Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

[BUG] Jump to Misaligned Address Fails to Trigger Exception #2505

Open
1 task done
riscv914 opened this issue Sep 22, 2024 · 1 comment
Open
1 task done

[BUG] Jump to Misaligned Address Fails to Trigger Exception #2505

riscv914 opened this issue Sep 22, 2024 · 1 comment
Assignees
Labels
Type:Bug For bugs in the RTL, Documentation, Verification environment or Tool and Build system

Comments

@riscv914
Copy link

Is there an existing CVA6 bug for this?

  • I have searched the existing bug issues

Bug Description

In RISC-V, jumps to misaligned instruction addresses should trigger a misaligned fetch exception. However, in the latest CVA6 core, attempting to jump to a misaligned address dose not throw an exception. For example 0x80000005, which should trigger a misaligned fetch exception. Instead, the core executes the instruction without generating the expected exception. This vulnerability allows code to execute from misaligned addresses without raising an exception, leading to potential instability or undefined behavior.

To reproduce, execute following instruction:

int main(void){
     void (*misaligned_jump)() = (void (*)()) 0x80000005;  // Misaligned jump address
    asm volatile ("jalr %0, 0(%1)" : "=r" (rd_value) : "r" (misaligned_jump)); 
}
- Spike version: `1.1.1-dev`
- version: `CVA6 commit: f974e105bf88cf81c32f55789b0baab4fe4d16c9`
- OS: `CentOS Linux release 7.9.2009 kernel: 5.15.0-78-generic`
- Simulator: `VCS_2023`
@riscv914 riscv914 added the Type:Bug For bugs in the RTL, Documentation, Verification environment or Tool and Build system label Sep 22, 2024
@JeanRochCoulon
Copy link
Contributor

Thanks @riscv914 for this discovery.
@AyoubJalali @ASintzoff Have you already tested it, or maybe it was planned? In any case, do you confirm the issue ?

# for free to join this conversation on GitHub. Already have an account? # to comment
Labels
Type:Bug For bugs in the RTL, Documentation, Verification environment or Tool and Build system
Projects
None yet
Development

No branches or pull requests

3 participants