From: Neil Horman <nhorman@tuxdriver.com>
To: Ferruh Yigit <ferruh.yigit@intel.com>
Cc: dev@dpdk.org,
Christian Ehrhardt <christian.ehrhardt@canonical.com>,
Luca Boccassi <bluca@debian.org>,
Maxime Coquelin <maxime.coquelin@redhat.com>,
Stephen Hemminger <stephen@networkplumber.org>
Subject: Re: [PATCH v3] igb_uio: fail and log if kernel lock down is enabled
Date: Thu, 17 May 2018 07:34:06 -0400 [thread overview]
Message-ID: <20180517113406.GA21980@hmswarspite.think-freely.org> (raw)
In-Reply-To: <20180516144220.21235-1-ferruh.yigit@intel.com>
On Wed, May 16, 2018 at 03:42:20PM +0100, Ferruh Yigit wrote:
> When EFI secure boot is enabled, it is possible to lock down kernel and
> prevent accessing device BARs and this makes igb_uio unusable.
>
> Lock down patches are not part of the vanilla kernel but they are
> applied and used by some distros already [1].
>
> It is not possible to fix this issue, but intention of this patch is to
> detect and log if kernel lock down enabled and don't insert the module
> for that case.
>
> The challenge is since this feature enabled by distros, they have
> different config options and APIs for it. This patch is done based on
> Fedora and Ubuntu kernel source, may needs to add more distro specific
> support.
>
I still need to ask, what exactly is the error you're seeing with inserting the
uio module? The lockdown patch set restricts BAR address changes, but via paths
acessible from user space, igbuio should still insert and initalize just fine
(or so it would seem to me). Why not fix this by detecting the problem during
the user space library initalization, where you can do so via a standard method
that works accross distributions?
Neil
next prev parent reply other threads:[~2018-05-17 11:34 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-05-15 16:56 [PATCH] igb_uio: fail and log if kernel lock down is enabled Ferruh Yigit
2018-05-15 17:47 ` Luca Boccassi
2018-05-16 9:45 ` Ferruh Yigit
2018-05-16 9:56 ` Luca Boccassi
2018-05-15 18:52 ` Stephen Hemminger
2018-05-16 9:53 ` Ferruh Yigit
2018-05-16 10:18 ` [PATCH v2] " Ferruh Yigit
2018-05-16 10:50 ` Luca Boccassi
2018-05-16 14:42 ` [PATCH v3] " Ferruh Yigit
2018-05-17 11:34 ` Neil Horman [this message]
2018-05-17 13:26 ` Ferruh Yigit
2018-05-17 18:16 ` Neil Horman
2018-06-27 14:39 ` Thomas Monjalon
2018-06-29 7:04 ` David Marchand
2018-06-29 9:35 ` Ferruh Yigit
2018-05-16 11:47 ` [PATCH] " Neil Horman
2018-05-17 13:23 ` Ferruh Yigit
2018-05-17 14:39 ` Stephen Hemminger
2018-05-17 19:49 ` Neil Horman
2018-05-22 15:23 ` Ferruh Yigit
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180517113406.GA21980@hmswarspite.think-freely.org \
--to=nhorman@tuxdriver.com \
--cc=bluca@debian.org \
--cc=christian.ehrhardt@canonical.com \
--cc=dev@dpdk.org \
--cc=ferruh.yigit@intel.com \
--cc=maxime.coquelin@redhat.com \
--cc=stephen@networkplumber.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.