1 /* 2 * Virtio GPU Device 3 * 4 * Copyright Red Hat, Inc. 2013-2014 5 * 6 * Authors: 7 * Dave Airlie <airlied@redhat.com> 8 * Gerd Hoffmann <kraxel@redhat.com> 9 * 10 * This work is licensed under the terms of the GNU GPL, version 2 or later. 11 * See the COPYING file in the top-level directory. 12 */ 13 14 #include "qemu/osdep.h" 15 #include "qemu/units.h" 16 #include "qemu/iov.h" 17 #include "sysemu/cpus.h" 18 #include "ui/console.h" 19 #include "ui/rect.h" 20 #include "trace.h" 21 #include "sysemu/dma.h" 22 #include "sysemu/sysemu.h" 23 #include "hw/virtio/virtio.h" 24 #include "migration/qemu-file-types.h" 25 #include "hw/virtio/virtio-gpu.h" 26 #include "hw/virtio/virtio-gpu-bswap.h" 27 #include "hw/virtio/virtio-gpu-pixman.h" 28 #include "hw/virtio/virtio-bus.h" 29 #include "hw/qdev-properties.h" 30 #include "qemu/log.h" 31 #include "qemu/module.h" 32 #include "qapi/error.h" 33 #include "qemu/error-report.h" 34 35 #define VIRTIO_GPU_VM_VERSION 1 36 37 static struct virtio_gpu_simple_resource * 38 virtio_gpu_find_check_resource(VirtIOGPU *g, uint32_t resource_id, 39 bool require_backing, 40 const char *caller, uint32_t *error); 41 42 static void virtio_gpu_reset_bh(void *opaque); 43 44 void virtio_gpu_update_cursor_data(VirtIOGPU *g, 45 struct virtio_gpu_scanout *s, 46 uint32_t resource_id) 47 { 48 struct virtio_gpu_simple_resource *res; 49 uint32_t pixels; 50 void *data; 51 52 res = virtio_gpu_find_check_resource(g, resource_id, false, 53 __func__, NULL); 54 if (!res) { 55 return; 56 } 57 58 if (res->blob_size) { 59 if (res->blob_size < (s->current_cursor->width * 60 s->current_cursor->height * 4)) { 61 return; 62 } 63 data = res->blob; 64 } else { 65 if (pixman_image_get_width(res->image) != s->current_cursor->width || 66 pixman_image_get_height(res->image) != s->current_cursor->height) { 67 return; 68 } 69 data = pixman_image_get_data(res->image); 70 } 71 72 pixels = s->current_cursor->width * s->current_cursor->height; 73 memcpy(s->current_cursor->data, data, 74 pixels * sizeof(uint32_t)); 75 } 76 77 static void update_cursor(VirtIOGPU *g, struct virtio_gpu_update_cursor *cursor) 78 { 79 struct virtio_gpu_scanout *s; 80 VirtIOGPUClass *vgc = VIRTIO_GPU_GET_CLASS(g); 81 bool move = cursor->hdr.type == VIRTIO_GPU_CMD_MOVE_CURSOR; 82 83 if (cursor->pos.scanout_id >= g->parent_obj.conf.max_outputs) { 84 return; 85 } 86 s = &g->parent_obj.scanout[cursor->pos.scanout_id]; 87 88 trace_virtio_gpu_update_cursor(cursor->pos.scanout_id, 89 cursor->pos.x, 90 cursor->pos.y, 91 move ? "move" : "update", 92 cursor->resource_id); 93 94 if (!move) { 95 if (!s->current_cursor) { 96 s->current_cursor = cursor_alloc(64, 64); 97 } 98 99 s->current_cursor->hot_x = cursor->hot_x; 100 s->current_cursor->hot_y = cursor->hot_y; 101 102 if (cursor->resource_id > 0) { 103 vgc->update_cursor_data(g, s, cursor->resource_id); 104 } 105 dpy_cursor_define(s->con, s->current_cursor); 106 107 s->cursor = *cursor; 108 } else { 109 s->cursor.pos.x = cursor->pos.x; 110 s->cursor.pos.y = cursor->pos.y; 111 } 112 dpy_mouse_set(s->con, cursor->pos.x, cursor->pos.y, 113 cursor->resource_id ? 1 : 0); 114 } 115 116 struct virtio_gpu_simple_resource * 117 virtio_gpu_find_resource(VirtIOGPU *g, uint32_t resource_id) 118 { 119 struct virtio_gpu_simple_resource *res; 120 121 QTAILQ_FOREACH(res, &g->reslist, next) { 122 if (res->resource_id == resource_id) { 123 return res; 124 } 125 } 126 return NULL; 127 } 128 129 static struct virtio_gpu_simple_resource * 130 virtio_gpu_find_check_resource(VirtIOGPU *g, uint32_t resource_id, 131 bool require_backing, 132 const char *caller, uint32_t *error) 133 { 134 struct virtio_gpu_simple_resource *res; 135 136 res = virtio_gpu_find_resource(g, resource_id); 137 if (!res) { 138 qemu_log_mask(LOG_GUEST_ERROR, "%s: invalid resource specified %d\n", 139 caller, resource_id); 140 if (error) { 141 *error = VIRTIO_GPU_RESP_ERR_INVALID_RESOURCE_ID; 142 } 143 return NULL; 144 } 145 146 if (require_backing) { 147 if (!res->iov || (!res->image && !res->blob)) { 148 qemu_log_mask(LOG_GUEST_ERROR, "%s: no backing storage %d\n", 149 caller, resource_id); 150 if (error) { 151 *error = VIRTIO_GPU_RESP_ERR_UNSPEC; 152 } 153 return NULL; 154 } 155 } 156 157 return res; 158 } 159 160 void virtio_gpu_ctrl_response(VirtIOGPU *g, 161 struct virtio_gpu_ctrl_command *cmd, 162 struct virtio_gpu_ctrl_hdr *resp, 163 size_t resp_len) 164 { 165 size_t s; 166 167 if (cmd->cmd_hdr.flags & VIRTIO_GPU_FLAG_FENCE) { 168 resp->flags |= VIRTIO_GPU_FLAG_FENCE; 169 resp->fence_id = cmd->cmd_hdr.fence_id; 170 resp->ctx_id = cmd->cmd_hdr.ctx_id; 171 } 172 virtio_gpu_ctrl_hdr_bswap(resp); 173 s = iov_from_buf(cmd->elem.in_sg, cmd->elem.in_num, 0, resp, resp_len); 174 if (s != resp_len) { 175 qemu_log_mask(LOG_GUEST_ERROR, 176 "%s: response size incorrect %zu vs %zu\n", 177 __func__, s, resp_len); 178 } 179 virtqueue_push(cmd->vq, &cmd->elem, s); 180 virtio_notify(VIRTIO_DEVICE(g), cmd->vq); 181 cmd->finished = true; 182 } 183 184 void virtio_gpu_ctrl_response_nodata(VirtIOGPU *g, 185 struct virtio_gpu_ctrl_command *cmd, 186 enum virtio_gpu_ctrl_type type) 187 { 188 struct virtio_gpu_ctrl_hdr resp; 189 190 memset(&resp, 0, sizeof(resp)); 191 resp.type = type; 192 virtio_gpu_ctrl_response(g, cmd, &resp, sizeof(resp)); 193 } 194 195 void virtio_gpu_get_display_info(VirtIOGPU *g, 196 struct virtio_gpu_ctrl_command *cmd) 197 { 198 struct virtio_gpu_resp_display_info display_info; 199 200 trace_virtio_gpu_cmd_get_display_info(); 201 memset(&display_info, 0, sizeof(display_info)); 202 display_info.hdr.type = VIRTIO_GPU_RESP_OK_DISPLAY_INFO; 203 virtio_gpu_base_fill_display_info(VIRTIO_GPU_BASE(g), &display_info); 204 virtio_gpu_ctrl_response(g, cmd, &display_info.hdr, 205 sizeof(display_info)); 206 } 207 208 void virtio_gpu_get_edid(VirtIOGPU *g, 209 struct virtio_gpu_ctrl_command *cmd) 210 { 211 struct virtio_gpu_resp_edid edid; 212 struct virtio_gpu_cmd_get_edid get_edid; 213 VirtIOGPUBase *b = VIRTIO_GPU_BASE(g); 214 215 VIRTIO_GPU_FILL_CMD(get_edid); 216 virtio_gpu_bswap_32(&get_edid, sizeof(get_edid)); 217 218 if (get_edid.scanout >= b->conf.max_outputs) { 219 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_PARAMETER; 220 return; 221 } 222 223 trace_virtio_gpu_cmd_get_edid(get_edid.scanout); 224 memset(&edid, 0, sizeof(edid)); 225 edid.hdr.type = VIRTIO_GPU_RESP_OK_EDID; 226 virtio_gpu_base_generate_edid(VIRTIO_GPU_BASE(g), get_edid.scanout, &edid); 227 virtio_gpu_ctrl_response(g, cmd, &edid.hdr, sizeof(edid)); 228 } 229 230 static uint32_t calc_image_hostmem(pixman_format_code_t pformat, 231 uint32_t width, uint32_t height) 232 { 233 /* Copied from pixman/pixman-bits-image.c, skip integer overflow check. 234 * pixman_image_create_bits will fail in case it overflow. 235 */ 236 237 int bpp = PIXMAN_FORMAT_BPP(pformat); 238 int stride = ((width * bpp + 0x1f) >> 5) * sizeof(uint32_t); 239 return height * stride; 240 } 241 242 #ifdef WIN32 243 static void 244 win32_pixman_image_destroy(pixman_image_t *image, void *data) 245 { 246 HANDLE handle = data; 247 248 qemu_win32_map_free(pixman_image_get_data(image), handle, &error_warn); 249 } 250 #endif 251 252 static void virtio_gpu_resource_create_2d(VirtIOGPU *g, 253 struct virtio_gpu_ctrl_command *cmd) 254 { 255 pixman_format_code_t pformat; 256 struct virtio_gpu_simple_resource *res; 257 struct virtio_gpu_resource_create_2d c2d; 258 259 VIRTIO_GPU_FILL_CMD(c2d); 260 virtio_gpu_bswap_32(&c2d, sizeof(c2d)); 261 trace_virtio_gpu_cmd_res_create_2d(c2d.resource_id, c2d.format, 262 c2d.width, c2d.height); 263 264 if (c2d.resource_id == 0) { 265 qemu_log_mask(LOG_GUEST_ERROR, "%s: resource id 0 is not allowed\n", 266 __func__); 267 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_RESOURCE_ID; 268 return; 269 } 270 271 res = virtio_gpu_find_resource(g, c2d.resource_id); 272 if (res) { 273 qemu_log_mask(LOG_GUEST_ERROR, "%s: resource already exists %d\n", 274 __func__, c2d.resource_id); 275 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_RESOURCE_ID; 276 return; 277 } 278 279 res = g_new0(struct virtio_gpu_simple_resource, 1); 280 281 res->width = c2d.width; 282 res->height = c2d.height; 283 res->format = c2d.format; 284 res->resource_id = c2d.resource_id; 285 286 pformat = virtio_gpu_get_pixman_format(c2d.format); 287 if (!pformat) { 288 qemu_log_mask(LOG_GUEST_ERROR, 289 "%s: host couldn't handle guest format %d\n", 290 __func__, c2d.format); 291 g_free(res); 292 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_PARAMETER; 293 return; 294 } 295 296 res->hostmem = calc_image_hostmem(pformat, c2d.width, c2d.height); 297 if (res->hostmem + g->hostmem < g->conf_max_hostmem) { 298 void *bits = NULL; 299 #ifdef WIN32 300 bits = qemu_win32_map_alloc(res->hostmem, &res->handle, &error_warn); 301 if (!bits) { 302 goto end; 303 } 304 #endif 305 res->image = pixman_image_create_bits( 306 pformat, 307 c2d.width, 308 c2d.height, 309 bits, c2d.height ? res->hostmem / c2d.height : 0); 310 #ifdef WIN32 311 if (res->image) { 312 pixman_image_set_destroy_function(res->image, win32_pixman_image_destroy, res->handle); 313 } 314 #endif 315 } 316 317 #ifdef WIN32 318 end: 319 #endif 320 if (!res->image) { 321 qemu_log_mask(LOG_GUEST_ERROR, 322 "%s: resource creation failed %d %d %d\n", 323 __func__, c2d.resource_id, c2d.width, c2d.height); 324 g_free(res); 325 cmd->error = VIRTIO_GPU_RESP_ERR_OUT_OF_MEMORY; 326 return; 327 } 328 329 QTAILQ_INSERT_HEAD(&g->reslist, res, next); 330 g->hostmem += res->hostmem; 331 } 332 333 static void virtio_gpu_resource_create_blob(VirtIOGPU *g, 334 struct virtio_gpu_ctrl_command *cmd) 335 { 336 struct virtio_gpu_simple_resource *res; 337 struct virtio_gpu_resource_create_blob cblob; 338 int ret; 339 340 VIRTIO_GPU_FILL_CMD(cblob); 341 virtio_gpu_create_blob_bswap(&cblob); 342 trace_virtio_gpu_cmd_res_create_blob(cblob.resource_id, cblob.size); 343 344 if (cblob.resource_id == 0) { 345 qemu_log_mask(LOG_GUEST_ERROR, "%s: resource id 0 is not allowed\n", 346 __func__); 347 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_RESOURCE_ID; 348 return; 349 } 350 351 if (cblob.blob_mem != VIRTIO_GPU_BLOB_MEM_GUEST && 352 cblob.blob_flags != VIRTIO_GPU_BLOB_FLAG_USE_SHAREABLE) { 353 qemu_log_mask(LOG_GUEST_ERROR, "%s: invalid memory type\n", 354 __func__); 355 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_PARAMETER; 356 return; 357 } 358 359 if (virtio_gpu_find_resource(g, cblob.resource_id)) { 360 qemu_log_mask(LOG_GUEST_ERROR, "%s: resource already exists %d\n", 361 __func__, cblob.resource_id); 362 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_RESOURCE_ID; 363 return; 364 } 365 366 res = g_new0(struct virtio_gpu_simple_resource, 1); 367 res->resource_id = cblob.resource_id; 368 res->blob_size = cblob.size; 369 370 ret = virtio_gpu_create_mapping_iov(g, cblob.nr_entries, sizeof(cblob), 371 cmd, &res->addrs, &res->iov, 372 &res->iov_cnt); 373 if (ret != 0) { 374 cmd->error = VIRTIO_GPU_RESP_ERR_UNSPEC; 375 g_free(res); 376 return; 377 } 378 379 virtio_gpu_init_udmabuf(res); 380 QTAILQ_INSERT_HEAD(&g->reslist, res, next); 381 } 382 383 static void virtio_gpu_disable_scanout(VirtIOGPU *g, int scanout_id) 384 { 385 struct virtio_gpu_scanout *scanout = &g->parent_obj.scanout[scanout_id]; 386 struct virtio_gpu_simple_resource *res; 387 388 if (scanout->resource_id == 0) { 389 return; 390 } 391 392 res = virtio_gpu_find_resource(g, scanout->resource_id); 393 if (res) { 394 res->scanout_bitmask &= ~(1 << scanout_id); 395 } 396 397 dpy_gfx_replace_surface(scanout->con, NULL); 398 scanout->resource_id = 0; 399 scanout->ds = NULL; 400 scanout->width = 0; 401 scanout->height = 0; 402 } 403 404 static void virtio_gpu_resource_destroy(VirtIOGPU *g, 405 struct virtio_gpu_simple_resource *res, 406 Error **errp) 407 { 408 int i; 409 410 if (res->scanout_bitmask) { 411 for (i = 0; i < g->parent_obj.conf.max_outputs; i++) { 412 if (res->scanout_bitmask & (1 << i)) { 413 virtio_gpu_disable_scanout(g, i); 414 } 415 } 416 } 417 418 qemu_pixman_image_unref(res->image); 419 virtio_gpu_cleanup_mapping(g, res); 420 QTAILQ_REMOVE(&g->reslist, res, next); 421 g->hostmem -= res->hostmem; 422 g_free(res); 423 } 424 425 static void virtio_gpu_resource_unref(VirtIOGPU *g, 426 struct virtio_gpu_ctrl_command *cmd) 427 { 428 struct virtio_gpu_simple_resource *res; 429 struct virtio_gpu_resource_unref unref; 430 431 VIRTIO_GPU_FILL_CMD(unref); 432 virtio_gpu_bswap_32(&unref, sizeof(unref)); 433 trace_virtio_gpu_cmd_res_unref(unref.resource_id); 434 435 res = virtio_gpu_find_resource(g, unref.resource_id); 436 if (!res) { 437 qemu_log_mask(LOG_GUEST_ERROR, "%s: illegal resource specified %d\n", 438 __func__, unref.resource_id); 439 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_RESOURCE_ID; 440 return; 441 } 442 /* 443 * virtio_gpu_resource_destroy does not set any errors, so pass a NULL errp 444 * to ignore them. 445 */ 446 virtio_gpu_resource_destroy(g, res, NULL); 447 } 448 449 static void virtio_gpu_transfer_to_host_2d(VirtIOGPU *g, 450 struct virtio_gpu_ctrl_command *cmd) 451 { 452 struct virtio_gpu_simple_resource *res; 453 int h, bpp; 454 uint32_t src_offset, dst_offset, stride; 455 pixman_format_code_t format; 456 struct virtio_gpu_transfer_to_host_2d t2d; 457 void *img_data; 458 459 VIRTIO_GPU_FILL_CMD(t2d); 460 virtio_gpu_t2d_bswap(&t2d); 461 trace_virtio_gpu_cmd_res_xfer_toh_2d(t2d.resource_id); 462 463 res = virtio_gpu_find_check_resource(g, t2d.resource_id, true, 464 __func__, &cmd->error); 465 if (!res || res->blob) { 466 return; 467 } 468 469 if (t2d.r.x > res->width || 470 t2d.r.y > res->height || 471 t2d.r.width > res->width || 472 t2d.r.height > res->height || 473 t2d.r.x + t2d.r.width > res->width || 474 t2d.r.y + t2d.r.height > res->height) { 475 qemu_log_mask(LOG_GUEST_ERROR, "%s: transfer bounds outside resource" 476 " bounds for resource %d: %d %d %d %d vs %d %d\n", 477 __func__, t2d.resource_id, t2d.r.x, t2d.r.y, 478 t2d.r.width, t2d.r.height, res->width, res->height); 479 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_PARAMETER; 480 return; 481 } 482 483 format = pixman_image_get_format(res->image); 484 bpp = DIV_ROUND_UP(PIXMAN_FORMAT_BPP(format), 8); 485 stride = pixman_image_get_stride(res->image); 486 img_data = pixman_image_get_data(res->image); 487 488 if (t2d.r.x || t2d.r.width != pixman_image_get_width(res->image)) { 489 for (h = 0; h < t2d.r.height; h++) { 490 src_offset = t2d.offset + stride * h; 491 dst_offset = (t2d.r.y + h) * stride + (t2d.r.x * bpp); 492 493 iov_to_buf(res->iov, res->iov_cnt, src_offset, 494 (uint8_t *)img_data + dst_offset, 495 t2d.r.width * bpp); 496 } 497 } else { 498 src_offset = t2d.offset; 499 dst_offset = t2d.r.y * stride + t2d.r.x * bpp; 500 iov_to_buf(res->iov, res->iov_cnt, src_offset, 501 (uint8_t *)img_data + dst_offset, 502 stride * t2d.r.height); 503 } 504 } 505 506 static void virtio_gpu_resource_flush(VirtIOGPU *g, 507 struct virtio_gpu_ctrl_command *cmd) 508 { 509 struct virtio_gpu_simple_resource *res; 510 struct virtio_gpu_resource_flush rf; 511 struct virtio_gpu_scanout *scanout; 512 QemuRect flush_rect; 513 bool within_bounds = false; 514 bool update_submitted = false; 515 int i; 516 517 VIRTIO_GPU_FILL_CMD(rf); 518 virtio_gpu_bswap_32(&rf, sizeof(rf)); 519 trace_virtio_gpu_cmd_res_flush(rf.resource_id, 520 rf.r.width, rf.r.height, rf.r.x, rf.r.y); 521 522 res = virtio_gpu_find_check_resource(g, rf.resource_id, false, 523 __func__, &cmd->error); 524 if (!res) { 525 return; 526 } 527 528 if (res->blob) { 529 for (i = 0; i < g->parent_obj.conf.max_outputs; i++) { 530 scanout = &g->parent_obj.scanout[i]; 531 if (scanout->resource_id == res->resource_id && 532 rf.r.x < scanout->x + scanout->width && 533 rf.r.x + rf.r.width >= scanout->x && 534 rf.r.y < scanout->y + scanout->height && 535 rf.r.y + rf.r.height >= scanout->y) { 536 within_bounds = true; 537 538 if (console_has_gl(scanout->con)) { 539 dpy_gl_update(scanout->con, 0, 0, scanout->width, 540 scanout->height); 541 update_submitted = true; 542 } 543 } 544 } 545 546 if (update_submitted) { 547 return; 548 } 549 if (!within_bounds) { 550 qemu_log_mask(LOG_GUEST_ERROR, "%s: flush bounds outside scanouts" 551 " bounds for flush %d: %d %d %d %d\n", 552 __func__, rf.resource_id, rf.r.x, rf.r.y, 553 rf.r.width, rf.r.height); 554 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_PARAMETER; 555 return; 556 } 557 } 558 559 if (!res->blob && 560 (rf.r.x > res->width || 561 rf.r.y > res->height || 562 rf.r.width > res->width || 563 rf.r.height > res->height || 564 rf.r.x + rf.r.width > res->width || 565 rf.r.y + rf.r.height > res->height)) { 566 qemu_log_mask(LOG_GUEST_ERROR, "%s: flush bounds outside resource" 567 " bounds for resource %d: %d %d %d %d vs %d %d\n", 568 __func__, rf.resource_id, rf.r.x, rf.r.y, 569 rf.r.width, rf.r.height, res->width, res->height); 570 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_PARAMETER; 571 return; 572 } 573 574 qemu_rect_init(&flush_rect, rf.r.x, rf.r.y, rf.r.width, rf.r.height); 575 for (i = 0; i < g->parent_obj.conf.max_outputs; i++) { 576 QemuRect rect; 577 578 if (!(res->scanout_bitmask & (1 << i))) { 579 continue; 580 } 581 scanout = &g->parent_obj.scanout[i]; 582 583 qemu_rect_init(&rect, scanout->x, scanout->y, 584 scanout->width, scanout->height); 585 586 /* work out the area we need to update for each console */ 587 if (qemu_rect_intersect(&flush_rect, &rect, &rect)) { 588 qemu_rect_translate(&rect, -scanout->x, -scanout->y); 589 dpy_gfx_update(g->parent_obj.scanout[i].con, 590 rect.x, rect.y, rect.width, rect.height); 591 } 592 } 593 } 594 595 static void virtio_unref_resource(pixman_image_t *image, void *data) 596 { 597 pixman_image_unref(data); 598 } 599 600 static void virtio_gpu_update_scanout(VirtIOGPU *g, 601 uint32_t scanout_id, 602 struct virtio_gpu_simple_resource *res, 603 struct virtio_gpu_framebuffer *fb, 604 struct virtio_gpu_rect *r) 605 { 606 struct virtio_gpu_simple_resource *ores; 607 struct virtio_gpu_scanout *scanout; 608 609 scanout = &g->parent_obj.scanout[scanout_id]; 610 ores = virtio_gpu_find_resource(g, scanout->resource_id); 611 if (ores) { 612 ores->scanout_bitmask &= ~(1 << scanout_id); 613 } 614 615 res->scanout_bitmask |= (1 << scanout_id); 616 scanout->resource_id = res->resource_id; 617 scanout->x = r->x; 618 scanout->y = r->y; 619 scanout->width = r->width; 620 scanout->height = r->height; 621 scanout->fb = *fb; 622 } 623 624 static bool virtio_gpu_do_set_scanout(VirtIOGPU *g, 625 uint32_t scanout_id, 626 struct virtio_gpu_framebuffer *fb, 627 struct virtio_gpu_simple_resource *res, 628 struct virtio_gpu_rect *r, 629 uint32_t *error) 630 { 631 struct virtio_gpu_scanout *scanout; 632 uint8_t *data; 633 634 scanout = &g->parent_obj.scanout[scanout_id]; 635 636 if (r->x > fb->width || 637 r->y > fb->height || 638 r->width < 16 || 639 r->height < 16 || 640 r->width > fb->width || 641 r->height > fb->height || 642 r->x + r->width > fb->width || 643 r->y + r->height > fb->height) { 644 qemu_log_mask(LOG_GUEST_ERROR, "%s: illegal scanout %d bounds for" 645 " resource %d, rect (%d,%d)+%d,%d, fb %d %d\n", 646 __func__, scanout_id, res->resource_id, 647 r->x, r->y, r->width, r->height, 648 fb->width, fb->height); 649 *error = VIRTIO_GPU_RESP_ERR_INVALID_PARAMETER; 650 return false; 651 } 652 653 g->parent_obj.enable = 1; 654 655 if (res->blob) { 656 if (console_has_gl(scanout->con)) { 657 if (!virtio_gpu_update_dmabuf(g, scanout_id, res, fb, r)) { 658 virtio_gpu_update_scanout(g, scanout_id, res, fb, r); 659 } else { 660 *error = VIRTIO_GPU_RESP_ERR_OUT_OF_MEMORY; 661 return false; 662 } 663 return true; 664 } 665 666 data = res->blob; 667 } else { 668 data = (uint8_t *)pixman_image_get_data(res->image); 669 } 670 671 /* create a surface for this scanout */ 672 if ((res->blob && !console_has_gl(scanout->con)) || 673 !scanout->ds || 674 surface_data(scanout->ds) != data + fb->offset || 675 scanout->width != r->width || 676 scanout->height != r->height) { 677 pixman_image_t *rect; 678 void *ptr = data + fb->offset; 679 rect = pixman_image_create_bits(fb->format, r->width, r->height, 680 ptr, fb->stride); 681 682 if (res->image) { 683 pixman_image_ref(res->image); 684 pixman_image_set_destroy_function(rect, virtio_unref_resource, 685 res->image); 686 } 687 688 /* realloc the surface ptr */ 689 scanout->ds = qemu_create_displaysurface_pixman(rect); 690 #ifdef WIN32 691 qemu_displaysurface_win32_set_handle(scanout->ds, res->handle, fb->offset); 692 #endif 693 694 pixman_image_unref(rect); 695 dpy_gfx_replace_surface(g->parent_obj.scanout[scanout_id].con, 696 scanout->ds); 697 } 698 699 virtio_gpu_update_scanout(g, scanout_id, res, fb, r); 700 return true; 701 } 702 703 static void virtio_gpu_set_scanout(VirtIOGPU *g, 704 struct virtio_gpu_ctrl_command *cmd) 705 { 706 struct virtio_gpu_simple_resource *res; 707 struct virtio_gpu_framebuffer fb = { 0 }; 708 struct virtio_gpu_set_scanout ss; 709 710 VIRTIO_GPU_FILL_CMD(ss); 711 virtio_gpu_bswap_32(&ss, sizeof(ss)); 712 trace_virtio_gpu_cmd_set_scanout(ss.scanout_id, ss.resource_id, 713 ss.r.width, ss.r.height, ss.r.x, ss.r.y); 714 715 if (ss.scanout_id >= g->parent_obj.conf.max_outputs) { 716 qemu_log_mask(LOG_GUEST_ERROR, "%s: illegal scanout id specified %d", 717 __func__, ss.scanout_id); 718 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_SCANOUT_ID; 719 return; 720 } 721 722 if (ss.resource_id == 0) { 723 virtio_gpu_disable_scanout(g, ss.scanout_id); 724 return; 725 } 726 727 res = virtio_gpu_find_check_resource(g, ss.resource_id, true, 728 __func__, &cmd->error); 729 if (!res) { 730 return; 731 } 732 733 fb.format = pixman_image_get_format(res->image); 734 fb.bytes_pp = DIV_ROUND_UP(PIXMAN_FORMAT_BPP(fb.format), 8); 735 fb.width = pixman_image_get_width(res->image); 736 fb.height = pixman_image_get_height(res->image); 737 fb.stride = pixman_image_get_stride(res->image); 738 fb.offset = ss.r.x * fb.bytes_pp + ss.r.y * fb.stride; 739 740 virtio_gpu_do_set_scanout(g, ss.scanout_id, 741 &fb, res, &ss.r, &cmd->error); 742 } 743 744 static void virtio_gpu_set_scanout_blob(VirtIOGPU *g, 745 struct virtio_gpu_ctrl_command *cmd) 746 { 747 struct virtio_gpu_simple_resource *res; 748 struct virtio_gpu_framebuffer fb = { 0 }; 749 struct virtio_gpu_set_scanout_blob ss; 750 uint64_t fbend; 751 752 VIRTIO_GPU_FILL_CMD(ss); 753 virtio_gpu_scanout_blob_bswap(&ss); 754 trace_virtio_gpu_cmd_set_scanout_blob(ss.scanout_id, ss.resource_id, 755 ss.r.width, ss.r.height, ss.r.x, 756 ss.r.y); 757 758 if (ss.scanout_id >= g->parent_obj.conf.max_outputs) { 759 qemu_log_mask(LOG_GUEST_ERROR, "%s: illegal scanout id specified %d", 760 __func__, ss.scanout_id); 761 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_SCANOUT_ID; 762 return; 763 } 764 765 if (ss.resource_id == 0) { 766 virtio_gpu_disable_scanout(g, ss.scanout_id); 767 return; 768 } 769 770 res = virtio_gpu_find_check_resource(g, ss.resource_id, true, 771 __func__, &cmd->error); 772 if (!res) { 773 return; 774 } 775 776 fb.format = virtio_gpu_get_pixman_format(ss.format); 777 if (!fb.format) { 778 qemu_log_mask(LOG_GUEST_ERROR, 779 "%s: host couldn't handle guest format %d\n", 780 __func__, ss.format); 781 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_PARAMETER; 782 return; 783 } 784 785 fb.bytes_pp = DIV_ROUND_UP(PIXMAN_FORMAT_BPP(fb.format), 8); 786 fb.width = ss.width; 787 fb.height = ss.height; 788 fb.stride = ss.strides[0]; 789 fb.offset = ss.offsets[0] + ss.r.x * fb.bytes_pp + ss.r.y * fb.stride; 790 791 fbend = fb.offset; 792 fbend += fb.stride * (ss.r.height - 1); 793 fbend += fb.bytes_pp * ss.r.width; 794 if (fbend > res->blob_size) { 795 qemu_log_mask(LOG_GUEST_ERROR, 796 "%s: fb end out of range\n", 797 __func__); 798 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_PARAMETER; 799 return; 800 } 801 802 virtio_gpu_do_set_scanout(g, ss.scanout_id, 803 &fb, res, &ss.r, &cmd->error); 804 } 805 806 int virtio_gpu_create_mapping_iov(VirtIOGPU *g, 807 uint32_t nr_entries, uint32_t offset, 808 struct virtio_gpu_ctrl_command *cmd, 809 uint64_t **addr, struct iovec **iov, 810 uint32_t *niov) 811 { 812 struct virtio_gpu_mem_entry *ents; 813 size_t esize, s; 814 int e, v; 815 816 if (nr_entries > 16384) { 817 qemu_log_mask(LOG_GUEST_ERROR, 818 "%s: nr_entries is too big (%d > 16384)\n", 819 __func__, nr_entries); 820 return -1; 821 } 822 823 esize = sizeof(*ents) * nr_entries; 824 ents = g_malloc(esize); 825 s = iov_to_buf(cmd->elem.out_sg, cmd->elem.out_num, 826 offset, ents, esize); 827 if (s != esize) { 828 qemu_log_mask(LOG_GUEST_ERROR, 829 "%s: command data size incorrect %zu vs %zu\n", 830 __func__, s, esize); 831 g_free(ents); 832 return -1; 833 } 834 835 *iov = NULL; 836 if (addr) { 837 *addr = NULL; 838 } 839 for (e = 0, v = 0; e < nr_entries; e++) { 840 uint64_t a = le64_to_cpu(ents[e].addr); 841 uint32_t l = le32_to_cpu(ents[e].length); 842 hwaddr len; 843 void *map; 844 845 do { 846 len = l; 847 map = dma_memory_map(VIRTIO_DEVICE(g)->dma_as, a, &len, 848 DMA_DIRECTION_TO_DEVICE, 849 MEMTXATTRS_UNSPECIFIED); 850 if (!map) { 851 qemu_log_mask(LOG_GUEST_ERROR, "%s: failed to map MMIO memory for" 852 " element %d\n", __func__, e); 853 virtio_gpu_cleanup_mapping_iov(g, *iov, v); 854 g_free(ents); 855 *iov = NULL; 856 if (addr) { 857 g_free(*addr); 858 *addr = NULL; 859 } 860 return -1; 861 } 862 863 if (!(v % 16)) { 864 *iov = g_renew(struct iovec, *iov, v + 16); 865 if (addr) { 866 *addr = g_renew(uint64_t, *addr, v + 16); 867 } 868 } 869 (*iov)[v].iov_base = map; 870 (*iov)[v].iov_len = len; 871 if (addr) { 872 (*addr)[v] = a; 873 } 874 875 a += len; 876 l -= len; 877 v += 1; 878 } while (l > 0); 879 } 880 *niov = v; 881 882 g_free(ents); 883 return 0; 884 } 885 886 void virtio_gpu_cleanup_mapping_iov(VirtIOGPU *g, 887 struct iovec *iov, uint32_t count) 888 { 889 int i; 890 891 for (i = 0; i < count; i++) { 892 dma_memory_unmap(VIRTIO_DEVICE(g)->dma_as, 893 iov[i].iov_base, iov[i].iov_len, 894 DMA_DIRECTION_TO_DEVICE, 895 iov[i].iov_len); 896 } 897 g_free(iov); 898 } 899 900 void virtio_gpu_cleanup_mapping(VirtIOGPU *g, 901 struct virtio_gpu_simple_resource *res) 902 { 903 virtio_gpu_cleanup_mapping_iov(g, res->iov, res->iov_cnt); 904 res->iov = NULL; 905 res->iov_cnt = 0; 906 g_free(res->addrs); 907 res->addrs = NULL; 908 909 if (res->blob) { 910 virtio_gpu_fini_udmabuf(res); 911 } 912 } 913 914 static void 915 virtio_gpu_resource_attach_backing(VirtIOGPU *g, 916 struct virtio_gpu_ctrl_command *cmd) 917 { 918 struct virtio_gpu_simple_resource *res; 919 struct virtio_gpu_resource_attach_backing ab; 920 int ret; 921 922 VIRTIO_GPU_FILL_CMD(ab); 923 virtio_gpu_bswap_32(&ab, sizeof(ab)); 924 trace_virtio_gpu_cmd_res_back_attach(ab.resource_id); 925 926 res = virtio_gpu_find_resource(g, ab.resource_id); 927 if (!res) { 928 qemu_log_mask(LOG_GUEST_ERROR, "%s: illegal resource specified %d\n", 929 __func__, ab.resource_id); 930 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_RESOURCE_ID; 931 return; 932 } 933 934 if (res->iov) { 935 cmd->error = VIRTIO_GPU_RESP_ERR_UNSPEC; 936 return; 937 } 938 939 ret = virtio_gpu_create_mapping_iov(g, ab.nr_entries, sizeof(ab), cmd, 940 &res->addrs, &res->iov, &res->iov_cnt); 941 if (ret != 0) { 942 cmd->error = VIRTIO_GPU_RESP_ERR_UNSPEC; 943 return; 944 } 945 } 946 947 static void 948 virtio_gpu_resource_detach_backing(VirtIOGPU *g, 949 struct virtio_gpu_ctrl_command *cmd) 950 { 951 struct virtio_gpu_simple_resource *res; 952 struct virtio_gpu_resource_detach_backing detach; 953 954 VIRTIO_GPU_FILL_CMD(detach); 955 virtio_gpu_bswap_32(&detach, sizeof(detach)); 956 trace_virtio_gpu_cmd_res_back_detach(detach.resource_id); 957 958 res = virtio_gpu_find_check_resource(g, detach.resource_id, true, 959 __func__, &cmd->error); 960 if (!res) { 961 return; 962 } 963 virtio_gpu_cleanup_mapping(g, res); 964 } 965 966 void virtio_gpu_simple_process_cmd(VirtIOGPU *g, 967 struct virtio_gpu_ctrl_command *cmd) 968 { 969 VIRTIO_GPU_FILL_CMD(cmd->cmd_hdr); 970 virtio_gpu_ctrl_hdr_bswap(&cmd->cmd_hdr); 971 972 switch (cmd->cmd_hdr.type) { 973 case VIRTIO_GPU_CMD_GET_DISPLAY_INFO: 974 virtio_gpu_get_display_info(g, cmd); 975 break; 976 case VIRTIO_GPU_CMD_GET_EDID: 977 virtio_gpu_get_edid(g, cmd); 978 break; 979 case VIRTIO_GPU_CMD_RESOURCE_CREATE_2D: 980 virtio_gpu_resource_create_2d(g, cmd); 981 break; 982 case VIRTIO_GPU_CMD_RESOURCE_CREATE_BLOB: 983 if (!virtio_gpu_blob_enabled(g->parent_obj.conf)) { 984 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_PARAMETER; 985 break; 986 } 987 virtio_gpu_resource_create_blob(g, cmd); 988 break; 989 case VIRTIO_GPU_CMD_RESOURCE_UNREF: 990 virtio_gpu_resource_unref(g, cmd); 991 break; 992 case VIRTIO_GPU_CMD_RESOURCE_FLUSH: 993 virtio_gpu_resource_flush(g, cmd); 994 break; 995 case VIRTIO_GPU_CMD_TRANSFER_TO_HOST_2D: 996 virtio_gpu_transfer_to_host_2d(g, cmd); 997 break; 998 case VIRTIO_GPU_CMD_SET_SCANOUT: 999 virtio_gpu_set_scanout(g, cmd); 1000 break; 1001 case VIRTIO_GPU_CMD_SET_SCANOUT_BLOB: 1002 if (!virtio_gpu_blob_enabled(g->parent_obj.conf)) { 1003 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_PARAMETER; 1004 break; 1005 } 1006 virtio_gpu_set_scanout_blob(g, cmd); 1007 break; 1008 case VIRTIO_GPU_CMD_RESOURCE_ATTACH_BACKING: 1009 virtio_gpu_resource_attach_backing(g, cmd); 1010 break; 1011 case VIRTIO_GPU_CMD_RESOURCE_DETACH_BACKING: 1012 virtio_gpu_resource_detach_backing(g, cmd); 1013 break; 1014 default: 1015 cmd->error = VIRTIO_GPU_RESP_ERR_UNSPEC; 1016 break; 1017 } 1018 if (!cmd->finished) { 1019 if (!g->parent_obj.renderer_blocked) { 1020 virtio_gpu_ctrl_response_nodata(g, cmd, cmd->error ? cmd->error : 1021 VIRTIO_GPU_RESP_OK_NODATA); 1022 } 1023 } 1024 } 1025 1026 static void virtio_gpu_handle_ctrl_cb(VirtIODevice *vdev, VirtQueue *vq) 1027 { 1028 VirtIOGPU *g = VIRTIO_GPU(vdev); 1029 qemu_bh_schedule(g->ctrl_bh); 1030 } 1031 1032 static void virtio_gpu_handle_cursor_cb(VirtIODevice *vdev, VirtQueue *vq) 1033 { 1034 VirtIOGPU *g = VIRTIO_GPU(vdev); 1035 qemu_bh_schedule(g->cursor_bh); 1036 } 1037 1038 void virtio_gpu_process_cmdq(VirtIOGPU *g) 1039 { 1040 struct virtio_gpu_ctrl_command *cmd; 1041 VirtIOGPUClass *vgc = VIRTIO_GPU_GET_CLASS(g); 1042 1043 if (g->processing_cmdq) { 1044 return; 1045 } 1046 g->processing_cmdq = true; 1047 while (!QTAILQ_EMPTY(&g->cmdq)) { 1048 cmd = QTAILQ_FIRST(&g->cmdq); 1049 1050 if (g->parent_obj.renderer_blocked) { 1051 break; 1052 } 1053 1054 /* process command */ 1055 vgc->process_cmd(g, cmd); 1056 1057 QTAILQ_REMOVE(&g->cmdq, cmd, next); 1058 if (virtio_gpu_stats_enabled(g->parent_obj.conf)) { 1059 g->stats.requests++; 1060 } 1061 1062 if (!cmd->finished) { 1063 QTAILQ_INSERT_TAIL(&g->fenceq, cmd, next); 1064 g->inflight++; 1065 if (virtio_gpu_stats_enabled(g->parent_obj.conf)) { 1066 if (g->stats.max_inflight < g->inflight) { 1067 g->stats.max_inflight = g->inflight; 1068 } 1069 fprintf(stderr, "inflight: %3d (+)\r", g->inflight); 1070 } 1071 } else { 1072 g_free(cmd); 1073 } 1074 } 1075 g->processing_cmdq = false; 1076 } 1077 1078 static void virtio_gpu_process_fenceq(VirtIOGPU *g) 1079 { 1080 struct virtio_gpu_ctrl_command *cmd, *tmp; 1081 1082 QTAILQ_FOREACH_SAFE(cmd, &g->fenceq, next, tmp) { 1083 trace_virtio_gpu_fence_resp(cmd->cmd_hdr.fence_id); 1084 virtio_gpu_ctrl_response_nodata(g, cmd, VIRTIO_GPU_RESP_OK_NODATA); 1085 QTAILQ_REMOVE(&g->fenceq, cmd, next); 1086 g_free(cmd); 1087 g->inflight--; 1088 if (virtio_gpu_stats_enabled(g->parent_obj.conf)) { 1089 fprintf(stderr, "inflight: %3d (-)\r", g->inflight); 1090 } 1091 } 1092 } 1093 1094 static void virtio_gpu_handle_gl_flushed(VirtIOGPUBase *b) 1095 { 1096 VirtIOGPU *g = container_of(b, VirtIOGPU, parent_obj); 1097 1098 virtio_gpu_process_fenceq(g); 1099 virtio_gpu_process_cmdq(g); 1100 } 1101 1102 static void virtio_gpu_handle_ctrl(VirtIODevice *vdev, VirtQueue *vq) 1103 { 1104 VirtIOGPU *g = VIRTIO_GPU(vdev); 1105 struct virtio_gpu_ctrl_command *cmd; 1106 1107 if (!virtio_queue_ready(vq)) { 1108 return; 1109 } 1110 1111 cmd = virtqueue_pop(vq, sizeof(struct virtio_gpu_ctrl_command)); 1112 while (cmd) { 1113 cmd->vq = vq; 1114 cmd->error = 0; 1115 cmd->finished = false; 1116 QTAILQ_INSERT_TAIL(&g->cmdq, cmd, next); 1117 cmd = virtqueue_pop(vq, sizeof(struct virtio_gpu_ctrl_command)); 1118 } 1119 1120 virtio_gpu_process_cmdq(g); 1121 } 1122 1123 static void virtio_gpu_ctrl_bh(void *opaque) 1124 { 1125 VirtIOGPU *g = opaque; 1126 VirtIOGPUClass *vgc = VIRTIO_GPU_GET_CLASS(g); 1127 1128 vgc->handle_ctrl(VIRTIO_DEVICE(g), g->ctrl_vq); 1129 } 1130 1131 static void virtio_gpu_handle_cursor(VirtIODevice *vdev, VirtQueue *vq) 1132 { 1133 VirtIOGPU *g = VIRTIO_GPU(vdev); 1134 VirtQueueElement *elem; 1135 size_t s; 1136 struct virtio_gpu_update_cursor cursor_info; 1137 1138 if (!virtio_queue_ready(vq)) { 1139 return; 1140 } 1141 for (;;) { 1142 elem = virtqueue_pop(vq, sizeof(VirtQueueElement)); 1143 if (!elem) { 1144 break; 1145 } 1146 1147 s = iov_to_buf(elem->out_sg, elem->out_num, 0, 1148 &cursor_info, sizeof(cursor_info)); 1149 if (s != sizeof(cursor_info)) { 1150 qemu_log_mask(LOG_GUEST_ERROR, 1151 "%s: cursor size incorrect %zu vs %zu\n", 1152 __func__, s, sizeof(cursor_info)); 1153 } else { 1154 virtio_gpu_bswap_32(&cursor_info, sizeof(cursor_info)); 1155 update_cursor(g, &cursor_info); 1156 } 1157 virtqueue_push(vq, elem, 0); 1158 virtio_notify(vdev, vq); 1159 g_free(elem); 1160 } 1161 } 1162 1163 static void virtio_gpu_cursor_bh(void *opaque) 1164 { 1165 VirtIOGPU *g = opaque; 1166 virtio_gpu_handle_cursor(&g->parent_obj.parent_obj, g->cursor_vq); 1167 } 1168 1169 static bool scanout_vmstate_after_v2(void *opaque, int version) 1170 { 1171 struct VirtIOGPUBase *base = container_of(opaque, VirtIOGPUBase, scanout); 1172 struct VirtIOGPU *gpu = container_of(base, VirtIOGPU, parent_obj); 1173 1174 return gpu->scanout_vmstate_version >= 2; 1175 } 1176 1177 static const VMStateDescription vmstate_virtio_gpu_scanout = { 1178 .name = "virtio-gpu-one-scanout", 1179 .version_id = 1, 1180 .fields = (const VMStateField[]) { 1181 VMSTATE_UINT32(resource_id, struct virtio_gpu_scanout), 1182 VMSTATE_UINT32(width, struct virtio_gpu_scanout), 1183 VMSTATE_UINT32(height, struct virtio_gpu_scanout), 1184 VMSTATE_INT32(x, struct virtio_gpu_scanout), 1185 VMSTATE_INT32(y, struct virtio_gpu_scanout), 1186 VMSTATE_UINT32(cursor.resource_id, struct virtio_gpu_scanout), 1187 VMSTATE_UINT32(cursor.hot_x, struct virtio_gpu_scanout), 1188 VMSTATE_UINT32(cursor.hot_y, struct virtio_gpu_scanout), 1189 VMSTATE_UINT32(cursor.pos.x, struct virtio_gpu_scanout), 1190 VMSTATE_UINT32(cursor.pos.y, struct virtio_gpu_scanout), 1191 VMSTATE_UINT32_TEST(fb.format, struct virtio_gpu_scanout, 1192 scanout_vmstate_after_v2), 1193 VMSTATE_UINT32_TEST(fb.bytes_pp, struct virtio_gpu_scanout, 1194 scanout_vmstate_after_v2), 1195 VMSTATE_UINT32_TEST(fb.width, struct virtio_gpu_scanout, 1196 scanout_vmstate_after_v2), 1197 VMSTATE_UINT32_TEST(fb.height, struct virtio_gpu_scanout, 1198 scanout_vmstate_after_v2), 1199 VMSTATE_UINT32_TEST(fb.stride, struct virtio_gpu_scanout, 1200 scanout_vmstate_after_v2), 1201 VMSTATE_UINT32_TEST(fb.offset, struct virtio_gpu_scanout, 1202 scanout_vmstate_after_v2), 1203 VMSTATE_END_OF_LIST() 1204 }, 1205 }; 1206 1207 static const VMStateDescription vmstate_virtio_gpu_scanouts = { 1208 .name = "virtio-gpu-scanouts", 1209 .version_id = 1, 1210 .fields = (const VMStateField[]) { 1211 VMSTATE_INT32(parent_obj.enable, struct VirtIOGPU), 1212 VMSTATE_UINT32_EQUAL(parent_obj.conf.max_outputs, 1213 struct VirtIOGPU, NULL), 1214 VMSTATE_STRUCT_VARRAY_UINT32(parent_obj.scanout, struct VirtIOGPU, 1215 parent_obj.conf.max_outputs, 1, 1216 vmstate_virtio_gpu_scanout, 1217 struct virtio_gpu_scanout), 1218 VMSTATE_END_OF_LIST() 1219 }, 1220 }; 1221 1222 static int virtio_gpu_save(QEMUFile *f, void *opaque, size_t size, 1223 const VMStateField *field, JSONWriter *vmdesc) 1224 { 1225 VirtIOGPU *g = opaque; 1226 struct virtio_gpu_simple_resource *res; 1227 int i; 1228 1229 /* in 2d mode we should never find unprocessed commands here */ 1230 assert(QTAILQ_EMPTY(&g->cmdq)); 1231 1232 QTAILQ_FOREACH(res, &g->reslist, next) { 1233 if (res->blob_size) { 1234 continue; 1235 } 1236 qemu_put_be32(f, res->resource_id); 1237 qemu_put_be32(f, res->width); 1238 qemu_put_be32(f, res->height); 1239 qemu_put_be32(f, res->format); 1240 qemu_put_be32(f, res->iov_cnt); 1241 for (i = 0; i < res->iov_cnt; i++) { 1242 qemu_put_be64(f, res->addrs[i]); 1243 qemu_put_be32(f, res->iov[i].iov_len); 1244 } 1245 qemu_put_buffer(f, (void *)pixman_image_get_data(res->image), 1246 pixman_image_get_stride(res->image) * res->height); 1247 } 1248 qemu_put_be32(f, 0); /* end of list */ 1249 1250 return vmstate_save_state(f, &vmstate_virtio_gpu_scanouts, g, NULL); 1251 } 1252 1253 static bool virtio_gpu_load_restore_mapping(VirtIOGPU *g, 1254 struct virtio_gpu_simple_resource *res) 1255 { 1256 int i; 1257 1258 for (i = 0; i < res->iov_cnt; i++) { 1259 hwaddr len = res->iov[i].iov_len; 1260 res->iov[i].iov_base = 1261 dma_memory_map(VIRTIO_DEVICE(g)->dma_as, res->addrs[i], &len, 1262 DMA_DIRECTION_TO_DEVICE, MEMTXATTRS_UNSPECIFIED); 1263 1264 if (!res->iov[i].iov_base || len != res->iov[i].iov_len) { 1265 /* Clean up the half-a-mapping we just created... */ 1266 if (res->iov[i].iov_base) { 1267 dma_memory_unmap(VIRTIO_DEVICE(g)->dma_as, res->iov[i].iov_base, 1268 len, DMA_DIRECTION_TO_DEVICE, 0); 1269 } 1270 /* ...and the mappings for previous loop iterations */ 1271 res->iov_cnt = i; 1272 virtio_gpu_cleanup_mapping(g, res); 1273 return false; 1274 } 1275 } 1276 1277 QTAILQ_INSERT_HEAD(&g->reslist, res, next); 1278 g->hostmem += res->hostmem; 1279 return true; 1280 } 1281 1282 static int virtio_gpu_load(QEMUFile *f, void *opaque, size_t size, 1283 const VMStateField *field) 1284 { 1285 VirtIOGPU *g = opaque; 1286 struct virtio_gpu_simple_resource *res; 1287 uint32_t resource_id, pformat; 1288 void *bits = NULL; 1289 int i; 1290 1291 g->hostmem = 0; 1292 1293 resource_id = qemu_get_be32(f); 1294 while (resource_id != 0) { 1295 res = virtio_gpu_find_resource(g, resource_id); 1296 if (res) { 1297 return -EINVAL; 1298 } 1299 1300 res = g_new0(struct virtio_gpu_simple_resource, 1); 1301 res->resource_id = resource_id; 1302 res->width = qemu_get_be32(f); 1303 res->height = qemu_get_be32(f); 1304 res->format = qemu_get_be32(f); 1305 res->iov_cnt = qemu_get_be32(f); 1306 1307 /* allocate */ 1308 pformat = virtio_gpu_get_pixman_format(res->format); 1309 if (!pformat) { 1310 g_free(res); 1311 return -EINVAL; 1312 } 1313 1314 res->hostmem = calc_image_hostmem(pformat, res->width, res->height); 1315 #ifdef WIN32 1316 bits = qemu_win32_map_alloc(res->hostmem, &res->handle, &error_warn); 1317 if (!bits) { 1318 g_free(res); 1319 return -EINVAL; 1320 } 1321 #endif 1322 res->image = pixman_image_create_bits( 1323 pformat, 1324 res->width, res->height, 1325 bits, res->height ? res->hostmem / res->height : 0); 1326 if (!res->image) { 1327 g_free(res); 1328 return -EINVAL; 1329 } 1330 #ifdef WIN32 1331 pixman_image_set_destroy_function(res->image, win32_pixman_image_destroy, res->handle); 1332 #endif 1333 1334 res->addrs = g_new(uint64_t, res->iov_cnt); 1335 res->iov = g_new(struct iovec, res->iov_cnt); 1336 1337 /* read data */ 1338 for (i = 0; i < res->iov_cnt; i++) { 1339 res->addrs[i] = qemu_get_be64(f); 1340 res->iov[i].iov_len = qemu_get_be32(f); 1341 } 1342 qemu_get_buffer(f, (void *)pixman_image_get_data(res->image), 1343 pixman_image_get_stride(res->image) * res->height); 1344 1345 if (!virtio_gpu_load_restore_mapping(g, res)) { 1346 pixman_image_unref(res->image); 1347 g_free(res); 1348 return -EINVAL; 1349 } 1350 1351 resource_id = qemu_get_be32(f); 1352 } 1353 1354 /* load & apply scanout state */ 1355 vmstate_load_state(f, &vmstate_virtio_gpu_scanouts, g, 1); 1356 1357 return 0; 1358 } 1359 1360 static int virtio_gpu_blob_save(QEMUFile *f, void *opaque, size_t size, 1361 const VMStateField *field, JSONWriter *vmdesc) 1362 { 1363 VirtIOGPU *g = opaque; 1364 struct virtio_gpu_simple_resource *res; 1365 int i; 1366 1367 /* in 2d mode we should never find unprocessed commands here */ 1368 assert(QTAILQ_EMPTY(&g->cmdq)); 1369 1370 QTAILQ_FOREACH(res, &g->reslist, next) { 1371 if (!res->blob_size) { 1372 continue; 1373 } 1374 assert(!res->image); 1375 qemu_put_be32(f, res->resource_id); 1376 qemu_put_be32(f, res->blob_size); 1377 qemu_put_be32(f, res->iov_cnt); 1378 for (i = 0; i < res->iov_cnt; i++) { 1379 qemu_put_be64(f, res->addrs[i]); 1380 qemu_put_be32(f, res->iov[i].iov_len); 1381 } 1382 } 1383 qemu_put_be32(f, 0); /* end of list */ 1384 1385 return 0; 1386 } 1387 1388 static int virtio_gpu_blob_load(QEMUFile *f, void *opaque, size_t size, 1389 const VMStateField *field) 1390 { 1391 VirtIOGPU *g = opaque; 1392 struct virtio_gpu_simple_resource *res; 1393 uint32_t resource_id; 1394 int i; 1395 1396 resource_id = qemu_get_be32(f); 1397 while (resource_id != 0) { 1398 res = virtio_gpu_find_resource(g, resource_id); 1399 if (res) { 1400 return -EINVAL; 1401 } 1402 1403 res = g_new0(struct virtio_gpu_simple_resource, 1); 1404 res->resource_id = resource_id; 1405 res->blob_size = qemu_get_be32(f); 1406 res->iov_cnt = qemu_get_be32(f); 1407 res->addrs = g_new(uint64_t, res->iov_cnt); 1408 res->iov = g_new(struct iovec, res->iov_cnt); 1409 1410 /* read data */ 1411 for (i = 0; i < res->iov_cnt; i++) { 1412 res->addrs[i] = qemu_get_be64(f); 1413 res->iov[i].iov_len = qemu_get_be32(f); 1414 } 1415 1416 if (!virtio_gpu_load_restore_mapping(g, res)) { 1417 g_free(res); 1418 return -EINVAL; 1419 } 1420 1421 virtio_gpu_init_udmabuf(res); 1422 1423 resource_id = qemu_get_be32(f); 1424 } 1425 1426 return 0; 1427 } 1428 1429 static int virtio_gpu_post_load(void *opaque, int version_id) 1430 { 1431 VirtIOGPU *g = opaque; 1432 struct virtio_gpu_scanout *scanout; 1433 struct virtio_gpu_simple_resource *res; 1434 int i; 1435 1436 for (i = 0; i < g->parent_obj.conf.max_outputs; i++) { 1437 scanout = &g->parent_obj.scanout[i]; 1438 if (!scanout->resource_id) { 1439 continue; 1440 } 1441 1442 res = virtio_gpu_find_resource(g, scanout->resource_id); 1443 if (!res) { 1444 return -EINVAL; 1445 } 1446 1447 if (scanout->fb.format != 0) { 1448 uint32_t error = 0; 1449 struct virtio_gpu_rect r = { 1450 .x = scanout->x, 1451 .y = scanout->y, 1452 .width = scanout->width, 1453 .height = scanout->height 1454 }; 1455 1456 if (!virtio_gpu_do_set_scanout(g, i, &scanout->fb, res, &r, &error)) { 1457 return -EINVAL; 1458 } 1459 } else { 1460 /* legacy v1 migration support */ 1461 if (!res->image) { 1462 return -EINVAL; 1463 } 1464 scanout->ds = qemu_create_displaysurface_pixman(res->image); 1465 #ifdef WIN32 1466 qemu_displaysurface_win32_set_handle(scanout->ds, res->handle, 0); 1467 #endif 1468 dpy_gfx_replace_surface(scanout->con, scanout->ds); 1469 } 1470 1471 dpy_gfx_update_full(scanout->con); 1472 if (scanout->cursor.resource_id) { 1473 update_cursor(g, &scanout->cursor); 1474 } 1475 res->scanout_bitmask |= (1 << i); 1476 } 1477 1478 return 0; 1479 } 1480 1481 void virtio_gpu_device_realize(DeviceState *qdev, Error **errp) 1482 { 1483 VirtIODevice *vdev = VIRTIO_DEVICE(qdev); 1484 VirtIOGPU *g = VIRTIO_GPU(qdev); 1485 1486 if (virtio_gpu_blob_enabled(g->parent_obj.conf)) { 1487 if (!virtio_gpu_rutabaga_enabled(g->parent_obj.conf) && 1488 !virtio_gpu_have_udmabuf()) { 1489 error_setg(errp, "need rutabaga or udmabuf for blob resources"); 1490 return; 1491 } 1492 1493 if (virtio_gpu_virgl_enabled(g->parent_obj.conf)) { 1494 error_setg(errp, "blobs and virgl are not compatible (yet)"); 1495 return; 1496 } 1497 } 1498 1499 if (!virtio_gpu_base_device_realize(qdev, 1500 virtio_gpu_handle_ctrl_cb, 1501 virtio_gpu_handle_cursor_cb, 1502 errp)) { 1503 return; 1504 } 1505 1506 g->ctrl_vq = virtio_get_queue(vdev, 0); 1507 g->cursor_vq = virtio_get_queue(vdev, 1); 1508 g->ctrl_bh = virtio_bh_new_guarded(qdev, virtio_gpu_ctrl_bh, g); 1509 g->cursor_bh = virtio_bh_new_guarded(qdev, virtio_gpu_cursor_bh, g); 1510 g->reset_bh = qemu_bh_new(virtio_gpu_reset_bh, g); 1511 qemu_cond_init(&g->reset_cond); 1512 QTAILQ_INIT(&g->reslist); 1513 QTAILQ_INIT(&g->cmdq); 1514 QTAILQ_INIT(&g->fenceq); 1515 } 1516 1517 static void virtio_gpu_device_unrealize(DeviceState *qdev) 1518 { 1519 VirtIOGPU *g = VIRTIO_GPU(qdev); 1520 1521 g_clear_pointer(&g->ctrl_bh, qemu_bh_delete); 1522 g_clear_pointer(&g->cursor_bh, qemu_bh_delete); 1523 g_clear_pointer(&g->reset_bh, qemu_bh_delete); 1524 qemu_cond_destroy(&g->reset_cond); 1525 virtio_gpu_base_device_unrealize(qdev); 1526 } 1527 1528 static void virtio_gpu_reset_bh(void *opaque) 1529 { 1530 VirtIOGPU *g = VIRTIO_GPU(opaque); 1531 VirtIOGPUClass *vgc = VIRTIO_GPU_GET_CLASS(g); 1532 struct virtio_gpu_simple_resource *res, *tmp; 1533 uint32_t resource_id; 1534 Error *local_err = NULL; 1535 int i = 0; 1536 1537 QTAILQ_FOREACH_SAFE(res, &g->reslist, next, tmp) { 1538 resource_id = res->resource_id; 1539 vgc->resource_destroy(g, res, &local_err); 1540 if (local_err) { 1541 error_append_hint(&local_err, "%s: %s resource_destroy" 1542 "for resource_id = %"PRIu32" failed.\n", 1543 __func__, object_get_typename(OBJECT(g)), 1544 resource_id); 1545 /* error_report_err frees the error object for us */ 1546 error_report_err(local_err); 1547 local_err = NULL; 1548 } 1549 } 1550 1551 for (i = 0; i < g->parent_obj.conf.max_outputs; i++) { 1552 dpy_gfx_replace_surface(g->parent_obj.scanout[i].con, NULL); 1553 } 1554 1555 g->reset_finished = true; 1556 qemu_cond_signal(&g->reset_cond); 1557 } 1558 1559 void virtio_gpu_reset(VirtIODevice *vdev) 1560 { 1561 VirtIOGPU *g = VIRTIO_GPU(vdev); 1562 struct virtio_gpu_ctrl_command *cmd; 1563 1564 if (qemu_in_vcpu_thread()) { 1565 g->reset_finished = false; 1566 qemu_bh_schedule(g->reset_bh); 1567 while (!g->reset_finished) { 1568 qemu_cond_wait_bql(&g->reset_cond); 1569 } 1570 } else { 1571 aio_bh_call(g->reset_bh); 1572 } 1573 1574 while (!QTAILQ_EMPTY(&g->cmdq)) { 1575 cmd = QTAILQ_FIRST(&g->cmdq); 1576 QTAILQ_REMOVE(&g->cmdq, cmd, next); 1577 g_free(cmd); 1578 } 1579 1580 while (!QTAILQ_EMPTY(&g->fenceq)) { 1581 cmd = QTAILQ_FIRST(&g->fenceq); 1582 QTAILQ_REMOVE(&g->fenceq, cmd, next); 1583 g->inflight--; 1584 g_free(cmd); 1585 } 1586 1587 virtio_gpu_base_reset(VIRTIO_GPU_BASE(vdev)); 1588 } 1589 1590 static void 1591 virtio_gpu_get_config(VirtIODevice *vdev, uint8_t *config) 1592 { 1593 VirtIOGPUBase *g = VIRTIO_GPU_BASE(vdev); 1594 1595 memcpy(config, &g->virtio_config, sizeof(g->virtio_config)); 1596 } 1597 1598 static void 1599 virtio_gpu_set_config(VirtIODevice *vdev, const uint8_t *config) 1600 { 1601 VirtIOGPUBase *g = VIRTIO_GPU_BASE(vdev); 1602 const struct virtio_gpu_config *vgconfig = 1603 (const struct virtio_gpu_config *)config; 1604 1605 if (vgconfig->events_clear) { 1606 g->virtio_config.events_read &= ~vgconfig->events_clear; 1607 } 1608 } 1609 1610 static bool virtio_gpu_blob_state_needed(void *opaque) 1611 { 1612 VirtIOGPU *g = VIRTIO_GPU(opaque); 1613 1614 return virtio_gpu_blob_enabled(g->parent_obj.conf); 1615 } 1616 1617 const VMStateDescription vmstate_virtio_gpu_blob_state = { 1618 .name = "virtio-gpu/blob", 1619 .minimum_version_id = VIRTIO_GPU_VM_VERSION, 1620 .version_id = VIRTIO_GPU_VM_VERSION, 1621 .needed = virtio_gpu_blob_state_needed, 1622 .fields = (const VMStateField[]){ 1623 { 1624 .name = "virtio-gpu/blob", 1625 .info = &(const VMStateInfo) { 1626 .name = "blob", 1627 .get = virtio_gpu_blob_load, 1628 .put = virtio_gpu_blob_save, 1629 }, 1630 .flags = VMS_SINGLE, 1631 } /* device */, 1632 VMSTATE_END_OF_LIST() 1633 }, 1634 }; 1635 1636 /* 1637 * For historical reasons virtio_gpu does not adhere to virtio migration 1638 * scheme as described in doc/virtio-migration.txt, in a sense that no 1639 * save/load callback are provided to the core. Instead the device data 1640 * is saved/loaded after the core data. 1641 * 1642 * Because of this we need a special vmsd. 1643 */ 1644 static const VMStateDescription vmstate_virtio_gpu = { 1645 .name = "virtio-gpu", 1646 .minimum_version_id = VIRTIO_GPU_VM_VERSION, 1647 .version_id = VIRTIO_GPU_VM_VERSION, 1648 .fields = (const VMStateField[]) { 1649 VMSTATE_VIRTIO_DEVICE /* core */, 1650 { 1651 .name = "virtio-gpu", 1652 .info = &(const VMStateInfo) { 1653 .name = "virtio-gpu", 1654 .get = virtio_gpu_load, 1655 .put = virtio_gpu_save, 1656 }, 1657 .flags = VMS_SINGLE, 1658 } /* device */, 1659 VMSTATE_END_OF_LIST() 1660 }, 1661 .subsections = (const VMStateDescription * const []) { 1662 &vmstate_virtio_gpu_blob_state, 1663 NULL 1664 }, 1665 .post_load = virtio_gpu_post_load, 1666 }; 1667 1668 static Property virtio_gpu_properties[] = { 1669 VIRTIO_GPU_BASE_PROPERTIES(VirtIOGPU, parent_obj.conf), 1670 DEFINE_PROP_SIZE("max_hostmem", VirtIOGPU, conf_max_hostmem, 1671 256 * MiB), 1672 DEFINE_PROP_BIT("blob", VirtIOGPU, parent_obj.conf.flags, 1673 VIRTIO_GPU_FLAG_BLOB_ENABLED, false), 1674 DEFINE_PROP_SIZE("hostmem", VirtIOGPU, parent_obj.conf.hostmem, 0), 1675 DEFINE_PROP_UINT8("x-scanout-vmstate-version", VirtIOGPU, scanout_vmstate_version, 2), 1676 DEFINE_PROP_END_OF_LIST(), 1677 }; 1678 1679 static void virtio_gpu_class_init(ObjectClass *klass, void *data) 1680 { 1681 DeviceClass *dc = DEVICE_CLASS(klass); 1682 VirtioDeviceClass *vdc = VIRTIO_DEVICE_CLASS(klass); 1683 VirtIOGPUClass *vgc = VIRTIO_GPU_CLASS(klass); 1684 VirtIOGPUBaseClass *vgbc = &vgc->parent; 1685 1686 vgc->handle_ctrl = virtio_gpu_handle_ctrl; 1687 vgc->process_cmd = virtio_gpu_simple_process_cmd; 1688 vgc->update_cursor_data = virtio_gpu_update_cursor_data; 1689 vgc->resource_destroy = virtio_gpu_resource_destroy; 1690 vgbc->gl_flushed = virtio_gpu_handle_gl_flushed; 1691 1692 vdc->realize = virtio_gpu_device_realize; 1693 vdc->unrealize = virtio_gpu_device_unrealize; 1694 vdc->reset = virtio_gpu_reset; 1695 vdc->get_config = virtio_gpu_get_config; 1696 vdc->set_config = virtio_gpu_set_config; 1697 1698 dc->vmsd = &vmstate_virtio_gpu; 1699 device_class_set_props(dc, virtio_gpu_properties); 1700 } 1701 1702 static const TypeInfo virtio_gpu_info = { 1703 .name = TYPE_VIRTIO_GPU, 1704 .parent = TYPE_VIRTIO_GPU_BASE, 1705 .instance_size = sizeof(VirtIOGPU), 1706 .class_size = sizeof(VirtIOGPUClass), 1707 .class_init = virtio_gpu_class_init, 1708 }; 1709 module_obj(TYPE_VIRTIO_GPU); 1710 module_kconfig(VIRTIO_GPU); 1711 1712 static void virtio_register_types(void) 1713 { 1714 type_register_static(&virtio_gpu_info); 1715 } 1716 1717 type_init(virtio_register_types) 1718