Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Rename software error exception to software check exception #171

Merged
merged 1 commit into from
Oct 26, 2023
Merged

Rename software error exception to software check exception #171

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 5 additions & 5 deletions cfi_backward.adoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,7 @@ epilogue), the function loads the link register from the regular stack and
the shadow copy of the link register from the shadow stack. Then, the link register
value from the regular stack and the shadow link register value from the shadow
stack are compared. A mismatch of the two values is indicative of a subversion
of the return address control variable and causes a software error exception.
of the return address control variable and causes a software check exception.

The Zicfiss instructions are encoded using a subset of "May be op" instructions
defined by the Zimop and Zcmop extensions cite:[ZIMOP]. This subset of
Expand Down Expand Up @@ -508,20 +508,20 @@ if (xSSE == 1)
# cause an SW integrity fault exception
# if they are not bitwise equal.
# Only x1 and x5 may be used as src
Raise software error exception
Raise software check exception
else
ssp = ssp + (XLEN/8) # increment ssp by XLEN/8.
endif
endif
----

If the value loaded from the address in `ssp` does not match the value in `rs1`,
a software error exception (cause=18) is raised with `__x__tval` set to "shadow
stack fault (code=3)". The software error exception caused by `SSPOPCHK`/
a software check exception (cause=18) is raised with `__x__tval` set to "shadow
stack fault (code=3)". The software check exception caused by `SSPOPCHK`/
`C.SSPOPCHK` is lower in priority than a load access-fault exception.

The `ssp` is incremented by `SSPOPCHK` and `C.SSPOPCHK` only if the load from
the shadow stack completes successfully and no software error exception is
the shadow stack completes successfully and no software check exception is
raised.

[NOTE]
Expand Down
20 changes: 10 additions & 10 deletions cfi_forward.adoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ using indirect call and jumps, and this is referred to as forward-edge
protection. When the Zicfilp is active, the hart tracks an expected landing pad
(`ELP`) state that is updated by an _indirect_call_ or _indirect_jump_ to
require a landing pad instruction at the target of the branch. If the
instruction at the target is not a landing pad, then a software error exception
instruction at the target is not a landing pad, then a software check exception
is raised.

A landing pad may be optionally associated with a 20-bit label. With labeling
Expand Down Expand Up @@ -155,7 +155,7 @@ not need to establish an expected landing pad label value in `x7`.
When `ELP` is set to `LP_EXPECTED`, if the next instruction in the instruction
stream is not 4-byte aligned, or is not `LPAD`, or if the landing pad label
encoded in `LPAD` is not zero and does not match the expected landing pad label
in bits 31:12 of the `x7` register, then a software error exception (cause=18) with
in bits 31:12 of the `x7` register, then a software check exception (cause=18) with
`*tval` set to "landing pad fault (code=2)" is raised else the `ELP` is updated to
`NO_LP_EXPECTED`.

Expand Down Expand Up @@ -500,9 +500,9 @@ following conditions are true:
* The `ELP` is `LP_EXPECTED` and the `LPL` is not zero and the `LPL` does not
match the expected landing pad label in bits 31:12 of the `x7` register.

If the instruction causes an software error exception, the `ELP` does not
change. The behavior of the trap caused by this software error exception is
specified in section <<FORWARD_TRAPS>>. If a software error exception is not
If the instruction causes an software check exception, the `ELP` does not
change. The behavior of the trap caused by this software check exception is
specified in section <<FORWARD_TRAPS>>. If a software check exception is not
caused then the `ELP` is updated to `NO_LP_EXPECTED`.

[wavedrom, ,svg]
Expand All @@ -522,10 +522,10 @@ The operation of the `LPAD` instruction is as follows:
if (xLPE != 0)
// If PC not 4-byte aligned then software integrity fault
if pc[1:0] != 0
Cause software error exception
Cause software check exception
// If landing pad label not matched -> software integrity fault
else if (inst.LPL != x7[31:12] && inst.LPL != 0 && ELP == LP_EXPECTED)
Cause software error exception
Cause software check exception
else
ELP = NO_LP_EXPECTED
else
Expand All @@ -545,11 +545,11 @@ of indirect call/jump was decoded, due to:
error exception with `*tval` set to "landing pad fault (code=2)"
(See Table 3.7 of Privileged Specification cite:[PRIV]).

The software error exception caused by Zicfilp has higher priority than an
The software check exception caused by Zicfilp has higher priority than an
illegal instruction exception but lower priority than instruction access fault.

The software error exception due to the instruction not being an `LPAD`
instruction when `ELP` is `LP_EXPECTED` or an software error exception caused by
The software check exception due to the instruction not being an `LPAD`
instruction when `ELP` is `LP_EXPECTED` or an software check exception caused by
the `LPAD` instruction itself (See <<LP_INST>>) leads to a trap being delivered
to the same or to a higher privilege mode.

Expand Down