search

openhwgroup / cva6

The CORE-V CVA6 is an Application class 6-stage RISC-V CPU capable of booting Linux
https://docs.openhwgroup.org/projects/cva6-user-manual/
Other
2.29k stars 691 forks source link

[BUG] Jump to Misaligned Address Fails to Trigger Exception #2505

Open riscv914 opened 1 month ago

riscv914 commented 1 month ago

Is there an existing CVA6 bug for this?

Bug Description

In RISC-V, jumps to misaligned instruction addresses should trigger a misaligned fetch exception. However, in the latest CVA6 core, attempting to jump to a misaligned address dose not throw an exception. For example 0x80000005, which should trigger a misaligned fetch exception. Instead, the core executes the instruction without generating the expected exception. This vulnerability allows code to execute from misaligned addresses without raising an exception, leading to potential instability or undefined behavior.

To reproduce, execute following instruction:

int main(void){
     void (*misaligned_jump)() = (void (*)()) 0x80000005;  // Misaligned jump address
    asm volatile ("jalr %0, 0(%1)" : "=r" (rd_value) : "r" (misaligned_jump)); 
}
- Spike version: `1.1.1-dev`
- version: `CVA6 commit: f974e105bf88cf81c32f55789b0baab4fe4d16c9`
- OS: `CentOS Linux release 7.9.2009 kernel: 5.15.0-78-generic`
- Simulator: `VCS_2023`
JeanRochCoulon commented 1 month ago

Thanks @riscv914 for this discovery. @AyoubJalali @ASintzoff Have you already tested it, or maybe it was planned? In any case, do you confirm the issue ?