Machine: propagate xRET type and clear MPRV

Decode MRET/SRET/URET in the decode stage, carry the return type through interstage registers, and pass it to ControlState::exception_return in the memory stage. Mark returns illegal if they request a higher privilege (e.g., MRET in S-mode). When returning from M to a less-privileged mode, clear MPRV per the privileged spec.

Author: nemecad

src/machine/core.cpp

@@ -19,6 +19,33 @@ static InstructionFlags unsupported_inst_flags_to_check(Xlen xlen, ConfigIsaWord
     return InstructionFlags(flags_to_check);
 }
 
+static CSR::PrivilegeLevel decode_xret_type_from_inst(const Instruction &inst) {
+    // bits [6:0]   = opcode (SYSTEM opcode == 0x73)
+    // bits [31:20] = funct12 (distinguishes MRET/SRET/URET)
+    const uint32_t w = inst.data();
+    const uint32_t OPCODE_MASK = 0x7Fu; // bits 6:0
+    const uint32_t FUNCT12_SHIFT = 20u; // funct12 starts at bit 20
+    const uint32_t FUNCT12_MASK = 0xFFFu; // 12 bits
+
+    const uint32_t opcode = w & OPCODE_MASK;
+    if (opcode != 0x73u) { // not a SYSTEM-family instruction
+        return CSR::PrivilegeLevel::UNPRIVILEGED;
+    }
+
+    const uint32_t funct12 = (w >> FUNCT12_SHIFT) & FUNCT12_MASK;
+
+    constexpr uint32_t MRET_FUNCT12 = 0x302u;
+    constexpr uint32_t SRET_FUNCT12 = 0x102u;
+    constexpr uint32_t URET_FUNCT12 = 0x002u;
+
+    switch (funct12) {
+        case MRET_FUNCT12: return CSR::PrivilegeLevel::MACHINE; // MRET
+        case SRET_FUNCT12: return CSR::PrivilegeLevel::SUPERVISOR; // SRET
+        case URET_FUNCT12: return CSR::PrivilegeLevel::UNPRIVILEGED; // URET
+        default: return CSR::PrivilegeLevel::UNPRIVILEGED;
+    }
+}
+
 Core::Core(
     Registers *regs,
     BranchPredictor *predictor,
@@ -316,6 +343,14 @@ DecodeState Core::decode(const FetchInterstage &dt) {
     ExceptionCause excause = dt.excause;
 
     dt.inst.flags_alu_op_mem_ctl(flags, alu_op, mem_ctl);
+    CSR::PrivilegeLevel inst_xret_priv = CSR::PrivilegeLevel::UNPRIVILEGED;
+    if (flags & IMF_XRET) {
+        inst_xret_priv = decode_xret_type_from_inst(dt.inst);
+        // Mark illegal if current privilege is lower than encoded xRET type (e.g. MRET executed in S-mode)
+        if (state.current_privilege() < inst_xret_priv) {
+            excause = EXCAUSE_INSN_ILLEGAL;
+        }
+    }
 
     if ((flags ^ check_inst_flags_val) & check_inst_flags_mask) { excause = EXCAUSE_INSN_ILLEGAL; }
 
@@ -392,6 +427,7 @@ DecodeState Core::decode(const FetchInterstage &dt) {
                                 .csr_to_alu = bool(flags & IMF_CSR_TO_ALU),
                                 .csr_write = csr_write,
                                 .xret = bool(flags & IMF_XRET),
+                                .xret_privlev = inst_xret_priv,
                                 .insert_stall_before = bool(flags & IMF_CSR) } };
 }
 
@@ -462,6 +498,7 @@ ExecuteState Core::execute(const DecodeInterstage &dt) {
                  .csr = dt.csr,
                  .csr_write = dt.csr_write,
                  .xret = dt.xret,
+                 .xret_privlev = dt.xret_privlev,
              } };
 }
 
@@ -527,7 +564,7 @@ MemoryState Core::memory(const ExecuteInterstage &dt) {
         }
         if (dt.xret) {
             CSR::PrivilegeLevel restored
-                = control_state->exception_return(state.current_privilege());
+                = control_state->exception_return(state.current_privilege(), dt.xret_privlev);
             state.set_current_privilege(restored);
             if (auto prog_tlb = dynamic_cast<TLB *>(mem_program)) {
                 prog_tlb->on_privilege_changed(restored);
@@ -583,6 +620,7 @@ MemoryState Core::memory(const ExecuteInterstage &dt) {
                  .regwrite = regwrite,
                  .is_valid = dt.is_valid,
                  .csr_written = csr_written,
+                 .xret_privlev = dt.xret_privlev,
              } };
 }
 

src/machine/csr/controlstate.cpp

@@ -190,11 +190,11 @@ namespace machine { namespace CSR {
         emit write_signal(reg_id, reg);
     }
 
-    PrivilegeLevel ControlState::exception_return(enum PrivilegeLevel act_privlev) {
+    PrivilegeLevel ControlState::exception_return(enum PrivilegeLevel act_privlev, enum PrivilegeLevel xret_privlev) {
         size_t reg_id = Id::MSTATUS;
         RegisterValue &reg = register_data[reg_id];
         PrivilegeLevel restored_privlev = PrivilegeLevel::MACHINE;
-        if (act_privlev == PrivilegeLevel::MACHINE) {
+        if (xret_privlev == PrivilegeLevel::MACHINE) {
             // MRET semantics:
             //   MIE  <- MPIE
             //   MPIE <- 1
@@ -212,7 +212,7 @@ namespace machine { namespace CSR {
             default: restored_privlev = PrivilegeLevel::UNPRIVILEGED; break;
             }
             write_field(Field::mstatus::MPP, (uint64_t)0); // clear MPP per spec
-        } else if (act_privlev == PrivilegeLevel::SUPERVISOR) {
+        } else if (xret_privlev == PrivilegeLevel::SUPERVISOR) {
             // SRET semantics:
             //   SIE  <- SPIE
             //   SPIE <- 1
@@ -229,6 +229,12 @@ namespace machine { namespace CSR {
             restored_privlev = PrivilegeLevel::UNPRIVILEGED;
         }
 
+        // If the instruction was executed in M-mode and the restored privilege is less-privileged
+        // than M, clear MPRV per the privileged spec.
+        if (act_privlev == PrivilegeLevel::MACHINE && restored_privlev != PrivilegeLevel::MACHINE) {
+            write_field(Field::mstatus::MPRV, (uint64_t)0);
+        }
+
         emit write_signal(reg_id, reg);
 
         return restored_privlev;

src/machine/csr/controlstate.h

@@ -150,7 +150,7 @@ namespace machine { namespace CSR {
     public slots:
         void set_interrupt_signal(uint irq_num, bool active);
         void exception_initiate(PrivilegeLevel act_privlev, PrivilegeLevel to_privlev);
-        PrivilegeLevel exception_return(enum PrivilegeLevel act_privlev);
+        PrivilegeLevel exception_return(enum PrivilegeLevel act_privlev, enum PrivilegeLevel xret_privlev);
 
     private:
         static size_t get_register_internal_id(Address address);
@@ -211,6 +211,7 @@ namespace machine { namespace CSR {
             static constexpr RegisterFieldDesc MIE = { "MIE", Id::MSTATUS, {1, 3}, "Machine global interrupt-enable"};
             static constexpr RegisterFieldDesc SPIE = { "SPIE", Id::MSTATUS, {1, 5}, "Previous SIE before the trap"};
             static constexpr RegisterFieldDesc MPIE = { "MPIE", Id::MSTATUS, {1, 7}, "Previous MIE before the trap"};
+            static constexpr RegisterFieldDesc MPRV = { "MPRV", Id::MSTATUS, {1, 17}, "Modify privilege for loads/stores/fetches" };
             static constexpr RegisterFieldDesc SPP = { "SPP", Id::MSTATUS, {1, 8}, "System previous privilege mode"};
             static constexpr RegisterFieldDesc MPP = { "MPP", Id::MSTATUS, {2, 11}, "Machine previous privilege mode"};
             static constexpr RegisterFieldDesc UXL = { "UXL", Id::MSTATUS, {2, 32}, "User mode XLEN (RV64 only)"};

src/machine/pipeline.h

@@ -117,6 +117,7 @@ struct DecodeInterstage {
     bool csr_to_alu = false;
     bool csr_write = false;
     bool xret = false;        // Return from exception, MRET and SRET
+    CSR::PrivilegeLevel xret_privlev = CSR::PrivilegeLevel::UNPRIVILEGED;
     bool insert_stall_before = false;
 
 public:
@@ -179,6 +180,7 @@ struct ExecuteInterstage {
     bool csr = false;
     bool csr_write = false;
     bool xret = false;
+    CSR::PrivilegeLevel xret_privlev = CSR::PrivilegeLevel::UNPRIVILEGED;
 
 public:
     /** Reset to value corresponding to NOP. */
@@ -245,6 +247,7 @@ struct MemoryInterstage {
     bool regwrite = false;
     bool is_valid = false;
     bool csr_written = false;
+    CSR::PrivilegeLevel xret_privlev = CSR::PrivilegeLevel::UNPRIVILEGED;
 
 public:
     /** Reset to value corresponding to NOP. */