From nobody Mon Feb 9 08:30:47 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=gmail.com ARC-Seal: i=1; a=rsa-sha256; t=1769602476; cv=none; d=zohomail.com; s=zohoarc; b=VQg6bDCzeOwj1XOSDGdvROQzDgY2NMFTGfG2BYPR4MHvYmKjgJDaEKgrbf2CVa3x+8URSg80pgcpmowMmJDhwoNhJnz04QUsrKYHGTFQv1dBn3llG+zmbbas6S+8fxCYpyZMMnPRH1ZW+h+FIR9xWhenSDyyyLsAm7NOJg2UcBg= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1769602476; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=sEqaielhWrqTrvFMqDcZTsQQgAwTYruDhFf1ULlHOCQ=; b=M5J9r2yiMUaYteuBZzOWr0NC8XsRX92wz63akDoT2p1taYCnHo/PYcVA7WUCQLunpErwG5GDEtcfC3kG+zmtd05CJ7953PVZEeOj17hB5kQ2khSQaxUaLh9qyb8Rd7YQdvsZZ9h8y6RC15uQxTUHiy1N+DCVMLfyTcCoEhLWuXk= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1769602476794232.36889551904858; Wed, 28 Jan 2026 04:14:36 -0800 (PST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vl4OW-0004K5-10; Wed, 28 Jan 2026 07:11:38 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vl4N9-00044f-4s for qemu-devel@nongnu.org; Wed, 28 Jan 2026 07:10:12 -0500 Received: from mail-pf1-x443.google.com ([2607:f8b0:4864:20::443]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1vl4N2-00084I-B7 for qemu-devel@nongnu.org; Wed, 28 Jan 2026 07:10:10 -0500 Received: by mail-pf1-x443.google.com with SMTP id d2e1a72fcca58-81e821c3d4eso6275305b3a.3 for ; Wed, 28 Jan 2026 04:10:01 -0800 (PST) Received: from ZEVORN-PC.bbrouter ([183.195.22.224]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-82379c24083sm2503153b3a.55.2026.01.28.04.09.57 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 28 Jan 2026 04:10:00 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1769602201; x=1770207001; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=sEqaielhWrqTrvFMqDcZTsQQgAwTYruDhFf1ULlHOCQ=; b=EEOaMdyug+c3pZM9gFU1EtfMi5SkmfGsZhcVEAqoCcWKGL5utKgz5/YTr7milmePYq Rtzs3zeWTBd3D1tSU3DmJUMv9l60X2WKetE8hCP7fMuFCBK88PHiYipJeCcabpjjqnfm NKlFWceL6Qr6bSCXxFxPnbxNxzUKMgJbkuZ7dhp5KXlGwBqDnbSdkgQK5kebf3OoEhwQ FG01sd8Elqsu1NgGwNbzTBJ3x2rca20jqmapwM7cqXUuhVkYLrul+HGp/Jt71jeS8S97 5PNJ1gQDN038wqb3lD5UC6+tHppQgCe4o89GPNrhvowunXeP1KnYXEUBYX/NVzf6t5ZC ekng== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1769602201; x=1770207001; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=sEqaielhWrqTrvFMqDcZTsQQgAwTYruDhFf1ULlHOCQ=; b=q2P77k9WO5ZFZg65zyhte7+IaPILK8wHXIf0AldC228rhd7QbQiSFzHJHpEV20jLFG cahhVjIdJvLJ1YfqIX7dFgU4sCLWaIoW1gun6dOlP/MwXXRb9x2Qf3yj8PDQeHf2Ee8K SnFsKay1YOPi+tZkmdcdsyVaOG/lCP7RaQKAUMIJ6rRrC7TM7u3tbbFfLMK0PnTrqYnw q6eEbk8RmjrTyzL/SgMGkW04+qJfVXs4mLGK0+RsnAvXSooB2hTDzDMMjkIM7apQk89M 3bcs7gzJ1zC+226cJoeRn+iJDhcpF3kFdTYWyV5aIb83qfFxbqn438ljwIB9Vt5G67xp oHWw== X-Gm-Message-State: AOJu0YzUv+z0d5JVglV7GucpKSnGDmlsD5GVwA17t4SLnOxMA6N5pg6E v6Ionie3wVniiPkZd5tKYm3iaO7yyl/AdrQIaWXpgeuvbDe3m/mlWSiU X-Gm-Gg: AZuq6aJc2UzWm+H4KxvExp3JJRSMV4Uf46mlOQSZDhGHFQu29FhAj/rtM338LlJRTgR CJXBr2+AGlWlktEU6uipnxa4CkYp7wOYXlHcdruLN8NzpBOTZLrQOZxGquXgDhDq4U714NTZDeU 3cGyPi3pcJkOpY5FaQLWtjbHV2iDNvzxZSdBH8Rzg2gznVd1NQxBt8jg1+yPGrCYZkKSIXhJnLI pfpH5yd09iaAdRbMPvQy2KdtuVABT5xDCGQLls7AKEjDmczvu2Qw1mIMUFg4bOUaGTv4Kcqesa/ jqn7H8cXCCcl96RAImp9f+QtQEE4YJoMxqHRjs+miZi3NFEhQlGzse6x4+71hNxNtuxU8aCUS5P A+TD5zzjJeH0u7nXEOkbLZsuZkBllkVqDNR3H0kV9gG1DXqlBbNAoBh/kfOampNBJce7sNt9r+R +kZIAD+hdbp4OQk0wj6F9OyX7egtFKRiqJ2oBEDAADoO6JuBJmC+Y9P+YpEsopDX8RF+VoNQ== X-Received: by 2002:a05:6a00:159b:b0:81f:4d18:65c4 with SMTP id d2e1a72fcca58-823692f4bb5mr4513735b3a.59.1769602200440; Wed, 28 Jan 2026 04:10:00 -0800 (PST) From: Chao Liu To: Alistair Francis , Daniel Henrique Barboza , Palmer Dabbelt , Weiwei Li , Liu Zhiwei , Fabiano Rosas , Laurent Vivier , Paolo Bonzini , Tao Tang Cc: qemu-devel@nongnu.org, qemu-riscv@nongnu.org, hust-os-kernel-patches@googlegroups.com, Chao Liu Subject: [RFC PATCH v1 1/2] tests/qtest/libqos: Add RISC-V IOMMU helper library Date: Wed, 28 Jan 2026 20:09:08 +0800 Message-ID: X-Mailer: git-send-email 2.52.0 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=2607:f8b0:4864:20::443; envelope-from=chao.liu.zevorn@gmail.com; helo=mail-pf1-x443.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @gmail.com) X-ZM-MESSAGEID: 1769602479730154100 Content-Type: text/plain; charset="utf-8" Introduce a libqos helper module for RISC-V IOMMU testing with iommu-testdev. The helper provides routines to: - Build device contexts (DC) and 3-level page tables for SV39/SV39x4 - Program command queue (CQ), fault queue (FQ), and DDTP registers following the RISC-V IOMMU specification - Execute DMA translations and verify results The current implementation supports SV39 for S-stage and SV39x4 for G-stage translation. Support for SV48/SV48x4/SV57/SV57x4 can be added in future patches. Signed-off-by: Chao Liu Reviewed-by: Daniel Henrique Barboza --- MAINTAINERS | 1 + tests/qtest/libqos/meson.build | 2 +- tests/qtest/libqos/qos-riscv-iommu.c | 400 +++++++++++++++++++++++++++ tests/qtest/libqos/qos-riscv-iommu.h | 172 ++++++++++++ 4 files changed, 574 insertions(+), 1 deletion(-) create mode 100644 tests/qtest/libqos/qos-riscv-iommu.c create mode 100644 tests/qtest/libqos/qos-riscv-iommu.h diff --git a/MAINTAINERS b/MAINTAINERS index dc31be033e..894e05bd2c 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -3583,6 +3583,7 @@ M: Tao Tang S: Maintained F: tests/qtest/libqos/qos-iommu* F: tests/qtest/libqos/qos-smmuv3* +F: tests/qtest/libqos/qos-riscv-iommu* =20 Device Fuzzing M: Alexander Bulekov diff --git a/tests/qtest/libqos/meson.build b/tests/qtest/libqos/meson.build index b4daec808f..4a69acad0d 100644 --- a/tests/qtest/libqos/meson.build +++ b/tests/qtest/libqos/meson.build @@ -71,7 +71,7 @@ if have_virtfs endif =20 if config_all_devices.has_key('CONFIG_RISCV_IOMMU') - libqos_srcs +=3D files('riscv-iommu.c') + libqos_srcs +=3D files('riscv-iommu.c', 'qos-riscv-iommu.c') endif if config_all_devices.has_key('CONFIG_TPCI200') libqos_srcs +=3D files('tpci200.c') diff --git a/tests/qtest/libqos/qos-riscv-iommu.c b/tests/qtest/libqos/qos-= riscv-iommu.c new file mode 100644 index 0000000000..34ed3df84a --- /dev/null +++ b/tests/qtest/libqos/qos-riscv-iommu.c @@ -0,0 +1,400 @@ +/* + * QOS RISC-V IOMMU Module + * + * This module provides RISC-V IOMMU-specific helper functions for libqos = tests, + * encapsulating RISC-V IOMMU setup, and assertions. + * + * Copyright (c) 2026 Chao Liu + * + * SPDX-License-Identifier: GPL-2.0-or-later + */ + +#include "qemu/osdep.h" +#include "qemu/bitops.h" +#include "hw/riscv/riscv-iommu-bits.h" +#include "tests/qtest/libqos/pci.h" +#include "qos-iommu-testdev.h" +#include "qos-riscv-iommu.h" + +/* Apply space offset to address */ +static inline uint64_t qriommu_apply_space_offs(uint64_t address) +{ + return address + QRIOMMU_SPACE_OFFS; +} + +static uint64_t qriommu_encode_pte(uint64_t pa, uint64_t attrs) +{ + return ((pa >> 12) << 10) | attrs; +} + +static void qriommu_wait_for_queue_active(QTestState *qts, uint64_t iommu_= base, + uint32_t queue_csr, uint32_t on_= bit) +{ + guint64 timeout_us =3D 2 * 1000 * 1000; + gint64 start_time =3D g_get_monotonic_time(); + uint32_t reg; + + for (;;) { + qtest_clock_step(qts, 100); + + reg =3D qtest_readl(qts, iommu_base + queue_csr); + if (reg & on_bit) { + return; + } + g_assert(g_get_monotonic_time() - start_time <=3D timeout_us); + } +} + +uint32_t qriommu_expected_dma_result(QRIOMMUTestContext *ctx) +{ + return ctx->config.expected_result; +} + +uint32_t qriommu_build_dma_attrs(void) +{ + /* RISC-V IOMMU uses standard AXI attributes */ + return 0; +} + +uint32_t qriommu_setup_and_enable_translation(QRIOMMUTestContext *ctx) +{ + uint32_t build_result; + + /* Build page tables and RISC-V IOMMU structures first */ + build_result =3D qriommu_build_translation( + ctx->qts, ctx->config.trans_mode, + ctx->device_id); + if (build_result !=3D 0) { + g_test_message("Build failed: mode=3D%u device_id=3D%u status=3D0x= %x", + ctx->config.trans_mode, ctx->device_id, build_resul= t); + ctx->trans_status =3D build_result; + return ctx->trans_status; + } + + /* Program RISC-V IOMMU registers */ + qriommu_program_regs(ctx->qts, ctx->iommu_base); + + ctx->trans_status =3D 0; + return ctx->trans_status; +} + +static bool qriommu_validate_test_result(QRIOMMUTestContext *ctx) +{ + uint32_t expected =3D qriommu_expected_dma_result(ctx); + g_test_message("-> Validating result: expected=3D0x%x actual=3D0x%x", + expected, ctx->dma_result); + return (ctx->dma_result =3D=3D expected); +} + +static uint32_t qriommu_single_translation_setup(void *opaque) +{ + return qriommu_setup_and_enable_translation(opaque); +} + +static uint32_t qriommu_single_translation_attrs(void *opaque) +{ + return qriommu_build_dma_attrs(); +} + +static bool qriommu_single_translation_validate(void *opaque) +{ + return qriommu_validate_test_result(opaque); +} + +static void qriommu_single_translation_report(void *opaque, + uint32_t dma_result) +{ + QRIOMMUTestContext *ctx =3D opaque; + + if (dma_result !=3D 0) { + g_test_message("DMA failed: mode=3D%u result=3D0x%x", + ctx->config.trans_mode, dma_result); + } else { + g_test_message("-> DMA succeeded: mode=3D%u", + ctx->config.trans_mode); + } +} + +void qriommu_run_translation_case(QTestState *qts, QPCIDevice *dev, + QPCIBar bar, uint64_t iommu_base, + const QRIOMMUTestConfig *cfg) +{ + QRIOMMUTestContext ctx =3D { + .qts =3D qts, + .dev =3D dev, + .bar =3D bar, + .iommu_base =3D iommu_base, + .config =3D *cfg, + .device_id =3D dev->devfn, + }; + + QOSIOMMUTestdevDmaCfg dma =3D { + .dev =3D dev, + .bar =3D bar, + .iova =3D QRIOMMU_IOVA, + .gpa =3D ctx.config.dma_gpa, + .len =3D ctx.config.dma_len, + }; + + qtest_memset(qts, cfg->dma_gpa, 0x00, cfg->dma_len); + qos_iommu_testdev_single_translation(&dma, &ctx, + qriommu_single_translation_setup, + qriommu_single_translation_attrs, + qriommu_single_translation_valida= te, + qriommu_single_translation_report, + &ctx.dma_result); + + if (ctx.dma_result =3D=3D 0 && ctx.config.expected_result =3D=3D 0) { + g_autofree uint8_t *buf =3D NULL; + + buf =3D g_malloc(ctx.config.dma_len); + qtest_memread(ctx.qts, ctx.config.dma_gpa, buf, ctx.config.dma_len= ); + + for (int i =3D 0; i < ctx.config.dma_len; i++) { + uint8_t expected; + + expected =3D (ITD_DMA_WRITE_VAL >> ((i % 4) * 8)) & 0xff; + g_assert_cmpuint(buf[i], =3D=3D, expected); + } + } +} + +static uint32_t qriommu_get_table_index(uint64_t addr, int level) +{ + /* SV39: 39-bit virtual address, 3-level page table */ + switch (level) { + case 0: + return (addr >> 30) & 0x1ff; /* L0: bits [38:30] */ + case 1: + return (addr >> 21) & 0x1ff; /* L1: bits [29:21] */ + case 2: + return (addr >> 12) & 0x1ff; /* L2: bits [20:12] */ + default: + g_assert_not_reached(); + } +} + +static uint64_t qriommu_get_table_addr(uint64_t base, int level, uint64_t = iova) +{ + uint32_t index =3D qriommu_get_table_index(iova, level); + return (base & QRIOMMU_PTE_PPN_MASK) + (index * 8); +} + +static void qriommu_map_leaf(QTestState *qts, uint64_t root_pa, + uint64_t l0_pa, uint64_t l1_pa, + uint64_t l0_pte_val, uint64_t l1_pte_val, + uint64_t va, uint64_t pa, uint64_t leaf_attrs) +{ + uint64_t l0_addr =3D qriommu_get_table_addr(root_pa, 0, va); + uint64_t l1_addr =3D qriommu_get_table_addr(l0_pa, 1, va); + uint64_t l2_addr =3D qriommu_get_table_addr(l1_pa, 2, va); + + qtest_writeq(qts, l0_addr, l0_pte_val); + qtest_writeq(qts, l1_addr, l1_pte_val); + qtest_writeq(qts, l2_addr, qriommu_encode_pte(pa, leaf_attrs)); +} + +static uint64_t qriommu_get_pte_attrs(QRIOMMUTransMode mode, bool is_leaf) +{ + if (!is_leaf) { + return QRIOMMU_NON_LEAF_PTE_MASK; + } + + /* For leaf PTE, set RWX permissions */ + return QRIOMMU_LEAF_PTE_RW_MASK; +} + +void qriommu_setup_translation_tables(QTestState *qts, + uint64_t iova, + QRIOMMUTransMode mode) +{ + uint64_t s_root =3D 0, s_l0_pte_val =3D 0, s_l1_pte_val =3D 0; + uint64_t s_l0_addr =3D 0, s_l1_addr =3D 0, s_l2_addr =3D 0, s_l2_pte_v= al =3D 0; + uint64_t s_l0_pa =3D 0, s_l1_pa =3D 0; + uint64_t s_l2_pa =3D qriommu_apply_space_offs(QRIOMMU_L2_PTE_VAL); + uint64_t s_l0_pa_real =3D 0, s_l1_pa_real =3D 0; + uint64_t s_l2_pa_real =3D qriommu_apply_space_offs(QRIOMMU_L2_PTE_VAL); + uint64_t non_leaf_attrs =3D qriommu_get_pte_attrs(mode, false); + uint64_t leaf_attrs =3D qriommu_get_pte_attrs(mode, true); + + if (mode !=3D QRIOMMU_TM_G_STAGE_ONLY) { + /* Setup S-stage 3-level page tables (SV39) */ + s_l0_pa =3D qriommu_apply_space_offs(QRIOMMU_L0_PTE_VAL); + s_l1_pa =3D qriommu_apply_space_offs(QRIOMMU_L1_PTE_VAL); + s_root =3D qriommu_apply_space_offs( + QRIOMMU_IOHGATP & QRIOMMU_PTE_PPN_MASK); + s_l2_pa =3D qriommu_apply_space_offs(QRIOMMU_L2_PTE_VAL); + + s_l0_pa_real =3D s_l0_pa; + s_l1_pa_real =3D s_l1_pa; + s_l2_pa_real =3D s_l2_pa; + + if (mode =3D=3D QRIOMMU_TM_NESTED) { + s_l0_pa =3D QRIOMMU_L0_PTE_VAL; + s_l1_pa =3D QRIOMMU_L1_PTE_VAL; + s_l2_pa =3D QRIOMMU_L2_PTE_VAL; + + s_l0_pa_real =3D qriommu_apply_space_offs(QRIOMMU_L0_PTE_VAL); + s_l1_pa_real =3D qriommu_apply_space_offs(QRIOMMU_L1_PTE_VAL); + s_l2_pa_real =3D qriommu_apply_space_offs(QRIOMMU_L2_PTE_VAL); + } + + s_l0_pte_val =3D qriommu_encode_pte(s_l0_pa, non_leaf_attrs); + s_l1_pte_val =3D qriommu_encode_pte(s_l1_pa, non_leaf_attrs); + + s_l0_addr =3D qriommu_get_table_addr(s_root, 0, iova); + qtest_writeq(qts, s_l0_addr, s_l0_pte_val); + + s_l1_addr =3D qriommu_get_table_addr(s_l0_pa_real, 1, iova); + qtest_writeq(qts, s_l1_addr, s_l1_pte_val); + + s_l2_addr =3D qriommu_get_table_addr(s_l1_pa_real, 2, iova); + s_l2_pte_val =3D qriommu_encode_pte(s_l2_pa, leaf_attrs); + qtest_writeq(qts, s_l2_addr, s_l2_pte_val); + } + + if (mode =3D=3D QRIOMMU_TM_G_STAGE_ONLY || mode =3D=3D QRIOMMU_TM_NEST= ED) { + uint64_t g_root =3D qriommu_apply_space_offs( + QRIOMMU_G_IOHGATP & QRIOMMU_PTE_PPN_MASK); + uint64_t g_l0_pa =3D qriommu_apply_space_offs(QRIOMMU_G_L0_PTE_VAL= ); + uint64_t g_l1_pa =3D qriommu_apply_space_offs(QRIOMMU_G_L1_PTE_VAL= ); + uint64_t g_l0_pte_val =3D qriommu_encode_pte(g_l0_pa, non_leaf_att= rs); + uint64_t g_l1_pte_val =3D qriommu_encode_pte(g_l1_pa, non_leaf_att= rs); + + if (mode =3D=3D QRIOMMU_TM_G_STAGE_ONLY) { + qriommu_map_leaf(qts, g_root, g_l0_pa, g_l1_pa, + g_l0_pte_val, g_l1_pte_val, + iova, s_l2_pa_real, leaf_attrs); + } else { + qriommu_map_leaf(qts, g_root, g_l0_pa, g_l1_pa, + g_l0_pte_val, g_l1_pte_val, + QRIOMMU_IOHGATP, s_root, leaf_attrs); + qriommu_map_leaf(qts, g_root, g_l0_pa, g_l1_pa, + g_l0_pte_val, g_l1_pte_val, + QRIOMMU_L0_PTE_VAL, s_l0_pa_real, leaf_attrs); + qriommu_map_leaf(qts, g_root, g_l0_pa, g_l1_pa, + g_l0_pte_val, g_l1_pte_val, + QRIOMMU_L1_PTE_VAL, s_l1_pa_real, leaf_attrs); + qriommu_map_leaf(qts, g_root, g_l0_pa, g_l1_pa, + g_l0_pte_val, g_l1_pte_val, + QRIOMMU_L2_PTE_VAL, s_l2_pa_real, leaf_attrs); + } + } +} + +uint32_t qriommu_build_translation(QTestState *qts, QRIOMMUTransMode mode, + uint32_t device_id) +{ + uint64_t dc_addr, dc_addr_real; + struct riscv_iommu_dc dc; + uint64_t iohgatp; + + qtest_memset(qts, qriommu_apply_space_offs(QRIOMMU_DDT_BASE), 0, 0x100= 0); + + dc_addr =3D device_id * sizeof(struct riscv_iommu_dc) + QRIOMMU_DC_BAS= E; + dc_addr_real =3D qriommu_apply_space_offs(dc_addr); + + /* Build Device Context (DC) */ + memset(&dc, 0, sizeof(dc)); + + switch (mode) { + case QRIOMMU_TM_BARE: + /* Pass-through mode: tc.V=3D1, no FSC/IOHGATP */ + dc.tc =3D RISCV_IOMMU_DC_TC_V; + break; + + case QRIOMMU_TM_S_STAGE_ONLY: + /* S-stage only: tc.V=3D1, set FSC */ + dc.tc =3D RISCV_IOMMU_DC_TC_V; + iohgatp =3D qriommu_apply_space_offs(QRIOMMU_IOHGATP); + /* FSC mode: SV39 (mode=3D8) */ + dc.fsc =3D (iohgatp >> 12) | (8ull << 60); + break; + + case QRIOMMU_TM_G_STAGE_ONLY: + /* G-stage only: tc.V=3D1, set IOHGATP */ + dc.tc =3D RISCV_IOMMU_DC_TC_V; + iohgatp =3D qriommu_apply_space_offs(QRIOMMU_G_IOHGATP); + /* IOHGATP mode: SV39x4 (mode=3D8) */ + dc.iohgatp =3D (iohgatp >> 12) | (8ull << 60); + break; + + case QRIOMMU_TM_NESTED: + /* Nested: tc.V=3D1, set both FSC and IOHGATP */ + dc.tc =3D RISCV_IOMMU_DC_TC_V; + /* FSC mode: SV39 (mode=3D8) */ + dc.fsc =3D (QRIOMMU_IOHGATP >> 12) | (8ull << 60); + /* IOHGATP mode: SV39x4 (mode=3D8) */ + iohgatp =3D qriommu_apply_space_offs(QRIOMMU_G_IOHGATP); + dc.iohgatp =3D (iohgatp >> 12) | (8ull << 60); + break; + + default: + g_assert_not_reached(); + } + + /* Write DC to memory */ + qtest_writeq(qts, dc_addr_real + 0, dc.tc); + qtest_writeq(qts, dc_addr_real + 8, dc.iohgatp); + qtest_writeq(qts, dc_addr_real + 16, dc.ta); + qtest_writeq(qts, dc_addr_real + 24, dc.fsc); + qtest_writeq(qts, dc_addr_real + 32, dc.msiptp); + qtest_writeq(qts, dc_addr_real + 40, dc.msi_addr_mask); + qtest_writeq(qts, dc_addr_real + 48, dc.msi_addr_pattern); + qtest_writeq(qts, dc_addr_real + 56, dc._reserved); + + /* Setup translation tables if not in BARE mode */ + if (mode !=3D QRIOMMU_TM_BARE) { + qriommu_setup_translation_tables(qts, QRIOMMU_IOVA, mode); + } + + return 0; +} + +void qriommu_program_regs(QTestState *qts, uint64_t iommu_base) +{ + uint64_t ddtp, cqb, fqb; + uint64_t cq_base, fq_base; + uint64_t cq_align, fq_align; + uint32_t cq_entries =3D QRIOMMU_QUEUE_ENTRIES; + uint32_t fq_entries =3D QRIOMMU_QUEUE_ENTRIES; + uint32_t cq_log2sz =3D ctz32(cq_entries) - 1; + uint32_t fq_log2sz =3D ctz32(fq_entries) - 1; + + cq_base =3D qriommu_apply_space_offs(QRIOMMU_CQ_BASE_ADDR); + fq_base =3D qriommu_apply_space_offs(QRIOMMU_FQ_BASE_ADDR); + + cq_align =3D MAX(0x1000ull, (uint64_t)cq_entries * QRIOMMU_CQ_ENTRY_SI= ZE); + fq_align =3D MAX(0x1000ull, (uint64_t)fq_entries * QRIOMMU_FQ_ENTRY_SI= ZE); + g_assert((cq_base & (cq_align - 1)) =3D=3D 0); + g_assert((fq_base & (fq_align - 1)) =3D=3D 0); + + /* Setup Command Queue */ + cqb =3D (cq_base >> 12) << 10 | cq_log2sz; + qtest_writeq(qts, iommu_base + RISCV_IOMMU_REG_CQB, cqb); + qtest_writel(qts, iommu_base + RISCV_IOMMU_REG_CQH, 0); + qtest_writel(qts, iommu_base + RISCV_IOMMU_REG_CQT, 0); + qtest_writel(qts, iommu_base + RISCV_IOMMU_REG_CQCSR, + RISCV_IOMMU_CQCSR_CQEN); + qriommu_wait_for_queue_active(qts, iommu_base, RISCV_IOMMU_REG_CQCSR, + RISCV_IOMMU_CQCSR_CQON); + + /* Setup Fault Queue */ + fqb =3D (fq_base >> 12) << 10 | fq_log2sz; + qtest_writeq(qts, iommu_base + RISCV_IOMMU_REG_FQB, fqb); + qtest_writel(qts, iommu_base + RISCV_IOMMU_REG_FQH, 0); + qtest_writel(qts, iommu_base + RISCV_IOMMU_REG_FQT, 0); + qtest_writel(qts, iommu_base + RISCV_IOMMU_REG_FQCSR, + RISCV_IOMMU_FQCSR_FQEN); + qriommu_wait_for_queue_active(qts, iommu_base, RISCV_IOMMU_REG_FQCSR, + RISCV_IOMMU_FQCSR_FQON); + + /* Set Device Directory Table Pointer (DDTP) */ + ddtp =3D qriommu_apply_space_offs(QRIOMMU_DDT_BASE); + g_assert((ddtp & 0xfff) =3D=3D 0); + ddtp =3D ((ddtp >> 12) << 10) | RISCV_IOMMU_DDTP_MODE_1LVL; + qtest_writeq(qts, iommu_base + RISCV_IOMMU_REG_DDTP, ddtp); + g_assert((qtest_readq(qts, iommu_base + RISCV_IOMMU_REG_DDTP) & + (RISCV_IOMMU_DDTP_PPN | RISCV_IOMMU_DDTP_MODE)) =3D=3D + (ddtp & (RISCV_IOMMU_DDTP_PPN | RISCV_IOMMU_DDTP_MODE))); +} diff --git a/tests/qtest/libqos/qos-riscv-iommu.h b/tests/qtest/libqos/qos-= riscv-iommu.h new file mode 100644 index 0000000000..1f4efbf682 --- /dev/null +++ b/tests/qtest/libqos/qos-riscv-iommu.h @@ -0,0 +1,172 @@ +/* + * QOS RISC-V IOMMU Module + * + * This module provides RISC-V IOMMU-specific helper functions for libqos = tests, + * encapsulating RISC-V IOMMU setup, and assertions. + * + * Copyright (c) 2026 Chao Liu + * + * SPDX-License-Identifier: GPL-2.0-or-later + */ + +#ifndef QTEST_LIBQOS_RISCV_IOMMU_H +#define QTEST_LIBQOS_RISCV_IOMMU_H + +#include "hw/misc/iommu-testdev.h" + +/* RISC-V IOMMU MMIO register base for virt machine */ +#define VIRT_RISCV_IOMMU_BASE 0x0000000003010000ull + +/* RISC-V IOMMU queue and table base addresses */ +#define QRIOMMU_CQ_BASE_ADDR 0x000000000e160000ull +#define QRIOMMU_FQ_BASE_ADDR 0x000000000e170000ull + +/* RISC-V IOMMU queue sizing */ +#define QRIOMMU_QUEUE_ENTRIES 1024 +#define QRIOMMU_CQ_ENTRY_SIZE 16 +#define QRIOMMU_FQ_ENTRY_SIZE 32 + +/* + * Translation tables and descriptors for RISC-V IOMMU. + * Similar to ARM SMMUv3, but using RISC-V IOMMU terminology: + * - Device Context (DC) instead of STE + * - First-stage context (FSC) for S-stage translation + * - IOHGATP for G-stage translation + * + * Granule size: 4KB pages + * Page table levels: 3 levels for SV39 (L0, L1, L2) + * IOVA size: 39-bit virtual address space + */ +#define QRIOMMU_IOVA 0x0000000080604567ull +#define QRIOMMU_IOHGATP 0x0000000000010000ull +#define QRIOMMU_DDT_BASE 0x0000000000014000ull +#define QRIOMMU_DC_BASE (QRIOMMU_DDT_BASE) + +#define QRIOMMU_L0_PTE_VAL 0x0000000000011000ull +#define QRIOMMU_L1_PTE_VAL 0x0000000000012000ull +#define QRIOMMU_L2_PTE_VAL 0x0000000000013000ull + +#define QRIOMMU_G_IOHGATP 0x0000000000020000ull +#define QRIOMMU_G_L0_PTE_VAL 0x0000000000021000ull +#define QRIOMMU_G_L1_PTE_VAL 0x0000000000022000ull + +/* RISC-V page table entry masks */ +#define QRIOMMU_PTE_V 0x0000000000000001ull +#define QRIOMMU_PTE_R 0x0000000000000002ull +#define QRIOMMU_PTE_W 0x0000000000000004ull +#define QRIOMMU_PTE_X 0x0000000000000008ull +#define QRIOMMU_PTE_U 0x0000000000000010ull +#define QRIOMMU_PTE_G 0x0000000000000020ull +#define QRIOMMU_PTE_A 0x0000000000000040ull +#define QRIOMMU_PTE_D 0x0000000000000080ull + +#define QRIOMMU_NON_LEAF_PTE_MASK (QRIOMMU_PTE_V) +#define QRIOMMU_LEAF_PTE_RW_MASK (QRIOMMU_PTE_V | QRIOMMU_PTE_R | \ + QRIOMMU_PTE_W | QRIOMMU_PTE_A | \ + QRIOMMU_PTE_D) +#define QRIOMMU_PTE_PPN_MASK 0x003ffffffffffc00ull + +/* Address-space base offset for test tables */ +#define QRIOMMU_SPACE_OFFS 0x0000000080000000ull + +typedef enum QRIOMMUTransMode { + QRIOMMU_TM_BARE =3D 0, /* No translation (pass-through) */ + QRIOMMU_TM_S_STAGE_ONLY =3D 1, /* First-stage only (S-stage) */ + QRIOMMU_TM_G_STAGE_ONLY =3D 2, /* Second-stage only (G-stage) */ + QRIOMMU_TM_NESTED =3D 3, /* Nested translation (S + G) */ +} QRIOMMUTransMode; + +typedef struct QRIOMMUTestConfig { + QRIOMMUTransMode trans_mode; /* Translation mode */ + uint64_t dma_gpa; /* GPA for readback validation */ + uint32_t dma_len; /* DMA length for testing */ + uint32_t expected_result; /* Expected DMA result */ +} QRIOMMUTestConfig; + +typedef struct QRIOMMUTestContext { + QTestState *qts; /* QTest state handle */ + QPCIDevice *dev; /* PCI device handle */ + QPCIBar bar; /* PCI BAR for MMIO access */ + QRIOMMUTestConfig config; /* Test configuration */ + uint64_t iommu_base; /* RISC-V IOMMU base address */ + uint32_t trans_status; /* Translation configuration status */ + uint32_t dma_result; /* DMA operation result */ + uint32_t device_id; /* Device ID for the test */ +} QRIOMMUTestContext; + +/* + * qriommu_setup_and_enable_translation - Complete translation setup and e= nable + * + * @ctx: Test context containing configuration and device handles + * + * Returns: Translation status (0 =3D success, non-zero =3D error) + * + * This function performs the complete translation setup sequence: + * 1. Builds all required RISC-V IOMMU structures (DC, page tables) + * 2. Programs RISC-V IOMMU registers + * 3. Returns configuration status + */ +uint32_t qriommu_setup_and_enable_translation(QRIOMMUTestContext *ctx); + +/* + * qriommu_build_translation - Build RISC-V IOMMU translation structures + * + * @qts: QTest state handle + * @mode: Translation mode (BARE, S_STAGE_ONLY, G_STAGE_ONLY, NESTED) + * @device_id: Device ID + * + * Returns: Build status (0 =3D success, non-zero =3D error) + * + * Constructs all necessary RISC-V IOMMU translation structures in guest m= emory: + * - Device Context (DC) for the given device ID + * - First-stage context (FSC) if S-stage translation is involved + * - Complete page table hierarchy based on translation mode + */ +uint32_t qriommu_build_translation(QTestState *qts, QRIOMMUTransMode mode, + uint32_t device_id); + +/* + * qriommu_program_regs - Program all required RISC-V IOMMU registers + * + * @qts: QTest state handle + * @iommu_base: RISC-V IOMMU base address + * + * Programs RISC-V IOMMU registers: + * - Device Directory Table Pointer (DDTP) + * - Command queue (base, head, tail) + * - Fault queue (base, head, tail) + * - Control and status registers + */ +void qriommu_program_regs(QTestState *qts, uint64_t iommu_base); + +/* + * qriommu_setup_translation_tables - Setup RISC-V IOMMU page table hierar= chy + * + * @qts: QTest state handle + * @iova: Input Virtual Address to translate + * @mode: Translation mode + * + * This function builds the complete page table structure for translating + * the given IOVA through the RISC-V IOMMU. The structure varies based on = mode: + * + * - BARE: No translation (pass-through) + * - S_STAGE_ONLY: Single S-stage walk (IOVA -> PA) + * - G_STAGE_ONLY: Single G-stage walk (IPA -> PA) + * - NESTED: S-stage walk (IOVA -> IPA) + G-stage walk (IPA -> PA) + */ +void qriommu_setup_translation_tables(QTestState *qts, + uint64_t iova, + QRIOMMUTransMode mode); + +/* High-level test execution helpers */ +void qriommu_run_translation_case(QTestState *qts, QPCIDevice *dev, + QPCIBar bar, uint64_t iommu_base, + const QRIOMMUTestConfig *cfg); + +/* Calculate expected DMA result */ +uint32_t qriommu_expected_dma_result(QRIOMMUTestContext *ctx); + +/* Build DMA attributes for RISC-V IOMMU */ +uint32_t qriommu_build_dma_attrs(void); + +#endif /* QTEST_LIBQOS_RISCV_IOMMU_H */ --=20 2.52.0