Re: [PATCH v3 1/3] target/riscv: Fix IALIGN check in misa write

public inbox for qemu-devel@nongnu.org
 help / color / mirror / Atom feed

From: Nicholas Piggin <npiggin@gmail.com>
To: Chao Liu <chao.liu.zevorn@gmail.com>
Cc: Alistair Francis <alistair23@gmail.com>,
	qemu-riscv@nongnu.org,  Laurent Vivier <laurent@vivier.eu>,
	Palmer Dabbelt <palmer@dabbelt.com>,
	 Alistair Francis <alistair.francis@wdc.com>,
	Weiwei Li <liwei1518@gmail.com>,
	 Daniel Henrique Barboza <dbarboza@ventanamicro.com>,
	Liu Zhiwei <zhiwei_liu@linux.alibaba.com>,
	qemu-devel@nongnu.org,  Joel Stanley <joel@jms.id.au>,
	Nicholas Joaquin <njoaquin@tenstorrent.com>,
	 Ganesh Valliappan <gvalliappan@tenstorrent.com>
Subject: Re: [PATCH v3 1/3] target/riscv: Fix IALIGN check in misa write
Date: Thu, 26 Mar 2026 16:29:22 +1000	[thread overview]
Message-ID: <acTSDKzeEb3bbv08@lima-default> (raw)
In-Reply-To: <acNYexbXVoMmUMPo@ZEVORN-PC.localdomain>

On Wed, Mar 25, 2026 at 11:40:18AM +0800, Chao Liu wrote:
> On Wed, Mar 25, 2026 at 01:26:56PM +1000, Alistair Francis wrote:
> > On Wed, Mar 25, 2026 at 1:09 PM Chao Liu <chao.liu.zevorn@gmail.com> wrote:
> > >
> > > On Sun, Mar 22, 2026 at 12:45:52AM +1000, Nicholas Piggin wrote:
> > > > The instruction alignment check for the C extension was inverted.
> > > > The new value should be checked for C bit clear (thus increasing
> > > > IALIGN). If IALIGN is incompatible, then the write to misa should
> > > > be suppressed, not just ignoring the update to the C bit.
> > > >
> > > > From the ISA:
> > > >
> > > >   Writing misa may increase IALIGN, e.g., by disabling the "C"
> > > >   extension. If an instruction that would write misa increases IALIGN,
> > > >   and the subsequent instruction’s address is not IALIGN-bit aligned,
> > > >   the write to misa is suppressed, leaving misa unchanged.
> > > >
> > > > This was found with a verification test generator based on RiESCUE.
> > > >
> > > > Reported-by: Nicholas Joaquin <njoaquin@tenstorrent.com>
> > > > Reported-by: Ganesh Valliappan <gvalliappan@tenstorrent.com>
> > > > Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
> > > > ---
> > > >  target/riscv/csr.c                        | 16 ++++-
> > > >  tests/tcg/riscv64/Makefile.softmmu-target |  5 ++
> > > >  tests/tcg/riscv64/misa-ialign.S           | 88 +++++++++++++++++++++++
> > > >  3 files changed, 106 insertions(+), 3 deletions(-)
> > > >  create mode 100644 tests/tcg/riscv64/misa-ialign.S
> > > >
> > > > diff --git a/target/riscv/csr.c b/target/riscv/csr.c
> > > > index 5064483917..91421a2dd8 100644
> > > > --- a/target/riscv/csr.c
> > > > +++ b/target/riscv/csr.c
> > > > @@ -2129,9 +2129,19 @@ static RISCVException write_misa(CPURISCVState *env, int csrno,
> > > >      /* Mask extensions that are not supported by this hart */
> > > >      val &= env->misa_ext_mask;
> > > >
> > > > -    /* Suppress 'C' if next instruction is not aligned. */
> > > > -    if ((val & RVC) && (get_next_pc(env, ra) & 3) != 0) {
> > > > -        val &= ~RVC;
> > > > +    /*
> > > > +     * misa writes that increase IALIGN beyond alignment of the next
> > > > +     * instruction cause the write to misa to be suppressed. Clearing
> > > > +     * "C" extension increases IALIGN.
> > > > +     */
> > > > +    if (!(val & RVC) && (get_next_pc(env, ra) & 3) != 0) {
> > > > +        /*
> > > > +         * If the next instruction is unaligned mod 4 then "C" must be
> > > > +         * set or this instruction could not be executing, so we know
> > > > +         * this is is clearing "C" (and not just keeping it clear).
> > > "this is is clearing" — double "is"
> > >
> > > > +         */
> > > > +        g_assert(env->misa_ext & RVC);
> > > > +        return RISCV_EXCP_NONE;
> > > write_misa() is also reachable via riscv_csrrw_debug()
> > > with ra=0, where get_next_pc() falls back to env->pc.
> > 
> > Ah good catch
> > 
> > > A debugger can set PC to a 2-byte-aligned address while C is
> > > already disabled, then write misa keeping C=0. This hits
> > > the condition and fires the g_assert.
> > 
> > I'm not convinced that that's necessarily bad, as that's an odd and
> > invalid thing to be writing. But we probably shouldn't assert
> > 
> > >
> > > The ISA spec language:
> > >
> > >     "if an instruction that would write misa..."
> > >
> > > does not cover debug writes, so the IALIGN suppression
> > > arguably should not apply in that case at all.
> > >
> > > We can:
> > >
> > >     if (ra && !(val & RVC)
> > >         && (get_next_pc(env, ra) & 3) != 0) {
> > >         g_assert(env->misa_ext & RVC);
> > >         return RISCV_EXCP_NONE;
> > >     }
> > 
> > Maybe it's best to change the `g_assert()` to a log GUEST_ERROR
> > instead. That way we flag that something fishy is going on, but don't
> > exit QEMU
> > 
> Agreed!
> 
> Replacing the g_assert() with qemu_log_mask(LOG_GUEST_ERROR, ...)
> sounds like the right balance — it still surfaces the anomaly for
> anyone debugging, without taking down QEMU over what is ultimately
> a debugger-induced corner case.
> 
> The IALIGN suppression logic itself is still correct for the normal
> execution path, so there's no reason to skip it entirely; just don't
> crash on the weird one.

Okay good feedback, thanks to you both. I agree, I'll make the changes
and resend.

Thanks,
Nick

next prev parent reply	other threads:[~2026-03-26  6:30 UTC|newest]

Thread overview: 15+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-03-21 14:45 [PATCH v3 0/3] target/riscv: corner case fixes Nicholas Piggin
2026-03-21 14:45 ` [PATCH v3 1/3] target/riscv: Fix IALIGN check in misa write Nicholas Piggin
2026-03-25  1:35   ` Alistair Francis
2026-03-25  3:08   ` Chao Liu
2026-03-25  3:26     ` Alistair Francis
2026-03-25  3:40       ` Chao Liu
2026-03-26  6:29         ` Nicholas Piggin [this message]
2026-03-21 14:45 ` [PATCH v3 2/3] target/riscv: Fix vector whole ldst vstart check Nicholas Piggin
2026-03-25  1:57   ` Alistair Francis
2026-03-25  2:10   ` Chao Liu
2026-03-21 14:45 ` [PATCH v3 3/3] tests/tcg: Add riscv test for interrupted vector ops Nicholas Piggin
2026-03-25  2:08   ` Alistair Francis
2026-03-25  3:19   ` Chao Liu
2026-03-26  6:32     ` Nicholas Piggin
2026-03-25  2:20 ` [PATCH v3 0/3] target/riscv: corner case fixes Alistair Francis

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=acTSDKzeEb3bbv08@lima-default \
    --to=npiggin@gmail.com \
    --cc=alistair.francis@wdc.com \
    --cc=alistair23@gmail.com \
    --cc=chao.liu.zevorn@gmail.com \
    --cc=dbarboza@ventanamicro.com \
    --cc=gvalliappan@tenstorrent.com \
    --cc=joel@jms.id.au \
    --cc=laurent@vivier.eu \
    --cc=liwei1518@gmail.com \
    --cc=njoaquin@tenstorrent.com \
    --cc=palmer@dabbelt.com \
    --cc=qemu-devel@nongnu.org \
    --cc=qemu-riscv@nongnu.org \
    --cc=zhiwei_liu@linux.alibaba.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox