From: Nicolin Chen <nicolinc@nvidia.com>
To: Jason Gunthorpe <jgg@nvidia.com>
Cc: Will Deacon <will@kernel.org>, <robin.murphy@arm.com>,
<joro@8bytes.org>, <linux-arm-kernel@lists.infradead.org>,
<iommu@lists.linux.dev>, <linux-kernel@vger.kernel.org>,
<skolothumtho@nvidia.com>, <praan@google.com>,
<xueshuai@linux.alibaba.com>, <smostafa@google.com>
Subject: Re: [PATCH rc v5 1/4] iommu/arm-smmu-v3: Add update_safe bits to fix STE update sequence
Date: Mon, 12 Jan 2026 10:58:22 -0800 [thread overview]
Message-ID: <aWVETpwlx9Rhs8Kw@Asurada-Nvidia> (raw)
In-Reply-To: <20260112161010.GC812923@nvidia.com>
On Mon, Jan 12, 2026 at 12:10:10PM -0400, Jason Gunthorpe wrote:
> Still, it seems easy enough to improve, do not add EATS to the safe
> bits if either the current or new STE has S2S set. That will force a
> V=0 and avoid the illegal STE. Nicolin?
Ack. I made the following changes:
-----------------------------------------------------------------
@@ -1083,7 +1083,8 @@ void arm_smmu_get_ste_used(const __le64 *ent, __le64 *used_bits)
EXPORT_SYMBOL_IF_KUNIT(arm_smmu_get_ste_used);
VISIBLE_IF_KUNIT
-void arm_smmu_get_ste_update_safe(__le64 *safe_bits)
+void arm_smmu_get_ste_update_safe(const __le64 *cur, const __le64 *target,
+ __le64 *safe_bits)
{
/*
* MEV does not meaningfully impact the operation of the HW, it only
@@ -1097,13 +1098,22 @@ void arm_smmu_get_ste_update_safe(__le64 *safe_bits)
safe_bits[1] |= cpu_to_le64(STRTAB_STE_1_MEV);
/*
- * EATS is used to reject and control the ATS behavior of the device. If
- * we are changing it away from 0 then we already trust the device to
- * use ATS properly and we have sequenced the device's ATS enable in PCI
- * config space to prevent it from issuing ATS while we are changing
- * EATS.
+ * When a STE comes to change EATS the sequencing code in the attach
+ * logic already will have the PCI cap for ATS disabled. Thus at this
+ * moment we can expect that the device will not generate ATS queries
+ * and so we don't care about the sequencing of EATS. The purpose of
+ * EATS is to protect the system from hostile untrusted devices that
+ * issue ATS when the PCI config space is disabled. However, if EATS
+ * is being changed then we already must be trusting the device since
+ * the EATS security block is being disabled.
+ *
+ * Note: Since we moved the EATS update to the first phase, changing
+ * S2S and EATS might transiently set S2S=1 and EATS=1, resulting in
+ * a bad STE. See "5.2 Stream Table Entry". In such a case, we can't
+ * do a hitless update.
*/
- safe_bits[1] |= cpu_to_le64(STRTAB_STE_1_EATS);
+ if (!((cur[2] | target[2]) & cpu_to_le64(STRTAB_STE_2_S2S)))
+ safe_bits[1] |= cpu_to_le64(STRTAB_STE_1_EATS);
}
EXPORT_SYMBOL_IF_KUNIT(arm_smmu_get_ste_update_safe);
-----------------------------------------------------------------
I'll send v6 after running some tests.
Thanks
Nicolin
next prev parent reply other threads:[~2026-01-12 18:59 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-12-18 21:41 [PATCH rc v5 0/4] iommu/arm-smmu-v3: Fix hitless STE update in nesting cases Nicolin Chen
2025-12-18 21:41 ` [PATCH rc v5 1/4] iommu/arm-smmu-v3: Add update_safe bits to fix STE update sequence Nicolin Chen
2026-01-02 18:26 ` Mostafa Saleh
2026-01-07 21:20 ` Will Deacon
2026-01-08 0:36 ` Jason Gunthorpe
2026-01-12 15:53 ` Will Deacon
2026-01-12 16:10 ` Jason Gunthorpe
2026-01-12 18:58 ` Nicolin Chen [this message]
2026-01-13 15:05 ` Will Deacon
2026-01-13 16:12 ` Jason Gunthorpe
2026-01-13 20:29 ` Nicolin Chen
2026-01-13 20:51 ` Jason Gunthorpe
2026-01-15 13:11 ` Jason Gunthorpe
2026-01-15 16:25 ` Nicolin Chen
2026-01-15 16:29 ` Jason Gunthorpe
2026-01-15 16:34 ` Nicolin Chen
2026-01-15 17:39 ` Will Deacon
2025-12-18 21:41 ` [PATCH rc v5 2/4] iommu/arm-smmu-v3: Mark STE MEV safe when computing the " Nicolin Chen
2026-01-02 18:27 ` Mostafa Saleh
2025-12-18 21:41 ` [PATCH rc v5 3/4] iommu/arm-smmu-v3: Mark STE EATS " Nicolin Chen
2025-12-18 21:41 ` [PATCH rc v5 4/4] iommu/arm-smmu-v3-test: Add nested s1bypass/s1dssbypass coverage Nicolin Chen
2026-01-02 18:27 ` Mostafa Saleh
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aWVETpwlx9Rhs8Kw@Asurada-Nvidia \
--to=nicolinc@nvidia.com \
--cc=iommu@lists.linux.dev \
--cc=jgg@nvidia.com \
--cc=joro@8bytes.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=praan@google.com \
--cc=robin.murphy@arm.com \
--cc=skolothumtho@nvidia.com \
--cc=smostafa@google.com \
--cc=will@kernel.org \
--cc=xueshuai@linux.alibaba.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox