Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

EL permission rules clarification #432

Closed
tomaird opened this issue Oct 22, 2024 · 2 comments · Fixed by #436
Closed

EL permission rules clarification #432

tomaird opened this issue Oct 22, 2024 · 2 comments · Fixed by #436

Comments

@tomaird
Copy link
Contributor

tomaird commented Oct 22, 2024
edited
Loading

The summary table describes that CL and EL are only cleared if CL=0 on the auth cap (amongst other conditions):

image

But all the descriptions of EL don't mention that CL must be zero on the auth cap, but do mention all the other conditions. e.g. in LC:

image

I'm assuming the table is correct and auth_cap.CL=0 is required to clear CL and EL in the data cap, but it's a bit confusing to leave this out of these text descriptions.

Note, this is not a problem for the SL-perm rules which describe the conditions in full.
@jamie-melling
Copy link

To me, it seems like changing the CL is more like a demotion than removing a permission. If your auth cap is Global, then you can load Local or Global capabilities, but if your capability is Local, then can only load Local capabilities using it - hence setting CL=0 when auth_cap.CL ==0.
"restricting capability level to the level of the authorizing capability" is more future proof wording if the capability levels were ever increased.

@tariqkurd-repo tariqkurd-repo mentioned this issue Oct 29, 2024
Merged
@arichardson
Copy link
Collaborator

It looks like this is incorrect, EL should always be cleared if the authorizing cap does not have EL.

tariqkurd-repo added a commit that referenced this issue Oct 29, 2024
@tariqkurd-repo @arichardson
local/global clarification (#436)
f509f2b 
Fix #432

---------

Signed-off-by: Tariq Kurd <[email protected]>
Co-authored-by: Alexander Richardson <[email protected]>
arichardson added a commit that referenced this issue Oct 30, 2024
@arichardson
Correct Zcherilevels EL clearing table
d42894f 
When the authorizing EL is zero, we also clear EL on the loaded cap
(if it is tagged).

Fixes: #432
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

local/global clarification tariqkurd-repo/riscv-cheri
3 participants
@arichardson @tomaird @jamie-melling