From nobody Sun Apr 12 00:58:07 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1771668273759724.3776446240041; Sat, 21 Feb 2026 02:04:33 -0800 (PST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vtjpi-0005mm-Tx; Sat, 21 Feb 2026 05:03:31 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vtjpd-0005l3-La; Sat, 21 Feb 2026 05:03:25 -0500 Received: from zg8tmja5ljk3lje4ms43mwaa.icoremail.net ([209.97.181.73]) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vtjpb-00051x-4y; Sat, 21 Feb 2026 05:03:25 -0500 Received: from prodtpl.icoremail.net (unknown [10.12.1.20]) by hzbj-icmmx-6 (Coremail) with SMTP id AQAAfwBXrdDggplpFBdzAA--.2745S2; Sat, 21 Feb 2026 18:03:12 +0800 (CST) Received: from phytium.com.cn (unknown [218.76.62.144]) by mail (Coremail) with SMTP id AQAAfwD3TevcgplpBk4cAA--.34138S4; Sat, 21 Feb 2026 18:03:09 +0800 (CST) From: Tao Tang To: Eric Auger , Peter Maydell , "Michael S . Tsirkin" , Marcel Apfelbaum Cc: qemu-devel@nongnu.org, qemu-arm@nongnu.org, Chen Baozi , Pierrick Bouvier , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , Mostafa Saleh , Chao Liu , Tao Tang Subject: [RFC v4 01/31] hw/arm/smmuv3-common: Fix incorrect reserved mask for SMMU CR0 register Date: Sat, 21 Feb 2026 18:02:20 +0800 Message-Id: <20260221100250.2976287-2-tangtao1634@phytium.com.cn> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20260221100250.2976287-1-tangtao1634@phytium.com.cn> References: <20260221100250.2976287-1-tangtao1634@phytium.com.cn> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-CM-TRANSID: AQAAfwD3TevcgplpBk4cAA--.34138S4 X-CM-SenderInfo: pwdqw3tdrrljuu6sx5pwlxzhxfrphubq/1tbiAQAJBWmTeekBBQAZs6 Authentication-Results: hzbj-icmmx-6; spf=neutral smtp.mail=tangtao163 4@phytium.com.cn; X-Coremail-Antispam: 1Uk129KBjvdXoWrZry5Ar43ZFW5GryDXw17GFg_yoWkXrbEka n7Jw4Fqw4rtFsrX3WUKFWfJry0kw4rJFWDWF1rXFnxGFyDAw4Uur1vv34kJ3yfGasrCFyf uan3JrW3X39rCjkaLaAFLSUrUUUU1b8apTn2vfkv8UJUUUU8wcxFpf9Il3svdxBIdaVrnU Uv73VFW2AGmfu7jjvjm3AaLaJ3UjIYCTnIWjDUYxBIdaVFxhVjvjDU0xZFpf9x0zRUUUUU UUUU= Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=209.97.181.73; envelope-from=tangtao1634@phytium.com.cn; helo=zg8tmja5ljk3lje4ms43mwaa.icoremail.net X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZM-MESSAGEID: 1771668277642158500 Content-Type: text/plain; charset="utf-8" The current definition of the SMMU_CR0_RESERVED mask is incorrect. It mistakenly treats bit 10 (DPT_WALK_EN) as a reserved bit while treating bit 9 (RES0) as an implemented bit. According to the SMMU architecture specification, the layout for CR0 is: | 31:11| RES0 | | 10 | DPT_WALK_EN | | 9 | RES0 | | 8:6 | VMW | | 5 | RES0 | | 4 | ATSCHK | | 3 | CMDQEN | | 2 | EVENTQEN | | 1 | PRIQEN | | 0 | SMMUEN | Signed-off-by: Tao Tang Reviewed-by: Eric Auger Link: https://lists.gnu.org/archive/html/qemu-arm/2025-06/msg00088.html Reviewed-by: Mostafa Saleh Reviewed-by: Pierrick Bouvier --- include/hw/arm/smmuv3-common.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/hw/arm/smmuv3-common.h b/include/hw/arm/smmuv3-common.h index 67a23fbeaae..2df54ba60f9 100644 --- a/include/hw/arm/smmuv3-common.h +++ b/include/hw/arm/smmuv3-common.h @@ -355,7 +355,7 @@ REG32(CR0, 0x20) FIELD(CR0, EVENTQEN, 2, 1) FIELD(CR0, CMDQEN, 3, 1) =20 -#define SMMU_CR0_RESERVED 0xFFFFFC20 +#define SMMU_CR0_RESERVED 0xFFFFFA20 =20 REG32(CR0ACK, 0x24) REG32(CR1, 0x28) --=20 2.34.1 From nobody Sun Apr 12 00:58:07 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1771668279509453.30544340104075; Sat, 21 Feb 2026 02:04:39 -0800 (PST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vtjpx-0005tz-NK; Sat, 21 Feb 2026 05:03:45 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vtjpe-0005lb-8Y; Sat, 21 Feb 2026 05:03:26 -0500 Received: from sgoci-sdnproxy-4.icoremail.net ([129.150.39.64]) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vtjpb-00052K-3U; Sat, 21 Feb 2026 05:03:26 -0500 Received: from prodtpl.icoremail.net (unknown [10.12.1.20]) by hzbj-icmmx-6 (Coremail) with SMTP id AQAAfwCH3dHhgplpFhdzAA--.2918S2; Sat, 21 Feb 2026 18:03:13 +0800 (CST) Received: from phytium.com.cn (unknown [218.76.62.144]) by mail (Coremail) with SMTP id AQAAfwD3TevcgplpBk4cAA--.34138S5; Sat, 21 Feb 2026 18:03:11 +0800 (CST) From: Tao Tang To: Eric Auger , Peter Maydell , "Michael S . Tsirkin" , Marcel Apfelbaum Cc: qemu-devel@nongnu.org, qemu-arm@nongnu.org, Chen Baozi , Pierrick Bouvier , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , Mostafa Saleh , Chao Liu , Tao Tang Subject: [RFC v4 02/31] hw/arm/smmuv3: Correct SMMUEN field name in CR0 Date: Sat, 21 Feb 2026 18:02:21 +0800 Message-Id: <20260221100250.2976287-3-tangtao1634@phytium.com.cn> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20260221100250.2976287-1-tangtao1634@phytium.com.cn> References: <20260221100250.2976287-1-tangtao1634@phytium.com.cn> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-CM-TRANSID: AQAAfwD3TevcgplpBk4cAA--.34138S5 X-CM-SenderInfo: pwdqw3tdrrljuu6sx5pwlxzhxfrphubq/1tbiAQANBWmYzyUAGgAAsI Authentication-Results: hzbj-icmmx-6; spf=neutral smtp.mail=tangtao163 4@phytium.com.cn; X-Coremail-Antispam: 1Uk129KBjvJXoW7CrW8CrykJr4DKr48WFWxWFg_yoW8XrWfpa 1kCFn5KrWUCa4S9rykJw47ZF15Wa1kWr1UKr9rG3sxJw1ayrZxAryDKanFgFykurWjqF45 uFn2va409w40vrJanT9S1TB71UUUUU7qnTZGkaVYY2UrUUUUj1kv1TuYvTs0mT0YCTnIWj DUYxn0WfASr-VFAU7a7-sFnT9fnUUIcSsGvfJ3UbIYCTnIWIevJa73UjIFyTuYvj4RJUUU UUUUU Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=129.150.39.64; envelope-from=tangtao1634@phytium.com.cn; helo=sgoci-sdnproxy-4.icoremail.net X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZM-MESSAGEID: 1771668281868158500 Content-Type: text/plain; charset="utf-8" The FIELD macro for the SMMU enable bit in the CR0 register was incorrectly named SMMU_ENABLE. The ARM SMMUv3 Architecture Specification (both older IHI 0070.E.a and newer IHI 0070.G.b) consistently refers to the SMMU enable bit as SMMUEN. This change makes our implementation consistent with the manual. Signed-off-by: Tao Tang Reviewed-by: Eric Auger Link: https://lists.nongnu.org/archive/html/qemu-arm/2025-09/msg01270.html Reviewed-by: Mostafa Saleh Reviewed-by: Pierrick Bouvier --- hw/arm/smmuv3-internal.h | 2 +- include/hw/arm/smmuv3-common.h | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/hw/arm/smmuv3-internal.h b/hw/arm/smmuv3-internal.h index a6464425ec3..ebdb4ebae67 100644 --- a/hw/arm/smmuv3-internal.h +++ b/hw/arm/smmuv3-internal.h @@ -41,7 +41,7 @@ typedef enum SMMUTranslationClass { =20 static inline int smmu_enabled(SMMUv3State *s) { - return FIELD_EX32(s->cr[0], CR0, SMMU_ENABLE); + return FIELD_EX32(s->cr[0], CR0, SMMUEN); } =20 /* Command Queue Entry */ diff --git a/include/hw/arm/smmuv3-common.h b/include/hw/arm/smmuv3-common.h index 2df54ba60f9..9f78bbe89eb 100644 --- a/include/hw/arm/smmuv3-common.h +++ b/include/hw/arm/smmuv3-common.h @@ -351,7 +351,7 @@ REG32(IDR5, 0x14) REG32(IIDR, 0x18) REG32(AIDR, 0x1c) REG32(CR0, 0x20) - FIELD(CR0, SMMU_ENABLE, 0, 1) + FIELD(CR0, SMMUEN, 0, 1) FIELD(CR0, EVENTQEN, 2, 1) FIELD(CR0, CMDQEN, 3, 1) =20 --=20 2.34.1 From nobody Sun Apr 12 00:58:07 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1771668338841492.1976981085031; Sat, 21 Feb 2026 02:05:38 -0800 (PST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vtjpt-0005ow-Fp; Sat, 21 Feb 2026 05:03:41 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vtjpd-0005kk-Ne; Sat, 21 Feb 2026 05:03:26 -0500 Received: from sgoci-sdnproxy-4.icoremail.net ([129.150.39.64]) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vtjpZ-00054W-IY; Sat, 21 Feb 2026 05:03:25 -0500 Received: from prodtpl.icoremail.net (unknown [10.12.1.20]) by hzbj-icmmx-7 (Coremail) with SMTP id AQAAfwAHD2PjgplpbKBVBw--.4702S2; Sat, 21 Feb 2026 18:03:15 +0800 (CST) Received: from phytium.com.cn (unknown [218.76.62.144]) by mail (Coremail) with SMTP id AQAAfwD3TevcgplpBk4cAA--.34138S6; Sat, 21 Feb 2026 18:03:12 +0800 (CST) From: Tao Tang To: Eric Auger , Peter Maydell , "Michael S . Tsirkin" , Marcel Apfelbaum Cc: qemu-devel@nongnu.org, qemu-arm@nongnu.org, Chen Baozi , Pierrick Bouvier , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , Mostafa Saleh , Chao Liu , Tao Tang Subject: [RFC v4 03/31] hw/arm/smmuv3: Introduce secure registers Date: Sat, 21 Feb 2026 18:02:22 +0800 Message-Id: <20260221100250.2976287-4-tangtao1634@phytium.com.cn> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20260221100250.2976287-1-tangtao1634@phytium.com.cn> References: <20260221100250.2976287-1-tangtao1634@phytium.com.cn> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-CM-TRANSID: AQAAfwD3TevcgplpBk4cAA--.34138S6 X-CM-SenderInfo: pwdqw3tdrrljuu6sx5pwlxzhxfrphubq/1tbiAQANBWmYzyUAHAAAsO Authentication-Results: hzbj-icmmx-7; spf=neutral smtp.mail=tangtao163 4@phytium.com.cn; X-Coremail-Antispam: 1Uk129KBjvJXoWxWr45Wry5Cw13Gw1xJF45GFg_yoW5uFW8pF 4Iyr1ru3yDWF47Zw1fGa1UAF13Crs5Aa4xJFZFkr129a4fWryayrW8Ka4fGr1kXF1rZF1D GFnFv34Fg34Syr7anT9S1TB71UUUUUDqnTZGkaVYY2UrUUUUj1kv1TuYvTs0mT0YCTnIWj DUYxn0WfASr-VFAU7a7-sFnT9fnUUIcSsGvfJ3UbIYCTnIWIevJa73UjIFyTuYvj4RJUUU UUUUU Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=129.150.39.64; envelope-from=tangtao1634@phytium.com.cn; helo=sgoci-sdnproxy-4.icoremail.net X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZM-MESSAGEID: 1771668339793158500 Content-Type: text/plain; charset="utf-8" The Arm SMMUv3 architecture defines a set of registers for managing secure transactions and context. This patch introduces the definitions for these secure registers within the SMMUv3 device model internal header. Signed-off-by: Tao Tang Reviewed-by: Eric Auger Link: https://lore.kernel.org/qemu-devel/759ec110-365f-488b-802d-c7bb1efe30= bc@redhat.com/ Reviewed-by: Mostafa Saleh Reviewed-by: Pierrick Bouvier --- include/hw/arm/smmuv3-common.h | 70 +++++++++++++++++++++++++++++++++- 1 file changed, 69 insertions(+), 1 deletion(-) diff --git a/include/hw/arm/smmuv3-common.h b/include/hw/arm/smmuv3-common.h index 9f78bbe89eb..c40fa46fb88 100644 --- a/include/hw/arm/smmuv3-common.h +++ b/include/hw/arm/smmuv3-common.h @@ -269,7 +269,7 @@ REG32(CD_5, 20) ((sel) ? ((cd)->word[4] =3D FIELD_DP32((cd)->word[4], CD_4, NSCFG1, (v= ))) : \ ((cd)->word[2] =3D FIELD_DP32((cd)->word[2], CD_2, NSCFG0, (v= )))) =20 -/* MMIO Registers */ +/* MMIO Registers. Shared by Non-secure/Realm/Root states. */ =20 REG32(IDR0, 0x0) FIELD(IDR0, S2P, 0 , 1) @@ -356,6 +356,7 @@ REG32(CR0, 0x20) FIELD(CR0, CMDQEN, 3, 1) =20 #define SMMU_CR0_RESERVED 0xFFFFFA20 +#define SMMU_S_CR0_RESERVED 0xFFFFFC12 =20 REG32(CR0ACK, 0x24) REG32(CR1, 0x28) @@ -414,6 +415,73 @@ REG32(EVENTQ_IRQ_CFG2, 0xbc) =20 #define A_IDREGS 0xfd0 =20 +#define SMMU_SECURE_REG_START 0x8000 /* Start of secure-only registers */ + +REG32(S_IDR0, 0x8000) + FIELD(S_IDR0, STALL_MODEL, 24, 2) +REG32(S_IDR1, 0x8004) + FIELD(S_IDR1, S_SIDSIZE, 0 , 6) + FIELD(S_IDR1, SEL2, 29, 1) + FIELD(S_IDR1, SECURE_IMPL, 31, 1) + +REG32(S_IDR2, 0x8008) +REG32(S_IDR3, 0x800c) +REG32(S_IDR4, 0x8010) + +REG32(S_CR0, 0x8020) + FIELD(S_CR0, SMMUEN, 0, 1) + FIELD(S_CR0, EVENTQEN, 2, 1) + FIELD(S_CR0, CMDQEN, 3, 1) + +REG32(S_CR0ACK, 0x8024) +REG32(S_CR1, 0x8028) +REG32(S_CR2, 0x802c) + +REG32(S_INIT, 0x803c) + FIELD(S_INIT, INV_ALL, 0, 1) + +REG32(S_GBPA, 0x8044) + FIELD(S_GBPA, ABORT, 20, 1) + FIELD(S_GBPA, UPDATE, 31, 1) + +REG32(S_IRQ_CTRL, 0x8050) + FIELD(S_IRQ_CTRL, GERROR_IRQEN, 0, 1) + FIELD(S_IRQ_CTRL, EVENTQ_IRQEN, 2, 1) + +REG32(S_IRQ_CTRLACK, 0x8054) + +REG32(S_GERROR, 0x8060) + FIELD(S_GERROR, CMDQ_ERR, 0, 1) + +#define SMMU_GERROR_IRQ_CFG0_RESERVED 0x00FFFFFFFFFFFFFC +#define SMMU_GERROR_IRQ_CFG2_RESERVED 0x000000000000003F + +#define SMMU_STRTAB_BASE_RESERVED 0x40FFFFFFFFFFFFC0 +#define SMMU_QUEUE_BASE_RESERVED 0x40FFFFFFFFFFFFFF +#define SMMU_EVENTQ_IRQ_CFG0_RESERVED 0x00FFFFFFFFFFFFFC + +REG32(S_GERRORN, 0x8064) +REG64(S_GERROR_IRQ_CFG0, 0x8068) +REG32(S_GERROR_IRQ_CFG1, 0x8070) +REG32(S_GERROR_IRQ_CFG2, 0x8074) +REG64(S_STRTAB_BASE, 0x8080) +REG32(S_STRTAB_BASE_CFG, 0x8088) + FIELD(S_STRTAB_BASE_CFG, LOG2SIZE, 0, 6) + FIELD(S_STRTAB_BASE_CFG, SPLIT, 6, 5) + FIELD(S_STRTAB_BASE_CFG, FMT, 16, 2) + +REG64(S_CMDQ_BASE, 0x8090) +REG32(S_CMDQ_PROD, 0x8098) +REG32(S_CMDQ_CONS, 0x809c) + FIELD(S_CMDQ_CONS, ERR, 24, 7) + +REG64(S_EVENTQ_BASE, 0x80a0) +REG32(S_EVENTQ_PROD, 0x80a8) +REG32(S_EVENTQ_CONS, 0x80ac) +REG64(S_EVENTQ_IRQ_CFG0, 0x80b0) +REG32(S_EVENTQ_IRQ_CFG1, 0x80b8) +REG32(S_EVENTQ_IRQ_CFG2, 0x80bc) + /* Commands */ =20 typedef enum SMMUCommandType { --=20 2.34.1 From nobody Sun Apr 12 00:58:07 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1771668318227126.50947829576648; Sat, 21 Feb 2026 02:05:18 -0800 (PST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vtjpt-0005pH-OU; Sat, 21 Feb 2026 05:03:41 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vtjpf-0005mE-CL; Sat, 21 Feb 2026 05:03:28 -0500 Received: from zg8tmja5ljk3lje4ms43mwaa.icoremail.net ([209.97.181.73]) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vtjpZ-00056m-KB; Sat, 21 Feb 2026 05:03:27 -0500 Received: from prodtpl.icoremail.net (unknown [10.12.1.20]) by hzbj-icmmx-7 (Coremail) with SMTP id AQAAfwCnr5vjgplpc6BVBw--.3730S2; Sat, 21 Feb 2026 18:03:15 +0800 (CST) Received: from phytium.com.cn (unknown [218.76.62.144]) by mail (Coremail) with SMTP id AQAAfwD3TevcgplpBk4cAA--.34138S7; Sat, 21 Feb 2026 18:03:13 +0800 (CST) From: Tao Tang To: Eric Auger , Peter Maydell , "Michael S . Tsirkin" , Marcel Apfelbaum Cc: qemu-devel@nongnu.org, qemu-arm@nongnu.org, Chen Baozi , Pierrick Bouvier , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , Mostafa Saleh , Chao Liu , Tao Tang Subject: [RFC v4 04/31] hw/arm/smmuv3: Introduce banked registers for SMMUv3 state Date: Sat, 21 Feb 2026 18:02:23 +0800 Message-Id: <20260221100250.2976287-5-tangtao1634@phytium.com.cn> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20260221100250.2976287-1-tangtao1634@phytium.com.cn> References: <20260221100250.2976287-1-tangtao1634@phytium.com.cn> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-CM-TRANSID: AQAAfwD3TevcgplpBk4cAA--.34138S7 X-CM-SenderInfo: pwdqw3tdrrljuu6sx5pwlxzhxfrphubq/1tbiAQANBWmYzyUAHgAAsM Authentication-Results: hzbj-icmmx-7; spf=neutral smtp.mail=tangtao163 4@phytium.com.cn; X-Coremail-Antispam: 1Uk129KBjvAXoWfZw1xJr4kWF43CF1kXw1DKFg_yoWrJFy5Go W2yF4qqw4DZw4kCa48uFn5JF18tFW8Cw4qqa1YvrWa9FsFgw45Kryxtrs8CF9IkF45XrWk Cw4xu3yrXFWIvFn5n29KB7ZKAUJUUUU5529EdanIXcx71UUUUU7KY7ZEXasCq-sGcSsGvf J3UbIjqfuFe4nvWSU8nxnvy29KBjDU0xBIdaVrnUUvcSsGvfC2KfnxnUUI43ZEXa7xR_UU UUUUUUU== Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=209.97.181.73; envelope-from=tangtao1634@phytium.com.cn; helo=zg8tmja5ljk3lje4ms43mwaa.icoremail.net X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZM-MESSAGEID: 1771668319953158500 Content-Type: text/plain; charset="utf-8" Rework the SMMUv3 state management by introducing a banked register structure. This is a purely mechanical refactoring with no functional changes. To support multiple security states, a new enum, SMMUSecSID, is introduced to identify each state, sticking to the spec terminology. A new structure, SMMUv3RegBank, is then defined to hold the state for a single security context. The main SMMUv3State now contains an array of these banks, indexed by SMMUSecSID. This avoids the need for separate fields for non-secure and future secure registers. All existing code, which handles only the Non-secure state, is updated to access its state via s->bank[SMMU_SEC_SID_NS]. A local bank helper pointer is used where it improves readability. Function signatures and logic remain untouched in this commit to isolate the structural changes and simplify review. This is the foundational step for building multi-security-state support. Signed-off-by: Tao Tang Reviewed-by: Eric Auger Reviewed-by: Mostafa Saleh Reviewed-by: Pierrick Bouvier --- hw/arm/smmuv3-accel.c | 42 +++-- hw/arm/smmuv3-internal.h | 24 ++- hw/arm/smmuv3.c | 345 +++++++++++++++++++---------------- include/hw/arm/smmu-common.h | 6 + include/hw/arm/smmuv3.h | 30 ++- 5 files changed, 257 insertions(+), 190 deletions(-) diff --git a/hw/arm/smmuv3-accel.c b/hw/arm/smmuv3-accel.c index f5cd4df336a..30d4b38c0a3 100644 --- a/hw/arm/smmuv3-accel.c +++ b/hw/arm/smmuv3-accel.c @@ -40,19 +40,20 @@ smmuv3_accel_check_hw_compatible(SMMUv3State *s, struct iommu_hw_info_arm_smmuv3 *info, Error **errp) { + SMMUv3RegBank *bank =3D smmuv3_bank(s, SMMU_SEC_SID_NS); /* QEMU SMMUv3 supports both linear and 2-level stream tables */ if (FIELD_EX32(info->idr[0], IDR0, STLEVEL) !=3D - FIELD_EX32(s->idr[0], IDR0, STLEVEL)) { + FIELD_EX32(bank->idr[0], IDR0, STLEVEL)) { error_setg(errp, "Host SMMUv3 Stream Table format mismatch " "(host STLEVEL=3D%u, QEMU STLEVEL=3D%u)", FIELD_EX32(info->idr[0], IDR0, STLEVEL), - FIELD_EX32(s->idr[0], IDR0, STLEVEL)); + FIELD_EX32(bank->idr[0], IDR0, STLEVEL)); return false; } =20 /* QEMU SMMUv3 supports only little-endian translation table walks */ if (FIELD_EX32(info->idr[0], IDR0, TTENDIAN) > - FIELD_EX32(s->idr[0], IDR0, TTENDIAN)) { + FIELD_EX32(bank->idr[0], IDR0, TTENDIAN)) { error_setg(errp, "Host SMMUv3 doesn't support Little-endian " "translation table"); return false; @@ -60,7 +61,7 @@ smmuv3_accel_check_hw_compatible(SMMUv3State *s, =20 /* QEMU SMMUv3 supports only AArch64 translation table format */ if (FIELD_EX32(info->idr[0], IDR0, TTF) < - FIELD_EX32(s->idr[0], IDR0, TTF)) { + FIELD_EX32(bank->idr[0], IDR0, TTF)) { error_setg(errp, "Host SMMUv3 doesn't support AArch64 translation " "table format"); return false; @@ -68,53 +69,53 @@ smmuv3_accel_check_hw_compatible(SMMUv3State *s, =20 /* QEMU SMMUv3 supports SIDSIZE 16 */ if (FIELD_EX32(info->idr[1], IDR1, SIDSIZE) < - FIELD_EX32(s->idr[1], IDR1, SIDSIZE)) { + FIELD_EX32(bank->idr[1], IDR1, SIDSIZE)) { error_setg(errp, "Host SMMUv3 SIDSIZE not compatible " "(host=3D%u, QEMU=3D%u)", FIELD_EX32(info->idr[1], IDR1, SIDSIZE), - FIELD_EX32(s->idr[1], IDR1, SIDSIZE)); + FIELD_EX32(bank->idr[1], IDR1, SIDSIZE)); return false; } =20 /* Check SSIDSIZE value opted-in is compatible with Host SMMUv3 SSIDSI= ZE */ if (FIELD_EX32(info->idr[1], IDR1, SSIDSIZE) < - FIELD_EX32(s->idr[1], IDR1, SSIDSIZE)) { + FIELD_EX32(bank->idr[1], IDR1, SSIDSIZE)) { error_setg(errp, "Host SMMUv3 SSIDSIZE not compatible " "(host=3D%u, QEMU=3D%u)", FIELD_EX32(info->idr[1], IDR1, SSIDSIZE), - FIELD_EX32(s->idr[1], IDR1, SSIDSIZE)); + FIELD_EX32(bank->idr[1], IDR1, SSIDSIZE)); return false; } =20 /* User can disable QEMU SMMUv3 Range Invalidation support */ if (FIELD_EX32(info->idr[3], IDR3, RIL) < - FIELD_EX32(s->idr[3], IDR3, RIL)) { + FIELD_EX32(bank->idr[3], IDR3, RIL)) { error_setg(errp, "Host SMMUv3 doesn't support Range Invalidation"); return false; } /* Check OAS value opted is compatible with Host SMMUv3 IPA */ if (FIELD_EX32(info->idr[5], IDR5, OAS) < - FIELD_EX32(s->idr[5], IDR5, OAS)) { + FIELD_EX32(bank->idr[5], IDR5, OAS)) { error_setg(errp, "Host SMMUv3 supports only %d-bit IPA, but the vS= MMU " "OAS implies %d-bit IPA", smmuv3_oas_bits(FIELD_EX32(info->idr[5], IDR5, OAS)), - smmuv3_oas_bits(FIELD_EX32(s->idr[5], IDR5, OAS))); + smmuv3_oas_bits(FIELD_EX32(bank->idr[5], IDR5, OAS))); return false; } =20 /* QEMU SMMUv3 supports GRAN4K/GRAN16K/GRAN64K translation granules */ if (FIELD_EX32(info->idr[5], IDR5, GRAN4K) !=3D - FIELD_EX32(s->idr[5], IDR5, GRAN4K)) { + FIELD_EX32(bank->idr[5], IDR5, GRAN4K)) { error_setg(errp, "Host SMMUv3 doesn't support 4K translation granu= le"); return false; } if (FIELD_EX32(info->idr[5], IDR5, GRAN16K) !=3D - FIELD_EX32(s->idr[5], IDR5, GRAN16K)) { + FIELD_EX32(bank->idr[5], IDR5, GRAN16K)) { error_setg(errp, "Host SMMUv3 doesn't support 16K translation gran= ule"); return false; } if (FIELD_EX32(info->idr[5], IDR5, GRAN64K) !=3D - FIELD_EX32(s->idr[5], IDR5, GRAN64K)) { + FIELD_EX32(bank->idr[5], IDR5, GRAN64K)) { error_setg(errp, "Host SMMUv3 doesn't support 64K translation gran= ule"); return false; } @@ -168,7 +169,8 @@ static SMMUv3AccelDevice *smmuv3_accel_get_dev(SMMUStat= e *bs, SMMUPciBus *sbus, =20 static uint32_t smmuv3_accel_gbpa_hwpt(SMMUv3State *s, SMMUv3AccelState *a= ccel) { - return FIELD_EX32(s->gbpa, GBPA, ABORT) ? + SMMUv3RegBank *bank =3D smmuv3_bank(s, SMMU_SEC_SID_NS); + return FIELD_EX32(bank->gbpa, GBPA, ABORT) ? accel->abort_hwpt_id : accel->bypass_hwpt_id; } =20 @@ -687,22 +689,24 @@ void smmuv3_accel_idr_override(SMMUv3State *s) return; } =20 + SMMUv3RegBank *bank =3D smmuv3_bank(s, SMMU_SEC_SID_NS); + /* By default QEMU SMMUv3 has RIL. Update IDR3 if user has disabled it= */ - s->idr[3] =3D FIELD_DP32(s->idr[3], IDR3, RIL, s->ril); + bank->idr[3] =3D FIELD_DP32(bank->idr[3], IDR3, RIL, s->ril); =20 /* QEMU SMMUv3 has no ATS. Advertise ATS if opt-in by property */ - s->idr[0] =3D FIELD_DP32(s->idr[0], IDR0, ATS, s->ats); + bank->idr[0] =3D FIELD_DP32(bank->idr[0], IDR0, ATS, s->ats); =20 /* Advertise 48-bit OAS in IDR5 when requested (default is 44 bits). */ if (s->oas =3D=3D SMMU_OAS_48BIT) { - s->idr[5] =3D FIELD_DP32(s->idr[5], IDR5, OAS, SMMU_IDR5_OAS_48); + bank->idr[5] =3D FIELD_DP32(bank->idr[5], IDR5, OAS, SMMU_IDR5_OAS= _48); } =20 /* * By default QEMU SMMUv3 has no SubstreamID support. Update IDR1 if u= ser * has enabled it. */ - s->idr[1] =3D FIELD_DP32(s->idr[1], IDR1, SSIDSIZE, s->ssidsize); + bank->idr[1] =3D FIELD_DP32(bank->idr[1], IDR1, SSIDSIZE, s->ssidsize); } =20 /* Based on SMUUv3 GPBA.ABORT configuration, attach a corresponding HWPT */ diff --git a/hw/arm/smmuv3-internal.h b/hw/arm/smmuv3-internal.h index ebdb4ebae67..deb1ef60e87 100644 --- a/hw/arm/smmuv3-internal.h +++ b/hw/arm/smmuv3-internal.h @@ -41,7 +41,9 @@ typedef enum SMMUTranslationClass { =20 static inline int smmu_enabled(SMMUv3State *s) { - return FIELD_EX32(s->cr[0], CR0, SMMUEN); + SMMUSecSID sec_sid =3D SMMU_SEC_SID_NS; + SMMUv3RegBank *bank =3D smmuv3_bank(s, sec_sid); + return FIELD_EX32(bank->cr[0], CR0, SMMUEN); } =20 /* Command Queue Entry */ @@ -69,12 +71,16 @@ static inline uint32_t smmuv3_idreg(int regoffset) =20 static inline bool smmuv3_eventq_irq_enabled(SMMUv3State *s) { - return FIELD_EX32(s->irq_ctrl, IRQ_CTRL, EVENTQ_IRQEN); + SMMUSecSID sec_sid =3D SMMU_SEC_SID_NS; + SMMUv3RegBank *bank =3D smmuv3_bank(s, sec_sid); + return FIELD_EX32(bank->irq_ctrl, IRQ_CTRL, EVENTQ_IRQEN); } =20 static inline bool smmuv3_gerror_irq_enabled(SMMUv3State *s) { - return FIELD_EX32(s->irq_ctrl, IRQ_CTRL, GERROR_IRQEN); + SMMUSecSID sec_sid =3D SMMU_SEC_SID_NS; + SMMUv3RegBank *bank =3D smmuv3_bank(s, sec_sid); + return FIELD_EX32(bank->irq_ctrl, IRQ_CTRL, GERROR_IRQEN); } =20 /* Queue Handling */ @@ -119,17 +125,23 @@ static inline void queue_cons_incr(SMMUQueue *q) =20 static inline bool smmuv3_cmdq_enabled(SMMUv3State *s) { - return FIELD_EX32(s->cr[0], CR0, CMDQEN); + SMMUSecSID sec_sid =3D SMMU_SEC_SID_NS; + SMMUv3RegBank *bank =3D smmuv3_bank(s, sec_sid); + return FIELD_EX32(bank->cr[0], CR0, CMDQEN); } =20 static inline bool smmuv3_eventq_enabled(SMMUv3State *s) { - return FIELD_EX32(s->cr[0], CR0, EVENTQEN); + SMMUSecSID sec_sid =3D SMMU_SEC_SID_NS; + SMMUv3RegBank *bank =3D smmuv3_bank(s, sec_sid); + return FIELD_EX32(bank->cr[0], CR0, EVENTQEN); } =20 static inline void smmu_write_cmdq_err(SMMUv3State *s, uint32_t err_type) { - s->cmdq.cons =3D FIELD_DP32(s->cmdq.cons, CMDQ_CONS, ERR, err_type); + SMMUSecSID sec_sid =3D SMMU_SEC_SID_NS; + SMMUv3RegBank *bank =3D smmuv3_bank(s, sec_sid); + bank->cmdq.cons =3D FIELD_DP32(bank->cmdq.cons, CMDQ_CONS, ERR, err_ty= pe); } =20 static const char *cmd_stringify[] =3D { diff --git a/hw/arm/smmuv3.c b/hw/arm/smmuv3.c index c08d58c5790..5511585601d 100644 --- a/hw/arm/smmuv3.c +++ b/hw/arm/smmuv3.c @@ -52,6 +52,8 @@ static void smmuv3_trigger_irq(SMMUv3State *s, SMMUIrq irq, uint32_t gerror_mask) { + SMMUSecSID sec_sid =3D SMMU_SEC_SID_NS; + SMMUv3RegBank *bank =3D smmuv3_bank(s, sec_sid); =20 bool pulse =3D false; =20 @@ -67,15 +69,15 @@ static void smmuv3_trigger_irq(SMMUv3State *s, SMMUIrq = irq, break; case SMMU_IRQ_GERROR: { - uint32_t pending =3D s->gerror ^ s->gerrorn; + uint32_t pending =3D bank->gerror ^ bank->gerrorn; uint32_t new_gerrors =3D ~pending & gerror_mask; =20 if (!new_gerrors) { /* only toggle non pending errors */ return; } - s->gerror ^=3D new_gerrors; - trace_smmuv3_write_gerror(new_gerrors, s->gerror); + bank->gerror ^=3D new_gerrors; + trace_smmuv3_write_gerror(new_gerrors, bank->gerror); =20 pulse =3D smmuv3_gerror_irq_enabled(s); break; @@ -89,8 +91,10 @@ static void smmuv3_trigger_irq(SMMUv3State *s, SMMUIrq i= rq, =20 static void smmuv3_write_gerrorn(SMMUv3State *s, uint32_t new_gerrorn) { - uint32_t pending =3D s->gerror ^ s->gerrorn; - uint32_t toggled =3D s->gerrorn ^ new_gerrorn; + SMMUSecSID sec_sid =3D SMMU_SEC_SID_NS; + SMMUv3RegBank *bank =3D smmuv3_bank(s, sec_sid); + uint32_t pending =3D bank->gerror ^ bank->gerrorn; + uint32_t toggled =3D bank->gerrorn ^ new_gerrorn; =20 if (toggled & ~pending) { qemu_log_mask(LOG_GUEST_ERROR, @@ -102,9 +106,9 @@ static void smmuv3_write_gerrorn(SMMUv3State *s, uint32= _t new_gerrorn) * We do not raise any error in case guest toggles bits corresponding * to not active IRQs (CONSTRAINED UNPREDICTABLE) */ - s->gerrorn =3D new_gerrorn; + bank->gerrorn =3D new_gerrorn; =20 - trace_smmuv3_write_gerrorn(toggled & pending, s->gerrorn); + trace_smmuv3_write_gerrorn(toggled & pending, bank->gerrorn); } =20 static inline MemTxResult queue_read(SMMUQueue *q, Cmd *cmd) @@ -146,7 +150,9 @@ static MemTxResult queue_write(SMMUQueue *q, Evt *evt_i= n) =20 static MemTxResult smmuv3_write_eventq(SMMUv3State *s, Evt *evt) { - SMMUQueue *q =3D &s->eventq; + SMMUSecSID sec_sid =3D SMMU_SEC_SID_NS; + SMMUv3RegBank *bank =3D smmuv3_bank(s, sec_sid); + SMMUQueue *q =3D &bank->eventq; MemTxResult r; =20 if (!smmuv3_eventq_enabled(s)) { @@ -266,69 +272,75 @@ void smmuv3_record_event(SMMUv3State *s, SMMUEventInf= o *info) */ static void smmuv3_init_id_regs(SMMUv3State *s) { + SMMUv3RegBank *bk =3D smmuv3_bank(s, SMMU_SEC_SID_NS); + /* Based on sys property, the stages supported in smmu will be adverti= sed.*/ if (s->stage && !strcmp("2", s->stage)) { - s->idr[0] =3D FIELD_DP32(s->idr[0], IDR0, S2P, 1); + bk->idr[0] =3D FIELD_DP32(bk->idr[0], IDR0, S2P, 1); } else if (s->stage && !strcmp("nested", s->stage)) { - s->idr[0] =3D FIELD_DP32(s->idr[0], IDR0, S1P, 1); - s->idr[0] =3D FIELD_DP32(s->idr[0], IDR0, S2P, 1); + bk->idr[0] =3D FIELD_DP32(bk->idr[0], IDR0, S1P, 1); + bk->idr[0] =3D FIELD_DP32(bk->idr[0], IDR0, S2P, 1); } else { - s->idr[0] =3D FIELD_DP32(s->idr[0], IDR0, S1P, 1); + bk->idr[0] =3D FIELD_DP32(bk->idr[0], IDR0, S1P, 1); } =20 - s->idr[0] =3D FIELD_DP32(s->idr[0], IDR0, TTF, 2); /* AArch64 PTW only= */ - s->idr[0] =3D FIELD_DP32(s->idr[0], IDR0, COHACC, 1); /* IO coherent */ - s->idr[0] =3D FIELD_DP32(s->idr[0], IDR0, ASID16, 1); /* 16-bit ASID */ - s->idr[0] =3D FIELD_DP32(s->idr[0], IDR0, VMID16, 1); /* 16-bit VMID */ - s->idr[0] =3D FIELD_DP32(s->idr[0], IDR0, TTENDIAN, 2); /* little endi= an */ - s->idr[0] =3D FIELD_DP32(s->idr[0], IDR0, STALL_MODEL, 1); /* No stall= */ + bk->idr[0] =3D FIELD_DP32(bk->idr[0], IDR0, TTF, 2); /* AArch64 PTW on= ly */ + bk->idr[0] =3D FIELD_DP32(bk->idr[0], IDR0, COHACC, 1); /* IO coherent= */ + bk->idr[0] =3D FIELD_DP32(bk->idr[0], IDR0, ASID16, 1); /* 16-bit ASID= */ + bk->idr[0] =3D FIELD_DP32(bk->idr[0], IDR0, VMID16, 1); /* 16-bit VMID= */ + bk->idr[0] =3D FIELD_DP32(bk->idr[0], IDR0, TTENDIAN, 2); /* little en= dian */ + bk->idr[0] =3D FIELD_DP32(bk->idr[0], IDR0, STALL_MODEL, 1); /* No sta= ll */ /* terminated transaction will always be aborted/error returned */ - s->idr[0] =3D FIELD_DP32(s->idr[0], IDR0, TERM_MODEL, 1); + bk->idr[0] =3D FIELD_DP32(bk->idr[0], IDR0, TERM_MODEL, 1); /* 2-level stream table supported */ - s->idr[0] =3D FIELD_DP32(s->idr[0], IDR0, STLEVEL, 1); + bk->idr[0] =3D FIELD_DP32(bk->idr[0], IDR0, STLEVEL, 1); =20 - s->idr[1] =3D FIELD_DP32(s->idr[1], IDR1, SIDSIZE, SMMU_IDR1_SIDSIZE); - s->idr[1] =3D FIELD_DP32(s->idr[1], IDR1, EVENTQS, SMMU_EVENTQS); - s->idr[1] =3D FIELD_DP32(s->idr[1], IDR1, CMDQS, SMMU_CMDQS); + bk->idr[1] =3D FIELD_DP32(bk->idr[1], IDR1, SIDSIZE, SMMU_IDR1_SIDSIZE= ); + bk->idr[1] =3D FIELD_DP32(bk->idr[1], IDR1, EVENTQS, SMMU_EVENTQS); + bk->idr[1] =3D FIELD_DP32(bk->idr[1], IDR1, CMDQS, SMMU_CMDQS); =20 - s->idr[3] =3D FIELD_DP32(s->idr[3], IDR3, HAD, 1); - if (FIELD_EX32(s->idr[0], IDR0, S2P)) { + bk->idr[3] =3D FIELD_DP32(bk->idr[3], IDR3, HAD, 1); + if (FIELD_EX32(bk->idr[0], IDR0, S2P)) { /* XNX is a stage-2-specific feature */ - s->idr[3] =3D FIELD_DP32(s->idr[3], IDR3, XNX, 1); + bk->idr[3] =3D FIELD_DP32(bk->idr[3], IDR3, XNX, 1); } - s->idr[3] =3D FIELD_DP32(s->idr[3], IDR3, RIL, 1); - s->idr[3] =3D FIELD_DP32(s->idr[3], IDR3, BBML, 2); + bk->idr[3] =3D FIELD_DP32(bk->idr[3], IDR3, RIL, 1); + bk->idr[3] =3D FIELD_DP32(bk->idr[3], IDR3, BBML, 2); =20 /* OAS: 44 bits */ - s->idr[5] =3D FIELD_DP32(s->idr[5], IDR5, OAS, SMMU_IDR5_OAS_44); + bk->idr[5] =3D FIELD_DP32(bk->idr[5], IDR5, OAS, SMMU_IDR5_OAS_44); /* 4K, 16K and 64K granule support */ - s->idr[5] =3D FIELD_DP32(s->idr[5], IDR5, GRAN4K, 1); - s->idr[5] =3D FIELD_DP32(s->idr[5], IDR5, GRAN16K, 1); - s->idr[5] =3D FIELD_DP32(s->idr[5], IDR5, GRAN64K, 1); + bk->idr[5] =3D FIELD_DP32(bk->idr[5], IDR5, GRAN4K, 1); + bk->idr[5] =3D FIELD_DP32(bk->idr[5], IDR5, GRAN16K, 1); + bk->idr[5] =3D FIELD_DP32(bk->idr[5], IDR5, GRAN64K, 1); s->aidr =3D 0x1; smmuv3_accel_idr_override(s); } =20 static void smmuv3_reset(SMMUv3State *s) { - s->cmdq.base =3D deposit64(s->cmdq.base, 0, 5, SMMU_CMDQS); - s->cmdq.prod =3D 0; - s->cmdq.cons =3D 0; - s->cmdq.entry_size =3D sizeof(struct Cmd); - s->eventq.base =3D deposit64(s->eventq.base, 0, 5, SMMU_EVENTQS); - s->eventq.prod =3D 0; - s->eventq.cons =3D 0; - s->eventq.entry_size =3D sizeof(struct Evt); - - s->features =3D 0; - s->sid_split =3D 0; - s->cr[0] =3D 0; - s->cr0ack =3D 0; - s->irq_ctrl =3D 0; - s->gerror =3D 0; - s->gerrorn =3D 0; + SMMUv3RegBank *bk =3D smmuv3_bank(s, SMMU_SEC_SID_NS); + + bk->cmdq.base =3D deposit64(bk->cmdq.base, 0, 5, SMMU_CMDQS); + bk->cmdq.prod =3D 0; + bk->cmdq.cons =3D 0; + bk->cmdq.entry_size =3D sizeof(struct Cmd); + bk->eventq.base =3D deposit64(bk->eventq.base, 0, 5, SMMU_EVENTQS); + bk->eventq.prod =3D 0; + bk->eventq.cons =3D 0; + bk->eventq.entry_size =3D sizeof(struct Evt); + + bk->features =3D 0; + bk->sid_split =3D 0; + bk->cr[0] =3D 0; + bk->cr0ack =3D 0; + bk->irq_ctrl =3D 0; + bk->gerror =3D 0; + bk->gerrorn =3D 0; + bk->gbpa =3D SMMU_GBPA_RESET_VAL; + + s->aidr =3D 0x1; s->statusr =3D 0; - s->gbpa =3D SMMU_GBPA_RESET_VAL; } =20 static int smmu_get_ste(SMMUv3State *s, dma_addr_t addr, STE *buf, @@ -442,7 +454,7 @@ static bool s2_pgtable_config_valid(uint8_t sl0, uint8_= t t0sz, uint8_t gran) static int decode_ste_s2_cfg(SMMUv3State *s, SMMUTransCfg *cfg, STE *ste) { - uint8_t oas =3D FIELD_EX32(s->idr[5], IDR5, OAS); + uint8_t oas =3D FIELD_EX32(smmuv3_bank(s, SMMU_SEC_SID_NS)->idr[5], ID= R5, OAS); =20 if (STE_S2AA64(ste) =3D=3D 0x0) { qemu_log_mask(LOG_UNIMP, @@ -560,7 +572,8 @@ static int decode_ste(SMMUv3State *s, SMMUTransCfg *cfg, STE *ste, SMMUEventInfo *event) { uint32_t config; - uint8_t oas =3D FIELD_EX32(s->idr[5], IDR5, OAS); + /* OAS field only presents on NS-IDR5 so we use hardcoded SMMU_SEC_SID= _NS */ + uint8_t oas =3D FIELD_EX32(smmuv3_bank(s, SMMU_SEC_SID_NS)->idr[5], ID= R5, OAS); int ret; =20 if (!STE_VALID(ste)) { @@ -649,9 +662,11 @@ int smmu_find_ste(SMMUv3State *s, uint32_t sid, STE *s= te, SMMUEventInfo *event) uint32_t log2size; int strtab_size_shift; int ret; + SMMUSecSID sec_sid =3D SMMU_SEC_SID_NS; + SMMUv3RegBank *bank =3D smmuv3_bank(s, sec_sid); =20 - trace_smmuv3_find_ste(sid, s->features, s->sid_split); - log2size =3D FIELD_EX32(s->strtab_base_cfg, STRTAB_BASE_CFG, LOG2SIZE); + trace_smmuv3_find_ste(sid, bank->features, bank->sid_split); + log2size =3D FIELD_EX32(bank->strtab_base_cfg, STRTAB_BASE_CFG, LOG2SI= ZE); /* * Check SID range against both guest-configured and implementation li= mits */ @@ -659,7 +674,7 @@ int smmu_find_ste(SMMUv3State *s, uint32_t sid, STE *st= e, SMMUEventInfo *event) event->type =3D SMMU_EVT_C_BAD_STREAMID; return -EINVAL; } - if (s->features & SMMU_FEATURE_2LVL_STE) { + if (bank->features & SMMU_FEATURE_2LVL_STE) { int l1_ste_offset, l2_ste_offset, max_l2_ste, span, i; dma_addr_t l1ptr, l2ptr; STEDesc l1std; @@ -668,11 +683,11 @@ int smmu_find_ste(SMMUv3State *s, uint32_t sid, STE *= ste, SMMUEventInfo *event) * Align strtab base address to table size. For this purpose, assu= me it * is not bounded by SMMU_IDR1_SIDSIZE. */ - strtab_size_shift =3D MAX(5, (int)log2size - s->sid_split - 1 + 3); - strtab_base =3D s->strtab_base & SMMU_BASE_ADDR_MASK & + strtab_size_shift =3D MAX(5, (int)log2size - bank->sid_split - 1 += 3); + strtab_base =3D bank->strtab_base & SMMU_BASE_ADDR_MASK & ~MAKE_64BIT_MASK(0, strtab_size_shift); - l1_ste_offset =3D sid >> s->sid_split; - l2_ste_offset =3D sid & ((1 << s->sid_split) - 1); + l1_ste_offset =3D sid >> bank->sid_split; + l2_ste_offset =3D sid & ((1 << bank->sid_split) - 1); l1ptr =3D (dma_addr_t)(strtab_base + l1_ste_offset * sizeof(l1std)= ); /* TODO: guarantee 64-bit single-copy atomicity */ ret =3D dma_memory_read(&address_space_memory, l1ptr, &l1std, @@ -701,7 +716,7 @@ int smmu_find_ste(SMMUv3State *s, uint32_t sid, STE *st= e, SMMUEventInfo *event) } max_l2_ste =3D (1 << span) - 1; l2ptr =3D l1std_l2ptr(&l1std); - trace_smmuv3_find_ste_2lvl(s->strtab_base, l1ptr, l1_ste_offset, + trace_smmuv3_find_ste_2lvl(bank->strtab_base, l1ptr, l1_ste_offset, l2ptr, l2_ste_offset, max_l2_ste); if (l2_ste_offset > max_l2_ste) { qemu_log_mask(LOG_GUEST_ERROR, @@ -713,7 +728,7 @@ int smmu_find_ste(SMMUv3State *s, uint32_t sid, STE *st= e, SMMUEventInfo *event) addr =3D l2ptr + l2_ste_offset * sizeof(*ste); } else { strtab_size_shift =3D log2size + 5; - strtab_base =3D s->strtab_base & SMMU_BASE_ADDR_MASK & + strtab_base =3D bank->strtab_base & SMMU_BASE_ADDR_MASK & ~MAKE_64BIT_MASK(0, strtab_size_shift); addr =3D strtab_base + sid * sizeof(*ste); } @@ -732,7 +747,7 @@ static int decode_cd(SMMUv3State *s, SMMUTransCfg *cfg, int i; SMMUTranslationStatus status; SMMUTLBEntry *entry; - uint8_t oas =3D FIELD_EX32(s->idr[5], IDR5, OAS); + uint8_t oas =3D FIELD_EX32(smmuv3_bank(s, SMMU_SEC_SID_NS)->idr[5], ID= R5, OAS); =20 if (!CD_VALID(cd) || !CD_AARCH64(cd)) { goto bad_cd; @@ -1054,6 +1069,8 @@ static IOMMUTLBEntry smmuv3_translate(IOMMUMemoryRegi= on *mr, hwaddr addr, SMMUDevice *sdev =3D container_of(mr, SMMUDevice, iommu); SMMUv3State *s =3D sdev->smmu; uint32_t sid =3D smmu_get_sid(sdev); + SMMUSecSID sec_sid =3D SMMU_SEC_SID_NS; + SMMUv3RegBank *bank =3D smmuv3_bank(s, sec_sid); SMMUEventInfo event =3D {.type =3D SMMU_EVT_NONE, .sid =3D sid, .inval_ste_allowed =3D false}; @@ -1071,7 +1088,7 @@ static IOMMUTLBEntry smmuv3_translate(IOMMUMemoryRegi= on *mr, hwaddr addr, qemu_mutex_lock(&s->mutex); =20 if (!smmu_enabled(s)) { - if (FIELD_EX32(s->gbpa, GBPA, ABORT)) { + if (FIELD_EX32(bank->gbpa, GBPA, ABORT)) { status =3D SMMU_TRANS_ABORT; } else { status =3D SMMU_TRANS_DISABLE; @@ -1295,7 +1312,9 @@ static int smmuv3_cmdq_consume(SMMUv3State *s, Error = **errp) { SMMUState *bs =3D ARM_SMMU(s); SMMUCmdError cmd_error =3D SMMU_CERROR_NONE; - SMMUQueue *q =3D &s->cmdq; + SMMUSecSID sec_sid =3D SMMU_SEC_SID_NS; + SMMUv3RegBank *bank =3D smmuv3_bank(s, sec_sid); + SMMUQueue *q =3D &bank->cmdq; SMMUCommandType type =3D 0; =20 if (!smmuv3_cmdq_enabled(s)) { @@ -1309,7 +1328,7 @@ static int smmuv3_cmdq_consume(SMMUv3State *s, Error = **errp) */ =20 while (!smmuv3_q_empty(q)) { - uint32_t pending =3D s->gerror ^ s->gerrorn; + uint32_t pending =3D bank->gerror ^ bank->gerrorn; Cmd cmd; =20 trace_smmuv3_cmdq_consume(Q_PROD(q), Q_CONS(q), @@ -1562,29 +1581,32 @@ static int smmuv3_cmdq_consume(SMMUv3State *s, Erro= r **errp) static MemTxResult smmu_writell(SMMUv3State *s, hwaddr offset, uint64_t data, MemTxAttrs attrs) { + SMMUSecSID reg_sec_sid =3D SMMU_SEC_SID_NS; + SMMUv3RegBank *bank =3D smmuv3_bank(s, reg_sec_sid); + switch (offset) { case A_GERROR_IRQ_CFG0: - s->gerror_irq_cfg0 =3D data; + bank->gerror_irq_cfg0 =3D data; return MEMTX_OK; case A_STRTAB_BASE: - s->strtab_base =3D data; + bank->strtab_base =3D data; return MEMTX_OK; case A_CMDQ_BASE: - s->cmdq.base =3D data; - s->cmdq.log2size =3D extract64(s->cmdq.base, 0, 5); - if (s->cmdq.log2size > SMMU_CMDQS) { - s->cmdq.log2size =3D SMMU_CMDQS; + bank->cmdq.base =3D data; + bank->cmdq.log2size =3D extract64(bank->cmdq.base, 0, 5); + if (bank->cmdq.log2size > SMMU_CMDQS) { + bank->cmdq.log2size =3D SMMU_CMDQS; } return MEMTX_OK; case A_EVENTQ_BASE: - s->eventq.base =3D data; - s->eventq.log2size =3D extract64(s->eventq.base, 0, 5); - if (s->eventq.log2size > SMMU_EVENTQS) { - s->eventq.log2size =3D SMMU_EVENTQS; + bank->eventq.base =3D data; + bank->eventq.log2size =3D extract64(bank->eventq.base, 0, 5); + if (bank->eventq.log2size > SMMU_EVENTQS) { + bank->eventq.log2size =3D SMMU_EVENTQS; } return MEMTX_OK; case A_EVENTQ_IRQ_CFG0: - s->eventq_irq_cfg0 =3D data; + bank->eventq_irq_cfg0 =3D data; return MEMTX_OK; default: qemu_log_mask(LOG_UNIMP, @@ -1598,22 +1620,24 @@ static MemTxResult smmu_writel(SMMUv3State *s, hwad= dr offset, uint64_t data, MemTxAttrs attrs) { Error *local_err =3D NULL; + SMMUSecSID reg_sec_sid =3D SMMU_SEC_SID_NS; + SMMUv3RegBank *bank =3D smmuv3_bank(s, reg_sec_sid); =20 switch (offset) { case A_CR0: - s->cr[0] =3D data; - s->cr0ack =3D data & ~SMMU_CR0_RESERVED; + bank->cr[0] =3D data; + bank->cr0ack =3D data & ~SMMU_CR0_RESERVED; /* in case the command queue has been enabled */ smmuv3_cmdq_consume(s, &local_err); break; case A_CR1: - s->cr[1] =3D data; + bank->cr[1] =3D data; break; case A_CR2: - s->cr[2] =3D data; + bank->cr[2] =3D data; break; case A_IRQ_CTRL: - s->irq_ctrl =3D data; + bank->irq_ctrl =3D data; break; case A_GERRORN: smmuv3_write_gerrorn(s, data); @@ -1624,16 +1648,16 @@ static MemTxResult smmu_writel(SMMUv3State *s, hwad= dr offset, smmuv3_cmdq_consume(s, &local_err); break; case A_GERROR_IRQ_CFG0: /* 64b */ - s->gerror_irq_cfg0 =3D deposit64(s->gerror_irq_cfg0, 0, 32, data); + bank->gerror_irq_cfg0 =3D deposit64(bank->gerror_irq_cfg0, 0, 32, = data); break; case A_GERROR_IRQ_CFG0 + 4: - s->gerror_irq_cfg0 =3D deposit64(s->gerror_irq_cfg0, 32, 32, data); + bank->gerror_irq_cfg0 =3D deposit64(bank->gerror_irq_cfg0, 32, 32,= data); break; case A_GERROR_IRQ_CFG1: - s->gerror_irq_cfg1 =3D data; + bank->gerror_irq_cfg1 =3D data; break; case A_GERROR_IRQ_CFG2: - s->gerror_irq_cfg2 =3D data; + bank->gerror_irq_cfg2 =3D data; break; case A_GBPA: /* @@ -1642,67 +1666,67 @@ static MemTxResult smmu_writel(SMMUv3State *s, hwad= dr offset, */ if (data & R_GBPA_UPDATE_MASK) { /* Ignore update bit as write is synchronous. */ - s->gbpa =3D data & ~R_GBPA_UPDATE_MASK; + bank->gbpa =3D data & ~R_GBPA_UPDATE_MASK; smmuv3_accel_attach_gbpa_hwpt(s, &local_err); } break; case A_STRTAB_BASE: /* 64b */ - s->strtab_base =3D deposit64(s->strtab_base, 0, 32, data); + bank->strtab_base =3D deposit64(bank->strtab_base, 0, 32, data); break; case A_STRTAB_BASE + 4: - s->strtab_base =3D deposit64(s->strtab_base, 32, 32, data); + bank->strtab_base =3D deposit64(bank->strtab_base, 32, 32, data); break; case A_STRTAB_BASE_CFG: - s->strtab_base_cfg =3D data; + bank->strtab_base_cfg =3D data; if (FIELD_EX32(data, STRTAB_BASE_CFG, FMT) =3D=3D 1) { - s->sid_split =3D FIELD_EX32(data, STRTAB_BASE_CFG, SPLIT); - s->features |=3D SMMU_FEATURE_2LVL_STE; + bank->sid_split =3D FIELD_EX32(data, STRTAB_BASE_CFG, SPLIT); + bank->features |=3D SMMU_FEATURE_2LVL_STE; } break; case A_CMDQ_BASE: /* 64b */ - s->cmdq.base =3D deposit64(s->cmdq.base, 0, 32, data); - s->cmdq.log2size =3D extract64(s->cmdq.base, 0, 5); - if (s->cmdq.log2size > SMMU_CMDQS) { - s->cmdq.log2size =3D SMMU_CMDQS; + bank->cmdq.base =3D deposit64(bank->cmdq.base, 0, 32, data); + bank->cmdq.log2size =3D extract64(bank->cmdq.base, 0, 5); + if (bank->cmdq.log2size > SMMU_CMDQS) { + bank->cmdq.log2size =3D SMMU_CMDQS; } break; case A_CMDQ_BASE + 4: /* 64b */ - s->cmdq.base =3D deposit64(s->cmdq.base, 32, 32, data); + bank->cmdq.base =3D deposit64(bank->cmdq.base, 32, 32, data); break; case A_CMDQ_PROD: - s->cmdq.prod =3D data; + bank->cmdq.prod =3D data; smmuv3_cmdq_consume(s, &local_err); break; case A_CMDQ_CONS: - s->cmdq.cons =3D data; + bank->cmdq.cons =3D data; break; case A_EVENTQ_BASE: /* 64b */ - s->eventq.base =3D deposit64(s->eventq.base, 0, 32, data); - s->eventq.log2size =3D extract64(s->eventq.base, 0, 5); - if (s->eventq.log2size > SMMU_EVENTQS) { - s->eventq.log2size =3D SMMU_EVENTQS; + bank->eventq.base =3D deposit64(bank->eventq.base, 0, 32, data); + bank->eventq.log2size =3D extract64(bank->eventq.base, 0, 5); + if (bank->eventq.log2size > SMMU_EVENTQS) { + bank->eventq.log2size =3D SMMU_EVENTQS; } break; case A_EVENTQ_BASE + 4: - s->eventq.base =3D deposit64(s->eventq.base, 32, 32, data); + bank->eventq.base =3D deposit64(bank->eventq.base, 32, 32, data); break; case A_EVENTQ_PROD: - s->eventq.prod =3D data; + bank->eventq.prod =3D data; break; case A_EVENTQ_CONS: - s->eventq.cons =3D data; + bank->eventq.cons =3D data; break; case A_EVENTQ_IRQ_CFG0: /* 64b */ - s->eventq_irq_cfg0 =3D deposit64(s->eventq_irq_cfg0, 0, 32, data); + bank->eventq_irq_cfg0 =3D deposit64(bank->eventq_irq_cfg0, 0, 32, = data); break; case A_EVENTQ_IRQ_CFG0 + 4: - s->eventq_irq_cfg0 =3D deposit64(s->eventq_irq_cfg0, 32, 32, data); + bank->eventq_irq_cfg0 =3D deposit64(bank->eventq_irq_cfg0, 32, 32,= data); break; case A_EVENTQ_IRQ_CFG1: - s->eventq_irq_cfg1 =3D data; + bank->eventq_irq_cfg1 =3D data; break; case A_EVENTQ_IRQ_CFG2: - s->eventq_irq_cfg2 =3D data; + bank->eventq_irq_cfg2 =3D data; break; default: qemu_log_mask(LOG_UNIMP, @@ -1746,18 +1770,21 @@ static MemTxResult smmu_write_mmio(void *opaque, hw= addr offset, uint64_t data, static MemTxResult smmu_readll(SMMUv3State *s, hwaddr offset, uint64_t *data, MemTxAttrs attrs) { + SMMUSecSID reg_sec_sid =3D SMMU_SEC_SID_NS; + SMMUv3RegBank *bank =3D smmuv3_bank(s, reg_sec_sid); + switch (offset) { case A_GERROR_IRQ_CFG0: - *data =3D s->gerror_irq_cfg0; + *data =3D bank->gerror_irq_cfg0; return MEMTX_OK; case A_STRTAB_BASE: - *data =3D s->strtab_base; + *data =3D bank->strtab_base; return MEMTX_OK; case A_CMDQ_BASE: - *data =3D s->cmdq.base; + *data =3D bank->cmdq.base; return MEMTX_OK; case A_EVENTQ_BASE: - *data =3D s->eventq.base; + *data =3D bank->eventq.base; return MEMTX_OK; default: *data =3D 0; @@ -1771,12 +1798,15 @@ static MemTxResult smmu_readll(SMMUv3State *s, hwad= dr offset, static MemTxResult smmu_readl(SMMUv3State *s, hwaddr offset, uint64_t *data, MemTxAttrs attrs) { + SMMUSecSID reg_sec_sid =3D SMMU_SEC_SID_NS; + SMMUv3RegBank *bank =3D smmuv3_bank(s, reg_sec_sid); + switch (offset) { case A_IDREGS ... A_IDREGS + 0x2f: *data =3D smmuv3_idreg(offset - A_IDREGS); return MEMTX_OK; case A_IDR0 ... A_IDR5: - *data =3D s->idr[(offset - A_IDR0) / 4]; + *data =3D bank->idr[(offset - A_IDR0) / 4]; return MEMTX_OK; case A_IIDR: *data =3D s->iidr; @@ -1785,77 +1815,77 @@ static MemTxResult smmu_readl(SMMUv3State *s, hwadd= r offset, *data =3D s->aidr; return MEMTX_OK; case A_CR0: - *data =3D s->cr[0]; + *data =3D bank->cr[0]; return MEMTX_OK; case A_CR0ACK: - *data =3D s->cr0ack; + *data =3D bank->cr0ack; return MEMTX_OK; case A_CR1: - *data =3D s->cr[1]; + *data =3D bank->cr[1]; return MEMTX_OK; case A_CR2: - *data =3D s->cr[2]; + *data =3D bank->cr[2]; return MEMTX_OK; case A_STATUSR: *data =3D s->statusr; return MEMTX_OK; case A_GBPA: - *data =3D s->gbpa; + *data =3D bank->gbpa; return MEMTX_OK; case A_IRQ_CTRL: case A_IRQ_CTRL_ACK: - *data =3D s->irq_ctrl; + *data =3D bank->irq_ctrl; return MEMTX_OK; case A_GERROR: - *data =3D s->gerror; + *data =3D bank->gerror; return MEMTX_OK; case A_GERRORN: - *data =3D s->gerrorn; + *data =3D bank->gerrorn; return MEMTX_OK; case A_GERROR_IRQ_CFG0: /* 64b */ - *data =3D extract64(s->gerror_irq_cfg0, 0, 32); + *data =3D extract64(bank->gerror_irq_cfg0, 0, 32); return MEMTX_OK; case A_GERROR_IRQ_CFG0 + 4: - *data =3D extract64(s->gerror_irq_cfg0, 32, 32); + *data =3D extract64(bank->gerror_irq_cfg0, 32, 32); return MEMTX_OK; case A_GERROR_IRQ_CFG1: - *data =3D s->gerror_irq_cfg1; + *data =3D bank->gerror_irq_cfg1; return MEMTX_OK; case A_GERROR_IRQ_CFG2: - *data =3D s->gerror_irq_cfg2; + *data =3D bank->gerror_irq_cfg2; return MEMTX_OK; case A_STRTAB_BASE: /* 64b */ - *data =3D extract64(s->strtab_base, 0, 32); + *data =3D extract64(bank->strtab_base, 0, 32); return MEMTX_OK; case A_STRTAB_BASE + 4: /* 64b */ - *data =3D extract64(s->strtab_base, 32, 32); + *data =3D extract64(bank->strtab_base, 32, 32); return MEMTX_OK; case A_STRTAB_BASE_CFG: - *data =3D s->strtab_base_cfg; + *data =3D bank->strtab_base_cfg; return MEMTX_OK; case A_CMDQ_BASE: /* 64b */ - *data =3D extract64(s->cmdq.base, 0, 32); + *data =3D extract64(bank->cmdq.base, 0, 32); return MEMTX_OK; case A_CMDQ_BASE + 4: - *data =3D extract64(s->cmdq.base, 32, 32); + *data =3D extract64(bank->cmdq.base, 32, 32); return MEMTX_OK; case A_CMDQ_PROD: - *data =3D s->cmdq.prod; + *data =3D bank->cmdq.prod; return MEMTX_OK; case A_CMDQ_CONS: - *data =3D s->cmdq.cons; + *data =3D bank->cmdq.cons; return MEMTX_OK; case A_EVENTQ_BASE: /* 64b */ - *data =3D extract64(s->eventq.base, 0, 32); + *data =3D extract64(bank->eventq.base, 0, 32); return MEMTX_OK; case A_EVENTQ_BASE + 4: /* 64b */ - *data =3D extract64(s->eventq.base, 32, 32); + *data =3D extract64(bank->eventq.base, 32, 32); return MEMTX_OK; case A_EVENTQ_PROD: - *data =3D s->eventq.prod; + *data =3D bank->eventq.prod; return MEMTX_OK; case A_EVENTQ_CONS: - *data =3D s->eventq.cons; + *data =3D bank->eventq.cons; return MEMTX_OK; default: *data =3D 0; @@ -2039,9 +2069,10 @@ static const VMStateDescription vmstate_smmuv3_queue= =3D { static bool smmuv3_gbpa_needed(void *opaque) { SMMUv3State *s =3D opaque; + SMMUv3RegBank *bank =3D smmuv3_bank(s, SMMU_SEC_SID_NS); =20 /* Only migrate GBPA if it has different reset value. */ - return s->gbpa !=3D SMMU_GBPA_RESET_VAL; + return bank->gbpa !=3D SMMU_GBPA_RESET_VAL; } =20 static const VMStateDescription vmstate_gbpa =3D { @@ -2050,7 +2081,7 @@ static const VMStateDescription vmstate_gbpa =3D { .minimum_version_id =3D 1, .needed =3D smmuv3_gbpa_needed, .fields =3D (const VMStateField[]) { - VMSTATE_UINT32(gbpa, SMMUv3State), + VMSTATE_UINT32(bank[SMMU_SEC_SID_NS].gbpa, SMMUv3State), VMSTATE_END_OF_LIST() } }; @@ -2061,27 +2092,29 @@ static const VMStateDescription vmstate_smmuv3 =3D { .minimum_version_id =3D 1, .priority =3D MIG_PRI_IOMMU, .fields =3D (const VMStateField[]) { - VMSTATE_UINT32(features, SMMUv3State), + VMSTATE_UINT32(bank[SMMU_SEC_SID_NS].features, SMMUv3State), VMSTATE_UINT8(sid_size, SMMUv3State), - VMSTATE_UINT8(sid_split, SMMUv3State), + VMSTATE_UINT8(bank[SMMU_SEC_SID_NS].sid_split, SMMUv3State), =20 - VMSTATE_UINT32_ARRAY(cr, SMMUv3State, 3), - VMSTATE_UINT32(cr0ack, SMMUv3State), + VMSTATE_UINT32_ARRAY(bank[SMMU_SEC_SID_NS].cr, SMMUv3State, 3), + VMSTATE_UINT32(bank[SMMU_SEC_SID_NS].cr0ack, SMMUv3State), VMSTATE_UINT32(statusr, SMMUv3State), - VMSTATE_UINT32(irq_ctrl, SMMUv3State), - VMSTATE_UINT32(gerror, SMMUv3State), - VMSTATE_UINT32(gerrorn, SMMUv3State), - VMSTATE_UINT64(gerror_irq_cfg0, SMMUv3State), - VMSTATE_UINT32(gerror_irq_cfg1, SMMUv3State), - VMSTATE_UINT32(gerror_irq_cfg2, SMMUv3State), - VMSTATE_UINT64(strtab_base, SMMUv3State), - VMSTATE_UINT32(strtab_base_cfg, SMMUv3State), - VMSTATE_UINT64(eventq_irq_cfg0, SMMUv3State), - VMSTATE_UINT32(eventq_irq_cfg1, SMMUv3State), - VMSTATE_UINT32(eventq_irq_cfg2, SMMUv3State), - - VMSTATE_STRUCT(cmdq, SMMUv3State, 0, vmstate_smmuv3_queue, SMMUQue= ue), - VMSTATE_STRUCT(eventq, SMMUv3State, 0, vmstate_smmuv3_queue, SMMUQ= ueue), + VMSTATE_UINT32(bank[SMMU_SEC_SID_NS].irq_ctrl, SMMUv3State), + VMSTATE_UINT32(bank[SMMU_SEC_SID_NS].gerror, SMMUv3State), + VMSTATE_UINT32(bank[SMMU_SEC_SID_NS].gerrorn, SMMUv3State), + VMSTATE_UINT64(bank[SMMU_SEC_SID_NS].gerror_irq_cfg0, SMMUv3State), + VMSTATE_UINT32(bank[SMMU_SEC_SID_NS].gerror_irq_cfg1, SMMUv3State), + VMSTATE_UINT32(bank[SMMU_SEC_SID_NS].gerror_irq_cfg2, SMMUv3State), + VMSTATE_UINT64(bank[SMMU_SEC_SID_NS].strtab_base, SMMUv3State), + VMSTATE_UINT32(bank[SMMU_SEC_SID_NS].strtab_base_cfg, SMMUv3State), + VMSTATE_UINT64(bank[SMMU_SEC_SID_NS].eventq_irq_cfg0, SMMUv3State), + VMSTATE_UINT32(bank[SMMU_SEC_SID_NS].eventq_irq_cfg1, SMMUv3State), + VMSTATE_UINT32(bank[SMMU_SEC_SID_NS].eventq_irq_cfg2, SMMUv3State), + + VMSTATE_STRUCT(bank[SMMU_SEC_SID_NS].cmdq, SMMUv3State, 0, + vmstate_smmuv3_queue, SMMUQueue), + VMSTATE_STRUCT(bank[SMMU_SEC_SID_NS].eventq, SMMUv3State, 0, + vmstate_smmuv3_queue, SMMUQueue), =20 VMSTATE_END_OF_LIST(), }, diff --git a/include/hw/arm/smmu-common.h b/include/hw/arm/smmu-common.h index 7b975abc25a..6ea40f6b074 100644 --- a/include/hw/arm/smmu-common.h +++ b/include/hw/arm/smmu-common.h @@ -40,6 +40,12 @@ #define CACHED_ENTRY_TO_ADDR(ent, addr) ((ent)->entry.translated_addr= + \ ((addr) & (ent)->entry.addr_m= ask)) =20 +/* StreamID Security state */ +typedef enum SMMUSecSID { + SMMU_SEC_SID_NS =3D 0, + SMMU_SEC_SID_NUM, +} SMMUSecSID; + /* * Page table walk error types */ diff --git a/include/hw/arm/smmuv3.h b/include/hw/arm/smmuv3.h index 26b2fc42fd9..d07bdfa1f27 100644 --- a/include/hw/arm/smmuv3.h +++ b/include/hw/arm/smmuv3.h @@ -32,19 +32,13 @@ typedef struct SMMUQueue { uint8_t log2size; } SMMUQueue; =20 -struct SMMUv3State { - SMMUState smmu_state; - +typedef struct SMMUv3RegBank { uint32_t features; - uint8_t sid_size; uint8_t sid_split; =20 uint32_t idr[6]; - uint32_t iidr; - uint32_t aidr; uint32_t cr[3]; uint32_t cr0ack; - uint32_t statusr; uint32_t gbpa; uint32_t irq_ctrl; uint32_t gerror; @@ -59,6 +53,17 @@ struct SMMUv3State { uint32_t eventq_irq_cfg2; =20 SMMUQueue eventq, cmdq; +} SMMUv3RegBank; + +struct SMMUv3State { + SMMUState smmu_state; + + uint8_t sid_size; + uint32_t iidr; + uint32_t aidr; + uint32_t statusr; + + SMMUv3RegBank bank[SMMU_SEC_SID_NUM]; =20 qemu_irq irq[4]; QemuMutex mutex; @@ -94,7 +99,14 @@ struct SMMUv3Class { #define TYPE_ARM_SMMUV3 "arm-smmuv3" OBJECT_DECLARE_TYPE(SMMUv3State, SMMUv3Class, ARM_SMMUV3) =20 -#define STAGE1_SUPPORTED(s) FIELD_EX32(s->idr[0], IDR0, S1P) -#define STAGE2_SUPPORTED(s) FIELD_EX32(s->idr[0], IDR0, S2P) +#define STAGE1_SUPPORTED(s) \ + FIELD_EX32((s)->bank[SMMU_SEC_SID_NS].idr[0], IDR0, S1P) +#define STAGE2_SUPPORTED(s) \ + FIELD_EX32((s)->bank[SMMU_SEC_SID_NS].idr[0], IDR0, S2P) + +static inline SMMUv3RegBank *smmuv3_bank(SMMUv3State *s, SMMUSecSID sec_si= d) +{ + return &s->bank[sec_sid]; +} =20 #endif --=20 2.34.1 From nobody Sun Apr 12 00:58:07 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1771668303408743.0712313443164; Sat, 21 Feb 2026 02:05:03 -0800 (PST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vtjpn-0005o2-TW; Sat, 21 Feb 2026 05:03:35 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vtjpf-0005mN-RV; Sat, 21 Feb 2026 05:03:28 -0500 Received: from zg8tmja5ljk3lje4ms43mwaa.icoremail.net ([209.97.181.73]) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vtjpd-00054P-QC; Sat, 21 Feb 2026 05:03:27 -0500 Received: from prodtpl.icoremail.net (unknown [10.12.1.20]) by hzbj-icmmx-7 (Coremail) with SMTP id AQAAfwB3fJjjgplpbqBVBw--.3745S2; Sat, 21 Feb 2026 18:03:15 +0800 (CST) Received: from phytium.com.cn (unknown [218.76.62.144]) by mail (Coremail) with SMTP id AQAAfwD3TevcgplpBk4cAA--.34138S8; Sat, 21 Feb 2026 18:03:14 +0800 (CST) From: Tao Tang To: Eric Auger , Peter Maydell , "Michael S . Tsirkin" , Marcel Apfelbaum Cc: qemu-devel@nongnu.org, qemu-arm@nongnu.org, Chen Baozi , Pierrick Bouvier , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , Mostafa Saleh , Chao Liu , Tao Tang Subject: [RFC v4 05/31] hw/arm/smmuv3: Thread SEC_SID through helper APIs Date: Sat, 21 Feb 2026 18:02:24 +0800 Message-Id: <20260221100250.2976287-6-tangtao1634@phytium.com.cn> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20260221100250.2976287-1-tangtao1634@phytium.com.cn> References: <20260221100250.2976287-1-tangtao1634@phytium.com.cn> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-CM-TRANSID: AQAAfwD3TevcgplpBk4cAA--.34138S8 X-CM-SenderInfo: pwdqw3tdrrljuu6sx5pwlxzhxfrphubq/1tbiAQANBWmYzyUAHgABsN Authentication-Results: hzbj-icmmx-7; spf=neutral smtp.mail=tangtao163 4@phytium.com.cn; X-Coremail-Antispam: 1Uk129KBjvJXoW3XF1UXw1fuFyUuryfWFyUJrb_yoWxJrWrpw 4DJFn5KryDtasYgFW7J3y8C3W3Xw4fKrn8trn8Ga93C3WUAr1UXr1kG345Ka4Dury8Ca1a v3yfWF48uw42yrJanT9S1TB71UUUUUDqnTZGkaVYY2UrUUUUj1kv1TuYvTs0mT0YCTnIWj DUYxn0WfASr-VFAU7a7-sFnT9fnUUIcSsGvfJ3UbIYCTnIWIevJa73UjIFyTuYvj4RJUUU UUUUU Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=209.97.181.73; envelope-from=tangtao1634@phytium.com.cn; helo=zg8tmja5ljk3lje4ms43mwaa.icoremail.net X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZM-MESSAGEID: 1771668305792158501 Extend the register and queue helper routines to accept an explicit SEC_SID argument instead of hard-coding the non-secure bank. All existing callers are updated to pass SMMU_SEC_SID_NS, so the behavior remains identical. This prepares the code for handling additional security state banks in the future. So Non-secure state is the only state bank supported for now. Signed-off-by: Tao Tang Reviewed-by: Eric Auger Link: https://lore.kernel.org/qemu-devel/3097d58e-3793-4434-8beb-2e4f4c52f7= 72@redhat.com/ Reviewed-by: Pierrick Bouvier --- hw/arm/smmuv3-accel.c | 3 ++- hw/arm/smmuv3-internal.h | 21 +++++++++------------ hw/arm/smmuv3.c | 15 ++++++++------- 3 files changed, 19 insertions(+), 20 deletions(-) diff --git a/hw/arm/smmuv3-accel.c b/hw/arm/smmuv3-accel.c index 30d4b38c0a3..fdcb15005ea 100644 --- a/hw/arm/smmuv3-accel.c +++ b/hw/arm/smmuv3-accel.c @@ -243,6 +243,7 @@ bool smmuv3_accel_install_ste(SMMUv3State *s, SMMUDevic= e *sdev, int sid, SMMUS1Hwpt *s1_hwpt =3D NULL; const char *type; STE ste; + SMMUSecSID sec_sid =3D SMMU_SEC_SID_NS; =20 if (!accel || !accel->viommu) { return true; @@ -272,7 +273,7 @@ bool smmuv3_accel_install_ste(SMMUv3State *s, SMMUDevic= e *sdev, int sid, * attach/alloc fails, since the Guest=E2=80=93Host SID mapping stays * valid as long as the device is behind the accelerated SMMUv3. */ - if (!smmu_enabled(s)) { + if (!smmu_enabled(s, sec_sid)) { hwpt_id =3D smmuv3_accel_gbpa_hwpt(s, accel); } else { config =3D STE_CONFIG(&ste); diff --git a/hw/arm/smmuv3-internal.h b/hw/arm/smmuv3-internal.h index deb1ef60e87..866d62257e3 100644 --- a/hw/arm/smmuv3-internal.h +++ b/hw/arm/smmuv3-internal.h @@ -39,9 +39,8 @@ typedef enum SMMUTranslationClass { SMMU_CLASS_IN, } SMMUTranslationClass; =20 -static inline int smmu_enabled(SMMUv3State *s) +static inline int smmu_enabled(SMMUv3State *s, SMMUSecSID sec_sid) { - SMMUSecSID sec_sid =3D SMMU_SEC_SID_NS; SMMUv3RegBank *bank =3D smmuv3_bank(s, sec_sid); return FIELD_EX32(bank->cr[0], CR0, SMMUEN); } @@ -69,16 +68,16 @@ static inline uint32_t smmuv3_idreg(int regoffset) return smmuv3_ids[regoffset / 4]; } =20 -static inline bool smmuv3_eventq_irq_enabled(SMMUv3State *s) +static inline bool smmuv3_eventq_irq_enabled(SMMUv3State *s, + SMMUSecSID sec_sid) { - SMMUSecSID sec_sid =3D SMMU_SEC_SID_NS; SMMUv3RegBank *bank =3D smmuv3_bank(s, sec_sid); return FIELD_EX32(bank->irq_ctrl, IRQ_CTRL, EVENTQ_IRQEN); } =20 -static inline bool smmuv3_gerror_irq_enabled(SMMUv3State *s) +static inline bool smmuv3_gerror_irq_enabled(SMMUv3State *s, + SMMUSecSID sec_sid) { - SMMUSecSID sec_sid =3D SMMU_SEC_SID_NS; SMMUv3RegBank *bank =3D smmuv3_bank(s, sec_sid); return FIELD_EX32(bank->irq_ctrl, IRQ_CTRL, GERROR_IRQEN); } @@ -123,23 +122,21 @@ static inline void queue_cons_incr(SMMUQueue *q) q->cons =3D deposit32(q->cons, 0, q->log2size + 1, q->cons + 1); } =20 -static inline bool smmuv3_cmdq_enabled(SMMUv3State *s) +static inline bool smmuv3_cmdq_enabled(SMMUv3State *s, SMMUSecSID sec_sid) { - SMMUSecSID sec_sid =3D SMMU_SEC_SID_NS; SMMUv3RegBank *bank =3D smmuv3_bank(s, sec_sid); return FIELD_EX32(bank->cr[0], CR0, CMDQEN); } =20 -static inline bool smmuv3_eventq_enabled(SMMUv3State *s) +static inline bool smmuv3_eventq_enabled(SMMUv3State *s, SMMUSecSID sec_si= d) { - SMMUSecSID sec_sid =3D SMMU_SEC_SID_NS; SMMUv3RegBank *bank =3D smmuv3_bank(s, sec_sid); return FIELD_EX32(bank->cr[0], CR0, EVENTQEN); } =20 -static inline void smmu_write_cmdq_err(SMMUv3State *s, uint32_t err_type) +static inline void smmu_write_cmdq_err(SMMUv3State *s, uint32_t err_type, + SMMUSecSID sec_sid) { - SMMUSecSID sec_sid =3D SMMU_SEC_SID_NS; SMMUv3RegBank *bank =3D smmuv3_bank(s, sec_sid); bank->cmdq.cons =3D FIELD_DP32(bank->cmdq.cons, CMDQ_CONS, ERR, err_ty= pe); } diff --git a/hw/arm/smmuv3.c b/hw/arm/smmuv3.c index 5511585601d..2c107724e77 100644 --- a/hw/arm/smmuv3.c +++ b/hw/arm/smmuv3.c @@ -59,7 +59,7 @@ static void smmuv3_trigger_irq(SMMUv3State *s, SMMUIrq ir= q, =20 switch (irq) { case SMMU_IRQ_EVTQ: - pulse =3D smmuv3_eventq_irq_enabled(s); + pulse =3D smmuv3_eventq_irq_enabled(s, sec_sid); break; case SMMU_IRQ_PRIQ: qemu_log_mask(LOG_UNIMP, "PRI not yet supported\n"); @@ -79,7 +79,7 @@ static void smmuv3_trigger_irq(SMMUv3State *s, SMMUIrq ir= q, bank->gerror ^=3D new_gerrors; trace_smmuv3_write_gerror(new_gerrors, bank->gerror); =20 - pulse =3D smmuv3_gerror_irq_enabled(s); + pulse =3D smmuv3_gerror_irq_enabled(s, sec_sid); break; } } @@ -155,7 +155,7 @@ static MemTxResult smmuv3_write_eventq(SMMUv3State *s, = Evt *evt) SMMUQueue *q =3D &bank->eventq; MemTxResult r; =20 - if (!smmuv3_eventq_enabled(s)) { + if (!smmuv3_eventq_enabled(s, sec_sid)) { return MEMTX_ERROR; } =20 @@ -178,8 +178,9 @@ void smmuv3_record_event(SMMUv3State *s, SMMUEventInfo = *info) { Evt evt =3D {}; MemTxResult r; + SMMUSecSID sec_sid =3D SMMU_SEC_SID_NS; =20 - if (!smmuv3_eventq_enabled(s)) { + if (!smmuv3_eventq_enabled(s, sec_sid)) { return; } =20 @@ -1087,7 +1088,7 @@ static IOMMUTLBEntry smmuv3_translate(IOMMUMemoryRegi= on *mr, hwaddr addr, =20 qemu_mutex_lock(&s->mutex); =20 - if (!smmu_enabled(s)) { + if (!smmu_enabled(s, sec_sid)) { if (FIELD_EX32(bank->gbpa, GBPA, ABORT)) { status =3D SMMU_TRANS_ABORT; } else { @@ -1317,7 +1318,7 @@ static int smmuv3_cmdq_consume(SMMUv3State *s, Error = **errp) SMMUQueue *q =3D &bank->cmdq; SMMUCommandType type =3D 0; =20 - if (!smmuv3_cmdq_enabled(s)) { + if (!smmuv3_cmdq_enabled(s, sec_sid)) { return 0; } /* @@ -1568,7 +1569,7 @@ static int smmuv3_cmdq_consume(SMMUv3State *s, Error = **errp) =20 if (cmd_error) { trace_smmuv3_cmdq_consume_error(smmu_cmd_string(type), cmd_error); - smmu_write_cmdq_err(s, cmd_error); + smmu_write_cmdq_err(s, cmd_error, sec_sid); smmuv3_trigger_irq(s, SMMU_IRQ_GERROR, R_GERROR_CMDQ_ERR_MASK); } =20 --=20 2.34.1 From nobody Sun Apr 12 00:58:07 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1771668290467345.9978800950978; Sat, 21 Feb 2026 02:04:50 -0800 (PST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vtjpo-0005o5-3B; Sat, 21 Feb 2026 05:03:36 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vtjpd-0005kl-D2; Sat, 21 Feb 2026 05:03:25 -0500 Received: from sgoci-sdnproxy-4.icoremail.net ([129.150.39.64]) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vtjpa-00056V-9u; Sat, 21 Feb 2026 05:03:25 -0500 Received: from prodtpl.icoremail.net (unknown [10.12.1.20]) by hzbj-icmmx-6 (Coremail) with SMTP id AQAAfwD3TNDkgplpJxdzAA--.3244S2; Sat, 21 Feb 2026 18:03:16 +0800 (CST) Received: from phytium.com.cn (unknown [218.76.62.144]) by mail (Coremail) with SMTP id AQAAfwD3TevcgplpBk4cAA--.34138S9; Sat, 21 Feb 2026 18:03:15 +0800 (CST) From: Tao Tang To: Eric Auger , Peter Maydell , "Michael S . Tsirkin" , Marcel Apfelbaum Cc: qemu-devel@nongnu.org, qemu-arm@nongnu.org, Chen Baozi , Pierrick Bouvier , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , Mostafa Saleh , Chao Liu , Tao Tang Subject: [RFC v4 06/31] hw/arm/smmuv3: Track SEC_SID in configs and events Date: Sat, 21 Feb 2026 18:02:25 +0800 Message-Id: <20260221100250.2976287-7-tangtao1634@phytium.com.cn> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20260221100250.2976287-1-tangtao1634@phytium.com.cn> References: <20260221100250.2976287-1-tangtao1634@phytium.com.cn> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-CM-TRANSID: AQAAfwD3TevcgplpBk4cAA--.34138S9 X-CM-SenderInfo: pwdqw3tdrrljuu6sx5pwlxzhxfrphubq/1tbiAQANBWmYzyUAIQAAsz Authentication-Results: hzbj-icmmx-6; spf=neutral smtp.mail=tangtao163 4@phytium.com.cn; X-Coremail-Antispam: 1Uk129KBjvJXoW3XrWkJrW3Kry8XF18WF13CFg_yoW7Cr15pw 1DGrn8Krn8ta4SvFy3XF4UZa13G397Krn8Kr9Fgr95Aws5CrW7XFs8Ga45ur909ryFyrW2 vayIgFW5Zryjv3DanT9S1TB71UUUUU7qnTZGkaVYY2UrUUUUj1kv1TuYvTs0mT0YCTnIWj DUYxn0WfASr-VFAU7a7-sFnT9fnUUIcSsGvfJ3UbIYCTnIWIevJa73UjIFyTuYvj4RJUUU UUUUU Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=129.150.39.64; envelope-from=tangtao1634@phytium.com.cn; helo=sgoci-sdnproxy-4.icoremail.net X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZM-MESSAGEID: 1771668291808158500 Content-Type: text/plain; charset="utf-8" Cache the SEC_SID inside SMMUTransCfg to keep configuration lookups tied to the correct register bank. Plumb the SEC_SID through tracepoints and queue helpers so diagnostics and event logs always show which security interface emitted the record. To support this, the SEC_SID is placed in SMMUEventInfo so the bank is identified as soon as an event record is built. Signed-off-by: Tao Tang Reviewed-by: Eric Auger Reviewed-by: Pierrick Bouvier --- hw/arm/smmuv3-internal.h | 1 + hw/arm/smmuv3.c | 20 +++++++++++++------- hw/arm/trace-events | 2 +- include/hw/arm/smmu-common.h | 1 + 4 files changed, 16 insertions(+), 8 deletions(-) diff --git a/hw/arm/smmuv3-internal.h b/hw/arm/smmuv3-internal.h index 866d62257e3..a1071f7b689 100644 --- a/hw/arm/smmuv3-internal.h +++ b/hw/arm/smmuv3-internal.h @@ -274,6 +274,7 @@ static inline const char *smmu_event_string(SMMUEventTy= pe type) =20 /* Encode an event record */ typedef struct SMMUEventInfo { + SMMUSecSID sec_sid; SMMUEventType type; uint32_t sid; bool recorded; diff --git a/hw/arm/smmuv3.c b/hw/arm/smmuv3.c index 2c107724e77..3438adcecd2 100644 --- a/hw/arm/smmuv3.c +++ b/hw/arm/smmuv3.c @@ -148,9 +148,9 @@ static MemTxResult queue_write(SMMUQueue *q, Evt *evt_i= n) return MEMTX_OK; } =20 -static MemTxResult smmuv3_write_eventq(SMMUv3State *s, Evt *evt) +static MemTxResult smmuv3_write_eventq(SMMUv3State *s, SMMUSecSID sec_sid, + Evt *evt) { - SMMUSecSID sec_sid =3D SMMU_SEC_SID_NS; SMMUv3RegBank *bank =3D smmuv3_bank(s, sec_sid); SMMUQueue *q =3D &bank->eventq; MemTxResult r; @@ -178,7 +178,8 @@ void smmuv3_record_event(SMMUv3State *s, SMMUEventInfo = *info) { Evt evt =3D {}; MemTxResult r; - SMMUSecSID sec_sid =3D SMMU_SEC_SID_NS; + SMMUSecSID sec_sid =3D info->sec_sid; + g_assert(sec_sid < SMMU_SEC_SID_NUM); =20 if (!smmuv3_eventq_enabled(s, sec_sid)) { return; @@ -258,8 +259,9 @@ void smmuv3_record_event(SMMUv3State *s, SMMUEventInfo = *info) g_assert_not_reached(); } =20 - trace_smmuv3_record_event(smmu_event_string(info->type), info->sid); - r =3D smmuv3_write_eventq(s, &evt); + trace_smmuv3_record_event(sec_sid, smmu_event_string(info->type), + info->sid); + r =3D smmuv3_write_eventq(s, sec_sid, &evt); if (r !=3D MEMTX_OK) { smmuv3_trigger_irq(s, SMMU_IRQ_GERROR, R_GERROR_EVENTQ_ABT_ERR_MAS= K); } @@ -917,6 +919,7 @@ static SMMUTransCfg *smmuv3_get_config(SMMUDevice *sdev= , SMMUEventInfo *event) 100 * sdev->cfg_cache_hits / (sdev->cfg_cache_hits + sdev->cfg_cache_misses= )); cfg =3D g_new0(SMMUTransCfg, 1); + cfg->sec_sid =3D SMMU_SEC_SID_NS; =20 if (!smmuv3_decode_config(&sdev->iommu, cfg, event)) { g_hash_table_insert(bc->configs, sdev, cfg); @@ -1074,7 +1077,8 @@ static IOMMUTLBEntry smmuv3_translate(IOMMUMemoryRegi= on *mr, hwaddr addr, SMMUv3RegBank *bank =3D smmuv3_bank(s, sec_sid); SMMUEventInfo event =3D {.type =3D SMMU_EVT_NONE, .sid =3D sid, - .inval_ste_allowed =3D false}; + .inval_ste_allowed =3D false, + .sec_sid =3D sec_sid}; SMMUTranslationStatus status; SMMUTransCfg *cfg =3D NULL; IOMMUTLBEntry entry =3D { @@ -1176,7 +1180,9 @@ static void smmuv3_notify_iova(IOMMUMemoryRegion *mr, uint64_t num_pages, int stage) { SMMUDevice *sdev =3D container_of(mr, SMMUDevice, iommu); - SMMUEventInfo eventinfo =3D {.inval_ste_allowed =3D true}; + SMMUSecSID sec_sid =3D SMMU_SEC_SID_NS; + SMMUEventInfo eventinfo =3D {.sec_sid =3D sec_sid, + .inval_ste_allowed =3D true}; SMMUTransCfg *cfg =3D smmuv3_get_config(sdev, &eventinfo); IOMMUTLBEvent event; uint8_t granule; diff --git a/hw/arm/trace-events b/hw/arm/trace-events index 8135c0c7344..9c2cc131ab4 100644 --- a/hw/arm/trace-events +++ b/hw/arm/trace-events @@ -40,7 +40,7 @@ smmuv3_cmdq_opcode(const char *opcode) "<--- %s" smmuv3_cmdq_consume_out(uint32_t prod, uint32_t cons, uint8_t prod_wrap, u= int8_t cons_wrap) "prod:%d, cons:%d, prod_wrap:%d, cons_wrap:%d " smmuv3_cmdq_consume_error(const char *cmd_name, uint8_t cmd_error) "Error = on %s command execution: %d" smmuv3_write_mmio(uint64_t addr, uint64_t val, unsigned size, uint32_t r) = "addr: 0x%"PRIx64" val:0x%"PRIx64" size: 0x%x(%d)" -smmuv3_record_event(const char *type, uint32_t sid) "%s sid=3D0x%x" +smmuv3_record_event(int sec_sid, const char *type, uint32_t sid) "sec_sid= =3D%d %s sid=3D0x%x" smmuv3_find_ste(uint16_t sid, uint32_t features, uint16_t sid_split) "sid= =3D0x%x features:0x%x, sid_split:0x%x" smmuv3_find_ste_2lvl(uint64_t strtab_base, uint64_t l1ptr, int l1_ste_offs= et, uint64_t l2ptr, int l2_ste_offset, int max_l2_ste) "strtab_base:0x%"PRI= x64" l1ptr:0x%"PRIx64" l1_off:0x%x, l2ptr:0x%"PRIx64" l2_off:0x%x max_l2_st= e:%d" smmuv3_get_ste(uint64_t addr) "STE addr: 0x%"PRIx64 diff --git a/include/hw/arm/smmu-common.h b/include/hw/arm/smmu-common.h index 6ea40f6b074..ae1489717fe 100644 --- a/include/hw/arm/smmu-common.h +++ b/include/hw/arm/smmu-common.h @@ -107,6 +107,7 @@ typedef struct SMMUS2Cfg { typedef struct SMMUTransCfg { /* Shared fields between stage-1 and stage-2. */ SMMUStage stage; /* translation stage */ + SMMUSecSID sec_sid; /* cached sec sid */ bool disabled; /* smmu is disabled */ bool bypassed; /* translation is bypassed */ bool aborted; /* translation is aborted */ --=20 2.34.1 From nobody Sun Apr 12 00:58:07 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1771668265384708.19986410387; Sat, 21 Feb 2026 02:04:25 -0800 (PST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vtjpe-0005kg-ST; Sat, 21 Feb 2026 05:03:27 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vtjpb-0005jJ-RA; Sat, 21 Feb 2026 05:03:23 -0500 Received: from zg8tmtyylji0my4xnjqumte4.icoremail.net ([162.243.164.118]) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vtjpZ-00056X-Or; Sat, 21 Feb 2026 05:03:23 -0500 Received: from prodtpl.icoremail.net (unknown [10.12.1.20]) by hzbj-icmmx-7 (Coremail) with SMTP id AQAAfwB3f5vkgplpgqBVBw--.14095S2; Sat, 21 Feb 2026 18:03:16 +0800 (CST) Received: from phytium.com.cn (unknown [218.76.62.144]) by mail (Coremail) with SMTP id AQAAfwD3TevcgplpBk4cAA--.34138S10; Sat, 21 Feb 2026 18:03:15 +0800 (CST) From: Tao Tang To: Eric Auger , Peter Maydell , "Michael S . Tsirkin" , Marcel Apfelbaum Cc: qemu-devel@nongnu.org, qemu-arm@nongnu.org, Chen Baozi , Pierrick Bouvier , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , Mostafa Saleh , Chao Liu , Tao Tang Subject: [RFC v4 07/31] hw/arm/smmu-common: Add security-aware address space selector Date: Sat, 21 Feb 2026 18:02:26 +0800 Message-Id: <20260221100250.2976287-8-tangtao1634@phytium.com.cn> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20260221100250.2976287-1-tangtao1634@phytium.com.cn> References: <20260221100250.2976287-1-tangtao1634@phytium.com.cn> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-CM-TRANSID: AQAAfwD3TevcgplpBk4cAA--.34138S10 X-CM-SenderInfo: pwdqw3tdrrljuu6sx5pwlxzhxfrphubq/1tbiAQANBWmYzyUAJAAAs2 Authentication-Results: hzbj-icmmx-7; spf=neutral smtp.mail=tangtao163 4@phytium.com.cn; X-Coremail-Antispam: 1Uk129KBjvJXoW7try7XFW3Ary5WFy3Zw48tFb_yoW8ZrW5pa 97Ar95ZryqkF1IkrZ3ZrsI9Fy5Wan5WF1UGry7WFZ5Cw17trn3Aw17Kw1j9rZrCr4rXr47 urZrXrs5WF1UtrJanT9S1TB71UUUUU7qnTZGkaVYY2UrUUUUj1kv1TuYvTs0mT0YCTnIWj DUYxn0WfASr-VFAU7a7-sFnT9fnUUIcSsGvfJ3UbIYCTnIWIevJa73UjIFyTuYvj4RJUUU UUUUU Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=162.243.164.118; envelope-from=tangtao1634@phytium.com.cn; helo=zg8tmtyylji0my4xnjqumte4.icoremail.net X-Spam_score_int: -25 X-Spam_score: -2.6 X-Spam_bar: -- X-Spam_report: (-2.6 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZM-MESSAGEID: 1771668267377158500 Content-Type: text/plain; charset="utf-8" Introduce SMMU_SEC_SID_S to represent SEC_SID =3D=3D 1, meaning Secure. And then provide smmu_get_address_space, a SMMU instance-based address space selector. The helper now returns the per-device memory/secure-memory AddressSpace and reports missing spaces. Signed-off-by: Tao Tang --- hw/arm/smmu-common.c | 17 +++++++++++++++++ include/hw/arm/smmu-common.h | 3 +++ 2 files changed, 20 insertions(+) diff --git a/hw/arm/smmu-common.c b/hw/arm/smmu-common.c index 58c4452b1f5..3baba2a4c8e 100644 --- a/hw/arm/smmu-common.c +++ b/hw/arm/smmu-common.c @@ -30,6 +30,23 @@ #include "hw/arm/smmu-common.h" #include "smmu-internal.h" =20 +AddressSpace *smmu_get_address_space(SMMUState *s, SMMUSecSID sec_sid) +{ + switch (sec_sid) { + case SMMU_SEC_SID_NS: + return &s->memory_as; + case SMMU_SEC_SID_S: + if (!s->secure_memory || s->secure_memory_as.root =3D=3D NULL) { + warn_report("Secure address space requested but not available"= ); + return NULL; + } + return &s->secure_memory_as; + default: + warn_report("Unknown SEC_SID value %d", sec_sid); + return NULL; + } +} + /* IOTLB Management */ =20 static guint smmu_iotlb_key_hash(gconstpointer v) diff --git a/include/hw/arm/smmu-common.h b/include/hw/arm/smmu-common.h index ae1489717fe..b3ca55effc5 100644 --- a/include/hw/arm/smmu-common.h +++ b/include/hw/arm/smmu-common.h @@ -43,6 +43,7 @@ /* StreamID Security state */ typedef enum SMMUSecSID { SMMU_SEC_SID_NS =3D 0, + SMMU_SEC_SID_S, SMMU_SEC_SID_NUM, } SMMUSecSID; =20 @@ -189,6 +190,8 @@ struct SMMUBaseClass { #define TYPE_ARM_SMMU "arm-smmu" OBJECT_DECLARE_TYPE(SMMUState, SMMUBaseClass, ARM_SMMU) =20 +AddressSpace *smmu_get_address_space(SMMUState *s, SMMUSecSID sec_sid); + /* Return the SMMUPciBus handle associated to a PCI bus number */ SMMUPciBus *smmu_find_smmu_pcibus(SMMUState *s, uint8_t bus_num); =20 --=20 2.34.1 From nobody Sun Apr 12 00:58:07 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 177166826115494.36997141277004; Sat, 21 Feb 2026 02:04:21 -0800 (PST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vtjpg-0005mJ-Mc; Sat, 21 Feb 2026 05:03:30 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vtjpd-0005kb-L6; Sat, 21 Feb 2026 05:03:25 -0500 Received: from zg8tmtyylji0my4xnjqumte4.icoremail.net ([162.243.164.118]) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vtjpZ-0005AF-Gt; Sat, 21 Feb 2026 05:03:24 -0500 Received: from prodtpl.icoremail.net (unknown [10.12.1.20]) by hzbj-icmmx-6 (Coremail) with SMTP id AQAAfwAn_UTngplpOxdzAA--.3071S2; Sat, 21 Feb 2026 18:03:19 +0800 (CST) Received: from phytium.com.cn (unknown [218.76.62.144]) by mail (Coremail) with SMTP id AQAAfwD3TevcgplpBk4cAA--.34138S11; Sat, 21 Feb 2026 18:03:16 +0800 (CST) From: Tao Tang To: Eric Auger , Peter Maydell , "Michael S . Tsirkin" , Marcel Apfelbaum Cc: qemu-devel@nongnu.org, qemu-arm@nongnu.org, Chen Baozi , Pierrick Bouvier , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , Mostafa Saleh , Chao Liu , Tao Tang Subject: [RFC v4 08/31] hw/arm/smmuv3: Plumb transaction attributes into config helpers Date: Sat, 21 Feb 2026 18:02:27 +0800 Message-Id: <20260221100250.2976287-9-tangtao1634@phytium.com.cn> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20260221100250.2976287-1-tangtao1634@phytium.com.cn> References: <20260221100250.2976287-1-tangtao1634@phytium.com.cn> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-CM-TRANSID: AQAAfwD3TevcgplpBk4cAA--.34138S11 X-CM-SenderInfo: pwdqw3tdrrljuu6sx5pwlxzhxfrphubq/1tbiAQANBWmYzyUAJgAAs0 Authentication-Results: hzbj-icmmx-6; spf=neutral smtp.mail=tangtao163 4@phytium.com.cn; X-Coremail-Antispam: 1Uk129KBjvJXoW3uFy7XrWkXryDJF43Ww43trb_yoWDWw4xpF ZrGFn0kws5tFWSvF9xXr4093W3J39YgFn8Gr9rKF9Ykw15Ar17Zr1DKw15CryDury8JFsF vFWIgF4rurnrA3DanT9S1TB71UUUUU7qnTZGkaVYY2UrUUUUj1kv1TuYvTs0mT0YCTnIWj DUYxn0WfASr-VFAU7a7-sFnT9fnUUIcSsGvfJ3UbIYCTnIWIevJa73UjIFyTuYvj4RJUUU UUUUU Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=162.243.164.118; envelope-from=tangtao1634@phytium.com.cn; helo=zg8tmtyylji0my4xnjqumte4.icoremail.net X-Spam_score_int: -25 X-Spam_score: -2.6 X-Spam_bar: -- X-Spam_report: (-2.6 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZM-MESSAGEID: 1771668265899158500 Content-Type: text/plain; charset="utf-8" As a preliminary step towards a multi-security-state configuration cache, introduce MemTxAttrs and AddressSpace * members to the SMMUTransCfg struct. The goal is to cache these attributes so that internal functions can use them directly. To facilitate this, hw/arm/arm-security.h is now included in smmu-common.h. This is a notable change, as it marks the first time these Arm CPU-specific security space definitions are used outside of cpu.h, making them more generally available for device models. The decode helpers (smmu_get_ste, smmu_get_cd, smmu_find_ste, smmuv3_get_config) are updated to use these new attributes for memory accesses. This ensures that reads of SMMU structures from memory, such as the Stream Table, use the correct security context. For the special case of smmuv3-accel.c, we only support the NS-only path for now. Therefore, we initialize a minimal cfg with sec_sid, txattrs, and as for the NS-only accel path. For now, the configuration cache lookup key remains unchanged and is still based solely on the SMMUDevice pointer. The new attributes are populated during a cache miss in smmuv3_get_config. And some paths still rely on the NS-only address_space_memory, for example smmuv3_notify_iova and get_pte(). These will be progressively converted in follow-up commits to use an AddressSpace selected according to SEC_SID. Signed-off-by: Tao Tang --- hw/arm/smmu-common.c | 19 ++++++++++++++++++ hw/arm/smmuv3-accel.c | 12 +++++++++++- hw/arm/smmuv3-internal.h | 3 ++- hw/arm/smmuv3.c | 38 ++++++++++++++++++++++-------------- include/hw/arm/smmu-common.h | 12 ++++++++++++ 5 files changed, 67 insertions(+), 17 deletions(-) diff --git a/hw/arm/smmu-common.c b/hw/arm/smmu-common.c index 3baba2a4c8e..b320aec8c60 100644 --- a/hw/arm/smmu-common.c +++ b/hw/arm/smmu-common.c @@ -30,6 +30,25 @@ #include "hw/arm/smmu-common.h" #include "smmu-internal.h" =20 +ARMSecuritySpace smmu_get_security_space(SMMUSecSID sec_sid) +{ + switch (sec_sid) { + case SMMU_SEC_SID_S: + return ARMSS_Secure; + case SMMU_SEC_SID_NS: + default: + return ARMSS_NonSecure; + } +} + +MemTxAttrs smmu_get_txattrs(SMMUSecSID sec_sid) +{ + return (MemTxAttrs) { + .secure =3D sec_sid > SMMU_SEC_SID_NS ? 1 : 0, + .space =3D smmu_get_security_space(sec_sid), + }; +} + AddressSpace *smmu_get_address_space(SMMUState *s, SMMUSecSID sec_sid) { switch (sec_sid) { diff --git a/hw/arm/smmuv3-accel.c b/hw/arm/smmuv3-accel.c index fdcb15005ea..9a41391826b 100644 --- a/hw/arm/smmuv3-accel.c +++ b/hw/arm/smmuv3-accel.c @@ -244,6 +244,16 @@ bool smmuv3_accel_install_ste(SMMUv3State *s, SMMUDevi= ce *sdev, int sid, const char *type; STE ste; SMMUSecSID sec_sid =3D SMMU_SEC_SID_NS; + /* + * smmu_find_ste() requires a SMMUTransCfg to provide address space and + * transaction attributes for DMA reads. Only NS state is supported he= re. + */ + SMMUState *bc =3D &s->smmu_state; + SMMUTransCfg cfg =3D { + .sec_sid =3D sec_sid, + .txattrs =3D smmu_get_txattrs(sec_sid), + .as =3D smmu_get_address_space(bc, sec_sid), + }; =20 if (!accel || !accel->viommu) { return true; @@ -259,7 +269,7 @@ bool smmuv3_accel_install_ste(SMMUv3State *s, SMMUDevic= e *sdev, int sid, return false; } =20 - if (smmu_find_ste(sdev->smmu, sid, &ste, &event)) { + if (smmu_find_ste(sdev->smmu, sid, &ste, &event, &cfg)) { /* No STE found, nothing to install */ return true; } diff --git a/hw/arm/smmuv3-internal.h b/hw/arm/smmuv3-internal.h index a1071f7b689..6d29b9027f0 100644 --- a/hw/arm/smmuv3-internal.h +++ b/hw/arm/smmuv3-internal.h @@ -363,7 +363,8 @@ typedef struct SMMUEventInfo { } while (0) =20 void smmuv3_record_event(SMMUv3State *s, SMMUEventInfo *event); -int smmu_find_ste(SMMUv3State *s, uint32_t sid, STE *ste, SMMUEventInfo *e= vent); +int smmu_find_ste(SMMUv3State *s, uint32_t sid, STE *ste, SMMUEventInfo *e= vent, + SMMUTransCfg *cfg); =20 static inline int oas2bits(int oas_field) { diff --git a/hw/arm/smmuv3.c b/hw/arm/smmuv3.c index 3438adcecd2..2192bec2368 100644 --- a/hw/arm/smmuv3.c +++ b/hw/arm/smmuv3.c @@ -347,14 +347,13 @@ static void smmuv3_reset(SMMUv3State *s) } =20 static int smmu_get_ste(SMMUv3State *s, dma_addr_t addr, STE *buf, - SMMUEventInfo *event) + SMMUEventInfo *event, SMMUTransCfg *cfg) { int ret, i; =20 trace_smmuv3_get_ste(addr); /* TODO: guarantee 64-bit single-copy atomicity */ - ret =3D dma_memory_read(&address_space_memory, addr, buf, sizeof(*buf), - MEMTXATTRS_UNSPECIFIED); + ret =3D dma_memory_read(cfg->as, addr, buf, sizeof(*buf), cfg->txattrs= ); if (ret !=3D MEMTX_OK) { qemu_log_mask(LOG_GUEST_ERROR, "Cannot fetch pte at address=3D0x%"PRIx64"\n", addr); @@ -399,8 +398,7 @@ static int smmu_get_cd(SMMUv3State *s, STE *ste, SMMUTr= ansCfg *cfg, } =20 /* TODO: guarantee 64-bit single-copy atomicity */ - ret =3D dma_memory_read(&address_space_memory, addr, buf, sizeof(*buf), - MEMTXATTRS_UNSPECIFIED); + ret =3D dma_memory_read(cfg->as, addr, buf, sizeof(*buf), cfg->txattrs= ); if (ret !=3D MEMTX_OK) { qemu_log_mask(LOG_GUEST_ERROR, "Cannot fetch pte at address=3D0x%"PRIx64"\n", addr); @@ -655,17 +653,19 @@ bad_ste: * @sid: stream ID * @ste: returned stream table entry * @event: handle to an event info + * @cfg: translation configuration cache * * Supports linear and 2-level stream table * Return 0 on success, -EINVAL otherwise */ -int smmu_find_ste(SMMUv3State *s, uint32_t sid, STE *ste, SMMUEventInfo *e= vent) +int smmu_find_ste(SMMUv3State *s, uint32_t sid, STE *ste, SMMUEventInfo *e= vent, + SMMUTransCfg *cfg) { dma_addr_t addr, strtab_base; uint32_t log2size; int strtab_size_shift; int ret; - SMMUSecSID sec_sid =3D SMMU_SEC_SID_NS; + SMMUSecSID sec_sid =3D cfg->sec_sid; SMMUv3RegBank *bank =3D smmuv3_bank(s, sec_sid); =20 trace_smmuv3_find_ste(sid, bank->features, bank->sid_split); @@ -693,8 +693,8 @@ int smmu_find_ste(SMMUv3State *s, uint32_t sid, STE *st= e, SMMUEventInfo *event) l2_ste_offset =3D sid & ((1 << bank->sid_split) - 1); l1ptr =3D (dma_addr_t)(strtab_base + l1_ste_offset * sizeof(l1std)= ); /* TODO: guarantee 64-bit single-copy atomicity */ - ret =3D dma_memory_read(&address_space_memory, l1ptr, &l1std, - sizeof(l1std), MEMTXATTRS_UNSPECIFIED); + ret =3D dma_memory_read(cfg->as, l1ptr, &l1std, sizeof(l1std), + cfg->txattrs); if (ret !=3D MEMTX_OK) { qemu_log_mask(LOG_GUEST_ERROR, "Could not read L1PTR at 0X%"PRIx64"\n", l1ptr); @@ -736,7 +736,7 @@ int smmu_find_ste(SMMUv3State *s, uint32_t sid, STE *st= e, SMMUEventInfo *event) addr =3D strtab_base + sid * sizeof(*ste); } =20 - if (smmu_get_ste(s, addr, ste, event)) { + if (smmu_get_ste(s, addr, ste, event, cfg)) { return -EINVAL; } =20 @@ -865,7 +865,7 @@ static int smmuv3_decode_config(IOMMUMemoryRegion *mr, = SMMUTransCfg *cfg, /* ASID defaults to -1 (if s1 is not supported). */ cfg->asid =3D -1; =20 - ret =3D smmu_find_ste(s, sid, &ste, event); + ret =3D smmu_find_ste(s, sid, &ste, event, cfg); if (ret) { return ret; } @@ -899,7 +899,8 @@ static int smmuv3_decode_config(IOMMUMemoryRegion *mr, = SMMUTransCfg *cfg, * decoding under the form of an SMMUTransCfg struct. The hash table is in= dexed * by the SMMUDevice handle. */ -static SMMUTransCfg *smmuv3_get_config(SMMUDevice *sdev, SMMUEventInfo *ev= ent) +static SMMUTransCfg *smmuv3_get_config(SMMUDevice *sdev, SMMUEventInfo *ev= ent, + SMMUSecSID sec_sid) { SMMUv3State *s =3D sdev->smmu; SMMUState *bc =3D &s->smmu_state; @@ -919,7 +920,14 @@ static SMMUTransCfg *smmuv3_get_config(SMMUDevice *sde= v, SMMUEventInfo *event) 100 * sdev->cfg_cache_hits / (sdev->cfg_cache_hits + sdev->cfg_cache_misses= )); cfg =3D g_new0(SMMUTransCfg, 1); - cfg->sec_sid =3D SMMU_SEC_SID_NS; + cfg->sec_sid =3D sec_sid; + cfg->txattrs =3D smmu_get_txattrs(sec_sid); + cfg->as =3D smmu_get_address_space(bc, sec_sid); + cfg->ns_as =3D (sec_sid > SMMU_SEC_SID_NS) + ? smmu_get_address_space(bc, SMMU_SEC_SID_NS) + : cfg->as; + /* AddressSpace must be available, assert if not. */ + g_assert(cfg->as && cfg->ns_as); =20 if (!smmuv3_decode_config(&sdev->iommu, cfg, event)) { g_hash_table_insert(bc->configs, sdev, cfg); @@ -1101,7 +1109,7 @@ static IOMMUTLBEntry smmuv3_translate(IOMMUMemoryRegi= on *mr, hwaddr addr, goto epilogue; } =20 - cfg =3D smmuv3_get_config(sdev, &event); + cfg =3D smmuv3_get_config(sdev, &event, sec_sid); if (!cfg) { status =3D SMMU_TRANS_ERROR; goto epilogue; @@ -1183,7 +1191,7 @@ static void smmuv3_notify_iova(IOMMUMemoryRegion *mr, SMMUSecSID sec_sid =3D SMMU_SEC_SID_NS; SMMUEventInfo eventinfo =3D {.sec_sid =3D sec_sid, .inval_ste_allowed =3D true}; - SMMUTransCfg *cfg =3D smmuv3_get_config(sdev, &eventinfo); + SMMUTransCfg *cfg =3D smmuv3_get_config(sdev, &eventinfo, sec_sid); IOMMUTLBEvent event; uint8_t granule; =20 diff --git a/include/hw/arm/smmu-common.h b/include/hw/arm/smmu-common.h index b3ca55effc5..7944e8d1b64 100644 --- a/include/hw/arm/smmu-common.h +++ b/include/hw/arm/smmu-common.h @@ -22,6 +22,7 @@ #include "hw/core/sysbus.h" #include "hw/pci/pci.h" #include "qom/object.h" +#include "hw/arm/arm-security.h" =20 #define SMMU_PCI_BUS_MAX 256 #define SMMU_PCI_DEVFN_MAX 256 @@ -47,6 +48,9 @@ typedef enum SMMUSecSID { SMMU_SEC_SID_NUM, } SMMUSecSID; =20 +MemTxAttrs smmu_get_txattrs(SMMUSecSID sec_sid); +ARMSecuritySpace smmu_get_security_space(SMMUSecSID sec_sid); + /* * Page table walk error types */ @@ -124,6 +128,14 @@ typedef struct SMMUTransCfg { SMMUTransTableInfo tt[2]; /* Used by stage-2 only. */ struct SMMUS2Cfg s2cfg; + MemTxAttrs txattrs; /* cached transaction attributes */ + /* + * Cached AS related to the SEC_SID, which will be statically marked, = and + * in future RME support it will be implemented as a dynamic switch. + */ + AddressSpace *as; + /* Cached NS AS. It will be used if previous SEC_SID !=3D SMMU_SEC_SID= _NS. */ + AddressSpace *ns_as; } SMMUTransCfg; =20 typedef struct SMMUDevice { --=20 2.34.1 From nobody Sun Apr 12 00:58:07 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1771668269428543.6892079478982; Sat, 21 Feb 2026 02:04:29 -0800 (PST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vtjpk-0005mx-QU; Sat, 21 Feb 2026 05:03:33 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vtjpd-0005kZ-9Q; Sat, 21 Feb 2026 05:03:25 -0500 Received: from zg8tmtyylji0my4xnjqumte4.icoremail.net ([162.243.164.118]) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vtjpa-00057r-JU; Sat, 21 Feb 2026 05:03:24 -0500 Received: from prodtpl.icoremail.net (unknown [10.12.1.20]) by hzbj-icmmx-7 (Coremail) with SMTP id AQAAfwC3v2PmgplpjqBVBw--.4384S2; Sat, 21 Feb 2026 18:03:18 +0800 (CST) Received: from phytium.com.cn (unknown [218.76.62.144]) by mail (Coremail) with SMTP id AQAAfwD3TevcgplpBk4cAA--.34138S12; Sat, 21 Feb 2026 18:03:17 +0800 (CST) From: Tao Tang To: Eric Auger , Peter Maydell , "Michael S . Tsirkin" , Marcel Apfelbaum Cc: qemu-devel@nongnu.org, qemu-arm@nongnu.org, Chen Baozi , Pierrick Bouvier , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , Mostafa Saleh , Chao Liu , Tao Tang Subject: [RFC v4 09/31] hw/arm/smmuv3: Enforce Secure stage 2 capability check when decoding STE Date: Sat, 21 Feb 2026 18:02:28 +0800 Message-Id: <20260221100250.2976287-10-tangtao1634@phytium.com.cn> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20260221100250.2976287-1-tangtao1634@phytium.com.cn> References: <20260221100250.2976287-1-tangtao1634@phytium.com.cn> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-CM-TRANSID: AQAAfwD3TevcgplpBk4cAA--.34138S12 X-CM-SenderInfo: pwdqw3tdrrljuu6sx5pwlxzhxfrphubq/1tbiAQANBWmYzyUAJgABs1 Authentication-Results: hzbj-icmmx-7; spf=neutral smtp.mail=tangtao163 4@phytium.com.cn; X-Coremail-Antispam: 1Uk129KBjvJXoW7Ary5Xry7tw13Gw43AF4kCrg_yoW8JFWkpF Z8GwsY9rWfJ3WfZrnruws2yrZ7WFWrGr9rGr1Ik343Z3WUAr1Dtr1IkF1agFyrXrWrXrW7 uan2qFZ5Xr4vyrJanT9S1TB71UUUUUDqnTZGkaVYY2UrUUUUj1kv1TuYvTs0mT0YCTnIWj DUYxn0WfASr-VFAU7a7-sFnT9fnUUIcSsGvfJ3UbIYCTnIWIevJa73UjIFyTuYvj4RJUUU UUUUU Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=162.243.164.118; envelope-from=tangtao1634@phytium.com.cn; helo=zg8tmtyylji0my4xnjqumte4.icoremail.net X-Spam_score_int: -25 X-Spam_score: -2.6 X-Spam_bar: -- X-Spam_report: (-2.6 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZM-MESSAGEID: 1771668271643158500 Content-Type: text/plain; charset="utf-8" When decoding a Stream Table Entry (STE) from the Secure stream table that enables stage-2 translation, verify that the SMMU implementation advertises Secure stage-2 support via S_IDR1.SEL2. If stage-2 is requested but S_IDR1.SEL2 is 0, mark the STE as ILLEGAL. This implements the requirement from the Arm SMMUv3 architecture specification (IHI 0070G.b, Section 5.2, Page 218) that a Secure STE with stage-2 enabled is only valid when the implementation supports Secure stage-2 translation. Signed-off-by: Tao Tang Reviewed-by: Pierrick Bouvier --- hw/arm/smmuv3.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/hw/arm/smmuv3.c b/hw/arm/smmuv3.c index 2192bec2368..d011357253e 100644 --- a/hw/arm/smmuv3.c +++ b/hw/arm/smmuv3.c @@ -623,6 +623,16 @@ static int decode_ste(SMMUv3State *s, SMMUTransCfg *cf= g, if (ret) { goto bad_ste; } + + /* + * Stage 2 is implemented but Secure stage 2 is not supported while + * STE is from Secure stream table. STE is ILLEGAL in this case + * according to (IHI 0070G.b) 5.2 STE, Stream Table Entry, Page 21= 8. + */ + if ((cfg->sec_sid =3D=3D SMMU_SEC_SID_S) && + !(FIELD_EX32(s->bank[SMMU_SEC_SID_S].idr[1], S_IDR1, SEL2))) { + goto bad_ste; + } } =20 /* Multiple context descriptors require SubstreamID support */ --=20 2.34.1 From nobody Sun Apr 12 00:58:07 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1771668950262164.448511726383; Sat, 21 Feb 2026 02:15:50 -0800 (PST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vtk0q-00047V-9z; Sat, 21 Feb 2026 05:15:00 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vtk0j-0003zr-JC; Sat, 21 Feb 2026 05:14:53 -0500 Received: from sgoci-sdnproxy-4.icoremail.net ([129.150.39.64]) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vtk0g-0002AS-8S; Sat, 21 Feb 2026 05:14:53 -0500 Received: from prodtpl.icoremail.net (unknown [10.12.1.20]) by hzbj-icmmx-7 (Coremail) with SMTP id AQAAfwBHT5uThZlpCqxVBw--.2789S2; Sat, 21 Feb 2026 18:14:43 +0800 (CST) Received: from phytium.com.cn (unknown [218.76.62.144]) by mail (Coremail) with SMTP id AQAAfwB3zuuQhZlpW04cAA--.34568S3; Sat, 21 Feb 2026 18:14:41 +0800 (CST) From: Tao Tang To: Eric Auger , Peter Maydell , "Michael S . Tsirkin" , Marcel Apfelbaum Cc: qemu-devel@nongnu.org, qemu-arm@nongnu.org, Chen Baozi , Pierrick Bouvier , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , Mostafa Saleh , Chao Liu , Tao Tang Subject: [RFC v4 10/31] hw/arm/smmu-common: Key configuration cache on SMMUDevice and SEC_SID Date: Sat, 21 Feb 2026 18:14:37 +0800 Message-Id: <20260221101437.2990803-1-tangtao1634@phytium.com.cn> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20260221100250.2976287-1-tangtao1634@phytium.com.cn> References: <20260221100250.2976287-1-tangtao1634@phytium.com.cn> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-CM-TRANSID: AQAAfwB3zuuQhZlpW04cAA--.34568S3 X-CM-SenderInfo: pwdqw3tdrrljuu6sx5pwlxzhxfrphubq/1tbiAQANBWmYzyUAKQAAs7 Authentication-Results: hzbj-icmmx-7; spf=neutral smtp.mail=tangtao163 4@phytium.com.cn; X-Coremail-Antispam: 1Uk129KBjvJXoWxKFW7GFWUZFyUGr45GrWDXFb_yoWxuF43pr W8GF95Jr4UGF1fCFsxXFWI9as8Wwn29r1fGryagr9YyFyqyryUAF4DK3yYk3s3CrWkJF47 ZayIgFyUCr1xJaDanT9S1TB71UUUUUDqnTZGkaVYY2UrUUUUj1kv1TuYvTs0mT0YCTnIWj DUYxn0WfASr-VFAU7a7-sFnT9fnUUIcSsGvfJ3UbIYCTnIWIevJa73UjIFyTuYvj4RJUUU UUUUU Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=129.150.39.64; envelope-from=tangtao1634@phytium.com.cn; helo=sgoci-sdnproxy-4.icoremail.net X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZM-MESSAGEID: 1771668954632158500 Content-Type: text/plain; charset="utf-8" Adapt the configuration cache to support multiple security states by introducing a composite key, SMMUConfigKey. This key combines the SMMUDevice with SEC_SID, preventing aliasing between Secure and Non-secure configurations for the same device, also the future Realm and Root configurations. The cache lookup, insertion, and invalidation mechanisms are updated to use this new keying infrastructure. This change is critical for ensuring correct translation when a device is active in more than one security world. Signed-off-by: Tao Tang Reviewed-by: Eric Auger Link: https://lore.kernel.org/qemu-devel/a9a840a6-c65f-4352-9a49-ddd1b5483f= 43@redhat.com/ Reviewed-by: Pierrick Bouvier --- hw/arm/smmu-common.c | 45 ++++++++++++++++++++++++++++++++++-- hw/arm/smmuv3.c | 13 +++++++---- include/hw/arm/smmu-common.h | 7 ++++++ 3 files changed, 58 insertions(+), 7 deletions(-) diff --git a/hw/arm/smmu-common.c b/hw/arm/smmu-common.c index b320aec8c60..a732303b28b 100644 --- a/hw/arm/smmu-common.c +++ b/hw/arm/smmu-common.c @@ -30,6 +30,26 @@ #include "hw/arm/smmu-common.h" #include "smmu-internal.h" =20 +/* Configuration Cache Management */ +static guint smmu_config_key_hash(gconstpointer key) +{ + const SMMUConfigKey *k =3D key; + return g_direct_hash(k->sdev) ^ (guint)k->sec_sid; +} + +static gboolean smmu_config_key_equal(gconstpointer a, gconstpointer b) +{ + const SMMUConfigKey *ka =3D a; + const SMMUConfigKey *kb =3D b; + return ka->sdev =3D=3D kb->sdev && ka->sec_sid =3D=3D kb->sec_sid; +} + +SMMUConfigKey smmu_get_config_key(SMMUDevice *sdev, SMMUSecSID sec_sid) +{ + SMMUConfigKey key =3D {.sdev =3D sdev, .sec_sid =3D sec_sid}; + return key; +} + ARMSecuritySpace smmu_get_security_space(SMMUSecSID sec_sid) { switch (sec_sid) { @@ -265,7 +285,8 @@ static gboolean smmu_hash_remove_by_vmid_ipa(gpointer k= ey, gpointer value, static gboolean smmu_hash_remove_by_sid_range(gpointer key, gpointer value, gpointer user_= data) { - SMMUDevice *sdev =3D (SMMUDevice *)key; + SMMUConfigKey *config_key =3D (SMMUConfigKey *)key; + SMMUDevice *sdev =3D config_key->sdev; uint32_t sid =3D smmu_get_sid(sdev); SMMUSIDRange *sid_range =3D (SMMUSIDRange *)user_data; =20 @@ -283,6 +304,24 @@ void smmu_configs_inv_sid_range(SMMUState *s, SMMUSIDR= ange sid_range) &sid_range); } =20 +static gboolean smmu_hash_remove_by_sdev(gpointer key, gpointer value, + gpointer user_data) +{ + SMMUConfigKey *config_key =3D (SMMUConfigKey *)key; + SMMUDevice *target =3D (SMMUDevice *)user_data; + + if (config_key->sdev !=3D target) { + return false; + } + trace_smmu_config_cache_inv(smmu_get_sid(target)); + return true; +} + +void smmu_configs_inv_sdev(SMMUState *s, SMMUDevice *sdev) +{ + g_hash_table_foreach_remove(s->configs, smmu_hash_remove_by_sdev, sdev= ); +} + void smmu_iotlb_inv_iova(SMMUState *s, int asid, int vmid, dma_addr_t iova, uint8_t tg, uint64_t num_pages, uint8_t ttl) { @@ -978,7 +1017,9 @@ static void smmu_base_realize(DeviceState *dev, Error = **errp) error_propagate(errp, local_err); return; } - s->configs =3D g_hash_table_new_full(NULL, NULL, NULL, g_free); + s->configs =3D g_hash_table_new_full(smmu_config_key_hash, + smmu_config_key_equal, + g_free, g_free); s->iotlb =3D g_hash_table_new_full(smmu_iotlb_key_hash, smmu_iotlb_key= _equal, g_free, g_free); s->smmu_pcibus_by_busptr =3D g_hash_table_new(NULL, NULL); diff --git a/hw/arm/smmuv3.c b/hw/arm/smmuv3.c index d011357253e..aa1a95a0093 100644 --- a/hw/arm/smmuv3.c +++ b/hw/arm/smmuv3.c @@ -904,10 +904,11 @@ static int smmuv3_decode_config(IOMMUMemoryRegion *mr= , SMMUTransCfg *cfg, * * @sdev: SMMUDevice handle * @event: output event info + * @sec_sid: StreamID Security state * * The configuration cache contains data resulting from both STE and CD * decoding under the form of an SMMUTransCfg struct. The hash table is in= dexed - * by the SMMUDevice handle. + * by a composite key of the SMMUDevice and the sec_sid. */ static SMMUTransCfg *smmuv3_get_config(SMMUDevice *sdev, SMMUEventInfo *ev= ent, SMMUSecSID sec_sid) @@ -915,8 +916,9 @@ static SMMUTransCfg *smmuv3_get_config(SMMUDevice *sdev= , SMMUEventInfo *event, SMMUv3State *s =3D sdev->smmu; SMMUState *bc =3D &s->smmu_state; SMMUTransCfg *cfg; + SMMUConfigKey lookup_key =3D smmu_get_config_key(sdev, sec_sid); =20 - cfg =3D g_hash_table_lookup(bc->configs, sdev); + cfg =3D g_hash_table_lookup(bc->configs, &lookup_key); if (cfg) { sdev->cfg_cache_hits++; trace_smmuv3_config_cache_hit(smmu_get_sid(sdev), @@ -940,7 +942,9 @@ static SMMUTransCfg *smmuv3_get_config(SMMUDevice *sdev= , SMMUEventInfo *event, g_assert(cfg->as && cfg->ns_as); =20 if (!smmuv3_decode_config(&sdev->iommu, cfg, event)) { - g_hash_table_insert(bc->configs, sdev, cfg); + SMMUConfigKey *persistent_key =3D g_new(SMMUConfigKey, 1); + *persistent_key =3D lookup_key; + g_hash_table_insert(bc->configs, persistent_key, cfg); } else { g_free(cfg); cfg =3D NULL; @@ -954,8 +958,7 @@ static void smmuv3_flush_config(SMMUDevice *sdev) SMMUv3State *s =3D sdev->smmu; SMMUState *bc =3D &s->smmu_state; =20 - trace_smmu_config_cache_inv(smmu_get_sid(sdev)); - g_hash_table_remove(bc->configs, sdev); + smmu_configs_inv_sdev(bc, sdev); } =20 /* Do translation with TLB lookup. */ diff --git a/include/hw/arm/smmu-common.h b/include/hw/arm/smmu-common.h index 7944e8d1b64..9e44c9f7710 100644 --- a/include/hw/arm/smmu-common.h +++ b/include/hw/arm/smmu-common.h @@ -162,6 +162,11 @@ typedef struct SMMUIOTLBKey { uint8_t level; } SMMUIOTLBKey; =20 +typedef struct SMMUConfigKey { + SMMUDevice *sdev; + SMMUSecSID sec_sid; +} SMMUConfigKey; + typedef struct SMMUSIDRange { uint32_t start; uint32_t end; @@ -250,6 +255,7 @@ SMMUTLBEntry *smmu_iotlb_lookup(SMMUState *bs, SMMUTran= sCfg *cfg, void smmu_iotlb_insert(SMMUState *bs, SMMUTransCfg *cfg, SMMUTLBEntry *ent= ry); SMMUIOTLBKey smmu_get_iotlb_key(int asid, int vmid, uint64_t iova, uint8_t tg, uint8_t level); +SMMUConfigKey smmu_get_config_key(SMMUDevice *sdev, SMMUSecSID sec_sid); void smmu_iotlb_inv_all(SMMUState *s); void smmu_iotlb_inv_asid_vmid(SMMUState *s, int asid, int vmid); void smmu_iotlb_inv_vmid(SMMUState *s, int vmid); @@ -259,6 +265,7 @@ void smmu_iotlb_inv_iova(SMMUState *s, int asid, int vm= id, dma_addr_t iova, void smmu_iotlb_inv_ipa(SMMUState *s, int vmid, dma_addr_t ipa, uint8_t tg, uint64_t num_pages, uint8_t ttl); void smmu_configs_inv_sid_range(SMMUState *s, SMMUSIDRange sid_range); +void smmu_configs_inv_sdev(SMMUState *s, SMMUDevice *sdev); /* Unmap the range of all the notifiers registered to any IOMMU mr */ void smmu_inv_notifiers_all(SMMUState *s); =20 --=20 2.34.1 From nobody Sun Apr 12 00:58:07 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1771668994493208.33607118499833; Sat, 21 Feb 2026 02:16:34 -0800 (PST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vtk1q-0005Cw-El; Sat, 21 Feb 2026 05:16:02 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vtk1n-0005Au-6s; Sat, 21 Feb 2026 05:15:59 -0500 Received: from zg8tmja5ljk3lje4ms43mwaa.icoremail.net ([209.97.181.73]) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vtk1k-0002YA-QM; Sat, 21 Feb 2026 05:15:58 -0500 Received: from prodtpl.icoremail.net (unknown [10.12.1.20]) by hzbj-icmmx-6 (Coremail) with SMTP id AQAAfwCXntLVhZlpRh5zAA--.15216S2; Sat, 21 Feb 2026 18:15:49 +0800 (CST) Received: from phytium.com.cn (unknown [218.76.62.144]) by mail (Coremail) with SMTP id AQAAfwCX7erUhZlpYk4cAA--.34232S3; Sat, 21 Feb 2026 18:15:48 +0800 (CST) From: Tao Tang To: Eric Auger , Peter Maydell , "Michael S . Tsirkin" , Marcel Apfelbaum Cc: qemu-devel@nongnu.org, qemu-arm@nongnu.org, Chen Baozi , Pierrick Bouvier , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , Mostafa Saleh , Chao Liu , Tao Tang Subject: [RFC v4 11/31] hw/arm/smmu: Add PTE NS/NSTable helpers Date: Sat, 21 Feb 2026 18:15:44 +0800 Message-Id: <20260221101544.2992355-1-tangtao1634@phytium.com.cn> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20260221100250.2976287-1-tangtao1634@phytium.com.cn> References: <20260221100250.2976287-1-tangtao1634@phytium.com.cn> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-CM-TRANSID: AQAAfwCX7erUhZlpYk4cAA--.34232S3 X-CM-SenderInfo: pwdqw3tdrrljuu6sx5pwlxzhxfrphubq/1tbiAQANBWmYzyUAKwAAs5 Authentication-Results: hzbj-icmmx-6; spf=neutral smtp.mail=tangtao163 4@phytium.com.cn; X-Coremail-Antispam: 1Uk129KBjvdXoW7Gr4DZw1DWw4fur43Kw17Wrg_yoWkKrbEqw 1kXaykWryjkF40kFWUCFZ7A3yY93yUAw18X3Z3X34akr9IvrW5JFnxGryku3Z5ZrWUK3W3 Awnxtr4fWrn8GjkaLaAFLSUrUUUUbb8apTn2vfkv8UJUUUU8wcxFpf9Il3svdxBIdaVrnU Uv73VFW2AGmfu7jjvjm3AaLaJ3UjIYCTnIWjDUYxBIdaVFxhVjvjDU0xZFpf9x0zRUUUUU UUUU= Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=209.97.181.73; envelope-from=tangtao1634@phytium.com.cn; helo=zg8tmja5ljk3lje4ms43mwaa.icoremail.net X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZM-MESSAGEID: 1771668997409158500 Content-Type: text/plain; charset="utf-8" Add helper macros for NS and NSTable bits and group PTE attribute accessors for clarity. No functional change beyond the new helpers. Signed-off-by: Tao Tang Reviewed-by: Pierrick Bouvier --- hw/arm/smmu-internal.h | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/hw/arm/smmu-internal.h b/hw/arm/smmu-internal.h index d143d296f34..a0454f720da 100644 --- a/hw/arm/smmu-internal.h +++ b/hw/arm/smmu-internal.h @@ -58,16 +58,28 @@ ((level =3D=3D 3) && = \ ((pte & ARM_LPAE_PTE_TYPE_MASK) =3D=3D ARM_LPAE_L3_PTE_TYPE_PAGE)) =20 +/* Block & page descriptor attributes */ +/* Non-secure bit */ +#define PTE_NS(pte) \ + (extract64(pte, 5, 1)) + /* access permissions */ =20 #define PTE_AP(pte) \ (extract64(pte, 6, 2)) =20 +/* access flag */ +#define PTE_AF(pte) \ + (extract64(pte, 10, 1)) + + +/* Table descriptor attributes */ #define PTE_APTABLE(pte) \ (extract64(pte, 61, 2)) =20 -#define PTE_AF(pte) \ - (extract64(pte, 10, 1)) +#define PTE_NSTABLE(pte) \ + (extract64(pte, 63, 1)) + /* * TODO: At the moment all transactions are considered as privileged (EL1) * as IOMMU translation callback does not pass user/priv attributes. --=20 2.34.1 From nobody Sun Apr 12 00:58:07 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1771669019725121.7566877212713; Sat, 21 Feb 2026 02:16:59 -0800 (PST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vtk2d-0006Ur-Cp; Sat, 21 Feb 2026 05:16:51 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vtk2T-0006SN-3a; Sat, 21 Feb 2026 05:16:41 -0500 Received: from zg8tmtyylji0my4xnjqumte4.icoremail.net ([162.243.164.118]) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vtk2R-0004h8-D0; Sat, 21 Feb 2026 05:16:40 -0500 Received: from prodtpl.icoremail.net (unknown [10.12.1.20]) by hzbj-icmmx-7 (Coremail) with SMTP id AQAAfwCHj2MEhplp261VBw--.4778S2; Sat, 21 Feb 2026 18:16:36 +0800 (CST) Received: from phytium.com.cn (unknown [218.76.62.144]) by mail (Coremail) with SMTP id AQAAfwDXL+0DhplpZk4cAA--.34325S3; Sat, 21 Feb 2026 18:16:35 +0800 (CST) From: Tao Tang To: Eric Auger , Peter Maydell , "Michael S . Tsirkin" , Marcel Apfelbaum Cc: qemu-devel@nongnu.org, qemu-arm@nongnu.org, Chen Baozi , Pierrick Bouvier , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , Mostafa Saleh , Chao Liu , Tao Tang Subject: [RFC v4 12/31] hw/arm/smmuv3: Store CD NSCFG in TT info Date: Sat, 21 Feb 2026 18:16:32 +0800 Message-Id: <20260221101632.2993305-1-tangtao1634@phytium.com.cn> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20260221100250.2976287-1-tangtao1634@phytium.com.cn> References: <20260221100250.2976287-1-tangtao1634@phytium.com.cn> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-CM-TRANSID: AQAAfwDXL+0DhplpZk4cAA--.34325S3 X-CM-SenderInfo: pwdqw3tdrrljuu6sx5pwlxzhxfrphubq/1tbiAQANBWmYzyUALQAAs- Authentication-Results: hzbj-icmmx-7; spf=neutral smtp.mail=tangtao163 4@phytium.com.cn; X-Coremail-Antispam: 1Uk129KBjvJXoW7XF4xZFy7GFW5Gr4kGw1Utrb_yoW8JrWUpa s7Ar1DKrWIk3W29r9rAr47uwnrWw4kWr4jkrW7Wr9avws8t39rJr1UK3Z8Kr97urW5Krsr uF12qr95XF1Utr7anT9S1TB71UUUUU7qnTZGkaVYY2UrUUUUj1kv1TuYvTs0mT0YCTnIWj DUYxn0WfASr-VFAU7a7-sFnT9fnUUIcSsGvfJ3UbIYCTnIWIevJa73UjIFyTuYvj4RJUUU UUUUU Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=162.243.164.118; envelope-from=tangtao1634@phytium.com.cn; helo=zg8tmtyylji0my4xnjqumte4.icoremail.net X-Spam_score_int: -25 X-Spam_score: -2.6 X-Spam_bar: -- X-Spam_report: (-2.6 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZM-MESSAGEID: 1771669020913158500 Content-Type: text/plain; charset="utf-8" With NSCFG definitions in place, record the per-table NSCFG bits in SMMUTransTableInfo during CD decode for later use. Signed-off-by: Tao Tang Reviewed-by: Eric Auger Reviewed-by: Pierrick Bouvier --- hw/arm/smmuv3.c | 1 + include/hw/arm/smmu-common.h | 1 + 2 files changed, 2 insertions(+) diff --git a/hw/arm/smmuv3.c b/hw/arm/smmuv3.c index aa1a95a0093..b8f2fae9a1d 100644 --- a/hw/arm/smmuv3.c +++ b/hw/arm/smmuv3.c @@ -838,6 +838,7 @@ static int decode_cd(SMMUv3State *s, SMMUTransCfg *cfg, tt->ttb =3D CACHED_ENTRY_TO_ADDR(entry, tt->ttb); } =20 + tt->nscfg =3D i ? CD_NSCFG(cd, 1) : CD_NSCFG(cd, 0); tt->had =3D CD_HAD(cd, i); trace_smmuv3_decode_cd_tt(i, tt->tsz, tt->ttb, tt->granule_sz, tt-= >had); } diff --git a/include/hw/arm/smmu-common.h b/include/hw/arm/smmu-common.h index 9e44c9f7710..bd88e599c77 100644 --- a/include/hw/arm/smmu-common.h +++ b/include/hw/arm/smmu-common.h @@ -83,6 +83,7 @@ typedef struct SMMUTransTableInfo { uint8_t tsz; /* input range, ie. 2^(64 -tsz)*/ uint8_t granule_sz; /* granule page shift */ bool had; /* hierarchical attribute disable */ + int nscfg; /* Non-secure attribute of Starting-level T= T */ } SMMUTransTableInfo; =20 typedef struct SMMUTLBEntry { --=20 2.34.1 From nobody Sun Apr 12 00:58:07 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1771669048257284.49189794749464; Sat, 21 Feb 2026 02:17:28 -0800 (PST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vtk2m-0006jD-M9; Sat, 21 Feb 2026 05:17:00 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vtk2b-0006YI-VH; Sat, 21 Feb 2026 05:16:51 -0500 Received: from zg8tmja5ljk3lje4ms43mwaa.icoremail.net ([209.97.181.73]) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vtk2a-0005Oc-Gm; Sat, 21 Feb 2026 05:16:49 -0500 Received: from prodtpl.icoremail.net (unknown [10.12.1.20]) by hzbj-icmmx-7 (Coremail) with SMTP id AQAAfwDX3ZkNhplpAa5VBw--.4921S2; Sat, 21 Feb 2026 18:16:45 +0800 (CST) Received: from phytium.com.cn (unknown [218.76.62.144]) by mail (Coremail) with SMTP id AQAAfwAXce4KhplpZ04cAA--.55026S3; Sat, 21 Feb 2026 18:16:42 +0800 (CST) From: Tao Tang To: Eric Auger , Peter Maydell , "Michael S . Tsirkin" , Marcel Apfelbaum Cc: qemu-devel@nongnu.org, qemu-arm@nongnu.org, Chen Baozi , Pierrick Bouvier , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , Mostafa Saleh , Chao Liu , Tao Tang Subject: [RFC v4 13/31] hw/arm/smmu-common: Add sec_sid field to TLB entries Date: Sat, 21 Feb 2026 18:16:40 +0800 Message-Id: <20260221101640.2993566-1-tangtao1634@phytium.com.cn> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20260221100250.2976287-1-tangtao1634@phytium.com.cn> References: <20260221100250.2976287-1-tangtao1634@phytium.com.cn> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-CM-TRANSID: AQAAfwAXce4KhplpZ04cAA--.55026S3 X-CM-SenderInfo: pwdqw3tdrrljuu6sx5pwlxzhxfrphubq/1tbiAQANBWmYzyUALwAAs9 Authentication-Results: hzbj-icmmx-7; spf=neutral smtp.mail=tangtao163 4@phytium.com.cn; X-Coremail-Antispam: 1Uk129KBjvdXoWrtFy7WF18uFWrKry8uryDJrb_yoW3uFgEy3 W3X3s5WF4IkFsxXw1fGF1Syw4Fg3y8Jr1DWr18Zw43K3WDGry7Ga92yrn7uay8W3y3GF13 ZFn8Z347ArnxGjkaLaAFLSUrUUUUjb8apTn2vfkv8UJUUUU8wcxFpf9Il3svdxBIdaVrnU Uv73VFW2AGmfu7jjvjm3AaLaJ3UjIYCTnIWjDUYxBIdaVFxhVjvjDU0xZFpf9x0zRUUUUU UUUU= Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=209.97.181.73; envelope-from=tangtao1634@phytium.com.cn; helo=zg8tmja5ljk3lje4ms43mwaa.icoremail.net X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZM-MESSAGEID: 1771669050953158500 Content-Type: text/plain; charset="utf-8" This is a non-functional preparation step that adds storage for resolved security state in SMMUTLBEntry. Together with the earlier commits that added NSCFG handling and PTE NS/NSTable helpers, the plumbing is complete and we can now refactor the PTW flow to handle Secure state. Signed-off-by: Tao Tang Reviewed-by: Pierrick Bouvier --- include/hw/arm/smmu-common.h | 1 + 1 file changed, 1 insertion(+) diff --git a/include/hw/arm/smmu-common.h b/include/hw/arm/smmu-common.h index bd88e599c77..b0a02e12fe6 100644 --- a/include/hw/arm/smmu-common.h +++ b/include/hw/arm/smmu-common.h @@ -91,6 +91,7 @@ typedef struct SMMUTLBEntry { uint8_t level; uint8_t granule; IOMMUAccessFlags parent_perm; + SMMUSecSID sec_sid; } SMMUTLBEntry; =20 /* Stage-2 configuration. */ --=20 2.34.1 From nobody Sun Apr 12 00:58:07 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1771669072585187.35948582759522; Sat, 21 Feb 2026 02:17:52 -0800 (PST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vtk2y-0006y1-6s; Sat, 21 Feb 2026 05:17:12 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vtk2p-0006qY-Pb; Sat, 21 Feb 2026 05:17:05 -0500 Received: from zg8tmja5ljk3lje4ms43mwaa.icoremail.net ([209.97.181.73]) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vtk2n-00062C-Uf; Sat, 21 Feb 2026 05:17:03 -0500 Received: from prodtpl.icoremail.net (unknown [10.12.1.20]) by hzbj-icmmx-7 (Coremail) with SMTP id AQAAfwBHT2MahplpTa5VBw--.4586S2; Sat, 21 Feb 2026 18:16:58 +0800 (CST) Received: from phytium.com.cn (unknown [218.76.62.144]) by mail (Coremail) with SMTP id AQAAfwAHYO0ThplpaU4cAA--.49211S3; Sat, 21 Feb 2026 18:16:52 +0800 (CST) From: Tao Tang To: Eric Auger , Peter Maydell , "Michael S . Tsirkin" , Marcel Apfelbaum Cc: qemu-devel@nongnu.org, qemu-arm@nongnu.org, Chen Baozi , Pierrick Bouvier , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , Mostafa Saleh , Chao Liu , Tao Tang Subject: [RFC v4 14/31] hw/arm/smmu-common: Implement secure state handling in ptw Date: Sat, 21 Feb 2026 18:16:49 +0800 Message-Id: <20260221101649.2993830-1-tangtao1634@phytium.com.cn> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20260221100250.2976287-1-tangtao1634@phytium.com.cn> References: <20260221100250.2976287-1-tangtao1634@phytium.com.cn> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-CM-TRANSID: AQAAfwAHYO0ThplpaU4cAA--.49211S3 X-CM-SenderInfo: pwdqw3tdrrljuu6sx5pwlxzhxfrphubq/1tbiAQANBWmYzyUAMQAAsj Authentication-Results: hzbj-icmmx-7; spf=neutral smtp.mail=tangtao163 4@phytium.com.cn; X-Coremail-Antispam: 1Uk129KBjvJXoW3AF47JFW8GrWxGw4UZr4xJFb_yoW7tF1Upa yxGr90qr4fKFyIyws7ta1qv3ZxW3ykWrsrWrZrCr9ay3W3try8X3sFyry5CFWqqF15Xayx ZayUKrs7Zw4kJ3DanT9S1TB71UUUUUDqnTZGkaVYY2UrUUUUj1kv1TuYvTs0mT0YCTnIWj DUYxn0WfASr-VFAU7a7-sFnT9fnUUIcSsGvfJ3UbIYCTnIWIevJa73UjIFyTuYvj4RJUUU UUUUU Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=209.97.181.73; envelope-from=tangtao1634@phytium.com.cn; helo=zg8tmja5ljk3lje4ms43mwaa.icoremail.net X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZM-MESSAGEID: 1771669074819158500 Content-Type: text/plain; charset="utf-8" Enhance the page table walker to correctly handle secure and non-secure memory accesses. This change introduces logic to select the appropriate address space and enforce architectural security policies during walks. The page table walker now correctly processes Secure Stage 1 translations. Key changes include: - The get_pte function now uses the security context to fetch table entries from either the Secure or Non-secure address space. - The stage 1 walker tracks the security state, respecting the NSCFG and NSTable attributes. It correctly handles the hierarchical security model: if a table descriptor in a secure walk has NSTable=3D1, all subsequent lookups for that walk are forced into the Non-secure space. This is a one-way transition, as specified by the architecture. - The final TLB entry is tagged with the correct output address space, ensuring proper memory isolation. Note: We do not yet support secure stage 2 translations. So ns_as member in SMMUTransCfg is used to cache non-secure AS instead of refactoring smmu_ptw_64_s2 to pass SMMUState context. Signed-off-by: Tao Tang --- hw/arm/smmu-common.c | 50 ++++++++++++++++++++++++++++++++++++++++---- hw/arm/smmuv3.c | 1 + 2 files changed, 47 insertions(+), 4 deletions(-) diff --git a/hw/arm/smmu-common.c b/hw/arm/smmu-common.c index a732303b28b..84e71df6767 100644 --- a/hw/arm/smmu-common.c +++ b/hw/arm/smmu-common.c @@ -406,15 +406,16 @@ void smmu_iotlb_inv_vmid_s1(SMMUState *s, int vmid) /** * get_pte - Get the content of a page table entry located at * @base_addr[@index] + * @as: AddressSpace to read from */ static int get_pte(dma_addr_t baseaddr, uint32_t index, uint64_t *pte, - SMMUPTWEventInfo *info) + SMMUPTWEventInfo *info, AddressSpace *as, MemTxAttrs at= trs) { int ret; dma_addr_t addr =3D baseaddr + index * sizeof(*pte); =20 /* TODO: guarantee 64-bit single-copy atomicity */ - ret =3D ldq_le_dma(&address_space_memory, addr, pte, MEMTXATTRS_UNSPEC= IFIED); + ret =3D ldq_le_dma(as, addr, pte, attrs); =20 if (ret !=3D MEMTX_OK) { info->type =3D SMMU_PTW_ERR_WALK_EABT; @@ -538,6 +539,9 @@ static int smmu_ptw_64_s1(SMMUState *bs, SMMUTransCfg *= cfg, SMMUStage stage =3D cfg->stage; SMMUTransTableInfo *tt =3D select_tt(cfg, iova); uint8_t level, granule_sz, inputsize, stride; + int nscfg, current_ns, new_nstable; + bool sid_is_ns =3D cfg->sec_sid =3D=3D SMMU_SEC_SID_NS; + bool forced_ns =3D false; /* Once true, NSTable is ignored */ =20 if (!tt || tt->disabled) { info->type =3D SMMU_PTW_ERR_TRANSLATION; @@ -552,6 +556,8 @@ static int smmu_ptw_64_s1(SMMUState *bs, SMMUTransCfg *= cfg, =20 baseaddr =3D extract64(tt->ttb, 0, cfg->oas); baseaddr &=3D ~indexmask; + nscfg =3D tt->nscfg; + forced_ns =3D sid_is_ns || nscfg; =20 while (level < VMSA_LEVELS) { uint64_t subpage_size =3D 1ULL << level_shift(level, granule_sz); @@ -560,8 +566,17 @@ static int smmu_ptw_64_s1(SMMUState *bs, SMMUTransCfg = *cfg, uint64_t pte, gpa; dma_addr_t pte_addr =3D baseaddr + offset * sizeof(pte); uint8_t ap; + AddressSpace *pte_as; + MemTxAttrs pte_attrs; =20 - if (get_pte(baseaddr, offset, &pte, info)) { + /* + * Start in NS for Non-secure streams or CD.NSCFGx =3D=3D 1. + * Once walk is in NS, NSTable is ignored on subsequent levels. + */ + current_ns =3D forced_ns || nscfg; + pte_as =3D current_ns ? &bs->memory_as : &bs->secure_memory_as; + pte_attrs =3D current_ns ? MEMTXATTRS_UNSPECIFIED : cfg->txattrs; + if (get_pte(baseaddr, offset, &pte, info, pte_as, pte_attrs)) { goto error; } trace_smmu_ptw_level(stage, level, iova, subpage_size, @@ -586,6 +601,23 @@ static int smmu_ptw_64_s1(SMMUState *bs, SMMUTransCfg = *cfg, goto error; } } + + /* + * NSTable can switch the walk to NS only while the current wa= lk + * level is Secure. Once switched to NS, NSTable is ignored ac= cording + * to hierarchical control of Secure/Non-secure accesses: + * (IHI 0070G.b)13.4.1 Stage 1 page permissions and + * (DDI 0487H.a)D8.4.2 Control of Secure or Non-secure memory = access + */ + if (!forced_ns) { + new_nstable =3D PTE_NSTABLE(pte); + if (new_nstable) { + forced_ns =3D true; + nscfg =3D 1; + } else { + nscfg =3D 0; + } + } level++; continue; } else if (is_page_pte(pte, level)) { @@ -628,6 +660,13 @@ static int smmu_ptw_64_s1(SMMUState *bs, SMMUTransCfg = *cfg, goto error; } =20 + if (current_ns) { + tlbe->sec_sid =3D SMMU_SEC_SID_NS; + } else { + tlbe->sec_sid =3D PTE_NS(pte) ? SMMU_SEC_SID_NS : SMMU_SEC_SID= _S; + } + tlbe->entry.target_as =3D (tlbe->sec_sid =3D=3D SMMU_SEC_SID_S) + ? &bs->secure_memory_as : &bs->memory_as; tlbe->entry.translated_addr =3D gpa; tlbe->entry.iova =3D iova & ~mask; tlbe->entry.addr_mask =3D mask; @@ -697,7 +736,8 @@ static int smmu_ptw_64_s2(SMMUTransCfg *cfg, dma_addr_t pte_addr =3D baseaddr + offset * sizeof(pte); uint8_t s2ap; =20 - if (get_pte(baseaddr, offset, &pte, info)) { + if (get_pte(baseaddr, offset, &pte, info, cfg->ns_as, + MEMTXATTRS_UNSPECIFIED)) { goto error; } trace_smmu_ptw_level(stage, level, ipa, subpage_size, @@ -750,6 +790,8 @@ static int smmu_ptw_64_s2(SMMUTransCfg *cfg, goto error_ipa; } =20 + tlbe->sec_sid =3D SMMU_SEC_SID_NS; + tlbe->entry.target_as =3D cfg->ns_as; tlbe->entry.translated_addr =3D gpa; tlbe->entry.iova =3D ipa & ~mask; tlbe->entry.addr_mask =3D mask; diff --git a/hw/arm/smmuv3.c b/hw/arm/smmuv3.c index b8f2fae9a1d..504161ce06d 100644 --- a/hw/arm/smmuv3.c +++ b/hw/arm/smmuv3.c @@ -1147,6 +1147,7 @@ epilogue: switch (status) { case SMMU_TRANS_SUCCESS: entry.perm =3D cached_entry->entry.perm; + entry.target_as =3D cached_entry->entry.target_as; entry.translated_addr =3D CACHED_ENTRY_TO_ADDR(cached_entry, addr); entry.addr_mask =3D cached_entry->entry.addr_mask; trace_smmuv3_translate_success(mr->parent_obj.name, sid, addr, --=20 2.34.1 From nobody Sun Apr 12 00:58:07 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 17716690891681000.1167407887531; Sat, 21 Feb 2026 02:18:09 -0800 (PST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vtk31-000796-Jf; Sat, 21 Feb 2026 05:17:15 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vtk30-00075p-ER; Sat, 21 Feb 2026 05:17:14 -0500 Received: from sgoci-sdnproxy-4.icoremail.net ([129.150.39.64]) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vtk2x-0006Nf-9r; Sat, 21 Feb 2026 05:17:14 -0500 Received: from prodtpl.icoremail.net (unknown [10.12.1.20]) by hzbj-icmmx-6 (Coremail) with SMTP id AQAAfwAHXdAihplp6x5zAA--.3190S2; Sat, 21 Feb 2026 18:17:06 +0800 (CST) Received: from phytium.com.cn (unknown [218.76.62.144]) by mail (Coremail) with SMTP id AQAAfwC3DuwdhplpbE4cAA--.34817S3; Sat, 21 Feb 2026 18:17:02 +0800 (CST) From: Tao Tang To: Eric Auger , Peter Maydell , "Michael S . Tsirkin" , Marcel Apfelbaum Cc: qemu-devel@nongnu.org, qemu-arm@nongnu.org, Chen Baozi , Pierrick Bouvier , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , Mostafa Saleh , Chao Liu , Tao Tang Subject: [RFC v4 15/31] hw/arm/smmuv3: Tag IOTLB cache keys with SEC_SID Date: Sat, 21 Feb 2026 18:16:57 +0800 Message-Id: <20260221101657.2994097-1-tangtao1634@phytium.com.cn> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20260221100250.2976287-1-tangtao1634@phytium.com.cn> References: <20260221100250.2976287-1-tangtao1634@phytium.com.cn> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-CM-TRANSID: AQAAfwC3DuwdhplpbE4cAA--.34817S3 X-CM-SenderInfo: pwdqw3tdrrljuu6sx5pwlxzhxfrphubq/1tbiAQANBWmYzyUAMwAAsh Authentication-Results: hzbj-icmmx-6; spf=neutral smtp.mail=tangtao163 4@phytium.com.cn; X-Coremail-Antispam: 1Uk129KBjvAXoW3ZFW7Aw43WF4DtF4rXFyrWFg_yoW8AFWrCo WxG3Wjqr48J3W7WFyqkFs7JFy2va4Dtay5Zw4rX3yag3ZxKrn8tFWxtr4fXF4Fgr4UAF40 vF95ArW8XF1UC3s3n29KB7ZKAUJUUUU8529EdanIXcx71UUUUU7KY7ZEXasCq-sGcSsGvf J3UbIjqfuFe4nvWSU8nxnvy29KBjDU0xBIdaVrnUUvcSsGvfC2KfnxnUUI43ZEXa7xR_UU UUUUUUU== Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=129.150.39.64; envelope-from=tangtao1634@phytium.com.cn; helo=sgoci-sdnproxy-4.icoremail.net X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZM-MESSAGEID: 1771669091013158500 Content-Type: text/plain; charset="utf-8" To prevent aliasing between secure and non-secure translations for the same address space, the IOTLB lookup key must incorporate the security state of the transaction. This commit: - expands SMMUIOTLBKey with SEC_SID field for cache key differentiation - extends SMMUIOTLBPageInvInfo with SEC_SID for invalidation filtering - updates all IOTLB invalidation helpers (smmu_iotlb_inv_iova, smmu_iotlb_inv_ipa, smmu_iotlb_inv_asid_vmid, smmu_iotlb_inv_vmid, smmu_iotlb_inv_vmid_s1) to accept and filter by SEC_SID - plumbs SEC_SID through smmuv3_range_inval for TLB invalidation - enhances trace events to include SEC_SID for better debugging This ensures that secure and non-secure TLB entries are treated as distinct entities within the cache, preventing TLB pollution between different worlds. Signed-off-by: Tao Tang Reviewed-by: Pierrick Bouvier --- hw/arm/smmu-common.c | 80 ++++++++++++++++++++++++------------ hw/arm/smmu-internal.h | 2 + hw/arm/smmuv3.c | 36 ++++++++-------- hw/arm/trace-events | 12 +++--- include/hw/arm/smmu-common.h | 16 +++++--- 5 files changed, 92 insertions(+), 54 deletions(-) diff --git a/hw/arm/smmu-common.c b/hw/arm/smmu-common.c index 84e71df6767..bb43430cc3b 100644 --- a/hw/arm/smmu-common.c +++ b/hw/arm/smmu-common.c @@ -95,7 +95,7 @@ static guint smmu_iotlb_key_hash(gconstpointer v) =20 /* Jenkins hash */ a =3D b =3D c =3D JHASH_INITVAL + sizeof(*key); - a +=3D key->asid + key->vmid + key->level + key->tg; + a +=3D key->asid + key->vmid + key->level + key->tg + key->sec_sid; b +=3D extract64(key->iova, 0, 32); c +=3D extract64(key->iova, 32, 32); =20 @@ -111,14 +111,15 @@ static gboolean smmu_iotlb_key_equal(gconstpointer v1= , gconstpointer v2) =20 return (k1->asid =3D=3D k2->asid) && (k1->iova =3D=3D k2->iova) && (k1->level =3D=3D k2->level) && (k1->tg =3D=3D k2->tg) && - (k1->vmid =3D=3D k2->vmid); + (k1->vmid =3D=3D k2->vmid) && (k1->sec_sid =3D=3D k2->sec_sid); } =20 SMMUIOTLBKey smmu_get_iotlb_key(int asid, int vmid, uint64_t iova, - uint8_t tg, uint8_t level) + uint8_t tg, uint8_t level, + SMMUSecSID sec_sid) { SMMUIOTLBKey key =3D {.asid =3D asid, .vmid =3D vmid, .iova =3D iova, - .tg =3D tg, .level =3D level}; + .tg =3D tg, .level =3D level, .sec_sid =3D sec_sid= }; =20 return key; } @@ -140,7 +141,7 @@ static SMMUTLBEntry *smmu_iotlb_lookup_all_levels(SMMUS= tate *bs, SMMUIOTLBKey key; =20 key =3D smmu_get_iotlb_key(cfg->asid, cfg->s2cfg.vmid, - iova & ~mask, tg, level); + iova & ~mask, tg, level, cfg->sec_sid); entry =3D g_hash_table_lookup(bs->iotlb, &key); if (entry) { break; @@ -204,7 +205,7 @@ void smmu_iotlb_insert(SMMUState *bs, SMMUTransCfg *cfg= , SMMUTLBEntry *new) } =20 *key =3D smmu_get_iotlb_key(cfg->asid, cfg->s2cfg.vmid, new->entry.iov= a, - tg, new->level); + tg, new->level, cfg->sec_sid); trace_smmu_iotlb_insert(cfg->asid, cfg->s2cfg.vmid, new->entry.iova, tg, new->level); g_hash_table_insert(bs->iotlb, key, new); @@ -223,26 +224,29 @@ static gboolean smmu_hash_remove_by_asid_vmid(gpointe= r key, gpointer value, SMMUIOTLBKey *iotlb_key =3D (SMMUIOTLBKey *)key; =20 return (SMMU_IOTLB_ASID(*iotlb_key) =3D=3D info->asid) && - (SMMU_IOTLB_VMID(*iotlb_key) =3D=3D info->vmid); + (SMMU_IOTLB_VMID(*iotlb_key) =3D=3D info->vmid) && + (SMMU_IOTLB_SEC_SID(*iotlb_key) =3D=3D info->sec_sid); } =20 static gboolean smmu_hash_remove_by_vmid(gpointer key, gpointer value, gpointer user_data) { - int vmid =3D *(int *)user_data; + SMMUIOTLBPageInvInfo *info =3D (SMMUIOTLBPageInvInfo *)user_data; SMMUIOTLBKey *iotlb_key =3D (SMMUIOTLBKey *)key; =20 - return SMMU_IOTLB_VMID(*iotlb_key) =3D=3D vmid; + return (SMMU_IOTLB_VMID(*iotlb_key) =3D=3D info->vmid) && + (SMMU_IOTLB_SEC_SID(*iotlb_key) =3D=3D info->sec_sid); } =20 static gboolean smmu_hash_remove_by_vmid_s1(gpointer key, gpointer value, gpointer user_data) { - int vmid =3D *(int *)user_data; + SMMUIOTLBPageInvInfo *info =3D (SMMUIOTLBPageInvInfo *)user_data; SMMUIOTLBKey *iotlb_key =3D (SMMUIOTLBKey *)key; =20 - return (SMMU_IOTLB_VMID(*iotlb_key) =3D=3D vmid) && - (SMMU_IOTLB_ASID(*iotlb_key) >=3D 0); + return (SMMU_IOTLB_VMID(*iotlb_key) =3D=3D info->vmid) && + (SMMU_IOTLB_ASID(*iotlb_key) >=3D 0) && + (SMMU_IOTLB_SEC_SID(*iotlb_key) =3D=3D info->sec_sid); } =20 static gboolean smmu_hash_remove_by_asid_vmid_iova(gpointer key, gpointer = value, @@ -259,6 +263,9 @@ static gboolean smmu_hash_remove_by_asid_vmid_iova(gpoi= nter key, gpointer value, if (info->vmid >=3D 0 && info->vmid !=3D SMMU_IOTLB_VMID(iotlb_key)) { return false; } + if (info->sec_sid !=3D SMMU_IOTLB_SEC_SID(iotlb_key)) { + return false; + } return ((info->iova & ~entry->addr_mask) =3D=3D entry->iova) || ((entry->iova & ~info->mask) =3D=3D info->iova); } @@ -278,6 +285,9 @@ static gboolean smmu_hash_remove_by_vmid_ipa(gpointer k= ey, gpointer value, if (info->vmid !=3D SMMU_IOTLB_VMID(iotlb_key)) { return false; } + if (info->sec_sid !=3D SMMU_IOTLB_SEC_SID(iotlb_key)) { + return false; + } return ((info->iova & ~entry->addr_mask) =3D=3D entry->iova) || ((entry->iova & ~info->mask) =3D=3D info->iova); } @@ -323,13 +333,15 @@ void smmu_configs_inv_sdev(SMMUState *s, SMMUDevice *= sdev) } =20 void smmu_iotlb_inv_iova(SMMUState *s, int asid, int vmid, dma_addr_t iova, - uint8_t tg, uint64_t num_pages, uint8_t ttl) + uint8_t tg, uint64_t num_pages, uint8_t ttl, + SMMUSecSID sec_sid) { /* if tg is not set we use 4KB range invalidation */ uint8_t granule =3D tg ? tg * 2 + 10 : 12; =20 if (ttl && (num_pages =3D=3D 1) && (asid >=3D 0)) { - SMMUIOTLBKey key =3D smmu_get_iotlb_key(asid, vmid, iova, tg, ttl); + SMMUIOTLBKey key =3D smmu_get_iotlb_key(asid, vmid, iova, + tg, ttl, sec_sid); =20 if (g_hash_table_remove(s->iotlb, &key)) { return; @@ -343,7 +355,8 @@ void smmu_iotlb_inv_iova(SMMUState *s, int asid, int vm= id, dma_addr_t iova, SMMUIOTLBPageInvInfo info =3D { .asid =3D asid, .iova =3D iova, .vmid =3D vmid, - .mask =3D (num_pages * 1 << granule) - 1}; + .mask =3D (num_pages * 1 << granule) - 1, + .sec_sid =3D sec_sid}; =20 g_hash_table_foreach_remove(s->iotlb, smmu_hash_remove_by_asid_vmid_iova, @@ -355,13 +368,15 @@ void smmu_iotlb_inv_iova(SMMUState *s, int asid, int = vmid, dma_addr_t iova, * in Stage-1 invalidation ASID =3D -1, means don't care. */ void smmu_iotlb_inv_ipa(SMMUState *s, int vmid, dma_addr_t ipa, uint8_t tg, - uint64_t num_pages, uint8_t ttl) + uint64_t num_pages, uint8_t ttl, + SMMUSecSID sec_sid) { uint8_t granule =3D tg ? tg * 2 + 10 : 12; int asid =3D -1; =20 if (ttl && (num_pages =3D=3D 1)) { - SMMUIOTLBKey key =3D smmu_get_iotlb_key(asid, vmid, ipa, tg, ttl); + SMMUIOTLBKey key =3D smmu_get_iotlb_key(asid, vmid, ipa, + tg, ttl, sec_sid); =20 if (g_hash_table_remove(s->iotlb, &key)) { return; @@ -371,34 +386,47 @@ void smmu_iotlb_inv_ipa(SMMUState *s, int vmid, dma_a= ddr_t ipa, uint8_t tg, SMMUIOTLBPageInvInfo info =3D { .iova =3D ipa, .vmid =3D vmid, - .mask =3D (num_pages << granule) - 1}; + .mask =3D (num_pages << granule) - 1, + .sec_sid =3D sec_sid}; =20 g_hash_table_foreach_remove(s->iotlb, smmu_hash_remove_by_vmid_ipa, &info); } =20 -void smmu_iotlb_inv_asid_vmid(SMMUState *s, int asid, int vmid) +void smmu_iotlb_inv_asid_vmid(SMMUState *s, int asid, int vmid, + SMMUSecSID sec_sid) { SMMUIOTLBPageInvInfo info =3D { .asid =3D asid, .vmid =3D vmid, + .sec_sid =3D sec_sid, }; =20 - trace_smmu_iotlb_inv_asid_vmid(asid, vmid); + trace_smmu_iotlb_inv_asid_vmid(sec_sid, asid, vmid); g_hash_table_foreach_remove(s->iotlb, smmu_hash_remove_by_asid_vmid, &= info); } =20 -void smmu_iotlb_inv_vmid(SMMUState *s, int vmid) +void smmu_iotlb_inv_vmid(SMMUState *s, int vmid, SMMUSecSID sec_sid) { - trace_smmu_iotlb_inv_vmid(vmid); - g_hash_table_foreach_remove(s->iotlb, smmu_hash_remove_by_vmid, &vmid); + SMMUIOTLBPageInvInfo info =3D { + .vmid =3D vmid, + .sec_sid =3D sec_sid, + }; + + trace_smmu_iotlb_inv_vmid(sec_sid, vmid); + g_hash_table_foreach_remove(s->iotlb, smmu_hash_remove_by_vmid, &info); } =20 -void smmu_iotlb_inv_vmid_s1(SMMUState *s, int vmid) +void smmu_iotlb_inv_vmid_s1(SMMUState *s, int vmid, SMMUSecSID sec_sid) { - trace_smmu_iotlb_inv_vmid_s1(vmid); - g_hash_table_foreach_remove(s->iotlb, smmu_hash_remove_by_vmid_s1, &vm= id); + SMMUIOTLBPageInvInfo info =3D { + .vmid =3D vmid, + .sec_sid =3D sec_sid, + }; + + trace_smmu_iotlb_inv_vmid_s1(sec_sid, vmid); + g_hash_table_foreach_remove(s->iotlb, smmu_hash_remove_by_vmid_s1, &in= fo); } =20 /* VMSAv8-64 Translation */ diff --git a/hw/arm/smmu-internal.h b/hw/arm/smmu-internal.h index a0454f720da..5ddd0372d5b 100644 --- a/hw/arm/smmu-internal.h +++ b/hw/arm/smmu-internal.h @@ -145,12 +145,14 @@ static inline int pgd_concat_idx(int start_level, int= granule_sz, =20 #define SMMU_IOTLB_ASID(key) ((key).asid) #define SMMU_IOTLB_VMID(key) ((key).vmid) +#define SMMU_IOTLB_SEC_SID(key) ((key).sec_sid) =20 typedef struct SMMUIOTLBPageInvInfo { int asid; int vmid; uint64_t iova; uint64_t mask; + SMMUSecSID sec_sid; } SMMUIOTLBPageInvInfo; =20 #endif diff --git a/hw/arm/smmuv3.c b/hw/arm/smmuv3.c index 504161ce06d..4a4de719a7c 100644 --- a/hw/arm/smmuv3.c +++ b/hw/arm/smmuv3.c @@ -1279,7 +1279,8 @@ static void smmuv3_inv_notifiers_iova(SMMUState *s, i= nt asid, int vmid, } } =20 -static void smmuv3_range_inval(SMMUState *s, Cmd *cmd, SMMUStage stage) +static void smmuv3_range_inval(SMMUState *s, Cmd *cmd, SMMUStage stage, + SMMUSecSID sec_sid) { dma_addr_t end, addr =3D CMD_ADDR(cmd); uint8_t type =3D CMD_TYPE(cmd); @@ -1304,12 +1305,13 @@ static void smmuv3_range_inval(SMMUState *s, Cmd *c= md, SMMUStage stage) } =20 if (!tg) { - trace_smmuv3_range_inval(vmid, asid, addr, tg, 1, ttl, leaf, stage= ); + trace_smmuv3_range_inval(sec_sid, vmid, asid, addr, + tg, 1, ttl, leaf, stage); smmuv3_inv_notifiers_iova(s, asid, vmid, addr, tg, 1, stage); if (stage =3D=3D SMMU_STAGE_1) { - smmu_iotlb_inv_iova(s, asid, vmid, addr, tg, 1, ttl); + smmu_iotlb_inv_iova(s, asid, vmid, addr, tg, 1, ttl, sec_sid); } else { - smmu_iotlb_inv_ipa(s, vmid, addr, tg, 1, ttl); + smmu_iotlb_inv_ipa(s, vmid, addr, tg, 1, ttl, sec_sid); } return; } @@ -1326,13 +1328,15 @@ static void smmuv3_range_inval(SMMUState *s, Cmd *c= md, SMMUStage stage) uint64_t mask =3D dma_aligned_pow2_mask(addr, end, 64); =20 num_pages =3D (mask + 1) >> granule; - trace_smmuv3_range_inval(vmid, asid, addr, tg, num_pages, - ttl, leaf, stage); - smmuv3_inv_notifiers_iova(s, asid, vmid, addr, tg, num_pages, stag= e); + trace_smmuv3_range_inval(sec_sid, vmid, asid, addr, tg, + num_pages, ttl, leaf, stage); + smmuv3_inv_notifiers_iova(s, asid, vmid, addr, tg, + num_pages, stage); if (stage =3D=3D SMMU_STAGE_1) { - smmu_iotlb_inv_iova(s, asid, vmid, addr, tg, num_pages, ttl); + smmu_iotlb_inv_iova(s, asid, vmid, addr, tg, + num_pages, ttl, sec_sid); } else { - smmu_iotlb_inv_ipa(s, vmid, addr, tg, num_pages, ttl); + smmu_iotlb_inv_ipa(s, vmid, addr, tg, num_pages, ttl, sec_sid); } addr +=3D mask + 1; } @@ -1474,9 +1478,9 @@ static int smmuv3_cmdq_consume(SMMUv3State *s, Error = **errp) vmid =3D CMD_VMID(&cmd); } =20 - trace_smmuv3_cmdq_tlbi_nh_asid(asid); + trace_smmuv3_cmdq_tlbi_nh_asid(sec_sid, asid); smmu_inv_notifiers_all(&s->smmu_state); - smmu_iotlb_inv_asid_vmid(bs, asid, vmid); + smmu_iotlb_inv_asid_vmid(bs, asid, vmid, sec_sid); if (!smmuv3_accel_issue_inv_cmd(s, &cmd, NULL, errp)) { cmd_error =3D SMMU_CERROR_ILL; break; @@ -1498,8 +1502,8 @@ static int smmuv3_cmdq_consume(SMMUv3State *s, Error = **errp) */ if (STAGE2_SUPPORTED(s)) { vmid =3D CMD_VMID(&cmd); - trace_smmuv3_cmdq_tlbi_nh(vmid); - smmu_iotlb_inv_vmid_s1(bs, vmid); + trace_smmuv3_cmdq_tlbi_nh(sec_sid, vmid); + smmu_iotlb_inv_vmid_s1(bs, vmid, sec_sid); break; } QEMU_FALLTHROUGH; @@ -1519,7 +1523,7 @@ static int smmuv3_cmdq_consume(SMMUv3State *s, Error = **errp) cmd_error =3D SMMU_CERROR_ILL; break; } - smmuv3_range_inval(bs, &cmd, SMMU_STAGE_1); + smmuv3_range_inval(bs, &cmd, SMMU_STAGE_1, SMMU_SEC_SID_NS); if (!smmuv3_accel_issue_inv_cmd(s, &cmd, NULL, errp)) { cmd_error =3D SMMU_CERROR_ILL; break; @@ -1536,7 +1540,7 @@ static int smmuv3_cmdq_consume(SMMUv3State *s, Error = **errp) =20 trace_smmuv3_cmdq_tlbi_s12_vmid(vmid); smmu_inv_notifiers_all(&s->smmu_state); - smmu_iotlb_inv_vmid(bs, vmid); + smmu_iotlb_inv_vmid(bs, vmid, SMMU_SEC_SID_NS); break; } case SMMU_CMD_TLBI_S2_IPA: @@ -1548,7 +1552,7 @@ static int smmuv3_cmdq_consume(SMMUv3State *s, Error = **errp) * As currently only either s1 or s2 are supported * we can reuse same function for s2. */ - smmuv3_range_inval(bs, &cmd, SMMU_STAGE_2); + smmuv3_range_inval(bs, &cmd, SMMU_STAGE_2, SMMU_SEC_SID_NS); break; case SMMU_CMD_ATC_INV: { diff --git a/hw/arm/trace-events b/hw/arm/trace-events index 9c2cc131ab4..4e360b3c0d3 100644 --- a/hw/arm/trace-events +++ b/hw/arm/trace-events @@ -18,9 +18,9 @@ smmu_ptw_page_pte(int stage, int level, uint64_t iova, u= int64_t baseaddr, uint6 smmu_ptw_block_pte(int stage, int level, uint64_t baseaddr, uint64_t ptead= dr, uint64_t pte, uint64_t iova, uint64_t gpa, int bsize_mb) "stage=3D%d le= vel=3D%d base@=3D0x%"PRIx64" pte@=3D0x%"PRIx64" pte=3D0x%"PRIx64" iova=3D0x= %"PRIx64" block address =3D 0x%"PRIx64" block size =3D %d MiB" smmu_get_pte(uint64_t baseaddr, int index, uint64_t pteaddr, uint64_t pte)= "baseaddr=3D0x%"PRIx64" index=3D0x%x, pteaddr=3D0x%"PRIx64", pte=3D0x%"PRI= x64 smmu_iotlb_inv_all(void) "IOTLB invalidate all" -smmu_iotlb_inv_asid_vmid(int asid, int vmid) "IOTLB invalidate asid=3D%d v= mid=3D%d" -smmu_iotlb_inv_vmid(int vmid) "IOTLB invalidate vmid=3D%d" -smmu_iotlb_inv_vmid_s1(int vmid) "IOTLB invalidate vmid=3D%d" +smmu_iotlb_inv_asid_vmid(int sec_sid, int asid, int vmid) "IOTLB invalidat= e sec_sid=3D%d asid=3D%d vmid=3D%d" +smmu_iotlb_inv_vmid(int sec_sid, int vmid) "IOTLB invalidate sec_sid=3D%d = vmid=3D%d" +smmu_iotlb_inv_vmid_s1(int sec_sid, int vmid) "IOTLB invalidate S1 sec_sid= =3D%d vmid=3D%d" smmu_iotlb_inv_iova(int asid, uint64_t addr) "IOTLB invalidate asid=3D%d a= ddr=3D0x%"PRIx64 smmu_configs_inv_sid_range(uint32_t start, uint32_t end) "Config cache INV= SID range from 0x%x to 0x%x" smmu_config_cache_inv(uint32_t sid) "Config cache INV for sid=3D0x%x" @@ -56,10 +56,10 @@ smmuv3_cmdq_cfgi_ste_range(int start, int end) "start= =3D0x%x - end=3D0x%x" smmuv3_cmdq_cfgi_cd(uint32_t sid) "sid=3D0x%x" smmuv3_config_cache_hit(uint32_t sid, uint32_t hits, uint32_t misses, uint= 32_t perc) "Config cache HIT for sid=3D0x%x (hits=3D%d, misses=3D%d, hit ra= te=3D%d)" smmuv3_config_cache_miss(uint32_t sid, uint32_t hits, uint32_t misses, uin= t32_t perc) "Config cache MISS for sid=3D0x%x (hits=3D%d, misses=3D%d, hit = rate=3D%d)" -smmuv3_range_inval(int vmid, int asid, uint64_t addr, uint8_t tg, uint64_t= num_pages, uint8_t ttl, bool leaf, int stage) "vmid=3D%d asid=3D%d addr=3D= 0x%"PRIx64" tg=3D%d num_pages=3D0x%"PRIx64" ttl=3D%d leaf=3D%d stage=3D%d" -smmuv3_cmdq_tlbi_nh(int vmid) "vmid=3D%d" +smmuv3_range_inval(int sec_sid, int vmid, int asid, uint64_t addr, uint8_t= tg, uint64_t num_pages, uint8_t ttl, bool leaf, int stage) "sec_sid=3D%d v= mid=3D%d asid=3D%d addr=3D0x%"PRIx64" tg=3D%d num_pages=3D0x%"PRIx64" ttl= =3D%d leaf=3D%d stage=3D%d" +smmuv3_cmdq_tlbi_nh(int sec_sid, int vmid) "sec_sid=3D%d vmid=3D%d" smmuv3_cmdq_tlbi_nsnh(void) "" -smmuv3_cmdq_tlbi_nh_asid(int asid) "asid=3D%d" +smmuv3_cmdq_tlbi_nh_asid(int sec_sid, int asid) "sec_sid=3D%d asid=3D%d" smmuv3_cmdq_tlbi_s12_vmid(int vmid) "vmid=3D%d" smmuv3_notify_flag_add(const char *iommu) "ADD SMMUNotifier node for iommu= mr=3D%s" smmuv3_notify_flag_del(const char *iommu) "DEL SMMUNotifier node for iommu= mr=3D%s" diff --git a/include/hw/arm/smmu-common.h b/include/hw/arm/smmu-common.h index b0a02e12fe6..7d1d0936921 100644 --- a/include/hw/arm/smmu-common.h +++ b/include/hw/arm/smmu-common.h @@ -162,6 +162,7 @@ typedef struct SMMUIOTLBKey { int vmid; uint8_t tg; uint8_t level; + SMMUSecSID sec_sid; } SMMUIOTLBKey; =20 typedef struct SMMUConfigKey { @@ -256,16 +257,19 @@ SMMUTLBEntry *smmu_iotlb_lookup(SMMUState *bs, SMMUTr= ansCfg *cfg, SMMUTransTableInfo *tt, hwaddr iova); void smmu_iotlb_insert(SMMUState *bs, SMMUTransCfg *cfg, SMMUTLBEntry *ent= ry); SMMUIOTLBKey smmu_get_iotlb_key(int asid, int vmid, uint64_t iova, - uint8_t tg, uint8_t level); + uint8_t tg, uint8_t level, SMMUSecSID sec_= sid); SMMUConfigKey smmu_get_config_key(SMMUDevice *sdev, SMMUSecSID sec_sid); void smmu_iotlb_inv_all(SMMUState *s); -void smmu_iotlb_inv_asid_vmid(SMMUState *s, int asid, int vmid); -void smmu_iotlb_inv_vmid(SMMUState *s, int vmid); -void smmu_iotlb_inv_vmid_s1(SMMUState *s, int vmid); +void smmu_iotlb_inv_asid_vmid(SMMUState *s, int asid, int vmid, + SMMUSecSID sec_sid); +void smmu_iotlb_inv_vmid(SMMUState *s, int vmid, SMMUSecSID sec_sid); +void smmu_iotlb_inv_vmid_s1(SMMUState *s, int vmid, SMMUSecSID sec_sid); void smmu_iotlb_inv_iova(SMMUState *s, int asid, int vmid, dma_addr_t iova, - uint8_t tg, uint64_t num_pages, uint8_t ttl); + uint8_t tg, uint64_t num_pages, uint8_t ttl, + SMMUSecSID sec_sid); void smmu_iotlb_inv_ipa(SMMUState *s, int vmid, dma_addr_t ipa, uint8_t tg, - uint64_t num_pages, uint8_t ttl); + uint64_t num_pages, uint8_t ttl, + SMMUSecSID sec_sid); void smmu_configs_inv_sid_range(SMMUState *s, SMMUSIDRange sid_range); void smmu_configs_inv_sdev(SMMUState *s, SMMUDevice *sdev); /* Unmap the range of all the notifiers registered to any IOMMU mr */ --=20 2.34.1 From nobody Sun Apr 12 00:58:07 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1771669097685568.8297251966724; Sat, 21 Feb 2026 02:18:17 -0800 (PST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vtk36-0007Hq-0z; Sat, 21 Feb 2026 05:17:20 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vtk34-0007Ew-La; Sat, 21 Feb 2026 05:17:18 -0500 Received: from sgoci-sdnproxy-4.icoremail.net ([129.150.39.64]) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vtk32-0006hb-Fw; Sat, 21 Feb 2026 05:17:18 -0500 Received: from prodtpl.icoremail.net (unknown [10.12.1.20]) by hzbj-icmmx-7 (Coremail) with SMTP id AQAAfwDX3Jgnhplpp65VBw--.4410S2; Sat, 21 Feb 2026 18:17:11 +0800 (CST) Received: from phytium.com.cn (unknown [218.76.62.144]) by mail (Coremail) with SMTP id AQAAfwD3T+0lhplpbU4cAA--.49559S3; Sat, 21 Feb 2026 18:17:09 +0800 (CST) From: Tao Tang To: Eric Auger , Peter Maydell , "Michael S . Tsirkin" , Marcel Apfelbaum Cc: qemu-devel@nongnu.org, qemu-arm@nongnu.org, Chen Baozi , Pierrick Bouvier , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , Mostafa Saleh , Chao Liu , Tao Tang Subject: [RFC v4 16/31] hw/arm/smmuv3: Plumb SEC_SID through IOMMU notifier path Date: Sat, 21 Feb 2026 18:17:06 +0800 Message-Id: <20260221101706.2994213-1-tangtao1634@phytium.com.cn> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20260221100250.2976287-1-tangtao1634@phytium.com.cn> References: <20260221100250.2976287-1-tangtao1634@phytium.com.cn> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-CM-TRANSID: AQAAfwD3T+0lhplpbU4cAA--.49559S3 X-CM-SenderInfo: pwdqw3tdrrljuu6sx5pwlxzhxfrphubq/1tbiAQANBWmYzyUANQAAsn Authentication-Results: hzbj-icmmx-7; spf=neutral smtp.mail=tangtao163 4@phytium.com.cn; X-Coremail-Antispam: 1Uk129KBjvJXoWxAw18Jr4xWw4Dur4kAF4ktFb_yoW5uFW5pr WkKa909r4rJayfZa1fZw4UCF9xW34DKrWrKrWYgrn5t3WkJ34xtFWDC34jvrZ8Gr18ArZx X3y2gF43Zw12q3DanT9S1TB71UUUUU7qnTZGkaVYY2UrUUUUj1kv1TuYvTs0mT0YCTnIWj DUYxn0WfASr-VFAU7a7-sFnT9fnUUIcSsGvfJ3UbIYCTnIWIevJa73UjIFyTuYvj4RJUUU UUUUU Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=129.150.39.64; envelope-from=tangtao1634@phytium.com.cn; helo=sgoci-sdnproxy-4.icoremail.net X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZM-MESSAGEID: 1771669099380158500 Content-Type: text/plain; charset="utf-8" Extend IOMMU notifier functions to be SEC_SID-aware, ensuring that invalidation notifications are dispatched to the correct security-aware address space. This ensures IOMMU notifier events (e.g., to VFIO) are correctly routed to the appropriate security world's address space, maintaining isolation between secure and non-secure DMA operations. Signed-off-by: Tao Tang Reviewed-by: Pierrick Bouvier --- hw/arm/smmuv3.c | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/hw/arm/smmuv3.c b/hw/arm/smmuv3.c index 4a4de719a7c..e33a7babd1c 100644 --- a/hw/arm/smmuv3.c +++ b/hw/arm/smmuv3.c @@ -1195,15 +1195,16 @@ epilogue: * @tg: translation granule (if communicated through range invalidation) * @num_pages: number of @granule sized pages (if tg !=3D 0), otherwise 1 * @stage: Which stage(1 or 2) is used + * @sec_sid: StreamID Security state */ static void smmuv3_notify_iova(IOMMUMemoryRegion *mr, IOMMUNotifier *n, int asid, int vmid, dma_addr_t iova, uint8_t tg, - uint64_t num_pages, int stage) + uint64_t num_pages, int stage, + SMMUSecSID sec_sid) { SMMUDevice *sdev =3D container_of(mr, SMMUDevice, iommu); - SMMUSecSID sec_sid =3D SMMU_SEC_SID_NS; SMMUEventInfo eventinfo =3D {.sec_sid =3D sec_sid, .inval_ste_allowed =3D true}; SMMUTransCfg *cfg =3D smmuv3_get_config(sdev, &eventinfo, sec_sid); @@ -1251,7 +1252,8 @@ static void smmuv3_notify_iova(IOMMUMemoryRegion *mr, } =20 event.type =3D IOMMU_NOTIFIER_UNMAP; - event.entry.target_as =3D &address_space_memory; + event.entry.target_as =3D smmu_get_address_space(sdev->smmu, sec_sid); + g_assert(event.entry.target_as); event.entry.iova =3D iova; event.entry.addr_mask =3D num_pages * (1 << granule) - 1; event.entry.perm =3D IOMMU_NONE; @@ -1262,7 +1264,8 @@ static void smmuv3_notify_iova(IOMMUMemoryRegion *mr, /* invalidate an asid/vmid/iova range tuple in all mr's */ static void smmuv3_inv_notifiers_iova(SMMUState *s, int asid, int vmid, dma_addr_t iova, uint8_t tg, - uint64_t num_pages, int stage) + uint64_t num_pages, int stage, + SMMUSecSID sec_sid) { SMMUDevice *sdev; =20 @@ -1274,7 +1277,8 @@ static void smmuv3_inv_notifiers_iova(SMMUState *s, i= nt asid, int vmid, iova, tg, num_pages, stage); =20 IOMMU_NOTIFIER_FOREACH(n, mr) { - smmuv3_notify_iova(mr, n, asid, vmid, iova, tg, num_pages, sta= ge); + smmuv3_notify_iova(mr, n, asid, vmid, iova, tg, + num_pages, stage, sec_sid); } } } @@ -1307,7 +1311,7 @@ static void smmuv3_range_inval(SMMUState *s, Cmd *cmd= , SMMUStage stage, if (!tg) { trace_smmuv3_range_inval(sec_sid, vmid, asid, addr, tg, 1, ttl, leaf, stage); - smmuv3_inv_notifiers_iova(s, asid, vmid, addr, tg, 1, stage); + smmuv3_inv_notifiers_iova(s, asid, vmid, addr, tg, 1, stage, sec_s= id); if (stage =3D=3D SMMU_STAGE_1) { smmu_iotlb_inv_iova(s, asid, vmid, addr, tg, 1, ttl, sec_sid); } else { @@ -1331,7 +1335,7 @@ static void smmuv3_range_inval(SMMUState *s, Cmd *cmd= , SMMUStage stage, trace_smmuv3_range_inval(sec_sid, vmid, asid, addr, tg, num_pages, ttl, leaf, stage); smmuv3_inv_notifiers_iova(s, asid, vmid, addr, tg, - num_pages, stage); + num_pages, stage, sec_sid); if (stage =3D=3D SMMU_STAGE_1) { smmu_iotlb_inv_iova(s, asid, vmid, addr, tg, num_pages, ttl, sec_sid); --=20 2.34.1 From nobody Sun Apr 12 00:58:07 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1771669052206511.47530933402004; Sat, 21 Feb 2026 02:17:32 -0800 (PST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vtk3D-0007aB-Bx; Sat, 21 Feb 2026 05:17:27 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vtk3B-0007Uf-Rf; Sat, 21 Feb 2026 05:17:25 -0500 Received: from zg8tmja5ljk3lje4ms43mwaa.icoremail.net ([209.97.181.73]) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vtk39-00071R-Os; Sat, 21 Feb 2026 05:17:25 -0500 Received: from prodtpl.icoremail.net (unknown [10.12.1.20]) by hzbj-icmmx-7 (Coremail) with SMTP id AQAAfwAnLZkvhplp0q5VBw--.3938S2; Sat, 21 Feb 2026 18:17:19 +0800 (CST) Received: from phytium.com.cn (unknown [218.76.62.144]) by mail (Coremail) with SMTP id AQAAfwDXL+0thplpb04cAA--.34326S3; Sat, 21 Feb 2026 18:17:18 +0800 (CST) From: Tao Tang To: Eric Auger , Peter Maydell , "Michael S . Tsirkin" , Marcel Apfelbaum Cc: qemu-devel@nongnu.org, qemu-arm@nongnu.org, Chen Baozi , Pierrick Bouvier , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , Mostafa Saleh , Chao Liu , Tao Tang Subject: [RFC v4 17/31] hw/arm/smmuv3: Pass sec_sid into cmdq consume path Date: Sat, 21 Feb 2026 18:17:14 +0800 Message-Id: <20260221101714.2994490-1-tangtao1634@phytium.com.cn> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20260221100250.2976287-1-tangtao1634@phytium.com.cn> References: <20260221100250.2976287-1-tangtao1634@phytium.com.cn> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-CM-TRANSID: AQAAfwDXL+0thplpb04cAA--.34326S3 X-CM-SenderInfo: pwdqw3tdrrljuu6sx5pwlxzhxfrphubq/1tbiAQANBWmYzyUANwAAsl Authentication-Results: hzbj-icmmx-7; spf=neutral smtp.mail=tangtao163 4@phytium.com.cn; X-Coremail-Antispam: 1Uk129KBjvJXoWxtFW3uF15KF4UKFWkAFy8Grg_yoWxGF4Dpr WDJwnI9r18Jan3ZF9Iv3y8ur13J34DtFyUtr1UW3WfA3ZrAr15Xrs09r1ru34DWryxAws3 uay3Wan8ZF12y37anT9S1TB71UUUUU7qnTZGkaVYY2UrUUUUj1kv1TuYvTs0mT0YCTnIWj DUYxn0WfASr-VFAU7a7-sFnT9fnUUIcSsGvfJ3UbIYCTnIWIevJa73UjIFyTuYvj4RJUUU UUUUU Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=209.97.181.73; envelope-from=tangtao1634@phytium.com.cn; helo=zg8tmja5ljk3lje4ms43mwaa.icoremail.net X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZM-MESSAGEID: 1771669054751158500 Content-Type: text/plain; charset="utf-8" Make smmuv3_cmdq_consume() security-state aware by passing sec_sid from smmu_writel() call sites (CR0/GERRORN/CMDQ_PROD paths), instead of hardcoding non-secure state. The related AddressSpace and MemTxAttrs are also obtained based on sec_sid. Also move CMD_SSEC legality checking to a single early check before command dispatch: secure commands are rejected on non-secure queues (including future Realm queue) with CERROR_ILL. This removes duplicated per-command checks in CFGI handlers. Finally, extend cmdq trace output with sec_sid so command processing can be correlated with the correct security bank. Signed-off-by: Tao Tang Reviewed-by: Eric Auger Reviewed-by: Pierrick Bouvier --- hw/arm/smmuv3.c | 50 ++++++++++++++++++++++----------------------- hw/arm/trace-events | 2 +- 2 files changed, 26 insertions(+), 26 deletions(-) diff --git a/hw/arm/smmuv3.c b/hw/arm/smmuv3.c index e33a7babd1c..b2559e80f24 100644 --- a/hw/arm/smmuv3.c +++ b/hw/arm/smmuv3.c @@ -111,14 +111,14 @@ static void smmuv3_write_gerrorn(SMMUv3State *s, uint= 32_t new_gerrorn) trace_smmuv3_write_gerrorn(toggled & pending, bank->gerrorn); } =20 -static inline MemTxResult queue_read(SMMUQueue *q, Cmd *cmd) +static inline MemTxResult queue_read(SMMUQueue *q, Cmd *cmd, + AddressSpace *as, MemTxAttrs attrs) { dma_addr_t addr =3D Q_CONS_ENTRY(q); MemTxResult ret; int i; =20 - ret =3D dma_memory_read(&address_space_memory, addr, cmd, sizeof(Cmd), - MEMTXATTRS_UNSPECIFIED); + ret =3D dma_memory_read(as, addr, cmd, sizeof(Cmd), attrs); if (ret !=3D MEMTX_OK) { return ret; } @@ -1346,14 +1346,17 @@ static void smmuv3_range_inval(SMMUState *s, Cmd *c= md, SMMUStage stage, } } =20 -static int smmuv3_cmdq_consume(SMMUv3State *s, Error **errp) +static int smmuv3_cmdq_consume(SMMUv3State *s, Error **errp, SMMUSecSID se= c_sid) { SMMUState *bs =3D ARM_SMMU(s); SMMUCmdError cmd_error =3D SMMU_CERROR_NONE; - SMMUSecSID sec_sid =3D SMMU_SEC_SID_NS; SMMUv3RegBank *bank =3D smmuv3_bank(s, sec_sid); SMMUQueue *q =3D &bank->cmdq; SMMUCommandType type =3D 0; + MemTxAttrs attrs =3D smmu_get_txattrs(sec_sid); + AddressSpace *as =3D smmu_get_address_space(bs, sec_sid); + /* Secure AddressSpace must be available, assert if not. */ + g_assert(as); =20 if (!smmuv3_cmdq_enabled(s, sec_sid)) { return 0; @@ -1369,18 +1372,30 @@ static int smmuv3_cmdq_consume(SMMUv3State *s, Erro= r **errp) uint32_t pending =3D bank->gerror ^ bank->gerrorn; Cmd cmd; =20 - trace_smmuv3_cmdq_consume(Q_PROD(q), Q_CONS(q), + trace_smmuv3_cmdq_consume(sec_sid, Q_PROD(q), Q_CONS(q), Q_PROD_WRAP(q), Q_CONS_WRAP(q)); =20 if (FIELD_EX32(pending, GERROR, CMDQ_ERR)) { break; } =20 - if (queue_read(q, &cmd) !=3D MEMTX_OK) { + if (queue_read(q, &cmd, as, attrs) !=3D MEMTX_OK) { cmd_error =3D SMMU_CERROR_ABT; break; } =20 + /* + * Secure Command on Non-secure Command queue, including Realm Com= mand + * queue, is not allowed. CERROR_ILL will be raised according to + * (IHI 0070G.b) 4.1.6 Common command fields, Page 168. + */ + if (CMD_SSEC(&cmd)) { + if (sec_sid !=3D SMMU_SEC_SID_S) { + cmd_error =3D SMMU_CERROR_ILL; + break; + } + } + type =3D CMD_TYPE(&cmd); =20 trace_smmuv3_cmdq_opcode(smmu_cmd_string(type)); @@ -1400,11 +1415,6 @@ static int smmuv3_cmdq_consume(SMMUv3State *s, Error= **errp) uint32_t sid =3D CMD_SID(&cmd); SMMUDevice *sdev =3D smmu_find_sdev(bs, sid); =20 - if (CMD_SSEC(&cmd)) { - cmd_error =3D SMMU_CERROR_ILL; - break; - } - if (!sdev) { break; } @@ -1424,11 +1434,6 @@ static int smmuv3_cmdq_consume(SMMUv3State *s, Error= **errp) uint8_t range =3D CMD_STE_RANGE(&cmd); SMMUSIDRange sid_range; =20 - if (CMD_SSEC(&cmd)) { - cmd_error =3D SMMU_CERROR_ILL; - break; - } - mask =3D (1ULL << (range + 1)) - 1; sid_range.start =3D sid & ~mask; sid_range.end =3D sid_range.start + mask; @@ -1447,11 +1452,6 @@ static int smmuv3_cmdq_consume(SMMUv3State *s, Error= **errp) uint32_t sid =3D CMD_SID(&cmd); SMMUDevice *sdev =3D smmu_find_sdev(bs, sid); =20 - if (CMD_SSEC(&cmd)) { - cmd_error =3D SMMU_CERROR_ILL; - break; - } - if (!sdev) { break; } @@ -1666,7 +1666,7 @@ static MemTxResult smmu_writel(SMMUv3State *s, hwaddr= offset, bank->cr[0] =3D data; bank->cr0ack =3D data & ~SMMU_CR0_RESERVED; /* in case the command queue has been enabled */ - smmuv3_cmdq_consume(s, &local_err); + smmuv3_cmdq_consume(s, &local_err, reg_sec_sid); break; case A_CR1: bank->cr[1] =3D data; @@ -1683,7 +1683,7 @@ static MemTxResult smmu_writel(SMMUv3State *s, hwaddr= offset, * By acknowledging the CMDQ_ERR, SW may notify cmds can * be processed again */ - smmuv3_cmdq_consume(s, &local_err); + smmuv3_cmdq_consume(s, &local_err, reg_sec_sid); break; case A_GERROR_IRQ_CFG0: /* 64b */ bank->gerror_irq_cfg0 =3D deposit64(bank->gerror_irq_cfg0, 0, 32, = data); @@ -1733,7 +1733,7 @@ static MemTxResult smmu_writel(SMMUv3State *s, hwaddr= offset, break; case A_CMDQ_PROD: bank->cmdq.prod =3D data; - smmuv3_cmdq_consume(s, &local_err); + smmuv3_cmdq_consume(s, &local_err, reg_sec_sid); break; case A_CMDQ_CONS: bank->cmdq.cons =3D data; diff --git a/hw/arm/trace-events b/hw/arm/trace-events index 4e360b3c0d3..ca8485c96af 100644 --- a/hw/arm/trace-events +++ b/hw/arm/trace-events @@ -35,7 +35,7 @@ smmuv3_trigger_irq(int irq) "irq=3D%d" smmuv3_write_gerror(uint32_t toggled, uint32_t gerror) "toggled=3D0x%x, ne= w GERROR=3D0x%x" smmuv3_write_gerrorn(uint32_t acked, uint32_t gerrorn) "acked=3D0x%x, new = GERRORN=3D0x%x" smmuv3_unhandled_cmd(uint32_t type) "Unhandled command type=3D%d" -smmuv3_cmdq_consume(uint32_t prod, uint32_t cons, uint8_t prod_wrap, uint8= _t cons_wrap) "prod=3D%d cons=3D%d prod.wrap=3D%d cons.wrap=3D%d" +smmuv3_cmdq_consume(int sec_sid, uint32_t prod, uint32_t cons, uint8_t pro= d_wrap, uint8_t cons_wrap) "sec_sid=3D%d prod=3D%d cons=3D%d prod.wrap=3D%d= cons.wrap=3D%d" smmuv3_cmdq_opcode(const char *opcode) "<--- %s" smmuv3_cmdq_consume_out(uint32_t prod, uint32_t cons, uint8_t prod_wrap, u= int8_t cons_wrap) "prod:%d, cons:%d, prod_wrap:%d, cons_wrap:%d " smmuv3_cmdq_consume_error(const char *cmd_name, uint8_t cmd_error) "Error = on %s command execution: %d" --=20 2.34.1 From nobody Sun Apr 12 00:58:07 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1771669069700153.9380515485309; Sat, 21 Feb 2026 02:17:49 -0800 (PST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vtk3J-0007oa-Me; Sat, 21 Feb 2026 05:17:33 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vtk3I-0007me-0y; Sat, 21 Feb 2026 05:17:32 -0500 Received: from zg8tmja5ljk3lje4ms43mwaa.icoremail.net ([209.97.181.73]) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vtk3G-0007ic-Eo; Sat, 21 Feb 2026 05:17:31 -0500 Received: from prodtpl.icoremail.net (unknown [10.12.1.20]) by hzbj-icmmx-6 (Coremail) with SMTP id AQAAfwBnPEQ3hplpJR9zAA--.17914S2; Sat, 21 Feb 2026 18:17:27 +0800 (CST) Received: from phytium.com.cn (unknown [218.76.62.144]) by mail (Coremail) with SMTP id AQAAfwD3Tes2hplpcE4cAA--.34141S3; Sat, 21 Feb 2026 18:17:27 +0800 (CST) From: Tao Tang To: Eric Auger , Peter Maydell , "Michael S . Tsirkin" , Marcel Apfelbaum Cc: qemu-devel@nongnu.org, qemu-arm@nongnu.org, Chen Baozi , Pierrick Bouvier , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , Mostafa Saleh , Chao Liu , Tao Tang Subject: [RFC v4 18/31] hw/arm/smmuv3: Make evtq producer use SEC_SID Date: Sat, 21 Feb 2026 18:17:23 +0800 Message-Id: <20260221101723.2994751-1-tangtao1634@phytium.com.cn> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20260221100250.2976287-1-tangtao1634@phytium.com.cn> References: <20260221100250.2976287-1-tangtao1634@phytium.com.cn> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-CM-TRANSID: AQAAfwD3Tes2hplpcE4cAA--.34141S3 X-CM-SenderInfo: pwdqw3tdrrljuu6sx5pwlxzhxfrphubq/1tbiAQANBWmYzyUAOQAAsr Authentication-Results: hzbj-icmmx-6; spf=neutral smtp.mail=tangtao163 4@phytium.com.cn; X-Coremail-Antispam: 1Uk129KBjvJXoW7ZF4xAFy7XF1rWry5Gr13twb_yoW8Zw13pr Z0yFn5K34YyFsxJF95Zrs8u3W7C3y0qrnrGrWxKFyruw15Cr13XFyUJryFyryvgr97J3yk ZFsYkay5Zr45t3DanT9S1TB71UUUUU7qnTZGkaVYY2UrUUUUj1kv1TuYvTs0mT0YCTnIWj DUYxn0WfASr-VFAU7a7-sFnT9fnUUIcSsGvfJ3UbIYCTnIWIevJa73UjIFyTuYvj4RJUUU UUUUU Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=209.97.181.73; envelope-from=tangtao1634@phytium.com.cn; helo=zg8tmja5ljk3lje4ms43mwaa.icoremail.net X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZM-MESSAGEID: 1771669070993158500 Content-Type: text/plain; charset="utf-8" The event queue producer path wrote entries through address_space_memory with MEMTXATTRS_UNSPECIFIED, so produced entries did not use the sec_sid-selected DMA context. Pass AddressSpace and MemTxAttrs to queue_write() from sec_sid, and assert that the selected AddressSpace exists before producing entries. Signed-off-by: Tao Tang Reviewed-by: Eric Auger Reviewed-by: Pierrick Bouvier --- hw/arm/smmuv3.c | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/hw/arm/smmuv3.c b/hw/arm/smmuv3.c index b2559e80f24..fa09099a09a 100644 --- a/hw/arm/smmuv3.c +++ b/hw/arm/smmuv3.c @@ -128,7 +128,8 @@ static inline MemTxResult queue_read(SMMUQueue *q, Cmd = *cmd, return ret; } =20 -static MemTxResult queue_write(SMMUQueue *q, Evt *evt_in) +static MemTxResult queue_write(SMMUQueue *q, Evt *evt_in, + AddressSpace *as, MemTxAttrs attrs) { dma_addr_t addr =3D Q_PROD_ENTRY(q); MemTxResult ret; @@ -138,8 +139,7 @@ static MemTxResult queue_write(SMMUQueue *q, Evt *evt_i= n) for (i =3D 0; i < ARRAY_SIZE(evt.word); i++) { cpu_to_le32s(&evt.word[i]); } - ret =3D dma_memory_write(&address_space_memory, addr, &evt, sizeof(Evt= ), - MEMTXATTRS_UNSPECIFIED); + ret =3D dma_memory_write(as, addr, &evt, sizeof(Evt), attrs); if (ret !=3D MEMTX_OK) { return ret; } @@ -154,6 +154,11 @@ static MemTxResult smmuv3_write_eventq(SMMUv3State *s,= SMMUSecSID sec_sid, SMMUv3RegBank *bank =3D smmuv3_bank(s, sec_sid); SMMUQueue *q =3D &bank->eventq; MemTxResult r; + SMMUState *bs =3D ARM_SMMU(s); + MemTxAttrs txattrs =3D smmu_get_txattrs(sec_sid); + AddressSpace *as =3D smmu_get_address_space(bs, sec_sid); + /* Secure AddressSpace must be available, assert if not. */ + g_assert(as); =20 if (!smmuv3_eventq_enabled(s, sec_sid)) { return MEMTX_ERROR; @@ -163,7 +168,7 @@ static MemTxResult smmuv3_write_eventq(SMMUv3State *s, = SMMUSecSID sec_sid, return MEMTX_ERROR; } =20 - r =3D queue_write(q, evt); + r =3D queue_write(q, evt, as, txattrs); if (r !=3D MEMTX_OK) { return r; } --=20 2.34.1 From nobody Sun Apr 12 00:58:07 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1771669081690745.0816325607817; Sat, 21 Feb 2026 02:18:01 -0800 (PST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vtk3W-0008HP-FX; Sat, 21 Feb 2026 05:17:46 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vtk3U-00083r-8J; Sat, 21 Feb 2026 05:17:44 -0500 Received: from zg8tmja5ljk3lje4ms43mwaa.icoremail.net ([209.97.181.73]) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vtk3S-0008V3-4S; Sat, 21 Feb 2026 05:17:43 -0500 Received: from prodtpl.icoremail.net (unknown [10.12.1.20]) by hzbj-icmmx-7 (Coremail) with SMTP id AQAAfwCXnJhDhplpMK9VBw--.3761S2; Sat, 21 Feb 2026 18:17:39 +0800 (CST) Received: from phytium.com.cn (unknown [218.76.62.144]) by mail (Coremail) with SMTP id AQAAfwB3zutAhplpck4cAA--.34569S3; Sat, 21 Feb 2026 18:17:36 +0800 (CST) From: Tao Tang To: Eric Auger , Peter Maydell , "Michael S . Tsirkin" , Marcel Apfelbaum Cc: qemu-devel@nongnu.org, qemu-arm@nongnu.org, Chen Baozi , Pierrick Bouvier , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , Mostafa Saleh , Chao Liu , Tao Tang Subject: [RFC v4 19/31] hw/arm/smmuv3: Fix CFGI_CD handling when stage-1 is unsupported Date: Sat, 21 Feb 2026 18:17:33 +0800 Message-Id: <20260221101733.2995020-1-tangtao1634@phytium.com.cn> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20260221100250.2976287-1-tangtao1634@phytium.com.cn> References: <20260221100250.2976287-1-tangtao1634@phytium.com.cn> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-CM-TRANSID: AQAAfwB3zutAhplpck4cAA--.34569S3 X-CM-SenderInfo: pwdqw3tdrrljuu6sx5pwlxzhxfrphubq/1tbiAQANBWmYzyUAOwAAsp Authentication-Results: hzbj-icmmx-7; spf=neutral smtp.mail=tangtao163 4@phytium.com.cn; X-Coremail-Antispam: 1Uk129KBjvdXoWrZr17JF4xGF17Ar17KryxAFb_yoWDWrgEkF 1Fq3s5Wr12yF9xZF9rKF4Sya40kw4kAFyUWr4FqFW2qanrWayUWrs7JrWkXw1rXr13GFWS va9a9w13JrnxWjkaLaAFLSUrUUUUjb8apTn2vfkv8UJUUUU8wcxFpf9Il3svdxBIdaVrnU Uv73VFW2AGmfu7jjvjm3AaLaJ3UjIYCTnIWjDUYxBIdaVFxhVjvjDU0xZFpf9x0zRUUUUU UUUU= Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=209.97.181.73; envelope-from=tangtao1634@phytium.com.cn; helo=zg8tmja5ljk3lje4ms43mwaa.icoremail.net X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZM-MESSAGEID: 1771669082777158500 Content-Type: text/plain; charset="utf-8" Add a STAGE1_SUPPORTED check in the CMD_CFGI_CD and CMD_CFGI_CD_ALL path and return CERROR_ILL when stage-1 translation is not implemented, matching the architecture requirement (IHI 0070G.b, page 176). Fixes: 32cfd7f39e08 ("hw/arm/smmuv3: Cache/invalidate config data") Signed-off-by: Tao Tang Reviewed-by: Eric Auger Reviewed-by: Mostafa Saleh Reviewed-by: Pierrick Bouvier --- hw/arm/smmuv3.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/hw/arm/smmuv3.c b/hw/arm/smmuv3.c index fa09099a09a..d4c58c0c724 100644 --- a/hw/arm/smmuv3.c +++ b/hw/arm/smmuv3.c @@ -1461,6 +1461,15 @@ static int smmuv3_cmdq_consume(SMMUv3State *s, Error= **errp, SMMUSecSID sec_sid) break; } =20 + /* + * This command raises CERROR_ILL when stage 1 is not implemen= ted + * according to (IHI 0070G.b) Page 176. + */ + if (!STAGE1_SUPPORTED(s)) { + cmd_error =3D SMMU_CERROR_ILL; + break; + } + trace_smmuv3_cmdq_cfgi_cd(sid); smmuv3_flush_config(sdev); if (!smmuv3_accel_issue_inv_cmd(s, &cmd, sdev, errp)) { --=20 2.34.1 From nobody Sun Apr 12 00:58:07 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 177166909158064.45285664007895; Sat, 21 Feb 2026 02:18:11 -0800 (PST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vtk3f-0000Mp-0z; Sat, 21 Feb 2026 05:17:55 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vtk3d-0000Kr-EI; Sat, 21 Feb 2026 05:17:53 -0500 Received: from sgoci-sdnproxy-4.icoremail.net ([129.150.39.64]) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vtk3a-0000em-LN; Sat, 21 Feb 2026 05:17:53 -0500 Received: from prodtpl.icoremail.net (unknown [10.12.1.20]) by hzbj-icmmx-7 (Coremail) with SMTP id AQAAfwCHoqhJhplpRa9VBw--.6667S2; Sat, 21 Feb 2026 18:17:45 +0800 (CST) Received: from phytium.com.cn (unknown [218.76.62.144]) by mail (Coremail) with SMTP id AQAAfwCn_epIhplpdE4cAA--.34722S3; Sat, 21 Feb 2026 18:17:44 +0800 (CST) From: Tao Tang To: Eric Auger , Peter Maydell , "Michael S . Tsirkin" , Marcel Apfelbaum Cc: qemu-devel@nongnu.org, qemu-arm@nongnu.org, Chen Baozi , Pierrick Bouvier , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , Mostafa Saleh , Chao Liu , Tao Tang Subject: [RFC v4 20/31] hw/arm/smmu: Make CMDQ invalidation security-state aware Date: Sat, 21 Feb 2026 18:17:41 +0800 Message-Id: <20260221101741.2995271-1-tangtao1634@phytium.com.cn> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20260221100250.2976287-1-tangtao1634@phytium.com.cn> References: <20260221100250.2976287-1-tangtao1634@phytium.com.cn> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-CM-TRANSID: AQAAfwCn_epIhplpdE4cAA--.34722S3 X-CM-SenderInfo: pwdqw3tdrrljuu6sx5pwlxzhxfrphubq/1tbiAQANBWmYzyUAPQAAsv Authentication-Results: hzbj-icmmx-7; spf=neutral smtp.mail=tangtao163 4@phytium.com.cn; X-Coremail-Antispam: 1Uk129KBjvAXoW3uw17XrW5XFy8XFWUWr45KFg_yoW8XrW3Ko WrJrWjgrW8Jr12gFn2vFn3GFW7ZryqyayUWr15Z3ya93ZxtF15tFyxtr4rXa1FyF4UJFWF vF95WrZ7XFy5AFyfn29KB7ZKAUJUUUU8529EdanIXcx71UUUUU7KY7ZEXasCq-sGcSsGvf J3UbIjqfuFe4nvWSU8nxnvy29KBjDU0xBIdaVrnUUvcSsGvfC2KfnxnUUI43ZEXa7xR_UU UUUUUUU== Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=129.150.39.64; envelope-from=tangtao1634@phytium.com.cn; helo=sgoci-sdnproxy-4.icoremail.net X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZM-MESSAGEID: 1771669105170158500 Content-Type: text/plain; charset="utf-8" Refactor CMDQ invalidation paths to carry security state and apply cache invalidation per sec_sid instead of globally. Extend common IOTLB/config invalidation helpers with sec_sid filtering, while keeping SMMU_SEC_SID_NUM as the full-invalidate mode. In smmuv3, propagate sec_sid/ssec through CFGI and TLBI handling, and gate VMID usage on queue stage-2 capability (including SEL2 for secure CMDQ). Update tracepoints to include ssec for better observability. Signed-off-by: Tao Tang --- hw/arm/smmu-common.c | 96 ++++++++++++++++++++++++++++++++---- hw/arm/smmuv3.c | 67 ++++++++++++++++++------- hw/arm/trace-events | 6 +-- include/hw/arm/smmu-common.h | 8 +-- 4 files changed, 144 insertions(+), 33 deletions(-) diff --git a/hw/arm/smmu-common.c b/hw/arm/smmu-common.c index bb43430cc3b..5dece2024a4 100644 --- a/hw/arm/smmu-common.c +++ b/hw/arm/smmu-common.c @@ -201,7 +201,7 @@ void smmu_iotlb_insert(SMMUState *bs, SMMUTransCfg *cfg= , SMMUTLBEntry *new) uint8_t tg =3D (new->granule - 10) / 2; =20 if (g_hash_table_size(bs->iotlb) >=3D SMMU_IOTLB_MAX_SIZE) { - smmu_iotlb_inv_all(bs); + smmu_iotlb_inv_all(bs, SMMU_SEC_SID_NUM); } =20 *key =3D smmu_get_iotlb_key(cfg->asid, cfg->s2cfg.vmid, new->entry.iov= a, @@ -211,10 +211,23 @@ void smmu_iotlb_insert(SMMUState *bs, SMMUTransCfg *c= fg, SMMUTLBEntry *new) g_hash_table_insert(bs->iotlb, key, new); } =20 -void smmu_iotlb_inv_all(SMMUState *s) +static gboolean smmu_hash_remove_by_sec_sid(gpointer key, gpointer value, + gpointer user_data) +{ + SMMUIOTLBKey *iotlb_key =3D (SMMUIOTLBKey *)key; + SMMUSecSID *sec_sid =3D (SMMUSecSID *)user_data; + + return SMMU_IOTLB_SEC_SID(*iotlb_key) =3D=3D *sec_sid; +} + +void smmu_iotlb_inv_all(SMMUState *s, SMMUSecSID sec_sid) { trace_smmu_iotlb_inv_all(); - g_hash_table_remove_all(s->iotlb); + if (sec_sid =3D=3D SMMU_SEC_SID_NUM) { + g_hash_table_remove_all(s->iotlb); + return; + } + g_hash_table_foreach_remove(s->iotlb, smmu_hash_remove_by_sec_sid, &se= c_sid); } =20 static gboolean smmu_hash_remove_by_asid_vmid(gpointer key, gpointer value, @@ -292,6 +305,16 @@ static gboolean smmu_hash_remove_by_vmid_ipa(gpointer = key, gpointer value, ((entry->iova & ~info->mask) =3D=3D info->iova); } =20 +typedef struct SMMUConfigInvRangeInfo { + SMMUSIDRange sid_range; + SMMUSecSID sec_sid; +} SMMUConfigInvRangeInfo; + +typedef struct SMMUConfigInvSdevInfo { + SMMUDevice *sdev; + SMMUSecSID sec_sid; +} SMMUConfigInvSdevInfo; + static gboolean smmu_hash_remove_by_sid_range(gpointer key, gpointer value, gpointer user_= data) { @@ -307,11 +330,41 @@ smmu_hash_remove_by_sid_range(gpointer key, gpointer = value, gpointer user_data) return true; } =20 -void smmu_configs_inv_sid_range(SMMUState *s, SMMUSIDRange sid_range) +static gboolean +smmu_hash_remove_by_sid_range_sec(gpointer key, gpointer value, + gpointer user_data) +{ + SMMUConfigKey *config_key =3D (SMMUConfigKey *)key; + SMMUConfigInvRangeInfo *info =3D (SMMUConfigInvRangeInfo *)user_data; + SMMUDevice *sdev =3D config_key->sdev; + uint32_t sid =3D smmu_get_sid(sdev); + + if (config_key->sec_sid !=3D info->sec_sid) { + return false; + } + if (sid < info->sid_range.start || sid > info->sid_range.end) { + return false; + } + trace_smmu_config_cache_inv(sid); + return true; +} + +void smmu_configs_inv_sid_range(SMMUState *s, SMMUSIDRange sid_range, + SMMUSecSID sec_sid) { + SMMUConfigInvRangeInfo info =3D { + .sid_range =3D sid_range, + .sec_sid =3D sec_sid, + }; + trace_smmu_configs_inv_sid_range(sid_range.start, sid_range.end); - g_hash_table_foreach_remove(s->configs, smmu_hash_remove_by_sid_range, - &sid_range); + if (sec_sid =3D=3D SMMU_SEC_SID_NUM) { + g_hash_table_foreach_remove(s->configs, smmu_hash_remove_by_sid_ra= nge, + &sid_range); + return; + } + g_hash_table_foreach_remove(s->configs, smmu_hash_remove_by_sid_range_= sec, + &info); } =20 static gboolean smmu_hash_remove_by_sdev(gpointer key, gpointer value, @@ -327,9 +380,35 @@ static gboolean smmu_hash_remove_by_sdev(gpointer key,= gpointer value, return true; } =20 -void smmu_configs_inv_sdev(SMMUState *s, SMMUDevice *sdev) +static gboolean smmu_hash_remove_by_sdev_sec(gpointer key, gpointer value, + gpointer user_data) { - g_hash_table_foreach_remove(s->configs, smmu_hash_remove_by_sdev, sdev= ); + SMMUConfigKey *config_key =3D (SMMUConfigKey *)key; + SMMUConfigInvSdevInfo *info =3D (SMMUConfigInvSdevInfo *)user_data; + + if (config_key->sdev !=3D info->sdev) { + return false; + } + if (config_key->sec_sid !=3D info->sec_sid) { + return false; + } + trace_smmu_config_cache_inv(smmu_get_sid(info->sdev)); + return true; +} + +void smmu_configs_inv_sdev(SMMUState *s, SMMUDevice *sdev, + SMMUSecSID sec_sid) +{ + SMMUConfigInvSdevInfo info =3D { + .sdev =3D sdev, + .sec_sid =3D sec_sid, + }; + + if (sec_sid =3D=3D SMMU_SEC_SID_NUM) { + g_hash_table_foreach_remove(s->configs, smmu_hash_remove_by_sdev, = sdev); + return; + } + g_hash_table_foreach_remove(s->configs, smmu_hash_remove_by_sdev_sec, = &info); } =20 void smmu_iotlb_inv_iova(SMMUState *s, int asid, int vmid, dma_addr_t iova, @@ -1193,4 +1272,3 @@ static void smmu_base_register_types(void) } =20 type_init(smmu_base_register_types) - diff --git a/hw/arm/smmuv3.c b/hw/arm/smmuv3.c index d4c58c0c724..29e862b8ae3 100644 --- a/hw/arm/smmuv3.c +++ b/hw/arm/smmuv3.c @@ -959,12 +959,13 @@ static SMMUTransCfg *smmuv3_get_config(SMMUDevice *sd= ev, SMMUEventInfo *event, return cfg; } =20 -static void smmuv3_flush_config(SMMUDevice *sdev) +/* Flush all config caches when sec_sid =3D=3D SMMU_SEC_SID_NUM */ +static void smmuv3_flush_config(SMMUDevice *sdev, SMMUSecSID sec_sid) { SMMUv3State *s =3D sdev->smmu; SMMUState *bc =3D &s->smmu_state; =20 - smmu_configs_inv_sdev(bc, sdev); + smmu_configs_inv_sdev(bc, sdev, sec_sid); } =20 /* Do translation with TLB lookup. */ @@ -1289,7 +1290,7 @@ static void smmuv3_inv_notifiers_iova(SMMUState *s, i= nt asid, int vmid, } =20 static void smmuv3_range_inval(SMMUState *s, Cmd *cmd, SMMUStage stage, - SMMUSecSID sec_sid) + SMMUSecSID sec_sid, bool use_vmid) { dma_addr_t end, addr =3D CMD_ADDR(cmd); uint8_t type =3D CMD_TYPE(cmd); @@ -1302,10 +1303,8 @@ static void smmuv3_range_inval(SMMUState *s, Cmd *cm= d, SMMUStage stage, uint64_t num_pages; uint8_t granule; int asid =3D -1; - SMMUv3State *smmuv3 =3D ARM_SMMUV3(s); =20 - /* Only consider VMID if stage-2 is supported. */ - if (STAGE2_SUPPORTED(smmuv3)) { + if (use_vmid) { vmid =3D CMD_VMID(cmd); } =20 @@ -1351,6 +1350,25 @@ static void smmuv3_range_inval(SMMUState *s, Cmd *cm= d, SMMUStage stage, } } =20 +static inline bool smmu_cmdq_stage2_supported(SMMUv3State *s, SMMUSecSID s= ec_sid) +{ + /* IDR0.S2P: Stage 2 translation supported */ + bool s2p =3D STAGE2_SUPPORTED(s); + if (!s2p) { + return false; + } + + /* + * For Secure Command queue, Secure stage 2 is additionally gated by S= EL2 + * (SEL2 is 0 if S2P is 0). + */ + if (sec_sid =3D=3D SMMU_SEC_SID_S) { + return FIELD_EX32(s->bank[SMMU_SEC_SID_S].idr[1], S_IDR1, SEL2); + } + + return true; +} + static int smmuv3_cmdq_consume(SMMUv3State *s, Error **errp, SMMUSecSID se= c_sid) { SMMUState *bs =3D ARM_SMMU(s); @@ -1362,6 +1380,7 @@ static int smmuv3_cmdq_consume(SMMUv3State *s, Error = **errp, SMMUSecSID sec_sid) AddressSpace *as =3D smmu_get_address_space(bs, sec_sid); /* Secure AddressSpace must be available, assert if not. */ g_assert(as); + bool queue_stage2_supported =3D smmu_cmdq_stage2_supported(s, sec_sid); =20 if (!smmuv3_cmdq_enabled(s, sec_sid)) { return 0; @@ -1376,6 +1395,7 @@ static int smmuv3_cmdq_consume(SMMUv3State *s, Error = **errp, SMMUSecSID sec_sid) while (!smmuv3_q_empty(q)) { uint32_t pending =3D bank->gerror ^ bank->gerrorn; Cmd cmd; + SMMUSecSID ssec =3D SMMU_SEC_SID_NS; =20 trace_smmuv3_cmdq_consume(sec_sid, Q_PROD(q), Q_CONS(q), Q_PROD_WRAP(q), Q_CONS_WRAP(q)); @@ -1399,6 +1419,7 @@ static int smmuv3_cmdq_consume(SMMUv3State *s, Error = **errp, SMMUSecSID sec_sid) cmd_error =3D SMMU_CERROR_ILL; break; } + ssec =3D SMMU_SEC_SID_S; } =20 type =3D CMD_TYPE(&cmd); @@ -1424,12 +1445,12 @@ static int smmuv3_cmdq_consume(SMMUv3State *s, Erro= r **errp, SMMUSecSID sec_sid) break; } =20 - trace_smmuv3_cmdq_cfgi_ste(sid); + trace_smmuv3_cmdq_cfgi_ste(ssec, sid); if (!smmuv3_accel_install_ste(s, sdev, sid, errp)) { cmd_error =3D SMMU_CERROR_ILL; break; } - smmuv3_flush_config(sdev); + smmuv3_flush_config(sdev, ssec); =20 break; } @@ -1443,12 +1464,12 @@ static int smmuv3_cmdq_consume(SMMUv3State *s, Erro= r **errp, SMMUSecSID sec_sid) sid_range.start =3D sid & ~mask; sid_range.end =3D sid_range.start + mask; =20 - trace_smmuv3_cmdq_cfgi_ste_range(sid_range.start, sid_range.en= d); + trace_smmuv3_cmdq_cfgi_ste_range(ssec, sid_range.start, sid_ra= nge.end); if (!smmuv3_accel_install_ste_range(s, &sid_range, errp)) { cmd_error =3D SMMU_CERROR_ILL; break; } - smmu_configs_inv_sid_range(bs, sid_range); + smmu_configs_inv_sid_range(bs, sid_range, ssec); break; } case SMMU_CMD_CFGI_CD: @@ -1470,8 +1491,8 @@ static int smmuv3_cmdq_consume(SMMUv3State *s, Error = **errp, SMMUSecSID sec_sid) break; } =20 - trace_smmuv3_cmdq_cfgi_cd(sid); - smmuv3_flush_config(sdev); + trace_smmuv3_cmdq_cfgi_cd(ssec, sid); + smmuv3_flush_config(sdev, ssec); if (!smmuv3_accel_issue_inv_cmd(s, &cmd, sdev, errp)) { cmd_error =3D SMMU_CERROR_ILL; break; @@ -1492,7 +1513,7 @@ static int smmuv3_cmdq_consume(SMMUv3State *s, Error = **errp, SMMUSecSID sec_sid) * VMID is only matched when stage 2 is supported, otherwise s= et it * to -1 as the value used for stage-1 only VMIDs. */ - if (STAGE2_SUPPORTED(s)) { + if (queue_stage2_supported) { vmid =3D CMD_VMID(&cmd); } =20 @@ -1518,18 +1539,27 @@ static int smmuv3_cmdq_consume(SMMUv3State *s, Erro= r **errp, SMMUSecSID sec_sid) * If stage-2 is supported, invalidate for this VMID only, oth= erwise * invalidate the whole thing. */ - if (STAGE2_SUPPORTED(s)) { + if (queue_stage2_supported) { vmid =3D CMD_VMID(&cmd); trace_smmuv3_cmdq_tlbi_nh(sec_sid, vmid); smmu_iotlb_inv_vmid_s1(bs, vmid, sec_sid); break; } - QEMU_FALLTHROUGH; + trace_smmuv3_cmdq_tlbi_nh(sec_sid, vmid); + smmu_inv_notifiers_all(&s->smmu_state); + smmu_iotlb_inv_all(bs, sec_sid); + break; } case SMMU_CMD_TLBI_NSNH_ALL: trace_smmuv3_cmdq_tlbi_nsnh(); smmu_inv_notifiers_all(&s->smmu_state); - smmu_iotlb_inv_all(bs); + /* + * According to (IHI 0070G.b) 4.4.4.1 CMD_TLBI_NSNH_ALL, Page = 194: + * "When issuing to the Realm programming interface, even thou= gh + * this command has NS in its name, it only applies to Realm e= ntries." + */ + smmu_iotlb_inv_all(bs, sec_sid > SMMU_SEC_SID_S ? + sec_sid : SMMU_SEC_SID_NS); if (!smmuv3_accel_issue_inv_cmd(s, &cmd, NULL, errp)) { cmd_error =3D SMMU_CERROR_ILL; break; @@ -1541,7 +1571,8 @@ static int smmuv3_cmdq_consume(SMMUv3State *s, Error = **errp, SMMUSecSID sec_sid) cmd_error =3D SMMU_CERROR_ILL; break; } - smmuv3_range_inval(bs, &cmd, SMMU_STAGE_1, SMMU_SEC_SID_NS); + smmuv3_range_inval(bs, &cmd, SMMU_STAGE_1, sec_sid, + queue_stage2_supported); if (!smmuv3_accel_issue_inv_cmd(s, &cmd, NULL, errp)) { cmd_error =3D SMMU_CERROR_ILL; break; @@ -1570,7 +1601,7 @@ static int smmuv3_cmdq_consume(SMMUv3State *s, Error = **errp, SMMUSecSID sec_sid) * As currently only either s1 or s2 are supported * we can reuse same function for s2. */ - smmuv3_range_inval(bs, &cmd, SMMU_STAGE_2, SMMU_SEC_SID_NS); + smmuv3_range_inval(bs, &cmd, SMMU_STAGE_2, SMMU_SEC_SID_NS, tr= ue); break; case SMMU_CMD_ATC_INV: { diff --git a/hw/arm/trace-events b/hw/arm/trace-events index ca8485c96af..64f308a8d35 100644 --- a/hw/arm/trace-events +++ b/hw/arm/trace-events @@ -51,9 +51,9 @@ smmuv3_translate_success(const char *n, uint16_t sid, uin= t64_t iova, uint64_t tr smmuv3_get_cd(uint64_t addr) "CD addr: 0x%"PRIx64 smmuv3_decode_cd(uint32_t oas) "oas=3D%d" smmuv3_decode_cd_tt(int i, uint32_t tsz, uint64_t ttb, uint32_t granule_sz= , bool had) "TT[%d]:tsz:%d ttb:0x%"PRIx64" granule_sz:%d had:%d" -smmuv3_cmdq_cfgi_ste(int streamid) "streamid=3D 0x%x" -smmuv3_cmdq_cfgi_ste_range(int start, int end) "start=3D0x%x - end=3D0x%x" -smmuv3_cmdq_cfgi_cd(uint32_t sid) "sid=3D0x%x" +smmuv3_cmdq_cfgi_ste(int ssec, int streamid) "ssec=3D%d streamid=3D 0x%x" +smmuv3_cmdq_cfgi_ste_range(int ssec, int start, int end) "ssec=3D%d start= =3D0x%x - end=3D0x%x" +smmuv3_cmdq_cfgi_cd(int ssec, uint32_t sid) "ssec=3D%d sid=3D0x%x" smmuv3_config_cache_hit(uint32_t sid, uint32_t hits, uint32_t misses, uint= 32_t perc) "Config cache HIT for sid=3D0x%x (hits=3D%d, misses=3D%d, hit ra= te=3D%d)" smmuv3_config_cache_miss(uint32_t sid, uint32_t hits, uint32_t misses, uin= t32_t perc) "Config cache MISS for sid=3D0x%x (hits=3D%d, misses=3D%d, hit = rate=3D%d)" smmuv3_range_inval(int sec_sid, int vmid, int asid, uint64_t addr, uint8_t= tg, uint64_t num_pages, uint8_t ttl, bool leaf, int stage) "sec_sid=3D%d v= mid=3D%d asid=3D%d addr=3D0x%"PRIx64" tg=3D%d num_pages=3D0x%"PRIx64" ttl= =3D%d leaf=3D%d stage=3D%d" diff --git a/include/hw/arm/smmu-common.h b/include/hw/arm/smmu-common.h index 7d1d0936921..d05cf6ae53b 100644 --- a/include/hw/arm/smmu-common.h +++ b/include/hw/arm/smmu-common.h @@ -259,7 +259,7 @@ void smmu_iotlb_insert(SMMUState *bs, SMMUTransCfg *cfg= , SMMUTLBEntry *entry); SMMUIOTLBKey smmu_get_iotlb_key(int asid, int vmid, uint64_t iova, uint8_t tg, uint8_t level, SMMUSecSID sec_= sid); SMMUConfigKey smmu_get_config_key(SMMUDevice *sdev, SMMUSecSID sec_sid); -void smmu_iotlb_inv_all(SMMUState *s); +void smmu_iotlb_inv_all(SMMUState *s, SMMUSecSID sec_sid); void smmu_iotlb_inv_asid_vmid(SMMUState *s, int asid, int vmid, SMMUSecSID sec_sid); void smmu_iotlb_inv_vmid(SMMUState *s, int vmid, SMMUSecSID sec_sid); @@ -270,8 +270,10 @@ void smmu_iotlb_inv_iova(SMMUState *s, int asid, int v= mid, dma_addr_t iova, void smmu_iotlb_inv_ipa(SMMUState *s, int vmid, dma_addr_t ipa, uint8_t tg, uint64_t num_pages, uint8_t ttl, SMMUSecSID sec_sid); -void smmu_configs_inv_sid_range(SMMUState *s, SMMUSIDRange sid_range); -void smmu_configs_inv_sdev(SMMUState *s, SMMUDevice *sdev); +void smmu_configs_inv_sid_range(SMMUState *s, SMMUSIDRange sid_range, + SMMUSecSID sec_sid); +void smmu_configs_inv_sdev(SMMUState *s, SMMUDevice *sdev, + SMMUSecSID sec_sid); /* Unmap the range of all the notifiers registered to any IOMMU mr */ void smmu_inv_notifiers_all(SMMUState *s); =20 --=20 2.34.1 From nobody Sun Apr 12 00:58:07 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1771669113454972.2790691650071; Sat, 21 Feb 2026 02:18:33 -0800 (PST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vtk48-0001vK-B8; Sat, 21 Feb 2026 05:18:24 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vtk42-0001pc-6a; Sat, 21 Feb 2026 05:18:18 -0500 Received: from zg8tmja5ljk3lje4ms43mwaa.icoremail.net ([209.97.181.73]) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vtk40-000203-57; Sat, 21 Feb 2026 05:18:17 -0500 Received: from prodtpl.icoremail.net (unknown [10.12.1.20]) by hzbj-icmmx-6 (Coremail) with SMTP id AQAAfwAHXdBlhplpgR9zAA--.3194S2; Sat, 21 Feb 2026 18:18:13 +0800 (CST) Received: from phytium.com.cn (unknown [218.76.62.144]) by mail (Coremail) with SMTP id AQAAfwB3zepihplpd04cAA--.34374S3; Sat, 21 Feb 2026 18:18:10 +0800 (CST) From: Tao Tang To: Eric Auger , Peter Maydell , "Michael S . Tsirkin" , Marcel Apfelbaum Cc: qemu-devel@nongnu.org, qemu-arm@nongnu.org, Chen Baozi , Pierrick Bouvier , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , Mostafa Saleh , Chao Liu , Tao Tang Subject: [RFC v4 21/31] hw/arm/smmuv3: Add access checks for GERROR_IRQ_CFG registers Date: Sat, 21 Feb 2026 18:17:49 +0800 Message-Id: <20260221101749.2995372-1-tangtao1634@phytium.com.cn> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20260221100250.2976287-1-tangtao1634@phytium.com.cn> References: <20260221100250.2976287-1-tangtao1634@phytium.com.cn> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-CM-TRANSID: AQAAfwB3zepihplpd04cAA--.34374S3 X-CM-SenderInfo: pwdqw3tdrrljuu6sx5pwlxzhxfrphubq/1tbiAQANBWmYzyUAPwAAst Authentication-Results: hzbj-icmmx-6; spf=neutral smtp.mail=tangtao163 4@phytium.com.cn; X-Coremail-Antispam: 1Uk129KBjvJXoWxXFW8Gw4UKF15ZF1fAw4xZwb_yoWruw1Dpr WIkwnIgrW5ta12qrZxA3Zxtw1rC3s2gF13try3KF9xtw1UurWYva10gFWSq3ZxWFyDG39r KF43Kr4fuwn0yw7anT9S1TB71UUUUUJqnTZGkaVYY2UrUUUUj1kv1TuYvTs0mT0YCTnIWj DUYxn0WfASr-VFAU7a7-sFnT9fnUUIcSsGvfJ3UbIYCTnIWIevJa73UjIFyTuYvj4RJUUU UUUUU Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=209.97.181.73; envelope-from=tangtao1634@phytium.com.cn; helo=zg8tmja5ljk3lje4ms43mwaa.icoremail.net X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZM-MESSAGEID: 1771669114966158500 Content-Type: text/plain; charset="utf-8" Add helper functions smmu_msi_supported() and smmu_gerror_irq_cfg_writable() to check accessibility of GERROR_IRQ_CFG registers. Reading returns RES0 when MSI is not supported. Writing is ignored when GERROR_IRQEN is set. Additionally, mask reserved bits on writes using SMMU_GERROR_IRQ_CFG0_RESER= VED. Fixes: fae4be38b35d ("hw/arm/smmuv3: Implement MMIO write operations") Fixes: 10a83cb9887e ("hw/arm/smmuv3: Skeleton") Signed-off-by: Tao Tang Reviewed-by: Pierrick Bouvier --- hw/arm/smmuv3.c | 76 ++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 75 insertions(+), 1 deletion(-) diff --git a/hw/arm/smmuv3.c b/hw/arm/smmuv3.c index 29e862b8ae3..eb9c6658a12 100644 --- a/hw/arm/smmuv3.c +++ b/hw/arm/smmuv3.c @@ -1369,6 +1369,28 @@ static inline bool smmu_cmdq_stage2_supported(SMMUv3= State *s, SMMUSecSID sec_sid return true; } =20 +/* Check if MSI is supported */ +static inline bool smmu_msi_supported(SMMUv3State *s) +{ + return FIELD_EX32(s->bank[SMMU_SEC_SID_NS].idr[0], IDR0, MSI); +} + +/* Check if secure GERROR_IRQ_CFGx registers are writable */ +static inline bool smmu_gerror_irq_cfg_writable(SMMUv3State *s, SMMUSecSID= sec_sid) +{ + if (!smmu_msi_supported(s)) { + return false; + } + + /* + * Only writable if: + * - IRQ_CTRL.GERROR_IRQEN =3D=3D 0 and + * - IRQ_CTRLACK.GERROR_IRQEN =3D=3D 0. + * IRQ_CTRL and IRQ_CTRL_ACK are folded into a single backing field he= re. + */ + return (FIELD_EX32(s->bank[sec_sid].irq_ctrl, IRQ_CTRL, GERROR_IRQEN) = =3D=3D 0); +} + static int smmuv3_cmdq_consume(SMMUv3State *s, Error **errp, SMMUSecSID se= c_sid) { SMMUState *bs =3D ARM_SMMU(s); @@ -1669,7 +1691,14 @@ static MemTxResult smmu_writell(SMMUv3State *s, hwad= dr offset, =20 switch (offset) { case A_GERROR_IRQ_CFG0: - bank->gerror_irq_cfg0 =3D data; + if (!smmu_gerror_irq_cfg_writable(s, reg_sec_sid)) { + /* SMMU_(*_)_IRQ_CTRL.GERROR_IRQEN =3D=3D 1: IGNORED this writ= e */ + qemu_log_mask(LOG_GUEST_ERROR, "GERROR_IRQ_CFG0 write ignored:= " + "register is RO when IRQ enabled\n"); + return MEMTX_OK; + } + + bank->gerror_irq_cfg0 =3D data & SMMU_GERROR_IRQ_CFG0_RESERVED; return MEMTX_OK; case A_STRTAB_BASE: bank->strtab_base =3D data; @@ -1731,12 +1760,31 @@ static MemTxResult smmu_writel(SMMUv3State *s, hwad= dr offset, smmuv3_cmdq_consume(s, &local_err, reg_sec_sid); break; case A_GERROR_IRQ_CFG0: /* 64b */ + if (!smmu_gerror_irq_cfg_writable(s, reg_sec_sid)) { + qemu_log_mask(LOG_GUEST_ERROR, "GERROR_IRQ_CFG0 write ignored:= " + "register is RO when IRQ enabled\n"); + return MEMTX_OK; + } + + data &=3D SMMU_GERROR_IRQ_CFG0_RESERVED; bank->gerror_irq_cfg0 =3D deposit64(bank->gerror_irq_cfg0, 0, 32, = data); break; case A_GERROR_IRQ_CFG0 + 4: + if (!smmu_gerror_irq_cfg_writable(s, reg_sec_sid)) { + qemu_log_mask(LOG_GUEST_ERROR, "GERROR_IRQ_CFG0 + 4 write igno= red: " + "register is RO when IRQ enabled\n"); + return MEMTX_OK; + } + bank->gerror_irq_cfg0 =3D deposit64(bank->gerror_irq_cfg0, 32, 32,= data); break; case A_GERROR_IRQ_CFG1: + if (!smmu_gerror_irq_cfg_writable(s, reg_sec_sid)) { + qemu_log_mask(LOG_GUEST_ERROR, "GERROR_IRQ_CFG1 write ignored:= " + "register is RO when IRQ enabled\n"); + return MEMTX_OK; + } + bank->gerror_irq_cfg1 =3D data; break; case A_GERROR_IRQ_CFG2: @@ -1858,6 +1906,12 @@ static MemTxResult smmu_readll(SMMUv3State *s, hwadd= r offset, =20 switch (offset) { case A_GERROR_IRQ_CFG0: + /* SMMU_(*_)GERROR_IRQ_CFG0 BOTH check SMMU_IDR0.MSI */ + if (!smmu_msi_supported(s)) { + *data =3D 0; /* RES0 */ + return MEMTX_OK; + } + *data =3D bank->gerror_irq_cfg0; return MEMTX_OK; case A_STRTAB_BASE: @@ -1926,15 +1980,35 @@ static MemTxResult smmu_readl(SMMUv3State *s, hwadd= r offset, *data =3D bank->gerrorn; return MEMTX_OK; case A_GERROR_IRQ_CFG0: /* 64b */ + if (!smmu_msi_supported(s)) { + *data =3D 0; /* RES0 */ + return MEMTX_OK; + } + *data =3D extract64(bank->gerror_irq_cfg0, 0, 32); return MEMTX_OK; case A_GERROR_IRQ_CFG0 + 4: + if (!smmu_msi_supported(s)) { + *data =3D 0; /* RES0 */ + return MEMTX_OK; + } + *data =3D extract64(bank->gerror_irq_cfg0, 32, 32); return MEMTX_OK; case A_GERROR_IRQ_CFG1: + if (!smmu_msi_supported(s)) { + *data =3D 0; /* RES0 */ + return MEMTX_OK; + } + *data =3D bank->gerror_irq_cfg1; return MEMTX_OK; case A_GERROR_IRQ_CFG2: + if (!smmu_msi_supported(s)) { + *data =3D 0; /* RES0 */ + return MEMTX_OK; + } + *data =3D bank->gerror_irq_cfg2; return MEMTX_OK; case A_STRTAB_BASE: /* 64b */ --=20 2.34.1 From nobody Sun Apr 12 00:58:07 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1771669112481209.21515780802065; Sat, 21 Feb 2026 02:18:32 -0800 (PST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vtk4C-0002B5-VM; Sat, 21 Feb 2026 05:18:28 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vtk49-0001xu-9h; Sat, 21 Feb 2026 05:18:26 -0500 Received: from zg8tmja5ljk3lje4ms43mwaa.icoremail.net ([209.97.181.73]) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vtk47-0002Me-Jh; Sat, 21 Feb 2026 05:18:25 -0500 Received: from prodtpl.icoremail.net (unknown [10.12.1.20]) by hzbj-icmmx-7 (Coremail) with SMTP id AQAAfwBXXJhshplpo69VBw--.3951S2; Sat, 21 Feb 2026 18:18:20 +0800 (CST) Received: from phytium.com.cn (unknown [218.76.62.144]) by mail (Coremail) with SMTP id AQAAfwAnge5rhplpeU4cAA--.54989S3; Sat, 21 Feb 2026 18:18:19 +0800 (CST) From: Tao Tang To: Eric Auger , Peter Maydell , "Michael S . Tsirkin" , Marcel Apfelbaum Cc: qemu-devel@nongnu.org, qemu-arm@nongnu.org, Chen Baozi , Pierrick Bouvier , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , Mostafa Saleh , Chao Liu , Tao Tang Subject: [RFC v4 22/31] hw/arm/smmuv3: Add access checks for STRTAB_BASE and CR2 registers Date: Sat, 21 Feb 2026 18:18:16 +0800 Message-Id: <20260221101816.2996053-1-tangtao1634@phytium.com.cn> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20260221100250.2976287-1-tangtao1634@phytium.com.cn> References: <20260221100250.2976287-1-tangtao1634@phytium.com.cn> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-CM-TRANSID: AQAAfwAnge5rhplpeU4cAA--.54989S3 X-CM-SenderInfo: pwdqw3tdrrljuu6sx5pwlxzhxfrphubq/1tbiAQANBWmYzyUAQQAAsT Authentication-Results: hzbj-icmmx-7; spf=neutral smtp.mail=tangtao163 4@phytium.com.cn; X-Coremail-Antispam: 1Uk129KBjvJXoWxZFW8JrWfZr1kGrW3GFyDKFg_yoWruFyxpr Z7G34agr47tayIgF9xAa1Yyws8GayvgF1UJry3GF97Zw1UJry5XF4rWrWfX3WkXFyUJws7 Ga1akay3urW8trJanT9S1TB71UUUUU7qnTZGkaVYY2UrUUUUj1kv1TuYvTs0mT0YCTnIWj DUYxn0WfASr-VFAU7a7-sFnT9fnUUIcSsGvfJ3UbIYCTnIWIevJa73UjIFyTuYvj4RJUUU UUUUU Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=209.97.181.73; envelope-from=tangtao1634@phytium.com.cn; helo=zg8tmja5ljk3lje4ms43mwaa.icoremail.net X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZM-MESSAGEID: 1771669113059158500 Content-Type: text/plain; charset="utf-8" Add access control for SMMU_STRTAB_BASE and SMMU_CR2 registers to ensure they can only be modified when the SMMU is disabled. This implements: - smmuv3_smmu_disabled_stable(): Check whether the SMMU is in a stable disabled state (CR0.SMMUEN =3D=3D 0 and CR0ACK.SMMUEN =3D=3D 0); - smmu_strtab_base_writable(): returns true only when IDR1.TABLES_PRESET=3D= =3D0 and SMMU is completely disabled. Additionally, mask reserved bits on writes to SMMU_STRTAB_BASE using SMMU_STRTAB_BASE_RESERVED. Fixes: fae4be38b35d ("hw/arm/smmuv3: Implement MMIO write operations") Signed-off-by: Tao Tang Reviewed-by: Pierrick Bouvier --- hw/arm/smmuv3.c | 69 +++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 67 insertions(+), 2 deletions(-) diff --git a/hw/arm/smmuv3.c b/hw/arm/smmuv3.c index eb9c6658a12..163c07adce4 100644 --- a/hw/arm/smmuv3.c +++ b/hw/arm/smmuv3.c @@ -1391,6 +1391,36 @@ static inline bool smmu_gerror_irq_cfg_writable(SMMU= v3State *s, SMMUSecSID sec_s return (FIELD_EX32(s->bank[sec_sid].irq_ctrl, IRQ_CTRL, GERROR_IRQEN) = =3D=3D 0); } =20 +static inline int smmuv3_get_cr0ack_smmuen(SMMUv3State *s, SMMUSecSID sec_= sid) +{ + /* + * CR0, CR0ACK, S_CR0 and S_CR0ACK are bit-layout compatible, so we re= use + * the CR0 field definitions and only switch banks via sec_sid to redu= ce + * code duplication. Also the other bits in CR0/CR0ACK are relevant he= re. + */ + return FIELD_EX32(s->bank[sec_sid].cr0ack, CR0, SMMUEN); +} + +/* Check if SMMU is disabled in stable status */ +static inline bool smmuv3_smmu_disabled_stable(SMMUv3State *s, SMMUSecSID = sec_sid) +{ + int cr0_smmuen =3D smmu_enabled(s, sec_sid); + int cr0ack_smmuen =3D smmuv3_get_cr0ack_smmuen(s, sec_sid); + return (cr0_smmuen =3D=3D 0 && cr0ack_smmuen =3D=3D 0); +} + +/* Check if STRTAB_BASE register is writable */ +static bool smmu_strtab_base_writable(SMMUv3State *s, SMMUSecSID sec_sid) +{ + /* Use NS bank as it's designed for all security states */ + if (FIELD_EX32(s->bank[SMMU_SEC_SID_NS].idr[1], IDR1, TABLES_PRESET)) { + return false; + } + + /* Check SMMUEN conditions for the specific security domain */ + return smmuv3_smmu_disabled_stable(s, sec_sid); +} + static int smmuv3_cmdq_consume(SMMUv3State *s, Error **errp, SMMUSecSID se= c_sid) { SMMUState *bs =3D ARM_SMMU(s); @@ -1701,7 +1731,14 @@ static MemTxResult smmu_writell(SMMUv3State *s, hwad= dr offset, bank->gerror_irq_cfg0 =3D data & SMMU_GERROR_IRQ_CFG0_RESERVED; return MEMTX_OK; case A_STRTAB_BASE: - bank->strtab_base =3D data; + if (!smmu_strtab_base_writable(s, reg_sec_sid)) { + qemu_log_mask(LOG_GUEST_ERROR, + "STRTAB_BASE write ignored: register is RO\n"); + return MEMTX_OK; + } + + /* Clear reserved bits according to spec */ + bank->strtab_base =3D data & SMMU_STRTAB_BASE_RESERVED; return MEMTX_OK; case A_CMDQ_BASE: bank->cmdq.base =3D data; @@ -1746,7 +1783,15 @@ static MemTxResult smmu_writel(SMMUv3State *s, hwadd= r offset, bank->cr[1] =3D data; break; case A_CR2: - bank->cr[2] =3D data; + if (smmuv3_smmu_disabled_stable(s, reg_sec_sid)) { + /* Allow write: SMMUEN is 0 in both CR0 and CR0ACK */ + bank->cr[2] =3D data; + } else { + /* CONSTRAINED UNPREDICTABLE behavior: Ignore this write */ + qemu_log_mask(LOG_GUEST_ERROR, + "CR2 write ignored: register is read-only when " + "CR0.SMMUEN or CR0ACK.SMMUEN is set\n"); + } break; case A_IRQ_CTRL: bank->irq_ctrl =3D data; @@ -1802,12 +1847,32 @@ static MemTxResult smmu_writel(SMMUv3State *s, hwad= dr offset, } break; case A_STRTAB_BASE: /* 64b */ + if (!smmu_strtab_base_writable(s, reg_sec_sid)) { + qemu_log_mask(LOG_GUEST_ERROR, + "STRTAB_BASE write ignored: register is RO\n"); + return MEMTX_OK; + } + + data &=3D SMMU_STRTAB_BASE_RESERVED; bank->strtab_base =3D deposit64(bank->strtab_base, 0, 32, data); break; case A_STRTAB_BASE + 4: + if (!smmu_strtab_base_writable(s, reg_sec_sid)) { + qemu_log_mask(LOG_GUEST_ERROR, + "STRTAB_BASE + 4 write ignored: register is RO\n= "); + return MEMTX_OK; + } + + data &=3D SMMU_STRTAB_BASE_RESERVED; bank->strtab_base =3D deposit64(bank->strtab_base, 32, 32, data); break; case A_STRTAB_BASE_CFG: + if (!smmu_strtab_base_writable(s, reg_sec_sid)) { + qemu_log_mask(LOG_GUEST_ERROR, + "STRTAB_BASE_CFG write ignored: register is RO\n= "); + return MEMTX_OK; + } + bank->strtab_base_cfg =3D data; if (FIELD_EX32(data, STRTAB_BASE_CFG, FMT) =3D=3D 1) { bank->sid_split =3D FIELD_EX32(data, STRTAB_BASE_CFG, SPLIT); --=20 2.34.1 From nobody Sun Apr 12 00:58:07 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1771669131690863.4589879130554; Sat, 21 Feb 2026 02:18:51 -0800 (PST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vtk4T-0002lT-P4; Sat, 21 Feb 2026 05:18:45 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vtk4L-0002eG-DZ; Sat, 21 Feb 2026 05:18:39 -0500 Received: from zg8tmtyylji0my4xnjqumte4.icoremail.net ([162.243.164.118]) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vtk4G-0002aH-MJ; Sat, 21 Feb 2026 05:18:34 -0500 Received: from prodtpl.icoremail.net (unknown [10.12.1.20]) by hzbj-icmmx-7 (Coremail) with SMTP id AQAAfwDHzpp1hplpwq9VBw--.5233S2; Sat, 21 Feb 2026 18:18:29 +0800 (CST) Received: from phytium.com.cn (unknown [218.76.62.144]) by mail (Coremail) with SMTP id AQAAfwCH3+xxhplpek4cAA--.49459S3; Sat, 21 Feb 2026 18:18:26 +0800 (CST) From: Tao Tang To: Eric Auger , Peter Maydell , "Michael S . Tsirkin" , Marcel Apfelbaum Cc: qemu-devel@nongnu.org, qemu-arm@nongnu.org, Chen Baozi , Pierrick Bouvier , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , Mostafa Saleh , Chao Liu , Tao Tang Subject: [RFC v4 23/31] hw/arm/smmuv3: Add access checks for CMDQ and EVENTQ registers Date: Sat, 21 Feb 2026 18:18:23 +0800 Message-Id: <20260221101823.2996302-1-tangtao1634@phytium.com.cn> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20260221100250.2976287-1-tangtao1634@phytium.com.cn> References: <20260221100250.2976287-1-tangtao1634@phytium.com.cn> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-CM-TRANSID: AQAAfwCH3+xxhplpek4cAA--.49459S3 X-CM-SenderInfo: pwdqw3tdrrljuu6sx5pwlxzhxfrphubq/1tbiAQANBWmYzyUAQwAAsR Authentication-Results: hzbj-icmmx-7; spf=neutral smtp.mail=tangtao163 4@phytium.com.cn; X-Coremail-Antispam: 1Uk129KBjvJXoW3XFW7Ww18WrykuF1kJw43KFg_yoWfGFy5pr Z7GFy3Kr4aq3yIga93Aa1jya1UCw4xKrnFkr98Wwn5Ww1UGr4Dua18Wa4fXas3JF1UJw4k GwsxKFW3urW7C3DanT9S1TB71UUUUU7qnTZGkaVYY2UrUUUUj1kv1TuYvTs0mT0YCTnIWj DUYxn0WfASr-VFAU7a7-sFnT9fnUUIcSsGvfJ3UbIYCTnIWIevJa73UjIFyTuYvj4RJUUU UUUUU Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=162.243.164.118; envelope-from=tangtao1634@phytium.com.cn; helo=zg8tmtyylji0my4xnjqumte4.icoremail.net X-Spam_score_int: -25 X-Spam_score: -2.6 X-Spam_bar: -- X-Spam_report: (-2.6 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZM-MESSAGEID: 1771669132955158500 Content-Type: text/plain; charset="utf-8" Add access control for command queue and event queue related registers to ensure they can only be modified under proper conditions. For command queue (CMDQ): - smmu_cmdq_disabled_stable(): checks CMDQ bit in CR0/CR0ACK - smmu_cmdq_base_writable(): checks IDR1.QUEUES_PRESET=3D=3D0 and CMDQ disa= bled For event queue (EVTQ): - smmu_eventq_disabled_stable(): checks EVTQ bit in CR0/CR0ACK - smmu_eventq_base_writable():checks IDR1.QUEUES_PRESET=3D=3D0 and EVTQ dis= abled - smmu_eventq_irq_cfg_writable(): checks MSI support and EVENTQ_IRQEN state Additionally, mask reserved bits on writes using SMMU_QUEUE_BASE_RESERVED for queue base registers and SMMU_EVENTQ_IRQ_CFG0_RESERVED for EVENTQ_IRQ_CFG0. Fixes: fae4be38b35d ("hw/arm/smmuv3: Implement MMIO write operations") Signed-off-by: Tao Tang Reviewed-by: Pierrick Bouvier --- hw/arm/smmuv3.c | 157 +++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 154 insertions(+), 3 deletions(-) diff --git a/hw/arm/smmuv3.c b/hw/arm/smmuv3.c index 163c07adce4..9c09ea0716e 100644 --- a/hw/arm/smmuv3.c +++ b/hw/arm/smmuv3.c @@ -1421,6 +1421,73 @@ static bool smmu_strtab_base_writable(SMMUv3State *s= , SMMUSecSID sec_sid) return smmuv3_smmu_disabled_stable(s, sec_sid); } =20 +static inline int smmuv3_get_cr0_cmdqen(SMMUv3State *s, SMMUSecSID sec_sid) +{ + return FIELD_EX32(s->bank[sec_sid].cr[0], CR0, CMDQEN); +} + +static inline int smmuv3_get_cr0ack_cmdqen(SMMUv3State *s, SMMUSecSID sec_= sid) +{ + return FIELD_EX32(s->bank[sec_sid].cr0ack, CR0, CMDQEN); +} + +static inline int smmuv3_get_cr0_eventqen(SMMUv3State *s, SMMUSecSID sec_s= id) +{ + return FIELD_EX32(s->bank[sec_sid].cr[0], CR0, EVENTQEN); +} + +static inline int smmuv3_get_cr0ack_eventqen(SMMUv3State *s, SMMUSecSID se= c_sid) +{ + return FIELD_EX32(s->bank[sec_sid].cr0ack, CR0, EVENTQEN); +} + +/* Check if CMDQ is disabled in stable status */ +static bool smmu_cmdq_disabled_stable(SMMUv3State *s, SMMUSecSID sec_sid) +{ + int cr0_cmdqen =3D smmuv3_get_cr0_cmdqen(s, sec_sid); + int cr0ack_cmdqen =3D smmuv3_get_cr0ack_cmdqen(s, sec_sid); + return (cr0_cmdqen =3D=3D 0 && cr0ack_cmdqen =3D=3D 0); +} + +/* Check if CMDQ_BASE register is writable */ +static bool smmu_cmdq_base_writable(SMMUv3State *s, SMMUSecSID sec_sid) +{ + /* Use NS bank as it's designed for all security states */ + if (FIELD_EX32(s->bank[SMMU_SEC_SID_NS].idr[1], IDR1, QUEUES_PRESET)) { + return false; + } + + return smmu_cmdq_disabled_stable(s, sec_sid); +} + +/* Check if EVENTQ is disabled in stable status */ +static bool smmu_eventq_disabled_stable(SMMUv3State *s, SMMUSecSID sec_sid) +{ + int cr0_eventqen =3D smmuv3_get_cr0_eventqen(s, sec_sid); + int cr0ack_eventqen =3D smmuv3_get_cr0ack_eventqen(s, sec_sid); + return (cr0_eventqen =3D=3D 0 && cr0ack_eventqen =3D=3D 0); +} + +/* Check if EVENTQ_BASE register is writable */ +static bool smmu_eventq_base_writable(SMMUv3State *s, SMMUSecSID sec_sid) +{ + if (FIELD_EX32(s->bank[SMMU_SEC_SID_NS].idr[1], IDR1, QUEUES_PRESET)) { + return false; + } + + return smmu_eventq_disabled_stable(s, sec_sid); +} + +/* Check if EVENTQ_IRQ_CFGx is writable */ +static bool smmu_eventq_irq_cfg_writable(SMMUv3State *s, SMMUSecSID sec_si= d) +{ + if (!smmu_msi_supported(s)) { + return false; + } + + return (FIELD_EX32(s->bank[sec_sid].irq_ctrl, IRQ_CTRL, EVENTQ_IRQEN) = =3D=3D 0); +} + static int smmuv3_cmdq_consume(SMMUv3State *s, Error **errp, SMMUSecSID se= c_sid) { SMMUState *bs =3D ARM_SMMU(s); @@ -1741,21 +1808,39 @@ static MemTxResult smmu_writell(SMMUv3State *s, hwa= ddr offset, bank->strtab_base =3D data & SMMU_STRTAB_BASE_RESERVED; return MEMTX_OK; case A_CMDQ_BASE: - bank->cmdq.base =3D data; + if (!smmu_cmdq_base_writable(s, reg_sec_sid)) { + qemu_log_mask(LOG_GUEST_ERROR, + "CMDQ_BASE write ignored: register is RO\n"); + return MEMTX_OK; + } + + bank->cmdq.base =3D data & SMMU_QUEUE_BASE_RESERVED; bank->cmdq.log2size =3D extract64(bank->cmdq.base, 0, 5); if (bank->cmdq.log2size > SMMU_CMDQS) { bank->cmdq.log2size =3D SMMU_CMDQS; } return MEMTX_OK; case A_EVENTQ_BASE: - bank->eventq.base =3D data; + if (!smmu_eventq_base_writable(s, reg_sec_sid)) { + qemu_log_mask(LOG_GUEST_ERROR, + "EVENTQ_BASE write ignored: register is RO\n"); + return MEMTX_OK; + } + + bank->eventq.base =3D data & SMMU_QUEUE_BASE_RESERVED; bank->eventq.log2size =3D extract64(bank->eventq.base, 0, 5); if (bank->eventq.log2size > SMMU_EVENTQS) { bank->eventq.log2size =3D SMMU_EVENTQS; } return MEMTX_OK; case A_EVENTQ_IRQ_CFG0: - bank->eventq_irq_cfg0 =3D data; + if (!smmu_eventq_irq_cfg_writable(s, reg_sec_sid)) { + qemu_log_mask(LOG_GUEST_ERROR, + "EVENTQ_IRQ_CFG0 write ignored: register is RO\n= "); + return MEMTX_OK; + } + + bank->eventq_irq_cfg0 =3D data & SMMU_EVENTQ_IRQ_CFG0_RESERVED; return MEMTX_OK; default: qemu_log_mask(LOG_UNIMP, @@ -1880,6 +1965,13 @@ static MemTxResult smmu_writel(SMMUv3State *s, hwadd= r offset, } break; case A_CMDQ_BASE: /* 64b */ + if (!smmu_cmdq_base_writable(s, reg_sec_sid)) { + qemu_log_mask(LOG_GUEST_ERROR, + "CMDQ_BASE write ignored: register is RO\n"); + return MEMTX_OK; + } + + data &=3D SMMU_QUEUE_BASE_RESERVED; bank->cmdq.base =3D deposit64(bank->cmdq.base, 0, 32, data); bank->cmdq.log2size =3D extract64(bank->cmdq.base, 0, 5); if (bank->cmdq.log2size > SMMU_CMDQS) { @@ -1887,6 +1979,13 @@ static MemTxResult smmu_writel(SMMUv3State *s, hwadd= r offset, } break; case A_CMDQ_BASE + 4: /* 64b */ + if (!smmu_cmdq_base_writable(s, reg_sec_sid)) { + qemu_log_mask(LOG_GUEST_ERROR, + "CMDQ_BASE + 4 write ignored: register is RO\n"); + return MEMTX_OK; + } + + data &=3D SMMU_QUEUE_BASE_RESERVED; bank->cmdq.base =3D deposit64(bank->cmdq.base, 32, 32, data); break; case A_CMDQ_PROD: @@ -1894,9 +1993,22 @@ static MemTxResult smmu_writel(SMMUv3State *s, hwadd= r offset, smmuv3_cmdq_consume(s, &local_err, reg_sec_sid); break; case A_CMDQ_CONS: + if (!smmu_cmdq_disabled_stable(s, reg_sec_sid)) { + qemu_log_mask(LOG_GUEST_ERROR, + "CMDQ_CONS write ignored: register is RO\n"); + return MEMTX_OK; + } + bank->cmdq.cons =3D data; break; case A_EVENTQ_BASE: /* 64b */ + if (!smmu_eventq_base_writable(s, reg_sec_sid)) { + qemu_log_mask(LOG_GUEST_ERROR, + "EVENTQ_BASE write ignored: register is RO\n"); + return MEMTX_OK; + } + + data &=3D SMMU_QUEUE_BASE_RESERVED; bank->eventq.base =3D deposit64(bank->eventq.base, 0, 32, data); bank->eventq.log2size =3D extract64(bank->eventq.base, 0, 5); if (bank->eventq.log2size > SMMU_EVENTQS) { @@ -1904,24 +2016,63 @@ static MemTxResult smmu_writel(SMMUv3State *s, hwad= dr offset, } break; case A_EVENTQ_BASE + 4: + if (!smmu_eventq_base_writable(s, reg_sec_sid)) { + qemu_log_mask(LOG_GUEST_ERROR, + "EVENTQ_BASE + 4 write ignored: register is RO\n= "); + return MEMTX_OK; + } + + data &=3D SMMU_QUEUE_BASE_RESERVED; bank->eventq.base =3D deposit64(bank->eventq.base, 32, 32, data); break; case A_EVENTQ_PROD: + if (!smmu_eventq_disabled_stable(s, reg_sec_sid)) { + qemu_log_mask(LOG_GUEST_ERROR, + "EVENTQ_PROD write ignored: register is RO\n"); + return MEMTX_OK; + } + bank->eventq.prod =3D data; break; case A_EVENTQ_CONS: bank->eventq.cons =3D data; break; case A_EVENTQ_IRQ_CFG0: /* 64b */ + if (!smmu_eventq_irq_cfg_writable(s, reg_sec_sid)) { + qemu_log_mask(LOG_GUEST_ERROR, + "EVENTQ_IRQ_CFG0 write ignored: register is RO\n= "); + return MEMTX_OK; + } + + data &=3D SMMU_EVENTQ_IRQ_CFG0_RESERVED; bank->eventq_irq_cfg0 =3D deposit64(bank->eventq_irq_cfg0, 0, 32, = data); break; case A_EVENTQ_IRQ_CFG0 + 4: + if (!smmu_eventq_irq_cfg_writable(s, reg_sec_sid)) { + qemu_log_mask(LOG_GUEST_ERROR, + "EVENTQ_IRQ_CFG0+4 write ignored: register is RO= \n"); + return MEMTX_OK; + } + + data &=3D SMMU_EVENTQ_IRQ_CFG0_RESERVED; bank->eventq_irq_cfg0 =3D deposit64(bank->eventq_irq_cfg0, 32, 32,= data); break; case A_EVENTQ_IRQ_CFG1: + if (!smmu_eventq_irq_cfg_writable(s, reg_sec_sid)) { + qemu_log_mask(LOG_GUEST_ERROR, + "EVENTQ_IRQ_CFG1 write ignored: register is RO\n= "); + return MEMTX_OK; + } + bank->eventq_irq_cfg1 =3D data; break; case A_EVENTQ_IRQ_CFG2: + if (!smmu_eventq_irq_cfg_writable(s, reg_sec_sid)) { + qemu_log_mask(LOG_GUEST_ERROR, + "EVENTQ_IRQ_CFG2 write ignored: register is RO\n= "); + return MEMTX_OK; + } + bank->eventq_irq_cfg2 =3D data; break; default: --=20 2.34.1 From nobody Sun Apr 12 00:58:07 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1771669132032279.2429458093811; Sat, 21 Feb 2026 02:18:52 -0800 (PST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vtk4U-0002u0-CL; Sat, 21 Feb 2026 05:18:46 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vtk4O-0002f4-2A; Sat, 21 Feb 2026 05:18:40 -0500 Received: from zg8tmtyylji0my4xnjqumte4.icoremail.net ([162.243.164.118]) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vtk4L-0002aj-Hh; Sat, 21 Feb 2026 05:18:39 -0500 Received: from prodtpl.icoremail.net (unknown [10.12.1.20]) by hzbj-icmmx-7 (Coremail) with SMTP id AQAAfwC3vJh6hplpzq9VBw--.4496S2; Sat, 21 Feb 2026 18:18:34 +0800 (CST) Received: from phytium.com.cn (unknown [218.76.62.144]) by mail (Coremail) with SMTP id AQAAfwDXLet4hplpfE4cAA--.34240S3; Sat, 21 Feb 2026 18:18:32 +0800 (CST) From: Tao Tang To: Eric Auger , Peter Maydell , "Michael S . Tsirkin" , Marcel Apfelbaum Cc: qemu-devel@nongnu.org, qemu-arm@nongnu.org, Chen Baozi , Pierrick Bouvier , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , Mostafa Saleh , Chao Liu , Tao Tang Subject: [RFC v4 24/31] hw/arm/smmuv3: Determine register bank from MMIO offset Date: Sat, 21 Feb 2026 18:18:29 +0800 Message-Id: <20260221101830.2996354-1-tangtao1634@phytium.com.cn> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20260221100250.2976287-1-tangtao1634@phytium.com.cn> References: <20260221100250.2976287-1-tangtao1634@phytium.com.cn> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-CM-TRANSID: AQAAfwDXLet4hplpfE4cAA--.34240S3 X-CM-SenderInfo: pwdqw3tdrrljuu6sx5pwlxzhxfrphubq/1tbiAQANBWmYzyUARQAAsX Authentication-Results: hzbj-icmmx-7; spf=neutral smtp.mail=tangtao163 4@phytium.com.cn; X-Coremail-Antispam: 1Uk129KBjvJXoW3AryfCry5tr1rCr1UuF1Dtrb_yoWxJr1xpr Z8XF1Sgrn8Ka1SqwsxJa1UC3W8Cwn7Kr1akrnxKryDu3yIywn7JayvyryfuryDury7Zrs8 trW5Gr47WrWqy3DanT9S1TB71UUUUU7qnTZGkaVYY2UrUUUUj1kv1TuYvTs0mT0YCTnIWj DUYxn0WfASr-VFAU7a7-sFnT9fnUUIcSsGvfJ3UbIYCTnIWIevJa73UjIFyTuYvj4RJUUU UUUUU Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=162.243.164.118; envelope-from=tangtao1634@phytium.com.cn; helo=zg8tmtyylji0my4xnjqumte4.icoremail.net X-Spam_score_int: -25 X-Spam_score: -2.6 X-Spam_bar: -- X-Spam_report: (-2.6 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZM-MESSAGEID: 1771669133043158500 Content-Type: text/plain; charset="utf-8" Modify the main MMIO handlers (smmu_write_mmio, smmu_read_mmio) to determine the security state of the target register based on its memory-mapped offset. By checking if the offset is within the secure register space (>=3D SMMU_SECURE_REG_START), the handlers can deduce the register's SEC_SID (reg_sec_sid). This SID is then passed down to the register access helper functions (smmu_writel, smmu_readl, etc.). Inside these helpers, the switch statement now operates on a masked, relative offset: uint32_t reg_offset =3D offset & 0xfff; switch (reg_offset) { ... } This design leverages a key feature of the SMMU specification: registers with the same function across different 3 security states (Non-secure, Secure, Realm) share the same relative offset. This avoids significant code duplication. The reg_sec_sid passed from the MMIO handler determines which security bank to operate on, while the masked offset identifies the specific register within that bank. It is important to distinguish between the security state of the register itself and the security state of the access. A higher-privilege security state is permitted to access registers belonging to a lower-privilege state, but the reverse is not allowed. This patch lays the groundwork for enforcing such rules. For future compatibility with Realm states, the logic in the else block corresponding to the secure offset check: if (offset >=3D SMMU_SECURE_REG_START) { reg_sec_sid =3D SMMU_SEC_SID_S; } else { /* Future Realm handling */ } will need to be expanded. Signed-off-by: Tao Tang Reviewed-by: Pierrick Bouvier --- hw/arm/smmuv3.c | 57 +++++++++++++++++++++++++++++++++---------------- 1 file changed, 39 insertions(+), 18 deletions(-) diff --git a/hw/arm/smmuv3.c b/hw/arm/smmuv3.c index 9c09ea0716e..d81485a6a46 100644 --- a/hw/arm/smmuv3.c +++ b/hw/arm/smmuv3.c @@ -1781,12 +1781,13 @@ static int smmuv3_cmdq_consume(SMMUv3State *s, Erro= r **errp, SMMUSecSID sec_sid) } =20 static MemTxResult smmu_writell(SMMUv3State *s, hwaddr offset, - uint64_t data, MemTxAttrs attrs) + uint64_t data, MemTxAttrs attrs, + SMMUSecSID reg_sec_sid) { - SMMUSecSID reg_sec_sid =3D SMMU_SEC_SID_NS; SMMUv3RegBank *bank =3D smmuv3_bank(s, reg_sec_sid); + uint32_t reg_offset =3D offset & 0xfff; =20 - switch (offset) { + switch (reg_offset) { case A_GERROR_IRQ_CFG0: if (!smmu_gerror_irq_cfg_writable(s, reg_sec_sid)) { /* SMMU_(*_)_IRQ_CTRL.GERROR_IRQEN =3D=3D 1: IGNORED this writ= e */ @@ -1851,13 +1852,14 @@ static MemTxResult smmu_writell(SMMUv3State *s, hwa= ddr offset, } =20 static MemTxResult smmu_writel(SMMUv3State *s, hwaddr offset, - uint64_t data, MemTxAttrs attrs) + uint64_t data, MemTxAttrs attrs, + SMMUSecSID reg_sec_sid) { Error *local_err =3D NULL; - SMMUSecSID reg_sec_sid =3D SMMU_SEC_SID_NS; SMMUv3RegBank *bank =3D smmuv3_bank(s, reg_sec_sid); + uint32_t reg_offset =3D offset & 0xfff; =20 - switch (offset) { + switch (reg_offset) { case A_CR0: bank->cr[0] =3D data; bank->cr0ack =3D data & ~SMMU_CR0_RESERVED; @@ -2094,16 +2096,25 @@ static MemTxResult smmu_write_mmio(void *opaque, hw= addr offset, uint64_t data, SMMUState *sys =3D opaque; SMMUv3State *s =3D ARM_SMMUV3(sys); MemTxResult r; + SMMUSecSID reg_sec_sid =3D SMMU_SEC_SID_NS; =20 /* CONSTRAINED UNPREDICTABLE choice to have page0/1 be exact aliases */ offset &=3D ~0x10000; =20 + /* + * Realm and Non-secure share the same page-local offset layout; Secur= e uses + * the same layout but is mapped starting at 0x8000(SMMU_SECURE_REG_ST= ART) + */ + if (offset >=3D SMMU_SECURE_REG_START) { + reg_sec_sid =3D SMMU_SEC_SID_S; + } + switch (size) { case 8: - r =3D smmu_writell(s, offset, data, attrs); + r =3D smmu_writell(s, offset, data, attrs, reg_sec_sid); break; case 4: - r =3D smmu_writel(s, offset, data, attrs); + r =3D smmu_writel(s, offset, data, attrs, reg_sec_sid); break; default: r =3D MEMTX_ERROR; @@ -2115,12 +2126,13 @@ static MemTxResult smmu_write_mmio(void *opaque, hw= addr offset, uint64_t data, } =20 static MemTxResult smmu_readll(SMMUv3State *s, hwaddr offset, - uint64_t *data, MemTxAttrs attrs) + uint64_t *data, MemTxAttrs attrs, + SMMUSecSID reg_sec_sid) { - SMMUSecSID reg_sec_sid =3D SMMU_SEC_SID_NS; SMMUv3RegBank *bank =3D smmuv3_bank(s, reg_sec_sid); + uint32_t reg_offset =3D offset & 0xfff; =20 - switch (offset) { + switch (reg_offset) { case A_GERROR_IRQ_CFG0: /* SMMU_(*_)GERROR_IRQ_CFG0 BOTH check SMMU_IDR0.MSI */ if (!smmu_msi_supported(s)) { @@ -2149,17 +2161,22 @@ static MemTxResult smmu_readll(SMMUv3State *s, hwad= dr offset, } =20 static MemTxResult smmu_readl(SMMUv3State *s, hwaddr offset, - uint64_t *data, MemTxAttrs attrs) + uint64_t *data, MemTxAttrs attrs, + SMMUSecSID reg_sec_sid) { - SMMUSecSID reg_sec_sid =3D SMMU_SEC_SID_NS; SMMUv3RegBank *bank =3D smmuv3_bank(s, reg_sec_sid); + uint32_t reg_offset =3D offset & 0xfff; =20 - switch (offset) { + switch (reg_offset) { case A_IDREGS ... A_IDREGS + 0x2f: - *data =3D smmuv3_idreg(offset - A_IDREGS); + *data =3D smmuv3_idreg(reg_offset - A_IDREGS); return MEMTX_OK; case A_IDR0 ... A_IDR5: - *data =3D bank->idr[(offset - A_IDR0) / 4]; + if (reg_sec_sid =3D=3D SMMU_SEC_SID_S) { + g_assert((reg_offset - A_IDR0) / 4 < 5); + } + + *data =3D bank->idr[(reg_offset - A_IDR0) / 4]; return MEMTX_OK; case A_IIDR: *data =3D s->iidr; @@ -2275,16 +2292,20 @@ static MemTxResult smmu_read_mmio(void *opaque, hwa= ddr offset, uint64_t *data, SMMUState *sys =3D opaque; SMMUv3State *s =3D ARM_SMMUV3(sys); MemTxResult r; + SMMUSecSID reg_sec_sid =3D SMMU_SEC_SID_NS; =20 /* CONSTRAINED UNPREDICTABLE choice to have page0/1 be exact aliases */ offset &=3D ~0x10000; + if (offset >=3D SMMU_SECURE_REG_START) { + reg_sec_sid =3D SMMU_SEC_SID_S; + } =20 switch (size) { case 8: - r =3D smmu_readll(s, offset, data, attrs); + r =3D smmu_readll(s, offset, data, attrs, reg_sec_sid); break; case 4: - r =3D smmu_readl(s, offset, data, attrs); + r =3D smmu_readl(s, offset, data, attrs, reg_sec_sid); break; default: r =3D MEMTX_ERROR; --=20 2.34.1 From nobody Sun Apr 12 00:58:07 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1771669170989609.5495518560601; Sat, 21 Feb 2026 02:19:30 -0800 (PST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vtk4j-0003Fd-Gi; Sat, 21 Feb 2026 05:19:01 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vtk4V-0002zR-66; Sat, 21 Feb 2026 05:18:48 -0500 Received: from zg8tmty1ljiyny4xntqumjca.icoremail.net ([165.227.154.27]) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vtk4T-0002n9-7G; Sat, 21 Feb 2026 05:18:46 -0500 Received: from prodtpl.icoremail.net (unknown [10.12.1.20]) by hzbj-icmmx-6 (Coremail) with SMTP id AQAAfwAHXdCChplp0R9zAA--.3197S2; Sat, 21 Feb 2026 18:18:42 +0800 (CST) Received: from phytium.com.cn (unknown [218.76.62.144]) by mail (Coremail) with SMTP id AQAAfwDnP+1+hplpfU4cAA--.34781S3; Sat, 21 Feb 2026 18:18:38 +0800 (CST) From: Tao Tang To: Eric Auger , Peter Maydell , "Michael S . Tsirkin" , Marcel Apfelbaum Cc: qemu-devel@nongnu.org, qemu-arm@nongnu.org, Chen Baozi , Pierrick Bouvier , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , Mostafa Saleh , Chao Liu , Tao Tang Subject: [RFC v4 25/31] hw/arm/smmuv3: Implement SMMU_S_INIT register Date: Sat, 21 Feb 2026 18:18:36 +0800 Message-Id: <20260221101836.2996599-1-tangtao1634@phytium.com.cn> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20260221100250.2976287-1-tangtao1634@phytium.com.cn> References: <20260221100250.2976287-1-tangtao1634@phytium.com.cn> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-CM-TRANSID: AQAAfwDnP+1+hplpfU4cAA--.34781S3 X-CM-SenderInfo: pwdqw3tdrrljuu6sx5pwlxzhxfrphubq/1tbiAQANBWmYzyUARwAAsV Authentication-Results: hzbj-icmmx-6; spf=neutral smtp.mail=tangtao163 4@phytium.com.cn; X-Coremail-Antispam: 1Uk129KBjvJXoWxXF1UCw47Cr17uw47Wr43trb_yoWrWr1fpr WDWr15Kw48A3WS9FnIkw4vyF15ua97Kry7CrZxGa4S9a4qyryqqF4DKrW7uFWDWr15Cay7 G3ySgFsrur1UX3DanT9S1TB71UUUUU7qnTZGkaVYY2UrUUUUj1kv1TuYvTs0mT0YCTnIWj DUYxn0WfASr-VFAU7a7-sFnT9fnUUIcSsGvfJ3UbIYCTnIWIevJa73UjIFyTuYvj4RJUUU UUUUU Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=165.227.154.27; envelope-from=tangtao1634@phytium.com.cn; helo=zg8tmty1ljiyny4xntqumjca.icoremail.net X-Spam_score_int: -25 X-Spam_score: -2.6 X-Spam_bar: -- X-Spam_report: (-2.6 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZM-MESSAGEID: 1771669173313158500 Content-Type: text/plain; charset="utf-8" Implement read/write handlers for the SMMU_S_INIT secure-only register. Writing INV_ALL provides a mechanism for software to perform a global invalidation of ALL caches within the SMMU, including IOTLBs and configuration caches across all security states. The MMIO dispatcher decodes the target register bank from the high bits of the offset and then switches on the 4KB page-local offset (offset & 0xfff), since registers that share the same function across banks use the same relative layout. S_INIT is a secure-only register and its A_S_INIT constant is currently defined as an absolute secure-window offset (0x803c), so it has no NS twin to reuse as a shared low-12-bit macro. As a one-off special case, the handler matches it via (A_S_INIT & 0xfff) to fit the relative-offset decode. This feature is critical for secure hypervisors like Hafnium, which use it as a final step in their SMMU initialization sequence to ensure a clean cache state before enabling translations. Signed-off-by: Tao Tang Reviewed-by: Pierrick Bouvier --- hw/arm/smmuv3.c | 37 +++++++++++++++++++++++++++++++++++++ hw/arm/trace-events | 1 + 2 files changed, 38 insertions(+) diff --git a/hw/arm/smmuv3.c b/hw/arm/smmuv3.c index d81485a6a46..6fd664a000f 100644 --- a/hw/arm/smmuv3.c +++ b/hw/arm/smmuv3.c @@ -373,6 +373,21 @@ static int smmu_get_ste(SMMUv3State *s, dma_addr_t add= r, STE *buf, =20 } =20 +static void smmuv3_invalidate_all_caches(SMMUv3State *s) +{ + SMMUState *bs =3D &s->smmu_state; + trace_smmuv3_invalidate_all_caches(); + + /* Clear all cached configs including STE and CD */ + if (bs->configs) { + g_hash_table_remove_all(bs->configs); + } + + /* Invalidate all SMMU IOTLB entries */ + smmu_inv_notifiers_all(&s->smmu_state); + smmu_iotlb_inv_all(bs, SMMU_SEC_SID_NUM); +} + static SMMUTranslationStatus smmuv3_do_translate(SMMUv3State *s, hwaddr ad= dr, SMMUTransCfg *cfg, SMMUEventInfo *event, @@ -2077,6 +2092,25 @@ static MemTxResult smmu_writel(SMMUv3State *s, hwadd= r offset, =20 bank->eventq_irq_cfg2 =3D data; break; + /* S_INIT is Secure-only. So match it as a one-off via & 0xfff. */ + case (A_S_INIT & 0xfff): + if (data & R_S_INIT_INV_ALL_MASK) { + /* + * If SMMU_ROOT_CR0.GPCEN =3D=3D 0, a write of 1 to INV_ALL wh= en any + * SMMU_(*_)CR0.SMMUEN =3D=3D 1, .... , is CONSTRAINED UNPREDI= CTABLE + * according to (IHI 0070G.b) 6.3.62 SMMU_S_INIT, Page 465. + */ + if (!smmuv3_smmu_disabled_stable(s, SMMU_SEC_SID_NS) || + !smmuv3_smmu_disabled_stable(s, SMMU_SEC_SID_S)) { + /* CONSTRAINED UNPREDICTABLE behavior: Ignore this write */ + qemu_log_mask(LOG_GUEST_ERROR, "S_INIT write ignored: " + "(S_)CR0.SMMUEN or (S_)CR0ACK.SMMUEN is set\= n"); + return MEMTX_OK; + } + smmuv3_invalidate_all_caches(s); + } + /* Synchronous emulation: invalidation completed instantly. */ + break; default: qemu_log_mask(LOG_UNIMP, "%s Unexpected 32-bit access to 0x%"PRIx64" (WI)\n", @@ -2277,6 +2311,9 @@ static MemTxResult smmu_readl(SMMUv3State *s, hwaddr = offset, case A_EVENTQ_CONS: *data =3D bank->eventq.cons; return MEMTX_OK; + case (A_S_INIT & 0xfff): + *data =3D 0; + return MEMTX_OK; default: *data =3D 0; qemu_log_mask(LOG_UNIMP, diff --git a/hw/arm/trace-events b/hw/arm/trace-events index 64f308a8d35..26f19f18cb7 100644 --- a/hw/arm/trace-events +++ b/hw/arm/trace-events @@ -64,6 +64,7 @@ smmuv3_cmdq_tlbi_s12_vmid(int vmid) "vmid=3D%d" smmuv3_notify_flag_add(const char *iommu) "ADD SMMUNotifier node for iommu= mr=3D%s" smmuv3_notify_flag_del(const char *iommu) "DEL SMMUNotifier node for iommu= mr=3D%s" smmuv3_inv_notifiers_iova(const char *name, int asid, int vmid, uint64_t i= ova, uint8_t tg, uint64_t num_pages, int stage) "iommu mr=3D%s asid=3D%d vm= id=3D%d iova=3D0x%"PRIx64" tg=3D%d num_pages=3D0x%"PRIx64" stage=3D%d" +smmuv3_invalidate_all_caches(void) "Invalidate all SMMU caches and TLBs" smmu_reset_exit(void) "" =20 #smmuv3-accel.c --=20 2.34.1 From nobody Sun Apr 12 00:58:07 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1771669170568320.4665730588749; Sat, 21 Feb 2026 02:19:30 -0800 (PST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vtk4r-0003VR-LL; Sat, 21 Feb 2026 05:19:11 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vtk4d-0003Bi-4e; Sat, 21 Feb 2026 05:18:57 -0500 Received: from sgoci-sdnproxy-4.icoremail.net ([129.150.39.64]) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vtk4b-0003Mt-0g; Sat, 21 Feb 2026 05:18:54 -0500 Received: from prodtpl.icoremail.net (unknown [10.12.1.20]) by hzbj-icmmx-6 (Coremail) with SMTP id AQAAfwCnftGIhplp3x9zAA--.745S2; Sat, 21 Feb 2026 18:18:48 +0800 (CST) Received: from phytium.com.cn (unknown [218.76.62.144]) by mail (Coremail) with SMTP id AQAAfwDXMO6Ehplpf04cAA--.34422S3; Sat, 21 Feb 2026 18:18:45 +0800 (CST) From: Tao Tang To: Eric Auger , Peter Maydell , "Michael S . Tsirkin" , Marcel Apfelbaum Cc: qemu-devel@nongnu.org, qemu-arm@nongnu.org, Chen Baozi , Pierrick Bouvier , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , Mostafa Saleh , Chao Liu , Tao Tang Subject: [RFC v4 26/31] hw/arm/smmuv3: Harden security checks in MMIO handlers Date: Sat, 21 Feb 2026 18:18:42 +0800 Message-Id: <20260221101842.2996840-1-tangtao1634@phytium.com.cn> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20260221100250.2976287-1-tangtao1634@phytium.com.cn> References: <20260221100250.2976287-1-tangtao1634@phytium.com.cn> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-CM-TRANSID: AQAAfwDXMO6Ehplpf04cAA--.34422S3 X-CM-SenderInfo: pwdqw3tdrrljuu6sx5pwlxzhxfrphubq/1tbiAQANBWmYzyUASQAAsb Authentication-Results: hzbj-icmmx-6; spf=neutral smtp.mail=tangtao163 4@phytium.com.cn; X-Coremail-Antispam: 1Uk129KBjvJXoWxGFykuF15Gw43Aw48Jw1kKrg_yoWrKr47pr 4kCr15Wr4DKa13Xan3Jw4DA3WFk3ykJrZxCrZxG3yUZayUGrs5JF10ka4YgFyDGryUZws7 WF4SyrWfur1jy3DanT9S1TB71UUUUUJqnTZGkaVYY2UrUUUUj1kv1TuYvTs0mT0YCTnIWj DUYxn0WfASr-VFAU7a7-sFnT9fnUUIcSsGvfJ3UbIYCTnIWIevJa73UjIFyTuYvj4RJUUU UUUUU Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=129.150.39.64; envelope-from=tangtao1634@phytium.com.cn; helo=sgoci-sdnproxy-4.icoremail.net X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZM-MESSAGEID: 1771669171159158500 Content-Type: text/plain; charset="utf-8" This patch hardens the security validation within the main MMIO dispatcher functions (smmu_read_mmio and smmu_write_mmio). First, accesses to the secure register space are now correctly gated by whether the SECURE_IMPL feature is enabled in the model. This prevents guest software from accessing the secure programming interface when it is disabled, though some registers are exempt from this check as per the architecture. Second, the check for the input stream's security is made more robust. It now validates not only the legacy MemTxAttrs.secure bit, but also the .space field. This improves compatibility with Arm security space handling. Signed-off-by: Tao Tang Reviewed-by: Pierrick Bouvier --- hw/arm/smmuv3.c | 80 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 80 insertions(+) diff --git a/hw/arm/smmuv3.c b/hw/arm/smmuv3.c index 6fd664a000f..0b8ea922851 100644 --- a/hw/arm/smmuv3.c +++ b/hw/arm/smmuv3.c @@ -1503,6 +1503,12 @@ static bool smmu_eventq_irq_cfg_writable(SMMUv3State= *s, SMMUSecSID sec_sid) return (FIELD_EX32(s->bank[sec_sid].irq_ctrl, IRQ_CTRL, EVENTQ_IRQEN) = =3D=3D 0); } =20 +/* Check if the SMMU hardware itself implements secure state features */ +static inline bool smmu_hw_secure_implemented(SMMUv3State *s) +{ + return FIELD_EX32(s->bank[SMMU_SEC_SID_S].idr[1], S_IDR1, SECURE_IMPL); +} + static int smmuv3_cmdq_consume(SMMUv3State *s, Error **errp, SMMUSecSID se= c_sid) { SMMUState *bs =3D ARM_SMMU(s); @@ -1795,6 +1801,63 @@ static int smmuv3_cmdq_consume(SMMUv3State *s, Error= **errp, SMMUSecSID sec_sid) return 0; } =20 +/* + * Check if a register is exempt from the secure implementation check. + * + * The SMMU architecture specifies that certain secure registers, such as + * the secure Event Queue IRQ configuration registers, must be accessible + * even if the full secure hardware is not implemented. This function + * identifies those registers. + * + * Returns true if the register is exempt, false otherwise. + */ +static bool is_secure_impl_exempt_reg(hwaddr offset) +{ + switch (offset) { + case A_S_EVENTQ_IRQ_CFG0: + case A_S_EVENTQ_IRQ_CFG1: + case A_S_EVENTQ_IRQ_CFG2: + return true; + default: + return false; + } +} + +/* + * Helper function for Secure register access validation. + * + * Follow S_IDR1.SECURE_IMPL accessibility rules for SMMU_S_*: + * - SECURE_IMPL =3D=3D 0: Secure state is not implemented; SMMU_S_* are = RAZ/WI to + * all accesses. + * - SECURE_IMPL =3D=3D 1: Non-secure accesses to SMMU_S_* are RAZ/WI. + */ +static bool smmu_check_secure_access(SMMUv3State *s, MemTxAttrs attrs, + hwaddr offset, bool is_read) +{ + /* Check if the access is secure */ + if (!(attrs.space =3D=3D ARMSS_Secure || + attrs.secure =3D=3D 1)) { + qemu_log_mask(LOG_GUEST_ERROR, + "%s: Non-secure %s attempt at offset 0x%" PRIx64 " (%s)\n", + __func__, is_read ? "read" : "write", offset, + is_read ? "RAZ" : "WI"); + return false; + } + + /* + * Check if the secure state is implemented. Some registers are exempt= ed + * from this check. + */ + if (!is_secure_impl_exempt_reg(offset) && !smmu_hw_secure_implemented(= s)) { + qemu_log_mask(LOG_GUEST_ERROR, + "%s: Secure %s attempt at offset 0x%" PRIx64 ". But Secure sta= te " + "is not implemented (RES0)\n", + __func__, is_read ? "read" : "write", offset); + return false; + } + return true; +} + static MemTxResult smmu_writell(SMMUv3State *s, hwaddr offset, uint64_t data, MemTxAttrs attrs, SMMUSecSID reg_sec_sid) @@ -2140,6 +2203,18 @@ static MemTxResult smmu_write_mmio(void *opaque, hwa= ddr offset, uint64_t data, * the same layout but is mapped starting at 0x8000(SMMU_SECURE_REG_ST= ART) */ if (offset >=3D SMMU_SECURE_REG_START) { + if (!smmu_check_secure_access(s, attrs, offset, false)) { + trace_smmuv3_write_mmio(offset, data, size, MEMTX_OK); + /* + * RAZ/WI/RES0 are deterministic register-level behaviors and = do not + * imply a bus protocol error or abort. Therefore we acknowled= ge the + * MMIO transaction with MEMTX_OK and implement + * "Read-As-Zero / Write-Ignored" in the register model, inste= ad of + * returning MEMTX_*_ERROR which is reserved for real decode/a= ccess + * failures. + */ + return MEMTX_OK; + } reg_sec_sid =3D SMMU_SEC_SID_S; } =20 @@ -2334,6 +2409,11 @@ static MemTxResult smmu_read_mmio(void *opaque, hwad= dr offset, uint64_t *data, /* CONSTRAINED UNPREDICTABLE choice to have page0/1 be exact aliases */ offset &=3D ~0x10000; if (offset >=3D SMMU_SECURE_REG_START) { + if (!smmu_check_secure_access(s, attrs, offset, true)) { + *data =3D 0; + trace_smmuv3_read_mmio(offset, *data, size, MEMTX_OK); + return MEMTX_OK; + } reg_sec_sid =3D SMMU_SEC_SID_S; } =20 --=20 2.34.1 From nobody Sun Apr 12 00:58:07 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 17716691683370.613963171116211; Sat, 21 Feb 2026 02:19:28 -0800 (PST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vtk51-0003cN-4p; Sat, 21 Feb 2026 05:19:20 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vtk4j-0003Ij-93; Sat, 21 Feb 2026 05:19:01 -0500 Received: from sgoci-sdnproxy-4.icoremail.net ([129.150.39.64]) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vtk4g-0003rW-QN; Sat, 21 Feb 2026 05:19:00 -0500 Received: from prodtpl.icoremail.net (unknown [10.12.1.20]) by hzbj-icmmx-7 (Coremail) with SMTP id AQAAfwC3vJiOhplpD7BVBw--.4499S2; Sat, 21 Feb 2026 18:18:54 +0800 (CST) Received: from phytium.com.cn (unknown [218.76.62.144]) by mail (Coremail) with SMTP id AQAAfwD3TeuNhplpgE4cAA--.34143S3; Sat, 21 Feb 2026 18:18:53 +0800 (CST) From: Tao Tang To: Eric Auger , Peter Maydell , "Michael S . Tsirkin" , Marcel Apfelbaum Cc: qemu-devel@nongnu.org, qemu-arm@nongnu.org, Chen Baozi , Pierrick Bouvier , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , Mostafa Saleh , Chao Liu , Tao Tang Subject: [RFC v4 27/31] hw/pci: Add sec-sid property to PCIDevice Date: Sat, 21 Feb 2026 18:18:50 +0800 Message-Id: <20260221101850.2996913-1-tangtao1634@phytium.com.cn> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20260221100250.2976287-1-tangtao1634@phytium.com.cn> References: <20260221100250.2976287-1-tangtao1634@phytium.com.cn> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-CM-TRANSID: AQAAfwD3TeuNhplpgE4cAA--.34143S3 X-CM-SenderInfo: pwdqw3tdrrljuu6sx5pwlxzhxfrphubq/1tbiAQANBWmYzyUASwAAsZ Authentication-Results: hzbj-icmmx-7; spf=neutral smtp.mail=tangtao163 4@phytium.com.cn; X-Coremail-Antispam: 1Uk129KBjvJXoW7Cr4UJr48ZFyktw1xWF45KFg_yoW8uF1fpF Z3AFyIkrs5Ga4Ik3yIqa17CrZrCFZ3K3yYkrWj9r17CF47Ary5Xay5KFyj9w40qrZ5uF1j ka4jyFy8ur1DZFJanT9S1TB71UUUUUDqnTZGkaVYY2UrUUUUj1kv1TuYvTs0mT0YCTnIWj DUYxn0WfASr-VFAU7a7-sFnT9fnUUIcSsGvfJ3UbIYCTnIWIevJa73UjIFyTuYvj4RJUUU UUUUU Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=129.150.39.64; envelope-from=tangtao1634@phytium.com.cn; helo=sgoci-sdnproxy-4.icoremail.net X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZM-MESSAGEID: 1771669169653158500 Content-Type: text/plain; charset="utf-8" Arm SMMUv3 uses a SEC_SID (StreamID Security state) to determine the security state of the programming interface that controls a transaction. The architecture explicitly states that the association between a device and its SEC_SID is a system-defined property, not something derived from the physical address space. We need a way to represent this system-defined SEC_SID for PCI devices if we want to implement SMMU's Secure state. So that SMMUv3 can select the correct register bank and configuration when handling their streams. This patch adds a new char *sec_sid field to PCIDevice, together with a "sec-sid" QOM property. The property is intended to carry the platform-defined SEC_SID for the device; for now only Non-secure and Secure security states are supported. Future RME-DA/TDISP work will use the PCIe TDISP/DTI protocol to model Realm and Non-secure streams, instead of extending this static field. Signed-off-by: Tao Tang Reviewed-by: Pierrick Bouvier --- hw/pci/pci.c | 7 +++++++ include/hw/pci/pci_device.h | 3 +++ 2 files changed, 10 insertions(+) diff --git a/hw/pci/pci.c b/hw/pci/pci.c index 90d6d71efdc..aca0509f705 100644 --- a/hw/pci/pci.c +++ b/hw/pci/pci.c @@ -98,6 +98,13 @@ static const Property pci_props[] =3D { DEFINE_PROP_STRING("sriov-pf", PCIDevice, sriov_pf), DEFINE_PROP_BIT("x-pcie-ext-tag", PCIDevice, cap_present, QEMU_PCIE_EXT_TAG_BITNR, true), + + /* + * System-defined, statically configured SEC_SID for this PCI device, = used + * by Arm SMMU. Only support "non-secure" and "secure" security states. + */ + DEFINE_PROP_STRING("sec-sid", PCIDevice, sec_sid), + { .name =3D "busnr", .info =3D &prop_pci_busnr }, }; =20 diff --git a/include/hw/pci/pci_device.h b/include/hw/pci/pci_device.h index 88ccea50113..47ed4a13e40 100644 --- a/include/hw/pci/pci_device.h +++ b/include/hw/pci/pci_device.h @@ -184,6 +184,9 @@ struct PCIDevice { uint32_t max_bounce_buffer_size; =20 char *sriov_pf; + + /* Arm SMMU SEC_SID */ + char *sec_sid; }; =20 static inline int pci_intx(PCIDevice *pci_dev) --=20 2.34.1 From nobody Sun Apr 12 00:58:07 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1771669189143783.029364425758; Sat, 21 Feb 2026 02:19:49 -0800 (PST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vtk58-0003zT-CW; Sat, 21 Feb 2026 05:19:26 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vtk52-0003gP-Dc; Sat, 21 Feb 2026 05:19:21 -0500 Received: from sgoci-sdnproxy-4.icoremail.net ([129.150.39.64]) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vtk4z-0004hB-U6; Sat, 21 Feb 2026 05:19:20 -0500 Received: from prodtpl.icoremail.net (unknown [10.12.1.20]) by hzbj-icmmx-7 (Coremail) with SMTP id AQAAfwCXnJihhplpVrBVBw--.3782S2; Sat, 21 Feb 2026 18:19:13 +0800 (CST) Received: from phytium.com.cn (unknown [218.76.62.144]) by mail (Coremail) with SMTP id AQAAfwDXMO6ehplpg04cAA--.34423S3; Sat, 21 Feb 2026 18:19:10 +0800 (CST) From: Tao Tang To: Eric Auger , Peter Maydell , "Michael S . Tsirkin" , Marcel Apfelbaum Cc: qemu-devel@nongnu.org, qemu-arm@nongnu.org, Chen Baozi , Pierrick Bouvier , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , Mostafa Saleh , Chao Liu , Tao Tang Subject: [RFC v4 28/31] hw/arm/smmuv3: Select sec-sid from PCI property and validate SECURE_IMPL Date: Sat, 21 Feb 2026 18:19:07 +0800 Message-Id: <20260221101907.2997408-1-tangtao1634@phytium.com.cn> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20260221100250.2976287-1-tangtao1634@phytium.com.cn> References: <20260221100250.2976287-1-tangtao1634@phytium.com.cn> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-CM-TRANSID: AQAAfwDXMO6ehplpg04cAA--.34423S3 X-CM-SenderInfo: pwdqw3tdrrljuu6sx5pwlxzhxfrphubq/1tbiAQANBWmYzyUATQAAsf Authentication-Results: hzbj-icmmx-7; spf=neutral smtp.mail=tangtao163 4@phytium.com.cn; X-Coremail-Antispam: 1Uk129KBjvJXoW3AFyxAFWfXFWfKryfuFW5GFg_yoWxXF1kpF W8AFn8tryUGF93ursayw4293WYqan7GF1fJrW3ua95C347JrykJr40kw12vrWDWrWqya17 ZayIgFWDur17ZrJanT9S1TB71UUUUU7qnTZGkaVYY2UrUUUUj1kv1TuYvTs0mT0YCTnIWj DUYxn0WfASr-VFAU7a7-sFnT9fnUUIcSsGvfJ3UbIYCTnIWIevJa73UjIFyTuYvj4RJUUU UUUUU Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=129.150.39.64; envelope-from=tangtao1634@phytium.com.cn; helo=sgoci-sdnproxy-4.icoremail.net X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZM-MESSAGEID: 1771669191268158500 Content-Type: text/plain; charset="utf-8" Parse each PCI device's sec-sid property during SMMU device initialization and cache it in SMMUDevice::sec_sid. Support "non-secure" and "secure", default to non-secure when unspecified, and reject invalid values with an explicit error. Use sdev->sec_sid in smmuv3_translate() to select the register bank instead of hardcoding the non-secure context. Keep sec-sid parsing in smmu-common, and add a SMMUv3-specific validation hook to enforce architectural constraints: fail fast when sec-sid=3Dsecure while SMMU_S_IDR1.SECURE_IMPL is 0 or secure AS is not available. Typically, SEC_SID is a system-defined attribute (e.g. sideband or tied-off) rather than something a PCIe endpoint can freely toggle in pre-RME scenario. So this PCI sec-sid property is used as a static platform/testing knob to drive the SMMU bank selection. For future RME-DA + TDISP, this will need to become dynamic: the effective state for PCIe requests is derived from PCIe IDE/TDISP T/XT (e.g. SEC_SID =3D (XT || T) ? Realm : Non-secure), so we'll switch from a static property to a runtime per-device state update when that plumbing is added. Signed-off-by: Tao Tang Reviewed-by: Pierrick Bouvier --- hw/arm/smmu-common.c | 37 ++++++++++++++++++++++++++++++++++++ hw/arm/smmuv3.c | 34 ++++++++++++++++++++++++++++++++- include/hw/arm/smmu-common.h | 2 ++ 3 files changed, 72 insertions(+), 1 deletion(-) diff --git a/hw/arm/smmu-common.c b/hw/arm/smmu-common.c index 5dece2024a4..b0a238abe93 100644 --- a/hw/arm/smmu-common.c +++ b/hw/arm/smmu-common.c @@ -21,6 +21,7 @@ #include "exec/target_page.h" #include "hw/core/cpu.h" #include "hw/pci/pci_bridge.h" +#include "hw/pci/pci_device.h" #include "hw/core/qdev-properties.h" #include "qapi/error.h" #include "qemu/jhash.h" @@ -1071,14 +1072,50 @@ SMMUPciBus *smmu_find_smmu_pcibus(SMMUState *s, uin= t8_t bus_num) return NULL; } =20 +static SMMUSecSID smmu_parse_pci_sec_sid(PCIDevice *pdev, int bus_num, + int devfn) +{ + const char *sec_sid; + + if (!pdev || !pdev->sec_sid) { + return SMMU_SEC_SID_NS; + } + + sec_sid =3D pdev->sec_sid; + if (!strcmp(sec_sid, "non-secure")) { + return SMMU_SEC_SID_NS; + } + if (!strcmp(sec_sid, "secure")) { + return SMMU_SEC_SID_S; + } + + error_report("Invalid sec-sid value '%s' for PCI device %02x:%02x.%x; " + "allowed values: non-secure or secure (case-sensitive)", + sec_sid, bus_num, PCI_SLOT(devfn), PCI_FUNC(devfn)); + exit(EXIT_FAILURE); +} + void smmu_init_sdev(SMMUState *s, SMMUDevice *sdev, PCIBus *bus, int devfn) { static unsigned int index; g_autofree char *name =3D g_strdup_printf("%s-%d-%d", s->mrtypename, d= evfn, index++); + SMMUBaseClass *sbc =3D ARM_SMMU_GET_CLASS(s); + PCIDevice *pdev; + int bus_num; + sdev->smmu =3D s; sdev->bus =3D bus; sdev->devfn =3D devfn; + sdev->sec_sid =3D SMMU_SEC_SID_NS; + + bus_num =3D pci_bus_num(bus); + pdev =3D pci_find_device(bus, bus_num, devfn); + sdev->sec_sid =3D smmu_parse_pci_sec_sid(pdev, bus_num, devfn); + if (sbc->validate_sec_sid && + !sbc->validate_sec_sid(s, sdev, bus_num)) { + exit(EXIT_FAILURE); + } =20 memory_region_init_iommu(&sdev->iommu, sizeof(sdev->iommu), s->mrtypename, OBJECT(s), name, UINT64_MAX); diff --git a/hw/arm/smmuv3.c b/hw/arm/smmuv3.c index 0b8ea922851..57a063b5e5d 100644 --- a/hw/arm/smmuv3.c +++ b/hw/arm/smmuv3.c @@ -1116,7 +1116,7 @@ static IOMMUTLBEntry smmuv3_translate(IOMMUMemoryRegi= on *mr, hwaddr addr, SMMUDevice *sdev =3D container_of(mr, SMMUDevice, iommu); SMMUv3State *s =3D sdev->smmu; uint32_t sid =3D smmu_get_sid(sdev); - SMMUSecSID sec_sid =3D SMMU_SEC_SID_NS; + SMMUSecSID sec_sid =3D sdev->sec_sid; SMMUv3RegBank *bank =3D smmuv3_bank(s, sec_sid); SMMUEventInfo event =3D {.type =3D SMMU_EVT_NONE, .sid =3D sid, @@ -1509,6 +1509,36 @@ static inline bool smmu_hw_secure_implemented(SMMUv3= State *s) return FIELD_EX32(s->bank[SMMU_SEC_SID_S].idr[1], S_IDR1, SECURE_IMPL); } =20 +static bool smmuv3_validate_sec_sid(SMMUState *bs, SMMUDevice *sdev, + int bus_num) +{ + SMMUv3State *s =3D ARM_SMMUV3(bs); + bool secure_as_available =3D bs->secure_memory && + bs->secure_memory_as.root !=3D NULL; + + if (sdev->sec_sid !=3D SMMU_SEC_SID_S) { + return true; + } + + if (!smmu_hw_secure_implemented(s)) { + error_report("Invalid sec-sid value 'secure' for PCI device " + "%02x:%02x.%x: S_IDR1.SECURE_IMPL is 0, so only " + "non-secure is allowed", + bus_num, PCI_SLOT(sdev->devfn), PCI_FUNC(sdev->devfn)= ); + return false; + } + + if (!secure_as_available) { + error_report("Invalid sec-sid value 'secure' for PCI device " + "%02x:%02x.%x: secure-memory address space is not " + "configured", + bus_num, PCI_SLOT(sdev->devfn), PCI_FUNC(sdev->devfn)= ); + return false; + } + + return true; +} + static int smmuv3_cmdq_consume(SMMUv3State *s, Error **errp, SMMUSecSID se= c_sid) { SMMUState *bs =3D ARM_SMMU(s); @@ -2664,6 +2694,7 @@ static void smmuv3_class_init(ObjectClass *klass, con= st void *data) DeviceClass *dc =3D DEVICE_CLASS(klass); ResettableClass *rc =3D RESETTABLE_CLASS(klass); SMMUv3Class *c =3D ARM_SMMUV3_CLASS(klass); + SMMUBaseClass *sbc =3D ARM_SMMU_CLASS(klass); =20 dc->vmsd =3D &vmstate_smmuv3; resettable_class_set_parent_phases(rc, NULL, NULL, smmu_reset_exit, @@ -2673,6 +2704,7 @@ static void smmuv3_class_init(ObjectClass *klass, con= st void *data) device_class_set_props(dc, smmuv3_properties); dc->hotpluggable =3D false; dc->user_creatable =3D true; + sbc->validate_sec_sid =3D smmuv3_validate_sec_sid; =20 object_class_property_set_description(klass, "accel", "Enable SMMUv3 accelerator support. Allows host SMMUv3 to be " diff --git a/include/hw/arm/smmu-common.h b/include/hw/arm/smmu-common.h index d05cf6ae53b..c74f66a1bb9 100644 --- a/include/hw/arm/smmu-common.h +++ b/include/hw/arm/smmu-common.h @@ -144,6 +144,7 @@ typedef struct SMMUDevice { void *smmu; PCIBus *bus; int devfn; + SMMUSecSID sec_sid; IOMMUMemoryRegion iommu; AddressSpace as; uint32_t cfg_cache_hits; @@ -204,6 +205,7 @@ struct SMMUBaseClass { /*< public >*/ =20 DeviceRealize parent_realize; + bool (*validate_sec_sid)(struct SMMUState *s, SMMUDevice *sdev, int bu= s_num); =20 }; =20 --=20 2.34.1 From nobody Sun Apr 12 00:58:07 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1771669187488961.2445781935073; Sat, 21 Feb 2026 02:19:47 -0800 (PST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vtk5G-0004Hr-6j; Sat, 21 Feb 2026 05:19:34 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vtk58-00040E-DB; Sat, 21 Feb 2026 05:19:26 -0500 Received: from zg8tmtyylji0my4xnjqumte4.icoremail.net ([162.243.164.118]) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vtk56-0004hh-R9; Sat, 21 Feb 2026 05:19:26 -0500 Received: from prodtpl.icoremail.net (unknown [10.12.1.20]) by hzbj-icmmx-7 (Coremail) with SMTP id AQAAfwCXnJirhplpgbBVBw--.3766S2; Sat, 21 Feb 2026 18:19:23 +0800 (CST) Received: from phytium.com.cn (unknown [218.76.62.144]) by mail (Coremail) with SMTP id AQAAfwCX7+yohplphU4cAA--.49442S3; Sat, 21 Feb 2026 18:19:20 +0800 (CST) From: Tao Tang To: Eric Auger , Peter Maydell , "Michael S . Tsirkin" , Marcel Apfelbaum Cc: qemu-devel@nongnu.org, qemu-arm@nongnu.org, Chen Baozi , Pierrick Bouvier , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , Mostafa Saleh , Chao Liu , Tao Tang Subject: [RFC v4 29/31] hw/arm/smmuv3: Initialize the secure register bank Date: Sat, 21 Feb 2026 18:19:18 +0800 Message-Id: <20260221101918.2997679-1-tangtao1634@phytium.com.cn> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20260221100250.2976287-1-tangtao1634@phytium.com.cn> References: <20260221100250.2976287-1-tangtao1634@phytium.com.cn> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-CM-TRANSID: AQAAfwCX7+yohplphU4cAA--.49442S3 X-CM-SenderInfo: pwdqw3tdrrljuu6sx5pwlxzhxfrphubq/1tbiAQANBWmYzyUATwAAsd Authentication-Results: hzbj-icmmx-7; spf=neutral smtp.mail=tangtao163 4@phytium.com.cn; X-Coremail-Antispam: 1Uk129KBjvJXoW7tFyDZF1Dur45ZrWrCrWDCFg_yoW8uFyfpa nrA3Z0kw1UKF1fW39xAw4UAr1aqr4Iqwn8Cry7GF13Cw15GryrXFWDK34rWa4IvrZ8Ww45 GFnagFZ0vw15A3DanT9S1TB71UUUUU7qnTZGkaVYY2UrUUUUj1kv1TuYvTs0mT0YCTnIWj DUYxn0WfASr-VFAU7a7-sFnT9fnUUIcSsGvfJ3UbIYCTnIWIevJa73UjIFyTuYvj4RJUUU UUUUU Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=162.243.164.118; envelope-from=tangtao1634@phytium.com.cn; helo=zg8tmtyylji0my4xnjqumte4.icoremail.net X-Spam_score_int: -25 X-Spam_score: -2.6 X-Spam_bar: -- X-Spam_report: (-2.6 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZM-MESSAGEID: 1771669189177158500 Content-Type: text/plain; charset="utf-8" Initialize the secure register bank (SMMU_SEC_SID_S) with sane default values during the SMMU's reset sequence. This change ensures that key fields, such as the secure ID registers, GBPA reset value, and queue entry sizes, are set to a known-good state. The SECURE_IMPL attribute of the S_IDR1 register will be introduced later via device properties. This is a necessary step to prevent undefined behavior when secure SMMU features are subsequently enabled and used by software. Signed-off-by: Tao Tang Reviewed-by: Pierrick Bouvier --- hw/arm/smmuv3.c | 27 ++++++++++++++++++++++++++- 1 file changed, 26 insertions(+), 1 deletion(-) diff --git a/hw/arm/smmuv3.c b/hw/arm/smmuv3.c index 57a063b5e5d..f0fbc5fc96b 100644 --- a/hw/arm/smmuv3.c +++ b/hw/arm/smmuv3.c @@ -321,7 +321,12 @@ static void smmuv3_init_id_regs(SMMUv3State *s) bk->idr[5] =3D FIELD_DP32(bk->idr[5], IDR5, GRAN4K, 1); bk->idr[5] =3D FIELD_DP32(bk->idr[5], IDR5, GRAN16K, 1); bk->idr[5] =3D FIELD_DP32(bk->idr[5], IDR5, GRAN64K, 1); - s->aidr =3D 0x1; + + /* Initialize Secure bank */ + SMMUv3RegBank *sbk =3D smmuv3_bank(s, SMMU_SEC_SID_S); + memset(sbk->idr, 0, sizeof(sbk->idr)); + sbk->idr[0] =3D FIELD_DP32(bk->idr[0], S_IDR0, STALL_MODEL, 1); /* No = stall */ + sbk->idr[1] =3D FIELD_DP32(sbk->idr[1], S_IDR1, S_SIDSIZE, SMMU_IDR1_S= IDSIZE); smmuv3_accel_idr_override(s); } =20 @@ -347,6 +352,26 @@ static void smmuv3_reset(SMMUv3State *s) bk->gerrorn =3D 0; bk->gbpa =3D SMMU_GBPA_RESET_VAL; =20 + SMMUv3RegBank *sbk =3D smmuv3_bank(s, SMMU_SEC_SID_S); + + sbk->cmdq.base =3D deposit64(sbk->cmdq.base, 0, 5, SMMU_CMDQS); + sbk->cmdq.prod =3D 0; + sbk->cmdq.cons =3D 0; + sbk->cmdq.entry_size =3D sizeof(struct Cmd); + sbk->eventq.base =3D deposit64(sbk->eventq.base, 0, 5, SMMU_EVENTQS); + sbk->eventq.prod =3D 0; + sbk->eventq.cons =3D 0; + sbk->eventq.entry_size =3D sizeof(struct Evt); + + sbk->features =3D 0; + sbk->sid_split =3D 0; + sbk->cr[0] =3D 0; + sbk->cr0ack =3D 0; + sbk->irq_ctrl =3D 0; + sbk->gerror =3D 0; + sbk->gerrorn =3D 0; + sbk->gbpa =3D SMMU_GBPA_RESET_VAL; + s->aidr =3D 0x1; s->statusr =3D 0; } --=20 2.34.1 From nobody Sun Apr 12 00:58:07 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1771669186504943.0458882799161; Sat, 21 Feb 2026 02:19:46 -0800 (PST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vtk5I-0004hZ-Jc; Sat, 21 Feb 2026 05:19:36 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vtk5G-0004M4-F2; Sat, 21 Feb 2026 05:19:34 -0500 Received: from zg8tmja5ljk3lje4ms43mwaa.icoremail.net ([209.97.181.73]) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vtk5E-0004iC-Qs; Sat, 21 Feb 2026 05:19:34 -0500 Received: from prodtpl.icoremail.net (unknown [10.12.1.20]) by hzbj-icmmx-7 (Coremail) with SMTP id AQAAfwBnb2OyhplprLBVBw--.4868S2; Sat, 21 Feb 2026 18:19:30 +0800 (CST) Received: from phytium.com.cn (unknown [218.76.62.144]) by mail (Coremail) with SMTP id AQAAfwDnQO6whplphk4cAA--.49134S3; Sat, 21 Feb 2026 18:19:28 +0800 (CST) From: Tao Tang To: Eric Auger , Peter Maydell , "Michael S . Tsirkin" , Marcel Apfelbaum Cc: qemu-devel@nongnu.org, qemu-arm@nongnu.org, Chen Baozi , Pierrick Bouvier , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , Mostafa Saleh , Chao Liu , Tao Tang Subject: [RFC v4 30/31] hw/arm/smmuv3: Add secure bank migration and secure-impl property Date: Sat, 21 Feb 2026 18:19:26 +0800 Message-Id: <20260221101926.2997959-1-tangtao1634@phytium.com.cn> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20260221100250.2976287-1-tangtao1634@phytium.com.cn> References: <20260221100250.2976287-1-tangtao1634@phytium.com.cn> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-CM-TRANSID: AQAAfwDnQO6whplphk4cAA--.49134S3 X-CM-SenderInfo: pwdqw3tdrrljuu6sx5pwlxzhxfrphubq/1tbiAQANBWmYzyUAUQAAsD Authentication-Results: hzbj-icmmx-7; spf=neutral smtp.mail=tangtao163 4@phytium.com.cn; X-Coremail-Antispam: 1Uk129KBjvJXoWxXFykZF1rGr17Xw1UKr13XFb_yoWrXF17pr s8C3Z8GryDGF47Zr43Jw4rCFs5Cr4rGF4YkrZrCFZ3ta1kt3y7Xrnrt3y8u3s7JrWUXw47 uF1xuFZrJw4UArJanT9S1TB71UUUUU7qnTZGkaVYY2UrUUUUj1kv1TuYvTs0mT0YCTnIWj DUYxn0WfASr-VFAU7a7-sFnT9fnUUIcSsGvfJ3UbIYCTnIWIevJa73UjIFyTuYvj4RJUUU UUUUU Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=209.97.181.73; envelope-from=tangtao1634@phytium.com.cn; helo=zg8tmja5ljk3lje4ms43mwaa.icoremail.net X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZM-MESSAGEID: 1771669187211158500 Content-Type: text/plain; charset="utf-8" Add a secure-impl device property and advertise it through S_IDR1.SECURE_IMPL. Usage: -global arm-smmuv3,secure-impl=3Dtrue Add the smmuv3/bank_s migration subsection for the secure register bank. Serialize secure bank state including GBPA, IRQ config, stream table and queue state. Signed-off-by: Tao Tang Reviewed-by: Pierrick Bouvier --- hw/arm/smmuv3.c | 56 +++++++++++++++++++++++++++++++++++++++++ include/hw/arm/smmuv3.h | 2 ++ 2 files changed, 58 insertions(+) diff --git a/hw/arm/smmuv3.c b/hw/arm/smmuv3.c index f0fbc5fc96b..678cbd584e2 100644 --- a/hw/arm/smmuv3.c +++ b/hw/arm/smmuv3.c @@ -327,6 +327,7 @@ static void smmuv3_init_id_regs(SMMUv3State *s) memset(sbk->idr, 0, sizeof(sbk->idr)); sbk->idr[0] =3D FIELD_DP32(bk->idr[0], S_IDR0, STALL_MODEL, 1); /* No = stall */ sbk->idr[1] =3D FIELD_DP32(sbk->idr[1], S_IDR1, S_SIDSIZE, SMMU_IDR1_S= IDSIZE); + sbk->idr[1] =3D FIELD_DP32(sbk->idr[1], S_IDR1, SECURE_IMPL, s->secure= _impl); smmuv3_accel_idr_override(s); } =20 @@ -2632,6 +2633,54 @@ static const VMStateDescription vmstate_smmuv3_queue= =3D { }, }; =20 +static const VMStateDescription vmstate_smmuv3_secure_bank =3D { + .name =3D "smmuv3_secure_bank", + .version_id =3D 1, + .minimum_version_id =3D 1, + .fields =3D (const VMStateField[]) { + VMSTATE_UINT32(features, SMMUv3RegBank), + VMSTATE_UINT8(sid_split, SMMUv3RegBank), + VMSTATE_UINT32_ARRAY(cr, SMMUv3RegBank, 3), + VMSTATE_UINT32(cr0ack, SMMUv3RegBank), + VMSTATE_UINT32(gbpa, SMMUv3RegBank), + VMSTATE_UINT32(irq_ctrl, SMMUv3RegBank), + VMSTATE_UINT32(gerror, SMMUv3RegBank), + VMSTATE_UINT32(gerrorn, SMMUv3RegBank), + VMSTATE_UINT64(gerror_irq_cfg0, SMMUv3RegBank), + VMSTATE_UINT32(gerror_irq_cfg1, SMMUv3RegBank), + VMSTATE_UINT32(gerror_irq_cfg2, SMMUv3RegBank), + VMSTATE_UINT64(strtab_base, SMMUv3RegBank), + VMSTATE_UINT32(strtab_base_cfg, SMMUv3RegBank), + VMSTATE_UINT64(eventq_irq_cfg0, SMMUv3RegBank), + VMSTATE_UINT32(eventq_irq_cfg1, SMMUv3RegBank), + VMSTATE_UINT32(eventq_irq_cfg2, SMMUv3RegBank), + VMSTATE_STRUCT(cmdq, SMMUv3RegBank, 0, + vmstate_smmuv3_queue, SMMUQueue), + VMSTATE_STRUCT(eventq, SMMUv3RegBank, 0, + vmstate_smmuv3_queue, SMMUQueue), + VMSTATE_END_OF_LIST(), + }, +}; + +static bool smmuv3_secure_bank_needed(void *opaque) +{ + SMMUv3State *s =3D opaque; + + return s->secure_impl; +} + +static const VMStateDescription vmstate_smmuv3_bank_s =3D { + .name =3D "smmuv3/bank_s", + .version_id =3D 1, + .minimum_version_id =3D 1, + .needed =3D smmuv3_secure_bank_needed, + .fields =3D (const VMStateField[]) { + VMSTATE_STRUCT(bank[SMMU_SEC_SID_S], SMMUv3State, 0, + vmstate_smmuv3_secure_bank, SMMUv3RegBank), + VMSTATE_END_OF_LIST(), + }, +}; + static bool smmuv3_gbpa_needed(void *opaque) { SMMUv3State *s =3D opaque; @@ -2686,6 +2735,7 @@ static const VMStateDescription vmstate_smmuv3 =3D { }, .subsections =3D (const VMStateDescription * const []) { &vmstate_gbpa, + &vmstate_smmuv3_bank_s, NULL } }; @@ -2707,6 +2757,12 @@ static const Property smmuv3_properties[] =3D { DEFINE_PROP_BOOL("ats", SMMUv3State, ats, false), DEFINE_PROP_UINT8("oas", SMMUv3State, oas, 44), DEFINE_PROP_UINT8("ssidsize", SMMUv3State, ssidsize, 0), + /* + * SECURE_IMPL field in S_IDR1 register. + * Indicates whether secure state is implemented. + * Defaults to false (0) + */ + DEFINE_PROP_BOOL("secure-impl", SMMUv3State, secure_impl, false), }; =20 static void smmuv3_instance_init(Object *obj) diff --git a/include/hw/arm/smmuv3.h b/include/hw/arm/smmuv3.h index d07bdfa1f27..79ce7c754c4 100644 --- a/include/hw/arm/smmuv3.h +++ b/include/hw/arm/smmuv3.h @@ -78,6 +78,8 @@ struct SMMUv3State { bool ats; uint8_t oas; uint8_t ssidsize; + + bool secure_impl; }; =20 typedef enum { --=20 2.34.1 From nobody Sun Apr 12 00:58:07 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1771669192835497.0454219415668; Sat, 21 Feb 2026 02:19:52 -0800 (PST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vtk5R-0005Tv-1C; Sat, 21 Feb 2026 05:19:45 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vtk5P-0005O8-Om; Sat, 21 Feb 2026 05:19:43 -0500 Received: from zg8tmtyylji0my4xnjqumte4.icoremail.net ([162.243.164.118]) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vtk5O-0004it-8u; Sat, 21 Feb 2026 05:19:43 -0500 Received: from prodtpl.icoremail.net (unknown [10.12.1.20]) by hzbj-icmmx-7 (Coremail) with SMTP id AQAAfwA3PJi7hplp17BVBw--.3967S2; Sat, 21 Feb 2026 18:19:39 +0800 (CST) Received: from phytium.com.cn (unknown [218.76.62.144]) by mail (Coremail) with SMTP id AQAAfwBHoe66hplpiE4cAA--.34537S3; Sat, 21 Feb 2026 18:19:39 +0800 (CST) From: Tao Tang To: Eric Auger , Peter Maydell , "Michael S . Tsirkin" , Marcel Apfelbaum Cc: qemu-devel@nongnu.org, qemu-arm@nongnu.org, Chen Baozi , Pierrick Bouvier , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , Mostafa Saleh , Chao Liu , Tao Tang Subject: [RFC v4 31/31] [NOT-MERGE] hw/arm/smmuv3: temporarily enable SEL2 bit and sone other features Date: Sat, 21 Feb 2026 18:19:33 +0800 Message-Id: <20260221101933.2998060-1-tangtao1634@phytium.com.cn> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20260221100250.2976287-1-tangtao1634@phytium.com.cn> References: <20260221100250.2976287-1-tangtao1634@phytium.com.cn> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-CM-TRANSID: AQAAfwBHoe66hplpiE4cAA--.34537S3 X-CM-SenderInfo: pwdqw3tdrrljuu6sx5pwlxzhxfrphubq/1tbiAQANBWmYzyUAUwAAsB Authentication-Results: hzbj-icmmx-7; spf=neutral smtp.mail=tangtao163 4@phytium.com.cn; X-Coremail-Antispam: 1Uk129KBjvJXoW7KFyrCw1fXryxtF1xKFykKrg_yoW8Wr43pF 1DAr98K3yqkw13Z34DAw4xCF13X395Krnayr47WrWYvw1jvr18X3yvg3W5KryI9rZ5Ar47 uFn29a9Yqw1Fvw7anT9S1TB71UUUUU7qnTZGkaVYY2UrUUUUj1kv1TuYvTs0mT0YCTnIWj DUYxn0WfASr-VFAU7a7-sFnT9fnUUIcSsGvfJ3UbIYCTnIWIevJa73UjIFyTuYvj4RJUUU UUUUU Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=162.243.164.118; envelope-from=tangtao1634@phytium.com.cn; helo=zg8tmtyylji0my4xnjqumte4.icoremail.net X-Spam_score_int: -25 X-Spam_score: -2.6 X-Spam_bar: -- X-Spam_report: (-2.6 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZM-MESSAGEID: 1771669195169158500 Content-Type: text/plain; charset="utf-8" Temporarily: - enable S_IDR1.SEL2, - change AIDR to 0x2 to indicate SMMUv3.2, - use smaller SID size and Cmd/Evt queue size. Signed-off-by: Tao Tang Tested-by: Pierrick Bouvier --- hw/arm/smmuv3.c | 3 ++- include/hw/arm/smmuv3-common.h | 6 +++--- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/hw/arm/smmuv3.c b/hw/arm/smmuv3.c index 678cbd584e2..332feb28787 100644 --- a/hw/arm/smmuv3.c +++ b/hw/arm/smmuv3.c @@ -328,6 +328,7 @@ static void smmuv3_init_id_regs(SMMUv3State *s) sbk->idr[0] =3D FIELD_DP32(bk->idr[0], S_IDR0, STALL_MODEL, 1); /* No = stall */ sbk->idr[1] =3D FIELD_DP32(sbk->idr[1], S_IDR1, S_SIDSIZE, SMMU_IDR1_S= IDSIZE); sbk->idr[1] =3D FIELD_DP32(sbk->idr[1], S_IDR1, SECURE_IMPL, s->secure= _impl); + sbk->idr[1] =3D FIELD_DP32(sbk->idr[1], S_IDR1, SEL2, 1); smmuv3_accel_idr_override(s); } =20 @@ -373,7 +374,7 @@ static void smmuv3_reset(SMMUv3State *s) sbk->gerrorn =3D 0; sbk->gbpa =3D SMMU_GBPA_RESET_VAL; =20 - s->aidr =3D 0x1; + s->aidr =3D 0x2; /* SMMUv3.2 */ s->statusr =3D 0; } =20 diff --git a/include/hw/arm/smmuv3-common.h b/include/hw/arm/smmuv3-common.h index c40fa46fb88..57ce32aef7b 100644 --- a/include/hw/arm/smmuv3-common.h +++ b/include/hw/arm/smmuv3-common.h @@ -312,9 +312,9 @@ REG32(IDR1, 0x4) FIELD(IDR1, ECMDQ, 31, 1) =20 #define SMMU_SSID_MAX_BITS 20 -#define SMMU_IDR1_SIDSIZE 16 -#define SMMU_CMDQS 19 -#define SMMU_EVENTQS 19 +#define SMMU_IDR1_SIDSIZE 6 +#define SMMU_CMDQS 10 +#define SMMU_EVENTQS 10 =20 REG32(IDR2, 0x8) FIELD(IDR2, BA_VATOS, 0, 10) --=20 2.34.1