On Thu, Aug 21, 2025 at 12:25:40AM +0800, Tao Tang wrote: > > On 2025/8/19 05:28, Mostafa Saleh wrote: > > On Wed, Aug 06, 2025 at 11:11:29PM +0800, Tao Tang wrote: > > > To support parallel processing of secure and non-secure streams, the > > > SMMUv3 model needs to differentiate between the two contexts throughout > > > its core logic. This commit is the foundational step to make the code > > > security-state aware. > > > > > > An is_secure flag, which will be used in subsequent patches to represent > > > the transaction's security state, is now plumbed through the main > > > processing paths. > > > > > > This change is purely preparatory and introduces no functional changes > > > for the existing non-secure path. All current call sites are updated > > > to pass is_secure = false. > > > > > > This refactoring paves the way for upcoming patches that will introduce > > > separate TLB entries for secure transactions and enable a fully > > > parallel secure/non-secure SMMU model. > > > > > I think it’s easier to review if this patch was split (STE parsing, > > page table handling and translation, TLB invalidation) > > Also based on my comment on patch 2, stage-2 handling doesn’t seem correct > > to me. > > > > Thanks, > > Mostafa > > > Hi Mostafa, > > Thank you your suggestion. > > You've made a very good point. This patch is indeed too large and tries to > cover too many different areas. For the v2 series, I will break this patch > down into logical parts as you suggested (STE parsing, page table handling, > etc.). > > I also acknowledge your concern about the stage-2 handling logic from your > comment on patch 2. I have sent a separate, detailed reply to your feedback > on patch #2 that outlines my new understanding. > > And as you commented on patch #01: > > > > Inside this TCG VM, a KVM guest was launched, and the same NVMe device was > > > re-assigned to it via VFIO. > > > Command line of KVM VM inside TCG VM is below: > > > > > > sudo qemu-system-aarch64 \ > > > -enable-kvm -m 1024 -cpu host -M virt \ > > > -machine virt,gic-version=3 \ > > > -cpu max -append "nokaslr" -smp 1 \ > > > -monitor stdio \ > > > -kernel 5.15.Image \ > > > -initrd rootfs.cpio.gz \ > > > -display vnc=:22,id=primary \ > > > -device vfio-pci,host=00:01.0 > > > > > > The KVM guest was able to perform I/O on the device > > > correctly, confirming that the non-secure path is not broken. > > I gave the patches a quick test and they seem to have broken my > > nested setup, I will look more into it and let you know what I find. > > > > Thanks, > > Mostafa > > > I'm sorry to hear that it has broken your environment. Please don't hesitate > to share any details, logs, or reproduction steps when you find them. I am > more than happy to help reproduce the issue on my end to get it fixed as > quickly as possible. > > > I would be delighted to hear back from you on any of the topics we've > discussed, as any further guidance you can offer would be invaluable. >
So far, I couldn’t repro, I remember getting permission errors, I will keep the patches in my stack, and will let you know if I hit that again. Thanks, Mostafa > Thanks, > > Tao > > >
