Re: [PATCH v6 08/12] PCI: liveupdate: Inherit ACS flags in incoming preserved devices

Next message: Mohammed EL Kadiri: "Re: [PATCH] keys: prevent slab cache merging for key_jar"
Previous message: Taniya Das: "[PATCH v6 7/7] arm64: dts: qcom: eliza: Add support for MM clock controllers"
In reply to: Jason Gunthorpe: "Re: [PATCH v6 08/12] PCI: liveupdate: Inherit ACS flags in incoming preserved devices"
Next in thread: Pranjal Shrivastava: "Re: [PATCH v6 08/12] PCI: liveupdate: Inherit ACS flags in incoming preserved devices"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Pranjal Shrivastava

Date: Tue Jun 09 2026 - 11:30:59 EST

On Mon, Jun 08, 2026 at 03:16:40PM -0300, Jason Gunthorpe wrote:
> On Mon, Jun 08, 2026 at 10:49:29AM +0000, Pranjal Shrivastava wrote:
>
> > My point was that a FW exploit can meddle with the bitfields of the
> > ACS_CTRL to spoof and mis-report the ACS flags.
>
> Devices can also ignore the ACS flags. I don't think this is an area
> where we should be worrying about devices being actively hostile.

I'm wondering what happens if we preserve IOMMU groups across a kexec,
but a switch's ACS capability is dropped or the ACS_RR bit gets cleared?
The incoming kernel assumes that it's the same ACS cap from the old one

Now, the incoming kernel restores the groups assuming they're still
isolated, but the hardware no longer enforces it, silently allowing DMAs
& breaking isolation?

Thanks,
Praan