Hi Eric,
On 2026/3/3 AM12:48, Eric Auger wrote:
On 2/21/26 11:02 AM, Tao Tang wrote:
When decoding a Stream Table Entry (STE) from the Secure stream table
that enables stage-2 translation, verify that the SMMU implementation
advertises Secure stage-2 support via S_IDR1.SEL2. If stage-2 is
requested but S_IDR1.SEL2 is 0, mark the STE as ILLEGAL.
This implements the requirement from the Arm SMMUv3 architecture
specification (IHI 0070G.b, Section 5.2, Page 218) that a Secure STE
with stage-2 enabled is only valid when the implementation supports
Secure stage-2 translation.
Signed-off-by: Tao Tang<[email protected]>
---
hw/arm/smmuv3.c | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/hw/arm/smmuv3.c b/hw/arm/smmuv3.c
index 2192bec2368..d011357253e 100644
--- a/hw/arm/smmuv3.c
+++ b/hw/arm/smmuv3.c
@@ -623,6 +623,16 @@ static int decode_ste(SMMUv3State *s, SMMUTransCfg *cfg,
I think I would rather pass the sec_sid as a parameter, indicating which
secure stream table shall be used for ste decoding
if (ret) {
goto bad_ste;
}
+
+ /*
+ * Stage 2 is implemented but Secure stage 2 is not supported while
+ * STE is from Secure stream table. STE is ILLEGAL in this case
+ * according to (IHI 0070G.b) 5.2 STE, Stream Table Entry, Page 218.
would reuse the spec full terminology:
I would explicitly tell explicitly: " it is ILLEGAL to set STE.Config ==
0b11x."
+ */
+ if ((cfg->sec_sid == SMMU_SEC_SID_S) &&
+ !(FIELD_EX32(s->bank[SMMU_SEC_SID_S].idr[1], S_IDR1, SEL2))) {
+ goto bad_ste;
+ }
}
/* Multiple context descriptors require SubstreamID support */
Otherwise looks good
Thanks for your review.
I’ll rework decode_ste() to take sec_sid as a parameter, and explicitly
state the illegal encoding.
Best regards,
Tao
