1. Patchew
  2. QEMU
  3. View series

[PATCH v2] target/riscv: Allow mseccfg access based on ext_zicfilp

Zishun Yi posted 1 patch 2 weeks ago
Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/qemu tags/patchew/20260511031719.2826247-1-vulab@iscas.ac.cn
Maintainers: Palmer Dabbelt <palmer@dabbelt.com>, Alistair Francis <alistair.francis@wdc.com>, Weiwei Li <liwei1518@gmail.com>, Daniel Henrique Barboza <daniel.barboza@oss.qualcomm.com>, Liu Zhiwei <zhiwei_liu@linux.alibaba.com>, Chao Liu <chao.liu.zevorn@gmail.com>
There is a newer version of this series
target/riscv/csr.c | 3 +++
1 file changed, 3 insertions(+)
[PATCH v2] target/riscv: Allow mseccfg access based on ext_zicfilp
Posted by Zishun Yi 2 weeks ago 
The Zicfilp extension adds the MLPE field to the mseccfg CSR. According
to the RISC-V Privileged Specification, mseccfg exists if any extension
that adds a field to it is implemented.

Currently, the `have_mseccfg()` predicate function checks for Smepmp,
Zkr, and Smmpm, but misses Zicfilp. As a result, if a CPU is configured
with `zicfilp=true` but without the other extensions, accessing the
mseccfg CSR will incorrectly raise an illegal instruction exception.

This patch adds the missing check for `ext_zicfilp` to ensure the CSR
is properly accessible when the Zicfilp extension is enabled.

This issue was discovered and reported by SpecHunter, an AI-driven
architecture specification analysis tool.

Link:https://github.com/yizishun/rv-isa-sec/blob/master/output/riscv-isa-manual/pr-2561/qemu.txt
Signed-off-by: Zishun Yi <vulab@iscas.ac.cn>
---
v2: Removed mistakenly added #include "cpu_bits.h".

 target/riscv/csr.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/target/riscv/csr.c b/target/riscv/csr.c
index da366cf56271..e1cd4a299cb0 100644
--- a/target/riscv/csr.c
+++ b/target/riscv/csr.c
@@ -783,6 +783,9 @@ static RISCVException have_mseccfg(CPURISCVState *env, int csrno)
     if (riscv_cpu_cfg(env)->ext_smmpm) {
         return RISCV_EXCP_NONE;
     }
+    if (riscv_cpu_cfg(env)->ext_zicfilp) {
+        return RISCV_EXCP_NONE;
+    }
 
     return RISCV_EXCP_ILLEGAL_INST;
 }
-- 
2.51.2
Re: [PATCH v2] target/riscv: Allow mseccfg access based on ext_zicfilp
Posted by Chao Liu 2 weeks ago 
On Mon, May 11, 2026 at 11:17:19AM +0800, Zishun Yi wrote:
> The Zicfilp extension adds the MLPE field to the mseccfg CSR. According
> to the RISC-V Privileged Specification, mseccfg exists if any extension
> that adds a field to it is implemented.
> 
> Currently, the `have_mseccfg()` predicate function checks for Smepmp,
> Zkr, and Smmpm, but misses Zicfilp. As a result, if a CPU is configured
> with `zicfilp=true` but without the other extensions, accessing the
> mseccfg CSR will incorrectly raise an illegal instruction exception.
> 
> This patch adds the missing check for `ext_zicfilp` to ensure the CSR
> is properly accessible when the Zicfilp extension is enabled.
> 
> This issue was discovered and reported by SpecHunter, an AI-driven
> architecture specification analysis tool.
> 
> Link:https://github.com/yizishun/rv-isa-sec/blob/master/output/riscv-isa-manual/pr-2561/qemu.txt
The `Link:` tag is missing a space after the colon.

> Signed-off-by: Zishun Yi <vulab@iscas.ac.cn>
Reviewed-by: Chao Liu <chao.liu.zevorn@gmail.com>

Thanks,
Chao
> ---
> v2: Removed mistakenly added #include "cpu_bits.h".
> 
>  target/riscv/csr.c | 3 +++
>  1 file changed, 3 insertions(+)
> 
> diff --git a/target/riscv/csr.c b/target/riscv/csr.c
> index da366cf56271..e1cd4a299cb0 100644
> --- a/target/riscv/csr.c
> +++ b/target/riscv/csr.c
> @@ -783,6 +783,9 @@ static RISCVException have_mseccfg(CPURISCVState *env, int csrno)
>      if (riscv_cpu_cfg(env)->ext_smmpm) {
>          return RISCV_EXCP_NONE;
>      }
> +    if (riscv_cpu_cfg(env)->ext_zicfilp) {
> +        return RISCV_EXCP_NONE;
> +    }
>  
>      return RISCV_EXCP_ILLEGAL_INST;
>  }
> -- 
> 2.51.2
>
Re: [PATCH v2] target/riscv: Allow mseccfg access based on ext_zicfilp
Posted by Zishun Yi 2 weeks ago 
On Mon, May 11, 2026 at 02:52:31PM +0800, Chao Liu wrote:
> On Mon, May 11, 2026 at 11:17:19AM +0800, Zishun Yi wrote:
> > The Zicfilp extension adds the MLPE field to the mseccfg CSR. According
> > to the RISC-V Privileged Specification, mseccfg exists if any extension
> > that adds a field to it is implemented.
> > 
> > Currently, the `have_mseccfg()` predicate function checks for Smepmp,
> > Zkr, and Smmpm, but misses Zicfilp. As a result, if a CPU is configured
> > with `zicfilp=true` but without the other extensions, accessing the
> > mseccfg CSR will incorrectly raise an illegal instruction exception.
> > 
> > This patch adds the missing check for `ext_zicfilp` to ensure the CSR
> > is properly accessible when the Zicfilp extension is enabled.
> > 
> > This issue was discovered and reported by SpecHunter, an AI-driven
> > architecture specification analysis tool.
> > 
> > Link:https://github.com/yizishun/rv-isa-sec/blob/master/output/riscv-isa-manual/pr-2561/qemu.txt
> The `Link:` tag is missing a space after the colon.
> 

Sorry for that, already sent the v3 patch.

Patchew 2.1-devel-ea86937

© 2016 - 2026 Red Hat, Inc.