ibex icon indicating copy to clipboard operation
ibex copied to clipboard
verified publisher icon lowRISC

RFC: make misa.C writeable

Open wallento opened this issue 4 years ago • 0 comments

Hi,

in a discussion around ROP gadgets I was pointed to a potential gadget issue with compressed instructions in upper halfwords of legal 32-bit instructions. An ROP attack could use such a gadget in a (in my opinion) rather sophisticated exploit chain, but well thats how they come sometimes ;) The mitigation is already in the spec: fields of misa can be writeable to turn off extensions. Making misa.C writable will to deactivate that support for software that doesn't use it and should be hardened against such a ROP attack. IALIGN will change implicitly and there are two stages in the pipeline where it could be handled: raising an alignment error at fetch, or during decoding as illegal instruction. The former is IMO the right place to raise the exception. Do people agree that should be part of ibex? Would be happy to work on it and open the PR then. While we are at it, also add other fields to the list (B?)?

Best, Stefan

wallento avatar May 05 '21 15:05 wallento