Hi all, This is v3 of the secure SMMUv3 series. Many thanks to Eric for the detailed review feedback on v2, which formed the basis for these changes. The main updates include:
- Re-sliced the series so that purely mechanical refactors land ahead of the functional updates, which should make the review flow easier. - Renamed SMMUSecurityIndex to SMMUSecSID and plumbed it consistently through the config cache, event reporting, and invalidation helpers so it mirrors the architectural SEC_SID. - Used the actual S_IDR1.SEL2 field to detect Secure Stage-2 support. When SEL2 is absent, we now correctly abort any conflicting operation, be it a translation walk or a command queue request. - MMIO dispatch now derives the register bank from the offset, drops the old non-secure S_INIT alias, and passes the correct security context into the command/event queue paths. - Failed fast if the secure address space is unavailable rather than silently executing secure transactions against the non-secure mapping. On the administrative side, I have re-added the RFC tag that was missed in v2. Eric's Reviewed-by tags have been applied where appropriate, and a Fixes tag has been added to the patch that corrects the MMIO register access checks. The patches for this series also can be found at: [1] https://github.com/hnusdr/qemu/commits/secure-smmu-v3-community Self-testing ---------- Testing has been performed as follows: - The Non-secure code paths were validated using the method at: [2] https://github.com/hnusdr/qemu/commits/test-ns-secure-smmu-v3-community This corresponds to the v2 version of smmu-testdev in another series: [3] https://lists.nongnu.org/archive/html/qemu-arm/2025-09/msg01497.html - The Secure code paths were validated using the method at: [4] https://github.com/hnusdr/qemu/commits/test-secure-smmu-v3-community which relies on an unsubmitted v3 version of smmu-testdev that has been updated to support Secure SMMU. Tao Tang (21): hw/arm/smmuv3: Fix incorrect reserved mask for SMMU CR0 register hw/arm/smmuv3: Correct SMMUEN field name in CR0 hw/arm/smmuv3: Introduce secure registers refactor: Move ARMSecuritySpace to a common header hw/arm/smmuv3: Introduce banked registers for SMMUv3 state hw/arm/smmuv3: Thread SEC_SID through helper APIs hw/arm/smmuv3: Track SEC_SID in configs and events hw/arm/smmuv3: Add separate address space for secure SMMU accesses hw/arm/smmuv3: Plumb transaction attributes into config helpers hw/arm/smmu-common: Key configuration cache on SMMUDevice and SEC_SID hw/arm/smmuv3: Decode security attributes from descriptors hw/arm/smmu-common: Implement secure state handling in ptw hw/arm/smmuv3: Tag IOTLB cache keys with SEC_SID hw/arm/smmuv3: Add access checks for MMIO registers hw/arm/smmuv3: Determine register bank from MMIO offset hw/arm/smmuv3: Implement SMMU_S_INIT register hw/arm/smmuv3: Pass security state to command queue and IRQ logic hw/arm/smmuv3: Harden security checks in MMIO handlers hw/arm/smmuv3: Use iommu_index to represent the security context hw/arm/smmuv3: Initialize the secure register bank hw/arm/smmuv3: Add secure migration and enable secure state hw/arm/smmu-common.c | 161 ++++- hw/arm/smmu-internal.h | 16 +- hw/arm/smmuv3-internal.h | 109 +++- hw/arm/smmuv3.c | 1077 ++++++++++++++++++++++++++------- hw/arm/trace-events | 9 +- hw/arm/virt.c | 5 + include/hw/arm/arm-security.h | 54 ++ include/hw/arm/smmu-common.h | 59 +- include/hw/arm/smmuv3.h | 39 +- target/arm/cpu.h | 25 +- 10 files changed, 1249 insertions(+), 305 deletions(-) create mode 100644 include/hw/arm/arm-security.h -- 2.34.1
