From bb8136df698bd565ee4f6c18d26c50dee320bfe4 Mon Sep 17 00:00:00 2001 From: Pan Nengyuan Date: Tue, 10 Dec 2019 15:14:37 +0800 Subject: [PATCH 1/5] riscv/sifive_u: fix a memory leak in soc_realize() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Fix a minor memory leak in riscv_sifive_u_soc_realize() Reported-by: Euler Robot Signed-off-by: Pan Nengyuan Reviewed-by: Philippe Mathieu-Daudé Reviewed-by: Alistair Francis Signed-off-by: Palmer Dabbelt --- hw/riscv/sifive_u.c | 1 + 1 file changed, 1 insertion(+) diff --git a/hw/riscv/sifive_u.c b/hw/riscv/sifive_u.c index 0140e95732..0e12b3ccef 100644 --- a/hw/riscv/sifive_u.c +++ b/hw/riscv/sifive_u.c @@ -542,6 +542,7 @@ static void riscv_sifive_u_soc_realize(DeviceState *dev, Error **errp) SIFIVE_U_PLIC_CONTEXT_BASE, SIFIVE_U_PLIC_CONTEXT_STRIDE, memmap[SIFIVE_U_PLIC].size); + g_free(plic_hart_config); sifive_uart_create(system_memory, memmap[SIFIVE_U_UART0].base, serial_hd(0), qdev_get_gpio_in(DEVICE(s->plic), SIFIVE_U_UART0_IRQ)); sifive_uart_create(system_memory, memmap[SIFIVE_U_UART1].base, From a37f21c27d3e2342c2080aafd4cfe7e949612428 Mon Sep 17 00:00:00 2001 From: Yiting Wang Date: Fri, 3 Jan 2020 11:53:42 +0800 Subject: [PATCH 2/5] riscv: Set xPIE to 1 after xRET When executing an xRET instruction, supposing xPP holds the value y, xIE is set to xPIE; the privilege mode is changed to y; xPIE is set to 1. But QEMU sets xPIE to 0 incorrectly. Signed-off-by: Yiting Wang Reviewed-by: Bin Meng Tested-by: Bin Meng Reviewed-by: Alistair Francis Signed-off-by: Palmer Dabbelt --- target/riscv/op_helper.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/target/riscv/op_helper.c b/target/riscv/op_helper.c index 331cc36232..e87c9115bc 100644 --- a/target/riscv/op_helper.c +++ b/target/riscv/op_helper.c @@ -93,7 +93,7 @@ target_ulong helper_sret(CPURISCVState *env, target_ulong cpu_pc_deb) env->priv_ver >= PRIV_VERSION_1_10_0 ? MSTATUS_SIE : MSTATUS_UIE << prev_priv, get_field(mstatus, MSTATUS_SPIE)); - mstatus = set_field(mstatus, MSTATUS_SPIE, 0); + mstatus = set_field(mstatus, MSTATUS_SPIE, 1); mstatus = set_field(mstatus, MSTATUS_SPP, PRV_U); riscv_cpu_set_mode(env, prev_priv); env->mstatus = mstatus; @@ -118,7 +118,7 @@ target_ulong helper_mret(CPURISCVState *env, target_ulong cpu_pc_deb) env->priv_ver >= PRIV_VERSION_1_10_0 ? MSTATUS_MIE : MSTATUS_UIE << prev_priv, get_field(mstatus, MSTATUS_MPIE)); - mstatus = set_field(mstatus, MSTATUS_MPIE, 0); + mstatus = set_field(mstatus, MSTATUS_MPIE, 1); mstatus = set_field(mstatus, MSTATUS_MPP, PRV_U); riscv_cpu_set_mode(env, prev_priv); env->mstatus = mstatus; From 613fa160e19abe8e1fe44423fcfa8ec73d3d48e5 Mon Sep 17 00:00:00 2001 From: ShihPo Hung Date: Tue, 14 Jan 2020 22:17:31 -0800 Subject: [PATCH 3/5] target/riscv: Fix tb->flags FS status It was found that running libquantum on riscv-linux qemu produced an incorrect result. After investigation, FP registers are not saved during context switch due to incorrect mstatus.FS. In current implementation tb->flags merges all non-disabled state to dirty. This means the code in mark_fs_dirty in translate.c that handles initial and clean states is unreachable. This patch fixes it and is successfully tested with: libquantum Thanks to Richard for pointing out the actual bug. v3: remove the redundant condition v2: root cause FS problem Suggested-by: Richard Henderson Signed-off-by: ShihPo Hung Reviewed-by: Richard Henderson Signed-off-by: Palmer Dabbelt --- target/riscv/cpu.h | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/target/riscv/cpu.h b/target/riscv/cpu.h index e59343e13c..de0a8d893a 100644 --- a/target/riscv/cpu.h +++ b/target/riscv/cpu.h @@ -293,10 +293,7 @@ static inline void cpu_get_tb_cpu_state(CPURISCVState *env, target_ulong *pc, #ifdef CONFIG_USER_ONLY *flags = TB_FLAGS_MSTATUS_FS; #else - *flags = cpu_mmu_index(env, 0); - if (riscv_cpu_fp_enabled(env)) { - *flags |= TB_FLAGS_MSTATUS_FS; - } + *flags = cpu_mmu_index(env, 0) | (env->mstatus & MSTATUS_FS); #endif } From a59796eb6d59bbd74ce28ddbddb1b83e60674e96 Mon Sep 17 00:00:00 2001 From: ShihPo Hung Date: Tue, 14 Jan 2020 22:17:32 -0800 Subject: [PATCH 4/5] target/riscv: fsd/fsw doesn't dirty FP state Signed-off-by: ShihPo Hung Reviewed-by: Richard Henderson Reviewed-by: Alistair Francis Signed-off-by: Palmer Dabbelt --- target/riscv/insn_trans/trans_rvd.inc.c | 1 - target/riscv/insn_trans/trans_rvf.inc.c | 1 - 2 files changed, 2 deletions(-) diff --git a/target/riscv/insn_trans/trans_rvd.inc.c b/target/riscv/insn_trans/trans_rvd.inc.c index 393fa0248c..ea1044f13b 100644 --- a/target/riscv/insn_trans/trans_rvd.inc.c +++ b/target/riscv/insn_trans/trans_rvd.inc.c @@ -43,7 +43,6 @@ static bool trans_fsd(DisasContext *ctx, arg_fsd *a) tcg_gen_qemu_st_i64(cpu_fpr[a->rs2], t0, ctx->mem_idx, MO_TEQ); - mark_fs_dirty(ctx); tcg_temp_free(t0); return true; } diff --git a/target/riscv/insn_trans/trans_rvf.inc.c b/target/riscv/insn_trans/trans_rvf.inc.c index 172dbfa919..e23cd639a6 100644 --- a/target/riscv/insn_trans/trans_rvf.inc.c +++ b/target/riscv/insn_trans/trans_rvf.inc.c @@ -52,7 +52,6 @@ static bool trans_fsw(DisasContext *ctx, arg_fsw *a) tcg_gen_qemu_st_i64(cpu_fpr[a->rs2], t0, ctx->mem_idx, MO_TEUL); tcg_temp_free(t0); - mark_fs_dirty(ctx); return true; } From 82f014671cf057de51c4a577c9e2ad637dcec6f9 Mon Sep 17 00:00:00 2001 From: ShihPo Hung Date: Tue, 14 Jan 2020 22:17:33 -0800 Subject: [PATCH 5/5] target/riscv: update mstatus.SD when FS is set dirty remove the check becuase SD bit should summarize FS and XS fields unconditionally. Signed-off-by: ShihPo Hung Reviewed-by: Richard Henderson Reviewed-by: Alistair Francis Signed-off-by: Palmer Dabbelt --- target/riscv/csr.c | 3 +-- target/riscv/translate.c | 2 +- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/target/riscv/csr.c b/target/riscv/csr.c index da02f9f0b1..0e34c292c5 100644 --- a/target/riscv/csr.c +++ b/target/riscv/csr.c @@ -341,8 +341,7 @@ static int write_mstatus(CPURISCVState *env, int csrno, target_ulong val) mstatus = (mstatus & ~mask) | (val & mask); - dirty = (riscv_cpu_fp_enabled(env) && - ((mstatus & MSTATUS_FS) == MSTATUS_FS)) | + dirty = ((mstatus & MSTATUS_FS) == MSTATUS_FS) | ((mstatus & MSTATUS_XS) == MSTATUS_XS); mstatus = set_field(mstatus, MSTATUS_SD, dirty); env->mstatus = mstatus; diff --git a/target/riscv/translate.c b/target/riscv/translate.c index ab6a891dc3..8e40ed3ac4 100644 --- a/target/riscv/translate.c +++ b/target/riscv/translate.c @@ -394,7 +394,7 @@ static void mark_fs_dirty(DisasContext *ctx) tmp = tcg_temp_new(); tcg_gen_ld_tl(tmp, cpu_env, offsetof(CPURISCVState, mstatus)); - tcg_gen_ori_tl(tmp, tmp, MSTATUS_FS); + tcg_gen_ori_tl(tmp, tmp, MSTATUS_FS | MSTATUS_SD); tcg_gen_st_tl(tmp, cpu_env, offsetof(CPURISCVState, mstatus)); tcg_temp_free(tmp); }