From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id DDC78E9A04A for ; Thu, 19 Feb 2026 14:37:53 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:List-Subscribe:List-Help :List-Post:List-Archive:List-Unsubscribe:List-Id:MIME-Version:In-Reply-To: Content-Type:References:Message-ID:Subject:Cc:To:From:Date:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=WRNVeDVZeNq/1WnXzci8Pt86Sy9lNtsovgf7ek4MRLQ=; b=nYaOpJ+MyWcuNCKZAwLcWrZxXl +ZVbvNGasgVsyGT6Zkj2cQ2GJj+jvfBMTyblbuSaCOyfiU2kVrqbJ6WEm+zNLIgrqgClQ6RoNHZ/6 DoBce1eTE2+e2rA8XUzIbY97jqrzSMJtZxlsDvRvCm+cLlSqtJfxncTfPGxRvVf7mrmQV2d5bja8p 9mVkeWOpSrQwzOyJM7VbOJbTj4iltJIog9s92qSabVq0SqPgq9tkhQLM92ao5tlFUcnVKP7fcNJ35 18R+9huCt7r6ePyx2jAkIT4b9PATSsWUNxGo6EhAc2CM4Ru84W9jFBkxTGPsx3aGq4EbhOcO4uweH xtl+jZWA==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.98.2 #2 (Red Hat Linux)) id 1vt5A4-0000000BT9d-2Oow; Thu, 19 Feb 2026 14:37:48 +0000 Received: from mail-eastusazon11012066.outbound.protection.outlook.com ([52.101.53.66] helo=BL0PR03CU003.outbound.protection.outlook.com) by bombadil.infradead.org with esmtps (Exim 4.98.2 #2 (Red Hat Linux)) id 1vt5A2-0000000BT9I-2lZh for linux-arm-kernel@lists.infradead.org; Thu, 19 Feb 2026 14:37:47 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=EIyGDCxqLGvKTIsHxUqZrUCFpouYiJnMmELCNoMsxE9FeGzeK4gUdTEj/V/ocVWEkOrrz6UzoW49MHYJwrgRxBKIWaLTud6L/PqvV/cEwbm39qpZN4DwVvDfpl1I+FItlQXKCtIhijzTJDHtNqrFFUCwBVIS+nbB/hboDRNtcmaciYYcwWzCzsIc+wdnwIj3/sPY+uf6qMbLJKCk1Lso2h/626jZ2c/BZmBHT/M8KHTi6PlxWa47XswhuzKG1TupIN9EZaadKlsXD6QelVRCLrB/+3Nz/9S2srC29FNdmKYTueXndMi3GzA4VcUWDEJuDMVh+J4lNuC0k8pkoV95Ug== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=WRNVeDVZeNq/1WnXzci8Pt86Sy9lNtsovgf7ek4MRLQ=; b=B5EKc1fwEI2A1WvJUaDfJsl1v4FQedGZtrje27WAIBj/2ETuCITBgkyG+MOME+5mZm7SpyP+Q9DJA6wV9Q+G8NTZtTgs586vhvZooFyJxoMiXqvKW7TJB1gEWs55INYw2U9z6Wx3R2jupjFt/cRpqGFbkAaisQKbitYfRaVUft+dEhm6Rt/ZX34pezK24LqlFMtvatyqQ957OhlyENRiePGBg/Gck5xcRfMeKCUidzT9fC+6eSrjLPPs6LMPL8HAbFxpQpcNCLIChJ4QeY/eaN8PaLLxdlZKyJlt2tB10B1lyEROu2Q+ifLj5sIWKoSnQX4Egz/vbvDk5B1+Ld+njw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nvidia.com; dmarc=pass action=none header.from=nvidia.com; dkim=pass header.d=nvidia.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Nvidia.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=WRNVeDVZeNq/1WnXzci8Pt86Sy9lNtsovgf7ek4MRLQ=; b=hCiwJt7KlRZD5lVxxpTKJORvkcj656Vw0hJ7VCpymRdgwVKXd7PtUQ+mGxKzXV51ZA21hT/cAXVhkOIxBKEH9mFLLBTbT7+XT5OzbuLfqy3JFZzAKpe81+5FD3X5QQ9/rV2mEmSUIL1rhenjmQlPDf9hdaw/1WDZAAoBPZI3xUNdn4B161fQHlH8xcCDKWXm5Dnw4nB7sH7hMCb1ZHZT0+kPVQWaFld2XFOCZyhhru2gDOGRPqTnqSmtUj6LhmqnxdDjybe7yGvG++hJenLU6P7pAOSaLvz7+25mwmE7MKvH5HBBhob89q1ejRgcetNMzzAvwXvLH20u8nqilopF9A== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=nvidia.com; Received: from LV8PR12MB9620.namprd12.prod.outlook.com (2603:10b6:408:2a1::19) by MN0PR12MB5977.namprd12.prod.outlook.com (2603:10b6:208:37c::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9611.16; Thu, 19 Feb 2026 14:37:39 +0000 Received: from LV8PR12MB9620.namprd12.prod.outlook.com ([fe80::299d:f5e0:3550:1528]) by LV8PR12MB9620.namprd12.prod.outlook.com ([fe80::299d:f5e0:3550:1528%5]) with mapi id 15.20.9632.015; Thu, 19 Feb 2026 14:37:39 +0000 Date: Thu, 19 Feb 2026 10:37:37 -0400 From: Jason Gunthorpe To: Nicolin Chen Cc: dan.j.williams@intel.com, "Tian, Kevin" , Jonathan Cameron , "will@kernel.org" , "robin.murphy@arm.com" , "bhelgaas@google.com" , "joro@8bytes.org" , "praan@google.com" , "baolu.lu@linux.intel.com" , "miko.lenczewski@arm.com" , "linux-arm-kernel@lists.infradead.org" , "iommu@lists.linux.dev" , "linux-kernel@vger.kernel.org" , "linux-pci@vger.kernel.org" , "linux-cxl@vger.kernel.org" Subject: Re: [PATCH RFCv1 1/3] PCI: Allow ATS to be always on for CXL.cache capable devices Message-ID: <20260219143737.GG723117@nvidia.com> References: <69727e7ded712_3095100ab@dwillia2-mobl4.notmuch> <20260127150440.GF1134360@nvidia.com> <69795d0366a9_1d33100d3@dwillia2-mobl4.notmuch> <20260128130520.GV1134360@nvidia.com> <20260203143348.GA3931454@nvidia.com> <20260203175540.GC3931454@nvidia.com> Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-ClientProxiedBy: MN2PR05CA0036.namprd05.prod.outlook.com (2603:10b6:208:c0::49) To LV8PR12MB9620.namprd12.prod.outlook.com (2603:10b6:408:2a1::19) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: LV8PR12MB9620:EE_|MN0PR12MB5977:EE_ X-MS-Office365-Filtering-Correlation-Id: 4d0c1e58-f213-499d-d5eb-08de6fc46e58 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|366016|7416014|376014|1800799024; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?odSJTh8fOC+N6AfZG7oaL1chD4n9ipXHIFI+6LwZa1iobKMlLr/c6QUR/WhH?= =?us-ascii?Q?Q9v/AeaElUyozMKVW5BZK/kOVg7OgR1Pa3U1MBQYY1RxiZFgoNsdo4OE9lYS?= =?us-ascii?Q?tGf3JOkk80ZH8tmzE/aZC/ZnAfZx8RMVum5iGmZeA7Gbqk+KXrMbDOJN8Nlk?= =?us-ascii?Q?OK0+2AhEMe09gSBclPPA8oVjF620FP6VxrF/IRj8ZxX8O2lTFnenx67DqfuB?= =?us-ascii?Q?DrCp52j/Vea7+c5NDswhP0jIcbuy16y0pFYXI5FSKSHabHIlgzEb1YJYidDI?= =?us-ascii?Q?Vx+CvBkLZyHJzv/Qis5E5H1yphBsk5w/AEN/YF0ze6buo0pH1VpFF74dfT6N?= =?us-ascii?Q?ygEwfMwqU9uEz4q6je17qkYKUVCKvU9bl4pMCb2QDzFeBCw/UKuXiitcK2IB?= =?us-ascii?Q?WdIPwjHqLiefKn4IWM/z/pJzQzhkKujQNY62qCmU8WtlTqg53CqsqUKJN7h9?= =?us-ascii?Q?1n3lIK6gid9RcidTU7isnNrJmY40zibKJlcPaGj5Te2tXsxk359EnxIE06V3?= =?us-ascii?Q?xRzOTMpJ+z0/jx1inAfdMQSZCrbY8z2BcItwQsTFO+B+Umo4vvzMnEOwDP3S?= =?us-ascii?Q?0F8drnLGzCeE+s3f7sVMWK29ZR7JtVsQUd6MJc+2c5YnrBEVyQceuHUG4ngt?= =?us-ascii?Q?E7fCOyZXlK1oaeDXDoZY1vcgmsbNT2hnTWWLKhjaVpeCNRhhjiuQ2Iw4W7Tx?= =?us-ascii?Q?L2ul22ETQa0zeXTmZq30UrKakhE7Rml/pue/ZeFTRAMPcfc9Kmo4hZ/kHaoQ?= =?us-ascii?Q?/tUuu2Kq5lfx0Vyhwm2IGVFk3XJ612nb0yq8fpRBVG6MG5nuOQXet9yi1Ue9?= =?us-ascii?Q?xXuRTOkapRC+r1/dSriMcTaPE7UIzLdCW5zQKDBGQEeWJUxSZzSpDuWP1J2u?= =?us-ascii?Q?fDWhEU2XbMl7HUj7TXiIWjmuUgR5kv3BZ6Bdo6/jn/7u1OJUDRhr/ImteGCN?= =?us-ascii?Q?TZKrli9iP8E0dznRCI1+wzqGnYHjkDwBckQAMb9VNytV0GG/wNBq1dHgG29Z?= =?us-ascii?Q?GbckkAzW0QKs8owPL43Ik1mwo50d2kLh/1F3vHw5uIHd14lD0k72qyNgGh74?= =?us-ascii?Q?tO2wcIgbFfXZQuNOEouIpVI5kzyZ500nFNhOQob7s+THxPrRTbNTnglrVk8c?= =?us-ascii?Q?12E05aXzRuTUps6igoYP5D3UDvw09/DogOnOu+LqeLTAvVmvGX+7Ov8nNxk+?= =?us-ascii?Q?A32cGva81rd00nRACC75WImwU+KR70zV/orW3n3eIZVWsMz/I83ZYoyS5fz3?= =?us-ascii?Q?Iq2NIXCUzKtv2vCwCxgG5iJknBJUyzCXzx9ksN3hKJDYXZB/EGdSwiLzDx4p?= =?us-ascii?Q?pqZmsrY2JZTgqjVg4hlQkcXrFrDjKOkoLm/CGutQvUBNWVCci3U/Uqjqahwo?= =?us-ascii?Q?nJfBTSqZb/WEVvyF8cINxh3sBTIENd9Hz6UO4gRlD8KZTE5NFI7T+1OWPdkb?= =?us-ascii?Q?OkYV++PZz47ZbYlFF3tmxMw0qKohheBQfv+pPh3XeKkZjDRzwMxA58+9qgIX?= =?us-ascii?Q?B7hS74wyVFpwa4NkbconIlyD0wVaDLK8yBI1jkpH6sWaeKtTpjHTHL/Wzv7S?= =?us-ascii?Q?GKXGRT3Zno9hpPsUXg4=3D?= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:LV8PR12MB9620.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(366016)(7416014)(376014)(1800799024);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?Wno0Om9BITxilNCkMbRcvZYyvj0vb1/r+SSZf9HtShAyWGTwaPBLmuC4zzgF?= =?us-ascii?Q?BOpIg+auTsJUF/rdbPqT+iOfVFN7RAHq795M0cC+Rl/XLEKDAepgGC4y5xj/?= =?us-ascii?Q?OE2LSAoJf3QB1TivUmTZCW9oVUp+1YGShJVHU/y3XroQH+/0NnDVfXr1NRVM?= =?us-ascii?Q?GQJvELuQAXXinR1cyq29ABnNzx+yxMINIA+7cOjcOudS9XW5w5BzWWVI1L/0?= =?us-ascii?Q?5JIMX9uK312U5+g82CDsgBbIrAwzmDmA0clqP7rbLNWpSCMHz05U66YU4paJ?= =?us-ascii?Q?a9kOPKZfmoS/4SbuFyaniUnSxwB7zXQy5TsJE4dOncqJkEXG8e3CM8nJ+5li?= =?us-ascii?Q?zsHlwxEqnG5maGZDBhfIMtzJv3QcN/pZYO3E7Ld1WrR2tGCJ2c+7JCN0Ahc9?= =?us-ascii?Q?sXOpPDHUas7USuUMv4c4aFtjV21OCkDOrNWNHjCd+0+lr56Ivt/VY67PtpIF?= =?us-ascii?Q?pYRBUI9MDIyjVK0x+NI6wbZYmN0X29u/LGSFbx/nz5/0DgkylK9SW4+FwAke?= =?us-ascii?Q?vfofIzN1nr7pwUESdQxvkimHyq6H4tvvvkwDUbQk/L2s2SUf0mdMX3JeT13m?= =?us-ascii?Q?n9mA+m5G8ttrMXswxuUR9ZBtbRfvZ0aAy3zrIF+VcfR5gxcl4IsPo/IZ8fON?= =?us-ascii?Q?qqOLr27sLkJv/2LKSohJE1Gx657rVMVoTAXqKHmPvom4o4mjcHjE8E6DOTpG?= =?us-ascii?Q?SAglD6pvsfqQzKOU+Wz0KKx0kGRcx2DT3ufmcx+px8mGQvKDcBZrrzjGWr5T?= =?us-ascii?Q?tYleVgDrQZq6YZD5KiCT0LelQJwE4RGhgc/zpF3CVqVIfPJhvJ8KjI6RWpzI?= =?us-ascii?Q?pggxMfCzqolrKqLLApYX/JyItFttL+zP1XrTp8IBOEZ3XF967xpv8Qwrseag?= =?us-ascii?Q?MoDhOFJMJaWvGihw6LeRNyZyHwNskI68JnerNmdTzZXAATh6tBrFtObrOAom?= =?us-ascii?Q?WRAZc+ZfC5FbqAVkbIkaaS1kceCBlCt8dN/MqakJo/d8XYWaMIr9KwIQIhJA?= =?us-ascii?Q?UuSPRfSRYM9fAa3IfIRLjV5aZodaJGyRNXHfv2sRpA+hu7jRdyQHLXK3D/Uq?= =?us-ascii?Q?5dSwW8pQerMC27bnuii1DoHkGq/ZO1VUbWX8Xl95WAiGo3rrWxS6hZGWmbut?= =?us-ascii?Q?7vqkzGckq4rKFz/0OU788lHGQS7/nAfTGySPOZpRpc1qOw1cempvZmEe31YJ?= =?us-ascii?Q?yIIB4cFoYsmyIWr2TbIdVOwtZS0VuTCjIqDSyVu64DCOe08IgQ0331h9X23G?= =?us-ascii?Q?9BwfA9aCQJx7KILfWbHhYkn3GO2HTL2rO/oUM6IfuiaSnqaJJMQtJmoNEOaU?= =?us-ascii?Q?JGfMFuvXIV4fQwpzoyqKkn2o2zjB6C0slr14LIxIoeqgdjNAePp4GP30qS2E?= =?us-ascii?Q?yU2b7MVfdDvjUyYkjCIFJxpi1LOoVDgPL7jKCG4c9xTLbzPV02h2Thn9xiR/?= =?us-ascii?Q?WXGRM3Ongbxoq85OoqZ4Jjw2O1HMbyeTDQhbVss25WULWW4RNYOK3lr7qcGR?= =?us-ascii?Q?ie9B/qPBOGmUfToNZNbQMsK89eFpu0VpaO43nLl93OY9Pd4a4em+pIXq2jgB?= =?us-ascii?Q?taVib6JGyBdSibtQZFS9vkR54aP7bbOzjJkTbqrsTNSO9UNfCHEe2/n0lszE?= =?us-ascii?Q?tGcQxl0ceUI037hKa//hNon99uJAFLeuAtzkRH+ZXCqG0RlnzJ1jrQEpm2CO?= =?us-ascii?Q?QQqcZdit2tXe23KhDNvEkAOLwW6TgQBq69wOJ+TwmB+kGsSNNK0gwYD2MVlX?= =?us-ascii?Q?O58SzoMY4w=3D=3D?= X-OriginatorOrg: Nvidia.com X-MS-Exchange-CrossTenant-Network-Message-Id: 4d0c1e58-f213-499d-d5eb-08de6fc46e58 X-MS-Exchange-CrossTenant-AuthSource: LV8PR12MB9620.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 19 Feb 2026 14:37:39.0911 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 43083d15-7273-40c1-b7db-39efd9ccc17a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 70pJTnuhmCA0XDEOe8qs45odUrs5bhBhazu6k3m7GT8przoK2sjfxxeTZ8EeNBFL X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN0PR12MB5977 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20260219_063746_709410_D24CA248 X-CRM114-Status: GOOD ( 20.11 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org On Wed, Feb 18, 2026 at 02:56:35PM -0800, Nicolin Chen wrote: > On Tue, Feb 03, 2026 at 01:55:40PM -0400, Jason Gunthorpe wrote: > > On Tue, Feb 03, 2026 at 09:45:17AM -0800, Nicolin Chen wrote: > > > Btw, attaching to IOMMU_DOMAIN_BLOCKED/group->blocking_domain is not > > > allowed in general if require_direct=true. I assume this case can be > > > an exception since there's no point in allowing a device that has no > > > driver yet to access any reserved region? > > > > If require_direct is set then we have to disable this mechanism.. > > I found a corner case, which might be another exception here? I don't think this blocking security work needs to be part of this series. We just need to disable the mechanism for untrusted devices. > Most of dma_configure callback functions don't use default domain > when driver_managed_dma is set. And this breaks MSI on pcieports. The ARM MSI aperture need is some special case here. Those drivers don't use DMA at all so of course they don't have the DMA API setup, but they do use the MSI aperture on ARM. Broadly here we were talking about blocked domains for unattached drivers, but an empty DMA domain is the same thing and still continues to allow the MSI vectors to work. So we can reframe this a little bit into more like if the user requests IDENTITY then the IDENTITY domain is not installed until just before the driver binds. Up until then it is in the DMA domain. Meaning if userspace controls driver binding then unbound drivers have their DMA access blocked by an empty DMA domain. ie we dynamical shift modes for security. This would only work on singleton groups. Jason