Abort if trapping with untagged MTCC

This is not going to go well: we'll install an untagged quantity in PCC and immediately trap again, doing the same thing forever. Just bail with a not-implemented error. That's not the cleanest thing in the world, but it's what's readily available at the moment.
CHERIoT-Platform · Nov 13, 2024 · 01ace11 · 01ace11
1 parent cae126a
commit 01ace11
Showing 1 changed file with 16 additions and 1 deletion.
diff --git a/src/cheri_addr_checks.sail b/src/cheri_addr_checks.sail
@@ -114,7 +114,22 @@ function ext_fetch_check_pc(start_pc, pc) = {
   then {
     /* We need to perform the permission checks only for the first granule. */
     if      not(PCC.tag)
-    then    Ext_FetchAddr_Error(CapEx_TagViolation)
+    then {
+      if MTCC.tag
+      then Ext_FetchAddr_Error(CapEx_TagViolation)
+      else {
+        /*
+         * We're going to infinite loop, installing an untagged MTCC to PCC
+         * and coming right back here.  Much better to just stop now.
+         *
+         * TODO: We'd rather go through the HTIF exit path, but the HTIF
+         * registers are not available to us at this point in the code, and
+         * changing that would require changes in the upstream submodule.
+         * Something to consider when we're rebasing against Zcheripurecap.
+         */
+        not_implemented ("Untagged PCC and MTCC infinite loops; stopping now")
+      }
+    }
     else if isCapSealed(PCC)
     then    internal_error(__FILE__, __LINE__, "PCC should never be sealed")
     else if not(PCC.permit_execute)