From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-pl1-f172.google.com (mail-pl1-f172.google.com [209.85.214.172]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3BC693A1A5B for ; Wed, 14 Jan 2026 15:58:09 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.172 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1768406297; cv=none; b=rzwYfhEUvAcE2Qed/19wurG9rwiVPlblzSUwsR49B/sMRU5aNyoRMS4g8YmpQjgXikPGVhN/xuc+Fnb0Ah24x/5Jff180lM4WW6obNzqYoiDvzu4TpE7a8VaT7ogGp580deDIXcwtDLlVZyMdOBLo0Sy0a1yW/sR4hUboL5ke7c= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1768406297; c=relaxed/simple; bh=ST+wzXgaA2HiUuF9iwjkXc/sOujd98rchHVrsybLf2c=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=ZqyDJRSWmFRkdRSMeZK56y+FBRzzkKsDNTe/APg2XH6h4noKhKyN0CG4B/4BHO9pT0GzzDvpf6c4PudBLjm0YX6IjWsbRq4xJIHbbI09fARP2BIYxl4TiEiw7w8t8nKHzML3iyhyaIdL+2rnJziBy9NVGDJGBeR87iG6LLwuSb4= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=2gT88e3x; arc=none smtp.client-ip=209.85.214.172 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="2gT88e3x" Received: by mail-pl1-f172.google.com with SMTP id d9443c01a7336-2a1462573caso85335ad.0 for ; Wed, 14 Jan 2026 07:58:09 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1768406289; x=1769011089; darn=vger.kernel.org; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=0On5mUa4Ad9udUf6v9yU0CLcZogBODduyNyvpvin/+A=; b=2gT88e3xIQc66pRJ/M2p6wa1J8l0/MDqDdQUeu2ZxGYFdim1rkIQbLzNOvBXC7134I bo5I5eNjdRetgkq6BRjs+TpdbjpePVinUJGD17jTN0LbvmFiL6g1vHBf94a4y4SX7d1Q Y0VfdSGOjEPffR857J/iiD+BOaI6BKM0ZtVz7nGR57b7gT357dGDB37Zs5UvRPgKTro6 vnKeGjGHTk65r5DBx9e+wFde++FWsIdfG3WI6u/n/hh0fby3ql+qxcqEnb5fvKU+/fKc Zl8yFr0tqIgNa+TBPfX3Hl0OByoSrwW532cEb2M70uJuXO48DGUdF5Y/rQig35jUHAUl pDbg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1768406289; x=1769011089; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-gg:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=0On5mUa4Ad9udUf6v9yU0CLcZogBODduyNyvpvin/+A=; b=qLtkDDdorfiEyyFTpHopjY23ko5M7Cf4/+PE9/E2RfveIwc4bKIugaGHwY+pt6W+B/ tdvGKFp/TswU/uQQrgFnJL8y7WjBiA5c1QP2m4NO9FXHKpU0bJwotpG3JM9yWkgc/iwm oiUjW6v6N+zfBb+5r7vBC2ZlTtT93h8lrKIh/ZMTjfM9k+5O3NGDLgcHst/lWdm67OGD 53ecYu10Hq0xlaA9gJZFmgTnGEzCgDe3Q14LuDQyOJQTryD1EBYGrd0CWP4te6uDGTbi NhzRKcXh6DA6PjDABf5PqENW0cTkB31WQS0h4V0n8boB4+8usjapCG5EPCCkCgQ0saUf LfDg== X-Forwarded-Encrypted: i=1; AJvYcCWI984CYFb8MfWvji6YMNjBCofc8TUjFia3CjCGAPtlAL7CikWBC+p+gI9bQmOoRizIigIwfvKFTiCqrFg=@vger.kernel.org X-Gm-Message-State: AOJu0Yxmy3VseuaZ7U+pmCQLbNShp46nImXTOKD30O76FrMm9Io19+hx u/e+lzgaQ++LS/OyDP1Oao8E30oTwWDh6gqz8uzOaIVWnmRAxB2B+EGRtom25/0uDg== X-Gm-Gg: AY/fxX4KzvRICHVwsr7zittlE7+fjIQmAM1g1+vYT87YRNFDRIUhRIJtHrDAPtzuRMA vDIIp1wjOB8kgAYodQrQmCrbV69SnjKtmTLAdmrAcRVnDsbB4fhGz+y5xOAB6n4A5mkTc2gFwyH TvnMYnnOHleRdhFFOZLtkWHfkvGqvSjASFAuXgS+iJIFcrKkoyf6N9lidZhaLYGbfiAgYCRZ8tW UnYOw91l1ODozAB/77Ryci0OcBSeiYAanAoDibtTmy7nSnchK/ASc2K8FF0uHxEhbAn9dGrRL7F ZD/+eFrOz3TdntQ9CMmAzitww12MmVXca+Hh7kEhtytf1oqoDUVzl9vqgHXscFgk5+4sHXTIAki EBArRPm8LIKp97MI51fRFsASlqmnvQHWSG1Ooc9RmJ4e/y3QCURg+Fls/njBZbV4XwNZWMBo53E KDmCmyquCiv3Z1yCqj+eG+Mo1SfdF460SwLWAJAP2yUNQS19Tc X-Received: by 2002:a17:903:238b:b0:2a1:3cdc:7720 with SMTP id d9443c01a7336-2a59aa609bemr2426085ad.21.1768406288994; Wed, 14 Jan 2026 07:58:08 -0800 (PST) Received: from google.com (222.245.187.35.bc.googleusercontent.com. [35.187.245.222]) by smtp.gmail.com with ESMTPSA id 41be03b00d2f7-c4cca06b2edsm22922269a12.32.2026.01.14.07.58.06 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 14 Jan 2026 07:58:08 -0800 (PST) Date: Wed, 14 Jan 2026 15:58:03 +0000 From: Pranjal Shrivastava To: Nicolin Chen Cc: will@kernel.org, jgg@nvidia.com, robin.murphy@arm.com, joro@8bytes.org, linux-arm-kernel@lists.infradead.org, iommu@lists.linux.dev, linux-kernel@vger.kernel.org, skolothumtho@nvidia.com, xueshuai@linux.alibaba.com, smostafa@google.com Subject: Re: [PATCH rc v6 3/4] iommu/arm-smmu-v3: Mark STE EATS safe when computing the update sequence Message-ID: References: Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: On Mon, Jan 12, 2026 at 12:20:16PM -0800, Nicolin Chen wrote: > From: Jason Gunthorpe > > If a VM wants to toggle EATS off at the same time as changing the CFG, the > hypervisor will see EATS change to 0 and insert a V=0 breaking update into > the STE even though the VM did not ask for that. > > In bare metal, EATS is ignored by CFG=ABORT/BYPASS, which is why this does > not cause a problem until we have nested where CFG is always a variation of > S2 trans that does use EATS. > > Relax the rules for EATS sequencing, we don't need it to be exact because > the enclosing code will always disable ATS at the PCI device if we are > changing EATS. This ensures there are no ATS transactions that can race > with an EATS change so we don't need to carefully sequence these bits. > > Fixes: 1e8be08d1c91 ("iommu/arm-smmu-v3: Support IOMMU_DOMAIN_NESTED") > Cc: stable@vger.kernel.org > Signed-off-by: Jason Gunthorpe > Reviewed-by: Shuai Xue > Signed-off-by: Nicolin Chen > --- > drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c | 18 ++++++++++++++++++ > 1 file changed, 18 insertions(+) > > diff --git a/drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c b/drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c > index ccd6357fa5a8..58008fe94ab3 100644 > --- a/drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c > +++ b/drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c > @@ -1096,6 +1096,24 @@ void arm_smmu_get_ste_update_safe(const __le64 *cur, const __le64 *target, > * fault records even when MEV == 0. > */ > safe_bits[1] |= cpu_to_le64(STRTAB_STE_1_MEV); > + > + /* > + * When a STE comes to change EATS the sequencing code in the attach > + * logic already will have the PCI cap for ATS disabled. Thus at this > + * moment we can expect that the device will not generate ATS queries > + * and so we don't care about the sequencing of EATS. The purpose of > + * EATS is to protect the system from hostile untrusted devices that > + * issue ATS when the PCI config space is disabled. However, if EATS > + * is being changed then we already must be trusting the device since > + * the EATS security block is being disabled. > + * > + * Note: Since we moved the EATS update to the first phase, changing > + * S2S and EATS might transiently set S2S=1 and EATS=1, resulting in > + * a bad STE. See "5.2 Stream Table Entry". In such a case, we can't > + * do a hitless update. > + */ > + if (!((cur[2] | target[2]) & cpu_to_le64(STRTAB_STE_2_S2S))) > + safe_bits[1] |= cpu_to_le64(STRTAB_STE_1_EATS); I understand what we're trying to do here but isn't this implicitly saying it is safe to transition hitlessly to any non-zero EATS value, including S1CHK or RSVD. S1CHK might have other config dependencies? > } > EXPORT_SYMBOL_IF_KUNIT(arm_smmu_get_ste_update_safe); > Thanks, Praan