Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Clarify determination of yLPE on trap return #1610

Merged
merged 1 commit into from
Aug 23, 2024
Merged

Clarify determination of yLPE on trap return #1610

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
26 changes: 11 additions & 15 deletions src/priv-cfi.adoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ details on these CFI capabilities and the associated Unprivileged ISA.

This section specifies the Privileged ISA for the Zicfilp extension.

[[FCIFIACT]]
[[FCFIACT]]
==== Landing-Pad-Enabled (LPE) State

The term `xLPE` is used to determine if forward-edge CFI using landing pads
Expand Down Expand Up @@ -88,23 +88,19 @@ When a trap is taken into privilege mode `x`, the `__x__PELP` is set to `ELP`
and `ELP` is set to `NO_LP_EXPECTED`.

An `MRET` or `SRET` instruction is used to return from a trap in M-mode or
S-mode, respectively. When executing an `__x__RET` instruction, if `__x__PP`
holds the value `y`, then `ELP` is set to the value of `__x__PELP` if `__y__LPE`
is 1; otherwise, it is set to `NO_LP_EXPECTED`; `__x__PELP` is set to
`NO_LP_EXPECTED`.
S-mode, respectively. When executing an `__x__RET` instruction, if the new
privilege mode is `y`, then `ELP` is set to the value of `__x__PELP` if
`__y__LPE` (see <<FCFIACT>>) is 1; otherwise, it is set to `NO_LP_EXPECTED`;
`__x__PELP` is set to `NO_LP_EXPECTED`.

Upon entry into Debug Mode, the `pelp` bit in `dcsr` is updated with the `ELP`
at the privilege level the hart was previously in, and the `ELP` is set to
`NO_LP_EXPECTED`. When a hart resumes from Debug Mode, if `dcsr.prv` holds the
value `y`, then `ELP` is set to the value of `pelp` if `__y__LPE` is 1;
otherwise, it is set to `NO_LP_EXPECTED`.

When the Smrnmi extension is implemented, a `MNPELP` field (bit 9)
is provided in the `mnstatus` CSR to hold the previous `ELP` state on a trap to
the RNMI handler. When a RNMI trap is delivered, the `MNPELP` is set to `ELP`
and `ELP` set to `NO_LP_EXPECTED`. Upon a `MNRET`, if the `mnstatus.MNPP` holds
the value `y`, then `ELP` is set to the value of `MNPELP` if `yLPE` is 1;
otherwise, it is set to `NO_LP_EXPECTED`.
`NO_LP_EXPECTED`. When a hart resumes from Debug Mode, if the new privilege mode
is `y`, then `ELP` is set to the value of `pelp` if `__y__LPE` (see <<FCFIACT>>)
is 1; otherwise, it is set to `NO_LP_EXPECTED`.

See also <<rnmi>> for semantics added to the RNMI trap and the MNRET instruction
when this extension is implemented.

[NOTE]
====
Expand Down
4 changes: 2 additions & 2 deletions src/rnmi.adoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -138,8 +138,8 @@ MNRET is an M-mode-only instruction that uses the values in `mnepc` and
`mnstatus` to return to the program counter, privilege mode, and
virtualization mode of the interrupted context. This instruction also
sets `mnstatus`.NMIE. If MNRET changes the privilege mode to a mode less privileged than M, it also sets `mstatus`.MPRV to 0.
If the Zicfilp extension is implemented, then if `mnstatus`.MNPP holds the
value __y__, MNRET sets `ELP` to the logical AND of __y__LPE and `mnstatus`.MNPELP.
If the Zicfilp extension is implemented, then if the new privileged mode
is __y__, MNRET sets `ELP` to the logical AND of __y__LPE (see <<FCFIACT>>) and `mnstatus`.MNPELP.

=== RNMI Operation

Expand Down
Loading