Skip to content

Commit

Permalink
Documentation: Document PowerPC kernel DEXCR interface
Browse files Browse the repository at this point in the history
Describe the DEXCR and document how to configure it.

Signed-off-by: Benjamin Gray <[email protected]>
Signed-off-by: Michael Ellerman <[email protected]>
Link: https://msgid.link/[email protected]
  • Loading branch information
BenjaminGrayNp1 authored and mpe committed Jun 19, 2023
1 parent 97228ca commit 65d6c88
Show file tree
Hide file tree
Showing 2 changed files with 59 additions and 0 deletions.
58 changes: 58 additions & 0 deletions Documentation/powerpc/dexcr.rst
Original file line number Diff line number Diff line change
@@ -0,0 +1,58 @@
.. SPDX-License-Identifier: GPL-2.0-or-later
==========================================
DEXCR (Dynamic Execution Control Register)
==========================================

Overview
========

The DEXCR is a privileged special purpose register (SPR) introduced in
PowerPC ISA 3.1B (Power10) that allows per-cpu control over several dynamic
execution behaviours. These behaviours include speculation (e.g., indirect
branch target prediction) and enabling return-oriented programming (ROP)
protection instructions.

The execution control is exposed in hardware as up to 32 bits ('aspects') in
the DEXCR. Each aspect controls a certain behaviour, and can be set or cleared
to enable/disable the aspect. There are several variants of the DEXCR for
different purposes:

DEXCR
A privileged SPR that can control aspects for userspace and kernel space
HDEXCR
A hypervisor-privileged SPR that can control aspects for the hypervisor and
enforce aspects for the kernel and userspace.
UDEXCR
An optional ultravisor-privileged SPR that can control aspects for the ultravisor.

Userspace can examine the current DEXCR state using a dedicated SPR that
provides a non-privileged read-only view of the userspace DEXCR aspects.
There is also an SPR that provides a read-only view of the hypervisor enforced
aspects, which ORed with the userspace DEXCR view gives the effective DEXCR
state for a process.


Configuration
=============

The DEXCR is currently unconfigurable. All threads are run with the
NPHIE aspect enabled.


coredump and ptrace
===================

The userspace values of the DEXCR and HDEXCR (in this order) are exposed under
``NT_PPC_DEXCR``. These are each 64 bits and readonly, and are intended to
assist with core dumps. The DEXCR may be made writable in future. The top 32
bits of both registers (corresponding to the non-userspace bits) are masked off.

If the kernel config ``CONFIG_CHECKPOINT_RESTORE`` is enabled, then
``NT_PPC_HASHKEYR`` is available and exposes the HASHKEYR value of the process
for reading and writing. This is a tradeoff between increased security and
checkpoint/restore support: a process should normally have no need to know its
secret key, but restoring a process requires setting its original key. The key
therefore appears in core dumps, and an attacker may be able to retrieve it from
a coredump and effectively bypass ROP protection on any threads that share this
key (potentially all threads from the same parent that have not run ``exec()``).
1 change: 1 addition & 0 deletions Documentation/powerpc/index.rst
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@ powerpc
cxl
cxlflash
dawr-power9
dexcr
dscr
eeh-pci-error-recovery
elf_hwcaps
Expand Down

0 comments on commit 65d6c88

Please sign in to comment.