scsi: esp: check buffer length before reading scsi command
[qemu.git] / ui / spice-display.c
1 /*
2 * Copyright (C) 2010 Red Hat, Inc.
3 *
4 * This program is free software; you can redistribute it and/or
5 * modify it under the terms of the GNU General Public License as
6 * published by the Free Software Foundation; either version 2 or
7 * (at your option) version 3 of the License.
8 *
9 * This program is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU General Public License for more details.
13 *
14 * You should have received a copy of the GNU General Public License
15 * along with this program; if not, see <http://www.gnu.org/licenses/>.
16 */
17
18 #include "qemu/osdep.h"
19 #include "qemu-common.h"
20 #include "ui/qemu-spice.h"
21 #include "qemu/timer.h"
22 #include "qemu/queue.h"
23 #include "ui/console.h"
24 #include "sysemu/sysemu.h"
25 #include "trace.h"
26
27 #include "ui/spice-display.h"
28
29 static int debug = 0;
30
31 static void GCC_FMT_ATTR(2, 3) dprint(int level, const char *fmt, ...)
32 {
33 va_list args;
34
35 if (level <= debug) {
36 va_start(args, fmt);
37 vfprintf(stderr, fmt, args);
38 va_end(args);
39 }
40 }
41
42 int qemu_spice_rect_is_empty(const QXLRect* r)
43 {
44 return r->top == r->bottom || r->left == r->right;
45 }
46
47 void qemu_spice_rect_union(QXLRect *dest, const QXLRect *r)
48 {
49 if (qemu_spice_rect_is_empty(r)) {
50 return;
51 }
52
53 if (qemu_spice_rect_is_empty(dest)) {
54 *dest = *r;
55 return;
56 }
57
58 dest->top = MIN(dest->top, r->top);
59 dest->left = MIN(dest->left, r->left);
60 dest->bottom = MAX(dest->bottom, r->bottom);
61 dest->right = MAX(dest->right, r->right);
62 }
63
64 QXLCookie *qxl_cookie_new(int type, uint64_t io)
65 {
66 QXLCookie *cookie;
67
68 cookie = g_malloc0(sizeof(*cookie));
69 cookie->type = type;
70 cookie->io = io;
71 return cookie;
72 }
73
74 void qemu_spice_add_memslot(SimpleSpiceDisplay *ssd, QXLDevMemSlot *memslot,
75 qxl_async_io async)
76 {
77 trace_qemu_spice_add_memslot(ssd->qxl.id, memslot->slot_id,
78 memslot->virt_start, memslot->virt_end,
79 async);
80
81 if (async != QXL_SYNC) {
82 spice_qxl_add_memslot_async(&ssd->qxl, memslot,
83 (uintptr_t)qxl_cookie_new(QXL_COOKIE_TYPE_IO,
84 QXL_IO_MEMSLOT_ADD_ASYNC));
85 } else {
86 spice_qxl_add_memslot(&ssd->qxl, memslot);
87 }
88 }
89
90 void qemu_spice_del_memslot(SimpleSpiceDisplay *ssd, uint32_t gid, uint32_t sid)
91 {
92 trace_qemu_spice_del_memslot(ssd->qxl.id, gid, sid);
93 spice_qxl_del_memslot(&ssd->qxl, gid, sid);
94 }
95
96 void qemu_spice_create_primary_surface(SimpleSpiceDisplay *ssd, uint32_t id,
97 QXLDevSurfaceCreate *surface,
98 qxl_async_io async)
99 {
100 trace_qemu_spice_create_primary_surface(ssd->qxl.id, id, surface, async);
101 if (async != QXL_SYNC) {
102 spice_qxl_create_primary_surface_async(&ssd->qxl, id, surface,
103 (uintptr_t)qxl_cookie_new(QXL_COOKIE_TYPE_IO,
104 QXL_IO_CREATE_PRIMARY_ASYNC));
105 } else {
106 spice_qxl_create_primary_surface(&ssd->qxl, id, surface);
107 }
108 }
109
110 void qemu_spice_destroy_primary_surface(SimpleSpiceDisplay *ssd,
111 uint32_t id, qxl_async_io async)
112 {
113 trace_qemu_spice_destroy_primary_surface(ssd->qxl.id, id, async);
114 if (async != QXL_SYNC) {
115 spice_qxl_destroy_primary_surface_async(&ssd->qxl, id,
116 (uintptr_t)qxl_cookie_new(QXL_COOKIE_TYPE_IO,
117 QXL_IO_DESTROY_PRIMARY_ASYNC));
118 } else {
119 spice_qxl_destroy_primary_surface(&ssd->qxl, id);
120 }
121 }
122
123 void qemu_spice_wakeup(SimpleSpiceDisplay *ssd)
124 {
125 trace_qemu_spice_wakeup(ssd->qxl.id);
126 spice_qxl_wakeup(&ssd->qxl);
127 }
128
129 static void qemu_spice_create_one_update(SimpleSpiceDisplay *ssd,
130 QXLRect *rect)
131 {
132 SimpleSpiceUpdate *update;
133 QXLDrawable *drawable;
134 QXLImage *image;
135 QXLCommand *cmd;
136 int bw, bh;
137 struct timespec time_space;
138 pixman_image_t *dest;
139
140 trace_qemu_spice_create_update(
141 rect->left, rect->right,
142 rect->top, rect->bottom);
143
144 update = g_malloc0(sizeof(*update));
145 drawable = &update->drawable;
146 image = &update->image;
147 cmd = &update->ext.cmd;
148
149 bw = rect->right - rect->left;
150 bh = rect->bottom - rect->top;
151 update->bitmap = g_malloc(bw * bh * 4);
152
153 drawable->bbox = *rect;
154 drawable->clip.type = SPICE_CLIP_TYPE_NONE;
155 drawable->effect = QXL_EFFECT_OPAQUE;
156 drawable->release_info.id = (uintptr_t)(&update->ext);
157 drawable->type = QXL_DRAW_COPY;
158 drawable->surfaces_dest[0] = -1;
159 drawable->surfaces_dest[1] = -1;
160 drawable->surfaces_dest[2] = -1;
161 clock_gettime(CLOCK_MONOTONIC, &time_space);
162 /* time in milliseconds from epoch. */
163 drawable->mm_time = time_space.tv_sec * 1000
164 + time_space.tv_nsec / 1000 / 1000;
165
166 drawable->u.copy.rop_descriptor = SPICE_ROPD_OP_PUT;
167 drawable->u.copy.src_bitmap = (uintptr_t)image;
168 drawable->u.copy.src_area.right = bw;
169 drawable->u.copy.src_area.bottom = bh;
170
171 QXL_SET_IMAGE_ID(image, QXL_IMAGE_GROUP_DEVICE, ssd->unique++);
172 image->descriptor.type = SPICE_IMAGE_TYPE_BITMAP;
173 image->bitmap.flags = QXL_BITMAP_DIRECT | QXL_BITMAP_TOP_DOWN;
174 image->bitmap.stride = bw * 4;
175 image->descriptor.width = image->bitmap.x = bw;
176 image->descriptor.height = image->bitmap.y = bh;
177 image->bitmap.data = (uintptr_t)(update->bitmap);
178 image->bitmap.palette = 0;
179 image->bitmap.format = SPICE_BITMAP_FMT_32BIT;
180
181 dest = pixman_image_create_bits(PIXMAN_LE_x8r8g8b8, bw, bh,
182 (void *)update->bitmap, bw * 4);
183 pixman_image_composite(PIXMAN_OP_SRC, ssd->surface, NULL, ssd->mirror,
184 rect->left, rect->top, 0, 0,
185 rect->left, rect->top, bw, bh);
186 pixman_image_composite(PIXMAN_OP_SRC, ssd->mirror, NULL, dest,
187 rect->left, rect->top, 0, 0,
188 0, 0, bw, bh);
189 pixman_image_unref(dest);
190
191 cmd->type = QXL_CMD_DRAW;
192 cmd->data = (uintptr_t)drawable;
193
194 QTAILQ_INSERT_TAIL(&ssd->updates, update, next);
195 }
196
197 static void qemu_spice_create_update(SimpleSpiceDisplay *ssd)
198 {
199 static const int blksize = 32;
200 int blocks = DIV_ROUND_UP(surface_width(ssd->ds), blksize);
201 int dirty_top[blocks];
202 int y, yoff1, yoff2, x, xoff, blk, bw;
203 int bpp = surface_bytes_per_pixel(ssd->ds);
204 uint8_t *guest, *mirror;
205
206 if (qemu_spice_rect_is_empty(&ssd->dirty)) {
207 return;
208 };
209
210 for (blk = 0; blk < blocks; blk++) {
211 dirty_top[blk] = -1;
212 }
213
214 guest = surface_data(ssd->ds);
215 mirror = (void *)pixman_image_get_data(ssd->mirror);
216 for (y = ssd->dirty.top; y < ssd->dirty.bottom; y++) {
217 yoff1 = y * surface_stride(ssd->ds);
218 yoff2 = y * pixman_image_get_stride(ssd->mirror);
219 for (x = ssd->dirty.left; x < ssd->dirty.right; x += blksize) {
220 xoff = x * bpp;
221 blk = x / blksize;
222 bw = MIN(blksize, ssd->dirty.right - x);
223 if (memcmp(guest + yoff1 + xoff,
224 mirror + yoff2 + xoff,
225 bw * bpp) == 0) {
226 if (dirty_top[blk] != -1) {
227 QXLRect update = {
228 .top = dirty_top[blk],
229 .bottom = y,
230 .left = x,
231 .right = x + bw,
232 };
233 qemu_spice_create_one_update(ssd, &update);
234 dirty_top[blk] = -1;
235 }
236 } else {
237 if (dirty_top[blk] == -1) {
238 dirty_top[blk] = y;
239 }
240 }
241 }
242 }
243
244 for (x = ssd->dirty.left; x < ssd->dirty.right; x += blksize) {
245 blk = x / blksize;
246 bw = MIN(blksize, ssd->dirty.right - x);
247 if (dirty_top[blk] != -1) {
248 QXLRect update = {
249 .top = dirty_top[blk],
250 .bottom = ssd->dirty.bottom,
251 .left = x,
252 .right = x + bw,
253 };
254 qemu_spice_create_one_update(ssd, &update);
255 dirty_top[blk] = -1;
256 }
257 }
258
259 memset(&ssd->dirty, 0, sizeof(ssd->dirty));
260 }
261
262 static SimpleSpiceCursor*
263 qemu_spice_create_cursor_update(SimpleSpiceDisplay *ssd,
264 QEMUCursor *c,
265 int on)
266 {
267 size_t size = c ? c->width * c->height * 4 : 0;
268 SimpleSpiceCursor *update;
269 QXLCursorCmd *ccmd;
270 QXLCursor *cursor;
271 QXLCommand *cmd;
272
273 update = g_malloc0(sizeof(*update) + size);
274 ccmd = &update->cmd;
275 cursor = &update->cursor;
276 cmd = &update->ext.cmd;
277
278 if (c) {
279 ccmd->type = QXL_CURSOR_SET;
280 ccmd->u.set.position.x = ssd->ptr_x + ssd->hot_x;
281 ccmd->u.set.position.y = ssd->ptr_y + ssd->hot_y;
282 ccmd->u.set.visible = true;
283 ccmd->u.set.shape = (uintptr_t)cursor;
284 cursor->header.unique = ssd->unique++;
285 cursor->header.type = SPICE_CURSOR_TYPE_ALPHA;
286 cursor->header.width = c->width;
287 cursor->header.height = c->height;
288 cursor->header.hot_spot_x = c->hot_x;
289 cursor->header.hot_spot_y = c->hot_y;
290 cursor->data_size = size;
291 cursor->chunk.data_size = size;
292 memcpy(cursor->chunk.data, c->data, size);
293 } else if (!on) {
294 ccmd->type = QXL_CURSOR_HIDE;
295 } else {
296 ccmd->type = QXL_CURSOR_MOVE;
297 ccmd->u.position.x = ssd->ptr_x + ssd->hot_x;
298 ccmd->u.position.y = ssd->ptr_y + ssd->hot_y;
299 }
300 ccmd->release_info.id = (uintptr_t)(&update->ext);
301
302 cmd->type = QXL_CMD_CURSOR;
303 cmd->data = (uintptr_t)ccmd;
304
305 return update;
306 }
307
308 /*
309 * Called from spice server thread context (via interface_release_resource)
310 * We do *not* hold the global qemu mutex here, so extra care is needed
311 * when calling qemu functions. QEMU interfaces used:
312 * - g_free (underlying glibc free is re-entrant).
313 */
314 void qemu_spice_destroy_update(SimpleSpiceDisplay *sdpy, SimpleSpiceUpdate *update)
315 {
316 g_free(update->bitmap);
317 g_free(update);
318 }
319
320 void qemu_spice_create_host_memslot(SimpleSpiceDisplay *ssd)
321 {
322 QXLDevMemSlot memslot;
323
324 dprint(1, "%s/%d:\n", __func__, ssd->qxl.id);
325
326 memset(&memslot, 0, sizeof(memslot));
327 memslot.slot_group_id = MEMSLOT_GROUP_HOST;
328 memslot.virt_end = ~0;
329 qemu_spice_add_memslot(ssd, &memslot, QXL_SYNC);
330 }
331
332 void qemu_spice_create_host_primary(SimpleSpiceDisplay *ssd)
333 {
334 QXLDevSurfaceCreate surface;
335 uint64_t surface_size;
336
337 memset(&surface, 0, sizeof(surface));
338
339 surface_size = (uint64_t) surface_width(ssd->ds) *
340 surface_height(ssd->ds) * 4;
341 assert(surface_size > 0);
342 assert(surface_size < INT_MAX);
343 if (ssd->bufsize < surface_size) {
344 ssd->bufsize = surface_size;
345 g_free(ssd->buf);
346 ssd->buf = g_malloc(ssd->bufsize);
347 }
348
349 dprint(1, "%s/%d: %ux%u (size %" PRIu64 "/%d)\n", __func__, ssd->qxl.id,
350 surface_width(ssd->ds), surface_height(ssd->ds),
351 surface_size, ssd->bufsize);
352
353 surface.format = SPICE_SURFACE_FMT_32_xRGB;
354 surface.width = surface_width(ssd->ds);
355 surface.height = surface_height(ssd->ds);
356 surface.stride = -surface.width * 4;
357 surface.mouse_mode = true;
358 surface.flags = 0;
359 surface.type = 0;
360 surface.mem = (uintptr_t)ssd->buf;
361 surface.group_id = MEMSLOT_GROUP_HOST;
362
363 qemu_spice_create_primary_surface(ssd, 0, &surface, QXL_SYNC);
364 }
365
366 void qemu_spice_destroy_host_primary(SimpleSpiceDisplay *ssd)
367 {
368 dprint(1, "%s/%d:\n", __func__, ssd->qxl.id);
369
370 qemu_spice_destroy_primary_surface(ssd, 0, QXL_SYNC);
371 }
372
373 void qemu_spice_display_init_common(SimpleSpiceDisplay *ssd)
374 {
375 qemu_mutex_init(&ssd->lock);
376 QTAILQ_INIT(&ssd->updates);
377 ssd->mouse_x = -1;
378 ssd->mouse_y = -1;
379 if (ssd->num_surfaces == 0) {
380 ssd->num_surfaces = 1024;
381 }
382 }
383
384 /* display listener callbacks */
385
386 void qemu_spice_display_update(SimpleSpiceDisplay *ssd,
387 int x, int y, int w, int h)
388 {
389 QXLRect update_area;
390
391 dprint(2, "%s/%d: x %d y %d w %d h %d\n", __func__,
392 ssd->qxl.id, x, y, w, h);
393 update_area.left = x,
394 update_area.right = x + w;
395 update_area.top = y;
396 update_area.bottom = y + h;
397
398 if (qemu_spice_rect_is_empty(&ssd->dirty)) {
399 ssd->notify++;
400 }
401 qemu_spice_rect_union(&ssd->dirty, &update_area);
402 }
403
404 void qemu_spice_display_switch(SimpleSpiceDisplay *ssd,
405 DisplaySurface *surface)
406 {
407 SimpleSpiceUpdate *update;
408 bool need_destroy;
409
410 if (surface && ssd->surface &&
411 surface_width(surface) == pixman_image_get_width(ssd->surface) &&
412 surface_height(surface) == pixman_image_get_height(ssd->surface) &&
413 surface_format(surface) == pixman_image_get_format(ssd->surface)) {
414 /* no-resize fast path: just swap backing store */
415 dprint(1, "%s/%d: fast (%dx%d)\n", __func__, ssd->qxl.id,
416 surface_width(surface), surface_height(surface));
417 qemu_mutex_lock(&ssd->lock);
418 ssd->ds = surface;
419 pixman_image_unref(ssd->surface);
420 ssd->surface = pixman_image_ref(ssd->ds->image);
421 qemu_mutex_unlock(&ssd->lock);
422 qemu_spice_display_update(ssd, 0, 0,
423 surface_width(surface),
424 surface_height(surface));
425 return;
426 }
427
428 /* full mode switch */
429 dprint(1, "%s/%d: full (%dx%d -> %dx%d)\n", __func__, ssd->qxl.id,
430 ssd->surface ? pixman_image_get_width(ssd->surface) : 0,
431 ssd->surface ? pixman_image_get_height(ssd->surface) : 0,
432 surface ? surface_width(surface) : 0,
433 surface ? surface_height(surface) : 0);
434
435 memset(&ssd->dirty, 0, sizeof(ssd->dirty));
436 if (ssd->surface) {
437 pixman_image_unref(ssd->surface);
438 ssd->surface = NULL;
439 pixman_image_unref(ssd->mirror);
440 ssd->mirror = NULL;
441 }
442
443 qemu_mutex_lock(&ssd->lock);
444 need_destroy = (ssd->ds != NULL);
445 ssd->ds = surface;
446 while ((update = QTAILQ_FIRST(&ssd->updates)) != NULL) {
447 QTAILQ_REMOVE(&ssd->updates, update, next);
448 qemu_spice_destroy_update(ssd, update);
449 }
450 qemu_mutex_unlock(&ssd->lock);
451 if (need_destroy) {
452 qemu_spice_destroy_host_primary(ssd);
453 }
454 if (ssd->ds) {
455 ssd->surface = pixman_image_ref(ssd->ds->image);
456 ssd->mirror = qemu_pixman_mirror_create(ssd->ds->format,
457 ssd->ds->image);
458 qemu_spice_create_host_primary(ssd);
459 }
460
461 memset(&ssd->dirty, 0, sizeof(ssd->dirty));
462 ssd->notify++;
463
464 qemu_mutex_lock(&ssd->lock);
465 if (ssd->cursor) {
466 g_free(ssd->ptr_define);
467 ssd->ptr_define = qemu_spice_create_cursor_update(ssd, ssd->cursor, 0);
468 }
469 qemu_mutex_unlock(&ssd->lock);
470 }
471
472 static void qemu_spice_cursor_refresh_unlocked(SimpleSpiceDisplay *ssd)
473 {
474 if (ssd->cursor) {
475 assert(ssd->dcl.con);
476 dpy_cursor_define(ssd->dcl.con, ssd->cursor);
477 }
478 if (ssd->mouse_x != -1 && ssd->mouse_y != -1) {
479 assert(ssd->dcl.con);
480 dpy_mouse_set(ssd->dcl.con, ssd->mouse_x, ssd->mouse_y, 1);
481 ssd->mouse_x = -1;
482 ssd->mouse_y = -1;
483 }
484 }
485
486 void qemu_spice_cursor_refresh_bh(void *opaque)
487 {
488 SimpleSpiceDisplay *ssd = opaque;
489
490 qemu_mutex_lock(&ssd->lock);
491 qemu_spice_cursor_refresh_unlocked(ssd);
492 qemu_mutex_unlock(&ssd->lock);
493 }
494
495 void qemu_spice_display_refresh(SimpleSpiceDisplay *ssd)
496 {
497 dprint(3, "%s/%d:\n", __func__, ssd->qxl.id);
498 graphic_hw_update(ssd->dcl.con);
499
500 qemu_mutex_lock(&ssd->lock);
501 if (QTAILQ_EMPTY(&ssd->updates) && ssd->ds) {
502 qemu_spice_create_update(ssd);
503 ssd->notify++;
504 }
505 qemu_mutex_unlock(&ssd->lock);
506
507 if (ssd->notify) {
508 ssd->notify = 0;
509 qemu_spice_wakeup(ssd);
510 dprint(2, "%s/%d: notify\n", __func__, ssd->qxl.id);
511 }
512 }
513
514 /* spice display interface callbacks */
515
516 static void interface_attach_worker(QXLInstance *sin, QXLWorker *qxl_worker)
517 {
518 SimpleSpiceDisplay *ssd = container_of(sin, SimpleSpiceDisplay, qxl);
519
520 dprint(1, "%s/%d:\n", __func__, ssd->qxl.id);
521 ssd->worker = qxl_worker;
522 }
523
524 static void interface_set_compression_level(QXLInstance *sin, int level)
525 {
526 dprint(1, "%s/%d:\n", __func__, sin->id);
527 /* nothing to do */
528 }
529
530 static void interface_set_mm_time(QXLInstance *sin, uint32_t mm_time)
531 {
532 dprint(3, "%s/%d:\n", __func__, sin->id);
533 /* nothing to do */
534 }
535
536 static void interface_get_init_info(QXLInstance *sin, QXLDevInitInfo *info)
537 {
538 SimpleSpiceDisplay *ssd = container_of(sin, SimpleSpiceDisplay, qxl);
539
540 info->memslot_gen_bits = MEMSLOT_GENERATION_BITS;
541 info->memslot_id_bits = MEMSLOT_SLOT_BITS;
542 info->num_memslots = NUM_MEMSLOTS;
543 info->num_memslots_groups = NUM_MEMSLOTS_GROUPS;
544 info->internal_groupslot_id = 0;
545 info->qxl_ram_size = 16 * 1024 * 1024;
546 info->n_surfaces = ssd->num_surfaces;
547 }
548
549 static int interface_get_command(QXLInstance *sin, QXLCommandExt *ext)
550 {
551 SimpleSpiceDisplay *ssd = container_of(sin, SimpleSpiceDisplay, qxl);
552 SimpleSpiceUpdate *update;
553 int ret = false;
554
555 dprint(3, "%s/%d:\n", __func__, ssd->qxl.id);
556
557 qemu_mutex_lock(&ssd->lock);
558 update = QTAILQ_FIRST(&ssd->updates);
559 if (update != NULL) {
560 QTAILQ_REMOVE(&ssd->updates, update, next);
561 *ext = update->ext;
562 ret = true;
563 }
564 qemu_mutex_unlock(&ssd->lock);
565
566 return ret;
567 }
568
569 static int interface_req_cmd_notification(QXLInstance *sin)
570 {
571 dprint(2, "%s/%d:\n", __func__, sin->id);
572 return 1;
573 }
574
575 static void interface_release_resource(QXLInstance *sin,
576 QXLReleaseInfoExt rext)
577 {
578 SimpleSpiceDisplay *ssd = container_of(sin, SimpleSpiceDisplay, qxl);
579 SimpleSpiceUpdate *update;
580 SimpleSpiceCursor *cursor;
581 QXLCommandExt *ext;
582
583 dprint(2, "%s/%d:\n", __func__, ssd->qxl.id);
584 ext = (void *)(intptr_t)(rext.info->id);
585 switch (ext->cmd.type) {
586 case QXL_CMD_DRAW:
587 update = container_of(ext, SimpleSpiceUpdate, ext);
588 qemu_spice_destroy_update(ssd, update);
589 break;
590 case QXL_CMD_CURSOR:
591 cursor = container_of(ext, SimpleSpiceCursor, ext);
592 g_free(cursor);
593 break;
594 default:
595 g_assert_not_reached();
596 }
597 }
598
599 static int interface_get_cursor_command(QXLInstance *sin, QXLCommandExt *ext)
600 {
601 SimpleSpiceDisplay *ssd = container_of(sin, SimpleSpiceDisplay, qxl);
602 int ret;
603
604 dprint(3, "%s/%d:\n", __func__, ssd->qxl.id);
605
606 qemu_mutex_lock(&ssd->lock);
607 if (ssd->ptr_define) {
608 *ext = ssd->ptr_define->ext;
609 ssd->ptr_define = NULL;
610 ret = true;
611 } else if (ssd->ptr_move) {
612 *ext = ssd->ptr_move->ext;
613 ssd->ptr_move = NULL;
614 ret = true;
615 } else {
616 ret = false;
617 }
618 qemu_mutex_unlock(&ssd->lock);
619 return ret;
620 }
621
622 static int interface_req_cursor_notification(QXLInstance *sin)
623 {
624 dprint(2, "%s:\n", __func__);
625 return 1;
626 }
627
628 static void interface_notify_update(QXLInstance *sin, uint32_t update_id)
629 {
630 fprintf(stderr, "%s: abort()\n", __FUNCTION__);
631 abort();
632 }
633
634 static int interface_flush_resources(QXLInstance *sin)
635 {
636 fprintf(stderr, "%s: abort()\n", __FUNCTION__);
637 abort();
638 return 0;
639 }
640
641 static void interface_update_area_complete(QXLInstance *sin,
642 uint32_t surface_id,
643 QXLRect *dirty, uint32_t num_updated_rects)
644 {
645 /* should never be called, used in qxl native mode only */
646 fprintf(stderr, "%s: abort()\n", __func__);
647 abort();
648 }
649
650 /* called from spice server thread context only */
651 static void interface_async_complete(QXLInstance *sin, uint64_t cookie_token)
652 {
653 QXLCookie *cookie = (QXLCookie *)(uintptr_t)cookie_token;
654
655 switch (cookie->type) {
656 #ifdef HAVE_SPICE_GL
657 case QXL_COOKIE_TYPE_GL_DRAW_DONE:
658 {
659 SimpleSpiceDisplay *ssd = container_of(sin, SimpleSpiceDisplay, qxl);
660 qemu_bh_schedule(ssd->gl_unblock_bh);
661 break;
662 }
663 case QXL_COOKIE_TYPE_IO:
664 if (cookie->io == QXL_IO_MONITORS_CONFIG_ASYNC) {
665 g_free(cookie->u.data);
666 }
667 break;
668 #endif
669 default:
670 /* should never be called, used in qxl native mode only */
671 fprintf(stderr, "%s: abort()\n", __func__);
672 abort();
673 }
674 g_free(cookie);
675 }
676
677 static void interface_set_client_capabilities(QXLInstance *sin,
678 uint8_t client_present,
679 uint8_t caps[58])
680 {
681 dprint(3, "%s:\n", __func__);
682 }
683
684 static int interface_client_monitors_config(QXLInstance *sin,
685 VDAgentMonitorsConfig *mc)
686 {
687 SimpleSpiceDisplay *ssd = container_of(sin, SimpleSpiceDisplay, qxl);
688 QemuUIInfo info;
689
690 if (!dpy_ui_info_supported(ssd->dcl.con)) {
691 return 0; /* == not supported by guest */
692 }
693
694 if (!mc) {
695 return 1;
696 }
697
698 /*
699 * FIXME: multihead is tricky due to the way
700 * spice has multihead implemented.
701 */
702 memset(&info, 0, sizeof(info));
703 if (mc->num_of_monitors > 0) {
704 info.width = mc->monitors[0].width;
705 info.height = mc->monitors[0].height;
706 }
707 dpy_set_ui_info(ssd->dcl.con, &info);
708 dprint(1, "%s/%d: size %dx%d\n", __func__, ssd->qxl.id,
709 info.width, info.height);
710 return 1;
711 }
712
713 static const QXLInterface dpy_interface = {
714 .base.type = SPICE_INTERFACE_QXL,
715 .base.description = "qemu simple display",
716 .base.major_version = SPICE_INTERFACE_QXL_MAJOR,
717 .base.minor_version = SPICE_INTERFACE_QXL_MINOR,
718
719 .attache_worker = interface_attach_worker,
720 .set_compression_level = interface_set_compression_level,
721 .set_mm_time = interface_set_mm_time,
722 .get_init_info = interface_get_init_info,
723
724 /* the callbacks below are called from spice server thread context */
725 .get_command = interface_get_command,
726 .req_cmd_notification = interface_req_cmd_notification,
727 .release_resource = interface_release_resource,
728 .get_cursor_command = interface_get_cursor_command,
729 .req_cursor_notification = interface_req_cursor_notification,
730 .notify_update = interface_notify_update,
731 .flush_resources = interface_flush_resources,
732 .async_complete = interface_async_complete,
733 .update_area_complete = interface_update_area_complete,
734 .set_client_capabilities = interface_set_client_capabilities,
735 .client_monitors_config = interface_client_monitors_config,
736 };
737
738 static void display_update(DisplayChangeListener *dcl,
739 int x, int y, int w, int h)
740 {
741 SimpleSpiceDisplay *ssd = container_of(dcl, SimpleSpiceDisplay, dcl);
742 qemu_spice_display_update(ssd, x, y, w, h);
743 }
744
745 static void display_switch(DisplayChangeListener *dcl,
746 DisplaySurface *surface)
747 {
748 SimpleSpiceDisplay *ssd = container_of(dcl, SimpleSpiceDisplay, dcl);
749 qemu_spice_display_switch(ssd, surface);
750 }
751
752 static void display_refresh(DisplayChangeListener *dcl)
753 {
754 SimpleSpiceDisplay *ssd = container_of(dcl, SimpleSpiceDisplay, dcl);
755 qemu_spice_display_refresh(ssd);
756 }
757
758 static void display_mouse_set(DisplayChangeListener *dcl,
759 int x, int y, int on)
760 {
761 SimpleSpiceDisplay *ssd = container_of(dcl, SimpleSpiceDisplay, dcl);
762
763 qemu_mutex_lock(&ssd->lock);
764 ssd->ptr_x = x;
765 ssd->ptr_y = y;
766 g_free(ssd->ptr_move);
767 ssd->ptr_move = qemu_spice_create_cursor_update(ssd, NULL, on);
768 qemu_mutex_unlock(&ssd->lock);
769 }
770
771 static void display_mouse_define(DisplayChangeListener *dcl,
772 QEMUCursor *c)
773 {
774 SimpleSpiceDisplay *ssd = container_of(dcl, SimpleSpiceDisplay, dcl);
775
776 qemu_mutex_lock(&ssd->lock);
777 cursor_get(c);
778 cursor_put(ssd->cursor);
779 ssd->cursor = c;
780 ssd->hot_x = c->hot_x;
781 ssd->hot_y = c->hot_y;
782 g_free(ssd->ptr_move);
783 ssd->ptr_move = NULL;
784 g_free(ssd->ptr_define);
785 ssd->ptr_define = qemu_spice_create_cursor_update(ssd, c, 0);
786 qemu_mutex_unlock(&ssd->lock);
787 }
788
789 static const DisplayChangeListenerOps display_listener_ops = {
790 .dpy_name = "spice",
791 .dpy_gfx_update = display_update,
792 .dpy_gfx_switch = display_switch,
793 .dpy_gfx_check_format = qemu_pixman_check_format,
794 .dpy_refresh = display_refresh,
795 .dpy_mouse_set = display_mouse_set,
796 .dpy_cursor_define = display_mouse_define,
797 };
798
799 #ifdef HAVE_SPICE_GL
800
801 static void qemu_spice_gl_monitor_config(SimpleSpiceDisplay *ssd,
802 int x, int y, int w, int h)
803 {
804 QXLMonitorsConfig *config;
805 QXLCookie *cookie;
806
807 config = g_malloc0(sizeof(QXLMonitorsConfig) + sizeof(QXLHead));
808 config->count = 1;
809 config->max_allowed = 1;
810 config->heads[0].x = x;
811 config->heads[0].y = y;
812 config->heads[0].width = w;
813 config->heads[0].height = h;
814 cookie = qxl_cookie_new(QXL_COOKIE_TYPE_IO,
815 QXL_IO_MONITORS_CONFIG_ASYNC);
816 cookie->u.data = config;
817
818 spice_qxl_monitors_config_async(&ssd->qxl,
819 (uintptr_t)config,
820 MEMSLOT_GROUP_HOST,
821 (uintptr_t)cookie);
822 }
823
824 static void qemu_spice_gl_block(SimpleSpiceDisplay *ssd, bool block)
825 {
826 uint64_t timeout;
827
828 if (block) {
829 timeout = qemu_clock_get_ms(QEMU_CLOCK_REALTIME);
830 timeout += 1000; /* one sec */
831 timer_mod(ssd->gl_unblock_timer, timeout);
832 } else {
833 timer_del(ssd->gl_unblock_timer);
834 }
835 graphic_hw_gl_block(ssd->dcl.con, block);
836 }
837
838 static void qemu_spice_gl_unblock_bh(void *opaque)
839 {
840 SimpleSpiceDisplay *ssd = opaque;
841
842 qemu_spice_gl_block(ssd, false);
843 }
844
845 static void qemu_spice_gl_block_timer(void *opaque)
846 {
847 fprintf(stderr, "WARNING: spice: no gl-draw-done within one second\n");
848 }
849
850 static QEMUGLContext qemu_spice_gl_create_context(DisplayChangeListener *dcl,
851 QEMUGLParams *params)
852 {
853 eglMakeCurrent(qemu_egl_display, EGL_NO_SURFACE, EGL_NO_SURFACE,
854 qemu_egl_rn_ctx);
855 return qemu_egl_create_context(dcl, params);
856 }
857
858 static void qemu_spice_gl_scanout(DisplayChangeListener *dcl,
859 uint32_t tex_id,
860 bool y_0_top,
861 uint32_t x, uint32_t y,
862 uint32_t w, uint32_t h)
863 {
864 SimpleSpiceDisplay *ssd = container_of(dcl, SimpleSpiceDisplay, dcl);
865 EGLint stride = 0, fourcc = 0;
866 int fd = -1;
867
868 if (tex_id) {
869 fd = egl_get_fd_for_texture(tex_id, &stride, &fourcc);
870 if (fd < 0) {
871 fprintf(stderr, "%s: failed to get fd for texture\n", __func__);
872 return;
873 }
874 dprint(1, "%s: %dx%d (stride %d, fourcc 0x%x)\n", __func__,
875 w, h, stride, fourcc);
876 } else {
877 dprint(1, "%s: no texture (no framebuffer)\n", __func__);
878 }
879
880 assert(!tex_id || fd >= 0);
881
882 /* note: spice server will close the fd */
883 spice_qxl_gl_scanout(&ssd->qxl, fd,
884 surface_width(ssd->ds),
885 surface_height(ssd->ds),
886 stride, fourcc, y_0_top);
887
888 qemu_spice_gl_monitor_config(ssd, x, y, w, h);
889 }
890
891 static void qemu_spice_gl_update(DisplayChangeListener *dcl,
892 uint32_t x, uint32_t y, uint32_t w, uint32_t h)
893 {
894 SimpleSpiceDisplay *ssd = container_of(dcl, SimpleSpiceDisplay, dcl);
895 uint64_t cookie;
896
897 dprint(2, "%s: %dx%d+%d+%d\n", __func__, w, h, x, y);
898 qemu_spice_gl_block(ssd, true);
899 cookie = (uintptr_t)qxl_cookie_new(QXL_COOKIE_TYPE_GL_DRAW_DONE, 0);
900 spice_qxl_gl_draw_async(&ssd->qxl, x, y, w, h, cookie);
901 }
902
903 static const DisplayChangeListenerOps display_listener_gl_ops = {
904 .dpy_name = "spice-egl",
905 .dpy_gfx_update = display_update,
906 .dpy_gfx_switch = display_switch,
907 .dpy_gfx_check_format = qemu_pixman_check_format,
908 .dpy_refresh = display_refresh,
909 .dpy_mouse_set = display_mouse_set,
910 .dpy_cursor_define = display_mouse_define,
911
912 .dpy_gl_ctx_create = qemu_spice_gl_create_context,
913 .dpy_gl_ctx_destroy = qemu_egl_destroy_context,
914 .dpy_gl_ctx_make_current = qemu_egl_make_context_current,
915 .dpy_gl_ctx_get_current = qemu_egl_get_current_context,
916
917 .dpy_gl_scanout = qemu_spice_gl_scanout,
918 .dpy_gl_update = qemu_spice_gl_update,
919 };
920
921 #endif /* HAVE_SPICE_GL */
922
923 static void qemu_spice_display_init_one(QemuConsole *con)
924 {
925 SimpleSpiceDisplay *ssd = g_new0(SimpleSpiceDisplay, 1);
926
927 qemu_spice_display_init_common(ssd);
928
929 ssd->dcl.ops = &display_listener_ops;
930 #ifdef HAVE_SPICE_GL
931 if (display_opengl) {
932 ssd->dcl.ops = &display_listener_gl_ops;
933 ssd->dmabuf_fd = -1;
934 ssd->gl_unblock_bh = qemu_bh_new(qemu_spice_gl_unblock_bh, ssd);
935 ssd->gl_unblock_timer = timer_new_ms(QEMU_CLOCK_REALTIME,
936 qemu_spice_gl_block_timer, ssd);
937 }
938 #endif
939 ssd->dcl.con = con;
940
941 ssd->qxl.base.sif = &dpy_interface.base;
942 qemu_spice_add_display_interface(&ssd->qxl, con);
943 assert(ssd->worker);
944 qemu_spice_create_host_memslot(ssd);
945
946 register_displaychangelistener(&ssd->dcl);
947 }
948
949 void qemu_spice_display_init(void)
950 {
951 QemuConsole *con;
952 int i;
953
954 for (i = 0;; i++) {
955 con = qemu_console_lookup_by_index(i);
956 if (!con || !qemu_console_is_graphic(con)) {
957 break;
958 }
959 if (qemu_spice_have_display_interface(con)) {
960 continue;
961 }
962 qemu_spice_display_init_one(con);
963 }
964 }