Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
powerpc/pseries: new character device(s) for RTAS functions
This is a proposal for adding chardev-based access to a select subset of RTAS functions on the pseries platform. The problem: important platform features are enabled on Linux VMs through the powerpc-specific rtas() syscall in combination with writeable mappings of /dev/mem. In typical usage, this is encapsulated behind APIs provided by the librtas library. This paradigm is incompatible with lockdown, which prohibits /dev/mem access. The solution I'm working on is to add a small pseries-specific "driver" for each functional area, exposing the relevant features to user space in ways that are compatible with lockdown. In most of these areas, I believe it's possible to change librtas to prefer the new chardev interfaces without disrupting existing users. I've broken down the affected functions into the following areas and priorities: High priority: * VPD retrieval. * System parameters: retrieval and update. Medium priority: * Platform dump retrieval. * Light path diagnostics (get/set-dynamic-indicator, get-dynamic-sensor-state, get-indices). Low priority (may never happen): * Error injection: would have to be carefully restricted. * Physical attestation: no known users. * LPAR perftools: no known users. Out of scope: * DLPAR (configure-connector et al): involves device tree updates which must be handled entirely in-kernel for lockdown. This is the object of a separate effort. See ibm-power-utilities/librtas#29 for more details. In this initial series, I've included just a driver for VPD retrieval. Clients use ioctl() to obtain a file descriptor-based handle for the VPD they want. I think this could be a good model for the other areas too, but I'd like to get opinions on it. For reference, I floated a different approach for system parameters here: https://lore.kernel.org/linuxppc-dev/[email protected]/ --- b4-submit-tracking --- { "series": { "revision": 1, "change-id": "20230817-papr-sys_rtas-vs-lockdown-5c54505db792", "prefixes": [ "RFC" ] } }
- Loading branch information
1 parent
4f894fe
commit 7e88109