From nobody Tue Feb 10 16:22:36 2026
Delivered-To: importer@patchew.org
Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as
 permitted sender) client-ip=208.118.235.17;
 envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org;
 helo=lists.gnu.org;
Authentication-Results: mx.zohomail.com;
	dkim=fail;
	spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted
 sender)  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org
Return-Path: <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by
 mx.zohomail.com
	with SMTPS id 1521926353372637.5137470760045;
 Sat, 24 Mar 2018 14:19:13 -0700 (PDT)
Received: from localhost ([::1]:48536 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <qemu-devel-bounces+importer=patchew.org@nongnu.org>)
	id 1ezqZE-00064E-L8
	for importer@patchew.org; Sat, 24 Mar 2018 17:19:12 -0400
Received: from eggs.gnu.org ([2001:4830:134:3::10]:44725)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <mjc@sifive.com>) id 1ezqQH-0007Jl-Px
	for qemu-devel@nongnu.org; Sat, 24 Mar 2018 17:11:03 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <mjc@sifive.com>) id 1ezqP8-0002Mj-TP
	for qemu-devel@nongnu.org; Sat, 24 Mar 2018 17:09:52 -0400
Received: from mail-pl0-x243.google.com ([2607:f8b0:400e:c01::243]:40356)
	by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.71) (envelope-from <mjc@sifive.com>) id 1ezngd-0003pf-8r
	for qemu-devel@nongnu.org; Sat, 24 Mar 2018 14:14:39 -0400
Received: by mail-pl0-x243.google.com with SMTP id x4-v6so9373350pln.7
	for <qemu-devel@nongnu.org>; Sat, 24 Mar 2018 11:14:39 -0700 (PDT)
Received: from monty.com (h98.112.139.40.ip.windstream.net. [40.139.112.98])
	by smtp.gmail.com with ESMTPSA id
	k24sm22314646pff.77.2018.03.24.11.14.37
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
	Sat, 24 Mar 2018 11:14:37 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sifive.com; s=google;
	h=from:to:cc:subject:date:message-id:in-reply-to:references;
	bh=7K1AQqRknQ6XvTnoqG6GQuiKGJQrBtEunMMw+h6j6JM=;
	b=eMMqKrI4hc7rhhBM+8a98DxucRlCjqAAK3DTTGAK5g79jGqrY6bfe3rglDsHWONC5E
	LQHIwJANwzzuab9C93ULI7Lw2e+XMG64hRVX1RoWh5kOEEVZ6LD2ehEccksE1YPcEKj5
	A2oxTdCX37dZMqOlKf1o5tp2KBWGqKaCKCiMnxuNrxSZgOlamEsDTf0clR5+lEXxD+Qi
	/KbAiiYyjC4D9GUcss/QVuZKw4Ee+sT1zs2f3NIckhU76vJCCx2O/N7Ua8svL7NjOzH8
	iMCJsHZwvAnIdXa8GrEoHHWDgPd/jTJR6iKKzz3wtblKdPb4U7oPSz5v/cG2TYo7Wwrg
	Qh1g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
	:references;
	bh=7K1AQqRknQ6XvTnoqG6GQuiKGJQrBtEunMMw+h6j6JM=;
	b=jqLLaGnsDp/1jeniF8fPAAy0qGwqb20YoW9GtomvadDnp2QDcUKqeOdzlAEGx9yTx6
	/ALXpgPEZoPNWrBRqNIUJoID5jcvI1GNKQnnU164RDEMuo7j8w98YyeLXRohfgGFMaib
	QyTkstYlcECQLYHIpD/sZg5a6OQg9+LTveYDTg2Tn6suhNNdDhc4cFO8UCM2/wyzt2mm
	Z6g7cfk1O5gUZR86e3Rtl8Fklui9yOdHXlQduObQLiOrrr+tEPbBSlbrFH768H2ENb59
	xk/m7K8rOrm09XwnST1+JDQexEe6gKLnWEy9mTM4OZfvo9UlGhprCGc3eqbvR/sSNlZk
	Pf5w==
X-Gm-Message-State: AElRT7FTUyehNQoN8ba8o+M4loxHT7dRdzw93NUXxRAoH9QLadKetTL6
	AGn/NBqZbTZfp/45IURms8l7/EqNwgU=
X-Google-Smtp-Source: 
 AG47ELuToyjN5h/som2K6PTat3xQNWwquUHLXtRXB/jyn+nbRpwOx3oulfy1E8M1jTAEUiUXpK1bvw==
X-Received: by 2002:a17:902:7790:: with SMTP id
	o16-v6mr10131716pll.294.1521915278218;
	Sat, 24 Mar 2018 11:14:38 -0700 (PDT)
From: Michael Clark <mjc@sifive.com>
To: qemu-devel@nongnu.org
Date: Sat, 24 Mar 2018 11:13:40 -0700
Message-Id: <1521915220-65389-15-git-send-email-mjc@sifive.com>
X-Mailer: git-send-email 2.7.0
In-Reply-To: <1521915220-65389-1-git-send-email-mjc@sifive.com>
References: <1521915220-65389-1-git-send-email-mjc@sifive.com>
X-detected-operating-system: by eggs.gnu.org: Genre and OS details not
	recognized.
X-Received-From: 2607:f8b0:400e:c01::243
Subject: [Qemu-devel] [PATCH v6 26/26] RISC-V: Workaround for critical
 mstatus.FS MTTCG bug
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel/>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Cc: Peter Maydell <peter.maydell@linaro.org>,
	Sagar Karandikar <sagark@eecs.berkeley.edu>,
	Bastian Koppelmann <kbastian@mail.uni-paderborn.de>,
	Palmer Dabbelt <palmer@sifive.com>,
	"Richard W . M . Jones" <rjones@redhat.com>,
	Michael Clark <mjc@sifive.com>, patches@groups.riscv.org
Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org
Sender: "Qemu-devel" <qemu-devel-bounces+importer=patchew.org@nongnu.org>
X-ZohoMail-DKIM: fail (Header signature does not verify)
X-ZohoMail: RDKM_2  RSF_0  Z_629925259 SPT_0
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"

This change is a workaround for a bug where mstatus.FS
is not correctly reporting dirty when MTTCG and SMP are
enabled which results in the floating point register file
not being saved during context switches. This a critical
bug for RISC-V in QEMU as it results in floating point
register file corruption when running SMP Linux in the
RISC-V 'virt' machine.

This workaround will return dirty if mstatus.FS is
switched from off to initial or clean. We have checked
the specification and it is legal for an implementation
to return either off, or dirty, if set to initial or clean.

This workaround will result in unnecessary floating point
save restore. When mstatus.FS is off, floating point
instruction trap to indicate the process is using the FPU.
The OS can then save floating-point state of the previous
process using the FPU and set mstatus.FS to initial or
clean. With this workaround, mstatus.FS will always return
dirty if set to a non-zero value, indicating floating point
save restore is necessary, versus misreporting mstatus.FS
resulting in floating point register file corruption.

Cc: Palmer Dabbelt <palmer@sifive.com>
Cc: Sagar Karandikar <sagark@eecs.berkeley.edu>
Cc: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Cc: Richard W.M. Jones <rjones@redhat.com>
Cc: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Michael Clark <mjc@sifive.com>
Tested-by: Richard W.M. Jones <rjones@redhat.com>
---
 target/riscv/op_helper.c | 19 +++++++++++++++++--
 1 file changed, 17 insertions(+), 2 deletions(-)

diff --git a/target/riscv/op_helper.c b/target/riscv/op_helper.c
index 1fdde90..d345688 100644
--- a/target/riscv/op_helper.c
+++ b/target/riscv/op_helper.c
@@ -144,8 +144,23 @@ void csr_write_helper(CPURISCVState *env, target_ulong=
 val_to_write,
         }
=20
         mstatus =3D (mstatus & ~mask) | (val_to_write & mask);
-        int dirty =3D (mstatus & MSTATUS_FS) =3D=3D MSTATUS_FS;
-        dirty |=3D (mstatus & MSTATUS_XS) =3D=3D MSTATUS_XS;
+
+        /* Note: this is a workaround for an issue where mstatus.FS
+           does not report dirty when SMP and MTTCG is enabled. This
+           workaround is technically compliant with the RISC-V Privileged
+           specification as it is legal to return only off, or dirty,
+           however this may cause unnecessary saves of floating point stat=
e.
+           Without this workaround, floating point state is not saved and
+           restored coorectly when SMP and MTTCG is enabled, */
+        if (qemu_tcg_mttcg_enabled()) {
+            /* FP is always dirty or off */
+            if (mstatus & MSTATUS_FS) {
+                mstatus |=3D MSTATUS_FS;
+            }
+        }
+
+        int dirty =3D ((mstatus & MSTATUS_FS) =3D=3D MSTATUS_FS) |
+                    ((mstatus & MSTATUS_XS) =3D=3D MSTATUS_XS);
         mstatus =3D set_field(mstatus, MSTATUS_SD, dirty);
         env->mstatus =3D mstatus;
         break;
--=20
2.7.0