Re: [RFC 02/11] hw/arm/smmuv3: Implement read/write logic for secure registers

[Mostafa Saleh <smostafa@google.com>]

On Wed, Aug 20, 2025 at 11:21:02PM +0800, Tao Tang wrote:
> 
> On 2025/8/19 05:24, Mostafa Saleh wrote:
> > On Wed, Aug 06, 2025 at 11:11:25PM +0800, Tao Tang wrote:
> > > This patch builds upon the previous introduction of secure register
> > > definitions by providing the functional implementation for their access.
> > > 
> > > The availability of the secure programming interface is now correctly
> > > gated by the S_IDR1.SECURE_IMPL bit. When this bit indicates that
> > > secure functionality is enabled, the I/O handlers (smmuv3_read and
> > > smmuv3_write) will correctly dispatch accesses to the secure
> > > register space.
> > > 
> > > Signed-off-by: Tao Tang <tangtao1634@phytium.com.cn>
> > > ---
> > >   hw/arm/smmuv3-internal.h |   5 +
> > >   hw/arm/smmuv3.c          | 451 +++++++++++++++++++++++++++++++++++++++
> > >   2 files changed, 456 insertions(+)
> > > 
> > > diff --git a/hw/arm/smmuv3-internal.h b/hw/arm/smmuv3-internal.h
> > > index 483aaa915e..1a8b1cb204 100644
> > > --- a/hw/arm/smmuv3-internal.h
> > > +++ b/hw/arm/smmuv3-internal.h
> > > @@ -122,6 +122,11 @@ REG32(CR0,                 0x20)
> > >   #define SMMU_CR0_RESERVED 0xFFFFFC20
> > > +/*
> > > + * BIT1 and BIT4 are RES0 in SMMU_S_CRO
> > > + */
> > > +#define SMMU_S_CR0_RESERVED 0xFFFFFC12
> > > +
> > >   REG32(CR0ACK,              0x24)
> > >   REG32(CR1,                 0x28)
> > >   REG32(CR2,                 0x2c)
> > > diff --git a/hw/arm/smmuv3.c b/hw/arm/smmuv3.c
> > > index ab67972353..619180d204 100644
> > > --- a/hw/arm/smmuv3.c
> > > +++ b/hw/arm/smmuv3.c
> > > @@ -317,6 +317,18 @@ static void smmuv3_init_regs(SMMUv3State *s)
> > >       s->gerrorn = 0;
> > >       s->statusr = 0;
> > >       s->gbpa = SMMU_GBPA_RESET_VAL;
> > > +
> > > +    /* Initialize secure state */
> > > +    memset(s->secure_idr, 0, sizeof(s->secure_idr));
> > > +    /* Secure EL2 and Secure stage 2 support */
> > > +    s->secure_idr[1] = FIELD_DP32(s->secure_idr[1], S_IDR1, SEL2, 1);
> > AFAIU, this is wrong, SEL2 means that the SMMU has dual stage-2,
> > one for secure (S_S2TTB) and one for non-secure IPAs(S2TTB).
> > Which is not implemented in this series.
> 
> 
> Hi Mostafa,
> 
> Thank you for the very detailed and helpful review. Your feedback is spot
> on, and I'd like to address your points and ask for a quick confirmation on
> them.
> 
> Regarding the SEL2 bit, you are absolutely right, my understanding was
> incorrect. I've spent the last few days reviewing the manual to better
> understand the selection between Secure and Non-secure Stage 2 translations.
> I would be very grateful if you could confirm if my new understanding is
> correct:
> 
> - In Stage 2-only mode (Stage 1 bypassed), the choice between a Secure or
> Non-secure IPA translation is determined solely by STE.NSCFG.
> 

Yes, but that's only with SMMU_IDR1.ATTR_PERMS_OVR which Qemu doesn't
advertise, so in our case it's always secure.

> - In Stage 1-enabled mode, STE.NSCFG is ignored. The choice is determined by
> the translation process, starting from CD.NSCFGx, with the output NS
> attribute being the result of intermediate NSTable flags and the final
> descriptor.NS bit (TTD.NSTable, TTD.NS).
> 

You have to differentiate between the security state of the translation and
the security state of the translation table access.

For stage-1, the security state is determined by the NS bit in the last
level PTE, which in case of nested translation it will choose between S2TTB
or S_S2TTB.

Also, note that the stage-2 also have an NS which define the final attribute
of the transaction.

You have to also be careful around things such as NSCFG{0,1} as it might
change which stage-2 is used for the stage-1 TTB walk.

I see, in your patches, all the page-table access is done using the secure
state of the SID which is not correct.


> Based on this, I plan to have an internal flag, perhaps named
> target_ipa_is_ns in SMMUTransCfg.SMMUS2Cfg struct, to track the outcome of
> this process. This flag will then determine whether S_S2TTB or S2TTB is used
> for the Stage 2 translation.
> 

I am worried that it's not that simple for a single secure nested translation
you can have multiple stage-2 walks where some might be secure and others not,
so I imagine this some how will be determined from each stage-1 walk and
some how returned (maybe in the TLB struct) which is then the stage-2
walk looks into.

I am not sure how complicated it is to manage 2 stage-2 with the current code
base, so my advice would be to split the problem; for now you can drop SEL2
from this series and rely on NS stage-2.

And later, it can be added separately, but that’s up to you and the maintainers
on how they want to do this, I will try to review as much as I can.

Also, according to the spec:
"STT is 1 in implementations where SMMU_S_IDR1.SEL2 == 1."
which requires extra work in the translation table code to support this
feature.

> 
> > 
> > > +    /* Secure state implemented */
> > > +    s->secure_idr[1] = FIELD_DP32(s->secure_idr[1], S_IDR1,
> > > +        SECURE_IMPL, 1);
> > > +    s->secure_idr[1] = FIELD_DP32(s->secure_idr[1], S_IDR1,
> > > +        S_SIDSIZE, SMMU_IDR1_SIDSIZE);
> > > +
> > > +    s->secure_gbpa = SMMU_GBPA_RESET_VAL;
> > >   }
> > >   static int smmu_get_ste(SMMUv3State *s, dma_addr_t addr, STE *buf,
> > > @@ -1278,6 +1290,12 @@ static void smmuv3_range_inval(SMMUState *s, Cmd *cmd, SMMUStage stage)
> > >       }
> > >   }
> > > +/* Check if the SMMU hardware itself implements secure state features */
> > > +static inline bool smmu_hw_secure_implemented(SMMUv3State *s)
> > > +{
> > > +    return FIELD_EX32(s->secure_idr[1], S_IDR1, SECURE_IMPL);
> > > +}
> > > +
> > I see that the secure SMMU support is unconditional. So, is this always true?
> > Also, how that looks with migration?
> 
> For the v2 series, my plan is to make SECURE_IMPL a user-configurable device
> property. I will add a "secure-enabled" property to smmuv3_properties and
> ensure all necessary states are added to the VMStateDescription to handle
> migration correctly. Does this approach sound reasonable to you?

Yes, that makes sense.

> 
> 
> > 
> > >   static int smmuv3_cmdq_consume(SMMUv3State *s)
> > >   {
> > >       SMMUState *bs = ARM_SMMU(s);
> > > @@ -1508,9 +1526,91 @@ static int smmuv3_cmdq_consume(SMMUv3State *s)
> > >       return 0;
> > >   }
> > > +/* Helper function for secure register write validation */
> > > +static bool smmu_validate_secure_write(MemTxAttrs attrs, bool secure_impl,
> > > +                                       hwaddr offset, const char *reg_name)
> > > +{
> > > +    if (!attrs.secure || !secure_impl) {
> > > +        const char *reason = !attrs.secure ?
> > > +            "Non-secure write attempt" :
> > > +            "SMMU didn't implement Security State";
> > > +        qemu_log_mask(LOG_GUEST_ERROR,
> > > +                      "%s: %s at offset 0x%" PRIx64 " (%s, WI)\n",
> > > +                      __func__, reason, offset, reg_name);
> > > +        return false;
> > > +    }
> > > +    return true;
> > > +}
> > > +
> > > +/* Helper function for secure register read validation */
> > > +static bool smmu_validate_secure_read(MemTxAttrs attrs, bool secure_impl,
> > > +                                      hwaddr offset, const char *reg_name,
> > > +                                      uint64_t *data)
> > > +{
> > > +    if (!attrs.secure || !secure_impl) {
> > > +        const char *reason = !attrs.secure ?
> > > +            "Non-secure read attempt" :
> > > +            "SMMU didn't implement Security State";
> > > +        qemu_log_mask(LOG_GUEST_ERROR,
> > > +                      "%s: %s at offset 0x%" PRIx64 " (%s, RAZ)\n",
> > > +                      __func__, reason, offset, reg_name);
> > > +        *data = 0; /* RAZ */
> > > +        return false;
> > > +    }
> > > +    return true;
> > > +}
> > > +
> > > +/* Macro for secure write validation - returns early if validation fails */
> > > +#define SMMU_CHECK_SECURE_WRITE(reg_name) \
> > > +    do { \
> > > +        if (!smmu_validate_secure_write(attrs, secure_impl, offset, \
> > > +                                        reg_name)) { \
> > > +            return MEMTX_OK; \
> > > +        } \
> > > +    } while (0)
> > > +
> > > +/* Macro for attrs.secure only validation */
> > > +#define SMMU_CHECK_ATTRS_SECURE(reg_name) \
> > > +    do { \
> > > +        if (!attrs.secure) { \
> > > +            qemu_log_mask(LOG_GUEST_ERROR, \
> > > +                          "%s: Non-secure write attempt at offset " \
> > > +                          "0x%" PRIx64 " (%s, WI)\n", \
> > > +                          __func__, offset, reg_name); \
> > > +            return MEMTX_OK; \
> > > +        } \
> > > +    } while (0)
> > > +
> > > +/* Macro for secure read validation - returns RAZ if validation fails */
> > > +#define SMMU_CHECK_SECURE_READ(reg_name) \
> > > +    do { \
> > > +        if (!smmu_validate_secure_read(attrs, secure_impl, offset, \
> > > +                                       reg_name, data)) { \
> > > +            return MEMTX_OK; \
> > > +        } \
> > > +    } while (0)
> > > +
> > > +/* Macro for attrs.secure only validation (read) */
> > > +#define SMMU_CHECK_ATTRS_SECURE_READ(reg_name) \
> > > +    do { \
> > > +        if (!attrs.secure) { \
> > > +            qemu_log_mask(LOG_GUEST_ERROR, \
> > > +                          "%s: Non-secure read attempt at offset " \
> > > +                          "0x%" PRIx64 " (%s, RAZ)\n", \
> > > +                          __func__, offset, reg_name); \
> > > +            *data = 0; \
> > > +            return MEMTX_OK; \
> > > +        } \
> > > +    } while (0)
> > > +
> > > 
> > Can’t we just have one check? If the access > SMMU_SECURE_BASE_OFFSET, just
> > check the security state?
> > 
> > And then based on banking, many of those switches will be common with
> > non secure cases.
> > 
> > Thanks,
> > Mostafa
> 
> 
> I have already refactored this part in my v2 series, exactly as you
> proposed. This also addresses your earlier feedback on patch #1 regarding
> the overall structure:
> 
> > As Philippe mentioned, this would be better the secure state is separated
> > in another instance of the struct, that seems it would reduce a lot of the
> > duplication later around the logic of MMIO and queues... in the next
> > patches.
> 
> The new code performs a single, necessary security state check at the entry
> point of the MMIO handlers. The rest of the logic relies on the banking
> mechanism, which makes the implementation generic for Non-secure, Secure,
> and future states like Realm/Root. The new structure looks like this:
> 
> /* Structure for one register bank */
> typedef struct SMMUv3Bank {
>     uint32_t idr[6];     /* IDR0-IDR5, note: IDR5 only used for NS bank */
>     uint32_t cr[3];      /* CR0-CR2 */
>     uint32_t cr0ack;
>     uint32_t init;       /* S_INIT register (secure only), reserved for NS
> */
>     uint32_t gbpa;
> 
> ......
> 
>     SMMUQueue eventq, cmdq;
> } SMMUv3Bank;
> 
> struct SMMUv3State {
>     SMMUState     smmu_state;
> 
>     /* Shared (non-banked) registers and state */
>     uint32_t features;
>     uint8_t sid_size;
>     uint8_t sid_split;
> 
> ......
> 
>     /* Banked registers for all access */
>     SMMUv3Bank bank[SMMU_SEC_IDX_NUM];
> ......
> };
> 

Yes, IMO,that’s the right approach. Although that might make the
migration code more complicated as we changed the state struct.

Thanks,
Mostafa

> 
> Thanks again for your valuable feedback. I've outlined my proposed plan
> above and would be grateful for any thoughts on it to ensure I'm on the
> right track for v2.
> 
> Best regards,
> 
> Tao
> 
> 
> 
> 
>