hw/riscv/riscv-iommu: fix FSC SV32 capability check

[PATCH] hw/riscv/riscv-iommu: fix FSC SV32 capability check

Posted by Zishun Yi 2 weeks, 5 days ago

Fix a mode-to-capability comparison error in
riscv_iommu_validate_device_ctx.  The code was comparing fsc_mode (a
value) against a capability bitmask, making the SV32 support check
ineffective.

This issue was discovered and reported by SpecHunter, an AI-driven
architecture specification analysis tool.

Link: https://github.com/yizishun/rv-isa-sec/blob/master/output/riscv-iommu/pr-694/qemu.txt
Signed-off-by: Zishun Yi <vulab@iscas.ac.cn>
---
 hw/riscv/riscv-iommu.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/riscv/riscv-iommu.c b/hw/riscv/riscv-iommu.c
index 7ba32405522b..ba6090e1078c 100644
--- a/hw/riscv/riscv-iommu.c
+++ b/hw/riscv/riscv-iommu.c
@@ -777,7 +777,7 @@ static bool riscv_iommu_validate_device_ctx(RISCVIOMMUState *s,
         }
 
         if (ctx->tc & RISCV_IOMMU_DC_TC_SXL) {
-            if (fsc_mode == RISCV_IOMMU_CAP_SV32 &&
+            if (fsc_mode == RISCV_IOMMU_DC_FSC_IOSATP_MODE_SV32 &&
                 !(s->cap & RISCV_IOMMU_CAP_SV32)) {
                 return false;
             }
-- 
2.51.2

Re: [PATCH] hw/riscv/riscv-iommu: fix FSC SV32 capability check

Posted by Alistair Francis 1 week, 5 days ago

On Mon, May 11, 2026 at 7:53 PM Zishun Yi <vulab@iscas.ac.cn> wrote:
>
> Fix a mode-to-capability comparison error in
> riscv_iommu_validate_device_ctx.  The code was comparing fsc_mode (a
> value) against a capability bitmask, making the SV32 support check
> ineffective.
>
> This issue was discovered and reported by SpecHunter, an AI-driven
> architecture specification analysis tool.
>
> Link: https://github.com/yizishun/rv-isa-sec/blob/master/output/riscv-iommu/pr-694/qemu.txt
> Signed-off-by: Zishun Yi <vulab@iscas.ac.cn>

Thanks!

Applied to riscv-to-apply.next

Alistair

> ---
>  hw/riscv/riscv-iommu.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/hw/riscv/riscv-iommu.c b/hw/riscv/riscv-iommu.c
> index 7ba32405522b..ba6090e1078c 100644
> --- a/hw/riscv/riscv-iommu.c
> +++ b/hw/riscv/riscv-iommu.c
> @@ -777,7 +777,7 @@ static bool riscv_iommu_validate_device_ctx(RISCVIOMMUState *s,
>          }
>
>          if (ctx->tc & RISCV_IOMMU_DC_TC_SXL) {
> -            if (fsc_mode == RISCV_IOMMU_CAP_SV32 &&
> +            if (fsc_mode == RISCV_IOMMU_DC_FSC_IOSATP_MODE_SV32 &&
>                  !(s->cap & RISCV_IOMMU_CAP_SV32)) {
>                  return false;
>              }
> --
> 2.51.2
>
>

Re: [PATCH] hw/riscv/riscv-iommu: fix FSC SV32 capability check

Posted by Daniel Henrique Barboza 2 weeks, 2 days ago


On 5/11/2026 5:09 AM, Zishun Yi wrote:
> Fix a mode-to-capability comparison error in
> riscv_iommu_validate_device_ctx.  The code was comparing fsc_mode (a
> value) against a capability bitmask, making the SV32 support check
> ineffective.
> 
> This issue was discovered and reported by SpecHunter, an AI-driven
> architecture specification analysis tool.
> 
> Link: https://github.com/yizishun/rv-isa-sec/blob/master/output/riscv-iommu/pr-694/qemu.txt
> Signed-off-by: Zishun Yi <vulab@iscas.ac.cn>
> ---

Reviewed-by: Daniel Henrique Barboza <daniel.barboza@oss.qualcomm.com>

>   hw/riscv/riscv-iommu.c | 2 +-
>   1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/hw/riscv/riscv-iommu.c b/hw/riscv/riscv-iommu.c
> index 7ba32405522b..ba6090e1078c 100644
> --- a/hw/riscv/riscv-iommu.c
> +++ b/hw/riscv/riscv-iommu.c
> @@ -777,7 +777,7 @@ static bool riscv_iommu_validate_device_ctx(RISCVIOMMUState *s,
>           }
>   
>           if (ctx->tc & RISCV_IOMMU_DC_TC_SXL) {
> -            if (fsc_mode == RISCV_IOMMU_CAP_SV32 &&
> +            if (fsc_mode == RISCV_IOMMU_DC_FSC_IOSATP_MODE_SV32 &&
>                   !(s->cap & RISCV_IOMMU_CAP_SV32)) {
>                   return false;
>               }