Dear QEMU developers, I believe I have found a bug in QEMU 10.0.8 for the RISC-V virt machine. When the Sstc extension is enabled, a subsequent write to the satp CSR does not correctly end the Translation Block, causing the emulator to fail when trying to fetch the next instruction. The following minimal bare-metal code sequence causes the issue: # Enable Sstc for S-mode li t0, 1L << 63 csrw menvcfg, t0 li t0, 2 csrw mcounteren, t0
# switch to S-mode # Setup an identity page table (pt1 assumed valid) # Switch to the new page table sfence.vma zero, zero csrw satp, a0 # a0 holds the new satp value sfence.vma zero, zero # <--- QEMU fails to find this instruction Observed Behavior: The same code works perfectly if the Sstc enable sequence (the first 4 instructions) is removed. The same code does not work if the Sstc enable sequence (the first 4 instructions) is kept. It hangs and gdb says it could not find the instruction "sfenve.vma" after "csrw satp, a0". Thank you for your time and for maintaining this excellent emulator.
