search

hex-five / multizone-sdk

MultiZone® Security TEE is the quick and safe way to add security and separation to any RISC-V processors. The RISC-V standard ISA doesn't define TrustZone-like primitives to provide hardware separation. To shield critical functionality from untrusted third-party components, MultiZone provides hardware-enforced, software-defined separation of multi
https://hex-five.com/multizone-security-tee-riscv/
Other
79 stars 24 forks source link

Running stats in zone1 and trying other things in zone4 leads to a fault in zone1 #18

Closed borancar closed 5 years ago

borancar commented 5 years ago

Reported on: https://github.com/hex-five/multizone-sdk/commit/7edf433546d940b895c8d3aca0750fc86402c853

Steps to reproduce

  1. Connect via telnet and run stats in zone1 
    
% telnet 192.168.1.2
Trying 192.168.1.2...
Connected to 192.168.1.2.
Escape character is '^]'.

FreeRTOS CLI

Z1 > stats 1152873 cycles in 17737 us 148681 cycles in 2287 us 1053322 cycles in 16205 us 1050395 cycles in 16160 us 1090923 cycles in 16783 us 630100 cycles in 9694 us 1161786 cycles in 17874 us 538041 cycles in 8277 us 625049 cycles in 9616 us Load address misaligned : 0x00000004 0x204102ca 0x2041490c Load address misaligned : 0x00000004 0x204102c6 0x20414910 Illegal instruction : 0x00000002 0x0000fcf4 0x20414914

Press any key to restart


2. Connect via UART to zone4 and exchange running `stats` and `pmp` commands while `stats` in zone1 is still running (need to possibly repeat many times to trigger, here I did each at least 4-5 times):

... Z4 > pmp 0x20440000 0x2044ffff r-x 0x8000a000 0x8000afff rw- 0x10013000 0x100130ff rw- 0x10012000 0x100120ff rw-

Z4 > stats 83425 cycles in 1283 us 692631 cycles in 10656 us 701294 cycles in 10789 us 706411 cycles in 10868 us 93280 cycles in 1435 us 703660 cycles in 10825 us 706237 cycles in 10865 us 705069 cycles in 10847 us 133379 cycles in 2052 us 700962 cycles in 10784 us 688880 cycles in 10598 us

cycles min/med/max = 83425/700962/706411 time min/med/max = 1283/10784/10868 us

ctx sw instr min/med/max = 123/123/123 ctx sw cycles min/med/max = 236/236/236 ctx sw time min/med/max = 3/3/3 us

Z4 > pmp 0x20440000 0x2044ffff r-x 0x8000a000 0x8000afff rw- 0x10013000 0x100130ff rw- 0x10012000 0x100120ff rw-

Z4 >

borancar commented 5 years ago

The command that "faulted" was:

>>> x/i 0x2041490c
   0x2041490c <xTaskIncrementTick+242>: lw  a6,12(a5)
borancar commented 5 years ago

Was a result of stack/heap corruption, fixed by increasing sizes in https://github.com/hex-five/multizone-sdk/commit/ab74646a192b0377f553992b8b8b61175dec9767.