Message ID | 20231212-papr-sys_rtas-vs-lockdown-v6-0-e9eafd0c8c6c@linux.ibm.com (mailing list archive) |
---|---|
Headers | show |
Series | powerpc/pseries: New character devices for system parameters and VPD | expand |
On Tue, 12 Dec 2023 11:01:47 -0600, Nathan Lynch wrote: > Add character devices that expose PAPR-specific system parameters and > VPD to user space. > > The problem: important platform features are enabled on Linux VMs > through the powerpc-specific rtas() syscall in combination with > writeable mappings of /dev/mem. In typical usage, this is encapsulated > behind APIs provided by the librtas library. This paradigm is > incompatible with lockdown, which prohibits /dev/mem access. It also > is too low-level in many cases: a single logical operation may require > multiple sys_rtas() calls in succession to complete. This carries the > risk that a process may exit while leaving an operation unfinished. It > also means that callers must coordinate their use of the syscall for > functions that cannot tolerate multiple concurrent clients, such as > ibm,get-vpd. > > [...] Applied to powerpc/next. [01/13] powerpc/rtas: Avoid warning on invalid token argument to sys_rtas() https://git.kernel.org/powerpc/c/01e346ffefda3a7088afebf02b940614179688e7 [02/13] powerpc/rtas: Add for_each_rtas_function() iterator https://git.kernel.org/powerpc/c/c500c6e736df030f8956080738f59701c0b43dd8 [03/13] powerpc/rtas: Fall back to linear search on failed token->function lookup https://git.kernel.org/powerpc/c/669acc7eec223a81ea5e2420de85b61979ab7dad [04/13] powerpc/rtas: Add function return status constants https://git.kernel.org/powerpc/c/9592aa5ad59e736727fe7894e6e820e2d851abcf [05/13] powerpc/rtas: Move token validation from block_rtas_call() to sys_rtas() https://git.kernel.org/powerpc/c/e7582edb78619abb4ebf0a6e1fed125dcd7243b6 [06/13] powerpc/rtas: Facilitate high-level call sequences https://git.kernel.org/powerpc/c/adf7a019e5f82607fc0f0079926d0178afe8f4ef [07/13] powerpc/rtas: Serialize firmware activation sequences https://git.kernel.org/powerpc/c/dc7637c402b90a197d3f21a3d78f2b00b67ea22a [08/13] powerpc/rtas: Warn if per-function lock isn't held https://git.kernel.org/powerpc/c/e3681107bc9f97c5948a1c8a3a97ac64907210ce [09/13] powerpc/pseries: Add papr-vpd character driver for VPD retrieval https://git.kernel.org/powerpc/c/514f6ff4369a30bf0da71a1a09fd47b2fca5d76f [10/13] powerpc/pseries/papr-sysparm: Validate buffer object lengths https://git.kernel.org/powerpc/c/35aae182bd7b422be3cefc08c12207bf2b973364 [11/13] powerpc/pseries/papr-sysparm: Expose character device to user space https://git.kernel.org/powerpc/c/905b9e48786ec55b2c469db77fb46e20bf3e4901 [12/13] powerpc/selftests: Add test for papr-vpd https://git.kernel.org/powerpc/c/9118c5d32bddb5f75bc4f9f31218e70317702502 [13/13] powerpc/selftests: Add test for papr-sysparm https://git.kernel.org/powerpc/c/76b2ec3faeaa0c8d84705acd64ac0e5a307ce9c2 cheers