From patchwork Thu Feb 9 06:23:57 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Deepak Gupta X-Patchwork-Id: 13134031 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 6BB5FC61DA4 for ; Thu, 9 Feb 2023 06:26:31 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1pQ0Lw-0000t6-Ja; Thu, 09 Feb 2023 01:24:16 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pQ0Lv-0000sS-JX for qemu-devel@nongnu.org; Thu, 09 Feb 2023 01:24:15 -0500 Received: from mail-pg1-x52a.google.com ([2607:f8b0:4864:20::52a]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1pQ0Lt-0007w9-30 for qemu-devel@nongnu.org; Thu, 09 Feb 2023 01:24:15 -0500 Received: by mail-pg1-x52a.google.com with SMTP id 78so927457pgb.8 for ; Wed, 08 Feb 2023 22:24:12 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rivosinc-com.20210112.gappssmtp.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=qlPh49wlbxVVcOm0Ok3pVswLtoV2NRPuPBXAw/YmxdU=; b=soLrCqWLZow/sp1tWvVcJV8qtGoTHNC/x+PuDY0LOt1Y8+NE8ekfQKLWz35beos5tx /f5SrGKzoTQ4kUoJ7p7Ne2xmEpFBeWdWEZR8hFx3iR89UIfyascsqqdvMOyvZdqokd+G xCYyhHmX4ZJQtxlWOg+5z6ACjRlFPKKmB9uB5Pt7tbm3MW3UW3RBg6Ui5Gu3yDNPRaoz y7Jj6RKXHEWF49sQCQBj6ssOGtbfsNuVqVsoQB/kuj60/kgjOESKHFgN8+um7XadKlaK CDKUkcgWhsQgkr2NEeA0Ava+k3FfSN1pGIU8ULtvWgPJx5HXSJdZejazU7wyccrZd2dv 281g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=qlPh49wlbxVVcOm0Ok3pVswLtoV2NRPuPBXAw/YmxdU=; b=J0lbIBekD/LEg3t5mGvOGVBSlT4g6hHawvJn00Yn+rvg7VnF8S647ygnELX0Sx3YZd JJPjuFSFX56qd89rMbbuxMHrsz7S0SB8zTXAot/ycUG6eWT48cGLHWF/BNqGW7SCpLEv CvAkGON372jPkdT4qn+5vyoyMDSi2oXiUO8ex/cd24H8Rd0qF7S7GaKj8alsYYbxnuTc IkLH9g22NOpsD6XAs3kYq9WovxrX4mKDDt3iXs56vXcyosarb/kMdAR4+CIXAwS31yL0 3X02WNpx+NnnDbIQA4OFQ7DZrbPoKEJo5bsBJY320exKnZAmyerySwq7szuLtQrHpWYd VIxA== X-Gm-Message-State: AO0yUKXhG8OvV5tsY/gr4RLDVNkuX8M5KxeRqz6QZv3znYcZSbsaiZQF x0gawtF3Wm6UPO3OfxjhetsyhhITcmqecpMh X-Google-Smtp-Source: AK7set8kNRYpwuG9p2IpokvYGz5GF6McvSaho78kGz/ueIsJp5bSeWX9pKnKE8gVPsrWZXBKa7UZJw== X-Received: by 2002:a62:520a:0:b0:5a8:44b1:7396 with SMTP id g10-20020a62520a000000b005a844b17396mr4400777pfb.15.1675923851727; Wed, 08 Feb 2023 22:24:11 -0800 (PST) Received: from debug.ba.rivosinc.com ([66.220.2.162]) by smtp.gmail.com with ESMTPSA id j14-20020aa7800e000000b00571cdbd0771sm521919pfi.102.2023.02.08.22.24.10 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 08 Feb 2023 22:24:11 -0800 (PST) From: Deepak Gupta To: Palmer Dabbelt , Alistair Francis , Bin Meng Cc: Deepak Gupta , Kip Walker , qemu-riscv@nongnu.org, qemu-devel@nongnu.org Subject: [PATCH v1 RFC Zisslpcfi 2/9] target/riscv: zisslpcfi CSR, bit positions and other definitions Date: Wed, 8 Feb 2023 22:23:57 -0800 Message-Id: <20230209062404.3582018-3-debug@rivosinc.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20230209062404.3582018-1-debug@rivosinc.com> References: <20230209062404.3582018-1-debug@rivosinc.com> MIME-Version: 1.0 Received-SPF: pass client-ip=2607:f8b0:4864:20::52a; envelope-from=debug@rivosinc.com; helo=mail-pg1-x52a.google.com X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=unavailable autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org `zisslpcfi` extension adds two new CSRs. CSR_SSP and CSR_LPLR. - CSR_SSP: This CSR holds shadow stack pointer for current privilege mode CSR_SSP is accessible in all modes. Each mode must establish it's own CSR_SSP. - CSR_LPLR: This CSR holds label value set at the callsite by compiler. On call target label check instructions are emitted by compiler which check label value against value present in CSR_LPRL. Enabling of `zisslpcfi` is controlled via menvcfg (for S/HS/VS/U/VU) and henvcfg (for VS/VU) at bit position 60. Each mode has enable/disable bits for forward cfi. Backward cfi doesn't have separate enable/disable bits for S and M mode. User forward cfi and user backward cfi enable/disable bits are in mstatus/sstatus CSR. Supervisor forward cfi enable/disable bit are in menvcfg and henvcfg CSR. Machine mode forward cfi enable/disable bit is in mseccfg CSR. If forward cfi enabled, all indirect branches must land on a landing pad instruction (`lpcll`, introduced in later commits). CPU/hart tracks this internally using a landing pad tracker called `elp` short for `expecting landing pad`. An interrupt can occur between an indirect branch and target. If such an event occurs `elp` is saved away in mstatus/sstatus CSR Signed-off-by: Deepak Gupta Signed-off-by: Kip Walker --- target/riscv/cpu.h | 5 +++++ target/riscv/cpu_bits.h | 25 +++++++++++++++++++++++++ target/riscv/pmp.h | 3 ++- 3 files changed, 32 insertions(+), 1 deletion(-) diff --git a/target/riscv/cpu.h b/target/riscv/cpu.h index 9a923760b2..18db61a06a 100644 --- a/target/riscv/cpu.h +++ b/target/riscv/cpu.h @@ -181,6 +181,11 @@ struct CPUArchState { uint32_t features; + /* CFI Extension user mode registers and state */ + uint32_t lplr; + target_ulong ssp; + cfi_elp elp; + #ifdef CONFIG_USER_ONLY uint32_t elf_flags; #endif diff --git a/target/riscv/cpu_bits.h b/target/riscv/cpu_bits.h index 8b0d7e20ea..1663ba5775 100644 --- a/target/riscv/cpu_bits.h +++ b/target/riscv/cpu_bits.h @@ -39,6 +39,10 @@ /* Control and Status Registers */ +/* CFI CSRs */ +#define CSR_LPLR 0x006 +#define CSR_SSP 0x020 + /* User Trap Setup */ #define CSR_USTATUS 0x000 #define CSR_UIE 0x004 @@ -542,6 +546,10 @@ #define MSTATUS_TVM 0x00100000 /* since: priv-1.10 */ #define MSTATUS_TW 0x00200000 /* since: priv-1.10 */ #define MSTATUS_TSR 0x00400000 /* since: priv-1.10 */ +#define MSTATUS_UFCFIEN 0x00800000 /* Zisslpcfi-0.1 */ +#define MSTATUS_UBCFIEN 0x01000000 /* Zisslpcfi-0.1 */ +#define MSTATUS_SPELP 0x02000000 /* Zisslpcfi-0.1 */ +#define MSTATUS_MPELP 0x04000000 /* Zisslpcfi-0.1 */ #define MSTATUS_GVA 0x4000000000ULL #define MSTATUS_MPV 0x8000000000ULL @@ -572,12 +580,21 @@ typedef enum { #define SSTATUS_XS 0x00018000 #define SSTATUS_SUM 0x00040000 /* since: priv-1.10 */ #define SSTATUS_MXR 0x00080000 +#define SSTATUS_UFCFIEN MSTATUS_UFCFIEN /* Zisslpcfi-0.1 */ +#define SSTATUS_UBCFIEN MSTATUS_UBCFIEN /* Zisslpcfi-0.1 */ +#define SSTATUS_SPELP MSTATUS_SPELP /* Zisslpcfi-0.1 */ #define SSTATUS64_UXL 0x0000000300000000ULL #define SSTATUS32_SD 0x80000000 #define SSTATUS64_SD 0x8000000000000000ULL +#define CFISTATUS_M_MASK (MSTATUS_UFCFIEN | MSTATUS_UBCFIEN | \ + MSTATUS_MPELP | MSTATUS_SPELP) + +#define CFISTATUS_S_MASK (SSTATUS_UFCFIEN | SSTATUS_UBCFIEN | \ + SSTATUS_SPELP) + /* hstatus CSR bits */ #define HSTATUS_VSBE 0x00000020 #define HSTATUS_GVA 0x00000040 @@ -747,10 +764,14 @@ typedef enum RISCVException { #define MENVCFG_CBIE (3UL << 4) #define MENVCFG_CBCFE BIT(6) #define MENVCFG_CBZE BIT(7) +#define MENVCFG_SFCFIEN BIT(59) +#define MENVCFG_CFI BIT(60) #define MENVCFG_PBMTE (1ULL << 62) #define MENVCFG_STCE (1ULL << 63) /* For RV32 */ +#define MENVCFGH_SFCFIEN BIT(27) +#define MENVCFGH_CFI BIT(28) #define MENVCFGH_PBMTE BIT(30) #define MENVCFGH_STCE BIT(31) @@ -763,10 +784,14 @@ typedef enum RISCVException { #define HENVCFG_CBIE MENVCFG_CBIE #define HENVCFG_CBCFE MENVCFG_CBCFE #define HENVCFG_CBZE MENVCFG_CBZE +#define HENVCFG_SFCFIEN MENVCFG_SFCFIEN +#define HENVCFG_CFI MENVCFG_CFI #define HENVCFG_PBMTE MENVCFG_PBMTE #define HENVCFG_STCE MENVCFG_STCE /* For RV32 */ +#define HENVCFGH_SFCFIEN MENVCFGH_SFCFIEN +#define HENVCFGH_CFI MENVCFGH_CFI #define HENVCFGH_PBMTE MENVCFGH_PBMTE #define HENVCFGH_STCE MENVCFGH_STCE diff --git a/target/riscv/pmp.h b/target/riscv/pmp.h index da32c61c85..f5bfc4955b 100644 --- a/target/riscv/pmp.h +++ b/target/riscv/pmp.h @@ -43,7 +43,8 @@ typedef enum { MSECCFG_MMWP = 1 << 1, MSECCFG_RLB = 1 << 2, MSECCFG_USEED = 1 << 8, - MSECCFG_SSEED = 1 << 9 + MSECCFG_SSEED = 1 << 9, + MSECCFG_MFCFIEN = 1 << 10 } mseccfg_field_t; typedef struct {