-
Notifications
You must be signed in to change notification settings - Fork 19
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Revocation 3.0 PTE bits #18
base: master
Are you sure you want to change the base?
Conversation
For FETT, I think we want to just have Speaking of those bits, I'm not elated with the current names... I thought about |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
generally lgtm, though i haven't checked against the cheri spec.
I have added a little more commentary and shuffled the different behaviours so that At the moment the code throws if an invalid state is found, but perhaps there's a more correct in-model thing to do. What happens if the RWX bits are set to W or WX, for example? |
This batch of commits moves us to LoadCapInhibit and StoreCapInhibit bits and shuffles things a bit more so that, again, all-zeros should be what we want. The Load side is more fully fleshed out than the Store side, which, right now, defines but does not use a "fast" capability-dirtying path. |
Orthogonality of commits is hard; where'd those pullbacks of patches go, anyway? This PR now also includes fixes to |
dc50c4d
to
76b1b91
Compare
src/cheri_types.sail
Outdated
@@ -94,7 +93,7 @@ function CapExCode(ex) : CapEx -> bits(5) = | |||
CapEx_ReturnTrap => 0b00110, | |||
CapEx_TSSUnderFlow => 0b00111, | |||
CapEx_UserDefViolation => 0b01000, | |||
CapEx_TLBNoStoreCap => 0b01001, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
At some point we will want to annotate this CHERI exception code as MIPS-only in the ISA doc.
956a96a
to
87acc92
Compare
Rebased. These continue to pass https://gist.github.com/nwf/cd4d760247ee54e3c9e136ba53d9fdbf ("pte-bits.S") |
As per CTSRD-CHERI/qemu#150 (comment), @jrtc27 makes an argument that the behaviour of |
Renamed |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good to me (I must admit I'd thought this was merged already because I remember testing against it!)
src/cheri_sys_regs.sail
Outdated
d : 1, /* dirty */ | ||
e : 0 /* enable */ | ||
} | ||
|
||
register mccsr : ccsr | ||
register sccsr : ccsr | ||
register sccsr : ccsr /* mccsr aliases sccsr */ | ||
register uccsr : ccsr |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Bit weird to still have uccsr... I kinda get why, but that's primarily because uccsr currently serves no purpose. Also, if mccsr and sccsr alias then normally you'd have the definition be mccsr and sccsr be an alias for (or view into) it, not the other way round.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Well, it "serves no purpose" because the d
and e
bits are not meaningfully implemented in sail, but they're still defined...
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Though maybe that does argue against making sccsr
and mccsr
alias.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm not particularly happy with what I have just written in cheri_pte.sail
-- "use sccsr
if haveSupMode()
and mccsr
otherwise" -- but it might be viable. I'm quite open to suggestions.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@jrtc27 Opinions?
Pull up to riscv/sail-riscv@2265a25 Some upstream changes apply to files in this repository as well: - Following along with riscv/sail-riscv@b1db5b9 add ext_check_phys_mem_read and ext_check_phys_mem_write implementations. - Following along with riscv/sail-riscv@9b38e33 always use riscv_flen_D.sail rather than riscv_flen_F.sail on RV32. - Following along with riscv/sail-riscv@ffea7a3 use -fcommon in C_FLAGS.
The cap-store instructions now look at the data being stored to decide whether they issue Write(Cap) or Write(Data) requests on "the bus". This allows the PTW logic (and update_PTE_Bits) in particular to not fast-cap-dirty a page that's being targeted by the store of an untagged capability. This is not, however, viable for AMOCAS and so additional changes may be required if we are to avoid considering AMOCAS as always capability-dirtying. Co-authored-by: Jessica Clarke <[email protected]>
Use Either-monadic style Eliminate ext_ptw_sc / PTW_SC_* as we now simply test the error cases in priority order, so there's no need to explicitly pass this information forward in checkPTEPermission. ext_ptw_lc / PTW_LC_* persist as the extended PTW information is analysed by instructions. Co-authored-by: Jessica Clarke <[email protected]>
Co-authored-by: Jessica Clarke <[email protected]>
* used if the machine has Supervisor mode, otherwise mccsr. | ||
* | ||
* Sv32: There are no extension bits available, so we hard-code the result to | ||
* CW=1 CR=1 CD=1 CRT=0 CRG=0 | ||
*/ | ||
type extPte = bits(10) | ||
|
||
bitfield Ext_PTE_Bits : extPte = { | ||
CapWrite : 9, /* Permit capability stores */ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is pre-existing, but bits 9 and 8 conflict with “Svpbmt” Standard Extension for Page-Based Memory Types. I wonder if we should shift everything down by two as part of this change series or start from zero (since upstream started from the top)?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ouch. I guess that's not the worst possible flag day, it'd just touch sail, the cores, and the CheriBSD kernel.
First stab at adjusting PTW for capability load generation bits.