blob: 99f463f5f9abe7bf395f4a6d3ad1c790eb0e0f8e (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
|
RISC-V APLIC emulation: interrupt pending state of direct-delivery level-triggered interrupts is wrong after masking
Description of problem:
According to the APLIC specification, the interrupt pending state of a level-triggered interrupt in direct delivery mode should always match the (rectified) input signal:
> When an interrupt domain is in direct delivery mode, the pending bit for a level-sensitive source is always just a copy of the rectified input value.
(From Section 4.7 "Precise effects on interrupt-pending bits" of the specification. See also the more detailed paragraph starting with "If the
source mode is Level1 or Level0 and the interrupt domain is configured in direct delivery mode [...]".)
However, **this is not true in Qemu's emulation**. In particular, in some situations, **a level-triggered interrupt in direct delivery mode can be raised even though the rectified input signal is off**.
Steps to reproduce:
1. Set `-machine virt,acpi=off,aia=aplic` to use AIA without IMSIC.
2. Program APLIC to direct delivery. Program some level triggered interrupt (e.g., an interrupt of a PCIe ECAM controller).
4. Wait until the IRQ is raised by a device (i.e., `claimi` returns the IRQ).
5. Mask the interrupt by writing to `clrie`.
6. Clear the interrupt at the device level.
7. The state of Qemu's APLIC registers is now:
```
Rectified input = 0 (correct)
Pending = 1 (incorrect)
topi = 0 (correct)
```
Furthermore, if `setie` is written to unmask the IRQ in this situation, the IRQ is raised (in `topi` / `claimi`) despite the signal being off.
|