From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: <luca.boccassi@gmail.com> Received: from mail-wm0-f68.google.com (mail-wm0-f68.google.com [74.125.82.68]) by dpdk.org (Postfix) with ESMTP id 48553CFBA for <dev@dpdk.org>; Wed, 16 May 2018 12:50:22 +0200 (CEST) Received: by mail-wm0-f68.google.com with SMTP id j4-v6so554837wme.1 for <dev@dpdk.org>; Wed, 16 May 2018 03:50:22 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:message-id:subject:from:to:cc:date:in-reply-to :references:content-transfer-encoding:mime-version; bh=6/UJf49svF46y2a839rOl68LtfWw1+er5sLTBsv3lTA=; b=OXHcolzCTKxYTEuCgyWX661he2/9Nhothb+SGZhSRnXOOIbSy15jAE+ycxG+5zjXx9 9AEw7ut74t/RDskxGG6lVkLZHcnU0srq9Q4UwZ0v4M7LV0wWpSejYlH/e4NnbZW8tsca J21IsCThLG+26rIL7gMwBeCaByceJEAfBUJZ28Gxkw9i67REwlpXXNTeHLIL45PhXI5l xyYXqIWNibhZ/T7By4WQYzGOKdm4g3Ro0/4+agXLuPaPU0kjJXH3HvVMGYNYfqiC5KQA bSCkzK/QPdYZs5VALpfq7bSBeAREY3mvJXSWEPVGYlBcsvsyf+F2O/cC8ULP3dm1Oh1F vVoQ== X-Gm-Message-State: ALKqPwdlO2cE+8CmWBTgksvEZnq4miz2AI4dBhf8EK2wsQttSR7fKhXj fqvglcddTipk/32d5eI5igw= X-Google-Smtp-Source: AB8JxZop4qzCV/gsqVjkMQolkiYxBUqFOaZk6SrHAa79iCzHncI1EwHfea4qu7U2K9KNuug09nVW0Q== X-Received: by 2002:a1c:96d3:: with SMTP id y202-v6mr234857wmd.106.1526467821954; Wed, 16 May 2018 03:50:21 -0700 (PDT) Received: from localhost (slip139-92-244-193.lon.uk.prserv.net. [139.92.244.193]) by smtp.gmail.com with ESMTPSA id a14-v6sm4203417wra.84.2018.05.16.03.50.20 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Wed, 16 May 2018 03:50:20 -0700 (PDT) Message-ID: <1526467819.23337.122.camel@debian.org> From: Luca Boccassi <bluca@debian.org> To: Ferruh Yigit <ferruh.yigit@intel.com>, dev@dpdk.org Cc: Christian Ehrhardt <christian.ehrhardt@canonical.com>, Maxime Coquelin <maxime.coquelin@redhat.com>, Neil Horman <nhorman@tuxdriver.com>, Stephen Hemminger <stephen@networkplumber.org> Date: Wed, 16 May 2018 11:50:19 +0100 In-Reply-To: <20180516101851.2443-1-ferruh.yigit@intel.com> References: <20180515165612.61243-1-ferruh.yigit@intel.com> <20180516101851.2443-1-ferruh.yigit@intel.com> Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Mailer: Evolution 3.22.6-1+deb9u1 Mime-Version: 1.0 Subject: Re: [dpdk-dev] [PATCH v2] igb_uio: fail and log if kernel lock down is enabled X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions <dev.dpdk.org> List-Unsubscribe: <https://dpdk.org/ml/options/dev>, <mailto:dev-request@dpdk.org?subject=unsubscribe> List-Archive: <http://dpdk.org/ml/archives/dev/> List-Post: <mailto:dev@dpdk.org> List-Help: <mailto:dev-request@dpdk.org?subject=help> List-Subscribe: <https://dpdk.org/ml/listinfo/dev>, <mailto:dev-request@dpdk.org?subject=subscribe> X-List-Received-Date: Wed, 16 May 2018 10:50:22 -0000 On Wed, 2018-05-16 at 11:18 +0100, Ferruh Yigit wrote: > When EFI secure boot is enabled, it is possible to lock down kernel > and > prevent accessing device BARs and this makes igb_uio unusable. >=20 > Lock down patches are not part of the vanilla kernel but they are > applied and used by some distros already [1]. >=20 > It is not possible to fix this issue, but intention of this patch is > to > detect and log if kernel lock down enabled and don't insert the > module > for that case. >=20 > The challenge is since this feature enabled by distros, they have > different config options and APIs for it. This patch is done based on > Fedora and Ubuntu kernel source, may needs to add more distro > specific > support. >=20 > [1] > kernel.ubuntu.com/git/ubuntu/ubuntu- > artful.git/commit/?id=3D99f9ef18d5b6 > And a few more patches to >=20 > Signed-off-by: Ferruh Yigit <ferruh.yigit@intel.com> > --- > Cc: Christian Ehrhardt <christian.ehrhardt@canonical.com> > Cc: Luca Boccassi <bluca@debian.org> > Cc: Maxime Coquelin <maxime.coquelin@redhat.com> > Cc: Neil Horman <nhorman@tuxdriver.com> > Cc: Stephen Hemminger <stephen@networkplumber.org> >=20 > v2: > * remove distro comments from checks > Note: > Since kernel_is_locked_down() is macro in one case, it can be used > for > comparison: > =C2=A0#ifdef kernel_is_locked_down > =C2=A0=C2=A0=C2=A0kernel_is_locked_down(NULL) > =C2=A0#else > =C2=A0=C2=A0=C2=A0kernel_is_locked_down() >=20 > This will force all non macro defined cases to else and this may be > broken in the feature if macro changed. >=20 > To be more protective for changes, since this patch is not upstreamed > to > kernel yet, will keep config check although it is ugly. > --- Acked-by: Luca Boccassi <bluca@debian.org> --=20 Kind regards, Luca Boccassi