diff options
| author | Peter Maydell <peter.maydell@linaro.org> | 2021-05-30 18:33:43 +0100 |
|---|---|---|
| committer | Peter Maydell <peter.maydell@linaro.org> | 2021-05-30 18:33:43 +0100 |
| commit | f9dc72de91d2915b808e82da34bf613afa5cce43 (patch) | |
| tree | a956475f6d816f2ebbd95a0ed1fa919e4b0f55b9 /include | |
| parent | a648df38898ddbad1bd6d71a6680b3788f6528b2 (diff) | |
| parent | bdd53f739273e97b5e5617b699d1763c42a5ea7e (diff) | |
| download | focaccia-qemu-f9dc72de91d2915b808e82da34bf613afa5cce43.tar.gz focaccia-qemu-f9dc72de91d2915b808e82da34bf613afa5cce43.zip | |
Merge remote-tracking branch 'remotes/kraxel/tags/vga-20210527-pull-request' into staging
virtio-gpu: add blob resource support. vhost-user-gpu: security fixes. # gpg: Signature made Thu 27 May 2021 15:23:25 BST # gpg: using RSA key A0328CFFB93A17A79901FE7D4CB6D8EED3E87138 # gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" [full] # gpg: aka "Gerd Hoffmann <gerd@kraxel.org>" [full] # gpg: aka "Gerd Hoffmann (private) <kraxel@gmail.com>" [full] # Primary key fingerprint: A032 8CFF B93A 17A7 9901 FE7D 4CB6 D8EE D3E8 7138 * remotes/kraxel/tags/vga-20210527-pull-request: (23 commits) virtio-gpu: Update cursor data using blob virtio-gpu: Add virtio_gpu_set_scanout_blob virtio-gpu: Factor out update scanout virtio-gpu: Add helpers to create and destroy dmabuf objects ui/pixman: Add qemu_pixman_to_drm_format() virtio-gpu: Add virtio_gpu_resource_create_blob virtio-gpu: Add initial definitions for blob resources virtio-gpu: Refactor virtio_gpu_create_mapping_iov virtio-gpu: Refactor virtio_gpu_set_scanout virtio-gpu: Add virtio_gpu_find_check_resource stubs: Add stubs for udmabuf helpers virtio-gpu: Add udmabuf helpers headers: Add udmabuf.h ui: Get the fd associated with udmabuf driver hw/display/qxl: Set pci rom address aligned with page size vhost-user-gpu: abstract vg_cleanup_mapping_iov vhost-user-gpu: fix OOB write in 'virgl_cmd_get_capset' (CVE-2021-3546) vhost-user-gpu: fix memory leak in 'virgl_resource_attach_backing' (CVE-2021-3544) vhost-user-gpu: fix memory leak in 'virgl_cmd_resource_unref' (CVE-2021-3544) vhost-user-gpu: fix memory leak while calling 'vg_resource_unref' (CVE-2021-3544) ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Diffstat (limited to 'include')
| -rw-r--r-- | include/hw/virtio/virtio-gpu-bswap.h | 16 | ||||
| -rw-r--r-- | include/hw/virtio/virtio-gpu.h | 39 | ||||
| -rw-r--r-- | include/standard-headers/linux/udmabuf.h | 32 | ||||
| -rw-r--r-- | include/ui/console.h | 3 | ||||
| -rw-r--r-- | include/ui/qemu-pixman.h | 1 |
5 files changed, 90 insertions, 1 deletions
diff --git a/include/hw/virtio/virtio-gpu-bswap.h b/include/hw/virtio/virtio-gpu-bswap.h index 203f9e1718..e2bee8f595 100644 --- a/include/hw/virtio/virtio-gpu-bswap.h +++ b/include/hw/virtio/virtio-gpu-bswap.h @@ -59,4 +59,20 @@ virtio_gpu_t2d_bswap(struct virtio_gpu_transfer_to_host_2d *t2d) le32_to_cpus(&t2d->padding); } +static inline void +virtio_gpu_create_blob_bswap(struct virtio_gpu_resource_create_blob *cblob) +{ + virtio_gpu_ctrl_hdr_bswap(&cblob->hdr); + le32_to_cpus(&cblob->resource_id); + le32_to_cpus(&cblob->blob_flags); + le64_to_cpus(&cblob->size); +} + +static inline void +virtio_gpu_scanout_blob_bswap(struct virtio_gpu_set_scanout_blob *ssb) +{ + virtio_gpu_bswap_32(ssb, sizeof(*ssb) - sizeof(ssb->offsets[3])); + le32_to_cpus(&ssb->offsets[3]); +} + #endif diff --git a/include/hw/virtio/virtio-gpu.h b/include/hw/virtio/virtio-gpu.h index 8ca2c55d9a..bcf54d970f 100644 --- a/include/hw/virtio/virtio-gpu.h +++ b/include/hw/virtio/virtio-gpu.h @@ -50,9 +50,23 @@ struct virtio_gpu_simple_resource { uint32_t scanout_bitmask; pixman_image_t *image; uint64_t hostmem; + + uint64_t blob_size; + void *blob; + int dmabuf_fd; + uint8_t *remapped; + QTAILQ_ENTRY(virtio_gpu_simple_resource) next; }; +struct virtio_gpu_framebuffer { + pixman_format_code_t format; + uint32_t bytes_pp; + uint32_t width, height; + uint32_t stride; + uint32_t offset; +}; + struct virtio_gpu_scanout { QemuConsole *con; DisplaySurface *ds; @@ -75,6 +89,7 @@ enum virtio_gpu_base_conf_flags { VIRTIO_GPU_FLAG_STATS_ENABLED, VIRTIO_GPU_FLAG_EDID_ENABLED, VIRTIO_GPU_FLAG_DMABUF_ENABLED, + VIRTIO_GPU_FLAG_BLOB_ENABLED, }; #define virtio_gpu_virgl_enabled(_cfg) \ @@ -85,6 +100,8 @@ enum virtio_gpu_base_conf_flags { (_cfg.flags & (1 << VIRTIO_GPU_FLAG_EDID_ENABLED)) #define virtio_gpu_dmabuf_enabled(_cfg) \ (_cfg.flags & (1 << VIRTIO_GPU_FLAG_DMABUF_ENABLED)) +#define virtio_gpu_blob_enabled(_cfg) \ + (_cfg.flags & (1 << VIRTIO_GPU_FLAG_BLOB_ENABLED)) struct virtio_gpu_base_conf { uint32_t max_outputs; @@ -133,6 +150,12 @@ struct VirtIOGPUBaseClass { DEFINE_PROP_UINT32("xres", _state, _conf.xres, 1024), \ DEFINE_PROP_UINT32("yres", _state, _conf.yres, 768) +typedef struct VGPUDMABuf { + QemuDmaBuf buf; + uint32_t scanout_id; + QTAILQ_ENTRY(VGPUDMABuf) next; +} VGPUDMABuf; + struct VirtIOGPU { VirtIOGPUBase parent_obj; @@ -161,6 +184,11 @@ struct VirtIOGPU { uint32_t req_3d; uint32_t bytes_3d; } stats; + + struct { + QTAILQ_HEAD(, VGPUDMABuf) bufs; + VGPUDMABuf *primary; + } dmabuf; }; struct VirtIOGPUClass { @@ -224,7 +252,7 @@ void virtio_gpu_get_display_info(VirtIOGPU *g, void virtio_gpu_get_edid(VirtIOGPU *g, struct virtio_gpu_ctrl_command *cmd); int virtio_gpu_create_mapping_iov(VirtIOGPU *g, - struct virtio_gpu_resource_attach_backing *ab, + uint32_t nr_entries, uint32_t offset, struct virtio_gpu_ctrl_command *cmd, uint64_t **addr, struct iovec **iov, uint32_t *niov); @@ -238,6 +266,15 @@ void virtio_gpu_update_cursor_data(VirtIOGPU *g, struct virtio_gpu_scanout *s, uint32_t resource_id); +/* virtio-gpu-udmabuf.c */ +bool virtio_gpu_have_udmabuf(void); +void virtio_gpu_init_udmabuf(struct virtio_gpu_simple_resource *res); +void virtio_gpu_fini_udmabuf(struct virtio_gpu_simple_resource *res); +int virtio_gpu_update_dmabuf(VirtIOGPU *g, + uint32_t scanout_id, + struct virtio_gpu_simple_resource *res, + struct virtio_gpu_framebuffer *fb); + /* virtio-gpu-3d.c */ void virtio_gpu_virgl_process_cmd(VirtIOGPU *g, struct virtio_gpu_ctrl_command *cmd); diff --git a/include/standard-headers/linux/udmabuf.h b/include/standard-headers/linux/udmabuf.h new file mode 100644 index 0000000000..e19eb5b5ce --- /dev/null +++ b/include/standard-headers/linux/udmabuf.h @@ -0,0 +1,32 @@ +/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */ +#ifndef _LINUX_UDMABUF_H +#define _LINUX_UDMABUF_H + +#include "standard-headers/linux/types.h" + +#define UDMABUF_FLAGS_CLOEXEC 0x01 + +struct udmabuf_create { + uint32_t memfd; + uint32_t flags; + uint64_t offset; + uint64_t size; +}; + +struct udmabuf_create_item { + uint32_t memfd; + uint32_t __pad; + uint64_t offset; + uint64_t size; +}; + +struct udmabuf_create_list { + uint32_t flags; + uint32_t count; + struct udmabuf_create_item list[]; +}; + +#define UDMABUF_CREATE _IOW('u', 0x42, struct udmabuf_create) +#define UDMABUF_CREATE_LIST _IOW('u', 0x43, struct udmabuf_create_list) + +#endif /* _LINUX_UDMABUF_H */ diff --git a/include/ui/console.h b/include/ui/console.h index ca3c7af6a6..b30b63976a 100644 --- a/include/ui/console.h +++ b/include/ui/console.h @@ -471,4 +471,7 @@ bool vnc_display_reload_certs(const char *id, Error **errp); /* input.c */ int index_from_key(const char *key, size_t key_length); +/* udmabuf.c */ +int udmabuf_fd(void); + #endif diff --git a/include/ui/qemu-pixman.h b/include/ui/qemu-pixman.h index 87737a6f16..806ddcd7cd 100644 --- a/include/ui/qemu-pixman.h +++ b/include/ui/qemu-pixman.h @@ -62,6 +62,7 @@ typedef struct PixelFormat { PixelFormat qemu_pixelformat_from_pixman(pixman_format_code_t format); pixman_format_code_t qemu_default_pixman_format(int bpp, bool native_endian); pixman_format_code_t qemu_drm_format_to_pixman(uint32_t drm_format); +uint32_t qemu_pixman_to_drm_format(pixman_format_code_t pixman); int qemu_pixman_get_type(int rshift, int gshift, int bshift); pixman_format_code_t qemu_pixman_get_format(PixelFormat *pf); bool qemu_pixman_check_format(DisplayChangeListener *dcl, |