{"id":2221771,"url":"http://patchwork.ozlabs.org/api/patches/2221771/?format=json","web_url":"http://patchwork.ozlabs.org/project/qemu-devel/patch/20260410110928.1014170-1-bruno.vilaca.sa@gmail.com/","project":{"id":14,"url":"http://patchwork.ozlabs.org/api/projects/14/?format=json","name":"QEMU Development","link_name":"qemu-devel","list_id":"qemu-devel.nongnu.org","list_email":"qemu-devel@nongnu.org","web_url":"","scm_url":"","webscm_url":"","list_archive_url":"","list_archive_url_format":"","commit_url_format":""},"msgid":"<20260410110928.1014170-1-bruno.vilaca.sa@gmail.com>","list_archive_url":null,"date":"2026-04-10T11:08:42","name":"[v2] target/riscv: fix RV32 stateen CSR handling","commit_ref":null,"pull_url":null,"state":"new","archived":false,"hash":"8a70770cf9c670ae2b7e18ff3775bf329d2a7891","submitter":{"id":93104,"url":"http://patchwork.ozlabs.org/api/people/93104/?format=json","name":"Bruno Sa","email":"bruno.vilaca.sa@gmail.com"},"delegate":null,"mbox":"http://patchwork.ozlabs.org/project/qemu-devel/patch/20260410110928.1014170-1-bruno.vilaca.sa@gmail.com/mbox/","series":[{"id":499441,"url":"http://patchwork.ozlabs.org/api/series/499441/?format=json","web_url":"http://patchwork.ozlabs.org/project/qemu-devel/list/?series=499441","date":"2026-04-10T11:08:42","name":"[v2] target/riscv: fix RV32 stateen CSR handling","version":2,"mbox":"http://patchwork.ozlabs.org/series/499441/mbox/"}],"comments":"http://patchwork.ozlabs.org/api/patches/2221771/comments/","check":"pending","checks":"http://patchwork.ozlabs.org/api/patches/2221771/checks/","tags":{},"related":[],"headers":{"Return-Path":"","X-Original-To":"incoming@patchwork.ozlabs.org","Delivered-To":"patchwork-incoming@legolas.ozlabs.org","Authentication-Results":["legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256\n header.s=20251104 header.b=oG8uh/8O;\n\tdkim-atps=neutral","legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=nongnu.org\n (client-ip=209.51.188.17; helo=lists.gnu.org;\n envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org;\n receiver=patchwork.ozlabs.org)"],"Received":["from lists.gnu.org (lists1p.gnu.org [209.51.188.17])\n\t(using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits))\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4fsYxg33bFz1yGb\n\tfor ; Fri, 10 Apr 2026 21:10:29 +1000 (AEST)","from localhost ([::1] helo=lists1p.gnu.org)\n\tby lists.gnu.org with esmtp (Exim 4.90_1)\n\t(envelope-from )\n\tid 1wB9k3-00079W-8Y; Fri, 10 Apr 2026 07:09:39 -0400","from eggs.gnu.org ([2001:470:142:3::10])\n by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)\n (Exim 4.90_1) (envelope-from )\n id 1wB9k2-000797-0d\n for qemu-devel@nongnu.org; Fri, 10 Apr 2026 07:09:38 -0400","from mail-wm1-x335.google.com ([2a00:1450:4864:20::335])\n by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)\n (Exim 4.90_1) (envelope-from )\n id 1wB9k0-0003Tt-18\n for qemu-devel@nongnu.org; Fri, 10 Apr 2026 07:09:37 -0400","by mail-wm1-x335.google.com with SMTP id\n 5b1f17b1804b1-488a4bc360bso10696925e9.0\n for ; Fri, 10 Apr 2026 04:09:35 -0700 (PDT)","from ninolomata-AERO-15-KC.. (89-181-36-85.net.novis.pt.\n [89.181.36.85]) by smtp.gmail.com with ESMTPSA id\n 5b1f17b1804b1-488d5dc7070sm19311605e9.10.2026.04.10.04.09.32\n (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);\n Fri, 10 Apr 2026 04:09:33 -0700 (PDT)"],"DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=gmail.com; s=20251104; t=1775819374; x=1776424174; darn=nongnu.org;\n h=content-transfer-encoding:mime-version:references:in-reply-to\n :message-id:date:subject:cc:to:from:from:to:cc:subject:date\n :message-id:reply-to;\n bh=wL2RjIiakxvUiKqLallUtvD80SyqMUagJMAW4JWo6rY=;\n b=oG8uh/8O41McF7zJS5zlKIGuxIvm8Hr5gM41BQWyLqgE2cfPXDHTCBv4iFv/mmWSZ1\n Fr1o/adNHC6U+++fEaK0reZmsefDLR+edZ59ZEcCVbxQOBuB4C7iRfoEjKf9guGXGj3e\n m1pC4b1dexAMlOPGfls1O/y9UL3qRY8Hp1lE5KKbNV/EoN44ZsSv3/MFWZsaN50y9cKL\n l15dZ/Mb8drtWWsrikwLeclzlCnvVyAsmzdHH1lwzsQq+YUksMlhfVa5KXj1lYdLeLWD\n c9t5rXragZM7M8stZECCUjyRkD4fRLHUOYcVyC2EW+HQDeKT1ttzNcOPHHXw27H+XoL9\n J5JQ==","X-Google-DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=1e100.net; s=20251104; t=1775819374; x=1776424174;\n h=content-transfer-encoding:mime-version:references:in-reply-to\n :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from\n :to:cc:subject:date:message-id:reply-to;\n bh=wL2RjIiakxvUiKqLallUtvD80SyqMUagJMAW4JWo6rY=;\n b=BdHDzQkUFyTk8ZXbkig2Y9tSjPECWHEQhFGGxD6BMhMLT9ziAEZTX0pkZSB6ndj9OV\n hOGj0395IqnZsoAIa6tVSiifrCEdYI9pOehwhGdDq9oEruzOMsUtTrwQDWuwx7x+13Gu\n PBCHB02xbRg/hULN/kp9HUoAaOsQKgY6QYCy0DMT5SAzknwXid2qmtQoritmoZf8VaYH\n 3PV1o3jsy/9pRdZIx6qjXZKin+w+HGuHtwk+xMCmPuv6jMCzba9cQDHkuOCmxPkiI6UI\n ePZgejcxVi+pRaCgIiklG/lsoXHBSNoSi23SyusyQ0XxeJMHzAecLc0eTYNTLTPdFv3x\n 7aAA==","X-Gm-Message-State":"AOJu0YxhjVawLmtFic7hfX23rFunaQWqHVHnJZrqfJxU9R1ABqxhL4cs\n JfYHQm/t32pmj47xju19zSMlrfBWWduPPWok0IUdr3YWyxOU6xseNt9zfV66Gl/h","X-Gm-Gg":"AeBDievC7RZmsyvPXF08qAVe/XToBJZb16HO4xQ02K7w4aZirfadBl9JhXySwWIGfWG\n 7A7uEl4THBlaCPP66qieL7dRSL/3h64oT+a+I1Ea6BFteB3Ye2xF+yduRaBTQzn7VvzJ1EFAzPc\n mDp3T6EJIck6z0qMdFGSf9aQSpRww6wPsgIQMQXgo+joLgPsatDZcIJle5/cxK5s6G6Yh0OcNLr\n NpWMAglKRBs7xzKvds1fMrbbmGSEhOM4pxmn2rnDdLX3V37eVfCG+busCWU78HNgtM10NFUW/FV\n W8xFzwFTqDN0nIPMaD4oyCTD2gGlN0iUCwaHiuPVi6ckE1pbqVKZJLtItXVloxCLoR/hYf33x++\n avbyV1kzBQ8H+umwasshBjPm0pMv5P67SeOvwiaRR5Xprjs4MVOt0FSoqxBPo4ALAkn1P01xmX5\n v7GijperKH+yRn1FsBWv4HEBeOBh5w2KfPl7kQZulgH/VQsfXWPh57y26iyEk98s3AnarQ","X-Received":"by 2002:a05:600c:a105:b0:485:3af5:7e53 with SMTP id\n 5b1f17b1804b1-488d6839821mr23465265e9.19.1775819373838;\n Fri, 10 Apr 2026 04:09:33 -0700 (PDT)","From":"Bruno Sa ","To":"qemu-devel@nongnu.org","Cc":"qemu-riscv@nongnu.org, palmer@dabbelt.com, alistair.francis@wdc.com,\n liwei1518@gmail.com, dbarboza@ventanamicro.com,\n zhiwei_liu@linux.alibaba.com, Bruno Sa ","Subject":"[PATCH v2] target/riscv: fix RV32 stateen CSR handling","Date":"Fri, 10 Apr 2026 12:08:42 +0100","Message-ID":"<20260410110928.1014170-1-bruno.vilaca.sa@gmail.com>","X-Mailer":"git-send-email 2.43.0","In-Reply-To":"<20260409155344.2849233-1-bruno.vilaca.sa@gmail.com>","References":"<20260409155344.2849233-1-bruno.vilaca.sa@gmail.com>","MIME-Version":"1.0","Content-Transfer-Encoding":"8bit","Received-SPF":"pass client-ip=2a00:1450:4864:20::335;\n envelope-from=bruno.vilaca.sa@gmail.com; helo=mail-wm1-x335.google.com","X-Spam_score_int":"-20","X-Spam_score":"-2.1","X-Spam_bar":"--","X-Spam_report":"(-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,\n DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001,\n RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001,\n SPF_PASS=-0.001 autolearn=ham autolearn_force=no","X-Spam_action":"no action","X-BeenThere":"qemu-devel@nongnu.org","X-Mailman-Version":"2.1.29","Precedence":"list","List-Id":"qemu development ","List-Unsubscribe":",\n ","List-Archive":"","List-Post":"","List-Help":"","List-Subscribe":",\n ","Errors-To":"qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org","Sender":"qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org"},"content":"The RV32 stateen CSRs are split between the low-half CSR and the\ncorresponding xH CSR, but the current implementation still handles some\nupper-half bits through the low-half write paths and also accepts the\nxH CSRs on RV64.\n\nFix this by:\n- rejecting mstateen*h and hstateen*h accesses on RV64\n- keeping the RV64-only writable bits in the low-half write paths\n- handling the RV32 upper-half writable bits in write_mstateen0h() and\n write_hstateen0h()\n- dropping unsupported writable bits from write_sstateen0()\n\nSigned-off-by: Bruno Sa \n---\nv2:\n- rebase on riscv-to-apply.next\n- resend only patch 2 after patch 1 was applied\n- wrap the AIA comment text to keep checkpatch clean\n\n target/riscv/csr.c | 117 ++++++++++++++++++++++++++++++++-------------\n 1 file changed, 83 insertions(+), 34 deletions(-)","diff":"diff --git a/target/riscv/csr.c b/target/riscv/csr.c\nindex cfd076b368..80727aa81e 100644\n--- a/target/riscv/csr.c\n+++ b/target/riscv/csr.c\n@@ -502,6 +502,15 @@ static RISCVException mstateen(CPURISCVState *env, int csrno)\n return any(env, csrno);\n }\n \n+static RISCVException mstateen_32(CPURISCVState *env, int csrno)\n+{\n+ if (riscv_cpu_mxl(env) != MXL_RV32) {\n+ return RISCV_EXCP_ILLEGAL_INST;\n+ }\n+\n+ return mstateen(env, csrno);\n+}\n+\n static RISCVException hstateen_pred(CPURISCVState *env, int csrno, int base)\n {\n if (!riscv_cpu_cfg(env)->ext_smstateen) {\n@@ -533,6 +542,10 @@ static RISCVException hstateen(CPURISCVState *env, int csrno)\n \n static RISCVException hstateenh(CPURISCVState *env, int csrno)\n {\n+ if (riscv_cpu_mxl(env) != MXL_RV32) {\n+ return RISCV_EXCP_ILLEGAL_INST;\n+ }\n+\n return hstateen_pred(env, csrno, CSR_HSTATEEN0H);\n }\n \n@@ -3447,25 +3460,29 @@ static RISCVException write_mstateen0(CPURISCVState *env, int csrno,\n wr_mask |= SMSTATEEN0_FCSR;\n }\n \n- if (env->priv_ver >= PRIV_VERSION_1_13_0) {\n- wr_mask |= SMSTATEEN0_P1P13;\n- }\n+ if (riscv_cpu_mxl(env) == MXL_RV64) {\n+ if (env->priv_ver >= PRIV_VERSION_1_13_0) {\n+ wr_mask |= SMSTATEEN0_P1P13;\n+ }\n \n- if (riscv_cpu_cfg(env)->ext_smaia || riscv_cpu_cfg(env)->ext_smcsrind) {\n- wr_mask |= SMSTATEEN0_SVSLCT;\n- }\n+ if (riscv_cpu_cfg(env)->ext_smaia ||\n+ riscv_cpu_cfg(env)->ext_smcsrind) {\n+ wr_mask |= SMSTATEEN0_SVSLCT;\n+ }\n \n- /*\n- * As per the AIA specification, SMSTATEEN0_IMSIC is valid only if IMSIC is\n- * implemented. However, that information is with MachineState and we can't\n- * figure that out in csr.c. Just enable if Smaia is available.\n- */\n- if (riscv_cpu_cfg(env)->ext_smaia) {\n- wr_mask |= (SMSTATEEN0_AIA | SMSTATEEN0_IMSIC);\n- }\n+ /*\n+ * As per the AIA specification, SMSTATEEN0_IMSIC is valid\n+ * only if IMSIC is implemented. However, that information is\n+ * with MachineState and we can't figure that out in csr.c.\n+ * Just enable if Smaia is available.\n+ */\n+ if (riscv_cpu_cfg(env)->ext_smaia) {\n+ wr_mask |= (SMSTATEEN0_AIA | SMSTATEEN0_IMSIC);\n+ }\n \n- if (riscv_cpu_cfg(env)->ext_ssctr) {\n- wr_mask |= SMSTATEEN0_CTR;\n+ if (riscv_cpu_cfg(env)->ext_ssctr) {\n+ wr_mask |= SMSTATEEN0_CTR;\n+ }\n }\n \n return write_mstateen(env, csrno, wr_mask, new_val);\n@@ -3507,6 +3524,20 @@ static RISCVException write_mstateen0h(CPURISCVState *env, int csrno,\n wr_mask |= SMSTATEEN0_P1P13;\n }\n \n+ if (riscv_cpu_cfg(env)->ext_smaia || riscv_cpu_cfg(env)->ext_smcsrind) {\n+ wr_mask |= SMSTATEEN0_SVSLCT;\n+ }\n+\n+ /*\n+ * As per the AIA specification, SMSTATEEN0_IMSIC is valid only if\n+ * IMSIC is implemented. However, that information is with\n+ * MachineState and we can't figure that out in csr.c. Just enable\n+ * if Smaia is available.\n+ */\n+ if (riscv_cpu_cfg(env)->ext_smaia) {\n+ wr_mask |= (SMSTATEEN0_AIA | SMSTATEEN0_IMSIC);\n+ }\n+\n if (riscv_cpu_cfg(env)->ext_ssctr) {\n wr_mask |= SMSTATEEN0_CTR;\n }\n@@ -3552,21 +3583,25 @@ static RISCVException write_hstateen0(CPURISCVState *env, int csrno,\n wr_mask |= SMSTATEEN0_FCSR;\n }\n \n- if (riscv_cpu_cfg(env)->ext_ssaia || riscv_cpu_cfg(env)->ext_sscsrind) {\n- wr_mask |= SMSTATEEN0_SVSLCT;\n- }\n+ if (riscv_cpu_mxl(env) == MXL_RV64) {\n+ if (riscv_cpu_cfg(env)->ext_ssaia ||\n+ riscv_cpu_cfg(env)->ext_sscsrind) {\n+ wr_mask |= SMSTATEEN0_SVSLCT;\n+ }\n \n- /*\n- * As per the AIA specification, SMSTATEEN0_IMSIC is valid only if IMSIC is\n- * implemented. However, that information is with MachineState and we can't\n- * figure that out in csr.c. Just enable if Ssaia is available.\n- */\n- if (riscv_cpu_cfg(env)->ext_ssaia) {\n- wr_mask |= (SMSTATEEN0_AIA | SMSTATEEN0_IMSIC);\n- }\n+ /*\n+ * As per the AIA specification, SMSTATEEN0_IMSIC is valid\n+ * only if IMSIC is implemented. However, that information is\n+ * with MachineState and we can't figure that out in csr.c.\n+ * Just enable if Ssaia is available.\n+ */\n+ if (riscv_cpu_cfg(env)->ext_ssaia) {\n+ wr_mask |= (SMSTATEEN0_AIA | SMSTATEEN0_IMSIC);\n+ }\n \n- if (riscv_cpu_cfg(env)->ext_ssctr) {\n- wr_mask |= SMSTATEEN0_CTR;\n+ if (riscv_cpu_cfg(env)->ext_ssctr) {\n+ wr_mask |= SMSTATEEN0_CTR;\n+ }\n }\n \n return write_hstateen(env, csrno, wr_mask, new_val);\n@@ -3608,6 +3643,20 @@ static RISCVException write_hstateen0h(CPURISCVState *env, int csrno,\n {\n uint64_t wr_mask = SMSTATEEN_STATEEN | SMSTATEEN0_HSENVCFG;\n \n+ if (riscv_cpu_cfg(env)->ext_ssaia || riscv_cpu_cfg(env)->ext_sscsrind) {\n+ wr_mask |= SMSTATEEN0_SVSLCT;\n+ }\n+\n+ /*\n+ * As per the AIA specification, SMSTATEEN0_IMSIC is valid only if\n+ * IMSIC is implemented. However, that information is with\n+ * MachineState and we can't figure that out in csr.c. Just enable\n+ * if Ssaia is available.\n+ */\n+ if (riscv_cpu_cfg(env)->ext_ssaia) {\n+ wr_mask |= (SMSTATEEN0_AIA | SMSTATEEN0_IMSIC);\n+ }\n+\n if (riscv_cpu_cfg(env)->ext_ssctr) {\n wr_mask |= SMSTATEEN0_CTR;\n }\n@@ -3657,7 +3706,7 @@ static RISCVException write_sstateen(CPURISCVState *env, int csrno,\n static RISCVException write_sstateen0(CPURISCVState *env, int csrno,\n target_ulong new_val, uintptr_t ra)\n {\n- uint64_t wr_mask = SMSTATEEN_STATEEN | SMSTATEEN0_HSENVCFG;\n+ uint64_t wr_mask = 0;\n \n if (!riscv_has_ext(env, RVF)) {\n wr_mask |= SMSTATEEN0_FCSR;\n@@ -5937,25 +5986,25 @@ riscv_csr_operations csr_ops[CSR_TABLE_SIZE] = {\n /* Smstateen extension CSRs */\n [CSR_MSTATEEN0] = { \"mstateen0\", mstateen, read_mstateen, write_mstateen0,\n .min_priv_ver = PRIV_VERSION_1_12_0 },\n- [CSR_MSTATEEN0H] = { \"mstateen0h\", mstateen, read_mstateenh,\n+ [CSR_MSTATEEN0H] = { \"mstateen0h\", mstateen_32, read_mstateenh,\n write_mstateen0h,\n .min_priv_ver = PRIV_VERSION_1_12_0 },\n [CSR_MSTATEEN1] = { \"mstateen1\", mstateen, read_mstateen,\n write_mstateen_1_3,\n .min_priv_ver = PRIV_VERSION_1_12_0 },\n- [CSR_MSTATEEN1H] = { \"mstateen1h\", mstateen, read_mstateenh,\n+ [CSR_MSTATEEN1H] = { \"mstateen1h\", mstateen_32, read_mstateenh,\n write_mstateenh_1_3,\n .min_priv_ver = PRIV_VERSION_1_12_0 },\n [CSR_MSTATEEN2] = { \"mstateen2\", mstateen, read_mstateen,\n write_mstateen_1_3,\n .min_priv_ver = PRIV_VERSION_1_12_0 },\n- [CSR_MSTATEEN2H] = { \"mstateen2h\", mstateen, read_mstateenh,\n+ [CSR_MSTATEEN2H] = { \"mstateen2h\", mstateen_32, read_mstateenh,\n write_mstateenh_1_3,\n .min_priv_ver = PRIV_VERSION_1_12_0 },\n [CSR_MSTATEEN3] = { \"mstateen3\", mstateen, read_mstateen,\n write_mstateen_1_3,\n .min_priv_ver = PRIV_VERSION_1_12_0 },\n- [CSR_MSTATEEN3H] = { \"mstateen3h\", mstateen, read_mstateenh,\n+ [CSR_MSTATEEN3H] = { \"mstateen3h\", mstateen_32, read_mstateenh,\n write_mstateenh_1_3,\n .min_priv_ver = PRIV_VERSION_1_12_0 },\n [CSR_HSTATEEN0] = { \"hstateen0\", hstateen, read_hstateen, write_hstateen0,\n","prefixes":["v2"]}