{tid_ext_name} is an optional extension to the RISC-V base ISA. Implementations that support {cheri_base_ext_name} and {tid_ext_name} define a variant of the CHERI ISA that allows for more efficient software compartmentalization of CHERI programs.
{tid_ext_name} adds new CSRs to implement a trusted thread identifier (TID) used in compartmentalization. These CSRs are listed in Table 1, Table 2, Table 3 and Table 4.
| {tid_ext_name} CSR | Address | Prerequisites | Read-Permission | Write-Permission | Description |
|---|---|---|---|---|---|
0x780 |
M-mode |
M |
M, [asr_perm] |
Machine Thread Identifier |
| {tid_ext_name} CSR | Address | Prerequisites | Read-Permission | Write-Permission | Description |
|---|---|---|---|---|---|
0x580 |
S-mode |
S |
S, [asr_perm] |
Supervisor Thread Identifier |
| {tid_ext_name} CSR | Address | Prerequisites | Read-Permission | Write-Permission | Description |
|---|---|---|---|---|---|
0xA80 |
VS-mode |
S |
H, [asr_perm] |
Virtual Supervisor Thread Identifier |
| {tid_ext_name} CSR | Address | Prerequisites | Read-Permission | Write-Permission | Description |
|---|---|---|---|---|---|
0x480 |
U-mode |
U |
U, [asr_perm] |
User Thread Identifier |
The mtid register is an MXLEN-bit read-write register. It is used to identify the current thread in machine mode. The reset value of this register is UNSPECIFIED.
The stid register is an SXLEN-bit read-write register. It is used to identify the current thread in supervisor mode. The reset value of this register is UNSPECIFIED.
The vstid register is a VSLEN-bit read-write register. It is used to identify the current thread in virtual supervisor mode. The reset value of this register is UNSPECIFIED.
The utid register is an UXLEN-bit read-write register. It is used to identify the current thread in user mode. The reset value of this register is UNSPECIFIED.
When {cheri_base_ext_name} is implemented, the {tid_ext_name} CSRs are extended as follows:
The mtidc register is an CLEN-bit read-write capability register. It is the capability extension of the mtid register. It is used to identify the current thread in machine mode. On reset the tag of mtidc will be set to 0 and the remainder of the data is UNSPECIFIED.
The stidc register is an CLEN-bit read-write capability register. It is the capability extension of the stid register. It is used to identify the current thread in supervisor mode. On reset the tag of stidc will be set to 0 and the remainder of the data is UNSPECIFIED.
The vstidc register is a CLEN-bit read-write capability register. It is the capability extension of the vstid register. It is used to identify the current thread in virtual supervisor mode. On reset the tag of vstidc will be set to 0 and the remainder of the data is UNSPECIFIED.
The utidc register is an CLEN-bit read-write capability register. It is the capability extension of the utid register. It is used to identify the current thread in user mode. On reset the tag of utidc will be set to 0 and the remainder of the data is UNSPECIFIED.
The TID bit controls access to the CSRs in Table 2, Table 3 and Table 4 provided by the {tid_ext_name} extension.
mstateen0){reg: [
{bits: 1, name: 'C'},
{bits: 1, name: 'FCSR'},
{bits: 1, name: 'JVT'},
{bits: 1, name: 'TID'},
{bits: 52, name: 'WPRI'},
{bits: 1, name: 'P1P13'},
{bits: 1, name: 'CONTEXT'},
{bits: 1, name: 'IMSIC'},
{bits: 1, name: 'AIA'},
{bits: 1, name: 'CSRIND'},
{bits: 1, name: 'WPRI'},
{bits: 1, name: 'ENVCFG'},
{bits: 1, name: 'SE0'},
], config: {bits: 64, lanes: 4, hspace:1024}}
hstateen0){reg: [
{bits: 1, name: 'C'},
{bits: 1, name: 'FCSR'},
{bits: 1, name: 'JVT'},
{bits: 1, name: 'TID'},
{bits: 53, name: 'WPRI'},
{bits: 1, name: 'CONTEXT'},
{bits: 1, name: 'IMSIC'},
{bits: 1, name: 'AIA'},
{bits: 1, name: 'CSRIND'},
{bits: 1, name: 'WPRI'},
{bits: 1, name: 'ENVCFG'},
{bits: 1, name: 'SE0'},
], config: {bits: 64, lanes: 4, hspace:1024}}
sstateen0){reg: [
{bits: 1, name: 'C'},
{bits: 1, name: 'FCSR'},
{bits: 1, name: 'JVT'},
{bits: 1, name: 'TID'},
{bits: 28, name: 'WPRI'}
], config:{bits: 32, lanes: 2, hspace:1024}}
This section describes how this specification enables support for compartmentalization for CHERI systems. Compartmentalization seeks to separate the privileges between different protection units, e.g., two or more libraries. Code can be separated by sentries, which allow for giving out code capabilities to untrusted code where the untrusted code can only call the code capability, but not modify it. Sentries can be called from different threads and thus there needs to be a way of identifying the current thread. While identifying the current thread can be done by privileged code, e.g., the kernel, the implied performance overhead of this is not bearable for CHERI systems with many compartments.
The RISC-V ABI includes a thread pointer (tp) register, which is not usable for the purpose of reliably identifying the current thread because the tp register is a general purpose register and can be changed arbitrarily by untrusted code. Therefore, this specification offers three additional CSRs that facilitate a trusted source for the thread ID. All registers are readable from their respective privilege levels and writeable with [asr_perm].