Machine: add CSR privilege checks in ControlState::read/write

Add a caller-privilege parameter to ControlState::read/write and implement csr_min_privilege_from_addr() that extracts the CSR access field (csr[11:8]) to determine minimum privilege.

Author: nemecad

src/machine/core.cpp

@@ -367,7 +367,7 @@ DecodeState Core::decode(const FetchInterstage &dt) {
 
     CSR::Address csr_address = (flags & IMF_CSR) ? dt.inst.csr_address() : CSR::Address(0);
     RegisterValue csr_read_val
-        = ((control_state != nullptr && (flags & IMF_CSR))) ? control_state->read(csr_address) : 0;
+        = ((control_state != nullptr && (flags & IMF_CSR))) ? control_state->read(csr_address, state.current_privilege()) : 0;
     bool csr_write = (flags & IMF_CSR) && (!(flags & IMF_CSR_TO_ALU) || (num_rs != 0));
 
     if ((flags & IMF_EXCEPTION) && (excause == EXCAUSE_NONE)) {
@@ -559,7 +559,7 @@ MemoryState Core::memory(const ExecuteInterstage &dt) {
     if (control_state != nullptr && dt.is_valid && dt.excause == EXCAUSE_NONE) {
         control_state->increment_internal(CSR::Id::MINSTRET, 1);
         if (dt.csr_write) {
-            control_state->write(dt.csr_address, dt.alu_val);
+            control_state->write(dt.csr_address, dt.alu_val, state.current_privilege());
             csr_written = true;
         }
         if (dt.xret) {

src/machine/csr/controlstate.cpp

@@ -11,6 +11,18 @@ LOG_CATEGORY("machine.csr.control_state");
 
 namespace machine { namespace CSR {
 
+    static CSR::PrivilegeLevel csr_min_privilege_from_addr(const Address &addr) {
+        uint32_t csr = addr.data & 0xfffu; // csr[11:0]
+        uint32_t min_bits = (csr >> 8) & 0x3; // csr[9:8] per spec
+        switch (min_bits) {
+            case 0u: return PrivilegeLevel::UNPRIVILEGED;
+            case 1u: return PrivilegeLevel::SUPERVISOR;
+            case 2u: return PrivilegeLevel::HYPERVISOR;
+            case 3u: return PrivilegeLevel::MACHINE;
+            default: return PrivilegeLevel::MACHINE;
+        }
+    }
+
     ControlState::ControlState(Xlen xlen, ConfigIsaWord isa_word) : xlen(xlen) {
         reset();
         uint64_t misa = read_internal(CSR::Id::MISA).as_u64();
@@ -55,19 +67,29 @@ namespace machine { namespace CSR {
         }
     }
 
-    RegisterValue ControlState::read(Address address) const {
+    RegisterValue ControlState::read(Address address, PrivilegeLevel current_privilege) const {
         // Only machine level privilege is supported so no checking is needed.
         size_t reg_id = get_register_internal_id(address);
+        if (PrivilegeLevel min_priv = csr_min_privilege_from_addr(address); current_privilege < min_priv) {
+            throw SIMULATOR_EXCEPTION(
+                UnsupportedInstruction,
+                QString("CSR %1 inaccessible at current privilege level").arg(address.data), "");
+        }
         RegisterValue value = register_data[reg_id];
         DEBUG("Read CSR[%u] == 0x%" PRIx64, address.data, value.as_u64());
         emit read_signal(reg_id, value);
         return value;
     }
 
-    void ControlState::write(Address address, RegisterValue value) {
+    void ControlState::write(Address address, RegisterValue value, PrivilegeLevel current_privilege) {
         DEBUG(
             "Write CSR[%u/%zu] <== 0x%zu", address.data, get_register_internal_id(address),
             value.as_u64());
+        if (PrivilegeLevel min_priv = csr_min_privilege_from_addr(address); current_privilege < min_priv) {
+            throw SIMULATOR_EXCEPTION(
+                UnsupportedInstruction,
+                QString("CSR %1 inaccessible at current privilege level").arg(address.data), "");
+        }
         // Attempts to write a read-only register also raise illegal instruction exceptions.
         if (!address.is_writable()) {
             throw SIMULATOR_EXCEPTION(

src/machine/csr/controlstate.h

@@ -99,7 +99,7 @@ namespace machine { namespace CSR {
         ControlState(const ControlState &);
 
         /** Read CSR register with ISA specified address. */
-        [[nodiscard]] RegisterValue read(Address address) const;
+        [[nodiscard]] RegisterValue read(Address address, PrivilegeLevel current_privilege) const;
 
         /**
          * Read CSR register with an internal id.
@@ -110,7 +110,7 @@ namespace machine { namespace CSR {
         [[nodiscard]] RegisterValue read_internal(size_t internal_id) const;
 
         /** Write value to CSR register by ISA specified address and receive the previous value. */
-        void write(Address address, RegisterValue value);
+        void write(Address address, RegisterValue value, PrivilegeLevel current_privilege);
 
         /** Used for writes occurring as a side-effect (instruction count update...) and
          * internally by the write method. */