target/riscv: Add proper two-stage lookup exception detection

The current two-stage lookup detection in riscv_cpu_do_interrupt falls short of its purpose, as all it checks is whether two-stage address translation either via the hypervisor-load store instructions or the MPRV feature would be allowed. What we really need instead is whether two-stage address translation was active when the exception was raised. However, in riscv_cpu_do_interrupt we do not have the information to reliably detect this. Therefore, when we raise a memory fault exception we have to record whether two-stage address translation is active. Backports ec352d0cab58a7bf66019057d0dfcffd9e7785a8
2024-12-22 14:35:31 +00:00 · 2021-03-30 15:19:22 -04:00 · 2021-03-30 15:19:22 -04:00 · a1edab5abf
parent d18b402732
commit a1edab5abf
3 changed files with 11 additions and 13 deletions
--- a/qemu/target/riscv/cpu.c
+++ b/qemu/target/riscv/cpu.c
@ -313,6 +313,7 @@ static void riscv_cpu_reset(CPUState *cs)
    env->mstatus &= ~(MSTATUS_MIE | MSTATUS_MPRV);
    env->mcause = 0;
    env->pc = env->resetvec;
+    env->two_stage_lookup = false;
 #endif
    cs->exception_index = EXCP_NONE;
    env->load_res = -1;
--- a/qemu/target/riscv/cpu.h
+++ b/qemu/target/riscv/cpu.h
@ -226,6 +226,10 @@ struct CPURISCVState {
    target_ulong satp_hs;
    uint64_t mstatus_hs;

+    /* Signals whether the current exception occurred with two-stage address
+       translation active. */
+    bool two_stage_lookup;
+
    target_ulong scounteren;
    target_ulong mcounteren;

--- a/qemu/target/riscv/cpu_helper.c
+++ b/qemu/target/riscv/cpu_helper.c
@ -647,6 +647,7 @@ static void raise_mmu_exception(CPURISCVState *env, target_ulong address,
        g_assert_not_reached();
    }
    env->badaddr = address;
+    env->two_stage_lookup = two_stage;
 }

 hwaddr riscv_cpu_get_phys_page_debug(CPUState *cs, vaddr addr)
@ -708,6 +709,8 @@ void riscv_cpu_do_unaligned_access(CPUState *cs, vaddr addr,
        g_assert_not_reached();
    }
    env->badaddr = addr;
+    env->two_stage_lookup = riscv_cpu_virt_enabled(env) ||
+                            riscv_cpu_two_stage_lookup(mmu_idx);
    riscv_raise_exception(env, cs->exception_index, retaddr);
 }
 #endif
@ -944,16 +947,8 @@ void riscv_cpu_do_interrupt(CPUState *cs)
        /* handle the trap in S-mode */
        if (riscv_has_ext(env, RVH)) {
            target_ulong hdeleg = async ? env->hideleg : env->hedeleg;
-            bool two_stage_lookup = false;

-            if (env->priv == PRV_M ||
-                (env->priv == PRV_S && !riscv_cpu_virt_enabled(env)) ||
-                (env->priv == PRV_U && !riscv_cpu_virt_enabled(env) &&
-                    get_field(env->hstatus, HSTATUS_HU))) {
-                    two_stage_lookup = true;
-            }
-
-            if ((riscv_cpu_virt_enabled(env) || two_stage_lookup) && write_tval) {
+            if (env->two_stage_lookup && write_tval) {
                /*
                 * If we are writing a guest virtual address to stval, set
                 * this to 1. If we are trapping to VS we will set this to 0
@ -991,10 +986,7 @@ void riscv_cpu_do_interrupt(CPUState *cs)
                riscv_cpu_set_force_hs_excep(env, 0);
            } else {
                /* Trap into HS mode */
-                if (!two_stage_lookup) {
-                    env->hstatus = set_field(env->hstatus, HSTATUS_SPV,
-                                             riscv_cpu_virt_enabled(env));
-                }
+                env->hstatus = set_field(env->hstatus, HSTATUS_SPV, false);
                htval = env->guest_phys_fault_addr;
            }
        }
@ -1051,6 +1043,7 @@ void riscv_cpu_do_interrupt(CPUState *cs)
     * RISC-V ISA Specification.
     */

+    env->two_stage_lookup = false;
 #endif
    cs->exception_index = EXCP_NONE; /* mark handled to qemu */
 }