Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

The EPCR register is accessible from user mode #140

Open
Rahul-Kande opened this issue Sep 3, 2021 · 3 comments
Open

The EPCR register is accessible from user mode #140

Rahul-Kande opened this issue Sep 3, 2021 · 3 comments

Comments

@Rahul-Kande
Copy link

The OpenRISC specification requires that the EPCR register be accessible only from supervisor mode.
Bug location: rtl/verilog/mor1kx_ctrl_cappuccino.v

Triggering input:
#include <stdio.h>
int main() {
// enter user mode :
asm volatile ( "l.ori r17,r0,0x0000 ");
asm volatile ( "l.mtspr r0,r17,0x3806");

asm volatile ( "l.mfspr r17,r0,0x11 ");
asm volatile ( "l.andi r17,r17,-2 ");
asm volatile ( "l.mtspr r0,r17,0x11 ");
// padding the seed code
asm volatile( "l.nop 0x0 ");
asm volatile( "l.nop 0x0 ");
asm volatile( "l.nop 0x0 ");
asm volatile( "l.nop 0x0 ");
asm volatile ("l.addi r1,r0,1");
asm volatile ("l.mfspr r2,r0,32");
asm volatile ("l.mtspr r0, r1, 32");
return 0;
}

The or1ksim fails to execute the mfspr while the mor1kx implementation can successfully write into EPCR using the mtspr instruction.

Please check this bug.

@stffrdhrn
Copy link
Member

stffrdhrn commented Sep 9, 2021

Hello, thanks for your bug report and your mail.
Mail:
https://lists.librecores.org/pipermail/openrisc/2021-September/003306.html

I think we will find a lot of registers that are missing protection in user mode. It maybe good to list them all in one place. Looking at the code I also see:

@stffrdhrn
Copy link
Member

I think that wile fixing these we should add a test to our or1k-tests that verifies the correctness.

@abergmann
Copy link

CVE-2021-41614 was assigned to this issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants