summary refs log tree commit diff stats
path: root/gitlab/issues/target_riscv/host_missing/accel_missing/2763.toml
diff options
context:
space:
mode:
authorChristian Krinitsin <mail@krinitsin.com>2025-05-21 21:21:26 +0200
committerChristian Krinitsin <mail@krinitsin.com>2025-05-21 21:21:26 +0200
commit4b927bc37359dec23f67d3427fc982945f24f404 (patch)
tree245449ef9146942dc7fffd0235b48b7e70a00bf2 /gitlab/issues/target_riscv/host_missing/accel_missing/2763.toml
parentaa8bd79cec7bf6790ddb01d156c2ef2201abbaab (diff)
downloademulator-bug-study-4b927bc37359dec23f67d3427fc982945f24f404.tar.gz
emulator-bug-study-4b927bc37359dec23f67d3427fc982945f24f404.zip
add gitlab issues in toml format
Diffstat (limited to 'gitlab/issues/target_riscv/host_missing/accel_missing/2763.toml')
-rw-r--r--gitlab/issues/target_riscv/host_missing/accel_missing/2763.toml34


1 files changed, 34 insertions, 0 deletions
diff --git a/gitlab/issues/target_riscv/host_missing/accel_missing/2763.toml b/gitlab/issues/target_riscv/host_missing/accel_missing/2763.toml
new file mode 100644
index 00000000..29ce6297
--- /dev/null
+++ b/gitlab/issues/target_riscv/host_missing/accel_missing/2763.toml
@@ -0,0 +1,34 @@
+id = 2763
+title = "RISC-V APLIC emulation: interrupt pending state of direct-delivery level-triggered interrupts is wrong after masking"
+state = "opened"
+created_at = "2025-01-05T14:12:33.833Z"
+closed_at = "n/a"
+labels = ["target: riscv"]
+url = "https://gitlab.com/qemu-project/qemu/-/issues/2763"
+host-os = "Debian"
+host-arch = "x86_64"
+qemu-version = "master at 9ee90cfc25747ab25c7da31a50f167fc5122e20e"
+guest-os = "n/a"
+guest-arch = "riscv64, virt target, `aia=aplic"
+description = """According to the APLIC specification, the interrupt pending state of a level-triggered interrupt in direct delivery mode should always match the (rectified) input signal:
+
+> When an interrupt domain is in direct delivery mode, the pending bit for a level-sensitive source is always just a copy of the rectified input value.
+
+(From Section 4.7 "Precise effects on interrupt-pending bits" of the specification. See also the more detailed paragraph starting with "If the 
+ source mode is Level1 or Level0 and the interrupt domain is configured in direct delivery mode [...]".)
+
+However, **this is not true in Qemu's emulation**. In particular, in some situations, **a level-triggered interrupt in direct delivery mode can be raised even though the rectified input signal is off**."""
+reproduce = """1. Set `-machine virt,acpi=off,aia=aplic` to use AIA without IMSIC.
+2. Program APLIC to direct delivery. Program some level triggered interrupt (e.g., an interrupt of a PCIe ECAM controller).
+4. Wait until the IRQ is raised by a device (i.e., `claimi` returns the IRQ).
+5. Mask the interrupt by writing to `clrie`.
+6. Clear the interrupt at the device level.
+7. The state of Qemu's APLIC registers is now:
+   ```
+   Rectified input = 0 (correct)
+   Pending = 1 (incorrect)
+   topi = 0 (correct)
+   ```
+
+Furthermore, if `setie` is written to unmask the IRQ in this situation, the IRQ is raised (in `topi` / `claimi`) despite the signal being off."""
+additional = "n/a"