Skip to content

Latest commit

 

History

History
112 lines (82 loc) · 4.02 KB

cfi_csrs.adoc

File metadata and controls

112 lines (82 loc) · 4.02 KB

Shadow Stack and Landing Pad CSRs

This chapter specifies the CSR state of the Zisslpcfi extension.

Machine environment configuration regisers (menvcfg and menvcfgh)

The CFI (bit 60) bit controls if Zisslpcfi extension is available for use in modes less privileged than M.

When menvcfg.CFI bit is 0, then at privilege modes less privileged than M:

  • Attempts to access ssp CSR and lplr CSR raise an illegal instruction exception.

  • Zisslpcfi extension instructions revert to the Zimops defined behavior.

  • The SFCFIEN and SPELP fields in mstatus are read-only zero.

  • The CFI field in henvcfg is read-only zero.

  • The pte.xwr=010b encoding in S-stage page tables is reserved.

Hypervisor environment configuration regisers (henvcfg and henvcfgh)

The CFI (bit 60) bit controls if Zisslpcfi extension is available for use in VS and VU modes. When menvcfg.CFI is 0, henvcfg.CFI is read-only zero.

When henvcfg.CFI bit is 0, then at privilege modes VS and VU:

  • Attempts to access ssp CSR and lplr CSR raise an illegal instruction exception.

  • The SFCFIEN and SPELP fields in vsstatus are read-only zero.

  • The pte.xwr=010b encoding in VS-stage page tables remains reserved.

Machine status registers (mstatus)

The MFCFIEN (bit 25) is a WARL fields that when set to 1 enables forward-edge CFI at M-mode.

The SFCFIEN (bit 24) and UFCFIEN (bit 23) are WARL fields that when set to 1 enable forward-edge CFI S-mode (if supported), and U-mode (if supported) respectively.

The SBCFIEN (bit 26) and UBCFIEN (bit 27) are WARL fields that when set to 1 enable backward-edge CFI S-mode (if supported), and U-mode (if supported) respectively.

The MPELP (bit 29) and SPELP (bit 28) WARL fields are updated when a trap is taken into M-mode or S-mode respectively. When a trap is taken into privilege mode x, the xPELP fields are updated to indicate that a landing pad was expected at the privilege level xPP at the time of taking the trap.

The xPELP fields are encoded as follows:

  • 0 - NO_LP_EXPECTED - no landing pad instruction expected

  • 1 - LP_EXPECTED - landing pad instruction expected

Supervisor status registers (sstatus)

When menvcfg.CFI is 1, access to the following fields accesses the homonymous field of mstatus register. When menvcfg.CFI is 0, these fields are read-only zero.

  • UFCFIEN (bit 23)

  • SFCFIEN (bit 24)

  • UBCFIEN (bit 26)

  • SBCFIEN (bit 27)

  • SPELP (bit 28)

Virtual supervisor status registers (vsstatus)

The vsstatus register is VS-mode’s version of sstatus and the Zisslpcfi extension introduces the following fields.

  • UFCFIEN (bit 23)

  • SFCFIEN (bit 24)

  • UBCFIEN (bit 26)

  • SBCFIEN (bit 27)

  • SPELP (bit 28)

When henvcfg.CFI is 0, these fields are read-only zero.

Landing pad label register (lplr)

The lplr CSR is a user-mode read-write (URW) 32-bit register that holds the label expected at the target of an indirect call or an indirect jump. The label is split into a 8-bit upper label (UL), 8-bit middle label (ML), and a 9-bit lower label (LL).

lplr for RV32 and RV64
{reg: [
  {bits: 9, name: 'LL'},
  {bits: 8, name: 'ML'},
  {bits: 8, name: 'UL'},
  {bits: 7, name: 'WPRI'},
], config:{lanes: 1, hspace:1024}}

When menvcfg.CFI is 0, an attempt to access lplr in a mode other than M-mode raises an illegal instruction exception. When menvcfg.CFI is 1 but henvcfg.CFI is 0, an attempt to access lplr when V=1 raises a virtual instruction exception.

Shadow stack pointer (ssp)

The ssp CSR is an unprivileged read-write (URW) CSR that reads and writes XLEN low order bits of the shadow stack pointer (ssp). There is no high CSR defined as the ssp is always as wide as the XLEN of the current privilege level.

When menvcfg.CFI is 0, an attempt to access ssp in a mode other than M-mode raises an illegal instruction exception. When menvcfg.CFI is 1 but henvcfg.CFI is 0, an attempt to access ssp when V=1 raises a virtual instruction exception.