In handle_scalar_misaligned_store/load, regs->epc is temporarily set to
0. And be restored in the first error path.  But it not restore for the
rest of the error path. This cause the epc corrupted.

Fix this by restore epc in fp error and copy_from_user error.

Fixes: 7c586a555a48 ("riscv: add floating point insn support to misaligned access emulation")
Fixes: 441381506ba7 ("riscv: misaligned: remove CONFIG_RISCV_M_MODE specific code")
Assisted-by: Gemini:gemini-3.1-pro
Signed-off-by: Zishun Yi <vulab@iscas.ac.cn>
---
Change in v3:
- Refactored error handling to use a centralized common error exit (goto
  out_restore_epc).

Change in v2:
- add Assisted-by tag

 arch/riscv/kernel/traps_misaligned.c | 32 +++++++++++++++++++---------
 1 file changed, 22 insertions(+), 10 deletions(-)

diff --git a/arch/riscv/kernel/traps_misaligned.c b/arch/riscv/kernel/traps_misaligned.c
index 2a27d3ff4ac6..21a3ceb1fae8 100644
--- a/arch/riscv/kernel/traps_misaligned.c
+++ b/arch/riscv/kernel/traps_misaligned.c
@@ -224,6 +224,7 @@ static int handle_scalar_misaligned_load(struct pt_regs *regs)
 	unsigned long insn;
 	unsigned long addr = regs->badaddr;
 	int fp = 0, shift = 0, len = 0;
+	int ret = -1;
 
 	perf_sw_event(PERF_COUNT_SW_ALIGNMENT_FAULTS, 1, regs, addr);
 
@@ -303,17 +304,18 @@ static int handle_scalar_misaligned_load(struct pt_regs *regs)
 		shift = 8 * (sizeof(ulong) - len);
 		insn = RVC_RS2S(insn) << SH_RD;
 	} else {
-		regs->epc = epc;
-		return -1;
+		goto out_restore_epc;
 	}
 
-	if (!IS_ENABLED(CONFIG_FPU) && fp)
-		return -EOPNOTSUPP;
+	if (!IS_ENABLED(CONFIG_FPU) && fp) {
+		ret = -EOPNOTSUPP;
+		goto out_restore_epc;
+	}
 
 	val.data_u64 = 0;
 	if (user_mode(regs)) {
 		if (copy_from_user(&val, (u8 __user *)addr, len))
-			return -1;
+			goto out_restore_epc;
 	} else {
 		memcpy(&val, (u8 *)addr, len);
 	}
@@ -328,6 +330,10 @@ static int handle_scalar_misaligned_load(struct pt_regs *regs)
 	regs->epc = epc + INSN_LEN(insn);
 
 	return 0;
+
+out_restore_epc:
+	regs->epc = epc;
+	return ret;
 }
 
 static int handle_scalar_misaligned_store(struct pt_regs *regs)
@@ -337,6 +343,7 @@ static int handle_scalar_misaligned_store(struct pt_regs *regs)
 	unsigned long insn;
 	unsigned long addr = regs->badaddr;
 	int len = 0, fp = 0;
+	int ret = -1;
 
 	perf_sw_event(PERF_COUNT_SW_ALIGNMENT_FAULTS, 1, regs, addr);
 
@@ -405,16 +412,17 @@ static int handle_scalar_misaligned_store(struct pt_regs *regs)
 		len = 2;
 		val.data_ulong = GET_RS2S(insn, regs);
 	} else {
-		regs->epc = epc;
-		return -1;
+		goto out_restore_epc;
 	}
 
-	if (!IS_ENABLED(CONFIG_FPU) && fp)
-		return -EOPNOTSUPP;
+	if (!IS_ENABLED(CONFIG_FPU) && fp) {
+		ret = -EOPNOTSUPP;
+		goto out_restore_epc;
+	}
 
 	if (user_mode(regs)) {
 		if (copy_to_user((u8 __user *)addr, &val, len))
-			return -1;
+			goto out_restore_epc;
 	} else {
 		memcpy((u8 *)addr, &val, len);
 	}
@@ -422,6 +430,10 @@ static int handle_scalar_misaligned_store(struct pt_regs *regs)
 	regs->epc = epc + INSN_LEN(insn);
 
 	return 0;
+
+out_restore_epc:
+	regs->epc = epc;
+	return ret;
 }
 
 int handle_misaligned_load(struct pt_regs *regs)
-- 
2.51.2

On Mon, 11 May 2026, Zishun Yi wrote:

> diff --git a/arch/riscv/kernel/traps_misaligned.c b/arch/riscv/kernel/traps_misaligned.c
> index 2a27d3ff4ac6..21a3ceb1fae8 100644
> --- a/arch/riscv/kernel/traps_misaligned.c
> +++ b/arch/riscv/kernel/traps_misaligned.c
> @@ -303,17 +304,18 @@ static int handle_scalar_misaligned_load(struct pt_regs *regs)
>  		shift = 8 * (sizeof(ulong) - len);
>  		insn = RVC_RS2S(insn) << SH_RD;
>  	} else {
> -		regs->epc = epc;
> -		return -1;
> +		goto out_restore_epc;
>  	}
>  
> -	if (!IS_ENABLED(CONFIG_FPU) && fp)
> -		return -EOPNOTSUPP;
> +	if (!IS_ENABLED(CONFIG_FPU) && fp) {
> +		ret = -EOPNOTSUPP;
> +		goto out_restore_epc;
> +	}

 Does it make sense to maintain this -EOPNOTSUPP special case given that 
this function does not otherwise make use of error numbers and the caller 
only checks whether the return value is nonzero?  Likewise for the store.

  Maciej