Re: [RFC v3 14/21] hw/arm/smmuv3: Add access checks for MMIO registers

Wed, 03 Dec 2025 07:33:10 -0800 


On 2025/12/3 00:31, Eric Auger wrote:

Hi Tao,

On 10/12/25 5:13 PM, Tao Tang wrote:

The SMMUv3 model was missing checks for register accessibility under
certain conditions. This allowed guest software to write to registers
like STRTAB_BASE when they should be read-only, or read from
GERROR_IRQ_CFG registers when they should be RES0.

This patch fixes this by introducing helper functions, such as the
smmu_(reg_name)_writable pattern, to encapsulate the architectural
access rules. In addition, writes to registers like STRTAB_BASE,
queue bases, and IRQ configurations are now masked to correctly
handle reserved bits.

The MMIO handlers are updated to call these functions before accessing
registers. To purely fix the missing checks without introducing new
functionality, the security context in the MMIO handlers is explicitly
fixed to Non-secure. This ensures that the scope of this patch is
limited to fixing existing Non-secure logic.

If a register is not accessible, the access is now correctly handled
and a guest error is logged, bringing the model's behavior in line with
the specification.

Fixes: fae4be38b35d ("hw/arm/smmuv3: Implement MMIO write operations")
Fixes: 10a83cb9887e ("hw/arm/smmuv3: Skeleton")
Signed-off-by: Tao Tang <[email protected]>
---
  hw/arm/smmuv3.c | 304 +++++++++++++++++++++++++++++++++++++++++++++++-
  1 file changed, 298 insertions(+), 6 deletions(-)

diff --git a/hw/arm/smmuv3.c b/hw/arm/smmuv3.c
index f9395c3821..f161dd3eff 100644
--- a/hw/arm/smmuv3.c
+++ b/hw/arm/smmuv3.c
@@ -1321,6 +1321,127 @@ static void smmuv3_range_inval(SMMUState *s, Cmd *cmd, 
SMMUStage stage,
      }
------------------------------<snip>------------------------------



------------------------------<snip>------------------------------
+
          bank->gerror_irq_cfg1 = data;
          return MEMTX_OK;
      case A_GERROR_IRQ_CFG2:
@@ -1644,12 +1824,32 @@ static MemTxResult smmu_writel(SMMUv3State *s, hwaddr 
offset,
          }
          return MEMTX_OK;
      case A_STRTAB_BASE: /* 64b */
+        if (!smmu_strtab_base_writable(s, reg_sec_sid)) {

would you mind splitting this patch into 2, changes related to

smmu_gerror_irq_cfg_writable and changes related to smmu_strtab_base_writable 
if confirmed they are effectively independent on each others

Eric



Sure. I'll split it in V4. Thanks for your suggestion.

Tao
























					Reply via email to