Security vulnerability: Ibex leaks data when multiplication is aborted

[KatCe]

Observed Behavior

A MULH instruction that is aborted by an unsolicited memory error response leaks information about its input values to a subsequent MUL instruction. The subsequent MUL instruction stores a value dependent on MULH's operands into its result register, thus produces a wrong result and leaking information.

I believe that the reason is that the multiplication's module's internal state machine is not reset in case of an abort.

Expected Behavior

Ibex should not leak data in case of external interface errors.

Steps to reproduce the issue

The testbench in https://github.com/KatCe/ibex/tree/bug_mulh_reg_leakage/dv/bug_mulh_reg_leakage demonstrates the problem.
This testbench uses the default configuration. We have also observed the bug in secure configuration with the parameters commented in the testbench.

My Environment

EDA tool and version:

Questa Sim-64, Version 2022.3_1 linux_x86_64 Aug 12 2022

Operating system:

Ubuntu 20.04.6 LTS
Version of the Ibex source code:

5a8a1a9
The exact list of files run by the test bench can be found in https://github.com/KatCe/ibex/blob/bug_mulh_reg_leakage/dv/bug_mulh_reg_leakage/flist.f

[GregAC]

Thank you for the report @KatCe. We are looking at this internally and will report back once we've examined the issue in detail.