanout_id]; 555 556 format = pixman_image_get_format(res->image); 557 bpp = DIV_ROUND_UP(PIXMAN_FORMAT_BPP(format), 8); 558 offset = (ss.r.x * bpp) + ss.r.y * pixman_image_get_stride(res->image); 559 if (!scanout->ds || surface_data(scanout->ds) 560 != ((uint8_t *)pixman_image_get_data(res->image) + offset) || 561 scanout->width != ss.r.width || 562 scanout->height != ss.r.height) { 563 pixman_image_t *rect; 564 void *ptr = (uint8_t *)pixman_image_get_data(res->image) + offset; 565 rect = pixman_image_create_bits(format, ss.r.width, ss.r.height, ptr, 566 pixman_image_get_stride(res->image)); 567 pixman_image_ref(res->image); 568 pixman_image_set_destroy_function(rect, virtio_unref_resource, 569 res->image); 570 /* realloc the surface ptr */ 571 scanout->ds = qemu_create_displaysurface_pixman(rect); 572 if (!scanout->ds) { 573 cmd->error = VIRTIO_GPU_RESP_ERR_UNSPEC; 574 return; 575 } 576 pixman_image_unref(rect); 577 dpy_gfx_replace_surface(g->parent_obj.scanout[ss.scanout_id].con, 578 scanout->ds); 579 } 580 581 ores = virtio_gpu_find_resource(g, scanout->resource_id); 582 if (ores) { 583 ores->scanout_bitmask &= ~(1 << ss.scanout_id); 584 } 585 586 res->scanout_bitmask |= (1 << ss.scanout_id); 587 scanout->resource_id = ss.resource_id; 588 scanout->x = ss.r.x; 589 scanout->y = ss.r.y; 590 scanout->width = ss.r.width; 591 scanout->height = ss.r.height; 592 } 593 594 int virtio_gpu_create_mapping_iov(VirtIOGPU *g, 595 struct virtio_gpu_resource_attach_backing *ab, 596 struct virtio_gpu_ctrl_command *cmd, 597 uint64_t **addr, struct iovec **iov, 598 uint32_t *niov) 599 { 600 struct virtio_gpu_mem_entry *ents; 601 size_t esize, s; 602 int e, v; 603 604 if (ab->nr_entries > 16384) { 605 qemu_log_mask(LOG_GUEST_ERROR, 606 "%s: nr_entries is too big (%d > 16384)\n", 607 __func__, ab->nr_entries); 608 return -1; 609 } 610 611 esize = sizeof(*ents) * ab->nr_entries; 612 ents = g_malloc(esize); 613 s = iov_to_buf(cmd->elem.out_sg, cmd->elem.out_num, 614 sizeof(*ab), ents, esize); 615 if (s != esize) { 616 qemu_log_mask(LOG_GUEST_ERROR, 617 "%s: command data size incorrect %zu vs %zu\n", 618 __func__, s, esize); 619 g_free(ents); 620 return -1; 621 } 622 623 *iov = NULL; 624 if (addr) { 625 *addr = NULL; 626 } 627 for (e = 0, v = 0; e < ab->nr_entries; e++) { 628 uint64_t a = le64_to_cpu(ents[e].addr); 629 uint32_t l = le32_to_cpu(ents[e].length); 630 hwaddr len; 631 void *map; 632 633 do { 634 len = l; 635 map = dma_memory_map(VIRTIO_DEVICE(g)->dma_as, 636 a, &len, DMA_DIRECTION_TO_DEVICE); 637 if (!map) { 638 qemu_log_mask(LOG_GUEST_ERROR, "%s: failed to map MMIO memory for" 639 " resource %d element %d\n", 640 __func__, ab->resource_id, e); 641 virtio_gpu_cleanup_mapping_iov(g, *iov, v); 642 g_free(ents); 643 *iov = NULL; 644 if (addr) { 645 g_free(*addr); 646 *addr = NULL; 647 } 648 return -1; 649 } 650 651 if (!(v % 16)) { 652 *iov = g_realloc(*iov, sizeof(struct iovec) * (v + 16)); 653 if (addr) { 654 *addr = g_realloc(*addr, sizeof(uint64_t) * (v + 16)); 655 } 656 } 657 (*iov)[v].iov_base = map; 658 (*iov)[v].iov_len = len; 659 if (addr) { 660 (*addr)[v] = a; 661 } 662 663 a += len; 664 l -= len; 665 v += 1; 666 } while (l > 0); 667 } 668 *niov = v; 669 670 g_free(ents); 671 return 0; 672 } 673 674 void virtio_gpu_cleanup_mapping_iov(VirtIOGPU *g, 675 struct iovec *iov, uint32_t count) 676 { 677 int i; 678 679 for (i = 0; i < count; i++) { 680 dma_memory_unmap(VIRTIO_DEVICE(g)->dma_as, 681 iov[i].iov_base, iov[i].iov_len, 682 DMA_DIRECTION_TO_DEVICE, 683 iov[i].iov_len); 684 } 685 g_free(iov); 686 } 687 688 static void virtio_gpu_cleanup_mapping(VirtIOGPU *g, 689 struct virtio_gpu_simple_resource *res) 690 { 691 virtio_gpu_cleanup_mapping_iov(g, res->iov, res->iov_cnt); 692 res->iov = NULL; 693 res->iov_cnt = 0; 694 g_free(res->addrs); 695 res->addrs = NULL; 696 } 697 698 static void 699 virtio_gpu_resource_attach_backing(VirtIOGPU *g, 700 struct virtio_gpu_ctrl_command *cmd) 701 { 702 struct virtio_gpu_simple_resource *res; 703 struct virtio_gpu_resource_attach_backing ab; 704 int ret; 705 706 VIRTIO_GPU_FILL_CMD(ab); 707 virtio_gpu_bswap_32(&ab, sizeof(ab)); 708 trace_virtio_gpu_cmd_res_back_attach(ab.resource_id); 709 710 res = virtio_gpu_find_resource(g, ab.resource_id); 711 if (!res) { 712 qemu_log_mask(LOG_GUEST_ERROR, "%s: illegal resource specified %d\n", 713 __func__, ab.resource_id); 714 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_RESOURCE_ID; 715 return; 716 } 717 718 if (res->iov) { 719 cmd->error = VIRTIO_GPU_RESP_ERR_UNSPEC; 720 return; 721 } 722 723 ret = virtio_gpu_create_mapping_iov(g, &ab, cmd, &res->addrs, 724 &res->iov, &res->iov_cnt); 725 if (ret != 0) { 726 cmd->error = VIRTIO_GPU_RESP_ERR_UNSPEC; 727 return; 728 } 729 } 730 731 static void 732 virtio_gpu_resource_detach_backing(VirtIOGPU *g, 733 struct virtio_gpu_ctrl_command *cmd) 734 { 735 struct virtio_gpu_simple_resource *res; 736 struct virtio_gpu_resource_detach_backing detach; 737 738 VIRTIO_GPU_FILL_CMD(detach); 739 virtio_gpu_bswap_32(&detach, sizeof(detach)); 740 trace_virtio_gpu_cmd_res_back_detach(detach.resource_id); 741 742 res = virtio_gpu_find_check_resource(g, detach.resource_id, true, 743 __func__, &cmd->error); 744 if (!res) { 745 return; 746 } 747 virtio_gpu_cleanup_mapping(g, res); 748 } 749 750 void virtio_gpu_simple_process_cmd(VirtIOGPU *g, 751 struct virtio_gpu_ctrl_command *cmd) 752 { 753 VIRTIO_GPU_FILL_CMD(cmd->cmd_hdr); 754 virtio_gpu_ctrl_hdr_bswap(&cmd->cmd_hdr); 755 756 switch (cmd->cmd_hdr.type) { 757 case VIRTIO_GPU_CMD_GET_DISPLAY_INFO: 758 virtio_gpu_get_display_info(g, cmd); 759 break; 760 case VIRTIO_GPU_CMD_GET_EDID: 761 virtio_gpu_get_edid(g, cmd); 762 break; 763 case VIRTIO_GPU_CMD_RESOURCE_CREATE_2D: 764 virtio_gpu_resource_create_2d(g, cmd); 765 break; 766 case VIRTIO_GPU_CMD_RESOURCE_UNREF: 767 virtio_gpu_resource_unref(g, cmd); 768 break; 769 case VIRTIO_GPU_CMD_RESOURCE_FLUSH: 770 virtio_gpu_resource_flush(g, cmd); 771 break; 772 case VIRTIO_GPU_CMD_TRANSFER_TO_HOST_2D: 773 virtio_gpu_transfer_to_host_2d(g, cmd); 774 break; 775 case VIRTIO_GPU_CMD_SET_SCANOUT: 776 virtio_gpu_set_scanout(g, cmd); 777 break; 778 case VIRTIO_GPU_CMD_RESOURCE_ATTACH_BACKING: 779 virtio_gpu_resource_attach_backing(g, cmd); 780 break; 781 case VIRTIO_GPU_CMD_RESOURCE_DETACH_BACKING: 782 virtio_gpu_resource_detach_backing(g, cmd); 783 break; 784 default: 785 cmd->error = VIRTIO_GPU_RESP_ERR_UNSPEC; 786 break; 787 } 788 if (!cmd->finished) { 789 virtio_gpu_ctrl_response_nodata(g, cmd, cmd->error ? cmd->error : 790 VIRTIO_GPU_RESP_OK_NODATA); 791 } 792 } 793 794 static void virtio_gpu_handle_ctrl_cb(VirtIODevice *vdev, VirtQueue *vq) 795 { 796 VirtIOGPU *g = VIRTIO_GPU(vdev); 797 qemu_bh_schedule(g->ctrl_bh); 798 } 799 800 static void virtio_gpu_handle_cursor_cb(VirtIODevice *vdev, VirtQueue *vq) 801 { 802 VirtIOGPU *g = VIRTIO_GPU(vdev); 803 qemu_bh_schedule(g->cursor_bh); 804 } 805 806 void virtio_gpu_process_cmdq(VirtIOGPU *g) 807 { 808 struct virtio_gpu_ctrl_command *cmd; 809 VirtIOGPUClass *vgc = VIRTIO_GPU_GET_CLASS(g); 810 811 if (g->processing_cmdq) { 812 return; 813 } 814 g->processing_cmdq = true; 815 while (!QTAILQ_EMPTY(&g->cmdq)) { 816 cmd = QTAILQ_FIRST(&g->cmdq); 817 818 if (g->parent_obj.renderer_blocked) { 819 break; 820 } 821 822 /* process command */ 823 vgc->process_cmd(g, cmd); 824 825 QTAILQ_REMOVE(&g->cmdq, cmd, next); 826 if (virtio_gpu_stats_enabled(g->parent_obj.conf)) { 827 g->stats.requests++; 828 } 829 830 if (!cmd->finished) { 831 QTAILQ_INSERT_TAIL(&g->fenceq, cmd, next); 832 g->inflight++; 833 if (virtio_gpu_stats_enabled(g->parent_obj.conf)) { 834 if (g->stats.max_inflight < g->inflight) { 835 g->stats.max_inflight = g->inflight; 836 } 837 fprintf(stderr, "inflight: %3d (+)\r", g->inflight); 838 } 839 } else { 840 g_free(cmd); 841 } 842 } 843 g->processing_cmdq = false; 844 } 845 846 static void virtio_gpu_handle_ctrl(VirtIODevice *vdev, VirtQueue *vq) 847 { 848 VirtIOGPU *g = VIRTIO_GPU(vdev); 849 struct virtio_gpu_ctrl_command *cmd; 850 851 if (!virtio_queue_ready(vq)) { 852 return; 853 } 854 855 cmd = virtqueue_pop(vq, sizeof(struct virtio_gpu_ctrl_command)); 856 while (cmd) { 857 cmd->vq = vq; 858 cmd->error = 0; 859 cmd->finished = false; 860 QTAILQ_INSERT_TAIL(&g->cmdq, cmd, next); 861 cmd = virtqueue_pop(vq, sizeof(struct virtio_gpu_ctrl_command)); 862 } 863 864 virtio_gpu_process_cmdq(g); 865 } 866 867 static void virtio_gpu_ctrl_bh(void *opaque) 868 { 869 VirtIOGPU *g = opaque; 870 VirtIOGPUClass *vgc = VIRTIO_GPU_GET_CLASS(g); 871 872 vgc->handle_ctrl(&g->parent_obj.parent_obj, g->ctrl_vq); 873 } 874 875 static void virtio_gpu_handle_cursor(VirtIODevice *vdev, VirtQueue *vq) 876 { 877 VirtIOGPU *g = VIRTIO_GPU(vdev); 878 VirtQueueElement *elem; 879 size_t s; 880 struct virtio_gpu_update_cursor cursor_info; 881 882 if (!virtio_queue_ready(vq)) { 883 return; 884 } 885 for (;;) { 886 elem = virtqueue_pop(vq, sizeof(VirtQueueElement)); 887 if (!elem) { 888 break; 889 } 890 891 s = iov_to_buf(elem->out_sg, elem->out_num, 0, 892 &cursor_info, sizeof(cursor_info)); 893 if (s != sizeof(cursor_info)) { 894 qemu_log_mask(LOG_GUEST_ERROR, 895 "%s: cursor size incorrect %zu vs %zu\n", 896 __func__, s, sizeof(cursor_info)); 897 } else { 898 virtio_gpu_bswap_32(&cursor_info, sizeof(cursor_info)); 899 update_cursor(g, &cursor_info); 900 } 901 virtqueue_push(vq, elem, 0); 902 virtio_notify(vdev, vq); 903 g_free(elem); 904 } 905 } 906 907 static void virtio_gpu_cursor_bh(void *opaque) 908 { 909 VirtIOGPU *g = opaque; 910 virtio_gpu_handle_cursor(&g->parent_obj.parent_obj, g->cursor_vq); 911 } 912 913 static const VMStateDescription vmstate_virtio_gpu_scanout = { 914 .name = "virtio-gpu-one-scanout", 915 .version_id = 1, 916 .fields = (VMStateField[]) { 917 VMSTATE_UINT32(resource_id, struct virtio_gpu_scanout), 918 VMSTATE_UINT32(width, struct virtio_gpu_scanout), 919 VMSTATE_UINT32(height, struct virtio_gpu_scanout), 920 VMSTATE_INT32(x, struct virtio_gpu_scanout), 921 VMSTATE_INT32(y, struct virtio_gpu_scanout), 922 VMSTATE_UINT32(cursor.resource_id, struct virtio_gpu_scanout), 923 VMSTATE_UINT32(cursor.hot_x, struct virtio_gpu_scanout), 924 VMSTATE_UINT32(cursor.hot_y, struct virtio_gpu_scanout), 925 VMSTATE_UINT32(cursor.pos.x, struct virtio_gpu_scanout), 926 VMSTATE_UINT32(cursor.pos.y, struct virtio_gpu_scanout), 927 VMSTATE_END_OF_LIST() 928 }, 929 }; 930 931 static const VMStateDescription vmstate_virtio_gpu_scanouts = { 932 .name = "virtio-gpu-scanouts", 933 .version_id = 1, 934 .fields = (VMStateField[]) { 935 VMSTATE_INT32(parent_obj.enable, struct VirtIOGPU), 936 VMSTATE_UINT32_EQUAL(parent_obj.conf.max_outputs, 937 struct VirtIOGPU, NULL), 938 VMSTATE_STRUCT_VARRAY_UINT32(parent_obj.scanout, struct VirtIOGPU, 939 parent_obj.conf.max_outputs, 1, 940 vmstate_virtio_gpu_scanout, 941 struct virtio_gpu_scanout), 942 VMSTATE_END_OF_LIST() 943 }, 944 }; 945 946 static int virtio_gpu_save(QEMUFile *f, void *opaque, size_t size, 947 const VMStateField *field, JSONWriter *vmdesc) 948 { 949 VirtIOGPU *g = opaque; 950 struct virtio_gpu_simple_resource *res; 951 int i; 952 953 /* in 2d mode we should never find unprocessed commands here */ 954 assert(QTAILQ_EMPTY(&g->cmdq)); 955 956 QTAILQ_FOREACH(res, &g->reslist, next) { 957 qemu_put_be32(f, res->resource_id); 958 qemu_put_be32(f, res->width); 959 qemu_put_be32(f, res->height); 960 qemu_put_be32(f, res->format); 961 qemu_put_be32(f, res->iov_cnt); 962 for (i = 0; i < res->iov_cnt; i++) { 963 qemu_put_be64(f, res->addrs[i]); 964 qemu_put_be32(f, res->iov[i].iov_len); 965 } 966 qemu_put_buffer(f, (void *)pixman_image_get_data(res->image), 967 pixman_image_get_stride(res->image) * res->height); 968 } 969 qemu_put_be32(f, 0); /* end of list */ 970 971 return vmstate_save_state(f, &vmstate_virtio_gpu_scanouts, g, NULL); 972 } 973 974 static int virtio_gpu_load(QEMUFile *f, void *opaque, size_t size, 975 const VMStateField *field) 976 { 977 VirtIOGPU *g = opaque; 978 struct virtio_gpu_simple_resource *res; 979 struct virtio_gpu_scanout *scanout; 980 uint32_t resource_id, pformat; 981 int i; 982 983 g->hostmem = 0; 984 985 resource_id = qemu_get_be32(f); 986 while (resource_id != 0) { 987 res = virtio_gpu_find_resource(g, resource_id); 988 if (res) { 989 return -EINVAL; 990 } 991 992 res = g_new0(struct virtio_gpu_simple_resource, 1); 993 res->resource_id = resource_id; 994 res->width = qemu_get_be32(f); 995 res->height = qemu_get_be32(f); 996 res->format = qemu_get_be32(f); 997 res->iov_cnt = qemu_get_be32(f); 998 999 /* allocate */ 1000 pformat = virtio_gpu_get_pixman_format(res->format); 1001 if (!pformat) { 1002 g_free(res); 1003 return -EINVAL; 1004 } 1005 res->image = pixman_image_create_bits(pformat, 1006 res->width, res->height, 1007 NULL, 0); 1008 if (!res->image) { 1009 g_free(res); 1010 return -EINVAL; 1011 } 1012 1013 res->hostmem = calc_image_hostmem(pformat, res->width, res->height); 1014 1015 res->addrs = g_new(uint64_t, res->iov_cnt); 1016 res->iov = g_new(struct iovec, res->iov_cnt); 1017 1018 /* read data */ 1019 for (i = 0; i < res->iov_cnt; i++) { 1020 res->addrs[i] = qemu_get_be64(f); 1021 res->iov[i].iov_len = qemu_get_be32(f); 1022 } 1023 qemu_get_buffer(f, (void *)pixman_image_get_data(res->image), 1024 pixman_image_get_stride(res->image) * res->height); 1025 1026 /* restore mapping */ 1027 for (i = 0; i < res->iov_cnt; i++) { 1028 hwaddr len = res->iov[i].iov_len; 1029 res->iov[i].iov_base = 1030 dma_memory_map(VIRTIO_DEVICE(g)->dma_as, 1031 res->addrs[i], &len, DMA_DIRECTION_TO_DEVICE); 1032 1033 if (!res->iov[i].iov_base || len != res->iov[i].iov_len) { 1034 /* Clean up the half-a-mapping we just created... */ 1035 if (res->iov[i].iov_base) { 1036 dma_memory_unmap(VIRTIO_DEVICE(g)->dma_as, 1037 res->iov[i].iov_base, 1038 len, 1039 DMA_DIRECTION_TO_DEVICE, 1040 0); 1041 } 1042 /* ...and the mappings for previous loop iterations */ 1043 res->iov_cnt = i; 1044 virtio_gpu_cleanup_mapping(g, res); 1045 pixman_image_unref(res->image); 1046 g_free(res); 1047 return -EINVAL; 1048 } 1049 } 1050 1051 QTAILQ_INSERT_HEAD(&g->reslist, res, next); 1052 g->hostmem += res->hostmem; 1053 1054 resource_id = qemu_get_be32(f); 1055 } 1056 1057 /* load & apply scanout state */ 1058 vmstate_load_state(f, &vmstate_virtio_gpu_scanouts, g, 1); 1059 for (i = 0; i < g->parent_obj.conf.max_outputs; i++) { 1060 scanout = &g->parent_obj.scanout[i]; 1061 if (!scanout->resource_id) { 1062 continue; 1063 } 1064 res = virtio_gpu_find_resource(g, scanout->resource_id); 1065 if (!res) { 1066 return -EINVAL; 1067 } 1068 scanout->ds = qemu_create_displaysurface_pixman(res->image); 1069 if (!scanout->ds) { 1070 return -EINVAL; 1071 } 1072 1073 dpy_gfx_replace_surface(scanout->con, scanout->ds); 1074 dpy_gfx_update_full(scanout->con); 1075 if (scanout->cursor.resource_id) { 1076 update_cursor(g, &scanout->cursor); 1077 } 1078 res->scanout_bitmask |= (1 << i); 1079 } 1080 1081 return 0; 1082 } 1083 1084 void virtio_gpu_device_realize(DeviceState *qdev, Error **errp) 1085 { 1086 VirtIODevice *vdev = VIRTIO_DEVICE(qdev); 1087 VirtIOGPU *g = VIRTIO_GPU(qdev); 1088 1089 if (!virtio_gpu_base_device_realize(qdev, 1090 virtio_gpu_handle_ctrl_cb, 1091 virtio_gpu_handle_cursor_cb, 1092 errp)) { 1093 return; 1094 } 1095 1096 g->ctrl_vq = virtio_get_queue(vdev, 0); 1097 g->cursor_vq = virtio_get_queue(vdev, 1); 1098 g->ctrl_bh = qemu_bh_new(virtio_gpu_ctrl_bh, g); 1099 g->cursor_bh = qemu_bh_new(virtio_gpu_cursor_bh, g); 1100 QTAILQ_INIT(&g->reslist); 1101 QTAILQ_INIT(&g->cmdq); 1102 QTAILQ_INIT(&g->fenceq); 1103 } 1104 1105 void virtio_gpu_reset(VirtIODevice *vdev) 1106 { 1107 VirtIOGPU *g = VIRTIO_GPU(vdev); 1108 struct virtio_gpu_simple_resource *res, *tmp; 1109 struct virtio_gpu_ctrl_command *cmd; 1110 1111 QTAILQ_FOREACH_SAFE(res, &g->reslist, next, tmp) { 1112 virtio_gpu_resource_destroy(g, res); 1113 } 1114 1115 while (!QTAILQ_EMPTY(&g->cmdq)) { 1116 cmd = QTAILQ_FIRST(&g->cmdq); 1117 QTAILQ_REMOVE(&g->cmdq, cmd, next); 1118 g_free(cmd); 1119 } 1120 1121 while (!QTAILQ_EMPTY(&g->fenceq)) { 1122 cmd = QTAILQ_FIRST(&g->fenceq); 1123 QTAILQ_REMOVE(&g->fenceq, cmd, next); 1124 g->inflight--; 1125 g_free(cmd); 1126 } 1127 1128 virtio_gpu_base_reset(VIRTIO_GPU_BASE(vdev)); 1129 } 1130 1131 static void 1132 virtio_gpu_get_config(VirtIODevice *vdev, uint8_t *config) 1133 { 1134 VirtIOGPUBase *g = VIRTIO_GPU_BASE(vdev); 1135 1136 memcpy(config, &g->virtio_config, sizeof(g->virtio_config)); 1137 } 1138 1139 static void 1140 virtio_gpu_set_config(VirtIODevice *vdev, const uint8_t *config) 1141 { 1142 VirtIOGPUBase *g = VIRTIO_GPU_BASE(vdev); 1143 const struct virtio_gpu_config *vgconfig = 1144 (const struct virtio_gpu_config *)config; 1145 1146 if (vgconfig->events_clear) { 1147 g->virtio_config.events_read &= ~vgconfig->events_clear; 1148 } 1149 } 1150 1151 /* 1152 * For historical reasons virtio_gpu does not adhere to virtio migration 1153 * scheme as described in doc/virtio-migration.txt, in a sense that no 1154 * save/load callback are provided to the core. Instead the device data 1155 * is saved/loaded after the core data. 1156 * 1157 * Because of this we need a special vmsd. 1158 */ 1159 static const VMStateDescription vmstate_virtio_gpu = { 1160 .name = "virtio-gpu", 1161 .minimum_version_id = VIRTIO_GPU_VM_VERSION, 1162 .version_id = VIRTIO_GPU_VM_VERSION, 1163 .fields = (VMStateField[]) { 1164 VMSTATE_VIRTIO_DEVICE /* core */, 1165 { 1166 .name = "virtio-gpu", 1167 .info = &(const VMStateInfo) { 1168 .name = "virtio-gpu", 1169 .get = virtio_gpu_load, 1170 .put = virtio_gpu_save, 1171 }, 1172 .flags = VMS_SINGLE, 1173 } /* device */, 1174 VMSTATE_END_OF_LIST() 1175 }, 1176 }; 1177 1178 static Property virtio_gpu_properties[] = { 1179 VIRTIO_GPU_BASE_PROPERTIES(VirtIOGPU, parent_obj.conf), 1180 DEFINE_PROP_SIZE("max_hostmem", VirtIOGPU, conf_max_hostmem, 1181 256 * MiB), 1182 DEFINE_PROP_END_OF_LIST(), 1183 }; 1184 1185 static void virtio_gpu_class_init(ObjectClass *klass, void *data) 1186 { 1187 DeviceClass *dc = DEVICE_CLASS(klass); 1188 VirtioDeviceClass *vdc = VIRTIO_DEVICE_CLASS(klass); 1189 VirtIOGPUClass *vgc = VIRTIO_GPU_CLASS(klass); 1190 1191 vgc->handle_ctrl = virtio_gpu_handle_ctrl; 1192 vgc->process_cmd = virtio_gpu_simple_process_cmd; 1193 vgc->update_cursor_data = virtio_gpu_update_cursor_data; 1194 1195 vdc->realize = virtio_gpu_device_realize; 1196 vdc->reset = virtio_gpu_reset; 1197 vdc->get_config = virtio_gpu_get_config; 1198 vdc->set_config = virtio_gpu_set_config; 1199 1200 dc->vmsd = &vmstate_virtio_gpu; 1201 device_class_set_props(dc, virtio_gpu_properties); 1202 } 1203 1204 static const TypeInfo virtio_gpu_info = { 1205 .name = TYPE_VIRTIO_GPU, 1206 .parent = TYPE_VIRTIO_GPU_BASE, 1207 .instance_size = sizeof(VirtIOGPU), 1208 .class_size = sizeof(VirtIOGPUClass), 1209 .class_init = virtio_gpu_class_init, 1210 }; 1211 1212 static void virtio_register_types(void) 1213 { 1214 type_register_static(&virtio_gpu_info); 1215 } 1216 1217 type_init(virtio_register_types) 1218