On Tue, 7 Jun 2022 16:30:23 +0200 Gerd Hoffmann <kraxel@xxxxxxxxxx> wrote: > > Why are pointer cursors misplaced on paravirtualized drivers? > > > > It is because the paravirtualized drivers or VM viewers do *not* place > > the cursor plane at the CRTC_X, CRTC_Y position in the guest CRTC area. > > This is obvious: if CRTC_X, CRTC_Y were honoured, there would be no > > misplacement. > > > > Instead, the VM stack plays clever tricks with cursor planes. I have > > understood only one of those tricks, and it goes something like this. > > To improve hand-eye coordination, that is to reduce the hand-to-eye > > response time a.k.a latency, the VM guest KMS driver relays the cursor > > plane separately to the VM viewer application. > > Yes, the cursor is sent separately. > > > The VM viewer application presents the cursor plane content by pushing > > them to the host window system as the pointer cursor. > > Yes (i.e. gdk_window_set_cursor() on the host). > > > This means the host window system will be autonomously moving the > > cursor plane image around, completely disregarding what the guest KMS > > client programmed into CRTC_X, CRTC_Y. > > Yes. > > That is combined with a virtual input device sending absolute > coordinates (i.e. tablet), so mouse clicks land at the correct place. > And that is the point where having the hotspot information is essential > on the host side. Hi Gerd, thanks for confirming. > > Given this UAPI contract, it is very easy for userspace to make the > > conclusion that a cursor plane is just another plane it can use for > > whatever it wants. Weston and wlroots indeed leverage this, putting > > also normal windows and other stuff to the cursor plane when they > > happen to fit. > > virtual machine display devices typically offer small (64x64) cursor > planes, so unlike the 512x512 planes I've seen offered by i915 they are > hardly usable for anything but cursors. Likewise additional overlay > planes typically not offered, so the classic primary+cursor setup is > pretty much the only reasonable option userspace has. weston-simple-shm is 256x256, and has been demonstrated to go flying in e.g. vmware environments: https://oftc.irclog.whitequark.org/dri-devel/2022-06-06#30987017; If KMS exposes planes, then userspace will try hard to make use of them as much as possible. It's not unimaginable that there could also be some small icon generated by the window system overlaying an application window. That might fit a tiny cursor plane perfectly. > > I believe the solution has two parts: > > > > - The guest KMS driver needs to know whether the guest userspace is > > prepared for the cursor plane being commandeered. If userspace does > > not indicate it is prepared for it, commandeering must not happen. > > Yes. That isn't much of a problem in practice though due to the limited > driver/device offerings outlined above. > > > - Cursor hotspot needs new KMS properties, and a KMS client must set > > them if the KMS client indicates it is prepared for cursor plane > > commandeering. > > Yes, and that is what hurts in practice and thus caused the blacklists > being created. > > > There are further problems with cursor plane commandeering. The 2020 > > email thread Simon linked to discusses the problem of pointer devices: > > if VM guest userspace takes pointer input from multiple sources, how > > will the VM stack know which virtual input device, if any, should drive > > the cursor plane position? > > Typically there is a communication path from guest to host for pointer > movements (i.e. crtc_x + crtc_y updates), so the host knows where the > guest wants the cursor plane being placed. So in case the pointer is > moved by other means (different input device, some application warping > the pointer, ...) the host can adapt. Would it not be better to be explicit about it? To avoid fragile heuristics. > Nevertheless behavior is not consistent here because in some cases the > feedback loop is not wired up end-to-end. The spice protocol has a > message type for that, so pointer warps work. The vnc protocol has not, > so they don't. > > > To me the answer to this question seems it could be intimately tied to > > the first problem: commandeering the cursor plane is allowed only if > > guest userspace tells the guest KMS driver which input device the > > cursor plane shall be related to. If no input device is indicated, > > then commandeering must not happen. > > Why require an input device? I just don't see how that would help. > > For allowing the host freely move around the cursor place > ("commandeering") I do see the point in enforcing that from a design > point of view, although I doubt it'll buy us much in practice given we > have broken drivers in the wild so userspace will continue to work with > blacklists. > > Having some capability to negotiate "commandeering" between kernel and > userspace certainly makes sense, so we can get of the black lists > long-term (although it'll probably takes a few years ...). Yes, there is no quick solution that I can imagine. Propagating the fixes takes time. I don't think the deny-lists will ever be completely removed, because people may run old or LTS kernels which won't be getting new UAPI I presume. The only thing I can imagine happening is that the deny-lists get overridden if the userspace software detects kernel support for the new negotiation UAPI. Then the negotiation UAPI takes precedence and the deny-list becomes ineffective. > > I can understand if people do not want to tackle this question, > > because it probably has not been a problem yet. > > On a standard guest this isn't a problem indeed because there is only > one input device and only one crtc. > > It actually is a problem for multihead configurations though. Having > some way to map input devices to scanouts would actually be helpful. > Years ago I checked how this works for touchscreens to see whenever it > is possible to leverage that for VMs somehow. There wasn't some obvious > way, and I forgot the details meanwhile ... Ah, that's the other way around, right? To tell guest OS which output an absolute input device is relative to? For bare hardware touchscreens we have some vague convention of using udev device properties to tag an input device with an output name. The first attempt at it was libinput_device_get_output_name(): https://wayland.freedesktop.org/libinput/doc/latest/api/group__device.html#gab86a05e7a220d6ccd0d45a79d85339dd But using it is discouraged because of being too vaguely defined what the value is. Weston uses the discouraged API still, and I'm not aware of any better standard having been developed. Having a standard for naming outputs is hard it seems, and there is also the connector vs. monitor dilemma. I guess absolute input devices would usually want to be associated with the (real or virtual) monitor regardless of which (real or virtual) connector it is connected to. Thanks, pq
Attachment:
pgpctgyimse_I.pgp
Description: OpenPGP digital signature