From nobody Sun Apr 12 02:50:39 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1771669113454972.2790691650071; Sat, 21 Feb 2026 02:18:33 -0800 (PST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vtk48-0001vK-B8; Sat, 21 Feb 2026 05:18:24 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vtk42-0001pc-6a; Sat, 21 Feb 2026 05:18:18 -0500 Received: from zg8tmja5ljk3lje4ms43mwaa.icoremail.net ([209.97.181.73]) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vtk40-000203-57; Sat, 21 Feb 2026 05:18:17 -0500 Received: from prodtpl.icoremail.net (unknown [10.12.1.20]) by hzbj-icmmx-6 (Coremail) with SMTP id AQAAfwAHXdBlhplpgR9zAA--.3194S2; Sat, 21 Feb 2026 18:18:13 +0800 (CST) Received: from phytium.com.cn (unknown [218.76.62.144]) by mail (Coremail) with SMTP id AQAAfwB3zepihplpd04cAA--.34374S3; Sat, 21 Feb 2026 18:18:10 +0800 (CST) From: Tao Tang To: Eric Auger , Peter Maydell , "Michael S . Tsirkin" , Marcel Apfelbaum Cc: qemu-devel@nongnu.org, qemu-arm@nongnu.org, Chen Baozi , Pierrick Bouvier , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , Mostafa Saleh , Chao Liu , Tao Tang Subject: [RFC v4 21/31] hw/arm/smmuv3: Add access checks for GERROR_IRQ_CFG registers Date: Sat, 21 Feb 2026 18:17:49 +0800 Message-Id: <20260221101749.2995372-1-tangtao1634@phytium.com.cn> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20260221100250.2976287-1-tangtao1634@phytium.com.cn> References: <20260221100250.2976287-1-tangtao1634@phytium.com.cn> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-CM-TRANSID: AQAAfwB3zepihplpd04cAA--.34374S3 X-CM-SenderInfo: pwdqw3tdrrljuu6sx5pwlxzhxfrphubq/1tbiAQANBWmYzyUAPwAAst Authentication-Results: hzbj-icmmx-6; spf=neutral smtp.mail=tangtao163 4@phytium.com.cn; X-Coremail-Antispam: 1Uk129KBjvJXoWxXFW8Gw4UKF15ZF1fAw4xZwb_yoWruw1Dpr WIkwnIgrW5ta12qrZxA3Zxtw1rC3s2gF13try3KF9xtw1UurWYva10gFWSq3ZxWFyDG39r KF43Kr4fuwn0yw7anT9S1TB71UUUUUJqnTZGkaVYY2UrUUUUj1kv1TuYvTs0mT0YCTnIWj DUYxn0WfASr-VFAU7a7-sFnT9fnUUIcSsGvfJ3UbIYCTnIWIevJa73UjIFyTuYvj4RJUUU UUUUU Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=209.97.181.73; envelope-from=tangtao1634@phytium.com.cn; helo=zg8tmja5ljk3lje4ms43mwaa.icoremail.net X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZM-MESSAGEID: 1771669114966158500 Content-Type: text/plain; charset="utf-8" Add helper functions smmu_msi_supported() and smmu_gerror_irq_cfg_writable() to check accessibility of GERROR_IRQ_CFG registers. Reading returns RES0 when MSI is not supported. Writing is ignored when GERROR_IRQEN is set. Additionally, mask reserved bits on writes using SMMU_GERROR_IRQ_CFG0_RESER= VED. Fixes: fae4be38b35d ("hw/arm/smmuv3: Implement MMIO write operations") Fixes: 10a83cb9887e ("hw/arm/smmuv3: Skeleton") Signed-off-by: Tao Tang Reviewed-by: Pierrick Bouvier --- hw/arm/smmuv3.c | 76 ++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 75 insertions(+), 1 deletion(-) diff --git a/hw/arm/smmuv3.c b/hw/arm/smmuv3.c index 29e862b8ae3..eb9c6658a12 100644 --- a/hw/arm/smmuv3.c +++ b/hw/arm/smmuv3.c @@ -1369,6 +1369,28 @@ static inline bool smmu_cmdq_stage2_supported(SMMUv3= State *s, SMMUSecSID sec_sid return true; } =20 +/* Check if MSI is supported */ +static inline bool smmu_msi_supported(SMMUv3State *s) +{ + return FIELD_EX32(s->bank[SMMU_SEC_SID_NS].idr[0], IDR0, MSI); +} + +/* Check if secure GERROR_IRQ_CFGx registers are writable */ +static inline bool smmu_gerror_irq_cfg_writable(SMMUv3State *s, SMMUSecSID= sec_sid) +{ + if (!smmu_msi_supported(s)) { + return false; + } + + /* + * Only writable if: + * - IRQ_CTRL.GERROR_IRQEN =3D=3D 0 and + * - IRQ_CTRLACK.GERROR_IRQEN =3D=3D 0. + * IRQ_CTRL and IRQ_CTRL_ACK are folded into a single backing field he= re. + */ + return (FIELD_EX32(s->bank[sec_sid].irq_ctrl, IRQ_CTRL, GERROR_IRQEN) = =3D=3D 0); +} + static int smmuv3_cmdq_consume(SMMUv3State *s, Error **errp, SMMUSecSID se= c_sid) { SMMUState *bs =3D ARM_SMMU(s); @@ -1669,7 +1691,14 @@ static MemTxResult smmu_writell(SMMUv3State *s, hwad= dr offset, =20 switch (offset) { case A_GERROR_IRQ_CFG0: - bank->gerror_irq_cfg0 =3D data; + if (!smmu_gerror_irq_cfg_writable(s, reg_sec_sid)) { + /* SMMU_(*_)_IRQ_CTRL.GERROR_IRQEN =3D=3D 1: IGNORED this writ= e */ + qemu_log_mask(LOG_GUEST_ERROR, "GERROR_IRQ_CFG0 write ignored:= " + "register is RO when IRQ enabled\n"); + return MEMTX_OK; + } + + bank->gerror_irq_cfg0 =3D data & SMMU_GERROR_IRQ_CFG0_RESERVED; return MEMTX_OK; case A_STRTAB_BASE: bank->strtab_base =3D data; @@ -1731,12 +1760,31 @@ static MemTxResult smmu_writel(SMMUv3State *s, hwad= dr offset, smmuv3_cmdq_consume(s, &local_err, reg_sec_sid); break; case A_GERROR_IRQ_CFG0: /* 64b */ + if (!smmu_gerror_irq_cfg_writable(s, reg_sec_sid)) { + qemu_log_mask(LOG_GUEST_ERROR, "GERROR_IRQ_CFG0 write ignored:= " + "register is RO when IRQ enabled\n"); + return MEMTX_OK; + } + + data &=3D SMMU_GERROR_IRQ_CFG0_RESERVED; bank->gerror_irq_cfg0 =3D deposit64(bank->gerror_irq_cfg0, 0, 32, = data); break; case A_GERROR_IRQ_CFG0 + 4: + if (!smmu_gerror_irq_cfg_writable(s, reg_sec_sid)) { + qemu_log_mask(LOG_GUEST_ERROR, "GERROR_IRQ_CFG0 + 4 write igno= red: " + "register is RO when IRQ enabled\n"); + return MEMTX_OK; + } + bank->gerror_irq_cfg0 =3D deposit64(bank->gerror_irq_cfg0, 32, 32,= data); break; case A_GERROR_IRQ_CFG1: + if (!smmu_gerror_irq_cfg_writable(s, reg_sec_sid)) { + qemu_log_mask(LOG_GUEST_ERROR, "GERROR_IRQ_CFG1 write ignored:= " + "register is RO when IRQ enabled\n"); + return MEMTX_OK; + } + bank->gerror_irq_cfg1 =3D data; break; case A_GERROR_IRQ_CFG2: @@ -1858,6 +1906,12 @@ static MemTxResult smmu_readll(SMMUv3State *s, hwadd= r offset, =20 switch (offset) { case A_GERROR_IRQ_CFG0: + /* SMMU_(*_)GERROR_IRQ_CFG0 BOTH check SMMU_IDR0.MSI */ + if (!smmu_msi_supported(s)) { + *data =3D 0; /* RES0 */ + return MEMTX_OK; + } + *data =3D bank->gerror_irq_cfg0; return MEMTX_OK; case A_STRTAB_BASE: @@ -1926,15 +1980,35 @@ static MemTxResult smmu_readl(SMMUv3State *s, hwadd= r offset, *data =3D bank->gerrorn; return MEMTX_OK; case A_GERROR_IRQ_CFG0: /* 64b */ + if (!smmu_msi_supported(s)) { + *data =3D 0; /* RES0 */ + return MEMTX_OK; + } + *data =3D extract64(bank->gerror_irq_cfg0, 0, 32); return MEMTX_OK; case A_GERROR_IRQ_CFG0 + 4: + if (!smmu_msi_supported(s)) { + *data =3D 0; /* RES0 */ + return MEMTX_OK; + } + *data =3D extract64(bank->gerror_irq_cfg0, 32, 32); return MEMTX_OK; case A_GERROR_IRQ_CFG1: + if (!smmu_msi_supported(s)) { + *data =3D 0; /* RES0 */ + return MEMTX_OK; + } + *data =3D bank->gerror_irq_cfg1; return MEMTX_OK; case A_GERROR_IRQ_CFG2: + if (!smmu_msi_supported(s)) { + *data =3D 0; /* RES0 */ + return MEMTX_OK; + } + *data =3D bank->gerror_irq_cfg2; return MEMTX_OK; case A_STRTAB_BASE: /* 64b */ --=20 2.34.1