CFP RCTX, Control Flow Prediction Restriction by Context

The CFP RCTX characteristics are:

Purpose

Control Flow Prediction Restriction by Context applies to all Control Flow Prediction Resources that predict execution based on information gathered within the target execution context or contexts.

When this instruction is complete and synchronized, control flow prediction does not permit later speculative execution within the target execution context to be observable through side channels.

This instruction is guaranteed to be complete following a DSB that covers both read and write behavior on the same PE as executed the original restriction instruction, and a subsequent context synchronization event is required to ensure that the effect of the completion of the instructions is synchronized to the current execution.

Note

This instruction does not require the invalidation of prediction structures so long as the behavior described for completion of this instruction is met by the implementation.

On some implementations the instruction is likely to take a significant number of cycles to execute. This instruction is expected to be used very rarely, such as on the roll-over of an ASID or VMID, but should not be used on every context switch.

Configuration

This instruction is present only when ARMv8.0-PredInv is implemented. Otherwise, direct accesses to CFP RCTX are UNDEFINED.

Attributes

CFP RCTX is a 64-bit System instruction.

Field descriptions

The CFP RCTX input value bit assignments are:

6362616059585756555453525150494847464544434241403938373635343332
RES0GVMIDVMID
RES0NSELRES0GASIDASID
313029282726252423222120191817161514131211109876543210

Bits [63:49]

Reserved, RES0.

GVMID, bit [48]

Execution of this instruction applies to all VMIDs or a specified VMID.

GVMIDMeaning
0b0

Applies to specified VMID for an EL0 or EL1 context. For all other contexts this field is RES0.

0b1

Applies to all VMIDs for an EL0 or EL1 context. For all other contexts this field is RES0.

If the instruction is executed at EL0 or EL1, then this field has an Effective value of 0.

VMID, bits [47:32]

Only applies when bit[48] is 0 and either:

Otherwise this field is RES0.

When the instruction is executed at EL1 then this field is treated as the current VMID.

When the instruction is executed at EL0 and (HCR_EL2.E2H==0 or HCR_EL2.TGE==0) then this field is treated as the current VMID.

When the instruction is executed at EL0 and (HCR_EL2.E2H==1 and HCR_EL2.TGE==1) then this field is ignored.

Bits [31:27]

Reserved, RES0.

NS, bit [26]

Security State

NSMeaning
0b0

Secure state

0b1

Non-secure state

If the instruction is executed in Non-secure state, this field has an Effective value of 1.

EL, bits [25:24]

Exception Level

ELMeaning
0b00

EL0.

0b01

EL1.

0b10

EL2.

0b11

EL3.

If the instruction is executed at an exception level lower than the specified level, this instruction is treated as a NOP.

Bits [23:17]

Reserved, RES0.

GASID, bit [16]

Execution of this instruction applies to all ASIDs or a specified ASID.

GASIDMeaning
0b0

Applies to specified ASID for an EL0 context. For all other contexts this field is RES0.

0b1

Applies to all ASID for an EL0 context. For all other contexts this field is RES0.

If the instruction is executed at EL0, then this field has an Effective value of 0.

ASID, bits [15:0]

Only applies for an EL0 context and when bit[16] is 0.

Otherwise this field is RES0.

When the instruction is executed at EL0 then this field is treated as the current ASID.

Executing the CFP RCTX instruction

Accesses to this instruction use the following encodings:

CFP RCTX, <Xt>

op0op1CRnCRmop2
0b010b0110b01110b00110b100

if PSTATE.EL == EL0 then if !ELUsingAArch32(EL1) && !(EL2Enabled() && HCR_EL2.<E2H,TGE> == '11') && SCTLR_EL1.EnRCTX == '0' then if EL2Enabled() && !ELUsingAArch32(EL2) && HCR_EL2.TGE == '1' then AArch64.SystemAccessTrap(EL2, 0x18); else AArch64.SystemAccessTrap(EL1, 0x18); elsif EL2Enabled() && !ELUsingAArch32(EL2) && HCR_EL2.<E2H,TGE> == '11' && SCTLR_EL2.EnRCTX == '0' then AArch64.SystemAccessTrap(EL2, 0x18); else CFP_RCTX(X[t]); elsif PSTATE.EL == EL1 then if EL2Enabled() && HCR_EL2.NV == '1' then AArch64.SystemAccessTrap(EL2, 0x18); else CFP_RCTX(X[t]); elsif PSTATE.EL == EL2 then CFP_RCTX(X[t]); elsif PSTATE.EL == EL3 then CFP_RCTX(X[t]);




27/03/2019 21:59; e5e4db499bf9867a4b93324c4dbac985d3da9376

Copyright © 2010-2019 Arm Limited or its affiliates. All rights reserved. This document is Non-Confidential.