From 6c6763d52eb46a8889de3818ddff47c46a72c463 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jonas=20Th=C3=B6rnblad?= Date: Fri, 20 Dec 2024 10:38:17 +0100 Subject: [PATCH] Add complete checks for invalid memory accesses Also fix two typos for memory ranges that fortunately have no impact on functionality. --- hw/application_fpga/core/tk1/rtl/tk1.v | 63 +++++++++++++++++++++- hw/application_fpga/fw/tk1_mem.h | 4 +- hw/application_fpga/rtl/application_fpga.v | 2 +- 3 files changed, 65 insertions(+), 4 deletions(-) diff --git a/hw/application_fpga/core/tk1/rtl/tk1.v b/hw/application_fpga/core/tk1/rtl/tk1.v index 7e39ce04..615373f5 100644 --- a/hw/application_fpga/core/tk1/rtl/tk1.v +++ b/hw/application_fpga/core/tk1/rtl/tk1.v @@ -381,7 +381,8 @@ module tk1 #( // Monitor events and state changes in the SoC, and handle // security violations. We currently check for: // - // Any access to RAM but outside of the size of the physical mem. + // Any memory access that is outside of the defined size of the + // defined memory areas. // // Trying to execute instructions in FW-RAM. // @@ -393,10 +394,70 @@ module tk1 #( force_trap_set = 1'h0; if (cpu_valid) begin + // Outside ROM area + if (cpu_addr[31 : 30] == 2'h0 & |cpu_addr[29 : 14]) begin + force_trap_set = 1'h1; + end + + // Outside RAM area if (cpu_addr[31 : 30] == 2'h1 & |cpu_addr[29 : 17]) begin force_trap_set = 1'h1; end + // In RESERVED area + if (cpu_addr[31 : 30] == 2'h2) begin + force_trap_set = 1'h1; + end + + // MMIO + if (cpu_addr[31 : 30] == 2'h3) begin + + // Outside TRNG + if (cpu_addr[29 : 24] == 6'h0 & |cpu_addr[23 : 10]) begin + force_trap_set = 1'h1; + end + + // Outside TIMER + if (cpu_addr[29 : 24] == 6'h01 & |cpu_addr[23 : 10]) begin + force_trap_set = 1'h1; + end + + // Outside UDS + if (cpu_addr[29 : 24] == 6'h02 & |cpu_addr[23 : 5]) begin + force_trap_set = 1'h1; + end + + // Outside UART + if (cpu_addr[29 : 24] == 6'h03 & |cpu_addr[23 : 10]) begin + force_trap_set = 1'h1; + end + + // Outside TOUCH_SENSE + if (cpu_addr[29 : 24] == 6'h04 & |cpu_addr[23 : 10]) begin + force_trap_set = 1'h1; + end + + // In unused space + if ((cpu_addr[29 : 24] > 6'h4) && (cpu_addr[29 : 24] < 6'h10)) begin + force_trap_set = 1'h1; + end + + // Outside FW_RAM + if (cpu_addr[29 : 24] == 6'h10 & |cpu_addr[23 : 11]) begin + force_trap_set = 1'h1; + end + + // In unused space + if ((cpu_addr[29 : 24] > 6'h10) && (cpu_addr[29 : 24] < 6'h3f)) begin + force_trap_set = 1'h1; + end + + // Outside TK1 + if (cpu_addr[29 : 24] == 6'h3f & |cpu_addr[23 : 10]) begin + force_trap_set = 1'h1; + end + end + if (cpu_instr) begin if ((cpu_addr >= FW_RAM_FIRST) && (cpu_addr <= FW_RAM_LAST)) begin force_trap_set = 1'h1; diff --git a/hw/application_fpga/fw/tk1_mem.h b/hw/application_fpga/fw/tk1_mem.h index 246097b7..89d6b7dc 100644 --- a/hw/application_fpga/fw/tk1_mem.h +++ b/hw/application_fpga/fw/tk1_mem.h @@ -82,8 +82,8 @@ #define TK1_MMIO_TIMER_TIMER 0xc100002c #define TK1_MMIO_UDS_BASE 0xc2000000 -#define TK1_MMIO_UDS_FIRST 0xc2000040 -#define TK1_MMIO_UDS_LAST 0xc200005c +#define TK1_MMIO_UDS_FIRST 0xc2000000 +#define TK1_MMIO_UDS_LAST 0xc200001c #define TK1_MMIO_UART_BASE 0xc3000000 #define TK1_MMIO_UART_RX_STATUS 0xc3000080 diff --git a/hw/application_fpga/rtl/application_fpga.v b/hw/application_fpga/rtl/application_fpga.v index 39650d88..12781a82 100644 --- a/hw/application_fpga/rtl/application_fpga.v +++ b/hw/application_fpga/rtl/application_fpga.v @@ -392,7 +392,7 @@ module application_fpga ( ram_cs = 1'h0; ram_we = 4'h0; - ram_address = cpu_addr[17 : 2]; + ram_address = cpu_addr[16 : 2]; ram_write_data = cpu_wdata; fw_ram_cs = 1'h0;