Signed-off-by: Deepak Gupta
Reviewed-by: Alistair Francis
---
target/riscv/cpu.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/target/riscv/cpu.c b/target/riscv/cpu.c
index a0490e29f9..b4b578003f 100644
--- a/target/riscv/cpu.c
+++ b/target/riscv/cpu.c
@@ -1495,6 +1495,7 @@ const
Enable disassembly for sspush, sspopchk, ssrdp & ssamoswap.
Disasembly is only enabled if zimop and zicfiss ext is set to true.
Signed-off-by: Deepak Gupta
Acked-by: Alistair Francis
---
disas/riscv.c | 40 +++-
disas/riscv.h | 1 +
2 files changed
sspush/sspopchk have compressed encodings carved out of zcmops.
compressed sspush is designated as c.mop.1 while compressed sspopchk
is designated as c.mop.5.
Note that c.sspush x1 exists while c.sspush x5 doesn't. Similarly
c.sspopchk x5 exists while c.sspopchk x1 doesn't.
Signed-off-
t.
Adds ssp to migration state as well.
Signed-off-by: Deepak Gupta
Co-developed-by: Jim Shu
Co-developed-by: Andy Chiu
Reviewed-by: Richard Henderson
Reviewed-by: Alistair Francis
---
target/riscv/cpu.c| 2 ++
target/riscv/cpu.h| 3 +++
target/riscv/cpu_bits.h | 6 +
need arises then `henvcfg` could be exposed as well.
Relevant discussion:
https://lore.kernel.org/all/cakmqykotvwpfep2mstqvdumjerkh+bqcckeq4hanydfpdwk...@mail.gmail.com/
Signed-off-by: Deepak Gupta
Suggested-by: Richard Henderson
Reviewed-by: Richard Henderson
Reviewed-by: Alistair Fr
`lpad`. If they don't match, cpu raises a
sw check exception with tval = 2.
Signed-off-by: Deepak Gupta
Co-developed-by: Jim Shu
Co-developed-by: Andy Chiu
Reviewed-by: Richard Henderson
Reviewed-by: Alistair Francis
---
target/riscv/cpu_user.h | 1 +
target/riscv/i
`.
Signed-off-by: Deepak Gupta
Reviewed-by: Richard Henderson
Reviewed-by: Alistair Francis
---
target/riscv/cpu.h| 2 ++
target/riscv/cpu_helper.c | 3 +++
target/riscv/csr.c| 1 +
3 files changed, 6 insertions(+)
diff --git a/target/riscv/cpu.h b/target/riscv/cpu.h
index
Signed-off-by: Deepak Gupta
Reviewed-by: Alistair Francis
---
target/riscv/cpu.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/target/riscv/cpu.c b/target/riscv/cpu.c
index 4172774087..3e72df6ef8 100644
--- a/target/riscv/cpu.c
+++ b/target/riscv/cpu.c
@@ -1499,6 +1499,7 @@ const
accesses to RO memory
leads to store page fault.
To implement special nature of shadow stack memory where only selected
stores (shadow stack stores from sspush) have to be allowed while rest
of regular stores disallowed, new MMU TLB index is created for shadow
stack.
Signed-off-by: Deepak Gupta
`lpad` gets
translated, fcfi_lp_expected flag in DisasContext can be cleared. Else
it'll fault.
Signed-off-by: Deepak Gupta
Co-developed-by: Jim Shu
Co-developed-by: Andy Chiu
Suggested-by: Richard Henderson
Reviewed-by: Richard Henderson
Reviewed-by: Alistair Francis
---
target/riscv/
te back
to NO_LP_EXPECTED. On reset, elp is set to NO_LP_EXPECTED.
zicfilp is enabled via bit2 in *envcfg CSRs. Enabling control for M-mode
is in mseccfg CSR at bit position 10.
On trap, elp state is saved away in *status.
Adds elp to the migration state as well.
Signed-off-by: Deepak Gupta
Co-developed-by: J
on
*envcfg (for U, VU, S, VU, HS) or mseccfg csr (for M).
Signed-off-by: Deepak Gupta
Co-developed-by: Jim Shu
Co-developed-by: Andy Chiu
Reviewed-by: Richard Henderson
---
target/riscv/cpu.h| 1 +
target/riscv/cpu_helper.c | 54 +++
target/riscv
/qemu/-/issues/594
Signed-off-by: Deepak Gupta
Reviewed-by: Richard Henderson
Reviewed-by: Alistair Francis
---
target/riscv/insn_trans/trans_privileged.c.inc | 8
target/riscv/insn_trans/trans_rva.c.inc| 4 ++--
target/riscv/insn_trans/trans_rvd.c.inc| 4
sspush and sspopchk have equivalent compressed encoding taken from zcmop.
cmop.1 is sspush x1 while cmop.5 is sspopchk x5. Due to unusual encoding
for both rs1 and rs2 from space bitfield, this required a new codec.
Signed-off-by: Deepak Gupta
Acked-by: Alistair Francis
---
disas/riscv.c | 19
zicfiss [1] riscv cpu extension enables backward control flow integrity.
This patch sets up space for zicfiss extension in cpuconfig. And imple-
ments dependency on A, zicsr, zimop and zcmop extensions.
[1] - https://github.com/riscv/riscv-cfi
Signed-off-by: Deepak Gupta
Co-developed-by: Jim
Signed-off-by: Deepak Gupta
Co-developed-by: Jim Shu
Co-developed-by: Andy Chiu
Reviewed-by: Richard Henderson
Reviewed-by: Alistair Francis
---
disas/riscv.c | 18 +-
disas/riscv.h | 2 ++
2 files changed, 19 insertions(+), 1 deletion(-)
diff --git a/disas/riscv.c b/disas
This patch adds one more word for tcg compile which can be obtained during
unwind time to determine fault type for original operation (example AMO).
Depending on that, fault can be promoted to store/AMO fault.
Signed-off-by: Deepak Gupta
Suggested-by: Richard Henderson
Reviewed-by: Richard
stack atomically
sspopchk/sspush/ssrdp default to zimop if zimop implemented and SSE=0
If SSE=0, ssamoswap is illegal instruction exception.
This patch implements shadow stack operations for qemu-user and shadow
stack is not protected.
Signed-off-by: Deepak Gupta
Co-developed-by: Jim Shu
Co
enabled or not.
Signed-off-by: Deepak Gupta
Co-developed-by: Jim Shu
Co-developed-by: Andy Chiu
Reviewed-by: Richard Henderson
Reviewed-by: Alistair Francis
---
target/riscv/cpu.h| 2 ++
target/riscv/cpu_helper.c | 4
target/riscv/translate.c | 3 +++
3 files changed, 9 insertions
- fixes assert condition in accel/tcg
v2:
- added missed file (in v1) for shadow stack instructions implementation.
Deepak Gupta (20):
target/riscv: expose *envcfg csr and priv to qemu-user as well
target/riscv: Add zicfilp extension
target/riscv: Introduce elp state and enabling contr
: Deepak Gupta
Co-developed-by: Jim Shu
Co-developed-by: Andy Chiu
Reviewed-by: Alistair Francis
---
target/riscv/cpu.c | 1 +
target/riscv/cpu_cfg.h | 1 +
target/riscv/tcg/tcg-cpu.c | 5 +
3 files changed, 7 insertions(+)
diff --git a/target/riscv/cpu.c b/target/riscv/cpu.c
index
ons
to not require helper.
- tcg helpers only for cfi violation cases so that trace hooks can be
placed.
- Style changes.
- fixes assert condition in accel/tcg
v2:
- added missed file (in v1) for shadow stack instructions implementation.
Deepak Gupta (20):
target/riscv:
`lpad`. If they don't match, cpu raises a
sw check exception with tval = 2.
Signed-off-by: Deepak Gupta
Co-developed-by: Jim Shu
Co-developed-by: Andy Chiu
Reviewed-by: Richard Henderson
Reviewed-by: Alistair Francis
---
target/riscv/cpu_user.h | 1 +
target/riscv/i
`.
Signed-off-by: Deepak Gupta
Reviewed-by: Richard Henderson
Reviewed-by: Alistair Francis
---
target/riscv/cpu.h| 2 ++
target/riscv/cpu_helper.c | 3 +++
target/riscv/csr.c| 1 +
3 files changed, 6 insertions(+)
diff --git a/target/riscv/cpu.h b/target/riscv/cpu.h
index
: Deepak Gupta
Co-developed-by: Jim Shu
Co-developed-by: Andy Chiu
Reviewed-by: Alistair Francis
---
target/riscv/cpu.c | 1 +
target/riscv/cpu_cfg.h | 1 +
target/riscv/tcg/tcg-cpu.c | 5 +
3 files changed, 7 insertions(+)
diff --git a/target/riscv/cpu.c b/target/riscv/cpu.c
index
sspush and sspopchk have equivalent compressed encoding taken from zcmop.
cmop.1 is sspush x1 while cmop.5 is sspopchk x5. Due to unusual encoding
for both rs1 and rs2 from space bitfield, this required a new codec.
Signed-off-by: Deepak Gupta
Acked-by: Alistair Francis
---
disas/riscv.c | 19
Signed-off-by: Deepak Gupta
Co-developed-by: Jim Shu
Co-developed-by: Andy Chiu
Reviewed-by: Richard Henderson
Reviewed-by: Alistair Francis
---
disas/riscv.c | 18 +-
disas/riscv.h | 2 ++
2 files changed, 19 insertions(+), 1 deletion(-)
diff --git a/disas/riscv.c b/disas
stack atomically
sspopchk/sspush/ssrdp default to zimop if zimop implemented and SSE=0
If SSE=0, ssamoswap is illegal instruction exception.
This patch implements shadow stack operations for qemu-user and shadow
stack is not protected.
Signed-off-by: Deepak Gupta
Co-developed-by: Jim Shu
Co
`lpad` gets
translated, fcfi_lp_expected flag in DisasContext can be cleared. Else
it'll fault.
Signed-off-by: Deepak Gupta
Co-developed-by: Jim Shu
Co-developed-by: Andy Chiu
Suggested-by: Richard Henderson
Reviewed-by: Richard Henderson
Reviewed-by: Alistair Francis
---
target/riscv/
Signed-off-by: Deepak Gupta
Reviewed-by: Alistair Francis
---
target/riscv/cpu.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/target/riscv/cpu.c b/target/riscv/cpu.c
index c5ebcefeb5..2592465e24 100644
--- a/target/riscv/cpu.c
+++ b/target/riscv/cpu.c
@@ -1485,6 +1485,7 @@ const
zicfiss [1] riscv cpu extension enables backward control flow integrity.
This patch sets up space for zicfiss extension in cpuconfig. And imple-
ments dependency on A, zicsr, zimop and zcmop extensions.
[1] - https://github.com/riscv/riscv-cfi
Signed-off-by: Deepak Gupta
Co-developed-by: Jim
te back
to NO_LP_EXPECTED. On reset, elp is set to NO_LP_EXPECTED.
zicfilp is enabled via bit2 in *envcfg CSRs. Enabling control for M-mode
is in mseccfg CSR at bit position 10.
On trap, elp state is saved away in *status.
Adds elp to the migration state as well.
Signed-off-by: Deepak Gupta
Co-developed-by: J
enabled or not.
Signed-off-by: Deepak Gupta
Co-developed-by: Jim Shu
Co-developed-by: Andy Chiu
Reviewed-by: Richard Henderson
Reviewed-by: Alistair Francis
---
target/riscv/cpu.h| 2 ++
target/riscv/cpu_helper.c | 4
target/riscv/translate.c | 3 +++
3 files changed, 9 insertions
Enable disassembly for sspush, sspopchk, ssrdp & ssamoswap.
Disasembly is only enabled if zimop and zicfiss ext is set to true.
Signed-off-by: Deepak Gupta
Acked-by: Alistair Francis
---
disas/riscv.c | 40 +++-
disas/riscv.h | 1 +
2 files changed
t.
Adds ssp to migration state as well.
Signed-off-by: Deepak Gupta
Co-developed-by: Jim Shu
Co-developed-by: Andy Chiu
Reviewed-by: Richard Henderson
Reviewed-by: Alistair Francis
---
target/riscv/cpu.c| 2 ++
target/riscv/cpu.h| 3 +++
target/riscv/cpu_bits.h | 6 +
This patch adds one more word for tcg compile which can be obtained during
unwind time to determine fault type for original operation (example AMO).
Depending on that, fault can be promoted to store/AMO fault.
Signed-off-by: Deepak Gupta
Suggested-by: Richard Henderson
Reviewed-by: Richard
Signed-off-by: Deepak Gupta
Reviewed-by: Alistair Francis
---
target/riscv/cpu.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/target/riscv/cpu.c b/target/riscv/cpu.c
index 55754cb374..c9aeffee4e 100644
--- a/target/riscv/cpu.c
+++ b/target/riscv/cpu.c
@@ -1481,6 +1481,7 @@ const
need arises then `henvcfg` could be exposed as well.
Relevant discussion:
https://lore.kernel.org/all/cakmqykotvwpfep2mstqvdumjerkh+bqcckeq4hanydfpdwk...@mail.gmail.com/
Signed-off-by: Deepak Gupta
Suggested-by: Richard Henderson
Reviewed-by: Richard Henderson
Reviewed-by: Alistair Fr
on
*envcfg (for U, VU, S, VU, HS) or mseccfg csr (for M).
Signed-off-by: Deepak Gupta
Co-developed-by: Jim Shu
Co-developed-by: Andy Chiu
Reviewed-by: Richard Henderson
---
target/riscv/cpu.h| 1 +
target/riscv/cpu_helper.c | 54 +++
target/riscv
accesses to RO memory
leads to store page fault.
To implement special nature of shadow stack memory where only selected
stores (shadow stack stores from sspush) have to be allowed while rest
of regular stores disallowed, new MMU TLB index is created for shadow
stack.
Signed-off-by: Deepak Gupta
/qemu/-/issues/594
Signed-off-by: Deepak Gupta
Reviewed-by: Richard Henderson
Reviewed-by: Alistair Francis
---
target/riscv/insn_trans/trans_privileged.c.inc | 8
target/riscv/insn_trans/trans_rva.c.inc| 4 ++--
target/riscv/insn_trans/trans_rvd.c.inc| 4
sspush/sspopchk have compressed encodings carved out of zcmops.
compressed sspush is designated as c.mop.1 while compressed sspopchk
is designated as c.mop.5.
Note that c.sspush x1 exists while c.sspush x5 doesn't. Similarly
c.sspopchk x5 exists while c.sspopchk x1 doesn't.
Signed-off-
On Thu, Aug 29, 2024 at 10:56:41PM -0700, Deepak Gupta wrote:
On Fri, Aug 30, 2024 at 03:20:04PM +1000, Richard Henderson wrote:
On 8/30/24 09:34, Deepak Gupta wrote:
+bool cpu_get_bcfien(CPURISCVState *env)
It occurs to me that a better name would be "cpu_get_sspen".
The backw
On Fri, Aug 30, 2024 at 03:20:04PM +1000, Richard Henderson wrote:
On 8/30/24 09:34, Deepak Gupta wrote:
+bool cpu_get_bcfien(CPURISCVState *env)
It occurs to me that a better name would be "cpu_get_sspen".
The backward cfi is merely a consequence of the shadow stack.
Want me
stack atomically
sspopchk/sspush/ssrdp default to zimop if zimop implemented and SSE=0
If SSE=0, ssamoswap is illegal instruction exception.
This patch implements shadow stack operations for qemu-user and shadow
stack is not protected.
Signed-off-by: Deepak Gupta
Co-developed-by: Jim Shu
Co
Signed-off-by: Deepak Gupta
Co-developed-by: Jim Shu
Co-developed-by: Andy Chiu
Reviewed-by: Richard Henderson
Reviewed-by: Alistair Francis
---
disas/riscv.c | 18 +-
disas/riscv.h | 2 ++
2 files changed, 19 insertions(+), 1 deletion(-)
diff --git a/disas/riscv.c b/disas
/qemu/-/issues/594
Signed-off-by: Deepak Gupta
Reviewed-by: Richard Henderson
Reviewed-by: Alistair Francis
---
target/riscv/insn_trans/trans_privileged.c.inc | 8
target/riscv/insn_trans/trans_rva.c.inc| 4 ++--
target/riscv/insn_trans/trans_rvd.c.inc| 4
sspush/sspopchk have compressed encodings carved out of zcmops.
compressed sspush is designated as c.mop.1 while compressed sspopchk
is designated as c.mop.5.
Note that c.sspush x1 exists while c.sspush x5 doesn't. Similarly
c.sspopchk x5 exists while c.sspopchk x1 doesn't.
Signed-off-
`.
Signed-off-by: Deepak Gupta
Reviewed-by: Richard Henderson
Reviewed-by: Alistair Francis
---
target/riscv/cpu.h| 2 ++
target/riscv/cpu_helper.c | 3 +++
target/riscv/csr.c| 1 +
3 files changed, 6 insertions(+)
diff --git a/target/riscv/cpu.h b/target/riscv/cpu.h
index
zicfiss [1] riscv cpu extension enables backward control flow integrity.
This patch sets up space for zicfiss extension in cpuconfig. And imple-
ments dependency on A, zicsr, zimop and zcmop extensions.
[1] - https://github.com/riscv/riscv-cfi
Signed-off-by: Deepak Gupta
Co-developed-by: Jim
Signed-off-by: Deepak Gupta
Reviewed-by: Alistair Francis
---
target/riscv/cpu.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/target/riscv/cpu.c b/target/riscv/cpu.c
index c5ebcefeb5..2592465e24 100644
--- a/target/riscv/cpu.c
+++ b/target/riscv/cpu.c
@@ -1485,6 +1485,7 @@ const
nd shadow stack instructions
to not require helper.
- tcg helpers only for cfi violation cases so that trace hooks can be
placed.
- Style changes.
- fixes assert condition in accel/tcg
v2:
- added missed file (in v1) for shadow stack instructions implementation.
Deepak Gupta (20):
This patch adds one more word for tcg compile which can be obtained during
unwind time to determine fault type for original operation (example AMO).
Depending on that, fault can be promoted to store/AMO fault.
Signed-off-by: Deepak Gupta
Suggested-by: Richard Henderson
Reviewed-by: Richard
not. qemu-user also gets field
`ubcfien` indicating whether qemu user has shadow stack enabled or not.
Adds ssp to migration state as well.
Signed-off-by: Deepak Gupta
Co-developed-by: Jim Shu
Co-developed-by: Andy Chiu
Reviewed-by: Richard Henderson
Reviewed-by: Alistair Francis
---
targe
Signed-off-by: Deepak Gupta
Reviewed-by: Alistair Francis
---
target/riscv/cpu.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/target/riscv/cpu.c b/target/riscv/cpu.c
index 55754cb374..c9aeffee4e 100644
--- a/target/riscv/cpu.c
+++ b/target/riscv/cpu.c
@@ -1481,6 +1481,7 @@ const
Enable disassembly for sspush, sspopchk, ssrdp & ssamoswap.
Disasembly is only enabled if zimop and zicfiss ext is set to true.
Signed-off-by: Deepak Gupta
Acked-by: Alistair Francis
---
disas/riscv.c | 40 +++-
disas/riscv.h | 1 +
2 files changed
accesses to RO memory
leads to store page fault.
To implement special nature of shadow stack memory where only selected
stores (shadow stack stores from sspush) have to be allowed while rest
of regular stores disallowed, new MMU TLB index is created for shadow
stack.
Signed-off-by: Deepak Gupta
enabled or not.
Signed-off-by: Deepak Gupta
Co-developed-by: Jim Shu
Co-developed-by: Andy Chiu
Reviewed-by: Richard Henderson
Reviewed-by: Alistair Francis
---
target/riscv/cpu.h| 2 ++
target/riscv/cpu_helper.c | 4
target/riscv/translate.c | 3 +++
3 files changed, 9 insertions
need arises then `henvcfg` could be exposed as well.
Relevant discussion:
https://lore.kernel.org/all/cakmqykotvwpfep2mstqvdumjerkh+bqcckeq4hanydfpdwk...@mail.gmail.com/
Signed-off-by: Deepak Gupta
Suggested-by: Richard Henderson
Reviewed-by: Alistair Francis
---
target/riscv/cpu.c | 5 +
t
sspush and sspopchk have equivalent compressed encoding taken from zcmop.
cmop.1 is sspush x1 while cmop.5 is sspopchk x5. Due to unusual encoding
for both rs1 and rs2 from space bitfield, this required a new codec.
Signed-off-by: Deepak Gupta
Acked-by: Alistair Francis
---
disas/riscv.c | 19
: Deepak Gupta
Co-developed-by: Jim Shu
Co-developed-by: Andy Chiu
Reviewed-by: Alistair Francis
---
target/riscv/cpu.c | 1 +
target/riscv/cpu_cfg.h | 1 +
target/riscv/tcg/tcg-cpu.c | 5 +
3 files changed, 7 insertions(+)
diff --git a/target/riscv/cpu.c b/target/riscv/cpu.c
index
`lpad` gets
translated, fcfi_lp_expected flag in DisasContext can be cleared. Else
it'll fault.
Signed-off-by: Deepak Gupta
Co-developed-by: Jim Shu
Co-developed-by: Andy Chiu
Suggested-by: Richard Henderson
Reviewed-by: Richard Henderson
Reviewed-by: Alistair Francis
---
target/riscv/
on
*envcfg (for U, VU, S, VU, HS) or mseccfg csr (for M). For qemu-user, a
new field `ufcfien` is introduced which is by default set to false and
helper function returns value deposited in `ufcfien` for qemu-user.
Signed-off-by: Deepak Gupta
Co-developed-by: Jim Shu
Co-developed-by: Andy Chiu
`lpad`. If they don't match, cpu raises a
sw check exception with tval = 2.
Signed-off-by: Deepak Gupta
Co-developed-by: Jim Shu
Co-developed-by: Andy Chiu
Reviewed-by: Richard Henderson
Reviewed-by: Alistair Francis
---
target/riscv/cpu_user.h | 1 +
target/riscv/i
te back
to NO_LP_EXPECTED. On reset, elp is set to NO_LP_EXPECTED.
zicfilp is enabled via bit2 in *envcfg CSRs. Enabling control for M-mode
is in mseccfg CSR at bit position 10.
On trap, elp state is saved away in *status.
Adds elp to the migration state as well.
Signed-off-by: Deepak Gupta
Co-developed-by: J
On Thu, Aug 29, 2024 at 10:03:04AM +1000, Alistair Francis wrote:
On Thu, Aug 29, 2024 at 9:45 AM Deepak Gupta wrote:
On Thu, Aug 29, 2024 at 09:29:49AM +1000, Alistair Francis wrote:
>On Thu, Aug 29, 2024 at 3:49 AM Deepak Gupta wrote:
>>
>> prot |= PAGE_WRITE;
>&
On Thu, Aug 29, 2024 at 10:07:15AM +1000, Alistair Francis wrote:
On Thu, Aug 29, 2024 at 10:06 AM Deepak Gupta wrote:
On Thu, Aug 29, 2024 at 10:01:30AM +1000, Alistair Francis wrote:
>On Thu, Aug 29, 2024 at 3:53 AM Deepak Gupta wrote:
>>
>> zicfiss has followi
On Thu, Aug 29, 2024 at 10:01:30AM +1000, Alistair Francis wrote:
On Thu, Aug 29, 2024 at 3:53 AM Deepak Gupta wrote:
zicfiss has following instructions
- sspopchk: pops a value from shadow stack and compares with x1/x5.
If they dont match, reports a sw check exception with tval = 3
On Thu, Aug 29, 2024 at 09:29:49AM +1000, Alistair Francis wrote:
On Thu, Aug 29, 2024 at 3:49 AM Deepak Gupta wrote:
zicfiss protects shadow stack using new page table encodings PTE.W=1,
PTE.R=0 and PTE.X=0. This encoding is reserved if zicfiss is not
implemented or if shadow stack are not
not. qemu-user also gets field
`ubcfien` indicating whether qemu user has shadow stack enabled or not.
Adds ssp to migration state as well.
Signed-off-by: Deepak Gupta
Co-developed-by: Jim Shu
Co-developed-by: Andy Chiu
Reviewed-by: Richard Henderson
---
target/riscv/cpu.c| 2 ++
targe
zicfiss [1] riscv cpu extension enables backward control flow integrity.
This patch sets up space for zicfiss extension in cpuconfig. And imple-
ments dependency on A, zicsr, zimop and zcmop extensions.
[1] - https://github.com/riscv/riscv-cfi
Signed-off-by: Deepak Gupta
Co-developed-by: Jim
On Wed, Aug 28, 2024 at 10:47:18AM -0700, Deepak Gupta wrote:
v11 for riscv zicfilp and zicfiss extensions support in qemu.
Sorry once again, some problem in my work-flow and it missed picked up below
"
zicfilp and zicfiss spec pdf
https://github.com/riscv/riscv-cfi/releases/download
enabled or not.
Signed-off-by: Deepak Gupta
Co-developed-by: Jim Shu
Co-developed-by: Andy Chiu
Reviewed-by: Richard Henderson
Reviewed-by: Alistair Francis
---
target/riscv/cpu.h| 2 ++
target/riscv/cpu_helper.c | 4
target/riscv/translate.c | 4
3 files changed, 10
Extra word 2 is stored during tcg compile and `decode_save_opc` needs
additional argument in order to pass the value. This will be used during
unwind to get extra information about instruction like how to massage
exceptions. Updated all callsites as well.
Signed-off-by: Deepak Gupta
Reviewed-by
on
*envcfg (for U, VU, S, VU, HS) or mseccfg csr (for M). For qemu-user, a
new field `ufcfien` is introduced which is by default set to false and
helper function returns value deposited in `ufcfien` for qemu-user.
Signed-off-by: Deepak Gupta
Co-developed-by: Jim Shu
Co-developed-by: Andy Chiu
`lpad` gets
translated, fcfi_lp_expected flag in DisasContext can be cleared. Else
it'll fault.
Signed-off-by: Deepak Gupta
Co-developed-by: Jim Shu
Co-developed-by: Andy Chiu
Suggested-by: Richard Henderson
Reviewed-by: Richard Henderson
Reviewed-by: Alistair Francis
---
target/riscv/
Signed-off-by: Deepak Gupta
Reviewed-by: Alistair Francis
---
target/riscv/cpu.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/target/riscv/cpu.c b/target/riscv/cpu.c
index 55754cb374..c9aeffee4e 100644
--- a/target/riscv/cpu.c
+++ b/target/riscv/cpu.c
@@ -1481,6 +1481,7 @@ const
Signed-off-by: Deepak Gupta
---
target/riscv/cpu.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/target/riscv/cpu.c b/target/riscv/cpu.c
index c5ebcefeb5..2592465e24 100644
--- a/target/riscv/cpu.c
+++ b/target/riscv/cpu.c
@@ -1485,6 +1485,7 @@ const RISCVCPUMultiExtConfig
Signed-off-by: Deepak Gupta
Co-developed-by: Jim Shu
Co-developed-by: Andy Chiu
Reviewed-by: Richard Henderson
Reviewed-by: Alistair Francis
---
disas/riscv.c | 18 +-
disas/riscv.h | 2 ++
2 files changed, 19 insertions(+), 1 deletion(-)
diff --git a/disas/riscv.c b/disas
sspush and sspopchk have equivalent compressed encoding taken from zcmop.
cmop.1 is sspush x1 while cmop.5 is sspopchk x5. Due to unusual encoding
for both rs1 and rs2 from space bitfield, this required a new codec.
Signed-off-by: Deepak Gupta
---
disas/riscv.c | 19 ++-
disas
`lpad`. If they don't match, cpu raises a
sw check exception with tval = 2.
Signed-off-by: Deepak Gupta
Co-developed-by: Jim Shu
Co-developed-by: Andy Chiu
Reviewed-by: Richard Henderson
Reviewed-by: Alistair Francis
---
target/riscv/cpu_user.h | 1 +
target/riscv/i
: Deepak Gupta
Co-developed-by: Jim Shu
Co-developed-by: Andy Chiu
Reviewed-by: Alistair Francis
---
target/riscv/cpu.c | 1 +
target/riscv/cpu_cfg.h | 1 +
target/riscv/tcg/tcg-cpu.c | 5 +
3 files changed, 7 insertions(+)
diff --git a/target/riscv/cpu.c b/target/riscv/cpu.c
index
sspush/sspopchk have compressed encodings carved out of zcmops.
compressed sspush is designated as c.mop.1 while compressed sspopchk
is designated as c.mop.5.
Note that c.sspush x1 exists while c.sspush x5 doesn't. Similarly
c.sspopchk x5 exists while c.sspopchk x1 doesn't.
Signed-off-
nd shadow stack instructions
to not require helper.
- tcg helpers only for cfi violation cases so that trace hooks can be
placed.
- Style changes.
- fixes assert condition in accel/tcg
v2:
- added missed file (in v1) for shadow stack instructions implementation.
Deepak Gupta (20):
stack atomically
sspopchk/sspush/ssrdp default to zimop if zimop implemented and SSE=0
If SSE=0, ssamoswap is illegal instruction exception.
This patch implements shadow stack operations for qemu-user and shadow
stack is not protected.
Signed-off-by: Deepak Gupta
Co-developed-by: Jim Shu
Co
Enable disassembly for sspush, sspopchk, ssrdp & ssamoswap.
Disasembly is only enabled if zimop and zicfiss ext is set to true.
Signed-off-by: Deepak Gupta
---
disas/riscv.c | 40 +++-
disas/riscv.h | 1 +
2 files changed, 40 insertions(+), 1 dele
This patch adds one more word for tcg compile which can be obtained during
unwind time to determine fault type for original operation (example AMO).
Depending on that, fault can be promoted to store/AMO fault.
Signed-off-by: Deepak Gupta
Suggested-by: Richard Henderson
Reviewed-by: Richard
`.
Signed-off-by: Deepak Gupta
Reviewed-by: Richard Henderson
Reviewed-by: Alistair Francis
---
target/riscv/cpu.h| 2 ++
target/riscv/cpu_helper.c | 3 +++
target/riscv/csr.c| 1 +
3 files changed, 6 insertions(+)
diff --git a/target/riscv/cpu.h b/target/riscv/cpu.h
index
te back
to NO_LP_EXPECTED. On reset, elp is set to NO_LP_EXPECTED.
zicfilp is enabled via bit2 in *envcfg CSRs. Enabling control for M-mode
is in mseccfg CSR at bit position 10.
On trap, elp state is saved away in *status.
Adds elp to the migration state as well.
Signed-off-by: Deepak Gupta
Co-developed-by: J
accesses to RO memory
leads to store page fault.
To implement special nature of shadow stack memory where only selected
stores (shadow stack stores from sspush) have to be allowed while rest
of regular stores disallowed, new MMU TLB index is created for shadow
stack.
Signed-off-by: Deepak Gupta
need arises then `henvcfg` could be exposed as well.
Relevant discussion:
https://lore.kernel.org/all/cakmqykotvwpfep2mstqvdumjerkh+bqcckeq4hanydfpdwk...@mail.gmail.com/
Signed-off-by: Deepak Gupta
Suggested-by: Richard Henderson
Reviewed-by: Alistair Francis
---
target/riscv/cpu.c | 5 +
t
On Wed, Aug 28, 2024 at 10:10:44AM +1000, Alistair Francis wrote:
On Wed, Aug 28, 2024 at 9:20 AM Deepak Gupta wrote:
set priv to be PRV_U for qemu-user on riscv. And set default value for
*envcfg CSR.
Signed-off-by: Deepak Gupta
You can probably just squash this with the previous patch
On Wed, Aug 28, 2024 at 10:02:42AM +1000, Alistair Francis wrote:
On Wed, Aug 28, 2024 at 9:21 AM Deepak Gupta wrote:
v10 for riscv zicfilp and zicfiss extensions support in qemu.
Please specify the exact version of the spec you used
https://github.com/riscv/riscv-cfi/releases/download
sspush/sspopchk have compressed encodings carved out of zcmops.
compressed sspush is designated as c.mop.1 while compressed sspopchk
is designated as c.mop.5.
Note that c.sspush x1 exists while c.sspush x5 doesn't. Similarly
c.sspopchk x5 exists while c.sspopchk x1 doesn't.
Signed-off-
Extra word 2 is stored during tcg compile and `decode_save_opc` needs
additional argument in order to pass the value. This will be used during
unwind to get extra information about instruction like how to massage
exceptions. Updated all callsites as well.
Signed-off-by: Deepak Gupta
Reviewed-by
not. qemu-user also gets field
`ubcfien` indicating whether qemu user has shadow stack enabled or not.
Adds ssp to migration state as well.
Signed-off-by: Deepak Gupta
Co-developed-by: Jim Shu
Co-developed-by: Andy Chiu
Reviewed-by: Richard Henderson
---
target/riscv/cpu.c| 3 +++
targe
accesses to RO memory
leads to store page fault.
To implement special nature of shadow stack memory where only selected
stores (shadow stack stores from sspush) have to be allowed while rest
of regular stores disallowed, new MMU TLB index is created for shadow
stack.
Signed-off-by: Deepak Gupta
This patch adds one more word for tcg compile which can be obtained during
unwind time to determine fault type for original operation (example AMO).
Depending on that, fault can be promoted to store/AMO fault.
Signed-off-by: Deepak Gupta
Suggested-by: Richard Henderson
Reviewed-by: Richard
Enable disassembly for sspush, sspopchk, ssrdp & ssamoswap.
Disasembly is only enabled if zimop and zicfiss ext is set to true.
Signed-off-by: Deepak Gupta
---
disas/riscv.c | 40 +++-
disas/riscv.h | 1 +
2 files changed, 40 insertions(+), 1 dele
Signed-off-by: Deepak Gupta
---
target/riscv/cpu.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/target/riscv/cpu.c b/target/riscv/cpu.c
index 2d031e3e74..8e1f05e5b1 100644
--- a/target/riscv/cpu.c
+++ b/target/riscv/cpu.c
@@ -1476,6 +1476,7 @@ const RISCVCPUMultiExtConfig
1 - 100 of 373 matches
Mail list logo
