diff options
| author | Christian Krinitsin <mail@krinitsin.com> | 2025-05-21 21:21:26 +0200 |
|---|---|---|
| committer | Christian Krinitsin <mail@krinitsin.com> | 2025-05-21 21:21:26 +0200 |
| commit | 4b927bc37359dec23f67d3427fc982945f24f404 (patch) | |
| tree | 245449ef9146942dc7fffd0235b48b7e70a00bf2 /gitlab/issues/target_riscv/host_missing/accel_TCG/2855.toml | |
| parent | aa8bd79cec7bf6790ddb01d156c2ef2201abbaab (diff) | |
| download | emulator-bug-study-4b927bc37359dec23f67d3427fc982945f24f404.tar.gz emulator-bug-study-4b927bc37359dec23f67d3427fc982945f24f404.zip | |
add gitlab issues in toml format
Diffstat (limited to 'gitlab/issues/target_riscv/host_missing/accel_TCG/2855.toml')
| -rw-r--r-- | gitlab/issues/target_riscv/host_missing/accel_TCG/2855.toml | 37 |
1 files changed, 37 insertions, 0 deletions
diff --git a/gitlab/issues/target_riscv/host_missing/accel_TCG/2855.toml b/gitlab/issues/target_riscv/host_missing/accel_TCG/2855.toml new file mode 100644 index 00000000..a558f36f --- /dev/null +++ b/gitlab/issues/target_riscv/host_missing/accel_TCG/2855.toml @@ -0,0 +1,37 @@ +id = 2855 +title = "masking mode field in mepc before mret" +state = "opened" +created_at = "2025-03-06T09:38:42.439Z" +closed_at = "n/a" +labels = ["accel: TCG", "kind::Bug", "target: riscv"] +url = "https://gitlab.com/qemu-project/qemu/-/issues/2855" +host-os = "all" +host-arch = "riscv" +qemu-version = "QEMU emulator version 9.2.0 (v9.2.0)" +guest-os = "qemu-system-riscv64" +guest-arch = "riscv" +description = """I thought I found a bug in OpenSBI (https://github.com/riscv-software-src/opensbi/issues/391) but it actually is a QEMU bug. +It is described here: https://lists.infradead.org/pipermail/opensbi/2025-March/008166.html""" +reproduce = """1. use an application with vectored mode enabled (The RISC-V Instruction Set Manual: Volume II: Privileged Architecture / chapter 10.1.2) in QEMU +2. trigger an illegal instruction interrupt (handle it in machine mode - not by medeleg) +3. in a machine mode trap: Store STVEC in MEPC. +4. do a mret +5. the first bits of mepc are not masked so the address in mepc (comming from (v)stvec) will be false after mret""" +additional = """My guess is that the instructions from the following quote (masking of lower bits in mepc) from the official spec must be implemented here: +https://gitlab.com/qemu-project/qemu/-/blob/master/target/riscv/op_helper.c?ref_type=heads#L387 +Maybe also somewhere else. + +> 3.1.14. Machine Exception Program Counter (mepc) +> +> mepc is an MXLEN-bit read/write register formatted as shown in Figure 21. The low bit of mepc +> (mepc[0]) is always zero. On implementations that support only IALIGN=32, the two low bits +> (mepc[1:0]) are always zero. +> +> If an implementation allows IALIGN to be either 16 or 32 (by changing CSR misa, for example), then, +> whenever IALIGN=32, bit mepc[1] is masked on reads so that it appears to be 0. This masking occurs +> also for the implicit read by the MRET instruction. Though masked, mepc[1] remains writable when +> IALIGN=32. +> +> mepc is a WARL register that must be able to hold all valid virtual addresses. It need not be capable of +> holding all possible invalid addresses. Prior to writing mepc, implementations may convert an invalid +> address into some other invalid address that mepc is capable of holding.""" |