xref: /openbmc/qemu/target/riscv/csr.c (revision 200280af0e19bfaeb9431eb0ee1ee2d8bf8d3a0a)
1 /*
2  * RISC-V Control and Status Registers.
3  *
4  * Copyright (c) 2016-2017 Sagar Karandikar, sagark@eecs.berkeley.edu
5  * Copyright (c) 2017-2018 SiFive, Inc.
6  *
7  * This program is free software; you can redistribute it and/or modify it
8  * under the terms and conditions of the GNU General Public License,
9  * version 2 or later, as published by the Free Software Foundation.
10  *
11  * This program is distributed in the hope it will be useful, but WITHOUT
12  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
14  * more details.
15  *
16  * You should have received a copy of the GNU General Public License along with
17  * this program.  If not, see <http://www.gnu.org/licenses/>.
18  */
19 
20 #include "qemu/osdep.h"
21 #include "qemu/log.h"
22 #include "cpu.h"
23 #include "qemu/main-loop.h"
24 #include "exec/exec-all.h"
25 
26 /* CSR function table */
27 static riscv_csr_operations csr_ops[];
28 
29 /* CSR function table constants */
30 enum {
31     CSR_TABLE_SIZE = 0x1000
32 };
33 
34 /* CSR function table public API */
35 void riscv_get_csr_ops(int csrno, riscv_csr_operations *ops)
36 {
37     *ops = csr_ops[csrno & (CSR_TABLE_SIZE - 1)];
38 }
39 
40 void riscv_set_csr_ops(int csrno, riscv_csr_operations *ops)
41 {
42     csr_ops[csrno & (CSR_TABLE_SIZE - 1)] = *ops;
43 }
44 
45 /* Predicates */
46 static int fs(CPURISCVState *env, int csrno)
47 {
48 #if !defined(CONFIG_USER_ONLY)
49     if (!(env->mstatus & MSTATUS_FS)) {
50         return -1;
51     }
52 #endif
53     return 0;
54 }
55 
56 static int ctr(CPURISCVState *env, int csrno)
57 {
58 #if !defined(CONFIG_USER_ONLY)
59     target_ulong ctr_en = env->priv == PRV_U ? env->scounteren :
60                           env->priv == PRV_S ? env->mcounteren : -1U;
61     if (!(ctr_en & (1 << (csrno & 31)))) {
62         return -1;
63     }
64 #endif
65     return 0;
66 }
67 
68 #if !defined(CONFIG_USER_ONLY)
69 static int any(CPURISCVState *env, int csrno)
70 {
71     return 0;
72 }
73 
74 static int smode(CPURISCVState *env, int csrno)
75 {
76     return -!riscv_has_ext(env, RVS);
77 }
78 
79 static int pmp(CPURISCVState *env, int csrno)
80 {
81     return -!riscv_feature(env, RISCV_FEATURE_PMP);
82 }
83 #endif
84 
85 /* User Floating-Point CSRs */
86 static int read_fflags(CPURISCVState *env, int csrno, target_ulong *val)
87 {
88 #if !defined(CONFIG_USER_ONLY)
89     if (!(env->mstatus & MSTATUS_FS)) {
90         return -1;
91     }
92 #endif
93     *val = cpu_riscv_get_fflags(env);
94     return 0;
95 }
96 
97 static int write_fflags(CPURISCVState *env, int csrno, target_ulong val)
98 {
99 #if !defined(CONFIG_USER_ONLY)
100     if (!(env->mstatus & MSTATUS_FS)) {
101         return -1;
102     }
103     env->mstatus |= MSTATUS_FS;
104 #endif
105     cpu_riscv_set_fflags(env, val & (FSR_AEXC >> FSR_AEXC_SHIFT));
106     return 0;
107 }
108 
109 static int read_frm(CPURISCVState *env, int csrno, target_ulong *val)
110 {
111 #if !defined(CONFIG_USER_ONLY)
112     if (!(env->mstatus & MSTATUS_FS)) {
113         return -1;
114     }
115 #endif
116     *val = env->frm;
117     return 0;
118 }
119 
120 static int write_frm(CPURISCVState *env, int csrno, target_ulong val)
121 {
122 #if !defined(CONFIG_USER_ONLY)
123     if (!(env->mstatus & MSTATUS_FS)) {
124         return -1;
125     }
126     env->mstatus |= MSTATUS_FS;
127 #endif
128     env->frm = val & (FSR_RD >> FSR_RD_SHIFT);
129     return 0;
130 }
131 
132 static int read_fcsr(CPURISCVState *env, int csrno, target_ulong *val)
133 {
134 #if !defined(CONFIG_USER_ONLY)
135     if (!(env->mstatus & MSTATUS_FS)) {
136         return -1;
137     }
138 #endif
139     *val = (cpu_riscv_get_fflags(env) << FSR_AEXC_SHIFT)
140         | (env->frm << FSR_RD_SHIFT);
141     return 0;
142 }
143 
144 static int write_fcsr(CPURISCVState *env, int csrno, target_ulong val)
145 {
146 #if !defined(CONFIG_USER_ONLY)
147     if (!(env->mstatus & MSTATUS_FS)) {
148         return -1;
149     }
150     env->mstatus |= MSTATUS_FS;
151 #endif
152     env->frm = (val & FSR_RD) >> FSR_RD_SHIFT;
153     cpu_riscv_set_fflags(env, (val & FSR_AEXC) >> FSR_AEXC_SHIFT);
154     return 0;
155 }
156 
157 /* User Timers and Counters */
158 static int read_instret(CPURISCVState *env, int csrno, target_ulong *val)
159 {
160 #if !defined(CONFIG_USER_ONLY)
161     if (use_icount) {
162         *val = cpu_get_icount();
163     } else {
164         *val = cpu_get_host_ticks();
165     }
166 #else
167     *val = cpu_get_host_ticks();
168 #endif
169     return 0;
170 }
171 
172 #if defined(TARGET_RISCV32)
173 static int read_instreth(CPURISCVState *env, int csrno, target_ulong *val)
174 {
175 #if !defined(CONFIG_USER_ONLY)
176     if (use_icount) {
177         *val = cpu_get_icount() >> 32;
178     } else {
179         *val = cpu_get_host_ticks() >> 32;
180     }
181 #else
182     *val = cpu_get_host_ticks() >> 32;
183 #endif
184     return 0;
185 }
186 #endif /* TARGET_RISCV32 */
187 
188 #if defined(CONFIG_USER_ONLY)
189 static int read_time(CPURISCVState *env, int csrno, target_ulong *val)
190 {
191     *val = cpu_get_host_ticks();
192     return 0;
193 }
194 
195 #if defined(TARGET_RISCV32)
196 static int read_timeh(CPURISCVState *env, int csrno, target_ulong *val)
197 {
198     *val = cpu_get_host_ticks() >> 32;
199     return 0;
200 }
201 #endif
202 
203 #else /* CONFIG_USER_ONLY */
204 
205 /* Machine constants */
206 
207 #define M_MODE_INTERRUPTS (MIP_MSIP | MIP_MTIP | MIP_MEIP)
208 #define S_MODE_INTERRUPTS (MIP_SSIP | MIP_STIP | MIP_SEIP)
209 
210 static const target_ulong delegable_ints = S_MODE_INTERRUPTS;
211 static const target_ulong all_ints = M_MODE_INTERRUPTS | S_MODE_INTERRUPTS;
212 static const target_ulong delegable_excps =
213     (1ULL << (RISCV_EXCP_INST_ADDR_MIS)) |
214     (1ULL << (RISCV_EXCP_INST_ACCESS_FAULT)) |
215     (1ULL << (RISCV_EXCP_ILLEGAL_INST)) |
216     (1ULL << (RISCV_EXCP_BREAKPOINT)) |
217     (1ULL << (RISCV_EXCP_LOAD_ADDR_MIS)) |
218     (1ULL << (RISCV_EXCP_LOAD_ACCESS_FAULT)) |
219     (1ULL << (RISCV_EXCP_STORE_AMO_ADDR_MIS)) |
220     (1ULL << (RISCV_EXCP_STORE_AMO_ACCESS_FAULT)) |
221     (1ULL << (RISCV_EXCP_U_ECALL)) |
222     (1ULL << (RISCV_EXCP_S_ECALL)) |
223     (1ULL << (RISCV_EXCP_H_ECALL)) |
224     (1ULL << (RISCV_EXCP_M_ECALL)) |
225     (1ULL << (RISCV_EXCP_INST_PAGE_FAULT)) |
226     (1ULL << (RISCV_EXCP_LOAD_PAGE_FAULT)) |
227     (1ULL << (RISCV_EXCP_STORE_PAGE_FAULT));
228 static const target_ulong sstatus_v1_9_mask = SSTATUS_SIE | SSTATUS_SPIE |
229     SSTATUS_UIE | SSTATUS_UPIE | SSTATUS_SPP | SSTATUS_FS | SSTATUS_XS |
230     SSTATUS_SUM | SSTATUS_SD;
231 static const target_ulong sstatus_v1_10_mask = SSTATUS_SIE | SSTATUS_SPIE |
232     SSTATUS_UIE | SSTATUS_UPIE | SSTATUS_SPP | SSTATUS_FS | SSTATUS_XS |
233     SSTATUS_SUM | SSTATUS_MXR | SSTATUS_SD;
234 
235 #if defined(TARGET_RISCV32)
236 static const char valid_vm_1_09[16] = {
237     [VM_1_09_MBARE] = 1,
238     [VM_1_09_SV32] = 1,
239 };
240 static const char valid_vm_1_10[16] = {
241     [VM_1_10_MBARE] = 1,
242     [VM_1_10_SV32] = 1
243 };
244 #elif defined(TARGET_RISCV64)
245 static const char valid_vm_1_09[16] = {
246     [VM_1_09_MBARE] = 1,
247     [VM_1_09_SV39] = 1,
248     [VM_1_09_SV48] = 1,
249 };
250 static const char valid_vm_1_10[16] = {
251     [VM_1_10_MBARE] = 1,
252     [VM_1_10_SV39] = 1,
253     [VM_1_10_SV48] = 1,
254     [VM_1_10_SV57] = 1
255 };
256 #endif /* CONFIG_USER_ONLY */
257 
258 /* Machine Information Registers */
259 static int read_zero(CPURISCVState *env, int csrno, target_ulong *val)
260 {
261     return *val = 0;
262 }
263 
264 static int read_mhartid(CPURISCVState *env, int csrno, target_ulong *val)
265 {
266     *val = env->mhartid;
267     return 0;
268 }
269 
270 /* Machine Trap Setup */
271 static int read_mstatus(CPURISCVState *env, int csrno, target_ulong *val)
272 {
273     *val = env->mstatus;
274     return 0;
275 }
276 
277 static int validate_vm(CPURISCVState *env, target_ulong vm)
278 {
279     return (env->priv_ver >= PRIV_VERSION_1_10_0) ?
280         valid_vm_1_10[vm & 0xf] : valid_vm_1_09[vm & 0xf];
281 }
282 
283 static int write_mstatus(CPURISCVState *env, int csrno, target_ulong val)
284 {
285     target_ulong mstatus = env->mstatus;
286     target_ulong mask = 0;
287     target_ulong mpp = get_field(val, MSTATUS_MPP);
288 
289     /* flush tlb on mstatus fields that affect VM */
290     if (env->priv_ver <= PRIV_VERSION_1_09_1) {
291         if ((val ^ mstatus) & (MSTATUS_MXR | MSTATUS_MPP |
292                 MSTATUS_MPRV | MSTATUS_SUM | MSTATUS_VM)) {
293             tlb_flush(CPU(riscv_env_get_cpu(env)));
294         }
295         mask = MSTATUS_SIE | MSTATUS_SPIE | MSTATUS_MIE | MSTATUS_MPIE |
296             MSTATUS_SPP | MSTATUS_FS | MSTATUS_MPRV | MSTATUS_SUM |
297             MSTATUS_MPP | MSTATUS_MXR |
298             (validate_vm(env, get_field(val, MSTATUS_VM)) ?
299                 MSTATUS_VM : 0);
300     }
301     if (env->priv_ver >= PRIV_VERSION_1_10_0) {
302         if ((val ^ mstatus) & (MSTATUS_MXR | MSTATUS_MPP |
303                 MSTATUS_MPRV | MSTATUS_SUM)) {
304             tlb_flush(CPU(riscv_env_get_cpu(env)));
305         }
306         mask = MSTATUS_SIE | MSTATUS_SPIE | MSTATUS_MIE | MSTATUS_MPIE |
307             MSTATUS_SPP | MSTATUS_FS | MSTATUS_MPRV | MSTATUS_SUM |
308             MSTATUS_MPP | MSTATUS_MXR;
309     }
310 
311     /* silenty discard mstatus.mpp writes for unsupported modes */
312     if (mpp == PRV_H ||
313         (!riscv_has_ext(env, RVS) && mpp == PRV_S) ||
314         (!riscv_has_ext(env, RVU) && mpp == PRV_U)) {
315         mask &= ~MSTATUS_MPP;
316     }
317 
318     mstatus = (mstatus & ~mask) | (val & mask);
319 
320     /* Note: this is a workaround for an issue where mstatus.FS
321        does not report dirty after floating point operations
322        that modify floating point state. This workaround is
323        technically compliant with the RISC-V Privileged
324        specification as it is legal to return only off, or dirty.
325        at the expense of extra floating point save/restore. */
326 
327     /* FP is always dirty or off */
328     if (mstatus & MSTATUS_FS) {
329         mstatus |= MSTATUS_FS;
330     }
331 
332     int dirty = ((mstatus & MSTATUS_FS) == MSTATUS_FS) |
333                 ((mstatus & MSTATUS_XS) == MSTATUS_XS);
334     mstatus = set_field(mstatus, MSTATUS_SD, dirty);
335     env->mstatus = mstatus;
336 
337     return 0;
338 }
339 
340 static int read_misa(CPURISCVState *env, int csrno, target_ulong *val)
341 {
342     *val = env->misa;
343     return 0;
344 }
345 
346 static int read_medeleg(CPURISCVState *env, int csrno, target_ulong *val)
347 {
348     *val = env->medeleg;
349     return 0;
350 }
351 
352 static int write_medeleg(CPURISCVState *env, int csrno, target_ulong val)
353 {
354     env->medeleg = (env->medeleg & ~delegable_excps) | (val & delegable_excps);
355     return 0;
356 }
357 
358 static int read_mideleg(CPURISCVState *env, int csrno, target_ulong *val)
359 {
360     *val = env->mideleg;
361     return 0;
362 }
363 
364 static int write_mideleg(CPURISCVState *env, int csrno, target_ulong val)
365 {
366     env->mideleg = (env->mideleg & ~delegable_ints) | (val & delegable_ints);
367     return 0;
368 }
369 
370 static int read_mie(CPURISCVState *env, int csrno, target_ulong *val)
371 {
372     *val = env->mie;
373     return 0;
374 }
375 
376 static int write_mie(CPURISCVState *env, int csrno, target_ulong val)
377 {
378     env->mie = (env->mie & ~all_ints) | (val & all_ints);
379     return 0;
380 }
381 
382 static int read_mtvec(CPURISCVState *env, int csrno, target_ulong *val)
383 {
384     *val = env->mtvec;
385     return 0;
386 }
387 
388 static int write_mtvec(CPURISCVState *env, int csrno, target_ulong val)
389 {
390     /* bits [1:0] encode mode; 0 = direct, 1 = vectored, 2 >= reserved */
391     if ((val & 3) == 0) {
392         env->mtvec = val >> 2 << 2;
393     } else {
394         qemu_log_mask(LOG_UNIMP, "CSR_MTVEC: vectored traps not supported");
395     }
396     return 0;
397 }
398 
399 static int read_mcounteren(CPURISCVState *env, int csrno, target_ulong *val)
400 {
401     if (env->priv_ver < PRIV_VERSION_1_10_0) {
402         return -1;
403     }
404     *val = env->mcounteren;
405     return 0;
406 }
407 
408 static int write_mcounteren(CPURISCVState *env, int csrno, target_ulong val)
409 {
410     if (env->priv_ver < PRIV_VERSION_1_10_0) {
411         return -1;
412     }
413     env->mcounteren = val;
414     return 0;
415 }
416 
417 static int read_mscounteren(CPURISCVState *env, int csrno, target_ulong *val)
418 {
419     if (env->priv_ver > PRIV_VERSION_1_09_1) {
420         return -1;
421     }
422     *val = env->mcounteren;
423     return 0;
424 }
425 
426 static int write_mscounteren(CPURISCVState *env, int csrno, target_ulong val)
427 {
428     if (env->priv_ver > PRIV_VERSION_1_09_1) {
429         return -1;
430     }
431     env->mcounteren = val;
432     return 0;
433 }
434 
435 static int read_mucounteren(CPURISCVState *env, int csrno, target_ulong *val)
436 {
437     if (env->priv_ver > PRIV_VERSION_1_09_1) {
438         return -1;
439     }
440     *val = env->scounteren;
441     return 0;
442 }
443 
444 static int write_mucounteren(CPURISCVState *env, int csrno, target_ulong val)
445 {
446     if (env->priv_ver > PRIV_VERSION_1_09_1) {
447         return -1;
448     }
449     env->scounteren = val;
450     return 0;
451 }
452 
453 /* Machine Trap Handling */
454 static int read_mscratch(CPURISCVState *env, int csrno, target_ulong *val)
455 {
456     *val = env->mscratch;
457     return 0;
458 }
459 
460 static int write_mscratch(CPURISCVState *env, int csrno, target_ulong val)
461 {
462     env->mscratch = val;
463     return 0;
464 }
465 
466 static int read_mepc(CPURISCVState *env, int csrno, target_ulong *val)
467 {
468     *val = env->mepc;
469     return 0;
470 }
471 
472 static int write_mepc(CPURISCVState *env, int csrno, target_ulong val)
473 {
474     env->mepc = val;
475     return 0;
476 }
477 
478 static int read_mcause(CPURISCVState *env, int csrno, target_ulong *val)
479 {
480     *val = env->mcause;
481     return 0;
482 }
483 
484 static int write_mcause(CPURISCVState *env, int csrno, target_ulong val)
485 {
486     env->mcause = val;
487     return 0;
488 }
489 
490 static int read_mbadaddr(CPURISCVState *env, int csrno, target_ulong *val)
491 {
492     *val = env->mbadaddr;
493     return 0;
494 }
495 
496 static int write_mbadaddr(CPURISCVState *env, int csrno, target_ulong val)
497 {
498     env->mbadaddr = val;
499     return 0;
500 }
501 
502 static int rmw_mip(CPURISCVState *env, int csrno, target_ulong *ret_value,
503                    target_ulong new_value, target_ulong write_mask)
504 {
505     RISCVCPU *cpu = riscv_env_get_cpu(env);
506     target_ulong mask = write_mask & delegable_ints;
507     uint32_t old_mip;
508 
509     /* We can't allow the supervisor to control SEIP as this would allow the
510      * supervisor to clear a pending external interrupt which will result in
511      * lost a interrupt in the case a PLIC is attached. The SEIP bit must be
512      * hardware controlled when a PLIC is attached. This should be an option
513      * for CPUs with software-delegated Supervisor External Interrupts. */
514     mask &= ~MIP_SEIP;
515 
516     if (mask) {
517         qemu_mutex_lock_iothread();
518         old_mip = riscv_cpu_update_mip(cpu, mask, (new_value & mask));
519         qemu_mutex_unlock_iothread();
520     } else {
521         old_mip = atomic_read(&env->mip);
522     }
523 
524     if (ret_value) {
525         *ret_value = old_mip;
526     }
527 
528     return 0;
529 }
530 
531 /* Supervisor Trap Setup */
532 static int read_sstatus(CPURISCVState *env, int csrno, target_ulong *val)
533 {
534     target_ulong mask = ((env->priv_ver >= PRIV_VERSION_1_10_0) ?
535                          sstatus_v1_10_mask : sstatus_v1_9_mask);
536     *val = env->mstatus & mask;
537     return 0;
538 }
539 
540 static int write_sstatus(CPURISCVState *env, int csrno, target_ulong val)
541 {
542     target_ulong mask = ((env->priv_ver >= PRIV_VERSION_1_10_0) ?
543                          sstatus_v1_10_mask : sstatus_v1_9_mask);
544     target_ulong newval = (env->mstatus & ~mask) | (val & mask);
545     return write_mstatus(env, CSR_MSTATUS, newval);
546 }
547 
548 static int read_sie(CPURISCVState *env, int csrno, target_ulong *val)
549 {
550     *val = env->mie & env->mideleg;
551     return 0;
552 }
553 
554 static int write_sie(CPURISCVState *env, int csrno, target_ulong val)
555 {
556     target_ulong newval = (env->mie & ~env->mideleg) | (val & env->mideleg);
557     return write_mie(env, CSR_MIE, newval);
558 }
559 
560 static int read_stvec(CPURISCVState *env, int csrno, target_ulong *val)
561 {
562     *val = env->stvec;
563     return 0;
564 }
565 
566 static int write_stvec(CPURISCVState *env, int csrno, target_ulong val)
567 {
568     /* bits [1:0] encode mode; 0 = direct, 1 = vectored, 2 >= reserved */
569     if ((val & 3) == 0) {
570         env->stvec = val >> 2 << 2;
571     } else {
572         qemu_log_mask(LOG_UNIMP, "CSR_STVEC: vectored traps not supported");
573     }
574     return 0;
575 }
576 
577 static int read_scounteren(CPURISCVState *env, int csrno, target_ulong *val)
578 {
579     if (env->priv_ver < PRIV_VERSION_1_10_0) {
580         return -1;
581     }
582     *val = env->scounteren;
583     return 0;
584 }
585 
586 static int write_scounteren(CPURISCVState *env, int csrno, target_ulong val)
587 {
588     if (env->priv_ver < PRIV_VERSION_1_10_0) {
589         return -1;
590     }
591     env->scounteren = val;
592     return 0;
593 }
594 
595 /* Supervisor Trap Handling */
596 static int read_sscratch(CPURISCVState *env, int csrno, target_ulong *val)
597 {
598     *val = env->sscratch;
599     return 0;
600 }
601 
602 static int write_sscratch(CPURISCVState *env, int csrno, target_ulong val)
603 {
604     env->sscratch = val;
605     return 0;
606 }
607 
608 static int read_sepc(CPURISCVState *env, int csrno, target_ulong *val)
609 {
610     *val = env->sepc;
611     return 0;
612 }
613 
614 static int write_sepc(CPURISCVState *env, int csrno, target_ulong val)
615 {
616     env->sepc = val;
617     return 0;
618 }
619 
620 static int read_scause(CPURISCVState *env, int csrno, target_ulong *val)
621 {
622     *val = env->scause;
623     return 0;
624 }
625 
626 static int write_scause(CPURISCVState *env, int csrno, target_ulong val)
627 {
628     env->scause = val;
629     return 0;
630 }
631 
632 static int read_sbadaddr(CPURISCVState *env, int csrno, target_ulong *val)
633 {
634     *val = env->sbadaddr;
635     return 0;
636 }
637 
638 static int write_sbadaddr(CPURISCVState *env, int csrno, target_ulong val)
639 {
640     env->sbadaddr = val;
641     return 0;
642 }
643 
644 static int rmw_sip(CPURISCVState *env, int csrno, target_ulong *ret_value,
645                    target_ulong new_value, target_ulong write_mask)
646 {
647     return rmw_mip(env, CSR_MSTATUS, ret_value, new_value,
648                    write_mask & env->mideleg);
649 }
650 
651 /* Supervisor Protection and Translation */
652 static int read_satp(CPURISCVState *env, int csrno, target_ulong *val)
653 {
654     if (!riscv_feature(env, RISCV_FEATURE_MMU)) {
655         *val = 0;
656     } else if (env->priv_ver >= PRIV_VERSION_1_10_0) {
657         *val = env->satp;
658     } else {
659         *val = env->sptbr;
660     }
661     return 0;
662 }
663 
664 static int write_satp(CPURISCVState *env, int csrno, target_ulong val)
665 {
666     if (!riscv_feature(env, RISCV_FEATURE_MMU)) {
667         return 0;
668     }
669     if (env->priv_ver <= PRIV_VERSION_1_09_1 && (val ^ env->sptbr)) {
670         tlb_flush(CPU(riscv_env_get_cpu(env)));
671         env->sptbr = val & (((target_ulong)
672             1 << (TARGET_PHYS_ADDR_SPACE_BITS - PGSHIFT)) - 1);
673     }
674     if (env->priv_ver >= PRIV_VERSION_1_10_0 &&
675         validate_vm(env, get_field(val, SATP_MODE)) &&
676         ((val ^ env->satp) & (SATP_MODE | SATP_ASID | SATP_PPN)))
677     {
678         tlb_flush(CPU(riscv_env_get_cpu(env)));
679         env->satp = val;
680     }
681     return 0;
682 }
683 
684 /* Physical Memory Protection */
685 static int read_pmpcfg(CPURISCVState *env, int csrno, target_ulong *val)
686 {
687     *val = pmpcfg_csr_read(env, csrno - CSR_PMPCFG0);
688     return 0;
689 }
690 
691 static int write_pmpcfg(CPURISCVState *env, int csrno, target_ulong val)
692 {
693     pmpcfg_csr_write(env, csrno - CSR_PMPCFG0, val);
694     return 0;
695 }
696 
697 static int read_pmpaddr(CPURISCVState *env, int csrno, target_ulong *val)
698 {
699     *val = pmpaddr_csr_read(env, csrno - CSR_PMPADDR0);
700     return 0;
701 }
702 
703 static int write_pmpaddr(CPURISCVState *env, int csrno, target_ulong val)
704 {
705     pmpaddr_csr_write(env, csrno - CSR_PMPADDR0, val);
706     return 0;
707 }
708 
709 #endif
710 
711 /*
712  * riscv_csrrw - read and/or update control and status register
713  *
714  * csrr   <->  riscv_csrrw(env, csrno, ret_value, 0, 0);
715  * csrrw  <->  riscv_csrrw(env, csrno, ret_value, value, -1);
716  * csrrs  <->  riscv_csrrw(env, csrno, ret_value, -1, value);
717  * csrrc  <->  riscv_csrrw(env, csrno, ret_value, 0, value);
718  */
719 
720 int riscv_csrrw(CPURISCVState *env, int csrno, target_ulong *ret_value,
721                 target_ulong new_value, target_ulong write_mask)
722 {
723     int ret;
724     target_ulong old_value;
725 
726     /* check privileges and return -1 if check fails */
727 #if !defined(CONFIG_USER_ONLY)
728     int csr_priv = get_field(csrno, 0x300);
729     int read_only = get_field(csrno, 0xC00) == 3;
730     if ((write_mask && read_only) || (env->priv < csr_priv)) {
731         return -1;
732     }
733 #endif
734 
735     /* check predicate */
736     if (!csr_ops[csrno].predicate || csr_ops[csrno].predicate(env, csrno) < 0) {
737         return -1;
738     }
739 
740     /* execute combined read/write operation if it exists */
741     if (csr_ops[csrno].op) {
742         return csr_ops[csrno].op(env, csrno, ret_value, new_value, write_mask);
743     }
744 
745     /* if no accessor exists then return failure */
746     if (!csr_ops[csrno].read) {
747         return -1;
748     }
749 
750     /* read old value */
751     ret = csr_ops[csrno].read(env, csrno, &old_value);
752     if (ret < 0) {
753         return ret;
754     }
755 
756     /* write value if writable and write mask set, otherwise drop writes */
757     if (write_mask) {
758         new_value = (old_value & ~write_mask) | (new_value & write_mask);
759         if (csr_ops[csrno].write) {
760             ret = csr_ops[csrno].write(env, csrno, new_value);
761             if (ret < 0) {
762                 return ret;
763             }
764         }
765     }
766 
767     /* return old value */
768     if (ret_value) {
769         *ret_value = old_value;
770     }
771 
772     return 0;
773 }
774 
775 /* Control and Status Register function table */
776 static riscv_csr_operations csr_ops[CSR_TABLE_SIZE] = {
777     /* User Floating-Point CSRs */
778     [CSR_FFLAGS] =              { fs,   read_fflags,      write_fflags      },
779     [CSR_FRM] =                 { fs,   read_frm,         write_frm         },
780     [CSR_FCSR] =                { fs,   read_fcsr,        write_fcsr        },
781 
782     /* User Timers and Counters */
783     [CSR_CYCLE] =               { ctr,  read_instret                        },
784     [CSR_INSTRET] =             { ctr,  read_instret                        },
785 #if defined(TARGET_RISCV32)
786     [CSR_CYCLEH] =              { ctr,  read_instreth                       },
787     [CSR_INSTRETH] =            { ctr,  read_instreth                       },
788 #endif
789 
790     /* User-level time CSRs are only available in linux-user
791      * In privileged mode, the monitor emulates these CSRs */
792 #if defined(CONFIG_USER_ONLY)
793     [CSR_TIME] =                { ctr,  read_time                           },
794 #if defined(TARGET_RISCV32)
795     [CSR_TIMEH] =               { ctr,  read_timeh                          },
796 #endif
797 #endif
798 
799 #if !defined(CONFIG_USER_ONLY)
800     /* Machine Timers and Counters */
801     [CSR_MCYCLE] =              { any,  read_instret                        },
802     [CSR_MINSTRET] =            { any,  read_instret                        },
803 #if defined(TARGET_RISCV32)
804     [CSR_MCYCLEH] =             { any,  read_instreth                       },
805     [CSR_MINSTRETH] =           { any,  read_instreth                       },
806 #endif
807 
808     /* Machine Information Registers */
809     [CSR_MVENDORID] =           { any,  read_zero                           },
810     [CSR_MARCHID] =             { any,  read_zero                           },
811     [CSR_MIMPID] =              { any,  read_zero                           },
812     [CSR_MHARTID] =             { any,  read_mhartid                        },
813 
814     /* Machine Trap Setup */
815     [CSR_MSTATUS] =             { any,  read_mstatus,     write_mstatus     },
816     [CSR_MISA] =                { any,  read_misa                           },
817     [CSR_MIDELEG] =             { any,  read_mideleg,     write_mideleg     },
818     [CSR_MEDELEG] =             { any,  read_medeleg,     write_medeleg     },
819     [CSR_MIE] =                 { any,  read_mie,         write_mie         },
820     [CSR_MTVEC] =               { any,  read_mtvec,       write_mtvec       },
821     [CSR_MCOUNTEREN] =          { any,  read_mcounteren,  write_mcounteren  },
822 
823     /* Legacy Counter Setup (priv v1.9.1) */
824     [CSR_MUCOUNTEREN] =         { any,  read_mucounteren, write_mucounteren },
825     [CSR_MSCOUNTEREN] =         { any,  read_mscounteren, write_mscounteren },
826 
827     /* Machine Trap Handling */
828     [CSR_MSCRATCH] =            { any,  read_mscratch,    write_mscratch    },
829     [CSR_MEPC] =                { any,  read_mepc,        write_mepc        },
830     [CSR_MCAUSE] =              { any,  read_mcause,      write_mcause      },
831     [CSR_MBADADDR] =            { any,  read_mbadaddr,    write_mbadaddr    },
832     [CSR_MIP] =                 { any,  NULL,     NULL,     rmw_mip         },
833 
834     /* Supervisor Trap Setup */
835     [CSR_SSTATUS] =             { smode, read_sstatus,     write_sstatus     },
836     [CSR_SIE] =                 { smode, read_sie,         write_sie         },
837     [CSR_STVEC] =               { smode, read_stvec,       write_stvec       },
838     [CSR_SCOUNTEREN] =          { smode, read_scounteren,  write_scounteren  },
839 
840     /* Supervisor Trap Handling */
841     [CSR_SSCRATCH] =            { smode, read_sscratch,    write_sscratch    },
842     [CSR_SEPC] =                { smode, read_sepc,        write_sepc        },
843     [CSR_SCAUSE] =              { smode, read_scause,      write_scause      },
844     [CSR_SBADADDR] =            { smode, read_sbadaddr,    write_sbadaddr    },
845     [CSR_SIP] =                 { smode, NULL,     NULL,     rmw_sip         },
846 
847     /* Supervisor Protection and Translation */
848     [CSR_SATP] =                { smode, read_satp,        write_satp        },
849 
850     /* Physical Memory Protection */
851     [CSR_PMPCFG0  ... CSR_PMPADDR9] =  { pmp,   read_pmpcfg,  write_pmpcfg   },
852     [CSR_PMPADDR0 ... CSR_PMPADDR15] = { pmp,   read_pmpaddr, write_pmpaddr  },
853 
854     /* Performance Counters */
855     [CSR_HPMCOUNTER3   ... CSR_HPMCOUNTER31] =    { ctr,  read_zero          },
856     [CSR_MHPMCOUNTER3  ... CSR_MHPMCOUNTER31] =   { any,  read_zero          },
857     [CSR_MHPMEVENT3    ... CSR_MHPMEVENT31] =     { any,  read_zero          },
858 #if defined(TARGET_RISCV32)
859     [CSR_HPMCOUNTER3H  ... CSR_HPMCOUNTER31H] =   { ctr,  read_zero          },
860     [CSR_MHPMCOUNTER3H ... CSR_MHPMCOUNTER31H] =  { any,  read_zero          },
861 #endif
862 #endif /* !CONFIG_USER_ONLY */
863 };
864