search

riscv / riscv-isa-manual

RISC-V Instruction Set Manual
https://riscv.org/
Creative Commons Attribution 4.0 International
3.69k stars 644 forks source link

Specify PMPs #2

Closed aswaterman closed 7 years ago

aswaterman commented 7 years ago

Current plan is to mirror breakpoint design. Include feature to protect M-mode from itself, and a lock bit that makes a PMP read-only until next reset.

aswaterman commented 7 years ago

Re: locking feature: since PMPs are a whitelist, locking them is only useful for security if you lock all of them; else, the unlocked ones serve as an escape hatch. The PMPs would be more flexible if you could lock some but not others, and still guarantee that certain parts of the address space are inaccessible.

One approach is to create the notion of blacklist and whitelist PMPs, where the blacklist takes precedence over the whitelist.

eternaleye commented 7 years ago

Another option might be to make the whitelist ordering-sensitive - that is, the first matching PMP for an address wins.

This would have the effect of ensuring that PMPs only take effect on disjoint regions of memory, without requiring any actual overlap checking on the part of the implementation.

M-mode could then mark memory read-only using PMP 0, lock it, and know that no other PMP could override.

aswaterman commented 7 years ago

Good point, we'll consider that option.

aswaterman commented 7 years ago

dd8d4755b32db89fcf3771dcfc5a4c3dfa3f6ddf closes this issue