diff --git a/src/priv-cfi.adoc b/src/priv-cfi.adoc index 278c7f4d6..088a593f3 100644 --- a/src/priv-cfi.adoc +++ b/src/priv-cfi.adoc @@ -13,7 +13,7 @@ details on these CFI capabilities and the associated Unprivileged ISA. This section specifies the Privileged ISA for the Zicfilp extension. -[[FCIFIACT]] +[[FCFIACT]] ==== Landing-Pad-Enabled (LPE) State The term `xLPE` is used to determine if forward-edge CFI using landing pads @@ -88,23 +88,19 @@ When a trap is taken into privilege mode `x`, the `__x__PELP` is set to `ELP` and `ELP` is set to `NO_LP_EXPECTED`. An `MRET` or `SRET` instruction is used to return from a trap in M-mode or -S-mode, respectively. When executing an `__x__RET` instruction, if `__x__PP` -holds the value `y`, then `ELP` is set to the value of `__x__PELP` if `__y__LPE` -is 1; otherwise, it is set to `NO_LP_EXPECTED`; `__x__PELP` is set to -`NO_LP_EXPECTED`. +S-mode, respectively. When executing an `__x__RET` instruction, if the new +privilege mode is `y`, then `ELP` is set to the value of `__x__PELP` if +`__y__LPE` (see <>) is 1; otherwise, it is set to `NO_LP_EXPECTED`; +`__x__PELP` is set to `NO_LP_EXPECTED`. Upon entry into Debug Mode, the `pelp` bit in `dcsr` is updated with the `ELP` at the privilege level the hart was previously in, and the `ELP` is set to -`NO_LP_EXPECTED`. When a hart resumes from Debug Mode, if `dcsr.prv` holds the -value `y`, then `ELP` is set to the value of `pelp` if `__y__LPE` is 1; -otherwise, it is set to `NO_LP_EXPECTED`. - -When the Smrnmi extension is implemented, a `MNPELP` field (bit 9) -is provided in the `mnstatus` CSR to hold the previous `ELP` state on a trap to -the RNMI handler. When a RNMI trap is delivered, the `MNPELP` is set to `ELP` -and `ELP` set to `NO_LP_EXPECTED`. Upon a `MNRET`, if the `mnstatus.MNPP` holds -the value `y`, then `ELP` is set to the value of `MNPELP` if `yLPE` is 1; -otherwise, it is set to `NO_LP_EXPECTED`. +`NO_LP_EXPECTED`. When a hart resumes from Debug Mode, if the new privilege mode +is `y`, then `ELP` is set to the value of `pelp` if `__y__LPE` (see <>) +is 1; otherwise, it is set to `NO_LP_EXPECTED`. + +See also <> for semantics added to the RNMI trap and the MNRET instruction +when this extension is implemented. [NOTE] ==== diff --git a/src/rnmi.adoc b/src/rnmi.adoc index e085f6edd..8d58199c6 100644 --- a/src/rnmi.adoc +++ b/src/rnmi.adoc @@ -138,8 +138,8 @@ MNRET is an M-mode-only instruction that uses the values in `mnepc` and `mnstatus` to return to the program counter, privilege mode, and virtualization mode of the interrupted context. This instruction also sets `mnstatus`.NMIE. If MNRET changes the privilege mode to a mode less privileged than M, it also sets `mstatus`.MPRV to 0. -If the Zicfilp extension is implemented, then if `mnstatus`.MNPP holds the -value __y__, MNRET sets `ELP` to the logical AND of __y__LPE and `mnstatus`.MNPELP. +If the Zicfilp extension is implemented, then if the new privileged mode +is __y__, MNRET sets `ELP` to the logical AND of __y__LPE (see <>) and `mnstatus`.MNPELP. === RNMI Operation