From: Nicolin Chen <nicolinc@nvidia.com>
To: Jason Gunthorpe <jgg@nvidia.com>
Cc: <dan.j.williams@intel.com>, "Tian, Kevin" <kevin.tian@intel.com>,
"Jonathan Cameron" <jonathan.cameron@huawei.com>,
"will@kernel.org" <will@kernel.org>,
"robin.murphy@arm.com" <robin.murphy@arm.com>,
"bhelgaas@google.com" <bhelgaas@google.com>,
"joro@8bytes.org" <joro@8bytes.org>,
"praan@google.com" <praan@google.com>,
"baolu.lu@linux.intel.com" <baolu.lu@linux.intel.com>,
"miko.lenczewski@arm.com" <miko.lenczewski@arm.com>,
"linux-arm-kernel@lists.infradead.org"
<linux-arm-kernel@lists.infradead.org>,
"iommu@lists.linux.dev" <iommu@lists.linux.dev>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"linux-pci@vger.kernel.org" <linux-pci@vger.kernel.org>,
"linux-cxl@vger.kernel.org" <linux-cxl@vger.kernel.org>
Subject: Re: [PATCH RFCv1 1/3] PCI: Allow ATS to be always on for CXL.cache capable devices
Date: Thu, 19 Feb 2026 08:53:19 -0800 [thread overview]
Message-ID: <aZc//6kvH3Eqfwfe@nvidia.com> (raw)
In-Reply-To: <20260219143737.GG723117@nvidia.com>
On Thu, Feb 19, 2026 at 10:37:37AM -0400, Jason Gunthorpe wrote:
> On Wed, Feb 18, 2026 at 02:56:35PM -0800, Nicolin Chen wrote:
> > On Tue, Feb 03, 2026 at 01:55:40PM -0400, Jason Gunthorpe wrote:
> > > On Tue, Feb 03, 2026 at 09:45:17AM -0800, Nicolin Chen wrote:
> > > > Btw, attaching to IOMMU_DOMAIN_BLOCKED/group->blocking_domain is not
> > > > allowed in general if require_direct=true. I assume this case can be
> > > > an exception since there's no point in allowing a device that has no
> > > > driver yet to access any reserved region?
> > >
> > > If require_direct is set then we have to disable this mechanism..
> >
> > I found a corner case, which might be another exception here?
>
> I don't think this blocking security work needs to be part of this
> series. We just need to disable the mechanism for untrusted devices.
Oh, I thought it should be a prerequisite. I'll separate the patch
then.
> > Most of dma_configure callback functions don't use default domain
> > when driver_managed_dma is set. And this breaks MSI on pcieports.
>
> The ARM MSI aperture need is some special case here. Those drivers
> don't use DMA at all so of course they don't have the DMA API setup,
> but they do use the MSI aperture on ARM.
>
> Broadly here we were talking about blocked domains for unattached
> drivers, but an empty DMA domain is the same thing and still continues
> to allow the MSI vectors to work.
I see.
> So we can reframe this a little bit into more like
>
> if the user requests IDENTITY then the IDENTITY domain is not
> installed until just before the driver binds. Up until then it is in
> the DMA domain. Meaning if userspace controls driver binding then
> unbound drivers have their DMA access blocked by an empty DMA domain.
The thing is that those driver_managed_dma callbacks don't call
iommu_device_use_default_domain(). So, the iommu core loses the
trigger to switch domain from BLOCKED/empty-DMA to DMA/IDENTITY.
The pcieports case via pci_dma_configure() is an example.
My previous approach using BUS_NOTIFY could likely work, but it
needed to adjust the timing between BUS_NOTIFY and dev->driver
setting.
Thanks
Nicolin
next prev parent reply other threads:[~2026-02-19 16:54 UTC|newest]
Thread overview: 60+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-01-17 4:56 [PATCH RFCv1 0/3] Allow ATS to be always on for certain ATS-capable devices Nicolin Chen
2026-01-17 4:56 ` [PATCH RFCv1 1/3] PCI: Allow ATS to be always on for CXL.cache capable devices Nicolin Chen
2026-01-19 17:58 ` Jason Gunthorpe
2026-01-21 8:01 ` Tian, Kevin
2026-01-21 10:03 ` Jonathan Cameron
2026-01-21 13:03 ` Jason Gunthorpe
2026-01-22 1:17 ` Baolu Lu
2026-01-22 13:15 ` Jason Gunthorpe
2026-01-22 5:44 ` dan.j.williams
2026-01-22 13:14 ` Jason Gunthorpe
2026-01-22 16:29 ` Nicolin Chen
2026-01-22 16:58 ` Jason Gunthorpe
2026-01-22 19:46 ` dan.j.williams
2026-01-27 8:10 ` Tian, Kevin
2026-01-27 15:04 ` Jason Gunthorpe
2026-01-28 0:49 ` dan.j.williams
2026-01-28 13:05 ` Jason Gunthorpe
2026-02-03 5:13 ` Nicolin Chen
2026-02-03 14:33 ` Jason Gunthorpe
2026-02-03 17:45 ` Nicolin Chen
2026-02-03 17:55 ` Jason Gunthorpe
2026-02-03 18:50 ` Nicolin Chen
2026-02-04 13:21 ` Jason Gunthorpe
2026-02-03 18:59 ` Robin Murphy
2026-02-03 19:24 ` Nicolin Chen
2026-02-03 23:16 ` Jason Gunthorpe
2026-02-04 12:18 ` Robin Murphy
2026-02-04 13:20 ` Jason Gunthorpe
2026-02-18 22:56 ` Nicolin Chen
2026-02-19 14:37 ` Jason Gunthorpe
2026-02-19 16:53 ` Nicolin Chen [this message]
2026-02-19 17:41 ` Jason Gunthorpe
2026-02-20 4:52 ` Nicolin Chen
2026-02-20 12:50 ` Jason Gunthorpe
2026-02-20 13:22 ` Robin Murphy
2026-02-20 13:51 ` Jason Gunthorpe
2026-02-20 14:45 ` Robin Murphy
2026-02-26 15:10 ` Jason Gunthorpe
2026-02-20 18:49 ` Nicolin Chen
2026-02-24 14:38 ` Jason Gunthorpe
2026-01-28 0:57 ` Tian, Kevin
2026-01-28 13:11 ` Jason Gunthorpe
2026-01-29 3:28 ` Tian, Kevin
2026-01-22 10:24 ` Alejandro Lucero Palau
2026-01-17 4:56 ` [PATCH RFCv1 2/3] PCI: Allow ATS to be always on for non-CXL NVIDIA GPUs Nicolin Chen
2026-01-19 18:00 ` Jason Gunthorpe
2026-01-19 18:09 ` Nicolin Chen
2026-01-17 4:56 ` [PATCH RFCv1 3/3] iommu/arm-smmu-v3: Allow ATS to be always on Nicolin Chen
2026-01-19 20:06 ` Jason Gunthorpe
2026-01-26 12:39 ` Will Deacon
2026-01-26 17:20 ` Jason Gunthorpe
2026-01-26 18:40 ` Nicolin Chen
2026-01-26 19:16 ` Jason Gunthorpe
2026-01-26 18:49 ` Robin Murphy
2026-01-26 19:09 ` Jason Gunthorpe
2026-01-27 13:10 ` Will Deacon
2026-01-27 13:26 ` Robin Murphy
2026-01-27 13:50 ` Will Deacon
2026-01-27 14:49 ` Jason Gunthorpe
2026-01-26 18:21 ` Nicolin Chen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aZc//6kvH3Eqfwfe@nvidia.com \
--to=nicolinc@nvidia.com \
--cc=baolu.lu@linux.intel.com \
--cc=bhelgaas@google.com \
--cc=dan.j.williams@intel.com \
--cc=iommu@lists.linux.dev \
--cc=jgg@nvidia.com \
--cc=jonathan.cameron@huawei.com \
--cc=joro@8bytes.org \
--cc=kevin.tian@intel.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-cxl@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-pci@vger.kernel.org \
--cc=miko.lenczewski@arm.com \
--cc=praan@google.com \
--cc=robin.murphy@arm.com \
--cc=will@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.