Hi Eric,
On 2026/3/3 00:54, Eric Auger wrote:
Hi Tao,
On 2/21/26 11:14 AM, Tao Tang wrote:
Adapt the configuration cache to support multiple security states by
introducing a composite key, SMMUConfigKey. This key combines the
SMMUDevice with SEC_SID, preventing aliasing between Secure and
Non-secure configurations for the same device, also the future Realm and
Root configurations.
Looking at 27/31, the sec_sid of a device looks rather static, set by a
property. However here you mention risk of aliasing between non secure
and secure for a given sdev
Please could you clarify?
You’re right. In the current RFC the PCI sec-sid is effectively static,
via a device property, so a given sdev does not dynamically switch
between Secure and Non-secure at runtime.
What I meant in this commit was not that this series already implements
such dynamic switching. My intent with keying the cache by (SMMUDevice,
SEC_SID) was to make the cache identity reflect the full security
context of the translation/configuration, rather than implicitly
depending on today’s PCI-side representation.
So for this RFC, the practical effect is mainly to keep the SMMU
internal cache model aligned with the architectural security context,
while avoiding baking the current static PCI representation into the
cache design.
The commit message wording there was too broad, especially the “active
in more than one security world” part. I’ll tighten that in the next
revision.
Thanks,
Tao
Thanks
Eric
The cache lookup, insertion, and invalidation mechanisms are updated
to use this new keying infrastructure. This change is critical for
ensuring correct translation when a device is active in more than one
security world.
Signed-off-by: Tao Tang <[email protected]>
Reviewed-by: Eric Auger <[email protected]>
Link:
https://lore.kernel.org/qemu-devel/[email protected]/
---
hw/arm/smmu-common.c | 45 ++++++++++++++++++++++++++++++++++--
hw/arm/smmuv3.c | 13 +++++++----
include/hw/arm/smmu-common.h | 7 ++++++
3 files changed, 58 insertions(+), 7 deletions(-)
