From patchwork Mon Jul 29 17:53:03 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Deepak Gupta X-Patchwork-Id: 1966156 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=rivosinc-com.20230601.gappssmtp.com header.i=@rivosinc-com.20230601.gappssmtp.com header.a=rsa-sha256 header.s=20230601 header.b=zGySS8dd; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=nongnu.org (client-ip=209.51.188.17; helo=lists.gnu.org; envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org; receiver=patchwork.ozlabs.org) Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4WXmFq4T9Bz1yf4 for ; Tue, 30 Jul 2024 03:54:23 +1000 (AEST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1sYUYz-0004JY-MO; Mon, 29 Jul 2024 13:53:37 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sYUYy-0004Fp-Gu for qemu-devel@nongnu.org; Mon, 29 Jul 2024 13:53:36 -0400 Received: from mail-pf1-x42b.google.com ([2607:f8b0:4864:20::42b]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1sYUYv-0000G5-R8 for qemu-devel@nongnu.org; Mon, 29 Jul 2024 13:53:36 -0400 Received: by mail-pf1-x42b.google.com with SMTP id d2e1a72fcca58-70d333d5890so3420016b3a.0 for ; Mon, 29 Jul 2024 10:53:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rivosinc-com.20230601.gappssmtp.com; s=20230601; t=1722275612; x=1722880412; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=/xTvsa+ViAqHINj5oJb/iz6qO9j2BBr+FG4wAjwt7ac=; b=zGySS8ddTlZ3FcloOHLtgwzyfqhZ2fK7iXmPQjhiaM6yFWtqIH/9ETzy1nR950G1OI lUCwJSg9PVgsXjGb07MUtSKm5qRnEPg5dw5Z0xxF74DyK+gLAO+0B5z5ufDQKBBN2hQT e6cnvSft1GQnnrv0FwMQBwvTPzQdfGWkrd2va1CV0kojzI57p4aTBxwE4onWkYsbSvkP Bf2T6upWwFD0h/9Y3JD0nxolpAt5zko+exjmGsxTxrmIay39DZEzrmuwPB3TbsI3lCJW ytBvZ5v1wR9GOLVRo/o3dbPCttM/5j8FdeWe8dX7OAWUdYrfOasnKHFnq8VPkELfblIi tfBg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1722275612; x=1722880412; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=/xTvsa+ViAqHINj5oJb/iz6qO9j2BBr+FG4wAjwt7ac=; b=dx5ITHHz3OKfVlUe8na8RJYx1s4dfjXAU81jLMvCxus/uPzjE+UPG8EcNpz9o9+FVD /aHFC+3Ai678j3qyhpYLVr05EljhEjAuphSNORCmkwrfbFVn+JAgh/iMk0eceEr1hg6Z fHP8S1YX6UnbbdmakQ1N8h7j6LlwDKbdpMtmyuQHoKXSAoe16Qp6W7qjOkU5InfjVt7W sm5J71izB8+e2XLcx3Ba1oCbGH7F9pXEXp86tcGYKjiI+g6pOmdrAjWO19n3XaJMXx2e D2No5kbskPTJ69mKvDIq3doAbjhFt9R/NVu8eT9Wh9qagUScJBmDsI+jgZ0Zyios7wog x6Ag== X-Forwarded-Encrypted: i=1; AJvYcCWjSkNd1OhbZymp+NOtKwzKQVR772Zp3im8JgX8qxL5WnJJ2vUIxeP6YGt+o7JThFTXXG2L/4AyApdgzsONaqlctvnIzig= X-Gm-Message-State: AOJu0Yzu0ZKYeQMAO07FRixVY8kDrodvbsQk4HVFemZbOlsvDnWoq7Zn 9W0Bru6cpSgR3c27/3ywpn8ZM+dRYBPXoc16CXtmp4tdyOOfVv1XjolqLgqsbCo= X-Google-Smtp-Source: AGHT+IHlxDv7T7dlyFBO0GeoP4OnZ+IMFt+Tx1Grgpd8Tusa/3dtoC6YxWv/NGU93esvXdaH3HoCfg== X-Received: by 2002:a05:6a21:32a1:b0:1c2:94d5:2ee8 with SMTP id adf61e73a8af0-1c4a129e6femr11577316637.17.1722275612212; Mon, 29 Jul 2024 10:53:32 -0700 (PDT) Received: from debug.ba.rivosinc.com ([64.71.180.162]) by smtp.gmail.com with ESMTPSA id 41be03b00d2f7-7a9f7c71b15sm6303141a12.18.2024.07.29.10.53.31 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 29 Jul 2024 10:53:31 -0700 (PDT) From: Deepak Gupta To: qemu-riscv@nongnu.org, qemu-devel@nongnu.org, jim.shu@sifive.com, andy.chiu@sifive.com, jesse.huang@sifive.com, kito.cheng@sifive.com Cc: palmer@dabbelt.com, Alistair.Francis@wdc.com, laurent@vivier.eu, bmeng.cn@gmail.com, liwei1518@gmail.com, dbarboza@ventanamicro.com, zhiwei_liu@linux.alibaba.com, Deepak Gupta Subject: [PATCH v2 01/24] target/riscv: Add zicfilp extension Date: Mon, 29 Jul 2024 10:53:03 -0700 Message-ID: <20240729175327.73705-2-debug@rivosinc.com> X-Mailer: git-send-email 2.44.0 In-Reply-To: <20240729175327.73705-1-debug@rivosinc.com> References: <20240729175327.73705-1-debug@rivosinc.com> MIME-Version: 1.0 Received-SPF: pass client-ip=2607:f8b0:4864:20::42b; envelope-from=debug@rivosinc.com; helo=mail-pf1-x42b.google.com X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org zicfilp [1] riscv cpu extension enables forward control flow integrity. If enabled, all indirect calls must land on a landing pad instruction. This patch sets up space for zicfilp extension in cpuconfig. zicfilp is dependend on zicsr. [1] - https://github.com/riscv/riscv-cfi Signed-off-by: Deepak Gupta Co-developed-by: Jim Shu Co-developed-by: Andy Chiu --- target/riscv/cpu.c | 2 ++ target/riscv/cpu_cfg.h | 1 + target/riscv/tcg/tcg-cpu.c | 5 +++++ 3 files changed, 8 insertions(+) diff --git a/target/riscv/cpu.c b/target/riscv/cpu.c index 33ef4eb795..5dfb3f39ab 100644 --- a/target/riscv/cpu.c +++ b/target/riscv/cpu.c @@ -106,6 +106,7 @@ const RISCVIsaExtData isa_edata_arr[] = { ISA_EXT_DATA_ENTRY(ziccif, PRIV_VERSION_1_11_0, has_priv_1_11), ISA_EXT_DATA_ENTRY(zicclsm, PRIV_VERSION_1_11_0, has_priv_1_11), ISA_EXT_DATA_ENTRY(ziccrse, PRIV_VERSION_1_11_0, has_priv_1_11), + ISA_EXT_DATA_ENTRY(zicfilp, PRIV_VERSION_1_12_0, ext_zicfilp), ISA_EXT_DATA_ENTRY(zicond, PRIV_VERSION_1_12_0, ext_zicond), ISA_EXT_DATA_ENTRY(zicntr, PRIV_VERSION_1_12_0, ext_zicntr), ISA_EXT_DATA_ENTRY(zicsr, PRIV_VERSION_1_10_0, ext_zicsr), @@ -1472,6 +1473,7 @@ const RISCVCPUMultiExtConfig riscv_cpu_extensions[] = { /* Defaults for standard extensions */ MULTI_EXT_CFG_BOOL("sscofpmf", ext_sscofpmf, false), MULTI_EXT_CFG_BOOL("zifencei", ext_zifencei, true), + MULTI_EXT_CFG_BOOL("zicfilp", ext_zicfilp, false), MULTI_EXT_CFG_BOOL("zicsr", ext_zicsr, true), MULTI_EXT_CFG_BOOL("zihintntl", ext_zihintntl, true), MULTI_EXT_CFG_BOOL("zihintpause", ext_zihintpause, true), diff --git a/target/riscv/cpu_cfg.h b/target/riscv/cpu_cfg.h index 120905a254..88d5defbb5 100644 --- a/target/riscv/cpu_cfg.h +++ b/target/riscv/cpu_cfg.h @@ -67,6 +67,7 @@ struct RISCVCPUConfig { bool ext_zicbom; bool ext_zicbop; bool ext_zicboz; + bool ext_zicfilp; bool ext_zicond; bool ext_zihintntl; bool ext_zihintpause; diff --git a/target/riscv/tcg/tcg-cpu.c b/target/riscv/tcg/tcg-cpu.c index b8814ab753..ed19586c9d 100644 --- a/target/riscv/tcg/tcg-cpu.c +++ b/target/riscv/tcg/tcg-cpu.c @@ -623,6 +623,11 @@ void riscv_cpu_validate_set_extensions(RISCVCPU *cpu, Error **errp) cpu->pmu_avail_ctrs = 0; } + if (cpu->cfg.ext_zicfilp && !cpu->cfg.ext_zicsr) { + error_setg(errp, "zicfilp extension requires zicsr extension"); + return; + } + /* * Disable isa extensions based on priv spec after we * validated and set everything we need. From patchwork Mon Jul 29 17:53:04 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Deepak Gupta X-Patchwork-Id: 1966171 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=rivosinc-com.20230601.gappssmtp.com header.i=@rivosinc-com.20230601.gappssmtp.com header.a=rsa-sha256 header.s=20230601 header.b=B4a8QH6a; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=nongnu.org (client-ip=209.51.188.17; helo=lists.gnu.org; envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org; receiver=patchwork.ozlabs.org) Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4WXmJx0qLrz1ybX for ; Tue, 30 Jul 2024 03:57:05 +1000 (AEST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1sYUZ0-0004Nj-LI; Mon, 29 Jul 2024 13:53:38 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sYUYy-0004Gq-Td for qemu-devel@nongnu.org; Mon, 29 Jul 2024 13:53:36 -0400 Received: from mail-oa1-x2a.google.com ([2001:4860:4864:20::2a]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1sYUYw-0000GG-Q7 for qemu-devel@nongnu.org; Mon, 29 Jul 2024 13:53:36 -0400 Received: by mail-oa1-x2a.google.com with SMTP id 586e51a60fabf-260e1b5576aso2647083fac.1 for ; Mon, 29 Jul 2024 10:53:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rivosinc-com.20230601.gappssmtp.com; s=20230601; t=1722275613; x=1722880413; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=WXmmy9sQ6FdCwxmbQ1lXp5QB1YPROEJt1Bgbzc7d8Dg=; b=B4a8QH6aSuL1gkJKTX4DlDAdE8yii/vMHZOCUxJ37MPxA5tlVmvC/sz3Aoi10Q7CCt LRsmerTz/gOxaid08tV/qq/c0Aj1C+tPcHQBw/tcI1Xru5dqwpus5TPvgLDjoE65KYFF UKCmY3ImO42g5gNiG+rBMbfCXoe/dgFZP3uc7Vqd3unoKRA5H6dovnouPbFtEcJ1hpJr uof5ZuoZlOThUjVjddVAyLkJytNgbUpsTm/qr0BFR7833uMZNvZJqz8HhupjMQcgxNUF DTP3ehJibyptNdA7qpUCk0hyVSVrs3MfOH1bAdF9TBNtRjU4hjgha1yEwzrRmsw0/HWY HcLw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1722275613; x=1722880413; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=WXmmy9sQ6FdCwxmbQ1lXp5QB1YPROEJt1Bgbzc7d8Dg=; b=eh6jGY3U5fh+YtVNOgwLADugbwc921o1idd+y/TeNOKXYUnzHLXGpLFDcD2bDhDMMP 8i8ciHhVYAhCCkmwLOuwvzc8eg8ra49rYlXdARGkMT7AoxAQxfeGPj/vyFNGvakbd6Dx kyGpWWzP6bB4oZouK/6tnPLMM/13hPiGH7UujK+3x4SsocyJJAOGW0uJs0EhetjfYbGf BnVLMHrsIsLpP2vIV+YjsqpqulK8ls4UXRV5aIMusFSSULBmb4E8Aa5IyKFmEIlXgufg 6L3EwH1tqTWCy1/z1GkOYlRIPFh+Xz8lAFuNM1Ucsecn7m8SYeJIOjee7ekBSP5MnyS4 ZQBw== X-Forwarded-Encrypted: i=1; AJvYcCVrciinrKh4OKd94VfMMpvWv3rQRQwC/emn27T1Pc1P/qX+aS2YCB7FuhYc80TG7pfKinqY3VPSzqDROOjNmHrih85EtRA= X-Gm-Message-State: AOJu0Yw9P4Wl++UmyOx51vDtpjVT9UM7w74G4FMB9G7RZzg+LZpcVx0o Gyq2G0e+6S4SrHaGFfAaV4yQiGvupKVCkFh5mCLV+q/kUW3SyMc/EQKIVRfPeEA= X-Google-Smtp-Source: AGHT+IE1Io4/lZ1qRpK0MJ49aXb8/uS8MT88tJtAouDCFAC18T6hZiI27GbUQ4EjgGPUrcvH6JQPFQ== X-Received: by 2002:a05:6870:b293:b0:261:1ccd:358c with SMTP id 586e51a60fabf-267d4dcabcamr10449484fac.24.1722275613396; Mon, 29 Jul 2024 10:53:33 -0700 (PDT) Received: from debug.ba.rivosinc.com ([64.71.180.162]) by smtp.gmail.com with ESMTPSA id 41be03b00d2f7-7a9f7c71b15sm6303141a12.18.2024.07.29.10.53.32 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 29 Jul 2024 10:53:33 -0700 (PDT) From: Deepak Gupta To: qemu-riscv@nongnu.org, qemu-devel@nongnu.org, jim.shu@sifive.com, andy.chiu@sifive.com, jesse.huang@sifive.com, kito.cheng@sifive.com Cc: palmer@dabbelt.com, Alistair.Francis@wdc.com, laurent@vivier.eu, bmeng.cn@gmail.com, liwei1518@gmail.com, dbarboza@ventanamicro.com, zhiwei_liu@linux.alibaba.com, Deepak Gupta Subject: [PATCH v2 02/24] target/riscv: Introduce elp state and enabling controls for zicfilp Date: Mon, 29 Jul 2024 10:53:04 -0700 Message-ID: <20240729175327.73705-3-debug@rivosinc.com> X-Mailer: git-send-email 2.44.0 In-Reply-To: <20240729175327.73705-1-debug@rivosinc.com> References: <20240729175327.73705-1-debug@rivosinc.com> MIME-Version: 1.0 Received-SPF: pass client-ip=2001:4860:4864:20::2a; envelope-from=debug@rivosinc.com; helo=mail-oa1-x2a.google.com X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org zicfilp introduces a new state elp ("expected landing pad") in cpu. During normal execution, elp is idle (NO_LP_EXPECTED) i.e not expecting landing pad. On an indirect call, elp moves LP_EXPECTED. When elp is LP_EXPECTED, only a subsquent landing pad instruction can set state back to NO_LP_EXPECTED. On reset, elp is set to NO_LP_EXPECTED. zicfilp is enabled via bit2 in *envcfg CSRs. Enabling control for M-mode is in mseccfg CSR at bit position 10. On trap, elp state is saved away in *status. Signed-off-by: Deepak Gupta Co-developed-by: Jim Shu Co-developed-by: Andy Chiu --- target/riscv/cpu.c | 3 +++ target/riscv/cpu.h | 2 ++ target/riscv/cpu_bits.h | 12 ++++++++++++ target/riscv/csr.c | 31 +++++++++++++++++++++++++++++++ target/riscv/pmp.c | 5 +++++ target/riscv/pmp.h | 3 ++- 6 files changed, 55 insertions(+), 1 deletion(-) diff --git a/target/riscv/cpu.c b/target/riscv/cpu.c index 5dfb3f39ab..82fa85a8d6 100644 --- a/target/riscv/cpu.c +++ b/target/riscv/cpu.c @@ -994,6 +994,9 @@ static void riscv_cpu_reset_hold(Object *obj, ResetType type) /* mmte is supposed to have pm.current hardwired to 1 */ env->mmte |= (EXT_STATUS_INITIAL | MMTE_M_PM_CURRENT); + /* on reset elp is set to NO_LP_EXPECTED */ + env->elp = NO_LP_EXPECTED; + /* * Bits 10, 6, 2 and 12 of mideleg are read only 1 when the Hypervisor * extension is enabled. diff --git a/target/riscv/cpu.h b/target/riscv/cpu.h index 87742047ce..ae436a3179 100644 --- a/target/riscv/cpu.h +++ b/target/riscv/cpu.h @@ -222,6 +222,8 @@ struct CPUArchState { target_ulong jvt; + /* elp state for zicfilp extension */ + cfi_elp elp; #ifdef CONFIG_USER_ONLY uint32_t elf_flags; #endif diff --git a/target/riscv/cpu_bits.h b/target/riscv/cpu_bits.h index c257c5ed7d..127f2179dc 100644 --- a/target/riscv/cpu_bits.h +++ b/target/riscv/cpu_bits.h @@ -545,6 +545,8 @@ #define MSTATUS_TVM 0x00100000 /* since: priv-1.10 */ #define MSTATUS_TW 0x00200000 /* since: priv-1.10 */ #define MSTATUS_TSR 0x00400000 /* since: priv-1.10 */ +#define MSTATUS_SPELP 0x00800000 /* zicfilp */ +#define MSTATUS_MPELP 0x020000000000 /* zicfilp */ #define MSTATUS_GVA 0x4000000000ULL #define MSTATUS_MPV 0x8000000000ULL @@ -575,12 +577,19 @@ typedef enum { #define SSTATUS_XS 0x00018000 #define SSTATUS_SUM 0x00040000 /* since: priv-1.10 */ #define SSTATUS_MXR 0x00080000 +#define SSTATUS_SPELP MSTATUS_SPELP /* zicfilp */ #define SSTATUS64_UXL 0x0000000300000000ULL #define SSTATUS32_SD 0x80000000 #define SSTATUS64_SD 0x8000000000000000ULL +/* enum for branch tracking state in cpu/hart */ +typedef enum { + NO_LP_EXPECTED = 0, + LP_EXPECTED = 1, +} cfi_elp; + /* hstatus CSR bits */ #define HSTATUS_VSBE 0x00000020 #define HSTATUS_GVA 0x00000040 @@ -747,6 +756,7 @@ typedef enum RISCVException { /* Execution environment configuration bits */ #define MENVCFG_FIOM BIT(0) +#define MENVCFG_LPE BIT(2) /* zicfilp */ #define MENVCFG_CBIE (3UL << 4) #define MENVCFG_CBCFE BIT(6) #define MENVCFG_CBZE BIT(7) @@ -760,11 +770,13 @@ typedef enum RISCVException { #define MENVCFGH_STCE BIT(31) #define SENVCFG_FIOM MENVCFG_FIOM +#define SENVCFG_LPE MENVCFG_LPE #define SENVCFG_CBIE MENVCFG_CBIE #define SENVCFG_CBCFE MENVCFG_CBCFE #define SENVCFG_CBZE MENVCFG_CBZE #define HENVCFG_FIOM MENVCFG_FIOM +#define HENVCFG_LPE MENVCFG_LPE #define HENVCFG_CBIE MENVCFG_CBIE #define HENVCFG_CBCFE MENVCFG_CBCFE #define HENVCFG_CBZE MENVCFG_CBZE diff --git a/target/riscv/csr.c b/target/riscv/csr.c index 432c59dc66..5771a14848 100644 --- a/target/riscv/csr.c +++ b/target/riscv/csr.c @@ -1400,6 +1400,11 @@ static RISCVException write_mstatus(CPURISCVState *env, int csrno, } } + /* If cfi lp extension is available, then apply cfi lp mask */ + if (env_archcpu(env)->cfg.ext_zicfilp) { + mask |= (MSTATUS_MPELP | MSTATUS_SPELP); + } + mstatus = (mstatus & ~mask) | (val & mask); env->mstatus = mstatus; @@ -2101,6 +2106,10 @@ static RISCVException write_menvcfg(CPURISCVState *env, int csrno, mask |= (cfg->ext_svpbmt ? MENVCFG_PBMTE : 0) | (cfg->ext_sstc ? MENVCFG_STCE : 0) | (cfg->ext_svadu ? MENVCFG_ADUE : 0); + + if (env_archcpu(env)->cfg.ext_zicfilp) { + mask |= MENVCFG_LPE; + } } env->menvcfg = (env->menvcfg & ~mask) | (val & mask); @@ -2153,6 +2162,10 @@ static RISCVException write_senvcfg(CPURISCVState *env, int csrno, return ret; } + if (env_archcpu(env)->cfg.ext_zicfilp) { + mask |= SENVCFG_LPE; + } + env->senvcfg = (env->senvcfg & ~mask) | (val & mask); return RISCV_EXCP_NONE; } @@ -2190,6 +2203,10 @@ static RISCVException write_henvcfg(CPURISCVState *env, int csrno, if (riscv_cpu_mxl(env) == MXL_RV64) { mask |= env->menvcfg & (HENVCFG_PBMTE | HENVCFG_STCE | HENVCFG_ADUE); + + if (env_archcpu(env)->cfg.ext_zicfilp) { + mask |= HENVCFG_LPE; + } } env->henvcfg = (env->henvcfg & ~mask) | (val & mask); @@ -2654,6 +2671,10 @@ static RISCVException read_sstatus_i128(CPURISCVState *env, int csrno, mask |= SSTATUS64_UXL; } + if (env_archcpu(env)->cfg.ext_zicfilp) { + mask |= SSTATUS_SPELP; + } + *val = int128_make128(sstatus, add_status_sd(MXL_RV128, sstatus)); return RISCV_EXCP_NONE; } @@ -2665,6 +2686,11 @@ static RISCVException read_sstatus(CPURISCVState *env, int csrno, if (env->xl != MXL_RV32 || env->debugger) { mask |= SSTATUS64_UXL; } + + if (env_archcpu(env)->cfg.ext_zicfilp) { + mask |= SSTATUS_SPELP; + } + /* TODO: Use SXL not MXL. */ *val = add_status_sd(riscv_cpu_mxl(env), env->mstatus & mask); return RISCV_EXCP_NONE; @@ -2680,6 +2706,11 @@ static RISCVException write_sstatus(CPURISCVState *env, int csrno, mask |= SSTATUS64_UXL; } } + + if (env_archcpu(env)->cfg.ext_zicfilp) { + mask |= SSTATUS_SPELP; + } + target_ulong newval = (env->mstatus & ~mask) | (val & mask); return write_mstatus(env, CSR_MSTATUS, newval); } diff --git a/target/riscv/pmp.c b/target/riscv/pmp.c index 9eea397e72..1111d08d08 100644 --- a/target/riscv/pmp.c +++ b/target/riscv/pmp.c @@ -598,6 +598,11 @@ void mseccfg_csr_write(CPURISCVState *env, target_ulong val) val &= ~(MSECCFG_MMWP | MSECCFG_MML | MSECCFG_RLB); } + /* M-mode forward cfi to be enabled if cfi extension is implemented */ + if (env_archcpu(env)->cfg.ext_zicfilp) { + val |= (val & MSECCFG_MLPE); + } + env->mseccfg = val; } diff --git a/target/riscv/pmp.h b/target/riscv/pmp.h index f5c10ce85c..e0530a17a3 100644 --- a/target/riscv/pmp.h +++ b/target/riscv/pmp.h @@ -44,7 +44,8 @@ typedef enum { MSECCFG_MMWP = 1 << 1, MSECCFG_RLB = 1 << 2, MSECCFG_USEED = 1 << 8, - MSECCFG_SSEED = 1 << 9 + MSECCFG_SSEED = 1 << 9, + MSECCFG_MLPE = 1 << 10, } mseccfg_field_t; typedef struct { From patchwork Mon Jul 29 17:53:05 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Deepak Gupta X-Patchwork-Id: 1966174 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=rivosinc-com.20230601.gappssmtp.com header.i=@rivosinc-com.20230601.gappssmtp.com header.a=rsa-sha256 header.s=20230601 header.b=ZVxGuylk; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=nongnu.org (client-ip=209.51.188.17; helo=lists.gnu.org; envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org; receiver=patchwork.ozlabs.org) Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4WXmKH1db2z20FY for ; Tue, 30 Jul 2024 03:57:23 +1000 (AEST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1sYUZ1-0004RU-JX; Mon, 29 Jul 2024 13:53:39 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sYUZ0-0004LA-1S for qemu-devel@nongnu.org; Mon, 29 Jul 2024 13:53:38 -0400 Received: from mail-oa1-x36.google.com ([2001:4860:4864:20::36]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1sYUYy-0000Gl-1Q for qemu-devel@nongnu.org; Mon, 29 Jul 2024 13:53:37 -0400 Received: by mail-oa1-x36.google.com with SMTP id 586e51a60fabf-264988283a3so2226728fac.0 for ; Mon, 29 Jul 2024 10:53:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rivosinc-com.20230601.gappssmtp.com; s=20230601; t=1722275615; x=1722880415; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=N5/LzlqpvA6Qpq2davUTlla9GHONddj7cGNIIGXRrAY=; b=ZVxGuylkBgtb5pEinioSx8GK5h1vAGIDmQ3BjYC1qSlv66XD9IyW1gEC1T9sNyOU+t z3+9qgZDiAgC5VIyibOW6qKoh/ahX//laeTHPE6U+UDCr5d+i2ztqFwkq9scMjMsjaHX heDCrPZbusMQ7TC4R54r/z/1YibG2HrVr1UCNknVfEdw90R6azSOfZzte3IDYiHRnMFA vktPCZvyak56++gZmAaRe7GQ2mHLK49oVBTDeKXf1bt7bo8ahVqnIdpHnoaU2h2e8DUj 36GTXCR+E6sE1dP19mHn7LmPhCbos46tWbPVcpB4whe1ioFsqnyNLcucmJxQHPUt5rTb oPLw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1722275615; x=1722880415; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=N5/LzlqpvA6Qpq2davUTlla9GHONddj7cGNIIGXRrAY=; b=JKIjxQiZcdPaMt47jRLi3E02q/66vei/TmCNPM618iDj+jf7FutPrsrsfeEx0dMbje MZoQ2g/vxzSHRHN0wtLGLxy1nJgmaX1IGEYartqbUC5127LuvmlF3zksK9xjvhCPSelW AUv2UIZifR9l2OGIsLLMiho4i/buIRYj/XAXwuA/dhD2Wn7s5ttl/G+irNiPNElYVH4X tbr7gzi/ms/CWxzn8ZigdUrGVibk/CTXevnlPhIb0qDiGmBjCNTX+rZs1XFW8uIK/yq5 FxqIB2vwc9uyioo6tJyoEO56XVNvW1fvx3ESIT07v0rNSRuhSyb53sPTzN+tCbms3uv7 u6+w== X-Forwarded-Encrypted: i=1; AJvYcCVRDOWkOFXJqBWvr2DTbAa8532ORskqan9IKubu3uYvpx7LkOL5chrfsC2Sr/nbAY+WvRUkuTU5KY9SKP1maFBGBfn1LUo= X-Gm-Message-State: AOJu0Yxt+nrKbLdHSMtBWGy/4ORB39N6tyctjbw209iww8aZJsEHNtR3 lRU3J+ef4iTpCNhGb8LvAOuviaIMlKcrzaXLwXLDetWYFSem08jx4Q5X4Goc4Nw= X-Google-Smtp-Source: AGHT+IH+QgeEy6BsZk/gOD/sp/LPU/vdIv4UDP31JbaiB8OK2v14GWSuZJzYTtMv3UdYz77Rw0NMCw== X-Received: by 2002:a05:6870:350f:b0:261:1a62:a829 with SMTP id 586e51a60fabf-267d4f32d20mr9979490fac.46.1722275614669; Mon, 29 Jul 2024 10:53:34 -0700 (PDT) Received: from debug.ba.rivosinc.com ([64.71.180.162]) by smtp.gmail.com with ESMTPSA id 41be03b00d2f7-7a9f7c71b15sm6303141a12.18.2024.07.29.10.53.33 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 29 Jul 2024 10:53:34 -0700 (PDT) From: Deepak Gupta To: qemu-riscv@nongnu.org, qemu-devel@nongnu.org, jim.shu@sifive.com, andy.chiu@sifive.com, jesse.huang@sifive.com, kito.cheng@sifive.com Cc: palmer@dabbelt.com, Alistair.Francis@wdc.com, laurent@vivier.eu, bmeng.cn@gmail.com, liwei1518@gmail.com, dbarboza@ventanamicro.com, zhiwei_liu@linux.alibaba.com, Deepak Gupta Subject: [PATCH v2 03/24] target/riscv: save and restore elp state on priv transitions Date: Mon, 29 Jul 2024 10:53:05 -0700 Message-ID: <20240729175327.73705-4-debug@rivosinc.com> X-Mailer: git-send-email 2.44.0 In-Reply-To: <20240729175327.73705-1-debug@rivosinc.com> References: <20240729175327.73705-1-debug@rivosinc.com> MIME-Version: 1.0 Received-SPF: pass client-ip=2001:4860:4864:20::36; envelope-from=debug@rivosinc.com; helo=mail-oa1-x36.google.com X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org elp state is recorded in *status on trap entry (less privilege to higher privilege) and restored in elp from *status on trap exit (higher to less privilege). Additionally this patch introduces a forward cfi helper function to determine if current privilege has forward cfi is enabled or not based on *envcfg (for U, VU, S, VU, HS) or mseccfg csr (for M). For qemu-user, a new field `ufcfien` is introduced which is by default set to false and helper function returns value deposited in `ufcfien` for qemu-user. Signed-off-by: Deepak Gupta Co-developed-by: Jim Shu Co-developed-by: Andy Chiu --- target/riscv/cpu.c | 5 ++++ target/riscv/cpu.h | 2 ++ target/riscv/cpu_helper.c | 58 +++++++++++++++++++++++++++++++++++++++ target/riscv/op_helper.c | 18 ++++++++++++ 4 files changed, 83 insertions(+) diff --git a/target/riscv/cpu.c b/target/riscv/cpu.c index 82fa85a8d6..e1526c7ab5 100644 --- a/target/riscv/cpu.c +++ b/target/riscv/cpu.c @@ -1022,6 +1022,11 @@ static void riscv_cpu_reset_hold(Object *obj, ResetType type) env->load_res = -1; set_default_nan_mode(1, &env->fp_status); +#ifdef CONFIG_USER_ONLY + /* qemu-user for riscv, fcfi is off by default */ + env->ufcfien = false; +#endif + #ifndef CONFIG_USER_ONLY if (cpu->cfg.debug) { riscv_trigger_reset_hold(env); diff --git a/target/riscv/cpu.h b/target/riscv/cpu.h index ae436a3179..8c7841fc08 100644 --- a/target/riscv/cpu.h +++ b/target/riscv/cpu.h @@ -226,6 +226,7 @@ struct CPUArchState { cfi_elp elp; #ifdef CONFIG_USER_ONLY uint32_t elf_flags; + bool ufcfien; #endif #ifndef CONFIG_USER_ONLY @@ -530,6 +531,7 @@ void riscv_cpu_set_geilen(CPURISCVState *env, target_ulong geilen); bool riscv_cpu_vector_enabled(CPURISCVState *env); void riscv_cpu_set_virt_enabled(CPURISCVState *env, bool enable); int riscv_env_mmu_index(CPURISCVState *env, bool ifetch); +bool cpu_get_fcfien(CPURISCVState *env); G_NORETURN void riscv_cpu_do_unaligned_access(CPUState *cs, vaddr addr, MMUAccessType access_type, int mmu_idx, uintptr_t retaddr); diff --git a/target/riscv/cpu_helper.c b/target/riscv/cpu_helper.c index 6709622dd3..fb4b6066d3 100644 --- a/target/riscv/cpu_helper.c +++ b/target/riscv/cpu_helper.c @@ -33,6 +33,7 @@ #include "cpu_bits.h" #include "debug.h" #include "tcg/oversized-guest.h" +#include "pmp.h" int riscv_env_mmu_index(CPURISCVState *env, bool ifetch) { @@ -63,6 +64,35 @@ int riscv_env_mmu_index(CPURISCVState *env, bool ifetch) #endif } +bool cpu_get_fcfien(CPURISCVState *env) +{ +#ifdef CONFIG_USER_ONLY + return env->ufcfien; +#else + /* no cfi extension, return false */ + if (!env_archcpu(env)->cfg.ext_zicfilp) { + return false; + } + + switch (env->priv) { + case PRV_U: + if (riscv_has_ext(env, RVS)) { + return (env->senvcfg & MENVCFG_LPE) ? true : false; + } + return (env->menvcfg & MENVCFG_LPE) ? true : false; + case PRV_S: + if (env->virt_enabled) { + return (env->henvcfg & HENVCFG_LPE) ? true : false; + } + return (env->menvcfg & MENVCFG_LPE) ? true : false; + case PRV_M: + return (env->mseccfg & MSECCFG_MLPE) ? true : false; + default: + g_assert_not_reached(); + } +#endif +} + void cpu_get_tb_cpu_state(CPURISCVState *env, vaddr *pc, uint64_t *cs_base, uint32_t *pflags) { @@ -546,6 +576,15 @@ void riscv_cpu_swap_hypervisor_regs(CPURISCVState *env) } bool current_virt = env->virt_enabled; + /* + * If zicfilp extension available and henvcfg.LPE = 1, + * then apply SPELP mask on mstatus + */ + if (env_archcpu(env)->cfg.ext_zicfilp && + get_field(env->henvcfg, HENVCFG_LPE)) { + mstatus_mask |= SSTATUS_SPELP; + } + g_assert(riscv_has_ext(env, RVH)); if (current_virt) { @@ -1754,6 +1793,11 @@ void riscv_cpu_do_interrupt(CPUState *cs) if (env->priv <= PRV_S && cause < 64 && (((deleg >> cause) & 1) || s_injected || vs_injected)) { /* handle the trap in S-mode */ + /* save elp status */ + if (cpu_get_fcfien(env)) { + env->mstatus = set_field(env->mstatus, MSTATUS_SPELP, env->elp); + } + if (riscv_has_ext(env, RVH)) { uint64_t hdeleg = async ? env->hideleg : env->hedeleg; @@ -1802,6 +1846,11 @@ void riscv_cpu_do_interrupt(CPUState *cs) riscv_cpu_set_mode(env, PRV_S); } else { /* handle the trap in M-mode */ + /* save elp status */ + if (cpu_get_fcfien(env)) { + env->mstatus = set_field(env->mstatus, MSTATUS_MPELP, env->elp); + } + if (riscv_has_ext(env, RVH)) { if (env->virt_enabled) { riscv_cpu_swap_hypervisor_regs(env); @@ -1833,6 +1882,15 @@ void riscv_cpu_do_interrupt(CPUState *cs) riscv_cpu_set_mode(env, PRV_M); } + /* + * Interrupt/exception/trap delivery is asynchronous event and as per + * Zisslpcfi spec CPU should clear up the ELP state. If cfi extension is + * available, clear ELP state. + */ + + if (cpu->cfg.ext_zicfilp) { + env->elp = NO_LP_EXPECTED; + } /* * NOTE: it is not necessary to yield load reservations here. It is only * necessary for an SC from "another hart" to cause a load reservation diff --git a/target/riscv/op_helper.c b/target/riscv/op_helper.c index 2baf5bc3ca..488116cc2e 100644 --- a/target/riscv/op_helper.c +++ b/target/riscv/op_helper.c @@ -313,6 +313,15 @@ target_ulong helper_sret(CPURISCVState *env) riscv_cpu_set_mode(env, prev_priv); + /* + * If forward cfi enabled for new priv, restore elp status + * and clear spelp in mstatus + */ + if (cpu_get_fcfien(env)) { + env->elp = get_field(env->mstatus, MSTATUS_SPELP); + env->mstatus = set_field(env->mstatus, MSTATUS_SPELP, 0); + } + return retpc; } @@ -357,6 +366,15 @@ target_ulong helper_mret(CPURISCVState *env) riscv_cpu_set_virt_enabled(env, prev_virt); } + /* + * If forward cfi enabled for new priv, restore elp status + * and clear mpelp in mstatus + */ + if (cpu_get_fcfien(env)) { + env->elp = get_field(env->mstatus, MSTATUS_MPELP); + env->mstatus = set_field(env->mstatus, MSTATUS_MPELP, 0); + } + return retpc; } From patchwork Mon Jul 29 17:53:06 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Deepak Gupta X-Patchwork-Id: 1966176 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=rivosinc-com.20230601.gappssmtp.com header.i=@rivosinc-com.20230601.gappssmtp.com header.a=rsa-sha256 header.s=20230601 header.b=JKQCRykr; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=nongnu.org (client-ip=209.51.188.17; helo=lists.gnu.org; envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org; receiver=patchwork.ozlabs.org) Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4WXmKN3W0Yz1ybX for ; Tue, 30 Jul 2024 03:57:28 +1000 (AEST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1sYUZ5-0004hj-Jm; Mon, 29 Jul 2024 13:53:43 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sYUZ4-0004cs-Ax for qemu-devel@nongnu.org; Mon, 29 Jul 2024 13:53:42 -0400 Received: from mail-ot1-x332.google.com ([2607:f8b0:4864:20::332]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1sYUYz-0000H8-9J for qemu-devel@nongnu.org; Mon, 29 Jul 2024 13:53:41 -0400 Received: by mail-ot1-x332.google.com with SMTP id 46e09a7af769-7093b53f315so1209829a34.2 for ; Mon, 29 Jul 2024 10:53:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rivosinc-com.20230601.gappssmtp.com; s=20230601; t=1722275616; x=1722880416; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=7bXtglqSyDHmhS5ymxp0JdF77BUhuOGby1CsDo/HdPw=; b=JKQCRykrBn32vREMpFOLUeCDOnTOGI9MSQEYydQevIVMrDRw/ykl0Mv8GEhugQ5icX /z8NtWZk9/i97Sm2Op+wB2UNR4iBPaPvW0a1A7QUCulMWXcsMIFJaNDs2A3K+A1BBJhW g6AZqUB9UH+VT+gv5mfPxYbv9HyjKIigtgY9ObngTo/YAMTUgBfI7wwFCoI+WKmYW/Dw cMH0j+nu7X5LmALOI8xsBLshxy3ltg5s3+p1guBp2kqS/Wu7kMytU5srz1HNeEDWTAf8 uHnuxWKokMmjJoXO7vc/N7XpIVLGiewbKOzGGTW0axBTz6K8SunEZwZM6EVKP38ymTib C+5A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1722275616; x=1722880416; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=7bXtglqSyDHmhS5ymxp0JdF77BUhuOGby1CsDo/HdPw=; b=vNlub/9zZK1mI7GfM/IDhjzwnz51ce/D2VycD+DG83W6zjcWKRCQHT4fe+HC3+JNJa GGa+/ug9oNzTxF4bLkinRgcV0d63b3Mv86JTIwRcwNrotCTsJVfdQv6RzNe0Zd4sM9CW dQB5i5huL3uy5MDcjomErGKvJXjckF3E1XAUFdWQoGqWHJosyvPwuzlYGZ2xjDgww4UD tQsoOBEnJwCQ0y5GxiHpcSyDTWgY618bQc0NLmD+vifyXebRm4Blrco3eUeIlNvEm6dP FdDu9ubdoKQVxpLIKCcliRwZTLMQoMKkXVqCKlI9WE7bUPvGQVAq4CBf5IQbef7mpTlm IYJg== X-Forwarded-Encrypted: i=1; AJvYcCXHqFqCWUkEXJXClsNKXlebkWylWA6p4apwXbNDbuIdja7uwe0n4zI/pytu4N+9nPgha6CdpSgUAq+oOAoGJpJXjaggNKw= X-Gm-Message-State: AOJu0Yybx8R6vFsd12q5wPQiJFrNLbqkUDX/yqPs0H9SPqet7zdigJni sikNWdtvwlPW6RC2bhbh7vj/p8ch8fwGwGE+y9zRZWyZZRMJFIOqAF8ShsNhrH8= X-Google-Smtp-Source: AGHT+IHNb7tLEjV4/XWOQ7SxaCxoruBtsRBkmUz8yjdCMnZvEFf/Q6Uk+id3FU9OJ9tN/PJsy8UZCA== X-Received: by 2002:a05:6870:440d:b0:261:d43:3eef with SMTP id 586e51a60fabf-267d4f029d7mr10811351fac.31.1722275615844; Mon, 29 Jul 2024 10:53:35 -0700 (PDT) Received: from debug.ba.rivosinc.com ([64.71.180.162]) by smtp.gmail.com with ESMTPSA id 41be03b00d2f7-7a9f7c71b15sm6303141a12.18.2024.07.29.10.53.34 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 29 Jul 2024 10:53:35 -0700 (PDT) From: Deepak Gupta To: qemu-riscv@nongnu.org, qemu-devel@nongnu.org, jim.shu@sifive.com, andy.chiu@sifive.com, jesse.huang@sifive.com, kito.cheng@sifive.com Cc: palmer@dabbelt.com, Alistair.Francis@wdc.com, laurent@vivier.eu, bmeng.cn@gmail.com, liwei1518@gmail.com, dbarboza@ventanamicro.com, zhiwei_liu@linux.alibaba.com, Deepak Gupta Subject: [PATCH v2 04/24] target/riscv: additional code information for sw check Date: Mon, 29 Jul 2024 10:53:06 -0700 Message-ID: <20240729175327.73705-5-debug@rivosinc.com> X-Mailer: git-send-email 2.44.0 In-Reply-To: <20240729175327.73705-1-debug@rivosinc.com> References: <20240729175327.73705-1-debug@rivosinc.com> MIME-Version: 1.0 Received-SPF: pass client-ip=2607:f8b0:4864:20::332; envelope-from=debug@rivosinc.com; helo=mail-ot1-x332.google.com X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_SPF_HELO_TEMPERROR=0.01 autolearn=unavailable autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org sw check exception support was recently added. This patch further augments sw check exception by providing support for additional code which is provided in *tval. Adds `sw_check_code` field in cpuarchstate. Whenever sw check exception is raised *tval gets the value deposited in `sw_check_code`. Signed-off-by: Deepak Gupta --- target/riscv/cpu.h | 2 ++ target/riscv/cpu_helper.c | 2 ++ target/riscv/csr.c | 1 + 3 files changed, 5 insertions(+) diff --git a/target/riscv/cpu.h b/target/riscv/cpu.h index 8c7841fc08..12334f9540 100644 --- a/target/riscv/cpu.h +++ b/target/riscv/cpu.h @@ -224,6 +224,8 @@ struct CPUArchState { /* elp state for zicfilp extension */ cfi_elp elp; + /* sw check code for sw check exception */ + target_ulong sw_check_code; #ifdef CONFIG_USER_ONLY uint32_t elf_flags; bool ufcfien; diff --git a/target/riscv/cpu_helper.c b/target/riscv/cpu_helper.c index fb4b6066d3..41bc73ad60 100644 --- a/target/riscv/cpu_helper.c +++ b/target/riscv/cpu_helper.c @@ -1762,6 +1762,8 @@ void riscv_cpu_do_interrupt(CPUState *cs) cs->watchpoint_hit = NULL; } break; + case RISCV_EXCP_SW_CHECK: + tval = env->sw_check_code; default: break; } diff --git a/target/riscv/csr.c b/target/riscv/csr.c index 5771a14848..a5a969a377 100644 --- a/target/riscv/csr.c +++ b/target/riscv/csr.c @@ -1179,6 +1179,7 @@ static const uint64_t all_ints = M_MODE_INTERRUPTS | S_MODE_INTERRUPTS | (1ULL << (RISCV_EXCP_INST_PAGE_FAULT)) | \ (1ULL << (RISCV_EXCP_LOAD_PAGE_FAULT)) | \ (1ULL << (RISCV_EXCP_STORE_PAGE_FAULT)) | \ + (1ULL << (RISCV_EXCP_SW_CHECK)) | \ (1ULL << (RISCV_EXCP_INST_GUEST_PAGE_FAULT)) | \ (1ULL << (RISCV_EXCP_LOAD_GUEST_ACCESS_FAULT)) | \ (1ULL << (RISCV_EXCP_VIRT_INSTRUCTION_FAULT)) | \ From patchwork Mon Jul 29 17:53:07 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Deepak Gupta X-Patchwork-Id: 1966169 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=rivosinc-com.20230601.gappssmtp.com header.i=@rivosinc-com.20230601.gappssmtp.com header.a=rsa-sha256 header.s=20230601 header.b=kI2d+Iiv; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=nongnu.org (client-ip=209.51.188.17; helo=lists.gnu.org; envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org; receiver=patchwork.ozlabs.org) Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4WXmJr6y21z1ybX for ; Tue, 30 Jul 2024 03:57:00 +1000 (AEST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1sYUZ5-0004fb-7E; Mon, 29 Jul 2024 13:53:43 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sYUZ2-0004Wu-Pb for qemu-devel@nongnu.org; Mon, 29 Jul 2024 13:53:40 -0400 Received: from mail-il1-x134.google.com ([2607:f8b0:4864:20::134]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1sYUZ0-0000Hf-Lw for qemu-devel@nongnu.org; Mon, 29 Jul 2024 13:53:40 -0400 Received: by mail-il1-x134.google.com with SMTP id e9e14a558f8ab-396e2d21812so16535145ab.2 for ; Mon, 29 Jul 2024 10:53:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rivosinc-com.20230601.gappssmtp.com; s=20230601; t=1722275617; x=1722880417; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=m/goruj9R/Ogq//f42WS9QY23H4aITjhBZuc+jiaohE=; b=kI2d+IivfFtXbfO/UEkI3/MwTgoQ0a9mnf0gplXkY5EvZx7MqWmHgCVJzBek3oSAb5 A0YH/XNO+VfMIlqLgj7ODWNGYSNbYglzWJYv6gkf3Bcn0Lniam/bx6+I39411EkkfaqB nR+veDwzgVHfhV+gTlRoIhY/VSJN1L5qijMjXYi7/qUA9TRYqARa+JpWUtKv4rBJ1e6b LD3fVQhgtQImb5ygCg3tYb9Z4q6uP15qeh2dbLqU5ItlYqxh0sGgRLGJ5mYaW/svO26+ 1sGkSNlQjjrWY2DrTm9rcCfpwaqBEbTcXcb3BdEYdgMMAlOcD3NfF5hPP1pEZrHlWv5j AqSw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1722275617; x=1722880417; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=m/goruj9R/Ogq//f42WS9QY23H4aITjhBZuc+jiaohE=; b=gEfZWtgxYNVWuiiANoLzusYWszebvhdLZMkWeM8F2qBG2wD1ensapnLIMyRScXiYVb c8EEHSnPRqjyu2D5aQw2eDfHuWPPV+r3bpMYSSPBqca/qMeiSbJLn3QFVQV5NhlYORWj 6opj5nDXpp13609SeBKqSPHOfy0K6oy5sh2LOw2mGkc9KNfRAIjRXxpab49DgBoyMHzc PZiela4aFTjPA6nRkUtK/Q9gor6rLf+G5kIb6syuYSmL64NqMT8cdFvcBx/b+QLIqSTF QUuy3MOBCLrlK79ECsnaUi/3pbw65ydFwYPiZ+4GfJgP9pED6DH/wYzCNqvG+9Lo0MBD STDw== X-Forwarded-Encrypted: i=1; AJvYcCW0X7fYGfOS3jSPyLa2l0D6/h058X9cSAP8hgxL39E1nt9VrqW05tH1mYOIvukDtyb24LEkF/0NDcubgBbDWlDviXkNQ1w= X-Gm-Message-State: AOJu0YydQw4jR6rJG6Q1Z//fOnWrJ0M4CMRMjp8wHfjxvB1bIOhPz+2O KpdEVzAZg8h6rV2BuG6c2asuYng1E+A0fBt8Paj880622X71zGJ7ysP3sr2wTyY= X-Google-Smtp-Source: AGHT+IHTRyVTtF7TpfbiyqDKmbRUq/yE/Ny3umkdQ4sSC+A9n5T2pDk4uE1tSj2FWPSLZe9oBmew7Q== X-Received: by 2002:a05:6e02:1988:b0:383:5285:54c5 with SMTP id e9e14a558f8ab-39aec2aef5fmr103867385ab.17.1722275617199; Mon, 29 Jul 2024 10:53:37 -0700 (PDT) Received: from debug.ba.rivosinc.com ([64.71.180.162]) by smtp.gmail.com with ESMTPSA id 41be03b00d2f7-7a9f7c71b15sm6303141a12.18.2024.07.29.10.53.36 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 29 Jul 2024 10:53:36 -0700 (PDT) From: Deepak Gupta To: qemu-riscv@nongnu.org, qemu-devel@nongnu.org, jim.shu@sifive.com, andy.chiu@sifive.com, jesse.huang@sifive.com, kito.cheng@sifive.com Cc: palmer@dabbelt.com, Alistair.Francis@wdc.com, laurent@vivier.eu, bmeng.cn@gmail.com, liwei1518@gmail.com, dbarboza@ventanamicro.com, zhiwei_liu@linux.alibaba.com, Deepak Gupta Subject: [PATCH v2 05/24] target/riscv: tracking indirect branches (fcfi) for zicfilp Date: Mon, 29 Jul 2024 10:53:07 -0700 Message-ID: <20240729175327.73705-6-debug@rivosinc.com> X-Mailer: git-send-email 2.44.0 In-Reply-To: <20240729175327.73705-1-debug@rivosinc.com> References: <20240729175327.73705-1-debug@rivosinc.com> MIME-Version: 1.0 Received-SPF: pass client-ip=2607:f8b0:4864:20::134; envelope-from=debug@rivosinc.com; helo=mail-il1-x134.google.com X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org zicfilp protects forward control flow (if enabled) by enforcing all indirect call and jmp must land on a landing pad instruction `lpad`. If target of an indirect call or jmp is not `lpad` then cpu/hart must raise a sw check exception with tval = 2. This patch implements the mechanism using TCG. Target architecture branch instruction must define the end of a TB. Using this property, during translation of branch instruction, TB flag = FCFI_LP_EXPECTED can be set. Translation of target TB can check if FCFI_LP_EXPECTED flag is set and a flag (fcfi_lp_expected) can be set in DisasContext. If `lpad` gets translated, fcfi_lp_expected flag in DisasContext can be cleared. Else it'll fault. This patch also also adds flag for forward cfi in DisasContext. Signed-off-by: Deepak Gupta Co-developed-by: Jim Shu Co-developed-by: Andy Chiu --- target/riscv/cpu.h | 2 ++ target/riscv/cpu_bits.h | 3 +++ target/riscv/cpu_helper.c | 12 ++++++++++ target/riscv/translate.c | 48 +++++++++++++++++++++++++++++++++++++++ 4 files changed, 65 insertions(+) diff --git a/target/riscv/cpu.h b/target/riscv/cpu.h index 12334f9540..7fed5d2750 100644 --- a/target/riscv/cpu.h +++ b/target/riscv/cpu.h @@ -606,6 +606,8 @@ FIELD(TB_FLAGS, ITRIGGER, 22, 1) FIELD(TB_FLAGS, VIRT_ENABLED, 23, 1) FIELD(TB_FLAGS, PRIV, 24, 2) FIELD(TB_FLAGS, AXL, 26, 2) +/* zicfilp needs a TB flag to track indirect branches */ +FIELD(TB_FLAGS, FCFI_LP_EXPECTED, 28, 1) #ifdef TARGET_RISCV32 #define riscv_cpu_mxl(env) ((void)(env), MXL_RV32) diff --git a/target/riscv/cpu_bits.h b/target/riscv/cpu_bits.h index 127f2179dc..477e24feaf 100644 --- a/target/riscv/cpu_bits.h +++ b/target/riscv/cpu_bits.h @@ -691,6 +691,9 @@ typedef enum RISCVException { RISCV_EXCP_SEMIHOST = 0x3f, } RISCVException; +/* zicfilp defines lp violation results in sw check with tval = 2*/ +#define RISCV_EXCP_SW_CHECK_FCFI_TVAL 2 + #define RISCV_EXCP_INT_FLAG 0x80000000 #define RISCV_EXCP_INT_MASK 0x7fffffff diff --git a/target/riscv/cpu_helper.c b/target/riscv/cpu_helper.c index 41bc73ad60..2cb1d45467 100644 --- a/target/riscv/cpu_helper.c +++ b/target/riscv/cpu_helper.c @@ -134,6 +134,18 @@ void cpu_get_tb_cpu_state(CPURISCVState *env, vaddr *pc, flags = FIELD_DP32(flags, TB_FLAGS, VILL, 1); } + if (cpu_get_fcfien(env)) { + /* + * For Forward CFI, only the expectation of a lpcll at + * the start of the block is tracked (which can only happen + * when FCFI is enabled for the current processor mode). A jump + * or call at the end of the previous TB will have updated + * env->elp to indicate the expectation. + */ + flags = FIELD_DP32(flags, TB_FLAGS, FCFI_LP_EXPECTED, + env->elp != NO_LP_EXPECTED); + } + #ifdef CONFIG_USER_ONLY fs = EXT_STATUS_DIRTY; vs = EXT_STATUS_DIRTY; diff --git a/target/riscv/translate.c b/target/riscv/translate.c index acba90f170..c746d7df08 100644 --- a/target/riscv/translate.c +++ b/target/riscv/translate.c @@ -20,6 +20,7 @@ #include "qemu/log.h" #include "cpu.h" #include "tcg/tcg-op.h" +#include "tcg/tcg-temp-internal.h" #include "exec/exec-all.h" #include "exec/helper-proto.h" #include "exec/helper-gen.h" @@ -44,6 +45,7 @@ static TCGv load_val; /* globals for PM CSRs */ static TCGv pm_mask; static TCGv pm_base; +static TCGOp *cfi_lp_check; /* * If an operation is being performed on less than TARGET_LONG_BITS, @@ -116,6 +118,9 @@ typedef struct DisasContext { bool frm_valid; bool insn_start_updated; const GPtrArray *decoders; + /* zicfilp extension. cfi enabled or not. lp expected or not */ + bool fcfi_enabled; + bool fcfi_lp_expected; } DisasContext; static inline bool has_ext(DisasContext *ctx, uint32_t ext) @@ -1238,6 +1243,8 @@ static void riscv_tr_init_disas_context(DisasContextBase *dcbase, CPUState *cs) ctx->pm_base_enabled = FIELD_EX32(tb_flags, TB_FLAGS, PM_BASE_ENABLED); ctx->ztso = cpu->cfg.ext_ztso; ctx->itrigger = FIELD_EX32(tb_flags, TB_FLAGS, ITRIGGER); + ctx->fcfi_lp_expected = FIELD_EX32(tb_flags, TB_FLAGS, FCFI_LP_EXPECTED); + ctx->fcfi_enabled = cpu_get_fcfien(env) && ctx->fcfi_lp_expected; ctx->zero = tcg_constant_tl(0); ctx->virt_inst_excp = false; ctx->decoders = cpu->decoders; @@ -1245,6 +1252,39 @@ static void riscv_tr_init_disas_context(DisasContextBase *dcbase, CPUState *cs) static void riscv_tr_tb_start(DisasContextBase *db, CPUState *cpu) { + DisasContext *ctx = container_of(db, DisasContext, base); + + if (ctx->fcfi_lp_expected) { + /* + * Since we can't look ahead to confirm that the first + * instruction is a legal landing pad instruction, emit + * compare-and-branch sequence that will be fixed-up in + * riscv_tr_tb_stop() to either statically hit or skip an + * illegal instruction exception depending on whether the + * flag was lowered by translation of a CJLP or JLP as + * the first instruction in the block. + */ + TCGv_i32 immediate; + TCGLabel *l; + l = gen_new_label(); + immediate = tcg_temp_new_i32(); + tcg_gen_movi_i32(immediate, 0); + cfi_lp_check = tcg_last_op(); + tcg_gen_brcondi_i32(TCG_COND_EQ, immediate, 0, l); + tcg_temp_free_i32(immediate); + tcg_gen_st_tl( + tcg_constant_tl(RISCV_EXCP_SW_CHECK_FCFI_TVAL), + tcg_env, offsetof(CPURISCVState, sw_check_code)); + generate_exception(ctx, RISCV_EXCP_SW_CHECK); + gen_set_label(l); + /* + * Despite the use of gen_exception_illegal(), the rest of + * the TB needs to be generated. The TCG optimizer will + * clean things up depending on which path ends up being + * active. + */ + ctx->base.is_jmp = DISAS_NEXT; + } } static void riscv_tr_insn_start(DisasContextBase *dcbase, CPUState *cpu) @@ -1303,6 +1343,14 @@ static void riscv_tr_tb_stop(DisasContextBase *dcbase, CPUState *cpu) default: g_assert_not_reached(); } + + if (ctx->fcfi_lp_expected) { + /* + * If the "lp expected" flag is still up, the block needs to take an + * illegal instruction exception. + */ + tcg_set_insn_param(cfi_lp_check, 1, tcgv_i32_arg(tcg_constant_i32(1))); + } } static const TranslatorOps riscv_tr_ops = { From patchwork Mon Jul 29 17:53:08 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Deepak Gupta X-Patchwork-Id: 1966170 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=rivosinc-com.20230601.gappssmtp.com header.i=@rivosinc-com.20230601.gappssmtp.com header.a=rsa-sha256 header.s=20230601 header.b=SBLiSoXe; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=nongnu.org (client-ip=209.51.188.17; helo=lists.gnu.org; envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org; receiver=patchwork.ozlabs.org) Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4WXmJt663sz1ybX for ; Tue, 30 Jul 2024 03:57:02 +1000 (AEST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1sYUZ6-0004lP-LB; Mon, 29 Jul 2024 13:53:44 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sYUZ4-0004cC-5U for qemu-devel@nongnu.org; Mon, 29 Jul 2024 13:53:42 -0400 Received: from mail-pl1-x633.google.com ([2607:f8b0:4864:20::633]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1sYUZ1-0000Hx-QC for qemu-devel@nongnu.org; Mon, 29 Jul 2024 13:53:41 -0400 Received: by mail-pl1-x633.google.com with SMTP id d9443c01a7336-1fd65aaac27so20903925ad.1 for ; Mon, 29 Jul 2024 10:53:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rivosinc-com.20230601.gappssmtp.com; s=20230601; t=1722275618; x=1722880418; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=iy2RtCvQM5Izk8U1ElO9Cl5d6+0t6yQiX5e7wEg0d5I=; b=SBLiSoXeIBP05WRWdK7K8wKCZa2CgEDaHf3p0Iqqp1EUCV2yNE6Lq7X/+vaG6Lu51d yazBY7oxKTmzPD8dnw4ucJ2WvD0nOy2Ieuwh905mzZF8GKAazqwP0b82ZAb6gtThKflq katMkYKr1F0p1+vdXL9LjbjDWQhIgBmw0gaIxlp986H95x7Loq8MHw/fD4KxRZY9jUfZ VAWGo2/bhy86BpXrYkW61LGG983IKBtlkJsmqtfqY9kwDQuvGOXSLhmAzLme8fAu8+k+ Y04uIJQDOSsTBRjfLHsqj6qjBonWxXC79e89uhc0mwbZRjVayBoQvyT4YE4HPviXYLP5 R2AA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1722275618; x=1722880418; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=iy2RtCvQM5Izk8U1ElO9Cl5d6+0t6yQiX5e7wEg0d5I=; b=fHaITwFjnWOwWC6cSduJrIfK9fBr++o/xMnKcD0tb049OoD3tel37suHCrtkKW5x1x KjtbDGOEFjEI60l4z98hULncBsXBBc5ZFsZ0y4LAQeWXGEoMInc+or3IFUXGXdsNeSxS jpNG3tWJZ3jtUjmfFD260/6usIVtpu+vbOkxLLrcKrIhPXcyb4OjecLwEwXrzBNPDlOY o33EKs4Rz+xyBHU3qXmXh0tvUAGIRascZrI9hJfFvFMJjaCMOfnuruUaQc8sHD8/FguT T21SVbvqV2gA0Sf9o3w1ayzPp0l6Yfw8M8BeSZ3MK8dMvdH2ZH8r9I5K3HLoL/s5b9ny sJxQ== X-Forwarded-Encrypted: i=1; AJvYcCXucsq0VHcRnX0TkLPp29DrEzzKW0+ARMAVwVMuGE1MXugKl/+H0ssty37HcrCNSyWu/ADBwi5UYRt/N81cHvmm++uSo9s= X-Gm-Message-State: AOJu0YxsJTVZ8TL5+IteBgY8GdV3AL/MNiV6BASNcQdAqD92to119Cue gHFuQ7v5Y7ZtoKUq2B3cK0hTuKAe58QDcsY/4hZPbYIHqtD7mGdLK5FmJ1Lx+zGYsfto+PVTL0H v X-Google-Smtp-Source: AGHT+IH7x9EeIVkxkPjXDWDdDQNV1xat4qEErQtfbTIhCeLJchIODCDExsUOLjqJa81vm6QtoqcshA== X-Received: by 2002:a17:90a:ec0c:b0:2cb:5883:8fb0 with SMTP id 98e67ed59e1d1-2cf7cf7fd03mr13233126a91.14.1722275618370; Mon, 29 Jul 2024 10:53:38 -0700 (PDT) Received: from debug.ba.rivosinc.com ([64.71.180.162]) by smtp.gmail.com with ESMTPSA id 41be03b00d2f7-7a9f7c71b15sm6303141a12.18.2024.07.29.10.53.37 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 29 Jul 2024 10:53:38 -0700 (PDT) From: Deepak Gupta To: qemu-riscv@nongnu.org, qemu-devel@nongnu.org, jim.shu@sifive.com, andy.chiu@sifive.com, jesse.huang@sifive.com, kito.cheng@sifive.com Cc: palmer@dabbelt.com, Alistair.Francis@wdc.com, laurent@vivier.eu, bmeng.cn@gmail.com, liwei1518@gmail.com, dbarboza@ventanamicro.com, zhiwei_liu@linux.alibaba.com, Deepak Gupta Subject: [PATCH v2 06/24] target/riscv: zicfilp `lpad` impl and branch tracking Date: Mon, 29 Jul 2024 10:53:08 -0700 Message-ID: <20240729175327.73705-7-debug@rivosinc.com> X-Mailer: git-send-email 2.44.0 In-Reply-To: <20240729175327.73705-1-debug@rivosinc.com> References: <20240729175327.73705-1-debug@rivosinc.com> MIME-Version: 1.0 Received-SPF: pass client-ip=2607:f8b0:4864:20::633; envelope-from=debug@rivosinc.com; helo=mail-pl1-x633.google.com X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Implements setting lp expected when `jalr` is encountered and implements `lpad` instruction of zicfilp. `lpad` instruction is taken out of auipc x0, . This is an existing HINTNOP space. If `lpad` is target of an indirect branch, cpu checks for 20 bit value in x7 upper with 20 bit value embedded in `lpad`. If they don't match, cpu raises a sw check exception with tval = 2. Signed-off-by: Deepak Gupta Co-developed-by: Jim Shu Co-developed-by: Andy Chiu --- target/riscv/cpu_user.h | 1 + target/riscv/helper.h | 4 ++ target/riscv/insn32.decode | 6 ++- target/riscv/insn_trans/trans_rvi.c.inc | 51 +++++++++++++++++++++++++ target/riscv/op_helper.c | 32 ++++++++++++++++ 5 files changed, 93 insertions(+), 1 deletion(-) diff --git a/target/riscv/cpu_user.h b/target/riscv/cpu_user.h index 02afad608b..e6927ff847 100644 --- a/target/riscv/cpu_user.h +++ b/target/riscv/cpu_user.h @@ -15,5 +15,6 @@ #define xA6 16 #define xA7 17 /* syscall number for RVI ABI */ #define xT0 5 /* syscall number for RVE ABI */ +#define xT2 7 #endif diff --git a/target/riscv/helper.h b/target/riscv/helper.h index 451261ce5a..ab55bbbf73 100644 --- a/target/riscv/helper.h +++ b/target/riscv/helper.h @@ -121,6 +121,10 @@ DEF_HELPER_2(cbo_clean_flush, void, env, tl) DEF_HELPER_2(cbo_inval, void, env, tl) DEF_HELPER_2(cbo_zero, void, env, tl) +/* Forward CFI label checking */ +DEF_HELPER_2(cfi_jalr, void, env, int) +DEF_HELPER_2(cfi_check_landing_pad, void, env, int) + /* Special functions */ DEF_HELPER_2(csrr, tl, env, int) DEF_HELPER_3(csrw, void, env, int, tl) diff --git a/target/riscv/insn32.decode b/target/riscv/insn32.decode index c45b8fa1d8..c963c59c8e 100644 --- a/target/riscv/insn32.decode +++ b/target/riscv/insn32.decode @@ -40,6 +40,7 @@ %imm_z6 26:1 15:5 %imm_mop5 30:1 26:2 20:2 %imm_mop3 30:1 26:2 +%imm_cfi20 12:20 # Argument sets: &empty @@ -123,7 +124,10 @@ sfence_vm 0001000 00100 ..... 000 00000 1110011 @sfence_vm # *** RV32I Base Instruction Set *** lui .................... ..... 0110111 @u -auipc .................... ..... 0010111 @u +{ + lpad .................... 00000 0010111 %imm_cfi20 + auipc .................... ..... 0010111 @u +} jal .................... ..... 1101111 @j jalr ............ ..... 000 ..... 1100111 @i beq ....... ..... ..... 000 ..... 1100011 @b diff --git a/target/riscv/insn_trans/trans_rvi.c.inc b/target/riscv/insn_trans/trans_rvi.c.inc index 98e3806d5e..ee868c5fcb 100644 --- a/target/riscv/insn_trans/trans_rvi.c.inc +++ b/target/riscv/insn_trans/trans_rvi.c.inc @@ -36,6 +36,44 @@ static bool trans_lui(DisasContext *ctx, arg_lui *a) return true; } +static bool trans_lpad(DisasContext *ctx, arg_lpad *a) +{ + /* zicfilp only supported on 32bit and 64bit */ + if (get_xl(ctx) != MXL_RV32 && get_xl(ctx) != MXL_RV64) { + return false; + } + + /* forward cfi not enabled, return false */ + if (!ctx->fcfi_enabled) { + return false; + } + + /* + * If this is the first instruction of the TB, let the translator + * know the landing pad requirement was satisfied. No need to bother + * checking for CFI feature or enablement. + */ + + if (ctx->base.pc_next == ctx->base.pc_first) { + ctx->fcfi_lp_expected = false; + /* PC must be 4 byte aligned */ + if (ctx->fcfi_enabled && ((ctx->base.pc_next) & 0x3)) { + /* + * misaligned, according to spec we should raise sw check exception + */ + tcg_gen_st_tl( + tcg_constant_tl(RISCV_EXCP_SW_CHECK_FCFI_TVAL), + tcg_env, offsetof(CPURISCVState, sw_check_code)); + generate_exception(ctx, RISCV_EXCP_SW_CHECK); + return true; + } + } + + /* use helper to do label check */ + gen_helper_cfi_check_landing_pad(tcg_env, tcg_constant_i32(a->imm_cfi20)); + return true; +} + static bool trans_auipc(DisasContext *ctx, arg_auipc *a) { TCGv target_pc = dest_gpr(ctx, a->rd); @@ -75,6 +113,19 @@ static bool trans_jalr(DisasContext *ctx, arg_jalr *a) gen_set_gpr(ctx, a->rd, succ_pc); tcg_gen_mov_tl(cpu_pc, target_pc); + if (ctx->cfg_ptr->ext_zicfilp) { + /* + * Rely on a helper to check the forward CFI enable for the + * current process mode. The alternatives would be (1) include + * "fcfi enabled" in the cflags or (2) maintain a "fcfi + * currently enabled" in tcg_env and emit TCG code to access + * and test it. + */ + if (a->rs1 != xRA && a->rs1 != xT0 && a->rs1 != xT2) { + gen_helper_cfi_jalr(tcg_env, tcg_constant_i32(LP_EXPECTED)); + } + } + lookup_and_goto_ptr(ctx); if (misaligned) { diff --git a/target/riscv/op_helper.c b/target/riscv/op_helper.c index 488116cc2e..2d152f0a00 100644 --- a/target/riscv/op_helper.c +++ b/target/riscv/op_helper.c @@ -259,6 +259,38 @@ void helper_cbo_inval(CPURISCVState *env, target_ulong address) /* We don't emulate the cache-hierarchy, so we're done. */ } +void helper_cfi_jalr(CPURISCVState *env, int elp) +{ + /* + * The translation routine doesn't know if forward CFI is enabled + * in the current processor mode or not. It's not worth burning a + * cflags bit to encode this, or tracking the current-mode-fcfi + * enable in a dedicated member of 'env'. Just come out to a helper + * for jump/call on a core with CFI. + */ + if (cpu_get_fcfien(env)) { + env->elp = elp; + } +} + +void helper_cfi_check_landing_pad(CPURISCVState *env, int lbl) +{ + if ((env->elp == LP_EXPECTED) && cpu_get_fcfien(env)) { + /* + * Check for the 20bit label match. We already checked 4 byte + * alignment in tcg + * High 20bits (b31:12) in x7/t2 hold label. We need drop bits + * greater than 31 and then shift 12 right + */ + if (lbl && (lbl != ((env->gpr[xT2] & 0xFFFFFFFF) >> 12))) { + env->sw_check_code = RISCV_EXCP_SW_CHECK_FCFI_TVAL; + riscv_raise_exception(env, RISCV_EXCP_SW_CHECK, GETPC()); + } + + env->elp = NO_LP_EXPECTED; + } +} + #ifndef CONFIG_USER_ONLY target_ulong helper_sret(CPURISCVState *env) From patchwork Mon Jul 29 17:53:09 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Deepak Gupta X-Patchwork-Id: 1966162 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=rivosinc-com.20230601.gappssmtp.com header.i=@rivosinc-com.20230601.gappssmtp.com header.a=rsa-sha256 header.s=20230601 header.b=Ha8enruy; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=nongnu.org (client-ip=209.51.188.17; helo=lists.gnu.org; envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org; receiver=patchwork.ozlabs.org) Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4WXmGm6ZtGz1ybX for ; Tue, 30 Jul 2024 03:55:12 +1000 (AEST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1sYUZ7-0004p4-4V; Mon, 29 Jul 2024 13:53:45 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sYUZ4-0004f2-Qp for qemu-devel@nongnu.org; Mon, 29 Jul 2024 13:53:42 -0400 Received: from mail-oa1-x33.google.com ([2001:4860:4864:20::33]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1sYUZ2-0000IF-VB for qemu-devel@nongnu.org; Mon, 29 Jul 2024 13:53:42 -0400 Received: by mail-oa1-x33.google.com with SMTP id 586e51a60fabf-260e12aac26so2671839fac.0 for ; Mon, 29 Jul 2024 10:53:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rivosinc-com.20230601.gappssmtp.com; s=20230601; t=1722275620; x=1722880420; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=/UP7ynvstNXIegRQLD30QchsVizfwdQm7R8eXCoJJ2Q=; b=Ha8enruyRD2s9ot9p9FgQ/pZOCc3vQVdKU+eTf9uG5xuKRMKsgGxAcsB2RvguQjIQf 9wnz1H5zdFGONwB9TeQ0WRf6wh7cs4rSWBUYwoDNcUE5sYteR/dqQHeNS4cDyUkFtNzI sb5yzjLj73zpjOgytTULZSKkE5FeGnVKYNeXcKpMsiCkghpdgvXplA6VW+RZrUVOMAbs otfHlCl1YaBLBlWkuw377l9LyCLTMeWDfh90K8KmmPsfxienMhHrApZN9MDon9Y/OnNg pkRJDltjifCAYDpqYWVVQJaMgORLbcEXoY+Z3lrVLnIGlZMmc33X3beJM7jE6NeVpipc cI7g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1722275620; x=1722880420; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=/UP7ynvstNXIegRQLD30QchsVizfwdQm7R8eXCoJJ2Q=; b=G+2/hbFQ1DUvGQ9987piPit/QUN3v4hhjocYwDstrOahjRxUVQo4vADWvhzMGUoIEa +1MN1wAjFEhqKJM7eRKmcdhRyjDzXa7AKp+oTAJKqn2vl39B7bu/N+/VCI/PO1BUjZ7O e9TUrbqptc1vRP1q/naL/8iR6YaoGZyGtYyBDoGlnBDJaKRsUy6qgWAaJ+L44+6Wi7r9 6Gc3Zh72uYtUdeZy2PFOtqsEJop1txu8/ewAPt6b5qs1Ru5veWOLJQ/vcq8yDhPvI15l Riz6tvWhc2e9Yxb8ltEt2Z9/veUaCIH/TsCoRrh12kTuO/E5casFCWzXT3/kmubUogNB rO/w== X-Forwarded-Encrypted: i=1; AJvYcCVPogYYZsKmARXOLxDSF4P8M2fOSv4i3eYRULCXTIkqBQNv5lsqOTES1enpZMZaeEQaI2MNBRjFcllsvNqu2mEsism3CCE= X-Gm-Message-State: AOJu0Yw3AzAzcrpPsy4KOEe9QkCRze3d5BhBxuBF+4XGrHh0yTAbbvZO ao0cp4aarkHrmlSq+8wiym1UxXdt/491UXqlJmo+sAzbc/uE04j09i0qd5mYZpE= X-Google-Smtp-Source: AGHT+IH5QXMZpj5rH9qFf3o8t2zqu+ALESagt5cTQaGeCScJ3CikflaMotg1/4u9guuzIx5lWXTLJQ== X-Received: by 2002:a05:6870:80cd:b0:261:1267:fe8a with SMTP id 586e51a60fabf-267d4d1668cmr10039768fac.5.1722275619610; Mon, 29 Jul 2024 10:53:39 -0700 (PDT) Received: from debug.ba.rivosinc.com ([64.71.180.162]) by smtp.gmail.com with ESMTPSA id 41be03b00d2f7-7a9f7c71b15sm6303141a12.18.2024.07.29.10.53.38 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 29 Jul 2024 10:53:39 -0700 (PDT) From: Deepak Gupta To: qemu-riscv@nongnu.org, qemu-devel@nongnu.org, jim.shu@sifive.com, andy.chiu@sifive.com, jesse.huang@sifive.com, kito.cheng@sifive.com Cc: palmer@dabbelt.com, Alistair.Francis@wdc.com, laurent@vivier.eu, bmeng.cn@gmail.com, liwei1518@gmail.com, dbarboza@ventanamicro.com, zhiwei_liu@linux.alibaba.com, Deepak Gupta Subject: [PATCH v2 07/24] disas/riscv: enabled `lpad` disassembly Date: Mon, 29 Jul 2024 10:53:09 -0700 Message-ID: <20240729175327.73705-8-debug@rivosinc.com> X-Mailer: git-send-email 2.44.0 In-Reply-To: <20240729175327.73705-1-debug@rivosinc.com> References: <20240729175327.73705-1-debug@rivosinc.com> MIME-Version: 1.0 Received-SPF: pass client-ip=2001:4860:4864:20::33; envelope-from=debug@rivosinc.com; helo=mail-oa1-x33.google.com X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Signed-off-by: Deepak Gupta Co-developed-by: Jim Shu Co-developed-by: Andy Chiu --- disas/riscv.c | 18 +++++++++++++++++- disas/riscv.h | 2 ++ 2 files changed, 19 insertions(+), 1 deletion(-) diff --git a/disas/riscv.c b/disas/riscv.c index c8364c2b07..c7c92acef7 100644 --- a/disas/riscv.c +++ b/disas/riscv.c @@ -974,6 +974,7 @@ typedef enum { rv_op_amomaxu_h = 943, rv_op_amocas_b = 944, rv_op_amocas_h = 945, + rv_op_lpad = 946, } rv_op; /* register names */ @@ -2232,6 +2233,7 @@ const rv_opcode_data rvi_opcode_data[] = { { "amomaxu.h", rv_codec_r_a, rv_fmt_aqrl_rd_rs2_rs1, NULL, 0, 0, 0 }, { "amocas.b", rv_codec_r_a, rv_fmt_aqrl_rd_rs2_rs1, NULL, 0, 0, 0 }, { "amocas.h", rv_codec_r_a, rv_fmt_aqrl_rd_rs2_rs1, NULL, 0, 0, 0 }, + { "lpad", rv_codec_lp, rv_fmt_imm, NULL, 0, 0, 0 }, }; /* CSR names */ @@ -2925,7 +2927,13 @@ static void decode_inst_opcode(rv_decode *dec, rv_isa isa) case 7: op = rv_op_andi; break; } break; - case 5: op = rv_op_auipc; break; + case 5: + op = rv_op_auipc; + if (dec->cfg->ext_zicfilp && + (((inst >> 7) & 0b11111) == 0b00000)) { + op = rv_op_lpad; + } + break; case 6: switch ((inst >> 12) & 0b111) { case 0: op = rv_op_addiw; break; @@ -4482,6 +4490,11 @@ static uint32_t operand_tbl_index(rv_inst inst) return ((inst << 54) >> 56); } +static uint32_t operand_lpl(rv_inst inst) +{ + return inst >> 12; +} + /* decode operands */ static void decode_inst_operands(rv_decode *dec, rv_isa isa) @@ -4869,6 +4882,9 @@ static void decode_inst_operands(rv_decode *dec, rv_isa isa) dec->imm = sextract32(operand_rs2(inst), 0, 5); dec->imm1 = operand_imm2(inst); break; + case rv_codec_lp: + dec->imm = operand_lpl(inst); + break; }; } diff --git a/disas/riscv.h b/disas/riscv.h index 16a08e4895..1182457aff 100644 --- a/disas/riscv.h +++ b/disas/riscv.h @@ -166,6 +166,7 @@ typedef enum { rv_codec_r2_immhl, rv_codec_r2_imm2_imm5, rv_codec_fli, + rv_codec_lp, } rv_codec; /* structures */ @@ -228,6 +229,7 @@ enum { #define rv_fmt_rs1_rs2 "O\t1,2" #define rv_fmt_rd_imm "O\t0,i" #define rv_fmt_rd_uimm "O\t0,Ui" +#define rv_fmt_imm "O\ti" #define rv_fmt_rd_offset "O\t0,o" #define rv_fmt_rd_uoffset "O\t0,Uo" #define rv_fmt_rd_rs1_rs2 "O\t0,1,2" From patchwork Mon Jul 29 17:53:10 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Deepak Gupta X-Patchwork-Id: 1966168 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=rivosinc-com.20230601.gappssmtp.com header.i=@rivosinc-com.20230601.gappssmtp.com header.a=rsa-sha256 header.s=20230601 header.b=PcHl/Sdy; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=nongnu.org (client-ip=209.51.188.17; helo=lists.gnu.org; envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org; receiver=patchwork.ozlabs.org) Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4WXmJp1rdmz1ybX for ; Tue, 30 Jul 2024 03:56:58 +1000 (AEST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1sYUZA-0004yY-4l; Mon, 29 Jul 2024 13:53:48 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sYUZ6-0004ka-5B for qemu-devel@nongnu.org; Mon, 29 Jul 2024 13:53:44 -0400 Received: from mail-oi1-x22b.google.com ([2607:f8b0:4864:20::22b]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1sYUZ4-0000In-Ef for qemu-devel@nongnu.org; Mon, 29 Jul 2024 13:53:43 -0400 Received: by mail-oi1-x22b.google.com with SMTP id 5614622812f47-3db23a60850so1795586b6e.0 for ; Mon, 29 Jul 2024 10:53:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rivosinc-com.20230601.gappssmtp.com; s=20230601; t=1722275621; x=1722880421; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=k622JqYymJR6YovQS6GBPxe8YFj6SVEYXb2hrEdnpy0=; b=PcHl/SdyHHXaw2e1U08YzmaRofzCKpd7C2YIx+a2+6ux2t2xtqCznIhvfy6VvCGY5s YIqWUf7uxewlYmSBUGeCj9pFFXppN4a3joCxPIqknD635iMvdok3OJHi3VBEe2eJxegj ymLHu5194QGHAORsOIPvv4puCr7ZlNShtJuvaZGMI2UB3n08rgJSl/IpFzxkC6i3TsQO dKVwUU6yvNtgm4BV7eEoYeOjYYD+oKDhRP6WRANMCU85TNznrVFjakloFEx1QOwP5Dj3 +SmLTOUw3MFk4Q50d4qqN7CEkYqLzk6iqKrHVbzCN3wB37dxcw2DV1sXZeO6i7WwKDc0 h6wg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1722275621; x=1722880421; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=k622JqYymJR6YovQS6GBPxe8YFj6SVEYXb2hrEdnpy0=; b=iXsIBZvpNwM026hEN1/6zBRj7PpygoTG1W1kgK20S731EC4rjLAK5fgiQ+KCdKYbS4 oqhUB3VmrobfZXS2E4qGVkONfRCNsWhvKt1v0Hl5GN6eYNmFq/Mj3JpExzP/+cnEfZ3L Xi37QGIj8Bv+g4bLLanX9cLNZJAWWfh/hAeTVHFS31cw9T9gjJ6QFkNQlCuXXuSxtDVG e+W7PvtKB0Xc4mI/0bWhfkO+Bj8m65zGgR/JLODQ9S9jvkeAnOSw7NYy/bujVIgomP1Y Zoqc+UFh+Tht6jGk+AXjQ4u2QvDRutI/puzc/Sc1qgBkjG7kjVr2377Q5RCM3ODkNKQH jEfg== X-Forwarded-Encrypted: i=1; AJvYcCXTtZgXilZyMaQjdZxY1tocHOmws321NyWnBHKEUxsPirvkhnwHwla40/a0JWT2scUWtWg4rqYcGhZVtNzPkAe8txwJ5UE= X-Gm-Message-State: AOJu0YzYyMHpqOeSUW1iTZbGh8oMkVg2s7LMPldFGYL6Ej/uaudzqonp 9viUKRzlF4TlPNFPHmvZG2oM8qKEC5RgUu0KBkaIaVVvpTZDHpt5OAGwPBFlPaI= X-Google-Smtp-Source: AGHT+IE1F+bQDJgORGgRNbJkhWRWXDWdWbmiWUMWkwXtaLvT4jnkfLGc/EHvvji+PRkNnzm5zxGmrA== X-Received: by 2002:a05:6808:219b:b0:3d9:24f8:7dd2 with SMTP id 5614622812f47-3db23a5a064mr11468658b6e.6.1722275620770; Mon, 29 Jul 2024 10:53:40 -0700 (PDT) Received: from debug.ba.rivosinc.com ([64.71.180.162]) by smtp.gmail.com with ESMTPSA id 41be03b00d2f7-7a9f7c71b15sm6303141a12.18.2024.07.29.10.53.39 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 29 Jul 2024 10:53:40 -0700 (PDT) From: Deepak Gupta To: qemu-riscv@nongnu.org, qemu-devel@nongnu.org, jim.shu@sifive.com, andy.chiu@sifive.com, jesse.huang@sifive.com, kito.cheng@sifive.com Cc: palmer@dabbelt.com, Alistair.Francis@wdc.com, laurent@vivier.eu, bmeng.cn@gmail.com, liwei1518@gmail.com, dbarboza@ventanamicro.com, zhiwei_liu@linux.alibaba.com, Deepak Gupta Subject: [PATCH v2 08/24] linux-user/syscall: introduce prctl for indirect branch tracking Date: Mon, 29 Jul 2024 10:53:10 -0700 Message-ID: <20240729175327.73705-9-debug@rivosinc.com> X-Mailer: git-send-email 2.44.0 In-Reply-To: <20240729175327.73705-1-debug@rivosinc.com> References: <20240729175327.73705-1-debug@rivosinc.com> MIME-Version: 1.0 Received-SPF: pass client-ip=2607:f8b0:4864:20::22b; envelope-from=debug@rivosinc.com; helo=mail-oi1-x22b.google.com X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=unavailable autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Each application enables indirect branch tracking (forward cfi) for itself via prctl. Adding branch tracking prctl in linux-user/syscall. Using same prctl code as proposed in cfi patches in kernel mailing list [1] [1] - https://lore.kernel.org/all/20240403234054.2020347-1-debug@rivosinc.com/ Signed-off-by: Deepak Gupta Co-developed-by: Jim Shu Co-developed-by: Andy Chiu Co-developed-by: Jesse Huang --- linux-user/syscall.c | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/linux-user/syscall.c b/linux-user/syscall.c index b8c278b91d..ec157c1088 100644 --- a/linux-user/syscall.c +++ b/linux-user/syscall.c @@ -6295,6 +6295,17 @@ abi_long do_arch_prctl(CPUX86State *env, int code, abi_ulong addr) # define PR_SME_VL_INHERIT (1 << 17) #endif +#ifndef PR_GET_INDIR_BR_LP_STATUS +# define PR_GET_INDIR_BR_LP_STATUS 74 +#endif +#ifndef PR_SET_INDIR_BR_LP_STATUS +# define PR_SET_INDIR_BR_LP_STATUS 75 +# define PR_INDIR_BR_LP_ENABLE (1UL << 0) +#endif +#ifndef PR_LOCK_INDIR_BR_LP_STATUS +# define PR_LOCK_INDIR_BR_LP_STATUS 76 +#endif + #include "target_prctl.h" static abi_long do_prctl_inval0(CPUArchState *env) @@ -6477,6 +6488,14 @@ static abi_long do_prctl(CPUArchState *env, abi_long option, abi_long arg2, case PR_SET_TSC: /* Disable to prevent the target disabling stuff we need. */ return -TARGET_EINVAL; + case PR_GET_INDIR_BR_LP_STATUS: + case PR_SET_INDIR_BR_LP_STATUS: + case PR_LOCK_INDIR_BR_LP_STATUS: +#ifndef do_prctl_cfi + return do_prctl_inval1(env, arg2); +#else + return do_prctl_cfi(env, option, arg2); +#endif default: qemu_log_mask(LOG_UNIMP, "Unsupported prctl: " TARGET_ABI_FMT_ld "\n", From patchwork Mon Jul 29 17:53:11 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Deepak Gupta X-Patchwork-Id: 1966158 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=rivosinc-com.20230601.gappssmtp.com header.i=@rivosinc-com.20230601.gappssmtp.com header.a=rsa-sha256 header.s=20230601 header.b=Yg+vus3g; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=nongnu.org (client-ip=209.51.188.17; helo=lists.gnu.org; envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org; receiver=patchwork.ozlabs.org) Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4WXmFw5l79z20FY for ; Tue, 30 Jul 2024 03:54:28 +1000 (AEST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1sYUZ9-0004y0-8h; Mon, 29 Jul 2024 13:53:47 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sYUZ6-0004nN-Pt for qemu-devel@nongnu.org; Mon, 29 Jul 2024 13:53:44 -0400 Received: from mail-oa1-x2e.google.com ([2001:4860:4864:20::2e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1sYUZ5-0000JT-5Y for qemu-devel@nongnu.org; Mon, 29 Jul 2024 13:53:44 -0400 Received: by mail-oa1-x2e.google.com with SMTP id 586e51a60fabf-264a12e05b9so2430360fac.1 for ; Mon, 29 Jul 2024 10:53:42 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rivosinc-com.20230601.gappssmtp.com; s=20230601; t=1722275622; x=1722880422; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=hFgFtJisZmDduK/TVKWagBehgT0Nl+9kjWGTzeVvu0Q=; b=Yg+vus3gX9zFZwcQ4McID+YPWmPxsdvOkUva1jvMSIRa9wBq73SJcZk/DNQvR4SIdI SQsBsKM2f0o+rcMOx9jRssX8PrXlh1/GK/t9blKF787iUTaZMx2R/Tk9boxvV16GBwK2 q3Ye9aaF5mcrZqEdcTnvLiLhM/qWVvfO75Nf0a+T9Buzim5xaxJGMwApGJ3ofx5iZWbi CR8fJuG491OlyyNG7R9cCqQKq/BmuKwWnbMHA16qOF0ujPtG4Rod31oVgW+wYLDXRE5y YE8lMFhx4nq8VTs7jhqcDFsMahpkiDM/C7RLlsAWnWVjYHWf/c2u9l0t0+EASKuI7Ry8 Yjiw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1722275622; x=1722880422; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=hFgFtJisZmDduK/TVKWagBehgT0Nl+9kjWGTzeVvu0Q=; b=SNeM3FQ87pG+psQmopn02lXexQ7Ifot/0B/GBkc6bUqLIRWMtFrDSTmuMXrVmB+dAZ Fskrft8Ant1nuWaoDlPiT6xd9otC7jnc7BJCflXHr0ZzzwrrIfloo9Nxulg8KK5Pqkko bCz2GEHbh1/LGfu1kyDqzsKygfmwh11oI9FhDs4MErcXiXx2hTdx6MSd03Kgt3hOGIlc 7tIjARosQKiDaIcshOin37DggwAlUDVDV2uwZvi3EIVXZDuPMgRurVkxVKil9RkdKDRK mIm2T0yL1I2lUri6hrSQHgkiomJV78YhnYIl1EWClfra7t2xzedT+MXgZDhcBzrhbUwb EfjQ== X-Forwarded-Encrypted: i=1; AJvYcCUf125zCcCyLZUGkL64cYhSG8kFmLkab2C75NlOWPlYjrVXQ+pl3r2eYsOULGUZ+3qET8N78m2XqIa2B5tKpb3PE0jModE= X-Gm-Message-State: AOJu0YxbJ46ESJCNTk8rtpOcksY9DO5Zf7HUrvA8S2jIzLn2ig12iWnH n5tCgcYUq1fol32GiFdpC+wyi1TznPNglEbpqCEh0OoLqaAep+2Kq5Zk08PEtm4= X-Google-Smtp-Source: AGHT+IEEHsp/lmXmSHHovi1+fg0xRgYEy80myLMapMQmqibrBOgTbC812oSZx7NLC3nkkIiroz4yMA== X-Received: by 2002:a05:6870:519:b0:25a:eca3:6b5e with SMTP id 586e51a60fabf-267d4cdd92emr10312659fac.9.1722275621922; Mon, 29 Jul 2024 10:53:41 -0700 (PDT) Received: from debug.ba.rivosinc.com ([64.71.180.162]) by smtp.gmail.com with ESMTPSA id 41be03b00d2f7-7a9f7c71b15sm6303141a12.18.2024.07.29.10.53.40 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 29 Jul 2024 10:53:41 -0700 (PDT) From: Deepak Gupta To: qemu-riscv@nongnu.org, qemu-devel@nongnu.org, jim.shu@sifive.com, andy.chiu@sifive.com, jesse.huang@sifive.com, kito.cheng@sifive.com Cc: palmer@dabbelt.com, Alistair.Francis@wdc.com, laurent@vivier.eu, bmeng.cn@gmail.com, liwei1518@gmail.com, dbarboza@ventanamicro.com, zhiwei_liu@linux.alibaba.com, Deepak Gupta Subject: [PATCH v2 09/24] linux-user/riscv: implement indirect branch tracking prctls Date: Mon, 29 Jul 2024 10:53:11 -0700 Message-ID: <20240729175327.73705-10-debug@rivosinc.com> X-Mailer: git-send-email 2.44.0 In-Reply-To: <20240729175327.73705-1-debug@rivosinc.com> References: <20240729175327.73705-1-debug@rivosinc.com> MIME-Version: 1.0 Received-SPF: pass client-ip=2001:4860:4864:20::2e; envelope-from=debug@rivosinc.com; helo=mail-oa1-x2e.google.com X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Implements indirect branch tracking prctls for riscv. Setting and clearing branch tracking prctl simply turns on/off `ufcfien` field in `env`. tb flush is needed because branch tracking itself leverages tb creation logic. locking branch tracking (forward cfi) is not implemented yet (no need yet) but added for completeness (kernel patches have this prctl) Signed-off-by: Deepak Gupta Co-developed-by: Jesse Huang Co-developed-by: Jim Shu Co-developed-by: Andy Chiu --- linux-user/riscv/target_prctl.h | 43 +++++++++++++++++++++++++++++++++ 1 file changed, 43 insertions(+) diff --git a/linux-user/riscv/target_prctl.h b/linux-user/riscv/target_prctl.h index eb53b31ad5..d7f9f954c9 100644 --- a/linux-user/riscv/target_prctl.h +++ b/linux-user/riscv/target_prctl.h @@ -1 +1,44 @@ /* No special prctl support required. */ +#ifndef RISCV_TARGET_PRCTL_H +#define RISCV_TARGET_PRCTL_H + +/* + * -TARGET_EINVAL: Unsupported/Invalid flag for this architecture + * -TARGET_EACCES: try to set an already set CFI feature + * -TARGET_ENOENT: CFI feature is not supported by CPU + */ +static abi_long do_prctl_cfi(CPUArchState *env, + abi_long option, abi_long flag) +{ + if (env_archcpu(env)->cfg.ext_zicfilp) { + + switch (option) { + case PR_GET_INDIR_BR_LP_STATUS: + abi_ulong fcfi_status = 0; + /* indirect branch tracking is enabled on the task or not */ + fcfi_status |= (env->ufcfien ? PR_INDIR_BR_LP_ENABLE : 0); + return copy_to_user(flag, &fcfi_status, sizeof(fcfi_status)) ? \ + -EFAULT : 0; + + case PR_SET_INDIR_BR_LP_STATUS: + /* if any other bit is set, its invalid param */ + if (flag & ~PR_INDIR_BR_LP_ENABLE) { + return -TARGET_EINVAL; + } + /* set or clear branch tracking */ + env->ufcfien = (flag & PR_INDIR_BR_LP_ENABLE); + tb_flush(env_cpu(env)); + return 0; + + /* locking not implemented (also not needed for qemu-user) yet */ + case PR_LOCK_INDIR_BR_LP_STATUS: + return -TARGET_EINVAL; + } + } + + return -TARGET_ENOENT; +} + +#define do_prctl_cfi do_prctl_cfi + +#endif From patchwork Mon Jul 29 17:53:12 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Deepak Gupta X-Patchwork-Id: 1966172 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=rivosinc-com.20230601.gappssmtp.com header.i=@rivosinc-com.20230601.gappssmtp.com header.a=rsa-sha256 header.s=20230601 header.b=2b8JG20b; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=nongnu.org (client-ip=209.51.188.17; helo=lists.gnu.org; envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org; receiver=patchwork.ozlabs.org) Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4WXmK44V74z1ybX for ; Tue, 30 Jul 2024 03:57:12 +1000 (AEST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1sYUZL-0005kh-C7; Mon, 29 Jul 2024 13:53:59 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sYUZ8-0004uG-Bf for qemu-devel@nongnu.org; Mon, 29 Jul 2024 13:53:46 -0400 Received: from mail-ot1-x32e.google.com ([2607:f8b0:4864:20::32e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1sYUZ6-0000KD-Hl for qemu-devel@nongnu.org; Mon, 29 Jul 2024 13:53:46 -0400 Received: by mail-ot1-x32e.google.com with SMTP id 46e09a7af769-70944dc8dc6so1531007a34.3 for ; Mon, 29 Jul 2024 10:53:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rivosinc-com.20230601.gappssmtp.com; s=20230601; t=1722275623; x=1722880423; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=XpTED6uOZV4AODyPSsvTHdTqj2NIb+fx5aC8tDZo5rs=; b=2b8JG20bh/bpPFazQeBnBAsjWLZ7+t5zsx9Lq+NBMukoOyFNhzOPPpEBJtb1Do4QSZ Yb+zb6NrKPs/o2eq95oSc1N9V20ApHvAlCYHzc6l6/9BZLKccG35UJPauOeeqBJbpU6q /1MuYl+wsxnGhwX7oLYCOJZlbgZN1oJ7wT1Aj8UaoFaDF/r3CUOKRb7kofevJxATRCWA bD57dNdLfSPnBGu3Rcz9oYT9UBUnKn8vWZnin2UKnnG1UY59+VZpcd0Dc4KrQFs0ujUU pyl/w4ni81lNIT+ozJgZI3cwAOJTfT46qrgoKG29YkL2DaO6YmpkS9jx1ddGmeq+9hrB sEWQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1722275623; x=1722880423; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=XpTED6uOZV4AODyPSsvTHdTqj2NIb+fx5aC8tDZo5rs=; b=O60VLgYopb/46DlRLn8OudpFBJnCzkw/9vR6gVyyRo6AH/7HpIGQp+mF973NysAq1x KQ2Ixa+IQaL71oCbLBMG6GybaF2wdWaPCiA5YkpPoNOIN5O6P54ynjSJlnTnUUUu3VSp mFE8s+DzMThXTx/z46UTBcsucePGxcOzCfmi7z9zHXwPw2qHrsUsyH/vjQv4apc7syJX YsoPVN4aXlAQEtoR1188Ilc01kFsW4qUeqai0j6pjig6P+ObSYpkF9am9tR+bIuK68q8 Cn710cXV1XJcrgYl/BjShNS8p3GoHscCpUOlGyjyJbMrSq+JEx0P4Qv7P678OpTWlG/I mJNw== X-Forwarded-Encrypted: i=1; AJvYcCWsVRmADBznsdQbM1SxYKa8/albv4sMpGtI9pUh4fG4TVAlfoYALf2emqOmz4yVByBkcp3RcJT9DIKVW+8GSvSbRIDavbc= X-Gm-Message-State: AOJu0YzxUHQDF3ZRi0sDdewg/pHYAXmn8LdO1Dx3zi6sHdVcW/fXYy9i tVGfVh7kJYZgGkaC+kMnS1LL4zDwLvuQ06KCqVdfzKBRFyB+UcpVnoO3RJcnVMs= X-Google-Smtp-Source: AGHT+IEaAKiIpw2xAP6k1znIUKS9eCOZjJxYxNVdUY83w4/UWouKPQjgEyDluqxv21LZjTrIuLvfkQ== X-Received: by 2002:a05:6871:3a27:b0:261:1f7d:cf61 with SMTP id 586e51a60fabf-267d4d159femr11391782fac.9.1722275623043; Mon, 29 Jul 2024 10:53:43 -0700 (PDT) Received: from debug.ba.rivosinc.com ([64.71.180.162]) by smtp.gmail.com with ESMTPSA id 41be03b00d2f7-7a9f7c71b15sm6303141a12.18.2024.07.29.10.53.42 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 29 Jul 2024 10:53:42 -0700 (PDT) From: Deepak Gupta To: qemu-riscv@nongnu.org, qemu-devel@nongnu.org, jim.shu@sifive.com, andy.chiu@sifive.com, jesse.huang@sifive.com, kito.cheng@sifive.com Cc: palmer@dabbelt.com, Alistair.Francis@wdc.com, laurent@vivier.eu, bmeng.cn@gmail.com, liwei1518@gmail.com, dbarboza@ventanamicro.com, zhiwei_liu@linux.alibaba.com, Deepak Gupta Subject: [PATCH v2 10/24] target/riscv: Add zicfiss extension Date: Mon, 29 Jul 2024 10:53:12 -0700 Message-ID: <20240729175327.73705-11-debug@rivosinc.com> X-Mailer: git-send-email 2.44.0 In-Reply-To: <20240729175327.73705-1-debug@rivosinc.com> References: <20240729175327.73705-1-debug@rivosinc.com> MIME-Version: 1.0 Received-SPF: pass client-ip=2607:f8b0:4864:20::32e; envelope-from=debug@rivosinc.com; helo=mail-ot1-x32e.google.com X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org zicfiss [1] riscv cpu extension enables backward control flow integrity. This patch sets up space for zicfiss extension in cpuconfig. And imple- ments dependency on zicsr, zimop and zcmop extensions. [1] - https://github.com/riscv/riscv-cfi Signed-off-by: Deepak Gupta Co-developed-by: Jim Shu Co-developed-by: Andy Chiu --- target/riscv/cpu.c | 2 ++ target/riscv/cpu_cfg.h | 1 + target/riscv/tcg/tcg-cpu.c | 15 +++++++++++++++ 3 files changed, 18 insertions(+) diff --git a/target/riscv/cpu.c b/target/riscv/cpu.c index e1526c7ab5..54fcf380ff 100644 --- a/target/riscv/cpu.c +++ b/target/riscv/cpu.c @@ -107,6 +107,7 @@ const RISCVIsaExtData isa_edata_arr[] = { ISA_EXT_DATA_ENTRY(zicclsm, PRIV_VERSION_1_11_0, has_priv_1_11), ISA_EXT_DATA_ENTRY(ziccrse, PRIV_VERSION_1_11_0, has_priv_1_11), ISA_EXT_DATA_ENTRY(zicfilp, PRIV_VERSION_1_12_0, ext_zicfilp), + ISA_EXT_DATA_ENTRY(zicfiss, PRIV_VERSION_1_13_0, ext_zicfiss), ISA_EXT_DATA_ENTRY(zicond, PRIV_VERSION_1_12_0, ext_zicond), ISA_EXT_DATA_ENTRY(zicntr, PRIV_VERSION_1_12_0, ext_zicntr), ISA_EXT_DATA_ENTRY(zicsr, PRIV_VERSION_1_10_0, ext_zicsr), @@ -1482,6 +1483,7 @@ const RISCVCPUMultiExtConfig riscv_cpu_extensions[] = { MULTI_EXT_CFG_BOOL("sscofpmf", ext_sscofpmf, false), MULTI_EXT_CFG_BOOL("zifencei", ext_zifencei, true), MULTI_EXT_CFG_BOOL("zicfilp", ext_zicfilp, false), + MULTI_EXT_CFG_BOOL("zicfiss", ext_zicfiss, false), MULTI_EXT_CFG_BOOL("zicsr", ext_zicsr, true), MULTI_EXT_CFG_BOOL("zihintntl", ext_zihintntl, true), MULTI_EXT_CFG_BOOL("zihintpause", ext_zihintpause, true), diff --git a/target/riscv/cpu_cfg.h b/target/riscv/cpu_cfg.h index 88d5defbb5..2499f38407 100644 --- a/target/riscv/cpu_cfg.h +++ b/target/riscv/cpu_cfg.h @@ -68,6 +68,7 @@ struct RISCVCPUConfig { bool ext_zicbop; bool ext_zicboz; bool ext_zicfilp; + bool ext_zicfiss; bool ext_zicond; bool ext_zihintntl; bool ext_zihintpause; diff --git a/target/riscv/tcg/tcg-cpu.c b/target/riscv/tcg/tcg-cpu.c index ed19586c9d..4fd2fd7a28 100644 --- a/target/riscv/tcg/tcg-cpu.c +++ b/target/riscv/tcg/tcg-cpu.c @@ -618,6 +618,21 @@ void riscv_cpu_validate_set_extensions(RISCVCPU *cpu, Error **errp) cpu->cfg.ext_zihpm = false; } + if (cpu->cfg.ext_zicfiss) { + if (!cpu->cfg.ext_zicsr) { + error_setg(errp, "zicfiss extension requires zicsr extension"); + return; + } + if (!cpu->cfg.ext_zimop) { + error_setg(errp, "zicfiss extension requires zimop extension"); + return; + } + if (cpu->cfg.ext_zca && !cpu->cfg.ext_zcmop) { + error_setg(errp, "zicfiss with zca requires zcmop extension"); + return; + } + } + if (!cpu->cfg.ext_zihpm) { cpu->cfg.pmu_mask = 0; cpu->pmu_avail_ctrs = 0; From patchwork Mon Jul 29 17:53:13 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Deepak Gupta X-Patchwork-Id: 1966159 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=rivosinc-com.20230601.gappssmtp.com header.i=@rivosinc-com.20230601.gappssmtp.com header.a=rsa-sha256 header.s=20230601 header.b=P3bLKOBn; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=nongnu.org (client-ip=209.51.188.17; helo=lists.gnu.org; envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org; receiver=patchwork.ozlabs.org) Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4WXmG241kmz1yf4 for ; Tue, 30 Jul 2024 03:54:34 +1000 (AEST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1sYUZP-0006CT-LM; Mon, 29 Jul 2024 13:54:03 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sYUZ9-0004yx-Ca for qemu-devel@nongnu.org; Mon, 29 Jul 2024 13:53:48 -0400 Received: from mail-oa1-x35.google.com ([2001:4860:4864:20::35]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1sYUZ7-0000Kh-Ds for qemu-devel@nongnu.org; Mon, 29 Jul 2024 13:53:47 -0400 Received: by mail-oa1-x35.google.com with SMTP id 586e51a60fabf-25d634c5907so2308294fac.2 for ; Mon, 29 Jul 2024 10:53:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rivosinc-com.20230601.gappssmtp.com; s=20230601; t=1722275624; x=1722880424; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=UB4g4AW4kPdAduQAIH9J9HggkXdBpq+4KbcMBQUEh2k=; b=P3bLKOBnYV0m9Go3/KOoa15TRtAPhONt1Ir1o4f83ttpjKh+P32aMpxJ8cbKevCGsC iDrs6ftcsB0J5JqmSxRFXCjQjM6svzNc1xxVAv4WgnDONU1i1bb/ZZyCv0hEVr4OCwXH Pqy2XCngdcF2ZNNzL/CkZwBThB3Z4Pwk0z1nq993FcJODljPcWb3QUNL4xv8B9LDETBM tzaMO/YPcwipXeNC8a6qz6s3jOGMie9Tk1GH7eUzGdSDG6m1dufGadZHKbF0aVzjJj7N OfWPvJAkOYcarSBRH5BTYmFHWEwIEwk5wDw0mxF2VULfLfJWtSFXxjLY9jia0h0h7/II mtrQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1722275624; x=1722880424; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=UB4g4AW4kPdAduQAIH9J9HggkXdBpq+4KbcMBQUEh2k=; b=fwO55P8gUki6S1CbRTM11knGEc3+gD8s6HunL1hSvcuWPgPOdwFvogZgNP48uwDf8x LOvQYZa6j+LMUNqcnZ1GDJudhI9wvB4nLE9Tc5lDtAHKjMPnGhRozgO+AWNkYF2BaEh6 vG6VtJdOHzHUozgmcfguAEiu+EZfNWZYl+ylg3hSxxJ7feGt9c6gwxH20NmDetmzRkqC zK2Cs8jkuIg79wlEFUl/b8te9NaF1fCgshMp3JfwWyTPjmb1NeCWDz6p84vwKCYE8GZE IrllJ43ypBJb98qEo8Lli+M+YgV28Wsa4uthk2nVoas1aWWJnt1KY3r4wakUHwhNzkWf oL+Q== X-Forwarded-Encrypted: i=1; AJvYcCWLpb1av1LabVEGWIhPzP/mwlrL4hQRe0VdXoKHiE/NnB99X/tNwJwDRcbGEGv3B0yp9biT2EXNWqt6VtibtgAmJfbtE5M= X-Gm-Message-State: AOJu0YxfXnpDgIFoAfSrfnpRM8RJSsK/BOIzgP3Xx/B8m7W4hVflCTQs ne4VCXFFXgKYHwyNZbdvX5csZ4KYKHfC5qU3pWy19AL8ZNWT+RWeEc6ELH0/+5A= X-Google-Smtp-Source: AGHT+IFO+vcSH7APWFf5jxojh4ssJndI3u0cGbuurEkR46fyja72wNHNXr3HprDSB861CGo6/DQauw== X-Received: by 2002:a05:6870:80d3:b0:260:e7ed:27f4 with SMTP id 586e51a60fabf-267d4d82a4fmr10353962fac.27.1722275624250; Mon, 29 Jul 2024 10:53:44 -0700 (PDT) Received: from debug.ba.rivosinc.com ([64.71.180.162]) by smtp.gmail.com with ESMTPSA id 41be03b00d2f7-7a9f7c71b15sm6303141a12.18.2024.07.29.10.53.43 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 29 Jul 2024 10:53:43 -0700 (PDT) From: Deepak Gupta To: qemu-riscv@nongnu.org, qemu-devel@nongnu.org, jim.shu@sifive.com, andy.chiu@sifive.com, jesse.huang@sifive.com, kito.cheng@sifive.com Cc: palmer@dabbelt.com, Alistair.Francis@wdc.com, laurent@vivier.eu, bmeng.cn@gmail.com, liwei1518@gmail.com, dbarboza@ventanamicro.com, zhiwei_liu@linux.alibaba.com, Deepak Gupta Subject: [PATCH v2 11/24] target/riscv: introduce ssp and enabling controls for zicfiss Date: Mon, 29 Jul 2024 10:53:13 -0700 Message-ID: <20240729175327.73705-12-debug@rivosinc.com> X-Mailer: git-send-email 2.44.0 In-Reply-To: <20240729175327.73705-1-debug@rivosinc.com> References: <20240729175327.73705-1-debug@rivosinc.com> MIME-Version: 1.0 Received-SPF: pass client-ip=2001:4860:4864:20::35; envelope-from=debug@rivosinc.com; helo=mail-oa1-x35.google.com X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org zicfiss introduces a new state ssp ("shadow stack register") in cpu. ssp is expressed as a new unprivileged csr (CSR_SSP=0x11) and holds virtual address for shadow stack as programmed by software. Shadow stack (for each mode) is enabled via bit3 in *envcfg CSRs. Shadow stack can be enabled for a mode only if it's higher privileged mode had it enabled for itself. M mode doesn't need enabling control, it's always available if extension is available on cpu. Signed-off-by: Deepak Gupta Co-developed-by: Jim Shu Co-developed-by: Andy Chiu --- target/riscv/cpu.c | 3 ++ target/riscv/cpu.h | 2 ++ target/riscv/cpu_bits.h | 6 ++++ target/riscv/csr.c | 74 +++++++++++++++++++++++++++++++++++++++++ 4 files changed, 85 insertions(+) diff --git a/target/riscv/cpu.c b/target/riscv/cpu.c index 54fcf380ff..6b50ae0e45 100644 --- a/target/riscv/cpu.c +++ b/target/riscv/cpu.c @@ -998,6 +998,9 @@ static void riscv_cpu_reset_hold(Object *obj, ResetType type) /* on reset elp is set to NO_LP_EXPECTED */ env->elp = NO_LP_EXPECTED; + /* on reset ssp is set to 0 */ + env->ssp = 0; + /* * Bits 10, 6, 2 and 12 of mideleg are read only 1 when the Hypervisor * extension is enabled. diff --git a/target/riscv/cpu.h b/target/riscv/cpu.h index 7fed5d2750..81283a1d76 100644 --- a/target/riscv/cpu.h +++ b/target/riscv/cpu.h @@ -224,6 +224,8 @@ struct CPUArchState { /* elp state for zicfilp extension */ cfi_elp elp; + /* shadow stack register for zicfiss extension */ + target_ulong ssp; /* sw check code for sw check exception */ target_ulong sw_check_code; #ifdef CONFIG_USER_ONLY diff --git a/target/riscv/cpu_bits.h b/target/riscv/cpu_bits.h index 477e24feaf..589326e516 100644 --- a/target/riscv/cpu_bits.h +++ b/target/riscv/cpu_bits.h @@ -34,6 +34,9 @@ /* Control and Status Registers */ +/* zicfiss user ssp csr */ +#define CSR_SSP 0x011 + /* User Trap Setup */ #define CSR_USTATUS 0x000 #define CSR_UIE 0x004 @@ -760,6 +763,7 @@ typedef enum RISCVException { /* Execution environment configuration bits */ #define MENVCFG_FIOM BIT(0) #define MENVCFG_LPE BIT(2) /* zicfilp */ +#define MENVCFG_SSE BIT(3) /* zicfiss */ #define MENVCFG_CBIE (3UL << 4) #define MENVCFG_CBCFE BIT(6) #define MENVCFG_CBZE BIT(7) @@ -774,12 +778,14 @@ typedef enum RISCVException { #define SENVCFG_FIOM MENVCFG_FIOM #define SENVCFG_LPE MENVCFG_LPE +#define SENVCFG_SSE MENVCFG_SSE #define SENVCFG_CBIE MENVCFG_CBIE #define SENVCFG_CBCFE MENVCFG_CBCFE #define SENVCFG_CBZE MENVCFG_CBZE #define HENVCFG_FIOM MENVCFG_FIOM #define HENVCFG_LPE MENVCFG_LPE +#define HENVCFG_SSE MENVCFG_SSE #define HENVCFG_CBIE MENVCFG_CBIE #define HENVCFG_CBCFE MENVCFG_CBCFE #define HENVCFG_CBZE MENVCFG_CBZE diff --git a/target/riscv/csr.c b/target/riscv/csr.c index a5a969a377..d72d6289fb 100644 --- a/target/riscv/csr.c +++ b/target/riscv/csr.c @@ -185,6 +185,47 @@ static RISCVException zcmt(CPURISCVState *env, int csrno) return RISCV_EXCP_NONE; } +static RISCVException cfi_ss(CPURISCVState *env, int csrno) +{ + /* no cfi extension, access to csr is illegal */ + if (!env_archcpu(env)->cfg.ext_zicfiss) { + return RISCV_EXCP_ILLEGAL_INST; + } + /* + * CONFIG_USER_MODE always allow access for now. Better for user mode only + * functionality + */ +#if !defined(CONFIG_USER_ONLY) + if (env->debugger) { + return RISCV_EXCP_NONE; + } + /* current priv not M */ + if (env->priv != PRV_M) { + /* menvcfg says no shadow stack enable */ + if (!get_field(env->menvcfg, MENVCFG_SSE)) { + return RISCV_EXCP_ILLEGAL_INST; + } + + /* V = 1 and henvcfg says no shadow stack enable */ + if (env->virt_enabled && + !get_field(env->henvcfg, HENVCFG_SSE)) { + return RISCV_EXCP_VIRT_INSTRUCTION_FAULT; + } + + /* + * SSP are not accessible to U mode if disabled via senvcfg + * CSR + */ + if ((env->priv == PRV_U) && + (!get_field(env->senvcfg, SENVCFG_SSE))) { + return RISCV_EXCP_ILLEGAL_INST; + } + } +#endif + + return RISCV_EXCP_NONE; +} + #if !defined(CONFIG_USER_ONLY) static RISCVException mctr(CPURISCVState *env, int csrno) { @@ -596,6 +637,19 @@ static RISCVException seed(CPURISCVState *env, int csrno) #endif } +/* zicfiss CSR_SSP read and write */ +static int read_ssp(CPURISCVState *env, int csrno, target_ulong *val) +{ + *val = env->ssp; + return RISCV_EXCP_NONE; +} + +static int write_ssp(CPURISCVState *env, int csrno, target_ulong val) +{ + env->ssp = val; + return RISCV_EXCP_NONE; +} + /* User Floating-Point CSRs */ static RISCVException read_fflags(CPURISCVState *env, int csrno, target_ulong *val) @@ -2111,6 +2165,10 @@ static RISCVException write_menvcfg(CPURISCVState *env, int csrno, if (env_archcpu(env)->cfg.ext_zicfilp) { mask |= MENVCFG_LPE; } + + if (env_archcpu(env)->cfg.ext_zicfiss) { + mask |= MENVCFG_SSE; + } } env->menvcfg = (env->menvcfg & ~mask) | (val & mask); @@ -2167,6 +2225,13 @@ static RISCVException write_senvcfg(CPURISCVState *env, int csrno, mask |= SENVCFG_LPE; } + /* Higher mode SSE must be ON for next-less mode SSE to be ON */ + if (env_archcpu(env)->cfg.ext_zicfiss && + get_field(env->menvcfg, MENVCFG_SSE) && + (env->virt_enabled ? get_field(env->henvcfg, HENVCFG_SSE) : true)) { + mask |= SENVCFG_SSE; + } + env->senvcfg = (env->senvcfg & ~mask) | (val & mask); return RISCV_EXCP_NONE; } @@ -2208,6 +2273,12 @@ static RISCVException write_henvcfg(CPURISCVState *env, int csrno, if (env_archcpu(env)->cfg.ext_zicfilp) { mask |= HENVCFG_LPE; } + + /* H can light up SSE for VS only if HS had it from menvcfg */ + if (env_archcpu(env)->cfg.ext_zicfiss && + get_field(env->menvcfg, MENVCFG_SSE)) { + mask |= HENVCFG_SSE; + } } env->henvcfg = (env->henvcfg & ~mask) | (val & mask); @@ -4663,6 +4734,9 @@ riscv_csr_operations csr_ops[CSR_TABLE_SIZE] = { /* Zcmt Extension */ [CSR_JVT] = {"jvt", zcmt, read_jvt, write_jvt}, + /* zicfiss Extension, shadow stack register */ + [CSR_SSP] = { "ssp", cfi_ss, read_ssp, write_ssp }, + #if !defined(CONFIG_USER_ONLY) /* Machine Timers and Counters */ [CSR_MCYCLE] = { "mcycle", any, read_hpmcounter, From patchwork Mon Jul 29 17:53:14 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Deepak Gupta X-Patchwork-Id: 1966166 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=rivosinc-com.20230601.gappssmtp.com header.i=@rivosinc-com.20230601.gappssmtp.com header.a=rsa-sha256 header.s=20230601 header.b=RhRsgmM3; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=nongnu.org (client-ip=209.51.188.17; helo=lists.gnu.org; envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org; receiver=patchwork.ozlabs.org) Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4WXmJZ2k9Gz20FY for ; Tue, 30 Jul 2024 03:56:46 +1000 (AEST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1sYUZR-0006QJ-ME; Mon, 29 Jul 2024 13:54:05 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sYUZB-000594-Uf for qemu-devel@nongnu.org; Mon, 29 Jul 2024 13:53:51 -0400 Received: from mail-oo1-xc32.google.com ([2607:f8b0:4864:20::c32]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1sYUZ8-0000L2-Nt for qemu-devel@nongnu.org; Mon, 29 Jul 2024 13:53:48 -0400 Received: by mail-oo1-xc32.google.com with SMTP id 006d021491bc7-5d5c7f24372so2196639eaf.0 for ; Mon, 29 Jul 2024 10:53:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rivosinc-com.20230601.gappssmtp.com; s=20230601; t=1722275625; x=1722880425; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=tUR8T2K29APrsJptEPEdK1z5i2IWbR5BdkNAdCNK1kM=; b=RhRsgmM3Zdf8ald9mJ95KXlkK0nx3ENcEiqrDRhEVEUrRVhWZJX9ljnZ+/6mlu+ib8 Vxox2CMzN75J/hOLzI1Cw2gzXDxD6+X21IbDFiHNmmDq9op2slv93CY3NVa5RdW2N31u CsIZ2dsVivSGtgHB8ZaSkamUiQEok7eiltlbLmLgOFOM9v327Vc2JimrBn+NTHoIDlQS r/xVFbfzm+DQ40vJ9khPIHxKnblQvuLgzwjzfuToUnbMI+nqF7Tx2G/QTvemn+MIi218 vvFyE9NY9MEAji2oum/e90tCP3I0a6TmFFsibX+WNr9tOqCBr1SP+x3s+6FWBGvF/W6h NTCA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1722275625; x=1722880425; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=tUR8T2K29APrsJptEPEdK1z5i2IWbR5BdkNAdCNK1kM=; b=FpJIIBEZCYC9u+W9bpvo/6xm6HUv4JpToPZhXf+rXZkNuDhhBCSegCkvh11ZiYWtml EPTIXFqXwPMjIiSP6E2/O5IhKBSIQfG6mvU3wK9ilV8OXTOdwJOSh3S7KkfdPaOh1Ad2 +6YJcNOO61NvPRRSkiC9+lsWsSRHC+pBPJRL2txREqf40IoAI2Oq8gACOGHLFTcWed47 VdVjPLTdU4LDjHrFNpd7ZhEu5dR2E1mMmIPITQ+J4kT07yDSXalcYaDsXaO4pzQ41hWE uUu9z1zE4beYRMUs3Ec1Cu9kxwC5CRjHcIlq3E1hGAH5MVNg/SM4jF3yf2YYry7b94QS CGsA== X-Forwarded-Encrypted: i=1; AJvYcCVraw584BP24BksPZRgoaE/c4pS9qeQLmU9/WslC2TrPACMNQn56KsD9fE46reImGmp949Gb7yaqPHA@nongnu.org X-Gm-Message-State: AOJu0YzuPFivH+CsbdfsMXw7T4ciCkpU50plig6wegVnMLtDYX8D5VKA 8eiy59TTA1sa+XgxqG4WZ5nZFgj8GBN3k56Pb+pc7PLlUIUSwsAoAo0TTsWh45U= X-Google-Smtp-Source: AGHT+IEpVBGEeA74OGk8GqbHchEYYKhWNGWutaJexP6dU2C4mxMMEOR8c5MRmL8S4oi8FMt7BRpYEg== X-Received: by 2002:a05:6870:2253:b0:261:8c:da1e with SMTP id 586e51a60fabf-267d4d8c557mr9549442fac.28.1722275625417; Mon, 29 Jul 2024 10:53:45 -0700 (PDT) Received: from debug.ba.rivosinc.com ([64.71.180.162]) by smtp.gmail.com with ESMTPSA id 41be03b00d2f7-7a9f7c71b15sm6303141a12.18.2024.07.29.10.53.44 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 29 Jul 2024 10:53:45 -0700 (PDT) From: Deepak Gupta To: qemu-riscv@nongnu.org, qemu-devel@nongnu.org, jim.shu@sifive.com, andy.chiu@sifive.com, jesse.huang@sifive.com, kito.cheng@sifive.com Cc: palmer@dabbelt.com, Alistair.Francis@wdc.com, laurent@vivier.eu, bmeng.cn@gmail.com, liwei1518@gmail.com, dbarboza@ventanamicro.com, zhiwei_liu@linux.alibaba.com, Deepak Gupta Subject: [PATCH v2 12/24] target/riscv: tb flag for shadow stack instructions Date: Mon, 29 Jul 2024 10:53:14 -0700 Message-ID: <20240729175327.73705-13-debug@rivosinc.com> X-Mailer: git-send-email 2.44.0 In-Reply-To: <20240729175327.73705-1-debug@rivosinc.com> References: <20240729175327.73705-1-debug@rivosinc.com> MIME-Version: 1.0 Received-SPF: pass client-ip=2607:f8b0:4864:20::c32; envelope-from=debug@rivosinc.com; helo=mail-oo1-xc32.google.com X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Shadow stack instructions can be decoded as zimop / zcmop or shadow stack instructions depending on whether shadow stack are enabled at current privilege. This requires a TB flag so that correct TB generation and correct TB lookup happens. `DisasContext` gets a field indicating whether bcfi is enabled or not. This patch also implements helper bcfi function which determines if bcfi is enabled at current privilege or not. qemu-user also gets field `ubcfien` indicating whether qemu user has shadow stack enabled or not. Signed-off-by: Deepak Gupta Co-developed-by: Jim Shu Co-developed-by: Andy Chiu --- target/riscv/cpu.c | 2 ++ target/riscv/cpu.h | 4 ++++ target/riscv/cpu_helper.c | 30 ++++++++++++++++++++++++++++++ target/riscv/translate.c | 4 ++++ 4 files changed, 40 insertions(+) diff --git a/target/riscv/cpu.c b/target/riscv/cpu.c index 6b50ae0e45..e1ff246c24 100644 --- a/target/riscv/cpu.c +++ b/target/riscv/cpu.c @@ -1029,6 +1029,8 @@ static void riscv_cpu_reset_hold(Object *obj, ResetType type) #ifdef CONFIG_USER_ONLY /* qemu-user for riscv, fcfi is off by default */ env->ufcfien = false; + /* qemu-user for riscv, bcfi is off by default */ + env->ubcfien = false; #endif #ifndef CONFIG_USER_ONLY diff --git a/target/riscv/cpu.h b/target/riscv/cpu.h index 81283a1d76..0e0a9d2be1 100644 --- a/target/riscv/cpu.h +++ b/target/riscv/cpu.h @@ -231,6 +231,7 @@ struct CPUArchState { #ifdef CONFIG_USER_ONLY uint32_t elf_flags; bool ufcfien; + bool ubcfien; #endif #ifndef CONFIG_USER_ONLY @@ -536,6 +537,7 @@ bool riscv_cpu_vector_enabled(CPURISCVState *env); void riscv_cpu_set_virt_enabled(CPURISCVState *env, bool enable); int riscv_env_mmu_index(CPURISCVState *env, bool ifetch); bool cpu_get_fcfien(CPURISCVState *env); +bool cpu_get_bcfien(CPURISCVState *env); G_NORETURN void riscv_cpu_do_unaligned_access(CPUState *cs, vaddr addr, MMUAccessType access_type, int mmu_idx, uintptr_t retaddr); @@ -610,6 +612,8 @@ FIELD(TB_FLAGS, PRIV, 24, 2) FIELD(TB_FLAGS, AXL, 26, 2) /* zicfilp needs a TB flag to track indirect branches */ FIELD(TB_FLAGS, FCFI_LP_EXPECTED, 28, 1) +/* zicfiss needs a TB flag so that correct TB is located based on tb flags */ +FIELD(TB_FLAGS, BCFI_ENABLED, 29, 1) #ifdef TARGET_RISCV32 #define riscv_cpu_mxl(env) ((void)(env), MXL_RV32) diff --git a/target/riscv/cpu_helper.c b/target/riscv/cpu_helper.c index 2cb1d45467..ce68f5af72 100644 --- a/target/riscv/cpu_helper.c +++ b/target/riscv/cpu_helper.c @@ -93,6 +93,32 @@ bool cpu_get_fcfien(CPURISCVState *env) #endif } +bool cpu_get_bcfien(CPURISCVState *env) +{ +#ifdef CONFIG_USER_ONLY + return env->ubcfien; +#else + /* no cfi extension, return false */ + if (!env_archcpu(env)->cfg.ext_zicfiss) { + return false; + } + + switch (env->priv) { + case PRV_U: + return (env->senvcfg & SENVCFG_SSE) ? true : false; + case PRV_S: + if (env->virt_enabled) { + return (env->henvcfg & HENVCFG_SSE) ? true : false; + } + return (env->menvcfg & MENVCFG_SSE) ? true : false; + case PRV_M: /* M-mode shadow stack is always on if hart implements */ + return true; + default: + g_assert_not_reached(); + } +#endif +} + void cpu_get_tb_cpu_state(CPURISCVState *env, vaddr *pc, uint64_t *cs_base, uint32_t *pflags) { @@ -146,6 +172,10 @@ void cpu_get_tb_cpu_state(CPURISCVState *env, vaddr *pc, env->elp != NO_LP_EXPECTED); } + if (cpu_get_bcfien(env)) { + flags = FIELD_DP32(flags, TB_FLAGS, BCFI_ENABLED, 1); + } + #ifdef CONFIG_USER_ONLY fs = EXT_STATUS_DIRTY; vs = EXT_STATUS_DIRTY; diff --git a/target/riscv/translate.c b/target/riscv/translate.c index c746d7df08..34c9bf093d 100644 --- a/target/riscv/translate.c +++ b/target/riscv/translate.c @@ -121,6 +121,8 @@ typedef struct DisasContext { /* zicfilp extension. cfi enabled or not. lp expected or not */ bool fcfi_enabled; bool fcfi_lp_expected; + /* zicfiss extension, if shadow stack was enabled during TB gen */ + bool bcfi_enabled; } DisasContext; static inline bool has_ext(DisasContext *ctx, uint32_t ext) @@ -1243,6 +1245,8 @@ static void riscv_tr_init_disas_context(DisasContextBase *dcbase, CPUState *cs) ctx->pm_base_enabled = FIELD_EX32(tb_flags, TB_FLAGS, PM_BASE_ENABLED); ctx->ztso = cpu->cfg.ext_ztso; ctx->itrigger = FIELD_EX32(tb_flags, TB_FLAGS, ITRIGGER); + ctx->bcfi_enabled = cpu_get_bcfien(env) && + FIELD_EX32(tb_flags, TB_FLAGS, BCFI_ENABLED); ctx->fcfi_lp_expected = FIELD_EX32(tb_flags, TB_FLAGS, FCFI_LP_EXPECTED); ctx->fcfi_enabled = cpu_get_fcfien(env) && ctx->fcfi_lp_expected; ctx->zero = tcg_constant_tl(0); From patchwork Mon Jul 29 17:53:15 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Deepak Gupta X-Patchwork-Id: 1966167 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=rivosinc-com.20230601.gappssmtp.com header.i=@rivosinc-com.20230601.gappssmtp.com header.a=rsa-sha256 header.s=20230601 header.b=pAO1OQ2e; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=nongnu.org (client-ip=209.51.188.17; helo=lists.gnu.org; envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org; receiver=patchwork.ozlabs.org) Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4WXmJZ5JMjz20Fq for ; Tue, 30 Jul 2024 03:56:46 +1000 (AEST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1sYUZN-0005uO-Vh; Mon, 29 Jul 2024 13:54:02 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sYUZE-0005K2-4t for qemu-devel@nongnu.org; Mon, 29 Jul 2024 13:53:57 -0400 Received: from mail-il1-x130.google.com ([2607:f8b0:4864:20::130]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1sYUZB-0000Lc-Kr for qemu-devel@nongnu.org; Mon, 29 Jul 2024 13:53:51 -0400 Received: by mail-il1-x130.google.com with SMTP id e9e14a558f8ab-37636c3872bso18927355ab.3 for ; Mon, 29 Jul 2024 10:53:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rivosinc-com.20230601.gappssmtp.com; s=20230601; t=1722275627; x=1722880427; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=UJ6GKjHyFg/N/6Kqn8U3twMqQ3IQfPK9ONneJ3cAfiI=; b=pAO1OQ2eITjkOxhW8HcW2yI5fChepok5rWpIILOgaFXWpyYpgDZtpYVuh4rtCunZSN 36ueT+IA15D6fj6CoFogPN78t3dVfHW8VUsDlIXBXsHXz32bIqtiz8XXrCPeAMQC9i5p 1FfAnR9eDoGU8/crm/v2b2jgH3jrMSyftW1RehTS82bCTUHhJom2cdI86hDwsXQlEQwH 81pO8vpGWe+aaj5oBNpiDslvspshaji+Hdqo4P7UNR4Pp91FIIX+pSINKOkMR5B8wcN7 h31J7TbsB5ccGaIzBeTvlKihQo0ORtnCZoqpewTrBDcKV0tC5D/rSlleBhhVMpOEdVat WbwQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1722275627; x=1722880427; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=UJ6GKjHyFg/N/6Kqn8U3twMqQ3IQfPK9ONneJ3cAfiI=; b=Ikd6kGUet95OSUPSZnLJwK/23jbyWEsjvSMuavJQNWedVag+MTssMD/jvUqlIazfiB qX8dBOjaiCSAOFZxQI7GNHQIBJ6tPQxZY/WSLSCChHZs4QohS2IkHV0J1FE2JUB1AK0f LRJRGLiLDMgM5lT+3u2jV0dawoH7PPVcjxy+E4ey6g2hfBcgPmUMndRnQx8qrRCOz8CE d9cm4UfaAgZvZdYitQ1E8XcndgI4DWTJIM1AKvGwa4a1vZH7vpy+k/TKll8a/e0Tk0VG kyRaadrNHmSzDsB8UscfWe/vJEztj6zVgJdWZ02PRx8JraC2uMgu373Q/w2xiBLiPRqz QImA== X-Forwarded-Encrypted: i=1; AJvYcCXoYYYVLAIpZAQoMuUmL0+11S0Rua0HL6Pdosyz74whrMWYLbC7zojXltvKPbQZE5f6T5e+fr8KQuFvXJ4z2fUGjzLseeY= X-Gm-Message-State: AOJu0YzUiGKSB81ajhnQqnosBBlNvDAIGF/F8lKTTX6TZbVz+zAOdi7g eat0slzawvVH6rGubyKSN1ww6UpH1me1nQz/5A1IVbEbY/wImJxpKGLVtZw64B4= X-Google-Smtp-Source: AGHT+IFS/WLadWDu9qTdcxQ+RfJ9Cc85KApzqblTdOxSzXE86CLdPyc79G9R+4GasU2SjGGnhYvCWg== X-Received: by 2002:a05:6e02:1a0b:b0:397:6dfc:993a with SMTP id e9e14a558f8ab-39aec40214amr100157855ab.21.1722275626750; Mon, 29 Jul 2024 10:53:46 -0700 (PDT) Received: from debug.ba.rivosinc.com ([64.71.180.162]) by smtp.gmail.com with ESMTPSA id 41be03b00d2f7-7a9f7c71b15sm6303141a12.18.2024.07.29.10.53.45 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 29 Jul 2024 10:53:46 -0700 (PDT) From: Deepak Gupta To: qemu-riscv@nongnu.org, qemu-devel@nongnu.org, jim.shu@sifive.com, andy.chiu@sifive.com, jesse.huang@sifive.com, kito.cheng@sifive.com Cc: palmer@dabbelt.com, Alistair.Francis@wdc.com, laurent@vivier.eu, bmeng.cn@gmail.com, liwei1518@gmail.com, dbarboza@ventanamicro.com, zhiwei_liu@linux.alibaba.com, Deepak Gupta Subject: [PATCH v2 13/24] target/riscv: implement zicfiss instructions Date: Mon, 29 Jul 2024 10:53:15 -0700 Message-ID: <20240729175327.73705-14-debug@rivosinc.com> X-Mailer: git-send-email 2.44.0 In-Reply-To: <20240729175327.73705-1-debug@rivosinc.com> References: <20240729175327.73705-1-debug@rivosinc.com> MIME-Version: 1.0 Received-SPF: pass client-ip=2607:f8b0:4864:20::130; envelope-from=debug@rivosinc.com; helo=mail-il1-x130.google.com X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=unavailable autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org zicfiss has following instructions - sspopchk: pops a value from shadow stack and compares with x1/x5. If they dont match, reports a sw check exception with tval = 3. - sspush: pushes value in x1/x5 on shadow stack - ssrdp: reads current shadow stack - ssamoswap: swaps contents of shadow stack atomically sspopchk/sspush/ssrdp default to zimop if zimop implemented and SSE=0 If SSE=0, ssamoswap is illegal instruction exception. This patch implements shadow stack operations for qemu-user and shadow stack is not protected. Signed-off-by: Deepak Gupta Co-developed-by: Jim Shu Co-developed-by: Andy Chiu --- target/riscv/cpu_bits.h | 2 + target/riscv/helper.h | 2 + target/riscv/insn32.decode | 17 +- target/riscv/insn_trans/trans_rva.c.inc | 47 ++++++ target/riscv/insn_trans/trans_rvzicfiss.c.inc | 149 ++++++++++++++++++ target/riscv/op_helper.c | 9 ++ target/riscv/translate.c | 1 + 7 files changed, 225 insertions(+), 2 deletions(-) create mode 100644 target/riscv/insn_trans/trans_rvzicfiss.c.inc diff --git a/target/riscv/cpu_bits.h b/target/riscv/cpu_bits.h index 589326e516..8e179d6965 100644 --- a/target/riscv/cpu_bits.h +++ b/target/riscv/cpu_bits.h @@ -696,6 +696,8 @@ typedef enum RISCVException { /* zicfilp defines lp violation results in sw check with tval = 2*/ #define RISCV_EXCP_SW_CHECK_FCFI_TVAL 2 +/* zicfiss defines ss violation results in sw check with tval = 3*/ +#define RISCV_EXCP_SW_CHECK_BCFI_TVAL 3 #define RISCV_EXCP_INT_FLAG 0x80000000 #define RISCV_EXCP_INT_MASK 0x7fffffff diff --git a/target/riscv/helper.h b/target/riscv/helper.h index ab55bbbf73..4efb7ba4df 100644 --- a/target/riscv/helper.h +++ b/target/riscv/helper.h @@ -124,6 +124,8 @@ DEF_HELPER_2(cbo_zero, void, env, tl) /* Forward CFI label checking */ DEF_HELPER_2(cfi_jalr, void, env, int) DEF_HELPER_2(cfi_check_landing_pad, void, env, int) +/* helper for sschk mismatch (zicfiss) */ +DEF_HELPER_3(sschk_mismatch, void, env, tl, tl) /* Special functions */ DEF_HELPER_2(csrr, tl, env, int) diff --git a/target/riscv/insn32.decode b/target/riscv/insn32.decode index c963c59c8e..c59c992ce2 100644 --- a/target/riscv/insn32.decode +++ b/target/riscv/insn32.decode @@ -65,8 +65,10 @@ # Formats 32: @r ....... ..... ..... ... ..... ....... &r %rs2 %rs1 %rd @i ............ ..... ... ..... ....... &i imm=%imm_i %rs1 %rd +@ss_pop ............ ..... ... ..... ....... &i imm=0 %rs1 rd=0 @b ....... ..... ..... ... ..... ....... &b imm=%imm_b %rs2 %rs1 @s ....... ..... ..... ... ..... ....... &s imm=%imm_s %rs2 %rs1 +@ss_push ....... ..... ..... ... ..... ....... &s imm=0 %rs2 rs1=0 @u .................... ..... ....... &u imm=%imm_u %rd @j .................... ..... ....... &j imm=%imm_j %rd @@ -247,6 +249,7 @@ remud 0000001 ..... ..... 111 ..... 1111011 @r lr_w 00010 . . 00000 ..... 010 ..... 0101111 @atom_ld sc_w 00011 . . ..... ..... 010 ..... 0101111 @atom_st amoswap_w 00001 . . ..... ..... 010 ..... 0101111 @atom_st +ssamoswap_w 01001 . . ..... ..... 010 ..... 0101111 @atom_st amoadd_w 00000 . . ..... ..... 010 ..... 0101111 @atom_st amoxor_w 00100 . . ..... ..... 010 ..... 0101111 @atom_st amoand_w 01100 . . ..... ..... 010 ..... 0101111 @atom_st @@ -260,6 +263,7 @@ amomaxu_w 11100 . . ..... ..... 010 ..... 0101111 @atom_st lr_d 00010 . . 00000 ..... 011 ..... 0101111 @atom_ld sc_d 00011 . . ..... ..... 011 ..... 0101111 @atom_st amoswap_d 00001 . . ..... ..... 011 ..... 0101111 @atom_st +ssamoswap_d 01001 . . ..... ..... 011 ..... 0101111 @atom_st amoadd_d 00000 . . ..... ..... 011 ..... 0101111 @atom_st amoxor_d 00100 . . ..... ..... 011 ..... 0101111 @atom_st amoand_d 01100 . . ..... ..... 011 ..... 0101111 @atom_st @@ -1023,8 +1027,17 @@ amocas_d 00101 . . ..... ..... 011 ..... 0101111 @atom_st amocas_q 00101 . . ..... ..... 100 ..... 0101111 @atom_st # *** Zimop may-be-operation extension *** -mop_r_n 1 . 00 .. 0111 .. ..... 100 ..... 1110011 @mop5 -mop_rr_n 1 . 00 .. 1 ..... ..... 100 ..... 1110011 @mop3 +{ + # zicfiss instructions carved out of mop.r + ssrdp 1100110 11100 00000 100 ..... 1110011 %rd + sspopchk 1100110 11100 ..... 100 00000 1110011 @ss_pop + mop_r_n 1 . 00 .. 0111 .. ..... 100 ..... 1110011 @mop5 +} +{ + # zicfiss instruction carved out of mop.rr + sspush 1100111 ..... 00000 100 00000 1110011 @ss_push + mop_rr_n 1 . 00 .. 1 ..... ..... 100 ..... 1110011 @mop3 +} # *** Zabhb Standard Extension *** amoswap_b 00001 . . ..... ..... 000 ..... 0101111 @atom_st diff --git a/target/riscv/insn_trans/trans_rva.c.inc b/target/riscv/insn_trans/trans_rva.c.inc index 39bbf60f3c..db6c03f6a8 100644 --- a/target/riscv/insn_trans/trans_rva.c.inc +++ b/target/riscv/insn_trans/trans_rva.c.inc @@ -18,6 +18,8 @@ * this program. If not, see . */ +#include "exec/memop.h" + #define REQUIRE_A_OR_ZAAMO(ctx) do { \ if (!ctx->cfg_ptr->ext_zaamo && !has_ext(ctx, RVA)) { \ return false; \ @@ -114,6 +116,28 @@ static bool trans_amoswap_w(DisasContext *ctx, arg_amoswap_w *a) return gen_amo(ctx, a, &tcg_gen_atomic_xchg_tl, MO_TESL); } +static bool trans_ssamoswap_w(DisasContext *ctx, arg_amoswap_w *a) +{ + REQUIRE_A_OR_ZAAMO(ctx); + /* default for qemu-user, use regular RW memory and thus mmu_idx=0 */ + int ss_mmu_idx = 0; + + /* back cfi was not enabled, return false */ + if (!ctx->bcfi_enabled) { + return false; + } + + TCGv dest = dest_gpr(ctx, a->rd); + TCGv src1, src2 = get_gpr(ctx, a->rs2, EXT_NONE); + + decode_save_opc(ctx); + src1 = get_address(ctx, a->rs1, 0); + + tcg_gen_atomic_xchg_tl(dest, src1, src2, ss_mmu_idx, (MO_ALIGN | MO_TESL)); + gen_set_gpr(ctx, a->rd, dest); + return true; +} + static bool trans_amoadd_w(DisasContext *ctx, arg_amoadd_w *a) { REQUIRE_A_OR_ZAAMO(ctx); @@ -183,6 +207,29 @@ static bool trans_amoswap_d(DisasContext *ctx, arg_amoswap_d *a) return gen_amo(ctx, a, &tcg_gen_atomic_xchg_tl, MO_TEUQ); } +static bool trans_ssamoswap_d(DisasContext *ctx, arg_amoswap_w *a) +{ + REQUIRE_64BIT(ctx); + REQUIRE_A_OR_ZAAMO(ctx); + /* default for qemu-user, use regular RW memory and thus mmu_idx=0 */ + int ss_mmu_idx = 0; + + /* back cfi was not enabled, return false */ + if (!ctx->bcfi_enabled) { + return false; + } + + TCGv dest = dest_gpr(ctx, a->rd); + TCGv src1, src2 = get_gpr(ctx, a->rs2, EXT_NONE); + + decode_save_opc(ctx); + src1 = get_address(ctx, a->rs1, 0); + + tcg_gen_atomic_xchg_tl(dest, src1, src2, ss_mmu_idx, (MO_ALIGN | MO_TESQ)); + gen_set_gpr(ctx, a->rd, dest); + return true; +} + static bool trans_amoadd_d(DisasContext *ctx, arg_amoadd_d *a) { REQUIRE_64BIT(ctx); diff --git a/target/riscv/insn_trans/trans_rvzicfiss.c.inc b/target/riscv/insn_trans/trans_rvzicfiss.c.inc new file mode 100644 index 0000000000..bac65d4166 --- /dev/null +++ b/target/riscv/insn_trans/trans_rvzicfiss.c.inc @@ -0,0 +1,149 @@ +/* + * RISC-V translation routines for the Control-Flow Integrity Extension + * + * Copyright (c) 2024 Rivos Inc. + * + * This program is free software; you can redistribute it and/or modify it + * under the terms and conditions of the GNU General Public License, + * version 2 or later, as published by the Free Software Foundation. + * + * This program is distributed in the hope it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for + * more details. + * + * You should have received a copy of the GNU General Public License along with + * this program. If not, see . + */ + +static MemOp mxl_memop(DisasContext *ctx) +{ + switch (get_xl(ctx)) { + case MXL_RV32: + return MO_TEUL; + + case MXL_RV64: + return MO_TEUQ; + + case MXL_RV128: + return MO_TEUO; + + default: + g_assert_not_reached(); + } +} + +static bool trans_sspopchk(DisasContext *ctx, arg_sspopchk *a) +{ + /* default for qemu-user, use regular RW memory and thus mmu_idx=0 */ + int ss_mmu_idx = 0; + + /* sspopchk only supported on 32bit and 64bit */ + if (get_xl(ctx) != MXL_RV32 && get_xl(ctx) != MXL_RV64) { + return false; + } + + /* back cfi was not enabled, return false */ + if (!ctx->bcfi_enabled) { + return false; + } + + /* + * sspopchk can only compare with x1 or x5. Everything else defaults to + * zimops + */ + + if (a->rs1 != 1 && a->rs1 != 5) { + return false; + } + + /* + * get data in TCGv using get_gpr + * get addr in TCGv using gen_helper_csrr on CSR_SSP + * use some tcg subtract arithmetic (subtract by XLEN) on addr + * perform ss store on computed address + */ + + TCGv addr = tcg_temp_new(); + uint32_t tmp = (get_xl(ctx) == MXL_RV64) ? 8 : 4; + TCGv_i32 ssp_csr = tcg_constant_i32(CSR_SSP); + TCGv data = tcg_temp_new(); + gen_helper_csrr(addr, tcg_env, ssp_csr); + + tcg_gen_qemu_ld_tl(data, addr, ss_mmu_idx, + mxl_memop(ctx) | MO_ALIGN); + TCGv rs1 = get_gpr(ctx, a->rs1, EXT_NONE); + /* + * add XLEN/bitwidth to addr, align to XLEN . How do i do that? Is below + * the right way + */ + tcg_gen_addi_tl(addr, addr, tmp); + gen_helper_sschk_mismatch(tcg_env, rs1, data); + gen_helper_csrw(tcg_env, ssp_csr, addr); + + return true; +} + +static bool trans_sspush(DisasContext *ctx, arg_sspush *a) +{ + /* default for qemu-user, use regular RW memory and thus mmu_idx=0 */ + int ss_mmu_idx = 0; + + /* sspush only supported on 32bit and 64bit */ + if (get_xl(ctx) != MXL_RV32 && get_xl(ctx) != MXL_RV64) { + return false; + } + + /* back cfi was not enabled, return false */ + if (!ctx->bcfi_enabled) { + return false; + } + + /* + * sspush can only push from x1 or x5. Everything else defaults to zimop + */ + if (a->rs2 != 1 && a->rs2 != 5) { + return false; + } + + /* + * get data in TCGv using get_gpr + * get addr in TCGv using gen_helper_csrr on CSR_SSP + * use some tcg subtract arithmetic (subtract by XLEN) on addr + * perform ss store on computed address + */ + + TCGv addr = tcg_temp_new(); + int tmp = (get_xl(ctx) == MXL_RV64) ? -8 : -4; + TCGv_i32 ssp_csr = tcg_constant_i32(CSR_SSP); + TCGv data = get_gpr(ctx, a->rs2, EXT_NONE); + gen_helper_csrr(addr, tcg_env, ssp_csr); + + tcg_gen_addi_tl(addr, addr, tmp); + + tcg_gen_qemu_st_tl(data, addr, ss_mmu_idx, + mxl_memop(ctx) | MO_ALIGN); + gen_helper_csrw(tcg_env, ssp_csr, addr); + + return true; +} + +static bool trans_ssrdp(DisasContext *ctx, arg_ssrdp *a) +{ + /* ssrdp only supported on 32bit and 64bit */ + if (get_xl(ctx) != MXL_RV32 && get_xl(ctx) != MXL_RV64) { + return false; + } + + /* back cfi was not enabled, return false */ + if (!ctx->bcfi_enabled) { + return false; + } + + TCGv dest = get_gpr(ctx, a->rd, EXT_NONE); + TCGv_i32 ssp_csr = tcg_constant_i32(CSR_SSP); + gen_helper_csrr(dest, tcg_env, ssp_csr); + gen_set_gpr(ctx, a->rd, dest); + + return true; +} diff --git a/target/riscv/op_helper.c b/target/riscv/op_helper.c index 2d152f0a00..54baa3a966 100644 --- a/target/riscv/op_helper.c +++ b/target/riscv/op_helper.c @@ -291,6 +291,15 @@ void helper_cfi_check_landing_pad(CPURISCVState *env, int lbl) } } +void helper_sschk_mismatch(CPURISCVState *env, target_ulong rs1, + target_ulong ssra) +{ + if (rs1 != ssra) { + env->sw_check_code = RISCV_EXCP_SW_CHECK_BCFI_TVAL; + riscv_raise_exception(env, RISCV_EXCP_SW_CHECK, GETPC()); + } +} + #ifndef CONFIG_USER_ONLY target_ulong helper_sret(CPURISCVState *env) diff --git a/target/riscv/translate.c b/target/riscv/translate.c index 34c9bf093d..9152a963ee 100644 --- a/target/riscv/translate.c +++ b/target/riscv/translate.c @@ -1143,6 +1143,7 @@ static uint32_t opcode_at(DisasContextBase *dcbase, target_ulong pc) #include "insn_trans/trans_rvzawrs.c.inc" #include "insn_trans/trans_rvzicbo.c.inc" #include "insn_trans/trans_rvzimop.c.inc" +#include "insn_trans/trans_rvzicfiss.c.inc" #include "insn_trans/trans_rvzfa.c.inc" #include "insn_trans/trans_rvzfh.c.inc" #include "insn_trans/trans_rvk.c.inc" From patchwork Mon Jul 29 17:53:16 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Deepak Gupta X-Patchwork-Id: 1966161 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=rivosinc-com.20230601.gappssmtp.com header.i=@rivosinc-com.20230601.gappssmtp.com header.a=rsa-sha256 header.s=20230601 header.b=TxH+ogYf; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=nongnu.org (client-ip=209.51.188.17; helo=lists.gnu.org; envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org; receiver=patchwork.ozlabs.org) Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4WXmGc69CVz1yf4 for ; Tue, 30 Jul 2024 03:55:02 +1000 (AEST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1sYUZR-0006PI-K0; Mon, 29 Jul 2024 13:54:05 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sYUZF-0005Sc-PK for qemu-devel@nongnu.org; Mon, 29 Jul 2024 13:53:57 -0400 Received: from mail-il1-x12f.google.com ([2607:f8b0:4864:20::12f]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1sYUZB-0000Lu-Nb for qemu-devel@nongnu.org; Mon, 29 Jul 2024 13:53:53 -0400 Received: by mail-il1-x12f.google.com with SMTP id e9e14a558f8ab-3993c6dd822so14177875ab.1 for ; Mon, 29 Jul 2024 10:53:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rivosinc-com.20230601.gappssmtp.com; s=20230601; t=1722275628; x=1722880428; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=uj9qOhBpCT9W/nbC5avAHQrsYFSH2V3flkgQB5x2ClI=; b=TxH+ogYfFk4l3XxIfy+8nG1290tSid4ZbpzrhrtuFMxL+Eg1lua5fgmr7jtp7f+20y 6c0CM+D2vZhx+bmlIGEE4WgoNwuEROZMVsIawl9dDlCKKk/DsplJD+j6OaanBisfJyJ/ eMdCfQj1uiGfkmLWU86ghFmd4V81XvBMkAfekhnHiXKNWwyTk0NhbkJugkihYWuS/kbn eTTntGSxnQHt4AGIlxDyAbOCantdbBx1GHjTsXNwyfyNaXZjhr/2bh8XUiGyWR5vsirD p5xkv9YFaVzSKWwphgiwdI6VSSAVf8EJ1oHI2hzLfq+VevPcvjag3/khbAccKKfpE9Li BGSg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1722275628; x=1722880428; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=uj9qOhBpCT9W/nbC5avAHQrsYFSH2V3flkgQB5x2ClI=; b=K94PAnlrpKtG7P0hAuyruXb0eYlkzLF4TllDb77tXde4f6FyMtBGmS2pwob2qMelxr aOsb5i1JYxJhbawMIeec99pQkvIk+/z5Q7DZIOV5/GrpyE4QvoM/vIVy0f4Q1UZalWRx 3cbmds0PmzdC2TSPgd9mwxLA4DM3UlpwxVWhRcUVUxy0curqclC5BoHiWuhrmWZQYVMA 2OG2VMXE8aW1kFGquA2+XJc2d+lkucnF8+JtsEjBSnEj8yuh1VUk/7xRXmFcDYyKAIws bIDHJAcDLxO4sdD+geHf6ofCHXdU/9olkeI1JTXqb0x+mr1RUztyBMIL6y1c/r9GICMD 2MYA== X-Forwarded-Encrypted: i=1; AJvYcCVOuRx4hRnsruHthci30nSWBneXBabBA+/Hsz9FVQj+E13AvPCR/Ri0jQvNL3CFD5cAQQb809rFHhL3+cnowS6QaAJAnB4= X-Gm-Message-State: AOJu0YwYfLZuF62nFSqijMTWv3j6V9Sk++2bhth3gpEPRsPOL0LCwvXB cV3IynlyK1HNiNKICjNLQIXQKwp36GwPNrFjzkViUyolVvxC/IZi8aINCS70Fok= X-Google-Smtp-Source: AGHT+IH/U3ghK7j5ZSCo9FLWyDVR242srP8apgB36GOjYp4ObB9A7U9CXVIw/4THX6x1QyxDNA49OA== X-Received: by 2002:a05:6e02:1523:b0:37a:9ab7:ce34 with SMTP id e9e14a558f8ab-39aec4020cfmr96570275ab.19.1722275628094; Mon, 29 Jul 2024 10:53:48 -0700 (PDT) Received: from debug.ba.rivosinc.com ([64.71.180.162]) by smtp.gmail.com with ESMTPSA id 41be03b00d2f7-7a9f7c71b15sm6303141a12.18.2024.07.29.10.53.47 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 29 Jul 2024 10:53:47 -0700 (PDT) From: Deepak Gupta To: qemu-riscv@nongnu.org, qemu-devel@nongnu.org, jim.shu@sifive.com, andy.chiu@sifive.com, jesse.huang@sifive.com, kito.cheng@sifive.com Cc: palmer@dabbelt.com, Alistair.Francis@wdc.com, laurent@vivier.eu, bmeng.cn@gmail.com, liwei1518@gmail.com, dbarboza@ventanamicro.com, zhiwei_liu@linux.alibaba.com, Deepak Gupta Subject: [PATCH v2 14/24] target/riscv: compressed encodings for sspush and sspopchk Date: Mon, 29 Jul 2024 10:53:16 -0700 Message-ID: <20240729175327.73705-15-debug@rivosinc.com> X-Mailer: git-send-email 2.44.0 In-Reply-To: <20240729175327.73705-1-debug@rivosinc.com> References: <20240729175327.73705-1-debug@rivosinc.com> MIME-Version: 1.0 Received-SPF: pass client-ip=2607:f8b0:4864:20::12f; envelope-from=debug@rivosinc.com; helo=mail-il1-x12f.google.com X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org sspush/sspopchk have compressed encodings carved out of zcmops. compressed sspush is designated as c.mop.1 while compressed sspopchk is designated as c.mop.5. Note that c.sspush x1 exists while c.sspush x5 doesn't. Similarly c.sspopchk x5 exists while c.sspopchk x1 doesn't. Signed-off-by: Deepak Gupta Co-developed-by: Jim Shu Co-developed-by: Andy Chiu --- target/riscv/insn16.decode | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/target/riscv/insn16.decode b/target/riscv/insn16.decode index 3953bcf82d..d9fb74fef6 100644 --- a/target/riscv/insn16.decode +++ b/target/riscv/insn16.decode @@ -69,10 +69,12 @@ # Formats 16: @cr .... ..... ..... .. &r rs2=%rs2_5 rs1=%rd %rd @ci ... . ..... ..... .. &i imm=%imm_ci rs1=%rd %rd +@c_sspop ... . ..... ..... .. &i imm=0 rs1=5 rd=0 @cl_q ... . ..... ..... .. &i imm=%uimm_cl_q rs1=%rs1_3 rd=%rs2_3 @cl_d ... ... ... .. ... .. &i imm=%uimm_cl_d rs1=%rs1_3 rd=%rs2_3 @cl_w ... ... ... .. ... .. &i imm=%uimm_cl_w rs1=%rs1_3 rd=%rs2_3 @cs_2 ... ... ... .. ... .. &r rs2=%rs2_3 rs1=%rs1_3 rd=%rs1_3 +@c_sspush ... ... ... .. ... .. &s imm=0 rs1=0 rs2=1 @cs_q ... ... ... .. ... .. &s imm=%uimm_cl_q rs1=%rs1_3 rs2=%rs2_3 @cs_d ... ... ... .. ... .. &s imm=%uimm_cl_d rs1=%rs1_3 rs2=%rs2_3 @cs_w ... ... ... .. ... .. &s imm=%uimm_cl_w rs1=%rs1_3 rs2=%rs2_3 @@ -140,6 +142,8 @@ sw 110 ... ... .. ... 00 @cs_w addi 000 . ..... ..... 01 @ci addi 010 . ..... ..... 01 @c_li { + sspush 011 0 00001 00000 01 @c_sspush # c.sspush x1 carving out of zcmops + sspopchk 011 0 00101 00000 01 @c_sspop # c.sspopchk x5 carving out of zcmops c_mop_n 011 0 0 n:3 1 00000 01 illegal 011 0 ----- 00000 01 # c.addi16sp and c.lui, RES nzimm=0 addi 011 . 00010 ..... 01 @c_addi16sp From patchwork Mon Jul 29 17:53:17 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Deepak Gupta X-Patchwork-Id: 1966165 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=rivosinc-com.20230601.gappssmtp.com header.i=@rivosinc-com.20230601.gappssmtp.com header.a=rsa-sha256 header.s=20230601 header.b=yz6WupQk; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=nongnu.org (client-ip=209.51.188.17; helo=lists.gnu.org; envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org; receiver=patchwork.ozlabs.org) Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4WXmJZ01gXz1ybX for ; Tue, 30 Jul 2024 03:56:45 +1000 (AEST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1sYUZM-0005sf-7G; Mon, 29 Jul 2024 13:54:00 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sYUZF-0005Sj-QD for qemu-devel@nongnu.org; Mon, 29 Jul 2024 13:53:57 -0400 Received: from mail-oa1-x34.google.com ([2001:4860:4864:20::34]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1sYUZD-0000MI-Fn for qemu-devel@nongnu.org; Mon, 29 Jul 2024 13:53:53 -0400 Received: by mail-oa1-x34.google.com with SMTP id 586e51a60fabf-25e397c51b2so2436334fac.3 for ; Mon, 29 Jul 2024 10:53:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rivosinc-com.20230601.gappssmtp.com; s=20230601; t=1722275629; x=1722880429; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=TEfM6wszBxNOPAb1bi7YlYVEQlyhfpgNlHnmktCCwL8=; b=yz6WupQkwDlFD8EWKlRuPqiXWkG6VkRWtbJOsfqcblGlNbalWreMHSF60+G/cq7IGU QCuWikFJTgWkkM98sgA6WXlCROAoNUXC6sFhgs0XolSlwNrsWlQw0I9aCLj+j6qBJ2BQ 0jZ2VAieAGp00bBw5kc068KN6kb+9ULeFwwda5cD3e1Niy2Ym8fSiu8Igd8JoyuHQPWW hPG9Yzj8pOn88FBNuOIEuGNPNjB0isBIIOW4uZ4Fney4oYu9JHDhrkW86UCUdHy+DKmZ dCa1XHhj/W+a6XRN0yZrhxdwHcy67JHfpVf0SQ9ZpRL/nmxJl0kQq+qBLeDTvzxAQJul Sggw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1722275629; x=1722880429; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=TEfM6wszBxNOPAb1bi7YlYVEQlyhfpgNlHnmktCCwL8=; b=K5HtTP+Mn5x4CrA8Iahhh6MopWWEJQ/Y1PYBUCGOUNN0QIhXaZ1EJkUUrJ4S7qCw9R q1vA354lmOW+6MvWBbCS5sR6I/5DspbcPIuuqup7ovvTAGVPH4eEc53gkbGZ/+AQxnXW XIwMEf7bEV4W6FLyzxUsptw7l8hOsXxZNa9q2xDwrF7ZW1mC4fqGDWBj6suMnXJqPm8U DcA0UxclJZJC24pgdX1NsiUkoIka0JEqk5u2Ajfuoo2/ezTw99x5rCSgUlNLYfoP+5NL 2cLeCwadBrKCzNeU65lVD/URI4dj0eypcORkOcAYi1BBQQiTisAnpg39kxVv5e1klZGN nLMg== X-Forwarded-Encrypted: i=1; AJvYcCWv4dhTofuAXVxsygdAFKl/jhbHQ+Lr+eYwKYZQ1e1qvMOOUb7Flyp2XXeCYCrv87DNQxpM6Y7Q41ooC4hoNBwYqFTJmbc= X-Gm-Message-State: AOJu0Ywtsatt4jPQkw9w55kGbhaIZj6B29WFrEx4hKY47inyiAllruHs e3uiLwd/exzHzAsc/vi6EFHHUF9jHe973qdqCD8jWEvd8UZsqbY59TUnw7uX9Lw= X-Google-Smtp-Source: AGHT+IEK66sr2CO2D8t3mFv/s9pI0FtrJLP8drLOKOAsSvwBW4+O9nQJqnhfa0y2KL3wRG4TQ6TJMQ== X-Received: by 2002:a05:6870:71c7:b0:260:f50e:923e with SMTP id 586e51a60fabf-267d4f1dfa7mr8623685fac.37.1722275629471; Mon, 29 Jul 2024 10:53:49 -0700 (PDT) Received: from debug.ba.rivosinc.com ([64.71.180.162]) by smtp.gmail.com with ESMTPSA id 41be03b00d2f7-7a9f7c71b15sm6303141a12.18.2024.07.29.10.53.48 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 29 Jul 2024 10:53:48 -0700 (PDT) From: Deepak Gupta To: qemu-riscv@nongnu.org, qemu-devel@nongnu.org, jim.shu@sifive.com, andy.chiu@sifive.com, jesse.huang@sifive.com, kito.cheng@sifive.com Cc: palmer@dabbelt.com, Alistair.Francis@wdc.com, laurent@vivier.eu, bmeng.cn@gmail.com, liwei1518@gmail.com, dbarboza@ventanamicro.com, zhiwei_liu@linux.alibaba.com, Deepak Gupta Subject: [PATCH v2 15/24] target/riscv: mmu changes for zicfiss shadow stack protection Date: Mon, 29 Jul 2024 10:53:17 -0700 Message-ID: <20240729175327.73705-16-debug@rivosinc.com> X-Mailer: git-send-email 2.44.0 In-Reply-To: <20240729175327.73705-1-debug@rivosinc.com> References: <20240729175327.73705-1-debug@rivosinc.com> MIME-Version: 1.0 Received-SPF: pass client-ip=2001:4860:4864:20::34; envelope-from=debug@rivosinc.com; helo=mail-oa1-x34.google.com X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org zicfiss protects shadow stack using new page table encodings PTE.W=0, PTE.R=0 and PTE.X=0. This encoding is reserved if zicfiss is not implemented or if shadow stack are not enabled. Loads on shadow stack memory are allowed while stores to shadow stack memory leads to access faults. Shadow stack accesses to RO memory leads to store page fault. To implement special nature of shadow stack memory where only selected stores (shadow stack stores from sspush) have to be allowed while rest of regular stores disallowed, new MMU TLB index is created for shadow stack. Signed-off-by: Deepak Gupta --- target/riscv/cpu_helper.c | 61 +++++++++++++++++++++++++++++++++++++-- target/riscv/internals.h | 3 ++ 2 files changed, 62 insertions(+), 2 deletions(-) diff --git a/target/riscv/cpu_helper.c b/target/riscv/cpu_helper.c index ce68f5af72..7942587a56 100644 --- a/target/riscv/cpu_helper.c +++ b/target/riscv/cpu_helper.c @@ -819,6 +819,18 @@ void riscv_cpu_set_mode(CPURISCVState *env, target_ulong newpriv) env->load_res = -1; } +static bool legal_sstack_access(int access_type, bool sstack_inst, + bool sstack_attribute) +{ + /* + * Read/write/execution permissions are checked as usual. Shadow + * stack enforcement is just that (1) instruction type must match + * the attribute unless (2) a non-SS load to an SS region. + */ + return (sstack_inst == sstack_attribute) || + ((access_type == MMU_DATA_LOAD) && sstack_attribute); +} + /* * get_physical_address_pmp - check PMP permission for this physical address * @@ -896,6 +908,8 @@ static int get_physical_address(CPURISCVState *env, hwaddr *physical, hwaddr ppn; int napot_bits = 0; target_ulong napot_mask; + bool is_sstack_insn = ((mmu_idx & MMU_IDX_SS_ACCESS) == MMU_IDX_SS_ACCESS); + bool sstack_page = false; /* * Check if we should use the background registers for the two @@ -1104,15 +1118,45 @@ restart: return TRANSLATE_FAIL; } + /* + * When backward CFI is enabled, the R=0, W=1, X=0 reserved encoding + * is used to mark Shadow Stack (SS) pages. If back CFI enabled, allow + * normal loads on SS pages, regular stores raise store access fault + * and avoid hitting the reserved-encoding case. Only shadow stack + * stores are allowed on SS pages. Shadow stack loads and stores on + * regular memory (non-SS) raise load and store/AMO access fault. + * Second stage translations don't participate in Shadow Stack. + */ + sstack_page = (cpu_get_bcfien(env) && first_stage && + ((pte & (PTE_R | PTE_W | PTE_X)) == PTE_W)); + /* Check for reserved combinations of RWX flags. */ switch (pte & (PTE_R | PTE_W | PTE_X)) { - case PTE_W: case PTE_W | PTE_X: + case PTE_W: + if (sstack_page) { /* if shadow stack page, PTE_W is not reserved */ + break; + } return TRANSLATE_FAIL; } + /* Illegal combo of instruction type and page attribute */ + if (!legal_sstack_access(access_type, is_sstack_insn, + sstack_page)) { + /* shadow stack instruction and RO page then it's a page fault */ + if (is_sstack_insn && ((pte & (PTE_R | PTE_W | PTE_X)) == PTE_R)) { + return TRANSLATE_FAIL; + } + /* In all other cases it's an access fault, so raise PMP_FAIL */ + return TRANSLATE_PMP_FAIL; + } + int prot = 0; - if (pte & PTE_R) { + /* + * If PTE has read bit in it or it's shadow stack page, + * then reads allowed + */ + if ((pte & PTE_R) || sstack_page) { prot |= PAGE_READ; } if (pte & PTE_W) { @@ -1350,9 +1394,17 @@ void riscv_cpu_do_unaligned_access(CPUState *cs, vaddr addr, break; case MMU_DATA_LOAD: cs->exception_index = RISCV_EXCP_LOAD_ADDR_MIS; + /* shadow stack mis aligned accesses are access faults */ + if (mmu_idx & MMU_IDX_SS_ACCESS) { + cs->exception_index = RISCV_EXCP_LOAD_ACCESS_FAULT; + } break; case MMU_DATA_STORE: cs->exception_index = RISCV_EXCP_STORE_AMO_ADDR_MIS; + /* shadow stack mis aligned accesses are access faults */ + if (mmu_idx & MMU_IDX_SS_ACCESS) { + cs->exception_index = RISCV_EXCP_STORE_AMO_ACCESS_FAULT; + } break; default: g_assert_not_reached(); @@ -1408,6 +1460,11 @@ bool riscv_cpu_tlb_fill(CPUState *cs, vaddr address, int size, qemu_log_mask(CPU_LOG_MMU, "%s ad %" VADDR_PRIx " rw %d mmu_idx %d\n", __func__, address, access_type, mmu_idx); + /* If shadow stack instruction initiated this access, treat it as store */ + if (mmu_idx & MMU_IDX_SS_ACCESS) { + access_type = MMU_DATA_STORE; + } + pmu_tlb_fill_incr_ctr(cpu, access_type); if (two_stage_lookup) { /* Two stage lookup */ diff --git a/target/riscv/internals.h b/target/riscv/internals.h index 0ac17bc5ad..dad0657c80 100644 --- a/target/riscv/internals.h +++ b/target/riscv/internals.h @@ -30,12 +30,15 @@ * - U+2STAGE 0b100 * - S+2STAGE 0b101 * - S+SUM+2STAGE 0b110 + * - Shadow stack+U 0b1000 + * - Shadow stack+S 0b1001 */ #define MMUIdx_U 0 #define MMUIdx_S 1 #define MMUIdx_S_SUM 2 #define MMUIdx_M 3 #define MMU_2STAGE_BIT (1 << 2) +#define MMU_IDX_SS_ACCESS (1 << 3) static inline int mmuidx_priv(int mmu_idx) { From patchwork Mon Jul 29 17:53:18 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Deepak Gupta X-Patchwork-Id: 1966163 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=rivosinc-com.20230601.gappssmtp.com header.i=@rivosinc-com.20230601.gappssmtp.com header.a=rsa-sha256 header.s=20230601 header.b=DJf/Kt7X; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=nongnu.org (client-ip=209.51.188.17; helo=lists.gnu.org; envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org; receiver=patchwork.ozlabs.org) Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4WXmGr1MH9z1ybX for ; Tue, 30 Jul 2024 03:55:16 +1000 (AEST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1sYUZT-0006am-Pa; Mon, 29 Jul 2024 13:54:07 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sYUZK-0005iH-3R for qemu-devel@nongnu.org; Mon, 29 Jul 2024 13:53:58 -0400 Received: from mail-pf1-x42e.google.com ([2607:f8b0:4864:20::42e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1sYUZF-0000MX-GN for qemu-devel@nongnu.org; Mon, 29 Jul 2024 13:53:55 -0400 Received: by mail-pf1-x42e.google.com with SMTP id d2e1a72fcca58-70d2b27c115so2804627b3a.2 for ; Mon, 29 Jul 2024 10:53:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rivosinc-com.20230601.gappssmtp.com; s=20230601; t=1722275631; x=1722880431; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=j0j0hUcpmAEL4SMuZB0D+6b4sLvIuahvRYG7mAVrPJM=; b=DJf/Kt7XZ5T5V9NzNePKFJKAqIqC7Bu9c3pzsr6oGDh5NL3hnlExvpLo2vbJ/xjgVm DOO7GCgyooAVk43BWV4Zk8oPsYAh7tied3JJAT0Q/nTGYWB2M0eY6zmVxI1+tuoRAXFS S+8nZ714xRVx2BBdrsyeYAK9Or6X0sUQpESIWpbUi2be7hRa7/uYxU6VuLzkDb+p1d4I NDrx/WcdODSFbs3Nt1bsGcmQY2N7deQaKuaRMRcOV9jsFZSyh8CNy5ILSxUAn9ikN8pQ P3TP/9bqBErSfTcp9/8cH8UpvIgm4fLli6SHmnzlDGyiaX5oh+lrKgjZXEeTJQDTWZbd +adw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1722275631; x=1722880431; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=j0j0hUcpmAEL4SMuZB0D+6b4sLvIuahvRYG7mAVrPJM=; b=qpUHaDv3watn/5VUvEQpwwusJWFqirgVbYfFAxa7UwtY9ypHT5pG0lgFF3N09hciqB T0JlR9YlSO5xUoiLBZRb+BP/iNssXz2s3h+VPTtlx6j5yw7ht+WCH78C34c+O2Sk4lpH Lh7fpAQp6yQqGHYVLiONcqpcN6vr+kyEg7KJrpvMYWveqLoo/vrMXDKkEDI5jM+SYNpr PPDrm9M/mEk/aatfgpbyCZi2vWdMMo+E+ZD1W1Dh/+LbDFqQ09fIa8SBcSogwSniPdGP G2StKQtXGRIbDdodN0RMUTp1kjFoyNN5AIx9Jy6ZS7OH9i5VirhBSUDpJWlBImZTr3yb Hi4g== X-Forwarded-Encrypted: i=1; AJvYcCVMJHNXCYtaaIB0ZmQdeETMo/SkTe0JpTWh12tkKk0jZ/r0uOEC2Z/UU2Ye+YT3Kdls8d/OdjL0oMIheo1+U5QBuUoerlw= X-Gm-Message-State: AOJu0Yw/+fo8e20VKq0fXyWK+efYFJw5iyM0LjcrUyD0a5vHjywjDzql Spa4TN966eF7r7iqXSyTN7x6N04pYbmt+5CMOctnJhKnIJnologyW3IZHt4Psb4= X-Google-Smtp-Source: AGHT+IEvGc8T9JROztJKuD9M/RaY8RkvfyNt0AAn7xgRCX7XbKebDySXoG1psOd7clCUbATozjjuAQ== X-Received: by 2002:a05:6a20:a110:b0:1c4:5361:b72e with SMTP id adf61e73a8af0-1c4a13a37b7mr10504788637.35.1722275630744; Mon, 29 Jul 2024 10:53:50 -0700 (PDT) Received: from debug.ba.rivosinc.com ([64.71.180.162]) by smtp.gmail.com with ESMTPSA id 41be03b00d2f7-7a9f7c71b15sm6303141a12.18.2024.07.29.10.53.49 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 29 Jul 2024 10:53:50 -0700 (PDT) From: Deepak Gupta To: qemu-riscv@nongnu.org, qemu-devel@nongnu.org, jim.shu@sifive.com, andy.chiu@sifive.com, jesse.huang@sifive.com, kito.cheng@sifive.com Cc: palmer@dabbelt.com, Alistair.Francis@wdc.com, laurent@vivier.eu, bmeng.cn@gmail.com, liwei1518@gmail.com, dbarboza@ventanamicro.com, zhiwei_liu@linux.alibaba.com, Deepak Gupta Subject: [PATCH v2 16/24] target/riscv: shadow stack mmu index for shadow stack instructions Date: Mon, 29 Jul 2024 10:53:18 -0700 Message-ID: <20240729175327.73705-17-debug@rivosinc.com> X-Mailer: git-send-email 2.44.0 In-Reply-To: <20240729175327.73705-1-debug@rivosinc.com> References: <20240729175327.73705-1-debug@rivosinc.com> MIME-Version: 1.0 Received-SPF: pass client-ip=2607:f8b0:4864:20::42e; envelope-from=debug@rivosinc.com; helo=mail-pf1-x42e.google.com X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Shadow stack instructions shadow stack mmu index for load/stores. `MMU_IDX_SS_ACCESS` at bit positon 3 is used as shadow stack index. Shadow stack mmu index depend on privilege and SUM bit. If shadow stack accesses happening in user mode, shadow stack mmu index = 0b1000. If shaodw stack access happening in supervisor mode mmu index = 0b1001. If shadow stack access happening in supervisor mode with SUM=1 then mmu index = 0b1010 Signed-off-by: Deepak Gupta --- target/riscv/cpu.h | 13 ++++++++++ target/riscv/cpu_helper.c | 3 +++ target/riscv/insn_trans/trans_rva.c.inc | 8 ++++++ target/riscv/insn_trans/trans_rvzicfiss.c.inc | 6 +++++ target/riscv/internals.h | 1 + target/riscv/translate.c | 25 +++++++++++++++++++ 6 files changed, 56 insertions(+) diff --git a/target/riscv/cpu.h b/target/riscv/cpu.h index 0e0a9d2be1..82475490ab 100644 --- a/target/riscv/cpu.h +++ b/target/riscv/cpu.h @@ -614,6 +614,19 @@ FIELD(TB_FLAGS, AXL, 26, 2) FIELD(TB_FLAGS, FCFI_LP_EXPECTED, 28, 1) /* zicfiss needs a TB flag so that correct TB is located based on tb flags */ FIELD(TB_FLAGS, BCFI_ENABLED, 29, 1) +/* + * zicfiss shadow stack is special memory on which regular stores aren't + * allowed but shadow stack stores are allowed. Shadow stack stores can + * happen as `sspush` or `ssamoswap` instructions. `sspush` implicitly + * takes shadow stack address from CSR_SSP. But `ssamoswap` takes address + * from encoded input register and it will be used by supervisor software + * to access (read/write) user shadow stack for setting up rt_frame during + * signal delivery. Supervisor software will do so by setting SUM=1. Thus + * a TB flag is needed if SUM was 1 during TB generation to correctly + * reflect memory permissions to access shadow stack user memory from + * supervisor mode. + */ +FIELD(TB_FLAGS, SUM, 30, 1) #ifdef TARGET_RISCV32 #define riscv_cpu_mxl(env) ((void)(env), MXL_RV32) diff --git a/target/riscv/cpu_helper.c b/target/riscv/cpu_helper.c index 7942587a56..b2bb1e4293 100644 --- a/target/riscv/cpu_helper.c +++ b/target/riscv/cpu_helper.c @@ -180,6 +180,9 @@ void cpu_get_tb_cpu_state(CPURISCVState *env, vaddr *pc, fs = EXT_STATUS_DIRTY; vs = EXT_STATUS_DIRTY; #else + flags = FIELD_DP32(flags, TB_FLAGS, SUM, + ((env->mstatus & MSTATUS_SUM) == MSTATUS_SUM)); + flags = FIELD_DP32(flags, TB_FLAGS, PRIV, env->priv); flags |= riscv_env_mmu_index(env, 0); diff --git a/target/riscv/insn_trans/trans_rva.c.inc b/target/riscv/insn_trans/trans_rva.c.inc index db6c03f6a8..68b71339a3 100644 --- a/target/riscv/insn_trans/trans_rva.c.inc +++ b/target/riscv/insn_trans/trans_rva.c.inc @@ -132,6 +132,10 @@ static bool trans_ssamoswap_w(DisasContext *ctx, arg_amoswap_w *a) decode_save_opc(ctx); src1 = get_address(ctx, a->rs1, 0); +#ifndef CONFIG_USER_ONLY + /* Shadow stack access and thus index is SS TLB index */ + ss_mmu_idx = get_ss_index(ctx); +#endif tcg_gen_atomic_xchg_tl(dest, src1, src2, ss_mmu_idx, (MO_ALIGN | MO_TESL)); gen_set_gpr(ctx, a->rd, dest); @@ -224,6 +228,10 @@ static bool trans_ssamoswap_d(DisasContext *ctx, arg_amoswap_w *a) decode_save_opc(ctx); src1 = get_address(ctx, a->rs1, 0); +#ifndef CONFIG_USER_ONLY + /* Shadow stack access and thus index is SS TLB index */ + ss_mmu_idx = get_ss_index(ctx); +#endif tcg_gen_atomic_xchg_tl(dest, src1, src2, ss_mmu_idx, (MO_ALIGN | MO_TESQ)); gen_set_gpr(ctx, a->rd, dest); diff --git a/target/riscv/insn_trans/trans_rvzicfiss.c.inc b/target/riscv/insn_trans/trans_rvzicfiss.c.inc index bac65d4166..9c3c872f59 100644 --- a/target/riscv/insn_trans/trans_rvzicfiss.c.inc +++ b/target/riscv/insn_trans/trans_rvzicfiss.c.inc @@ -69,6 +69,9 @@ static bool trans_sspopchk(DisasContext *ctx, arg_sspopchk *a) TCGv_i32 ssp_csr = tcg_constant_i32(CSR_SSP); TCGv data = tcg_temp_new(); gen_helper_csrr(addr, tcg_env, ssp_csr); +#ifndef CONFIG_USER_ONLY + ss_mmu_idx = get_ss_index(ctx); +#endif tcg_gen_qemu_ld_tl(data, addr, ss_mmu_idx, mxl_memop(ctx) | MO_ALIGN); @@ -118,6 +121,9 @@ static bool trans_sspush(DisasContext *ctx, arg_sspush *a) TCGv_i32 ssp_csr = tcg_constant_i32(CSR_SSP); TCGv data = get_gpr(ctx, a->rs2, EXT_NONE); gen_helper_csrr(addr, tcg_env, ssp_csr); +#ifndef CONFIG_USER_ONLY + ss_mmu_idx = get_ss_index(ctx); +#endif tcg_gen_addi_tl(addr, addr, tmp); diff --git a/target/riscv/internals.h b/target/riscv/internals.h index dad0657c80..5147d6bf90 100644 --- a/target/riscv/internals.h +++ b/target/riscv/internals.h @@ -32,6 +32,7 @@ * - S+SUM+2STAGE 0b110 * - Shadow stack+U 0b1000 * - Shadow stack+S 0b1001 + * - Shadow stack+SUM 0b1010 */ #define MMUIdx_U 0 #define MMUIdx_S 1 diff --git a/target/riscv/translate.c b/target/riscv/translate.c index 9152a963ee..ad0f841807 100644 --- a/target/riscv/translate.c +++ b/target/riscv/translate.c @@ -123,6 +123,8 @@ typedef struct DisasContext { bool fcfi_lp_expected; /* zicfiss extension, if shadow stack was enabled during TB gen */ bool bcfi_enabled; + /* SUM was on during tb translation? */ + bool sum; } DisasContext; static inline bool has_ext(DisasContext *ctx, uint32_t ext) @@ -1128,6 +1130,29 @@ static uint32_t opcode_at(DisasContextBase *dcbase, target_ulong pc) return translator_ldl(env, &ctx->base, pc); } +#ifndef CONFIG_USER_ONLY +static unsigned int get_ss_index(DisasContext *ctx) +{ + int ss_mmu_idx = MMU_IDX_SS_ACCESS; + + /* + * If priv mode is S then a separate index for supervisor + * shadow stack accesses + */ + if (ctx->priv == PRV_S) { + ss_mmu_idx |= MMUIdx_S; + } + + /* If SUM was set, SS index should have S cleared */ + if (ctx->sum) { + ss_mmu_idx &= ~(MMUIdx_S); + ss_mmu_idx |= MMUIdx_S_SUM; + } + + return ss_mmu_idx; +} +#endif + /* Include insn module translation function */ #include "insn_trans/trans_rvi.c.inc" #include "insn_trans/trans_rvm.c.inc" From patchwork Mon Jul 29 17:53:19 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Deepak Gupta X-Patchwork-Id: 1966157 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=rivosinc-com.20230601.gappssmtp.com header.i=@rivosinc-com.20230601.gappssmtp.com header.a=rsa-sha256 header.s=20230601 header.b=HCGbyKxE; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=nongnu.org (client-ip=209.51.188.17; helo=lists.gnu.org; envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org; receiver=patchwork.ozlabs.org) Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4WXmFw4lCwz1yf4 for ; Tue, 30 Jul 2024 03:54:28 +1000 (AEST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1sYUZQ-0006Kx-TJ; Mon, 29 Jul 2024 13:54:04 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sYUZK-0005iG-3e for qemu-devel@nongnu.org; Mon, 29 Jul 2024 13:53:58 -0400 Received: from mail-pf1-x430.google.com ([2607:f8b0:4864:20::430]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1sYUZF-0000Mw-HL for qemu-devel@nongnu.org; Mon, 29 Jul 2024 13:53:56 -0400 Received: by mail-pf1-x430.google.com with SMTP id d2e1a72fcca58-70d2b921c48so2645446b3a.1 for ; Mon, 29 Jul 2024 10:53:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rivosinc-com.20230601.gappssmtp.com; s=20230601; t=1722275632; x=1722880432; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=266neMCz6T2Ay7h8fQ0tNZU+3Glrf37EuuzFIpKJGMw=; b=HCGbyKxE9FFEQvNdzpFPKAE88ncFNl/LNfTsO3kK41dYG36nXbscHLrJN5pc88DVZ4 dP6K5Ffd+1kiNmWMb5HmueL3rslkbXpRz/d0Xjjr2ZIGzFraVztU3E0ruSUCaqaheZNB bOKg2yjjHHybXSAwGJZco8CWFIy16W0pYn3QLF3KkjGM0bUd37UhseC920eetN8eU92z V83vr+1V+H42iWF3NJz6mibrmN4ZMv7zA8ik50KznbhQ4G6n3+1KpUHyF5XEhq3w+Bhc IMkPYFBKO66G6s1rPrSZXv5t5PWIgSym0lgVoJKSpvY2NjjNzpkv2uqrAlGfGP4dFCRF Y0FQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1722275632; x=1722880432; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=266neMCz6T2Ay7h8fQ0tNZU+3Glrf37EuuzFIpKJGMw=; b=PxnVfs95QhXm/XzWI318tgfe/Oqu0uauuDkR3mhniJ1qMmUFrn8qAv6wfJMRPTuAb8 jw5j5Ja5ksKEBZHTLgsc0VkTqyIL4RyFp8aHeV+SSWU4U4PfthwVHeZGAgpWOJ94NvUj d5/ILivwnBdJiUZ3QbWGp5gX/cqH7/1SqZlhsSGsFDRPt61Xujz4aW63I6Tz83XOABoN xphGrDvRJZGR91Gw+LVweLpehBhsRg8bYdwe7iVqqQMqrzPWmsgL8jRwvdSefnnksBGg VW0WnLe2lQOfbuISgEBs7y4uSE0mSQyXv63L8teCaF5z5Gxq+HksRjWkqlg3IAIrQLNx 81Ug== X-Forwarded-Encrypted: i=1; AJvYcCVf/pszmgSUthPS+lW8rHM2sK3TdvymkkMe6+hi5HWjFSFsNIpkqhhi2y/y4GVQCsiXGo4fp4V0i9CLgDQ7gyhvmvQtEDw= X-Gm-Message-State: AOJu0YzdT1z6S7Kbu05XYUtnAHbpgUFY1ZVBYnXvn+DQT2v3v7vuShpy tbfOcuC2Tzb4iTFTMwF4a8lsN1O4WTiCTgr5JrSdfEkyOBsrKfsZrWLsJABvr40= X-Google-Smtp-Source: AGHT+IFx72l730eObtC5wCFPHMYisC4e3PrRHeYk+dbkU8nvDbg3ayBrCCXHMzd7PJVRE2cWHKZqzw== X-Received: by 2002:a05:6a20:3d89:b0:1c4:8824:24cb with SMTP id adf61e73a8af0-1c4a129cc6dmr7385290637.12.1722275631920; Mon, 29 Jul 2024 10:53:51 -0700 (PDT) Received: from debug.ba.rivosinc.com ([64.71.180.162]) by smtp.gmail.com with ESMTPSA id 41be03b00d2f7-7a9f7c71b15sm6303141a12.18.2024.07.29.10.53.50 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 29 Jul 2024 10:53:51 -0700 (PDT) From: Deepak Gupta To: qemu-riscv@nongnu.org, qemu-devel@nongnu.org, jim.shu@sifive.com, andy.chiu@sifive.com, jesse.huang@sifive.com, kito.cheng@sifive.com Cc: palmer@dabbelt.com, Alistair.Francis@wdc.com, laurent@vivier.eu, bmeng.cn@gmail.com, liwei1518@gmail.com, dbarboza@ventanamicro.com, zhiwei_liu@linux.alibaba.com, Deepak Gupta Subject: [PATCH v2 17/24] linux-user/syscall: introduce prctl for shadow stack enable/disable Date: Mon, 29 Jul 2024 10:53:19 -0700 Message-ID: <20240729175327.73705-18-debug@rivosinc.com> X-Mailer: git-send-email 2.44.0 In-Reply-To: <20240729175327.73705-1-debug@rivosinc.com> References: <20240729175327.73705-1-debug@rivosinc.com> MIME-Version: 1.0 Received-SPF: pass client-ip=2607:f8b0:4864:20::430; envelope-from=debug@rivosinc.com; helo=mail-pf1-x430.google.com X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Each application enables shadow stack for itself via prctl. Using prctl codes as proposed in riscv cfi patches on kernel mailing list [1] [1] - https://lore.kernel.org/all/20240403234054.2020347-1-debug@rivosinc.com/ Signed-off-by: Deepak Gupta Co-developed-by: Jim Shu Co-developed-by: Andy Chiu Co-developed-by: Jesse Huang --- linux-user/syscall.c | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/linux-user/syscall.c b/linux-user/syscall.c index ec157c1088..f879be7cfe 100644 --- a/linux-user/syscall.c +++ b/linux-user/syscall.c @@ -6295,6 +6295,18 @@ abi_long do_arch_prctl(CPUX86State *env, int code, abi_ulong addr) # define PR_SME_VL_INHERIT (1 << 17) #endif +#ifndef PR_GET_SHADOW_STACK_STATUS +# define PR_GET_SHADOW_STACK_STATUS 71 +#endif +#ifndef PR_SET_SHADOW_STACK_STATUS +# define PR_SET_SHADOW_STACK_STATUS 72 +# define PR_SHADOW_STACK_ENABLE (1UL << 0) +# define PR_SHADOW_STACK_WRITE (1UL << 1) +# define PR_SHADOW_STACK_PUSH (1UL << 2) +#endif +#ifndef PR_LOCK_SHADOW_STACK_STATUS +# define PR_LOCK_SHADOW_STACK_STATUS 73 +#endif #ifndef PR_GET_INDIR_BR_LP_STATUS # define PR_GET_INDIR_BR_LP_STATUS 74 #endif @@ -6488,6 +6500,9 @@ static abi_long do_prctl(CPUArchState *env, abi_long option, abi_long arg2, case PR_SET_TSC: /* Disable to prevent the target disabling stuff we need. */ return -TARGET_EINVAL; + case PR_GET_SHADOW_STACK_STATUS: + case PR_SET_SHADOW_STACK_STATUS: + case PR_LOCK_SHADOW_STACK_STATUS: case PR_GET_INDIR_BR_LP_STATUS: case PR_SET_INDIR_BR_LP_STATUS: case PR_LOCK_INDIR_BR_LP_STATUS: From patchwork Mon Jul 29 17:53:20 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Deepak Gupta X-Patchwork-Id: 1966160 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=rivosinc-com.20230601.gappssmtp.com header.i=@rivosinc-com.20230601.gappssmtp.com header.a=rsa-sha256 header.s=20230601 header.b=VeW08BU0; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=nongnu.org (client-ip=209.51.188.17; helo=lists.gnu.org; envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org; receiver=patchwork.ozlabs.org) Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4WXmGD1q0Sz1yf4 for ; Tue, 30 Jul 2024 03:54:44 +1000 (AEST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1sYUZS-0006T1-2M; Mon, 29 Jul 2024 13:54:06 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sYUZK-0005j5-A6 for qemu-devel@nongnu.org; Mon, 29 Jul 2024 13:53:58 -0400 Received: from mail-pg1-x52c.google.com ([2607:f8b0:4864:20::52c]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1sYUZG-0000NM-Lk for qemu-devel@nongnu.org; Mon, 29 Jul 2024 13:53:57 -0400 Received: by mail-pg1-x52c.google.com with SMTP id 41be03b00d2f7-79b530ba612so2113827a12.2 for ; Mon, 29 Jul 2024 10:53:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rivosinc-com.20230601.gappssmtp.com; s=20230601; t=1722275633; x=1722880433; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=U1RafRXULaoeGB+gXsUlffAxqhChP6/g1AGQdC0LRV0=; b=VeW08BU0rSCYZA3pfdYzVyrERPsXZgIi/yGIi0EVh914s9m9nuBkjuFRYViaYQ8wzG 26qmnYgUw0UsEFHwukRjkfmUkj9n25NX5ju5/SW3KYu12aqdD5xVW75zJWwXkfeV5hNZ oR/Kejzhxxl0iZjiXN/vqwoT7Xj1beIeUNrjs0ZBPSlUVDo24WBmL5eP8TdEvHEnViyh vp6aeS94bZEYvXiNRNFQATF73jRKPbPuThaw+Ee6OnvbL7idVQCwznAJEgugf3eRwiKs RjMHsw1V6TSpcozwGMOeNOVIjvptu/pMGa7grM3ASWZEZnFesiajmaWUR++z6imuPxHo +Ivg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1722275633; x=1722880433; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=U1RafRXULaoeGB+gXsUlffAxqhChP6/g1AGQdC0LRV0=; b=CLytI0oTzgbOvGRLIQBxxD3bb1x6jCzTP69yX2jquJkGtd7tMXSaO2EZZ3O/HWDf9v 8LRoomlacONVnIECOSHRJqy/fyAH1qAoScEq4jXV+E3V//DJ+bjS7g5G8adcNG8zMaKE yCsUM0yG1k4jSo+WD+Tms1WJ1H7razw8krRVZ6v3yh1xuio8tG4x4JfsyM39ouc5J104 624QFUZmjQ7PaT4jbTpkV5xVmwTa1Ki6412Ty25rVE1bB+rNAu6b+AbqITG2u6EnkEfq 1n07aGUfk+Ce7ut2k7FfYffmjGQAs3CqWAQKEQLNk5RT8F743XuG7zwEOdKSWlJp5JXj 6ocA== X-Forwarded-Encrypted: i=1; AJvYcCWC248Nu6YtxwsxteWz1KgNglTQnbIrkSArqgKc2ZtmAsDnvKWeC+VWmVEtLmFGW5TfFmLQN/fxvtvdBGgYDd+omLYfpqo= X-Gm-Message-State: AOJu0YwKSPqHNXSw8oIWSSx+EL0G/ar1M/d8xJTiY/8Wgz6DfhLV3FSp BJ0bbldpkLR3olKcBPUaVXCLhM6/EYqavz5eMAA0L632VgfWRLQPl4LzpaOaF5o= X-Google-Smtp-Source: AGHT+IFKApTowdoUj4RwBAGn3nRPUoNa370cveOMxEpQH7lRLOFQGBkMayj4Co2eW0xB5Oqn4ly0Bg== X-Received: by 2002:a05:6a20:8421:b0:1c0:f648:855f with SMTP id adf61e73a8af0-1c4a129fe88mr7352486637.18.1722275633098; Mon, 29 Jul 2024 10:53:53 -0700 (PDT) Received: from debug.ba.rivosinc.com ([64.71.180.162]) by smtp.gmail.com with ESMTPSA id 41be03b00d2f7-7a9f7c71b15sm6303141a12.18.2024.07.29.10.53.52 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 29 Jul 2024 10:53:52 -0700 (PDT) From: Deepak Gupta To: qemu-riscv@nongnu.org, qemu-devel@nongnu.org, jim.shu@sifive.com, andy.chiu@sifive.com, jesse.huang@sifive.com, kito.cheng@sifive.com Cc: palmer@dabbelt.com, Alistair.Francis@wdc.com, laurent@vivier.eu, bmeng.cn@gmail.com, liwei1518@gmail.com, dbarboza@ventanamicro.com, zhiwei_liu@linux.alibaba.com, Deepak Gupta Subject: [PATCH v2 18/24] linux-user/riscv: setup/teardown zicfiss shadow stack for qemu-user Date: Mon, 29 Jul 2024 10:53:20 -0700 Message-ID: <20240729175327.73705-19-debug@rivosinc.com> X-Mailer: git-send-email 2.44.0 In-Reply-To: <20240729175327.73705-1-debug@rivosinc.com> References: <20240729175327.73705-1-debug@rivosinc.com> MIME-Version: 1.0 Received-SPF: pass client-ip=2607:f8b0:4864:20::52c; envelope-from=debug@rivosinc.com; helo=mail-pg1-x52c.google.com X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Implements shadow stack related prctls for qemu-user on riscv. Allocates shadow stack from host memory using `target_mmap` and tears down when user issues prctl to disable using `target_munmap`. Signed-off-by: Deepak Gupta Co-developed-by: Jesse Huang Co-developed-by: Jim Shu Co-developed-by: Andy Chiu --- linux-user/riscv/cpu_loop.c | 50 +++++++++++++++++++++++++++++++++ linux-user/riscv/target_cpu.h | 7 +++++ linux-user/riscv/target_prctl.h | 27 ++++++++++++++++++ target/riscv/cpu.c | 4 +++ target/riscv/cpu.h | 1 + 5 files changed, 89 insertions(+) diff --git a/linux-user/riscv/cpu_loop.c b/linux-user/riscv/cpu_loop.c index 52c49c2e42..22670b68e0 100644 --- a/linux-user/riscv/cpu_loop.c +++ b/linux-user/riscv/cpu_loop.c @@ -25,6 +25,7 @@ #include "signal-common.h" #include "elf.h" #include "semihosting/common-semi.h" +#include "user-mmap.h" void cpu_loop(CPURISCVState *env) { @@ -94,6 +95,55 @@ void cpu_loop(CPURISCVState *env) } } +#define ZICFISS_GUARD_SIZE (2UL * TARGET_PAGE_SIZE) +#define ZICFISS_STACK_SIZE (16UL * TARGET_PAGE_SIZE) +#define ZICFISS_THREAD_SIZE (ZICFISS_STACK_SIZE + ZICFISS_GUARD_SIZE) + +void zicfiss_shadow_stack_alloc(CPUArchState *env) +{ + uintptr_t new_base; + + /* SS page should be surrounded by two guard pages */ + new_base = (uintptr_t) target_mmap(0, ZICFISS_THREAD_SIZE, PROT_NONE, + MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); + if ((intptr_t)new_base == -1) { + perror("shadow stack alloc failure"); + exit(EXIT_FAILURE); + } + new_base += TARGET_PAGE_SIZE; + int ret = mprotect((void *)new_base, ZICFISS_STACK_SIZE, + PROT_READ | PROT_WRITE); + if (ret == -1) { + perror("shadow stack mprotect failure"); + exit(EXIT_FAILURE); + } + + env->ssp_base = new_base; + env->ssp = new_base + ZICFISS_STACK_SIZE; +} + +void zicfiss_shadow_stack_release(CPUArchState *env) +{ + abi_ulong mmap_base; + + if (env->ssp == 0) { + perror("release empty shadow stack"); + exit(EXIT_FAILURE); + } + + /* It should match shadow stack allocation. */ + mmap_base = env->ssp_base - TARGET_PAGE_SIZE; + + int ret = target_munmap(mmap_base, ZICFISS_THREAD_SIZE); + if (ret == -1) { + perror("shadow stack release failure"); + exit(EXIT_FAILURE); + } + + env->ssp_base = 0; + env->ssp = 0; +} + void target_cpu_copy_regs(CPUArchState *env, struct target_pt_regs *regs) { CPUState *cpu = env_cpu(env); diff --git a/linux-user/riscv/target_cpu.h b/linux-user/riscv/target_cpu.h index 9c642367a3..bba54d93eb 100644 --- a/linux-user/riscv/target_cpu.h +++ b/linux-user/riscv/target_cpu.h @@ -1,6 +1,9 @@ #ifndef RISCV_TARGET_CPU_H #define RISCV_TARGET_CPU_H +extern void zicfiss_shadow_stack_alloc(CPUArchState *env); +extern void zicfiss_shadow_stack_release(CPUArchState *env); + static inline void cpu_clone_regs_child(CPURISCVState *env, target_ulong newsp, unsigned flags) { @@ -9,6 +12,10 @@ static inline void cpu_clone_regs_child(CPURISCVState *env, target_ulong newsp, } env->gpr[xA0] = 0; + + if (flags & CLONE_VM) { + zicfiss_shadow_stack_alloc(env); + } } static inline void cpu_clone_regs_parent(CPURISCVState *env, unsigned flags) diff --git a/linux-user/riscv/target_prctl.h b/linux-user/riscv/target_prctl.h index d7f9f954c9..6293d61519 100644 --- a/linux-user/riscv/target_prctl.h +++ b/linux-user/riscv/target_prctl.h @@ -13,6 +13,33 @@ static abi_long do_prctl_cfi(CPUArchState *env, if (env_archcpu(env)->cfg.ext_zicfilp) { switch (option) { + case PR_GET_SHADOW_STACK_STATUS: + abi_ulong bcfi_status = 0; + /* indirect branch tracking is enabled on the task or not */ + bcfi_status |= (env->ubcfien ? PR_INDIR_BR_LP_ENABLE : 0); + return copy_to_user(flag, &bcfi_status, sizeof(bcfi_status)) ? \ + -EFAULT : 0; + + case PR_SET_SHADOW_STACK_STATUS: + /* if any other bit is set, its invalid param */ + if (flag & ~PR_SHADOW_STACK_ENABLE) { + return -TARGET_EINVAL; + } + + if ((flag & PR_SHADOW_STACK_ENABLE) + && (env->ssp == 0 && !env->ubcfien)) { + zicfiss_shadow_stack_alloc(env); + } else { + zicfiss_shadow_stack_release(env); + } + env->ubcfien = (flag & PR_SHADOW_STACK_ENABLE); + tb_flush(env_cpu(env)); + return 0; + + /* locking not implemented (also not needed for qemu-user) yet */ + case PR_LOCK_SHADOW_STACK_STATUS: + return -TARGET_EINVAL; + case PR_GET_INDIR_BR_LP_STATUS: abi_ulong fcfi_status = 0; /* indirect branch tracking is enabled on the task or not */ diff --git a/target/riscv/cpu.c b/target/riscv/cpu.c index e1ff246c24..5a34eee10c 100644 --- a/target/riscv/cpu.c +++ b/target/riscv/cpu.c @@ -1001,6 +1001,10 @@ static void riscv_cpu_reset_hold(Object *obj, ResetType type) /* on reset ssp is set to 0 */ env->ssp = 0; +#ifdef CONFIG_USER_ONLY + env->ssp_base = 0; +#endif + /* * Bits 10, 6, 2 and 12 of mideleg are read only 1 when the Hypervisor * extension is enabled. diff --git a/target/riscv/cpu.h b/target/riscv/cpu.h index 82475490ab..af89fc1268 100644 --- a/target/riscv/cpu.h +++ b/target/riscv/cpu.h @@ -232,6 +232,7 @@ struct CPUArchState { uint32_t elf_flags; bool ufcfien; bool ubcfien; + target_ulong ssp_base; #endif #ifndef CONFIG_USER_ONLY From patchwork Mon Jul 29 17:53:21 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Deepak Gupta X-Patchwork-Id: 1966173 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=rivosinc-com.20230601.gappssmtp.com header.i=@rivosinc-com.20230601.gappssmtp.com header.a=rsa-sha256 header.s=20230601 header.b=gJSL1lv2; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=nongnu.org (client-ip=209.51.188.17; helo=lists.gnu.org; envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org; receiver=patchwork.ozlabs.org) Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4WXmKH18t5z1ybX for ; Tue, 30 Jul 2024 03:57:23 +1000 (AEST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1sYUZa-00073u-LP; Mon, 29 Jul 2024 13:54:14 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sYUZO-00062k-5C for qemu-devel@nongnu.org; Mon, 29 Jul 2024 13:54:02 -0400 Received: from mail-pf1-x429.google.com ([2607:f8b0:4864:20::429]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1sYUZK-0000NY-2z for qemu-devel@nongnu.org; Mon, 29 Jul 2024 13:54:01 -0400 Received: by mail-pf1-x429.google.com with SMTP id d2e1a72fcca58-70ea93aa9bdso2461447b3a.0 for ; Mon, 29 Jul 2024 10:53:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rivosinc-com.20230601.gappssmtp.com; s=20230601; t=1722275634; x=1722880434; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=bfd/g3qnKmKlalH95hAzpJLDLKpqsukOO1ZJ1hRrjxo=; b=gJSL1lv2IfVw6+y6hHNzBF2yDbF6rxR87cRtIho27zZTpuv6bJ/ttv7ozfYYdQp6fN 1KPfFRtyyMY9qIpQNGV1ZWeCqbVXSyHfVv1WtGXrvJ2yA77qroctWy+QdQR2lZmdXvrq x5Aiq6lHLI+BU0cd+VCGcA+vbm5QMicLbh7Ye+gZD+zTdbNBIfbZMU77mG8T4dCsxoDC SjQ3f4j9sZ1ETa1/nwgqpKALDwqkaybNNY/rGLB1ZKeYdM8jY7wYyRWQ6P5SrHNlMybh sLMF7Wv8z35fZ2FPTFZqm/NnNt5hVFtXp/m2nHx70na/mQOKfXFuosaJ419Q/M1N0NPL YxMA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1722275634; x=1722880434; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=bfd/g3qnKmKlalH95hAzpJLDLKpqsukOO1ZJ1hRrjxo=; b=o6npYunP94hkjws4gjEeWDzosTBVuz1+wHhs9cRdVhg72yyV/aKSHYiFYBX/GByHYT 2DNWKwjJcibRLX6thgT5TIZh6Uw398bKZQWPwInk+dNg6LwH1dPlkPhZewJ1kwXnpTBy crE5yxYP/0rHsoNKJZpj+CpwELcnU6VmY5ZPV+COzODcv63Z1x8j7CtQp1WKbUuFLdOd Vh7tD4VLNOYzAx0lWRPA/uiD94RMgOGnf4MMhCz89KVk1KZkEdcRdp1sjhq2247/WF7T TJ3b/H8nVLHDYDjBiz9LpauZYez3m2olIjZFRavHST1VlwHaIejlUKRS26BbSGvF0a5S 9XMw== X-Forwarded-Encrypted: i=1; AJvYcCXtooKNNVh3eUSgdOsA55vD2O8RTwpwUh5lOo0+6TjIRzEQPqrzktT9VnEIh/psNI94d6EtDfP0gJ0jCbJBCPs8/hBFsWU= X-Gm-Message-State: AOJu0Yz8gGg42yuiakfmv0oDZfhxWczvfcX7CdcwT0E5nuPooxPxS9zU Jt3yYn0CEwyAmqjb0XDC2oKnRMC8EUPwSZ8mmJIf4zBMc5m7fusQH0vRHsP4wY0= X-Google-Smtp-Source: AGHT+IGnVcjAoGSqucv8/Eovj+xZpH7AhM+3zzEFrJ1e8TKEt703NbCtgDD6p2bEH1KMNebKDjy9Qw== X-Received: by 2002:a05:6a20:9190:b0:1c4:819f:8e0c with SMTP id adf61e73a8af0-1c4a117948emr7211292637.6.1722275634285; Mon, 29 Jul 2024 10:53:54 -0700 (PDT) Received: from debug.ba.rivosinc.com ([64.71.180.162]) by smtp.gmail.com with ESMTPSA id 41be03b00d2f7-7a9f7c71b15sm6303141a12.18.2024.07.29.10.53.53 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 29 Jul 2024 10:53:54 -0700 (PDT) From: Deepak Gupta To: qemu-riscv@nongnu.org, qemu-devel@nongnu.org, jim.shu@sifive.com, andy.chiu@sifive.com, jesse.huang@sifive.com, kito.cheng@sifive.com Cc: palmer@dabbelt.com, Alistair.Francis@wdc.com, laurent@vivier.eu, bmeng.cn@gmail.com, liwei1518@gmail.com, dbarboza@ventanamicro.com, zhiwei_liu@linux.alibaba.com, Deepak Gupta Subject: [PATCH v2 19/24] disas/riscv: enable disassembly for zicfiss instructions Date: Mon, 29 Jul 2024 10:53:21 -0700 Message-ID: <20240729175327.73705-20-debug@rivosinc.com> X-Mailer: git-send-email 2.44.0 In-Reply-To: <20240729175327.73705-1-debug@rivosinc.com> References: <20240729175327.73705-1-debug@rivosinc.com> MIME-Version: 1.0 Received-SPF: pass client-ip=2607:f8b0:4864:20::429; envelope-from=debug@rivosinc.com; helo=mail-pf1-x429.google.com X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=unavailable autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Enable disassembly for sspush, sspopchk, ssrdp & ssamoswap. Disasembly is only enabled if zimop and zicfiss ext is set to true. Signed-off-by: Deepak Gupta --- disas/riscv.c | 34 ++++++++++++++++++++++++++++++++++ disas/riscv.h | 1 + 2 files changed, 35 insertions(+) diff --git a/disas/riscv.c b/disas/riscv.c index c7c92acef7..c4e47fbc78 100644 --- a/disas/riscv.c +++ b/disas/riscv.c @@ -975,6 +975,11 @@ typedef enum { rv_op_amocas_b = 944, rv_op_amocas_h = 945, rv_op_lpad = 946, + rv_op_sspush = 947, + rv_op_sspopchk = 948, + rv_op_ssrdp = 949, + rv_op_ssamoswap_w = 950, + rv_op_ssamoswap_d = 951, } rv_op; /* register names */ @@ -2234,6 +2239,11 @@ const rv_opcode_data rvi_opcode_data[] = { { "amocas.b", rv_codec_r_a, rv_fmt_aqrl_rd_rs2_rs1, NULL, 0, 0, 0 }, { "amocas.h", rv_codec_r_a, rv_fmt_aqrl_rd_rs2_rs1, NULL, 0, 0, 0 }, { "lpad", rv_codec_lp, rv_fmt_imm, NULL, 0, 0, 0 }, + { "sspush", rv_codec_r, rv_fmt_rs2, NULL, 0, 0, 0 }, + { "sspopchk", rv_codec_r, rv_fmt_rs1, NULL, 0, 0, 0 }, + { "ssrdp", rv_codec_r, rv_fmt_rd, NULL, 0, 0, 0 }, + { "ssamoswap.w", rv_codec_r_a, rv_fmt_aqrl_rd_rs2_rs1, NULL, 0, 0, 0 }, + { "ssamoswap.d", rv_codec_r_a, rv_fmt_aqrl_rd_rs2_rs1, NULL, 0, 0, 0 }, }; /* CSR names */ @@ -2251,6 +2261,7 @@ static const char *csr_name(int csrno) case 0x0009: return "vxsat"; case 0x000a: return "vxrm"; case 0x000f: return "vcsr"; + case 0x0011: return "ssp"; case 0x0015: return "seed"; case 0x0017: return "jvt"; case 0x0040: return "uscratch"; @@ -3077,6 +3088,8 @@ static void decode_inst_opcode(rv_decode *dec, rv_isa isa) case 66: op = rv_op_amoor_w; break; case 67: op = rv_op_amoor_d; break; case 68: op = rv_op_amoor_q; break; + case 74: op = rv_op_ssamoswap_w; break; + case 75: op = rv_op_ssamoswap_d; break; case 96: op = rv_op_amoand_b; break; case 97: op = rv_op_amoand_h; break; case 98: op = rv_op_amoand_w; break; @@ -4036,11 +4049,32 @@ static void decode_inst_opcode(rv_decode *dec, rv_isa isa) extract32(inst, 26, 2)), 4, 1, extract32(inst, 30, 1)); op = rv_mop_r_0 + imm_mop5; + /* if zicfiss enabled and mop5 is shadow stack */ + if (dec->cfg->ext_zicfiss && + ((imm_mop5 & 0b11100) == 0b11100)) { + /* rs1=0 means ssrdp */ + if ((inst & (0b011111 << 15)) == 0) { + op = rv_op_ssrdp; + } + /* rd=0 means sspopchk */ + if ((inst & (0b011111 << 7)) == 0) { + op = rv_op_sspopchk; + } + } } else if ((extract32(inst, 25, 7) & 0b1011001) == 0b1000001) { imm_mop3 = deposit32(extract32(inst, 26, 2), 2, 1, extract32(inst, 30, 1)); op = rv_mop_rr_0 + imm_mop3; + /* if zicfiss enabled and mop3 is shadow stack */ + if (dec->cfg->ext_zicfiss && + ((imm_mop3 & 0b111) == 0b111)) { + /* rs1=0 and rd=0 means sspush */ + if (((inst & (0b011111 << 15)) == 0) && + ((inst & (0b011111 << 7)) == 0)) { + op = rv_op_sspush; + } + } } } break; diff --git a/disas/riscv.h b/disas/riscv.h index 1182457aff..4895c5a301 100644 --- a/disas/riscv.h +++ b/disas/riscv.h @@ -224,6 +224,7 @@ enum { #define rv_fmt_none "O\t" #define rv_fmt_rs1 "O\t1" +#define rv_fmt_rs2 "O\t2" #define rv_fmt_offset "O\to" #define rv_fmt_pred_succ "O\tp,s" #define rv_fmt_rs1_rs2 "O\t1,2" From patchwork Mon Jul 29 17:53:22 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Deepak Gupta X-Patchwork-Id: 1966175 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=rivosinc-com.20230601.gappssmtp.com header.i=@rivosinc-com.20230601.gappssmtp.com header.a=rsa-sha256 header.s=20230601 header.b=fN1ZviW4; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=nongnu.org (client-ip=209.51.188.17; helo=lists.gnu.org; envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org; receiver=patchwork.ozlabs.org) Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4WXmKJ5j9Dz1ybX for ; Tue, 30 Jul 2024 03:57:24 +1000 (AEST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1sYUZV-0006kE-S5; Mon, 29 Jul 2024 13:54:10 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sYUZL-0005rO-Pf for qemu-devel@nongnu.org; Mon, 29 Jul 2024 13:54:00 -0400 Received: from mail-pg1-x529.google.com ([2607:f8b0:4864:20::529]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1sYUZJ-0000O1-Ql for qemu-devel@nongnu.org; Mon, 29 Jul 2024 13:53:59 -0400 Received: by mail-pg1-x529.google.com with SMTP id 41be03b00d2f7-7a23fbb372dso2113734a12.0 for ; Mon, 29 Jul 2024 10:53:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rivosinc-com.20230601.gappssmtp.com; s=20230601; t=1722275635; x=1722880435; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=GwN8KazdAM6rfbJ9pEQTaPAvCowqMjvonYMvwP9Ekyo=; b=fN1ZviW4rEc0xjdamaeNlb2IYRFj/79K1wa81G60BM8DnkdqzwO06SbNYcDn5RBTKb yfexMH5JP+xx+QJBPqylYhlkug5o8+4h1Xl1teQizpu7GZ6QDYwWuyhrfvGSeVk5YzFy RgAi1DtXBdT1cuqxaM6irxiQbC1eFxlFxE7HLl6v/r/1n4I0gerh9HU7SFSa1mvO35tm jgBju42CgCjEUgqx4euTCf815Z562Hcu/b5S3Yf0CSV6ZstHubbTrK0YaLpI7Mopa8M9 MowXHgImqRSQlDd5k+DzWmRvg+N/F7cqA2xZ5xvubqycUIhsdCHQrd/IE6T4aMum2zSQ yB2A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1722275635; x=1722880435; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=GwN8KazdAM6rfbJ9pEQTaPAvCowqMjvonYMvwP9Ekyo=; b=BJL3LfGQPDc9RQegAWYtxHVMeRIeDMA8LMGA/SRXzUuac2h0M2nf8e3QYKOJ9qEIJv q3qhn3vKOND8sPD/xMOhT0mLUBPQ5w/WMZJi6F6Gej1aAIh+RTCEPd0fiqp47BCz0pcl wPrW8A1Z3Fc+vuCuMYdej2/VZqQDyUFFvZQ3fYtf8Ag3+e4c59bgFF7rR1k8HRuyoBIg yteNAU/AlNqFqMX20bAsrSSLXuI3H8d+waen2t2xACDOrTjHdTFMdha8eo5LLvxdWpmY tYVRY/vmKXRdUxV/RSPVXlVIJ92IIADKV6mtmPMzUyEJH6alTmD9NNl+te8dJavnmpn1 HQjg== X-Forwarded-Encrypted: i=1; AJvYcCWZNV/rRXckc/4UArFjJ3wJxu3Vfj998a/y1L2JpjBA6VH0eBH322G/rr2KtJKi/ZexkOH7oC2/3becoe07Ui8bAdGyxX0= X-Gm-Message-State: AOJu0Yzic54AEAv9XIzuBTP/Lni6jULd/aeJXze524L06wC9QsKetlUb AyLioZlpHlZKATm6I7QtXgPj+jEBumjpWQXRct9BoF7fKCNSn0IB7xX7kW9gOoI= X-Google-Smtp-Source: AGHT+IE5/MaQM/xoGUU0IfgNAzA1oXVtpmD9nE2YW639UsHztg34gTFOmo2rmOLZaS9LaWerPiXmjQ== X-Received: by 2002:a05:6a21:2d08:b0:1c2:5fa8:2de2 with SMTP id adf61e73a8af0-1c4a117c6f2mr7041531637.10.1722275635456; Mon, 29 Jul 2024 10:53:55 -0700 (PDT) Received: from debug.ba.rivosinc.com ([64.71.180.162]) by smtp.gmail.com with ESMTPSA id 41be03b00d2f7-7a9f7c71b15sm6303141a12.18.2024.07.29.10.53.54 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 29 Jul 2024 10:53:55 -0700 (PDT) From: Deepak Gupta To: qemu-riscv@nongnu.org, qemu-devel@nongnu.org, jim.shu@sifive.com, andy.chiu@sifive.com, jesse.huang@sifive.com, kito.cheng@sifive.com Cc: palmer@dabbelt.com, Alistair.Francis@wdc.com, laurent@vivier.eu, bmeng.cn@gmail.com, liwei1518@gmail.com, dbarboza@ventanamicro.com, zhiwei_liu@linux.alibaba.com, Deepak Gupta Subject: [PATCH v2 20/24] disas/riscv: enable disassembly for compressed sspush/sspopchk Date: Mon, 29 Jul 2024 10:53:22 -0700 Message-ID: <20240729175327.73705-21-debug@rivosinc.com> X-Mailer: git-send-email 2.44.0 In-Reply-To: <20240729175327.73705-1-debug@rivosinc.com> References: <20240729175327.73705-1-debug@rivosinc.com> MIME-Version: 1.0 Received-SPF: pass client-ip=2607:f8b0:4864:20::529; envelope-from=debug@rivosinc.com; helo=mail-pg1-x529.google.com X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org sspush and sspopchk have equivalent compressed encoding taken from zcmop. cmop.1 is sspush x1 while cmop.5 is sspopchk x5. Due to unusual encoding for both rs1 and rs2 from space bitfield, this required a new codec. Signed-off-by: Deepak Gupta --- disas/riscv.c | 19 ++++++++++++++++++- disas/riscv.h | 1 + 2 files changed, 19 insertions(+), 1 deletion(-) diff --git a/disas/riscv.c b/disas/riscv.c index c4e47fbc78..82175e75ee 100644 --- a/disas/riscv.c +++ b/disas/riscv.c @@ -980,6 +980,8 @@ typedef enum { rv_op_ssrdp = 949, rv_op_ssamoswap_w = 950, rv_op_ssamoswap_d = 951, + rv_op_c_sspush = 952, + rv_op_c_sspopchk = 953, } rv_op; /* register names */ @@ -2244,6 +2246,10 @@ const rv_opcode_data rvi_opcode_data[] = { { "ssrdp", rv_codec_r, rv_fmt_rd, NULL, 0, 0, 0 }, { "ssamoswap.w", rv_codec_r_a, rv_fmt_aqrl_rd_rs2_rs1, NULL, 0, 0, 0 }, { "ssamoswap.d", rv_codec_r_a, rv_fmt_aqrl_rd_rs2_rs1, NULL, 0, 0, 0 }, + { "c.sspush", rv_codec_cmop_ss, rv_fmt_rs2, NULL, rv_op_sspush, + rv_op_sspush, 0 }, + { "c.sspopchk", rv_codec_cmop_ss, rv_fmt_rs1, NULL, rv_op_sspopchk, + rv_op_sspopchk, 0 }, }; /* CSR names */ @@ -2604,7 +2610,13 @@ static void decode_inst_opcode(rv_decode *dec, rv_isa isa) if (dec->cfg->ext_zcmop) { if ((((inst >> 2) & 0b111111) == 0b100000) && (((inst >> 11) & 0b11) == 0b0)) { - op = rv_c_mop_1 + ((inst >> 8) & 0b111); + unsigned int cmop_code = 0; + cmop_code = ((inst >> 8) & 0b111); + op = rv_c_mop_1 + cmop_code; + if (dec->cfg->ext_zicfiss) { + op = (cmop_code == 0) ? rv_op_c_sspush : op; + op = (cmop_code == 2) ? rv_op_c_sspopchk : op; + } break; } } @@ -4919,6 +4931,11 @@ static void decode_inst_operands(rv_decode *dec, rv_isa isa) case rv_codec_lp: dec->imm = operand_lpl(inst); break; + case rv_codec_cmop_ss: + dec->rd = rv_ireg_zero; + dec->rs1 = dec->rs2 = operand_crs1(inst); + dec->imm = 0; + break; }; } diff --git a/disas/riscv.h b/disas/riscv.h index 4895c5a301..6a3b371cd3 100644 --- a/disas/riscv.h +++ b/disas/riscv.h @@ -167,6 +167,7 @@ typedef enum { rv_codec_r2_imm2_imm5, rv_codec_fli, rv_codec_lp, + rv_codec_cmop_ss, } rv_codec; /* structures */ From patchwork Mon Jul 29 17:53:23 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Deepak Gupta X-Patchwork-Id: 1966180 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=rivosinc-com.20230601.gappssmtp.com header.i=@rivosinc-com.20230601.gappssmtp.com header.a=rsa-sha256 header.s=20230601 header.b=VMeSPlsD; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=nongnu.org (client-ip=209.51.188.17; helo=lists.gnu.org; envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org; receiver=patchwork.ozlabs.org) Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4WXmKX4Vtfz1ybX for ; Tue, 30 Jul 2024 03:57:36 +1000 (AEST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1sYUZV-0006f3-4l; Mon, 29 Jul 2024 13:54:09 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sYUZO-00062p-5g for qemu-devel@nongnu.org; Mon, 29 Jul 2024 13:54:02 -0400 Received: from mail-pf1-x42e.google.com ([2607:f8b0:4864:20::42e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1sYUZK-0000OO-37 for qemu-devel@nongnu.org; Mon, 29 Jul 2024 13:54:01 -0400 Received: by mail-pf1-x42e.google.com with SMTP id d2e1a72fcca58-70d150e8153so2189935b3a.0 for ; Mon, 29 Jul 2024 10:53:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rivosinc-com.20230601.gappssmtp.com; s=20230601; t=1722275637; x=1722880437; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=E2gOjemeIxuisakJLMtv9C9tfaLcK041ldza0nSyRho=; b=VMeSPlsDlSn6QFNvoQfYYak0CCDhd1FZuL0l630+8F1l5hzALC6wC2+kbBo/jr62+b gAP/fucrOqGKKNdZhRM7IJJ4xd2vdUFb3bp1ZA+b8x4qm7uYUfijQca2j+nPZ1diQ1S6 +P4NMhlHH/yDAzPIS/L0/vRS4rvBEMbAHw5TWmI8by005WLTlait6axJRg12gVHehv4Z nLyOyjxM2TBkr03bmPmB2Os3wEafk/oUGPoq9g/eH+GCSGN9nvrOePQUohVII7GTZu6o gKTqAQx8erANVLOSQQShZfchkTS+KQkU4koXXAEUtpgoRw+zrTuHeNwHIm0HkNJt/26I 6xig== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1722275637; x=1722880437; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=E2gOjemeIxuisakJLMtv9C9tfaLcK041ldza0nSyRho=; b=gSJxVh+d20p/KO9EZpf+49VK1HzutNXRRHylUHhhbgZETLxVoW3jW7bntFzb9opAPA yEd8OAm/a3aeXzE0Zi1BKpwdR9PIJT4/9JjRMHiuWGTJSCHyZWHoetB9IwBpvqs8qCOf p32iIpuCd/UZ8qefiWEgY7tL9z2hvaIU4Q5rnHJMKlkPJCjaZGuecDXDPR2JIsYglNPG 3gwpBPaKXmTefG4n3Tea1KkS7lNgWMFQ+NQ2O8Kiqq8Wi6/aSYoU+8Pt7Y6Z6SQfWpHZ uok2bpG+fSIGn1qAe6o3/ruv9j/er0CwwaLsREj1VYGP5B4BBPFu45WqXH+o1c4bZGBI Avtw== X-Forwarded-Encrypted: i=1; AJvYcCWE2d+10BT78f5ME6od3cYZ1qpQWAfRDjbSuSGHJpx1bzr9DCoSOeOf0apgio6dsrbOvskoiFFNJSrRZV4LCLMaago9Pqk= X-Gm-Message-State: AOJu0YyixKYbpDe0i/mNcOQ9kxCfoR6GEVC/E1A6MSna507HUrQbfbAw ZGhv/4KvhnnvSeeuITjdX7sp+J1EV37jb9vNaxWPIxcq8Qt/DdaqpQhpaE4o300= X-Google-Smtp-Source: AGHT+IEvIkWPRazroEY9kqvcXbNbEiec7KjUrMUaddW0iNlpNWZZMV7N4BULgyi2m28lp63uqN8vkA== X-Received: by 2002:a05:6a00:895:b0:706:aa4b:4 with SMTP id d2e1a72fcca58-70ece81cef5mr11896428b3a.13.1722275636598; Mon, 29 Jul 2024 10:53:56 -0700 (PDT) Received: from debug.ba.rivosinc.com ([64.71.180.162]) by smtp.gmail.com with ESMTPSA id 41be03b00d2f7-7a9f7c71b15sm6303141a12.18.2024.07.29.10.53.55 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 29 Jul 2024 10:53:56 -0700 (PDT) From: Deepak Gupta To: qemu-riscv@nongnu.org, qemu-devel@nongnu.org, jim.shu@sifive.com, andy.chiu@sifive.com, jesse.huang@sifive.com, kito.cheng@sifive.com Cc: palmer@dabbelt.com, Alistair.Francis@wdc.com, laurent@vivier.eu, bmeng.cn@gmail.com, liwei1518@gmail.com, dbarboza@ventanamicro.com, zhiwei_liu@linux.alibaba.com, Deepak Gupta Subject: [PATCH v2 21/24] target/riscv: add trace-hooks for each case of sw-check exception Date: Mon, 29 Jul 2024 10:53:23 -0700 Message-ID: <20240729175327.73705-22-debug@rivosinc.com> X-Mailer: git-send-email 2.44.0 In-Reply-To: <20240729175327.73705-1-debug@rivosinc.com> References: <20240729175327.73705-1-debug@rivosinc.com> MIME-Version: 1.0 Received-SPF: pass client-ip=2607:f8b0:4864:20::42e; envelope-from=debug@rivosinc.com; helo=mail-pf1-x42e.google.com X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Violations to control flow rules setup by zicfilp and zicfiss lead to software check exceptions. To debug and fix such sw check issues in guest , add trace-hooks for each case. Signed-off-by: Jim Shu Signed-off-by: Deepak Gupta --- target/riscv/insn_trans/trans_rvi.c.inc | 1 + target/riscv/op_helper.c | 4 ++++ target/riscv/trace-events | 6 ++++++ target/riscv/translate.c | 2 ++ 4 files changed, 13 insertions(+) diff --git a/target/riscv/insn_trans/trans_rvi.c.inc b/target/riscv/insn_trans/trans_rvi.c.inc index ee868c5fcb..66b26cbe8b 100644 --- a/target/riscv/insn_trans/trans_rvi.c.inc +++ b/target/riscv/insn_trans/trans_rvi.c.inc @@ -65,6 +65,7 @@ static bool trans_lpad(DisasContext *ctx, arg_lpad *a) tcg_constant_tl(RISCV_EXCP_SW_CHECK_FCFI_TVAL), tcg_env, offsetof(CPURISCVState, sw_check_code)); generate_exception(ctx, RISCV_EXCP_SW_CHECK); + trace_zicfilp_unaligned_lpad_instr((uint64_t) ctx->base.pc_next); return true; } } diff --git a/target/riscv/op_helper.c b/target/riscv/op_helper.c index 54baa3a966..6a54c6c24d 100644 --- a/target/riscv/op_helper.c +++ b/target/riscv/op_helper.c @@ -24,6 +24,7 @@ #include "exec/exec-all.h" #include "exec/cpu_ldst.h" #include "exec/helper-proto.h" +#include "trace.h" /* Exceptions processing helpers */ G_NORETURN void riscv_raise_exception(CPURISCVState *env, @@ -283,6 +284,8 @@ void helper_cfi_check_landing_pad(CPURISCVState *env, int lbl) * greater than 31 and then shift 12 right */ if (lbl && (lbl != ((env->gpr[xT2] & 0xFFFFFFFF) >> 12))) { + trace_zicfilp_lpad_reg_mismatch(lbl, + (env->gpr[xT2] & 0xFFFFFFFF) >> 12); env->sw_check_code = RISCV_EXCP_SW_CHECK_FCFI_TVAL; riscv_raise_exception(env, RISCV_EXCP_SW_CHECK, GETPC()); } @@ -295,6 +298,7 @@ void helper_sschk_mismatch(CPURISCVState *env, target_ulong rs1, target_ulong ssra) { if (rs1 != ssra) { + trace_zicfiss_sspopchk_reg_mismatch((uint64_t)ssra, (uint64_t) rs1); env->sw_check_code = RISCV_EXCP_SW_CHECK_BCFI_TVAL; riscv_raise_exception(env, RISCV_EXCP_SW_CHECK, GETPC()); } diff --git a/target/riscv/trace-events b/target/riscv/trace-events index 49ec4d3b7d..842349ecb9 100644 --- a/target/riscv/trace-events +++ b/target/riscv/trace-events @@ -9,3 +9,9 @@ pmpaddr_csr_write(uint64_t mhartid, uint32_t addr_index, uint64_t val) "hart %" mseccfg_csr_read(uint64_t mhartid, uint64_t val) "hart %" PRIu64 ": read mseccfg, val: 0x%" PRIx64 mseccfg_csr_write(uint64_t mhartid, uint64_t val) "hart %" PRIu64 ": write mseccfg, val: 0x%" PRIx64 + +# zicfiss/lp +zicfiss_sspopchk_reg_mismatch(uint64_t ssra, uint64_t rs1) "shadow_stack_ra: 0x%" PRIx64 ", rs1: 0x%" PRIx64 +zicfilp_missing_lpad_instr(uint64_t pc_first) "pc_first: 0x%" PRIx64 +zicfilp_unaligned_lpad_instr(uint64_t pc_next) "pc_next: 0x%" PRIx64 +zicfilp_lpad_reg_mismatch(int lpad_label, int t2_label) "lpad_label: 0x%x, t2_label: 0x%x" diff --git a/target/riscv/translate.c b/target/riscv/translate.c index ad0f841807..958a1578d4 100644 --- a/target/riscv/translate.c +++ b/target/riscv/translate.c @@ -30,6 +30,7 @@ #include "semihosting/semihost.h" #include "internals.h" +#include "trace.h" #define HELPER_H "helper.h" #include "exec/helper-info.c.inc" @@ -1380,6 +1381,7 @@ static void riscv_tr_tb_stop(DisasContextBase *dcbase, CPUState *cpu) * illegal instruction exception. */ tcg_set_insn_param(cfi_lp_check, 1, tcgv_i32_arg(tcg_constant_i32(1))); + trace_zicfilp_missing_lpad_instr((uint64_t) ctx->base.pc_first); } } From patchwork Mon Jul 29 17:53:24 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Deepak Gupta X-Patchwork-Id: 1966164 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=rivosinc-com.20230601.gappssmtp.com header.i=@rivosinc-com.20230601.gappssmtp.com header.a=rsa-sha256 header.s=20230601 header.b=e7F1o4U3; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=nongnu.org (client-ip=209.51.188.17; helo=lists.gnu.org; envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org; receiver=patchwork.ozlabs.org) Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4WXmHT6wx7z1ybX for ; Tue, 30 Jul 2024 03:55:49 +1000 (AEST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1sYUZc-0007BE-FU; Mon, 29 Jul 2024 13:54:16 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sYUZP-00066i-Lq for qemu-devel@nongnu.org; Mon, 29 Jul 2024 13:54:03 -0400 Received: from mail-pf1-x42a.google.com ([2607:f8b0:4864:20::42a]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1sYUZL-0000P3-8D for qemu-devel@nongnu.org; Mon, 29 Jul 2024 13:54:02 -0400 Received: by mail-pf1-x42a.google.com with SMTP id d2e1a72fcca58-70d2b921cdfso3169260b3a.0 for ; Mon, 29 Jul 2024 10:53:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rivosinc-com.20230601.gappssmtp.com; s=20230601; t=1722275638; x=1722880438; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=Pr/AcYF8z8+IP/7vhXiuKTgBOUJ+TMutbX74doKlSC0=; b=e7F1o4U30ZUifqqc1k2xQbAhvli44x6HlZYgky33EXxaRaYm99063ftc6jbxNBPpNc +E8Pu7VfdXSPk30XEpeqC1rMlUx7XwUe+gs9ZkAkDnhh9o/eJNiK9rTIYjGB+UDriYk5 Th/z4uy/1rikif1fqzPQ/81Aa7Iu7fyHgXAXX4qc4SEhLRTX0KJM0fLAB47NM3jAK3l3 vH3sepbET2HEXxJe+EJgokRy3CK3jjtOtFONYFyvDHTtLBKj6+Kx3pfvAiRucUVKVNZR 6iXDmoS4z+uAgEfGFaFIOaMYOgGAV1R3y/aiI4MQ6131uTS4OZjtn/ydKGlDXndMubNh ALYg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1722275638; x=1722880438; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Pr/AcYF8z8+IP/7vhXiuKTgBOUJ+TMutbX74doKlSC0=; b=pxuPm3IEdO2n0ezcHJc1YYkkQzZVj7Nvbb9nZo6G9U77E7ibp5xz+fRzNHlQnV1zgN uavK1d/95lzmiOjSy4ZW+8ickOwkqqOi+6vaIz7NTp8MSp+soPnkfTiQTPYzNjC+GiXm VHLHVr1N4c29YRVEa6y6H+Tg54kG0t9a8HbwSieEzooHuHZU2XEbgF4jxStstKMhu1vY +Z52s7rZDCFxLlzBi4OMlV34KF3BUsR4oWU2hiG4SyFJOzudMS77amFSILbNtp4nVbOO lXGPepsb4FU4Ujgp7Iz4+GU0zmiNFElTV0b36L42hYpMOiKynMLD3GQ8EiOTs7vvZvgj sG8A== X-Forwarded-Encrypted: i=1; AJvYcCVWGVnQJV8nn/vYHoKJw61Mk1OTJ2+P2PdT25jxbqAL5AkvuOGp/ttBiXb7fQdBE4cb0osQPrMcNdlK4dyA6G+2J/CRNB4= X-Gm-Message-State: AOJu0Yz7fo4GldyUArKxRpKdJa5YcDT9X5zur+AryIf4eQb8PNyAYbkr NVwW/+AvGfKNhHLqekx1nnIb0Ukhz1PXV/+qZvI1gcnoGiecFRO26qZY854Mjew= X-Google-Smtp-Source: AGHT+IE+JAVdCygqc/cQPj9kW6GA8Un/NL9GuhpnzbHcxU8r68n5OIj88j3g/Aw6pSTF3dXSP989Sg== X-Received: by 2002:a05:6a20:2449:b0:1c3:a63a:cf04 with SMTP id adf61e73a8af0-1c4a12d00bdmr11069126637.20.1722275637754; Mon, 29 Jul 2024 10:53:57 -0700 (PDT) Received: from debug.ba.rivosinc.com ([64.71.180.162]) by smtp.gmail.com with ESMTPSA id 41be03b00d2f7-7a9f7c71b15sm6303141a12.18.2024.07.29.10.53.56 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 29 Jul 2024 10:53:57 -0700 (PDT) From: Deepak Gupta To: qemu-riscv@nongnu.org, qemu-devel@nongnu.org, jim.shu@sifive.com, andy.chiu@sifive.com, jesse.huang@sifive.com, kito.cheng@sifive.com Cc: palmer@dabbelt.com, Alistair.Francis@wdc.com, laurent@vivier.eu, bmeng.cn@gmail.com, liwei1518@gmail.com, dbarboza@ventanamicro.com, zhiwei_liu@linux.alibaba.com, Deepak Gupta Subject: [PATCH v2 22/24] linux-user: permit RISC-V CFI dynamic entry in VDSO Date: Mon, 29 Jul 2024 10:53:24 -0700 Message-ID: <20240729175327.73705-23-debug@rivosinc.com> X-Mailer: git-send-email 2.44.0 In-Reply-To: <20240729175327.73705-1-debug@rivosinc.com> References: <20240729175327.73705-1-debug@rivosinc.com> MIME-Version: 1.0 Received-SPF: pass client-ip=2607:f8b0:4864:20::42a; envelope-from=debug@rivosinc.com; helo=mail-pf1-x42a.google.com X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org RISC-V CFI use new processor-specific dynamic entry in ELF. Permit it in VDSO post-processing script. Signed-off-by: Jim Shu Signed-off-by: Deepak Gupta --- linux-user/gen-vdso-elfn.c.inc | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/linux-user/gen-vdso-elfn.c.inc b/linux-user/gen-vdso-elfn.c.inc index 95856eb839..59c818eb11 100644 --- a/linux-user/gen-vdso-elfn.c.inc +++ b/linux-user/gen-vdso-elfn.c.inc @@ -273,6 +273,13 @@ static void elfN(process)(FILE *outf, void *buf, bool need_bswap) errors++; break; + case PT_LOPROC + 2: + /* RISCV_ZICFILP_PLT: for RISC-V zicfilp extension */ + if (ehdr->e_machine == EM_RISCV) { + break; + } + goto do_default; + case PT_LOPROC + 3: if (ehdr->e_machine == EM_PPC64) { break; /* DT_PPC64_OPT: integer bitmask */ From patchwork Mon Jul 29 17:53:25 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Deepak Gupta X-Patchwork-Id: 1966178 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=rivosinc-com.20230601.gappssmtp.com header.i=@rivosinc-com.20230601.gappssmtp.com header.a=rsa-sha256 header.s=20230601 header.b=AxcNr6CT; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=nongnu.org (client-ip=209.51.188.17; helo=lists.gnu.org; envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org; receiver=patchwork.ozlabs.org) Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4WXmKS5Whzz1ybX for ; Tue, 30 Jul 2024 03:57:32 +1000 (AEST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1sYUZX-0006qK-Rd; Mon, 29 Jul 2024 13:54:11 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sYUZQ-0006Hd-8r for qemu-devel@nongnu.org; Mon, 29 Jul 2024 13:54:04 -0400 Received: from mail-pf1-x432.google.com ([2607:f8b0:4864:20::432]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1sYUZM-0000PV-NQ for qemu-devel@nongnu.org; Mon, 29 Jul 2024 13:54:04 -0400 Received: by mail-pf1-x432.google.com with SMTP id d2e1a72fcca58-70d1d818c42so2115940b3a.1 for ; Mon, 29 Jul 2024 10:54:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rivosinc-com.20230601.gappssmtp.com; s=20230601; t=1722275639; x=1722880439; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=hLdx4AZXHbpEMxw/S18/9QimvuhK4hPq7UuREWO1i7w=; b=AxcNr6CTMWlI+Cs7fVd2dxcaQojw/0Yh4V/nkrvHm3c++QIcR8hbtub1MPgujKX7/O XLyYdGsMNDMRLTdqjRIbIOken5p5YW7kjWUrbONF+gx+ANpWBdRsmli15CRx0QWjIcol 3C2Ty4Kr3k0+G9yOzB/ctVIX70cuvu8+lHqCv4pELK0Ngl9ZQMEKB6DBmYXEi/hDmKaf Pbndl0rTQadfbIA7mdoFH9bBLMJ/etG84elMYlpdM+jBxRFcbF1bQF/bd/h3IQ0zkTjd QVY2awcI4Q/6LAVCyuAlnLljeEHM04zwDNCzSmHvtkE4Q1/LYtqa5UqPwSr27Q6Kyx65 9Xyw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1722275639; x=1722880439; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=hLdx4AZXHbpEMxw/S18/9QimvuhK4hPq7UuREWO1i7w=; b=cWDNNAJuiNqSK6s8rbyDjzkJ2yjPFROvGL1bhHBLZlKeKnOfy8YWXQ6JmgBgaG5BTT 6npTWoRMoWNBcb6WZj4grDtGdeQohkK89z9kCS/V4qd6zi6nEbW7dGnVqMx22Kxysrvx Es8EAWte5wPN0ygCq4/qyeSKXEzyYAQnbPVoWMOeb9Mxzg2OEnU0HLoLg55cRhcYWlhT Vi7CsHc5t4GO1gKIPIgVoyn8s9E3aPJM8SUoYdTezsgRWWkYckE1e5Lyqzvb/ViCYA00 H+fpjk0jaXmYHeNOmcuxjvuqw27Ju+B8QD6DEuxbCgcU/rf+h8IDVBamGRM7K//FU0dc 6kYw== X-Forwarded-Encrypted: i=1; AJvYcCUB/OWkFdbBT0iLJMU7oTtq9wY2kRHrp403EHZ5fPvM4+NEYMJRxgz1leTE15G6I9HmLCxLT/svpG06kgSAh6bYsa1z9Ws= X-Gm-Message-State: AOJu0YxSUl8GD05WZC2+NMJlD0Dy3BqRdzOahP6/ucvCtNZo8J54pME2 /CgQQehjhRqnrhbcthJk+pvTFos90PSm0P+Wbxb+rg1WZ/i4rVLGr9325075MUI= X-Google-Smtp-Source: AGHT+IHeHWKLJYpABBBI9IQcd/WVDBlP3mFmzx1JskVZ4SD0srql6HA5QQVPGd6UEK4LTE1RVzAvew== X-Received: by 2002:a05:6a20:3d88:b0:1c3:aec6:7663 with SMTP id adf61e73a8af0-1c4a13afd68mr7286492637.39.1722275638861; Mon, 29 Jul 2024 10:53:58 -0700 (PDT) Received: from debug.ba.rivosinc.com ([64.71.180.162]) by smtp.gmail.com with ESMTPSA id 41be03b00d2f7-7a9f7c71b15sm6303141a12.18.2024.07.29.10.53.57 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 29 Jul 2024 10:53:58 -0700 (PDT) From: Deepak Gupta To: qemu-riscv@nongnu.org, qemu-devel@nongnu.org, jim.shu@sifive.com, andy.chiu@sifive.com, jesse.huang@sifive.com, kito.cheng@sifive.com Cc: palmer@dabbelt.com, Alistair.Francis@wdc.com, laurent@vivier.eu, bmeng.cn@gmail.com, liwei1518@gmail.com, dbarboza@ventanamicro.com, zhiwei_liu@linux.alibaba.com, Deepak Gupta Subject: [PATCH v2 23/24] linux-user: Add RISC-V zicfilp support in VDSO Date: Mon, 29 Jul 2024 10:53:25 -0700 Message-ID: <20240729175327.73705-24-debug@rivosinc.com> X-Mailer: git-send-email 2.44.0 In-Reply-To: <20240729175327.73705-1-debug@rivosinc.com> References: <20240729175327.73705-1-debug@rivosinc.com> MIME-Version: 1.0 Received-SPF: pass client-ip=2607:f8b0:4864:20::432; envelope-from=debug@rivosinc.com; helo=mail-pf1-x432.google.com X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, LOTS_OF_MONEY=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Add zicfilp support in VDSO. VDSO functions need lpad instruction so that userspace could call this function when landing pad extension is enabled. This solution only works when toolchain always use landing pad label 1. Otherwise, If extension is not enabled, lpad instructions will be lui instructions with rd=x0 (which is nop). Prebuilt VDSO is still compatible with RISC-V core w/o zicfilp extension. Signed-off-by: Jim Shu Signed-off-by: Deepak Gupta --- linux-user/riscv/vdso-64.so | Bin 3944 -> 4128 bytes linux-user/riscv/vdso.S | 50 ++++++++++++++++++++++++++++++++++++ 2 files changed, 50 insertions(+) diff --git a/linux-user/riscv/vdso-64.so b/linux-user/riscv/vdso-64.so index ae49f5b043b5941b9d304a056c2b50c185f413b0..cd7f2fa7bdb811af6be2dcc3fb9601b66e3d1c81 100755 GIT binary patch delta 1345 zcmah}O=uHA6rRa8*`3W#v-vSWgUvy(QL#}%mV&j76iPuQBHAj2(ng|zmM)E!P>`g> ziy+eQP!K%yD2kv2Jb7q5_;(V#2zrPIp$E0T*_|nLFFu%g^L_K)%k2BfxBcts zwSKzU%uIMvDl|QN=xp4}g4*$}@d(n<~qepB*LP!3)Siz)SSu5ui{`}Ri4l{qVG z<))V_rE;ZO#UoHP&Zd{==Wom%v$EK`eUMXAv;*hV1Wm$<8dtCYs1tO{Mm~~-=ZGxa zjpj-e9%`|fX?zbQKeuJaBedlj?wn7H+zXnl z+6N3On@wEY6ZY=Tcmf7X)L-B&?+M^(KWxa1Nj(DZ`~!MYOa>phK%U8T zbfFM1nH*fK8zMQjS!g4|p|!;V8Z`BtS@y!IU|yFKn)JeIFwbQ2i_i|5tR_lP0~#_7 pnM$drU_4|p`G+?Pw?igvKsz+7r*-ESGZggRJRA2r@IJ6$-#>;G!0Z43 delta 1236 zcmZux&1(};5TBP#+z*pYV+<*_)IAj1YN_?B+bY<^rnX2aRgfZHEGbA2QZyn~#MXa6 z69zo>Q1McbLL?%ocu2)V4jv*F!CQ|xnnMLet@AeXqAU))otfYJy|4M$HK*Q{?-jj; zzFD!24I_@VKv0a~RwP*{I_d3w;EB@E*7O6Uf;7sa>HGB{XUh-Cou=~6m1b2gB-#DFx9A!2 zLL__`q}b;tKwVy%#A+&d0)Qt2<9$E(n(OP#|HVGj;Vb(!Jnn^O9`m|=HV73ypSJ_~ z{6VtH|v2)99wz{?bNB7jqeM)ifG;D@Xo~6$*{frvJ5_f9#bOCr+W3+&Ha4qi9He z`aFGZFXXa!K@5`_!U4;{c`Jrnfi7ItJ4G3v>4^@ll@B7dM5F9h@S~p4LQq9vBn42^ z6PgYw(n%q6kkCx1d)fjA=g8j=lUShHyjQ?)jZ>c0vk;|y1vK_lb*f|98QH&Nc9x~NiEBHO^ znyS~TI1+KqRtw@1d8*G+xEXP+8h24Gh(97jmTIbc5YN~{ri!eCOSWrHa-1h|({^L3 qZWX$;ijJCP(|ap?q2JVD+=;fE1#ar668QsJ{ X-Patchwork-Id: 1966179 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=rivosinc-com.20230601.gappssmtp.com header.i=@rivosinc-com.20230601.gappssmtp.com header.a=rsa-sha256 header.s=20230601 header.b=15OOM8Cm; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=nongnu.org (client-ip=209.51.188.17; helo=lists.gnu.org; envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org; receiver=patchwork.ozlabs.org) Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4WXmKV3LXHz1ybX for ; Tue, 30 Jul 2024 03:57:34 +1000 (AEST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1sYUZX-0006q2-Ps; Mon, 29 Jul 2024 13:54:11 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sYUZQ-0006Ig-Dc for qemu-devel@nongnu.org; Mon, 29 Jul 2024 13:54:04 -0400 Received: from mail-pf1-x42f.google.com ([2607:f8b0:4864:20::42f]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1sYUZN-0000Pw-K0 for qemu-devel@nongnu.org; Mon, 29 Jul 2024 13:54:04 -0400 Received: by mail-pf1-x42f.google.com with SMTP id d2e1a72fcca58-70d153fec2fso2795459b3a.1 for ; Mon, 29 Jul 2024 10:54:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rivosinc-com.20230601.gappssmtp.com; s=20230601; t=1722275640; x=1722880440; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=w3J0a7Kk8VH78Rf/KPYKxAa9BurTiYRdK3RsGWQBTas=; b=15OOM8CmUf5KAi1dpp+tfOmy98Hx5hePLiiFc5oViD5ltC89qYrbT7WTPPyLT7M3sX xzjfgDFnQ4JcRlsCXSUJb0xUgAH3cAHG157CYtCf1i3urrRG9S1RnkcLyc4gUM8MSbMH WdtcnUo5N5JUg/nh/AUfWIan01Hn1T+UnkvU4aFKC2+6OPlK9qHuWTfFybRjQdzn7qpV qbwgiAsjsdc879CDp5aqMR/I8U5QGIlgiZOso6eVtZCFZw7lYYUxB0rGugB9zNtVP1VY hmqiZMHy/P4lIjAbGeYoWp2BC78ZBn0Jhm+O7Sqr0Q0aipgamOSE9eri9Arrl5+zZXR/ xaPw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1722275640; x=1722880440; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=w3J0a7Kk8VH78Rf/KPYKxAa9BurTiYRdK3RsGWQBTas=; b=He21e2qXFwZiEe6EZPXD7+/pB1XEK6okn0MYKDRutmiqgQoWuXsjMXUae8Bapb0Kcf L2HUZbTNhOZD82tAWh6kSUd1POel5UV96VOiC4WPXdwpBK8p/iGTyWb6NiconlBfreN3 jDeFYEpsEVXoln4EepqUpAI2YoUXPrvDGnzWED5vWlmIQhjhFm7t5QYoCpV57rsCYsZY AfUWx95AKTfClaCdrzLyXeBaqyumAXAizYjkasPC+eiJTW4cuTXfXOq+h8xfaeKt3HOh U0NN30F6mRBWeXUL5lgZxpGbQ3+HXZef2xWfYu8p7PG7Hfr9Gy/Fs5Hi0LcU3ha5gpiX 6xXw== X-Forwarded-Encrypted: i=1; AJvYcCUgvXEhALZ6EavGwqqIn4tynJL3XZFbG3oEWHlgJHWgwiZ4tjX8faDBHa3wygf9GOMNmyl2nnDwexHj+wiZ08Nov9Vank4= X-Gm-Message-State: AOJu0YzoIS08vk+TDJH6RJqcX/2xYldQi0Tx4pX5L8byCdJzH+kmbFka Ncg2SRUtUiraednPKOOgVtrmLXQjivEtADfFghWZ5NsJaqG7ymSDvWZftXV3h0E= X-Google-Smtp-Source: AGHT+IGyb7t92TbYrkmTmHHiKjTKiGmECLntJPWTfS8dwp20WJtnI+6yJJ/+mRyAHYGwBDukrI+9gg== X-Received: by 2002:a05:6a21:9994:b0:1c0:f1ea:adf with SMTP id adf61e73a8af0-1c4a129d460mr11457487637.16.1722275640068; Mon, 29 Jul 2024 10:54:00 -0700 (PDT) Received: from debug.ba.rivosinc.com ([64.71.180.162]) by smtp.gmail.com with ESMTPSA id 41be03b00d2f7-7a9f7c71b15sm6303141a12.18.2024.07.29.10.53.59 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 29 Jul 2024 10:53:59 -0700 (PDT) From: Deepak Gupta To: qemu-riscv@nongnu.org, qemu-devel@nongnu.org, jim.shu@sifive.com, andy.chiu@sifive.com, jesse.huang@sifive.com, kito.cheng@sifive.com Cc: palmer@dabbelt.com, Alistair.Francis@wdc.com, laurent@vivier.eu, bmeng.cn@gmail.com, liwei1518@gmail.com, dbarboza@ventanamicro.com, zhiwei_liu@linux.alibaba.com, Deepak Gupta Subject: [PATCH v2 24/24] linux-user/riscv: Adding zicfiss/lp extension in hwprobe syscall Date: Mon, 29 Jul 2024 10:53:26 -0700 Message-ID: <20240729175327.73705-25-debug@rivosinc.com> X-Mailer: git-send-email 2.44.0 In-Reply-To: <20240729175327.73705-1-debug@rivosinc.com> References: <20240729175327.73705-1-debug@rivosinc.com> MIME-Version: 1.0 Received-SPF: pass client-ip=2607:f8b0:4864:20::42f; envelope-from=debug@rivosinc.com; helo=mail-pf1-x42f.google.com X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Add zicfiss/lp extensions in the ext0 key of hwprobe syscall. It is aligned with Linux CFI patchset. Signed-off-by: Jim Shu Signed-off-by: Deepak Gupta --- linux-user/syscall.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/linux-user/syscall.c b/linux-user/syscall.c index f879be7cfe..f2f2164ee5 100644 --- a/linux-user/syscall.c +++ b/linux-user/syscall.c @@ -8882,6 +8882,8 @@ static int do_getdents64(abi_long dirfd, abi_long arg2, abi_long count) #define RISCV_HWPROBE_EXT_ZTSO (1ULL << 33) #define RISCV_HWPROBE_EXT_ZACAS (1ULL << 34) #define RISCV_HWPROBE_EXT_ZICOND (1ULL << 35) +#define RISCV_HWPROBE_EXT_ZICFILP (1ULL << 36) +#define RISCV_HWPROBE_EXT_ZICFISS (1ULL << 37) #define RISCV_HWPROBE_KEY_CPUPERF_0 5 #define RISCV_HWPROBE_MISALIGNED_UNKNOWN (0 << 0) @@ -9000,6 +9002,10 @@ static void risc_hwprobe_fill_pairs(CPURISCVState *env, RISCV_HWPROBE_EXT_ZACAS : 0; value |= cfg->ext_zicond ? RISCV_HWPROBE_EXT_ZICOND : 0; + value |= cfg->ext_zicfilp ? + RISCV_HWPROBE_EXT_ZICFILP : 0; + value |= cfg->ext_zicfiss ? + RISCV_HWPROBE_EXT_ZICFISS : 0; __put_user(value, &pair->value); break; case RISCV_HWPROBE_KEY_CPUPERF_0: