Commit 40540c8a92 for qemu.org
commit 40540c8a929f165420e775b41800262578e6712d
Author: Frank Chang <frank.chang@sifive.com>
Date: Tue Apr 21 17:37:13 2026 +0800
target/riscv: Fix pointer masking for virtual-machine load/store insns
The effective privilege of explicit memory accesses made by
virtual-machine load/store instructions (HLV.* and HSV.*) is controlled
by hstatus.SPVP. mstatus.MPRV does not affect these virtual-machine
load/store instructions.
Signed-off-by: Frank Chang <frank.chang@sifive.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-ID: <20260421093715.2995067-5-frank.chang@sifive.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
diff --git a/target/riscv/cpu_helper.c b/target/riscv/cpu_helper.c
index bab4153e53..2b3fea81d5 100644
--- a/target/riscv/cpu_helper.c
+++ b/target/riscv/cpu_helper.c
@@ -217,16 +217,23 @@ RISCVPmPmm riscv_pm_get_pmm(CPURISCVState *env)
RISCVPmPmm riscv_pm_get_virt_pmm(CPURISCVState *env)
{
#ifndef CONFIG_USER_ONLY
- int priv_mode = cpu_address_mode(env);
+ int priv_mode;
+
+ if (!riscv_cpu_cfg(env)->ext_ssnpm ||
+ get_field(env->mstatus, MSTATUS_MXR) ||
+ get_field(env->vsstatus, MSTATUS_MXR)) {
+ return PMM_FIELD_DISABLED;
+ }
+
+ priv_mode = get_field(env->hstatus, HSTATUS_SPVP);
- if (priv_mode == PRV_U) {
- return get_field(env->hstatus, HSTATUS_HUPMM);
+ if (priv_mode == PRV_S) {
+ /* Effective privilege mode: VS */
+ return get_field(env->henvcfg, HENVCFG_PMM);
} else {
- if (get_field(env->hstatus, HSTATUS_SPVP)) {
- return get_field(env->henvcfg, HENVCFG_PMM);
- } else {
- return get_field(env->senvcfg, SENVCFG_PMM);
- }
+ /* Effective privilege mode: VU */
+ return (env->priv == PRV_U) ? get_field(env->hstatus, HSTATUS_HUPMM) :
+ get_field(env->senvcfg, SENVCFG_PMM);
}
#else
return PMM_FIELD_DISABLED;