From: Gerd Hoffmann <kraxel@redhat.com>
To: qemu-devel@nongnu.org
Cc: "Michael S. Tsirkin" <mst@redhat.com>,
"Cornelia Huck" <cohuck@redhat.com>,
"Vivek Kasireddy" <vivek.kasireddy@intel.com>,
"Gerd Hoffmann" <kraxel@redhat.com>,
"Paolo Bonzini" <pbonzini@redhat.com>,
"Marc-André Lureau" <marcandre.lureau@redhat.com>
Subject: [PULL 18/23] virtio-gpu: Add virtio_gpu_resource_create_blob
Date: Thu, 27 May 2021 16:23:35 +0200 [thread overview]
Message-ID: <20210527142340.1352791-19-kraxel@redhat.com> (raw)
In-Reply-To: <20210527142340.1352791-1-kraxel@redhat.com>
From: Vivek Kasireddy <vivek.kasireddy@intel.com>
This API allows Qemu to register the blob allocated by the Guest
as a new resource and map its backing storage.
Based-on-patch-by: Gerd Hoffmann <kraxel@redhat.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Vivek Kasireddy <vivek.kasireddy@intel.com>
Message-Id: <20210526231429.1045476-10-vivek.kasireddy@intel.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
include/hw/virtio/virtio-gpu-bswap.h | 9 ++++
hw/display/virtio-gpu.c | 73 ++++++++++++++++++++++++++--
hw/display/trace-events | 1 +
3 files changed, 80 insertions(+), 3 deletions(-)
diff --git a/include/hw/virtio/virtio-gpu-bswap.h b/include/hw/virtio/virtio-gpu-bswap.h
index 203f9e17189e..d23ac5cc4a06 100644
--- a/include/hw/virtio/virtio-gpu-bswap.h
+++ b/include/hw/virtio/virtio-gpu-bswap.h
@@ -59,4 +59,13 @@ virtio_gpu_t2d_bswap(struct virtio_gpu_transfer_to_host_2d *t2d)
le32_to_cpus(&t2d->padding);
}
+static inline void
+virtio_gpu_create_blob_bswap(struct virtio_gpu_resource_create_blob *cblob)
+{
+ virtio_gpu_ctrl_hdr_bswap(&cblob->hdr);
+ le32_to_cpus(&cblob->resource_id);
+ le32_to_cpus(&cblob->blob_flags);
+ le64_to_cpus(&cblob->size);
+}
+
#endif
diff --git a/hw/display/virtio-gpu.c b/hw/display/virtio-gpu.c
index f77a7fc7dd21..788b4540d5ea 100644
--- a/hw/display/virtio-gpu.c
+++ b/hw/display/virtio-gpu.c
@@ -137,7 +137,7 @@ virtio_gpu_find_check_resource(VirtIOGPU *g, uint32_t resource_id,
}
if (require_backing) {
- if (!res->iov || !res->image) {
+ if (!res->iov || (!res->image && !res->blob)) {
qemu_log_mask(LOG_GUEST_ERROR, "%s: no backing storage %d\n",
caller, resource_id);
if (error) {
@@ -313,6 +313,62 @@ static void virtio_gpu_resource_create_2d(VirtIOGPU *g,
g->hostmem += res->hostmem;
}
+static void virtio_gpu_resource_create_blob(VirtIOGPU *g,
+ struct virtio_gpu_ctrl_command *cmd)
+{
+ struct virtio_gpu_simple_resource *res;
+ struct virtio_gpu_resource_create_blob cblob;
+ int ret;
+
+ VIRTIO_GPU_FILL_CMD(cblob);
+ virtio_gpu_create_blob_bswap(&cblob);
+ trace_virtio_gpu_cmd_res_create_blob(cblob.resource_id, cblob.size);
+
+ if (cblob.resource_id == 0) {
+ qemu_log_mask(LOG_GUEST_ERROR, "%s: resource id 0 is not allowed\n",
+ __func__);
+ cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_RESOURCE_ID;
+ return;
+ }
+
+ res = virtio_gpu_find_resource(g, cblob.resource_id);
+ if (res) {
+ qemu_log_mask(LOG_GUEST_ERROR, "%s: resource already exists %d\n",
+ __func__, cblob.resource_id);
+ cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_RESOURCE_ID;
+ return;
+ }
+
+ res = g_new0(struct virtio_gpu_simple_resource, 1);
+ res->resource_id = cblob.resource_id;
+ res->blob_size = cblob.size;
+
+ if (cblob.blob_mem != VIRTIO_GPU_BLOB_MEM_GUEST &&
+ cblob.blob_flags != VIRTIO_GPU_BLOB_FLAG_USE_SHAREABLE) {
+ qemu_log_mask(LOG_GUEST_ERROR, "%s: invalid memory type\n",
+ __func__);
+ cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_PARAMETER;
+ g_free(res);
+ return;
+ }
+
+ if (res->iov) {
+ cmd->error = VIRTIO_GPU_RESP_ERR_UNSPEC;
+ return;
+ }
+
+ ret = virtio_gpu_create_mapping_iov(g, cblob.nr_entries, sizeof(cblob),
+ cmd, &res->addrs, &res->iov,
+ &res->iov_cnt);
+ if (ret != 0) {
+ cmd->error = VIRTIO_GPU_RESP_ERR_UNSPEC;
+ return;
+ }
+
+ virtio_gpu_init_udmabuf(res);
+ QTAILQ_INSERT_HEAD(&g->reslist, res, next);
+}
+
static void virtio_gpu_disable_scanout(VirtIOGPU *g, int scanout_id)
{
struct virtio_gpu_scanout *scanout = &g->parent_obj.scanout[scanout_id];
@@ -390,7 +446,7 @@ static void virtio_gpu_transfer_to_host_2d(VirtIOGPU *g,
res = virtio_gpu_find_check_resource(g, t2d.resource_id, true,
__func__, &cmd->error);
- if (!res) {
+ if (!res || res->blob) {
return;
}
@@ -446,7 +502,7 @@ static void virtio_gpu_resource_flush(VirtIOGPU *g,
res = virtio_gpu_find_check_resource(g, rf.resource_id, false,
__func__, &cmd->error);
- if (!res) {
+ if (!res || res->blob) {
return;
}
@@ -715,6 +771,10 @@ static void virtio_gpu_cleanup_mapping(VirtIOGPU *g,
res->iov_cnt = 0;
g_free(res->addrs);
res->addrs = NULL;
+
+ if (res->blob) {
+ virtio_gpu_fini_udmabuf(res);
+ }
}
static void
@@ -785,6 +845,13 @@ void virtio_gpu_simple_process_cmd(VirtIOGPU *g,
case VIRTIO_GPU_CMD_RESOURCE_CREATE_2D:
virtio_gpu_resource_create_2d(g, cmd);
break;
+ case VIRTIO_GPU_CMD_RESOURCE_CREATE_BLOB:
+ if (!virtio_gpu_blob_enabled(g->parent_obj.conf)) {
+ cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_PARAMETER;
+ break;
+ }
+ virtio_gpu_resource_create_blob(g, cmd);
+ break;
case VIRTIO_GPU_CMD_RESOURCE_UNREF:
virtio_gpu_resource_unref(g, cmd);
break;
diff --git a/hw/display/trace-events b/hw/display/trace-events
index 9fccca18a1d7..f3f77b6984b7 100644
--- a/hw/display/trace-events
+++ b/hw/display/trace-events
@@ -32,6 +32,7 @@ virtio_gpu_cmd_get_edid(uint32_t scanout) "scanout %d"
virtio_gpu_cmd_set_scanout(uint32_t id, uint32_t res, uint32_t w, uint32_t h, uint32_t x, uint32_t y) "id %d, res 0x%x, w %d, h %d, x %d, y %d"
virtio_gpu_cmd_res_create_2d(uint32_t res, uint32_t fmt, uint32_t w, uint32_t h) "res 0x%x, fmt 0x%x, w %d, h %d"
virtio_gpu_cmd_res_create_3d(uint32_t res, uint32_t fmt, uint32_t w, uint32_t h, uint32_t d) "res 0x%x, fmt 0x%x, w %d, h %d, d %d"
+virtio_gpu_cmd_res_create_blob(uint32_t res, uint64_t size) "res 0x%x, size %" PRId64
virtio_gpu_cmd_res_unref(uint32_t res) "res 0x%x"
virtio_gpu_cmd_res_back_attach(uint32_t res) "res 0x%x"
virtio_gpu_cmd_res_back_detach(uint32_t res) "res 0x%x"
--
2.31.1
next prev parent reply other threads:[~2021-05-27 14:31 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-05-27 14:23 [PULL 00/23] Vga 20210527 patches Gerd Hoffmann
2021-05-27 14:23 ` [PULL 01/23] vhost-user-gpu: fix memory disclosure in virgl_cmd_get_capset_info (CVE-2021-3545) Gerd Hoffmann
2021-05-27 14:23 ` [PULL 02/23] vhost-user-gpu: fix resource leak in 'vg_resource_create_2d' (CVE-2021-3544) Gerd Hoffmann
2021-06-03 15:54 ` Peter Maydell
2021-05-27 14:23 ` [PULL 03/23] vhost-user-gpu: fix memory leak in vg_resource_attach_backing (CVE-2021-3544) Gerd Hoffmann
2021-05-27 14:23 ` [PULL 04/23] vhost-user-gpu: fix memory leak while calling 'vg_resource_unref' (CVE-2021-3544) Gerd Hoffmann
2021-05-27 14:23 ` [PULL 05/23] vhost-user-gpu: fix memory leak in 'virgl_cmd_resource_unref' (CVE-2021-3544) Gerd Hoffmann
2021-05-27 14:23 ` [PULL 06/23] vhost-user-gpu: fix memory leak in 'virgl_resource_attach_backing' (CVE-2021-3544) Gerd Hoffmann
2021-05-27 14:23 ` [PULL 07/23] vhost-user-gpu: fix OOB write in 'virgl_cmd_get_capset' (CVE-2021-3546) Gerd Hoffmann
2021-05-27 14:23 ` [PULL 08/23] vhost-user-gpu: abstract vg_cleanup_mapping_iov Gerd Hoffmann
2021-05-27 14:23 ` [PULL 09/23] hw/display/qxl: Set pci rom address aligned with page size Gerd Hoffmann
2021-05-27 14:23 ` [PULL 10/23] ui: Get the fd associated with udmabuf driver Gerd Hoffmann
2021-05-27 14:23 ` [PULL 11/23] headers: Add udmabuf.h Gerd Hoffmann
2021-05-27 14:23 ` [PULL 12/23] virtio-gpu: Add udmabuf helpers Gerd Hoffmann
2021-05-27 14:23 ` [PULL 13/23] stubs: Add stubs for " Gerd Hoffmann
2021-05-27 14:23 ` [PULL 14/23] virtio-gpu: Add virtio_gpu_find_check_resource Gerd Hoffmann
2021-05-27 14:23 ` [PULL 15/23] virtio-gpu: Refactor virtio_gpu_set_scanout Gerd Hoffmann
2021-06-02 14:08 ` Alexander Bulekov
2021-05-27 14:23 ` [PULL 16/23] virtio-gpu: Refactor virtio_gpu_create_mapping_iov Gerd Hoffmann
2021-05-27 14:23 ` [PULL 17/23] virtio-gpu: Add initial definitions for blob resources Gerd Hoffmann
2021-05-27 14:23 ` Gerd Hoffmann [this message]
2021-05-27 14:23 ` [PULL 19/23] ui/pixman: Add qemu_pixman_to_drm_format() Gerd Hoffmann
2021-05-27 14:23 ` [PULL 20/23] virtio-gpu: Add helpers to create and destroy dmabuf objects Gerd Hoffmann
2021-05-27 14:23 ` [PULL 21/23] virtio-gpu: Factor out update scanout Gerd Hoffmann
2021-05-27 14:23 ` [PULL 22/23] virtio-gpu: Add virtio_gpu_set_scanout_blob Gerd Hoffmann
2021-05-27 14:23 ` [PULL 23/23] virtio-gpu: Update cursor data using blob Gerd Hoffmann
2021-05-30 18:55 ` [PULL 00/23] Vga 20210527 patches Peter Maydell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210527142340.1352791-19-kraxel@redhat.com \
--to=kraxel@redhat.com \
--cc=cohuck@redhat.com \
--cc=marcandre.lureau@redhat.com \
--cc=mst@redhat.com \
--cc=pbonzini@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=vivek.kasireddy@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.