On 12/11/25 13:49, Mark Burton wrote:
I am absolutely prepared to believe I’m handling the IOMMU incorrectly
The setup I’m using is CPU->SMMU(TBU)->AddressSpace (totally unconnected from
the CPU).
What I see in the code is that the IOMMU is permitted to return an address
space - that address space, in the cases I have, is totally unrelated to the
CPU concerned. The CPU knows (till now), nothing about that address space. The
address space being returned from the IOMMU translate doesn’t seem to be used -
so I’m not overly surprised that we end up in the wrong place. Perhaps what
you’re saying is that somehow we should be ‘registering’ this address space
with (any?) CPU that could potentially get to it...
What I see is that io_prepare calls down and gets the target_as from the IOMMU
translate cb, but it only returns MemroyRegionSection, not the target_as, and then
e.g. int_st_mmio_leN seems to use cpu->as and index’s from that ….. I don’t
see what I can be missing?
You're right that there's a disconnect.
There's an initial translation in address_space_translate_for_iotlb() which records a
MemoryRegionSection. Later, during execution, iotlb_to_section starts over from the cpu
address space and tries to find the same MemoryRegionSection, but translation is not involved.
I suspect we need to revisit CPUTLBEntryFull.xlat_section, "indexing" of
MemoryRegionSection, etc.
I've had in the back of my mind a reorg of the entire physical memory subsystem, with an
eye toward eliminating TARGET_PAGE_SIZE entirely. The indexing nonsense would must needs
change in that scenario. All very hand wavey at this point...
r~
