Hi Chao,
I found a small issue in the reset_rom implementation in hw/riscv/k230.c.
> +static void k230_machine_done(Notifier *notifier, void *data)
> +{
> + ...
> + /* Mask ROM reset vector */
> + uint32_t reset_vec[] = {
> + /* 0x91200000: auipc t0, 0x0 */ 0x00000297,
> + /* 0x91200004: addi t0, t0, 36 # <trap> */ 0x02428293,
> + /* 0x91200008: csrw mtvec, t0 */ 0x30529073,
> + ...
> + /* trap: */
> + /* 0x91200030: j 0x91200030 # <trap> */ 0x0000006f,
> + };
> +
> + /* copy in the reset vector in little_endian byte order */
> + for (int i = 0; i < sizeof(reset_vec) >> 2; i++) {
> + reset_vec[i] = cpu_to_le32(reset_vec[i]);
> + }
> + rom_add_blob_fixed_as("mrom.reset", reset_vec, sizeof(reset_vec),
> + memmap[K230_DEV_BOOTROM].base,
> &address_space_memory);
> ...
> +}
It seems the offset for the trap handler is incorrect.
The instruction at 0x91200004 is addi t0, t0, 36. After the auipc at
0x91200000, this sets the value of t0 to 0x91200000 + 36 (0x91200024), which is
then written to the mtvec register.
However, the actual trap: label is located at offset 0x30 (0x91200030).
The immediate value in the addi instruction should probably be 48 (0x30)
instead of 36 (0x24) to point to the correct trap handler address.
Best regards,
Panda Jiang
