On Wed, Apr 24, 2019 at 12:52:31PM +0100, Will Deacon wrote: > On Wed, Apr 24, 2019 at 01:36:58PM +0200, Marc Gonzalez wrote: > > On 04/04/2019 17:00, Will Deacon wrote: > > > > > On Fri, Mar 01, 2019 at 11:20:17AM -0800, Douglas Anderson wrote: > > > > > >> If you're bisecting why your peripherals stopped working, it's > > >> probably this CL. Specifically if you see this in your dmesg: > > >> Unexpected global fault, this could be serious > > >> ...then it's almost certainly this CL. > > >> > > >> Running your IOMMU-enabled peripherals with the IOMMU in bypass mode > > >> is insecure and effectively disables the protection they provide. > > >> There are few reasons to allow unmatched stream bypass, and even fewer > > >> good ones. > > >> > > >> This patch starts the transition over to make it much harder to run > > >> your system insecurely. Expected steps: > > >> > > >> 1. By default disable bypass (so anyone insecure will notice) but make > > >> it easy for someone to re-enable bypass with just a KConfig change. > > >> That's this patch. > > >> > > >> 2. After people have had a little time to come to grips with the fact > > >> that they need to set their IOMMUs properly and have had time to > > >> dig into how to do this, the KConfig will be eliminated and bypass > > >> will simply be disabled. Folks who are truly upset and still > > >> haven't fixed their system can either figure out how to add > > >> 'arm-smmu.disable_bypass=n' to their command line or revert the > > >> patch in their own private kernel. Of course these folks will be > > >> less secure. > > >> > > >> Suggested-by: Robin Murphy <robin.murphy@xxxxxxx> > > >> Signed-off-by: Douglas Anderson <dianders@xxxxxxxxxxxx> > > >> --- > > >> > > >> Changes in v2: > > >> - Flipped default to 'yes' and changed comments a lot. > > >> > > >> drivers/iommu/Kconfig | 25 +++++++++++++++++++++++++ > > >> drivers/iommu/arm-smmu.c | 3 ++- > > >> 2 files changed, 27 insertions(+), 1 deletion(-) > > > > > > Cheers, I'll pick this one up for 5.2. > > > > Hello Will, > > > > You haven't pushed this patch out to linux-next AFAICT. > > > > Is that expected? > > It's on my branch for Joerg: > > https://git.kernel.org/pub/scm/linux/kernel/git/will/linux.git/log/?h=for-joerg/arm-smmu/updates > > which I'll send to him today. My SMMU stuff doesn't go directly into -next. This made it to linux-next yesterday (less than a week before the merge window opens) and deliberately breaks existing configurations. That's a little rude. At least give people a fair heads-up and a chance to fix things before you start break things. Thierry
Attachment:
signature.asc
Description: PGP signature