Re: [PATCH RFCv1 3/3] iommu/arm-smmu-v3: Allow ATS to be always on

[Robin Murphy]

On 2026-01-27 1:10 pm, Will Deacon wrote:
> On Mon, Jan 26, 2026 at 03:09:35PM -0400, Jason Gunthorpe wrote:
> > On Mon, Jan 26, 2026 at 06:49:07PM +0000, Robin Murphy wrote:
> > > (assuming SSIDSIZE > 0 and it does anything at all - note that strictly we
> > > cannot assume this bypass trick is *always* possible, since an SMMU is
> > > permitted to support ATS without supporting SubStreams).
> >
> > Yes, I think Nicolin has captured those conditions in computing
> > it... We don't have a logic to disable bypass in that case though.
> >
> > > > So, I think a CD table pointer to a fully invalid L1 table of at least
> > > > size 1 should be OK?
> > > >
> > > > Or stated another way, why would ie be OK to have a 1 level table with
> > > > an non-valid CD table entry for SSID0 but not OK to have a 2 level
> > > > table that returns non-valid at the first walk?
> > >
> > > S1ContextPtr itself is reachable since S1 is enabled, so it cannot point to
> > > nonsense. But the S1DSS==Bypass behaviour does state:
> >
> > > "Note: Such a transaction does not fetch a CD, and therefore does not report
> > > F_CD_FETCH, C_BAD_CD or a stage 2 Translation-related fault with CLASS ==
> > > CD."
> >
> > Yes
> >
> > However, taken together:
> >   * S1CDMax is set to substream 0 only
> >   * S1DSS is set such that "does not fetch a CD" for SSID = 0
> >   * SSID >0 doesn't fetch CDs because of S1CDMax
> >
> > Then it seems to be saying that it will never use S1ContextPtr? ie it
> > is IGNORED?
>
> Right, I think the critical question is whether that setting of S1DSS
> (0b01) means that STE.S1ContextPtr is considered "invalid". The spec
> doesn't call this out explicitly but the "translation procedure charts"
> seem to indicate that it doesn't use the CD for anything...
>
> It would be good to get some clarification from Arm about this
> particular case.

No, STE.S1ContextPtr itself is "valid" since S1 is enabled. No CD fetch 
will occur for no-SubStreamID transactions that are bypassed by S1DSS, 
but the SMMU is permitted to attempt to speculatively fetch CDs for the 
enabled SubStreamID(s). Those fetches do not have to reach a valid CD if 
the SubStream is not actually in use, much like we don't have to fully 
populate a 2-level Stream table for StreamID ranges we don't care about 
either.

Don't confuse S1DSS==1 (bypass) with the S1DSS==2 behaviour we use in 
other cases - the latter is "Use CD 0 for no-SubstreamID traffic" which 
makes SubStreamID 0 invalid to use. However in the bypass case (and also 
S1DSS==0 where no-SubstreamID traffic is blocked entirely), SubStreamID 
0 remains perfectly valid and usable (we just still won't ever use it in 
Linux due to the middle case).

Thanks,
Robin.