Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow CAndPerms to clear global on sealed caps? #70

Closed
rmn30 opened this issue Sep 19, 2024 · 3 comments
Closed

Allow CAndPerms to clear global on sealed caps? #70

rmn30 opened this issue Sep 19, 2024 · 3 comments
Labels
enhancement New feature or request maybe-v2 Tracking issues for possible changes for an ISAv2

Comments

@rmn30
Copy link
Collaborator

rmn30 commented Sep 19, 2024
edited
Loading

@arichardson pointed out that it's a little odd that CAndPerms can't clear the global (GL) perm on sealed capabilities: it's possible to clear it by storing to memory and loading via a capability without load_global (LG) anyway. It might be useful to be able to delegate a sealed capability only for the duration of a compartment call, so it might be convenient to allow this. The question is what exactly should the semantics be and how much does it cost hw?

I can think of two ways we could allow this:

  1. allow the mask that is all ones except for GL to be used on sealed capabilities. Other masks will clear the tag if used on sealed capabilities.
  2. compare the original permissions to the masked permissions using xor and clear the tag if there are any bits set except for GL.

The second is more general in that it allows applying any mask that would have no effect on the permissions except for the global bit. However, it is probably a little more expensive to implement in hardware. Thoughts @kliuMsft ?
@rmn30 rmn30 added enhancement New feature or request maybe-v2 Tracking issues for possible changes for an ISAv2 labels Sep 20, 2024
@nwf
Copy link
Member

nwf commented Sep 23, 2024

(Just adding xrefs to #14 and #44)

@davidchisnall
Copy link
Collaborator

It would be nice to do this in v1. It's inconsistent that you can clear a permission using a store and load, but you can't as a register-register operation.

@nwf nwf mentioned this issue Nov 8, 2024
Merged
@rmn30
Copy link
Collaborator Author

rmn30 commented Nov 29, 2024

Resolved via #83

@rmn30 rmn30 closed this as completed Nov 29, 2024
@github-project-automation github-project-automation bot moved this from In Progress to Done (Sail) in ISA Version 1.0 release Nov 29, 2024
@davidchisnall davidchisnall moved this from Done (Sail) to Done (Ibex) in ISA Version 1.0 release Dec 3, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request maybe-v2 Tracking issues for possible changes for an ISAv2
Projects
ISA Version 1.0 release
Status: Done (Ibex)
Milestone
No milestone
Development

No branches or pull requests
3 participants
@nwf @davidchisnall @rmn30