Giters

riscv / riscv-cfi

This repo holds the work area and revisions of the RISC-V CFI (Shadow Stack and Landing Pads) specifications. CFI defines the privileged and unprivileged ISA extensions that can be used by privileged and unprivileged programs to protect the integrity of their control-flow.

Home Page:https://jira.riscv.org/browse/RVG-80

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Introduce compressed shadow stack instructions

ved-rivos opened this issue · comments

commented

Issue #58 discussed a set of updates to shadow stack instructions suggested by AR.
The updates are as summarized:

  1. Update sspush and sspop to support only x1 and x5 as source and destination respectively
  2. Drop the sschkra instruction
  3. Define a sspopchk instruction
  4. Add compressed encoding's SS-LP-CFI sspush and sspopchk instructions

PR #59 addressed updates for items 1 through 3.

Closure of item 4 was pending definition of compressed Zimop - Zcmop - and their encodings.
These are now available from AR:

Zcmop

Eight code points in the 16-bit encoding space are provided for MOPs:

c.mop.0, encoded in the reserved encoding space where c.lui x1, 0 would be encoded
c.mop.1 (c.lui x3, 0)
c.mop.2 (c.lui x5, 0)
...
c.mop.7 (c.lui x15, 0)

These instructions are defined to not write rd. As with other MOPs, which registers they read is left up to the future definition of the op, but this encoding makes it convenient for these instructions to read x1, x3, ..., x15.

Although we generally expect these MOPs to be equivalent to some 32-bit MOP, the expansion (if any) is left to the future definition of the op.

For shadow stacks, the following encodings are suggested:

  • c.mop.0 => sspush x1
  • c.mop.2 => sspopchk x5

The use of these instructions is as follows:

prologue:
    addi sp, sp, -16
    c.sspush x1
    sd x1, 8(sp)
body:
    ...
    jal x1, other_procedure
    ...
epilogue:
    ld x5, 8(sp)
    c.sspopchk x5
    jr x5
commented

PR #86 introduces these updates.