From nobody Mon Apr  6 18:23:06 2026
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org;
	dmarc=pass(p=none dis=none)  header.from=gmail.com
ARC-Seal: i=1; a=rsa-sha256; t=1773830954; cv=none;
	d=zohomail.com; s=zohoarc;
	b=QsYHNmTpaAav3CxGDm1ZX4obWL0fJ/SiP5vbTRQCPGhY4/rrXT1kyOQtVq23vzbRnybWGOEaMHFB3KFksvS1CjFx5GAUBjXh9LbGfTq4Q2f61UTMQOWOR7XIJkDu+99KO4PcNL7FQ0ahzI0u/DhRH5MohapCDattk/BA3fYZ0Xs=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1773830954;
 h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To;
	bh=VSwkM0P/J5XAoRgFils81Qyg6RKqLdXdbIdwNlenliE=;
	b=meY4E/InCxXXS3PoK2QTinbn0uFcK72tqhppmMJJB2H4Z0SbsKe7k5ub8CzwpJCxy2nvKK0/QgpjSerIgy9efltldarxe5aSWgESOp51og1Ul4Z5em6VEq84ZXOiz4xUF1bUwWE3zv+UxvaODr5eDgut1cp6POQnW6Ij3hlXvSo=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org;
	dmarc=pass header.from=<ruslichenko.r@gmail.com> (p=none dis=none)
Return-Path: <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by
 mx.zohomail.com
	with SMTPS id 1773830954899860.1381599165898;
 Wed, 18 Mar 2026 03:49:14 -0700 (PDT)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <qemu-devel-bounces@nongnu.org>)
	id 1w2oQo-0003bB-5V; Wed, 18 Mar 2026 06:47:18 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <ruslichenko.r@gmail.com>)
 id 1w2oQZ-0003VS-O6
 for qemu-devel@nongnu.org; Wed, 18 Mar 2026 06:47:06 -0400
Received: from mail-wm1-x32c.google.com ([2a00:1450:4864:20::32c])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <ruslichenko.r@gmail.com>)
 id 1w2oQX-0003KM-JE
 for qemu-devel@nongnu.org; Wed, 18 Mar 2026 06:47:03 -0400
Received: by mail-wm1-x32c.google.com with SMTP id
 5b1f17b1804b1-48628ce9ab5so23943995e9.2
 for <qemu-devel@nongnu.org>; Wed, 18 Mar 2026 03:47:01 -0700 (PDT)
Received: from thinkpad-t470s.. (93-143-80-194.adsl.net.t-com.hr.
 [93.143.80.194]) by smtp.googlemail.com with ESMTPSA id
 5b1f17b1804b1-486f420de8asm56471095e9.3.2026.03.18.03.46.58
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Wed, 18 Mar 2026 03:46:58 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=gmail.com; s=20230601; t=1773830819; x=1774435619; darn=nongnu.org;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:from:to:cc:subject:date
 :message-id:reply-to;
 bh=VSwkM0P/J5XAoRgFils81Qyg6RKqLdXdbIdwNlenliE=;
 b=KrYM7EiX1BSTm06EvQPeyTT1n/uA1T+7AhBxugn3+duAsA+p2xelXlnNUuC5AoWZR5
 /FMM4OgzfqiW+IzFs+8R05vbDxUZx1feKKa66W4YemmOohmU/0hzk1XsQsIP1nWaWup5
 wM4qbj75ZL6IZ//siMoROpUUkL6iMbxWC72cG5OpyZiVa8iDVE7J0B3t0hJhCFw1VNxQ
 HqCD2/eKwfCenxzMeG6kCOOr/RTsYnW0naVIXJJOQN7wewfdR6IIqcq8Hx5oMDTHze2s
 8AG2xrhb17rJHz4Q/1iZ1DSjPssqEloVSl7/8J6B9LXVMwITwCNEwVRPJHUNFh+AVRtD
 bJGQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20251104; t=1773830819; x=1774435619;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from
 :to:cc:subject:date:message-id:reply-to;
 bh=VSwkM0P/J5XAoRgFils81Qyg6RKqLdXdbIdwNlenliE=;
 b=QOCtB2Rz17BfzYCiY5U8lIyt8yn4Smy8ICcozStnmZY5SrThJbpHAdCCtZRHqHoT5O
 18NiyJwSLyR2qFx1CIJksvufjG5zqsZvEBQinP4lAN1BL1YjxKosyqsHd5uSDW5njWoZ
 zfaITf4ZLp0eOzBKKt13MN4eTR8VcsNvhzp7FZpxpmAphLRYH8snrvE9KkxrqjZj9gvF
 62C7E9kwkF95Z479112++l/oVWmLwRCKzOoKMhyMnOlaGGoZO+lvFiF4e0ZuRmufIW4h
 BHh+Yw8ubmJJPRkZhmvtDNytlnnz2llsqcZ/TxOo0jGSSHl32N3KgMIF2ZzOHV83jPXc
 Br6w==
X-Gm-Message-State: AOJu0Yw2kUBuy+p59CCNtf33DnFOp/u0yWiekVY9l1+l9U3uC+YJP8/I
 eVfsR2IHReknfWsMNkKUjtawr9EoywF0XsyWgyg25QQi7ds3fNmOJW03ED+E007r
X-Gm-Gg: ATEYQzyL/ZDGE7AJDG8FmzGcV9t/Z5J9F6hHF8Q+v2/IHNNL8KCpW2vIuWyWfm7aVDH
 kPNlMDvlJmITSoiTOybBIp0enQLAPDgblkkyvaPWuFgI9RSB56cj4fkn22RNrhA/gNj5rsp8X/l
 kGDPcWbZ/g+GyQdUv44x7pPQDXZqtZIOyoCM9Dm3WngQKc5mWATmv3c61vBEISs3cdB7QIFqjQw
 Td0XPptNWM1G8QmEhJOzv13M+68gt13Ci8y6Ezi0nX0STRmR1M1oMV0XnSGDOCSrm7ah5uP2Oo9
 f2t0Hoofr21XNPytEXiRSHpZ93aKbgaeEc/6JsVDcyU/C6M/cJ2N2lIbLPwzlYw66Mkg0kTOCl5
 idZJklhz6UBS2RPJ4y3+pfFb7ePWJzEruGBpmFcyy8GVZAC6XvPQn+m27Ix6Uue4q9uzPb8Hi6F
 rNSGVCzHoSv4V8FHvIrqz0IGwMZVF7OHkIxMjNteHz53sP7Cvbj1/fufemCEjoaFnWyw==
X-Received: by 2002:a05:600c:4585:b0:485:39d4:2dd9 with SMTP id
 5b1f17b1804b1-486f45708e5mr49754255e9.33.1773830819279;
 Wed, 18 Mar 2026 03:46:59 -0700 (PDT)
From: Ruslan Ruslichenko <ruslichenko.r@gmail.com>
To: qemu-devel@nongnu.org
Cc: qemu-arm@nongnu.org, artem_mygaiev@epam.com, volodymyr_babchuk@epam.com,
 alex.bennee@linaro.org, peter.maydell@linaro.org,
 pierrick.bouvier@linaro.org, philmd@linaro.org, Ruslan_Ruslichenko@epam.com
Subject: [RFC PATCH 1/9] target/arm: Add API for dynamic exception injection
Date: Wed, 18 Mar 2026 11:46:32 +0100
Message-ID: <20260318104640.239752-2-ruslichenko.r@gmail.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <20260318104640.239752-1-ruslichenko.r@gmail.com>
References: <20260318104640.239752-1-ruslichenko.r@gmail.com>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17
 as permitted sender) client-ip=209.51.188.17;
 envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org;
 helo=lists.gnu.org;
Received-SPF: pass client-ip=2a00:1450:4864:20::32c;
 envelope-from=ruslichenko.r@gmail.com; helo=mail-wm1-x32c.google.com
X-Spam_score_int: -20
X-Spam_score: -2.1
X-Spam_bar: --
X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001,
 RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=unavailable autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: qemu development <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org
Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org
X-ZohoMail-DKIM: pass (identity @gmail.com)
X-ZM-MESSAGEID: 1773830956196154100
Content-Type: text/plain; charset="utf-8"

From: Ruslan Ruslichenko <Ruslan_Ruslichenko@epam.com>

Implement arm_cpu_inject_exception() to allow external clients,
such as QEMU plugins or asynchronous timers, to inject exceptions
into the ARM guest.

Signed-off-by: Ruslan Ruslichenko <Ruslan_Ruslichenko@epam.com>
---
 target/arm/cpu.h    |  4 ++++
 target/arm/helper.c | 55 +++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 59 insertions(+)

diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index 657ff4ab20..f1d2d6e240 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -2680,4 +2680,8 @@ extern const uint64_t pred_esz_masks[5];
 #define LOG2_TAG_GRANULE 4
 #define TAG_GRANULE      (1 << LOG2_TAG_GRANULE)
=20
+#ifndef CONFIG_USER_ONLY
+void arm_cpu_inject_exception(int excp_index, uint32_t syndrome);
+#endif
+
 #endif
diff --git a/target/arm/helper.c b/target/arm/helper.c
index 8c5769477c..73df3a9e6e 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -10241,4 +10241,59 @@ ARMSecuritySpace arm_security_space_below_el3(CPUA=
RMState *env)
         return ARMSS_NonSecure;
     }
 }
+
+typedef struct {
+    int excp_index;
+    uint32_t syndrome;
+}  FIExcpAsync;
+
+static void fi_setup_exception(CPUState *cs, int excp_index, uint32_t synd=
rome)
+{
+    CPUARMState *env =3D cpu_env(cs);
+
+    cs->exception_index =3D excp_index;
+    env->exception.syndrome =3D syndrome;
+    env->exception.vaddress =3D env->pc;
+
+    if (excp_index =3D=3D EXCP_VSERR) {
+        /* Serror syndrome constructed from vsesr_el2 */
+        env->cp15.vsesr_el2 =3D syndrome;
+    }
+
+    env->exception.target_el =3D arm_current_el(env);
+}
+
+static void arm_cpu_inject_exception_async(CPUState *cs, run_on_cpu_data d=
ata)
+{
+    FIExcpAsync *excp_data =3D (FIExcpAsync *)data.host_ptr;
+
+    fi_setup_exception(cs, excp_data->excp_index, excp_data->syndrome);
+
+    g_free(excp_data);
+}
+
+void arm_cpu_inject_exception(int excp_index, uint32_t syndrome)
+{
+    CPUState *cs =3D current_cpu;
+
+    if (!cs) {
+        /* If we called outside CPU thread (timer callback, etc) schedule =
async */
+        run_on_cpu_data async_data;
+        CPUState *cs0 =3D qemu_get_cpu(0);
+
+        FIExcpAsync *excp_data =3D g_new0(FIExcpAsync, 1);
+
+        excp_data->excp_index =3D excp_index;
+        excp_data->syndrome =3D syndrome;
+
+        async_data.host_ptr =3D excp_data;
+
+        async_run_on_cpu(cs0, arm_cpu_inject_exception_async, async_data);
+        return;
+    }
+
+    fi_setup_exception(cs, excp_index, syndrome);
+
+    cpu_loop_exit(cs);
+}
 #endif /* !CONFIG_USER_ONLY */
--=20
2.43.0
From nobody Mon Apr  6 18:23:06 2026
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org;
	dmarc=pass(p=none dis=none)  header.from=gmail.com
ARC-Seal: i=1; a=rsa-sha256; t=1773830911; cv=none;
	d=zohomail.com; s=zohoarc;
	b=QJexuvUWdXAEQsKRWEBW1ugy26tAOzkcGLmQqK0x0oVRw9uFczKumKxdkZL0LtF5UGvtaTAJN9a8paHMjpsOkdsKWpIWtWM5NkmVjUYdOH0Yoc+TNiKNrBmr0FLvX4JM6Tx18OZkiZczqdrnN1m3VtPBliuOha4X2WUR5VhFoe8=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1773830911;
 h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To;
	bh=QgUepk6UMjnKqzufGDPkLxQrioV7HxGAbMXHjFPydeQ=;
	b=U9Ojo0fVSTPWruvS7x2oy5u/am0xlyhrTSeHE9xA2pKALCCsE+P1bCqVyYF4EK82++85u7iVrhVlmTnpAtSZeQoYxdRM6Z4JwVu+MDTxoVu6xjcDs8v/MaLApbk7JcVn395wPs3bpBNsrZs9luwlG5GQzmim4+EUu0CoTIa3MYs=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org;
	dmarc=pass header.from=<ruslichenko.r@gmail.com> (p=none dis=none)
Return-Path: <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by
 mx.zohomail.com
	with SMTPS id 17738309117281008.407836433414;
 Wed, 18 Mar 2026 03:48:31 -0700 (PDT)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <qemu-devel-bounces@nongnu.org>)
	id 1w2oQj-0003XR-79; Wed, 18 Mar 2026 06:47:13 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <ruslichenko.r@gmail.com>)
 id 1w2oQa-0003VU-J7
 for qemu-devel@nongnu.org; Wed, 18 Mar 2026 06:47:06 -0400
Received: from mail-wm1-x335.google.com ([2a00:1450:4864:20::335])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <ruslichenko.r@gmail.com>)
 id 1w2oQY-0003Kp-Ol
 for qemu-devel@nongnu.org; Wed, 18 Mar 2026 06:47:04 -0400
Received: by mail-wm1-x335.google.com with SMTP id
 5b1f17b1804b1-486b9675d36so14103555e9.0
 for <qemu-devel@nongnu.org>; Wed, 18 Mar 2026 03:47:02 -0700 (PDT)
Received: from thinkpad-t470s.. (93-143-80-194.adsl.net.t-com.hr.
 [93.143.80.194]) by smtp.googlemail.com with ESMTPSA id
 5b1f17b1804b1-486f420de8asm56471095e9.3.2026.03.18.03.46.59
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Wed, 18 Mar 2026 03:47:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=gmail.com; s=20230601; t=1773830821; x=1774435621; darn=nongnu.org;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:from:to:cc:subject:date
 :message-id:reply-to;
 bh=QgUepk6UMjnKqzufGDPkLxQrioV7HxGAbMXHjFPydeQ=;
 b=QhhvHPgKOfl/BhZ6pzwLgO97hGI8laNB4tBI4gqpH/3T1T4Bc7FNWUeshUSsExZ88F
 sUeXYbiZV/Q1pn59I0aFn8BpvRMr0te9TINo4oO/0f3pr0K1gkO2dR911MjWKAQxpG2k
 yzjXnFU8RJH8QDENlmwfYV2Hl5xL7Qo8lQ7W8wrvryYaGEZgI7+723Ma0ewohaK0M6PV
 nWxAsuiN9wH29MBzH3eTLvg700XsMhbL1jl0Zlt4oHnYaX0lBAORIQEwvurL3eWTHOcW
 kH8mbS5F4J0PTxXM4qQf7F+dpj5SydCtFkfzau6YtkOsx35GELQagVlz3ntsw7iTtMMR
 WKbQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20251104; t=1773830821; x=1774435621;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from
 :to:cc:subject:date:message-id:reply-to;
 bh=QgUepk6UMjnKqzufGDPkLxQrioV7HxGAbMXHjFPydeQ=;
 b=VOZJjGVgdZHgbDT86oRzty87FsWcYRA2XOSFfJ01sOQjUrzDP8k16GMnHWP9LGngbN
 I2jNmi8nXSCK+kIwih2xd4gVsasPzD52jaQxfOcv7kk+hCRKrjaYwe+PJPfZSAJTZrD5
 FWmNSXPLIPOqhQTVFRFCcorn64QcZog6ULOiSZouUAGCRggfGt6YCQYk3qQ41SYEUMh6
 BKfOswXEP2rRFdHesr2tfvMVMUuprXAU3FnqGX6nUBSYcLWVE17mXm/Y4Q3T9iqfTjh5
 vz111NKFOS+F0HpJNe0ECHksibTcNzHK37byZxyE2uFUYj7W6oxkmIpt1+Satn5rvIpd
 wq/A==
X-Gm-Message-State: AOJu0YyZhW7PXSMz5ALxIpOK3dEI25e5Dz+MpzXW4yk54GMO9+ddexLC
 i3ReKUuDHokRXjEy3XUwYksMe6/GVQrk8P6+Qc1GKi01EZ3PGY7X794X6GEl3D5m
X-Gm-Gg: ATEYQzyTm14kFLk5G2NUeZw8La9afi9fIf2RtvPv2rhOM262yVjCZ+hrAZq/EuU9Ccx
 o0dlHpim+kJ5LzUDPhnOSvdqH6Syfo1TcLLVMqjqXjgsd4eMftlcC+QJ2g4MDB89jmmQSzas76f
 auEwhyIfRvKnSJ+3oz0YIxCemEsB5QG6Q/3W7k1frhE/O34/ZOw6C4RyWbA5v9DcIQQSRqGUUqx
 L7KY7X7KIei8urc42HxlkJ+hYzq2Auv8sYXkTlHHN0w5tKkcJQJE5HXYzpnolCQTKDdD0S32xHb
 v+JTSaaPMZyJ7MgH42sot6k4jDw4o8sBdzdhypw8N+IkOlvu7ylk8MGT7+KzB2Xh310ktF8YzIO
 3HT7azYWlflwPuwxZtLbiaXWr+JoHAAZLH7gpW82WJHK8B8uW7178yBb7Z0fKBfKG9L6BDJGzTq
 RK17bMFRX91uW5KlmofmqODBoVfynkUoBEyXkezn1pdEI3di902WupZVo6GcGzNhtFSCtHAc+4b
 9gp
X-Received: by 2002:a05:600c:83ca:b0:485:3dfc:57a with SMTP id
 5b1f17b1804b1-486f446dee9mr43456345e9.32.1773830820667;
 Wed, 18 Mar 2026 03:47:00 -0700 (PDT)
From: Ruslan Ruslichenko <ruslichenko.r@gmail.com>
To: qemu-devel@nongnu.org
Cc: qemu-arm@nongnu.org, artem_mygaiev@epam.com, volodymyr_babchuk@epam.com,
 alex.bennee@linaro.org, peter.maydell@linaro.org,
 pierrick.bouvier@linaro.org, philmd@linaro.org, Ruslan_Ruslichenko@epam.com
Subject: [RFC PATCH 2/9] plugins/api: Expose virtual clock timers to plugins
Date: Wed, 18 Mar 2026 11:46:33 +0100
Message-ID: <20260318104640.239752-3-ruslichenko.r@gmail.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <20260318104640.239752-1-ruslichenko.r@gmail.com>
References: <20260318104640.239752-1-ruslichenko.r@gmail.com>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17
 as permitted sender) client-ip=209.51.188.17;
 envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org;
 helo=lists.gnu.org;
Received-SPF: pass client-ip=2a00:1450:4864:20::335;
 envelope-from=ruslichenko.r@gmail.com; helo=mail-wm1-x335.google.com
X-Spam_score_int: -20
X-Spam_score: -2.1
X-Spam_bar: --
X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001,
 RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: qemu development <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org
Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org
X-ZohoMail-DKIM: pass (identity @gmail.com)
X-ZM-MESSAGEID: 1773830912460158500
Content-Type: text/plain; charset="utf-8"

From: Ruslan Ruslichenko <Ruslan_Ruslichenko@epam.com>

This patch extends QEMU Plugins API to allow set timers
in guest's virtual clock (QEMU_CLOCK_VIRTUAL).

It introduces qemu_plugin_timer_virt_ns(), which allows
scheduling a one-shot callback.

The patch also adds qemu_plugin_get_virtual_clock_ns(),
which can be used to query the current virtual time.

Signed-off-by: Ruslan Ruslichenko <Ruslan_Ruslichenko@epam.com>
---
 include/plugins/qemu-plugin.h |  6 ++++++
 plugins/api.c                 | 29 +++++++++++++++++++++++++++++
 2 files changed, 35 insertions(+)

diff --git a/include/plugins/qemu-plugin.h b/include/plugins/qemu-plugin.h
index 17a834dca9..bbd21e79c5 100644
--- a/include/plugins/qemu-plugin.h
+++ b/include/plugins/qemu-plugin.h
@@ -1246,6 +1246,12 @@ void qemu_plugin_u64_set(qemu_plugin_u64 entry, unsi=
gned int vcpu_index,
 QEMU_PLUGIN_API
 uint64_t qemu_plugin_u64_sum(qemu_plugin_u64 entry);
=20
+QEMU_PLUGIN_API
+uint64_t qemu_plugin_get_virtual_clock_ns(void);
+
+QEMU_PLUGIN_API
+void qemu_plugin_timer_virt_ns(uint64_t time, void (*cb)(void*), void *opa=
que);
+
 #ifdef __cplusplus
 } /* extern "C" */
 #endif
diff --git a/plugins/api.c b/plugins/api.c
index 04ca7da7f1..609ea69293 100644
--- a/plugins/api.c
+++ b/plugins/api.c
@@ -39,6 +39,7 @@
 #include "qemu/main-loop.h"
 #include "qemu/plugin.h"
 #include "qemu/log.h"
+#include "qemu/timer.h"
 #include "system/memory.h"
 #include "tcg/tcg.h"
 #include "exec/gdbstub.h"
@@ -652,3 +653,31 @@ uint64_t qemu_plugin_u64_sum(qemu_plugin_u64 entry)
     return total;
 }
=20
+typedef struct {
+    void (*cb)(void *opaque);
+    void* opaque;
+    QEMUTimer *timer;
+} qemu_plugin_timer_data;
+
+static void timer_cb(void* opaque)
+{
+    qemu_plugin_timer_data *data =3D (qemu_plugin_timer_data*)opaque;
+
+    data->cb(data->opaque);
+
+    timer_free(data->timer);
+    g_free(data);
+}
+
+QEMU_PLUGIN_API
+void qemu_plugin_timer_virt_ns(uint64_t time, void (*cb)(void*), void *opa=
que)
+{
+    qemu_plugin_timer_data* data =3D g_new0(qemu_plugin_timer_data, 1);
+
+    data->cb =3D cb;
+    data->opaque =3D opaque;
+
+    data->timer =3D timer_new_ns(QEMU_CLOCK_VIRTUAL, timer_cb, data);
+
+    timer_mod(data->timer, time);
+}
--=20
2.43.0
From nobody Mon Apr  6 18:23:06 2026
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org;
	dmarc=pass(p=none dis=none)  header.from=gmail.com
ARC-Seal: i=1; a=rsa-sha256; t=1773830911; cv=none;
	d=zohomail.com; s=zohoarc;
	b=ArKYySQwlAo225wuIdGutt7LDIaiBlDaxBqaXWl+EWCGFFX8oemGGkzqf2/0dvnVaAQeTB80mWcw1MddVjeyX/0RCJ34d6iodd2DtD9Hxe9r3krmZJZAs09e4ytr3CfwFcuuJkQMrM9fgUQynTNUpv9qDOGZbCSho61ZoKqklSQ=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1773830911;
 h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To;
	bh=TUGPmMKqMk4+vVhGesc7w5uFwyBaXJELY7Ee1310cEg=;
	b=FKOlYiTZdg/++Stk7wbz3K1+4iXIU4wfxvN1XdTKlio/WdSLkZz9y/OMjBNFdiXoUWHJln8HRtDrzKEbw0KK6PEFqpaBHCC5xwiuzm6nUkDtCCCKZcunVddmSV4hWb6z3LhiVmR5LXeLA7Wv2sOPoX7fg+z0EDPshoqU2sEY3yo=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org;
	dmarc=pass header.from=<ruslichenko.r@gmail.com> (p=none dis=none)
Return-Path: <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by
 mx.zohomail.com
	with SMTPS id 1773830911649963.6619636480054;
 Wed, 18 Mar 2026 03:48:31 -0700 (PDT)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <qemu-devel-bounces@nongnu.org>)
	id 1w2oQk-0003ZK-51; Wed, 18 Mar 2026 06:47:14 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <ruslichenko.r@gmail.com>)
 id 1w2oQc-0003Vu-0X
 for qemu-devel@nongnu.org; Wed, 18 Mar 2026 06:47:06 -0400
Received: from mail-wm1-x334.google.com ([2a00:1450:4864:20::334])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <ruslichenko.r@gmail.com>)
 id 1w2oQa-0003LH-Bq
 for qemu-devel@nongnu.org; Wed, 18 Mar 2026 06:47:05 -0400
Received: by mail-wm1-x334.google.com with SMTP id
 5b1f17b1804b1-48540355459so65282845e9.3
 for <qemu-devel@nongnu.org>; Wed, 18 Mar 2026 03:47:03 -0700 (PDT)
Received: from thinkpad-t470s.. (93-143-80-194.adsl.net.t-com.hr.
 [93.143.80.194]) by smtp.googlemail.com with ESMTPSA id
 5b1f17b1804b1-486f420de8asm56471095e9.3.2026.03.18.03.47.00
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Wed, 18 Mar 2026 03:47:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=gmail.com; s=20230601; t=1773830822; x=1774435622; darn=nongnu.org;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:from:to:cc:subject:date
 :message-id:reply-to;
 bh=TUGPmMKqMk4+vVhGesc7w5uFwyBaXJELY7Ee1310cEg=;
 b=OKDaNc9sj0GiPK0c6w629I/wsrECCKf+GrKf/VJs3A6ciB66phCV62enN1qL/NPItd
 h+oLor9Kccm2uKyovBUH/gwY6Kx0/5AsCFnBs+dPad4WLRjoB8tUXpGG2QgjviRUTSg0
 C2A+PKWxd5a2ee9XOSDQbh77FYhJO0tKgLCASXz5Zzb24WYFxFqsv336vRTogUELWiFk
 F7nkB0Ftg1ssxBeUdJDya9wMJfKROl1WuySduqhhKxf0cQJPENPCbh1oy7jrieHrL+tU
 OcMuA9pmnoG/Oo3yH2YxkP3N1e+dPwB4PfaIH1IJPggvytuSogB7Of6aLwcEV4dMJWfU
 qrTA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20251104; t=1773830822; x=1774435622;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from
 :to:cc:subject:date:message-id:reply-to;
 bh=TUGPmMKqMk4+vVhGesc7w5uFwyBaXJELY7Ee1310cEg=;
 b=luJ7GLriVZ21azGLYTUJCKDSkj/44ZVKYgqKBJclDy2yrX7sAphjj8u9HEsHoR0xHa
 yvh5HHDGwidcp+CkLpt2hRE+Ia+jj+HDt0zSgNHj1d7qaO8bZ4HZvR0MnhwdcOuSfI1P
 EQLkAipKPaBzN/e1cArllwcB6lAawHCIUk1XtHZRiEe/tPM9am54JlnCrRGtl1D+VVVz
 kqfQxsjrbuHhTqsHilZ2Ues9Jj6nof3qE3G6rTw4c9rrhBNKzex3Pmpwm0jjG1MKsOvD
 3cNhCVlm3kQ3d7ztzT8V3UnCunslCO7VGZbI7ZAles4lE4EtANl4Z90QGXrn4Q/TID4z
 zwPQ==
X-Gm-Message-State: AOJu0YxGKSbADbFhibeaeSrIa9l8zFimRjiRZ38q1QIexAPPwSSARzq5
 9HNO4HzSnZdkk7j9fTqjLPpLbUrnGvDEAT0HEg0lPqCsMgzrYJj4fc+28tUIK/NZ
X-Gm-Gg: ATEYQzy+TXjRcyX7Th+GoQOe7YP1r/fHvntrVHEmZAcwp2eB9quQEodNzub+LVVR0Yd
 mUcIg3TZf7uj64ddNA5kbipfs1wLS+asUAPGEJJLUkXGcTO//HUd1qfXX+foxwy2hhZfnJz0is0
 OaJ5uEfqGkZiUMD/pLtyHSUeoy1eqiSKa5zJNR2rY3+gxAAMF2ZbVGaG7AGCsGLhTk4pwkTnbfS
 ncNagcOqbZo723MPy8O9hi7lOTiz24+gPTDze/4gMKwtU29KejT+VF2iQtR6GwgY6c59lhGy1Ea
 Il7mBeDukzAx68tgW7SsOu/UyNeq3X0exLo2MJ0YHjID6CQbuZRYo3OwtF2aS9o+I5pwH/NEAB0
 WNr7xubo1VOW5idlpU0MGuw+A3yzAFAHgjGU/FO/TYLVhpVfLTMrIrRI68Q0hYF/5k+iztZ4j6s
 086nVt0W/LHJNGDl0VQKAG5v5ZsHf7oU0MqSdwZ73W/Lahblk8+MKwLEMkFVJZM31NPw==
X-Received: by 2002:a05:600c:810c:b0:477:b642:9dc1 with SMTP id
 5b1f17b1804b1-486f4475342mr47765135e9.20.1773830822041;
 Wed, 18 Mar 2026 03:47:02 -0700 (PDT)
From: Ruslan Ruslichenko <ruslichenko.r@gmail.com>
To: qemu-devel@nongnu.org
Cc: qemu-arm@nongnu.org, artem_mygaiev@epam.com, volodymyr_babchuk@epam.com,
 alex.bennee@linaro.org, peter.maydell@linaro.org,
 pierrick.bouvier@linaro.org, philmd@linaro.org, Ruslan_Ruslichenko@epam.com
Subject: [RFC PATCH 3/9] plugins: Expose Transaction Block cache flush API to
 plugins
Date: Wed, 18 Mar 2026 11:46:34 +0100
Message-ID: <20260318104640.239752-4-ruslichenko.r@gmail.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <20260318104640.239752-1-ruslichenko.r@gmail.com>
References: <20260318104640.239752-1-ruslichenko.r@gmail.com>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17
 as permitted sender) client-ip=209.51.188.17;
 envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org;
 helo=lists.gnu.org;
Received-SPF: pass client-ip=2a00:1450:4864:20::334;
 envelope-from=ruslichenko.r@gmail.com; helo=mail-wm1-x334.google.com
X-Spam_score_int: -20
X-Spam_score: -2.1
X-Spam_bar: --
X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001,
 RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: qemu development <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org
Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org
X-ZohoMail-DKIM: pass (identity @gmail.com)
X-ZM-MESSAGEID: 1773830913597154100
Content-Type: text/plain; charset="utf-8"

From: Ruslan Ruslichenko <Ruslan_Ruslichenko@epam.com>

The patch introduces qemu_plugin_flush_tb_cache() to the plugin API,
allowing plugins to invalidate QEMU translate code cache.

If a plugin needs to dynamically register a new instruction or memory
callback, the new hooks may not be triggered for code blocks that
QEMU has already translated and cached. This API allows QEMU
re-translate TB, so that new applied hooks will take effect.

Signed-off-by: Ruslan Ruslichenko <Ruslan_Ruslichenko@epam.com>
---
 include/plugins/qemu-plugin.h |  3 +++
 plugins/api.c                 |  6 ++++++
 plugins/core.c                | 11 +++++++++++
 plugins/plugin.h              |  2 ++
 4 files changed, 22 insertions(+)

diff --git a/include/plugins/qemu-plugin.h b/include/plugins/qemu-plugin.h
index bbd21e79c5..a68427536f 100644
--- a/include/plugins/qemu-plugin.h
+++ b/include/plugins/qemu-plugin.h
@@ -1246,6 +1246,9 @@ void qemu_plugin_u64_set(qemu_plugin_u64 entry, unsig=
ned int vcpu_index,
 QEMU_PLUGIN_API
 uint64_t qemu_plugin_u64_sum(qemu_plugin_u64 entry);
=20
+QEMU_PLUGIN_API
+void qemu_plugin_flush_tb_cache(void);
+
 QEMU_PLUGIN_API
 uint64_t qemu_plugin_get_virtual_clock_ns(void);
=20
diff --git a/plugins/api.c b/plugins/api.c
index 609ea69293..fa650e1219 100644
--- a/plugins/api.c
+++ b/plugins/api.c
@@ -653,6 +653,12 @@ uint64_t qemu_plugin_u64_sum(qemu_plugin_u64 entry)
     return total;
 }
=20
+QEMU_PLUGIN_API
+void qemu_plugin_flush_tb_cache(void)
+{
+    plugin_flush_tb_cache();
+}
+
 typedef struct {
     void (*cb)(void *opaque);
     void* opaque;
diff --git a/plugins/core.c b/plugins/core.c
index 42fd986593..462f4bae81 100644
--- a/plugins/core.c
+++ b/plugins/core.c
@@ -21,6 +21,7 @@
 #include "qemu/rcu.h"
 #include "exec/tb-flush.h"
 #include "tcg/tcg-op-common.h"
+#include "qemu/main-loop.h"
 #include "plugin.h"
=20
 struct qemu_plugin_cb {
@@ -888,3 +889,13 @@ enum qemu_plugin_cb_flags tcg_call_to_qemu_plugin_cb_f=
lags(int flags)
         return QEMU_PLUGIN_CB_RW_REGS;
     }
 }
+
+void plugin_flush_tb_cache(void)
+{
+    CPUState *cpu =3D qemu_get_cpu(0);
+    if (cpu) {
+        queue_tb_flush(cpu);
+
+        qemu_cpu_kick(cpu);
+    }
+}
diff --git a/plugins/plugin.h b/plugins/plugin.h
index 6fbc443b96..0bf819536b 100644
--- a/plugins/plugin.h
+++ b/plugins/plugin.h
@@ -125,4 +125,6 @@ void plugin_scoreboard_free(struct qemu_plugin_scoreboa=
rd *score);
  */
 void qemu_plugin_fillin_mode_info(qemu_info_t *info);
=20
+void plugin_flush_tb_cache(void);
+
 #endif /* PLUGIN_H */
--=20
2.43.0
From nobody Mon Apr  6 18:23:06 2026
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org;
	dmarc=pass(p=none dis=none)  header.from=gmail.com
ARC-Seal: i=1; a=rsa-sha256; t=1773830923; cv=none;
	d=zohomail.com; s=zohoarc;
	b=NrrtMP0I4szX0x8MAWRFVcASSLlpNRBwShacjhf+tUBYykDphpOt9um5asOXQOUGjdvvb0TqwC+sZBOclXLKMlZ+VLwo9zRlEm6nJjyAKcijO3UTrGjZCvUvjrQuqc/zruY4myO76aoiV6b88F/v0UJls0aEwCEthEuxiTfuJ+0=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1773830923;
 h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To;
	bh=ZccvTnv2HkjQxcvO+im/Zhj/O+R+gRIbwLk7ilc4DiI=;
	b=VHd59spPCYAYvS/rjkZ9YAAvKqcw2/w6N/ZRiwnPtwTYTHaWZjwfK2rA7po4Ev/E5UH651NB8m9sUW8dVvN+TB1vBIqW1L1g6VyZKVHg1QTOSF5xcxBEAedJP2NWkeIYbc5no52Xj7GEmHoEW3I19KEtjHzLQ0OZdh6ilZOKV3o=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org;
	dmarc=pass header.from=<ruslichenko.r@gmail.com> (p=none dis=none)
Return-Path: <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by
 mx.zohomail.com
	with SMTPS id 1773830923760328.72624145494353;
 Wed, 18 Mar 2026 03:48:43 -0700 (PDT)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <qemu-devel-bounces@nongnu.org>)
	id 1w2oQp-0003bu-Qz; Wed, 18 Mar 2026 06:47:19 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <ruslichenko.r@gmail.com>)
 id 1w2oQd-0003X5-LK
 for qemu-devel@nongnu.org; Wed, 18 Mar 2026 06:47:08 -0400
Received: from mail-wm1-x330.google.com ([2a00:1450:4864:20::330])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <ruslichenko.r@gmail.com>)
 id 1w2oQb-0003Lh-D3
 for qemu-devel@nongnu.org; Wed, 18 Mar 2026 06:47:07 -0400
Received: by mail-wm1-x330.google.com with SMTP id
 5b1f17b1804b1-48539d21b76so49446455e9.1
 for <qemu-devel@nongnu.org>; Wed, 18 Mar 2026 03:47:05 -0700 (PDT)
Received: from thinkpad-t470s.. (93-143-80-194.adsl.net.t-com.hr.
 [93.143.80.194]) by smtp.googlemail.com with ESMTPSA id
 5b1f17b1804b1-486f420de8asm56471095e9.3.2026.03.18.03.47.02
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Wed, 18 Mar 2026 03:47:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=gmail.com; s=20230601; t=1773830823; x=1774435623; darn=nongnu.org;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:from:to:cc:subject:date
 :message-id:reply-to;
 bh=ZccvTnv2HkjQxcvO+im/Zhj/O+R+gRIbwLk7ilc4DiI=;
 b=O6gQuZ8GfxeS8/hu7E1rkowN8SojwCj0JanjYlV1dZG+Zs/wTnsY/g4BKxZbhe7RTe
 sT178ful8HQlZZK52rHQ3QsK3Hvj7Em0ys13cxzO+88tT1AALcEssNHTEGdh/t224yQb
 Rv/gROub1SucHQ9FTJ2YNu6mBTJGJpwkYBjLMCzNrQ2p50r8kJW8VmpdetqgzpgbEyjo
 t3qtdLhippAcXja33/ZD2/uSnSVxh52Y6+KgI1GjlufmLVGbHaCBC43x4nC3lUNKuHS/
 xRByuwbwqUUZK6T/VgN3cIR/wTklKxEl5O9Nbe9pcx1RKLyntoNS9e5a7mmZ8hczVMpK
 a+9A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20251104; t=1773830824; x=1774435624;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from
 :to:cc:subject:date:message-id:reply-to;
 bh=ZccvTnv2HkjQxcvO+im/Zhj/O+R+gRIbwLk7ilc4DiI=;
 b=rI+p6uO2rj6gzdoYsRXIuLgzrU8ms+zwJN3c8htWdgnLn9rNi5TwIU+arOhVJ7WmGx
 5TyZRsl3jCTkN1+xhTDpPQU2koCEPf7A0oNH/K52V2a7f3i0VFHCmgUNKdHzATOD/4HM
 CiMyNJNY3isFet9rdHAFI+12V2GOlslC7i6ywXUG1KnJCh+SpHLwgGk2s9kDarVCaBKD
 50K44M+GDop3IZE9pynRjwKZBC7q75NT47zVYVt7Cs53gJPsGKdHA6KqsJw6xWNxemdX
 ZT4soaZklhXJKmuH7yupCeZg8YQENiXfRna0t6FZ7jKWPZD6BfKPxGr/UuY/tlaM4rum
 zgVg==
X-Gm-Message-State: AOJu0YzXTssguRSbOVCW6kZ2otFzIaofNEFeOKsUSm4UbY4KASFDuADm
 A0sW6GXS6xJoY7g1accWmCj4qe9TqrxAw3J/H+F2vy1rmD4P16rqCETUA1dzB3SU
X-Gm-Gg: ATEYQzxZi38EpXf6tnXI5V3t5RevzZOVErZ7/+eXrljZ3hQCNMETZGQ8WUtodWqgVZA
 kdc31j2Uq+X8U7Uo4VgSAVr8ev3vWBXiOilFQxa8IIo2y2L70nWaBO9oiLJUnw/2DX/QffUBecD
 a3RClyZyUEyzU0XLd1kQ8WhNTG1Xzn38IODDLrPm9ZX3XbEozo0WFIjXnfUft05TMRaPsGTnJCx
 DYs8o2i6rLrx+yOnVeeiO1u+2WwR1mEOSYaWfdnHduMWX1v881Q8yFNX2gjtiXffh7sJ/HazMSs
 /oC7eaEKvqggLUoIN0peBdNamic9MKtBat35jx895jxEqcO13P9kll2P2iO/udJ08YmihBdE+Un
 a1/DI2vQzitXRSjBYoRmxSgbqnS17/1E9IzrGU1yuXeteAEF83EvsZI/ObNfy9twmQYEwq4AiEb
 Ldh+Wkjmr5EJw6U8cRAzcTR+nXNo0SOgL7qqpDCaUDnwln6qm28W4XnuMEai8NzBymtg==
X-Received: by 2002:a05:600c:5248:b0:485:2f6a:6ed with SMTP id
 5b1f17b1804b1-486f4451b9amr52307335e9.28.1773830823435;
 Wed, 18 Mar 2026 03:47:03 -0700 (PDT)
From: Ruslan Ruslichenko <ruslichenko.r@gmail.com>
To: qemu-devel@nongnu.org
Cc: qemu-arm@nongnu.org, artem_mygaiev@epam.com, volodymyr_babchuk@epam.com,
 alex.bennee@linaro.org, peter.maydell@linaro.org,
 pierrick.bouvier@linaro.org, philmd@linaro.org, Ruslan_Ruslichenko@epam.com
Subject: [RFC PATCH 4/9] plugins: Introduce fault injection API and core
 subsystem
Date: Wed, 18 Mar 2026 11:46:35 +0100
Message-ID: <20260318104640.239752-5-ruslichenko.r@gmail.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <20260318104640.239752-1-ruslichenko.r@gmail.com>
References: <20260318104640.239752-1-ruslichenko.r@gmail.com>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17
 as permitted sender) client-ip=209.51.188.17;
 envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org;
 helo=lists.gnu.org;
Received-SPF: pass client-ip=2a00:1450:4864:20::330;
 envelope-from=ruslichenko.r@gmail.com; helo=mail-wm1-x330.google.com
X-Spam_score_int: -20
X-Spam_score: -2.1
X-Spam_bar: --
X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001,
 RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=unavailable autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: qemu development <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org
Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org
X-ZohoMail-DKIM: pass (identity @gmail.com)
X-ZM-MESSAGEID: 1773830924637158500
Content-Type: text/plain; charset="utf-8"

From: Ruslan Ruslichenko <Ruslan_Ruslichenko@epam.com>

The patch adds infrastructure of fault injection API to plugins.
The following capabilities introduced:

- MMIO overrides: Allows plugins to register callbacks that intercept
  MMIO accesses.
- IRQ injection: Provides mechanism to raise or pulse hardware irq's
  directly to primary interrupt controller.
- CPU Excheption injection: Provides API for injecting CPU exceptions.
  As of now only ARM targets supported.
- Custom Fault Registry: Implements a registry allowing QEMU device
  models to expose custom, device-specific fault handlers. Plugins
  can trigger these dynamically by name.

Signed-off-by: Ruslan Ruslichenko <Ruslan_Ruslichenko@epam.com>
---
 include/plugins/qemu-plugin.h |  19 ++++++
 include/qemu/plugin.h         |  39 ++++++++++++
 plugins/api.c                 |  27 ++++++++
 plugins/fault.c               | 116 ++++++++++++++++++++++++++++++++++
 plugins/meson.build           |   1 +
 5 files changed, 202 insertions(+)
 create mode 100644 plugins/fault.c

diff --git a/include/plugins/qemu-plugin.h b/include/plugins/qemu-plugin.h
index a68427536f..96e2787788 100644
--- a/include/plugins/qemu-plugin.h
+++ b/include/plugins/qemu-plugin.h
@@ -1255,6 +1255,25 @@ uint64_t qemu_plugin_get_virtual_clock_ns(void);
 QEMU_PLUGIN_API
 void qemu_plugin_timer_virt_ns(uint64_t time, void (*cb)(void*), void *opa=
que);
=20
+typedef bool (*qemu_plugin_mmio_override_cb_t)(uint64_t hwaddr,
+                                               unsigned size,
+                                               bool is_write,
+                                               uint64_t *value);
+
+QEMU_PLUGIN_API
+void qemu_plugin_register_mmio_override_cb(qemu_plugin_id_t id,
+                                           qemu_plugin_mmio_override_cb_t =
cb);
+
+QEMU_PLUGIN_API
+void qemu_plugin_inject_irq(int irq_num, int cpu, bool pulse);
+
+QEMU_PLUGIN_API
+void qemu_plugin_inject_exception(int excp_index, uint32_t data);
+
+QEMU_PLUGIN_API
+void qemu_plugin_trigger_custom_fault(const char *fault_name, void *target=
_data,
+                                      void *fault_data);
+
 #ifdef __cplusplus
 } /* extern "C" */
 #endif
diff --git a/include/qemu/plugin.h b/include/qemu/plugin.h
index ddd77bd82c..4cb01b2125 100644
--- a/include/qemu/plugin.h
+++ b/include/qemu/plugin.h
@@ -43,6 +43,11 @@ get_plugin_meminfo_rw(qemu_plugin_meminfo_t i)
     return i >> 16;
 }
=20
+typedef void (*plugin_irq_inject_cb) (void *opaque, int irq,
+                                      int cpu, bool pulse);
+
+typedef void (*plugin_custom_fault_cb)(void *target_data, void *fault_data=
);
+
 #ifdef CONFIG_PLUGIN
 extern QemuOptsList qemu_plugin_opts;
=20
@@ -234,6 +239,27 @@ static inline enum qemu_plugin_cb_flags qemu_plugin_ge=
t_cb_flags(void)
     return current_cpu->neg.plugin_cb_flags;
 }
=20
+void plugin_register_mmio_override_cb(qemu_plugin_id_t id,
+                                      qemu_plugin_mmio_override_cb_t cb);
+
+bool plugin_mmio_override_cb_invoke(uint64_t hwaddr,
+                                    uint64_t size,
+                                    bool is_write,
+                                    uint64_t* data);
+
+void plugin_register_intc(void *opaque, plugin_irq_inject_cb cb);
+
+void plugin_inject_irq(int irq_num, int cpu, bool pulse);
+
+void plugin_inject_exception(int excp_index, uint32_t data);
+
+void plugin_register_custom_fault(const char *fault_name,
+                                  plugin_custom_fault_cb cb);
+
+void plugin_trigger_custom_fault(const char* fault_name, void *target_data,
+                                 void *fault_data);
+
+
 #else /* !CONFIG_PLUGIN */
=20
 static inline void qemu_plugin_add_opts(void)
@@ -324,6 +350,19 @@ static inline void qemu_plugin_user_prefork_lock(void)
 static inline void qemu_plugin_user_postfork(bool is_child)
 { }
=20
+static inline bool plugin_mmio_override_cb_invoke(uint64_t hwaddr,
+                                                  uint64_t size,
+                                                  bool is_write,
+                                                  void* data)
+{ return false; }
+
+static void plugin_register_intc(void *opaque, plugin_irq_inject_cb cb)
+{ }
+
+static void plugin_register_custom_fault(const char *fault_name,
+                                         plugin_custom_fault_cb cb)
+{ }
+
 #endif /* !CONFIG_PLUGIN */
=20
 #endif /* QEMU_PLUGIN_H */
diff --git a/plugins/api.c b/plugins/api.c
index fa650e1219..0adeaa0bc3 100644
--- a/plugins/api.c
+++ b/plugins/api.c
@@ -687,3 +687,30 @@ void qemu_plugin_timer_virt_ns(uint64_t time, void (*c=
b)(void*), void *opaque)
=20
     timer_mod(data->timer, time);
 }
+
+uint64_t qemu_plugin_get_virtual_clock_ns(void)
+{
+    return qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL);
+}
+
+void qemu_plugin_register_mmio_override_cb(qemu_plugin_id_t id,
+                                           qemu_plugin_mmio_override_cb_t =
cb)
+{
+    plugin_register_mmio_override_cb(id, cb);
+}
+
+void qemu_plugin_inject_irq(int irq_num, int cpu, bool pulse)
+{
+    plugin_inject_irq(irq_num, cpu, pulse);
+}
+
+void qemu_plugin_inject_exception(int excp_index, uint32_t data)
+{
+    plugin_inject_exception(excp_index, data);
+}
+
+void qemu_plugin_trigger_custom_fault(const char *fault_name,
+                                      void *target_data, void *fault_data)
+{
+    plugin_trigger_custom_fault(fault_name, target_data, fault_data);
+}
diff --git a/plugins/fault.c b/plugins/fault.c
new file mode 100644
index 0000000000..8f7c1e1333
--- /dev/null
+++ b/plugins/fault.c
@@ -0,0 +1,116 @@
+/*
+ * Fault Injection Core Subsystem
+ *
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ */
+
+#include "qemu/osdep.h"
+#include "qemu/log.h"
+#include "cpu.h"
+#include "qemu/main-loop.h"
+#include "hw/core/irq.h"
+#include "qemu/plugin.h"
+
+typedef struct {
+    qemu_plugin_id_t id;
+    qemu_plugin_mmio_override_cb_t cb;
+} MMIOOverrideEntry;
+
+static GArray *mmio_callbacks =3D NULL;
+
+void *intc_opaque;
+static plugin_irq_inject_cb irq_inject_cb =3D NULL;
+
+static GHashTable *fault_registry =3D NULL;
+
+void plugin_register_mmio_override_cb(qemu_plugin_id_t id,
+                                      qemu_plugin_mmio_override_cb_t cb)
+{
+    if (!mmio_callbacks) {
+        mmio_callbacks =3D g_array_new(FALSE, FALSE,
+                        sizeof(MMIOOverrideEntry));
+    }
+
+    MMIOOverrideEntry entry =3D { .id =3D id, .cb =3D cb };
+    g_array_append_val(mmio_callbacks, entry);
+}
+
+bool plugin_mmio_override_cb_invoke(uint64_t hwaddr,
+                                    uint64_t size,
+                                    bool is_write,
+                                    uint64_t* data)
+{
+    if (!mmio_callbacks) {
+        return false;
+    }
+
+    for (int i =3D 0; i < mmio_callbacks->len; ++i) {
+        MMIOOverrideEntry *entry =3D &g_array_index(mmio_callbacks,
+                                                  MMIOOverrideEntry, i);
+        if (entry->cb(hwaddr, size, is_write, data)) {
+            /* Stop on first match */
+            return true;
+        }
+    }
+
+    return false;
+}
+
+void plugin_register_intc(void *opaque, plugin_irq_inject_cb cb)
+{
+    intc_opaque =3D opaque;
+    irq_inject_cb =3D cb;
+}
+
+void plugin_inject_irq(int irq_num, int cpu, bool pulse)
+{
+    if (!irq_inject_cb) {
+        return;
+    }
+
+    bool locked =3D bql_locked();
+
+    if (!locked) {
+        bql_lock();
+    }
+
+    irq_inject_cb(intc_opaque, irq_num, cpu, pulse);
+
+    if (!locked) {
+        bql_unlock();
+    }
+}
+
+void plugin_inject_exception(int excp_index, uint32_t data)
+{
+#if defined (TARGET_ARM)
+    arm_cpu_inject_exception(excp_index, data);
+#else
+    qemu_log_mask(LOG_UNIMP,
+                  "FI: Injecting exception is not supported for this targe=
t\n");
+#endif
+}
+
+void plugin_register_custom_fault(const char *fault_name,
+                                  plugin_custom_fault_cb cb){
+    if (!fault_registry) {
+        fault_registry =3D g_hash_table_new_full(g_str_hash, g_str_equal,
+                                               g_free, NULL);
+    }
+
+    g_hash_table_insert(fault_registry, g_strdup(fault_name), cb);
+}
+
+void plugin_trigger_custom_fault(const char* fault_name, void *target_data,
+                                 void *fault_data)
+{
+    plugin_custom_fault_cb cb =3D NULL;
+
+    if (fault_registry) {
+        cb =3D g_hash_table_lookup(fault_registry, fault_name);
+    }
+
+    if (cb) {
+        cb(target_data, fault_data);
+    }
+}
diff --git a/plugins/meson.build b/plugins/meson.build
index 9899f166ee..8995ce5977 100644
--- a/plugins/meson.build
+++ b/plugins/meson.build
@@ -86,3 +86,4 @@ system_ss.add(files('api.c', 'core.c'))
=20
 common_ss.add(files('loader.c'))
=20
+specific_ss.add(files('fault.c'))
--=20
2.43.0
From nobody Mon Apr  6 18:23:06 2026
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org;
	dmarc=pass(p=none dis=none)  header.from=gmail.com
ARC-Seal: i=1; a=rsa-sha256; t=1773830944; cv=none;
	d=zohomail.com; s=zohoarc;
	b=anoYmw9VrHmnaxIZaLLrm4ytSSVf50wD3teVTX63iFXJVquq3DwNXdCRn1Phea5hTpRigR3/aYmrkRvVw+mCyr3n+Fmyw1d4uTp1dJhQa6t/W9OK/NSV+7Nc2Glt01CWZZ3evRM9yVL4bXYlaXKXceRlhNAbCzg7cynX/5qP4WQ=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1773830944;
 h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To;
	bh=mwNzQtxUIpOJ3mykV9HQnVdMQ33xK3MaNnp/Zcfgj3c=;
	b=D8Op+nddySvJ4JC/cZFHPOy+Em49gJgRQxTPXK7OneK8qh3KjjhwX7jpm12Nuj2Th4M2H1oMDEqHSUW1V1ZGeOD5FqKVZQ/+CZFnmvDnyhXBXTCnsWaHvALpfY2v8oV3mAEWLA5IMzReI5yTrtw3XuH5TzjGSGVh8bUFWy3sUjQ=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org;
	dmarc=pass header.from=<ruslichenko.r@gmail.com> (p=none dis=none)
Return-Path: <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by
 mx.zohomail.com
	with SMTPS id 1773830944509123.23038421707952;
 Wed, 18 Mar 2026 03:49:04 -0700 (PDT)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <qemu-devel-bounces@nongnu.org>)
	id 1w2oQl-0003aQ-Dp; Wed, 18 Mar 2026 06:47:15 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <ruslichenko.r@gmail.com>)
 id 1w2oQe-0003X9-7a
 for qemu-devel@nongnu.org; Wed, 18 Mar 2026 06:47:09 -0400
Received: from mail-wm1-x331.google.com ([2a00:1450:4864:20::331])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <ruslichenko.r@gmail.com>)
 id 1w2oQc-0003Lw-K1
 for qemu-devel@nongnu.org; Wed, 18 Mar 2026 06:47:07 -0400
Received: by mail-wm1-x331.google.com with SMTP id
 5b1f17b1804b1-4838c15e3cbso61622475e9.3
 for <qemu-devel@nongnu.org>; Wed, 18 Mar 2026 03:47:06 -0700 (PDT)
Received: from thinkpad-t470s.. (93-143-80-194.adsl.net.t-com.hr.
 [93.143.80.194]) by smtp.googlemail.com with ESMTPSA id
 5b1f17b1804b1-486f420de8asm56471095e9.3.2026.03.18.03.47.03
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Wed, 18 Mar 2026 03:47:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=gmail.com; s=20230601; t=1773830825; x=1774435625; darn=nongnu.org;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:from:to:cc:subject:date
 :message-id:reply-to;
 bh=mwNzQtxUIpOJ3mykV9HQnVdMQ33xK3MaNnp/Zcfgj3c=;
 b=f5brf6l4LsXP9WOi9BpcG7FIC0yWtqOz5WKnz8TCB7WssKcq/di+qsJjBPFNI8jpAE
 DUkCnWRGJzM9vdIUGKJbIsukBgECOdiDwgYkkAFnFUDTcmUnHSBLRPn206yFrteEjldY
 P7QSeiGFktloqs1IWgKW/XariEsp3XRWAWeWOtHN0qkXRmR47wDV+85CVt/IXVdwJ4Rn
 7MwvyCDGhaGO686sohv1oDnO1oWr58kGy9wNfyeAA3+fv4bBA37kKud6NE8/yV562VCX
 hBChJ3kEYtaU4XRDui6Dyt4/pKzPIHPCYJzZzKwiXA/NSexLioCgs+VZx2xHCVF3ZJdd
 9XsQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20251104; t=1773830825; x=1774435625;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from
 :to:cc:subject:date:message-id:reply-to;
 bh=mwNzQtxUIpOJ3mykV9HQnVdMQ33xK3MaNnp/Zcfgj3c=;
 b=r9vGiIIOsvEMkwxqQyRka9frZ61wxFx1do49rYYJO0XR2maGcAfAISkzpY6ddjw5rN
 h5BG3gRJDexCTTrQvVmUymp9MIR2KjMMir4Pv2k2kcgcFGIyktPYfv961NK9OVX+BFJf
 236BcDILKe/kwVU1/yEmJ296ruuZYcI35ZvPnDjHkoNjBfKamufR5JqyldvXUHXyzmGZ
 82MbfdgYZCluOor5bFC5N9Hno//25khy2l4fGKE6PnVqI9EBJ5huSrI84uo0mbeHEZQw
 HP6z7dIC/HD5N2+ydv+fm+EgGB2oF/LGr5o93dVF3Sg8TwyNVrvB/k24Ydtj+MNH0gov
 zH1A==
X-Gm-Message-State: AOJu0YzdFq6E58NGKU2PwM2BP1j2/l2N1y5Y35jFEhgzazZk0yiLA2fa
 B/UNNSzTDZrIK/YIuVWOTcvq1GhroNMloefxhwhOrRzFD4MY7AkdnpBgmPusYXu5
X-Gm-Gg: ATEYQzxTPZy5RuNkRhNCNN+XVEPTVtvCysTqp4sqEVJQJ+senQn8fyNvuDtFrFYYGmP
 7dhwhoSeVpthEwmpvKxz7OmqZV4VklxoI63247qWrIn1msC0j/YhLc2SUmzJPkIBohaHIQOwZnL
 tuImgdtfDw/rq/VE4nuUPVNXb92zNUgmaXMYulS639BcIvrD1cpAmpvkwUIVw2pWC8Y/l7f5zkc
 I1WbFf8vKSq6QGFTXwTkyLl9wdsvVypQB8maUwG3b6EubgLuiA9YdobFsT+cewchrQGqdPVN/tt
 lHzohHZEqsyy0qm8IGo75MSJLe0JgQvgzHPsVABcCjDRGfQlAfagpYZsw9VK468Z/mmS3MGh5oV
 StoAtUVTd1thu4HnTzqTaol/Y9hRP+rcE3zOBF6/z63668tDZb81Lcry2pFIEIgQuoXAS787mjK
 dLyynV+4GSH22dFyfzgZePQlkWjxSXxfzpQYTxKhU9BY5QY3JwBnU1Nbo69LHXM0UuLw==
X-Received: by 2002:a05:600c:a4b:b0:485:3f17:425 with SMTP id
 5b1f17b1804b1-486f444863emr42876605e9.21.1773830824761;
 Wed, 18 Mar 2026 03:47:04 -0700 (PDT)
From: Ruslan Ruslichenko <ruslichenko.r@gmail.com>
To: qemu-devel@nongnu.org
Cc: qemu-arm@nongnu.org, artem_mygaiev@epam.com, volodymyr_babchuk@epam.com,
 alex.bennee@linaro.org, peter.maydell@linaro.org,
 pierrick.bouvier@linaro.org, philmd@linaro.org, Ruslan_Ruslichenko@epam.com
Subject: [RFC PATCH 5/9] system/memory: Add plugin callbacks to intercept MMIO
 accesses
Date: Wed, 18 Mar 2026 11:46:36 +0100
Message-ID: <20260318104640.239752-6-ruslichenko.r@gmail.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <20260318104640.239752-1-ruslichenko.r@gmail.com>
References: <20260318104640.239752-1-ruslichenko.r@gmail.com>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17
 as permitted sender) client-ip=209.51.188.17;
 envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org;
 helo=lists.gnu.org;
Received-SPF: pass client-ip=2a00:1450:4864:20::331;
 envelope-from=ruslichenko.r@gmail.com; helo=mail-wm1-x331.google.com
X-Spam_score_int: -20
X-Spam_score: -2.1
X-Spam_bar: --
X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001,
 RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=unavailable autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: qemu development <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org
Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org
X-ZohoMail-DKIM: pass (identity @gmail.com)
X-ZM-MESSAGEID: 1773830945979154100
Content-Type: text/plain; charset="utf-8"

From: Ruslan Ruslichenko <Ruslan_Ruslichenko@epam.com>

Add plugin callback to dispatch memory_region_dispath_read/write,
allowing plugins to intercept MMIO operations before they reach
device models, which enable to spoof read values and drop write
accesses.

Signed-off-by: Ruslan Ruslichenko <Ruslan_Ruslichenko@epam.com>
---
 system/memory.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/system/memory.c b/system/memory.c
index c51d0798a8..67a59f6e0a 100644
--- a/system/memory.c
+++ b/system/memory.c
@@ -35,6 +35,7 @@
 #include "hw/core/boards.h"
 #include "migration/vmstate.h"
 #include "system/address-spaces.h"
+#include "qemu/plugin.h"
=20
 #include "memory-internal.h"
=20
@@ -1448,6 +1449,10 @@ static MemTxResult memory_region_dispatch_read1(Memo=
ryRegion *mr,
 {
     *pval =3D 0;
=20
+
+    if (plugin_mmio_override_cb_invoke(mr->addr + addr, size, false, pval))
+        return MEMTX_OK;
+
     if (mr->ops->read) {
         return access_with_adjusted_size(addr, pval, size,
                                          mr->ops->impl.min_access_size,
@@ -1533,6 +1538,9 @@ MemTxResult memory_region_dispatch_write(MemoryRegion=
 *mr,
=20
     adjust_endianness(mr, &data, op);
=20
+    if (plugin_mmio_override_cb_invoke(mr->addr + addr, size, true, &data))
+        return MEMTX_OK;
+
     /*
      * FIXME: it's not clear why under KVM the write would be processed
      * directly, instead of going through eventfd.  This probably should
--=20
2.43.0
From nobody Mon Apr  6 18:23:06 2026
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org;
	dmarc=pass(p=none dis=none)  header.from=gmail.com
ARC-Seal: i=1; a=rsa-sha256; t=1773830913; cv=none;
	d=zohomail.com; s=zohoarc;
	b=chRWHkYYVG1fTdey145/oNxGkxEaR6yk/Y/XP7x0cfxZuJWUHw9MVFgmnSajBJPkqo5Ek9FwUUQX/AcM7+4iaG/6Cf/hYsH2tlYkew+xd0/XvDQ5BYVn1djk2tzw7yPkok7kws27DUmmQXVE6pzxacDKn+xr/8wn3obHgQWtbyQ=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1773830913;
 h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To;
	bh=cYIBQykwSMkrGv+gyaXLV2ztInHFjx95YsKunyyWQjg=;
	b=gBVLwb7RXSTS0CW2DpEUKkHwlgOXuhrP4i0qIPx6+2sKjp4/kVcWYEse3duLF/mxN1bvuqgMzufd4LF9Nau6+89EfypZ9K9iU5/5/OZsouoj+2l0679spR9NXZv72aRxEIfhQ6ITs6nYi10Xl4UpheaXtmlzd1/pwmb/dcxoGnY=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org;
	dmarc=pass header.from=<ruslichenko.r@gmail.com> (p=none dis=none)
Return-Path: <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by
 mx.zohomail.com
	with SMTPS id 1773830913280840.6046241330807;
 Wed, 18 Mar 2026 03:48:33 -0700 (PDT)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <qemu-devel-bounces@nongnu.org>)
	id 1w2oQm-0003af-5B; Wed, 18 Mar 2026 06:47:16 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <ruslichenko.r@gmail.com>)
 id 1w2oQf-0003XL-K4
 for qemu-devel@nongnu.org; Wed, 18 Mar 2026 06:47:11 -0400
Received: from mail-wm1-x330.google.com ([2a00:1450:4864:20::330])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <ruslichenko.r@gmail.com>)
 id 1w2oQd-0003MM-UH
 for qemu-devel@nongnu.org; Wed, 18 Mar 2026 06:47:09 -0400
Received: by mail-wm1-x330.google.com with SMTP id
 5b1f17b1804b1-485392de558so4551335e9.1
 for <qemu-devel@nongnu.org>; Wed, 18 Mar 2026 03:47:07 -0700 (PDT)
Received: from thinkpad-t470s.. (93-143-80-194.adsl.net.t-com.hr.
 [93.143.80.194]) by smtp.googlemail.com with ESMTPSA id
 5b1f17b1804b1-486f420de8asm56471095e9.3.2026.03.18.03.47.04
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Wed, 18 Mar 2026 03:47:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=gmail.com; s=20230601; t=1773830826; x=1774435626; darn=nongnu.org;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:from:to:cc:subject:date
 :message-id:reply-to;
 bh=cYIBQykwSMkrGv+gyaXLV2ztInHFjx95YsKunyyWQjg=;
 b=QMasZ/JUhNsInjOGW9rjgaH9HfWIlDuLw2g+2x1fOGfDxrHjl6x1nh4Ify9CGVKQ43
 3wdhW7l3mVW9CZR9LDjANc6az0fg8t92gu+b3DrqYmWvJyMonbpbfynsVFFsQM8+oy4M
 dkmDoUQgdK6gqfJEIeuErMvgnTb2KVfdzXUvVkOPkHA0dSC8X6GpYgGD9Bw9Tvxckvrg
 xMXnqyPggdyZ1hMOxmEjqajv6kVD0X0fXPJs5qOz0ZxXcJwan7yp5ZzUwn3OWW36hqs+
 CBtLvoRV/6p7khQZhcuxz7sYBbzybSXyX0/JoMQIlnDn/eKlp7iFyHA1V6Q4bwujNcd0
 /8ng==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20251104; t=1773830826; x=1774435626;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from
 :to:cc:subject:date:message-id:reply-to;
 bh=cYIBQykwSMkrGv+gyaXLV2ztInHFjx95YsKunyyWQjg=;
 b=HARC4SCHLByb5770TosFzBRvbSOXHgLqXXHkIFs22u5FO4uF/AcaPXjjx+ZPIWAgTd
 8Gk0CyES5r7aYIxP606K3AnpC1wEU+rX5rH/nlRLKXLK/LPs29wV07SZ9bqjGHipfml3
 cFfjkOneV9aJ6XOiCt1zC3wgIFThXfbHYPyWKRXiGPolJ91UT7kCkposiwYJ7lYtvWgV
 gs1WleHejjulklRmJ7njqdTwbqlz4AIAa5qYQLsayeqA2gqedKXkdk/VHK2Q5sWQoDh4
 QzaKMF0bjvsh/nsrvIKeBJmZ5kRQZUCnD5QDlAjprBxlOfj7I8WWzqQAJJIYgf5/qQ7X
 L4yA==
X-Gm-Message-State: AOJu0YyT3+t6l+1fVrjx4GTUm42Zgopdn0NUX6RnnYF6tWadJhpEwJ63
 PgdlO1iFrM4lUyVgPKR6wKkRJI/zDGev6NRGBmm7f7wNtZgyexj5+IPVOpWpNpK0
X-Gm-Gg: ATEYQzxT3bnh1a7F3VVbHBct2myVAhBZ5jiSoXS9r1vqx+cRVO/Q2wGTW9jx73psQES
 2WapSssvb277F6YID1ynGQhgCSzMYYgyHJgk3MMQ+lzn7b/kLNGMz8Zez/yFwGM84+SVB1qkENh
 6jFM/vJxV3bDN5AofF5dHX4jMw4PDBYXxhMl3Sw1KXkZNh/2vuL1G4dOXzJ4q8d0AGQ0j06TmPH
 x1Gocv4aMzyn88xaPJ1xlCqMQrbhIrBigDBAHS5mFU+TbCQDJjKcUyM18bxL+xbL6w/U2Dt2ynu
 h7/dfAyxGZmsFVKC/pj0znmTrfQ9q9pxeh4BucM6puZtlK7L8gp+4YaONscgLCswg6+mvZ8a/b5
 2dhQ5oGsEdMg+NWY2Og+XImJpYar7kjiEqsLiutdO0a0nH35qghSCNZWEPx7p1hCRudCVjGVwqo
 No3P/bI1uwUcgGn6xvKl75QpMXv3HzZg97HBtNOqxy7nUUi+ySYiCqX3ng0dALaNXMTq86H1O+k
 tl2
X-Received: by 2002:a05:600c:4e42:b0:480:1e40:3d2 with SMTP id
 5b1f17b1804b1-486f446359emr43098145e9.29.1773830826003;
 Wed, 18 Mar 2026 03:47:06 -0700 (PDT)
From: Ruslan Ruslichenko <ruslichenko.r@gmail.com>
To: qemu-devel@nongnu.org
Cc: qemu-arm@nongnu.org, artem_mygaiev@epam.com, volodymyr_babchuk@epam.com,
 alex.bennee@linaro.org, peter.maydell@linaro.org,
 pierrick.bouvier@linaro.org, philmd@linaro.org, Ruslan_Ruslichenko@epam.com
Subject: [RFC PATCH 6/9] hw/intc/arm_gic: Register primary GIC for plugin IRQ
 injection
Date: Wed, 18 Mar 2026 11:46:37 +0100
Message-ID: <20260318104640.239752-7-ruslichenko.r@gmail.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <20260318104640.239752-1-ruslichenko.r@gmail.com>
References: <20260318104640.239752-1-ruslichenko.r@gmail.com>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17
 as permitted sender) client-ip=209.51.188.17;
 envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org;
 helo=lists.gnu.org;
Received-SPF: pass client-ip=2a00:1450:4864:20::330;
 envelope-from=ruslichenko.r@gmail.com; helo=mail-wm1-x330.google.com
X-Spam_score_int: -20
X-Spam_score: -2.1
X-Spam_bar: --
X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001,
 RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: qemu development <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org
Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org
X-ZohoMail-DKIM: pass (identity @gmail.com)
X-ZM-MESSAGEID: 1773830915539154100
Content-Type: text/plain; charset="utf-8"

From: Ruslan Ruslichenko <Ruslan_Ruslichenko@epam.com>

Call plugin_register_primary_intc() at the end of the realization
of both ARM GICv2 and GICv3.

This links the system's primary interrupt controllers ot the
plugins subsystem, so that plugins can inject hardware irqs
using generic qemu_plugin_set_irq() API.

Signed-off-by: Ruslan Ruslichenko <Ruslan_Ruslichenko@epam.com>
---
 hw/intc/arm_gic.c   | 28 ++++++++++++++++++++++++++++
 hw/intc/arm_gicv3.c | 28 ++++++++++++++++++++++++++++
 2 files changed, 56 insertions(+)

diff --git a/hw/intc/arm_gic.c b/hw/intc/arm_gic.c
index 4d4b79e6f3..aef39b3ef7 100644
--- a/hw/intc/arm_gic.c
+++ b/hw/intc/arm_gic.c
@@ -29,6 +29,8 @@
 #include "trace.h"
 #include "system/kvm.h"
 #include "system/qtest.h"
+#include "qemu/plugin.h"
+
=20
 /* #define DEBUG_GIC */
=20
@@ -2096,6 +2098,31 @@ static const MemoryRegionOps gic_viface_ops =3D {
     .endianness =3D DEVICE_LITTLE_ENDIAN,
 };
=20
+static void gic_plugin_irq_inject(void *opaque, int irq, int cpu, bool pul=
se)
+{
+    DeviceState *dev =3D opaque;
+    GICState *s =3D ARM_GIC(dev);
+
+    qemu_irq gic_irq;
+
+    if (irq >=3D GIC_INTERNAL) {
+        assert(irq < s->num_irq);
+
+        gic_irq =3D qdev_get_gpio_in(dev, irq - GIC_INTERNAL);
+    } else {
+        assert(cpu < s->num_cpu);
+
+        uint32_t offset =3D s->num_irq - GIC_INTERNAL + (cpu * GIC_INTERNA=
L) + irq;
+        gic_irq =3D qdev_get_gpio_in(dev, offset);
+    }
+
+    if (pulse) {
+        qemu_irq_pulse(gic_irq);
+    } else {
+        qemu_irq_raise(gic_irq);
+    }
+}
+
 static void arm_gic_realize(DeviceState *dev, Error **errp)
 {
     /* Device instance realize function for the GIC sysbus device */
@@ -2160,6 +2187,7 @@ static void arm_gic_realize(DeviceState *dev, Error *=
*errp)
         }
     }
=20
+    plugin_register_intc(dev, gic_plugin_irq_inject);
 }
=20
 static void arm_gic_class_init(ObjectClass *klass, const void *data)
diff --git a/hw/intc/arm_gicv3.c b/hw/intc/arm_gicv3.c
index 542f81ea49..1bae8c9f17 100644
--- a/hw/intc/arm_gicv3.c
+++ b/hw/intc/arm_gicv3.c
@@ -20,6 +20,8 @@
 #include "qemu/module.h"
 #include "hw/intc/arm_gicv3.h"
 #include "gicv3_internal.h"
+#include "hw/core/irq.h"
+#include "qemu/plugin.h"
=20
 static bool irqbetter(GICv3CPUState *cs, int irq, uint8_t prio, bool nmi)
 {
@@ -434,6 +436,31 @@ static const MemoryRegionOps gic_ops[] =3D {
     }
 };
=20
+static void gicv3_plugin_irq_inject(void *opaque, int irq, int cpu, bool p=
ulse)
+{
+    DeviceState *dev =3D opaque;
+    GICv3State *s =3D ARM_GICV3(dev);
+
+    qemu_irq gic_irq;
+
+    if (irq >=3D GIC_INTERNAL) {
+        assert(irq < s->num_irq);
+
+        gic_irq =3D qdev_get_gpio_in(dev, irq - GIC_INTERNAL);
+    } else {
+        assert(cpu < s->num_cpu);
+
+        uint32_t offset =3D s->num_irq - GIC_INTERNAL + (cpu * GIC_INTERNA=
L) + irq;
+        gic_irq =3D qdev_get_gpio_in(dev, offset);
+    }
+
+    if (pulse) {
+        qemu_irq_pulse(gic_irq);
+    } else {
+        qemu_irq_raise(gic_irq);
+    }
+}
+
 static void arm_gic_realize(DeviceState *dev, Error **errp)
 {
     /* Device instance realize function for the GIC sysbus device */
@@ -450,6 +477,7 @@ static void arm_gic_realize(DeviceState *dev, Error **e=
rrp)
     gicv3_init_irqs_and_mmio(s, gicv3_set_irq, gic_ops);
=20
     gicv3_init_cpuif(s);
+    plugin_register_intc(dev, gicv3_plugin_irq_inject);
 }
=20
 static void arm_gicv3_class_init(ObjectClass *klass, const void *data)
--=20
2.43.0
From nobody Mon Apr  6 18:23:06 2026
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org;
	dmarc=pass(p=none dis=none)  header.from=gmail.com
ARC-Seal: i=1; a=rsa-sha256; t=1773830934; cv=none;
	d=zohomail.com; s=zohoarc;
	b=YWm+rXo/saJo1vWYoXci2jz2zJw+l9QeRPlwAiiHhqu8CS0P55sdniyIY9VwXuMwemVTzgj4S8tfmLJO47ub+tXbx7Pd61VXIMAncPRmKn0Ooa/uQelLySlK/nXYgH3MFeYIWy7D3LSdZ0XyuQjHZlXMWMPuBkW6BV21bFSbzQM=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1773830934;
 h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To;
	bh=RXbm6LZc46i8z/YUVSg+0qi3TRX5Dk3YHcYXiwqEKZc=;
	b=NIoo7Bu34t/u0woummNwmJVaAJwiIZ57pDa2kfDJSpCIYta+My5G7X64q1Oo4bgdWMqxO8WKd3bo4ev4ZRklBlEBTnJczXrop8vS052RXizXAQeQneLw1jm8/Np2GmEzBQlK9vv6nS80xtc7nlHQLdIGprNBSSiV7mOo7iobU2U=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org;
	dmarc=pass header.from=<ruslichenko.r@gmail.com> (p=none dis=none)
Return-Path: <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by
 mx.zohomail.com
	with SMTPS id 1773830934918177.8062159024513;
 Wed, 18 Mar 2026 03:48:54 -0700 (PDT)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <qemu-devel-bounces@nongnu.org>)
	id 1w2oQm-0003ay-S2; Wed, 18 Mar 2026 06:47:16 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <ruslichenko.r@gmail.com>)
 id 1w2oQg-0003XS-S1
 for qemu-devel@nongnu.org; Wed, 18 Mar 2026 06:47:13 -0400
Received: from mail-wm1-x32e.google.com ([2a00:1450:4864:20::32e])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <ruslichenko.r@gmail.com>)
 id 1w2oQf-0003Mq-9r
 for qemu-devel@nongnu.org; Wed, 18 Mar 2026 06:47:10 -0400
Received: by mail-wm1-x32e.google.com with SMTP id
 5b1f17b1804b1-482f454be5bso7392415e9.0
 for <qemu-devel@nongnu.org>; Wed, 18 Mar 2026 03:47:08 -0700 (PDT)
Received: from thinkpad-t470s.. (93-143-80-194.adsl.net.t-com.hr.
 [93.143.80.194]) by smtp.googlemail.com with ESMTPSA id
 5b1f17b1804b1-486f420de8asm56471095e9.3.2026.03.18.03.47.06
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Wed, 18 Mar 2026 03:47:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=gmail.com; s=20230601; t=1773830827; x=1774435627; darn=nongnu.org;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:from:to:cc:subject:date
 :message-id:reply-to;
 bh=RXbm6LZc46i8z/YUVSg+0qi3TRX5Dk3YHcYXiwqEKZc=;
 b=aRWPH/SL1bZzMeqyPSW4wr70fLn6HSOw82IstzcKCR5whYnieMiMZgTOqBRaECbgB4
 JuWP1+u2ldiVUPwG8eN6v3Vl+GpI+vsqE7CerEEcno2NglDtnN0qMMdp+Mto6GTnRomI
 cd/kv/PjwQdLQa6iBrNUjOX/pS9fDGY7azZXXUX4y9RaW7iUtvqepknecLln4z28kvFt
 NdzFzXG1YFh5tAm7AgI/6NHmKE9os7scGCrQ2fFdFp9oe3z12PW7YRd9bdD+kOLHlfag
 +mRFqsbImRvjDnhSNlojqoDAmlKiSp1e5aRyFVrRM5Zq5vwZ6ThYghhmujUFl09kTo9W
 FLgA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20251104; t=1773830827; x=1774435627;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from
 :to:cc:subject:date:message-id:reply-to;
 bh=RXbm6LZc46i8z/YUVSg+0qi3TRX5Dk3YHcYXiwqEKZc=;
 b=ml0pEW5oj0qBx9zy4/xkzAAwitzXypABU6QsLJXY6zrXRClP0J351QPqHee3BDNq8K
 bXOueJDFaC6WSGzXw/b8xjnVi7CeTg8CNMoBTtBydtg1YukkuGNj7PwcUjqB2pXUlLzm
 IwATLXUqxxK2m/B91Gji6HZUejWQCufSB3qDNB8IAUsvmjDiyJLipdp8d5gfPOB3n85x
 nCIcyfSZyXmxlpoB4RnRT1asD4GUUbCOwhYSQI73xo4tl3UDhQkOMqeZxt42ZtmZxW6b
 MPs6tGlFMYUXQsPYnj9RuahzqCQMDpe5ZQtAZPjnS0/5lOgLz5QBfrLK2pvnez95YxkF
 7uHA==
X-Gm-Message-State: AOJu0Yw76RSLqZA09k6lhQ5Sj1FJeUIqvmAhzQs/SNYwcEqylWvzT2ad
 eU69TJuphVokLxF26FR6KFWjEdxRShqIm16rcvSbGsXDSUyeTy3+ekSEQTBJn0gd
X-Gm-Gg: ATEYQzzM8vivtw1WaIfV11W//pnmfQ4nZ4q2FotspG5JcY871aUaVdYAduYY/51E3E2
 CTBkvh/pKw93g9/5+v89cMzHLs+rsOAp4f/nDTkZgkOrDFcj7tC8dMt/p+kRd591SD6vpz7sc6V
 ZYPnLgkG6IrXfpPHPLM2tvlLyvr8kFDa65wDbeh2YErYyNEr0DVTwOq8mI/7y4G3ql/opV8BeKV
 yc2lbT36hgRSt8QNJN2ZaRTsgaMPyJek0whlbbTAHc8v/APaIO9KtYaV3q0ucRgGO80M2Ltbh1I
 Cx4n8iZ30O3Xbz7A6tNhXOvNm68hvJUGFnffOcwdgotWWb0x9SPIOk6jLQbO2XSTCeby2Oqz1d5
 cN5JgvKnvC9V26M3+xGK+pzLAR0FTg0VR3HQvWCOdmEDujPGQy5sh6Hc26zhl3XbBWNEZaGuDdy
 5r6oXiaymHUUE1I4WeHj3ny2t73HRg6bz5wWsxyinrBXVt76+U5AxbJzb/aDyzk4rMEz1QxUio6
 Xne
X-Received: by 2002:a05:600c:314c:b0:485:3989:b3e4 with SMTP id
 5b1f17b1804b1-486f40ab752mr45145435e9.6.1773830827346;
 Wed, 18 Mar 2026 03:47:07 -0700 (PDT)
From: Ruslan Ruslichenko <ruslichenko.r@gmail.com>
To: qemu-devel@nongnu.org
Cc: qemu-arm@nongnu.org, artem_mygaiev@epam.com, volodymyr_babchuk@epam.com,
 alex.bennee@linaro.org, peter.maydell@linaro.org,
 pierrick.bouvier@linaro.org, philmd@linaro.org, Ruslan_Ruslichenko@epam.com
Subject: [RFC PATCH 7/9] hw/arm/smmuv3: Add plugin fault handler for CMDQ
 errors
Date: Wed, 18 Mar 2026 11:46:38 +0100
Message-ID: <20260318104640.239752-8-ruslichenko.r@gmail.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <20260318104640.239752-1-ruslichenko.r@gmail.com>
References: <20260318104640.239752-1-ruslichenko.r@gmail.com>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17
 as permitted sender) client-ip=209.51.188.17;
 envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org;
 helo=lists.gnu.org;
Received-SPF: pass client-ip=2a00:1450:4864:20::32e;
 envelope-from=ruslichenko.r@gmail.com; helo=mail-wm1-x32e.google.com
X-Spam_score_int: -20
X-Spam_score: -2.1
X-Spam_bar: --
X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001,
 RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=unavailable autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: qemu development <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org
Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org
X-ZohoMail-DKIM: pass (identity @gmail.com)
X-ZM-MESSAGEID: 1773830936672158500
Content-Type: text/plain; charset="utf-8"

From: Ruslan Ruslichenko <Ruslan_Ruslichenko@epam.com>

Register custom 'smmu_gerror_cmdq' handler within plugin subsystem.

This enables external plugins to dynamically inject Command Queue
errors and trigger GERROR interrupts.

Signed-off-by: Ruslan Ruslichenko <Ruslan_Ruslichenko@epam.com>
---
 hw/arm/smmuv3.c | 54 +++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 54 insertions(+)

diff --git a/hw/arm/smmuv3.c b/hw/arm/smmuv3.c
index c08d58c579..e80b80e843 100644
--- a/hw/arm/smmuv3.c
+++ b/hw/arm/smmuv3.c
@@ -27,6 +27,8 @@
 #include "hw/pci/pci.h"
 #include "cpu.h"
 #include "exec/target_page.h"
+#include "qemu/plugin.h"
+#include "qom/object.h"
 #include "trace.h"
 #include "qemu/log.h"
 #include "qemu/error-report.h"
@@ -42,6 +44,55 @@
                                         ((ptw_info).stage =3D=3D SMMU_STAG=
E_2 && \
                                         (cfg)->s2cfg.record_faults))
=20
+static void smmuv3_trigger_irq(SMMUv3State *s, SMMUIrq irq,
+                               uint32_t gerror_mask);
+
+typedef struct {
+    uint64_t base_addr;
+    Object *found_obj;
+} SMMUSearchArgs;
+
+static int smmu_match_addr_cb(Object *obj, void *opaque)
+{
+    SMMUSearchArgs *args =3D (SMMUSearchArgs *)opaque;
+
+    if (object_dynamic_cast(obj, TYPE_ARM_SMMUV3)) {
+        SysBusDevice *sbd =3D SYS_BUS_DEVICE(obj);
+
+        if (sbd->mmio[0].addr =3D=3D args->base_addr) {
+            args->found_obj =3D obj;
+            return 1;
+        }
+    }
+
+    return 0;
+}
+
+static void smmu_inject_gerror_cmdq(void *target_data, void *fault_data)
+{
+    uint64_t base_address =3D *(uint64_t *)target_data;
+    SMMUCmdError cmd_error =3D *(SMMUCmdError*)fault_data;
+    Object *obj =3D NULL;
+
+    if (base_address) {
+        SMMUSearchArgs args =3D { .base_addr =3D base_address, .found_obj =
=3D NULL };
+        object_child_foreach_recursive(object_get_root(), smmu_match_addr_=
cb, &args);
+
+        obj =3D args.found_obj;
+    } else {
+        obj =3D object_resolve_path_type("", TYPE_ARM_SMMUV3, NULL);
+    }
+
+    if (!obj) {
+        return;
+    }
+
+    SMMUv3State *s =3D ARM_SMMUV3(obj);
+
+    smmu_write_cmdq_err(s, cmd_error);
+    smmuv3_trigger_irq(s, SMMU_IRQ_GERROR, R_GERROR_CMDQ_ERR_MASK);
+}
+
 /**
  * smmuv3_trigger_irq - pulse @irq if enabled and update
  * GERROR register in case of GERROR interrupt
@@ -2130,6 +2181,9 @@ static void smmuv3_class_init(ObjectClass *klass, con=
st void *data)
     dc->hotpluggable =3D false;
     dc->user_creatable =3D true;
=20
+    plugin_register_custom_fault("smmu_gerror_cmdq",
+                              smmu_inject_gerror_cmdq);
+
     object_class_property_set_description(klass, "accel",
         "Enable SMMUv3 accelerator support. Allows host SMMUv3 to be "
         "configured in nested mode for vfio-pci dev assignment");
--=20
2.43.0
From nobody Mon Apr  6 18:23:06 2026
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org;
	dmarc=pass(p=none dis=none)  header.from=gmail.com
ARC-Seal: i=1; a=rsa-sha256; t=1773830961; cv=none;
	d=zohomail.com; s=zohoarc;
	b=U1jCu4WzA6nLy2U3X0IhJ0yFf1z/M0wUVYw+8UI+NxrNMoqN2NtFghnOz3/2UVa7pkQ8Pm04EuymcWdyT3Fu4zmr+Vi7bAUWN4euGfTcRRY0e8Kn8aCNs7oTME5SZeiT9h1pK5ldLTEDVXlR/w/ycFXv9QLZSTBQz6RMmqeN3Ck=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1773830961;
 h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To;
	bh=r0tMTjjNMyKQv4g24527Xg2K164IeqVEiiwODAWInFs=;
	b=GM9pMyv0mGOPZY3Snjl79hu/SPgdxmtbS0dkeudCAy7Z5cu2LYybpAZJiWRKa1O3Yfphn589lIs80G2g58DKBVX+bRE1cl7ueWP5bFRyTXbIc7tYAhAk5yy/nqfStCkzd+y5jx6G1MIP4/yn6GFScI8xI89w6bkMW6pm4Qym1I4=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org;
	dmarc=pass header.from=<ruslichenko.r@gmail.com> (p=none dis=none)
Return-Path: <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by
 mx.zohomail.com
	with SMTPS id 177383096157264.65201948072274;
 Wed, 18 Mar 2026 03:49:21 -0700 (PDT)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <qemu-devel-bounces@nongnu.org>)
	id 1w2oQm-0003ag-9P; Wed, 18 Mar 2026 06:47:16 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <ruslichenko.r@gmail.com>)
 id 1w2oQj-0003Yx-KP
 for qemu-devel@nongnu.org; Wed, 18 Mar 2026 06:47:13 -0400
Received: from mail-wm1-x32e.google.com ([2a00:1450:4864:20::32e])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <ruslichenko.r@gmail.com>)
 id 1w2oQh-0003N8-0U
 for qemu-devel@nongnu.org; Wed, 18 Mar 2026 06:47:13 -0400
Received: by mail-wm1-x32e.google.com with SMTP id
 5b1f17b1804b1-4852e9ca034so60586565e9.2
 for <qemu-devel@nongnu.org>; Wed, 18 Mar 2026 03:47:10 -0700 (PDT)
Received: from thinkpad-t470s.. (93-143-80-194.adsl.net.t-com.hr.
 [93.143.80.194]) by smtp.googlemail.com with ESMTPSA id
 5b1f17b1804b1-486f420de8asm56471095e9.3.2026.03.18.03.47.07
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Wed, 18 Mar 2026 03:47:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=gmail.com; s=20230601; t=1773830829; x=1774435629; darn=nongnu.org;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:from:to:cc:subject:date
 :message-id:reply-to;
 bh=r0tMTjjNMyKQv4g24527Xg2K164IeqVEiiwODAWInFs=;
 b=nBTPfdfS8MT1KOGGkBLyiejv5maIBIfEB79FmQvzP/KnklTPLXXO7xN8prBBYJFKK6
 CxqcglhGYczJBUzTwl8KOQm/PQgY3egLHNvpCxUsZn4Q4PWUks9pwfAzTm0Iq3Sl6qRU
 +PmDgUduY5dBh20+MSDU+G7ya/Ib7UTdmZ9FvP/Mgq3U1O0rsmj3XzD4XXlwFPoc+q2b
 C9V8JHl02M/C/B7/Hf2Ih2Lx2x/WzvwS9e19zczhSjPKaa8/fzGXUFoMI8bBnfmmdENB
 BX4d6OcZA4AefMTYdLQFV+hJGjkeifj65iuYxZ+Gdr/I8pEdfOlPpYZPLxvDXLY+mCzZ
 QV2A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20251104; t=1773830829; x=1774435629;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from
 :to:cc:subject:date:message-id:reply-to;
 bh=r0tMTjjNMyKQv4g24527Xg2K164IeqVEiiwODAWInFs=;
 b=dIgqQHTZmHDWNzDjRr8+NY0ktieA2fkSpHGl0on7WYfHHmY5erTKRMGIPEHLynnxsk
 yUZviEhi8+lxJSgHNflIpADfeG+SuHurbNALjb/MhF2cfIYueCwPeMGRRSjeviNiJWab
 SUpHb49hoOv/35NGeUyn1vpFZMnG7Qag0lhBOkfirq0ZuKSWIDNu/WTYm6kaHyqerLQ7
 xx4OOvgyOc0A0t/h0zrhyNAszpQ28pFoheg4/K9vYLddlGtperDgekHZiMrh2gdualxY
 eYhg3Bw5ZMJe4k5iJDGZuwT5pLz2LjzHXdbV5OpoH5T08iamEC6xvFgfeFGxkaQP9aYn
 mgOg==
X-Gm-Message-State: AOJu0YygxDw/27rYlndyQBCWecQEvpP1VWhuWsOq13FiKOPKVmkt9viH
 8RuWxNEM75jIIJmWFbNnWGneVwIj8oXNmGy18Q3as0kz2G4DNqdlgyNdLZ5TfNry
X-Gm-Gg: ATEYQzyt6BbtdY9QQCsqAZ5VFmvYr2QDMMfh5NYvUwhjaz5Cmahtj93F23SaXdLZA2j
 YdekAGeCKRFqR2EbYMzXJV8Va/QZS4ogIh4hc8L9Kl6JV15B5opTzZL/niFQaAN3quwaYfFrqxs
 ElK83vIxCbu8M/tHyhlE0Tv5jiGko7ajVAYzcANU8FEHQzlJkiVv/lT4Qa8MVi9Yy8FylrZN24q
 bcx04TYnvKxgPgGUtGMewVQ8O8bAWnkWv7XqAmhur411ZmJ+U2sZleF3w+qVcJxStJO605iMDFl
 0NFwHjGY9ODoCyoTXy0O06ol/m8r4p21xFbgK/CK3jpo0P7e2nZ5sYeVaKTkuuUXKkW7lBPN1oa
 r0l58Vflu/zmxlJMzduyxyA/zSjP0cUwwbE2W+e4+MbBasLjpXwn5ltxC4B5XVy6aP4wXOuiI5Q
 V93huPY3nudgW6/IA5xgZ4dqg/G0C/72BVzMYyjf1ewMAHZ1aRh+MVFt19O/s323B2bw==
X-Received: by 2002:a05:600c:3e85:b0:486:f4d2:eac6 with SMTP id
 5b1f17b1804b1-486f4d2eb2cmr33064445e9.13.1773830828729;
 Wed, 18 Mar 2026 03:47:08 -0700 (PDT)
From: Ruslan Ruslichenko <ruslichenko.r@gmail.com>
To: qemu-devel@nongnu.org
Cc: qemu-arm@nongnu.org, artem_mygaiev@epam.com, volodymyr_babchuk@epam.com,
 alex.bennee@linaro.org, peter.maydell@linaro.org,
 pierrick.bouvier@linaro.org, philmd@linaro.org, Ruslan_Ruslichenko@epam.com
Subject: [RFC PATCH 8/9] contrib/plugins: Add fault injection plugin
Date: Wed, 18 Mar 2026 11:46:39 +0100
Message-ID: <20260318104640.239752-9-ruslichenko.r@gmail.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <20260318104640.239752-1-ruslichenko.r@gmail.com>
References: <20260318104640.239752-1-ruslichenko.r@gmail.com>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17
 as permitted sender) client-ip=209.51.188.17;
 envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org;
 helo=lists.gnu.org;
Received-SPF: pass client-ip=2a00:1450:4864:20::32e;
 envelope-from=ruslichenko.r@gmail.com; helo=mail-wm1-x32e.google.com
X-Spam_score_int: -20
X-Spam_score: -2.1
X-Spam_bar: --
X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001,
 RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=unavailable autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: qemu development <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org
Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org
X-ZohoMail-DKIM: pass (identity @gmail.com)
X-ZM-MESSAGEID: 1773830962866158500
Content-Type: text/plain; charset="utf-8"

From: Ruslan Ruslichenko <Ruslan_Ruslichenko@epam.com>

Introduce Fault injection plugin for AArch64 targets. This
plugin provides a framework for testing guest OS by injecting
hardware-level faults during execution.

The plugin can be configured either statically via an XML file
at boot or dynamically at runtime via a UNIX socket.

Supported triggers:

- PC: Triggers on instruction execution at specific address.
- SYS_REG: Intercepts System Registers reads (e.g. mrs) and
  modifies read results to configured value.
- RAM: Triggers on physical memory accesses.
- MMIO: Intercepts memory-mapped I/O.
- Timer: Triggers at a specific guest virtual clock time (ns).

Supported targets (injected faults):

- CPU_REG: Corrupts general-purpose CPU registers.
- RAM/MMIO: Modifies result of memory reads.
- IRQ: Inject hardware irqs on the primary INTC.
- EXCP: Inject CPU exceptions (e.g., Serror).
- Custom: Triggers device-specific fault handlers registered by
  device models.

Signed-off-by: Ruslan Ruslichenko <Ruslan_Ruslichenko@epam.com>
---
 contrib/plugins/fault_injection.c | 772 ++++++++++++++++++++++++++++++
 contrib/plugins/meson.build       |   1 +
 2 files changed, 773 insertions(+)
 create mode 100644 contrib/plugins/fault_injection.c

diff --git a/contrib/plugins/fault_injection.c b/contrib/plugins/fault_inje=
ction.c
new file mode 100644
index 0000000000..6fa09fd359
--- /dev/null
+++ b/contrib/plugins/fault_injection.c
@@ -0,0 +1,772 @@
+/*
+ * Fault Injection Plugin
+ *
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ */
+
+#include <ctype.h>
+#include <pthread.h>
+#include <stdint.h>
+#include <inttypes.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/param.h>
+#include <sys/socket.h>
+#include <unistd.h>
+
+#include "qemu/osdep.h"
+#include <qemu-plugin.h>
+
+#include "glib/gmarkup.h"
+
+QEMU_PLUGIN_EXPORT int qemu_plugin_version =3D QEMU_PLUGIN_VERSION;
+
+typedef enum {
+    TRIGGER_ON_PC =3D 0,
+    TRIGGER_ON_SYSREG,
+    TRIGGER_ON_RAM,
+    TRIGGER_ON_MMIO,
+    TRIGGER_ON_TIMER
+} FaultTrigger;
+
+typedef enum {
+    TARGET_EMPTY =3D 0,
+    TARGET_CPU_REG,
+    TARGET_RAM,
+    TARGET_MMIO,
+    TARGET_IRQ,
+    TARGET_EXCP,
+    TARGET_CUSTOM
+} FaultTarget;
+
+typedef struct {
+    FaultTarget target;
+    uint64_t target_data;
+
+    FaultTrigger trigger;
+    uint64_t trigger_condition;
+    gchar *trigger_condition_str;
+
+    uint64_t fault_data;
+    gchar *fault_name;
+
+    uint8_t size;
+    uint8_t cpu;
+    gchar *irq_type;
+} FaultConfig;
+
+typedef struct {
+    uint64_t hwaddr;
+    uint64_t value;
+    uint8_t  size;
+} MmioOverrideConfig;
+
+#define FI_LOG(...) do { \
+    g_autofree gchar *__msg =3D g_strdup_printf(__VA_ARGS__); \
+    qemu_plugin_outs(__msg); \
+} while (0)
+
+static bool plugin_is_shutting_down =3D false;
+static int socket_fd =3D -1;
+
+static GRWLock trigger_lock;
+
+GHashTable *pc_faults;
+GHashTable *mem_faults;
+GHashTable *sys_reg_faults;
+
+static GRWLock mmio_override_lock;
+static GRWLock sysreg_lock;
+
+GHashTable *mmio_override;
+
+static struct qemu_plugin_register *gp_registers[31];
+
+static void register_pc_trigger(FaultConfig* fc);
+static void register_mmio_override(FaultConfig *fc);
+
+static void fc_free(FaultConfig *fc);
+
+static bool apply_mmio_override(uint64_t hwaddr, unsigned size, bool is_wr=
ite,
+                             uint64_t *value)
+{
+    g_rw_lock_reader_lock(&mmio_override_lock);
+
+    MmioOverrideConfig *conf =3D g_hash_table_lookup(mmio_override, &hwadd=
r);
+    if (!conf) {
+        g_rw_lock_reader_unlock(&mmio_override_lock);
+        return false;
+    }
+
+    *value =3D conf->value;
+
+    g_rw_lock_reader_unlock(&mmio_override_lock);
+
+    return true;
+}
+
+static bool mmio_override_cb(uint64_t hwaddr, unsigned size, bool is_write,
+                             uint64_t *value)
+{
+    if (is_write) {
+        return false;
+    }
+
+    return apply_mmio_override(hwaddr, size, is_write, value);
+}
+
+static void cpu_write_reg(int reg_id, uint64_t value)
+{
+    g_assert(reg_id >=3D 0 && reg_id <=3D 30);
+
+    g_autoptr(GByteArray) buf =3D g_byte_array_new();
+
+    g_byte_array_set_size(buf, 8);
+
+    memcpy(buf->data, &value, 8);
+
+    bool success =3D qemu_plugin_write_register(gp_registers[reg_id], buf);
+    if (!success) {
+        FI_LOG("FI: Failed to write register\n");
+    }
+}
+
+static void cpu_write_mem(uint64_t addr, uint64_t data, uint8_t size)
+{
+    g_autoptr(GByteArray) buf =3D g_byte_array_new();
+
+    g_byte_array_set_size(buf, size);
+
+    memcpy(buf->data, &data, size);
+
+    bool success =3D qemu_plugin_write_memory_vaddr(addr, buf);
+    if (!success) {
+        FI_LOG("FI: Failed to write memory\n");
+    }
+}
+
+static void inject_irq(FaultConfig *fc)
+{
+    int irq_num =3D fc->target_data;
+
+    if (!fc->irq_type || !g_strcmp0(fc->irq_type, "SPI")) {
+        irq_num +=3D 32;
+    } else if (!g_strcmp0(fc->irq_type, "PPI")) {
+        irq_num +=3D 16;
+    } else if (!g_strcmp0(fc->irq_type, "SGI")) {
+        /* skip */
+    } else {
+        FI_LOG("FI: Unknown IRQ type: %s\n", fc->irq_type);
+    }
+
+    qemu_plugin_inject_irq(irq_num, fc->cpu, fc->fault_data);
+
+}
+
+static void inject_fault(FaultConfig* fc)
+{
+    switch (fc->target) {
+        case TARGET_CPU_REG:
+            cpu_write_reg(fc->target_data, fc->fault_data);
+            break;
+        case TARGET_RAM:
+            cpu_write_mem(fc->target_data, fc->fault_data, fc->size);
+            break;
+        case TARGET_MMIO:
+            register_mmio_override(fc);
+            break;
+        case TARGET_IRQ:
+            inject_irq(fc);
+            break;
+        case TARGET_EXCP:
+            qemu_plugin_inject_exception(fc->target_data, fc->fault_data);
+            break;
+        case TARGET_CUSTOM:
+            qemu_plugin_trigger_custom_fault(fc->fault_name,
+                                &fc->target_data, &fc->fault_data);
+            break;
+        default:
+            FI_LOG("FI: Unsupported fault type\n");
+            break;
+    }
+}
+
+static void timed_fault_timer_cb(void* data)
+{
+    FaultConfig* fc =3D (FaultConfig*)data;
+
+    inject_fault(fc);
+
+    fc_free(fc);
+}
+
+static void vcpu_mem_cb(unsigned int vcpu_index,
+                        qemu_plugin_meminfo_t info,
+                        uint64_t vaddr, void *userdata)
+{
+    GSList *fault_list;
+
+    g_rw_lock_reader_lock(&trigger_lock);
+
+    fault_list =3D g_hash_table_lookup(mem_faults, &vaddr);
+    for (GSList *entry =3D fault_list; entry !=3D NULL; entry =3D entry->n=
ext) {
+        FaultConfig *fc =3D (FaultConfig *)entry->data;
+
+        inject_fault(fc);
+    }
+
+    g_rw_lock_reader_unlock(&trigger_lock);
+}
+
+static void vcpu_insn_exec_cb(unsigned int vcpu_index, void *data)
+{
+    uint64_t insn_vaddr =3D (uint64_t)data;
+    GSList *fault_list;
+
+    g_rw_lock_reader_lock(&trigger_lock);
+
+    fault_list =3D g_hash_table_lookup(pc_faults,
+                                        &insn_vaddr);
+
+    for (GSList *l =3D fault_list; l !=3D NULL; l =3D l->next) {
+        FaultConfig *fc =3D (FaultConfig *)l->data;
+
+        inject_fault(fc);
+    }
+
+    g_rw_lock_reader_unlock(&trigger_lock);
+}
+
+#define MRS_OPCODE 0xD5300000
+#define MRS_OPCODE_MASK 0xFFF00000
+
+static void handle_sysreg_fault(struct qemu_plugin_insn *insn, uint64_t in=
sn_vaddr)
+{
+    FaultConfig *fc;
+    uint32_t raw_opcode;
+    size_t data_size =3D qemu_plugin_insn_data(insn, &raw_opcode, sizeof(r=
aw_opcode));
+    if (data_size < sizeof(raw_opcode)) {
+        return;
+    }
+
+    uint32_t opcode =3D GUINT32_FROM_LE(raw_opcode);
+
+    if ((opcode & MRS_OPCODE_MASK) !=3D MRS_OPCODE) {
+        return;
+    }
+
+    char *disas =3D qemu_plugin_insn_disas(insn);
+    if (!disas) {
+        return;
+    }
+
+    int dest_reg;
+    char sysreg_name[32] =3D { 0 };
+
+    if (sscanf(disas, "mrs x%d, %31s", &dest_reg, sysreg_name) =3D=3D 2) {
+        uint64_t fault_data;
+        bool found =3D false;
+
+        g_rw_lock_reader_lock(&sysreg_lock);
+
+        fc =3D g_hash_table_lookup(sys_reg_faults, sysreg_name);
+        if (fc) {
+            fault_data =3D fc->fault_data;
+            found =3D true;
+        }
+
+        g_rw_lock_reader_unlock(&sysreg_lock);
+
+        if (found) {
+            /*
+             * WA: For CPU system registers, injecting fault to destination
+             * gp register on next PC
+             */
+            FaultConfig *dyn_pc_fault =3D g_new0(FaultConfig, 1);
+
+            dyn_pc_fault->trigger =3D TRIGGER_ON_PC;
+            dyn_pc_fault->trigger_condition =3D insn_vaddr + 4;
+            dyn_pc_fault->target =3D TARGET_CPU_REG;
+            dyn_pc_fault->target_data =3D dest_reg;
+            dyn_pc_fault->fault_data =3D fault_data;
+
+            register_pc_trigger(dyn_pc_fault);
+        }
+    }
+
+    g_free(disas);
+}
+
+static void vcpu_tb_trans_cb(qemu_plugin_id_t id, struct qemu_plugin_tb *t=
b)
+{
+    for(int i =3D 0; i < qemu_plugin_tb_n_insns(tb); i++) {
+        struct qemu_plugin_insn *insn =3D qemu_plugin_tb_get_insn(tb, i);
+        uint64_t insn_vaddr =3D qemu_plugin_insn_vaddr(insn);
+        GSList *fault_list;
+
+        qemu_plugin_register_vcpu_mem_cb(insn, vcpu_mem_cb,
+                                         QEMU_PLUGIN_CB_NO_REGS, QEMU_PLUG=
IN_MEM_RW, NULL);
+
+        handle_sysreg_fault(insn, insn_vaddr);
+
+        g_rw_lock_reader_lock(&trigger_lock);
+
+        fault_list =3D g_hash_table_lookup(pc_faults,
+                                            &insn_vaddr);
+
+        if (fault_list) {
+            qemu_plugin_register_vcpu_insn_exec_cb(insn, vcpu_insn_exec_cb,
+                                             QEMU_PLUGIN_CB_RW_REGS,
+                                         (void *)insn_vaddr);
+        }
+
+        g_rw_lock_reader_unlock(&trigger_lock);
+    }
+}
+
+static void vcpu_init_cb(qemu_plugin_id_t id, unsigned int vcpu_index)
+{
+    if (vcpu_index) {
+        /* Init reg's and mem watchpoints only once, with CPU 0 */
+        return;
+    }
+
+    g_autoptr(GArray) reg_list =3D qemu_plugin_get_registers();
+
+    for (int i =3D 0; i < reg_list->len; ++i) {
+        qemu_plugin_reg_descriptor *rd =3D &g_array_index(reg_list,
+                                                qemu_plugin_reg_descriptor=
, i);
+
+        if (rd->name[0] =3D=3D 'x' && isdigit(rd->name[1])) {
+            int reg_ind =3D atoi(&rd->name[1]);
+
+            if (reg_ind >=3D 0 && reg_ind <=3D 30) {
+                gp_registers[reg_ind] =3D rd->handle;
+            }
+        }
+    }
+}
+
+static void register_mmio_override(FaultConfig *fc)
+{
+    g_rw_lock_writer_lock(&mmio_override_lock);
+
+    MmioOverrideConfig *curr_conf =3D g_hash_table_lookup(mmio_override,
+                                                        &fc->target_data);
+    if (curr_conf) {
+        curr_conf->value =3D fc->fault_data;
+        curr_conf->size =3D fc->size;
+    } else {
+        MmioOverrideConfig *new_conf =3D g_new0(MmioOverrideConfig, 1);
+
+        new_conf->hwaddr =3D fc->target_data;
+        new_conf->value =3D fc->fault_data;
+        new_conf->size =3D fc->size;
+
+        g_hash_table_insert(mmio_override, &new_conf->hwaddr,
+                     new_conf);
+    }
+
+    g_rw_lock_writer_unlock(&mmio_override_lock);
+}
+
+static void register_sysreg_override(FaultConfig *fc)
+{
+    g_rw_lock_writer_lock(&sysreg_lock);
+
+    FaultConfig *old_fc =3D g_hash_table_lookup(sys_reg_faults,
+                                              fc->trigger_condition_str);
+    g_hash_table_replace(sys_reg_faults,
+                    fc->trigger_condition_str,
+                  fc);
+
+    if (old_fc) {
+        fc_free(old_fc);
+    }
+
+    g_rw_lock_writer_unlock(&sysreg_lock);
+}
+
+static void register_ram_trigger(FaultConfig* fc)
+{
+
+    g_rw_lock_writer_lock(&trigger_lock);
+
+    GSList *mem_list =3D g_hash_table_lookup(mem_faults, &fc->trigger_cond=
ition);
+
+    mem_list =3D g_slist_append(mem_list, fc);
+    g_hash_table_insert(mem_faults,
+                    &fc->trigger_condition, mem_list);
+
+    g_rw_lock_writer_unlock(&trigger_lock);
+
+}
+
+static void register_pc_trigger(FaultConfig* fc)
+{
+    g_rw_lock_writer_lock(&trigger_lock);
+
+    bool duplicate =3D false;
+    GSList *pc_list =3D g_hash_table_lookup(pc_faults,
+                                            &fc->trigger_condition);
+
+    for (GSList *l =3D pc_list; l !=3D NULL; l =3D l->next) {
+        FaultConfig *existing =3D (FaultConfig *)l->data;
+
+        if (existing->target =3D=3D fc->target &&
+            existing->target_data =3D=3D fc->target_data &&
+            existing->fault_data =3D=3D fc->fault_data) {
+            duplicate =3D true;
+            break;
+        }
+    }
+
+    if (!duplicate) {
+        pc_list =3D g_slist_append(pc_list, fc);
+        g_hash_table_insert(pc_faults, &fc->trigger_condition,
+                    pc_list);
+    } else {
+        fc_free(fc);
+    }
+
+    g_rw_lock_writer_unlock(&trigger_lock);
+
+}
+
+static bool register_fault(FaultConfig *fc)
+{
+    FaultTrigger trigger_type =3D fc->trigger;
+
+    if (fc->target =3D=3D TARGET_CUSTOM && !fc->fault_name) {
+        FI_LOG("FI: fault_name needed for custom targets\n");
+        return false;
+    }
+
+    if (!fc->size) {
+        fc->size =3D sizeof(fc->fault_data);
+    }
+
+    switch (fc->trigger) {
+        case TRIGGER_ON_PC:
+            register_pc_trigger(fc);
+            break;
+        case TRIGGER_ON_SYSREG:
+            if (fc->target !=3D TARGET_EMPTY) {
+                FI_LOG("FI: SYS_REG faults does not support target\n");
+                return false;
+            }
+
+            register_sysreg_override(fc);
+            break;
+        case TRIGGER_ON_RAM:
+            if (fc->target =3D=3D TARGET_EMPTY) {
+                /* Allow short form for RAM triggers to override same memo=
ry */
+                fc->target =3D TARGET_RAM;
+                fc->target_data =3D fc->trigger_condition;
+            }
+
+            register_ram_trigger(fc);
+            break;
+        case TRIGGER_ON_MMIO:
+            if (fc->target !=3D TARGET_EMPTY) {
+                FI_LOG("FI: No target support for MMIO trigger for now\n");
+                return false;
+            }
+
+            register_mmio_override(fc);
+            fc_free(fc);
+            break;
+        case TRIGGER_ON_TIMER:
+            if (fc->target =3D=3D TARGET_CPU_REG) {
+                FI_LOG("FI: CPU_REG is invalid for TIMER trigger\n");
+                return false;
+            }
+            qemu_plugin_timer_virt_ns(fc->trigger_condition,
+                                   timed_fault_timer_cb, fc);
+            break;
+        default:
+            /* skip */
+            break;
+    }
+
+    if (trigger_type =3D=3D TRIGGER_ON_PC || trigger_type =3D=3D TRIGGER_O=
N_SYSREG) {
+        qemu_plugin_flush_tb_cache();
+    }
+
+    return true;
+}
+
+static void fc_free(FaultConfig *fc)
+{
+    if (!fc) {
+        return;
+    }
+
+    g_free(fc->trigger_condition_str);
+    g_free(fc->fault_name);
+    g_free(fc->irq_type);
+
+    g_free(fc);
+}
+
+static void xml_start_elem(GMarkupParseContext *context,
+                          const gchar         *element_name,
+                          const gchar        **attribute_names,
+                          const gchar        **attribute_values,
+                          gpointer             user_data,
+                          GError             **error)
+{
+    if (!g_strcmp0(element_name, "Fault")) {
+        FaultConfig *fc =3D g_new0(FaultConfig, 1);
+
+        for (int i =3D 0; attribute_names[i] !=3D NULL; i++) {
+            const char *key =3D attribute_names[i];
+            const char *value =3D attribute_values[i];
+
+            if (!g_strcmp0(key, "target")) {
+                if (!g_strcmp0(value, "CPU_REG")) {
+                    fc->target =3D TARGET_CPU_REG;
+                } else if (!g_strcmp0(value, "RAM")) {
+                    fc->target =3D TARGET_RAM;
+                } else if (!g_strcmp0(value, "MMIO")) {
+                    fc->target =3D TARGET_MMIO;
+                } else if (!g_strcmp0(value, "IRQ")) {
+                    fc->target =3D TARGET_IRQ;
+                } else if (!g_strcmp0(value, "EXCP")) {
+                    fc->target =3D TARGET_EXCP;
+                } else if (!g_strcmp0(value, "CUSTOM")) {
+                    fc->target =3D TARGET_CUSTOM;
+                } else {
+                    g_set_error(error, G_MARKUP_ERROR,
+                          G_MARKUP_ERROR_UNKNOWN_ATTRIBUTE,
+                        "FI: Unknown target type '%s'", value);
+                    fc_free(fc);
+                    return;
+                }
+            } else if (!g_strcmp0(key, "trigger")) {
+                if (!g_strcmp0(value, "PC")) {
+                    fc->trigger =3D TRIGGER_ON_PC;
+                } else if (!g_strcmp0(value, "SYS_REG")) {
+                    fc->trigger =3D TRIGGER_ON_SYSREG;
+                } else if (!g_strcmp0(value, "RAM")) {
+                    fc->trigger =3D TRIGGER_ON_RAM;
+                } else if (!g_strcmp0(value, "MMIO")) {
+                    fc->trigger =3D TRIGGER_ON_MMIO;
+                } else if (!g_strcmp0(value, "TIMER")) {
+                    fc->trigger =3D TRIGGER_ON_TIMER;
+                } else {
+                    g_set_error(error, G_MARKUP_ERROR,
+                        G_MARKUP_ERROR_UNKNOWN_ATTRIBUTE,
+                    "FI: Unknown trigger type: '%s'", value);
+                    fc_free(fc);
+                    return;
+                }
+            } else if (!g_strcmp0(key, "target_data")) {
+                fc->target_data =3D strtoull(value, NULL, 0);
+            } else if (!g_strcmp0(key, "trigger_condition")) {
+                fc->trigger_condition_str =3D g_strdup(value);
+                fc->trigger_condition =3D strtoull(value, NULL, 0);
+            } else if (!g_strcmp0(key, "fault_data")) {
+                fc->fault_data =3D strtoull(value, NULL, 0);
+            } else if (!g_strcmp0(key, "size")) {
+                fc->size =3D strtoull(value, NULL, 0);
+            } else if (!g_strcmp0(key, "cpu")) {
+                fc->cpu =3D strtoull(value, NULL, 0);
+            } else if (!g_strcmp0(key, "irq_type")) {
+                fc->irq_type =3D g_strdup(value);
+            } else if (!g_strcmp0(key, "fault_name")) {
+                fc->fault_name =3D g_strdup(value);
+            }
+        }
+
+        if (!register_fault(fc)) {
+            g_set_error(error, G_MARKUP_ERROR,
+                    G_MARKUP_ERROR_UNKNOWN_ATTRIBUTE,
+                "FI: Failed to register fault");
+            fc_free(fc);
+            return;
+        }
+    }
+}
+
+static GMarkupParser parser =3D {
+    .start_element =3D xml_start_elem,
+};
+
+static void *ipc_listener_thread(void *arg)
+{
+    char *sock_path =3D (char *)arg;
+    struct sockaddr_un addr;
+    int client_fd;
+    char buf[1024];
+
+    socket_fd =3D socket(AF_UNIX, SOCK_STREAM, 0);
+    if (socket_fd < 0) {
+        FI_LOG("Failed to create socket, err =3D %s\n",
+               strerror(errno));
+        return NULL;
+    }
+
+    memset(&addr, 0, sizeof(addr));
+
+    addr.sun_family =3D AF_UNIX;
+    g_strlcpy(addr.sun_path, sock_path, sizeof(addr.sun_path) - 1);
+
+    unlink(sock_path);
+
+    if (bind(socket_fd, &addr, sizeof(addr)) < 0) {
+        FI_LOG("Failed to create socket, err =3D %s\n",
+               strerror(errno));
+        close(socket_fd);
+        return NULL;
+    }
+
+    if (listen(socket_fd, 1)) {
+        FI_LOG("Listen socket failed, err =3D %s\n",
+               strerror(errno));
+        close(socket_fd);
+        return NULL;
+    }
+
+    while (true) {
+        client_fd =3D accept(socket_fd, NULL, NULL);
+
+        if (client_fd < 0) {
+            if (plugin_is_shutting_down) {
+                break;
+            }
+            continue;
+        }
+
+        GString *xml_payload =3D g_string_new(NULL);
+
+        memset(buf, 0, sizeof(buf));
+
+        while (true) {
+            ssize_t bytes_read =3D read(client_fd, buf, sizeof(buf) - 1);
+
+            if (bytes_read > 0) {
+                g_string_append_len(xml_payload, buf, bytes_read);
+            } else if (bytes_read =3D=3D 0) {
+                break;
+            } else {
+                if (errno =3D=3D EINTR) {
+                    continue;
+                }
+
+                break;
+            }
+        }
+
+        if (xml_payload->len > 0) {
+            GError *err =3D NULL;
+
+            GMarkupParseContext *ctx =3D g_markup_parse_context_new(&parse=
r,
+                        0, NULL, NULL);
+
+            if (!g_markup_parse_context_parse(ctx, xml_payload->str,
+                                    xml_payload->len, &err)) {
+                FI_LOG("FI Error: Failed to parse dynamic XML: %s\n",
+                    err->message);
+                g_error_free(err);
+            }
+
+            g_markup_parse_context_free(ctx);
+        }
+
+        g_string_free(xml_payload, TRUE);
+        close(client_fd);
+    }
+
+    unlink(sock_path);
+    g_free(sock_path);
+
+    return NULL;
+}
+
+static void plugin_exit_cb(qemu_plugin_id_t id, void *userdata)
+{
+    plugin_is_shutting_down =3D true;
+
+    if (socket_fd >=3D 0) {
+        close(socket_fd);
+        socket_fd =3D -1;
+    }
+}
+
+QEMU_PLUGIN_EXPORT int qemu_plugin_install(qemu_plugin_id_t id,
+                                           const qemu_info_t *info,
+                                           int argc, char **argv)
+{
+    const char *config_path =3D NULL;
+    const char *socket_path =3D NULL;
+    gchar *config;
+    gsize length;
+    GError *err =3D NULL;
+    bool success;
+
+    if (strcmp(info->target_name, "aarch64")) {
+        FI_LOG("FI: Target %s is not supported\n", info->target_name);
+        return 1;
+    }
+
+    for (int i =3D 0; i < argc; ++i) {
+        if (g_str_has_prefix(argv[i], "config=3D")) {
+            config_path =3D argv[i] + strlen("config=3D");
+        } else if (g_str_has_prefix(argv[i], "socket=3D")) {
+            socket_path =3D g_strdup(argv[i] + strlen("socket=3D"));
+        }
+    }
+
+    if (!config_path && !socket_path) {
+        FI_LOG("FI: either config or socket path required\n");
+        return 1;
+    }
+
+    pc_faults =3D g_hash_table_new(g_int64_hash, g_int64_equal);
+    mem_faults =3D g_hash_table_new(g_int64_hash, g_int64_equal);
+    sys_reg_faults =3D g_hash_table_new(g_str_hash, g_str_equal);
+    mmio_override =3D g_hash_table_new(g_int64_hash, g_int64_equal);
+
+    g_rw_lock_init(&trigger_lock);
+    g_rw_lock_init(&mmio_override_lock);
+    g_rw_lock_init(&sysreg_lock);
+
+    if (config_path) {
+        if (access(config_path, R_OK)) {
+            FI_LOG("FI: can't access config file, err =3D %s\n",
+                   strerror(errno));
+            return 1;
+        }
+
+        success =3D g_file_get_contents(config_path, &config,
+                        &length, &err);
+        if (success) {
+            GMarkupParseContext *ctx =3D g_markup_parse_context_new(&parse=
r,
+                                                            0, NULL, NULL);
+
+            success =3D g_markup_parse_context_parse(ctx, config, length, =
&err);
+        }
+
+        if (!success) {
+            FI_LOG("FI: failed to parse config file\n");
+            return 1;
+        }
+    }
+
+    if (socket_path) {
+        pthread_t thread_id;
+
+        pthread_create(&thread_id, NULL, ipc_listener_thread,
+                       (void*)socket_path);
+        pthread_detach(thread_id);
+    }
+
+    qemu_plugin_register_vcpu_init_cb(id, vcpu_init_cb);
+    qemu_plugin_register_vcpu_tb_trans_cb(id, vcpu_tb_trans_cb);
+    qemu_plugin_register_mmio_override_cb(id, mmio_override_cb);
+
+    qemu_plugin_register_atexit_cb(id, plugin_exit_cb, NULL);
+
+    return 0;
+}
\ No newline at end of file
diff --git a/contrib/plugins/meson.build b/contrib/plugins/meson.build
index 099319e7a1..df4d4c5177 100644
--- a/contrib/plugins/meson.build
+++ b/contrib/plugins/meson.build
@@ -12,6 +12,7 @@ contrib_plugins =3D [
 'stoptrigger.c',
 'traps.c',
 'uftrace.c',
+'fault_injection.c',
 ]
=20
 if host_os !=3D 'windows'
--=20
2.43.0
From nobody Mon Apr  6 18:23:06 2026
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org;
	dmarc=pass(p=none dis=none)  header.from=gmail.com
ARC-Seal: i=1; a=rsa-sha256; t=1773830939; cv=none;
	d=zohomail.com; s=zohoarc;
	b=krOMJZCM6Spm1AoRX4R3e9COCrmEL7raAYlfZkprEKf5fsUiv/bjkyg0HQIbS+mBTESlmcfhsbFl7LDf51mHSzaiMQzAzSmu+iDip32afEi6+D37QvNXDeszpeZixh2W8oq5VdlIYOwwjxmv97sdTji1vy5HYIt9jWkoYKKtgW0=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1773830939;
 h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To;
	bh=cdLYTX5XCu0aJDUj9OehAyMtHZ53fPtprEnUaqi5uyI=;
	b=brUBhB/AgINToKcUKw+MM0gUHAzwi9YT9SEekI0N1aVJfCn30oSniUQ/otTAhjkcZSvljkL5OZmS/OHquHv0pzW5Zv8abYlFSeJlGdOXM8gnWx0qx91nJ6PDH4AHjFUoJC6zIWS1IBNjE+Myn++OorYlUsV9qf4/WiejgmLUX1Q=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org;
	dmarc=pass header.from=<ruslichenko.r@gmail.com> (p=none dis=none)
Return-Path: <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by
 mx.zohomail.com
	with SMTPS id 177383093996958.53137910225314;
 Wed, 18 Mar 2026 03:48:59 -0700 (PDT)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <qemu-devel-bounces@nongnu.org>)
	id 1w2oQp-0003bY-7C; Wed, 18 Mar 2026 06:47:19 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <ruslichenko.r@gmail.com>)
 id 1w2oQj-0003ZD-Tw
 for qemu-devel@nongnu.org; Wed, 18 Mar 2026 06:47:13 -0400
Received: from mail-wm1-x336.google.com ([2a00:1450:4864:20::336])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <ruslichenko.r@gmail.com>)
 id 1w2oQi-0003NU-3V
 for qemu-devel@nongnu.org; Wed, 18 Mar 2026 06:47:13 -0400
Received: by mail-wm1-x336.google.com with SMTP id
 5b1f17b1804b1-4852e9ca034so60586785e9.2
 for <qemu-devel@nongnu.org>; Wed, 18 Mar 2026 03:47:11 -0700 (PDT)
Received: from thinkpad-t470s.. (93-143-80-194.adsl.net.t-com.hr.
 [93.143.80.194]) by smtp.googlemail.com with ESMTPSA id
 5b1f17b1804b1-486f420de8asm56471095e9.3.2026.03.18.03.47.08
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Wed, 18 Mar 2026 03:47:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=gmail.com; s=20230601; t=1773830830; x=1774435630; darn=nongnu.org;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:from:to:cc:subject:date
 :message-id:reply-to;
 bh=cdLYTX5XCu0aJDUj9OehAyMtHZ53fPtprEnUaqi5uyI=;
 b=MmLlMUgr7h0HzJdiQc5LY0LyXhN7XSPEFk19SYVebhHZ3OGC8MZ36I1A3b85fmOCPZ
 /iK17AxS9n6/jV2f/Osun2/vBG9u/e3MNyi+1zk/IjghlXJl82P9DSRwETBfGEPz/Gen
 UwsxU/YSEX64mgdmadKMz1fPlKanJ/mV3OWjEMnZbkTQxLf9jZ5cyQNlU9mYhAbKypTW
 JAfRIfR396/4OsFlW1JvfNfnaXGiifXPwV1clAuiBZ2Ku2HeZroN8w+xjtmwjsxGRX+z
 cMUfZ7WnXgfQmXYrrnajwpdHKex8NZ/sasXAwnMgq7iW6iQTwm86OMgVKpBdR2jaZ0yd
 +rtA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20251104; t=1773830830; x=1774435630;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from
 :to:cc:subject:date:message-id:reply-to;
 bh=cdLYTX5XCu0aJDUj9OehAyMtHZ53fPtprEnUaqi5uyI=;
 b=h+OuMSllXzsK+5HdHSfgjiSK4/VWAiHYC6VylyyGuvuFqDYxM1AmvRAFu4VBqe++7/
 75LjMYxL6hdXYB08+RFus7QNjkDjiRJLMjTjOVjmFFmE1m/AlzyGTPrDaRbruL+XhZOU
 vdfbj2idXhyjH+6I9QTMCcrskupcRMlxXF5UJbVHOLYihAGUFXYLT4Nd8V4Z3w8aX0aW
 V43I9KMF9N4MJaPU2Jd7aD79gPMGCCgckO1FLD1kLLhSJZGKH6Xl1rRb55HiEn94Zw5X
 J3NKx7ag1HfzNYLky0hvKPjrS5asPeFVFbwnqnUF6WBO6PA19pTX+tmf6JzAHta4Q3Q8
 2yww==
X-Gm-Message-State: AOJu0YyGRY8MbmXXois1tU45W7ltnCz1YHNAmol1NaluZAhhUJmUVNrM
 u15+lzpj3nVtHxkV6w3AyjwxH618Edh9npI65zj0WsjlzwA5EhBDmx8nW0g7WaxT
X-Gm-Gg: ATEYQzzJUaObGcvEsp+VPIjDezpIMhfDe3ODNISWfexrj3bbNRtQyz2HA2tePQG15xn
 jNNt4bqXkmsDpU2mtmEmcqkVUjgZ11HK3iJkGF/OoLGTUmFA+cGqUnNWASK9ngYAmzgxI9K3x9x
 wnWQ+1kctL85Epunsw8CIgwU3MtHZpFqvAll6IQ1EIH1D7kTcSyAA1of+sSMIv8qq8ML5lSkd1y
 8XvHZ9dEPz50dhceTm+zIVqhXgA63E7LEMSI0wd+5EoqumUcxXKkF0UPEvq+4AJnOZRE9+TF8Hy
 L03DNYlO7YSjb4YghtFrJJjDhhW5jY24MDwCTZsDqcnANhg4a4VwyPD/Yvcb5yNjjkMCgf5xHs7
 Mrbjbt7jHgDSHrJE4mZNLRNy9dLalqTgFfuMw0OAB1I4oGNMKLJj2x+97CD+X+tg+uU+FGvWYob
 4FAKoud4QX1bx4uB9yQikbipmh9b6YfFD9Tu+Lgu7RAf48gbj3o0IwTjxByst/ZQ5QIA==
X-Received: by 2002:a05:600c:1d0b:b0:485:45fb:3472 with SMTP id
 5b1f17b1804b1-486f441bacdmr48347585e9.7.1773830830190;
 Wed, 18 Mar 2026 03:47:10 -0700 (PDT)
From: Ruslan Ruslichenko <ruslichenko.r@gmail.com>
To: qemu-devel@nongnu.org
Cc: qemu-arm@nongnu.org, artem_mygaiev@epam.com, volodymyr_babchuk@epam.com,
 alex.bennee@linaro.org, peter.maydell@linaro.org,
 pierrick.bouvier@linaro.org, philmd@linaro.org, Ruslan_Ruslichenko@epam.com
Subject: [RFC PATCH 9/9] docs: Add description of fault-injection plugin and
 subsystem
Date: Wed, 18 Mar 2026 11:46:40 +0100
Message-ID: <20260318104640.239752-10-ruslichenko.r@gmail.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <20260318104640.239752-1-ruslichenko.r@gmail.com>
References: <20260318104640.239752-1-ruslichenko.r@gmail.com>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17
 as permitted sender) client-ip=209.51.188.17;
 envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org;
 helo=lists.gnu.org;
Received-SPF: pass client-ip=2a00:1450:4864:20::336;
 envelope-from=ruslichenko.r@gmail.com; helo=mail-wm1-x336.google.com
X-Spam_score_int: -20
X-Spam_score: -2.1
X-Spam_bar: --
X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001,
 RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=unavailable autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: qemu development <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org
Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org
X-ZohoMail-DKIM: pass (identity @gmail.com)
X-ZM-MESSAGEID: 1773830941922154100
Content-Type: text/plain; charset="utf-8"

From: Ruslan Ruslichenko <Ruslan_Ruslichenko@epam.com>

The patch introduce documentation for newly added Fault Injection
plugin and subsystem.

Signed-off-by: Ruslan Ruslichenko <Ruslan_Ruslichenko@epam.com>
---
 docs/fault-injection.txt | 111 +++++++++++++++++++++++++++++++++++++++
 1 file changed, 111 insertions(+)
 create mode 100644 docs/fault-injection.txt

diff --git a/docs/fault-injection.txt b/docs/fault-injection.txt
new file mode 100644
index 0000000000..05cbd48136
--- /dev/null
+++ b/docs/fault-injection.txt
@@ -0,0 +1,111 @@
+QEMU FAULT INJECTION PLUGIN DOCUMENTATION
+=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
+
+OVERVIEW
+--------
+The Fault Injection (FI) plugin is a testing tool for guest operating syst=
ems running in QEMU. It allows you to test how a guest OS or driver handles=
 hardware-level errors. Currently, only AArch64 (ARM64) guest systems are s=
upported.
+
+Errors (faults) can be injected in two ways:
+1. Statically using a configuration file when QEMU starts.
+2. Dynamically using a UNIX socket while the system is running.
+
+
+USAGE
+-----
+To use the plugin, add the "-plugin" option to the QEMU command.
+
+Command Line Examples:
+
+1. Using a static XML config file:
+qemu-system-aarch64 -machine virt -cpu cortex-a57 -plugin ./contrib/plugin=
s/libfault_injection.so,config=3Dfaults.xml
+
+2. Using a dynamic UNIX socket:
+qemu-system-aarch64 -machine virt -cpu cortex-a57 -plugin ./contrib/plugin=
s/libfault_injection.so,socket=3D/tmp/fi_socket.sock
+
+3. Using both at the same time:
+qemu-system-aarch64 -machine virt -cpu cortex-a57 -plugin ./contrib/plugin=
s/libfault_injection.so,config=3Dfaults.xml,socket=3D/tmp/fi_socket.sock
+
+To send a dynamic fault over the socket while QEMU is running, an XML stri=
ng can be sent directly to the socket file.
+
+
+CORE CONCEPTS
+-------------
+A fault configuration has two main parts:
+- Trigger: When should the fault happen? (Example: when the CPU reaches a =
specific address).
+- Target: What should be corrupted or injected? (Example: change a CPU reg=
ister).
+
+SUPPORTED TRIGGERS:
+- PC      : Triggers when the CPU executes an instruction at a specific Vi=
rtual Address.
+- SYS_REG : Triggers when the guest reads a specific System Register (like=
 cntvct_el0).
+- RAM     : Triggers when the guest accesses a specific Virtual Address in=
 memory.
+- MMIO    : Triggers when the guest reads from a hardware device at a Phys=
ical Address.
+- TIMER   : Triggers at a specific guest virtual time (in nanoseconds).
+
+SUPPORTED TARGETS:
+- CPU_REG : Changes a CPU register (x0 to x30).
+- RAM     : Overwrites physical memory with a fake value.
+- MMIO    : Modifies a hardware device read with a fake value.
+- IRQ     : Injects a hardware interrupt into the primary INTC.
+- EXCP    : Injects a CPU exception (like an SError).
+- CUSTOM  : Triggers a custom device error (custom handler registered by d=
evice model).
+
+
+XML CONFIGURATION FORMAT
+------------------------
+The plugin uses a simple XML format. Each fault is defined by a <Fault /> =
tag. Multiple fault tags can be added inside one file by wrapping them in a=
 <Faults> block.
+
+The following attributes can be used in the tag:
+- trigger           : The event that starts the fault (PC, TIMER, etc.).
+- trigger_condition : The value needed to activate the trigger (Address, T=
ime, or System Register Name).
+- target            : The system part to corrupt (CPU_REG, IRQ, etc.). Thi=
s is optional for RAM and MMIO triggers.
+- target_data       : The specific ID or address of the target.
+- fault_data        : The corrupted value to inject.
+- size              : (Optional) Size in bytes for memory operations. Defa=
ult is 8.
+- cpu               : (Optional) CPU index for IRQs. Default is 0.
+- irq_type          : (Optional) For IRQs. Can be SPI, PPI, or SGI. Defaul=
t is SPI.
+- fault_name        : (Optional) Required only for CUSTOM targets (string =
with the name of the custom fault).
+
+
+EXAMPLES
+--------
+
+Example 1: Corrupt a CPU Register on a Specific Instruction
+This changes register x1 to 0 when the CPU executes the instruction at vir=
tual address 0xa00002e7714.
+
+<Faults>
+    <Fault trigger=3D"PC" trigger_condition=3D"0xa00002e7714" target=3D"CP=
U_REG" target_data=3D"1" fault_data=3D"0" />
+</Faults>
+
+
+Example 2: Modify an MMIO Read
+When the guest OS tries to read a hardware device at physical address 0x08=
00FFE8, the plugin ignores the real hardware and returns the fake value 0x0.
+
+<Faults>
+    <Fault trigger=3D"MMIO" trigger_condition=3D"0x0800FFE8" fault_data=3D=
"0" />
+</Faults>
+
+
+Example 3: Inject a Hardware Interrupt using a Timer
+This injects SPI interrupt number 77 into CPU 0 after 10s of virtual guest=
 time and modifies the results of MMIO reads starting at this time.
+
+<Faults>
+    <Fault trigger=3D"TIMER" trigger_condition=3D"10000000000" target=3D"I=
RQ" target_data=3D"77" fault_data=3D"0" />
+    <Fault trigger=3D"TIMER" trigger_condition=3D"10000000000" target=3D"M=
MIO" target_data=3D"0x09050060" fault_data=3D"0x180" />
+    <Fault trigger=3D"TIMER" trigger_condition=3D"10000000000" target=3D"M=
MIO" target_data=3D"0x09050064" fault_data=3D"0x0" />
+</Faults>
+
+
+Example 4: Trigger a Custom SMMUv3 Command Queue Error
+After 10s of guest virtual time, this injects a custom SMMUv3 Command Queu=
e error into the SMMU device located at 0x09050000.
+
+<Faults>
+    <Fault trigger=3D"TIMER" trigger_condition=3D"10000000000" target=3D"C=
USTOM" fault_name=3D"smmu_gerror_cmdq" target_data=3D"0x09050000" fault_dat=
a=3D"1" />
+</Faults>
+
+
+Example 5: Inject a CPU Exception (SError)
+This injects a Virtual SError (Exception Index 24) when the CPU executes t=
he instruction at 0xffff8000802dfed0. The syndrome register is set to the v=
alue 0xbf000002.
+
+<Faults>
+    <Fault trigger=3D"PC" trigger_condition=3D"0xffff8000802dfed0" target=
=3D"EXCP" target_data=3D"24" fault_data=3D"0xbf000002" />
+</Faults>
--=20
2.43.0