Re: [PATCH RFCv1 1/3] PCI: Allow ATS to be always on for CXL.cache capable devices

[Jason Gunthorpe]

On Thu, Feb 19, 2026 at 08:52:56PM -0800, Nicolin Chen wrote:
> > What is missing is to bring back the IDENTITY performance optimization
> > in a secure way.
> 
> I might have got it wrong (from the last part below).
> https://lore.kernel.org/linux-iommu/20260127150440.GF1134360@xxxxxxxxxx/.
> 
> You mean to disable ATS on IDENTITY domains? 

The objective of this security step is to keep ATS blocked and
IDENTITY domains disabled until the userspace has "accepted" the
device by binding a driver to it.

The off the cuff suggestion was to just park the device BLOCKED until
a driver is bound. This disables ATS and blocks translation.

That doesn't work on ARM because of the MSI issue.

The next suggestion is to park the device in a real DMA domain with an
actual page table and DMA API hooked up. Now interrupts will work and
the domain is empty so there is no translation. The issue here is the
domain doesn't block ATS. We could fix this with some "disable ATS"
domain flag.

In either case when the driver is bound and requests that the DMA API
start working if the user requested IDENTITY then it has to be
switched away from the parked domain to IDENTITY.

A final thought would be to change around the driver managed DMA
mechanism a bit to allow drivers to indicate they use IRQs but not
DMA, then the bind step could switch from a BLOCKED domain to an empty
DMA API domain to allow MSI to work.

Jason