From: Will Deacon <will.deacon@arm.com>
To: Douglas Anderson <dianders@chromium.org>
Cc: Joerg Roedel <joro@8bytes.org>,
Robin Murphy <robin.murphy@arm.com>,
linux-arm-msm@vger.kernel.org,
Vivek Gautam <vivek.gautam@codeaurora.org>,
Rob Clark <robdclark@gmail.com>,
evgreen@chromium.org, tfiga@chromium.org,
linux-kernel@vger.kernel.org, iommu@lists.linux-foundation.org,
linux-arm-kernel@lists.infradead.org
Subject: Re: [PATCH v2] iommu/arm-smmu: Break insecure users by disabling bypass by default
Date: Thu, 4 Apr 2019 16:00:05 +0100 [thread overview]
Message-ID: <20190404145957.GA25912@fuggles.cambridge.arm.com> (raw)
In-Reply-To: <20190301192017.39770-1-dianders@chromium.org>
On Fri, Mar 01, 2019 at 11:20:17AM -0800, Douglas Anderson wrote:
> If you're bisecting why your peripherals stopped working, it's
> probably this CL. Specifically if you see this in your dmesg:
> Unexpected global fault, this could be serious
> ...then it's almost certainly this CL.
>
> Running your IOMMU-enabled peripherals with the IOMMU in bypass mode
> is insecure and effectively disables the protection they provide.
> There are few reasons to allow unmatched stream bypass, and even fewer
> good ones.
>
> This patch starts the transition over to make it much harder to run
> your system insecurely. Expected steps:
>
> 1. By default disable bypass (so anyone insecure will notice) but make
> it easy for someone to re-enable bypass with just a KConfig change.
> That's this patch.
>
> 2. After people have had a little time to come to grips with the fact
> that they need to set their IOMMUs properly and have had time to
> dig into how to do this, the KConfig will be eliminated and bypass
> will simply be disabled. Folks who are truly upset and still
> haven't fixed their system can either figure out how to add
> 'arm-smmu.disable_bypass=n' to their command line or revert the
> patch in their own private kernel. Of course these folks will be
> less secure.
>
> Suggested-by: Robin Murphy <robin.murphy@arm.com>
> Signed-off-by: Douglas Anderson <dianders@chromium.org>
> ---
>
> Changes in v2:
> - Flipped default to 'yes' and changed comments a lot.
>
> drivers/iommu/Kconfig | 25 +++++++++++++++++++++++++
> drivers/iommu/arm-smmu.c | 3 ++-
> 2 files changed, 27 insertions(+), 1 deletion(-)
Cheers, I'll pick this one up for 5.2.
Will
next prev parent reply other threads:[~2019-04-04 15:00 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-03-01 19:20 [PATCH v2] iommu/arm-smmu: Break insecure users by disabling bypass by default Douglas Anderson
2019-03-20 15:48 ` Marc Gonzalez
2019-03-20 18:35 ` Robin Murphy
2019-04-02 15:42 ` Marc Gonzalez
2019-04-04 15:00 ` Will Deacon [this message]
2019-10-03 18:27 ` Tim Harvey
2019-10-03 20:42 ` Robin Murphy
2019-10-03 20:51 ` Tim Harvey
2019-10-03 22:24 ` Robin Murphy
2019-10-04 15:23 ` Tim Harvey
2019-10-04 16:36 ` Robin Murphy
2019-10-04 17:13 ` Tim Harvey
2019-10-04 18:34 ` Robin Murphy
2019-10-04 20:37 ` Tim Harvey
2019-10-04 23:27 ` Robin Murphy
2019-10-24 16:56 ` Tim Harvey
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190404145957.GA25912@fuggles.cambridge.arm.com \
--to=will.deacon@arm.com \
--cc=dianders@chromium.org \
--cc=evgreen@chromium.org \
--cc=iommu@lists.linux-foundation.org \
--cc=joro@8bytes.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-arm-msm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=robdclark@gmail.com \
--cc=robin.murphy@arm.com \
--cc=tfiga@chromium.org \
--cc=vivek.gautam@codeaurora.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).