Re: [PATCH v3 3/4] PCI: Disable ACS SV capability for the broken IDT switches

Next message: Alice Ryhl: "Re: [PATCH 2/5] devres: export devres_node_init() and devres_node_add()"
Previous message: Greg Kroah-Hartman: "Re: [PATCH] revocable: hide the implementation details from users"
In reply to: Jason Gunthorpe: "Re: [PATCH v3 3/4] PCI: Disable ACS SV capability for the broken IDT switches"
Next in thread: Jason Gunthorpe: "Re: [PATCH v3 3/4] PCI: Disable ACS SV capability for the broken IDT switches"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Bjorn Helgaas

Date: Fri Feb 06 2026 - 10:09:13 EST

On Fri, Feb 06, 2026 at 10:52:54AM -0400, Jason Gunthorpe wrote:
> On Fri, Feb 06, 2026 at 08:46:51AM -0600, Bjorn Helgaas wrote:
>
> > IIUC the current situation is that for these IDT switches, ACS SV is
> > enabled when downstream devices are passed through to guests, but
> > after these patches, it will no longer be enabled.
>
> ACS SV is enabled at boot time if an IOMMU driver is present
> regardless if guests or virtualization is in use.
>
> Linux doesn't change ACS flags dynamically.

Right, it's just that this series effectively un-advertises ACS SV for
the IDE switches so it will never be enabled for them, whereas today,
I think we *do* enable ACS SV for them (but temporarily disable it
during enumeration).

> > So my question is whether users are giving up some isolation. If so,
> > should we even allow devices to be passed through to guests? If we do
> > allow that, do users have any indication that they're not getting what
> > they expect?
>
> iommu_groups will correctly describe the system limitations with the
> ACS quirk path and so all of the above concerns are taken care
> of. Robin is saying the Juno SMMU forces a large iommu_group covering
> the switch anyhow today, so at least that platform is not affected.

I guess REQ_ACS_FLAGS is what iommu_groups looks for? I looked for
such a thing earlier but must have missed it. Thanks!