RHEL-35828/CVE-2024-21823: Deal with dsa/iaa device hardware erratum

Merge Request Required Information

JIRA: https://issues.redhat.com/browse/RHEL-35828
Upstream Status: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
CVE: CVE-2024-21823
Tested: The mmap cap_sys_rawio restriction was tested by using a non-root user to run a dsa_test command against the device. The new write interface was tested by modifying the test code in accel-config-test to have the ability to use the mmap or write interface when submitting a descriptor.

Summary of Changes

This set of commits deals with CVE-2024-21823. On Sapphire Rapids and related platforms, the DSA and IAA devices have an erratum (INTEL-SA-01084) that causes direct access (for example, by using the ENQCMD or MOVDIR64 instructions) from untrusted applications to be a security problem.

Signed-off-by: Jerry Snitselaar jsnitsel@redhat.com

Approved Development Ticket

All submissions to CentOS Stream must reference an approved ticket in Red Hat Jira. Please follow the CentOS Stream contribution documentation for how to file this ticket and have it approved.