Tao Tang <[email protected]> writes:
> Add a qtest suite that validates ARM SMMUv3 translation without guest
> firmware or OS. The tests leverage iommu-testdev to trigger DMA
> operations and the qos-smmuv3 library to configure IOMMU translation
> structures.
>
> This test suite targets the virt machine and covers:
> - Stage 1 only translation (VA -> PA via CD page tables)
> - Stage 2 only translation (IPA -> PA via STE S2 tables)
> - Nested translation (VA -> IPA -> PA, Stage 1 + Stage 2)
> - Design to extended to support multiple security spaces
> (Non-Secure, Secure, Root, Realm)
>
> Each test case follows this sequence:
> 1. Initialize SMMUv3 with appropriate command/event queues
> 2. Build translation tables (STE/CD/PTE) for the target scenario
> 3. Configure iommu-testdev with IOVA and DMA attributes via MMIO
> 4. Trigger DMA and validate successful translation
> 5. Verify data integrity through a deterministic write-read pattern
>
> This bare-metal approach provides deterministic IOMMU testing with
> minimal dependencies, making failures directly attributable to the SMMU
> translation path.
>
> Signed-off-by: Tao Tang <[email protected]>
> Tested-by: Pierrick Bouvier <[email protected]>
> Reviewed-by: Pierrick Bouvier <[email protected]>
> ---
> tests/qtest/iommu-smmuv3-test.c | 131 ++++++++++++++++++++++++++++++++
> tests/qtest/meson.build | 1 +
> 2 files changed, 132 insertions(+)
> create mode 100644 tests/qtest/iommu-smmuv3-test.c
>
> diff --git a/tests/qtest/iommu-smmuv3-test.c b/tests/qtest/iommu-smmuv3-test.c
> new file mode 100644
> index 0000000000..96f66ee325
> --- /dev/null
> +++ b/tests/qtest/iommu-smmuv3-test.c
> @@ -0,0 +1,131 @@
> +/*
> + * QTest for SMMUv3 with iommu-testdev
> + *
> + * This QTest file is used to test the SMMUv3 with iommu-testdev so that we
> can
> + * test SMMUv3 without any guest kernel or firmware.
> + *
> + * Copyright (c) 2025 Phytium Technology
> + *
> + * Author:
> + * Tao Tang <[email protected]>
> + *
> + * SPDX-License-Identifier: GPL-2.0-or-later
> + */
> +
> +#include "qemu/osdep.h"
> +#include "libqtest.h"
> +#include "libqos/pci.h"
> +#include "libqos/generic-pcihost.h"
> +#include "hw/pci/pci_regs.h"
> +#include "hw/misc/iommu-testdev.h"
> +#include "libqos/qos-smmuv3.h"
> +
> +#define DMA_LEN 4
> +
> +static QPCIDevice *setup_qtest_pci_device(QTestState *qts, QGenericPCIBus
> *gbus,
> + QPCIBar *bar)
> +{
> + uint16_t vid, did;
> + QPCIDevice *dev = NULL;
> +
> + qpci_init_generic(gbus, qts, NULL, false);
> +
> + /* Find device by vendor/device ID to avoid slot surprises. */
> + for (int s = 0; s < 32 && !dev; s++) {
> + for (int fn = 0; fn < 8 && !dev; fn++) {
> + QPCIDevice *cand = qpci_device_find(&gbus->bus, QPCI_DEVFN(s,
> fn));
> + if (!cand) {
> + continue;
> + }
> + vid = qpci_config_readw(cand, PCI_VENDOR_ID);
> + did = qpci_config_readw(cand, PCI_DEVICE_ID);
> + if (vid == IOMMU_TESTDEV_VENDOR_ID &&
> + did == IOMMU_TESTDEV_DEVICE_ID) {
> + dev = cand;
> + g_test_message("Found iommu-testdev! devfn: 0x%x",
> cand->devfn);
> + } else {
> + g_free(cand);
> + }
> + }
> + }
This loop could be replaced with something simpler:
static void save_fn(QPCIDevice *dev, int devfn, void *data)
{
QPCIDevice **pdev = (QPCIDevice **) data;
*pdev = dev;
}
qpci_device_foreach(&gbus->bus, IOMMU_TESTDEV_VENDOR_ID,
IOMMU_TESTDEV_DEVICE_ID, save_fn, &dev);
> + g_assert(dev);
> +
> + qpci_device_enable(dev);
> + *bar = qpci_iomap(dev, 0, NULL);
> + g_assert_false(bar->is_io);
> +
> + return dev;
> +}
> +
> +static void run_smmuv3_translation(const QSMMUTestConfig *cfg)
> +{
> + QTestState *qts;
> + QGenericPCIBus gbus;
> + QPCIDevice *dev;
> + QPCIBar bar;
> +
> + /* Initialize QEMU environment for SMMU testing */
> + qts = qtest_init("-machine virt,acpi=off,gic-version=3,iommu=smmuv3 "
> + "-smp 1 -m 512 -cpu max -net none "
> + "-device iommu-testdev");
> +
> + /* Setup and configure PCI device */
> + dev = setup_qtest_pci_device(qts, &gbus, &bar);
> + g_assert(dev);
> +
> + g_test_message("### SMMUv3 translation mode=%d sec_sid=%d ###",
> + cfg->trans_mode, cfg->sec_sid);
> + qsmmu_run_translation_case(qts, dev, bar, VIRT_SMMU_BASE, cfg);
> + qtest_quit(qts);
> +}
> +
> +static void test_smmuv3_ns_s1_only(void)
> +{
> + QSMMUTestConfig cfg = {
> + .trans_mode = QSMMU_TM_S1_ONLY,
> + .sec_sid = QSMMU_SEC_SID_NONSECURE,
> + .dma_iova = QSMMU_IOVA_OR_IPA,
> + .dma_len = DMA_LEN,
> + .expected_result = 0,
> + };
> +
> + run_smmuv3_translation(&cfg);
> +}
> +
> +static void test_smmuv3_ns_s2_only(void)
> +{
> + QSMMUTestConfig cfg = {
> + .trans_mode = QSMMU_TM_S2_ONLY,
> + .sec_sid = QSMMU_SEC_SID_NONSECURE,
> + .dma_iova = QSMMU_IOVA_OR_IPA,
> + .dma_len = DMA_LEN,
> + .expected_result = 0,
> + };
> +
> + run_smmuv3_translation(&cfg);
> +}
> +
> +static void test_smmuv3_ns_nested(void)
> +{
> + QSMMUTestConfig cfg = {
> + .trans_mode = QSMMU_TM_NESTED,
> + .sec_sid = QSMMU_SEC_SID_NONSECURE,
> + .dma_iova = QSMMU_IOVA_OR_IPA,
> + .dma_len = DMA_LEN,
> + .expected_result = 0,
> + };
> +
> + run_smmuv3_translation(&cfg);
> +}
> +
> +int main(int argc, char **argv)
> +{
> + g_test_init(&argc, &argv, NULL);
> + qtest_add_func("/iommu-testdev/translation/ns-s1-only",
> + test_smmuv3_ns_s1_only);
> + qtest_add_func("/iommu-testdev/translation/ns-s2-only",
> + test_smmuv3_ns_s2_only);
> + qtest_add_func("/iommu-testdev/translation/ns-nested",
> + test_smmuv3_ns_nested);
> + return g_test_run();
> +}
> diff --git a/tests/qtest/meson.build b/tests/qtest/meson.build
> index 669d07c06b..e2d2e68092 100644
> --- a/tests/qtest/meson.build
> +++ b/tests/qtest/meson.build
> @@ -263,6 +263,7 @@ qtests_aarch64 = \
> config_all_devices.has_key('CONFIG_TPM_TIS_I2C') ? ['tpm-tis-i2c-test'] :
> []) + \
> (config_all_devices.has_key('CONFIG_ASPEED_SOC') ? qtests_aspeed64 : []) +
> \
> (config_all_devices.has_key('CONFIG_NPCM8XX') ? qtests_npcm8xx : []) + \
> + (config_all_devices.has_key('CONFIG_IOMMU_TESTDEV') ?
> ['iommu-smmuv3-test'] : []) + \
> qtests_cxl +
> \
> ['arm-cpu-features',
> 'numa-test',
