Arch Linux

Description:
The new kernel 4.19 warns about enabling IOMMU DebugFS support,
and dmesg has the following important message:

---8< *snip*

kernel: *************************************************************
kernel: ** NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE **
kernel: ** **
kernel: ** IOMMU DebugFS SUPPORT HAS BEEN ENABLED IN THIS KERNEL **
kernel: ** **
kernel: ** This means that this kernel is built to expose internal **
kernel: ** IOMMU data structures, which may compromise security on **
kernel: ** your system. **
kernel: ** **
kernel: ** If you see this message and you are not debugging the **
kernel: ** kernel, report this immediately to your vendor! **
kernel: ** **
kernel: ** NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE **
kernel: *************************************************************

---8< *snip*


AFAICT: comparing the old Arch linux config from 4.18.16 with the new config from 4.19 I am pretty confident the kernel config option "CONFIG_IOMMU_DEBUGFS=y" is causing the kernel to output the message and we should therefore consider defaulting to no for CONFIG_IOMMU_DEBUGFS.

Also, CONFIG_IOMMU_DEBUGFS seems to be a new config option, if I am not mistaken.

I am not sure what the exact consequences of "may compromise security on your system" might be, let's try not to get affected by it. :)



Additional info:
* linux 4.19
* config and/or log files etc.


Steps to reproduce:
Boot up kernel 4.19 - Arch linux package -
use either dmesg or journalctl to get the above mentioned kernel notice.