Make the DEXCR value configurable at config time. Intentionally don't
limit possible values to support future aspects without needing kernel
updates.
The default config value enables hashst/hashchk in problem state.
This should be safe, as generally software needs to request these
instructions be included in the first place.
Signed-off-by: Benjamin Gray <bg...@linux.ibm.com>
Reviewed-by: Russell Currey <rus...@russell.cc>
---
v3: * Fix hashchk typo, provide minimum ISA version
* Add ruscur reviewed-by
v1: * New in v1
Preface with: I'm note sure on the best place to put the config.
I also don't think there's any need to zero out unknown/unsupported
bits. Reserved implies they are ignored by the hardware (from my
understanding of the ISA). Current P10s boot with all bits set; lsdexcr
(later patch) reports
uDEXCR: ff000000 (SBHE, IBRTPD, SRAPD, NPHIE, PHIE, unknown)
when you try to read it back. Leaving them be also makes it easier to
support newer aspects without a kernel update.
If arbitrary value support isn't important, it's probably a nicer
interface to make each aspect an entry in a menu.
Future work may include dynamic DEXCR controls via prctl() and sysfs.
The dynamic controls would be able to override this default DEXCR on a
per-process basis. A stronger "PPC_ENFORCE_USER_ROP_PROCTETION" config
may be required at such a time to prevent dynamically disabling the
hash checks.
---
arch/powerpc/Kconfig | 14 ++++++++++++++
arch/powerpc/kernel/cpu_setup_power.c | 3 ++-
2 files changed, 16 insertions(+), 1 deletion(-)
diff --git a/arch/powerpc/Kconfig b/arch/powerpc/Kconfig
index 539d1f03ff42..b96df37e4171 100644
--- a/arch/powerpc/Kconfig
+++ b/arch/powerpc/Kconfig
@@ -1039,6 +1039,20 @@ config PPC_MEM_KEYS
If unsure, say y.
+config PPC_DEXCR_DEFAULT
+ hex "Default DEXCR value"
+ default 0x0000000004000000
+ depends on PPC_BOOK3S_64
+ help
+ Power10 introduces the Dynamic Execution Control Register (DEXCR)
+ to provide fine grained control over various speculation and
+ security capabilities. This is used as the default DEXCR value.
+
+ It is a 64 bit value that splits into 32 bits for supervisor mode
+ and 32 bits for problem state. The default config value enables
+ the hashst/hashchk instructions in userspace. See the ISA (3.1B or
+ later) for specifics of what each bit controls.
+
config PPC_SECURE_BOOT
prompt "Enable secure boot support"
bool
diff --git a/arch/powerpc/kernel/cpu_setup_power.c
b/arch/powerpc/kernel/cpu_setup_power.c
index c00721801a1b..814c825a0661 100644
--- a/arch/powerpc/kernel/cpu_setup_power.c
+++ b/arch/powerpc/kernel/cpu_setup_power.c
@@ -10,6 +10,7 @@
#include <asm/reg.h>
#include <asm/synch.h>
#include <linux/bitops.h>
+#include <linux/kconfig.h>
#include <asm/cputable.h>
#include <asm/cpu_setup.h>
@@ -128,7 +129,7 @@ static void init_PMU_ISA31(void)
static void init_DEXCR(void)
{
- mtspr(SPRN_DEXCR, 0);
+ mtspr(SPRN_DEXCR, CONFIG_PPC_DEXCR_DEFAULT);
mtspr(SPRN_HASHKEYR, 0);
}
--
2.40.1
