On 2025/8/19 05:28, Mostafa Saleh wrote:
On Wed, Aug 06, 2025 at 11:11:29PM +0800, Tao Tang wrote:
To support parallel processing of secure and non-secure streams, the
SMMUv3 model needs to differentiate between the two contexts throughout
its core logic. This commit is the foundational step to make the code
security-state aware.
An is_secure flag, which will be used in subsequent patches to represent
the transaction's security state, is now plumbed through the main
processing paths.
This change is purely preparatory and introduces no functional changes
for the existing non-secure path. All current call sites are updated
to pass is_secure = false.
This refactoring paves the way for upcoming patches that will introduce
separate TLB entries for secure transactions and enable a fully
parallel secure/non-secure SMMU model.
I think it’s easier to review if this patch was split (STE parsing,
page table handling and translation, TLB invalidation)
Also based on my comment on patch 2, stage-2 handling doesn’t seem correct to
me.
Thanks,
Mostafa
Hi Mostafa,
Thank you your suggestion.
You've made a very good point. This patch is indeed too large and tries
to cover too many different areas. For the v2 series, I will break this
patch down into logical parts as you suggested (STE parsing, page table
handling, etc.).
I also acknowledge your concern about the stage-2 handling logic from
your comment on patch 2. I have sent a separate, detailed reply to your
feedback on patch #2 that outlines my new understanding.
And as you commented on patch #01:
Inside this TCG VM, a KVM guest was launched, and the same NVMe device was
re-assigned to it via VFIO.
Command line of KVM VM inside TCG VM is below:
sudo qemu-system-aarch64 \
-enable-kvm -m 1024 -cpu host -M virt \
-machine virt,gic-version=3 \
-cpu max -append "nokaslr" -smp 1 \
-monitor stdio \
-kernel 5.15.Image \
-initrd rootfs.cpio.gz \
-display vnc=:22,id=primary \
-device vfio-pci,host=00:01.0
The KVM guest was able to perform I/O on the device
correctly, confirming that the non-secure path is not broken.
I gave the patches a quick test and they seem to have broken my
nested setup, I will look more into it and let you know what I find.
Thanks,
Mostafa
I'm sorry to hear that it has broken your environment. Please don't
hesitate to share any details, logs, or reproduction steps when you find
them. I am more than happy to help reproduce the issue on my end to get
it fixed as quickly as possible.
I would be delighted to hear back from you on any of the topics we've
discussed, as any further guidance you can offer would be invaluable.
Thanks,
Tao
