diff options
| author | Deepak Gupta <debug@rivosinc.com> | 2025-03-05 22:46:35 -0800 |
|---|---|---|
| committer | Alistair Francis <alistair.francis@wdc.com> | 2025-03-19 16:33:01 +1000 |
| commit | 86c78b280607fcff787866a03374047c65037a90 (patch) | |
| tree | dd7c6a7c6b4431780c059b3e31fbc6422ba3ef02 | |
| parent | 17288e38bebf20121c4aa20b264e661a7fa50ed8 (diff) | |
| download | qemu-86c78b280607fcff787866a03374047c65037a90.zip qemu-86c78b280607fcff787866a03374047c65037a90.tar.gz qemu-86c78b280607fcff787866a03374047c65037a90.tar.bz2 | |
target/riscv: fix access permission checks for CSR_SSP
Commit:8205bc1 ("target/riscv: introduce ssp and enabling controls for
zicfiss") introduced CSR_SSP but it mis-interpreted the spec on access
to CSR_SSP in M-mode. Gated to CSR_SSP is not gated via `xSSE`. But
rather rules clearly specified in section "22.2.1. Shadow Stack Pointer
(ssp) CSR access contr" in the priv spec.
Fixes: 8205bc127a83 ("target/riscv: introduce ssp and enabling controls
for zicfiss". Thanks to Adam Zabrocki for bringing this to attention.
Reported-by: Adam Zabrocki <azabrocki@nvidia.com>
Signed-off-by: Deepak Gupta <debug@rivosinc.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-ID: <20250306064636.452396-1-debug@rivosinc.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
| -rw-r--r-- | target/riscv/csr.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/target/riscv/csr.c b/target/riscv/csr.c index 49566d3..8225e9b 100644 --- a/target/riscv/csr.c +++ b/target/riscv/csr.c @@ -192,6 +192,11 @@ static RISCVException cfi_ss(CPURISCVState *env, int csrno) return RISCV_EXCP_ILLEGAL_INST; } + /* If ext implemented, M-mode always have access to SSP CSR */ + if (env->priv == PRV_M) { + return RISCV_EXCP_NONE; + } + /* if bcfi not active for current env, access to csr is illegal */ if (!cpu_get_bcfien(env)) { #if !defined(CONFIG_USER_ONLY) |