From nobody Sat Apr 11 21:31:49 2026
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
	dkim=fail;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org;
	dmarc=pass(p=none dis=none)  header.from=nongnu.org
ARC-Seal: i=1; a=rsa-sha256; t=1772722897; cv=none;
	d=zohomail.com; s=zohoarc;
	b=IIre3DsNa6JObfZlcxC9cO71bEJQBeBqoCo6JiWqxSEp9MCBIimln78IMvyI3cHfTe/OMUHlQVMZbg8TEXI8fE/p4GnwM54ghrLCkfnxxgvhgF9PEWr9k4v52WIou7HrtB+ibFdrwDTitkykBuA1+eC6Yiq936je56JesnffOiA=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1772722897;
 h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:Reply-To:References:Sender:Subject:Subject:To:To:Message-Id;
	bh=rlvEK3zpXM+ZN/tpPbbiK+Ny4gvcFdQRretXFug9nM4=;
	b=nKg8e37Qd2LdXoX0GEO+epa0rkfyo/wgN1cMtlKoTj0fJN2Q7mhHCM7Ym5YWoQuA4JuzTr1yfFrxJHZAiQmXKxNZCRacTA1fYvd6ipeR9YaYUTCTe9W46+Z0++dK5RxgKFhL22QoA2rJV88F2g1lbSjRj993FdCIudmKJ6mXhkA=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=fail;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org;
	dmarc=pass header.from=<qemu-devel@nongnu.org> (p=none dis=none)
Return-Path: <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by
 mx.zohomail.com
	with SMTPS id 1772722897200311.582536219854;
 Thu, 5 Mar 2026 07:01:37 -0800 (PST)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <qemu-devel-bounces@nongnu.org>)
	id 1vyACK-0000eA-8A; Thu, 05 Mar 2026 10:01:11 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <andrew@rail5.org>)
 id 1vy9A1-00017r-BH; Thu, 05 Mar 2026 08:54:41 -0500
Received: from layka.disroot.org ([178.21.23.139])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <andrew@rail5.org>)
 id 1vy99z-0006Rf-NM; Thu, 05 Mar 2026 08:54:41 -0500
Received: from [127.0.0.1] (localhost [127.0.0.1])
 by disroot.org (Postfix) with ESMTP id 3922426F6D;
 Thu,  5 Mar 2026 14:54:38 +0100 (CET)
Received: from layka.disroot.org ([127.0.0.1])
 by localhost (disroot.org [127.0.0.1]) (amavis, port 10024) with ESMTP
 id omLkePT48Bul; Thu,  5 Mar 2026 14:54:37 +0100 (CET)
X-Virus-Scanned: SPAM Filter at disroot.org
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=rail5.org; s=mail;
 t=1772718877; bh=uEqaoNxvMmFgVA7r47PFAEQsfQQDjD7evQP317PaK30=;
 h=From:To:Cc:Subject:Date:In-Reply-To:References;
 b=ct6j/030fhDKhmLRC0ke04qB8PWgnLIBAMCQKaTUqAWD2WxLkzs74zMSCDmRzhB9n
 1tRj7Fou5ADmWV5hcw+qqcUT9A5twefQBdLvi/0KhbFgT22n9Os+2iyASwJuVLNepL
 hQ8V7ekQQxZxxS4D6iIzuPfLFvGEqTPBb0E16ytF5hZuRocaQN9lSzprbI03N3ynht
 ZC9nidSm7ruCx9IZwXWAWoVRK33z1nUXf4eaq7OIvzBsHd0Yxybhe9BFCWhrHw1Y/X
 6w/j9zZBD5SvB7D6Sv+A9lIRvpL4aiZyXJDC3GTp0cPjIXDxpIqMQ3jOiCDVVoss9N
 CrtftJCaxbxCQ==
To: qemu-devel@nongnu.org
Cc: gaosong@loongson.cn,
	rail5 <andrew@rail5.org>,
	qemu-stable@nongnu.org
Subject: [PATCH 1/2] target/loongarch: Preserve PTE permission bits in
 LDDIR/LDPTE
Date: Thu,  5 Mar 2026 21:54:00 +0800
Message-ID: <20260305135403.831693-2-andrew@rail5.org>
In-Reply-To: <20260305135403.831693-1-andrew@rail5.org>
References: <20260305135403.831693-1-andrew@rail5.org>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17
 as permitted sender) client-ip=209.51.188.17;
 envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org;
 helo=lists.gnu.org;
Received-SPF: pass client-ip=178.21.23.139; envelope-from=andrew@rail5.org;
 helo=layka.disroot.org
X-Spam_score_int: -1
X-Spam_score: -0.2
X-Spam_bar: /
X-Spam_report: (-0.2 / 5.0 requ) BAYES_00=-1.9, DKIM_INVALID=0.1,
 DKIM_SIGNED=0.1, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001,
 RCVD_IN_VALIDITY_RPBL_BLOCKED=0.892, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.622,
 SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no
X-Spam_action: no action
X-Mailman-Approved-At: Thu, 05 Mar 2026 10:00:46 -0500
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: qemu development <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Reply-to: "Andrew S. Rightenburg" <andrew@rail5.org>
From: "Andrew S. Rightenburg" via qemu development <qemu-devel@nongnu.org>
Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org
Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org
X-ZohoMail-DKIM: fail (identity @rail5.org: invalid key for signature:
 Unexpected termination at position 8: v=DKIM1;
 lL35sG042y7aaT9vn7lGmw26+ReezB5vL/AUt8gOdOnESFwVHbcQCDE3+HPGI0ILRv0Wz2AH7rmsoVpIPVTTI5C5BfkMlozcxU3qqiPLaVwaAKYd1sA29IDBaFHZM2B63Ta71ETH2RjfvJcxEYq5/FKP5jNvXhQIDAQAB;
 | [
 lL35sG042y7aaT9vn7lGmw26+ReezB5vL/AUt8gOdOnESFwVHbcQCDE3+HPGI0ILRv0Wz2AH7rmsoVpIPVTTI5C5BfkMlozcxU3qqiPLaVwaAKYd1sA29IDBaFHZM2B63Ta71ETH2RjfvJcxEYq5/FKP5jNvXhQIDAQAB;])
X-ZM-MESSAGEID: 1772722899814158501
Content-Type: text/plain; charset="utf-8"

From: rail5 <andrew@rail5.org>

The LDDIR/LDPTE helpers load a page table entry (or huge page entry)
from guest memory and currently apply the PALEN mask to the whole
64-bit value.

That mask is intended to constrain the physical address bits, but masking
the full entry also clears permission bits in the upper part of the PTE,
including NX (bit 62). As a result, LoongArch TCG can incorrectly allow
instruction fetches from NX mappings when translation is driven through
these helpers.

Mask only the PPN/address field and preserve the rest of the PTE.

This was reported as a bug at:
https://gitlab.com/qemu-project/qemu/-/issues/3319

Fixes: 56599a705f2 ("target/loongarch: Introduce loongarch_palen_mask()")
Cc: qemu-stable@nongnu.org
Signed-off-by: rail5 (Andrew S. Rightenburg) <andrew@rail5.org>
---
 target/loongarch/tcg/tlb_helper.c | 29 +++++++++++++++++++++++++----
 1 file changed, 25 insertions(+), 4 deletions(-)

diff --git a/target/loongarch/tcg/tlb_helper.c b/target/loongarch/tcg/tlb_h=
elper.c
index c1dc77a8f8..8747fa2a0f 100644
--- a/target/loongarch/tcg/tlb_helper.c
+++ b/target/loongarch/tcg/tlb_helper.c
@@ -686,6 +686,24 @@ bool loongarch_cpu_tlb_fill(CPUState *cs, vaddr addres=
s, int size,
     cpu_loop_exit_restore(cs, retaddr);
 }
=20
+static inline uint64_t loongarch_mask_pte_ppn(CPULoongArchState *env,
+                                              uint64_t pte)
+{
+    uint64_t palen_mask =3D loongarch_palen_mask(env);
+
+    if (is_la64(env)) {
+        uint64_t ppn_bits =3D pte & MAKE_64BIT_MASK(12, 36);
+        uint64_t ppn_masked =3D ppn_bits & palen_mask;
+
+        return (pte & ~MAKE_64BIT_MASK(12, 36)) | ppn_masked;
+    } else {
+        uint64_t ppn_bits =3D pte & MAKE_64BIT_MASK(8, 24);
+        uint64_t ppn_masked =3D ppn_bits & palen_mask;
+
+        return (pte & ~MAKE_64BIT_MASK(8, 24)) | ppn_masked;
+    }
+}
+
 target_ulong helper_lddir(CPULoongArchState *env, target_ulong base,
                           uint32_t level, uint32_t mem_idx)
 {
@@ -721,7 +739,7 @@ target_ulong helper_lddir(CPULoongArchState *env, targe=
t_ulong base,
     get_dir_base_width(env, &dir_base, &dir_width, level);
     index =3D (badvaddr >> dir_base) & ((1 << dir_width) - 1);
     phys =3D base | index << 3;
-    return ldq_le_phys(cs->as, phys) & palen_mask;
+    return loongarch_mask_pte_ppn(env, ldq_le_phys(cs->as, phys));
 }
=20
 void helper_ldpte(CPULoongArchState *env, target_ulong base, target_ulong =
odd,
@@ -729,6 +747,7 @@ void helper_ldpte(CPULoongArchState *env, target_ulong =
base, target_ulong odd,
 {
     CPUState *cs =3D env_cpu(env);
     hwaddr phys, tmp0, ptindex, ptoffset0, ptoffset1;
+    uint64_t pte_raw;
     uint64_t badv;
     uint64_t ptbase =3D FIELD_EX64(env->CSR_PWCL, CSR_PWCL, PTBASE);
     uint64_t ptwidth =3D FIELD_EX64(env->CSR_PWCL, CSR_PWCL, PTWIDTH);
@@ -744,7 +763,6 @@ void helper_ldpte(CPULoongArchState *env, target_ulong =
base, target_ulong odd,
      * and the other is the huge page entry,
      * whose bit 6 should be 1.
      */
-    base =3D base & palen_mask;
     if (FIELD_EX64(base, TLBENTRY, HUGE)) {
         /*
          * Gets the huge page level and Gets huge page size.
@@ -768,7 +786,7 @@ void helper_ldpte(CPULoongArchState *env, target_ulong =
base, target_ulong odd,
          * when loaded into the tlb,
          * so the tlb page size needs to be divided by 2.
          */
-        tmp0 =3D base;
+        tmp0 =3D loongarch_mask_pte_ppn(env, base);
         if (odd) {
             tmp0 +=3D MAKE_64BIT_MASK(ps, 1);
         }
@@ -780,12 +798,15 @@ void helper_ldpte(CPULoongArchState *env, target_ulon=
g base, target_ulong odd,
     } else {
         badv =3D env->CSR_TLBRBADV;
=20
+        base =3D base & palen_mask;
+
         ptindex =3D (badv >> ptbase) & ((1 << ptwidth) - 1);
         ptindex =3D ptindex & ~0x1;   /* clear bit 0 */
         ptoffset0 =3D ptindex << 3;
         ptoffset1 =3D (ptindex + 1) << 3;
         phys =3D base | (odd ? ptoffset1 : ptoffset0);
-        tmp0 =3D ldq_le_phys(cs->as, phys) & palen_mask;
+        pte_raw =3D ldq_le_phys(cs->as, phys);
+        tmp0 =3D loongarch_mask_pte_ppn(env, pte_raw);
         ps =3D ptbase;
     }
=20
--=20
2.47.3
From nobody Sat Apr 11 21:31:49 2026
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
	dkim=fail;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org;
	dmarc=pass(p=none dis=none)  header.from=nongnu.org
ARC-Seal: i=1; a=rsa-sha256; t=1772722897; cv=none;
	d=zohomail.com; s=zohoarc;
	b=aS1A32LnsHvoiWLB2PlzcqQzIuX+OmZ/vtw1Ma34sG52EhTdmUDMQU+vTm5jCGyNLrubTjqUksPLjRS0+KIQi0iRV3h4E0YetxZhnVJnd/rxUyf/NbItuiZ7BlkxTCjAuoMOJkAe4zXFH/ScJezPCKGVB2Imp+UvWTFAEUzBZqM=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1772722897;
 h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:Reply-To:References:Sender:Subject:Subject:To:To:Message-Id;
	bh=OE1iiS/tFNFspZEIFMW6rUnP7YcuytwEJEsZiZqBrAg=;
	b=EJpJ7+kAjXSscQVbsOg1s1qsKie8t9VTGpqtG3o6HQRDpdV8aR9ueb3bt8yX4xkybcYvEgxobDyHwTeUsE4ag3Wf1Y6Iap7vgenYjPbU56KRmlMR09gsNKkSNIhzRMnZWbwzwaIbsKRsNzLjWqJMM7QnK1Yb5zc4YbdGdZkXltM=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=fail;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org;
	dmarc=pass header.from=<qemu-devel@nongnu.org> (p=none dis=none)
Return-Path: <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by
 mx.zohomail.com
	with SMTPS id 1772722896937451.69026354238963;
 Thu, 5 Mar 2026 07:01:36 -0800 (PST)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <qemu-devel-bounces@nongnu.org>)
	id 1vyAC6-0000dM-Rk; Thu, 05 Mar 2026 10:01:04 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <andrew@rail5.org>)
 id 1vy9A8-0001BK-M2; Thu, 05 Mar 2026 08:54:48 -0500
Received: from layka.disroot.org ([178.21.23.139])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <andrew@rail5.org>)
 id 1vy9A5-0006SA-6E; Thu, 05 Mar 2026 08:54:47 -0500
Received: from [127.0.0.1] (localhost [127.0.0.1])
 by disroot.org (Postfix) with ESMTP id DB3F326725;
 Thu,  5 Mar 2026 14:54:42 +0100 (CET)
Received: from layka.disroot.org ([127.0.0.1])
 by localhost (disroot.org [127.0.0.1]) (amavis, port 10024) with ESMTP
 id Gh6nMdHzNRJU; Thu,  5 Mar 2026 14:54:42 +0100 (CET)
X-Virus-Scanned: SPAM Filter at disroot.org
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=rail5.org; s=mail;
 t=1772718882; bh=WwfOneAe8RDQufBkwItCP4ioTxf/nPiXhHa+gBL/Lv8=;
 h=From:To:Cc:Subject:Date:In-Reply-To:References;
 b=NeHFu4Unr4pug8E2RS1o9l0MmKVm52tMCB76esVPXWmhpzn5+IQQQnDkA3qNw9udG
 hpbgzhTj5i3J/fyz6G86Ax8/55IlhMKI6MvJgHEjJKZMfOwaKHX3O8MTpJkru2Pzoj
 9DNo+cchsLGcWg8wYA0XEc3nGH7T3CQsltjBorqTFbGPmAXiq0mNSR80pUe9RS4/Iy
 5EANCnBHWPjMh5HgrQPaXa6UevcfVJROnUsjI3+WYcvbBO6gi7o5CGhb6M9+IvOE3F
 diLy1ogp6p1Dk+8jbX4eeuQiROjo2r2/+9i6xq2pbaEs867l3MvUBwKTskwNzyn1P/
 O1T3c+6atlSww==
To: qemu-devel@nongnu.org
Cc: gaosong@loongson.cn,
	rail5 <andrew@rail5.org>,
	qemu-stable@nongnu.org
Subject: [PATCH 2/2] target/loongarch: Avoid recursive PNX exception on
 CSR_BADI fetch
Date: Thu,  5 Mar 2026 21:54:01 +0800
Message-ID: <20260305135403.831693-3-andrew@rail5.org>
In-Reply-To: <20260305135403.831693-1-andrew@rail5.org>
References: <20260305135403.831693-1-andrew@rail5.org>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17
 as permitted sender) client-ip=209.51.188.17;
 envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org;
 helo=lists.gnu.org;
Received-SPF: pass client-ip=178.21.23.139; envelope-from=andrew@rail5.org;
 helo=layka.disroot.org
X-Spam_score_int: -1
X-Spam_score: -0.2
X-Spam_bar: /
X-Spam_report: (-0.2 / 5.0 requ) BAYES_00=-1.9, DKIM_INVALID=0.1,
 DKIM_SIGNED=0.1, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001,
 RCVD_IN_VALIDITY_RPBL_BLOCKED=0.892, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.622,
 SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no
X-Spam_action: no action
X-Mailman-Approved-At: Thu, 05 Mar 2026 10:00:48 -0500
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: qemu development <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Reply-to: "Andrew S. Rightenburg" <andrew@rail5.org>
From: "Andrew S. Rightenburg" via qemu development <qemu-devel@nongnu.org>
Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org
Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org
X-ZohoMail-DKIM: fail (identity @rail5.org: invalid key for signature:
 Unexpected termination at position 8: v=DKIM1;
 lL35sG042y7aaT9vn7lGmw26+ReezB5vL/AUt8gOdOnESFwVHbcQCDE3+HPGI0ILRv0Wz2AH7rmsoVpIPVTTI5C5BfkMlozcxU3qqiPLaVwaAKYd1sA29IDBaFHZM2B63Ta71ETH2RjfvJcxEYq5/FKP5jNvXhQIDAQAB;
 | [
 lL35sG042y7aaT9vn7lGmw26+ReezB5vL/AUt8gOdOnESFwVHbcQCDE3+HPGI0ILRv0Wz2AH7rmsoVpIPVTTI5C5BfkMlozcxU3qqiPLaVwaAKYd1sA29IDBaFHZM2B63Ta71ETH2RjfvJcxEYq5/FKP5jNvXhQIDAQAB;])
X-ZM-MESSAGEID: 1772722899851154100
Content-Type: text/plain; charset="utf-8"

From: rail5 <andrew@rail5.org>

loongarch_cpu_do_interrupt() updates CSR_BADI by fetching the faulting
instruction with cpu_ldl_code_mmu().

For a PNX exception (instruction fetch prohibited by NX), fetching the
instruction at env->pc will fault with PNX again. This can lead to an
infinite exception loop.

Treat PNX like other instruction-fetch exceptions (PIF/ADEF) and do not
update CSR_BADI for it.

Fixes: 410dfbf620a ("target/loongarch: Move TCG specified functions to tcg_=
cpu.c")
Cc: qemu-stable@nongnu.org
Signed-off-by: rail5 (Andrew S. Rightenburg) <andrew@rail5.org>
Reviewed-by: Bibo Mao <maobibo@loongson.cn>
---
 target/loongarch/tcg/tcg_cpu.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/target/loongarch/tcg/tcg_cpu.c b/target/loongarch/tcg/tcg_cpu.c
index af92277669..31d3db6e8e 100644
--- a/target/loongarch/tcg/tcg_cpu.c
+++ b/target/loongarch/tcg/tcg_cpu.c
@@ -109,6 +109,7 @@ static void loongarch_cpu_do_interrupt(CPUState *cs)
         }
         QEMU_FALLTHROUGH;
     case EXCCODE_PIF:
+    case EXCCODE_PNX:
     case EXCCODE_ADEF:
         cause =3D cs->exception_index;
         update_badinstr =3D 0;
@@ -129,7 +130,6 @@ static void loongarch_cpu_do_interrupt(CPUState *cs)
     case EXCCODE_PIS:
     case EXCCODE_PME:
     case EXCCODE_PNR:
-    case EXCCODE_PNX:
     case EXCCODE_PPI:
         cause =3D cs->exception_index;
         break;
--=20
2.47.3