On 2019-09-16 7:19 pm, Doug Anderson wrote:
[...]
1. "By firmware" might be a bit misleading. In most cases I'm aware
of the problem is in the device tree that was bundled together with
the kernel. If there are actually cases where firmware has baked in a
device tree and it got this wrong then we might want to spend time
figuring out what to do about it.
I thought that was usually the way UEFI systems worked, where the kernel
is updated independently of the device-tree? Either way, that should be
what we're aiming for, even if many platforms require the two to be tied
together.
It's my opinion that until there is a place in the kernel to "fixup"
broken device trees that were baked in firmware that it's a bad idea
to ship device trees separate from the kernel except if the device
trees are exceedingly simple. We'll run into too many problems
otherwise, either because the kernel the device tree was written for
had downstream patches or someone just made a mistake in them and
nobody noticed. I know device trees are supposed to be ABI, but
people make mistakes and we need a way to fix them up.
...but that's getting pretty far afield from Robin's patch.
Let's not get too hung up on devicetree - you can go out and buy certain
ACPI-only platforms today that also fall foul of this, for which AFAIK
the necessary firmware update is in the SoC vendor's hands.
2. Presumably booting with "arm-smmu.disable_bypass=0" is in most
cases the least desirable option available. I always consider kernel
command line parameters as something of a last resort for
configuration and would only be something that and end user might do
if they were given a kernel compiled by someone else (like if someone
where taking a prebuilt Linux distro and trying to install it onto a
generic PC). Are you seeing cases where this is happening? If people
are compiling their own kernel I'd argue that telling them to set
"CONFIG_ARM_SMMU_DISABLE_BYPASS_BY_DEFAULT" to "no" is much better
than trying to jam a command line option on. Command line options
don't scale well.
Hmm. Recompiling seems like even more of a last resort to me!
Depends on what you're doing. If you're not in the habit of compiling
a kernel and you're just trying to make one work then the command line
is great. If you're trying to manage configuration for a whole bunch
of different hardware products then the command line is a terrible
place to store config.
...but I guess the summary is that we wouldn't want someone to
actually ship a kernel with this option on anyway. ;-)
FWIW the meta here is really "oops, you've just installed a new kernel
and now your machine is unusable - you need to take it up with whoever
supports your platform, but in the meantime this is the minimal thing
you can do to get things back working as before."
Personally I'm less concerned about folks maintaining "hardware
products", as I'd like to assume they would hit this in QA and have a
relatively short loop back to kernel people who know what's up (or at
least know enough to join the dots to punt it to my inbox). My main
concern is end users of SBSA-ish platforms who are free to pick and
choose distros - and/or kernel packages within their distro - and thus
may bugger up their machine inadvertently if the distro package happens
to have picked this option up from defconfig (from a quick look at least
my preferred one has).
3. Any chance you could make it more obvious that this change is
undesirable and a last resort? AKA:
"Stream ID x blocked for security reasons; allow anyway by booting
with arm-smmu.disable_bypass=0"
How about:
"Blocked transaction from unknown Stream ID x; boot with
\"arm-smmu.disable_bypass=0\" to allow these transactions, although this
may have security implications."
Fine with me if it's not too long for an error message.
Sounds good, I'll respin with a slight abbreviation of that (and minus
the embarrassingly stupid thinko) tomorrow.
Cheers,
Robin.
_______________________________________________
iommu mailing list
[email protected]
https://lists.linuxfoundation.org/mailman/listinfo/iommu
