On 12/19/24 09:10, Nicholas Piggin wrote:
> The hypervisor is expected to create a value for the HASHPKEY SPR for
> each partition. Currently it uses zero for all partitions, use a
> random number instead, which in theory might make kernel ROP protection
> more secure.
>
> Signed-of-by: Nicholas Piggin <npiggin@gmail.com>
Reviewed-by: Harsh Prateek Bora <harshpb@linux.ibm.com>
> ---
> include/hw/ppc/spapr.h | 1 +
> hw/ppc/spapr.c | 3 +++
> hw/ppc/spapr_cpu_core.c | 2 ++
> 3 files changed, 6 insertions(+)
>
> diff --git a/include/hw/ppc/spapr.h b/include/hw/ppc/spapr.h
> index af4aa1cb0fb..db44893689b 100644
> --- a/include/hw/ppc/spapr.h
> +++ b/include/hw/ppc/spapr.h
> @@ -201,6 +201,7 @@ struct SpaprMachineState {
> uint32_t fdt_initial_size;
> void *fdt_blob;
> uint8_t fdt_rng_seed[32];
> + uint64_t hashpkey_val;
> long kernel_size;
> bool kernel_le;
> uint64_t kernel_addr;
> diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
> index fa05e0c5156..34934afd551 100644
> --- a/hw/ppc/spapr.c
> +++ b/hw/ppc/spapr.c
> @@ -2888,6 +2888,9 @@ static void spapr_machine_init(MachineState *machine)
> spapr_ovec_set(spapr->ov5, OV5_XIVE_EXPLOIT);
> }
>
> + qemu_guest_getrandom_nofail(&spapr->hashpkey_val,
> + sizeof(spapr->hashpkey_val));
> +
> /* init CPUs */
> spapr_init_cpus(spapr);
>
> diff --git a/hw/ppc/spapr_cpu_core.c b/hw/ppc/spapr_cpu_core.c
> index 88d743a3c3f..bf9f29f4ff3 100644
> --- a/hw/ppc/spapr_cpu_core.c
> +++ b/hw/ppc/spapr_cpu_core.c
> @@ -273,6 +273,8 @@ static bool spapr_realize_vcpu(PowerPCCPU *cpu, SpaprMachineState *spapr,
> env->spr_cb[SPR_PIR].default_value = cs->cpu_index;
> env->spr_cb[SPR_TIR].default_value = thread_index;
>
> + env->spr_cb[SPR_HASHPKEYR].default_value = spapr->hashpkey_val;
> +
> cpu_ppc_set_1lpar(cpu);
>
> /* Set time-base frequency to 512 MHz. vhyp must be set first. */