From: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
To: David Matlack <dmatlack@google.com>
Cc: Bjorn Helgaas <bhelgaas@google.com>,
Alexander Lobakin <aleksander.lobakin@intel.com>,
Bartosz Pawlowski <bartosz.pawlowski@intel.com>,
David Woodhouse <dwmw2@infradead.org>,
linux-kernel@vger.kernel.org, linux-pci@vger.kernel.org,
Lu Baolu <baolu.lu@linux.intel.com>,
Raghavendra Rao Ananta <rananta@google.com>
Subject: Re: [PATCH] PCI: Disable ATS via quirk before notifying IOMMU drivers
Date: Mon, 23 Feb 2026 22:37:06 +0200 [thread overview]
Message-ID: <aZy6cge_a9a7O03g@smile.fi.intel.com> (raw)
In-Reply-To: <20260223184017.688212-1-dmatlack@google.com>
On Mon, Feb 23, 2026 at 06:40:16PM +0000, David Matlack wrote:
> Ensure that PCI devices that have ATS disabled via quirk have it
> disabled before IOMMU drivers are notified about the device. Otherwise
> the IOMMU driver will see that the device has ATS enabled during probing
> and then later it will get disabled.
>
> This fixes at least one bug in the Intel IOMMU driver where it adds the
> device to an rbtree because it sees ATS is enabled, but then ATS gets
> disabled via quirk. When the device is destroyed (e.g. hot-unplug, VF
> destruction, etc.) the driver sees that ATS is disabled and does not
> remove it from the rbtree. This inevitably leads to a use-after-free
> and corruption of the rbtree.
>
> Fix this by disabling ATS via quirk during "early" fixups instead of
> "final" fixups.
Hmm... Sounds to me like a premature disablement, but I leave it the experts.
What I think about the case, that IOMMU should be probably fixed to avoid such
situation for all level of quirks. Can it be feasible?
> Fixes: a18615b1cfc0 ("PCI: Disable ATS for specific Intel IPU E2000 devices")
> Closes: https://lore.kernel.org/linux-iommu/aYUQ_HkDJU9kjsUl@google.com/
> Cc: Raghavendra Rao Ananta <rananta@google.com>
> Cc: David Woodhouse <dwmw2@infradead.org>
> Cc: Lu Baolu <baolu.lu@linux.intel.com>
These...
> Signed-off-by: David Matlack <dmatlack@google.com>
> ---
...may go here with the same effect on email, but reducing the unneeded noise
in the actual Git history.
--
With Best Regards,
Andy Shevchenko
next prev parent reply other threads:[~2026-02-23 20:37 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-02-23 18:40 [PATCH] PCI: Disable ATS via quirk before notifying IOMMU drivers David Matlack
2026-02-23 20:37 ` Andy Shevchenko [this message]
2026-02-24 17:19 ` David Matlack
2026-02-24 17:25 ` Andy Shevchenko
2026-02-24 17:41 ` David Matlack
2026-02-25 9:43 ` Andy Shevchenko
2026-02-25 19:37 ` David Matlack
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aZy6cge_a9a7O03g@smile.fi.intel.com \
--to=andriy.shevchenko@linux.intel.com \
--cc=aleksander.lobakin@intel.com \
--cc=baolu.lu@linux.intel.com \
--cc=bartosz.pawlowski@intel.com \
--cc=bhelgaas@google.com \
--cc=dmatlack@google.com \
--cc=dwmw2@infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-pci@vger.kernel.org \
--cc=rananta@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox