RE: [PATCH v4 1/3] PCI: Allow ATS to be always on for CXL.cache capable devices

Next message: Xiaoyao Li: "Re: [PATCH 01/15] x86/virt/tdx: Read global metadata for TDX Module Extensions"
Previous message: Tian, Kevin: "RE: [PATCH rc v2 4/4] iommufd/selftest: Add boundary tests for veventq_depth"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Tian, Kevin

Date: Mon May 25 2026 - 02:59:09 EST

> From: Jason Gunthorpe <jgg@xxxxxxxxxx>
> Sent: Thursday, May 21, 2026 9:06 PM
>
> On Thu, May 21, 2026 at 03:31:46PM +0800, Yi Liu wrote:
>
> > Does this hardware behavior satisfy the security expectation you have in
> > mind? Or do you still require that both the DTE bit and the PCI ATS
> > capability be explicitly disabled when a blocking domain is in effect?
>
> If the HW rejects translated TLPs then you should be clearing the ATS
> enable bit in the device config space prior to rejecting them
>
> But it does seem secure enough as-is.
>

yeah we need disable ATS explicitly instead of relying on some implicit
behavior...