Ensure GCPERM result is forwards-compatible with software

When new extensions add permissions that are subsets of current permissions (e.g. Zcherilevels refines loads/stores), then a system that does not support these permissions should still report ones in GCPERM to ensure that code that inspects permissions knows that the load/store behaves as if all of these permission bits were set. We reserve the low 24 bits as ones (to be used as refinements of the current permissions) and the upper 8 (40 for RV64) bits as zeros (to be used for new permissions that aren't subsets (e.g. seal/unseal/compartment ID). Partially addresses #502
riscv · Feb 13, 2025 · 13125db · 13125db
1 parent b22994e
commit 13125db
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 3 deletions.
diff --git a/src/img/acperm_bit_field.edn b/src/img/acperm_bit_field.edn
@@ -6,13 +6,14 @@
 (def left-margin 100)
 (def right-margin 100)
 (def boxes-per-row 32)
-(draw-column-headers {:height 20 :font-size 18 :labels (reverse ["0" "1" "2" "3" "4" "5" "6" "" "" "SDPLEN+5" "" "" "" "" "" "15" "16" "17" "18" "19" "" "" "" "" "" "" "" "" "" "" "" "XLEN-1"])})
+(draw-column-headers {:height 20 :font-size 18 :labels (reverse ["0" "1" "2" "3" "4" "5" "6" "" "" "SDPLEN+5" "" "" "" "" "" "15" "16" "17" "18" "19" "" "23" "" "" "" "" "" "" "" "" "" "XLEN-1"])})
 
-(draw-box "Reserved" {:span 13})
+(draw-box "Reserved 0" {:span 10})
+(draw-box "Reserved 1" {:span 3})
 (draw-box "R"        {:span 1})
 (draw-box "X"        {:span 1})
 (draw-box "ASR"      {:span 1})
-(draw-box "Reserved" {:span 6})
+(draw-box "Reserved 1" {:span 6})
 (draw-box "SDP"      {:span 4})
 (draw-box "C"        {:span 1})
 (draw-box "CL"       {:span 1})

diff --git a/src/insns/gcperm_32bit.adoc b/src/insns/gcperm_32bit.adoc
@@ -25,6 +25,7 @@ Convert the unpacked AP permissions as well as the SDP fields of capability `cs1
 into a bit field, with the format shown in xref:gcperm_bit_field[xrefstyle=short],
 and write the result to `rd`. A bit set to 1 in the bit field indicates that
 `cs1` grants the corresponding permission.
+All bits in the `[0:23]` range that are reserved or assigned to extensions that are not implemented by the current hart always report 1.
 +
 If the AP field cannot be produced by <<ACPERM>> then all architectural
 permission bits in `rd` are set to 0.
@@ -33,6 +34,12 @@ permission bits in `rd` are set to 0.
 [#gcperm_bit_field]
 include::../img/acperm_bit_field.edn[]
 
+NOTE: When {cheri_levels_ext_name} is not implemented, the `CL`, `SL`, and `EL` fields always report 1.
+This ensures forwards-compatibility since loads/stores on a core without {cheri_levels_ext_name} behave as if these permissions are always present.
+
+NOTE: Any future extension that defines new permission that are a refinement of existing permissions (e.g. finer-grained <<asr_perm>>) must be allocated to the bits that are currently reported as 1 to ensure forward-compatibility.
+Completely new permissions (e.g. sealing) should use the bits that are reported as zero in the current specification.
+
 Exceptions::
 include::require_cre.adoc[]