From: frank.chang@sifive.com
To: qemu-devel@nongnu.org
Cc: "Palmer Dabbelt" <palmer@dabbelt.com>,
"Alistair Francis" <alistair.francis@wdc.com>,
"Weiwei Li" <liwei1518@gmail.com>,
"Daniel Henrique Barboza" <dbarboza@ventanamicro.com>,
"Liu Zhiwei" <zhiwei_liu@linux.alibaba.com>,
qemu-riscv@nongnu.org (open list:RISC-V TCG CPUs),
"Frank Chang" <frank.chang@sifive.com>,
"Radim Krčmář" <rkrcmar@ventanamicro.com>
Subject: [PATCH v3 6/6] target/riscv: Fix pointer masking translation mode check bug
Date: Fri, 12 Dec 2025 00:38:25 +0800 [thread overview]
Message-ID: <20251211163826.3998266-7-frank.chang@sifive.com> (raw)
In-Reply-To: <20251211163826.3998266-1-frank.chang@sifive.com>
From: Frank Chang <frank.chang@sifive.com>
When running with virtualization in VS/VU mode, or when executing the
virtual-machine load/store instructions (HLV.* and HSV.*), the type of
address that determines which pointer masking rules apply should be
checked against vsatp rather than satp.
As a result, sign extension also applies to the virtual-machine
load/store instructions.
Signed-off-by: Frank Chang <frank.chang@sifive.com>
Reviewed-by: Radim Krčmář <rkrcmar@ventanamicro.com>
---
target/riscv/cpu.h | 2 +-
target/riscv/cpu_helper.c | 19 +++++++++++++++----
target/riscv/internals.h | 4 +---
target/riscv/tcg/tcg-cpu.c | 4 ++--
4 files changed, 19 insertions(+), 10 deletions(-)
diff --git a/target/riscv/cpu.h b/target/riscv/cpu.h
index b4cf86e4f61..93c837024a0 100644
--- a/target/riscv/cpu.h
+++ b/target/riscv/cpu.h
@@ -881,7 +881,7 @@ static inline uint32_t vext_get_vlmax(uint32_t vlenb, uint32_t vsew,
bool riscv_cpu_is_32bit(RISCVCPU *cpu);
-bool riscv_cpu_virt_mem_enabled(CPURISCVState *env);
+bool riscv_cpu_virt_mem_enabled(CPURISCVState *env, bool is_vm_ldst);
RISCVPmPmm riscv_pm_get_pmm(CPURISCVState *env);
RISCVPmPmm riscv_pm_get_vm_ldst_pmm(CPURISCVState *env);
uint32_t riscv_pm_get_pmlen(RISCVPmPmm pmm);
diff --git a/target/riscv/cpu_helper.c b/target/riscv/cpu_helper.c
index f6856a10bb5..587adaeec73 100644
--- a/target/riscv/cpu_helper.c
+++ b/target/riscv/cpu_helper.c
@@ -240,16 +240,27 @@ RISCVPmPmm riscv_pm_get_vm_ldst_pmm(CPURISCVState *env)
#endif
}
-bool riscv_cpu_virt_mem_enabled(CPURISCVState *env)
+bool riscv_cpu_virt_mem_enabled(CPURISCVState *env, bool is_vm_ldst)
{
#ifndef CONFIG_USER_ONLY
int satp_mode = 0;
- int priv_mode = cpu_address_mode(env);
+ uint64_t satp;
+ int priv_mode;
+ bool virt = false;
+
+ if (!is_vm_ldst) {
+ riscv_cpu_eff_priv(env, &priv_mode, &virt);
+ } else {
+ priv_mode = get_field(env->hstatus, HSTATUS_SPVP);
+ virt = true;
+ }
+
+ satp = virt ? env->vsatp : env->satp;
if (riscv_cpu_mxl(env) == MXL_RV32) {
- satp_mode = get_field(env->satp, SATP32_MODE);
+ satp_mode = get_field(satp, SATP32_MODE);
} else {
- satp_mode = get_field(env->satp, SATP64_MODE);
+ satp_mode = get_field(satp, SATP64_MODE);
}
return ((satp_mode != VM_1_10_MBARE) && (priv_mode != PRV_M));
diff --git a/target/riscv/internals.h b/target/riscv/internals.h
index b17b661e2a8..38d438fbf93 100644
--- a/target/riscv/internals.h
+++ b/target/riscv/internals.h
@@ -200,9 +200,7 @@ static inline target_ulong adjust_addr_body(CPURISCVState *env,
return addr;
}
- if (!is_virt_addr) {
- signext = riscv_cpu_virt_mem_enabled(env);
- }
+ signext = riscv_cpu_virt_mem_enabled(env, is_virt_addr);
pmlen = riscv_pm_get_pmlen(pmm);
addr = addr << pmlen;
diff --git a/target/riscv/tcg/tcg-cpu.c b/target/riscv/tcg/tcg-cpu.c
index 440626ddfad..2b4bcefa0c9 100644
--- a/target/riscv/tcg/tcg-cpu.c
+++ b/target/riscv/tcg/tcg-cpu.c
@@ -104,7 +104,7 @@ static TCGTBCPUState riscv_get_tb_cpu_state(CPUState *cs)
RISCVCPU *cpu = env_archcpu(env);
RISCVExtStatus fs, vs;
uint32_t flags = 0;
- bool pm_signext = riscv_cpu_virt_mem_enabled(env);
+ bool pm_signext = riscv_cpu_virt_mem_enabled(env, false);
if (cpu->cfg.ext_zve32x) {
/*
@@ -255,7 +255,7 @@ static vaddr riscv_pointer_wrap(CPUState *cs, int mmu_idx,
return result;
}
- pm_signext = riscv_cpu_virt_mem_enabled(env);
+ pm_signext = riscv_cpu_virt_mem_enabled(env, false);
if (pm_signext) {
return sextract64(result, 0, 64 - pm_len);
}
--
2.43.0
prev parent reply other threads:[~2025-12-11 16:40 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-12-11 16:38 [PATCH v3 0/6] Fix Zjpm implementation frank.chang
2025-12-11 16:38 ` [PATCH v3 1/6] target/riscv: fix address masking frank.chang
2025-12-11 16:38 ` [PATCH v3 2/6] target/riscv: Add a helper to return the current effective priv mode frank.chang
2025-12-11 16:38 ` [PATCH v3 3/6] target/riscv: Fix pointer masking PMM field selection logic frank.chang
2025-12-11 16:38 ` [PATCH v3 4/6] target/riscv: Fix pointer masking for virtual-machine load/store insns frank.chang
2025-12-11 16:38 ` [PATCH v3 5/6] target/riscv: Rename riscv_pm_get_virt_pmm() to riscv_pm_get_vm_ldst_pmm() frank.chang
2025-12-11 16:38 ` frank.chang [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20251211163826.3998266-7-frank.chang@sifive.com \
--to=frank.chang@sifive.com \
--cc=alistair.francis@wdc.com \
--cc=dbarboza@ventanamicro.com \
--cc=liwei1518@gmail.com \
--cc=palmer@dabbelt.com \
--cc=qemu-devel@nongnu.org \
--cc=qemu-riscv@nongnu.org \
--cc=rkrcmar@ventanamicro.com \
--cc=zhiwei_liu@linux.alibaba.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).