* [PULL 01/11] target/riscv: Fix pmp range wraparound on zero
2025-07-30 1:01 [PULL 00/11] riscv-to-apply queue alistair23
@ 2025-07-30 1:01 ` alistair23
2025-07-30 1:01 ` [PULL 02/11] bios-tables-test-allowed-diff.h: Allow RISC-V FADT and MADT changes alistair23
` (12 subsequent siblings)
13 siblings, 0 replies; 20+ messages in thread
From: alistair23 @ 2025-07-30 1:01 UTC (permalink / raw)
To: qemu-devel; +Cc: alistair23, Vac Chen, Alistair Francis
From: Vac Chen <vacantron@gmail.com>
pmp_is_in_range() prefers to match addresses within the interval
[start, end]. To archieve this, pmpaddrX is decremented during the end
address update.
In TOR mode, a rule is ignored if its start address is greater than or
equal to its end address.
However, if pmpaddrX is set to 0, this decrement operation causes the
calulated end address to wrap around to UINT_MAX. In this scenario, the
address guard for this PMP entry would become ineffective.
This patch addresses the issue by moving the guard check earlier,
preventing the problematic wraparound when pmpaddrX is zero.
Signed-off-by: Vac Chen <vacantron@gmail.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-ID: <20250706065554.42953-1-vacantron@gmail.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
---
target/riscv/pmp.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/target/riscv/pmp.c b/target/riscv/pmp.c
index 3540327c9a..72f1372a49 100644
--- a/target/riscv/pmp.c
+++ b/target/riscv/pmp.c
@@ -211,11 +211,12 @@ void pmp_update_rule_addr(CPURISCVState *env, uint32_t pmp_index)
break;
case PMP_AMATCH_TOR:
- sa = prev_addr << 2; /* shift up from [xx:0] to [xx+2:2] */
- ea = (this_addr << 2) - 1u;
- if (sa > ea) {
+ if (prev_addr >= this_addr) {
sa = ea = 0u;
+ break;
}
+ sa = prev_addr << 2; /* shift up from [xx:0] to [xx+2:2] */
+ ea = (this_addr << 2) - 1u;
break;
case PMP_AMATCH_NA4:
--
2.50.0
^ permalink raw reply related [flat|nested] 20+ messages in thread* [PULL 02/11] bios-tables-test-allowed-diff.h: Allow RISC-V FADT and MADT changes
2025-07-30 1:01 [PULL 00/11] riscv-to-apply queue alistair23
2025-07-30 1:01 ` [PULL 01/11] target/riscv: Fix pmp range wraparound on zero alistair23
@ 2025-07-30 1:01 ` alistair23
2025-07-30 1:01 ` [PULL 03/11] hw/riscv/virt-acpi-build.c: Update FADT and MADT versions alistair23
` (11 subsequent siblings)
13 siblings, 0 replies; 20+ messages in thread
From: alistair23 @ 2025-07-30 1:01 UTC (permalink / raw)
To: qemu-devel
Cc: alistair23, Sunil V L, Michael S. Tsirkin,
Daniel Henrique Barboza, Nutty Liu, Alistair Francis
From: Sunil V L <sunilvl@ventanamicro.com>
Signed-off-by: Sunil V L <sunilvl@ventanamicro.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
Reviewed-by: Nutty Liu <liujingqi@lanxincomputing.com>
Message-ID: <20250724110350.452828-2-sunilvl@ventanamicro.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
---
tests/qtest/bios-tables-test-allowed-diff.h | 2 ++
1 file changed, 2 insertions(+)
diff --git a/tests/qtest/bios-tables-test-allowed-diff.h b/tests/qtest/bios-tables-test-allowed-diff.h
index dfb8523c8b..0c3f7a6cac 100644
--- a/tests/qtest/bios-tables-test-allowed-diff.h
+++ b/tests/qtest/bios-tables-test-allowed-diff.h
@@ -1 +1,3 @@
/* List of comma-separated changed AML files to ignore */
+"tests/data/acpi/riscv64/virt/APIC",
+"tests/data/acpi/riscv64/virt/FACP",
--
2.50.0
^ permalink raw reply related [flat|nested] 20+ messages in thread* [PULL 03/11] hw/riscv/virt-acpi-build.c: Update FADT and MADT versions
2025-07-30 1:01 [PULL 00/11] riscv-to-apply queue alistair23
2025-07-30 1:01 ` [PULL 01/11] target/riscv: Fix pmp range wraparound on zero alistair23
2025-07-30 1:01 ` [PULL 02/11] bios-tables-test-allowed-diff.h: Allow RISC-V FADT and MADT changes alistair23
@ 2025-07-30 1:01 ` alistair23
2025-07-30 1:01 ` [PULL 04/11] tests/data/acpi/riscv64: Update expected FADT and MADT alistair23
` (10 subsequent siblings)
13 siblings, 0 replies; 20+ messages in thread
From: alistair23 @ 2025-07-30 1:01 UTC (permalink / raw)
To: qemu-devel
Cc: alistair23, Sunil V L, Michael S. Tsirkin,
Daniel Henrique Barboza, Nutty Liu, Alistair Francis
From: Sunil V L <sunilvl@ventanamicro.com>
RISC-V support is added only in ACPI 6.6. According to the ACPI 6.6
specification, the minor version of the Fixed ACPI Description Table
(FADT) should be 6, and the Multiple APIC Description Table (MADT)
should use revision 7. So, update the RISC-V FADT and MADT to reflect
correct versions.
Update the code comments to reflect ACPI 6.6 version details.
Signed-off-by: Sunil V L <sunilvl@ventanamicro.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
Reviewed-by: Nutty Liu <liujingqi@lanxincomputing.com>
Message-ID: <20250724110350.452828-3-sunilvl@ventanamicro.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
---
hw/riscv/virt-acpi-build.c | 25 ++++++++++---------------
1 file changed, 10 insertions(+), 15 deletions(-)
diff --git a/hw/riscv/virt-acpi-build.c b/hw/riscv/virt-acpi-build.c
index ee1416d264..f1406cb683 100644
--- a/hw/riscv/virt-acpi-build.c
+++ b/hw/riscv/virt-acpi-build.c
@@ -270,11 +270,8 @@ spcr_setup(GArray *table_data, BIOSLinker *linker, RISCVVirtState *s)
#define RHCT_NODE_ARRAY_OFFSET 56
/*
- * ACPI spec, Revision 6.5+
- * 5.2.36 RISC-V Hart Capabilities Table (RHCT)
- * REF: https://github.com/riscv-non-isa/riscv-acpi/issues/16
- * https://drive.google.com/file/d/1nP3nFiH4jkPMp6COOxP6123DCZKR-tia/view
- * https://drive.google.com/file/d/1sKbOa8m1UZw1JkquZYe3F1zQBN1xXsaf/view
+ * ACPI spec, Revision 6.6
+ * 5.2.37 RISC-V Hart Capabilities Table (RHCT)
*/
static void build_rhct(GArray *table_data,
BIOSLinker *linker,
@@ -421,7 +418,10 @@ static void build_rhct(GArray *table_data,
acpi_table_end(linker, &table);
}
-/* FADT */
+/*
+ * ACPI spec, Revision 6.6
+ * 5.2.9 Fixed ACPI Description Table (MADT)
+ */
static void build_fadt_rev6(GArray *table_data,
BIOSLinker *linker,
RISCVVirtState *s,
@@ -429,7 +429,7 @@ static void build_fadt_rev6(GArray *table_data,
{
AcpiFadtData fadt = {
.rev = 6,
- .minor_ver = 5,
+ .minor_ver = 6,
.flags = 1 << ACPI_FADT_F_HW_REDUCED_ACPI,
.xdsdt_tbl_offset = &dsdt_tbl_offset,
};
@@ -508,11 +508,8 @@ static void build_dsdt(GArray *table_data,
}
/*
- * ACPI spec, Revision 6.5+
+ * ACPI spec, Revision 6.6
* 5.2.12 Multiple APIC Description Table (MADT)
- * REF: https://github.com/riscv-non-isa/riscv-acpi/issues/15
- * https://drive.google.com/file/d/1R6k4MshhN3WTT-hwqAquu5nX6xSEqK2l/view
- * https://drive.google.com/file/d/1oMGPyOD58JaPgMl1pKasT-VKsIKia7zR/view
*/
static void build_madt(GArray *table_data,
BIOSLinker *linker,
@@ -537,7 +534,7 @@ static void build_madt(GArray *table_data,
hart_index_bits = imsic_num_bits(imsic_max_hart_per_socket);
- AcpiTable table = { .sig = "APIC", .rev = 6, .oem_id = s->oem_id,
+ AcpiTable table = { .sig = "APIC", .rev = 7, .oem_id = s->oem_id,
.oem_table_id = s->oem_table_id };
acpi_table_begin(&table, table_data);
@@ -812,10 +809,8 @@ static void build_rimt(GArray *table_data, BIOSLinker *linker,
}
/*
- * ACPI spec, Revision 6.5+
+ * ACPI spec, Revision 6.6
* 5.2.16 System Resource Affinity Table (SRAT)
- * REF: https://github.com/riscv-non-isa/riscv-acpi/issues/25
- * https://drive.google.com/file/d/1YTdDx2IPm5IeZjAW932EYU-tUtgS08tX/view
*/
static void
build_srat(GArray *table_data, BIOSLinker *linker, RISCVVirtState *vms)
--
2.50.0
^ permalink raw reply related [flat|nested] 20+ messages in thread* [PULL 04/11] tests/data/acpi/riscv64: Update expected FADT and MADT
2025-07-30 1:01 [PULL 00/11] riscv-to-apply queue alistair23
` (2 preceding siblings ...)
2025-07-30 1:01 ` [PULL 03/11] hw/riscv/virt-acpi-build.c: Update FADT and MADT versions alistair23
@ 2025-07-30 1:01 ` alistair23
2025-07-30 1:01 ` [PULL 05/11] intc/riscv_aplic: Fix target register read when source is inactive alistair23
` (9 subsequent siblings)
13 siblings, 0 replies; 20+ messages in thread
From: alistair23 @ 2025-07-30 1:01 UTC (permalink / raw)
To: qemu-devel
Cc: alistair23, Sunil V L, Michael S. Tsirkin,
Daniel Henrique Barboza, Nutty Liu, Alistair Francis
From: Sunil V L <sunilvl@ventanamicro.com>
Update the expected tables for the version change.
/*
*
* ACPI Data Table [FACP]
*
* Format: [HexOffset DecimalOffset ByteLength] FieldName : FieldValue (in hex)
*/
[000h 0000 004h] Signature : "FACP" [Fixed ACPI Description Table (FADT)]
[004h 0004 004h] Table Length : 00000114
[008h 0008 001h] Revision : 06
-[009h 0009 001h] Checksum : 13
+[009h 0009 001h] Checksum : 12
[00Ah 0010 006h] Oem ID : "BOCHS "
[010h 0016 008h] Oem Table ID : "BXPC "
[018h 0024 004h] Oem Revision : 00000001
[01Ch 0028 004h] Asl Compiler ID : "BXPC"
[020h 0032 004h] Asl Compiler Revision : 00000001
[024h 0036 004h] FACS Address : 00000000
[028h 0040 004h] DSDT Address : 00000000
[02Ch 0044 001h] Model : 00
[02Dh 0045 001h] PM Profile : 00 [Unspecified]
[02Eh 0046 002h] SCI Interrupt : 0000
[030h 0048 004h] SMI Command Port : 00000000
[034h 0052 001h] ACPI Enable Value : 00
[035h 0053 001h] ACPI Disable Value : 00
[036h 0054 001h] S4BIOS Command : 00
[037h 0055 001h] P-State Control : 00
@@ -86,33 +86,33 @@
Use APIC Physical Destination Mode (V4) : 0
Hardware Reduced (V5) : 1
Low Power S0 Idle (V5) : 0
[074h 0116 00Ch] Reset Register : [Generic Address Structure]
[074h 0116 001h] Space ID : 00 [SystemMemory]
[075h 0117 001h] Bit Width : 00
[076h 0118 001h] Bit Offset : 00
[077h 0119 001h] Encoded Access Width : 00 [Undefined/Legacy]
[078h 0120 008h] Address : 0000000000000000
[080h 0128 001h] Value to cause reset : 00
[081h 0129 002h] ARM Flags (decoded below) : 0000
PSCI Compliant : 0
Must use HVC for PSCI : 0
-[083h 0131 001h] FADT Minor Revision : 05
+[083h 0131 001h] FADT Minor Revision : 06
[084h 0132 008h] FACS Address : 0000000000000000
[...]
/*
*
* ACPI Data Table [APIC]
*
* Format: [HexOffset DecimalOffset ByteLength] FieldName : FieldValue (in hex)
*/
[000h 0000 004h] Signature : "APIC" [Multiple APIC Description Table (MADT)]
[004h 0004 004h] Table Length : 00000074
-[008h 0008 001h] Revision : 06
-[009h 0009 001h] Checksum : B4
+[008h 0008 001h] Revision : 07
+[009h 0009 001h] Checksum : B3
[00Ah 0010 006h] Oem ID : "BOCHS "
[010h 0016 008h] Oem Table ID : "BXPC "
[...]
Signed-off-by: Sunil V L <sunilvl@ventanamicro.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
Reviewed-by: Nutty Liu <liujingqi@lanxincomputing.com>
Message-ID: <20250724110350.452828-4-sunilvl@ventanamicro.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
---
tests/qtest/bios-tables-test-allowed-diff.h | 2 --
tests/data/acpi/riscv64/virt/APIC | Bin 116 -> 116 bytes
tests/data/acpi/riscv64/virt/FACP | Bin 276 -> 276 bytes
3 files changed, 2 deletions(-)
diff --git a/tests/qtest/bios-tables-test-allowed-diff.h b/tests/qtest/bios-tables-test-allowed-diff.h
index 0c3f7a6cac..dfb8523c8b 100644
--- a/tests/qtest/bios-tables-test-allowed-diff.h
+++ b/tests/qtest/bios-tables-test-allowed-diff.h
@@ -1,3 +1 @@
/* List of comma-separated changed AML files to ignore */
-"tests/data/acpi/riscv64/virt/APIC",
-"tests/data/acpi/riscv64/virt/FACP",
diff --git a/tests/data/acpi/riscv64/virt/APIC b/tests/data/acpi/riscv64/virt/APIC
index 66a25dfd2d..3fb5b75359 100644
Binary files a/tests/data/acpi/riscv64/virt/APIC and b/tests/data/acpi/riscv64/virt/APIC differ
diff --git a/tests/data/acpi/riscv64/virt/FACP b/tests/data/acpi/riscv64/virt/FACP
index a5276b65ea..78e1b14b1d 100644
Binary files a/tests/data/acpi/riscv64/virt/FACP and b/tests/data/acpi/riscv64/virt/FACP differ
--
2.50.0
^ permalink raw reply related [flat|nested] 20+ messages in thread* [PULL 05/11] intc/riscv_aplic: Fix target register read when source is inactive
2025-07-30 1:01 [PULL 00/11] riscv-to-apply queue alistair23
` (3 preceding siblings ...)
2025-07-30 1:01 ` [PULL 04/11] tests/data/acpi/riscv64: Update expected FADT and MADT alistair23
@ 2025-07-30 1:01 ` alistair23
2025-07-30 1:01 ` [PULL 06/11] linux-user/strace.list: add riscv_hwprobe entry alistair23
` (8 subsequent siblings)
13 siblings, 0 replies; 20+ messages in thread
From: alistair23 @ 2025-07-30 1:01 UTC (permalink / raw)
To: qemu-devel
Cc: alistair23, Yang Jialong, Daniel Henrique Barboza,
Alistair Francis
From: Yang Jialong <z_bajeer@yeah.net>
The RISC-V Advanced interrupt Architecture:
4.5.16. Interrupt targets:
If interrupt source i is inactive in this domain, register target[i] is
read-only zero.
Signed-off-by: Yang Jialong <z_bajeer@yeah.net>
Reviewed-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
Message-ID: <20250728055114.252024-1-z_bajeer@yeah.net>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
---
hw/intc/riscv_aplic.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/hw/intc/riscv_aplic.c b/hw/intc/riscv_aplic.c
index 4fa5f7597b..a1d9fa5085 100644
--- a/hw/intc/riscv_aplic.c
+++ b/hw/intc/riscv_aplic.c
@@ -628,7 +628,7 @@ static void riscv_aplic_request(void *opaque, int irq, int level)
static uint64_t riscv_aplic_read(void *opaque, hwaddr addr, unsigned size)
{
- uint32_t irq, word, idc;
+ uint32_t irq, word, idc, sm;
RISCVAPLICState *aplic = opaque;
/* Reads must be 4 byte words */
@@ -696,6 +696,10 @@ static uint64_t riscv_aplic_read(void *opaque, hwaddr addr, unsigned size)
} else if ((APLIC_TARGET_BASE <= addr) &&
(addr < (APLIC_TARGET_BASE + (aplic->num_irqs - 1) * 4))) {
irq = ((addr - APLIC_TARGET_BASE) >> 2) + 1;
+ sm = aplic->sourcecfg[irq] & APLIC_SOURCECFG_SM_MASK;
+ if (sm == APLIC_SOURCECFG_SM_INACTIVE) {
+ return 0;
+ }
return aplic->target[irq];
} else if (!aplic->msimode && (APLIC_IDC_BASE <= addr) &&
(addr < (APLIC_IDC_BASE + aplic->num_harts * APLIC_IDC_SIZE))) {
--
2.50.0
^ permalink raw reply related [flat|nested] 20+ messages in thread* [PULL 06/11] linux-user/strace.list: add riscv_hwprobe entry
2025-07-30 1:01 [PULL 00/11] riscv-to-apply queue alistair23
` (4 preceding siblings ...)
2025-07-30 1:01 ` [PULL 05/11] intc/riscv_aplic: Fix target register read when source is inactive alistair23
@ 2025-07-30 1:01 ` alistair23
2025-07-30 1:01 ` [PULL 07/11] target/riscv: do not call GETPC() in check_ret_from_m_mode() alistair23
` (7 subsequent siblings)
13 siblings, 0 replies; 20+ messages in thread
From: alistair23 @ 2025-07-30 1:01 UTC (permalink / raw)
To: qemu-devel
Cc: alistair23, Daniel Henrique Barboza, Richard Henderson,
Alistair Francis
From: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
We're missing a strace entry for riscv_hwprobe, and using -strace will
report it as "Unknown syscall 258".
After this patch we'll have:
$ ./build/qemu-riscv64 -strace test_mutex_riscv
110182 riscv_hwprobe(0x7f207efdc700,1,0,0,0,0) = 0
110182 brk(NULL) = 0x0000000000082000
(...)
Signed-off-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-ID: <20250728170633.113384-1-dbarboza@ventanamicro.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
---
linux-user/strace.list | 3 +++
1 file changed, 3 insertions(+)
diff --git a/linux-user/strace.list b/linux-user/strace.list
index fdf94ef32a..ab818352a9 100644
--- a/linux-user/strace.list
+++ b/linux-user/strace.list
@@ -1716,3 +1716,6 @@
{ TARGET_NR_clock_gettime64, "clock_gettime64" , NULL, print_clock_gettime64,
print_syscall_ret_clock_gettime64 },
#endif
+#ifdef TARGET_NR_riscv_hwprobe
+{ TARGET_NR_riscv_hwprobe, "riscv_hwprobe" , "%s(%p,%d,%d,%d,%d,%d)", NULL, NULL },
+#endif
--
2.50.0
^ permalink raw reply related [flat|nested] 20+ messages in thread* [PULL 07/11] target/riscv: do not call GETPC() in check_ret_from_m_mode()
2025-07-30 1:01 [PULL 00/11] riscv-to-apply queue alistair23
` (5 preceding siblings ...)
2025-07-30 1:01 ` [PULL 06/11] linux-user/strace.list: add riscv_hwprobe entry alistair23
@ 2025-07-30 1:01 ` alistair23
2025-07-30 1:01 ` [PULL 08/11] riscv: Revert "Generate strided vector loads/stores with tcg nodes." alistair23
` (6 subsequent siblings)
13 siblings, 0 replies; 20+ messages in thread
From: alistair23 @ 2025-07-30 1:01 UTC (permalink / raw)
To: qemu-devel
Cc: alistair23, Daniel Henrique Barboza, Richard Henderson, Nutty Liu,
Philippe Mathieu-Daudé, Alistair Francis
From: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
GETPC() should always be called from the top level helper, e.g. the
first helper that is called by the translation code. We stopped doing
that in commit 3157a553ec, and then we introduced problems when
unwinding the exceptions being thrown by helper_mret(), as reported by
[1].
Call GETPC() at the top level helper and pass the value along.
[1] https://gitlab.com/qemu-project/qemu/-/issues/3020
Suggested-by: Richard Henderson <richard.henderson@linaro.org>
Fixes: 3157a553ec ("target/riscv: Add Smrnmi mnret instruction")
Closes: https://gitlab.com/qemu-project/qemu/-/issues/3020
Signed-off-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
Reviewed-by: Nutty Liu <liujingqi@lanxincomputing.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-ID: <20250714133739.1248296-1-dbarboza@ventanamicro.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
---
target/riscv/op_helper.c | 15 +++++++++------
1 file changed, 9 insertions(+), 6 deletions(-)
diff --git a/target/riscv/op_helper.c b/target/riscv/op_helper.c
index 15460bf84b..110292e84d 100644
--- a/target/riscv/op_helper.c
+++ b/target/riscv/op_helper.c
@@ -355,21 +355,22 @@ target_ulong helper_sret(CPURISCVState *env)
}
static void check_ret_from_m_mode(CPURISCVState *env, target_ulong retpc,
- target_ulong prev_priv)
+ target_ulong prev_priv,
+ uintptr_t ra)
{
if (!(env->priv >= PRV_M)) {
- riscv_raise_exception(env, RISCV_EXCP_ILLEGAL_INST, GETPC());
+ riscv_raise_exception(env, RISCV_EXCP_ILLEGAL_INST, ra);
}
if (!riscv_cpu_allow_16bit_insn(&env_archcpu(env)->cfg,
env->priv_ver,
env->misa_ext) && (retpc & 0x3)) {
- riscv_raise_exception(env, RISCV_EXCP_INST_ADDR_MIS, GETPC());
+ riscv_raise_exception(env, RISCV_EXCP_INST_ADDR_MIS, ra);
}
if (riscv_cpu_cfg(env)->pmp &&
!pmp_get_num_rules(env) && (prev_priv != PRV_M)) {
- riscv_raise_exception(env, RISCV_EXCP_INST_ACCESS_FAULT, GETPC());
+ riscv_raise_exception(env, RISCV_EXCP_INST_ACCESS_FAULT, ra);
}
}
static target_ulong ssdbltrp_mxret(CPURISCVState *env, target_ulong mstatus,
@@ -394,8 +395,9 @@ target_ulong helper_mret(CPURISCVState *env)
target_ulong retpc = env->mepc & get_xepc_mask(env);
uint64_t mstatus = env->mstatus;
target_ulong prev_priv = get_field(mstatus, MSTATUS_MPP);
+ uintptr_t ra = GETPC();
- check_ret_from_m_mode(env, retpc, prev_priv);
+ check_ret_from_m_mode(env, retpc, prev_priv, ra);
target_ulong prev_virt = get_field(env->mstatus, MSTATUS_MPV) &&
(prev_priv != PRV_M);
@@ -443,8 +445,9 @@ target_ulong helper_mnret(CPURISCVState *env)
target_ulong retpc = env->mnepc;
target_ulong prev_priv = get_field(env->mnstatus, MNSTATUS_MNPP);
target_ulong prev_virt;
+ uintptr_t ra = GETPC();
- check_ret_from_m_mode(env, retpc, prev_priv);
+ check_ret_from_m_mode(env, retpc, prev_priv, ra);
prev_virt = get_field(env->mnstatus, MNSTATUS_MNPV) &&
(prev_priv != PRV_M);
--
2.50.0
^ permalink raw reply related [flat|nested] 20+ messages in thread* [PULL 08/11] riscv: Revert "Generate strided vector loads/stores with tcg nodes."
2025-07-30 1:01 [PULL 00/11] riscv-to-apply queue alistair23
` (6 preceding siblings ...)
2025-07-30 1:01 ` [PULL 07/11] target/riscv: do not call GETPC() in check_ret_from_m_mode() alistair23
@ 2025-07-30 1:01 ` alistair23
2025-07-30 1:01 ` [PULL 09/11] target/riscv: Fix exception type when VU accesses supervisor CSRs alistair23
` (5 subsequent siblings)
13 siblings, 0 replies; 20+ messages in thread
From: alistair23 @ 2025-07-30 1:01 UTC (permalink / raw)
To: qemu-devel
Cc: alistair23, Daniel Henrique Barboza, Eric Biggers,
Alistair Francis
From: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
This reverts commit 28c12c1f2f50d7f7f1ebfc587c4777ecd50aac5b.
As reported in [1] this commit is breaking Linux vector code, and
although a simpler reproducer was provided, the fix itself isn't trivial
due to the amount and the nature of the changes. And we really do not
want to keep Linux broken while we work on it.
The revert will fix Linux and will give us time to do a proper fix.
[1] https://mail.gnu.org/archive/html/qemu-devel/2025-07/msg02525.html
Signed-off-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
Tested-by: Eric Biggers <ebiggers@kernel.org>
Message-ID: <20250710100525.372985-1-dbarboza@ventanamicro.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
---
target/riscv/insn_trans/trans_rvv.c.inc | 323 ++++--------------------
1 file changed, 50 insertions(+), 273 deletions(-)
diff --git a/target/riscv/insn_trans/trans_rvv.c.inc b/target/riscv/insn_trans/trans_rvv.c.inc
index 610bf9ff30..71f98fb350 100644
--- a/target/riscv/insn_trans/trans_rvv.c.inc
+++ b/target/riscv/insn_trans/trans_rvv.c.inc
@@ -864,286 +864,32 @@ GEN_VEXT_TRANS(vlm_v, MO_8, vlm_v, ld_us_mask_op, ld_us_mask_check)
GEN_VEXT_TRANS(vsm_v, MO_8, vsm_v, st_us_mask_op, st_us_mask_check)
/*
- * MAXSZ returns the maximum vector size can be operated in bytes,
- * which is used in GVEC IR when vl_eq_vlmax flag is set to true
- * to accelerate vector operation.
- */
-static inline uint32_t MAXSZ(DisasContext *s)
-{
- int max_sz = s->cfg_ptr->vlenb << 3;
- return max_sz >> (3 - s->lmul);
-}
-
-static inline uint32_t get_log2(uint32_t a)
-{
- uint32_t i = 0;
- for (; a > 0;) {
- a >>= 1;
- i++;
- }
- return i;
-}
-
-typedef void gen_tl_ldst(TCGv, TCGv_ptr, tcg_target_long);
-
-/*
- * Simulate the strided load/store main loop:
- *
- * for (i = env->vstart; i < env->vl; env->vstart = ++i) {
- * k = 0;
- * while (k < nf) {
- * if (!vm && !vext_elem_mask(v0, i)) {
- * vext_set_elems_1s(vd, vma, (i + k * max_elems) * esz,
- * (i + k * max_elems + 1) * esz);
- * k++;
- * continue;
- * }
- * target_ulong addr = base + stride * i + (k << log2_esz);
- * ldst(env, adjust_addr(env, addr), i + k * max_elems, vd, ra);
- * k++;
- * }
- * }
- */
-static void gen_ldst_stride_main_loop(DisasContext *s, TCGv dest, uint32_t rs1,
- uint32_t rs2, uint32_t vm, uint32_t nf,
- gen_tl_ldst *ld_fn, gen_tl_ldst *st_fn,
- bool is_load)
-{
- TCGv addr = tcg_temp_new();
- TCGv base = get_gpr(s, rs1, EXT_NONE);
- TCGv stride = get_gpr(s, rs2, EXT_NONE);
-
- TCGv i = tcg_temp_new();
- TCGv i_esz = tcg_temp_new();
- TCGv k = tcg_temp_new();
- TCGv k_esz = tcg_temp_new();
- TCGv k_max = tcg_temp_new();
- TCGv mask = tcg_temp_new();
- TCGv mask_offs = tcg_temp_new();
- TCGv mask_offs_64 = tcg_temp_new();
- TCGv mask_elem = tcg_temp_new();
- TCGv mask_offs_rem = tcg_temp_new();
- TCGv vreg = tcg_temp_new();
- TCGv dest_offs = tcg_temp_new();
- TCGv stride_offs = tcg_temp_new();
-
- uint32_t max_elems = MAXSZ(s) >> s->sew;
-
- TCGLabel *start = gen_new_label();
- TCGLabel *end = gen_new_label();
- TCGLabel *start_k = gen_new_label();
- TCGLabel *inc_k = gen_new_label();
- TCGLabel *end_k = gen_new_label();
-
- MemOp atomicity = MO_ATOM_NONE;
- if (s->sew == 0) {
- atomicity = MO_ATOM_NONE;
- } else {
- atomicity = MO_ATOM_IFALIGN_PAIR;
- }
-
- mark_vs_dirty(s);
-
- tcg_gen_addi_tl(mask, (TCGv)tcg_env, vreg_ofs(s, 0));
-
- /* Start of outer loop. */
- tcg_gen_mov_tl(i, cpu_vstart);
- gen_set_label(start);
- tcg_gen_brcond_tl(TCG_COND_GE, i, cpu_vl, end);
- tcg_gen_shli_tl(i_esz, i, s->sew);
- /* Start of inner loop. */
- tcg_gen_movi_tl(k, 0);
- gen_set_label(start_k);
- tcg_gen_brcond_tl(TCG_COND_GE, k, tcg_constant_tl(nf), end_k);
- /*
- * If we are in mask agnostic regime and the operation is not unmasked we
- * set the inactive elements to 1.
- */
- if (!vm && s->vma) {
- TCGLabel *active_element = gen_new_label();
- /* (i + k * max_elems) * esz */
- tcg_gen_shli_tl(mask_offs, k, get_log2(max_elems << s->sew));
- tcg_gen_add_tl(mask_offs, mask_offs, i_esz);
-
- /*
- * Check whether the i bit of the mask is 0 or 1.
- *
- * static inline int vext_elem_mask(void *v0, int index)
- * {
- * int idx = index / 64;
- * int pos = index % 64;
- * return (((uint64_t *)v0)[idx] >> pos) & 1;
- * }
- */
- tcg_gen_shri_tl(mask_offs_64, mask_offs, 3);
- tcg_gen_add_tl(mask_offs_64, mask_offs_64, mask);
- tcg_gen_ld_i64((TCGv_i64)mask_elem, (TCGv_ptr)mask_offs_64, 0);
- tcg_gen_rem_tl(mask_offs_rem, mask_offs, tcg_constant_tl(8));
- tcg_gen_shr_tl(mask_elem, mask_elem, mask_offs_rem);
- tcg_gen_andi_tl(mask_elem, mask_elem, 1);
- tcg_gen_brcond_tl(TCG_COND_NE, mask_elem, tcg_constant_tl(0),
- active_element);
- /*
- * Set masked-off elements in the destination vector register to 1s.
- * Store instructions simply skip this bit as memory ops access memory
- * only for active elements.
- */
- if (is_load) {
- tcg_gen_shli_tl(mask_offs, mask_offs, s->sew);
- tcg_gen_add_tl(mask_offs, mask_offs, dest);
- st_fn(tcg_constant_tl(-1), (TCGv_ptr)mask_offs, 0);
- }
- tcg_gen_br(inc_k);
- gen_set_label(active_element);
- }
- /*
- * The element is active, calculate the address with stride:
- * target_ulong addr = base + stride * i + (k << log2_esz);
- */
- tcg_gen_mul_tl(stride_offs, stride, i);
- tcg_gen_shli_tl(k_esz, k, s->sew);
- tcg_gen_add_tl(stride_offs, stride_offs, k_esz);
- tcg_gen_add_tl(addr, base, stride_offs);
- /* Calculate the offset in the dst/src vector register. */
- tcg_gen_shli_tl(k_max, k, get_log2(max_elems));
- tcg_gen_add_tl(dest_offs, i, k_max);
- tcg_gen_shli_tl(dest_offs, dest_offs, s->sew);
- tcg_gen_add_tl(dest_offs, dest_offs, dest);
- if (is_load) {
- tcg_gen_qemu_ld_tl(vreg, addr, s->mem_idx, MO_LE | s->sew | atomicity);
- st_fn((TCGv)vreg, (TCGv_ptr)dest_offs, 0);
- } else {
- ld_fn((TCGv)vreg, (TCGv_ptr)dest_offs, 0);
- tcg_gen_qemu_st_tl(vreg, addr, s->mem_idx, MO_LE | s->sew | atomicity);
- }
- /*
- * We don't execute the load/store above if the element was inactive.
- * We jump instead directly to incrementing k and continuing the loop.
- */
- if (!vm && s->vma) {
- gen_set_label(inc_k);
- }
- tcg_gen_addi_tl(k, k, 1);
- tcg_gen_br(start_k);
- /* End of the inner loop. */
- gen_set_label(end_k);
-
- tcg_gen_addi_tl(i, i, 1);
- tcg_gen_mov_tl(cpu_vstart, i);
- tcg_gen_br(start);
-
- /* End of the outer loop. */
- gen_set_label(end);
-
- return;
-}
-
-
-/*
- * Set the tail bytes of the strided loads/stores to 1:
- *
- * for (k = 0; k < nf; ++k) {
- * cnt = (k * max_elems + vl) * esz;
- * tot = (k * max_elems + max_elems) * esz;
- * for (i = cnt; i < tot; i += esz) {
- * store_1s(-1, vd[vl+i]);
- * }
- * }
+ *** stride load and store
*/
-static void gen_ldst_stride_tail_loop(DisasContext *s, TCGv dest, uint32_t nf,
- gen_tl_ldst *st_fn)
-{
- TCGv i = tcg_temp_new();
- TCGv k = tcg_temp_new();
- TCGv tail_cnt = tcg_temp_new();
- TCGv tail_tot = tcg_temp_new();
- TCGv tail_addr = tcg_temp_new();
-
- TCGLabel *start = gen_new_label();
- TCGLabel *end = gen_new_label();
- TCGLabel *start_i = gen_new_label();
- TCGLabel *end_i = gen_new_label();
-
- uint32_t max_elems_b = MAXSZ(s);
- uint32_t esz = 1 << s->sew;
-
- /* Start of the outer loop. */
- tcg_gen_movi_tl(k, 0);
- tcg_gen_shli_tl(tail_cnt, cpu_vl, s->sew);
- tcg_gen_movi_tl(tail_tot, max_elems_b);
- tcg_gen_add_tl(tail_addr, dest, tail_cnt);
- gen_set_label(start);
- tcg_gen_brcond_tl(TCG_COND_GE, k, tcg_constant_tl(nf), end);
- /* Start of the inner loop. */
- tcg_gen_mov_tl(i, tail_cnt);
- gen_set_label(start_i);
- tcg_gen_brcond_tl(TCG_COND_GE, i, tail_tot, end_i);
- /* store_1s(-1, vd[vl+i]); */
- st_fn(tcg_constant_tl(-1), (TCGv_ptr)tail_addr, 0);
- tcg_gen_addi_tl(tail_addr, tail_addr, esz);
- tcg_gen_addi_tl(i, i, esz);
- tcg_gen_br(start_i);
- /* End of the inner loop. */
- gen_set_label(end_i);
- /* Update the counts */
- tcg_gen_addi_tl(tail_cnt, tail_cnt, max_elems_b);
- tcg_gen_addi_tl(tail_tot, tail_cnt, max_elems_b);
- tcg_gen_addi_tl(k, k, 1);
- tcg_gen_br(start);
- /* End of the outer loop. */
- gen_set_label(end);
-
- return;
-}
+typedef void gen_helper_ldst_stride(TCGv_ptr, TCGv_ptr, TCGv,
+ TCGv, TCGv_env, TCGv_i32);
static bool ldst_stride_trans(uint32_t vd, uint32_t rs1, uint32_t rs2,
- uint32_t data, DisasContext *s, bool is_load)
+ uint32_t data, gen_helper_ldst_stride *fn,
+ DisasContext *s)
{
- if (!s->vstart_eq_zero) {
- return false;
- }
-
- TCGv dest = tcg_temp_new();
-
- uint32_t nf = FIELD_EX32(data, VDATA, NF);
- uint32_t vm = FIELD_EX32(data, VDATA, VM);
-
- /* Destination register and mask register */
- tcg_gen_addi_tl(dest, (TCGv)tcg_env, vreg_ofs(s, vd));
-
- /*
- * Select the appropriate load/tore to retrieve data from the vector
- * register given a specific sew.
- */
- static gen_tl_ldst * const ld_fns[4] = {
- tcg_gen_ld8u_tl, tcg_gen_ld16u_tl,
- tcg_gen_ld32u_tl, tcg_gen_ld_tl
- };
-
- static gen_tl_ldst * const st_fns[4] = {
- tcg_gen_st8_tl, tcg_gen_st16_tl,
- tcg_gen_st32_tl, tcg_gen_st_tl
- };
+ TCGv_ptr dest, mask;
+ TCGv base, stride;
+ TCGv_i32 desc;
- gen_tl_ldst *ld_fn = ld_fns[s->sew];
- gen_tl_ldst *st_fn = st_fns[s->sew];
+ dest = tcg_temp_new_ptr();
+ mask = tcg_temp_new_ptr();
+ base = get_gpr(s, rs1, EXT_NONE);
+ stride = get_gpr(s, rs2, EXT_NONE);
+ desc = tcg_constant_i32(simd_desc(s->cfg_ptr->vlenb,
+ s->cfg_ptr->vlenb, data));
- if (ld_fn == NULL || st_fn == NULL) {
- return false;
- }
+ tcg_gen_addi_ptr(dest, tcg_env, vreg_ofs(s, vd));
+ tcg_gen_addi_ptr(mask, tcg_env, vreg_ofs(s, 0));
mark_vs_dirty(s);
- gen_ldst_stride_main_loop(s, dest, rs1, rs2, vm, nf, ld_fn, st_fn, is_load);
-
- tcg_gen_movi_tl(cpu_vstart, 0);
-
- /*
- * Set the tail bytes to 1 if tail agnostic:
- */
- if (s->vta != 0 && is_load) {
- gen_ldst_stride_tail_loop(s, dest, nf, st_fn);
- }
+ fn(dest, mask, base, stride, tcg_env, desc);
finalize_rvv_inst(s);
return true;
@@ -1152,6 +898,16 @@ static bool ldst_stride_trans(uint32_t vd, uint32_t rs1, uint32_t rs2,
static bool ld_stride_op(DisasContext *s, arg_rnfvm *a, uint8_t eew)
{
uint32_t data = 0;
+ gen_helper_ldst_stride *fn;
+ static gen_helper_ldst_stride * const fns[4] = {
+ gen_helper_vlse8_v, gen_helper_vlse16_v,
+ gen_helper_vlse32_v, gen_helper_vlse64_v
+ };
+
+ fn = fns[eew];
+ if (fn == NULL) {
+ return false;
+ }
uint8_t emul = vext_get_emul(s, eew);
data = FIELD_DP32(data, VDATA, VM, a->vm);
@@ -1159,7 +915,7 @@ static bool ld_stride_op(DisasContext *s, arg_rnfvm *a, uint8_t eew)
data = FIELD_DP32(data, VDATA, NF, a->nf);
data = FIELD_DP32(data, VDATA, VTA, s->vta);
data = FIELD_DP32(data, VDATA, VMA, s->vma);
- return ldst_stride_trans(a->rd, a->rs1, a->rs2, data, s, true);
+ return ldst_stride_trans(a->rd, a->rs1, a->rs2, data, fn, s);
}
static bool ld_stride_check(DisasContext *s, arg_rnfvm* a, uint8_t eew)
@@ -1177,13 +933,23 @@ GEN_VEXT_TRANS(vlse64_v, MO_64, rnfvm, ld_stride_op, ld_stride_check)
static bool st_stride_op(DisasContext *s, arg_rnfvm *a, uint8_t eew)
{
uint32_t data = 0;
+ gen_helper_ldst_stride *fn;
+ static gen_helper_ldst_stride * const fns[4] = {
+ /* masked stride store */
+ gen_helper_vsse8_v, gen_helper_vsse16_v,
+ gen_helper_vsse32_v, gen_helper_vsse64_v
+ };
uint8_t emul = vext_get_emul(s, eew);
data = FIELD_DP32(data, VDATA, VM, a->vm);
data = FIELD_DP32(data, VDATA, LMUL, emul);
data = FIELD_DP32(data, VDATA, NF, a->nf);
+ fn = fns[eew];
+ if (fn == NULL) {
+ return false;
+ }
- return ldst_stride_trans(a->rd, a->rs1, a->rs2, data, s, false);
+ return ldst_stride_trans(a->rd, a->rs1, a->rs2, data, fn, s);
}
static bool st_stride_check(DisasContext *s, arg_rnfvm* a, uint8_t eew)
@@ -1534,6 +1300,17 @@ GEN_LDST_WHOLE_TRANS(vs8r_v, int8_t, 8, false)
*** Vector Integer Arithmetic Instructions
*/
+/*
+ * MAXSZ returns the maximum vector size can be operated in bytes,
+ * which is used in GVEC IR when vl_eq_vlmax flag is set to true
+ * to accelerate vector operation.
+ */
+static inline uint32_t MAXSZ(DisasContext *s)
+{
+ int max_sz = s->cfg_ptr->vlenb * 8;
+ return max_sz >> (3 - s->lmul);
+}
+
static bool opivv_check(DisasContext *s, arg_rmrr *a)
{
return require_rvv(s) &&
--
2.50.0
^ permalink raw reply related [flat|nested] 20+ messages in thread* [PULL 09/11] target/riscv: Fix exception type when VU accesses supervisor CSRs
2025-07-30 1:01 [PULL 00/11] riscv-to-apply queue alistair23
` (7 preceding siblings ...)
2025-07-30 1:01 ` [PULL 08/11] riscv: Revert "Generate strided vector loads/stores with tcg nodes." alistair23
@ 2025-07-30 1:01 ` alistair23
2025-07-30 1:01 ` [PULL 10/11] target/riscv: Restrict mideleg/medeleg/medelegh access to S-mode harts alistair23
` (4 subsequent siblings)
13 siblings, 0 replies; 20+ messages in thread
From: alistair23 @ 2025-07-30 1:01 UTC (permalink / raw)
To: qemu-devel; +Cc: alistair23, Xu Lu, Anup Patel, Nutty Liu, Alistair Francis
From: Xu Lu <luxu.kernel@bytedance.com>
When supervisor CSRs are accessed from VU-mode, a virtual instruction
exception should be raised instead of an illegal instruction.
Fixes: c1fbcecb3a (target/riscv: Fix csr number based privilege checking)
Signed-off-by: Xu Lu <luxu.kernel@bytedance.com>
Reviewed-by: Anup Patel <apatel@ventanamicro.com>
Reviewed-by: Nutty Liu <liujingqi@lanxincomputing.com>
Message-ID: <20250708060720.7030-1-luxu.kernel@bytedance.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
---
target/riscv/csr.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/target/riscv/csr.c b/target/riscv/csr.c
index 8631be97c5..9bebfae3f0 100644
--- a/target/riscv/csr.c
+++ b/target/riscv/csr.c
@@ -5577,7 +5577,7 @@ static inline RISCVException riscv_csrrw_check(CPURISCVState *env,
csr_priv = get_field(csrno, 0x300);
if (!env->debugger && (effective_priv < csr_priv)) {
- if (csr_priv == (PRV_S + 1) && env->virt_enabled) {
+ if (csr_priv <= (PRV_S + 1) && env->virt_enabled) {
return RISCV_EXCP_VIRT_INSTRUCTION_FAULT;
}
return RISCV_EXCP_ILLEGAL_INST;
--
2.50.0
^ permalink raw reply related [flat|nested] 20+ messages in thread* [PULL 10/11] target/riscv: Restrict mideleg/medeleg/medelegh access to S-mode harts
2025-07-30 1:01 [PULL 00/11] riscv-to-apply queue alistair23
` (8 preceding siblings ...)
2025-07-30 1:01 ` [PULL 09/11] target/riscv: Fix exception type when VU accesses supervisor CSRs alistair23
@ 2025-07-30 1:01 ` alistair23
2025-07-30 1:01 ` [PULL 11/11] target/riscv: Restrict midelegh " alistair23
` (3 subsequent siblings)
13 siblings, 0 replies; 20+ messages in thread
From: alistair23 @ 2025-07-30 1:01 UTC (permalink / raw)
To: qemu-devel
Cc: alistair23, Jay Chang, Frank Chang, Alistair Francis, Nutty Liu
From: Jay Chang <jay.chang@sifive.com>
RISC-V Privileged Spec states:
"In harts with S-mode, the medeleg and mideleg registers must exist, and
setting a bit in medeleg or mideleg will delegate the corresponding trap
, when occurring in S-mode or U-mode, to the S-mode trap handler. In
harts without S-mode, the medeleg and mideleg registers should not
exist."
Add smode predicate to ensure these CSRs are only accessible when S-mode
is supported.
Reviewed-by: Frank Chang <frank.chang@sifive.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Jay Chang <jay.chang@sifive.com>
Reviewed-by: Nutty Liu<liujingqi@lanxincomputing.com>
Message-ID: <20250701030021.99218-2-jay.chang@sifive.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
---
target/riscv/csr.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/target/riscv/csr.c b/target/riscv/csr.c
index 9bebfae3f0..5a6de07486 100644
--- a/target/riscv/csr.c
+++ b/target/riscv/csr.c
@@ -5862,8 +5862,8 @@ riscv_csr_operations csr_ops[CSR_TABLE_SIZE] = {
NULL, read_mstatus_i128 },
[CSR_MISA] = { "misa", any, read_misa, write_misa,
NULL, read_misa_i128 },
- [CSR_MIDELEG] = { "mideleg", any, NULL, NULL, rmw_mideleg },
- [CSR_MEDELEG] = { "medeleg", any, read_medeleg, write_medeleg },
+ [CSR_MIDELEG] = { "mideleg", smode, NULL, NULL, rmw_mideleg },
+ [CSR_MEDELEG] = { "medeleg", smode, read_medeleg, write_medeleg },
[CSR_MIE] = { "mie", any, NULL, NULL, rmw_mie },
[CSR_MTVEC] = { "mtvec", any, read_mtvec, write_mtvec },
[CSR_MCOUNTEREN] = { "mcounteren", umode, read_mcounteren,
@@ -5871,7 +5871,7 @@ riscv_csr_operations csr_ops[CSR_TABLE_SIZE] = {
[CSR_MSTATUSH] = { "mstatush", any32, read_mstatush,
write_mstatush },
- [CSR_MEDELEGH] = { "medelegh", any32, read_zero, write_ignore,
+ [CSR_MEDELEGH] = { "medelegh", smode32, read_zero, write_ignore,
.min_priv_ver = PRIV_VERSION_1_13_0 },
[CSR_HEDELEGH] = { "hedelegh", hmode32, read_hedelegh, write_hedelegh,
.min_priv_ver = PRIV_VERSION_1_13_0 },
--
2.50.0
^ permalink raw reply related [flat|nested] 20+ messages in thread* [PULL 11/11] target/riscv: Restrict midelegh access to S-mode harts
2025-07-30 1:01 [PULL 00/11] riscv-to-apply queue alistair23
` (9 preceding siblings ...)
2025-07-30 1:01 ` [PULL 10/11] target/riscv: Restrict mideleg/medeleg/medelegh access to S-mode harts alistair23
@ 2025-07-30 1:01 ` alistair23
2025-07-30 1:04 ` [PULL 00/11] riscv-to-apply queue Alistair Francis
` (2 subsequent siblings)
13 siblings, 0 replies; 20+ messages in thread
From: alistair23 @ 2025-07-30 1:01 UTC (permalink / raw)
To: qemu-devel
Cc: alistair23, Jay Chang, Frank Chang, Alistair Francis, Nutty Liu
From: Jay Chang <jay.chang@sifive.com>
RISC-V AIA Spec states:
"For a machine-level environment, extension Smaia encompasses all added
CSRs and all modifications to interrupt response behavior that the AIA
specifies for a hart, over all privilege levels. For a supervisor-level
environment, extension Ssaia is essentially the same as Smaia except
excluding the machine-level CSRs and behavior not directly visible to
supervisor level."
Since midelegh is an AIA machine-mode CSR, add Smaia extension check in
aia_smode32 predicate.
Reviewed-by: Frank Chang <frank.chang@sifive.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Jay Chang <jay.chang@sifive.com>
Reviewed-by: Nutty Liu<liujingqi@lanxincomputing.com>
Message-ID: <20250701030021.99218-3-jay.chang@sifive.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
---
target/riscv/csr.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/target/riscv/csr.c b/target/riscv/csr.c
index 5a6de07486..8842e07a73 100644
--- a/target/riscv/csr.c
+++ b/target/riscv/csr.c
@@ -374,8 +374,11 @@ static RISCVException aia_smode(CPURISCVState *env, int csrno)
static RISCVException aia_smode32(CPURISCVState *env, int csrno)
{
int ret;
+ int csr_priv = get_field(csrno, 0x300);
- if (!riscv_cpu_cfg(env)->ext_ssaia) {
+ if (csr_priv == PRV_M && !riscv_cpu_cfg(env)->ext_smaia) {
+ return RISCV_EXCP_ILLEGAL_INST;
+ } else if (!riscv_cpu_cfg(env)->ext_ssaia) {
return RISCV_EXCP_ILLEGAL_INST;
}
@@ -5911,7 +5914,7 @@ riscv_csr_operations csr_ops[CSR_TABLE_SIZE] = {
[CSR_MVIP] = { "mvip", aia_any, NULL, NULL, rmw_mvip },
/* Machine-Level High-Half CSRs (AIA) */
- [CSR_MIDELEGH] = { "midelegh", aia_any32, NULL, NULL, rmw_midelegh },
+ [CSR_MIDELEGH] = { "midelegh", aia_smode32, NULL, NULL, rmw_midelegh },
[CSR_MIEH] = { "mieh", aia_any32, NULL, NULL, rmw_mieh },
[CSR_MVIENH] = { "mvienh", aia_any32, NULL, NULL, rmw_mvienh },
[CSR_MVIPH] = { "mviph", aia_any32, NULL, NULL, rmw_mviph },
--
2.50.0
^ permalink raw reply related [flat|nested] 20+ messages in thread* Re: [PULL 00/11] riscv-to-apply queue
2025-07-30 1:01 [PULL 00/11] riscv-to-apply queue alistair23
` (10 preceding siblings ...)
2025-07-30 1:01 ` [PULL 11/11] target/riscv: Restrict midelegh " alistair23
@ 2025-07-30 1:04 ` Alistair Francis
2025-07-30 15:15 ` Stefan Hajnoczi
2025-07-30 18:19 ` Michael Tokarev
13 siblings, 0 replies; 20+ messages in thread
From: Alistair Francis @ 2025-07-30 1:04 UTC (permalink / raw)
To: qemu-devel; +Cc: Alistair Francis
On Wed, Jul 30, 2025 at 11:01 AM <alistair23@gmail.com> wrote:
>
> From: Alistair Francis <alistair.francis@wdc.com>
>
> The following changes since commit 9b80226ece693197af8a981b424391b68b5bc38e:
>
> Update version for the v10.1.0-rc1 release (2025-07-29 13:00:41 -0400)
>
> are available in the Git repository at:
>
> https://github.com/alistair23/qemu.git tags/pull-riscv-to-apply-20250730-2
>
> for you to fetch changes up to 86bc3a0abf10072081cddd8dff25aa72c60e67b8:
>
> target/riscv: Restrict midelegh access to S-mode harts (2025-07-30 10:59:26 +1000)
>
> ----------------------------------------------------------------
> Third RISC-V PR for 10.1
>
> * Fix pmp range wraparound on zero
> * Update FADT and MADT versions in ACPI tables
> * Fix target register read when source is inactive
> * Add riscv_hwprobe entry to linux-user strace list
> * Do not call GETPC() in check_ret_from_m_mode()
> * Revert "Generate strided vector loads/stores with tcg nodes."
> * Fix exception type when VU accesses supervisor CSRs
> * Restrict mideleg/medeleg/medelegh access to S-mode harts
> * Restrict midelegh access to S-mode harts
Sorry about this being so large and late in the cycle. I just got back
from parental leave and wanted to get these fixes in for 10.1
Alistair
^ permalink raw reply [flat|nested] 20+ messages in thread* Re: [PULL 00/11] riscv-to-apply queue
2025-07-30 1:01 [PULL 00/11] riscv-to-apply queue alistair23
` (11 preceding siblings ...)
2025-07-30 1:04 ` [PULL 00/11] riscv-to-apply queue Alistair Francis
@ 2025-07-30 15:15 ` Stefan Hajnoczi
2025-07-30 18:19 ` Michael Tokarev
13 siblings, 0 replies; 20+ messages in thread
From: Stefan Hajnoczi @ 2025-07-30 15:15 UTC (permalink / raw)
To: alistair23; +Cc: qemu-devel, alistair23, Alistair Francis
[-- Attachment #1: Type: text/plain, Size: 116 bytes --]
Applied, thanks.
Please update the changelog at https://wiki.qemu.org/ChangeLog/10.1 for any user-visible changes.
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 488 bytes --]
^ permalink raw reply [flat|nested] 20+ messages in thread* Re: [PULL 00/11] riscv-to-apply queue
2025-07-30 1:01 [PULL 00/11] riscv-to-apply queue alistair23
` (12 preceding siblings ...)
2025-07-30 15:15 ` Stefan Hajnoczi
@ 2025-07-30 18:19 ` Michael Tokarev
2025-07-31 4:36 ` Alistair Francis
13 siblings, 1 reply; 20+ messages in thread
From: Michael Tokarev @ 2025-07-30 18:19 UTC (permalink / raw)
To: alistair23, qemu-devel; +Cc: Alistair Francis
On 30.07.2025 04:01, alistair23@gmail.com wrote:
> From: Alistair Francis <alistair.francis@wdc.com>
>
> The following changes since commit 9b80226ece693197af8a981b424391b68b5bc38e:
>
> Update version for the v10.1.0-rc1 release (2025-07-29 13:00:41 -0400)
>
> are available in the Git repository at:
>
> https://github.com/alistair23/qemu.git tags/pull-riscv-to-apply-20250730-2
>
> for you to fetch changes up to 86bc3a0abf10072081cddd8dff25aa72c60e67b8:
>
> target/riscv: Restrict midelegh access to S-mode harts (2025-07-30 10:59:26 +1000)
>
> ----------------------------------------------------------------
> Third RISC-V PR for 10.1
>
> * Fix pmp range wraparound on zero
> * Update FADT and MADT versions in ACPI tables
> * Fix target register read when source is inactive
> * Add riscv_hwprobe entry to linux-user strace list
> * Do not call GETPC() in check_ret_from_m_mode()
> * Revert "Generate strided vector loads/stores with tcg nodes."
> * Fix exception type when VU accesses supervisor CSRs
> * Restrict mideleg/medeleg/medelegh access to S-mode harts
> * Restrict midelegh access to S-mode harts
>
> ----------------------------------------------------------------
> Daniel Henrique Barboza (3):
> linux-user/strace.list: add riscv_hwprobe entry
> target/riscv: do not call GETPC() in check_ret_from_m_mode()
> riscv: Revert "Generate strided vector loads/stores with tcg nodes."
>
> Jay Chang (2):
> target/riscv: Restrict mideleg/medeleg/medelegh access to S-mode harts
> target/riscv: Restrict midelegh access to S-mode harts
>
> Sunil V L (3):
> bios-tables-test-allowed-diff.h: Allow RISC-V FADT and MADT changes
> hw/riscv/virt-acpi-build.c: Update FADT and MADT versions
> tests/data/acpi/riscv64: Update expected FADT and MADT
>
> Vac Chen (1):
> target/riscv: Fix pmp range wraparound on zero
>
> Xu Lu (1):
> target/riscv: Fix exception type when VU accesses supervisor CSRs
>
> Yang Jialong (1):
> intc/riscv_aplic: Fix target register read when source is inactive
Is there anything there for qemu-stable?
It looks like "Fix exception type when VU accesses supervisor CSRs" is a
good candidate, maybe "Fix pmp range wraparound on zero" too. Something
else? "Fix target register read when source is inactive"? The "S-mode
harts" ones?
I already picked up "do not call GETPC()" as it's been Cc'd qemu-stable
before, and I'm picking up riscv_hwprobe too, as it's trivial and fixes
a trivial omission which might be useful. Should I pick up others I
mentioned?
Thanks,
/mjt
^ permalink raw reply [flat|nested] 20+ messages in thread* Re: [PULL 00/11] riscv-to-apply queue
2025-07-30 18:19 ` Michael Tokarev
@ 2025-07-31 4:36 ` Alistair Francis
2025-07-31 6:11 ` Michael Tokarev
0 siblings, 1 reply; 20+ messages in thread
From: Alistair Francis @ 2025-07-31 4:36 UTC (permalink / raw)
To: Michael Tokarev; +Cc: qemu-devel, Alistair Francis
On Thu, Jul 31, 2025 at 4:20 AM Michael Tokarev <mjt@tls.msk.ru> wrote:
>
> On 30.07.2025 04:01, alistair23@gmail.com wrote:
> > From: Alistair Francis <alistair.francis@wdc.com>
> >
> > The following changes since commit 9b80226ece693197af8a981b424391b68b5bc38e:
> >
> > Update version for the v10.1.0-rc1 release (2025-07-29 13:00:41 -0400)
> >
> > are available in the Git repository at:
> >
> > https://github.com/alistair23/qemu.git tags/pull-riscv-to-apply-20250730-2
> >
> > for you to fetch changes up to 86bc3a0abf10072081cddd8dff25aa72c60e67b8:
> >
> > target/riscv: Restrict midelegh access to S-mode harts (2025-07-30 10:59:26 +1000)
> >
> > ----------------------------------------------------------------
> > Third RISC-V PR for 10.1
> >
> > * Fix pmp range wraparound on zero
> > * Update FADT and MADT versions in ACPI tables
> > * Fix target register read when source is inactive
> > * Add riscv_hwprobe entry to linux-user strace list
> > * Do not call GETPC() in check_ret_from_m_mode()
> > * Revert "Generate strided vector loads/stores with tcg nodes."
> > * Fix exception type when VU accesses supervisor CSRs
> > * Restrict mideleg/medeleg/medelegh access to S-mode harts
> > * Restrict midelegh access to S-mode harts
> >
> > ----------------------------------------------------------------
> > Daniel Henrique Barboza (3):
> > linux-user/strace.list: add riscv_hwprobe entry
> > target/riscv: do not call GETPC() in check_ret_from_m_mode()
> > riscv: Revert "Generate strided vector loads/stores with tcg nodes."
> >
> > Jay Chang (2):
> > target/riscv: Restrict mideleg/medeleg/medelegh access to S-mode harts
> > target/riscv: Restrict midelegh access to S-mode harts
> >
> > Sunil V L (3):
> > bios-tables-test-allowed-diff.h: Allow RISC-V FADT and MADT changes
> > hw/riscv/virt-acpi-build.c: Update FADT and MADT versions
> > tests/data/acpi/riscv64: Update expected FADT and MADT
> >
> > Vac Chen (1):
> > target/riscv: Fix pmp range wraparound on zero
> >
> > Xu Lu (1):
> > target/riscv: Fix exception type when VU accesses supervisor CSRs
> >
> > Yang Jialong (1):
> > intc/riscv_aplic: Fix target register read when source is inactive
>
> Is there anything there for qemu-stable?
Urgh, sorry I forgot to CC qemu-stable.
>
> It looks like "Fix exception type when VU accesses supervisor CSRs" is a
> good candidate, maybe "Fix pmp range wraparound on zero" too. Something
> else? "Fix target register read when source is inactive"? The "S-mode
> harts" ones?
>
> I already picked up "do not call GETPC()" as it's been Cc'd qemu-stable
> before, and I'm picking up riscv_hwprobe too, as it's trivial and fixes
> a trivial omission which might be useful. Should I pick up others I
> mentioned?
Thanks for getting those two
77707bfdf8 target/riscv: Fix pmp range wraparound on zero
b6f1244678 intc/riscv_aplic: Fix target register read when source is inactive
30ef718423 target/riscv: Fix exception type when VU accesses supervisor CSRs
e443ba0336 target/riscv: Restrict mideleg/medeleg/medelegh access to
S-mode harts
86bc3a0abf target/riscv: Restrict midelegh access to S-mode harts
Are all good candidates for back porting as well
Alistair
>
> Thanks,
>
> /mjt
^ permalink raw reply [flat|nested] 20+ messages in thread