Hi Peng:
On 1/22/2026 5:31 PM, Peng Jiang wrote:
> Hi Chao,
>
> I found a small issue in the reset_rom implementation in hw/riscv/k230.c.
>
>> +static void k230_machine_done(Notifier *notifier, void *data)
>> +{
>> + ...
>> + /* Mask ROM reset vector */
>> + uint32_t reset_vec[] = {
>> + /* 0x91200000: auipc t0, 0x0 */ 0x00000297,
>> + /* 0x91200004: addi t0, t0, 36 # <trap> */ 0x02428293,
>> + /* 0x91200008: csrw mtvec, t0 */ 0x30529073,
>> + ...
>> + /* trap: */
>> + /* 0x91200030: j 0x91200030 # <trap> */ 0x0000006f,
>> + };
>> +
>> + /* copy in the reset vector in little_endian byte order */
>> + for (int i = 0; i < sizeof(reset_vec) >> 2; i++) {
>> + reset_vec[i] = cpu_to_le32(reset_vec[i]);
>> + }
>> + rom_add_blob_fixed_as("mrom.reset", reset_vec, sizeof(reset_vec),
>> + memmap[K230_DEV_BOOTROM].base,
>> &address_space_memory);
>> ...
>> +}
>
> It seems the offset for the trap handler is incorrect.
>
> The instruction at 0x91200004 is addi t0, t0, 36. After the auipc at
> 0x91200000, this sets the value of t0 to 0x91200000 + 36 (0x91200024), which
> is then written to the mtvec register.
>
> However, the actual trap: label is located at offset 0x30 (0x91200030).
>
> The immediate value in the addi instruction should probably be 48 (0x30)
> instead of 36 (0x24) to point to the correct trap handler address.
>
> Best regards,
> Panda Jiang
Thank you for reporting this bug. I will fix it in v5. :)
Thanks,
Chao
