[PATCH v4 1/3] PCI: Allow ATS to be always on for CXL.cache capable devices

[Jason Gunthorpe]

On Thu, May 21, 2026 at 03:31:46PM +0800, Yi Liu wrote:

> Does this hardware behavior satisfy the security expectation you have in
> mind? Or do you still require that both the DTE bit and the PCI ATS
> capability be explicitly disabled when a blocking domain is in effect?

If the HW rejects translated TLPs then you should be clearing the ATS
enable bit in the device config space prior to rejecting them

But it does seem secure enough as-is.

Jason