From: Frank Chang <frank.chang@sifive.com>

When running with virtualization in VS/VU mode, or when executing the
virtual-machine load/store instructions (HLV.* and HSV.*), the type of
address that determines which pointer masking rules apply should be
checked against vsatp rather than satp.

As a result, sign extension also applies to the virtual-machine
load/store instructions.

Signed-off-by: Frank Chang <frank.chang@sifive.com>
---
 target/riscv/cpu.h         |  2 +-
 target/riscv/cpu_helper.c  | 19 +++++++++++++++----
 target/riscv/internals.h   |  4 +---
 target/riscv/tcg/tcg-cpu.c |  4 ++--
 4 files changed, 19 insertions(+), 10 deletions(-)

diff --git a/target/riscv/cpu.h b/target/riscv/cpu.h
index 9ba01b9f90a..c98f95179cc 100644
--- a/target/riscv/cpu.h
+++ b/target/riscv/cpu.h
@@ -845,7 +845,7 @@ static inline uint32_t vext_get_vlmax(uint32_t vlenb, uint32_t vsew,
 
 bool riscv_cpu_is_32bit(RISCVCPU *cpu);
 
-bool riscv_cpu_virt_mem_enabled(CPURISCVState *env);
+bool riscv_cpu_virt_mem_enabled(CPURISCVState *env, bool is_vm_ldst);
 RISCVPmPmm riscv_pm_get_pmm(CPURISCVState *env);
 RISCVPmPmm riscv_pm_get_vm_ldst_pmm(CPURISCVState *env);
 uint32_t riscv_pm_get_pmlen(RISCVPmPmm pmm);
diff --git a/target/riscv/cpu_helper.c b/target/riscv/cpu_helper.c
index 958b05aaa32..54ff2881831 100644
--- a/target/riscv/cpu_helper.c
+++ b/target/riscv/cpu_helper.c
@@ -286,16 +286,27 @@ RISCVPmPmm riscv_pm_get_vm_ldst_pmm(CPURISCVState *env)
 #endif
 }
 
-bool riscv_cpu_virt_mem_enabled(CPURISCVState *env)
+bool riscv_cpu_virt_mem_enabled(CPURISCVState *env, bool is_vm_ldst)
 {
 #ifndef CONFIG_USER_ONLY
     int satp_mode = 0;
-    int priv_mode = cpu_address_mode(env);
+    uint64_t satp;
+    int priv_mode;
+    bool virt = false;
+
+    if (!is_vm_ldst) {
+        riscv_cpu_eff_priv(env, &priv_mode, &virt);
+    } else {
+        priv_mode = get_field(env->hstatus, HSTATUS_SPVP);
+        virt = true;
+    }
+
+    satp = virt ? env->vsatp : env->satp;
 
     if (riscv_cpu_mxl(env) == MXL_RV32) {
-        satp_mode = get_field(env->satp, SATP32_MODE);
+        satp_mode = get_field(satp, SATP32_MODE);
     } else {
-        satp_mode = get_field(env->satp, SATP64_MODE);
+        satp_mode = get_field(satp, SATP64_MODE);
     }
 
     return ((satp_mode != VM_1_10_MBARE) && (priv_mode != PRV_M));
diff --git a/target/riscv/internals.h b/target/riscv/internals.h
index b17b661e2a8..38d438fbf93 100644
--- a/target/riscv/internals.h
+++ b/target/riscv/internals.h
@@ -200,9 +200,7 @@ static inline target_ulong adjust_addr_body(CPURISCVState *env,
         return addr;
     }
 
-    if (!is_virt_addr) {
-        signext = riscv_cpu_virt_mem_enabled(env);
-    }
+    signext = riscv_cpu_virt_mem_enabled(env, is_virt_addr);
     pmlen = riscv_pm_get_pmlen(pmm);
     addr = addr << pmlen;
 
diff --git a/target/riscv/tcg/tcg-cpu.c b/target/riscv/tcg/tcg-cpu.c
index 440626ddfad..2b4bcefa0c9 100644
--- a/target/riscv/tcg/tcg-cpu.c
+++ b/target/riscv/tcg/tcg-cpu.c
@@ -104,7 +104,7 @@ static TCGTBCPUState riscv_get_tb_cpu_state(CPUState *cs)
     RISCVCPU *cpu = env_archcpu(env);
     RISCVExtStatus fs, vs;
     uint32_t flags = 0;
-    bool pm_signext = riscv_cpu_virt_mem_enabled(env);
+    bool pm_signext = riscv_cpu_virt_mem_enabled(env, false);
 
     if (cpu->cfg.ext_zve32x) {
         /*
@@ -255,7 +255,7 @@ static vaddr riscv_pointer_wrap(CPUState *cs, int mmu_idx,
         return result;
     }
 
-    pm_signext = riscv_cpu_virt_mem_enabled(env);
+    pm_signext = riscv_cpu_virt_mem_enabled(env, false);
     if (pm_signext) {
         return sextract64(result, 0, 64 - pm_len);
     }
-- 
2.43.0

2025-11-21T13:04:13+08:00, <frank.chang@sifive.com>:
> From: Frank Chang <frank.chang@sifive.com>
>
> When running with virtualization in VS/VU mode, or when executing the
> virtual-machine load/store instructions (HLV.* and HSV.*), the type of
> address that determines which pointer masking rules apply should be
> checked against vsatp rather than satp.
>
> As a result, sign extension also applies to the virtual-machine
> load/store instructions.
>
> Signed-off-by: Frank Chang <frank.chang@sifive.com>
> ---
> diff --git a/target/riscv/cpu_helper.c b/target/riscv/cpu_helper.c
> @@ -286,16 +286,27 @@ RISCVPmPmm riscv_pm_get_vm_ldst_pmm(CPURISCVState *env)
>  #endif
>  }
>  
> -bool riscv_cpu_virt_mem_enabled(CPURISCVState *env)
> +bool riscv_cpu_virt_mem_enabled(CPURISCVState *env, bool is_vm_ldst)
>  {
>  #ifndef CONFIG_USER_ONLY
>      int satp_mode = 0;
> -    int priv_mode = cpu_address_mode(env);
> +    uint64_t satp;
> +    int priv_mode;
> +    bool virt = false;
> +
> +    if (!is_vm_ldst) {
> +        riscv_cpu_eff_priv(env, &priv_mode, &virt);
> +    } else {
> +        priv_mode = get_field(env->hstatus, HSTATUS_SPVP);
> +        virt = true;
> +    }
> +
> +    satp = virt ? env->vsatp : env->satp;
>  
>      if (riscv_cpu_mxl(env) == MXL_RV32) {
> -        satp_mode = get_field(env->satp, SATP32_MODE);
> +        satp_mode = get_field(satp, SATP32_MODE);
>      } else {
> -        satp_mode = get_field(env->satp, SATP64_MODE);
> +        satp_mode = get_field(satp, SATP64_MODE);
>      }
>  
>      return ((satp_mode != VM_1_10_MBARE) && (priv_mode != PRV_M));

riscv_cpu_virt_mem_enabled looked generic, so I got scared at the
beginning, but it's luckily only used for pointer masking.

Reviewed-by: Radim Krčmář <rkrcmar@ventanamicro.com>