[v1] target/loongarch: Fix NX enforcement for PTW helpers

[PATCH 2/2] target/loongarch: Avoid recursive PNX exception on CSR_BADI fetch

Posted by Andrew S. Rightenburg via qemu development 1 month, 1 week ago

From: rail5 <andrew@rail5.org>

loongarch_cpu_do_interrupt() updates CSR_BADI by fetching the faulting
instruction with cpu_ldl_code_mmu().

For a PNX exception (instruction fetch prohibited by NX), fetching the
instruction at env->pc will fault with PNX again. This can lead to an
infinite exception loop.

Treat PNX like other instruction-fetch exceptions (PIF/ADEF) and do not
update CSR_BADI for it.

Fixes: 410dfbf620a ("target/loongarch: Move TCG specified functions to tcg_cpu.c")
Cc: qemu-stable@nongnu.org
Signed-off-by: rail5 (Andrew S. Rightenburg) <andrew@rail5.org>
---
 target/loongarch/tcg/tcg_cpu.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/target/loongarch/tcg/tcg_cpu.c b/target/loongarch/tcg/tcg_cpu.c
index af92277669..31d3db6e8e 100644
--- a/target/loongarch/tcg/tcg_cpu.c
+++ b/target/loongarch/tcg/tcg_cpu.c
@@ -109,6 +109,7 @@ static void loongarch_cpu_do_interrupt(CPUState *cs)
         }
         QEMU_FALLTHROUGH;
     case EXCCODE_PIF:
+    case EXCCODE_PNX:
     case EXCCODE_ADEF:
         cause = cs->exception_index;
         update_badinstr = 0;
@@ -129,7 +130,6 @@ static void loongarch_cpu_do_interrupt(CPUState *cs)
     case EXCCODE_PIS:
     case EXCCODE_PME:
     case EXCCODE_PNR:
-    case EXCCODE_PNX:
     case EXCCODE_PPI:
         cause = cs->exception_index;
         break;
-- 
2.47.3

Re: [PATCH 2/2] target/loongarch: Avoid recursive PNX exception on CSR_BADI fetch

Posted by Bibo Mao 1 month ago


On 2026/3/5 下午9:54, Andrew S. Rightenburg via qemu development wrote:
> From: rail5 <andrew@rail5.org>
> 
> loongarch_cpu_do_interrupt() updates CSR_BADI by fetching the faulting
> instruction with cpu_ldl_code_mmu().
> 
> For a PNX exception (instruction fetch prohibited by NX), fetching the
> instruction at env->pc will fault with PNX again. This can lead to an
> infinite exception loop.
> 
> Treat PNX like other instruction-fetch exceptions (PIF/ADEF) and do not
> update CSR_BADI for it.
> 
> Fixes: 410dfbf620a ("target/loongarch: Move TCG specified functions to tcg_cpu.c")
> Cc: qemu-stable@nongnu.org
> Signed-off-by: rail5 (Andrew S. Rightenburg) <andrew@rail5.org>
> ---
>   target/loongarch/tcg/tcg_cpu.c | 2 +-
>   1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/target/loongarch/tcg/tcg_cpu.c b/target/loongarch/tcg/tcg_cpu.c
> index af92277669..31d3db6e8e 100644
> --- a/target/loongarch/tcg/tcg_cpu.c
> +++ b/target/loongarch/tcg/tcg_cpu.c
> @@ -109,6 +109,7 @@ static void loongarch_cpu_do_interrupt(CPUState *cs)
>           }
>           QEMU_FALLTHROUGH;
>       case EXCCODE_PIF:
> +    case EXCCODE_PNX:
>       case EXCCODE_ADEF:
>           cause = cs->exception_index;
>           update_badinstr = 0;
> @@ -129,7 +130,6 @@ static void loongarch_cpu_do_interrupt(CPUState *cs)
>       case EXCCODE_PIS:
>       case EXCCODE_PME:
>       case EXCCODE_PNR:
> -    case EXCCODE_PNX:
>       case EXCCODE_PPI:
>           cause = cs->exception_index;
>           break;
> 
Reviewed-by: Bibo Mao <maobibo@loongson.cn>

[PATCH 1/2] target/loongarch: Preserve PTE permission bits in LDDIR/LDPTE
[PATCH 2/2] target/loongarch: Avoid recursive PNX exception on CSR_BADI fetch