1 /*
2 * QEMU VMware-SVGA "chipset".
3 *
4 * Copyright (c) 2007 Andrzej Zaborowski <balrog@zabor.org>
5 *
6 * Permission is hereby granted, free of charge, to any person obtaining a copy
7 * of this software and associated documentation files (the "Software"), to deal
8 * in the Software without restriction, including without limitation the rights
9 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
10 * copies of the Software, and to permit persons to whom the Software is
11 * furnished to do so, subject to the following conditions:
12 *
13 * The above copyright notice and this permission notice shall be included in
14 * all copies or substantial portions of the Software.
15 *
16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
19 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
21 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
22 * THE SOFTWARE.
23 */
24
25 #include "qemu/osdep.h"
26 #include "qemu/module.h"
27 #include "qemu/units.h"
28 #include "qapi/error.h"
29 #include "qemu/log.h"
30 #include "hw/loader.h"
31 #include "trace.h"
32 #include "hw/pci/pci_device.h"
33 #include "hw/qdev-properties.h"
34 #include "migration/vmstate.h"
35 #include "qom/object.h"
36 #include "ui/console.h"
37
38 #undef VERBOSE
39 #define HW_RECT_ACCEL
40 #define HW_FILL_ACCEL
41 #define HW_MOUSE_ACCEL
42
43 #include "vga_int.h"
44
45 /* See http://vmware-svga.sf.net/ for some documentation on VMWare SVGA */
46
47 struct vmsvga_state_s {
48 VGACommonState vga;
49
50 int invalidated;
51 int enable;
52 int config;
53 struct {
54 int id;
55 int x;
56 int y;
57 int on;
58 } cursor;
59
60 int index;
61 int scratch_size;
62 uint32_t *scratch;
63 int new_width;
64 int new_height;
65 int new_depth;
66 uint32_t guest;
67 uint32_t svgaid;
68 int syncing;
69
70 MemoryRegion fifo_ram;
71 uint8_t *fifo_ptr;
72 unsigned int fifo_size;
73
74 uint32_t *fifo;
75 uint32_t fifo_min;
76 uint32_t fifo_max;
77 uint32_t fifo_next;
78 uint32_t fifo_stop;
79
80 #define REDRAW_FIFO_LEN 512
81 struct vmsvga_rect_s {
82 int x, y, w, h;
83 } redraw_fifo[REDRAW_FIFO_LEN];
84 int redraw_fifo_last;
85 };
86
87 #define TYPE_VMWARE_SVGA "vmware-svga"
88
89 DECLARE_INSTANCE_CHECKER(struct pci_vmsvga_state_s, VMWARE_SVGA,
90 TYPE_VMWARE_SVGA)
91
92 struct pci_vmsvga_state_s {
93 /*< private >*/
94 PCIDevice parent_obj;
95 /*< public >*/
96
97 struct vmsvga_state_s chip;
98 MemoryRegion io_bar;
99 };
100
101 #define SVGA_MAGIC 0x900000UL
102 #define SVGA_MAKE_ID(ver) (SVGA_MAGIC << 8 | (ver))
103 #define SVGA_ID_0 SVGA_MAKE_ID(0)
104 #define SVGA_ID_1 SVGA_MAKE_ID(1)
105 #define SVGA_ID_2 SVGA_MAKE_ID(2)
106
107 #define SVGA_LEGACY_BASE_PORT 0x4560
108 #define SVGA_INDEX_PORT 0x0
109 #define SVGA_VALUE_PORT 0x1
110 #define SVGA_BIOS_PORT 0x2
111
112 #define SVGA_VERSION_2
113
114 #ifdef SVGA_VERSION_2
115 # define SVGA_ID SVGA_ID_2
116 # define SVGA_IO_BASE SVGA_LEGACY_BASE_PORT
117 # define SVGA_IO_MUL 1
118 # define SVGA_FIFO_SIZE 0x10000
119 # define SVGA_PCI_DEVICE_ID PCI_DEVICE_ID_VMWARE_SVGA2
120 #else
121 # define SVGA_ID SVGA_ID_1
122 # define SVGA_IO_BASE SVGA_LEGACY_BASE_PORT
123 # define SVGA_IO_MUL 4
124 # define SVGA_FIFO_SIZE 0x10000
125 # define SVGA_PCI_DEVICE_ID PCI_DEVICE_ID_VMWARE_SVGA
126 #endif
127
128 enum {
129 /* ID 0, 1 and 2 registers */
130 SVGA_REG_ID = 0,
131 SVGA_REG_ENABLE = 1,
132 SVGA_REG_WIDTH = 2,
133 SVGA_REG_HEIGHT = 3,
134 SVGA_REG_MAX_WIDTH = 4,
135 SVGA_REG_MAX_HEIGHT = 5,
136 SVGA_REG_DEPTH = 6,
137 SVGA_REG_BITS_PER_PIXEL = 7, /* Current bpp in the guest */
138 SVGA_REG_PSEUDOCOLOR = 8,
139 SVGA_REG_RED_MASK = 9,
140 SVGA_REG_GREEN_MASK = 10,
141 SVGA_REG_BLUE_MASK = 11,
142 SVGA_REG_BYTES_PER_LINE = 12,
143 SVGA_REG_FB_START = 13,
144 SVGA_REG_FB_OFFSET = 14,
145 SVGA_REG_VRAM_SIZE = 15,
146 SVGA_REG_FB_SIZE = 16,
147
148 /* ID 1 and 2 registers */
149 SVGA_REG_CAPABILITIES = 17,
150 SVGA_REG_MEM_START = 18, /* Memory for command FIFO */
151 SVGA_REG_MEM_SIZE = 19,
152 SVGA_REG_CONFIG_DONE = 20, /* Set when memory area configured */
153 SVGA_REG_SYNC = 21, /* Write to force synchronization */
154 SVGA_REG_BUSY = 22, /* Read to check if sync is done */
155 SVGA_REG_GUEST_ID = 23, /* Set guest OS identifier */
156 SVGA_REG_CURSOR_ID = 24, /* ID of cursor */
157 SVGA_REG_CURSOR_X = 25, /* Set cursor X position */
158 SVGA_REG_CURSOR_Y = 26, /* Set cursor Y position */
159 SVGA_REG_CURSOR_ON = 27, /* Turn cursor on/off */
160 SVGA_REG_HOST_BITS_PER_PIXEL = 28, /* Current bpp in the host */
161 SVGA_REG_SCRATCH_SIZE = 29, /* Number of scratch registers */
162 SVGA_REG_MEM_REGS = 30, /* Number of FIFO registers */
163 SVGA_REG_NUM_DISPLAYS = 31, /* Number of guest displays */
164 SVGA_REG_PITCHLOCK = 32, /* Fixed pitch for all modes */
165
166 SVGA_PALETTE_BASE = 1024, /* Base of SVGA color map */
167 SVGA_PALETTE_END = SVGA_PALETTE_BASE + 767,
168 SVGA_SCRATCH_BASE = SVGA_PALETTE_BASE + 768,
169 };
170
171 #define SVGA_CAP_NONE 0
172 #define SVGA_CAP_RECT_FILL (1 << 0)
173 #define SVGA_CAP_RECT_COPY (1 << 1)
174 #define SVGA_CAP_RECT_PAT_FILL (1 << 2)
175 #define SVGA_CAP_LEGACY_OFFSCREEN (1 << 3)
176 #define SVGA_CAP_RASTER_OP (1 << 4)
177 #define SVGA_CAP_CURSOR (1 << 5)
178 #define SVGA_CAP_CURSOR_BYPASS (1 << 6)
179 #define SVGA_CAP_CURSOR_BYPASS_2 (1 << 7)
180 #define SVGA_CAP_8BIT_EMULATION (1 << 8)
181 #define SVGA_CAP_ALPHA_CURSOR (1 << 9)
182 #define SVGA_CAP_GLYPH (1 << 10)
183 #define SVGA_CAP_GLYPH_CLIPPING (1 << 11)
184 #define SVGA_CAP_OFFSCREEN_1 (1 << 12)
185 #define SVGA_CAP_ALPHA_BLEND (1 << 13)
186 #define SVGA_CAP_3D (1 << 14)
187 #define SVGA_CAP_EXTENDED_FIFO (1 << 15)
188 #define SVGA_CAP_MULTIMON (1 << 16)
189 #define SVGA_CAP_PITCHLOCK (1 << 17)
190
191 /*
192 * FIFO offsets (seen as an array of 32-bit words)
193 */
194 enum {
195 /*
196 * The original defined FIFO offsets
197 */
198 SVGA_FIFO_MIN = 0,
199 SVGA_FIFO_MAX, /* The distance from MIN to MAX must be at least 10K */
200 SVGA_FIFO_NEXT,
201 SVGA_FIFO_STOP,
202
203 /*
204 * Additional offsets added as of SVGA_CAP_EXTENDED_FIFO
205 */
206 SVGA_FIFO_CAPABILITIES = 4,
207 SVGA_FIFO_FLAGS,
208 SVGA_FIFO_FENCE,
209 SVGA_FIFO_3D_HWVERSION,
210 SVGA_FIFO_PITCHLOCK,
211 };
212
213 #define SVGA_FIFO_CAP_NONE 0
214 #define SVGA_FIFO_CAP_FENCE (1 << 0)
215 #define SVGA_FIFO_CAP_ACCELFRONT (1 << 1)
216 #define SVGA_FIFO_CAP_PITCHLOCK (1 << 2)
217
218 #define SVGA_FIFO_FLAG_NONE 0
219 #define SVGA_FIFO_FLAG_ACCELFRONT (1 << 0)
220
221 /* These values can probably be changed arbitrarily. */
222 #define SVGA_SCRATCH_SIZE 0x8000
223 #define SVGA_MAX_WIDTH 2368
224 #define SVGA_MAX_HEIGHT 1770
225
226 #ifdef VERBOSE
227 # define GUEST_OS_BASE 0x5001
228 static const char *vmsvga_guest_id[] = {
229 [0x00] = "Dos",
230 [0x01] = "Windows 3.1",
231 [0x02] = "Windows 95",
232 [0x03] = "Windows 98",
233 [0x04] = "Windows ME",
234 [0x05] = "Windows NT",
235 [0x06] = "Windows 2000",
236 [0x07] = "Linux",
237 [0x08] = "OS/2",
238 [0x09] = "an unknown OS",
239 [0x0a] = "BSD",
240 [0x0b] = "Whistler",
241 [0x0c] = "an unknown OS",
242 [0x0d] = "an unknown OS",
243 [0x0e] = "an unknown OS",
244 [0x0f] = "an unknown OS",
245 [0x10] = "an unknown OS",
246 [0x11] = "an unknown OS",
247 [0x12] = "an unknown OS",
248 [0x13] = "an unknown OS",
249 [0x14] = "an unknown OS",
250 [0x15] = "Windows 2003",
251 };
252 #endif
253
254 enum {
255 SVGA_CMD_INVALID_CMD = 0,
256 SVGA_CMD_UPDATE = 1,
257 SVGA_CMD_RECT_FILL = 2,
258 SVGA_CMD_RECT_COPY = 3,
259 SVGA_CMD_DEFINE_BITMAP = 4,
260 SVGA_CMD_DEFINE_BITMAP_SCANLINE = 5,
261 SVGA_CMD_DEFINE_PIXMAP = 6,
262 SVGA_CMD_DEFINE_PIXMAP_SCANLINE = 7,
263 SVGA_CMD_RECT_BITMAP_FILL = 8,
264 SVGA_CMD_RECT_PIXMAP_FILL = 9,
265 SVGA_CMD_RECT_BITMAP_COPY = 10,
266 SVGA_CMD_RECT_PIXMAP_COPY = 11,
267 SVGA_CMD_FREE_OBJECT = 12,
268 SVGA_CMD_RECT_ROP_FILL = 13,
269 SVGA_CMD_RECT_ROP_COPY = 14,
270 SVGA_CMD_RECT_ROP_BITMAP_FILL = 15,
271 SVGA_CMD_RECT_ROP_PIXMAP_FILL = 16,
272 SVGA_CMD_RECT_ROP_BITMAP_COPY = 17,
273 SVGA_CMD_RECT_ROP_PIXMAP_COPY = 18,
274 SVGA_CMD_DEFINE_CURSOR = 19,
275 SVGA_CMD_DISPLAY_CURSOR = 20,
276 SVGA_CMD_MOVE_CURSOR = 21,
277 SVGA_CMD_DEFINE_ALPHA_CURSOR = 22,
278 SVGA_CMD_DRAW_GLYPH = 23,
279 SVGA_CMD_DRAW_GLYPH_CLIPPED = 24,
280 SVGA_CMD_UPDATE_VERBOSE = 25,
281 SVGA_CMD_SURFACE_FILL = 26,
282 SVGA_CMD_SURFACE_COPY = 27,
283 SVGA_CMD_SURFACE_ALPHA_BLEND = 28,
284 SVGA_CMD_FRONT_ROP_FILL = 29,
285 SVGA_CMD_FENCE = 30,
286 };
287
288 /* Legal values for the SVGA_REG_CURSOR_ON register in cursor bypass mode */
289 enum {
290 SVGA_CURSOR_ON_HIDE = 0,
291 SVGA_CURSOR_ON_SHOW = 1,
292 SVGA_CURSOR_ON_REMOVE_FROM_FB = 2,
293 SVGA_CURSOR_ON_RESTORE_TO_FB = 3,
294 };
295
vmsvga_verify_rect(DisplaySurface * surface,const char * name,int x,int y,int w,int h)296 static inline bool vmsvga_verify_rect(DisplaySurface *surface,
297 const char *name,
298 int x, int y, int w, int h)
299 {
300 if (x < 0) {
301 trace_vmware_verify_rect_less_than_zero(name, "x", x);
302 return false;
303 }
304 if (x > SVGA_MAX_WIDTH) {
305 trace_vmware_verify_rect_greater_than_bound(name, "x", SVGA_MAX_WIDTH,
306 x);
307 return false;
308 }
309 if (w < 0) {
310 trace_vmware_verify_rect_less_than_zero(name, "w", w);
311 return false;
312 }
313 if (w > SVGA_MAX_WIDTH) {
314 trace_vmware_verify_rect_greater_than_bound(name, "w", SVGA_MAX_WIDTH,
315 w);
316 return false;
317 }
318 if (x + w > surface_width(surface)) {
319 trace_vmware_verify_rect_surface_bound_exceeded(name, "width",
320 surface_width(surface),
321 "x", x, "w", w);
322 return false;
323 }
324
325 if (y < 0) {
326 trace_vmware_verify_rect_less_than_zero(name, "y", y);
327 return false;
328 }
329 if (y > SVGA_MAX_HEIGHT) {
330 trace_vmware_verify_rect_greater_than_bound(name, "y", SVGA_MAX_HEIGHT,
331 y);
332 return false;
333 }
334 if (h < 0) {
335 trace_vmware_verify_rect_less_than_zero(name, "h", h);
336 return false;
337 }
338 if (h > SVGA_MAX_HEIGHT) {
339 trace_vmware_verify_rect_greater_than_bound(name, "h", SVGA_MAX_HEIGHT,
340 h);
341 return false;
342 }
343 if (y + h > surface_height(surface)) {
344 trace_vmware_verify_rect_surface_bound_exceeded(name, "height",
345 surface_height(surface),
346 "y", y, "h", h);
347 return false;
348 }
349
350 return true;
351 }
352
vmsvga_update_rect(struct vmsvga_state_s * s,int x,int y,int w,int h)353 static inline void vmsvga_update_rect(struct vmsvga_state_s *s,
354 int x, int y, int w, int h)
355 {
356 DisplaySurface *surface = qemu_console_surface(s->vga.con);
357 int line;
358 int bypl;
359 int width;
360 int start;
361 uint8_t *src;
362 uint8_t *dst;
363
364 if (!vmsvga_verify_rect(surface, __func__, x, y, w, h)) {
365 /* go for a fullscreen update as fallback */
366 x = 0;
367 y = 0;
368 w = surface_width(surface);
369 h = surface_height(surface);
370 }
371
372 bypl = surface_stride(surface);
373 width = surface_bytes_per_pixel(surface) * w;
374 start = surface_bytes_per_pixel(surface) * x + bypl * y;
375 src = s->vga.vram_ptr + start;
376 dst = surface_data(surface) + start;
377
378 for (line = h; line > 0; line--, src += bypl, dst += bypl) {
379 memcpy(dst, src, width);
380 }
381 dpy_gfx_update(s->vga.con, x, y, w, h);
382 }
383
vmsvga_update_rect_flush(struct vmsvga_state_s * s)384 static inline void vmsvga_update_rect_flush(struct vmsvga_state_s *s)
385 {
386 struct vmsvga_rect_s *rect;
387
388 if (s->invalidated) {
389 s->redraw_fifo_last = 0;
390 return;
391 }
392 /* Overlapping region updates can be optimised out here - if someone
393 * knows a smart algorithm to do that, please share. */
394 for (int i = 0; i < s->redraw_fifo_last; i++) {
395 rect = &s->redraw_fifo[i];
396 vmsvga_update_rect(s, rect->x, rect->y, rect->w, rect->h);
397 }
398
399 s->redraw_fifo_last = 0;
400 }
401
vmsvga_update_rect_delayed(struct vmsvga_state_s * s,int x,int y,int w,int h)402 static inline void vmsvga_update_rect_delayed(struct vmsvga_state_s *s,
403 int x, int y, int w, int h)
404 {
405
406 if (s->redraw_fifo_last >= REDRAW_FIFO_LEN) {
407 trace_vmware_update_rect_delayed_flush();
408 vmsvga_update_rect_flush(s);
409 }
410
411 struct vmsvga_rect_s *rect = &s->redraw_fifo[s->redraw_fifo_last++];
412
413 rect->x = x;
414 rect->y = y;
415 rect->w = w;
416 rect->h = h;
417 }
418
419 #ifdef HW_RECT_ACCEL
vmsvga_copy_rect(struct vmsvga_state_s * s,int x0,int y0,int x1,int y1,int w,int h)420 static inline int vmsvga_copy_rect(struct vmsvga_state_s *s,
421 int x0, int y0, int x1, int y1, int w, int h)
422 {
423 DisplaySurface *surface = qemu_console_surface(s->vga.con);
424 uint8_t *vram = s->vga.vram_ptr;
425 int bypl = surface_stride(surface);
426 int bypp = surface_bytes_per_pixel(surface);
427 int width = bypp * w;
428 int line = h;
429 uint8_t *ptr[2];
430
431 if (!vmsvga_verify_rect(surface, "vmsvga_copy_rect/src", x0, y0, w, h)) {
432 return -1;
433 }
434 if (!vmsvga_verify_rect(surface, "vmsvga_copy_rect/dst", x1, y1, w, h)) {
435 return -1;
436 }
437
438 if (y1 > y0) {
439 ptr[0] = vram + bypp * x0 + bypl * (y0 + h - 1);
440 ptr[1] = vram + bypp * x1 + bypl * (y1 + h - 1);
441 for (; line > 0; line --, ptr[0] -= bypl, ptr[1] -= bypl) {
442 memmove(ptr[1], ptr[0], width);
443 }
444 } else {
445 ptr[0] = vram + bypp * x0 + bypl * y0;
446 ptr[1] = vram + bypp * x1 + bypl * y1;
447 for (; line > 0; line --, ptr[0] += bypl, ptr[1] += bypl) {
448 memmove(ptr[1], ptr[0], width);
449 }
450 }
451
452 vmsvga_update_rect_delayed(s, x1, y1, w, h);
453 return 0;
454 }
455 #endif
456
457 #ifdef HW_FILL_ACCEL
vmsvga_fill_rect(struct vmsvga_state_s * s,uint32_t c,int x,int y,int w,int h)458 static inline int vmsvga_fill_rect(struct vmsvga_state_s *s,
459 uint32_t c, int x, int y, int w, int h)
460 {
461 DisplaySurface *surface = qemu_console_surface(s->vga.con);
462 int bypl = surface_stride(surface);
463 int width = surface_bytes_per_pixel(surface) * w;
464 int line = h;
465 int column;
466 uint8_t *fst;
467 uint8_t *dst;
468 uint8_t *src;
469 uint8_t col[4];
470
471 if (!vmsvga_verify_rect(surface, __func__, x, y, w, h)) {
472 return -1;
473 }
474
475 col[0] = c;
476 col[1] = c >> 8;
477 col[2] = c >> 16;
478 col[3] = c >> 24;
479
480 fst = s->vga.vram_ptr + surface_bytes_per_pixel(surface) * x + bypl * y;
481
482 if (line--) {
483 dst = fst;
484 src = col;
485 for (column = width; column > 0; column--) {
486 *(dst++) = *(src++);
487 if (src - col == surface_bytes_per_pixel(surface)) {
488 src = col;
489 }
490 }
491 dst = fst;
492 for (; line > 0; line--) {
493 dst += bypl;
494 memcpy(dst, fst, width);
495 }
496 }
497
498 vmsvga_update_rect_delayed(s, x, y, w, h);
499 return 0;
500 }
501 #endif
502
503 struct vmsvga_cursor_definition_s {
504 uint32_t width;
505 uint32_t height;
506 int id;
507 uint32_t bpp;
508 int hot_x;
509 int hot_y;
510 uint32_t mask[1024];
511 uint32_t image[4096];
512 };
513
514 #define SVGA_BITMAP_SIZE(w, h) ((((w) + 31) >> 5) * (h))
515 #define SVGA_PIXMAP_SIZE(w, h, bpp) (((((w) * (bpp)) + 31) >> 5) * (h))
516
517 #ifdef HW_MOUSE_ACCEL
vmsvga_cursor_define(struct vmsvga_state_s * s,struct vmsvga_cursor_definition_s * c)518 static inline void vmsvga_cursor_define(struct vmsvga_state_s *s,
519 struct vmsvga_cursor_definition_s *c)
520 {
521 QEMUCursor *qc;
522 int i, pixels;
523
524 qc = cursor_alloc(c->width, c->height);
525 assert(qc != NULL);
526
527 qc->hot_x = c->hot_x;
528 qc->hot_y = c->hot_y;
529 switch (c->bpp) {
530 case 1:
531 cursor_set_mono(qc, 0xffffff, 0x000000, (void *)c->image,
532 1, (void *)c->mask);
533 #ifdef DEBUG
534 cursor_print_ascii_art(qc, "vmware/mono");
535 #endif
536 break;
537 case 32:
538 /* fill alpha channel from mask, set color to zero */
539 cursor_set_mono(qc, 0x000000, 0x000000, (void *)c->mask,
540 1, (void *)c->mask);
541 /* add in rgb values */
542 pixels = c->width * c->height;
543 for (i = 0; i < pixels; i++) {
544 qc->data[i] |= c->image[i] & 0xffffff;
545 }
546 #ifdef DEBUG
547 cursor_print_ascii_art(qc, "vmware/32bit");
548 #endif
549 break;
550 default:
551 fprintf(stderr, "%s: unhandled bpp %d, using fallback cursor\n",
552 __func__, c->bpp);
553 cursor_unref(qc);
554 qc = cursor_builtin_left_ptr();
555 }
556
557 dpy_cursor_define(s->vga.con, qc);
558 cursor_unref(qc);
559 }
560 #endif
561
vmsvga_fifo_length(struct vmsvga_state_s * s)562 static inline int vmsvga_fifo_length(struct vmsvga_state_s *s)
563 {
564 int num;
565
566 if (!s->config || !s->enable) {
567 return 0;
568 }
569
570 s->fifo_min = le32_to_cpu(s->fifo[SVGA_FIFO_MIN]);
571 s->fifo_max = le32_to_cpu(s->fifo[SVGA_FIFO_MAX]);
572 s->fifo_next = le32_to_cpu(s->fifo[SVGA_FIFO_NEXT]);
573 s->fifo_stop = le32_to_cpu(s->fifo[SVGA_FIFO_STOP]);
574
575 /* Check range and alignment. */
576 if ((s->fifo_min | s->fifo_max | s->fifo_next | s->fifo_stop) & 3) {
577 return 0;
578 }
579 if (s->fifo_min < sizeof(uint32_t) * 4) {
580 return 0;
581 }
582 if (s->fifo_max > SVGA_FIFO_SIZE ||
583 s->fifo_min >= SVGA_FIFO_SIZE ||
584 s->fifo_stop >= SVGA_FIFO_SIZE ||
585 s->fifo_next >= SVGA_FIFO_SIZE) {
586 return 0;
587 }
588 if (s->fifo_max < s->fifo_min + 10 * KiB) {
589 return 0;
590 }
591
592 num = s->fifo_next - s->fifo_stop;
593 if (num < 0) {
594 num += s->fifo_max - s->fifo_min;
595 }
596 return num >> 2;
597 }
598
vmsvga_fifo_read_raw(struct vmsvga_state_s * s)599 static inline uint32_t vmsvga_fifo_read_raw(struct vmsvga_state_s *s)
600 {
601 uint32_t cmd = s->fifo[s->fifo_stop >> 2];
602
603 s->fifo_stop += 4;
604 if (s->fifo_stop >= s->fifo_max) {
605 s->fifo_stop = s->fifo_min;
606 }
607 s->fifo[SVGA_FIFO_STOP] = cpu_to_le32(s->fifo_stop);
608 return cmd;
609 }
610
vmsvga_fifo_read(struct vmsvga_state_s * s)611 static inline uint32_t vmsvga_fifo_read(struct vmsvga_state_s *s)
612 {
613 return le32_to_cpu(vmsvga_fifo_read_raw(s));
614 }
615
vmsvga_fifo_run(struct vmsvga_state_s * s)616 static void vmsvga_fifo_run(struct vmsvga_state_s *s)
617 {
618 uint32_t cmd, colour;
619 int args, len, maxloop = 1024;
620 int x, y, dx, dy, width, height;
621 struct vmsvga_cursor_definition_s cursor;
622 uint32_t cmd_start;
623
624 len = vmsvga_fifo_length(s);
625 while (len > 0 && --maxloop > 0) {
626 /* May need to go back to the start of the command if incomplete */
627 cmd_start = s->fifo_stop;
628
629 switch (cmd = vmsvga_fifo_read(s)) {
630 case SVGA_CMD_UPDATE:
631 case SVGA_CMD_UPDATE_VERBOSE:
632 len -= 5;
633 if (len < 0) {
634 goto rewind;
635 }
636
637 x = vmsvga_fifo_read(s);
638 y = vmsvga_fifo_read(s);
639 width = vmsvga_fifo_read(s);
640 height = vmsvga_fifo_read(s);
641 vmsvga_update_rect_delayed(s, x, y, width, height);
642 break;
643
644 case SVGA_CMD_RECT_FILL:
645 len -= 6;
646 if (len < 0) {
647 goto rewind;
648 }
649
650 colour = vmsvga_fifo_read(s);
651 x = vmsvga_fifo_read(s);
652 y = vmsvga_fifo_read(s);
653 width = vmsvga_fifo_read(s);
654 height = vmsvga_fifo_read(s);
655 #ifdef HW_FILL_ACCEL
656 if (vmsvga_fill_rect(s, colour, x, y, width, height) == 0) {
657 break;
658 }
659 #endif
660 args = 0;
661 goto badcmd;
662
663 case SVGA_CMD_RECT_COPY:
664 len -= 7;
665 if (len < 0) {
666 goto rewind;
667 }
668
669 x = vmsvga_fifo_read(s);
670 y = vmsvga_fifo_read(s);
671 dx = vmsvga_fifo_read(s);
672 dy = vmsvga_fifo_read(s);
673 width = vmsvga_fifo_read(s);
674 height = vmsvga_fifo_read(s);
675 #ifdef HW_RECT_ACCEL
676 if (vmsvga_copy_rect(s, x, y, dx, dy, width, height) == 0) {
677 break;
678 }
679 #endif
680 args = 0;
681 goto badcmd;
682
683 case SVGA_CMD_DEFINE_CURSOR:
684 len -= 8;
685 if (len < 0) {
686 goto rewind;
687 }
688
689 cursor.id = vmsvga_fifo_read(s);
690 cursor.hot_x = vmsvga_fifo_read(s);
691 cursor.hot_y = vmsvga_fifo_read(s);
692 cursor.width = x = vmsvga_fifo_read(s);
693 cursor.height = y = vmsvga_fifo_read(s);
694 vmsvga_fifo_read(s);
695 cursor.bpp = vmsvga_fifo_read(s);
696
697 args = SVGA_BITMAP_SIZE(x, y) + SVGA_PIXMAP_SIZE(x, y, cursor.bpp);
698 if (cursor.width > 256
699 || cursor.height > 256
700 || cursor.bpp > 32
701 || SVGA_BITMAP_SIZE(x, y) > ARRAY_SIZE(cursor.mask)
702 || SVGA_PIXMAP_SIZE(x, y, cursor.bpp)
703 > ARRAY_SIZE(cursor.image)) {
704 goto badcmd;
705 }
706
707 len -= args;
708 if (len < 0) {
709 goto rewind;
710 }
711
712 for (args = 0; args < SVGA_BITMAP_SIZE(x, y); args++) {
713 cursor.mask[args] = vmsvga_fifo_read_raw(s);
714 }
715 for (args = 0; args < SVGA_PIXMAP_SIZE(x, y, cursor.bpp); args++) {
716 cursor.image[args] = vmsvga_fifo_read_raw(s);
717 }
718 #ifdef HW_MOUSE_ACCEL
719 vmsvga_cursor_define(s, &cursor);
720 break;
721 #else
722 args = 0;
723 goto badcmd;
724 #endif
725
726 /*
727 * Other commands that we at least know the number of arguments
728 * for so we can avoid FIFO desync if driver uses them illegally.
729 */
730 case SVGA_CMD_DEFINE_ALPHA_CURSOR:
731 len -= 6;
732 if (len < 0) {
733 goto rewind;
734 }
735 vmsvga_fifo_read(s);
736 vmsvga_fifo_read(s);
737 vmsvga_fifo_read(s);
738 x = vmsvga_fifo_read(s);
739 y = vmsvga_fifo_read(s);
740 args = x * y;
741 goto badcmd;
742 case SVGA_CMD_RECT_ROP_FILL:
743 args = 6;
744 goto badcmd;
745 case SVGA_CMD_RECT_ROP_COPY:
746 args = 7;
747 goto badcmd;
748 case SVGA_CMD_DRAW_GLYPH_CLIPPED:
749 len -= 4;
750 if (len < 0) {
751 goto rewind;
752 }
753 vmsvga_fifo_read(s);
754 vmsvga_fifo_read(s);
755 args = 7 + (vmsvga_fifo_read(s) >> 2);
756 goto badcmd;
757 case SVGA_CMD_SURFACE_ALPHA_BLEND:
758 args = 12;
759 goto badcmd;
760
761 /*
762 * Other commands that are not listed as depending on any
763 * CAPABILITIES bits, but are not described in the README either.
764 */
765 case SVGA_CMD_SURFACE_FILL:
766 case SVGA_CMD_SURFACE_COPY:
767 case SVGA_CMD_FRONT_ROP_FILL:
768 case SVGA_CMD_FENCE:
769 case SVGA_CMD_INVALID_CMD:
770 break; /* Nop */
771
772 default:
773 args = 0;
774 badcmd:
775 len -= args;
776 if (len < 0) {
777 goto rewind;
778 }
779 while (args--) {
780 vmsvga_fifo_read(s);
781 }
782 printf("%s: Unknown command 0x%02x in SVGA command FIFO\n",
783 __func__, cmd);
784 break;
785
786 rewind:
787 s->fifo_stop = cmd_start;
788 s->fifo[SVGA_FIFO_STOP] = cpu_to_le32(s->fifo_stop);
789 break;
790 }
791 }
792
793 s->syncing = 0;
794 }
795
vmsvga_index_read(void * opaque,uint32_t address)796 static uint32_t vmsvga_index_read(void *opaque, uint32_t address)
797 {
798 struct vmsvga_state_s *s = opaque;
799
800 return s->index;
801 }
802
vmsvga_index_write(void * opaque,uint32_t address,uint32_t index)803 static void vmsvga_index_write(void *opaque, uint32_t address, uint32_t index)
804 {
805 struct vmsvga_state_s *s = opaque;
806
807 s->index = index;
808 }
809
vmsvga_value_read(void * opaque,uint32_t address)810 static uint32_t vmsvga_value_read(void *opaque, uint32_t address)
811 {
812 uint32_t caps;
813 struct vmsvga_state_s *s = opaque;
814 DisplaySurface *surface = qemu_console_surface(s->vga.con);
815 PixelFormat pf;
816 uint32_t ret;
817
818 switch (s->index) {
819 case SVGA_REG_ID:
820 ret = s->svgaid;
821 break;
822
823 case SVGA_REG_ENABLE:
824 ret = s->enable;
825 break;
826
827 case SVGA_REG_WIDTH:
828 ret = s->new_width ? s->new_width : surface_width(surface);
829 break;
830
831 case SVGA_REG_HEIGHT:
832 ret = s->new_height ? s->new_height : surface_height(surface);
833 break;
834
835 case SVGA_REG_MAX_WIDTH:
836 ret = SVGA_MAX_WIDTH;
837 break;
838
839 case SVGA_REG_MAX_HEIGHT:
840 ret = SVGA_MAX_HEIGHT;
841 break;
842
843 case SVGA_REG_DEPTH:
844 ret = (s->new_depth == 32) ? 24 : s->new_depth;
845 break;
846
847 case SVGA_REG_BITS_PER_PIXEL:
848 case SVGA_REG_HOST_BITS_PER_PIXEL:
849 ret = s->new_depth;
850 break;
851
852 case SVGA_REG_PSEUDOCOLOR:
853 ret = 0x0;
854 break;
855
856 case SVGA_REG_RED_MASK:
857 pf = qemu_default_pixelformat(s->new_depth);
858 ret = pf.rmask;
859 break;
860
861 case SVGA_REG_GREEN_MASK:
862 pf = qemu_default_pixelformat(s->new_depth);
863 ret = pf.gmask;
864 break;
865
866 case SVGA_REG_BLUE_MASK:
867 pf = qemu_default_pixelformat(s->new_depth);
868 ret = pf.bmask;
869 break;
870
871 case SVGA_REG_BYTES_PER_LINE:
872 if (s->new_width) {
873 ret = (s->new_depth * s->new_width) / 8;
874 } else {
875 ret = surface_stride(surface);
876 }
877 break;
878
879 case SVGA_REG_FB_START: {
880 struct pci_vmsvga_state_s *pci_vmsvga
881 = container_of(s, struct pci_vmsvga_state_s, chip);
882 ret = pci_get_bar_addr(PCI_DEVICE(pci_vmsvga), 1);
883 break;
884 }
885
886 case SVGA_REG_FB_OFFSET:
887 ret = 0x0;
888 break;
889
890 case SVGA_REG_VRAM_SIZE:
891 ret = s->vga.vram_size; /* No physical VRAM besides the framebuffer */
892 break;
893
894 case SVGA_REG_FB_SIZE:
895 ret = s->vga.vram_size;
896 break;
897
898 case SVGA_REG_CAPABILITIES:
899 caps = SVGA_CAP_NONE;
900 #ifdef HW_RECT_ACCEL
901 caps |= SVGA_CAP_RECT_COPY;
902 #endif
903 #ifdef HW_FILL_ACCEL
904 caps |= SVGA_CAP_RECT_FILL;
905 #endif
906 #ifdef HW_MOUSE_ACCEL
907 caps |= SVGA_CAP_CURSOR | SVGA_CAP_CURSOR_BYPASS_2 |
908 SVGA_CAP_CURSOR_BYPASS;
909 #endif
910 ret = caps;
911 break;
912
913 case SVGA_REG_MEM_START: {
914 struct pci_vmsvga_state_s *pci_vmsvga
915 = container_of(s, struct pci_vmsvga_state_s, chip);
916 ret = pci_get_bar_addr(PCI_DEVICE(pci_vmsvga), 2);
917 break;
918 }
919
920 case SVGA_REG_MEM_SIZE:
921 ret = s->fifo_size;
922 break;
923
924 case SVGA_REG_CONFIG_DONE:
925 ret = s->config;
926 break;
927
928 case SVGA_REG_SYNC:
929 case SVGA_REG_BUSY:
930 ret = s->syncing;
931 break;
932
933 case SVGA_REG_GUEST_ID:
934 ret = s->guest;
935 break;
936
937 case SVGA_REG_CURSOR_ID:
938 ret = s->cursor.id;
939 break;
940
941 case SVGA_REG_CURSOR_X:
942 ret = s->cursor.x;
943 break;
944
945 case SVGA_REG_CURSOR_Y:
946 ret = s->cursor.y;
947 break;
948
949 case SVGA_REG_CURSOR_ON:
950 ret = s->cursor.on;
951 break;
952
953 case SVGA_REG_SCRATCH_SIZE:
954 ret = s->scratch_size;
955 break;
956
957 case SVGA_REG_MEM_REGS:
958 case SVGA_REG_NUM_DISPLAYS:
959 case SVGA_REG_PITCHLOCK:
960 case SVGA_PALETTE_BASE ... SVGA_PALETTE_END:
961 ret = 0;
962 break;
963
964 default:
965 if (s->index >= SVGA_SCRATCH_BASE &&
966 s->index < SVGA_SCRATCH_BASE + s->scratch_size) {
967 ret = s->scratch[s->index - SVGA_SCRATCH_BASE];
968 break;
969 }
970 qemu_log_mask(LOG_GUEST_ERROR,
971 "%s: Bad register %02x\n", __func__, s->index);
972 ret = 0;
973 break;
974 }
975
976 if (s->index >= SVGA_SCRATCH_BASE) {
977 trace_vmware_scratch_read(s->index, ret);
978 } else if (s->index >= SVGA_PALETTE_BASE) {
979 trace_vmware_palette_read(s->index, ret);
980 } else {
981 trace_vmware_value_read(s->index, ret);
982 }
983 return ret;
984 }
985
vmsvga_value_write(void * opaque,uint32_t address,uint32_t value)986 static void vmsvga_value_write(void *opaque, uint32_t address, uint32_t value)
987 {
988 struct vmsvga_state_s *s = opaque;
989
990 if (s->index >= SVGA_SCRATCH_BASE) {
991 trace_vmware_scratch_write(s->index, value);
992 } else if (s->index >= SVGA_PALETTE_BASE) {
993 trace_vmware_palette_write(s->index, value);
994 } else {
995 trace_vmware_value_write(s->index, value);
996 }
997 switch (s->index) {
998 case SVGA_REG_ID:
999 if (value == SVGA_ID_2 || value == SVGA_ID_1 || value == SVGA_ID_0) {
1000 s->svgaid = value;
1001 }
1002 break;
1003
1004 case SVGA_REG_ENABLE:
1005 s->enable = !!value;
1006 s->invalidated = 1;
1007 s->vga.hw_ops->invalidate(&s->vga);
1008 if (s->enable && s->config) {
1009 vga_dirty_log_stop(&s->vga);
1010 } else {
1011 vga_dirty_log_start(&s->vga);
1012 }
1013 break;
1014
1015 case SVGA_REG_WIDTH:
1016 if (value <= SVGA_MAX_WIDTH) {
1017 s->new_width = value;
1018 s->invalidated = 1;
1019 } else {
1020 qemu_log_mask(LOG_GUEST_ERROR,
1021 "%s: Bad width: %i\n", __func__, value);
1022 }
1023 break;
1024
1025 case SVGA_REG_HEIGHT:
1026 if (value <= SVGA_MAX_HEIGHT) {
1027 s->new_height = value;
1028 s->invalidated = 1;
1029 } else {
1030 qemu_log_mask(LOG_GUEST_ERROR,
1031 "%s: Bad height: %i\n", __func__, value);
1032 }
1033 break;
1034
1035 case SVGA_REG_BITS_PER_PIXEL:
1036 if (value != 32) {
1037 qemu_log_mask(LOG_GUEST_ERROR,
1038 "%s: Bad bits per pixel: %i bits\n", __func__, value);
1039 s->config = 0;
1040 s->invalidated = 1;
1041 }
1042 break;
1043
1044 case SVGA_REG_CONFIG_DONE:
1045 if (value) {
1046 s->fifo = (uint32_t *) s->fifo_ptr;
1047 vga_dirty_log_stop(&s->vga);
1048 }
1049 s->config = !!value;
1050 break;
1051
1052 case SVGA_REG_SYNC:
1053 s->syncing = 1;
1054 vmsvga_fifo_run(s); /* Or should we just wait for update_display? */
1055 break;
1056
1057 case SVGA_REG_GUEST_ID:
1058 s->guest = value;
1059 #ifdef VERBOSE
1060 if (value >= GUEST_OS_BASE && value < GUEST_OS_BASE +
1061 ARRAY_SIZE(vmsvga_guest_id)) {
1062 printf("%s: guest runs %s.\n", __func__,
1063 vmsvga_guest_id[value - GUEST_OS_BASE]);
1064 }
1065 #endif
1066 break;
1067
1068 case SVGA_REG_CURSOR_ID:
1069 s->cursor.id = value;
1070 break;
1071
1072 case SVGA_REG_CURSOR_X:
1073 s->cursor.x = value;
1074 break;
1075
1076 case SVGA_REG_CURSOR_Y:
1077 s->cursor.y = value;
1078 break;
1079
1080 case SVGA_REG_CURSOR_ON:
1081 s->cursor.on |= (value == SVGA_CURSOR_ON_SHOW);
1082 s->cursor.on &= (value != SVGA_CURSOR_ON_HIDE);
1083 #ifdef HW_MOUSE_ACCEL
1084 if (value <= SVGA_CURSOR_ON_SHOW) {
1085 dpy_mouse_set(s->vga.con, s->cursor.x, s->cursor.y, s->cursor.on);
1086 }
1087 #endif
1088 break;
1089
1090 case SVGA_REG_DEPTH:
1091 case SVGA_REG_MEM_REGS:
1092 case SVGA_REG_NUM_DISPLAYS:
1093 case SVGA_REG_PITCHLOCK:
1094 case SVGA_PALETTE_BASE ... SVGA_PALETTE_END:
1095 break;
1096
1097 default:
1098 if (s->index >= SVGA_SCRATCH_BASE &&
1099 s->index < SVGA_SCRATCH_BASE + s->scratch_size) {
1100 s->scratch[s->index - SVGA_SCRATCH_BASE] = value;
1101 break;
1102 }
1103 qemu_log_mask(LOG_GUEST_ERROR,
1104 "%s: Bad register %02x\n", __func__, s->index);
1105 }
1106 }
1107
vmsvga_bios_read(void * opaque,uint32_t address)1108 static uint32_t vmsvga_bios_read(void *opaque, uint32_t address)
1109 {
1110 printf("%s: what are we supposed to return?\n", __func__);
1111 return 0xcafe;
1112 }
1113
vmsvga_bios_write(void * opaque,uint32_t address,uint32_t data)1114 static void vmsvga_bios_write(void *opaque, uint32_t address, uint32_t data)
1115 {
1116 printf("%s: what are we supposed to do with (%08x)?\n", __func__, data);
1117 }
1118
vmsvga_check_size(struct vmsvga_state_s * s)1119 static inline void vmsvga_check_size(struct vmsvga_state_s *s)
1120 {
1121 DisplaySurface *surface = qemu_console_surface(s->vga.con);
1122
1123 if (s->new_width != surface_width(surface) ||
1124 s->new_height != surface_height(surface) ||
1125 s->new_depth != surface_bits_per_pixel(surface)) {
1126 int stride = (s->new_depth * s->new_width) / 8;
1127 pixman_format_code_t format =
1128 qemu_default_pixman_format(s->new_depth, true);
1129 trace_vmware_setmode(s->new_width, s->new_height, s->new_depth);
1130 surface = qemu_create_displaysurface_from(s->new_width, s->new_height,
1131 format, stride,
1132 s->vga.vram_ptr);
1133 dpy_gfx_replace_surface(s->vga.con, surface);
1134 s->invalidated = 1;
1135 }
1136 }
1137
vmsvga_update_display(void * opaque)1138 static void vmsvga_update_display(void *opaque)
1139 {
1140 struct vmsvga_state_s *s = opaque;
1141
1142 if (!s->enable || !s->config) {
1143 /* in standard vga mode */
1144 s->vga.hw_ops->gfx_update(&s->vga);
1145 return;
1146 }
1147
1148 vmsvga_check_size(s);
1149
1150 vmsvga_fifo_run(s);
1151 vmsvga_update_rect_flush(s);
1152
1153 if (s->invalidated) {
1154 s->invalidated = 0;
1155 dpy_gfx_update_full(s->vga.con);
1156 }
1157 }
1158
vmsvga_reset(DeviceState * dev)1159 static void vmsvga_reset(DeviceState *dev)
1160 {
1161 struct pci_vmsvga_state_s *pci = VMWARE_SVGA(dev);
1162 struct vmsvga_state_s *s = &pci->chip;
1163
1164 s->index = 0;
1165 s->enable = 0;
1166 s->config = 0;
1167 s->svgaid = SVGA_ID;
1168 s->cursor.on = false;
1169 s->redraw_fifo_last = 0;
1170 s->syncing = 0;
1171
1172 vga_dirty_log_start(&s->vga);
1173 }
1174
vmsvga_invalidate_display(void * opaque)1175 static void vmsvga_invalidate_display(void *opaque)
1176 {
1177 struct vmsvga_state_s *s = opaque;
1178 if (!s->enable) {
1179 s->vga.hw_ops->invalidate(&s->vga);
1180 return;
1181 }
1182
1183 s->invalidated = 1;
1184 }
1185
vmsvga_text_update(void * opaque,console_ch_t * chardata)1186 static void vmsvga_text_update(void *opaque, console_ch_t *chardata)
1187 {
1188 struct vmsvga_state_s *s = opaque;
1189
1190 if (s->vga.hw_ops->text_update) {
1191 s->vga.hw_ops->text_update(&s->vga, chardata);
1192 }
1193 }
1194
vmsvga_post_load(void * opaque,int version_id)1195 static int vmsvga_post_load(void *opaque, int version_id)
1196 {
1197 struct vmsvga_state_s *s = opaque;
1198
1199 s->invalidated = 1;
1200 if (s->config) {
1201 s->fifo = (uint32_t *) s->fifo_ptr;
1202 }
1203 return 0;
1204 }
1205
1206 static const VMStateDescription vmstate_vmware_vga_internal = {
1207 .name = "vmware_vga_internal",
1208 .version_id = 0,
1209 .minimum_version_id = 0,
1210 .post_load = vmsvga_post_load,
1211 .fields = (const VMStateField[]) {
1212 VMSTATE_INT32_EQUAL(new_depth, struct vmsvga_state_s, NULL),
1213 VMSTATE_INT32(enable, struct vmsvga_state_s),
1214 VMSTATE_INT32(config, struct vmsvga_state_s),
1215 VMSTATE_INT32(cursor.id, struct vmsvga_state_s),
1216 VMSTATE_INT32(cursor.x, struct vmsvga_state_s),
1217 VMSTATE_INT32(cursor.y, struct vmsvga_state_s),
1218 VMSTATE_INT32(cursor.on, struct vmsvga_state_s),
1219 VMSTATE_INT32(index, struct vmsvga_state_s),
1220 VMSTATE_VARRAY_INT32(scratch, struct vmsvga_state_s,
1221 scratch_size, 0, vmstate_info_uint32, uint32_t),
1222 VMSTATE_INT32(new_width, struct vmsvga_state_s),
1223 VMSTATE_INT32(new_height, struct vmsvga_state_s),
1224 VMSTATE_UINT32(guest, struct vmsvga_state_s),
1225 VMSTATE_UINT32(svgaid, struct vmsvga_state_s),
1226 VMSTATE_INT32(syncing, struct vmsvga_state_s),
1227 VMSTATE_UNUSED(4), /* was fb_size */
1228 VMSTATE_END_OF_LIST()
1229 }
1230 };
1231
1232 static const VMStateDescription vmstate_vmware_vga = {
1233 .name = "vmware_vga",
1234 .version_id = 0,
1235 .minimum_version_id = 0,
1236 .fields = (const VMStateField[]) {
1237 VMSTATE_PCI_DEVICE(parent_obj, struct pci_vmsvga_state_s),
1238 VMSTATE_STRUCT(chip, struct pci_vmsvga_state_s, 0,
1239 vmstate_vmware_vga_internal, struct vmsvga_state_s),
1240 VMSTATE_END_OF_LIST()
1241 }
1242 };
1243
1244 static const GraphicHwOps vmsvga_ops = {
1245 .invalidate = vmsvga_invalidate_display,
1246 .gfx_update = vmsvga_update_display,
1247 .text_update = vmsvga_text_update,
1248 };
1249
vmsvga_init(DeviceState * dev,struct vmsvga_state_s * s,MemoryRegion * address_space,MemoryRegion * io)1250 static void vmsvga_init(DeviceState *dev, struct vmsvga_state_s *s,
1251 MemoryRegion *address_space, MemoryRegion *io)
1252 {
1253 s->scratch_size = SVGA_SCRATCH_SIZE;
1254 s->scratch = g_malloc(s->scratch_size * 4);
1255
1256 s->vga.con = graphic_console_init(dev, 0, &vmsvga_ops, s);
1257
1258 s->fifo_size = SVGA_FIFO_SIZE;
1259 memory_region_init_ram(&s->fifo_ram, NULL, "vmsvga.fifo", s->fifo_size,
1260 &error_fatal);
1261 s->fifo_ptr = memory_region_get_ram_ptr(&s->fifo_ram);
1262
1263 vga_common_init(&s->vga, OBJECT(dev), &error_fatal);
1264 vga_init(&s->vga, OBJECT(dev), address_space, io, true);
1265 vmstate_register_any(NULL, &vmstate_vga_common, &s->vga);
1266 s->new_depth = 32;
1267 }
1268
vmsvga_io_read(void * opaque,hwaddr addr,unsigned size)1269 static uint64_t vmsvga_io_read(void *opaque, hwaddr addr, unsigned size)
1270 {
1271 struct vmsvga_state_s *s = opaque;
1272
1273 switch (addr) {
1274 case SVGA_IO_MUL * SVGA_INDEX_PORT: return vmsvga_index_read(s, addr);
1275 case SVGA_IO_MUL * SVGA_VALUE_PORT: return vmsvga_value_read(s, addr);
1276 case SVGA_IO_MUL * SVGA_BIOS_PORT: return vmsvga_bios_read(s, addr);
1277 default: return -1u;
1278 }
1279 }
1280
vmsvga_io_write(void * opaque,hwaddr addr,uint64_t data,unsigned size)1281 static void vmsvga_io_write(void *opaque, hwaddr addr,
1282 uint64_t data, unsigned size)
1283 {
1284 struct vmsvga_state_s *s = opaque;
1285
1286 switch (addr) {
1287 case SVGA_IO_MUL * SVGA_INDEX_PORT:
1288 vmsvga_index_write(s, addr, data);
1289 break;
1290 case SVGA_IO_MUL * SVGA_VALUE_PORT:
1291 vmsvga_value_write(s, addr, data);
1292 break;
1293 case SVGA_IO_MUL * SVGA_BIOS_PORT:
1294 vmsvga_bios_write(s, addr, data);
1295 break;
1296 }
1297 }
1298
1299 static const MemoryRegionOps vmsvga_io_ops = {
1300 .read = vmsvga_io_read,
1301 .write = vmsvga_io_write,
1302 .endianness = DEVICE_LITTLE_ENDIAN,
1303 .valid = {
1304 .min_access_size = 4,
1305 .max_access_size = 4,
1306 .unaligned = true,
1307 },
1308 .impl = {
1309 .unaligned = true,
1310 },
1311 };
1312
pci_vmsvga_realize(PCIDevice * dev,Error ** errp)1313 static void pci_vmsvga_realize(PCIDevice *dev, Error **errp)
1314 {
1315 struct pci_vmsvga_state_s *s = VMWARE_SVGA(dev);
1316
1317 dev->config[PCI_CACHE_LINE_SIZE] = 0x08;
1318 dev->config[PCI_LATENCY_TIMER] = 0x40;
1319 dev->config[PCI_INTERRUPT_LINE] = 0xff; /* End */
1320
1321 memory_region_init_io(&s->io_bar, OBJECT(dev), &vmsvga_io_ops, &s->chip,
1322 "vmsvga-io", 0x10);
1323 memory_region_set_flush_coalesced(&s->io_bar);
1324 pci_register_bar(dev, 0, PCI_BASE_ADDRESS_SPACE_IO, &s->io_bar);
1325
1326 vmsvga_init(DEVICE(dev), &s->chip,
1327 pci_address_space(dev), pci_address_space_io(dev));
1328
1329 pci_register_bar(dev, 1, PCI_BASE_ADDRESS_MEM_PREFETCH,
1330 &s->chip.vga.vram);
1331 pci_register_bar(dev, 2, PCI_BASE_ADDRESS_MEM_PREFETCH,
1332 &s->chip.fifo_ram);
1333 }
1334
1335 static Property vga_vmware_properties[] = {
1336 DEFINE_PROP_UINT32("vgamem_mb", struct pci_vmsvga_state_s,
1337 chip.vga.vram_size_mb, 16),
1338 DEFINE_PROP_BOOL("global-vmstate", struct pci_vmsvga_state_s,
1339 chip.vga.global_vmstate, false),
1340 DEFINE_PROP_END_OF_LIST(),
1341 };
1342
vmsvga_class_init(ObjectClass * klass,void * data)1343 static void vmsvga_class_init(ObjectClass *klass, void *data)
1344 {
1345 DeviceClass *dc = DEVICE_CLASS(klass);
1346 PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
1347
1348 k->realize = pci_vmsvga_realize;
1349 k->romfile = "vgabios-vmware.bin";
1350 k->vendor_id = PCI_VENDOR_ID_VMWARE;
1351 k->device_id = SVGA_PCI_DEVICE_ID;
1352 k->class_id = PCI_CLASS_DISPLAY_VGA;
1353 k->subsystem_vendor_id = PCI_VENDOR_ID_VMWARE;
1354 k->subsystem_id = SVGA_PCI_DEVICE_ID;
1355 device_class_set_legacy_reset(dc, vmsvga_reset);
1356 dc->vmsd = &vmstate_vmware_vga;
1357 device_class_set_props(dc, vga_vmware_properties);
1358 dc->hotpluggable = false;
1359 set_bit(DEVICE_CATEGORY_DISPLAY, dc->categories);
1360 }
1361
1362 static const TypeInfo vmsvga_info = {
1363 .name = TYPE_VMWARE_SVGA,
1364 .parent = TYPE_PCI_DEVICE,
1365 .instance_size = sizeof(struct pci_vmsvga_state_s),
1366 .class_init = vmsvga_class_init,
1367 .interfaces = (InterfaceInfo[]) {
1368 { INTERFACE_CONVENTIONAL_PCI_DEVICE },
1369 { },
1370 },
1371 };
1372
vmsvga_register_types(void)1373 static void vmsvga_register_types(void)
1374 {
1375 type_register_static(&vmsvga_info);
1376 }
1377
1378 type_init(vmsvga_register_types)
1379