ACK / APPLIED[F/Unstable]: [SRU][D/E][PATCH 0/1] Disable CONFIG_IOMMU_DEBUGFS (enforce policy)
Seth Forshee
seth.forshee at canonical.com
Wed Jan 29 04:38:29 UTC 2020
On Mon, Jan 27, 2020 at 11:15:08PM -0500, Khalid Elmously wrote:
> BugLink: https://bugs.launchpad.net/bugs/1861057
>
> When CONFIG_IOMMU_DEBUGFS is enabled it shows a scary-looking security warning in the kernel log.
> There's already a policy to disable this feature but it is curently unenforced.
>
> This is being done specifically for cloud kernels but it seemed to me that this config should be disabled everywhere not just for cloud.
>
> With this patch, I confirmed that derivatives can't be cranked if they have CONFIG_IOMMU_DEBUGFS enabled.
Acked-by: Seth Forshee <seth.forshee at canonical.com>
Applied to focal/master-next and unstable/master, thanks!
More information about the kernel-team
mailing list