> -----Original Message-----
> From: Eric Auger <[email protected]>
> Sent: 02 February 2026 12:59
> To: Shameer Kolothum Thodi <[email protected]>; qemu-
> [email protected]; [email protected]
> Cc: [email protected]; Nicolin Chen <[email protected]>; Nathan
> Chen <[email protected]>; Matt Ochs <[email protected]>; Jason
> Gunthorpe <[email protected]>; [email protected];
> [email protected]; [email protected]; Krishnakant Jaju
> <[email protected]>
> Subject: Re: [PATCH v3 4/4] hw/arm/smmuv3-accel: Read and propagate host
> vIOMMU events
>
> External email: Use caution opening links or attachments
>
>
> Hi Shameer,
>
> On 1/27/26 11:33 AM, Shameer Kolothum wrote:
> > Install an event handler on the vEVENTQ fd to read and propagate host
> > generated vIOMMU events to the guest.
> >
> > The handler runs in QEMU’s main loop, using a non-blocking fd registered
> > via qemu_set_fd_handler().
> >
> > Tested-by: Nicolin Chen <[email protected]>
> > Signed-off-by: Shameer Kolothum <[email protected]>
> > ---
> > hw/arm/smmuv3-accel.c | 60
> +++++++++++++++++++++++++++++++++++++++++++
> > hw/arm/smmuv3-accel.h | 2 ++
> > 2 files changed, 62 insertions(+)
> >
> > diff --git a/hw/arm/smmuv3-accel.c b/hw/arm/smmuv3-accel.c
> > index e8028d4be5..ab57eae575 100644
> > --- a/hw/arm/smmuv3-accel.c
> > +++ b/hw/arm/smmuv3-accel.c
> > @@ -390,6 +390,60 @@ bool
> smmuv3_accel_issue_inv_cmd(SMMUv3State *bs, void *cmd, SMMUDevice
> *sdev,
> > sizeof(Cmd), &entry_num, cmd, errp);
> > }
> >
> > +static void smmuv3_accel_event_read(void *opaque)
> > +{
> > + SMMUv3State *s = opaque;
> > + SMMUv3AccelState *accel = s->s_accel;
> > + struct {
> > + struct iommufd_vevent_header hdr;
> > + struct iommu_vevent_arm_smmuv3 vevent;
> > + } buf;
> > + ssize_t readsz = sizeof(buf);
> > + uint32_t last_seq = accel->last_event_seq;
> > + ssize_t bytes;
> > +
> > + bytes = read(accel->veventq->veventq_fd, &buf, readsz);
> in case we receive a header with LOST_EVENTS at the end of tail, no data
> is expected. So I am not sure you will be able to handle that case.
Good catch. We need to check bytes < sizeof(hdr) first to cover
that.
> > + if (bytes <= 0) {
> > + if (errno == EAGAIN || errno == EINTR) {
> > + return;
> > + }
> > + error_report("vEVENTQ: read failed (%m)");
> _once?
> > + return;
> > + }
> > +
> > + if (bytes < readsz) {
> > + error_report("vEVENTQ: incomplete read (%zd/%zd bytes)", bytes,
> readsz);
> > + return;
> > + }
> > +
> > + if (buf.hdr.flags & IOMMU_VEVENTQ_FLAG_LOST_EVENTS) {
> > + error_report("vEVENTQ has lost events");
> > + accel->event_start = false;
> > + accel->last_event_seq = 0;
> actually I read again the include/uapi/linux/iommufd.h and nothing tells
> sequence == 0 after a LOST_EVENTS.
Yes. Sequence looks to be continuous.
> > + return;
> > + }
> > +
> > + /* Check sequence in hdr for lost events if any */
> > + if (accel->event_start) {
> > + uint32_t expected = (last_seq == INT_MAX) ? 0 : last_seq + 1;
> > +
> > + if (buf.hdr.sequence != expected) {
> But can this happen? Normally you should have a LOST_EVENTS reported by
> the kernel, no?
From the header:
"
And this sequence index is expected to be monotonic to the sequence index of
the previous vEVENT. If two adjacent sequence indexes has a delta larger than
1, it means that delta - 1 number of vEVENTs has lost, e.g. two lost vEVENTs:
"
It doesn't say the FLAG_LOST_EVEN will be set for above.
AFAICS, the only case where the flag set is for below one:
"
If a vEVENT lost at the tail of the vEVENTQ and there is no following vEVENT
providing the next sequence index, an IOMMU_VEVENTQ_FLAG_LOST_EVENTS
header would be added to the tail, and no data would follow this header:
"
*
> > + uint32_t delta;
> > +
> > + if (buf.hdr.sequence >= last_seq) {
> > + delta = buf.hdr.sequence - last_seq;
> > + } else {
> > + /* Handle wraparound from INT_MAX */
> > + delta = (INT_MAX - last_seq) + buf.hdr.sequence + 1;
> > + }
> > + error_report_once("vEVENTQ: detected lost %u event(s)", delta
> > - 1);
> > + }
> > + }
> > + accel->last_event_seq = buf.hdr.sequence;
> > + accel->event_start = true;
> > + smmuv3_propagate_event(s, (Evt *)&buf.vevent);
> > +}
> > +
> > static void smmuv3_accel_free_veventq(SMMUv3AccelState *accel)
> > {
> > IOMMUFDVeventq *veventq = accel->veventq;
> > @@ -397,6 +451,8 @@ static void
> smmuv3_accel_free_veventq(SMMUv3AccelState *accel)
> > if (!veventq) {
> > return;
> > }
> > + qemu_set_fd_handler(veventq->veventq_fd, NULL, NULL, NULL);
> > + close(veventq->veventq_fd);
> > iommufd_backend_free_id(accel->viommu->iommufd, veventq-
> >veventq_id);
> > g_free(veventq);
> > accel->veventq = NULL;
> > @@ -439,6 +495,10 @@ bool smmuv3_accel_alloc_veventq(SMMUv3State
> *s, Error **errp)
> > veventq->veventq_fd = veventq_fd;
> > veventq->viommu = accel->viommu;
> > accel->veventq = veventq;
> > +
> > + /* Set up event handler for veventq fd */
> > + fcntl(veventq_fd, F_SETFL, O_NONBLOCK);
> Looks this can fail.
Ok. Will add a check.
Thanks,
Shameer
