Hi John, See my responses inline below. Regards, Yanyan Thanks very much for your installments, which clarify things and help us to understand the extension. So, it is expected that the

Nick Kossifidis wrote: All of the other proposals, including the one you favor, have this exact same property when MML = 0. As I wrote in my document, and have tried repeatedly to make clear, the

Στις 2020-02-28 21:14, John Hauser έγραψε: You've excluded the possibility of having a region that's writeable by S/U and executable by M mode at the same time. However it's possible for S/U

Yea, I remember Non-Stop folks explaining how they were going to considerably simplify their implementation by not relying on lockstep, but instead relying on counting retired instructions. But they

Let me withdraw the part about RDTSC - I confused RISC-V RDCYCLE and RDTSC. However, my point about people using instruction retired count in real life for real functionality remains.

Intel's RDTSC is used not just for performance measurements, but also as timestamps, not just for databases, but also for enough generic Linux code that Intel was forced to ensure that RDTSC was

John Hauser wrote: I don't understand how having extra bit patterns for the PMP config registers compromise security. Isn't it pretty much a given that the values loaded into the PMP address registers

Nick Kossifidis wrote: I agree that would be dangerous, but I intentionally excluded that possibility, so I don't understand. What is the exact encoding that you think allows this, when MSL >

Some thoughts on the various proposals on the spreadsheet (v0.3): M&L proposal: The purpose of M bit is not clear, I get that the idea is to be able to mark a rule that applies to M mode without

Hi Gernot and Yanyan, It's been a couple of months since you first sent (Dec. 4) your document reporting your experience adapting the seL4 microkernel to draft 0.4 of the RISC-V hypervisor extension,

Ø why don't you instead simply not program any lock bits until you get to the point that you would have changed DPL from 1->0? Because we can’t program the permissions we need without locking

Just as I have been asking why DMC is necessary, I have to ask why the DPL bit is necessary. If there is code that wants to reorder PMP entries while DPL is 1, but the lock bits are set - why don't

Tariq Kurd wrote: Hi Tariq, I meant for the encodings with W = 1 and R = 0 to continue to be reserved, as the spreadsheet indicates, but you're right that I forgot to say so in my document. I have a

It is just one extra bit if its combined with an existing CSR, otherwise its extra decoding, scan and DVT logic, (not to mention extra readmux and write enable, regardless of whether its merged into

Hi everyone, We have spent a considerable amount of time reviewing the different proposals and have come to some conclusions. 1. The PMP enhancement proposal can meet our needs with the

Hi Allen, The point I was trying to make about locked PMP entries, but failed to communicate before, is this: When a system starts up after reset, PMP is enforced according to a certain set of

Yes, the reason I labelled it separate M&L was because the existing "legacy" proposal essentially combines the functionality into a single "L" bit. > But: if an entry is created (necessarily by

Hi Tariq, all, After a rethink, I actually think that the restriction imposed by lock is a good feature to security. For example, in your use case that BR wants to lockdown its sub-regions one by

Hi Andy, M-mode can use mstatus.mprv to access S/U-mode memory regions, provided that S/U-mode has read access to them. If any non-readable regions are configured then trap-and-emulate won't be

Creating a new thread, for a new topic, although I'm excerpting some old email as inspiration. Anyway: Andrew Waterman tells me that 1 of the big purposes of M-mode is to emulate instructions. For