From 0a391091b9db09a6eb33c910559212b370d0b749 Mon Sep 17 00:00:00 2001 From: Tariq Kurd Date: Thu, 16 Jan 2025 15:01:28 +0100 Subject: [PATCH] specify M-bit behaviour when there's no integer mode (#507) The spec doesn't currently specify what to do about encodings when Zcherihybrid isn't implemented. The proposal is: * for RV32 - setting M in quadrant 1 gives invalid permissions * for RV64 - M is simply a reserved bit which seems a bit inconsistent, but it's because in RV32 it's part of the permissions encodings, whereas in RV64 it's just a separate bit, and so reserved. --- src/insns/acperm_32bit.adoc | 8 +++++--- src/riscv-hybrid-integration.adoc | 11 ++++++++--- 2 files changed, 13 insertions(+), 6 deletions(-) diff --git a/src/insns/acperm_32bit.adoc b/src/insns/acperm_32bit.adoc index 494ba856..ffe37729 100644 --- a/src/insns/acperm_32bit.adoc +++ b/src/insns/acperm_32bit.adoc @@ -61,12 +61,14 @@ The rules from <> must be followed when removing permissions. | 13 (RV32 only) | <> | (<> and <> and <> and (<> == ∞)) or + (not(<> and not(<>) and not(<>) and (<>==0)))^1^ | 14 | <> | <> -| 15^2^ | <> | <> +| 15^2^ (RV32 only) | <> | <> and {cheri_default_ext_name} is implemented |=== ^1^ All the listed permissions in the set are either minimum or maximum. + -^2^ The <> only exists if {cheri_default_ext_name} is implemented. - Otherwise it is reserved and this rule is not relevant. +^2^ For RV32, the encodings which have the <> set to {int_mode_value} for {cheri_int_mode_name} + are only valid if {cheri_default_ext_name} is implemented. Otherwise those encodings represent invalid permissions. + +CAUTION: For RV64 without {cheri_default_ext_name}, the <> is a _reserved_ bit, and so is not relevant to ACPERM. The behavior of currently illegal combinations from <> is to clear the permission if invalid (or in the case of <> set it to 0 (_local_)). diff --git a/src/riscv-hybrid-integration.adoc b/src/riscv-hybrid-integration.adoc index 2035ac24..c5f2bbf8 100644 --- a/src/riscv-hybrid-integration.adoc +++ b/src/riscv-hybrid-integration.adoc @@ -22,7 +22,7 @@ is a new unprivileged register: the default data capability, <>, that is used to authorize all data memory accesses when in {cheri_int_mode_name}. -The current CHERI execution mode is given by the <> field of <> that +The current CHERI execution mode is given by the <> of <> that is encoded as described in xref:m_bit[xrefstyle=short]. The CHERI execution mode impacts the instruction set in the following ways: @@ -55,7 +55,7 @@ Setting both registers to <> ensures that: * The bounds authorize accesses to the entire address space i.e base is 0 and top is 2^MXLEN^ -[#m_bit,reftext="CHERI Execution Mode Encoding"] +[#m_bit,reftext="M-bit"] === CHERI Execution Mode Encoding {cheri_default_ext_name} adds a new CHERI execution Mode field (M) to @@ -66,10 +66,15 @@ when the <> is set. _even though it is not a permission_ as shown in <>. ** Only quadrant 1 represents executable capabilities, and so it's the only one which encodes the Mode. -* When MXLEN=64, the Mode is encoded separately; a new <> field is +** If {cheri_default_ext_name} not implemented, then setting the <> to + {int_mode_value} for {cheri_int_mode_name} in quadrant 1 causes the permissions + to be invalid, i.e. an encoding which cannot be produced by <>. +* When MXLEN=64, the Mode is encoded separately; a new <> is added to the capability format as shown in xref:cap_perms_encoding64[xrefstyle=short]. The <> is only valid for code capabilities, otherwise the field is reserved. +** When {cheri_default_ext_name} is not implemented then the bit allocated to the <> + is _reserved_ for future use. NOTE: Mode is encoded with permissions for MXLEN=32, but is not a permission. It is orthogonal to permissions as it can vary arbitrarily using <>.