From 3ea72340c3650de3ba467c3b2d3c191031012245 Mon Sep 17 00:00:00 2001 From: Ved Shanbhogue Date: Sun, 22 Oct 2023 11:39:01 -0500 Subject: [PATCH] SS access to non-SS pages cause page fault --- cfi_backward.adoc | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/cfi_backward.adoc b/cfi_backward.adoc index e7ba95e..ffa54b4 100644 --- a/cfi_backward.adoc +++ b/cfi_backward.adoc @@ -847,8 +847,8 @@ The following faults may occur: original access type. . If the accessed page is not a shadow stack page or if the page is in non-idempotent memory: -.. `SSAMOSWAP`, `C.SSPUSH`, and `SSPUSH` cause a store/AMO access-fault. -.. `C.SSPOPCHK` and `SSPOPCHK` cause a load access-fault. +.. `SSAMOSWAP`, `C.SSPUSH`, and `SSPUSH` cause a store/AMO page fault. +.. `C.SSPOPCHK` and `SSPOPCHK` cause a load page fault. [NOTE] ==== @@ -902,7 +902,7 @@ follows: PAGESIZE` and go to step 2. 5. A leaf PTE has been found. If the memory access is by a shadow stack - instruction and `pte.xwr != 010b`, then cause an access-violation exception + instruction and `pte.xwr != 010b`, then cause a page fault exception corresponding to the access type. If the memory access is either a non-shadow-stack store/AMO or an implicit access, and `pte.xwr == 010b`, then an access-fault exception is raised, corresponding to the original access type. @@ -936,10 +936,7 @@ Shadow stacks are expected to be bounded on each end using guard pages, so that no two shadow stacks are adjacent to each other. This guards against accidentally underflowing or overflowing from one shadow stack to another. Traditionally, a guard page for a stack is a page that is inaccessible to the process owning -the stack. For shadow stacks, the guard page may also be a non-shadow-stack -page that is otherwise accessible to the process owning the shadow stack -because shadow stack loads and stores to non-shadow-stack pages cause an -access-fault exception. +the stack. ==== The G-stage address translation and protections remain unaffected by Zicfiss