qemu-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v3 15/20] target/riscv: shadow stack mmu index for shadow sta


From: Richard Henderson
Subject: Re: [PATCH v3 15/20] target/riscv: shadow stack mmu index for shadow stack instructions
Date: Wed, 7 Aug 2024 12:43:31 +1000
User-agent: Mozilla Thunderbird

On 8/7/24 10:06, Deepak Gupta wrote:
Shadow stack instructions shadow stack mmu index for load/stores.
`MMU_IDX_SS_ACCESS` at bit positon 3 is used as shadow stack index.
Shadow stack mmu index depend on privilege and SUM bit. If shadow stack
accesses happening in user mode, shadow stack mmu index = 0b1000. If
shaodw stack access happening in supervisor mode mmu index = 0b1001. If
shadow stack access happening in supervisor mode with SUM=1 then mmu
index = 0b1010

Signed-off-by: Deepak Gupta <debug@rivosinc.com>
---
  target/riscv/cpu.h                            | 13 ++++++++++
  target/riscv/cpu_helper.c                     |  3 +++
  target/riscv/insn_trans/trans_rva.c.inc       |  8 ++++++
  target/riscv/insn_trans/trans_rvzicfiss.c.inc |  6 +++++
  target/riscv/internals.h                      |  1 +
  target/riscv/translate.c                      | 25 +++++++++++++++++++
  6 files changed, 56 insertions(+)

diff --git a/target/riscv/cpu.h b/target/riscv/cpu.h
index 6da94c417c..3ad220a9fe 100644
--- a/target/riscv/cpu.h
+++ b/target/riscv/cpu.h
@@ -615,6 +615,19 @@ FIELD(TB_FLAGS, FCFI_ENABLED, 28, 1)
  FIELD(TB_FLAGS, FCFI_LP_EXPECTED, 29, 1)
  /* zicfiss needs a TB flag so that correct TB is located based on tb flags */
  FIELD(TB_FLAGS, BCFI_ENABLED, 30, 1)
+/*
+ * zicfiss shadow stack is special memory on which regular stores aren't
+ * allowed but shadow stack stores are allowed. Shadow stack stores can
+ * happen as `sspush` or `ssamoswap` instructions. `sspush` implicitly
+ * takes shadow stack address from CSR_SSP. But `ssamoswap` takes address
+ * from encoded input register and it will be used by supervisor software
+ * to access (read/write) user shadow stack for setting up rt_frame during
+ * signal delivery. Supervisor software will do so by setting SUM=1. Thus
+ * a TB flag is needed if SUM was 1 during TB generation to correctly
+ * reflect memory permissions to access shadow stack user memory from
+ * supervisor mode.
+ */
+FIELD(TB_FLAGS, SUM, 31, 1)

This is already encoded into the mmu_idx as MMUIdx_S_SUM.


r~



reply via email to

[Prev in Thread] Current Thread [Next in Thread]