Closed mndstrmr closed 3 weeks ago
That certainly sounds like a bug but will await confirmation from @kliuMsft . Good find!
Looks like it's an exception priority issue, so not a huge problem but definitely nice to fix to match with the Sail definition.
This is indeed an exception priority issue (bug causing MTVAL to be encoded as permission violation instead of seal violation). Commit cf1a0f7 should fix issue, please verify. Thanks!
Fix is correct, thanks.
The Sail has this large condition for CJALR:
These otype checks (e.g. isCapForwardSentry) compare the otype of a Sail Capability with some constants. Sail stores the otype of a Capability in its decompressed (4 bit) form.
In cheriot-ibex the same constants are used to do a comparison on the compressed (3 bit) form:
This leads to an issue where if the capability is not executable and sealed, none of the above should match (but will) since its otype is instead
{1'b1, rf_fullcap_a.otype}
, since the decompression scheme for otypes is the following:Changing cheriot-ibex to first decompress the otype fixes the issue. Since the capability is not executable we will fail the next check anyway, so there is no security issue (the CJALR will fail if it should and not if it shouldn't, it just may report different reasons - i.e. a different mtval).