On 2025/8/19 05:26, Mostafa Saleh wrote:
On Wed, Aug 06, 2025 at 11:11:26PM +0800, Tao Tang wrote:
This patch implements the S_INIT register, a secure-only register
with no non-secure counterpart. It provides a simple mechanism for
secure software to perform a global invalidation of all SMMU
configuration and translation caches.
This is typically the final step in a SMMU's probe sequence, marking
the end of initialization for the SMMU's secure interface.
With this and the previous change, a guest that is aware of the SMMUv3
secure extensions can probe the device's capabilities and perform basic
configuration of the secure interface, as is done by secure partition
managers like Hafnium in its smmuv3_driver_init function.
Signed-off-by: Tao Tang <tangtao1...@phytium.com.cn>
---
hw/arm/smmuv3.c | 29 +++++++++++++++++++++++++++++
hw/arm/trace-events | 1 +
2 files changed, 30 insertions(+)
diff --git a/hw/arm/smmuv3.c b/hw/arm/smmuv3.c
index 619180d204..0ea9d897af 100644
--- a/hw/arm/smmuv3.c
+++ b/hw/arm/smmuv3.c
@@ -920,6 +920,21 @@ static void smmuv3_flush_config(SMMUDevice *sdev)
g_hash_table_remove(bc->configs, sdev);
}
+static void smmuv3_invalidate_all_caches(SMMUv3State *s)
+{
+ trace_smmuv3_invalidate_all_caches();
+ SMMUState *bs = &s->smmu_state;
+
+ /* Clear all cached configs including STE and CD*/
+ if (bs->configs) {
+ g_hash_table_remove_all(bs->configs);
+ }
+
+ /* Invalidate all SMMU IOTLB entries */
+ smmu_inv_notifiers_all(&s->smmu_state);
+ smmu_iotlb_inv_all(bs);
+}
+
/* Do translation with TLB lookup. */
static SMMUTranslationStatus smmuv3_do_translate(SMMUv3State *s, hwaddr addr,
SMMUTransCfg *cfg,
@@ -1921,6 +1936,16 @@ static MemTxResult smmu_writel(SMMUv3State *s, hwaddr
offset,
SMMU_CHECK_ATTRS_SECURE("S_EVENTQ_IRQ_CFG2");
s->secure_eventq_irq_cfg2 = data;
return MEMTX_OK;
+ case A_S_INIT:
+ SMMU_CHECK_SECURE_WRITE("S_INIT");
+ if (data & R_S_INIT_INV_ALL_MASK) {
+ /* write S_INIT and poll*/
+ s->secure_init = data & R_S_INIT_INV_ALL_MASK;
+ smmuv3_invalidate_all_caches(s);
Do we need to check that the SMMU is enabled as the spec says?
Hi Mostafa,
Thanks for the feedback on this patch.
You are right, I did miss that necessary check in v1. I will review the
specification and ensure that for the S_INIT register SMMUEN bit is
checked. Additionally, I will take this opportunity to audit whether
other registers also have dependencies on specific control bits before
they can be accessed.
+ }
+ /* initialization is completed and set to 0 to terminate the polling */
+ s->secure_init = 0;
All access to SMMU registers are serialised, so it’s safe to drop this and
just return zero on reads.
This is a much cleaner way to model the Write-Only nature of this
register. In v2, I will remove the secure_init field from the state
structure and have the read handler for A_S_INIT always return zero.
Thanks again for the help.
Best regards,
Tao
