On Fri, Mar 01, 2019 at 11:20:17AM -0800, Douglas Anderson wrote: > If you're bisecting why your peripherals stopped working, it's > probably this CL. Specifically if you see this in your dmesg: > Unexpected global fault, this could be serious > ...then it's almost certainly this CL. > > Running your IOMMU-enabled peripherals with the IOMMU in bypass mode > is insecure and effectively disables the protection they provide. > There are few reasons to allow unmatched stream bypass, and even fewer > good ones. > > This patch starts the transition over to make it much harder to run > your system insecurely. Expected steps: > > 1. By default disable bypass (so anyone insecure will notice) but make > it easy for someone to re-enable bypass with just a KConfig change. > That's this patch. > > 2. After people have had a little time to come to grips with the fact > that they need to set their IOMMUs properly and have had time to > dig into how to do this, the KConfig will be eliminated and bypass > will simply be disabled. Folks who are truly upset and still > haven't fixed their system can either figure out how to add > 'arm-smmu.disable_bypass=n' to their command line or revert the > patch in their own private kernel. Of course these folks will be > less secure. > > Suggested-by: Robin Murphy <robin.murphy@xxxxxxx> > Signed-off-by: Douglas Anderson <dianders@xxxxxxxxxxxx> > --- > > Changes in v2: > - Flipped default to 'yes' and changed comments a lot. > > drivers/iommu/Kconfig | 25 +++++++++++++++++++++++++ > drivers/iommu/arm-smmu.c | 3 ++- > 2 files changed, 27 insertions(+), 1 deletion(-) Cheers, I'll pick this one up for 5.2. Will
