Message ID | 20230330055040.434133-7-bgray@linux.ibm.com (mailing list archive) |
---|---|
State | Superseded |
Headers | show |
Series | Add static DEXCR support | expand |
On Thu, 2023-03-30 at 16:50 +1100, Benjamin Gray wrote: > Make the DEXCR value configurable at config time. Intentionally don't > limit possible values to support future aspects without needing > kernel > updates. > > The default config value enables hashst/hashchk in problem state. > This should be safe, as generally software needs to request these > instructions be included in the first place. > > Signed-off-by: Benjamin Gray <bgray@linux.ibm.com> > Reviewed-by: Russell Currey <ruscur@russell.cc> > --- > New in v1 > > Preface with: I'm note sure on the best place to put the config. Me neither. > > I also don't think there's any need to zero out unknown/unsupported > bits. Reserved implies they are ignored by the hardware (from my > understanding of the ISA). Current P10s boot with all bits set; > lsdexcr > (later patch) reports > > uDEXCR: ff000000 (SBHE, IBRTPD, SRAPD, NPHIE, PHIE, unknown) > > when you try to read it back. Leaving them be also makes it easier to > support newer aspects without a kernel update. > > If arbitrary value support isn't important, it's probably a nicer > interface to make each aspect an entry in a menu. > > Future work may include dynamic DEXCR controls via prctl() and sysfs. > The dynamic controls would be able to override this default DEXCR on > a > per-process basis. A stronger "PPC_ENFORCE_USER_ROP_PROCTETION" > config > may be required at such a time to prevent dynamically disabling the > hash checks. > --- > arch/powerpc/Kconfig | 14 ++++++++++++++ > arch/powerpc/kernel/cpu_setup_power.c | 3 ++- > 2 files changed, 16 insertions(+), 1 deletion(-) > > diff --git a/arch/powerpc/Kconfig b/arch/powerpc/Kconfig > index 47017975fc2b..809ae576e19f 100644 > --- a/arch/powerpc/Kconfig > +++ b/arch/powerpc/Kconfig > @@ -1035,6 +1035,20 @@ config PPC_MEM_KEYS > > If unsure, say y. > > +config PPC_DEXCR_DEFAULT Calling it "default" could be slightly misleading since there's no other way to modify the DEXCR right now. It'll make more sense once it's user configurable though. > + hex "Default DEXCR value" > + default 0x0000000004000000 > + depends on PPC_BOOK3S_64 > + help > + Power10 introduces the Dynamic Execution Control Register > (DEXCR) > + to provide fine grained control over various speculation > and > + security capabilities. This is used as the default DEXCR > value. > + > + It is a 64 bit value that splits into 32 bits for > supervisor mode > + and 32 bits for problem state. The default config value > enables > + the hashst/hashck instructions in userspace. See the ISA > for hashchk* May also be useful to reference the ISA version here. > + specifics of what each bit controls. > + > config PPC_SECURE_BOOT > prompt "Enable secure boot support" > bool > diff --git a/arch/powerpc/kernel/cpu_setup_power.c > b/arch/powerpc/kernel/cpu_setup_power.c > index c00721801a1b..814c825a0661 100644 > --- a/arch/powerpc/kernel/cpu_setup_power.c > +++ b/arch/powerpc/kernel/cpu_setup_power.c > @@ -10,6 +10,7 @@ > #include <asm/reg.h> > #include <asm/synch.h> > #include <linux/bitops.h> > +#include <linux/kconfig.h> > #include <asm/cputable.h> > #include <asm/cpu_setup.h> > > @@ -128,7 +129,7 @@ static void init_PMU_ISA31(void) > > static void init_DEXCR(void) > { > - mtspr(SPRN_DEXCR, 0); > + mtspr(SPRN_DEXCR, CONFIG_PPC_DEXCR_DEFAULT); > mtspr(SPRN_HASHKEYR, 0); > } >
diff --git a/arch/powerpc/Kconfig b/arch/powerpc/Kconfig index 47017975fc2b..809ae576e19f 100644 --- a/arch/powerpc/Kconfig +++ b/arch/powerpc/Kconfig @@ -1035,6 +1035,20 @@ config PPC_MEM_KEYS If unsure, say y. +config PPC_DEXCR_DEFAULT + hex "Default DEXCR value" + default 0x0000000004000000 + depends on PPC_BOOK3S_64 + help + Power10 introduces the Dynamic Execution Control Register (DEXCR) + to provide fine grained control over various speculation and + security capabilities. This is used as the default DEXCR value. + + It is a 64 bit value that splits into 32 bits for supervisor mode + and 32 bits for problem state. The default config value enables + the hashst/hashck instructions in userspace. See the ISA for + specifics of what each bit controls. + config PPC_SECURE_BOOT prompt "Enable secure boot support" bool diff --git a/arch/powerpc/kernel/cpu_setup_power.c b/arch/powerpc/kernel/cpu_setup_power.c index c00721801a1b..814c825a0661 100644 --- a/arch/powerpc/kernel/cpu_setup_power.c +++ b/arch/powerpc/kernel/cpu_setup_power.c @@ -10,6 +10,7 @@ #include <asm/reg.h> #include <asm/synch.h> #include <linux/bitops.h> +#include <linux/kconfig.h> #include <asm/cputable.h> #include <asm/cpu_setup.h> @@ -128,7 +129,7 @@ static void init_PMU_ISA31(void) static void init_DEXCR(void) { - mtspr(SPRN_DEXCR, 0); + mtspr(SPRN_DEXCR, CONFIG_PPC_DEXCR_DEFAULT); mtspr(SPRN_HASHKEYR, 0); }
Make the DEXCR value configurable at config time. Intentionally don't limit possible values to support future aspects without needing kernel updates. The default config value enables hashst/hashchk in problem state. This should be safe, as generally software needs to request these instructions be included in the first place. Signed-off-by: Benjamin Gray <bgray@linux.ibm.com> --- New in v1 Preface with: I'm note sure on the best place to put the config. I also don't think there's any need to zero out unknown/unsupported bits. Reserved implies they are ignored by the hardware (from my understanding of the ISA). Current P10s boot with all bits set; lsdexcr (later patch) reports uDEXCR: ff000000 (SBHE, IBRTPD, SRAPD, NPHIE, PHIE, unknown) when you try to read it back. Leaving them be also makes it easier to support newer aspects without a kernel update. If arbitrary value support isn't important, it's probably a nicer interface to make each aspect an entry in a menu. Future work may include dynamic DEXCR controls via prctl() and sysfs. The dynamic controls would be able to override this default DEXCR on a per-process basis. A stronger "PPC_ENFORCE_USER_ROP_PROCTETION" config may be required at such a time to prevent dynamically disabling the hash checks. --- arch/powerpc/Kconfig | 14 ++++++++++++++ arch/powerpc/kernel/cpu_setup_power.c | 3 ++- 2 files changed, 16 insertions(+), 1 deletion(-)