summary refs log tree commit diff stats
path: root/results/classifier/zero-shot/105/KVM/1155
blob: 021302416cb8060015d9923e1dad12a007d4b328 (plain) (blame) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40

KVM: 0.861
instruction: 0.797
graphic: 0.794
device: 0.681
semantic: 0.398
other: 0.388
vnc: 0.374
boot: 0.304
mistranslation: 0.286
network: 0.277
socket: 0.243
assembly: 0.152

RISC-V: Instruction fetch exceptions can have invalid tval/epc combination
Description of problem:
Instruction page fault / guest-page fault / access fault exceptions can have invalid `epc`/`tval` combinations, for example as shown in the debug log:

```
riscv_cpu_do_interrupt: hart:0, async:0, cause:0000000000000014, epc:0xffffffff802fec76, tval:0xffffffff802ff000, desc=guest_exec_page_fault
riscv_cpu_do_interrupt: hart:0, async:0, cause:0000000000000014, epc:0xffffffff80243fe6, tval:0xffffffff80244000, desc=guest_exec_page_fault
```

From the privileged spec:

> If `mtval` is written with a nonzero value when an instruction access-fault or page-fault exception occurs on a system with variable-length instructions, then `mtval` will contain the virtual address of the portion of the instruction that caused the fault, while `mepc` will point to the beginning of the instruction.

Currently RISC-V only has 32-bit and 16-bit instructions, so the difference `tval - epc` should be either `0` or `2`. In the examples above the differences are `906` and `26` respectively.

Possibly notable: all occurrences of these invalid combinations to have `tval` aligned to a page-boundary.
Steps to reproduce:
This one only gives invalid `tval`/`epc` combinations with instruction guest-page faults, but I've found it to be the easiest reproducer to describe, since presumably running KVM in RISC-V QEMU is a standard setup. I have not otherwise been able to find a more minimal case.

1. Start a QEMU-based `riscv64` machine
2. Start a KVM-based virtual machine with QEMU inside it
3. Do some stuff in the KVM-based virtual machine to increase the chance of page faults
4. Look in the debug log of the outer QEMU for `guest_exec_page_fault` exceptions with `tval` ending in `000`, but `epc` ending in neither `000` nor `ffe`

Everything in both layers of guests should otherwise work without issue, but other/future software that relies on the spec-mandated relationship of `epc`/`tval` may break.
Additional information: