From: Ruslan Ruslichenko <ruslichenko.r@gmail.com>
To: qemu-devel@nongnu.org
Cc: qemu-arm@nongnu.org, artem_mygaiev@epam.com,
volodymyr_babchuk@epam.com, alex.bennee@linaro.org,
peter.maydell@linaro.org, pierrick.bouvier@linaro.org,
philmd@linaro.org, Ruslan_Ruslichenko@epam.com
Subject: [RFC PATCH 0/9] plugins: Introduce Fault Injection framework and API extensions
Date: Wed, 18 Mar 2026 11:46:31 +0100 [thread overview]
Message-ID: <20260318104640.239752-1-ruslichenko.r@gmail.com> (raw)
From: Ruslan Ruslichenko <Ruslan_Ruslichenko@epam.com>
This patch series is submitted as an RFC to gather early feedback on a Fault Injection (FI) framework built on top of the QEMU TCG plugin subsystem.
Motivation
Testing guest operating systems, hypervisors (like Xen), and low-level drivers against unexpected hardware failures can be difficult.
This series provides an interface to inject faults dynamically without altering QEMU's core emulation source code for every test case.
Architecture & Key Features
The series introduces the core API extensions and implements a fault injection plugin (contrib/plugins/fault_injection.c) targeting AArch64.
The plugin can be controlled statically via XML configurations on boot, or dynamically at runtime via a UNIX socket (enabling integration with automated testing frameworks via Python or GDB).
New Plugin API Capabilities:
MMIO Interception: Allows plugins to hook into memory_region_dispatch_read/write to modify hardware register reads or drop writes.
Asynchronous Timers: Exposes QEMU_CLOCK_VIRTUAL to plugins, allowing callbacks to be scheduled based on guest virtual time.
TB Cache Flushing: Exposes qemu_plugin_flush_tb_cache() so plugins can force re-translation when applying dynamic PC-based hooks.
Interrupt & Exception Injection: Exposes APIs to raise/pulse hardware IRQs on the primary INTC and inject CPU exceptions (e.g., SErrors).
Custom Device Faults: Introduces a registry where device models (e.g., SMMUv3) can expose specific fault handlers (like CMDQ errors) to be triggered externally by plugins.
Patch Summary
Patch 1 (target/arm): Adds support for asynchronous CPU exception injection.
Patch 2-3 (plugins/api): Exposes virtual clock timers and TB cache flushing to the public plugin API.
Patch 4 (plugins): Introduces the core fault injection subsystem, IRQ/Exception routing, and the Custom Fault registry.
Patch 5 (system/memory): Adds the MMIO override hooks into the memory dispatch path.
Patch 6 (hw/intc): Registers the ARM GIC (v2/v3) with the plugin subsystem to enable direct hardware IRQ injection.
Patch 7 (hw/arm): Registers the SMMUv3 with the custom fault registry to demonstrate how device models can expose specific errors (like CMDQ faults) to plugins.
Patch 8 (contrib/plugins): Implements the actual fault_injection plugin using the new APIs.
Patch 9 (docs): Adds documentation and usage examples for the plugin.
Request for Comments & Feedback
Any suggestions on improvements, potential edge cases, or issues with the current design are highly welcome.
Ruslan Ruslichenko (9):
target/arm: Add API for dynamic exception injection
plugins/api: Expose virtual clock timers to plugins
plugins: Expose Transaction Block cache flush API to plugins
plugins: Introduce fault injection API and core subsystem
system/memory: Add plugin callbacks to intercept MMIO accesses
hw/intc/arm_gic: Register primary GIC for plugin IRQ injection
hw/arm/smmuv3: Add plugin fault handler for CMDQ errors
contrib/plugins: Add fault injection plugin
docs: Add description of fault-injection plugin and subsystem
contrib/plugins/fault_injection.c | 772 ++++++++++++++++++++++++++++++
contrib/plugins/meson.build | 1 +
docs/fault-injection.txt | 111 +++++
hw/arm/smmuv3.c | 54 +++
hw/intc/arm_gic.c | 28 ++
hw/intc/arm_gicv3.c | 28 ++
include/plugins/qemu-plugin.h | 28 ++
include/qemu/plugin.h | 39 ++
plugins/api.c | 62 +++
plugins/core.c | 11 +
plugins/fault.c | 116 +++++
plugins/meson.build | 1 +
plugins/plugin.h | 2 +
system/memory.c | 8 +
target/arm/cpu.h | 4 +
target/arm/helper.c | 55 +++
16 files changed, 1320 insertions(+)
create mode 100644 contrib/plugins/fault_injection.c
create mode 100644 docs/fault-injection.txt
create mode 100644 plugins/fault.c
--
2.43.0
next reply other threads:[~2026-03-18 10:48 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-03-18 10:46 Ruslan Ruslichenko [this message]
2026-03-18 10:46 ` [RFC PATCH 1/9] target/arm: Add API for dynamic exception injection Ruslan Ruslichenko
2026-03-18 10:46 ` [RFC PATCH 2/9] plugins/api: Expose virtual clock timers to plugins Ruslan Ruslichenko
2026-03-18 10:46 ` [RFC PATCH 3/9] plugins: Expose Transaction Block cache flush API " Ruslan Ruslichenko
2026-03-18 10:46 ` [RFC PATCH 4/9] plugins: Introduce fault injection API and core subsystem Ruslan Ruslichenko
2026-03-18 10:46 ` [RFC PATCH 5/9] system/memory: Add plugin callbacks to intercept MMIO accesses Ruslan Ruslichenko
2026-03-18 10:46 ` [RFC PATCH 6/9] hw/intc/arm_gic: Register primary GIC for plugin IRQ injection Ruslan Ruslichenko
2026-03-18 10:46 ` [RFC PATCH 7/9] hw/arm/smmuv3: Add plugin fault handler for CMDQ errors Ruslan Ruslichenko
2026-03-18 10:46 ` [RFC PATCH 8/9] contrib/plugins: Add fault injection plugin Ruslan Ruslichenko
2026-03-18 10:46 ` [RFC PATCH 9/9] docs: Add description of fault-injection plugin and subsystem Ruslan Ruslichenko
2026-03-18 17:16 ` [RFC PATCH 0/9] plugins: Introduce Fault Injection framework and API extensions Pierrick Bouvier
2026-03-19 18:20 ` Ruslan Ruslichenko
2026-03-19 19:04 ` Pierrick Bouvier
2026-03-19 22:29 ` Ruslan Ruslichenko
2026-03-20 18:08 ` Pierrick Bouvier
2026-03-25 23:39 ` Ruslan Ruslichenko
2026-03-26 0:17 ` Pierrick Bouvier
2026-03-26 11:45 ` Alex Bennée
2026-03-26 15:59 ` Pierrick Bouvier
2026-03-27 18:18 ` Pierrick Bouvier
2026-03-31 20:23 ` Ruslan Ruslichenko
2026-03-31 21:24 ` Pierrick Bouvier
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260318104640.239752-1-ruslichenko.r@gmail.com \
--to=ruslichenko.r@gmail.com \
--cc=Ruslan_Ruslichenko@epam.com \
--cc=alex.bennee@linaro.org \
--cc=artem_mygaiev@epam.com \
--cc=peter.maydell@linaro.org \
--cc=philmd@linaro.org \
--cc=pierrick.bouvier@linaro.org \
--cc=qemu-arm@nongnu.org \
--cc=qemu-devel@nongnu.org \
--cc=volodymyr_babchuk@epam.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.