{"id":2227085,"url":"http://patchwork.ozlabs.org/api/1.1/patches/2227085/?format=json","web_url":"http://patchwork.ozlabs.org/project/qemu-devel/patch/20260423-kvm-v3-1-e3c2f87974ac@rsg.ci.i.u-tokyo.ac.jp/","project":{"id":14,"url":"http://patchwork.ozlabs.org/api/1.1/projects/14/?format=json","name":"QEMU Development","link_name":"qemu-devel","list_id":"qemu-devel.nongnu.org","list_email":"qemu-devel@nongnu.org","web_url":"","scm_url":"","webscm_url":""},"msgid":"<20260423-kvm-v3-1-e3c2f87974ac@rsg.ci.i.u-tokyo.ac.jp>","date":"2026-04-23T08:32:39","name":"[RFC,v3] target/arm/kvm: Choose PMU backend","commit_ref":null,"pull_url":null,"state":"new","archived":false,"hash":"30975d7288abf89fa146dfde56c619352eb4d423","submitter":{"id":90980,"url":"http://patchwork.ozlabs.org/api/1.1/people/90980/?format=json","name":"Akihiko Odaki","email":"odaki@rsg.ci.i.u-tokyo.ac.jp"},"delegate":null,"mbox":"http://patchwork.ozlabs.org/project/qemu-devel/patch/20260423-kvm-v3-1-e3c2f87974ac@rsg.ci.i.u-tokyo.ac.jp/mbox/","series":[{"id":501160,"url":"http://patchwork.ozlabs.org/api/1.1/series/501160/?format=json","web_url":"http://patchwork.ozlabs.org/project/qemu-devel/list/?series=501160","date":"2026-04-23T08:32:39","name":"[RFC,v3] target/arm/kvm: Choose PMU backend","version":3,"mbox":"http://patchwork.ozlabs.org/series/501160/mbox/"}],"comments":"http://patchwork.ozlabs.org/api/patches/2227085/comments/","check":"pending","checks":"http://patchwork.ozlabs.org/api/patches/2227085/checks/","tags":{},"headers":{"Return-Path":"","X-Original-To":"incoming@patchwork.ozlabs.org","Delivered-To":"patchwork-incoming@legolas.ozlabs.org","Authentication-Results":["legolas.ozlabs.org;\n\tdkim=fail reason=\"key not found in DNS\" header.d=rsg.ci.i.u-tokyo.ac.jp\n header.i=@rsg.ci.i.u-tokyo.ac.jp header.a=rsa-sha256 header.s=rs20250326\n header.b=JeBC3zob;\n\tdkim-atps=neutral","legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=nongnu.org\n (client-ip=209.51.188.17; helo=lists1p.gnu.org;\n envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org;\n receiver=patchwork.ozlabs.org)"],"Received":["from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17])\n\t(using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits))\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4g1Tsj1nqxz1yD5\n\tfor ; Thu, 23 Apr 2026 18:34:33 +1000 (AEST)","from localhost ([::1] helo=lists1p.gnu.org)\n\tby lists1p.gnu.org with esmtp (Exim 4.90_1)\n\t(envelope-from )\n\tid 1wFpVR-0003I9-8G; Thu, 23 Apr 2026 04:33:53 -0400","from eggs.gnu.org ([2001:470:142:3::10])\n by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)\n (Exim 4.90_1) (envelope-from )\n id 1wFpVC-0003HP-Kf; Thu, 23 Apr 2026 04:33:41 -0400","from www3579.sakura.ne.jp ([49.212.243.89])\n by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)\n (Exim 4.90_1) (envelope-from )\n id 1wFpV3-0001wq-HZ; Thu, 23 Apr 2026 04:33:36 -0400","from h205.csg.ci.i.u-tokyo.ac.jp (h205.csg.ci.i.u-tokyo.ac.jp\n [133.11.54.205]) (authenticated bits=0)\n by www3579.sakura.ne.jp (8.16.1/8.16.1) with ESMTPSA id 63N8Wewo059581\n (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO);\n Thu, 23 Apr 2026 17:32:49 +0900 (JST)\n (envelope-from odaki@rsg.ci.i.u-tokyo.ac.jp)"],"DKIM-Signature":"a=rsa-sha256; bh=sJSMTWN03zXVLHAoey3crPJfwg9o9kfFUUSlPmyQkRE=;\n c=relaxed/relaxed; d=rsg.ci.i.u-tokyo.ac.jp;\n h=From:Message-Id:To:Subject:Date;\n s=rs20250326; t=1776933169; v=1;\n b=JeBC3zobdNvyzyZesxEHdBOa4qhlt4wHIPbaa4MSvQBKwtgpIkmFg7P9QQairgP/\n 2+Qo+leHafQGuHK6wYFIlyBSl+wQByW3dKPzmyBZ4Opxg00FXis87gh/9VIjv+eV\n QThs7FF8o0VoOzJhKZbEXQy5G3+rkpmX2N4T7OdwrKhnMcGfsTAiNOXarkZf0SNL\n orH9qoEF1/Lm/9aTLSHokdOH8RgQTeBu5KZSQZmchZF9osMTq4lf5fHt+QlwQH4p\n 1iny0olLD4mPJ+gzUWTz+BSYLeWwdwQ0b6JGjmJrW5Fy0POkE5vgfDTB26DyKiGZ\n Eyw9Xv5kqx4+5cxZzN8VjA==","From":"Akihiko Odaki ","Date":"Thu, 23 Apr 2026 17:32:39 +0900","Subject":"[PATCH RFC v3] target/arm/kvm: Choose PMU backend","MIME-Version":"1.0","Content-Type":"text/plain; charset=\"utf-8\"","Content-Transfer-Encoding":"8bit","Message-Id":"<20260423-kvm-v3-1-e3c2f87974ac@rsg.ci.i.u-tokyo.ac.jp>","X-B4-Tracking":"v=1; b=H4sIAAAAAAAC/3XPTW7DIBAF4KtYrAsaBmOQV5Eq9QDdVl3w54RGD\n ik4qFGUuxeRtrsuZwY+vXcjJeQYCpmHG8mhxhLTqQ3iaSDuYE77QKNvM0FACUoAPdaV6sXB5PS\n iEA1pL885LPGrK2/k9eWZvLflIZYt5WuXK++njmiYOlI55dRzL8EqkNr5XS575iKL7EK3dLwmZ\n hz7OHes4i8wAaJ8ANgAq70ahbewKPEvcH9kzOHz0gpuP0H/+s1Dd0dEanJrN1oU3niQE59b8vb\n ZmhKoS+sat3monDNg0Nj7N6QpPb0/AQAA","X-Change-ID":"20250730-kvm-8fc06c8f722a","To":"qemu-devel@nongnu.org","Cc":"Eduardo Habkost ,\n Marcel Apfelbaum , =?utf-8?q?Philippe_Mathieu-D?=\n\t=?utf-8?q?aud=C3=A9?= ,\n Yanan Wang , Zhao Liu ,\n Paolo Bonzini ,\n Peter Maydell , kvm@vger.kernel.org,\n qemu-arm@nongnu.org, Akihiko Odaki ","X-Mailer":"b4 0.16-dev-16047","Received-SPF":"pass client-ip=49.212.243.89;\n envelope-from=odaki@rsg.ci.i.u-tokyo.ac.jp; helo=www3579.sakura.ne.jp","X-Spam_score_int":"-16","X-Spam_score":"-1.7","X-Spam_bar":"-","X-Spam_report":"(-1.7 / 5.0 requ) BAYES_00=-1.9, DKIM_INVALID=0.1,\n DKIM_SIGNED=0.1, SPF_HELO_NONE=0.001,\n SPF_PASS=-0.001 autolearn=no autolearn_force=no","X-Spam_action":"no action","X-BeenThere":"qemu-devel@nongnu.org","X-Mailman-Version":"2.1.29","Precedence":"list","List-Id":"qemu development ","List-Unsubscribe":",\n ","List-Archive":"","List-Post":"","List-Help":"","List-Subscribe":",\n ","Errors-To":"qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org","Sender":"qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org"},"content":"Commit 6ee7fca2a4a0 (\"KVM: arm64: Add KVM_ARM_VCPU_PMU_V3_SET_PMU\nattribute\") of Linux describes the KVM_ARM_VCPU_PMU_V3_SET_PMU\nattribute, which allows choosing a PMU backend, and its motivation:\n> KVM: arm64: Add KVM_ARM_VCPU_PMU_V3_SET_PMU attribute\n>\n> When KVM creates an event and there are more than one PMUs present on\n> the system, perf_init_event() will go through the list of available\n> PMUs and will choose the first one that can create the event. The\n> order of the PMUs in this list depends on the probe order, which can\n> change under various circumstances, for example if the order of the\n> PMU nodes change in the DTB or if asynchronous driver probing is\n> enabled on the kernel command line (with the\n> driver_async_probe=armv8-pmu option).\n>\n> Another consequence of this approach is that on heteregeneous systems\n> all virtual machines that KVM creates will use the same PMU. This\n> might cause unexpected behaviour for userspace: when a VCPU is\n> executing on the physical CPU that uses this default PMU, PMU events\n> in the guest work correctly; but when the same VCPU executes on\n> another CPU, PMU events in the guest will suddenly stop counting.\n>\n> Fortunately, perf core allows user to specify on which PMU to create\n> an event by using the perf_event_attr->type field, which is used by\n> perf_init_event() as an index in the radix tree of available PMUs.\n>\n> Add the KVM_ARM_VCPU_PMU_V3_CTRL(KVM_ARM_VCPU_PMU_V3_SET_PMU) VCPU\n> attribute to allow userspace to specify the arm_pmu that KVM will use\n> when creating events for that VCPU. KVM will make no attempt to run\n> the VCPU on the physical CPUs that share the PMU, leaving it up to\n> userspace to manage the VCPU threads' affinity accordingly.\n>\n> To ensure that KVM doesn't expose an asymmetric system to the guest,\n> the PMU set for one VCPU will be used by all other VCPUs. Once a VCPU\n> has run, the PMU cannot be changed in order to avoid changing the\n> list of available events for a VCPU, or to change the semantics of\n> existing events.\n\nChoose a PMU backend with the following priority order:\n\n1. The event source specified with the pmu property. It is a user's\n responsibility to ensure that the VCPUs runs on PCPUs associated with\n the event source.\n\n2. The default backend if the machine version is old. This ensures\n backward compatibility but the resulting PMU may or may not work.\n\n3. An event source that covers all PCPUs. This exposes its full feature\n set to the guest. If multiple such physical PMUs exist, selection is\n deterministic, based on the device hierarchy.\n\n4. The fixed-counters-only PMU, which is emulated with all compatible\n event sources, if available.\n\nDisable PMU if no backend can be chosen.\n\nSigned-off-by: Akihiko Odaki \n---\nBased-on: <20260422-arm-v1-1-106a9a9e22dd@rsg.ci.i.u-tokyo.ac.jp>\n(\"[PATCH] target/arm/kvm: Mark host feature cache valid last\")\n\nThis is an RFC patch to demonstrate the usage of a new device attribute\nwhich is added with the following series:\nhttps://lore.kernel.org/r/20260418-hybrid-v7-0-2bf39ad009bf@rsg.ci.i.u-tokyo.ac.jp\n(\"[PATCH v7 0/4] KVM: arm64: PMU: Use multiple host PMUs\")\n---\nChanges in v3:\n- Simplified PMU probing by following what kvmtool does.\n- Added missing kvm_arm_destroy_scratch_host_vcpu().\n- Changed the KVM compatibility property optional for non-Arm.\n- Ensured to avoid setting a PMU when pmu=false.\n- Fixed register probing.\n- Added a check to prevent changing properties after initialization.\n- Link to v2: https://lore.kernel.org/qemu-devel/20260225-kvm-v2-1-b8d743db0f73@rsg.ci.i.u-tokyo.ac.jp\n\nChanges in v2:\n- Updated the backcompat-pmu compatibility property.\n- Renamed the KVM_ARM_VCPU_PMU_V3_FIXED_COUNTERS_ONLY attribute.\n- Link to v1: https://lore.kernel.org/qemu-devel/20250806-kvm-v1-1-d1d50b7058cd@rsg.ci.i.u-tokyo.ac.jp\n\nTo: qemu-devel@nongnu.org\nCc: Marcel Apfelbaum \nCc: Philippe Mathieu-Daudé \nCc: Yanan Wang \nCc: Zhao Liu \nCc: Paolo Bonzini \nCc: Peter Maydell \nCc: kvm@vger.kernel.org\nCc: qemu-arm@nongnu.org\n---\n hw/core/machine.c | 2 +\n target/arm/kvm.c | 339 +++++++++++++++++++++++++++++++++++++++++++++++-\n qemu-options.hx | 20 +++\n target/arm/trace-events | 2 +\n 4 files changed, 359 insertions(+), 4 deletions(-)\n\n\n---\nbase-commit: 14f38a63b9adc02c0ebe3b5ada1f1208abaf21ea\nchange-id: 20250730-kvm-8fc06c8f722a\nprerequisite-change-id: 20260422-arm-84b23dad0561:v1\nprerequisite-patch-id: 32416c1227e9477cc97ea72e3d3e90d799eb9221\n\nBest regards,\n-- \nAkihiko Odaki ","diff":"diff --git a/hw/core/machine.c b/hw/core/machine.c\nindex 0aa77a57e956..2492e985b6dd 100644\n--- a/hw/core/machine.c\n+++ b/hw/core/machine.c\n@@ -23,6 +23,7 @@\n #include \"qemu/madvise.h\"\n #include \"qom/object_interfaces.h\"\n #include \"system/cpus.h\"\n+#include \"system/kvm.h\"\n #include \"system/system.h\"\n #include \"system/reset.h\"\n #include \"system/runstate.h\"\n@@ -41,6 +42,7 @@\n GlobalProperty hw_compat_10_2[] = {\n { \"scsi-block\", \"migrate-pr\", \"off\" },\n { \"isa-cirrus-vga\", \"global-vmstate\", \"true\" },\n+ { TYPE_KVM_ACCEL, \"backcompat-pmu\", \"true\", .optional = true },\n };\n const size_t hw_compat_10_2_len = G_N_ELEMENTS(hw_compat_10_2);\n \ndiff --git a/target/arm/kvm.c b/target/arm/kvm.c\nindex 03c3346d50ed..d352b3e4398f 100644\n--- a/target/arm/kvm.c\n+++ b/target/arm/kvm.c\n@@ -15,6 +15,7 @@\n \n #include \n \n+#include \"qemu/cutils.h\"\n #include \"qemu/timer.h\"\n #include \"qemu/error-report.h\"\n #include \"qemu/main-loop.h\"\n@@ -43,6 +44,8 @@\n #include \"target/arm/gtimer.h\"\n #include \"migration/blocker.h\"\n \n+#define KVM_ARM_VCPU_PMU_V3_FIXED_COUNTERS_ONLY 5\n+\n const KVMCapabilityInfo kvm_arch_required_capabilities[] = {\n KVM_CAP_INFO(DEVICE_CTRL),\n KVM_CAP_LAST_INFO\n@@ -52,6 +55,19 @@ static bool cap_has_mp_state;\n static bool cap_has_inject_serror_esr;\n static bool cap_has_inject_ext_dabt;\n \n+typedef enum PMU {\n+ PMU_UNSET,\n+ PMU_NONE,\n+ PMU_DEFAULT,\n+ PMU_EVENT_SOURCE,\n+ PMU_FIXED_COUNTERS_ONLY\n+} PMU;\n+\n+static PMU pmu;\n+static uint64_t pmu_user_event_source;\n+static uint32_t pmu_effective_event_source;\n+static bool pmu_backcompat;\n+\n /**\n * ARMHostCPUFeatures: information about the host CPU (identified\n * by asking the host kernel)\n@@ -221,6 +237,259 @@ static bool kvm_arm_pauth_supported(void)\n kvm_check_extension(kvm_state, KVM_CAP_ARM_PTRAUTH_GENERIC));\n }\n \n+static bool read_pmu_attr(int fd, const struct dirent *ent, const char *name,\n+ char **buf, size_t *n)\n+{\n+ FILE *attr_file;\n+ g_autofree char *rel_name = g_build_filename(ent->d_name, name, NULL);\n+ int attr_fd = openat(fd, rel_name, O_RDONLY);\n+ bool ret;\n+\n+ if (attr_fd < 0) {\n+ return false;\n+ }\n+\n+ attr_file = fdopen(attr_fd, \"r\");\n+ assert(attr_file);\n+ ret = getline(buf, n, attr_file) >= 0;\n+ assert(!fclose(attr_file));\n+\n+ return ret;\n+}\n+\n+static bool parse_cpus(const char *list, unsigned long **bitmap,\n+ unsigned long *nr)\n+{\n+ unsigned long start, end;\n+\n+ bitmap_clear(*bitmap, 0, *nr);\n+\n+ while (*list && *list != '\\n') {\n+ if (qemu_strtoul(list, &list, 0, &start) == -EINVAL) {\n+ return false;\n+ }\n+\n+ if (*list == '-') {\n+ if (qemu_strtoul(list + 1, &list, 0, &end) == -EINVAL) {\n+ return false;\n+ }\n+\n+ if (end < start) {\n+ return false;\n+ }\n+ } else {\n+ end = start;\n+ }\n+\n+ end++;\n+\n+ if (end > *nr) {\n+ unsigned long new_nr = ROUND_UP(end, BITS_PER_LONG);\n+ *bitmap = g_realloc(*bitmap, new_nr / BITS_PER_BYTE);\n+ bitmap_clear(*bitmap, *nr, new_nr - *nr);\n+ *nr = new_nr;\n+ }\n+\n+ bitmap_set(*bitmap, start, end - start);\n+\n+ if (*list == ',') {\n+ list++;\n+ }\n+ }\n+\n+ return true;\n+}\n+\n+static PMU choose_pmu(uint32_t *type, uint64_t explicit_type, bool backcompat)\n+{\n+ DIR *devices = NULL;\n+ FILE *file;\n+ PMU pmu = PMU_NONE;\n+ size_t n = 64;\n+ g_autofree char *buf = g_malloc(n);\n+ g_autofree unsigned long *possible_cpus = NULL;\n+ g_autofree unsigned long *pmu_cpus = NULL;\n+ int devices_fd;\n+ int fdarray[3];\n+ struct dirent *ent;\n+ unsigned long npossible_cpus = 0;\n+ unsigned long npmu_cpus;\n+ ssize_t ret;\n+\n+ struct kvm_vcpu_init init = {\n+ .target = -1,\n+ .features[0] = BIT(KVM_ARM_VCPU_PMU_V3),\n+ };\n+\n+ if (explicit_type <= UINT32_MAX) {\n+ *type = explicit_type;\n+ return PMU_EVENT_SOURCE;\n+ }\n+\n+ if (!kvm_check_extension(kvm_state, KVM_CAP_ARM_PMU_V3)) {\n+ return PMU_NONE;\n+ }\n+\n+ if (backcompat) {\n+ return PMU_DEFAULT;\n+ }\n+\n+ file = fopen(\"/sys/devices/system/cpu/possible\", \"r\");\n+ if (!file) {\n+ return PMU_NONE;\n+ }\n+\n+ ret = getline(&buf, &n, file);\n+ assert(!fclose(file));\n+ if (ret < 0) {\n+ return PMU_NONE;\n+ }\n+\n+ if (!parse_cpus(buf, &possible_cpus, &npossible_cpus)) {\n+ return PMU_NONE;\n+ }\n+\n+ npmu_cpus = npossible_cpus;\n+ pmu_cpus = bitmap_new(npmu_cpus);\n+\n+ if (!kvm_arm_create_scratch_host_vcpu(fdarray, &init)) {\n+ return PMU_NONE;\n+ }\n+\n+ devices = opendir(\"/sys/bus/event_source/devices\");\n+ if (!devices) {\n+ goto out;\n+ }\n+\n+ devices_fd = dirfd(devices);\n+ if (devices_fd < 0) {\n+ goto out;\n+ }\n+\n+ if (kvm_device_check_attr(fdarray[2], KVM_ARM_VCPU_PMU_V3_CTRL,\n+ KVM_ARM_VCPU_PMU_V3_SET_PMU)) {\n+ g_autofree char *link = NULL;\n+\n+ while ((ent = readdir(devices))) {\n+ unsigned long new_type = ULONG_MAX;\n+ const char *endptr;\n+\n+ /* Check if this event source exposes type and cpus. */\n+ if (!read_pmu_attr(devices_fd, ent, \"type\", &buf, &n) ||\n+ qemu_strtoul(buf, &endptr, 0, &new_type) == -EINVAL ||\n+ (*endptr && *endptr != '\\n') ||\n+ !read_pmu_attr(devices_fd, ent, \"cpus\", &buf, &n) ||\n+ !parse_cpus(buf, &pmu_cpus, &npmu_cpus)) {\n+ continue;\n+ }\n+\n+ if (bitmap_andnot(pmu_cpus, possible_cpus, pmu_cpus,\n+ npossible_cpus)) {\n+ continue;\n+ }\n+\n+ /* Order by the device location to ensure stable selection. */\n+ while (true) {\n+ ret = readlinkat(devices_fd, ent->d_name, buf, n);\n+ if (ret < n) {\n+ break;\n+ }\n+\n+ n *= 2;\n+ buf = g_realloc(buf, n);\n+ }\n+\n+ if (ret < 0) {\n+ continue;\n+ }\n+\n+ buf[ret] = 0;\n+\n+ if (link && strcmp(link, buf) <= 0) {\n+ continue;\n+ }\n+\n+ *type = new_type;\n+ link = g_realloc(link, ret + 1);\n+ strcpy(link, buf);\n+ }\n+\n+ /* Choose an event source covers all PCPUs if available. */\n+ if (link) {\n+ pmu = PMU_EVENT_SOURCE;\n+ goto out;\n+ }\n+ } else {\n+ while ((ent = readdir(devices))) {\n+ if (!read_pmu_attr(devices_fd, ent, \"cpus\", &buf, &n) ||\n+ !parse_cpus(buf, &pmu_cpus, &npossible_cpus)) {\n+ continue;\n+ }\n+\n+ /*\n+ * If the kernel does not support KVM_ARM_VCPU_PMU_V3_SET_PMU and\n+ * there is an event source that covers all PCPUs, it will be the\n+ * default one because:\n+ * - such a kernel only supports armv8-pmu as a\n+ * compatible event source\n+ * - there is no other armv8-pmu as it occupies fixed system\n+ * registers.\n+ */\n+ if (!bitmap_andnot(pmu_cpus, possible_cpus, pmu_cpus,\n+ npossible_cpus)) {\n+ pmu = PMU_DEFAULT;\n+ goto out;\n+ }\n+ }\n+ }\n+\n+ /* Choose the fixed-counters-only PMU if available. */\n+ if (kvm_device_check_attr(fdarray[2], KVM_ARM_VCPU_PMU_V3_CTRL,\n+ KVM_ARM_VCPU_PMU_V3_FIXED_COUNTERS_ONLY)) {\n+ pmu = PMU_FIXED_COUNTERS_ONLY;\n+ goto out;\n+ }\n+\n+out:\n+ if (devices) {\n+ assert(!closedir(devices));\n+ }\n+\n+ kvm_arm_destroy_scratch_host_vcpu(fdarray);\n+\n+ return pmu;\n+}\n+\n+static int set_pmu(int fd, PMU pmu, uint32_t pmu_event_source)\n+{\n+ int ret;\n+\n+ switch (pmu) {\n+ case PMU_NONE:\n+ ret = -ENOTSUP;\n+ break;\n+\n+ case PMU_EVENT_SOURCE:\n+ ret = kvm_device_access(fd, KVM_ARM_VCPU_PMU_V3_CTRL,\n+ KVM_ARM_VCPU_PMU_V3_SET_PMU, &pmu_event_source,\n+ true, NULL);\n+ trace_kvm_arm_set_pmu(pmu_event_source, ret);\n+ break;\n+\n+ case PMU_FIXED_COUNTERS_ONLY:\n+ ret = kvm_device_access(fd, KVM_ARM_VCPU_PMU_V3_CTRL,\n+ KVM_ARM_VCPU_PMU_V3_FIXED_COUNTERS_ONLY,\n+ NULL, true, NULL);\n+ trace_kvm_arm_set_pmu_fixed_counters_only(ret);\n+ break;\n+\n+ default:\n+ ret = 0;\n+ }\n+\n+ return ret;\n+}\n+\n \n static uint64_t idregs_sysreg_to_kvm_reg(ARMSysRegs sysreg)\n {\n@@ -283,7 +552,6 @@ static bool kvm_arm_get_host_cpu_features(ARMHostCPUFeatures *ahcf)\n int fdarray[3];\n bool sve_supported;\n bool el2_supported;\n- bool pmu_supported = false;\n uint64_t features = 0;\n int err;\n \n@@ -319,9 +587,8 @@ static bool kvm_arm_get_host_cpu_features(ARMHostCPUFeatures *ahcf)\n 1 << KVM_ARM_VCPU_PTRAUTH_GENERIC);\n }\n \n- if (kvm_check_extension(kvm_state, KVM_CAP_ARM_PMU_V3)) {\n+ if (pmu != PMU_NONE) {\n init.features[0] |= 1 << KVM_ARM_VCPU_PMU_V3;\n- pmu_supported = true;\n features |= 1ULL << ARM_FEATURE_PMU;\n }\n \n@@ -331,6 +598,11 @@ static bool kvm_arm_get_host_cpu_features(ARMHostCPUFeatures *ahcf)\n \n int fd = fdarray[2];\n \n+ if (pmu != PMU_NONE && set_pmu(fd, pmu, pmu_effective_event_source)) {\n+ kvm_arm_destroy_scratch_host_vcpu(fdarray);\n+ return false;\n+ }\n+\n err = get_host_cpu_reg(fd, ahcf, ID_AA64PFR0_EL1_IDX);\n if (unlikely(err < 0)) {\n /*\n@@ -428,7 +700,7 @@ static bool kvm_arm_get_host_cpu_features(ARMHostCPUFeatures *ahcf)\n ahcf->isar.dbgdidr = dbgdidr;\n }\n \n- if (pmu_supported) {\n+ if (pmu != PMU_NONE) {\n /* PMCR_EL0 is only accessible if the vCPU has feature PMU_V3 */\n err |= read_sys_reg64(fd, &ahcf->isar.reset_pmcr_el0,\n ARM64_SYS_REG(3, 3, 9, 12, 0));\n@@ -625,6 +897,9 @@ int kvm_arch_init(MachineState *ms, KVMState *s)\n }\n }\n \n+ pmu = choose_pmu(&pmu_effective_event_source,\n+ pmu_user_event_source, pmu_backcompat);\n+\n if (s->kvm_eager_split_size) {\n uint32_t sizes;\n \n@@ -1733,6 +2008,44 @@ int kvm_arch_msi_data_to_gsi(uint32_t data)\n return (data - 32) & 0xffff;\n }\n \n+static bool kvm_arch_get_backcompat_pmu(Object *obj, Error **errp)\n+{\n+ return pmu_backcompat;\n+}\n+\n+static void kvm_arch_set_backcompat_pmu(Object *obj, bool value, Error **errp)\n+{\n+ if (pmu != PMU_UNSET) {\n+ error_setg(errp, \"Unable to set backcompat-pmu after KVM has been initialized\");\n+ return;\n+ }\n+\n+ pmu_backcompat = value;\n+}\n+\n+static void kvm_arch_get_pmu(Object *obj, Visitor *v, const char *name,\n+ void *opaque, Error **errp)\n+{\n+ visit_type_uint64(v, name, &pmu_user_event_source, errp);\n+}\n+\n+static void kvm_arch_set_pmu(Object *obj, Visitor *v, const char *name,\n+ void *opaque, Error **errp)\n+{\n+ uint64_t value;\n+\n+ if (pmu != PMU_UNSET) {\n+ error_setg(errp, \"Unable to set pmu after KVM has been initialized\");\n+ return;\n+ }\n+\n+ if (!visit_type_uint64(v, name, &value, errp)) {\n+ return;\n+ }\n+\n+ pmu_user_event_source = value;\n+}\n+\n static void kvm_arch_get_eager_split_size(Object *obj, Visitor *v,\n const char *name, void *opaque,\n Error **errp)\n@@ -1769,6 +2082,17 @@ static void kvm_arch_set_eager_split_size(Object *obj, Visitor *v,\n \n void kvm_arch_accel_class_init(ObjectClass *oc)\n {\n+ ObjectProperty *property;\n+\n+ object_class_property_add_bool(oc, \"backcompat-pmu\",\n+ kvm_arch_get_backcompat_pmu,\n+ kvm_arch_set_backcompat_pmu);\n+\n+ property = object_class_property_add(oc, \"pmu\", \"uint64\", kvm_arch_get_pmu,\n+ kvm_arch_set_pmu, NULL, NULL);\n+ object_property_set_default_uint(property, UINT64_MAX);\n+ object_class_property_set_description(oc, \"pmu\", \"KVM PMU event type\");\n+\n object_class_property_add(oc, \"eager-split-size\", \"size\",\n kvm_arch_get_eager_split_size,\n kvm_arch_set_eager_split_size, NULL, NULL);\n@@ -2000,6 +2324,13 @@ int kvm_arch_init_vcpu(CPUState *cs)\n return ret;\n }\n \n+ if (cpu->has_pmu) {\n+ ret = set_pmu(cs->kvm_fd, pmu, pmu_effective_event_source);\n+ if (ret) {\n+ return ret;\n+ }\n+ }\n+\n if (cpu_isar_feature(aa64_sve, cpu)) {\n ret = kvm_arm_sve_set_vls(cpu);\n if (ret) {\ndiff --git a/qemu-options.hx b/qemu-options.hx\nindex 21972f832682..f7a6c4149303 100644\n--- a/qemu-options.hx\n+++ b/qemu-options.hx\n@@ -237,6 +237,7 @@ DEF(\"accel\", HAS_ARG, QEMU_OPTION_accel,\n \" tb-size=n (TCG translation block cache size)\\n\"\n \" dirty-ring-size=n (KVM dirty ring GFN count, default 0)\\n\"\n \" eager-split-size=n (KVM Eager Page Split chunk size, default 0, disabled. ARM only)\\n\"\n+ \" pmu=n (KVM PMU event type. ARM only)\\n\"\n \" notify-vmexit=run|internal-error|disable,notify-window=n (enable notify VM exit and set notify window, x86 only)\\n\"\n \" thread=single|multi (enable multi-threaded TCG)\\n\"\n \" device=path (KVM device path, default /dev/kvm)\\n\", QEMU_ARCH_ALL)\n@@ -310,6 +311,25 @@ SRST\n have an impact on the memory. By default, this feature is disabled\n (eager-split-size=0).\n \n+ ``pmu=n``\n+ Specifies the event source to be used for Arm PMUv3 emulation. The value\n+ specified here is identical to the one used in perf_event_open(2), but\n+ not all event sources are compatible.\n+\n+ Since QEMU 11.0, the default behavior is to select a backend that\n+ supports all host CPUs. The emulation cannot be enabled if there is no\n+ such backend exists. Use this property to choose a specific event source\n+ when there are several such event sources or to choose one that only\n+ supports a subset of the host CPUs. If you specify an event source that\n+ only supports a subset of host CPUs, you must ensure that guest CPUs run\n+ exclusively on those supported host CPUs.\n+\n+ Prior to 11.0, KVM chose an arbitrary host PMU that supports at least\n+ one CPU in the process's affinity.\n+\n+ Ensure that the CPU's ``pmu`` property is also set to ``on`` to enable\n+ the emulation when setting this property.\n+\n ``notify-vmexit=run|internal-error|disable,notify-window=n``\n Enables or disables notify VM exit support on x86 host and specify\n the corresponding notify window to trigger the VM exit if enabled.\ndiff --git a/target/arm/trace-events b/target/arm/trace-events\nindex 2de0406f784d..44e9c8c126a6 100644\n--- a/target/arm/trace-events\n+++ b/target/arm/trace-events\n@@ -13,6 +13,8 @@ arm_gt_update_irq(int timer, int irqstate) \"gt_update_irq: timer %d irqstate %d\"\n \n # kvm.c\n kvm_arm_fixup_msi_route(uint64_t iova, uint64_t gpa) \"MSI iova = 0x%\"PRIx64\" is translated into 0x%\"PRIx64\n+kvm_arm_set_pmu(uint32_t type, int ret) \"type %\" PRIu32 \" ret %d\"\n+kvm_arm_set_pmu_fixed_counters_only(int ret) \"ret %d\"\n \n # cpu.c\n arm_cpu_reset(uint64_t mp_aff) \"cpu %\" PRIu64\n","prefixes":["RFC","v3"]}