* [RFC PATCH v3 1/7] target/riscv: deprecate 'debug' CPU property
2026-01-27 13:15 [RFC PATCH v3 0/7] riscv: add initial sdext support Chao Liu
@ 2026-01-27 13:15 ` Chao Liu
2026-01-27 13:15 ` [RFC PATCH v3 2/7] target/riscv: add sdext debug CSRs state Chao Liu
` (5 subsequent siblings)
6 siblings, 0 replies; 10+ messages in thread
From: Chao Liu @ 2026-01-27 13:15 UTC (permalink / raw)
To: Alistair Francis, Daniel Henrique Barboza, Palmer Dabbelt,
Weiwei Li, Liu Zhiwei
Cc: qemu-devel, qemu-riscv, wangjingwei, hust-os-kernel-patches,
Daniel Henrique Barboza
From: Daniel Henrique Barboza <daniel.barboza@oss.qualcomm.com>
Starting on commit f31ba686a9 ("target/riscv/cpu.c: add 'sdtrig' in
riscv,isa') the 'debug' flag has been used as an alias for 'sdtrig'.
We're going to add more debug trigger extensions, e.g. 'sdext' [1]. And
all of a sudden the existence of this flag is now weird. Do we keep it
as a 'sdtrig' only or do we add 'sdext'?
The solution proposed here is to deprecate it. The flag was introduced a
long time ago as a way to encapsulate support for all debug related
CSRs. Today we have specific debug trigger extensions and there's no
more use for a generic 'debug' flag. Users should be encouraged to
enable/disable extensions directly instead of using "made-up" flags that
exists only in a QEMU context.
The following changes are made:
- 'ext_sdtrig' flag was added in cpu->cfg. 'debug' flag was removed from
cpu->cfg;
- All occurrences of cpu->cfg.debug were replaced to 'ext_sdtrig';
- Two explicit getters and setters for the 'debug' property were added.
The property will simply get/set ext_sdtrig;
- vmstate_debug was renamed to vmstate_sdtrig. We're aware that this
will impact migration between QEMU 10.2 to newer versions, but we're
still in a point where the migration break cost isn't big enough to
justify adding migration compatibility scaffolding.
Finally, deprecated.rst was updated to deprecate 'debug' and encourage
users to use 'ext_sdtrig' instead.
[1] https://lore.kernel.org/qemu-devel/cover.1768622881.git.chao.liu.zevorn@gmail.com/
Signed-off-by: Daniel Henrique Barboza <daniel.barboza@oss.qualcomm.com>
---
docs/about/deprecated.rst | 7 +++++
target/riscv/cpu.c | 51 ++++++++++++++++++++++++++++---
target/riscv/cpu_cfg_fields.h.inc | 2 +-
target/riscv/csr.c | 2 +-
target/riscv/machine.c | 24 +++++++--------
target/riscv/tcg/tcg-cpu.c | 2 +-
6 files changed, 69 insertions(+), 19 deletions(-)
diff --git a/docs/about/deprecated.rst b/docs/about/deprecated.rst
index 7abb3dab59..44a6e53044 100644
--- a/docs/about/deprecated.rst
+++ b/docs/about/deprecated.rst
@@ -507,6 +507,13 @@ It was implemented as a no-op instruction in TCG up to QEMU 9.0, but
only with ``-cpu max`` (which does not guarantee migration compatibility
across versions).
+``debug=true|false`` on RISC-V CPUs (since 11.0)
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+This option, since QEMU 10.1, has been a simple alias to the ``sdtrig``
+extension. Users are advised to enable/disable ``sdtrig`` directly instead
+of using ``debug``.
+
Backwards compatibility
-----------------------
diff --git a/target/riscv/cpu.c b/target/riscv/cpu.c
index fa7079d86e..0ba98a62e4 100644
--- a/target/riscv/cpu.c
+++ b/target/riscv/cpu.c
@@ -209,7 +209,7 @@ const RISCVIsaExtData isa_edata_arr[] = {
ISA_EXT_DATA_ENTRY(zvkt, PRIV_VERSION_1_12_0, ext_zvkt),
ISA_EXT_DATA_ENTRY(zhinx, PRIV_VERSION_1_12_0, ext_zhinx),
ISA_EXT_DATA_ENTRY(zhinxmin, PRIV_VERSION_1_12_0, ext_zhinxmin),
- ISA_EXT_DATA_ENTRY(sdtrig, PRIV_VERSION_1_12_0, debug),
+ ISA_EXT_DATA_ENTRY(sdtrig, PRIV_VERSION_1_12_0, ext_sdtrig),
ISA_EXT_DATA_ENTRY(shcounterenw, PRIV_VERSION_1_12_0, has_priv_1_12),
ISA_EXT_DATA_ENTRY(sha, PRIV_VERSION_1_12_0, ext_sha),
ISA_EXT_DATA_ENTRY(shgatpa, PRIV_VERSION_1_12_0, has_priv_1_12),
@@ -781,7 +781,7 @@ static void riscv_cpu_reset_hold(Object *obj, ResetType type)
env->vill = true;
#ifndef CONFIG_USER_ONLY
- if (cpu->cfg.debug) {
+ if (cpu->cfg.ext_sdtrig) {
riscv_trigger_reset_hold(env);
}
@@ -944,7 +944,7 @@ static void riscv_cpu_realize(DeviceState *dev, Error **errp)
riscv_cpu_register_gdb_regs_for_features(cs);
#ifndef CONFIG_USER_ONLY
- if (cpu->cfg.debug) {
+ if (cpu->cfg.ext_sdtrig) {
riscv_trigger_realize(&cpu->env);
}
#endif
@@ -1123,6 +1123,14 @@ static void riscv_cpu_init(Object *obj)
cpu->env.vext_ver = VEXT_VERSION_1_00_0;
cpu->cfg.max_satp_mode = -1;
+ /*
+ * 'debug' started being deprecated in 11.0, been just a proxy
+ * to set ext_sdtrig ever since. It has been enabled by default
+ * for a long time though, so we're stuck with setting set 'strig'
+ * by default too. At least for now ...
+ */
+ cpu->cfg.ext_sdtrig = true;
+
if (mcc->def->profile) {
mcc->def->profile->enabled = true;
}
@@ -1237,6 +1245,7 @@ const RISCVCPUMultiExtConfig riscv_cpu_extensions[] = {
MULTI_EXT_CFG_BOOL("smcdeleg", ext_smcdeleg, false),
MULTI_EXT_CFG_BOOL("sscsrind", ext_sscsrind, false),
MULTI_EXT_CFG_BOOL("ssccfg", ext_ssccfg, false),
+ MULTI_EXT_CFG_BOOL("sdtrig", ext_sdtrig, true),
MULTI_EXT_CFG_BOOL("smctr", ext_smctr, false),
MULTI_EXT_CFG_BOOL("ssctr", ext_ssctr, false),
MULTI_EXT_CFG_BOOL("zifencei", ext_zifencei, true),
@@ -2639,8 +2648,42 @@ RISCVCPUImpliedExtsRule *riscv_multi_ext_implied_rules[] = {
NULL
};
+/*
+ * DEPRECATED_11.0: just a proxy for ext_sdtrig.
+ */
+static void prop_debug_get(Object *obj, Visitor *v, const char *name,
+ void *opaque, Error **errp)
+{
+ bool value = RISCV_CPU(obj)->cfg.ext_sdtrig;
+
+ visit_type_bool(v, name, &value, errp);
+}
+
+/*
+ * DEPRECATED_11.0: just a proxy for ext_sdtrig.
+ */
+static void prop_debug_set(Object *obj, Visitor *v, const char *name,
+ void *opaque, Error **errp)
+{
+ RISCVCPU *cpu = RISCV_CPU(obj);
+ bool value;
+
+ visit_type_bool(v, name, &value, errp);
+ cpu->cfg.ext_sdtrig = value;
+}
+
+/*
+ * DEPRECATED_11.0: just a proxy for ext_sdtrig.
+ */
+static const PropertyInfo prop_debug = {
+ .type = "bool",
+ .description = "DEPRECATED: use 'sdtrig' instead.",
+ .get = prop_debug_get,
+ .set = prop_debug_set,
+};
+
static const Property riscv_cpu_properties[] = {
- DEFINE_PROP_BOOL("debug", RISCVCPU, cfg.debug, true),
+ {.name = "debug", .info = &prop_debug},
{.name = "pmu-mask", .info = &prop_pmu_mask},
{.name = "pmu-num", .info = &prop_pmu_num}, /* Deprecated */
diff --git a/target/riscv/cpu_cfg_fields.h.inc b/target/riscv/cpu_cfg_fields.h.inc
index 70ec650abf..492fdd1553 100644
--- a/target/riscv/cpu_cfg_fields.h.inc
+++ b/target/riscv/cpu_cfg_fields.h.inc
@@ -46,6 +46,7 @@ BOOL_FIELD(ext_zilsd)
BOOL_FIELD(ext_zimop)
BOOL_FIELD(ext_zcmop)
BOOL_FIELD(ext_ztso)
+BOOL_FIELD(ext_sdtrig)
BOOL_FIELD(ext_smstateen)
BOOL_FIELD(ext_sstc)
BOOL_FIELD(ext_smcdeleg)
@@ -156,7 +157,6 @@ BOOL_FIELD(ext_xmipslsp)
BOOL_FIELD(mmu)
BOOL_FIELD(pmp)
-BOOL_FIELD(debug)
BOOL_FIELD(misa_w)
BOOL_FIELD(short_isa_string)
diff --git a/target/riscv/csr.c b/target/riscv/csr.c
index 05c7ec8352..870fad87ac 100644
--- a/target/riscv/csr.c
+++ b/target/riscv/csr.c
@@ -777,7 +777,7 @@ static RISCVException have_mseccfg(CPURISCVState *env, int csrno)
static RISCVException debug(CPURISCVState *env, int csrno)
{
- if (riscv_cpu_cfg(env)->debug) {
+ if (riscv_cpu_cfg(env)->ext_sdtrig) {
return RISCV_EXCP_NONE;
}
diff --git a/target/riscv/machine.c b/target/riscv/machine.c
index 09c032a879..62c51c8033 100644
--- a/target/riscv/machine.c
+++ b/target/riscv/machine.c
@@ -218,14 +218,14 @@ static const VMStateDescription vmstate_kvmtimer = {
};
#endif
-static bool debug_needed(void *opaque)
+static bool sdtrig_needed(void *opaque)
{
RISCVCPU *cpu = opaque;
- return cpu->cfg.debug;
+ return cpu->cfg.ext_sdtrig;
}
-static int debug_post_load(void *opaque, int version_id)
+static int sdtrig_post_load(void *opaque, int version_id)
{
RISCVCPU *cpu = opaque;
CPURISCVState *env = &cpu->env;
@@ -237,12 +237,12 @@ static int debug_post_load(void *opaque, int version_id)
return 0;
}
-static const VMStateDescription vmstate_debug = {
- .name = "cpu/debug",
- .version_id = 2,
- .minimum_version_id = 2,
- .needed = debug_needed,
- .post_load = debug_post_load,
+static const VMStateDescription vmstate_sdtrig = {
+ .name = "cpu/sdtrig",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .needed = sdtrig_needed,
+ .post_load = sdtrig_post_load,
.fields = (const VMStateField[]) {
VMSTATE_UINTTL(env.trigger_cur, RISCVCPU),
VMSTATE_UINTTL_ARRAY(env.tdata1, RISCVCPU, RV_MAX_TRIGGERS),
@@ -425,8 +425,8 @@ static const VMStateDescription vmstate_sstc = {
const VMStateDescription vmstate_riscv_cpu = {
.name = "cpu",
- .version_id = 11,
- .minimum_version_id = 11,
+ .version_id = 12,
+ .minimum_version_id = 12,
.post_load = riscv_cpu_post_load,
.fields = (const VMStateField[]) {
VMSTATE_UINTTL_ARRAY(env.gpr, RISCVCPU, 32),
@@ -492,13 +492,13 @@ const VMStateDescription vmstate_riscv_cpu = {
&vmstate_kvmtimer,
#endif
&vmstate_envcfg,
- &vmstate_debug,
&vmstate_smstateen,
&vmstate_jvt,
&vmstate_elp,
&vmstate_ssp,
&vmstate_ctr,
&vmstate_sstc,
+ &vmstate_sdtrig,
NULL
}
};
diff --git a/target/riscv/tcg/tcg-cpu.c b/target/riscv/tcg/tcg-cpu.c
index 7a9314670b..799e907991 100644
--- a/target/riscv/tcg/tcg-cpu.c
+++ b/target/riscv/tcg/tcg-cpu.c
@@ -180,7 +180,7 @@ static TCGTBCPUState riscv_get_tb_cpu_state(CPUState *cs)
? EXT_STATUS_DIRTY : EXT_STATUS_DISABLED;
}
- if (cpu->cfg.debug && !icount_enabled()) {
+ if (cpu->cfg.ext_sdtrig && !icount_enabled()) {
flags = FIELD_DP32(flags, TB_FLAGS, ITRIGGER, env->itrigger_enabled);
}
#endif
--
2.52.0
^ permalink raw reply related [flat|nested] 10+ messages in thread* [RFC PATCH v3 2/7] target/riscv: add sdext debug CSRs state
2026-01-27 13:15 [RFC PATCH v3 0/7] riscv: add initial sdext support Chao Liu
2026-01-27 13:15 ` [RFC PATCH v3 1/7] target/riscv: deprecate 'debug' CPU property Chao Liu
@ 2026-01-27 13:15 ` Chao Liu
2026-01-28 19:42 ` Daniel Henrique Barboza
2026-01-27 13:15 ` [RFC PATCH v3 3/7] target/riscv: add sdext Debug Mode helpers Chao Liu
` (4 subsequent siblings)
6 siblings, 1 reply; 10+ messages in thread
From: Chao Liu @ 2026-01-27 13:15 UTC (permalink / raw)
To: Alistair Francis, Daniel Henrique Barboza, Palmer Dabbelt,
Weiwei Li, Liu Zhiwei
Cc: qemu-devel, qemu-riscv, wangjingwei, hust-os-kernel-patches,
Chao Liu
RISC-V Debug Specification:
https://github.com/riscv/riscv-debug-spec/releases/tag/1.0
Add architectural state for Sdext Debug Mode: debug_mode, dcsr, dpc
and dscratch0/1. Wire up CSR access for dcsr/dpc/dscratch and gate
them to Debug Mode (or host debugger access).
The Sdext is not fully implemented, so it is disabled by default.
Signed-off-by: Chao Liu <chao.liu.zevorn@gmail.com>
---
target/riscv/cpu.c | 10 +++
target/riscv/cpu.h | 4 +
target/riscv/cpu_bits.h | 33 ++++++++
target/riscv/cpu_cfg_fields.h.inc | 1 +
target/riscv/csr.c | 126 ++++++++++++++++++++++++++++++
target/riscv/machine.c | 20 +++++
6 files changed, 194 insertions(+)
diff --git a/target/riscv/cpu.c b/target/riscv/cpu.c
index 0ba98a62e4..ba8fd1557a 100644
--- a/target/riscv/cpu.c
+++ b/target/riscv/cpu.c
@@ -209,6 +209,7 @@ const RISCVIsaExtData isa_edata_arr[] = {
ISA_EXT_DATA_ENTRY(zvkt, PRIV_VERSION_1_12_0, ext_zvkt),
ISA_EXT_DATA_ENTRY(zhinx, PRIV_VERSION_1_12_0, ext_zhinx),
ISA_EXT_DATA_ENTRY(zhinxmin, PRIV_VERSION_1_12_0, ext_zhinxmin),
+ ISA_EXT_DATA_ENTRY(sdext, PRIV_VERSION_1_12_0, ext_sdext),
ISA_EXT_DATA_ENTRY(sdtrig, PRIV_VERSION_1_12_0, ext_sdtrig),
ISA_EXT_DATA_ENTRY(shcounterenw, PRIV_VERSION_1_12_0, has_priv_1_12),
ISA_EXT_DATA_ENTRY(sha, PRIV_VERSION_1_12_0, ext_sha),
@@ -779,6 +780,11 @@ static void riscv_cpu_reset_hold(Object *obj, ResetType type)
/* Default NaN value: sign bit clear, frac msb set */
set_float_default_nan_pattern(0b01000000, &env->fp_status);
env->vill = true;
+ env->debug_mode = false;
+ env->dcsr = DCSR_DEBUGVER(4);
+ env->dpc = 0;
+ env->dscratch[0] = 0;
+ env->dscratch[1] = 0;
#ifndef CONFIG_USER_ONLY
if (cpu->cfg.ext_sdtrig) {
@@ -1131,6 +1137,9 @@ static void riscv_cpu_init(Object *obj)
*/
cpu->cfg.ext_sdtrig = true;
+ /* sdext is not fully implemented, so it is disabled by default. */
+ cpu->cfg.ext_sdext = false;
+
if (mcc->def->profile) {
mcc->def->profile->enabled = true;
}
@@ -1245,6 +1254,7 @@ const RISCVCPUMultiExtConfig riscv_cpu_extensions[] = {
MULTI_EXT_CFG_BOOL("smcdeleg", ext_smcdeleg, false),
MULTI_EXT_CFG_BOOL("sscsrind", ext_sscsrind, false),
MULTI_EXT_CFG_BOOL("ssccfg", ext_ssccfg, false),
+ MULTI_EXT_CFG_BOOL("sdext", ext_sdext, false),
MULTI_EXT_CFG_BOOL("sdtrig", ext_sdtrig, true),
MULTI_EXT_CFG_BOOL("smctr", ext_smctr, false),
MULTI_EXT_CFG_BOOL("ssctr", ext_ssctr, false),
diff --git a/target/riscv/cpu.h b/target/riscv/cpu.h
index 5c6824f2d3..a474494dff 100644
--- a/target/riscv/cpu.h
+++ b/target/riscv/cpu.h
@@ -476,6 +476,10 @@ struct CPUArchState {
/* True if in debugger mode. */
bool debugger;
+ bool debug_mode;
+ target_ulong dcsr;
+ target_ulong dpc;
+ target_ulong dscratch[2];
uint64_t mstateen[SMSTATEEN_MAX_COUNT];
uint64_t hstateen[SMSTATEEN_MAX_COUNT];
diff --git a/target/riscv/cpu_bits.h b/target/riscv/cpu_bits.h
index b62dd82fe7..bb59f7ff56 100644
--- a/target/riscv/cpu_bits.h
+++ b/target/riscv/cpu_bits.h
@@ -467,6 +467,39 @@
#define CSR_DCSR 0x7b0
#define CSR_DPC 0x7b1
#define CSR_DSCRATCH 0x7b2
+#define CSR_DSCRATCH1 0x7b3
+
+/* DCSR fields */
+#define DCSR_XDEBUGVER_SHIFT 28
+#define DCSR_XDEBUGVER_MASK (0xfu << DCSR_XDEBUGVER_SHIFT)
+#define DCSR_DEBUGVER(val) ((target_ulong)(val) << DCSR_XDEBUGVER_SHIFT)
+#define DCSR_EXTCAUSE_SHIFT 24
+#define DCSR_EXTCAUSE_MASK (0x7u << DCSR_EXTCAUSE_SHIFT)
+#define DCSR_CETRIG BIT(19)
+#define DCSR_PELP BIT(18)
+#define DCSR_EBREAKVS BIT(17)
+#define DCSR_EBREAKVU BIT(16)
+#define DCSR_EBREAKM BIT(15)
+#define DCSR_EBREAKS BIT(13)
+#define DCSR_EBREAKU BIT(12)
+#define DCSR_STEPIE BIT(11)
+#define DCSR_STOPCOUNT BIT(10)
+#define DCSR_STOPTIME BIT(9)
+#define DCSR_CAUSE_SHIFT 6
+#define DCSR_CAUSE_MASK (0x7u << DCSR_CAUSE_SHIFT)
+#define DCSR_V BIT(5)
+#define DCSR_MPRVEN BIT(4)
+#define DCSR_NMIP BIT(3)
+#define DCSR_STEP BIT(2)
+#define DCSR_PRV_MASK 0x3u
+
+#define DCSR_CAUSE_EBREAK 1
+#define DCSR_CAUSE_TRIGGER 2
+#define DCSR_CAUSE_HALTREQ 3
+#define DCSR_CAUSE_STEP 4
+#define DCSR_CAUSE_RESET 5
+#define DCSR_CAUSE_GROUP 6
+#define DCSR_CAUSE_OTHER 7
/* Performance Counters */
#define CSR_MHPMCOUNTER3 0xb03
diff --git a/target/riscv/cpu_cfg_fields.h.inc b/target/riscv/cpu_cfg_fields.h.inc
index 492fdd1553..4b157ac920 100644
--- a/target/riscv/cpu_cfg_fields.h.inc
+++ b/target/riscv/cpu_cfg_fields.h.inc
@@ -46,6 +46,7 @@ BOOL_FIELD(ext_zilsd)
BOOL_FIELD(ext_zimop)
BOOL_FIELD(ext_zcmop)
BOOL_FIELD(ext_ztso)
+BOOL_FIELD(ext_sdext)
BOOL_FIELD(ext_sdtrig)
BOOL_FIELD(ext_smstateen)
BOOL_FIELD(ext_sstc)
diff --git a/target/riscv/csr.c b/target/riscv/csr.c
index 870fad87ac..3e38c943e0 100644
--- a/target/riscv/csr.c
+++ b/target/riscv/csr.c
@@ -3136,6 +3136,126 @@ static RISCVException write_mtval(CPURISCVState *env, int csrno,
return RISCV_EXCP_NONE;
}
+#if !defined(CONFIG_USER_ONLY)
+static RISCVException sdext(CPURISCVState *env, int csrno)
+{
+ if (!riscv_cpu_cfg(env)->ext_sdext) {
+ return RISCV_EXCP_ILLEGAL_INST;
+ }
+
+ if (!env->debug_mode && !env->debugger) {
+ return RISCV_EXCP_ILLEGAL_INST;
+ }
+
+ return RISCV_EXCP_NONE;
+}
+
+static target_ulong dcsr_visible_mask(CPURISCVState *env)
+{
+ target_ulong mask = (target_ulong)-1;
+ RISCVCPU *cpu = env_archcpu(env);
+
+ if (!riscv_has_ext(env, RVH)) {
+ mask &= ~(DCSR_EBREAKVS | DCSR_EBREAKVU | DCSR_V);
+ }
+ if (!riscv_has_ext(env, RVS)) {
+ mask &= ~DCSR_EBREAKS;
+ }
+ if (!riscv_has_ext(env, RVU)) {
+ mask &= ~DCSR_EBREAKU;
+ }
+ if (!cpu->cfg.ext_zicfilp) {
+ mask &= ~DCSR_PELP;
+ }
+ if (!cpu->cfg.ext_smdbltrp) {
+ mask &= ~DCSR_CETRIG;
+ }
+
+ return mask;
+}
+
+static RISCVException read_dcsr(CPURISCVState *env, int csrno,
+ target_ulong *val)
+{
+ *val = env->dcsr & dcsr_visible_mask(env);
+ return RISCV_EXCP_NONE;
+}
+
+static target_ulong dcsr_writable_mask(CPURISCVState *env)
+{
+ target_ulong mask = DCSR_EBREAKM | DCSR_EBREAKS | DCSR_EBREAKU |
+ DCSR_STEPIE | DCSR_STOPCOUNT | DCSR_STOPTIME |
+ DCSR_STEP | DCSR_PRV_MASK;
+ RISCVCPU *cpu = env_archcpu(env);
+
+ mask |= DCSR_MPRVEN;
+
+ if (riscv_has_ext(env, RVH)) {
+ mask |= DCSR_EBREAKVS | DCSR_EBREAKVU | DCSR_V;
+ }
+ if (riscv_has_ext(env, RVS)) {
+ mask |= DCSR_EBREAKS;
+ }
+ if (riscv_has_ext(env, RVU)) {
+ mask |= DCSR_EBREAKU;
+ }
+ if (cpu->cfg.ext_zicfilp) {
+ mask |= DCSR_PELP;
+ }
+ if (cpu->cfg.ext_smdbltrp) {
+ mask |= DCSR_CETRIG;
+ }
+
+ return mask;
+}
+
+static RISCVException write_dcsr(CPURISCVState *env, int csrno,
+ target_ulong val, uintptr_t ra)
+{
+ target_ulong mask = dcsr_writable_mask(env);
+ target_ulong new_val = env->dcsr;
+
+ new_val &= ~mask;
+ new_val |= val & mask;
+ new_val &= ~DCSR_XDEBUGVER_MASK;
+ new_val |= DCSR_DEBUGVER(4);
+ env->dcsr = new_val;
+ return RISCV_EXCP_NONE;
+}
+
+static RISCVException read_dpc(CPURISCVState *env, int csrno,
+ target_ulong *val)
+{
+ *val = env->dpc & get_xepc_mask(env);
+ return RISCV_EXCP_NONE;
+}
+
+static RISCVException write_dpc(CPURISCVState *env, int csrno,
+ target_ulong val, uintptr_t ra)
+{
+ env->dpc = val & get_xepc_mask(env);
+ return RISCV_EXCP_NONE;
+}
+
+static RISCVException read_dscratch(CPURISCVState *env, int csrno,
+ target_ulong *val)
+{
+ int index = (csrno == CSR_DSCRATCH1) ? 1 : 0;
+
+ *val = env->dscratch[index];
+ return RISCV_EXCP_NONE;
+}
+
+static RISCVException write_dscratch(CPURISCVState *env, int csrno,
+ target_ulong val, uintptr_t ra)
+{
+ int index = (csrno == CSR_DSCRATCH1) ? 1 : 0;
+
+ env->dscratch[index] = val;
+ return RISCV_EXCP_NONE;
+}
+#endif /* !CONFIG_USER_ONLY */
+
/* Execution environment configuration setup */
static RISCVException read_menvcfg(CPURISCVState *env, int csrno,
target_ulong *val)
@@ -6297,6 +6417,12 @@ riscv_csr_operations csr_ops[CSR_TABLE_SIZE] = {
[CSR_TDATA3] = { "tdata3", debug, read_tdata, write_tdata },
[CSR_TINFO] = { "tinfo", debug, read_tinfo, write_ignore },
[CSR_MCONTEXT] = { "mcontext", debug, read_mcontext, write_mcontext },
+#if !defined(CONFIG_USER_ONLY)
+ [CSR_DCSR] = { "dcsr", sdext, read_dcsr, write_dcsr },
+ [CSR_DPC] = { "dpc", sdext, read_dpc, write_dpc },
+ [CSR_DSCRATCH] = { "dscratch0", sdext, read_dscratch, write_dscratch },
+ [CSR_DSCRATCH1] = { "dscratch1", sdext, read_dscratch, write_dscratch },
+#endif
[CSR_MCTRCTL] = { "mctrctl", ctr_mmode, NULL, NULL, rmw_xctrctl },
[CSR_SCTRCTL] = { "sctrctl", ctr_smode, NULL, NULL, rmw_xctrctl },
diff --git a/target/riscv/machine.c b/target/riscv/machine.c
index 62c51c8033..52264cf047 100644
--- a/target/riscv/machine.c
+++ b/target/riscv/machine.c
@@ -248,6 +248,25 @@ static const VMStateDescription vmstate_sdtrig = {
VMSTATE_UINTTL_ARRAY(env.tdata1, RISCVCPU, RV_MAX_TRIGGERS),
VMSTATE_UINTTL_ARRAY(env.tdata2, RISCVCPU, RV_MAX_TRIGGERS),
VMSTATE_UINTTL_ARRAY(env.tdata3, RISCVCPU, RV_MAX_TRIGGERS),
+ VMSTATE_BOOL_V(env.debug_mode, RISCVCPU, 3),
+ VMSTATE_UINTTL_V(env.dcsr, RISCVCPU, 3),
+ VMSTATE_UINTTL_V(env.dpc, RISCVCPU, 3),
+ VMSTATE_UINTTL_ARRAY_V(env.dscratch, RISCVCPU, 2, 3),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static const VMStateDescription vmstate_sdext = {
+ .name = "cpu/sdext",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .needed = sdtrig_needed,
+ .post_load = sdtrig_post_load,
+ .fields = (const VMStateField[]) {
+ VMSTATE_BOOL_V(env.debug_mode, RISCVCPU, 3),
+ VMSTATE_UINTTL_V(env.dcsr, RISCVCPU, 3),
+ VMSTATE_UINTTL_V(env.dpc, RISCVCPU, 3),
+ VMSTATE_UINTTL_ARRAY_V(env.dscratch, RISCVCPU, 2, 3),
VMSTATE_END_OF_LIST()
}
};
@@ -499,6 +518,7 @@ const VMStateDescription vmstate_riscv_cpu = {
&vmstate_ctr,
&vmstate_sstc,
&vmstate_sdtrig,
+ &vmstate_sdext,
NULL
}
};
--
2.52.0
^ permalink raw reply related [flat|nested] 10+ messages in thread* Re: [RFC PATCH v3 2/7] target/riscv: add sdext debug CSRs state
2026-01-27 13:15 ` [RFC PATCH v3 2/7] target/riscv: add sdext debug CSRs state Chao Liu
@ 2026-01-28 19:42 ` Daniel Henrique Barboza
2026-01-30 6:14 ` Chao Liu
0 siblings, 1 reply; 10+ messages in thread
From: Daniel Henrique Barboza @ 2026-01-28 19:42 UTC (permalink / raw)
To: Chao Liu, Alistair Francis, Palmer Dabbelt, Weiwei Li, Liu Zhiwei
Cc: qemu-devel, qemu-riscv, wangjingwei, hust-os-kernel-patches
On 1/27/2026 10:15 AM, Chao Liu wrote:
> RISC-V Debug Specification:
> https://github.com/riscv/riscv-debug-spec/releases/tag/1.0
>
> Add architectural state for Sdext Debug Mode: debug_mode, dcsr, dpc
> and dscratch0/1. Wire up CSR access for dcsr/dpc/dscratch and gate
> them to Debug Mode (or host debugger access).
>
> The Sdext is not fully implemented, so it is disabled by default.
>
> Signed-off-by: Chao Liu <chao.liu.zevorn@gmail.com>
> ---
> target/riscv/cpu.c | 10 +++
> target/riscv/cpu.h | 4 +
> target/riscv/cpu_bits.h | 33 ++++++++
> target/riscv/cpu_cfg_fields.h.inc | 1 +
> target/riscv/csr.c | 126 ++++++++++++++++++++++++++++++
> target/riscv/machine.c | 20 +++++
> 6 files changed, 194 insertions(+)
>
> diff --git a/target/riscv/cpu.c b/target/riscv/cpu.c
> index 0ba98a62e4..ba8fd1557a 100644
> --- a/target/riscv/cpu.c
> +++ b/target/riscv/cpu.c
> @@ -209,6 +209,7 @@ const RISCVIsaExtData isa_edata_arr[] = {
> ISA_EXT_DATA_ENTRY(zvkt, PRIV_VERSION_1_12_0, ext_zvkt),
> ISA_EXT_DATA_ENTRY(zhinx, PRIV_VERSION_1_12_0, ext_zhinx),
> ISA_EXT_DATA_ENTRY(zhinxmin, PRIV_VERSION_1_12_0, ext_zhinxmin),
> + ISA_EXT_DATA_ENTRY(sdext, PRIV_VERSION_1_12_0, ext_sdext),
> ISA_EXT_DATA_ENTRY(sdtrig, PRIV_VERSION_1_12_0, ext_sdtrig),
> ISA_EXT_DATA_ENTRY(shcounterenw, PRIV_VERSION_1_12_0, has_priv_1_12),
> ISA_EXT_DATA_ENTRY(sha, PRIV_VERSION_1_12_0, ext_sha),
> @@ -779,6 +780,11 @@ static void riscv_cpu_reset_hold(Object *obj, ResetType type)
> /* Default NaN value: sign bit clear, frac msb set */
> set_float_default_nan_pattern(0b01000000, &env->fp_status);
> env->vill = true;
> + env->debug_mode = false;
> + env->dcsr = DCSR_DEBUGVER(4);
> + env->dpc = 0;
> + env->dscratch[0] = 0;
> + env->dscratch[1] = 0;
>
> #ifndef CONFIG_USER_ONLY
> if (cpu->cfg.ext_sdtrig) {
> @@ -1131,6 +1137,9 @@ static void riscv_cpu_init(Object *obj)
> */
> cpu->cfg.ext_sdtrig = true;
>
> + /* sdext is not fully implemented, so it is disabled by default. */
> + cpu->cfg.ext_sdext = false;
> +
> if (mcc->def->profile) {
> mcc->def->profile->enabled = true;
> }
> @@ -1245,6 +1254,7 @@ const RISCVCPUMultiExtConfig riscv_cpu_extensions[] = {
> MULTI_EXT_CFG_BOOL("smcdeleg", ext_smcdeleg, false),
> MULTI_EXT_CFG_BOOL("sscsrind", ext_sscsrind, false),
> MULTI_EXT_CFG_BOOL("ssccfg", ext_ssccfg, false),
> + MULTI_EXT_CFG_BOOL("sdext", ext_sdext, false),
> MULTI_EXT_CFG_BOOL("sdtrig", ext_sdtrig, true),
> MULTI_EXT_CFG_BOOL("smctr", ext_smctr, false),
> MULTI_EXT_CFG_BOOL("ssctr", ext_ssctr, false),
> diff --git a/target/riscv/cpu.h b/target/riscv/cpu.h
> index 5c6824f2d3..a474494dff 100644
> --- a/target/riscv/cpu.h
> +++ b/target/riscv/cpu.h
> @@ -476,6 +476,10 @@ struct CPUArchState {
>
> /* True if in debugger mode. */
> bool debugger;
> + bool debug_mode;
> + target_ulong dcsr;
> + target_ulong dpc;
> + target_ulong dscratch[2];
This patch (and I believe almost every single other patch that follows)
won't build in the linux-user target. It will throw errors like this:
../target/riscv/cpu_helper.c: In function ‘riscv_cpu_enter_debug_mode’:
../target/riscv/cpu_helper.c:154:8: error: ‘CPURISCVState’ {aka ‘struct
CPUArchState’} has no member named ‘debug_mode’ 154 |
env->debug_mode = true;
| ^~
../target/riscv/cpu_helper.c:155:10: error:
‘CPURISCVState’ {aka ‘struct CPUArchState’} has no member named ‘dpc’;
did you mean ‘pc’?
155 |
env->dpc = pc & get_xepc_mask(env);
| ^~~
The reason is that the flags you're declaring up above exist only in the
system emulation mode. If you double check target/riscv/cpu.h you'll
notice that the flags you're adding are inside a big ifdef around line 270:
#ifndef CONFIG_USER_ONLY
/* This contains QEMU specific information about the virt state. */
So debug_mode, dscr, dpc and dscratch aren't available for user mode.
Note that this is correct - user mode can't deal with sdext or any other
debug trigger extension. But you'll have to gate all logic that uses
those flags in #ifndef CONFIG_USER_ONLY blocks.
For example, in patch 3:
+void riscv_cpu_enter_debug_mode(CPURISCVState *env, target_ulong pc,
+ uint32_t cause)
+{
+#ifndef CONFIG_USER_ONLY
+ if (!riscv_sdext_enabled(env)) {
+ return;
+ }
+#endif
+ env->debug_mode = true;
+ env->dpc = pc & get_xepc_mask(env);
+ env->dcsr &= ~(DCSR_CAUSE_MASK | DCSR_PRV_MASK | DCSR_V);
+ env->dcsr |= ((target_ulong)(cause & 0x7)) << DCSR_CAUSE_SHIFT;
+ env->dcsr |= env->priv & DCSR_PRV_MASK;
+ if (env->virt_enabled && riscv_has_ext(env, RVH)) {
+ env->dcsr |= DCSR_V;
+ }
+#ifndef CONFIG_USER_ONLY
+ if (env_archcpu(env)->cfg.ext_zicfilp) {
+ if (env->elp) {
+ env->dcsr |= DCSR_PELP;
+ } else {
+ env->dcsr &= ~DCSR_PELP;
+ }
+ env->elp = false;
+ }
+#endif
We want the whole function body inside an "#ifndef CONFIG_USER_ONLY"
because everything being done is unavailable in that mode.
You can use the build target 'riscv64-linux-user' to build qemu-riscv64
(i.e. user mode) to check if the patches will break it by accident. I
usually build all riscv targets to catch this type of build errors:
./configure
--target-list=riscv64-softmmu,riscv64-linux-user,riscv32-softmmu,riscv32-linux-user
(...)
Thanks,
Daniel
>
> uint64_t mstateen[SMSTATEEN_MAX_COUNT];
> uint64_t hstateen[SMSTATEEN_MAX_COUNT];
> diff --git a/target/riscv/cpu_bits.h b/target/riscv/cpu_bits.h
> index b62dd82fe7..bb59f7ff56 100644
> --- a/target/riscv/cpu_bits.h
> +++ b/target/riscv/cpu_bits.h
> @@ -467,6 +467,39 @@
> #define CSR_DCSR 0x7b0
> #define CSR_DPC 0x7b1
> #define CSR_DSCRATCH 0x7b2
> +#define CSR_DSCRATCH1 0x7b3
> +
> +/* DCSR fields */
> +#define DCSR_XDEBUGVER_SHIFT 28
> +#define DCSR_XDEBUGVER_MASK (0xfu << DCSR_XDEBUGVER_SHIFT)
> +#define DCSR_DEBUGVER(val) ((target_ulong)(val) << DCSR_XDEBUGVER_SHIFT)
> +#define DCSR_EXTCAUSE_SHIFT 24
> +#define DCSR_EXTCAUSE_MASK (0x7u << DCSR_EXTCAUSE_SHIFT)
> +#define DCSR_CETRIG BIT(19)
> +#define DCSR_PELP BIT(18)
> +#define DCSR_EBREAKVS BIT(17)
> +#define DCSR_EBREAKVU BIT(16)
> +#define DCSR_EBREAKM BIT(15)
> +#define DCSR_EBREAKS BIT(13)
> +#define DCSR_EBREAKU BIT(12)
> +#define DCSR_STEPIE BIT(11)
> +#define DCSR_STOPCOUNT BIT(10)
> +#define DCSR_STOPTIME BIT(9)
> +#define DCSR_CAUSE_SHIFT 6
> +#define DCSR_CAUSE_MASK (0x7u << DCSR_CAUSE_SHIFT)
> +#define DCSR_V BIT(5)
> +#define DCSR_MPRVEN BIT(4)
> +#define DCSR_NMIP BIT(3)
> +#define DCSR_STEP BIT(2)
> +#define DCSR_PRV_MASK 0x3u
> +
> +#define DCSR_CAUSE_EBREAK 1
> +#define DCSR_CAUSE_TRIGGER 2
> +#define DCSR_CAUSE_HALTREQ 3
> +#define DCSR_CAUSE_STEP 4
> +#define DCSR_CAUSE_RESET 5
> +#define DCSR_CAUSE_GROUP 6
> +#define DCSR_CAUSE_OTHER 7
>
> /* Performance Counters */
> #define CSR_MHPMCOUNTER3 0xb03
> diff --git a/target/riscv/cpu_cfg_fields.h.inc b/target/riscv/cpu_cfg_fields.h.inc
> index 492fdd1553..4b157ac920 100644
> --- a/target/riscv/cpu_cfg_fields.h.inc
> +++ b/target/riscv/cpu_cfg_fields.h.inc
> @@ -46,6 +46,7 @@ BOOL_FIELD(ext_zilsd)
> BOOL_FIELD(ext_zimop)
> BOOL_FIELD(ext_zcmop)
> BOOL_FIELD(ext_ztso)
> +BOOL_FIELD(ext_sdext)
> BOOL_FIELD(ext_sdtrig)
> BOOL_FIELD(ext_smstateen)
> BOOL_FIELD(ext_sstc)
> diff --git a/target/riscv/csr.c b/target/riscv/csr.c
> index 870fad87ac..3e38c943e0 100644
> --- a/target/riscv/csr.c
> +++ b/target/riscv/csr.c
> @@ -3136,6 +3136,126 @@ static RISCVException write_mtval(CPURISCVState *env, int csrno,
> return RISCV_EXCP_NONE;
> }
>
> +#if !defined(CONFIG_USER_ONLY)
> +static RISCVException sdext(CPURISCVState *env, int csrno)
> +{
> + if (!riscv_cpu_cfg(env)->ext_sdext) {
> + return RISCV_EXCP_ILLEGAL_INST;
> + }
> +
> + if (!env->debug_mode && !env->debugger) {
> + return RISCV_EXCP_ILLEGAL_INST;
> + }
> +
> + return RISCV_EXCP_NONE;
> +}
> +
> +static target_ulong dcsr_visible_mask(CPURISCVState *env)
> +{
> + target_ulong mask = (target_ulong)-1;
> + RISCVCPU *cpu = env_archcpu(env);
> +
> + if (!riscv_has_ext(env, RVH)) {
> + mask &= ~(DCSR_EBREAKVS | DCSR_EBREAKVU | DCSR_V);
> + }
> + if (!riscv_has_ext(env, RVS)) {
> + mask &= ~DCSR_EBREAKS;
> + }
> + if (!riscv_has_ext(env, RVU)) {
> + mask &= ~DCSR_EBREAKU;
> + }
> + if (!cpu->cfg.ext_zicfilp) {
> + mask &= ~DCSR_PELP;
> + }
> + if (!cpu->cfg.ext_smdbltrp) {
> + mask &= ~DCSR_CETRIG;
> + }
> +
> + return mask;
> +}
> +
> +static RISCVException read_dcsr(CPURISCVState *env, int csrno,
> + target_ulong *val)
> +{
> + *val = env->dcsr & dcsr_visible_mask(env);
> + return RISCV_EXCP_NONE;
> +}
> +
> +static target_ulong dcsr_writable_mask(CPURISCVState *env)
> +{
> + target_ulong mask = DCSR_EBREAKM | DCSR_EBREAKS | DCSR_EBREAKU |
> + DCSR_STEPIE | DCSR_STOPCOUNT | DCSR_STOPTIME |
> + DCSR_STEP | DCSR_PRV_MASK;
> + RISCVCPU *cpu = env_archcpu(env);
> +
> + mask |= DCSR_MPRVEN;
> +
> + if (riscv_has_ext(env, RVH)) {
> + mask |= DCSR_EBREAKVS | DCSR_EBREAKVU | DCSR_V;
> + }
> + if (riscv_has_ext(env, RVS)) {
> + mask |= DCSR_EBREAKS;
> + }
> + if (riscv_has_ext(env, RVU)) {
> + mask |= DCSR_EBREAKU;
> + }
> + if (cpu->cfg.ext_zicfilp) {
> + mask |= DCSR_PELP;
> + }
> + if (cpu->cfg.ext_smdbltrp) {
> + mask |= DCSR_CETRIG;
> + }
> +
> + return mask;
> +}
> +
> +static RISCVException write_dcsr(CPURISCVState *env, int csrno,
> + target_ulong val, uintptr_t ra)
> +{
> + target_ulong mask = dcsr_writable_mask(env);
> + target_ulong new_val = env->dcsr;
> +
> + new_val &= ~mask;
> + new_val |= val & mask;
> + new_val &= ~DCSR_XDEBUGVER_MASK;
> + new_val |= DCSR_DEBUGVER(4);
> + env->dcsr = new_val;
> + return RISCV_EXCP_NONE;
> +}
> +
> +static RISCVException read_dpc(CPURISCVState *env, int csrno,
> + target_ulong *val)
> +{
> + *val = env->dpc & get_xepc_mask(env);
> + return RISCV_EXCP_NONE;
> +}
> +
> +static RISCVException write_dpc(CPURISCVState *env, int csrno,
> + target_ulong val, uintptr_t ra)
> +{
> + env->dpc = val & get_xepc_mask(env);
> + return RISCV_EXCP_NONE;
> +}
> +
> +static RISCVException read_dscratch(CPURISCVState *env, int csrno,
> + target_ulong *val)
> +{
> + int index = (csrno == CSR_DSCRATCH1) ? 1 : 0;
> +
> + *val = env->dscratch[index];
> + return RISCV_EXCP_NONE;
> +}
> +
> +static RISCVException write_dscratch(CPURISCVState *env, int csrno,
> + target_ulong val, uintptr_t ra)
> +{
> + int index = (csrno == CSR_DSCRATCH1) ? 1 : 0;
> +
> + env->dscratch[index] = val;
> + return RISCV_EXCP_NONE;
> +}
> +#endif /* !CONFIG_USER_ONLY */
> +
> /* Execution environment configuration setup */
> static RISCVException read_menvcfg(CPURISCVState *env, int csrno,
> target_ulong *val)
> @@ -6297,6 +6417,12 @@ riscv_csr_operations csr_ops[CSR_TABLE_SIZE] = {
> [CSR_TDATA3] = { "tdata3", debug, read_tdata, write_tdata },
> [CSR_TINFO] = { "tinfo", debug, read_tinfo, write_ignore },
> [CSR_MCONTEXT] = { "mcontext", debug, read_mcontext, write_mcontext },
> +#if !defined(CONFIG_USER_ONLY)
> + [CSR_DCSR] = { "dcsr", sdext, read_dcsr, write_dcsr },
> + [CSR_DPC] = { "dpc", sdext, read_dpc, write_dpc },
> + [CSR_DSCRATCH] = { "dscratch0", sdext, read_dscratch, write_dscratch },
> + [CSR_DSCRATCH1] = { "dscratch1", sdext, read_dscratch, write_dscratch },
> +#endif
>
> [CSR_MCTRCTL] = { "mctrctl", ctr_mmode, NULL, NULL, rmw_xctrctl },
> [CSR_SCTRCTL] = { "sctrctl", ctr_smode, NULL, NULL, rmw_xctrctl },
> diff --git a/target/riscv/machine.c b/target/riscv/machine.c
> index 62c51c8033..52264cf047 100644
> --- a/target/riscv/machine.c
> +++ b/target/riscv/machine.c
> @@ -248,6 +248,25 @@ static const VMStateDescription vmstate_sdtrig = {
> VMSTATE_UINTTL_ARRAY(env.tdata1, RISCVCPU, RV_MAX_TRIGGERS),
> VMSTATE_UINTTL_ARRAY(env.tdata2, RISCVCPU, RV_MAX_TRIGGERS),
> VMSTATE_UINTTL_ARRAY(env.tdata3, RISCVCPU, RV_MAX_TRIGGERS),
> + VMSTATE_BOOL_V(env.debug_mode, RISCVCPU, 3),
> + VMSTATE_UINTTL_V(env.dcsr, RISCVCPU, 3),
> + VMSTATE_UINTTL_V(env.dpc, RISCVCPU, 3),
> + VMSTATE_UINTTL_ARRAY_V(env.dscratch, RISCVCPU, 2, 3),
> + VMSTATE_END_OF_LIST()
> + }
> +};
> +
> +static const VMStateDescription vmstate_sdext = {
> + .name = "cpu/sdext",
> + .version_id = 1,
> + .minimum_version_id = 1,
> + .needed = sdtrig_needed,
> + .post_load = sdtrig_post_load,
> + .fields = (const VMStateField[]) {
> + VMSTATE_BOOL_V(env.debug_mode, RISCVCPU, 3),
> + VMSTATE_UINTTL_V(env.dcsr, RISCVCPU, 3),
> + VMSTATE_UINTTL_V(env.dpc, RISCVCPU, 3),
> + VMSTATE_UINTTL_ARRAY_V(env.dscratch, RISCVCPU, 2, 3),
> VMSTATE_END_OF_LIST()
> }
> };
> @@ -499,6 +518,7 @@ const VMStateDescription vmstate_riscv_cpu = {
> &vmstate_ctr,
> &vmstate_sstc,
> &vmstate_sdtrig,
> + &vmstate_sdext,
> NULL
> }
> };
^ permalink raw reply [flat|nested] 10+ messages in thread* Re: [RFC PATCH v3 2/7] target/riscv: add sdext debug CSRs state
2026-01-28 19:42 ` Daniel Henrique Barboza
@ 2026-01-30 6:14 ` Chao Liu
0 siblings, 0 replies; 10+ messages in thread
From: Chao Liu @ 2026-01-30 6:14 UTC (permalink / raw)
To: Daniel Henrique Barboza, Alistair Francis, Palmer Dabbelt,
Weiwei Li, Liu Zhiwei
Cc: qemu-devel, qemu-riscv, wangjingwei, hust-os-kernel-patches
Hi Daniel,
On 1/29/2026 3:42 AM, Daniel Henrique Barboza wrote:
>
>
> On 1/27/2026 10:15 AM, Chao Liu wrote:
>> RISC-V Debug Specification:
>> https://github.com/riscv/riscv-debug-spec/releases/tag/1.0
>>
>> Add architectural state for Sdext Debug Mode: debug_mode, dcsr, dpc
>> and dscratch0/1. Wire up CSR access for dcsr/dpc/dscratch and gate
>> them to Debug Mode (or host debugger access).
>>
>> The Sdext is not fully implemented, so it is disabled by default.
>>
>> Signed-off-by: Chao Liu <chao.liu.zevorn@gmail.com>
>> ---
>> target/riscv/cpu.c | 10 +++
>> target/riscv/cpu.h | 4 +
>> target/riscv/cpu_bits.h | 33 ++++++++
>> target/riscv/cpu_cfg_fields.h.inc | 1 +
>> target/riscv/csr.c | 126 ++++++++++++++++++++++++++++++
>> target/riscv/machine.c | 20 +++++
>> 6 files changed, 194 insertions(+)
>>
>> diff --git a/target/riscv/cpu.c b/target/riscv/cpu.c
>> index 0ba98a62e4..ba8fd1557a 100644
>> --- a/target/riscv/cpu.c
>> +++ b/target/riscv/cpu.c
>> @@ -209,6 +209,7 @@ const RISCVIsaExtData isa_edata_arr[] = {
>> ISA_EXT_DATA_ENTRY(zvkt, PRIV_VERSION_1_12_0, ext_zvkt),
>> ISA_EXT_DATA_ENTRY(zhinx, PRIV_VERSION_1_12_0, ext_zhinx),
>> ISA_EXT_DATA_ENTRY(zhinxmin, PRIV_VERSION_1_12_0, ext_zhinxmin),
>> + ISA_EXT_DATA_ENTRY(sdext, PRIV_VERSION_1_12_0, ext_sdext),
>> ISA_EXT_DATA_ENTRY(sdtrig, PRIV_VERSION_1_12_0, ext_sdtrig),
>> ISA_EXT_DATA_ENTRY(shcounterenw, PRIV_VERSION_1_12_0, has_priv_1_12),
>> ISA_EXT_DATA_ENTRY(sha, PRIV_VERSION_1_12_0, ext_sha),
>> @@ -779,6 +780,11 @@ static void riscv_cpu_reset_hold(Object *obj, ResetType
>> type)
>> /* Default NaN value: sign bit clear, frac msb set */
>> set_float_default_nan_pattern(0b01000000, &env->fp_status);
>> env->vill = true;
>> + env->debug_mode = false;
>> + env->dcsr = DCSR_DEBUGVER(4);
>> + env->dpc = 0;
>> + env->dscratch[0] = 0;
>> + env->dscratch[1] = 0;
>> #ifndef CONFIG_USER_ONLY
>> if (cpu->cfg.ext_sdtrig) {
>> @@ -1131,6 +1137,9 @@ static void riscv_cpu_init(Object *obj)
>> */
>> cpu->cfg.ext_sdtrig = true;
>> + /* sdext is not fully implemented, so it is disabled by default. */
>> + cpu->cfg.ext_sdext = false;
>> +
>> if (mcc->def->profile) {
>> mcc->def->profile->enabled = true;
>> }
>> @@ -1245,6 +1254,7 @@ const RISCVCPUMultiExtConfig riscv_cpu_extensions[] = {
>> MULTI_EXT_CFG_BOOL("smcdeleg", ext_smcdeleg, false),
>> MULTI_EXT_CFG_BOOL("sscsrind", ext_sscsrind, false),
>> MULTI_EXT_CFG_BOOL("ssccfg", ext_ssccfg, false),
>> + MULTI_EXT_CFG_BOOL("sdext", ext_sdext, false),
>> MULTI_EXT_CFG_BOOL("sdtrig", ext_sdtrig, true),
>> MULTI_EXT_CFG_BOOL("smctr", ext_smctr, false),
>> MULTI_EXT_CFG_BOOL("ssctr", ext_ssctr, false),
>> diff --git a/target/riscv/cpu.h b/target/riscv/cpu.h
>> index 5c6824f2d3..a474494dff 100644
>> --- a/target/riscv/cpu.h
>> +++ b/target/riscv/cpu.h
>> @@ -476,6 +476,10 @@ struct CPUArchState {
>> /* True if in debugger mode. */
>> bool debugger;
>> + bool debug_mode;
>> + target_ulong dcsr;
>> + target_ulong dpc;
>> + target_ulong dscratch[2];
>
> This patch (and I believe almost every single other patch that follows) won't
> build in the linux-user target. It will throw errors like this:
>
> ../target/riscv/cpu_helper.c: In function ‘riscv_cpu_enter_debug_mode’:
> ../target/riscv/cpu_helper.c:154:8: error: ‘CPURISCVState’ {aka ‘struct
> CPUArchState’} has no member named ‘debug_mode’ 154 | env->debug_mode =
> true; | ^~
> ../target/riscv/cpu_helper.c:155:10: error:
> ‘CPURISCVState’ {aka ‘struct CPUArchState’} has no member named ‘dpc’; did you
> mean ‘pc’? 155 |
> env->dpc = pc & get_xepc_mask(env);
> | ^~~
>
>
> The reason is that the flags you're declaring up above exist only in the system
> emulation mode. If you double check target/riscv/cpu.h you'll notice that the
> flags you're adding are inside a big ifdef around line 270:
>
> #ifndef CONFIG_USER_ONLY
> /* This contains QEMU specific information about the virt state. */
>
>
> So debug_mode, dscr, dpc and dscratch aren't available for user mode. Note that
> this is correct - user mode can't deal with sdext or any other debug trigger
> extension. But you'll have to gate all logic that uses those flags in #ifndef
> CONFIG_USER_ONLY blocks.
>
>
> For example, in patch 3:
>
>
> +void riscv_cpu_enter_debug_mode(CPURISCVState *env, target_ulong pc,
> + uint32_t cause)
> +{
> +#ifndef CONFIG_USER_ONLY
> + if (!riscv_sdext_enabled(env)) {
> + return;
> + }
> +#endif
> + env->debug_mode = true;
> + env->dpc = pc & get_xepc_mask(env);
> + env->dcsr &= ~(DCSR_CAUSE_MASK | DCSR_PRV_MASK | DCSR_V);
> + env->dcsr |= ((target_ulong)(cause & 0x7)) << DCSR_CAUSE_SHIFT;
> + env->dcsr |= env->priv & DCSR_PRV_MASK;
> + if (env->virt_enabled && riscv_has_ext(env, RVH)) {
> + env->dcsr |= DCSR_V;
> + }
> +#ifndef CONFIG_USER_ONLY
> + if (env_archcpu(env)->cfg.ext_zicfilp) {
> + if (env->elp) {
> + env->dcsr |= DCSR_PELP;
> + } else {
> + env->dcsr &= ~DCSR_PELP;
> + }
> + env->elp = false;
> + }
> +#endif
>
>
> We want the whole function body inside an "#ifndef CONFIG_USER_ONLY" because
> everything being done is unavailable in that mode.
>
> You can use the build target 'riscv64-linux-user' to build qemu-riscv64 (i.e.
> user mode) to check if the patches will break it by accident. I usually build
> all riscv targets to catch this type of build errors:
>
>
> ./configure --target-list=riscv64-softmmu,riscv64-linux-user,riscv32-
> softmmu,riscv32-linux-user (...)
>
>
Thanks for catching this! You're right - I missed the linux-user build
target entirely.
I'll fix this in v4 by moving debug_mode/dcsr/dpc/dscratch fields inside
the #ifndef CONFIG_USER_ONLY block in cpu.h, and wrapping all code using
these fields with proper guards.
Thanks,
Chao
>
> Thanks,
> Daniel
>
>
>
>
>> uint64_t mstateen[SMSTATEEN_MAX_COUNT];
>> uint64_t hstateen[SMSTATEEN_MAX_COUNT];
>> diff --git a/target/riscv/cpu_bits.h b/target/riscv/cpu_bits.h
>> index b62dd82fe7..bb59f7ff56 100644
>> --- a/target/riscv/cpu_bits.h
>> +++ b/target/riscv/cpu_bits.h
>> @@ -467,6 +467,39 @@
>> #define CSR_DCSR 0x7b0
>> #define CSR_DPC 0x7b1
>> #define CSR_DSCRATCH 0x7b2
>> +#define CSR_DSCRATCH1 0x7b3
>> +
>> +/* DCSR fields */
>> +#define DCSR_XDEBUGVER_SHIFT 28
>> +#define DCSR_XDEBUGVER_MASK (0xfu << DCSR_XDEBUGVER_SHIFT)
>> +#define DCSR_DEBUGVER(val) ((target_ulong)(val) << DCSR_XDEBUGVER_SHIFT)
>> +#define DCSR_EXTCAUSE_SHIFT 24
>> +#define DCSR_EXTCAUSE_MASK (0x7u << DCSR_EXTCAUSE_SHIFT)
>> +#define DCSR_CETRIG BIT(19)
>> +#define DCSR_PELP BIT(18)
>> +#define DCSR_EBREAKVS BIT(17)
>> +#define DCSR_EBREAKVU BIT(16)
>> +#define DCSR_EBREAKM BIT(15)
>> +#define DCSR_EBREAKS BIT(13)
>> +#define DCSR_EBREAKU BIT(12)
>> +#define DCSR_STEPIE BIT(11)
>> +#define DCSR_STOPCOUNT BIT(10)
>> +#define DCSR_STOPTIME BIT(9)
>> +#define DCSR_CAUSE_SHIFT 6
>> +#define DCSR_CAUSE_MASK (0x7u << DCSR_CAUSE_SHIFT)
>> +#define DCSR_V BIT(5)
>> +#define DCSR_MPRVEN BIT(4)
>> +#define DCSR_NMIP BIT(3)
>> +#define DCSR_STEP BIT(2)
>> +#define DCSR_PRV_MASK 0x3u
>> +
>> +#define DCSR_CAUSE_EBREAK 1
>> +#define DCSR_CAUSE_TRIGGER 2
>> +#define DCSR_CAUSE_HALTREQ 3
>> +#define DCSR_CAUSE_STEP 4
>> +#define DCSR_CAUSE_RESET 5
>> +#define DCSR_CAUSE_GROUP 6
>> +#define DCSR_CAUSE_OTHER 7
>> /* Performance Counters */
>> #define CSR_MHPMCOUNTER3 0xb03
>> diff --git a/target/riscv/cpu_cfg_fields.h.inc b/target/riscv/
>> cpu_cfg_fields.h.inc
>> index 492fdd1553..4b157ac920 100644
>> --- a/target/riscv/cpu_cfg_fields.h.inc
>> +++ b/target/riscv/cpu_cfg_fields.h.inc
>> @@ -46,6 +46,7 @@ BOOL_FIELD(ext_zilsd)
>> BOOL_FIELD(ext_zimop)
>> BOOL_FIELD(ext_zcmop)
>> BOOL_FIELD(ext_ztso)
>> +BOOL_FIELD(ext_sdext)
>> BOOL_FIELD(ext_sdtrig)
>> BOOL_FIELD(ext_smstateen)
>> BOOL_FIELD(ext_sstc)
>> diff --git a/target/riscv/csr.c b/target/riscv/csr.c
>> index 870fad87ac..3e38c943e0 100644
>> --- a/target/riscv/csr.c
>> +++ b/target/riscv/csr.c
>> @@ -3136,6 +3136,126 @@ static RISCVException write_mtval(CPURISCVState *env,
>> int csrno,
>> return RISCV_EXCP_NONE;
>> }
>> +#if !defined(CONFIG_USER_ONLY)
>> +static RISCVException sdext(CPURISCVState *env, int csrno)
>> +{
>> + if (!riscv_cpu_cfg(env)->ext_sdext) {
>> + return RISCV_EXCP_ILLEGAL_INST;
>> + }
>> +
>> + if (!env->debug_mode && !env->debugger) {
>> + return RISCV_EXCP_ILLEGAL_INST;
>> + }
>> +
>> + return RISCV_EXCP_NONE;
>> +}
>> +
>> +static target_ulong dcsr_visible_mask(CPURISCVState *env)
>> +{
>> + target_ulong mask = (target_ulong)-1;
>> + RISCVCPU *cpu = env_archcpu(env);
>> +
>> + if (!riscv_has_ext(env, RVH)) {
>> + mask &= ~(DCSR_EBREAKVS | DCSR_EBREAKVU | DCSR_V);
>> + }
>> + if (!riscv_has_ext(env, RVS)) {
>> + mask &= ~DCSR_EBREAKS;
>> + }
>> + if (!riscv_has_ext(env, RVU)) {
>> + mask &= ~DCSR_EBREAKU;
>> + }
>> + if (!cpu->cfg.ext_zicfilp) {
>> + mask &= ~DCSR_PELP;
>> + }
>> + if (!cpu->cfg.ext_smdbltrp) {
>> + mask &= ~DCSR_CETRIG;
>> + }
>> +
>> + return mask;
>> +}
>> +
>> +static RISCVException read_dcsr(CPURISCVState *env, int csrno,
>> + target_ulong *val)
>> +{
>> + *val = env->dcsr & dcsr_visible_mask(env);
>> + return RISCV_EXCP_NONE;
>> +}
>> +
>> +static target_ulong dcsr_writable_mask(CPURISCVState *env)
>> +{
>> + target_ulong mask = DCSR_EBREAKM | DCSR_EBREAKS | DCSR_EBREAKU |
>> + DCSR_STEPIE | DCSR_STOPCOUNT | DCSR_STOPTIME |
>> + DCSR_STEP | DCSR_PRV_MASK;
>> + RISCVCPU *cpu = env_archcpu(env);
>> +
>> + mask |= DCSR_MPRVEN;
>> +
>> + if (riscv_has_ext(env, RVH)) {
>> + mask |= DCSR_EBREAKVS | DCSR_EBREAKVU | DCSR_V;
>> + }
>> + if (riscv_has_ext(env, RVS)) {
>> + mask |= DCSR_EBREAKS;
>> + }
>> + if (riscv_has_ext(env, RVU)) {
>> + mask |= DCSR_EBREAKU;
>> + }
>> + if (cpu->cfg.ext_zicfilp) {
>> + mask |= DCSR_PELP;
>> + }
>> + if (cpu->cfg.ext_smdbltrp) {
>> + mask |= DCSR_CETRIG;
>> + }
>> +
>> + return mask;
>> +}
>> +
>> +static RISCVException write_dcsr(CPURISCVState *env, int csrno,
>> + target_ulong val, uintptr_t ra)
>> +{
>> + target_ulong mask = dcsr_writable_mask(env);
>> + target_ulong new_val = env->dcsr;
>> +
>> + new_val &= ~mask;
>> + new_val |= val & mask;
>> + new_val &= ~DCSR_XDEBUGVER_MASK;
>> + new_val |= DCSR_DEBUGVER(4);
>> + env->dcsr = new_val;
>> + return RISCV_EXCP_NONE;
>> +}
>> +
>> +static RISCVException read_dpc(CPURISCVState *env, int csrno,
>> + target_ulong *val)
>> +{
>> + *val = env->dpc & get_xepc_mask(env);
>> + return RISCV_EXCP_NONE;
>> +}
>> +
>> +static RISCVException write_dpc(CPURISCVState *env, int csrno,
>> + target_ulong val, uintptr_t ra)
>> +{
>> + env->dpc = val & get_xepc_mask(env);
>> + return RISCV_EXCP_NONE;
>> +}
>> +
>> +static RISCVException read_dscratch(CPURISCVState *env, int csrno,
>> + target_ulong *val)
>> +{
>> + int index = (csrno == CSR_DSCRATCH1) ? 1 : 0;
>> +
>> + *val = env->dscratch[index];
>> + return RISCV_EXCP_NONE;
>> +}
>> +
>> +static RISCVException write_dscratch(CPURISCVState *env, int csrno,
>> + target_ulong val, uintptr_t ra)
>> +{
>> + int index = (csrno == CSR_DSCRATCH1) ? 1 : 0;
>> +
>> + env->dscratch[index] = val;
>> + return RISCV_EXCP_NONE;
>> +}
>> +#endif /* !CONFIG_USER_ONLY */
>> +
>> /* Execution environment configuration setup */
>> static RISCVException read_menvcfg(CPURISCVState *env, int csrno,
>> target_ulong *val)
>> @@ -6297,6 +6417,12 @@ riscv_csr_operations csr_ops[CSR_TABLE_SIZE] = {
>> [CSR_TDATA3] = { "tdata3", debug, read_tdata, write_tdata },
>> [CSR_TINFO] = { "tinfo", debug, read_tinfo, write_ignore },
>> [CSR_MCONTEXT] = { "mcontext", debug, read_mcontext, write_mcontext },
>> +#if !defined(CONFIG_USER_ONLY)
>> + [CSR_DCSR] = { "dcsr", sdext, read_dcsr, write_dcsr },
>> + [CSR_DPC] = { "dpc", sdext, read_dpc, write_dpc },
>> + [CSR_DSCRATCH] = { "dscratch0", sdext, read_dscratch, write_dscratch },
>> + [CSR_DSCRATCH1] = { "dscratch1", sdext, read_dscratch, write_dscratch },
>> +#endif
>> [CSR_MCTRCTL] = { "mctrctl", ctr_mmode, NULL, NULL,
>> rmw_xctrctl },
>> [CSR_SCTRCTL] = { "sctrctl", ctr_smode, NULL, NULL,
>> rmw_xctrctl },
>> diff --git a/target/riscv/machine.c b/target/riscv/machine.c
>> index 62c51c8033..52264cf047 100644
>> --- a/target/riscv/machine.c
>> +++ b/target/riscv/machine.c
>> @@ -248,6 +248,25 @@ static const VMStateDescription vmstate_sdtrig = {
>> VMSTATE_UINTTL_ARRAY(env.tdata1, RISCVCPU, RV_MAX_TRIGGERS),
>> VMSTATE_UINTTL_ARRAY(env.tdata2, RISCVCPU, RV_MAX_TRIGGERS),
>> VMSTATE_UINTTL_ARRAY(env.tdata3, RISCVCPU, RV_MAX_TRIGGERS),
>> + VMSTATE_BOOL_V(env.debug_mode, RISCVCPU, 3),
>> + VMSTATE_UINTTL_V(env.dcsr, RISCVCPU, 3),
>> + VMSTATE_UINTTL_V(env.dpc, RISCVCPU, 3),
>> + VMSTATE_UINTTL_ARRAY_V(env.dscratch, RISCVCPU, 2, 3),
>> + VMSTATE_END_OF_LIST()
>> + }
>> +};
>> +
>> +static const VMStateDescription vmstate_sdext = {
>> + .name = "cpu/sdext",
>> + .version_id = 1,
>> + .minimum_version_id = 1,
>> + .needed = sdtrig_needed,
>> + .post_load = sdtrig_post_load,
>> + .fields = (const VMStateField[]) {
>> + VMSTATE_BOOL_V(env.debug_mode, RISCVCPU, 3),
>> + VMSTATE_UINTTL_V(env.dcsr, RISCVCPU, 3),
>> + VMSTATE_UINTTL_V(env.dpc, RISCVCPU, 3),
>> + VMSTATE_UINTTL_ARRAY_V(env.dscratch, RISCVCPU, 2, 3),
>> VMSTATE_END_OF_LIST()
>> }
>> };
>> @@ -499,6 +518,7 @@ const VMStateDescription vmstate_riscv_cpu = {
>> &vmstate_ctr,
>> &vmstate_sstc,
>> &vmstate_sdtrig,
>> + &vmstate_sdext,
>> NULL
>> }
>> };
>
^ permalink raw reply [flat|nested] 10+ messages in thread
* [RFC PATCH v3 3/7] target/riscv: add sdext Debug Mode helpers
2026-01-27 13:15 [RFC PATCH v3 0/7] riscv: add initial sdext support Chao Liu
2026-01-27 13:15 ` [RFC PATCH v3 1/7] target/riscv: deprecate 'debug' CPU property Chao Liu
2026-01-27 13:15 ` [RFC PATCH v3 2/7] target/riscv: add sdext debug CSRs state Chao Liu
@ 2026-01-27 13:15 ` Chao Liu
2026-01-27 13:15 ` [RFC PATCH v3 4/7] target/riscv: add dret instruction Chao Liu
` (3 subsequent siblings)
6 siblings, 0 replies; 10+ messages in thread
From: Chao Liu @ 2026-01-27 13:15 UTC (permalink / raw)
To: Alistair Francis, Daniel Henrique Barboza, Palmer Dabbelt,
Weiwei Li, Liu Zhiwei
Cc: qemu-devel, qemu-riscv, wangjingwei, hust-os-kernel-patches,
Chao Liu
RISC-V Debug Specification:
https://github.com/riscv/riscv-debug-spec/releases/tag/1.0
Add helpers to enter/leave Debug Mode and to update dpc/dcsr.
Model resume without a Debug Module by leaving Debug Mode at
cpu_exec_enter and continuing from dpc.
Signed-off-by: Chao Liu <chao.liu.zevorn@gmail.com>
---
target/riscv/cpu.h | 3 ++
target/riscv/cpu_helper.c | 87 ++++++++++++++++++++++++++++++++++++++
target/riscv/debug.c | 5 +++
target/riscv/tcg/tcg-cpu.c | 14 ++++++
4 files changed, 109 insertions(+)
diff --git a/target/riscv/cpu.h b/target/riscv/cpu.h
index a474494dff..4a2509e002 100644
--- a/target/riscv/cpu.h
+++ b/target/riscv/cpu.h
@@ -624,6 +624,9 @@ bool riscv_cpu_tlb_fill(CPUState *cs, vaddr address, int size,
char *riscv_isa_string(RISCVCPU *cpu);
int riscv_cpu_max_xlen(RISCVCPUClass *mcc);
bool riscv_cpu_option_set(const char *optname);
+void riscv_cpu_enter_debug_mode(CPURISCVState *env, target_ulong pc,
+ uint32_t cause);
+void riscv_cpu_leave_debug_mode(CPURISCVState *env);
#ifndef CONFIG_USER_ONLY
void riscv_cpu_do_interrupt(CPUState *cpu);
diff --git a/target/riscv/cpu_helper.c b/target/riscv/cpu_helper.c
index dd6c861a90..05a991fccc 100644
--- a/target/riscv/cpu_helper.c
+++ b/target/riscv/cpu_helper.c
@@ -136,6 +136,93 @@ bool riscv_env_smode_dbltrp_enabled(CPURISCVState *env, bool virt)
#endif
}
+#ifndef CONFIG_USER_ONLY
+static bool riscv_sdext_enabled(CPURISCVState *env)
+{
+ return riscv_cpu_cfg(env)->ext_sdext;
+}
+#endif
+
+void riscv_cpu_enter_debug_mode(CPURISCVState *env, target_ulong pc,
+ uint32_t cause)
+{
+#ifndef CONFIG_USER_ONLY
+ if (!riscv_sdext_enabled(env)) {
+ return;
+ }
+#endif
+ env->debug_mode = true;
+ env->dpc = pc & get_xepc_mask(env);
+ env->dcsr &= ~(DCSR_CAUSE_MASK | DCSR_PRV_MASK | DCSR_V);
+ env->dcsr |= ((target_ulong)(cause & 0x7)) << DCSR_CAUSE_SHIFT;
+ env->dcsr |= env->priv & DCSR_PRV_MASK;
+ if (env->virt_enabled && riscv_has_ext(env, RVH)) {
+ env->dcsr |= DCSR_V;
+ }
+#ifndef CONFIG_USER_ONLY
+ if (env_archcpu(env)->cfg.ext_zicfilp) {
+ if (env->elp) {
+ env->dcsr |= DCSR_PELP;
+ } else {
+ env->dcsr &= ~DCSR_PELP;
+ }
+ env->elp = false;
+ }
+#endif
+}
+
+void riscv_cpu_leave_debug_mode(CPURISCVState *env)
+{
+#ifndef CONFIG_USER_ONLY
+ if (!riscv_sdext_enabled(env)) {
+ return;
+ }
+#endif
+ target_ulong new_priv = env->dcsr & DCSR_PRV_MASK;
+ bool new_virt = riscv_has_ext(env, RVH) && (env->dcsr & DCSR_V);
+
+ if (new_priv > PRV_M) {
+ new_priv = PRV_M;
+ }
+ if (new_priv == PRV_M) {
+ new_virt = false;
+ }
+#ifndef CONFIG_USER_ONLY
+ if (new_priv == PRV_S && !riscv_has_ext(env, RVS)) {
+ new_priv = PRV_M;
+ new_virt = false;
+ } else if (new_priv == PRV_U && !riscv_has_ext(env, RVU)) {
+ new_priv = riscv_has_ext(env, RVS) ? PRV_S : PRV_M;
+ new_virt = false;
+ }
+#endif
+
+ env->debug_mode = false;
+ riscv_cpu_set_mode(env, new_priv, new_virt);
+
+#ifndef CONFIG_USER_ONLY
+ if (env_archcpu(env)->cfg.ext_zicfilp) {
+ env->elp = cpu_get_fcfien(env) && (env->dcsr & DCSR_PELP);
+ env->dcsr &= ~DCSR_PELP;
+ }
+#endif
+
+ if (new_priv != PRV_M) {
+ env->mstatus = set_field(env->mstatus, MSTATUS_MPRV, 0);
+ }
+#ifndef CONFIG_USER_ONLY
+ if (env_archcpu(env)->cfg.ext_smdbltrp && new_priv != PRV_M) {
+ env->mstatus = set_field(env->mstatus, MSTATUS_MDT, 0);
+ }
+ if (env_archcpu(env)->cfg.ext_ssdbltrp && (new_priv == PRV_U || new_virt)) {
+ env->mstatus = set_field(env->mstatus, MSTATUS_SDT, 0);
+ if (new_virt && new_priv == PRV_U) {
+ env->vsstatus = set_field(env->vsstatus, MSTATUS_SDT, 0);
+ }
+ }
+#endif
+}
+
RISCVPmPmm riscv_pm_get_pmm(CPURISCVState *env)
{
#ifndef CONFIG_USER_ONLY
diff --git a/target/riscv/debug.c b/target/riscv/debug.c
index 5664466749..5877a60c50 100644
--- a/target/riscv/debug.c
+++ b/target/riscv/debug.c
@@ -927,6 +927,11 @@ void riscv_cpu_debug_excp_handler(CPUState *cs)
RISCVCPU *cpu = RISCV_CPU(cs);
CPURISCVState *env = &cpu->env;
+ /* Triggers must not match or fire while in Debug Mode. */
+ if (env->debug_mode) {
+ return;
+ }
+
if (cs->watchpoint_hit) {
if (cs->watchpoint_hit->flags & BP_CPU) {
do_trigger_action(env, DBG_ACTION_BP);
diff --git a/target/riscv/tcg/tcg-cpu.c b/target/riscv/tcg/tcg-cpu.c
index 799e907991..1bdef55d9a 100644
--- a/target/riscv/tcg/tcg-cpu.c
+++ b/target/riscv/tcg/tcg-cpu.c
@@ -266,6 +266,19 @@ static vaddr riscv_pointer_wrap(CPUState *cs, int mmu_idx,
}
return extract64(result, 0, 64 - pm_len);
}
+
+static void riscv_cpu_exec_enter(CPUState *cs)
+{
+ RISCVCPU *cpu = RISCV_CPU(cs);
+ CPURISCVState *env = &cpu->env;
+
+ if (!cpu->cfg.ext_sdext || !env->debug_mode) {
+ return;
+ }
+ target_ulong pc = env->dpc;
+ riscv_cpu_leave_debug_mode(env);
+ env->pc = pc;
+}
#endif
const TCGCPUOps riscv_tcg_ops = {
@@ -282,6 +295,7 @@ const TCGCPUOps riscv_tcg_ops = {
#ifndef CONFIG_USER_ONLY
.tlb_fill = riscv_cpu_tlb_fill,
.pointer_wrap = riscv_pointer_wrap,
+ .cpu_exec_enter = riscv_cpu_exec_enter,
.cpu_exec_interrupt = riscv_cpu_exec_interrupt,
.cpu_exec_halt = riscv_cpu_has_work,
.cpu_exec_reset = cpu_reset,
--
2.52.0
^ permalink raw reply related [flat|nested] 10+ messages in thread* [RFC PATCH v3 4/7] target/riscv: add dret instruction
2026-01-27 13:15 [RFC PATCH v3 0/7] riscv: add initial sdext support Chao Liu
` (2 preceding siblings ...)
2026-01-27 13:15 ` [RFC PATCH v3 3/7] target/riscv: add sdext Debug Mode helpers Chao Liu
@ 2026-01-27 13:15 ` Chao Liu
2026-01-27 13:15 ` [RFC PATCH v3 5/7] target/riscv: add sdext enter Debug Mode on ebreak Chao Liu
` (2 subsequent siblings)
6 siblings, 0 replies; 10+ messages in thread
From: Chao Liu @ 2026-01-27 13:15 UTC (permalink / raw)
To: Alistair Francis, Daniel Henrique Barboza, Palmer Dabbelt,
Weiwei Li, Liu Zhiwei
Cc: qemu-devel, qemu-riscv, wangjingwei, hust-os-kernel-patches,
Chao Liu
RISC-V Debug Specification:
https://github.com/riscv/riscv-debug-spec/releases/tag/1.0
Add DRET decode/translate and a helper to leave Debug Mode and return
to dpc. Executing DRET outside Debug Mode raises illegal instruction.
Signed-off-by: Chao Liu <chao.liu.zevorn@gmail.com>
---
target/riscv/helper.h | 1 +
target/riscv/insn32.decode | 1 +
target/riscv/insn_trans/trans_privileged.c.inc | 18 ++++++++++++++++++
target/riscv/op_helper.c | 16 ++++++++++++++++
4 files changed, 36 insertions(+)
diff --git a/target/riscv/helper.h b/target/riscv/helper.h
index b785456ee0..6140b6340d 100644
--- a/target/riscv/helper.h
+++ b/target/riscv/helper.h
@@ -131,6 +131,7 @@ DEF_HELPER_6(csrrw_i128, tl, env, int, tl, tl, tl, tl)
#ifndef CONFIG_USER_ONLY
DEF_HELPER_1(sret, tl, env)
DEF_HELPER_1(mret, tl, env)
+DEF_HELPER_1(dret, tl, env)
DEF_HELPER_1(mnret, tl, env)
DEF_HELPER_1(ctr_clear, void, env)
DEF_HELPER_1(wfi, void, env)
diff --git a/target/riscv/insn32.decode b/target/riscv/insn32.decode
index 6e35c4b1e6..4db842d5d9 100644
--- a/target/riscv/insn32.decode
+++ b/target/riscv/insn32.decode
@@ -118,6 +118,7 @@ sctrclr 000100000100 00000 000 00000 1110011
uret 0000000 00010 00000 000 00000 1110011
sret 0001000 00010 00000 000 00000 1110011
mret 0011000 00010 00000 000 00000 1110011
+dret 0111101 10010 00000 000 00000 1110011
wfi 0001000 00101 00000 000 00000 1110011
sfence_vma 0001001 ..... ..... 000 00000 1110011 @sfence_vma
diff --git a/target/riscv/insn_trans/trans_privileged.c.inc b/target/riscv/insn_trans/trans_privileged.c.inc
index 8a62b4cfcd..f8641b1977 100644
--- a/target/riscv/insn_trans/trans_privileged.c.inc
+++ b/target/riscv/insn_trans/trans_privileged.c.inc
@@ -125,6 +125,24 @@ static bool trans_mret(DisasContext *ctx, arg_mret *a)
#endif
}
+static bool trans_dret(DisasContext *ctx, arg_dret *a)
+{
+#ifndef CONFIG_USER_ONLY
+ if (!ctx->cfg_ptr->ext_sdext) {
+ return false;
+ }
+ decode_save_opc(ctx, 0);
+ translator_io_start(&ctx->base);
+ gen_update_pc(ctx, 0);
+ gen_helper_dret(cpu_pc, tcg_env);
+ exit_tb(ctx); /* no chaining */
+ ctx->base.is_jmp = DISAS_NORETURN;
+ return true;
+#else
+ return false;
+#endif
+}
+
static bool trans_mnret(DisasContext *ctx, arg_mnret *a)
{
#ifndef CONFIG_USER_ONLY
diff --git a/target/riscv/op_helper.c b/target/riscv/op_helper.c
index 6ccc127c30..99736bbebb 100644
--- a/target/riscv/op_helper.c
+++ b/target/riscv/op_helper.c
@@ -454,6 +454,22 @@ target_ulong helper_mret(CPURISCVState *env)
return retpc;
}
+target_ulong helper_dret(CPURISCVState *env)
+{
+ uintptr_t ra = GETPC();
+#ifdef CONFIG_USER_ONLY
+ riscv_raise_exception(env, RISCV_EXCP_ILLEGAL_INST, ra);
+ return 0;
+#else
+ if (!riscv_cpu_cfg(env)->ext_sdext || !env->debug_mode) {
+ riscv_raise_exception(env, RISCV_EXCP_ILLEGAL_INST, ra);
+ }
+ target_ulong retpc = env->dpc & get_xepc_mask(env);
+ riscv_cpu_leave_debug_mode(env);
+ return retpc;
+#endif
+}
+
target_ulong helper_mnret(CPURISCVState *env)
{
target_ulong retpc = env->mnepc;
--
2.52.0
^ permalink raw reply related [flat|nested] 10+ messages in thread* [RFC PATCH v3 5/7] target/riscv: add sdext enter Debug Mode on ebreak
2026-01-27 13:15 [RFC PATCH v3 0/7] riscv: add initial sdext support Chao Liu
` (3 preceding siblings ...)
2026-01-27 13:15 ` [RFC PATCH v3 4/7] target/riscv: add dret instruction Chao Liu
@ 2026-01-27 13:15 ` Chao Liu
2026-01-27 13:15 ` [RFC PATCH v3 6/7] target/riscv: add sdext single-step support Chao Liu
2026-01-27 13:15 ` [RFC PATCH v3 7/7] target/riscv: add sdtrig trigger action=debug mode Chao Liu
6 siblings, 0 replies; 10+ messages in thread
From: Chao Liu @ 2026-01-27 13:15 UTC (permalink / raw)
To: Alistair Francis, Daniel Henrique Barboza, Palmer Dabbelt,
Weiwei Li, Liu Zhiwei
Cc: qemu-devel, qemu-riscv, wangjingwei, hust-os-kernel-patches,
Chao Liu
RISC-V Debug Specification:
https://github.com/riscv/riscv-debug-spec/releases/tag/1.0
Route EBREAK via helper_sdext_ebreak. If Sdext is enabled and the
matching dcsr.ebreak* bit is set, enter Debug Mode with cause=ebreak
and stop with EXCP_DEBUG. Otherwise keep the normal breakpoint trap.
Signed-off-by: Chao Liu <chao.liu.zevorn@gmail.com>
---
target/riscv/helper.h | 1 +
.../riscv/insn_trans/trans_privileged.c.inc | 6 ++--
target/riscv/op_helper.c | 36 +++++++++++++++++++
3 files changed, 40 insertions(+), 3 deletions(-)
diff --git a/target/riscv/helper.h b/target/riscv/helper.h
index 6140b6340d..acff73051b 100644
--- a/target/riscv/helper.h
+++ b/target/riscv/helper.h
@@ -141,6 +141,7 @@ DEF_HELPER_1(tlb_flush_all, void, env)
DEF_HELPER_4(ctr_add_entry, void, env, tl, tl, tl)
/* Native Debug */
DEF_HELPER_1(itrigger_match, void, env)
+DEF_HELPER_2(sdext_ebreak, void, env, tl)
#endif
/* Hypervisor functions */
diff --git a/target/riscv/insn_trans/trans_privileged.c.inc b/target/riscv/insn_trans/trans_privileged.c.inc
index f8641b1977..377f551bb3 100644
--- a/target/riscv/insn_trans/trans_privileged.c.inc
+++ b/target/riscv/insn_trans/trans_privileged.c.inc
@@ -68,9 +68,9 @@ static bool trans_ebreak(DisasContext *ctx, arg_ebreak *a)
if (pre == 0x01f01013 && ebreak == 0x00100073 && post == 0x40705013) {
generate_exception(ctx, RISCV_EXCP_SEMIHOST);
} else {
- tcg_gen_st_tl(tcg_constant_tl(ebreak_addr), tcg_env,
- offsetof(CPURISCVState, badaddr));
- generate_exception(ctx, RISCV_EXCP_BREAKPOINT);
+ gen_update_pc(ctx, 0);
+ gen_helper_sdext_ebreak(tcg_env, tcg_constant_tl(ebreak_addr));
+ ctx->base.is_jmp = DISAS_NORETURN;
}
return true;
}
diff --git a/target/riscv/op_helper.c b/target/riscv/op_helper.c
index 99736bbebb..dfe5388ab7 100644
--- a/target/riscv/op_helper.c
+++ b/target/riscv/op_helper.c
@@ -470,6 +470,42 @@ target_ulong helper_dret(CPURISCVState *env)
#endif
}
+void helper_sdext_ebreak(CPURISCVState *env, target_ulong pc)
+{
+#ifndef CONFIG_USER_ONLY
+ CPUState *cs = env_cpu(env);
+ bool enter_debug = false;
+
+ if (riscv_cpu_cfg(env)->ext_sdext && !env->debug_mode) {
+ if (env->virt_enabled) {
+ if (env->priv == PRV_S) {
+ enter_debug = env->dcsr & DCSR_EBREAKVS;
+ } else if (env->priv == PRV_U) {
+ enter_debug = env->dcsr & DCSR_EBREAKVU;
+ }
+ } else {
+ if (env->priv == PRV_M) {
+ enter_debug = env->dcsr & DCSR_EBREAKM;
+ } else if (env->priv == PRV_S) {
+ enter_debug = env->dcsr & DCSR_EBREAKS;
+ } else if (env->priv == PRV_U) {
+ enter_debug = env->dcsr & DCSR_EBREAKU;
+ }
+ }
+ }
+
+ env->badaddr = pc;
+
+ if (enter_debug) {
+ riscv_cpu_enter_debug_mode(env, pc, DCSR_CAUSE_EBREAK);
+ cs->exception_index = EXCP_DEBUG;
+ cpu_loop_exit_restore(cs, GETPC());
+ }
+
+ riscv_raise_exception(env, RISCV_EXCP_BREAKPOINT, GETPC());
+#endif
+}
+
target_ulong helper_mnret(CPURISCVState *env)
{
target_ulong retpc = env->mnepc;
--
2.52.0
^ permalink raw reply related [flat|nested] 10+ messages in thread* [RFC PATCH v3 6/7] target/riscv: add sdext single-step support
2026-01-27 13:15 [RFC PATCH v3 0/7] riscv: add initial sdext support Chao Liu
` (4 preceding siblings ...)
2026-01-27 13:15 ` [RFC PATCH v3 5/7] target/riscv: add sdext enter Debug Mode on ebreak Chao Liu
@ 2026-01-27 13:15 ` Chao Liu
2026-01-27 13:15 ` [RFC PATCH v3 7/7] target/riscv: add sdtrig trigger action=debug mode Chao Liu
6 siblings, 0 replies; 10+ messages in thread
From: Chao Liu @ 2026-01-27 13:15 UTC (permalink / raw)
To: Alistair Francis, Daniel Henrique Barboza, Palmer Dabbelt,
Weiwei Li, Liu Zhiwei
Cc: qemu-devel, qemu-riscv, wangjingwei, hust-os-kernel-patches,
Chao Liu
RISC-V Debug Specification:
https://github.com/riscv/riscv-debug-spec/releases/tag/1.0
Use a TB flag when dcsr.step is set (and we are not in Debug Mode).
When the flag is on, build 1-insn TBs and do not chain to the next TB.
Add a TB-exit helper that enters Debug Mode with cause=step and sets
dpc to the next pc, then stops with EXCP_DEBUG.
If dcsr.stepie is 0, do not take interrupts while stepping. Treat WFI
as a nop so the hart does not sleep during a step.
PS: This patch references Max Chou's handling of ext_tb_flags.
https://lore.kernel.org/qemu-devel/20260108132631.9429-6-max.chou@sifive.com/
Signed-off-by: Chao Liu <chao.liu.zevorn@gmail.com>
---
include/exec/translation-block.h | 4 ++--
target/riscv/cpu.h | 2 ++
target/riscv/cpu_helper.c | 6 ++++++
target/riscv/helper.h | 1 +
target/riscv/op_helper.c | 20 ++++++++++++++++++++
target/riscv/tcg/tcg-cpu.c | 5 +++++
target/riscv/translate.c | 15 +++++++++++++--
7 files changed, 49 insertions(+), 4 deletions(-)
diff --git a/include/exec/translation-block.h b/include/exec/translation-block.h
index 40cc699031..ee15608c89 100644
--- a/include/exec/translation-block.h
+++ b/include/exec/translation-block.h
@@ -64,8 +64,8 @@ struct TranslationBlock {
* x86: the original user, the Code Segment virtual base,
* arm: an extension of tb->flags,
* s390x: instruction data for EXECUTE,
- * sparc: the next pc of the instruction queue (for delay slots).
- * riscv: an extension of tb->flags,
+ * sparc: the next pc of the instruction queue (for delay slots),
+ * riscv: an extension of tb->flags.
*/
uint64_t cs_base;
diff --git a/target/riscv/cpu.h b/target/riscv/cpu.h
index 4a2509e002..805fe23411 100644
--- a/target/riscv/cpu.h
+++ b/target/riscv/cpu.h
@@ -712,6 +712,8 @@ FIELD(TB_FLAGS, PM_SIGNEXTEND, 31, 1)
FIELD(EXT_TB_FLAGS, MISA_EXT, 0, 32)
FIELD(EXT_TB_FLAGS, ALTFMT, 32, 1)
+/* sdext single-step needs a TB flag to build 1-insn TBs */
+FIELD(EXT_TB_FLAGS, SDEXT_STEP, 33, 1)
#ifdef TARGET_RISCV32
#define riscv_cpu_mxl(env) ((void)(env), MXL_RV32)
diff --git a/target/riscv/cpu_helper.c b/target/riscv/cpu_helper.c
index 05a991fccc..2ca6040d20 100644
--- a/target/riscv/cpu_helper.c
+++ b/target/riscv/cpu_helper.c
@@ -638,6 +638,12 @@ bool riscv_cpu_exec_interrupt(CPUState *cs, int interrupt_request)
if (interrupt_request & mask) {
RISCVCPU *cpu = RISCV_CPU(cs);
CPURISCVState *env = &cpu->env;
+
+ if (cpu->cfg.ext_sdext && !env->debug_mode &&
+ (env->dcsr & DCSR_STEP) && !(env->dcsr & DCSR_STEPIE)) {
+ return false;
+ }
+
int interruptno = riscv_cpu_local_irq_pending(env);
if (interruptno >= 0) {
cs->exception_index = RISCV_EXCP_INT_FLAG | interruptno;
diff --git a/target/riscv/helper.h b/target/riscv/helper.h
index acff73051b..0b709c2b99 100644
--- a/target/riscv/helper.h
+++ b/target/riscv/helper.h
@@ -141,6 +141,7 @@ DEF_HELPER_1(tlb_flush_all, void, env)
DEF_HELPER_4(ctr_add_entry, void, env, tl, tl, tl)
/* Native Debug */
DEF_HELPER_1(itrigger_match, void, env)
+DEF_HELPER_1(sdext_step, void, env)
DEF_HELPER_2(sdext_ebreak, void, env, tl)
#endif
diff --git a/target/riscv/op_helper.c b/target/riscv/op_helper.c
index dfe5388ab7..6fe29ce905 100644
--- a/target/riscv/op_helper.c
+++ b/target/riscv/op_helper.c
@@ -470,6 +470,22 @@ target_ulong helper_dret(CPURISCVState *env)
#endif
}
+void helper_sdext_step(CPURISCVState *env)
+{
+#ifndef CONFIG_USER_ONLY
+ CPUState *cs = env_cpu(env);
+
+ if (!riscv_cpu_cfg(env)->ext_sdext || env->debug_mode ||
+ !(env->dcsr & DCSR_STEP)) {
+ return;
+ }
+
+ riscv_cpu_enter_debug_mode(env, env->pc, DCSR_CAUSE_STEP);
+ cs->exception_index = EXCP_DEBUG;
+ cpu_loop_exit_restore(cs, GETPC());
+#endif
+}
+
void helper_sdext_ebreak(CPURISCVState *env, target_ulong pc)
{
#ifndef CONFIG_USER_ONLY
@@ -604,6 +620,10 @@ void helper_wfi(CPURISCVState *env)
(prv_u || (prv_s && get_field(env->hstatus, HSTATUS_VTW)))) {
riscv_raise_exception(env, RISCV_EXCP_VIRT_INSTRUCTION_FAULT, GETPC());
} else {
+ if (riscv_cpu_cfg(env)->ext_sdext && !env->debug_mode &&
+ (env->dcsr & DCSR_STEP)) {
+ return;
+ }
cs->halted = 1;
cs->exception_index = EXCP_HLT;
cpu_loop_exit(cs);
diff --git a/target/riscv/tcg/tcg-cpu.c b/target/riscv/tcg/tcg-cpu.c
index 1bdef55d9a..935ebfdeb2 100644
--- a/target/riscv/tcg/tcg-cpu.c
+++ b/target/riscv/tcg/tcg-cpu.c
@@ -193,6 +193,11 @@ static TCGTBCPUState riscv_get_tb_cpu_state(CPUState *cs)
flags = FIELD_DP32(flags, TB_FLAGS, PM_SIGNEXTEND, pm_signext);
ext_flags = FIELD_DP64(ext_flags, EXT_TB_FLAGS, MISA_EXT, env->misa_ext);
+#ifndef CONFIG_USER_ONLY
+ if (cpu->cfg.ext_sdext && !env->debug_mode && (env->dcsr & DCSR_STEP)) {
+ ext_flags = FIELD_DP64(ext_flags, EXT_TB_FLAGS, SDEXT_STEP, 1);
+ }
+#endif
return (TCGTBCPUState){
.pc = env->xl == MXL_RV32 ? env->pc & UINT32_MAX : env->pc,
diff --git a/target/riscv/translate.c b/target/riscv/translate.c
index f687c75fe4..894fb27727 100644
--- a/target/riscv/translate.c
+++ b/target/riscv/translate.c
@@ -110,6 +110,8 @@ typedef struct DisasContext {
bool ztso;
/* Use icount trigger for native debug */
bool itrigger;
+ /* Enter Debug Mode after next instruction (sdext single-step). */
+ bool sdext_step;
/* FRM is known to contain a valid value. */
bool frm_valid;
bool insn_start_updated;
@@ -284,6 +286,9 @@ static void lookup_and_goto_ptr(DisasContext *ctx)
if (ctx->itrigger) {
gen_helper_itrigger_match(tcg_env);
}
+ if (ctx->sdext_step) {
+ gen_helper_sdext_step(tcg_env);
+ }
#endif
tcg_gen_lookup_and_goto_ptr();
}
@@ -294,6 +299,9 @@ static void exit_tb(DisasContext *ctx)
if (ctx->itrigger) {
gen_helper_itrigger_match(tcg_env);
}
+ if (ctx->sdext_step) {
+ gen_helper_sdext_step(tcg_env);
+ }
#endif
tcg_gen_exit_tb(NULL, 0);
}
@@ -307,7 +315,8 @@ static void gen_goto_tb(DisasContext *ctx, unsigned tb_slot_idx,
* Under itrigger, instruction executes one by one like singlestep,
* direct block chain benefits will be small.
*/
- if (translator_use_goto_tb(&ctx->base, dest) && !ctx->itrigger) {
+ if (translator_use_goto_tb(&ctx->base, dest) &&
+ !ctx->itrigger && !ctx->sdext_step) {
/*
* For pcrel, the pc must always be up-to-date on entry to
* the linked TB, so that it can use simple additions for all
@@ -1338,6 +1347,7 @@ static void riscv_tr_init_disas_context(DisasContextBase *dcbase, CPUState *cs)
ctx->bcfi_enabled = FIELD_EX32(tb_flags, TB_FLAGS, BCFI_ENABLED);
ctx->fcfi_lp_expected = FIELD_EX32(tb_flags, TB_FLAGS, FCFI_LP_EXPECTED);
ctx->fcfi_enabled = FIELD_EX32(tb_flags, TB_FLAGS, FCFI_ENABLED);
+ ctx->sdext_step = FIELD_EX64(ext_tb_flags, EXT_TB_FLAGS, SDEXT_STEP);
ctx->zero = tcg_constant_tl(0);
ctx->virt_inst_excp = false;
ctx->decoders = cpu->decoders;
@@ -1388,7 +1398,8 @@ static void riscv_tr_translate_insn(DisasContextBase *dcbase, CPUState *cpu)
/* Only the first insn within a TB is allowed to cross a page boundary. */
if (ctx->base.is_jmp == DISAS_NEXT) {
- if (ctx->itrigger || !translator_is_same_page(&ctx->base, ctx->base.pc_next)) {
+ if (ctx->itrigger || ctx->sdext_step ||
+ !translator_is_same_page(&ctx->base, ctx->base.pc_next)) {
ctx->base.is_jmp = DISAS_TOO_MANY;
} else {
unsigned page_ofs = ctx->base.pc_next & ~TARGET_PAGE_MASK;
--
2.52.0
^ permalink raw reply related [flat|nested] 10+ messages in thread* [RFC PATCH v3 7/7] target/riscv: add sdtrig trigger action=debug mode
2026-01-27 13:15 [RFC PATCH v3 0/7] riscv: add initial sdext support Chao Liu
` (5 preceding siblings ...)
2026-01-27 13:15 ` [RFC PATCH v3 6/7] target/riscv: add sdext single-step support Chao Liu
@ 2026-01-27 13:15 ` Chao Liu
6 siblings, 0 replies; 10+ messages in thread
From: Chao Liu @ 2026-01-27 13:15 UTC (permalink / raw)
To: Alistair Francis, Daniel Henrique Barboza, Palmer Dabbelt,
Weiwei Li, Liu Zhiwei
Cc: qemu-devel, qemu-riscv, wangjingwei, hust-os-kernel-patches,
Chao Liu
RISC-V Debug Specification:
https://github.com/riscv/riscv-debug-spec/releases/tag/1.0
Allow mcontrol/mcontrol6 action=1 when Sdext is enabled. When such a
trigger hits, enter Debug Mode with cause=trigger and stop with
EXCP_DEBUG.
Also report inst-count triggers in tinfo and read their action field.
Signed-off-by: Chao Liu <chao.liu.zevorn@gmail.com>
---
target/riscv/debug.c | 53 ++++++++++++++++++++++++++++++++++++++++++--
1 file changed, 51 insertions(+), 2 deletions(-)
diff --git a/target/riscv/debug.c b/target/riscv/debug.c
index 5877a60c50..4e30d42905 100644
--- a/target/riscv/debug.c
+++ b/target/riscv/debug.c
@@ -110,6 +110,8 @@ static trigger_action_t get_trigger_action(CPURISCVState *env,
action = (tdata1 & TYPE6_ACTION) >> 12;
break;
case TRIGGER_TYPE_INST_CNT:
+ action = tdata1 & ITRIGGER_ACTION;
+ break;
case TRIGGER_TYPE_INT:
case TRIGGER_TYPE_EXCP:
case TRIGGER_TYPE_EXT_SRC:
@@ -280,6 +282,7 @@ static target_ulong textra_validate(CPURISCVState *env, target_ulong tdata3)
static void do_trigger_action(CPURISCVState *env, target_ulong trigger_index)
{
+ CPUState *cs = env_cpu(env);
trigger_action_t action = get_trigger_action(env, trigger_index);
switch (action) {
@@ -289,6 +292,21 @@ static void do_trigger_action(CPURISCVState *env, target_ulong trigger_index)
riscv_raise_exception(env, RISCV_EXCP_BREAKPOINT, 0);
break;
case DBG_ACTION_DBG_MODE:
+ if (!env_archcpu(env)->cfg.ext_sdext) {
+ qemu_log_mask(LOG_UNIMP,
+ "trigger action=debug mode requires Sdext\n");
+ riscv_raise_exception(env, RISCV_EXCP_BREAKPOINT, 0);
+ }
+ riscv_cpu_enter_debug_mode(env, env->pc, DCSR_CAUSE_TRIGGER);
+ /*
+ * If this came from the Trigger Module's CPU breakpoint/watchpoint,
+ * we're already returning via EXCP_DEBUG. Otherwise, stop now.
+ */
+ if (cs->exception_index != EXCP_DEBUG) {
+ cs->exception_index = EXCP_DEBUG;
+ cpu_loop_exit_restore(cs, GETPC());
+ }
+ break;
case DBG_ACTION_TRACE0:
case DBG_ACTION_TRACE1:
case DBG_ACTION_TRACE2:
@@ -441,6 +459,7 @@ static target_ulong type2_mcontrol_validate(CPURISCVState *env,
{
target_ulong val;
uint32_t size;
+ uint32_t action;
/* validate the generic part first */
val = tdata1_validate(env, ctrl, TRIGGER_TYPE_AD_MATCH);
@@ -448,11 +467,25 @@ static target_ulong type2_mcontrol_validate(CPURISCVState *env,
/* validate unimplemented (always zero) bits */
warn_always_zero_bit(ctrl, TYPE2_MATCH, "match");
warn_always_zero_bit(ctrl, TYPE2_CHAIN, "chain");
- warn_always_zero_bit(ctrl, TYPE2_ACTION, "action");
warn_always_zero_bit(ctrl, TYPE2_TIMING, "timing");
warn_always_zero_bit(ctrl, TYPE2_SELECT, "select");
warn_always_zero_bit(ctrl, TYPE2_HIT, "hit");
+ action = (ctrl & TYPE2_ACTION) >> 12;
+ if (action == DBG_ACTION_BP) {
+ val |= ctrl & TYPE2_ACTION;
+ } else if (action == DBG_ACTION_DBG_MODE) {
+ if (env_archcpu(env)->cfg.ext_sdext) {
+ val |= ctrl & TYPE2_ACTION;
+ } else {
+ qemu_log_mask(LOG_UNIMP,
+ "trigger action=debug mode requires Sdext\n");
+ }
+ } else {
+ qemu_log_mask(LOG_UNIMP, "trigger action: %u is not supported\n",
+ action);
+ }
+
/* validate size encoding */
size = type2_breakpoint_size(env, ctrl);
if (access_size[size] == -1) {
@@ -569,6 +602,7 @@ static target_ulong type6_mcontrol6_validate(CPURISCVState *env,
{
target_ulong val;
uint32_t size;
+ uint32_t action;
/* validate the generic part first */
val = tdata1_validate(env, ctrl, TRIGGER_TYPE_AD_MATCH6);
@@ -576,11 +610,25 @@ static target_ulong type6_mcontrol6_validate(CPURISCVState *env,
/* validate unimplemented (always zero) bits */
warn_always_zero_bit(ctrl, TYPE6_MATCH, "match");
warn_always_zero_bit(ctrl, TYPE6_CHAIN, "chain");
- warn_always_zero_bit(ctrl, TYPE6_ACTION, "action");
warn_always_zero_bit(ctrl, TYPE6_TIMING, "timing");
warn_always_zero_bit(ctrl, TYPE6_SELECT, "select");
warn_always_zero_bit(ctrl, TYPE6_HIT, "hit");
+ action = (ctrl & TYPE6_ACTION) >> 12;
+ if (action == DBG_ACTION_BP) {
+ val |= ctrl & TYPE6_ACTION;
+ } else if (action == DBG_ACTION_DBG_MODE) {
+ if (env_archcpu(env)->cfg.ext_sdext) {
+ val |= ctrl & TYPE6_ACTION;
+ } else {
+ qemu_log_mask(LOG_UNIMP,
+ "trigger action=debug mode requires Sdext\n");
+ }
+ } else {
+ qemu_log_mask(LOG_UNIMP, "trigger action: %u is not supported\n",
+ action);
+ }
+
/* validate size encoding */
size = extract32(ctrl, 16, 4);
if (access_size[size] == -1) {
@@ -919,6 +967,7 @@ target_ulong tinfo_csr_read(CPURISCVState *env)
{
/* assume all triggers support the same types of triggers */
return BIT(TRIGGER_TYPE_AD_MATCH) |
+ BIT(TRIGGER_TYPE_INST_CNT) |
BIT(TRIGGER_TYPE_AD_MATCH6);
}
--
2.52.0
^ permalink raw reply related [flat|nested] 10+ messages in thread