jhauser-us
commented
1 year ago Thanks for finding and reporting this issue! Intended to be addressed by PR #37. Please review.
Open sorear opened 2 years ago
jhauser-us
commented
1 year ago Thanks for finding and reporting this issue! Intended to be addressed by PR #37. Please review.
jhauser-us
commented
1 year ago Note that in PR #37, setting bit 9 of mvien (for SEIs) also blocks S-mode access to an IMSIC's supervisor-level interrupt file.
Consider the M-mode-assisted virtualization paradigm:
Without IMSIC, delivering an interrupt to a VM involves setting mvip[SEIP] (or the hidden mip[SEIP] bit pre-AIA), entering the guest, then using memory-access virtualization to handle the guest's accesses to (A)PLIC claim and complete registers.
With an IMSIC in the host, if there is a privileged S-mode world, the S-mode IMSIC must be under the control of the privileged world at all times because it can receive interrupts at any time. But this prevents exposing a virtual IMSIC to the guest, because the guest needs to have its own view of the supervisor eipNN and eieNN registers, and if Smstateen is not implemented all S-mode worlds can observe the contents of eipNN.
Proposed solution: Mandate the functionality of mstateen[58] to be implemented by all harts which provide M-mode-assisted virtualization (support for the TVM, TW, and TSR bits in mstatus) and an IMSIC. This could be either a dependency on the Smstateen extension, an alias for the state bit in some M-mode register, or a new state bit which provides the same functionality (logical AND if both are implemented).