vga: fix banked access bounds checking (CVE-2016-3710)
[qemu.git] / hw / display / vga.c
1 /*
2 * QEMU VGA Emulator.
3 *
4 * Copyright (c) 2003 Fabrice Bellard
5 *
6 * Permission is hereby granted, free of charge, to any person obtaining a copy
7 * of this software and associated documentation files (the "Software"), to deal
8 * in the Software without restriction, including without limitation the rights
9 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
10 * copies of the Software, and to permit persons to whom the Software is
11 * furnished to do so, subject to the following conditions:
12 *
13 * The above copyright notice and this permission notice shall be included in
14 * all copies or substantial portions of the Software.
15 *
16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
19 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
21 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
22 * THE SOFTWARE.
23 */
24 #include "qemu/osdep.h"
25 #include "qapi/error.h"
26 #include "hw/hw.h"
27 #include "vga.h"
28 #include "ui/console.h"
29 #include "hw/i386/pc.h"
30 #include "hw/pci/pci.h"
31 #include "vga_int.h"
32 #include "ui/pixel_ops.h"
33 #include "qemu/timer.h"
34 #include "hw/xen/xen.h"
35 #include "trace.h"
36
37 //#define DEBUG_VGA
38 //#define DEBUG_VGA_MEM
39 //#define DEBUG_VGA_REG
40
41 //#define DEBUG_BOCHS_VBE
42
43 /* 16 state changes per vertical frame @60 Hz */
44 #define VGA_TEXT_CURSOR_PERIOD_MS (1000 * 2 * 16 / 60)
45
46 /*
47 * Video Graphics Array (VGA)
48 *
49 * Chipset docs for original IBM VGA:
50 * http://www.mcamafia.de/pdf/ibm_vgaxga_trm2.pdf
51 *
52 * FreeVGA site:
53 * http://www.osdever.net/FreeVGA/home.htm
54 *
55 * Standard VGA features and Bochs VBE extensions are implemented.
56 */
57
58 /* force some bits to zero */
59 const uint8_t sr_mask[8] = {
60 0x03,
61 0x3d,
62 0x0f,
63 0x3f,
64 0x0e,
65 0x00,
66 0x00,
67 0xff,
68 };
69
70 const uint8_t gr_mask[16] = {
71 0x0f, /* 0x00 */
72 0x0f, /* 0x01 */
73 0x0f, /* 0x02 */
74 0x1f, /* 0x03 */
75 0x03, /* 0x04 */
76 0x7b, /* 0x05 */
77 0x0f, /* 0x06 */
78 0x0f, /* 0x07 */
79 0xff, /* 0x08 */
80 0x00, /* 0x09 */
81 0x00, /* 0x0a */
82 0x00, /* 0x0b */
83 0x00, /* 0x0c */
84 0x00, /* 0x0d */
85 0x00, /* 0x0e */
86 0x00, /* 0x0f */
87 };
88
89 #define cbswap_32(__x) \
90 ((uint32_t)( \
91 (((uint32_t)(__x) & (uint32_t)0x000000ffUL) << 24) | \
92 (((uint32_t)(__x) & (uint32_t)0x0000ff00UL) << 8) | \
93 (((uint32_t)(__x) & (uint32_t)0x00ff0000UL) >> 8) | \
94 (((uint32_t)(__x) & (uint32_t)0xff000000UL) >> 24) ))
95
96 #ifdef HOST_WORDS_BIGENDIAN
97 #define PAT(x) cbswap_32(x)
98 #else
99 #define PAT(x) (x)
100 #endif
101
102 #ifdef HOST_WORDS_BIGENDIAN
103 #define BIG 1
104 #else
105 #define BIG 0
106 #endif
107
108 #ifdef HOST_WORDS_BIGENDIAN
109 #define GET_PLANE(data, p) (((data) >> (24 - (p) * 8)) & 0xff)
110 #else
111 #define GET_PLANE(data, p) (((data) >> ((p) * 8)) & 0xff)
112 #endif
113
114 static const uint32_t mask16[16] = {
115 PAT(0x00000000),
116 PAT(0x000000ff),
117 PAT(0x0000ff00),
118 PAT(0x0000ffff),
119 PAT(0x00ff0000),
120 PAT(0x00ff00ff),
121 PAT(0x00ffff00),
122 PAT(0x00ffffff),
123 PAT(0xff000000),
124 PAT(0xff0000ff),
125 PAT(0xff00ff00),
126 PAT(0xff00ffff),
127 PAT(0xffff0000),
128 PAT(0xffff00ff),
129 PAT(0xffffff00),
130 PAT(0xffffffff),
131 };
132
133 #undef PAT
134
135 #ifdef HOST_WORDS_BIGENDIAN
136 #define PAT(x) (x)
137 #else
138 #define PAT(x) cbswap_32(x)
139 #endif
140
141 static uint32_t expand4[256];
142 static uint16_t expand2[256];
143 static uint8_t expand4to8[16];
144
145 static void vga_update_memory_access(VGACommonState *s)
146 {
147 hwaddr base, offset, size;
148
149 if (s->legacy_address_space == NULL) {
150 return;
151 }
152
153 if (s->has_chain4_alias) {
154 memory_region_del_subregion(s->legacy_address_space, &s->chain4_alias);
155 object_unparent(OBJECT(&s->chain4_alias));
156 s->has_chain4_alias = false;
157 s->plane_updated = 0xf;
158 }
159 if ((s->sr[VGA_SEQ_PLANE_WRITE] & VGA_SR02_ALL_PLANES) ==
160 VGA_SR02_ALL_PLANES && s->sr[VGA_SEQ_MEMORY_MODE] & VGA_SR04_CHN_4M) {
161 offset = 0;
162 switch ((s->gr[VGA_GFX_MISC] >> 2) & 3) {
163 case 0:
164 base = 0xa0000;
165 size = 0x20000;
166 break;
167 case 1:
168 base = 0xa0000;
169 size = 0x10000;
170 offset = s->bank_offset;
171 break;
172 case 2:
173 base = 0xb0000;
174 size = 0x8000;
175 break;
176 case 3:
177 default:
178 base = 0xb8000;
179 size = 0x8000;
180 break;
181 }
182 assert(offset + size <= s->vram_size);
183 memory_region_init_alias(&s->chain4_alias, memory_region_owner(&s->vram),
184 "vga.chain4", &s->vram, offset, size);
185 memory_region_add_subregion_overlap(s->legacy_address_space, base,
186 &s->chain4_alias, 2);
187 s->has_chain4_alias = true;
188 }
189 }
190
191 static void vga_dumb_update_retrace_info(VGACommonState *s)
192 {
193 (void) s;
194 }
195
196 static void vga_precise_update_retrace_info(VGACommonState *s)
197 {
198 int htotal_chars;
199 int hretr_start_char;
200 int hretr_skew_chars;
201 int hretr_end_char;
202
203 int vtotal_lines;
204 int vretr_start_line;
205 int vretr_end_line;
206
207 int dots;
208 #if 0
209 int div2, sldiv2;
210 #endif
211 int clocking_mode;
212 int clock_sel;
213 const int clk_hz[] = {25175000, 28322000, 25175000, 25175000};
214 int64_t chars_per_sec;
215 struct vga_precise_retrace *r = &s->retrace_info.precise;
216
217 htotal_chars = s->cr[VGA_CRTC_H_TOTAL] + 5;
218 hretr_start_char = s->cr[VGA_CRTC_H_SYNC_START];
219 hretr_skew_chars = (s->cr[VGA_CRTC_H_SYNC_END] >> 5) & 3;
220 hretr_end_char = s->cr[VGA_CRTC_H_SYNC_END] & 0x1f;
221
222 vtotal_lines = (s->cr[VGA_CRTC_V_TOTAL] |
223 (((s->cr[VGA_CRTC_OVERFLOW] & 1) |
224 ((s->cr[VGA_CRTC_OVERFLOW] >> 4) & 2)) << 8)) + 2;
225 vretr_start_line = s->cr[VGA_CRTC_V_SYNC_START] |
226 ((((s->cr[VGA_CRTC_OVERFLOW] >> 2) & 1) |
227 ((s->cr[VGA_CRTC_OVERFLOW] >> 6) & 2)) << 8);
228 vretr_end_line = s->cr[VGA_CRTC_V_SYNC_END] & 0xf;
229
230 clocking_mode = (s->sr[VGA_SEQ_CLOCK_MODE] >> 3) & 1;
231 clock_sel = (s->msr >> 2) & 3;
232 dots = (s->msr & 1) ? 8 : 9;
233
234 chars_per_sec = clk_hz[clock_sel] / dots;
235
236 htotal_chars <<= clocking_mode;
237
238 r->total_chars = vtotal_lines * htotal_chars;
239 if (r->freq) {
240 r->ticks_per_char = NANOSECONDS_PER_SECOND / (r->total_chars * r->freq);
241 } else {
242 r->ticks_per_char = NANOSECONDS_PER_SECOND / chars_per_sec;
243 }
244
245 r->vstart = vretr_start_line;
246 r->vend = r->vstart + vretr_end_line + 1;
247
248 r->hstart = hretr_start_char + hretr_skew_chars;
249 r->hend = r->hstart + hretr_end_char + 1;
250 r->htotal = htotal_chars;
251
252 #if 0
253 div2 = (s->cr[VGA_CRTC_MODE] >> 2) & 1;
254 sldiv2 = (s->cr[VGA_CRTC_MODE] >> 3) & 1;
255 printf (
256 "hz=%f\n"
257 "htotal = %d\n"
258 "hretr_start = %d\n"
259 "hretr_skew = %d\n"
260 "hretr_end = %d\n"
261 "vtotal = %d\n"
262 "vretr_start = %d\n"
263 "vretr_end = %d\n"
264 "div2 = %d sldiv2 = %d\n"
265 "clocking_mode = %d\n"
266 "clock_sel = %d %d\n"
267 "dots = %d\n"
268 "ticks/char = %" PRId64 "\n"
269 "\n",
270 (double) NANOSECONDS_PER_SECOND / (r->ticks_per_char * r->total_chars),
271 htotal_chars,
272 hretr_start_char,
273 hretr_skew_chars,
274 hretr_end_char,
275 vtotal_lines,
276 vretr_start_line,
277 vretr_end_line,
278 div2, sldiv2,
279 clocking_mode,
280 clock_sel,
281 clk_hz[clock_sel],
282 dots,
283 r->ticks_per_char
284 );
285 #endif
286 }
287
288 static uint8_t vga_precise_retrace(VGACommonState *s)
289 {
290 struct vga_precise_retrace *r = &s->retrace_info.precise;
291 uint8_t val = s->st01 & ~(ST01_V_RETRACE | ST01_DISP_ENABLE);
292
293 if (r->total_chars) {
294 int cur_line, cur_line_char, cur_char;
295 int64_t cur_tick;
296
297 cur_tick = qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL);
298
299 cur_char = (cur_tick / r->ticks_per_char) % r->total_chars;
300 cur_line = cur_char / r->htotal;
301
302 if (cur_line >= r->vstart && cur_line <= r->vend) {
303 val |= ST01_V_RETRACE | ST01_DISP_ENABLE;
304 } else {
305 cur_line_char = cur_char % r->htotal;
306 if (cur_line_char >= r->hstart && cur_line_char <= r->hend) {
307 val |= ST01_DISP_ENABLE;
308 }
309 }
310
311 return val;
312 } else {
313 return s->st01 ^ (ST01_V_RETRACE | ST01_DISP_ENABLE);
314 }
315 }
316
317 static uint8_t vga_dumb_retrace(VGACommonState *s)
318 {
319 return s->st01 ^ (ST01_V_RETRACE | ST01_DISP_ENABLE);
320 }
321
322 int vga_ioport_invalid(VGACommonState *s, uint32_t addr)
323 {
324 if (s->msr & VGA_MIS_COLOR) {
325 /* Color */
326 return (addr >= 0x3b0 && addr <= 0x3bf);
327 } else {
328 /* Monochrome */
329 return (addr >= 0x3d0 && addr <= 0x3df);
330 }
331 }
332
333 uint32_t vga_ioport_read(void *opaque, uint32_t addr)
334 {
335 VGACommonState *s = opaque;
336 int val, index;
337
338 if (vga_ioport_invalid(s, addr)) {
339 val = 0xff;
340 } else {
341 switch(addr) {
342 case VGA_ATT_W:
343 if (s->ar_flip_flop == 0) {
344 val = s->ar_index;
345 } else {
346 val = 0;
347 }
348 break;
349 case VGA_ATT_R:
350 index = s->ar_index & 0x1f;
351 if (index < VGA_ATT_C) {
352 val = s->ar[index];
353 } else {
354 val = 0;
355 }
356 break;
357 case VGA_MIS_W:
358 val = s->st00;
359 break;
360 case VGA_SEQ_I:
361 val = s->sr_index;
362 break;
363 case VGA_SEQ_D:
364 val = s->sr[s->sr_index];
365 #ifdef DEBUG_VGA_REG
366 printf("vga: read SR%x = 0x%02x\n", s->sr_index, val);
367 #endif
368 break;
369 case VGA_PEL_IR:
370 val = s->dac_state;
371 break;
372 case VGA_PEL_IW:
373 val = s->dac_write_index;
374 break;
375 case VGA_PEL_D:
376 val = s->palette[s->dac_read_index * 3 + s->dac_sub_index];
377 if (++s->dac_sub_index == 3) {
378 s->dac_sub_index = 0;
379 s->dac_read_index++;
380 }
381 break;
382 case VGA_FTC_R:
383 val = s->fcr;
384 break;
385 case VGA_MIS_R:
386 val = s->msr;
387 break;
388 case VGA_GFX_I:
389 val = s->gr_index;
390 break;
391 case VGA_GFX_D:
392 val = s->gr[s->gr_index];
393 #ifdef DEBUG_VGA_REG
394 printf("vga: read GR%x = 0x%02x\n", s->gr_index, val);
395 #endif
396 break;
397 case VGA_CRT_IM:
398 case VGA_CRT_IC:
399 val = s->cr_index;
400 break;
401 case VGA_CRT_DM:
402 case VGA_CRT_DC:
403 val = s->cr[s->cr_index];
404 #ifdef DEBUG_VGA_REG
405 printf("vga: read CR%x = 0x%02x\n", s->cr_index, val);
406 #endif
407 break;
408 case VGA_IS1_RM:
409 case VGA_IS1_RC:
410 /* just toggle to fool polling */
411 val = s->st01 = s->retrace(s);
412 s->ar_flip_flop = 0;
413 break;
414 default:
415 val = 0x00;
416 break;
417 }
418 }
419 #if defined(DEBUG_VGA)
420 printf("VGA: read addr=0x%04x data=0x%02x\n", addr, val);
421 #endif
422 return val;
423 }
424
425 void vga_ioport_write(void *opaque, uint32_t addr, uint32_t val)
426 {
427 VGACommonState *s = opaque;
428 int index;
429
430 /* check port range access depending on color/monochrome mode */
431 if (vga_ioport_invalid(s, addr)) {
432 return;
433 }
434 #ifdef DEBUG_VGA
435 printf("VGA: write addr=0x%04x data=0x%02x\n", addr, val);
436 #endif
437
438 switch(addr) {
439 case VGA_ATT_W:
440 if (s->ar_flip_flop == 0) {
441 val &= 0x3f;
442 s->ar_index = val;
443 } else {
444 index = s->ar_index & 0x1f;
445 switch(index) {
446 case VGA_ATC_PALETTE0 ... VGA_ATC_PALETTEF:
447 s->ar[index] = val & 0x3f;
448 break;
449 case VGA_ATC_MODE:
450 s->ar[index] = val & ~0x10;
451 break;
452 case VGA_ATC_OVERSCAN:
453 s->ar[index] = val;
454 break;
455 case VGA_ATC_PLANE_ENABLE:
456 s->ar[index] = val & ~0xc0;
457 break;
458 case VGA_ATC_PEL:
459 s->ar[index] = val & ~0xf0;
460 break;
461 case VGA_ATC_COLOR_PAGE:
462 s->ar[index] = val & ~0xf0;
463 break;
464 default:
465 break;
466 }
467 }
468 s->ar_flip_flop ^= 1;
469 break;
470 case VGA_MIS_W:
471 s->msr = val & ~0x10;
472 s->update_retrace_info(s);
473 break;
474 case VGA_SEQ_I:
475 s->sr_index = val & 7;
476 break;
477 case VGA_SEQ_D:
478 #ifdef DEBUG_VGA_REG
479 printf("vga: write SR%x = 0x%02x\n", s->sr_index, val);
480 #endif
481 s->sr[s->sr_index] = val & sr_mask[s->sr_index];
482 if (s->sr_index == VGA_SEQ_CLOCK_MODE) {
483 s->update_retrace_info(s);
484 }
485 vga_update_memory_access(s);
486 break;
487 case VGA_PEL_IR:
488 s->dac_read_index = val;
489 s->dac_sub_index = 0;
490 s->dac_state = 3;
491 break;
492 case VGA_PEL_IW:
493 s->dac_write_index = val;
494 s->dac_sub_index = 0;
495 s->dac_state = 0;
496 break;
497 case VGA_PEL_D:
498 s->dac_cache[s->dac_sub_index] = val;
499 if (++s->dac_sub_index == 3) {
500 memcpy(&s->palette[s->dac_write_index * 3], s->dac_cache, 3);
501 s->dac_sub_index = 0;
502 s->dac_write_index++;
503 }
504 break;
505 case VGA_GFX_I:
506 s->gr_index = val & 0x0f;
507 break;
508 case VGA_GFX_D:
509 #ifdef DEBUG_VGA_REG
510 printf("vga: write GR%x = 0x%02x\n", s->gr_index, val);
511 #endif
512 s->gr[s->gr_index] = val & gr_mask[s->gr_index];
513 vga_update_memory_access(s);
514 break;
515 case VGA_CRT_IM:
516 case VGA_CRT_IC:
517 s->cr_index = val;
518 break;
519 case VGA_CRT_DM:
520 case VGA_CRT_DC:
521 #ifdef DEBUG_VGA_REG
522 printf("vga: write CR%x = 0x%02x\n", s->cr_index, val);
523 #endif
524 /* handle CR0-7 protection */
525 if ((s->cr[VGA_CRTC_V_SYNC_END] & VGA_CR11_LOCK_CR0_CR7) &&
526 s->cr_index <= VGA_CRTC_OVERFLOW) {
527 /* can always write bit 4 of CR7 */
528 if (s->cr_index == VGA_CRTC_OVERFLOW) {
529 s->cr[VGA_CRTC_OVERFLOW] = (s->cr[VGA_CRTC_OVERFLOW] & ~0x10) |
530 (val & 0x10);
531 }
532 return;
533 }
534 s->cr[s->cr_index] = val;
535
536 switch(s->cr_index) {
537 case VGA_CRTC_H_TOTAL:
538 case VGA_CRTC_H_SYNC_START:
539 case VGA_CRTC_H_SYNC_END:
540 case VGA_CRTC_V_TOTAL:
541 case VGA_CRTC_OVERFLOW:
542 case VGA_CRTC_V_SYNC_END:
543 case VGA_CRTC_MODE:
544 s->update_retrace_info(s);
545 break;
546 }
547 break;
548 case VGA_IS1_RM:
549 case VGA_IS1_RC:
550 s->fcr = val & 0x10;
551 break;
552 }
553 }
554
555 /*
556 * Sanity check vbe register writes.
557 *
558 * As we don't have a way to signal errors to the guest in the bochs
559 * dispi interface we'll go adjust the registers to the closest valid
560 * value.
561 */
562 static void vbe_fixup_regs(VGACommonState *s)
563 {
564 uint16_t *r = s->vbe_regs;
565 uint32_t bits, linelength, maxy, offset;
566
567 if (!(r[VBE_DISPI_INDEX_ENABLE] & VBE_DISPI_ENABLED)) {
568 /* vbe is turned off -- nothing to do */
569 return;
570 }
571
572 /* check depth */
573 switch (r[VBE_DISPI_INDEX_BPP]) {
574 case 4:
575 case 8:
576 case 16:
577 case 24:
578 case 32:
579 bits = r[VBE_DISPI_INDEX_BPP];
580 break;
581 case 15:
582 bits = 16;
583 break;
584 default:
585 bits = r[VBE_DISPI_INDEX_BPP] = 8;
586 break;
587 }
588
589 /* check width */
590 r[VBE_DISPI_INDEX_XRES] &= ~7u;
591 if (r[VBE_DISPI_INDEX_XRES] == 0) {
592 r[VBE_DISPI_INDEX_XRES] = 8;
593 }
594 if (r[VBE_DISPI_INDEX_XRES] > VBE_DISPI_MAX_XRES) {
595 r[VBE_DISPI_INDEX_XRES] = VBE_DISPI_MAX_XRES;
596 }
597 r[VBE_DISPI_INDEX_VIRT_WIDTH] &= ~7u;
598 if (r[VBE_DISPI_INDEX_VIRT_WIDTH] > VBE_DISPI_MAX_XRES) {
599 r[VBE_DISPI_INDEX_VIRT_WIDTH] = VBE_DISPI_MAX_XRES;
600 }
601 if (r[VBE_DISPI_INDEX_VIRT_WIDTH] < r[VBE_DISPI_INDEX_XRES]) {
602 r[VBE_DISPI_INDEX_VIRT_WIDTH] = r[VBE_DISPI_INDEX_XRES];
603 }
604
605 /* check height */
606 linelength = r[VBE_DISPI_INDEX_VIRT_WIDTH] * bits / 8;
607 maxy = s->vbe_size / linelength;
608 if (r[VBE_DISPI_INDEX_YRES] == 0) {
609 r[VBE_DISPI_INDEX_YRES] = 1;
610 }
611 if (r[VBE_DISPI_INDEX_YRES] > VBE_DISPI_MAX_YRES) {
612 r[VBE_DISPI_INDEX_YRES] = VBE_DISPI_MAX_YRES;
613 }
614 if (r[VBE_DISPI_INDEX_YRES] > maxy) {
615 r[VBE_DISPI_INDEX_YRES] = maxy;
616 }
617
618 /* check offset */
619 if (r[VBE_DISPI_INDEX_X_OFFSET] > VBE_DISPI_MAX_XRES) {
620 r[VBE_DISPI_INDEX_X_OFFSET] = VBE_DISPI_MAX_XRES;
621 }
622 if (r[VBE_DISPI_INDEX_Y_OFFSET] > VBE_DISPI_MAX_YRES) {
623 r[VBE_DISPI_INDEX_Y_OFFSET] = VBE_DISPI_MAX_YRES;
624 }
625 offset = r[VBE_DISPI_INDEX_X_OFFSET] * bits / 8;
626 offset += r[VBE_DISPI_INDEX_Y_OFFSET] * linelength;
627 if (offset + r[VBE_DISPI_INDEX_YRES] * linelength > s->vbe_size) {
628 r[VBE_DISPI_INDEX_Y_OFFSET] = 0;
629 offset = r[VBE_DISPI_INDEX_X_OFFSET] * bits / 8;
630 if (offset + r[VBE_DISPI_INDEX_YRES] * linelength > s->vbe_size) {
631 r[VBE_DISPI_INDEX_X_OFFSET] = 0;
632 offset = 0;
633 }
634 }
635
636 /* update vga state */
637 r[VBE_DISPI_INDEX_VIRT_HEIGHT] = maxy;
638 s->vbe_line_offset = linelength;
639 s->vbe_start_addr = offset / 4;
640 }
641
642 static uint32_t vbe_ioport_read_index(void *opaque, uint32_t addr)
643 {
644 VGACommonState *s = opaque;
645 uint32_t val;
646 val = s->vbe_index;
647 return val;
648 }
649
650 uint32_t vbe_ioport_read_data(void *opaque, uint32_t addr)
651 {
652 VGACommonState *s = opaque;
653 uint32_t val;
654
655 if (s->vbe_index < VBE_DISPI_INDEX_NB) {
656 if (s->vbe_regs[VBE_DISPI_INDEX_ENABLE] & VBE_DISPI_GETCAPS) {
657 switch(s->vbe_index) {
658 /* XXX: do not hardcode ? */
659 case VBE_DISPI_INDEX_XRES:
660 val = VBE_DISPI_MAX_XRES;
661 break;
662 case VBE_DISPI_INDEX_YRES:
663 val = VBE_DISPI_MAX_YRES;
664 break;
665 case VBE_DISPI_INDEX_BPP:
666 val = VBE_DISPI_MAX_BPP;
667 break;
668 default:
669 val = s->vbe_regs[s->vbe_index];
670 break;
671 }
672 } else {
673 val = s->vbe_regs[s->vbe_index];
674 }
675 } else if (s->vbe_index == VBE_DISPI_INDEX_VIDEO_MEMORY_64K) {
676 val = s->vbe_size / (64 * 1024);
677 } else {
678 val = 0;
679 }
680 #ifdef DEBUG_BOCHS_VBE
681 printf("VBE: read index=0x%x val=0x%x\n", s->vbe_index, val);
682 #endif
683 return val;
684 }
685
686 void vbe_ioport_write_index(void *opaque, uint32_t addr, uint32_t val)
687 {
688 VGACommonState *s = opaque;
689 s->vbe_index = val;
690 }
691
692 void vbe_ioport_write_data(void *opaque, uint32_t addr, uint32_t val)
693 {
694 VGACommonState *s = opaque;
695
696 if (s->vbe_index <= VBE_DISPI_INDEX_NB) {
697 #ifdef DEBUG_BOCHS_VBE
698 printf("VBE: write index=0x%x val=0x%x\n", s->vbe_index, val);
699 #endif
700 switch(s->vbe_index) {
701 case VBE_DISPI_INDEX_ID:
702 if (val == VBE_DISPI_ID0 ||
703 val == VBE_DISPI_ID1 ||
704 val == VBE_DISPI_ID2 ||
705 val == VBE_DISPI_ID3 ||
706 val == VBE_DISPI_ID4) {
707 s->vbe_regs[s->vbe_index] = val;
708 }
709 break;
710 case VBE_DISPI_INDEX_XRES:
711 case VBE_DISPI_INDEX_YRES:
712 case VBE_DISPI_INDEX_BPP:
713 case VBE_DISPI_INDEX_VIRT_WIDTH:
714 case VBE_DISPI_INDEX_X_OFFSET:
715 case VBE_DISPI_INDEX_Y_OFFSET:
716 s->vbe_regs[s->vbe_index] = val;
717 vbe_fixup_regs(s);
718 break;
719 case VBE_DISPI_INDEX_BANK:
720 val &= s->vbe_bank_mask;
721 s->vbe_regs[s->vbe_index] = val;
722 s->bank_offset = (val << 16);
723 vga_update_memory_access(s);
724 break;
725 case VBE_DISPI_INDEX_ENABLE:
726 if ((val & VBE_DISPI_ENABLED) &&
727 !(s->vbe_regs[VBE_DISPI_INDEX_ENABLE] & VBE_DISPI_ENABLED)) {
728 int h, shift_control;
729
730 s->vbe_regs[VBE_DISPI_INDEX_VIRT_WIDTH] = 0;
731 s->vbe_regs[VBE_DISPI_INDEX_X_OFFSET] = 0;
732 s->vbe_regs[VBE_DISPI_INDEX_Y_OFFSET] = 0;
733 s->vbe_regs[VBE_DISPI_INDEX_ENABLE] |= VBE_DISPI_ENABLED;
734 vbe_fixup_regs(s);
735
736 /* clear the screen */
737 if (!(val & VBE_DISPI_NOCLEARMEM)) {
738 memset(s->vram_ptr, 0,
739 s->vbe_regs[VBE_DISPI_INDEX_YRES] * s->vbe_line_offset);
740 }
741
742 /* we initialize the VGA graphic mode */
743 /* graphic mode + memory map 1 */
744 s->gr[VGA_GFX_MISC] = (s->gr[VGA_GFX_MISC] & ~0x0c) | 0x04 |
745 VGA_GR06_GRAPHICS_MODE;
746 s->cr[VGA_CRTC_MODE] |= 3; /* no CGA modes */
747 s->cr[VGA_CRTC_OFFSET] = s->vbe_line_offset >> 3;
748 /* width */
749 s->cr[VGA_CRTC_H_DISP] =
750 (s->vbe_regs[VBE_DISPI_INDEX_XRES] >> 3) - 1;
751 /* height (only meaningful if < 1024) */
752 h = s->vbe_regs[VBE_DISPI_INDEX_YRES] - 1;
753 s->cr[VGA_CRTC_V_DISP_END] = h;
754 s->cr[VGA_CRTC_OVERFLOW] = (s->cr[VGA_CRTC_OVERFLOW] & ~0x42) |
755 ((h >> 7) & 0x02) | ((h >> 3) & 0x40);
756 /* line compare to 1023 */
757 s->cr[VGA_CRTC_LINE_COMPARE] = 0xff;
758 s->cr[VGA_CRTC_OVERFLOW] |= 0x10;
759 s->cr[VGA_CRTC_MAX_SCAN] |= 0x40;
760
761 if (s->vbe_regs[VBE_DISPI_INDEX_BPP] == 4) {
762 shift_control = 0;
763 s->sr[VGA_SEQ_CLOCK_MODE] &= ~8; /* no double line */
764 } else {
765 shift_control = 2;
766 /* set chain 4 mode */
767 s->sr[VGA_SEQ_MEMORY_MODE] |= VGA_SR04_CHN_4M;
768 /* activate all planes */
769 s->sr[VGA_SEQ_PLANE_WRITE] |= VGA_SR02_ALL_PLANES;
770 }
771 s->gr[VGA_GFX_MODE] = (s->gr[VGA_GFX_MODE] & ~0x60) |
772 (shift_control << 5);
773 s->cr[VGA_CRTC_MAX_SCAN] &= ~0x9f; /* no double scan */
774 } else {
775 s->bank_offset = 0;
776 }
777 s->dac_8bit = (val & VBE_DISPI_8BIT_DAC) > 0;
778 s->vbe_regs[s->vbe_index] = val;
779 vga_update_memory_access(s);
780 break;
781 default:
782 break;
783 }
784 }
785 }
786
787 /* called for accesses between 0xa0000 and 0xc0000 */
788 uint32_t vga_mem_readb(VGACommonState *s, hwaddr addr)
789 {
790 int memory_map_mode, plane;
791 uint32_t ret;
792
793 /* convert to VGA memory offset */
794 memory_map_mode = (s->gr[VGA_GFX_MISC] >> 2) & 3;
795 addr &= 0x1ffff;
796 switch(memory_map_mode) {
797 case 0:
798 break;
799 case 1:
800 if (addr >= 0x10000)
801 return 0xff;
802 addr += s->bank_offset;
803 break;
804 case 2:
805 addr -= 0x10000;
806 if (addr >= 0x8000)
807 return 0xff;
808 break;
809 default:
810 case 3:
811 addr -= 0x18000;
812 if (addr >= 0x8000)
813 return 0xff;
814 break;
815 }
816
817 if (s->sr[VGA_SEQ_MEMORY_MODE] & VGA_SR04_CHN_4M) {
818 /* chain 4 mode : simplest access */
819 assert(addr < s->vram_size);
820 ret = s->vram_ptr[addr];
821 } else if (s->gr[VGA_GFX_MODE] & 0x10) {
822 /* odd/even mode (aka text mode mapping) */
823 plane = (s->gr[VGA_GFX_PLANE_READ] & 2) | (addr & 1);
824 addr = ((addr & ~1) << 1) | plane;
825 if (addr >= s->vram_size) {
826 return 0xff;
827 }
828 ret = s->vram_ptr[addr];
829 } else {
830 /* standard VGA latched access */
831 if (addr * sizeof(uint32_t) >= s->vram_size) {
832 return 0xff;
833 }
834 s->latch = ((uint32_t *)s->vram_ptr)[addr];
835
836 if (!(s->gr[VGA_GFX_MODE] & 0x08)) {
837 /* read mode 0 */
838 plane = s->gr[VGA_GFX_PLANE_READ];
839 ret = GET_PLANE(s->latch, plane);
840 } else {
841 /* read mode 1 */
842 ret = (s->latch ^ mask16[s->gr[VGA_GFX_COMPARE_VALUE]]) &
843 mask16[s->gr[VGA_GFX_COMPARE_MASK]];
844 ret |= ret >> 16;
845 ret |= ret >> 8;
846 ret = (~ret) & 0xff;
847 }
848 }
849 return ret;
850 }
851
852 /* called for accesses between 0xa0000 and 0xc0000 */
853 void vga_mem_writeb(VGACommonState *s, hwaddr addr, uint32_t val)
854 {
855 int memory_map_mode, plane, write_mode, b, func_select, mask;
856 uint32_t write_mask, bit_mask, set_mask;
857
858 #ifdef DEBUG_VGA_MEM
859 printf("vga: [0x" TARGET_FMT_plx "] = 0x%02x\n", addr, val);
860 #endif
861 /* convert to VGA memory offset */
862 memory_map_mode = (s->gr[VGA_GFX_MISC] >> 2) & 3;
863 addr &= 0x1ffff;
864 switch(memory_map_mode) {
865 case 0:
866 break;
867 case 1:
868 if (addr >= 0x10000)
869 return;
870 addr += s->bank_offset;
871 break;
872 case 2:
873 addr -= 0x10000;
874 if (addr >= 0x8000)
875 return;
876 break;
877 default:
878 case 3:
879 addr -= 0x18000;
880 if (addr >= 0x8000)
881 return;
882 break;
883 }
884
885 if (s->sr[VGA_SEQ_MEMORY_MODE] & VGA_SR04_CHN_4M) {
886 /* chain 4 mode : simplest access */
887 plane = addr & 3;
888 mask = (1 << plane);
889 if (s->sr[VGA_SEQ_PLANE_WRITE] & mask) {
890 assert(addr < s->vram_size);
891 s->vram_ptr[addr] = val;
892 #ifdef DEBUG_VGA_MEM
893 printf("vga: chain4: [0x" TARGET_FMT_plx "]\n", addr);
894 #endif
895 s->plane_updated |= mask; /* only used to detect font change */
896 memory_region_set_dirty(&s->vram, addr, 1);
897 }
898 } else if (s->gr[VGA_GFX_MODE] & 0x10) {
899 /* odd/even mode (aka text mode mapping) */
900 plane = (s->gr[VGA_GFX_PLANE_READ] & 2) | (addr & 1);
901 mask = (1 << plane);
902 if (s->sr[VGA_SEQ_PLANE_WRITE] & mask) {
903 addr = ((addr & ~1) << 1) | plane;
904 if (addr >= s->vram_size) {
905 return;
906 }
907 s->vram_ptr[addr] = val;
908 #ifdef DEBUG_VGA_MEM
909 printf("vga: odd/even: [0x" TARGET_FMT_plx "]\n", addr);
910 #endif
911 s->plane_updated |= mask; /* only used to detect font change */
912 memory_region_set_dirty(&s->vram, addr, 1);
913 }
914 } else {
915 /* standard VGA latched access */
916 write_mode = s->gr[VGA_GFX_MODE] & 3;
917 switch(write_mode) {
918 default:
919 case 0:
920 /* rotate */
921 b = s->gr[VGA_GFX_DATA_ROTATE] & 7;
922 val = ((val >> b) | (val << (8 - b))) & 0xff;
923 val |= val << 8;
924 val |= val << 16;
925
926 /* apply set/reset mask */
927 set_mask = mask16[s->gr[VGA_GFX_SR_ENABLE]];
928 val = (val & ~set_mask) |
929 (mask16[s->gr[VGA_GFX_SR_VALUE]] & set_mask);
930 bit_mask = s->gr[VGA_GFX_BIT_MASK];
931 break;
932 case 1:
933 val = s->latch;
934 goto do_write;
935 case 2:
936 val = mask16[val & 0x0f];
937 bit_mask = s->gr[VGA_GFX_BIT_MASK];
938 break;
939 case 3:
940 /* rotate */
941 b = s->gr[VGA_GFX_DATA_ROTATE] & 7;
942 val = (val >> b) | (val << (8 - b));
943
944 bit_mask = s->gr[VGA_GFX_BIT_MASK] & val;
945 val = mask16[s->gr[VGA_GFX_SR_VALUE]];
946 break;
947 }
948
949 /* apply logical operation */
950 func_select = s->gr[VGA_GFX_DATA_ROTATE] >> 3;
951 switch(func_select) {
952 case 0:
953 default:
954 /* nothing to do */
955 break;
956 case 1:
957 /* and */
958 val &= s->latch;
959 break;
960 case 2:
961 /* or */
962 val |= s->latch;
963 break;
964 case 3:
965 /* xor */
966 val ^= s->latch;
967 break;
968 }
969
970 /* apply bit mask */
971 bit_mask |= bit_mask << 8;
972 bit_mask |= bit_mask << 16;
973 val = (val & bit_mask) | (s->latch & ~bit_mask);
974
975 do_write:
976 /* mask data according to sr[2] */
977 mask = s->sr[VGA_SEQ_PLANE_WRITE];
978 s->plane_updated |= mask; /* only used to detect font change */
979 write_mask = mask16[mask];
980 if (addr * sizeof(uint32_t) >= s->vram_size) {
981 return;
982 }
983 ((uint32_t *)s->vram_ptr)[addr] =
984 (((uint32_t *)s->vram_ptr)[addr] & ~write_mask) |
985 (val & write_mask);
986 #ifdef DEBUG_VGA_MEM
987 printf("vga: latch: [0x" TARGET_FMT_plx "] mask=0x%08x val=0x%08x\n",
988 addr * 4, write_mask, val);
989 #endif
990 memory_region_set_dirty(&s->vram, addr << 2, sizeof(uint32_t));
991 }
992 }
993
994 typedef void vga_draw_line_func(VGACommonState *s1, uint8_t *d,
995 const uint8_t *s, int width);
996
997 #include "vga-helpers.h"
998
999 /* return true if the palette was modified */
1000 static int update_palette16(VGACommonState *s)
1001 {
1002 int full_update, i;
1003 uint32_t v, col, *palette;
1004
1005 full_update = 0;
1006 palette = s->last_palette;
1007 for(i = 0; i < 16; i++) {
1008 v = s->ar[i];
1009 if (s->ar[VGA_ATC_MODE] & 0x80) {
1010 v = ((s->ar[VGA_ATC_COLOR_PAGE] & 0xf) << 4) | (v & 0xf);
1011 } else {
1012 v = ((s->ar[VGA_ATC_COLOR_PAGE] & 0xc) << 4) | (v & 0x3f);
1013 }
1014 v = v * 3;
1015 col = rgb_to_pixel32(c6_to_8(s->palette[v]),
1016 c6_to_8(s->palette[v + 1]),
1017 c6_to_8(s->palette[v + 2]));
1018 if (col != palette[i]) {
1019 full_update = 1;
1020 palette[i] = col;
1021 }
1022 }
1023 return full_update;
1024 }
1025
1026 /* return true if the palette was modified */
1027 static int update_palette256(VGACommonState *s)
1028 {
1029 int full_update, i;
1030 uint32_t v, col, *palette;
1031
1032 full_update = 0;
1033 palette = s->last_palette;
1034 v = 0;
1035 for(i = 0; i < 256; i++) {
1036 if (s->dac_8bit) {
1037 col = rgb_to_pixel32(s->palette[v],
1038 s->palette[v + 1],
1039 s->palette[v + 2]);
1040 } else {
1041 col = rgb_to_pixel32(c6_to_8(s->palette[v]),
1042 c6_to_8(s->palette[v + 1]),
1043 c6_to_8(s->palette[v + 2]));
1044 }
1045 if (col != palette[i]) {
1046 full_update = 1;
1047 palette[i] = col;
1048 }
1049 v += 3;
1050 }
1051 return full_update;
1052 }
1053
1054 static void vga_get_offsets(VGACommonState *s,
1055 uint32_t *pline_offset,
1056 uint32_t *pstart_addr,
1057 uint32_t *pline_compare)
1058 {
1059 uint32_t start_addr, line_offset, line_compare;
1060
1061 if (s->vbe_regs[VBE_DISPI_INDEX_ENABLE] & VBE_DISPI_ENABLED) {
1062 line_offset = s->vbe_line_offset;
1063 start_addr = s->vbe_start_addr;
1064 line_compare = 65535;
1065 } else {
1066 /* compute line_offset in bytes */
1067 line_offset = s->cr[VGA_CRTC_OFFSET];
1068 line_offset <<= 3;
1069
1070 /* starting address */
1071 start_addr = s->cr[VGA_CRTC_START_LO] |
1072 (s->cr[VGA_CRTC_START_HI] << 8);
1073
1074 /* line compare */
1075 line_compare = s->cr[VGA_CRTC_LINE_COMPARE] |
1076 ((s->cr[VGA_CRTC_OVERFLOW] & 0x10) << 4) |
1077 ((s->cr[VGA_CRTC_MAX_SCAN] & 0x40) << 3);
1078 }
1079 *pline_offset = line_offset;
1080 *pstart_addr = start_addr;
1081 *pline_compare = line_compare;
1082 }
1083
1084 /* update start_addr and line_offset. Return TRUE if modified */
1085 static int update_basic_params(VGACommonState *s)
1086 {
1087 int full_update;
1088 uint32_t start_addr, line_offset, line_compare;
1089
1090 full_update = 0;
1091
1092 s->get_offsets(s, &line_offset, &start_addr, &line_compare);
1093
1094 if (line_offset != s->line_offset ||
1095 start_addr != s->start_addr ||
1096 line_compare != s->line_compare) {
1097 s->line_offset = line_offset;
1098 s->start_addr = start_addr;
1099 s->line_compare = line_compare;
1100 full_update = 1;
1101 }
1102 return full_update;
1103 }
1104
1105
1106 static const uint8_t cursor_glyph[32 * 4] = {
1107 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
1108 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
1109 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
1110 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
1111 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
1112 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
1113 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
1114 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
1115 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
1116 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
1117 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
1118 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
1119 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
1120 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
1121 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
1122 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
1123 };
1124
1125 static void vga_get_text_resolution(VGACommonState *s, int *pwidth, int *pheight,
1126 int *pcwidth, int *pcheight)
1127 {
1128 int width, cwidth, height, cheight;
1129
1130 /* total width & height */
1131 cheight = (s->cr[VGA_CRTC_MAX_SCAN] & 0x1f) + 1;
1132 cwidth = 8;
1133 if (!(s->sr[VGA_SEQ_CLOCK_MODE] & VGA_SR01_CHAR_CLK_8DOTS)) {
1134 cwidth = 9;
1135 }
1136 if (s->sr[VGA_SEQ_CLOCK_MODE] & 0x08) {
1137 cwidth = 16; /* NOTE: no 18 pixel wide */
1138 }
1139 width = (s->cr[VGA_CRTC_H_DISP] + 1);
1140 if (s->cr[VGA_CRTC_V_TOTAL] == 100) {
1141 /* ugly hack for CGA 160x100x16 - explain me the logic */
1142 height = 100;
1143 } else {
1144 height = s->cr[VGA_CRTC_V_DISP_END] |
1145 ((s->cr[VGA_CRTC_OVERFLOW] & 0x02) << 7) |
1146 ((s->cr[VGA_CRTC_OVERFLOW] & 0x40) << 3);
1147 height = (height + 1) / cheight;
1148 }
1149
1150 *pwidth = width;
1151 *pheight = height;
1152 *pcwidth = cwidth;
1153 *pcheight = cheight;
1154 }
1155
1156 /*
1157 * Text mode update
1158 * Missing:
1159 * - double scan
1160 * - double width
1161 * - underline
1162 * - flashing
1163 */
1164 static void vga_draw_text(VGACommonState *s, int full_update)
1165 {
1166 DisplaySurface *surface = qemu_console_surface(s->con);
1167 int cx, cy, cheight, cw, ch, cattr, height, width, ch_attr;
1168 int cx_min, cx_max, linesize, x_incr, line, line1;
1169 uint32_t offset, fgcol, bgcol, v, cursor_offset;
1170 uint8_t *d1, *d, *src, *dest, *cursor_ptr;
1171 const uint8_t *font_ptr, *font_base[2];
1172 int dup9, line_offset;
1173 uint32_t *palette;
1174 uint32_t *ch_attr_ptr;
1175 int64_t now = qemu_clock_get_ms(QEMU_CLOCK_VIRTUAL);
1176
1177 /* compute font data address (in plane 2) */
1178 v = s->sr[VGA_SEQ_CHARACTER_MAP];
1179 offset = (((v >> 4) & 1) | ((v << 1) & 6)) * 8192 * 4 + 2;
1180 if (offset != s->font_offsets[0]) {
1181 s->font_offsets[0] = offset;
1182 full_update = 1;
1183 }
1184 font_base[0] = s->vram_ptr + offset;
1185
1186 offset = (((v >> 5) & 1) | ((v >> 1) & 6)) * 8192 * 4 + 2;
1187 font_base[1] = s->vram_ptr + offset;
1188 if (offset != s->font_offsets[1]) {
1189 s->font_offsets[1] = offset;
1190 full_update = 1;
1191 }
1192 if (s->plane_updated & (1 << 2) || s->has_chain4_alias) {
1193 /* if the plane 2 was modified since the last display, it
1194 indicates the font may have been modified */
1195 s->plane_updated = 0;
1196 full_update = 1;
1197 }
1198 full_update |= update_basic_params(s);
1199
1200 line_offset = s->line_offset;
1201
1202 vga_get_text_resolution(s, &width, &height, &cw, &cheight);
1203 if ((height * width) <= 1) {
1204 /* better than nothing: exit if transient size is too small */
1205 return;
1206 }
1207 if ((height * width) > CH_ATTR_SIZE) {
1208 /* better than nothing: exit if transient size is too big */
1209 return;
1210 }
1211
1212 if (width != s->last_width || height != s->last_height ||
1213 cw != s->last_cw || cheight != s->last_ch || s->last_depth) {
1214 s->last_scr_width = width * cw;
1215 s->last_scr_height = height * cheight;
1216 qemu_console_resize(s->con, s->last_scr_width, s->last_scr_height);
1217 surface = qemu_console_surface(s->con);
1218 dpy_text_resize(s->con, width, height);
1219 s->last_depth = 0;
1220 s->last_width = width;
1221 s->last_height = height;
1222 s->last_ch = cheight;
1223 s->last_cw = cw;
1224 full_update = 1;
1225 }
1226 full_update |= update_palette16(s);
1227 palette = s->last_palette;
1228 x_incr = cw * surface_bytes_per_pixel(surface);
1229
1230 if (full_update) {
1231 s->full_update_text = 1;
1232 }
1233 if (s->full_update_gfx) {
1234 s->full_update_gfx = 0;
1235 full_update |= 1;
1236 }
1237
1238 cursor_offset = ((s->cr[VGA_CRTC_CURSOR_HI] << 8) |
1239 s->cr[VGA_CRTC_CURSOR_LO]) - s->start_addr;
1240 if (cursor_offset != s->cursor_offset ||
1241 s->cr[VGA_CRTC_CURSOR_START] != s->cursor_start ||
1242 s->cr[VGA_CRTC_CURSOR_END] != s->cursor_end) {
1243 /* if the cursor position changed, we update the old and new
1244 chars */
1245 if (s->cursor_offset < CH_ATTR_SIZE)
1246 s->last_ch_attr[s->cursor_offset] = -1;
1247 if (cursor_offset < CH_ATTR_SIZE)
1248 s->last_ch_attr[cursor_offset] = -1;
1249 s->cursor_offset = cursor_offset;
1250 s->cursor_start = s->cr[VGA_CRTC_CURSOR_START];
1251 s->cursor_end = s->cr[VGA_CRTC_CURSOR_END];
1252 }
1253 cursor_ptr = s->vram_ptr + (s->start_addr + cursor_offset) * 4;
1254 if (now >= s->cursor_blink_time) {
1255 s->cursor_blink_time = now + VGA_TEXT_CURSOR_PERIOD_MS / 2;
1256 s->cursor_visible_phase = !s->cursor_visible_phase;
1257 }
1258
1259 dest = surface_data(surface);
1260 linesize = surface_stride(surface);
1261 ch_attr_ptr = s->last_ch_attr;
1262 line = 0;
1263 offset = s->start_addr * 4;
1264 for(cy = 0; cy < height; cy++) {
1265 d1 = dest;
1266 src = s->vram_ptr + offset;
1267 cx_min = width;
1268 cx_max = -1;
1269 for(cx = 0; cx < width; cx++) {
1270 ch_attr = *(uint16_t *)src;
1271 if (full_update || ch_attr != *ch_attr_ptr || src == cursor_ptr) {
1272 if (cx < cx_min)
1273 cx_min = cx;
1274 if (cx > cx_max)
1275 cx_max = cx;
1276 *ch_attr_ptr = ch_attr;
1277 #ifdef HOST_WORDS_BIGENDIAN
1278 ch = ch_attr >> 8;
1279 cattr = ch_attr & 0xff;
1280 #else
1281 ch = ch_attr & 0xff;
1282 cattr = ch_attr >> 8;
1283 #endif
1284 font_ptr = font_base[(cattr >> 3) & 1];
1285 font_ptr += 32 * 4 * ch;
1286 bgcol = palette[cattr >> 4];
1287 fgcol = palette[cattr & 0x0f];
1288 if (cw == 16) {
1289 vga_draw_glyph16(d1, linesize,
1290 font_ptr, cheight, fgcol, bgcol);
1291 } else if (cw != 9) {
1292 vga_draw_glyph8(d1, linesize,
1293 font_ptr, cheight, fgcol, bgcol);
1294 } else {
1295 dup9 = 0;
1296 if (ch >= 0xb0 && ch <= 0xdf &&
1297 (s->ar[VGA_ATC_MODE] & 0x04)) {
1298 dup9 = 1;
1299 }
1300 vga_draw_glyph9(d1, linesize,
1301 font_ptr, cheight, fgcol, bgcol, dup9);
1302 }
1303 if (src == cursor_ptr &&
1304 !(s->cr[VGA_CRTC_CURSOR_START] & 0x20) &&
1305 s->cursor_visible_phase) {
1306 int line_start, line_last, h;
1307 /* draw the cursor */
1308 line_start = s->cr[VGA_CRTC_CURSOR_START] & 0x1f;
1309 line_last = s->cr[VGA_CRTC_CURSOR_END] & 0x1f;
1310 /* XXX: check that */
1311 if (line_last > cheight - 1)
1312 line_last = cheight - 1;
1313 if (line_last >= line_start && line_start < cheight) {
1314 h = line_last - line_start + 1;
1315 d = d1 + linesize * line_start;
1316 if (cw == 16) {
1317 vga_draw_glyph16(d, linesize,
1318 cursor_glyph, h, fgcol, bgcol);
1319 } else if (cw != 9) {
1320 vga_draw_glyph8(d, linesize,
1321 cursor_glyph, h, fgcol, bgcol);
1322 } else {
1323 vga_draw_glyph9(d, linesize,
1324 cursor_glyph, h, fgcol, bgcol, 1);
1325 }
1326 }
1327 }
1328 }
1329 d1 += x_incr;
1330 src += 4;
1331 ch_attr_ptr++;
1332 }
1333 if (cx_max != -1) {
1334 dpy_gfx_update(s->con, cx_min * cw, cy * cheight,
1335 (cx_max - cx_min + 1) * cw, cheight);
1336 }
1337 dest += linesize * cheight;
1338 line1 = line + cheight;
1339 offset += line_offset;
1340 if (line < s->line_compare && line1 >= s->line_compare) {
1341 offset = 0;
1342 }
1343 line = line1;
1344 }
1345 }
1346
1347 enum {
1348 VGA_DRAW_LINE2,
1349 VGA_DRAW_LINE2D2,
1350 VGA_DRAW_LINE4,
1351 VGA_DRAW_LINE4D2,
1352 VGA_DRAW_LINE8D2,
1353 VGA_DRAW_LINE8,
1354 VGA_DRAW_LINE15_LE,
1355 VGA_DRAW_LINE16_LE,
1356 VGA_DRAW_LINE24_LE,
1357 VGA_DRAW_LINE32_LE,
1358 VGA_DRAW_LINE15_BE,
1359 VGA_DRAW_LINE16_BE,
1360 VGA_DRAW_LINE24_BE,
1361 VGA_DRAW_LINE32_BE,
1362 VGA_DRAW_LINE_NB,
1363 };
1364
1365 static vga_draw_line_func * const vga_draw_line_table[VGA_DRAW_LINE_NB] = {
1366 vga_draw_line2,
1367 vga_draw_line2d2,
1368 vga_draw_line4,
1369 vga_draw_line4d2,
1370 vga_draw_line8d2,
1371 vga_draw_line8,
1372 vga_draw_line15_le,
1373 vga_draw_line16_le,
1374 vga_draw_line24_le,
1375 vga_draw_line32_le,
1376 vga_draw_line15_be,
1377 vga_draw_line16_be,
1378 vga_draw_line24_be,
1379 vga_draw_line32_be,
1380 };
1381
1382 static int vga_get_bpp(VGACommonState *s)
1383 {
1384 int ret;
1385
1386 if (s->vbe_regs[VBE_DISPI_INDEX_ENABLE] & VBE_DISPI_ENABLED) {
1387 ret = s->vbe_regs[VBE_DISPI_INDEX_BPP];
1388 } else {
1389 ret = 0;
1390 }
1391 return ret;
1392 }
1393
1394 static void vga_get_resolution(VGACommonState *s, int *pwidth, int *pheight)
1395 {
1396 int width, height;
1397
1398 if (s->vbe_regs[VBE_DISPI_INDEX_ENABLE] & VBE_DISPI_ENABLED) {
1399 width = s->vbe_regs[VBE_DISPI_INDEX_XRES];
1400 height = s->vbe_regs[VBE_DISPI_INDEX_YRES];
1401 } else {
1402 width = (s->cr[VGA_CRTC_H_DISP] + 1) * 8;
1403 height = s->cr[VGA_CRTC_V_DISP_END] |
1404 ((s->cr[VGA_CRTC_OVERFLOW] & 0x02) << 7) |
1405 ((s->cr[VGA_CRTC_OVERFLOW] & 0x40) << 3);
1406 height = (height + 1);
1407 }
1408 *pwidth = width;
1409 *pheight = height;
1410 }
1411
1412 void vga_invalidate_scanlines(VGACommonState *s, int y1, int y2)
1413 {
1414 int y;
1415 if (y1 >= VGA_MAX_HEIGHT)
1416 return;
1417 if (y2 >= VGA_MAX_HEIGHT)
1418 y2 = VGA_MAX_HEIGHT;
1419 for(y = y1; y < y2; y++) {
1420 s->invalidated_y_table[y >> 5] |= 1 << (y & 0x1f);
1421 }
1422 }
1423
1424 void vga_sync_dirty_bitmap(VGACommonState *s)
1425 {
1426 memory_region_sync_dirty_bitmap(&s->vram);
1427 }
1428
1429 void vga_dirty_log_start(VGACommonState *s)
1430 {
1431 memory_region_set_log(&s->vram, true, DIRTY_MEMORY_VGA);
1432 }
1433
1434 void vga_dirty_log_stop(VGACommonState *s)
1435 {
1436 memory_region_set_log(&s->vram, false, DIRTY_MEMORY_VGA);
1437 }
1438
1439 /*
1440 * graphic modes
1441 */
1442 static void vga_draw_graphic(VGACommonState *s, int full_update)
1443 {
1444 DisplaySurface *surface = qemu_console_surface(s->con);
1445 int y1, y, update, linesize, y_start, double_scan, mask, depth;
1446 int width, height, shift_control, line_offset, bwidth, bits;
1447 ram_addr_t page0, page1, page_min, page_max;
1448 int disp_width, multi_scan, multi_run;
1449 uint8_t *d;
1450 uint32_t v, addr1, addr;
1451 vga_draw_line_func *vga_draw_line = NULL;
1452 bool share_surface;
1453 pixman_format_code_t format;
1454 #ifdef HOST_WORDS_BIGENDIAN
1455 bool byteswap = !s->big_endian_fb;
1456 #else
1457 bool byteswap = s->big_endian_fb;
1458 #endif
1459
1460 full_update |= update_basic_params(s);
1461
1462 if (!full_update)
1463 vga_sync_dirty_bitmap(s);
1464
1465 s->get_resolution(s, &width, &height);
1466 disp_width = width;
1467
1468 shift_control = (s->gr[VGA_GFX_MODE] >> 5) & 3;
1469 double_scan = (s->cr[VGA_CRTC_MAX_SCAN] >> 7);
1470 if (shift_control != 1) {
1471 multi_scan = (((s->cr[VGA_CRTC_MAX_SCAN] & 0x1f) + 1) << double_scan)
1472 - 1;
1473 } else {
1474 /* in CGA modes, multi_scan is ignored */
1475 /* XXX: is it correct ? */
1476 multi_scan = double_scan;
1477 }
1478 multi_run = multi_scan;
1479 if (shift_control != s->shift_control ||
1480 double_scan != s->double_scan) {
1481 full_update = 1;
1482 s->shift_control = shift_control;
1483 s->double_scan = double_scan;
1484 }
1485
1486 if (shift_control == 0) {
1487 if (s->sr[VGA_SEQ_CLOCK_MODE] & 8) {
1488 disp_width <<= 1;
1489 }
1490 } else if (shift_control == 1) {
1491 if (s->sr[VGA_SEQ_CLOCK_MODE] & 8) {
1492 disp_width <<= 1;
1493 }
1494 }
1495
1496 depth = s->get_bpp(s);
1497
1498 /*
1499 * Check whether we can share the surface with the backend
1500 * or whether we need a shadow surface. We share native
1501 * endian surfaces for 15bpp and above and byteswapped
1502 * surfaces for 24bpp and above.
1503 */
1504 format = qemu_default_pixman_format(depth, !byteswap);
1505 if (format) {
1506 share_surface = dpy_gfx_check_format(s->con, format)
1507 && !s->force_shadow;
1508 } else {
1509 share_surface = false;
1510 }
1511 if (s->line_offset != s->last_line_offset ||
1512 disp_width != s->last_width ||
1513 height != s->last_height ||
1514 s->last_depth != depth ||
1515 s->last_byteswap != byteswap ||
1516 share_surface != is_buffer_shared(surface)) {
1517 if (share_surface) {
1518 surface = qemu_create_displaysurface_from(disp_width,
1519 height, format, s->line_offset,
1520 s->vram_ptr + (s->start_addr * 4));
1521 dpy_gfx_replace_surface(s->con, surface);
1522 #ifdef DEBUG_VGA
1523 printf("VGA: Using shared surface for depth=%d swap=%d\n",
1524 depth, byteswap);
1525 #endif
1526 } else {
1527 qemu_console_resize(s->con, disp_width, height);
1528 surface = qemu_console_surface(s->con);
1529 #ifdef DEBUG_VGA
1530 printf("VGA: Using shadow surface for depth=%d swap=%d\n",
1531 depth, byteswap);
1532 #endif
1533 }
1534 s->last_scr_width = disp_width;
1535 s->last_scr_height = height;
1536 s->last_width = disp_width;
1537 s->last_height = height;
1538 s->last_line_offset = s->line_offset;
1539 s->last_depth = depth;
1540 s->last_byteswap = byteswap;
1541 full_update = 1;
1542 } else if (is_buffer_shared(surface) &&
1543 (full_update || surface_data(surface) != s->vram_ptr
1544 + (s->start_addr * 4))) {
1545 pixman_format_code_t format =
1546 qemu_default_pixman_format(depth, !byteswap);
1547 surface = qemu_create_displaysurface_from(disp_width,
1548 height, format, s->line_offset,
1549 s->vram_ptr + (s->start_addr * 4));
1550 dpy_gfx_replace_surface(s->con, surface);
1551 }
1552
1553 if (shift_control == 0) {
1554 full_update |= update_palette16(s);
1555 if (s->sr[VGA_SEQ_CLOCK_MODE] & 8) {
1556 v = VGA_DRAW_LINE4D2;
1557 } else {
1558 v = VGA_DRAW_LINE4;
1559 }
1560 bits = 4;
1561 } else if (shift_control == 1) {
1562 full_update |= update_palette16(s);
1563 if (s->sr[VGA_SEQ_CLOCK_MODE] & 8) {
1564 v = VGA_DRAW_LINE2D2;
1565 } else {
1566 v = VGA_DRAW_LINE2;
1567 }
1568 bits = 4;
1569 } else {
1570 switch(s->get_bpp(s)) {
1571 default:
1572 case 0:
1573 full_update |= update_palette256(s);
1574 v = VGA_DRAW_LINE8D2;
1575 bits = 4;
1576 break;
1577 case 8:
1578 full_update |= update_palette256(s);
1579 v = VGA_DRAW_LINE8;
1580 bits = 8;
1581 break;
1582 case 15:
1583 v = s->big_endian_fb ? VGA_DRAW_LINE15_BE : VGA_DRAW_LINE15_LE;
1584 bits = 16;
1585 break;
1586 case 16:
1587 v = s->big_endian_fb ? VGA_DRAW_LINE16_BE : VGA_DRAW_LINE16_LE;
1588 bits = 16;
1589 break;
1590 case 24:
1591 v = s->big_endian_fb ? VGA_DRAW_LINE24_BE : VGA_DRAW_LINE24_LE;
1592 bits = 24;
1593 break;
1594 case 32:
1595 v = s->big_endian_fb ? VGA_DRAW_LINE32_BE : VGA_DRAW_LINE32_LE;
1596 bits = 32;
1597 break;
1598 }
1599 }
1600 vga_draw_line = vga_draw_line_table[v];
1601
1602 if (!is_buffer_shared(surface) && s->cursor_invalidate) {
1603 s->cursor_invalidate(s);
1604 }
1605
1606 line_offset = s->line_offset;
1607 #if 0
1608 printf("w=%d h=%d v=%d line_offset=%d cr[0x09]=0x%02x cr[0x17]=0x%02x linecmp=%d sr[0x01]=0x%02x\n",
1609 width, height, v, line_offset, s->cr[9], s->cr[VGA_CRTC_MODE],
1610 s->line_compare, s->sr[VGA_SEQ_CLOCK_MODE]);
1611 #endif
1612 addr1 = (s->start_addr * 4);
1613 bwidth = (width * bits + 7) / 8;
1614 y_start = -1;
1615 page_min = -1;
1616 page_max = 0;
1617 d = surface_data(surface);
1618 linesize = surface_stride(surface);
1619 y1 = 0;
1620 for(y = 0; y < height; y++) {
1621 addr = addr1;
1622 if (!(s->cr[VGA_CRTC_MODE] & 1)) {
1623 int shift;
1624 /* CGA compatibility handling */
1625 shift = 14 + ((s->cr[VGA_CRTC_MODE] >> 6) & 1);
1626 addr = (addr & ~(1 << shift)) | ((y1 & 1) << shift);
1627 }
1628 if (!(s->cr[VGA_CRTC_MODE] & 2)) {
1629 addr = (addr & ~0x8000) | ((y1 & 2) << 14);
1630 }
1631 update = full_update;
1632 page0 = addr;
1633 page1 = addr + bwidth - 1;
1634 update |= memory_region_get_dirty(&s->vram, page0, page1 - page0,
1635 DIRTY_MEMORY_VGA);
1636 /* explicit invalidation for the hardware cursor */
1637 update |= (s->invalidated_y_table[y >> 5] >> (y & 0x1f)) & 1;
1638 if (update) {
1639 if (y_start < 0)
1640 y_start = y;
1641 if (page0 < page_min)
1642 page_min = page0;
1643 if (page1 > page_max)
1644 page_max = page1;
1645 if (!(is_buffer_shared(surface))) {
1646 vga_draw_line(s, d, s->vram_ptr + addr, width);
1647 if (s->cursor_draw_line)
1648 s->cursor_draw_line(s, d, y);
1649 }
1650 } else {
1651 if (y_start >= 0) {
1652 /* flush to display */
1653 dpy_gfx_update(s->con, 0, y_start,
1654 disp_width, y - y_start);
1655 y_start = -1;
1656 }
1657 }
1658 if (!multi_run) {
1659 mask = (s->cr[VGA_CRTC_MODE] & 3) ^ 3;
1660 if ((y1 & mask) == mask)
1661 addr1 += line_offset;
1662 y1++;
1663 multi_run = multi_scan;
1664 } else {
1665 multi_run--;
1666 }
1667 /* line compare acts on the displayed lines */
1668 if (y == s->line_compare)
1669 addr1 = 0;
1670 d += linesize;
1671 }
1672 if (y_start >= 0) {
1673 /* flush to display */
1674 dpy_gfx_update(s->con, 0, y_start,
1675 disp_width, y - y_start);
1676 }
1677 /* reset modified pages */
1678 if (page_max >= page_min) {
1679 memory_region_reset_dirty(&s->vram,
1680 page_min,
1681 page_max - page_min,
1682 DIRTY_MEMORY_VGA);
1683 }
1684 memset(s->invalidated_y_table, 0, ((height + 31) >> 5) * 4);
1685 }
1686
1687 static void vga_draw_blank(VGACommonState *s, int full_update)
1688 {
1689 DisplaySurface *surface = qemu_console_surface(s->con);
1690 int i, w;
1691 uint8_t *d;
1692
1693 if (!full_update)
1694 return;
1695 if (s->last_scr_width <= 0 || s->last_scr_height <= 0)
1696 return;
1697
1698 w = s->last_scr_width * surface_bytes_per_pixel(surface);
1699 d = surface_data(surface);
1700 for(i = 0; i < s->last_scr_height; i++) {
1701 memset(d, 0, w);
1702 d += surface_stride(surface);
1703 }
1704 dpy_gfx_update(s->con, 0, 0,
1705 s->last_scr_width, s->last_scr_height);
1706 }
1707
1708 #define GMODE_TEXT 0
1709 #define GMODE_GRAPH 1
1710 #define GMODE_BLANK 2
1711
1712 static void vga_update_display(void *opaque)
1713 {
1714 VGACommonState *s = opaque;
1715 DisplaySurface *surface = qemu_console_surface(s->con);
1716 int full_update, graphic_mode;
1717
1718 qemu_flush_coalesced_mmio_buffer();
1719
1720 if (surface_bits_per_pixel(surface) == 0) {
1721 /* nothing to do */
1722 } else {
1723 full_update = 0;
1724 if (!(s->ar_index & 0x20)) {
1725 graphic_mode = GMODE_BLANK;
1726 } else {
1727 graphic_mode = s->gr[VGA_GFX_MISC] & VGA_GR06_GRAPHICS_MODE;
1728 }
1729 if (graphic_mode != s->graphic_mode) {
1730 s->graphic_mode = graphic_mode;
1731 s->cursor_blink_time = qemu_clock_get_ms(QEMU_CLOCK_VIRTUAL);
1732 full_update = 1;
1733 }
1734 switch(graphic_mode) {
1735 case GMODE_TEXT:
1736 vga_draw_text(s, full_update);
1737 break;
1738 case GMODE_GRAPH:
1739 vga_draw_graphic(s, full_update);
1740 break;
1741 case GMODE_BLANK:
1742 default:
1743 vga_draw_blank(s, full_update);
1744 break;
1745 }
1746 }
1747 }
1748
1749 /* force a full display refresh */
1750 static void vga_invalidate_display(void *opaque)
1751 {
1752 VGACommonState *s = opaque;
1753
1754 s->last_width = -1;
1755 s->last_height = -1;
1756 }
1757
1758 void vga_common_reset(VGACommonState *s)
1759 {
1760 s->sr_index = 0;
1761 memset(s->sr, '\0', sizeof(s->sr));
1762 s->gr_index = 0;
1763 memset(s->gr, '\0', sizeof(s->gr));
1764 s->ar_index = 0;
1765 memset(s->ar, '\0', sizeof(s->ar));
1766 s->ar_flip_flop = 0;
1767 s->cr_index = 0;
1768 memset(s->cr, '\0', sizeof(s->cr));
1769 s->msr = 0;
1770 s->fcr = 0;
1771 s->st00 = 0;
1772 s->st01 = 0;
1773 s->dac_state = 0;
1774 s->dac_sub_index = 0;
1775 s->dac_read_index = 0;
1776 s->dac_write_index = 0;
1777 memset(s->dac_cache, '\0', sizeof(s->dac_cache));
1778 s->dac_8bit = 0;
1779 memset(s->palette, '\0', sizeof(s->palette));
1780 s->bank_offset = 0;
1781 s->vbe_index = 0;
1782 memset(s->vbe_regs, '\0', sizeof(s->vbe_regs));
1783 s->vbe_regs[VBE_DISPI_INDEX_ID] = VBE_DISPI_ID5;
1784 s->vbe_start_addr = 0;
1785 s->vbe_line_offset = 0;
1786 s->vbe_bank_mask = (s->vram_size >> 16) - 1;
1787 memset(s->font_offsets, '\0', sizeof(s->font_offsets));
1788 s->graphic_mode = -1; /* force full update */
1789 s->shift_control = 0;
1790 s->double_scan = 0;
1791 s->line_offset = 0;
1792 s->line_compare = 0;
1793 s->start_addr = 0;
1794 s->plane_updated = 0;
1795 s->last_cw = 0;
1796 s->last_ch = 0;
1797 s->last_width = 0;
1798 s->last_height = 0;
1799 s->last_scr_width = 0;
1800 s->last_scr_height = 0;
1801 s->cursor_start = 0;
1802 s->cursor_end = 0;
1803 s->cursor_offset = 0;
1804 s->big_endian_fb = s->default_endian_fb;
1805 memset(s->invalidated_y_table, '\0', sizeof(s->invalidated_y_table));
1806 memset(s->last_palette, '\0', sizeof(s->last_palette));
1807 memset(s->last_ch_attr, '\0', sizeof(s->last_ch_attr));
1808 switch (vga_retrace_method) {
1809 case VGA_RETRACE_DUMB:
1810 break;
1811 case VGA_RETRACE_PRECISE:
1812 memset(&s->retrace_info, 0, sizeof (s->retrace_info));
1813 break;
1814 }
1815 vga_update_memory_access(s);
1816 }
1817
1818 static void vga_reset(void *opaque)
1819 {
1820 VGACommonState *s = opaque;
1821 vga_common_reset(s);
1822 }
1823
1824 #define TEXTMODE_X(x) ((x) % width)
1825 #define TEXTMODE_Y(x) ((x) / width)
1826 #define VMEM2CHTYPE(v) ((v & 0xff0007ff) | \
1827 ((v & 0x00000800) << 10) | ((v & 0x00007000) >> 1))
1828 /* relay text rendering to the display driver
1829 * instead of doing a full vga_update_display() */
1830 static void vga_update_text(void *opaque, console_ch_t *chardata)
1831 {
1832 VGACommonState *s = opaque;
1833 int graphic_mode, i, cursor_offset, cursor_visible;
1834 int cw, cheight, width, height, size, c_min, c_max;
1835 uint32_t *src;
1836 console_ch_t *dst, val;
1837 char msg_buffer[80];
1838 int full_update = 0;
1839
1840 qemu_flush_coalesced_mmio_buffer();
1841
1842 if (!(s->ar_index & 0x20)) {
1843 graphic_mode = GMODE_BLANK;
1844 } else {
1845 graphic_mode = s->gr[VGA_GFX_MISC] & VGA_GR06_GRAPHICS_MODE;
1846 }
1847 if (graphic_mode != s->graphic_mode) {
1848 s->graphic_mode = graphic_mode;
1849 full_update = 1;
1850 }
1851 if (s->last_width == -1) {
1852 s->last_width = 0;
1853 full_update = 1;
1854 }
1855
1856 switch (graphic_mode) {
1857 case GMODE_TEXT:
1858 /* TODO: update palette */
1859 full_update |= update_basic_params(s);
1860
1861 /* total width & height */
1862 cheight = (s->cr[VGA_CRTC_MAX_SCAN] & 0x1f) + 1;
1863 cw = 8;
1864 if (!(s->sr[VGA_SEQ_CLOCK_MODE] & VGA_SR01_CHAR_CLK_8DOTS)) {
1865 cw = 9;
1866 }
1867 if (s->sr[VGA_SEQ_CLOCK_MODE] & 0x08) {
1868 cw = 16; /* NOTE: no 18 pixel wide */
1869 }
1870 width = (s->cr[VGA_CRTC_H_DISP] + 1);
1871 if (s->cr[VGA_CRTC_V_TOTAL] == 100) {
1872 /* ugly hack for CGA 160x100x16 - explain me the logic */
1873 height = 100;
1874 } else {
1875 height = s->cr[VGA_CRTC_V_DISP_END] |
1876 ((s->cr[VGA_CRTC_OVERFLOW] & 0x02) << 7) |
1877 ((s->cr[VGA_CRTC_OVERFLOW] & 0x40) << 3);
1878 height = (height + 1) / cheight;
1879 }
1880
1881 size = (height * width);
1882 if (size > CH_ATTR_SIZE) {
1883 if (!full_update)
1884 return;
1885
1886 snprintf(msg_buffer, sizeof(msg_buffer), "%i x %i Text mode",
1887 width, height);
1888 break;
1889 }
1890
1891 if (width != s->last_width || height != s->last_height ||
1892 cw != s->last_cw || cheight != s->last_ch) {
1893 s->last_scr_width = width * cw;
1894 s->last_scr_height = height * cheight;
1895 qemu_console_resize(s->con, s->last_scr_width, s->last_scr_height);
1896 dpy_text_resize(s->con, width, height);
1897 s->last_depth = 0;
1898 s->last_width = width;
1899 s->last_height = height;
1900 s->last_ch = cheight;
1901 s->last_cw = cw;
1902 full_update = 1;
1903 }
1904
1905 if (full_update) {
1906 s->full_update_gfx = 1;
1907 }
1908 if (s->full_update_text) {
1909 s->full_update_text = 0;
1910 full_update |= 1;
1911 }
1912
1913 /* Update "hardware" cursor */
1914 cursor_offset = ((s->cr[VGA_CRTC_CURSOR_HI] << 8) |
1915 s->cr[VGA_CRTC_CURSOR_LO]) - s->start_addr;
1916 if (cursor_offset != s->cursor_offset ||
1917 s->cr[VGA_CRTC_CURSOR_START] != s->cursor_start ||
1918 s->cr[VGA_CRTC_CURSOR_END] != s->cursor_end || full_update) {
1919 cursor_visible = !(s->cr[VGA_CRTC_CURSOR_START] & 0x20);
1920 if (cursor_visible && cursor_offset < size && cursor_offset >= 0)
1921 dpy_text_cursor(s->con,
1922 TEXTMODE_X(cursor_offset),
1923 TEXTMODE_Y(cursor_offset));
1924 else
1925 dpy_text_cursor(s->con, -1, -1);
1926 s->cursor_offset = cursor_offset;
1927 s->cursor_start = s->cr[VGA_CRTC_CURSOR_START];
1928 s->cursor_end = s->cr[VGA_CRTC_CURSOR_END];
1929 }
1930
1931 src = (uint32_t *) s->vram_ptr + s->start_addr;
1932 dst = chardata;
1933
1934 if (full_update) {
1935 for (i = 0; i < size; src ++, dst ++, i ++)
1936 console_write_ch(dst, VMEM2CHTYPE(le32_to_cpu(*src)));
1937
1938 dpy_text_update(s->con, 0, 0, width, height);
1939 } else {
1940 c_max = 0;
1941
1942 for (i = 0; i < size; src ++, dst ++, i ++) {
1943 console_write_ch(&val, VMEM2CHTYPE(le32_to_cpu(*src)));
1944 if (*dst != val) {
1945 *dst = val;
1946 c_max = i;
1947 break;
1948 }
1949 }
1950 c_min = i;
1951 for (; i < size; src ++, dst ++, i ++) {
1952 console_write_ch(&val, VMEM2CHTYPE(le32_to_cpu(*src)));
1953 if (*dst != val) {
1954 *dst = val;
1955 c_max = i;
1956 }
1957 }
1958
1959 if (c_min <= c_max) {
1960 i = TEXTMODE_Y(c_min);
1961 dpy_text_update(s->con, 0, i, width, TEXTMODE_Y(c_max) - i + 1);
1962 }
1963 }
1964
1965 return;
1966 case GMODE_GRAPH:
1967 if (!full_update)
1968 return;
1969
1970 s->get_resolution(s, &width, &height);
1971 snprintf(msg_buffer, sizeof(msg_buffer), "%i x %i Graphic mode",
1972 width, height);
1973 break;
1974 case GMODE_BLANK:
1975 default:
1976 if (!full_update)
1977 return;
1978
1979 snprintf(msg_buffer, sizeof(msg_buffer), "VGA Blank mode");
1980 break;
1981 }
1982
1983 /* Display a message */
1984 s->last_width = 60;
1985 s->last_height = height = 3;
1986 dpy_text_cursor(s->con, -1, -1);
1987 dpy_text_resize(s->con, s->last_width, height);
1988
1989 for (dst = chardata, i = 0; i < s->last_width * height; i ++)
1990 console_write_ch(dst ++, ' ');
1991
1992 size = strlen(msg_buffer);
1993 width = (s->last_width - size) / 2;
1994 dst = chardata + s->last_width + width;
1995 for (i = 0; i < size; i ++)
1996 console_write_ch(dst ++, ATTR2CHTYPE(msg_buffer[i], QEMU_COLOR_BLUE,
1997 QEMU_COLOR_BLACK, 1));
1998
1999 dpy_text_update(s->con, 0, 0, s->last_width, height);
2000 }
2001
2002 static uint64_t vga_mem_read(void *opaque, hwaddr addr,
2003 unsigned size)
2004 {
2005 VGACommonState *s = opaque;
2006
2007 return vga_mem_readb(s, addr);
2008 }
2009
2010 static void vga_mem_write(void *opaque, hwaddr addr,
2011 uint64_t data, unsigned size)
2012 {
2013 VGACommonState *s = opaque;
2014
2015 vga_mem_writeb(s, addr, data);
2016 }
2017
2018 const MemoryRegionOps vga_mem_ops = {
2019 .read = vga_mem_read,
2020 .write = vga_mem_write,
2021 .endianness = DEVICE_LITTLE_ENDIAN,
2022 .impl = {
2023 .min_access_size = 1,
2024 .max_access_size = 1,
2025 },
2026 };
2027
2028 static int vga_common_post_load(void *opaque, int version_id)
2029 {
2030 VGACommonState *s = opaque;
2031
2032 /* force refresh */
2033 s->graphic_mode = -1;
2034 return 0;
2035 }
2036
2037 static bool vga_endian_state_needed(void *opaque)
2038 {
2039 VGACommonState *s = opaque;
2040
2041 /*
2042 * Only send the endian state if it's different from the
2043 * default one, thus ensuring backward compatibility for
2044 * migration of the common case
2045 */
2046 return s->default_endian_fb != s->big_endian_fb;
2047 }
2048
2049 static const VMStateDescription vmstate_vga_endian = {
2050 .name = "vga.endian",
2051 .version_id = 1,
2052 .minimum_version_id = 1,
2053 .needed = vga_endian_state_needed,
2054 .fields = (VMStateField[]) {
2055 VMSTATE_BOOL(big_endian_fb, VGACommonState),
2056 VMSTATE_END_OF_LIST()
2057 }
2058 };
2059
2060 const VMStateDescription vmstate_vga_common = {
2061 .name = "vga",
2062 .version_id = 2,
2063 .minimum_version_id = 2,
2064 .post_load = vga_common_post_load,
2065 .fields = (VMStateField[]) {
2066 VMSTATE_UINT32(latch, VGACommonState),
2067 VMSTATE_UINT8(sr_index, VGACommonState),
2068 VMSTATE_PARTIAL_BUFFER(sr, VGACommonState, 8),
2069 VMSTATE_UINT8(gr_index, VGACommonState),
2070 VMSTATE_PARTIAL_BUFFER(gr, VGACommonState, 16),
2071 VMSTATE_UINT8(ar_index, VGACommonState),
2072 VMSTATE_BUFFER(ar, VGACommonState),
2073 VMSTATE_INT32(ar_flip_flop, VGACommonState),
2074 VMSTATE_UINT8(cr_index, VGACommonState),
2075 VMSTATE_BUFFER(cr, VGACommonState),
2076 VMSTATE_UINT8(msr, VGACommonState),
2077 VMSTATE_UINT8(fcr, VGACommonState),
2078 VMSTATE_UINT8(st00, VGACommonState),
2079 VMSTATE_UINT8(st01, VGACommonState),
2080
2081 VMSTATE_UINT8(dac_state, VGACommonState),
2082 VMSTATE_UINT8(dac_sub_index, VGACommonState),
2083 VMSTATE_UINT8(dac_read_index, VGACommonState),
2084 VMSTATE_UINT8(dac_write_index, VGACommonState),
2085 VMSTATE_BUFFER(dac_cache, VGACommonState),
2086 VMSTATE_BUFFER(palette, VGACommonState),
2087
2088 VMSTATE_INT32(bank_offset, VGACommonState),
2089 VMSTATE_UINT8_EQUAL(is_vbe_vmstate, VGACommonState),
2090 VMSTATE_UINT16(vbe_index, VGACommonState),
2091 VMSTATE_UINT16_ARRAY(vbe_regs, VGACommonState, VBE_DISPI_INDEX_NB),
2092 VMSTATE_UINT32(vbe_start_addr, VGACommonState),
2093 VMSTATE_UINT32(vbe_line_offset, VGACommonState),
2094 VMSTATE_UINT32(vbe_bank_mask, VGACommonState),
2095 VMSTATE_END_OF_LIST()
2096 },
2097 .subsections = (const VMStateDescription*[]) {
2098 &vmstate_vga_endian,
2099 NULL
2100 }
2101 };
2102
2103 static const GraphicHwOps vga_ops = {
2104 .invalidate = vga_invalidate_display,
2105 .gfx_update = vga_update_display,
2106 .text_update = vga_update_text,
2107 };
2108
2109 static inline uint32_t uint_clamp(uint32_t val, uint32_t vmin, uint32_t vmax)
2110 {
2111 if (val < vmin) {
2112 return vmin;
2113 }
2114 if (val > vmax) {
2115 return vmax;
2116 }
2117 return val;
2118 }
2119
2120 void vga_common_init(VGACommonState *s, Object *obj, bool global_vmstate)
2121 {
2122 int i, j, v, b;
2123
2124 for(i = 0;i < 256; i++) {
2125 v = 0;
2126 for(j = 0; j < 8; j++) {
2127 v |= ((i >> j) & 1) << (j * 4);
2128 }
2129 expand4[i] = v;
2130
2131 v = 0;
2132 for(j = 0; j < 4; j++) {
2133 v |= ((i >> (2 * j)) & 3) << (j * 4);
2134 }
2135 expand2[i] = v;
2136 }
2137 for(i = 0; i < 16; i++) {
2138 v = 0;
2139 for(j = 0; j < 4; j++) {
2140 b = ((i >> j) & 1);
2141 v |= b << (2 * j);
2142 v |= b << (2 * j + 1);
2143 }
2144 expand4to8[i] = v;
2145 }
2146
2147 s->vram_size_mb = uint_clamp(s->vram_size_mb, 1, 512);
2148 s->vram_size_mb = pow2ceil(s->vram_size_mb);
2149 s->vram_size = s->vram_size_mb << 20;
2150
2151 if (!s->vbe_size) {
2152 s->vbe_size = s->vram_size;
2153 }
2154
2155 s->is_vbe_vmstate = 1;
2156 memory_region_init_ram(&s->vram, obj, "vga.vram", s->vram_size,
2157 &error_fatal);
2158 vmstate_register_ram(&s->vram, global_vmstate ? NULL : DEVICE(obj));
2159 xen_register_framebuffer(&s->vram);
2160 s->vram_ptr = memory_region_get_ram_ptr(&s->vram);
2161 s->get_bpp = vga_get_bpp;
2162 s->get_offsets = vga_get_offsets;
2163 s->get_resolution = vga_get_resolution;
2164 s->hw_ops = &vga_ops;
2165 switch (vga_retrace_method) {
2166 case VGA_RETRACE_DUMB:
2167 s->retrace = vga_dumb_retrace;
2168 s->update_retrace_info = vga_dumb_update_retrace_info;
2169 break;
2170
2171 case VGA_RETRACE_PRECISE:
2172 s->retrace = vga_precise_retrace;
2173 s->update_retrace_info = vga_precise_update_retrace_info;
2174 break;
2175 }
2176
2177 /*
2178 * Set default fb endian based on target, could probably be turned
2179 * into a device attribute set by the machine/platform to remove
2180 * all target endian dependencies from this file.
2181 */
2182 #ifdef TARGET_WORDS_BIGENDIAN
2183 s->default_endian_fb = true;
2184 #else
2185 s->default_endian_fb = false;
2186 #endif
2187 vga_dirty_log_start(s);
2188 }
2189
2190 static const MemoryRegionPortio vga_portio_list[] = {
2191 { 0x04, 2, 1, .read = vga_ioport_read, .write = vga_ioport_write }, /* 3b4 */
2192 { 0x0a, 1, 1, .read = vga_ioport_read, .write = vga_ioport_write }, /* 3ba */
2193 { 0x10, 16, 1, .read = vga_ioport_read, .write = vga_ioport_write }, /* 3c0 */
2194 { 0x24, 2, 1, .read = vga_ioport_read, .write = vga_ioport_write }, /* 3d4 */
2195 { 0x2a, 1, 1, .read = vga_ioport_read, .write = vga_ioport_write }, /* 3da */
2196 PORTIO_END_OF_LIST(),
2197 };
2198
2199 static const MemoryRegionPortio vbe_portio_list[] = {
2200 { 0, 1, 2, .read = vbe_ioport_read_index, .write = vbe_ioport_write_index },
2201 # ifdef TARGET_I386
2202 { 1, 1, 2, .read = vbe_ioport_read_data, .write = vbe_ioport_write_data },
2203 # endif
2204 { 2, 1, 2, .read = vbe_ioport_read_data, .write = vbe_ioport_write_data },
2205 PORTIO_END_OF_LIST(),
2206 };
2207
2208 /* Used by both ISA and PCI */
2209 MemoryRegion *vga_init_io(VGACommonState *s, Object *obj,
2210 const MemoryRegionPortio **vga_ports,
2211 const MemoryRegionPortio **vbe_ports)
2212 {
2213 MemoryRegion *vga_mem;
2214
2215 *vga_ports = vga_portio_list;
2216 *vbe_ports = vbe_portio_list;
2217
2218 vga_mem = g_malloc(sizeof(*vga_mem));
2219 memory_region_init_io(vga_mem, obj, &vga_mem_ops, s,
2220 "vga-lowmem", 0x20000);
2221 memory_region_set_flush_coalesced(vga_mem);
2222
2223 return vga_mem;
2224 }
2225
2226 void vga_init(VGACommonState *s, Object *obj, MemoryRegion *address_space,
2227 MemoryRegion *address_space_io, bool init_vga_ports)
2228 {
2229 MemoryRegion *vga_io_memory;
2230 const MemoryRegionPortio *vga_ports, *vbe_ports;
2231
2232 qemu_register_reset(vga_reset, s);
2233
2234 s->bank_offset = 0;
2235
2236 s->legacy_address_space = address_space;
2237
2238 vga_io_memory = vga_init_io(s, obj, &vga_ports, &vbe_ports);
2239 memory_region_add_subregion_overlap(address_space,
2240 0x000a0000,
2241 vga_io_memory,
2242 1);
2243 memory_region_set_coalescing(vga_io_memory);
2244 if (init_vga_ports) {
2245 portio_list_init(&s->vga_port_list, obj, vga_ports, s, "vga");
2246 portio_list_set_flush_coalesced(&s->vga_port_list);
2247 portio_list_add(&s->vga_port_list, address_space_io, 0x3b0);
2248 }
2249 if (vbe_ports) {
2250 portio_list_init(&s->vbe_port_list, obj, vbe_ports, s, "vbe");
2251 portio_list_add(&s->vbe_port_list, address_space_io, 0x1ce);
2252 }
2253 }
2254
2255 void vga_init_vbe(VGACommonState *s, Object *obj, MemoryRegion *system_memory)
2256 {
2257 /* With pc-0.12 and below we map both the PCI BAR and the fixed VBE region,
2258 * so use an alias to avoid double-mapping the same region.
2259 */
2260 memory_region_init_alias(&s->vram_vbe, obj, "vram.vbe",
2261 &s->vram, 0, memory_region_size(&s->vram));
2262 /* XXX: use optimized standard vga accesses */
2263 memory_region_add_subregion(system_memory,
2264 VBE_DISPI_LFB_PHYSICAL_ADDRESS,
2265 &s->vram_vbe);
2266 s->vbe_mapped = 1;
2267 }