This code is aimed at testing multiple IRQ injection with
user-side handled eventfds. Principle is a timer periodically
triggers an IRQ at VFIO driver level. Then this IRQ follows
regular VFIO driver -> eventfd trigger -> user-side eventfd handler.
The IRQ is not injected into the guest. the IRQ is completed
on another timer timeout to emulate eoi on write/read access.

for instance, following options
set vfio platform IRQ indexed #1 and #2 as fake IRQ

Signed-off-by: Eric Auger <>


this modality was used to test calxeda xgmac assignment with
main IRQ generated by the HW and IRQ #1 and #2 as fake IRQs
 hw/vfio/platform.c              | 131 +++++++++++++++++++++++++++++++++++++++-
 include/hw/vfio/vfio-platform.h |  13 ++++
 trace-events                    |   3 +
 3 files changed, 145 insertions(+), 2 deletions(-)

diff --git a/hw/vfio/platform.c b/hw/vfio/platform.c
index 9987b25..93aa94a 100644
--- a/hw/vfio/platform.c
+++ b/hw/vfio/platform.c
@@ -25,6 +25,8 @@
 #include "hw/sysbus.h"
 #include "trace.h"
+#define MAX_FAKE_INTP 5
 static void vfio_intp_interrupt(VFIOINTp *intp);
 typedef void (*eventfd_user_side_handler_t)(VFIOINTp *intp);
 static int vfio_set_trigger_eventfd(VFIOINTp *intp,
@@ -141,6 +143,27 @@ static void vfio_intp_mmap_enable(void *opaque)
+ * vfio_fake_intp_index - returns the fake IRQ index
+ *
+ * @intp the interrupt struct pointer
+ * if the IRQ is not fake, returns < 0
+ * if it is fake returns the index of the fake IRQ
+ * ie the index i for which x-fake-irq[i]=intp->pin
+ */
+static int vfio_fake_intp_index(VFIOINTp *intp)
+    VFIOPlatformDevice *vdev = intp->vdev;
+    int i;
+    for (i = 0; i < MAX_FAKE_INTP; i++) {
+        if (intp->pin == vdev->fake_intp_index[i]) {
+            return i;
+        }
+    }
+    return -1;
  * vfio_intp_interrupt - The user-side eventfd handler
  * @opaque: opaque pointer which in practice is the VFIOINTp*
@@ -199,8 +222,18 @@ static void vfio_intp_interrupt(VFIOINTp *intp)
     /* sets slow path */
     vfio_mmap_set_enabled(vdev, false);
-    /* trigger the virtual IRQ */
-    qemu_set_irq(intp->qemuirq, 1);
+    if (intp->fake_intp_index < 0) {
+        /* trigger the virtual IRQ */
+        qemu_set_irq(intp->qemuirq, 1);
+    } else {
+        /*
+         * the vIRQ is not triggered but we emulate a handling
+         * duration
+         */
+        timer_mod(intp->fake_eoi_timer,
+                  qemu_clock_get_ms(QEMU_CLOCK_VIRTUAL) +
+                      intp->fake_intp_duration);
+    }
     /* schedule the mmap timer which will restore mmap path after EOI*/
     if (vdev->mmap_timeout) {
@@ -231,9 +264,64 @@ static int vfio_start_eventfd_injection(VFIOINTp *intp)
         return ret;
     vfio_unmask_irqindex(vbasedev, intp->pin);
+    /* in case of fake irq, starts its injection */
+    if (intp->fake_intp_index >= 0) {
+        timer_mod(intp->fake_intp_timer,
+                  qemu_clock_get_ms(QEMU_CLOCK_VIRTUAL) +
+                  intp->fake_intp_period);
+    }
     return 0;
+ * vfio_fake_intp_eoi - fake interrupt completion routine
+ * @opaque: actually is an IRQ struct pointer
+ *
+ * called on timer handler context
+ */
+static void vfio_fake_intp_eoi(void *opaque)
+    VFIOINTp *intp = (VFIOINTp *)opaque;
+    trace_vfio_fake_intp_eoi(intp->pin);
+    vfio_platform_eoi(&intp->vdev->vbasedev);
+ * vfio_fake_intp_eoi - fake interrupt injection routine
+ * @opaque: actually is an IRQ struct pointer
+ *
+ * called on timer context
+ * use the VFIO loopback mode, ie. triggers the eventfd
+ * associated to the intp->pin although no physical IRQ hit.
+ */
+static void vfio_fake_intp_injection(void *opaque)
+    VFIOINTp *intp = (VFIOINTp *)opaque;
+    VFIODevice *vbasedev = &intp->vdev->vbasedev;
+    struct vfio_irq_set *irq_set;
+    int argsz, ret;
+    int32_t *pfd;
+    argsz = sizeof(*irq_set) + sizeof(*pfd);
+    irq_set = g_malloc0(argsz);
+    irq_set->argsz = argsz;
+    irq_set->index = intp->pin;
+    irq_set->start = 0;
+    irq_set->count = 1;
+    ret = ioctl(vbasedev->fd, VFIO_DEVICE_SET_IRQS, irq_set);
+    g_free(irq_set);
+    if (ret < 0) {
+        error_report("vfio: Failed to trigger fake IRQ: %m");
+    } else {
+        trace_vfio_fake_intp_injection(intp->pin);
+        timer_mod(intp->fake_intp_timer,
+                  qemu_clock_get_ms(QEMU_CLOCK_VIRTUAL) +
+                      intp->fake_intp_period);
+    }
  * Functions used whatever the injection method
@@ -304,6 +392,23 @@ static VFIOINTp *vfio_init_intp(VFIODevice *vbasedev, 
unsigned int index)
     intp->vdev = vdev;
     intp->pin = index;
     intp->state = VFIO_IRQ_INACTIVE;
+    intp->fake_intp_index = vfio_fake_intp_index(intp);
+    if (intp->fake_intp_index >= 0) {
+        intp->fake_intp_timer = timer_new_ms(QEMU_CLOCK_VIRTUAL,
+                                         vfio_fake_intp_injection,
+                                         intp);
+        intp->fake_eoi_timer = timer_new_ms(QEMU_CLOCK_VIRTUAL,
+                                         vfio_fake_intp_eoi,
+                                         intp);
+        intp->fake_intp_period  =
+            vdev->fake_intp_period[intp->fake_intp_index];
+        intp->fake_intp_duration  =
+            vdev->fake_intp_duration[intp->fake_intp_index];
+        trace_vfio_init_intp_fake(intp->fake_intp_index,
+                                  intp->fake_intp_period,
+                                  intp->fake_intp_duration);
+    }
     sysbus_init_irq(sbdev, &intp->qemuirq);
     /* Get an eventfd for trigger */
@@ -524,6 +629,20 @@ static void vfio_map_region(VFIOPlatformDevice *vdev, int 
+static void vfio_platform_initfn(Object *obj)
+    int i;
+    qdev_prop_set_uint32(DEVICE(obj), "len-x-fake-irq", MAX_FAKE_INTP);
+    qdev_prop_set_uint32(DEVICE(obj), "len-x-fake-period", MAX_FAKE_INTP);
+    qdev_prop_set_uint32(DEVICE(obj), "len-x-fake-duration", MAX_FAKE_INTP);
+    for (i = 0; i < MAX_FAKE_INTP; i++) {
+        char *propname = g_strdup_printf("x-fake-irq[%d]", i);
+        qdev_prop_set_uint32(DEVICE(obj), propname, -1);
+    }
  * vfio_platform_realize  - the device realize function
  * @dev: device state pointer
@@ -566,6 +685,13 @@ static const VMStateDescription vfio_platform_vmstate = {
 static Property vfio_platform_dev_properties[] = {
     DEFINE_PROP_STRING("host", VFIOPlatformDevice,,
     DEFINE_PROP_STRING("compat", VFIOPlatformDevice, compat),
+    DEFINE_PROP_ARRAY("x-fake-irq", VFIOPlatformDevice, len_x_fake_irq,
+                      fake_intp_index, qdev_prop_uint32, uint32_t),
+    DEFINE_PROP_ARRAY("x-fake-period", VFIOPlatformDevice, len_x_fake_period,
+                      fake_intp_period, qdev_prop_uint32, uint32_t),
+    DEFINE_PROP_ARRAY("x-fake-duration", VFIOPlatformDevice,
+                      len_x_fake_duration, fake_intp_duration,
+                      qdev_prop_uint32, uint32_t),
     DEFINE_PROP_UINT32("mmap-timeout-ms", VFIOPlatformDevice,
                        mmap_timeout, 1100),
@@ -587,6 +713,7 @@ static const TypeInfo vfio_platform_dev_info = {
     .parent = TYPE_SYS_BUS_DEVICE,
     .instance_size = sizeof(VFIOPlatformDevice),
     .class_init = vfio_platform_class_init,
+    .instance_init = vfio_platform_initfn,
     .class_size = sizeof(VFIOPlatformDeviceClass),
     .abstract   = true,
diff --git a/include/hw/vfio/vfio-platform.h b/include/hw/vfio/vfio-platform.h
index c7e10cc..95ece9d 100644
--- a/include/hw/vfio/vfio-platform.h
+++ b/include/hw/vfio/vfio-platform.h
@@ -42,6 +42,12 @@ typedef struct VFIOINTp {
     bool kvm_accel; /* set when QEMU bypass through KVM enabled */
     uint8_t pin; /* index */
     uint8_t virtualID; /* virtual IRQ */
+    /* fake irq injection test modality */
+    int fake_intp_index;
+    QEMUTimer *fake_intp_timer; /* fake IRQ injection timer */
+    QEMUTimer *fake_eoi_timer; /* timer to handle fake IRQ completion */
+    uint32_t fake_intp_period; /* delay between fake IRQ injections */
+    uint32_t fake_intp_duration; /* duration of the IRQ */
 typedef int (*start_irq_fn_t)(VFIOINTp *intp);
@@ -58,6 +64,13 @@ typedef struct VFIOPlatformDevice {
     QEMUTimer *mmap_timer; /* enable mmaps after periods w/o interrupts */
     start_irq_fn_t start_irq_fn;
     QemuMutex  intp_mutex;
+    /* fake irq injection test modality */
+    int32_t *fake_intp_index; /* array of fake IRQ indexes */
+    uint32_t *fake_intp_period; /* delay between fake IRQ injections */
+    uint32_t *fake_intp_duration; /* duration of the vIRQ handling*/
+    uint32_t len_x_fake_irq;
+    uint32_t len_x_fake_period;
+    uint32_t len_x_fake_duration;
 } VFIOPlatformDevice;
diff --git a/trace-events b/trace-events
index b0411e9..61f3cba 100644
--- a/trace-events
+++ b/trace-events
@@ -1387,7 +1387,10 @@ vfio_platform_populate_regions(int region_index, 
unsigned long flag, unsigned lo
 vfio_platform_base_device_init(char *name, int groupid) "%s belongs to group 
 vfio_platform_realize(char *name, char *compat) "vfio device %s, compat = %s"
 vfio_intp_interrupt_set_pending(int index) "irq %d is set PENDING"
+vfio_fake_intp_injection(int index) "fake irq %d injected"
 vfio_platform_eoi_handle_pending(int index) "handle PENDING IRQ %d"
+vfio_fake_intp_eoi(int index) "eoi fake IRQ %d"
+vfio_init_intp_fake(int index, int period, int duration) "fake irq index = %d, 
duration = %d, period=%d"
 mhp_acpi_invalid_slot_selected(uint32_t slot) "0x%"PRIx32

Reply via email to