Weaken backwards sentry pesudo-locality

[nwf]

This is one approach to fixing
#79

[davidchisnall]

I think this looks right. A few possible hardware choices:

Register writeback forwards a two-bit value to the load-store unit every cycle. The first bit is whether the write is to CSP, the second bit is whether the value has SL permission. The LSU then uses that value. As long as register writeback happens before the second cycle of the store, this is fine (we can clear the tag in the second cycle by writing 33 bits with tag and 33 without on Ibex). An extra cycle stall for non-CSP-based stores of return addresses to ensure that this is synchronised would be fine.

Alternatively, in 99% of cases, the source register may be CSP and so this check can do a second register fetch of CSP only for cases where it isn’t. This may interfere with the sequencing of writeback and fetch.

Finally, if hardware is particularly painful, we could consider a couple of weakening options at the architecture:

• Do this relaxation only for CSP-relative stores. This is an extra ABI restriction, which might cause problems for ucLinux in a compartment.
• Add an architectural hazard that storing a return address via a non-CSP register may spuriously fail if the CSP value’s SL permission is removed in the instruction immediately before the store.

The second could also be an Ibex-specific documented erratum. I think we’ll want to write the stack-pivot code once and use it everywhere, so ensuring a gap between them is fine.