@@ -1036,6 +1036,20 @@ config PPC_MEM_KEYS
If unsure, say y.
+config PPC_DEXCR_DEFAULT
+ hex "Default DEXCR value"
+ default 0x0000000004000000
+ depends on PPC_BOOK3S_64
+ help
+ Power10 introduces the Dynamic Execution Control Register (DEXCR)
+ to provide fine grained control over various speculation and
+ security capabilities. This is used as the default DEXCR value.
+
+ It is a 64 bit value that splits into 32 bits for supervisor mode
+ and 32 bits for problem state. The default config value enables
+ the hashst/hashck instructions in userspace. See the ISA for
+ specifics of what each bit controls.
+
config PPC_SECURE_BOOT
prompt "Enable secure boot support"
bool
@@ -10,6 +10,7 @@
#include <asm/reg.h>
#include <asm/synch.h>
#include <linux/bitops.h>
+#include <linux/kconfig.h>
#include <asm/cputable.h>
#include <asm/cpu_setup.h>
@@ -128,7 +129,7 @@ static void init_PMU_ISA31(void)
static void init_DEXCR(void)
{
- mtspr(SPRN_DEXCR, 0);
+ mtspr(SPRN_DEXCR, CONFIG_PPC_DEXCR_DEFAULT);
mtspr(SPRN_HASHKEYR, 0);
}
Make the DEXCR value configurable at config time. Intentionally don't limit possible values to support future aspects without needing kernel updates. The default config value enables hashst/hashchk in problem state. This should be safe, as generally software needs to request these instructions be included in the first place. Signed-off-by: Benjamin Gray <bgray@linux.ibm.com> --- New in v1 Preface with: I'm note sure on the best place to put the config. I also don't think there's any need to zero out unknown/unsupported bits. Reserved implies they are ignored by the hardware (from my understanding of the ISA). Current P10s boot with all bits set; lsdexcr (later patch) reports uDEXCR: ff000000 (SBHE, IBRTPD, SRAPD, NPHIE, PHIE, unknown) when you try to read it back. Leaving them be also makes it easier to support newer aspects without a kernel update. If arbitrary value support isn't important, it's probably a nicer interface to make each aspect an entry in a menu. Future work may include dynamic DEXCR controls via prctl() and sysfs. The dynamic controls would be able to override this default DEXCR on a per-process basis. A stronger "PPC_ENFORCE_USER_ROP_PROCTETION" config may be required at such a time to prevent dynamically disabling the hash checks. --- arch/powerpc/Kconfig | 14 ++++++++++++++ arch/powerpc/kernel/cpu_setup_power.c | 3 ++- 2 files changed, 16 insertions(+), 1 deletion(-)