Re: [PATCH v3 3/4] PCI: Disable ACS SV capability for the broken IDT switches

Next message: Huacai Chen: "[GIT PULL] LoongArch KVM changes for v6.20"
Previous message: duoming: "Re: [PATCH net v2] atm: fore200e: fix use-after-free in tasklets during device removal"
In reply to: Bjorn Helgaas: "Re: [PATCH v3 3/4] PCI: Disable ACS SV capability for the broken IDT switches"
Next in thread: Bjorn Helgaas: "Re: [PATCH v3 3/4] PCI: Disable ACS SV capability for the broken IDT switches"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Jason Gunthorpe

Date: Fri Feb 06 2026 - 09:57:54 EST

On Fri, Feb 06, 2026 at 08:46:51AM -0600, Bjorn Helgaas wrote:

> IIUC the current situation is that for these IDT switches, ACS SV is
> enabled when downstream devices are passed through to guests, but
> after these patches, it will no longer be enabled.

ACS SV is enabled at boot time if an IOMMU driver is present
regardless if guests or virtualization is in use.

Linux doesn't change ACS flags dynamically.

> So my question is whether users are giving up some isolation. If so,
> should we even allow devices to be passed through to guests? If we do
> allow that, do users have any indication that they're not getting what
> they expect?

iommu_groups will correctly describe the system limitations with the
ACS quirk path and so all of the above concerns are taken care
of. Robin is saying the Juno SMMU forces a large iommu_group covering
the switch anyhow today, so at least that platform is not affected.

Jason