xref: /openbmc/qemu/hw/display/vmware_vga.c (revision 01c22f2c)
1 /*
2  * QEMU VMware-SVGA "chipset".
3  *
4  * Copyright (c) 2007 Andrzej Zaborowski  <balrog@zabor.org>
5  *
6  * Permission is hereby granted, free of charge, to any person obtaining a copy
7  * of this software and associated documentation files (the "Software"), to deal
8  * in the Software without restriction, including without limitation the rights
9  * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
10  * copies of the Software, and to permit persons to whom the Software is
11  * furnished to do so, subject to the following conditions:
12  *
13  * The above copyright notice and this permission notice shall be included in
14  * all copies or substantial portions of the Software.
15  *
16  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17  * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18  * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
19  * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20  * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
21  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
22  * THE SOFTWARE.
23  */
24 #include "hw/hw.h"
25 #include "hw/loader.h"
26 #include "trace.h"
27 #include "ui/console.h"
28 #include "hw/pci/pci.h"
29 
30 #undef VERBOSE
31 #define HW_RECT_ACCEL
32 #define HW_FILL_ACCEL
33 #define HW_MOUSE_ACCEL
34 
35 #include "vga_int.h"
36 
37 /* See http://vmware-svga.sf.net/ for some documentation on VMWare SVGA */
38 
39 struct vmsvga_state_s {
40     VGACommonState vga;
41 
42     int invalidated;
43     int enable;
44     int config;
45     struct {
46         int id;
47         int x;
48         int y;
49         int on;
50     } cursor;
51 
52     int index;
53     int scratch_size;
54     uint32_t *scratch;
55     int new_width;
56     int new_height;
57     int new_depth;
58     uint32_t guest;
59     uint32_t svgaid;
60     int syncing;
61 
62     MemoryRegion fifo_ram;
63     uint8_t *fifo_ptr;
64     unsigned int fifo_size;
65 
66     union {
67         uint32_t *fifo;
68         struct QEMU_PACKED {
69             uint32_t min;
70             uint32_t max;
71             uint32_t next_cmd;
72             uint32_t stop;
73             /* Add registers here when adding capabilities.  */
74             uint32_t fifo[0];
75         } *cmd;
76     };
77 
78 #define REDRAW_FIFO_LEN  512
79     struct vmsvga_rect_s {
80         int x, y, w, h;
81     } redraw_fifo[REDRAW_FIFO_LEN];
82     int redraw_fifo_first, redraw_fifo_last;
83 };
84 
85 #define TYPE_VMWARE_SVGA "vmware-svga"
86 
87 #define VMWARE_SVGA(obj) \
88     OBJECT_CHECK(struct pci_vmsvga_state_s, (obj), TYPE_VMWARE_SVGA)
89 
90 struct pci_vmsvga_state_s {
91     /*< private >*/
92     PCIDevice parent_obj;
93     /*< public >*/
94 
95     struct vmsvga_state_s chip;
96     MemoryRegion io_bar;
97 };
98 
99 #define SVGA_MAGIC              0x900000UL
100 #define SVGA_MAKE_ID(ver)       (SVGA_MAGIC << 8 | (ver))
101 #define SVGA_ID_0               SVGA_MAKE_ID(0)
102 #define SVGA_ID_1               SVGA_MAKE_ID(1)
103 #define SVGA_ID_2               SVGA_MAKE_ID(2)
104 
105 #define SVGA_LEGACY_BASE_PORT   0x4560
106 #define SVGA_INDEX_PORT         0x0
107 #define SVGA_VALUE_PORT         0x1
108 #define SVGA_BIOS_PORT          0x2
109 
110 #define SVGA_VERSION_2
111 
112 #ifdef SVGA_VERSION_2
113 # define SVGA_ID                SVGA_ID_2
114 # define SVGA_IO_BASE           SVGA_LEGACY_BASE_PORT
115 # define SVGA_IO_MUL            1
116 # define SVGA_FIFO_SIZE         0x10000
117 # define SVGA_PCI_DEVICE_ID     PCI_DEVICE_ID_VMWARE_SVGA2
118 #else
119 # define SVGA_ID                SVGA_ID_1
120 # define SVGA_IO_BASE           SVGA_LEGACY_BASE_PORT
121 # define SVGA_IO_MUL            4
122 # define SVGA_FIFO_SIZE         0x10000
123 # define SVGA_PCI_DEVICE_ID     PCI_DEVICE_ID_VMWARE_SVGA
124 #endif
125 
126 enum {
127     /* ID 0, 1 and 2 registers */
128     SVGA_REG_ID = 0,
129     SVGA_REG_ENABLE = 1,
130     SVGA_REG_WIDTH = 2,
131     SVGA_REG_HEIGHT = 3,
132     SVGA_REG_MAX_WIDTH = 4,
133     SVGA_REG_MAX_HEIGHT = 5,
134     SVGA_REG_DEPTH = 6,
135     SVGA_REG_BITS_PER_PIXEL = 7,        /* Current bpp in the guest */
136     SVGA_REG_PSEUDOCOLOR = 8,
137     SVGA_REG_RED_MASK = 9,
138     SVGA_REG_GREEN_MASK = 10,
139     SVGA_REG_BLUE_MASK = 11,
140     SVGA_REG_BYTES_PER_LINE = 12,
141     SVGA_REG_FB_START = 13,
142     SVGA_REG_FB_OFFSET = 14,
143     SVGA_REG_VRAM_SIZE = 15,
144     SVGA_REG_FB_SIZE = 16,
145 
146     /* ID 1 and 2 registers */
147     SVGA_REG_CAPABILITIES = 17,
148     SVGA_REG_MEM_START = 18,            /* Memory for command FIFO */
149     SVGA_REG_MEM_SIZE = 19,
150     SVGA_REG_CONFIG_DONE = 20,          /* Set when memory area configured */
151     SVGA_REG_SYNC = 21,                 /* Write to force synchronization */
152     SVGA_REG_BUSY = 22,                 /* Read to check if sync is done */
153     SVGA_REG_GUEST_ID = 23,             /* Set guest OS identifier */
154     SVGA_REG_CURSOR_ID = 24,            /* ID of cursor */
155     SVGA_REG_CURSOR_X = 25,             /* Set cursor X position */
156     SVGA_REG_CURSOR_Y = 26,             /* Set cursor Y position */
157     SVGA_REG_CURSOR_ON = 27,            /* Turn cursor on/off */
158     SVGA_REG_HOST_BITS_PER_PIXEL = 28,  /* Current bpp in the host */
159     SVGA_REG_SCRATCH_SIZE = 29,         /* Number of scratch registers */
160     SVGA_REG_MEM_REGS = 30,             /* Number of FIFO registers */
161     SVGA_REG_NUM_DISPLAYS = 31,         /* Number of guest displays */
162     SVGA_REG_PITCHLOCK = 32,            /* Fixed pitch for all modes */
163 
164     SVGA_PALETTE_BASE = 1024,           /* Base of SVGA color map */
165     SVGA_PALETTE_END  = SVGA_PALETTE_BASE + 767,
166     SVGA_SCRATCH_BASE = SVGA_PALETTE_BASE + 768,
167 };
168 
169 #define SVGA_CAP_NONE                   0
170 #define SVGA_CAP_RECT_FILL              (1 << 0)
171 #define SVGA_CAP_RECT_COPY              (1 << 1)
172 #define SVGA_CAP_RECT_PAT_FILL          (1 << 2)
173 #define SVGA_CAP_LEGACY_OFFSCREEN       (1 << 3)
174 #define SVGA_CAP_RASTER_OP              (1 << 4)
175 #define SVGA_CAP_CURSOR                 (1 << 5)
176 #define SVGA_CAP_CURSOR_BYPASS          (1 << 6)
177 #define SVGA_CAP_CURSOR_BYPASS_2        (1 << 7)
178 #define SVGA_CAP_8BIT_EMULATION         (1 << 8)
179 #define SVGA_CAP_ALPHA_CURSOR           (1 << 9)
180 #define SVGA_CAP_GLYPH                  (1 << 10)
181 #define SVGA_CAP_GLYPH_CLIPPING         (1 << 11)
182 #define SVGA_CAP_OFFSCREEN_1            (1 << 12)
183 #define SVGA_CAP_ALPHA_BLEND            (1 << 13)
184 #define SVGA_CAP_3D                     (1 << 14)
185 #define SVGA_CAP_EXTENDED_FIFO          (1 << 15)
186 #define SVGA_CAP_MULTIMON               (1 << 16)
187 #define SVGA_CAP_PITCHLOCK              (1 << 17)
188 
189 /*
190  * FIFO offsets (seen as an array of 32-bit words)
191  */
192 enum {
193     /*
194      * The original defined FIFO offsets
195      */
196     SVGA_FIFO_MIN = 0,
197     SVGA_FIFO_MAX,      /* The distance from MIN to MAX must be at least 10K */
198     SVGA_FIFO_NEXT_CMD,
199     SVGA_FIFO_STOP,
200 
201     /*
202      * Additional offsets added as of SVGA_CAP_EXTENDED_FIFO
203      */
204     SVGA_FIFO_CAPABILITIES = 4,
205     SVGA_FIFO_FLAGS,
206     SVGA_FIFO_FENCE,
207     SVGA_FIFO_3D_HWVERSION,
208     SVGA_FIFO_PITCHLOCK,
209 };
210 
211 #define SVGA_FIFO_CAP_NONE              0
212 #define SVGA_FIFO_CAP_FENCE             (1 << 0)
213 #define SVGA_FIFO_CAP_ACCELFRONT        (1 << 1)
214 #define SVGA_FIFO_CAP_PITCHLOCK         (1 << 2)
215 
216 #define SVGA_FIFO_FLAG_NONE             0
217 #define SVGA_FIFO_FLAG_ACCELFRONT       (1 << 0)
218 
219 /* These values can probably be changed arbitrarily.  */
220 #define SVGA_SCRATCH_SIZE               0x8000
221 #define SVGA_MAX_WIDTH                  2360
222 #define SVGA_MAX_HEIGHT                 1770
223 
224 #ifdef VERBOSE
225 # define GUEST_OS_BASE          0x5001
226 static const char *vmsvga_guest_id[] = {
227     [0x00] = "Dos",
228     [0x01] = "Windows 3.1",
229     [0x02] = "Windows 95",
230     [0x03] = "Windows 98",
231     [0x04] = "Windows ME",
232     [0x05] = "Windows NT",
233     [0x06] = "Windows 2000",
234     [0x07] = "Linux",
235     [0x08] = "OS/2",
236     [0x09] = "an unknown OS",
237     [0x0a] = "BSD",
238     [0x0b] = "Whistler",
239     [0x0c] = "an unknown OS",
240     [0x0d] = "an unknown OS",
241     [0x0e] = "an unknown OS",
242     [0x0f] = "an unknown OS",
243     [0x10] = "an unknown OS",
244     [0x11] = "an unknown OS",
245     [0x12] = "an unknown OS",
246     [0x13] = "an unknown OS",
247     [0x14] = "an unknown OS",
248     [0x15] = "Windows 2003",
249 };
250 #endif
251 
252 enum {
253     SVGA_CMD_INVALID_CMD = 0,
254     SVGA_CMD_UPDATE = 1,
255     SVGA_CMD_RECT_FILL = 2,
256     SVGA_CMD_RECT_COPY = 3,
257     SVGA_CMD_DEFINE_BITMAP = 4,
258     SVGA_CMD_DEFINE_BITMAP_SCANLINE = 5,
259     SVGA_CMD_DEFINE_PIXMAP = 6,
260     SVGA_CMD_DEFINE_PIXMAP_SCANLINE = 7,
261     SVGA_CMD_RECT_BITMAP_FILL = 8,
262     SVGA_CMD_RECT_PIXMAP_FILL = 9,
263     SVGA_CMD_RECT_BITMAP_COPY = 10,
264     SVGA_CMD_RECT_PIXMAP_COPY = 11,
265     SVGA_CMD_FREE_OBJECT = 12,
266     SVGA_CMD_RECT_ROP_FILL = 13,
267     SVGA_CMD_RECT_ROP_COPY = 14,
268     SVGA_CMD_RECT_ROP_BITMAP_FILL = 15,
269     SVGA_CMD_RECT_ROP_PIXMAP_FILL = 16,
270     SVGA_CMD_RECT_ROP_BITMAP_COPY = 17,
271     SVGA_CMD_RECT_ROP_PIXMAP_COPY = 18,
272     SVGA_CMD_DEFINE_CURSOR = 19,
273     SVGA_CMD_DISPLAY_CURSOR = 20,
274     SVGA_CMD_MOVE_CURSOR = 21,
275     SVGA_CMD_DEFINE_ALPHA_CURSOR = 22,
276     SVGA_CMD_DRAW_GLYPH = 23,
277     SVGA_CMD_DRAW_GLYPH_CLIPPED = 24,
278     SVGA_CMD_UPDATE_VERBOSE = 25,
279     SVGA_CMD_SURFACE_FILL = 26,
280     SVGA_CMD_SURFACE_COPY = 27,
281     SVGA_CMD_SURFACE_ALPHA_BLEND = 28,
282     SVGA_CMD_FRONT_ROP_FILL = 29,
283     SVGA_CMD_FENCE = 30,
284 };
285 
286 /* Legal values for the SVGA_REG_CURSOR_ON register in cursor bypass mode */
287 enum {
288     SVGA_CURSOR_ON_HIDE = 0,
289     SVGA_CURSOR_ON_SHOW = 1,
290     SVGA_CURSOR_ON_REMOVE_FROM_FB = 2,
291     SVGA_CURSOR_ON_RESTORE_TO_FB = 3,
292 };
293 
294 static inline void vmsvga_update_rect(struct vmsvga_state_s *s,
295                 int x, int y, int w, int h)
296 {
297     DisplaySurface *surface = qemu_console_surface(s->vga.con);
298     int line;
299     int bypl;
300     int width;
301     int start;
302     uint8_t *src;
303     uint8_t *dst;
304 
305     if (x < 0) {
306         fprintf(stderr, "%s: update x was < 0 (%d)\n", __func__, x);
307         w += x;
308         x = 0;
309     }
310     if (w < 0) {
311         fprintf(stderr, "%s: update w was < 0 (%d)\n", __func__, w);
312         w = 0;
313     }
314     if (x + w > surface_width(surface)) {
315         fprintf(stderr, "%s: update width too large x: %d, w: %d\n",
316                 __func__, x, w);
317         x = MIN(x, surface_width(surface));
318         w = surface_width(surface) - x;
319     }
320 
321     if (y < 0) {
322         fprintf(stderr, "%s: update y was < 0 (%d)\n",  __func__, y);
323         h += y;
324         y = 0;
325     }
326     if (h < 0) {
327         fprintf(stderr, "%s: update h was < 0 (%d)\n",  __func__, h);
328         h = 0;
329     }
330     if (y + h > surface_height(surface)) {
331         fprintf(stderr, "%s: update height too large y: %d, h: %d\n",
332                 __func__, y, h);
333         y = MIN(y, surface_height(surface));
334         h = surface_height(surface) - y;
335     }
336 
337     bypl = surface_stride(surface);
338     width = surface_bytes_per_pixel(surface) * w;
339     start = surface_bytes_per_pixel(surface) * x + bypl * y;
340     src = s->vga.vram_ptr + start;
341     dst = surface_data(surface) + start;
342 
343     for (line = h; line > 0; line--, src += bypl, dst += bypl) {
344         memcpy(dst, src, width);
345     }
346     dpy_gfx_update(s->vga.con, x, y, w, h);
347 }
348 
349 static inline void vmsvga_update_rect_delayed(struct vmsvga_state_s *s,
350                 int x, int y, int w, int h)
351 {
352     struct vmsvga_rect_s *rect = &s->redraw_fifo[s->redraw_fifo_last++];
353 
354     s->redraw_fifo_last &= REDRAW_FIFO_LEN - 1;
355     rect->x = x;
356     rect->y = y;
357     rect->w = w;
358     rect->h = h;
359 }
360 
361 static inline void vmsvga_update_rect_flush(struct vmsvga_state_s *s)
362 {
363     struct vmsvga_rect_s *rect;
364 
365     if (s->invalidated) {
366         s->redraw_fifo_first = s->redraw_fifo_last;
367         return;
368     }
369     /* Overlapping region updates can be optimised out here - if someone
370      * knows a smart algorithm to do that, please share.  */
371     while (s->redraw_fifo_first != s->redraw_fifo_last) {
372         rect = &s->redraw_fifo[s->redraw_fifo_first++];
373         s->redraw_fifo_first &= REDRAW_FIFO_LEN - 1;
374         vmsvga_update_rect(s, rect->x, rect->y, rect->w, rect->h);
375     }
376 }
377 
378 #ifdef HW_RECT_ACCEL
379 static inline void vmsvga_copy_rect(struct vmsvga_state_s *s,
380                 int x0, int y0, int x1, int y1, int w, int h)
381 {
382     DisplaySurface *surface = qemu_console_surface(s->vga.con);
383     uint8_t *vram = s->vga.vram_ptr;
384     int bypl = surface_stride(surface);
385     int bypp = surface_bytes_per_pixel(surface);
386     int width = bypp * w;
387     int line = h;
388     uint8_t *ptr[2];
389 
390     if (y1 > y0) {
391         ptr[0] = vram + bypp * x0 + bypl * (y0 + h - 1);
392         ptr[1] = vram + bypp * x1 + bypl * (y1 + h - 1);
393         for (; line > 0; line --, ptr[0] -= bypl, ptr[1] -= bypl) {
394             memmove(ptr[1], ptr[0], width);
395         }
396     } else {
397         ptr[0] = vram + bypp * x0 + bypl * y0;
398         ptr[1] = vram + bypp * x1 + bypl * y1;
399         for (; line > 0; line --, ptr[0] += bypl, ptr[1] += bypl) {
400             memmove(ptr[1], ptr[0], width);
401         }
402     }
403 
404     vmsvga_update_rect_delayed(s, x1, y1, w, h);
405 }
406 #endif
407 
408 #ifdef HW_FILL_ACCEL
409 static inline void vmsvga_fill_rect(struct vmsvga_state_s *s,
410                 uint32_t c, int x, int y, int w, int h)
411 {
412     DisplaySurface *surface = qemu_console_surface(s->vga.con);
413     int bypl = surface_stride(surface);
414     int width = surface_bytes_per_pixel(surface) * w;
415     int line = h;
416     int column;
417     uint8_t *fst;
418     uint8_t *dst;
419     uint8_t *src;
420     uint8_t col[4];
421 
422     col[0] = c;
423     col[1] = c >> 8;
424     col[2] = c >> 16;
425     col[3] = c >> 24;
426 
427     fst = s->vga.vram_ptr + surface_bytes_per_pixel(surface) * x + bypl * y;
428 
429     if (line--) {
430         dst = fst;
431         src = col;
432         for (column = width; column > 0; column--) {
433             *(dst++) = *(src++);
434             if (src - col == surface_bytes_per_pixel(surface)) {
435                 src = col;
436             }
437         }
438         dst = fst;
439         for (; line > 0; line--) {
440             dst += bypl;
441             memcpy(dst, fst, width);
442         }
443     }
444 
445     vmsvga_update_rect_delayed(s, x, y, w, h);
446 }
447 #endif
448 
449 struct vmsvga_cursor_definition_s {
450     int width;
451     int height;
452     int id;
453     int bpp;
454     int hot_x;
455     int hot_y;
456     uint32_t mask[1024];
457     uint32_t image[4096];
458 };
459 
460 #define SVGA_BITMAP_SIZE(w, h)          ((((w) + 31) >> 5) * (h))
461 #define SVGA_PIXMAP_SIZE(w, h, bpp)     (((((w) * (bpp)) + 31) >> 5) * (h))
462 
463 #ifdef HW_MOUSE_ACCEL
464 static inline void vmsvga_cursor_define(struct vmsvga_state_s *s,
465                 struct vmsvga_cursor_definition_s *c)
466 {
467     QEMUCursor *qc;
468     int i, pixels;
469 
470     qc = cursor_alloc(c->width, c->height);
471     qc->hot_x = c->hot_x;
472     qc->hot_y = c->hot_y;
473     switch (c->bpp) {
474     case 1:
475         cursor_set_mono(qc, 0xffffff, 0x000000, (void *)c->image,
476                         1, (void *)c->mask);
477 #ifdef DEBUG
478         cursor_print_ascii_art(qc, "vmware/mono");
479 #endif
480         break;
481     case 32:
482         /* fill alpha channel from mask, set color to zero */
483         cursor_set_mono(qc, 0x000000, 0x000000, (void *)c->mask,
484                         1, (void *)c->mask);
485         /* add in rgb values */
486         pixels = c->width * c->height;
487         for (i = 0; i < pixels; i++) {
488             qc->data[i] |= c->image[i] & 0xffffff;
489         }
490 #ifdef DEBUG
491         cursor_print_ascii_art(qc, "vmware/32bit");
492 #endif
493         break;
494     default:
495         fprintf(stderr, "%s: unhandled bpp %d, using fallback cursor\n",
496                 __func__, c->bpp);
497         cursor_put(qc);
498         qc = cursor_builtin_left_ptr();
499     }
500 
501     dpy_cursor_define(s->vga.con, qc);
502     cursor_put(qc);
503 }
504 #endif
505 
506 #define CMD(f)  le32_to_cpu(s->cmd->f)
507 
508 static inline int vmsvga_fifo_length(struct vmsvga_state_s *s)
509 {
510     int num;
511 
512     if (!s->config || !s->enable) {
513         return 0;
514     }
515     num = CMD(next_cmd) - CMD(stop);
516     if (num < 0) {
517         num += CMD(max) - CMD(min);
518     }
519     return num >> 2;
520 }
521 
522 static inline uint32_t vmsvga_fifo_read_raw(struct vmsvga_state_s *s)
523 {
524     uint32_t cmd = s->fifo[CMD(stop) >> 2];
525 
526     s->cmd->stop = cpu_to_le32(CMD(stop) + 4);
527     if (CMD(stop) >= CMD(max)) {
528         s->cmd->stop = s->cmd->min;
529     }
530     return cmd;
531 }
532 
533 static inline uint32_t vmsvga_fifo_read(struct vmsvga_state_s *s)
534 {
535     return le32_to_cpu(vmsvga_fifo_read_raw(s));
536 }
537 
538 static void vmsvga_fifo_run(struct vmsvga_state_s *s)
539 {
540     uint32_t cmd, colour;
541     int args, len;
542     int x, y, dx, dy, width, height;
543     struct vmsvga_cursor_definition_s cursor;
544     uint32_t cmd_start;
545 
546     len = vmsvga_fifo_length(s);
547     while (len > 0) {
548         /* May need to go back to the start of the command if incomplete */
549         cmd_start = s->cmd->stop;
550 
551         switch (cmd = vmsvga_fifo_read(s)) {
552         case SVGA_CMD_UPDATE:
553         case SVGA_CMD_UPDATE_VERBOSE:
554             len -= 5;
555             if (len < 0) {
556                 goto rewind;
557             }
558 
559             x = vmsvga_fifo_read(s);
560             y = vmsvga_fifo_read(s);
561             width = vmsvga_fifo_read(s);
562             height = vmsvga_fifo_read(s);
563             vmsvga_update_rect_delayed(s, x, y, width, height);
564             break;
565 
566         case SVGA_CMD_RECT_FILL:
567             len -= 6;
568             if (len < 0) {
569                 goto rewind;
570             }
571 
572             colour = vmsvga_fifo_read(s);
573             x = vmsvga_fifo_read(s);
574             y = vmsvga_fifo_read(s);
575             width = vmsvga_fifo_read(s);
576             height = vmsvga_fifo_read(s);
577 #ifdef HW_FILL_ACCEL
578             vmsvga_fill_rect(s, colour, x, y, width, height);
579             break;
580 #else
581             args = 0;
582             goto badcmd;
583 #endif
584 
585         case SVGA_CMD_RECT_COPY:
586             len -= 7;
587             if (len < 0) {
588                 goto rewind;
589             }
590 
591             x = vmsvga_fifo_read(s);
592             y = vmsvga_fifo_read(s);
593             dx = vmsvga_fifo_read(s);
594             dy = vmsvga_fifo_read(s);
595             width = vmsvga_fifo_read(s);
596             height = vmsvga_fifo_read(s);
597 #ifdef HW_RECT_ACCEL
598             vmsvga_copy_rect(s, x, y, dx, dy, width, height);
599             break;
600 #else
601             args = 0;
602             goto badcmd;
603 #endif
604 
605         case SVGA_CMD_DEFINE_CURSOR:
606             len -= 8;
607             if (len < 0) {
608                 goto rewind;
609             }
610 
611             cursor.id = vmsvga_fifo_read(s);
612             cursor.hot_x = vmsvga_fifo_read(s);
613             cursor.hot_y = vmsvga_fifo_read(s);
614             cursor.width = x = vmsvga_fifo_read(s);
615             cursor.height = y = vmsvga_fifo_read(s);
616             vmsvga_fifo_read(s);
617             cursor.bpp = vmsvga_fifo_read(s);
618 
619             args = SVGA_BITMAP_SIZE(x, y) + SVGA_PIXMAP_SIZE(x, y, cursor.bpp);
620             if (SVGA_BITMAP_SIZE(x, y) > sizeof cursor.mask ||
621                 SVGA_PIXMAP_SIZE(x, y, cursor.bpp) > sizeof cursor.image) {
622                     goto badcmd;
623             }
624 
625             len -= args;
626             if (len < 0) {
627                 goto rewind;
628             }
629 
630             for (args = 0; args < SVGA_BITMAP_SIZE(x, y); args++) {
631                 cursor.mask[args] = vmsvga_fifo_read_raw(s);
632             }
633             for (args = 0; args < SVGA_PIXMAP_SIZE(x, y, cursor.bpp); args++) {
634                 cursor.image[args] = vmsvga_fifo_read_raw(s);
635             }
636 #ifdef HW_MOUSE_ACCEL
637             vmsvga_cursor_define(s, &cursor);
638             break;
639 #else
640             args = 0;
641             goto badcmd;
642 #endif
643 
644         /*
645          * Other commands that we at least know the number of arguments
646          * for so we can avoid FIFO desync if driver uses them illegally.
647          */
648         case SVGA_CMD_DEFINE_ALPHA_CURSOR:
649             len -= 6;
650             if (len < 0) {
651                 goto rewind;
652             }
653             vmsvga_fifo_read(s);
654             vmsvga_fifo_read(s);
655             vmsvga_fifo_read(s);
656             x = vmsvga_fifo_read(s);
657             y = vmsvga_fifo_read(s);
658             args = x * y;
659             goto badcmd;
660         case SVGA_CMD_RECT_ROP_FILL:
661             args = 6;
662             goto badcmd;
663         case SVGA_CMD_RECT_ROP_COPY:
664             args = 7;
665             goto badcmd;
666         case SVGA_CMD_DRAW_GLYPH_CLIPPED:
667             len -= 4;
668             if (len < 0) {
669                 goto rewind;
670             }
671             vmsvga_fifo_read(s);
672             vmsvga_fifo_read(s);
673             args = 7 + (vmsvga_fifo_read(s) >> 2);
674             goto badcmd;
675         case SVGA_CMD_SURFACE_ALPHA_BLEND:
676             args = 12;
677             goto badcmd;
678 
679         /*
680          * Other commands that are not listed as depending on any
681          * CAPABILITIES bits, but are not described in the README either.
682          */
683         case SVGA_CMD_SURFACE_FILL:
684         case SVGA_CMD_SURFACE_COPY:
685         case SVGA_CMD_FRONT_ROP_FILL:
686         case SVGA_CMD_FENCE:
687         case SVGA_CMD_INVALID_CMD:
688             break; /* Nop */
689 
690         default:
691             args = 0;
692         badcmd:
693             len -= args;
694             if (len < 0) {
695                 goto rewind;
696             }
697             while (args--) {
698                 vmsvga_fifo_read(s);
699             }
700             printf("%s: Unknown command 0x%02x in SVGA command FIFO\n",
701                    __func__, cmd);
702             break;
703 
704         rewind:
705             s->cmd->stop = cmd_start;
706             break;
707         }
708     }
709 
710     s->syncing = 0;
711 }
712 
713 static uint32_t vmsvga_index_read(void *opaque, uint32_t address)
714 {
715     struct vmsvga_state_s *s = opaque;
716 
717     return s->index;
718 }
719 
720 static void vmsvga_index_write(void *opaque, uint32_t address, uint32_t index)
721 {
722     struct vmsvga_state_s *s = opaque;
723 
724     s->index = index;
725 }
726 
727 static uint32_t vmsvga_value_read(void *opaque, uint32_t address)
728 {
729     uint32_t caps;
730     struct vmsvga_state_s *s = opaque;
731     DisplaySurface *surface = qemu_console_surface(s->vga.con);
732     PixelFormat pf;
733     uint32_t ret;
734 
735     switch (s->index) {
736     case SVGA_REG_ID:
737         ret = s->svgaid;
738         break;
739 
740     case SVGA_REG_ENABLE:
741         ret = s->enable;
742         break;
743 
744     case SVGA_REG_WIDTH:
745         ret = s->new_width ? s->new_width : surface_width(surface);
746         break;
747 
748     case SVGA_REG_HEIGHT:
749         ret = s->new_height ? s->new_height : surface_height(surface);
750         break;
751 
752     case SVGA_REG_MAX_WIDTH:
753         ret = SVGA_MAX_WIDTH;
754         break;
755 
756     case SVGA_REG_MAX_HEIGHT:
757         ret = SVGA_MAX_HEIGHT;
758         break;
759 
760     case SVGA_REG_DEPTH:
761         ret = (s->new_depth == 32) ? 24 : s->new_depth;
762         break;
763 
764     case SVGA_REG_BITS_PER_PIXEL:
765     case SVGA_REG_HOST_BITS_PER_PIXEL:
766         ret = s->new_depth;
767         break;
768 
769     case SVGA_REG_PSEUDOCOLOR:
770         ret = 0x0;
771         break;
772 
773     case SVGA_REG_RED_MASK:
774         pf = qemu_default_pixelformat(s->new_depth);
775         ret = pf.rmask;
776         break;
777 
778     case SVGA_REG_GREEN_MASK:
779         pf = qemu_default_pixelformat(s->new_depth);
780         ret = pf.gmask;
781         break;
782 
783     case SVGA_REG_BLUE_MASK:
784         pf = qemu_default_pixelformat(s->new_depth);
785         ret = pf.bmask;
786         break;
787 
788     case SVGA_REG_BYTES_PER_LINE:
789         if (s->new_width) {
790             ret = (s->new_depth * s->new_width) / 8;
791         } else {
792             ret = surface_stride(surface);
793         }
794         break;
795 
796     case SVGA_REG_FB_START: {
797         struct pci_vmsvga_state_s *pci_vmsvga
798             = container_of(s, struct pci_vmsvga_state_s, chip);
799         ret = pci_get_bar_addr(PCI_DEVICE(pci_vmsvga), 1);
800         break;
801     }
802 
803     case SVGA_REG_FB_OFFSET:
804         ret = 0x0;
805         break;
806 
807     case SVGA_REG_VRAM_SIZE:
808         ret = s->vga.vram_size; /* No physical VRAM besides the framebuffer */
809         break;
810 
811     case SVGA_REG_FB_SIZE:
812         ret = s->vga.vram_size;
813         break;
814 
815     case SVGA_REG_CAPABILITIES:
816         caps = SVGA_CAP_NONE;
817 #ifdef HW_RECT_ACCEL
818         caps |= SVGA_CAP_RECT_COPY;
819 #endif
820 #ifdef HW_FILL_ACCEL
821         caps |= SVGA_CAP_RECT_FILL;
822 #endif
823 #ifdef HW_MOUSE_ACCEL
824         if (dpy_cursor_define_supported(s->vga.con)) {
825             caps |= SVGA_CAP_CURSOR | SVGA_CAP_CURSOR_BYPASS_2 |
826                     SVGA_CAP_CURSOR_BYPASS;
827         }
828 #endif
829         ret = caps;
830         break;
831 
832     case SVGA_REG_MEM_START: {
833         struct pci_vmsvga_state_s *pci_vmsvga
834             = container_of(s, struct pci_vmsvga_state_s, chip);
835         ret = pci_get_bar_addr(PCI_DEVICE(pci_vmsvga), 2);
836         break;
837     }
838 
839     case SVGA_REG_MEM_SIZE:
840         ret = s->fifo_size;
841         break;
842 
843     case SVGA_REG_CONFIG_DONE:
844         ret = s->config;
845         break;
846 
847     case SVGA_REG_SYNC:
848     case SVGA_REG_BUSY:
849         ret = s->syncing;
850         break;
851 
852     case SVGA_REG_GUEST_ID:
853         ret = s->guest;
854         break;
855 
856     case SVGA_REG_CURSOR_ID:
857         ret = s->cursor.id;
858         break;
859 
860     case SVGA_REG_CURSOR_X:
861         ret = s->cursor.x;
862         break;
863 
864     case SVGA_REG_CURSOR_Y:
865         ret = s->cursor.x;
866         break;
867 
868     case SVGA_REG_CURSOR_ON:
869         ret = s->cursor.on;
870         break;
871 
872     case SVGA_REG_SCRATCH_SIZE:
873         ret = s->scratch_size;
874         break;
875 
876     case SVGA_REG_MEM_REGS:
877     case SVGA_REG_NUM_DISPLAYS:
878     case SVGA_REG_PITCHLOCK:
879     case SVGA_PALETTE_BASE ... SVGA_PALETTE_END:
880         ret = 0;
881         break;
882 
883     default:
884         if (s->index >= SVGA_SCRATCH_BASE &&
885             s->index < SVGA_SCRATCH_BASE + s->scratch_size) {
886             ret = s->scratch[s->index - SVGA_SCRATCH_BASE];
887             break;
888         }
889         printf("%s: Bad register %02x\n", __func__, s->index);
890         ret = 0;
891         break;
892     }
893 
894     if (s->index >= SVGA_SCRATCH_BASE) {
895         trace_vmware_scratch_read(s->index, ret);
896     } else if (s->index >= SVGA_PALETTE_BASE) {
897         trace_vmware_palette_read(s->index, ret);
898     } else {
899         trace_vmware_value_read(s->index, ret);
900     }
901     return ret;
902 }
903 
904 static void vmsvga_value_write(void *opaque, uint32_t address, uint32_t value)
905 {
906     struct vmsvga_state_s *s = opaque;
907 
908     if (s->index >= SVGA_SCRATCH_BASE) {
909         trace_vmware_scratch_write(s->index, value);
910     } else if (s->index >= SVGA_PALETTE_BASE) {
911         trace_vmware_palette_write(s->index, value);
912     } else {
913         trace_vmware_value_write(s->index, value);
914     }
915     switch (s->index) {
916     case SVGA_REG_ID:
917         if (value == SVGA_ID_2 || value == SVGA_ID_1 || value == SVGA_ID_0) {
918             s->svgaid = value;
919         }
920         break;
921 
922     case SVGA_REG_ENABLE:
923         s->enable = !!value;
924         s->invalidated = 1;
925         s->vga.hw_ops->invalidate(&s->vga);
926         if (s->enable && s->config) {
927             vga_dirty_log_stop(&s->vga);
928         } else {
929             vga_dirty_log_start(&s->vga);
930         }
931         break;
932 
933     case SVGA_REG_WIDTH:
934         if (value <= SVGA_MAX_WIDTH) {
935             s->new_width = value;
936             s->invalidated = 1;
937         } else {
938             printf("%s: Bad width: %i\n", __func__, value);
939         }
940         break;
941 
942     case SVGA_REG_HEIGHT:
943         if (value <= SVGA_MAX_HEIGHT) {
944             s->new_height = value;
945             s->invalidated = 1;
946         } else {
947             printf("%s: Bad height: %i\n", __func__, value);
948         }
949         break;
950 
951     case SVGA_REG_BITS_PER_PIXEL:
952         if (value != 32) {
953             printf("%s: Bad bits per pixel: %i bits\n", __func__, value);
954             s->config = 0;
955             s->invalidated = 1;
956         }
957         break;
958 
959     case SVGA_REG_CONFIG_DONE:
960         if (value) {
961             s->fifo = (uint32_t *) s->fifo_ptr;
962             /* Check range and alignment.  */
963             if ((CMD(min) | CMD(max) | CMD(next_cmd) | CMD(stop)) & 3) {
964                 break;
965             }
966             if (CMD(min) < (uint8_t *) s->cmd->fifo - (uint8_t *) s->fifo) {
967                 break;
968             }
969             if (CMD(max) > SVGA_FIFO_SIZE) {
970                 break;
971             }
972             if (CMD(max) < CMD(min) + 10 * 1024) {
973                 break;
974             }
975             vga_dirty_log_stop(&s->vga);
976         }
977         s->config = !!value;
978         break;
979 
980     case SVGA_REG_SYNC:
981         s->syncing = 1;
982         vmsvga_fifo_run(s); /* Or should we just wait for update_display? */
983         break;
984 
985     case SVGA_REG_GUEST_ID:
986         s->guest = value;
987 #ifdef VERBOSE
988         if (value >= GUEST_OS_BASE && value < GUEST_OS_BASE +
989             ARRAY_SIZE(vmsvga_guest_id)) {
990             printf("%s: guest runs %s.\n", __func__,
991                    vmsvga_guest_id[value - GUEST_OS_BASE]);
992         }
993 #endif
994         break;
995 
996     case SVGA_REG_CURSOR_ID:
997         s->cursor.id = value;
998         break;
999 
1000     case SVGA_REG_CURSOR_X:
1001         s->cursor.x = value;
1002         break;
1003 
1004     case SVGA_REG_CURSOR_Y:
1005         s->cursor.y = value;
1006         break;
1007 
1008     case SVGA_REG_CURSOR_ON:
1009         s->cursor.on |= (value == SVGA_CURSOR_ON_SHOW);
1010         s->cursor.on &= (value != SVGA_CURSOR_ON_HIDE);
1011 #ifdef HW_MOUSE_ACCEL
1012         if (value <= SVGA_CURSOR_ON_SHOW) {
1013             dpy_mouse_set(s->vga.con, s->cursor.x, s->cursor.y, s->cursor.on);
1014         }
1015 #endif
1016         break;
1017 
1018     case SVGA_REG_DEPTH:
1019     case SVGA_REG_MEM_REGS:
1020     case SVGA_REG_NUM_DISPLAYS:
1021     case SVGA_REG_PITCHLOCK:
1022     case SVGA_PALETTE_BASE ... SVGA_PALETTE_END:
1023         break;
1024 
1025     default:
1026         if (s->index >= SVGA_SCRATCH_BASE &&
1027                 s->index < SVGA_SCRATCH_BASE + s->scratch_size) {
1028             s->scratch[s->index - SVGA_SCRATCH_BASE] = value;
1029             break;
1030         }
1031         printf("%s: Bad register %02x\n", __func__, s->index);
1032     }
1033 }
1034 
1035 static uint32_t vmsvga_bios_read(void *opaque, uint32_t address)
1036 {
1037     printf("%s: what are we supposed to return?\n", __func__);
1038     return 0xcafe;
1039 }
1040 
1041 static void vmsvga_bios_write(void *opaque, uint32_t address, uint32_t data)
1042 {
1043     printf("%s: what are we supposed to do with (%08x)?\n", __func__, data);
1044 }
1045 
1046 static inline void vmsvga_check_size(struct vmsvga_state_s *s)
1047 {
1048     DisplaySurface *surface = qemu_console_surface(s->vga.con);
1049 
1050     if (s->new_width != surface_width(surface) ||
1051         s->new_height != surface_height(surface) ||
1052         s->new_depth != surface_bits_per_pixel(surface)) {
1053         int stride = (s->new_depth * s->new_width) / 8;
1054         trace_vmware_setmode(s->new_width, s->new_height, s->new_depth);
1055         surface = qemu_create_displaysurface_from(s->new_width, s->new_height,
1056                                                   s->new_depth, stride,
1057                                                   s->vga.vram_ptr, false);
1058         dpy_gfx_replace_surface(s->vga.con, surface);
1059         s->invalidated = 1;
1060     }
1061 }
1062 
1063 static void vmsvga_update_display(void *opaque)
1064 {
1065     struct vmsvga_state_s *s = opaque;
1066     DisplaySurface *surface;
1067     bool dirty = false;
1068 
1069     if (!s->enable) {
1070         s->vga.hw_ops->gfx_update(&s->vga);
1071         return;
1072     }
1073 
1074     vmsvga_check_size(s);
1075     surface = qemu_console_surface(s->vga.con);
1076 
1077     vmsvga_fifo_run(s);
1078     vmsvga_update_rect_flush(s);
1079 
1080     /*
1081      * Is it more efficient to look at vram VGA-dirty bits or wait
1082      * for the driver to issue SVGA_CMD_UPDATE?
1083      */
1084     if (memory_region_is_logging(&s->vga.vram)) {
1085         vga_sync_dirty_bitmap(&s->vga);
1086         dirty = memory_region_get_dirty(&s->vga.vram, 0,
1087             surface_stride(surface) * surface_height(surface),
1088             DIRTY_MEMORY_VGA);
1089     }
1090     if (s->invalidated || dirty) {
1091         s->invalidated = 0;
1092         dpy_gfx_update(s->vga.con, 0, 0,
1093                    surface_width(surface), surface_height(surface));
1094     }
1095     if (dirty) {
1096         memory_region_reset_dirty(&s->vga.vram, 0,
1097             surface_stride(surface) * surface_height(surface),
1098             DIRTY_MEMORY_VGA);
1099     }
1100 }
1101 
1102 static void vmsvga_reset(DeviceState *dev)
1103 {
1104     struct pci_vmsvga_state_s *pci = VMWARE_SVGA(dev);
1105     struct vmsvga_state_s *s = &pci->chip;
1106 
1107     s->index = 0;
1108     s->enable = 0;
1109     s->config = 0;
1110     s->svgaid = SVGA_ID;
1111     s->cursor.on = 0;
1112     s->redraw_fifo_first = 0;
1113     s->redraw_fifo_last = 0;
1114     s->syncing = 0;
1115 
1116     vga_dirty_log_start(&s->vga);
1117 }
1118 
1119 static void vmsvga_invalidate_display(void *opaque)
1120 {
1121     struct vmsvga_state_s *s = opaque;
1122     if (!s->enable) {
1123         s->vga.hw_ops->invalidate(&s->vga);
1124         return;
1125     }
1126 
1127     s->invalidated = 1;
1128 }
1129 
1130 static void vmsvga_text_update(void *opaque, console_ch_t *chardata)
1131 {
1132     struct vmsvga_state_s *s = opaque;
1133 
1134     if (s->vga.hw_ops->text_update) {
1135         s->vga.hw_ops->text_update(&s->vga, chardata);
1136     }
1137 }
1138 
1139 static int vmsvga_post_load(void *opaque, int version_id)
1140 {
1141     struct vmsvga_state_s *s = opaque;
1142 
1143     s->invalidated = 1;
1144     if (s->config) {
1145         s->fifo = (uint32_t *) s->fifo_ptr;
1146     }
1147     return 0;
1148 }
1149 
1150 static const VMStateDescription vmstate_vmware_vga_internal = {
1151     .name = "vmware_vga_internal",
1152     .version_id = 0,
1153     .minimum_version_id = 0,
1154     .minimum_version_id_old = 0,
1155     .post_load = vmsvga_post_load,
1156     .fields      = (VMStateField[]) {
1157         VMSTATE_INT32_EQUAL(new_depth, struct vmsvga_state_s),
1158         VMSTATE_INT32(enable, struct vmsvga_state_s),
1159         VMSTATE_INT32(config, struct vmsvga_state_s),
1160         VMSTATE_INT32(cursor.id, struct vmsvga_state_s),
1161         VMSTATE_INT32(cursor.x, struct vmsvga_state_s),
1162         VMSTATE_INT32(cursor.y, struct vmsvga_state_s),
1163         VMSTATE_INT32(cursor.on, struct vmsvga_state_s),
1164         VMSTATE_INT32(index, struct vmsvga_state_s),
1165         VMSTATE_VARRAY_INT32(scratch, struct vmsvga_state_s,
1166                              scratch_size, 0, vmstate_info_uint32, uint32_t),
1167         VMSTATE_INT32(new_width, struct vmsvga_state_s),
1168         VMSTATE_INT32(new_height, struct vmsvga_state_s),
1169         VMSTATE_UINT32(guest, struct vmsvga_state_s),
1170         VMSTATE_UINT32(svgaid, struct vmsvga_state_s),
1171         VMSTATE_INT32(syncing, struct vmsvga_state_s),
1172         VMSTATE_UNUSED(4), /* was fb_size */
1173         VMSTATE_END_OF_LIST()
1174     }
1175 };
1176 
1177 static const VMStateDescription vmstate_vmware_vga = {
1178     .name = "vmware_vga",
1179     .version_id = 0,
1180     .minimum_version_id = 0,
1181     .minimum_version_id_old = 0,
1182     .fields      = (VMStateField[]) {
1183         VMSTATE_PCI_DEVICE(parent_obj, struct pci_vmsvga_state_s),
1184         VMSTATE_STRUCT(chip, struct pci_vmsvga_state_s, 0,
1185                        vmstate_vmware_vga_internal, struct vmsvga_state_s),
1186         VMSTATE_END_OF_LIST()
1187     }
1188 };
1189 
1190 static const GraphicHwOps vmsvga_ops = {
1191     .invalidate  = vmsvga_invalidate_display,
1192     .gfx_update  = vmsvga_update_display,
1193     .text_update = vmsvga_text_update,
1194 };
1195 
1196 static void vmsvga_init(DeviceState *dev, struct vmsvga_state_s *s,
1197                         MemoryRegion *address_space, MemoryRegion *io)
1198 {
1199     s->scratch_size = SVGA_SCRATCH_SIZE;
1200     s->scratch = g_malloc(s->scratch_size * 4);
1201 
1202     s->vga.con = graphic_console_init(dev, 0, &vmsvga_ops, s);
1203 
1204     s->fifo_size = SVGA_FIFO_SIZE;
1205     memory_region_init_ram(&s->fifo_ram, NULL, "vmsvga.fifo", s->fifo_size);
1206     vmstate_register_ram_global(&s->fifo_ram);
1207     s->fifo_ptr = memory_region_get_ram_ptr(&s->fifo_ram);
1208 
1209     vga_common_init(&s->vga, OBJECT(dev));
1210     vga_init(&s->vga, OBJECT(dev), address_space, io, true);
1211     vmstate_register(NULL, 0, &vmstate_vga_common, &s->vga);
1212     s->new_depth = 32;
1213 }
1214 
1215 static uint64_t vmsvga_io_read(void *opaque, hwaddr addr, unsigned size)
1216 {
1217     struct vmsvga_state_s *s = opaque;
1218 
1219     switch (addr) {
1220     case SVGA_IO_MUL * SVGA_INDEX_PORT: return vmsvga_index_read(s, addr);
1221     case SVGA_IO_MUL * SVGA_VALUE_PORT: return vmsvga_value_read(s, addr);
1222     case SVGA_IO_MUL * SVGA_BIOS_PORT: return vmsvga_bios_read(s, addr);
1223     default: return -1u;
1224     }
1225 }
1226 
1227 static void vmsvga_io_write(void *opaque, hwaddr addr,
1228                             uint64_t data, unsigned size)
1229 {
1230     struct vmsvga_state_s *s = opaque;
1231 
1232     switch (addr) {
1233     case SVGA_IO_MUL * SVGA_INDEX_PORT:
1234         vmsvga_index_write(s, addr, data);
1235         break;
1236     case SVGA_IO_MUL * SVGA_VALUE_PORT:
1237         vmsvga_value_write(s, addr, data);
1238         break;
1239     case SVGA_IO_MUL * SVGA_BIOS_PORT:
1240         vmsvga_bios_write(s, addr, data);
1241         break;
1242     }
1243 }
1244 
1245 static const MemoryRegionOps vmsvga_io_ops = {
1246     .read = vmsvga_io_read,
1247     .write = vmsvga_io_write,
1248     .endianness = DEVICE_LITTLE_ENDIAN,
1249     .valid = {
1250         .min_access_size = 4,
1251         .max_access_size = 4,
1252         .unaligned = true,
1253     },
1254     .impl = {
1255         .unaligned = true,
1256     },
1257 };
1258 
1259 static int pci_vmsvga_initfn(PCIDevice *dev)
1260 {
1261     struct pci_vmsvga_state_s *s = VMWARE_SVGA(dev);
1262 
1263     dev->config[PCI_CACHE_LINE_SIZE] = 0x08;
1264     dev->config[PCI_LATENCY_TIMER] = 0x40;
1265     dev->config[PCI_INTERRUPT_LINE] = 0xff;          /* End */
1266 
1267     memory_region_init_io(&s->io_bar, NULL, &vmsvga_io_ops, &s->chip,
1268                           "vmsvga-io", 0x10);
1269     memory_region_set_flush_coalesced(&s->io_bar);
1270     pci_register_bar(dev, 0, PCI_BASE_ADDRESS_SPACE_IO, &s->io_bar);
1271 
1272     vmsvga_init(DEVICE(dev), &s->chip,
1273                 pci_address_space(dev), pci_address_space_io(dev));
1274 
1275     pci_register_bar(dev, 1, PCI_BASE_ADDRESS_MEM_PREFETCH,
1276                      &s->chip.vga.vram);
1277     pci_register_bar(dev, 2, PCI_BASE_ADDRESS_MEM_PREFETCH,
1278                      &s->chip.fifo_ram);
1279 
1280     if (!dev->rom_bar) {
1281         /* compatibility with pc-0.13 and older */
1282         vga_init_vbe(&s->chip.vga, OBJECT(dev), pci_address_space(dev));
1283     }
1284 
1285     return 0;
1286 }
1287 
1288 static Property vga_vmware_properties[] = {
1289     DEFINE_PROP_UINT32("vgamem_mb", struct pci_vmsvga_state_s,
1290                        chip.vga.vram_size_mb, 16),
1291     DEFINE_PROP_END_OF_LIST(),
1292 };
1293 
1294 static void vmsvga_class_init(ObjectClass *klass, void *data)
1295 {
1296     DeviceClass *dc = DEVICE_CLASS(klass);
1297     PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
1298 
1299     k->init = pci_vmsvga_initfn;
1300     k->romfile = "vgabios-vmware.bin";
1301     k->vendor_id = PCI_VENDOR_ID_VMWARE;
1302     k->device_id = SVGA_PCI_DEVICE_ID;
1303     k->class_id = PCI_CLASS_DISPLAY_VGA;
1304     k->subsystem_vendor_id = PCI_VENDOR_ID_VMWARE;
1305     k->subsystem_id = SVGA_PCI_DEVICE_ID;
1306     dc->reset = vmsvga_reset;
1307     dc->vmsd = &vmstate_vmware_vga;
1308     dc->props = vga_vmware_properties;
1309     dc->hotpluggable = false;
1310     set_bit(DEVICE_CATEGORY_DISPLAY, dc->categories);
1311 }
1312 
1313 static const TypeInfo vmsvga_info = {
1314     .name          = TYPE_VMWARE_SVGA,
1315     .parent        = TYPE_PCI_DEVICE,
1316     .instance_size = sizeof(struct pci_vmsvga_state_s),
1317     .class_init    = vmsvga_class_init,
1318 };
1319 
1320 static void vmsvga_register_types(void)
1321 {
1322     type_register_static(&vmsvga_info);
1323 }
1324 
1325 type_init(vmsvga_register_types)
1326