On Wed, Jan 14, 2026 at 12:15:57PM -0400, Jason Gunthorpe wrote:

On Wed, Jan 14, 2026 at 03:58:03PM +0000, Pranjal Shrivastava wrote:

quoted

quoted

+
+	/*
+	 * When a STE comes to change EATS the sequencing code in the attach
+	 * logic already will have the PCI cap for ATS disabled. Thus at this
+	 * moment we can expect that the device will not generate ATS queries
+	 * and so we don't care about the sequencing of EATS. The purpose of
+	 * EATS is to protect the system from hostile untrusted devices that
+	 * issue ATS when the PCI config space is disabled. However, if EATS
+	 * is being changed then we already must be trusting the device since
+	 * the EATS security block is being disabled.
+	 *
+	 *  Note: Since we moved the EATS update to the first phase, changing
+	 *  S2S and EATS might transiently set S2S=1 and EATS=1, resulting in
+	 *  a bad STE. See "5.2 Stream Table Entry". In such a case, we can't
+	 *  do a hitless update.
+	 */
+	if (!((cur[2] | target[2]) & cpu_to_le64(STRTAB_STE_2_S2S)))
+		safe_bits[1] |= cpu_to_le64(STRTAB_STE_1_EATS);

I understand what we're trying to do here but isn't this implicitly
saying it is safe to transition hitlessly to any non-zero EATS value,
including S1CHK or RSVD. S1CHK might have other config dependencies?

Will pointed this issue with S1CHK, Nicolin has a suggestion to fix it here:

https://lore.kernel.org/linux-iommu/aWarF90zBqxD0Gef@Asurada-Nvidia/ (local)

It would block RSVD too.

Ohh okay, sounds good then, my client dropped it somehow. I'll defer
this to Will.

Thanks,
Jason

Thanks,
Praan