blob: 6a7d31472e1e52dde1453a7b087b4e5920ea5e37 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
|
register: 0.482
device: 0.456
architecture: 0.413
virtual: 0.406
performance: 0.374
permissions: 0.337
graphic: 0.315
peripherals: 0.294
risc-v: 0.285
ppc: 0.275
network: 0.239
hypervisor: 0.227
kernel: 0.225
PID: 0.216
socket: 0.212
semantic: 0.204
mistranslation: 0.202
VMM: 0.202
i386: 0.181
boot: 0.160
vnc: 0.158
TCG: 0.157
files: 0.151
assembly: 0.151
x86: 0.149
user-level: 0.148
debug: 0.146
KVM: 0.121
arm: 0.110
masking mode field in mepc before mret
Description of problem:
I thought I found a bug in OpenSBI (https://github.com/riscv-software-src/opensbi/issues/391) but it actually is a QEMU bug.
It is described here: https://lists.infradead.org/pipermail/opensbi/2025-March/008166.html
Steps to reproduce:
1. use an application with vectored mode enabled (The RISC-V Instruction Set Manual: Volume II: Privileged Architecture / chapter 10.1.2) in QEMU
2. trigger an illegal instruction interrupt (handle it in machine mode - not by medeleg)
3. in a machine mode trap: Store STVEC in MEPC.
4. do a mret
5. the first bits of mepc are not masked so the address in mepc (comming from (v)stvec) will be false after mret
Additional information:
My guess is that the instructions from the following quote (masking of lower bits in mepc) from the official spec must be implemented here:
https://gitlab.com/qemu-project/qemu/-/blob/master/target/riscv/op_helper.c?ref_type=heads#L387
Maybe also somewhere else.
> 3.1.14. Machine Exception Program Counter (mepc)
>
> mepc is an MXLEN-bit read/write register formatted as shown in Figure 21. The low bit of mepc
> (mepc[0]) is always zero. On implementations that support only IALIGN=32, the two low bits
> (mepc[1:0]) are always zero.
>
> If an implementation allows IALIGN to be either 16 or 32 (by changing CSR misa, for example), then,
> whenever IALIGN=32, bit mepc[1] is masked on reads so that it appears to be 0. This masking occurs
> also for the implicit read by the MRET instruction. Though masked, mepc[1] remains writable when
> IALIGN=32.
>
> mepc is a WARL register that must be able to hold all valid virtual addresses. It need not be capable of
> holding all possible invalid addresses. Prior to writing mepc, implementations may convert an invalid
> address into some other invalid address that mepc is capable of holding.
|