1 /* 2 * Virtio GPU Device 3 * 4 * Copyright Red Hat, Inc. 2013-2014 5 * 6 * Authors: 7 * Dave Airlie <airlied@redhat.com> 8 * Gerd Hoffmann <kraxel@redhat.com> 9 * 10 * This work is licensed under the terms of the GNU GPL, version 2 or later. 11 * See the COPYING file in the top-level directory. 12 */ 13 14 #include "qemu/osdep.h" 15 #include "qemu/units.h" 16 #include "qemu/iov.h" 17 #include "ui/console.h" 18 #include "trace.h" 19 #include "sysemu/dma.h" 20 #include "sysemu/sysemu.h" 21 #include "hw/virtio/virtio.h" 22 #include "migration/qemu-file-types.h" 23 #include "hw/virtio/virtio-gpu.h" 24 #include "hw/virtio/virtio-gpu-bswap.h" 25 #include "hw/virtio/virtio-gpu-pixman.h" 26 #include "hw/virtio/virtio-bus.h" 27 #include "hw/display/edid.h" 28 #include "hw/qdev-properties.h" 29 #include "qemu/log.h" 30 #include "qemu/module.h" 31 #include "qapi/error.h" 32 #include "qemu/error-report.h" 33 34 #define VIRTIO_GPU_VM_VERSION 1 35 36 static struct virtio_gpu_simple_resource* 37 virtio_gpu_find_resource(VirtIOGPU *g, uint32_t resource_id); 38 static struct virtio_gpu_simple_resource * 39 virtio_gpu_find_check_resource(VirtIOGPU *g, uint32_t resource_id, 40 bool require_backing, 41 const char *caller, uint32_t *error); 42 43 static void virtio_gpu_cleanup_mapping(VirtIOGPU *g, 44 struct virtio_gpu_simple_resource *res); 45 46 void virtio_gpu_update_cursor_data(VirtIOGPU *g, 47 struct virtio_gpu_scanout *s, 48 uint32_t resource_id) 49 { 50 struct virtio_gpu_simple_resource *res; 51 uint32_t pixels; 52 53 res = virtio_gpu_find_check_resource(g, resource_id, false, 54 __func__, NULL); 55 if (!res) { 56 return; 57 } 58 59 if (pixman_image_get_width(res->image) != s->current_cursor->width || 60 pixman_image_get_height(res->image) != s->current_cursor->height) { 61 return; 62 } 63 64 pixels = s->current_cursor->width * s->current_cursor->height; 65 memcpy(s->current_cursor->data, 66 pixman_image_get_data(res->image), 67 pixels * sizeof(uint32_t)); 68 } 69 70 static void update_cursor(VirtIOGPU *g, struct virtio_gpu_update_cursor *cursor) 71 { 72 struct virtio_gpu_scanout *s; 73 VirtIOGPUClass *vgc = VIRTIO_GPU_GET_CLASS(g); 74 bool move = cursor->hdr.type == VIRTIO_GPU_CMD_MOVE_CURSOR; 75 76 if (cursor->pos.scanout_id >= g->parent_obj.conf.max_outputs) { 77 return; 78 } 79 s = &g->parent_obj.scanout[cursor->pos.scanout_id]; 80 81 trace_virtio_gpu_update_cursor(cursor->pos.scanout_id, 82 cursor->pos.x, 83 cursor->pos.y, 84 move ? "move" : "update", 85 cursor->resource_id); 86 87 if (!move) { 88 if (!s->current_cursor) { 89 s->current_cursor = cursor_alloc(64, 64); 90 } 91 92 s->current_cursor->hot_x = cursor->hot_x; 93 s->current_cursor->hot_y = cursor->hot_y; 94 95 if (cursor->resource_id > 0) { 96 vgc->update_cursor_data(g, s, cursor->resource_id); 97 } 98 dpy_cursor_define(s->con, s->current_cursor); 99 100 s->cursor = *cursor; 101 } else { 102 s->cursor.pos.x = cursor->pos.x; 103 s->cursor.pos.y = cursor->pos.y; 104 } 105 dpy_mouse_set(s->con, cursor->pos.x, cursor->pos.y, 106 cursor->resource_id ? 1 : 0); 107 } 108 109 static struct virtio_gpu_simple_resource * 110 virtio_gpu_find_resource(VirtIOGPU *g, uint32_t resource_id) 111 { 112 struct virtio_gpu_simple_resource *res; 113 114 QTAILQ_FOREACH(res, &g->reslist, next) { 115 if (res->resource_id == resource_id) { 116 return res; 117 } 118 } 119 return NULL; 120 } 121 122 static struct virtio_gpu_simple_resource * 123 virtio_gpu_find_check_resource(VirtIOGPU *g, uint32_t resource_id, 124 bool require_backing, 125 const char *caller, uint32_t *error) 126 { 127 struct virtio_gpu_simple_resource *res; 128 129 res = virtio_gpu_find_resource(g, resource_id); 130 if (!res) { 131 qemu_log_mask(LOG_GUEST_ERROR, "%s: invalid resource specified %d\n", 132 caller, resource_id); 133 if (error) { 134 *error = VIRTIO_GPU_RESP_ERR_INVALID_RESOURCE_ID; 135 } 136 return NULL; 137 } 138 139 if (require_backing) { 140 if (!res->iov || (!res->image && !res->blob)) { 141 qemu_log_mask(LOG_GUEST_ERROR, "%s: no backing storage %d\n", 142 caller, resource_id); 143 if (error) { 144 *error = VIRTIO_GPU_RESP_ERR_UNSPEC; 145 } 146 return NULL; 147 } 148 } 149 150 return res; 151 } 152 153 void virtio_gpu_ctrl_response(VirtIOGPU *g, 154 struct virtio_gpu_ctrl_command *cmd, 155 struct virtio_gpu_ctrl_hdr *resp, 156 size_t resp_len) 157 { 158 size_t s; 159 160 if (cmd->cmd_hdr.flags & VIRTIO_GPU_FLAG_FENCE) { 161 resp->flags |= VIRTIO_GPU_FLAG_FENCE; 162 resp->fence_id = cmd->cmd_hdr.fence_id; 163 resp->ctx_id = cmd->cmd_hdr.ctx_id; 164 } 165 virtio_gpu_ctrl_hdr_bswap(resp); 166 s = iov_from_buf(cmd->elem.in_sg, cmd->elem.in_num, 0, resp, resp_len); 167 if (s != resp_len) { 168 qemu_log_mask(LOG_GUEST_ERROR, 169 "%s: response size incorrect %zu vs %zu\n", 170 __func__, s, resp_len); 171 } 172 virtqueue_push(cmd->vq, &cmd->elem, s); 173 virtio_notify(VIRTIO_DEVICE(g), cmd->vq); 174 cmd->finished = true; 175 } 176 177 void virtio_gpu_ctrl_response_nodata(VirtIOGPU *g, 178 struct virtio_gpu_ctrl_command *cmd, 179 enum virtio_gpu_ctrl_type type) 180 { 181 struct virtio_gpu_ctrl_hdr resp; 182 183 memset(&resp, 0, sizeof(resp)); 184 resp.type = type; 185 virtio_gpu_ctrl_response(g, cmd, &resp, sizeof(resp)); 186 } 187 188 void virtio_gpu_get_display_info(VirtIOGPU *g, 189 struct virtio_gpu_ctrl_command *cmd) 190 { 191 struct virtio_gpu_resp_display_info display_info; 192 193 trace_virtio_gpu_cmd_get_display_info(); 194 memset(&display_info, 0, sizeof(display_info)); 195 display_info.hdr.type = VIRTIO_GPU_RESP_OK_DISPLAY_INFO; 196 virtio_gpu_base_fill_display_info(VIRTIO_GPU_BASE(g), &display_info); 197 virtio_gpu_ctrl_response(g, cmd, &display_info.hdr, 198 sizeof(display_info)); 199 } 200 201 static void 202 virtio_gpu_generate_edid(VirtIOGPU *g, int scanout, 203 struct virtio_gpu_resp_edid *edid) 204 { 205 VirtIOGPUBase *b = VIRTIO_GPU_BASE(g); 206 qemu_edid_info info = { 207 .width_mm = b->req_state[scanout].width_mm, 208 .height_mm = b->req_state[scanout].height_mm, 209 .prefx = b->req_state[scanout].width, 210 .prefy = b->req_state[scanout].height, 211 }; 212 213 edid->size = cpu_to_le32(sizeof(edid->edid)); 214 qemu_edid_generate(edid->edid, sizeof(edid->edid), &info); 215 } 216 217 void virtio_gpu_get_edid(VirtIOGPU *g, 218 struct virtio_gpu_ctrl_command *cmd) 219 { 220 struct virtio_gpu_resp_edid edid; 221 struct virtio_gpu_cmd_get_edid get_edid; 222 VirtIOGPUBase *b = VIRTIO_GPU_BASE(g); 223 224 VIRTIO_GPU_FILL_CMD(get_edid); 225 virtio_gpu_bswap_32(&get_edid, sizeof(get_edid)); 226 227 if (get_edid.scanout >= b->conf.max_outputs) { 228 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_PARAMETER; 229 return; 230 } 231 232 trace_virtio_gpu_cmd_get_edid(get_edid.scanout); 233 memset(&edid, 0, sizeof(edid)); 234 edid.hdr.type = VIRTIO_GPU_RESP_OK_EDID; 235 virtio_gpu_generate_edid(g, get_edid.scanout, &edid); 236 virtio_gpu_ctrl_response(g, cmd, &edid.hdr, sizeof(edid)); 237 } 238 239 static uint32_t calc_image_hostmem(pixman_format_code_t pformat, 240 uint32_t width, uint32_t height) 241 { 242 /* Copied from pixman/pixman-bits-image.c, skip integer overflow check. 243 * pixman_image_create_bits will fail in case it overflow. 244 */ 245 246 int bpp = PIXMAN_FORMAT_BPP(pformat); 247 int stride = ((width * bpp + 0x1f) >> 5) * sizeof(uint32_t); 248 return height * stride; 249 } 250 251 static void virtio_gpu_resource_create_2d(VirtIOGPU *g, 252 struct virtio_gpu_ctrl_command *cmd) 253 { 254 pixman_format_code_t pformat; 255 struct virtio_gpu_simple_resource *res; 256 struct virtio_gpu_resource_create_2d c2d; 257 258 VIRTIO_GPU_FILL_CMD(c2d); 259 virtio_gpu_bswap_32(&c2d, sizeof(c2d)); 260 trace_virtio_gpu_cmd_res_create_2d(c2d.resource_id, c2d.format, 261 c2d.width, c2d.height); 262 263 if (c2d.resource_id == 0) { 264 qemu_log_mask(LOG_GUEST_ERROR, "%s: resource id 0 is not allowed\n", 265 __func__); 266 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_RESOURCE_ID; 267 return; 268 } 269 270 res = virtio_gpu_find_resource(g, c2d.resource_id); 271 if (res) { 272 qemu_log_mask(LOG_GUEST_ERROR, "%s: resource already exists %d\n", 273 __func__, c2d.resource_id); 274 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_RESOURCE_ID; 275 return; 276 } 277 278 res = g_new0(struct virtio_gpu_simple_resource, 1); 279 280 res->width = c2d.width; 281 res->height = c2d.height; 282 res->format = c2d.format; 283 res->resource_id = c2d.resource_id; 284 285 pformat = virtio_gpu_get_pixman_format(c2d.format); 286 if (!pformat) { 287 qemu_log_mask(LOG_GUEST_ERROR, 288 "%s: host couldn't handle guest format %d\n", 289 __func__, c2d.format); 290 g_free(res); 291 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_PARAMETER; 292 return; 293 } 294 295 res->hostmem = calc_image_hostmem(pformat, c2d.width, c2d.height); 296 if (res->hostmem + g->hostmem < g->conf_max_hostmem) { 297 res->image = pixman_image_create_bits(pformat, 298 c2d.width, 299 c2d.height, 300 NULL, 0); 301 } 302 303 if (!res->image) { 304 qemu_log_mask(LOG_GUEST_ERROR, 305 "%s: resource creation failed %d %d %d\n", 306 __func__, c2d.resource_id, c2d.width, c2d.height); 307 g_free(res); 308 cmd->error = VIRTIO_GPU_RESP_ERR_OUT_OF_MEMORY; 309 return; 310 } 311 312 QTAILQ_INSERT_HEAD(&g->reslist, res, next); 313 g->hostmem += res->hostmem; 314 } 315 316 static void virtio_gpu_resource_create_blob(VirtIOGPU *g, 317 struct virtio_gpu_ctrl_command *cmd) 318 { 319 struct virtio_gpu_simple_resource *res; 320 struct virtio_gpu_resource_create_blob cblob; 321 int ret; 322 323 VIRTIO_GPU_FILL_CMD(cblob); 324 virtio_gpu_create_blob_bswap(&cblob); 325 trace_virtio_gpu_cmd_res_create_blob(cblob.resource_id, cblob.size); 326 327 if (cblob.resource_id == 0) { 328 qemu_log_mask(LOG_GUEST_ERROR, "%s: resource id 0 is not allowed\n", 329 __func__); 330 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_RESOURCE_ID; 331 return; 332 } 333 334 res = virtio_gpu_find_resource(g, cblob.resource_id); 335 if (res) { 336 qemu_log_mask(LOG_GUEST_ERROR, "%s: resource already exists %d\n", 337 __func__, cblob.resource_id); 338 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_RESOURCE_ID; 339 return; 340 } 341 342 res = g_new0(struct virtio_gpu_simple_resource, 1); 343 res->resource_id = cblob.resource_id; 344 res->blob_size = cblob.size; 345 346 if (cblob.blob_mem != VIRTIO_GPU_BLOB_MEM_GUEST && 347 cblob.blob_flags != VIRTIO_GPU_BLOB_FLAG_USE_SHAREABLE) { 348 qemu_log_mask(LOG_GUEST_ERROR, "%s: invalid memory type\n", 349 __func__); 350 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_PARAMETER; 351 g_free(res); 352 return; 353 } 354 355 if (res->iov) { 356 cmd->error = VIRTIO_GPU_RESP_ERR_UNSPEC; 357 return; 358 } 359 360 ret = virtio_gpu_create_mapping_iov(g, cblob.nr_entries, sizeof(cblob), 361 cmd, &res->addrs, &res->iov, 362 &res->iov_cnt); 363 if (ret != 0) { 364 cmd->error = VIRTIO_GPU_RESP_ERR_UNSPEC; 365 return; 366 } 367 368 virtio_gpu_init_udmabuf(res); 369 QTAILQ_INSERT_HEAD(&g->reslist, res, next); 370 } 371 372 static void virtio_gpu_disable_scanout(VirtIOGPU *g, int scanout_id) 373 { 374 struct virtio_gpu_scanout *scanout = &g->parent_obj.scanout[scanout_id]; 375 struct virtio_gpu_simple_resource *res; 376 377 if (scanout->resource_id == 0) { 378 return; 379 } 380 381 res = virtio_gpu_find_resource(g, scanout->resource_id); 382 if (res) { 383 res->scanout_bitmask &= ~(1 << scanout_id); 384 } 385 386 dpy_gfx_replace_surface(scanout->con, NULL); 387 scanout->resource_id = 0; 388 scanout->ds = NULL; 389 scanout->width = 0; 390 scanout->height = 0; 391 } 392 393 static void virtio_gpu_resource_destroy(VirtIOGPU *g, 394 struct virtio_gpu_simple_resource *res) 395 { 396 int i; 397 398 if (res->scanout_bitmask) { 399 for (i = 0; i < g->parent_obj.conf.max_outputs; i++) { 400 if (res->scanout_bitmask & (1 << i)) { 401 virtio_gpu_disable_scanout(g, i); 402 } 403 } 404 } 405 406 qemu_pixman_image_unref(res->image); 407 virtio_gpu_cleanup_mapping(g, res); 408 QTAILQ_REMOVE(&g->reslist, res, next); 409 g->hostmem -= res->hostmem; 410 g_free(res); 411 } 412 413 static void virtio_gpu_resource_unref(VirtIOGPU *g, 414 struct virtio_gpu_ctrl_command *cmd) 415 { 416 struct virtio_gpu_simple_resource *res; 417 struct virtio_gpu_resource_unref unref; 418 419 VIRTIO_GPU_FILL_CMD(unref); 420 virtio_gpu_bswap_32(&unref, sizeof(unref)); 421 trace_virtio_gpu_cmd_res_unref(unref.resource_id); 422 423 res = virtio_gpu_find_resource(g, unref.resource_id); 424 if (!res) { 425 qemu_log_mask(LOG_GUEST_ERROR, "%s: illegal resource specified %d\n", 426 __func__, unref.resource_id); 427 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_RESOURCE_ID; 428 return; 429 } 430 virtio_gpu_resource_destroy(g, res); 431 } 432 433 static void virtio_gpu_transfer_to_host_2d(VirtIOGPU *g, 434 struct virtio_gpu_ctrl_command *cmd) 435 { 436 struct virtio_gpu_simple_resource *res; 437 int h; 438 uint32_t src_offset, dst_offset, stride; 439 int bpp; 440 pixman_format_code_t format; 441 struct virtio_gpu_transfer_to_host_2d t2d; 442 443 VIRTIO_GPU_FILL_CMD(t2d); 444 virtio_gpu_t2d_bswap(&t2d); 445 trace_virtio_gpu_cmd_res_xfer_toh_2d(t2d.resource_id); 446 447 res = virtio_gpu_find_check_resource(g, t2d.resource_id, true, 448 __func__, &cmd->error); 449 if (!res || res->blob) { 450 return; 451 } 452 453 if (t2d.r.x > res->width || 454 t2d.r.y > res->height || 455 t2d.r.width > res->width || 456 t2d.r.height > res->height || 457 t2d.r.x + t2d.r.width > res->width || 458 t2d.r.y + t2d.r.height > res->height) { 459 qemu_log_mask(LOG_GUEST_ERROR, "%s: transfer bounds outside resource" 460 " bounds for resource %d: %d %d %d %d vs %d %d\n", 461 __func__, t2d.resource_id, t2d.r.x, t2d.r.y, 462 t2d.r.width, t2d.r.height, res->width, res->height); 463 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_PARAMETER; 464 return; 465 } 466 467 format = pixman_image_get_format(res->image); 468 bpp = DIV_ROUND_UP(PIXMAN_FORMAT_BPP(format), 8); 469 stride = pixman_image_get_stride(res->image); 470 471 if (t2d.offset || t2d.r.x || t2d.r.y || 472 t2d.r.width != pixman_image_get_width(res->image)) { 473 void *img_data = pixman_image_get_data(res->image); 474 for (h = 0; h < t2d.r.height; h++) { 475 src_offset = t2d.offset + stride * h; 476 dst_offset = (t2d.r.y + h) * stride + (t2d.r.x * bpp); 477 478 iov_to_buf(res->iov, res->iov_cnt, src_offset, 479 (uint8_t *)img_data 480 + dst_offset, t2d.r.width * bpp); 481 } 482 } else { 483 iov_to_buf(res->iov, res->iov_cnt, 0, 484 pixman_image_get_data(res->image), 485 pixman_image_get_stride(res->image) 486 * pixman_image_get_height(res->image)); 487 } 488 } 489 490 static void virtio_gpu_resource_flush(VirtIOGPU *g, 491 struct virtio_gpu_ctrl_command *cmd) 492 { 493 struct virtio_gpu_simple_resource *res; 494 struct virtio_gpu_resource_flush rf; 495 struct virtio_gpu_scanout *scanout; 496 pixman_region16_t flush_region; 497 int i; 498 499 VIRTIO_GPU_FILL_CMD(rf); 500 virtio_gpu_bswap_32(&rf, sizeof(rf)); 501 trace_virtio_gpu_cmd_res_flush(rf.resource_id, 502 rf.r.width, rf.r.height, rf.r.x, rf.r.y); 503 504 res = virtio_gpu_find_check_resource(g, rf.resource_id, false, 505 __func__, &cmd->error); 506 if (!res) { 507 return; 508 } 509 510 if (res->blob) { 511 for (i = 0; i < g->parent_obj.conf.max_outputs; i++) { 512 scanout = &g->parent_obj.scanout[i]; 513 if (scanout->resource_id == res->resource_id && 514 console_has_gl(scanout->con)) { 515 dpy_gl_update(scanout->con, 0, 0, scanout->width, 516 scanout->height); 517 return; 518 } 519 } 520 } 521 522 if (!res->blob && 523 (rf.r.x > res->width || 524 rf.r.y > res->height || 525 rf.r.width > res->width || 526 rf.r.height > res->height || 527 rf.r.x + rf.r.width > res->width || 528 rf.r.y + rf.r.height > res->height)) { 529 qemu_log_mask(LOG_GUEST_ERROR, "%s: flush bounds outside resource" 530 " bounds for resource %d: %d %d %d %d vs %d %d\n", 531 __func__, rf.resource_id, rf.r.x, rf.r.y, 532 rf.r.width, rf.r.height, res->width, res->height); 533 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_PARAMETER; 534 return; 535 } 536 537 pixman_region_init_rect(&flush_region, 538 rf.r.x, rf.r.y, rf.r.width, rf.r.height); 539 for (i = 0; i < g->parent_obj.conf.max_outputs; i++) { 540 pixman_region16_t region, finalregion; 541 pixman_box16_t *extents; 542 543 if (!(res->scanout_bitmask & (1 << i))) { 544 continue; 545 } 546 scanout = &g->parent_obj.scanout[i]; 547 548 pixman_region_init(&finalregion); 549 pixman_region_init_rect(®ion, scanout->x, scanout->y, 550 scanout->width, scanout->height); 551 552 pixman_region_intersect(&finalregion, &flush_region, ®ion); 553 pixman_region_translate(&finalregion, -scanout->x, -scanout->y); 554 extents = pixman_region_extents(&finalregion); 555 /* work out the area we need to update for each console */ 556 dpy_gfx_update(g->parent_obj.scanout[i].con, 557 extents->x1, extents->y1, 558 extents->x2 - extents->x1, 559 extents->y2 - extents->y1); 560 561 pixman_region_fini(®ion); 562 pixman_region_fini(&finalregion); 563 } 564 pixman_region_fini(&flush_region); 565 } 566 567 static void virtio_unref_resource(pixman_image_t *image, void *data) 568 { 569 pixman_image_unref(data); 570 } 571 572 static void virtio_gpu_update_scanout(VirtIOGPU *g, 573 uint32_t scanout_id, 574 struct virtio_gpu_simple_resource *res, 575 struct virtio_gpu_rect *r) 576 { 577 struct virtio_gpu_simple_resource *ores; 578 struct virtio_gpu_scanout *scanout; 579 580 scanout = &g->parent_obj.scanout[scanout_id]; 581 ores = virtio_gpu_find_resource(g, scanout->resource_id); 582 if (ores) { 583 ores->scanout_bitmask &= ~(1 << scanout_id); 584 } 585 586 res->scanout_bitmask |= (1 << scanout_id); 587 scanout->resource_id = res->resource_id; 588 scanout->x = r->x; 589 scanout->y = r->y; 590 scanout->width = r->width; 591 scanout->height = r->height; 592 } 593 594 static void virtio_gpu_do_set_scanout(VirtIOGPU *g, 595 uint32_t scanout_id, 596 struct virtio_gpu_framebuffer *fb, 597 struct virtio_gpu_simple_resource *res, 598 struct virtio_gpu_rect *r, 599 uint32_t *error) 600 { 601 struct virtio_gpu_scanout *scanout; 602 uint8_t *data; 603 604 if (scanout_id >= g->parent_obj.conf.max_outputs) { 605 qemu_log_mask(LOG_GUEST_ERROR, "%s: illegal scanout id specified %d", 606 __func__, scanout_id); 607 *error = VIRTIO_GPU_RESP_ERR_INVALID_SCANOUT_ID; 608 return; 609 } 610 scanout = &g->parent_obj.scanout[scanout_id]; 611 612 if (r->x > fb->width || 613 r->y > fb->height || 614 r->width < 16 || 615 r->height < 16 || 616 r->width > fb->width || 617 r->height > fb->height || 618 r->x + r->width > fb->width || 619 r->y + r->height > fb->height) { 620 qemu_log_mask(LOG_GUEST_ERROR, "%s: illegal scanout %d bounds for" 621 " resource %d, rect (%d,%d)+%d,%d, fb %d %d\n", 622 __func__, scanout_id, res->resource_id, 623 r->x, r->y, r->width, r->height, 624 fb->width, fb->height); 625 *error = VIRTIO_GPU_RESP_ERR_INVALID_PARAMETER; 626 return; 627 } 628 629 g->parent_obj.enable = 1; 630 631 if (res->blob) { 632 if (console_has_gl(scanout->con)) { 633 if (!virtio_gpu_update_dmabuf(g, scanout_id, res, fb)) { 634 virtio_gpu_update_scanout(g, scanout_id, res, r); 635 return; 636 } 637 } 638 639 data = res->blob; 640 } else { 641 data = (uint8_t *)pixman_image_get_data(res->image); 642 } 643 644 /* create a surface for this scanout */ 645 if ((res->blob && !console_has_gl(scanout->con)) || 646 !scanout->ds || 647 surface_data(scanout->ds) != data + fb->offset || 648 scanout->width != r->width || 649 scanout->height != r->height) { 650 pixman_image_t *rect; 651 void *ptr = data + fb->offset; 652 rect = pixman_image_create_bits(fb->format, r->width, r->height, 653 ptr, fb->stride); 654 655 if (res->image) { 656 pixman_image_ref(res->image); 657 pixman_image_set_destroy_function(rect, virtio_unref_resource, 658 res->image); 659 } 660 661 /* realloc the surface ptr */ 662 scanout->ds = qemu_create_displaysurface_pixman(rect); 663 if (!scanout->ds) { 664 *error = VIRTIO_GPU_RESP_ERR_UNSPEC; 665 return; 666 } 667 668 pixman_image_unref(rect); 669 dpy_gfx_replace_surface(g->parent_obj.scanout[scanout_id].con, 670 scanout->ds); 671 } 672 673 virtio_gpu_update_scanout(g, scanout_id, res, r); 674 } 675 676 static void virtio_gpu_set_scanout(VirtIOGPU *g, 677 struct virtio_gpu_ctrl_command *cmd) 678 { 679 struct virtio_gpu_simple_resource *res; 680 struct virtio_gpu_framebuffer fb = { 0 }; 681 struct virtio_gpu_set_scanout ss; 682 683 VIRTIO_GPU_FILL_CMD(ss); 684 virtio_gpu_bswap_32(&ss, sizeof(ss)); 685 trace_virtio_gpu_cmd_set_scanout(ss.scanout_id, ss.resource_id, 686 ss.r.width, ss.r.height, ss.r.x, ss.r.y); 687 688 if (ss.resource_id == 0) { 689 virtio_gpu_disable_scanout(g, ss.scanout_id); 690 return; 691 } 692 693 res = virtio_gpu_find_check_resource(g, ss.resource_id, true, 694 __func__, &cmd->error); 695 if (!res) { 696 return; 697 } 698 699 fb.format = pixman_image_get_format(res->image); 700 fb.bytes_pp = DIV_ROUND_UP(PIXMAN_FORMAT_BPP(fb.format), 8); 701 fb.width = pixman_image_get_width(res->image); 702 fb.height = pixman_image_get_height(res->image); 703 fb.stride = pixman_image_get_stride(res->image); 704 fb.offset = ss.r.x * fb.bytes_pp + ss.r.y * fb.stride; 705 706 virtio_gpu_do_set_scanout(g, ss.scanout_id, 707 &fb, res, &ss.r, &cmd->error); 708 } 709 710 static void virtio_gpu_set_scanout_blob(VirtIOGPU *g, 711 struct virtio_gpu_ctrl_command *cmd) 712 { 713 struct virtio_gpu_simple_resource *res; 714 struct virtio_gpu_framebuffer fb = { 0 }; 715 struct virtio_gpu_set_scanout_blob ss; 716 uint64_t fbend; 717 718 VIRTIO_GPU_FILL_CMD(ss); 719 virtio_gpu_scanout_blob_bswap(&ss); 720 trace_virtio_gpu_cmd_set_scanout_blob(ss.scanout_id, ss.resource_id, 721 ss.r.width, ss.r.height, ss.r.x, 722 ss.r.y); 723 724 if (ss.resource_id == 0) { 725 virtio_gpu_disable_scanout(g, ss.scanout_id); 726 return; 727 } 728 729 res = virtio_gpu_find_check_resource(g, ss.resource_id, true, 730 __func__, &cmd->error); 731 if (!res) { 732 return; 733 } 734 735 fb.format = virtio_gpu_get_pixman_format(ss.format); 736 if (!fb.format) { 737 qemu_log_mask(LOG_GUEST_ERROR, 738 "%s: host couldn't handle guest format %d\n", 739 __func__, ss.format); 740 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_PARAMETER; 741 return; 742 } 743 744 fb.bytes_pp = DIV_ROUND_UP(PIXMAN_FORMAT_BPP(fb.format), 8); 745 fb.width = ss.width; 746 fb.height = ss.height; 747 fb.stride = ss.strides[0]; 748 fb.offset = ss.offsets[0] + ss.r.x * fb.bytes_pp + ss.r.y * fb.stride; 749 750 fbend = fb.offset; 751 fbend += fb.stride * (ss.r.height - 1); 752 fbend += fb.bytes_pp * ss.r.width; 753 if (fbend > res->blob_size) { 754 qemu_log_mask(LOG_GUEST_ERROR, 755 "%s: fb end out of range\n", 756 __func__); 757 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_PARAMETER; 758 return; 759 } 760 761 virtio_gpu_do_set_scanout(g, ss.scanout_id, 762 &fb, res, &ss.r, &cmd->error); 763 } 764 765 int virtio_gpu_create_mapping_iov(VirtIOGPU *g, 766 uint32_t nr_entries, uint32_t offset, 767 struct virtio_gpu_ctrl_command *cmd, 768 uint64_t **addr, struct iovec **iov, 769 uint32_t *niov) 770 { 771 struct virtio_gpu_mem_entry *ents; 772 size_t esize, s; 773 int e, v; 774 775 if (nr_entries > 16384) { 776 qemu_log_mask(LOG_GUEST_ERROR, 777 "%s: nr_entries is too big (%d > 16384)\n", 778 __func__, nr_entries); 779 return -1; 780 } 781 782 esize = sizeof(*ents) * nr_entries; 783 ents = g_malloc(esize); 784 s = iov_to_buf(cmd->elem.out_sg, cmd->elem.out_num, 785 offset, ents, esize); 786 if (s != esize) { 787 qemu_log_mask(LOG_GUEST_ERROR, 788 "%s: command data size incorrect %zu vs %zu\n", 789 __func__, s, esize); 790 g_free(ents); 791 return -1; 792 } 793 794 *iov = NULL; 795 if (addr) { 796 *addr = NULL; 797 } 798 for (e = 0, v = 0; e < nr_entries; e++) { 799 uint64_t a = le64_to_cpu(ents[e].addr); 800 uint32_t l = le32_to_cpu(ents[e].length); 801 hwaddr len; 802 void *map; 803 804 do { 805 len = l; 806 map = dma_memory_map(VIRTIO_DEVICE(g)->dma_as, 807 a, &len, DMA_DIRECTION_TO_DEVICE); 808 if (!map) { 809 qemu_log_mask(LOG_GUEST_ERROR, "%s: failed to map MMIO memory for" 810 " element %d\n", __func__, e); 811 virtio_gpu_cleanup_mapping_iov(g, *iov, v); 812 g_free(ents); 813 *iov = NULL; 814 if (addr) { 815 g_free(*addr); 816 *addr = NULL; 817 } 818 return -1; 819 } 820 821 if (!(v % 16)) { 822 *iov = g_realloc(*iov, sizeof(struct iovec) * (v + 16)); 823 if (addr) { 824 *addr = g_realloc(*addr, sizeof(uint64_t) * (v + 16)); 825 } 826 } 827 (*iov)[v].iov_base = map; 828 (*iov)[v].iov_len = len; 829 if (addr) { 830 (*addr)[v] = a; 831 } 832 833 a += len; 834 l -= len; 835 v += 1; 836 } while (l > 0); 837 } 838 *niov = v; 839 840 g_free(ents); 841 return 0; 842 } 843 844 void virtio_gpu_cleanup_mapping_iov(VirtIOGPU *g, 845 struct iovec *iov, uint32_t count) 846 { 847 int i; 848 849 for (i = 0; i < count; i++) { 850 dma_memory_unmap(VIRTIO_DEVICE(g)->dma_as, 851 iov[i].iov_base, iov[i].iov_len, 852 DMA_DIRECTION_TO_DEVICE, 853 iov[i].iov_len); 854 } 855 g_free(iov); 856 } 857 858 static void virtio_gpu_cleanup_mapping(VirtIOGPU *g, 859 struct virtio_gpu_simple_resource *res) 860 { 861 virtio_gpu_cleanup_mapping_iov(g, res->iov, res->iov_cnt); 862 res->iov = NULL; 863 res->iov_cnt = 0; 864 g_free(res->addrs); 865 res->addrs = NULL; 866 867 if (res->blob) { 868 virtio_gpu_fini_udmabuf(res); 869 } 870 } 871 872 static void 873 virtio_gpu_resource_attach_backing(VirtIOGPU *g, 874 struct virtio_gpu_ctrl_command *cmd) 875 { 876 struct virtio_gpu_simple_resource *res; 877 struct virtio_gpu_resource_attach_backing ab; 878 int ret; 879 880 VIRTIO_GPU_FILL_CMD(ab); 881 virtio_gpu_bswap_32(&ab, sizeof(ab)); 882 trace_virtio_gpu_cmd_res_back_attach(ab.resource_id); 883 884 res = virtio_gpu_find_resource(g, ab.resource_id); 885 if (!res) { 886 qemu_log_mask(LOG_GUEST_ERROR, "%s: illegal resource specified %d\n", 887 __func__, ab.resource_id); 888 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_RESOURCE_ID; 889 return; 890 } 891 892 if (res->iov) { 893 cmd->error = VIRTIO_GPU_RESP_ERR_UNSPEC; 894 return; 895 } 896 897 ret = virtio_gpu_create_mapping_iov(g, ab.nr_entries, sizeof(ab), cmd, 898 &res->addrs, &res->iov, &res->iov_cnt); 899 if (ret != 0) { 900 cmd->error = VIRTIO_GPU_RESP_ERR_UNSPEC; 901 return; 902 } 903 } 904 905 static void 906 virtio_gpu_resource_detach_backing(VirtIOGPU *g, 907 struct virtio_gpu_ctrl_command *cmd) 908 { 909 struct virtio_gpu_simple_resource *res; 910 struct virtio_gpu_resource_detach_backing detach; 911 912 VIRTIO_GPU_FILL_CMD(detach); 913 virtio_gpu_bswap_32(&detach, sizeof(detach)); 914 trace_virtio_gpu_cmd_res_back_detach(detach.resource_id); 915 916 res = virtio_gpu_find_check_resource(g, detach.resource_id, true, 917 __func__, &cmd->error); 918 if (!res) { 919 return; 920 } 921 virtio_gpu_cleanup_mapping(g, res); 922 } 923 924 void virtio_gpu_simple_process_cmd(VirtIOGPU *g, 925 struct virtio_gpu_ctrl_command *cmd) 926 { 927 VIRTIO_GPU_FILL_CMD(cmd->cmd_hdr); 928 virtio_gpu_ctrl_hdr_bswap(&cmd->cmd_hdr); 929 930 switch (cmd->cmd_hdr.type) { 931 case VIRTIO_GPU_CMD_GET_DISPLAY_INFO: 932 virtio_gpu_get_display_info(g, cmd); 933 break; 934 case VIRTIO_GPU_CMD_GET_EDID: 935 virtio_gpu_get_edid(g, cmd); 936 break; 937 case VIRTIO_GPU_CMD_RESOURCE_CREATE_2D: 938 virtio_gpu_resource_create_2d(g, cmd); 939 break; 940 case VIRTIO_GPU_CMD_RESOURCE_CREATE_BLOB: 941 if (!virtio_gpu_blob_enabled(g->parent_obj.conf)) { 942 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_PARAMETER; 943 break; 944 } 945 virtio_gpu_resource_create_blob(g, cmd); 946 break; 947 case VIRTIO_GPU_CMD_RESOURCE_UNREF: 948 virtio_gpu_resource_unref(g, cmd); 949 break; 950 case VIRTIO_GPU_CMD_RESOURCE_FLUSH: 951 virtio_gpu_resource_flush(g, cmd); 952 break; 953 case VIRTIO_GPU_CMD_TRANSFER_TO_HOST_2D: 954 virtio_gpu_transfer_to_host_2d(g, cmd); 955 break; 956 case VIRTIO_GPU_CMD_SET_SCANOUT: 957 virtio_gpu_set_scanout(g, cmd); 958 break; 959 case VIRTIO_GPU_CMD_SET_SCANOUT_BLOB: 960 if (!virtio_gpu_blob_enabled(g->parent_obj.conf)) { 961 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_PARAMETER; 962 break; 963 } 964 virtio_gpu_set_scanout_blob(g, cmd); 965 break; 966 case VIRTIO_GPU_CMD_RESOURCE_ATTACH_BACKING: 967 virtio_gpu_resource_attach_backing(g, cmd); 968 break; 969 case VIRTIO_GPU_CMD_RESOURCE_DETACH_BACKING: 970 virtio_gpu_resource_detach_backing(g, cmd); 971 break; 972 default: 973 cmd->error = VIRTIO_GPU_RESP_ERR_UNSPEC; 974 break; 975 } 976 if (!cmd->finished) { 977 virtio_gpu_ctrl_response_nodata(g, cmd, cmd->error ? cmd->error : 978 VIRTIO_GPU_RESP_OK_NODATA); 979 } 980 } 981 982 static void virtio_gpu_handle_ctrl_cb(VirtIODevice *vdev, VirtQueue *vq) 983 { 984 VirtIOGPU *g = VIRTIO_GPU(vdev); 985 qemu_bh_schedule(g->ctrl_bh); 986 } 987 988 static void virtio_gpu_handle_cursor_cb(VirtIODevice *vdev, VirtQueue *vq) 989 { 990 VirtIOGPU *g = VIRTIO_GPU(vdev); 991 qemu_bh_schedule(g->cursor_bh); 992 } 993 994 void virtio_gpu_process_cmdq(VirtIOGPU *g) 995 { 996 struct virtio_gpu_ctrl_command *cmd; 997 VirtIOGPUClass *vgc = VIRTIO_GPU_GET_CLASS(g); 998 999 if (g->processing_cmdq) { 1000 return; 1001 } 1002 g->processing_cmdq = true; 1003 while (!QTAILQ_EMPTY(&g->cmdq)) { 1004 cmd = QTAILQ_FIRST(&g->cmdq); 1005 1006 if (g->parent_obj.renderer_blocked) { 1007 break; 1008 } 1009 1010 /* process command */ 1011 vgc->process_cmd(g, cmd); 1012 1013 QTAILQ_REMOVE(&g->cmdq, cmd, next); 1014 if (virtio_gpu_stats_enabled(g->parent_obj.conf)) { 1015 g->stats.requests++; 1016 } 1017 1018 if (!cmd->finished) { 1019 QTAILQ_INSERT_TAIL(&g->fenceq, cmd, next); 1020 g->inflight++; 1021 if (virtio_gpu_stats_enabled(g->parent_obj.conf)) { 1022 if (g->stats.max_inflight < g->inflight) { 1023 g->stats.max_inflight = g->inflight; 1024 } 1025 fprintf(stderr, "inflight: %3d (+)\r", g->inflight); 1026 } 1027 } else { 1028 g_free(cmd); 1029 } 1030 } 1031 g->processing_cmdq = false; 1032 } 1033 1034 static void virtio_gpu_handle_ctrl(VirtIODevice *vdev, VirtQueue *vq) 1035 { 1036 VirtIOGPU *g = VIRTIO_GPU(vdev); 1037 struct virtio_gpu_ctrl_command *cmd; 1038 1039 if (!virtio_queue_ready(vq)) { 1040 return; 1041 } 1042 1043 cmd = virtqueue_pop(vq, sizeof(struct virtio_gpu_ctrl_command)); 1044 while (cmd) { 1045 cmd->vq = vq; 1046 cmd->error = 0; 1047 cmd->finished = false; 1048 QTAILQ_INSERT_TAIL(&g->cmdq, cmd, next); 1049 cmd = virtqueue_pop(vq, sizeof(struct virtio_gpu_ctrl_command)); 1050 } 1051 1052 virtio_gpu_process_cmdq(g); 1053 } 1054 1055 static void virtio_gpu_ctrl_bh(void *opaque) 1056 { 1057 VirtIOGPU *g = opaque; 1058 VirtIOGPUClass *vgc = VIRTIO_GPU_GET_CLASS(g); 1059 1060 vgc->handle_ctrl(&g->parent_obj.parent_obj, g->ctrl_vq); 1061 } 1062 1063 static void virtio_gpu_handle_cursor(VirtIODevice *vdev, VirtQueue *vq) 1064 { 1065 VirtIOGPU *g = VIRTIO_GPU(vdev); 1066 VirtQueueElement *elem; 1067 size_t s; 1068 struct virtio_gpu_update_cursor cursor_info; 1069 1070 if (!virtio_queue_ready(vq)) { 1071 return; 1072 } 1073 for (;;) { 1074 elem = virtqueue_pop(vq, sizeof(VirtQueueElement)); 1075 if (!elem) { 1076 break; 1077 } 1078 1079 s = iov_to_buf(elem->out_sg, elem->out_num, 0, 1080 &cursor_info, sizeof(cursor_info)); 1081 if (s != sizeof(cursor_info)) { 1082 qemu_log_mask(LOG_GUEST_ERROR, 1083 "%s: cursor size incorrect %zu vs %zu\n", 1084 __func__, s, sizeof(cursor_info)); 1085 } else { 1086 virtio_gpu_bswap_32(&cursor_info, sizeof(cursor_info)); 1087 update_cursor(g, &cursor_info); 1088 } 1089 virtqueue_push(vq, elem, 0); 1090 virtio_notify(vdev, vq); 1091 g_free(elem); 1092 } 1093 } 1094 1095 static void virtio_gpu_cursor_bh(void *opaque) 1096 { 1097 VirtIOGPU *g = opaque; 1098 virtio_gpu_handle_cursor(&g->parent_obj.parent_obj, g->cursor_vq); 1099 } 1100 1101 static const VMStateDescription vmstate_virtio_gpu_scanout = { 1102 .name = "virtio-gpu-one-scanout", 1103 .version_id = 1, 1104 .fields = (VMStateField[]) { 1105 VMSTATE_UINT32(resource_id, struct virtio_gpu_scanout), 1106 VMSTATE_UINT32(width, struct virtio_gpu_scanout), 1107 VMSTATE_UINT32(height, struct virtio_gpu_scanout), 1108 VMSTATE_INT32(x, struct virtio_gpu_scanout), 1109 VMSTATE_INT32(y, struct virtio_gpu_scanout), 1110 VMSTATE_UINT32(cursor.resource_id, struct virtio_gpu_scanout), 1111 VMSTATE_UINT32(cursor.hot_x, struct virtio_gpu_scanout), 1112 VMSTATE_UINT32(cursor.hot_y, struct virtio_gpu_scanout), 1113 VMSTATE_UINT32(cursor.pos.x, struct virtio_gpu_scanout), 1114 VMSTATE_UINT32(cursor.pos.y, struct virtio_gpu_scanout), 1115 VMSTATE_END_OF_LIST() 1116 }, 1117 }; 1118 1119 static const VMStateDescription vmstate_virtio_gpu_scanouts = { 1120 .name = "virtio-gpu-scanouts", 1121 .version_id = 1, 1122 .fields = (VMStateField[]) { 1123 VMSTATE_INT32(parent_obj.enable, struct VirtIOGPU), 1124 VMSTATE_UINT32_EQUAL(parent_obj.conf.max_outputs, 1125 struct VirtIOGPU, NULL), 1126 VMSTATE_STRUCT_VARRAY_UINT32(parent_obj.scanout, struct VirtIOGPU, 1127 parent_obj.conf.max_outputs, 1, 1128 vmstate_virtio_gpu_scanout, 1129 struct virtio_gpu_scanout), 1130 VMSTATE_END_OF_LIST() 1131 }, 1132 }; 1133 1134 static int virtio_gpu_save(QEMUFile *f, void *opaque, size_t size, 1135 const VMStateField *field, JSONWriter *vmdesc) 1136 { 1137 VirtIOGPU *g = opaque; 1138 struct virtio_gpu_simple_resource *res; 1139 int i; 1140 1141 /* in 2d mode we should never find unprocessed commands here */ 1142 assert(QTAILQ_EMPTY(&g->cmdq)); 1143 1144 QTAILQ_FOREACH(res, &g->reslist, next) { 1145 qemu_put_be32(f, res->resource_id); 1146 qemu_put_be32(f, res->width); 1147 qemu_put_be32(f, res->height); 1148 qemu_put_be32(f, res->format); 1149 qemu_put_be32(f, res->iov_cnt); 1150 for (i = 0; i < res->iov_cnt; i++) { 1151 qemu_put_be64(f, res->addrs[i]); 1152 qemu_put_be32(f, res->iov[i].iov_len); 1153 } 1154 qemu_put_buffer(f, (void *)pixman_image_get_data(res->image), 1155 pixman_image_get_stride(res->image) * res->height); 1156 } 1157 qemu_put_be32(f, 0); /* end of list */ 1158 1159 return vmstate_save_state(f, &vmstate_virtio_gpu_scanouts, g, NULL); 1160 } 1161 1162 static int virtio_gpu_load(QEMUFile *f, void *opaque, size_t size, 1163 const VMStateField *field) 1164 { 1165 VirtIOGPU *g = opaque; 1166 struct virtio_gpu_simple_resource *res; 1167 struct virtio_gpu_scanout *scanout; 1168 uint32_t resource_id, pformat; 1169 int i; 1170 1171 g->hostmem = 0; 1172 1173 resource_id = qemu_get_be32(f); 1174 while (resource_id != 0) { 1175 res = virtio_gpu_find_resource(g, resource_id); 1176 if (res) { 1177 return -EINVAL; 1178 } 1179 1180 res = g_new0(struct virtio_gpu_simple_resource, 1); 1181 res->resource_id = resource_id; 1182 res->width = qemu_get_be32(f); 1183 res->height = qemu_get_be32(f); 1184 res->format = qemu_get_be32(f); 1185 res->iov_cnt = qemu_get_be32(f); 1186 1187 /* allocate */ 1188 pformat = virtio_gpu_get_pixman_format(res->format); 1189 if (!pformat) { 1190 g_free(res); 1191 return -EINVAL; 1192 } 1193 res->image = pixman_image_create_bits(pformat, 1194 res->width, res->height, 1195 NULL, 0); 1196 if (!res->image) { 1197 g_free(res); 1198 return -EINVAL; 1199 } 1200 1201 res->hostmem = calc_image_hostmem(pformat, res->width, res->height); 1202 1203 res->addrs = g_new(uint64_t, res->iov_cnt); 1204 res->iov = g_new(struct iovec, res->iov_cnt); 1205 1206 /* read data */ 1207 for (i = 0; i < res->iov_cnt; i++) { 1208 res->addrs[i] = qemu_get_be64(f); 1209 res->iov[i].iov_len = qemu_get_be32(f); 1210 } 1211 qemu_get_buffer(f, (void *)pixman_image_get_data(res->image), 1212 pixman_image_get_stride(res->image) * res->height); 1213 1214 /* restore mapping */ 1215 for (i = 0; i < res->iov_cnt; i++) { 1216 hwaddr len = res->iov[i].iov_len; 1217 res->iov[i].iov_base = 1218 dma_memory_map(VIRTIO_DEVICE(g)->dma_as, 1219 res->addrs[i], &len, DMA_DIRECTION_TO_DEVICE); 1220 1221 if (!res->iov[i].iov_base || len != res->iov[i].iov_len) { 1222 /* Clean up the half-a-mapping we just created... */ 1223 if (res->iov[i].iov_base) { 1224 dma_memory_unmap(VIRTIO_DEVICE(g)->dma_as, 1225 res->iov[i].iov_base, 1226 len, 1227 DMA_DIRECTION_TO_DEVICE, 1228 0); 1229 } 1230 /* ...and the mappings for previous loop iterations */ 1231 res->iov_cnt = i; 1232 virtio_gpu_cleanup_mapping(g, res); 1233 pixman_image_unref(res->image); 1234 g_free(res); 1235 return -EINVAL; 1236 } 1237 } 1238 1239 QTAILQ_INSERT_HEAD(&g->reslist, res, next); 1240 g->hostmem += res->hostmem; 1241 1242 resource_id = qemu_get_be32(f); 1243 } 1244 1245 /* load & apply scanout state */ 1246 vmstate_load_state(f, &vmstate_virtio_gpu_scanouts, g, 1); 1247 for (i = 0; i < g->parent_obj.conf.max_outputs; i++) { 1248 scanout = &g->parent_obj.scanout[i]; 1249 if (!scanout->resource_id) { 1250 continue; 1251 } 1252 res = virtio_gpu_find_resource(g, scanout->resource_id); 1253 if (!res) { 1254 return -EINVAL; 1255 } 1256 scanout->ds = qemu_create_displaysurface_pixman(res->image); 1257 if (!scanout->ds) { 1258 return -EINVAL; 1259 } 1260 1261 dpy_gfx_replace_surface(scanout->con, scanout->ds); 1262 dpy_gfx_update_full(scanout->con); 1263 if (scanout->cursor.resource_id) { 1264 update_cursor(g, &scanout->cursor); 1265 } 1266 res->scanout_bitmask |= (1 << i); 1267 } 1268 1269 return 0; 1270 } 1271 1272 void virtio_gpu_device_realize(DeviceState *qdev, Error **errp) 1273 { 1274 VirtIODevice *vdev = VIRTIO_DEVICE(qdev); 1275 VirtIOGPU *g = VIRTIO_GPU(qdev); 1276 1277 if (virtio_gpu_blob_enabled(g->parent_obj.conf)) { 1278 if (!virtio_gpu_have_udmabuf()) { 1279 error_setg(errp, "cannot enable blob resources without udmabuf"); 1280 return; 1281 } 1282 1283 if (virtio_gpu_virgl_enabled(g->parent_obj.conf)) { 1284 error_setg(errp, "blobs and virgl are not compatible (yet)"); 1285 return; 1286 } 1287 } 1288 1289 if (!virtio_gpu_base_device_realize(qdev, 1290 virtio_gpu_handle_ctrl_cb, 1291 virtio_gpu_handle_cursor_cb, 1292 errp)) { 1293 return; 1294 } 1295 1296 g->ctrl_vq = virtio_get_queue(vdev, 0); 1297 g->cursor_vq = virtio_get_queue(vdev, 1); 1298 g->ctrl_bh = qemu_bh_new(virtio_gpu_ctrl_bh, g); 1299 g->cursor_bh = qemu_bh_new(virtio_gpu_cursor_bh, g); 1300 QTAILQ_INIT(&g->reslist); 1301 QTAILQ_INIT(&g->cmdq); 1302 QTAILQ_INIT(&g->fenceq); 1303 } 1304 1305 void virtio_gpu_reset(VirtIODevice *vdev) 1306 { 1307 VirtIOGPU *g = VIRTIO_GPU(vdev); 1308 struct virtio_gpu_simple_resource *res, *tmp; 1309 struct virtio_gpu_ctrl_command *cmd; 1310 1311 QTAILQ_FOREACH_SAFE(res, &g->reslist, next, tmp) { 1312 virtio_gpu_resource_destroy(g, res); 1313 } 1314 1315 while (!QTAILQ_EMPTY(&g->cmdq)) { 1316 cmd = QTAILQ_FIRST(&g->cmdq); 1317 QTAILQ_REMOVE(&g->cmdq, cmd, next); 1318 g_free(cmd); 1319 } 1320 1321 while (!QTAILQ_EMPTY(&g->fenceq)) { 1322 cmd = QTAILQ_FIRST(&g->fenceq); 1323 QTAILQ_REMOVE(&g->fenceq, cmd, next); 1324 g->inflight--; 1325 g_free(cmd); 1326 } 1327 1328 virtio_gpu_base_reset(VIRTIO_GPU_BASE(vdev)); 1329 } 1330 1331 static void 1332 virtio_gpu_get_config(VirtIODevice *vdev, uint8_t *config) 1333 { 1334 VirtIOGPUBase *g = VIRTIO_GPU_BASE(vdev); 1335 1336 memcpy(config, &g->virtio_config, sizeof(g->virtio_config)); 1337 } 1338 1339 static void 1340 virtio_gpu_set_config(VirtIODevice *vdev, const uint8_t *config) 1341 { 1342 VirtIOGPUBase *g = VIRTIO_GPU_BASE(vdev); 1343 const struct virtio_gpu_config *vgconfig = 1344 (const struct virtio_gpu_config *)config; 1345 1346 if (vgconfig->events_clear) { 1347 g->virtio_config.events_read &= ~vgconfig->events_clear; 1348 } 1349 } 1350 1351 /* 1352 * For historical reasons virtio_gpu does not adhere to virtio migration 1353 * scheme as described in doc/virtio-migration.txt, in a sense that no 1354 * save/load callback are provided to the core. Instead the device data 1355 * is saved/loaded after the core data. 1356 * 1357 * Because of this we need a special vmsd. 1358 */ 1359 static const VMStateDescription vmstate_virtio_gpu = { 1360 .name = "virtio-gpu", 1361 .minimum_version_id = VIRTIO_GPU_VM_VERSION, 1362 .version_id = VIRTIO_GPU_VM_VERSION, 1363 .fields = (VMStateField[]) { 1364 VMSTATE_VIRTIO_DEVICE /* core */, 1365 { 1366 .name = "virtio-gpu", 1367 .info = &(const VMStateInfo) { 1368 .name = "virtio-gpu", 1369 .get = virtio_gpu_load, 1370 .put = virtio_gpu_save, 1371 }, 1372 .flags = VMS_SINGLE, 1373 } /* device */, 1374 VMSTATE_END_OF_LIST() 1375 }, 1376 }; 1377 1378 static Property virtio_gpu_properties[] = { 1379 VIRTIO_GPU_BASE_PROPERTIES(VirtIOGPU, parent_obj.conf), 1380 DEFINE_PROP_SIZE("max_hostmem", VirtIOGPU, conf_max_hostmem, 1381 256 * MiB), 1382 DEFINE_PROP_BIT("blob", VirtIOGPU, parent_obj.conf.flags, 1383 VIRTIO_GPU_FLAG_BLOB_ENABLED, false), 1384 DEFINE_PROP_END_OF_LIST(), 1385 }; 1386 1387 static void virtio_gpu_class_init(ObjectClass *klass, void *data) 1388 { 1389 DeviceClass *dc = DEVICE_CLASS(klass); 1390 VirtioDeviceClass *vdc = VIRTIO_DEVICE_CLASS(klass); 1391 VirtIOGPUClass *vgc = VIRTIO_GPU_CLASS(klass); 1392 1393 vgc->handle_ctrl = virtio_gpu_handle_ctrl; 1394 vgc->process_cmd = virtio_gpu_simple_process_cmd; 1395 vgc->update_cursor_data = virtio_gpu_update_cursor_data; 1396 1397 vdc->realize = virtio_gpu_device_realize; 1398 vdc->reset = virtio_gpu_reset; 1399 vdc->get_config = virtio_gpu_get_config; 1400 vdc->set_config = virtio_gpu_set_config; 1401 1402 dc->vmsd = &vmstate_virtio_gpu; 1403 device_class_set_props(dc, virtio_gpu_properties); 1404 } 1405 1406 static const TypeInfo virtio_gpu_info = { 1407 .name = TYPE_VIRTIO_GPU, 1408 .parent = TYPE_VIRTIO_GPU_BASE, 1409 .instance_size = sizeof(VirtIOGPU), 1410 .class_size = sizeof(VirtIOGPUClass), 1411 .class_init = virtio_gpu_class_init, 1412 }; 1413 1414 static void virtio_register_types(void) 1415 { 1416 type_register_static(&virtio_gpu_info); 1417 } 1418 1419 type_init(virtio_register_types) 1420