CVE-2021-41613: Unable to write to the EEAR register from the supervisor mode. · Issue #141 · openrisc/mor1kx

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Comments

Hello, thanks for your bug report and your mail. I see from your mail that you have been doing research can you explain how that works? How did you find this?

Mail:
https://lists.librecores.org/pipermail/openrisc/2021-September/003306.html

There are a few things where the mor1kx differs from the spec to make the implementation more efficient. In this case we have no use case in existing code that requires EEAR to be written to so it was omitted.

Hi,

We are developing hardware verification tools to detect bugs in RTL designs. In this case, we simulated mor1kx and or1ksim with the inputs generated from our tool and compared the trace outputs. We modified the tracing logic to output the values of all the GPRs and important SPRs. So, this is how we detected this bug.

Wow, that is great, that sounds like “golden reference” (example) verification. This is/was something that is on my todo list to implement for mor1kx using or1ksim. Do you think you will be able to contribute this back to openrisc?

Hi,
Sure. Our work is yet to be published, so I cannot share the tool and its specific details right now. But, once we get our paper out, I can check with my advisor and get back to you.

2 participants