1. Please describe the problem: It's currently possible for malicious devices to access stable data content. Having CONFIG_IOMMU_DEFAULT_DMA_STRICT=y would force proper IOMMU TLB invalidation, preventing this from happening. This setting is recommended upstream: https://github.com/torvalds/linux/blob/master/kernel/configs/hardening.config#L72 The only possible issue would be that it might affect the performances on some platforms with cursed drivers. 2. What is the Version-Release number of the kernel: N/A 3. Did it work previously in Fedora? If so, what kernel version did the issue *first* appear? Old kernels are available for download at https://koji.fedoraproject.org/koji/packageinfo?packageID=8 : No. 4. Can you reproduce this issue? If so, please provide the steps to reproduce the issue below: Yes, rebuild with CONFIG_IOMMU_DEFAULT_DMA_STRICT, notice that nothing breaks on my machine™. No need to rebuild the kernel if you're lazy, this option is equivalent to `iommu.passthrough=0 iommu.strict=1` 5. Does this problem occur with the latest Rawhide kernel? To install the Rawhide kernel, run ``sudo dnf install fedora-repos-rawhide`` followed by ``sudo dnf update --enablerepo=rawhide kernel``: N/A 6. Are you running any modules that not shipped with directly Fedora's kernel?: N/A 7. Please attach the kernel logs. You can get the complete kernel log for a boot with ``journalctl --no-hostname -k > dmesg.txt``. If the issue occurred on a previous boot, use the journalctl ``-b`` flag. N/A Reproducible: Always
Will need to research this again, when it came in, I turned it on and it caused issues so was turned off.
Do you have details about what kind of issues it caused?
Yes, it turns out it is a significant performance impact. More details are available at: https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9/-/merge_requests/3952