cachepc-qemu

Fork of AMDESE/qemu with changes for cachepc side-channel attack
git clone https://git.sinitax.com/sinitax/cachepc-qemu
Log | Files | Refs | Submodules | LICENSE | sfeed.txt

ati_2d.c (8551B)

      1/*
      2 * QEMU ATI SVGA emulation
      3 * 2D engine functions
      4 *
      5 * Copyright (c) 2019 BALATON Zoltan
      6 *
      7 * This work is licensed under the GNU GPL license version 2 or later.
      8 */
      9
     10#include "qemu/osdep.h"
     11#include "ati_int.h"
     12#include "ati_regs.h"
     13#include "qemu/log.h"
     14#include "ui/pixel_ops.h"
     15
     16/*
     17 * NOTE:
     18 * This is 2D _acceleration_ and supposed to be fast. Therefore, don't try to
     19 * reinvent the wheel (unlikely to get better with a naive implementation than
     20 * existing libraries) and avoid (poorly) reimplementing gfx primitives.
     21 * That is unnecessary and would become a performance problem. Instead, try to
     22 * map to and reuse existing optimised facilities (e.g. pixman) wherever
     23 * possible.
     24 */
     25
     26static int ati_bpp_from_datatype(ATIVGAState *s)
     27{
     28    switch (s->regs.dp_datatype & 0xf) {
     29    case 2:
     30        return 8;
     31    case 3:
     32    case 4:
     33        return 16;
     34    case 5:
     35        return 24;
     36    case 6:
     37        return 32;
     38    default:
     39        qemu_log_mask(LOG_UNIMP, "Unknown dst datatype %d\n",
     40                      s->regs.dp_datatype & 0xf);
     41        return 0;
     42    }
     43}
     44
     45#define DEFAULT_CNTL (s->regs.dp_gui_master_cntl & GMC_DST_PITCH_OFFSET_CNTL)
     46
     47void ati_2d_blt(ATIVGAState *s)
     48{
     49    /* FIXME it is probably more complex than this and may need to be */
     50    /* rewritten but for now as a start just to get some output: */
     51    DisplaySurface *ds = qemu_console_surface(s->vga.con);
     52    DPRINTF("%p %u ds: %p %d %d rop: %x\n", s->vga.vram_ptr,
     53            s->vga.vbe_start_addr, surface_data(ds), surface_stride(ds),
     54            surface_bits_per_pixel(ds),
     55            (s->regs.dp_mix & GMC_ROP3_MASK) >> 16);
     56    unsigned dst_x = (s->regs.dp_cntl & DST_X_LEFT_TO_RIGHT ?
     57                      s->regs.dst_x : s->regs.dst_x + 1 - s->regs.dst_width);
     58    unsigned dst_y = (s->regs.dp_cntl & DST_Y_TOP_TO_BOTTOM ?
     59                      s->regs.dst_y : s->regs.dst_y + 1 - s->regs.dst_height);
     60    int bpp = ati_bpp_from_datatype(s);
     61    if (!bpp) {
     62        qemu_log_mask(LOG_GUEST_ERROR, "Invalid bpp\n");
     63        return;
     64    }
     65    int dst_stride = DEFAULT_CNTL ? s->regs.dst_pitch : s->regs.default_pitch;
     66    if (!dst_stride) {
     67        qemu_log_mask(LOG_GUEST_ERROR, "Zero dest pitch\n");
     68        return;
     69    }
     70    uint8_t *dst_bits = s->vga.vram_ptr + (DEFAULT_CNTL ?
     71                        s->regs.dst_offset : s->regs.default_offset);
     72
     73    if (s->dev_id == PCI_DEVICE_ID_ATI_RAGE128_PF) {
     74        dst_bits += s->regs.crtc_offset & 0x07ffffff;
     75        dst_stride *= bpp;
     76    }
     77    uint8_t *end = s->vga.vram_ptr + s->vga.vram_size;
     78    if (dst_x > 0x3fff || dst_y > 0x3fff || dst_bits >= end
     79        || dst_bits + dst_x
     80         + (dst_y + s->regs.dst_height) * dst_stride >= end) {
     81        qemu_log_mask(LOG_UNIMP, "blt outside vram not implemented\n");
     82        return;
     83    }
     84    DPRINTF("%d %d %d, %d %d %d, (%d,%d) -> (%d,%d) %dx%d %c %c\n",
     85            s->regs.src_offset, s->regs.dst_offset, s->regs.default_offset,
     86            s->regs.src_pitch, s->regs.dst_pitch, s->regs.default_pitch,
     87            s->regs.src_x, s->regs.src_y, s->regs.dst_x, s->regs.dst_y,
     88            s->regs.dst_width, s->regs.dst_height,
     89            (s->regs.dp_cntl & DST_X_LEFT_TO_RIGHT ? '>' : '<'),
     90            (s->regs.dp_cntl & DST_Y_TOP_TO_BOTTOM ? 'v' : '^'));
     91    switch (s->regs.dp_mix & GMC_ROP3_MASK) {
     92    case ROP3_SRCCOPY:
     93    {
     94        unsigned src_x = (s->regs.dp_cntl & DST_X_LEFT_TO_RIGHT ?
     95                       s->regs.src_x : s->regs.src_x + 1 - s->regs.dst_width);
     96        unsigned src_y = (s->regs.dp_cntl & DST_Y_TOP_TO_BOTTOM ?
     97                       s->regs.src_y : s->regs.src_y + 1 - s->regs.dst_height);
     98        int src_stride = DEFAULT_CNTL ?
     99                         s->regs.src_pitch : s->regs.default_pitch;
    100        if (!src_stride) {
    101            qemu_log_mask(LOG_GUEST_ERROR, "Zero source pitch\n");
    102            return;
    103        }
    104        uint8_t *src_bits = s->vga.vram_ptr + (DEFAULT_CNTL ?
    105                            s->regs.src_offset : s->regs.default_offset);
    106
    107        if (s->dev_id == PCI_DEVICE_ID_ATI_RAGE128_PF) {
    108            src_bits += s->regs.crtc_offset & 0x07ffffff;
    109            src_stride *= bpp;
    110        }
    111        if (src_x > 0x3fff || src_y > 0x3fff || src_bits >= end
    112            || src_bits + src_x
    113             + (src_y + s->regs.dst_height) * src_stride >= end) {
    114            qemu_log_mask(LOG_UNIMP, "blt outside vram not implemented\n");
    115            return;
    116        }
    117
    118        src_stride /= sizeof(uint32_t);
    119        dst_stride /= sizeof(uint32_t);
    120        DPRINTF("pixman_blt(%p, %p, %d, %d, %d, %d, %d, %d, %d, %d, %d, %d)\n",
    121                src_bits, dst_bits, src_stride, dst_stride, bpp, bpp,
    122                src_x, src_y, dst_x, dst_y,
    123                s->regs.dst_width, s->regs.dst_height);
    124        if (s->regs.dp_cntl & DST_X_LEFT_TO_RIGHT &&
    125            s->regs.dp_cntl & DST_Y_TOP_TO_BOTTOM) {
    126            pixman_blt((uint32_t *)src_bits, (uint32_t *)dst_bits,
    127                       src_stride, dst_stride, bpp, bpp,
    128                       src_x, src_y, dst_x, dst_y,
    129                       s->regs.dst_width, s->regs.dst_height);
    130        } else {
    131            /* FIXME: We only really need a temporary if src and dst overlap */
    132            int llb = s->regs.dst_width * (bpp / 8);
    133            int tmp_stride = DIV_ROUND_UP(llb, sizeof(uint32_t));
    134            uint32_t *tmp = g_malloc(tmp_stride * sizeof(uint32_t) *
    135                                     s->regs.dst_height);
    136            pixman_blt((uint32_t *)src_bits, tmp,
    137                       src_stride, tmp_stride, bpp, bpp,
    138                       src_x, src_y, 0, 0,
    139                       s->regs.dst_width, s->regs.dst_height);
    140            pixman_blt(tmp, (uint32_t *)dst_bits,
    141                       tmp_stride, dst_stride, bpp, bpp,
    142                       0, 0, dst_x, dst_y,
    143                       s->regs.dst_width, s->regs.dst_height);
    144            g_free(tmp);
    145        }
    146        if (dst_bits >= s->vga.vram_ptr + s->vga.vbe_start_addr &&
    147            dst_bits < s->vga.vram_ptr + s->vga.vbe_start_addr +
    148            s->vga.vbe_regs[VBE_DISPI_INDEX_YRES] * s->vga.vbe_line_offset) {
    149            memory_region_set_dirty(&s->vga.vram, s->vga.vbe_start_addr +
    150                                    s->regs.dst_offset +
    151                                    dst_y * surface_stride(ds),
    152                                    s->regs.dst_height * surface_stride(ds));
    153        }
    154        s->regs.dst_x = (s->regs.dp_cntl & DST_X_LEFT_TO_RIGHT ?
    155                         dst_x + s->regs.dst_width : dst_x);
    156        s->regs.dst_y = (s->regs.dp_cntl & DST_Y_TOP_TO_BOTTOM ?
    157                         dst_y + s->regs.dst_height : dst_y);
    158        break;
    159    }
    160    case ROP3_PATCOPY:
    161    case ROP3_BLACKNESS:
    162    case ROP3_WHITENESS:
    163    {
    164        uint32_t filler = 0;
    165
    166        switch (s->regs.dp_mix & GMC_ROP3_MASK) {
    167        case ROP3_PATCOPY:
    168            filler = s->regs.dp_brush_frgd_clr;
    169            break;
    170        case ROP3_BLACKNESS:
    171            filler = 0xffUL << 24 | rgb_to_pixel32(s->vga.palette[0],
    172                     s->vga.palette[1], s->vga.palette[2]);
    173            break;
    174        case ROP3_WHITENESS:
    175            filler = 0xffUL << 24 | rgb_to_pixel32(s->vga.palette[3],
    176                     s->vga.palette[4], s->vga.palette[5]);
    177            break;
    178        }
    179
    180        dst_stride /= sizeof(uint32_t);
    181        DPRINTF("pixman_fill(%p, %d, %d, %d, %d, %d, %d, %x)\n",
    182                dst_bits, dst_stride, bpp,
    183                s->regs.dst_x, s->regs.dst_y,
    184                s->regs.dst_width, s->regs.dst_height,
    185                filler);
    186        pixman_fill((uint32_t *)dst_bits, dst_stride, bpp,
    187                    s->regs.dst_x, s->regs.dst_y,
    188                    s->regs.dst_width, s->regs.dst_height,
    189                    filler);
    190        if (dst_bits >= s->vga.vram_ptr + s->vga.vbe_start_addr &&
    191            dst_bits < s->vga.vram_ptr + s->vga.vbe_start_addr +
    192            s->vga.vbe_regs[VBE_DISPI_INDEX_YRES] * s->vga.vbe_line_offset) {
    193            memory_region_set_dirty(&s->vga.vram, s->vga.vbe_start_addr +
    194                                    s->regs.dst_offset +
    195                                    dst_y * surface_stride(ds),
    196                                    s->regs.dst_height * surface_stride(ds));
    197        }
    198        s->regs.dst_y = (s->regs.dp_cntl & DST_Y_TOP_TO_BOTTOM ?
    199                         dst_y + s->regs.dst_height : dst_y);
    200        break;
    201    }
    202    default:
    203        qemu_log_mask(LOG_UNIMP, "Unimplemented ati_2d blt op %x\n",
    204                      (s->regs.dp_mix & GMC_ROP3_MASK) >> 16);
    205    }
    206}