On Thu, Jun 5, 2025 at 7:21 AM Alexandre Ghiti wrote:
>
> The Svrsw60t59b extension allows to free the PTE reserved bits 60 and 59
> for software to use.
>
> Signed-off-by: Alexandre Ghiti
> ---
Reviewed-by: Deepak Gupta
On Fri, Mar 14, 2025 at 11:48:33AM +0100, Alexandre Ghiti wrote:
The Svrsw60b59b extension allows to free the PTE reserved bits 60 and 59
for software to use.
Apart from what you already caught.
Extension is dependnet on Sv39. So it should be validated somewhere.
Perhaps in `riscv_cpu_validate_
On Thu, Mar 6, 2025 at 6:05 PM Alistair Francis wrote:
>
> On Thu, Mar 6, 2025 at 4:47 PM Deepak Gupta wrote:
> >
> > Commit f06bfe3dc38c ("target/riscv: implement zicfiss instructions") adds
> > `ssamoswap` instruction. `ssamoswap` takes the code-point from e
ssp) CSR access contr" in the priv spec.
Fixes: 8205bc127a83 ("target/riscv: introduce ssp and enabling controls
for zicfiss". Thanks to Adam Zabrocki for bringing this to attention.
Reported-by: Adam Zabrocki
Signed-off-by: Deepak Gupta
Reviewed-by: Alistair Francis
---
target
ment zicfiss instructions")
Reported-by: Ved Shanbhogue
Signed-off-by: Deepak Gupta
---
target/riscv/insn_trans/trans_rvzicfiss.c.inc | 17 +
1 file changed, 17 insertions(+)
diff --git a/target/riscv/insn_trans/trans_rvzicfiss.c.inc
b/target/riscv/insn_trans/trans_rvzicfiss.c.in
On Thu, Mar 06, 2025 at 04:20:56PM +1000, Alistair Francis wrote:
On Thu, Mar 6, 2025 at 4:12 PM Deepak Gupta wrote:
On Thu, Mar 06, 2025 at 03:20:55PM +1000, Alistair Francis wrote:
>On Tue, Feb 18, 2025 at 12:56 PM Deepak Gupta wrote:
>>
>> Commit:8205bc1 ("target/risc
On Thu, Mar 06, 2025 at 04:22:52PM +1000, Alistair Francis wrote:
On Thu, Mar 6, 2025 at 4:13 PM Deepak Gupta wrote:
On Thu, Mar 06, 2025 at 03:29:00PM +1000, Alistair Francis wrote:
>On Tue, Feb 18, 2025 at 12:57 PM Deepak Gupta wrote:
>>
>> Commit f06bfe3dc38c ("tar
On Thu, Mar 06, 2025 at 03:29:00PM +1000, Alistair Francis wrote:
On Tue, Feb 18, 2025 at 12:57 PM Deepak Gupta wrote:
Commit f06bfe3dc38c ("target/riscv: implement zicfiss instructions") adds
`ssamoswap` instruction. `ssamoswap` takes the code-point from existing
reserved encoding
On Thu, Mar 06, 2025 at 03:20:55PM +1000, Alistair Francis wrote:
On Tue, Feb 18, 2025 at 12:56 PM Deepak Gupta wrote:
Commit:8205bc1 ("target/riscv: introduce ssp and enabling controls for
zicfiss") introduced CSR_SSP but it mis-interpreted the spec on access
to CSR_SSP in M-mode
er"
of `zicfiss` specification. Thanks to Adam Zabrocki for bringing this
to attention.
Fixes: 8205bc127a83 ("target/riscv: introduce ssp and enabling controls
for zicfiss"
Reported-by: Adam Zabrocki
Signed-off-by: Deepak Gupta
---
target/riscv/csr.c | 5 +
1 file changed, 5 inse
ion 2.7 of zicfiss specification).
This patch corrects that behavior for `ssamoswap`.
Fixes: f06bfe3dc38c ("target/riscv: implement zicfiss instructions")
Reported-by: Ved Shanbhogue
Signed-off-by: Deepak Gupta
---
target/riscv/insn_trans/trans_rvzicfiss.c.inc | 13 +++--
1 file ch
ff-by: Deepak Gupta
Suggested-by: Richard Henderson
Reviewed-by: Richard Henderson
---
target/riscv/cpu_helper.c | 64 ++-
target/riscv/internals.h | 3 ++
2 files changed, 53 insertions(+), 14 deletions(-)
diff --git a/target/riscv/cpu_helper.c b/target/
enabled or not.
Signed-off-by: Deepak Gupta
Co-developed-by: Jim Shu
Co-developed-by: Andy Chiu
Reviewed-by: Richard Henderson
Reviewed-by: Alistair Francis
---
target/riscv/cpu.h| 2 ++
target/riscv/cpu_helper.c | 4
target/riscv/translate.c | 3 +++
3 files changed, 9 insertions
stack atomically
sspopchk/sspush/ssrdp default to zimop if zimop implemented and SSE=0
If SSE=0, ssamoswap is illegal instruction exception.
This patch implements shadow stack operations for qemu-user and shadow
stack is not protected.
Signed-off-by: Deepak Gupta
Co-developed-by: Jim Shu
Co
need arises then `henvcfg` could be exposed as well.
Relevant discussion:
https://lore.kernel.org/all/cakmqykotvwpfep2mstqvdumjerkh+bqcckeq4hanydfpdwk...@mail.gmail.com/
Signed-off-by: Deepak Gupta
Suggested-by: Richard Henderson
Reviewed-by: Richard Henderson
Reviewed-by: Alistair Fr
: Deepak Gupta
Co-developed-by: Jim Shu
Co-developed-by: Andy Chiu
Reviewed-by: Alistair Francis
---
target/riscv/cpu.c | 1 +
target/riscv/cpu_cfg.h | 1 +
target/riscv/tcg/tcg-cpu.c | 5 +
3 files changed, 7 insertions(+)
diff --git a/target/riscv/cpu.c b/target/riscv/cpu.c
index
sspush/sspopchk have compressed encodings carved out of zcmops.
compressed sspush is designated as c.mop.1 while compressed sspopchk
is designated as c.mop.5.
Note that c.sspush x1 exists while c.sspush x5 doesn't. Similarly
c.sspopchk x5 exists while c.sspopchk x1 doesn't.
Signed-off-
Signed-off-by: Deepak Gupta
Reviewed-by: Alistair Francis
---
target/riscv/cpu.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/target/riscv/cpu.c b/target/riscv/cpu.c
index 05f727222e..135559fc95 100644
--- a/target/riscv/cpu.c
+++ b/target/riscv/cpu.c
@@ -1469,6 +1469,7 @@ const
sspush and sspopchk have equivalent compressed encoding taken from zcmop.
cmop.1 is sspush x1 while cmop.5 is sspopchk x5. Due to unusual encoding
for both rs1 and rs2 from space bitfield, this required a new codec.
Signed-off-by: Deepak Gupta
Acked-by: Alistair Francis
---
disas/riscv.c | 19
Enable disassembly for sspush, sspopchk, ssrdp & ssamoswap.
Disasembly is only enabled if zimop and zicfiss ext is set to true.
Signed-off-by: Deepak Gupta
Acked-by: Alistair Francis
---
disas/riscv.c | 40 +++-
disas/riscv.h | 1 +
2 files changed
Signed-off-by: Deepak Gupta
Co-developed-by: Jim Shu
Co-developed-by: Andy Chiu
Reviewed-by: Richard Henderson
Reviewed-by: Alistair Francis
---
disas/riscv.c | 18 +-
disas/riscv.h | 2 ++
2 files changed, 19 insertions(+), 1 deletion(-)
diff --git a/disas/riscv.c b/disas
zicfiss [1] riscv cpu extension enables backward control flow integrity.
This patch sets up space for zicfiss extension in cpuconfig. And imple-
ments dependency on A, zicsr, zimop and zcmop extensions.
[1] - https://github.com/riscv/riscv-cfi
Signed-off-by: Deepak Gupta
Co-developed-by: Jim
`lpad` gets
translated, fcfi_lp_expected flag in DisasContext can be cleared. Else
it'll fault.
Signed-off-by: Deepak Gupta
Co-developed-by: Jim Shu
Co-developed-by: Andy Chiu
Suggested-by: Richard Henderson
Reviewed-by: Richard Henderson
Reviewed-by: Alistair Francis
---
target/riscv/
te back
to NO_LP_EXPECTED. On reset, elp is set to NO_LP_EXPECTED.
zicfilp is enabled via bit2 in *envcfg CSRs. Enabling control for M-mode
is in mseccfg CSR at bit position 10.
On trap, elp state is saved away in *status.
Adds elp to the migration state as well.
Signed-off-by: Deepak Gupta
Co-developed-by: J
`lpad`. If they don't match, cpu raises a
sw check exception with tval = 2.
Signed-off-by: Deepak Gupta
Co-developed-by: Jim Shu
Co-developed-by: Andy Chiu
Reviewed-by: Richard Henderson
Reviewed-by: Alistair Francis
---
target/riscv/cpu_user.h | 1 +
target/riscv/i
This patch adds one more word for tcg compile which can be obtained during
unwind time to determine fault type for original operation (example AMO).
Depending on that, fault can be promoted to store/AMO fault.
Signed-off-by: Deepak Gupta
Suggested-by: Richard Henderson
Reviewed-by: Richard
/qemu/-/issues/594
Signed-off-by: Deepak Gupta
Reviewed-by: Richard Henderson
Reviewed-by: Alistair Francis
---
target/riscv/insn_trans/trans_privileged.c.inc | 8
target/riscv/insn_trans/trans_rva.c.inc| 4 ++--
target/riscv/insn_trans/trans_rvd.c.inc| 4
es assert condition in accel/tcg
v2:
- added missed file (in v1) for shadow stack instructions implementation.
Deepak Gupta (20):
target/riscv: expose *envcfg csr and priv to qemu-user as well
target/riscv: Add zicfilp extension
target/riscv: Introduce elp state and enabling controls fo
Signed-off-by: Deepak Gupta
Reviewed-by: Alistair Francis
---
target/riscv/cpu.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/target/riscv/cpu.c b/target/riscv/cpu.c
index ac5ad6fa9d..0751d08d85 100644
--- a/target/riscv/cpu.c
+++ b/target/riscv/cpu.c
@@ -1473,6 +1473,7 @@ const
on
*envcfg (for U, VU, S, VU, HS) or mseccfg csr (for M).
Signed-off-by: Deepak Gupta
Co-developed-by: Jim Shu
Co-developed-by: Andy Chiu
Reviewed-by: Richard Henderson
---
target/riscv/cpu.h| 1 +
target/riscv/cpu_helper.c | 54 +++
target/riscv
t.
Adds ssp to migration state as well.
Signed-off-by: Deepak Gupta
Co-developed-by: Jim Shu
Co-developed-by: Andy Chiu
Reviewed-by: Richard Henderson
Reviewed-by: Alistair Francis
---
target/riscv/cpu.c| 2 ++
target/riscv/cpu.h| 3 +++
target/riscv/cpu_bits.h | 6 +
`.
Signed-off-by: Deepak Gupta
Reviewed-by: Richard Henderson
Reviewed-by: Alistair Francis
---
target/riscv/cpu.h| 2 ++
target/riscv/cpu_helper.c | 3 +++
target/riscv/csr.c| 1 +
3 files changed, 6 insertions(+)
diff --git a/target/riscv/cpu.h b/target/riscv/cpu.h
index
On Thu, Oct 03, 2024 at 11:33:35AM -0700, Deepak Gupta wrote:
`check_zicbom_access` (`cbo.clean/flush/inval`) may probe shadow stack
memory and must always raise store/AMO access fault because it has store
semantics.
For non-shadow stack memory even though `cbo.clean/flush/inval` have
store
sspush and sspopchk have equivalent compressed encoding taken from zcmop.
cmop.1 is sspush x1 while cmop.5 is sspopchk x5. Due to unusual encoding
for both rs1 and rs2 from space bitfield, this required a new codec.
Signed-off-by: Deepak Gupta
Acked-by: Alistair Francis
---
disas/riscv.c | 19
Signed-off-by: Deepak Gupta
Reviewed-by: Alistair Francis
---
target/riscv/cpu.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/target/riscv/cpu.c b/target/riscv/cpu.c
index ac5ad6fa9d..0751d08d85 100644
--- a/target/riscv/cpu.c
+++ b/target/riscv/cpu.c
@@ -1473,6 +1473,7 @@ const
zicfiss [1] riscv cpu extension enables backward control flow integrity.
This patch sets up space for zicfiss extension in cpuconfig. And imple-
ments dependency on A, zicsr, zimop and zcmop extensions.
[1] - https://github.com/riscv/riscv-cfi
Signed-off-by: Deepak Gupta
Co-developed-by: Jim
enabled or not.
Signed-off-by: Deepak Gupta
Co-developed-by: Jim Shu
Co-developed-by: Andy Chiu
Reviewed-by: Richard Henderson
Reviewed-by: Alistair Francis
---
target/riscv/cpu.h| 2 ++
target/riscv/cpu_helper.c | 4
target/riscv/translate.c | 3 +++
3 files changed, 9 insertions
- Style changes.
- fixes assert condition in accel/tcg
v2:
- added missed file (in v1) for shadow stack instructions implementation.
Deepak Gupta (21):
target/riscv: expose *envcfg csr and priv to qemu-user as well
target/riscv: Add zicfilp extension
target/riscv: Introduce elp stat
Signed-off-by: Deepak Gupta
Reviewed-by: Alistair Francis
---
target/riscv/cpu.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/target/riscv/cpu.c b/target/riscv/cpu.c
index 05f727222e..135559fc95 100644
--- a/target/riscv/cpu.c
+++ b/target/riscv/cpu.c
@@ -1469,6 +1469,7 @@ const
well.
Signed-off-by: Deepak Gupta
---
target/riscv/cpu_helper.c | 22 +-
1 file changed, 13 insertions(+), 9 deletions(-)
diff --git a/target/riscv/cpu_helper.c b/target/riscv/cpu_helper.c
index 5580f5f3f3..ab46f694b5 100644
--- a/target/riscv/cpu_helper.c
+++ b/target/
`.
Signed-off-by: Deepak Gupta
Reviewed-by: Richard Henderson
Reviewed-by: Alistair Francis
---
target/riscv/cpu.h| 2 ++
target/riscv/cpu_helper.c | 3 +++
target/riscv/csr.c| 1 +
3 files changed, 6 insertions(+)
diff --git a/target/riscv/cpu.h b/target/riscv/cpu.h
index
sspush/sspopchk have compressed encodings carved out of zcmops.
compressed sspush is designated as c.mop.1 while compressed sspopchk
is designated as c.mop.5.
Note that c.sspush x1 exists while c.sspush x5 doesn't. Similarly
c.sspopchk x5 exists while c.sspopchk x1 doesn't.
Signed-off-
`lpad`. If they don't match, cpu raises a
sw check exception with tval = 2.
Signed-off-by: Deepak Gupta
Co-developed-by: Jim Shu
Co-developed-by: Andy Chiu
Reviewed-by: Richard Henderson
Reviewed-by: Alistair Francis
---
target/riscv/cpu_user.h | 1 +
target/riscv/i
/qemu/-/issues/594
Signed-off-by: Deepak Gupta
Reviewed-by: Richard Henderson
Reviewed-by: Alistair Francis
---
target/riscv/insn_trans/trans_privileged.c.inc | 8
target/riscv/insn_trans/trans_rva.c.inc| 4 ++--
target/riscv/insn_trans/trans_rvd.c.inc| 4
`lpad` gets
translated, fcfi_lp_expected flag in DisasContext can be cleared. Else
it'll fault.
Signed-off-by: Deepak Gupta
Co-developed-by: Jim Shu
Co-developed-by: Andy Chiu
Suggested-by: Richard Henderson
Reviewed-by: Richard Henderson
Reviewed-by: Alistair Francis
---
target/riscv/
This patch adds one more word for tcg compile which can be obtained during
unwind time to determine fault type for original operation (example AMO).
Depending on that, fault can be promoted to store/AMO fault.
Signed-off-by: Deepak Gupta
Suggested-by: Richard Henderson
Reviewed-by: Richard
t.
Adds ssp to migration state as well.
Signed-off-by: Deepak Gupta
Co-developed-by: Jim Shu
Co-developed-by: Andy Chiu
Reviewed-by: Richard Henderson
Reviewed-by: Alistair Francis
---
target/riscv/cpu.c| 2 ++
target/riscv/cpu.h| 3 +++
target/riscv/cpu_bits.h | 6 +
accesses to RO memory
leads to store page fault.
To implement special nature of shadow stack memory where only selected
stores (shadow stack stores from sspush) have to be allowed while rest
of regular stores disallowed, new MMU TLB index is created for shadow
stack.
Signed-off-by: Deepak Gupta
stack atomically
sspopchk/sspush/ssrdp default to zimop if zimop implemented and SSE=0
If SSE=0, ssamoswap is illegal instruction exception.
This patch implements shadow stack operations for qemu-user and shadow
stack is not protected.
Signed-off-by: Deepak Gupta
Co-developed-by: Jim Shu
Co
: Deepak Gupta
Co-developed-by: Jim Shu
Co-developed-by: Andy Chiu
Reviewed-by: Alistair Francis
---
target/riscv/cpu.c | 1 +
target/riscv/cpu_cfg.h | 1 +
target/riscv/tcg/tcg-cpu.c | 5 +
3 files changed, 7 insertions(+)
diff --git a/target/riscv/cpu.c b/target/riscv/cpu.c
index
Enable disassembly for sspush, sspopchk, ssrdp & ssamoswap.
Disasembly is only enabled if zimop and zicfiss ext is set to true.
Signed-off-by: Deepak Gupta
Acked-by: Alistair Francis
---
disas/riscv.c | 40 +++-
disas/riscv.h | 1 +
2 files changed
need arises then `henvcfg` could be exposed as well.
Relevant discussion:
https://lore.kernel.org/all/cakmqykotvwpfep2mstqvdumjerkh+bqcckeq4hanydfpdwk...@mail.gmail.com/
Signed-off-by: Deepak Gupta
Suggested-by: Richard Henderson
Reviewed-by: Richard Henderson
Reviewed-by: Alistair Fr
Signed-off-by: Deepak Gupta
Co-developed-by: Jim Shu
Co-developed-by: Andy Chiu
Reviewed-by: Richard Henderson
Reviewed-by: Alistair Francis
---
disas/riscv.c | 18 +-
disas/riscv.h | 2 ++
2 files changed, 19 insertions(+), 1 deletion(-)
diff --git a/disas/riscv.c b/disas
te back
to NO_LP_EXPECTED. On reset, elp is set to NO_LP_EXPECTED.
zicfilp is enabled via bit2 in *envcfg CSRs. Enabling control for M-mode
is in mseccfg CSR at bit position 10.
On trap, elp state is saved away in *status.
Adds elp to the migration state as well.
Signed-off-by: Deepak Gupta
Co-developed-by: J
on
*envcfg (for U, VU, S, VU, HS) or mseccfg csr (for M).
Signed-off-by: Deepak Gupta
Co-developed-by: Jim Shu
Co-developed-by: Andy Chiu
Reviewed-by: Richard Henderson
---
target/riscv/cpu.h| 1 +
target/riscv/cpu_helper.c | 54 +++
target/riscv
Signed-off-by: Deepak Gupta
Reviewed-by: Alistair Francis
---
target/riscv/cpu.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/target/riscv/cpu.c b/target/riscv/cpu.c
index a0490e29f9..b4b578003f 100644
--- a/target/riscv/cpu.c
+++ b/target/riscv/cpu.c
@@ -1495,6 +1495,7 @@ const
Enable disassembly for sspush, sspopchk, ssrdp & ssamoswap.
Disasembly is only enabled if zimop and zicfiss ext is set to true.
Signed-off-by: Deepak Gupta
Acked-by: Alistair Francis
---
disas/riscv.c | 40 +++-
disas/riscv.h | 1 +
2 files changed
sspush/sspopchk have compressed encodings carved out of zcmops.
compressed sspush is designated as c.mop.1 while compressed sspopchk
is designated as c.mop.5.
Note that c.sspush x1 exists while c.sspush x5 doesn't. Similarly
c.sspopchk x5 exists while c.sspopchk x1 doesn't.
Signed-off-
t.
Adds ssp to migration state as well.
Signed-off-by: Deepak Gupta
Co-developed-by: Jim Shu
Co-developed-by: Andy Chiu
Reviewed-by: Richard Henderson
Reviewed-by: Alistair Francis
---
target/riscv/cpu.c| 2 ++
target/riscv/cpu.h| 3 +++
target/riscv/cpu_bits.h | 6 +
need arises then `henvcfg` could be exposed as well.
Relevant discussion:
https://lore.kernel.org/all/cakmqykotvwpfep2mstqvdumjerkh+bqcckeq4hanydfpdwk...@mail.gmail.com/
Signed-off-by: Deepak Gupta
Suggested-by: Richard Henderson
Reviewed-by: Richard Henderson
Reviewed-by: Alistair Fr
`lpad`. If they don't match, cpu raises a
sw check exception with tval = 2.
Signed-off-by: Deepak Gupta
Co-developed-by: Jim Shu
Co-developed-by: Andy Chiu
Reviewed-by: Richard Henderson
Reviewed-by: Alistair Francis
---
target/riscv/cpu_user.h | 1 +
target/riscv/i
`.
Signed-off-by: Deepak Gupta
Reviewed-by: Richard Henderson
Reviewed-by: Alistair Francis
---
target/riscv/cpu.h| 2 ++
target/riscv/cpu_helper.c | 3 +++
target/riscv/csr.c| 1 +
3 files changed, 6 insertions(+)
diff --git a/target/riscv/cpu.h b/target/riscv/cpu.h
index
Signed-off-by: Deepak Gupta
Reviewed-by: Alistair Francis
---
target/riscv/cpu.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/target/riscv/cpu.c b/target/riscv/cpu.c
index 4172774087..3e72df6ef8 100644
--- a/target/riscv/cpu.c
+++ b/target/riscv/cpu.c
@@ -1499,6 +1499,7 @@ const
accesses to RO memory
leads to store page fault.
To implement special nature of shadow stack memory where only selected
stores (shadow stack stores from sspush) have to be allowed while rest
of regular stores disallowed, new MMU TLB index is created for shadow
stack.
Signed-off-by: Deepak Gupta
`lpad` gets
translated, fcfi_lp_expected flag in DisasContext can be cleared. Else
it'll fault.
Signed-off-by: Deepak Gupta
Co-developed-by: Jim Shu
Co-developed-by: Andy Chiu
Suggested-by: Richard Henderson
Reviewed-by: Richard Henderson
Reviewed-by: Alistair Francis
---
target/riscv/
te back
to NO_LP_EXPECTED. On reset, elp is set to NO_LP_EXPECTED.
zicfilp is enabled via bit2 in *envcfg CSRs. Enabling control for M-mode
is in mseccfg CSR at bit position 10.
On trap, elp state is saved away in *status.
Adds elp to the migration state as well.
Signed-off-by: Deepak Gupta
Co-developed-by: J
on
*envcfg (for U, VU, S, VU, HS) or mseccfg csr (for M).
Signed-off-by: Deepak Gupta
Co-developed-by: Jim Shu
Co-developed-by: Andy Chiu
Reviewed-by: Richard Henderson
---
target/riscv/cpu.h| 1 +
target/riscv/cpu_helper.c | 54 +++
target/riscv
/qemu/-/issues/594
Signed-off-by: Deepak Gupta
Reviewed-by: Richard Henderson
Reviewed-by: Alistair Francis
---
target/riscv/insn_trans/trans_privileged.c.inc | 8
target/riscv/insn_trans/trans_rva.c.inc| 4 ++--
target/riscv/insn_trans/trans_rvd.c.inc| 4
sspush and sspopchk have equivalent compressed encoding taken from zcmop.
cmop.1 is sspush x1 while cmop.5 is sspopchk x5. Due to unusual encoding
for both rs1 and rs2 from space bitfield, this required a new codec.
Signed-off-by: Deepak Gupta
Acked-by: Alistair Francis
---
disas/riscv.c | 19
zicfiss [1] riscv cpu extension enables backward control flow integrity.
This patch sets up space for zicfiss extension in cpuconfig. And imple-
ments dependency on A, zicsr, zimop and zcmop extensions.
[1] - https://github.com/riscv/riscv-cfi
Signed-off-by: Deepak Gupta
Co-developed-by: Jim
Signed-off-by: Deepak Gupta
Co-developed-by: Jim Shu
Co-developed-by: Andy Chiu
Reviewed-by: Richard Henderson
Reviewed-by: Alistair Francis
---
disas/riscv.c | 18 +-
disas/riscv.h | 2 ++
2 files changed, 19 insertions(+), 1 deletion(-)
diff --git a/disas/riscv.c b/disas
This patch adds one more word for tcg compile which can be obtained during
unwind time to determine fault type for original operation (example AMO).
Depending on that, fault can be promoted to store/AMO fault.
Signed-off-by: Deepak Gupta
Suggested-by: Richard Henderson
Reviewed-by: Richard
stack atomically
sspopchk/sspush/ssrdp default to zimop if zimop implemented and SSE=0
If SSE=0, ssamoswap is illegal instruction exception.
This patch implements shadow stack operations for qemu-user and shadow
stack is not protected.
Signed-off-by: Deepak Gupta
Co-developed-by: Jim Shu
Co
enabled or not.
Signed-off-by: Deepak Gupta
Co-developed-by: Jim Shu
Co-developed-by: Andy Chiu
Reviewed-by: Richard Henderson
Reviewed-by: Alistair Francis
---
target/riscv/cpu.h| 2 ++
target/riscv/cpu_helper.c | 4
target/riscv/translate.c | 3 +++
3 files changed, 9 insertions
- fixes assert condition in accel/tcg
v2:
- added missed file (in v1) for shadow stack instructions implementation.
Deepak Gupta (20):
target/riscv: expose *envcfg csr and priv to qemu-user as well
target/riscv: Add zicfilp extension
target/riscv: Introduce elp state and enabling contr
: Deepak Gupta
Co-developed-by: Jim Shu
Co-developed-by: Andy Chiu
Reviewed-by: Alistair Francis
---
target/riscv/cpu.c | 1 +
target/riscv/cpu_cfg.h | 1 +
target/riscv/tcg/tcg-cpu.c | 5 +
3 files changed, 7 insertions(+)
diff --git a/target/riscv/cpu.c b/target/riscv/cpu.c
index
ons
to not require helper.
- tcg helpers only for cfi violation cases so that trace hooks can be
placed.
- Style changes.
- fixes assert condition in accel/tcg
v2:
- added missed file (in v1) for shadow stack instructions implementation.
Deepak Gupta (20):
target/riscv:
`lpad`. If they don't match, cpu raises a
sw check exception with tval = 2.
Signed-off-by: Deepak Gupta
Co-developed-by: Jim Shu
Co-developed-by: Andy Chiu
Reviewed-by: Richard Henderson
Reviewed-by: Alistair Francis
---
target/riscv/cpu_user.h | 1 +
target/riscv/i
`.
Signed-off-by: Deepak Gupta
Reviewed-by: Richard Henderson
Reviewed-by: Alistair Francis
---
target/riscv/cpu.h| 2 ++
target/riscv/cpu_helper.c | 3 +++
target/riscv/csr.c| 1 +
3 files changed, 6 insertions(+)
diff --git a/target/riscv/cpu.h b/target/riscv/cpu.h
index
: Deepak Gupta
Co-developed-by: Jim Shu
Co-developed-by: Andy Chiu
Reviewed-by: Alistair Francis
---
target/riscv/cpu.c | 1 +
target/riscv/cpu_cfg.h | 1 +
target/riscv/tcg/tcg-cpu.c | 5 +
3 files changed, 7 insertions(+)
diff --git a/target/riscv/cpu.c b/target/riscv/cpu.c
index
sspush and sspopchk have equivalent compressed encoding taken from zcmop.
cmop.1 is sspush x1 while cmop.5 is sspopchk x5. Due to unusual encoding
for both rs1 and rs2 from space bitfield, this required a new codec.
Signed-off-by: Deepak Gupta
Acked-by: Alistair Francis
---
disas/riscv.c | 19
Signed-off-by: Deepak Gupta
Co-developed-by: Jim Shu
Co-developed-by: Andy Chiu
Reviewed-by: Richard Henderson
Reviewed-by: Alistair Francis
---
disas/riscv.c | 18 +-
disas/riscv.h | 2 ++
2 files changed, 19 insertions(+), 1 deletion(-)
diff --git a/disas/riscv.c b/disas
stack atomically
sspopchk/sspush/ssrdp default to zimop if zimop implemented and SSE=0
If SSE=0, ssamoswap is illegal instruction exception.
This patch implements shadow stack operations for qemu-user and shadow
stack is not protected.
Signed-off-by: Deepak Gupta
Co-developed-by: Jim Shu
Co
`lpad` gets
translated, fcfi_lp_expected flag in DisasContext can be cleared. Else
it'll fault.
Signed-off-by: Deepak Gupta
Co-developed-by: Jim Shu
Co-developed-by: Andy Chiu
Suggested-by: Richard Henderson
Reviewed-by: Richard Henderson
Reviewed-by: Alistair Francis
---
target/riscv/
Signed-off-by: Deepak Gupta
Reviewed-by: Alistair Francis
---
target/riscv/cpu.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/target/riscv/cpu.c b/target/riscv/cpu.c
index c5ebcefeb5..2592465e24 100644
--- a/target/riscv/cpu.c
+++ b/target/riscv/cpu.c
@@ -1485,6 +1485,7 @@ const
zicfiss [1] riscv cpu extension enables backward control flow integrity.
This patch sets up space for zicfiss extension in cpuconfig. And imple-
ments dependency on A, zicsr, zimop and zcmop extensions.
[1] - https://github.com/riscv/riscv-cfi
Signed-off-by: Deepak Gupta
Co-developed-by: Jim
te back
to NO_LP_EXPECTED. On reset, elp is set to NO_LP_EXPECTED.
zicfilp is enabled via bit2 in *envcfg CSRs. Enabling control for M-mode
is in mseccfg CSR at bit position 10.
On trap, elp state is saved away in *status.
Adds elp to the migration state as well.
Signed-off-by: Deepak Gupta
Co-developed-by: J
enabled or not.
Signed-off-by: Deepak Gupta
Co-developed-by: Jim Shu
Co-developed-by: Andy Chiu
Reviewed-by: Richard Henderson
Reviewed-by: Alistair Francis
---
target/riscv/cpu.h| 2 ++
target/riscv/cpu_helper.c | 4
target/riscv/translate.c | 3 +++
3 files changed, 9 insertions
Enable disassembly for sspush, sspopchk, ssrdp & ssamoswap.
Disasembly is only enabled if zimop and zicfiss ext is set to true.
Signed-off-by: Deepak Gupta
Acked-by: Alistair Francis
---
disas/riscv.c | 40 +++-
disas/riscv.h | 1 +
2 files changed
t.
Adds ssp to migration state as well.
Signed-off-by: Deepak Gupta
Co-developed-by: Jim Shu
Co-developed-by: Andy Chiu
Reviewed-by: Richard Henderson
Reviewed-by: Alistair Francis
---
target/riscv/cpu.c| 2 ++
target/riscv/cpu.h| 3 +++
target/riscv/cpu_bits.h | 6 +
This patch adds one more word for tcg compile which can be obtained during
unwind time to determine fault type for original operation (example AMO).
Depending on that, fault can be promoted to store/AMO fault.
Signed-off-by: Deepak Gupta
Suggested-by: Richard Henderson
Reviewed-by: Richard
Signed-off-by: Deepak Gupta
Reviewed-by: Alistair Francis
---
target/riscv/cpu.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/target/riscv/cpu.c b/target/riscv/cpu.c
index 55754cb374..c9aeffee4e 100644
--- a/target/riscv/cpu.c
+++ b/target/riscv/cpu.c
@@ -1481,6 +1481,7 @@ const
need arises then `henvcfg` could be exposed as well.
Relevant discussion:
https://lore.kernel.org/all/cakmqykotvwpfep2mstqvdumjerkh+bqcckeq4hanydfpdwk...@mail.gmail.com/
Signed-off-by: Deepak Gupta
Suggested-by: Richard Henderson
Reviewed-by: Richard Henderson
Reviewed-by: Alistair Fr
on
*envcfg (for U, VU, S, VU, HS) or mseccfg csr (for M).
Signed-off-by: Deepak Gupta
Co-developed-by: Jim Shu
Co-developed-by: Andy Chiu
Reviewed-by: Richard Henderson
---
target/riscv/cpu.h| 1 +
target/riscv/cpu_helper.c | 54 +++
target/riscv
accesses to RO memory
leads to store page fault.
To implement special nature of shadow stack memory where only selected
stores (shadow stack stores from sspush) have to be allowed while rest
of regular stores disallowed, new MMU TLB index is created for shadow
stack.
Signed-off-by: Deepak Gupta
/qemu/-/issues/594
Signed-off-by: Deepak Gupta
Reviewed-by: Richard Henderson
Reviewed-by: Alistair Francis
---
target/riscv/insn_trans/trans_privileged.c.inc | 8
target/riscv/insn_trans/trans_rva.c.inc| 4 ++--
target/riscv/insn_trans/trans_rvd.c.inc| 4
sspush/sspopchk have compressed encodings carved out of zcmops.
compressed sspush is designated as c.mop.1 while compressed sspopchk
is designated as c.mop.5.
Note that c.sspush x1 exists while c.sspush x5 doesn't. Similarly
c.sspopchk x5 exists while c.sspopchk x1 doesn't.
Signed-off-
On Thu, Aug 29, 2024 at 10:56:41PM -0700, Deepak Gupta wrote:
On Fri, Aug 30, 2024 at 03:20:04PM +1000, Richard Henderson wrote:
On 8/30/24 09:34, Deepak Gupta wrote:
+bool cpu_get_bcfien(CPURISCVState *env)
It occurs to me that a better name would be "cpu_get_sspen".
The backw
On Fri, Aug 30, 2024 at 03:20:04PM +1000, Richard Henderson wrote:
On 8/30/24 09:34, Deepak Gupta wrote:
+bool cpu_get_bcfien(CPURISCVState *env)
It occurs to me that a better name would be "cpu_get_sspen".
The backward cfi is merely a consequence of the shadow stack.
Want me
stack atomically
sspopchk/sspush/ssrdp default to zimop if zimop implemented and SSE=0
If SSE=0, ssamoswap is illegal instruction exception.
This patch implements shadow stack operations for qemu-user and shadow
stack is not protected.
Signed-off-by: Deepak Gupta
Co-developed-by: Jim Shu
Co
1 - 100 of 428 matches
Mail list logo
