[v2] target/riscv: fix require_rvv passing on non-RVV CPUs

[PATCH v2] target/riscv: fix require_rvv passing on non-RVV CPUs

Sébastien Michelland posted 1 patch 3 days, 3 hours ago

Diff against v3
Download mbox

Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/qemu tags/patchew/20260205125255.1219082-1-sebastien.michelland@inria.fr

Maintainers: Palmer Dabbelt <palmer@dabbelt.com>, Alistair Francis <alistair.francis@wdc.com>, Weiwei Li <liwei1518@gmail.com>, Daniel Henrique Barboza <dbarboza@ventanamicro.com>, Liu Zhiwei <zhiwei_liu@linux.alibaba.com>

There is a newer version of this series

target/riscv/tcg/tcg-cpu.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

Expand all Fold all

[PATCH v2] target/riscv: fix require_rvv passing on non-RVV CPUs

Posted by Sébastien Michelland 3 days, 3 hours ago

trans_rvv.c.inc checks for the RVV extension through the function
require_rvv. However, at least under CONFIG_USER_ONLY, the RVV extension
status in DisasContex->mstatus_vs is always set to DIRTY, therefore
treating RVV instructions as legal even when the extension is not
present, e.g. with -cpu=rv32,v=false.

This bug manifests rarely because vset{i}vl{i} perform extra checks that
do fail without RVV, thus raising SIGILL, and with no vtype set nearly
all other RVV instructions still pass require_rvv but fail the vill check.
Only instructions that don't depend on type (whole-register load/stores,
such as vs*r.v) would show the bug by being executed when v=false.

This patch sets mstatus_vs to DISABLED when RVV is not present, meaning
require_rvv now fails as intended.

Signed-off-by: Sébastien Michelland <sebastien.michelland@inria.fr>
---
Follow-up from v1 which (incorrectly) modified vs*r.v.

 target/riscv/tcg/tcg-cpu.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/target/riscv/tcg/tcg-cpu.c b/target/riscv/tcg/tcg-cpu.c
index 988b2d905f..3ab1a4f0a7 100644
--- a/target/riscv/tcg/tcg-cpu.c
+++ b/target/riscv/tcg/tcg-cpu.c
@@ -153,7 +153,7 @@ static TCGTBCPUState riscv_get_tb_cpu_state(CPUState *cs)
 
 #ifdef CONFIG_USER_ONLY
     fs = EXT_STATUS_DIRTY;
-    vs = EXT_STATUS_DIRTY;
+    vs = riscv_has_ext(env, RVV) ? EXT_STATUS_DIRTY : EXT_STATUS_DISABLED;
 #else
     flags = FIELD_DP32(flags, TB_FLAGS, PRIV, env->priv);
 
-- 
2.52.0

Re: [PATCH v2] target/riscv: fix require_rvv passing on non-RVV CPUs

Posted by Max Chou 2 days, 23 hours ago

On 2026-02-05 13:52, Sébastien Michelland wrote:
> @@ -153,7 +153,7 @@ static TCGTBCPUState riscv_get_tb_cpu_state(CPUState *cs)
>  
>  #ifdef CONFIG_USER_ONLY
>      fs = EXT_STATUS_DIRTY;
> -    vs = EXT_STATUS_DIRTY;
> +    vs = riscv_has_ext(env, RVV) ? EXT_STATUS_DIRTY : EXT_STATUS_DISABLED;
>  #else
>      flags = FIELD_DP32(flags, TB_FLAGS, PRIV, env->priv);

Hi Sébastien,

This v2 is good, but there’s a potential bug when users enable embedded
vector extensions (e.g., ZveXX) that aren’t standard RVV.

I suggest that we replace the RVV check with a check on the Zve32x,
which will be implied by all embedded vector extensions and standard
RVV.

    vs = cpu->cfg.ext_zve32x ? EXT_STATUS_DIRTY : EXT_STATUS_DISABLED;

rnax