From: Eric Auger <eric.auger@redhat.com>
To: Tao Tang <tangtao1634@phytium.com.cn>,
Peter Maydell <peter.maydell@linaro.org>
Cc: qemu-devel@nongnu.org, qemu-arm@nongnu.org,
"Chen Baozi" <chenbaozi@phytium.com.cn>,
"Pierrick Bouvier" <pierrick.bouvier@linaro.org>,
"Philippe Mathieu-Daudé" <philmd@linaro.org>,
"Jean-Philippe Brucker" <jean-philippe@linaro.org>,
"Mostafa Saleh" <smostafa@google.com>
Subject: Re: [RFC v3 11/21] hw/arm/smmuv3: Decode security attributes from descriptors
Date: Tue, 2 Dec 2025 16:19:28 +0100 [thread overview]
Message-ID: <6173cde1-ee30-45b5-a8dc-0cdb09a4b1f1@redhat.com> (raw)
In-Reply-To: <20251012150701.4127034-12-tangtao1634@phytium.com.cn>
Hi Tao,
On 10/12/25 5:06 PM, Tao Tang wrote:
> As the first step in implementing secure page table walks, this patch
> introduces the logic to decode security-related attributes from various
> SMMU structures.
>
> The NSCFG bits from the Context Descriptor are now decoded and stored.
> These bits control the security attribute of the starting-level
> translation table, which is crucial for managing secure and non-secure
> memory accesses.
>
> The SMMU_S_IDR1.SEL2 bit is read to determine if Secure stage 2
> translations are supported. This capability is cached in the
> SMMUTransCfg structure for the page table walker's use.
>
> Finally, new macros (PTE_NS, PTE_NSTABLE) are added to prepare for
> extracting attributes from page and table descriptors. To improve
> clarity, these different attribute bits are organized into distinct
> subsections in the header file.
>
> Signed-off-by: Tao Tang <tangtao1634@phytium.com.cn>
> ---
> hw/arm/smmu-internal.h | 16 ++++++++++++++--
> hw/arm/smmuv3-internal.h | 2 ++
> hw/arm/smmuv3.c | 2 ++
> include/hw/arm/smmu-common.h | 3 +++
> 4 files changed, 21 insertions(+), 2 deletions(-)
>
> diff --git a/hw/arm/smmu-internal.h b/hw/arm/smmu-internal.h
> index d143d296f3..a0454f720d 100644
> --- a/hw/arm/smmu-internal.h
> +++ b/hw/arm/smmu-internal.h
> @@ -58,16 +58,28 @@
> ((level == 3) && \
> ((pte & ARM_LPAE_PTE_TYPE_MASK) == ARM_LPAE_L3_PTE_TYPE_PAGE))
>
> +/* Block & page descriptor attributes */
> +/* Non-secure bit */
> +#define PTE_NS(pte) \
> + (extract64(pte, 5, 1))
> +
> /* access permissions */
>
> #define PTE_AP(pte) \
> (extract64(pte, 6, 2))
>
> +/* access flag */
> +#define PTE_AF(pte) \
> + (extract64(pte, 10, 1))
> +
> +
> +/* Table descriptor attributes */
> #define PTE_APTABLE(pte) \
> (extract64(pte, 61, 2))
>
> -#define PTE_AF(pte) \
> - (extract64(pte, 10, 1))
> +#define PTE_NSTABLE(pte) \
> + (extract64(pte, 63, 1))
> +
> /*
> * TODO: At the moment all transactions are considered as privileged (EL1)
> * as IOMMU translation callback does not pass user/priv attributes.
> diff --git a/hw/arm/smmuv3-internal.h b/hw/arm/smmuv3-internal.h
> index 99fdbcf3f5..1e757af459 100644
> --- a/hw/arm/smmuv3-internal.h
> +++ b/hw/arm/smmuv3-internal.h
> @@ -703,6 +703,8 @@ static inline int oas2bits(int oas_field)
> #define CD_R(x) extract32((x)->word[1], 13, 1)
> #define CD_A(x) extract32((x)->word[1], 14, 1)
> #define CD_AARCH64(x) extract32((x)->word[1], 9 , 1)
> +#define CD_NSCFG0(x) extract32((x)->word[2], 0, 1)
> +#define CD_NSCFG1(x) extract32((x)->word[4], 0, 1)
>
> /**
> * tg2granule - Decodes the CD translation granule size field according
> diff --git a/hw/arm/smmuv3.c b/hw/arm/smmuv3.c
> index 55f4ad1757..3686056d8e 100644
> --- a/hw/arm/smmuv3.c
> +++ b/hw/arm/smmuv3.c
> @@ -812,6 +812,7 @@ static int decode_cd(SMMUv3State *s, SMMUTransCfg *cfg,
> tt->ttb = CACHED_ENTRY_TO_ADDR(entry, tt->ttb);
> }
>
> + tt->nscfg = i ? CD_NSCFG1(cd) : CD_NSCFG0(cd);
> tt->had = CD_HAD(cd, i);
> trace_smmuv3_decode_cd_tt(i, tt->tsz, tt->ttb, tt->granule_sz, tt->had);
> }
> @@ -915,6 +916,7 @@ static SMMUTransCfg *smmuv3_get_config(SMMUDevice *sdev, SMMUEventInfo *event,
> cfg = NULL;
> return cfg;
> }
> + cfg->sel2 = FIELD_EX32(s->bank[SMMU_SEC_SID_S].idr[1], S_IDR1, SEL2);
I don't get why we store sel2 in the cfg as it does not vary.
Thanks
Eric
>
> if (!smmuv3_decode_config(&sdev->iommu, cfg, event)) {
> SMMUConfigKey *persistent_key = g_new(SMMUConfigKey, 1);
> diff --git a/include/hw/arm/smmu-common.h b/include/hw/arm/smmu-common.h
> index bccbbe0115..90a37fe32d 100644
> --- a/include/hw/arm/smmu-common.h
> +++ b/include/hw/arm/smmu-common.h
> @@ -109,6 +109,7 @@ typedef struct SMMUTransTableInfo {
> uint8_t tsz; /* input range, ie. 2^(64 -tsz)*/
> uint8_t granule_sz; /* granule page shift */
> bool had; /* hierarchical attribute disable */
> + int nscfg; /* Non-secure attribute of Starting-level TT */
> } SMMUTransTableInfo;
>
> typedef struct SMMUTLBEntry {
> @@ -116,6 +117,7 @@ typedef struct SMMUTLBEntry {
> uint8_t level;
> uint8_t granule;
> IOMMUAccessFlags parent_perm;
> + SMMUSecSID sec_sid;
> } SMMUTLBEntry;
>
> /* Stage-2 configuration. */
> @@ -156,6 +158,7 @@ typedef struct SMMUTransCfg {
> struct SMMUS2Cfg s2cfg;
> MemTxAttrs txattrs; /* cached transaction attributes */
> AddressSpace *as; /* cached address space */
> + int sel2; /* Secure EL2 and Secure stage 2 support */
> } SMMUTransCfg;
>
> typedef struct SMMUDevice {
next prev parent reply other threads:[~2025-12-02 15:20 UTC|newest]
Thread overview: 67+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-10-12 15:06 [RFC v3 00/21] hw/arm/smmuv3: Add initial support for Secure State Tao Tang
2025-10-12 15:06 ` [RFC v3 01/21] hw/arm/smmuv3: Fix incorrect reserved mask for SMMU CR0 register Tao Tang
2025-10-12 15:06 ` [RFC v3 02/21] hw/arm/smmuv3: Correct SMMUEN field name in CR0 Tao Tang
2025-10-12 15:06 ` [RFC v3 03/21] hw/arm/smmuv3: Introduce secure registers Tao Tang
2025-11-21 12:47 ` Eric Auger
2025-10-12 15:06 ` [RFC v3 04/21] refactor: Move ARMSecuritySpace to a common header Tao Tang
2025-11-21 12:49 ` Eric Auger
2025-10-12 15:06 ` [RFC v3 05/21] hw/arm/smmuv3: Introduce banked registers for SMMUv3 state Tao Tang
2025-11-21 13:02 ` Eric Auger
2025-11-23 9:28 ` [RESEND RFC " Tao Tang
2025-10-12 15:06 ` [RFC v3 06/21] hw/arm/smmuv3: Thread SEC_SID through helper APIs Tao Tang
2025-11-21 13:13 ` Eric Auger
2025-10-12 15:06 ` [RFC v3 07/21] hw/arm/smmuv3: Track SEC_SID in configs and events Tao Tang
2025-12-02 11:05 ` Eric Auger
2025-10-12 15:06 ` [RFC v3 08/21] hw/arm/smmuv3: Add separate address space for secure SMMU accesses Tao Tang
2025-12-02 13:53 ` Eric Auger
2025-12-03 13:50 ` Tao Tang
2025-12-11 22:12 ` Pierrick Bouvier
2025-12-11 22:19 ` Pierrick Bouvier
2025-10-12 15:06 ` [RFC v3 09/21] hw/arm/smmuv3: Plumb transaction attributes into config helpers Tao Tang
2025-12-02 14:03 ` Eric Auger
2025-12-03 14:03 ` Tao Tang
2025-10-12 15:06 ` [RFC v3 10/21] hw/arm/smmu-common: Key configuration cache on SMMUDevice and SEC_SID Tao Tang
2025-12-02 14:18 ` Eric Auger
2025-10-12 15:06 ` [RFC v3 11/21] hw/arm/smmuv3: Decode security attributes from descriptors Tao Tang
2025-12-02 15:19 ` Eric Auger [this message]
2025-12-03 14:30 ` Tao Tang
2025-10-12 15:12 ` [RFC v3 12/21] hw/arm/smmu-common: Implement secure state handling in ptw Tao Tang
2025-12-02 15:53 ` Eric Auger
2025-12-03 15:10 ` Tao Tang
2025-10-12 15:12 ` [RFC v3 13/21] hw/arm/smmuv3: Tag IOTLB cache keys with SEC_SID Tao Tang
2025-12-02 16:08 ` Eric Auger
2025-12-03 15:28 ` Tao Tang
2025-10-12 15:13 ` [RFC v3 14/21] hw/arm/smmuv3: Add access checks for MMIO registers Tao Tang
2025-12-02 16:31 ` Eric Auger
2025-12-03 15:32 ` Tao Tang
2025-10-12 15:13 ` [RFC v3 15/21] hw/arm/smmuv3: Determine register bank from MMIO offset Tao Tang
2025-10-14 23:31 ` Pierrick Bouvier
2025-12-04 14:21 ` Eric Auger
2025-12-05 6:31 ` Tao Tang
2025-10-12 15:13 ` [RFC v3 16/21] hw/arm/smmuv3: Implement SMMU_S_INIT register Tao Tang
2025-12-04 14:33 ` Eric Auger
2025-12-05 8:23 ` Tao Tang
2025-10-12 15:14 ` [RFC v3 17/21] hw/arm/smmuv3: Pass security state to command queue and IRQ logic Tao Tang
2025-12-04 14:46 ` Eric Auger
2025-12-05 9:42 ` Tao Tang
2025-10-12 15:14 ` [RFC v3 18/21] hw/arm/smmuv3: Harden security checks in MMIO handlers Tao Tang
2025-12-04 14:59 ` Eric Auger
2025-12-05 10:36 ` Tao Tang
2025-12-05 17:23 ` Pierrick Bouvier
2025-10-12 15:15 ` [RFC v3 19/21] hw/arm/smmuv3: Use iommu_index to represent the security context Tao Tang
2025-10-15 0:02 ` Pierrick Bouvier
2025-10-16 6:37 ` Tao Tang
2025-10-16 7:04 ` Pierrick Bouvier
2025-10-20 8:44 ` Tao Tang
2025-10-20 22:55 ` Pierrick Bouvier
2025-10-21 3:51 ` Tao Tang
2025-10-22 21:23 ` Pierrick Bouvier
2025-10-23 9:02 ` Tao Tang
2025-12-04 15:05 ` Eric Auger
2025-12-05 10:54 ` Tao Tang
2025-10-12 15:15 ` [RFC v3 20/21] hw/arm/smmuv3: Initialize the secure register bank Tao Tang
2025-12-02 16:36 ` Eric Auger
2025-12-03 15:48 ` Tao Tang
2025-10-12 15:16 ` [RFC v3 21/21] hw/arm/smmuv3: Add secure migration and enable secure state Tao Tang
2025-12-02 16:39 ` Eric Auger
2025-12-03 15:54 ` Tao Tang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=6173cde1-ee30-45b5-a8dc-0cdb09a4b1f1@redhat.com \
--to=eric.auger@redhat.com \
--cc=chenbaozi@phytium.com.cn \
--cc=jean-philippe@linaro.org \
--cc=peter.maydell@linaro.org \
--cc=philmd@linaro.org \
--cc=pierrick.bouvier@linaro.org \
--cc=qemu-arm@nongnu.org \
--cc=qemu-devel@nongnu.org \
--cc=smostafa@google.com \
--cc=tangtao1634@phytium.com.cn \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).