From: Mostafa Saleh <smostafa@google.com>
To: Tao Tang <tangtao1634@phytium.com.cn>
Cc: "Eric Auger" <eric.auger@redhat.com>,
"Peter Maydell" <peter.maydell@linaro.org>,
"Michael S . Tsirkin" <mst@redhat.com>,
"Marcel Apfelbaum" <marcel.apfelbaum@gmail.com>,
qemu-devel@nongnu.org, qemu-arm@nongnu.org,
"Chen Baozi" <chenbaozi@phytium.com.cn>,
"Pierrick Bouvier" <pierrick.bouvier@linaro.org>,
"Philippe Mathieu-Daudé" <philmd@linaro.org>,
"Chao Liu" <chao.liu.zevorn@gmail.com>
Subject: Re: [RFC v4 06/31] hw/arm/smmuv3: Track SEC_SID in configs and events
Date: Mon, 2 Mar 2026 10:19:45 +0000 [thread overview]
Message-ID: <aaVkQdanf4KhROna@google.com> (raw)
In-Reply-To: <df545e5d-0380-49bd-97f1-5b7b9a4259da@phytium.com.cn>
On Sun, Mar 01, 2026 at 09:53:24PM +0800, Tao Tang wrote:
> Hi Mostafa,
>
> On 2026/2/27 PM10:39, Mostafa Saleh wrote:
> > On Sat, Feb 21, 2026 at 06:02:25PM +0800, Tao Tang wrote:
> > > Cache the SEC_SID inside SMMUTransCfg to keep configuration lookups
> > > tied to the correct register bank.
> > >
> > > Plumb the SEC_SID through tracepoints and queue helpers so diagnostics
> > > and event logs always show which security interface emitted the record.
> > > To support this, the SEC_SID is placed in SMMUEventInfo so the bank is
> > > identified as soon as an event record is built.
> > >
> > > Signed-off-by: Tao Tang <tangtao1634@phytium.com.cn>
> > > Reviewed-by: Eric Auger <eric.auger@redhat.com>
> > > ---
> > > hw/arm/smmuv3-internal.h | 1 +
> > > hw/arm/smmuv3.c | 20 +++++++++++++-------
> > > hw/arm/trace-events | 2 +-
> > > include/hw/arm/smmu-common.h | 1 +
> > > 4 files changed, 16 insertions(+), 8 deletions(-)
> > >
> > > diff --git a/hw/arm/smmuv3-internal.h b/hw/arm/smmuv3-internal.h
> > > index 866d62257e3..a1071f7b689 100644
> > > --- a/hw/arm/smmuv3-internal.h
> > > +++ b/hw/arm/smmuv3-internal.h
> > > @@ -274,6 +274,7 @@ static inline const char *smmu_event_string(SMMUEventType type)
> > > /* Encode an event record */
> > > typedef struct SMMUEventInfo {
> > > + SMMUSecSID sec_sid;
> > > SMMUEventType type;
> > > uint32_t sid;
> > > bool recorded;
> > > diff --git a/hw/arm/smmuv3.c b/hw/arm/smmuv3.c
> > > index 2c107724e77..3438adcecd2 100644
> > > --- a/hw/arm/smmuv3.c
> > > +++ b/hw/arm/smmuv3.c
> > > @@ -148,9 +148,9 @@ static MemTxResult queue_write(SMMUQueue *q, Evt *evt_in)
> > > return MEMTX_OK;
> > > }
> > > -static MemTxResult smmuv3_write_eventq(SMMUv3State *s, Evt *evt)
> > > +static MemTxResult smmuv3_write_eventq(SMMUv3State *s, SMMUSecSID sec_sid,
> > > + Evt *evt)
> > > {
> > > - SMMUSecSID sec_sid = SMMU_SEC_SID_NS;
> > > SMMUv3RegBank *bank = smmuv3_bank(s, sec_sid);
> > > SMMUQueue *q = &bank->eventq;
> > > MemTxResult r;
> > > @@ -178,7 +178,8 @@ void smmuv3_record_event(SMMUv3State *s, SMMUEventInfo *info)
> > > {
> > > Evt evt = {};
> > > MemTxResult r;
> > > - SMMUSecSID sec_sid = SMMU_SEC_SID_NS;
> > > + SMMUSecSID sec_sid = info->sec_sid;
> > > + g_assert(sec_sid < SMMU_SEC_SID_NUM);
> > What does this defend against?
>
>
> sec_sid is now taken from SMMUEventInfo, so the assert is to catch
> programming errors early and avoid out-of-bounds bank accesses in
> smmuv3_record_event.
Personally, I don't like this kind of defensive programming, someone can
argue we can add such checks anywhere.
I believe we should definitely know the possible states in the software
and add checks needed at guest inputs.
But that's also up to Eric.
Thanks,
Mostafa
>
> >
> > Thanks,
> > Mostafa
>
>
> Best regards,
>
> Tao
>
> >
> > > if (!smmuv3_eventq_enabled(s, sec_sid)) {
> > > return;
> > > @@ -258,8 +259,9 @@ void smmuv3_record_event(SMMUv3State *s, SMMUEventInfo *info)
> > > g_assert_not_reached();
> > > }
> > > - trace_smmuv3_record_event(smmu_event_string(info->type), info->sid);
> > > - r = smmuv3_write_eventq(s, &evt);
> > > + trace_smmuv3_record_event(sec_sid, smmu_event_string(info->type),
> > > + info->sid);
> > > + r = smmuv3_write_eventq(s, sec_sid, &evt);
> > > if (r != MEMTX_OK) {
> > > smmuv3_trigger_irq(s, SMMU_IRQ_GERROR, R_GERROR_EVENTQ_ABT_ERR_MASK);
> > > }
>
>
>
>
>
next prev parent reply other threads:[~2026-03-02 10:20 UTC|newest]
Thread overview: 136+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-02-21 10:02 [RFC v4 00/31] hw/arm/smmuv3: Support Secure state for SMMUv3 Tao Tang
2026-02-21 10:02 ` [RFC v4 01/31] hw/arm/smmuv3-common: Fix incorrect reserved mask for SMMU CR0 register Tao Tang
2026-02-25 20:18 ` Pierrick Bouvier
2026-02-27 14:31 ` Mostafa Saleh
2026-02-21 10:02 ` [RFC v4 02/31] hw/arm/smmuv3: Correct SMMUEN field name in CR0 Tao Tang
2026-02-25 20:18 ` Pierrick Bouvier
2026-02-27 14:31 ` Mostafa Saleh
2026-02-21 10:02 ` [RFC v4 03/31] hw/arm/smmuv3: Introduce secure registers Tao Tang
2026-02-25 20:23 ` Pierrick Bouvier
2026-02-27 14:33 ` Mostafa Saleh
2026-02-21 10:02 ` [RFC v4 04/31] hw/arm/smmuv3: Introduce banked registers for SMMUv3 state Tao Tang
2026-02-25 20:26 ` Pierrick Bouvier
2026-02-27 14:38 ` Mostafa Saleh
2026-03-01 13:44 ` Tao Tang
2026-03-02 10:16 ` Mostafa Saleh
2026-02-21 10:02 ` [RFC v4 05/31] hw/arm/smmuv3: Thread SEC_SID through helper APIs Tao Tang
2026-02-25 20:27 ` Pierrick Bouvier
2026-02-21 10:02 ` [RFC v4 06/31] hw/arm/smmuv3: Track SEC_SID in configs and events Tao Tang
2026-02-25 20:29 ` Pierrick Bouvier
2026-02-27 14:39 ` Mostafa Saleh
2026-03-01 13:53 ` Tao Tang
2026-03-02 10:19 ` Mostafa Saleh [this message]
2026-03-02 13:45 ` Eric Auger
2026-03-02 16:13 ` Eric Auger
2026-03-03 7:26 ` Eric Auger via
2026-03-03 7:26 ` Eric Auger via qemu development
2026-03-06 13:56 ` Tao Tang
2026-02-21 10:02 ` [RFC v4 07/31] hw/arm/smmu-common: Add security-aware address space selector Tao Tang
2026-02-25 20:36 ` Pierrick Bouvier
2026-02-21 10:02 ` [RFC v4 08/31] hw/arm/smmuv3: Plumb transaction attributes into config helpers Tao Tang
2026-02-25 20:52 ` Pierrick Bouvier
2026-02-27 15:20 ` Tao Tang
2026-02-27 22:02 ` Pierrick Bouvier
2026-03-02 15:59 ` Eric Auger
2026-02-25 20:55 ` Pierrick Bouvier
2026-02-27 15:35 ` Tao Tang
2026-02-21 10:02 ` [RFC v4 09/31] hw/arm/smmuv3: Enforce Secure stage 2 capability check when decoding STE Tao Tang
2026-02-25 20:52 ` Pierrick Bouvier
2026-02-27 14:39 ` Mostafa Saleh
2026-03-01 14:02 ` Tao Tang
2026-03-02 16:48 ` Eric Auger
2026-03-04 16:09 ` Tao Tang
2026-02-21 10:14 ` [RFC v4 10/31] hw/arm/smmu-common: Key configuration cache on SMMUDevice and SEC_SID Tao Tang
2026-02-25 21:01 ` Pierrick Bouvier
2026-03-02 16:54 ` Eric Auger
2026-03-05 13:42 ` Tao Tang
2026-02-21 10:15 ` [RFC v4 11/31] hw/arm/smmu: Add PTE NS/NSTable helpers Tao Tang
2026-02-25 21:01 ` Pierrick Bouvier
2026-03-02 17:07 ` Eric Auger
2026-03-05 13:22 ` Tao Tang
2026-02-21 10:16 ` [RFC v4 12/31] hw/arm/smmuv3: Store CD NSCFG in TT info Tao Tang
2026-02-25 21:01 ` Pierrick Bouvier
2026-02-27 14:41 ` Mostafa Saleh
2026-03-01 14:21 ` Tao Tang
2026-03-02 10:22 ` Mostafa Saleh
2026-03-02 17:21 ` Eric Auger
2026-03-02 17:18 ` Eric Auger
2026-02-21 10:16 ` [RFC v4 13/31] hw/arm/smmu-common: Add sec_sid field to TLB entries Tao Tang
2026-02-25 21:02 ` Pierrick Bouvier
2026-02-27 14:45 ` Mostafa Saleh
2026-03-01 15:08 ` Tao Tang
2026-03-02 10:30 ` Mostafa Saleh
2026-03-02 17:34 ` Eric Auger
2026-03-05 14:33 ` Tao Tang
2026-02-21 10:16 ` [RFC v4 14/31] hw/arm/smmu-common: Implement secure state handling in ptw Tao Tang
2026-02-25 21:12 ` Pierrick Bouvier
2026-02-28 14:07 ` Tao Tang
2026-03-03 9:41 ` Eric Auger
2026-03-06 10:39 ` Tao Tang
2026-02-21 10:16 ` [RFC v4 15/31] hw/arm/smmuv3: Tag IOTLB cache keys with SEC_SID Tao Tang
2026-02-25 21:21 ` Pierrick Bouvier
2026-03-03 7:40 ` Eric Auger
2026-03-05 15:54 ` Tao Tang
2026-02-21 10:17 ` [RFC v4 16/31] hw/arm/smmuv3: Plumb SEC_SID through IOMMU notifier path Tao Tang
2026-02-25 21:32 ` Pierrick Bouvier
2026-02-27 14:47 ` Mostafa Saleh
2026-03-01 15:26 ` Tao Tang
2026-03-02 18:26 ` Eric Auger
2026-03-02 19:17 ` Mostafa Saleh
2026-03-03 7:49 ` Eric Auger
2026-03-04 15:34 ` Tao Tang
2026-03-04 16:36 ` Eric Auger
2026-02-21 10:17 ` [RFC v4 17/31] hw/arm/smmuv3: Pass sec_sid into cmdq consume path Tao Tang
2026-02-25 21:35 ` Pierrick Bouvier
2026-03-03 10:14 ` Eric Auger
2026-03-05 14:42 ` Tao Tang
2026-02-21 10:17 ` [RFC v4 18/31] hw/arm/smmuv3: Make evtq producer use SEC_SID Tao Tang
2026-02-25 21:40 ` Pierrick Bouvier
2026-03-03 10:16 ` Eric Auger
2026-02-21 10:17 ` [RFC v4 19/31] hw/arm/smmuv3: Fix CFGI_CD handling when stage-1 is unsupported Tao Tang
2026-02-25 21:40 ` Pierrick Bouvier
2026-02-27 14:49 ` Mostafa Saleh
2026-03-01 12:33 ` Tao Tang
2026-03-02 10:10 ` Mostafa Saleh
2026-03-02 17:47 ` Pierrick Bouvier
2026-03-02 17:53 ` Eric Auger
2026-03-04 13:39 ` Tao Tang
2026-03-02 17:51 ` Eric Auger
2026-03-02 17:55 ` Eric Auger
2026-02-21 10:17 ` [RFC v4 20/31] hw/arm/smmu: Make CMDQ invalidation security-state aware Tao Tang
2026-02-25 21:47 ` Pierrick Bouvier
2026-02-27 15:41 ` Tao Tang
2026-02-21 10:17 ` [RFC v4 21/31] hw/arm/smmuv3: Add access checks for GERROR_IRQ_CFG registers Tao Tang
2026-02-25 21:48 ` Pierrick Bouvier
2026-02-21 10:18 ` [RFC v4 22/31] hw/arm/smmuv3: Add access checks for STRTAB_BASE and CR2 registers Tao Tang
2026-02-25 21:53 ` Pierrick Bouvier
2026-02-21 10:18 ` [RFC v4 23/31] hw/arm/smmuv3: Add access checks for CMDQ and EVENTQ registers Tao Tang
2026-02-25 21:59 ` Pierrick Bouvier
2026-02-27 15:44 ` Tao Tang
2026-02-21 10:18 ` [RFC v4 24/31] hw/arm/smmuv3: Determine register bank from MMIO offset Tao Tang
2026-02-25 22:00 ` Pierrick Bouvier
2026-02-27 14:59 ` Mostafa Saleh
2026-03-01 16:24 ` Tao Tang
2026-02-21 10:18 ` [RFC v4 25/31] hw/arm/smmuv3: Implement SMMU_S_INIT register Tao Tang
2026-02-25 22:01 ` Pierrick Bouvier
2026-02-21 10:18 ` [RFC v4 26/31] hw/arm/smmuv3: Harden security checks in MMIO handlers Tao Tang
2026-02-25 22:03 ` Pierrick Bouvier
2026-02-21 10:18 ` [RFC v4 27/31] hw/pci: Add sec-sid property to PCIDevice Tao Tang
2026-02-25 22:05 ` Pierrick Bouvier
2026-02-21 10:19 ` [RFC v4 28/31] hw/arm/smmuv3: Select sec-sid from PCI property and validate SECURE_IMPL Tao Tang
2026-02-25 22:10 ` Pierrick Bouvier
2026-02-25 22:12 ` Pierrick Bouvier
2026-03-03 10:47 ` Eric Auger
2026-03-06 13:30 ` Tao Tang
2026-03-06 17:29 ` Pierrick Bouvier
2026-03-03 10:48 ` Eric Auger
2026-02-21 10:19 ` [RFC v4 29/31] hw/arm/smmuv3: Initialize the secure register bank Tao Tang
2026-02-25 22:13 ` Pierrick Bouvier
2026-02-21 10:19 ` [RFC v4 30/31] hw/arm/smmuv3: Add secure bank migration and secure-impl property Tao Tang
2026-02-25 22:20 ` Pierrick Bouvier
2026-02-27 16:16 ` Tao Tang
2026-02-27 21:54 ` Pierrick Bouvier
2026-02-21 10:19 ` [RFC v4 31/31] [NOT-MERGE] hw/arm/smmuv3: temporarily enable SEL2 bit and sone other features Tao Tang
2026-02-25 21:31 ` Pierrick Bouvier
2026-02-25 22:07 ` Pierrick Bouvier
2026-02-27 16:13 ` Tao Tang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aaVkQdanf4KhROna@google.com \
--to=smostafa@google.com \
--cc=chao.liu.zevorn@gmail.com \
--cc=chenbaozi@phytium.com.cn \
--cc=eric.auger@redhat.com \
--cc=marcel.apfelbaum@gmail.com \
--cc=mst@redhat.com \
--cc=peter.maydell@linaro.org \
--cc=philmd@linaro.org \
--cc=pierrick.bouvier@linaro.org \
--cc=qemu-arm@nongnu.org \
--cc=qemu-devel@nongnu.org \
--cc=tangtao1634@phytium.com.cn \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.