search

hex-five / multizone-sdk

MultiZone® Security TEE is the quick and safe way to add security and separation to any RISC-V processors. The RISC-V standard ISA doesn't define TrustZone-like primitives to provide hardware separation. To shield critical functionality from untrusted third-party components, MultiZone provides hardware-enforced, software-defined separation of multi
https://hex-five.com/multizone-security-tee-riscv/
Other
79 stars 24 forks source link

FreeRTOS fault handler doesn't know about compressed instructions #19

Closed borancar closed 5 years ago

borancar commented 5 years ago

Reported on: https://github.com/hex-five/multizone-sdk/commit/7edf433546d940b895c8d3aca0750fc86402c853

The handle_syncexception function always increments the mepc by 4, this will skip over a compressed instruction which is 2 bytes long and can cause unintended consequences:

https://github.com/hex-five/multizone-sdk/blob/7edf433546d940b895c8d3aca0750fc86402c853/zone1/main.c#L245

https://github.com/hex-five/multizone-sdk/blob/7edf433546d940b895c8d3aca0750fc86402c853/zone1/cli.c#L77

Observed so far is when a Load address misaligned fault triggers (https://github.com/hex-five/multizone-sdk/issues/18):

Z1 > stats
1152873 cycles in 17737 us 
 148681 cycles in  2287 us 
1053322 cycles in 16205 us 
1050395 cycles in 16160 us 
1090923 cycles in 16783 us 
 630100 cycles in  9694 us 
1161786 cycles in 17874 us 
 538041 cycles in  8277 us 
 625049 cycles in  9616 us 
Load address misaligned : 0x00000004 0x204102ca 0x2041490c 
Load address misaligned : 0x00000004 0x204102c6 0x20414910 
Illegal instruction : 0x00000002 0x0000fcf4 0x20414914
cgarlati commented 5 years ago

Please move to hex-five/multizone-secure-iot-stack