Add a FORCE_HS_EXCEP mode to the RISC-V virtulisation status. This bit
specifies if an exeption should be taken to HS mode no matter the
current delegation status. This is used when an exeption must be taken
to HS mode, such as when handling interrupts.
Backports commit c7b1bbc80fc2af17395d3986c346fd2307e57829 from qemu
Add the Hypervisor CSRs to CPUState and at the same time (to avoid
bisect issues) update the CSR macros for the v0.5 Hyp spec.
Backports commit bd023ce33b85d73791b7bc78fd04a8115c60995e from qemu
The MIP CSR is a xlen CSR, it was only 32-bits to allow atomic access.
Now that we don't use atomics for MIP we can change this back to a xlen
CSR.
Backports commit 028616130d5f0abc8a3b96f28963da51a875024b from qemu
When executing an xRET instruction, supposing xPP holds the
value y, xIE is set to xPIE; the privilege mode is changed to y;
xPIE is set to 1. But QEMU sets xPIE to 0 incorrectly.
Backports commit a37f21c27d3e2342c2080aafd4cfe7e949612428 from qemu
Preparation for collapsing the two byte swaps, adjust_endianness and
handle_bswap, along the I/O path.
Target dependant attributes are conditionalized upon NEED_CPU_H.
Backports commit 14776ab5a12972ea439c7fb2203a4c15a09094b4 from qemu
We should avoid including the whole of softfloat headers in cpu.h and
explicitly include it only where we will be calling softfloat
functions. We can use the -types.h and -helpers.h in cpu.h for the few
bits that are global.
Backports commit 135b03cb9defbd080b8834b30e3d45bed00c6137 from qemu
This prevents a load reservation from being placed in one context/process,
then being used in another, resulting in an SC succeeding incorrectly and
breaking atomics.
Backports commit c13b169f1a3dd158d6c75727cdc388f95988db39 from qemu
The various CSR instructions have been split out of the base ISA as part
of the ratification process. This patch adds a Zicsr argument, which
disables all the CSR instructions.
Backports commit 591bddea8d874e1500921de0353818e5586618f5 from qemu
fence.i has been split out of the base ISA as part of the ratification
process. This patch adds a Zifencei argument, which disables the
fence.i instruction.
Backports commit 50fba816cd226001bec3e495c39879deb2fa5432 from qemu
Set the priv spec version 1.11.0 as the default and allow selecting it
via the command line.
Backports commit e3147506b02edcdd7c14ebb41a10fcc3027dcc5c from qemu
1.11 defines mcountinhibit, which has the same numeric CSR value as
mucounteren from 1.09.1 but has different semantics. This patch enables
the CSR for 1.11-based targets, which is trivial to implement because
the counters in QEMU never tick (legal according to the spec).
Backports commit 747a43e818dc36bd50ef98c2b11a7c31ceb810fa from qemu
Restructure the deprecated CPUs to make it clear in the code that these
are depreated. They are already marked as deprecated in
qemu-deprecated.texi. There are no functional changes.
Backports commit c1fb65e63cfca4506a14b084afd0eca2dc464fe8 from qemu
The current implementation returns 1 (PMP check success) if the address is in
range even if the PMP entry is off. This is a bug.
For example, if there is a PMP check in S-Mode which is in range, but its PMP
entry is off, this will succeed, which it should not.
The patch fixes this bug by only checking the PMP permissions if the address is
in range and its corresponding PMP entry it not off. Otherwise, it will keep
the ret = -1 which will be checked and handled correctly at the end of the
function.
Backports commit f8162068f18f2f264a0355938784f54089234211 from qemu
The PMP should be checked when doing a page table walk, and report access
fault exception if the to-be-read PTE failed the PMP check.
Backports commit 1f447aec787bfbbd078afccae44fc4c92acb4fed from qemu
The current PMP check function checks for env->priv which is not the effective
memory privilege mode.
For example, mstatus.MPRV could be set while executing in M-Mode, and in that
case the privilege mode for the PMP check should be S-Mode rather than M-Mode
(in env->priv) if mstatus.MPP == PRV_S.
This patch passes the effective memory privilege mode to the PMP check.
Functions that call the PMP check should pass the correct memory privilege mode
after reading mstatus' MPRV/MPP or hstatus.SPRV (if Hypervisor mode exists).
Backports commit cc0fdb298517ce56c770803447f8b02a90271152 from qemu
Section 3.6 in RISC-V v1.10 privilege specification states that PMP violations
report "access exceptions." The current PMP implementation has
a bug which wrongly reports "page exceptions" on PMP violations.
This patch fixes this bug by reporting the correct PMP access exceptions
trap values.
Backports commit 635b0b0ea39a13d1a3df932452e5728aebbb3f6e from qemu
The current implementation unnecessarily checks for PMP even if MMU translation
failed. This may trigger a wrong PMP access exception instead of
a page exception.
For example, the very first instruction fetched after the first satp write in
S-Mode will trigger a PMP access fault instead of an instruction fetch page
fault.
This patch prioritises MMU exceptions over PMP exceptions and only checks for
PMP if MMU translation succeeds. This patch is required for future commits
that properly report PMP exception violations if PTW succeeds.
Backports commit e0f8fa72deba7ac7a7ae06ba25e6498aaad93ace from qemu
This patch adds support for the riscv_cpu_unassigned_access call
and will raise a load or store access fault.
Backports commit cbf5827693addaff4e4d2102afedbf078a204eb2 from qemu
A wrong address is passed to `pmp_is_in_range` while checking if a
memory access is within a PMP range.
Since the ending address of the pmp range (i.e., pmp_state.addr[i].ea)
is set to the last address in the range (i.e., pmp base + pmp size - 1),
memory accesses containg the last address in the range will always fail.
For example, assume that a PMP range is 4KB from 0x87654000 such that
the last address within the range is 0x87654fff.
1-byte access to 0x87654fff should be considered to be fully inside the
PMP range.
However the access now fails and complains partial inclusion because
pmp_is_in_range(env, i, addr + size) returns 0 whereas
pmp_is_in_range(env, i, addr) returns 1.
Backports commit 49db9fa1fd7c252596b53cf80876e06f407d09ed from qemu
Nothing in there so far, but all of the plumbing done
within the target ArchCPU state.
Backports commit 5b146dc716cfd247f99556c04e6e46fbd67565a0 from qemu
Now that we have ArchCPU, we can define this generically,
in the one place that needs it.
Backports commit 677c4d69ac21961e76a386f9bfc892a44923acc0 from qemu
Cleanup in the boilerplate that each target must define.
Replace riscv_env_get_cpu with env_archcpu. The combination
CPU(riscv_env_get_cpu) should have used ENV_GET_CPU to begin;
use env_cpu now.
Backports commit 3109cd98a6c0c618189b38a83a8aa29cb20acbce from qemu
Now that we have both ArchCPU and CPUArchState, we can define
this generically instead of via macro in each target's cpu.h.
Backports commit 29a0af618ddd21f55df5753c3e16b0625f534b3c from qemu
For all targets, into this new file move TARGET_LONG_BITS,
TARGET_PAGE_BITS, TARGET_PHYS_ADDR_SPACE_BITS,
TARGET_VIRT_ADDR_SPACE_BITS, and NB_MMU_MODES.
Include this new file from exec/cpu-defs.h.
This now removes the somewhat odd requirement that target/arch/cpu.h
defines TARGET_LONG_BITS before including exec/cpu-defs.h, so push the
bulk of the includes within target/arch/cpu.h to the top.
Backports commit 74433bf083b0766aba81534f92de13194f23ff3e from qemu
According to the spec, "All bits besides SSIP, USIP, and UEIP in the sip
register are read-only." Further, if an interrupt is not delegated to mode x,
then "the corresponding bits in xip [...] should appear to be hardwired to
zero. This patch implements both of those requirements.
Backports commit 087b051a51a0c2a5bc1e8d435a484a8896b4176b from qemu
C.ADDI16SP, C.LWSP, C.JR, C.ADDIW, C.LDSP all have reserved
operands that were not diagnosed.
Backports commit 4cc16b3b9282e04fab8e84d136540757e82af019 from qemu