From: Jason Gunthorpe <jgg@nvidia.com>
To: Nicolin Chen <nicolinc@nvidia.com>
Cc: Will Deacon <will@kernel.org>,
robin.murphy@arm.com, joro@8bytes.org,
linux-arm-kernel@lists.infradead.org, iommu@lists.linux.dev,
linux-kernel@vger.kernel.org, skolothumtho@nvidia.com,
praan@google.com, xueshuai@linux.alibaba.com,
smostafa@google.com
Subject: Re: [PATCH rc v5 1/4] iommu/arm-smmu-v3: Add update_safe bits to fix STE update sequence
Date: Tue, 13 Jan 2026 16:51:12 -0400 [thread overview]
Message-ID: <20260113205112.GJ812923@nvidia.com> (raw)
In-Reply-To: <aWarF90zBqxD0Gef@Asurada-Nvidia>
On Tue, Jan 13, 2026 at 12:29:11PM -0800, Nicolin Chen wrote:
> On Tue, Jan 13, 2026 at 12:12:53PM -0400, Jason Gunthorpe wrote:
> > On Tue, Jan 13, 2026 at 03:05:52PM +0000, Will Deacon wrote:
> > > I suppose we shouldn't ever see the case that they both have S2S, but
> > > that's fine.
> >
> > If they both have S2S then it works correctly? Any S2S forces EATS to
> > follow the normal rules.
> >
> > > The spec also suggests that there's an additional illegal STE case w/
> > > split-stage ATS (EATS_S1CHK) if Config != S1+S2.
> >
> > The driver doesn't support that either..
> >
> > It is fixed by checking if new EATS is valid under old config and old
> > EATS valid under new config.
> >
> > Also to support S1CHK someday we cannot allow the hypervisor to leave
> > S1_S2 and go to S2, since the HW can't deal with that...
>
> Perhaps the safe bits should only have EATS_TRANS, excluding S1CHK:
>
> --------------------------------------------------------------------------
> + * When an STE changes EATS_TRANS, the sequencing code in the attach
> + * logic already will have the PCI cap for ATS disabled. Thus at this
> + * moment we can expect that the device will not generate ATS queries
> + * and so we don't care about the sequencing of EATS. The purpose of
> + * EATS_TRANS is to protect the system from hostile untrusted devices
> + * that issue ATS when the PCI config space is disabled. However, if
> + * EATS_TRANS is being changed, then we must have already trusted the
> + * device as the EATS_TRANS security block is being disabled.
> + *
> + * Note: now the EATS_TRANS update is moved to the first entry_set().
> + * Changing S2S and EATS might transiently result in S2S=1 and EATS=1
> + * which is a bad STE (see "5.2 Stream Table Entry"). In such a case,
> + * we can't do a hitless update. Also, STRTAB_STE_1_EATS_S1CHK should
> + * not be added to the safe bits because it relies on CFG[2:0]=0b111,
> + * to prevent another bad STE.
> */
> - safe_bits[1] |= cpu_to_le64(STRTAB_STE_1_EATS);
> + if (!((cur[2] | target[2]) & cpu_to_le64(STRTAB_STE_2_S2S)))
> + safe_bits[1] |= cpu_to_le64(
> + FIELD_PREP(STRTAB_STE_1_EATS, STRTAB_STE_1_EATS_TRANS));
> --------------------------------------------------------------------------
>
> @will, does this look good to you? I can send a v7 with this.
That is an easy way to address Will's observation, makes sense to me.
Thanks,
Jason
next prev parent reply other threads:[~2026-01-13 20:51 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-12-18 21:41 [PATCH rc v5 0/4] iommu/arm-smmu-v3: Fix hitless STE update in nesting cases Nicolin Chen
2025-12-18 21:41 ` [PATCH rc v5 1/4] iommu/arm-smmu-v3: Add update_safe bits to fix STE update sequence Nicolin Chen
2026-01-02 18:26 ` Mostafa Saleh
2026-01-07 21:20 ` Will Deacon
2026-01-08 0:36 ` Jason Gunthorpe
2026-01-12 15:53 ` Will Deacon
2026-01-12 16:10 ` Jason Gunthorpe
2026-01-12 18:58 ` Nicolin Chen
2026-01-13 15:05 ` Will Deacon
2026-01-13 16:12 ` Jason Gunthorpe
2026-01-13 20:29 ` Nicolin Chen
2026-01-13 20:51 ` Jason Gunthorpe [this message]
2026-01-15 13:11 ` Jason Gunthorpe
2026-01-15 16:25 ` Nicolin Chen
2026-01-15 16:29 ` Jason Gunthorpe
2026-01-15 16:34 ` Nicolin Chen
2026-01-15 17:39 ` Will Deacon
2025-12-18 21:41 ` [PATCH rc v5 2/4] iommu/arm-smmu-v3: Mark STE MEV safe when computing the " Nicolin Chen
2026-01-02 18:27 ` Mostafa Saleh
2025-12-18 21:41 ` [PATCH rc v5 3/4] iommu/arm-smmu-v3: Mark STE EATS " Nicolin Chen
2025-12-18 21:41 ` [PATCH rc v5 4/4] iommu/arm-smmu-v3-test: Add nested s1bypass/s1dssbypass coverage Nicolin Chen
2026-01-02 18:27 ` Mostafa Saleh
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260113205112.GJ812923@nvidia.com \
--to=jgg@nvidia.com \
--cc=iommu@lists.linux.dev \
--cc=joro@8bytes.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=nicolinc@nvidia.com \
--cc=praan@google.com \
--cc=robin.murphy@arm.com \
--cc=skolothumtho@nvidia.com \
--cc=smostafa@google.com \
--cc=will@kernel.org \
--cc=xueshuai@linux.alibaba.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.