Message ID | 20240826152949.294506-11-debug@rivosinc.com (mailing list archive) |
---|---|
State | New, archived |
Headers | show |
Series | riscv support for control flow integrity extensions | expand |
On Tue, Aug 27, 2024 at 1:33 AM Deepak Gupta <debug@rivosinc.com> wrote: > > Shadow stack instructions can be decoded as zimop / zcmop or shadow stack > instructions depending on whether shadow stack are enabled at current > privilege. This requires a TB flag so that correct TB generation and correct > TB lookup happens. `DisasContext` gets a field indicating whether bcfi is > enabled or not. > > Signed-off-by: Deepak Gupta <debug@rivosinc.com> > Co-developed-by: Jim Shu <jim.shu@sifive.com> > Co-developed-by: Andy Chiu <andy.chiu@sifive.com> > Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Alistair > --- > target/riscv/cpu.h | 2 ++ > target/riscv/cpu_helper.c | 4 ++++ > target/riscv/translate.c | 4 ++++ > 3 files changed, 10 insertions(+) > > diff --git a/target/riscv/cpu.h b/target/riscv/cpu.h > index 5a57099d59..dcc3bc9d93 100644 > --- a/target/riscv/cpu.h > +++ b/target/riscv/cpu.h > @@ -613,6 +613,8 @@ FIELD(TB_FLAGS, AXL, 26, 2) > /* zicfilp needs a TB flag to track indirect branches */ > FIELD(TB_FLAGS, FCFI_ENABLED, 28, 1) > FIELD(TB_FLAGS, FCFI_LP_EXPECTED, 29, 1) > +/* zicfiss needs a TB flag so that correct TB is located based on tb flags */ > +FIELD(TB_FLAGS, BCFI_ENABLED, 30, 1) > > #ifdef TARGET_RISCV32 > #define riscv_cpu_mxl(env) ((void)(env), MXL_RV32) > diff --git a/target/riscv/cpu_helper.c b/target/riscv/cpu_helper.c > index c9165b1d86..ca6d8f1f39 100644 > --- a/target/riscv/cpu_helper.c > +++ b/target/riscv/cpu_helper.c > @@ -168,6 +168,10 @@ void cpu_get_tb_cpu_state(CPURISCVState *env, vaddr *pc, > flags = FIELD_DP32(flags, TB_FLAGS, FCFI_ENABLED, 1); > } > > + if (cpu_get_bcfien(env)) { > + flags = FIELD_DP32(flags, TB_FLAGS, BCFI_ENABLED, 1); > + } > + > #ifdef CONFIG_USER_ONLY > fs = EXT_STATUS_DIRTY; > vs = EXT_STATUS_DIRTY; > diff --git a/target/riscv/translate.c b/target/riscv/translate.c > index b5c0511b4b..b1d251e893 100644 > --- a/target/riscv/translate.c > +++ b/target/riscv/translate.c > @@ -119,6 +119,8 @@ typedef struct DisasContext { > /* zicfilp extension. fcfi_enabled, lp expected or not */ > bool fcfi_enabled; > bool fcfi_lp_expected; > + /* zicfiss extension, if shadow stack was enabled during TB gen */ > + bool bcfi_enabled; > } DisasContext; > > static inline bool has_ext(DisasContext *ctx, uint32_t ext) > @@ -1241,6 +1243,8 @@ static void riscv_tr_init_disas_context(DisasContextBase *dcbase, CPUState *cs) > ctx->pm_base_enabled = FIELD_EX32(tb_flags, TB_FLAGS, PM_BASE_ENABLED); > ctx->ztso = cpu->cfg.ext_ztso; > ctx->itrigger = FIELD_EX32(tb_flags, TB_FLAGS, ITRIGGER); > + ctx->bcfi_enabled = cpu_get_bcfien(env) && > + FIELD_EX32(tb_flags, TB_FLAGS, BCFI_ENABLED); > ctx->fcfi_lp_expected = FIELD_EX32(tb_flags, TB_FLAGS, FCFI_LP_EXPECTED); > ctx->fcfi_enabled = FIELD_EX32(tb_flags, TB_FLAGS, FCFI_ENABLED); > ctx->zero = tcg_constant_tl(0); > -- > 2.44.0 > >
diff --git a/target/riscv/cpu.h b/target/riscv/cpu.h index 5a57099d59..dcc3bc9d93 100644 --- a/target/riscv/cpu.h +++ b/target/riscv/cpu.h @@ -613,6 +613,8 @@ FIELD(TB_FLAGS, AXL, 26, 2) /* zicfilp needs a TB flag to track indirect branches */ FIELD(TB_FLAGS, FCFI_ENABLED, 28, 1) FIELD(TB_FLAGS, FCFI_LP_EXPECTED, 29, 1) +/* zicfiss needs a TB flag so that correct TB is located based on tb flags */ +FIELD(TB_FLAGS, BCFI_ENABLED, 30, 1) #ifdef TARGET_RISCV32 #define riscv_cpu_mxl(env) ((void)(env), MXL_RV32) diff --git a/target/riscv/cpu_helper.c b/target/riscv/cpu_helper.c index c9165b1d86..ca6d8f1f39 100644 --- a/target/riscv/cpu_helper.c +++ b/target/riscv/cpu_helper.c @@ -168,6 +168,10 @@ void cpu_get_tb_cpu_state(CPURISCVState *env, vaddr *pc, flags = FIELD_DP32(flags, TB_FLAGS, FCFI_ENABLED, 1); } + if (cpu_get_bcfien(env)) { + flags = FIELD_DP32(flags, TB_FLAGS, BCFI_ENABLED, 1); + } + #ifdef CONFIG_USER_ONLY fs = EXT_STATUS_DIRTY; vs = EXT_STATUS_DIRTY; diff --git a/target/riscv/translate.c b/target/riscv/translate.c index b5c0511b4b..b1d251e893 100644 --- a/target/riscv/translate.c +++ b/target/riscv/translate.c @@ -119,6 +119,8 @@ typedef struct DisasContext { /* zicfilp extension. fcfi_enabled, lp expected or not */ bool fcfi_enabled; bool fcfi_lp_expected; + /* zicfiss extension, if shadow stack was enabled during TB gen */ + bool bcfi_enabled; } DisasContext; static inline bool has_ext(DisasContext *ctx, uint32_t ext) @@ -1241,6 +1243,8 @@ static void riscv_tr_init_disas_context(DisasContextBase *dcbase, CPUState *cs) ctx->pm_base_enabled = FIELD_EX32(tb_flags, TB_FLAGS, PM_BASE_ENABLED); ctx->ztso = cpu->cfg.ext_ztso; ctx->itrigger = FIELD_EX32(tb_flags, TB_FLAGS, ITRIGGER); + ctx->bcfi_enabled = cpu_get_bcfien(env) && + FIELD_EX32(tb_flags, TB_FLAGS, BCFI_ENABLED); ctx->fcfi_lp_expected = FIELD_EX32(tb_flags, TB_FLAGS, FCFI_LP_EXPECTED); ctx->fcfi_enabled = FIELD_EX32(tb_flags, TB_FLAGS, FCFI_ENABLED); ctx->zero = tcg_constant_tl(0);