From patchwork Wed Aug 7 00:06:32 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Deepak Gupta X-Patchwork-Id: 13755516 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id EC741C52D7B for ; Wed, 7 Aug 2024 00:08:00 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1sbUCl-0002Uv-N2; Tue, 06 Aug 2024 20:07:03 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sbUCj-0002TQ-QG for qemu-devel@nongnu.org; Tue, 06 Aug 2024 20:07:01 -0400 Received: from mail-pl1-x62e.google.com ([2607:f8b0:4864:20::62e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1sbUCh-00017J-Cm for qemu-devel@nongnu.org; Tue, 06 Aug 2024 20:07:01 -0400 Received: by mail-pl1-x62e.google.com with SMTP id d9443c01a7336-1fc5296e214so11805415ad.0 for ; Tue, 06 Aug 2024 17:06:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rivosinc-com.20230601.gappssmtp.com; s=20230601; t=1722989218; x=1723594018; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=VJOhnSghwUlcGLtcqpB8a6GrX3vCsWVBjHp5kS9dbdk=; b=hoyPcePyiQYvgEykv7/QetK15hlDY1icg1GkSNxQa8HxEkQRvbYwqGVQRdqnV+2+MO wkJc496VXG78VfGFp1ImsNOxRK4RgSExhVTO7MSI/h3bVJMVemS8TgN4OTCGD1nClweT qlujvCLoUS2evjA0Z9cJyGXX7VByfg8ZSM0MKXVhj+xWr7HitfVBX74A7c8pfRiQINPu EX0EJeLey+UHkWeFglrQUAcPn6TEmtCQWQejTBH0kdRSZHIOEZWaf3o8oOen1S7OH9fo ULbTJzCZQZbxnm40Fut/f5SsGXnIK6lw2e/sWZ083GZlriJM5ByutGO7Wutz6hbvcTLj rLog== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1722989218; x=1723594018; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=VJOhnSghwUlcGLtcqpB8a6GrX3vCsWVBjHp5kS9dbdk=; b=O5Cc2PCqElVr83hy0DXE+4Ht87SWga+zvP+Jol3OA6/zlWk+45G/WXBajnN2Rot/tR OISW7La1wDoAtqUNkeUHrp37X2GuLc6XcYsZjU8N1Uqy5aKM6jeIzDRetxbcxgUV1teE YJ7hRTAB8iqHkTYpb0Xl+d4jwSNsfhuJeKAyt47/pI2QmjTqKwhSxlM9ia4gZ5qgyG8k kCl8UIafAASyuT+0Fn6k/DM0aoh9CGTWt8Q7nkMIx+GIwSRexng37LLGGEGoVfdce6i3 Us+nrFKj6btScs3QgyCFMP9I4ux2s0ztYj+WLwrBJlwrHfFs6JWm3CNrdb6tAbJTjZtm rrQA== X-Gm-Message-State: AOJu0YxINn4LsA4SYVbG72yEdvcKBpGD/M/k6XGsvoHVZkx+w6syoIBn rFfLBa/AJiHwF0eHrSWexy/iph35cn6cQKKJVadWnahAOvkj6Va8prQNe7dUEJm7otinR0Dr0G+ U X-Google-Smtp-Source: AGHT+IHJlLbITAB4l/G2YSjELLMT8UcI2cKdNyRpE2Y6OwSM/+uuC2XMdFqdLfMhjCPrX9zstQqJSQ== X-Received: by 2002:a17:902:f9c4:b0:1fd:6c5b:afd4 with SMTP id d9443c01a7336-1ff574e222amr176216145ad.64.1722989217732; Tue, 06 Aug 2024 17:06:57 -0700 (PDT) Received: from debug.ba.rivosinc.com ([64.71.180.162]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-1ff58f59cc2sm93381845ad.92.2024.08.06.17.06.56 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 06 Aug 2024 17:06:57 -0700 (PDT) From: Deepak Gupta To: qemu-devel@nongnu.org, qemu-riscv@nongnu.org Cc: richard.henderson@linaro.org, pbonzini@redhat.com, palmer@dabbelt.com, Alistair.Francis@wdc.com, laurent@vivier.eu, bmeng.cn@gmail.com, liwei1518@gmail.com, dbarboza@ventanamicro.com, zhiwei_liu@linux.alibaba.com, Deepak Gupta Subject: [PATCH v3 01/20] accel/tcg: restrict assert on icount_enabled to qemu-system Date: Tue, 6 Aug 2024 17:06:32 -0700 Message-ID: <20240807000652.1417776-2-debug@rivosinc.com> X-Mailer: git-send-email 2.45.0 In-Reply-To: <20240807000652.1417776-1-debug@rivosinc.com> References: <20240807000652.1417776-1-debug@rivosinc.com> MIME-Version: 1.0 Received-SPF: pass client-ip=2607:f8b0:4864:20::62e; envelope-from=debug@rivosinc.com; helo=mail-pl1-x62e.google.com X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org commit 16ad9788 [1] restricted icount to qemu-system only. Although assert in `cpu_loop_exec_tb` is on `icount_enabled()` which is 0 when its qemu-user and debug build starts asserting. Move assert for qemu-system. [1] - https://lists.gnu.org/archive/html/qemu-riscv/2024-01/msg00608.html Signed-off-by: Deepak Gupta --- accel/tcg/cpu-exec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/accel/tcg/cpu-exec.c b/accel/tcg/cpu-exec.c index 245fd6327d..8cc2a6104f 100644 --- a/accel/tcg/cpu-exec.c +++ b/accel/tcg/cpu-exec.c @@ -927,9 +927,9 @@ static inline void cpu_loop_exec_tb(CPUState *cpu, TranslationBlock *tb, return; } +#ifndef CONFIG_USER_ONLY /* Instruction counter expired. */ assert(icount_enabled()); -#ifndef CONFIG_USER_ONLY /* Ensure global icount has gone forward */ icount_update(cpu); /* Refill decrementer and continue execution. */ From patchwork Wed Aug 7 00:06:33 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Deepak Gupta X-Patchwork-Id: 13755522 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 3197CC49EA1 for ; Wed, 7 Aug 2024 00:09:14 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1sbUD0-0002i8-Ip; Tue, 06 Aug 2024 20:07:18 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sbUCl-0002Ue-A7 for qemu-devel@nongnu.org; Tue, 06 Aug 2024 20:07:03 -0400 Received: from mail-pl1-x632.google.com ([2607:f8b0:4864:20::632]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1sbUCi-00017T-Oo for qemu-devel@nongnu.org; Tue, 06 Aug 2024 20:07:02 -0400 Received: by mail-pl1-x632.google.com with SMTP id d9443c01a7336-1ff67158052so9031775ad.0 for ; Tue, 06 Aug 2024 17:07:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rivosinc-com.20230601.gappssmtp.com; s=20230601; t=1722989219; x=1723594019; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=/xTvsa+ViAqHINj5oJb/iz6qO9j2BBr+FG4wAjwt7ac=; b=KCOcNVLiy7O2sNhYak2DKzLMJCz1M7gOSkwvcPTa+FM5+8k+RyEY8MZp9pKptqwf/P qyCH5+4S2UF729rqE7DmJFUzHegiqxQAYH4jXpASlv5stVbUYL2y64j1m//5LNsf/Ky5 W++j950MCa8+r33RRq4iZScPEb3EQKVsEtzZbJoj73XCZQ6uCq65rjq9Xr6tdaG3DfVT WUCNgM6ZP8v/f3bdQU/O5ixwfBvXjTdZ/k6xkQhkbmeWTCCpZuSjN9zsmZh/Wzu4bBS8 WaMPCis+21eF0jwozpeEHtmJJl9Our+ftxnYLoQhxxjMGUajlK/NsU6eWg2ktcwvHNre JTLQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1722989219; x=1723594019; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=/xTvsa+ViAqHINj5oJb/iz6qO9j2BBr+FG4wAjwt7ac=; b=cHSRsPey9hd/RBQfZE8+p4VkVdIjnILQyxGrp2uK9WLdsKV48V5esHGc9vTX+zuv4i WhhuHHpjHVbPcM06OPYe0JGpZKiAsEzc0JGX+VSXHQDiUdRdR5EpsxJncF6Hj8Hcnnsu ze0d5JrX/aMqbYOeCm2AGV0KUaHxwiGmdcwl5JEkE6ijI/n5hYlyS+9WOEzt/JCXGuq2 l2tCe4ktY2598h8e56k0FMqCdmg+j0ExiKZBcrdP3eYR0uiiczeNzhnR8AA91ejeALwc DUIvtoL5/TGcwlJ3miIVSraRvyKwYm2MUm09yIqXlZcq4zINu9bjoOlGZTYWAWMtWHEW 1Cew== X-Gm-Message-State: AOJu0Ywx48GNauc4NdP1C6DK00rlQFS91fTa8e1J3tP3p0XCzaW6EmcJ LO8UyxY/LgxyUI7N6P/mTy3UXQHSvLfo+60k/DyVRbsz5SChRZI2h47fZQYTzzCfrQI4dqtSf0e I X-Google-Smtp-Source: AGHT+IFmpwHGEdAICfJ1RX989TcBBHp0dKNBOjMx0cAo6OQLaUBTWDM2E1uOxBi5Lw0bXk//MYsZfA== X-Received: by 2002:a17:902:f54b:b0:1fd:8904:ecf6 with SMTP id d9443c01a7336-1ff5728c53fmr181647405ad.21.1722989218899; Tue, 06 Aug 2024 17:06:58 -0700 (PDT) Received: from debug.ba.rivosinc.com ([64.71.180.162]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-1ff58f59cc2sm93381845ad.92.2024.08.06.17.06.57 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 06 Aug 2024 17:06:58 -0700 (PDT) From: Deepak Gupta To: qemu-devel@nongnu.org, qemu-riscv@nongnu.org Cc: richard.henderson@linaro.org, pbonzini@redhat.com, palmer@dabbelt.com, Alistair.Francis@wdc.com, laurent@vivier.eu, bmeng.cn@gmail.com, liwei1518@gmail.com, dbarboza@ventanamicro.com, zhiwei_liu@linux.alibaba.com, Deepak Gupta , Jim Shu , Andy Chiu Subject: [PATCH v3 02/20] target/riscv: Add zicfilp extension Date: Tue, 6 Aug 2024 17:06:33 -0700 Message-ID: <20240807000652.1417776-3-debug@rivosinc.com> X-Mailer: git-send-email 2.45.0 In-Reply-To: <20240807000652.1417776-1-debug@rivosinc.com> References: <20240807000652.1417776-1-debug@rivosinc.com> MIME-Version: 1.0 Received-SPF: pass client-ip=2607:f8b0:4864:20::632; envelope-from=debug@rivosinc.com; helo=mail-pl1-x632.google.com X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org zicfilp [1] riscv cpu extension enables forward control flow integrity. If enabled, all indirect calls must land on a landing pad instruction. This patch sets up space for zicfilp extension in cpuconfig. zicfilp is dependend on zicsr. [1] - https://github.com/riscv/riscv-cfi Signed-off-by: Deepak Gupta Co-developed-by: Jim Shu Co-developed-by: Andy Chiu --- target/riscv/cpu.c | 2 ++ target/riscv/cpu_cfg.h | 1 + target/riscv/tcg/tcg-cpu.c | 5 +++++ 3 files changed, 8 insertions(+) diff --git a/target/riscv/cpu.c b/target/riscv/cpu.c index 33ef4eb795..5dfb3f39ab 100644 --- a/target/riscv/cpu.c +++ b/target/riscv/cpu.c @@ -106,6 +106,7 @@ const RISCVIsaExtData isa_edata_arr[] = { ISA_EXT_DATA_ENTRY(ziccif, PRIV_VERSION_1_11_0, has_priv_1_11), ISA_EXT_DATA_ENTRY(zicclsm, PRIV_VERSION_1_11_0, has_priv_1_11), ISA_EXT_DATA_ENTRY(ziccrse, PRIV_VERSION_1_11_0, has_priv_1_11), + ISA_EXT_DATA_ENTRY(zicfilp, PRIV_VERSION_1_12_0, ext_zicfilp), ISA_EXT_DATA_ENTRY(zicond, PRIV_VERSION_1_12_0, ext_zicond), ISA_EXT_DATA_ENTRY(zicntr, PRIV_VERSION_1_12_0, ext_zicntr), ISA_EXT_DATA_ENTRY(zicsr, PRIV_VERSION_1_10_0, ext_zicsr), @@ -1472,6 +1473,7 @@ const RISCVCPUMultiExtConfig riscv_cpu_extensions[] = { /* Defaults for standard extensions */ MULTI_EXT_CFG_BOOL("sscofpmf", ext_sscofpmf, false), MULTI_EXT_CFG_BOOL("zifencei", ext_zifencei, true), + MULTI_EXT_CFG_BOOL("zicfilp", ext_zicfilp, false), MULTI_EXT_CFG_BOOL("zicsr", ext_zicsr, true), MULTI_EXT_CFG_BOOL("zihintntl", ext_zihintntl, true), MULTI_EXT_CFG_BOOL("zihintpause", ext_zihintpause, true), diff --git a/target/riscv/cpu_cfg.h b/target/riscv/cpu_cfg.h index 120905a254..88d5defbb5 100644 --- a/target/riscv/cpu_cfg.h +++ b/target/riscv/cpu_cfg.h @@ -67,6 +67,7 @@ struct RISCVCPUConfig { bool ext_zicbom; bool ext_zicbop; bool ext_zicboz; + bool ext_zicfilp; bool ext_zicond; bool ext_zihintntl; bool ext_zihintpause; diff --git a/target/riscv/tcg/tcg-cpu.c b/target/riscv/tcg/tcg-cpu.c index b8814ab753..ed19586c9d 100644 --- a/target/riscv/tcg/tcg-cpu.c +++ b/target/riscv/tcg/tcg-cpu.c @@ -623,6 +623,11 @@ void riscv_cpu_validate_set_extensions(RISCVCPU *cpu, Error **errp) cpu->pmu_avail_ctrs = 0; } + if (cpu->cfg.ext_zicfilp && !cpu->cfg.ext_zicsr) { + error_setg(errp, "zicfilp extension requires zicsr extension"); + return; + } + /* * Disable isa extensions based on priv spec after we * validated and set everything we need. From patchwork Wed Aug 7 00:06:34 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Deepak Gupta X-Patchwork-Id: 13755536 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id DC69DC52D6F for ; Wed, 7 Aug 2024 00:11:38 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1sbUDM-00042R-6x; Tue, 06 Aug 2024 20:07:40 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sbUCm-0002Xi-U8 for qemu-devel@nongnu.org; Tue, 06 Aug 2024 20:07:06 -0400 Received: from mail-pf1-x433.google.com ([2607:f8b0:4864:20::433]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1sbUCj-00017d-Vo for qemu-devel@nongnu.org; Tue, 06 Aug 2024 20:07:04 -0400 Received: by mail-pf1-x433.google.com with SMTP id d2e1a72fcca58-70d25b5b6b0so946336b3a.2 for ; Tue, 06 Aug 2024 17:07:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rivosinc-com.20230601.gappssmtp.com; s=20230601; t=1722989220; x=1723594020; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=WXmmy9sQ6FdCwxmbQ1lXp5QB1YPROEJt1Bgbzc7d8Dg=; b=zPcjJ3XMQRS6CaW+WU7ji5XbkdClpChBXkxXYhOIxh0PjYp2a3uhCqtalah4uwiA9O sLT37RJqJ0lenwqPscNS1ua5OJzZ3VEuG1FFT141bpwNSD0ElI2H/FOyY2V3cn4dTKuo thJEHm9fwVm7Ts+4Nj5R1f2LtMQb0BU8Y5EY0+PJXRkiw086SCrEg/bq63MN7S4H2D2M qQzKtIbunkbZMZGHU9RIQogbH3ypCBEujVdcozzvErZlYXg549jn644nkbAv0mwtbu8c BFoJK+cPczWBO7ussOwRPyC24ZYfCbnFY4em2hJ6Qp1m+LDYhgSK4fSd+R17K2gNblCz 3mxQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1722989220; x=1723594020; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=WXmmy9sQ6FdCwxmbQ1lXp5QB1YPROEJt1Bgbzc7d8Dg=; b=xVJE5yWw9oO0nZbZ/wFXGOYywV0nnfwVMPS+y5+voZyFFIDipIn1xzHRJQWPnN7W93 2zCQ55fbmj9VZgI4cjd7DWZac4LVEFCH4cEqmvx1xvuuM467hJynCvuRVcpfOBN4BCwJ otj8fNEtxN5xpt5rZIhD0LWZEWn3lHkVwcfVeHEevPoZoMh8dwfgTunr/jyBCpRGhX5K 01StBm/Aa2bp4SfbpbbO0lLgTKcCLPIB0tj4l9j+j87emeEssMbIquNIivjd3ILzvif3 u737q9iN9fPV8ck3o1LFpTIfMIpEZq3v9flmUMBalFmfrTT3se8ZXvJ/UXgl247+1XWB yKHA== X-Gm-Message-State: AOJu0Yz20a+tgxJ1lAGe+TvZCh/aXLphHTI21sHedq2dMvNcjNtjxTTQ 5xwMZxjUnD7jqv12dJiBACxQiGDCIi0YqWEykidrN9oAt7rPrwIt3KdQtfm4A1/lCvUJBB4rzbs f X-Google-Smtp-Source: AGHT+IFaq+yBNmaqVl0EqWI71cpUKaSbRzE4rn2E7uHRPOwGF/mSLBtgbkkxKIL3pF51ju3TZP761Q== X-Received: by 2002:a05:6a20:3950:b0:1c4:9886:b511 with SMTP id adf61e73a8af0-1c69954a2fdmr19486907637.2.1722989220116; Tue, 06 Aug 2024 17:07:00 -0700 (PDT) Received: from debug.ba.rivosinc.com ([64.71.180.162]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-1ff58f59cc2sm93381845ad.92.2024.08.06.17.06.59 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 06 Aug 2024 17:06:59 -0700 (PDT) From: Deepak Gupta To: qemu-devel@nongnu.org, qemu-riscv@nongnu.org Cc: richard.henderson@linaro.org, pbonzini@redhat.com, palmer@dabbelt.com, Alistair.Francis@wdc.com, laurent@vivier.eu, bmeng.cn@gmail.com, liwei1518@gmail.com, dbarboza@ventanamicro.com, zhiwei_liu@linux.alibaba.com, Deepak Gupta , Jim Shu , Andy Chiu Subject: [PATCH v3 03/20] target/riscv: Introduce elp state and enabling controls for zicfilp Date: Tue, 6 Aug 2024 17:06:34 -0700 Message-ID: <20240807000652.1417776-4-debug@rivosinc.com> X-Mailer: git-send-email 2.45.0 In-Reply-To: <20240807000652.1417776-1-debug@rivosinc.com> References: <20240807000652.1417776-1-debug@rivosinc.com> MIME-Version: 1.0 Received-SPF: pass client-ip=2607:f8b0:4864:20::433; envelope-from=debug@rivosinc.com; helo=mail-pf1-x433.google.com X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=unavailable autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org zicfilp introduces a new state elp ("expected landing pad") in cpu. During normal execution, elp is idle (NO_LP_EXPECTED) i.e not expecting landing pad. On an indirect call, elp moves LP_EXPECTED. When elp is LP_EXPECTED, only a subsquent landing pad instruction can set state back to NO_LP_EXPECTED. On reset, elp is set to NO_LP_EXPECTED. zicfilp is enabled via bit2 in *envcfg CSRs. Enabling control for M-mode is in mseccfg CSR at bit position 10. On trap, elp state is saved away in *status. Signed-off-by: Deepak Gupta Co-developed-by: Jim Shu Co-developed-by: Andy Chiu --- target/riscv/cpu.c | 3 +++ target/riscv/cpu.h | 2 ++ target/riscv/cpu_bits.h | 12 ++++++++++++ target/riscv/csr.c | 31 +++++++++++++++++++++++++++++++ target/riscv/pmp.c | 5 +++++ target/riscv/pmp.h | 3 ++- 6 files changed, 55 insertions(+), 1 deletion(-) diff --git a/target/riscv/cpu.c b/target/riscv/cpu.c index 5dfb3f39ab..82fa85a8d6 100644 --- a/target/riscv/cpu.c +++ b/target/riscv/cpu.c @@ -994,6 +994,9 @@ static void riscv_cpu_reset_hold(Object *obj, ResetType type) /* mmte is supposed to have pm.current hardwired to 1 */ env->mmte |= (EXT_STATUS_INITIAL | MMTE_M_PM_CURRENT); + /* on reset elp is set to NO_LP_EXPECTED */ + env->elp = NO_LP_EXPECTED; + /* * Bits 10, 6, 2 and 12 of mideleg are read only 1 when the Hypervisor * extension is enabled. diff --git a/target/riscv/cpu.h b/target/riscv/cpu.h index 87742047ce..ae436a3179 100644 --- a/target/riscv/cpu.h +++ b/target/riscv/cpu.h @@ -222,6 +222,8 @@ struct CPUArchState { target_ulong jvt; + /* elp state for zicfilp extension */ + cfi_elp elp; #ifdef CONFIG_USER_ONLY uint32_t elf_flags; #endif diff --git a/target/riscv/cpu_bits.h b/target/riscv/cpu_bits.h index c257c5ed7d..127f2179dc 100644 --- a/target/riscv/cpu_bits.h +++ b/target/riscv/cpu_bits.h @@ -545,6 +545,8 @@ #define MSTATUS_TVM 0x00100000 /* since: priv-1.10 */ #define MSTATUS_TW 0x00200000 /* since: priv-1.10 */ #define MSTATUS_TSR 0x00400000 /* since: priv-1.10 */ +#define MSTATUS_SPELP 0x00800000 /* zicfilp */ +#define MSTATUS_MPELP 0x020000000000 /* zicfilp */ #define MSTATUS_GVA 0x4000000000ULL #define MSTATUS_MPV 0x8000000000ULL @@ -575,12 +577,19 @@ typedef enum { #define SSTATUS_XS 0x00018000 #define SSTATUS_SUM 0x00040000 /* since: priv-1.10 */ #define SSTATUS_MXR 0x00080000 +#define SSTATUS_SPELP MSTATUS_SPELP /* zicfilp */ #define SSTATUS64_UXL 0x0000000300000000ULL #define SSTATUS32_SD 0x80000000 #define SSTATUS64_SD 0x8000000000000000ULL +/* enum for branch tracking state in cpu/hart */ +typedef enum { + NO_LP_EXPECTED = 0, + LP_EXPECTED = 1, +} cfi_elp; + /* hstatus CSR bits */ #define HSTATUS_VSBE 0x00000020 #define HSTATUS_GVA 0x00000040 @@ -747,6 +756,7 @@ typedef enum RISCVException { /* Execution environment configuration bits */ #define MENVCFG_FIOM BIT(0) +#define MENVCFG_LPE BIT(2) /* zicfilp */ #define MENVCFG_CBIE (3UL << 4) #define MENVCFG_CBCFE BIT(6) #define MENVCFG_CBZE BIT(7) @@ -760,11 +770,13 @@ typedef enum RISCVException { #define MENVCFGH_STCE BIT(31) #define SENVCFG_FIOM MENVCFG_FIOM +#define SENVCFG_LPE MENVCFG_LPE #define SENVCFG_CBIE MENVCFG_CBIE #define SENVCFG_CBCFE MENVCFG_CBCFE #define SENVCFG_CBZE MENVCFG_CBZE #define HENVCFG_FIOM MENVCFG_FIOM +#define HENVCFG_LPE MENVCFG_LPE #define HENVCFG_CBIE MENVCFG_CBIE #define HENVCFG_CBCFE MENVCFG_CBCFE #define HENVCFG_CBZE MENVCFG_CBZE diff --git a/target/riscv/csr.c b/target/riscv/csr.c index 432c59dc66..5771a14848 100644 --- a/target/riscv/csr.c +++ b/target/riscv/csr.c @@ -1400,6 +1400,11 @@ static RISCVException write_mstatus(CPURISCVState *env, int csrno, } } + /* If cfi lp extension is available, then apply cfi lp mask */ + if (env_archcpu(env)->cfg.ext_zicfilp) { + mask |= (MSTATUS_MPELP | MSTATUS_SPELP); + } + mstatus = (mstatus & ~mask) | (val & mask); env->mstatus = mstatus; @@ -2101,6 +2106,10 @@ static RISCVException write_menvcfg(CPURISCVState *env, int csrno, mask |= (cfg->ext_svpbmt ? MENVCFG_PBMTE : 0) | (cfg->ext_sstc ? MENVCFG_STCE : 0) | (cfg->ext_svadu ? MENVCFG_ADUE : 0); + + if (env_archcpu(env)->cfg.ext_zicfilp) { + mask |= MENVCFG_LPE; + } } env->menvcfg = (env->menvcfg & ~mask) | (val & mask); @@ -2153,6 +2162,10 @@ static RISCVException write_senvcfg(CPURISCVState *env, int csrno, return ret; } + if (env_archcpu(env)->cfg.ext_zicfilp) { + mask |= SENVCFG_LPE; + } + env->senvcfg = (env->senvcfg & ~mask) | (val & mask); return RISCV_EXCP_NONE; } @@ -2190,6 +2203,10 @@ static RISCVException write_henvcfg(CPURISCVState *env, int csrno, if (riscv_cpu_mxl(env) == MXL_RV64) { mask |= env->menvcfg & (HENVCFG_PBMTE | HENVCFG_STCE | HENVCFG_ADUE); + + if (env_archcpu(env)->cfg.ext_zicfilp) { + mask |= HENVCFG_LPE; + } } env->henvcfg = (env->henvcfg & ~mask) | (val & mask); @@ -2654,6 +2671,10 @@ static RISCVException read_sstatus_i128(CPURISCVState *env, int csrno, mask |= SSTATUS64_UXL; } + if (env_archcpu(env)->cfg.ext_zicfilp) { + mask |= SSTATUS_SPELP; + } + *val = int128_make128(sstatus, add_status_sd(MXL_RV128, sstatus)); return RISCV_EXCP_NONE; } @@ -2665,6 +2686,11 @@ static RISCVException read_sstatus(CPURISCVState *env, int csrno, if (env->xl != MXL_RV32 || env->debugger) { mask |= SSTATUS64_UXL; } + + if (env_archcpu(env)->cfg.ext_zicfilp) { + mask |= SSTATUS_SPELP; + } + /* TODO: Use SXL not MXL. */ *val = add_status_sd(riscv_cpu_mxl(env), env->mstatus & mask); return RISCV_EXCP_NONE; @@ -2680,6 +2706,11 @@ static RISCVException write_sstatus(CPURISCVState *env, int csrno, mask |= SSTATUS64_UXL; } } + + if (env_archcpu(env)->cfg.ext_zicfilp) { + mask |= SSTATUS_SPELP; + } + target_ulong newval = (env->mstatus & ~mask) | (val & mask); return write_mstatus(env, CSR_MSTATUS, newval); } diff --git a/target/riscv/pmp.c b/target/riscv/pmp.c index 9eea397e72..1111d08d08 100644 --- a/target/riscv/pmp.c +++ b/target/riscv/pmp.c @@ -598,6 +598,11 @@ void mseccfg_csr_write(CPURISCVState *env, target_ulong val) val &= ~(MSECCFG_MMWP | MSECCFG_MML | MSECCFG_RLB); } + /* M-mode forward cfi to be enabled if cfi extension is implemented */ + if (env_archcpu(env)->cfg.ext_zicfilp) { + val |= (val & MSECCFG_MLPE); + } + env->mseccfg = val; } diff --git a/target/riscv/pmp.h b/target/riscv/pmp.h index f5c10ce85c..e0530a17a3 100644 --- a/target/riscv/pmp.h +++ b/target/riscv/pmp.h @@ -44,7 +44,8 @@ typedef enum { MSECCFG_MMWP = 1 << 1, MSECCFG_RLB = 1 << 2, MSECCFG_USEED = 1 << 8, - MSECCFG_SSEED = 1 << 9 + MSECCFG_SSEED = 1 << 9, + MSECCFG_MLPE = 1 << 10, } mseccfg_field_t; typedef struct { From patchwork Wed Aug 7 00:06:35 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Deepak Gupta X-Patchwork-Id: 13755527 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id B08C0C49EA1 for ; Wed, 7 Aug 2024 00:09:31 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1sbUDA-0003KL-I7; Tue, 06 Aug 2024 20:07:28 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sbUCn-0002YV-5C for qemu-devel@nongnu.org; Tue, 06 Aug 2024 20:07:06 -0400 Received: from mail-pl1-x629.google.com ([2607:f8b0:4864:20::629]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1sbUCl-00017z-1e for qemu-devel@nongnu.org; Tue, 06 Aug 2024 20:07:04 -0400 Received: by mail-pl1-x629.google.com with SMTP id d9443c01a7336-1fd90c2fc68so11856625ad.1 for ; Tue, 06 Aug 2024 17:07:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rivosinc-com.20230601.gappssmtp.com; s=20230601; t=1722989221; x=1723594021; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=svo4LPG7r850nEYgZiVRG+jHhd5cukzMD7ExuHKhohU=; b=Wgpvq1xz7qAZ+af1ovAzY5X0c5l4zrQ2Byroqh6J2FdWVtvSeO3urqWEb4mZnC7oq3 jP6mvzftc0av5b3x3GwtjI/nwi/CnHD6bINvA82aNK9CRou/5OHqHzeWPb+DzaEfl2wO uwo8KcDvygfQwZaLQonDac5Ja/FF+PGU+0NMRrZo1YdMOt1ZDd7qj13ynN7YcQl9q6sV yMDYzocqnKZRbbFsJDDYKftsn1NWz7PJHlV/0xSHG6ZAU0My2k83WevrZFLHGFoJ6tPp tY2gmwn2aUK6ILTWOf3xNTMdJ7Vxydi/QBJ0GA+LySVgKkZm6OnJXBPmnghYhBNy4GXq SiTg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1722989221; x=1723594021; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=svo4LPG7r850nEYgZiVRG+jHhd5cukzMD7ExuHKhohU=; b=HKAmibgtjaOAB/RFBk+oqcnjdhW5XcmE6qcaO+u8g5tDnY4+yNi21POao8bHe/HJH+ cGhSwhVqZUvz3qfnMG3/hp9b7+cXGortwhqNLZDLJq642X8K5IsXWNNCvJzpoYVMxNEr k9XWV+wlZ3xtquPp1L6xS9GP9rB6/bqE4jrjV61ccGWLCwKkFS7W2ic74RqZ2JVOt2e7 Ts7wop9AchZoE+hJBbUVyuJlcbBBBEImqcW/Ag1uHPTY1C/bN3/FwIOgWc7mnXdSD4e4 u6K6mK/VJwMIXAIlr/n1zj/pZWb+QZjg760ujM2Iz0YmerD/d/TLWSPb6DTqY06cpohi Y/gg== X-Gm-Message-State: AOJu0Yxvu0YEXcCIAA7kpjBbydNcCR41Eo/2VXI3L135o+zCozfyAekg B5ixHUBPDgPTFH/exGMBNm6aUPGsaseuOljxs2/6yKMguTZBaYo67jOtfWeJHoy+MkRh/HHvJPf w X-Google-Smtp-Source: AGHT+IF03lP5QJ41skWd759etF1SIbqvcnJHu7CDz4o1hqof9i+UAPVNcU/dGlfRbtE5Ix3cIesANQ== X-Received: by 2002:a17:903:32ce:b0:1fb:8cab:ccc9 with SMTP id d9443c01a7336-1ff573cca00mr160609285ad.45.1722989221321; Tue, 06 Aug 2024 17:07:01 -0700 (PDT) Received: from debug.ba.rivosinc.com ([64.71.180.162]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-1ff58f59cc2sm93381845ad.92.2024.08.06.17.07.00 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 06 Aug 2024 17:07:01 -0700 (PDT) From: Deepak Gupta To: qemu-devel@nongnu.org, qemu-riscv@nongnu.org Cc: richard.henderson@linaro.org, pbonzini@redhat.com, palmer@dabbelt.com, Alistair.Francis@wdc.com, laurent@vivier.eu, bmeng.cn@gmail.com, liwei1518@gmail.com, dbarboza@ventanamicro.com, zhiwei_liu@linux.alibaba.com, Deepak Gupta , Jim Shu , Andy Chiu Subject: [PATCH v3 04/20] target/riscv: save and restore elp state on priv transitions Date: Tue, 6 Aug 2024 17:06:35 -0700 Message-ID: <20240807000652.1417776-5-debug@rivosinc.com> X-Mailer: git-send-email 2.45.0 In-Reply-To: <20240807000652.1417776-1-debug@rivosinc.com> References: <20240807000652.1417776-1-debug@rivosinc.com> MIME-Version: 1.0 Received-SPF: pass client-ip=2607:f8b0:4864:20::629; envelope-from=debug@rivosinc.com; helo=mail-pl1-x629.google.com X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org elp state is recorded in *status on trap entry (less privilege to higher privilege) and restored in elp from *status on trap exit (higher to less privilege). Additionally this patch introduces a forward cfi helper function to determine if current privilege has forward cfi is enabled or not based on *envcfg (for U, VU, S, VU, HS) or mseccfg csr (for M). For qemu-user, a new field `ufcfien` is introduced which is by default set to false and helper function returns value deposited in `ufcfien` for qemu-user. Signed-off-by: Deepak Gupta Co-developed-by: Jim Shu Co-developed-by: Andy Chiu --- target/riscv/cpu.c | 5 ++++ target/riscv/cpu.h | 2 ++ target/riscv/cpu_helper.c | 58 +++++++++++++++++++++++++++++++++++++++ target/riscv/op_helper.c | 18 ++++++++++++ 4 files changed, 83 insertions(+) diff --git a/target/riscv/cpu.c b/target/riscv/cpu.c index 82fa85a8d6..e1526c7ab5 100644 --- a/target/riscv/cpu.c +++ b/target/riscv/cpu.c @@ -1022,6 +1022,11 @@ static void riscv_cpu_reset_hold(Object *obj, ResetType type) env->load_res = -1; set_default_nan_mode(1, &env->fp_status); +#ifdef CONFIG_USER_ONLY + /* qemu-user for riscv, fcfi is off by default */ + env->ufcfien = false; +#endif + #ifndef CONFIG_USER_ONLY if (cpu->cfg.debug) { riscv_trigger_reset_hold(env); diff --git a/target/riscv/cpu.h b/target/riscv/cpu.h index ae436a3179..8c7841fc08 100644 --- a/target/riscv/cpu.h +++ b/target/riscv/cpu.h @@ -226,6 +226,7 @@ struct CPUArchState { cfi_elp elp; #ifdef CONFIG_USER_ONLY uint32_t elf_flags; + bool ufcfien; #endif #ifndef CONFIG_USER_ONLY @@ -530,6 +531,7 @@ void riscv_cpu_set_geilen(CPURISCVState *env, target_ulong geilen); bool riscv_cpu_vector_enabled(CPURISCVState *env); void riscv_cpu_set_virt_enabled(CPURISCVState *env, bool enable); int riscv_env_mmu_index(CPURISCVState *env, bool ifetch); +bool cpu_get_fcfien(CPURISCVState *env); G_NORETURN void riscv_cpu_do_unaligned_access(CPUState *cs, vaddr addr, MMUAccessType access_type, int mmu_idx, uintptr_t retaddr); diff --git a/target/riscv/cpu_helper.c b/target/riscv/cpu_helper.c index 6709622dd3..8c69c55576 100644 --- a/target/riscv/cpu_helper.c +++ b/target/riscv/cpu_helper.c @@ -33,6 +33,7 @@ #include "cpu_bits.h" #include "debug.h" #include "tcg/oversized-guest.h" +#include "pmp.h" int riscv_env_mmu_index(CPURISCVState *env, bool ifetch) { @@ -63,6 +64,35 @@ int riscv_env_mmu_index(CPURISCVState *env, bool ifetch) #endif } +bool cpu_get_fcfien(CPURISCVState *env) +{ +#ifdef CONFIG_USER_ONLY + return env->ufcfien; +#else + /* no cfi extension, return false */ + if (!env_archcpu(env)->cfg.ext_zicfilp) { + return false; + } + + switch (env->priv) { + case PRV_U: + if (riscv_has_ext(env, RVS)) { + return env->senvcfg & MENVCFG_LPE; + } + return env->menvcfg & MENVCFG_LPE; + case PRV_S: + if (env->virt_enabled) { + return env->henvcfg & HENVCFG_LPE; + } + return env->menvcfg & MENVCFG_LPE; + case PRV_M: + return env->mseccfg & MSECCFG_MLPE; + default: + g_assert_not_reached(); + } +#endif +} + void cpu_get_tb_cpu_state(CPURISCVState *env, vaddr *pc, uint64_t *cs_base, uint32_t *pflags) { @@ -546,6 +576,15 @@ void riscv_cpu_swap_hypervisor_regs(CPURISCVState *env) } bool current_virt = env->virt_enabled; + /* + * If zicfilp extension available and henvcfg.LPE = 1, + * then apply SPELP mask on mstatus + */ + if (env_archcpu(env)->cfg.ext_zicfilp && + get_field(env->henvcfg, HENVCFG_LPE)) { + mstatus_mask |= SSTATUS_SPELP; + } + g_assert(riscv_has_ext(env, RVH)); if (current_virt) { @@ -1754,6 +1793,11 @@ void riscv_cpu_do_interrupt(CPUState *cs) if (env->priv <= PRV_S && cause < 64 && (((deleg >> cause) & 1) || s_injected || vs_injected)) { /* handle the trap in S-mode */ + /* save elp status */ + if (cpu_get_fcfien(env)) { + env->mstatus = set_field(env->mstatus, MSTATUS_SPELP, env->elp); + } + if (riscv_has_ext(env, RVH)) { uint64_t hdeleg = async ? env->hideleg : env->hedeleg; @@ -1802,6 +1846,11 @@ void riscv_cpu_do_interrupt(CPUState *cs) riscv_cpu_set_mode(env, PRV_S); } else { /* handle the trap in M-mode */ + /* save elp status */ + if (cpu_get_fcfien(env)) { + env->mstatus = set_field(env->mstatus, MSTATUS_MPELP, env->elp); + } + if (riscv_has_ext(env, RVH)) { if (env->virt_enabled) { riscv_cpu_swap_hypervisor_regs(env); @@ -1833,6 +1882,15 @@ void riscv_cpu_do_interrupt(CPUState *cs) riscv_cpu_set_mode(env, PRV_M); } + /* + * Interrupt/exception/trap delivery is asynchronous event and as per + * Zisslpcfi spec CPU should clear up the ELP state. If cfi extension is + * available, clear ELP state. + */ + + if (cpu->cfg.ext_zicfilp) { + env->elp = NO_LP_EXPECTED; + } /* * NOTE: it is not necessary to yield load reservations here. It is only * necessary for an SC from "another hart" to cause a load reservation diff --git a/target/riscv/op_helper.c b/target/riscv/op_helper.c index 2baf5bc3ca..488116cc2e 100644 --- a/target/riscv/op_helper.c +++ b/target/riscv/op_helper.c @@ -313,6 +313,15 @@ target_ulong helper_sret(CPURISCVState *env) riscv_cpu_set_mode(env, prev_priv); + /* + * If forward cfi enabled for new priv, restore elp status + * and clear spelp in mstatus + */ + if (cpu_get_fcfien(env)) { + env->elp = get_field(env->mstatus, MSTATUS_SPELP); + env->mstatus = set_field(env->mstatus, MSTATUS_SPELP, 0); + } + return retpc; } @@ -357,6 +366,15 @@ target_ulong helper_mret(CPURISCVState *env) riscv_cpu_set_virt_enabled(env, prev_virt); } + /* + * If forward cfi enabled for new priv, restore elp status + * and clear mpelp in mstatus + */ + if (cpu_get_fcfien(env)) { + env->elp = get_field(env->mstatus, MSTATUS_MPELP); + env->mstatus = set_field(env->mstatus, MSTATUS_MPELP, 0); + } + return retpc; } From patchwork Wed Aug 7 00:06:36 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Deepak Gupta X-Patchwork-Id: 13755526 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 0CA9BC52D6F for ; Wed, 7 Aug 2024 00:09:28 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1sbUDC-0003Sa-Nn; Tue, 06 Aug 2024 20:07:30 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sbUCp-0002a5-2D for qemu-devel@nongnu.org; Tue, 06 Aug 2024 20:07:08 -0400 Received: from mail-pl1-x62c.google.com ([2607:f8b0:4864:20::62c]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1sbUCm-00018T-5g for qemu-devel@nongnu.org; Tue, 06 Aug 2024 20:07:06 -0400 Received: by mail-pl1-x62c.google.com with SMTP id d9443c01a7336-1fc66fc35f2so2847975ad.0 for ; Tue, 06 Aug 2024 17:07:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rivosinc-com.20230601.gappssmtp.com; s=20230601; t=1722989222; x=1723594022; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=316Sz2WI5Ks+hswcW2Zhyj1GbrmjYQrX/amYB/zWJFU=; b=qCuJRTvRK6cjAyohTKpob5+BXSEGsp8tiqjb6a7aqM3txLqiD90NHAJRw1JsQjrwhR L+7+yyr3sxN8t2l6HvHS6O6TLdaw67xkefnebK467161xGj3iEkMYv8X8FKId1u3fYuS SBLEzQ4OgnTi8aUSrQWrPwvXwRBsBa9kIjlTn4NNxk2l9GICiDdS1VO6DJOVkFGILTDA jYjW+g3oJHk8zoAv1qtYsjw8hLjdHLvuiJ/lyoF1tawzv0OTC80PKJRug7ziSEYBZ+8D /9+4SYL1YfyxoOOpt2LK1LJ/T2fRNuFpn93McG3G7spJCA47h504pVNPgLe5oOTuYBSv dI1A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1722989222; x=1723594022; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=316Sz2WI5Ks+hswcW2Zhyj1GbrmjYQrX/amYB/zWJFU=; b=oiYDVaG1vsTM6cpvPvsh+vLIgilN8WTQi1VqVM7p5BxtUG/WSznrVEQgeGUHr4nEkq m/mlEEEmU9QcSb/bXHvvWcfuFdNuIVf2+XYUYeApJ+Imzn2NnrNbhQpNTY/DOeD0eIiL jmdHQog9Zo9JRZNxZMm5t6f1kGXt/D1ZmUjWn6Mv3673WylnMhLTHgqv+yeL0aKsUIvo qo+Al+4p7c67unwfa7Q16rsryr8I52fQ9CvZ1AKIeH7ODsju9YDq9MmIHq2iQh5Ra6dz m1K9ycdNWBKX1pI3O7zrdNkFzp2QzUf5i5S3N7NrYUAEoQWt5OZOOnaMKShvnALEoKYd neRg== X-Gm-Message-State: AOJu0Yw2B72KB67gILmc4EgYBU8W8FKk6P+wwlV7qN6iKvCPGqKKlydA mznpr37OKER48kdEz3ZEBmlF17REW3AgKBiiiLAwacRri5OWK5608xKQr7gHqBr4JhgYHeirKcu W X-Google-Smtp-Source: AGHT+IFwRFucBISDivapJGj0Xj9EJakD1Jb0QrLn11PsnwUhnSMsgPaWXwZPSMomdZbKL1Sp6QwtPg== X-Received: by 2002:a17:902:f690:b0:1ff:5135:131f with SMTP id d9443c01a7336-20085543263mr8148325ad.25.1722989222463; Tue, 06 Aug 2024 17:07:02 -0700 (PDT) Received: from debug.ba.rivosinc.com ([64.71.180.162]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-1ff58f59cc2sm93381845ad.92.2024.08.06.17.07.01 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 06 Aug 2024 17:07:02 -0700 (PDT) From: Deepak Gupta To: qemu-devel@nongnu.org, qemu-riscv@nongnu.org Cc: richard.henderson@linaro.org, pbonzini@redhat.com, palmer@dabbelt.com, Alistair.Francis@wdc.com, laurent@vivier.eu, bmeng.cn@gmail.com, liwei1518@gmail.com, dbarboza@ventanamicro.com, zhiwei_liu@linux.alibaba.com, Deepak Gupta Subject: [PATCH v3 05/20] target/riscv: additional code information for sw check Date: Tue, 6 Aug 2024 17:06:36 -0700 Message-ID: <20240807000652.1417776-6-debug@rivosinc.com> X-Mailer: git-send-email 2.45.0 In-Reply-To: <20240807000652.1417776-1-debug@rivosinc.com> References: <20240807000652.1417776-1-debug@rivosinc.com> MIME-Version: 1.0 Received-SPF: pass client-ip=2607:f8b0:4864:20::62c; envelope-from=debug@rivosinc.com; helo=mail-pl1-x62c.google.com X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org sw check exception support was recently added. This patch further augments sw check exception by providing support for additional code which is provided in *tval. Adds `sw_check_code` field in cpuarchstate. Whenever sw check exception is raised *tval gets the value deposited in `sw_check_code`. Signed-off-by: Deepak Gupta Reviewed-by: Richard Henderson --- target/riscv/cpu.h | 2 ++ target/riscv/cpu_helper.c | 2 ++ target/riscv/csr.c | 1 + 3 files changed, 5 insertions(+) diff --git a/target/riscv/cpu.h b/target/riscv/cpu.h index 8c7841fc08..12334f9540 100644 --- a/target/riscv/cpu.h +++ b/target/riscv/cpu.h @@ -224,6 +224,8 @@ struct CPUArchState { /* elp state for zicfilp extension */ cfi_elp elp; + /* sw check code for sw check exception */ + target_ulong sw_check_code; #ifdef CONFIG_USER_ONLY uint32_t elf_flags; bool ufcfien; diff --git a/target/riscv/cpu_helper.c b/target/riscv/cpu_helper.c index 8c69c55576..364f3ee212 100644 --- a/target/riscv/cpu_helper.c +++ b/target/riscv/cpu_helper.c @@ -1762,6 +1762,8 @@ void riscv_cpu_do_interrupt(CPUState *cs) cs->watchpoint_hit = NULL; } break; + case RISCV_EXCP_SW_CHECK: + tval = env->sw_check_code; default: break; } diff --git a/target/riscv/csr.c b/target/riscv/csr.c index 5771a14848..a5a969a377 100644 --- a/target/riscv/csr.c +++ b/target/riscv/csr.c @@ -1179,6 +1179,7 @@ static const uint64_t all_ints = M_MODE_INTERRUPTS | S_MODE_INTERRUPTS | (1ULL << (RISCV_EXCP_INST_PAGE_FAULT)) | \ (1ULL << (RISCV_EXCP_LOAD_PAGE_FAULT)) | \ (1ULL << (RISCV_EXCP_STORE_PAGE_FAULT)) | \ + (1ULL << (RISCV_EXCP_SW_CHECK)) | \ (1ULL << (RISCV_EXCP_INST_GUEST_PAGE_FAULT)) | \ (1ULL << (RISCV_EXCP_LOAD_GUEST_ACCESS_FAULT)) | \ (1ULL << (RISCV_EXCP_VIRT_INSTRUCTION_FAULT)) | \ From patchwork Wed Aug 7 00:06:37 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Deepak Gupta X-Patchwork-Id: 13755524 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 8A585C52D7C for ; Wed, 7 Aug 2024 00:09:17 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1sbUDF-0003ci-RN; Tue, 06 Aug 2024 20:07:33 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sbUCr-0002d6-FK for qemu-devel@nongnu.org; Tue, 06 Aug 2024 20:07:12 -0400 Received: from mail-pl1-x62c.google.com ([2607:f8b0:4864:20::62c]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1sbUCp-00018n-01 for qemu-devel@nongnu.org; Tue, 06 Aug 2024 20:07:08 -0400 Received: by mail-pl1-x62c.google.com with SMTP id d9443c01a7336-1fd69e44596so2816725ad.1 for ; Tue, 06 Aug 2024 17:07:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rivosinc-com.20230601.gappssmtp.com; s=20230601; t=1722989224; x=1723594024; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=XDtCL9tVQImt/zx5S+6XoLO3l79YnLS0xiTRQ/sdwI0=; b=nuGA1zYhjm1FUATiOUiBDPCMy0wvdj1btM1a2E1Bdx9KCbk0NW1a5O8JtReFMaYjhU lrVzE7nvuHYBYuc6Hoxp3bMo7zG92na3Ih3KYhJ81jm+dKWL+rQa34tYsna1Vt6T9FaM N/CqpE6h3lgis4fp0m8UcbAwOQGv/wogTWe2PT3UqpbfHL3xMl0JLFA65CmvEKzvHtfO oR+V/rceH9p5S84AxCFAk24HZ3rhXbekUwzXzk3VlfcWWpVbgqp7KAfL3LO0iAsNJq/O kd8vPggJoNFsxYtIp+2Crcf99VF+XNRFfs0IX8llpVPidtcDnTgVHE6JcO9/BTQacGjK WZOA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1722989224; x=1723594024; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=XDtCL9tVQImt/zx5S+6XoLO3l79YnLS0xiTRQ/sdwI0=; b=E0Gkx5b93mLzcRhsMc26IOvzOKE1gULlSPBf+ki9Yl0mG83mQJPYjbm/MKzDCKVKDe 6Cjwiry6LD1iVaBg3Sh+ZVMA7r5B1fO++lVFaSRuxy0nHik7pvugsi9mkB2W/2dCOFui U+3hd/cfJnbYWMoXn8VqBx9kbwmOmBPoWSZNv3Vk8wGP0XFvs2Fuq0xZmhGEkxcRWo3Y nMlUqlB6NnVcL6jSMU/+WVUamWvkComK7swT6sPlB3BTx7TUoxkQ9szwc8xypKLl0Zq4 DtN9gYf3TVTn2BnMLTjSndu6Mycdswiq79hoTXCo3RxUsdeGlLTe4Rl+qD+Pt5/cnQd2 S/GQ== X-Gm-Message-State: AOJu0YzKRRhskv1ovdgUVJCCRtVSBBncG9Wzo3FIx6xZk185RrazMFbZ JWnSS8GzqSP5RrStoRwvEj73/GYJgLYvDRGs+sOaRH78lTyisKlXp9IDXz2mOe68qA8ybg0L3Fr F X-Google-Smtp-Source: AGHT+IGgewC76ZOS2WEyUpXDXx3UVzSFym5BcUtkc6FEvkDmvk8A7HpNvVfZe80+r2ojTwnt9OInMg== X-Received: by 2002:a17:902:c403:b0:1fd:6033:f94e with SMTP id d9443c01a7336-200855683a3mr6812565ad.27.1722989223650; Tue, 06 Aug 2024 17:07:03 -0700 (PDT) Received: from debug.ba.rivosinc.com ([64.71.180.162]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-1ff58f59cc2sm93381845ad.92.2024.08.06.17.07.02 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 06 Aug 2024 17:07:03 -0700 (PDT) From: Deepak Gupta To: qemu-devel@nongnu.org, qemu-riscv@nongnu.org Cc: richard.henderson@linaro.org, pbonzini@redhat.com, palmer@dabbelt.com, Alistair.Francis@wdc.com, laurent@vivier.eu, bmeng.cn@gmail.com, liwei1518@gmail.com, dbarboza@ventanamicro.com, zhiwei_liu@linux.alibaba.com, Deepak Gupta , Jim Shu , Andy Chiu Subject: [PATCH v3 06/20] target/riscv: tracking indirect branches (fcfi) for zicfilp Date: Tue, 6 Aug 2024 17:06:37 -0700 Message-ID: <20240807000652.1417776-7-debug@rivosinc.com> X-Mailer: git-send-email 2.45.0 In-Reply-To: <20240807000652.1417776-1-debug@rivosinc.com> References: <20240807000652.1417776-1-debug@rivosinc.com> MIME-Version: 1.0 Received-SPF: pass client-ip=2607:f8b0:4864:20::62c; envelope-from=debug@rivosinc.com; helo=mail-pl1-x62c.google.com X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org zicfilp protects forward control flow (if enabled) by enforcing all indirect call and jmp must land on a landing pad instruction `lpad`. If target of an indirect call or jmp is not `lpad` then cpu/hart must raise a sw check exception with tval = 2. This patch implements the mechanism using TCG. Target architecture branch instruction must define the end of a TB. Using this property, during translation of branch instruction, TB flag = FCFI_LP_EXPECTED can be set. Translation of target TB can check if FCFI_LP_EXPECTED flag is set and a flag (fcfi_lp_expected) can be set in DisasContext. If `lpad` gets translated, fcfi_lp_expected flag in DisasContext can be cleared. Else it'll fault. Signed-off-by: Deepak Gupta Co-developed-by: Jim Shu Co-developed-by: Andy Chiu --- target/riscv/cpu.h | 3 +++ target/riscv/cpu_bits.h | 7 ++++++ target/riscv/cpu_helper.c | 13 +++++++++++ target/riscv/helper.h | 3 +++ target/riscv/op_helper.c | 7 ++++++ target/riscv/translate.c | 45 +++++++++++++++++++++++++++++++++++++++ 6 files changed, 78 insertions(+) diff --git a/target/riscv/cpu.h b/target/riscv/cpu.h index 12334f9540..b77481428f 100644 --- a/target/riscv/cpu.h +++ b/target/riscv/cpu.h @@ -606,6 +606,9 @@ FIELD(TB_FLAGS, ITRIGGER, 22, 1) FIELD(TB_FLAGS, VIRT_ENABLED, 23, 1) FIELD(TB_FLAGS, PRIV, 24, 2) FIELD(TB_FLAGS, AXL, 26, 2) +/* zicfilp needs a TB flag to track indirect branches */ +FIELD(TB_FLAGS, FCFI_ENABLED, 28, 1) +FIELD(TB_FLAGS, FCFI_LP_EXPECTED, 29, 1) #ifdef TARGET_RISCV32 #define riscv_cpu_mxl(env) ((void)(env), MXL_RV32) diff --git a/target/riscv/cpu_bits.h b/target/riscv/cpu_bits.h index 127f2179dc..1709564b32 100644 --- a/target/riscv/cpu_bits.h +++ b/target/riscv/cpu_bits.h @@ -590,6 +590,10 @@ typedef enum { LP_EXPECTED = 1, } cfi_elp; +typedef enum { + MISSING_LPAD = 0, +} cfi_violation_cause; + /* hstatus CSR bits */ #define HSTATUS_VSBE 0x00000020 #define HSTATUS_GVA 0x00000040 @@ -691,6 +695,9 @@ typedef enum RISCVException { RISCV_EXCP_SEMIHOST = 0x3f, } RISCVException; +/* zicfilp defines lp violation results in sw check with tval = 2*/ +#define RISCV_EXCP_SW_CHECK_FCFI_TVAL 2 + #define RISCV_EXCP_INT_FLAG 0x80000000 #define RISCV_EXCP_INT_MASK 0x7fffffff diff --git a/target/riscv/cpu_helper.c b/target/riscv/cpu_helper.c index 364f3ee212..c7af430f38 100644 --- a/target/riscv/cpu_helper.c +++ b/target/riscv/cpu_helper.c @@ -134,6 +134,19 @@ void cpu_get_tb_cpu_state(CPURISCVState *env, vaddr *pc, flags = FIELD_DP32(flags, TB_FLAGS, VILL, 1); } + if (cpu_get_fcfien(env)) { + /* + * For Forward CFI, only the expectation of a lpcll at + * the start of the block is tracked (which can only happen + * when FCFI is enabled for the current processor mode). A jump + * or call at the end of the previous TB will have updated + * env->elp to indicate the expectation. + */ + flags = FIELD_DP32(flags, TB_FLAGS, FCFI_LP_EXPECTED, + env->elp != NO_LP_EXPECTED); + flags = FIELD_DP32(flags, TB_FLAGS, FCFI_ENABLED, 1); + } + #ifdef CONFIG_USER_ONLY fs = EXT_STATUS_DIRTY; vs = EXT_STATUS_DIRTY; diff --git a/target/riscv/helper.h b/target/riscv/helper.h index 451261ce5a..fc4c41db5e 100644 --- a/target/riscv/helper.h +++ b/target/riscv/helper.h @@ -121,6 +121,9 @@ DEF_HELPER_2(cbo_clean_flush, void, env, tl) DEF_HELPER_2(cbo_inval, void, env, tl) DEF_HELPER_2(cbo_zero, void, env, tl) +/* helper for raising sw check exception */ +DEF_HELPER_4(raise_sw_check_excep, void, env, tl, tl, tl) + /* Special functions */ DEF_HELPER_2(csrr, tl, env, int) DEF_HELPER_3(csrw, void, env, int, tl) diff --git a/target/riscv/op_helper.c b/target/riscv/op_helper.c index 488116cc2e..3b47fb34ea 100644 --- a/target/riscv/op_helper.c +++ b/target/riscv/op_helper.c @@ -259,6 +259,13 @@ void helper_cbo_inval(CPURISCVState *env, target_ulong address) /* We don't emulate the cache-hierarchy, so we're done. */ } +void helper_raise_sw_check_excep(CPURISCVState *env, target_ulong swcheck_code, + target_ulong arg1, target_ulong arg2) +{ + env->sw_check_code = swcheck_code; + riscv_raise_exception(env, RISCV_EXCP_SW_CHECK, GETPC()); +} + #ifndef CONFIG_USER_ONLY target_ulong helper_sret(CPURISCVState *env) diff --git a/target/riscv/translate.c b/target/riscv/translate.c index acba90f170..fbca3b8a06 100644 --- a/target/riscv/translate.c +++ b/target/riscv/translate.c @@ -44,6 +44,7 @@ static TCGv load_val; /* globals for PM CSRs */ static TCGv pm_mask; static TCGv pm_base; +static TCGOp *cfi_lp_check; /* * If an operation is being performed on less than TARGET_LONG_BITS, @@ -116,6 +117,9 @@ typedef struct DisasContext { bool frm_valid; bool insn_start_updated; const GPtrArray *decoders; + /* zicfilp extension. fcfi_enabled, lp expected or not */ + bool fcfi_enabled; + bool fcfi_lp_expected; } DisasContext; static inline bool has_ext(DisasContext *ctx, uint32_t ext) @@ -1238,6 +1242,8 @@ static void riscv_tr_init_disas_context(DisasContextBase *dcbase, CPUState *cs) ctx->pm_base_enabled = FIELD_EX32(tb_flags, TB_FLAGS, PM_BASE_ENABLED); ctx->ztso = cpu->cfg.ext_ztso; ctx->itrigger = FIELD_EX32(tb_flags, TB_FLAGS, ITRIGGER); + ctx->fcfi_lp_expected = FIELD_EX32(tb_flags, TB_FLAGS, FCFI_LP_EXPECTED); + ctx->fcfi_enabled = FIELD_EX32(tb_flags, TB_FLAGS, FCFI_ENABLED); ctx->zero = tcg_constant_tl(0); ctx->virt_inst_excp = false; ctx->decoders = cpu->decoders; @@ -1245,6 +1251,37 @@ static void riscv_tr_init_disas_context(DisasContextBase *dcbase, CPUState *cs) static void riscv_tr_tb_start(DisasContextBase *db, CPUState *cpu) { + DisasContext *ctx = container_of(db, DisasContext, base); + + if (ctx->fcfi_lp_expected) { + /* + * Since we can't look ahead to confirm that the first + * instruction is a legal landing pad instruction, emit + * compare-and-branch sequence that will be fixed-up in + * riscv_tr_tb_stop() to either statically hit or skip an + * illegal instruction exception depending on whether the + * flag was lowered by translation of a CJLP or JLP as + * the first instruction in the block. + */ + TCGv_i32 immediate; + TCGLabel *l; + l = gen_new_label(); + immediate = tcg_temp_new_i32(); + tcg_gen_movi_i32(immediate, 0); + cfi_lp_check = tcg_last_op(); + tcg_gen_brcondi_i32(TCG_COND_EQ, immediate, 0, l); + gen_helper_raise_sw_check_excep(tcg_env, + tcg_constant_tl(RISCV_EXCP_SW_CHECK_FCFI_TVAL), + tcg_constant_tl(MISSING_LPAD), tcg_constant_tl(0)); + gen_set_label(l); + /* + * Despite the use of gen_exception_illegal(), the rest of + * the TB needs to be generated. The TCG optimizer will + * clean things up depending on which path ends up being + * active. + */ + ctx->base.is_jmp = DISAS_NEXT; + } } static void riscv_tr_insn_start(DisasContextBase *dcbase, CPUState *cpu) @@ -1303,6 +1340,14 @@ static void riscv_tr_tb_stop(DisasContextBase *dcbase, CPUState *cpu) default: g_assert_not_reached(); } + + if (ctx->fcfi_lp_expected) { + /* + * If the "lp expected" flag is still up, the block needs to take an + * illegal instruction exception. + */ + tcg_set_insn_param(cfi_lp_check, 1, tcgv_i32_arg(tcg_constant_i32(1))); + } } static const TranslatorOps riscv_tr_ops = { From patchwork Wed Aug 7 00:06:38 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Deepak Gupta X-Patchwork-Id: 13755523 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 099D8C52D6F for ; Wed, 7 Aug 2024 00:09:14 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1sbUDF-0003dP-Rg; Tue, 06 Aug 2024 20:07:33 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sbUCt-0002fT-My for qemu-devel@nongnu.org; Tue, 06 Aug 2024 20:07:14 -0400 Received: from mail-pl1-x635.google.com ([2607:f8b0:4864:20::635]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1sbUCp-000198-CL for qemu-devel@nongnu.org; Tue, 06 Aug 2024 20:07:10 -0400 Received: by mail-pl1-x635.google.com with SMTP id d9443c01a7336-1ff67158052so9032105ad.0 for ; Tue, 06 Aug 2024 17:07:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rivosinc-com.20230601.gappssmtp.com; s=20230601; t=1722989225; x=1723594025; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=KFB9WinoCRZ6nhrQ1JROEIxU3zea/uMM0pqUvxVaHvQ=; b=qinONRGvT1dRotJkfcdSnsoum4WK39WVTCc5pnVFyUvs6dAuYQiEyOOoo7iUixx5Oe vou3G72CnxRj6zUQ9VthvXK4Pv4UxXhLhAxuV2C/pxkxiAZ76QVrYs4tkcyLexeAsn7d t/eBQZ4F9AdrF8vLdXjiWSt0sAZ9YYfNAd56m1AxyEfVnIlEIgkV+G9HAQvfmNmI5th4 /7n5eBy8/VK0/A6WM3KtTI1r/NgqQY09+Ay4MiDzakQBENJ03P25ZV0G+qY5apTeghYs Yv8+bpgtjstDXQjoHwvMqhvC8jxW3oGVLtq6IFIxHGHAU5ZuOt9jwKX2tYBdMYyivllN 1MfQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1722989225; x=1723594025; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=KFB9WinoCRZ6nhrQ1JROEIxU3zea/uMM0pqUvxVaHvQ=; b=D0YWh9fXb8LcXMrREIduE1oQODifvxywFj4Cd/G/1WYIXAGatPdOWxKJHjWUd/5RHa BIQFZyWrjDVGhYpFmnbiato2H7yGwFNhUbJV3LbBXj/1OEdpPOmMP9cRnxtSr16orjWZ HzvLA2c2rp0KNMAeNbNUanfwIw2UNO+nxR0z7TcGkedwkX+69uHvegGHm2FRnseOmYLx aYjW8cBpV13tmTDhjokB0leFFLCVkNwnyAJAqhlVzlggZf3tB11JU3+N1HPFitQ3GC+I SHkPOphJL/FIn6eqYsvnStUPg9dOYUGovRVSZ/0qAZ0YpZpHyhCtlPSI/J/0mwimkFhv aQow== X-Gm-Message-State: AOJu0Yy06j9wAqum66D11n/0nv+WkK+yVww+kQq6xDnSc6dWU/PZySox TKMoAZa9A9C2xecgemPrzQb+CRwknRxdAyxFPdlEOlM0SsfR6g/zMF2OO4uEO9OX2bnnIlAcUec 5 X-Google-Smtp-Source: AGHT+IFCbRVXwu7v58symlz4+s9lbSMN+QBB1mRvsmIp5TRa9N1QzgV1RexfKHJ/BHjQmDAdmD9mXQ== X-Received: by 2002:a17:903:2786:b0:1fb:dedd:aa65 with SMTP id d9443c01a7336-1ff573bb7bbmr127327385ad.42.1722989224870; Tue, 06 Aug 2024 17:07:04 -0700 (PDT) Received: from debug.ba.rivosinc.com ([64.71.180.162]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-1ff58f59cc2sm93381845ad.92.2024.08.06.17.07.03 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 06 Aug 2024 17:07:04 -0700 (PDT) From: Deepak Gupta To: qemu-devel@nongnu.org, qemu-riscv@nongnu.org Cc: richard.henderson@linaro.org, pbonzini@redhat.com, palmer@dabbelt.com, Alistair.Francis@wdc.com, laurent@vivier.eu, bmeng.cn@gmail.com, liwei1518@gmail.com, dbarboza@ventanamicro.com, zhiwei_liu@linux.alibaba.com, Deepak Gupta , Jim Shu , Andy Chiu Subject: [PATCH v3 07/20] target/riscv: zicfilp `lpad` impl and branch tracking Date: Tue, 6 Aug 2024 17:06:38 -0700 Message-ID: <20240807000652.1417776-8-debug@rivosinc.com> X-Mailer: git-send-email 2.45.0 In-Reply-To: <20240807000652.1417776-1-debug@rivosinc.com> References: <20240807000652.1417776-1-debug@rivosinc.com> MIME-Version: 1.0 Received-SPF: pass client-ip=2607:f8b0:4864:20::635; envelope-from=debug@rivosinc.com; helo=mail-pl1-x635.google.com X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Implements setting lp expected when `jalr` is encountered and implements `lpad` instruction of zicfilp. `lpad` instruction is taken out of auipc x0, . This is an existing HINTNOP space. If `lpad` is target of an indirect branch, cpu checks for 20 bit value in x7 upper with 20 bit value embedded in `lpad`. If they don't match, cpu raises a sw check exception with tval = 2. Signed-off-by: Deepak Gupta Co-developed-by: Jim Shu Co-developed-by: Andy Chiu --- target/riscv/cpu_bits.h | 2 + target/riscv/cpu_user.h | 1 + target/riscv/insn32.decode | 6 ++- target/riscv/insn_trans/trans_rvi.c.inc | 66 +++++++++++++++++++++++++ 4 files changed, 74 insertions(+), 1 deletion(-) diff --git a/target/riscv/cpu_bits.h b/target/riscv/cpu_bits.h index 1709564b32..2c585a63c2 100644 --- a/target/riscv/cpu_bits.h +++ b/target/riscv/cpu_bits.h @@ -592,6 +592,8 @@ typedef enum { typedef enum { MISSING_LPAD = 0, + MISALIGNED_LPAD = 1, + LABEL_MISMATCH_LPAD = 2, } cfi_violation_cause; /* hstatus CSR bits */ diff --git a/target/riscv/cpu_user.h b/target/riscv/cpu_user.h index 02afad608b..e6927ff847 100644 --- a/target/riscv/cpu_user.h +++ b/target/riscv/cpu_user.h @@ -15,5 +15,6 @@ #define xA6 16 #define xA7 17 /* syscall number for RVI ABI */ #define xT0 5 /* syscall number for RVE ABI */ +#define xT2 7 #endif diff --git a/target/riscv/insn32.decode b/target/riscv/insn32.decode index c45b8fa1d8..c963c59c8e 100644 --- a/target/riscv/insn32.decode +++ b/target/riscv/insn32.decode @@ -40,6 +40,7 @@ %imm_z6 26:1 15:5 %imm_mop5 30:1 26:2 20:2 %imm_mop3 30:1 26:2 +%imm_cfi20 12:20 # Argument sets: &empty @@ -123,7 +124,10 @@ sfence_vm 0001000 00100 ..... 000 00000 1110011 @sfence_vm # *** RV32I Base Instruction Set *** lui .................... ..... 0110111 @u -auipc .................... ..... 0010111 @u +{ + lpad .................... 00000 0010111 %imm_cfi20 + auipc .................... ..... 0010111 @u +} jal .................... ..... 1101111 @j jalr ............ ..... 000 ..... 1100111 @i beq ....... ..... ..... 000 ..... 1100011 @b diff --git a/target/riscv/insn_trans/trans_rvi.c.inc b/target/riscv/insn_trans/trans_rvi.c.inc index 98e3806d5e..cbd7d5c395 100644 --- a/target/riscv/insn_trans/trans_rvi.c.inc +++ b/target/riscv/insn_trans/trans_rvi.c.inc @@ -36,6 +36,58 @@ static bool trans_lui(DisasContext *ctx, arg_lui *a) return true; } +static bool trans_lpad(DisasContext *ctx, arg_lpad *a) +{ + bool lp_expected; + /* zicfilp only supported on 32bit and 64bit */ + if (get_xl(ctx) != MXL_RV32 && get_xl(ctx) != MXL_RV64) { + return false; + } + + lp_expected = ctx->fcfi_lp_expected; + /* forward cfi not enabled or lp not expected, return false */ + if (!ctx->fcfi_enabled) { + return false; + } + + /* + * If this is the first instruction of the TB, let the translator + * know the landing pad requirement was satisfied. No need to bother + * checking for CFI feature or enablement. + */ + + if (ctx->base.pc_next == ctx->base.pc_first) { + ctx->fcfi_lp_expected = false; + /* If landing pad was expected, PC must be 4 byte aligned */ + if (lp_expected && ((ctx->base.pc_next) & 0x3)) { + /* + * misaligned, according to spec we should raise sw check exception + */ + gen_helper_raise_sw_check_excep(tcg_env, + tcg_constant_tl(RISCV_EXCP_SW_CHECK_FCFI_TVAL), + tcg_constant_tl(MISALIGNED_LPAD), tcg_constant_tl(0)); + return true; + } + } + + /* if lp was expected, do label check */ + if (lp_expected) { + TCGLabel *skip = gen_new_label(); + TCGv tmp = tcg_temp_new(); + tcg_gen_st_tl(tcg_constant_tl(NO_LP_EXPECTED), + tcg_env, offsetof(CPURISCVState, elp)); + tcg_gen_extract_tl(tmp, get_gpr(ctx, xT2, EXT_NONE), 12, 20); + tcg_gen_brcondi_tl(TCG_COND_EQ, tcg_constant_tl(a->imm_cfi20), 0, skip); + tcg_gen_brcondi_tl(TCG_COND_EQ, tmp, a->imm_cfi20, skip); + gen_helper_raise_sw_check_excep(tcg_env, + tcg_constant_tl(RISCV_EXCP_SW_CHECK_FCFI_TVAL), + tcg_constant_tl(LABEL_MISMATCH_LPAD), tcg_constant_tl(0)); + gen_set_label(skip); + } + + return true; +} + static bool trans_auipc(DisasContext *ctx, arg_auipc *a) { TCGv target_pc = dest_gpr(ctx, a->rd); @@ -75,6 +127,20 @@ static bool trans_jalr(DisasContext *ctx, arg_jalr *a) gen_set_gpr(ctx, a->rd, succ_pc); tcg_gen_mov_tl(cpu_pc, target_pc); + if (ctx->cfg_ptr->ext_zicfilp && ctx->fcfi_enabled) { + /* + * Rely on a helper to check the forward CFI enable for the + * current process mode. The alternatives would be (1) include + * "fcfi enabled" in the cflags or (2) maintain a "fcfi + * currently enabled" in tcg_env and emit TCG code to access + * and test it. + */ + if (a->rs1 != xRA && a->rs1 != xT0 && a->rs1 != xT2) { + tcg_gen_st_tl(tcg_constant_tl(LP_EXPECTED), + tcg_env, offsetof(CPURISCVState, elp)); + } + } + lookup_and_goto_ptr(ctx); if (misaligned) { From patchwork Wed Aug 7 00:06:39 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Deepak Gupta X-Patchwork-Id: 13755531 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 1CED8C52D7B for ; Wed, 7 Aug 2024 00:11:24 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1sbUE1-0007FL-Rq; Tue, 06 Aug 2024 20:08:21 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sbUCt-0002ed-FN for qemu-devel@nongnu.org; Tue, 06 Aug 2024 20:07:14 -0400 Received: from mail-pf1-x42a.google.com ([2607:f8b0:4864:20::42a]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1sbUCq-00019U-Fx for qemu-devel@nongnu.org; Tue, 06 Aug 2024 20:07:10 -0400 Received: by mail-pf1-x42a.google.com with SMTP id d2e1a72fcca58-70eb0ae23e4so976288b3a.0 for ; Tue, 06 Aug 2024 17:07:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rivosinc-com.20230601.gappssmtp.com; s=20230601; t=1722989226; x=1723594026; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=/UP7ynvstNXIegRQLD30QchsVizfwdQm7R8eXCoJJ2Q=; b=Jw7ppIMXyFXzigZyugsozzuIz7McFrHV3+vme+uRdjOFoMTvB/uLuwjJyGm6cocDZT hSAzijDtI+7LY6zLC5ZshjB6LFxTPLbynO+QZsgavsV3GbwnKIvi5hqvV1iDeaNjVBfE 3/OzIp+YrepGAjFwgXjgNrxOxdYUeJh8iUdYonO7PnNa9eWY8lBCd3RQQSgY1t9/FtUZ RJWVF2GKXgS0rMEyoMmxdhBi2SXQK6uY7H2e30chDeOgoEXfiStMIJwZGCP0FahBADgQ f9MH1ymtKlvIFcEW8nFdSHw2/fYdc8epNhJMvx8UFuY0lYYCsLIaQPpo5R7+p+/iInn2 9EEg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1722989226; x=1723594026; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=/UP7ynvstNXIegRQLD30QchsVizfwdQm7R8eXCoJJ2Q=; b=jR8StzzNJt+qL/i/CUlHzLWayg1pQCe6D/0TVVSYaiyCuzDCGZjvoc9N6wMKJ4hlmO rROHLoczPPp60ZRK0uuoh0rDS6a8wrPgvG/spNBzYzd5CPrDMiKR3jqgp6Pj0P/VflJn megORqgQuGbNo5HSQbs8xc15Ggxc0AvxnjpFowy1XQUbK/x6JJDQIc7XyJam/PXdNGLE HeaAmk6/AIt+6dfbv438q8JENr+p28cL/tBgkLjlekcvrWa8o6XUMifCdZwrurDdWT8X Il18kRih1R4CX8K4Bwh+LWoglBUxDsPXK7CbWa0ViZIY9NucghU4DAV+zFCuAWB4jITk cqIA== X-Gm-Message-State: AOJu0YyOXHaY/yhEMN8kxFSSz6fHd8az3Nl6OBiyENzE++ecblkmiTtA eQ5kqB2Die5g4kZg0+Nvdt1DStRF3LIs48U5zh9PjtDVZTynwVAPm3W1IZB9s0Btn7hyOFJ7LrS e X-Google-Smtp-Source: AGHT+IFW9ev2wMDWkxxcIOt6dobPZthAtEZ77ICFeDnJ1/zPJs1cV01gX1BtMaOlNwp9fe9XC/80Jw== X-Received: by 2002:a05:6a21:1690:b0:1c4:dfa7:d3b9 with SMTP id adf61e73a8af0-1c6995634c4mr13105427637.28.1722989226086; Tue, 06 Aug 2024 17:07:06 -0700 (PDT) Received: from debug.ba.rivosinc.com ([64.71.180.162]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-1ff58f59cc2sm93381845ad.92.2024.08.06.17.07.05 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 06 Aug 2024 17:07:05 -0700 (PDT) From: Deepak Gupta To: qemu-devel@nongnu.org, qemu-riscv@nongnu.org Cc: richard.henderson@linaro.org, pbonzini@redhat.com, palmer@dabbelt.com, Alistair.Francis@wdc.com, laurent@vivier.eu, bmeng.cn@gmail.com, liwei1518@gmail.com, dbarboza@ventanamicro.com, zhiwei_liu@linux.alibaba.com, Deepak Gupta , Jim Shu , Andy Chiu Subject: [PATCH v3 08/20] disas/riscv: enabled `lpad` disassembly Date: Tue, 6 Aug 2024 17:06:39 -0700 Message-ID: <20240807000652.1417776-9-debug@rivosinc.com> X-Mailer: git-send-email 2.45.0 In-Reply-To: <20240807000652.1417776-1-debug@rivosinc.com> References: <20240807000652.1417776-1-debug@rivosinc.com> MIME-Version: 1.0 Received-SPF: pass client-ip=2607:f8b0:4864:20::42a; envelope-from=debug@rivosinc.com; helo=mail-pf1-x42a.google.com X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=unavailable autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Signed-off-by: Deepak Gupta Co-developed-by: Jim Shu Co-developed-by: Andy Chiu Reviewed-by: Richard Henderson --- disas/riscv.c | 18 +++++++++++++++++- disas/riscv.h | 2 ++ 2 files changed, 19 insertions(+), 1 deletion(-) diff --git a/disas/riscv.c b/disas/riscv.c index c8364c2b07..c7c92acef7 100644 --- a/disas/riscv.c +++ b/disas/riscv.c @@ -974,6 +974,7 @@ typedef enum { rv_op_amomaxu_h = 943, rv_op_amocas_b = 944, rv_op_amocas_h = 945, + rv_op_lpad = 946, } rv_op; /* register names */ @@ -2232,6 +2233,7 @@ const rv_opcode_data rvi_opcode_data[] = { { "amomaxu.h", rv_codec_r_a, rv_fmt_aqrl_rd_rs2_rs1, NULL, 0, 0, 0 }, { "amocas.b", rv_codec_r_a, rv_fmt_aqrl_rd_rs2_rs1, NULL, 0, 0, 0 }, { "amocas.h", rv_codec_r_a, rv_fmt_aqrl_rd_rs2_rs1, NULL, 0, 0, 0 }, + { "lpad", rv_codec_lp, rv_fmt_imm, NULL, 0, 0, 0 }, }; /* CSR names */ @@ -2925,7 +2927,13 @@ static void decode_inst_opcode(rv_decode *dec, rv_isa isa) case 7: op = rv_op_andi; break; } break; - case 5: op = rv_op_auipc; break; + case 5: + op = rv_op_auipc; + if (dec->cfg->ext_zicfilp && + (((inst >> 7) & 0b11111) == 0b00000)) { + op = rv_op_lpad; + } + break; case 6: switch ((inst >> 12) & 0b111) { case 0: op = rv_op_addiw; break; @@ -4482,6 +4490,11 @@ static uint32_t operand_tbl_index(rv_inst inst) return ((inst << 54) >> 56); } +static uint32_t operand_lpl(rv_inst inst) +{ + return inst >> 12; +} + /* decode operands */ static void decode_inst_operands(rv_decode *dec, rv_isa isa) @@ -4869,6 +4882,9 @@ static void decode_inst_operands(rv_decode *dec, rv_isa isa) dec->imm = sextract32(operand_rs2(inst), 0, 5); dec->imm1 = operand_imm2(inst); break; + case rv_codec_lp: + dec->imm = operand_lpl(inst); + break; }; } diff --git a/disas/riscv.h b/disas/riscv.h index 16a08e4895..1182457aff 100644 --- a/disas/riscv.h +++ b/disas/riscv.h @@ -166,6 +166,7 @@ typedef enum { rv_codec_r2_immhl, rv_codec_r2_imm2_imm5, rv_codec_fli, + rv_codec_lp, } rv_codec; /* structures */ @@ -228,6 +229,7 @@ enum { #define rv_fmt_rs1_rs2 "O\t1,2" #define rv_fmt_rd_imm "O\t0,i" #define rv_fmt_rd_uimm "O\t0,Ui" +#define rv_fmt_imm "O\ti" #define rv_fmt_rd_offset "O\t0,o" #define rv_fmt_rd_uoffset "O\t0,Uo" #define rv_fmt_rd_rs1_rs2 "O\t0,1,2" From patchwork Wed Aug 7 00:06:40 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Deepak Gupta X-Patchwork-Id: 13755528 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id CB5D3C49EA1 for ; Wed, 7 Aug 2024 00:09:37 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1sbUDC-0003M4-0i; Tue, 06 Aug 2024 20:07:30 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sbUCu-0002g4-DW for qemu-devel@nongnu.org; Tue, 06 Aug 2024 20:07:14 -0400 Received: from mail-pl1-x632.google.com ([2607:f8b0:4864:20::632]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1sbUCr-00019r-7S for qemu-devel@nongnu.org; Tue, 06 Aug 2024 20:07:11 -0400 Received: by mail-pl1-x632.google.com with SMTP id d9443c01a7336-1fd65aaac27so2549245ad.1 for ; Tue, 06 Aug 2024 17:07:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rivosinc-com.20230601.gappssmtp.com; s=20230601; t=1722989227; x=1723594027; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=XpTED6uOZV4AODyPSsvTHdTqj2NIb+fx5aC8tDZo5rs=; b=II81JU2W800n7CMT8Hc1SX1DcZFvl44IsOgBLDBj9pGPTNl15k4q2Ud4BeYEq7keTL 4XH6wYWS1pxQUTwmNlTZVu4sPnTNGl1DftsyqHDA1EGM0Qfv49sPLQd1SOM4U2XFXrCu 5jaBWCX4g/srWk0VGF1ufiTcEhNMCM/c0DiKzDe57ct4rUCYrBaG0VcC3UMi3xAX01I2 Divpfagzhw/xVCHtyxTkBECINu1HzLEsgfmXjf8cFouL9/LBvOqSh/8HLsbKyqW38pxr N9gQ3WJLCcc60+0KFe/gm6WpPx17oQtvMkZjOomRSLLWBIba7SfEk2O2ZTC7SN4hkvfp U8XA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1722989227; x=1723594027; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=XpTED6uOZV4AODyPSsvTHdTqj2NIb+fx5aC8tDZo5rs=; b=iRo+6GkgaXbpoHKu0errFESwkhQ0sxQRYRvcMMhUkQ+fg3kAg1evOt31se3fVZeWGl 9LLXRjdMXV749XD9tPpMRsxusM8iX2DX/P/kAsMGJhkhtjBgyJAdx1Emu/GvDRLKiKwA D0CvH4A7YjUA/BCUvOkJieeO5wKlQfEJBG7bLOpBBC9Ki5NFrqmG016R5Ru1vUen2suT CsOBg9fPaKkj+VeIhi8UJQs9f62dpr8Y6yKUQYW7O32ioKFkxnZbxK6329GC8ncy9jQ+ 4MmnDwab+5mtlUssL05WyhtBSi5GqbL857h5PyM+Y1EXZtVkQC9X7ZGKdD3q2hZ/m/Yh QJUQ== X-Gm-Message-State: AOJu0YxT9CeCF2umsEhw3x+cJ1Scal3cO//ub9cJ3lMmCX8UOMHGMUED YLp455IZkfDlbv2ujnc4gFCSYg8Tr+6xwpo7lYxRM5rxzH3wdZEPth8H3oFdbKrP5emurS4SOq6 U X-Google-Smtp-Source: AGHT+IH++w6Ao1fw05d+l7aeLWiufOdN8y3HPkZyxnSld7a0wPV7uzpytlzi9ne4qW333UzNJJ7FmQ== X-Received: by 2002:a17:903:1cb:b0:1f9:d6bf:a67c with SMTP id d9443c01a7336-200853e43edmr8057155ad.5.1722989227340; Tue, 06 Aug 2024 17:07:07 -0700 (PDT) Received: from debug.ba.rivosinc.com ([64.71.180.162]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-1ff58f59cc2sm93381845ad.92.2024.08.06.17.07.06 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 06 Aug 2024 17:07:07 -0700 (PDT) From: Deepak Gupta To: qemu-devel@nongnu.org, qemu-riscv@nongnu.org Cc: richard.henderson@linaro.org, pbonzini@redhat.com, palmer@dabbelt.com, Alistair.Francis@wdc.com, laurent@vivier.eu, bmeng.cn@gmail.com, liwei1518@gmail.com, dbarboza@ventanamicro.com, zhiwei_liu@linux.alibaba.com, Deepak Gupta , Jim Shu , Andy Chiu Subject: [PATCH v3 09/20] target/riscv: Add zicfiss extension Date: Tue, 6 Aug 2024 17:06:40 -0700 Message-ID: <20240807000652.1417776-10-debug@rivosinc.com> X-Mailer: git-send-email 2.45.0 In-Reply-To: <20240807000652.1417776-1-debug@rivosinc.com> References: <20240807000652.1417776-1-debug@rivosinc.com> MIME-Version: 1.0 Received-SPF: pass client-ip=2607:f8b0:4864:20::632; envelope-from=debug@rivosinc.com; helo=mail-pl1-x632.google.com X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=unavailable autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org zicfiss [1] riscv cpu extension enables backward control flow integrity. This patch sets up space for zicfiss extension in cpuconfig. And imple- ments dependency on zicsr, zimop and zcmop extensions. [1] - https://github.com/riscv/riscv-cfi Signed-off-by: Deepak Gupta Co-developed-by: Jim Shu Co-developed-by: Andy Chiu --- target/riscv/cpu.c | 2 ++ target/riscv/cpu_cfg.h | 1 + target/riscv/tcg/tcg-cpu.c | 15 +++++++++++++++ 3 files changed, 18 insertions(+) diff --git a/target/riscv/cpu.c b/target/riscv/cpu.c index e1526c7ab5..54fcf380ff 100644 --- a/target/riscv/cpu.c +++ b/target/riscv/cpu.c @@ -107,6 +107,7 @@ const RISCVIsaExtData isa_edata_arr[] = { ISA_EXT_DATA_ENTRY(zicclsm, PRIV_VERSION_1_11_0, has_priv_1_11), ISA_EXT_DATA_ENTRY(ziccrse, PRIV_VERSION_1_11_0, has_priv_1_11), ISA_EXT_DATA_ENTRY(zicfilp, PRIV_VERSION_1_12_0, ext_zicfilp), + ISA_EXT_DATA_ENTRY(zicfiss, PRIV_VERSION_1_13_0, ext_zicfiss), ISA_EXT_DATA_ENTRY(zicond, PRIV_VERSION_1_12_0, ext_zicond), ISA_EXT_DATA_ENTRY(zicntr, PRIV_VERSION_1_12_0, ext_zicntr), ISA_EXT_DATA_ENTRY(zicsr, PRIV_VERSION_1_10_0, ext_zicsr), @@ -1482,6 +1483,7 @@ const RISCVCPUMultiExtConfig riscv_cpu_extensions[] = { MULTI_EXT_CFG_BOOL("sscofpmf", ext_sscofpmf, false), MULTI_EXT_CFG_BOOL("zifencei", ext_zifencei, true), MULTI_EXT_CFG_BOOL("zicfilp", ext_zicfilp, false), + MULTI_EXT_CFG_BOOL("zicfiss", ext_zicfiss, false), MULTI_EXT_CFG_BOOL("zicsr", ext_zicsr, true), MULTI_EXT_CFG_BOOL("zihintntl", ext_zihintntl, true), MULTI_EXT_CFG_BOOL("zihintpause", ext_zihintpause, true), diff --git a/target/riscv/cpu_cfg.h b/target/riscv/cpu_cfg.h index 88d5defbb5..2499f38407 100644 --- a/target/riscv/cpu_cfg.h +++ b/target/riscv/cpu_cfg.h @@ -68,6 +68,7 @@ struct RISCVCPUConfig { bool ext_zicbop; bool ext_zicboz; bool ext_zicfilp; + bool ext_zicfiss; bool ext_zicond; bool ext_zihintntl; bool ext_zihintpause; diff --git a/target/riscv/tcg/tcg-cpu.c b/target/riscv/tcg/tcg-cpu.c index ed19586c9d..4fd2fd7a28 100644 --- a/target/riscv/tcg/tcg-cpu.c +++ b/target/riscv/tcg/tcg-cpu.c @@ -618,6 +618,21 @@ void riscv_cpu_validate_set_extensions(RISCVCPU *cpu, Error **errp) cpu->cfg.ext_zihpm = false; } + if (cpu->cfg.ext_zicfiss) { + if (!cpu->cfg.ext_zicsr) { + error_setg(errp, "zicfiss extension requires zicsr extension"); + return; + } + if (!cpu->cfg.ext_zimop) { + error_setg(errp, "zicfiss extension requires zimop extension"); + return; + } + if (cpu->cfg.ext_zca && !cpu->cfg.ext_zcmop) { + error_setg(errp, "zicfiss with zca requires zcmop extension"); + return; + } + } + if (!cpu->cfg.ext_zihpm) { cpu->cfg.pmu_mask = 0; cpu->pmu_avail_ctrs = 0; From patchwork Wed Aug 7 00:06:41 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Deepak Gupta X-Patchwork-Id: 13755535 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id B97BCC52D7B for ; Wed, 7 Aug 2024 00:11:38 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1sbUDs-0006D3-Um; Tue, 06 Aug 2024 20:08:13 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sbUCx-0002iQ-Ie for qemu-devel@nongnu.org; Tue, 06 Aug 2024 20:07:18 -0400 Received: from mail-pl1-x636.google.com ([2607:f8b0:4864:20::636]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1sbUCs-0001AB-AA for qemu-devel@nongnu.org; Tue, 06 Aug 2024 20:07:12 -0400 Received: by mail-pl1-x636.google.com with SMTP id d9443c01a7336-1fc6ee64512so10817335ad.0 for ; Tue, 06 Aug 2024 17:07:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rivosinc-com.20230601.gappssmtp.com; s=20230601; t=1722989229; x=1723594029; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=g+bpIptaXttzHb1X4OnANFThKybY/9eTMuFsYvhrFb8=; b=c/HxErLaigVd3acSEpQ97yz96b7dTCfG54QbqhwP15lun3w2Ic7bM3liL2Er8DId3F kfS9x6XWlKjNX8fDfUn/1FWw+IeMfueylIe89a/3mOSfKY3cahfMk86sGYMaAfOHVcP9 m3LJSlmWN9/AZCJb6rqifrGNiYZ4mbVglhLI60Yt3w8bKYS38NhvuLJ0vknqNXVjkRG5 fSPR8Sif7xyIl5N0nSflPVUTE+kx4Y9JcoLLyASmjq35QWjaNSvQZAKc0vq5ljDEv0o9 3N4eLgwlhG+SbdMmJQ37UFb+ucUfMRarZK8cxYN2syeoU2p/QAxRn8tQohuIkIt8EM0/ rZnw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1722989229; x=1723594029; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=g+bpIptaXttzHb1X4OnANFThKybY/9eTMuFsYvhrFb8=; b=r5WmViF13lZgiqcO7+gTpz9+lmzs2b/uIMz+a/rq+V6GMQYflwQqTAZy1EOWH6qu7g mrVE1Ukgqhnyb13nn0Ezil0FvqN48TmQTt2SGQlTde1MS5wlyJ3U37/s7Dy5z1zkx7Qo R+xyl/TfvxO6ZHoyf6wOOx21kx3slhfgJLV67Wni8cwpQGz76UabGEVhJ8OLdL/P+ma8 6bhycjMys0RV6INqUEhqsWwCrNWOeEioU7y28hAZkzcmdpp3/d+OoB2/8K+tyGmHabG+ T/GHw79JXxCzU1iKGroDzZy99m5/9K/2qo+fC9VUHDPD91S1SAhiYGbUpRnyMdkVJMJk XiZw== X-Gm-Message-State: AOJu0YzabNxFML00uhfdIQC/J7rAwm5NfOgbaZ7/NXmAPAsSgRWAr90b x1N994m2alWxAVWXGsGFvFSCxoTStkuqXlZ6ExX+ObVIxRnJ490HWai2d2laCmPF6yLAr/qMQ8k F X-Google-Smtp-Source: AGHT+IFG7uXHEvVwHbEQho2aFZZWbx/7WPdGFuM4KxUkMxCBzVTVVHRAIdL7MADtLu6rm0MXYSlQ6A== X-Received: by 2002:a17:903:2348:b0:1fb:6ea1:5e with SMTP id d9443c01a7336-1ff574627f4mr168099205ad.44.1722989228530; Tue, 06 Aug 2024 17:07:08 -0700 (PDT) Received: from debug.ba.rivosinc.com ([64.71.180.162]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-1ff58f59cc2sm93381845ad.92.2024.08.06.17.07.07 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 06 Aug 2024 17:07:08 -0700 (PDT) From: Deepak Gupta To: qemu-devel@nongnu.org, qemu-riscv@nongnu.org Cc: richard.henderson@linaro.org, pbonzini@redhat.com, palmer@dabbelt.com, Alistair.Francis@wdc.com, laurent@vivier.eu, bmeng.cn@gmail.com, liwei1518@gmail.com, dbarboza@ventanamicro.com, zhiwei_liu@linux.alibaba.com, Deepak Gupta , Jim Shu , Andy Chiu Subject: [PATCH v3 10/20] target/riscv: introduce ssp and enabling controls for zicfiss Date: Tue, 6 Aug 2024 17:06:41 -0700 Message-ID: <20240807000652.1417776-11-debug@rivosinc.com> X-Mailer: git-send-email 2.45.0 In-Reply-To: <20240807000652.1417776-1-debug@rivosinc.com> References: <20240807000652.1417776-1-debug@rivosinc.com> MIME-Version: 1.0 Received-SPF: pass client-ip=2607:f8b0:4864:20::636; envelope-from=debug@rivosinc.com; helo=mail-pl1-x636.google.com X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=unavailable autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org zicfiss introduces a new state ssp ("shadow stack register") in cpu. ssp is expressed as a new unprivileged csr (CSR_SSP=0x11) and holds virtual address for shadow stack as programmed by software. Shadow stack (for each mode) is enabled via bit3 in *envcfg CSRs. Shadow stack can be enabled for a mode only if it's higher privileged mode had it enabled for itself. M mode doesn't need enabling control, it's always available if extension is available on cpu. Signed-off-by: Deepak Gupta Co-developed-by: Jim Shu Co-developed-by: Andy Chiu --- target/riscv/cpu.c | 3 ++ target/riscv/cpu.h | 2 ++ target/riscv/cpu_bits.h | 6 ++++ target/riscv/csr.c | 74 +++++++++++++++++++++++++++++++++++++++++ 4 files changed, 85 insertions(+) diff --git a/target/riscv/cpu.c b/target/riscv/cpu.c index 54fcf380ff..6b50ae0e45 100644 --- a/target/riscv/cpu.c +++ b/target/riscv/cpu.c @@ -998,6 +998,9 @@ static void riscv_cpu_reset_hold(Object *obj, ResetType type) /* on reset elp is set to NO_LP_EXPECTED */ env->elp = NO_LP_EXPECTED; + /* on reset ssp is set to 0 */ + env->ssp = 0; + /* * Bits 10, 6, 2 and 12 of mideleg are read only 1 when the Hypervisor * extension is enabled. diff --git a/target/riscv/cpu.h b/target/riscv/cpu.h index b77481428f..53b005b34c 100644 --- a/target/riscv/cpu.h +++ b/target/riscv/cpu.h @@ -224,6 +224,8 @@ struct CPUArchState { /* elp state for zicfilp extension */ cfi_elp elp; + /* shadow stack register for zicfiss extension */ + target_ulong ssp; /* sw check code for sw check exception */ target_ulong sw_check_code; #ifdef CONFIG_USER_ONLY diff --git a/target/riscv/cpu_bits.h b/target/riscv/cpu_bits.h index 2c585a63c2..226157896d 100644 --- a/target/riscv/cpu_bits.h +++ b/target/riscv/cpu_bits.h @@ -34,6 +34,9 @@ /* Control and Status Registers */ +/* zicfiss user ssp csr */ +#define CSR_SSP 0x011 + /* User Trap Setup */ #define CSR_USTATUS 0x000 #define CSR_UIE 0x004 @@ -766,6 +769,7 @@ typedef enum RISCVException { /* Execution environment configuration bits */ #define MENVCFG_FIOM BIT(0) #define MENVCFG_LPE BIT(2) /* zicfilp */ +#define MENVCFG_SSE BIT(3) /* zicfiss */ #define MENVCFG_CBIE (3UL << 4) #define MENVCFG_CBCFE BIT(6) #define MENVCFG_CBZE BIT(7) @@ -780,12 +784,14 @@ typedef enum RISCVException { #define SENVCFG_FIOM MENVCFG_FIOM #define SENVCFG_LPE MENVCFG_LPE +#define SENVCFG_SSE MENVCFG_SSE #define SENVCFG_CBIE MENVCFG_CBIE #define SENVCFG_CBCFE MENVCFG_CBCFE #define SENVCFG_CBZE MENVCFG_CBZE #define HENVCFG_FIOM MENVCFG_FIOM #define HENVCFG_LPE MENVCFG_LPE +#define HENVCFG_SSE MENVCFG_SSE #define HENVCFG_CBIE MENVCFG_CBIE #define HENVCFG_CBCFE MENVCFG_CBCFE #define HENVCFG_CBZE MENVCFG_CBZE diff --git a/target/riscv/csr.c b/target/riscv/csr.c index a5a969a377..d72d6289fb 100644 --- a/target/riscv/csr.c +++ b/target/riscv/csr.c @@ -185,6 +185,47 @@ static RISCVException zcmt(CPURISCVState *env, int csrno) return RISCV_EXCP_NONE; } +static RISCVException cfi_ss(CPURISCVState *env, int csrno) +{ + /* no cfi extension, access to csr is illegal */ + if (!env_archcpu(env)->cfg.ext_zicfiss) { + return RISCV_EXCP_ILLEGAL_INST; + } + /* + * CONFIG_USER_MODE always allow access for now. Better for user mode only + * functionality + */ +#if !defined(CONFIG_USER_ONLY) + if (env->debugger) { + return RISCV_EXCP_NONE; + } + /* current priv not M */ + if (env->priv != PRV_M) { + /* menvcfg says no shadow stack enable */ + if (!get_field(env->menvcfg, MENVCFG_SSE)) { + return RISCV_EXCP_ILLEGAL_INST; + } + + /* V = 1 and henvcfg says no shadow stack enable */ + if (env->virt_enabled && + !get_field(env->henvcfg, HENVCFG_SSE)) { + return RISCV_EXCP_VIRT_INSTRUCTION_FAULT; + } + + /* + * SSP are not accessible to U mode if disabled via senvcfg + * CSR + */ + if ((env->priv == PRV_U) && + (!get_field(env->senvcfg, SENVCFG_SSE))) { + return RISCV_EXCP_ILLEGAL_INST; + } + } +#endif + + return RISCV_EXCP_NONE; +} + #if !defined(CONFIG_USER_ONLY) static RISCVException mctr(CPURISCVState *env, int csrno) { @@ -596,6 +637,19 @@ static RISCVException seed(CPURISCVState *env, int csrno) #endif } +/* zicfiss CSR_SSP read and write */ +static int read_ssp(CPURISCVState *env, int csrno, target_ulong *val) +{ + *val = env->ssp; + return RISCV_EXCP_NONE; +} + +static int write_ssp(CPURISCVState *env, int csrno, target_ulong val) +{ + env->ssp = val; + return RISCV_EXCP_NONE; +} + /* User Floating-Point CSRs */ static RISCVException read_fflags(CPURISCVState *env, int csrno, target_ulong *val) @@ -2111,6 +2165,10 @@ static RISCVException write_menvcfg(CPURISCVState *env, int csrno, if (env_archcpu(env)->cfg.ext_zicfilp) { mask |= MENVCFG_LPE; } + + if (env_archcpu(env)->cfg.ext_zicfiss) { + mask |= MENVCFG_SSE; + } } env->menvcfg = (env->menvcfg & ~mask) | (val & mask); @@ -2167,6 +2225,13 @@ static RISCVException write_senvcfg(CPURISCVState *env, int csrno, mask |= SENVCFG_LPE; } + /* Higher mode SSE must be ON for next-less mode SSE to be ON */ + if (env_archcpu(env)->cfg.ext_zicfiss && + get_field(env->menvcfg, MENVCFG_SSE) && + (env->virt_enabled ? get_field(env->henvcfg, HENVCFG_SSE) : true)) { + mask |= SENVCFG_SSE; + } + env->senvcfg = (env->senvcfg & ~mask) | (val & mask); return RISCV_EXCP_NONE; } @@ -2208,6 +2273,12 @@ static RISCVException write_henvcfg(CPURISCVState *env, int csrno, if (env_archcpu(env)->cfg.ext_zicfilp) { mask |= HENVCFG_LPE; } + + /* H can light up SSE for VS only if HS had it from menvcfg */ + if (env_archcpu(env)->cfg.ext_zicfiss && + get_field(env->menvcfg, MENVCFG_SSE)) { + mask |= HENVCFG_SSE; + } } env->henvcfg = (env->henvcfg & ~mask) | (val & mask); @@ -4663,6 +4734,9 @@ riscv_csr_operations csr_ops[CSR_TABLE_SIZE] = { /* Zcmt Extension */ [CSR_JVT] = {"jvt", zcmt, read_jvt, write_jvt}, + /* zicfiss Extension, shadow stack register */ + [CSR_SSP] = { "ssp", cfi_ss, read_ssp, write_ssp }, + #if !defined(CONFIG_USER_ONLY) /* Machine Timers and Counters */ [CSR_MCYCLE] = { "mcycle", any, read_hpmcounter, From patchwork Wed Aug 7 00:06:42 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Deepak Gupta X-Patchwork-Id: 13755515 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id D989CC52D6F for ; Wed, 7 Aug 2024 00:08:00 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1sbUDD-0003UG-SY; Tue, 06 Aug 2024 20:07:32 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sbUCx-0002iR-Iw for qemu-devel@nongnu.org; Tue, 06 Aug 2024 20:07:18 -0400 Received: from mail-pl1-x636.google.com ([2607:f8b0:4864:20::636]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1sbUCt-0001AQ-Jr for qemu-devel@nongnu.org; Tue, 06 Aug 2024 20:07:13 -0400 Received: by mail-pl1-x636.google.com with SMTP id d9443c01a7336-1ff67158052so9032345ad.0 for ; Tue, 06 Aug 2024 17:07:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rivosinc-com.20230601.gappssmtp.com; s=20230601; t=1722989230; x=1723594030; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=p278TMOnigCzL+oFjabIbGP5H63OyzVCHmmzRZdH3cg=; b=3aY8/aWMaRz43UlnDnR91DQbTQLDz4hG0aB22cTILH4ZlgBXUF0Fad68iLz/ZrkmF7 OxiYLF4t08FwLphMWhK11ttrKP8YBPfc7GDbuXXCN/1aHgp/4/aQzmObtJTXThX18Mf7 aP/35J1X9fG7yR8dzl64tTfKmY4XQ44/YXWmDjNDEJemQXI5PO7B/reHdD9GZHz6Q18w noOeSoYKSNvlOr/tk1Mjg/pzpzVbvT8GR3Xwabdfb6Y49+TvqhUpY8LomvYj003ts/VO a9RRVgJOTFhYmiwlafqG7SEvmMMPoii8hpdhaEWQxEqdupIsPTnNbpZRbCBleAecet6p qKOg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1722989230; x=1723594030; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=p278TMOnigCzL+oFjabIbGP5H63OyzVCHmmzRZdH3cg=; b=hrCly3HsnKZQKP6GrWrneMQBppPiXQgp1PoeFLd45wTHqdMmB04tFm8vw1/e8gvdls BGQ3oKrq2jEkEs4CoOFDV326piNozmnzW9Dqi/kS0f6hV3bc7eJqoltHxrxBEbiCJnG/ MbHCW7dSZCJgB6U0TUAreWn6J1kyU06ZJZg/1/if1BeXALhyOq/RDnLJyms/+w9rn4Wk lDjn8HvpDeueMP30OjtaYFJwWERo+jbr74ytLOcxbD/lEhf/B+lzkvbpaEJ/K/AoeBdF DxC3Ov2mMcYLcWTn0ZkkHhtSCiF+jlBig8KCA+jmk5vUz1ZKhx6qhG3x5r7odU7KCarP MtHw== X-Gm-Message-State: AOJu0Yy9LfZb9qdxT+G3eGlK/c80nOPkOFOPBQyzCo7G4SVifYIdBf7S XZuWC08W3IYY9f4KAzKvSue30bQbbZ1HO2IoFszTXc+IEykeep8qqngneokVTjHW3eug0lPNAGT z X-Google-Smtp-Source: AGHT+IEs3uDneuItvBmAINpXmwT/aP+LSq+rSODNM6jtzjIJcxOvioL2i1lxO5vKRUa98M5hnqthQw== X-Received: by 2002:a17:902:db08:b0:200:7d10:b889 with SMTP id d9443c01a7336-2007d10bae6mr27231925ad.57.1722989229727; Tue, 06 Aug 2024 17:07:09 -0700 (PDT) Received: from debug.ba.rivosinc.com ([64.71.180.162]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-1ff58f59cc2sm93381845ad.92.2024.08.06.17.07.08 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 06 Aug 2024 17:07:09 -0700 (PDT) From: Deepak Gupta To: qemu-devel@nongnu.org, qemu-riscv@nongnu.org Cc: richard.henderson@linaro.org, pbonzini@redhat.com, palmer@dabbelt.com, Alistair.Francis@wdc.com, laurent@vivier.eu, bmeng.cn@gmail.com, liwei1518@gmail.com, dbarboza@ventanamicro.com, zhiwei_liu@linux.alibaba.com, Deepak Gupta , Jim Shu , Andy Chiu Subject: [PATCH v3 11/20] target/riscv: tb flag for shadow stack instructions Date: Tue, 6 Aug 2024 17:06:42 -0700 Message-ID: <20240807000652.1417776-12-debug@rivosinc.com> X-Mailer: git-send-email 2.45.0 In-Reply-To: <20240807000652.1417776-1-debug@rivosinc.com> References: <20240807000652.1417776-1-debug@rivosinc.com> MIME-Version: 1.0 Received-SPF: pass client-ip=2607:f8b0:4864:20::636; envelope-from=debug@rivosinc.com; helo=mail-pl1-x636.google.com X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=unavailable autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Shadow stack instructions can be decoded as zimop / zcmop or shadow stack instructions depending on whether shadow stack are enabled at current privilege. This requires a TB flag so that correct TB generation and correct TB lookup happens. `DisasContext` gets a field indicating whether bcfi is enabled or not. This patch also implements helper bcfi function which determines if bcfi is enabled at current privilege or not. qemu-user also gets field `ubcfien` indicating whether qemu user has shadow stack enabled or not. Signed-off-by: Deepak Gupta Co-developed-by: Jim Shu Co-developed-by: Andy Chiu Reviewed-by: Richard Henderson --- target/riscv/cpu.c | 2 ++ target/riscv/cpu.h | 4 ++++ target/riscv/cpu_helper.c | 30 ++++++++++++++++++++++++++++++ target/riscv/translate.c | 4 ++++ 4 files changed, 40 insertions(+) diff --git a/target/riscv/cpu.c b/target/riscv/cpu.c index 6b50ae0e45..e1ff246c24 100644 --- a/target/riscv/cpu.c +++ b/target/riscv/cpu.c @@ -1029,6 +1029,8 @@ static void riscv_cpu_reset_hold(Object *obj, ResetType type) #ifdef CONFIG_USER_ONLY /* qemu-user for riscv, fcfi is off by default */ env->ufcfien = false; + /* qemu-user for riscv, bcfi is off by default */ + env->ubcfien = false; #endif #ifndef CONFIG_USER_ONLY diff --git a/target/riscv/cpu.h b/target/riscv/cpu.h index 53b005b34c..6da94c417c 100644 --- a/target/riscv/cpu.h +++ b/target/riscv/cpu.h @@ -231,6 +231,7 @@ struct CPUArchState { #ifdef CONFIG_USER_ONLY uint32_t elf_flags; bool ufcfien; + bool ubcfien; #endif #ifndef CONFIG_USER_ONLY @@ -536,6 +537,7 @@ bool riscv_cpu_vector_enabled(CPURISCVState *env); void riscv_cpu_set_virt_enabled(CPURISCVState *env, bool enable); int riscv_env_mmu_index(CPURISCVState *env, bool ifetch); bool cpu_get_fcfien(CPURISCVState *env); +bool cpu_get_bcfien(CPURISCVState *env); G_NORETURN void riscv_cpu_do_unaligned_access(CPUState *cs, vaddr addr, MMUAccessType access_type, int mmu_idx, uintptr_t retaddr); @@ -611,6 +613,8 @@ FIELD(TB_FLAGS, AXL, 26, 2) /* zicfilp needs a TB flag to track indirect branches */ FIELD(TB_FLAGS, FCFI_ENABLED, 28, 1) FIELD(TB_FLAGS, FCFI_LP_EXPECTED, 29, 1) +/* zicfiss needs a TB flag so that correct TB is located based on tb flags */ +FIELD(TB_FLAGS, BCFI_ENABLED, 30, 1) #ifdef TARGET_RISCV32 #define riscv_cpu_mxl(env) ((void)(env), MXL_RV32) diff --git a/target/riscv/cpu_helper.c b/target/riscv/cpu_helper.c index c7af430f38..fb6c0d4e1f 100644 --- a/target/riscv/cpu_helper.c +++ b/target/riscv/cpu_helper.c @@ -93,6 +93,32 @@ bool cpu_get_fcfien(CPURISCVState *env) #endif } +bool cpu_get_bcfien(CPURISCVState *env) +{ +#ifdef CONFIG_USER_ONLY + return env->ubcfien; +#else + /* no cfi extension, return false */ + if (!env_archcpu(env)->cfg.ext_zicfiss) { + return false; + } + + switch (env->priv) { + case PRV_U: + return env->senvcfg & SENVCFG_SSE; + case PRV_S: + if (env->virt_enabled) { + return env->henvcfg & HENVCFG_SSE; + } + return env->menvcfg & MENVCFG_SSE; + case PRV_M: /* M-mode shadow stack is always on if hart implements */ + return true; + default: + g_assert_not_reached(); + } +#endif +} + void cpu_get_tb_cpu_state(CPURISCVState *env, vaddr *pc, uint64_t *cs_base, uint32_t *pflags) { @@ -147,6 +173,10 @@ void cpu_get_tb_cpu_state(CPURISCVState *env, vaddr *pc, flags = FIELD_DP32(flags, TB_FLAGS, FCFI_ENABLED, 1); } + if (cpu_get_bcfien(env)) { + flags = FIELD_DP32(flags, TB_FLAGS, BCFI_ENABLED, 1); + } + #ifdef CONFIG_USER_ONLY fs = EXT_STATUS_DIRTY; vs = EXT_STATUS_DIRTY; diff --git a/target/riscv/translate.c b/target/riscv/translate.c index fbca3b8a06..b0526f5d79 100644 --- a/target/riscv/translate.c +++ b/target/riscv/translate.c @@ -120,6 +120,8 @@ typedef struct DisasContext { /* zicfilp extension. fcfi_enabled, lp expected or not */ bool fcfi_enabled; bool fcfi_lp_expected; + /* zicfiss extension, if shadow stack was enabled during TB gen */ + bool bcfi_enabled; } DisasContext; static inline bool has_ext(DisasContext *ctx, uint32_t ext) @@ -1242,6 +1244,8 @@ static void riscv_tr_init_disas_context(DisasContextBase *dcbase, CPUState *cs) ctx->pm_base_enabled = FIELD_EX32(tb_flags, TB_FLAGS, PM_BASE_ENABLED); ctx->ztso = cpu->cfg.ext_ztso; ctx->itrigger = FIELD_EX32(tb_flags, TB_FLAGS, ITRIGGER); + ctx->bcfi_enabled = cpu_get_bcfien(env) && + FIELD_EX32(tb_flags, TB_FLAGS, BCFI_ENABLED); ctx->fcfi_lp_expected = FIELD_EX32(tb_flags, TB_FLAGS, FCFI_LP_EXPECTED); ctx->fcfi_enabled = FIELD_EX32(tb_flags, TB_FLAGS, FCFI_ENABLED); ctx->zero = tcg_constant_tl(0); From patchwork Wed Aug 7 00:06:43 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Deepak Gupta X-Patchwork-Id: 13755519 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 3C7E2C52D6F for ; Wed, 7 Aug 2024 00:08:31 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1sbUDx-0006XY-Ki; Tue, 06 Aug 2024 20:08:18 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sbUD4-000319-3o for qemu-devel@nongnu.org; Tue, 06 Aug 2024 20:07:23 -0400 Received: from mail-pl1-x62d.google.com ([2607:f8b0:4864:20::62d]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1sbUCx-0001CK-AD for qemu-devel@nongnu.org; Tue, 06 Aug 2024 20:07:21 -0400 Received: by mail-pl1-x62d.google.com with SMTP id d9443c01a7336-1fd90c2fc68so11857405ad.1 for ; Tue, 06 Aug 2024 17:07:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rivosinc-com.20230601.gappssmtp.com; s=20230601; t=1722989231; x=1723594031; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=ZFHEY1HL0A7dkX+2//5U6cJ4axaqUQXdv3Ozs813Dsg=; b=NNZwgj1gCtLbVs7PJNJgENv05eJpuaD8J/pwUuSdwYM/R9POB6g9R/STT5rhyXfD3t hAf1zgtHzCefH/ghFmi3W4R/VbtBVUmANUkFy1W1iwnYMXpwlNgPKO6/Z8P332URWZ5A e/OQKPPtzC7q2Z1q9POpyaPUNC9sWoDG1MV9dYEZFQ9gql4GAoXNujzOpCYpxXGjGuQ0 b2El8QJwecNuoCZ73QL1YNXKT/fP9iqDo4D4J1NKnAOGUJ5TUQ7g/Iwst7rWxJchCUI0 tu8c3hVy4QvSd5aYlaOByDFetuGtUw+XA4FXlRiPGBv4lFryR7KcfOh4hxqa4ufVumbo eA0g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1722989231; x=1723594031; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=ZFHEY1HL0A7dkX+2//5U6cJ4axaqUQXdv3Ozs813Dsg=; b=eKu6cjlNK1WUtLKyKqZjH1f2TjUkp0kjhS5+7WgGmfge9BGRzAUXEWJNNGqjcRAM89 E/6X48fC6dcVVuHL2m0lg5Mt+HdAi5HA1qDCb36UxvWf/FW96Pjl1lg3RDZ//ugRZ7Ts pXa8eQsp410FSW2qaVxilh6DMhMferK+VMoxdWj4rYcloC1iVkFb90D1fh3fTLVL9/d5 VbY42Lm+K0m6l5ud8iJmxw0pkLWBh7c3TFuCwwrsBnzppCeKhi7llpBhuUnEyXm1LU9c JC4/bQbZThSnakK+ukZaicpHnEF2U4gByojMz6GGtwktculQ4mvGBf+G8dS2igy6GvrX cD1A== X-Gm-Message-State: AOJu0YxiCVm5k0tVBpmRhZZt7C/XLOR9ghnEqkEFgDrDzb2PONeTM3dY 31AE8lsW5O3wuJ9NCE6h5etShlurDAH2b7Fe7izUZW9E/3JzIzNhqWDZiSBs7XFUCz2fwptv6CL n X-Google-Smtp-Source: AGHT+IFclzCNb3eEB5r/7Rn4jNMrRkaMIr0LSGeSyQabYhqeORwYv5ccS3f3he2rlWU+uexyDiww4Q== X-Received: by 2002:a17:903:41cf:b0:1fc:6a13:a394 with SMTP id d9443c01a7336-1ff57292c0dmr193128665ad.23.1722989230983; Tue, 06 Aug 2024 17:07:10 -0700 (PDT) Received: from debug.ba.rivosinc.com ([64.71.180.162]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-1ff58f59cc2sm93381845ad.92.2024.08.06.17.07.09 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 06 Aug 2024 17:07:10 -0700 (PDT) From: Deepak Gupta To: qemu-devel@nongnu.org, qemu-riscv@nongnu.org Cc: richard.henderson@linaro.org, pbonzini@redhat.com, palmer@dabbelt.com, Alistair.Francis@wdc.com, laurent@vivier.eu, bmeng.cn@gmail.com, liwei1518@gmail.com, dbarboza@ventanamicro.com, zhiwei_liu@linux.alibaba.com, Deepak Gupta , Jim Shu , Andy Chiu Subject: [PATCH v3 12/20] target/riscv: implement zicfiss instructions Date: Tue, 6 Aug 2024 17:06:43 -0700 Message-ID: <20240807000652.1417776-13-debug@rivosinc.com> X-Mailer: git-send-email 2.45.0 In-Reply-To: <20240807000652.1417776-1-debug@rivosinc.com> References: <20240807000652.1417776-1-debug@rivosinc.com> MIME-Version: 1.0 Received-SPF: pass client-ip=2607:f8b0:4864:20::62d; envelope-from=debug@rivosinc.com; helo=mail-pl1-x62d.google.com X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=unavailable autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org zicfiss has following instructions - sspopchk: pops a value from shadow stack and compares with x1/x5. If they dont match, reports a sw check exception with tval = 3. - sspush: pushes value in x1/x5 on shadow stack - ssrdp: reads current shadow stack - ssamoswap: swaps contents of shadow stack atomically sspopchk/sspush/ssrdp default to zimop if zimop implemented and SSE=0 If SSE=0, ssamoswap is illegal instruction exception. This patch implements shadow stack operations for qemu-user and shadow stack is not protected. Signed-off-by: Deepak Gupta Co-developed-by: Jim Shu Co-developed-by: Andy Chiu --- target/riscv/cpu_bits.h | 2 + target/riscv/insn32.decode | 17 +- target/riscv/insn_trans/trans_rva.c.inc | 47 ++++++ target/riscv/insn_trans/trans_rvzicfiss.c.inc | 149 ++++++++++++++++++ target/riscv/translate.c | 1 + 5 files changed, 214 insertions(+), 2 deletions(-) create mode 100644 target/riscv/insn_trans/trans_rvzicfiss.c.inc diff --git a/target/riscv/cpu_bits.h b/target/riscv/cpu_bits.h index 226157896d..5ebc4dd5b3 100644 --- a/target/riscv/cpu_bits.h +++ b/target/riscv/cpu_bits.h @@ -702,6 +702,8 @@ typedef enum RISCVException { /* zicfilp defines lp violation results in sw check with tval = 2*/ #define RISCV_EXCP_SW_CHECK_FCFI_TVAL 2 +/* zicfiss defines ss violation results in sw check with tval = 3*/ +#define RISCV_EXCP_SW_CHECK_BCFI_TVAL 3 #define RISCV_EXCP_INT_FLAG 0x80000000 #define RISCV_EXCP_INT_MASK 0x7fffffff diff --git a/target/riscv/insn32.decode b/target/riscv/insn32.decode index c963c59c8e..c59c992ce2 100644 --- a/target/riscv/insn32.decode +++ b/target/riscv/insn32.decode @@ -65,8 +65,10 @@ # Formats 32: @r ....... ..... ..... ... ..... ....... &r %rs2 %rs1 %rd @i ............ ..... ... ..... ....... &i imm=%imm_i %rs1 %rd +@ss_pop ............ ..... ... ..... ....... &i imm=0 %rs1 rd=0 @b ....... ..... ..... ... ..... ....... &b imm=%imm_b %rs2 %rs1 @s ....... ..... ..... ... ..... ....... &s imm=%imm_s %rs2 %rs1 +@ss_push ....... ..... ..... ... ..... ....... &s imm=0 %rs2 rs1=0 @u .................... ..... ....... &u imm=%imm_u %rd @j .................... ..... ....... &j imm=%imm_j %rd @@ -247,6 +249,7 @@ remud 0000001 ..... ..... 111 ..... 1111011 @r lr_w 00010 . . 00000 ..... 010 ..... 0101111 @atom_ld sc_w 00011 . . ..... ..... 010 ..... 0101111 @atom_st amoswap_w 00001 . . ..... ..... 010 ..... 0101111 @atom_st +ssamoswap_w 01001 . . ..... ..... 010 ..... 0101111 @atom_st amoadd_w 00000 . . ..... ..... 010 ..... 0101111 @atom_st amoxor_w 00100 . . ..... ..... 010 ..... 0101111 @atom_st amoand_w 01100 . . ..... ..... 010 ..... 0101111 @atom_st @@ -260,6 +263,7 @@ amomaxu_w 11100 . . ..... ..... 010 ..... 0101111 @atom_st lr_d 00010 . . 00000 ..... 011 ..... 0101111 @atom_ld sc_d 00011 . . ..... ..... 011 ..... 0101111 @atom_st amoswap_d 00001 . . ..... ..... 011 ..... 0101111 @atom_st +ssamoswap_d 01001 . . ..... ..... 011 ..... 0101111 @atom_st amoadd_d 00000 . . ..... ..... 011 ..... 0101111 @atom_st amoxor_d 00100 . . ..... ..... 011 ..... 0101111 @atom_st amoand_d 01100 . . ..... ..... 011 ..... 0101111 @atom_st @@ -1023,8 +1027,17 @@ amocas_d 00101 . . ..... ..... 011 ..... 0101111 @atom_st amocas_q 00101 . . ..... ..... 100 ..... 0101111 @atom_st # *** Zimop may-be-operation extension *** -mop_r_n 1 . 00 .. 0111 .. ..... 100 ..... 1110011 @mop5 -mop_rr_n 1 . 00 .. 1 ..... ..... 100 ..... 1110011 @mop3 +{ + # zicfiss instructions carved out of mop.r + ssrdp 1100110 11100 00000 100 ..... 1110011 %rd + sspopchk 1100110 11100 ..... 100 00000 1110011 @ss_pop + mop_r_n 1 . 00 .. 0111 .. ..... 100 ..... 1110011 @mop5 +} +{ + # zicfiss instruction carved out of mop.rr + sspush 1100111 ..... 00000 100 00000 1110011 @ss_push + mop_rr_n 1 . 00 .. 1 ..... ..... 100 ..... 1110011 @mop3 +} # *** Zabhb Standard Extension *** amoswap_b 00001 . . ..... ..... 000 ..... 0101111 @atom_st diff --git a/target/riscv/insn_trans/trans_rva.c.inc b/target/riscv/insn_trans/trans_rva.c.inc index 39bbf60f3c..db6c03f6a8 100644 --- a/target/riscv/insn_trans/trans_rva.c.inc +++ b/target/riscv/insn_trans/trans_rva.c.inc @@ -18,6 +18,8 @@ * this program. If not, see . */ +#include "exec/memop.h" + #define REQUIRE_A_OR_ZAAMO(ctx) do { \ if (!ctx->cfg_ptr->ext_zaamo && !has_ext(ctx, RVA)) { \ return false; \ @@ -114,6 +116,28 @@ static bool trans_amoswap_w(DisasContext *ctx, arg_amoswap_w *a) return gen_amo(ctx, a, &tcg_gen_atomic_xchg_tl, MO_TESL); } +static bool trans_ssamoswap_w(DisasContext *ctx, arg_amoswap_w *a) +{ + REQUIRE_A_OR_ZAAMO(ctx); + /* default for qemu-user, use regular RW memory and thus mmu_idx=0 */ + int ss_mmu_idx = 0; + + /* back cfi was not enabled, return false */ + if (!ctx->bcfi_enabled) { + return false; + } + + TCGv dest = dest_gpr(ctx, a->rd); + TCGv src1, src2 = get_gpr(ctx, a->rs2, EXT_NONE); + + decode_save_opc(ctx); + src1 = get_address(ctx, a->rs1, 0); + + tcg_gen_atomic_xchg_tl(dest, src1, src2, ss_mmu_idx, (MO_ALIGN | MO_TESL)); + gen_set_gpr(ctx, a->rd, dest); + return true; +} + static bool trans_amoadd_w(DisasContext *ctx, arg_amoadd_w *a) { REQUIRE_A_OR_ZAAMO(ctx); @@ -183,6 +207,29 @@ static bool trans_amoswap_d(DisasContext *ctx, arg_amoswap_d *a) return gen_amo(ctx, a, &tcg_gen_atomic_xchg_tl, MO_TEUQ); } +static bool trans_ssamoswap_d(DisasContext *ctx, arg_amoswap_w *a) +{ + REQUIRE_64BIT(ctx); + REQUIRE_A_OR_ZAAMO(ctx); + /* default for qemu-user, use regular RW memory and thus mmu_idx=0 */ + int ss_mmu_idx = 0; + + /* back cfi was not enabled, return false */ + if (!ctx->bcfi_enabled) { + return false; + } + + TCGv dest = dest_gpr(ctx, a->rd); + TCGv src1, src2 = get_gpr(ctx, a->rs2, EXT_NONE); + + decode_save_opc(ctx); + src1 = get_address(ctx, a->rs1, 0); + + tcg_gen_atomic_xchg_tl(dest, src1, src2, ss_mmu_idx, (MO_ALIGN | MO_TESQ)); + gen_set_gpr(ctx, a->rd, dest); + return true; +} + static bool trans_amoadd_d(DisasContext *ctx, arg_amoadd_d *a) { REQUIRE_64BIT(ctx); diff --git a/target/riscv/insn_trans/trans_rvzicfiss.c.inc b/target/riscv/insn_trans/trans_rvzicfiss.c.inc new file mode 100644 index 0000000000..c538b7ad99 --- /dev/null +++ b/target/riscv/insn_trans/trans_rvzicfiss.c.inc @@ -0,0 +1,149 @@ +/* + * RISC-V translation routines for the Control-Flow Integrity Extension + * + * Copyright (c) 2024 Rivos Inc. + * + * This program is free software; you can redistribute it and/or modify it + * under the terms and conditions of the GNU General Public License, + * version 2 or later, as published by the Free Software Foundation. + * + * This program is distributed in the hope it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for + * more details. + * + * You should have received a copy of the GNU General Public License along with + * this program. If not, see . + */ + +static MemOp mxl_memop(DisasContext *ctx) +{ + switch (get_xl(ctx)) { + case MXL_RV32: + return MO_TEUL; + + case MXL_RV64: + return MO_TEUQ; + + case MXL_RV128: + return MO_TEUO; + + default: + g_assert_not_reached(); + } +} + +static bool trans_sspopchk(DisasContext *ctx, arg_sspopchk *a) +{ + /* default for qemu-user, use regular RW memory and thus mmu_idx=0 */ + int ss_mmu_idx = 0; + + /* sspopchk only supported on 32bit and 64bit */ + if (get_xl(ctx) != MXL_RV32 && get_xl(ctx) != MXL_RV64) { + return false; + } + + /* back cfi was not enabled, return false */ + if (!ctx->bcfi_enabled) { + return false; + } + + /* + * sspopchk can only compare with x1 or x5. Everything else defaults to + * zimops + */ + + if (a->rs1 != 1 && a->rs1 != 5) { + return false; + } + + /* + * get data in TCGv using get_gpr + * get addr in TCGv using gen_helper_csrr on CSR_SSP + * use some tcg subtract arithmetic (subtract by XLEN) on addr + * perform ss store on computed address + */ + + TCGv addr = tcg_temp_new(); + TCGLabel *skip = gen_new_label(); + uint32_t tmp = (get_xl(ctx) == MXL_RV64) ? 8 : 4; + TCGv_i32 ssp_csr = tcg_constant_i32(CSR_SSP); + TCGv data = tcg_temp_new(); + gen_helper_csrr(addr, tcg_env, ssp_csr); + + tcg_gen_qemu_ld_tl(data, addr, ss_mmu_idx, + mxl_memop(ctx) | MO_ALIGN); + TCGv rs1 = get_gpr(ctx, a->rs1, EXT_NONE); + tcg_gen_brcond_tl(TCG_COND_EQ, data, rs1, skip); + gen_helper_raise_sw_check_excep(tcg_env, + tcg_constant_tl(RISCV_EXCP_SW_CHECK_BCFI_TVAL), data, rs1); + gen_set_label(skip); + tcg_gen_addi_tl(addr, addr, tmp); + gen_helper_csrw(tcg_env, ssp_csr, addr); + + return true; +} + +static bool trans_sspush(DisasContext *ctx, arg_sspush *a) +{ + /* default for qemu-user, use regular RW memory and thus mmu_idx=0 */ + int ss_mmu_idx = 0; + + /* sspush only supported on 32bit and 64bit */ + if (get_xl(ctx) != MXL_RV32 && get_xl(ctx) != MXL_RV64) { + return false; + } + + /* back cfi was not enabled, return false */ + if (!ctx->bcfi_enabled) { + return false; + } + + /* + * sspush can only push from x1 or x5. Everything else defaults to zimop + */ + if (a->rs2 != 1 && a->rs2 != 5) { + return false; + } + + /* + * get data in TCGv using get_gpr + * get addr in TCGv using gen_helper_csrr on CSR_SSP + * use some tcg subtract arithmetic (subtract by XLEN) on addr + * perform ss store on computed address + */ + + TCGv addr = tcg_temp_new(); + int tmp = (get_xl(ctx) == MXL_RV64) ? -8 : -4; + TCGv_i32 ssp_csr = tcg_constant_i32(CSR_SSP); + TCGv data = get_gpr(ctx, a->rs2, EXT_NONE); + gen_helper_csrr(addr, tcg_env, ssp_csr); + + tcg_gen_addi_tl(addr, addr, tmp); + + tcg_gen_qemu_st_tl(data, addr, ss_mmu_idx, + mxl_memop(ctx) | MO_ALIGN); + gen_helper_csrw(tcg_env, ssp_csr, addr); + + return true; +} + +static bool trans_ssrdp(DisasContext *ctx, arg_ssrdp *a) +{ + /* ssrdp only supported on 32bit and 64bit */ + if (get_xl(ctx) != MXL_RV32 && get_xl(ctx) != MXL_RV64) { + return false; + } + + /* back cfi was not enabled, return false */ + if (!ctx->bcfi_enabled) { + return false; + } + + TCGv dest = get_gpr(ctx, a->rd, EXT_NONE); + TCGv_i32 ssp_csr = tcg_constant_i32(CSR_SSP); + gen_helper_csrr(dest, tcg_env, ssp_csr); + gen_set_gpr(ctx, a->rd, dest); + + return true; +} diff --git a/target/riscv/translate.c b/target/riscv/translate.c index b0526f5d79..de375c32a1 100644 --- a/target/riscv/translate.c +++ b/target/riscv/translate.c @@ -1142,6 +1142,7 @@ static uint32_t opcode_at(DisasContextBase *dcbase, target_ulong pc) #include "insn_trans/trans_rvzawrs.c.inc" #include "insn_trans/trans_rvzicbo.c.inc" #include "insn_trans/trans_rvzimop.c.inc" +#include "insn_trans/trans_rvzicfiss.c.inc" #include "insn_trans/trans_rvzfa.c.inc" #include "insn_trans/trans_rvzfh.c.inc" #include "insn_trans/trans_rvk.c.inc" From patchwork Wed Aug 7 00:06:44 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Deepak Gupta X-Patchwork-Id: 13755517 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 832BDC49EA1 for ; Wed, 7 Aug 2024 00:08:20 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1sbUDD-0003U5-S1; Tue, 06 Aug 2024 20:07:32 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sbUD2-0002wB-Dz for qemu-devel@nongnu.org; Tue, 06 Aug 2024 20:07:21 -0400 Received: from mail-pl1-x62c.google.com ([2607:f8b0:4864:20::62c]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1sbUCx-0001Cd-B2 for qemu-devel@nongnu.org; Tue, 06 Aug 2024 20:07:18 -0400 Received: by mail-pl1-x62c.google.com with SMTP id d9443c01a7336-1fc611a0f8cso10680505ad.2 for ; Tue, 06 Aug 2024 17:07:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rivosinc-com.20230601.gappssmtp.com; s=20230601; t=1722989232; x=1723594032; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=uj9qOhBpCT9W/nbC5avAHQrsYFSH2V3flkgQB5x2ClI=; b=02g6eg1+/CTSSkUJCaTG5JH/MCdDrXvsX2fI7MbhlG/FUmgEZqpEKR2nVZYvR7JXYk 6oefauza1pxndNln/BSaO8J/4IpnOJ8DSxiMihJrksWccM30UL0wWeMnrW59BNXWa6jJ vO9dFCwP8b6ufRokd6w4kw1OCIehQ6CW21ikV4K2rFCtN6vZ2ZO9SBSTZjvz8WcnXjfG N1Us83A9L08+xvnmL6KyuLA81HEJETXSGxEOVWa+dm3qdYDRH9mHLX+TwK/HrahQY3Qb btBu7Bey9m4g+2hZB9LB+x8nD7mMSTmU6TLocong9dFcbQKO1tpSo+CqwfU7fmlkebHB 8AZg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1722989232; x=1723594032; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=uj9qOhBpCT9W/nbC5avAHQrsYFSH2V3flkgQB5x2ClI=; b=J+YQtsIoC0WVgVQydRtjGkFbajoWR0AIvbsF52R9hv4zL0vKEH0uYaszs2jYauPcDh Q6XeQSmDFRkWsIrlIcb1bdwy0FSzQyzlDtqWHJItwpeWEKfh2zLmJYmxPkbhx5K4mgZT lKR/A8/6MwzQInEXrjrnTnQ8ECAW4vyBy2STU+vee461JchEQnzcArtF4p6zi5+4wclG nEeW2CHljsITjuMIBfLWDbkuZUuDcn45VR67ZkLhaPIxq54MiM3FWf6EDFj+c+/A0BWt m/6sYaZSnS8ZkbPGDc4ev2bv213tihS+XTLA+iZpxXRjKj6sIrdwXG/CHOokFwtotLqH v52A== X-Gm-Message-State: AOJu0YxPy6EfHO+Bc1al2rjyxg/oKw/KjJb7zdNXYE3l1OL2MWxrigyK BOTxHmPUyYtgcqeQy0YnOTbAQsX5H1lInNPmVifWEiO9OXysGi9E3qmP50SXNyKuuX5uRl4ai8i Q X-Google-Smtp-Source: AGHT+IG0S6K7Re+FGinsFaYDN0gkrxNlCeNS/oEXXga0S7b1YEvHU99FnDlbAFgN4FUcK+ezq/Eujw== X-Received: by 2002:a17:902:ea03:b0:1fb:83c5:cf93 with SMTP id d9443c01a7336-1ff572a81bcmr181473415ad.27.1722989232182; Tue, 06 Aug 2024 17:07:12 -0700 (PDT) Received: from debug.ba.rivosinc.com ([64.71.180.162]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-1ff58f59cc2sm93381845ad.92.2024.08.06.17.07.11 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 06 Aug 2024 17:07:11 -0700 (PDT) From: Deepak Gupta To: qemu-devel@nongnu.org, qemu-riscv@nongnu.org Cc: richard.henderson@linaro.org, pbonzini@redhat.com, palmer@dabbelt.com, Alistair.Francis@wdc.com, laurent@vivier.eu, bmeng.cn@gmail.com, liwei1518@gmail.com, dbarboza@ventanamicro.com, zhiwei_liu@linux.alibaba.com, Deepak Gupta , Jim Shu , Andy Chiu Subject: [PATCH v3 13/20] target/riscv: compressed encodings for sspush and sspopchk Date: Tue, 6 Aug 2024 17:06:44 -0700 Message-ID: <20240807000652.1417776-14-debug@rivosinc.com> X-Mailer: git-send-email 2.45.0 In-Reply-To: <20240807000652.1417776-1-debug@rivosinc.com> References: <20240807000652.1417776-1-debug@rivosinc.com> MIME-Version: 1.0 Received-SPF: pass client-ip=2607:f8b0:4864:20::62c; envelope-from=debug@rivosinc.com; helo=mail-pl1-x62c.google.com X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=unavailable autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org sspush/sspopchk have compressed encodings carved out of zcmops. compressed sspush is designated as c.mop.1 while compressed sspopchk is designated as c.mop.5. Note that c.sspush x1 exists while c.sspush x5 doesn't. Similarly c.sspopchk x5 exists while c.sspopchk x1 doesn't. Signed-off-by: Deepak Gupta Co-developed-by: Jim Shu Co-developed-by: Andy Chiu --- target/riscv/insn16.decode | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/target/riscv/insn16.decode b/target/riscv/insn16.decode index 3953bcf82d..d9fb74fef6 100644 --- a/target/riscv/insn16.decode +++ b/target/riscv/insn16.decode @@ -69,10 +69,12 @@ # Formats 16: @cr .... ..... ..... .. &r rs2=%rs2_5 rs1=%rd %rd @ci ... . ..... ..... .. &i imm=%imm_ci rs1=%rd %rd +@c_sspop ... . ..... ..... .. &i imm=0 rs1=5 rd=0 @cl_q ... . ..... ..... .. &i imm=%uimm_cl_q rs1=%rs1_3 rd=%rs2_3 @cl_d ... ... ... .. ... .. &i imm=%uimm_cl_d rs1=%rs1_3 rd=%rs2_3 @cl_w ... ... ... .. ... .. &i imm=%uimm_cl_w rs1=%rs1_3 rd=%rs2_3 @cs_2 ... ... ... .. ... .. &r rs2=%rs2_3 rs1=%rs1_3 rd=%rs1_3 +@c_sspush ... ... ... .. ... .. &s imm=0 rs1=0 rs2=1 @cs_q ... ... ... .. ... .. &s imm=%uimm_cl_q rs1=%rs1_3 rs2=%rs2_3 @cs_d ... ... ... .. ... .. &s imm=%uimm_cl_d rs1=%rs1_3 rs2=%rs2_3 @cs_w ... ... ... .. ... .. &s imm=%uimm_cl_w rs1=%rs1_3 rs2=%rs2_3 @@ -140,6 +142,8 @@ sw 110 ... ... .. ... 00 @cs_w addi 000 . ..... ..... 01 @ci addi 010 . ..... ..... 01 @c_li { + sspush 011 0 00001 00000 01 @c_sspush # c.sspush x1 carving out of zcmops + sspopchk 011 0 00101 00000 01 @c_sspop # c.sspopchk x5 carving out of zcmops c_mop_n 011 0 0 n:3 1 00000 01 illegal 011 0 ----- 00000 01 # c.addi16sp and c.lui, RES nzimm=0 addi 011 . 00010 ..... 01 @c_addi16sp From patchwork Wed Aug 7 00:06:45 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Deepak Gupta X-Patchwork-Id: 13755520 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 7F2C8C49EA1 for ; Wed, 7 Aug 2024 00:08:47 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1sbUEF-00082R-Po; Tue, 06 Aug 2024 20:08:35 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sbUD2-0002wL-FL for qemu-devel@nongnu.org; Tue, 06 Aug 2024 20:07:21 -0400 Received: from mail-pl1-x62e.google.com ([2607:f8b0:4864:20::62e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1sbUCx-0001Cm-BO for qemu-devel@nongnu.org; Tue, 06 Aug 2024 20:07:19 -0400 Received: by mail-pl1-x62e.google.com with SMTP id d9443c01a7336-1fd640a6454so10374105ad.3 for ; Tue, 06 Aug 2024 17:07:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rivosinc-com.20230601.gappssmtp.com; s=20230601; t=1722989233; x=1723594033; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=Fs75Z2Q/DQpJnICf6loT2R4eZwomAJ3I/UGPpjX3wUQ=; b=tPTYgWg2vQWdDuuU96z/+iwf64Yx5amrNZGgSLubYM3/vkDANZgLmv1LUXmcj6U5Q4 +6gHHYiQWiRrYXkCDERUEOqnVrwgDIWjzsUl4Evyl5k4MfHaOi6GL3sfGCClUqKRDeNE Qyp4GaKwJ3rzu9Kxte0qoGLlGAkUEfZxcEtIzBCbimFKQBIpeyPLsJVR1iAJw2oz0Ej0 ccspNAjcxxWxB1gnsZIw5tRdss7yT+0vYHIoK3McJP+1PQ+obgS/7W2cNqpgNvvHuLao UlS2LS9NCxwNQVIOTJPJN/Fe+kgJ09n+mk+MSvWV1JxVl8tkmJNsQ5XkP0VGOJYUVP14 W8VA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1722989233; x=1723594033; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Fs75Z2Q/DQpJnICf6loT2R4eZwomAJ3I/UGPpjX3wUQ=; b=hKSoxCz0gaPNQAaS9qlWK5gS5/OLzRkZDt5sMKR+y99+3NbikBQ/f3pSF9E8cVSpP7 iVDC6WfQc3xCsecszIBlslvzp2jAoqjmptUoUmSqzzC8Kn7wkwws+0BfYkyI3G0pnxuW YJ1hMk8RFNtlETXvw9FesRkCBgTdr/1S47K8Z10MjPtrTI6Y2xtYYAhD1zWFprqXbInk jRkrwioc9geSD2pIWI4xjFqmqKg+IKyAg2nz7/ERujFHC3siYa550kXb0W4P2OXUtv7x 5O2TqVp/MSR0IrbXwUOJOp6YeHa95lnCsrwc2S0fqgBS+bYamZgW5Nos6aKiG1sYZhgn PoRw== X-Gm-Message-State: AOJu0YwL1m9lNfJVjNQNg8LJLnQN42kYT6FZjNSzD+EGHY2I9QZ11buX spOzx1hKPu4uZk8BB3j9uwsLDT5uX/caP/1YSQ2nLCuSI67wwNBb0n8ZFPYopIwwZWwMdsOI4vb c X-Google-Smtp-Source: AGHT+IFYpZxBZF/jvC6ngqKFpKb331laK+RPGrSSb/4mzanekJAFlHmCqs50MybWyoOOqb6S4tSCfw== X-Received: by 2002:a17:902:f687:b0:1fb:3474:9500 with SMTP id d9443c01a7336-1ff57327173mr192799605ad.27.1722989233321; Tue, 06 Aug 2024 17:07:13 -0700 (PDT) Received: from debug.ba.rivosinc.com ([64.71.180.162]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-1ff58f59cc2sm93381845ad.92.2024.08.06.17.07.12 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 06 Aug 2024 17:07:13 -0700 (PDT) From: Deepak Gupta To: qemu-devel@nongnu.org, qemu-riscv@nongnu.org Cc: richard.henderson@linaro.org, pbonzini@redhat.com, palmer@dabbelt.com, Alistair.Francis@wdc.com, laurent@vivier.eu, bmeng.cn@gmail.com, liwei1518@gmail.com, dbarboza@ventanamicro.com, zhiwei_liu@linux.alibaba.com, Deepak Gupta Subject: [PATCH v3 14/20] target/riscv: mmu changes for zicfiss shadow stack protection Date: Tue, 6 Aug 2024 17:06:45 -0700 Message-ID: <20240807000652.1417776-15-debug@rivosinc.com> X-Mailer: git-send-email 2.45.0 In-Reply-To: <20240807000652.1417776-1-debug@rivosinc.com> References: <20240807000652.1417776-1-debug@rivosinc.com> MIME-Version: 1.0 Received-SPF: pass client-ip=2607:f8b0:4864:20::62e; envelope-from=debug@rivosinc.com; helo=mail-pl1-x62e.google.com X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org zicfiss protects shadow stack using new page table encodings PTE.W=0, PTE.R=0 and PTE.X=0. This encoding is reserved if zicfiss is not implemented or if shadow stack are not enabled. Loads on shadow stack memory are allowed while stores to shadow stack memory leads to access faults. Shadow stack accesses to RO memory leads to store page fault. To implement special nature of shadow stack memory where only selected stores (shadow stack stores from sspush) have to be allowed while rest of regular stores disallowed, new MMU TLB index is created for shadow stack. Signed-off-by: Deepak Gupta --- target/riscv/cpu_helper.c | 61 +++++++++++++++++++++++++++++++++++++-- target/riscv/internals.h | 3 ++ 2 files changed, 62 insertions(+), 2 deletions(-) diff --git a/target/riscv/cpu_helper.c b/target/riscv/cpu_helper.c index fb6c0d4e1f..5d5da8dce1 100644 --- a/target/riscv/cpu_helper.c +++ b/target/riscv/cpu_helper.c @@ -820,6 +820,18 @@ void riscv_cpu_set_mode(CPURISCVState *env, target_ulong newpriv) env->load_res = -1; } +static bool legal_sstack_access(int access_type, bool sstack_inst, + bool sstack_attribute) +{ + /* + * Read/write/execution permissions are checked as usual. Shadow + * stack enforcement is just that (1) instruction type must match + * the attribute unless (2) a non-SS load to an SS region. + */ + return (sstack_inst == sstack_attribute) || + ((access_type == MMU_DATA_LOAD) && sstack_attribute); +} + /* * get_physical_address_pmp - check PMP permission for this physical address * @@ -897,6 +909,8 @@ static int get_physical_address(CPURISCVState *env, hwaddr *physical, hwaddr ppn; int napot_bits = 0; target_ulong napot_mask; + bool is_sstack_insn = ((mmu_idx & MMU_IDX_SS_ACCESS) == MMU_IDX_SS_ACCESS); + bool sstack_page = false; /* * Check if we should use the background registers for the two @@ -1105,15 +1119,45 @@ restart: return TRANSLATE_FAIL; } + /* + * When backward CFI is enabled, the R=0, W=1, X=0 reserved encoding + * is used to mark Shadow Stack (SS) pages. If back CFI enabled, allow + * normal loads on SS pages, regular stores raise store access fault + * and avoid hitting the reserved-encoding case. Only shadow stack + * stores are allowed on SS pages. Shadow stack loads and stores on + * regular memory (non-SS) raise load and store/AMO access fault. + * Second stage translations don't participate in Shadow Stack. + */ + sstack_page = (cpu_get_bcfien(env) && first_stage && + ((pte & (PTE_R | PTE_W | PTE_X)) == PTE_W)); + /* Check for reserved combinations of RWX flags. */ switch (pte & (PTE_R | PTE_W | PTE_X)) { - case PTE_W: case PTE_W | PTE_X: + case PTE_W: + if (sstack_page) { /* if shadow stack page, PTE_W is not reserved */ + break; + } return TRANSLATE_FAIL; } + /* Illegal combo of instruction type and page attribute */ + if (!legal_sstack_access(access_type, is_sstack_insn, + sstack_page)) { + /* shadow stack instruction and RO page then it's a page fault */ + if (is_sstack_insn && ((pte & (PTE_R | PTE_W | PTE_X)) == PTE_R)) { + return TRANSLATE_FAIL; + } + /* In all other cases it's an access fault, so raise PMP_FAIL */ + return TRANSLATE_PMP_FAIL; + } + int prot = 0; - if (pte & PTE_R) { + /* + * If PTE has read bit in it or it's shadow stack page, + * then reads allowed + */ + if ((pte & PTE_R) || sstack_page) { prot |= PAGE_READ; } if (pte & PTE_W) { @@ -1351,9 +1395,17 @@ void riscv_cpu_do_unaligned_access(CPUState *cs, vaddr addr, break; case MMU_DATA_LOAD: cs->exception_index = RISCV_EXCP_LOAD_ADDR_MIS; + /* shadow stack mis aligned accesses are access faults */ + if (mmu_idx & MMU_IDX_SS_ACCESS) { + cs->exception_index = RISCV_EXCP_LOAD_ACCESS_FAULT; + } break; case MMU_DATA_STORE: cs->exception_index = RISCV_EXCP_STORE_AMO_ADDR_MIS; + /* shadow stack mis aligned accesses are access faults */ + if (mmu_idx & MMU_IDX_SS_ACCESS) { + cs->exception_index = RISCV_EXCP_STORE_AMO_ACCESS_FAULT; + } break; default: g_assert_not_reached(); @@ -1409,6 +1461,11 @@ bool riscv_cpu_tlb_fill(CPUState *cs, vaddr address, int size, qemu_log_mask(CPU_LOG_MMU, "%s ad %" VADDR_PRIx " rw %d mmu_idx %d\n", __func__, address, access_type, mmu_idx); + /* If shadow stack instruction initiated this access, treat it as store */ + if (mmu_idx & MMU_IDX_SS_ACCESS) { + access_type = MMU_DATA_STORE; + } + pmu_tlb_fill_incr_ctr(cpu, access_type); if (two_stage_lookup) { /* Two stage lookup */ diff --git a/target/riscv/internals.h b/target/riscv/internals.h index 0ac17bc5ad..dad0657c80 100644 --- a/target/riscv/internals.h +++ b/target/riscv/internals.h @@ -30,12 +30,15 @@ * - U+2STAGE 0b100 * - S+2STAGE 0b101 * - S+SUM+2STAGE 0b110 + * - Shadow stack+U 0b1000 + * - Shadow stack+S 0b1001 */ #define MMUIdx_U 0 #define MMUIdx_S 1 #define MMUIdx_S_SUM 2 #define MMUIdx_M 3 #define MMU_2STAGE_BIT (1 << 2) +#define MMU_IDX_SS_ACCESS (1 << 3) static inline int mmuidx_priv(int mmu_idx) { From patchwork Wed Aug 7 00:06:46 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Deepak Gupta X-Patchwork-Id: 13755533 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 6C429C49EA1 for ; Wed, 7 Aug 2024 00:11:35 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1sbUDM-00042I-3j; Tue, 06 Aug 2024 20:07:40 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sbUD2-0002x8-Mc for qemu-devel@nongnu.org; Tue, 06 Aug 2024 20:07:21 -0400 Received: from mail-pl1-x629.google.com ([2607:f8b0:4864:20::629]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1sbUCy-0001Cw-1p for qemu-devel@nongnu.org; Tue, 06 Aug 2024 20:07:20 -0400 Received: by mail-pl1-x629.google.com with SMTP id d9443c01a7336-1fc587361b6so10654775ad.2 for ; Tue, 06 Aug 2024 17:07:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rivosinc-com.20230601.gappssmtp.com; s=20230601; t=1722989235; x=1723594035; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=7Q+e5e5fBDJV914/KCkP7ZJFamC0/3Y1XQsZmCHaCJE=; b=K4Bhc0Ih+gKtLcV/rIHJyItIRsnMSB7kpvJ92Np0iMrM4V/z37JmgdPRSLNxtJIXe6 Ohci29+SqsXwTBSjV2K/hTp3phKqJmaL2rTNu4BfhPYGWPzHttr2Ymtvv5jO7a8aZEB6 Gb20v9GiMJ9UmI7dcM/dj3nh5sQ+03LniGXhyHBlDPt6hHs2oIk8PWcuOrpR4CCTnG3i lB6ynsmLCzQdtQMPV7fZDgqeKqAsBsWX/Wq6rA9OQj1B/tsjl/rKoTJOMlvhUWVY9zfp eRE0lrpgAsdOWN7JOvcT0ZM8SmtWSet3tQm35/PM8fbky9lRMaPlu40HtvR/v77nBuXM 7fQg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1722989235; x=1723594035; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=7Q+e5e5fBDJV914/KCkP7ZJFamC0/3Y1XQsZmCHaCJE=; b=sWr5uVBAYXwaD0ppSILj1Mb3dDck51jzKi6nZidYS28IGG6yMFeFPIihIJRn/sEGdw UbAa27ZqObOmwSWXciEGRmlGRsyNLgFKRCOpU3XwHXnkfl8WWrPnUVSeQH1wfuy/XUab TQF0nqYpjN6owRhy03jf8Ya1Nz5fu4kHRFk9pfMcQEKRRyR8oXtjTNxnLXC050omfGQF jO3ivOimHtiwe0+tP8a0BIjazj+MLshLPziBYoKn0E43bJyTNIGgGsFlSM/x2AMDEV23 BixXh7ojPY1bnPFtpoUFLzROP/8O4mvdzBzuzuTY0GnHuwb5cXbzODswQH6yFVHXy/du 0uWQ== X-Gm-Message-State: AOJu0YyOaVLgzYfRrcjLmbZg4a3+qYHNMEXI1I9mLFC4md3Q59t4LEkA ABkynxsXoszePAaxoFIpl6zD0ulBowXSRbIoSoleDZKTooaeF5rxGeN55Dm9BRrdlAIL6qtD0rV H X-Google-Smtp-Source: AGHT+IFRd8OltSTsy2aueK7GbTjTAPRffdUhv4pGgFr3kaR5EPeAb8JJEo+md/7WyoGQ3w1tHVZuWw== X-Received: by 2002:a17:902:c951:b0:1fd:9c2d:2f27 with SMTP id d9443c01a7336-1ff572cdd8fmr169693405ad.24.1722989234436; Tue, 06 Aug 2024 17:07:14 -0700 (PDT) Received: from debug.ba.rivosinc.com ([64.71.180.162]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-1ff58f59cc2sm93381845ad.92.2024.08.06.17.07.13 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 06 Aug 2024 17:07:14 -0700 (PDT) From: Deepak Gupta To: qemu-devel@nongnu.org, qemu-riscv@nongnu.org Cc: richard.henderson@linaro.org, pbonzini@redhat.com, palmer@dabbelt.com, Alistair.Francis@wdc.com, laurent@vivier.eu, bmeng.cn@gmail.com, liwei1518@gmail.com, dbarboza@ventanamicro.com, zhiwei_liu@linux.alibaba.com, Deepak Gupta Subject: [PATCH v3 15/20] target/riscv: shadow stack mmu index for shadow stack instructions Date: Tue, 6 Aug 2024 17:06:46 -0700 Message-ID: <20240807000652.1417776-16-debug@rivosinc.com> X-Mailer: git-send-email 2.45.0 In-Reply-To: <20240807000652.1417776-1-debug@rivosinc.com> References: <20240807000652.1417776-1-debug@rivosinc.com> MIME-Version: 1.0 Received-SPF: pass client-ip=2607:f8b0:4864:20::629; envelope-from=debug@rivosinc.com; helo=mail-pl1-x629.google.com X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=unavailable autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Shadow stack instructions shadow stack mmu index for load/stores. `MMU_IDX_SS_ACCESS` at bit positon 3 is used as shadow stack index. Shadow stack mmu index depend on privilege and SUM bit. If shadow stack accesses happening in user mode, shadow stack mmu index = 0b1000. If shaodw stack access happening in supervisor mode mmu index = 0b1001. If shadow stack access happening in supervisor mode with SUM=1 then mmu index = 0b1010 Signed-off-by: Deepak Gupta --- target/riscv/cpu.h | 13 ++++++++++ target/riscv/cpu_helper.c | 3 +++ target/riscv/insn_trans/trans_rva.c.inc | 8 ++++++ target/riscv/insn_trans/trans_rvzicfiss.c.inc | 6 +++++ target/riscv/internals.h | 1 + target/riscv/translate.c | 25 +++++++++++++++++++ 6 files changed, 56 insertions(+) diff --git a/target/riscv/cpu.h b/target/riscv/cpu.h index 6da94c417c..3ad220a9fe 100644 --- a/target/riscv/cpu.h +++ b/target/riscv/cpu.h @@ -615,6 +615,19 @@ FIELD(TB_FLAGS, FCFI_ENABLED, 28, 1) FIELD(TB_FLAGS, FCFI_LP_EXPECTED, 29, 1) /* zicfiss needs a TB flag so that correct TB is located based on tb flags */ FIELD(TB_FLAGS, BCFI_ENABLED, 30, 1) +/* + * zicfiss shadow stack is special memory on which regular stores aren't + * allowed but shadow stack stores are allowed. Shadow stack stores can + * happen as `sspush` or `ssamoswap` instructions. `sspush` implicitly + * takes shadow stack address from CSR_SSP. But `ssamoswap` takes address + * from encoded input register and it will be used by supervisor software + * to access (read/write) user shadow stack for setting up rt_frame during + * signal delivery. Supervisor software will do so by setting SUM=1. Thus + * a TB flag is needed if SUM was 1 during TB generation to correctly + * reflect memory permissions to access shadow stack user memory from + * supervisor mode. + */ +FIELD(TB_FLAGS, SUM, 31, 1) #ifdef TARGET_RISCV32 #define riscv_cpu_mxl(env) ((void)(env), MXL_RV32) diff --git a/target/riscv/cpu_helper.c b/target/riscv/cpu_helper.c index 5d5da8dce1..ad40b10e74 100644 --- a/target/riscv/cpu_helper.c +++ b/target/riscv/cpu_helper.c @@ -181,6 +181,9 @@ void cpu_get_tb_cpu_state(CPURISCVState *env, vaddr *pc, fs = EXT_STATUS_DIRTY; vs = EXT_STATUS_DIRTY; #else + flags = FIELD_DP32(flags, TB_FLAGS, SUM, + ((env->mstatus & MSTATUS_SUM) == MSTATUS_SUM)); + flags = FIELD_DP32(flags, TB_FLAGS, PRIV, env->priv); flags |= riscv_env_mmu_index(env, 0); diff --git a/target/riscv/insn_trans/trans_rva.c.inc b/target/riscv/insn_trans/trans_rva.c.inc index db6c03f6a8..68b71339a3 100644 --- a/target/riscv/insn_trans/trans_rva.c.inc +++ b/target/riscv/insn_trans/trans_rva.c.inc @@ -132,6 +132,10 @@ static bool trans_ssamoswap_w(DisasContext *ctx, arg_amoswap_w *a) decode_save_opc(ctx); src1 = get_address(ctx, a->rs1, 0); +#ifndef CONFIG_USER_ONLY + /* Shadow stack access and thus index is SS TLB index */ + ss_mmu_idx = get_ss_index(ctx); +#endif tcg_gen_atomic_xchg_tl(dest, src1, src2, ss_mmu_idx, (MO_ALIGN | MO_TESL)); gen_set_gpr(ctx, a->rd, dest); @@ -224,6 +228,10 @@ static bool trans_ssamoswap_d(DisasContext *ctx, arg_amoswap_w *a) decode_save_opc(ctx); src1 = get_address(ctx, a->rs1, 0); +#ifndef CONFIG_USER_ONLY + /* Shadow stack access and thus index is SS TLB index */ + ss_mmu_idx = get_ss_index(ctx); +#endif tcg_gen_atomic_xchg_tl(dest, src1, src2, ss_mmu_idx, (MO_ALIGN | MO_TESQ)); gen_set_gpr(ctx, a->rd, dest); diff --git a/target/riscv/insn_trans/trans_rvzicfiss.c.inc b/target/riscv/insn_trans/trans_rvzicfiss.c.inc index c538b7ad99..4e741c061d 100644 --- a/target/riscv/insn_trans/trans_rvzicfiss.c.inc +++ b/target/riscv/insn_trans/trans_rvzicfiss.c.inc @@ -70,6 +70,9 @@ static bool trans_sspopchk(DisasContext *ctx, arg_sspopchk *a) TCGv_i32 ssp_csr = tcg_constant_i32(CSR_SSP); TCGv data = tcg_temp_new(); gen_helper_csrr(addr, tcg_env, ssp_csr); +#ifndef CONFIG_USER_ONLY + ss_mmu_idx = get_ss_index(ctx); +#endif tcg_gen_qemu_ld_tl(data, addr, ss_mmu_idx, mxl_memop(ctx) | MO_ALIGN); @@ -118,6 +121,9 @@ static bool trans_sspush(DisasContext *ctx, arg_sspush *a) TCGv_i32 ssp_csr = tcg_constant_i32(CSR_SSP); TCGv data = get_gpr(ctx, a->rs2, EXT_NONE); gen_helper_csrr(addr, tcg_env, ssp_csr); +#ifndef CONFIG_USER_ONLY + ss_mmu_idx = get_ss_index(ctx); +#endif tcg_gen_addi_tl(addr, addr, tmp); diff --git a/target/riscv/internals.h b/target/riscv/internals.h index dad0657c80..5147d6bf90 100644 --- a/target/riscv/internals.h +++ b/target/riscv/internals.h @@ -32,6 +32,7 @@ * - S+SUM+2STAGE 0b110 * - Shadow stack+U 0b1000 * - Shadow stack+S 0b1001 + * - Shadow stack+SUM 0b1010 */ #define MMUIdx_U 0 #define MMUIdx_S 1 diff --git a/target/riscv/translate.c b/target/riscv/translate.c index de375c32a1..4772191bd8 100644 --- a/target/riscv/translate.c +++ b/target/riscv/translate.c @@ -122,6 +122,8 @@ typedef struct DisasContext { bool fcfi_lp_expected; /* zicfiss extension, if shadow stack was enabled during TB gen */ bool bcfi_enabled; + /* SUM was on during tb translation? */ + bool sum; } DisasContext; static inline bool has_ext(DisasContext *ctx, uint32_t ext) @@ -1127,6 +1129,29 @@ static uint32_t opcode_at(DisasContextBase *dcbase, target_ulong pc) return translator_ldl(env, &ctx->base, pc); } +#ifndef CONFIG_USER_ONLY +static unsigned int get_ss_index(DisasContext *ctx) +{ + int ss_mmu_idx = MMU_IDX_SS_ACCESS; + + /* + * If priv mode is S then a separate index for supervisor + * shadow stack accesses + */ + if (ctx->priv == PRV_S) { + ss_mmu_idx |= MMUIdx_S; + } + + /* If SUM was set, SS index should have S cleared */ + if (ctx->sum) { + ss_mmu_idx &= ~(MMUIdx_S); + ss_mmu_idx |= MMUIdx_S_SUM; + } + + return ss_mmu_idx; +} +#endif + /* Include insn module translation function */ #include "insn_trans/trans_rvi.c.inc" #include "insn_trans/trans_rvm.c.inc" From patchwork Wed Aug 7 00:06:47 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Deepak Gupta X-Patchwork-Id: 13755529 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 05F6AC52D6F for ; Wed, 7 Aug 2024 00:11:18 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1sbUE1-0007G7-TW; Tue, 06 Aug 2024 20:08:21 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sbUD2-0002x9-RC for qemu-devel@nongnu.org; Tue, 06 Aug 2024 20:07:21 -0400 Received: from mail-pl1-x636.google.com ([2607:f8b0:4864:20::636]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1sbUCz-0001DP-4k for qemu-devel@nongnu.org; Tue, 06 Aug 2024 20:07:20 -0400 Received: by mail-pl1-x636.google.com with SMTP id d9443c01a7336-1fec34f94abso11913145ad.2 for ; Tue, 06 Aug 2024 17:07:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rivosinc-com.20230601.gappssmtp.com; s=20230601; t=1722989236; x=1723594036; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=bfd/g3qnKmKlalH95hAzpJLDLKpqsukOO1ZJ1hRrjxo=; b=Fvz8VuSViBTYj2NPA/snQ1CePrIpJyIPDD6UIfxcpUibRTCC8SD3z+GFD0JyZswRT6 URPYhjIQxYy3jSu/Y0wNQXYezOnuZDuKZgrj0lQNNPs0vIhW5iy5BD9n3boCsMIycOGz AJBWP/Ro02oa/tEEu5OBgeOO0+HiCa/SeDuJvgPxvDFZQVZqEf974cnuYKsJOmkU+Z94 36s+Tv9XTTHSjHDUlnoPffYJcwRVSk8qOYRp9WpeZ/GPHDSU0qSvV3pvXomfkcS24yKZ ydoyXIKDf9zhODCTxXKAWQlN2tCplB90JJb6tgKGUIJ9PdTyZJft8g3HDR1fXdz3qMOL P1JQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1722989236; x=1723594036; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=bfd/g3qnKmKlalH95hAzpJLDLKpqsukOO1ZJ1hRrjxo=; b=AcBZYwBM8CfK8S1fPaKXGGaPp2LMkd7VVcJACasLn1zFjhXo7R941BCfodOS7qbeGW 6HG++NW5M4t90dSec5JbHRDjuYMqby3jijzM9TFLmJHfLu/TB5afD7GIzRP2WH14+hs1 0kHE6/d2iGxZeAQBPrpqEm2QR+PurkqHbVA7vpH3ikHclUr2hI2X/z+BtpW+3AoYEslH EAXTf6eBkVucJgKFvcBKDsBig4sggx4MyczMBBN4rEN9CLzEwnCteR5lqHg6j29eMKZj ouAE6XL+GJGCWTRDK0RWj9Ww/8RyQWIS5blw1vp2U5VUs6s6x3huX50cH0ZwQnnUTHKH pn3A== X-Gm-Message-State: AOJu0Yy1E+FVJxC4r9NCmK4wBLy2+3zpyo8ZAEUemBy4wnzT4GVBNLwN WHTFNfdcZnHzL8OC5F6mywcN9Jf5xNu9TMLLe1at1PNwjBzCgkZV4egBdT84rY0yOrBb/3kFK7N k X-Google-Smtp-Source: AGHT+IHvQtwhYrt5pVXwKp3c2lKdaGUTW8QdDSecmHAFvamcIkeADsy+nOoZmfUcuDYDWqWkCdUiGw== X-Received: by 2002:a17:903:24c:b0:1fb:35c7:8eb2 with SMTP id d9443c01a7336-1ff5747ef12mr149537665ad.55.1722989235556; Tue, 06 Aug 2024 17:07:15 -0700 (PDT) Received: from debug.ba.rivosinc.com ([64.71.180.162]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-1ff58f59cc2sm93381845ad.92.2024.08.06.17.07.14 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 06 Aug 2024 17:07:15 -0700 (PDT) From: Deepak Gupta To: qemu-devel@nongnu.org, qemu-riscv@nongnu.org Cc: richard.henderson@linaro.org, pbonzini@redhat.com, palmer@dabbelt.com, Alistair.Francis@wdc.com, laurent@vivier.eu, bmeng.cn@gmail.com, liwei1518@gmail.com, dbarboza@ventanamicro.com, zhiwei_liu@linux.alibaba.com, Deepak Gupta Subject: [PATCH v3 16/20] disas/riscv: enable disassembly for zicfiss instructions Date: Tue, 6 Aug 2024 17:06:47 -0700 Message-ID: <20240807000652.1417776-17-debug@rivosinc.com> X-Mailer: git-send-email 2.45.0 In-Reply-To: <20240807000652.1417776-1-debug@rivosinc.com> References: <20240807000652.1417776-1-debug@rivosinc.com> MIME-Version: 1.0 Received-SPF: pass client-ip=2607:f8b0:4864:20::636; envelope-from=debug@rivosinc.com; helo=mail-pl1-x636.google.com X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Enable disassembly for sspush, sspopchk, ssrdp & ssamoswap. Disasembly is only enabled if zimop and zicfiss ext is set to true. Signed-off-by: Deepak Gupta --- disas/riscv.c | 34 ++++++++++++++++++++++++++++++++++ disas/riscv.h | 1 + 2 files changed, 35 insertions(+) diff --git a/disas/riscv.c b/disas/riscv.c index c7c92acef7..c4e47fbc78 100644 --- a/disas/riscv.c +++ b/disas/riscv.c @@ -975,6 +975,11 @@ typedef enum { rv_op_amocas_b = 944, rv_op_amocas_h = 945, rv_op_lpad = 946, + rv_op_sspush = 947, + rv_op_sspopchk = 948, + rv_op_ssrdp = 949, + rv_op_ssamoswap_w = 950, + rv_op_ssamoswap_d = 951, } rv_op; /* register names */ @@ -2234,6 +2239,11 @@ const rv_opcode_data rvi_opcode_data[] = { { "amocas.b", rv_codec_r_a, rv_fmt_aqrl_rd_rs2_rs1, NULL, 0, 0, 0 }, { "amocas.h", rv_codec_r_a, rv_fmt_aqrl_rd_rs2_rs1, NULL, 0, 0, 0 }, { "lpad", rv_codec_lp, rv_fmt_imm, NULL, 0, 0, 0 }, + { "sspush", rv_codec_r, rv_fmt_rs2, NULL, 0, 0, 0 }, + { "sspopchk", rv_codec_r, rv_fmt_rs1, NULL, 0, 0, 0 }, + { "ssrdp", rv_codec_r, rv_fmt_rd, NULL, 0, 0, 0 }, + { "ssamoswap.w", rv_codec_r_a, rv_fmt_aqrl_rd_rs2_rs1, NULL, 0, 0, 0 }, + { "ssamoswap.d", rv_codec_r_a, rv_fmt_aqrl_rd_rs2_rs1, NULL, 0, 0, 0 }, }; /* CSR names */ @@ -2251,6 +2261,7 @@ static const char *csr_name(int csrno) case 0x0009: return "vxsat"; case 0x000a: return "vxrm"; case 0x000f: return "vcsr"; + case 0x0011: return "ssp"; case 0x0015: return "seed"; case 0x0017: return "jvt"; case 0x0040: return "uscratch"; @@ -3077,6 +3088,8 @@ static void decode_inst_opcode(rv_decode *dec, rv_isa isa) case 66: op = rv_op_amoor_w; break; case 67: op = rv_op_amoor_d; break; case 68: op = rv_op_amoor_q; break; + case 74: op = rv_op_ssamoswap_w; break; + case 75: op = rv_op_ssamoswap_d; break; case 96: op = rv_op_amoand_b; break; case 97: op = rv_op_amoand_h; break; case 98: op = rv_op_amoand_w; break; @@ -4036,11 +4049,32 @@ static void decode_inst_opcode(rv_decode *dec, rv_isa isa) extract32(inst, 26, 2)), 4, 1, extract32(inst, 30, 1)); op = rv_mop_r_0 + imm_mop5; + /* if zicfiss enabled and mop5 is shadow stack */ + if (dec->cfg->ext_zicfiss && + ((imm_mop5 & 0b11100) == 0b11100)) { + /* rs1=0 means ssrdp */ + if ((inst & (0b011111 << 15)) == 0) { + op = rv_op_ssrdp; + } + /* rd=0 means sspopchk */ + if ((inst & (0b011111 << 7)) == 0) { + op = rv_op_sspopchk; + } + } } else if ((extract32(inst, 25, 7) & 0b1011001) == 0b1000001) { imm_mop3 = deposit32(extract32(inst, 26, 2), 2, 1, extract32(inst, 30, 1)); op = rv_mop_rr_0 + imm_mop3; + /* if zicfiss enabled and mop3 is shadow stack */ + if (dec->cfg->ext_zicfiss && + ((imm_mop3 & 0b111) == 0b111)) { + /* rs1=0 and rd=0 means sspush */ + if (((inst & (0b011111 << 15)) == 0) && + ((inst & (0b011111 << 7)) == 0)) { + op = rv_op_sspush; + } + } } } break; diff --git a/disas/riscv.h b/disas/riscv.h index 1182457aff..4895c5a301 100644 --- a/disas/riscv.h +++ b/disas/riscv.h @@ -224,6 +224,7 @@ enum { #define rv_fmt_none "O\t" #define rv_fmt_rs1 "O\t1" +#define rv_fmt_rs2 "O\t2" #define rv_fmt_offset "O\to" #define rv_fmt_pred_succ "O\tp,s" #define rv_fmt_rs1_rs2 "O\t1,2" From patchwork Wed Aug 7 00:06:48 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Deepak Gupta X-Patchwork-Id: 13755525 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 1E708C49EA1 for ; Wed, 7 Aug 2024 00:09:23 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1sbUDv-0006PO-MF; Tue, 06 Aug 2024 20:08:15 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sbUD4-000318-3i for qemu-devel@nongnu.org; Tue, 06 Aug 2024 20:07:23 -0400 Received: from mail-pl1-x635.google.com ([2607:f8b0:4864:20::635]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1sbUD1-0001Di-UB for qemu-devel@nongnu.org; Tue, 06 Aug 2024 20:07:21 -0400 Received: by mail-pl1-x635.google.com with SMTP id d9443c01a7336-1fd65aaac27so2549845ad.1 for ; Tue, 06 Aug 2024 17:07:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rivosinc-com.20230601.gappssmtp.com; s=20230601; t=1722989237; x=1723594037; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=GwN8KazdAM6rfbJ9pEQTaPAvCowqMjvonYMvwP9Ekyo=; b=2j8NvLMULqw5q8Q7OY7Rw4hJDNmAbCgjgiIS+U3HTXylfsby4yueeV5sHYSz9XYMM3 oAde0wapR/JUI9tY6jraf4jPdZIdu+vT0i6XtzL4MVkbwT9VHe5/i3X1RnQdZpe9iFK3 0BwhYMcFYujWazY6w1b7wiLqzERg73eaLxgjJMAqQH3p/QgEXOEzZqOPPTAp5N/pKoRM UlnHLv03PtGQlF0cGukZJaNdiJY5qO9xI5zzAX4kcWGwztkBFAjGhIGh40MQEarzRi8e 04nsOTiSPTLfT2PdNWHod2v1g0Iqz/VxXNVbDrFNkBWxpWBTU4EBqY9JPQxmY/6qAN/Z 6JGw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1722989237; x=1723594037; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=GwN8KazdAM6rfbJ9pEQTaPAvCowqMjvonYMvwP9Ekyo=; b=rLTvNhNx4A3BlzQLx9lb5E1Wfzovzg/QsBtq+kcKV+9ABni/MLt7UfU4w7MoKzuWl/ MB4eiB50of0SfLSgQ6E7Jkj9HQWf6wEulLf5ehuGP/LqwH+p1dJ9aHNjQrrNc0P7lvK+ XMpQ1riilUrDsN93n7Mk0oog/Atk/3hhg9KnuDJkAgHTFGxslvIV8qH6Q6x6qG6pTBly TCFkLKmdX5phS/iRj/NAMFloAa449XHQvXzfn3MTJO+BNZHYZ7b2+krL8cOF57gt0LhW U/yQtBeNQNspx5DYYTIwy9R0jICyqcDb66aQzGWUviv18U15716Jfcfk7ucsOpHWY1V2 lXjA== X-Gm-Message-State: AOJu0YwVGwoTBhD4tud2kMf6FfpHOT4OprNQ6Y5lBx/TdqklAzdMOJgW hEDxBkRlZo+9O4matTYcVh6N7cyIyzEvJJjn4njY8/akRalBS1VAWCYMQtyyIj53n51AYwKzF6n M X-Google-Smtp-Source: AGHT+IGfBB4v+fK01rlL7ecgK+RmhwuDdijWpxUVHkoxN47eKHtQO0WxVZ1DQTfcJeA81ccCC0KcTg== X-Received: by 2002:a17:902:dacb:b0:1fd:6ca4:f987 with SMTP id d9443c01a7336-20085497979mr7082455ad.15.1722989236812; Tue, 06 Aug 2024 17:07:16 -0700 (PDT) Received: from debug.ba.rivosinc.com ([64.71.180.162]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-1ff58f59cc2sm93381845ad.92.2024.08.06.17.07.15 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 06 Aug 2024 17:07:16 -0700 (PDT) From: Deepak Gupta To: qemu-devel@nongnu.org, qemu-riscv@nongnu.org Cc: richard.henderson@linaro.org, pbonzini@redhat.com, palmer@dabbelt.com, Alistair.Francis@wdc.com, laurent@vivier.eu, bmeng.cn@gmail.com, liwei1518@gmail.com, dbarboza@ventanamicro.com, zhiwei_liu@linux.alibaba.com, Deepak Gupta Subject: [PATCH v3 17/20] disas/riscv: enable disassembly for compressed sspush/sspopchk Date: Tue, 6 Aug 2024 17:06:48 -0700 Message-ID: <20240807000652.1417776-18-debug@rivosinc.com> X-Mailer: git-send-email 2.45.0 In-Reply-To: <20240807000652.1417776-1-debug@rivosinc.com> References: <20240807000652.1417776-1-debug@rivosinc.com> MIME-Version: 1.0 Received-SPF: pass client-ip=2607:f8b0:4864:20::635; envelope-from=debug@rivosinc.com; helo=mail-pl1-x635.google.com X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org sspush and sspopchk have equivalent compressed encoding taken from zcmop. cmop.1 is sspush x1 while cmop.5 is sspopchk x5. Due to unusual encoding for both rs1 and rs2 from space bitfield, this required a new codec. Signed-off-by: Deepak Gupta --- disas/riscv.c | 19 ++++++++++++++++++- disas/riscv.h | 1 + 2 files changed, 19 insertions(+), 1 deletion(-) diff --git a/disas/riscv.c b/disas/riscv.c index c4e47fbc78..82175e75ee 100644 --- a/disas/riscv.c +++ b/disas/riscv.c @@ -980,6 +980,8 @@ typedef enum { rv_op_ssrdp = 949, rv_op_ssamoswap_w = 950, rv_op_ssamoswap_d = 951, + rv_op_c_sspush = 952, + rv_op_c_sspopchk = 953, } rv_op; /* register names */ @@ -2244,6 +2246,10 @@ const rv_opcode_data rvi_opcode_data[] = { { "ssrdp", rv_codec_r, rv_fmt_rd, NULL, 0, 0, 0 }, { "ssamoswap.w", rv_codec_r_a, rv_fmt_aqrl_rd_rs2_rs1, NULL, 0, 0, 0 }, { "ssamoswap.d", rv_codec_r_a, rv_fmt_aqrl_rd_rs2_rs1, NULL, 0, 0, 0 }, + { "c.sspush", rv_codec_cmop_ss, rv_fmt_rs2, NULL, rv_op_sspush, + rv_op_sspush, 0 }, + { "c.sspopchk", rv_codec_cmop_ss, rv_fmt_rs1, NULL, rv_op_sspopchk, + rv_op_sspopchk, 0 }, }; /* CSR names */ @@ -2604,7 +2610,13 @@ static void decode_inst_opcode(rv_decode *dec, rv_isa isa) if (dec->cfg->ext_zcmop) { if ((((inst >> 2) & 0b111111) == 0b100000) && (((inst >> 11) & 0b11) == 0b0)) { - op = rv_c_mop_1 + ((inst >> 8) & 0b111); + unsigned int cmop_code = 0; + cmop_code = ((inst >> 8) & 0b111); + op = rv_c_mop_1 + cmop_code; + if (dec->cfg->ext_zicfiss) { + op = (cmop_code == 0) ? rv_op_c_sspush : op; + op = (cmop_code == 2) ? rv_op_c_sspopchk : op; + } break; } } @@ -4919,6 +4931,11 @@ static void decode_inst_operands(rv_decode *dec, rv_isa isa) case rv_codec_lp: dec->imm = operand_lpl(inst); break; + case rv_codec_cmop_ss: + dec->rd = rv_ireg_zero; + dec->rs1 = dec->rs2 = operand_crs1(inst); + dec->imm = 0; + break; }; } diff --git a/disas/riscv.h b/disas/riscv.h index 4895c5a301..6a3b371cd3 100644 --- a/disas/riscv.h +++ b/disas/riscv.h @@ -167,6 +167,7 @@ typedef enum { rv_codec_r2_imm2_imm5, rv_codec_fli, rv_codec_lp, + rv_codec_cmop_ss, } rv_codec; /* structures */ From patchwork Wed Aug 7 00:06:49 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Deepak Gupta X-Patchwork-Id: 13755521 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 0372CC52D6F for ; Wed, 7 Aug 2024 00:08:54 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1sbUDr-00061c-AZ; Tue, 06 Aug 2024 20:08:11 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sbUD4-00034D-U6 for qemu-devel@nongnu.org; Tue, 06 Aug 2024 20:07:23 -0400 Received: from mail-pl1-x636.google.com ([2607:f8b0:4864:20::636]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1sbUD2-0001E4-78 for qemu-devel@nongnu.org; Tue, 06 Aug 2024 20:07:22 -0400 Received: by mail-pl1-x636.google.com with SMTP id d9443c01a7336-1fd70ba6a15so9813645ad.0 for ; Tue, 06 Aug 2024 17:07:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rivosinc-com.20230601.gappssmtp.com; s=20230601; t=1722989238; x=1723594038; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=mYHDnUNnbJTzV9a+g8+1jTXRfBSkNkA2a9DPEiZa4l8=; b=kyXR898oyKmmNq4vdJI+bXUTRW027BTwAL3pLVUnTh74J5Lmgdb1HqSDbp5/QfDP/A GJ35IGFOqqZWpEios+HrYWr5LXXxbdfbXmV7LlaX49bCw19a8Dr9xyzbyUhvDj5VZL6x npayRBfz2OmdevxnWQZYemMDNPaUrSkVXvR2huR80lN9tQlmwZP+CLVYwVskHeA5mZqr zjFgeTue64SZDyvHa1ZczXzwF5062n5KY3M8aOexHsY7+IfWiOPaip39FyJPcTnyIKZp Eoj8gA+sz70oV86YPHCG36xRzNUU7nyFaRYJFfFT8ivqaLlWFRRrut7iaqQ8sS/h95qs y35w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1722989238; x=1723594038; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=mYHDnUNnbJTzV9a+g8+1jTXRfBSkNkA2a9DPEiZa4l8=; b=FZ5yuiChVDxdc0WSdhUy/OXunkHhUV3QtKfD0CcMJEmuEfGq/CqCjk6Q25OhT8e3Kf TLjWhsLq0xYFiuZ+4L35PG0sQh8Anzd4V5GhNIadWaPx4BKPVuNlgHd/5gyW4gmX8ppv iNs0Zynd7exEiqmwA0m3UawfARdmyng65e1FYhFcUuY0ZSKnH+A37cofgMKMew8AiDzs sXnpFvsaegiIuVg8k6OsOAx9s5Yf1KFz/r9CZxLc0WAT1xfrH94/wskOOiUYPJFmY148 Av5sjrWSzQUDepdcPngA0+aGv5U6pT/RVNodk7FsPd+uThD2ayUpJM9VOvysIuN8SwYO SdPQ== X-Gm-Message-State: AOJu0YzC6RmlZt6UEWNfs7wD+MC63C78Qiv4En3HK+WdqEy1lKXnQa4l GIY72CFytrGWQ2Wj3gHJTI7UtUR/kw5GLSe9u3g7N71Lx5csh0pN21aAo3qQK+EjfmkVNR1Y2Z9 6 X-Google-Smtp-Source: AGHT+IEqthdI+Eq3pPMKgMUi6SfFOl4/6mQZo8YG9y7QrUGeC16S6mO0IhSLCaJ9r2JU/vjrpWNAuA== X-Received: by 2002:a17:902:e548:b0:1fe:d705:e963 with SMTP id d9443c01a7336-1ff574b71a3mr189017775ad.61.1722989238253; Tue, 06 Aug 2024 17:07:18 -0700 (PDT) Received: from debug.ba.rivosinc.com ([64.71.180.162]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-1ff58f59cc2sm93381845ad.92.2024.08.06.17.07.17 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 06 Aug 2024 17:07:17 -0700 (PDT) From: Deepak Gupta To: qemu-devel@nongnu.org, qemu-riscv@nongnu.org Cc: richard.henderson@linaro.org, pbonzini@redhat.com, palmer@dabbelt.com, Alistair.Francis@wdc.com, laurent@vivier.eu, bmeng.cn@gmail.com, liwei1518@gmail.com, dbarboza@ventanamicro.com, zhiwei_liu@linux.alibaba.com, Deepak Gupta , Jim Shu Subject: [PATCH v3 18/20] target/riscv: add trace-hooks for each case of sw-check exception Date: Tue, 6 Aug 2024 17:06:49 -0700 Message-ID: <20240807000652.1417776-19-debug@rivosinc.com> X-Mailer: git-send-email 2.45.0 In-Reply-To: <20240807000652.1417776-1-debug@rivosinc.com> References: <20240807000652.1417776-1-debug@rivosinc.com> MIME-Version: 1.0 Received-SPF: pass client-ip=2607:f8b0:4864:20::636; envelope-from=debug@rivosinc.com; helo=mail-pl1-x636.google.com X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=unavailable autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Violations to control flow rules setup by zicfilp and zicfiss lead to software check exceptions. To debug and fix such sw check issues in guest , add trace-hooks for each case. Signed-off-by: Jim Shu Signed-off-by: Deepak Gupta --- target/riscv/insn_trans/trans_rvi.c.inc | 6 ++++-- target/riscv/op_helper.c | 24 ++++++++++++++++++++++++ target/riscv/trace-events | 6 ++++++ target/riscv/translate.c | 2 +- 4 files changed, 35 insertions(+), 3 deletions(-) diff --git a/target/riscv/insn_trans/trans_rvi.c.inc b/target/riscv/insn_trans/trans_rvi.c.inc index cbd7d5c395..0f5d5def60 100644 --- a/target/riscv/insn_trans/trans_rvi.c.inc +++ b/target/riscv/insn_trans/trans_rvi.c.inc @@ -65,7 +65,8 @@ static bool trans_lpad(DisasContext *ctx, arg_lpad *a) */ gen_helper_raise_sw_check_excep(tcg_env, tcg_constant_tl(RISCV_EXCP_SW_CHECK_FCFI_TVAL), - tcg_constant_tl(MISALIGNED_LPAD), tcg_constant_tl(0)); + tcg_constant_tl(MISALIGNED_LPAD), + tcg_constant_tl(ctx->base.pc_next)); return true; } } @@ -81,7 +82,8 @@ static bool trans_lpad(DisasContext *ctx, arg_lpad *a) tcg_gen_brcondi_tl(TCG_COND_EQ, tmp, a->imm_cfi20, skip); gen_helper_raise_sw_check_excep(tcg_env, tcg_constant_tl(RISCV_EXCP_SW_CHECK_FCFI_TVAL), - tcg_constant_tl(LABEL_MISMATCH_LPAD), tcg_constant_tl(0)); + tcg_constant_tl(LABEL_MISMATCH_LPAD), + tcg_constant_tl(a->imm_cfi20)); gen_set_label(skip); } diff --git a/target/riscv/op_helper.c b/target/riscv/op_helper.c index 3b47fb34ea..07990e6589 100644 --- a/target/riscv/op_helper.c +++ b/target/riscv/op_helper.c @@ -24,6 +24,7 @@ #include "exec/exec-all.h" #include "exec/cpu_ldst.h" #include "exec/helper-proto.h" +#include "trace.h" /* Exceptions processing helpers */ G_NORETURN void riscv_raise_exception(CPURISCVState *env, @@ -262,6 +263,29 @@ void helper_cbo_inval(CPURISCVState *env, target_ulong address) void helper_raise_sw_check_excep(CPURISCVState *env, target_ulong swcheck_code, target_ulong arg1, target_ulong arg2) { + switch (swcheck_code) { + case RISCV_EXCP_SW_CHECK_FCFI_TVAL: + switch (arg1) { + case MISSING_LPAD: + trace_zicfilp_missing_lpad_instr(arg2); + break; + case MISALIGNED_LPAD: + trace_zicfilp_unaligned_lpad_instr(arg2); + break; + case LABEL_MISMATCH_LPAD: + trace_zicfilp_lpad_reg_mismatch(arg2); + break; + } + break; + case RISCV_EXCP_SW_CHECK_BCFI_TVAL: + trace_zicfiss_sspopchk_reg_mismatch(arg1, arg2); + break; + default: + /* any other value of swcheck_code is asserted */ + assert(swcheck_code || (swcheck_code == 0)); + break; + } + env->sw_check_code = swcheck_code; riscv_raise_exception(env, RISCV_EXCP_SW_CHECK, GETPC()); } diff --git a/target/riscv/trace-events b/target/riscv/trace-events index 49ec4d3b7d..0e8807f0d4 100644 --- a/target/riscv/trace-events +++ b/target/riscv/trace-events @@ -9,3 +9,9 @@ pmpaddr_csr_write(uint64_t mhartid, uint32_t addr_index, uint64_t val) "hart %" mseccfg_csr_read(uint64_t mhartid, uint64_t val) "hart %" PRIu64 ": read mseccfg, val: 0x%" PRIx64 mseccfg_csr_write(uint64_t mhartid, uint64_t val) "hart %" PRIu64 ": write mseccfg, val: 0x%" PRIx64 + +# zicfiss/lp +zicfiss_sspopchk_reg_mismatch(uint64_t ssra, uint64_t rs1) "shadow_stack_ra: 0x%" PRIx64 ", rs1: 0x%" PRIx64 +zicfilp_missing_lpad_instr(uint64_t pc_first) "pc_first: 0x%" PRIx64 +zicfilp_unaligned_lpad_instr(uint64_t pc_next) "pc_next: 0x%" PRIx64 +zicfilp_lpad_reg_mismatch(int lpad_label) "lpad_label: 0x%x" diff --git a/target/riscv/translate.c b/target/riscv/translate.c index 4772191bd8..9ef1f220e0 100644 --- a/target/riscv/translate.c +++ b/target/riscv/translate.c @@ -1302,7 +1302,7 @@ static void riscv_tr_tb_start(DisasContextBase *db, CPUState *cpu) tcg_gen_brcondi_i32(TCG_COND_EQ, immediate, 0, l); gen_helper_raise_sw_check_excep(tcg_env, tcg_constant_tl(RISCV_EXCP_SW_CHECK_FCFI_TVAL), - tcg_constant_tl(MISSING_LPAD), tcg_constant_tl(0)); + tcg_constant_tl(MISSING_LPAD), tcg_constant_tl(ctx->base.pc_first)); gen_set_label(l); /* * Despite the use of gen_exception_illegal(), the rest of From patchwork Wed Aug 7 00:06:50 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Deepak Gupta X-Patchwork-Id: 13755530 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 3E6CDC49EA1 for ; Wed, 7 Aug 2024 00:11:18 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1sbUEU-00012n-UP; Tue, 06 Aug 2024 20:08:52 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sbUD5-00036B-G8 for qemu-devel@nongnu.org; Tue, 06 Aug 2024 20:07:25 -0400 Received: from mail-pl1-x62d.google.com ([2607:f8b0:4864:20::62d]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1sbUD2-0001EL-Tz for qemu-devel@nongnu.org; Tue, 06 Aug 2024 20:07:22 -0400 Received: by mail-pl1-x62d.google.com with SMTP id d9443c01a7336-1fc5549788eso11167785ad.1 for ; Tue, 06 Aug 2024 17:07:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rivosinc-com.20230601.gappssmtp.com; s=20230601; t=1722989239; x=1723594039; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=Pr/AcYF8z8+IP/7vhXiuKTgBOUJ+TMutbX74doKlSC0=; b=t8povXNxxyG6vQSKCoJtOFi3H6AjZOFSPfO7AG1zdSCdDDzfEgYd6OXcaxKCEQYCKx XlSd1GGt+J35GvsiY9uPlOU1b6a2GcVqKxZ1bDH5WvzurPmgUws6CJSFxr3tooFLUDtQ StAjJgaXxSGRJzNys8fVFQX3LlwPjFyopg5devztQbVw1iVsjtNeKNRSTz4gX+CwXJ+X lzzVUAqK1edKeDunM2aG7Izt8oSAfoRZ2IbZGJ+3Cn2EWG4/xnxx/pojUYbZ/XjrHmcW oKdVqeNgRkcuKumrbkb9ENaSobyKN5MS3yJcoS32+O9fz93qIayaSARCVjV/ri33GnLX //+g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1722989239; x=1723594039; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Pr/AcYF8z8+IP/7vhXiuKTgBOUJ+TMutbX74doKlSC0=; b=qUqrtkqVd6JHwkxD3gxRNGmkgC+OzXK8jU9QdfGQzD6Ais8NK5ebdel93V+jYcNOA7 bQAGP/5HExTD1g2VHf3sZMnhJFxjJn8KbyHKl4fdylQY0LfbaRKsZM7ywY0Umf8nWSmG Po6Dyw5Bf89m0q2JDxhUj21JGgj9bgsoPncZk1+CgmpM9tdKww0DtIKl6JNnLzt/yNuW 7UpCHHabz5LnsdwJY08Oj+Y+9rPQyH9tnG8Gf6QPmf+JEGoSBKbViAVLv+MUdOzizo7D Q8PiwZjGmSePzkqHEnS4vRpWRbRHljCJNGzCuo7H2055wFgBnRJLI8CtfHd8no/IW2N4 pMaA== X-Gm-Message-State: AOJu0Yy0hi6KtfbtWAp7pZ0A32wOmke2OY3hzSUNtLqz/vZur5QOVsX5 LW1pjKcXwg0REKUNhNvavZUGyv7+hMNda2ONdgdxwvWeoJxaoM4RX6nh5ySEMjsAjdVttZFzfjj d X-Google-Smtp-Source: AGHT+IES4JmpKsv7CeOiHWvTuaxsHYcYBmghN5pV14p1GedE4xwVJyXxHdpYjgalAn5YzxoVKD6PwA== X-Received: by 2002:a17:902:d4c3:b0:1fb:1497:c304 with SMTP id d9443c01a7336-1ff5710bf56mr262446935ad.0.1722989239403; Tue, 06 Aug 2024 17:07:19 -0700 (PDT) Received: from debug.ba.rivosinc.com ([64.71.180.162]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-1ff58f59cc2sm93381845ad.92.2024.08.06.17.07.18 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 06 Aug 2024 17:07:19 -0700 (PDT) From: Deepak Gupta To: qemu-devel@nongnu.org, qemu-riscv@nongnu.org Cc: richard.henderson@linaro.org, pbonzini@redhat.com, palmer@dabbelt.com, Alistair.Francis@wdc.com, laurent@vivier.eu, bmeng.cn@gmail.com, liwei1518@gmail.com, dbarboza@ventanamicro.com, zhiwei_liu@linux.alibaba.com, Deepak Gupta , Jim Shu Subject: [PATCH v3 19/20] linux-user: permit RISC-V CFI dynamic entry in VDSO Date: Tue, 6 Aug 2024 17:06:50 -0700 Message-ID: <20240807000652.1417776-20-debug@rivosinc.com> X-Mailer: git-send-email 2.45.0 In-Reply-To: <20240807000652.1417776-1-debug@rivosinc.com> References: <20240807000652.1417776-1-debug@rivosinc.com> MIME-Version: 1.0 Received-SPF: pass client-ip=2607:f8b0:4864:20::62d; envelope-from=debug@rivosinc.com; helo=mail-pl1-x62d.google.com X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=unavailable autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org RISC-V CFI use new processor-specific dynamic entry in ELF. Permit it in VDSO post-processing script. Signed-off-by: Jim Shu Signed-off-by: Deepak Gupta --- linux-user/gen-vdso-elfn.c.inc | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/linux-user/gen-vdso-elfn.c.inc b/linux-user/gen-vdso-elfn.c.inc index 95856eb839..59c818eb11 100644 --- a/linux-user/gen-vdso-elfn.c.inc +++ b/linux-user/gen-vdso-elfn.c.inc @@ -273,6 +273,13 @@ static void elfN(process)(FILE *outf, void *buf, bool need_bswap) errors++; break; + case PT_LOPROC + 2: + /* RISCV_ZICFILP_PLT: for RISC-V zicfilp extension */ + if (ehdr->e_machine == EM_RISCV) { + break; + } + goto do_default; + case PT_LOPROC + 3: if (ehdr->e_machine == EM_PPC64) { break; /* DT_PPC64_OPT: integer bitmask */ From patchwork Wed Aug 7 00:06:51 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Deepak Gupta X-Patchwork-Id: 13755532 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 79977C52D6F for ; Wed, 7 Aug 2024 00:11:33 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1sbUDM-00044l-6O; Tue, 06 Aug 2024 20:07:40 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sbUD7-00038w-BL for qemu-devel@nongnu.org; Tue, 06 Aug 2024 20:07:25 -0400 Received: from mail-pg1-x52c.google.com ([2607:f8b0:4864:20::52c]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1sbUD4-0001Ez-E3 for qemu-devel@nongnu.org; Tue, 06 Aug 2024 20:07:24 -0400 Received: by mail-pg1-x52c.google.com with SMTP id 41be03b00d2f7-7a1c7857a49so776193a12.1 for ; Tue, 06 Aug 2024 17:07:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rivosinc-com.20230601.gappssmtp.com; s=20230601; t=1722989241; x=1723594041; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=hLdx4AZXHbpEMxw/S18/9QimvuhK4hPq7UuREWO1i7w=; b=0Fjy3LDcX9/HQnLIsVjlkO7ozhaX6FmKNOSZW75wjprQVWBWEjKTC2jh7GYoeF2nG6 TApaJSHHhy+f4VpwXOgBiADEY91UMTmgn5aF3CTWSHBSzPlcdPhEyB6JQj5ix7pByI2/ FSaveWUGGY8DdDlhOrqfrQiyVnnBX938q+eEmCj1WKhbiNqfVrn9zL1h7rkYyFj5P1Eb A5YS2lnU90G/MktsWx4IqTbEx9pVY4Jw0iJ0GIfSy55TqJd5J/hVcbHgP++6nVhfSuqE 3sngSz1IyzDyoajVzn6ROjWXf3kR0TyhKUO5Gfgw59w1Fve6aQEgch8Dl+JNJTZ7Xo0D 0Vvg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1722989241; x=1723594041; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=hLdx4AZXHbpEMxw/S18/9QimvuhK4hPq7UuREWO1i7w=; b=d9U/Szl42LqKJwyaFVW8Ys3Nzk8QugwJ9JMnyioBvtdQooGwEPzE7Th0tGFNzovona PaujKJN0YW9tfz+7vFGVYp1TGyESw+tRZ9ppuUBha1iR2w6OJAcXdjS6OokWPX/yhN5E MsUY7OXL5Q3sUCwe3JvC/INScXeOZ6TaHcs9+Uq0XxTqujN7iOFotaA0kCZvnxLIbouk K00wn+V1K7RNFsvwyefkoHDHjX48T7NFY8g33ehQeT22cXJSUP1qOrFY/uqnvAQ6m6T0 fKq+RgE8a6JFJEjhQK/hPzRzYXnAwWJ6Tynsa6x1vvz/znaJxTBd9kQeVG5ZAXEVTiv1 EKdQ== X-Gm-Message-State: AOJu0YzA7xEI1AIizR3IOpVZ6X7woeb1BhkJVoyXd3Me25ufM8dH719I CnnlCpp7g1tHhrKDMmTNbpU3hC2IG24x9mxoT9G9jOkpPcVh0SZ/sjejnuuSdGcvBxl8eEKK3Dy v X-Google-Smtp-Source: AGHT+IFw4zhq05aKNE9fsrhMrSw2odke0WecEkDobQJ51ANGC7VcuTDFSUkPPihTHX/IqHVmV7ogWQ== X-Received: by 2002:a17:903:41d1:b0:1fb:3d7:1d01 with SMTP id d9443c01a7336-1ff574bc2d8mr147273275ad.59.1722989240513; Tue, 06 Aug 2024 17:07:20 -0700 (PDT) Received: from debug.ba.rivosinc.com ([64.71.180.162]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-1ff58f59cc2sm93381845ad.92.2024.08.06.17.07.19 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 06 Aug 2024 17:07:20 -0700 (PDT) From: Deepak Gupta To: qemu-devel@nongnu.org, qemu-riscv@nongnu.org Cc: richard.henderson@linaro.org, pbonzini@redhat.com, palmer@dabbelt.com, Alistair.Francis@wdc.com, laurent@vivier.eu, bmeng.cn@gmail.com, liwei1518@gmail.com, dbarboza@ventanamicro.com, zhiwei_liu@linux.alibaba.com, Deepak Gupta , Jim Shu Subject: [PATCH v3 20/20] linux-user: Add RISC-V zicfilp support in VDSO Date: Tue, 6 Aug 2024 17:06:51 -0700 Message-ID: <20240807000652.1417776-21-debug@rivosinc.com> X-Mailer: git-send-email 2.45.0 In-Reply-To: <20240807000652.1417776-1-debug@rivosinc.com> References: <20240807000652.1417776-1-debug@rivosinc.com> MIME-Version: 1.0 Received-SPF: pass client-ip=2607:f8b0:4864:20::52c; envelope-from=debug@rivosinc.com; helo=mail-pg1-x52c.google.com X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, LOTS_OF_MONEY=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=unavailable autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Add zicfilp support in VDSO. VDSO functions need lpad instruction so that userspace could call this function when landing pad extension is enabled. This solution only works when toolchain always use landing pad label 1. Otherwise, If extension is not enabled, lpad instructions will be lui instructions with rd=x0 (which is nop). Prebuilt VDSO is still compatible with RISC-V core w/o zicfilp extension. Signed-off-by: Jim Shu Signed-off-by: Deepak Gupta --- linux-user/riscv/vdso-64.so | Bin 3944 -> 4128 bytes linux-user/riscv/vdso.S | 50 ++++++++++++++++++++++++++++++++++++ 2 files changed, 50 insertions(+) diff --git a/linux-user/riscv/vdso-64.so b/linux-user/riscv/vdso-64.so index ae49f5b043b5941b9d304a056c2b50c185f413b0..cd7f2fa7bdb811af6be2dcc3fb9601b66e3d1c81 100755 GIT binary patch delta 1345 zcmah}O=uHA6rRa8*`3W#v-vSWgUvy(QL#}%mV&j76iPuQBHAj2(ng|zmM)E!P>`g> ziy+eQP!K%yD2kv2Jb7q5_;(V#2zrPIp$E0T*_|nLFFu%g^L_K)%k2BfxBcts zwSKzU%uIMvDl|QN=xp4}g4*$}@d(n<~qepB*LP!3)Siz)SSu5ui{`}Ri4l{qVG z<))V_rE;ZO#UoHP&Zd{==Wom%v$EK`eUMXAv;*hV1Wm$<8dtCYs1tO{Mm~~-=ZGxa zjpj-e9%`|fX?zbQKeuJaBedlj?wn7H+zXnl z+6N3On@wEY6ZY=Tcmf7X)L-B&?+M^(KWxa1Nj(DZ`~!MYOa>phK%U8T zbfFM1nH*fK8zMQjS!g4|p|!;V8Z`BtS@y!IU|yFKn)JeIFwbQ2i_i|5tR_lP0~#_7 pnM$drU_4|p`G+?Pw?igvKsz+7r*-ESGZggRJRA2r@IJ6$-#>;G!0Z43 delta 1236 zcmZux&1(};5TBP#+z*pYV+<*_)IAj1YN_?B+bY<^rnX2aRgfZHEGbA2QZyn~#MXa6 z69zo>Q1McbLL?%ocu2)V4jv*F!CQ|xnnMLet@AeXqAU))otfYJy|4M$HK*Q{?-jj; zzFD!24I_@VKv0a~RwP*{I_d3w;EB@E*7O6Uf;7sa>HGB{XUh-Cou=~6m1b2gB-#DFx9A!2 zLL__`q}b;tKwVy%#A+&d0)Qt2<9$E(n(OP#|HVGj;Vb(!Jnn^O9`m|=HV73ypSJ_~ z{6VtH|v2)99wz{?bNB7jqeM)ifG;D@Xo~6$*{frvJ5_f9#bOCr+W3+&Ha4qi9He z`aFGZFXXa!K@5`_!U4;{c`Jrnfi7ItJ4G3v>4^@ll@B7dM5F9h@S~p4LQq9vBn42^ z6PgYw(n%q6kkCx1d)fjA=g8j=lUShHyjQ?)jZ>c0vk;|y1vK_lb*f|98QH&Nc9x~NiEBHO^ znyS~TI1+KqRtw@1d8*G+xEXP+8h24Gh(97jmTIbc5YN~{ri!eCOSWrHa-1h|({^L3 qZWX$;ijJCP(|ap?q2JVD+=;fE1#ar668QsJ{