diff --git a/archdoc/app-isaquick-riscv.tex b/archdoc/app-isaquick-riscv.tex index 63396ab..17925e7 100644 --- a/archdoc/app-isaquick-riscv.tex +++ b/archdoc/app-isaquick-riscv.tex @@ -51,6 +51,8 @@ \chapter{Instruction encoding summary} \rvcheriisaquick{CSetBoundsExact} + \rvcheriisaquick{CSetBoundsRoundDown} + \rvcheriisaquick{CSetBoundsImm} \rvcheriisaquick{CSetHigh} diff --git a/archdoc/chap-changes.tex b/archdoc/chap-changes.tex index bc79a89..368812d 100644 --- a/archdoc/chap-changes.tex +++ b/archdoc/chap-changes.tex @@ -43,5 +43,6 @@ \chapter{Version history} Because CHERIoT allows manipulating the status of the interrupt through a function call (and function return) by encoding the interrupt type in the otype, the following attack can occur: A caller calling an interrupt-disabling callee can set the return sentry of the callee to the same callee. This means, the callee will call itself on return all the while operating with interrupts disabled. This will lead to infinite repeated calls to the callee with interrupts disabled, violating availability. This attack can be prevented in CHERIoT by adding two new ``backwards-edge'' sentries and adding more checks on \rvcheriasminsnref{CJALR}. \item[\ghpr{64}] Attempting to store a ``backwards-edge'' sentry through an authorizing cap lacking \cappermSLC will clear the tag of the stored value. This enables the RTOS to confine ``backwards-edge'' sentries to the stack and register spill area. + \item[\ghissue{72},\ghpr{74}] Introduce \rvcheriasminsnref{CSetBoundsRoundDown} to facilitate constructing representable slices of buffers. \end{description} \end{description} diff --git a/archdoc/chap-isaref-riscv.tex b/archdoc/chap-isaref-riscv.tex index ea921d6..543fbe9 100644 --- a/archdoc/chap-isaref-riscv.tex +++ b/archdoc/chap-isaref-riscv.tex @@ -305,6 +305,7 @@ \section{\cherimcu{} Instructions} \input{insn-riscv/csetaddr} \input{insn-riscv/csetbounds} \input{insn-riscv/csetboundsexact} +\input{insn-riscv/csetboundsrounddown} \input{insn-riscv/csetboundsimm} \input{insn-riscv/csetequalexact} \input{insn-riscv/csethigh} diff --git a/archdoc/def-riscv-insns.tex b/archdoc/def-riscv-insns.tex index 54cade0..0d1c093 100644 --- a/archdoc/def-riscv-insns.tex +++ b/archdoc/def-riscv-insns.tex @@ -33,6 +33,7 @@ \rvcherisrcsrcdestimm[name=CIncAddrImm]{1}{cd}{cs1}{imm} \rvcherisrcsrcdest[name=CSetBounds]{8}{cd}{cs1}{rs2} \rvcherisrcsrcdest[name=CSetBoundsExact]{9}{cd}{cs1}{rs2} +\rvcherisrcsrcdest[name=CSetBoundsRoundDown]{A}{cd}{cs1}{rs2} \rvcherisrcsrcdestimm[name=CSetBoundsImm]{2}{cd}{cs1}{uimm} \rvcherisrcsrcdest[name=CSetHigh]{16}{cd}{cs1}{rs2} \rvcherisrcdest[name=CClearTag]{B}{cd}{cs1} diff --git a/archdoc/insn-riscv/csetboundsrounddown.tex b/archdoc/insn-riscv/csetboundsrounddown.tex new file mode 100644 index 0000000..441d39d --- /dev/null +++ b/archdoc/insn-riscv/csetboundsrounddown.tex @@ -0,0 +1,16 @@ +\clearpage +\phantomsection +\addcontentsline{toc}{subsection}{CSetBoundsRoundDown} +\insnriscvlabel{csetboundsrounddown} +\subsection*{CSetBoundsRoundDown} + +\subsubsection*{Format} + +\rvcheriasm{CSetBoundsRoundDown} + +\begin{center} +\rvcheriheader +\rvcheribitbox{CSetBoundsRoundDown} +\end{center} + +\sailRISCVisarefbody{CSetBoundsRoundDown}