From: Wei Wang <wei.w.wang@hotmail.com>
To: bhelgaas@google.com, jgg@nvidia.com, jonathan.cameron@huawei.com,
dan.carpenter@linaro.org, akpm@linux-foundation.org,
bp@alien8.de, rdunlap@infradead.org, alex@shazbot.org,
kevin.tian@intel.com
Cc: linux-kernel@vger.kernel.org, linux-pci@vger.kernel.org
Subject: Re: [PATCH v6 0/6] PCI: Add support for ACS Enhanced Capability
Date: Thu, 12 Mar 2026 18:59:00 +0800 [thread overview]
Message-ID: <SI2PR01MB4393D3A8C4188838CC133284DC44A@SI2PR01MB4393.apcprd01.prod.exchangelabs.com> (raw)
In-Reply-To: <SEZPR01MB439931D7320F6C476D181C1EDC44A@SEZPR01MB4399.apcprd01.prod.exchangelabs.com>
On 3/12/26 5:06 PM, Wei Wang wrote:
> This patchset improves the core ACS implementation and adds support for
> the Access Control Services (ACS) Enhanced Capability, introduced with
> PCIe Gen 5.
>
> Improvements to the core ACS implementation include:
> - Validating ACS enable flags against device-specific capabilities rather
> than generic kernel masks. This ensures only supported features are
> enabled while safely ignoring attempts to disable unsupported bits.
>
> - Consolidating delimiter parsing into pci_dev_str_match() and returning
> -ENODEV when no further entries can be parsed. This removes duplicated
> logic in callers.
>
> - Refactoring ACS parameter handling by splitting the intertwined
> disable_acs_redir and config_acs param logic into dedicated functions.
> This improves maintainability and robustness while optimizing parsing
> with better validation and readability.
>
> - Updating the config_acs kernel parameter documentation to include an
> example of multi-device configuration with distinct settings and
> advising users to quote the parameter to avoid bootloader parsing
> issues with the semicolon separator.
>
> Support for the ACS Enhanced Capability is built on top of this improved
> implementation. This capability provides additional access control
> features that improve device isolation — particularly important in
> virtualization scenarios where devices are passed through to different
> virtual machines (VMs). Strong isolation is critical to ensure security
> between devices assigned to different VMs and the host.
>
> In Linux, device grouping assumes that devices in separate IOMMU groups
> are properly isolated. To uphold this assumption, the enhanced ACS
> controls are enabled by default on hardware that supports the PCI_ACS_ECAP
> capability. As with other basic ACS access controls, these new controls
> can be configured via the config_acs= boot parameter.
>
> Support for checking the enhanced ACS controls on Root and Downstream
> Ports has been added to pci_acs_enabled(). On devices that support
> PCI_ACS_ECAP, these controls must be properly enabled. To maintain
> compatibility with legacy devices that lack PCI_ACS_ECAP support,
> pci_acs_enabled() simply skips the check.
Forgot to add the changelog here..
v5->v6 changes:
- Patch 3: In pci_dev_str_match(), explicitly set `ret = 0` when no
matching string is found. This resolves a smatch warning that `ret`
returned from sscanf() may be 2 or 4 even though no matching string
is found later comparison.
v5 Link:
https://lore.kernel.org/all/SI2PR01MB439326AF08A79D1C5661C29BDC6CA@SI2PR01MB4393.apcprd01.prod.exchangelabs.com/
>
> v4->v5 changes:
> - Added significant refactoring of the core ACS implementation (Patches
> 1-4) to improve validation, safety, and readability;
> - For USP and DSP Memory Target Access Control, added masks and enum
> values for the encodings and explicitly rejected the reserved encoding
> (0b11);
> - In pci_acs_ecap_enabled(), removed the use of 'is_dsp' variable.
> v4 Link: https://lore.kernel.org/all/SI2PR01MB43932C799AE9111C7D2C319FDC65A@SI2PR01MB4393.apcprd01.prod.exchangelabs.com/
>
> v3->v4 changes:
> - In pci_acs_ecap_enabled(): Check the pcie type for
> PCI_EXP_TYPE_DOWNSTREAM explicitly.
> v3 Link: https://lore.kernel.org/all/SI2PR01MB439325B4E44D5A39F34A4015DC9AA@SI2PR01MB4393.apcprd01.prod.exchangelabs.com/
>
> v2->v3 changes:
> - Drop the warning when a device has no support for the enhanced
> capability.
> v2 Link: https://lore.kernel.org/all/SI2PR01MB4393B836EA4FEDD1823483BADC94A@SI2PR01MB4393.apcprd01.prod.exchangelabs.com/
>
> v1->v2 changes:
> - Enabled all enhanced ACS controls by default, rather than just Unclaimed
> Request Redirect (which addressed the primary issue we encountered).
> - Added checks for enhanced ACS controls on Root and Downstream Ports in
> pci_acs_enabled() to ensure proper enablement when grouping devices or
> enabling features such as IOMMU PASID.
> v1 Link: https://lore.kernel.org/all/SI2PR01MB43931A911357962A5E986FFEDC8CA@SI2PR01MB4393.apcprd01.prod.exchangelabs.com/
>
> Thanks to Jason Gunthorpe, Jonathan Cameron and Dan Carpenter for reviewing the patchset.
>
> Patches on github: https://github.com/wei-w-wang/linux/tree/v6-acs-enhanced-cap-and-refactor
>
> Wei Wang (6):
> PCI: Validate ACS enable flags against device-specific ACS
> capabilities
> Documentation/kernel-parameters: Add multi-device config_acs example
> PCI: Consolidate delimiter handling into pci_dev_str_match()
> PCI: Refactor disable_acs_redir and config_acs param handling
> PCI: Enable the enhanced ACS controls introduced by PCI_ACS_ECAP
> PCI: Add the enhanced ACS controls check to pci_acs_flags_enabled()
>
> .../admin-guide/kernel-parameters.txt | 32 +-
> drivers/pci/pci.c | 274 ++++++++++++------
> include/uapi/linux/pci_regs.h | 13 +
> 3 files changed, 224 insertions(+), 95 deletions(-)
>
>
> base-commit: 7109a2155340cc7b21f27e832ece6df03592f2e8
prev parent reply other threads:[~2026-03-12 10:59 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-03-12 9:06 Wei Wang
2026-03-12 9:06 ` [PATCH v6 1/6] PCI: Validate ACS enable flags against device-specific ACS capabilities Wei Wang
2026-03-30 13:09 ` Jason Gunthorpe
2026-03-12 9:06 ` [PATCH v6 2/6] Documentation/kernel-parameters: Add multi-device config_acs example Wei Wang
2026-03-30 13:10 ` Jason Gunthorpe
2026-03-12 9:06 ` [PATCH v6 3/6] PCI: Consolidate delimiter handling into pci_dev_str_match() Wei Wang
2026-03-30 13:11 ` Jason Gunthorpe
2026-05-04 5:31 ` Krzysztof Wilczyński
2026-05-07 13:33 ` Wei Wang
2026-03-12 9:06 ` [PATCH v6 4/6] PCI: Refactor disable_acs_redir and config_acs param handling Wei Wang
2026-03-12 9:06 ` [PATCH v6 5/6] PCI: Enable the enhanced ACS controls introduced by PCI_ACS_ECAP Wei Wang
2026-03-12 9:06 ` [PATCH v6 6/6] PCI: Add the enhanced ACS controls check to pci_acs_flags_enabled() Wei Wang
2026-03-30 13:21 ` Jason Gunthorpe
2026-03-12 10:59 ` Wei Wang [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=SI2PR01MB4393D3A8C4188838CC133284DC44A@SI2PR01MB4393.apcprd01.prod.exchangelabs.com \
--to=wei.w.wang@hotmail.com \
--cc=akpm@linux-foundation.org \
--cc=alex@shazbot.org \
--cc=bhelgaas@google.com \
--cc=bp@alien8.de \
--cc=dan.carpenter@linaro.org \
--cc=jgg@nvidia.com \
--cc=jonathan.cameron@huawei.com \
--cc=kevin.tian@intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-pci@vger.kernel.org \
--cc=rdunlap@infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox
Powered by JetHome