On Sat, Aug 02, 2025 at 09:45:08AM +0800, Ethan Zhao wrote: > > > On 7/9/2025 10:52 PM, Jason Gunthorpe wrote: > > The series patches have extensive descriptions as to the problem and > > solution, but in short the ACS flags are not analyzed according to the > > spec to form the iommu_groups that VFIO is expecting for security. > > > > ACS is an egress control only. For a path the ACS flags on each hop only > > effect what other devices the TLP is allowed to reach. It does not prevent > > other devices from reaching into this path. > Perhaps I was a little confused here, the egress control vector on the Linux does not support egress control vector. Enabling that is a different project and we would indeed need to introduce different logic. Jason
