Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Implement Zicfiss and Zicfilp extensions for Control-Flow Integrity #47

Draft
wants to merge 2 commits into
base: astral
Choose a base branch
from
Draft

Implement Zicfiss and Zicfilp extensions for Control-Flow Integrity #47

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
ed868dc
Add parameters to enable Zicfiss and Zicfilp
emanueleparisi Apr 15, 2024
43ed429
Add Zicfiss and Zicfilp CSR control bits
emanueleparisi Apr 16, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
74 changes: 58 additions & 16 deletions core/csr_regfile.sv
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -238,7 +238,12 @@ module csr_regfile
riscv::xlen_t mtval_q, mtval_d;
riscv::xlen_t mtinst_q, mtinst_d;
riscv::xlen_t mtval2_q, mtval2_d;
logic fiom_d, fiom_q;

riscv::envcfg_rv_t menvcfg_d, menvcfg_q;
riscv::envcfg_rv_t henvcfg_d, henvcfg_q;
riscv::envcfg_rv_t senvcfg_d, senvcfg_q;

riscv::seccfg_rv_t mseccfg_d, mseccfg_q;

riscv::xlen_t stvec_q, stvec_d;
riscv::intthresh_rv_t sintthresh_q, sintthresh_d;
Expand Down Expand Up @@ -502,7 +507,7 @@ module csr_regfile
end
end
riscv::CSR_SENVCFG:
if (CVA6Cfg.RVS) csr_rdata = '0 | fiom_q;
if (CVA6Cfg.RVS) csr_rdata = senvcfg_q;
else read_access_exception = 1'b1;
// hypervisor mode registers
riscv::CSR_HSTATUS:
Expand Down Expand Up @@ -539,7 +544,7 @@ module csr_regfile
if (CVA6Cfg.RVH) csr_rdata = '0;
else read_access_exception = 1'b1;
riscv::CSR_HENVCFG:
if (CVA6Cfg.RVH) csr_rdata = '0 | fiom_q;
if (CVA6Cfg.RVH) csr_rdata = henvcfg_q[riscv::XLEN-1:0];
else read_access_exception = 1'b1;
riscv::CSR_HGATP: begin
if (CVA6Cfg.RVH) begin
Expand Down Expand Up @@ -605,13 +610,18 @@ module csr_regfile
end
end
riscv::CSR_MENVCFG: begin
if (CVA6Cfg.RVU) csr_rdata = '0 | fiom_q;
if (CVA6Cfg.RVU) csr_rdata = menvcfg_q;
else read_access_exception = 1'b1;
end
riscv::CSR_MENVCFGH: begin
if (CVA6Cfg.RVU && riscv::XLEN == 32) csr_rdata = '0;
else read_access_exception = 1'b1;
end
riscv::CSR_MSECCFG: csr_rdata = mseccfg_q[riscv::XLEN-1:0];
riscv::CSR_MSECCFGH: begin
if (riscv::XLEN == 32) csr_rdata = '0;
else read_access_exception = 1'b1;
end
riscv::CSR_MVENDORID: csr_rdata = OPENHWGROUP_MVENDORID;
riscv::CSR_MARCHID: csr_rdata = ARIANE_MARCHID;
riscv::CSR_MIMPID: csr_rdata = '0; // not implemented
Expand Down Expand Up @@ -933,7 +943,9 @@ module csr_regfile
mtval_d = mtval_q;
mtinst_d = mtinst_q;
mtval2_d = mtval2_q;
fiom_d = fiom_q;
menvcfg_d = menvcfg_q;
henvcfg_d = henvcfg_q;
senvcfg_d = senvcfg_q;
dcache_d = dcache_q;
icache_d = icache_q;
acc_cons_d = acc_cons_q;
Expand Down Expand Up @@ -1220,9 +1232,14 @@ module csr_regfile
update_access_exception = 1'b1;
end
end
riscv::CSR_SENVCFG:
if (CVA6Cfg.RVU) fiom_d = csr_wdata[0];
else update_access_exception = 1'b1;
riscv::CSR_SENVCFG: begin
if (CVA6Cfg.RVU) begin
mask = riscv::ENVCFG_SSE | riscv::ENVCFG_LPE | riscv::ENVCFG_FIOM;
senvcfg_d = csr_wdata & mask;
end else begin
update_access_exception = 1'b1;
end
end
//hypervisor mode registers
riscv::CSR_HSTATUS: begin
if (CVA6Cfg.RVH) begin
Expand Down Expand Up @@ -1334,9 +1351,14 @@ module csr_regfile
update_access_exception = 1'b1;
end
end
riscv::CSR_HENVCFG:
if (CVA6Cfg.RVH) fiom_d = csr_wdata[0];
else update_access_exception = 1'b1;
riscv::CSR_HENVCFG: begin
if (CVA6Cfg.RVU) begin
mask = riscv::ENVCFG_SSE | riscv::ENVCFG_LPE | riscv::ENVCFG_FIOM;
henvcfg_d = csr_wdata & mask;
end else begin
update_access_exception = 1'b1;
end
end
riscv::CSR_MSTATUS: begin
mstatus_d = {{64 - riscv::XLEN{1'b0}}, csr_wdata};
mstatus_d.xs = riscv::Off;
Expand All @@ -1346,7 +1368,7 @@ module csr_regfile
if (!CVA6Cfg.RVV) begin
mstatus_d.vs = riscv::Off;
end
mstatus_d.wpri3 = 9'b0;
mstatus_d.wpri3 = 8'b0;
mstatus_d.wpri1 = 1'b0;
mstatus_d.wpri2 = 1'b0;
mstatus_d.wpri0 = 1'b0;
Expand Down Expand Up @@ -1458,10 +1480,24 @@ module csr_regfile
mip_d = (mip_q & ~mask) | (csr_wdata & mask);
end
end
riscv::CSR_MENVCFG: if (CVA6Cfg.RVU) fiom_d = csr_wdata[0];
riscv::CSR_MENVCFG: begin
if (CVA6Cfg.RVU) begin
mask = riscv::ENVCFG_SSE | riscv::ENVCFG_LPE | riscv::ENVCFG_FIOM;
menvcfg_d = csr_wdata & mask;
end
end
riscv::CSR_MENVCFGH: begin
if (!CVA6Cfg.RVU || riscv::XLEN != 32) update_access_exception = 1'b1;
end
riscv::CSR_MSECCFG: begin
mask = riscv::SECCFG_MLPE;
mseccfg_d = csr_wdata & mask;
end
riscv::CSR_MSECCFGH: begin
if (riscv::XLEN != 32) begin
update_access_exception = 1'b1;
end
end
riscv::CSR_MCOUNTINHIBIT:
if (PERF_COUNTER_EN) mcountinhibit_d = {csr_wdata[MHPMCounterNum+2:2], 1'b0, csr_wdata[0]};
else update_access_exception = 1'b1;
Expand Down Expand Up @@ -2439,7 +2475,9 @@ module csr_regfile
mtvt_q <= {riscv::XLEN{1'b0}};
mscratch_q <= {riscv::XLEN{1'b0}};
mtval_q <= {riscv::XLEN{1'b0}};
fiom_q <= '0;
menvcfg_q <= 'b0;
henvcfg_q <= 'b0;
senvcfg_q <= 'b0;
dcache_q <= {{riscv::XLEN - 1{1'b0}}, 1'b1};
icache_q <= {{riscv::XLEN - 1{1'b0}}, 1'b1};
mcountinhibit_q <= '0;
Expand Down Expand Up @@ -2528,7 +2566,9 @@ module csr_regfile
mtvt_q <= {riscv::XLEN{1'b0}};
mscratch_q <= {riscv::XLEN{1'b0}};
mtval_q <= {riscv::XLEN{1'b0}};
fiom_q <= '0;
menvcfg_q <= 'b0;
henvcfg_q <= 'b0;
senvcfg_q <= 'b0;
dcache_q <= {{riscv::XLEN - 1{1'b0}}, 1'b1};
icache_q <= {{riscv::XLEN - 1{1'b0}}, 1'b1};
mcountinhibit_q <= '0;
Expand Down Expand Up @@ -2612,7 +2652,9 @@ module csr_regfile
mtvt_q <= mtvt_d;
mscratch_q <= mscratch_d;
if (CVA6Cfg.TvalEn) mtval_q <= mtval_d;
fiom_q <= fiom_d;
menvcfg_q <= menvcfg_d;
henvcfg_q <= henvcfg_d;
senvcfg_q <= senvcfg_d;
Comment on lines +2655 to +2657
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[verible-verilog-format] reported by reviewdog 🐶

Suggested change
menvcfg_q <= menvcfg_d;
henvcfg_q <= henvcfg_d;
senvcfg_q <= senvcfg_d;
menvcfg_q <= menvcfg_d;
henvcfg_q <= henvcfg_d;
senvcfg_q <= senvcfg_d;

dcache_q <= dcache_d;
icache_q <= icache_d;
mcountinhibit_q <= mcountinhibit_d;
Expand Down
2 changes: 2 additions & 0 deletions core/cva6.sv
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -203,6 +203,8 @@ module cva6
CVA6Cfg.XFVec,
CVA6Cfg.CvxifEn,
CVA6Cfg.ZiCondExtEn,
CVA6Cfg.ZiCfiSSEn,
CVA6Cfg.ZiCfiLPEn,
CVA6Cfg.RVSCLIC,
// Extended
bit'(RVF),
Expand Down
4 changes: 3 additions & 1 deletion core/include/ariane_pkg.sv
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -132,13 +132,15 @@ package ariane_pkg;
| riscv::SSTATUS_XS
| riscv::SSTATUS_SUM
| riscv::SSTATUS_MXR
| riscv::SSTATUS_SPELP
| riscv::SSTATUS_UPIE
| riscv::SSTATUS_SPIE
| riscv::SSTATUS_UXL
| riscv::SSTATUS_SD;

localparam logic [63:0] SMODE_STATUS_WRITE_MASK = riscv::SSTATUS_SIE
| riscv::SSTATUS_SPIE
| riscv::SSTATUS_SPELP
| riscv::SSTATUS_SPP
| riscv::SSTATUS_FS
| riscv::SSTATUS_SUM
Expand Down Expand Up @@ -1067,7 +1069,7 @@ package ariane_pkg;
function automatic logic is_trans_2M(input logic s_st_enbl, input logic g_st_enbl,
input logic is_s_1G, input logic is_s_2M,
input logic is_g_1G, input logic is_g_2M);
return (s_st_enbl && g_st_enbl) ?
return (s_st_enbl && g_st_enbl) ?
((is_s_2M && (is_g_1G || is_g_2M)) || (is_g_2M && (is_s_1G || is_s_2M))) :
((is_s_2M && s_st_enbl) || (is_g_2M && g_st_enbl));
endfunction : is_trans_2M
Expand Down
6 changes: 5 additions & 1 deletion core/include/config_pkg.sv
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -76,6 +76,10 @@ package config_pkg;
bit CvxifEn;
// Zicond RISC-V extension
bit ZiCondExtEn;
// Control-Flow Integrity - Zicfiss extension
bit ZiCfiSSEn;
// Control-Flow Integrity - Zicfilp extension
bit ZiCfiLPEn;
// CLIC extension
bit RVSCLIC;
// Single precision FP RISC-V extension
Expand Down Expand Up @@ -108,7 +112,7 @@ package config_pkg;
bit RVU;
// Address to jump when halt request
logic [63:0] HaltAddress;
// Address to jump when exception
// Address to jump when exception
logic [63:0] ExceptionAddress;
// Return address stack depth
int unsigned RASDepth;
Expand Down
4 changes: 4 additions & 0 deletions core/include/cv64a6_imafdcsclic_sv39_config_pkg.sv
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,8 @@ package cva6_config_pkg;
localparam CVA6ConfigVExtEn = 0;
localparam CVA6ConfigHExtEn = 1;
localparam CVA6ConfigZiCondExtEn = 1;
localparam CVA6ConfigZiCfiSSEn = 1;
localparam CVA6ConfigZiCfiLPEn = 1;
localparam CVA6ConfigSclicExtEn = 1;

localparam CVA6ConfigAxiIdWidth = 4;
Expand Down Expand Up @@ -98,6 +100,8 @@ package cva6_config_pkg;
XFVec: bit'(CVA6ConfigFVecEn),
CvxifEn: bit'(CVA6ConfigCvxifEn),
ZiCondExtEn: bit'(CVA6ConfigZiCondExtEn),
ZiCfiSSEn: bit'(CVA6ConfigZiCfiSSEn),
ZiCfiLPEn: bit'(CVA6ConfigZiCfiLPEn),
RVSCLIC: bit'(CVA6ConfigSclicExtEn),
// Extended
RVF:
Expand Down
63 changes: 49 additions & 14 deletions core/include/riscv_pkg.sv
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -83,9 +83,11 @@ package riscv;

typedef struct packed {
logic sd; // signal dirty state - read-only
logic [62:34] wpri6; // writes preserved reads ignored
logic [62:34] wpri7; // writes preserved reads ignored
xlen_e uxl; // variable user mode xlen - hardwired to zero
logic [11:0] wpri5; // writes preserved reads ignored
logic [7:0] wpri6; // writes preserved reads ignored
logic spelp; // hold previous ELP in S-mode
logic [2:0] wpri5; // writes preserved reads ignored
logic mxr; // make executable readable
logic sum; // permit supervisor user memory access
logic wpri4; // writes preserved reads ignored
Expand Down Expand Up @@ -123,14 +125,17 @@ package riscv;

typedef struct packed {
logic sd; // signal dirty state - read-only
logic [62:40] wpri4; // writes preserved reads ignored
logic [62:42] wpri5; // writes preserved reads ignored
logic mpelp; // hold previous ELP in M-mode
logic wpri4; // writes preserved reads ignored
logic mpv; // machine previous virtualization mode
logic gva; // variable set when trap writes to stval
logic mbe; // endianness memory accesses made from M-mode
logic sbe; // endianness memory accesses made from S-mode
xlen_e sxl; // variable supervisor mode xlen - hardwired to zero
xlen_e uxl; // variable user mode xlen - hardwired to zero
logic [8:0] wpri3; // writes preserved reads ignored
logic [7:0] wpri3; // writes preserved reads ignored
logic spelp; // hold previous ELP in S-mode
logic tsr; // trap sret
logic tw; // time wait
logic tvm; // trap virtual memory
Expand All @@ -152,14 +157,27 @@ package riscv;
logic wpri0; // writes preserved reads ignored
} mstatus_rv_t;

typedef struct packed {
logic [63:11] wpri1; // writes preserved reads ignored
logic mlpe; // enable Zicfilp in M-mode
logic sseed; // not implemented - requires Zkr extension
logic useed; // not implemented - requires Zkr extension
logic [7:3] wpri0; // writes preserved reads ignored
logic rlb; // not implemented - requires Smepmp extension
logic mmwp; // not implemented - requires Smepmp extension
logic mml; // not implemented - requires Smepmp extension
} seccfg_rv_t;

typedef struct packed {
logic stce; // not implemented - requires Sctc extension
logic pbmte; // not implemented - requires Svpbmt extension
logic [61:8] wpri1; // writes preserved reads ignored
logic cbze; // not implemented - requires Zicboz extension
logic cbcfe; // not implemented - requires Zicbom extension
logic [1:0] cbie; // not implemented - requires Zicbom extension
logic [2:0] wpri0; // writes preserved reads ignored
logic sse; // enable Zicfiss in less priviledged modes
logic lpe; // enable Zicfilp in less priviledged modes
logic wpri0; // writes preserved reads ignored
logic fiom; // fence of I/O implies memory
} envcfg_rv_t;

Expand Down Expand Up @@ -581,6 +599,8 @@ package riscv;
CSR_MCYCLEH = 12'hB80,
CSR_MINSTRET = 12'hB02,
CSR_MINSTRETH = 12'hB82,
CSR_MSECCFG = 12'h747,
CSR_MSECCFGH = 12'h757,
//Performance Counters
CSR_MHPM_COUNTER_3 = 12'hB03,
CSR_MHPM_COUNTER_4 = 12'hB04,
Expand Down Expand Up @@ -658,6 +678,8 @@ package riscv;
CSR_DPC = 12'h7b1,
CSR_DSCRATCH0 = 12'h7b2, // optional
CSR_DSCRATCH1 = 12'h7b3, // optional
// Control-Flow Integrity - Zicfiss
CSR_SSP = 12'h011,
// Counters and Timers (User Mode - R/O Shadows)
CSR_CYCLE = 12'hC00,
CSR_CYCLEH = 12'hC80,
Expand Down Expand Up @@ -736,6 +758,7 @@ package riscv;
localparam logic [63:0] SSTATUS_XS = 'h00018000;
localparam logic [63:0] SSTATUS_SUM = 'h00040000;
localparam logic [63:0] SSTATUS_MXR = 'h00080000;
localparam logic [63:0] SSTATUS_SPELP = 'h00800000;
localparam logic [63:0] SSTATUS_UPIE = 'h00000010;
localparam logic [63:0] SSTATUS_UXL = 64'h0000000300000000;
localparam logic [63:0] SSTATUS_SD = {IS_XLEN64, 31'h00000000, ~IS_XLEN64, 31'h00000000};
Expand Down Expand Up @@ -767,21 +790,32 @@ package riscv;
localparam logic [63:0] MSTATUS_MPRV = 'h00020000;
localparam logic [63:0] MSTATUS_SUM = 'h00040000;
localparam logic [63:0] MSTATUS_MXR = 'h00080000;
localparam logic [63:0] MSTATUS_SPELP = 'h00800000;
localparam logic [63:0] MSTATUS_TVM = 'h00100000;
localparam logic [63:0] MSTATUS_TW = 'h00200000;
localparam logic [63:0] MSTATUS_TSR = 'h00400000;
localparam logic [63:0] MSTATUS_UXL = {30'h0000000, IS_XLEN64, IS_XLEN64, 32'h00000000};
localparam logic [63:0] MSTATUS_SXL = {28'h0000000, IS_XLEN64, IS_XLEN64, 34'h00000000};
localparam logic [63:0] MSTATUS_MPELP = 'h0000020000000000;
localparam logic [63:0] MSTATUS_SD = {IS_XLEN64, 31'h00000000, ~IS_XLEN64, 31'h00000000};

localparam logic [63:0] MENVCFG_FIOM = 'h00000001;
localparam logic [63:0] MENVCFG_CBIE = 'h00000030;
localparam logic [63:0] MENVCFG_CBFE = 'h00000040;
localparam logic [63:0] MENVCFG_CBZE = 'h00000080;
localparam logic [63:0] MENVCFG_PBMTE = 64'h4000000000000000;
localparam logic [63:0] MENVCFG_STCE = 64'h8000000000000000;


// xENVCFG bit fields
localparam logic [63:0] ENVCFG_FIOM = 64'h0000000000000001;
localparam logic [63:0] ENVCFG_LPE = 64'h0000000000000004;
localparam logic [63:0] ENVCFG_SSE = 64'h0000000000000008;
localparam logic [63:0] ENVCFG_CBIE = 64'h0000000000000030;
localparam logic [63:0] ENVCFG_CBFE = 64'h0000000000000040;
localparam logic [63:0] ENVCFG_CBZE = 64'h0000000000000080;
Comment on lines +803 to +808
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[verible-verilog-format] reported by reviewdog 🐶

Suggested change
localparam logic [63:0] ENVCFG_FIOM = 64'h0000000000000001;
localparam logic [63:0] ENVCFG_LPE = 64'h0000000000000004;
localparam logic [63:0] ENVCFG_SSE = 64'h0000000000000008;
localparam logic [63:0] ENVCFG_CBIE = 64'h0000000000000030;
localparam logic [63:0] ENVCFG_CBFE = 64'h0000000000000040;
localparam logic [63:0] ENVCFG_CBZE = 64'h0000000000000080;
localparam logic [63:0] ENVCFG_FIOM = 64'h0000000000000001;
localparam logic [63:0] ENVCFG_LPE = 64'h0000000000000004;
localparam logic [63:0] ENVCFG_SSE = 64'h0000000000000008;
localparam logic [63:0] ENVCFG_CBIE = 64'h0000000000000030;
localparam logic [63:0] ENVCFG_CBFE = 64'h0000000000000040;
localparam logic [63:0] ENVCFG_CBZE = 64'h0000000000000080;

localparam logic [63:0] ENVCFG_PBMTE = 64'h4000000000000000;
localparam logic [63:0] ENVCFG_STCE = 64'h8000000000000000;
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[verible-verilog-format] reported by reviewdog 🐶

Suggested change
localparam logic [63:0] ENVCFG_STCE = 64'h8000000000000000;
localparam logic [63:0] ENVCFG_STCE = 64'h8000000000000000;


// xSECCFG bit fields
localparam logic [63:0] SECCFG_MML = 64'h0000000000000001;
localparam logic [63:0] SECCFG_MMWP = 64'h0000000000000002;
localparam logic [63:0] SECCFG_RLP = 64'h0000000000000004;
Comment on lines +813 to +815
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[verible-verilog-format] reported by reviewdog 🐶

Suggested change
localparam logic [63:0] SECCFG_MML = 64'h0000000000000001;
localparam logic [63:0] SECCFG_MMWP = 64'h0000000000000002;
localparam logic [63:0] SECCFG_RLP = 64'h0000000000000004;
localparam logic [63:0] SECCFG_MML = 64'h0000000000000001;
localparam logic [63:0] SECCFG_MMWP = 64'h0000000000000002;
localparam logic [63:0] SECCFG_RLP = 64'h0000000000000004;

localparam logic [63:0] SECCFG_USEED = 64'h0000000000000100;
localparam logic [63:0] SECCFG_SSEED = 64'h0000000000000200;
localparam logic [63:0] SECCFG_MLPE = 64'h0000000000000400;
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[verible-verilog-format] reported by reviewdog 🐶

Suggested change
localparam logic [63:0] SECCFG_MLPE = 64'h0000000000000400;
localparam logic [63:0] SECCFG_MLPE = 64'h0000000000000400;


typedef enum logic [2:0] {
CSRRW = 3'h1,
Expand Down Expand Up @@ -847,7 +881,8 @@ package riscv;
// -----
typedef struct packed {
logic [31:28] xdebugver;
logic [27:18] zero2;
logic [27:19] zero2;
logic pelp;
logic ebreakvs;
logic ebreakvu;
logic ebreakm;
Expand Down
Loading