APLIC register decode doesn't protect against accesses to invalid addresses

[rrozeTT]

The file aplic_regmap.sv includes logic to decode incoming register transactions. The following block does a check of the incoming register transaction's address ...

    for (int i = 0; i < AplicCfg.NrDomains; i++) begin
        if ((i_req.addr >= AplicCfg.DomainsCfg[i].Addr) && 
            (i_req.addr < (AplicCfg.DomainsCfg[i].Addr + 'h4000 + ('h20 * AplicCfg.NrHarts)))) begin

            target_domain = AplicCfg.DomainsCfg[i].id[AplicCfg.NrDomainsW-1:0];
            register_address = i_req.addr - AplicCfg.DomainsCfg[i].Addr;  
            break;
        end
    end

... but there is no handling for the case where an incoming transaction does not fall into any of the valid address ranges. In this scenario, the variables target_domain and register_address will retain their default values of zero.

Later in the same file we process the incoming transaction, using the values for target_domain and register_address that were determined above:

  if (i_req.valid) begin
    if (i_req.write) begin
      unique case(register_address) inside
        'h0: begin
          o_domaincfg[target_domain].dm = AplicCfg.DeliveryMode;

The result here is that incoming register accesses that do not match any of the valid address ranges will still occur, accessing the register at address zero (domaincfg) of the first interrupt domain. This is not good: accessing an invalid address should ideally return zero on reads, and should definitely have no effect on writes.

[D3boker1]

Hi @rrozeTT ,

I'm sorry for not getting back to you sooner.

Thanks for your comment! We will look into that in the following days, and keep you posted!