From f509f2b53276ec2a7ca331cab6c25e20218e2879 Mon Sep 17 00:00:00 2001
From: Tariq Kurd <tariq.kurd@codasip.com>
Date: Tue, 29 Oct 2024 20:16:40 +0100
Subject: [PATCH] local/global clarification (#436)

Fix https://github.com/riscv/riscv-cheri/issues/432

---------

Signed-off-by: Tariq Kurd <tariqandlaura@gmail.com>
Co-authored-by: Alexander Richardson <mail@alexrichardson.me>
---
 src/insns/atomic_exceptions.adoc | 2 +-
 src/insns/load_tag_perms.adoc    | 2 +-
 src/insns/store_tag_perms.adoc   | 2 +-
 src/level-ext.adoc               | 4 +++-
 4 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/src/insns/atomic_exceptions.adoc b/src/insns/atomic_exceptions.adoc
index 14549718..0e1f8031 100644
--- a/src/insns/atomic_exceptions.adoc
+++ b/src/insns/atomic_exceptions.adoc
@@ -8,7 +8,7 @@ If <<c_perm>> is not granted then store the memory tag as zero, and load `cd.tag
 +
 If the authorizing capability does not grant <<lm_perm>>, and the tag of `cd` is 1 and `cd` is not sealed, then an implicit <<ACPERM>> clearing <<w_perm>> and <<lm_perm>> is performed to obtain the intermediate permissions on `cd` (see <<LC>>).
 +
-If the authorizing capability does not grant <<el_perm>>, and the tag of `cd` is 1, then an implicit <<ACPERM>> clearing <<el_perm>> and restricting <<section_cap_level>> to the level of the authorizing capability is performed to obtain the final permissions on `cd` (see <<LC>>).
+If the authorizing capability does not grant <<el_perm>>, and the tag of `cd` is 1, then an implicit <<ACPERM>> clearing <<el_perm>> and restricting the <<section_cap_level>> to the level of the authorizing capability is performed to obtain the final permissions on `cd` (see <<LC>>).
 +
 The stored tag is also set to zero if the authorizing capability does not have <<sl_perm>> set but the stored data has a <<section_cap_level>> of 0 (see <<SC>>).
 endif::[]
diff --git a/src/insns/load_tag_perms.adoc b/src/insns/load_tag_perms.adoc
index 3ab397c2..db1323f0 100644
--- a/src/insns/load_tag_perms.adoc
+++ b/src/insns/load_tag_perms.adoc
@@ -4,7 +4,7 @@ The tag value written to `cd` is 0 if the tag of the memory location loaded is
 +
 If the authorizing capability does not grant <<lm_perm>>, and the tag of `cd` is 1 and `cd` is not sealed, then an implicit <<ACPERM>> clearing <<w_perm>> and <<lm_perm>> is performed to obtain the intermediate permissions on `cd`.
 +
-If the authorizing capability does not grant <<el_perm>>, and the tag of `cd` is 1, then an implicit <<ACPERM>> clearing <<el_perm>> and restricting <<section_cap_level>> to the level of the authorizing capability is performed to obtain the final permissions on `cd`.
+If the authorizing capability does not grant <<el_perm>>, and the tag of `cd` is 1, then an implicit <<ACPERM>> clearing <<el_perm>> and restricting the <<section_cap_level>> to the level of the authorizing capability is performed to obtain the final permissions on `cd`.
 
 NOTE: Missing <<lm_perm>> does not affect untagged values since this could result in surprising bit patterns when copying non-capability data.
 Similarly, sealed capabilities are not modified as they are not directly dereferenceable.
diff --git a/src/insns/store_tag_perms.adoc b/src/insns/store_tag_perms.adoc
index acd0683c..c53b0783 100644
--- a/src/insns/store_tag_perms.adoc
+++ b/src/insns/store_tag_perms.adoc
@@ -2,4 +2,4 @@ Tag of the written capability value::
 
 The capability written to memory has the tag set to 0 if the tag of `cs2` is 0 or if the authorizing capability (<<ddc>> or `cs1`) does not grant <<c_perm>>.
 +
-The stored tag is also set to zero if the authorizing capability does not have <<sl_perm>> set but the stored data has a <<section_cap_level>> of 0.
+The stored tag is also set to zero if the authorizing capability does not have <<sl_perm>> set but the stored data has a <<section_cap_level>> of 0 (_local_).
diff --git a/src/level-ext.adoc b/src/level-ext.adoc
index f100ca96..16351805 100644
--- a/src/level-ext.adoc
+++ b/src/level-ext.adoc
@@ -24,7 +24,7 @@ NOTE: The <<cap_encoding_xlen64,`MXLEN=64` capability encoding>> diagram shows t
 NOTE: {cheri_levels_ext_name} requires that LVLBITS&#8805;1 although LVLBITS>1 is considered an experimental enhancement of this extension.
 See <<section_ext_cheri_multiple_levels>> for the mechanics when LVLBITS>1.
 
-[#section_cap_level,reftext="capability level"]
+[#section_cap_level,reftext="Capability Level (CL)"]
 ==== Capability Level (CL)
 
 The Capability Level (CL) is a new field added to the capability encoding, as shown in xref:section_cap_encoding[xrefstyle=short].
@@ -108,6 +108,8 @@ This avoids the need for a dedicated instruction and allows reducing the level a
 [#section_cap_level_summary]
 === Capability level summary table
 
+NOTE: A capability with <<section_cap_level,CL>>=1 is _global_ and with <<section_cap_level,CL>>=0 is _local_.
+
 .{cheri_levels_ext_name} `LVLBITS=1` summary table for stored capabilities
 [#cap_level_store_summary,width="100%",options=header,halign=center,cols="1,1,1,1,5"]
 |==============================================================================