Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Split CRG functionality for U and S-modes #491

Merged
merged 13 commits into from
Jan 15, 2025
Prev Previous commit
Next Next commit
clean up PTE table footnotes
tariqkurd-repo committed Jan 13, 2025
commit 7b96caa93070ec02c21933fd677fbb45fa113618
22 changes: 10 additions & 12 deletions src/cheri-pte-ext.adoc
Original file line number Diff line number Diff line change
@@ -153,33 +153,31 @@ and the capability read from memory optionally has its tag set^1^.
|===
|PTE.CW |Mode^1^ |PTE.CRG |Load/AMO
| 0 | S/U | X | Clear loaded tag
| 1 | U |&#8800; <<sstatusreg_pte,sstatus>>.UCRG | Page fault, or page fault if tag is set
| 1 | U |&#8800; <<sstatusreg_pte,sstatus>>.UCRG | Page fault, or page fault if tag is set^2^
| 1 | U |= <<sstatusreg_pte,sstatus>>.UCRG | Normal operation
| 1 | S | X | Normal operation^2^
| 1 | S | X | Normal operation^3^
|===

^1^ This is the effective privilege mode of the memory access.

^2^ A future version of this specification may check an SCRG bit in <<sstatusreg_pte,sstatus>> for kernel revocation.
^2^ The choice here is whether to take data dependent exceptions on loads or atomic operations.
It is legal for the implementation to fault even if the tag is not set since this behavior is only an optimization for software.
This means it is also legal to only check the tag under certain conditions and conservatively fault otherwise.
Taking a trap when the tag is not set will introduce additional traps during revocation sweeps.
Checking the loaded tag affects the exception priority, see <<exception-priority>>.

^3^ A future version of this specification may check an SCRG bit in <<sstatusreg_pte,sstatus>> for kernel revocation.

[[pte_cw_crg_store_summary]]
.Summary of Store CW and CRG behavior in the PTEs
[%autowidth,float="center",align="center",cols="<,<,<",options="header"]
|===
|PTE.CW |PTE.CRG |Store/AMO
| 0 | 0 | Page fault if stored tag is set
| 0 | 1 | Page fault if stored tag is set, or hardware CW and CRG update^2^
| 0 | 1 | Page fault if stored tag is set, or <<section_hardware_pte_updates, hardware CW and CRG update>>
| 1 | X | Normal operation
|===

^1^ The choice here is whether to take data dependent exceptions on loads or atomic operations.
It is legal for the implementation to fault even if the tag is not set since this behavior is only an optimization for software.
This means it is also legal to only check the tag under certain conditions and conservatively fault otherwise.
Taking a trap when the tag is not set will introduce additional traps during revocation sweeps.
Checking the loaded tag affects the exception priority, see <<exception-priority>>.

^2^ See <<section_hardware_pte_updates>>.

The exceptions added by {cheri_pte_ext_name} reuse the load page fault and store/AMO page fault exception cause values,
and so the cause of the exception can be determined by software by checking the value in <<mtval2>>,
<<stval2>> etc.