On 5/19/2026 8:30 AM, Eric Auger wrote:
On 5/15/26 9:55 AM, Shameer Kolothum Thodi wrote:
-----Original Message-----
From: Nathan Chen<[email protected]>
Sent: 14 May 2026 21:07
To: Shameer Kolothum Thodi<[email protected]>; qemu-
[email protected];[email protected]
Cc: Eric Auger<[email protected]>; Peter Maydell
<[email protected]>; Philippe Mathieu-Daudé<[email protected]>;
Zhao Liu<[email protected]>; Matt Ochs<[email protected]>; Nicolin
Chen<[email protected]>
Subject: Re: [PATCH v3 2/7] hw/arm/smmuv3-accel: Implement "auto" value
for "ats"
[...]
object_class_property_set_description(klass, "oas",
"Specify Output Address Size (for accel=on). Supported values "
"are 44 or 48 bits. Defaults to 44 bits. oas=auto is not "
In smmuv3.c we have;
case SMMU_CMD_ATC_INV:
{
SMMUDevice *sdev = smmu_find_sdev(bs, CMD_SID(&cmd));
if (!sdev || !s->ats) {
trace_smmuv3_unhandled_cmd(type);
break;
}
if (!smmuv3_accel_issue_inv_cmd(s, &cmd, sdev, errp)) {
cmd_error = SMMU_CERROR_ILL;
break;
}
break;
}
The above !s->ats will be true for AUTO case, right? I think
we should change the above check with smmuv3_ats_enabled().
Also, since we modified the ats to OnOffAuto in the previous
series, I am not sure the above should be a fix patch or not.
I see, I will use smmuv3_ats_enabled() here to account for the AUTO
case. I am not sure if it should have the Fixes tag either but let's see
if we can get any guidance on that point.
The default ats with previous series is ON_OFF_AUTO_OFF(=2). So even
if ats is not visible to guest, a malicious guest issuing ats may end up
getting forwarded to host. So, I think we should fix it.
good catch. Effectively you may add a preamble commit fixing this in
this series with the corresponding Fixes tag. Even can be Stable to
apply on previous 11.0. version
Ok, I will add a preamble commit to fix this with the Stable ML CC'd on
the next refresh.
Thanks,
Nathan
