diff options
Diffstat (limited to 'hw/display/qxl.c')
| -rw-r--r-- | hw/display/qxl.c | 356 |
1 files changed, 196 insertions, 160 deletions
diff --git a/hw/display/qxl.c b/hw/display/qxl.c index f608abc769..7178dec85d 100644 --- a/hw/display/qxl.c +++ b/hw/display/qxl.c @@ -23,34 +23,18 @@ #include <zlib.h> #include "qapi/error.h" -#include "qemu-common.h" #include "qemu/timer.h" #include "qemu/queue.h" #include "qemu/atomic.h" -#include "sysemu/sysemu.h" -#include "migration/blocker.h" +#include "qemu/main-loop.h" +#include "qemu/module.h" +#include "hw/qdev-properties.h" +#include "sysemu/runstate.h" +#include "migration/vmstate.h" #include "trace.h" #include "qxl.h" -/* - * NOTE: SPICE_RING_PROD_ITEM accesses memory on the pci bar and as - * such can be changed by the guest, so to avoid a guest trigerrable - * abort we just qxl_set_guest_bug and set the return to NULL. Still - * it may happen as a result of emulator bug as well. - */ -#undef SPICE_RING_PROD_ITEM -#define SPICE_RING_PROD_ITEM(qxl, r, ret) { \ - uint32_t prod = (r)->prod & SPICE_RING_INDEX_MASK(r); \ - if (prod >= ARRAY_SIZE((r)->items)) { \ - qxl_set_guest_bug(qxl, "SPICE_RING_PROD_ITEM indices mismatch " \ - "%u >= %zu", prod, ARRAY_SIZE((r)->items)); \ - ret = NULL; \ - } else { \ - ret = &(r)->items[prod].el; \ - } \ - } - #undef SPICE_RING_CONS_ITEM #define SPICE_RING_CONS_ITEM(qxl, r, ret) { \ uint32_t cons = (r)->cons & SPICE_RING_INDEX_MASK(r); \ @@ -276,7 +260,7 @@ static void qxl_spice_monitors_config_async(PCIQXLDevice *qxl, int replay) QXL_COOKIE_TYPE_POST_LOAD_MONITORS_CONFIG, 0)); } else { -#if SPICE_SERVER_VERSION >= 0x000c06 /* release 0.12.6 */ +#if SPICE_SERVER_VERSION < 0x000e02 /* release 0.14.2 */ if (qxl->max_outputs) { spice_qxl_set_max_monitors(&qxl->ssd.qxl, qxl->max_outputs); } @@ -289,7 +273,8 @@ static void qxl_spice_monitors_config_async(PCIQXLDevice *qxl, int replay) QXL_IO_MONITORS_CONFIG_ASYNC)); } - cfg = qxl_phys2virt(qxl, qxl->guest_monitors_config, MEMSLOT_GROUP_GUEST); + cfg = qxl_phys2virt(qxl, qxl->guest_monitors_config, MEMSLOT_GROUP_GUEST, + sizeof(QXLMonitorsConfig)); if (cfg != NULL && cfg->count == 1) { qxl->guest_primary.resized = 1; qxl->guest_head0_width = cfg->heads[0].width; @@ -314,7 +299,7 @@ void qxl_spice_reset_cursor(PCIQXLDevice *qxl) qxl->guest_cursor = 0; qemu_mutex_unlock(&qxl->track_lock); if (qxl->ssd.cursor) { - cursor_put(qxl->ssd.cursor); + cursor_unref(qxl->ssd.cursor); } qxl->ssd.cursor = cursor_builtin_hidden(); } @@ -335,7 +320,7 @@ static ram_addr_t qxl_rom_size(void) #define QXL_ROM_SZ 8192 QEMU_BUILD_BUG_ON(QXL_REQUIRED_SZ > QXL_ROM_SZ); - return QXL_ROM_SZ; + return QEMU_ALIGN_UP(QXL_REQUIRED_SZ, qemu_real_host_page_size()); } static void init_qxl_rom(PCIQXLDevice *d) @@ -413,7 +398,8 @@ static void init_qxl_rom(PCIQXLDevice *d) static void init_qxl_ram(PCIQXLDevice *d) { uint8_t *buf; - uint64_t *item; + uint32_t prod; + QXLReleaseRing *ring; buf = d->vga.vram_ptr; d->ram = (QXLRam *)(buf + le32_to_cpu(d->shadow_rom.ram_header_offset)); @@ -425,9 +411,12 @@ static void init_qxl_ram(PCIQXLDevice *d) SPICE_RING_INIT(&d->ram->cmd_ring); SPICE_RING_INIT(&d->ram->cursor_ring); SPICE_RING_INIT(&d->ram->release_ring); - SPICE_RING_PROD_ITEM(d, &d->ram->release_ring, item); - assert(item); - *item = 0; + + ring = &d->ram->release_ring; + prod = ring->prod & SPICE_RING_INDEX_MASK(ring); + assert(prod < ARRAY_SIZE(ring->items)); + ring->items[prod].el = 0; + qxl_ring_set_dirty(d); } @@ -470,7 +459,8 @@ static int qxl_track_command(PCIQXLDevice *qxl, struct QXLCommandExt *ext) switch (le32_to_cpu(ext->cmd.type)) { case QXL_CMD_SURFACE: { - QXLSurfaceCmd *cmd = qxl_phys2virt(qxl, ext->cmd.data, ext->group_id); + QXLSurfaceCmd *cmd = qxl_phys2virt(qxl, ext->cmd.data, ext->group_id, + sizeof(QXLSurfaceCmd)); if (!cmd) { return 1; @@ -488,23 +478,25 @@ static int qxl_track_command(PCIQXLDevice *qxl, struct QXLCommandExt *ext) cmd->u.surface_create.stride); return 1; } - qemu_mutex_lock(&qxl->track_lock); - if (cmd->type == QXL_SURFACE_CMD_CREATE) { - qxl->guest_surfaces.cmds[id] = ext->cmd.data; - qxl->guest_surfaces.count++; - if (qxl->guest_surfaces.max < qxl->guest_surfaces.count) - qxl->guest_surfaces.max = qxl->guest_surfaces.count; - } - if (cmd->type == QXL_SURFACE_CMD_DESTROY) { - qxl->guest_surfaces.cmds[id] = 0; - qxl->guest_surfaces.count--; + WITH_QEMU_LOCK_GUARD(&qxl->track_lock) { + if (cmd->type == QXL_SURFACE_CMD_CREATE) { + qxl->guest_surfaces.cmds[id] = ext->cmd.data; + qxl->guest_surfaces.count++; + if (qxl->guest_surfaces.max < qxl->guest_surfaces.count) { + qxl->guest_surfaces.max = qxl->guest_surfaces.count; + } + } + if (cmd->type == QXL_SURFACE_CMD_DESTROY) { + qxl->guest_surfaces.cmds[id] = 0; + qxl->guest_surfaces.count--; + } } - qemu_mutex_unlock(&qxl->track_lock); break; } case QXL_CMD_CURSOR: { - QXLCursorCmd *cmd = qxl_phys2virt(qxl, ext->cmd.data, ext->group_id); + QXLCursorCmd *cmd = qxl_phys2virt(qxl, ext->cmd.data, ext->group_id, + sizeof(QXLCursorCmd)); if (!cmd) { return 1; @@ -527,13 +519,20 @@ static int qxl_track_command(PCIQXLDevice *qxl, struct QXLCommandExt *ext) /* spice display interface callbacks */ -static void interface_attach_worker(QXLInstance *sin, QXLWorker *qxl_worker) +static void interface_attached_worker(QXLInstance *sin) { PCIQXLDevice *qxl = container_of(sin, PCIQXLDevice, ssd.qxl); trace_qxl_interface_attach_worker(qxl->id); } +#if !(SPICE_HAS_ATTACHED_WORKER) +static void interface_attach_worker(QXLInstance *sin, QXLWorker *qxl_worker) +{ + interface_attached_worker(sin); +} +#endif + static void interface_set_compression_level(QXLInstance *sin, int level) { PCIQXLDevice *qxl = container_of(sin, PCIQXLDevice, ssd.qxl); @@ -544,22 +543,6 @@ static void interface_set_compression_level(QXLInstance *sin, int level) qxl_rom_set_dirty(qxl); } -#if SPICE_NEEDS_SET_MM_TIME -static void interface_set_mm_time(QXLInstance *sin, uint32_t mm_time) -{ - PCIQXLDevice *qxl = container_of(sin, PCIQXLDevice, ssd.qxl); - - if (!qemu_spice_display_is_running(&qxl->ssd)) { - return; - } - - trace_qxl_interface_set_mm_time(qxl->id, mm_time); - qxl->shadow_rom.mm_clock = cpu_to_le32(mm_time); - qxl->rom->mm_clock = cpu_to_le32(mm_time); - qxl_rom_set_dirty(qxl); -} -#endif - static void interface_get_init_info(QXLInstance *sin, QXLDevInitInfo *info) { PCIQXLDevice *qxl = container_of(sin, PCIQXLDevice, ssd.qxl); @@ -675,30 +658,6 @@ static int interface_get_command(QXLInstance *sin, struct QXLCommandExt *ext) qxl->guest_primary.commands++; qxl_track_command(qxl, ext); qxl_log_command(qxl, "cmd", ext); - { - /* - * Windows 8 drivers place qxl commands in the vram - * (instead of the ram) bar. We can't live migrate such a - * guest, so add a migration blocker in case we detect - * this, to avoid triggering the assert in pre_save(). - * - * https://cgit.freedesktop.org/spice/win32/qxl-wddm-dod/commit/?id=f6e099db39e7d0787f294d5fd0dce328b5210faa - */ - void *msg = qxl_phys2virt(qxl, ext->cmd.data, ext->group_id); - if (msg != NULL && ( - msg < (void *)qxl->vga.vram_ptr || - msg > ((void *)qxl->vga.vram_ptr + qxl->vga.vram_size))) { - if (!qxl->migration_blocker) { - Error *local_err = NULL; - error_setg(&qxl->migration_blocker, - "qxl: guest bug: command not in ram bar"); - migrate_add_blocker(qxl->migration_blocker, &local_err); - if (local_err) { - error_report_err(local_err); - } - } - } - } trace_qxl_ring_command_get(qxl->id, qxl_mode_to_string(qxl->mode)); return true; default: @@ -731,7 +690,7 @@ static int interface_req_cmd_notification(QXLInstance *sin) static inline void qxl_push_free_res(PCIQXLDevice *d, int flush) { QXLReleaseRing *ring = &d->ram->release_ring; - uint64_t *item; + uint32_t prod; int notify; #define QXL_FREE_BUNCH_SIZE 32 @@ -758,11 +717,15 @@ static inline void qxl_push_free_res(PCIQXLDevice *d, int flush) if (notify) { qxl_send_events(d, QXL_INTERRUPT_DISPLAY); } - SPICE_RING_PROD_ITEM(d, ring, item); - if (!item) { + + ring = &d->ram->release_ring; + prod = ring->prod & SPICE_RING_INDEX_MASK(ring); + if (prod >= ARRAY_SIZE(ring->items)) { + qxl_set_guest_bug(d, "SPICE_RING_PROD_ITEM indices mismatch " + "%u >= %zu", prod, ARRAY_SIZE(ring->items)); return; } - *item = 0; + ring->items[prod].el = 0; d->num_free_res = 0; d->last_release = NULL; qxl_ring_set_dirty(d); @@ -774,8 +737,12 @@ static void interface_release_resource(QXLInstance *sin, { PCIQXLDevice *qxl = container_of(sin, PCIQXLDevice, ssd.qxl); QXLReleaseRing *ring; - uint64_t *item, id; + uint32_t prod; + uint64_t id; + if (!ext.info) { + return; + } if (ext.group_id == MEMSLOT_GROUP_HOST) { /* host group -> vga mode update request */ QXLCommandExt *cmdext = (void *)(intptr_t)(ext.info->id); @@ -791,16 +758,18 @@ static void interface_release_resource(QXLInstance *sin, * pci bar 0, $command.release_info */ ring = &qxl->ram->release_ring; - SPICE_RING_PROD_ITEM(qxl, ring, item); - if (!item) { + prod = ring->prod & SPICE_RING_INDEX_MASK(ring); + if (prod >= ARRAY_SIZE(ring->items)) { + qxl_set_guest_bug(qxl, "SPICE_RING_PROD_ITEM indices mismatch " + "%u >= %zu", prod, ARRAY_SIZE(ring->items)); return; } - if (*item == 0) { + if (ring->items[prod].el == 0) { /* stick head into the ring */ id = ext.info->id; ext.info->next = 0; qxl_ram_set_dirty(qxl, &ext.info->next); - *item = id; + ring->items[prod].el = id; qxl_ring_set_dirty(qxl); } else { /* append item to the list */ @@ -848,7 +817,7 @@ static int interface_get_cursor_command(QXLInstance *sin, struct QXLCommandExt * qxl->guest_primary.commands++; qxl_track_command(qxl, ext); qxl_log_command(qxl, "csr", ext); - if (qxl->id == 0) { + if (qxl->have_vga) { qxl_render_cursor(qxl, ext); } trace_qxl_ring_cursor_get(qxl->id, qxl_mode_to_string(qxl->mode)); @@ -943,7 +912,7 @@ static void interface_async_complete_io(PCIQXLDevice *qxl, QXLCookie *cookie) qxl_spice_destroy_surface_wait_complete(qxl, cookie->u.surface_id); break; default: - fprintf(stderr, "qxl: %s: unexpected current_async %d\n", __func__, + fprintf(stderr, "qxl: %s: unexpected current_async %u\n", __func__, current_async); } qxl_send_events(qxl, QXL_INTERRUPT_IO_CMD); @@ -958,10 +927,9 @@ static void interface_update_area_complete(QXLInstance *sin, int i; int qxl_i; - qemu_mutex_lock(&qxl->ssd.lock); + QEMU_LOCK_GUARD(&qxl->ssd.lock); if (surface_id != 0 || !num_updated_rects || !qxl->render_update_cookie_num) { - qemu_mutex_unlock(&qxl->ssd.lock); return; } trace_qxl_interface_update_area_complete(qxl->id, surface_id, dirty->left, @@ -980,7 +948,6 @@ static void interface_update_area_complete(QXLInstance *sin, * Don't bother copying or scheduling the bh since we will flip * the whole area anyway on completion of the update_area async call */ - qemu_mutex_unlock(&qxl->ssd.lock); return; } qxl_i = qxl->num_dirty_rects; @@ -991,7 +958,6 @@ static void interface_update_area_complete(QXLInstance *sin, trace_qxl_interface_update_area_complete_schedule_bh(qxl->id, qxl->num_dirty_rects); qemu_bh_schedule(qxl->update_area_bh); - qemu_mutex_unlock(&qxl->ssd.lock); } /* called from spice server thread context only */ @@ -1106,12 +1072,10 @@ static int interface_client_monitors_config(QXLInstance *sin, return 1; } -#if SPICE_SERVER_VERSION >= 0x000c06 /* release 0.12.6 */ /* limit number of outputs based on setting limit */ if (qxl->max_outputs && qxl->max_outputs <= max_outputs) { max_outputs = qxl->max_outputs; } -#endif config_changed = qxl_rom_monitors_config_changed(rom, monitors_config, @@ -1158,11 +1122,13 @@ static const QXLInterface qxl_interface = { .base.major_version = SPICE_INTERFACE_QXL_MAJOR, .base.minor_version = SPICE_INTERFACE_QXL_MINOR, +#if SPICE_HAS_ATTACHED_WORKER + .attached_worker = interface_attached_worker, +#else .attache_worker = interface_attach_worker, - .set_compression_level = interface_set_compression_level, -#if SPICE_NEEDS_SET_MM_TIME - .set_mm_time = interface_set_mm_time, #endif + + .set_compression_level = interface_set_compression_level, .get_init_info = interface_get_init_info, /* the callbacks below are called from spice server thread context */ @@ -1181,6 +1147,7 @@ static const QXLInterface qxl_interface = { static const GraphicHwOps qxl_ops = { .gfx_update = qxl_hw_update, + .gfx_update_async = true, }; static void qxl_enter_vga_mode(PCIQXLDevice *d) @@ -1189,9 +1156,7 @@ static void qxl_enter_vga_mode(PCIQXLDevice *d) return; } trace_qxl_enter_vga_mode(d->id); -#if SPICE_SERVER_VERSION >= 0x000c03 /* release 0.12.3 */ spice_qxl_driver_unload(&d->ssd.qxl); -#endif graphic_console_set_hwops(d->ssd.dcl.con, d->vga.hw_ops, &d->vga); update_displaychangelistener(&d->ssd.dcl, GUI_REFRESH_INTERVAL_DEFAULT); qemu_spice_create_host_primary(&d->ssd); @@ -1255,7 +1220,7 @@ static void qxl_soft_reset(PCIQXLDevice *d) d->current_async = QXL_UNDEFINED_IO; qemu_mutex_unlock(&d->async_lock); - if (d->id == 0) { + if (d->have_vga) { qxl_enter_vga_mode(d); } else { d->mode = QXL_MODE_UNDEFINED; @@ -1286,12 +1251,6 @@ static void qxl_hard_reset(PCIQXLDevice *d, int loadvm) qemu_spice_create_host_memslot(&d->ssd); qxl_soft_reset(d); - if (d->migration_blocker) { - migrate_del_blocker(d->migration_blocker); - error_free(d->migration_blocker); - d->migration_blocker = NULL; - } - if (startstop) { qemu_spice_display_start(); } @@ -1310,7 +1269,8 @@ static void qxl_vga_ioport_write(void *opaque, uint32_t addr, uint32_t val) PCIQXLDevice *qxl = container_of(vga, PCIQXLDevice, vga); trace_qxl_io_write_vga(qxl->id, qxl_mode_to_string(qxl->mode), addr, val); - if (qxl->mode != QXL_MODE_VGA) { + if (qxl->mode != QXL_MODE_VGA && + qxl->revision <= QXL_REVISION_STABLE_V12) { qxl_destroy_primary(qxl, QXL_SYNC); qxl_soft_reset(qxl); } @@ -1402,6 +1362,7 @@ static int qxl_add_memslot(PCIQXLDevice *d, uint32_t slot_id, uint64_t delta, qxl_set_guest_bug(d, "%s: pci_region = %d", __func__, pci_region); return 1; } + assert(guest_end - pci_start <= memory_region_size(mr)); virt_start = (intptr_t)memory_region_get_ram_ptr(mr); memslot.slot_id = slot_id; @@ -1442,11 +1403,13 @@ static void qxl_reset_surfaces(PCIQXLDevice *d) /* can be also called from spice server thread context */ static bool qxl_get_check_slot_offset(PCIQXLDevice *qxl, QXLPHYSICAL pqxl, - uint32_t *s, uint64_t *o) + uint32_t *s, uint64_t *o, + size_t size_requested) { uint64_t phys = le64_to_cpu(pqxl); uint32_t slot = (phys >> (64 - 8)) & 0xff; uint64_t offset = phys & 0xffffffffffff; + uint64_t size_available; if (slot >= NUM_MEMSLOTS) { qxl_set_guest_bug(qxl, "slot too large %d >= %d", slot, @@ -1470,6 +1433,23 @@ static bool qxl_get_check_slot_offset(PCIQXLDevice *qxl, QXLPHYSICAL pqxl, slot, offset, qxl->guest_slots[slot].size); return false; } + size_available = memory_region_size(qxl->guest_slots[slot].mr); + if (qxl->guest_slots[slot].offset + offset >= size_available) { + qxl_set_guest_bug(qxl, + "slot %d offset %"PRIu64" > region size %"PRIu64"\n", + slot, qxl->guest_slots[slot].offset + offset, + size_available); + return false; + } + size_available -= qxl->guest_slots[slot].offset + offset; + if (size_requested > size_available) { + qxl_set_guest_bug(qxl, + "slot %d offset %"PRIu64" size %zu: " + "overrun by %"PRIu64" bytes\n", + slot, offset, size_requested, + size_requested - size_available); + return false; + } *s = slot; *o = offset; @@ -1477,7 +1457,8 @@ static bool qxl_get_check_slot_offset(PCIQXLDevice *qxl, QXLPHYSICAL pqxl, } /* can be also called from spice server thread context */ -void *qxl_phys2virt(PCIQXLDevice *qxl, QXLPHYSICAL pqxl, int group_id) +void *qxl_phys2virt(PCIQXLDevice *qxl, QXLPHYSICAL pqxl, int group_id, + size_t size) { uint64_t offset; uint32_t slot; @@ -1488,7 +1469,7 @@ void *qxl_phys2virt(PCIQXLDevice *qxl, QXLPHYSICAL pqxl, int group_id) offset = le64_to_cpu(pqxl) & 0xffffffffffff; return (void *)(intptr_t)offset; case MEMSLOT_GROUP_GUEST: - if (!qxl_get_check_slot_offset(qxl, pqxl, &slot, &offset)) { + if (!qxl_get_check_slot_offset(qxl, pqxl, &slot, &offset, size)) { return NULL; } ptr = memory_region_get_ram_ptr(qxl->guest_slots[slot].mr); @@ -1563,7 +1544,7 @@ static void qxl_create_guest_primary(PCIQXLDevice *qxl, int loadvm, } } -/* return 1 if surface destoy was initiated (in QXL_ASYNC case) or +/* return 1 if surface destroy was initiated (in QXL_ASYNC case) or * done (in QXL_SYNC case), 0 otherwise. */ static int qxl_destroy_primary(PCIQXLDevice *d, qxl_async_io async) { @@ -1610,7 +1591,10 @@ static void qxl_set_mode(PCIQXLDevice *d, unsigned int modenr, int loadvm) } d->guest_slots[0].slot = slot; - assert(qxl_add_memslot(d, 0, devmem, QXL_SYNC) == 0); + if (qxl_add_memslot(d, 0, devmem, QXL_SYNC) != 0) { + qxl_set_guest_bug(d, "device isn't initialized yet"); + return; + } d->guest_primary.surface = surface; qxl_create_guest_primary(d, 0, QXL_SYNC); @@ -1631,7 +1615,7 @@ static void ioport_write(void *opaque, hwaddr addr, PCIQXLDevice *d = opaque; uint32_t io_port = addr; qxl_async_io async = QXL_SYNC; - uint32_t orig_io_port = io_port; + uint32_t orig_io_port; if (d->guest_bug && io_port != QXL_IO_RESET) { return; @@ -1694,15 +1678,14 @@ static void ioport_write(void *opaque, hwaddr addr, case QXL_IO_MONITORS_CONFIG_ASYNC: async_common: async = QXL_ASYNC; - qemu_mutex_lock(&d->async_lock); - if (d->current_async != QXL_UNDEFINED_IO) { - qxl_set_guest_bug(d, "%d async started before last (%d) complete", - io_port, d->current_async); - qemu_mutex_unlock(&d->async_lock); - return; + WITH_QEMU_LOCK_GUARD(&d->async_lock) { + if (d->current_async != QXL_UNDEFINED_IO) { + qxl_set_guest_bug(d, "%d async started before last (%d) complete", + io_port, d->current_async); + return; + } + d->current_async = orig_io_port; } - d->current_async = orig_io_port; - qemu_mutex_unlock(&d->async_lock); break; default: break; @@ -1765,10 +1748,25 @@ async_common: qxl_set_mode(d, val, 0); break; case QXL_IO_LOG: - trace_qxl_io_log(d->id, d->ram->log_buf); - if (d->guestdebug) { - fprintf(stderr, "qxl/guest-%d: %" PRId64 ": %s", d->id, - qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL), d->ram->log_buf); +#ifdef CONFIG_MODULES + /* + * FIXME + * trace_event_get_state_backends() does not work for modules, + * it leads to "undefined symbol: qemu_qxl_io_log_semaphore" + */ + if (true) { +#else + if (trace_event_get_state_backends(TRACE_QXL_IO_LOG) || d->guestdebug) { +#endif + /* We cannot trust the guest to NUL terminate d->ram->log_buf */ + char *log_buf = g_strndup((const char *)d->ram->log_buf, + sizeof(d->ram->log_buf)); + trace_qxl_io_log(d->id, log_buf); + if (d->guestdebug) { + fprintf(stderr, "qxl/guest-%d: %" PRId64 ": %s", d->id, + qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL), log_buf); + } + g_free(log_buf); } break; case QXL_IO_RESET: @@ -1896,7 +1894,7 @@ static void qxl_send_events(PCIQXLDevice *d, uint32_t events) /* * Older versions of Spice forgot to define the QXLRam struct * with the '__aligned__(4)' attribute. clang 7 and newer will - * thus warn that atomic_fetch_or(&d->ram->int_pending, ...) + * thus warn that qatomic_fetch_or(&d->ram->int_pending, ...) * might be a misaligned atomic access, and will generate an * out-of-line call for it, which results in a link error since * we don't currently link against libatomic. @@ -1916,7 +1914,7 @@ static void qxl_send_events(PCIQXLDevice *d, uint32_t events) #define ALIGNED_UINT32_PTR(P) ((uint32_t *)P) #endif - old_pending = atomic_fetch_or(ALIGNED_UINT32_PTR(&d->ram->int_pending), + old_pending = qatomic_fetch_or(ALIGNED_UINT32_PTR(&d->ram->int_pending), le_events); if ((old_pending & le_events) == le_events) { return; @@ -1940,9 +1938,9 @@ static void qxl_dirty_one_surface(PCIQXLDevice *qxl, QXLPHYSICAL pqxl, uint32_t slot; bool rc; - rc = qxl_get_check_slot_offset(qxl, pqxl, &slot, &offset); - assert(rc == true); size = (uint64_t)height * abs(stride); + rc = qxl_get_check_slot_offset(qxl, pqxl, &slot, &offset, size); + assert(rc == true); trace_qxl_surfaces_dirty(qxl->id, offset, size); qxl_set_dirty(qxl->guest_slots[slot].mr, qxl->guest_slots[slot].offset + offset, @@ -1971,7 +1969,7 @@ static void qxl_dirty_surfaces(PCIQXLDevice *qxl) } cmd = qxl_phys2virt(qxl, qxl->guest_surfaces.cmds[i], - MEMSLOT_GROUP_GUEST); + MEMSLOT_GROUP_GUEST, sizeof(QXLSurfaceCmd)); assert(cmd); assert(cmd->type == QXL_SURFACE_CMD_CREATE); qxl_dirty_one_surface(qxl, cmd->u.surface_create.data, @@ -1980,7 +1978,7 @@ static void qxl_dirty_surfaces(PCIQXLDevice *qxl) } } -static void qxl_vm_change_state_handler(void *opaque, int running, +static void qxl_vm_change_state_handler(void *opaque, bool running, RunState state) { PCIQXLDevice *qxl = opaque; @@ -2116,6 +2114,10 @@ static void qxl_realize_common(PCIQXLDevice *qxl, Error **errp) pci_device_rev = QXL_REVISION_STABLE_V12; io_size = pow2ceil(QXL_IO_RANGE_SIZE); break; + case 5: /* qxl-5 */ + pci_device_rev = QXL_REVISION_STABLE_V12 + 1; + io_size = pow2ceil(QXL_IO_RANGE_SIZE); + break; default: error_setg(errp, "Invalid revision %d for qxl device (max %d)", qxl->revision, QXL_DEFAULT_REVISION); @@ -2126,7 +2128,7 @@ static void qxl_realize_common(PCIQXLDevice *qxl, Error **errp) pci_set_byte(&config[PCI_INTERRUPT_PIN], 1); qxl->rom_size = qxl_rom_size(); - memory_region_init_ram(&qxl->rom_bar, OBJECT(qxl), "qxl.vrom", + memory_region_init_rom(&qxl->rom_bar, OBJECT(qxl), "qxl.vrom", qxl->rom_size, &error_fatal); init_qxl_rom(qxl); init_qxl_ram(qxl); @@ -2139,7 +2141,7 @@ static void qxl_realize_common(PCIQXLDevice *qxl, Error **errp) memory_region_init_io(&qxl->io_bar, OBJECT(qxl), &qxl_io_ops, qxl, "qxl-ioports", io_size); - if (qxl->id == 0) { + if (qxl->have_vga) { vga_dirty_log_start(&qxl->vga); } memory_region_set_flush_coalesced(&qxl->io_bar); @@ -2171,7 +2173,7 @@ static void qxl_realize_common(PCIQXLDevice *qxl, Error **errp) /* print pci bar details */ dprint(qxl, 1, "ram/%s: %" PRId64 " MB [region 0]\n", - qxl->id == 0 ? "pri" : "sec", qxl->vga.vram_size / MiB); + qxl->have_vga ? "pri" : "sec", qxl->vga.vram_size / MiB); dprint(qxl, 1, "vram/32: %" PRIx64 " MB [region 1]\n", qxl->vram32_size / MiB); dprint(qxl, 1, "vram/64: %" PRIx64 " MB %s\n", @@ -2184,13 +2186,32 @@ static void qxl_realize_common(PCIQXLDevice *qxl, Error **errp) SPICE_INTERFACE_QXL_MAJOR, SPICE_INTERFACE_QXL_MINOR); return; } + +#if SPICE_SERVER_VERSION >= 0x000e02 /* release 0.14.2 */ + Error *err = NULL; + char device_address[256] = ""; + if (qemu_console_fill_device_address(qxl->vga.con, + device_address, sizeof(device_address), + &err)) { + spice_qxl_set_device_info(&qxl->ssd.qxl, + device_address, + 0, + qxl->max_outputs); + } else { + error_report_err(err); + } +#endif + qemu_add_vm_change_state_handler(qxl_vm_change_state_handler, qxl); - qxl->update_irq = qemu_bh_new(qxl_update_irq_bh, qxl); + qxl->update_irq = qemu_bh_new_guarded(qxl_update_irq_bh, qxl, + &DEVICE(qxl)->mem_reentrancy_guard); qxl_reset_state(qxl); - qxl->update_area_bh = qemu_bh_new(qxl_render_update_area_bh, qxl); - qxl->ssd.cursor_bh = qemu_bh_new(qemu_spice_cursor_refresh_bh, &qxl->ssd); + qxl->update_area_bh = qemu_bh_new_guarded(qxl_render_update_area_bh, qxl, + &DEVICE(qxl)->mem_reentrancy_guard); + qxl->ssd.cursor_bh = qemu_bh_new_guarded(qemu_spice_cursor_refresh_bh, &qxl->ssd, + &DEVICE(qxl)->mem_reentrancy_guard); } static void qxl_realize_primary(PCIDevice *dev, Error **errp) @@ -2199,19 +2220,29 @@ static void qxl_realize_primary(PCIDevice *dev, Error **errp) VGACommonState *vga = &qxl->vga; Error *local_err = NULL; - qxl->id = 0; qxl_init_ramsize(qxl); vga->vbe_size = qxl->vgamem_size; vga->vram_size_mb = qxl->vga.vram_size / MiB; - vga_common_init(vga, OBJECT(dev)); + vga_common_init(vga, OBJECT(dev), &local_err); + if (local_err) { + error_propagate(errp, local_err); + return; + } vga_init(vga, OBJECT(dev), pci_address_space(dev), pci_address_space_io(dev), false); portio_list_init(&qxl->vga_port_list, OBJECT(dev), qxl_vga_portio_list, vga, "vga"); portio_list_set_flush_coalesced(&qxl->vga_port_list); portio_list_add(&qxl->vga_port_list, pci_address_space_io(dev), 0x3b0); + qxl->have_vga = true; vga->con = graphic_console_init(DEVICE(dev), 0, &qxl_ops, qxl); + qxl->id = qemu_console_get_index(vga->con); /* == channel_id */ + if (qxl->id != 0) { + error_setg(errp, "primary qxl-vga device must be console 0 " + "(first display device on the command line)"); + return; + } qxl_realize_common(qxl, &local_err); if (local_err) { @@ -2226,15 +2257,15 @@ static void qxl_realize_primary(PCIDevice *dev, Error **errp) static void qxl_realize_secondary(PCIDevice *dev, Error **errp) { - static int device_id = 1; PCIQXLDevice *qxl = PCI_QXL(dev); - qxl->id = device_id++; qxl_init_ramsize(qxl); memory_region_init_ram(&qxl->vga.vram, OBJECT(dev), "qxl.vgavram", qxl->vga.vram_size, &error_fatal); qxl->vga.vram_ptr = memory_region_get_ram_ptr(&qxl->vga.vram); qxl->vga.con = graphic_console_init(DEVICE(dev), 0, &qxl_ops, qxl); + qxl->ssd.dcl.con = qxl->vga.con; + qxl->id = qemu_console_get_index(qxl->vga.con); /* == channel_id */ qxl_realize_common(qxl, errp); } @@ -2250,7 +2281,9 @@ static int qxl_pre_save(void *opaque) } else { d->last_release_offset = (uint8_t *)d->last_release - ram_start; } - assert(d->last_release_offset < d->vga.vram_size); + if (d->last_release_offset >= d->vga.vram_size) { + return 1; + } return 0; } @@ -2351,11 +2384,11 @@ static bool qxl_monitors_config_needed(void *opaque) } -static VMStateDescription qxl_memslot = { +static const VMStateDescription qxl_memslot = { .name = "qxl-memslot", .version_id = QXL_SAVE_VERSION, .minimum_version_id = QXL_SAVE_VERSION, - .fields = (VMStateField[]) { + .fields = (const VMStateField[]) { VMSTATE_UINT64(slot.mem_start, struct guest_slots), VMSTATE_UINT64(slot.mem_end, struct guest_slots), VMSTATE_UINT32(active, struct guest_slots), @@ -2363,11 +2396,11 @@ static VMStateDescription qxl_memslot = { } }; -static VMStateDescription qxl_surface = { +static const VMStateDescription qxl_surface = { .name = "qxl-surface", .version_id = QXL_SAVE_VERSION, .minimum_version_id = QXL_SAVE_VERSION, - .fields = (VMStateField[]) { + .fields = (const VMStateField[]) { VMSTATE_UINT32(width, QXLSurfaceCreate), VMSTATE_UINT32(height, QXLSurfaceCreate), VMSTATE_INT32(stride, QXLSurfaceCreate), @@ -2381,25 +2414,25 @@ static VMStateDescription qxl_surface = { } }; -static VMStateDescription qxl_vmstate_monitors_config = { +static const VMStateDescription qxl_vmstate_monitors_config = { .name = "qxl/monitors-config", .version_id = 1, .minimum_version_id = 1, .needed = qxl_monitors_config_needed, - .fields = (VMStateField[]) { + .fields = (const VMStateField[]) { VMSTATE_UINT64(guest_monitors_config, PCIQXLDevice), VMSTATE_END_OF_LIST() }, }; -static VMStateDescription qxl_vmstate = { +static const VMStateDescription qxl_vmstate = { .name = "qxl", .version_id = QXL_SAVE_VERSION, .minimum_version_id = QXL_SAVE_VERSION, .pre_save = qxl_pre_save, .pre_load = qxl_pre_load, .post_load = qxl_post_load, - .fields = (VMStateField[]) { + .fields = (const VMStateField[]) { VMSTATE_PCI_DEVICE(pci, PCIQXLDevice), VMSTATE_STRUCT(vga, PCIQXLDevice, 0, vmstate_vga_common, VGACommonState), VMSTATE_UINT32(shadow_rom.mode, PCIQXLDevice), @@ -2419,7 +2452,7 @@ static VMStateDescription qxl_vmstate = { VMSTATE_UINT64(guest_cursor, PCIQXLDevice), VMSTATE_END_OF_LIST() }, - .subsections = (const VMStateDescription*[]) { + .subsections = (const VMStateDescription * const []) { &qxl_vmstate_monitors_config, NULL } @@ -2438,9 +2471,7 @@ static Property qxl_properties[] = { DEFINE_PROP_UINT32("vram64_size_mb", PCIQXLDevice, vram_size_mb, -1), DEFINE_PROP_UINT32("vgamem_mb", PCIQXLDevice, vgamem_size_mb, 16), DEFINE_PROP_INT32("surfaces", PCIQXLDevice, ssd.num_surfaces, 1024), -#if SPICE_SERVER_VERSION >= 0x000c06 /* release 0.12.6 */ DEFINE_PROP_UINT16("max_outputs", PCIQXLDevice, max_outputs, 0), -#endif DEFINE_PROP_UINT32("xres", PCIQXLDevice, xres, 0), DEFINE_PROP_UINT32("yres", PCIQXLDevice, yres, 0), DEFINE_PROP_BOOL("global-vmstate", PCIQXLDevice, vga.global_vmstate, false), @@ -2457,7 +2488,7 @@ static void qxl_pci_class_init(ObjectClass *klass, void *data) set_bit(DEVICE_CATEGORY_DISPLAY, dc->categories); dc->reset = qxl_reset_handler; dc->vmsd = &qxl_vmstate; - dc->props = qxl_properties; + device_class_set_props(dc, qxl_properties); } static const TypeInfo qxl_pci_type_info = { @@ -2489,6 +2520,8 @@ static const TypeInfo qxl_primary_info = { .parent = TYPE_PCI_QXL, .class_init = qxl_primary_class_init, }; +module_obj("qxl-vga"); +module_kconfig(QXL); static void qxl_secondary_class_init(ObjectClass *klass, void *data) { @@ -2505,6 +2538,7 @@ static const TypeInfo qxl_secondary_info = { .parent = TYPE_PCI_QXL, .class_init = qxl_secondary_class_init, }; +module_obj("qxl"); static void qxl_register_types(void) { @@ -2514,3 +2548,5 @@ static void qxl_register_types(void) } type_init(qxl_register_types) + +module_dep("ui-spice-core"); |