From fe775f7168229a7f60d4508f0fc3d894b27462cc Mon Sep 17 00:00:00 2001 From: Tariq Kurd Date: Fri, 10 Jan 2025 15:43:11 +0100 Subject: [PATCH 1/4] fix issue 504 --- src/insns/acperm_32bit.adoc | 6 ++++-- src/level-ext.adoc | 22 ++++++++++++---------- 2 files changed, 16 insertions(+), 12 deletions(-) diff --git a/src/insns/acperm_32bit.adoc b/src/insns/acperm_32bit.adoc index af877d26..07202bfa 100644 --- a/src/insns/acperm_32bit.adoc +++ b/src/insns/acperm_32bit.adoc @@ -61,10 +61,12 @@ The rules from <> must be followed when removing permissions. | 13 (RV32 only) | <> | (<> and <> and <> and (<> == ∞)) or + (not(<> and not(<>) and not(<>) and (<>==0)))^1^ | 14 | <> | <> -| 15 | <> | <> +| 15^2^ | <> | <> |=== -^1^ All the listed permissions in the set are either minimum or maximum. +^1^ All the listed permissions in the set are either minimum or maximum. + +^2^ This rule is only relevant, and the <> only exists, if {cheri_default_ext_name} is implemented. + If this bit is set when {cheri_default_ext_name} is _not_ implemented, then the permissions are invalid. The behavior of currently illegal combinations from <> is to clear the permission if invalid (or in the case of <> set it to 0 (_local_)). diff --git a/src/level-ext.adoc b/src/level-ext.adoc index f5ee449e..c3312e94 100644 --- a/src/level-ext.adoc +++ b/src/level-ext.adoc @@ -75,32 +75,34 @@ endif::[] 11+| bit[0] - <> ({CAP_MODE_VALUE}-{cheri_cap_mode_name}, {INT_MODE_VALUE}-{cheri_int_mode_name}) |Bits[4:3]| R | W | C | LM | EL | SL | X | ASR | Mode^1^ | | 0-1 | ✔ | ✔ | ✔ | ✔ | ✔ | ∞ | ✔ | ✔ | Mode^1^ | Execute + ASR (see <>) -| 2-3 | ✔ | | ✔ | ✔ | ✔ | ∞^1^| ✔ | | Mode^1^ | Execute + Data & Cap RO +| 2-3 | ✔ | | ✔ | ✔ | ✔ | ∞^2^| ✔ | | Mode^1^ | Execute + Data & Cap RO | 4-5 | ✔ | ✔ | ✔ | ✔ | ✔ | ∞ | ✔ | | Mode^1^ | Execute + Data & Cap RW -| 6-7 | ✔ | ✔ | | | | 0^1^| ✔ | | Mode^1^ | Execute + Data RW +| 6-7 | ✔ | ✔ | | | | 0^2^| ✔ | | Mode^1^ | Execute + Data RW 11+| *Quadrant 2: Restricted capability data read/write* 11+| bit[2] = write, bit[1:0] = store level. R and C implicitly granted, LM dependent on W permission. |Bits[4:3]| R | W | C | LM | EL | SL | X | ASR | Mode^1^ | | 0-2 10+| reserved | 3 | ✔ | | ✔ | | | 0^1^ | | | N/A | Data & Cap R0 (without <>) -| 4 | ✔ | ✔ | ✔ | ✔ | | _(3)_ | | | N/A | _Reserved_ when `LVLBITS=1` ^2^ -| 5 | ✔ | ✔ | ✔ | ✔ | | _(2)_ | | | N/A | _Reserved_ when `LVLBITS=1` ^2^ +| 4 | ✔ | ✔ | ✔ | ✔ | | _(3)_ | | | N/A | _Reserved_ when `LVLBITS=1` ^3^ +| 5 | ✔ | ✔ | ✔ | ✔ | | _(2)_ | | | N/A | _Reserved_ when `LVLBITS=1` ^3^ | 6 | ✔ | ✔ | ✔ | ✔ | | 1 | | | N/A | Data & Cap RW (with store _local_, no <>) | 7 | ✔ | ✔ | ✔ | ✔ | | 0 | | | N/A | Data & Cap RW (no store _local_, no <>) 11+| *Quadrant 3: Capability data read/write* 11+| bit[2] = write, bit[1:0] = store level. R and C implicitly granted. 11+| _Reserved bits for future extensions must be 1 so they are implicitly granted_ -|Bits[4:3]| R | W | C | LM | EL | SL | X | ASR | Mode^1^ | +|Bits[4:3]| R | W | C | LM | EL | SL | X | ASR | Mode^2^ | | 0-2 10+| reserved -| 3 | ✔ | | ✔ | ✔ | ✔ | 0^1^ | | | N/A | Data & Cap R0 -| 4 | ✔ | ✔ | ✔ | ✔ | ✔ | _(3)_ | | | N/A | _Reserved_ when `LVLBITS=1` ^2^ -| 5 | ✔ | ✔ | ✔ | ✔ | ✔ | _(2)_ | | | N/A | _Reserved_ when `LVLBITS=1` ^2^ +| 3 | ✔ | | ✔ | ✔ | ✔ | 0^2^ | | | N/A | Data & Cap R0 +| 4 | ✔ | ✔ | ✔ | ✔ | ✔ | _(3)_ | | | N/A | _Reserved_ when `LVLBITS=1` ^3^ +| 5 | ✔ | ✔ | ✔ | ✔ | ✔ | _(2)_ | | | N/A | _Reserved_ when `LVLBITS=1` ^3^ | 6 | ✔ | ✔ | ✔ | ✔ | ✔ | 1 | | | N/A | Data & Cap RW (with store _local_) | 7 | ✔ | ✔ | ✔ | ✔ | ✔ | 0 | | | N/A | Data & Cap RW (no store _local_) |============================================================================== -^1^ SL isn't applicable in these cases, but this value is reported by <> to simplify the rules followed by <> + -^2^ These entries are reserved when `LVLBITS=1` and in use when `LVLBITS=2` +^1^ _Mode (<>) can only be set on a tagged capability when {cheri_default_ext_name} +is supported. Despite being encoded here it is *not* an architectural permission._ + +^2^ SL isn't applicable in these cases, but this value is reported by <> to simplify the rules followed by <> + +^3^ These entries are reserved when `LVLBITS=1` and in use when `LVLBITS=2` [#section_cap_level_change] === Changing capability levels and permissions From 366669de0a2a0a2d2ea8f40eb869fe057de6fe3b Mon Sep 17 00:00:00 2001 From: Tariq Kurd Date: Fri, 10 Jan 2025 17:32:07 +0100 Subject: [PATCH 2/4] fix ACPERm M-bit comment --- src/insns/acperm_32bit.adoc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/insns/acperm_32bit.adoc b/src/insns/acperm_32bit.adoc index 07202bfa..494ba856 100644 --- a/src/insns/acperm_32bit.adoc +++ b/src/insns/acperm_32bit.adoc @@ -65,8 +65,8 @@ The rules from <> must be followed when removing permissions. |=== ^1^ All the listed permissions in the set are either minimum or maximum. + -^2^ This rule is only relevant, and the <> only exists, if {cheri_default_ext_name} is implemented. - If this bit is set when {cheri_default_ext_name} is _not_ implemented, then the permissions are invalid. +^2^ The <> only exists if {cheri_default_ext_name} is implemented. + Otherwise it is reserved and this rule is not relevant. The behavior of currently illegal combinations from <> is to clear the permission if invalid (or in the case of <> set it to 0 (_local_)). From f8dcadf0539fcd4d2a1ea40528d457ebf494113b Mon Sep 17 00:00:00 2001 From: Tariq Kurd Date: Fri, 10 Jan 2025 16:41:12 +0000 Subject: [PATCH 3/4] Update src/level-ext.adoc Co-authored-by: Jessica Clarke Signed-off-by: Tariq Kurd --- src/level-ext.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/level-ext.adoc b/src/level-ext.adoc index c3312e94..a2f1dfb7 100644 --- a/src/level-ext.adoc +++ b/src/level-ext.adoc @@ -100,7 +100,7 @@ endif::[] |============================================================================== ^1^ _Mode (<>) can only be set on a tagged capability when {cheri_default_ext_name} -is supported. Despite being encoded here it is *not* an architectural permission._ + +is supported, otherwise such encodings are reserved. Despite being encoded here it is *not* an architectural permission._ + ^2^ SL isn't applicable in these cases, but this value is reported by <> to simplify the rules followed by <> + ^3^ These entries are reserved when `LVLBITS=1` and in use when `LVLBITS=2` From c970586234efa9236e46b9f0fa478bf7a339a054 Mon Sep 17 00:00:00 2001 From: Alexander Richardson Date: Fri, 10 Jan 2025 10:01:36 -0800 Subject: [PATCH 4/4] Update src/level-ext.adoc Signed-off-by: Alexander Richardson --- src/level-ext.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/level-ext.adoc b/src/level-ext.adoc index a2f1dfb7..4a1f4bc9 100644 --- a/src/level-ext.adoc +++ b/src/level-ext.adoc @@ -90,7 +90,7 @@ endif::[] 11+| *Quadrant 3: Capability data read/write* 11+| bit[2] = write, bit[1:0] = store level. R and C implicitly granted. 11+| _Reserved bits for future extensions must be 1 so they are implicitly granted_ -|Bits[4:3]| R | W | C | LM | EL | SL | X | ASR | Mode^2^ | +|Bits[4:3]| R | W | C | LM | EL | SL | X | ASR | Mode^1^ | | 0-2 10+| reserved | 3 | ✔ | | ✔ | ✔ | ✔ | 0^2^ | | | N/A | Data & Cap R0 | 4 | ✔ | ✔ | ✔ | ✔ | ✔ | _(3)_ | | | N/A | _Reserved_ when `LVLBITS=1` ^3^