Hi Tao and Eric, On 9/25/25 9:26 AM, Tao Tang wrote:
Hi all,This is the second version of the patch series to introduce initial support for Secure SMMUv3 emulation in QEMU. This version has been significantly restructured based on the excellent feedback received on the RFC. This version addresses the major points raised during the RFC review. Nearly all issues identified in v1 have been resolved. The most significant changes include: - The entire series has been refactored to use a "banked register" architecture. This new design serves as a solid base for all secure functionality and significantly reduces code duplication. - The large refactoring patch from v1 has been split into smaller, more focused commits (e.g., STE parsing, page table handling, and TLB management) to make the review process easier. - Support for the complex SEL2 feature (Secure Stage 2) has been deferred to a future series to reduce the scope of this RFC. - The mechanism for propagating the security context now correctly uses the ARMSecuritySpace attribute from the incoming transaction. This ensures the SMMU's handling of security is aligned with the rest of the QEMU ARM architecture. The series now begins with two preparatory patches that fix pre-existing bugs in the SMMUv3 model. The first of these, which corrects the CR0 reserved mask, has already been reviewed by Eric. - hw/arm/smmuv3: Fix incorrect reserved mask for SMMU CR0 register - hw/arm/smmuv3: Correct SMMUEN field name in CR0 The subsequent patches implement the Secure SMMUv3 feature, refactored to address the feedback from the v1 RFC. Changes from v1 RFC: - The entire feature implementation has been refactored to use a "banked register" approach. This significantly reduces code duplication. - Support for the SEL2 feature (Secure Stage 2) has been deferred. As Mostafa pointed out, a correct implementation is complex and depends on FEAT_TTST. This will be addressed in a separate, future patch series. As a result, this series now supports the following flows: - Non-secure Stage 1, Stage 2, and nested translations. - Secure Stage 1-only translations. - Nested translations (Secure Stage 1 + Non-secure Stage 2), with a fault generated if a Secure Stage 2 translation is required. - Writability checks for various registers (both secure and non-secure) have been hardened to ensure that enable bits are correctly checked. The series has been successfully validated with several test setups: - An environment using OP-TEE, Hafnium, and a custom platform device as V1 series described. - A new, self-contained test device (smmu-testdev) built upon the QTest framework, which will be submitted as a separate series as discussed here: https://lists.nongnu.org/archive/html/qemu-devel/2025-09/msg05365.html - The existing non-secure functionality was regression-tested using PCIe passthrough to a KVM guest running inside a TCG guest. Signed-off-by: Tao Tang <[email protected]> Tao Tang (14): hw/arm/smmuv3: Fix incorrect reserved mask for SMMU CR0 register hw/arm/smmuv3: Correct SMMUEN field name in CR0 hw/arm/smmuv3: Introduce secure registers and commands refactor: Move ARMSecuritySpace to a common header hw/arm/smmuv3: Introduce banked registers for SMMUv3 state hw/arm/smmuv3: Add separate address space for secure SMMU accesses hw/arm/smmuv3: Make Configuration Cache security-state aware hw/arm/smmuv3: Add security-state handling for page table walks hw/arm/smmuv3: Add secure TLB entry management hw/arm/smmuv3: Add banked support for queues and error handling hw/arm/smmuv3: Harden security checks in MMIO handlers hw/arm/smmuv3: Use iommu_index to represent the security context hw/arm/smmuv3: Add property to enable Secure SMMU support hw/arm/smmuv3: Optional Secure bank migration via subsections hw/arm/smmu-common.c | 151 ++++- hw/arm/smmu-internal.h | 7 + hw/arm/smmuv3-internal.h | 114 +++- hw/arm/smmuv3.c | 1130 +++++++++++++++++++++++++-------- hw/arm/trace-events | 9 +- hw/arm/virt.c | 5 + include/hw/arm/arm-security.h | 54 ++ include/hw/arm/smmu-common.h | 60 +- include/hw/arm/smmuv3.h | 35 +- target/arm/cpu.h | 25 +- 10 files changed, 1257 insertions(+), 333 deletions(-) create mode 100644 include/hw/arm/arm-security.h -- 2.34.1
I've been working this on Device Assignment software stack recently published by Arm, to run that under QEMU.
[1] https://git.trustedfirmware.org/plugins/gitiles/TF-RMM/tf-rmm/+/refs/heads/topics/da_alp12_v2
As part of the implementation, I had to define SMMU Realm registers and some root registers as well. I based the work on this series, and the banked approach works well to add Realm registers. For Root registers, since they have different offsets than NonSecure, Secure and Realm ones, they need their own {read,write}_mmio function.
Just that to say that it's a great start, and I'm looking forward to work with the v3.
Regards, Pierrick
