xref: /openbmc/qemu/target/riscv/csr.c (revision ca693d1c)
1 /*
2  * RISC-V Control and Status Registers.
3  *
4  * Copyright (c) 2016-2017 Sagar Karandikar, sagark@eecs.berkeley.edu
5  * Copyright (c) 2017-2018 SiFive, Inc.
6  *
7  * This program is free software; you can redistribute it and/or modify it
8  * under the terms and conditions of the GNU General Public License,
9  * version 2 or later, as published by the Free Software Foundation.
10  *
11  * This program is distributed in the hope it will be useful, but WITHOUT
12  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
14  * more details.
15  *
16  * You should have received a copy of the GNU General Public License along with
17  * this program.  If not, see <http://www.gnu.org/licenses/>.
18  */
19 
20 #include "qemu/osdep.h"
21 #include "qemu/log.h"
22 #include "cpu.h"
23 #include "qemu/main-loop.h"
24 #include "exec/exec-all.h"
25 
26 /* CSR function table */
27 static riscv_csr_operations csr_ops[];
28 
29 /* CSR function table constants */
30 enum {
31     CSR_TABLE_SIZE = 0x1000
32 };
33 
34 /* CSR function table public API */
35 void riscv_get_csr_ops(int csrno, riscv_csr_operations *ops)
36 {
37     *ops = csr_ops[csrno & (CSR_TABLE_SIZE - 1)];
38 }
39 
40 void riscv_set_csr_ops(int csrno, riscv_csr_operations *ops)
41 {
42     csr_ops[csrno & (CSR_TABLE_SIZE - 1)] = *ops;
43 }
44 
45 /* Predicates */
46 static int fs(CPURISCVState *env, int csrno)
47 {
48 #if !defined(CONFIG_USER_ONLY)
49     if (!env->debugger && !(env->mstatus & MSTATUS_FS)) {
50         return -1;
51     }
52 #endif
53     return 0;
54 }
55 
56 static int ctr(CPURISCVState *env, int csrno)
57 {
58 #if !defined(CONFIG_USER_ONLY)
59     uint32_t ctr_en = ~0u;
60 
61     if (env->priv < PRV_M) {
62         ctr_en &= env->mcounteren;
63     }
64     if (env->priv < PRV_S) {
65         ctr_en &= env->scounteren;
66     }
67     if (!(ctr_en & (1u << (csrno & 31)))) {
68         return -1;
69     }
70 #endif
71     return 0;
72 }
73 
74 #if !defined(CONFIG_USER_ONLY)
75 static int any(CPURISCVState *env, int csrno)
76 {
77     return 0;
78 }
79 
80 static int smode(CPURISCVState *env, int csrno)
81 {
82     return -!riscv_has_ext(env, RVS);
83 }
84 
85 static int pmp(CPURISCVState *env, int csrno)
86 {
87     return -!riscv_feature(env, RISCV_FEATURE_PMP);
88 }
89 #endif
90 
91 /* User Floating-Point CSRs */
92 static int read_fflags(CPURISCVState *env, int csrno, target_ulong *val)
93 {
94 #if !defined(CONFIG_USER_ONLY)
95     if (!env->debugger && !(env->mstatus & MSTATUS_FS)) {
96         return -1;
97     }
98 #endif
99     *val = riscv_cpu_get_fflags(env);
100     return 0;
101 }
102 
103 static int write_fflags(CPURISCVState *env, int csrno, target_ulong val)
104 {
105 #if !defined(CONFIG_USER_ONLY)
106     if (!env->debugger && !(env->mstatus & MSTATUS_FS)) {
107         return -1;
108     }
109     env->mstatus |= MSTATUS_FS;
110 #endif
111     riscv_cpu_set_fflags(env, val & (FSR_AEXC >> FSR_AEXC_SHIFT));
112     return 0;
113 }
114 
115 static int read_frm(CPURISCVState *env, int csrno, target_ulong *val)
116 {
117 #if !defined(CONFIG_USER_ONLY)
118     if (!env->debugger && !(env->mstatus & MSTATUS_FS)) {
119         return -1;
120     }
121 #endif
122     *val = env->frm;
123     return 0;
124 }
125 
126 static int write_frm(CPURISCVState *env, int csrno, target_ulong val)
127 {
128 #if !defined(CONFIG_USER_ONLY)
129     if (!env->debugger && !(env->mstatus & MSTATUS_FS)) {
130         return -1;
131     }
132     env->mstatus |= MSTATUS_FS;
133 #endif
134     env->frm = val & (FSR_RD >> FSR_RD_SHIFT);
135     return 0;
136 }
137 
138 static int read_fcsr(CPURISCVState *env, int csrno, target_ulong *val)
139 {
140 #if !defined(CONFIG_USER_ONLY)
141     if (!env->debugger && !(env->mstatus & MSTATUS_FS)) {
142         return -1;
143     }
144 #endif
145     *val = (riscv_cpu_get_fflags(env) << FSR_AEXC_SHIFT)
146         | (env->frm << FSR_RD_SHIFT);
147     return 0;
148 }
149 
150 static int write_fcsr(CPURISCVState *env, int csrno, target_ulong val)
151 {
152 #if !defined(CONFIG_USER_ONLY)
153     if (!env->debugger && !(env->mstatus & MSTATUS_FS)) {
154         return -1;
155     }
156     env->mstatus |= MSTATUS_FS;
157 #endif
158     env->frm = (val & FSR_RD) >> FSR_RD_SHIFT;
159     riscv_cpu_set_fflags(env, (val & FSR_AEXC) >> FSR_AEXC_SHIFT);
160     return 0;
161 }
162 
163 /* User Timers and Counters */
164 static int read_instret(CPURISCVState *env, int csrno, target_ulong *val)
165 {
166 #if !defined(CONFIG_USER_ONLY)
167     if (use_icount) {
168         *val = cpu_get_icount();
169     } else {
170         *val = cpu_get_host_ticks();
171     }
172 #else
173     *val = cpu_get_host_ticks();
174 #endif
175     return 0;
176 }
177 
178 #if defined(TARGET_RISCV32)
179 static int read_instreth(CPURISCVState *env, int csrno, target_ulong *val)
180 {
181 #if !defined(CONFIG_USER_ONLY)
182     if (use_icount) {
183         *val = cpu_get_icount() >> 32;
184     } else {
185         *val = cpu_get_host_ticks() >> 32;
186     }
187 #else
188     *val = cpu_get_host_ticks() >> 32;
189 #endif
190     return 0;
191 }
192 #endif /* TARGET_RISCV32 */
193 
194 #if defined(CONFIG_USER_ONLY)
195 static int read_time(CPURISCVState *env, int csrno, target_ulong *val)
196 {
197     *val = cpu_get_host_ticks();
198     return 0;
199 }
200 
201 #if defined(TARGET_RISCV32)
202 static int read_timeh(CPURISCVState *env, int csrno, target_ulong *val)
203 {
204     *val = cpu_get_host_ticks() >> 32;
205     return 0;
206 }
207 #endif
208 
209 #else /* CONFIG_USER_ONLY */
210 
211 /* Machine constants */
212 
213 #define M_MODE_INTERRUPTS (MIP_MSIP | MIP_MTIP | MIP_MEIP)
214 #define S_MODE_INTERRUPTS (MIP_SSIP | MIP_STIP | MIP_SEIP)
215 
216 static const target_ulong delegable_ints = S_MODE_INTERRUPTS;
217 static const target_ulong all_ints = M_MODE_INTERRUPTS | S_MODE_INTERRUPTS;
218 static const target_ulong delegable_excps =
219     (1ULL << (RISCV_EXCP_INST_ADDR_MIS)) |
220     (1ULL << (RISCV_EXCP_INST_ACCESS_FAULT)) |
221     (1ULL << (RISCV_EXCP_ILLEGAL_INST)) |
222     (1ULL << (RISCV_EXCP_BREAKPOINT)) |
223     (1ULL << (RISCV_EXCP_LOAD_ADDR_MIS)) |
224     (1ULL << (RISCV_EXCP_LOAD_ACCESS_FAULT)) |
225     (1ULL << (RISCV_EXCP_STORE_AMO_ADDR_MIS)) |
226     (1ULL << (RISCV_EXCP_STORE_AMO_ACCESS_FAULT)) |
227     (1ULL << (RISCV_EXCP_U_ECALL)) |
228     (1ULL << (RISCV_EXCP_S_ECALL)) |
229     (1ULL << (RISCV_EXCP_H_ECALL)) |
230     (1ULL << (RISCV_EXCP_M_ECALL)) |
231     (1ULL << (RISCV_EXCP_INST_PAGE_FAULT)) |
232     (1ULL << (RISCV_EXCP_LOAD_PAGE_FAULT)) |
233     (1ULL << (RISCV_EXCP_STORE_PAGE_FAULT));
234 static const target_ulong sstatus_v1_9_mask = SSTATUS_SIE | SSTATUS_SPIE |
235     SSTATUS_UIE | SSTATUS_UPIE | SSTATUS_SPP | SSTATUS_FS | SSTATUS_XS |
236     SSTATUS_SUM | SSTATUS_SD;
237 static const target_ulong sstatus_v1_10_mask = SSTATUS_SIE | SSTATUS_SPIE |
238     SSTATUS_UIE | SSTATUS_UPIE | SSTATUS_SPP | SSTATUS_FS | SSTATUS_XS |
239     SSTATUS_SUM | SSTATUS_MXR | SSTATUS_SD;
240 static const target_ulong sip_writable_mask = SIP_SSIP | MIP_USIP | MIP_UEIP;
241 
242 #if defined(TARGET_RISCV32)
243 static const char valid_vm_1_09[16] = {
244     [VM_1_09_MBARE] = 1,
245     [VM_1_09_SV32] = 1,
246 };
247 static const char valid_vm_1_10[16] = {
248     [VM_1_10_MBARE] = 1,
249     [VM_1_10_SV32] = 1
250 };
251 #elif defined(TARGET_RISCV64)
252 static const char valid_vm_1_09[16] = {
253     [VM_1_09_MBARE] = 1,
254     [VM_1_09_SV39] = 1,
255     [VM_1_09_SV48] = 1,
256 };
257 static const char valid_vm_1_10[16] = {
258     [VM_1_10_MBARE] = 1,
259     [VM_1_10_SV39] = 1,
260     [VM_1_10_SV48] = 1,
261     [VM_1_10_SV57] = 1
262 };
263 #endif /* CONFIG_USER_ONLY */
264 
265 /* Machine Information Registers */
266 static int read_zero(CPURISCVState *env, int csrno, target_ulong *val)
267 {
268     return *val = 0;
269 }
270 
271 static int read_mhartid(CPURISCVState *env, int csrno, target_ulong *val)
272 {
273     *val = env->mhartid;
274     return 0;
275 }
276 
277 /* Machine Trap Setup */
278 static int read_mstatus(CPURISCVState *env, int csrno, target_ulong *val)
279 {
280     *val = env->mstatus;
281     return 0;
282 }
283 
284 static int validate_vm(CPURISCVState *env, target_ulong vm)
285 {
286     return (env->priv_ver >= PRIV_VERSION_1_10_0) ?
287         valid_vm_1_10[vm & 0xf] : valid_vm_1_09[vm & 0xf];
288 }
289 
290 static int write_mstatus(CPURISCVState *env, int csrno, target_ulong val)
291 {
292     target_ulong mstatus = env->mstatus;
293     target_ulong mask = 0;
294 
295     /* flush tlb on mstatus fields that affect VM */
296     if (env->priv_ver <= PRIV_VERSION_1_09_1) {
297         if ((val ^ mstatus) & (MSTATUS_MXR | MSTATUS_MPP |
298                 MSTATUS_MPRV | MSTATUS_SUM | MSTATUS_VM)) {
299             tlb_flush(CPU(riscv_env_get_cpu(env)));
300         }
301         mask = MSTATUS_SIE | MSTATUS_SPIE | MSTATUS_MIE | MSTATUS_MPIE |
302             MSTATUS_SPP | MSTATUS_FS | MSTATUS_MPRV | MSTATUS_SUM |
303             MSTATUS_MPP | MSTATUS_MXR |
304             (validate_vm(env, get_field(val, MSTATUS_VM)) ?
305                 MSTATUS_VM : 0);
306     }
307     if (env->priv_ver >= PRIV_VERSION_1_10_0) {
308         if ((val ^ mstatus) & (MSTATUS_MXR | MSTATUS_MPP | MSTATUS_MPV |
309                 MSTATUS_MPRV | MSTATUS_SUM)) {
310             tlb_flush(CPU(riscv_env_get_cpu(env)));
311         }
312         mask = MSTATUS_SIE | MSTATUS_SPIE | MSTATUS_MIE | MSTATUS_MPIE |
313             MSTATUS_SPP | MSTATUS_FS | MSTATUS_MPRV | MSTATUS_SUM |
314             MSTATUS_MPP | MSTATUS_MXR | MSTATUS_TVM | MSTATUS_TSR |
315             MSTATUS_TW;
316 #if defined(TARGET_RISCV64)
317             /*
318              * RV32: MPV and MTL are not in mstatus. The current plan is to
319              * add them to mstatush. For now, we just don't support it.
320              */
321             mask |= MSTATUS_MPP | MSTATUS_MPV;
322 #endif
323     }
324 
325     mstatus = (mstatus & ~mask) | (val & mask);
326 
327     int dirty = ((mstatus & MSTATUS_FS) == MSTATUS_FS) |
328                 ((mstatus & MSTATUS_XS) == MSTATUS_XS);
329     mstatus = set_field(mstatus, MSTATUS_SD, dirty);
330     env->mstatus = mstatus;
331 
332     return 0;
333 }
334 
335 static int read_misa(CPURISCVState *env, int csrno, target_ulong *val)
336 {
337     *val = env->misa;
338     return 0;
339 }
340 
341 static int write_misa(CPURISCVState *env, int csrno, target_ulong val)
342 {
343     if (!riscv_feature(env, RISCV_FEATURE_MISA)) {
344         /* drop write to misa */
345         return 0;
346     }
347 
348     /* 'I' or 'E' must be present */
349     if (!(val & (RVI | RVE))) {
350         /* It is not, drop write to misa */
351         return 0;
352     }
353 
354     /* 'E' excludes all other extensions */
355     if (val & RVE) {
356         /* when we support 'E' we can do "val = RVE;" however
357          * for now we just drop writes if 'E' is present.
358          */
359         return 0;
360     }
361 
362     /* Mask extensions that are not supported by this hart */
363     val &= env->misa_mask;
364 
365     /* Mask extensions that are not supported by QEMU */
366     val &= (RVI | RVE | RVM | RVA | RVF | RVD | RVC | RVS | RVU);
367 
368     /* 'D' depends on 'F', so clear 'D' if 'F' is not present */
369     if ((val & RVD) && !(val & RVF)) {
370         val &= ~RVD;
371     }
372 
373     /* Suppress 'C' if next instruction is not aligned
374      * TODO: this should check next_pc
375      */
376     if ((val & RVC) && (GETPC() & ~3) != 0) {
377         val &= ~RVC;
378     }
379 
380     /* misa.MXL writes are not supported by QEMU */
381     val = (env->misa & MISA_MXL) | (val & ~MISA_MXL);
382 
383     /* flush translation cache */
384     if (val != env->misa) {
385         tb_flush(CPU(riscv_env_get_cpu(env)));
386     }
387 
388     env->misa = val;
389 
390     return 0;
391 }
392 
393 static int read_medeleg(CPURISCVState *env, int csrno, target_ulong *val)
394 {
395     *val = env->medeleg;
396     return 0;
397 }
398 
399 static int write_medeleg(CPURISCVState *env, int csrno, target_ulong val)
400 {
401     env->medeleg = (env->medeleg & ~delegable_excps) | (val & delegable_excps);
402     return 0;
403 }
404 
405 static int read_mideleg(CPURISCVState *env, int csrno, target_ulong *val)
406 {
407     *val = env->mideleg;
408     return 0;
409 }
410 
411 static int write_mideleg(CPURISCVState *env, int csrno, target_ulong val)
412 {
413     env->mideleg = (env->mideleg & ~delegable_ints) | (val & delegable_ints);
414     return 0;
415 }
416 
417 static int read_mie(CPURISCVState *env, int csrno, target_ulong *val)
418 {
419     *val = env->mie;
420     return 0;
421 }
422 
423 static int write_mie(CPURISCVState *env, int csrno, target_ulong val)
424 {
425     env->mie = (env->mie & ~all_ints) | (val & all_ints);
426     return 0;
427 }
428 
429 static int read_mtvec(CPURISCVState *env, int csrno, target_ulong *val)
430 {
431     *val = env->mtvec;
432     return 0;
433 }
434 
435 static int write_mtvec(CPURISCVState *env, int csrno, target_ulong val)
436 {
437     /* bits [1:0] encode mode; 0 = direct, 1 = vectored, 2 >= reserved */
438     if ((val & 3) < 2) {
439         env->mtvec = val;
440     } else {
441         qemu_log_mask(LOG_UNIMP, "CSR_MTVEC: reserved mode not supported\n");
442     }
443     return 0;
444 }
445 
446 static int read_mcounteren(CPURISCVState *env, int csrno, target_ulong *val)
447 {
448     if (env->priv_ver < PRIV_VERSION_1_10_0) {
449         return -1;
450     }
451     *val = env->mcounteren;
452     return 0;
453 }
454 
455 static int write_mcounteren(CPURISCVState *env, int csrno, target_ulong val)
456 {
457     if (env->priv_ver < PRIV_VERSION_1_10_0) {
458         return -1;
459     }
460     env->mcounteren = val;
461     return 0;
462 }
463 
464 static int read_mscounteren(CPURISCVState *env, int csrno, target_ulong *val)
465 {
466     if (env->priv_ver > PRIV_VERSION_1_09_1) {
467         return -1;
468     }
469     *val = env->mcounteren;
470     return 0;
471 }
472 
473 static int write_mscounteren(CPURISCVState *env, int csrno, target_ulong val)
474 {
475     if (env->priv_ver > PRIV_VERSION_1_09_1) {
476         return -1;
477     }
478     env->mcounteren = val;
479     return 0;
480 }
481 
482 static int read_mucounteren(CPURISCVState *env, int csrno, target_ulong *val)
483 {
484     if (env->priv_ver > PRIV_VERSION_1_09_1) {
485         return -1;
486     }
487     *val = env->scounteren;
488     return 0;
489 }
490 
491 static int write_mucounteren(CPURISCVState *env, int csrno, target_ulong val)
492 {
493     if (env->priv_ver > PRIV_VERSION_1_09_1) {
494         return -1;
495     }
496     env->scounteren = val;
497     return 0;
498 }
499 
500 /* Machine Trap Handling */
501 static int read_mscratch(CPURISCVState *env, int csrno, target_ulong *val)
502 {
503     *val = env->mscratch;
504     return 0;
505 }
506 
507 static int write_mscratch(CPURISCVState *env, int csrno, target_ulong val)
508 {
509     env->mscratch = val;
510     return 0;
511 }
512 
513 static int read_mepc(CPURISCVState *env, int csrno, target_ulong *val)
514 {
515     *val = env->mepc;
516     return 0;
517 }
518 
519 static int write_mepc(CPURISCVState *env, int csrno, target_ulong val)
520 {
521     env->mepc = val;
522     return 0;
523 }
524 
525 static int read_mcause(CPURISCVState *env, int csrno, target_ulong *val)
526 {
527     *val = env->mcause;
528     return 0;
529 }
530 
531 static int write_mcause(CPURISCVState *env, int csrno, target_ulong val)
532 {
533     env->mcause = val;
534     return 0;
535 }
536 
537 static int read_mbadaddr(CPURISCVState *env, int csrno, target_ulong *val)
538 {
539     *val = env->mbadaddr;
540     return 0;
541 }
542 
543 static int write_mbadaddr(CPURISCVState *env, int csrno, target_ulong val)
544 {
545     env->mbadaddr = val;
546     return 0;
547 }
548 
549 static int rmw_mip(CPURISCVState *env, int csrno, target_ulong *ret_value,
550                    target_ulong new_value, target_ulong write_mask)
551 {
552     RISCVCPU *cpu = riscv_env_get_cpu(env);
553     /* Allow software control of delegable interrupts not claimed by hardware */
554     target_ulong mask = write_mask & delegable_ints & ~env->miclaim;
555     uint32_t old_mip;
556 
557     if (mask) {
558         old_mip = riscv_cpu_update_mip(cpu, mask, (new_value & mask));
559     } else {
560         old_mip = atomic_read(&env->mip);
561     }
562 
563     if (ret_value) {
564         *ret_value = old_mip;
565     }
566 
567     return 0;
568 }
569 
570 /* Supervisor Trap Setup */
571 static int read_sstatus(CPURISCVState *env, int csrno, target_ulong *val)
572 {
573     target_ulong mask = ((env->priv_ver >= PRIV_VERSION_1_10_0) ?
574                          sstatus_v1_10_mask : sstatus_v1_9_mask);
575     *val = env->mstatus & mask;
576     return 0;
577 }
578 
579 static int write_sstatus(CPURISCVState *env, int csrno, target_ulong val)
580 {
581     target_ulong mask = ((env->priv_ver >= PRIV_VERSION_1_10_0) ?
582                          sstatus_v1_10_mask : sstatus_v1_9_mask);
583     target_ulong newval = (env->mstatus & ~mask) | (val & mask);
584     return write_mstatus(env, CSR_MSTATUS, newval);
585 }
586 
587 static int read_sie(CPURISCVState *env, int csrno, target_ulong *val)
588 {
589     *val = env->mie & env->mideleg;
590     return 0;
591 }
592 
593 static int write_sie(CPURISCVState *env, int csrno, target_ulong val)
594 {
595     target_ulong newval = (env->mie & ~env->mideleg) | (val & env->mideleg);
596     return write_mie(env, CSR_MIE, newval);
597 }
598 
599 static int read_stvec(CPURISCVState *env, int csrno, target_ulong *val)
600 {
601     *val = env->stvec;
602     return 0;
603 }
604 
605 static int write_stvec(CPURISCVState *env, int csrno, target_ulong val)
606 {
607     /* bits [1:0] encode mode; 0 = direct, 1 = vectored, 2 >= reserved */
608     if ((val & 3) < 2) {
609         env->stvec = val;
610     } else {
611         qemu_log_mask(LOG_UNIMP, "CSR_STVEC: reserved mode not supported\n");
612     }
613     return 0;
614 }
615 
616 static int read_scounteren(CPURISCVState *env, int csrno, target_ulong *val)
617 {
618     if (env->priv_ver < PRIV_VERSION_1_10_0) {
619         return -1;
620     }
621     *val = env->scounteren;
622     return 0;
623 }
624 
625 static int write_scounteren(CPURISCVState *env, int csrno, target_ulong val)
626 {
627     if (env->priv_ver < PRIV_VERSION_1_10_0) {
628         return -1;
629     }
630     env->scounteren = val;
631     return 0;
632 }
633 
634 /* Supervisor Trap Handling */
635 static int read_sscratch(CPURISCVState *env, int csrno, target_ulong *val)
636 {
637     *val = env->sscratch;
638     return 0;
639 }
640 
641 static int write_sscratch(CPURISCVState *env, int csrno, target_ulong val)
642 {
643     env->sscratch = val;
644     return 0;
645 }
646 
647 static int read_sepc(CPURISCVState *env, int csrno, target_ulong *val)
648 {
649     *val = env->sepc;
650     return 0;
651 }
652 
653 static int write_sepc(CPURISCVState *env, int csrno, target_ulong val)
654 {
655     env->sepc = val;
656     return 0;
657 }
658 
659 static int read_scause(CPURISCVState *env, int csrno, target_ulong *val)
660 {
661     *val = env->scause;
662     return 0;
663 }
664 
665 static int write_scause(CPURISCVState *env, int csrno, target_ulong val)
666 {
667     env->scause = val;
668     return 0;
669 }
670 
671 static int read_sbadaddr(CPURISCVState *env, int csrno, target_ulong *val)
672 {
673     *val = env->sbadaddr;
674     return 0;
675 }
676 
677 static int write_sbadaddr(CPURISCVState *env, int csrno, target_ulong val)
678 {
679     env->sbadaddr = val;
680     return 0;
681 }
682 
683 static int rmw_sip(CPURISCVState *env, int csrno, target_ulong *ret_value,
684                    target_ulong new_value, target_ulong write_mask)
685 {
686     int ret = rmw_mip(env, CSR_MSTATUS, ret_value, new_value,
687                       write_mask & env->mideleg & sip_writable_mask);
688     *ret_value &= env->mideleg;
689     return ret;
690 }
691 
692 /* Supervisor Protection and Translation */
693 static int read_satp(CPURISCVState *env, int csrno, target_ulong *val)
694 {
695     if (!riscv_feature(env, RISCV_FEATURE_MMU)) {
696         *val = 0;
697     } else if (env->priv_ver >= PRIV_VERSION_1_10_0) {
698         if (env->priv == PRV_S && get_field(env->mstatus, MSTATUS_TVM)) {
699             return -1;
700         } else {
701             *val = env->satp;
702         }
703     } else {
704         *val = env->sptbr;
705     }
706     return 0;
707 }
708 
709 static int write_satp(CPURISCVState *env, int csrno, target_ulong val)
710 {
711     if (!riscv_feature(env, RISCV_FEATURE_MMU)) {
712         return 0;
713     }
714     if (env->priv_ver <= PRIV_VERSION_1_09_1 && (val ^ env->sptbr)) {
715         tlb_flush(CPU(riscv_env_get_cpu(env)));
716         env->sptbr = val & (((target_ulong)
717             1 << (TARGET_PHYS_ADDR_SPACE_BITS - PGSHIFT)) - 1);
718     }
719     if (env->priv_ver >= PRIV_VERSION_1_10_0 &&
720         validate_vm(env, get_field(val, SATP_MODE)) &&
721         ((val ^ env->satp) & (SATP_MODE | SATP_ASID | SATP_PPN)))
722     {
723         if (env->priv == PRV_S && get_field(env->mstatus, MSTATUS_TVM)) {
724             return -1;
725         } else {
726             if((val ^ env->satp) & SATP_ASID) {
727                 tlb_flush(CPU(riscv_env_get_cpu(env)));
728             }
729             env->satp = val;
730         }
731     }
732     return 0;
733 }
734 
735 /* Physical Memory Protection */
736 static int read_pmpcfg(CPURISCVState *env, int csrno, target_ulong *val)
737 {
738     *val = pmpcfg_csr_read(env, csrno - CSR_PMPCFG0);
739     return 0;
740 }
741 
742 static int write_pmpcfg(CPURISCVState *env, int csrno, target_ulong val)
743 {
744     pmpcfg_csr_write(env, csrno - CSR_PMPCFG0, val);
745     return 0;
746 }
747 
748 static int read_pmpaddr(CPURISCVState *env, int csrno, target_ulong *val)
749 {
750     *val = pmpaddr_csr_read(env, csrno - CSR_PMPADDR0);
751     return 0;
752 }
753 
754 static int write_pmpaddr(CPURISCVState *env, int csrno, target_ulong val)
755 {
756     pmpaddr_csr_write(env, csrno - CSR_PMPADDR0, val);
757     return 0;
758 }
759 
760 #endif
761 
762 /*
763  * riscv_csrrw - read and/or update control and status register
764  *
765  * csrr   <->  riscv_csrrw(env, csrno, ret_value, 0, 0);
766  * csrrw  <->  riscv_csrrw(env, csrno, ret_value, value, -1);
767  * csrrs  <->  riscv_csrrw(env, csrno, ret_value, -1, value);
768  * csrrc  <->  riscv_csrrw(env, csrno, ret_value, 0, value);
769  */
770 
771 int riscv_csrrw(CPURISCVState *env, int csrno, target_ulong *ret_value,
772                 target_ulong new_value, target_ulong write_mask)
773 {
774     int ret;
775     target_ulong old_value;
776 
777     /* check privileges and return -1 if check fails */
778 #if !defined(CONFIG_USER_ONLY)
779     int csr_priv = get_field(csrno, 0x300);
780     int read_only = get_field(csrno, 0xC00) == 3;
781     if ((write_mask && read_only) || (env->priv < csr_priv)) {
782         return -1;
783     }
784 #endif
785 
786     /* check predicate */
787     if (!csr_ops[csrno].predicate || csr_ops[csrno].predicate(env, csrno) < 0) {
788         return -1;
789     }
790 
791     /* execute combined read/write operation if it exists */
792     if (csr_ops[csrno].op) {
793         return csr_ops[csrno].op(env, csrno, ret_value, new_value, write_mask);
794     }
795 
796     /* if no accessor exists then return failure */
797     if (!csr_ops[csrno].read) {
798         return -1;
799     }
800 
801     /* read old value */
802     ret = csr_ops[csrno].read(env, csrno, &old_value);
803     if (ret < 0) {
804         return ret;
805     }
806 
807     /* write value if writable and write mask set, otherwise drop writes */
808     if (write_mask) {
809         new_value = (old_value & ~write_mask) | (new_value & write_mask);
810         if (csr_ops[csrno].write) {
811             ret = csr_ops[csrno].write(env, csrno, new_value);
812             if (ret < 0) {
813                 return ret;
814             }
815         }
816     }
817 
818     /* return old value */
819     if (ret_value) {
820         *ret_value = old_value;
821     }
822 
823     return 0;
824 }
825 
826 /*
827  * Debugger support.  If not in user mode, set env->debugger before the
828  * riscv_csrrw call and clear it after the call.
829  */
830 int riscv_csrrw_debug(CPURISCVState *env, int csrno, target_ulong *ret_value,
831                 target_ulong new_value, target_ulong write_mask)
832 {
833     int ret;
834 #if !defined(CONFIG_USER_ONLY)
835     env->debugger = true;
836 #endif
837     ret = riscv_csrrw(env, csrno, ret_value, new_value, write_mask);
838 #if !defined(CONFIG_USER_ONLY)
839     env->debugger = false;
840 #endif
841     return ret;
842 }
843 
844 /* Control and Status Register function table */
845 static riscv_csr_operations csr_ops[CSR_TABLE_SIZE] = {
846     /* User Floating-Point CSRs */
847     [CSR_FFLAGS] =              { fs,   read_fflags,      write_fflags      },
848     [CSR_FRM] =                 { fs,   read_frm,         write_frm         },
849     [CSR_FCSR] =                { fs,   read_fcsr,        write_fcsr        },
850 
851     /* User Timers and Counters */
852     [CSR_CYCLE] =               { ctr,  read_instret                        },
853     [CSR_INSTRET] =             { ctr,  read_instret                        },
854 #if defined(TARGET_RISCV32)
855     [CSR_CYCLEH] =              { ctr,  read_instreth                       },
856     [CSR_INSTRETH] =            { ctr,  read_instreth                       },
857 #endif
858 
859     /* User-level time CSRs are only available in linux-user
860      * In privileged mode, the monitor emulates these CSRs */
861 #if defined(CONFIG_USER_ONLY)
862     [CSR_TIME] =                { ctr,  read_time                           },
863 #if defined(TARGET_RISCV32)
864     [CSR_TIMEH] =               { ctr,  read_timeh                          },
865 #endif
866 #endif
867 
868 #if !defined(CONFIG_USER_ONLY)
869     /* Machine Timers and Counters */
870     [CSR_MCYCLE] =              { any,  read_instret                        },
871     [CSR_MINSTRET] =            { any,  read_instret                        },
872 #if defined(TARGET_RISCV32)
873     [CSR_MCYCLEH] =             { any,  read_instreth                       },
874     [CSR_MINSTRETH] =           { any,  read_instreth                       },
875 #endif
876 
877     /* Machine Information Registers */
878     [CSR_MVENDORID] =           { any,  read_zero                           },
879     [CSR_MARCHID] =             { any,  read_zero                           },
880     [CSR_MIMPID] =              { any,  read_zero                           },
881     [CSR_MHARTID] =             { any,  read_mhartid                        },
882 
883     /* Machine Trap Setup */
884     [CSR_MSTATUS] =             { any,  read_mstatus,     write_mstatus     },
885     [CSR_MISA] =                { any,  read_misa,        write_misa        },
886     [CSR_MIDELEG] =             { any,  read_mideleg,     write_mideleg     },
887     [CSR_MEDELEG] =             { any,  read_medeleg,     write_medeleg     },
888     [CSR_MIE] =                 { any,  read_mie,         write_mie         },
889     [CSR_MTVEC] =               { any,  read_mtvec,       write_mtvec       },
890     [CSR_MCOUNTEREN] =          { any,  read_mcounteren,  write_mcounteren  },
891 
892     /* Legacy Counter Setup (priv v1.9.1) */
893     [CSR_MUCOUNTEREN] =         { any,  read_mucounteren, write_mucounteren },
894     [CSR_MSCOUNTEREN] =         { any,  read_mscounteren, write_mscounteren },
895 
896     /* Machine Trap Handling */
897     [CSR_MSCRATCH] =            { any,  read_mscratch,    write_mscratch    },
898     [CSR_MEPC] =                { any,  read_mepc,        write_mepc        },
899     [CSR_MCAUSE] =              { any,  read_mcause,      write_mcause      },
900     [CSR_MBADADDR] =            { any,  read_mbadaddr,    write_mbadaddr    },
901     [CSR_MIP] =                 { any,  NULL,     NULL,     rmw_mip         },
902 
903     /* Supervisor Trap Setup */
904     [CSR_SSTATUS] =             { smode, read_sstatus,     write_sstatus     },
905     [CSR_SIE] =                 { smode, read_sie,         write_sie         },
906     [CSR_STVEC] =               { smode, read_stvec,       write_stvec       },
907     [CSR_SCOUNTEREN] =          { smode, read_scounteren,  write_scounteren  },
908 
909     /* Supervisor Trap Handling */
910     [CSR_SSCRATCH] =            { smode, read_sscratch,    write_sscratch    },
911     [CSR_SEPC] =                { smode, read_sepc,        write_sepc        },
912     [CSR_SCAUSE] =              { smode, read_scause,      write_scause      },
913     [CSR_SBADADDR] =            { smode, read_sbadaddr,    write_sbadaddr    },
914     [CSR_SIP] =                 { smode, NULL,     NULL,     rmw_sip         },
915 
916     /* Supervisor Protection and Translation */
917     [CSR_SATP] =                { smode, read_satp,        write_satp        },
918 
919     /* Physical Memory Protection */
920     [CSR_PMPCFG0  ... CSR_PMPADDR9] =  { pmp,   read_pmpcfg,  write_pmpcfg   },
921     [CSR_PMPADDR0 ... CSR_PMPADDR15] = { pmp,   read_pmpaddr, write_pmpaddr  },
922 
923     /* Performance Counters */
924     [CSR_HPMCOUNTER3   ... CSR_HPMCOUNTER31] =    { ctr,  read_zero          },
925     [CSR_MHPMCOUNTER3  ... CSR_MHPMCOUNTER31] =   { any,  read_zero          },
926     [CSR_MHPMEVENT3    ... CSR_MHPMEVENT31] =     { any,  read_zero          },
927 #if defined(TARGET_RISCV32)
928     [CSR_HPMCOUNTER3H  ... CSR_HPMCOUNTER31H] =   { ctr,  read_zero          },
929     [CSR_MHPMCOUNTER3H ... CSR_MHPMCOUNTER31H] =  { any,  read_zero          },
930 #endif
931 #endif /* !CONFIG_USER_ONLY */
932 };
933