On Mon, May 11, 2026 at 11:17:19AM +0800, Zishun Yi wrote: > The Zicfilp extension adds the MLPE field to the mseccfg CSR. According > to the RISC-V Privileged Specification, mseccfg exists if any extension > that adds a field to it is implemented. > > Currently, the `have_mseccfg()` predicate function checks for Smepmp, > Zkr, and Smmpm, but misses Zicfilp. As a result, if a CPU is configured > with `zicfilp=true` but without the other extensions, accessing the > mseccfg CSR will incorrectly raise an illegal instruction exception. > > This patch adds the missing check for `ext_zicfilp` to ensure the CSR > is properly accessible when the Zicfilp extension is enabled. > > This issue was discovered and reported by SpecHunter, an AI-driven > architecture specification analysis tool. > > Link:https://github.com/yizishun/rv-isa-sec/blob/master/output/riscv-isa-manual/pr-2561/qemu.txt The `Link:` tag is missing a space after the colon.
> Signed-off-by: Zishun Yi <[email protected]> Reviewed-by: Chao Liu <[email protected]> Thanks, Chao > --- > v2: Removed mistakenly added #include "cpu_bits.h". > > target/riscv/csr.c | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/target/riscv/csr.c b/target/riscv/csr.c > index da366cf56271..e1cd4a299cb0 100644 > --- a/target/riscv/csr.c > +++ b/target/riscv/csr.c > @@ -783,6 +783,9 @@ static RISCVException have_mseccfg(CPURISCVState *env, > int csrno) > if (riscv_cpu_cfg(env)->ext_smmpm) { > return RISCV_EXCP_NONE; > } > + if (riscv_cpu_cfg(env)->ext_zicfilp) { > + return RISCV_EXCP_NONE; > + } > > return RISCV_EXCP_ILLEGAL_INST; > } > -- > 2.51.2 >
