search

riscv / riscv-cheri

This repository contains the CHERI extension specification, adding hardware capabilities to RISC-V ISA to enable fine-grained memory protection and scalable compartmentalization.
https://jira.riscv.org/browse/RVG-148
Creative Commons Attribution 4.0 International
47 stars 28 forks source link

Control access to Zstid CSRs #358

Closed andresag01 closed 3 weeks ago

andresag01 commented 3 weeks ago

Add a bit in xstateen0 CSRs to control access to new CSRs used by the Zstid extension.

Fixes https://github.com/riscv/riscv-cheri/issues/333

tariqkurd-repo commented 3 weeks ago

if you allocate bit 28 then there'll be a lot more time before it gets overwritten, but they do seem to be allocating from the top so I guess it's ok

tomaird commented 3 weeks ago

I don't think it's clear enough from this change explicitly which bit controls which CSR in which privilege mode. It seems to suggest that if mstateen0.TID=0 this means that only M-level access can access stid, and if sstateen0.TID=0 then U-level access cannot access utid. And if the TID bits are 1, then the read/write-permissions described in the Zstid CSR tables apply. Is that correct? This could be clearer.

Also does this change now mean Zstid is dependent on the Sxstateen extensions being enabled too? Or is possible to implement Zstid without Sxstateen? This could also be clearer.

andresag01 commented 3 weeks ago

I don't think it's clear enough from this change explicitly which bit controls which CSR in which privilege mode. It seems to suggest that if mstateen0.TID=0 this means that only M-level access can access stid, and if sstateen0.TID=0 then U-level access cannot access utid. And if the TID bits are 1, then the read/write-permissions described in the Zstid CSR tables apply. Is that correct? This could be clearer.

This change is simply adding a new bit to the stateen CSR. It is not a re-statement of the Smstateen/Ssstateen extensions that are described in Chapter 4 of the Privileged specification. Please take a look at that specification for a full description of how the mechanism works.

Also does this change now mean Zstid is dependent on the Sxstateen extensions being enabled too? Or is possible to implement Zstid without Sxstateen? This could also be clearer.

Zstid can be implemented independently as described in the Smstateen/Ssstateen extension. Here is the relevant fragment from the RISC-V Privileged specification Section 4.1:

When this [Smstateen/Ssstateen] extension is not implemented, all state added by an extension [Zstid in our case] is accessible as defined by that extension.