d/numam-dpdk
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

igb_uio: fail and log if kernel lock down is enabled

Browse Source 
When EFI secure boot is enabled, it is possible to lock down kernel and
prevent accessing device BARs and this makes igb_uio unusable.

Lock down patches are not part of the vanilla kernel but they are
applied and used by some distros already [1].

It is not possible to fix this issue, but intention of this patch is to
detect and log if kernel lock down enabled and don't insert the module
for that case.

The challenge is since this feature enabled by distros, they have
different config options and APIs for it. This patch is done based on
Fedora and Ubuntu kernel source, may needs to add more distro specific
support.

[1]
kernel.ubuntu.com/git/ubuntu/ubuntu-artful.git/commit/?id=99f9ef18d5b6
And a few more patches too.

Signed-off-by: Ferruh Yigit <ferruh.yigit@intel.com>
Acked-by: Luca Boccassi <bluca@debian.org>
This commit is contained in:
Ferruh Yigit 2018-05-16 15:42:20 +01:00 committed by Thomas Monjalon
parent a36b40dd8e
commit d67014c3d3
2 changed files with 24 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
kernel/linux/igb_uio/compat.h
View File

@ -126,10 +126,6 @@ static bool pci_check_and_mask_intx(struct pci_dev *pdev)
#define HAVE_PCI_IS_BRIDGE_API 1
#endif
#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 8, 0)
#define HAVE_ALLOC_IRQ_VECTORS 1
#endif
#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 3, 0)
#define HAVE_MSI_LIST_IN_GENERIC_DEVICE 1
#endif
@ -137,3 +133,22 @@ static bool pci_check_and_mask_intx(struct pci_dev *pdev)
#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 5, 0)
#define HAVE_PCI_MSI_MASK_IRQ 1
#endif
#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 8, 0)
#define HAVE_ALLOC_IRQ_VECTORS 1
#endif
static inline bool igbuio_kernel_is_locked_down(void)
{
#ifdef CONFIG_LOCK_DOWN_KERNEL
#ifdef CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT
return kernel_is_locked_down(NULL);
#elif CONFIG_EFI_SECURE_BOOT_LOCK_DOWN
return kernel_is_locked_down();
#else
return false;
#endif
#else
return false;
#endif
}

5
kernel/linux/igb_uio/igb_uio.c
View File

@ -621,6 +621,11 @@ igbuio_pci_init_module(void)
{
int ret;
if (igbuio_kernel_is_locked_down()) {
pr_err("Not able to use module, kernel lock down is enabled\n");
return -EINVAL;
}
ret = igbuio_config_intr_mode(intr_mode);
if (ret < 0)
return ret;