Re: [RFC v3 16/21] hw/arm/smmuv3: Implement SMMU_S_INIT register

[Eric Auger <eric.auger@redhat.com>]

On 10/12/25 5:13 PM, Tao Tang wrote:
> Implement read/write handlers for the SMMU_S_INIT secure-only
> register.
>
> Writing to this register provides a mechanism for software to perform a
> global invalidation of ALL caches within the SMMU. This includes the
> IOTLBs and Configuration Caches across all security states.
>
> This feature is critical for secure hypervisors like Hafnium, which
> use it as a final step in their SMMU initialization sequence. It
> provides a reliable, architecturally defined method to ensure a clean
> and known-good cache state before enabling translations.
>
> Signed-off-by: Tao Tang <tangtao1634@phytium.com.cn>
> ---
>  hw/arm/smmuv3.c     | 33 +++++++++++++++++++++++++++++++++
>  hw/arm/trace-events |  1 +
>  2 files changed, 34 insertions(+)
>
> diff --git a/hw/arm/smmuv3.c b/hw/arm/smmuv3.c
> index 100caeeb35..432de88610 100644
> --- a/hw/arm/smmuv3.c
> +++ b/hw/arm/smmuv3.c
> @@ -354,6 +354,21 @@ static int smmu_get_ste(SMMUv3State *s, dma_addr_t addr, STE *buf,
>  
>  }
>  
> +static void smmuv3_invalidate_all_caches(SMMUv3State *s)
> +{
> +    trace_smmuv3_invalidate_all_caches();
> +    SMMUState *bs = &s->smmu_state;
> +
> +    /* Clear all cached configs including STE and CD */
> +    if (bs->configs) {
> +        g_hash_table_remove_all(bs->configs);
> +    }
> +
> +    /* Invalidate all SMMU IOTLB entries */
> +    smmu_inv_notifiers_all(&s->smmu_state);
> +    smmu_iotlb_inv_all(bs);
> +}
> +
>  static SMMUTranslationStatus smmuv3_do_translate(SMMUv3State *s, hwaddr addr,
>                                                   SMMUTransCfg *cfg,
>                                                   SMMUEventInfo *event,
> @@ -1969,6 +1984,21 @@ static MemTxResult smmu_writel(SMMUv3State *s, hwaddr offset,
>  
>          bank->eventq_irq_cfg2 = data;
>          return MEMTX_OK;
> +    case (A_S_INIT & 0xfff):
why do we apply & 0xfff ?
> +        if (data & R_S_INIT_INV_ALL_MASK) {
> +            int cr0_smmuen = smmu_enabled(s, reg_sec_sid);
> +            int s_cr0_smmuen = smmuv3_get_cr0ack_smmuen(s, reg_sec_sid);
> +            if (cr0_smmuen || s_cr0_smmuen) {
use smmuv3_is_smmu_enabled()?
> +                /* CONSTRAINED UNPREDICTABLE behavior: Ignore this write */
> +                qemu_log_mask(LOG_GUEST_ERROR, "S_INIT write ignored: "
> +                              "CR0.SMMUEN=%d or S_CR0.SMMUEN=%d is set\n",
> +                              cr0_smmuen, s_cr0_smmuen);
> +                return MEMTX_OK;
> +            }
> +            smmuv3_invalidate_all_caches(s);
> +        }
> +        /* Synchronous emulation: invalidation completed instantly. */
> +        return MEMTX_OK;
>      default:
>          qemu_log_mask(LOG_UNIMP,
>                        "%s Unexpected 32-bit access to 0x%"PRIx64" (WI)\n",
> @@ -2172,6 +2202,9 @@ static MemTxResult smmu_readl(SMMUv3State *s, hwaddr offset,
>      case A_EVENTQ_CONS:
>          *data = bank->eventq.cons;
>          return MEMTX_OK;
> +    case (A_S_INIT & 0xfff):
> +        *data = 0;
> +        return MEMTX_OK;
>      default:
>          *data = 0;
>          qemu_log_mask(LOG_UNIMP,
> diff --git a/hw/arm/trace-events b/hw/arm/trace-events
> index 434d6abfc2..0e7ad8fee3 100644
> --- a/hw/arm/trace-events
> +++ b/hw/arm/trace-events
> @@ -64,6 +64,7 @@ smmuv3_cmdq_tlbi_s12_vmid(int vmid) "vmid=%d"
>  smmuv3_notify_flag_add(const char *iommu) "ADD SMMUNotifier node for iommu mr=%s"
>  smmuv3_notify_flag_del(const char *iommu) "DEL SMMUNotifier node for iommu mr=%s"
>  smmuv3_inv_notifiers_iova(const char *name, int asid, int vmid, uint64_t iova, uint8_t tg, uint64_t num_pages, int stage) "iommu mr=%s asid=%d vmid=%d iova=0x%"PRIx64" tg=%d num_pages=0x%"PRIx64" stage=%d"
> +smmuv3_invalidate_all_caches(void) "Invalidate all SMMU caches and TLBs"
>  smmu_reset_exit(void) ""
>  
>  # strongarm.c
Thanks

Eric