You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
A MULH instruction that is aborted by an unsolicited memory error response leaks information about its input values to a subsequent MUL instruction. The subsequent MUL instruction stores a value dependent on MULH's operands into its result register, thus produces a wrong result and leaking information.
I believe that the reason is that the multiplication's module's internal state machine is not reset in case of an abort.
Expected Behavior
Ibex should not leak data in case of external interface errors.
Observed Behavior
A MULH instruction that is aborted by an unsolicited memory error response leaks information about its input values to a subsequent MUL instruction. The subsequent MUL instruction stores a value dependent on MULH's operands into its result register, thus produces a wrong result and leaking information.
I believe that the reason is that the multiplication's module's internal state machine is not reset in case of an abort.
Expected Behavior
Ibex should not leak data in case of external interface errors.
Steps to reproduce the issue
The testbench in https://github.com/KatCe/ibex/tree/bug_mulh_reg_leakage/dv/bug_mulh_reg_leakage demonstrates the problem.
This testbench uses the default configuration. We have also observed the bug in secure configuration with the parameters commented in the testbench.
My Environment
EDA tool and version:
Questa Sim-64, Version 2022.3_1 linux_x86_64 Aug 12 2022
Operating system:
Ubuntu 20.04.6 LTS
Version of the Ibex source code:
5a8a1a9
The exact list of files run by the test bench can be found in https://github.com/KatCe/ibex/blob/bug_mulh_reg_leakage/dv/bug_mulh_reg_leakage/flist.f
The text was updated successfully, but these errors were encountered: