target/riscv: fixes a bug against ssamoswap behavior in M-mode

deepak0414 · alistair23 · commit d2c5759c8dd4 · 2025-03-19T16:34:32.000+10:00
Commit f06bfe3 ("target/riscv: implement zicfiss instructions") adds `ssamoswap` instruction. `ssamoswap` takes the code-point from existing reserved encoding (and not a zimop like other shadow stack instructions). If shadow stack is not enabled (via xenvcfg.SSE) and effective priv is less than M then `ssamoswap` must result in an illegal instruction exception. However if effective priv is M, then `ssamoswap` results in store/AMO access fault. See Section "22.2.3. Shadow Stack Memory Protection" of priv spec. Fixes: f06bfe3 ("target/riscv: implement zicfiss instructions") Reported-by: Ved Shanbhogue <ved@rivosinc.com> Signed-off-by: Deepak Gupta <debug@rivosinc.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Message-ID: <20250306064636.452396-2-debug@rivosinc.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
diff --git a/target/riscv/insn_trans/trans_rvzicfiss.c.inc b/target/riscv/insn_trans/trans_rvzicfiss.c.inc
@@ -15,6 +15,13 @@
  * You should have received a copy of the GNU General Public License along with
  * this program.  If not, see <http://www.gnu.org/licenses/>.
  */
+
+#define REQUIRE_ZICFISS(ctx) do {        \
+    if (!ctx->cfg_ptr->ext_zicfiss) {    \
+        return false;                    \
+    }                                    \
+} while (0)
+
 static bool trans_sspopchk(DisasContext *ctx, arg_sspopchk *a)
 {
     if (!ctx->bcfi_enabled) {
@@ -77,6 +84,11 @@ static bool trans_ssrdp(DisasContext *ctx, arg_ssrdp *a)
 static bool trans_ssamoswap_w(DisasContext *ctx, arg_amoswap_w *a)
 {
     REQUIRE_A_OR_ZAAMO(ctx);
+    REQUIRE_ZICFISS(ctx);
+    if (ctx->priv == PRV_M) {
+        generate_exception(ctx, RISCV_EXCP_STORE_AMO_ACCESS_FAULT);
+    }
+
     if (!ctx->bcfi_enabled) {
         return false;
     }
@@ -97,6 +109,11 @@ static bool trans_ssamoswap_d(DisasContext *ctx, arg_amoswap_w *a)
 {
     REQUIRE_64BIT(ctx);
     REQUIRE_A_OR_ZAAMO(ctx);
+    REQUIRE_ZICFISS(ctx);
+    if (ctx->priv == PRV_M) {
+        generate_exception(ctx, RISCV_EXCP_STORE_AMO_ACCESS_FAULT);
+    }
+
     if (!ctx->bcfi_enabled) {
         return false;
     }
