| Message ID | 20191002183747.5699-1-dann.frazier@canonical.com |
|---|---|
| State | New |
| Headers | show |
| Series | [Eoan] UBUNTU: [Config] Disable CONFIG_ARM_SMMU_DISABLE_BYPASS_BY_DEFAULT | expand |
On Wed, Oct 02, 2019 at 12:37:47PM -0600, dann frazier wrote: > BugLink: https://bugs.launchpad.net/bugs/1845820 > > Avoid a regression on ThunderX - and likely other systems - that > causes peripherals to break due to a misconfigured IOMMU. This disables > a temporary config option provided by upstream to intentionally break > systems that require the less secure passthrough mode. It's too late > in the cycle to fix ThunderX properly and, since this is a new config > in this Ubuntu release, disabling it does not introduce a security > regression from previous releases. > > As per commit 954a03be ("iommu/arm-smmu: Break insecure users by disabling > bypass by default"), this config will eventually be removed upstream, so > Ubuntu will drop this workaround via a normal rebase, if not before. > > Signed-off-by: dann frazier <dann.frazier@canonical.com> Acked-by: Seth Forshee <seth.forshee@canonical.com>
On Wed, Oct 02, 2019 at 12:37:47PM -0600, dann frazier wrote: > BugLink: https://bugs.launchpad.net/bugs/1845820 > > Avoid a regression on ThunderX - and likely other systems - that > causes peripherals to break due to a misconfigured IOMMU. This disables > a temporary config option provided by upstream to intentionally break > systems that require the less secure passthrough mode. It's too late > in the cycle to fix ThunderX properly and, since this is a new config > in this Ubuntu release, disabling it does not introduce a security > regression from previous releases. > > As per commit 954a03be ("iommu/arm-smmu: Break insecure users by disabling > bypass by default"), this config will eventually be removed upstream, so > Ubuntu will drop this workaround via a normal rebase, if not before. > > Signed-off-by: dann frazier <dann.frazier@canonical.com> Acked-by: Paolo Pisati <paolo.pisati@canonical.com>
On Wed, Oct 02, 2019 at 12:37:47PM -0600, dann frazier wrote: > BugLink: https://bugs.launchpad.net/bugs/1845820 > > Avoid a regression on ThunderX - and likely other systems - that > causes peripherals to break due to a misconfigured IOMMU. This disables > a temporary config option provided by upstream to intentionally break > systems that require the less secure passthrough mode. It's too late > in the cycle to fix ThunderX properly and, since this is a new config > in this Ubuntu release, disabling it does not introduce a security > regression from previous releases. > > As per commit 954a03be ("iommu/arm-smmu: Break insecure users by disabling > bypass by default"), this config will eventually be removed upstream, so > Ubuntu will drop this workaround via a normal rebase, if not before. > > Signed-off-by: dann frazier <dann.frazier@canonical.com> Applied to eoan/master-next, thanks!
diff --git a/debian.master/config/annotations b/debian.master/config/annotations index 8bd038956f6c7..e50c72706aa1d 100644 --- a/debian.master/config/annotations +++ b/debian.master/config/annotations @@ -2751,7 +2751,7 @@ CONFIG_EXYNOS_IOMMU_DEBUG policy<{'armhf': 'n'}> CONFIG_IPMMU_VMSA policy<{'arm64': 'n', 'armhf': 'y'}> CONFIG_SPAPR_TCE_IOMMU policy<{'ppc64el': 'y'}> CONFIG_ARM_SMMU policy<{'arm64': 'y', 'armhf': 'n'}> -CONFIG_ARM_SMMU_DISABLE_BYPASS_BY_DEFAULT policy<{'arm64': 'y'}> +CONFIG_ARM_SMMU_DISABLE_BYPASS_BY_DEFAULT policy<{'arm64': 'n'}> CONFIG_ARM_SMMU_V3 policy<{'arm64': 'y'}> CONFIG_S390_CCW_IOMMU policy<{'s390x': 'y'}> CONFIG_S390_AP_IOMMU policy<{'s390x': 'y'}> @@ -2762,6 +2762,7 @@ CONFIG_HYPERV_IOMMU policy<{'amd64': 'y', 'i386': 'y CONFIG_VIRTIO_IOMMU policy<{'arm64': 'y'}> # CONFIG_IPMMU_VMSA note<LP:1718734> +CONFIG_ARM_SMMU_DISABLE_BYPASS_BY_DEFAULT mark<ENFORCED> note<LP:1845820> # Menu: Device Drivers >> IOMMU Hardware Support >> Generic IOMMU Pagetable Support CONFIG_IOMMU_IO_PGTABLE_LPAE policy<{'arm64': 'y', 'armhf': 'y'}> diff --git a/debian.master/config/config.common.ubuntu b/debian.master/config/config.common.ubuntu index 4a2b79175b968..613da87112c72 100644 --- a/debian.master/config/config.common.ubuntu +++ b/debian.master/config/config.common.ubuntu @@ -735,7 +735,7 @@ CONFIG_ARM_SCPI_CPUFREQ=m CONFIG_ARM_SCPI_POWER_DOMAIN=m CONFIG_ARM_SCPI_PROTOCOL=m CONFIG_ARM_SDE_INTERFACE=y -CONFIG_ARM_SMMU_DISABLE_BYPASS_BY_DEFAULT=y +CONFIG_ARM_SMMU_DISABLE_BYPASS_BY_DEFAULT=n CONFIG_ARM_SMMU_V3=y CONFIG_ARM_SMMU_V3_PMU=m CONFIG_ARM_SP805_WATCHDOG=m
BugLink: https://bugs.launchpad.net/bugs/1845820 Avoid a regression on ThunderX - and likely other systems - that causes peripherals to break due to a misconfigured IOMMU. This disables a temporary config option provided by upstream to intentionally break systems that require the less secure passthrough mode. It's too late in the cycle to fix ThunderX properly and, since this is a new config in this Ubuntu release, disabling it does not introduce a security regression from previous releases. As per commit 954a03be ("iommu/arm-smmu: Break insecure users by disabling bypass by default"), this config will eventually be removed upstream, so Ubuntu will drop this workaround via a normal rebase, if not before. Signed-off-by: dann frazier <dann.frazier@canonical.com> --- debian.master/config/annotations | 3 ++- debian.master/config/config.common.ubuntu | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-)