From 6004d1963c9623620b4c4704811602c42ad4ca6a Mon Sep 17 00:00:00 2001 From: Skylake Date: Thu, 12 Sep 2024 16:00:23 +0800 Subject: [PATCH] [bug-fix] prevent access to dasics registers in untrusted zone --- src/main/scala/xiangshan/backend/fu/CSR.scala | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/src/main/scala/xiangshan/backend/fu/CSR.scala b/src/main/scala/xiangshan/backend/fu/CSR.scala index 24db9e4e5..d16b9fb07 100644 --- a/src/main/scala/xiangshan/backend/fu/CSR.scala +++ b/src/main/scala/xiangshan/backend/fu/CSR.scala @@ -775,6 +775,11 @@ class CSR(implicit p: Parameters) extends FunctionUnit with HasCSRConst with PMP (addr >= DasicsJmpBoundBase.U) && (addr <= DasicsJmpCfgBase.U) || addr === DasicsLibCfgBase.U + val addrInUExt = (addr >= Ustatus.U) && (addr <= Uip.U) + val addrIsMPK = (addr === Spkctl.U) || (addr === Spkrs.U) || (addr === Upkru.U) + + val addrInProtection = addrInDasics || addrInUExt || addrIsMPK + // satp wen check val satpLegalMode = (wdata.asTypeOf(new SatpStruct).mode===0.U) || (wdata.asTypeOf(new SatpStruct).mode===8.U) @@ -789,7 +794,7 @@ class CSR(implicit p: Parameters) extends FunctionUnit with HasCSRConst with PMP val triggerPermitted = triggerPermissionCheck(addr, true.B, debugMode) // todo dmode val modePermitted = csrAccessPermissionCheck(addr, false.B, priviledgeMode) && dcsrPermitted && triggerPermitted val perfcntPermitted = perfcntPermissionCheck(addr, priviledgeMode, mcounteren, scounteren) - val dasicsPermitted = !(CSROpType.needAccess(func) && addrInDasics && isUntrusted) + val dasicsPermitted = !(CSROpType.needAccess(func) && addrInProtection && isUntrusted) val permitted = Mux(addrInPerfCnt, perfcntPermitted, modePermitted) && accessPermitted && dasicsPermitted MaskedRegMap.generate(mapping, addr, rdata, wen && permitted, wdata)