From mboxrd@z Thu Jan  1 00:00:00 1970
From: Luca Boccassi <bluca@debian.org>
Subject: Re: [PATCH v2] igb_uio: fail and log if kernel lock down
	is enabled
Date: Wed, 16 May 2018 11:50:19 +0100
Message-ID: <1526467819.23337.122.camel@debian.org>
References: <20180515165612.61243-1-ferruh.yigit@intel.com>
 <20180516101851.2443-1-ferruh.yigit@intel.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Cc: Christian Ehrhardt <christian.ehrhardt@canonical.com>, Maxime Coquelin
 <maxime.coquelin@redhat.com>, Neil Horman <nhorman@tuxdriver.com>, Stephen
 Hemminger <stephen@networkplumber.org>
To: Ferruh Yigit <ferruh.yigit@intel.com>, dev@dpdk.org
Return-path: <dev-bounces@dpdk.org>
Received: from mail-wm0-f68.google.com (mail-wm0-f68.google.com [74.125.82.68])
 by dpdk.org (Postfix) with ESMTP id 48553CFBA
 for <dev@dpdk.org>; Wed, 16 May 2018 12:50:22 +0200 (CEST)
Received: by mail-wm0-f68.google.com with SMTP id j4-v6so554837wme.1
 for <dev@dpdk.org>; Wed, 16 May 2018 03:50:22 -0700 (PDT)
In-Reply-To: <20180516101851.2443-1-ferruh.yigit@intel.com>
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://dpdk.org/ml/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://dpdk.org/ml/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://dpdk.org/ml/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org
Sender: "dev" <dev-bounces@dpdk.org>

On Wed, 2018-05-16 at 11:18 +0100, Ferruh Yigit wrote:
> When EFI secure boot is enabled, it is possible to lock down kernel
> and
> prevent accessing device BARs and this makes igb_uio unusable.
>=20
> Lock down patches are not part of the vanilla kernel but they are
> applied and used by some distros already [1].
>=20
> It is not possible to fix this issue, but intention of this patch is
> to
> detect and log if kernel lock down enabled and don't insert the
> module
> for that case.
>=20
> The challenge is since this feature enabled by distros, they have
> different config options and APIs for it. This patch is done based on
> Fedora and Ubuntu kernel source, may needs to add more distro
> specific
> support.
>=20
> [1]
> kernel.ubuntu.com/git/ubuntu/ubuntu-
> artful.git/commit/?id=3D99f9ef18d5b6
> And a few more patches to
>=20
> Signed-off-by: Ferruh Yigit <ferruh.yigit@intel.com>
> ---
> Cc: Christian Ehrhardt <christian.ehrhardt@canonical.com>
> Cc: Luca Boccassi <bluca@debian.org>
> Cc: Maxime Coquelin <maxime.coquelin@redhat.com>
> Cc: Neil Horman <nhorman@tuxdriver.com>
> Cc: Stephen Hemminger <stephen@networkplumber.org>
>=20
> v2:
> * remove distro comments from checks
> Note:
> Since kernel_is_locked_down() is macro in one case, it can be used
> for
> comparison:
> =C2=A0#ifdef kernel_is_locked_down
> =C2=A0=C2=A0=C2=A0kernel_is_locked_down(NULL)
> =C2=A0#else
> =C2=A0=C2=A0=C2=A0kernel_is_locked_down()
>=20
> This will force all non macro defined cases to else and this may be
> broken in the feature if macro changed.
>=20
> To be more protective for changes, since this patch is not upstreamed
> to
> kernel yet, will keep config check although it is ugly.
> ---

Acked-by: Luca Boccassi <bluca@debian.org>

--=20
Kind regards,
Luca Boccassi