xref: /openbmc/qemu/hw/display/vmware_vga.c (revision 4a66d3bf)
1 /*
2  * QEMU VMware-SVGA "chipset".
3  *
4  * Copyright (c) 2007 Andrzej Zaborowski  <balrog@zabor.org>
5  *
6  * Permission is hereby granted, free of charge, to any person obtaining a copy
7  * of this software and associated documentation files (the "Software"), to deal
8  * in the Software without restriction, including without limitation the rights
9  * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
10  * copies of the Software, and to permit persons to whom the Software is
11  * furnished to do so, subject to the following conditions:
12  *
13  * The above copyright notice and this permission notice shall be included in
14  * all copies or substantial portions of the Software.
15  *
16  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17  * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18  * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
19  * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20  * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
21  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
22  * THE SOFTWARE.
23  */
24 #include "hw/hw.h"
25 #include "hw/loader.h"
26 #include "trace.h"
27 #include "ui/console.h"
28 #include "ui/vnc.h"
29 #include "hw/pci/pci.h"
30 
31 #undef VERBOSE
32 #define HW_RECT_ACCEL
33 #define HW_FILL_ACCEL
34 #define HW_MOUSE_ACCEL
35 
36 #include "vga_int.h"
37 
38 /* See http://vmware-svga.sf.net/ for some documentation on VMWare SVGA */
39 
40 struct vmsvga_state_s {
41     VGACommonState vga;
42 
43     int invalidated;
44     int enable;
45     int config;
46     struct {
47         int id;
48         int x;
49         int y;
50         int on;
51     } cursor;
52 
53     int index;
54     int scratch_size;
55     uint32_t *scratch;
56     int new_width;
57     int new_height;
58     int new_depth;
59     uint32_t guest;
60     uint32_t svgaid;
61     int syncing;
62 
63     MemoryRegion fifo_ram;
64     uint8_t *fifo_ptr;
65     unsigned int fifo_size;
66 
67     union {
68         uint32_t *fifo;
69         struct QEMU_PACKED {
70             uint32_t min;
71             uint32_t max;
72             uint32_t next_cmd;
73             uint32_t stop;
74             /* Add registers here when adding capabilities.  */
75             uint32_t fifo[0];
76         } *cmd;
77     };
78 
79 #define REDRAW_FIFO_LEN  512
80     struct vmsvga_rect_s {
81         int x, y, w, h;
82     } redraw_fifo[REDRAW_FIFO_LEN];
83     int redraw_fifo_first, redraw_fifo_last;
84 };
85 
86 #define TYPE_VMWARE_SVGA "vmware-svga"
87 
88 #define VMWARE_SVGA(obj) \
89     OBJECT_CHECK(struct pci_vmsvga_state_s, (obj), TYPE_VMWARE_SVGA)
90 
91 struct pci_vmsvga_state_s {
92     /*< private >*/
93     PCIDevice parent_obj;
94     /*< public >*/
95 
96     struct vmsvga_state_s chip;
97     MemoryRegion io_bar;
98 };
99 
100 #define SVGA_MAGIC              0x900000UL
101 #define SVGA_MAKE_ID(ver)       (SVGA_MAGIC << 8 | (ver))
102 #define SVGA_ID_0               SVGA_MAKE_ID(0)
103 #define SVGA_ID_1               SVGA_MAKE_ID(1)
104 #define SVGA_ID_2               SVGA_MAKE_ID(2)
105 
106 #define SVGA_LEGACY_BASE_PORT   0x4560
107 #define SVGA_INDEX_PORT         0x0
108 #define SVGA_VALUE_PORT         0x1
109 #define SVGA_BIOS_PORT          0x2
110 
111 #define SVGA_VERSION_2
112 
113 #ifdef SVGA_VERSION_2
114 # define SVGA_ID                SVGA_ID_2
115 # define SVGA_IO_BASE           SVGA_LEGACY_BASE_PORT
116 # define SVGA_IO_MUL            1
117 # define SVGA_FIFO_SIZE         0x10000
118 # define SVGA_PCI_DEVICE_ID     PCI_DEVICE_ID_VMWARE_SVGA2
119 #else
120 # define SVGA_ID                SVGA_ID_1
121 # define SVGA_IO_BASE           SVGA_LEGACY_BASE_PORT
122 # define SVGA_IO_MUL            4
123 # define SVGA_FIFO_SIZE         0x10000
124 # define SVGA_PCI_DEVICE_ID     PCI_DEVICE_ID_VMWARE_SVGA
125 #endif
126 
127 enum {
128     /* ID 0, 1 and 2 registers */
129     SVGA_REG_ID = 0,
130     SVGA_REG_ENABLE = 1,
131     SVGA_REG_WIDTH = 2,
132     SVGA_REG_HEIGHT = 3,
133     SVGA_REG_MAX_WIDTH = 4,
134     SVGA_REG_MAX_HEIGHT = 5,
135     SVGA_REG_DEPTH = 6,
136     SVGA_REG_BITS_PER_PIXEL = 7,        /* Current bpp in the guest */
137     SVGA_REG_PSEUDOCOLOR = 8,
138     SVGA_REG_RED_MASK = 9,
139     SVGA_REG_GREEN_MASK = 10,
140     SVGA_REG_BLUE_MASK = 11,
141     SVGA_REG_BYTES_PER_LINE = 12,
142     SVGA_REG_FB_START = 13,
143     SVGA_REG_FB_OFFSET = 14,
144     SVGA_REG_VRAM_SIZE = 15,
145     SVGA_REG_FB_SIZE = 16,
146 
147     /* ID 1 and 2 registers */
148     SVGA_REG_CAPABILITIES = 17,
149     SVGA_REG_MEM_START = 18,            /* Memory for command FIFO */
150     SVGA_REG_MEM_SIZE = 19,
151     SVGA_REG_CONFIG_DONE = 20,          /* Set when memory area configured */
152     SVGA_REG_SYNC = 21,                 /* Write to force synchronization */
153     SVGA_REG_BUSY = 22,                 /* Read to check if sync is done */
154     SVGA_REG_GUEST_ID = 23,             /* Set guest OS identifier */
155     SVGA_REG_CURSOR_ID = 24,            /* ID of cursor */
156     SVGA_REG_CURSOR_X = 25,             /* Set cursor X position */
157     SVGA_REG_CURSOR_Y = 26,             /* Set cursor Y position */
158     SVGA_REG_CURSOR_ON = 27,            /* Turn cursor on/off */
159     SVGA_REG_HOST_BITS_PER_PIXEL = 28,  /* Current bpp in the host */
160     SVGA_REG_SCRATCH_SIZE = 29,         /* Number of scratch registers */
161     SVGA_REG_MEM_REGS = 30,             /* Number of FIFO registers */
162     SVGA_REG_NUM_DISPLAYS = 31,         /* Number of guest displays */
163     SVGA_REG_PITCHLOCK = 32,            /* Fixed pitch for all modes */
164 
165     SVGA_PALETTE_BASE = 1024,           /* Base of SVGA color map */
166     SVGA_PALETTE_END  = SVGA_PALETTE_BASE + 767,
167     SVGA_SCRATCH_BASE = SVGA_PALETTE_BASE + 768,
168 };
169 
170 #define SVGA_CAP_NONE                   0
171 #define SVGA_CAP_RECT_FILL              (1 << 0)
172 #define SVGA_CAP_RECT_COPY              (1 << 1)
173 #define SVGA_CAP_RECT_PAT_FILL          (1 << 2)
174 #define SVGA_CAP_LEGACY_OFFSCREEN       (1 << 3)
175 #define SVGA_CAP_RASTER_OP              (1 << 4)
176 #define SVGA_CAP_CURSOR                 (1 << 5)
177 #define SVGA_CAP_CURSOR_BYPASS          (1 << 6)
178 #define SVGA_CAP_CURSOR_BYPASS_2        (1 << 7)
179 #define SVGA_CAP_8BIT_EMULATION         (1 << 8)
180 #define SVGA_CAP_ALPHA_CURSOR           (1 << 9)
181 #define SVGA_CAP_GLYPH                  (1 << 10)
182 #define SVGA_CAP_GLYPH_CLIPPING         (1 << 11)
183 #define SVGA_CAP_OFFSCREEN_1            (1 << 12)
184 #define SVGA_CAP_ALPHA_BLEND            (1 << 13)
185 #define SVGA_CAP_3D                     (1 << 14)
186 #define SVGA_CAP_EXTENDED_FIFO          (1 << 15)
187 #define SVGA_CAP_MULTIMON               (1 << 16)
188 #define SVGA_CAP_PITCHLOCK              (1 << 17)
189 
190 /*
191  * FIFO offsets (seen as an array of 32-bit words)
192  */
193 enum {
194     /*
195      * The original defined FIFO offsets
196      */
197     SVGA_FIFO_MIN = 0,
198     SVGA_FIFO_MAX,      /* The distance from MIN to MAX must be at least 10K */
199     SVGA_FIFO_NEXT_CMD,
200     SVGA_FIFO_STOP,
201 
202     /*
203      * Additional offsets added as of SVGA_CAP_EXTENDED_FIFO
204      */
205     SVGA_FIFO_CAPABILITIES = 4,
206     SVGA_FIFO_FLAGS,
207     SVGA_FIFO_FENCE,
208     SVGA_FIFO_3D_HWVERSION,
209     SVGA_FIFO_PITCHLOCK,
210 };
211 
212 #define SVGA_FIFO_CAP_NONE              0
213 #define SVGA_FIFO_CAP_FENCE             (1 << 0)
214 #define SVGA_FIFO_CAP_ACCELFRONT        (1 << 1)
215 #define SVGA_FIFO_CAP_PITCHLOCK         (1 << 2)
216 
217 #define SVGA_FIFO_FLAG_NONE             0
218 #define SVGA_FIFO_FLAG_ACCELFRONT       (1 << 0)
219 
220 /* These values can probably be changed arbitrarily.  */
221 #define SVGA_SCRATCH_SIZE               0x8000
222 #define SVGA_MAX_WIDTH                  ROUND_UP(2360, VNC_DIRTY_PIXELS_PER_BIT)
223 #define SVGA_MAX_HEIGHT                 1770
224 
225 #ifdef VERBOSE
226 # define GUEST_OS_BASE          0x5001
227 static const char *vmsvga_guest_id[] = {
228     [0x00] = "Dos",
229     [0x01] = "Windows 3.1",
230     [0x02] = "Windows 95",
231     [0x03] = "Windows 98",
232     [0x04] = "Windows ME",
233     [0x05] = "Windows NT",
234     [0x06] = "Windows 2000",
235     [0x07] = "Linux",
236     [0x08] = "OS/2",
237     [0x09] = "an unknown OS",
238     [0x0a] = "BSD",
239     [0x0b] = "Whistler",
240     [0x0c] = "an unknown OS",
241     [0x0d] = "an unknown OS",
242     [0x0e] = "an unknown OS",
243     [0x0f] = "an unknown OS",
244     [0x10] = "an unknown OS",
245     [0x11] = "an unknown OS",
246     [0x12] = "an unknown OS",
247     [0x13] = "an unknown OS",
248     [0x14] = "an unknown OS",
249     [0x15] = "Windows 2003",
250 };
251 #endif
252 
253 enum {
254     SVGA_CMD_INVALID_CMD = 0,
255     SVGA_CMD_UPDATE = 1,
256     SVGA_CMD_RECT_FILL = 2,
257     SVGA_CMD_RECT_COPY = 3,
258     SVGA_CMD_DEFINE_BITMAP = 4,
259     SVGA_CMD_DEFINE_BITMAP_SCANLINE = 5,
260     SVGA_CMD_DEFINE_PIXMAP = 6,
261     SVGA_CMD_DEFINE_PIXMAP_SCANLINE = 7,
262     SVGA_CMD_RECT_BITMAP_FILL = 8,
263     SVGA_CMD_RECT_PIXMAP_FILL = 9,
264     SVGA_CMD_RECT_BITMAP_COPY = 10,
265     SVGA_CMD_RECT_PIXMAP_COPY = 11,
266     SVGA_CMD_FREE_OBJECT = 12,
267     SVGA_CMD_RECT_ROP_FILL = 13,
268     SVGA_CMD_RECT_ROP_COPY = 14,
269     SVGA_CMD_RECT_ROP_BITMAP_FILL = 15,
270     SVGA_CMD_RECT_ROP_PIXMAP_FILL = 16,
271     SVGA_CMD_RECT_ROP_BITMAP_COPY = 17,
272     SVGA_CMD_RECT_ROP_PIXMAP_COPY = 18,
273     SVGA_CMD_DEFINE_CURSOR = 19,
274     SVGA_CMD_DISPLAY_CURSOR = 20,
275     SVGA_CMD_MOVE_CURSOR = 21,
276     SVGA_CMD_DEFINE_ALPHA_CURSOR = 22,
277     SVGA_CMD_DRAW_GLYPH = 23,
278     SVGA_CMD_DRAW_GLYPH_CLIPPED = 24,
279     SVGA_CMD_UPDATE_VERBOSE = 25,
280     SVGA_CMD_SURFACE_FILL = 26,
281     SVGA_CMD_SURFACE_COPY = 27,
282     SVGA_CMD_SURFACE_ALPHA_BLEND = 28,
283     SVGA_CMD_FRONT_ROP_FILL = 29,
284     SVGA_CMD_FENCE = 30,
285 };
286 
287 /* Legal values for the SVGA_REG_CURSOR_ON register in cursor bypass mode */
288 enum {
289     SVGA_CURSOR_ON_HIDE = 0,
290     SVGA_CURSOR_ON_SHOW = 1,
291     SVGA_CURSOR_ON_REMOVE_FROM_FB = 2,
292     SVGA_CURSOR_ON_RESTORE_TO_FB = 3,
293 };
294 
295 static inline void vmsvga_update_rect(struct vmsvga_state_s *s,
296                 int x, int y, int w, int h)
297 {
298     DisplaySurface *surface = qemu_console_surface(s->vga.con);
299     int line;
300     int bypl;
301     int width;
302     int start;
303     uint8_t *src;
304     uint8_t *dst;
305 
306     if (x < 0) {
307         fprintf(stderr, "%s: update x was < 0 (%d)\n", __func__, x);
308         w += x;
309         x = 0;
310     }
311     if (w < 0) {
312         fprintf(stderr, "%s: update w was < 0 (%d)\n", __func__, w);
313         w = 0;
314     }
315     if (x + w > surface_width(surface)) {
316         fprintf(stderr, "%s: update width too large x: %d, w: %d\n",
317                 __func__, x, w);
318         x = MIN(x, surface_width(surface));
319         w = surface_width(surface) - x;
320     }
321 
322     if (y < 0) {
323         fprintf(stderr, "%s: update y was < 0 (%d)\n",  __func__, y);
324         h += y;
325         y = 0;
326     }
327     if (h < 0) {
328         fprintf(stderr, "%s: update h was < 0 (%d)\n",  __func__, h);
329         h = 0;
330     }
331     if (y + h > surface_height(surface)) {
332         fprintf(stderr, "%s: update height too large y: %d, h: %d\n",
333                 __func__, y, h);
334         y = MIN(y, surface_height(surface));
335         h = surface_height(surface) - y;
336     }
337 
338     bypl = surface_stride(surface);
339     width = surface_bytes_per_pixel(surface) * w;
340     start = surface_bytes_per_pixel(surface) * x + bypl * y;
341     src = s->vga.vram_ptr + start;
342     dst = surface_data(surface) + start;
343 
344     for (line = h; line > 0; line--, src += bypl, dst += bypl) {
345         memcpy(dst, src, width);
346     }
347     dpy_gfx_update(s->vga.con, x, y, w, h);
348 }
349 
350 static inline void vmsvga_update_rect_delayed(struct vmsvga_state_s *s,
351                 int x, int y, int w, int h)
352 {
353     struct vmsvga_rect_s *rect = &s->redraw_fifo[s->redraw_fifo_last++];
354 
355     s->redraw_fifo_last &= REDRAW_FIFO_LEN - 1;
356     rect->x = x;
357     rect->y = y;
358     rect->w = w;
359     rect->h = h;
360 }
361 
362 static inline void vmsvga_update_rect_flush(struct vmsvga_state_s *s)
363 {
364     struct vmsvga_rect_s *rect;
365 
366     if (s->invalidated) {
367         s->redraw_fifo_first = s->redraw_fifo_last;
368         return;
369     }
370     /* Overlapping region updates can be optimised out here - if someone
371      * knows a smart algorithm to do that, please share.  */
372     while (s->redraw_fifo_first != s->redraw_fifo_last) {
373         rect = &s->redraw_fifo[s->redraw_fifo_first++];
374         s->redraw_fifo_first &= REDRAW_FIFO_LEN - 1;
375         vmsvga_update_rect(s, rect->x, rect->y, rect->w, rect->h);
376     }
377 }
378 
379 #ifdef HW_RECT_ACCEL
380 static inline void vmsvga_copy_rect(struct vmsvga_state_s *s,
381                 int x0, int y0, int x1, int y1, int w, int h)
382 {
383     DisplaySurface *surface = qemu_console_surface(s->vga.con);
384     uint8_t *vram = s->vga.vram_ptr;
385     int bypl = surface_stride(surface);
386     int bypp = surface_bytes_per_pixel(surface);
387     int width = bypp * w;
388     int line = h;
389     uint8_t *ptr[2];
390 
391     if (y1 > y0) {
392         ptr[0] = vram + bypp * x0 + bypl * (y0 + h - 1);
393         ptr[1] = vram + bypp * x1 + bypl * (y1 + h - 1);
394         for (; line > 0; line --, ptr[0] -= bypl, ptr[1] -= bypl) {
395             memmove(ptr[1], ptr[0], width);
396         }
397     } else {
398         ptr[0] = vram + bypp * x0 + bypl * y0;
399         ptr[1] = vram + bypp * x1 + bypl * y1;
400         for (; line > 0; line --, ptr[0] += bypl, ptr[1] += bypl) {
401             memmove(ptr[1], ptr[0], width);
402         }
403     }
404 
405     vmsvga_update_rect_delayed(s, x1, y1, w, h);
406 }
407 #endif
408 
409 #ifdef HW_FILL_ACCEL
410 static inline void vmsvga_fill_rect(struct vmsvga_state_s *s,
411                 uint32_t c, int x, int y, int w, int h)
412 {
413     DisplaySurface *surface = qemu_console_surface(s->vga.con);
414     int bypl = surface_stride(surface);
415     int width = surface_bytes_per_pixel(surface) * w;
416     int line = h;
417     int column;
418     uint8_t *fst;
419     uint8_t *dst;
420     uint8_t *src;
421     uint8_t col[4];
422 
423     col[0] = c;
424     col[1] = c >> 8;
425     col[2] = c >> 16;
426     col[3] = c >> 24;
427 
428     fst = s->vga.vram_ptr + surface_bytes_per_pixel(surface) * x + bypl * y;
429 
430     if (line--) {
431         dst = fst;
432         src = col;
433         for (column = width; column > 0; column--) {
434             *(dst++) = *(src++);
435             if (src - col == surface_bytes_per_pixel(surface)) {
436                 src = col;
437             }
438         }
439         dst = fst;
440         for (; line > 0; line--) {
441             dst += bypl;
442             memcpy(dst, fst, width);
443         }
444     }
445 
446     vmsvga_update_rect_delayed(s, x, y, w, h);
447 }
448 #endif
449 
450 struct vmsvga_cursor_definition_s {
451     int width;
452     int height;
453     int id;
454     int bpp;
455     int hot_x;
456     int hot_y;
457     uint32_t mask[1024];
458     uint32_t image[4096];
459 };
460 
461 #define SVGA_BITMAP_SIZE(w, h)          ((((w) + 31) >> 5) * (h))
462 #define SVGA_PIXMAP_SIZE(w, h, bpp)     (((((w) * (bpp)) + 31) >> 5) * (h))
463 
464 #ifdef HW_MOUSE_ACCEL
465 static inline void vmsvga_cursor_define(struct vmsvga_state_s *s,
466                 struct vmsvga_cursor_definition_s *c)
467 {
468     QEMUCursor *qc;
469     int i, pixels;
470 
471     qc = cursor_alloc(c->width, c->height);
472     qc->hot_x = c->hot_x;
473     qc->hot_y = c->hot_y;
474     switch (c->bpp) {
475     case 1:
476         cursor_set_mono(qc, 0xffffff, 0x000000, (void *)c->image,
477                         1, (void *)c->mask);
478 #ifdef DEBUG
479         cursor_print_ascii_art(qc, "vmware/mono");
480 #endif
481         break;
482     case 32:
483         /* fill alpha channel from mask, set color to zero */
484         cursor_set_mono(qc, 0x000000, 0x000000, (void *)c->mask,
485                         1, (void *)c->mask);
486         /* add in rgb values */
487         pixels = c->width * c->height;
488         for (i = 0; i < pixels; i++) {
489             qc->data[i] |= c->image[i] & 0xffffff;
490         }
491 #ifdef DEBUG
492         cursor_print_ascii_art(qc, "vmware/32bit");
493 #endif
494         break;
495     default:
496         fprintf(stderr, "%s: unhandled bpp %d, using fallback cursor\n",
497                 __func__, c->bpp);
498         cursor_put(qc);
499         qc = cursor_builtin_left_ptr();
500     }
501 
502     dpy_cursor_define(s->vga.con, qc);
503     cursor_put(qc);
504 }
505 #endif
506 
507 #define CMD(f)  le32_to_cpu(s->cmd->f)
508 
509 static inline int vmsvga_fifo_length(struct vmsvga_state_s *s)
510 {
511     int num;
512 
513     if (!s->config || !s->enable) {
514         return 0;
515     }
516     num = CMD(next_cmd) - CMD(stop);
517     if (num < 0) {
518         num += CMD(max) - CMD(min);
519     }
520     return num >> 2;
521 }
522 
523 static inline uint32_t vmsvga_fifo_read_raw(struct vmsvga_state_s *s)
524 {
525     uint32_t cmd = s->fifo[CMD(stop) >> 2];
526 
527     s->cmd->stop = cpu_to_le32(CMD(stop) + 4);
528     if (CMD(stop) >= CMD(max)) {
529         s->cmd->stop = s->cmd->min;
530     }
531     return cmd;
532 }
533 
534 static inline uint32_t vmsvga_fifo_read(struct vmsvga_state_s *s)
535 {
536     return le32_to_cpu(vmsvga_fifo_read_raw(s));
537 }
538 
539 static void vmsvga_fifo_run(struct vmsvga_state_s *s)
540 {
541     uint32_t cmd, colour;
542     int args, len;
543     int x, y, dx, dy, width, height;
544     struct vmsvga_cursor_definition_s cursor;
545     uint32_t cmd_start;
546 
547     len = vmsvga_fifo_length(s);
548     while (len > 0) {
549         /* May need to go back to the start of the command if incomplete */
550         cmd_start = s->cmd->stop;
551 
552         switch (cmd = vmsvga_fifo_read(s)) {
553         case SVGA_CMD_UPDATE:
554         case SVGA_CMD_UPDATE_VERBOSE:
555             len -= 5;
556             if (len < 0) {
557                 goto rewind;
558             }
559 
560             x = vmsvga_fifo_read(s);
561             y = vmsvga_fifo_read(s);
562             width = vmsvga_fifo_read(s);
563             height = vmsvga_fifo_read(s);
564             vmsvga_update_rect_delayed(s, x, y, width, height);
565             break;
566 
567         case SVGA_CMD_RECT_FILL:
568             len -= 6;
569             if (len < 0) {
570                 goto rewind;
571             }
572 
573             colour = vmsvga_fifo_read(s);
574             x = vmsvga_fifo_read(s);
575             y = vmsvga_fifo_read(s);
576             width = vmsvga_fifo_read(s);
577             height = vmsvga_fifo_read(s);
578 #ifdef HW_FILL_ACCEL
579             vmsvga_fill_rect(s, colour, x, y, width, height);
580             break;
581 #else
582             args = 0;
583             goto badcmd;
584 #endif
585 
586         case SVGA_CMD_RECT_COPY:
587             len -= 7;
588             if (len < 0) {
589                 goto rewind;
590             }
591 
592             x = vmsvga_fifo_read(s);
593             y = vmsvga_fifo_read(s);
594             dx = vmsvga_fifo_read(s);
595             dy = vmsvga_fifo_read(s);
596             width = vmsvga_fifo_read(s);
597             height = vmsvga_fifo_read(s);
598 #ifdef HW_RECT_ACCEL
599             vmsvga_copy_rect(s, x, y, dx, dy, width, height);
600             break;
601 #else
602             args = 0;
603             goto badcmd;
604 #endif
605 
606         case SVGA_CMD_DEFINE_CURSOR:
607             len -= 8;
608             if (len < 0) {
609                 goto rewind;
610             }
611 
612             cursor.id = vmsvga_fifo_read(s);
613             cursor.hot_x = vmsvga_fifo_read(s);
614             cursor.hot_y = vmsvga_fifo_read(s);
615             cursor.width = x = vmsvga_fifo_read(s);
616             cursor.height = y = vmsvga_fifo_read(s);
617             vmsvga_fifo_read(s);
618             cursor.bpp = vmsvga_fifo_read(s);
619 
620             args = SVGA_BITMAP_SIZE(x, y) + SVGA_PIXMAP_SIZE(x, y, cursor.bpp);
621             if (SVGA_BITMAP_SIZE(x, y) > sizeof cursor.mask ||
622                 SVGA_PIXMAP_SIZE(x, y, cursor.bpp) > sizeof cursor.image) {
623                     goto badcmd;
624             }
625 
626             len -= args;
627             if (len < 0) {
628                 goto rewind;
629             }
630 
631             for (args = 0; args < SVGA_BITMAP_SIZE(x, y); args++) {
632                 cursor.mask[args] = vmsvga_fifo_read_raw(s);
633             }
634             for (args = 0; args < SVGA_PIXMAP_SIZE(x, y, cursor.bpp); args++) {
635                 cursor.image[args] = vmsvga_fifo_read_raw(s);
636             }
637 #ifdef HW_MOUSE_ACCEL
638             vmsvga_cursor_define(s, &cursor);
639             break;
640 #else
641             args = 0;
642             goto badcmd;
643 #endif
644 
645         /*
646          * Other commands that we at least know the number of arguments
647          * for so we can avoid FIFO desync if driver uses them illegally.
648          */
649         case SVGA_CMD_DEFINE_ALPHA_CURSOR:
650             len -= 6;
651             if (len < 0) {
652                 goto rewind;
653             }
654             vmsvga_fifo_read(s);
655             vmsvga_fifo_read(s);
656             vmsvga_fifo_read(s);
657             x = vmsvga_fifo_read(s);
658             y = vmsvga_fifo_read(s);
659             args = x * y;
660             goto badcmd;
661         case SVGA_CMD_RECT_ROP_FILL:
662             args = 6;
663             goto badcmd;
664         case SVGA_CMD_RECT_ROP_COPY:
665             args = 7;
666             goto badcmd;
667         case SVGA_CMD_DRAW_GLYPH_CLIPPED:
668             len -= 4;
669             if (len < 0) {
670                 goto rewind;
671             }
672             vmsvga_fifo_read(s);
673             vmsvga_fifo_read(s);
674             args = 7 + (vmsvga_fifo_read(s) >> 2);
675             goto badcmd;
676         case SVGA_CMD_SURFACE_ALPHA_BLEND:
677             args = 12;
678             goto badcmd;
679 
680         /*
681          * Other commands that are not listed as depending on any
682          * CAPABILITIES bits, but are not described in the README either.
683          */
684         case SVGA_CMD_SURFACE_FILL:
685         case SVGA_CMD_SURFACE_COPY:
686         case SVGA_CMD_FRONT_ROP_FILL:
687         case SVGA_CMD_FENCE:
688         case SVGA_CMD_INVALID_CMD:
689             break; /* Nop */
690 
691         default:
692             args = 0;
693         badcmd:
694             len -= args;
695             if (len < 0) {
696                 goto rewind;
697             }
698             while (args--) {
699                 vmsvga_fifo_read(s);
700             }
701             printf("%s: Unknown command 0x%02x in SVGA command FIFO\n",
702                    __func__, cmd);
703             break;
704 
705         rewind:
706             s->cmd->stop = cmd_start;
707             break;
708         }
709     }
710 
711     s->syncing = 0;
712 }
713 
714 static uint32_t vmsvga_index_read(void *opaque, uint32_t address)
715 {
716     struct vmsvga_state_s *s = opaque;
717 
718     return s->index;
719 }
720 
721 static void vmsvga_index_write(void *opaque, uint32_t address, uint32_t index)
722 {
723     struct vmsvga_state_s *s = opaque;
724 
725     s->index = index;
726 }
727 
728 static uint32_t vmsvga_value_read(void *opaque, uint32_t address)
729 {
730     uint32_t caps;
731     struct vmsvga_state_s *s = opaque;
732     DisplaySurface *surface = qemu_console_surface(s->vga.con);
733     PixelFormat pf;
734     uint32_t ret;
735 
736     switch (s->index) {
737     case SVGA_REG_ID:
738         ret = s->svgaid;
739         break;
740 
741     case SVGA_REG_ENABLE:
742         ret = s->enable;
743         break;
744 
745     case SVGA_REG_WIDTH:
746         ret = s->new_width ? s->new_width : surface_width(surface);
747         break;
748 
749     case SVGA_REG_HEIGHT:
750         ret = s->new_height ? s->new_height : surface_height(surface);
751         break;
752 
753     case SVGA_REG_MAX_WIDTH:
754         ret = SVGA_MAX_WIDTH;
755         break;
756 
757     case SVGA_REG_MAX_HEIGHT:
758         ret = SVGA_MAX_HEIGHT;
759         break;
760 
761     case SVGA_REG_DEPTH:
762         ret = (s->new_depth == 32) ? 24 : s->new_depth;
763         break;
764 
765     case SVGA_REG_BITS_PER_PIXEL:
766     case SVGA_REG_HOST_BITS_PER_PIXEL:
767         ret = s->new_depth;
768         break;
769 
770     case SVGA_REG_PSEUDOCOLOR:
771         ret = 0x0;
772         break;
773 
774     case SVGA_REG_RED_MASK:
775         pf = qemu_default_pixelformat(s->new_depth);
776         ret = pf.rmask;
777         break;
778 
779     case SVGA_REG_GREEN_MASK:
780         pf = qemu_default_pixelformat(s->new_depth);
781         ret = pf.gmask;
782         break;
783 
784     case SVGA_REG_BLUE_MASK:
785         pf = qemu_default_pixelformat(s->new_depth);
786         ret = pf.bmask;
787         break;
788 
789     case SVGA_REG_BYTES_PER_LINE:
790         if (s->new_width) {
791             ret = (s->new_depth * s->new_width) / 8;
792         } else {
793             ret = surface_stride(surface);
794         }
795         break;
796 
797     case SVGA_REG_FB_START: {
798         struct pci_vmsvga_state_s *pci_vmsvga
799             = container_of(s, struct pci_vmsvga_state_s, chip);
800         ret = pci_get_bar_addr(PCI_DEVICE(pci_vmsvga), 1);
801         break;
802     }
803 
804     case SVGA_REG_FB_OFFSET:
805         ret = 0x0;
806         break;
807 
808     case SVGA_REG_VRAM_SIZE:
809         ret = s->vga.vram_size; /* No physical VRAM besides the framebuffer */
810         break;
811 
812     case SVGA_REG_FB_SIZE:
813         ret = s->vga.vram_size;
814         break;
815 
816     case SVGA_REG_CAPABILITIES:
817         caps = SVGA_CAP_NONE;
818 #ifdef HW_RECT_ACCEL
819         caps |= SVGA_CAP_RECT_COPY;
820 #endif
821 #ifdef HW_FILL_ACCEL
822         caps |= SVGA_CAP_RECT_FILL;
823 #endif
824 #ifdef HW_MOUSE_ACCEL
825         if (dpy_cursor_define_supported(s->vga.con)) {
826             caps |= SVGA_CAP_CURSOR | SVGA_CAP_CURSOR_BYPASS_2 |
827                     SVGA_CAP_CURSOR_BYPASS;
828         }
829 #endif
830         ret = caps;
831         break;
832 
833     case SVGA_REG_MEM_START: {
834         struct pci_vmsvga_state_s *pci_vmsvga
835             = container_of(s, struct pci_vmsvga_state_s, chip);
836         ret = pci_get_bar_addr(PCI_DEVICE(pci_vmsvga), 2);
837         break;
838     }
839 
840     case SVGA_REG_MEM_SIZE:
841         ret = s->fifo_size;
842         break;
843 
844     case SVGA_REG_CONFIG_DONE:
845         ret = s->config;
846         break;
847 
848     case SVGA_REG_SYNC:
849     case SVGA_REG_BUSY:
850         ret = s->syncing;
851         break;
852 
853     case SVGA_REG_GUEST_ID:
854         ret = s->guest;
855         break;
856 
857     case SVGA_REG_CURSOR_ID:
858         ret = s->cursor.id;
859         break;
860 
861     case SVGA_REG_CURSOR_X:
862         ret = s->cursor.x;
863         break;
864 
865     case SVGA_REG_CURSOR_Y:
866         ret = s->cursor.x;
867         break;
868 
869     case SVGA_REG_CURSOR_ON:
870         ret = s->cursor.on;
871         break;
872 
873     case SVGA_REG_SCRATCH_SIZE:
874         ret = s->scratch_size;
875         break;
876 
877     case SVGA_REG_MEM_REGS:
878     case SVGA_REG_NUM_DISPLAYS:
879     case SVGA_REG_PITCHLOCK:
880     case SVGA_PALETTE_BASE ... SVGA_PALETTE_END:
881         ret = 0;
882         break;
883 
884     default:
885         if (s->index >= SVGA_SCRATCH_BASE &&
886             s->index < SVGA_SCRATCH_BASE + s->scratch_size) {
887             ret = s->scratch[s->index - SVGA_SCRATCH_BASE];
888             break;
889         }
890         printf("%s: Bad register %02x\n", __func__, s->index);
891         ret = 0;
892         break;
893     }
894 
895     if (s->index >= SVGA_SCRATCH_BASE) {
896         trace_vmware_scratch_read(s->index, ret);
897     } else if (s->index >= SVGA_PALETTE_BASE) {
898         trace_vmware_palette_read(s->index, ret);
899     } else {
900         trace_vmware_value_read(s->index, ret);
901     }
902     return ret;
903 }
904 
905 static void vmsvga_value_write(void *opaque, uint32_t address, uint32_t value)
906 {
907     struct vmsvga_state_s *s = opaque;
908 
909     if (s->index >= SVGA_SCRATCH_BASE) {
910         trace_vmware_scratch_write(s->index, value);
911     } else if (s->index >= SVGA_PALETTE_BASE) {
912         trace_vmware_palette_write(s->index, value);
913     } else {
914         trace_vmware_value_write(s->index, value);
915     }
916     switch (s->index) {
917     case SVGA_REG_ID:
918         if (value == SVGA_ID_2 || value == SVGA_ID_1 || value == SVGA_ID_0) {
919             s->svgaid = value;
920         }
921         break;
922 
923     case SVGA_REG_ENABLE:
924         s->enable = !!value;
925         s->invalidated = 1;
926         s->vga.hw_ops->invalidate(&s->vga);
927         if (s->enable && s->config) {
928             vga_dirty_log_stop(&s->vga);
929         } else {
930             vga_dirty_log_start(&s->vga);
931         }
932         break;
933 
934     case SVGA_REG_WIDTH:
935         if (value <= SVGA_MAX_WIDTH) {
936             s->new_width = value;
937             s->invalidated = 1;
938         } else {
939             printf("%s: Bad width: %i\n", __func__, value);
940         }
941         break;
942 
943     case SVGA_REG_HEIGHT:
944         if (value <= SVGA_MAX_HEIGHT) {
945             s->new_height = value;
946             s->invalidated = 1;
947         } else {
948             printf("%s: Bad height: %i\n", __func__, value);
949         }
950         break;
951 
952     case SVGA_REG_BITS_PER_PIXEL:
953         if (value != 32) {
954             printf("%s: Bad bits per pixel: %i bits\n", __func__, value);
955             s->config = 0;
956             s->invalidated = 1;
957         }
958         break;
959 
960     case SVGA_REG_CONFIG_DONE:
961         if (value) {
962             s->fifo = (uint32_t *) s->fifo_ptr;
963             /* Check range and alignment.  */
964             if ((CMD(min) | CMD(max) | CMD(next_cmd) | CMD(stop)) & 3) {
965                 break;
966             }
967             if (CMD(min) < (uint8_t *) s->cmd->fifo - (uint8_t *) s->fifo) {
968                 break;
969             }
970             if (CMD(max) > SVGA_FIFO_SIZE) {
971                 break;
972             }
973             if (CMD(max) < CMD(min) + 10 * 1024) {
974                 break;
975             }
976             vga_dirty_log_stop(&s->vga);
977         }
978         s->config = !!value;
979         break;
980 
981     case SVGA_REG_SYNC:
982         s->syncing = 1;
983         vmsvga_fifo_run(s); /* Or should we just wait for update_display? */
984         break;
985 
986     case SVGA_REG_GUEST_ID:
987         s->guest = value;
988 #ifdef VERBOSE
989         if (value >= GUEST_OS_BASE && value < GUEST_OS_BASE +
990             ARRAY_SIZE(vmsvga_guest_id)) {
991             printf("%s: guest runs %s.\n", __func__,
992                    vmsvga_guest_id[value - GUEST_OS_BASE]);
993         }
994 #endif
995         break;
996 
997     case SVGA_REG_CURSOR_ID:
998         s->cursor.id = value;
999         break;
1000 
1001     case SVGA_REG_CURSOR_X:
1002         s->cursor.x = value;
1003         break;
1004 
1005     case SVGA_REG_CURSOR_Y:
1006         s->cursor.y = value;
1007         break;
1008 
1009     case SVGA_REG_CURSOR_ON:
1010         s->cursor.on |= (value == SVGA_CURSOR_ON_SHOW);
1011         s->cursor.on &= (value != SVGA_CURSOR_ON_HIDE);
1012 #ifdef HW_MOUSE_ACCEL
1013         if (value <= SVGA_CURSOR_ON_SHOW) {
1014             dpy_mouse_set(s->vga.con, s->cursor.x, s->cursor.y, s->cursor.on);
1015         }
1016 #endif
1017         break;
1018 
1019     case SVGA_REG_DEPTH:
1020     case SVGA_REG_MEM_REGS:
1021     case SVGA_REG_NUM_DISPLAYS:
1022     case SVGA_REG_PITCHLOCK:
1023     case SVGA_PALETTE_BASE ... SVGA_PALETTE_END:
1024         break;
1025 
1026     default:
1027         if (s->index >= SVGA_SCRATCH_BASE &&
1028                 s->index < SVGA_SCRATCH_BASE + s->scratch_size) {
1029             s->scratch[s->index - SVGA_SCRATCH_BASE] = value;
1030             break;
1031         }
1032         printf("%s: Bad register %02x\n", __func__, s->index);
1033     }
1034 }
1035 
1036 static uint32_t vmsvga_bios_read(void *opaque, uint32_t address)
1037 {
1038     printf("%s: what are we supposed to return?\n", __func__);
1039     return 0xcafe;
1040 }
1041 
1042 static void vmsvga_bios_write(void *opaque, uint32_t address, uint32_t data)
1043 {
1044     printf("%s: what are we supposed to do with (%08x)?\n", __func__, data);
1045 }
1046 
1047 static inline void vmsvga_check_size(struct vmsvga_state_s *s)
1048 {
1049     DisplaySurface *surface = qemu_console_surface(s->vga.con);
1050 
1051     if (s->new_width != surface_width(surface) ||
1052         s->new_height != surface_height(surface) ||
1053         s->new_depth != surface_bits_per_pixel(surface)) {
1054         int stride = (s->new_depth * s->new_width) / 8;
1055         trace_vmware_setmode(s->new_width, s->new_height, s->new_depth);
1056         surface = qemu_create_displaysurface_from(s->new_width, s->new_height,
1057                                                   s->new_depth, stride,
1058                                                   s->vga.vram_ptr, false);
1059         dpy_gfx_replace_surface(s->vga.con, surface);
1060         s->invalidated = 1;
1061     }
1062 }
1063 
1064 static void vmsvga_update_display(void *opaque)
1065 {
1066     struct vmsvga_state_s *s = opaque;
1067     DisplaySurface *surface;
1068     bool dirty = false;
1069 
1070     if (!s->enable) {
1071         s->vga.hw_ops->gfx_update(&s->vga);
1072         return;
1073     }
1074 
1075     vmsvga_check_size(s);
1076     surface = qemu_console_surface(s->vga.con);
1077 
1078     vmsvga_fifo_run(s);
1079     vmsvga_update_rect_flush(s);
1080 
1081     /*
1082      * Is it more efficient to look at vram VGA-dirty bits or wait
1083      * for the driver to issue SVGA_CMD_UPDATE?
1084      */
1085     if (memory_region_is_logging(&s->vga.vram)) {
1086         vga_sync_dirty_bitmap(&s->vga);
1087         dirty = memory_region_get_dirty(&s->vga.vram, 0,
1088             surface_stride(surface) * surface_height(surface),
1089             DIRTY_MEMORY_VGA);
1090     }
1091     if (s->invalidated || dirty) {
1092         s->invalidated = 0;
1093         dpy_gfx_update(s->vga.con, 0, 0,
1094                    surface_width(surface), surface_height(surface));
1095     }
1096     if (dirty) {
1097         memory_region_reset_dirty(&s->vga.vram, 0,
1098             surface_stride(surface) * surface_height(surface),
1099             DIRTY_MEMORY_VGA);
1100     }
1101 }
1102 
1103 static void vmsvga_reset(DeviceState *dev)
1104 {
1105     struct pci_vmsvga_state_s *pci = VMWARE_SVGA(dev);
1106     struct vmsvga_state_s *s = &pci->chip;
1107 
1108     s->index = 0;
1109     s->enable = 0;
1110     s->config = 0;
1111     s->svgaid = SVGA_ID;
1112     s->cursor.on = 0;
1113     s->redraw_fifo_first = 0;
1114     s->redraw_fifo_last = 0;
1115     s->syncing = 0;
1116 
1117     vga_dirty_log_start(&s->vga);
1118 }
1119 
1120 static void vmsvga_invalidate_display(void *opaque)
1121 {
1122     struct vmsvga_state_s *s = opaque;
1123     if (!s->enable) {
1124         s->vga.hw_ops->invalidate(&s->vga);
1125         return;
1126     }
1127 
1128     s->invalidated = 1;
1129 }
1130 
1131 static void vmsvga_text_update(void *opaque, console_ch_t *chardata)
1132 {
1133     struct vmsvga_state_s *s = opaque;
1134 
1135     if (s->vga.hw_ops->text_update) {
1136         s->vga.hw_ops->text_update(&s->vga, chardata);
1137     }
1138 }
1139 
1140 static int vmsvga_post_load(void *opaque, int version_id)
1141 {
1142     struct vmsvga_state_s *s = opaque;
1143 
1144     s->invalidated = 1;
1145     if (s->config) {
1146         s->fifo = (uint32_t *) s->fifo_ptr;
1147     }
1148     return 0;
1149 }
1150 
1151 static const VMStateDescription vmstate_vmware_vga_internal = {
1152     .name = "vmware_vga_internal",
1153     .version_id = 0,
1154     .minimum_version_id = 0,
1155     .minimum_version_id_old = 0,
1156     .post_load = vmsvga_post_load,
1157     .fields      = (VMStateField[]) {
1158         VMSTATE_INT32_EQUAL(new_depth, struct vmsvga_state_s),
1159         VMSTATE_INT32(enable, struct vmsvga_state_s),
1160         VMSTATE_INT32(config, struct vmsvga_state_s),
1161         VMSTATE_INT32(cursor.id, struct vmsvga_state_s),
1162         VMSTATE_INT32(cursor.x, struct vmsvga_state_s),
1163         VMSTATE_INT32(cursor.y, struct vmsvga_state_s),
1164         VMSTATE_INT32(cursor.on, struct vmsvga_state_s),
1165         VMSTATE_INT32(index, struct vmsvga_state_s),
1166         VMSTATE_VARRAY_INT32(scratch, struct vmsvga_state_s,
1167                              scratch_size, 0, vmstate_info_uint32, uint32_t),
1168         VMSTATE_INT32(new_width, struct vmsvga_state_s),
1169         VMSTATE_INT32(new_height, struct vmsvga_state_s),
1170         VMSTATE_UINT32(guest, struct vmsvga_state_s),
1171         VMSTATE_UINT32(svgaid, struct vmsvga_state_s),
1172         VMSTATE_INT32(syncing, struct vmsvga_state_s),
1173         VMSTATE_UNUSED(4), /* was fb_size */
1174         VMSTATE_END_OF_LIST()
1175     }
1176 };
1177 
1178 static const VMStateDescription vmstate_vmware_vga = {
1179     .name = "vmware_vga",
1180     .version_id = 0,
1181     .minimum_version_id = 0,
1182     .minimum_version_id_old = 0,
1183     .fields      = (VMStateField[]) {
1184         VMSTATE_PCI_DEVICE(parent_obj, struct pci_vmsvga_state_s),
1185         VMSTATE_STRUCT(chip, struct pci_vmsvga_state_s, 0,
1186                        vmstate_vmware_vga_internal, struct vmsvga_state_s),
1187         VMSTATE_END_OF_LIST()
1188     }
1189 };
1190 
1191 static const GraphicHwOps vmsvga_ops = {
1192     .invalidate  = vmsvga_invalidate_display,
1193     .gfx_update  = vmsvga_update_display,
1194     .text_update = vmsvga_text_update,
1195 };
1196 
1197 static void vmsvga_init(DeviceState *dev, struct vmsvga_state_s *s,
1198                         MemoryRegion *address_space, MemoryRegion *io)
1199 {
1200     s->scratch_size = SVGA_SCRATCH_SIZE;
1201     s->scratch = g_malloc(s->scratch_size * 4);
1202 
1203     s->vga.con = graphic_console_init(dev, 0, &vmsvga_ops, s);
1204 
1205     s->fifo_size = SVGA_FIFO_SIZE;
1206     memory_region_init_ram(&s->fifo_ram, NULL, "vmsvga.fifo", s->fifo_size);
1207     vmstate_register_ram_global(&s->fifo_ram);
1208     s->fifo_ptr = memory_region_get_ram_ptr(&s->fifo_ram);
1209 
1210     vga_common_init(&s->vga, OBJECT(dev));
1211     vga_init(&s->vga, OBJECT(dev), address_space, io, true);
1212     vmstate_register(NULL, 0, &vmstate_vga_common, &s->vga);
1213     s->new_depth = 32;
1214 }
1215 
1216 static uint64_t vmsvga_io_read(void *opaque, hwaddr addr, unsigned size)
1217 {
1218     struct vmsvga_state_s *s = opaque;
1219 
1220     switch (addr) {
1221     case SVGA_IO_MUL * SVGA_INDEX_PORT: return vmsvga_index_read(s, addr);
1222     case SVGA_IO_MUL * SVGA_VALUE_PORT: return vmsvga_value_read(s, addr);
1223     case SVGA_IO_MUL * SVGA_BIOS_PORT: return vmsvga_bios_read(s, addr);
1224     default: return -1u;
1225     }
1226 }
1227 
1228 static void vmsvga_io_write(void *opaque, hwaddr addr,
1229                             uint64_t data, unsigned size)
1230 {
1231     struct vmsvga_state_s *s = opaque;
1232 
1233     switch (addr) {
1234     case SVGA_IO_MUL * SVGA_INDEX_PORT:
1235         vmsvga_index_write(s, addr, data);
1236         break;
1237     case SVGA_IO_MUL * SVGA_VALUE_PORT:
1238         vmsvga_value_write(s, addr, data);
1239         break;
1240     case SVGA_IO_MUL * SVGA_BIOS_PORT:
1241         vmsvga_bios_write(s, addr, data);
1242         break;
1243     }
1244 }
1245 
1246 static const MemoryRegionOps vmsvga_io_ops = {
1247     .read = vmsvga_io_read,
1248     .write = vmsvga_io_write,
1249     .endianness = DEVICE_LITTLE_ENDIAN,
1250     .valid = {
1251         .min_access_size = 4,
1252         .max_access_size = 4,
1253         .unaligned = true,
1254     },
1255     .impl = {
1256         .unaligned = true,
1257     },
1258 };
1259 
1260 static int pci_vmsvga_initfn(PCIDevice *dev)
1261 {
1262     struct pci_vmsvga_state_s *s = VMWARE_SVGA(dev);
1263 
1264     dev->config[PCI_CACHE_LINE_SIZE] = 0x08;
1265     dev->config[PCI_LATENCY_TIMER] = 0x40;
1266     dev->config[PCI_INTERRUPT_LINE] = 0xff;          /* End */
1267 
1268     memory_region_init_io(&s->io_bar, NULL, &vmsvga_io_ops, &s->chip,
1269                           "vmsvga-io", 0x10);
1270     memory_region_set_flush_coalesced(&s->io_bar);
1271     pci_register_bar(dev, 0, PCI_BASE_ADDRESS_SPACE_IO, &s->io_bar);
1272 
1273     vmsvga_init(DEVICE(dev), &s->chip,
1274                 pci_address_space(dev), pci_address_space_io(dev));
1275 
1276     pci_register_bar(dev, 1, PCI_BASE_ADDRESS_MEM_PREFETCH,
1277                      &s->chip.vga.vram);
1278     pci_register_bar(dev, 2, PCI_BASE_ADDRESS_MEM_PREFETCH,
1279                      &s->chip.fifo_ram);
1280 
1281     if (!dev->rom_bar) {
1282         /* compatibility with pc-0.13 and older */
1283         vga_init_vbe(&s->chip.vga, OBJECT(dev), pci_address_space(dev));
1284     }
1285 
1286     return 0;
1287 }
1288 
1289 static Property vga_vmware_properties[] = {
1290     DEFINE_PROP_UINT32("vgamem_mb", struct pci_vmsvga_state_s,
1291                        chip.vga.vram_size_mb, 16),
1292     DEFINE_PROP_END_OF_LIST(),
1293 };
1294 
1295 static void vmsvga_class_init(ObjectClass *klass, void *data)
1296 {
1297     DeviceClass *dc = DEVICE_CLASS(klass);
1298     PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
1299 
1300     k->init = pci_vmsvga_initfn;
1301     k->romfile = "vgabios-vmware.bin";
1302     k->vendor_id = PCI_VENDOR_ID_VMWARE;
1303     k->device_id = SVGA_PCI_DEVICE_ID;
1304     k->class_id = PCI_CLASS_DISPLAY_VGA;
1305     k->subsystem_vendor_id = PCI_VENDOR_ID_VMWARE;
1306     k->subsystem_id = SVGA_PCI_DEVICE_ID;
1307     dc->reset = vmsvga_reset;
1308     dc->vmsd = &vmstate_vmware_vga;
1309     dc->props = vga_vmware_properties;
1310     dc->hotpluggable = false;
1311     set_bit(DEVICE_CATEGORY_DISPLAY, dc->categories);
1312 }
1313 
1314 static const TypeInfo vmsvga_info = {
1315     .name          = TYPE_VMWARE_SVGA,
1316     .parent        = TYPE_PCI_DEVICE,
1317     .instance_size = sizeof(struct pci_vmsvga_state_s),
1318     .class_init    = vmsvga_class_init,
1319 };
1320 
1321 static void vmsvga_register_types(void)
1322 {
1323     type_register_static(&vmsvga_info);
1324 }
1325 
1326 type_init(vmsvga_register_types)
1327