Re: [PATCH v2 2/2] target/riscv: fixes a bug against `ssamoswap` behavior in M-mode

Thu, 06 Mar 2025 18:41:31 -0800 

On Thu, Mar 6, 2025 at 4:47 PM Deepak Gupta <de...@rivosinc.com> wrote:
>
> Commit f06bfe3dc38c ("target/riscv: implement zicfiss instructions") adds
> `ssamoswap` instruction. `ssamoswap` takes the code-point from existing
> reserved encoding (and not a zimop like other shadow stack instructions).
> If shadow stack is not enabled (via xenvcfg.SSE) and effective priv is
> less than M then `ssamoswap` must result in an illegal instruction
> exception. However if effective priv is M, then `ssamoswap` results in
> store/AMO access fault. See Section "22.2.3. Shadow Stack Memory
> Protection" of priv spec.
>
> Fixes: f06bfe3dc38c ("target/riscv: implement zicfiss instructions")
>
> Reported-by: Ved Shanbhogue <v...@rivosinc.com>
> Signed-off-by: Deepak Gupta <de...@rivosinc.com>

Reviewed-by: Alistair Francis <alistair.fran...@wdc.com>

Alistair

> ---
>  target/riscv/insn_trans/trans_rvzicfiss.c.inc | 17 +++++++++++++++++
>  1 file changed, 17 insertions(+)
>
> diff --git a/target/riscv/insn_trans/trans_rvzicfiss.c.inc 
> b/target/riscv/insn_trans/trans_rvzicfiss.c.inc
> index e3ebc4977c..b0096adcd0 100644
> --- a/target/riscv/insn_trans/trans_rvzicfiss.c.inc
> +++ b/target/riscv/insn_trans/trans_rvzicfiss.c.inc
> @@ -15,6 +15,13 @@
>   * You should have received a copy of the GNU General Public License along 
> with
>   * this program.  If not, see <http://www.gnu.org/licenses/>.
>   */
> +
> +#define REQUIRE_ZICFISS(ctx) do {        \
> +    if (!ctx->cfg_ptr->ext_zicfiss) {    \
> +        return false;                    \
> +    }                                    \
> +} while (0)
> +
>  static bool trans_sspopchk(DisasContext *ctx, arg_sspopchk *a)
>  {
>      if (!ctx->bcfi_enabled) {
> @@ -77,6 +84,11 @@ static bool trans_ssrdp(DisasContext *ctx, arg_ssrdp *a)
>  static bool trans_ssamoswap_w(DisasContext *ctx, arg_amoswap_w *a)
>  {
>      REQUIRE_A_OR_ZAAMO(ctx);
> +    REQUIRE_ZICFISS(ctx);
> +    if (ctx->priv == PRV_M) {
> +        generate_exception(ctx, RISCV_EXCP_STORE_AMO_ACCESS_FAULT);
> +    }
> +
>      if (!ctx->bcfi_enabled) {
>          return false;
>      }
> @@ -97,6 +109,11 @@ static bool trans_ssamoswap_d(DisasContext *ctx, 
> arg_amoswap_w *a)
>  {
>      REQUIRE_64BIT(ctx);
>      REQUIRE_A_OR_ZAAMO(ctx);
> +    REQUIRE_ZICFISS(ctx);
> +    if (ctx->priv == PRV_M) {
> +        generate_exception(ctx, RISCV_EXCP_STORE_AMO_ACCESS_FAULT);
> +    }
> +
>      if (!ctx->bcfi_enabled) {
>          return false;
>      }
> --
> 2.34.1
>
>

Reply via email to