Arch Linux

Please read this before reporting a bug:
https://wiki.archlinux.org/index.php/Reporting_Bug_Guidelines

Do NOT report bugs when a package is just outdated, or it is in Unsupported. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!
Tasklist

FS#60606 - [linux] 4.19 - disable CONFIG_IOMMU_DEBUGFS

Attached to Project: Arch Linux
Opened by Siegfried Metz (NiceGuy) - Friday, 26 October 2018, 23:36 GMT
Last edited by Jan Alexander Steffens (heftig) - Monday, 29 October 2018, 21:35 GMT
Task Type Bug Report
Category Packages: Testing
Status Closed
Assigned To Jan Alexander Steffens (heftig)
Architecture All
Severity High
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 9
Private No

Details

Description:
The new kernel 4.19 warns about enabling IOMMU DebugFS support,
and dmesg has the following important message:

---8< *snip*

kernel: *************************************************************
kernel: ** NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE **
kernel: ** **
kernel: ** IOMMU DebugFS SUPPORT HAS BEEN ENABLED IN THIS KERNEL **
kernel: ** **
kernel: ** This means that this kernel is built to expose internal **
kernel: ** IOMMU data structures, which may compromise security on **
kernel: ** your system. **
kernel: ** **
kernel: ** If you see this message and you are not debugging the **
kernel: ** kernel, report this immediately to your vendor! **
kernel: ** **
kernel: ** NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE **
kernel: *************************************************************

---8< *snip*


AFAICT: comparing the old Arch linux config from 4.18.16 with the new config from 4.19 I am pretty confident the kernel config option "CONFIG_IOMMU_DEBUGFS=y" is causing the kernel to output the message and we should therefore consider defaulting to no for CONFIG_IOMMU_DEBUGFS.

Also, CONFIG_IOMMU_DEBUGFS seems to be a new config option, if I am not mistaken.

I am not sure what the exact consequences of "may compromise security on your system" might be, let's try not to get affected by it. :)



Additional info:
* linux 4.19
* config and/or log files etc.


Steps to reproduce:
Boot up kernel 4.19 - Arch linux package -
use either dmesg or journalctl to get the above mentioned kernel notice.
This task depends upon

Closed by  Jan Alexander Steffens (heftig)
Monday, 29 October 2018, 21:35 GMT
Reason for closing:  Fixed
Additional comments about closing:  Fixed in trunk, pending next release.
Comment by Siegfried Metz (NiceGuy) - Friday, 26 October 2018, 23:39 GMT
I forgot one thing to mention: Kernel 4.18.16 has nothing like this in dmesg.

Loading...