Commit 042536b4 authored by Yuxiao Mao's avatar Yuxiao Mao
Browse files

ROP: add more fine grained counters

parent cbbd5b17
......@@ -33,12 +33,15 @@ class DetectPatternRopInternal(params: DetectPatternRopParams)(implicit mp: Mata
// 2) ROP gadget destination is likely not in cache, so jalr will take longer and will probably be visible in different clockDiv pack. But this property may increase false positive as legal chain will now seems to be shorter.
val npackSizeMax = 16
val npackSize1 = 6
val npackSize2 = 8
val npackSize1 = 8
val npackSize2 = 9
val npackSize3 = 10
val npackSize4 = 12
val npackSize5 = 14
val npackSize6 = 16
val npackSize4 = 11
val npackSize5 = 12
val npackSize6 = 13
val npackSize7 = 14
val npackSize8 = 15
val npackSize9 = 16
val npack_jalr = RegInit(0.U(npackSizeMax.W)).suggestName("npack_jalr") // if last N valid cycles has jalr
val npack_jalr_orR1 = RegInit(false.B)
......@@ -47,7 +50,10 @@ class DetectPatternRopInternal(params: DetectPatternRopParams)(implicit mp: Mata
val npack_jalr_orR4 = RegInit(false.B)
val npack_jalr_orR5 = RegInit(false.B)
val npack_jalr_orR6 = RegInit(false.B)
when (in.pack_has_valid) {
val npack_jalr_orR7 = RegInit(false.B)
val npack_jalr_orR8 = RegInit(false.B)
val npack_jalr_orR9 = RegInit(false.B)
when (in.isMonitoring && in.pack_has_valid) {
npack_jalr := Cat(npack_jalr(npackSizeMax-2, 0), in.pack_has_jalr)
npack_jalr_orR1 := npack_jalr(npackSize1-2, 0).orR || in.pack_has_jalr
npack_jalr_orR2 := npack_jalr(npackSize2-2, 0).orR || in.pack_has_jalr
......@@ -55,6 +61,9 @@ class DetectPatternRopInternal(params: DetectPatternRopParams)(implicit mp: Mata
npack_jalr_orR4 := npack_jalr(npackSize4-2, 0).orR || in.pack_has_jalr
npack_jalr_orR5 := npack_jalr(npackSize5-2, 0).orR || in.pack_has_jalr
npack_jalr_orR6 := npack_jalr(npackSize6-2, 0).orR || in.pack_has_jalr
npack_jalr_orR7 := npack_jalr(npackSize7-2, 0).orR || in.pack_has_jalr
npack_jalr_orR8 := npack_jalr(npackSize8-2, 0).orR || in.pack_has_jalr
npack_jalr_orR9 := npack_jalr(npackSize9-2, 0).orR || in.pack_has_jalr
}
val countjalr1 = RegInit(0.U(mp.counterWidth.W)).suggestName("dprop_countjalr1")
......@@ -63,6 +72,9 @@ class DetectPatternRopInternal(params: DetectPatternRopParams)(implicit mp: Mata
val countjalr4 = RegInit(0.U(mp.counterWidth.W)).suggestName("dprop_countjalr4")
val countjalr5 = RegInit(0.U(mp.counterWidth.W)).suggestName("dprop_countjalr5")
val countjalr6 = RegInit(0.U(mp.counterWidth.W)).suggestName("dprop_countjalr6")
val countjalr7 = RegInit(0.U(mp.counterWidth.W)).suggestName("dprop_countjalr7")
val countjalr8 = RegInit(0.U(mp.counterWidth.W)).suggestName("dprop_countjalr8")
val countjalr9 = RegInit(0.U(mp.counterWidth.W)).suggestName("dprop_countjalr9")
when (in.resetCounters) {
countjalr1 := 0.U
......@@ -71,6 +83,9 @@ class DetectPatternRopInternal(params: DetectPatternRopParams)(implicit mp: Mata
countjalr4 := 0.U
countjalr5 := 0.U
countjalr6 := 0.U
countjalr7 := 0.U
countjalr8 := 0.U
countjalr9 := 0.U
}.otherwise {
when (in.isMonitoring && in.pack_has_jalr) { // evaluate counter when jalr (include pack_has_valid)
when (npack_jalr_orR1) { // has jalr adjacent
......@@ -103,6 +118,21 @@ class DetectPatternRopInternal(params: DetectPatternRopParams)(implicit mp: Mata
}.otherwise { // no jalr adjacent
countjalr6 := Mux(countjalr6 >= 2.U, countjalr6 - 2.U, 0.U)
}
when (npack_jalr_orR7) { // has jalr adjacent
countjalr7 := countjalr7 + 1.U
}.otherwise { // no jalr adjacent
countjalr7 := Mux(countjalr7 >= 2.U, countjalr7 - 2.U, 0.U)
}
when (npack_jalr_orR8) { // has jalr adjacent
countjalr8 := countjalr8 + 1.U
}.otherwise { // no jalr adjacent
countjalr8 := Mux(countjalr8 >= 2.U, countjalr8 - 2.U, 0.U)
}
when (npack_jalr_orR9) { // has jalr adjacent
countjalr9 := countjalr9 + 1.U
}.otherwise { // no jalr adjacent
countjalr9 := Mux(countjalr9 >= 2.U, countjalr9 - 2.U, 0.U)
}
}
}
......@@ -125,6 +155,9 @@ class DetectPatternRopInternal(params: DetectPatternRopParams)(implicit mp: Mata
RegmapUtil.readValueMax(countjalr4, in.resetCounters, mp.counterWidth, offset + 0x18, "CountRopJalr4") ++
RegmapUtil.readValueMax(countjalr5, in.resetCounters, mp.counterWidth, offset + 0x20, "CountRopJalr5") ++
RegmapUtil.readValueMax(countjalr6, in.resetCounters, mp.counterWidth, offset + 0x28, "CountRopJalr6") ++
RegmapUtil.readValueMax(countjalr7, in.resetCounters, mp.counterWidth, offset + 0x30, "CountRopJalr7") ++
RegmapUtil.readValueMax(countjalr8, in.resetCounters, mp.counterWidth, offset + 0x38, "CountRopJalr8") ++
RegmapUtil.readValueMax(countjalr9, in.resetCounters, mp.counterWidth, offset + 0x40, "CountRopJalr9") ++
Nil
}
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment