From: Yi Liu <yi.l.liu@intel.com>
To: Jason Gunthorpe <jgg@nvidia.com>
Cc: Nicolin Chen <nicolinc@nvidia.com>, <will@kernel.org>,
<robin.murphy@arm.com>, <bhelgaas@google.com>, <joro@8bytes.org>,
<praan@google.com>, <baolu.lu@linux.intel.com>,
<kevin.tian@intel.com>, <miko.lenczewski@arm.com>,
<linux-arm-kernel@lists.infradead.org>, <iommu@lists.linux.dev>,
<linux-kernel@vger.kernel.org>, <linux-pci@vger.kernel.org>,
<dan.j.williams@intel.com>, <jonathan.cameron@huawei.com>,
<vsethi@nvidia.com>, <linux-cxl@vger.kernel.org>,
<nirmoyd@nvidia.com>
Subject: Re: [PATCH v4 1/3] PCI: Allow ATS to be always on for CXL.cache capable devices
Date: Thu, 21 May 2026 15:31:46 +0800 [thread overview]
Message-ID: <80e7e1be-c384-470f-9949-8c0dbad165ac@intel.com> (raw)
In-Reply-To: <20260520143410.GV3602937@nvidia.com>
On 5/20/26 22:34, Jason Gunthorpe wrote:
> On Wed, May 20, 2026 at 09:12:31PM +0800, Yi Liu wrote:
>> On 4/27/26 13:54, Nicolin Chen wrote:
>>> Controlled by the IOMMU driver, ATS is usually enabled "on demand" when a
>>> given PASID on a device is attached to an I/O page table. This is working
>>> even when a device has no translation on its RID (i.e., the RID is IOMMU
>>> bypassed).
>>
>> nit: this description seems not accurate. Intel iommu driver enables ATS
>> in the probe_device() phase. mind tweak a bit to avoid misleading
>> message. :)
>
> It probably shouldn't do this, it should follow ARM and have it
> dynamic during domain attach.
Agreed that making it dynamic during domain attach is a better
direction. However, even framing it that way, the description tying ATS
enablement to PASID attachment is still architecturally specific to ARM
SMMUv3, and doesn't hold as a general statement. :)
> For security we need ATS disabled for blocking domains at a minimum.
Agreed on the security model.
One more data point worth discussing: today Intel's IOMMU driver enables
ATS at probe time, which has two effects — enabling the PCI ATS
capability on the device, and setting the DTE bit in the scalable-mode
PASID-table entry. When a RID or PASID is subsequently attached to a
blocking domain, the corresponding PASID-table entry has its Present (P)
bit cleared.
Per the VT-d spec (condition SPT.2), with P=0:
- Translation Requests (with or without PASID) complete successfully,
but return R=W=U=S=0 to the device — effectively a no-access result.
- Untranslated Requests receive UR.
- Translated Requests are N/A.
So while neither the PCI ATS capability nor the DTE bit is explicitly
cleared when a blocking domain is attached, ATS-related transactions
don't produce any usable result from the device's perspective.
Does this hardware behavior satisfy the security expectation you have in
mind? Or do you still require that both the DTE bit and the PCI ATS
capability be explicitly disabled when a blocking domain is in effect?
Regards,
Yi Liu
next prev parent reply other threads:[~2026-05-21 7:23 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-27 5:53 [PATCH v4 0/3] Allow ATS to be always on for certain ATS-capable devices Nicolin Chen
2026-04-27 5:54 ` [PATCH v4 1/3] PCI: Allow ATS to be always on for CXL.cache capable devices Nicolin Chen
2026-04-27 16:31 ` Dave Jiang
2026-04-30 21:41 ` Dan Williams (nvidia)
2026-04-30 23:28 ` Nicolin Chen
2026-05-01 23:27 ` Dan Williams (nvidia)
2026-05-01 23:46 ` Jason Gunthorpe
2026-05-02 0:19 ` Dan Williams (nvidia)
2026-05-19 19:36 ` Bjorn Helgaas
2026-05-19 22:23 ` Jason Gunthorpe
2026-05-19 23:48 ` Bjorn Helgaas
2026-05-20 0:05 ` Jason Gunthorpe
2026-05-20 1:04 ` Nicolin Chen
2026-05-20 14:20 ` Jason Gunthorpe
2026-05-20 17:29 ` Nicolin Chen
2026-05-20 17:47 ` Bjorn Helgaas
2026-05-20 17:56 ` Jason Gunthorpe
2026-05-20 13:12 ` Yi Liu
2026-05-20 14:34 ` Jason Gunthorpe
2026-05-21 7:31 ` Yi Liu [this message]
2026-04-27 5:54 ` [PATCH v4 2/3] PCI: Allow ATS to be always on for pre-CXL devices Nicolin Chen
2026-04-27 16:32 ` Dave Jiang
2026-05-20 13:12 ` Yi Liu
2026-05-20 17:50 ` Bjorn Helgaas
2026-05-20 17:53 ` Jason Gunthorpe
2026-04-27 5:54 ` [PATCH v4 3/3] iommu/arm-smmu-v3: Allow ATS to be always on Nicolin Chen
2026-04-27 16:37 ` Dave Jiang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=80e7e1be-c384-470f-9949-8c0dbad165ac@intel.com \
--to=yi.l.liu@intel.com \
--cc=baolu.lu@linux.intel.com \
--cc=bhelgaas@google.com \
--cc=dan.j.williams@intel.com \
--cc=iommu@lists.linux.dev \
--cc=jgg@nvidia.com \
--cc=jonathan.cameron@huawei.com \
--cc=joro@8bytes.org \
--cc=kevin.tian@intel.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-cxl@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-pci@vger.kernel.org \
--cc=miko.lenczewski@arm.com \
--cc=nicolinc@nvidia.com \
--cc=nirmoyd@nvidia.com \
--cc=praan@google.com \
--cc=robin.murphy@arm.com \
--cc=vsethi@nvidia.com \
--cc=will@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox