From: Nathan Lynch via B4 Relay <devnull+nathanl.linux.ibm.com@kernel.org>
To: "Michael Ellerman" <mpe@ellerman.id.au>,
"Nicholas Piggin" <npiggin@gmail.com>,
"Michal Suchánek" <msuchanek@suse.de>
Cc: Nathan Lynch <nathanl@linux.ibm.com>,
tyreld@linux.ibm.com, gcwilson@linux.ibm.com,
linuxppc-dev@lists.ozlabs.org
Subject: [PATCH RFC 0/2] powerpc/pseries: new character devices for RTAS functions
Date: Tue, 22 Aug 2023 16:33:38 -0500 [thread overview]
Message-ID: <20230822-papr-sys_rtas-vs-lockdown-v1-0-932623cf3c7b@linux.ibm.com> (raw)
This is a proposal for adding chardev-based access to a select subset
of RTAS functions on the pseries platform.
The problem: important platform features are enabled on Linux VMs
through the powerpc-specific rtas() syscall in combination with
writeable mappings of /dev/mem. In typical usage, this is encapsulated
behind APIs provided by the librtas library. This paradigm is
incompatible with lockdown, which prohibits /dev/mem access.
The solution I'm working on is to add a small pseries-specific
"driver" for each functional area, exposing the relevant features to
user space in ways that are compatible with lockdown. In most of these
areas, I believe it's possible to change librtas to prefer the new
chardev interfaces without disrupting existing users.
I've broken down the affected functions into the following areas and
priorities:
High priority:
* VPD retrieval.
* System parameters: retrieval and update.
Medium priority:
* Platform dump retrieval.
* Light path diagnostics (get/set-dynamic-indicator,
get-dynamic-sensor-state, get-indices).
Low priority (may never happen):
* Error injection: would have to be carefully restricted.
* Physical attestation: no known users.
* LPAR perftools: no known users.
Out of scope:
* DLPAR (configure-connector et al): involves device tree updates
which must be handled entirely in-kernel for lockdown. This is the
object of a separate effort.
See https://github.com/ibm-power-utilities/librtas/issues/29 for more
details.
In this RFC, I've included a single driver for VPD retrieval. Clients
use ioctl() to obtain a file descriptor-based handle for the VPD they
want. I think this could be a good model for the other areas too, but
I'd like to get opinions on it.
In the next iteration I expect to add a separate driver for system
parameters.
For reference, I floated a different approach for system parameters
here:
https://lore.kernel.org/linuxppc-dev/20220730000458.130938-1-nathanl@linux.ibm.com/
---
Nathan Lynch (2):
powerpc/pseries: papr-vpd char driver for VPD retrieval
powerpc/selftests: add test for papr-vpd
Documentation/userspace-api/ioctl/ioctl-number.rst | 2 +
arch/powerpc/include/uapi/asm/papr-vpd.h | 29 ++
arch/powerpc/platforms/pseries/Makefile | 1 +
arch/powerpc/platforms/pseries/papr-vpd.c | 353 +++++++++++++++++++++
tools/testing/selftests/powerpc/Makefile | 1 +
.../testing/selftests/powerpc/papr_vpd/.gitignore | 1 +
tools/testing/selftests/powerpc/papr_vpd/Makefile | 12 +
.../testing/selftests/powerpc/papr_vpd/papr_vpd.c | 351 ++++++++++++++++++++
8 files changed, 750 insertions(+)
---
base-commit: d77497508a229529830850ba07e1e52596463d21
change-id: 20230817-papr-sys_rtas-vs-lockdown-5c54505db792
Best regards,
--
Nathan Lynch <nathanl@linux.ibm.com>
next reply other threads:[~2023-08-22 21:34 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-08-22 21:33 Nathan Lynch via B4 Relay [this message]
2023-08-22 21:33 ` [PATCH RFC 1/2] powerpc/pseries: papr-vpd char driver for VPD retrieval Nathan Lynch via B4 Relay
2023-08-30 7:29 ` Michal Suchánek
2023-08-31 5:34 ` Michael Ellerman
2023-08-31 10:38 ` Michal Suchánek
2023-08-31 11:37 ` Michael Ellerman
2023-08-31 11:44 ` Michal Suchánek
2023-08-31 17:59 ` Nathan Lynch
2023-09-04 7:20 ` Michal Suchánek
2023-09-05 2:42 ` Michael Ellerman
2023-09-05 8:24 ` Michal Suchánek
2023-08-31 11:35 ` Michal Suchánek
2023-09-04 7:48 ` Michal Suchánek
2023-08-31 15:52 ` Nathan Lynch
2023-09-06 9:19 ` Michal Suchánek
2023-08-22 21:33 ` [PATCH RFC 2/2] powerpc/selftests: add test for papr-vpd Nathan Lynch via B4 Relay
2023-08-24 6:20 ` Russell Currey
2023-08-24 11:51 ` Nathan Lynch
2023-09-06 9:30 ` [PATCH RFC 0/2] powerpc/pseries: new character devices for RTAS functions Michal Suchánek
2023-09-06 12:08 ` [PATCH RFC] powerpc/rtas: Make it possible to disable sys_rtas Michal Suchanek
2023-09-06 19:34 ` Nathan Lynch
2023-09-07 16:01 ` Michal Suchánek
2023-09-07 16:52 ` Nathan Lynch
2023-09-07 17:19 ` Michal Suchánek
2023-09-08 17:48 ` Nathan Lynch
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230822-papr-sys_rtas-vs-lockdown-v1-0-932623cf3c7b@linux.ibm.com \
--to=devnull+nathanl.linux.ibm.com@kernel.org \
--cc=gcwilson@linux.ibm.com \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=mpe@ellerman.id.au \
--cc=msuchanek@suse.de \
--cc=nathanl@linux.ibm.com \
--cc=npiggin@gmail.com \
--cc=tyreld@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).