Two possible mechanisms come to mind:
- IPC like the existing QMP and QAPI
- QEMU loads a shared library plugin that contains the model
Required capabilities (of course all possible through the C API, but not necessarily IPC APIs):
- inject interrupts
- register callbacks for register access
- modify main memory
Why I want this:
- use QEMU as a submodule and leave its source untouched
- additional advantages only present for IPC methods:
- write the models in any language I want
- use a non-GPL license for my device
I'm aware of in-tree devices as explained at: How to add a new device in QEMU source code? which are the traditional way of doing things.
What I've found so far:
- interrupts: could only find NMI generation with the
nmimonitor command - IO ports: IO possible with
iandomonitor commands, so I'm fine there - main memory:
- the ideal solution would be to map memory to host directly, but that seems hard:
- memory read is possible through the
xandxpmonitor commands - could not find how to write to memory with monitor commands. But I think the GDB API supports, so it should not be too hard to implement.
The closest working piece of code I could find was: https://github.com/texane/vpcie , which serializes PCI on both sides, and sends it through QEMU's TCP API. But this is more inefficient and intrusive, as it requires extra setup on both guest and host.