On Wed, 2026-03-11 at 13:30 +0300, Michael Tokarev wrote:
> Please take a look at https://gitlab.com/mjt0k/qemu/-/commits/staging-10.2
> -- hopefully my back-port makes sense.
>
> The same's for staging-10.1 and staging-10.0 (10.0 needed additional
> small tweak).
>
It makes sense to me, but 10.1 and 10.0 still have the recursive PNX bug. I've
included backported patches for those two down below
>
> Yeah the Fixes tag is obviously misleading. What's the actual commit
> which introduced the issue, if it's easy to find? :)
It looks like the "mask the whole PTE" bug was introduced in d2cba6f7ce
("target/loongarch: Add other core instructions support") when LDPTE was added
initially
Likewise I screwed up the 'Fixes:' tag for the other part of the patch as well.
The recursive PNX exception bug was actually introduced in f757a2cd69
("target/loongarch: Add LoongArch interrupt and exception handle")
Sorry about that. In any future patches I'll make sure to be more careful about
identifying the origin.
Thanks for having been so patient with me
---8<--- PATCH for staging-10.1 ---8<---
>From caca7e3b52c369722eae921365613319596d9c81 Mon Sep 17 00:00:00 2001
From: "Andrew S. Rightenburg" <[email protected]>
Date: Fri, 13 Mar 2026 09:48:19 +0800
Subject: [PATCH] target/loongarch: Avoid recursive PNX exception on CSR_BADI
fetch
loongarch_cpu_do_interrupt() updates CSR_BADI by fetching the faulting
instruction.
For a PNX exception (instruction fetch prohibited by NX), fetching the
instruction at env->pc will fault with PNX again. This can lead to an
infinite exception loop.
Treat PNX like other instruction-fetch exceptions (PIF/ADEF) and do not
update CSR_BADI for it.
Backport of commit 67638dba.
Signed-off-by: Andrew S. Rightenburg <[email protected]>
---
target/loongarch/cpu.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/target/loongarch/cpu.c b/target/loongarch/cpu.c
index 266b0b97d0..b62d720258 100644
--- a/target/loongarch/cpu.c
+++ b/target/loongarch/cpu.c
@@ -198,6 +198,7 @@ static void loongarch_cpu_do_interrupt(CPUState *cs)
}
QEMU_FALLTHROUGH;
case EXCCODE_PIF:
+ case EXCCODE_PNX:
case EXCCODE_ADEF:
cause = cs->exception_index;
update_badinstr = 0;
@@ -218,7 +219,6 @@ static void loongarch_cpu_do_interrupt(CPUState *cs)
case EXCCODE_PIS:
case EXCCODE_PME:
case EXCCODE_PNR:
- case EXCCODE_PNX:
case EXCCODE_PPI:
cause = cs->exception_index;
break;
--
2.47.3
---8<--- end PATCH for staging-10.1 ---8<---
---8<--- PATCH for staging-10.0 ---8<---
>From f2f1305d88d58743574d1da71f0fef4a60b65122 Mon Sep 17 00:00:00 2001
From: "Andrew S. Rightenburg" <[email protected]>
Date: Fri, 13 Mar 2026 09:48:19 +0800
Subject: [PATCH] target/loongarch: Avoid recursive PNX exception on CSR_BADI
fetch
loongarch_cpu_do_interrupt() updates CSR_BADI by fetching the faulting
instruction.
For a PNX exception (instruction fetch prohibited by NX), fetching the
instruction at env->pc will fault with PNX again. This can lead to an
infinite exception loop.
Treat PNX like other instruction-fetch exceptions (PIF/ADEF) and do not
update CSR_BADI for it.
Backport of commit 67638dba.
Signed-off-by: Andrew S. Rightenburg <[email protected]>
---
target/loongarch/cpu.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/target/loongarch/cpu.c b/target/loongarch/cpu.c
index 84b86da308..a5f6b7cdc5 100644
--- a/target/loongarch/cpu.c
+++ b/target/loongarch/cpu.c
@@ -197,6 +197,7 @@ static void loongarch_cpu_do_interrupt(CPUState *cs)
}
QEMU_FALLTHROUGH;
case EXCCODE_PIF:
+ case EXCCODE_PNX:
case EXCCODE_ADEF:
cause = cs->exception_index;
update_badinstr = 0;
@@ -217,7 +218,6 @@ static void loongarch_cpu_do_interrupt(CPUState *cs)
case EXCCODE_PIS:
case EXCCODE_PME:
case EXCCODE_PNR:
- case EXCCODE_PNX:
case EXCCODE_PPI:
cause = cs->exception_index;
break;
--
2.47.3
---8<--- end PATCH for staging-10.0 ---8<---
--
Regards,
Andrew S. Rightenburg
