@@ -526,6 +526,7 @@ reg_t mmu_t::walk(mem_access_info_t access_info)
526526 bool pbmte = virt ? (proc->get_state ()->henvcfg ->read () & HENVCFG_PBMTE) : (proc->get_state ()->menvcfg ->read () & MENVCFG_PBMTE);
527527 bool hade = virt ? (proc->get_state ()->henvcfg ->read () & HENVCFG_ADUE) : (proc->get_state ()->menvcfg ->read () & MENVCFG_ADUE);
528528 bool sse = virt ? (proc->get_state ()->henvcfg ->read () & HENVCFG_SSE) : (proc->get_state ()->menvcfg ->read () & MENVCFG_SSE);
529+ bool ss_page = !(pte & PTE_R) && (pte & PTE_W) && !(pte & PTE_X);
529530
530531 if (pte & PTE_RSVD) {
531532 break ;
@@ -547,17 +548,17 @@ reg_t mmu_t::walk(mem_access_info_t access_info)
547548 // not shadow stack access xwr=110 or xwr=010 page cause page fault
548549 // shadow stack access with PTE_X moved to following check
549550 break ;
550- } else if ((!(pte & PTE_R) && (pte & PTE_W) && !(pte & PTE_X)) && (type == STORE && !ss_access)) {
551+ } else if (ss_page && (type == STORE && !ss_access)) {
551552 // not shadow stack store and xwr = 010 cause access-fault
552553 throw trap_store_access_fault (virt, addr, 0 , 0 );
553- } else if ((!(pte & PTE_R) && (pte & PTE_W) && !(pte & PTE_X)) && type == FETCH) {
554+ } else if (ss_page && type == FETCH) {
554555 // fetch from shadow stack pages cause instruction access-fault
555556 throw trap_instruction_access_fault (virt, addr, 0 , 0 );
556557 } else if ((((pte & PTE_R) && (pte & PTE_W)) || (pte & PTE_X)) && ss_access) {
557558 // shadow stack access cause store access fault if xwr!=010 and xwr!=001
558559 throw trap_store_access_fault (virt, addr, 0 , 0 );
559560 } else if (type == FETCH || hlvx ? !(pte & PTE_X) :
560- type == LOAD ? !(pte & PTE_R ) && !(sse && ( pte & PTE_W) ) && !(mxr && (pte & PTE_X)) :
561+ type == LOAD ? !(sse && ss_page ) && !(pte & PTE_R ) && !(mxr && (pte & PTE_X)) :
561562 !(pte & PTE_W)) {
562563 break ;
563564 } else if ((ppn & ((reg_t (1 ) << ptshift) - 1 )) != 0 ) {
0 commit comments