Hi Alistair,
On 22/6/26 05:03, Alistair Francis wrote:
On Sun, Jun 21, 2026 at 10:48 PM ZhengXiang Qin
<[email protected]> wrote:
check_zicbom_access() currently treats any probe_access_flags() result
other than TLB_INVALID_MASK as a successful access. However, a result
with TLB_MMIO means that the target is MMIO-like and should not be
treated as a normal cache block management target.
Raise a store/AMO access fault for Zicbom accesses to MMIO-like regions
so that cbo.clean, cbo.flush and cbo.inval do not silently succeed on
non-cacheable/MMIO-like memory.
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/3501
Reviewed-by: Daniel Henrique Barboza <[email protected]>
Reviewed-by: Chao Liu <[email protected]>
Reviewed-by: Philippe Mathieu-Daudé <[email protected]>
Signed-off-by: ZhengXiang Qin <[email protected]>
Thanks!
Applied to riscv-to-apply.next
Alistair
---
Changes since v2:
- Add else before the success path for readability.
- Keep fault_addr as target_ulong since CPURISCVState::badaddr is target_ulong.
This is not true, the fields is uint64_t since this commit:
commit f2287c7020f36e2f13622d9635a968d6f6fb507d
Author: Anton Johansson <[email protected]>
Date: Wed May 20 14:53:43 2026 +0200
target/riscv: Fix size of badaddr and bins
Could you update the commit, or ask the contributor to repost,
or clean on top, please?
Thanks,
Phil.
- Add Philippe's Reviewed-by tag.
Changes since v1:
- Use a bit test for TLB_MMIO since probe_access_flags() returns a bitmask.
- Keep Reviewed-by tags from v1.
target/riscv/op_helper.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/target/riscv/op_helper.c b/target/riscv/op_helper.c
index 81873014cb..50fd1b73ea 100644
--- a/target/riscv/op_helper.c
+++ b/target/riscv/op_helper.c
@@ -218,6 +218,7 @@ static void check_zicbom_access(CPURISCVState *env,
void *phost;
int ret;
+ target_ulong fault_addr = address;
/* Mask off low-bits to align-down to the cache-block. */
address &= ~(cbomlen - 1);
@@ -235,7 +236,10 @@ static void check_zicbom_access(CPURISCVState *env,
*/
ret = probe_access_flags(env, address, cbomlen, MMU_DATA_LOAD,
mmu_idx, true, &phost, ra);
- if (ret != TLB_INVALID_MASK) {
+ if (ret & TLB_MMIO) {
+ env->badaddr = fault_addr;
+ riscv_raise_exception(env, RISCV_EXCP_STORE_AMO_ACCESS_FAULT, ra);
+ } else if (ret != TLB_INVALID_MASK) {
/* Success: readable */
return;
}
--
2.43.0