From patchwork Wed Oct 2 18:37:47 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: dann frazier X-Patchwork-Id: 1170883 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=canonical.com Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 46k4db1Mgmz9s7T; Thu, 3 Oct 2019 04:38:09 +1000 (AEST) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1iFjVg-000052-Kg; Wed, 02 Oct 2019 18:38:00 +0000 Received: from youngberry.canonical.com ([91.189.89.112]) by huckleberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1iFjVe-00004w-Dv for kernel-team@lists.ubuntu.com; Wed, 02 Oct 2019 18:37:58 +0000 Received: from mail-io1-f72.google.com ([209.85.166.72]) by youngberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1iFjVe-0001JN-5d for kernel-team@lists.ubuntu.com; Wed, 02 Oct 2019 18:37:58 +0000 Received: by mail-io1-f72.google.com with SMTP id u18so299179ioc.4 for ; Wed, 02 Oct 2019 11:37:58 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:mime-version :content-transfer-encoding; bh=/YV31myrg+M8JD/ZCW98yCTs9ZiSg/UkV/Y1HENuWC8=; b=I07upIBSdKiEpqKeIhA9ql3HkXSNoZKXrzuni2ycOz8+uQjvrf62JoQ94aDlawFayd +gU11M+ZdvO2O/ENGC+u0Hm8RFWoEKlGcFrwBt8rTYCWO74eL6BSqCScoBcRgSoFlV65 0bNRFIvU30YdsJzVyPZYEMItvVGd4Hbc0tFqN1zM56tWaifWxTOf4dSyTyRQplPvRwk2 qjvd5JhLjiHem2BNWHp2S2xGyRTXgITZcH/cFG6iiomRzX9iYwdU9rOMHPlIu/F+99iC +MxLedKJjG/tg3CzR0QKIK1V5a66GYaSVAhAjB7M1psscWrdKIx5JGC1fsZkzrRnDVTa Y3sw== X-Gm-Message-State: APjAAAVpPapR4DUp1Kz9WUHlFRtvgjJfIAw+sG5TFwybc9qjr7yyajfD Sf/E+iDBX5KPrcyWRs3NA3EutawNNg70y2K/z+CtHqlH34qGZn485vK5s+B2UswHn9wjIm4FHsi KZl53BIakOm3LrI7SX/53kNyvDsqFiyWOH/gYwQC6iw== X-Received: by 2002:a92:7e95:: with SMTP id q21mr5319862ill.98.1570041476841; Wed, 02 Oct 2019 11:37:56 -0700 (PDT) X-Google-Smtp-Source: APXvYqwsUKDDl3zCe4RnTXuU+AZW8N+tDiQ/vFAXE57HW49H/lCgKNIAdRjmiDEH9d8WJevFPneFDg== X-Received: by 2002:a92:7e95:: with SMTP id q21mr5319826ill.98.1570041476369; Wed, 02 Oct 2019 11:37:56 -0700 (PDT) Received: from xps13.canonical.com (c-71-56-235-36.hsd1.co.comcast.net. [71.56.235.36]) by smtp.gmail.com with ESMTPSA id 28sm139573ilq.61.2019.10.02.11.37.54 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 02 Oct 2019 11:37:54 -0700 (PDT) From: dann frazier To: kernel-team@lists.ubuntu.com Subject: [PATCH][Eoan] UBUNTU: [Config] Disable CONFIG_ARM_SMMU_DISABLE_BYPASS_BY_DEFAULT Date: Wed, 2 Oct 2019 12:37:47 -0600 Message-Id: <20191002183747.5699-1-dann.frazier@canonical.com> X-Mailer: git-send-email 2.23.0 MIME-Version: 1.0 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" BugLink: https://bugs.launchpad.net/bugs/1845820 Avoid a regression on ThunderX - and likely other systems - that causes peripherals to break due to a misconfigured IOMMU. This disables a temporary config option provided by upstream to intentionally break systems that require the less secure passthrough mode. It's too late in the cycle to fix ThunderX properly and, since this is a new config in this Ubuntu release, disabling it does not introduce a security regression from previous releases. As per commit 954a03be ("iommu/arm-smmu: Break insecure users by disabling bypass by default"), this config will eventually be removed upstream, so Ubuntu will drop this workaround via a normal rebase, if not before. Signed-off-by: dann frazier Acked-by: Seth Forshee Acked-by: Paolo Pisati --- debian.master/config/annotations | 3 ++- debian.master/config/config.common.ubuntu | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/debian.master/config/annotations b/debian.master/config/annotations index 8bd038956f6c7..e50c72706aa1d 100644 --- a/debian.master/config/annotations +++ b/debian.master/config/annotations @@ -2751,7 +2751,7 @@ CONFIG_EXYNOS_IOMMU_DEBUG policy<{'armhf': 'n'}> CONFIG_IPMMU_VMSA policy<{'arm64': 'n', 'armhf': 'y'}> CONFIG_SPAPR_TCE_IOMMU policy<{'ppc64el': 'y'}> CONFIG_ARM_SMMU policy<{'arm64': 'y', 'armhf': 'n'}> -CONFIG_ARM_SMMU_DISABLE_BYPASS_BY_DEFAULT policy<{'arm64': 'y'}> +CONFIG_ARM_SMMU_DISABLE_BYPASS_BY_DEFAULT policy<{'arm64': 'n'}> CONFIG_ARM_SMMU_V3 policy<{'arm64': 'y'}> CONFIG_S390_CCW_IOMMU policy<{'s390x': 'y'}> CONFIG_S390_AP_IOMMU policy<{'s390x': 'y'}> @@ -2762,6 +2762,7 @@ CONFIG_HYPERV_IOMMU policy<{'amd64': 'y', 'i386': 'y CONFIG_VIRTIO_IOMMU policy<{'arm64': 'y'}> # CONFIG_IPMMU_VMSA note +CONFIG_ARM_SMMU_DISABLE_BYPASS_BY_DEFAULT mark note # Menu: Device Drivers >> IOMMU Hardware Support >> Generic IOMMU Pagetable Support CONFIG_IOMMU_IO_PGTABLE_LPAE policy<{'arm64': 'y', 'armhf': 'y'}> diff --git a/debian.master/config/config.common.ubuntu b/debian.master/config/config.common.ubuntu index 4a2b79175b968..613da87112c72 100644 --- a/debian.master/config/config.common.ubuntu +++ b/debian.master/config/config.common.ubuntu @@ -735,7 +735,7 @@ CONFIG_ARM_SCPI_CPUFREQ=m CONFIG_ARM_SCPI_POWER_DOMAIN=m CONFIG_ARM_SCPI_PROTOCOL=m CONFIG_ARM_SDE_INTERFACE=y -CONFIG_ARM_SMMU_DISABLE_BYPASS_BY_DEFAULT=y +CONFIG_ARM_SMMU_DISABLE_BYPASS_BY_DEFAULT=n CONFIG_ARM_SMMU_V3=y CONFIG_ARM_SMMU_V3_PMU=m CONFIG_ARM_SP805_WATCHDOG=m