The RISC-V privileged specification requires SFENCE.W.INVAL and
SFENCE.INVAL.IR to raise an illegal instruction exception when executed
in U-mode. Check the current privilege mode during translation and reject these
instructions in U-mode, so they are reported as illegal instructions.

Resolves: https://gitlab.com/qemu-project/qemu/-/work_items/3493

Signed-off-by: Zephyr Li <fritchleybohrer@gmail.com>
---
 target/riscv/insn_trans/trans_svinval.c.inc | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/target/riscv/insn_trans/trans_svinval.c.inc b/target/riscv/insn_trans/trans_svinval.c.inc
index a06c3b214f..a9bf75c7e9 100644
--- a/target/riscv/insn_trans/trans_svinval.c.inc
+++ b/target/riscv/insn_trans/trans_svinval.c.inc
@@ -39,6 +39,10 @@ static bool trans_sfence_w_inval(DisasContext *ctx, arg_sfence_w_inval *a)
 {
     REQUIRE_SVINVAL(ctx);
     REQUIRE_EXT(ctx, RVS);
+
+    if (ctx->priv == PRV_U) {
+        return false;
+    }
     /* Do nothing currently */
     return true;
 }
@@ -47,6 +51,10 @@ static bool trans_sfence_inval_ir(DisasContext *ctx, arg_sfence_inval_ir *a)
 {
     REQUIRE_SVINVAL(ctx);
     REQUIRE_EXT(ctx, RVS);
+
+    if (ctx->priv == PRV_U) {
+        return false;
+    }
     /* Do nothing currently */
     return true;
 }
-- 
2.43.0

(note - my email was wrong in the CC)

On 5/21/2026 8:57 AM, Zephyr Li wrote:
> The RISC-V privileged specification requires SFENCE.W.INVAL and
> SFENCE.INVAL.IR to raise an illegal instruction exception when executed
> in U-mode. Check the current privilege mode during translation and reject these
> instructions in U-mode, so they are reported as illegal instructions.
> 
> Resolves: https://gitlab.com/qemu-project/qemu/-/work_items/3493
> 
> Signed-off-by: Zephyr Li <fritchleybohrer@gmail.com>
> ---

Reading the priv spec, right before the part that mentions sfence.w.inval and
sfence.inval.ir:

"SINVAL.VMA, HINVAL.VVMA, and HINVAL.GVMA require the same permissions
and raise the same exceptions as SFENCE.VMA, HFENCE.VVMA, and HFENCE.GVMA,
respectively. In particular, an attempt to execute any of these instructions
in U-mode always raises an illegal-instruction exception."

So it seems to me that all insns from trans_svinval.c.inc needs this same
U-mode check.

To avoid copy/pasting that if check, the file trans_xthread.c.inc has the
following macro:


/* Test if priv level is M or S. */
#define REQUIRE_PRIV_MS(ctx)                                    \
do {                                                            \
     if (ctx->priv == PRV_U) {                                   \
         return false;                                           \
     }                                                           \
} while (0)


I suggest doing the same here - adding the macro then doing a
"REQUIRE_PRIV_MS(ctx)" in the relevant insns.


Thanks,
Daniel





>   target/riscv/insn_trans/trans_svinval.c.inc | 8 ++++++++
>   1 file changed, 8 insertions(+)
> 
> diff --git a/target/riscv/insn_trans/trans_svinval.c.inc b/target/riscv/insn_trans/trans_svinval.c.inc
> index a06c3b214f..a9bf75c7e9 100644
> --- a/target/riscv/insn_trans/trans_svinval.c.inc
> +++ b/target/riscv/insn_trans/trans_svinval.c.inc
> @@ -39,6 +39,10 @@ static bool trans_sfence_w_inval(DisasContext *ctx, arg_sfence_w_inval *a)
>   {
>       REQUIRE_SVINVAL(ctx);
>       REQUIRE_EXT(ctx, RVS);
> +
> +    if (ctx->priv == PRV_U) {
> +        return false;
> +    }
>       /* Do nothing currently */
>       return true;
>   }
> @@ -47,6 +51,10 @@ static bool trans_sfence_inval_ir(DisasContext *ctx, arg_sfence_inval_ir *a)
>   {
>       REQUIRE_SVINVAL(ctx);
>       REQUIRE_EXT(ctx, RVS);
> +
> +    if (ctx->priv == PRV_U) {
> +        return false;
> +    }
>       /* Do nothing currently */
>       return true;
>   }