Commit 9f550a0b63 for qemu.org

commit 9f550a0b630672f4831d9115e66d208ed71cf252
Author: Abhigyan Kumar <314abh@gmail.com>
Date:   Sat May 30 15:51:00 2026 +0530

    target/riscv: mask vxrm csrw write to the low 2 bits

    Citing the RISC-V specification:

        "The vector fixed-point rounding-mode register holds a two-bit
        read-write rounding-mode field in the least-significant bits
        (vxrm[1:0]). The upper bits, vxrm[XLEN-1:2], should be written as
        zeros."

    QEMU wrote full value into env->vxrm causing read of upper bits too.
    Used existing macros for bit-masking. Previous had a hard-coded value.

    Resolves: https://gitlab.com/qemu-project/qemu/-/work_items/3470
    Signed-off-by: Abhigyan Kumar <314abh@gmail.com>
    Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
    Reviewed-by: Daniel Henrique Barboza <daniel.barboza@oss.qualcomm.com>
    Message-ID: <20260530102100.78150-1-314abh@gmail.com>
    Signed-off-by: Alistair Francis <alistair.francis@wdc.com>

diff --git a/target/riscv/csr.c b/target/riscv/csr.c
index 19d5a55b54..ec931a8c3d 100644
--- a/target/riscv/csr.c
+++ b/target/riscv/csr.c
@@ -989,7 +989,7 @@ static RISCVException write_vxrm(CPURISCVState *env, int csrno,
 #if !defined(CONFIG_USER_ONLY)
     env->mstatus |= MSTATUS_VS;
 #endif
-    env->vxrm = val;
+    env->vxrm = val & (VCSR_VXRM >> VCSR_VXRM_SHIFT);
     return RISCV_EXCP_NONE;
 }