{"id":2221541,"url":"http://patchwork.ozlabs.org/api/1.1/patches/2221541/?format=json","web_url":"http://patchwork.ozlabs.org/project/qemu-devel/patch/20260409155344.2849233-3-bruno.vilaca.sa@gmail.com/","project":{"id":14,"url":"http://patchwork.ozlabs.org/api/1.1/projects/14/?format=json","name":"QEMU Development","link_name":"qemu-devel","list_id":"qemu-devel.nongnu.org","list_email":"qemu-devel@nongnu.org","web_url":"","scm_url":"","webscm_url":""},"msgid":"<20260409155344.2849233-3-bruno.vilaca.sa@gmail.com>","date":"2026-04-09T15:53:43","name":"[2/2] target/riscv: fix RV32 stateen CSR handling","commit_ref":null,"pull_url":null,"state":"new","archived":false,"hash":"abfd8fd2e53bde9b9350f537b224f7b9bae71a16","submitter":{"id":93104,"url":"http://patchwork.ozlabs.org/api/1.1/people/93104/?format=json","name":"Bruno Sa","email":"bruno.vilaca.sa@gmail.com"},"delegate":null,"mbox":"http://patchwork.ozlabs.org/project/qemu-devel/patch/20260409155344.2849233-3-bruno.vilaca.sa@gmail.com/mbox/","series":[{"id":499332,"url":"http://patchwork.ozlabs.org/api/1.1/series/499332/?format=json","web_url":"http://patchwork.ozlabs.org/project/qemu-devel/list/?series=499332","date":"2026-04-09T15:53:42","name":"target/riscv: fix RV32 henvcfg/stateen CSR handling","version":1,"mbox":"http://patchwork.ozlabs.org/series/499332/mbox/"}],"comments":"http://patchwork.ozlabs.org/api/patches/2221541/comments/","check":"pending","checks":"http://patchwork.ozlabs.org/api/patches/2221541/checks/","tags":{},"headers":{"Return-Path":"<qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>","X-Original-To":"incoming@patchwork.ozlabs.org","Delivered-To":"patchwork-incoming@legolas.ozlabs.org","Authentication-Results":["legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256\n header.s=20251104 header.b=Q+2bvs1U;\n\tdkim-atps=neutral","legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=nongnu.org\n (client-ip=209.51.188.17; helo=lists.gnu.org;\n envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org;\n receiver=patchwork.ozlabs.org)"],"Received":["from lists.gnu.org (lists1p.gnu.org [209.51.188.17])\n\t(using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits))\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4fs6Lz1TDkz1yCv\n\tfor <incoming@patchwork.ozlabs.org>; Fri, 10 Apr 2026 03:27:23 +1000 (AEST)","from localhost ([::1] helo=lists1p.gnu.org)\n\tby lists.gnu.org with esmtp (Exim 4.90_1)\n\t(envelope-from <qemu-devel-bounces@nongnu.org>)\n\tid 1wAt9G-0008SU-7D; Thu, 09 Apr 2026 13:26:34 -0400","from eggs.gnu.org ([2001:470:142:3::10])\n by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)\n (Exim 4.90_1) (envelope-from <bruno.vilaca.sa@gmail.com>)\n id 1wArhv-0000Pe-OV\n for qemu-devel@nongnu.org; Thu, 09 Apr 2026 11:54:15 -0400","from mail-wr1-x42f.google.com ([2a00:1450:4864:20::42f])\n by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)\n (Exim 4.90_1) (envelope-from <bruno.vilaca.sa@gmail.com>)\n id 1wArht-0001af-Kj\n for qemu-devel@nongnu.org; Thu, 09 Apr 2026 11:54:15 -0400","by mail-wr1-x42f.google.com with SMTP id\n ffacd0b85a97d-43d5e87a507so698537f8f.3\n for <qemu-devel@nongnu.org>; Thu, 09 Apr 2026 08:54:13 -0700 (PDT)","from ninolomata-AERO-15-KC.. (89-181-36-85.net.novis.pt.\n [89.181.36.85]) by smtp.gmail.com with ESMTPSA id\n ffacd0b85a97d-43d1e2c5468sm67259292f8f.13.2026.04.09.08.54.08\n (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);\n Thu, 09 Apr 2026 08:54:11 -0700 (PDT)"],"DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=gmail.com; s=20251104; t=1775750052; x=1776354852; darn=nongnu.org;\n h=content-transfer-encoding:mime-version:references:in-reply-to\n :message-id:date:subject:cc:to:from:from:to:cc:subject:date\n :message-id:reply-to;\n bh=G+bS3oBPOM67AM47UVT5gqwWd2ValwtF8fgOSXa4buU=;\n b=Q+2bvs1UqDh19ZjV+VmAo5GuH11OT5+lu3iMumcX4u3u4R0bdnOMJvVtYqK2MH7AQL\n Fk3zHXW4RIlg1Csmqvi60K2eYzl6yQis7a4eXb1xCxQlJwwDHk0Eyok0B+019Hewnmxy\n 1mSP0+FXUdnvCwN/2gG2uD04sZRyGxrfP2/XUWjDQ4FfWPodE2Jijqbv/Qhuef5quOFu\n doQMXjkJHjDRI8O3Hh7kyKLsnaA5yalQU0/9i1c9bp9oi8Cb0VZRz9Cr1dayDII4bZrO\n EUuwLFUbQ01b342paol5gpA+iFy6tt7E8PUCh/45fvAmO0iruoqzoCJ38c6o8dzZBU3O\n Txww==","X-Google-DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=1e100.net; s=20251104; t=1775750052; x=1776354852;\n h=content-transfer-encoding:mime-version:references:in-reply-to\n :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from\n :to:cc:subject:date:message-id:reply-to;\n bh=G+bS3oBPOM67AM47UVT5gqwWd2ValwtF8fgOSXa4buU=;\n b=SYei9RTqxATRfWjBDiM8h1/gHuoh87+WFslQKv1PyM3BrSM0Oa6CIwoY+7X7c1z2x7\n XVZRkDcu5YG4PJREh2/gW9WgtpzMFfZnImxK/1HMeIiepkk1zyl3XFCfUb9E8HO7oiqN\n vn4MRqr1EQ5+1JXgd2kmUyqUsOgmvAtYEtnxtUDAwGDHaxJ9kzcnQYQXBbSKDD3Uy78p\n gAi6JddSV2CahqXLBddtxEobEZWS8/OuPhhYUnyFxGEtsW0BsvFmf4cJEMs3KHGVYxGH\n 0sVQBp6rW+MRGL15Y/c0+juYwr3Rq3TcoSbFk6PmP52iydBZwOdD1UjySs7yFbmPVD2e\n ikaw==","X-Gm-Message-State":"AOJu0Yy05ay5OSypnNuNHYb+oouyqJMNRQCGVt5R/IL5RnhMm/6+5mmT\n H9AxVTt7sdTwKNlMzMRwEt2bwIA9BpTZbp9K4e7qsKvKBP6mMp3/j3x4RmlS3L83Dt/7sw==","X-Gm-Gg":"AeBDies7tOzkyc/gIxb+hGkWXvDqAJI0eP0lpcse6LVHF8jB0t2lKV+mm/m1oKRUtM4\n UiBPDrusVuCi3HQOSEyppnoySU/iz/pIuxCETHI7vEw0GHMLOhHvwh5KhL2ievNm5g0mCC4mRbb\n tLx8Z6tgw+BrC40JZ+Oc8pN6CrB4r2EKQMnuHTm0noy/FRWtXdrzv5mCL8idHlLJ8Gub2K4hYQ6\n SSywsHKbIliibzXCulrYN33lA5FtiwtxKTuYxTkG1rZR+9KxEKCp5dr5HyE/A3Xkzu0GYtVjemI\n 5hK6rg+3UqT5qF8sacCP1dwMb6EBO6EyuNjIly0kOlTJbGgH1UKCqWK5gRP6FfbUw6eXVl5NWh3\n wAldD+VJlOoYoSBjiKGBjPjiCQmKh+r61YI1RFeaZJ74C4YZpSy+YjOXW8bJghaGFqZLSKrT7oj\n uiBgfazL+Sf3GQDtGyvcpu2zkheZPBdFkF2X33IBQxV2mIvAySMHU0EVzhOWtrnA9mcjTH","X-Received":"by 2002:a05:6000:290b:b0:43b:3d4f:e17a with SMTP id\n ffacd0b85a97d-43d292ebf23mr38967109f8f.37.1775750051736;\n Thu, 09 Apr 2026 08:54:11 -0700 (PDT)","From":"Bruno Sa <bruno.vilaca.sa@gmail.com>","To":"qemu-devel@nongnu.org","Cc":"qemu-riscv@nongnu.org, palmer@dabbelt.com, alistair.francis@wdc.com,\n liwei1518@gmail.com, dbarboza@ventanamicro.com,\n zhiwei_liu@linux.alibaba.com, Bruno Sa <bruno.vilaca.sa@gmail.com>","Subject":"[PATCH 2/2] target/riscv: fix RV32 stateen CSR handling","Date":"Thu,  9 Apr 2026 16:53:43 +0100","Message-ID":"<20260409155344.2849233-3-bruno.vilaca.sa@gmail.com>","X-Mailer":"git-send-email 2.43.0","In-Reply-To":"<20260409155344.2849233-1-bruno.vilaca.sa@gmail.com>","References":"<20260409155344.2849233-1-bruno.vilaca.sa@gmail.com>","MIME-Version":"1.0","Content-Transfer-Encoding":"8bit","Received-SPF":"pass client-ip=2a00:1450:4864:20::42f;\n envelope-from=bruno.vilaca.sa@gmail.com; helo=mail-wr1-x42f.google.com","X-Spam_score_int":"-20","X-Spam_score":"-2.1","X-Spam_bar":"--","X-Spam_report":"(-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,\n DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001,\n RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001,\n SPF_PASS=-0.001 autolearn=unavailable autolearn_force=no","X-Spam_action":"no action","X-Mailman-Approved-At":"Thu, 09 Apr 2026 13:26:29 -0400","X-BeenThere":"qemu-devel@nongnu.org","X-Mailman-Version":"2.1.29","Precedence":"list","List-Id":"qemu development <qemu-devel.nongnu.org>","List-Unsubscribe":"<https://lists.nongnu.org/mailman/options/qemu-devel>,\n <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>","List-Archive":"<https://lists.nongnu.org/archive/html/qemu-devel>","List-Post":"<mailto:qemu-devel@nongnu.org>","List-Help":"<mailto:qemu-devel-request@nongnu.org?subject=help>","List-Subscribe":"<https://lists.nongnu.org/mailman/listinfo/qemu-devel>,\n <mailto:qemu-devel-request@nongnu.org?subject=subscribe>","Errors-To":"qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org","Sender":"qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org"},"content":"The RV32 stateen CSRs are split between the low-half CSR and the\ncorresponding xH CSR, but the current implementation still handles some\nupper-half bits through the low-half write paths and also accepts the\nxH CSRs on RV64.\n\nFix this by:\n- rejecting mstateen*h and hstateen*h accesses on RV64\n- keeping the RV64-only writable bits in the low-half write paths\n- handling the RV32 upper-half writable bits in write_mstateen0h() and\n  write_hstateen0h()\n- dropping unsupported writable bits from write_sstateen0()\n\nSigned-off-by: Bruno Sa <bruno.vilaca.sa@gmail.com>\n---\n target/riscv/csr.c | 112 +++++++++++++++++++++++++++++++--------------\n 1 file changed, 77 insertions(+), 35 deletions(-)","diff":"diff --git a/target/riscv/csr.c b/target/riscv/csr.c\nindex d322bdbd47..015deca6dc 100644\n--- a/target/riscv/csr.c\n+++ b/target/riscv/csr.c\n@@ -497,6 +497,15 @@ static RISCVException mstateen(CPURISCVState *env, int csrno)\n     return any(env, csrno);\n }\n \n+static RISCVException mstateen_32(CPURISCVState *env, int csrno)\n+{\n+    if (riscv_cpu_mxl(env) != MXL_RV32) {\n+        return RISCV_EXCP_ILLEGAL_INST;\n+    }\n+\n+    return mstateen(env, csrno);\n+}\n+\n static RISCVException hstateen_pred(CPURISCVState *env, int csrno, int base)\n {\n     if (!riscv_cpu_cfg(env)->ext_smstateen) {\n@@ -528,6 +537,10 @@ static RISCVException hstateen(CPURISCVState *env, int csrno)\n \n static RISCVException hstateenh(CPURISCVState *env, int csrno)\n {\n+    if (riscv_cpu_mxl(env) != MXL_RV32) {\n+        return RISCV_EXCP_ILLEGAL_INST;\n+    }\n+\n     return hstateen_pred(env, csrno, CSR_HSTATEEN0H);\n }\n \n@@ -3403,25 +3416,27 @@ static RISCVException write_mstateen0(CPURISCVState *env, int csrno,\n         wr_mask |= SMSTATEEN0_FCSR;\n     }\n \n-    if (env->priv_ver >= PRIV_VERSION_1_13_0) {\n-        wr_mask |= SMSTATEEN0_P1P13;\n-    }\n+    if (riscv_cpu_mxl(env) == MXL_RV64) {\n+        if (env->priv_ver >= PRIV_VERSION_1_13_0) {\n+            wr_mask |= SMSTATEEN0_P1P13;\n+        }\n \n-    if (riscv_cpu_cfg(env)->ext_smaia || riscv_cpu_cfg(env)->ext_smcsrind) {\n-        wr_mask |= SMSTATEEN0_SVSLCT;\n-    }\n+        if (riscv_cpu_cfg(env)->ext_smaia || riscv_cpu_cfg(env)->ext_smcsrind) {\n+            wr_mask |= SMSTATEEN0_SVSLCT;\n+        }\n \n-    /*\n-     * As per the AIA specification, SMSTATEEN0_IMSIC is valid only if IMSIC is\n-     * implemented. However, that information is with MachineState and we can't\n-     * figure that out in csr.c. Just enable if Smaia is available.\n-     */\n-    if (riscv_cpu_cfg(env)->ext_smaia) {\n-        wr_mask |= (SMSTATEEN0_AIA | SMSTATEEN0_IMSIC);\n-    }\n+        /*\n+         * As per the AIA specification, SMSTATEEN0_IMSIC is valid only if IMSIC is\n+         * implemented. However, that information is with MachineState and we can't\n+         * figure that out in csr.c. Just enable if Smaia is available.\n+         */\n+        if (riscv_cpu_cfg(env)->ext_smaia) {\n+            wr_mask |= (SMSTATEEN0_AIA | SMSTATEEN0_IMSIC);\n+        }\n \n-    if (riscv_cpu_cfg(env)->ext_ssctr) {\n-        wr_mask |= SMSTATEEN0_CTR;\n+        if (riscv_cpu_cfg(env)->ext_ssctr) {\n+            wr_mask |= SMSTATEEN0_CTR;\n+        }\n     }\n \n     return write_mstateen(env, csrno, wr_mask, new_val);\n@@ -3463,6 +3478,19 @@ static RISCVException write_mstateen0h(CPURISCVState *env, int csrno,\n         wr_mask |= SMSTATEEN0_P1P13;\n     }\n \n+    if (riscv_cpu_cfg(env)->ext_smaia || riscv_cpu_cfg(env)->ext_smcsrind) {\n+        wr_mask |= SMSTATEEN0_SVSLCT;\n+    }\n+\n+    /*\n+     * As per the AIA specification, SMSTATEEN0_IMSIC is valid only if IMSIC is\n+     * implemented. However, that information is with MachineState and we can't\n+     * figure that out in csr.c. Just enable if Smaia is available.\n+     */\n+    if (riscv_cpu_cfg(env)->ext_smaia) {\n+        wr_mask |= (SMSTATEEN0_AIA | SMSTATEEN0_IMSIC);\n+    }\n+\n     if (riscv_cpu_cfg(env)->ext_ssctr) {\n         wr_mask |= SMSTATEEN0_CTR;\n     }\n@@ -3507,22 +3535,23 @@ static RISCVException write_hstateen0(CPURISCVState *env, int csrno,\n     if (!riscv_has_ext(env, RVF)) {\n         wr_mask |= SMSTATEEN0_FCSR;\n     }\n+    if (riscv_cpu_mxl(env) == MXL_RV64) {\n+        if (riscv_cpu_cfg(env)->ext_ssaia || riscv_cpu_cfg(env)->ext_sscsrind) {\n+            wr_mask |= SMSTATEEN0_SVSLCT;\n+        }\n \n-    if (riscv_cpu_cfg(env)->ext_ssaia || riscv_cpu_cfg(env)->ext_sscsrind) {\n-        wr_mask |= SMSTATEEN0_SVSLCT;\n-    }\n-\n-    /*\n-     * As per the AIA specification, SMSTATEEN0_IMSIC is valid only if IMSIC is\n-     * implemented. However, that information is with MachineState and we can't\n-     * figure that out in csr.c. Just enable if Ssaia is available.\n-     */\n-    if (riscv_cpu_cfg(env)->ext_ssaia) {\n-        wr_mask |= (SMSTATEEN0_AIA | SMSTATEEN0_IMSIC);\n-    }\n+        /*\n+         * As per the AIA specification, SMSTATEEN0_IMSIC is valid only if IMSIC is\n+         * implemented. However, that information is with MachineState and we can't\n+         * figure that out in csr.c. Just enable if Ssaia is available.\n+         */\n+        if (riscv_cpu_cfg(env)->ext_ssaia) {\n+            wr_mask |= (SMSTATEEN0_AIA | SMSTATEEN0_IMSIC);\n+        }\n \n-    if (riscv_cpu_cfg(env)->ext_ssctr) {\n-        wr_mask |= SMSTATEEN0_CTR;\n+        if (riscv_cpu_cfg(env)->ext_ssctr) {\n+            wr_mask |= SMSTATEEN0_CTR;\n+        }\n     }\n \n     return write_hstateen(env, csrno, wr_mask, new_val);\n@@ -3564,6 +3593,19 @@ static RISCVException write_hstateen0h(CPURISCVState *env, int csrno,\n {\n     uint64_t wr_mask = SMSTATEEN_STATEEN | SMSTATEEN0_HSENVCFG;\n \n+    if (riscv_cpu_cfg(env)->ext_ssaia || riscv_cpu_cfg(env)->ext_sscsrind) {\n+        wr_mask |= SMSTATEEN0_SVSLCT;\n+    }\n+\n+    /*\n+     * As per the AIA specification, SMSTATEEN0_IMSIC is valid only if IMSIC is\n+     * implemented. However, that information is with MachineState and we can't\n+     * figure that out in csr.c. Just enable if Ssaia is available.\n+     */\n+    if (riscv_cpu_cfg(env)->ext_ssaia) {\n+        wr_mask |= (SMSTATEEN0_AIA | SMSTATEEN0_IMSIC);\n+    }\n+\n     if (riscv_cpu_cfg(env)->ext_ssctr) {\n         wr_mask |= SMSTATEEN0_CTR;\n     }\n@@ -3613,7 +3655,7 @@ static RISCVException write_sstateen(CPURISCVState *env, int csrno,\n static RISCVException write_sstateen0(CPURISCVState *env, int csrno,\n                                       target_ulong new_val)\n {\n-    uint64_t wr_mask = SMSTATEEN_STATEEN | SMSTATEEN0_HSENVCFG;\n+    uint64_t wr_mask = 0;\n \n     if (!riscv_has_ext(env, RVF)) {\n         wr_mask |= SMSTATEEN0_FCSR;\n@@ -5861,25 +5903,25 @@ riscv_csr_operations csr_ops[CSR_TABLE_SIZE] = {\n     /* Smstateen extension CSRs */\n     [CSR_MSTATEEN0] = { \"mstateen0\", mstateen, read_mstateen, write_mstateen0,\n                         .min_priv_ver = PRIV_VERSION_1_12_0 },\n-    [CSR_MSTATEEN0H] = { \"mstateen0h\", mstateen, read_mstateenh,\n+    [CSR_MSTATEEN0H] = { \"mstateen0h\", mstateen_32, read_mstateenh,\n                           write_mstateen0h,\n                          .min_priv_ver = PRIV_VERSION_1_12_0 },\n     [CSR_MSTATEEN1] = { \"mstateen1\", mstateen, read_mstateen,\n                         write_mstateen_1_3,\n                         .min_priv_ver = PRIV_VERSION_1_12_0 },\n-    [CSR_MSTATEEN1H] = { \"mstateen1h\", mstateen, read_mstateenh,\n+    [CSR_MSTATEEN1H] = { \"mstateen1h\", mstateen_32, read_mstateenh,\n                          write_mstateenh_1_3,\n                          .min_priv_ver = PRIV_VERSION_1_12_0 },\n     [CSR_MSTATEEN2] = { \"mstateen2\", mstateen, read_mstateen,\n                         write_mstateen_1_3,\n                         .min_priv_ver = PRIV_VERSION_1_12_0 },\n-    [CSR_MSTATEEN2H] = { \"mstateen2h\", mstateen, read_mstateenh,\n+    [CSR_MSTATEEN2H] = { \"mstateen2h\", mstateen_32, read_mstateenh,\n                          write_mstateenh_1_3,\n                          .min_priv_ver = PRIV_VERSION_1_12_0 },\n     [CSR_MSTATEEN3] = { \"mstateen3\", mstateen, read_mstateen,\n                         write_mstateen_1_3,\n                         .min_priv_ver = PRIV_VERSION_1_12_0 },\n-    [CSR_MSTATEEN3H] = { \"mstateen3h\", mstateen, read_mstateenh,\n+    [CSR_MSTATEEN3H] = { \"mstateen3h\", mstateen_32, read_mstateenh,\n                          write_mstateenh_1_3,\n                          .min_priv_ver = PRIV_VERSION_1_12_0 },\n     [CSR_HSTATEEN0] = { \"hstateen0\", hstateen, read_hstateen, write_hstateen0,\n","prefixes":["2/2"]}