lsi: Fix value overflow in request tag processing
[qemu/mdroth.git] / hw / vmware_vga.c
blobe70936913d0cdfec3b756a61af15e11eabe3a08f
1 /*
2 * QEMU VMware-SVGA "chipset".
4 * Copyright (c) 2007 Andrzej Zaborowski <balrog@zabor.org>
6 * Permission is hereby granted, free of charge, to any person obtaining a copy
7 * of this software and associated documentation files (the "Software"), to deal
8 * in the Software without restriction, including without limitation the rights
9 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
10 * copies of the Software, and to permit persons to whom the Software is
11 * furnished to do so, subject to the following conditions:
13 * The above copyright notice and this permission notice shall be included in
14 * all copies or substantial portions of the Software.
16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
19 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
21 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
22 * THE SOFTWARE.
24 #include "hw.h"
25 #include "loader.h"
26 #include "console.h"
27 #include "pci.h"
28 #include "vmware_vga.h"
30 #define VERBOSE
31 #undef DIRECT_VRAM
32 #define HW_RECT_ACCEL
33 #define HW_FILL_ACCEL
34 #define HW_MOUSE_ACCEL
36 # include "vga_int.h"
38 struct vmsvga_state_s {
39 VGACommonState vga;
41 int width;
42 int height;
43 int invalidated;
44 int depth;
45 int bypp;
46 int enable;
47 int config;
48 struct {
49 int id;
50 int x;
51 int y;
52 int on;
53 } cursor;
55 target_phys_addr_t vram_base;
57 int index;
58 int scratch_size;
59 uint32_t *scratch;
60 int new_width;
61 int new_height;
62 uint32_t guest;
63 uint32_t svgaid;
64 uint32_t wred;
65 uint32_t wgreen;
66 uint32_t wblue;
67 int syncing;
68 int fb_size;
70 ram_addr_t fifo_offset;
71 uint8_t *fifo_ptr;
72 unsigned int fifo_size;
73 target_phys_addr_t fifo_base;
75 union {
76 uint32_t *fifo;
77 struct __attribute__((__packed__)) {
78 uint32_t min;
79 uint32_t max;
80 uint32_t next_cmd;
81 uint32_t stop;
82 /* Add registers here when adding capabilities. */
83 uint32_t fifo[0];
84 } *cmd;
87 #define REDRAW_FIFO_LEN 512
88 struct vmsvga_rect_s {
89 int x, y, w, h;
90 } redraw_fifo[REDRAW_FIFO_LEN];
91 int redraw_fifo_first, redraw_fifo_last;
94 struct pci_vmsvga_state_s {
95 PCIDevice card;
96 struct vmsvga_state_s chip;
99 #define SVGA_MAGIC 0x900000UL
100 #define SVGA_MAKE_ID(ver) (SVGA_MAGIC << 8 | (ver))
101 #define SVGA_ID_0 SVGA_MAKE_ID(0)
102 #define SVGA_ID_1 SVGA_MAKE_ID(1)
103 #define SVGA_ID_2 SVGA_MAKE_ID(2)
105 #define SVGA_LEGACY_BASE_PORT 0x4560
106 #define SVGA_INDEX_PORT 0x0
107 #define SVGA_VALUE_PORT 0x1
108 #define SVGA_BIOS_PORT 0x2
110 #define SVGA_VERSION_2
112 #ifdef SVGA_VERSION_2
113 # define SVGA_ID SVGA_ID_2
114 # define SVGA_IO_BASE SVGA_LEGACY_BASE_PORT
115 # define SVGA_IO_MUL 1
116 # define SVGA_FIFO_SIZE 0x10000
117 # define SVGA_MEM_BASE 0xe0000000
118 # define SVGA_PCI_DEVICE_ID PCI_DEVICE_ID_VMWARE_SVGA2
119 #else
120 # define SVGA_ID SVGA_ID_1
121 # define SVGA_IO_BASE SVGA_LEGACY_BASE_PORT
122 # define SVGA_IO_MUL 4
123 # define SVGA_FIFO_SIZE 0x10000
124 # define SVGA_MEM_BASE 0xe0000000
125 # define SVGA_PCI_DEVICE_ID PCI_DEVICE_ID_VMWARE_SVGA
126 #endif
128 enum {
129 /* ID 0, 1 and 2 registers */
130 SVGA_REG_ID = 0,
131 SVGA_REG_ENABLE = 1,
132 SVGA_REG_WIDTH = 2,
133 SVGA_REG_HEIGHT = 3,
134 SVGA_REG_MAX_WIDTH = 4,
135 SVGA_REG_MAX_HEIGHT = 5,
136 SVGA_REG_DEPTH = 6,
137 SVGA_REG_BITS_PER_PIXEL = 7, /* Current bpp in the guest */
138 SVGA_REG_PSEUDOCOLOR = 8,
139 SVGA_REG_RED_MASK = 9,
140 SVGA_REG_GREEN_MASK = 10,
141 SVGA_REG_BLUE_MASK = 11,
142 SVGA_REG_BYTES_PER_LINE = 12,
143 SVGA_REG_FB_START = 13,
144 SVGA_REG_FB_OFFSET = 14,
145 SVGA_REG_VRAM_SIZE = 15,
146 SVGA_REG_FB_SIZE = 16,
148 /* ID 1 and 2 registers */
149 SVGA_REG_CAPABILITIES = 17,
150 SVGA_REG_MEM_START = 18, /* Memory for command FIFO */
151 SVGA_REG_MEM_SIZE = 19,
152 SVGA_REG_CONFIG_DONE = 20, /* Set when memory area configured */
153 SVGA_REG_SYNC = 21, /* Write to force synchronization */
154 SVGA_REG_BUSY = 22, /* Read to check if sync is done */
155 SVGA_REG_GUEST_ID = 23, /* Set guest OS identifier */
156 SVGA_REG_CURSOR_ID = 24, /* ID of cursor */
157 SVGA_REG_CURSOR_X = 25, /* Set cursor X position */
158 SVGA_REG_CURSOR_Y = 26, /* Set cursor Y position */
159 SVGA_REG_CURSOR_ON = 27, /* Turn cursor on/off */
160 SVGA_REG_HOST_BITS_PER_PIXEL = 28, /* Current bpp in the host */
161 SVGA_REG_SCRATCH_SIZE = 29, /* Number of scratch registers */
162 SVGA_REG_MEM_REGS = 30, /* Number of FIFO registers */
163 SVGA_REG_NUM_DISPLAYS = 31, /* Number of guest displays */
164 SVGA_REG_PITCHLOCK = 32, /* Fixed pitch for all modes */
166 SVGA_PALETTE_BASE = 1024, /* Base of SVGA color map */
167 SVGA_PALETTE_END = SVGA_PALETTE_BASE + 767,
168 SVGA_SCRATCH_BASE = SVGA_PALETTE_BASE + 768,
171 #define SVGA_CAP_NONE 0
172 #define SVGA_CAP_RECT_FILL (1 << 0)
173 #define SVGA_CAP_RECT_COPY (1 << 1)
174 #define SVGA_CAP_RECT_PAT_FILL (1 << 2)
175 #define SVGA_CAP_LEGACY_OFFSCREEN (1 << 3)
176 #define SVGA_CAP_RASTER_OP (1 << 4)
177 #define SVGA_CAP_CURSOR (1 << 5)
178 #define SVGA_CAP_CURSOR_BYPASS (1 << 6)
179 #define SVGA_CAP_CURSOR_BYPASS_2 (1 << 7)
180 #define SVGA_CAP_8BIT_EMULATION (1 << 8)
181 #define SVGA_CAP_ALPHA_CURSOR (1 << 9)
182 #define SVGA_CAP_GLYPH (1 << 10)
183 #define SVGA_CAP_GLYPH_CLIPPING (1 << 11)
184 #define SVGA_CAP_OFFSCREEN_1 (1 << 12)
185 #define SVGA_CAP_ALPHA_BLEND (1 << 13)
186 #define SVGA_CAP_3D (1 << 14)
187 #define SVGA_CAP_EXTENDED_FIFO (1 << 15)
188 #define SVGA_CAP_MULTIMON (1 << 16)
189 #define SVGA_CAP_PITCHLOCK (1 << 17)
192 * FIFO offsets (seen as an array of 32-bit words)
194 enum {
196 * The original defined FIFO offsets
198 SVGA_FIFO_MIN = 0,
199 SVGA_FIFO_MAX, /* The distance from MIN to MAX must be at least 10K */
200 SVGA_FIFO_NEXT_CMD,
201 SVGA_FIFO_STOP,
204 * Additional offsets added as of SVGA_CAP_EXTENDED_FIFO
206 SVGA_FIFO_CAPABILITIES = 4,
207 SVGA_FIFO_FLAGS,
208 SVGA_FIFO_FENCE,
209 SVGA_FIFO_3D_HWVERSION,
210 SVGA_FIFO_PITCHLOCK,
213 #define SVGA_FIFO_CAP_NONE 0
214 #define SVGA_FIFO_CAP_FENCE (1 << 0)
215 #define SVGA_FIFO_CAP_ACCELFRONT (1 << 1)
216 #define SVGA_FIFO_CAP_PITCHLOCK (1 << 2)
218 #define SVGA_FIFO_FLAG_NONE 0
219 #define SVGA_FIFO_FLAG_ACCELFRONT (1 << 0)
221 /* These values can probably be changed arbitrarily. */
222 #define SVGA_SCRATCH_SIZE 0x8000
223 #define SVGA_MAX_WIDTH 2360
224 #define SVGA_MAX_HEIGHT 1770
226 #ifdef VERBOSE
227 # define GUEST_OS_BASE 0x5001
228 static const char *vmsvga_guest_id[] = {
229 [0x00] = "Dos",
230 [0x01] = "Windows 3.1",
231 [0x02] = "Windows 95",
232 [0x03] = "Windows 98",
233 [0x04] = "Windows ME",
234 [0x05] = "Windows NT",
235 [0x06] = "Windows 2000",
236 [0x07] = "Linux",
237 [0x08] = "OS/2",
238 [0x09] = "an unknown OS",
239 [0x0a] = "BSD",
240 [0x0b] = "Whistler",
241 [0x0c] = "an unknown OS",
242 [0x0d] = "an unknown OS",
243 [0x0e] = "an unknown OS",
244 [0x0f] = "an unknown OS",
245 [0x10] = "an unknown OS",
246 [0x11] = "an unknown OS",
247 [0x12] = "an unknown OS",
248 [0x13] = "an unknown OS",
249 [0x14] = "an unknown OS",
250 [0x15] = "Windows 2003",
252 #endif
254 enum {
255 SVGA_CMD_INVALID_CMD = 0,
256 SVGA_CMD_UPDATE = 1,
257 SVGA_CMD_RECT_FILL = 2,
258 SVGA_CMD_RECT_COPY = 3,
259 SVGA_CMD_DEFINE_BITMAP = 4,
260 SVGA_CMD_DEFINE_BITMAP_SCANLINE = 5,
261 SVGA_CMD_DEFINE_PIXMAP = 6,
262 SVGA_CMD_DEFINE_PIXMAP_SCANLINE = 7,
263 SVGA_CMD_RECT_BITMAP_FILL = 8,
264 SVGA_CMD_RECT_PIXMAP_FILL = 9,
265 SVGA_CMD_RECT_BITMAP_COPY = 10,
266 SVGA_CMD_RECT_PIXMAP_COPY = 11,
267 SVGA_CMD_FREE_OBJECT = 12,
268 SVGA_CMD_RECT_ROP_FILL = 13,
269 SVGA_CMD_RECT_ROP_COPY = 14,
270 SVGA_CMD_RECT_ROP_BITMAP_FILL = 15,
271 SVGA_CMD_RECT_ROP_PIXMAP_FILL = 16,
272 SVGA_CMD_RECT_ROP_BITMAP_COPY = 17,
273 SVGA_CMD_RECT_ROP_PIXMAP_COPY = 18,
274 SVGA_CMD_DEFINE_CURSOR = 19,
275 SVGA_CMD_DISPLAY_CURSOR = 20,
276 SVGA_CMD_MOVE_CURSOR = 21,
277 SVGA_CMD_DEFINE_ALPHA_CURSOR = 22,
278 SVGA_CMD_DRAW_GLYPH = 23,
279 SVGA_CMD_DRAW_GLYPH_CLIPPED = 24,
280 SVGA_CMD_UPDATE_VERBOSE = 25,
281 SVGA_CMD_SURFACE_FILL = 26,
282 SVGA_CMD_SURFACE_COPY = 27,
283 SVGA_CMD_SURFACE_ALPHA_BLEND = 28,
284 SVGA_CMD_FRONT_ROP_FILL = 29,
285 SVGA_CMD_FENCE = 30,
288 /* Legal values for the SVGA_REG_CURSOR_ON register in cursor bypass mode */
289 enum {
290 SVGA_CURSOR_ON_HIDE = 0,
291 SVGA_CURSOR_ON_SHOW = 1,
292 SVGA_CURSOR_ON_REMOVE_FROM_FB = 2,
293 SVGA_CURSOR_ON_RESTORE_TO_FB = 3,
296 static inline void vmsvga_update_rect(struct vmsvga_state_s *s,
297 int x, int y, int w, int h)
299 #ifndef DIRECT_VRAM
300 int line;
301 int bypl;
302 int width;
303 int start;
304 uint8_t *src;
305 uint8_t *dst;
307 if (x + w > s->width) {
308 fprintf(stderr, "%s: update width too large x: %d, w: %d\n",
309 __FUNCTION__, x, w);
310 x = MIN(x, s->width);
311 w = s->width - x;
314 if (y + h > s->height) {
315 fprintf(stderr, "%s: update height too large y: %d, h: %d\n",
316 __FUNCTION__, y, h);
317 y = MIN(y, s->height);
318 h = s->height - y;
321 line = h;
322 bypl = s->bypp * s->width;
323 width = s->bypp * w;
324 start = s->bypp * x + bypl * y;
325 src = s->vga.vram_ptr + start;
326 dst = ds_get_data(s->vga.ds) + start;
328 for (; line > 0; line --, src += bypl, dst += bypl)
329 memcpy(dst, src, width);
330 #endif
332 dpy_update(s->vga.ds, x, y, w, h);
335 static inline void vmsvga_update_screen(struct vmsvga_state_s *s)
337 #ifndef DIRECT_VRAM
338 memcpy(ds_get_data(s->vga.ds), s->vga.vram_ptr, s->bypp * s->width * s->height);
339 #endif
341 dpy_update(s->vga.ds, 0, 0, s->width, s->height);
344 #ifdef DIRECT_VRAM
345 # define vmsvga_update_rect_delayed vmsvga_update_rect
346 #else
347 static inline void vmsvga_update_rect_delayed(struct vmsvga_state_s *s,
348 int x, int y, int w, int h)
350 struct vmsvga_rect_s *rect = &s->redraw_fifo[s->redraw_fifo_last ++];
351 s->redraw_fifo_last &= REDRAW_FIFO_LEN - 1;
352 rect->x = x;
353 rect->y = y;
354 rect->w = w;
355 rect->h = h;
357 #endif
359 static inline void vmsvga_update_rect_flush(struct vmsvga_state_s *s)
361 struct vmsvga_rect_s *rect;
362 if (s->invalidated) {
363 s->redraw_fifo_first = s->redraw_fifo_last;
364 return;
366 /* Overlapping region updates can be optimised out here - if someone
367 * knows a smart algorithm to do that, please share. */
368 while (s->redraw_fifo_first != s->redraw_fifo_last) {
369 rect = &s->redraw_fifo[s->redraw_fifo_first ++];
370 s->redraw_fifo_first &= REDRAW_FIFO_LEN - 1;
371 vmsvga_update_rect(s, rect->x, rect->y, rect->w, rect->h);
375 #ifdef HW_RECT_ACCEL
376 static inline void vmsvga_copy_rect(struct vmsvga_state_s *s,
377 int x0, int y0, int x1, int y1, int w, int h)
379 # ifdef DIRECT_VRAM
380 uint8_t *vram = ds_get_data(s->ds);
381 # else
382 uint8_t *vram = s->vga.vram_ptr;
383 # endif
384 int bypl = s->bypp * s->width;
385 int width = s->bypp * w;
386 int line = h;
387 uint8_t *ptr[2];
389 # ifdef DIRECT_VRAM
390 if (s->ds->dpy_copy)
391 qemu_console_copy(s->ds, x0, y0, x1, y1, w, h);
392 else
393 # endif
395 if (y1 > y0) {
396 ptr[0] = vram + s->bypp * x0 + bypl * (y0 + h - 1);
397 ptr[1] = vram + s->bypp * x1 + bypl * (y1 + h - 1);
398 for (; line > 0; line --, ptr[0] -= bypl, ptr[1] -= bypl)
399 memmove(ptr[1], ptr[0], width);
400 } else {
401 ptr[0] = vram + s->bypp * x0 + bypl * y0;
402 ptr[1] = vram + s->bypp * x1 + bypl * y1;
403 for (; line > 0; line --, ptr[0] += bypl, ptr[1] += bypl)
404 memmove(ptr[1], ptr[0], width);
408 vmsvga_update_rect_delayed(s, x1, y1, w, h);
410 #endif
412 #ifdef HW_FILL_ACCEL
413 static inline void vmsvga_fill_rect(struct vmsvga_state_s *s,
414 uint32_t c, int x, int y, int w, int h)
416 # ifdef DIRECT_VRAM
417 uint8_t *vram = ds_get_data(s->ds);
418 # else
419 uint8_t *vram = s->vga.vram_ptr;
420 # endif
421 int bypp = s->bypp;
422 int bypl = bypp * s->width;
423 int width = bypp * w;
424 int line = h;
425 int column;
426 uint8_t *fst = vram + bypp * x + bypl * y;
427 uint8_t *dst;
428 uint8_t *src;
429 uint8_t col[4];
431 # ifdef DIRECT_VRAM
432 if (s->ds->dpy_fill)
433 s->ds->dpy_fill(s->ds, x, y, w, h, c);
434 else
435 # endif
437 col[0] = c;
438 col[1] = c >> 8;
439 col[2] = c >> 16;
440 col[3] = c >> 24;
442 if (line --) {
443 dst = fst;
444 src = col;
445 for (column = width; column > 0; column --) {
446 *(dst ++) = *(src ++);
447 if (src - col == bypp)
448 src = col;
450 dst = fst;
451 for (; line > 0; line --) {
452 dst += bypl;
453 memcpy(dst, fst, width);
458 vmsvga_update_rect_delayed(s, x, y, w, h);
460 #endif
462 struct vmsvga_cursor_definition_s {
463 int width;
464 int height;
465 int id;
466 int bpp;
467 int hot_x;
468 int hot_y;
469 uint32_t mask[1024];
470 uint32_t image[4096];
473 #define SVGA_BITMAP_SIZE(w, h) ((((w) + 31) >> 5) * (h))
474 #define SVGA_PIXMAP_SIZE(w, h, bpp) (((((w) * (bpp)) + 31) >> 5) * (h))
476 #ifdef HW_MOUSE_ACCEL
477 static inline void vmsvga_cursor_define(struct vmsvga_state_s *s,
478 struct vmsvga_cursor_definition_s *c)
480 int i;
481 for (i = SVGA_BITMAP_SIZE(c->width, c->height) - 1; i >= 0; i --)
482 c->mask[i] = ~c->mask[i];
484 if (s->vga.ds->cursor_define)
485 s->vga.ds->cursor_define(c->width, c->height, c->bpp, c->hot_x, c->hot_y,
486 (uint8_t *) c->image, (uint8_t *) c->mask);
488 #endif
490 #define CMD(f) le32_to_cpu(s->cmd->f)
492 static inline int vmsvga_fifo_empty(struct vmsvga_state_s *s)
494 if (!s->config || !s->enable)
495 return 1;
496 return (s->cmd->next_cmd == s->cmd->stop);
499 static inline uint32_t vmsvga_fifo_read_raw(struct vmsvga_state_s *s)
501 uint32_t cmd = s->fifo[CMD(stop) >> 2];
502 s->cmd->stop = cpu_to_le32(CMD(stop) + 4);
503 if (CMD(stop) >= CMD(max))
504 s->cmd->stop = s->cmd->min;
505 return cmd;
508 static inline uint32_t vmsvga_fifo_read(struct vmsvga_state_s *s)
510 return le32_to_cpu(vmsvga_fifo_read_raw(s));
513 static void vmsvga_fifo_run(struct vmsvga_state_s *s)
515 uint32_t cmd, colour;
516 int args = 0;
517 int x, y, dx, dy, width, height;
518 struct vmsvga_cursor_definition_s cursor;
519 while (!vmsvga_fifo_empty(s))
520 switch (cmd = vmsvga_fifo_read(s)) {
521 case SVGA_CMD_UPDATE:
522 case SVGA_CMD_UPDATE_VERBOSE:
523 x = vmsvga_fifo_read(s);
524 y = vmsvga_fifo_read(s);
525 width = vmsvga_fifo_read(s);
526 height = vmsvga_fifo_read(s);
527 vmsvga_update_rect_delayed(s, x, y, width, height);
528 break;
530 case SVGA_CMD_RECT_FILL:
531 colour = vmsvga_fifo_read(s);
532 x = vmsvga_fifo_read(s);
533 y = vmsvga_fifo_read(s);
534 width = vmsvga_fifo_read(s);
535 height = vmsvga_fifo_read(s);
536 #ifdef HW_FILL_ACCEL
537 vmsvga_fill_rect(s, colour, x, y, width, height);
538 break;
539 #else
540 goto badcmd;
541 #endif
543 case SVGA_CMD_RECT_COPY:
544 x = vmsvga_fifo_read(s);
545 y = vmsvga_fifo_read(s);
546 dx = vmsvga_fifo_read(s);
547 dy = vmsvga_fifo_read(s);
548 width = vmsvga_fifo_read(s);
549 height = vmsvga_fifo_read(s);
550 #ifdef HW_RECT_ACCEL
551 vmsvga_copy_rect(s, x, y, dx, dy, width, height);
552 break;
553 #else
554 goto badcmd;
555 #endif
557 case SVGA_CMD_DEFINE_CURSOR:
558 cursor.id = vmsvga_fifo_read(s);
559 cursor.hot_x = vmsvga_fifo_read(s);
560 cursor.hot_y = vmsvga_fifo_read(s);
561 cursor.width = x = vmsvga_fifo_read(s);
562 cursor.height = y = vmsvga_fifo_read(s);
563 vmsvga_fifo_read(s);
564 cursor.bpp = vmsvga_fifo_read(s);
566 if (SVGA_BITMAP_SIZE(x, y) > sizeof cursor.mask ||
567 SVGA_PIXMAP_SIZE(x, y, cursor.bpp) > sizeof cursor.image) {
568 args = SVGA_BITMAP_SIZE(x, y) + SVGA_PIXMAP_SIZE(x, y, cursor.bpp);
569 goto badcmd;
572 for (args = 0; args < SVGA_BITMAP_SIZE(x, y); args ++)
573 cursor.mask[args] = vmsvga_fifo_read_raw(s);
574 for (args = 0; args < SVGA_PIXMAP_SIZE(x, y, cursor.bpp); args ++)
575 cursor.image[args] = vmsvga_fifo_read_raw(s);
576 #ifdef HW_MOUSE_ACCEL
577 vmsvga_cursor_define(s, &cursor);
578 break;
579 #else
580 args = 0;
581 goto badcmd;
582 #endif
585 * Other commands that we at least know the number of arguments
586 * for so we can avoid FIFO desync if driver uses them illegally.
588 case SVGA_CMD_DEFINE_ALPHA_CURSOR:
589 vmsvga_fifo_read(s);
590 vmsvga_fifo_read(s);
591 vmsvga_fifo_read(s);
592 x = vmsvga_fifo_read(s);
593 y = vmsvga_fifo_read(s);
594 args = x * y;
595 goto badcmd;
596 case SVGA_CMD_RECT_ROP_FILL:
597 args = 6;
598 goto badcmd;
599 case SVGA_CMD_RECT_ROP_COPY:
600 args = 7;
601 goto badcmd;
602 case SVGA_CMD_DRAW_GLYPH_CLIPPED:
603 vmsvga_fifo_read(s);
604 vmsvga_fifo_read(s);
605 args = 7 + (vmsvga_fifo_read(s) >> 2);
606 goto badcmd;
607 case SVGA_CMD_SURFACE_ALPHA_BLEND:
608 args = 12;
609 goto badcmd;
612 * Other commands that are not listed as depending on any
613 * CAPABILITIES bits, but are not described in the README either.
615 case SVGA_CMD_SURFACE_FILL:
616 case SVGA_CMD_SURFACE_COPY:
617 case SVGA_CMD_FRONT_ROP_FILL:
618 case SVGA_CMD_FENCE:
619 case SVGA_CMD_INVALID_CMD:
620 break; /* Nop */
622 default:
623 badcmd:
624 while (args --)
625 vmsvga_fifo_read(s);
626 printf("%s: Unknown command 0x%02x in SVGA command FIFO\n",
627 __FUNCTION__, cmd);
628 break;
631 s->syncing = 0;
634 static uint32_t vmsvga_index_read(void *opaque, uint32_t address)
636 struct vmsvga_state_s *s = opaque;
637 return s->index;
640 static void vmsvga_index_write(void *opaque, uint32_t address, uint32_t index)
642 struct vmsvga_state_s *s = opaque;
643 s->index = index;
646 static uint32_t vmsvga_value_read(void *opaque, uint32_t address)
648 uint32_t caps;
649 struct vmsvga_state_s *s = opaque;
650 switch (s->index) {
651 case SVGA_REG_ID:
652 return s->svgaid;
654 case SVGA_REG_ENABLE:
655 return s->enable;
657 case SVGA_REG_WIDTH:
658 return s->width;
660 case SVGA_REG_HEIGHT:
661 return s->height;
663 case SVGA_REG_MAX_WIDTH:
664 return SVGA_MAX_WIDTH;
666 case SVGA_REG_MAX_HEIGHT:
667 return SVGA_MAX_HEIGHT;
669 case SVGA_REG_DEPTH:
670 return s->depth;
672 case SVGA_REG_BITS_PER_PIXEL:
673 return (s->depth + 7) & ~7;
675 case SVGA_REG_PSEUDOCOLOR:
676 return 0x0;
678 case SVGA_REG_RED_MASK:
679 return s->wred;
680 case SVGA_REG_GREEN_MASK:
681 return s->wgreen;
682 case SVGA_REG_BLUE_MASK:
683 return s->wblue;
685 case SVGA_REG_BYTES_PER_LINE:
686 return ((s->depth + 7) >> 3) * s->new_width;
688 case SVGA_REG_FB_START:
689 return s->vram_base;
691 case SVGA_REG_FB_OFFSET:
692 return 0x0;
694 case SVGA_REG_VRAM_SIZE:
695 return s->vga.vram_size;
697 case SVGA_REG_FB_SIZE:
698 return s->fb_size;
700 case SVGA_REG_CAPABILITIES:
701 caps = SVGA_CAP_NONE;
702 #ifdef HW_RECT_ACCEL
703 caps |= SVGA_CAP_RECT_COPY;
704 #endif
705 #ifdef HW_FILL_ACCEL
706 caps |= SVGA_CAP_RECT_FILL;
707 #endif
708 #ifdef HW_MOUSE_ACCEL
709 if (s->vga.ds->mouse_set)
710 caps |= SVGA_CAP_CURSOR | SVGA_CAP_CURSOR_BYPASS_2 |
711 SVGA_CAP_CURSOR_BYPASS;
712 #endif
713 return caps;
715 case SVGA_REG_MEM_START:
716 return s->fifo_base;
718 case SVGA_REG_MEM_SIZE:
719 return s->fifo_size;
721 case SVGA_REG_CONFIG_DONE:
722 return s->config;
724 case SVGA_REG_SYNC:
725 case SVGA_REG_BUSY:
726 return s->syncing;
728 case SVGA_REG_GUEST_ID:
729 return s->guest;
731 case SVGA_REG_CURSOR_ID:
732 return s->cursor.id;
734 case SVGA_REG_CURSOR_X:
735 return s->cursor.x;
737 case SVGA_REG_CURSOR_Y:
738 return s->cursor.x;
740 case SVGA_REG_CURSOR_ON:
741 return s->cursor.on;
743 case SVGA_REG_HOST_BITS_PER_PIXEL:
744 return (s->depth + 7) & ~7;
746 case SVGA_REG_SCRATCH_SIZE:
747 return s->scratch_size;
749 case SVGA_REG_MEM_REGS:
750 case SVGA_REG_NUM_DISPLAYS:
751 case SVGA_REG_PITCHLOCK:
752 case SVGA_PALETTE_BASE ... SVGA_PALETTE_END:
753 return 0;
755 default:
756 if (s->index >= SVGA_SCRATCH_BASE &&
757 s->index < SVGA_SCRATCH_BASE + s->scratch_size)
758 return s->scratch[s->index - SVGA_SCRATCH_BASE];
759 printf("%s: Bad register %02x\n", __FUNCTION__, s->index);
762 return 0;
765 static void vmsvga_value_write(void *opaque, uint32_t address, uint32_t value)
767 struct vmsvga_state_s *s = opaque;
768 switch (s->index) {
769 case SVGA_REG_ID:
770 if (value == SVGA_ID_2 || value == SVGA_ID_1 || value == SVGA_ID_0)
771 s->svgaid = value;
772 break;
774 case SVGA_REG_ENABLE:
775 s->enable = value;
776 s->config &= !!value;
777 s->width = -1;
778 s->height = -1;
779 s->invalidated = 1;
780 s->vga.invalidate(&s->vga);
781 if (s->enable) {
782 s->fb_size = ((s->depth + 7) >> 3) * s->new_width * s->new_height;
783 vga_dirty_log_stop(&s->vga);
784 } else {
785 vga_dirty_log_start(&s->vga);
787 break;
789 case SVGA_REG_WIDTH:
790 s->new_width = value;
791 s->invalidated = 1;
792 break;
794 case SVGA_REG_HEIGHT:
795 s->new_height = value;
796 s->invalidated = 1;
797 break;
799 case SVGA_REG_DEPTH:
800 case SVGA_REG_BITS_PER_PIXEL:
801 if (value != s->depth) {
802 printf("%s: Bad colour depth: %i bits\n", __FUNCTION__, value);
803 s->config = 0;
805 break;
807 case SVGA_REG_CONFIG_DONE:
808 if (value) {
809 s->fifo = (uint32_t *) s->fifo_ptr;
810 /* Check range and alignment. */
811 if ((CMD(min) | CMD(max) |
812 CMD(next_cmd) | CMD(stop)) & 3)
813 break;
814 if (CMD(min) < (uint8_t *) s->cmd->fifo - (uint8_t *) s->fifo)
815 break;
816 if (CMD(max) > SVGA_FIFO_SIZE)
817 break;
818 if (CMD(max) < CMD(min) + 10 * 1024)
819 break;
821 s->config = !!value;
822 break;
824 case SVGA_REG_SYNC:
825 s->syncing = 1;
826 vmsvga_fifo_run(s); /* Or should we just wait for update_display? */
827 break;
829 case SVGA_REG_GUEST_ID:
830 s->guest = value;
831 #ifdef VERBOSE
832 if (value >= GUEST_OS_BASE && value < GUEST_OS_BASE +
833 ARRAY_SIZE(vmsvga_guest_id))
834 printf("%s: guest runs %s.\n", __FUNCTION__,
835 vmsvga_guest_id[value - GUEST_OS_BASE]);
836 #endif
837 break;
839 case SVGA_REG_CURSOR_ID:
840 s->cursor.id = value;
841 break;
843 case SVGA_REG_CURSOR_X:
844 s->cursor.x = value;
845 break;
847 case SVGA_REG_CURSOR_Y:
848 s->cursor.y = value;
849 break;
851 case SVGA_REG_CURSOR_ON:
852 s->cursor.on |= (value == SVGA_CURSOR_ON_SHOW);
853 s->cursor.on &= (value != SVGA_CURSOR_ON_HIDE);
854 #ifdef HW_MOUSE_ACCEL
855 if (s->vga.ds->mouse_set && value <= SVGA_CURSOR_ON_SHOW)
856 s->vga.ds->mouse_set(s->cursor.x, s->cursor.y, s->cursor.on);
857 #endif
858 break;
860 case SVGA_REG_MEM_REGS:
861 case SVGA_REG_NUM_DISPLAYS:
862 case SVGA_REG_PITCHLOCK:
863 case SVGA_PALETTE_BASE ... SVGA_PALETTE_END:
864 break;
866 default:
867 if (s->index >= SVGA_SCRATCH_BASE &&
868 s->index < SVGA_SCRATCH_BASE + s->scratch_size) {
869 s->scratch[s->index - SVGA_SCRATCH_BASE] = value;
870 break;
872 printf("%s: Bad register %02x\n", __FUNCTION__, s->index);
876 static uint32_t vmsvga_bios_read(void *opaque, uint32_t address)
878 printf("%s: what are we supposed to return?\n", __FUNCTION__);
879 return 0xcafe;
882 static void vmsvga_bios_write(void *opaque, uint32_t address, uint32_t data)
884 printf("%s: what are we supposed to do with (%08x)?\n",
885 __FUNCTION__, data);
888 static inline void vmsvga_size(struct vmsvga_state_s *s)
890 if (s->new_width != s->width || s->new_height != s->height) {
891 s->width = s->new_width;
892 s->height = s->new_height;
893 qemu_console_resize(s->vga.ds, s->width, s->height);
894 s->invalidated = 1;
898 static void vmsvga_update_display(void *opaque)
900 struct vmsvga_state_s *s = opaque;
901 if (!s->enable) {
902 s->vga.update(&s->vga);
903 return;
906 vmsvga_size(s);
908 vmsvga_fifo_run(s);
909 vmsvga_update_rect_flush(s);
912 * Is it more efficient to look at vram VGA-dirty bits or wait
913 * for the driver to issue SVGA_CMD_UPDATE?
915 if (s->invalidated) {
916 s->invalidated = 0;
917 vmsvga_update_screen(s);
921 static void vmsvga_reset(struct vmsvga_state_s *s)
923 s->index = 0;
924 s->enable = 0;
925 s->config = 0;
926 s->width = -1;
927 s->height = -1;
928 s->svgaid = SVGA_ID;
929 s->depth = ds_get_bits_per_pixel(s->vga.ds);
930 s->bypp = ds_get_bytes_per_pixel(s->vga.ds);
931 s->cursor.on = 0;
932 s->redraw_fifo_first = 0;
933 s->redraw_fifo_last = 0;
934 switch (s->depth) {
935 case 8:
936 s->wred = 0x00000007;
937 s->wgreen = 0x00000038;
938 s->wblue = 0x000000c0;
939 break;
940 case 15:
941 s->wred = 0x0000001f;
942 s->wgreen = 0x000003e0;
943 s->wblue = 0x00007c00;
944 break;
945 case 16:
946 s->wred = 0x0000001f;
947 s->wgreen = 0x000007e0;
948 s->wblue = 0x0000f800;
949 break;
950 case 24:
951 s->wred = 0x00ff0000;
952 s->wgreen = 0x0000ff00;
953 s->wblue = 0x000000ff;
954 break;
955 case 32:
956 s->wred = 0x00ff0000;
957 s->wgreen = 0x0000ff00;
958 s->wblue = 0x000000ff;
959 break;
961 s->syncing = 0;
963 vga_dirty_log_start(&s->vga);
966 static void vmsvga_invalidate_display(void *opaque)
968 struct vmsvga_state_s *s = opaque;
969 if (!s->enable) {
970 s->vga.invalidate(&s->vga);
971 return;
974 s->invalidated = 1;
977 /* save the vga display in a PPM image even if no display is
978 available */
979 static void vmsvga_screen_dump(void *opaque, const char *filename)
981 struct vmsvga_state_s *s = opaque;
982 if (!s->enable) {
983 s->vga.screen_dump(&s->vga, filename);
984 return;
987 if (s->depth == 32) {
988 DisplaySurface *ds = qemu_create_displaysurface_from(s->width,
989 s->height, 32, ds_get_linesize(s->vga.ds), s->vga.vram_ptr);
990 ppm_save(filename, ds);
991 qemu_free(ds);
995 static void vmsvga_text_update(void *opaque, console_ch_t *chardata)
997 struct vmsvga_state_s *s = opaque;
999 if (s->vga.text_update)
1000 s->vga.text_update(&s->vga, chardata);
1003 #ifdef DIRECT_VRAM
1004 static uint32_t vmsvga_vram_readb(void *opaque, target_phys_addr_t addr)
1006 struct vmsvga_state_s *s = opaque;
1007 if (addr < s->fb_size)
1008 return *(uint8_t *) (ds_get_data(s->ds) + addr);
1009 else
1010 return *(uint8_t *) (s->vram_ptr + addr);
1013 static uint32_t vmsvga_vram_readw(void *opaque, target_phys_addr_t addr)
1015 struct vmsvga_state_s *s = opaque;
1016 if (addr < s->fb_size)
1017 return *(uint16_t *) (ds_get_data(s->ds) + addr);
1018 else
1019 return *(uint16_t *) (s->vram_ptr + addr);
1022 static uint32_t vmsvga_vram_readl(void *opaque, target_phys_addr_t addr)
1024 struct vmsvga_state_s *s = opaque;
1025 if (addr < s->fb_size)
1026 return *(uint32_t *) (ds_get_data(s->ds) + addr);
1027 else
1028 return *(uint32_t *) (s->vram_ptr + addr);
1031 static void vmsvga_vram_writeb(void *opaque, target_phys_addr_t addr,
1032 uint32_t value)
1034 struct vmsvga_state_s *s = opaque;
1035 if (addr < s->fb_size)
1036 *(uint8_t *) (ds_get_data(s->ds) + addr) = value;
1037 else
1038 *(uint8_t *) (s->vram_ptr + addr) = value;
1041 static void vmsvga_vram_writew(void *opaque, target_phys_addr_t addr,
1042 uint32_t value)
1044 struct vmsvga_state_s *s = opaque;
1045 if (addr < s->fb_size)
1046 *(uint16_t *) (ds_get_data(s->ds) + addr) = value;
1047 else
1048 *(uint16_t *) (s->vram_ptr + addr) = value;
1051 static void vmsvga_vram_writel(void *opaque, target_phys_addr_t addr,
1052 uint32_t value)
1054 struct vmsvga_state_s *s = opaque;
1055 if (addr < s->fb_size)
1056 *(uint32_t *) (ds_get_data(s->ds) + addr) = value;
1057 else
1058 *(uint32_t *) (s->vram_ptr + addr) = value;
1061 static CPUReadMemoryFunc * const vmsvga_vram_read[] = {
1062 vmsvga_vram_readb,
1063 vmsvga_vram_readw,
1064 vmsvga_vram_readl,
1067 static CPUWriteMemoryFunc * const vmsvga_vram_write[] = {
1068 vmsvga_vram_writeb,
1069 vmsvga_vram_writew,
1070 vmsvga_vram_writel,
1072 #endif
1074 static int vmsvga_post_load(void *opaque, int version_id)
1076 struct vmsvga_state_s *s = opaque;
1078 s->invalidated = 1;
1079 if (s->config)
1080 s->fifo = (uint32_t *) s->fifo_ptr;
1082 return 0;
1085 static const VMStateDescription vmstate_vmware_vga_internal = {
1086 .name = "vmware_vga_internal",
1087 .version_id = 0,
1088 .minimum_version_id = 0,
1089 .minimum_version_id_old = 0,
1090 .post_load = vmsvga_post_load,
1091 .fields = (VMStateField []) {
1092 VMSTATE_INT32_EQUAL(depth, struct vmsvga_state_s),
1093 VMSTATE_INT32(enable, struct vmsvga_state_s),
1094 VMSTATE_INT32(config, struct vmsvga_state_s),
1095 VMSTATE_INT32(cursor.id, struct vmsvga_state_s),
1096 VMSTATE_INT32(cursor.x, struct vmsvga_state_s),
1097 VMSTATE_INT32(cursor.y, struct vmsvga_state_s),
1098 VMSTATE_INT32(cursor.on, struct vmsvga_state_s),
1099 VMSTATE_INT32(index, struct vmsvga_state_s),
1100 VMSTATE_VARRAY_INT32(scratch, struct vmsvga_state_s,
1101 scratch_size, 0, vmstate_info_uint32, uint32_t),
1102 VMSTATE_INT32(new_width, struct vmsvga_state_s),
1103 VMSTATE_INT32(new_height, struct vmsvga_state_s),
1104 VMSTATE_UINT32(guest, struct vmsvga_state_s),
1105 VMSTATE_UINT32(svgaid, struct vmsvga_state_s),
1106 VMSTATE_INT32(syncing, struct vmsvga_state_s),
1107 VMSTATE_INT32(fb_size, struct vmsvga_state_s),
1108 VMSTATE_END_OF_LIST()
1112 static const VMStateDescription vmstate_vmware_vga = {
1113 .name = "vmware_vga",
1114 .version_id = 0,
1115 .minimum_version_id = 0,
1116 .minimum_version_id_old = 0,
1117 .fields = (VMStateField []) {
1118 VMSTATE_PCI_DEVICE(card, struct pci_vmsvga_state_s),
1119 VMSTATE_STRUCT(chip, struct pci_vmsvga_state_s, 0,
1120 vmstate_vmware_vga_internal, struct vmsvga_state_s),
1121 VMSTATE_END_OF_LIST()
1125 static void vmsvga_init(struct vmsvga_state_s *s, int vga_ram_size)
1127 s->scratch_size = SVGA_SCRATCH_SIZE;
1128 s->scratch = qemu_malloc(s->scratch_size * 4);
1130 s->vga.ds = graphic_console_init(vmsvga_update_display,
1131 vmsvga_invalidate_display,
1132 vmsvga_screen_dump,
1133 vmsvga_text_update, s);
1136 s->fifo_size = SVGA_FIFO_SIZE;
1137 s->fifo_offset = qemu_ram_alloc(s->fifo_size);
1138 s->fifo_ptr = qemu_get_ram_ptr(s->fifo_offset);
1140 vga_common_init(&s->vga, vga_ram_size);
1141 vga_init(&s->vga);
1142 vmstate_register(0, &vmstate_vga_common, &s->vga);
1144 vga_init_vbe(&s->vga);
1146 rom_add_vga(VGABIOS_FILENAME);
1148 vmsvga_reset(s);
1151 static void pci_vmsvga_map_ioport(PCIDevice *pci_dev, int region_num,
1152 pcibus_t addr, pcibus_t size, int type)
1154 struct pci_vmsvga_state_s *d = (struct pci_vmsvga_state_s *) pci_dev;
1155 struct vmsvga_state_s *s = &d->chip;
1157 register_ioport_read(addr + SVGA_IO_MUL * SVGA_INDEX_PORT,
1158 1, 4, vmsvga_index_read, s);
1159 register_ioport_write(addr + SVGA_IO_MUL * SVGA_INDEX_PORT,
1160 1, 4, vmsvga_index_write, s);
1161 register_ioport_read(addr + SVGA_IO_MUL * SVGA_VALUE_PORT,
1162 1, 4, vmsvga_value_read, s);
1163 register_ioport_write(addr + SVGA_IO_MUL * SVGA_VALUE_PORT,
1164 1, 4, vmsvga_value_write, s);
1165 register_ioport_read(addr + SVGA_IO_MUL * SVGA_BIOS_PORT,
1166 1, 4, vmsvga_bios_read, s);
1167 register_ioport_write(addr + SVGA_IO_MUL * SVGA_BIOS_PORT,
1168 1, 4, vmsvga_bios_write, s);
1171 static void pci_vmsvga_map_mem(PCIDevice *pci_dev, int region_num,
1172 pcibus_t addr, pcibus_t size, int type)
1174 struct pci_vmsvga_state_s *d = (struct pci_vmsvga_state_s *) pci_dev;
1175 struct vmsvga_state_s *s = &d->chip;
1176 ram_addr_t iomemtype;
1178 s->vram_base = addr;
1179 #ifdef DIRECT_VRAM
1180 iomemtype = cpu_register_io_memory(vmsvga_vram_read,
1181 vmsvga_vram_write, s);
1182 #else
1183 iomemtype = s->vga.vram_offset | IO_MEM_RAM;
1184 #endif
1185 cpu_register_physical_memory(s->vram_base, s->vga.vram_size,
1186 iomemtype);
1188 s->vga.map_addr = addr;
1189 s->vga.map_end = addr + s->vga.vram_size;
1190 vga_dirty_log_restart(&s->vga);
1193 static void pci_vmsvga_map_fifo(PCIDevice *pci_dev, int region_num,
1194 pcibus_t addr, pcibus_t size, int type)
1196 struct pci_vmsvga_state_s *d = (struct pci_vmsvga_state_s *) pci_dev;
1197 struct vmsvga_state_s *s = &d->chip;
1198 ram_addr_t iomemtype;
1200 s->fifo_base = addr;
1201 iomemtype = s->fifo_offset | IO_MEM_RAM;
1202 cpu_register_physical_memory(s->fifo_base, s->fifo_size,
1203 iomemtype);
1206 static int pci_vmsvga_initfn(PCIDevice *dev)
1208 struct pci_vmsvga_state_s *s =
1209 DO_UPCAST(struct pci_vmsvga_state_s, card, dev);
1211 pci_config_set_vendor_id(s->card.config, PCI_VENDOR_ID_VMWARE);
1212 pci_config_set_device_id(s->card.config, SVGA_PCI_DEVICE_ID);
1213 s->card.config[PCI_COMMAND] = PCI_COMMAND_IO |
1214 PCI_COMMAND_MEMORY |
1215 PCI_COMMAND_MASTER; /* I/O + Memory */
1216 pci_config_set_class(s->card.config, PCI_CLASS_DISPLAY_VGA);
1217 s->card.config[PCI_CACHE_LINE_SIZE] = 0x08; /* Cache line size */
1218 s->card.config[PCI_LATENCY_TIMER] = 0x40; /* Latency timer */
1219 s->card.config[PCI_HEADER_TYPE] = PCI_HEADER_TYPE_NORMAL;
1220 s->card.config[PCI_SUBSYSTEM_VENDOR_ID] = PCI_VENDOR_ID_VMWARE & 0xff;
1221 s->card.config[PCI_SUBSYSTEM_VENDOR_ID + 1] = PCI_VENDOR_ID_VMWARE >> 8;
1222 s->card.config[PCI_SUBSYSTEM_ID] = SVGA_PCI_DEVICE_ID & 0xff;
1223 s->card.config[PCI_SUBSYSTEM_ID + 1] = SVGA_PCI_DEVICE_ID >> 8;
1224 s->card.config[PCI_INTERRUPT_LINE] = 0xff; /* End */
1226 pci_register_bar(&s->card, 0, 0x10,
1227 PCI_BASE_ADDRESS_SPACE_IO, pci_vmsvga_map_ioport);
1228 pci_register_bar(&s->card, 1, VGA_RAM_SIZE,
1229 PCI_BASE_ADDRESS_MEM_PREFETCH, pci_vmsvga_map_mem);
1231 pci_register_bar(&s->card, 2, SVGA_FIFO_SIZE,
1232 PCI_BASE_ADDRESS_MEM_PREFETCH, pci_vmsvga_map_fifo);
1234 vmsvga_init(&s->chip, VGA_RAM_SIZE);
1236 return 0;
1239 void pci_vmsvga_init(PCIBus *bus)
1241 pci_create_simple(bus, -1, "vmware-svga");
1244 static PCIDeviceInfo vmsvga_info = {
1245 .qdev.name = "vmware-svga",
1246 .qdev.size = sizeof(struct pci_vmsvga_state_s),
1247 .qdev.vmsd = &vmstate_vmware_vga,
1248 .init = pci_vmsvga_initfn,
1251 static void vmsvga_register(void)
1253 pci_qdev_register(&vmsvga_info);
1255 device_init(vmsvga_register);