Possible exception overwrite in pmp_data_if.sv
I noticed that pmp_data_if.sv does not check whether there is an existing exception occurring earlier in the pipeline. It seems to thus be possible that the PMP can overwrite an existing exception. The specific case that I am observing is that I get a kernel crash at the first instruction of user mode during Linux boot.
The process I believe is occurring is:
- First instruction begins fetch
- Walk of PTW hits a PTE that exists but Linux hasn't mapped the PTE yet, so it throws a page fault. The PA field in the core is not valid at this point, but the garbage PA is still sent to the PMP
- The PMP evaluates the garbage PA and finds that it's outside the executable region (either PMP configured or PMA configured) and overwrites the existing exception with an INSTR_ACCESS_FAULT
- The OS sees this fault instead of a page fault and thus kills the process instead of simply mapping the unmapped page
When I overwrite the line below to also check !icache_areq_i.fetch_exception.valid, the kernel crash does not occur. Note that I also add a check of icache_areq_i.fetch_valid because otherwise the PMP could potentially raise an exception based on another spurious PA that it gets fed which seems like a questionable interface.
I see git blame on the line above from @OlivierBetschi though that may just be due to the PMP refactor.