vmsvga: add more fifo checks
[qemu.git] / hw / display / vmware_vga.c
1 /*
2 * QEMU VMware-SVGA "chipset".
3 *
4 * Copyright (c) 2007 Andrzej Zaborowski <balrog@zabor.org>
5 *
6 * Permission is hereby granted, free of charge, to any person obtaining a copy
7 * of this software and associated documentation files (the "Software"), to deal
8 * in the Software without restriction, including without limitation the rights
9 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
10 * copies of the Software, and to permit persons to whom the Software is
11 * furnished to do so, subject to the following conditions:
12 *
13 * The above copyright notice and this permission notice shall be included in
14 * all copies or substantial portions of the Software.
15 *
16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
19 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
21 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
22 * THE SOFTWARE.
23 */
24 #include "qemu/osdep.h"
25 #include "qapi/error.h"
26 #include "hw/hw.h"
27 #include "hw/loader.h"
28 #include "trace.h"
29 #include "ui/console.h"
30 #include "ui/vnc.h"
31 #include "hw/pci/pci.h"
32
33 #undef VERBOSE
34 #define HW_RECT_ACCEL
35 #define HW_FILL_ACCEL
36 #define HW_MOUSE_ACCEL
37
38 #include "vga_int.h"
39
40 /* See http://vmware-svga.sf.net/ for some documentation on VMWare SVGA */
41
42 struct vmsvga_state_s {
43 VGACommonState vga;
44
45 int invalidated;
46 int enable;
47 int config;
48 struct {
49 int id;
50 int x;
51 int y;
52 int on;
53 } cursor;
54
55 int index;
56 int scratch_size;
57 uint32_t *scratch;
58 int new_width;
59 int new_height;
60 int new_depth;
61 uint32_t guest;
62 uint32_t svgaid;
63 int syncing;
64
65 MemoryRegion fifo_ram;
66 uint8_t *fifo_ptr;
67 unsigned int fifo_size;
68
69 union {
70 uint32_t *fifo;
71 struct QEMU_PACKED {
72 uint32_t min;
73 uint32_t max;
74 uint32_t next_cmd;
75 uint32_t stop;
76 /* Add registers here when adding capabilities. */
77 uint32_t fifo[0];
78 } *cmd;
79 };
80
81 #define REDRAW_FIFO_LEN 512
82 struct vmsvga_rect_s {
83 int x, y, w, h;
84 } redraw_fifo[REDRAW_FIFO_LEN];
85 int redraw_fifo_first, redraw_fifo_last;
86 };
87
88 #define TYPE_VMWARE_SVGA "vmware-svga"
89
90 #define VMWARE_SVGA(obj) \
91 OBJECT_CHECK(struct pci_vmsvga_state_s, (obj), TYPE_VMWARE_SVGA)
92
93 struct pci_vmsvga_state_s {
94 /*< private >*/
95 PCIDevice parent_obj;
96 /*< public >*/
97
98 struct vmsvga_state_s chip;
99 MemoryRegion io_bar;
100 };
101
102 #define SVGA_MAGIC 0x900000UL
103 #define SVGA_MAKE_ID(ver) (SVGA_MAGIC << 8 | (ver))
104 #define SVGA_ID_0 SVGA_MAKE_ID(0)
105 #define SVGA_ID_1 SVGA_MAKE_ID(1)
106 #define SVGA_ID_2 SVGA_MAKE_ID(2)
107
108 #define SVGA_LEGACY_BASE_PORT 0x4560
109 #define SVGA_INDEX_PORT 0x0
110 #define SVGA_VALUE_PORT 0x1
111 #define SVGA_BIOS_PORT 0x2
112
113 #define SVGA_VERSION_2
114
115 #ifdef SVGA_VERSION_2
116 # define SVGA_ID SVGA_ID_2
117 # define SVGA_IO_BASE SVGA_LEGACY_BASE_PORT
118 # define SVGA_IO_MUL 1
119 # define SVGA_FIFO_SIZE 0x10000
120 # define SVGA_PCI_DEVICE_ID PCI_DEVICE_ID_VMWARE_SVGA2
121 #else
122 # define SVGA_ID SVGA_ID_1
123 # define SVGA_IO_BASE SVGA_LEGACY_BASE_PORT
124 # define SVGA_IO_MUL 4
125 # define SVGA_FIFO_SIZE 0x10000
126 # define SVGA_PCI_DEVICE_ID PCI_DEVICE_ID_VMWARE_SVGA
127 #endif
128
129 enum {
130 /* ID 0, 1 and 2 registers */
131 SVGA_REG_ID = 0,
132 SVGA_REG_ENABLE = 1,
133 SVGA_REG_WIDTH = 2,
134 SVGA_REG_HEIGHT = 3,
135 SVGA_REG_MAX_WIDTH = 4,
136 SVGA_REG_MAX_HEIGHT = 5,
137 SVGA_REG_DEPTH = 6,
138 SVGA_REG_BITS_PER_PIXEL = 7, /* Current bpp in the guest */
139 SVGA_REG_PSEUDOCOLOR = 8,
140 SVGA_REG_RED_MASK = 9,
141 SVGA_REG_GREEN_MASK = 10,
142 SVGA_REG_BLUE_MASK = 11,
143 SVGA_REG_BYTES_PER_LINE = 12,
144 SVGA_REG_FB_START = 13,
145 SVGA_REG_FB_OFFSET = 14,
146 SVGA_REG_VRAM_SIZE = 15,
147 SVGA_REG_FB_SIZE = 16,
148
149 /* ID 1 and 2 registers */
150 SVGA_REG_CAPABILITIES = 17,
151 SVGA_REG_MEM_START = 18, /* Memory for command FIFO */
152 SVGA_REG_MEM_SIZE = 19,
153 SVGA_REG_CONFIG_DONE = 20, /* Set when memory area configured */
154 SVGA_REG_SYNC = 21, /* Write to force synchronization */
155 SVGA_REG_BUSY = 22, /* Read to check if sync is done */
156 SVGA_REG_GUEST_ID = 23, /* Set guest OS identifier */
157 SVGA_REG_CURSOR_ID = 24, /* ID of cursor */
158 SVGA_REG_CURSOR_X = 25, /* Set cursor X position */
159 SVGA_REG_CURSOR_Y = 26, /* Set cursor Y position */
160 SVGA_REG_CURSOR_ON = 27, /* Turn cursor on/off */
161 SVGA_REG_HOST_BITS_PER_PIXEL = 28, /* Current bpp in the host */
162 SVGA_REG_SCRATCH_SIZE = 29, /* Number of scratch registers */
163 SVGA_REG_MEM_REGS = 30, /* Number of FIFO registers */
164 SVGA_REG_NUM_DISPLAYS = 31, /* Number of guest displays */
165 SVGA_REG_PITCHLOCK = 32, /* Fixed pitch for all modes */
166
167 SVGA_PALETTE_BASE = 1024, /* Base of SVGA color map */
168 SVGA_PALETTE_END = SVGA_PALETTE_BASE + 767,
169 SVGA_SCRATCH_BASE = SVGA_PALETTE_BASE + 768,
170 };
171
172 #define SVGA_CAP_NONE 0
173 #define SVGA_CAP_RECT_FILL (1 << 0)
174 #define SVGA_CAP_RECT_COPY (1 << 1)
175 #define SVGA_CAP_RECT_PAT_FILL (1 << 2)
176 #define SVGA_CAP_LEGACY_OFFSCREEN (1 << 3)
177 #define SVGA_CAP_RASTER_OP (1 << 4)
178 #define SVGA_CAP_CURSOR (1 << 5)
179 #define SVGA_CAP_CURSOR_BYPASS (1 << 6)
180 #define SVGA_CAP_CURSOR_BYPASS_2 (1 << 7)
181 #define SVGA_CAP_8BIT_EMULATION (1 << 8)
182 #define SVGA_CAP_ALPHA_CURSOR (1 << 9)
183 #define SVGA_CAP_GLYPH (1 << 10)
184 #define SVGA_CAP_GLYPH_CLIPPING (1 << 11)
185 #define SVGA_CAP_OFFSCREEN_1 (1 << 12)
186 #define SVGA_CAP_ALPHA_BLEND (1 << 13)
187 #define SVGA_CAP_3D (1 << 14)
188 #define SVGA_CAP_EXTENDED_FIFO (1 << 15)
189 #define SVGA_CAP_MULTIMON (1 << 16)
190 #define SVGA_CAP_PITCHLOCK (1 << 17)
191
192 /*
193 * FIFO offsets (seen as an array of 32-bit words)
194 */
195 enum {
196 /*
197 * The original defined FIFO offsets
198 */
199 SVGA_FIFO_MIN = 0,
200 SVGA_FIFO_MAX, /* The distance from MIN to MAX must be at least 10K */
201 SVGA_FIFO_NEXT_CMD,
202 SVGA_FIFO_STOP,
203
204 /*
205 * Additional offsets added as of SVGA_CAP_EXTENDED_FIFO
206 */
207 SVGA_FIFO_CAPABILITIES = 4,
208 SVGA_FIFO_FLAGS,
209 SVGA_FIFO_FENCE,
210 SVGA_FIFO_3D_HWVERSION,
211 SVGA_FIFO_PITCHLOCK,
212 };
213
214 #define SVGA_FIFO_CAP_NONE 0
215 #define SVGA_FIFO_CAP_FENCE (1 << 0)
216 #define SVGA_FIFO_CAP_ACCELFRONT (1 << 1)
217 #define SVGA_FIFO_CAP_PITCHLOCK (1 << 2)
218
219 #define SVGA_FIFO_FLAG_NONE 0
220 #define SVGA_FIFO_FLAG_ACCELFRONT (1 << 0)
221
222 /* These values can probably be changed arbitrarily. */
223 #define SVGA_SCRATCH_SIZE 0x8000
224 #define SVGA_MAX_WIDTH ROUND_UP(2360, VNC_DIRTY_PIXELS_PER_BIT)
225 #define SVGA_MAX_HEIGHT 1770
226
227 #ifdef VERBOSE
228 # define GUEST_OS_BASE 0x5001
229 static const char *vmsvga_guest_id[] = {
230 [0x00] = "Dos",
231 [0x01] = "Windows 3.1",
232 [0x02] = "Windows 95",
233 [0x03] = "Windows 98",
234 [0x04] = "Windows ME",
235 [0x05] = "Windows NT",
236 [0x06] = "Windows 2000",
237 [0x07] = "Linux",
238 [0x08] = "OS/2",
239 [0x09] = "an unknown OS",
240 [0x0a] = "BSD",
241 [0x0b] = "Whistler",
242 [0x0c] = "an unknown OS",
243 [0x0d] = "an unknown OS",
244 [0x0e] = "an unknown OS",
245 [0x0f] = "an unknown OS",
246 [0x10] = "an unknown OS",
247 [0x11] = "an unknown OS",
248 [0x12] = "an unknown OS",
249 [0x13] = "an unknown OS",
250 [0x14] = "an unknown OS",
251 [0x15] = "Windows 2003",
252 };
253 #endif
254
255 enum {
256 SVGA_CMD_INVALID_CMD = 0,
257 SVGA_CMD_UPDATE = 1,
258 SVGA_CMD_RECT_FILL = 2,
259 SVGA_CMD_RECT_COPY = 3,
260 SVGA_CMD_DEFINE_BITMAP = 4,
261 SVGA_CMD_DEFINE_BITMAP_SCANLINE = 5,
262 SVGA_CMD_DEFINE_PIXMAP = 6,
263 SVGA_CMD_DEFINE_PIXMAP_SCANLINE = 7,
264 SVGA_CMD_RECT_BITMAP_FILL = 8,
265 SVGA_CMD_RECT_PIXMAP_FILL = 9,
266 SVGA_CMD_RECT_BITMAP_COPY = 10,
267 SVGA_CMD_RECT_PIXMAP_COPY = 11,
268 SVGA_CMD_FREE_OBJECT = 12,
269 SVGA_CMD_RECT_ROP_FILL = 13,
270 SVGA_CMD_RECT_ROP_COPY = 14,
271 SVGA_CMD_RECT_ROP_BITMAP_FILL = 15,
272 SVGA_CMD_RECT_ROP_PIXMAP_FILL = 16,
273 SVGA_CMD_RECT_ROP_BITMAP_COPY = 17,
274 SVGA_CMD_RECT_ROP_PIXMAP_COPY = 18,
275 SVGA_CMD_DEFINE_CURSOR = 19,
276 SVGA_CMD_DISPLAY_CURSOR = 20,
277 SVGA_CMD_MOVE_CURSOR = 21,
278 SVGA_CMD_DEFINE_ALPHA_CURSOR = 22,
279 SVGA_CMD_DRAW_GLYPH = 23,
280 SVGA_CMD_DRAW_GLYPH_CLIPPED = 24,
281 SVGA_CMD_UPDATE_VERBOSE = 25,
282 SVGA_CMD_SURFACE_FILL = 26,
283 SVGA_CMD_SURFACE_COPY = 27,
284 SVGA_CMD_SURFACE_ALPHA_BLEND = 28,
285 SVGA_CMD_FRONT_ROP_FILL = 29,
286 SVGA_CMD_FENCE = 30,
287 };
288
289 /* Legal values for the SVGA_REG_CURSOR_ON register in cursor bypass mode */
290 enum {
291 SVGA_CURSOR_ON_HIDE = 0,
292 SVGA_CURSOR_ON_SHOW = 1,
293 SVGA_CURSOR_ON_REMOVE_FROM_FB = 2,
294 SVGA_CURSOR_ON_RESTORE_TO_FB = 3,
295 };
296
297 static inline bool vmsvga_verify_rect(DisplaySurface *surface,
298 const char *name,
299 int x, int y, int w, int h)
300 {
301 if (x < 0) {
302 fprintf(stderr, "%s: x was < 0 (%d)\n", name, x);
303 return false;
304 }
305 if (x > SVGA_MAX_WIDTH) {
306 fprintf(stderr, "%s: x was > %d (%d)\n", name, SVGA_MAX_WIDTH, x);
307 return false;
308 }
309 if (w < 0) {
310 fprintf(stderr, "%s: w was < 0 (%d)\n", name, w);
311 return false;
312 }
313 if (w > SVGA_MAX_WIDTH) {
314 fprintf(stderr, "%s: w was > %d (%d)\n", name, SVGA_MAX_WIDTH, w);
315 return false;
316 }
317 if (x + w > surface_width(surface)) {
318 fprintf(stderr, "%s: width was > %d (x: %d, w: %d)\n",
319 name, surface_width(surface), x, w);
320 return false;
321 }
322
323 if (y < 0) {
324 fprintf(stderr, "%s: y was < 0 (%d)\n", name, y);
325 return false;
326 }
327 if (y > SVGA_MAX_HEIGHT) {
328 fprintf(stderr, "%s: y was > %d (%d)\n", name, SVGA_MAX_HEIGHT, y);
329 return false;
330 }
331 if (h < 0) {
332 fprintf(stderr, "%s: h was < 0 (%d)\n", name, h);
333 return false;
334 }
335 if (h > SVGA_MAX_HEIGHT) {
336 fprintf(stderr, "%s: h was > %d (%d)\n", name, SVGA_MAX_HEIGHT, h);
337 return false;
338 }
339 if (y + h > surface_height(surface)) {
340 fprintf(stderr, "%s: update height > %d (y: %d, h: %d)\n",
341 name, surface_height(surface), y, h);
342 return false;
343 }
344
345 return true;
346 }
347
348 static inline void vmsvga_update_rect(struct vmsvga_state_s *s,
349 int x, int y, int w, int h)
350 {
351 DisplaySurface *surface = qemu_console_surface(s->vga.con);
352 int line;
353 int bypl;
354 int width;
355 int start;
356 uint8_t *src;
357 uint8_t *dst;
358
359 if (!vmsvga_verify_rect(surface, __func__, x, y, w, h)) {
360 /* go for a fullscreen update as fallback */
361 x = 0;
362 y = 0;
363 w = surface_width(surface);
364 h = surface_height(surface);
365 }
366
367 bypl = surface_stride(surface);
368 width = surface_bytes_per_pixel(surface) * w;
369 start = surface_bytes_per_pixel(surface) * x + bypl * y;
370 src = s->vga.vram_ptr + start;
371 dst = surface_data(surface) + start;
372
373 for (line = h; line > 0; line--, src += bypl, dst += bypl) {
374 memcpy(dst, src, width);
375 }
376 dpy_gfx_update(s->vga.con, x, y, w, h);
377 }
378
379 static inline void vmsvga_update_rect_delayed(struct vmsvga_state_s *s,
380 int x, int y, int w, int h)
381 {
382 struct vmsvga_rect_s *rect = &s->redraw_fifo[s->redraw_fifo_last++];
383
384 s->redraw_fifo_last &= REDRAW_FIFO_LEN - 1;
385 rect->x = x;
386 rect->y = y;
387 rect->w = w;
388 rect->h = h;
389 }
390
391 static inline void vmsvga_update_rect_flush(struct vmsvga_state_s *s)
392 {
393 struct vmsvga_rect_s *rect;
394
395 if (s->invalidated) {
396 s->redraw_fifo_first = s->redraw_fifo_last;
397 return;
398 }
399 /* Overlapping region updates can be optimised out here - if someone
400 * knows a smart algorithm to do that, please share. */
401 while (s->redraw_fifo_first != s->redraw_fifo_last) {
402 rect = &s->redraw_fifo[s->redraw_fifo_first++];
403 s->redraw_fifo_first &= REDRAW_FIFO_LEN - 1;
404 vmsvga_update_rect(s, rect->x, rect->y, rect->w, rect->h);
405 }
406 }
407
408 #ifdef HW_RECT_ACCEL
409 static inline int vmsvga_copy_rect(struct vmsvga_state_s *s,
410 int x0, int y0, int x1, int y1, int w, int h)
411 {
412 DisplaySurface *surface = qemu_console_surface(s->vga.con);
413 uint8_t *vram = s->vga.vram_ptr;
414 int bypl = surface_stride(surface);
415 int bypp = surface_bytes_per_pixel(surface);
416 int width = bypp * w;
417 int line = h;
418 uint8_t *ptr[2];
419
420 if (!vmsvga_verify_rect(surface, "vmsvga_copy_rect/src", x0, y0, w, h)) {
421 return -1;
422 }
423 if (!vmsvga_verify_rect(surface, "vmsvga_copy_rect/dst", x1, y1, w, h)) {
424 return -1;
425 }
426
427 if (y1 > y0) {
428 ptr[0] = vram + bypp * x0 + bypl * (y0 + h - 1);
429 ptr[1] = vram + bypp * x1 + bypl * (y1 + h - 1);
430 for (; line > 0; line --, ptr[0] -= bypl, ptr[1] -= bypl) {
431 memmove(ptr[1], ptr[0], width);
432 }
433 } else {
434 ptr[0] = vram + bypp * x0 + bypl * y0;
435 ptr[1] = vram + bypp * x1 + bypl * y1;
436 for (; line > 0; line --, ptr[0] += bypl, ptr[1] += bypl) {
437 memmove(ptr[1], ptr[0], width);
438 }
439 }
440
441 vmsvga_update_rect_delayed(s, x1, y1, w, h);
442 return 0;
443 }
444 #endif
445
446 #ifdef HW_FILL_ACCEL
447 static inline int vmsvga_fill_rect(struct vmsvga_state_s *s,
448 uint32_t c, int x, int y, int w, int h)
449 {
450 DisplaySurface *surface = qemu_console_surface(s->vga.con);
451 int bypl = surface_stride(surface);
452 int width = surface_bytes_per_pixel(surface) * w;
453 int line = h;
454 int column;
455 uint8_t *fst;
456 uint8_t *dst;
457 uint8_t *src;
458 uint8_t col[4];
459
460 if (!vmsvga_verify_rect(surface, __func__, x, y, w, h)) {
461 return -1;
462 }
463
464 col[0] = c;
465 col[1] = c >> 8;
466 col[2] = c >> 16;
467 col[3] = c >> 24;
468
469 fst = s->vga.vram_ptr + surface_bytes_per_pixel(surface) * x + bypl * y;
470
471 if (line--) {
472 dst = fst;
473 src = col;
474 for (column = width; column > 0; column--) {
475 *(dst++) = *(src++);
476 if (src - col == surface_bytes_per_pixel(surface)) {
477 src = col;
478 }
479 }
480 dst = fst;
481 for (; line > 0; line--) {
482 dst += bypl;
483 memcpy(dst, fst, width);
484 }
485 }
486
487 vmsvga_update_rect_delayed(s, x, y, w, h);
488 return 0;
489 }
490 #endif
491
492 struct vmsvga_cursor_definition_s {
493 uint32_t width;
494 uint32_t height;
495 int id;
496 uint32_t bpp;
497 int hot_x;
498 int hot_y;
499 uint32_t mask[1024];
500 uint32_t image[4096];
501 };
502
503 #define SVGA_BITMAP_SIZE(w, h) ((((w) + 31) >> 5) * (h))
504 #define SVGA_PIXMAP_SIZE(w, h, bpp) (((((w) * (bpp)) + 31) >> 5) * (h))
505
506 #ifdef HW_MOUSE_ACCEL
507 static inline void vmsvga_cursor_define(struct vmsvga_state_s *s,
508 struct vmsvga_cursor_definition_s *c)
509 {
510 QEMUCursor *qc;
511 int i, pixels;
512
513 qc = cursor_alloc(c->width, c->height);
514 qc->hot_x = c->hot_x;
515 qc->hot_y = c->hot_y;
516 switch (c->bpp) {
517 case 1:
518 cursor_set_mono(qc, 0xffffff, 0x000000, (void *)c->image,
519 1, (void *)c->mask);
520 #ifdef DEBUG
521 cursor_print_ascii_art(qc, "vmware/mono");
522 #endif
523 break;
524 case 32:
525 /* fill alpha channel from mask, set color to zero */
526 cursor_set_mono(qc, 0x000000, 0x000000, (void *)c->mask,
527 1, (void *)c->mask);
528 /* add in rgb values */
529 pixels = c->width * c->height;
530 for (i = 0; i < pixels; i++) {
531 qc->data[i] |= c->image[i] & 0xffffff;
532 }
533 #ifdef DEBUG
534 cursor_print_ascii_art(qc, "vmware/32bit");
535 #endif
536 break;
537 default:
538 fprintf(stderr, "%s: unhandled bpp %d, using fallback cursor\n",
539 __func__, c->bpp);
540 cursor_put(qc);
541 qc = cursor_builtin_left_ptr();
542 }
543
544 dpy_cursor_define(s->vga.con, qc);
545 cursor_put(qc);
546 }
547 #endif
548
549 #define CMD(f) le32_to_cpu(s->cmd->f)
550
551 static inline int vmsvga_fifo_length(struct vmsvga_state_s *s)
552 {
553 int num;
554
555 if (!s->config || !s->enable) {
556 return 0;
557 }
558
559 /* Check range and alignment. */
560 if ((CMD(min) | CMD(max) | CMD(next_cmd) | CMD(stop)) & 3) {
561 return 0;
562 }
563 if (CMD(min) < (uint8_t *) s->cmd->fifo - (uint8_t *) s->fifo) {
564 return 0;
565 }
566 if (CMD(max) > SVGA_FIFO_SIZE ||
567 CMD(min) >= SVGA_FIFO_SIZE ||
568 CMD(stop) >= SVGA_FIFO_SIZE ||
569 CMD(next_cmd) >= SVGA_FIFO_SIZE) {
570 return 0;
571 }
572 if (CMD(max) < CMD(min) + 10 * 1024) {
573 return 0;
574 }
575
576 num = CMD(next_cmd) - CMD(stop);
577 if (num < 0) {
578 num += CMD(max) - CMD(min);
579 }
580 return num >> 2;
581 }
582
583 static inline uint32_t vmsvga_fifo_read_raw(struct vmsvga_state_s *s)
584 {
585 uint32_t cmd = s->fifo[CMD(stop) >> 2];
586
587 s->cmd->stop = cpu_to_le32(CMD(stop) + 4);
588 if (CMD(stop) >= CMD(max)) {
589 s->cmd->stop = s->cmd->min;
590 }
591 return cmd;
592 }
593
594 static inline uint32_t vmsvga_fifo_read(struct vmsvga_state_s *s)
595 {
596 return le32_to_cpu(vmsvga_fifo_read_raw(s));
597 }
598
599 static void vmsvga_fifo_run(struct vmsvga_state_s *s)
600 {
601 uint32_t cmd, colour;
602 int args, len;
603 int x, y, dx, dy, width, height;
604 struct vmsvga_cursor_definition_s cursor;
605 uint32_t cmd_start;
606
607 len = vmsvga_fifo_length(s);
608 while (len > 0) {
609 /* May need to go back to the start of the command if incomplete */
610 cmd_start = s->cmd->stop;
611
612 switch (cmd = vmsvga_fifo_read(s)) {
613 case SVGA_CMD_UPDATE:
614 case SVGA_CMD_UPDATE_VERBOSE:
615 len -= 5;
616 if (len < 0) {
617 goto rewind;
618 }
619
620 x = vmsvga_fifo_read(s);
621 y = vmsvga_fifo_read(s);
622 width = vmsvga_fifo_read(s);
623 height = vmsvga_fifo_read(s);
624 vmsvga_update_rect_delayed(s, x, y, width, height);
625 break;
626
627 case SVGA_CMD_RECT_FILL:
628 len -= 6;
629 if (len < 0) {
630 goto rewind;
631 }
632
633 colour = vmsvga_fifo_read(s);
634 x = vmsvga_fifo_read(s);
635 y = vmsvga_fifo_read(s);
636 width = vmsvga_fifo_read(s);
637 height = vmsvga_fifo_read(s);
638 #ifdef HW_FILL_ACCEL
639 if (vmsvga_fill_rect(s, colour, x, y, width, height) == 0) {
640 break;
641 }
642 #endif
643 args = 0;
644 goto badcmd;
645
646 case SVGA_CMD_RECT_COPY:
647 len -= 7;
648 if (len < 0) {
649 goto rewind;
650 }
651
652 x = vmsvga_fifo_read(s);
653 y = vmsvga_fifo_read(s);
654 dx = vmsvga_fifo_read(s);
655 dy = vmsvga_fifo_read(s);
656 width = vmsvga_fifo_read(s);
657 height = vmsvga_fifo_read(s);
658 #ifdef HW_RECT_ACCEL
659 if (vmsvga_copy_rect(s, x, y, dx, dy, width, height) == 0) {
660 break;
661 }
662 #endif
663 args = 0;
664 goto badcmd;
665
666 case SVGA_CMD_DEFINE_CURSOR:
667 len -= 8;
668 if (len < 0) {
669 goto rewind;
670 }
671
672 cursor.id = vmsvga_fifo_read(s);
673 cursor.hot_x = vmsvga_fifo_read(s);
674 cursor.hot_y = vmsvga_fifo_read(s);
675 cursor.width = x = vmsvga_fifo_read(s);
676 cursor.height = y = vmsvga_fifo_read(s);
677 vmsvga_fifo_read(s);
678 cursor.bpp = vmsvga_fifo_read(s);
679
680 args = SVGA_BITMAP_SIZE(x, y) + SVGA_PIXMAP_SIZE(x, y, cursor.bpp);
681 if (cursor.width > 256 ||
682 cursor.height > 256 ||
683 cursor.bpp > 32 ||
684 SVGA_BITMAP_SIZE(x, y) > sizeof cursor.mask ||
685 SVGA_PIXMAP_SIZE(x, y, cursor.bpp) > sizeof cursor.image) {
686 goto badcmd;
687 }
688
689 len -= args;
690 if (len < 0) {
691 goto rewind;
692 }
693
694 for (args = 0; args < SVGA_BITMAP_SIZE(x, y); args++) {
695 cursor.mask[args] = vmsvga_fifo_read_raw(s);
696 }
697 for (args = 0; args < SVGA_PIXMAP_SIZE(x, y, cursor.bpp); args++) {
698 cursor.image[args] = vmsvga_fifo_read_raw(s);
699 }
700 #ifdef HW_MOUSE_ACCEL
701 vmsvga_cursor_define(s, &cursor);
702 break;
703 #else
704 args = 0;
705 goto badcmd;
706 #endif
707
708 /*
709 * Other commands that we at least know the number of arguments
710 * for so we can avoid FIFO desync if driver uses them illegally.
711 */
712 case SVGA_CMD_DEFINE_ALPHA_CURSOR:
713 len -= 6;
714 if (len < 0) {
715 goto rewind;
716 }
717 vmsvga_fifo_read(s);
718 vmsvga_fifo_read(s);
719 vmsvga_fifo_read(s);
720 x = vmsvga_fifo_read(s);
721 y = vmsvga_fifo_read(s);
722 args = x * y;
723 goto badcmd;
724 case SVGA_CMD_RECT_ROP_FILL:
725 args = 6;
726 goto badcmd;
727 case SVGA_CMD_RECT_ROP_COPY:
728 args = 7;
729 goto badcmd;
730 case SVGA_CMD_DRAW_GLYPH_CLIPPED:
731 len -= 4;
732 if (len < 0) {
733 goto rewind;
734 }
735 vmsvga_fifo_read(s);
736 vmsvga_fifo_read(s);
737 args = 7 + (vmsvga_fifo_read(s) >> 2);
738 goto badcmd;
739 case SVGA_CMD_SURFACE_ALPHA_BLEND:
740 args = 12;
741 goto badcmd;
742
743 /*
744 * Other commands that are not listed as depending on any
745 * CAPABILITIES bits, but are not described in the README either.
746 */
747 case SVGA_CMD_SURFACE_FILL:
748 case SVGA_CMD_SURFACE_COPY:
749 case SVGA_CMD_FRONT_ROP_FILL:
750 case SVGA_CMD_FENCE:
751 case SVGA_CMD_INVALID_CMD:
752 break; /* Nop */
753
754 default:
755 args = 0;
756 badcmd:
757 len -= args;
758 if (len < 0) {
759 goto rewind;
760 }
761 while (args--) {
762 vmsvga_fifo_read(s);
763 }
764 printf("%s: Unknown command 0x%02x in SVGA command FIFO\n",
765 __func__, cmd);
766 break;
767
768 rewind:
769 s->cmd->stop = cmd_start;
770 break;
771 }
772 }
773
774 s->syncing = 0;
775 }
776
777 static uint32_t vmsvga_index_read(void *opaque, uint32_t address)
778 {
779 struct vmsvga_state_s *s = opaque;
780
781 return s->index;
782 }
783
784 static void vmsvga_index_write(void *opaque, uint32_t address, uint32_t index)
785 {
786 struct vmsvga_state_s *s = opaque;
787
788 s->index = index;
789 }
790
791 static uint32_t vmsvga_value_read(void *opaque, uint32_t address)
792 {
793 uint32_t caps;
794 struct vmsvga_state_s *s = opaque;
795 DisplaySurface *surface = qemu_console_surface(s->vga.con);
796 PixelFormat pf;
797 uint32_t ret;
798
799 switch (s->index) {
800 case SVGA_REG_ID:
801 ret = s->svgaid;
802 break;
803
804 case SVGA_REG_ENABLE:
805 ret = s->enable;
806 break;
807
808 case SVGA_REG_WIDTH:
809 ret = s->new_width ? s->new_width : surface_width(surface);
810 break;
811
812 case SVGA_REG_HEIGHT:
813 ret = s->new_height ? s->new_height : surface_height(surface);
814 break;
815
816 case SVGA_REG_MAX_WIDTH:
817 ret = SVGA_MAX_WIDTH;
818 break;
819
820 case SVGA_REG_MAX_HEIGHT:
821 ret = SVGA_MAX_HEIGHT;
822 break;
823
824 case SVGA_REG_DEPTH:
825 ret = (s->new_depth == 32) ? 24 : s->new_depth;
826 break;
827
828 case SVGA_REG_BITS_PER_PIXEL:
829 case SVGA_REG_HOST_BITS_PER_PIXEL:
830 ret = s->new_depth;
831 break;
832
833 case SVGA_REG_PSEUDOCOLOR:
834 ret = 0x0;
835 break;
836
837 case SVGA_REG_RED_MASK:
838 pf = qemu_default_pixelformat(s->new_depth);
839 ret = pf.rmask;
840 break;
841
842 case SVGA_REG_GREEN_MASK:
843 pf = qemu_default_pixelformat(s->new_depth);
844 ret = pf.gmask;
845 break;
846
847 case SVGA_REG_BLUE_MASK:
848 pf = qemu_default_pixelformat(s->new_depth);
849 ret = pf.bmask;
850 break;
851
852 case SVGA_REG_BYTES_PER_LINE:
853 if (s->new_width) {
854 ret = (s->new_depth * s->new_width) / 8;
855 } else {
856 ret = surface_stride(surface);
857 }
858 break;
859
860 case SVGA_REG_FB_START: {
861 struct pci_vmsvga_state_s *pci_vmsvga
862 = container_of(s, struct pci_vmsvga_state_s, chip);
863 ret = pci_get_bar_addr(PCI_DEVICE(pci_vmsvga), 1);
864 break;
865 }
866
867 case SVGA_REG_FB_OFFSET:
868 ret = 0x0;
869 break;
870
871 case SVGA_REG_VRAM_SIZE:
872 ret = s->vga.vram_size; /* No physical VRAM besides the framebuffer */
873 break;
874
875 case SVGA_REG_FB_SIZE:
876 ret = s->vga.vram_size;
877 break;
878
879 case SVGA_REG_CAPABILITIES:
880 caps = SVGA_CAP_NONE;
881 #ifdef HW_RECT_ACCEL
882 caps |= SVGA_CAP_RECT_COPY;
883 #endif
884 #ifdef HW_FILL_ACCEL
885 caps |= SVGA_CAP_RECT_FILL;
886 #endif
887 #ifdef HW_MOUSE_ACCEL
888 if (dpy_cursor_define_supported(s->vga.con)) {
889 caps |= SVGA_CAP_CURSOR | SVGA_CAP_CURSOR_BYPASS_2 |
890 SVGA_CAP_CURSOR_BYPASS;
891 }
892 #endif
893 ret = caps;
894 break;
895
896 case SVGA_REG_MEM_START: {
897 struct pci_vmsvga_state_s *pci_vmsvga
898 = container_of(s, struct pci_vmsvga_state_s, chip);
899 ret = pci_get_bar_addr(PCI_DEVICE(pci_vmsvga), 2);
900 break;
901 }
902
903 case SVGA_REG_MEM_SIZE:
904 ret = s->fifo_size;
905 break;
906
907 case SVGA_REG_CONFIG_DONE:
908 ret = s->config;
909 break;
910
911 case SVGA_REG_SYNC:
912 case SVGA_REG_BUSY:
913 ret = s->syncing;
914 break;
915
916 case SVGA_REG_GUEST_ID:
917 ret = s->guest;
918 break;
919
920 case SVGA_REG_CURSOR_ID:
921 ret = s->cursor.id;
922 break;
923
924 case SVGA_REG_CURSOR_X:
925 ret = s->cursor.x;
926 break;
927
928 case SVGA_REG_CURSOR_Y:
929 ret = s->cursor.y;
930 break;
931
932 case SVGA_REG_CURSOR_ON:
933 ret = s->cursor.on;
934 break;
935
936 case SVGA_REG_SCRATCH_SIZE:
937 ret = s->scratch_size;
938 break;
939
940 case SVGA_REG_MEM_REGS:
941 case SVGA_REG_NUM_DISPLAYS:
942 case SVGA_REG_PITCHLOCK:
943 case SVGA_PALETTE_BASE ... SVGA_PALETTE_END:
944 ret = 0;
945 break;
946
947 default:
948 if (s->index >= SVGA_SCRATCH_BASE &&
949 s->index < SVGA_SCRATCH_BASE + s->scratch_size) {
950 ret = s->scratch[s->index - SVGA_SCRATCH_BASE];
951 break;
952 }
953 printf("%s: Bad register %02x\n", __func__, s->index);
954 ret = 0;
955 break;
956 }
957
958 if (s->index >= SVGA_SCRATCH_BASE) {
959 trace_vmware_scratch_read(s->index, ret);
960 } else if (s->index >= SVGA_PALETTE_BASE) {
961 trace_vmware_palette_read(s->index, ret);
962 } else {
963 trace_vmware_value_read(s->index, ret);
964 }
965 return ret;
966 }
967
968 static void vmsvga_value_write(void *opaque, uint32_t address, uint32_t value)
969 {
970 struct vmsvga_state_s *s = opaque;
971
972 if (s->index >= SVGA_SCRATCH_BASE) {
973 trace_vmware_scratch_write(s->index, value);
974 } else if (s->index >= SVGA_PALETTE_BASE) {
975 trace_vmware_palette_write(s->index, value);
976 } else {
977 trace_vmware_value_write(s->index, value);
978 }
979 switch (s->index) {
980 case SVGA_REG_ID:
981 if (value == SVGA_ID_2 || value == SVGA_ID_1 || value == SVGA_ID_0) {
982 s->svgaid = value;
983 }
984 break;
985
986 case SVGA_REG_ENABLE:
987 s->enable = !!value;
988 s->invalidated = 1;
989 s->vga.hw_ops->invalidate(&s->vga);
990 if (s->enable && s->config) {
991 vga_dirty_log_stop(&s->vga);
992 } else {
993 vga_dirty_log_start(&s->vga);
994 }
995 break;
996
997 case SVGA_REG_WIDTH:
998 if (value <= SVGA_MAX_WIDTH) {
999 s->new_width = value;
1000 s->invalidated = 1;
1001 } else {
1002 printf("%s: Bad width: %i\n", __func__, value);
1003 }
1004 break;
1005
1006 case SVGA_REG_HEIGHT:
1007 if (value <= SVGA_MAX_HEIGHT) {
1008 s->new_height = value;
1009 s->invalidated = 1;
1010 } else {
1011 printf("%s: Bad height: %i\n", __func__, value);
1012 }
1013 break;
1014
1015 case SVGA_REG_BITS_PER_PIXEL:
1016 if (value != 32) {
1017 printf("%s: Bad bits per pixel: %i bits\n", __func__, value);
1018 s->config = 0;
1019 s->invalidated = 1;
1020 }
1021 break;
1022
1023 case SVGA_REG_CONFIG_DONE:
1024 if (value) {
1025 s->fifo = (uint32_t *) s->fifo_ptr;
1026 vga_dirty_log_stop(&s->vga);
1027 }
1028 s->config = !!value;
1029 break;
1030
1031 case SVGA_REG_SYNC:
1032 s->syncing = 1;
1033 vmsvga_fifo_run(s); /* Or should we just wait for update_display? */
1034 break;
1035
1036 case SVGA_REG_GUEST_ID:
1037 s->guest = value;
1038 #ifdef VERBOSE
1039 if (value >= GUEST_OS_BASE && value < GUEST_OS_BASE +
1040 ARRAY_SIZE(vmsvga_guest_id)) {
1041 printf("%s: guest runs %s.\n", __func__,
1042 vmsvga_guest_id[value - GUEST_OS_BASE]);
1043 }
1044 #endif
1045 break;
1046
1047 case SVGA_REG_CURSOR_ID:
1048 s->cursor.id = value;
1049 break;
1050
1051 case SVGA_REG_CURSOR_X:
1052 s->cursor.x = value;
1053 break;
1054
1055 case SVGA_REG_CURSOR_Y:
1056 s->cursor.y = value;
1057 break;
1058
1059 case SVGA_REG_CURSOR_ON:
1060 s->cursor.on |= (value == SVGA_CURSOR_ON_SHOW);
1061 s->cursor.on &= (value != SVGA_CURSOR_ON_HIDE);
1062 #ifdef HW_MOUSE_ACCEL
1063 if (value <= SVGA_CURSOR_ON_SHOW) {
1064 dpy_mouse_set(s->vga.con, s->cursor.x, s->cursor.y, s->cursor.on);
1065 }
1066 #endif
1067 break;
1068
1069 case SVGA_REG_DEPTH:
1070 case SVGA_REG_MEM_REGS:
1071 case SVGA_REG_NUM_DISPLAYS:
1072 case SVGA_REG_PITCHLOCK:
1073 case SVGA_PALETTE_BASE ... SVGA_PALETTE_END:
1074 break;
1075
1076 default:
1077 if (s->index >= SVGA_SCRATCH_BASE &&
1078 s->index < SVGA_SCRATCH_BASE + s->scratch_size) {
1079 s->scratch[s->index - SVGA_SCRATCH_BASE] = value;
1080 break;
1081 }
1082 printf("%s: Bad register %02x\n", __func__, s->index);
1083 }
1084 }
1085
1086 static uint32_t vmsvga_bios_read(void *opaque, uint32_t address)
1087 {
1088 printf("%s: what are we supposed to return?\n", __func__);
1089 return 0xcafe;
1090 }
1091
1092 static void vmsvga_bios_write(void *opaque, uint32_t address, uint32_t data)
1093 {
1094 printf("%s: what are we supposed to do with (%08x)?\n", __func__, data);
1095 }
1096
1097 static inline void vmsvga_check_size(struct vmsvga_state_s *s)
1098 {
1099 DisplaySurface *surface = qemu_console_surface(s->vga.con);
1100
1101 if (s->new_width != surface_width(surface) ||
1102 s->new_height != surface_height(surface) ||
1103 s->new_depth != surface_bits_per_pixel(surface)) {
1104 int stride = (s->new_depth * s->new_width) / 8;
1105 pixman_format_code_t format =
1106 qemu_default_pixman_format(s->new_depth, true);
1107 trace_vmware_setmode(s->new_width, s->new_height, s->new_depth);
1108 surface = qemu_create_displaysurface_from(s->new_width, s->new_height,
1109 format, stride,
1110 s->vga.vram_ptr);
1111 dpy_gfx_replace_surface(s->vga.con, surface);
1112 s->invalidated = 1;
1113 }
1114 }
1115
1116 static void vmsvga_update_display(void *opaque)
1117 {
1118 struct vmsvga_state_s *s = opaque;
1119 DisplaySurface *surface;
1120 bool dirty = false;
1121
1122 if (!s->enable) {
1123 s->vga.hw_ops->gfx_update(&s->vga);
1124 return;
1125 }
1126
1127 vmsvga_check_size(s);
1128 surface = qemu_console_surface(s->vga.con);
1129
1130 vmsvga_fifo_run(s);
1131 vmsvga_update_rect_flush(s);
1132
1133 /*
1134 * Is it more efficient to look at vram VGA-dirty bits or wait
1135 * for the driver to issue SVGA_CMD_UPDATE?
1136 */
1137 if (memory_region_is_logging(&s->vga.vram, DIRTY_MEMORY_VGA)) {
1138 vga_sync_dirty_bitmap(&s->vga);
1139 dirty = memory_region_get_dirty(&s->vga.vram, 0,
1140 surface_stride(surface) * surface_height(surface),
1141 DIRTY_MEMORY_VGA);
1142 }
1143 if (s->invalidated || dirty) {
1144 s->invalidated = 0;
1145 dpy_gfx_update(s->vga.con, 0, 0,
1146 surface_width(surface), surface_height(surface));
1147 }
1148 if (dirty) {
1149 memory_region_reset_dirty(&s->vga.vram, 0,
1150 surface_stride(surface) * surface_height(surface),
1151 DIRTY_MEMORY_VGA);
1152 }
1153 }
1154
1155 static void vmsvga_reset(DeviceState *dev)
1156 {
1157 struct pci_vmsvga_state_s *pci = VMWARE_SVGA(dev);
1158 struct vmsvga_state_s *s = &pci->chip;
1159
1160 s->index = 0;
1161 s->enable = 0;
1162 s->config = 0;
1163 s->svgaid = SVGA_ID;
1164 s->cursor.on = 0;
1165 s->redraw_fifo_first = 0;
1166 s->redraw_fifo_last = 0;
1167 s->syncing = 0;
1168
1169 vga_dirty_log_start(&s->vga);
1170 }
1171
1172 static void vmsvga_invalidate_display(void *opaque)
1173 {
1174 struct vmsvga_state_s *s = opaque;
1175 if (!s->enable) {
1176 s->vga.hw_ops->invalidate(&s->vga);
1177 return;
1178 }
1179
1180 s->invalidated = 1;
1181 }
1182
1183 static void vmsvga_text_update(void *opaque, console_ch_t *chardata)
1184 {
1185 struct vmsvga_state_s *s = opaque;
1186
1187 if (s->vga.hw_ops->text_update) {
1188 s->vga.hw_ops->text_update(&s->vga, chardata);
1189 }
1190 }
1191
1192 static int vmsvga_post_load(void *opaque, int version_id)
1193 {
1194 struct vmsvga_state_s *s = opaque;
1195
1196 s->invalidated = 1;
1197 if (s->config) {
1198 s->fifo = (uint32_t *) s->fifo_ptr;
1199 }
1200 return 0;
1201 }
1202
1203 static const VMStateDescription vmstate_vmware_vga_internal = {
1204 .name = "vmware_vga_internal",
1205 .version_id = 0,
1206 .minimum_version_id = 0,
1207 .post_load = vmsvga_post_load,
1208 .fields = (VMStateField[]) {
1209 VMSTATE_INT32_EQUAL(new_depth, struct vmsvga_state_s),
1210 VMSTATE_INT32(enable, struct vmsvga_state_s),
1211 VMSTATE_INT32(config, struct vmsvga_state_s),
1212 VMSTATE_INT32(cursor.id, struct vmsvga_state_s),
1213 VMSTATE_INT32(cursor.x, struct vmsvga_state_s),
1214 VMSTATE_INT32(cursor.y, struct vmsvga_state_s),
1215 VMSTATE_INT32(cursor.on, struct vmsvga_state_s),
1216 VMSTATE_INT32(index, struct vmsvga_state_s),
1217 VMSTATE_VARRAY_INT32(scratch, struct vmsvga_state_s,
1218 scratch_size, 0, vmstate_info_uint32, uint32_t),
1219 VMSTATE_INT32(new_width, struct vmsvga_state_s),
1220 VMSTATE_INT32(new_height, struct vmsvga_state_s),
1221 VMSTATE_UINT32(guest, struct vmsvga_state_s),
1222 VMSTATE_UINT32(svgaid, struct vmsvga_state_s),
1223 VMSTATE_INT32(syncing, struct vmsvga_state_s),
1224 VMSTATE_UNUSED(4), /* was fb_size */
1225 VMSTATE_END_OF_LIST()
1226 }
1227 };
1228
1229 static const VMStateDescription vmstate_vmware_vga = {
1230 .name = "vmware_vga",
1231 .version_id = 0,
1232 .minimum_version_id = 0,
1233 .fields = (VMStateField[]) {
1234 VMSTATE_PCI_DEVICE(parent_obj, struct pci_vmsvga_state_s),
1235 VMSTATE_STRUCT(chip, struct pci_vmsvga_state_s, 0,
1236 vmstate_vmware_vga_internal, struct vmsvga_state_s),
1237 VMSTATE_END_OF_LIST()
1238 }
1239 };
1240
1241 static const GraphicHwOps vmsvga_ops = {
1242 .invalidate = vmsvga_invalidate_display,
1243 .gfx_update = vmsvga_update_display,
1244 .text_update = vmsvga_text_update,
1245 };
1246
1247 static void vmsvga_init(DeviceState *dev, struct vmsvga_state_s *s,
1248 MemoryRegion *address_space, MemoryRegion *io)
1249 {
1250 s->scratch_size = SVGA_SCRATCH_SIZE;
1251 s->scratch = g_malloc(s->scratch_size * 4);
1252
1253 s->vga.con = graphic_console_init(dev, 0, &vmsvga_ops, s);
1254
1255 s->fifo_size = SVGA_FIFO_SIZE;
1256 memory_region_init_ram(&s->fifo_ram, NULL, "vmsvga.fifo", s->fifo_size,
1257 &error_fatal);
1258 vmstate_register_ram_global(&s->fifo_ram);
1259 s->fifo_ptr = memory_region_get_ram_ptr(&s->fifo_ram);
1260
1261 vga_common_init(&s->vga, OBJECT(dev), true);
1262 vga_init(&s->vga, OBJECT(dev), address_space, io, true);
1263 vmstate_register(NULL, 0, &vmstate_vga_common, &s->vga);
1264 s->new_depth = 32;
1265 }
1266
1267 static uint64_t vmsvga_io_read(void *opaque, hwaddr addr, unsigned size)
1268 {
1269 struct vmsvga_state_s *s = opaque;
1270
1271 switch (addr) {
1272 case SVGA_IO_MUL * SVGA_INDEX_PORT: return vmsvga_index_read(s, addr);
1273 case SVGA_IO_MUL * SVGA_VALUE_PORT: return vmsvga_value_read(s, addr);
1274 case SVGA_IO_MUL * SVGA_BIOS_PORT: return vmsvga_bios_read(s, addr);
1275 default: return -1u;
1276 }
1277 }
1278
1279 static void vmsvga_io_write(void *opaque, hwaddr addr,
1280 uint64_t data, unsigned size)
1281 {
1282 struct vmsvga_state_s *s = opaque;
1283
1284 switch (addr) {
1285 case SVGA_IO_MUL * SVGA_INDEX_PORT:
1286 vmsvga_index_write(s, addr, data);
1287 break;
1288 case SVGA_IO_MUL * SVGA_VALUE_PORT:
1289 vmsvga_value_write(s, addr, data);
1290 break;
1291 case SVGA_IO_MUL * SVGA_BIOS_PORT:
1292 vmsvga_bios_write(s, addr, data);
1293 break;
1294 }
1295 }
1296
1297 static const MemoryRegionOps vmsvga_io_ops = {
1298 .read = vmsvga_io_read,
1299 .write = vmsvga_io_write,
1300 .endianness = DEVICE_LITTLE_ENDIAN,
1301 .valid = {
1302 .min_access_size = 4,
1303 .max_access_size = 4,
1304 .unaligned = true,
1305 },
1306 .impl = {
1307 .unaligned = true,
1308 },
1309 };
1310
1311 static void pci_vmsvga_realize(PCIDevice *dev, Error **errp)
1312 {
1313 struct pci_vmsvga_state_s *s = VMWARE_SVGA(dev);
1314
1315 dev->config[PCI_CACHE_LINE_SIZE] = 0x08;
1316 dev->config[PCI_LATENCY_TIMER] = 0x40;
1317 dev->config[PCI_INTERRUPT_LINE] = 0xff; /* End */
1318
1319 memory_region_init_io(&s->io_bar, NULL, &vmsvga_io_ops, &s->chip,
1320 "vmsvga-io", 0x10);
1321 memory_region_set_flush_coalesced(&s->io_bar);
1322 pci_register_bar(dev, 0, PCI_BASE_ADDRESS_SPACE_IO, &s->io_bar);
1323
1324 vmsvga_init(DEVICE(dev), &s->chip,
1325 pci_address_space(dev), pci_address_space_io(dev));
1326
1327 pci_register_bar(dev, 1, PCI_BASE_ADDRESS_MEM_PREFETCH,
1328 &s->chip.vga.vram);
1329 pci_register_bar(dev, 2, PCI_BASE_ADDRESS_MEM_PREFETCH,
1330 &s->chip.fifo_ram);
1331
1332 if (!dev->rom_bar) {
1333 /* compatibility with pc-0.13 and older */
1334 vga_init_vbe(&s->chip.vga, OBJECT(dev), pci_address_space(dev));
1335 }
1336 }
1337
1338 static Property vga_vmware_properties[] = {
1339 DEFINE_PROP_UINT32("vgamem_mb", struct pci_vmsvga_state_s,
1340 chip.vga.vram_size_mb, 16),
1341 DEFINE_PROP_END_OF_LIST(),
1342 };
1343
1344 static void vmsvga_class_init(ObjectClass *klass, void *data)
1345 {
1346 DeviceClass *dc = DEVICE_CLASS(klass);
1347 PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
1348
1349 k->realize = pci_vmsvga_realize;
1350 k->romfile = "vgabios-vmware.bin";
1351 k->vendor_id = PCI_VENDOR_ID_VMWARE;
1352 k->device_id = SVGA_PCI_DEVICE_ID;
1353 k->class_id = PCI_CLASS_DISPLAY_VGA;
1354 k->subsystem_vendor_id = PCI_VENDOR_ID_VMWARE;
1355 k->subsystem_id = SVGA_PCI_DEVICE_ID;
1356 dc->reset = vmsvga_reset;
1357 dc->vmsd = &vmstate_vmware_vga;
1358 dc->props = vga_vmware_properties;
1359 dc->hotpluggable = false;
1360 set_bit(DEVICE_CATEGORY_DISPLAY, dc->categories);
1361 }
1362
1363 static const TypeInfo vmsvga_info = {
1364 .name = TYPE_VMWARE_SVGA,
1365 .parent = TYPE_PCI_DEVICE,
1366 .instance_size = sizeof(struct pci_vmsvga_state_s),
1367 .class_init = vmsvga_class_init,
1368 };
1369
1370 static void vmsvga_register_types(void)
1371 {
1372 type_register_static(&vmsvga_info);
1373 }
1374
1375 type_init(vmsvga_register_types)