[PATCH rc v6 3/4] iommu/arm-smmu-v3: Mark STE EATS safe when computing the update sequence
Jason Gunthorpe
jgg at nvidia.com
Wed Jan 14 08:15:57 PST 2026
On Wed, Jan 14, 2026 at 03:58:03PM +0000, Pranjal Shrivastava wrote:
> > +
> > + /*
> > + * When a STE comes to change EATS the sequencing code in the attach
> > + * logic already will have the PCI cap for ATS disabled. Thus at this
> > + * moment we can expect that the device will not generate ATS queries
> > + * and so we don't care about the sequencing of EATS. The purpose of
> > + * EATS is to protect the system from hostile untrusted devices that
> > + * issue ATS when the PCI config space is disabled. However, if EATS
> > + * is being changed then we already must be trusting the device since
> > + * the EATS security block is being disabled.
> > + *
> > + * Note: Since we moved the EATS update to the first phase, changing
> > + * S2S and EATS might transiently set S2S=1 and EATS=1, resulting in
> > + * a bad STE. See "5.2 Stream Table Entry". In such a case, we can't
> > + * do a hitless update.
> > + */
> > + if (!((cur[2] | target[2]) & cpu_to_le64(STRTAB_STE_2_S2S)))
> > + safe_bits[1] |= cpu_to_le64(STRTAB_STE_1_EATS);
>
> I understand what we're trying to do here but isn't this implicitly
> saying it is safe to transition hitlessly to any non-zero EATS value,
> including S1CHK or RSVD. S1CHK might have other config dependencies?
Will pointed this issue with S1CHK, Nicolin has a suggestion to fix it here:
https://lore.kernel.org/linux-iommu/aWarF90zBqxD0Gef@Asurada-Nvidia/
It would block RSVD too.
Thanks,
Jason
More information about the linux-arm-kernel
mailing list