Revocation 3.0 PTE bits #18
Conversation
|
For FETT, I think we want to just have Speaking of those bits, I'm not elated with the current names... I thought about |
|
I have added a little more commentary and shuffled the different behaviours so that At the moment the code throws if an invalid state is found, but perhaps there's a more correct in-model thing to do. What happens if the RWX bits are set to W or WX, for example? |
|
This batch of commits moves us to LoadCapInhibit and StoreCapInhibit bits and shuffles things a bit more so that, again, all-zeros should be what we want. The Load side is more fully fleshed out than the Store side, which, right now, defines but does not use a "fast" capability-dirtying path. |
nwf
changed the title
|
Orthogonality of commits is hard; where'd those pullbacks of patches go, anyway? This PR now also includes fixes to |
nwf
force-pushed
the
clg
branch
2 times, most recently
from
dc50c4d
to
76b1b91
Compare
src/cheri_types.sail
Outdated
| @@ -94,7 +93,7 @@ function CapExCode(ex) : CapEx -> bits(5) = | |||
| CapEx_ReturnTrap => 0b00110, | |||
| CapEx_TSSUnderFlow => 0b00111, | |||
| CapEx_UserDefViolation => 0b01000, | |||
| CapEx_TLBNoStoreCap => 0b01001, | |||
There was a problem hiding this comment.
At some point we will want to annotate this CHERI exception code as MIPS-only in the ISA doc.
nwf
force-pushed
the
clg
branch
2 times, most recently
from
956a96a
to
87acc92
Compare
|
Rebased. These continue to pass https://gist.github.com/nwf/cd4d760247ee54e3c9e136ba53d9fdbf ("pte-bits.S") |
|
As per CTSRD-CHERI/qemu#150 (comment), @jrtc27 makes an argument that the behaviour of |
|
Renamed |
src/cheri_sys_regs.sail
Outdated
| d : 1, /* dirty */ | ||
| e : 0 /* enable */ | ||
| } | ||
|
|
||
| register mccsr : ccsr | ||
| register sccsr : ccsr | ||
| register sccsr : ccsr /* mccsr aliases sccsr */ | ||
| register uccsr : ccsr |
There was a problem hiding this comment.
Bit weird to still have uccsr... I kinda get why, but that's primarily because uccsr currently serves no purpose. Also, if mccsr and sccsr alias then normally you'd have the definition be mccsr and sccsr be an alias for (or view into) it, not the other way round.
There was a problem hiding this comment.
Well, it "serves no purpose" because the d and e bits are not meaningfully implemented in sail, but they're still defined...
There was a problem hiding this comment.
Though maybe that does argue against making sccsr and mccsr alias.
There was a problem hiding this comment.
I'm not particularly happy with what I have just written in cheri_pte.sail -- "use sccsr if haveSupMode() and mccsr otherwise" -- but it might be viable. I'm quite open to suggestions.
Pull up to riscv/sail-riscv@2265a25 Some upstream changes apply to files in this repository as well: - Following along with riscv/sail-riscv@b1db5b9 add ext_check_phys_mem_read and ext_check_phys_mem_write implementations. - Following along with riscv/sail-riscv@9b38e33 always use riscv_flen_D.sail rather than riscv_flen_F.sail on RV32. - Following along with riscv/sail-riscv@ffea7a3 use -fcommon in C_FLAGS.
The cap-store instructions now look at the data being stored to decide whether they issue Write(Cap) or Write(Data) requests on "the bus". This allows the PTW logic (and update_PTE_Bits) in particular to not fast-cap-dirty a page that's being targeted by the store of an untagged capability. This is not, however, viable for AMOCAS and so additional changes may be required if we are to avoid considering AMOCAS as always capability-dirtying. Co-authored-by: Jessica Clarke <jrtc27@jrtc27.com>
Use Either-monadic style Eliminate ext_ptw_sc / PTW_SC_* as we now simply test the error cases in priority order, so there's no need to explicitly pass this information forward in checkPTEPermission. ext_ptw_lc / PTW_LC_* persist as the extended PTW information is analysed by instructions. Co-authored-by: Jessica Clarke <jrtc27@jrtc27.com>
Co-authored-by: Jessica Clarke <jrtc27@jrtc27.com>
| * used if the machine has Supervisor mode, otherwise mccsr. | ||
| * | ||
| * Sv32: There are no extension bits available, so we hard-code the result to | ||
| * CW=1 CR=1 CD=1 CRT=0 CRG=0 | ||
| */ | ||
| type extPte = bits(10) | ||
|
|
||
| bitfield Ext_PTE_Bits : extPte = { | ||
| CapWrite : 9, /* Permit capability stores */ |
There was a problem hiding this comment.
This is pre-existing, but bits 9 and 8 conflict with “Svpbmt” Standard Extension for Page-Based Memory Types. I wonder if we should shift everything down by two as part of this change series or start from zero (since upstream started from the top)?
There was a problem hiding this comment.
Ouch. I guess that's not the worst possible flag day, it'd just touch sail, the cores, and the CheriBSD kernel.
First stab at adjusting PTW for capability load generation bits.