Indirect Sentries #51
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
jrtc27
reviewed
Sep 29, 2021
nwf
changed the title
nwf
force-pushed
the
202109-isentry
branch
4 times, most recently
from
69acf10
to
0a2c8a7
Compare
The cap-store instructions now look at the data being stored to decide whether they issue Write(Cap) or Write(Data) requests on "the bus". This allows the PTW logic (and update_PTE_Bits) in particular to not fast-cap-dirty a page that's being targeted by the store of an untagged capability. This is not, however, viable for AMOCAS and so additional changes may be required if we are to avoid considering AMOCAS as always capability-dirtying. Co-authored-by: Jessica Clarke <[email protected]>
Use Either-monadic style Eliminate ext_ptw_sc / PTW_SC_* as we now simply test the error cases in priority order, so there's no need to explicitly pass this information forward in checkPTEPermission. ext_ptw_lc / PTW_LC_* persist as the extended PTW information is analysed by instructions. Co-authored-by: Jessica Clarke <[email protected]>
Co-authored-by: Jessica Clarke <[email protected]>
Refactor the test for ambient sealing out to its own function, as we'll want to extend it more generally with indirect sentries. Allow this function to (request to) raise CapEx exceptions as well and have it flag a PermitExecuteViolation for sentries without permit_execute. Co-Authored-By: Alexander Richardson <[email protected]>
Common up with handle_loadres_cap_via_cap.
arichardson
reviewed
Aug 18, 2022
| * ## Exceptions | ||
| * Takes the link target register index, cd; the source register index, cs (used | ||
| * only when signaling an exception); and the Capability to be installed as | ||
| * PCC. Note that C(cs) |
| * - *cs1*.**address** $+$ *imm* $+$ min_instruction_bytes $\gt$ *cs1*.**top**. | ||
| * - *cs1*.**base** is unaligned. | ||
| * - *cs1*.**address** $+$ *imm* is unaligned, ignoring bit 0. | ||
| * Either sets the CPU into an exception state and returns fail or sets the CPU |
There was a problem hiding this comment.
Suggested change
| * Either sets the CPU into an exception state and returns fail or sets the CPU | |
| * Either sets the CPU into an exception state and returns failure or sets the CPU |
returns fail sounds a bit odd to me.
| * - *cs1*.**address** $+$ *imm* is unaligned, ignoring bit 0. | ||
| */ | ||
| function clause execute(CJALR(imm, cs1, cd)) = { | ||
| cjalr_worker(cd, cs1, C(cs1), EXTS(imm)) |
There was a problem hiding this comment.
We will probably have to update the spec to include a section with helper functions?
| /* | ||
| * Indirect sentries. | ||
| * | ||
| * At the risk of becoming CISC, the invocation instructions load, unseal, and |
There was a problem hiding this comment.
Suggested change
| * At the risk of becoming CISC, the invocation instructions load, unseal, and | |
| * The invocation instructions load, unseal, and |
| * ## Exceptions | ||
| * | ||
| * An exception is raised if: | ||
| * - *cs1*.**tag** is not set. |
There was a problem hiding this comment.
We probably want to update this behaviour to match #56. Although for this instruction I'm less worried about the trapping behaviour
| * - *cs1*.**perms** does not grant both **Permit_Load** and | ||
| * **Permit_Load_Capability**. | ||
| */ | ||
| function clause execute (CSealL(cd, cs1)) = { |
There was a problem hiding this comment.
Not sure about calling it CSealL, maybe CSealIL/CSealInd/CSealI to emphasize that these sealed capabilities are indirect?
| } | ||
| } | ||
|
|
||
| union clause ast = CInvokeLAL : (regidx, regidx) |
There was a problem hiding this comment.
I think the intention was "Load And Link", though I no longer remember. It's a bad name.
| @@ -63,6 +63,8 @@ | |||
| let reserved_otypes = 4 | |||
| let otype_unsealed = -1 | |||
| let otype_sentry = -2 /* Sealed erstwhile or prospective PCC */ | |||
| let otype_isentry_load = -3 /* Sealed erstwhile IDC pointing at PCC */ | |||
There was a problem hiding this comment.
Is erstwhile correct? Isn't this what is going to be idc when invoked rather than what was idc when sealed?
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This sits on top of #18 at the moment, just because it needs to read capabilities from memory.