From c2059fa5033688df50c44cc594e5039722b22745 Mon Sep 17 00:00:00 2001 From: Binno Date: Tue, 20 Aug 2024 01:03:05 -0700 Subject: [PATCH 1/4] Need zero extend for sspopchk compared vale * when xlen is 32 --- riscv/zicfiss.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/riscv/zicfiss.h b/riscv/zicfiss.h index 83c166d5fd..c7aef64b9a 100644 --- a/riscv/zicfiss.h +++ b/riscv/zicfiss.h @@ -25,7 +25,7 @@ shadow_return_addr = MMU.ss_load(STATE.ssp->read()); \ else \ shadow_return_addr = MMU.ss_load(STATE.ssp->read()); \ - software_check(value == shadow_return_addr, SHADOW_STACK_FAULT); \ + software_check(zext_xlen(value) == shadow_return_addr, SHADOW_STACK_FAULT); \ STATE.ssp->write(STATE.ssp->read() + xlen / 8); #endif From dceed48983f0ec0e5c95f618b96770e71385227d Mon Sep 17 00:00:00 2001 From: Binno Date: Mon, 7 Oct 2024 19:56:40 -0700 Subject: [PATCH 2/4] Implement elp state holding mechanism for mnstatus --- riscv/csrs.cc | 1 + riscv/encoding.h | 1 + riscv/insns/mnret.h | 6 ++++++ 3 files changed, 8 insertions(+) diff --git a/riscv/csrs.cc b/riscv/csrs.cc index 2267f7f47d..3dbac7b7c8 100644 --- a/riscv/csrs.cc +++ b/riscv/csrs.cc @@ -585,6 +585,7 @@ bool mnstatus_csr_t::unlogged_write(const reg_t val) noexcept { // NMIE can be set but not cleared const reg_t mask = (~read() & MNSTATUS_NMIE) | (proc->extension_enabled('H') ? MNSTATUS_MNPV : 0) + | (proc->extension_enabled(EXT_ZICFILP) ? MNSTATUS_MNPELP : 0) | MNSTATUS_MNPP; const reg_t requested_mnpp = proc->legalize_privilege(get_field(val, MNSTATUS_MNPP)); diff --git a/riscv/encoding.h b/riscv/encoding.h index dcd4e248ed..5f4f86ed7b 100644 --- a/riscv/encoding.h +++ b/riscv/encoding.h @@ -81,6 +81,7 @@ #define USTATUS_UPIE 0x00000010 #define MNSTATUS_NMIE 0x00000008 +#define MNSTATUS_MNPELP 0x00000200 #define MNSTATUS_MNPP 0x00001800 #define MNSTATUS_MNPV 0x00000080 diff --git a/riscv/insns/mnret.h b/riscv/insns/mnret.h index 30f108188b..2003cbe333 100644 --- a/riscv/insns/mnret.h +++ b/riscv/insns/mnret.h @@ -10,5 +10,11 @@ if (prev_prv != PRV_M) { STATE.mstatus->write(mstatus); } s = set_field(s, MNSTATUS_NMIE, 1); +if (ZICFILP_xLPE(prev_virt, prev_prv)) { + STATE.elp = static_cast(get_field(s, MNSTATUS_MNPELP)); +} +if (p->extension_enabled(EXT_ZICFILP)) { + s = set_field(s, MNSTATUS_MNPELP, elp_t::NO_LP_EXPECTED); +} STATE.mnstatus->write(s); p->set_privilege(prev_prv, prev_virt); From c64c7aa3119c321975a81f944ede8dbc5e6ecd59 Mon Sep 17 00:00:00 2001 From: Binno Date: Mon, 25 Nov 2024 03:01:10 -0800 Subject: [PATCH 3/4] Ssrdp should write sign-extension value as xlen is 32 --- riscv/insns/ssrdp.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/riscv/insns/ssrdp.h b/riscv/insns/ssrdp.h index 20b0856788..bf20504c0c 100644 --- a/riscv/insns/ssrdp.h +++ b/riscv/insns/ssrdp.h @@ -1,7 +1,7 @@ #include "zicfiss.h" if (xSSE()) { - WRITE_RD(STATE.ssp->read()); + WRITE_RD(sext_xlen(STATE.ssp->read())); } else { #include "mop_r_N.h" } From 226e4a3bd6e69e67d2a3913e5ef6771201aef3de Mon Sep 17 00:00:00 2001 From: Binno Date: Wed, 22 Jan 2025 19:03:13 -0800 Subject: [PATCH 4/4] Raise store access fault as accessing undefined mmio region by SS instructions * base on CFI spec, ch2.8 The access type is classified as a store/AMO in the event of an access-fault, page-fault, or guest-page fault exception triggered by shadow stack instructions. --- riscv/mmu.cc | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/riscv/mmu.cc b/riscv/mmu.cc index 165985f7af..0add74bfc7 100644 --- a/riscv/mmu.cc +++ b/riscv/mmu.cc @@ -215,7 +215,9 @@ void mmu_t::load_slow_path_intrapage(reg_t len, uint8_t* bytes, mem_access_info_ refill_tlb(addr, paddr, host_addr, LOAD); } else if (!mmio_load(paddr, len, bytes)) { - throw trap_load_access_fault(access_info.effective_virt, transformed_addr, 0, 0); + (access_info.flags.ss_access)? + throw trap_store_access_fault(access_info.effective_virt, transformed_addr, 0, 0) : + throw trap_load_access_fault(access_info.effective_virt, transformed_addr, 0, 0); } if (access_info.flags.lr) {