From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <nhorman@tuxdriver.com>
Received: from smtp.tuxdriver.com (charlotte.tuxdriver.com [70.61.120.58])
 by dpdk.org (Postfix) with ESMTP id 9C6F2326C
 for <dev@dpdk.org>; Thu, 17 May 2018 13:34:48 +0200 (CEST)
Received: from cpe-2606-a000-111b-40b7-640c-26a-4e16-9225.dyn6.twc.com
 ([2606:a000:111b:40b7:640c:26a:4e16:9225] helo=localhost)
 by smtp.tuxdriver.com with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.63)
 (envelope-from <nhorman@tuxdriver.com>)
 id 1fJHB8-0001ZW-A4; Thu, 17 May 2018 07:34:45 -0400
Date: Thu, 17 May 2018 07:34:06 -0400
From: Neil Horman <nhorman@tuxdriver.com>
To: Ferruh Yigit <ferruh.yigit@intel.com>
Cc: dev@dpdk.org, Christian Ehrhardt <christian.ehrhardt@canonical.com>,
 Luca Boccassi <bluca@debian.org>,
 Maxime Coquelin <maxime.coquelin@redhat.com>,
 Stephen Hemminger <stephen@networkplumber.org>
Message-ID: <20180517113406.GA21980@hmswarspite.think-freely.org>
References: <20180516101851.2443-1-ferruh.yigit@intel.com>
 <20180516144220.21235-1-ferruh.yigit@intel.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20180516144220.21235-1-ferruh.yigit@intel.com>
User-Agent: Mutt/1.9.5 (2018-04-13)
X-Spam-Score: -2.9 (--)
X-Spam-Status: No
Subject: Re: [dpdk-dev] [PATCH v3] igb_uio: fail and log if kernel lock down
	is enabled
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://dpdk.org/ml/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://dpdk.org/ml/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://dpdk.org/ml/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
X-List-Received-Date: Thu, 17 May 2018 11:34:48 -0000

On Wed, May 16, 2018 at 03:42:20PM +0100, Ferruh Yigit wrote:
> When EFI secure boot is enabled, it is possible to lock down kernel and
> prevent accessing device BARs and this makes igb_uio unusable.
> 
> Lock down patches are not part of the vanilla kernel but they are
> applied and used by some distros already [1].
> 
> It is not possible to fix this issue, but intention of this patch is to
> detect and log if kernel lock down enabled and don't insert the module
> for that case.
> 
> The challenge is since this feature enabled by distros, they have
> different config options and APIs for it. This patch is done based on
> Fedora and Ubuntu kernel source, may needs to add more distro specific
> support.
> 
I still need to ask, what exactly is the error you're seeing with inserting the
uio module?  The lockdown patch set restricts BAR address changes, but via paths
acessible from user space, igbuio should still insert and initalize just fine
(or so it would seem to me).  Why not fix this by detecting the problem during
the user space library initalization, where you can do so via a standard method
that works accross distributions?

Neil