qga_libs are libraries for guest agent linking. Guest Agent
is a pure C-language application and doesn't need any C++ libs.
VSS linking dependencies are placed in a separate file.
snwprintf is a Microsoft extension, and according to the MSVC spec,
it is called _snwprintf. MinGW defines both snwprintf and _snwprintf,
while MSVC defines only _snwprintf.
We can also use swprintf here. The only difference between
the two is the return value, and we are not using it. So change
the function to support MSVC build env.
Damien Zammit [Sun, 8 Feb 2026 05:59:45 +0000 (05:59 +0000)]
Make copy_file_range non-static on GNU/Hurd
glibc has a stubs mechanism: a function can be declared in the
system headers, but only implemented as a stub that always fails with
ENOSYS, for example. Therefore when implementing this function
we cannot use static.
Damien Zammit [Sun, 8 Feb 2026 05:59:32 +0000 (05:59 +0000)]
tpm: Add conditional to not compile ioctls on GNU/Hurd
The Hurd currently doesn't have any TPM driver, compilation fails
for missing _IOT__IOTBASE_* symbols unless these are left undefined.
Signed-off-by: Damien Zammit <damien@zamaudio.com> Signed-off-by: Manolo de Medici <manolo.demedici@gmail.com> Reviewed-by: Stefan Berger <stefanb@linux.ibm.com> Link: https://lore.kernel.org/r/20260208055858.2166524-4-damien@zamaudio.com Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Include new arbitrary limits if not already defined
Although GNU/Hurd supports unlimited path lengths
only bounded by available memory, for now we can use
an arbitrary limit on PATH_MAX that matches what POSIX requires.
We don't have bandwidth to fix this properly right now.
Paolo Bonzini [Thu, 28 May 2026 15:02:52 +0000 (17:02 +0200)]
target/i386: apply mod to immediate count of an RCL/RCR operation
RCR and RCL instructions with a count of 9 are the same as if the
count was 0, but they generated incorrect code because the can_be_zero
flag is false. This causes 0 to underflow into -1 at
tcg_gen_subi_tl(count, count, 1).
Fix by absorbing the modulo computation into gen_shift_count(), now
renamed gen_shift_count_1(), so that it can handle both reductions.
Resolves: https://gitlab.com/qemu-project/qemu/-/work_items/3452 Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Luigi Leonardi [Tue, 9 Jun 2026 12:29:04 +0000 (14:29 +0200)]
igvm: fix handling of optional variable header types
The IGVM spec defines bit 31 of the variable header type as an
optional flag: if set, a loader that does not recognize the header
type may safely skip it. If clear, the loader must reject the file.
Currently, the optional bit is not stripped before comparing header
types, so headers with the bit set fail to match any known type
and are rejected.
Mask bit 31 before comparing header types throughout the IGVM
loader, and skip with a warning any unrecognized header that has
the optional bit set.
Fixes: c1d466d267cf ("backends/igvm: Add IGVM loader and configuration") Signed-off-by: Luigi Leonardi <leonardi@redhat.com>
Message-ID: <20260609-igvm_optional-v2-2-b1f1f08dc40e@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Luigi Leonardi [Tue, 9 Jun 2026 12:29:03 +0000 (14:29 +0200)]
igvm: replace raw uint32_t with igvm library types
Use IgvmVariableHeaderType and IgvmHeaderSection in QIGVMHandler and
qigvm_handler() instead of plain uint32_t, so that each field's purpose
is clear from its type.
Reviewed-by: Stefano Garzarella <sgarzare@redhat.com> Reviewed-by: Ani Sinha <anisinha@redhat.com> Signed-off-by: Luigi Leonardi <leonardi@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@oss.qualcomm.com>
Message-ID: <20260609-igvm_optional-v2-1-b1f1f08dc40e@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Gerd Hoffmann [Tue, 26 May 2026 13:59:48 +0000 (15:59 +0200)]
hw/uefi: fix parse_hexstr
Make sure we actually have two input characters available before going
to parse two hex digits. Fixes one byte buffer overflow of the output
buffer in case the input string has an odd number of characters.
Pierrick Bouvier [Mon, 15 Jun 2026 19:35:25 +0000 (12:35 -0700)]
plugins/cpp: register callbacks using captureless lambda
We can now demonstrate what previous changes allow us to do. Since all
callbacks have a userdata pointer, we can use that mechanism to move an
object through all of them.
In other words, we can now have stateful plugins without resorting to
any global variable.
As an example, we implement tb counting plugin with our cpp plugin. It
produces an output similar to hotblocks, with same performance.
Pierrick Bouvier [Mon, 15 Jun 2026 19:35:23 +0000 (12:35 -0700)]
scripts/checkpatch: ignore spaces required around some operators in C++
C++ has a different style when it comes to space around references,
dereferences, so don't report it.
Also, closing templates with >> gets wrongly confused with >> operator,
so just relax this check.
Some examples:
ERROR: spaces required around that '&' (ctx:WxV)
+ auto &[counter, p] = *static_cast<TbData*>(udata);
^
ERROR: spaces required around that '*' (ctx:VxO)
+ auto &[counter, p] = *static_cast<TbData*>(udata);
^
ERROR: spaces required around that '>>' (ctx:VxW)
+ std::vector<std::pair<Vaddr, uint64_t>> v; ^
Pierrick Bouvier [Mon, 15 Jun 2026 19:35:05 +0000 (12:35 -0700)]
plugins: remove qemu_plugin_id_t from qemu_plugin_vcpu_simple_cb_t
Not used in all our plugins.
Future commits will remove qemu_plugin_vcpu_simple_cb_t completely, and
replace it with qemu_plugin_vcpu_udata_cb_t, so id information can be
passed using userdata if needed.
target/arm: Implement floating-point log and convert to integer (zeroing)
This is FLOGB, FCVTZS, FCVTZU.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20260604234852.573178-19-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
target/arm: Implement SVE floating-point convert (top, predicated, zeroing)
This includes FCVTXNT, BFCVTNT, FCVTNT, FCVTLT.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20260604234852.573178-18-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
target/arm: Enable zeroing in DO_FCVT{N, L}T macros in sve_helper.c
Use the low bit of simd_data to hold a 'zeroing' bit.
The simd_data field is currently unused and always 0.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20260604234852.573178-17-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20260604234852.573178-16-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20260604234852.573178-15-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20260604234852.573178-14-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20260604234852.573178-13-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
target/arm: Implement Floating-point round to integral value (predicated, zeroing)
This is the various FRINT rounding modes.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20260604234852.573178-12-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20260604234852.573178-11-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20260604234852.573178-10-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
target/arm: Implement SVE reverse doublewords (zeroing)
Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20260604234852.573178-9-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
target/arm: Implement SVE reverse within elements (zeroing)
This includes REVB, REVH, REVW, RBIT.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20260604234852.573178-8-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
target/arm: Implement SVE bitwise unary operations (predicated, zeroing)
This includes CLS, CLZ, CNT, CNOT, NOT, FABS, FNEG.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20260604234852.573178-7-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
target/arm: Implement SVE integer unary operations (predicated, zeroing)
This includes ABS, NEG, SXT{B,H,W}.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20260604234852.573178-6-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Prepare for adding zeroing instructions for some of these.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20260604234852.573178-5-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
target/arm: Enable zeroing in DO_ZPZ macros in sve_helper.c
Use the low bit of simd_data to hold a 'zeroing' bit.
The simd_data field is currently unused and always 0.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20260604234852.573178-4-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Add an "_m" suffix to indicate merging, in preparation for
adding new predicated zeroing instructions.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20260604234852.573178-3-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
target/arm: Add feature predicates for SVE2.2 and SME2.2
Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20260604234852.573178-2-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Stefan Hajnoczi [Tue, 16 Jun 2026 14:41:47 +0000 (10:41 -0400)]
Merge tag 'pull-riscv-to-apply-20260616' of https://github.com/alistair23/qemu into staging
RISC-V PR for 11.1
* Disable svpbmt if satp_mode is less then sv39
* Fix PMP address alignment
* Mstatus write bug fixes
* Add 'cbo' insns to disassembler
* Do not hide Sstc CSRs from gdbstub
* Reject Svinval instructions in U-mode
* Save opcode before zicbo helpers
* Fault with reserved PTE.PBMT val
* Allow LOAD_ADDR_MIS promotion to AMO fault
* Make riscv cpu.h target independent
* Add PMA access fault
* Disable svnapot if satp_mode is less then sv39
* Fix disassembler inst_length calculation
* Add RISC-V big-endian target support
* Add the implied rules for G and B extensions
* Print privilege level and ELP in riscv_cpu_dump_state
* Improve alignment in riscv_cpu_dump_state
* Mask vxrm csrw write to the low 2 bits
* Reorder Smrnmi CPU fields above CPU reset line
* Supplement cpu topology arguments
* Don't insert DDT cache in Bare mode
* Fix 'iommu-map' FDT entry
* Fix mstatus.FS dirty tracking for FP exception-raising instructions
* Enable `mnret` disassembly
* Add support for K230 board
* FDT creation helpers
# -----BEGIN PGP SIGNATURE-----
#
# iQIzBAABCgAdFiEEaukCtqfKh31tZZKWr3yVEwxTgBMFAmoxH8EACgkQr3yVEwxT
# gBOA0A/9EoqSh73fuWzBwOANN7sXBDRJwOzCetvoTqyXzbUtQJGPbslldLDoYA0K
# GfqdmFNqi6pp01pBm/eWUu2vxid1d1IID+4g7LQ1TIyexbc58Qm7Hb1r+F1RSLj4
# NcZc+RGvJ+3D/hXUfj1dnT+yxUDsVAuf1NPONR9E9CD4q8gkvtA79Lwj3o/2Ks18
# 02ZPi8+vc5XmSjtwGVFdcxu4je89vvhzl4P+zwZMKOOU04bpsCG5chSRfSiGUnuz
# jae/5YDOk4v6T61Yt3kDFc9CkuenhiDSHMiQy/PD/ufvBOlA3EzyIago3SO0DP9d
# ZW+aVHOJ7SgcUPFbj6kkLo/FhXraXmKVo4vDhASoKHydoL1s6ZAR7TCAwLXa39Rq
# z15OGtRzdQX48AkeUjeN+Mz6lxHusm4MmsBhMAnPxzhiGRjOH024SR2C9iSeuB4h
# mMmYi25z48NLK5oilEhPAy37xUYUuRa+HoO07puQdLLReiuMyIWAwubhwMsog3MR
# IULX57BlxrxqVSt3z7sLGAwBEz353ARYNSiDYR+2XXt8Qjy6kY7ONrSfeJMhjbH7
# wrYQ0+30Af+b7Lpm8kpapeEsn1KWYIJU//ji5tbgAmd0sSLCiAqZX6GwzFKoGUKO
# u9Gc+A7vISxD5bBw33Z0Pp/zL1QUBom/pdZUHhaAGtKIuwLSA8s=
# =iXpr
# -----END PGP SIGNATURE-----
# gpg: Signature made Tue 16 Jun 2026 06:04:49 EDT
# gpg: using RSA key 6AE902B6A7CA877D6D659296AF7C95130C538013
# gpg: Good signature from "Alistair Francis <alistair@alistair23.me>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 6AE9 02B6 A7CA 877D 6D65 9296 AF7C 9513 0C53 8013
* tag 'pull-riscv-to-apply-20260616' of https://github.com/alistair23/qemu: (83 commits)
hw/riscv: add create_fdt_socket_cpu_sifive()
hw/riscv/fdt_common.c: create create_fdt_socket_cpu_internal()
hw/riscv/spike.c: use create_fdt_socket_cpus()
hw/riscv: add create_fdt_socket_cpus()
hw/riscv: add fdt_create_cpu_socket_subnode() helper
hw/riscv/sifive_u.c: add cpu-map, cluster and core DTs
hw/riscv: add create_fdt_clint() helper
hw/riscv/spike.c: add intc_phandles array
hw/riscv/sifive_u.c: add intc_phandles array
hw/riscv: add create_fdt_socket_memory() helper
hw/riscv/numa: make numa_enabled() public
hw/riscv: add fdt-common helper
hw/riscv/sifive_u.c: add a FDT phandle to cpu-intc
docs/system/riscv: add documentation for k230 machine
tests/qtest: add test for K230 watchdog
hw/watchdog: add k230 watchdog initial support
hw/riscv: add k230 board initial support
target/riscv: add thead-c908 cpu support
disas/riscv: enable `mnret` disassembly
target/riscv: rvv: Set mstatus.FS dirty when vector FP raises exceptions
...
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
John Snow [Thu, 11 Jun 2026 04:23:32 +0000 (00:23 -0400)]
qapi: add doc comment "Intro" section parsing
Add parsing for explicit Intro section syntax.
A side effect of this patch is that we will (currently) always create
an empty Intro section, similar to how we used to have an empty Plain
section. The tests are adjusted accordingly, rendered document output
does not change at all.
Signed-off-by: John Snow <jsnow@redhat.com>
Message-ID: <20260611042332.482979-14-jsnow@redhat.com> Reviewed-by: Markus Armbruster <armbru@redhat.com>
[Commit message tweaked] Signed-off-by: Markus Armbruster <armbru@redhat.com>
John Snow [Thu, 11 Jun 2026 04:23:31 +0000 (00:23 -0400)]
qapi/qapidoc: add rendering for INTRO sections
Amend the qapidoc generator to handle and render INTRO sections.
The only real difference here from other sections is that we need to
dedent the text so it renders correctly. Members and Features are also
indented, but do not require a dedent() because they are always used
in tandem with an rST construct that forms the start of a new indented
block; there is coincidental harmony.
Plaintext sections, however, do not start their own block and thus
need to be dedented to prevent accidentally rendering them as a
blockquote or a syntax error.
This dedent transformation on the text does not reflow the text, so
source line information remains accurate, and the "blame" chain of
custody for sphinx rST parsing error messages continues to be correct
even through this transformation.
Signed-off-by: John Snow <jsnow@redhat.com>
Message-ID: <20260611042332.482979-13-jsnow@redhat.com> Reviewed-by: Markus Armbruster <armbru@redhat.com>
[Commit message tweaked] Signed-off-by: Markus Armbruster <armbru@redhat.com>
John Snow [Thu, 11 Jun 2026 04:23:30 +0000 (00:23 -0400)]
qapi: remove implicit doc comment Plain section
Prior to this patch, we always create an empty Plain section. Removing
this allows us to gradually phase out the "Plain" section in favor of
"Intro" and "Details" sections while keeping "Plain" around for the
interim churn during the series - meaning that we don't actually know
at __init__ time which type of section we'll have first.
Signed-off-by: John Snow <jsnow@redhat.com>
Message-ID: <20260611042332.482979-12-jsnow@redhat.com> Reviewed-by: Markus Armbruster <armbru@redhat.com>
[Commit message tweaked] Signed-off-by: Markus Armbruster <armbru@redhat.com>
John Snow [Thu, 11 Jun 2026 04:23:29 +0000 (00:23 -0400)]
qapi: adjust doc comment stub member insertion algorithm
A forthcoming patch removes the implicit PLAIN section that always
starts a QAPIDoc section list. Further future changes begin converting
"PLAIN" sections to "INTRO" sections.
This will affect the code that inserts "Not documented" descriptions
for undocumented members ("stub sections") and the dummy section that
marks the spot for "The members of ..." references.
Adjust the algorithm to cope with not only the finished state, but
temporary intermediate states while the series is merged.
This algorithm can handle zero-or-more PLAIN *or* INTRO sections at
the beginning of a QAPIDoc object, in contrast to the previous
algorithm which assumed and relied upon there being always one PLAIN
section at the beginning of every QAPIDoc section list.
In other words: (PLAIN | INTRO)* <EverythingElse>
This does not impact what the parser itself will actually produce. As
of this patch, the parser will still always generate QAPIDoc section
lists that start with precisely one PLAIN section (whether or not it
is empty), followed by the remaining sections. Those remaining
sections may or may not include additional PLAIN sections, but never
two such sections contiguously as the parser will always treat that
layout as one PLAIN section consisting of multiple paragraph(s).
In other other words: This insertion algorithm is more lenient than
the parser, but this is on purpose for flexibility mid-stream as we
convert QAPI to using explicit introductory sections. The allowed
order of sections will eventually become strictly enforced in the
parser, which will in turn allow dramatic simplifications to the
insertion algorithm. This only exists as transitory code until we are
able to enforce that order.
Fear not: the intermediate ReST output before and after this patch
are byte identical, so failing all else, we at least know it doesn't
make anything worse.
Lastly, because we have three places in the code that need to insert
stub/dummy sections, we take the opportunity to consolidate this code
to handle all three cases with one function. This winds up
necessitating the qapidoc.py generator actually modify the section
list to insert a "dummy" member that acts as a placeholder for "The
members of ..." text. While it looks like a code smell to modify the
caller's argument, it is ultimately safe because the QAPI Schema
object is re-parsed and re-constructed in memory for each individual
process that needs to operate on it. In other words, the Sphinx
document generator already does have "its own copy" of the section
lists, so it is "safe" to modify here without regards to other
consumers of the QAPIDoc objects. It only *looks* like it smells
bad. Ultimately, this code will also be removed once the inliner is
merged, so it is only a temporary aesthetic issue regardless.
That's my story and I'm sticking to it.
Signed-off-by: John Snow <jsnow@redhat.com>
Message-ID: <20260611042332.482979-11-jsnow@redhat.com> Reviewed-by: Markus Armbruster <armbru@redhat.com>
[Commit message tweaked] Signed-off-by: Markus Armbruster <armbru@redhat.com>
John Snow [Thu, 11 Jun 2026 04:23:28 +0000 (00:23 -0400)]
qapi/parser: add mea culpa comment for ensure_returns
These algorithms are quite a mess currently, but they are temporary
until we add the inliner which will address these issues more
holistically. For now, add the "mea culpa".
Signed-off-by: John Snow <jsnow@redhat.com>
Message-ID: <20260611042332.482979-10-jsnow@redhat.com> Reviewed-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com>
John Snow [Thu, 11 Jun 2026 04:23:27 +0000 (00:23 -0400)]
qapi/parser: move _insert_near_kind() method
Move this function out from underneath `ensure_returns` and make it
available for general purpose use as an object method instead. This is
purely a scope-level patch with no functional changes.
Signed-off-by: John Snow <jsnow@redhat.com>
Message-ID: <20260611042332.482979-9-jsnow@redhat.com> Reviewed-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com>
John Snow [Thu, 11 Jun 2026 04:23:26 +0000 (00:23 -0400)]
qapi: new doc comment "Intro" section
This patch adds an "Intro" doc section, intended to eventually replace
the "Plain" doc section alongside a forthcoming "Details" section.
For now, this section is not actually instantiated or used, but
subsequent patches will slowly convert the leading introductory sections
of QAPIDoc documentation to use this new section.
A main motivation of this series of changes is to more explicitly
delineate the "Introductory" documentation for each QAPI definition for
the sake of the inliner. When inlining members, examples, and details
from multiple QAPIDoc sections, we will want to omit the "Introductory"
text from inlined definitions while keeping notes, caution boxes,
examples, and so on. This new section facilitates that.
Signed-off-by: John Snow <jsnow@redhat.com>
Message-ID: <20260611042332.482979-8-jsnow@redhat.com> Reviewed-by: Markus Armbruster <armbru@redhat.com>
[Commit message tweaked] Signed-off-by: Markus Armbruster <armbru@redhat.com>
John Snow [Thu, 11 Jun 2026 04:23:24 +0000 (00:23 -0400)]
qapi/parser: make remaining subsection members "private"
These fields are used to provide error checking and internal logistics
and should not be used by a user of the library to directly access
documentation sections, so make them private.
The "since" field alone is left public, as the qapidoc generator does
use this field to pull that section out of the regular flow of the
document.
Signed-off-by: John Snow <jsnow@redhat.com>
Message-ID: <20260611042332.482979-6-jsnow@redhat.com> Reviewed-by: Markus Armbruster <armbru@redhat.com>
[Commit message tweaked] Signed-off-by: Markus Armbruster <armbru@redhat.com>
John Snow [Thu, 11 Jun 2026 04:23:22 +0000 (00:23 -0400)]
qapi/parser: remove unused QAPIDoc subsection members
All users of the QAPIDoc object should be iterating over all_sections
and not grabbing arbitrary subsections, if possible. Remove the 'body'
and 'sections' members, as they are no longer used.
Signed-off-by: John Snow <jsnow@redhat.com> Reviewed-by: Markus Armbruster <armbru@redhat.com>
Message-ID: <20260611042332.482979-4-jsnow@redhat.com> Reviewed-by: Markus Armbruster <armbru@redhat.com>
[Commit message tweaked] Signed-off-by: Markus Armbruster <armbru@redhat.com>
Nicholas Righi [Tue, 9 Jun 2026 02:40:27 +0000 (19:40 -0700)]
hw/arm/bcm2838: Route I2C interrupts to GIC
The I2C interrupts are only routed to the legacy interrupt controller. This means
that for modern device trees that use the GIC, the interrupts don't work. This patch
adds a splitter to route the I2C interrupt to both the legacy interrupt controller and the GIC.
Before this change, running i2c get to read from EEPROM would result in this
i2cget -y 1 0x50
Error: Read failed
After this change, running i2c to read from EEPROM results in this
i2cget -y 1 0x50
0x00
The eeprom can now also be enabled in the device tree. Before the
eeprom driver load would fail due to the read failing
ls -l /sys/bus/i2c/devices/i2c-1/1-0050/ | grep -i eeprom
-rw------- 1 root root 4096 May 17 16:57 eeprom
Signed-off-by: Nicholas Righi <nicholasrighi@gmail.com>
Message-id: 20260609024027.22140-1-nicholasrighi@gmail.com Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@oss.qualcomm.com> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Kyle Fox [Mon, 15 Jun 2026 00:08:35 +0000 (19:08 -0500)]
target/arm: honour CCR.BFHFNMIGN for probed data BusFaults
M-profile CCR.BFHFNMIGN lets software executing at a negative execution
priority (in HardFault/NMI, or with FAULTMASK set) suppress precise data
BusFaults caused by load/store instructions: the access completes
returning UNKNOWN data, the fault status is recorded in BFSR/BFAR, but no
BusFault exception is taken. Software uses this to probe for the presence
of a device.
QEMU stored CCR.BFHFNMIGN but never consumed it: arm_cpu_do_transaction_
failed() always raised the external abort, which arm_v7m_cpu_do_interrupt()
pended as a BusFault and then escalated to a HardFault it could not take at
priority -1, aborting the VM with "Lockup: can't escalate 3 to HardFault".
Honour the bit in arm_cpu_do_transaction_failed(): when the access is a
data access from M-profile code at negative priority with BFHFNMIGN set,
record PRECISERR/BFARVALID and BFAR and return without raising, so the
faulting instruction completes instead of re-faulting forever. Instruction
fetches are unaffected, since BFHFNMIGN applies only to data accesses.
The SG instruction's stack-word load is also an AccType_NORMAL data access
that must honour BFHFNMIGN, but QEMU performs it manually in
v7m_read_sg_stack_word() (outside the TCG TLB, so it never reaches
arm_cpu_do_transaction_failed()). Apply the same suppression there: on a
BusFault, record the status and, when BFHFNMIGN is set at negative
priority, return the UNKNOWN data instead of pending ARMV7M_EXCP_BUS. The
remaining manual EXCP_BUS sites (vector-table loads, stacking, unstacking)
are AccType_VECTABLE/STACK/UNSTACK and are not required to honour the bit,
so they are left unchanged.
This surfaced running the real NXP i.MX 95 System Manager firmware on the
emulated Cortex-M33: its SystemMemoryProbe() (set BFHFNMIGN + FAULTMASK,
do the access, test CFSR.BFARVALID) locked up the VM. With this change the
SM's debug-monitor memory-probe commands run and recover correctly.
Signed-off-by: Kyle Fox <kylefoxaustin.github@gmail.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
[PMM: minor tweak to v7m_read_sg_stack_word() code] Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
hw/arm/smmuv3-accel: Enforce viommu association when CMDQV is active
When CMDQV is active, the first cold-plugged VFIO device establishes
the viommu to host SMMUv3 association, and the guest's boot-time CMDQV
configuration (VINTFs, VCMDQs) is built on top of that association.
Hot-unplugging that device would release the viommu and tear down all
CMDQV state. Hot-plugging another device behind a different host
SMMUv3+CMDQV would then re-bind the same vSMMUv3 to new host hardware,
while the guest keeps using its boot-time configuration and ends up
issuing commands to the wrong host. Block hot-unplug of the
establishing device to avoid this; retaining the binding across unplug
is non-trivial and not required by any current use case.
Also abort at machine_done if cmdqv=on is requested but no cold-plugged
VFIO device was present to initialize it.
Reviewed-by: Nicolin Chen <nicolinc@nvidia.com> Tested-by: Nicolin Chen <nicolinc@nvidia.com> Reviewed-by: Eric Auger <eric.auger@redhat.com> Signed-off-by: Shameer Kolothum <skolothumtho@nvidia.com> Tested-by: Eric Auger <eric.auger@redhat.com>
Message-id: 20260609112552.378999-30-skolothumtho@nvidia.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Nicolin Chen [Tue, 9 Jun 2026 11:25:49 +0000 (12:25 +0100)]
hw/arm/virt-acpi: Advertise Tegra241 CMDQV nodes in DSDT
Add ACPI DSDT support for Tegra241 CMDQV when the SMMUv3 instance is
created with tegra241-cmdqv.
For each accelerated SMMUv3 instance, add a Tegra241 CMDQV device
object under the DSDT \_SB namespace, with HID "NVDA200C" and a UID
that matches the Identifier of the corresponding SMMUv3 IORT node, so
the guest OS can associate the DSDT device with the right SMMU. The
_CRS covers the CMDQV MMIO aperture plus its interrupt, and _CCA
declares I/O cache coherency.
See ACPI Specification 6.5, Section 6 (Device Configuration) for
_HID/_UID/_CCA/_CRS.
Generated DSDT entry for a CMDQV instance paired with SMMUv3 Identifier=1:
...
Device (CV01)
{
Name (_HID, "NVDA200C") // _HID: Hardware ID
Name (_UID, One) // _UID: Unique ID
Name (_CCA, One) // _CCA: Cache Coherency Attribute
Name (_CRS, ResourceTemplate () // _CRS: Current Resource Settings
{
QWordMemory (ResourceProducer, PosDecode, MinFixed, MaxFixed, Cacheable, ReadWrite,
0x0000000000000000, // Granularity
0x000000000C080000, // Range Minimum
0x000000000C0CFFFF, // Range Maximum
0x0000000000000000, // Translation Offset
0x0000000000050000, // Length
,, , AddressRangeMemory, TypeStatic)
Interrupt (ResourceConsumer, Edge, ActiveHigh, Exclusive, ,, )
{
0x00000094,
}
})
}
...
Generated IORT SMMUv3 node (Identifier = 1):
Add an "identifier" property to the SMMUv3 device and use it when
building the ACPI IORT SMMUv3 node Identifier field.
This avoids relying on device enumeration order and provides a stable
per-device identifier. A subsequent patch will use the same identifier
when generating the DSDT description for Tegra241 CMDQV, ensuring that
the IORT and DSDT entries refer to the same SMMUv3 instance.
The identifier is assigned at pre-plug time, accounting for the ITS Group
node that build_iort() places before SMMUv3 nodes in the IORT table, so
that identifiers are globally unique across all IORT nodes.
No functional change: IORT blob content for bios-tables qtest is identical
to before.
Reviewed-by: Eric Auger <eric.auger@redhat.com> Reviewed-by: Nicolin Chen <nicolinc@nvidia.com> Tested-by: Nicolin Chen <nicolinc@nvidia.com> Signed-off-by: Shameer Kolothum <skolothumtho@nvidia.com> Tested-by: Eric Auger <eric.auger@redhat.com>
Message-id: 20260609112552.378999-27-skolothumtho@nvidia.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Nicolin Chen [Tue, 9 Jun 2026 11:25:46 +0000 (12:25 +0100)]
hw/arm/tegra241-cmdqv: Limit queue size based on backend page size
CMDQV HW performs DMA accesses to guest queue memory by its host
physical address set up via IOMMUFD. This requires the guest queue
to be contiguous in both guest PA and host PA space. With Tegra241
CMDQV enabled, we must only advertise a command queue size (CMDQS)
that the host can safely back with physically contiguous memory.
Allowing a queue size larger than the host page size could cause
the hardware to DMA across page boundaries, leading to faults.
Use qemu_minrampagesize() to find the smallest memory-backend page
size in use, then cap IDR1.CMDQS so the guest cannot configure a
command queue that exceeds that contiguous backing.
Note this is done at SMMUv3 init, before any guest queue GPA is
known, so the cap is conservative. Maximum queue size is 8MiB;
it is recommended to back the VM with hugepage sizes large enough
so CMDQS stays at the HW maximum. Smaller backing pages reduce
CMDQS accordingly.
Signed-off-by: Nicolin Chen <nicolinc@nvidia.com> Tested-by: Nicolin Chen <nicolinc@nvidia.com> Reviewed-by: Eric Auger <eric.auger@redhat.com> Signed-off-by: Shameer Kolothum <skolothumtho@nvidia.com> Tested-by: Eric Auger <eric.auger@redhat.com>
Message-id: 20260609112552.378999-26-skolothumtho@nvidia.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
hw/arm/smmuv3-accel: Introduce common helper for veventq read
Move the vEVENTQ read and validation logic into a common helper
smmuv3_accel_event_read_validate(). The helper performs the read(),
checks for overflow and short reads, validates the sequence number,
and updates the sequence state.
This helper can be reused for Tegra241 CMDQV vEVENTQ support in a
subsequent patch.
Error handling is slightly adjusted: instead of reporting errors
directly in the read handler, the helper now returns errors via
Error **. Sequence gaps are reported as warnings.
Reviewed-by: Nicolin Chen <nicolinc@nvidia.com> Reviewed-by: Eric Auger <eric.auger@redhat.com> Tested-by: Nicolin Chen <nicolinc@nvidia.com> Signed-off-by: Shameer Kolothum <skolothumtho@nvidia.com> Tested-by: Eric Auger <eric.auger@redhat.com>
Message-id: 20260609112552.378999-23-skolothumtho@nvidia.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Nicolin Chen [Tue, 9 Jun 2026 11:25:42 +0000 (12:25 +0100)]
hw/arm/tegra241-cmdqv: Use mmap'd host VINTF page0 for virtual VINTF page0
Install the mmap'd host VINTF page0 as a RAM-device MemoryRegion
backing the guest's virtual VINTF Page 0 aperture (guest MMIO offset
0x30000) when VINTF is enabled, and remove it on VINTF disable or
reset. This eliminates QEMU trapping for hot-path CONS/PROD index
updates via that aperture.
After this patch, the two VCMDQ Page 0 apertures use different
access paths: the direct aperture (0x10000) remains QEMU-trapped,
while the VINTF aperture (0x30000) is a guest-direct RAM mapping.
The direct aperture is intentionally kept trapped (not aliased to
the host VINTF mmap) so that writes to an unallocated VCMDQ remain
well-defined. The CMDQV architecture allows software to program a
VCMDQ through the direct aperture without first allocating it to a
VINTF; aliasing would route those writes to unallocated logical
slots in the VINTF page, where the hardware silently drops them.
memory: Allow RAM device regions to skip IOMMU mapping
Some RAM device regions created with memory_region_init_ram_device_ptr()
are not intended to be P2P DMA targets.
The VFIO listener currently treats all RAM device regions as DMA
capable and attempts to map them into the IOMMU. For regions without
dma-buf backing this fails and prints warnings such as:
IOMMU_IOAS_MAP failed: Bad address, PCI BAR?
Introduce a MemoryRegion flag (ram_device_skip_iommu_map) to mark RAM
device regions that should not be IOMMU mapped, paired with
memory_region_skip_iommu_map() / memory_region_set_skip_iommu_map()
accessors. When the flag is set, the VFIO listener skips DMA mapping
for that region.
Reviewed-by: Eric Auger <eric.auger@redhat.com> Tested-by: Eric Auger <eric.auger@redhat.com> Tested-by: Nicolin Chen <nicolinc@nvidia.com> Signed-off-by: Shameer Kolothum <skolothumtho@nvidia.com>
Message-id: 20260609112552.378999-21-skolothumtho@nvidia.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
hw/arm/tegra241-cmdqv: Route allocated VCMDQ Page0 accesses to the mmap'd host VINTF page0
Introduce tegra241_cmdqv_vintf_lvcmdq_ptr() to route VCMDQ Page 0
register accesses through the mmap'd host VINTF Page 0 backing once a
hardware queue has been allocated for the VCMDQ.
The two QEMU-trapped Page 0 apertures (direct at 0x10000, VINTF at
0x30000) are hardware aliases of the same underlying registers. A
subsequent patch installs the VINTF aperture as a RAM-device into
guest MMIO; in this patch both remain QEMU-trapped.
The direct VCMDQ aperture stays QEMU-trapped (rather than aliased
to the VINTF mmap) so that writes to an unallocated VCMDQ remain
well-defined. The CMDQV architecture allows software to program a
VCMDQ through the direct aperture without first allocating it to a
VINTF; aliasing to the VINTF mmap would route those writes into
unallocated logical slots where the hardware silently drops them.
A VCMDQ Page 0 access is served from one of two sources:
- Cache-backed: no hw_queue is allocated for the VCMDQ
(HW_QUEUE_ALLOC has not yet succeeded). Both apertures use
QEMU's register cache.
- HW-backed: HW_QUEUE_ALLOC has succeeded. Both apertures access
the registers directly through the mmap'd host VINTF Page 0.
tegra241_cmdqv_sync_vcmdq() copies any cached writes (CONS_INDX,
PROD_INDX, CONFIG, GERRORN) into the mmap'd page on the cache-to-HW
transition so the guest's earlier register state survives. Freeing a
VCMDQ clears the cached Page0 registers.
Tested-by: Nicolin Chen <nicolinc@nvidia.com> Signed-off-by: Shameer Kolothum <skolothumtho@nvidia.com> Tested-by: Eric Auger <eric.auger@redhat.com> Reviewed-by: Eric Auger <eric.auger@redhat.com> Reviewed-by: Nicolin Chen <nicolinc@nvidia.com>
Message-id: 20260609112552.378999-20-skolothumtho@nvidia.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Nicolin Chen [Tue, 9 Jun 2026 11:25:39 +0000 (12:25 +0100)]
hw/arm/tegra241-cmdqv: Allocate HW VCMDQs once configured
Add support for allocating IOMMUFD hardware queues when the guest
programs the VCMDQ BASE registers.
VCMDQ_EN lives in VCMDQ_CONFIG, which is on the VINTF Page0 region
that a later patch installs into guest MMIO — so QEMU won't trap its
writes. Allocate the hardware queue instead once all of these are
set: BASE programmed, CMDQ_ALLOC_MAP.ALLOC, and CMDQV / VINTF
enabled. Each precondition write retries the allocation, so the
guest may program them in any order.
iommufd_backend_alloc_hw_queue() needs the guest physical address of
the VCMDQ ring buffer, so allocation is deferred until the guest has
populated BASE.
If a hardware queue was previously allocated for the same VCMDQ,
free it before reallocation. All allocated VCMDQs are freed when
CMDQV or VINTF is disabled, when the ALLOC bit is cleared, or on reset.
On allocation failure, set CMDQ_INIT_ERR and clear CMDQ_EN_OK in the
cache so trapped guest reads see the failure rather than a queue
that looks live. Clear them on a later successful allocation. A guest
CMDQ_EN write then sets CMDQ_EN_OK only if CMDQ_INIT_ERR is clear.
This is the write side counterpart of the VCMDQ read emulation. Add
write handling for both the direct VCMDQ aperture and the VINTF
logical aperture using the same index decoding and VINTF-to-VCMDQ
translation logic as the read path.
VINTF aperture writes are translated to their direct-aperture
equivalent and update the same cached state. Page 1 registers
(BASE, CONS_INDX_BASE) always update the cache.
Per the CMDQV architecture, a VCMDQ must be allocated to a Virtual
Interface before it is used to send commands to the SMMU. Until
that allocation happens, MMIO writes only update cached register
state - no command consumption, error handling, or interrupt
activity is driven from these writes. Subsequent patches wire up
IOMMU_HW_QUEUE_ALLOC, mmap the host VINTF Page 0, and install it
into guest MMIO; after that, Page 0 writes from either aperture
reach the hardware-backed mmap'd page instead of just the cache.
The direct aperture Page 0 is programmable at any time so long as
CMDQV_EN is enabled. The VINTF (logical) aperture Page 0 is
programmable only once SW has mapped a VCMDQ to a VINTF; the
"logical" view is local to that VINTF.
Add read emulation for both apertures, backed by a single per-VCMDQ
register cache. VINTF aperture reads are translated to their
equivalent direct-aperture offset and served from the same cached
state.
Per the CMDQV architecture, a VCMDQ must be allocated to a Virtual
Interface before it is used to send commands to the SMMU. Until that
allocation happens, reads return cached register state with no HW
interaction. Subsequent patches wire up IOMMU_HW_QUEUE_ALLOC, mmap
the host VINTF Page 0, and install it into guest MMIO; after that,
Page 0 reads from either aperture are served from the hardware-backed
mmap'd page instead of the cache. Page 1 is also a hardware alias,
but the kernel only exposes mmap for Page 0, so Page 1 reads always
trap to QEMU and are served from cache.
Nicolin Chen [Tue, 9 Jun 2026 11:25:36 +0000 (12:25 +0100)]
hw/arm/tegra241-cmdqv: Emulate CMDQ-V Config region
Tegra241 CMDQV exposes control and status registers in the CMDQ-V
Config page (offset [0x0, 0x10000)) used to configure virtual command
queue allocation and interrupt behavior.
Add read/write emulation for the CMDQ-V Config region
([CMDQV_BASE, CMDQV_CMDQ_BASE]), backed by a simple register cache.
This includes CONFIG, PARAM, STATUS, VI error and interrupt maps, CMDQ
allocation map and the VINTF0 related registers defined in the CMDQ-V
Config space. Only VINTF0 is supported; VINTF1-63 are not.
Dispatch writes on access size: Introduced writel_mmio for 4-byte and
writell_mmio for 8-byte. Reads need no split as the MMIO framework masks
the returned value to the access size.
Nicolin Chen [Tue, 9 Jun 2026 11:25:35 +0000 (12:25 +0100)]
hw/arm/tegra241-cmdqv: mmap host VINTF Page0 for CMDQV
The kernel currently exposes a single VINTF per emulated SMMUv3
instance. IOMMU_VIOMMU_ALLOC returns an mmap offset for the host
VINTF Page0 allocated for this SMMU. However, VCMDQs only become
bound to that VINTF after IOMMU_HW_QUEUE_ALLOC, so until then the
mapped Page0 does not back any real VCMDQ state.
mmap the host VINTF Page0 right after IOMMU_VIOMMU_ALLOC, as the host
VINTF is already enabled at that point, and unmap it when the vIOMMU is
freed. The mapping shares the vIOMMU's lifetime. This prepares the VINTF
mapping in advance of subsequent patches that add VCMDQ allocation.
hw/arm/virt: Link SMMUv3 CMDQV resources to platform bus
SMMUv3 devices with acceleration may enable CMDQV extensions
after device realize. In that case, additional MMIO regions and
IRQ lines may be registered but not yet mapped to the platform bus.
Ensure SMMUv3 device resources are linked to the platform bus
during machine_done().
This is safe to do unconditionally since the platform bus helpers
skip resources that are already mapped.
Reviewed-by: Eric Auger <eric.auger@redhat.com> Reviewed-by: Nicolin Chen <nicolinc@nvidia.com> Tested-by: Nicolin Chen <nicolinc@nvidia.com> Signed-off-by: Shameer Kolothum <skolothumtho@nvidia.com> Tested-by: Eric Auger <eric.auger@redhat.com>
Message-id: 20260609112552.378999-13-skolothumtho@nvidia.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Nicolin Chen [Tue, 9 Jun 2026 11:25:32 +0000 (12:25 +0100)]
hw/arm/tegra241-cmdqv: Implement CMDQV init
Tegra241 CMDQV extends SMMUv3 with support for virtual command queues
(VCMDQs) exposed via a CMDQV MMIO region. The CMDQV MMIO space is split
into 64KB pages:
This patch wires up the Tegra241 CMDQV init callback and allocates
vendor-specific CMDQV state. The state pointer is stored in
SMMUv3AccelState for use by subsequent CMDQV operations.
The CMDQV MMIO region and a dedicated IRQ line are registered with the
SMMUv3 device. The MMIO read/write handlers are currently stubs and will
be implemented in later patches.
The CMDQV interrupt is edge-triggered and indicates VCMDQ or VINTF
error conditions. This patch only registers the IRQ line. Interrupt
generation and propagation to the guest will be added in a subsequent
patch.
hw/arm/tegra241-cmdqv: Probe host Tegra241 CMDQV support
Use IOMMU_GET_HW_INFO to query host support for Tegra241 CMDQV.
Validate the returned data type, version, and minimum number of vCMDQs and
SIDs per Tegra241 CMDQ Virtual Interface(VI). Fail the probe if the host
does not meet these requirements.
The QEMU model supports one Virtual Interface(VI) per VM with 2 vCMDQs and
16 SIDs per VI, so the probe ensures the host implementation is compatible
with these limits.
Reviewed-by: Eric Auger <eric.auger@redhat.com> Reviewed-by: Nicolin Chen <nicolinc@nvidia.com> Tested-by: Nicolin Chen <nicolinc@nvidia.com> Signed-off-by: Shameer Kolothum <skolothumtho@nvidia.com> Tested-by: Eric Auger <eric.auger@redhat.com>
Message-id: 20260609112552.378999-11-skolothumtho@nvidia.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
hw/arm/virt: Use stored SMMUv3 device list for IORT build
Introduce a GPtrArray in VirtMachineState to track all SMMUv3 devices
created on the virt machine, and use it when building the IORT table
instead of relying on object_child_foreach_recursive() walks of the
object tree.
This avoids recursive object traversal and provides a foundation for
subsequent patches that need direct access to SMMUv3 instances for
CMDQV-related handling.
No functional change. No bios-tables qtest failures observed.
Reviewed-by: Eric Auger <eric.auger@redhat.com> Reviewed-by: Nicolin Chen <nicolinc@nvidia.com> Tested-by: Nicolin Chen <nicolinc@nvidia.com> Signed-off-by: Shameer Kolothum <skolothumtho@nvidia.com> Tested-by: Eric Auger <eric.auger@redhat.com>
Message-id: 20260609112552.378999-10-skolothumtho@nvidia.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
hw/arm/smmuv3-accel: Wire CMDQV ops into accel lifecycle
Add support for selecting and initializing a CMDQV backend based on the
cmdqv OnOffAuto property.
If set to OFF, CMDQV is not used and the default IOMMUFD-backed allocation
path is taken.
If set to AUTO, QEMU attempts to probe a CMDQV backend during device setup.
If probing succeeds, the selected ops are stored in the accelerated SMMUv3
state and used. If probing fails, QEMU silently falls back to the default
path.
If set to ON, QEMU requires CMDQV support. Probing is performed during
setup and failure results in an error.
When a CMDQV backend is active, its callbacks are used for vIOMMU
allocation, free, and reset handling. Otherwise, the base implementation
is used.
The current implementation wires up the Tegra241 CMDQV backend through the
generic ops interface. Functional CMDQV behaviour is added in subsequent
patches.
No functional change.
Reviewed-by: Eric Auger <eric.auger@redhat.com> Reviewed-by: Nicolin Chen <nicolinc@nvidia.com> Tested-by: Nicolin Chen <nicolinc@nvidia.com> Signed-off-by: Shameer Kolothum <skolothumtho@nvidia.com> Tested-by: Eric Auger <eric.auger@redhat.com>
Message-id: 20260609112552.378999-9-skolothumtho@nvidia.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Introduce a Tegra241 CMDQV backend that plugs into the SMMUv3 accelerated
CMDQV ops interface.
This patch wires up the Tegra241 CMDQV backend and provides a stub
implementation for CMDQV probe, initialization, vIOMMU allocation
and reset handling.
Functional CMDQV support is added in follow-up patches.
Reviewed-by: Eric Auger <eric.auger@redhat.com> Reviewed-by: Nicolin Chen <nicolinc@nvidia.com> Tested-by: Nicolin Chen <nicolinc@nvidia.com> Signed-off-by: Shameer Kolothum <skolothumtho@nvidia.com> Tested-by: Eric Auger <eric.auger@redhat.com>
Message-id: 20260609112552.378999-8-skolothumtho@nvidia.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Command Queue Virtualization (CMDQV) is a hardware extension available
on certain platforms that allows the SMMUv3 command queue to be
virtualized and passed through to a VM, improving performance.
For example, NVIDIA Tegra241 implements CMDQV to support virtualization
of multiple command queues (VCMDQs).
The term CMDQV is used here generically to refer to any platform that
provides hardware support to virtualize the SMMUv3 command queue.
CMDQV support is a specialization of the IOMMUFD-backed accelerated
SMMUv3 path. Introduce an ops interface to factor out CMDQV-specific
probe, initialization, and vIOMMU allocation logic from the base
implementation. The ops pointer and associated state are stored in
the accelerated SMMUv3 state.
This provides an extensible design to support future vendor-specific
CMDQV implementations.
No functional change.
Reviewed-by: Nicolin Chen <nicolinc@nvidia.com> Tested-by: Nicolin Chen <nicolinc@nvidia.com> Reviewed-by: Eric Auger <eric.auger@redhat.com> Signed-off-by: Shameer Kolothum <skolothumtho@nvidia.com> Tested-by: Eric Auger <eric.auger@redhat.com>
Message-id: 20260609112552.378999-7-skolothumtho@nvidia.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
projects / thirdparty / qemu.git / log
