From edcbea008d7943633911c2d385fd0c94bb84403c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= Date: Tue, 26 May 2020 08:22:39 +0200 Subject: [PATCH 01/21] hw/display/edid: Add missing 'qdev-properties.h' header MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit When trying to consume the DEFINE_EDID_PROPERTIES() macro by including "hw/display/edid.h", we get this build failure: include/hw/display/edid.h:24:5: error: implicit declaration of function ‘DEFINE_PROP_UINT32’ [-Werror=implicit-function-declaration] 24 | DEFINE_PROP_UINT32("xres", _state, _edid_info.prefx, 0), \ | ^~~~~~~~~~~~~~~~~~ Headers should be self-contained, and one shouldn't have to dig to find the missing headers. In this case "hw/qdev-properties.h" is missing. Add it. Reviewed-by: Richard Henderson Signed-off-by: Philippe Mathieu-Daudé Reviewed-by: Alistair Francis Message-id: 20200526062252.19852-2-f4bug@amsat.org Signed-off-by: Gerd Hoffmann --- include/hw/display/edid.h | 1 + 1 file changed, 1 insertion(+) diff --git a/include/hw/display/edid.h b/include/hw/display/edid.h index ff99dc0a05..23371ee82c 100644 --- a/include/hw/display/edid.h +++ b/include/hw/display/edid.h @@ -2,6 +2,7 @@ #define EDID_H #include "qom/object.h" +#include "hw/qdev-properties.h" typedef struct qemu_edid_info { const char *vendor; /* http://www.uefi.org/pnp_id_list */ From 85664cf0a4bf91764fb55154feed5797be32a30a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= Date: Tue, 26 May 2020 08:22:40 +0200 Subject: [PATCH 02/21] hw/display/cg3: Convert debug printf()s to trace events MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Convert DPRINTF() to trace events and remove ifdef'ry. Signed-off-by: Philippe Mathieu-Daudé Reviewed-by: Alistair Francis Message-id: 20200526062252.19852-3-f4bug@amsat.org Signed-off-by: Gerd Hoffmann --- hw/display/cg3.c | 14 ++++---------- hw/display/trace-events | 4 ++++ 2 files changed, 8 insertions(+), 10 deletions(-) diff --git a/hw/display/cg3.c b/hw/display/cg3.c index f7f1c199ce..7cbe6e56ff 100644 --- a/hw/display/cg3.c +++ b/hw/display/cg3.c @@ -35,6 +35,7 @@ #include "hw/qdev-properties.h" #include "qemu/log.h" #include "qemu/module.h" +#include "trace.h" /* Change to 1 to enable debugging */ #define DEBUG_CG3 0 @@ -63,12 +64,6 @@ #define CG3_VRAM_SIZE 0x100000 #define CG3_VRAM_OFFSET 0x800000 -#define DPRINTF(fmt, ...) do { \ - if (DEBUG_CG3) { \ - printf("CG3: " fmt , ## __VA_ARGS__); \ - } \ -} while (0) - #define TYPE_CG3 "cgthree" #define CG3(obj) OBJECT_CHECK(CG3State, (obj), TYPE_CG3) @@ -195,7 +190,8 @@ static uint64_t cg3_reg_read(void *opaque, hwaddr addr, unsigned size) val = 0; break; } - DPRINTF("read %02x from reg %" HWADDR_PRIx "\n", val, addr); + trace_cg3_read(addr, val, size); + return val; } @@ -206,9 +202,7 @@ static void cg3_reg_write(void *opaque, hwaddr addr, uint64_t val, uint8_t regval; int i; - DPRINTF("write %" PRIx64 " to reg %" HWADDR_PRIx " size %d\n", - val, addr, size); - + trace_cg3_write(addr, val, size); switch (addr) { case CG3_REG_BT458_ADDR: s->dac_index = val; diff --git a/hw/display/trace-events b/hw/display/trace-events index e6e22bef88..47b2b168ae 100644 --- a/hw/display/trace-events +++ b/hw/display/trace-events @@ -151,3 +151,7 @@ artist_vram_write(unsigned int size, uint64_t addr, uint64_t val) "%u 0x%"PRIx64 artist_fill_window(unsigned int start_x, unsigned int start_y, unsigned int width, unsigned int height, uint32_t op, uint32_t ctlpln) "start=%ux%u length=%ux%u op=0x%08x ctlpln=0x%08x" artist_block_move(unsigned int start_x, unsigned int start_y, unsigned int dest_x, unsigned int dest_y, unsigned int width, unsigned int height) "source %ux%u -> dest %ux%u size %ux%u" artist_draw_line(unsigned int start_x, unsigned int start_y, unsigned int end_x, unsigned int end_y) "%ux%u %ux%u" + +# cg3.c +cg3_read(uint32_t addr, uint32_t val, unsigned size) "read addr:0x%06"PRIx32" val:0x%08"PRIx32" size:%u" +cg3_write(uint32_t addr, uint32_t val, unsigned size) "write addr:0x%06"PRIx32" val:0x%08"PRIx32" size:%u" From bee61ca2b9a9e6f9445bf37f6474f704c5fd07cd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= Date: Tue, 26 May 2020 08:22:41 +0200 Subject: [PATCH 03/21] hw/display/cirrus_vga: Convert debug printf() to trace event MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Philippe Mathieu-Daudé Reviewed-by: Alistair Francis Message-id: 20200526062252.19852-4-f4bug@amsat.org Signed-off-by: Gerd Hoffmann --- hw/display/cirrus_vga.c | 4 +--- hw/display/trace-events | 1 + 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/hw/display/cirrus_vga.c b/hw/display/cirrus_vga.c index 1f29731ffe..33ccdde000 100644 --- a/hw/display/cirrus_vga.c +++ b/hw/display/cirrus_vga.c @@ -1512,9 +1512,7 @@ static int cirrus_vga_read_gr(CirrusVGAState * s, unsigned reg_index) static void cirrus_vga_write_gr(CirrusVGAState * s, unsigned reg_index, int reg_value) { -#if defined(DEBUG_BITBLT) && 0 - printf("gr%02x: %02x\n", reg_index, reg_value); -#endif + trace_vga_cirrus_write_gr(reg_index, reg_value); switch (reg_index) { case 0x00: // Standard VGA, BGCOLOR 0x000000ff s->vga.gr[reg_index] = reg_value & gr_mask[reg_index]; diff --git a/hw/display/trace-events b/hw/display/trace-events index 47b2b168ae..c3043e4ced 100644 --- a/hw/display/trace-events +++ b/hw/display/trace-events @@ -133,6 +133,7 @@ vga_vbe_write(uint32_t index, uint32_t val) "index 0x%x, val 0x%x" vga_cirrus_read_io(uint32_t addr, uint32_t val) "addr 0x%x, val 0x%x" vga_cirrus_write_io(uint32_t addr, uint32_t val) "addr 0x%x, val 0x%x" vga_cirrus_write_blt(uint32_t offset, uint32_t val) "offset 0x%x, val 0x%x" +vga_cirrus_write_gr(uint8_t index, uint8_t val) "GR addr 0x%02x, val 0x%02x" # sii9022.c sii9022_read_reg(uint8_t addr, uint8_t val) "addr 0x%02x, val 0x%02x" From bb6e9e940769d18ca1de24a729fddba611bbd751 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= Date: Tue, 26 May 2020 08:22:42 +0200 Subject: [PATCH 04/21] hw/display/cirrus_vga: Use qemu_log_mask(UNIMP) instead of debug printf MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Replace some debug printf() calls by qemu_log_mask(LOG_UNIMP), and add a new one in cirrus_linear_bitblt_read(). Signed-off-by: Philippe Mathieu-Daudé Reviewed-by: Alistair Francis Message-id: 20200526062252.19852-5-f4bug@amsat.org Signed-off-by: Gerd Hoffmann --- hw/display/cirrus_vga.c | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/hw/display/cirrus_vga.c b/hw/display/cirrus_vga.c index 33ccdde000..f9f837b850 100644 --- a/hw/display/cirrus_vga.c +++ b/hw/display/cirrus_vga.c @@ -35,6 +35,7 @@ #include "qemu/osdep.h" #include "qemu/module.h" #include "qemu/units.h" +#include "qemu/log.h" #include "sysemu/reset.h" #include "qapi/error.h" #include "trace.h" @@ -905,9 +906,8 @@ static int cirrus_bitblt_cputovideo(CirrusVGAState * s) static int cirrus_bitblt_videotocpu(CirrusVGAState * s) { /* XXX */ -#ifdef DEBUG_BITBLT - printf("cirrus: bitblt (video to cpu) is not implemented yet\n"); -#endif + qemu_log_mask(LOG_UNIMP, + "cirrus: bitblt (video to cpu) is not implemented\n"); return 0; } @@ -989,9 +989,8 @@ static void cirrus_bitblt_start(CirrusVGAState * s) cirrus_blt_mode & (CIRRUS_BLTMODE_MEMSYSSRC | CIRRUS_BLTMODE_MEMSYSDEST)) == (CIRRUS_BLTMODE_MEMSYSSRC | CIRRUS_BLTMODE_MEMSYSDEST)) { -#ifdef DEBUG_BITBLT - printf("cirrus: bitblt - memory-to-memory copy is requested\n"); -#endif + qemu_log_mask(LOG_UNIMP, + "cirrus: bitblt - memory-to-memory copy requested\n"); goto bitblt_ignore; } @@ -2412,6 +2411,9 @@ static uint64_t cirrus_linear_bitblt_read(void *opaque, /* XXX handle bitblt */ (void)s; + qemu_log_mask(LOG_UNIMP, + "cirrus: linear bitblt is not implemented\n"); + return 0xff; } From 2b55f4d3504a9f347380599358a9a171ecbb6869 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= Date: Tue, 26 May 2020 08:22:43 +0200 Subject: [PATCH 05/21] hw/display/cirrus_vga: Use qemu_log_mask(ERROR) instead of debug printf MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Replace some debug printf() calls by qemu_log_mask(LOG_GUEST_ERROR). Signed-off-by: Philippe Mathieu-Daudé Reviewed-by: Alistair Francis Message-id: 20200526062252.19852-6-f4bug@amsat.org Signed-off-by: Gerd Hoffmann --- hw/display/cirrus_vga.c | 77 ++++++++++++++++++----------------------- 1 file changed, 33 insertions(+), 44 deletions(-) diff --git a/hw/display/cirrus_vga.c b/hw/display/cirrus_vga.c index f9f837b850..76e2dc5bb6 100644 --- a/hw/display/cirrus_vga.c +++ b/hw/display/cirrus_vga.c @@ -978,9 +978,8 @@ static void cirrus_bitblt_start(CirrusVGAState * s) s->cirrus_blt_pixelwidth = 4; break; default: -#ifdef DEBUG_BITBLT - printf("cirrus: bitblt - pixel width is unknown\n"); -#endif + qemu_log_mask(LOG_GUEST_ERROR, + "cirrus: bitblt - pixel width is unknown\n"); goto bitblt_ignore; } s->cirrus_blt_mode &= ~CIRRUS_BLTMODE_PIXELWIDTHMASK; @@ -1037,7 +1036,9 @@ static void cirrus_bitblt_start(CirrusVGAState * s) } else { if (s->cirrus_blt_mode & CIRRUS_BLTMODE_TRANSPARENTCOMP) { if (s->cirrus_blt_pixelwidth > 2) { - printf("src transparent without colorexpand must be 8bpp or 16bpp\n"); + qemu_log_mask(LOG_GUEST_ERROR, + "cirrus: src transparent without colorexpand " + "must be 8bpp or 16bpp\n"); goto bitblt_ignore; } if (s->cirrus_blt_mode & CIRRUS_BLTMODE_BACKWARDS) { @@ -1135,10 +1136,9 @@ static uint32_t cirrus_get_bpp16_depth(CirrusVGAState * s) ret = 16; break; /* XGA HiColor */ default: -#ifdef DEBUG_CIRRUS - printf("cirrus: invalid DAC value %x in 16bpp\n", - (s->cirrus_hidden_dac_data & 0xf)); -#endif + qemu_log_mask(LOG_GUEST_ERROR, + "cirrus: invalid DAC value 0x%x in 16bpp\n", + (s->cirrus_hidden_dac_data & 0xf)); ret = 15; /* XXX */ break; } @@ -1307,11 +1307,9 @@ static int cirrus_vga_read_sr(CirrusVGAState * s) #endif return s->vga.sr[s->vga.sr_index]; default: -#ifdef DEBUG_CIRRUS - printf("cirrus: inport sr_index %02x\n", s->vga.sr_index); -#endif + qemu_log_mask(LOG_GUEST_ERROR, + "cirrus: inport sr_index 0x%02x\n", s->vga.sr_index); return 0xff; - break; } } @@ -1400,10 +1398,9 @@ static void cirrus_vga_write_sr(CirrusVGAState * s, uint32_t val) cirrus_update_memory_access(s); break; default: -#ifdef DEBUG_CIRRUS - printf("cirrus: outport sr_index %02x, sr_value %02x\n", - s->vga.sr_index, val); -#endif + qemu_log_mask(LOG_GUEST_ERROR, + "cirrus: outport sr_index 0x%02x, sr_value 0x%02x\n", + s->vga.sr_index, val); break; } } @@ -1501,9 +1498,8 @@ static int cirrus_vga_read_gr(CirrusVGAState * s, unsigned reg_index) if (reg_index < 0x3a) { return s->vga.gr[reg_index]; } else { -#ifdef DEBUG_CIRRUS - printf("cirrus: inport gr_index %02x\n", reg_index); -#endif + qemu_log_mask(LOG_GUEST_ERROR, + "cirrus: inport gr_index 0x%02x\n", reg_index); return 0xff; } } @@ -1590,10 +1586,9 @@ cirrus_vga_write_gr(CirrusVGAState * s, unsigned reg_index, int reg_value) cirrus_write_bitblt(s, reg_value); break; default: -#ifdef DEBUG_CIRRUS - printf("cirrus: outport gr_index %02x, gr_value %02x\n", reg_index, - reg_value); -#endif + qemu_log_mask(LOG_GUEST_ERROR, + "cirrus: outport gr_index 0x%02x, gr_value 0x%02x\n", + reg_index, reg_value); break; } } @@ -1648,9 +1643,8 @@ static int cirrus_vga_read_cr(CirrusVGAState * s, unsigned reg_index) return s->vga.ar_index & 0x3f; break; default: -#ifdef DEBUG_CIRRUS - printf("cirrus: inport cr_index %02x\n", reg_index); -#endif + qemu_log_mask(LOG_GUEST_ERROR, + "cirrus: inport cr_index 0x%02x\n", reg_index); return 0xff; } } @@ -1721,10 +1715,9 @@ static void cirrus_vga_write_cr(CirrusVGAState * s, int reg_value) break; case 0x25: // Part Status default: -#ifdef DEBUG_CIRRUS - printf("cirrus: outport cr_index %02x, cr_value %02x\n", - s->vga.cr_index, reg_value); -#endif + qemu_log_mask(LOG_GUEST_ERROR, + "cirrus: outport cr_index 0x%02x, cr_value 0x%02x\n", + s->vga.cr_index, reg_value); break; } } @@ -1834,9 +1827,8 @@ static uint8_t cirrus_mmio_blt_read(CirrusVGAState * s, unsigned address) value = cirrus_vga_read_gr(s, 0x31); break; default: -#ifdef DEBUG_CIRRUS - printf("cirrus: mmio read - address 0x%04x\n", address); -#endif + qemu_log_mask(LOG_GUEST_ERROR, + "cirrus: mmio read - address 0x%04x\n", address); break; } @@ -1946,10 +1938,9 @@ static void cirrus_mmio_blt_write(CirrusVGAState * s, unsigned address, cirrus_vga_write_gr(s, 0x31, value); break; default: -#ifdef DEBUG_CIRRUS - printf("cirrus: mmio write - addr 0x%04x val 0x%02x (ignored)\n", - address, value); -#endif + qemu_log_mask(LOG_GUEST_ERROR, + "cirrus: mmio write - addr 0x%04x val 0x%02x (ignored)\n", + address, value); break; } } @@ -2047,9 +2038,8 @@ static uint64_t cirrus_vga_mem_read(void *opaque, } } else { val = 0xff; -#ifdef DEBUG_CIRRUS - printf("cirrus: mem_readb " TARGET_FMT_plx "\n", addr); -#endif + qemu_log_mask(LOG_GUEST_ERROR, + "cirrus: mem_readb 0x" TARGET_FMT_plx "\n", addr); } return val; } @@ -2112,10 +2102,9 @@ static void cirrus_vga_mem_write(void *opaque, cirrus_mmio_blt_write(s, addr & 0xff, mem_value); } } else { -#ifdef DEBUG_CIRRUS - printf("cirrus: mem_writeb " TARGET_FMT_plx " value 0x%02" PRIu64 "\n", addr, - mem_value); -#endif + qemu_log_mask(LOG_GUEST_ERROR, + "cirrus: mem_writeb 0x" TARGET_FMT_plx " " + "value 0x%02" PRIu64 "\n", addr, mem_value); } } From 615277217490317193882101b5270d9147a6d465 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= Date: Tue, 26 May 2020 08:22:44 +0200 Subject: [PATCH 06/21] hw/display/cirrus_vga: Convert debug printf() to trace event MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Convert the final bit of DEBUG_BITBLT to a tracepoint. Signed-off-by: Philippe Mathieu-Daudé Reviewed-by: Alistair Francis Message-id: 20200526062252.19852-7-f4bug@amsat.org Signed-off-by: Gerd Hoffmann --- hw/display/cirrus_vga.c | 24 ++++++++++-------------- hw/display/trace-events | 1 + 2 files changed, 11 insertions(+), 14 deletions(-) diff --git a/hw/display/cirrus_vga.c b/hw/display/cirrus_vga.c index 76e2dc5bb6..92c197cdde 100644 --- a/hw/display/cirrus_vga.c +++ b/hw/display/cirrus_vga.c @@ -53,7 +53,6 @@ */ //#define DEBUG_CIRRUS -//#define DEBUG_BITBLT /*************************************** * @@ -950,19 +949,16 @@ static void cirrus_bitblt_start(CirrusVGAState * s) s->cirrus_blt_dstaddr &= s->cirrus_addr_mask; s->cirrus_blt_srcaddr &= s->cirrus_addr_mask; -#ifdef DEBUG_BITBLT - printf("rop=0x%02x mode=0x%02x modeext=0x%02x w=%d h=%d dpitch=%d spitch=%d daddr=0x%08x saddr=0x%08x writemask=0x%02x\n", - blt_rop, - s->cirrus_blt_mode, - s->cirrus_blt_modeext, - s->cirrus_blt_width, - s->cirrus_blt_height, - s->cirrus_blt_dstpitch, - s->cirrus_blt_srcpitch, - s->cirrus_blt_dstaddr, - s->cirrus_blt_srcaddr, - s->vga.gr[0x2f]); -#endif + trace_vga_cirrus_bitblt_start(blt_rop, + s->cirrus_blt_mode, + s->cirrus_blt_modeext, + s->cirrus_blt_width, + s->cirrus_blt_height, + s->cirrus_blt_dstpitch, + s->cirrus_blt_srcpitch, + s->cirrus_blt_dstaddr, + s->cirrus_blt_srcaddr, + s->vga.gr[0x2f]); switch (s->cirrus_blt_mode & CIRRUS_BLTMODE_PIXELWIDTHMASK) { case CIRRUS_BLTMODE_PIXELWIDTH8: diff --git a/hw/display/trace-events b/hw/display/trace-events index c3043e4ced..bb089a5f5e 100644 --- a/hw/display/trace-events +++ b/hw/display/trace-events @@ -134,6 +134,7 @@ vga_cirrus_read_io(uint32_t addr, uint32_t val) "addr 0x%x, val 0x%x" vga_cirrus_write_io(uint32_t addr, uint32_t val) "addr 0x%x, val 0x%x" vga_cirrus_write_blt(uint32_t offset, uint32_t val) "offset 0x%x, val 0x%x" vga_cirrus_write_gr(uint8_t index, uint8_t val) "GR addr 0x%02x, val 0x%02x" +vga_cirrus_bitblt_start(uint8_t blt_rop, uint8_t blt_mode, uint8_t blt_modeext, int blt_width, int blt_height, int blt_dstpitch, int blt_srcpitch, uint32_t blt_dstaddr, uint32_t blt_srcaddr, uint8_t gr_val) "rop=0x%02x mode=0x%02x modeext=0x%02x w=%d h=%d dpitch=%d spitch=%d daddr=0x%08"PRIx32" saddr=0x%08"PRIx32" writemask=0x%02x" # sii9022.c sii9022_read_reg(uint8_t addr, uint8_t val) "addr 0x%02x, val 0x%02x" From 91e7fd3ae5a6fcd270f8d38fd5771033a806abce Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= Date: Tue, 26 May 2020 08:22:45 +0200 Subject: [PATCH 07/21] hw/display/dpcd: Fix memory region size MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The memory region size is 512K. Signed-off-by: Philippe Mathieu-Daudé Reviewed-by: Alistair Francis Message-id: 20200526062252.19852-8-f4bug@amsat.org Signed-off-by: Gerd Hoffmann --- hw/display/dpcd.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/hw/display/dpcd.c b/hw/display/dpcd.c index 170545c605..0c1b7b35fb 100644 --- a/hw/display/dpcd.c +++ b/hw/display/dpcd.c @@ -1,5 +1,5 @@ /* - * dpcd.c + * Xilinx Display Port Control Data * * Copyright (C) 2015 : GreenSocs Ltd * http://www.greensocs.com/ , email: info@greensocs.com @@ -137,7 +137,7 @@ static void dpcd_init(Object *obj) { DPCDState *s = DPCD(obj); - memory_region_init_io(&s->iomem, obj, &aux_ops, s, TYPE_DPCD, 0x7FFFF); + memory_region_init_io(&s->iomem, obj, &aux_ops, s, TYPE_DPCD, 0x80000); aux_init_mmio(AUX_SLAVE(obj), &s->iomem); } From eeb1168032a1f6dfc7eb5897c3bf4e53fdc28b98 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= Date: Tue, 26 May 2020 08:22:46 +0200 Subject: [PATCH 08/21] hw/display/dpcd: Convert debug printf()s to trace events MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Convert DPRINTF() to trace events and remove ifdef'ry. Signed-off-by: Philippe Mathieu-Daudé Reviewed-by: Alistair Francis Message-id: 20200526062252.19852-9-f4bug@amsat.org Signed-off-by: Gerd Hoffmann --- hw/display/dpcd.c | 16 +++------------- hw/display/trace-events | 4 ++++ 2 files changed, 7 insertions(+), 13 deletions(-) diff --git a/hw/display/dpcd.c b/hw/display/dpcd.c index 0c1b7b35fb..64463654a1 100644 --- a/hw/display/dpcd.c +++ b/hw/display/dpcd.c @@ -32,16 +32,7 @@ #include "hw/misc/auxbus.h" #include "migration/vmstate.h" #include "hw/display/dpcd.h" - -#ifndef DEBUG_DPCD -#define DEBUG_DPCD 0 -#endif - -#define DPRINTF(fmt, ...) do { \ - if (DEBUG_DPCD) { \ - qemu_log("dpcd: " fmt, ## __VA_ARGS__); \ - } \ -} while (0) +#include "trace.h" #define DPCD_READABLE_AREA 0x600 @@ -70,8 +61,8 @@ static uint64_t dpcd_read(void *opaque, hwaddr offset, unsigned size) offset); ret = 0; } + trace_dpcd_read(offset, ret); - DPRINTF("read 0x%" PRIX8 " @0x%" HWADDR_PRIX "\n", ret, offset); return ret; } @@ -80,8 +71,7 @@ static void dpcd_write(void *opaque, hwaddr offset, uint64_t value, { DPCDState *e = DPCD(opaque); - DPRINTF("write 0x%" PRIX8 " @0x%" HWADDR_PRIX "\n", (uint8_t)value, offset); - + trace_dpcd_write(offset, value); if (offset < DPCD_READABLE_AREA) { e->dpcd_info[offset] = value; } else { diff --git a/hw/display/trace-events b/hw/display/trace-events index bb089a5f5e..72d4c9812c 100644 --- a/hw/display/trace-events +++ b/hw/display/trace-events @@ -157,3 +157,7 @@ artist_draw_line(unsigned int start_x, unsigned int start_y, unsigned int end_x, # cg3.c cg3_read(uint32_t addr, uint32_t val, unsigned size) "read addr:0x%06"PRIx32" val:0x%08"PRIx32" size:%u" cg3_write(uint32_t addr, uint32_t val, unsigned size) "write addr:0x%06"PRIx32" val:0x%08"PRIx32" size:%u" + +# dpcd.c +dpcd_read(uint32_t addr, uint8_t val) "read addr:0x%"PRIx32" val:0x%02x" +dpcd_write(uint32_t addr, uint8_t val) "write addr:0x%"PRIx32" val:0x%02x" From 7bbdf0f8922ab0fc6f805851f6bb1a9d271414f4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= Date: Tue, 26 May 2020 08:22:47 +0200 Subject: [PATCH 09/21] hw/display/xlnx_dp: Replace disabled DPRINTF() by error_report() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit DPRINTF() calls are disabled by default, so when unexpected data is used, the whole process abort without information. Display a bit of information with error_report() before crashing. Signed-off-by: Philippe Mathieu-Daudé Reviewed-by: Edgar E. Iglesias Reviewed-by: Alistair Francis Message-id: 20200526062252.19852-10-f4bug@amsat.org Signed-off-by: Gerd Hoffmann --- hw/display/xlnx_dp.c | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/hw/display/xlnx_dp.c b/hw/display/xlnx_dp.c index 3e5fb44e06..8d940cd8d1 100644 --- a/hw/display/xlnx_dp.c +++ b/hw/display/xlnx_dp.c @@ -1,5 +1,5 @@ /* - * xlnx_dp.c + * Xilinx Display Port * * Copyright (C) 2015 : GreenSocs Ltd * http://www.greensocs.com/ , email: info@greensocs.com @@ -24,6 +24,7 @@ #include "qemu/osdep.h" #include "qapi/error.h" +#include "qemu/error-report.h" #include "qemu/log.h" #include "qemu/module.h" #include "hw/display/xlnx_dp.h" @@ -465,7 +466,7 @@ static uint8_t xlnx_dp_aux_pop_tx_fifo(XlnxDPState *s) uint8_t ret; if (fifo8_is_empty(&s->tx_fifo)) { - DPRINTF("tx_fifo underflow..\n"); + error_report("%s: TX_FIFO underflow", __func__); abort(); } ret = fifo8_pop(&s->tx_fifo); @@ -525,6 +526,7 @@ static void xlnx_dp_aux_set_command(XlnxDPState *s, uint32_t value) qemu_log_mask(LOG_UNIMP, "xlnx_dp: Write i2c status not implemented\n"); break; default: + error_report("%s: invalid command: %u", __func__, cmd); abort(); } @@ -631,8 +633,8 @@ static void xlnx_dp_change_graphic_fmt(XlnxDPState *s) s->g_plane.format = PIXMAN_b8g8r8; break; default: - DPRINTF("error: unsupported graphic format %u.\n", - s->avbufm_registers[AV_BUF_FORMAT] & DP_GRAPHIC_MASK); + error_report("%s: unsupported graphic format %u", __func__, + s->avbufm_registers[AV_BUF_FORMAT] & DP_GRAPHIC_MASK); abort(); } @@ -647,8 +649,8 @@ static void xlnx_dp_change_graphic_fmt(XlnxDPState *s) s->v_plane.format = PIXMAN_x8b8g8r8; break; default: - DPRINTF("error: unsupported video format %u.\n", - s->avbufm_registers[AV_BUF_FORMAT] & DP_NL_VID_FMT_MASK); + error_report("%s: unsupported video format %u", __func__, + s->avbufm_registers[AV_BUF_FORMAT] & DP_NL_VID_FMT_MASK); abort(); } From aa0fd16d00efd56acdf7def10f769615038e2375 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= Date: Tue, 26 May 2020 08:22:48 +0200 Subject: [PATCH 10/21] hw/display/vmware_vga: Replace printf() calls by qemu_log_mask(ERROR) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Avoid flooding stdio by converting printf() calls to qemu_log_mask(GUEST_ERROR), which are disabled by default. Signed-off-by: Philippe Mathieu-Daudé Reviewed-by: Alistair Francis Message-id: 20200526062252.19852-11-f4bug@amsat.org Signed-off-by: Gerd Hoffmann --- hw/display/vmware_vga.c | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/hw/display/vmware_vga.c b/hw/display/vmware_vga.c index 58ea82e3e5..5c0fc49d9d 100644 --- a/hw/display/vmware_vga.c +++ b/hw/display/vmware_vga.c @@ -26,6 +26,7 @@ #include "qemu/module.h" #include "qemu/units.h" #include "qapi/error.h" +#include "qemu/log.h" #include "hw/loader.h" #include "trace.h" #include "ui/vnc.h" @@ -953,7 +954,8 @@ static uint32_t vmsvga_value_read(void *opaque, uint32_t address) ret = s->scratch[s->index - SVGA_SCRATCH_BASE]; break; } - printf("%s: Bad register %02x\n", __func__, s->index); + qemu_log_mask(LOG_GUEST_ERROR, + "%s: Bad register %02x\n", __func__, s->index); ret = 0; break; } @@ -1002,7 +1004,8 @@ static void vmsvga_value_write(void *opaque, uint32_t address, uint32_t value) s->new_width = value; s->invalidated = 1; } else { - printf("%s: Bad width: %i\n", __func__, value); + qemu_log_mask(LOG_GUEST_ERROR, + "%s: Bad width: %i\n", __func__, value); } break; @@ -1011,13 +1014,15 @@ static void vmsvga_value_write(void *opaque, uint32_t address, uint32_t value) s->new_height = value; s->invalidated = 1; } else { - printf("%s: Bad height: %i\n", __func__, value); + qemu_log_mask(LOG_GUEST_ERROR, + "%s: Bad height: %i\n", __func__, value); } break; case SVGA_REG_BITS_PER_PIXEL: if (value != 32) { - printf("%s: Bad bits per pixel: %i bits\n", __func__, value); + qemu_log_mask(LOG_GUEST_ERROR, + "%s: Bad bits per pixel: %i bits\n", __func__, value); s->config = 0; s->invalidated = 1; } @@ -1082,7 +1087,8 @@ static void vmsvga_value_write(void *opaque, uint32_t address, uint32_t value) s->scratch[s->index - SVGA_SCRATCH_BASE] = value; break; } - printf("%s: Bad register %02x\n", __func__, s->index); + qemu_log_mask(LOG_GUEST_ERROR, + "%s: Bad register %02x\n", __func__, s->index); } } From becce5e90ace3f4d16ff31f12835bf416ba702a7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= Date: Tue, 26 May 2020 08:22:49 +0200 Subject: [PATCH 11/21] hw/display/vmware_vga: Let the PCI device own its I/O MemoryRegion MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit To avoid the orphan I/O memory region being added in the /unattached QOM container, register the PCI device as its owner. Signed-off-by: Philippe Mathieu-Daudé Message-id: 20200526062252.19852-12-f4bug@amsat.org Signed-off-by: Gerd Hoffmann --- hw/display/vmware_vga.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hw/display/vmware_vga.c b/hw/display/vmware_vga.c index 5c0fc49d9d..2579f6b218 100644 --- a/hw/display/vmware_vga.c +++ b/hw/display/vmware_vga.c @@ -1306,7 +1306,7 @@ static void pci_vmsvga_realize(PCIDevice *dev, Error **errp) dev->config[PCI_LATENCY_TIMER] = 0x40; dev->config[PCI_INTERRUPT_LINE] = 0xff; /* End */ - memory_region_init_io(&s->io_bar, NULL, &vmsvga_io_ops, &s->chip, + memory_region_init_io(&s->io_bar, OBJECT(dev), &vmsvga_io_ops, &s->chip, "vmsvga-io", 0x10); memory_region_set_flush_coalesced(&s->io_bar); pci_register_bar(dev, 0, PCI_BASE_ADDRESS_SPACE_IO, &s->io_bar); From b3caeaf2c863bbf0e57c789d2ee6923f7d3bfe4f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= Date: Tue, 26 May 2020 08:22:50 +0200 Subject: [PATCH 12/21] hw/display/exynos4210_fimd: Use qemu_log_mask(GUEST_ERROR) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Replace DPRINT_ERROR() by qemu_log_mask(GUEST_ERROR). Signed-off-by: Philippe Mathieu-Daudé Reviewed-by: Alistair Francis Message-id: 20200526062252.19852-13-f4bug@amsat.org Signed-off-by: Gerd Hoffmann --- hw/display/exynos4210_fimd.c | 46 +++++++++++++++++++++++------------- 1 file changed, 29 insertions(+), 17 deletions(-) diff --git a/hw/display/exynos4210_fimd.c b/hw/display/exynos4210_fimd.c index 1c0266ce9f..4b7286b7c9 100644 --- a/hw/display/exynos4210_fimd.c +++ b/hw/display/exynos4210_fimd.c @@ -31,6 +31,7 @@ #include "ui/pixel_ops.h" #include "qemu/bswap.h" #include "qemu/module.h" +#include "qemu/log.h" /* Debug messages configuration */ #define EXYNOS4210_FIMD_DEBUG 0 @@ -39,20 +40,15 @@ #if EXYNOS4210_FIMD_DEBUG == 0 #define DPRINT_L1(fmt, args...) do { } while (0) #define DPRINT_L2(fmt, args...) do { } while (0) - #define DPRINT_ERROR(fmt, args...) do { } while (0) #elif EXYNOS4210_FIMD_DEBUG == 1 #define DPRINT_L1(fmt, args...) \ do {fprintf(stderr, "QEMU FIMD: "fmt, ## args); } while (0) #define DPRINT_L2(fmt, args...) do { } while (0) - #define DPRINT_ERROR(fmt, args...) \ - do {fprintf(stderr, "QEMU FIMD ERROR: "fmt, ## args); } while (0) #else #define DPRINT_L1(fmt, args...) \ do {fprintf(stderr, "QEMU FIMD: "fmt, ## args); } while (0) #define DPRINT_L2(fmt, args...) \ do {fprintf(stderr, "QEMU FIMD: "fmt, ## args); } while (0) - #define DPRINT_ERROR(fmt, args...) \ - do {fprintf(stderr, "QEMU FIMD ERROR: "fmt, ## args); } while (0) #endif #if EXYNOS4210_FIMD_MODE_TRACE == 0 @@ -1108,7 +1104,7 @@ static inline int fimd_get_buffer_id(Exynos4210fimdWindow *w) case FIMD_WINCON_BUF2_STAT: return 2; default: - DPRINT_ERROR("Non-existent buffer index\n"); + qemu_log_mask(LOG_GUEST_ERROR, "FIMD: Non-existent buffer index\n"); return 0; } } @@ -1160,20 +1156,24 @@ static void fimd_update_memory_section(Exynos4210fimdState *s, unsigned win) if (int128_get64(w->mem_section.size) != w->fb_len || !memory_region_is_ram(w->mem_section.mr)) { - DPRINT_ERROR("Failed to find window %u framebuffer region\n", win); + qemu_log_mask(LOG_GUEST_ERROR, + "FIMD: Failed to find window %u framebuffer region\n", + win); goto error_return; } w->host_fb_addr = cpu_physical_memory_map(fb_start_addr, &fb_mapped_len, false); if (!w->host_fb_addr) { - DPRINT_ERROR("Failed to map window %u framebuffer\n", win); + qemu_log_mask(LOG_GUEST_ERROR, + "FIMD: Failed to map window %u framebuffer\n", win); goto error_return; } if (fb_mapped_len != w->fb_len) { - DPRINT_ERROR("Window %u mapped framebuffer length is less then " - "expected\n", win); + qemu_log_mask(LOG_GUEST_ERROR, + "FIMD: Window %u mapped framebuffer length is less than " + "expected\n", win); cpu_physical_memory_unmap(w->host_fb_addr, fb_mapped_len, 0, 0); goto error_return; } @@ -1490,7 +1490,9 @@ static void exynos4210_fimd_write(void *opaque, hwaddr offset, break; case 3: if (w != 1 && w != 2) { - DPRINT_ERROR("Bad write offset 0x%08x\n", offset); + qemu_log_mask(LOG_GUEST_ERROR, + "FIMD: Bad write offset 0x%08"HWADDR_PRIx"\n", + offset); return; } s->window[w].osdsize = val; @@ -1624,7 +1626,9 @@ static void exynos4210_fimd_write(void *opaque, hwaddr offset, break; case FIMD_VIDW0ADD0_B2 ... FIMD_VIDW4ADD0_B2: if (offset & 0x0004) { - DPRINT_ERROR("bad write offset 0x%08x\n", offset); + qemu_log_mask(LOG_GUEST_ERROR, + "FIMD: bad write offset 0x%08"HWADDR_PRIx"\n", + offset); break; } w = (offset - FIMD_VIDW0ADD0_B2) >> 3; @@ -1638,14 +1642,18 @@ static void exynos4210_fimd_write(void *opaque, hwaddr offset, break; case FIMD_SHD_ADD0_START ... FIMD_SHD_ADD0_END: if (offset & 0x0004) { - DPRINT_ERROR("bad write offset 0x%08x\n", offset); + qemu_log_mask(LOG_GUEST_ERROR, + "FIMD: bad write offset 0x%08"HWADDR_PRIx"\n", + offset); break; } s->window[(offset - FIMD_SHD_ADD0_START) >> 3].shadow_buf_start = val; break; case FIMD_SHD_ADD1_START ... FIMD_SHD_ADD1_END: if (offset & 0x0004) { - DPRINT_ERROR("bad write offset 0x%08x\n", offset); + qemu_log_mask(LOG_GUEST_ERROR, + "FIMD: bad write offset 0x%08"HWADDR_PRIx"\n", + offset); break; } s->window[(offset - FIMD_SHD_ADD1_START) >> 3].shadow_buf_end = val; @@ -1665,7 +1673,8 @@ static void exynos4210_fimd_write(void *opaque, hwaddr offset, s->window[w].palette[i] = val; break; default: - DPRINT_ERROR("bad write offset 0x%08x\n", offset); + qemu_log_mask(LOG_GUEST_ERROR, + "FIMD: bad write offset 0x%08"HWADDR_PRIx"\n", offset); break; } } @@ -1715,7 +1724,9 @@ static uint64_t exynos4210_fimd_read(void *opaque, hwaddr offset, break; case 3: if (w != 1 && w != 2) { - DPRINT_ERROR("bad read offset 0x%08x\n", offset); + qemu_log_mask(LOG_GUEST_ERROR, + "FIMD: bad read offset 0x%08"HWADDR_PRIx"\n", + offset); return 0xBAADBAAD; } ret = s->window[w].osdsize; @@ -1809,7 +1820,8 @@ static uint64_t exynos4210_fimd_read(void *opaque, hwaddr offset, return s->window[w].palette[i]; } - DPRINT_ERROR("bad read offset 0x%08x\n", offset); + qemu_log_mask(LOG_GUEST_ERROR, + "FIMD: bad read offset 0x%08"HWADDR_PRIx"\n", offset); return 0xBAADBAAD; } From 00a946a3cb2568033f8f5c1a7769c5239a429c94 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= Date: Tue, 26 May 2020 08:22:51 +0200 Subject: [PATCH 13/21] hw/display/omap_dss: Replace fprintf() call by qemu_log_mask(LOG_UNIMP) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Replace fprintf() call by qemu_log_mask(LOG_UNIMP), which is disabled by default. This avoid flooding the terminal when fuzzing the device. Signed-off-by: Philippe Mathieu-Daudé Reviewed-by: Alistair Francis Message-id: 20200526062252.19852-14-f4bug@amsat.org Signed-off-by: Gerd Hoffmann --- hw/display/omap_dss.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hw/display/omap_dss.c b/hw/display/omap_dss.c index 32dc0d6aa7..21fde58a26 100644 --- a/hw/display/omap_dss.c +++ b/hw/display/omap_dss.c @@ -619,7 +619,7 @@ static void omap_rfbi_transfer_start(struct omap_dss_s *s) if (s->rfbi.control & (1 << 1)) { /* BYPASS */ /* TODO: in non-Bypass mode we probably need to just assert the * DRQ and wait for DMA to write the pixels. */ - fprintf(stderr, "%s: Bypass mode unimplemented\n", __func__); + qemu_log_mask(LOG_UNIMP, "%s: Bypass mode unimplemented\n", __func__); return; } From b3a7e2416fb867d047723da251b8960228dcc9f4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= Date: Tue, 26 May 2020 08:22:52 +0200 Subject: [PATCH 14/21] hw/display/pxa2xx_lcd: Replace printf() call by qemu_log_mask() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Replace printf() calls by qemu_log_mask(UNIMP), which is disabled by default. This avoid flooding the terminal when fuzzing the device. Signed-off-by: Philippe Mathieu-Daudé Reviewed-by: Alistair Francis Message-id: 20200526062252.19852-15-f4bug@amsat.org Signed-off-by: Gerd Hoffmann --- hw/display/pxa2xx_lcd.c | 26 ++++++++++++++------------ 1 file changed, 14 insertions(+), 12 deletions(-) diff --git a/hw/display/pxa2xx_lcd.c b/hw/display/pxa2xx_lcd.c index d5f2e82a4e..ff90104b80 100644 --- a/hw/display/pxa2xx_lcd.c +++ b/hw/display/pxa2xx_lcd.c @@ -426,9 +426,10 @@ static void pxa2xx_lcdc_write(void *opaque, hwaddr offset, if ((s->control[0] & LCCR0_ENB) && !(value & LCCR0_ENB)) s->status[0] |= LCSR0_QD; - if (!(s->control[0] & LCCR0_LCDT) && (value & LCCR0_LCDT)) - printf("%s: internal frame buffer unsupported\n", __func__); - + if (!(s->control[0] & LCCR0_LCDT) && (value & LCCR0_LCDT)) { + qemu_log_mask(LOG_UNIMP, + "%s: internal frame buffer unsupported\n", __func__); + } if ((s->control[3] & LCCR3_API) && (value & LCCR0_ENB) && !(value & LCCR0_LCDT)) s->status[0] |= LCSR0_ABC; @@ -462,9 +463,9 @@ static void pxa2xx_lcdc_write(void *opaque, hwaddr offset, break; case OVL1C1: - if (!(s->ovl1c[0] & OVLC1_EN) && (value & OVLC1_EN)) - printf("%s: Overlay 1 not supported\n", __func__); - + if (!(s->ovl1c[0] & OVLC1_EN) && (value & OVLC1_EN)) { + qemu_log_mask(LOG_UNIMP, "%s: Overlay 1 not supported\n", __func__); + } s->ovl1c[0] = value & 0x80ffffff; s->dma_ch[1].up = (value & OVLC1_EN) || (s->control[0] & LCCR0_SDS); break; @@ -474,9 +475,9 @@ static void pxa2xx_lcdc_write(void *opaque, hwaddr offset, break; case OVL2C1: - if (!(s->ovl2c[0] & OVLC1_EN) && (value & OVLC1_EN)) - printf("%s: Overlay 2 not supported\n", __func__); - + if (!(s->ovl2c[0] & OVLC1_EN) && (value & OVLC1_EN)) { + qemu_log_mask(LOG_UNIMP, "%s: Overlay 2 not supported\n", __func__); + } s->ovl2c[0] = value & 0x80ffffff; s->dma_ch[2].up = !!(value & OVLC1_EN); s->dma_ch[3].up = !!(value & OVLC1_EN); @@ -488,9 +489,10 @@ static void pxa2xx_lcdc_write(void *opaque, hwaddr offset, break; case CCR: - if (!(s->ccr & CCR_CEN) && (value & CCR_CEN)) - printf("%s: Hardware cursor unimplemented\n", __func__); - + if (!(s->ccr & CCR_CEN) && (value & CCR_CEN)) { + qemu_log_mask(LOG_UNIMP, + "%s: Hardware cursor unimplemented\n", __func__); + } s->ccr = value & 0x81ffffe7; s->dma_ch[5].up = !!(value & CCR_CEN); break; From e29da77e5fddf6480e3a0e80b63d703edaec751b Mon Sep 17 00:00:00 2001 From: BALATON Zoltan Date: Thu, 21 May 2020 21:39:44 +0200 Subject: [PATCH 15/21] sm501: Convert printf + abort to qemu_log_mask MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Some places already use qemu_log_mask() to log unimplemented features or errors but some others have printf() then abort(). Convert these to qemu_log_mask() and avoid aborting to prevent guests to easily cause denial of service. Signed-off-by: BALATON Zoltan Reviewed-by: Philippe Mathieu-Daudé Message-id: 305af87f59d81e92f2aaff09eb8a3603b8baa322.1590089984.git.balaton@eik.bme.hu Signed-off-by: Gerd Hoffmann --- hw/display/sm501.c | 57 ++++++++++++++++++++++------------------------ 1 file changed, 27 insertions(+), 30 deletions(-) diff --git a/hw/display/sm501.c b/hw/display/sm501.c index acc692531a..bd3ccfe311 100644 --- a/hw/display/sm501.c +++ b/hw/display/sm501.c @@ -727,8 +727,8 @@ static void sm501_2d_operation(SM501State *s) int fb_len = get_width(s, crt) * get_height(s, crt) * get_bpp(s, crt); if (addressing != 0x0) { - printf("%s: only XY addressing is supported.\n", __func__); - abort(); + qemu_log_mask(LOG_UNIMP, "sm501: only XY addressing is supported.\n"); + return; } if (rop_mode == 0) { @@ -754,8 +754,8 @@ static void sm501_2d_operation(SM501State *s) if ((s->twoD_source_base & 0x08000000) || (s->twoD_destination_base & 0x08000000)) { - printf("%s: only local memory is supported.\n", __func__); - abort(); + qemu_log_mask(LOG_UNIMP, "sm501: only local memory is supported.\n"); + return; } switch (operation) { @@ -823,9 +823,9 @@ static void sm501_2d_operation(SM501State *s) break; default: - printf("non-implemented SM501 2D operation. %d\n", operation); - abort(); - break; + qemu_log_mask(LOG_UNIMP, "sm501: not implemented 2D operation: %d\n", + operation); + return; } if (dst_base >= get_fb_addr(s, crt) && @@ -892,9 +892,8 @@ static uint64_t sm501_system_config_read(void *opaque, hwaddr addr, break; default: - printf("sm501 system config : not implemented register read." - " addr=%x\n", (int)addr); - abort(); + qemu_log_mask(LOG_UNIMP, "sm501: not implemented system config" + "register read. addr=%" HWADDR_PRIx "\n", addr); } return ret; @@ -948,15 +947,15 @@ static void sm501_system_config_write(void *opaque, hwaddr addr, break; case SM501_ENDIAN_CONTROL: if (value & 0x00000001) { - printf("sm501 system config : big endian mode not implemented.\n"); - abort(); + qemu_log_mask(LOG_UNIMP, "sm501: system config big endian mode not" + " implemented.\n"); } break; default: - printf("sm501 system config : not implemented register write." - " addr=%x, val=%x\n", (int)addr, (uint32_t)value); - abort(); + qemu_log_mask(LOG_UNIMP, "sm501: not implemented system config" + "register write. addr=%" HWADDR_PRIx + ", val=%" PRIx64 "\n", addr, value); } } @@ -1207,9 +1206,8 @@ static uint64_t sm501_disp_ctrl_read(void *opaque, hwaddr addr, break; default: - printf("sm501 disp ctrl : not implemented register read." - " addr=%x\n", (int)addr); - abort(); + qemu_log_mask(LOG_UNIMP, "sm501: not implemented disp ctrl register " + "read. addr=%" HWADDR_PRIx "\n", addr); } return ret; @@ -1345,9 +1343,9 @@ static void sm501_disp_ctrl_write(void *opaque, hwaddr addr, break; default: - printf("sm501 disp ctrl : not implemented register write." - " addr=%x, val=%x\n", (int)addr, (unsigned)value); - abort(); + qemu_log_mask(LOG_UNIMP, "sm501: not implemented disp ctrl register " + "write. addr=%" HWADDR_PRIx + ", val=%" PRIx64 "\n", addr, value); } } @@ -1433,9 +1431,8 @@ static uint64_t sm501_2d_engine_read(void *opaque, hwaddr addr, ret = 0; /* Should return interrupt status */ break; default: - printf("sm501 disp ctrl : not implemented register read." - " addr=%x\n", (int)addr); - abort(); + qemu_log_mask(LOG_UNIMP, "sm501: not implemented disp ctrl register " + "read. addr=%" HWADDR_PRIx "\n", addr); } return ret; @@ -1520,9 +1517,9 @@ static void sm501_2d_engine_write(void *opaque, hwaddr addr, /* ignored, writing 0 should clear interrupt status */ break; default: - printf("sm501 2d engine : not implemented register write." - " addr=%x, val=%x\n", (int)addr, (unsigned)value); - abort(); + qemu_log_mask(LOG_UNIMP, "sm501: not implemented 2d engine register " + "write. addr=%" HWADDR_PRIx + ", val=%" PRIx64 "\n", addr, value); } } @@ -1670,9 +1667,9 @@ static void sm501_update_display(void *opaque) draw_line = draw_line32_funcs[dst_depth_index]; break; default: - printf("sm501 update display : invalid control register value.\n"); - abort(); - break; + qemu_log_mask(LOG_GUEST_ERROR, "sm501: update display" + "invalid control register value.\n"); + return; } /* set up to draw hardware cursor */ From 6f8183b5dc5b309378687830a25e85ea8fb860ea Mon Sep 17 00:00:00 2001 From: BALATON Zoltan Date: Thu, 21 May 2020 21:39:44 +0200 Subject: [PATCH 16/21] sm501: Shorten long variable names in sm501_2d_operation This increases readability and cleans up some confusing naming. Signed-off-by: BALATON Zoltan Message-id: b9b67b94c46e945252a73c77dfd117132c63c4fb.1590089984.git.balaton@eik.bme.hu Signed-off-by: Gerd Hoffmann --- hw/display/sm501.c | 45 ++++++++++++++++++++++----------------------- 1 file changed, 22 insertions(+), 23 deletions(-) diff --git a/hw/display/sm501.c b/hw/display/sm501.c index bd3ccfe311..f42d05e1e4 100644 --- a/hw/display/sm501.c +++ b/hw/display/sm501.c @@ -700,17 +700,16 @@ static inline void hwc_invalidate(SM501State *s, int crt) static void sm501_2d_operation(SM501State *s) { /* obtain operation parameters */ - int operation = (s->twoD_control >> 16) & 0x1f; + int cmd = (s->twoD_control >> 16) & 0x1F; int rtl = s->twoD_control & 0x8000000; int src_x = (s->twoD_source >> 16) & 0x01FFF; int src_y = s->twoD_source & 0xFFFF; int dst_x = (s->twoD_destination >> 16) & 0x01FFF; int dst_y = s->twoD_destination & 0xFFFF; - int operation_width = (s->twoD_dimension >> 16) & 0x1FFF; - int operation_height = s->twoD_dimension & 0xFFFF; + int width = (s->twoD_dimension >> 16) & 0x1FFF; + int height = s->twoD_dimension & 0xFFFF; uint32_t color = s->twoD_foreground; - int format_flags = (s->twoD_stretch >> 20) & 0x3; - int addressing = (s->twoD_stretch >> 16) & 0xF; + int format = (s->twoD_stretch >> 20) & 0x3; int rop_mode = (s->twoD_control >> 15) & 0x1; /* 1 for rop2, else rop3 */ /* 1 if rop2 source is the pattern, otherwise the source is the bitmap */ int rop2_source_is_pattern = (s->twoD_control >> 14) & 0x1; @@ -721,12 +720,12 @@ static void sm501_2d_operation(SM501State *s) /* get frame buffer info */ uint8_t *src = s->local_mem + src_base; uint8_t *dst = s->local_mem + dst_base; - int src_width = s->twoD_pitch & 0x1FFF; - int dst_width = (s->twoD_pitch >> 16) & 0x1FFF; + int src_pitch = s->twoD_pitch & 0x1FFF; + int dst_pitch = (s->twoD_pitch >> 16) & 0x1FFF; int crt = (s->dc_crt_control & SM501_DC_CRT_CONTROL_SEL) ? 1 : 0; int fb_len = get_width(s, crt) * get_height(s, crt) * get_bpp(s, crt); - if (addressing != 0x0) { + if ((s->twoD_stretch >> 16) & 0xF) { qemu_log_mask(LOG_UNIMP, "sm501: only XY addressing is supported.\n"); return; } @@ -758,20 +757,20 @@ static void sm501_2d_operation(SM501State *s) return; } - switch (operation) { + switch (cmd) { case 0x00: /* copy area */ #define COPY_AREA(_bpp, _pixel_type, rtl) { \ int y, x, index_d, index_s; \ - for (y = 0; y < operation_height; y++) { \ - for (x = 0; x < operation_width; x++) { \ + for (y = 0; y < height; y++) { \ + for (x = 0; x < width; x++) { \ _pixel_type val; \ \ if (rtl) { \ - index_s = ((src_y - y) * src_width + src_x - x) * _bpp; \ - index_d = ((dst_y - y) * dst_width + dst_x - x) * _bpp; \ + index_s = ((src_y - y) * src_pitch + src_x - x) * _bpp; \ + index_d = ((dst_y - y) * dst_pitch + dst_x - x) * _bpp; \ } else { \ - index_s = ((src_y + y) * src_width + src_x + x) * _bpp; \ - index_d = ((dst_y + y) * dst_width + dst_x + x) * _bpp; \ + index_s = ((src_y + y) * src_pitch + src_x + x) * _bpp; \ + index_d = ((dst_y + y) * dst_pitch + dst_x + x) * _bpp; \ } \ if (rop_mode == 1 && rop == 5) { \ /* Invert dest */ \ @@ -783,7 +782,7 @@ static void sm501_2d_operation(SM501State *s) } \ } \ } - switch (format_flags) { + switch (format) { case 0: COPY_AREA(1, uint8_t, rtl); break; @@ -799,15 +798,15 @@ static void sm501_2d_operation(SM501State *s) case 0x01: /* fill rectangle */ #define FILL_RECT(_bpp, _pixel_type) { \ int y, x; \ - for (y = 0; y < operation_height; y++) { \ - for (x = 0; x < operation_width; x++) { \ - int index = ((dst_y + y) * dst_width + dst_x + x) * _bpp; \ + for (y = 0; y < height; y++) { \ + for (x = 0; x < width; x++) { \ + int index = ((dst_y + y) * dst_pitch + dst_x + x) * _bpp; \ *(_pixel_type *)&dst[index] = (_pixel_type)color; \ } \ } \ } - switch (format_flags) { + switch (format) { case 0: FILL_RECT(1, uint8_t); break; @@ -824,14 +823,14 @@ static void sm501_2d_operation(SM501State *s) default: qemu_log_mask(LOG_UNIMP, "sm501: not implemented 2D operation: %d\n", - operation); + cmd); return; } if (dst_base >= get_fb_addr(s, crt) && dst_base <= get_fb_addr(s, crt) + fb_len) { - int dst_len = MIN(fb_len, ((dst_y + operation_height - 1) * dst_width + - dst_x + operation_width) * (1 << format_flags)); + int dst_len = MIN(fb_len, ((dst_y + height - 1) * dst_pitch + + dst_x + width) * (1 << format)); if (dst_len) { memory_region_set_dirty(&s->local_mem_region, dst_base, dst_len); } From 2824809b7f8f03ddc6e2b7e33e78c06022424298 Mon Sep 17 00:00:00 2001 From: BALATON Zoltan Date: Thu, 21 May 2020 21:39:44 +0200 Subject: [PATCH 17/21] sm501: Use BIT(x) macro to shorten constant MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: BALATON Zoltan Reviewed-by: Philippe Mathieu-Daudé Message-id: 124bf5de8d7cf503b32b377d0445029a76bfbd49.1590089984.git.balaton@eik.bme.hu Signed-off-by: Gerd Hoffmann --- hw/display/sm501.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/hw/display/sm501.c b/hw/display/sm501.c index f42d05e1e4..97660090bb 100644 --- a/hw/display/sm501.c +++ b/hw/display/sm501.c @@ -701,7 +701,7 @@ static void sm501_2d_operation(SM501State *s) { /* obtain operation parameters */ int cmd = (s->twoD_control >> 16) & 0x1F; - int rtl = s->twoD_control & 0x8000000; + int rtl = s->twoD_control & BIT(27); int src_x = (s->twoD_source >> 16) & 0x01FFF; int src_y = s->twoD_source & 0xFFFF; int dst_x = (s->twoD_destination >> 16) & 0x01FFF; @@ -751,8 +751,7 @@ static void sm501_2d_operation(SM501State *s) } } - if ((s->twoD_source_base & 0x08000000) || - (s->twoD_destination_base & 0x08000000)) { + if (s->twoD_source_base & BIT(27) || s->twoD_destination_base & BIT(27)) { qemu_log_mask(LOG_UNIMP, "sm501: only local memory is supported.\n"); return; } From 3d0b096298b5579a7fa0753ad90968b27bc65372 Mon Sep 17 00:00:00 2001 From: BALATON Zoltan Date: Thu, 21 May 2020 21:39:44 +0200 Subject: [PATCH 18/21] sm501: Clean up local variables in sm501_2d_operation MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Make variables local to the block they are used in to make it clearer which operation they are needed for. Signed-off-by: BALATON Zoltan Reviewed-by: Philippe Mathieu-Daudé Message-id: ae59f8138afe7f6a5a4a82539d0f61496a906b06.1590089984.git.balaton@eik.bme.hu Signed-off-by: Gerd Hoffmann --- hw/display/sm501.c | 31 ++++++++++++++++--------------- 1 file changed, 16 insertions(+), 15 deletions(-) diff --git a/hw/display/sm501.c b/hw/display/sm501.c index 97660090bb..5ed57703d8 100644 --- a/hw/display/sm501.c +++ b/hw/display/sm501.c @@ -699,28 +699,19 @@ static inline void hwc_invalidate(SM501State *s, int crt) static void sm501_2d_operation(SM501State *s) { - /* obtain operation parameters */ int cmd = (s->twoD_control >> 16) & 0x1F; int rtl = s->twoD_control & BIT(27); - int src_x = (s->twoD_source >> 16) & 0x01FFF; - int src_y = s->twoD_source & 0xFFFF; - int dst_x = (s->twoD_destination >> 16) & 0x01FFF; - int dst_y = s->twoD_destination & 0xFFFF; - int width = (s->twoD_dimension >> 16) & 0x1FFF; - int height = s->twoD_dimension & 0xFFFF; - uint32_t color = s->twoD_foreground; int format = (s->twoD_stretch >> 20) & 0x3; int rop_mode = (s->twoD_control >> 15) & 0x1; /* 1 for rop2, else rop3 */ /* 1 if rop2 source is the pattern, otherwise the source is the bitmap */ int rop2_source_is_pattern = (s->twoD_control >> 14) & 0x1; int rop = s->twoD_control & 0xFF; - uint32_t src_base = s->twoD_source_base & 0x03FFFFFF; + int dst_x = (s->twoD_destination >> 16) & 0x01FFF; + int dst_y = s->twoD_destination & 0xFFFF; + int width = (s->twoD_dimension >> 16) & 0x1FFF; + int height = s->twoD_dimension & 0xFFFF; uint32_t dst_base = s->twoD_destination_base & 0x03FFFFFF; - - /* get frame buffer info */ - uint8_t *src = s->local_mem + src_base; uint8_t *dst = s->local_mem + dst_base; - int src_pitch = s->twoD_pitch & 0x1FFF; int dst_pitch = (s->twoD_pitch >> 16) & 0x1FFF; int crt = (s->dc_crt_control & SM501_DC_CRT_CONTROL_SEL) ? 1 : 0; int fb_len = get_width(s, crt) * get_height(s, crt) * get_bpp(s, crt); @@ -758,6 +749,13 @@ static void sm501_2d_operation(SM501State *s) switch (cmd) { case 0x00: /* copy area */ + { + int src_x = (s->twoD_source >> 16) & 0x01FFF; + int src_y = s->twoD_source & 0xFFFF; + uint32_t src_base = s->twoD_source_base & 0x03FFFFFF; + uint8_t *src = s->local_mem + src_base; + int src_pitch = s->twoD_pitch & 0x1FFF; + #define COPY_AREA(_bpp, _pixel_type, rtl) { \ int y, x, index_d, index_s; \ for (y = 0; y < height; y++) { \ @@ -793,8 +791,11 @@ static void sm501_2d_operation(SM501State *s) break; } break; - + } case 0x01: /* fill rectangle */ + { + uint32_t color = s->twoD_foreground; + #define FILL_RECT(_bpp, _pixel_type) { \ int y, x; \ for (y = 0; y < height; y++) { \ @@ -819,7 +820,7 @@ static void sm501_2d_operation(SM501State *s) break; } break; - + } default: qemu_log_mask(LOG_UNIMP, "sm501: not implemented 2D operation: %d\n", cmd); From b15a22bbcbe6a78dc3d88fe3134985e4cdd87de4 Mon Sep 17 00:00:00 2001 From: BALATON Zoltan Date: Thu, 21 May 2020 21:39:44 +0200 Subject: [PATCH 19/21] sm501: Replace hand written implementation with pixman where possible Besides being faster this should also prevent malicious guests to abuse 2D engine to overwrite data or cause a crash. Signed-off-by: BALATON Zoltan Message-id: 58666389b6cae256e4e972a32c05cf8aa51bffc0.1590089984.git.balaton@eik.bme.hu Signed-off-by: Gerd Hoffmann --- hw/display/sm501.c | 211 ++++++++++++++++++++++++++------------------- 1 file changed, 121 insertions(+), 90 deletions(-) diff --git a/hw/display/sm501.c b/hw/display/sm501.c index 5ed57703d8..8bf4d111f4 100644 --- a/hw/display/sm501.c +++ b/hw/display/sm501.c @@ -706,13 +706,12 @@ static void sm501_2d_operation(SM501State *s) /* 1 if rop2 source is the pattern, otherwise the source is the bitmap */ int rop2_source_is_pattern = (s->twoD_control >> 14) & 0x1; int rop = s->twoD_control & 0xFF; - int dst_x = (s->twoD_destination >> 16) & 0x01FFF; - int dst_y = s->twoD_destination & 0xFFFF; - int width = (s->twoD_dimension >> 16) & 0x1FFF; - int height = s->twoD_dimension & 0xFFFF; + unsigned int dst_x = (s->twoD_destination >> 16) & 0x01FFF; + unsigned int dst_y = s->twoD_destination & 0xFFFF; + unsigned int width = (s->twoD_dimension >> 16) & 0x1FFF; + unsigned int height = s->twoD_dimension & 0xFFFF; uint32_t dst_base = s->twoD_destination_base & 0x03FFFFFF; - uint8_t *dst = s->local_mem + dst_base; - int dst_pitch = (s->twoD_pitch >> 16) & 0x1FFF; + unsigned int dst_pitch = (s->twoD_pitch >> 16) & 0x1FFF; int crt = (s->dc_crt_control & SM501_DC_CRT_CONTROL_SEL) ? 1 : 0; int fb_len = get_width(s, crt) * get_height(s, crt) * get_bpp(s, crt); @@ -721,104 +720,136 @@ static void sm501_2d_operation(SM501State *s) return; } - if (rop_mode == 0) { - if (rop != 0xcc) { - /* Anything other than plain copies are not supported */ - qemu_log_mask(LOG_UNIMP, "sm501: rop3 mode with rop %x is not " - "supported.\n", rop); - } - } else { - if (rop2_source_is_pattern && rop != 0x5) { - /* For pattern source, we support only inverse dest */ - qemu_log_mask(LOG_UNIMP, "sm501: rop2 source being the pattern and " - "rop %x is not supported.\n", rop); - } else { - if (rop != 0x5 && rop != 0xc) { - /* Anything other than plain copies or inverse dest is not - * supported */ - qemu_log_mask(LOG_UNIMP, "sm501: rop mode %x is not " - "supported.\n", rop); - } - } - } - if (s->twoD_source_base & BIT(27) || s->twoD_destination_base & BIT(27)) { qemu_log_mask(LOG_UNIMP, "sm501: only local memory is supported.\n"); return; } - switch (cmd) { - case 0x00: /* copy area */ - { - int src_x = (s->twoD_source >> 16) & 0x01FFF; - int src_y = s->twoD_source & 0xFFFF; - uint32_t src_base = s->twoD_source_base & 0x03FFFFFF; - uint8_t *src = s->local_mem + src_base; - int src_pitch = s->twoD_pitch & 0x1FFF; - -#define COPY_AREA(_bpp, _pixel_type, rtl) { \ - int y, x, index_d, index_s; \ - for (y = 0; y < height; y++) { \ - for (x = 0; x < width; x++) { \ - _pixel_type val; \ - \ - if (rtl) { \ - index_s = ((src_y - y) * src_pitch + src_x - x) * _bpp; \ - index_d = ((dst_y - y) * dst_pitch + dst_x - x) * _bpp; \ - } else { \ - index_s = ((src_y + y) * src_pitch + src_x + x) * _bpp; \ - index_d = ((dst_y + y) * dst_pitch + dst_x + x) * _bpp; \ - } \ - if (rop_mode == 1 && rop == 5) { \ - /* Invert dest */ \ - val = ~*(_pixel_type *)&dst[index_d]; \ - } else { \ - val = *(_pixel_type *)&src[index_s]; \ - } \ - *(_pixel_type *)&dst[index_d] = val; \ - } \ - } \ + if (!dst_pitch) { + qemu_log_mask(LOG_GUEST_ERROR, "sm501: Zero dest pitch.\n"); + return; } - switch (format) { - case 0: - COPY_AREA(1, uint8_t, rtl); - break; - case 1: - COPY_AREA(2, uint16_t, rtl); - break; - case 2: - COPY_AREA(4, uint32_t, rtl); - break; + + if (!width || !height) { + qemu_log_mask(LOG_GUEST_ERROR, "sm501: Zero size 2D op.\n"); + return; + } + + if (rtl) { + dst_x -= width - 1; + dst_y -= height - 1; + } + + if (dst_base >= get_local_mem_size(s) || dst_base + + (dst_x + width + (dst_y + height) * (dst_pitch + width)) * + (1 << format) >= get_local_mem_size(s)) { + qemu_log_mask(LOG_GUEST_ERROR, "sm501: 2D op dest is outside vram.\n"); + return; + } + + switch (cmd) { + case 0: /* BitBlt */ + { + unsigned int src_x = (s->twoD_source >> 16) & 0x01FFF; + unsigned int src_y = s->twoD_source & 0xFFFF; + uint32_t src_base = s->twoD_source_base & 0x03FFFFFF; + unsigned int src_pitch = s->twoD_pitch & 0x1FFF; + + if (!src_pitch) { + qemu_log_mask(LOG_GUEST_ERROR, "sm501: Zero src pitch.\n"); + return; + } + + if (rtl) { + src_x -= width - 1; + src_y -= height - 1; + } + + if (src_base >= get_local_mem_size(s) || src_base + + (src_x + width + (src_y + height) * (src_pitch + width)) * + (1 << format) >= get_local_mem_size(s)) { + qemu_log_mask(LOG_GUEST_ERROR, + "sm501: 2D op src is outside vram.\n"); + return; + } + + if ((rop_mode && rop == 0x5) || (!rop_mode && rop == 0x55)) { + /* Invert dest, is there a way to do this with pixman? */ + unsigned int x, y, i; + uint8_t *d = s->local_mem + dst_base; + + for (y = 0; y < height; y++) { + i = (dst_x + (dst_y + y) * dst_pitch) * (1 << format); + for (x = 0; x < width; x++, i += (1 << format)) { + switch (format) { + case 0: + d[i] = ~d[i]; + break; + case 1: + *(uint16_t *)&d[i] = ~*(uint16_t *)&d[i]; + break; + case 2: + *(uint32_t *)&d[i] = ~*(uint32_t *)&d[i]; + break; + } + } + } + } else { + /* Do copy src for unimplemented ops, better than unpainted area */ + if ((rop_mode && (rop != 0xc || rop2_source_is_pattern)) || + (!rop_mode && rop != 0xcc)) { + qemu_log_mask(LOG_UNIMP, + "sm501: rop%d op %x%s not implemented\n", + (rop_mode ? 2 : 3), rop, + (rop2_source_is_pattern ? + " with pattern source" : "")); + } + /* Check for overlaps, this could be made more exact */ + uint32_t sb, se, db, de; + sb = src_base + src_x + src_y * (width + src_pitch); + se = sb + width + height * (width + src_pitch); + db = dst_base + dst_x + dst_y * (width + dst_pitch); + de = db + width + height * (width + dst_pitch); + if (rtl && ((db >= sb && db <= se) || (de >= sb && de <= se))) { + /* regions may overlap: copy via temporary */ + int llb = width * (1 << format); + int tmp_stride = DIV_ROUND_UP(llb, sizeof(uint32_t)); + uint32_t *tmp = g_malloc(tmp_stride * sizeof(uint32_t) * + height); + pixman_blt((uint32_t *)&s->local_mem[src_base], tmp, + src_pitch * (1 << format) / sizeof(uint32_t), + tmp_stride, 8 * (1 << format), 8 * (1 << format), + src_x, src_y, 0, 0, width, height); + pixman_blt(tmp, (uint32_t *)&s->local_mem[dst_base], + tmp_stride, + dst_pitch * (1 << format) / sizeof(uint32_t), + 8 * (1 << format), 8 * (1 << format), + 0, 0, dst_x, dst_y, width, height); + g_free(tmp); + } else { + pixman_blt((uint32_t *)&s->local_mem[src_base], + (uint32_t *)&s->local_mem[dst_base], + src_pitch * (1 << format) / sizeof(uint32_t), + dst_pitch * (1 << format) / sizeof(uint32_t), + 8 * (1 << format), 8 * (1 << format), + src_x, src_y, dst_x, dst_y, width, height); + } } break; } - case 0x01: /* fill rectangle */ + case 1: /* Rectangle Fill */ { uint32_t color = s->twoD_foreground; -#define FILL_RECT(_bpp, _pixel_type) { \ - int y, x; \ - for (y = 0; y < height; y++) { \ - for (x = 0; x < width; x++) { \ - int index = ((dst_y + y) * dst_pitch + dst_x + x) * _bpp; \ - *(_pixel_type *)&dst[index] = (_pixel_type)color; \ - } \ - } \ - } - - switch (format) { - case 0: - FILL_RECT(1, uint8_t); - break; - case 1: - color = cpu_to_le16(color); - FILL_RECT(2, uint16_t); - break; - case 2: + if (format == 2) { color = cpu_to_le32(color); - FILL_RECT(4, uint32_t); - break; + } else if (format == 1) { + color = cpu_to_le16(color); } + + pixman_fill((uint32_t *)&s->local_mem[dst_base], + dst_pitch * (1 << format) / sizeof(uint32_t), + 8 * (1 << format), dst_x, dst_y, width, height, color); break; } default: From fa70c2871f011f1ca6763a21a291f2ced1f121d2 Mon Sep 17 00:00:00 2001 From: BALATON Zoltan Date: Thu, 21 May 2020 21:39:44 +0200 Subject: [PATCH 20/21] sm501: Optimize small overlapping blits AmigaOS tends to do a lot of small blits (even 1 pixel). Avoid malloc overhead by keeping around a buffer for this and only alloc when blitting larger areas. Signed-off-by: BALATON Zoltan Message-id: 7946852258d528497e85f465327fc90b5c3b59fb.1590089984.git.balaton@eik.bme.hu Signed-off-by: Gerd Hoffmann --- hw/display/sm501.c | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/hw/display/sm501.c b/hw/display/sm501.c index 8bf4d111f4..e7a9f77de7 100644 --- a/hw/display/sm501.c +++ b/hw/display/sm501.c @@ -750,6 +750,7 @@ static void sm501_2d_operation(SM501State *s) switch (cmd) { case 0: /* BitBlt */ { + static uint32_t tmp_buf[16384]; unsigned int src_x = (s->twoD_source >> 16) & 0x01FFF; unsigned int src_y = s->twoD_source & 0xFFFF; uint32_t src_base = s->twoD_source_base & 0x03FFFFFF; @@ -812,10 +813,14 @@ static void sm501_2d_operation(SM501State *s) de = db + width + height * (width + dst_pitch); if (rtl && ((db >= sb && db <= se) || (de >= sb && de <= se))) { /* regions may overlap: copy via temporary */ - int llb = width * (1 << format); + int free_buf = 0, llb = width * (1 << format); int tmp_stride = DIV_ROUND_UP(llb, sizeof(uint32_t)); - uint32_t *tmp = g_malloc(tmp_stride * sizeof(uint32_t) * - height); + uint32_t *tmp = tmp_buf; + + if (tmp_stride * sizeof(uint32_t) * height > sizeof(tmp_buf)) { + tmp = g_malloc(tmp_stride * sizeof(uint32_t) * height); + free_buf = 1; + } pixman_blt((uint32_t *)&s->local_mem[src_base], tmp, src_pitch * (1 << format) / sizeof(uint32_t), tmp_stride, 8 * (1 << format), 8 * (1 << format), @@ -825,7 +830,9 @@ static void sm501_2d_operation(SM501State *s) dst_pitch * (1 << format) / sizeof(uint32_t), 8 * (1 << format), 8 * (1 << format), 0, 0, dst_x, dst_y, width, height); - g_free(tmp); + if (free_buf) { + g_free(tmp); + } } else { pixman_blt((uint32_t *)&s->local_mem[src_base], (uint32_t *)&s->local_mem[dst_base], From fa0013a1bc5f6011a1017e0e655740403e5555d9 Mon Sep 17 00:00:00 2001 From: BALATON Zoltan Date: Thu, 21 May 2020 21:39:44 +0200 Subject: [PATCH 21/21] sm501: Remove obsolete changelog and todo comment MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Also update copyright year for latest changes Signed-off-by: BALATON Zoltan Reviewed-by: Philippe Mathieu-Daudé Message-id: 1392cad2ad1315a5a50409970e0af061821462e6.1590089984.git.balaton@eik.bme.hu Signed-off-by: Gerd Hoffmann --- hw/display/sm501.c | 19 +------------------ 1 file changed, 1 insertion(+), 18 deletions(-) diff --git a/hw/display/sm501.c b/hw/display/sm501.c index e7a9f77de7..edd8d24a76 100644 --- a/hw/display/sm501.c +++ b/hw/display/sm501.c @@ -2,7 +2,7 @@ * QEMU SM501 Device * * Copyright (c) 2008 Shin-ichiro KAWASAKI - * Copyright (c) 2016 BALATON Zoltan + * Copyright (c) 2016-2020 BALATON Zoltan * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal @@ -40,23 +40,6 @@ #include "ui/pixel_ops.h" #include "qemu/bswap.h" -/* - * Status: 2010/05/07 - * - Minimum implementation for Linux console : mmio regs and CRT layer. - * - 2D graphics acceleration partially supported : only fill rectangle. - * - * Status: 2016/12/04 - * - Misc fixes: endianness, hardware cursor - * - Panel support - * - * TODO: - * - Touch panel support - * - USB support - * - UART support - * - More 2D graphics engine support - * - Performance tuning - */ - /*#define DEBUG_SM501*/ /*#define DEBUG_BITBLT*/