1 /* 2 * Virtio GPU Device 3 * 4 * Copyright Red Hat, Inc. 2013-2014 5 * 6 * Authors: 7 * Dave Airlie <airlied@redhat.com> 8 * Gerd Hoffmann <kraxel@redhat.com> 9 * 10 * This work is licensed under the terms of the GNU GPL, version 2 or later. 11 * See the COPYING file in the top-level directory. 12 */ 13 14 #include "qemu/osdep.h" 15 #include "qemu/units.h" 16 #include "qemu/iov.h" 17 #include "sysemu/cpus.h" 18 #include "ui/console.h" 19 #include "ui/rect.h" 20 #include "trace.h" 21 #include "sysemu/dma.h" 22 #include "sysemu/sysemu.h" 23 #include "hw/virtio/virtio.h" 24 #include "migration/qemu-file-types.h" 25 #include "hw/virtio/virtio-gpu.h" 26 #include "hw/virtio/virtio-gpu-bswap.h" 27 #include "hw/virtio/virtio-gpu-pixman.h" 28 #include "hw/virtio/virtio-bus.h" 29 #include "hw/qdev-properties.h" 30 #include "qemu/log.h" 31 #include "qemu/module.h" 32 #include "qapi/error.h" 33 #include "qemu/error-report.h" 34 35 #define VIRTIO_GPU_VM_VERSION 1 36 37 static struct virtio_gpu_simple_resource * 38 virtio_gpu_find_check_resource(VirtIOGPU *g, uint32_t resource_id, 39 bool require_backing, 40 const char *caller, uint32_t *error); 41 42 static void virtio_gpu_reset_bh(void *opaque); 43 44 void virtio_gpu_update_cursor_data(VirtIOGPU *g, 45 struct virtio_gpu_scanout *s, 46 uint32_t resource_id) 47 { 48 struct virtio_gpu_simple_resource *res; 49 uint32_t pixels; 50 void *data; 51 52 res = virtio_gpu_find_check_resource(g, resource_id, false, 53 __func__, NULL); 54 if (!res) { 55 return; 56 } 57 58 if (res->blob_size) { 59 if (res->blob_size < (s->current_cursor->width * 60 s->current_cursor->height * 4)) { 61 return; 62 } 63 data = res->blob; 64 } else { 65 if (pixman_image_get_width(res->image) != s->current_cursor->width || 66 pixman_image_get_height(res->image) != s->current_cursor->height) { 67 return; 68 } 69 data = pixman_image_get_data(res->image); 70 } 71 72 pixels = s->current_cursor->width * s->current_cursor->height; 73 memcpy(s->current_cursor->data, data, 74 pixels * sizeof(uint32_t)); 75 } 76 77 static void update_cursor(VirtIOGPU *g, struct virtio_gpu_update_cursor *cursor) 78 { 79 struct virtio_gpu_scanout *s; 80 VirtIOGPUClass *vgc = VIRTIO_GPU_GET_CLASS(g); 81 bool move = cursor->hdr.type == VIRTIO_GPU_CMD_MOVE_CURSOR; 82 83 if (cursor->pos.scanout_id >= g->parent_obj.conf.max_outputs) { 84 return; 85 } 86 s = &g->parent_obj.scanout[cursor->pos.scanout_id]; 87 88 trace_virtio_gpu_update_cursor(cursor->pos.scanout_id, 89 cursor->pos.x, 90 cursor->pos.y, 91 move ? "move" : "update", 92 cursor->resource_id); 93 94 if (!move) { 95 if (!s->current_cursor) { 96 s->current_cursor = cursor_alloc(64, 64); 97 } 98 99 s->current_cursor->hot_x = cursor->hot_x; 100 s->current_cursor->hot_y = cursor->hot_y; 101 102 if (cursor->resource_id > 0) { 103 vgc->update_cursor_data(g, s, cursor->resource_id); 104 } 105 dpy_cursor_define(s->con, s->current_cursor); 106 107 s->cursor = *cursor; 108 } else { 109 s->cursor.pos.x = cursor->pos.x; 110 s->cursor.pos.y = cursor->pos.y; 111 } 112 dpy_mouse_set(s->con, cursor->pos.x, cursor->pos.y, cursor->resource_id); 113 } 114 115 struct virtio_gpu_simple_resource * 116 virtio_gpu_find_resource(VirtIOGPU *g, uint32_t resource_id) 117 { 118 struct virtio_gpu_simple_resource *res; 119 120 QTAILQ_FOREACH(res, &g->reslist, next) { 121 if (res->resource_id == resource_id) { 122 return res; 123 } 124 } 125 return NULL; 126 } 127 128 static struct virtio_gpu_simple_resource * 129 virtio_gpu_find_check_resource(VirtIOGPU *g, uint32_t resource_id, 130 bool require_backing, 131 const char *caller, uint32_t *error) 132 { 133 struct virtio_gpu_simple_resource *res; 134 135 res = virtio_gpu_find_resource(g, resource_id); 136 if (!res) { 137 qemu_log_mask(LOG_GUEST_ERROR, "%s: invalid resource specified %d\n", 138 caller, resource_id); 139 if (error) { 140 *error = VIRTIO_GPU_RESP_ERR_INVALID_RESOURCE_ID; 141 } 142 return NULL; 143 } 144 145 if (require_backing) { 146 if (!res->iov || (!res->image && !res->blob)) { 147 qemu_log_mask(LOG_GUEST_ERROR, "%s: no backing storage %d\n", 148 caller, resource_id); 149 if (error) { 150 *error = VIRTIO_GPU_RESP_ERR_UNSPEC; 151 } 152 return NULL; 153 } 154 } 155 156 return res; 157 } 158 159 void virtio_gpu_ctrl_response(VirtIOGPU *g, 160 struct virtio_gpu_ctrl_command *cmd, 161 struct virtio_gpu_ctrl_hdr *resp, 162 size_t resp_len) 163 { 164 size_t s; 165 166 if (cmd->cmd_hdr.flags & VIRTIO_GPU_FLAG_FENCE) { 167 resp->flags |= VIRTIO_GPU_FLAG_FENCE; 168 resp->fence_id = cmd->cmd_hdr.fence_id; 169 resp->ctx_id = cmd->cmd_hdr.ctx_id; 170 } 171 virtio_gpu_ctrl_hdr_bswap(resp); 172 s = iov_from_buf(cmd->elem.in_sg, cmd->elem.in_num, 0, resp, resp_len); 173 if (s != resp_len) { 174 qemu_log_mask(LOG_GUEST_ERROR, 175 "%s: response size incorrect %zu vs %zu\n", 176 __func__, s, resp_len); 177 } 178 virtqueue_push(cmd->vq, &cmd->elem, s); 179 virtio_notify(VIRTIO_DEVICE(g), cmd->vq); 180 cmd->finished = true; 181 } 182 183 void virtio_gpu_ctrl_response_nodata(VirtIOGPU *g, 184 struct virtio_gpu_ctrl_command *cmd, 185 enum virtio_gpu_ctrl_type type) 186 { 187 struct virtio_gpu_ctrl_hdr resp; 188 189 memset(&resp, 0, sizeof(resp)); 190 resp.type = type; 191 virtio_gpu_ctrl_response(g, cmd, &resp, sizeof(resp)); 192 } 193 194 void virtio_gpu_get_display_info(VirtIOGPU *g, 195 struct virtio_gpu_ctrl_command *cmd) 196 { 197 struct virtio_gpu_resp_display_info display_info; 198 199 trace_virtio_gpu_cmd_get_display_info(); 200 memset(&display_info, 0, sizeof(display_info)); 201 display_info.hdr.type = VIRTIO_GPU_RESP_OK_DISPLAY_INFO; 202 virtio_gpu_base_fill_display_info(VIRTIO_GPU_BASE(g), &display_info); 203 virtio_gpu_ctrl_response(g, cmd, &display_info.hdr, 204 sizeof(display_info)); 205 } 206 207 void virtio_gpu_get_edid(VirtIOGPU *g, 208 struct virtio_gpu_ctrl_command *cmd) 209 { 210 struct virtio_gpu_resp_edid edid; 211 struct virtio_gpu_cmd_get_edid get_edid; 212 VirtIOGPUBase *b = VIRTIO_GPU_BASE(g); 213 214 VIRTIO_GPU_FILL_CMD(get_edid); 215 virtio_gpu_bswap_32(&get_edid, sizeof(get_edid)); 216 217 if (get_edid.scanout >= b->conf.max_outputs) { 218 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_PARAMETER; 219 return; 220 } 221 222 trace_virtio_gpu_cmd_get_edid(get_edid.scanout); 223 memset(&edid, 0, sizeof(edid)); 224 edid.hdr.type = VIRTIO_GPU_RESP_OK_EDID; 225 virtio_gpu_base_generate_edid(VIRTIO_GPU_BASE(g), get_edid.scanout, &edid); 226 virtio_gpu_ctrl_response(g, cmd, &edid.hdr, sizeof(edid)); 227 } 228 229 static uint32_t calc_image_hostmem(pixman_format_code_t pformat, 230 uint32_t width, uint32_t height) 231 { 232 /* Copied from pixman/pixman-bits-image.c, skip integer overflow check. 233 * pixman_image_create_bits will fail in case it overflow. 234 */ 235 236 int bpp = PIXMAN_FORMAT_BPP(pformat); 237 int stride = ((width * bpp + 0x1f) >> 5) * sizeof(uint32_t); 238 return height * stride; 239 } 240 241 static void virtio_gpu_resource_create_2d(VirtIOGPU *g, 242 struct virtio_gpu_ctrl_command *cmd) 243 { 244 pixman_format_code_t pformat; 245 struct virtio_gpu_simple_resource *res; 246 struct virtio_gpu_resource_create_2d c2d; 247 248 VIRTIO_GPU_FILL_CMD(c2d); 249 virtio_gpu_bswap_32(&c2d, sizeof(c2d)); 250 trace_virtio_gpu_cmd_res_create_2d(c2d.resource_id, c2d.format, 251 c2d.width, c2d.height); 252 253 if (c2d.resource_id == 0) { 254 qemu_log_mask(LOG_GUEST_ERROR, "%s: resource id 0 is not allowed\n", 255 __func__); 256 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_RESOURCE_ID; 257 return; 258 } 259 260 res = virtio_gpu_find_resource(g, c2d.resource_id); 261 if (res) { 262 qemu_log_mask(LOG_GUEST_ERROR, "%s: resource already exists %d\n", 263 __func__, c2d.resource_id); 264 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_RESOURCE_ID; 265 return; 266 } 267 268 res = g_new0(struct virtio_gpu_simple_resource, 1); 269 270 res->width = c2d.width; 271 res->height = c2d.height; 272 res->format = c2d.format; 273 res->resource_id = c2d.resource_id; 274 275 pformat = virtio_gpu_get_pixman_format(c2d.format); 276 if (!pformat) { 277 qemu_log_mask(LOG_GUEST_ERROR, 278 "%s: host couldn't handle guest format %d\n", 279 __func__, c2d.format); 280 g_free(res); 281 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_PARAMETER; 282 return; 283 } 284 285 res->hostmem = calc_image_hostmem(pformat, c2d.width, c2d.height); 286 if (res->hostmem + g->hostmem < g->conf_max_hostmem) { 287 void *bits = NULL; 288 #ifdef WIN32 289 bits = qemu_win32_map_alloc(res->hostmem, &res->handle, &error_warn); 290 if (!bits) { 291 goto end; 292 } 293 #endif 294 res->image = pixman_image_create_bits( 295 pformat, 296 c2d.width, 297 c2d.height, 298 bits, c2d.height ? res->hostmem / c2d.height : 0); 299 #ifdef WIN32 300 if (res->image) { 301 pixman_image_set_destroy_function(res->image, qemu_pixman_win32_image_destroy, res->handle); 302 } 303 #endif 304 } 305 306 #ifdef WIN32 307 end: 308 #endif 309 if (!res->image) { 310 qemu_log_mask(LOG_GUEST_ERROR, 311 "%s: resource creation failed %d %d %d\n", 312 __func__, c2d.resource_id, c2d.width, c2d.height); 313 g_free(res); 314 cmd->error = VIRTIO_GPU_RESP_ERR_OUT_OF_MEMORY; 315 return; 316 } 317 318 QTAILQ_INSERT_HEAD(&g->reslist, res, next); 319 g->hostmem += res->hostmem; 320 } 321 322 static void virtio_gpu_resource_create_blob(VirtIOGPU *g, 323 struct virtio_gpu_ctrl_command *cmd) 324 { 325 struct virtio_gpu_simple_resource *res; 326 struct virtio_gpu_resource_create_blob cblob; 327 int ret; 328 329 VIRTIO_GPU_FILL_CMD(cblob); 330 virtio_gpu_create_blob_bswap(&cblob); 331 trace_virtio_gpu_cmd_res_create_blob(cblob.resource_id, cblob.size); 332 333 if (cblob.resource_id == 0) { 334 qemu_log_mask(LOG_GUEST_ERROR, "%s: resource id 0 is not allowed\n", 335 __func__); 336 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_RESOURCE_ID; 337 return; 338 } 339 340 if (cblob.blob_mem != VIRTIO_GPU_BLOB_MEM_GUEST && 341 cblob.blob_flags != VIRTIO_GPU_BLOB_FLAG_USE_SHAREABLE) { 342 qemu_log_mask(LOG_GUEST_ERROR, "%s: invalid memory type\n", 343 __func__); 344 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_PARAMETER; 345 return; 346 } 347 348 if (virtio_gpu_find_resource(g, cblob.resource_id)) { 349 qemu_log_mask(LOG_GUEST_ERROR, "%s: resource already exists %d\n", 350 __func__, cblob.resource_id); 351 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_RESOURCE_ID; 352 return; 353 } 354 355 res = g_new0(struct virtio_gpu_simple_resource, 1); 356 res->resource_id = cblob.resource_id; 357 res->blob_size = cblob.size; 358 359 ret = virtio_gpu_create_mapping_iov(g, cblob.nr_entries, sizeof(cblob), 360 cmd, &res->addrs, &res->iov, 361 &res->iov_cnt); 362 if (ret != 0) { 363 cmd->error = VIRTIO_GPU_RESP_ERR_UNSPEC; 364 g_free(res); 365 return; 366 } 367 368 virtio_gpu_init_udmabuf(res); 369 QTAILQ_INSERT_HEAD(&g->reslist, res, next); 370 } 371 372 static void virtio_gpu_disable_scanout(VirtIOGPU *g, int scanout_id) 373 { 374 struct virtio_gpu_scanout *scanout = &g->parent_obj.scanout[scanout_id]; 375 struct virtio_gpu_simple_resource *res; 376 377 if (scanout->resource_id == 0) { 378 return; 379 } 380 381 res = virtio_gpu_find_resource(g, scanout->resource_id); 382 if (res) { 383 res->scanout_bitmask &= ~(1 << scanout_id); 384 } 385 386 dpy_gfx_replace_surface(scanout->con, NULL); 387 scanout->resource_id = 0; 388 scanout->ds = NULL; 389 scanout->width = 0; 390 scanout->height = 0; 391 } 392 393 static void virtio_gpu_resource_destroy(VirtIOGPU *g, 394 struct virtio_gpu_simple_resource *res, 395 Error **errp) 396 { 397 int i; 398 399 if (res->scanout_bitmask) { 400 for (i = 0; i < g->parent_obj.conf.max_outputs; i++) { 401 if (res->scanout_bitmask & (1 << i)) { 402 virtio_gpu_disable_scanout(g, i); 403 } 404 } 405 } 406 407 qemu_pixman_image_unref(res->image); 408 virtio_gpu_cleanup_mapping(g, res); 409 QTAILQ_REMOVE(&g->reslist, res, next); 410 g->hostmem -= res->hostmem; 411 g_free(res); 412 } 413 414 static void virtio_gpu_resource_unref(VirtIOGPU *g, 415 struct virtio_gpu_ctrl_command *cmd) 416 { 417 struct virtio_gpu_simple_resource *res; 418 struct virtio_gpu_resource_unref unref; 419 420 VIRTIO_GPU_FILL_CMD(unref); 421 virtio_gpu_bswap_32(&unref, sizeof(unref)); 422 trace_virtio_gpu_cmd_res_unref(unref.resource_id); 423 424 res = virtio_gpu_find_resource(g, unref.resource_id); 425 if (!res) { 426 qemu_log_mask(LOG_GUEST_ERROR, "%s: illegal resource specified %d\n", 427 __func__, unref.resource_id); 428 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_RESOURCE_ID; 429 return; 430 } 431 /* 432 * virtio_gpu_resource_destroy does not set any errors, so pass a NULL errp 433 * to ignore them. 434 */ 435 virtio_gpu_resource_destroy(g, res, NULL); 436 } 437 438 static void virtio_gpu_transfer_to_host_2d(VirtIOGPU *g, 439 struct virtio_gpu_ctrl_command *cmd) 440 { 441 struct virtio_gpu_simple_resource *res; 442 int h, bpp; 443 uint32_t src_offset, dst_offset, stride; 444 pixman_format_code_t format; 445 struct virtio_gpu_transfer_to_host_2d t2d; 446 void *img_data; 447 448 VIRTIO_GPU_FILL_CMD(t2d); 449 virtio_gpu_t2d_bswap(&t2d); 450 trace_virtio_gpu_cmd_res_xfer_toh_2d(t2d.resource_id); 451 452 res = virtio_gpu_find_check_resource(g, t2d.resource_id, true, 453 __func__, &cmd->error); 454 if (!res || res->blob) { 455 return; 456 } 457 458 if (t2d.r.x > res->width || 459 t2d.r.y > res->height || 460 t2d.r.width > res->width || 461 t2d.r.height > res->height || 462 t2d.r.x + t2d.r.width > res->width || 463 t2d.r.y + t2d.r.height > res->height) { 464 qemu_log_mask(LOG_GUEST_ERROR, "%s: transfer bounds outside resource" 465 " bounds for resource %d: %d %d %d %d vs %d %d\n", 466 __func__, t2d.resource_id, t2d.r.x, t2d.r.y, 467 t2d.r.width, t2d.r.height, res->width, res->height); 468 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_PARAMETER; 469 return; 470 } 471 472 format = pixman_image_get_format(res->image); 473 bpp = DIV_ROUND_UP(PIXMAN_FORMAT_BPP(format), 8); 474 stride = pixman_image_get_stride(res->image); 475 img_data = pixman_image_get_data(res->image); 476 477 if (t2d.r.x || t2d.r.width != pixman_image_get_width(res->image)) { 478 for (h = 0; h < t2d.r.height; h++) { 479 src_offset = t2d.offset + stride * h; 480 dst_offset = (t2d.r.y + h) * stride + (t2d.r.x * bpp); 481 482 iov_to_buf(res->iov, res->iov_cnt, src_offset, 483 (uint8_t *)img_data + dst_offset, 484 t2d.r.width * bpp); 485 } 486 } else { 487 src_offset = t2d.offset; 488 dst_offset = t2d.r.y * stride + t2d.r.x * bpp; 489 iov_to_buf(res->iov, res->iov_cnt, src_offset, 490 (uint8_t *)img_data + dst_offset, 491 stride * t2d.r.height); 492 } 493 } 494 495 static void virtio_gpu_resource_flush(VirtIOGPU *g, 496 struct virtio_gpu_ctrl_command *cmd) 497 { 498 struct virtio_gpu_simple_resource *res; 499 struct virtio_gpu_resource_flush rf; 500 struct virtio_gpu_scanout *scanout; 501 QemuRect flush_rect; 502 bool within_bounds = false; 503 bool update_submitted = false; 504 int i; 505 506 VIRTIO_GPU_FILL_CMD(rf); 507 virtio_gpu_bswap_32(&rf, sizeof(rf)); 508 trace_virtio_gpu_cmd_res_flush(rf.resource_id, 509 rf.r.width, rf.r.height, rf.r.x, rf.r.y); 510 511 res = virtio_gpu_find_check_resource(g, rf.resource_id, false, 512 __func__, &cmd->error); 513 if (!res) { 514 return; 515 } 516 517 if (res->blob) { 518 for (i = 0; i < g->parent_obj.conf.max_outputs; i++) { 519 scanout = &g->parent_obj.scanout[i]; 520 if (scanout->resource_id == res->resource_id && 521 rf.r.x < scanout->x + scanout->width && 522 rf.r.x + rf.r.width >= scanout->x && 523 rf.r.y < scanout->y + scanout->height && 524 rf.r.y + rf.r.height >= scanout->y) { 525 within_bounds = true; 526 527 if (console_has_gl(scanout->con)) { 528 dpy_gl_update(scanout->con, 0, 0, scanout->width, 529 scanout->height); 530 update_submitted = true; 531 } 532 } 533 } 534 535 if (update_submitted) { 536 return; 537 } 538 if (!within_bounds) { 539 qemu_log_mask(LOG_GUEST_ERROR, "%s: flush bounds outside scanouts" 540 " bounds for flush %d: %d %d %d %d\n", 541 __func__, rf.resource_id, rf.r.x, rf.r.y, 542 rf.r.width, rf.r.height); 543 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_PARAMETER; 544 return; 545 } 546 } 547 548 if (!res->blob && 549 (rf.r.x > res->width || 550 rf.r.y > res->height || 551 rf.r.width > res->width || 552 rf.r.height > res->height || 553 rf.r.x + rf.r.width > res->width || 554 rf.r.y + rf.r.height > res->height)) { 555 qemu_log_mask(LOG_GUEST_ERROR, "%s: flush bounds outside resource" 556 " bounds for resource %d: %d %d %d %d vs %d %d\n", 557 __func__, rf.resource_id, rf.r.x, rf.r.y, 558 rf.r.width, rf.r.height, res->width, res->height); 559 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_PARAMETER; 560 return; 561 } 562 563 qemu_rect_init(&flush_rect, rf.r.x, rf.r.y, rf.r.width, rf.r.height); 564 for (i = 0; i < g->parent_obj.conf.max_outputs; i++) { 565 QemuRect rect; 566 567 if (!(res->scanout_bitmask & (1 << i))) { 568 continue; 569 } 570 scanout = &g->parent_obj.scanout[i]; 571 572 qemu_rect_init(&rect, scanout->x, scanout->y, 573 scanout->width, scanout->height); 574 575 /* work out the area we need to update for each console */ 576 if (qemu_rect_intersect(&flush_rect, &rect, &rect)) { 577 qemu_rect_translate(&rect, -scanout->x, -scanout->y); 578 dpy_gfx_update(g->parent_obj.scanout[i].con, 579 rect.x, rect.y, rect.width, rect.height); 580 } 581 } 582 } 583 584 static void virtio_unref_resource(pixman_image_t *image, void *data) 585 { 586 pixman_image_unref(data); 587 } 588 589 static void virtio_gpu_update_scanout(VirtIOGPU *g, 590 uint32_t scanout_id, 591 struct virtio_gpu_simple_resource *res, 592 struct virtio_gpu_framebuffer *fb, 593 struct virtio_gpu_rect *r) 594 { 595 struct virtio_gpu_simple_resource *ores; 596 struct virtio_gpu_scanout *scanout; 597 598 scanout = &g->parent_obj.scanout[scanout_id]; 599 ores = virtio_gpu_find_resource(g, scanout->resource_id); 600 if (ores) { 601 ores->scanout_bitmask &= ~(1 << scanout_id); 602 } 603 604 res->scanout_bitmask |= (1 << scanout_id); 605 scanout->resource_id = res->resource_id; 606 scanout->x = r->x; 607 scanout->y = r->y; 608 scanout->width = r->width; 609 scanout->height = r->height; 610 scanout->fb = *fb; 611 } 612 613 static bool virtio_gpu_do_set_scanout(VirtIOGPU *g, 614 uint32_t scanout_id, 615 struct virtio_gpu_framebuffer *fb, 616 struct virtio_gpu_simple_resource *res, 617 struct virtio_gpu_rect *r, 618 uint32_t *error) 619 { 620 struct virtio_gpu_scanout *scanout; 621 uint8_t *data; 622 623 scanout = &g->parent_obj.scanout[scanout_id]; 624 625 if (r->x > fb->width || 626 r->y > fb->height || 627 r->width < 16 || 628 r->height < 16 || 629 r->width > fb->width || 630 r->height > fb->height || 631 r->x + r->width > fb->width || 632 r->y + r->height > fb->height) { 633 qemu_log_mask(LOG_GUEST_ERROR, "%s: illegal scanout %d bounds for" 634 " resource %d, rect (%d,%d)+%d,%d, fb %d %d\n", 635 __func__, scanout_id, res->resource_id, 636 r->x, r->y, r->width, r->height, 637 fb->width, fb->height); 638 *error = VIRTIO_GPU_RESP_ERR_INVALID_PARAMETER; 639 return false; 640 } 641 642 g->parent_obj.enable = 1; 643 644 if (res->blob) { 645 if (console_has_gl(scanout->con)) { 646 if (!virtio_gpu_update_dmabuf(g, scanout_id, res, fb, r)) { 647 virtio_gpu_update_scanout(g, scanout_id, res, fb, r); 648 } else { 649 *error = VIRTIO_GPU_RESP_ERR_OUT_OF_MEMORY; 650 return false; 651 } 652 return true; 653 } 654 655 data = res->blob; 656 } else { 657 data = (uint8_t *)pixman_image_get_data(res->image); 658 } 659 660 /* create a surface for this scanout */ 661 if ((res->blob && !console_has_gl(scanout->con)) || 662 !scanout->ds || 663 surface_data(scanout->ds) != data + fb->offset || 664 scanout->width != r->width || 665 scanout->height != r->height) { 666 pixman_image_t *rect; 667 void *ptr = data + fb->offset; 668 rect = pixman_image_create_bits(fb->format, r->width, r->height, 669 ptr, fb->stride); 670 671 if (res->image) { 672 pixman_image_ref(res->image); 673 pixman_image_set_destroy_function(rect, virtio_unref_resource, 674 res->image); 675 } 676 677 /* realloc the surface ptr */ 678 scanout->ds = qemu_create_displaysurface_pixman(rect); 679 #ifdef WIN32 680 qemu_displaysurface_win32_set_handle(scanout->ds, res->handle, fb->offset); 681 #endif 682 683 pixman_image_unref(rect); 684 dpy_gfx_replace_surface(g->parent_obj.scanout[scanout_id].con, 685 scanout->ds); 686 } 687 688 virtio_gpu_update_scanout(g, scanout_id, res, fb, r); 689 return true; 690 } 691 692 static void virtio_gpu_set_scanout(VirtIOGPU *g, 693 struct virtio_gpu_ctrl_command *cmd) 694 { 695 struct virtio_gpu_simple_resource *res; 696 struct virtio_gpu_framebuffer fb = { 0 }; 697 struct virtio_gpu_set_scanout ss; 698 699 VIRTIO_GPU_FILL_CMD(ss); 700 virtio_gpu_bswap_32(&ss, sizeof(ss)); 701 trace_virtio_gpu_cmd_set_scanout(ss.scanout_id, ss.resource_id, 702 ss.r.width, ss.r.height, ss.r.x, ss.r.y); 703 704 if (ss.scanout_id >= g->parent_obj.conf.max_outputs) { 705 qemu_log_mask(LOG_GUEST_ERROR, "%s: illegal scanout id specified %d", 706 __func__, ss.scanout_id); 707 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_SCANOUT_ID; 708 return; 709 } 710 711 if (ss.resource_id == 0) { 712 virtio_gpu_disable_scanout(g, ss.scanout_id); 713 return; 714 } 715 716 res = virtio_gpu_find_check_resource(g, ss.resource_id, true, 717 __func__, &cmd->error); 718 if (!res) { 719 return; 720 } 721 722 fb.format = pixman_image_get_format(res->image); 723 fb.bytes_pp = DIV_ROUND_UP(PIXMAN_FORMAT_BPP(fb.format), 8); 724 fb.width = pixman_image_get_width(res->image); 725 fb.height = pixman_image_get_height(res->image); 726 fb.stride = pixman_image_get_stride(res->image); 727 fb.offset = ss.r.x * fb.bytes_pp + ss.r.y * fb.stride; 728 729 virtio_gpu_do_set_scanout(g, ss.scanout_id, 730 &fb, res, &ss.r, &cmd->error); 731 } 732 733 static void virtio_gpu_set_scanout_blob(VirtIOGPU *g, 734 struct virtio_gpu_ctrl_command *cmd) 735 { 736 struct virtio_gpu_simple_resource *res; 737 struct virtio_gpu_framebuffer fb = { 0 }; 738 struct virtio_gpu_set_scanout_blob ss; 739 uint64_t fbend; 740 741 VIRTIO_GPU_FILL_CMD(ss); 742 virtio_gpu_scanout_blob_bswap(&ss); 743 trace_virtio_gpu_cmd_set_scanout_blob(ss.scanout_id, ss.resource_id, 744 ss.r.width, ss.r.height, ss.r.x, 745 ss.r.y); 746 747 if (ss.scanout_id >= g->parent_obj.conf.max_outputs) { 748 qemu_log_mask(LOG_GUEST_ERROR, "%s: illegal scanout id specified %d", 749 __func__, ss.scanout_id); 750 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_SCANOUT_ID; 751 return; 752 } 753 754 if (ss.resource_id == 0) { 755 virtio_gpu_disable_scanout(g, ss.scanout_id); 756 return; 757 } 758 759 res = virtio_gpu_find_check_resource(g, ss.resource_id, true, 760 __func__, &cmd->error); 761 if (!res) { 762 return; 763 } 764 765 fb.format = virtio_gpu_get_pixman_format(ss.format); 766 if (!fb.format) { 767 qemu_log_mask(LOG_GUEST_ERROR, 768 "%s: host couldn't handle guest format %d\n", 769 __func__, ss.format); 770 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_PARAMETER; 771 return; 772 } 773 774 fb.bytes_pp = DIV_ROUND_UP(PIXMAN_FORMAT_BPP(fb.format), 8); 775 fb.width = ss.width; 776 fb.height = ss.height; 777 fb.stride = ss.strides[0]; 778 fb.offset = ss.offsets[0] + ss.r.x * fb.bytes_pp + ss.r.y * fb.stride; 779 780 fbend = fb.offset; 781 fbend += fb.stride * (ss.r.height - 1); 782 fbend += fb.bytes_pp * ss.r.width; 783 if (fbend > res->blob_size) { 784 qemu_log_mask(LOG_GUEST_ERROR, 785 "%s: fb end out of range\n", 786 __func__); 787 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_PARAMETER; 788 return; 789 } 790 791 virtio_gpu_do_set_scanout(g, ss.scanout_id, 792 &fb, res, &ss.r, &cmd->error); 793 } 794 795 int virtio_gpu_create_mapping_iov(VirtIOGPU *g, 796 uint32_t nr_entries, uint32_t offset, 797 struct virtio_gpu_ctrl_command *cmd, 798 uint64_t **addr, struct iovec **iov, 799 uint32_t *niov) 800 { 801 struct virtio_gpu_mem_entry *ents; 802 size_t esize, s; 803 int e, v; 804 805 if (nr_entries > 16384) { 806 qemu_log_mask(LOG_GUEST_ERROR, 807 "%s: nr_entries is too big (%d > 16384)\n", 808 __func__, nr_entries); 809 return -1; 810 } 811 812 esize = sizeof(*ents) * nr_entries; 813 ents = g_malloc(esize); 814 s = iov_to_buf(cmd->elem.out_sg, cmd->elem.out_num, 815 offset, ents, esize); 816 if (s != esize) { 817 qemu_log_mask(LOG_GUEST_ERROR, 818 "%s: command data size incorrect %zu vs %zu\n", 819 __func__, s, esize); 820 g_free(ents); 821 return -1; 822 } 823 824 *iov = NULL; 825 if (addr) { 826 *addr = NULL; 827 } 828 for (e = 0, v = 0; e < nr_entries; e++) { 829 uint64_t a = le64_to_cpu(ents[e].addr); 830 uint32_t l = le32_to_cpu(ents[e].length); 831 hwaddr len; 832 void *map; 833 834 do { 835 len = l; 836 map = dma_memory_map(VIRTIO_DEVICE(g)->dma_as, a, &len, 837 DMA_DIRECTION_TO_DEVICE, 838 MEMTXATTRS_UNSPECIFIED); 839 if (!map) { 840 qemu_log_mask(LOG_GUEST_ERROR, "%s: failed to map MMIO memory for" 841 " element %d\n", __func__, e); 842 virtio_gpu_cleanup_mapping_iov(g, *iov, v); 843 g_free(ents); 844 *iov = NULL; 845 if (addr) { 846 g_free(*addr); 847 *addr = NULL; 848 } 849 return -1; 850 } 851 852 if (!(v % 16)) { 853 *iov = g_renew(struct iovec, *iov, v + 16); 854 if (addr) { 855 *addr = g_renew(uint64_t, *addr, v + 16); 856 } 857 } 858 (*iov)[v].iov_base = map; 859 (*iov)[v].iov_len = len; 860 if (addr) { 861 (*addr)[v] = a; 862 } 863 864 a += len; 865 l -= len; 866 v += 1; 867 } while (l > 0); 868 } 869 *niov = v; 870 871 g_free(ents); 872 return 0; 873 } 874 875 void virtio_gpu_cleanup_mapping_iov(VirtIOGPU *g, 876 struct iovec *iov, uint32_t count) 877 { 878 int i; 879 880 for (i = 0; i < count; i++) { 881 dma_memory_unmap(VIRTIO_DEVICE(g)->dma_as, 882 iov[i].iov_base, iov[i].iov_len, 883 DMA_DIRECTION_TO_DEVICE, 884 iov[i].iov_len); 885 } 886 g_free(iov); 887 } 888 889 void virtio_gpu_cleanup_mapping(VirtIOGPU *g, 890 struct virtio_gpu_simple_resource *res) 891 { 892 virtio_gpu_cleanup_mapping_iov(g, res->iov, res->iov_cnt); 893 res->iov = NULL; 894 res->iov_cnt = 0; 895 g_free(res->addrs); 896 res->addrs = NULL; 897 898 if (res->blob) { 899 virtio_gpu_fini_udmabuf(res); 900 } 901 } 902 903 static void 904 virtio_gpu_resource_attach_backing(VirtIOGPU *g, 905 struct virtio_gpu_ctrl_command *cmd) 906 { 907 struct virtio_gpu_simple_resource *res; 908 struct virtio_gpu_resource_attach_backing ab; 909 int ret; 910 911 VIRTIO_GPU_FILL_CMD(ab); 912 virtio_gpu_bswap_32(&ab, sizeof(ab)); 913 trace_virtio_gpu_cmd_res_back_attach(ab.resource_id); 914 915 res = virtio_gpu_find_resource(g, ab.resource_id); 916 if (!res) { 917 qemu_log_mask(LOG_GUEST_ERROR, "%s: illegal resource specified %d\n", 918 __func__, ab.resource_id); 919 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_RESOURCE_ID; 920 return; 921 } 922 923 if (res->iov) { 924 cmd->error = VIRTIO_GPU_RESP_ERR_UNSPEC; 925 return; 926 } 927 928 ret = virtio_gpu_create_mapping_iov(g, ab.nr_entries, sizeof(ab), cmd, 929 &res->addrs, &res->iov, &res->iov_cnt); 930 if (ret != 0) { 931 cmd->error = VIRTIO_GPU_RESP_ERR_UNSPEC; 932 return; 933 } 934 } 935 936 static void 937 virtio_gpu_resource_detach_backing(VirtIOGPU *g, 938 struct virtio_gpu_ctrl_command *cmd) 939 { 940 struct virtio_gpu_simple_resource *res; 941 struct virtio_gpu_resource_detach_backing detach; 942 943 VIRTIO_GPU_FILL_CMD(detach); 944 virtio_gpu_bswap_32(&detach, sizeof(detach)); 945 trace_virtio_gpu_cmd_res_back_detach(detach.resource_id); 946 947 res = virtio_gpu_find_check_resource(g, detach.resource_id, true, 948 __func__, &cmd->error); 949 if (!res) { 950 return; 951 } 952 virtio_gpu_cleanup_mapping(g, res); 953 } 954 955 void virtio_gpu_simple_process_cmd(VirtIOGPU *g, 956 struct virtio_gpu_ctrl_command *cmd) 957 { 958 VIRTIO_GPU_FILL_CMD(cmd->cmd_hdr); 959 virtio_gpu_ctrl_hdr_bswap(&cmd->cmd_hdr); 960 961 switch (cmd->cmd_hdr.type) { 962 case VIRTIO_GPU_CMD_GET_DISPLAY_INFO: 963 virtio_gpu_get_display_info(g, cmd); 964 break; 965 case VIRTIO_GPU_CMD_GET_EDID: 966 virtio_gpu_get_edid(g, cmd); 967 break; 968 case VIRTIO_GPU_CMD_RESOURCE_CREATE_2D: 969 virtio_gpu_resource_create_2d(g, cmd); 970 break; 971 case VIRTIO_GPU_CMD_RESOURCE_CREATE_BLOB: 972 if (!virtio_gpu_blob_enabled(g->parent_obj.conf)) { 973 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_PARAMETER; 974 break; 975 } 976 virtio_gpu_resource_create_blob(g, cmd); 977 break; 978 case VIRTIO_GPU_CMD_RESOURCE_UNREF: 979 virtio_gpu_resource_unref(g, cmd); 980 break; 981 case VIRTIO_GPU_CMD_RESOURCE_FLUSH: 982 virtio_gpu_resource_flush(g, cmd); 983 break; 984 case VIRTIO_GPU_CMD_TRANSFER_TO_HOST_2D: 985 virtio_gpu_transfer_to_host_2d(g, cmd); 986 break; 987 case VIRTIO_GPU_CMD_SET_SCANOUT: 988 virtio_gpu_set_scanout(g, cmd); 989 break; 990 case VIRTIO_GPU_CMD_SET_SCANOUT_BLOB: 991 if (!virtio_gpu_blob_enabled(g->parent_obj.conf)) { 992 cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_PARAMETER; 993 break; 994 } 995 virtio_gpu_set_scanout_blob(g, cmd); 996 break; 997 case VIRTIO_GPU_CMD_RESOURCE_ATTACH_BACKING: 998 virtio_gpu_resource_attach_backing(g, cmd); 999 break; 1000 case VIRTIO_GPU_CMD_RESOURCE_DETACH_BACKING: 1001 virtio_gpu_resource_detach_backing(g, cmd); 1002 break; 1003 default: 1004 cmd->error = VIRTIO_GPU_RESP_ERR_UNSPEC; 1005 break; 1006 } 1007 if (!cmd->finished) { 1008 if (!g->parent_obj.renderer_blocked) { 1009 virtio_gpu_ctrl_response_nodata(g, cmd, cmd->error ? cmd->error : 1010 VIRTIO_GPU_RESP_OK_NODATA); 1011 } 1012 } 1013 } 1014 1015 static void virtio_gpu_handle_ctrl_cb(VirtIODevice *vdev, VirtQueue *vq) 1016 { 1017 VirtIOGPU *g = VIRTIO_GPU(vdev); 1018 qemu_bh_schedule(g->ctrl_bh); 1019 } 1020 1021 static void virtio_gpu_handle_cursor_cb(VirtIODevice *vdev, VirtQueue *vq) 1022 { 1023 VirtIOGPU *g = VIRTIO_GPU(vdev); 1024 qemu_bh_schedule(g->cursor_bh); 1025 } 1026 1027 void virtio_gpu_process_cmdq(VirtIOGPU *g) 1028 { 1029 struct virtio_gpu_ctrl_command *cmd; 1030 VirtIOGPUClass *vgc = VIRTIO_GPU_GET_CLASS(g); 1031 1032 if (g->processing_cmdq) { 1033 return; 1034 } 1035 g->processing_cmdq = true; 1036 while (!QTAILQ_EMPTY(&g->cmdq)) { 1037 cmd = QTAILQ_FIRST(&g->cmdq); 1038 1039 if (g->parent_obj.renderer_blocked) { 1040 break; 1041 } 1042 1043 /* process command */ 1044 vgc->process_cmd(g, cmd); 1045 1046 QTAILQ_REMOVE(&g->cmdq, cmd, next); 1047 if (virtio_gpu_stats_enabled(g->parent_obj.conf)) { 1048 g->stats.requests++; 1049 } 1050 1051 if (!cmd->finished) { 1052 QTAILQ_INSERT_TAIL(&g->fenceq, cmd, next); 1053 g->inflight++; 1054 if (virtio_gpu_stats_enabled(g->parent_obj.conf)) { 1055 if (g->stats.max_inflight < g->inflight) { 1056 g->stats.max_inflight = g->inflight; 1057 } 1058 fprintf(stderr, "inflight: %3d (+)\r", g->inflight); 1059 } 1060 } else { 1061 g_free(cmd); 1062 } 1063 } 1064 g->processing_cmdq = false; 1065 } 1066 1067 static void virtio_gpu_process_fenceq(VirtIOGPU *g) 1068 { 1069 struct virtio_gpu_ctrl_command *cmd, *tmp; 1070 1071 QTAILQ_FOREACH_SAFE(cmd, &g->fenceq, next, tmp) { 1072 trace_virtio_gpu_fence_resp(cmd->cmd_hdr.fence_id); 1073 virtio_gpu_ctrl_response_nodata(g, cmd, VIRTIO_GPU_RESP_OK_NODATA); 1074 QTAILQ_REMOVE(&g->fenceq, cmd, next); 1075 g_free(cmd); 1076 g->inflight--; 1077 if (virtio_gpu_stats_enabled(g->parent_obj.conf)) { 1078 fprintf(stderr, "inflight: %3d (-)\r", g->inflight); 1079 } 1080 } 1081 } 1082 1083 static void virtio_gpu_handle_gl_flushed(VirtIOGPUBase *b) 1084 { 1085 VirtIOGPU *g = container_of(b, VirtIOGPU, parent_obj); 1086 1087 virtio_gpu_process_fenceq(g); 1088 virtio_gpu_process_cmdq(g); 1089 } 1090 1091 static void virtio_gpu_handle_ctrl(VirtIODevice *vdev, VirtQueue *vq) 1092 { 1093 VirtIOGPU *g = VIRTIO_GPU(vdev); 1094 struct virtio_gpu_ctrl_command *cmd; 1095 1096 if (!virtio_queue_ready(vq)) { 1097 return; 1098 } 1099 1100 cmd = virtqueue_pop(vq, sizeof(struct virtio_gpu_ctrl_command)); 1101 while (cmd) { 1102 cmd->vq = vq; 1103 cmd->error = 0; 1104 cmd->finished = false; 1105 QTAILQ_INSERT_TAIL(&g->cmdq, cmd, next); 1106 cmd = virtqueue_pop(vq, sizeof(struct virtio_gpu_ctrl_command)); 1107 } 1108 1109 virtio_gpu_process_cmdq(g); 1110 } 1111 1112 static void virtio_gpu_ctrl_bh(void *opaque) 1113 { 1114 VirtIOGPU *g = opaque; 1115 VirtIOGPUClass *vgc = VIRTIO_GPU_GET_CLASS(g); 1116 1117 vgc->handle_ctrl(VIRTIO_DEVICE(g), g->ctrl_vq); 1118 } 1119 1120 static void virtio_gpu_handle_cursor(VirtIODevice *vdev, VirtQueue *vq) 1121 { 1122 VirtIOGPU *g = VIRTIO_GPU(vdev); 1123 VirtQueueElement *elem; 1124 size_t s; 1125 struct virtio_gpu_update_cursor cursor_info; 1126 1127 if (!virtio_queue_ready(vq)) { 1128 return; 1129 } 1130 for (;;) { 1131 elem = virtqueue_pop(vq, sizeof(VirtQueueElement)); 1132 if (!elem) { 1133 break; 1134 } 1135 1136 s = iov_to_buf(elem->out_sg, elem->out_num, 0, 1137 &cursor_info, sizeof(cursor_info)); 1138 if (s != sizeof(cursor_info)) { 1139 qemu_log_mask(LOG_GUEST_ERROR, 1140 "%s: cursor size incorrect %zu vs %zu\n", 1141 __func__, s, sizeof(cursor_info)); 1142 } else { 1143 virtio_gpu_bswap_32(&cursor_info, sizeof(cursor_info)); 1144 update_cursor(g, &cursor_info); 1145 } 1146 virtqueue_push(vq, elem, 0); 1147 virtio_notify(vdev, vq); 1148 g_free(elem); 1149 } 1150 } 1151 1152 static void virtio_gpu_cursor_bh(void *opaque) 1153 { 1154 VirtIOGPU *g = opaque; 1155 virtio_gpu_handle_cursor(&g->parent_obj.parent_obj, g->cursor_vq); 1156 } 1157 1158 static bool scanout_vmstate_after_v2(void *opaque, int version) 1159 { 1160 struct VirtIOGPUBase *base = container_of(opaque, VirtIOGPUBase, scanout); 1161 struct VirtIOGPU *gpu = container_of(base, VirtIOGPU, parent_obj); 1162 1163 return gpu->scanout_vmstate_version >= 2; 1164 } 1165 1166 static const VMStateDescription vmstate_virtio_gpu_scanout = { 1167 .name = "virtio-gpu-one-scanout", 1168 .version_id = 1, 1169 .fields = (const VMStateField[]) { 1170 VMSTATE_UINT32(resource_id, struct virtio_gpu_scanout), 1171 VMSTATE_UINT32(width, struct virtio_gpu_scanout), 1172 VMSTATE_UINT32(height, struct virtio_gpu_scanout), 1173 VMSTATE_INT32(x, struct virtio_gpu_scanout), 1174 VMSTATE_INT32(y, struct virtio_gpu_scanout), 1175 VMSTATE_UINT32(cursor.resource_id, struct virtio_gpu_scanout), 1176 VMSTATE_UINT32(cursor.hot_x, struct virtio_gpu_scanout), 1177 VMSTATE_UINT32(cursor.hot_y, struct virtio_gpu_scanout), 1178 VMSTATE_UINT32(cursor.pos.x, struct virtio_gpu_scanout), 1179 VMSTATE_UINT32(cursor.pos.y, struct virtio_gpu_scanout), 1180 VMSTATE_UINT32_TEST(fb.format, struct virtio_gpu_scanout, 1181 scanout_vmstate_after_v2), 1182 VMSTATE_UINT32_TEST(fb.bytes_pp, struct virtio_gpu_scanout, 1183 scanout_vmstate_after_v2), 1184 VMSTATE_UINT32_TEST(fb.width, struct virtio_gpu_scanout, 1185 scanout_vmstate_after_v2), 1186 VMSTATE_UINT32_TEST(fb.height, struct virtio_gpu_scanout, 1187 scanout_vmstate_after_v2), 1188 VMSTATE_UINT32_TEST(fb.stride, struct virtio_gpu_scanout, 1189 scanout_vmstate_after_v2), 1190 VMSTATE_UINT32_TEST(fb.offset, struct virtio_gpu_scanout, 1191 scanout_vmstate_after_v2), 1192 VMSTATE_END_OF_LIST() 1193 }, 1194 }; 1195 1196 static const VMStateDescription vmstate_virtio_gpu_scanouts = { 1197 .name = "virtio-gpu-scanouts", 1198 .version_id = 1, 1199 .fields = (const VMStateField[]) { 1200 VMSTATE_INT32(parent_obj.enable, struct VirtIOGPU), 1201 VMSTATE_UINT32_EQUAL(parent_obj.conf.max_outputs, 1202 struct VirtIOGPU, NULL), 1203 VMSTATE_STRUCT_VARRAY_UINT32(parent_obj.scanout, struct VirtIOGPU, 1204 parent_obj.conf.max_outputs, 1, 1205 vmstate_virtio_gpu_scanout, 1206 struct virtio_gpu_scanout), 1207 VMSTATE_END_OF_LIST() 1208 }, 1209 }; 1210 1211 static int virtio_gpu_save(QEMUFile *f, void *opaque, size_t size, 1212 const VMStateField *field, JSONWriter *vmdesc) 1213 { 1214 VirtIOGPU *g = opaque; 1215 struct virtio_gpu_simple_resource *res; 1216 int i; 1217 1218 /* in 2d mode we should never find unprocessed commands here */ 1219 assert(QTAILQ_EMPTY(&g->cmdq)); 1220 1221 QTAILQ_FOREACH(res, &g->reslist, next) { 1222 if (res->blob_size) { 1223 continue; 1224 } 1225 qemu_put_be32(f, res->resource_id); 1226 qemu_put_be32(f, res->width); 1227 qemu_put_be32(f, res->height); 1228 qemu_put_be32(f, res->format); 1229 qemu_put_be32(f, res->iov_cnt); 1230 for (i = 0; i < res->iov_cnt; i++) { 1231 qemu_put_be64(f, res->addrs[i]); 1232 qemu_put_be32(f, res->iov[i].iov_len); 1233 } 1234 qemu_put_buffer(f, (void *)pixman_image_get_data(res->image), 1235 pixman_image_get_stride(res->image) * res->height); 1236 } 1237 qemu_put_be32(f, 0); /* end of list */ 1238 1239 return vmstate_save_state(f, &vmstate_virtio_gpu_scanouts, g, NULL); 1240 } 1241 1242 static bool virtio_gpu_load_restore_mapping(VirtIOGPU *g, 1243 struct virtio_gpu_simple_resource *res) 1244 { 1245 int i; 1246 1247 for (i = 0; i < res->iov_cnt; i++) { 1248 hwaddr len = res->iov[i].iov_len; 1249 res->iov[i].iov_base = 1250 dma_memory_map(VIRTIO_DEVICE(g)->dma_as, res->addrs[i], &len, 1251 DMA_DIRECTION_TO_DEVICE, MEMTXATTRS_UNSPECIFIED); 1252 1253 if (!res->iov[i].iov_base || len != res->iov[i].iov_len) { 1254 /* Clean up the half-a-mapping we just created... */ 1255 if (res->iov[i].iov_base) { 1256 dma_memory_unmap(VIRTIO_DEVICE(g)->dma_as, res->iov[i].iov_base, 1257 len, DMA_DIRECTION_TO_DEVICE, 0); 1258 } 1259 /* ...and the mappings for previous loop iterations */ 1260 res->iov_cnt = i; 1261 virtio_gpu_cleanup_mapping(g, res); 1262 return false; 1263 } 1264 } 1265 1266 QTAILQ_INSERT_HEAD(&g->reslist, res, next); 1267 g->hostmem += res->hostmem; 1268 return true; 1269 } 1270 1271 static int virtio_gpu_load(QEMUFile *f, void *opaque, size_t size, 1272 const VMStateField *field) 1273 { 1274 VirtIOGPU *g = opaque; 1275 struct virtio_gpu_simple_resource *res; 1276 uint32_t resource_id, pformat; 1277 void *bits = NULL; 1278 int i; 1279 1280 g->hostmem = 0; 1281 1282 resource_id = qemu_get_be32(f); 1283 while (resource_id != 0) { 1284 res = virtio_gpu_find_resource(g, resource_id); 1285 if (res) { 1286 return -EINVAL; 1287 } 1288 1289 res = g_new0(struct virtio_gpu_simple_resource, 1); 1290 res->resource_id = resource_id; 1291 res->width = qemu_get_be32(f); 1292 res->height = qemu_get_be32(f); 1293 res->format = qemu_get_be32(f); 1294 res->iov_cnt = qemu_get_be32(f); 1295 1296 /* allocate */ 1297 pformat = virtio_gpu_get_pixman_format(res->format); 1298 if (!pformat) { 1299 g_free(res); 1300 return -EINVAL; 1301 } 1302 1303 res->hostmem = calc_image_hostmem(pformat, res->width, res->height); 1304 #ifdef WIN32 1305 bits = qemu_win32_map_alloc(res->hostmem, &res->handle, &error_warn); 1306 if (!bits) { 1307 g_free(res); 1308 return -EINVAL; 1309 } 1310 #endif 1311 res->image = pixman_image_create_bits( 1312 pformat, 1313 res->width, res->height, 1314 bits, res->height ? res->hostmem / res->height : 0); 1315 if (!res->image) { 1316 g_free(res); 1317 return -EINVAL; 1318 } 1319 #ifdef WIN32 1320 pixman_image_set_destroy_function(res->image, qemu_pixman_win32_image_destroy, res->handle); 1321 #endif 1322 1323 res->addrs = g_new(uint64_t, res->iov_cnt); 1324 res->iov = g_new(struct iovec, res->iov_cnt); 1325 1326 /* read data */ 1327 for (i = 0; i < res->iov_cnt; i++) { 1328 res->addrs[i] = qemu_get_be64(f); 1329 res->iov[i].iov_len = qemu_get_be32(f); 1330 } 1331 qemu_get_buffer(f, (void *)pixman_image_get_data(res->image), 1332 pixman_image_get_stride(res->image) * res->height); 1333 1334 if (!virtio_gpu_load_restore_mapping(g, res)) { 1335 pixman_image_unref(res->image); 1336 g_free(res); 1337 return -EINVAL; 1338 } 1339 1340 resource_id = qemu_get_be32(f); 1341 } 1342 1343 /* load & apply scanout state */ 1344 vmstate_load_state(f, &vmstate_virtio_gpu_scanouts, g, 1); 1345 1346 return 0; 1347 } 1348 1349 static int virtio_gpu_blob_save(QEMUFile *f, void *opaque, size_t size, 1350 const VMStateField *field, JSONWriter *vmdesc) 1351 { 1352 VirtIOGPU *g = opaque; 1353 struct virtio_gpu_simple_resource *res; 1354 int i; 1355 1356 /* in 2d mode we should never find unprocessed commands here */ 1357 assert(QTAILQ_EMPTY(&g->cmdq)); 1358 1359 QTAILQ_FOREACH(res, &g->reslist, next) { 1360 if (!res->blob_size) { 1361 continue; 1362 } 1363 assert(!res->image); 1364 qemu_put_be32(f, res->resource_id); 1365 qemu_put_be32(f, res->blob_size); 1366 qemu_put_be32(f, res->iov_cnt); 1367 for (i = 0; i < res->iov_cnt; i++) { 1368 qemu_put_be64(f, res->addrs[i]); 1369 qemu_put_be32(f, res->iov[i].iov_len); 1370 } 1371 } 1372 qemu_put_be32(f, 0); /* end of list */ 1373 1374 return 0; 1375 } 1376 1377 static int virtio_gpu_blob_load(QEMUFile *f, void *opaque, size_t size, 1378 const VMStateField *field) 1379 { 1380 VirtIOGPU *g = opaque; 1381 struct virtio_gpu_simple_resource *res; 1382 uint32_t resource_id; 1383 int i; 1384 1385 resource_id = qemu_get_be32(f); 1386 while (resource_id != 0) { 1387 res = virtio_gpu_find_resource(g, resource_id); 1388 if (res) { 1389 return -EINVAL; 1390 } 1391 1392 res = g_new0(struct virtio_gpu_simple_resource, 1); 1393 res->resource_id = resource_id; 1394 res->blob_size = qemu_get_be32(f); 1395 res->iov_cnt = qemu_get_be32(f); 1396 res->addrs = g_new(uint64_t, res->iov_cnt); 1397 res->iov = g_new(struct iovec, res->iov_cnt); 1398 1399 /* read data */ 1400 for (i = 0; i < res->iov_cnt; i++) { 1401 res->addrs[i] = qemu_get_be64(f); 1402 res->iov[i].iov_len = qemu_get_be32(f); 1403 } 1404 1405 if (!virtio_gpu_load_restore_mapping(g, res)) { 1406 g_free(res); 1407 return -EINVAL; 1408 } 1409 1410 virtio_gpu_init_udmabuf(res); 1411 1412 resource_id = qemu_get_be32(f); 1413 } 1414 1415 return 0; 1416 } 1417 1418 static int virtio_gpu_post_load(void *opaque, int version_id) 1419 { 1420 VirtIOGPU *g = opaque; 1421 struct virtio_gpu_scanout *scanout; 1422 struct virtio_gpu_simple_resource *res; 1423 int i; 1424 1425 for (i = 0; i < g->parent_obj.conf.max_outputs; i++) { 1426 scanout = &g->parent_obj.scanout[i]; 1427 if (!scanout->resource_id) { 1428 continue; 1429 } 1430 1431 res = virtio_gpu_find_resource(g, scanout->resource_id); 1432 if (!res) { 1433 return -EINVAL; 1434 } 1435 1436 if (scanout->fb.format != 0) { 1437 uint32_t error = 0; 1438 struct virtio_gpu_rect r = { 1439 .x = scanout->x, 1440 .y = scanout->y, 1441 .width = scanout->width, 1442 .height = scanout->height 1443 }; 1444 1445 if (!virtio_gpu_do_set_scanout(g, i, &scanout->fb, res, &r, &error)) { 1446 return -EINVAL; 1447 } 1448 } else { 1449 /* legacy v1 migration support */ 1450 if (!res->image) { 1451 return -EINVAL; 1452 } 1453 scanout->ds = qemu_create_displaysurface_pixman(res->image); 1454 #ifdef WIN32 1455 qemu_displaysurface_win32_set_handle(scanout->ds, res->handle, 0); 1456 #endif 1457 dpy_gfx_replace_surface(scanout->con, scanout->ds); 1458 } 1459 1460 dpy_gfx_update_full(scanout->con); 1461 if (scanout->cursor.resource_id) { 1462 update_cursor(g, &scanout->cursor); 1463 } 1464 res->scanout_bitmask |= (1 << i); 1465 } 1466 1467 return 0; 1468 } 1469 1470 void virtio_gpu_device_realize(DeviceState *qdev, Error **errp) 1471 { 1472 VirtIODevice *vdev = VIRTIO_DEVICE(qdev); 1473 VirtIOGPU *g = VIRTIO_GPU(qdev); 1474 1475 if (virtio_gpu_blob_enabled(g->parent_obj.conf)) { 1476 if (!virtio_gpu_rutabaga_enabled(g->parent_obj.conf) && 1477 !virtio_gpu_have_udmabuf()) { 1478 error_setg(errp, "need rutabaga or udmabuf for blob resources"); 1479 return; 1480 } 1481 1482 if (virtio_gpu_virgl_enabled(g->parent_obj.conf)) { 1483 error_setg(errp, "blobs and virgl are not compatible (yet)"); 1484 return; 1485 } 1486 } 1487 1488 if (!virtio_gpu_base_device_realize(qdev, 1489 virtio_gpu_handle_ctrl_cb, 1490 virtio_gpu_handle_cursor_cb, 1491 errp)) { 1492 return; 1493 } 1494 1495 g->ctrl_vq = virtio_get_queue(vdev, 0); 1496 g->cursor_vq = virtio_get_queue(vdev, 1); 1497 g->ctrl_bh = virtio_bh_new_guarded(qdev, virtio_gpu_ctrl_bh, g); 1498 g->cursor_bh = virtio_bh_new_guarded(qdev, virtio_gpu_cursor_bh, g); 1499 g->reset_bh = qemu_bh_new(virtio_gpu_reset_bh, g); 1500 qemu_cond_init(&g->reset_cond); 1501 QTAILQ_INIT(&g->reslist); 1502 QTAILQ_INIT(&g->cmdq); 1503 QTAILQ_INIT(&g->fenceq); 1504 } 1505 1506 static void virtio_gpu_device_unrealize(DeviceState *qdev) 1507 { 1508 VirtIOGPU *g = VIRTIO_GPU(qdev); 1509 1510 g_clear_pointer(&g->ctrl_bh, qemu_bh_delete); 1511 g_clear_pointer(&g->cursor_bh, qemu_bh_delete); 1512 g_clear_pointer(&g->reset_bh, qemu_bh_delete); 1513 qemu_cond_destroy(&g->reset_cond); 1514 virtio_gpu_base_device_unrealize(qdev); 1515 } 1516 1517 static void virtio_gpu_reset_bh(void *opaque) 1518 { 1519 VirtIOGPU *g = VIRTIO_GPU(opaque); 1520 VirtIOGPUClass *vgc = VIRTIO_GPU_GET_CLASS(g); 1521 struct virtio_gpu_simple_resource *res, *tmp; 1522 uint32_t resource_id; 1523 Error *local_err = NULL; 1524 int i = 0; 1525 1526 QTAILQ_FOREACH_SAFE(res, &g->reslist, next, tmp) { 1527 resource_id = res->resource_id; 1528 vgc->resource_destroy(g, res, &local_err); 1529 if (local_err) { 1530 error_append_hint(&local_err, "%s: %s resource_destroy" 1531 "for resource_id = %"PRIu32" failed.\n", 1532 __func__, object_get_typename(OBJECT(g)), 1533 resource_id); 1534 /* error_report_err frees the error object for us */ 1535 error_report_err(local_err); 1536 local_err = NULL; 1537 } 1538 } 1539 1540 for (i = 0; i < g->parent_obj.conf.max_outputs; i++) { 1541 dpy_gfx_replace_surface(g->parent_obj.scanout[i].con, NULL); 1542 } 1543 1544 g->reset_finished = true; 1545 qemu_cond_signal(&g->reset_cond); 1546 } 1547 1548 void virtio_gpu_reset(VirtIODevice *vdev) 1549 { 1550 VirtIOGPU *g = VIRTIO_GPU(vdev); 1551 struct virtio_gpu_ctrl_command *cmd; 1552 1553 if (qemu_in_vcpu_thread()) { 1554 g->reset_finished = false; 1555 qemu_bh_schedule(g->reset_bh); 1556 while (!g->reset_finished) { 1557 qemu_cond_wait_bql(&g->reset_cond); 1558 } 1559 } else { 1560 aio_bh_call(g->reset_bh); 1561 } 1562 1563 while (!QTAILQ_EMPTY(&g->cmdq)) { 1564 cmd = QTAILQ_FIRST(&g->cmdq); 1565 QTAILQ_REMOVE(&g->cmdq, cmd, next); 1566 g_free(cmd); 1567 } 1568 1569 while (!QTAILQ_EMPTY(&g->fenceq)) { 1570 cmd = QTAILQ_FIRST(&g->fenceq); 1571 QTAILQ_REMOVE(&g->fenceq, cmd, next); 1572 g->inflight--; 1573 g_free(cmd); 1574 } 1575 1576 virtio_gpu_base_reset(VIRTIO_GPU_BASE(vdev)); 1577 } 1578 1579 static void 1580 virtio_gpu_get_config(VirtIODevice *vdev, uint8_t *config) 1581 { 1582 VirtIOGPUBase *g = VIRTIO_GPU_BASE(vdev); 1583 1584 memcpy(config, &g->virtio_config, sizeof(g->virtio_config)); 1585 } 1586 1587 static void 1588 virtio_gpu_set_config(VirtIODevice *vdev, const uint8_t *config) 1589 { 1590 VirtIOGPUBase *g = VIRTIO_GPU_BASE(vdev); 1591 const struct virtio_gpu_config *vgconfig = 1592 (const struct virtio_gpu_config *)config; 1593 1594 if (vgconfig->events_clear) { 1595 g->virtio_config.events_read &= ~vgconfig->events_clear; 1596 } 1597 } 1598 1599 static bool virtio_gpu_blob_state_needed(void *opaque) 1600 { 1601 VirtIOGPU *g = VIRTIO_GPU(opaque); 1602 1603 return virtio_gpu_blob_enabled(g->parent_obj.conf); 1604 } 1605 1606 const VMStateDescription vmstate_virtio_gpu_blob_state = { 1607 .name = "virtio-gpu/blob", 1608 .minimum_version_id = VIRTIO_GPU_VM_VERSION, 1609 .version_id = VIRTIO_GPU_VM_VERSION, 1610 .needed = virtio_gpu_blob_state_needed, 1611 .fields = (const VMStateField[]){ 1612 { 1613 .name = "virtio-gpu/blob", 1614 .info = &(const VMStateInfo) { 1615 .name = "blob", 1616 .get = virtio_gpu_blob_load, 1617 .put = virtio_gpu_blob_save, 1618 }, 1619 .flags = VMS_SINGLE, 1620 } /* device */, 1621 VMSTATE_END_OF_LIST() 1622 }, 1623 }; 1624 1625 /* 1626 * For historical reasons virtio_gpu does not adhere to virtio migration 1627 * scheme as described in doc/virtio-migration.txt, in a sense that no 1628 * save/load callback are provided to the core. Instead the device data 1629 * is saved/loaded after the core data. 1630 * 1631 * Because of this we need a special vmsd. 1632 */ 1633 static const VMStateDescription vmstate_virtio_gpu = { 1634 .name = "virtio-gpu", 1635 .minimum_version_id = VIRTIO_GPU_VM_VERSION, 1636 .version_id = VIRTIO_GPU_VM_VERSION, 1637 .fields = (const VMStateField[]) { 1638 VMSTATE_VIRTIO_DEVICE /* core */, 1639 { 1640 .name = "virtio-gpu", 1641 .info = &(const VMStateInfo) { 1642 .name = "virtio-gpu", 1643 .get = virtio_gpu_load, 1644 .put = virtio_gpu_save, 1645 }, 1646 .flags = VMS_SINGLE, 1647 } /* device */, 1648 VMSTATE_END_OF_LIST() 1649 }, 1650 .subsections = (const VMStateDescription * const []) { 1651 &vmstate_virtio_gpu_blob_state, 1652 NULL 1653 }, 1654 .post_load = virtio_gpu_post_load, 1655 }; 1656 1657 static Property virtio_gpu_properties[] = { 1658 VIRTIO_GPU_BASE_PROPERTIES(VirtIOGPU, parent_obj.conf), 1659 DEFINE_PROP_SIZE("max_hostmem", VirtIOGPU, conf_max_hostmem, 1660 256 * MiB), 1661 DEFINE_PROP_BIT("blob", VirtIOGPU, parent_obj.conf.flags, 1662 VIRTIO_GPU_FLAG_BLOB_ENABLED, false), 1663 DEFINE_PROP_SIZE("hostmem", VirtIOGPU, parent_obj.conf.hostmem, 0), 1664 DEFINE_PROP_UINT8("x-scanout-vmstate-version", VirtIOGPU, scanout_vmstate_version, 2), 1665 DEFINE_PROP_END_OF_LIST(), 1666 }; 1667 1668 static void virtio_gpu_class_init(ObjectClass *klass, void *data) 1669 { 1670 DeviceClass *dc = DEVICE_CLASS(klass); 1671 VirtioDeviceClass *vdc = VIRTIO_DEVICE_CLASS(klass); 1672 VirtIOGPUClass *vgc = VIRTIO_GPU_CLASS(klass); 1673 VirtIOGPUBaseClass *vgbc = &vgc->parent; 1674 1675 vgc->handle_ctrl = virtio_gpu_handle_ctrl; 1676 vgc->process_cmd = virtio_gpu_simple_process_cmd; 1677 vgc->update_cursor_data = virtio_gpu_update_cursor_data; 1678 vgc->resource_destroy = virtio_gpu_resource_destroy; 1679 vgbc->gl_flushed = virtio_gpu_handle_gl_flushed; 1680 1681 vdc->realize = virtio_gpu_device_realize; 1682 vdc->unrealize = virtio_gpu_device_unrealize; 1683 vdc->reset = virtio_gpu_reset; 1684 vdc->get_config = virtio_gpu_get_config; 1685 vdc->set_config = virtio_gpu_set_config; 1686 1687 dc->vmsd = &vmstate_virtio_gpu; 1688 device_class_set_props(dc, virtio_gpu_properties); 1689 } 1690 1691 static const TypeInfo virtio_gpu_info = { 1692 .name = TYPE_VIRTIO_GPU, 1693 .parent = TYPE_VIRTIO_GPU_BASE, 1694 .instance_size = sizeof(VirtIOGPU), 1695 .class_size = sizeof(VirtIOGPUClass), 1696 .class_init = virtio_gpu_class_init, 1697 }; 1698 module_obj(TYPE_VIRTIO_GPU); 1699 module_kconfig(VIRTIO_GPU); 1700 1701 static void virtio_register_types(void) 1702 { 1703 type_register_static(&virtio_gpu_info); 1704 } 1705 1706 type_init(virtio_register_types) 1707