From 7baf0bfd1da669087d1c4193e3f937d4cef19547 Mon Sep 17 00:00:00 2001 From: sudo-apt-Abdullah Date: Mon, 4 Aug 2025 08:49:14 +0000 Subject: [PATCH 01/13] docs(ssp): shadow stack pointer - issue #560 --- spec/std/isa/csr/ssp.yaml | 80 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 80 insertions(+) create mode 100644 spec/std/isa/csr/ssp.yaml diff --git a/spec/std/isa/csr/ssp.yaml b/spec/std/isa/csr/ssp.yaml new file mode 100644 index 0000000000..48878d0e1d --- /dev/null +++ b/spec/std/isa/csr/ssp.yaml @@ -0,0 +1,80 @@ +# Copyright (c) Katherine Hsu +# SPDX-License-Identifier: BSD-3-Clause-Clear + +# yaml-language-server: $schema=../../../schemas/csr_schema.json + +$schema: "csr_schema.json#" +kind: csr +name: ssp +long_name: Shadow Stack Pointer +address: 0x011 +description: + - id: csr-ssp-purpose + normative: true + text: | + The `ssp` CSR is an unprivileged read-write (URW) CSR that reads and writes + XLEN low order bits of the shadow stack pointer. + - id: csr-ssp-access-criteria + normative: false + text: | + Attempts to access the ssp CSR may result in either an illegal-instruction + exception or a virtual-instruction exception, contingent upon the state of + the Xenvcfg.SSE fields. The conditions are specified as follows: + + - If the privilege mode is less than M and menvcfg.SSE is 0, an illegal- + instruction exception is raised. + + - Otherwise, if in U-mode and senvcfg.SSE is 0, an illegal-instruction + exception is raised. + + - Otherwise, if in VS-mode and henvcfg.SSE is 0, a virtual-instruction + exception is raised. + + - Otherwise, if in VU-mode and either henvcfg.SSE or senvcfg.SSE is 0, a + virtual-instruction exception is raised. + + - Otherwise, the access is allowed. +priv_mode: U +length: XLEN +definedBy: Zicfiss +fields: + VALUE: + location_rv64: 63-3 + location_rv32: 31-2 + description: | + The `ssp` is always as wide as the XLEN of the current privilege mode. + The bits 1:0 of ssp are read-only zero. If the UXLEN or SXLEN may never + be 32, then the bit 2 is also read-only zero. The value in ssp points to + the top of the shadow stack, which is the address of the last element + stored on the shadow stack. + type: RW + reset_value: UNDEFINED_LEGAL + sw_write(csr_value): | + if (mode() < PrivilegeMode::M && CSR[menvcfg].SSE == 0) { + raise(ExceptionCode::IllegalInstruction, mode(), $encoding); + } + else if (mode() == PrivilegeMode::U && CSR[senvcfg].SSE == 0) { + raise(ExceptionCode::IllegalInstruction, mode(), $encoding); + } + else if (mode() == PrivilegeMode::VS && CSR[henvcfg].SSE == 0) { + raise(ExceptionCode::VirtualInstruction, mode(), $encoding); + } + else if (mode() == PrivilegeMode::VU && (CSR[henvcfg].SSE == 0 || CSR[senvcfg].SSE == 0) { + raise(ExceptionCode::VirtualInstruction, mode(), $encoding); + } + else { + return csr_value.VALUE + } +sw_read(): | + if (mode() < PrivilegeMode::M && CSR[menvcfg].SSE == 0) { + raise(ExceptionCode::IllegalInstruction, mode(), $encoding); + } + else if (mode() == PrivilegeMode::U && CSR[senvcfg].SSE == 0) { + raise(ExceptionCode::IllegalInstruction, mode(), $encoding); + } + else if (mode() == PrivilegeMode::VS && CSR[henvcfg].SSE == 0) { + raise(ExceptionCode::VirtualInstruction, mode(), $encoding); + } + else if (mode() == PrivilegeMode::VU && (CSR[henvcfg].SSE == 0 || CSR[senvcfg].SSE == 0) { + raise(ExceptionCode::VirtualInstruction, mode(), $encoding); + } From 274f590937917c77408498e9574feaf08573000a Mon Sep 17 00:00:00 2001 From: sudo-apt-Abdullah Date: Mon, 4 Aug 2025 09:07:39 +0000 Subject: [PATCH 02/13] docs(ssp): improved it a bit --- spec/std/isa/csr/ssp.yaml | 20 -------------------- 1 file changed, 20 deletions(-) diff --git a/spec/std/isa/csr/ssp.yaml b/spec/std/isa/csr/ssp.yaml index 48878d0e1d..920d81305c 100644 --- a/spec/std/isa/csr/ssp.yaml +++ b/spec/std/isa/csr/ssp.yaml @@ -14,26 +14,6 @@ description: text: | The `ssp` CSR is an unprivileged read-write (URW) CSR that reads and writes XLEN low order bits of the shadow stack pointer. - - id: csr-ssp-access-criteria - normative: false - text: | - Attempts to access the ssp CSR may result in either an illegal-instruction - exception or a virtual-instruction exception, contingent upon the state of - the Xenvcfg.SSE fields. The conditions are specified as follows: - - - If the privilege mode is less than M and menvcfg.SSE is 0, an illegal- - instruction exception is raised. - - - Otherwise, if in U-mode and senvcfg.SSE is 0, an illegal-instruction - exception is raised. - - - Otherwise, if in VS-mode and henvcfg.SSE is 0, a virtual-instruction - exception is raised. - - - Otherwise, if in VU-mode and either henvcfg.SSE or senvcfg.SSE is 0, a - virtual-instruction exception is raised. - - - Otherwise, the access is allowed. priv_mode: U length: XLEN definedBy: Zicfiss From 7687c4eacc64d5d206c7d15d0479185d210a5183 Mon Sep 17 00:00:00 2001 From: sudo-apt-Abdullah Date: Tue, 5 Aug 2025 07:11:32 +0000 Subject: [PATCH 03/13] docs(ssp): addressed the concerns --- spec/std/isa/csr/ssp.yaml | 41 +++++++++++++-------------------------- 1 file changed, 13 insertions(+), 28 deletions(-) diff --git a/spec/std/isa/csr/ssp.yaml b/spec/std/isa/csr/ssp.yaml index 920d81305c..7eb892e2e8 100644 --- a/spec/std/isa/csr/ssp.yaml +++ b/spec/std/isa/csr/ssp.yaml @@ -13,7 +13,10 @@ description: normative: true text: | The `ssp` CSR is an unprivileged read-write (URW) CSR that reads and writes - XLEN low order bits of the shadow stack pointer. + XLEN low order bits of the shadow stack pointer. The `ssp` is always as wide + as the XLEN of the current privilege mode. The bits 1:0 of ssp are read-only + zero. If the UXLEN or SXLEN may never be 32, then the bit 2 is also read-only + zero. priv_mode: U length: XLEN definedBy: Zicfiss @@ -22,39 +25,21 @@ fields: location_rv64: 63-3 location_rv32: 31-2 description: | - The `ssp` is always as wide as the XLEN of the current privilege mode. - The bits 1:0 of ssp are read-only zero. If the UXLEN or SXLEN may never - be 32, then the bit 2 is also read-only zero. The value in ssp points to - the top of the shadow stack, which is the address of the last element - stored on the shadow stack. + The value in ssp points to the top of the shadow stack, which is the address + of the last element stored on the shadow stack. type: RW reset_value: UNDEFINED_LEGAL sw_write(csr_value): | - if (mode() < PrivilegeMode::M && CSR[menvcfg].SSE == 0) { + if ((mode() < PrivilegeMode::M && CSR[menvcfg].SSE == 0) || (mode() == PrivilegeMode::U && CSR[senvcfg].SSE == 0)) { raise(ExceptionCode::IllegalInstruction, mode(), $encoding); - } - else if (mode() == PrivilegeMode::U && CSR[senvcfg].SSE == 0) { - raise(ExceptionCode::IllegalInstruction, mode(), $encoding); - } - else if (mode() == PrivilegeMode::VS && CSR[henvcfg].SSE == 0) { - raise(ExceptionCode::VirtualInstruction, mode(), $encoding); - } - else if (mode() == PrivilegeMode::VU && (CSR[henvcfg].SSE == 0 || CSR[senvcfg].SSE == 0) { + } else if ((mode() == PrivilegeMode::VS && CSR[henvcfg].SSE == 0) || (mode() == PrivilegeMode::VU && (CSR[henvcfg].SSE == 0 || CSR[senvcfg].SSE == 0)) { raise(ExceptionCode::VirtualInstruction, mode(), $encoding); - } - else { + } else { return csr_value.VALUE - } + } sw_read(): | - if (mode() < PrivilegeMode::M && CSR[menvcfg].SSE == 0) { + if ((mode() < PrivilegeMode::M && CSR[menvcfg].SSE == 0) || (mode() == PrivilegeMode::U && CSR[senvcfg].SSE == 0)) { raise(ExceptionCode::IllegalInstruction, mode(), $encoding); - } - else if (mode() == PrivilegeMode::U && CSR[senvcfg].SSE == 0) { - raise(ExceptionCode::IllegalInstruction, mode(), $encoding); - } - else if (mode() == PrivilegeMode::VS && CSR[henvcfg].SSE == 0) { - raise(ExceptionCode::VirtualInstruction, mode(), $encoding); - } - else if (mode() == PrivilegeMode::VU && (CSR[henvcfg].SSE == 0 || CSR[senvcfg].SSE == 0) { + } else if ((mode() == PrivilegeMode::VS && CSR[henvcfg].SSE == 0) || (mode() == PrivilegeMode::VU && (CSR[henvcfg].SSE == 0 || CSR[senvcfg].SSE == 0)) { raise(ExceptionCode::VirtualInstruction, mode(), $encoding); - } + } From 0bf9bf3bbf2bbe6dbc7cd0fe8a9b28ceff37f7f9 Mon Sep 17 00:00:00 2001 From: sudo-apt-Abdullah Date: Tue, 5 Aug 2025 15:27:48 +0000 Subject: [PATCH 04/13] docs(ssp): modified the file to increase readablity --- spec/std/isa/csr/ssp.yaml | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/spec/std/isa/csr/ssp.yaml b/spec/std/isa/csr/ssp.yaml index 7eb892e2e8..2867617074 100644 --- a/spec/std/isa/csr/ssp.yaml +++ b/spec/std/isa/csr/ssp.yaml @@ -30,16 +30,20 @@ fields: type: RW reset_value: UNDEFINED_LEGAL sw_write(csr_value): | - if ((mode() < PrivilegeMode::M && CSR[menvcfg].SSE == 0) || (mode() == PrivilegeMode::U && CSR[senvcfg].SSE == 0)) { + if ((mode() < PrivilegeMode::M && CSR[menvcfg].SSE == 0) || + (mode() == PrivilegeMode::U && CSR[senvcfg].SSE == 0)) { raise(ExceptionCode::IllegalInstruction, mode(), $encoding); - } else if ((mode() == PrivilegeMode::VS && CSR[henvcfg].SSE == 0) || (mode() == PrivilegeMode::VU && (CSR[henvcfg].SSE == 0 || CSR[senvcfg].SSE == 0)) { + } else if ((mode() == PrivilegeMode::VS && CSR[henvcfg].SSE == 0) || + (mode() == PrivilegeMode::VU && (CSR[henvcfg].SSE == 0 || CSR[senvcfg].SSE == 0)) { raise(ExceptionCode::VirtualInstruction, mode(), $encoding); } else { return csr_value.VALUE } sw_read(): | - if ((mode() < PrivilegeMode::M && CSR[menvcfg].SSE == 0) || (mode() == PrivilegeMode::U && CSR[senvcfg].SSE == 0)) { + if ((mode() < PrivilegeMode::M && CSR[menvcfg].SSE == 0) || + (mode() == PrivilegeMode::U && CSR[senvcfg].SSE == 0)) { raise(ExceptionCode::IllegalInstruction, mode(), $encoding); - } else if ((mode() == PrivilegeMode::VS && CSR[henvcfg].SSE == 0) || (mode() == PrivilegeMode::VU && (CSR[henvcfg].SSE == 0 || CSR[senvcfg].SSE == 0)) { + } else if ((mode() == PrivilegeMode::VS && CSR[henvcfg].SSE == 0) || + (mode() == PrivilegeMode::VU && (CSR[henvcfg].SSE == 0 || CSR[senvcfg].SSE == 0)) { raise(ExceptionCode::VirtualInstruction, mode(), $encoding); } From dc303979a8a13f04a5b6f7811e028f70844598aa Mon Sep 17 00:00:00 2001 From: sudo-apt-Abdullah Date: Tue, 5 Aug 2025 17:00:05 +0000 Subject: [PATCH 05/13] docs(ssp): fixed the indentation --- spec/std/isa/csr/ssp.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/spec/std/isa/csr/ssp.yaml b/spec/std/isa/csr/ssp.yaml index 2867617074..9574aada80 100644 --- a/spec/std/isa/csr/ssp.yaml +++ b/spec/std/isa/csr/ssp.yaml @@ -32,18 +32,18 @@ fields: sw_write(csr_value): | if ((mode() < PrivilegeMode::M && CSR[menvcfg].SSE == 0) || (mode() == PrivilegeMode::U && CSR[senvcfg].SSE == 0)) { - raise(ExceptionCode::IllegalInstruction, mode(), $encoding); + raise(ExceptionCode::IllegalInstruction, mode(), $encoding); } else if ((mode() == PrivilegeMode::VS && CSR[henvcfg].SSE == 0) || (mode() == PrivilegeMode::VU && (CSR[henvcfg].SSE == 0 || CSR[senvcfg].SSE == 0)) { - raise(ExceptionCode::VirtualInstruction, mode(), $encoding); + raise(ExceptionCode::VirtualInstruction, mode(), $encoding); } else { return csr_value.VALUE } sw_read(): | if ((mode() < PrivilegeMode::M && CSR[menvcfg].SSE == 0) || (mode() == PrivilegeMode::U && CSR[senvcfg].SSE == 0)) { - raise(ExceptionCode::IllegalInstruction, mode(), $encoding); + raise(ExceptionCode::IllegalInstruction, mode(), $encoding); } else if ((mode() == PrivilegeMode::VS && CSR[henvcfg].SSE == 0) || (mode() == PrivilegeMode::VU && (CSR[henvcfg].SSE == 0 || CSR[senvcfg].SSE == 0)) { - raise(ExceptionCode::VirtualInstruction, mode(), $encoding); + raise(ExceptionCode::VirtualInstruction, mode(), $encoding); } From cc23c1d0732570c59a8aa561d1dcf786701ee944 Mon Sep 17 00:00:00 2001 From: sudo-apt-Abdullah Date: Tue, 5 Aug 2025 17:28:09 +0000 Subject: [PATCH 06/13] docs(ssp): fixed issue with CI check --- spec/std/isa/csr/ssp.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/spec/std/isa/csr/ssp.yaml b/spec/std/isa/csr/ssp.yaml index 9574aada80..f26575df55 100644 --- a/spec/std/isa/csr/ssp.yaml +++ b/spec/std/isa/csr/ssp.yaml @@ -34,7 +34,7 @@ fields: (mode() == PrivilegeMode::U && CSR[senvcfg].SSE == 0)) { raise(ExceptionCode::IllegalInstruction, mode(), $encoding); } else if ((mode() == PrivilegeMode::VS && CSR[henvcfg].SSE == 0) || - (mode() == PrivilegeMode::VU && (CSR[henvcfg].SSE == 0 || CSR[senvcfg].SSE == 0)) { + (mode() == PrivilegeMode::VU && (CSR[henvcfg].SSE == 0 || CSR[senvcfg].SSE == 0))) { raise(ExceptionCode::VirtualInstruction, mode(), $encoding); } else { return csr_value.VALUE @@ -44,6 +44,6 @@ sw_read(): | (mode() == PrivilegeMode::U && CSR[senvcfg].SSE == 0)) { raise(ExceptionCode::IllegalInstruction, mode(), $encoding); } else if ((mode() == PrivilegeMode::VS && CSR[henvcfg].SSE == 0) || - (mode() == PrivilegeMode::VU && (CSR[henvcfg].SSE == 0 || CSR[senvcfg].SSE == 0)) { + (mode() == PrivilegeMode::VU && (CSR[henvcfg].SSE == 0 || CSR[senvcfg].SSE == 0))) { raise(ExceptionCode::VirtualInstruction, mode(), $encoding); } From aacade90792d4f49da8336b74b30cd2b02a6c70f Mon Sep 17 00:00:00 2001 From: Derek Hower Date: Tue, 5 Aug 2025 14:51:04 -0700 Subject: [PATCH 07/13] fix: handle dynamic csr field locations when csr length is XLEN --- tools/ruby-gems/udb/lib/udb/obj/csr_field.rb | 24 ++++++++++++-------- 1 file changed, 14 insertions(+), 10 deletions(-) diff --git a/tools/ruby-gems/udb/lib/udb/obj/csr_field.rb b/tools/ruby-gems/udb/lib/udb/obj/csr_field.rb index 2e8d46a70f..690f66621f 100644 --- a/tools/ruby-gems/udb/lib/udb/obj/csr_field.rb +++ b/tools/ruby-gems/udb/lib/udb/obj/csr_field.rb @@ -754,21 +754,25 @@ def location_pretty(effective_xlen = nil) if dynamic_location? condition = - case csr.priv_mode - when "M" - "CSR[misa].MXL == %%" - when "S" - "CSR[mstatus].SXL == %%" - when "VS" - "CSR[hstatus].VSXL == %%" + if csr.data["length"] == "XLEN" + "the current XLEN is $$" else - raise "Unexpected priv mode #{csr.priv_mode} for #{csr.name}" + case csr.priv_mode + when "M" + "CSR[misa].MXL == %%" + when "S" + "CSR[mstatus].SXL == %%" + when "VS" + "CSR[hstatus].VSXL == %%" + else + raise "Unexpected priv mode #{csr.priv_mode} for #{csr.name}" + end end if effective_xlen.nil? <<~LOC - * #{derangeify.call(location(32))} when #{condition.sub('%%', '0')} - * #{derangeify.call(location(64))} when #{condition.sub('%%', '1')} + * #{derangeify.call(location(32))} when #{condition.sub('%%', '0').sub('$$', '32')} + * #{derangeify.call(location(64))} when #{condition.sub('%%', '1').sub('$$', '64')} LOC else derangeify.call(location(effective_xlen)) From 076dce1dad0039282c29d07faedf50a554fde1b3 Mon Sep 17 00:00:00 2001 From: sudo-apt-Abdullah Date: Thu, 7 Aug 2025 07:37:58 +0000 Subject: [PATCH 08/13] docs(ssp): added sse field in menvcfg csr --- spec/std/isa/csr/menvcfg.yaml | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/spec/std/isa/csr/menvcfg.yaml b/spec/std/isa/csr/menvcfg.yaml index 7ddf70e818..29ddbd162b 100644 --- a/spec/std/isa/csr/menvcfg.yaml +++ b/spec/std/isa/csr/menvcfg.yaml @@ -1,7 +1,7 @@ # Copyright (c) Qualcomm Technologies, Inc. and/or its subsidiaries. # SPDX-License-Identifier: BSD-3-Clause-Clear -# yaml-language-server: $schema=../../schemas/csr_schema.json +# yaml-language-server: $schema=../../../schemas/csr_schema.json $schema: "csr_schema.json#" kind: csr @@ -261,6 +261,25 @@ fields: return CSR[menvcfg].CBIE; } reset_value: UNDEFINED_LEGAL + SSE: + location: 3 + description: | + *Shadow Stack Enable* + + When the SSE field is set to 1 the Zicfiss extension isactivated in S-mode. When SSE + field is 0, the following rules apply to privilege modes that are less than M: + + - 32-bit Zicfiss instructions will revert to their behavior as defined by Zimop. + + - 16-bit Zicfiss instructions will revert to their behavior as defined by Zcmop. + + - The pte.xwr=010b encoding in VS/S-stage page tables becomes reserved. + + - SSAMOSWAP.W/D raises an illegal-instruction exception. + + When menvcfg.SSE is 0, the henvcfg.SSE and senvcfg.SSE fields are read-only zero. + type: RW + reset_value: UNDEFINED_LEGAL FIOM: location: 0 description: | From 0b60f08d565b122acdbb2e1e8014041c3294ac33 Mon Sep 17 00:00:00 2001 From: sudo-apt-Abdullah Date: Fri, 8 Aug 2025 07:05:21 +0000 Subject: [PATCH 09/13] docs(ssp): added see field in senvcfg and henvcfg --- spec/std/isa/csr/H/henvcfg.yaml | 20 ++++++++++++++++++++ spec/std/isa/csr/senvcfg.yaml | 19 ++++++++++++++++++- 2 files changed, 38 insertions(+), 1 deletion(-) diff --git a/spec/std/isa/csr/H/henvcfg.yaml b/spec/std/isa/csr/H/henvcfg.yaml index 0bd10fe663..801c1da4d8 100644 --- a/spec/std/isa/csr/H/henvcfg.yaml +++ b/spec/std/isa/csr/H/henvcfg.yaml @@ -248,6 +248,26 @@ fields: return CSR[menvcfg].CBIE; } reset_value: UNDEFINED_LEGAL + SSE: + location: 3 + description: | + *Shadow Stack Enable* + + If the SSE field is set to 1, the Zicfiss extension is activated in VS-mode. When the SSE + field is 0, the Zicfiss extension remains inactive in VS-mode, and the following rules apply + when V=1 : + + - 32-bit Zicfiss instructions will revert to their behavior as defined by Zimop. + + - 16-bit Zicfiss instructions will revert to their behavior as defined by Zcmop. + + - The pte.xwr=010b encoding in VS-stage page tables becomes reserved. + + - The senvcfg.SSE field will read as zero and is read-only. + + - When menvcfg.SSE is one, SSAMOSWAP.W/D raises a virtual-instruction exception. + type: RW + reset_value: UNDEFINED_LEGAL FIOM: location: 0 description: | diff --git a/spec/std/isa/csr/senvcfg.yaml b/spec/std/isa/csr/senvcfg.yaml index 50239f2ba0..f9f28505a4 100644 --- a/spec/std/isa/csr/senvcfg.yaml +++ b/spec/std/isa/csr/senvcfg.yaml @@ -1,7 +1,7 @@ # Copyright (c) Qualcomm Technologies, Inc. and/or its subsidiaries. # SPDX-License-Identifier: BSD-3-Clause-Clear -# yaml-language-server: $schema=../../schemas/csr_schema.json +# yaml-language-server: $schema=../../../schemas/csr_schema.json $schema: "csr_schema.json#" kind: csr @@ -117,6 +117,23 @@ fields: return UNDEFINED_LEGAL_DETERMINISTIC; } reset_value: UNDEFINED_LEGAL + SSE: + location: 3 + description: | + *Shadow Stack Enable* + + When the SSE field is set to 1, the Zicfiss extension is + activated in VU/U-mode. When the SSE field is 0, the Zicfiss extension remains inactive + in VU/U-mode, and the following rules apply: + + - 32-bit Zicfiss instructions will revert to their behavior as defined by Zimop. + + - 16-bit Zicfiss instructions will revert to their behavior as defined by Zcmop. + + - When menvcfg.SSE is one, SSAMOSWAP.W/D raises an illegal-instruction exception in U-mode + and a virtual-instruction exception in VU-mode. + type: RW + reset_value: UNDEFINED_LEGAL FIOM: location: 0 description: | From f7451052bc6b43330860108556d45f612760ba68 Mon Sep 17 00:00:00 2001 From: sudo-apt-Abdullah Date: Mon, 11 Aug 2025 09:12:26 +0000 Subject: [PATCH 10/13] docs(ssp): addressed the concerns so far --- spec/std/isa/csr/H/henvcfg.yaml | 11 +++++++++-- spec/std/isa/csr/menvcfg.yaml | 7 +++++-- spec/std/isa/csr/senvcfg.yaml | 14 ++++++++++++-- spec/std/isa/csr/ssp.yaml | 10 +++++++++- 4 files changed, 35 insertions(+), 7 deletions(-) diff --git a/spec/std/isa/csr/H/henvcfg.yaml b/spec/std/isa/csr/H/henvcfg.yaml index 801c1da4d8..02a9798ad4 100644 --- a/spec/std/isa/csr/H/henvcfg.yaml +++ b/spec/std/isa/csr/H/henvcfg.yaml @@ -266,8 +266,11 @@ fields: - The senvcfg.SSE field will read as zero and is read-only. - When menvcfg.SSE is one, SSAMOSWAP.W/D raises a virtual-instruction exception. - type: RW - reset_value: UNDEFINED_LEGAL + definedBy: Zicfiss + type(): | + return (implemented?(ExtensionName::Zicfiss)) ? CsrFieldType::RW : CsrFieldType::RO; + reset_value(): | + return (implemented?(ExtensionName::Zicfiss)) ? UNDEFINED_LEGAL : 0; FIOM: location: 0 description: | @@ -311,4 +314,8 @@ sw_read(): | # henvcfg.ADUE must read-as-zero value = value & ~(1 `<< 61); } + if (implemented?(ExtensionName::Zicfiss) && CSR[menvcfg].SSE == 0) { + # henvcfg.SSE must read-as-zero + value = value & ~(1 `<< 3); + } return value; diff --git a/spec/std/isa/csr/menvcfg.yaml b/spec/std/isa/csr/menvcfg.yaml index 29ddbd162b..e9eff81b86 100644 --- a/spec/std/isa/csr/menvcfg.yaml +++ b/spec/std/isa/csr/menvcfg.yaml @@ -278,8 +278,11 @@ fields: - SSAMOSWAP.W/D raises an illegal-instruction exception. When menvcfg.SSE is 0, the henvcfg.SSE and senvcfg.SSE fields are read-only zero. - type: RW - reset_value: UNDEFINED_LEGAL + definedBy: Zicfiss + type(): | + return (implemented?(ExtensionName::Zicfiss)) ? CsrFieldType::RW : CsrFieldType::RO; + reset_value(): | + return (implemented?(ExtensionName::Zicfiss)) ? UNDEFINED_LEGAL : 0; FIOM: location: 0 description: | diff --git a/spec/std/isa/csr/senvcfg.yaml b/spec/std/isa/csr/senvcfg.yaml index f9f28505a4..c8b60d2860 100644 --- a/spec/std/isa/csr/senvcfg.yaml +++ b/spec/std/isa/csr/senvcfg.yaml @@ -132,8 +132,11 @@ fields: - When menvcfg.SSE is one, SSAMOSWAP.W/D raises an illegal-instruction exception in U-mode and a virtual-instruction exception in VU-mode. - type: RW - reset_value: UNDEFINED_LEGAL + definedBy: Zicfiss + type(): | + return (implemented?(ExtensionName::Zicfiss)) ? CsrFieldType::RW : CsrFieldType::RO; + reset_value(): | + return (implemented?(ExtensionName::Zicfiss)) ? UNDEFINED_LEGAL : 0; FIOM: location: 0 description: | @@ -165,3 +168,10 @@ fields: type: RW reset_value: 0 +sw_read(): | + Bits<64> value = $bits(CSR[senvcfg]); + if (implemented?(ExtensionName::Zicfiss) && (CSR[menvcfg].SSE == 0 || CSR[henvcfg].SSE == 0)) { + # senvcfg.SSE must read-as-zero + value = value & ~(1 `<< 3); + } + return value; diff --git a/spec/std/isa/csr/ssp.yaml b/spec/std/isa/csr/ssp.yaml index f26575df55..8c1969157d 100644 --- a/spec/std/isa/csr/ssp.yaml +++ b/spec/std/isa/csr/ssp.yaml @@ -37,7 +37,7 @@ fields: (mode() == PrivilegeMode::VU && (CSR[henvcfg].SSE == 0 || CSR[senvcfg].SSE == 0))) { raise(ExceptionCode::VirtualInstruction, mode(), $encoding); } else { - return csr_value.VALUE + return csr_value.VALUE; } sw_read(): | if ((mode() < PrivilegeMode::M && CSR[menvcfg].SSE == 0) || @@ -46,4 +46,12 @@ sw_read(): | } else if ((mode() == PrivilegeMode::VS && CSR[henvcfg].SSE == 0) || (mode() == PrivilegeMode::VU && (CSR[henvcfg].SSE == 0 || CSR[senvcfg].SSE == 0))) { raise(ExceptionCode::VirtualInstruction, mode(), $encoding); + } else { + if (XLEN == 32) { + # [1:0] must read-as-zero for XLEN 32 + return ($bits(CSR[ssp]) & ~3); + } else { + # [2:0] must read-as-zero for XLEN 64 + return ($bits(CSR[ssp]) & ~7); + } } From 86cfc3e98b566e0902b64bda50507492c9806955 Mon Sep 17 00:00:00 2001 From: sudo-apt-Abdullah Date: Mon, 18 Aug 2025 11:14:22 +0000 Subject: [PATCH 11/13] docs(ssp): addressed the concerns so far --- spec/std/isa/csr/H/henvcfg.yaml | 3 ++- spec/std/isa/csr/menvcfg.yaml | 3 ++- spec/std/isa/csr/senvcfg.yaml | 8 +++++++- spec/std/isa/csr/ssp.yaml | 11 +++-------- 4 files changed, 14 insertions(+), 11 deletions(-) diff --git a/spec/std/isa/csr/H/henvcfg.yaml b/spec/std/isa/csr/H/henvcfg.yaml index 02a9798ad4..8856f56c20 100644 --- a/spec/std/isa/csr/H/henvcfg.yaml +++ b/spec/std/isa/csr/H/henvcfg.yaml @@ -266,7 +266,8 @@ fields: - The senvcfg.SSE field will read as zero and is read-only. - When menvcfg.SSE is one, SSAMOSWAP.W/D raises a virtual-instruction exception. - definedBy: Zicfiss + definedBy: + name: Zicfiss type(): | return (implemented?(ExtensionName::Zicfiss)) ? CsrFieldType::RW : CsrFieldType::RO; reset_value(): | diff --git a/spec/std/isa/csr/menvcfg.yaml b/spec/std/isa/csr/menvcfg.yaml index e9eff81b86..48193dac22 100644 --- a/spec/std/isa/csr/menvcfg.yaml +++ b/spec/std/isa/csr/menvcfg.yaml @@ -278,7 +278,8 @@ fields: - SSAMOSWAP.W/D raises an illegal-instruction exception. When menvcfg.SSE is 0, the henvcfg.SSE and senvcfg.SSE fields are read-only zero. - definedBy: Zicfiss + definedBy: + name: Zicfiss type(): | return (implemented?(ExtensionName::Zicfiss)) ? CsrFieldType::RW : CsrFieldType::RO; reset_value(): | diff --git a/spec/std/isa/csr/senvcfg.yaml b/spec/std/isa/csr/senvcfg.yaml index c8b60d2860..54936625a9 100644 --- a/spec/std/isa/csr/senvcfg.yaml +++ b/spec/std/isa/csr/senvcfg.yaml @@ -132,11 +132,17 @@ fields: - When menvcfg.SSE is one, SSAMOSWAP.W/D raises an illegal-instruction exception in U-mode and a virtual-instruction exception in VU-mode. - definedBy: Zicfiss + definedBy: + name: Zicfiss type(): | return (implemented?(ExtensionName::Zicfiss)) ? CsrFieldType::RW : CsrFieldType::RO; reset_value(): | return (implemented?(ExtensionName::Zicfiss)) ? UNDEFINED_LEGAL : 0; + sw_write(csr_value): | + if (CSR[menvcfg].SSE == 0 || CSR[henvcfg].SSE == 0)){ + return 0; + } + return csr_value.SSE; FIOM: location: 0 description: | diff --git a/spec/std/isa/csr/ssp.yaml b/spec/std/isa/csr/ssp.yaml index 8c1969157d..1bfac5c3d9 100644 --- a/spec/std/isa/csr/ssp.yaml +++ b/spec/std/isa/csr/ssp.yaml @@ -46,12 +46,7 @@ sw_read(): | } else if ((mode() == PrivilegeMode::VS && CSR[henvcfg].SSE == 0) || (mode() == PrivilegeMode::VU && (CSR[henvcfg].SSE == 0 || CSR[senvcfg].SSE == 0))) { raise(ExceptionCode::VirtualInstruction, mode(), $encoding); - } else { - if (XLEN == 32) { - # [1:0] must read-as-zero for XLEN 32 - return ($bits(CSR[ssp]) & ~3); - } else { - # [2:0] must read-as-zero for XLEN 64 - return ($bits(CSR[ssp]) & ~7); - } + } else if (XLEN == 32) { + return ($bits(CSR[ssp]) & ~3); } + return ($bits(CSR[ssp]) & ~7); From 266196f17d7a8de4d4783b90855f84fe23449ac6 Mon Sep 17 00:00:00 2001 From: sudo-apt-Abdullah Date: Mon, 18 Aug 2025 11:41:30 +0000 Subject: [PATCH 12/13] docs(ssp): added sw_write for xenvcfg.sse --- spec/std/isa/csr/H/henvcfg.yaml | 5 +++++ spec/std/isa/csr/senvcfg.yaml | 2 +- spec/std/isa/csr/ssp.yaml | 4 +++- 3 files changed, 9 insertions(+), 2 deletions(-) diff --git a/spec/std/isa/csr/H/henvcfg.yaml b/spec/std/isa/csr/H/henvcfg.yaml index 8856f56c20..70d08bbda7 100644 --- a/spec/std/isa/csr/H/henvcfg.yaml +++ b/spec/std/isa/csr/H/henvcfg.yaml @@ -272,6 +272,11 @@ fields: return (implemented?(ExtensionName::Zicfiss)) ? CsrFieldType::RW : CsrFieldType::RO; reset_value(): | return (implemented?(ExtensionName::Zicfiss)) ? UNDEFINED_LEGAL : 0; + sw_write(csr_value): | + if (CSR[menvcfg].SSE == 0){ + return 0; + } + return csr_value.SSE; FIOM: location: 0 description: | diff --git a/spec/std/isa/csr/senvcfg.yaml b/spec/std/isa/csr/senvcfg.yaml index 54936625a9..8c9ab82d3b 100644 --- a/spec/std/isa/csr/senvcfg.yaml +++ b/spec/std/isa/csr/senvcfg.yaml @@ -139,7 +139,7 @@ fields: reset_value(): | return (implemented?(ExtensionName::Zicfiss)) ? UNDEFINED_LEGAL : 0; sw_write(csr_value): | - if (CSR[menvcfg].SSE == 0 || CSR[henvcfg].SSE == 0)){ + if (CSR[menvcfg].SSE == 0 || CSR[henvcfg].SSE == 0){ return 0; } return csr_value.SSE; diff --git a/spec/std/isa/csr/ssp.yaml b/spec/std/isa/csr/ssp.yaml index 1bfac5c3d9..297934db6e 100644 --- a/spec/std/isa/csr/ssp.yaml +++ b/spec/std/isa/csr/ssp.yaml @@ -8,6 +8,7 @@ kind: csr name: ssp long_name: Shadow Stack Pointer address: 0x011 +writable: true description: - id: csr-ssp-purpose normative: true @@ -19,7 +20,8 @@ description: zero. priv_mode: U length: XLEN -definedBy: Zicfiss +definedBy: + name: Zicfiss fields: VALUE: location_rv64: 63-3 From 756dc6d009b27234eb60ffdaaa378aff6234f9ca Mon Sep 17 00:00:00 2001 From: sudo-apt-Abdullah Date: Mon, 25 Aug 2025 10:21:35 +0000 Subject: [PATCH 13/13] docs(ssp): Used the exact suggested syntax for definedBy --- spec/std/isa/csr/H/henvcfg.yaml | 3 ++- spec/std/isa/csr/menvcfg.yaml | 3 ++- spec/std/isa/csr/senvcfg.yaml | 3 ++- spec/std/isa/csr/ssp.yaml | 3 ++- 4 files changed, 8 insertions(+), 4 deletions(-) diff --git a/spec/std/isa/csr/H/henvcfg.yaml b/spec/std/isa/csr/H/henvcfg.yaml index 70d08bbda7..1b9e5656a8 100644 --- a/spec/std/isa/csr/H/henvcfg.yaml +++ b/spec/std/isa/csr/H/henvcfg.yaml @@ -267,7 +267,8 @@ fields: - When menvcfg.SSE is one, SSAMOSWAP.W/D raises a virtual-instruction exception. definedBy: - name: Zicfiss + extension: + name: Zicfiss type(): | return (implemented?(ExtensionName::Zicfiss)) ? CsrFieldType::RW : CsrFieldType::RO; reset_value(): | diff --git a/spec/std/isa/csr/menvcfg.yaml b/spec/std/isa/csr/menvcfg.yaml index 48193dac22..b5cb992e59 100644 --- a/spec/std/isa/csr/menvcfg.yaml +++ b/spec/std/isa/csr/menvcfg.yaml @@ -279,7 +279,8 @@ fields: When menvcfg.SSE is 0, the henvcfg.SSE and senvcfg.SSE fields are read-only zero. definedBy: - name: Zicfiss + extension: + name: Zicfiss type(): | return (implemented?(ExtensionName::Zicfiss)) ? CsrFieldType::RW : CsrFieldType::RO; reset_value(): | diff --git a/spec/std/isa/csr/senvcfg.yaml b/spec/std/isa/csr/senvcfg.yaml index 8c9ab82d3b..2ebe2f4a7c 100644 --- a/spec/std/isa/csr/senvcfg.yaml +++ b/spec/std/isa/csr/senvcfg.yaml @@ -133,7 +133,8 @@ fields: - When menvcfg.SSE is one, SSAMOSWAP.W/D raises an illegal-instruction exception in U-mode and a virtual-instruction exception in VU-mode. definedBy: - name: Zicfiss + extension: + name: Zicfiss type(): | return (implemented?(ExtensionName::Zicfiss)) ? CsrFieldType::RW : CsrFieldType::RO; reset_value(): | diff --git a/spec/std/isa/csr/ssp.yaml b/spec/std/isa/csr/ssp.yaml index 297934db6e..22aa5bb0cc 100644 --- a/spec/std/isa/csr/ssp.yaml +++ b/spec/std/isa/csr/ssp.yaml @@ -21,7 +21,8 @@ description: priv_mode: U length: XLEN definedBy: - name: Zicfiss + extension: + name: Zicfiss fields: VALUE: location_rv64: 63-3