From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp.tuxdriver.com (charlotte.tuxdriver.com [70.61.120.58]) by dpdk.org (Postfix) with ESMTP id 9C6F2326C for ; Thu, 17 May 2018 13:34:48 +0200 (CEST) Received: from cpe-2606-a000-111b-40b7-640c-26a-4e16-9225.dyn6.twc.com ([2606:a000:111b:40b7:640c:26a:4e16:9225] helo=localhost) by smtp.tuxdriver.com with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.63) (envelope-from ) id 1fJHB8-0001ZW-A4; Thu, 17 May 2018 07:34:45 -0400 Date: Thu, 17 May 2018 07:34:06 -0400 From: Neil Horman To: Ferruh Yigit Cc: dev@dpdk.org, Christian Ehrhardt , Luca Boccassi , Maxime Coquelin , Stephen Hemminger Message-ID: <20180517113406.GA21980@hmswarspite.think-freely.org> References: <20180516101851.2443-1-ferruh.yigit@intel.com> <20180516144220.21235-1-ferruh.yigit@intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20180516144220.21235-1-ferruh.yigit@intel.com> User-Agent: Mutt/1.9.5 (2018-04-13) X-Spam-Score: -2.9 (--) X-Spam-Status: No Subject: Re: [dpdk-dev] [PATCH v3] igb_uio: fail and log if kernel lock down is enabled X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 17 May 2018 11:34:48 -0000 On Wed, May 16, 2018 at 03:42:20PM +0100, Ferruh Yigit wrote: > When EFI secure boot is enabled, it is possible to lock down kernel and > prevent accessing device BARs and this makes igb_uio unusable. > > Lock down patches are not part of the vanilla kernel but they are > applied and used by some distros already [1]. > > It is not possible to fix this issue, but intention of this patch is to > detect and log if kernel lock down enabled and don't insert the module > for that case. > > The challenge is since this feature enabled by distros, they have > different config options and APIs for it. This patch is done based on > Fedora and Ubuntu kernel source, may needs to add more distro specific > support. > I still need to ask, what exactly is the error you're seeing with inserting the uio module? The lockdown patch set restricts BAR address changes, but via paths acessible from user space, igbuio should still insert and initalize just fine (or so it would seem to me). Why not fix this by detecting the problem during the user space library initalization, where you can do so via a standard method that works accross distributions? Neil