mirror of https://lore.kernel.org/lkml/
 help / color / mirror / Atom feed
From: Robin Murphy <robin.murphy@arm.com>
To: Jason Gunthorpe <jgg@nvidia.com>
Cc: Nicolin Chen <nicolinc@nvidia.com>,
	dan.j.williams@intel.com, "Tian, Kevin" <kevin.tian@intel.com>,
	Jonathan Cameron <jonathan.cameron@huawei.com>,
	"will@kernel.org" <will@kernel.org>,
	"bhelgaas@google.com" <bhelgaas@google.com>,
	"joro@8bytes.org" <joro@8bytes.org>,
	"praan@google.com" <praan@google.com>,
	"baolu.lu@linux.intel.com" <baolu.lu@linux.intel.com>,
	"miko.lenczewski@arm.com" <miko.lenczewski@arm.com>,
	"linux-arm-kernel@lists.infradead.org"
	<linux-arm-kernel@lists.infradead.org>,
	"iommu@lists.linux.dev" <iommu@lists.linux.dev>,
	"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
	"linux-pci@vger.kernel.org" <linux-pci@vger.kernel.org>,
	"linux-cxl@vger.kernel.org" <linux-cxl@vger.kernel.org>
Subject: Re: [PATCH RFCv1 1/3] PCI: Allow ATS to be always on for CXL.cache capable devices
Date: Wed, 4 Feb 2026 12:18:15 +0000	[thread overview]
Message-ID: <69b9a009-55bb-4330-b64a-99b20bd9abef@arm.com> (raw)
In-Reply-To: <20260203231607.GE3931454@nvidia.com>

On 2026-02-03 11:16 pm, Jason Gunthorpe wrote:
> On Tue, Feb 03, 2026 at 06:59:35PM +0000, Robin Murphy wrote:
>> Realistically this combination cannot exist bare-metal, since if the device
>> requires to send ATS TT's to access an RMR then the SMMU would have to be
>> enabled pre-boot, so then the RMR means we cannot ever disable it to
>> reconfigure, so we'd be stuffed from the start...
> 
> This thread has gotten mixed up..
> 
> First this series as it is has nothing to do with RMRs.

I know, but you brought up require_direct so I figured it was worth 
clarifying that should not in fact impact ATS decisions, since the 
combination a device requiring ATS while *also* requiring an RMR would 
be essentially impossible to support given the SMMU architecture, thus 
we can reasonably assume nobody will do such a thing (or at least do it 
with any expectation of it ever working).

> What the latter part is discussing is a future series to implement
> what I think MS calls "boot DMA security". Meaning we don't get into a
> position of allowing a device access to OS memory, even through ATS
> translated requests, until after userspace has approved the device.

Pre-boot protection is in the same boat, as things currently stand - an 
OS could either preserve security (by using GBPA to keep traffic blocked 
while reconfiguring the rest of the SMMU), *or* have ongoing DMA for a 
splash screen or whatever; it cannot realistically have both.

> This is something that should combine with Dynamic Root of Trust for
> Measurement, as DRTM is much less useful if DMA can mutate the OS code
> after the DTRM returns.
> 
> It is also meaningful for systems with encrypted PCI where the OS can
> measure the PCI device before permitting it access to anything.
> 
> So... When we do implement this new security mode, what should it do
> if FW attempts to attack the kernel with these nonsensical RMR
> configurations? With DRTM we explicitly don't trust the FW for
> security anymore, so it is a problem.
> 
> I strongly suspect the answer is that RMR has to be ignored in this
> more secure mode.

Yes, I think the only valid case for having an RMR and expecting it to 
work in combination with these other things is if the device has some 
firmware or preloaded configuration in memory which it will still need 
to access at that address once an OS driver starts using it, but does 
not need to access *during* the boot-time handover. Thus it seems fair 
to still honour the reserved regions upon attaching to a default domain, 
but not worry too much about being in a transient blocking state in the 
interim if it's unavoidable for other reasons (at worst maybe just log a 
warning that we're doing so).

>> However I think there would be no point exposing the ATS details to
>> the VM to begin with. It's the host's decision to trust the device
>> to play in the translated PA space and system cache coherency
>> protocol, and no guest would be allowed to mess with those aspects
>> either way, so there seems no obvious good reason for them to know
>> at all.
> 
> If the vSMMU is presented then the guest must be aware of the ATS
> because only the guest can generate the ATC invalidations for changes
> in the S1.

Only if you assume DVM or some other mechanism for the guest to issue S1 
invalidations directly to the hardware - with an emulated CMDQ we can do 
whatever we like.

And in fact, I think we actually *have* to if the host has enabled ATS 
itself, since we cannot assume that a guest is going to choose to use 
it, thus we cannot rely on the guest issuing ATCIs in order to get the 
correct behaviour it expects unless and until we've seen it set EATS 
appropriately in all the corresponding vSTEs. So we would have to forbid 
DVM, and only allow other direct mechanisms that can be dynamically 
enabled for as long as the guest configuration matches... Fun.

Thanks,
Robin.

  reply	other threads:[~2026-02-04 12:18 UTC|newest]

Thread overview: 60+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-01-17  4:56 [PATCH RFCv1 0/3] Allow ATS to be always on for certain ATS-capable devices Nicolin Chen
2026-01-17  4:56 ` [PATCH RFCv1 1/3] PCI: Allow ATS to be always on for CXL.cache capable devices Nicolin Chen
2026-01-19 17:58   ` Jason Gunthorpe
2026-01-21  8:01   ` Tian, Kevin
2026-01-21 10:03     ` Jonathan Cameron
2026-01-21 13:03       ` Jason Gunthorpe
2026-01-22  1:17         ` Baolu Lu
2026-01-22 13:15           ` Jason Gunthorpe
2026-01-22  5:44         ` dan.j.williams
2026-01-22 13:14           ` Jason Gunthorpe
2026-01-22 16:29             ` Nicolin Chen
2026-01-22 16:58               ` Jason Gunthorpe
2026-01-22 19:46             ` dan.j.williams
2026-01-27  8:10               ` Tian, Kevin
2026-01-27 15:04                 ` Jason Gunthorpe
2026-01-28  0:49                   ` dan.j.williams
2026-01-28 13:05                     ` Jason Gunthorpe
2026-02-03  5:13                       ` Nicolin Chen
2026-02-03 14:33                         ` Jason Gunthorpe
2026-02-03 17:45                           ` Nicolin Chen
2026-02-03 17:55                             ` Jason Gunthorpe
2026-02-03 18:50                               ` Nicolin Chen
2026-02-04 13:21                                 ` Jason Gunthorpe
2026-02-03 18:59                               ` Robin Murphy
2026-02-03 19:24                                 ` Nicolin Chen
2026-02-03 23:16                                 ` Jason Gunthorpe
2026-02-04 12:18                                   ` Robin Murphy [this message]
2026-02-04 13:20                                     ` Jason Gunthorpe
2026-02-18 22:56                               ` Nicolin Chen
2026-02-19 14:37                                 ` Jason Gunthorpe
2026-02-19 16:53                                   ` Nicolin Chen
2026-02-19 17:41                                     ` Jason Gunthorpe
2026-02-20  4:52                                       ` Nicolin Chen
2026-02-20 12:50                                         ` Jason Gunthorpe
2026-02-20 13:22                                           ` Robin Murphy
2026-02-20 13:51                                             ` Jason Gunthorpe
2026-02-20 14:45                                               ` Robin Murphy
2026-02-26 15:10                                                 ` Jason Gunthorpe
2026-02-20 18:49                                           ` Nicolin Chen
2026-02-24 14:38                                             ` Jason Gunthorpe
2026-01-28  0:57                   ` Tian, Kevin
2026-01-28 13:11                     ` Jason Gunthorpe
2026-01-29  3:28                       ` Tian, Kevin
2026-01-22 10:24         ` Alejandro Lucero Palau
2026-01-17  4:56 ` [PATCH RFCv1 2/3] PCI: Allow ATS to be always on for non-CXL NVIDIA GPUs Nicolin Chen
2026-01-19 18:00   ` Jason Gunthorpe
2026-01-19 18:09     ` Nicolin Chen
2026-01-17  4:56 ` [PATCH RFCv1 3/3] iommu/arm-smmu-v3: Allow ATS to be always on Nicolin Chen
2026-01-19 20:06   ` Jason Gunthorpe
2026-01-26 12:39   ` Will Deacon
2026-01-26 17:20     ` Jason Gunthorpe
2026-01-26 18:40       ` Nicolin Chen
2026-01-26 19:16         ` Jason Gunthorpe
2026-01-26 18:49       ` Robin Murphy
2026-01-26 19:09         ` Jason Gunthorpe
2026-01-27 13:10           ` Will Deacon
2026-01-27 13:26             ` Robin Murphy
2026-01-27 13:50               ` Will Deacon
2026-01-27 14:49                 ` Jason Gunthorpe
2026-01-26 18:21     ` Nicolin Chen

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=69b9a009-55bb-4330-b64a-99b20bd9abef@arm.com \
    --to=robin.murphy@arm.com \
    --cc=baolu.lu@linux.intel.com \
    --cc=bhelgaas@google.com \
    --cc=dan.j.williams@intel.com \
    --cc=iommu@lists.linux.dev \
    --cc=jgg@nvidia.com \
    --cc=jonathan.cameron@huawei.com \
    --cc=joro@8bytes.org \
    --cc=kevin.tian@intel.com \
    --cc=linux-arm-kernel@lists.infradead.org \
    --cc=linux-cxl@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-pci@vger.kernel.org \
    --cc=miko.lenczewski@arm.com \
    --cc=nicolinc@nvidia.com \
    --cc=praan@google.com \
    --cc=will@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox