Updates to Github #github #CMOs #risv


tech-cmo@lists.riscv.org Integration <tech-cmo@...>
 

[riscv-CMOs:master] New Issue Created by jrtc27:
#45 Interaction between management instructions and dirty bit

The prefetch and zeroing instructions are very clear about how they interact with the accessed and dirty bits, but there is no similar discussion for the management instructions, and the semantics of that are quite important. Am I missing something or is this totally unspecified at the moment? I can see scope for multiple options here. The fact that the instruction is allowed to invalidate even when you don't have store permission (which is rather frightening) makes it particularly unclear, as there is not an implicit write translation that means it can just unconditionally dirty the page like on other architectures. To be honest, this might be a justification for enforcing write permission on PTEs...


[riscv-CMOs:master] New Comment on Issue #45 Interaction between management instructions and dirty bit
By jrtc27:

Also, if you're trying to invalidate a read-only page whose accessed bit is clear on hardware that relies on software A+D emulation, the fact that you get a store/AMO fault for that is going to be a total PITA for software to deal with, as it can't just treat a store/AMO fault as requiring store permission on the PTE to not be a fatal fault any more.


[riscv-CMOs:master] New Comment on Issue #45 Interaction between management instructions and dirty bit
By jrtc27:

So, whilst in practice there may not be a security justification for mandating PTEs be writeable, I strongly believe that relaxation makes it a complete nightmare to have any kind of sane behaviour when it comes to accessed and dirty bits, and that the extension should just follow other architectures like AArch64 and require write permission rather than trying to be clever about it.