1 /* 2 * Virtio GPU Device 3 * 4 * Copyright Red Hat, Inc. 2013-2014 5 * 6 * Authors: 7 * Dave Airlie <airlied@redhat.com> 8 * Gerd Hoffmann <kraxel@redhat.com> 9 * 10 * This work is licensed under the terms of the GNU GPL, version 2 or later. 11 * See the COPYING file in the top-level directory. 12 */ 13 14 #include "qemu/osdep.h" 15 #include "qemu/units.h" 16 #include "qemu/iov.h" 17 #include "ui/console.h" 18 #include "trace.h" 19 #include "sysemu/dma.h" 20 #include "sysemu/sysemu.h" 21 #include "hw/virtio/virtio.h" 22 #include "migration/qemu-file-types.h" 23 #include "hw/virtio/virtio-gpu.h" 24 #include "hw/virtio/virtio-gpu-bswap.h" 25 #include "hw/virtio/virtio-gpu-pixman.h" 26 #include "hw/virtio/virtio-bus.h" 27 #include "hw/display/edid.h" 28 #include "hw/qdev-properties.h" 29 #include "qemu/log.h" 30 #include "qemu/module.h" 31 #include "qapi/error.h" 32 #include "qemu/error-report.h" 33 34 #define VIRTIO_GPU_VM_VERSION 1 35 36 static struct virtio_gpu_simple_resource* 37 virtio_gpu_find_resource(VirtIOGPU *g, uint32_t resource_id); 38 static struct virtio_gpu_simple_resource * 39 virtio_gpu_find_check_resource(VirtIOGPU *g, uint32_t resource_id, 40 bool require_backing, 41 const char *caller, uint32_t *error); 42 43 static void virtio_gpu_cleanup_mapping(VirtIOGPU *g, 44 struct virtio_gpu_simple_resource *res); 45 46 void virtio_gpu_update_cursor_data(VirtIOGPU *g, 47 struct virtio_gpu_scanout *s, 48 uint32_t resource_id) 49 { 50 struct virtio_gpu_simple_resource *res; 51 uint32_t pixels; 52 void *data; 53 54 res = virtio_gpu_find_check_resource(g, resource_id, false, 55 __func__, NULL); 56 if (!res) { 57 return; 58 } 59 60 if (res->blob_size) { 61 if (res->blob_size < (s->current_cursor->width * 62 s->current_cursor->height * 4)) { 63 return; 64 } 65 data = res->blob; 66 } else { 67 if (pixman_image_get_width(res->image) != s->current_cursor->width || 68 pixman_image_get_height(res->image) != s->current_cursor->height) { 69 return; 70 } 71 data = pixman_image_get_data(res->image); 72 } 73 74 pixels = s->current_cursor->width * s->current_cursor->height; 75 memcpy(s->current_cursor->data, data, 76 pixels * sizeof(uint32_t)); 77 } 78 79 static void update_cursor(VirtIOGPU *g, struct virtio_gpu_update_cursor *cursor) 80 { 81 struct virtio_gpu_scanout *s; 82 VirtIOGPUClass *vgc = VIRTIO_GPU_GET_CLASS(g); 83 bool move = cursor->hdr.type == VIRTIO_GPU_CMD_MOVE_CURSOR; 84 85 if (cursor->pos.scanout_id >= g->parent_obj.conf.max_outputs) { 86 return; 87 } 88 s = &g->parent_obj.scanout[cursor->pos.scanout_id]; 89 90 trace_virtio_gpu_update_cursor(cursor->pos.scanout_id, 91 cursor->pos.x, 92 cursor->pos.y, 93 move ? "move" : "update", 94 cursor->resource_id); 95 96 if (!move) { 97 if (!s->current_cursor) { 98 s->current_cursor = cursor_alloc(64, 64); 99 } 100 101 s->current_cursor->hot_x = cursor->hot_x; 102 s->current_cursor->hot_y = cursor->hot_y; 103 104 if (cursor->resource_id > 0) { 105 vgc->update_cursor_data(g, s, cursor->resource_id); 106 } 107 dpy_cursor_define(s->con, s->current_cursor); 108 109 s->cursor = *cursor; 110 } else { 111 s->cursor.pos.x = cursor->pos.x; 112 s->cursor.pos.y = cursor->pos.y; 113 } 114 dpy_mouse_set(s->con, cursor->pos.x, cursor->pos.y, 115 cursor->resource_id ? 1 : 0); 116 } 117 118 static struct virtio_gpu_simple_resource * 119 virtio_gpu_find_resource(VirtIOGPU *g, uint32_t resource_id) 120 { 121 struct virtio_gpu_simple_resource *res; 122 123 QTAILQ_FOREACH(res, &g->reslist, next) { 124 if (res->resource_id == resource_id) { 125 return res; 126 } 127 } 128 return NULL; 129 } 130 131 static struct virtio_gpu_simple_resource * 132 virtio_gpu_find_check_resource(VirtIOGPU *g, uint32_t resource_id, 133 bool require_backing, 134 const char *caller, uint32_t *error) 135 { 136 struct virtio_gpu_simple_resource *res; 137 138 res = virtio_gpu_find_resource(g, resource_id); 139 if (!res) { 140 qemu_log_mask(LOG_GUEST_ERROR, "%s: invalid resource specified %d\n", 141 caller, resource_id); 142 if (error) { 143 *error = VIRTIO_GPU_RESP_ERR_INVALID_RESOURCE_ID; 144 } 145 return NULL; 146 } 147 148 if (require_backing) { 149 if (!res->iov || (!res->image && !res->blob)) { 150 qemu_log_mask(LOG_GUEST_ERROR, "%s: no backing storage %d\n", 151 caller, resource_id); 152 if (error) { 153 *error = VIRTIO_GPU_RESP_ERR_UNSPEC; 154 } 155 return NULL; 156 } 157 } 158 159 return res; 160 } 161 162 void virtio_gpu_ctrl_response(VirtIOGPU *g, 163 struct virtio_gpu_ctrl_command *cmd, 164 struct virtio_gpu_ctrl_hdr *resp, 165 size_t resp_len) 166 { 167 size_t s; 168 169 if (cmd->cmd_hdr.flags & VIRTIO_GPU_FLAG_FENCE) { 170 resp->flags |= VIRTIO_GPU_FLAG_FENCE; 171 resp->fence_id = cmd->cmd_hdr.fence_id; 172 resp->ctx_id = cmd->cmd_hdr.ctx_id; 173 } 174 virtio_gpu_ctrl_hdr_bswap(resp); 175 s = iov_from_buf(cmd->elem.in_sg, cmd->elem.in_num, 0, resp, resp_len); 176 if (s != resp_len) { 177 qemu_log_mask(LOG_GUEST_ERROR, 178 "%s: response size incorrect %zu vs %zu\n", 179 __func__, s, resp_len); 180 } 181 virtqueue_push(cmd->vq, &cmd->elem, s); 182 virtio_notify(VIRTIO_DEVICE(g), cmd->vq); 183 cmd->finished = true; 184 } 185 186 void virtio_gpu_ctrl_response_nodata(VirtIOGPU *g, 187 struct virtio_gpu_ctrl_command *cmd, 188 enum virtio_gpu_ctrl_type type) 189 { 190 struct virtio_gpu_ctrl_hdr resp; 191 192 memset(&resp, 0, sizeof(resp)); 193 resp.type = type; 194 virtio_gpu_ctrl_response(g, cmd, &resp, sizeof(resp)); 195 } 196 197 void virtio_gpu_get_display_info(VirtIOGPU *g, 198 struct virtio_gpu_ctrl_command *cmd) 199 { 200 struct virtio_gpu_resp_display_info display_info; 201 202 trace_virtio_gpu_cmd_get_display_info(); 203 memset(&display_info, 0, sizeof(display_info)); 204 display_info.hdr.type = VIRTIO_GPU_RESP_OK_DISPLAY_INFO; 205 virtio_gpu_base_fill_display_info(VIRTIO_GPU_BASE(g), &display_info); 206 virtio_gpu_ctrl_response(g, cmd, &display_info.hdr, 207 sizeof(display_info)); 208 } 209 210 static void 211 virtio_gpu_generate_edid(VirtIOGPU *g, int scanout, 212 struct virtio_gpu_resp_edid *edid) 213 { 214 VirtIOGPUBase *b = VIRTIO_GPU_BASE(g); 215 qemu_edid_info info = { 216 .width_mm = b->req_state[scanout].width_mm, 217 .height_mm = b->req_state[scanout].height_mm, 218 .prefx = b->req_state[scanout].width, 219 .prefy = b->req_state[scanout].height, 220 }; 221 222 edid->size = cpu_to_le32(sizeof(edid->edid)); 223 qemu_edid_generate(edid->edid, sizeof(edid->edid), &info); 224 } 225 226 void virtio_gpu_get_edid(VirtIOGPU *g, 227 struct virtio_gpu_ctrl_command *cmd) 228 { 229 struct virtio_gpu_resp_edid edid; 230 struct virtio_gpu_cmd_get_edid get_edid; 231 VirtIOGPUBase *b = VIRTIO_GPU_BASE(g); 232 233 VIRTIO_GPU_FILL_CMD(get_edid); 234 virtio_gpu_bswap_32(&get_edid, sizeof(get_edid)); 235 236 if (get_edid.scanout >= b->conf.max_outputs) { 237 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_PARAMETER; 238 return; 239 } 240 241 trace_virtio_gpu_cmd_get_edid(get_edid.scanout); 242 memset(&edid, 0, sizeof(edid)); 243 edid.hdr.type = VIRTIO_GPU_RESP_OK_EDID; 244 virtio_gpu_generate_edid(g, get_edid.scanout, &edid); 245 virtio_gpu_ctrl_response(g, cmd, &edid.hdr, sizeof(edid)); 246 } 247 248 static uint32_t calc_image_hostmem(pixman_format_code_t pformat, 249 uint32_t width, uint32_t height) 250 { 251 /* Copied from pixman/pixman-bits-image.c, skip integer overflow check. 252 * pixman_image_create_bits will fail in case it overflow. 253 */ 254 255 int bpp = PIXMAN_FORMAT_BPP(pformat); 256 int stride = ((width * bpp + 0x1f) >> 5) * sizeof(uint32_t); 257 return height * stride; 258 } 259 260 static void virtio_gpu_resource_create_2d(VirtIOGPU *g, 261 struct virtio_gpu_ctrl_command *cmd) 262 { 263 pixman_format_code_t pformat; 264 struct virtio_gpu_simple_resource *res; 265 struct virtio_gpu_resource_create_2d c2d; 266 267 VIRTIO_GPU_FILL_CMD(c2d); 268 virtio_gpu_bswap_32(&c2d, sizeof(c2d)); 269 trace_virtio_gpu_cmd_res_create_2d(c2d.resource_id, c2d.format, 270 c2d.width, c2d.height); 271 272 if (c2d.resource_id == 0) { 273 qemu_log_mask(LOG_GUEST_ERROR, "%s: resource id 0 is not allowed\n", 274 __func__); 275 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_RESOURCE_ID; 276 return; 277 } 278 279 res = virtio_gpu_find_resource(g, c2d.resource_id); 280 if (res) { 281 qemu_log_mask(LOG_GUEST_ERROR, "%s: resource already exists %d\n", 282 __func__, c2d.resource_id); 283 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_RESOURCE_ID; 284 return; 285 } 286 287 res = g_new0(struct virtio_gpu_simple_resource, 1); 288 289 res->width = c2d.width; 290 res->height = c2d.height; 291 res->format = c2d.format; 292 res->resource_id = c2d.resource_id; 293 294 pformat = virtio_gpu_get_pixman_format(c2d.format); 295 if (!pformat) { 296 qemu_log_mask(LOG_GUEST_ERROR, 297 "%s: host couldn't handle guest format %d\n", 298 __func__, c2d.format); 299 g_free(res); 300 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_PARAMETER; 301 return; 302 } 303 304 res->hostmem = calc_image_hostmem(pformat, c2d.width, c2d.height); 305 if (res->hostmem + g->hostmem < g->conf_max_hostmem) { 306 res->image = pixman_image_create_bits(pformat, 307 c2d.width, 308 c2d.height, 309 NULL, 0); 310 } 311 312 if (!res->image) { 313 qemu_log_mask(LOG_GUEST_ERROR, 314 "%s: resource creation failed %d %d %d\n", 315 __func__, c2d.resource_id, c2d.width, c2d.height); 316 g_free(res); 317 cmd->error = VIRTIO_GPU_RESP_ERR_OUT_OF_MEMORY; 318 return; 319 } 320 321 QTAILQ_INSERT_HEAD(&g->reslist, res, next); 322 g->hostmem += res->hostmem; 323 } 324 325 static void virtio_gpu_resource_create_blob(VirtIOGPU *g, 326 struct virtio_gpu_ctrl_command *cmd) 327 { 328 struct virtio_gpu_simple_resource *res; 329 struct virtio_gpu_resource_create_blob cblob; 330 int ret; 331 332 VIRTIO_GPU_FILL_CMD(cblob); 333 virtio_gpu_create_blob_bswap(&cblob); 334 trace_virtio_gpu_cmd_res_create_blob(cblob.resource_id, cblob.size); 335 336 if (cblob.resource_id == 0) { 337 qemu_log_mask(LOG_GUEST_ERROR, "%s: resource id 0 is not allowed\n", 338 __func__); 339 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_RESOURCE_ID; 340 return; 341 } 342 343 if (cblob.blob_mem != VIRTIO_GPU_BLOB_MEM_GUEST && 344 cblob.blob_flags != VIRTIO_GPU_BLOB_FLAG_USE_SHAREABLE) { 345 qemu_log_mask(LOG_GUEST_ERROR, "%s: invalid memory type\n", 346 __func__); 347 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_PARAMETER; 348 return; 349 } 350 351 if (virtio_gpu_find_resource(g, cblob.resource_id)) { 352 qemu_log_mask(LOG_GUEST_ERROR, "%s: resource already exists %d\n", 353 __func__, cblob.resource_id); 354 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_RESOURCE_ID; 355 return; 356 } 357 358 res = g_new0(struct virtio_gpu_simple_resource, 1); 359 res->resource_id = cblob.resource_id; 360 res->blob_size = cblob.size; 361 362 ret = virtio_gpu_create_mapping_iov(g, cblob.nr_entries, sizeof(cblob), 363 cmd, &res->addrs, &res->iov, 364 &res->iov_cnt); 365 if (ret != 0) { 366 cmd->error = VIRTIO_GPU_RESP_ERR_UNSPEC; 367 g_free(res); 368 return; 369 } 370 371 virtio_gpu_init_udmabuf(res); 372 QTAILQ_INSERT_HEAD(&g->reslist, res, next); 373 } 374 375 static void virtio_gpu_disable_scanout(VirtIOGPU *g, int scanout_id) 376 { 377 struct virtio_gpu_scanout *scanout = &g->parent_obj.scanout[scanout_id]; 378 struct virtio_gpu_simple_resource *res; 379 380 if (scanout->resource_id == 0) { 381 return; 382 } 383 384 res = virtio_gpu_find_resource(g, scanout->resource_id); 385 if (res) { 386 res->scanout_bitmask &= ~(1 << scanout_id); 387 } 388 389 dpy_gfx_replace_surface(scanout->con, NULL); 390 scanout->resource_id = 0; 391 scanout->ds = NULL; 392 scanout->width = 0; 393 scanout->height = 0; 394 } 395 396 static void virtio_gpu_resource_destroy(VirtIOGPU *g, 397 struct virtio_gpu_simple_resource *res) 398 { 399 int i; 400 401 if (res->scanout_bitmask) { 402 for (i = 0; i < g->parent_obj.conf.max_outputs; i++) { 403 if (res->scanout_bitmask & (1 << i)) { 404 virtio_gpu_disable_scanout(g, i); 405 } 406 } 407 } 408 409 qemu_pixman_image_unref(res->image); 410 virtio_gpu_cleanup_mapping(g, res); 411 QTAILQ_REMOVE(&g->reslist, res, next); 412 g->hostmem -= res->hostmem; 413 g_free(res); 414 } 415 416 static void virtio_gpu_resource_unref(VirtIOGPU *g, 417 struct virtio_gpu_ctrl_command *cmd) 418 { 419 struct virtio_gpu_simple_resource *res; 420 struct virtio_gpu_resource_unref unref; 421 422 VIRTIO_GPU_FILL_CMD(unref); 423 virtio_gpu_bswap_32(&unref, sizeof(unref)); 424 trace_virtio_gpu_cmd_res_unref(unref.resource_id); 425 426 res = virtio_gpu_find_resource(g, unref.resource_id); 427 if (!res) { 428 qemu_log_mask(LOG_GUEST_ERROR, "%s: illegal resource specified %d\n", 429 __func__, unref.resource_id); 430 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_RESOURCE_ID; 431 return; 432 } 433 virtio_gpu_resource_destroy(g, res); 434 } 435 436 static void virtio_gpu_transfer_to_host_2d(VirtIOGPU *g, 437 struct virtio_gpu_ctrl_command *cmd) 438 { 439 struct virtio_gpu_simple_resource *res; 440 int h; 441 uint32_t src_offset, dst_offset, stride; 442 int bpp; 443 pixman_format_code_t format; 444 struct virtio_gpu_transfer_to_host_2d t2d; 445 446 VIRTIO_GPU_FILL_CMD(t2d); 447 virtio_gpu_t2d_bswap(&t2d); 448 trace_virtio_gpu_cmd_res_xfer_toh_2d(t2d.resource_id); 449 450 res = virtio_gpu_find_check_resource(g, t2d.resource_id, true, 451 __func__, &cmd->error); 452 if (!res || res->blob) { 453 return; 454 } 455 456 if (t2d.r.x > res->width || 457 t2d.r.y > res->height || 458 t2d.r.width > res->width || 459 t2d.r.height > res->height || 460 t2d.r.x + t2d.r.width > res->width || 461 t2d.r.y + t2d.r.height > res->height) { 462 qemu_log_mask(LOG_GUEST_ERROR, "%s: transfer bounds outside resource" 463 " bounds for resource %d: %d %d %d %d vs %d %d\n", 464 __func__, t2d.resource_id, t2d.r.x, t2d.r.y, 465 t2d.r.width, t2d.r.height, res->width, res->height); 466 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_PARAMETER; 467 return; 468 } 469 470 format = pixman_image_get_format(res->image); 471 bpp = DIV_ROUND_UP(PIXMAN_FORMAT_BPP(format), 8); 472 stride = pixman_image_get_stride(res->image); 473 474 if (t2d.offset || t2d.r.x || t2d.r.y || 475 t2d.r.width != pixman_image_get_width(res->image)) { 476 void *img_data = pixman_image_get_data(res->image); 477 for (h = 0; h < t2d.r.height; h++) { 478 src_offset = t2d.offset + stride * h; 479 dst_offset = (t2d.r.y + h) * stride + (t2d.r.x * bpp); 480 481 iov_to_buf(res->iov, res->iov_cnt, src_offset, 482 (uint8_t *)img_data 483 + dst_offset, t2d.r.width * bpp); 484 } 485 } else { 486 iov_to_buf(res->iov, res->iov_cnt, 0, 487 pixman_image_get_data(res->image), 488 pixman_image_get_stride(res->image) 489 * pixman_image_get_height(res->image)); 490 } 491 } 492 493 static void virtio_gpu_resource_flush(VirtIOGPU *g, 494 struct virtio_gpu_ctrl_command *cmd) 495 { 496 struct virtio_gpu_simple_resource *res; 497 struct virtio_gpu_resource_flush rf; 498 struct virtio_gpu_scanout *scanout; 499 pixman_region16_t flush_region; 500 int i; 501 502 VIRTIO_GPU_FILL_CMD(rf); 503 virtio_gpu_bswap_32(&rf, sizeof(rf)); 504 trace_virtio_gpu_cmd_res_flush(rf.resource_id, 505 rf.r.width, rf.r.height, rf.r.x, rf.r.y); 506 507 res = virtio_gpu_find_check_resource(g, rf.resource_id, false, 508 __func__, &cmd->error); 509 if (!res) { 510 return; 511 } 512 513 if (res->blob) { 514 for (i = 0; i < g->parent_obj.conf.max_outputs; i++) { 515 scanout = &g->parent_obj.scanout[i]; 516 if (scanout->resource_id == res->resource_id && 517 rf.r.x >= scanout->x && rf.r.y >= scanout->y && 518 rf.r.x + rf.r.width <= scanout->x + scanout->width && 519 rf.r.y + rf.r.height <= scanout->y + scanout->height && 520 console_has_gl(scanout->con)) { 521 dpy_gl_update(scanout->con, 0, 0, scanout->width, 522 scanout->height); 523 } 524 } 525 return; 526 } 527 528 if (!res->blob && 529 (rf.r.x > res->width || 530 rf.r.y > res->height || 531 rf.r.width > res->width || 532 rf.r.height > res->height || 533 rf.r.x + rf.r.width > res->width || 534 rf.r.y + rf.r.height > res->height)) { 535 qemu_log_mask(LOG_GUEST_ERROR, "%s: flush bounds outside resource" 536 " bounds for resource %d: %d %d %d %d vs %d %d\n", 537 __func__, rf.resource_id, rf.r.x, rf.r.y, 538 rf.r.width, rf.r.height, res->width, res->height); 539 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_PARAMETER; 540 return; 541 } 542 543 pixman_region_init_rect(&flush_region, 544 rf.r.x, rf.r.y, rf.r.width, rf.r.height); 545 for (i = 0; i < g->parent_obj.conf.max_outputs; i++) { 546 pixman_region16_t region, finalregion; 547 pixman_box16_t *extents; 548 549 if (!(res->scanout_bitmask & (1 << i))) { 550 continue; 551 } 552 scanout = &g->parent_obj.scanout[i]; 553 554 pixman_region_init(&finalregion); 555 pixman_region_init_rect(®ion, scanout->x, scanout->y, 556 scanout->width, scanout->height); 557 558 pixman_region_intersect(&finalregion, &flush_region, ®ion); 559 pixman_region_translate(&finalregion, -scanout->x, -scanout->y); 560 extents = pixman_region_extents(&finalregion); 561 /* work out the area we need to update for each console */ 562 dpy_gfx_update(g->parent_obj.scanout[i].con, 563 extents->x1, extents->y1, 564 extents->x2 - extents->x1, 565 extents->y2 - extents->y1); 566 567 pixman_region_fini(®ion); 568 pixman_region_fini(&finalregion); 569 } 570 pixman_region_fini(&flush_region); 571 } 572 573 static void virtio_unref_resource(pixman_image_t *image, void *data) 574 { 575 pixman_image_unref(data); 576 } 577 578 static void virtio_gpu_update_scanout(VirtIOGPU *g, 579 uint32_t scanout_id, 580 struct virtio_gpu_simple_resource *res, 581 struct virtio_gpu_rect *r) 582 { 583 struct virtio_gpu_simple_resource *ores; 584 struct virtio_gpu_scanout *scanout; 585 586 scanout = &g->parent_obj.scanout[scanout_id]; 587 ores = virtio_gpu_find_resource(g, scanout->resource_id); 588 if (ores) { 589 ores->scanout_bitmask &= ~(1 << scanout_id); 590 } 591 592 res->scanout_bitmask |= (1 << scanout_id); 593 scanout->resource_id = res->resource_id; 594 scanout->x = r->x; 595 scanout->y = r->y; 596 scanout->width = r->width; 597 scanout->height = r->height; 598 } 599 600 static void virtio_gpu_do_set_scanout(VirtIOGPU *g, 601 uint32_t scanout_id, 602 struct virtio_gpu_framebuffer *fb, 603 struct virtio_gpu_simple_resource *res, 604 struct virtio_gpu_rect *r, 605 uint32_t *error) 606 { 607 struct virtio_gpu_scanout *scanout; 608 uint8_t *data; 609 610 scanout = &g->parent_obj.scanout[scanout_id]; 611 612 if (r->x > fb->width || 613 r->y > fb->height || 614 r->width < 16 || 615 r->height < 16 || 616 r->width > fb->width || 617 r->height > fb->height || 618 r->x + r->width > fb->width || 619 r->y + r->height > fb->height) { 620 qemu_log_mask(LOG_GUEST_ERROR, "%s: illegal scanout %d bounds for" 621 " resource %d, rect (%d,%d)+%d,%d, fb %d %d\n", 622 __func__, scanout_id, res->resource_id, 623 r->x, r->y, r->width, r->height, 624 fb->width, fb->height); 625 *error = VIRTIO_GPU_RESP_ERR_INVALID_PARAMETER; 626 return; 627 } 628 629 g->parent_obj.enable = 1; 630 631 if (res->blob) { 632 if (console_has_gl(scanout->con)) { 633 if (!virtio_gpu_update_dmabuf(g, scanout_id, res, fb, r)) { 634 virtio_gpu_update_scanout(g, scanout_id, res, r); 635 return; 636 } 637 } 638 639 data = res->blob; 640 } else { 641 data = (uint8_t *)pixman_image_get_data(res->image); 642 } 643 644 /* create a surface for this scanout */ 645 if ((res->blob && !console_has_gl(scanout->con)) || 646 !scanout->ds || 647 surface_data(scanout->ds) != data + fb->offset || 648 scanout->width != r->width || 649 scanout->height != r->height) { 650 pixman_image_t *rect; 651 void *ptr = data + fb->offset; 652 rect = pixman_image_create_bits(fb->format, r->width, r->height, 653 ptr, fb->stride); 654 655 if (res->image) { 656 pixman_image_ref(res->image); 657 pixman_image_set_destroy_function(rect, virtio_unref_resource, 658 res->image); 659 } 660 661 /* realloc the surface ptr */ 662 scanout->ds = qemu_create_displaysurface_pixman(rect); 663 if (!scanout->ds) { 664 *error = VIRTIO_GPU_RESP_ERR_UNSPEC; 665 return; 666 } 667 668 pixman_image_unref(rect); 669 dpy_gfx_replace_surface(g->parent_obj.scanout[scanout_id].con, 670 scanout->ds); 671 } 672 673 virtio_gpu_update_scanout(g, scanout_id, res, r); 674 } 675 676 static void virtio_gpu_set_scanout(VirtIOGPU *g, 677 struct virtio_gpu_ctrl_command *cmd) 678 { 679 struct virtio_gpu_simple_resource *res; 680 struct virtio_gpu_framebuffer fb = { 0 }; 681 struct virtio_gpu_set_scanout ss; 682 683 VIRTIO_GPU_FILL_CMD(ss); 684 virtio_gpu_bswap_32(&ss, sizeof(ss)); 685 trace_virtio_gpu_cmd_set_scanout(ss.scanout_id, ss.resource_id, 686 ss.r.width, ss.r.height, ss.r.x, ss.r.y); 687 688 if (ss.scanout_id >= g->parent_obj.conf.max_outputs) { 689 qemu_log_mask(LOG_GUEST_ERROR, "%s: illegal scanout id specified %d", 690 __func__, ss.scanout_id); 691 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_SCANOUT_ID; 692 return; 693 } 694 695 if (ss.resource_id == 0) { 696 virtio_gpu_disable_scanout(g, ss.scanout_id); 697 return; 698 } 699 700 res = virtio_gpu_find_check_resource(g, ss.resource_id, true, 701 __func__, &cmd->error); 702 if (!res) { 703 return; 704 } 705 706 fb.format = pixman_image_get_format(res->image); 707 fb.bytes_pp = DIV_ROUND_UP(PIXMAN_FORMAT_BPP(fb.format), 8); 708 fb.width = pixman_image_get_width(res->image); 709 fb.height = pixman_image_get_height(res->image); 710 fb.stride = pixman_image_get_stride(res->image); 711 fb.offset = ss.r.x * fb.bytes_pp + ss.r.y * fb.stride; 712 713 virtio_gpu_do_set_scanout(g, ss.scanout_id, 714 &fb, res, &ss.r, &cmd->error); 715 } 716 717 static void virtio_gpu_set_scanout_blob(VirtIOGPU *g, 718 struct virtio_gpu_ctrl_command *cmd) 719 { 720 struct virtio_gpu_simple_resource *res; 721 struct virtio_gpu_framebuffer fb = { 0 }; 722 struct virtio_gpu_set_scanout_blob ss; 723 uint64_t fbend; 724 725 VIRTIO_GPU_FILL_CMD(ss); 726 virtio_gpu_scanout_blob_bswap(&ss); 727 trace_virtio_gpu_cmd_set_scanout_blob(ss.scanout_id, ss.resource_id, 728 ss.r.width, ss.r.height, ss.r.x, 729 ss.r.y); 730 731 if (ss.scanout_id >= g->parent_obj.conf.max_outputs) { 732 qemu_log_mask(LOG_GUEST_ERROR, "%s: illegal scanout id specified %d", 733 __func__, ss.scanout_id); 734 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_SCANOUT_ID; 735 return; 736 } 737 738 if (ss.resource_id == 0) { 739 virtio_gpu_disable_scanout(g, ss.scanout_id); 740 return; 741 } 742 743 res = virtio_gpu_find_check_resource(g, ss.resource_id, true, 744 __func__, &cmd->error); 745 if (!res) { 746 return; 747 } 748 749 fb.format = virtio_gpu_get_pixman_format(ss.format); 750 if (!fb.format) { 751 qemu_log_mask(LOG_GUEST_ERROR, 752 "%s: host couldn't handle guest format %d\n", 753 __func__, ss.format); 754 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_PARAMETER; 755 return; 756 } 757 758 fb.bytes_pp = DIV_ROUND_UP(PIXMAN_FORMAT_BPP(fb.format), 8); 759 fb.width = ss.width; 760 fb.height = ss.height; 761 fb.stride = ss.strides[0]; 762 fb.offset = ss.offsets[0] + ss.r.x * fb.bytes_pp + ss.r.y * fb.stride; 763 764 fbend = fb.offset; 765 fbend += fb.stride * (ss.r.height - 1); 766 fbend += fb.bytes_pp * ss.r.width; 767 if (fbend > res->blob_size) { 768 qemu_log_mask(LOG_GUEST_ERROR, 769 "%s: fb end out of range\n", 770 __func__); 771 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_PARAMETER; 772 return; 773 } 774 775 virtio_gpu_do_set_scanout(g, ss.scanout_id, 776 &fb, res, &ss.r, &cmd->error); 777 } 778 779 int virtio_gpu_create_mapping_iov(VirtIOGPU *g, 780 uint32_t nr_entries, uint32_t offset, 781 struct virtio_gpu_ctrl_command *cmd, 782 uint64_t **addr, struct iovec **iov, 783 uint32_t *niov) 784 { 785 struct virtio_gpu_mem_entry *ents; 786 size_t esize, s; 787 int e, v; 788 789 if (nr_entries > 16384) { 790 qemu_log_mask(LOG_GUEST_ERROR, 791 "%s: nr_entries is too big (%d > 16384)\n", 792 __func__, nr_entries); 793 return -1; 794 } 795 796 esize = sizeof(*ents) * nr_entries; 797 ents = g_malloc(esize); 798 s = iov_to_buf(cmd->elem.out_sg, cmd->elem.out_num, 799 offset, ents, esize); 800 if (s != esize) { 801 qemu_log_mask(LOG_GUEST_ERROR, 802 "%s: command data size incorrect %zu vs %zu\n", 803 __func__, s, esize); 804 g_free(ents); 805 return -1; 806 } 807 808 *iov = NULL; 809 if (addr) { 810 *addr = NULL; 811 } 812 for (e = 0, v = 0; e < nr_entries; e++) { 813 uint64_t a = le64_to_cpu(ents[e].addr); 814 uint32_t l = le32_to_cpu(ents[e].length); 815 hwaddr len; 816 void *map; 817 818 do { 819 len = l; 820 map = dma_memory_map(VIRTIO_DEVICE(g)->dma_as, a, &len, 821 DMA_DIRECTION_TO_DEVICE, 822 MEMTXATTRS_UNSPECIFIED); 823 if (!map) { 824 qemu_log_mask(LOG_GUEST_ERROR, "%s: failed to map MMIO memory for" 825 " element %d\n", __func__, e); 826 virtio_gpu_cleanup_mapping_iov(g, *iov, v); 827 g_free(ents); 828 *iov = NULL; 829 if (addr) { 830 g_free(*addr); 831 *addr = NULL; 832 } 833 return -1; 834 } 835 836 if (!(v % 16)) { 837 *iov = g_renew(struct iovec, *iov, v + 16); 838 if (addr) { 839 *addr = g_renew(uint64_t, *addr, v + 16); 840 } 841 } 842 (*iov)[v].iov_base = map; 843 (*iov)[v].iov_len = len; 844 if (addr) { 845 (*addr)[v] = a; 846 } 847 848 a += len; 849 l -= len; 850 v += 1; 851 } while (l > 0); 852 } 853 *niov = v; 854 855 g_free(ents); 856 return 0; 857 } 858 859 void virtio_gpu_cleanup_mapping_iov(VirtIOGPU *g, 860 struct iovec *iov, uint32_t count) 861 { 862 int i; 863 864 for (i = 0; i < count; i++) { 865 dma_memory_unmap(VIRTIO_DEVICE(g)->dma_as, 866 iov[i].iov_base, iov[i].iov_len, 867 DMA_DIRECTION_TO_DEVICE, 868 iov[i].iov_len); 869 } 870 g_free(iov); 871 } 872 873 static void virtio_gpu_cleanup_mapping(VirtIOGPU *g, 874 struct virtio_gpu_simple_resource *res) 875 { 876 virtio_gpu_cleanup_mapping_iov(g, res->iov, res->iov_cnt); 877 res->iov = NULL; 878 res->iov_cnt = 0; 879 g_free(res->addrs); 880 res->addrs = NULL; 881 882 if (res->blob) { 883 virtio_gpu_fini_udmabuf(res); 884 } 885 } 886 887 static void 888 virtio_gpu_resource_attach_backing(VirtIOGPU *g, 889 struct virtio_gpu_ctrl_command *cmd) 890 { 891 struct virtio_gpu_simple_resource *res; 892 struct virtio_gpu_resource_attach_backing ab; 893 int ret; 894 895 VIRTIO_GPU_FILL_CMD(ab); 896 virtio_gpu_bswap_32(&ab, sizeof(ab)); 897 trace_virtio_gpu_cmd_res_back_attach(ab.resource_id); 898 899 res = virtio_gpu_find_resource(g, ab.resource_id); 900 if (!res) { 901 qemu_log_mask(LOG_GUEST_ERROR, "%s: illegal resource specified %d\n", 902 __func__, ab.resource_id); 903 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_RESOURCE_ID; 904 return; 905 } 906 907 if (res->iov) { 908 cmd->error = VIRTIO_GPU_RESP_ERR_UNSPEC; 909 return; 910 } 911 912 ret = virtio_gpu_create_mapping_iov(g, ab.nr_entries, sizeof(ab), cmd, 913 &res->addrs, &res->iov, &res->iov_cnt); 914 if (ret != 0) { 915 cmd->error = VIRTIO_GPU_RESP_ERR_UNSPEC; 916 return; 917 } 918 } 919 920 static void 921 virtio_gpu_resource_detach_backing(VirtIOGPU *g, 922 struct virtio_gpu_ctrl_command *cmd) 923 { 924 struct virtio_gpu_simple_resource *res; 925 struct virtio_gpu_resource_detach_backing detach; 926 927 VIRTIO_GPU_FILL_CMD(detach); 928 virtio_gpu_bswap_32(&detach, sizeof(detach)); 929 trace_virtio_gpu_cmd_res_back_detach(detach.resource_id); 930 931 res = virtio_gpu_find_check_resource(g, detach.resource_id, true, 932 __func__, &cmd->error); 933 if (!res) { 934 return; 935 } 936 virtio_gpu_cleanup_mapping(g, res); 937 } 938 939 void virtio_gpu_simple_process_cmd(VirtIOGPU *g, 940 struct virtio_gpu_ctrl_command *cmd) 941 { 942 VIRTIO_GPU_FILL_CMD(cmd->cmd_hdr); 943 virtio_gpu_ctrl_hdr_bswap(&cmd->cmd_hdr); 944 945 switch (cmd->cmd_hdr.type) { 946 case VIRTIO_GPU_CMD_GET_DISPLAY_INFO: 947 virtio_gpu_get_display_info(g, cmd); 948 break; 949 case VIRTIO_GPU_CMD_GET_EDID: 950 virtio_gpu_get_edid(g, cmd); 951 break; 952 case VIRTIO_GPU_CMD_RESOURCE_CREATE_2D: 953 virtio_gpu_resource_create_2d(g, cmd); 954 break; 955 case VIRTIO_GPU_CMD_RESOURCE_CREATE_BLOB: 956 if (!virtio_gpu_blob_enabled(g->parent_obj.conf)) { 957 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_PARAMETER; 958 break; 959 } 960 virtio_gpu_resource_create_blob(g, cmd); 961 break; 962 case VIRTIO_GPU_CMD_RESOURCE_UNREF: 963 virtio_gpu_resource_unref(g, cmd); 964 break; 965 case VIRTIO_GPU_CMD_RESOURCE_FLUSH: 966 virtio_gpu_resource_flush(g, cmd); 967 break; 968 case VIRTIO_GPU_CMD_TRANSFER_TO_HOST_2D: 969 virtio_gpu_transfer_to_host_2d(g, cmd); 970 break; 971 case VIRTIO_GPU_CMD_SET_SCANOUT: 972 virtio_gpu_set_scanout(g, cmd); 973 break; 974 case VIRTIO_GPU_CMD_SET_SCANOUT_BLOB: 975 if (!virtio_gpu_blob_enabled(g->parent_obj.conf)) { 976 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_PARAMETER; 977 break; 978 } 979 virtio_gpu_set_scanout_blob(g, cmd); 980 break; 981 case VIRTIO_GPU_CMD_RESOURCE_ATTACH_BACKING: 982 virtio_gpu_resource_attach_backing(g, cmd); 983 break; 984 case VIRTIO_GPU_CMD_RESOURCE_DETACH_BACKING: 985 virtio_gpu_resource_detach_backing(g, cmd); 986 break; 987 default: 988 cmd->error = VIRTIO_GPU_RESP_ERR_UNSPEC; 989 break; 990 } 991 if (!cmd->finished) { 992 if (!g->parent_obj.renderer_blocked) { 993 virtio_gpu_ctrl_response_nodata(g, cmd, cmd->error ? cmd->error : 994 VIRTIO_GPU_RESP_OK_NODATA); 995 } 996 } 997 } 998 999 static void virtio_gpu_handle_ctrl_cb(VirtIODevice *vdev, VirtQueue *vq) 1000 { 1001 VirtIOGPU *g = VIRTIO_GPU(vdev); 1002 qemu_bh_schedule(g->ctrl_bh); 1003 } 1004 1005 static void virtio_gpu_handle_cursor_cb(VirtIODevice *vdev, VirtQueue *vq) 1006 { 1007 VirtIOGPU *g = VIRTIO_GPU(vdev); 1008 qemu_bh_schedule(g->cursor_bh); 1009 } 1010 1011 void virtio_gpu_process_cmdq(VirtIOGPU *g) 1012 { 1013 struct virtio_gpu_ctrl_command *cmd; 1014 VirtIOGPUClass *vgc = VIRTIO_GPU_GET_CLASS(g); 1015 1016 if (g->processing_cmdq) { 1017 return; 1018 } 1019 g->processing_cmdq = true; 1020 while (!QTAILQ_EMPTY(&g->cmdq)) { 1021 cmd = QTAILQ_FIRST(&g->cmdq); 1022 1023 if (g->parent_obj.renderer_blocked) { 1024 break; 1025 } 1026 1027 /* process command */ 1028 vgc->process_cmd(g, cmd); 1029 1030 QTAILQ_REMOVE(&g->cmdq, cmd, next); 1031 if (virtio_gpu_stats_enabled(g->parent_obj.conf)) { 1032 g->stats.requests++; 1033 } 1034 1035 if (!cmd->finished) { 1036 QTAILQ_INSERT_TAIL(&g->fenceq, cmd, next); 1037 g->inflight++; 1038 if (virtio_gpu_stats_enabled(g->parent_obj.conf)) { 1039 if (g->stats.max_inflight < g->inflight) { 1040 g->stats.max_inflight = g->inflight; 1041 } 1042 fprintf(stderr, "inflight: %3d (+)\r", g->inflight); 1043 } 1044 } else { 1045 g_free(cmd); 1046 } 1047 } 1048 g->processing_cmdq = false; 1049 } 1050 1051 static void virtio_gpu_process_fenceq(VirtIOGPU *g) 1052 { 1053 struct virtio_gpu_ctrl_command *cmd, *tmp; 1054 1055 QTAILQ_FOREACH_SAFE(cmd, &g->fenceq, next, tmp) { 1056 trace_virtio_gpu_fence_resp(cmd->cmd_hdr.fence_id); 1057 virtio_gpu_ctrl_response_nodata(g, cmd, VIRTIO_GPU_RESP_OK_NODATA); 1058 QTAILQ_REMOVE(&g->fenceq, cmd, next); 1059 g_free(cmd); 1060 g->inflight--; 1061 if (virtio_gpu_stats_enabled(g->parent_obj.conf)) { 1062 fprintf(stderr, "inflight: %3d (-)\r", g->inflight); 1063 } 1064 } 1065 } 1066 1067 static void virtio_gpu_handle_gl_flushed(VirtIOGPUBase *b) 1068 { 1069 VirtIOGPU *g = container_of(b, VirtIOGPU, parent_obj); 1070 1071 virtio_gpu_process_fenceq(g); 1072 virtio_gpu_process_cmdq(g); 1073 } 1074 1075 static void virtio_gpu_handle_ctrl(VirtIODevice *vdev, VirtQueue *vq) 1076 { 1077 VirtIOGPU *g = VIRTIO_GPU(vdev); 1078 struct virtio_gpu_ctrl_command *cmd; 1079 1080 if (!virtio_queue_ready(vq)) { 1081 return; 1082 } 1083 1084 cmd = virtqueue_pop(vq, sizeof(struct virtio_gpu_ctrl_command)); 1085 while (cmd) { 1086 cmd->vq = vq; 1087 cmd->error = 0; 1088 cmd->finished = false; 1089 QTAILQ_INSERT_TAIL(&g->cmdq, cmd, next); 1090 cmd = virtqueue_pop(vq, sizeof(struct virtio_gpu_ctrl_command)); 1091 } 1092 1093 virtio_gpu_process_cmdq(g); 1094 } 1095 1096 static void virtio_gpu_ctrl_bh(void *opaque) 1097 { 1098 VirtIOGPU *g = opaque; 1099 VirtIOGPUClass *vgc = VIRTIO_GPU_GET_CLASS(g); 1100 1101 vgc->handle_ctrl(&g->parent_obj.parent_obj, g->ctrl_vq); 1102 } 1103 1104 static void virtio_gpu_handle_cursor(VirtIODevice *vdev, VirtQueue *vq) 1105 { 1106 VirtIOGPU *g = VIRTIO_GPU(vdev); 1107 VirtQueueElement *elem; 1108 size_t s; 1109 struct virtio_gpu_update_cursor cursor_info; 1110 1111 if (!virtio_queue_ready(vq)) { 1112 return; 1113 } 1114 for (;;) { 1115 elem = virtqueue_pop(vq, sizeof(VirtQueueElement)); 1116 if (!elem) { 1117 break; 1118 } 1119 1120 s = iov_to_buf(elem->out_sg, elem->out_num, 0, 1121 &cursor_info, sizeof(cursor_info)); 1122 if (s != sizeof(cursor_info)) { 1123 qemu_log_mask(LOG_GUEST_ERROR, 1124 "%s: cursor size incorrect %zu vs %zu\n", 1125 __func__, s, sizeof(cursor_info)); 1126 } else { 1127 virtio_gpu_bswap_32(&cursor_info, sizeof(cursor_info)); 1128 update_cursor(g, &cursor_info); 1129 } 1130 virtqueue_push(vq, elem, 0); 1131 virtio_notify(vdev, vq); 1132 g_free(elem); 1133 } 1134 } 1135 1136 static void virtio_gpu_cursor_bh(void *opaque) 1137 { 1138 VirtIOGPU *g = opaque; 1139 virtio_gpu_handle_cursor(&g->parent_obj.parent_obj, g->cursor_vq); 1140 } 1141 1142 static const VMStateDescription vmstate_virtio_gpu_scanout = { 1143 .name = "virtio-gpu-one-scanout", 1144 .version_id = 1, 1145 .fields = (VMStateField[]) { 1146 VMSTATE_UINT32(resource_id, struct virtio_gpu_scanout), 1147 VMSTATE_UINT32(width, struct virtio_gpu_scanout), 1148 VMSTATE_UINT32(height, struct virtio_gpu_scanout), 1149 VMSTATE_INT32(x, struct virtio_gpu_scanout), 1150 VMSTATE_INT32(y, struct virtio_gpu_scanout), 1151 VMSTATE_UINT32(cursor.resource_id, struct virtio_gpu_scanout), 1152 VMSTATE_UINT32(cursor.hot_x, struct virtio_gpu_scanout), 1153 VMSTATE_UINT32(cursor.hot_y, struct virtio_gpu_scanout), 1154 VMSTATE_UINT32(cursor.pos.x, struct virtio_gpu_scanout), 1155 VMSTATE_UINT32(cursor.pos.y, struct virtio_gpu_scanout), 1156 VMSTATE_END_OF_LIST() 1157 }, 1158 }; 1159 1160 static const VMStateDescription vmstate_virtio_gpu_scanouts = { 1161 .name = "virtio-gpu-scanouts", 1162 .version_id = 1, 1163 .fields = (VMStateField[]) { 1164 VMSTATE_INT32(parent_obj.enable, struct VirtIOGPU), 1165 VMSTATE_UINT32_EQUAL(parent_obj.conf.max_outputs, 1166 struct VirtIOGPU, NULL), 1167 VMSTATE_STRUCT_VARRAY_UINT32(parent_obj.scanout, struct VirtIOGPU, 1168 parent_obj.conf.max_outputs, 1, 1169 vmstate_virtio_gpu_scanout, 1170 struct virtio_gpu_scanout), 1171 VMSTATE_END_OF_LIST() 1172 }, 1173 }; 1174 1175 static int virtio_gpu_save(QEMUFile *f, void *opaque, size_t size, 1176 const VMStateField *field, JSONWriter *vmdesc) 1177 { 1178 VirtIOGPU *g = opaque; 1179 struct virtio_gpu_simple_resource *res; 1180 int i; 1181 1182 /* in 2d mode we should never find unprocessed commands here */ 1183 assert(QTAILQ_EMPTY(&g->cmdq)); 1184 1185 QTAILQ_FOREACH(res, &g->reslist, next) { 1186 qemu_put_be32(f, res->resource_id); 1187 qemu_put_be32(f, res->width); 1188 qemu_put_be32(f, res->height); 1189 qemu_put_be32(f, res->format); 1190 qemu_put_be32(f, res->iov_cnt); 1191 for (i = 0; i < res->iov_cnt; i++) { 1192 qemu_put_be64(f, res->addrs[i]); 1193 qemu_put_be32(f, res->iov[i].iov_len); 1194 } 1195 qemu_put_buffer(f, (void *)pixman_image_get_data(res->image), 1196 pixman_image_get_stride(res->image) * res->height); 1197 } 1198 qemu_put_be32(f, 0); /* end of list */ 1199 1200 return vmstate_save_state(f, &vmstate_virtio_gpu_scanouts, g, NULL); 1201 } 1202 1203 static int virtio_gpu_load(QEMUFile *f, void *opaque, size_t size, 1204 const VMStateField *field) 1205 { 1206 VirtIOGPU *g = opaque; 1207 struct virtio_gpu_simple_resource *res; 1208 struct virtio_gpu_scanout *scanout; 1209 uint32_t resource_id, pformat; 1210 int i; 1211 1212 g->hostmem = 0; 1213 1214 resource_id = qemu_get_be32(f); 1215 while (resource_id != 0) { 1216 res = virtio_gpu_find_resource(g, resource_id); 1217 if (res) { 1218 return -EINVAL; 1219 } 1220 1221 res = g_new0(struct virtio_gpu_simple_resource, 1); 1222 res->resource_id = resource_id; 1223 res->width = qemu_get_be32(f); 1224 res->height = qemu_get_be32(f); 1225 res->format = qemu_get_be32(f); 1226 res->iov_cnt = qemu_get_be32(f); 1227 1228 /* allocate */ 1229 pformat = virtio_gpu_get_pixman_format(res->format); 1230 if (!pformat) { 1231 g_free(res); 1232 return -EINVAL; 1233 } 1234 res->image = pixman_image_create_bits(pformat, 1235 res->width, res->height, 1236 NULL, 0); 1237 if (!res->image) { 1238 g_free(res); 1239 return -EINVAL; 1240 } 1241 1242 res->hostmem = calc_image_hostmem(pformat, res->width, res->height); 1243 1244 res->addrs = g_new(uint64_t, res->iov_cnt); 1245 res->iov = g_new(struct iovec, res->iov_cnt); 1246 1247 /* read data */ 1248 for (i = 0; i < res->iov_cnt; i++) { 1249 res->addrs[i] = qemu_get_be64(f); 1250 res->iov[i].iov_len = qemu_get_be32(f); 1251 } 1252 qemu_get_buffer(f, (void *)pixman_image_get_data(res->image), 1253 pixman_image_get_stride(res->image) * res->height); 1254 1255 /* restore mapping */ 1256 for (i = 0; i < res->iov_cnt; i++) { 1257 hwaddr len = res->iov[i].iov_len; 1258 res->iov[i].iov_base = 1259 dma_memory_map(VIRTIO_DEVICE(g)->dma_as, res->addrs[i], &len, 1260 DMA_DIRECTION_TO_DEVICE, 1261 MEMTXATTRS_UNSPECIFIED); 1262 1263 if (!res->iov[i].iov_base || len != res->iov[i].iov_len) { 1264 /* Clean up the half-a-mapping we just created... */ 1265 if (res->iov[i].iov_base) { 1266 dma_memory_unmap(VIRTIO_DEVICE(g)->dma_as, 1267 res->iov[i].iov_base, 1268 len, 1269 DMA_DIRECTION_TO_DEVICE, 1270 0); 1271 } 1272 /* ...and the mappings for previous loop iterations */ 1273 res->iov_cnt = i; 1274 virtio_gpu_cleanup_mapping(g, res); 1275 pixman_image_unref(res->image); 1276 g_free(res); 1277 return -EINVAL; 1278 } 1279 } 1280 1281 QTAILQ_INSERT_HEAD(&g->reslist, res, next); 1282 g->hostmem += res->hostmem; 1283 1284 resource_id = qemu_get_be32(f); 1285 } 1286 1287 /* load & apply scanout state */ 1288 vmstate_load_state(f, &vmstate_virtio_gpu_scanouts, g, 1); 1289 for (i = 0; i < g->parent_obj.conf.max_outputs; i++) { 1290 scanout = &g->parent_obj.scanout[i]; 1291 if (!scanout->resource_id) { 1292 continue; 1293 } 1294 res = virtio_gpu_find_resource(g, scanout->resource_id); 1295 if (!res) { 1296 return -EINVAL; 1297 } 1298 scanout->ds = qemu_create_displaysurface_pixman(res->image); 1299 if (!scanout->ds) { 1300 return -EINVAL; 1301 } 1302 1303 dpy_gfx_replace_surface(scanout->con, scanout->ds); 1304 dpy_gfx_update_full(scanout->con); 1305 if (scanout->cursor.resource_id) { 1306 update_cursor(g, &scanout->cursor); 1307 } 1308 res->scanout_bitmask |= (1 << i); 1309 } 1310 1311 return 0; 1312 } 1313 1314 void virtio_gpu_device_realize(DeviceState *qdev, Error **errp) 1315 { 1316 VirtIODevice *vdev = VIRTIO_DEVICE(qdev); 1317 VirtIOGPU *g = VIRTIO_GPU(qdev); 1318 1319 if (virtio_gpu_blob_enabled(g->parent_obj.conf)) { 1320 if (!virtio_gpu_have_udmabuf()) { 1321 error_setg(errp, "cannot enable blob resources without udmabuf"); 1322 return; 1323 } 1324 1325 if (virtio_gpu_virgl_enabled(g->parent_obj.conf)) { 1326 error_setg(errp, "blobs and virgl are not compatible (yet)"); 1327 return; 1328 } 1329 } 1330 1331 if (!virtio_gpu_base_device_realize(qdev, 1332 virtio_gpu_handle_ctrl_cb, 1333 virtio_gpu_handle_cursor_cb, 1334 errp)) { 1335 return; 1336 } 1337 1338 g->ctrl_vq = virtio_get_queue(vdev, 0); 1339 g->cursor_vq = virtio_get_queue(vdev, 1); 1340 g->ctrl_bh = qemu_bh_new(virtio_gpu_ctrl_bh, g); 1341 g->cursor_bh = qemu_bh_new(virtio_gpu_cursor_bh, g); 1342 QTAILQ_INIT(&g->reslist); 1343 QTAILQ_INIT(&g->cmdq); 1344 QTAILQ_INIT(&g->fenceq); 1345 } 1346 1347 void virtio_gpu_reset(VirtIODevice *vdev) 1348 { 1349 VirtIOGPU *g = VIRTIO_GPU(vdev); 1350 struct virtio_gpu_simple_resource *res, *tmp; 1351 struct virtio_gpu_ctrl_command *cmd; 1352 1353 QTAILQ_FOREACH_SAFE(res, &g->reslist, next, tmp) { 1354 virtio_gpu_resource_destroy(g, res); 1355 } 1356 1357 while (!QTAILQ_EMPTY(&g->cmdq)) { 1358 cmd = QTAILQ_FIRST(&g->cmdq); 1359 QTAILQ_REMOVE(&g->cmdq, cmd, next); 1360 g_free(cmd); 1361 } 1362 1363 while (!QTAILQ_EMPTY(&g->fenceq)) { 1364 cmd = QTAILQ_FIRST(&g->fenceq); 1365 QTAILQ_REMOVE(&g->fenceq, cmd, next); 1366 g->inflight--; 1367 g_free(cmd); 1368 } 1369 1370 virtio_gpu_base_reset(VIRTIO_GPU_BASE(vdev)); 1371 } 1372 1373 static void 1374 virtio_gpu_get_config(VirtIODevice *vdev, uint8_t *config) 1375 { 1376 VirtIOGPUBase *g = VIRTIO_GPU_BASE(vdev); 1377 1378 memcpy(config, &g->virtio_config, sizeof(g->virtio_config)); 1379 } 1380 1381 static void 1382 virtio_gpu_set_config(VirtIODevice *vdev, const uint8_t *config) 1383 { 1384 VirtIOGPUBase *g = VIRTIO_GPU_BASE(vdev); 1385 const struct virtio_gpu_config *vgconfig = 1386 (const struct virtio_gpu_config *)config; 1387 1388 if (vgconfig->events_clear) { 1389 g->virtio_config.events_read &= ~vgconfig->events_clear; 1390 } 1391 } 1392 1393 /* 1394 * For historical reasons virtio_gpu does not adhere to virtio migration 1395 * scheme as described in doc/virtio-migration.txt, in a sense that no 1396 * save/load callback are provided to the core. Instead the device data 1397 * is saved/loaded after the core data. 1398 * 1399 * Because of this we need a special vmsd. 1400 */ 1401 static const VMStateDescription vmstate_virtio_gpu = { 1402 .name = "virtio-gpu", 1403 .minimum_version_id = VIRTIO_GPU_VM_VERSION, 1404 .version_id = VIRTIO_GPU_VM_VERSION, 1405 .fields = (VMStateField[]) { 1406 VMSTATE_VIRTIO_DEVICE /* core */, 1407 { 1408 .name = "virtio-gpu", 1409 .info = &(const VMStateInfo) { 1410 .name = "virtio-gpu", 1411 .get = virtio_gpu_load, 1412 .put = virtio_gpu_save, 1413 }, 1414 .flags = VMS_SINGLE, 1415 } /* device */, 1416 VMSTATE_END_OF_LIST() 1417 }, 1418 }; 1419 1420 static Property virtio_gpu_properties[] = { 1421 VIRTIO_GPU_BASE_PROPERTIES(VirtIOGPU, parent_obj.conf), 1422 DEFINE_PROP_SIZE("max_hostmem", VirtIOGPU, conf_max_hostmem, 1423 256 * MiB), 1424 DEFINE_PROP_BIT("blob", VirtIOGPU, parent_obj.conf.flags, 1425 VIRTIO_GPU_FLAG_BLOB_ENABLED, false), 1426 DEFINE_PROP_END_OF_LIST(), 1427 }; 1428 1429 static void virtio_gpu_class_init(ObjectClass *klass, void *data) 1430 { 1431 DeviceClass *dc = DEVICE_CLASS(klass); 1432 VirtioDeviceClass *vdc = VIRTIO_DEVICE_CLASS(klass); 1433 VirtIOGPUClass *vgc = VIRTIO_GPU_CLASS(klass); 1434 VirtIOGPUBaseClass *vgbc = &vgc->parent; 1435 1436 vgc->handle_ctrl = virtio_gpu_handle_ctrl; 1437 vgc->process_cmd = virtio_gpu_simple_process_cmd; 1438 vgc->update_cursor_data = virtio_gpu_update_cursor_data; 1439 vgbc->gl_flushed = virtio_gpu_handle_gl_flushed; 1440 1441 vdc->realize = virtio_gpu_device_realize; 1442 vdc->reset = virtio_gpu_reset; 1443 vdc->get_config = virtio_gpu_get_config; 1444 vdc->set_config = virtio_gpu_set_config; 1445 1446 dc->vmsd = &vmstate_virtio_gpu; 1447 device_class_set_props(dc, virtio_gpu_properties); 1448 } 1449 1450 static const TypeInfo virtio_gpu_info = { 1451 .name = TYPE_VIRTIO_GPU, 1452 .parent = TYPE_VIRTIO_GPU_BASE, 1453 .instance_size = sizeof(VirtIOGPU), 1454 .class_size = sizeof(VirtIOGPUClass), 1455 .class_init = virtio_gpu_class_init, 1456 }; 1457 module_obj(TYPE_VIRTIO_GPU); 1458 module_kconfig(VIRTIO_GPU); 1459 1460 static void virtio_register_types(void) 1461 { 1462 type_register_static(&virtio_gpu_info); 1463 } 1464 1465 type_init(virtio_register_types) 1466