[PATCH RFCv1 1/3] PCI: Allow ATS to be always on for CXL.cache capable devices
Tian, Kevin
kevin.tian at intel.com
Wed Jan 28 19:28:03 PST 2026
> From: Jason Gunthorpe <jgg at nvidia.com>
> Sent: Wednesday, January 28, 2026 9:12 PM
>
> On Wed, Jan 28, 2026 at 12:57:59AM +0000, Tian, Kevin wrote:
> > > > - Intel: ATS is enabled when a device is probed by intel-iommu driver
> > > > (incompatible with the suggested flow)
> > >
> > > This is definately not a good choice :)
> > >
> > > IMHO it is security required that the IOMMU driver block Translated
> > > requests while a BLOCKED domain is attached, and while the IOMMU is
> > > refusing ATS then device's ATS enable should be disabled.
> >
> > It was made that way by commit 5518f239aff1 ("iommu/vt-d: Move
> > scalable mode ATS enablement to probe path "). The old policy was
> > same as AMD side, and changed to current way so domain change
> > in RID won't affect the ATS requirement for PASIDs.
>
> That's a legimiate thing, but always on is a heavy handed solution.
yes. at that point the rationale was made purely based on functionality
instead of security.
>
> The driver should track what is going on with the PASID and enable ATS
> if required.
>
> Which also solves this:
>
> > there is one scenario, e.g. VFIO allows domains attached to RID and
> > PASIDs being changed independently. It's a sane situation to have
> > userspace change RID domain via attach/detach/re-attach, while
> > PASID domains are still active. 'detach' will attach RID to a BLOCKED
> > domain, then disabling ATS in that window may break PASIDs.
>
> > How does ARM address this scenario? Is it more suitable to have
> > a new interface specific for driver bind/unbind to enable/disable
> > ATS instead of toggling it based on BLOCKED?
>
> And is what SMMUv3 is doing already. With an IDENTITY translation on
> the RID it starts out with ATS disabled and switches to IDENTITY with
> ATS enabled when the first PASID appears. Switches back when the PASID
> goes away.
>
yes, that should work. In that way the driver binding flow is covered
automatically.
More information about the linux-arm-kernel
mailing list