Re: [PATCH v4 1/3] PCI: Allow ATS to be always on for CXL.cache capable devices

Next message: Qiuxu Zhuo: "[PATCH 0/2] EDAC: Add Intel Nova Lake-H SoC support"
Previous message: Bohdan Trach: "[PATCH 0/2] ext4: optimize ext4_mb_prefetch"
In reply to: Yi Liu: "Re: [PATCH v4 1/3] PCI: Allow ATS to be always on for CXL.cache capable devices"
Next in thread: Yi Liu: "Re: [PATCH v4 1/3] PCI: Allow ATS to be always on for CXL.cache capable devices"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Jason Gunthorpe

Date: Thu May 21 2026 - 09:19:31 EST

On Thu, May 21, 2026 at 03:31:46PM +0800, Yi Liu wrote:

> Does this hardware behavior satisfy the security expectation you have in
> mind? Or do you still require that both the DTE bit and the PCI ATS
> capability be explicitly disabled when a blocking domain is in effect?

If the HW rejects translated TLPs then you should be clearing the ATS
enable bit in the device config space prior to rejecting them

But it does seem secure enough as-is.

Jason