On 9/26/25 4:54 PM, Tao Tang wrote: > > On 2025/9/26 20:24, Eric Auger wrote: >> Hi, >> >> On 9/25/25 6:26 PM, Tao Tang wrote: >>> Hi all, >>> >>> This is the second version of the patch series to introduce initial >>> support for Secure SMMUv3 emulation in QEMU. >>> >>> This version has been significantly restructured based on the excellent >>> feedback received on the RFC. >>> >>> This version addresses the major points raised during the RFC review. >>> Nearly all issues identified in v1 have been resolved. The most >>> significant changes include: >>> >>> - The entire series has been refactored to use a "banked register" >>> architecture. This new design serves as a solid base for all secure >>> functionality and significantly reduces code duplication. >>> >>> - The large refactoring patch from v1 has been split into >>> smaller, more >>> focused commits (e.g., STE parsing, page table handling, and TLB >>> management) to make the review process easier. >>> >>> - Support for the complex SEL2 feature (Secure Stage 2) has been >>> deferred to a future series to reduce the scope of this RFC. >>> >>> - The mechanism for propagating the security context now >>> correctly uses >>> the ARMSecuritySpace attribute from the incoming transaction. This >>> ensures the SMMU's handling of security is aligned with the rest >>> of the >>> QEMU ARM architecture. >>> >>> >>> The series now begins with two preparatory patches that fix >>> pre-existing >>> bugs in the SMMUv3 model. The first of these, which corrects the CR0 >>> reserved mask, has already been reviewed by Eric. >>> >>> - hw/arm/smmuv3: Fix incorrect reserved mask for SMMU CR0 register >>> - hw/arm/smmuv3: Correct SMMUEN field name in CR0 >>> >>> The subsequent patches implement the Secure SMMUv3 feature, refactored >>> to address the feedback from the v1 RFC. >> could you shared a branch? It does not seem to apply on master. >> >> Thanks >> >> Eric > > > Hi Eric, > > Thanks for the feedback. I've rebased the patch series onto the latest > master and pushed it to a branch as you requested. > > Interestingly, the rebase completed cleanly without any conflicts on > my end, so I'm not sure what the initial issue might have been. In any > case, this branch should be up-to-date. > > > You can find the updated branch here for review: > > - [v1-rebased] > https://github.com/hnusdr/qemu/tree/secure-smmu-v1-community-newer Thanks for the branches. I guess it is due to [PATCH v9 00/11] hw/arm/virt: Add support for user creatable SMMUv3 device <https://lore.kernel.org/all/[email protected]/#r> which landed ~ 10d ago. Thanks Eric > > > For historical reference, the original branch is here. > > - > [v1-original] https://github.com/hnusdr/qemu/tree/secure-smmu-v1-community > > > Thanks, > > Tao > > >>> >>> Changes from v1 RFC: >>> >>> - The entire feature implementation has been refactored to use a >>> "banked >>> register" approach. This significantly reduces code duplication. >>> >>> - Support for the SEL2 feature (Secure Stage 2) has been >>> deferred. As >>> Mostafa pointed out, a correct implementation is complex and >>> depends on >>> FEAT_TTST. This will be addressed in a separate, future patch >>> series. >>> As a result, this series now supports the following flows: >>> >>> - Non-secure Stage 1, Stage 2, and nested translations. >>> >>> - Secure Stage 1-only translations. >>> >>> - Nested translations (Secure Stage 1 + Non-secure Stage 2), >>> with a >>> fault generated if a Secure Stage 2 translation is required. >>> >>> - Writability checks for various registers (both secure and >>> non-secure) >>> have been hardened to ensure that enable bits are correctly checked. >>> >>> The series has been successfully validated with several test setups: >>> >>> - An environment using OP-TEE, Hafnium, and a custom platform >>> device as V1 series described. >>> >>> - A new, self-contained test device (smmu-testdev) built upon the >>> QTest framework, which will be submitted as a separate series as >>> discussed here: >>> >>> https://lists.nongnu.org/archive/html/qemu-devel/2025-09/msg05365.html >>> >>> - The existing non-secure functionality was regression-tested using >>> PCIe passthrough to a KVM guest running inside a TCG guest. >>> >>> Signed-off-by: Tao Tang <[email protected]> >>> >>> Tao Tang (14): >>> hw/arm/smmuv3: Fix incorrect reserved mask for SMMU CR0 register >>> hw/arm/smmuv3: Correct SMMUEN field name in CR0 >>> hw/arm/smmuv3: Introduce secure registers and commands >>> refactor: Move ARMSecuritySpace to a common header >>> hw/arm/smmuv3: Introduce banked registers for SMMUv3 state >>> hw/arm/smmuv3: Add separate address space for secure SMMU accesses >>> hw/arm/smmuv3: Make Configuration Cache security-state aware >>> hw/arm/smmuv3: Add security-state handling for page table walks >>> hw/arm/smmuv3: Add secure TLB entry management >>> hw/arm/smmuv3: Add banked support for queues and error handling >>> hw/arm/smmuv3: Harden security checks in MMIO handlers >>> hw/arm/smmuv3: Use iommu_index to represent the security context >>> hw/arm/smmuv3: Add property to enable Secure SMMU support >>> hw/arm/smmuv3: Optional Secure bank migration via subsections >>> >>> hw/arm/smmu-common.c | 151 ++++- >>> hw/arm/smmu-internal.h | 7 + >>> hw/arm/smmuv3-internal.h | 114 +++- >>> hw/arm/smmuv3.c | 1130 >>> +++++++++++++++++++++++++-------- >>> hw/arm/trace-events | 9 +- >>> hw/arm/virt.c | 5 + >>> include/hw/arm/arm-security.h | 54 ++ >>> include/hw/arm/smmu-common.h | 60 +- >>> include/hw/arm/smmuv3.h | 35 +- >>> target/arm/cpu.h | 25 +- >>> 10 files changed, 1257 insertions(+), 333 deletions(-) >>> create mode 100644 include/hw/arm/arm-security.h >>> >>> -- >>> 2.34.1 >>> >
