3.8.3 Summary
Software should take the following actions to prevent speculative accesses to sensitive data areas, if
the sensitive data areas are not
in
guarded storage:
โข Protect against accesses to "random" values in the LR or CTR on
blr
or
betr
branches following rfi,
rfei,
or
se instructions by putting appropriate instructions before
or
after the rfi, rfei,
or
se
instruction. See "Fetching Past an Interrupt-Causing
or
Interrupt-Returning Instruction" on
page 3-39.
โข Protect against "running past" the end of memory into a bordering liD device by putting an
unconditional branch at the end of the memory area.
See "Fetching Past an Unconditional Branch"
on page
3-40.
โข
Recognize that a maximum of five words (20 bytes) can be prefetched past an unresolved
conditional branch, either down the target path or the sequential path.
See "Prefetch Distance
Down an Unresolved Branch
Path" on page 3-38.
Of course, software should not code branches with known unsafe targets (either relative to the
instruction counter, or to addresses contained
in
the LR
or
CTR), on the assumption that the targets
are
"protected" by code guaranteeing that the unsafe direction is not taken. The fetcher assumes that
if a branch is predicted to be taken, it is safe to fetch down the target path.
3.9 Privileged Mode Operation
In the PowerPC Architecture, several terms describe two operating modes that have different
instruction execution privileges. When a processor
is
in
"privileged mode," it can execute all
instructions
in
the instruction set. This mode is also called the "supervisor state:' The other mode,
in
which certain instructions cannot be executed, is called the "user mode:'
or
"problem state." These
terms are used
in
pairs:
Privileged Non-privileged
Privileged Mode User Mode
Supervisor State
Problem State
The architecture uses MSR[PR] to control the execution mode. When MSR[PR] =
1,
the processor is
in user mode
(problem state); when MSR[PR] =
0,
the processor is
in
privileged mode (supervisor
state).
After a reset,
MSR[PR] =
o.
3.9.1 MSR
Bits
and Exception Handling
The current value of MSR[PR] is saved, along with all other MSR bits,
in
the
SRR1
(for non-critical
interrupts)
or
SRR3 (for critical interrupts) upon any interrupt, and MSR[PR] is set to
O.
Therefore, all
exception handlers operate
in
privileged mode.
Attempting to execute a privileged instruction
while
in
user mode causes a privileged violation
program exception (see
"Program Interrupt" on page 10-40). The PPC405GP does not execute the
instruction, and the least-significant 16 bits of the program counter are
loaded with Ox0700, the
address of an exception processing routine.
Preliminary Programming Model
3-41
To Next Page
Loading...
Need help?
General
