[rtl] Deny no-match X access in M-Mode while MML=1

In ePMP spec, it specifies as: ``` Executing code with Machine mode privileges is only possible from memory regions with a matching Mmode-only rule or a locked Shared-Region rule with executable privileges. Executing code from a region without a matching rule or with a matching S/U-mode-only rule is denied. ``` This change provides that. Signed-off-by: Canberk Topal <ctopal@lowrisc.org>
2025-04-20 11:57:12 -04:00 · 2022-08-01 13:59:34 +01:00 · 2022-08-01 13:59:34 +01:00 · e242ef07ad
commit e242ef07ad
parent e93452e502
2 changed files with 9 additions and 2 deletions
--- a/dv/uvm/core_ibex/fcov/core_ibex_pmp_fcov_if.sv
+++ b/dv/uvm/core_ibex/fcov/core_ibex_pmp_fcov_if.sv
@ -416,6 +416,8 @@ interface core_ibex_pmp_fcov_if import ibex_pkg::*; #(
    logic pmp_current_priv_req_err;
    assign pmp_current_priv_req_err =
      g_pmp.pmp_i.access_fault_check(csr_pmp_mseccfg.mmwp,
+                                     csr_pmp_mseccfg.mml,
+                                     g_pmp.pmp_i.pmp_req_type_i[PMP_D],
                                     g_pmp.pmp_i.region_match_all[PMP_D],
                                     cs_registers_i.priv_mode_id_o,
                                     current_priv_perm_check);
--- a/rtl/ibex_pmp.sv
+++ b/rtl/ibex_pmp.sv
@ -123,14 +123,17 @@ module ibex_pmp #(

  // Access fault determination / prioritization
  function automatic logic access_fault_check (logic                     csr_pmp_mseccfg_mmwp,
+                                               logic                     csr_pmp_mseccfg_mml,
+                                               ibex_pkg::pmp_req_e       pmp_req_type,
                                               logic [PMPNumRegions-1:0] match_all,
                                               ibex_pkg::priv_lvl_e      priv_mode,
                                               logic [PMPNumRegions-1:0] final_perm_check);


    // When MSECCFG.MMWP is set default deny always, otherwise allow for M-mode, deny for other
-    // modes
-    logic access_fail = csr_pmp_mseccfg_mmwp | (priv_mode != PRIV_LVL_M);
+    // modes. Also deny unmatched for M-mode whe MSECCFG.MML is set and request type is EXEC.
+    logic access_fail = csr_pmp_mseccfg_mmwp | (priv_mode != PRIV_LVL_M) |
+                        (csr_pmp_mseccfg_mml && (pmp_req_type == PMP_ACC_EXEC));

    // PMP entries are statically prioritized, from 0 to N-1
    // The lowest-numbered PMP entry which matches an address determines accessibility
@ -222,6 +225,8 @@ module ibex_pmp #(
    // Once the permission checks of the regions are done, decide if the access is
    // denied by figuring out the matching region and its permission check.
    assign pmp_req_err_o[c] = access_fault_check(csr_pmp_mseccfg_i.mmwp,
+                                                 csr_pmp_mseccfg_i.mml,
+                                                 pmp_req_type_i[c],
                                                 region_match_all[c],
                                                 priv_mode_i[c],
                                                 region_perm_check[c]);