[{"id":3675586,"web_url":"http://patchwork.ozlabs.org/comment/3675586/","msgid":"","list_archive_url":null,"date":"2026-04-10T01:13:03","subject":"Re: [PATCH 2/2] target/riscv: fix RV32 stateen CSR handling","submitter":{"id":64571,"url":"http://patchwork.ozlabs.org/api/people/64571/","name":"Alistair Francis","email":"alistair23@gmail.com"},"content":"On Fri, Apr 10, 2026 at 3:27 AM Bruno Sa wrote:\n>\n> The RV32 stateen CSRs are split between the low-half CSR and the\n> corresponding xH CSR, but the current implementation still handles some\n> upper-half bits through the low-half write paths and also accepts the\n> xH CSRs on RV64.\n>\n> Fix this by:\n> - rejecting mstateen*h and hstateen*h accesses on RV64\n> - keeping the RV64-only writable bits in the low-half write paths\n> - handling the RV32 upper-half writable bits in write_mstateen0h() and\n> write_hstateen0h()\n> - dropping unsupported writable bits from write_sstateen0()\n>\n> Signed-off-by: Bruno Sa \n\nReviewed-by: Alistair Francis \n\nAlistair\n\n> ---\n> target/riscv/csr.c | 112 +++++++++++++++++++++++++++++++--------------\n> 1 file changed, 77 insertions(+), 35 deletions(-)\n>\n> diff --git a/target/riscv/csr.c b/target/riscv/csr.c\n> index d322bdbd47..015deca6dc 100644\n> --- a/target/riscv/csr.c\n> +++ b/target/riscv/csr.c\n> @@ -497,6 +497,15 @@ static RISCVException mstateen(CPURISCVState *env, int csrno)\n> return any(env, csrno);\n> }\n>\n> +static RISCVException mstateen_32(CPURISCVState *env, int csrno)\n> +{\n> + if (riscv_cpu_mxl(env) != MXL_RV32) {\n> + return RISCV_EXCP_ILLEGAL_INST;\n> + }\n> +\n> + return mstateen(env, csrno);\n> +}\n> +\n> static RISCVException hstateen_pred(CPURISCVState *env, int csrno, int base)\n> {\n> if (!riscv_cpu_cfg(env)->ext_smstateen) {\n> @@ -528,6 +537,10 @@ static RISCVException hstateen(CPURISCVState *env, int csrno)\n>\n> static RISCVException hstateenh(CPURISCVState *env, int csrno)\n> {\n> + if (riscv_cpu_mxl(env) != MXL_RV32) {\n> + return RISCV_EXCP_ILLEGAL_INST;\n> + }\n> +\n> return hstateen_pred(env, csrno, CSR_HSTATEEN0H);\n> }\n>\n> @@ -3403,25 +3416,27 @@ static RISCVException write_mstateen0(CPURISCVState *env, int csrno,\n> wr_mask |= SMSTATEEN0_FCSR;\n> }\n>\n> - if (env->priv_ver >= PRIV_VERSION_1_13_0) {\n> - wr_mask |= SMSTATEEN0_P1P13;\n> - }\n> + if (riscv_cpu_mxl(env) == MXL_RV64) {\n> + if (env->priv_ver >= PRIV_VERSION_1_13_0) {\n> + wr_mask |= SMSTATEEN0_P1P13;\n> + }\n>\n> - if (riscv_cpu_cfg(env)->ext_smaia || riscv_cpu_cfg(env)->ext_smcsrind) {\n> - wr_mask |= SMSTATEEN0_SVSLCT;\n> - }\n> + if (riscv_cpu_cfg(env)->ext_smaia || riscv_cpu_cfg(env)->ext_smcsrind) {\n> + wr_mask |= SMSTATEEN0_SVSLCT;\n> + }\n>\n> - /*\n> - * As per the AIA specification, SMSTATEEN0_IMSIC is valid only if IMSIC is\n> - * implemented. However, that information is with MachineState and we can't\n> - * figure that out in csr.c. Just enable if Smaia is available.\n> - */\n> - if (riscv_cpu_cfg(env)->ext_smaia) {\n> - wr_mask |= (SMSTATEEN0_AIA | SMSTATEEN0_IMSIC);\n> - }\n> + /*\n> + * As per the AIA specification, SMSTATEEN0_IMSIC is valid only if IMSIC is\n> + * implemented. However, that information is with MachineState and we can't\n> + * figure that out in csr.c. Just enable if Smaia is available.\n> + */\n> + if (riscv_cpu_cfg(env)->ext_smaia) {\n> + wr_mask |= (SMSTATEEN0_AIA | SMSTATEEN0_IMSIC);\n> + }\n>\n> - if (riscv_cpu_cfg(env)->ext_ssctr) {\n> - wr_mask |= SMSTATEEN0_CTR;\n> + if (riscv_cpu_cfg(env)->ext_ssctr) {\n> + wr_mask |= SMSTATEEN0_CTR;\n> + }\n> }\n>\n> return write_mstateen(env, csrno, wr_mask, new_val);\n> @@ -3463,6 +3478,19 @@ static RISCVException write_mstateen0h(CPURISCVState *env, int csrno,\n> wr_mask |= SMSTATEEN0_P1P13;\n> }\n>\n> + if (riscv_cpu_cfg(env)->ext_smaia || riscv_cpu_cfg(env)->ext_smcsrind) {\n> + wr_mask |= SMSTATEEN0_SVSLCT;\n> + }\n> +\n> + /*\n> + * As per the AIA specification, SMSTATEEN0_IMSIC is valid only if IMSIC is\n> + * implemented. However, that information is with MachineState and we can't\n> + * figure that out in csr.c. Just enable if Smaia is available.\n> + */\n> + if (riscv_cpu_cfg(env)->ext_smaia) {\n> + wr_mask |= (SMSTATEEN0_AIA | SMSTATEEN0_IMSIC);\n> + }\n> +\n> if (riscv_cpu_cfg(env)->ext_ssctr) {\n> wr_mask |= SMSTATEEN0_CTR;\n> }\n> @@ -3507,22 +3535,23 @@ static RISCVException write_hstateen0(CPURISCVState *env, int csrno,\n> if (!riscv_has_ext(env, RVF)) {\n> wr_mask |= SMSTATEEN0_FCSR;\n> }\n> + if (riscv_cpu_mxl(env) == MXL_RV64) {\n> + if (riscv_cpu_cfg(env)->ext_ssaia || riscv_cpu_cfg(env)->ext_sscsrind) {\n> + wr_mask |= SMSTATEEN0_SVSLCT;\n> + }\n>\n> - if (riscv_cpu_cfg(env)->ext_ssaia || riscv_cpu_cfg(env)->ext_sscsrind) {\n> - wr_mask |= SMSTATEEN0_SVSLCT;\n> - }\n> -\n> - /*\n> - * As per the AIA specification, SMSTATEEN0_IMSIC is valid only if IMSIC is\n> - * implemented. However, that information is with MachineState and we can't\n> - * figure that out in csr.c. Just enable if Ssaia is available.\n> - */\n> - if (riscv_cpu_cfg(env)->ext_ssaia) {\n> - wr_mask |= (SMSTATEEN0_AIA | SMSTATEEN0_IMSIC);\n> - }\n> + /*\n> + * As per the AIA specification, SMSTATEEN0_IMSIC is valid only if IMSIC is\n> + * implemented. However, that information is with MachineState and we can't\n> + * figure that out in csr.c. Just enable if Ssaia is available.\n> + */\n> + if (riscv_cpu_cfg(env)->ext_ssaia) {\n> + wr_mask |= (SMSTATEEN0_AIA | SMSTATEEN0_IMSIC);\n> + }\n>\n> - if (riscv_cpu_cfg(env)->ext_ssctr) {\n> - wr_mask |= SMSTATEEN0_CTR;\n> + if (riscv_cpu_cfg(env)->ext_ssctr) {\n> + wr_mask |= SMSTATEEN0_CTR;\n> + }\n> }\n>\n> return write_hstateen(env, csrno, wr_mask, new_val);\n> @@ -3564,6 +3593,19 @@ static RISCVException write_hstateen0h(CPURISCVState *env, int csrno,\n> {\n> uint64_t wr_mask = SMSTATEEN_STATEEN | SMSTATEEN0_HSENVCFG;\n>\n> + if (riscv_cpu_cfg(env)->ext_ssaia || riscv_cpu_cfg(env)->ext_sscsrind) {\n> + wr_mask |= SMSTATEEN0_SVSLCT;\n> + }\n> +\n> + /*\n> + * As per the AIA specification, SMSTATEEN0_IMSIC is valid only if IMSIC is\n> + * implemented. However, that information is with MachineState and we can't\n> + * figure that out in csr.c. Just enable if Ssaia is available.\n> + */\n> + if (riscv_cpu_cfg(env)->ext_ssaia) {\n> + wr_mask |= (SMSTATEEN0_AIA | SMSTATEEN0_IMSIC);\n> + }\n> +\n> if (riscv_cpu_cfg(env)->ext_ssctr) {\n> wr_mask |= SMSTATEEN0_CTR;\n> }\n> @@ -3613,7 +3655,7 @@ static RISCVException write_sstateen(CPURISCVState *env, int csrno,\n> static RISCVException write_sstateen0(CPURISCVState *env, int csrno,\n> target_ulong new_val)\n> {\n> - uint64_t wr_mask = SMSTATEEN_STATEEN | SMSTATEEN0_HSENVCFG;\n> + uint64_t wr_mask = 0;\n>\n> if (!riscv_has_ext(env, RVF)) {\n> wr_mask |= SMSTATEEN0_FCSR;\n> @@ -5861,25 +5903,25 @@ riscv_csr_operations csr_ops[CSR_TABLE_SIZE] = {\n> /* Smstateen extension CSRs */\n> [CSR_MSTATEEN0] = { \"mstateen0\", mstateen, read_mstateen, write_mstateen0,\n> .min_priv_ver = PRIV_VERSION_1_12_0 },\n> - [CSR_MSTATEEN0H] = { \"mstateen0h\", mstateen, read_mstateenh,\n> + [CSR_MSTATEEN0H] = { \"mstateen0h\", mstateen_32, read_mstateenh,\n> write_mstateen0h,\n> .min_priv_ver = PRIV_VERSION_1_12_0 },\n> [CSR_MSTATEEN1] = { \"mstateen1\", mstateen, read_mstateen,\n> write_mstateen_1_3,\n> .min_priv_ver = PRIV_VERSION_1_12_0 },\n> - [CSR_MSTATEEN1H] = { \"mstateen1h\", mstateen, read_mstateenh,\n> + [CSR_MSTATEEN1H] = { \"mstateen1h\", mstateen_32, read_mstateenh,\n> write_mstateenh_1_3,\n> .min_priv_ver = PRIV_VERSION_1_12_0 },\n> [CSR_MSTATEEN2] = { \"mstateen2\", mstateen, read_mstateen,\n> write_mstateen_1_3,\n> .min_priv_ver = PRIV_VERSION_1_12_0 },\n> - [CSR_MSTATEEN2H] = { \"mstateen2h\", mstateen, read_mstateenh,\n> + [CSR_MSTATEEN2H] = { \"mstateen2h\", mstateen_32, read_mstateenh,\n> write_mstateenh_1_3,\n> .min_priv_ver = PRIV_VERSION_1_12_0 },\n> [CSR_MSTATEEN3] = { \"mstateen3\", mstateen, read_mstateen,\n> write_mstateen_1_3,\n> .min_priv_ver = PRIV_VERSION_1_12_0 },\n> - [CSR_MSTATEEN3H] = { \"mstateen3h\", mstateen, read_mstateenh,\n> + [CSR_MSTATEEN3H] = { \"mstateen3h\", mstateen_32, read_mstateenh,\n> write_mstateenh_1_3,\n> .min_priv_ver = PRIV_VERSION_1_12_0 },\n> [CSR_HSTATEEN0] = { \"hstateen0\", hstateen, read_hstateen, write_hstateen0,\n> --\n> 2.43.0\n>\n>","headers":{"Return-Path":"","X-Original-To":"incoming@patchwork.ozlabs.org","Delivered-To":"patchwork-incoming@legolas.ozlabs.org","Authentication-Results":["legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256\n header.s=20251104 header.b=SVHnLZNl;\n\tdkim-atps=neutral","legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=nongnu.org\n (client-ip=209.51.188.17; helo=lists.gnu.org;\n envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org;\n receiver=patchwork.ozlabs.org)"],"Received":["from lists.gnu.org (lists1p.gnu.org [209.51.188.17])\n\t(using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits))\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4fsJkN417Mz1y2d\n\tfor ; Fri, 10 Apr 2026 11:14:50 +1000 (AEST)","from localhost ([::1] helo=lists1p.gnu.org)\n\tby lists.gnu.org with esmtp (Exim 4.90_1)\n\t(envelope-from )\n\tid 1wB0RK-0003Vl-FX; Thu, 09 Apr 2026 21:13:42 -0400","from eggs.gnu.org ([2001:470:142:3::10])\n by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)\n (Exim 4.90_1) (envelope-from )\n id 1wB0RI-0003VT-Pr\n for qemu-devel@nongnu.org; Thu, 09 Apr 2026 21:13:40 -0400","from mail-ed1-x535.google.com ([2a00:1450:4864:20::535])\n by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)\n (Exim 4.90_1) (envelope-from )\n id 1wB0RG-000705-T5\n for qemu-devel@nongnu.org; Thu, 09 Apr 2026 21:13:40 -0400","by mail-ed1-x535.google.com with SMTP id\n 4fb4d7f45d1cf-66f8f556f39so2073775a12.0\n for ; Thu, 09 Apr 2026 18:13:33 -0700 (PDT)"],"ARC-Seal":"i=1; a=rsa-sha256; t=1775783611; cv=none;\n d=google.com; s=arc-20240605;\n b=HRNwpLSXZf9GLSEQ5IyI1xlrZJcE0w26jBRMChgYQpl4uixnJaNKXEuQZu//x/bjLr\n Ywc0QgPoJF2Uk4KlEMfhQZ8zKt0x/3qZoDzWo795Ws7USyxVgZLTtiwmqP2SMzA+/fz6\n hW/rHSnsUss6Ym43JP4YkI4qBQ4kLTmjdZaMTT15sx6NwkgpQuOW6wDiocrdg0HfOZzn\n sVA+yke2Jx3DXukeM0JGgowtgoTzXQW8hTq0PNrzHpDZCIoY8BN0QyoA98ACGILIUag7\n QxYASShV559DFA+aIUx/57MCPtpAlUexkJID3XtlYBSMumlaO6YZfHNTjP+7I3D93Xpn\n ncQQ==","ARC-Message-Signature":"i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;\n s=arc-20240605;\n h=content-transfer-encoding:cc:to:subject:message-id:date:from\n :in-reply-to:references:mime-version:dkim-signature;\n bh=XqUd/qrKeKF7MWtNKvhX+CsNzfQeCQ4VlflP/ZZVFlE=;\n fh=yA45nsw3/GlmR4yv0X4Y623/LexEZcgSQA1vCu7Dy/k=;\n b=XlA6Idtx4ePpm62u+N32no26QSgUPVG8hmFvuhlIdQNMTWyRHx+EfNn+1WE6bl5vGg\n HwDarhwjxfxeHVHmbPsw5wUET4K9p45rH6cmsloSVsFcEfCb0DyTxjczKMHO26igjb01\n lLfgq8ONKNqF8uH5Y+i/0uHv7DLgJey34vYoiMs7OhJSt5dsmZdF5IA83GWQ402PTm8N\n nnDbx9bCTX0hJE3OMj143QaoeOmHrqkOEvxZ7RLDajP19GwlfSiayQS8iTYLB3XA6jdH\n eQXn3iwaRi3KIiq7v1WA3Io7Lilcl3vMkkVHUoapbekbeMd3YVN9Ha1K6R/g22KU72co\n eb7g==; darn=nongnu.org","ARC-Authentication-Results":"i=1; mx.google.com; arc=none","DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=gmail.com; s=20251104; t=1775783611; x=1776388411; darn=nongnu.org;\n h=content-transfer-encoding:cc:to:subject:message-id:date:from\n :in-reply-to:references:mime-version:from:to:cc:subject:date\n :message-id:reply-to;\n bh=XqUd/qrKeKF7MWtNKvhX+CsNzfQeCQ4VlflP/ZZVFlE=;\n b=SVHnLZNlZoqjG5zBNi7Z+8QRq8zw6Rb0kthWI1Fpa58JY1LkmVXnvPPAWr/tybHmsa\n leUG5QlYmLnJGlnavQ8La+d6RcQzJqnT6peItqSR4MCbtM6cOnhDC86VMdzec3fXbvtg\n kSrgLDxJh/MgTpCtJDXa3ifnGuuKkdMLuuaZv/d+MzL76eSvGs+BLZE6H2rNjIFE64vy\n 2qFxr51W7k2PxzN6V/zQ949NxQXH3KHC3wDqH/lMf6XHc4GV4cu32mDkzeJ9Nfhs5Lm7\n sjQmib1FcrKUeDs5dMsF3nXADZZqWHDCkNzG+GTleVXNL9EygwGj8tG8lVESd1XK7dNk\n BkqA==","X-Google-DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=1e100.net; s=20251104; t=1775783611; x=1776388411;\n h=content-transfer-encoding:cc:to:subject:message-id:date:from\n :in-reply-to:references:mime-version:x-gm-gg:x-gm-message-state:from\n :to:cc:subject:date:message-id:reply-to;\n bh=XqUd/qrKeKF7MWtNKvhX+CsNzfQeCQ4VlflP/ZZVFlE=;\n b=aO8DFBL/5eoa23bxo4idqlqXf2TLyw621xZ1xxTk0WdXH+HTSTHfu29mp0AVlzA6fP\n mO92ixAchDXyL0ec9No3/FK7FoTljV+5fTtoSoGtFAoR1fkC5XxSXCUV1bO/dAQAvbze\n EQWckdtbBcaVpYCQuIBwjJjg/ydeUM9x/OrIKHqnw0nOCyDkBl9G+jSwaUY9C0zc0+yG\n aRM2CGtIImytDVXexKEnA0qqL7lIezyyRRS23TYNSqbo0UWCQpRixaA1+/h+0IJOSaLe\n 3bZ1gC1SnNpT3KxhLMQpBZGb+LOIVjfO139nRrKjCuotgZqDkvuJIHY5y8AqFnEc5XsH\n G6/g==","X-Gm-Message-State":"AOJu0Yyrx6jHNI9x2xlftkpW4FwmVswyuyBXtiktxQ+VcOrzZYLBZXBh\n 1ziI1W5NX0I80RMBnIx6tm4GXVEmsIWRWnJcdvQ+w/Xw7pD0+gJ0OrlWWB4O1yy0G+RVJFuha93\n iKPS/6eBNJoKhcvs8htKTi7p/rbG8iTg=","X-Gm-Gg":"AeBDiesb6blO45l4OGLF/fSLSXR4cfqKMlxd8l8uUckmVFs0c7EHFpcoyjeIqUACL8D\n gxDb4lwo0YwVoeUNMsSl4aO8ekc46HykMn/dZqSCdLSGFK+4tNEwLaZhIAvPJJch1T7vMIFndlq\n y+gF+nmVHegPXGdMSnnjUW5iabna9r0tgGdKi4n0ankIUCd+l98n3cJsfUNRA65xr5qr27ZrkmP\n gzdy5YoIgtYJGr2zWutxtxKQTYsA+XT1tRmCFpNgbP9uxf499jLIri/b+Z4AorGo0zSoB5B8beu\n keCeJ4TA/Qbw+L22EJoMY+Xj+r3C2chGSFjuRQ==","X-Received":"by 2002:a17:907:94d3:b0:b98:9da:4d94 with SMTP id\n a640c23a62f3a-b9d72ada081mr72793466b.48.1775783611103; Thu, 09 Apr 2026\n 18:13:31 -0700 (PDT)","MIME-Version":"1.0","References":"<20260409155344.2849233-1-bruno.vilaca.sa@gmail.com>\n <20260409155344.2849233-3-bruno.vilaca.sa@gmail.com>","In-Reply-To":"<20260409155344.2849233-3-bruno.vilaca.sa@gmail.com>","From":"Alistair Francis ","Date":"Fri, 10 Apr 2026 11:13:03 +1000","X-Gm-Features":"AQROBzAHibk46k_F1a2HJF-1kynf5p4fUtsSm6Vr4pKMwH7FJuzTmohBJ4Mt31s","Message-ID":"\n ","Subject":"Re: [PATCH 2/2] target/riscv: fix RV32 stateen CSR handling","To":"Bruno Sa ","Cc":"qemu-devel@nongnu.org, qemu-riscv@nongnu.org, palmer@dabbelt.com,\n alistair.francis@wdc.com, liwei1518@gmail.com, dbarboza@ventanamicro.com,\n zhiwei_liu@linux.alibaba.com","Content-Type":"text/plain; charset=\"UTF-8\"","Content-Transfer-Encoding":"quoted-printable","Received-SPF":"pass client-ip=2a00:1450:4864:20::535;\n envelope-from=alistair23@gmail.com; helo=mail-ed1-x535.google.com","X-Spam_score_int":"-17","X-Spam_score":"-1.8","X-Spam_bar":"-","X-Spam_report":"(-1.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,\n DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,\n FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001,\n RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001,\n SPF_PASS=-0.001 autolearn=ham autolearn_force=no","X-Spam_action":"no action","X-BeenThere":"qemu-devel@nongnu.org","X-Mailman-Version":"2.1.29","Precedence":"list","List-Id":"qemu development ","List-Unsubscribe":",\n ","List-Archive":"","List-Post":"","List-Help":"","List-Subscribe":",\n ","Errors-To":"qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org","Sender":"qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org"}}]