* [PATCH v2] target/riscv: raise an exception when CSRRS/CSRRC writes a read-only CSR
@ 2024-03-11 3:08 Yu-Ming Chang via
2024-03-11 4:48 ` Richard Henderson
2024-03-12 2:36 ` LIU Zhiwei
0 siblings, 2 replies; 3+ messages in thread
From: Yu-Ming Chang via @ 2024-03-11 3:08 UTC (permalink / raw)
To: palmer, alistair.francis, bin.meng, liwei1518, dbarboza,
zhiwei_liu
Cc: qemu-riscv, qemu-devel, Yu-Ming Chang
Both CSRRS and CSRRC always read the addressed CSR and cause any read side
effects regardless of rs1 and rd fields. Note that if rs1 specifies a register
holding a zero value other than x0, the instruction will still attempt to write
the unmodified value back to the CSR and will cause any attendant side effects.
So if CSRRS or CSRRC tries to write a read-only CSR with rs1 which specifies
a register holding a zero value, an illegal instruction exception should be
raised.
Signed-off-by: Yu-Ming Chang <yumin686@andestech.com>
---
This incorporated the comments from Richard. Thank you.
target/riscv/cpu.h | 2 ++
target/riscv/csr.c | 17 ++++++++++++++---
target/riscv/op_helper.c | 2 +-
3 files changed, 17 insertions(+), 4 deletions(-)
diff --git a/target/riscv/cpu.h b/target/riscv/cpu.h
index 5d291a7092..452841ae2f 100644
--- a/target/riscv/cpu.h
+++ b/target/riscv/cpu.h
@@ -710,6 +710,8 @@ void cpu_get_tb_cpu_state(CPURISCVState *env, vaddr *pc,
void riscv_cpu_update_mask(CPURISCVState *env);
bool riscv_cpu_is_32bit(RISCVCPU *cpu);
+RISCVException riscv_csrr(CPURISCVState *env, int csrno,
+ target_ulong *ret_value);
RISCVException riscv_csrrw(CPURISCVState *env, int csrno,
target_ulong *ret_value,
target_ulong new_value, target_ulong write_mask);
diff --git a/target/riscv/csr.c b/target/riscv/csr.c
index d4e8ac13b9..0d14ba2ba5 100644
--- a/target/riscv/csr.c
+++ b/target/riscv/csr.c
@@ -4306,7 +4306,7 @@ static RISCVException rmw_seed(CPURISCVState *env, int csrno,
static inline RISCVException riscv_csrrw_check(CPURISCVState *env,
int csrno,
- bool write_mask)
+ bool write)
{
/* check privileges and return RISCV_EXCP_ILLEGAL_INST if check fails */
bool read_only = get_field(csrno, 0xC00) == 3;
@@ -4328,7 +4328,7 @@ static inline RISCVException riscv_csrrw_check(CPURISCVState *env,
}
/* read / write check */
- if (write_mask && read_only) {
+ if (write && read_only) {
return RISCV_EXCP_ILLEGAL_INST;
}
@@ -4415,11 +4415,22 @@ static RISCVException riscv_csrrw_do64(CPURISCVState *env, int csrno,
return RISCV_EXCP_NONE;
}
+RISCVException riscv_csrr(CPURISCVState *env, int csrno,
+ target_ulong *ret_value)
+{
+ RISCVException ret = riscv_csrrw_check(env, csrno, false);
+ if (ret != RISCV_EXCP_NONE) {
+ return ret;
+ }
+
+ return riscv_csrrw_do64(env, csrno, ret_value, 0, 0);
+}
+
RISCVException riscv_csrrw(CPURISCVState *env, int csrno,
target_ulong *ret_value,
target_ulong new_value, target_ulong write_mask)
{
- RISCVException ret = riscv_csrrw_check(env, csrno, write_mask);
+ RISCVException ret = riscv_csrrw_check(env, csrno, true);
if (ret != RISCV_EXCP_NONE) {
return ret;
}
diff --git a/target/riscv/op_helper.c b/target/riscv/op_helper.c
index f414aaebdb..f3aa705be8 100644
--- a/target/riscv/op_helper.c
+++ b/target/riscv/op_helper.c
@@ -51,7 +51,7 @@ target_ulong helper_csrr(CPURISCVState *env, int csr)
}
target_ulong val = 0;
- RISCVException ret = riscv_csrrw(env, csr, &val, 0, 0);
+ RISCVException ret = riscv_csrr(env, csr, &val);
if (ret != RISCV_EXCP_NONE) {
riscv_raise_exception(env, ret, GETPC());
--
2.34.1
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH v2] target/riscv: raise an exception when CSRRS/CSRRC writes a read-only CSR
2024-03-11 3:08 [PATCH v2] target/riscv: raise an exception when CSRRS/CSRRC writes a read-only CSR Yu-Ming Chang via
@ 2024-03-11 4:48 ` Richard Henderson
2024-03-12 2:36 ` LIU Zhiwei
1 sibling, 0 replies; 3+ messages in thread
From: Richard Henderson @ 2024-03-11 4:48 UTC (permalink / raw)
To: Yu-Ming Chang, palmer, alistair.francis, bin.meng, liwei1518,
dbarboza, zhiwei_liu
Cc: qemu-riscv, qemu-devel
On 3/10/24 17:08, Yu-Ming Chang via wrote:
> Both CSRRS and CSRRC always read the addressed CSR and cause any read side
> effects regardless of rs1 and rd fields. Note that if rs1 specifies a register
> holding a zero value other than x0, the instruction will still attempt to write
> the unmodified value back to the CSR and will cause any attendant side effects.
>
> So if CSRRS or CSRRC tries to write a read-only CSR with rs1 which specifies
> a register holding a zero value, an illegal instruction exception should be
> raised.
>
> Signed-off-by: Yu-Ming Chang<yumin686@andestech.com>
> ---
> This incorporated the comments from Richard. Thank you.
>
> target/riscv/cpu.h | 2 ++
> target/riscv/csr.c | 17 ++++++++++++++---
> target/riscv/op_helper.c | 2 +-
> 3 files changed, 17 insertions(+), 4 deletions(-)
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
r~
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH v2] target/riscv: raise an exception when CSRRS/CSRRC writes a read-only CSR
2024-03-11 3:08 [PATCH v2] target/riscv: raise an exception when CSRRS/CSRRC writes a read-only CSR Yu-Ming Chang via
2024-03-11 4:48 ` Richard Henderson
@ 2024-03-12 2:36 ` LIU Zhiwei
1 sibling, 0 replies; 3+ messages in thread
From: LIU Zhiwei @ 2024-03-12 2:36 UTC (permalink / raw)
To: Yu-Ming Chang, palmer, alistair.francis, bin.meng, liwei1518,
dbarboza
Cc: qemu-riscv, qemu-devel
On 2024/3/11 11:08, Yu-Ming Chang wrote:
> Both CSRRS and CSRRC always read the addressed CSR and cause any read side
> effects regardless of rs1 and rd fields. Note that if rs1 specifies a register
> holding a zero value other than x0, the instruction will still attempt to write
> the unmodified value back to the CSR and will cause any attendant side effects.
>
> So if CSRRS or CSRRC tries to write a read-only CSR with rs1 which specifies
> a register holding a zero value, an illegal instruction exception should be
> raised.
>
> Signed-off-by: Yu-Ming Chang <yumin686@andestech.com>
> ---
> This incorporated the comments from Richard. Thank you.
>
> target/riscv/cpu.h | 2 ++
> target/riscv/csr.c | 17 ++++++++++++++---
> target/riscv/op_helper.c | 2 +-
> 3 files changed, 17 insertions(+), 4 deletions(-)
>
> diff --git a/target/riscv/cpu.h b/target/riscv/cpu.h
> index 5d291a7092..452841ae2f 100644
> --- a/target/riscv/cpu.h
> +++ b/target/riscv/cpu.h
> @@ -710,6 +710,8 @@ void cpu_get_tb_cpu_state(CPURISCVState *env, vaddr *pc,
> void riscv_cpu_update_mask(CPURISCVState *env);
> bool riscv_cpu_is_32bit(RISCVCPU *cpu);
>
> +RISCVException riscv_csrr(CPURISCVState *env, int csrno,
> + target_ulong *ret_value);
> RISCVException riscv_csrrw(CPURISCVState *env, int csrno,
> target_ulong *ret_value,
> target_ulong new_value, target_ulong write_mask);
> diff --git a/target/riscv/csr.c b/target/riscv/csr.c
> index d4e8ac13b9..0d14ba2ba5 100644
> --- a/target/riscv/csr.c
> +++ b/target/riscv/csr.c
> @@ -4306,7 +4306,7 @@ static RISCVException rmw_seed(CPURISCVState *env, int csrno,
>
> static inline RISCVException riscv_csrrw_check(CPURISCVState *env,
> int csrno,
> - bool write_mask)
> + bool write)
> {
> /* check privileges and return RISCV_EXCP_ILLEGAL_INST if check fails */
> bool read_only = get_field(csrno, 0xC00) == 3;
> @@ -4328,7 +4328,7 @@ static inline RISCVException riscv_csrrw_check(CPURISCVState *env,
> }
>
> /* read / write check */
> - if (write_mask && read_only) {
> + if (write && read_only) {
> return RISCV_EXCP_ILLEGAL_INST;
> }
>
> @@ -4415,11 +4415,22 @@ static RISCVException riscv_csrrw_do64(CPURISCVState *env, int csrno,
> return RISCV_EXCP_NONE;
> }
>
> +RISCVException riscv_csrr(CPURISCVState *env, int csrno,
> + target_ulong *ret_value)
> +{
> + RISCVException ret = riscv_csrrw_check(env, csrno, false);
> + if (ret != RISCV_EXCP_NONE) {
> + return ret;
> + }
> +
> + return riscv_csrrw_do64(env, csrno, ret_value, 0, 0);
> +}
> +
> RISCVException riscv_csrrw(CPURISCVState *env, int csrno,
> target_ulong *ret_value,
> target_ulong new_value, target_ulong write_mask)
> {
> - RISCVException ret = riscv_csrrw_check(env, csrno, write_mask);
> + RISCVException ret = riscv_csrrw_check(env, csrno, true);
> if (ret != RISCV_EXCP_NONE) {
> return ret;
> }
> diff --git a/target/riscv/op_helper.c b/target/riscv/op_helper.c
> index f414aaebdb..f3aa705be8 100644
> --- a/target/riscv/op_helper.c
> +++ b/target/riscv/op_helper.c
> @@ -51,7 +51,7 @@ target_ulong helper_csrr(CPURISCVState *env, int csr)
> }
>
> target_ulong val = 0;
> - RISCVException ret = riscv_csrrw(env, csr, &val, 0, 0);
> + RISCVException ret = riscv_csrr(env, csr, &val);
>
> if (ret != RISCV_EXCP_NONE) {
> riscv_raise_exception(env, ret, GETPC());
Hi Yu-Ming,
The 128-bit CSR operations have the similar errors. Could you solve the
similar bug in this patch set?
Otherwise,
Reviewed-by: LIU Zhiwei <zhiwei_liu@linux.alibaba.com>
Thanks,
Zhiwei
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2024-03-12 2:37 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-03-11 3:08 [PATCH v2] target/riscv: raise an exception when CSRRS/CSRRC writes a read-only CSR Yu-Ming Chang via
2024-03-11 4:48 ` Richard Henderson
2024-03-12 2:36 ` LIU Zhiwei
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).