[Eoan] UBUNTU: [Config] Disable CONFIG_ARM_SMMU_DISABLE_BYPASS_BY_DEFAULT
diff mbox series

Message ID 20191002183747.5699-1-dann.frazier@canonical.com
State New
Headers show
Series
  • [Eoan] UBUNTU: [Config] Disable CONFIG_ARM_SMMU_DISABLE_BYPASS_BY_DEFAULT
Related show

Commit Message

dann frazier Oct. 2, 2019, 6:37 p.m. UTC
BugLink: https://bugs.launchpad.net/bugs/1845820

Avoid a regression on ThunderX - and likely other systems - that
causes peripherals to break due to a misconfigured IOMMU. This disables
a temporary config option provided by upstream to intentionally break
systems that require the less secure passthrough mode. It's too late
in the cycle to fix ThunderX properly and, since this is a new config
in this Ubuntu release, disabling it does not introduce a security
regression from previous releases.

As per commit 954a03be ("iommu/arm-smmu: Break insecure users by disabling
bypass by default"), this config will eventually be removed upstream, so
Ubuntu will drop this workaround via a normal rebase, if not before.

Signed-off-by: dann frazier <dann.frazier@canonical.com>
---
 debian.master/config/annotations          | 3 ++-
 debian.master/config/config.common.ubuntu | 2 +-
 2 files changed, 3 insertions(+), 2 deletions(-)

Comments

Seth Forshee Oct. 2, 2019, 8:52 p.m. UTC | #1
On Wed, Oct 02, 2019 at 12:37:47PM -0600, dann frazier wrote:
> BugLink: https://bugs.launchpad.net/bugs/1845820
> 
> Avoid a regression on ThunderX - and likely other systems - that
> causes peripherals to break due to a misconfigured IOMMU. This disables
> a temporary config option provided by upstream to intentionally break
> systems that require the less secure passthrough mode. It's too late
> in the cycle to fix ThunderX properly and, since this is a new config
> in this Ubuntu release, disabling it does not introduce a security
> regression from previous releases.
> 
> As per commit 954a03be ("iommu/arm-smmu: Break insecure users by disabling
> bypass by default"), this config will eventually be removed upstream, so
> Ubuntu will drop this workaround via a normal rebase, if not before.
> 
> Signed-off-by: dann frazier <dann.frazier@canonical.com>

Acked-by: Seth Forshee <seth.forshee@canonical.com>
Paolo Pisati Oct. 3, 2019, 7:56 a.m. UTC | #2
On Wed, Oct 02, 2019 at 12:37:47PM -0600, dann frazier wrote:
> BugLink: https://bugs.launchpad.net/bugs/1845820
> 
> Avoid a regression on ThunderX - and likely other systems - that
> causes peripherals to break due to a misconfigured IOMMU. This disables
> a temporary config option provided by upstream to intentionally break
> systems that require the less secure passthrough mode. It's too late
> in the cycle to fix ThunderX properly and, since this is a new config
> in this Ubuntu release, disabling it does not introduce a security
> regression from previous releases.
> 
> As per commit 954a03be ("iommu/arm-smmu: Break insecure users by disabling
> bypass by default"), this config will eventually be removed upstream, so
> Ubuntu will drop this workaround via a normal rebase, if not before.
> 
> Signed-off-by: dann frazier <dann.frazier@canonical.com>

Acked-by: Paolo Pisati <paolo.pisati@canonical.com>
Seth Forshee Oct. 3, 2019, 3:14 p.m. UTC | #3
On Wed, Oct 02, 2019 at 12:37:47PM -0600, dann frazier wrote:
> BugLink: https://bugs.launchpad.net/bugs/1845820
> 
> Avoid a regression on ThunderX - and likely other systems - that
> causes peripherals to break due to a misconfigured IOMMU. This disables
> a temporary config option provided by upstream to intentionally break
> systems that require the less secure passthrough mode. It's too late
> in the cycle to fix ThunderX properly and, since this is a new config
> in this Ubuntu release, disabling it does not introduce a security
> regression from previous releases.
> 
> As per commit 954a03be ("iommu/arm-smmu: Break insecure users by disabling
> bypass by default"), this config will eventually be removed upstream, so
> Ubuntu will drop this workaround via a normal rebase, if not before.
> 
> Signed-off-by: dann frazier <dann.frazier@canonical.com>

Applied to eoan/master-next, thanks!

Patch
diff mbox series

diff --git a/debian.master/config/annotations b/debian.master/config/annotations
index 8bd038956f6c7..e50c72706aa1d 100644
--- a/debian.master/config/annotations
+++ b/debian.master/config/annotations
@@ -2751,7 +2751,7 @@  CONFIG_EXYNOS_IOMMU_DEBUG                       policy<{'armhf': 'n'}>
 CONFIG_IPMMU_VMSA                               policy<{'arm64': 'n', 'armhf': 'y'}>
 CONFIG_SPAPR_TCE_IOMMU                          policy<{'ppc64el': 'y'}>
 CONFIG_ARM_SMMU                                 policy<{'arm64': 'y', 'armhf': 'n'}>
-CONFIG_ARM_SMMU_DISABLE_BYPASS_BY_DEFAULT       policy<{'arm64': 'y'}>
+CONFIG_ARM_SMMU_DISABLE_BYPASS_BY_DEFAULT       policy<{'arm64': 'n'}>
 CONFIG_ARM_SMMU_V3                              policy<{'arm64': 'y'}>
 CONFIG_S390_CCW_IOMMU                           policy<{'s390x': 'y'}>
 CONFIG_S390_AP_IOMMU                            policy<{'s390x': 'y'}>
@@ -2762,6 +2762,7 @@  CONFIG_HYPERV_IOMMU                             policy<{'amd64': 'y', 'i386': 'y
 CONFIG_VIRTIO_IOMMU                             policy<{'arm64': 'y'}>
 #
 CONFIG_IPMMU_VMSA				note<LP:1718734>
+CONFIG_ARM_SMMU_DISABLE_BYPASS_BY_DEFAULT       mark<ENFORCED> note<LP:1845820>
 
 # Menu: Device Drivers >> IOMMU Hardware Support >> Generic IOMMU Pagetable Support
 CONFIG_IOMMU_IO_PGTABLE_LPAE                    policy<{'arm64': 'y', 'armhf': 'y'}>
diff --git a/debian.master/config/config.common.ubuntu b/debian.master/config/config.common.ubuntu
index 4a2b79175b968..613da87112c72 100644
--- a/debian.master/config/config.common.ubuntu
+++ b/debian.master/config/config.common.ubuntu
@@ -735,7 +735,7 @@  CONFIG_ARM_SCPI_CPUFREQ=m
 CONFIG_ARM_SCPI_POWER_DOMAIN=m
 CONFIG_ARM_SCPI_PROTOCOL=m
 CONFIG_ARM_SDE_INTERFACE=y
-CONFIG_ARM_SMMU_DISABLE_BYPASS_BY_DEFAULT=y
+CONFIG_ARM_SMMU_DISABLE_BYPASS_BY_DEFAULT=n
 CONFIG_ARM_SMMU_V3=y
 CONFIG_ARM_SMMU_V3_PMU=m
 CONFIG_ARM_SP805_WATCHDOG=m