1. Patchew
  2. QEMU
  3. View series

[PATCH 0/2] Fix probe_pages and vext_ldff issues

Max Chou posted 2 patches 2 weeks, 5 days ago
Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/qemu tags/patchew/20260318013805.1920377-1-max.chou@sifive.com
Maintainers: Palmer Dabbelt <palmer@dabbelt.com>, Alistair Francis <alistair.francis@wdc.com>, Weiwei Li <liwei1518@gmail.com>, Daniel Henrique Barboza <dbarboza@ventanamicro.com>, Liu Zhiwei <zhiwei_liu@linux.alibaba.com>
target/riscv/vector_helper.c | 23 +++++++----------------
1 file changed, 7 insertions(+), 16 deletions(-)
[PATCH 0/2] Fix probe_pages and vext_ldff issues
Posted by Max Chou 2 weeks, 5 days ago 
This patchset fixes following issues in the RISC-V vector
fault-only-first load implementation and the probe_pages helper
function.

1. probe_pages flag handling:
   When probing memory spanning two pages, probe_pages calls
   probe_access_flags twice. The flags from the second page were
   overwriting the first page's flags instead of being merged, causing
   watchpoint and other TLB attributes to be lost.

2. vext_ldff cross-page logic:
   The manual two-phase probing in vext_ldff had three issues:
   a) Wrong condition: checked "env->vl > elems" instead of
      "env->vl > elems + env->vstart", missing the vstart offset
   b) Wrong address: used "addr + (elems << log2_esz)" instead of
      "addr + page_split", probing incorrect addresses for segment
      loads (nf > 1)
   c) Wrong size: used "elems * msize" (first page size) instead of
      calculating remaining size, potentially missing faults


Patch 1 fixes the probe_pages helper to properly merge flags from both
pages.

Patch 2 fixes vext_ldff by replacing the buggy manual cross-page logic
by a single probe_pages call with the correct total size. This
leverages the infrastructure that probe_pages already provides for
handling cross-page accesses automatically.

rnax


Max Chou (2):
  target/riscv: rvv: Fix missing flags merge in probe_pages for
    cross-page accesses
  target/riscv: rvv: Fix page probe issues in vext_ldff

 target/riscv/vector_helper.c | 23 +++++++----------------
 1 file changed, 7 insertions(+), 16 deletions(-)

-- 
2.43.7
Re: [PATCH 0/2] Fix probe_pages and vext_ldff issues
Posted by Michael Tokarev 2 weeks, 2 days ago 
On 18.03.2026 04:38, Max Chou wrote:
> This patchset fixes following issues in the RISC-V vector
> fault-only-first load implementation and the probe_pages helper
> function.
> 
> 1. probe_pages flag handling:
>     When probing memory spanning two pages, probe_pages calls
>     probe_access_flags twice. The flags from the second page were
>     overwriting the first page's flags instead of being merged, causing
>     watchpoint and other TLB attributes to be lost.
> 
> 2. vext_ldff cross-page logic:
>     The manual two-phase probing in vext_ldff had three issues:
>     a) Wrong condition: checked "env->vl > elems" instead of
>        "env->vl > elems + env->vstart", missing the vstart offset
>     b) Wrong address: used "addr + (elems << log2_esz)" instead of
>        "addr + page_split", probing incorrect addresses for segment
>        loads (nf > 1)
>     c) Wrong size: used "elems * msize" (first page size) instead of
>        calculating remaining size, potentially missing faults
> 
> 
> Patch 1 fixes the probe_pages helper to properly merge flags from both
> pages.
> 
> Patch 2 fixes vext_ldff by replacing the buggy manual cross-page logic
> by a single probe_pages call with the correct total size. This
> leverages the infrastructure that probe_pages already provides for
> handling cross-page accesses automatically.
> 
> rnax

This feels like a qemu-stable material but I'm not sure about that.

Please let me know if these fixes should be picked up for the current
stable releases of qemu, especially for 10.0.x series which is currently
an LTS series.

Thanks,

/mjt
Re: [PATCH 0/2] Fix probe_pages and vext_ldff issues
Posted by Max Chou 2 weeks ago 
On 2026-03-20 23:53, Michael Tokarev wrote:
> This feels like a qemu-stable material but I'm not sure about that.
> 
> Please let me know if these fixes should be picked up for the current
> stable releases of qemu, especially for 10.0.x series which is currently
> an LTS series.
> 
> Thanks,
> 
> /mjt

Hi Michael,

Yes, I believe this patchset should be picked up for the current stable
release. These patches address the issues that were introduced after
v10.0.0-rc0.

Thanks,

rnax
Re: [PATCH 0/2] Fix probe_pages and vext_ldff issues
Posted by Michael Tokarev 2 weeks ago 
On 23.03.2026 10:08, Max Chou wrote:

> Yes, I believe this patchset should be picked up for the current stable
> release. These patches address the issues that were introduced after
> v10.0.0-rc0.

This makes sense.

However, 10.0 lacks d887736225 "Expand the probe_pages helper function
to handle probe flags", which makes the first change in this series
(5568177738 "target/riscv: rvv: Fix missing flags merge in probe_pages
for cross-page accesses") non-applicable.

Is it okay to pick d887736225 for 10.0.x too?  (Adding Paolo Savini to
the Cc list).

The result works and passes tests but since it's not my area it'd be
nice if someone can confirm/deny.  Or maybe some other fixes should be
picked up for 10.0.x too.  The current result is at
https://gitlab.com/mjt0k/qemu/-/commits/staging-10.0

Thanks!

/mjt
Re: [PATCH 0/2] Fix probe_pages and vext_ldff issues
Posted by Max Chou 2 weeks ago 
On 2026-03-23 10:26, Michael Tokarev wrote:
> This makes sense.
> 
> However, 10.0 lacks d887736225 "Expand the probe_pages helper function
> to handle probe flags", which makes the first change in this series
> (5568177738 "target/riscv: rvv: Fix missing flags merge in probe_pages
> for cross-page accesses") non-applicable.
> 
> Is it okay to pick d887736225 for 10.0.x too?  (Adding Paolo Savini to
> the Cc list).
> 
> The result works and passes tests but since it's not my area it'd be
> nice if someone can confirm/deny.  Or maybe some other fixes should be
> picked up for 10.0.x too.  The current result is at
> https://gitlab.com/mjt0k/qemu/-/commits/staging-10.0
> 
> Thanks!
> 
> /mjt

Hi Michael,

Regarding commit d887736225, I agree with you that it should be picked
up for the 10.0.x series. It includes the necessary modifications for
probe_pages that enable the first patch of this patchset to apply
correctly, so I think that is okay to include.

I've checked the cherry-picks (3b3e6682/2f4335d7/ba624f3f) in the
stable-10.0, and they LGTM. It appears to include the related commits of
this patchset.

Thanks,

rnax
Re: [PATCH 0/2] Fix probe_pages and vext_ldff issues
Posted by Paolo Savini 2 weeks ago 
Hi Michael,

Thanks for this. I agree commitd887736225 is needed and adding it looks

legitimate to me.

Best wishes

Paolo Savini

On 3/23/26 08:19, Max Chou wrote:
> On 2026-03-23 10:26, Michael Tokarev wrote:
>> This makes sense.
>>
>> However, 10.0 lacks d887736225 "Expand the probe_pages helper function
>> to handle probe flags", which makes the first change in this series
>> (5568177738 "target/riscv: rvv: Fix missing flags merge in probe_pages
>> for cross-page accesses") non-applicable.
>>
>> Is it okay to pick d887736225 for 10.0.x too?  (Adding Paolo Savini to
>> the Cc list).
>>
>> The result works and passes tests but since it's not my area it'd be
>> nice if someone can confirm/deny.  Or maybe some other fixes should be
>> picked up for 10.0.x too.  The current result is at
>> https://gitlab.com/mjt0k/qemu/-/commits/staging-10.0
>>
>> Thanks!
>>
>> /mjt
> Hi Michael,
>
> Regarding commit d887736225, I agree with you that it should be picked
> up for the 10.0.x series. It includes the necessary modifications for
> probe_pages that enable the first patch of this patchset to apply
> correctly, so I think that is okay to include.
>
> I've checked the cherry-picks (3b3e6682/2f4335d7/ba624f3f) in the
> stable-10.0, and they LGTM. It appears to include the related commits of
> this patchset.
>
> Thanks,
>
> rnax
Re: [PATCH 0/2] Fix probe_pages and vext_ldff issues
Posted by Alistair Francis 2 weeks, 4 days ago 
On Wed, Mar 18, 2026 at 11:38 AM Max Chou <max.chou@sifive.com> wrote:
>
> This patchset fixes following issues in the RISC-V vector
> fault-only-first load implementation and the probe_pages helper
> function.
>
> 1. probe_pages flag handling:
>    When probing memory spanning two pages, probe_pages calls
>    probe_access_flags twice. The flags from the second page were
>    overwriting the first page's flags instead of being merged, causing
>    watchpoint and other TLB attributes to be lost.
>
> 2. vext_ldff cross-page logic:
>    The manual two-phase probing in vext_ldff had three issues:
>    a) Wrong condition: checked "env->vl > elems" instead of
>       "env->vl > elems + env->vstart", missing the vstart offset
>    b) Wrong address: used "addr + (elems << log2_esz)" instead of
>       "addr + page_split", probing incorrect addresses for segment
>       loads (nf > 1)
>    c) Wrong size: used "elems * msize" (first page size) instead of
>       calculating remaining size, potentially missing faults
>
>
> Patch 1 fixes the probe_pages helper to properly merge flags from both
> pages.
>
> Patch 2 fixes vext_ldff by replacing the buggy manual cross-page logic
> by a single probe_pages call with the correct total size. This
> leverages the infrastructure that probe_pages already provides for
> handling cross-page accesses automatically.
>
> rnax
>
>
> Max Chou (2):
>   target/riscv: rvv: Fix missing flags merge in probe_pages for
>     cross-page accesses
>   target/riscv: rvv: Fix page probe issues in vext_ldff

Thanks!

Applied to riscv-to-apply.next

Alistair

>
>  target/riscv/vector_helper.c | 23 +++++++----------------
>  1 file changed, 7 insertions(+), 16 deletions(-)
>
> --
> 2.43.7
>
>

Patchew 2.1-devel-ea86937

© 2016 - 2026 Red Hat, Inc.