We are involved in lots of areas of the QEMU code base but as I'm sure
most developers will realise we are actively funded to support the Arm
ecosystem for both emulation and virtualisation use-cases. Lets make
that clear in MAINTAINERS to keep parity with the other Supported
architectures.
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <20260123145750.1200879-7-alex.bennee@linaro.org>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Add a qtest suite that validates ARM SMMUv3 translation without guest
firmware or OS. The tests leverage iommu-testdev to trigger DMA
operations and the qos-smmuv3 library to configure IOMMU translation
structures.
This test suite targets the virt machine and covers:
- Stage 1 only translation (VA -> PA via CD page tables)
- Stage 2 only translation (IPA -> PA via STE S2 tables)
- Nested translation (VA -> IPA -> PA, Stage 1 + Stage 2)
- Design to extended to support multiple security spaces
(Non-Secure, Secure, Root, Realm)
Each test case follows this sequence:
1. Initialize SMMUv3 with appropriate command/event queues
2. Build translation tables (STE/CD/PTE) for the target scenario
3. Configure iommu-testdev with IOVA and DMA attributes via MMIO
4. Trigger DMA and validate successful translation
5. Verify data integrity through a deterministic write-read pattern
This bare-metal approach provides deterministic IOMMU testing with
minimal dependencies, making failures directly attributable to the SMMU
translation path.
Signed-off-by: Tao Tang <tangtao1634@phytium.com.cn>
Tested-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Message-ID: <20260119161112.3841386-9-tangtao1634@phytium.com.cn>
[PMD: Cover tests/qtest/iommu-smmuv3-test.c in MAINTAINERS]
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Introduce qos-smmuv3, a reusable library for SMMUv3-related qtest
operations. This module encapsulates common tasks like:
- SMMUv3 initialization (enabling, configuring command/event queues)
- Stream Table Entry (STE) and Context Descriptor (CD) setup
- Multi-level page table construction (L0-L3 for 4KB granules)
- Support for Stage 1, Stage 2, and nested translation modes
- Could be easily extended to support multi-space testing infrastructure
(Non-Secure, Secure, Root, Realm)
The library provides high-level abstractions that allow test code to
focus on IOMMU behavior validation rather than low-level register
manipulation and page table encoding. Key features include:
- Provide memory allocation for translation structures with proper
alignment
- Helper functions to build valid STEs/CDs for different translation
scenarios
- Page table walkers that handle address offset calculations per
security space
This infrastructure is designed to be used by iommu-testdev-based tests
and future SMMUv3 test suites, reducing code duplication and improving
test maintainability.
Signed-off-by: Tao Tang <tangtao1634@phytium.com.cn>
Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Reviewed-by: Fabiano Rosas <farosas@suse.de>
Message-ID: <20260119161112.3841386-8-tangtao1634@phytium.com.cn>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Introduce a libqos helper module for the iommu-testdev
device used by qtests. This module provides some common functions to
all IOMMU test cases using iommu-testdev.
Wire the new sources into tests/qtest/libqos/meson.build so
they are built as part of the qtest support library.
Signed-off-by: Tao Tang <tangtao1634@phytium.com.cn>
Message-ID: <20260119161112.3841386-7-tangtao1634@phytium.com.cn>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Add a minimal PCI test device designed to exercise IOMMU translation
(such as ARM SMMUv3) without requiring guest firmware or OS. The device
provides MMIO registers to configure and trigger DMA operations with
controllable attributes (security state, address space), enabling
deterministic IOMMU testing.
Key features:
- Bare-metal IOMMU testing via simple MMIO interface
- Configurable DMA attributes for security states and address spaces
- Write-then-read verification pattern with automatic result checking
The device performs a deterministic DMA test pattern: write a known
value (0x12345678) to a configured GVA, read it back, and verify data
integrity. Results are reported through a dedicated result register,
eliminating the need for complex interrupt handling or driver
infrastructure in tests.
This is purely a test device and not intended for production use or
machine realism. It complements existing test infrastructure like
pci-testdev but focuses specifically on IOMMU translation path
validation.
Signed-off-by: Tao Tang <tangtao1634@phytium.com.cn>
Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Reviewed-by: Clément Mathieu--Drif <clement.mathieu--drif@eviden.com>
Reviewed-by: Fabiano Rosas <farosas@suse.de>
Message-ID: <20260119161112.3841386-4-tangtao1634@phytium.com.cn>
[PMD: Add SPDX-License-Identifier: GPL-2.0-or-later tag]
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
We've got a section for generic x86 architecture support in our
MAINTAINERS file - this should cover the docs/system/i386/ folder, too.
Signed-off-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Reviewed-by: Zhao Liu <zhao1.liu@intel.com>
Reviewed-by: Michael Tokarev <mjt@tls.msk.ru>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
This requires renaming several directories:
tcg/riscv, linux-user/include/host/riscv, and
common-user/host/riscv.
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
This requires renaming several directories:
tcg/mips, linux-user/include/host/mips, and
common-user/host/mips.
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Remove tcg/arm.
Remove instances of __arm__, except from tests and imported headers.
Remove arm from supported_cpus.
Remove linux-user/include/host/arm.
Remove common-user/host/arm.
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
When vIOMMU is configured x-flts=on in scalable mode, first stage page table
is passed to host to construct nested page table for passthrough devices.
We need to check compatibility of some critical IOMMU capabilities between
vIOMMU and host IOMMU to ensure guest first stage page table could be used by
host.
For instance, vIOMMU supports first stage 1GB large page mapping, but host does
not, then this IOMMUFD backed device should fail.
Even of the checks pass, for now we willingly reject the association because
all the bits are not there yet, it will be relaxed in the end of this series.
Note vIOMMU has exposed VIOMMU_FLAG_WANT_NESTING_PARENT flag to force
VFIO core to create nesting parent HWPT, if host doesn't support nested
translation, the creation will fail. So no need to check nested
capability here.
Signed-off-by: Zhenzhong Duan <zhenzhong.duan@intel.com>
Reviewed-by: Eric Auger <eric.auger@redhat.com>
Reviewed-by: Yi Liu <yi.l.liu@intel.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Link: https://lore.kernel.org/qemu-devel/20260106061304.314546-10-zhenzhong.duan@intel.com
[ clg: - hw/i386/intel_iommu_accel.[hc]: Changed Copyright date 2025 -> 2026
- in commit log :
IOMMU_HWPT_ALLOC_NEST_PARENT -> VIOMMU_FLAG_WANT_NESTING_PARENT ]
Signed-off-by: Cédric Le Goater <clg@redhat.com>
Introduce a new PCIIOMMUOps optional callback, get_viommu_flags() which
allows to retrieve flags exposed by a vIOMMU. The first planned vIOMMU
device flag is VIOMMU_FLAG_WANT_NESTING_PARENT that advertises the
support of HW nested stage translation scheme and wants other sub-system
like VFIO's cooperation to create nesting parent HWPT.
pci_device_get_viommu_flags() is a wrapper that can be called on a PCI
device potentially protected by a vIOMMU.
get_viommu_flags() is designed to return 64bit bitmap of purely vIOMMU
flags which are only determined by user's configuration, no host
capabilities involved. Reasons are:
1. host may has heterogeneous IOMMUs, each with different capabilities
2. this is migration friendly, return value is consistent between source
and target.
Note that this op will be invoked at the attach_device() stage, at which
point host IOMMU capabilities are not yet forwarded to the vIOMMU through
the set_iommu_device() callback that will be after the attach_device().
See below sequence:
vfio_device_attach():
iommufd_cdev_attach():
pci_device_get_viommu_flags() for HW nesting cap
create a nesting parent HWPT
attach device to the HWPT
vfio_device_hiod_create_and_realize() creating hiod
...
pci_device_set_iommu_device(hiod)
Suggested-by: Yi Liu <yi.l.liu@intel.com>
Signed-off-by: Zhenzhong Duan <zhenzhong.duan@intel.com>
Reviewed-by: Nicolin Chen <nicolinc@nvidia.com>
Reviewed-by: Eric Auger <eric.auger@redhat.com>
Reviewed-by: Yi Liu <yi.l.liu@intel.com>
Reviewed-by: Cédric Le Goater <clg@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Link: https://lore.kernel.org/qemu-devel/20260106061304.314546-6-zhenzhong.duan@intel.com
[ clg: include/hw/core/iommu.h: Changed Copyright date 2025 -> 2026 ]
Signed-off-by: Cédric Le Goater <clg@redhat.com>
Various patches related to single binary effort:
- Endianness cleanups in memory core subsystem and for various targets
- Few cleanups around target_ulong type
- Build various compilation units as common
# -----BEGIN PGP SIGNATURE-----
#
# iQIzBAABCAAdFiEE+qvnXhKRciHc/Wuy4+MsLN6twN4FAmlleisACgkQ4+MsLN6t
# wN40yw/+NYK6Q+v8YHclH0g6YkPsXYsCVOLWhYaUQ9Smc3Vk8js02LRMxomGiyjc
# lRhatftrH4dCuiWavyhlK/z+tu3b2WOgjjcIocg7ztZEwzyvDPEKidBNM4Wrv27d
# 6WNdtCn1rOOYQBcCs/MEHnrxIl3qfl5Kqt4hzejcK4E1DFa1m5ashAEVJwMlqYWp
# qkBT3fw0jfHojM+eTAbvKI1fi27GVMXbQXSM3V3vG3njxmx4JQT0p9QjyDYWZwgh
# xAJvy5neoNv3T7TBELCfqSWzGA5WHrW/eAkuRuO0JVa69IOn/mh2aGKboJMT7KQF
# ufyxceHMj8TLJr6c9BrvaWX7+p7xyvbX3ud+qXOV9P2FBVm+hf2lHnw0pJJ6A51g
# qv3u8zUVwhmx6oF95ibQtaWKdLNhGCKtVKJu59Xxj/7Bp00BS1Jnj6E/g34To8Vm
# 18g3cPJ+CEhdTFSkcHusiVI4GdHb8JEGUd5kyWza3gEgYb/J1Ps/a807n6C6NQcq
# MRkt2zNKS+sJeZzvl+BGH8WewMVGWm1f8IoP28ZvgyxFVutkgFcj+UQZp3J7mkpV
# ja0B7+1NMK9oMeq/+YM4gUgEF0ydThlqa+qTzxVYu8qpzWT9+cqqWeQHAteE3g/v
# rqqu/sBUSbh5xi+82zRbgwd7Hj31ST5XkepQN0vUTT4P3zCijy8=
# =P+9/
# -----END PGP SIGNATURE-----
# gpg: Signature made Tue 13 Jan 2026 09:48:11 AM AEDT
# gpg: using RSA key FAABE75E12917221DCFD6BB2E3E32C2CDEADC0DE
# gpg: Good signature from "Philippe Mathieu-Daudé (F4BUG) <f4bug@amsat.org>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: FAAB E75E 1291 7221 DCFD 6BB2 E3E3 2C2C DEAD C0DE
* tag 'single-binary-20260112' of https://github.com/philmd/qemu: (61 commits)
target/arm/gdbstub: make compilation unit common
target/arm/gdbstub: extract aarch64_cpu_register_gdb_regs_for_features
gdbstub/helpers.h: allow header to be called from common code
accel/tcg: Un-inline WatchPoint API user-emulation stubs
target/tricore: Build system units in common source set
target/tricore: Inline translator_lduw()
target/tricore: Use little-endian variant of cpu_ld/st_data*()
target/sparc: Inline cpu_ldl_code() call in cpu_do_interrupt()
target/sparc: Inline translator_ldl()
target/sparc: Use explicit big-endian LD/ST API
hw/sparc: Use explicit big-endian LD/ST API
hw/sparc: Mark SPARC-specific peripherals as big-endian
target/sh4: drop cpu_reset from realizefn
target/sh4: Build system units in common source set
target/rx: Build system units in common source set
target/rx: Inline translator_lduw() and translator_ldl()
target/rx: Use explicit little-endian LD/ST API
target/rx: Use little-endian variant of cpu_ld/st_data*()
target/openrisc: Build system units in common source set
target/openrisc: Avoid target-specific migration headers in machine.c
...
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
We have 115 direct inclusions of "system/memory.h", and 91 headers
in include/ use it: hundreds of files have to process it.
However only one single header really uses the MemoryRegionCache
API: "hw/virtio/virtio-access.h". Split it out to a new header,
avoiding processing unused inlined functions hundreds of times.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-ID: <20260109165058.59144-6-philmd@linaro.org>
To avoid that new pylint-related warnings get committed, let's check
the files with pylint during each run (similar to what we are doing
for the iotests already).
Message-Id: <20251119082636.43286-16-thuth@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
Add a pylintrc file that can be used for checking the python code of
the functional tests. For the beginning, we use some rather lax settings.
We still can refine them later if we think that there's a need for it.
Message-Id: <20251119082636.43286-2-thuth@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
Of the 29 meson.build wihin tests/functional, only 8 are covered. Add
the architecture-independent ones to "Functional testing framework",
and the remainder to "$arcg general architecture support" when
available, else to "$arch TCG CPUs".
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-ID: <20251220173336.3781377-3-armbru@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
The pattern tests/functional/acpi-bits/* covers files in
acpi-bits/ (there are none), but not the files in its
subdirectories (there are five). Drop the *.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-ID: <20251220173336.3781377-2-armbru@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Make sure that configs/targets/s390x-softmmu.mak is covered by
MAINTAINERS - the "S390 general architecture support" section seems
to be a good place for this.
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Thomas Huth <thuth@redhat.com>
Message-ID: <20251218194714.174897-1-thuth@redhat.com>
* cleanup include/hw headers
* cleanup memory headers
* rust: preludes
* rust: support for dtrace
* rust/hpet: first part of reorganization
* meson: small cleanups
* target/i386: Diamond Rapids CPU model including CET, APX, AVX10.2
# -----BEGIN PGP SIGNATURE-----
#
# iQFIBAABCgAyFiEE8TM4V0tmI4mGbHaCv/vSX3jHroMFAmlPov8UHHBib256aW5p
# QHJlZGhhdC5jb20ACgkQv/vSX3jHroPN1wf9HCceQ1273g7HbNeamay2bSaqypyM
# sEUBk4ipwO0dp7AYaaX5MeJ8NxeYcK82oFgm35WLY1tMOv0BZG5ez02dLoh5C4fb
# Bmy3kV1aY9cxF0IwTyD4dIADlZoaMnGgMElUKFY2/EixjxOUMLe90b1MO2KczqFa
# jvC4gmjx5PC1r+BHycSEdKm2Rbunueb/5eSkKeyTX7rjxQ/Eij0uGjrWrZkMWtgs
# ERJ2xo+D6a38w/uJ88KuqUV1BqYxNNwKmvOwVBU2xFB9o9bm20TNOJZ3+D+Ki8Aj
# idv+rU0XY1bWseo4USuozsqxfkjLJ5lj2YYUkSVO/I1wJmuO7Bq6xzrCxg==
# =/nIt
# -----END PGP SIGNATURE-----
# gpg: Signature made Sat 27 Dec 2025 08:12:31 PM AEDT
# gpg: using RSA key F13338574B662389866C7682BFFBD25F78C7AE83
# gpg: issuer "pbonzini@redhat.com"
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" [unknown]
# gpg: aka "Paolo Bonzini <pbonzini@redhat.com>" [unknown]
# gpg: WARNING: The key's User ID is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1
# Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83
* tag 'for-upstream' of https://gitlab.com/bonzini/qemu: (152 commits)
block: rename block/aio-wait.h to qemu/aio-wait.h
block: rename block/aio.h to qemu/aio.h
block: reduce files included by block/aio.h
block: extract include/qemu/aiocb.h out of include/block/aio.h
hw: add missing includes hidden by block/aio.h
qmp: Fix thread race
thread-pool: Fix thread race
dosc/cpu-models-x86: Add documentation for DiamondRapids
i386/cpu: Add CPU model for Diamond Rapids
i386/cpu: Define dependency for VMX_VM_ENTRY_LOAD_IA32_FRED
i386/cpu: Add an option in X86CPUDefinition to control CPUID 0x1f
i386/cpu: Allow cache to be shared at thread level
i386/cpu: Allow unsupported avx10_version with x-force-features
i386/cpu: Add a helper to get host avx10 version
i386/cpu: Support AVX10.2 with AVX10 feature models
i386/cpu: Add support for AVX10_VNNI_INT in CPUID enumeration
i386/cpu: Add CPUID.0x1E.0x1 subleaf for AMX instructions
i386/cpu: Add support for MOVRS in CPUID enumeration
run: introduce a script for running devel commands
gitlab-ci: enable rust for msys2-64bit
...
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
AIO_WAIT_WHILE is used even outside the block layer; move the header file
out of block/ just like the implementation is in util/.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
AioContexts are used as a generic event loop even outside the block
layer; move the header file out of block/ just like the implementation
is in util/.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Various aspects of the development workflow are complicated by the need
to set env variables ahead of time, or use specific paths. Meson
provides a 'devenv' command that can be used to launch a command with a
number of appropriate project specific environment variables preset.
By default it will modify $PATH to point to any build directory that
contains a binary built by the project.
This further augments that to replicate the venv 'activate' script:
* Add $BUILD_DIR/pyvenv/bin to $PATH
* Set VIRTUAL_ENV to $BUILD_DIR/pyvenv
And then makes functional tests more easily executable
* Add $SRC_DIR/tests/functional and $SRC_DIR/python to $PYTHONPATH
To see the benefits of this consider this command:
$ source ./build/pyvenv/bin/activate
$ ./scripts/qmp/qmp-shell-wrap ./build/qemu-system-x86_64
which is now simplified to
$ ./build/run ./scripts/qmp/qmp-shell-wrap qemu-system-x86_64 [args..]
This avoids the need repeat './build' several times and avoids polluting
the current terminal's environment and/or avoids errors from forgetting
to source the venv settings.
As another example running functional tests
$ export PYTHONPATH=./python:./tests/functional
$ export QEMU_TEST_QEMU_BINARY=./build/qemu-system-x86_64
$ build/pyvenv/bin/python3 ./tests/functional/x86_64/test_virtio_version.py
which is now simplified to
$ export QEMU_TEST_QEMU_BINARY=qemu-system-x86_64
$ ./build/run ./tests/functional/x86_64/test_virtio_version.py
This usefulness of this will be further enhanced with the pending
removal of the QEMU python APIs from git, as that will require the use
of the python venv in even more scenarios that today.
The 'run' script does not let 'meson devenv' directly launch the command
to be run because it always requires $BUILD_DIR as the current working
directory. It is desired that 'run' script always honour the current
working directory of the terminal that invokes is. Thus the '--dump'
flag is used to export the devenv variables into the 'run' script's
shell.
This takes the liberty to assign 'run.in' to the "Build system" section
in the MAINTAINERS file, given that it leverages meson's 'devenv'
feature.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Link: https://lore.kernel.org/r/20251222113859.182395-1-berrange@redhat.com
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Move RAMBlock functions out of ram_addr.h and cpu-common.h;
move memory API headers out of include/exec and into include/system.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
