On 8/5/2025 8:35 PM, Jason Gunthorpe wrote:
On Tue, Aug 05, 2025 at 11:43:29AM +0800, Ethan Zhao wrote:
On 8/2/2025 11:18 PM, Jason Gunthorpe wrote:
On Sat, Aug 02, 2025 at 09:45:08AM +0800, Ethan Zhao wrote:
On 7/9/2025 10:52 PM, Jason Gunthorpe wrote:
The series patches have extensive descriptions as to the problem and
solution, but in short the ACS flags are not analyzed according to the
spec to form the iommu_groups that VFIO is expecting for security.
ACS is an egress control only. For a path the ACS flags on each hop only
effect what other devices the TLP is allowed to reach. It does not prevent
other devices from reaching into this path.
Perhaps I was a little confused here, the egress control vector on the
Linux does not support egress control vector. Enabling that is a
different project and we would indeed need to introduce different
logic.
My understanding, iommu has no logic yet to handle the egress control
vector configuration case,
We don't support it at all. If some FW leaves it configured then it
will work at the PCI level but Linux has no awarness of what it is
doing.
Arguably Linux should disable it on boot, but we don't..
linux tool like setpci could access PCIe configuration raw data, so
does to the ACS control bits. that is boring.>
The static groups were created according to
FW DRDB tables,
?? iommu_groups have nothing to do with FW tables.
Sorry, typo, ACPI drhd table.
Thanks,
Ethan>
also not the case handled by notifiers for Hot-plug events
(BUS_NOTIFY_ADD_DEVICE etc).
This is handled.
Jason
