Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SSAMOSWAP in chapter 2.2 #189

Closed
jklockars opened this issue Dec 4, 2023 · 6 comments
Closed

SSAMOSWAP in chapter 2.2 #189

jklockars opened this issue Dec 4, 2023 · 6 comments

Comments

@jklockars
Copy link

Currently there is no mention of SSAMOSWAP in chapter 2.2.
Shouldn't there be text saying that it is an illegal instruction when the various xSSE are 0?
@ved-rivos
Copy link
Collaborator

The rules for SSAMOSWAP are specified in listing 4 and 5.

if privilege_mode != M && menvcfg.SSE == 0
    raise illegal-instruction exception
if S-mode not implemented
    raise illegal-instruction exception
else if privilege_mode == U && senvcfg.SSE == 0
    raise illegal-instruction exception
else if privilege_mode == VS && henvcfg.SSE == 0
    raise virtual instruction exception
else if privilege_mode == VU && senvcfg.SSE == 0
    raise virtual instruction exception
else
   <<swap>>

The SSAMOSWAP, unlike other shadow stack instructions are not Zimop. Further, while xSSE is always 0 in machine mode, the machine mode may use SSAMOSWAP to operate on memory of lower privileges using MPRV and MPP to provide the effective privilege mode for the memory access.

@ved-rivos
Copy link
Collaborator

Perhaps I misunderstood your comment. Were you suggesting to add statements in section 2.2 explaining the faults in listing 4/5?

@jklockars
Copy link
Author

jklockars commented Dec 5, 2023
edited
Loading

I am aware of the rules in chapter 2.7 (implemented this last week ;-).
Obviously, that is enough to describe the behaviour.

But for example SSRDP is described in 2.6 as doing

if (xSSE == 1)
  X(dst) = ssp
else
  X(dst) = 0
endif

and 2.2 also says what happens when xSSE = 0.
So why not similar treatment for SSAMOSWAP in 2.2?

Sure, it is not needed - I should have been clear about that.

But perhaps something like, for menvcfg:
When SSE field is 0...
...
o SSAMOSWAP raises an illegal instruction exception.

senvcfg:
...
o SSAMOSWAP raises an illegal instruction exception in U-mode, and a virtual instruction exception in VU-mode

henvcfg:
...
o SSAMOSWAP raises a virtual instruction exception.

@ved-rivos
Copy link
Collaborator

ved-rivos commented Dec 5, 2023
edited
Loading

I will make an update to either include the listing 4 rules in 2.2 or to provide a forward reference to listing 4.

@ved-rivos
Copy link
Collaborator

Please check PR #193

@jklockars
Copy link
Author

Looks good to me.

Could be "simplified" for senvcfg since there will always be an illegal instruction exception in U mode (independent of menvcfg.SSE), but that might not make anything clearer.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jklockars @ved-rivos