transition away from /dev/mem #29
Comments
|
Many of the calls in this table are straightforward to convert to an ioctl-based interface: it is more or less obvious how to structure a command, call the ioctl, and process the result. Examples: It seems more complex to support
Every API in the table above is either "simple" or "sequence-based", with the possible exception of the error injection APIs, which may be in their own category. |
|
Added columns for higher level use case as well as RTAS function category as discussed in earlier comment. "simple" means one-shot, "streaming" covers the sequence-based pattern I described. |
nathanlynch
added a commit
to nathanlynch/linuxppc-ci
that referenced
this issue
Aug 17, 2023
This is a proposal for adding chardev-based access to a select subset of RTAS functions on the pseries platform. The problem: important platform features are enabled on Linux VMs through the powerpc-specific rtas() syscall in combination with writeable mappings of /dev/mem. In typical usage, this is encapsulated behind APIs provided by the librtas library. This paradigm is incompatible with lockdown, which prohibits /dev/mem access. The solution I'm working on is to add a small pseries-specific "driver" for each functional area, exposing the relevant features to user space in ways that are compatible with lockdown. In most of these areas, I believe it's possible to change librtas to prefer the new chardev interfaces without disrupting existing users. I've broken down the affected functions into the following areas and priorities: High priority: * VPD retrieval. * System parameters: retrieval and update. Medium priority: * Platform dump retrieval. * Light path diagnostics (get/set-dynamic-indicator, get-dynamic-sensor-state, get-indices). Low priority (may never happen): * Error injection: would have to be carefully restricted. * Physical attestation: no known users. * LPAR perftools: no known users. Out of scope: * DLPAR (configure-connector et al): involves device tree updates which must be handled entirely in-kernel for lockdown. This is the object of a separate effort. See ibm-power-utilities/librtas#29 for more details. In this initial series, I've included just a driver for VPD retrieval. Clients use ioctl() to obtain a file descriptor-based handle for the VPD they want. I think this could be a good model for the other areas too, but I'd like to get opinions on it. For reference, I floated a different approach for system parameters here: https://lore.kernel.org/linuxppc-dev/20220730000458.130938-1-nathanl@linux.ibm.com/ --- b4-submit-tracking --- { "series": { "revision": 1, "change-id": "20230817-papr-sys_rtas-vs-lockdown-5c54505db792", "prefixes": [ "RFC" ] } }
nathanlynch
added a commit
to nathanlynch/linuxppc-ci
that referenced
this issue
Aug 22, 2023
This is a proposal for adding chardev-based access to a select subset of RTAS functions on the pseries platform. The problem: important platform features are enabled on Linux VMs through the powerpc-specific rtas() syscall in combination with writeable mappings of /dev/mem. In typical usage, this is encapsulated behind APIs provided by the librtas library. This paradigm is incompatible with lockdown, which prohibits /dev/mem access. The solution I'm working on is to add a small pseries-specific "driver" for each functional area, exposing the relevant features to user space in ways that are compatible with lockdown. In most of these areas, I believe it's possible to change librtas to prefer the new chardev interfaces without disrupting existing users. I've broken down the affected functions into the following areas and priorities: High priority: * VPD retrieval. * System parameters: retrieval and update. Medium priority: * Platform dump retrieval. * Light path diagnostics (get/set-dynamic-indicator, get-dynamic-sensor-state, get-indices). Low priority (may never happen): * Error injection: would have to be carefully restricted. * Physical attestation: no known users. * LPAR perftools: no known users. Out of scope: * DLPAR (configure-connector et al): involves device tree updates which must be handled entirely in-kernel for lockdown. This is the object of a separate effort. See ibm-power-utilities/librtas#29 for more details. In this initial series, I've included just a driver for VPD retrieval. Clients use ioctl() to obtain a file descriptor-based handle for the VPD they want. I think this could be a good model for the other areas too, but I'd like to get opinions on it. For reference, I floated a different approach for system parameters here: https://lore.kernel.org/linuxppc-dev/20220730000458.130938-1-nathanl@linux.ibm.com/ --- b4-submit-tracking --- { "series": { "revision": 1, "change-id": "20230817-papr-sys_rtas-vs-lockdown-5c54505db792", "prefixes": [ "RFC" ] } }
nathanlynch
added a commit
to nathanlynch/linuxppc-ci
that referenced
this issue
Aug 22, 2023
This is a proposal for adding chardev-based access to a select subset of RTAS functions on the pseries platform. The problem: important platform features are enabled on Linux VMs through the powerpc-specific rtas() syscall in combination with writeable mappings of /dev/mem. In typical usage, this is encapsulated behind APIs provided by the librtas library. This paradigm is incompatible with lockdown, which prohibits /dev/mem access. The solution I'm working on is to add a small pseries-specific "driver" for each functional area, exposing the relevant features to user space in ways that are compatible with lockdown. In most of these areas, I believe it's possible to change librtas to prefer the new chardev interfaces without disrupting existing users. I've broken down the affected functions into the following areas and priorities: High priority: * VPD retrieval. * System parameters: retrieval and update. Medium priority: * Platform dump retrieval. * Light path diagnostics (get/set-dynamic-indicator, get-dynamic-sensor-state, get-indices). Low priority (may never happen): * Error injection: would have to be carefully restricted. * Physical attestation: no known users. * LPAR perftools: no known users. Out of scope: * DLPAR (configure-connector et al): involves device tree updates which must be handled entirely in-kernel for lockdown. This is the object of a separate effort. See ibm-power-utilities/librtas#29 for more details. In this RFC, I've included a single driver for VPD retrieval. Clients use ioctl() to obtain a file descriptor-based handle for the VPD they want. I think this could be a good model for the other areas too, but I'd like to get opinions on it. In the next iteration I expect to add a separate driver for system parameters. For reference, I floated a different approach for system parameters here: https://lore.kernel.org/linuxppc-dev/20220730000458.130938-1-nathanl@linux.ibm.com/ To: Michael Ellerman <mpe@ellerman.id.au> To: Nicholas Piggin <npiggin@gmail.com> To: Michal Suchánek <msuchanek@suse.de> Cc: linuxppc-dev@lists.ozlabs.org Cc: tyreld@linux.ibm.com Cc: gcwilson@linux.ibm.com --- Changes in v2: - EDITME: describe what is new in this series revision. - EDITME: use bulletpoints and terse descriptions. - Link to v1: https://lore.kernel.org/r/20230822-papr-sys_rtas-vs-lockdown-v1-0-932623cf3c7b@linux.ibm.com --- b4-submit-tracking --- # This section is used internally by b4 prep for tracking purposes. { "series": { "revision": 2, "change-id": "20230817-papr-sys_rtas-vs-lockdown-5c54505db792", "prefixes": [ "RFC" ], "history": { "v1": [ "20230822-papr-sys_rtas-vs-lockdown-v1-0-932623cf3c7b@linux.ibm.com" ] } } }
nathanlynch
added a commit
to nathanlynch/linuxppc-ci
that referenced
this issue
Sep 7, 2023
This is a proposal for adding chardev-based access to a select subset of RTAS functions on the pseries platform. The problem: important platform features are enabled on Linux VMs through the powerpc-specific rtas() syscall in combination with writeable mappings of /dev/mem. In typical usage, this is encapsulated behind APIs provided by the librtas library. This paradigm is incompatible with lockdown, which prohibits /dev/mem access. The solution I'm working on is to add a small pseries-specific "driver" for each functional area, exposing the relevant features to user space in ways that are compatible with lockdown. In most of these areas, I believe it's possible to change librtas to prefer the new chardev interfaces without disrupting existing users. I've broken down the affected functions into the following areas and priorities: High priority: * VPD retrieval. * System parameters: retrieval and update. Medium priority: * Platform dump retrieval. * Light path diagnostics (get/set-dynamic-indicator, get-dynamic-sensor-state, get-indices). Low priority (may never happen): * Error injection: would have to be carefully restricted. * Physical attestation: no known users. * LPAR perftools: no known users. Out of scope: * DLPAR (configure-connector et al): involves device tree updates which must be handled entirely in-kernel for lockdown. This is the object of a separate effort. See ibm-power-utilities/librtas#29 for more details. In this RFC, I've included a single driver for VPD retrieval. Clients use ioctl() to obtain a file descriptor-based handle for the VPD they want. I think this could be a good model for the other areas too, but I'd like to get opinions on it. In the next iteration I expect to add a separate driver for system parameters. For reference, I floated a different approach for system parameters here: https://lore.kernel.org/linuxppc-dev/20220730000458.130938-1-nathanl@linux.ibm.com/ To: Michael Ellerman <mpe@ellerman.id.au> To: Nicholas Piggin <npiggin@gmail.com> To: Michal Suchánek <msuchanek@suse.de> Cc: linuxppc-dev@lists.ozlabs.org Cc: tyreld@linux.ibm.com Cc: gcwilson@linux.ibm.com --- Changes in v2: - include string_helpers.h in papr-vpd.c, per Michal Suchánek - Link to v1: https://lore.kernel.org/r/20230822-papr-sys_rtas-vs-lockdown-v1-0-932623cf3c7b@linux.ibm.com --- b4-submit-tracking --- { "series": { "revision": 2, "change-id": "20230817-papr-sys_rtas-vs-lockdown-5c54505db792", "prefixes": [ "RFC" ], "history": { "v1": [ "20230822-papr-sys_rtas-vs-lockdown-v1-0-932623cf3c7b@linux.ibm.com" ] } } }
nathanlynch
added a commit
to nathanlynch/linuxppc-ci
that referenced
this issue
Sep 22, 2023
This is a proposal for adding chardev-based access to a select subset of RTAS functions on the pseries platform. The problem: important platform features are enabled on Linux VMs through the powerpc-specific rtas() syscall in combination with writeable mappings of /dev/mem. In typical usage, this is encapsulated behind APIs provided by the librtas library. This paradigm is incompatible with lockdown, which prohibits /dev/mem access. The solution I'm working on is to add a small pseries-specific "driver" for each functional area, exposing the relevant features to user space in ways that are compatible with lockdown. In most of these areas, I believe it's possible to change librtas to prefer the new chardev interfaces without disrupting existing users. I've broken down the affected functions into the following areas and priorities: High priority: * VPD retrieval. * System parameters: retrieval and update. Medium priority: * Platform dump retrieval. * Light path diagnostics (get/set-dynamic-indicator, get-dynamic-sensor-state, get-indices). Low priority (may never happen): * Error injection: would have to be carefully restricted. * Physical attestation: no known users. * LPAR perftools: no known users. Out of scope: * DLPAR (configure-connector et al): involves device tree updates which must be handled entirely in-kernel for lockdown. This is the object of a separate effort. See ibm-power-utilities/librtas#29 for more details. In this RFC, I've included a single driver for VPD retrieval. Clients use ioctl() to obtain a file descriptor-based handle for the VPD they want. I think this could be a good model for the other areas too, but I'd like to get opinions on it. In the next iteration I expect to add a separate driver for system parameters. For reference, I floated a different approach for system parameters here: https://lore.kernel.org/linuxppc-dev/20220730000458.130938-1-nathanl@linux.ibm.com/ To: Michael Ellerman <mpe@ellerman.id.au> To: Nicholas Piggin <npiggin@gmail.com> To: Michal Suchánek <msuchanek@suse.de> Cc: linuxppc-dev@lists.ozlabs.org Cc: tyreld@linux.ibm.com Cc: gcwilson@linux.ibm.com --- Changes in v2: - include string_helpers.h in papr-vpd.c, per Michal Suchánek - Link to v1: https://lore.kernel.org/r/20230822-papr-sys_rtas-vs-lockdown-v1-0-932623cf3c7b@linux.ibm.com --- b4-submit-tracking --- { "series": { "revision": 2, "change-id": "20230817-papr-sys_rtas-vs-lockdown-5c54505db792", "prefixes": [ "RFC" ], "history": { "v1": [ "20230822-papr-sys_rtas-vs-lockdown-v1-0-932623cf3c7b@linux.ibm.com" ] } } }
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
All librtas APIs that require passing a "work area" to the underlying RTAS calls use
/dev/memto allocate buffers that are addressable by RTAS. When the kernel lockdown feature is enabled, this becomes impossible, and different kernel-user APIs are necessary.This issue is for cataloging the affected APIs and the proposed solutions. Many can be fixed by adding new (likely ioctl-oriented) interfaces to the kernel and supporting code within librtas without requiring changes to librtas clients. Some, like
rtas_cfg_connector, are fundamentally incompatible with lockdown and modern Linux device configuration architecture, and its users need to be migrated to solutions outside of librtas.rtas_cfg_connectorrtas_display_msgrtas_errinjctrtas_errinjct_openrtas_errinjctrtas_errinjct_closertas_errinjctrtas_free_rmo_bufferrtas_get_rmo_bufferrtas_get_dynamic_sensorrtas_get_indicesrtas_get_rmo_bufferrtas_get_sysparmrtas_get_vpdibm,get-vpdcall sequences to be serialized, so existing uses are fragile already.rtas_lpar_perftoolsrtas_platform_dumprtas_physical_attestationrtas_scan_log_dumprtas_set_dynamic_indicatorrtas_set_sysparmrtas_update_nodesrtas_update_propertiesrtas_update_nodes.The text was updated successfully, but these errors were encountered: