From: Pranjal Shrivastava <praan@google.com>
To: Nicolin Chen <nicolinc@nvidia.com>
Cc: iommu@lists.linux.dev, Will Deacon <will@kernel.org>,
Joerg Roedel <joro@8bytes.org>,
Robin Murphy <robin.murphy@arm.com>,
Jason Gunthorpe <jgg@ziepe.ca>,
Mostafa Saleh <smostafa@google.com>,
Samiullah Khawaja <skhawaja@google.com>,
Daniel Mentz <danielmentz@google.com>,
Pasha Tatashin <pasha.tatashin@soleen.com>,
David Matlack <dmatlack@google.com>
Subject: Re: [PATCH rc v2] iommu/arm-smmu-v3: Fix inconsistent ATS state tracking
Date: Mon, 4 May 2026 19:33:07 +0000 [thread overview]
Message-ID: <afj0cyBZwkVLyIwK@google.com> (raw)
In-Reply-To: <afjfBi+vw/Ywkzid@nvidia.com>
On Mon, May 04, 2026 at 11:01:42AM -0700, Nicolin Chen wrote:
> On Mon, May 04, 2026 at 04:38:42PM +0000, Pranjal Shrivastava wrote:
> > arm_smmu_enable_ats() ignores the return value of pci_enable_ats(). If
> > pci_enable_ats() fails, the driver still updates its internal state
> > master->ats_enabled to true in arm_smmu_attach_commit().
> >
> > This leads to a state mismatch between the SMMU driver and the PCI core,
> > the SMMU driver operates assuming ATS is enabled. Later, when detaching
> > the device the driver callspci_disable_ats() because it believes ATS is
>
> Missing space: "calls pci_disable_ats()"
Ack. I'll fix the typo.
>
> > The issue was exposed under heavy load when running a VFIO-based DMA map
> > stress test: iova_stress [1]
>
> I wonder what's the real reason for pci_enable_ats() to fail:
>
Yes, It's the dev->is_virtfn case (the one you suspect below)
> int pci_enable_ats(struct pci_dev *dev, int ps)
> {
> u16 ctrl;
> struct pci_dev *pdev;
>
> if (!pci_ats_supported(dev))
> return -EINVAL; // unlikely
>
> if (WARN_ON(dev->ats_enabled))
> return -EBUSY; // unlikely
>
> if (ps < PCI_ATS_MIN_STU)
> return -EINVAL; // unlikely
>
> /*
> * Note that enabling ATS on a VF fails unless it's already enabled
> * with the same STU on the PF.
> */
> ctrl = PCI_ATS_CTRL_ENABLE;
> if (dev->is_virtfn) {
> pdev = pci_physfn(dev);
> if (pdev->ats_stu != ps)
> return -EINVAL; // maybe this one?
> } else {
> dev->ats_stu = ps;
> ctrl |= PCI_ATS_CTRL_STU(dev->ats_stu - PCI_ATS_MIN_STU);
> }
> pci_write_config_word(dev, dev->ats_cap + PCI_ATS_CTRL, ctrl);
>
> dev->ats_enabled = 1;
> return 0;
> }
> EXPORT_SYMBOL_GPL(pci_enable_ats);
>
> > @@ -3051,8 +3051,9 @@ static bool arm_smmu_ats_supported(struct arm_smmu_master *master)
> > return dev_is_pci(dev) && pci_ats_supported(to_pci_dev(dev));
> > }
> >
> > -static void arm_smmu_enable_ats(struct arm_smmu_master *master)
> > +static int arm_smmu_enable_ats(struct arm_smmu_master *master)
> > {
> > + int ret = 0;
>
> Seems no need to set to 0.
>
Ack.
> > @@ -3635,7 +3639,8 @@ void arm_smmu_attach_commit(struct arm_smmu_attach_state *state)
> > arm_smmu_attach_commit_vmaster(state);
> >
> > if (state->ats_enabled && !master->ats_enabled) {
> > - arm_smmu_enable_ats(master);
> > + if (arm_smmu_enable_ats(master))
> > + state->ats_enabled = false;
>
> This alone isn't sufficient.
>
> First, prepare() does:
> if (state->ats_enabled)
> atomic_inc(&smmu_domain->nr_ats_masters);
> So, unsetting state->ats_enabled would need to balance that:
> atomic_dec(&smmu_domain->nr_ats_masters);
>
> Then, arm_smmu_master_build_invs() adds ATS invalidation entry to
> domain->invs during prepare(), so a per-domain invalidation would
> still send ATC_INV, which is probably ok for the PCI device, IIRC.
>
Ahh yes, I forgot about invs array here! Nice catch!
> But the device's ATS entry would not be removed from domain->invs
> during detachment since master->ats_enabled is reverted here, which
> would be a memory leak. And reverting that in domain->invs could be
> a bit painful to do in commit().
>
Hmm.. because we set the ats state in prepare() but turn on ats in
commit.. (no state-change races here due to the asid lock though)
> I am thinking, maybe the call sites of pci_enable/disable_ats() can
> check to_pci_dev(dev)->ats_enabled instead of master->ats_enabled?
>
> Then, we keep master->ats_enabled as-is, so detach() can revert the
> nr_ats_masters and ATS invalidation entry in domain->invs.
My suggestion in that case would be to update arm_smmu_ats_supported to
check if the client is a VF and check if it's PF enables ATS:
static bool arm_smmu_ats_supported(struct arm_smmu_master *master)
{
struct device *dev = master->dev;
struct pci_dev *pdev;
if (!dev_is_pci(dev))
return false;
pdev = to_pci_dev(dev);
if (!pci_ats_supported(pdev))
return false;
/*
* If this is a VF, ATS only works if the PF has already enabled it
* with a valid STU.
*/
if (pdev->is_virtfn && !pci_physfn(pdev)->ats_enabled)
return false;
return true;
}
and then in attach_prepare we can add the ats check for safety:
if (!state->ats_enabled && master->ats_enabled) {
pci_disable_ats(to_pci_dev(master->dev));
+ if (pdev->ats_enabled)
+ pci_disable_ats(to_pci_dev(master->dev));
/* Rest of the condition */
}
WDYT?
Thanks,
Praan
next prev parent reply other threads:[~2026-05-04 19:33 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-05-04 16:38 [PATCH rc v2] iommu/arm-smmu-v3: Fix inconsistent ATS state tracking Pranjal Shrivastava
2026-05-04 18:01 ` Nicolin Chen
2026-05-04 19:33 ` Pranjal Shrivastava [this message]
2026-05-04 20:03 ` Pranjal Shrivastava
2026-05-04 20:23 ` Nicolin Chen
2026-05-04 20:29 ` Pranjal Shrivastava
2026-05-04 20:51 ` Nicolin Chen
2026-05-04 20:40 ` Pranjal Shrivastava
2026-05-04 20:54 ` Nicolin Chen
2026-05-05 16:11 ` Jason Gunthorpe
2026-05-05 20:21 ` Nicolin Chen
2026-05-05 21:23 ` Pranjal Shrivastava
2026-05-05 21:44 ` Nicolin Chen
2026-05-05 22:06 ` Pranjal Shrivastava
2026-05-06 20:44 ` Samiullah Khawaja
2026-05-05 21:14 ` Pranjal Shrivastava
2026-05-05 22:32 ` Pranjal Shrivastava
2026-05-06 9:46 ` Jason Gunthorpe
2026-05-06 20:19 ` Pranjal Shrivastava
2026-05-06 22:03 ` Pranjal Shrivastava
2026-05-06 21:57 ` Pranjal Shrivastava
2026-05-06 22:04 ` Pranjal Shrivastava
2026-05-09 17:14 ` Jason Gunthorpe
2026-05-11 12:07 ` Pranjal Shrivastava
2026-05-11 14:16 ` Jason Gunthorpe
2026-05-11 16:07 ` Pranjal Shrivastava
2026-05-11 16:30 ` David Matlack
2026-05-11 16:57 ` Pranjal Shrivastava
2026-05-11 17:03 ` Jason Gunthorpe
2026-05-06 22:20 ` Samiullah Khawaja
2026-05-07 20:12 ` Pranjal Shrivastava
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=afj0cyBZwkVLyIwK@google.com \
--to=praan@google.com \
--cc=danielmentz@google.com \
--cc=dmatlack@google.com \
--cc=iommu@lists.linux.dev \
--cc=jgg@ziepe.ca \
--cc=joro@8bytes.org \
--cc=nicolinc@nvidia.com \
--cc=pasha.tatashin@soleen.com \
--cc=robin.murphy@arm.com \
--cc=skhawaja@google.com \
--cc=smostafa@google.com \
--cc=will@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox