1 /* 2 * Virtio GPU Device 3 * 4 * Copyright Red Hat, Inc. 2013-2014 5 * 6 * Authors: 7 * Dave Airlie <airlied@redhat.com> 8 * Gerd Hoffmann <kraxel@redhat.com> 9 * 10 * This work is licensed under the terms of the GNU GPL, version 2 or later. 11 * See the COPYING file in the top-level directory. 12 */ 13 14 #include "qemu/osdep.h" 15 #include "qemu/units.h" 16 #include "qemu/iov.h" 17 #include "sysemu/cpus.h" 18 #include "ui/console.h" 19 #include "ui/rect.h" 20 #include "trace.h" 21 #include "sysemu/dma.h" 22 #include "sysemu/sysemu.h" 23 #include "hw/virtio/virtio.h" 24 #include "migration/qemu-file-types.h" 25 #include "hw/virtio/virtio-gpu.h" 26 #include "hw/virtio/virtio-gpu-bswap.h" 27 #include "hw/virtio/virtio-gpu-pixman.h" 28 #include "hw/virtio/virtio-bus.h" 29 #include "hw/qdev-properties.h" 30 #include "qemu/log.h" 31 #include "qemu/module.h" 32 #include "qapi/error.h" 33 #include "qemu/error-report.h" 34 35 #define VIRTIO_GPU_VM_VERSION 1 36 37 static struct virtio_gpu_simple_resource * 38 virtio_gpu_find_check_resource(VirtIOGPU *g, uint32_t resource_id, 39 bool require_backing, 40 const char *caller, uint32_t *error); 41 42 static void virtio_gpu_reset_bh(void *opaque); 43 44 void virtio_gpu_update_cursor_data(VirtIOGPU *g, 45 struct virtio_gpu_scanout *s, 46 uint32_t resource_id) 47 { 48 struct virtio_gpu_simple_resource *res; 49 uint32_t pixels; 50 void *data; 51 52 res = virtio_gpu_find_check_resource(g, resource_id, false, 53 __func__, NULL); 54 if (!res) { 55 return; 56 } 57 58 if (res->blob_size) { 59 if (res->blob_size < (s->current_cursor->width * 60 s->current_cursor->height * 4)) { 61 return; 62 } 63 data = res->blob; 64 } else { 65 if (pixman_image_get_width(res->image) != s->current_cursor->width || 66 pixman_image_get_height(res->image) != s->current_cursor->height) { 67 return; 68 } 69 data = pixman_image_get_data(res->image); 70 } 71 72 pixels = s->current_cursor->width * s->current_cursor->height; 73 memcpy(s->current_cursor->data, data, 74 pixels * sizeof(uint32_t)); 75 } 76 77 static void update_cursor(VirtIOGPU *g, struct virtio_gpu_update_cursor *cursor) 78 { 79 struct virtio_gpu_scanout *s; 80 VirtIOGPUClass *vgc = VIRTIO_GPU_GET_CLASS(g); 81 bool move = cursor->hdr.type == VIRTIO_GPU_CMD_MOVE_CURSOR; 82 83 if (cursor->pos.scanout_id >= g->parent_obj.conf.max_outputs) { 84 return; 85 } 86 s = &g->parent_obj.scanout[cursor->pos.scanout_id]; 87 88 trace_virtio_gpu_update_cursor(cursor->pos.scanout_id, 89 cursor->pos.x, 90 cursor->pos.y, 91 move ? "move" : "update", 92 cursor->resource_id); 93 94 if (!move) { 95 if (!s->current_cursor) { 96 s->current_cursor = cursor_alloc(64, 64); 97 } 98 99 s->current_cursor->hot_x = cursor->hot_x; 100 s->current_cursor->hot_y = cursor->hot_y; 101 102 if (cursor->resource_id > 0) { 103 vgc->update_cursor_data(g, s, cursor->resource_id); 104 } 105 dpy_cursor_define(s->con, s->current_cursor); 106 107 s->cursor = *cursor; 108 } else { 109 s->cursor.pos.x = cursor->pos.x; 110 s->cursor.pos.y = cursor->pos.y; 111 } 112 dpy_mouse_set(s->con, cursor->pos.x, cursor->pos.y, cursor->resource_id); 113 } 114 115 struct virtio_gpu_simple_resource * 116 virtio_gpu_find_resource(VirtIOGPU *g, uint32_t resource_id) 117 { 118 struct virtio_gpu_simple_resource *res; 119 120 QTAILQ_FOREACH(res, &g->reslist, next) { 121 if (res->resource_id == resource_id) { 122 return res; 123 } 124 } 125 return NULL; 126 } 127 128 static struct virtio_gpu_simple_resource * 129 virtio_gpu_find_check_resource(VirtIOGPU *g, uint32_t resource_id, 130 bool require_backing, 131 const char *caller, uint32_t *error) 132 { 133 struct virtio_gpu_simple_resource *res; 134 135 res = virtio_gpu_find_resource(g, resource_id); 136 if (!res) { 137 qemu_log_mask(LOG_GUEST_ERROR, "%s: invalid resource specified %d\n", 138 caller, resource_id); 139 if (error) { 140 *error = VIRTIO_GPU_RESP_ERR_INVALID_RESOURCE_ID; 141 } 142 return NULL; 143 } 144 145 if (require_backing) { 146 if (!res->iov || (!res->image && !res->blob)) { 147 qemu_log_mask(LOG_GUEST_ERROR, "%s: no backing storage %d\n", 148 caller, resource_id); 149 if (error) { 150 *error = VIRTIO_GPU_RESP_ERR_UNSPEC; 151 } 152 return NULL; 153 } 154 } 155 156 return res; 157 } 158 159 void virtio_gpu_ctrl_response(VirtIOGPU *g, 160 struct virtio_gpu_ctrl_command *cmd, 161 struct virtio_gpu_ctrl_hdr *resp, 162 size_t resp_len) 163 { 164 size_t s; 165 166 if (cmd->cmd_hdr.flags & VIRTIO_GPU_FLAG_FENCE) { 167 resp->flags |= VIRTIO_GPU_FLAG_FENCE; 168 resp->fence_id = cmd->cmd_hdr.fence_id; 169 resp->ctx_id = cmd->cmd_hdr.ctx_id; 170 } 171 virtio_gpu_ctrl_hdr_bswap(resp); 172 s = iov_from_buf(cmd->elem.in_sg, cmd->elem.in_num, 0, resp, resp_len); 173 if (s != resp_len) { 174 qemu_log_mask(LOG_GUEST_ERROR, 175 "%s: response size incorrect %zu vs %zu\n", 176 __func__, s, resp_len); 177 } 178 virtqueue_push(cmd->vq, &cmd->elem, s); 179 virtio_notify(VIRTIO_DEVICE(g), cmd->vq); 180 cmd->finished = true; 181 } 182 183 void virtio_gpu_ctrl_response_nodata(VirtIOGPU *g, 184 struct virtio_gpu_ctrl_command *cmd, 185 enum virtio_gpu_ctrl_type type) 186 { 187 struct virtio_gpu_ctrl_hdr resp; 188 189 memset(&resp, 0, sizeof(resp)); 190 resp.type = type; 191 virtio_gpu_ctrl_response(g, cmd, &resp, sizeof(resp)); 192 } 193 194 void virtio_gpu_get_display_info(VirtIOGPU *g, 195 struct virtio_gpu_ctrl_command *cmd) 196 { 197 struct virtio_gpu_resp_display_info display_info; 198 199 trace_virtio_gpu_cmd_get_display_info(); 200 memset(&display_info, 0, sizeof(display_info)); 201 display_info.hdr.type = VIRTIO_GPU_RESP_OK_DISPLAY_INFO; 202 virtio_gpu_base_fill_display_info(VIRTIO_GPU_BASE(g), &display_info); 203 virtio_gpu_ctrl_response(g, cmd, &display_info.hdr, 204 sizeof(display_info)); 205 } 206 207 void virtio_gpu_get_edid(VirtIOGPU *g, 208 struct virtio_gpu_ctrl_command *cmd) 209 { 210 struct virtio_gpu_resp_edid edid; 211 struct virtio_gpu_cmd_get_edid get_edid; 212 VirtIOGPUBase *b = VIRTIO_GPU_BASE(g); 213 214 VIRTIO_GPU_FILL_CMD(get_edid); 215 virtio_gpu_bswap_32(&get_edid, sizeof(get_edid)); 216 217 if (get_edid.scanout >= b->conf.max_outputs) { 218 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_PARAMETER; 219 return; 220 } 221 222 trace_virtio_gpu_cmd_get_edid(get_edid.scanout); 223 memset(&edid, 0, sizeof(edid)); 224 edid.hdr.type = VIRTIO_GPU_RESP_OK_EDID; 225 virtio_gpu_base_generate_edid(VIRTIO_GPU_BASE(g), get_edid.scanout, &edid); 226 virtio_gpu_ctrl_response(g, cmd, &edid.hdr, sizeof(edid)); 227 } 228 229 static uint32_t calc_image_hostmem(pixman_format_code_t pformat, 230 uint32_t width, uint32_t height) 231 { 232 /* Copied from pixman/pixman-bits-image.c, skip integer overflow check. 233 * pixman_image_create_bits will fail in case it overflow. 234 */ 235 236 int bpp = PIXMAN_FORMAT_BPP(pformat); 237 int stride = ((width * bpp + 0x1f) >> 5) * sizeof(uint32_t); 238 return height * stride; 239 } 240 241 #ifdef WIN32 242 static void 243 win32_pixman_image_destroy(pixman_image_t *image, void *data) 244 { 245 HANDLE handle = data; 246 247 qemu_win32_map_free(pixman_image_get_data(image), handle, &error_warn); 248 } 249 #endif 250 251 static void virtio_gpu_resource_create_2d(VirtIOGPU *g, 252 struct virtio_gpu_ctrl_command *cmd) 253 { 254 pixman_format_code_t pformat; 255 struct virtio_gpu_simple_resource *res; 256 struct virtio_gpu_resource_create_2d c2d; 257 258 VIRTIO_GPU_FILL_CMD(c2d); 259 virtio_gpu_bswap_32(&c2d, sizeof(c2d)); 260 trace_virtio_gpu_cmd_res_create_2d(c2d.resource_id, c2d.format, 261 c2d.width, c2d.height); 262 263 if (c2d.resource_id == 0) { 264 qemu_log_mask(LOG_GUEST_ERROR, "%s: resource id 0 is not allowed\n", 265 __func__); 266 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_RESOURCE_ID; 267 return; 268 } 269 270 res = virtio_gpu_find_resource(g, c2d.resource_id); 271 if (res) { 272 qemu_log_mask(LOG_GUEST_ERROR, "%s: resource already exists %d\n", 273 __func__, c2d.resource_id); 274 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_RESOURCE_ID; 275 return; 276 } 277 278 res = g_new0(struct virtio_gpu_simple_resource, 1); 279 280 res->width = c2d.width; 281 res->height = c2d.height; 282 res->format = c2d.format; 283 res->resource_id = c2d.resource_id; 284 285 pformat = virtio_gpu_get_pixman_format(c2d.format); 286 if (!pformat) { 287 qemu_log_mask(LOG_GUEST_ERROR, 288 "%s: host couldn't handle guest format %d\n", 289 __func__, c2d.format); 290 g_free(res); 291 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_PARAMETER; 292 return; 293 } 294 295 res->hostmem = calc_image_hostmem(pformat, c2d.width, c2d.height); 296 if (res->hostmem + g->hostmem < g->conf_max_hostmem) { 297 void *bits = NULL; 298 #ifdef WIN32 299 bits = qemu_win32_map_alloc(res->hostmem, &res->handle, &error_warn); 300 if (!bits) { 301 goto end; 302 } 303 #endif 304 res->image = pixman_image_create_bits( 305 pformat, 306 c2d.width, 307 c2d.height, 308 bits, c2d.height ? res->hostmem / c2d.height : 0); 309 #ifdef WIN32 310 if (res->image) { 311 pixman_image_set_destroy_function(res->image, win32_pixman_image_destroy, res->handle); 312 } 313 #endif 314 } 315 316 #ifdef WIN32 317 end: 318 #endif 319 if (!res->image) { 320 qemu_log_mask(LOG_GUEST_ERROR, 321 "%s: resource creation failed %d %d %d\n", 322 __func__, c2d.resource_id, c2d.width, c2d.height); 323 g_free(res); 324 cmd->error = VIRTIO_GPU_RESP_ERR_OUT_OF_MEMORY; 325 return; 326 } 327 328 QTAILQ_INSERT_HEAD(&g->reslist, res, next); 329 g->hostmem += res->hostmem; 330 } 331 332 static void virtio_gpu_resource_create_blob(VirtIOGPU *g, 333 struct virtio_gpu_ctrl_command *cmd) 334 { 335 struct virtio_gpu_simple_resource *res; 336 struct virtio_gpu_resource_create_blob cblob; 337 int ret; 338 339 VIRTIO_GPU_FILL_CMD(cblob); 340 virtio_gpu_create_blob_bswap(&cblob); 341 trace_virtio_gpu_cmd_res_create_blob(cblob.resource_id, cblob.size); 342 343 if (cblob.resource_id == 0) { 344 qemu_log_mask(LOG_GUEST_ERROR, "%s: resource id 0 is not allowed\n", 345 __func__); 346 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_RESOURCE_ID; 347 return; 348 } 349 350 if (cblob.blob_mem != VIRTIO_GPU_BLOB_MEM_GUEST && 351 cblob.blob_flags != VIRTIO_GPU_BLOB_FLAG_USE_SHAREABLE) { 352 qemu_log_mask(LOG_GUEST_ERROR, "%s: invalid memory type\n", 353 __func__); 354 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_PARAMETER; 355 return; 356 } 357 358 if (virtio_gpu_find_resource(g, cblob.resource_id)) { 359 qemu_log_mask(LOG_GUEST_ERROR, "%s: resource already exists %d\n", 360 __func__, cblob.resource_id); 361 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_RESOURCE_ID; 362 return; 363 } 364 365 res = g_new0(struct virtio_gpu_simple_resource, 1); 366 res->resource_id = cblob.resource_id; 367 res->blob_size = cblob.size; 368 369 ret = virtio_gpu_create_mapping_iov(g, cblob.nr_entries, sizeof(cblob), 370 cmd, &res->addrs, &res->iov, 371 &res->iov_cnt); 372 if (ret != 0) { 373 cmd->error = VIRTIO_GPU_RESP_ERR_UNSPEC; 374 g_free(res); 375 return; 376 } 377 378 virtio_gpu_init_udmabuf(res); 379 QTAILQ_INSERT_HEAD(&g->reslist, res, next); 380 } 381 382 static void virtio_gpu_disable_scanout(VirtIOGPU *g, int scanout_id) 383 { 384 struct virtio_gpu_scanout *scanout = &g->parent_obj.scanout[scanout_id]; 385 struct virtio_gpu_simple_resource *res; 386 387 if (scanout->resource_id == 0) { 388 return; 389 } 390 391 res = virtio_gpu_find_resource(g, scanout->resource_id); 392 if (res) { 393 res->scanout_bitmask &= ~(1 << scanout_id); 394 } 395 396 dpy_gfx_replace_surface(scanout->con, NULL); 397 scanout->resource_id = 0; 398 scanout->ds = NULL; 399 scanout->width = 0; 400 scanout->height = 0; 401 } 402 403 static void virtio_gpu_resource_destroy(VirtIOGPU *g, 404 struct virtio_gpu_simple_resource *res, 405 Error **errp) 406 { 407 int i; 408 409 if (res->scanout_bitmask) { 410 for (i = 0; i < g->parent_obj.conf.max_outputs; i++) { 411 if (res->scanout_bitmask & (1 << i)) { 412 virtio_gpu_disable_scanout(g, i); 413 } 414 } 415 } 416 417 qemu_pixman_image_unref(res->image); 418 virtio_gpu_cleanup_mapping(g, res); 419 QTAILQ_REMOVE(&g->reslist, res, next); 420 g->hostmem -= res->hostmem; 421 g_free(res); 422 } 423 424 static void virtio_gpu_resource_unref(VirtIOGPU *g, 425 struct virtio_gpu_ctrl_command *cmd) 426 { 427 struct virtio_gpu_simple_resource *res; 428 struct virtio_gpu_resource_unref unref; 429 430 VIRTIO_GPU_FILL_CMD(unref); 431 virtio_gpu_bswap_32(&unref, sizeof(unref)); 432 trace_virtio_gpu_cmd_res_unref(unref.resource_id); 433 434 res = virtio_gpu_find_resource(g, unref.resource_id); 435 if (!res) { 436 qemu_log_mask(LOG_GUEST_ERROR, "%s: illegal resource specified %d\n", 437 __func__, unref.resource_id); 438 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_RESOURCE_ID; 439 return; 440 } 441 /* 442 * virtio_gpu_resource_destroy does not set any errors, so pass a NULL errp 443 * to ignore them. 444 */ 445 virtio_gpu_resource_destroy(g, res, NULL); 446 } 447 448 static void virtio_gpu_transfer_to_host_2d(VirtIOGPU *g, 449 struct virtio_gpu_ctrl_command *cmd) 450 { 451 struct virtio_gpu_simple_resource *res; 452 int h, bpp; 453 uint32_t src_offset, dst_offset, stride; 454 pixman_format_code_t format; 455 struct virtio_gpu_transfer_to_host_2d t2d; 456 void *img_data; 457 458 VIRTIO_GPU_FILL_CMD(t2d); 459 virtio_gpu_t2d_bswap(&t2d); 460 trace_virtio_gpu_cmd_res_xfer_toh_2d(t2d.resource_id); 461 462 res = virtio_gpu_find_check_resource(g, t2d.resource_id, true, 463 __func__, &cmd->error); 464 if (!res || res->blob) { 465 return; 466 } 467 468 if (t2d.r.x > res->width || 469 t2d.r.y > res->height || 470 t2d.r.width > res->width || 471 t2d.r.height > res->height || 472 t2d.r.x + t2d.r.width > res->width || 473 t2d.r.y + t2d.r.height > res->height) { 474 qemu_log_mask(LOG_GUEST_ERROR, "%s: transfer bounds outside resource" 475 " bounds for resource %d: %d %d %d %d vs %d %d\n", 476 __func__, t2d.resource_id, t2d.r.x, t2d.r.y, 477 t2d.r.width, t2d.r.height, res->width, res->height); 478 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_PARAMETER; 479 return; 480 } 481 482 format = pixman_image_get_format(res->image); 483 bpp = DIV_ROUND_UP(PIXMAN_FORMAT_BPP(format), 8); 484 stride = pixman_image_get_stride(res->image); 485 img_data = pixman_image_get_data(res->image); 486 487 if (t2d.r.x || t2d.r.width != pixman_image_get_width(res->image)) { 488 for (h = 0; h < t2d.r.height; h++) { 489 src_offset = t2d.offset + stride * h; 490 dst_offset = (t2d.r.y + h) * stride + (t2d.r.x * bpp); 491 492 iov_to_buf(res->iov, res->iov_cnt, src_offset, 493 (uint8_t *)img_data + dst_offset, 494 t2d.r.width * bpp); 495 } 496 } else { 497 src_offset = t2d.offset; 498 dst_offset = t2d.r.y * stride + t2d.r.x * bpp; 499 iov_to_buf(res->iov, res->iov_cnt, src_offset, 500 (uint8_t *)img_data + dst_offset, 501 stride * t2d.r.height); 502 } 503 } 504 505 static void virtio_gpu_resource_flush(VirtIOGPU *g, 506 struct virtio_gpu_ctrl_command *cmd) 507 { 508 struct virtio_gpu_simple_resource *res; 509 struct virtio_gpu_resource_flush rf; 510 struct virtio_gpu_scanout *scanout; 511 QemuRect flush_rect; 512 bool within_bounds = false; 513 bool update_submitted = false; 514 int i; 515 516 VIRTIO_GPU_FILL_CMD(rf); 517 virtio_gpu_bswap_32(&rf, sizeof(rf)); 518 trace_virtio_gpu_cmd_res_flush(rf.resource_id, 519 rf.r.width, rf.r.height, rf.r.x, rf.r.y); 520 521 res = virtio_gpu_find_check_resource(g, rf.resource_id, false, 522 __func__, &cmd->error); 523 if (!res) { 524 return; 525 } 526 527 if (res->blob) { 528 for (i = 0; i < g->parent_obj.conf.max_outputs; i++) { 529 scanout = &g->parent_obj.scanout[i]; 530 if (scanout->resource_id == res->resource_id && 531 rf.r.x < scanout->x + scanout->width && 532 rf.r.x + rf.r.width >= scanout->x && 533 rf.r.y < scanout->y + scanout->height && 534 rf.r.y + rf.r.height >= scanout->y) { 535 within_bounds = true; 536 537 if (console_has_gl(scanout->con)) { 538 dpy_gl_update(scanout->con, 0, 0, scanout->width, 539 scanout->height); 540 update_submitted = true; 541 } 542 } 543 } 544 545 if (update_submitted) { 546 return; 547 } 548 if (!within_bounds) { 549 qemu_log_mask(LOG_GUEST_ERROR, "%s: flush bounds outside scanouts" 550 " bounds for flush %d: %d %d %d %d\n", 551 __func__, rf.resource_id, rf.r.x, rf.r.y, 552 rf.r.width, rf.r.height); 553 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_PARAMETER; 554 return; 555 } 556 } 557 558 if (!res->blob && 559 (rf.r.x > res->width || 560 rf.r.y > res->height || 561 rf.r.width > res->width || 562 rf.r.height > res->height || 563 rf.r.x + rf.r.width > res->width || 564 rf.r.y + rf.r.height > res->height)) { 565 qemu_log_mask(LOG_GUEST_ERROR, "%s: flush bounds outside resource" 566 " bounds for resource %d: %d %d %d %d vs %d %d\n", 567 __func__, rf.resource_id, rf.r.x, rf.r.y, 568 rf.r.width, rf.r.height, res->width, res->height); 569 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_PARAMETER; 570 return; 571 } 572 573 qemu_rect_init(&flush_rect, rf.r.x, rf.r.y, rf.r.width, rf.r.height); 574 for (i = 0; i < g->parent_obj.conf.max_outputs; i++) { 575 QemuRect rect; 576 577 if (!(res->scanout_bitmask & (1 << i))) { 578 continue; 579 } 580 scanout = &g->parent_obj.scanout[i]; 581 582 qemu_rect_init(&rect, scanout->x, scanout->y, 583 scanout->width, scanout->height); 584 585 /* work out the area we need to update for each console */ 586 if (qemu_rect_intersect(&flush_rect, &rect, &rect)) { 587 qemu_rect_translate(&rect, -scanout->x, -scanout->y); 588 dpy_gfx_update(g->parent_obj.scanout[i].con, 589 rect.x, rect.y, rect.width, rect.height); 590 } 591 } 592 } 593 594 static void virtio_unref_resource(pixman_image_t *image, void *data) 595 { 596 pixman_image_unref(data); 597 } 598 599 static void virtio_gpu_update_scanout(VirtIOGPU *g, 600 uint32_t scanout_id, 601 struct virtio_gpu_simple_resource *res, 602 struct virtio_gpu_framebuffer *fb, 603 struct virtio_gpu_rect *r) 604 { 605 struct virtio_gpu_simple_resource *ores; 606 struct virtio_gpu_scanout *scanout; 607 608 scanout = &g->parent_obj.scanout[scanout_id]; 609 ores = virtio_gpu_find_resource(g, scanout->resource_id); 610 if (ores) { 611 ores->scanout_bitmask &= ~(1 << scanout_id); 612 } 613 614 res->scanout_bitmask |= (1 << scanout_id); 615 scanout->resource_id = res->resource_id; 616 scanout->x = r->x; 617 scanout->y = r->y; 618 scanout->width = r->width; 619 scanout->height = r->height; 620 scanout->fb = *fb; 621 } 622 623 static bool virtio_gpu_do_set_scanout(VirtIOGPU *g, 624 uint32_t scanout_id, 625 struct virtio_gpu_framebuffer *fb, 626 struct virtio_gpu_simple_resource *res, 627 struct virtio_gpu_rect *r, 628 uint32_t *error) 629 { 630 struct virtio_gpu_scanout *scanout; 631 uint8_t *data; 632 633 scanout = &g->parent_obj.scanout[scanout_id]; 634 635 if (r->x > fb->width || 636 r->y > fb->height || 637 r->width < 16 || 638 r->height < 16 || 639 r->width > fb->width || 640 r->height > fb->height || 641 r->x + r->width > fb->width || 642 r->y + r->height > fb->height) { 643 qemu_log_mask(LOG_GUEST_ERROR, "%s: illegal scanout %d bounds for" 644 " resource %d, rect (%d,%d)+%d,%d, fb %d %d\n", 645 __func__, scanout_id, res->resource_id, 646 r->x, r->y, r->width, r->height, 647 fb->width, fb->height); 648 *error = VIRTIO_GPU_RESP_ERR_INVALID_PARAMETER; 649 return false; 650 } 651 652 g->parent_obj.enable = 1; 653 654 if (res->blob) { 655 if (console_has_gl(scanout->con)) { 656 if (!virtio_gpu_update_dmabuf(g, scanout_id, res, fb, r)) { 657 virtio_gpu_update_scanout(g, scanout_id, res, fb, r); 658 } else { 659 *error = VIRTIO_GPU_RESP_ERR_OUT_OF_MEMORY; 660 return false; 661 } 662 return true; 663 } 664 665 data = res->blob; 666 } else { 667 data = (uint8_t *)pixman_image_get_data(res->image); 668 } 669 670 /* create a surface for this scanout */ 671 if ((res->blob && !console_has_gl(scanout->con)) || 672 !scanout->ds || 673 surface_data(scanout->ds) != data + fb->offset || 674 scanout->width != r->width || 675 scanout->height != r->height) { 676 pixman_image_t *rect; 677 void *ptr = data + fb->offset; 678 rect = pixman_image_create_bits(fb->format, r->width, r->height, 679 ptr, fb->stride); 680 681 if (res->image) { 682 pixman_image_ref(res->image); 683 pixman_image_set_destroy_function(rect, virtio_unref_resource, 684 res->image); 685 } 686 687 /* realloc the surface ptr */ 688 scanout->ds = qemu_create_displaysurface_pixman(rect); 689 #ifdef WIN32 690 qemu_displaysurface_win32_set_handle(scanout->ds, res->handle, fb->offset); 691 #endif 692 693 pixman_image_unref(rect); 694 dpy_gfx_replace_surface(g->parent_obj.scanout[scanout_id].con, 695 scanout->ds); 696 } 697 698 virtio_gpu_update_scanout(g, scanout_id, res, fb, r); 699 return true; 700 } 701 702 static void virtio_gpu_set_scanout(VirtIOGPU *g, 703 struct virtio_gpu_ctrl_command *cmd) 704 { 705 struct virtio_gpu_simple_resource *res; 706 struct virtio_gpu_framebuffer fb = { 0 }; 707 struct virtio_gpu_set_scanout ss; 708 709 VIRTIO_GPU_FILL_CMD(ss); 710 virtio_gpu_bswap_32(&ss, sizeof(ss)); 711 trace_virtio_gpu_cmd_set_scanout(ss.scanout_id, ss.resource_id, 712 ss.r.width, ss.r.height, ss.r.x, ss.r.y); 713 714 if (ss.scanout_id >= g->parent_obj.conf.max_outputs) { 715 qemu_log_mask(LOG_GUEST_ERROR, "%s: illegal scanout id specified %d", 716 __func__, ss.scanout_id); 717 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_SCANOUT_ID; 718 return; 719 } 720 721 if (ss.resource_id == 0) { 722 virtio_gpu_disable_scanout(g, ss.scanout_id); 723 return; 724 } 725 726 res = virtio_gpu_find_check_resource(g, ss.resource_id, true, 727 __func__, &cmd->error); 728 if (!res) { 729 return; 730 } 731 732 fb.format = pixman_image_get_format(res->image); 733 fb.bytes_pp = DIV_ROUND_UP(PIXMAN_FORMAT_BPP(fb.format), 8); 734 fb.width = pixman_image_get_width(res->image); 735 fb.height = pixman_image_get_height(res->image); 736 fb.stride = pixman_image_get_stride(res->image); 737 fb.offset = ss.r.x * fb.bytes_pp + ss.r.y * fb.stride; 738 739 virtio_gpu_do_set_scanout(g, ss.scanout_id, 740 &fb, res, &ss.r, &cmd->error); 741 } 742 743 static void virtio_gpu_set_scanout_blob(VirtIOGPU *g, 744 struct virtio_gpu_ctrl_command *cmd) 745 { 746 struct virtio_gpu_simple_resource *res; 747 struct virtio_gpu_framebuffer fb = { 0 }; 748 struct virtio_gpu_set_scanout_blob ss; 749 uint64_t fbend; 750 751 VIRTIO_GPU_FILL_CMD(ss); 752 virtio_gpu_scanout_blob_bswap(&ss); 753 trace_virtio_gpu_cmd_set_scanout_blob(ss.scanout_id, ss.resource_id, 754 ss.r.width, ss.r.height, ss.r.x, 755 ss.r.y); 756 757 if (ss.scanout_id >= g->parent_obj.conf.max_outputs) { 758 qemu_log_mask(LOG_GUEST_ERROR, "%s: illegal scanout id specified %d", 759 __func__, ss.scanout_id); 760 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_SCANOUT_ID; 761 return; 762 } 763 764 if (ss.resource_id == 0) { 765 virtio_gpu_disable_scanout(g, ss.scanout_id); 766 return; 767 } 768 769 res = virtio_gpu_find_check_resource(g, ss.resource_id, true, 770 __func__, &cmd->error); 771 if (!res) { 772 return; 773 } 774 775 fb.format = virtio_gpu_get_pixman_format(ss.format); 776 if (!fb.format) { 777 qemu_log_mask(LOG_GUEST_ERROR, 778 "%s: host couldn't handle guest format %d\n", 779 __func__, ss.format); 780 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_PARAMETER; 781 return; 782 } 783 784 fb.bytes_pp = DIV_ROUND_UP(PIXMAN_FORMAT_BPP(fb.format), 8); 785 fb.width = ss.width; 786 fb.height = ss.height; 787 fb.stride = ss.strides[0]; 788 fb.offset = ss.offsets[0] + ss.r.x * fb.bytes_pp + ss.r.y * fb.stride; 789 790 fbend = fb.offset; 791 fbend += fb.stride * (ss.r.height - 1); 792 fbend += fb.bytes_pp * ss.r.width; 793 if (fbend > res->blob_size) { 794 qemu_log_mask(LOG_GUEST_ERROR, 795 "%s: fb end out of range\n", 796 __func__); 797 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_PARAMETER; 798 return; 799 } 800 801 virtio_gpu_do_set_scanout(g, ss.scanout_id, 802 &fb, res, &ss.r, &cmd->error); 803 } 804 805 int virtio_gpu_create_mapping_iov(VirtIOGPU *g, 806 uint32_t nr_entries, uint32_t offset, 807 struct virtio_gpu_ctrl_command *cmd, 808 uint64_t **addr, struct iovec **iov, 809 uint32_t *niov) 810 { 811 struct virtio_gpu_mem_entry *ents; 812 size_t esize, s; 813 int e, v; 814 815 if (nr_entries > 16384) { 816 qemu_log_mask(LOG_GUEST_ERROR, 817 "%s: nr_entries is too big (%d > 16384)\n", 818 __func__, nr_entries); 819 return -1; 820 } 821 822 esize = sizeof(*ents) * nr_entries; 823 ents = g_malloc(esize); 824 s = iov_to_buf(cmd->elem.out_sg, cmd->elem.out_num, 825 offset, ents, esize); 826 if (s != esize) { 827 qemu_log_mask(LOG_GUEST_ERROR, 828 "%s: command data size incorrect %zu vs %zu\n", 829 __func__, s, esize); 830 g_free(ents); 831 return -1; 832 } 833 834 *iov = NULL; 835 if (addr) { 836 *addr = NULL; 837 } 838 for (e = 0, v = 0; e < nr_entries; e++) { 839 uint64_t a = le64_to_cpu(ents[e].addr); 840 uint32_t l = le32_to_cpu(ents[e].length); 841 hwaddr len; 842 void *map; 843 844 do { 845 len = l; 846 map = dma_memory_map(VIRTIO_DEVICE(g)->dma_as, a, &len, 847 DMA_DIRECTION_TO_DEVICE, 848 MEMTXATTRS_UNSPECIFIED); 849 if (!map) { 850 qemu_log_mask(LOG_GUEST_ERROR, "%s: failed to map MMIO memory for" 851 " element %d\n", __func__, e); 852 virtio_gpu_cleanup_mapping_iov(g, *iov, v); 853 g_free(ents); 854 *iov = NULL; 855 if (addr) { 856 g_free(*addr); 857 *addr = NULL; 858 } 859 return -1; 860 } 861 862 if (!(v % 16)) { 863 *iov = g_renew(struct iovec, *iov, v + 16); 864 if (addr) { 865 *addr = g_renew(uint64_t, *addr, v + 16); 866 } 867 } 868 (*iov)[v].iov_base = map; 869 (*iov)[v].iov_len = len; 870 if (addr) { 871 (*addr)[v] = a; 872 } 873 874 a += len; 875 l -= len; 876 v += 1; 877 } while (l > 0); 878 } 879 *niov = v; 880 881 g_free(ents); 882 return 0; 883 } 884 885 void virtio_gpu_cleanup_mapping_iov(VirtIOGPU *g, 886 struct iovec *iov, uint32_t count) 887 { 888 int i; 889 890 for (i = 0; i < count; i++) { 891 dma_memory_unmap(VIRTIO_DEVICE(g)->dma_as, 892 iov[i].iov_base, iov[i].iov_len, 893 DMA_DIRECTION_TO_DEVICE, 894 iov[i].iov_len); 895 } 896 g_free(iov); 897 } 898 899 void virtio_gpu_cleanup_mapping(VirtIOGPU *g, 900 struct virtio_gpu_simple_resource *res) 901 { 902 virtio_gpu_cleanup_mapping_iov(g, res->iov, res->iov_cnt); 903 res->iov = NULL; 904 res->iov_cnt = 0; 905 g_free(res->addrs); 906 res->addrs = NULL; 907 908 if (res->blob) { 909 virtio_gpu_fini_udmabuf(res); 910 } 911 } 912 913 static void 914 virtio_gpu_resource_attach_backing(VirtIOGPU *g, 915 struct virtio_gpu_ctrl_command *cmd) 916 { 917 struct virtio_gpu_simple_resource *res; 918 struct virtio_gpu_resource_attach_backing ab; 919 int ret; 920 921 VIRTIO_GPU_FILL_CMD(ab); 922 virtio_gpu_bswap_32(&ab, sizeof(ab)); 923 trace_virtio_gpu_cmd_res_back_attach(ab.resource_id); 924 925 res = virtio_gpu_find_resource(g, ab.resource_id); 926 if (!res) { 927 qemu_log_mask(LOG_GUEST_ERROR, "%s: illegal resource specified %d\n", 928 __func__, ab.resource_id); 929 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_RESOURCE_ID; 930 return; 931 } 932 933 if (res->iov) { 934 cmd->error = VIRTIO_GPU_RESP_ERR_UNSPEC; 935 return; 936 } 937 938 ret = virtio_gpu_create_mapping_iov(g, ab.nr_entries, sizeof(ab), cmd, 939 &res->addrs, &res->iov, &res->iov_cnt); 940 if (ret != 0) { 941 cmd->error = VIRTIO_GPU_RESP_ERR_UNSPEC; 942 return; 943 } 944 } 945 946 static void 947 virtio_gpu_resource_detach_backing(VirtIOGPU *g, 948 struct virtio_gpu_ctrl_command *cmd) 949 { 950 struct virtio_gpu_simple_resource *res; 951 struct virtio_gpu_resource_detach_backing detach; 952 953 VIRTIO_GPU_FILL_CMD(detach); 954 virtio_gpu_bswap_32(&detach, sizeof(detach)); 955 trace_virtio_gpu_cmd_res_back_detach(detach.resource_id); 956 957 res = virtio_gpu_find_check_resource(g, detach.resource_id, true, 958 __func__, &cmd->error); 959 if (!res) { 960 return; 961 } 962 virtio_gpu_cleanup_mapping(g, res); 963 } 964 965 void virtio_gpu_simple_process_cmd(VirtIOGPU *g, 966 struct virtio_gpu_ctrl_command *cmd) 967 { 968 VIRTIO_GPU_FILL_CMD(cmd->cmd_hdr); 969 virtio_gpu_ctrl_hdr_bswap(&cmd->cmd_hdr); 970 971 switch (cmd->cmd_hdr.type) { 972 case VIRTIO_GPU_CMD_GET_DISPLAY_INFO: 973 virtio_gpu_get_display_info(g, cmd); 974 break; 975 case VIRTIO_GPU_CMD_GET_EDID: 976 virtio_gpu_get_edid(g, cmd); 977 break; 978 case VIRTIO_GPU_CMD_RESOURCE_CREATE_2D: 979 virtio_gpu_resource_create_2d(g, cmd); 980 break; 981 case VIRTIO_GPU_CMD_RESOURCE_CREATE_BLOB: 982 if (!virtio_gpu_blob_enabled(g->parent_obj.conf)) { 983 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_PARAMETER; 984 break; 985 } 986 virtio_gpu_resource_create_blob(g, cmd); 987 break; 988 case VIRTIO_GPU_CMD_RESOURCE_UNREF: 989 virtio_gpu_resource_unref(g, cmd); 990 break; 991 case VIRTIO_GPU_CMD_RESOURCE_FLUSH: 992 virtio_gpu_resource_flush(g, cmd); 993 break; 994 case VIRTIO_GPU_CMD_TRANSFER_TO_HOST_2D: 995 virtio_gpu_transfer_to_host_2d(g, cmd); 996 break; 997 case VIRTIO_GPU_CMD_SET_SCANOUT: 998 virtio_gpu_set_scanout(g, cmd); 999 break; 1000 case VIRTIO_GPU_CMD_SET_SCANOUT_BLOB: 1001 if (!virtio_gpu_blob_enabled(g->parent_obj.conf)) { 1002 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_PARAMETER; 1003 break; 1004 } 1005 virtio_gpu_set_scanout_blob(g, cmd); 1006 break; 1007 case VIRTIO_GPU_CMD_RESOURCE_ATTACH_BACKING: 1008 virtio_gpu_resource_attach_backing(g, cmd); 1009 break; 1010 case VIRTIO_GPU_CMD_RESOURCE_DETACH_BACKING: 1011 virtio_gpu_resource_detach_backing(g, cmd); 1012 break; 1013 default: 1014 cmd->error = VIRTIO_GPU_RESP_ERR_UNSPEC; 1015 break; 1016 } 1017 if (!cmd->finished) { 1018 if (!g->parent_obj.renderer_blocked) { 1019 virtio_gpu_ctrl_response_nodata(g, cmd, cmd->error ? cmd->error : 1020 VIRTIO_GPU_RESP_OK_NODATA); 1021 } 1022 } 1023 } 1024 1025 static void virtio_gpu_handle_ctrl_cb(VirtIODevice *vdev, VirtQueue *vq) 1026 { 1027 VirtIOGPU *g = VIRTIO_GPU(vdev); 1028 qemu_bh_schedule(g->ctrl_bh); 1029 } 1030 1031 static void virtio_gpu_handle_cursor_cb(VirtIODevice *vdev, VirtQueue *vq) 1032 { 1033 VirtIOGPU *g = VIRTIO_GPU(vdev); 1034 qemu_bh_schedule(g->cursor_bh); 1035 } 1036 1037 void virtio_gpu_process_cmdq(VirtIOGPU *g) 1038 { 1039 struct virtio_gpu_ctrl_command *cmd; 1040 VirtIOGPUClass *vgc = VIRTIO_GPU_GET_CLASS(g); 1041 1042 if (g->processing_cmdq) { 1043 return; 1044 } 1045 g->processing_cmdq = true; 1046 while (!QTAILQ_EMPTY(&g->cmdq)) { 1047 cmd = QTAILQ_FIRST(&g->cmdq); 1048 1049 if (g->parent_obj.renderer_blocked) { 1050 break; 1051 } 1052 1053 /* process command */ 1054 vgc->process_cmd(g, cmd); 1055 1056 QTAILQ_REMOVE(&g->cmdq, cmd, next); 1057 if (virtio_gpu_stats_enabled(g->parent_obj.conf)) { 1058 g->stats.requests++; 1059 } 1060 1061 if (!cmd->finished) { 1062 QTAILQ_INSERT_TAIL(&g->fenceq, cmd, next); 1063 g->inflight++; 1064 if (virtio_gpu_stats_enabled(g->parent_obj.conf)) { 1065 if (g->stats.max_inflight < g->inflight) { 1066 g->stats.max_inflight = g->inflight; 1067 } 1068 fprintf(stderr, "inflight: %3d (+)\r", g->inflight); 1069 } 1070 } else { 1071 g_free(cmd); 1072 } 1073 } 1074 g->processing_cmdq = false; 1075 } 1076 1077 static void virtio_gpu_process_fenceq(VirtIOGPU *g) 1078 { 1079 struct virtio_gpu_ctrl_command *cmd, *tmp; 1080 1081 QTAILQ_FOREACH_SAFE(cmd, &g->fenceq, next, tmp) { 1082 trace_virtio_gpu_fence_resp(cmd->cmd_hdr.fence_id); 1083 virtio_gpu_ctrl_response_nodata(g, cmd, VIRTIO_GPU_RESP_OK_NODATA); 1084 QTAILQ_REMOVE(&g->fenceq, cmd, next); 1085 g_free(cmd); 1086 g->inflight--; 1087 if (virtio_gpu_stats_enabled(g->parent_obj.conf)) { 1088 fprintf(stderr, "inflight: %3d (-)\r", g->inflight); 1089 } 1090 } 1091 } 1092 1093 static void virtio_gpu_handle_gl_flushed(VirtIOGPUBase *b) 1094 { 1095 VirtIOGPU *g = container_of(b, VirtIOGPU, parent_obj); 1096 1097 virtio_gpu_process_fenceq(g); 1098 virtio_gpu_process_cmdq(g); 1099 } 1100 1101 static void virtio_gpu_handle_ctrl(VirtIODevice *vdev, VirtQueue *vq) 1102 { 1103 VirtIOGPU *g = VIRTIO_GPU(vdev); 1104 struct virtio_gpu_ctrl_command *cmd; 1105 1106 if (!virtio_queue_ready(vq)) { 1107 return; 1108 } 1109 1110 cmd = virtqueue_pop(vq, sizeof(struct virtio_gpu_ctrl_command)); 1111 while (cmd) { 1112 cmd->vq = vq; 1113 cmd->error = 0; 1114 cmd->finished = false; 1115 QTAILQ_INSERT_TAIL(&g->cmdq, cmd, next); 1116 cmd = virtqueue_pop(vq, sizeof(struct virtio_gpu_ctrl_command)); 1117 } 1118 1119 virtio_gpu_process_cmdq(g); 1120 } 1121 1122 static void virtio_gpu_ctrl_bh(void *opaque) 1123 { 1124 VirtIOGPU *g = opaque; 1125 VirtIOGPUClass *vgc = VIRTIO_GPU_GET_CLASS(g); 1126 1127 vgc->handle_ctrl(VIRTIO_DEVICE(g), g->ctrl_vq); 1128 } 1129 1130 static void virtio_gpu_handle_cursor(VirtIODevice *vdev, VirtQueue *vq) 1131 { 1132 VirtIOGPU *g = VIRTIO_GPU(vdev); 1133 VirtQueueElement *elem; 1134 size_t s; 1135 struct virtio_gpu_update_cursor cursor_info; 1136 1137 if (!virtio_queue_ready(vq)) { 1138 return; 1139 } 1140 for (;;) { 1141 elem = virtqueue_pop(vq, sizeof(VirtQueueElement)); 1142 if (!elem) { 1143 break; 1144 } 1145 1146 s = iov_to_buf(elem->out_sg, elem->out_num, 0, 1147 &cursor_info, sizeof(cursor_info)); 1148 if (s != sizeof(cursor_info)) { 1149 qemu_log_mask(LOG_GUEST_ERROR, 1150 "%s: cursor size incorrect %zu vs %zu\n", 1151 __func__, s, sizeof(cursor_info)); 1152 } else { 1153 virtio_gpu_bswap_32(&cursor_info, sizeof(cursor_info)); 1154 update_cursor(g, &cursor_info); 1155 } 1156 virtqueue_push(vq, elem, 0); 1157 virtio_notify(vdev, vq); 1158 g_free(elem); 1159 } 1160 } 1161 1162 static void virtio_gpu_cursor_bh(void *opaque) 1163 { 1164 VirtIOGPU *g = opaque; 1165 virtio_gpu_handle_cursor(&g->parent_obj.parent_obj, g->cursor_vq); 1166 } 1167 1168 static bool scanout_vmstate_after_v2(void *opaque, int version) 1169 { 1170 struct VirtIOGPUBase *base = container_of(opaque, VirtIOGPUBase, scanout); 1171 struct VirtIOGPU *gpu = container_of(base, VirtIOGPU, parent_obj); 1172 1173 return gpu->scanout_vmstate_version >= 2; 1174 } 1175 1176 static const VMStateDescription vmstate_virtio_gpu_scanout = { 1177 .name = "virtio-gpu-one-scanout", 1178 .version_id = 1, 1179 .fields = (const VMStateField[]) { 1180 VMSTATE_UINT32(resource_id, struct virtio_gpu_scanout), 1181 VMSTATE_UINT32(width, struct virtio_gpu_scanout), 1182 VMSTATE_UINT32(height, struct virtio_gpu_scanout), 1183 VMSTATE_INT32(x, struct virtio_gpu_scanout), 1184 VMSTATE_INT32(y, struct virtio_gpu_scanout), 1185 VMSTATE_UINT32(cursor.resource_id, struct virtio_gpu_scanout), 1186 VMSTATE_UINT32(cursor.hot_x, struct virtio_gpu_scanout), 1187 VMSTATE_UINT32(cursor.hot_y, struct virtio_gpu_scanout), 1188 VMSTATE_UINT32(cursor.pos.x, struct virtio_gpu_scanout), 1189 VMSTATE_UINT32(cursor.pos.y, struct virtio_gpu_scanout), 1190 VMSTATE_UINT32_TEST(fb.format, struct virtio_gpu_scanout, 1191 scanout_vmstate_after_v2), 1192 VMSTATE_UINT32_TEST(fb.bytes_pp, struct virtio_gpu_scanout, 1193 scanout_vmstate_after_v2), 1194 VMSTATE_UINT32_TEST(fb.width, struct virtio_gpu_scanout, 1195 scanout_vmstate_after_v2), 1196 VMSTATE_UINT32_TEST(fb.height, struct virtio_gpu_scanout, 1197 scanout_vmstate_after_v2), 1198 VMSTATE_UINT32_TEST(fb.stride, struct virtio_gpu_scanout, 1199 scanout_vmstate_after_v2), 1200 VMSTATE_UINT32_TEST(fb.offset, struct virtio_gpu_scanout, 1201 scanout_vmstate_after_v2), 1202 VMSTATE_END_OF_LIST() 1203 }, 1204 }; 1205 1206 static const VMStateDescription vmstate_virtio_gpu_scanouts = { 1207 .name = "virtio-gpu-scanouts", 1208 .version_id = 1, 1209 .fields = (const VMStateField[]) { 1210 VMSTATE_INT32(parent_obj.enable, struct VirtIOGPU), 1211 VMSTATE_UINT32_EQUAL(parent_obj.conf.max_outputs, 1212 struct VirtIOGPU, NULL), 1213 VMSTATE_STRUCT_VARRAY_UINT32(parent_obj.scanout, struct VirtIOGPU, 1214 parent_obj.conf.max_outputs, 1, 1215 vmstate_virtio_gpu_scanout, 1216 struct virtio_gpu_scanout), 1217 VMSTATE_END_OF_LIST() 1218 }, 1219 }; 1220 1221 static int virtio_gpu_save(QEMUFile *f, void *opaque, size_t size, 1222 const VMStateField *field, JSONWriter *vmdesc) 1223 { 1224 VirtIOGPU *g = opaque; 1225 struct virtio_gpu_simple_resource *res; 1226 int i; 1227 1228 /* in 2d mode we should never find unprocessed commands here */ 1229 assert(QTAILQ_EMPTY(&g->cmdq)); 1230 1231 QTAILQ_FOREACH(res, &g->reslist, next) { 1232 if (res->blob_size) { 1233 continue; 1234 } 1235 qemu_put_be32(f, res->resource_id); 1236 qemu_put_be32(f, res->width); 1237 qemu_put_be32(f, res->height); 1238 qemu_put_be32(f, res->format); 1239 qemu_put_be32(f, res->iov_cnt); 1240 for (i = 0; i < res->iov_cnt; i++) { 1241 qemu_put_be64(f, res->addrs[i]); 1242 qemu_put_be32(f, res->iov[i].iov_len); 1243 } 1244 qemu_put_buffer(f, (void *)pixman_image_get_data(res->image), 1245 pixman_image_get_stride(res->image) * res->height); 1246 } 1247 qemu_put_be32(f, 0); /* end of list */ 1248 1249 return vmstate_save_state(f, &vmstate_virtio_gpu_scanouts, g, NULL); 1250 } 1251 1252 static bool virtio_gpu_load_restore_mapping(VirtIOGPU *g, 1253 struct virtio_gpu_simple_resource *res) 1254 { 1255 int i; 1256 1257 for (i = 0; i < res->iov_cnt; i++) { 1258 hwaddr len = res->iov[i].iov_len; 1259 res->iov[i].iov_base = 1260 dma_memory_map(VIRTIO_DEVICE(g)->dma_as, res->addrs[i], &len, 1261 DMA_DIRECTION_TO_DEVICE, MEMTXATTRS_UNSPECIFIED); 1262 1263 if (!res->iov[i].iov_base || len != res->iov[i].iov_len) { 1264 /* Clean up the half-a-mapping we just created... */ 1265 if (res->iov[i].iov_base) { 1266 dma_memory_unmap(VIRTIO_DEVICE(g)->dma_as, res->iov[i].iov_base, 1267 len, DMA_DIRECTION_TO_DEVICE, 0); 1268 } 1269 /* ...and the mappings for previous loop iterations */ 1270 res->iov_cnt = i; 1271 virtio_gpu_cleanup_mapping(g, res); 1272 return false; 1273 } 1274 } 1275 1276 QTAILQ_INSERT_HEAD(&g->reslist, res, next); 1277 g->hostmem += res->hostmem; 1278 return true; 1279 } 1280 1281 static int virtio_gpu_load(QEMUFile *f, void *opaque, size_t size, 1282 const VMStateField *field) 1283 { 1284 VirtIOGPU *g = opaque; 1285 struct virtio_gpu_simple_resource *res; 1286 uint32_t resource_id, pformat; 1287 void *bits = NULL; 1288 int i; 1289 1290 g->hostmem = 0; 1291 1292 resource_id = qemu_get_be32(f); 1293 while (resource_id != 0) { 1294 res = virtio_gpu_find_resource(g, resource_id); 1295 if (res) { 1296 return -EINVAL; 1297 } 1298 1299 res = g_new0(struct virtio_gpu_simple_resource, 1); 1300 res->resource_id = resource_id; 1301 res->width = qemu_get_be32(f); 1302 res->height = qemu_get_be32(f); 1303 res->format = qemu_get_be32(f); 1304 res->iov_cnt = qemu_get_be32(f); 1305 1306 /* allocate */ 1307 pformat = virtio_gpu_get_pixman_format(res->format); 1308 if (!pformat) { 1309 g_free(res); 1310 return -EINVAL; 1311 } 1312 1313 res->hostmem = calc_image_hostmem(pformat, res->width, res->height); 1314 #ifdef WIN32 1315 bits = qemu_win32_map_alloc(res->hostmem, &res->handle, &error_warn); 1316 if (!bits) { 1317 g_free(res); 1318 return -EINVAL; 1319 } 1320 #endif 1321 res->image = pixman_image_create_bits( 1322 pformat, 1323 res->width, res->height, 1324 bits, res->height ? res->hostmem / res->height : 0); 1325 if (!res->image) { 1326 g_free(res); 1327 return -EINVAL; 1328 } 1329 #ifdef WIN32 1330 pixman_image_set_destroy_function(res->image, win32_pixman_image_destroy, res->handle); 1331 #endif 1332 1333 res->addrs = g_new(uint64_t, res->iov_cnt); 1334 res->iov = g_new(struct iovec, res->iov_cnt); 1335 1336 /* read data */ 1337 for (i = 0; i < res->iov_cnt; i++) { 1338 res->addrs[i] = qemu_get_be64(f); 1339 res->iov[i].iov_len = qemu_get_be32(f); 1340 } 1341 qemu_get_buffer(f, (void *)pixman_image_get_data(res->image), 1342 pixman_image_get_stride(res->image) * res->height); 1343 1344 if (!virtio_gpu_load_restore_mapping(g, res)) { 1345 pixman_image_unref(res->image); 1346 g_free(res); 1347 return -EINVAL; 1348 } 1349 1350 resource_id = qemu_get_be32(f); 1351 } 1352 1353 /* load & apply scanout state */ 1354 vmstate_load_state(f, &vmstate_virtio_gpu_scanouts, g, 1); 1355 1356 return 0; 1357 } 1358 1359 static int virtio_gpu_blob_save(QEMUFile *f, void *opaque, size_t size, 1360 const VMStateField *field, JSONWriter *vmdesc) 1361 { 1362 VirtIOGPU *g = opaque; 1363 struct virtio_gpu_simple_resource *res; 1364 int i; 1365 1366 /* in 2d mode we should never find unprocessed commands here */ 1367 assert(QTAILQ_EMPTY(&g->cmdq)); 1368 1369 QTAILQ_FOREACH(res, &g->reslist, next) { 1370 if (!res->blob_size) { 1371 continue; 1372 } 1373 assert(!res->image); 1374 qemu_put_be32(f, res->resource_id); 1375 qemu_put_be32(f, res->blob_size); 1376 qemu_put_be32(f, res->iov_cnt); 1377 for (i = 0; i < res->iov_cnt; i++) { 1378 qemu_put_be64(f, res->addrs[i]); 1379 qemu_put_be32(f, res->iov[i].iov_len); 1380 } 1381 } 1382 qemu_put_be32(f, 0); /* end of list */ 1383 1384 return 0; 1385 } 1386 1387 static int virtio_gpu_blob_load(QEMUFile *f, void *opaque, size_t size, 1388 const VMStateField *field) 1389 { 1390 VirtIOGPU *g = opaque; 1391 struct virtio_gpu_simple_resource *res; 1392 uint32_t resource_id; 1393 int i; 1394 1395 resource_id = qemu_get_be32(f); 1396 while (resource_id != 0) { 1397 res = virtio_gpu_find_resource(g, resource_id); 1398 if (res) { 1399 return -EINVAL; 1400 } 1401 1402 res = g_new0(struct virtio_gpu_simple_resource, 1); 1403 res->resource_id = resource_id; 1404 res->blob_size = qemu_get_be32(f); 1405 res->iov_cnt = qemu_get_be32(f); 1406 res->addrs = g_new(uint64_t, res->iov_cnt); 1407 res->iov = g_new(struct iovec, res->iov_cnt); 1408 1409 /* read data */ 1410 for (i = 0; i < res->iov_cnt; i++) { 1411 res->addrs[i] = qemu_get_be64(f); 1412 res->iov[i].iov_len = qemu_get_be32(f); 1413 } 1414 1415 if (!virtio_gpu_load_restore_mapping(g, res)) { 1416 g_free(res); 1417 return -EINVAL; 1418 } 1419 1420 virtio_gpu_init_udmabuf(res); 1421 1422 resource_id = qemu_get_be32(f); 1423 } 1424 1425 return 0; 1426 } 1427 1428 static int virtio_gpu_post_load(void *opaque, int version_id) 1429 { 1430 VirtIOGPU *g = opaque; 1431 struct virtio_gpu_scanout *scanout; 1432 struct virtio_gpu_simple_resource *res; 1433 int i; 1434 1435 for (i = 0; i < g->parent_obj.conf.max_outputs; i++) { 1436 scanout = &g->parent_obj.scanout[i]; 1437 if (!scanout->resource_id) { 1438 continue; 1439 } 1440 1441 res = virtio_gpu_find_resource(g, scanout->resource_id); 1442 if (!res) { 1443 return -EINVAL; 1444 } 1445 1446 if (scanout->fb.format != 0) { 1447 uint32_t error = 0; 1448 struct virtio_gpu_rect r = { 1449 .x = scanout->x, 1450 .y = scanout->y, 1451 .width = scanout->width, 1452 .height = scanout->height 1453 }; 1454 1455 if (!virtio_gpu_do_set_scanout(g, i, &scanout->fb, res, &r, &error)) { 1456 return -EINVAL; 1457 } 1458 } else { 1459 /* legacy v1 migration support */ 1460 if (!res->image) { 1461 return -EINVAL; 1462 } 1463 scanout->ds = qemu_create_displaysurface_pixman(res->image); 1464 #ifdef WIN32 1465 qemu_displaysurface_win32_set_handle(scanout->ds, res->handle, 0); 1466 #endif 1467 dpy_gfx_replace_surface(scanout->con, scanout->ds); 1468 } 1469 1470 dpy_gfx_update_full(scanout->con); 1471 if (scanout->cursor.resource_id) { 1472 update_cursor(g, &scanout->cursor); 1473 } 1474 res->scanout_bitmask |= (1 << i); 1475 } 1476 1477 return 0; 1478 } 1479 1480 void virtio_gpu_device_realize(DeviceState *qdev, Error **errp) 1481 { 1482 VirtIODevice *vdev = VIRTIO_DEVICE(qdev); 1483 VirtIOGPU *g = VIRTIO_GPU(qdev); 1484 1485 if (virtio_gpu_blob_enabled(g->parent_obj.conf)) { 1486 if (!virtio_gpu_rutabaga_enabled(g->parent_obj.conf) && 1487 !virtio_gpu_have_udmabuf()) { 1488 error_setg(errp, "need rutabaga or udmabuf for blob resources"); 1489 return; 1490 } 1491 1492 if (virtio_gpu_virgl_enabled(g->parent_obj.conf)) { 1493 error_setg(errp, "blobs and virgl are not compatible (yet)"); 1494 return; 1495 } 1496 } 1497 1498 if (!virtio_gpu_base_device_realize(qdev, 1499 virtio_gpu_handle_ctrl_cb, 1500 virtio_gpu_handle_cursor_cb, 1501 errp)) { 1502 return; 1503 } 1504 1505 g->ctrl_vq = virtio_get_queue(vdev, 0); 1506 g->cursor_vq = virtio_get_queue(vdev, 1); 1507 g->ctrl_bh = virtio_bh_new_guarded(qdev, virtio_gpu_ctrl_bh, g); 1508 g->cursor_bh = virtio_bh_new_guarded(qdev, virtio_gpu_cursor_bh, g); 1509 g->reset_bh = qemu_bh_new(virtio_gpu_reset_bh, g); 1510 qemu_cond_init(&g->reset_cond); 1511 QTAILQ_INIT(&g->reslist); 1512 QTAILQ_INIT(&g->cmdq); 1513 QTAILQ_INIT(&g->fenceq); 1514 } 1515 1516 static void virtio_gpu_device_unrealize(DeviceState *qdev) 1517 { 1518 VirtIOGPU *g = VIRTIO_GPU(qdev); 1519 1520 g_clear_pointer(&g->ctrl_bh, qemu_bh_delete); 1521 g_clear_pointer(&g->cursor_bh, qemu_bh_delete); 1522 g_clear_pointer(&g->reset_bh, qemu_bh_delete); 1523 qemu_cond_destroy(&g->reset_cond); 1524 virtio_gpu_base_device_unrealize(qdev); 1525 } 1526 1527 static void virtio_gpu_reset_bh(void *opaque) 1528 { 1529 VirtIOGPU *g = VIRTIO_GPU(opaque); 1530 VirtIOGPUClass *vgc = VIRTIO_GPU_GET_CLASS(g); 1531 struct virtio_gpu_simple_resource *res, *tmp; 1532 uint32_t resource_id; 1533 Error *local_err = NULL; 1534 int i = 0; 1535 1536 QTAILQ_FOREACH_SAFE(res, &g->reslist, next, tmp) { 1537 resource_id = res->resource_id; 1538 vgc->resource_destroy(g, res, &local_err); 1539 if (local_err) { 1540 error_append_hint(&local_err, "%s: %s resource_destroy" 1541 "for resource_id = %"PRIu32" failed.\n", 1542 __func__, object_get_typename(OBJECT(g)), 1543 resource_id); 1544 /* error_report_err frees the error object for us */ 1545 error_report_err(local_err); 1546 local_err = NULL; 1547 } 1548 } 1549 1550 for (i = 0; i < g->parent_obj.conf.max_outputs; i++) { 1551 dpy_gfx_replace_surface(g->parent_obj.scanout[i].con, NULL); 1552 } 1553 1554 g->reset_finished = true; 1555 qemu_cond_signal(&g->reset_cond); 1556 } 1557 1558 void virtio_gpu_reset(VirtIODevice *vdev) 1559 { 1560 VirtIOGPU *g = VIRTIO_GPU(vdev); 1561 struct virtio_gpu_ctrl_command *cmd; 1562 1563 if (qemu_in_vcpu_thread()) { 1564 g->reset_finished = false; 1565 qemu_bh_schedule(g->reset_bh); 1566 while (!g->reset_finished) { 1567 qemu_cond_wait_bql(&g->reset_cond); 1568 } 1569 } else { 1570 aio_bh_call(g->reset_bh); 1571 } 1572 1573 while (!QTAILQ_EMPTY(&g->cmdq)) { 1574 cmd = QTAILQ_FIRST(&g->cmdq); 1575 QTAILQ_REMOVE(&g->cmdq, cmd, next); 1576 g_free(cmd); 1577 } 1578 1579 while (!QTAILQ_EMPTY(&g->fenceq)) { 1580 cmd = QTAILQ_FIRST(&g->fenceq); 1581 QTAILQ_REMOVE(&g->fenceq, cmd, next); 1582 g->inflight--; 1583 g_free(cmd); 1584 } 1585 1586 virtio_gpu_base_reset(VIRTIO_GPU_BASE(vdev)); 1587 } 1588 1589 static void 1590 virtio_gpu_get_config(VirtIODevice *vdev, uint8_t *config) 1591 { 1592 VirtIOGPUBase *g = VIRTIO_GPU_BASE(vdev); 1593 1594 memcpy(config, &g->virtio_config, sizeof(g->virtio_config)); 1595 } 1596 1597 static void 1598 virtio_gpu_set_config(VirtIODevice *vdev, const uint8_t *config) 1599 { 1600 VirtIOGPUBase *g = VIRTIO_GPU_BASE(vdev); 1601 const struct virtio_gpu_config *vgconfig = 1602 (const struct virtio_gpu_config *)config; 1603 1604 if (vgconfig->events_clear) { 1605 g->virtio_config.events_read &= ~vgconfig->events_clear; 1606 } 1607 } 1608 1609 static bool virtio_gpu_blob_state_needed(void *opaque) 1610 { 1611 VirtIOGPU *g = VIRTIO_GPU(opaque); 1612 1613 return virtio_gpu_blob_enabled(g->parent_obj.conf); 1614 } 1615 1616 const VMStateDescription vmstate_virtio_gpu_blob_state = { 1617 .name = "virtio-gpu/blob", 1618 .minimum_version_id = VIRTIO_GPU_VM_VERSION, 1619 .version_id = VIRTIO_GPU_VM_VERSION, 1620 .needed = virtio_gpu_blob_state_needed, 1621 .fields = (const VMStateField[]){ 1622 { 1623 .name = "virtio-gpu/blob", 1624 .info = &(const VMStateInfo) { 1625 .name = "blob", 1626 .get = virtio_gpu_blob_load, 1627 .put = virtio_gpu_blob_save, 1628 }, 1629 .flags = VMS_SINGLE, 1630 } /* device */, 1631 VMSTATE_END_OF_LIST() 1632 }, 1633 }; 1634 1635 /* 1636 * For historical reasons virtio_gpu does not adhere to virtio migration 1637 * scheme as described in doc/virtio-migration.txt, in a sense that no 1638 * save/load callback are provided to the core. Instead the device data 1639 * is saved/loaded after the core data. 1640 * 1641 * Because of this we need a special vmsd. 1642 */ 1643 static const VMStateDescription vmstate_virtio_gpu = { 1644 .name = "virtio-gpu", 1645 .minimum_version_id = VIRTIO_GPU_VM_VERSION, 1646 .version_id = VIRTIO_GPU_VM_VERSION, 1647 .fields = (const VMStateField[]) { 1648 VMSTATE_VIRTIO_DEVICE /* core */, 1649 { 1650 .name = "virtio-gpu", 1651 .info = &(const VMStateInfo) { 1652 .name = "virtio-gpu", 1653 .get = virtio_gpu_load, 1654 .put = virtio_gpu_save, 1655 }, 1656 .flags = VMS_SINGLE, 1657 } /* device */, 1658 VMSTATE_END_OF_LIST() 1659 }, 1660 .subsections = (const VMStateDescription * const []) { 1661 &vmstate_virtio_gpu_blob_state, 1662 NULL 1663 }, 1664 .post_load = virtio_gpu_post_load, 1665 }; 1666 1667 static Property virtio_gpu_properties[] = { 1668 VIRTIO_GPU_BASE_PROPERTIES(VirtIOGPU, parent_obj.conf), 1669 DEFINE_PROP_SIZE("max_hostmem", VirtIOGPU, conf_max_hostmem, 1670 256 * MiB), 1671 DEFINE_PROP_BIT("blob", VirtIOGPU, parent_obj.conf.flags, 1672 VIRTIO_GPU_FLAG_BLOB_ENABLED, false), 1673 DEFINE_PROP_SIZE("hostmem", VirtIOGPU, parent_obj.conf.hostmem, 0), 1674 DEFINE_PROP_UINT8("x-scanout-vmstate-version", VirtIOGPU, scanout_vmstate_version, 2), 1675 DEFINE_PROP_END_OF_LIST(), 1676 }; 1677 1678 static void virtio_gpu_class_init(ObjectClass *klass, void *data) 1679 { 1680 DeviceClass *dc = DEVICE_CLASS(klass); 1681 VirtioDeviceClass *vdc = VIRTIO_DEVICE_CLASS(klass); 1682 VirtIOGPUClass *vgc = VIRTIO_GPU_CLASS(klass); 1683 VirtIOGPUBaseClass *vgbc = &vgc->parent; 1684 1685 vgc->handle_ctrl = virtio_gpu_handle_ctrl; 1686 vgc->process_cmd = virtio_gpu_simple_process_cmd; 1687 vgc->update_cursor_data = virtio_gpu_update_cursor_data; 1688 vgc->resource_destroy = virtio_gpu_resource_destroy; 1689 vgbc->gl_flushed = virtio_gpu_handle_gl_flushed; 1690 1691 vdc->realize = virtio_gpu_device_realize; 1692 vdc->unrealize = virtio_gpu_device_unrealize; 1693 vdc->reset = virtio_gpu_reset; 1694 vdc->get_config = virtio_gpu_get_config; 1695 vdc->set_config = virtio_gpu_set_config; 1696 1697 dc->vmsd = &vmstate_virtio_gpu; 1698 device_class_set_props(dc, virtio_gpu_properties); 1699 } 1700 1701 static const TypeInfo virtio_gpu_info = { 1702 .name = TYPE_VIRTIO_GPU, 1703 .parent = TYPE_VIRTIO_GPU_BASE, 1704 .instance_size = sizeof(VirtIOGPU), 1705 .class_size = sizeof(VirtIOGPUClass), 1706 .class_init = virtio_gpu_class_init, 1707 }; 1708 module_obj(TYPE_VIRTIO_GPU); 1709 module_kconfig(VIRTIO_GPU); 1710 1711 static void virtio_register_types(void) 1712 { 1713 type_register_static(&virtio_gpu_info); 1714 } 1715 1716 type_init(virtio_register_types) 1717