-
Notifications
You must be signed in to change notification settings - Fork 641
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[BUG] Allowing illegal access to addresses outside the PMP range and memory boundaries. #2055
Comments
Hi, thanks for the report. I am a bit confused about the issue. As far as I remember, PMP ranges are tested in the CI using the PMP test/benchmark in riscv-tests. This tests both accesses that should fail and accesses that should pass. It also checks both NAPOT and TOR configurations. I do not fully understand the new CI, but it seems that CVA6 is still passing this test (or benchmark). It is a bit confusing that your test case fails, but the thousands of tests within the PMP test/benchmark all pass. From my own experience, PMP test setups can be quite complex, e.g., they often include setting up physical to virtual page mappings. Could you post your entire test case? Or explain what the rest of your setup looks like? That would make debugging this way easier. Some initial sanity checks: Are you sure your access should be blocked? I.e., did you test your failing test case on a simulator like Spike? |
Hi @Moschn , Thank you for your prompt response. Spike throw a trap_load_access_fault exception. Correction: The above situation occurred in M mode(The CVA6 can access an insanely large address in M-mode. ). EDIT: Regardless of whether virtual address translation is enabled or not. You can run the following assembly code:
|
Thanks for the test case. As far as I can see, your test executes the load in M-mode. PMP checks are usually not enforced in M-mode. M-mode accesses are only checked against PMP entries with the lock bit set. Priv spec (3.7 Physical Memory Protection):
|
Thank you for your reply. I agree that it is optional whether M-mode is restricted by PMP, but what I mean is that in M-mode, cva6 can access a non-existent physical address (a very large address that exceeds the memory space) without causing any page access exceptions. Thank you. |
Ah now I get it. Sorry for my confusion. I am no expert in the RISC-V ISA nor in CVA6, but as far as I know, accesses outside of the memory map are supposed to throw access fault exceptions without checking the PMPs. So if this is a bug, it is probably unrelated to PMPs. I vaguely remember that CVA6 used to just read a static value for accesses outside of addressable memory. It might have changed since then though. And I am not sure if this complies with the standard. |
No worries, it's possible that my description was limited by the use of two restrictive terms, 'PMP' and 'memory boundaries,' which might have made the latter easily overlooked. You are correct; if cva6 in M-mode is not restricted by PMPs, it should still adhere to the memory boundaries. Note: I have observed a similar issue on other processor and it has been confirmed. Thank you very much for your reply and insights! |
Is there an existing CVA6 bug for this?
Bug Description
EDIT: The CVA6 can access an address beyond the PMP boundaries and memory limits without triggering an exception, whereas Spike does throw a trap_load_access_fault exception. Regardless of whether virtual address translation is enabled or not.
The log is as follows:
The text was updated successfully, but these errors were encountered: