blob: 13c0e4ac7ef799564ef1a5f0f5ca73e692d3fada (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
|
RISC-V: VS external IRQ can be taken in M-mode
Description of problem:
The RISC-V specification states that `VS-level interrupts and guest external interrupts are always delegated past M-mode to HS mode.`
I happened to come across a situation where QEMU takes the vs_external IRQ in machine mode.
Steps to reproduce:
1. Enable IRQs globally (mstatus, vsstatus)
2. Set hstatus.VGEIN to a legal value
3. Write -1 to mie
4. Write -1 to hvip
I included a binary that should be able to reproduce the issue.
I use a vectored setup for mtvec and as soon as the VSEIP bit in hvip has been set the machine jumps to mtvec.vsei.
To confirm that I actually went to mtvec and not somewhere with a faulty print I also performed an ecall and that was reported as an M mode ecall.
Additional information:
```
TRACE: [hart_ctrl.c:35] STARTING CPU 0
DEBUG: [trap_handling.c: 886] Setting up trap handlers
DEBUG: [aia_ctrl.c: 377] Initializing interrupt controller
TRACE: [main.c:31] Writing -1 to mie
TRACE: [main.c:33] Writing -1 to hvip
riscv_cpu_do_interrupt: hart:0, async:1, cause:000000000000000a, epc:0x0000000080000114, tval:0x0000000000000000, desc=vs_external
ERROR: [trap_handling.c:280] mtvec_vsei should be unreachable
mstatus = 0x0000000a000038a2 hstatus:
SIE = 1 VSXL[1:0] = 2
MIE = 0 VTSR = 0
SPIE = 1 VTW = 0
UBE = 0 VTVM = 0
MPIE = 1 VGEIN[5:0] = 1
SPP = 0 HU = 0
VS = 0 SPVP = 0
MPP = 3 SPV = 0
FS = 1 GVA = 0
MPRV = 0 VSBE = 0
SUM = 0
MXR = 0
TVM = 0
TW = 0
TSR = 0
UXL = 2
SXL = 2
SBE = 0
MBE = 0
GVA = 0
MPV = 0
mie mip mideleg hvip
ssie (1) = 1 ssip (1) = 0 ssi (1) = 0 ssip (1) = 0
vssie(2) = 1 vssip(2) = 1 vssi (2) = 0 vssip(2) = 1
msie (3) = 1 msip (3) = 0 msi (3) = 0 msip (3) = 0
stie (5) = 1 stip (5) = 0 sti (5) = 0 stip (5) = 0
vstie(6) = 1 vstip(6) = 0 vsti (6) = 0 vstip(6) = 0
mtie (7) = 1 mtip (7) = 0 mti (7) = 0 mtip (7) = 0
seie (9) = 1 seip (9) = 0 sei (9) = 0 seip (9) = 0
vseie(10) = 1 vseip(10) = 1 vsei (10) = 0 vseip(10) = 1
meie (11) = 1 meip (11) = 0 mei (11) = 0 meip (11) = 0
sgeie(12) = 1 sgeip(12) = 0 sgei (12) = 0 sgeip(12) = 0
DEBUG: [trap_handling.c: 28] hart_ctrl.kill_hart = 0x8000a00c
TRACE: [trap_handling.c:29] Program done, exiting
QEMU: Terminated
```
Reproducer of the problem:
[main](/uploads/26a5698ce948149ca9d34f6b3dfac6a4/main)
|