Skip to content

Commit

Permalink
Add complete checks for invalid memory accesses
Browse files Browse the repository at this point in the history
Also fix two typos for memory ranges that fortunately
have no impact on functionality.
  • Loading branch information
jthornblad committed Dec 20, 2024
1 parent 66888a3 commit 32e8794
Show file tree
Hide file tree
Showing 4 changed files with 66 additions and 5 deletions.
63 changes: 62 additions & 1 deletion hw/application_fpga/core/tk1/rtl/tk1.v
Original file line number Diff line number Diff line change
Expand Up @@ -381,7 +381,8 @@ module tk1 #(
// Monitor events and state changes in the SoC, and handle
// security violations. We currently check for:
//
// Any access to RAM but outside of the size of the physical mem.
// Any memory access that is outside of the defined size of the
// defined memory areas.
//
// Trying to execute instructions in FW-RAM.
//
Expand All @@ -393,10 +394,70 @@ module tk1 #(
force_trap_set = 1'h0;

if (cpu_valid) begin
// Outside ROM area
if (cpu_addr[31 : 30] == 2'h0 & |cpu_addr[29 : 14]) begin
force_trap_set = 1'h1;
end

// Outside RAM area
if (cpu_addr[31 : 30] == 2'h1 & |cpu_addr[29 : 17]) begin
force_trap_set = 1'h1;
end

// In RESERVED area
if (cpu_addr[31 : 30] == 2'h2) begin
force_trap_set = 1'h1;
end

// MMIO
if (cpu_addr[31 : 30] == 2'h3) begin

// Outside TRNG
if (cpu_addr[29 : 24] == 6'h00 & |cpu_addr[23 : 10]) begin
force_trap_set = 1'h1;
end

// Outside TIMER
if (cpu_addr[29 : 24] == 6'h01 & |cpu_addr[23 : 10]) begin
force_trap_set = 1'h1;
end

// Outside UDS
if (cpu_addr[29 : 24] == 6'h02 & |cpu_addr[23 : 5]) begin
force_trap_set = 1'h1;
end

// Outside UART
if (cpu_addr[29 : 24] == 6'h03 & |cpu_addr[23 : 10]) begin
force_trap_set = 1'h1;
end

// Outside TOUCH_SENSE
if (cpu_addr[29 : 24] == 6'h04 & |cpu_addr[23 : 10]) begin
force_trap_set = 1'h1;
end

// In unused space
if ((cpu_addr[29 : 24] > 6'h04) && (cpu_addr[29 : 24] < 6'h10)) begin
force_trap_set = 1'h1;
end

// Outside FW_RAM
if (cpu_addr[29 : 24] == 6'h10 & |cpu_addr[23 : 11]) begin
force_trap_set = 1'h1;
end

// In unused space
if ((cpu_addr[29 : 24] > 6'h10) && (cpu_addr[29 : 24] < 6'h3f)) begin
force_trap_set = 1'h1;
end

// Outside TK1
if (cpu_addr[29 : 24] == 6'h3f & |cpu_addr[23 : 10]) begin
force_trap_set = 1'h1;
end
end

if (cpu_instr) begin
if ((cpu_addr >= FW_RAM_FIRST) && (cpu_addr <= FW_RAM_LAST)) begin
force_trap_set = 1'h1;
Expand Down
4 changes: 2 additions & 2 deletions hw/application_fpga/fw/tk1_mem.h
Original file line number Diff line number Diff line change
Expand Up @@ -82,8 +82,8 @@
#define TK1_MMIO_TIMER_TIMER 0xc100002c

#define TK1_MMIO_UDS_BASE 0xc2000000
#define TK1_MMIO_UDS_FIRST 0xc2000040
#define TK1_MMIO_UDS_LAST 0xc200005c
#define TK1_MMIO_UDS_FIRST 0xc2000000
#define TK1_MMIO_UDS_LAST 0xc200001c

#define TK1_MMIO_UART_BASE 0xc3000000
#define TK1_MMIO_UART_RX_STATUS 0xc3000080
Expand Down
2 changes: 1 addition & 1 deletion hw/application_fpga/rtl/application_fpga.v
Original file line number Diff line number Diff line change
Expand Up @@ -392,7 +392,7 @@ module application_fpga (

ram_cs = 1'h0;
ram_we = 4'h0;
ram_address = cpu_addr[17 : 2];
ram_address = cpu_addr[16 : 2];
ram_write_data = cpu_wdata;

fw_ram_cs = 1'h0;
Expand Down
2 changes: 1 addition & 1 deletion hw/application_fpga/tb/application_fpga_sim.v
Original file line number Diff line number Diff line change
Expand Up @@ -406,7 +406,7 @@ module application_fpga_sim (

ram_cs = 1'h0;
ram_we = 4'h0;
ram_address = cpu_addr[17 : 2];
ram_address = cpu_addr[16 : 2];
ram_write_data = cpu_wdata;

fw_ram_cs = 1'h0;
Expand Down

0 comments on commit 32e8794

Please sign in to comment.