From e4e41d3d87990338e3d8551b20a7097a801cd26f Mon Sep 17 00:00:00 2001
From: Alistair Francis <alistair.francis@wdc.com>
Date: Sun, 22 Mar 2020 01:19:02 -0400
Subject: [PATCH] target/riscv: Fix CSR perm checking for HS mode

Update the CSR permission checking to work correctly when we are in
HS-mode.

Backports commit 0a42f4c4408824dc7cb9ff60c9bdce6dcc0d24a5 from qemu
---
 qemu/riscv32.h          |  2 ++
 qemu/riscv64.h          |  2 ++
 qemu/target/riscv/csr.c | 15 +++++++++++++--
 3 files changed, 17 insertions(+), 2 deletions(-)

diff --git a/qemu/riscv32.h b/qemu/riscv32.h
index 821c0f8e..0de0315d 100644
--- a/qemu/riscv32.h
+++ b/qemu/riscv32.h
@@ -3452,12 +3452,14 @@
 #define riscv_cpu_do_interrupt riscv_cpu_do_interrupt_riscv32
 #define riscv_cpu_do_unaligned_access riscv_cpu_do_unaligned_access_riscv32
 #define riscv_cpu_exec_interrupt riscv_cpu_exec_interrupt_riscv32
+#define riscv_cpu_force_hs_excep_enabled riscv_cpu_force_hs_excep_enabled_riscv32
 #define riscv_cpu_get_fflags riscv_cpu_get_fflags_riscv32
 #define riscv_cpu_get_phys_page_debug riscv_cpu_get_phys_page_debug_riscv32
 #define riscv_cpu_list riscv_cpu_list_riscv32
 #define riscv_cpu_mmu_index riscv_cpu_mmu_index_riscv32
 #define riscv_cpu_register_types riscv_cpu_register_types_riscv32
 #define riscv_cpu_set_fflags riscv_cpu_set_fflags_riscv32
+#define riscv_cpu_set_force_hs_excep riscv_cpu_set_force_hs_excep_riscv32
 #define riscv_cpu_set_mode riscv_cpu_set_mode_riscv32
 #define riscv_cpu_set_virt_enabled riscv_cpu_set_virt_enabled_riscv32
 #define riscv_cpu_tlb_fill riscv_cpu_tlb_fill_riscv32
diff --git a/qemu/riscv64.h b/qemu/riscv64.h
index 485aaa6a..ddb63260 100644
--- a/qemu/riscv64.h
+++ b/qemu/riscv64.h
@@ -3452,12 +3452,14 @@
 #define riscv_cpu_do_interrupt riscv_cpu_do_interrupt_riscv64
 #define riscv_cpu_do_unaligned_access riscv_cpu_do_unaligned_access_riscv64
 #define riscv_cpu_exec_interrupt riscv_cpu_exec_interrupt_riscv64
+#define riscv_cpu_force_hs_excep_enabled riscv_cpu_force_hs_excep_enabled_riscv64
 #define riscv_cpu_get_fflags riscv_cpu_get_fflags_riscv64
 #define riscv_cpu_get_phys_page_debug riscv_cpu_get_phys_page_debug_riscv64
 #define riscv_cpu_list riscv_cpu_list_riscv64
 #define riscv_cpu_mmu_index riscv_cpu_mmu_index_riscv64
 #define riscv_cpu_register_types riscv_cpu_register_types_riscv64
 #define riscv_cpu_set_fflags riscv_cpu_set_fflags_riscv64
+#define riscv_cpu_set_force_hs_excep riscv_cpu_set_force_hs_excep_riscv64
 #define riscv_cpu_set_mode riscv_cpu_set_mode_riscv64
 #define riscv_cpu_set_virt_enabled riscv_cpu_set_virt_enabled_riscv64
 #define riscv_cpu_tlb_fill riscv_cpu_tlb_fill_riscv64
diff --git a/qemu/target/riscv/csr.c b/qemu/target/riscv/csr.c
index 76f9c766..d8903672 100644
--- a/qemu/target/riscv/csr.c
+++ b/qemu/target/riscv/csr.c
@@ -804,9 +804,20 @@ int riscv_csrrw(CPURISCVState *env, int csrno, target_ulong *ret_value,
 
     /* check privileges and return -1 if check fails */
 #if !defined(CONFIG_USER_ONLY)
-    int csr_priv = get_field(csrno, 0x300);
+    int effective_priv = env->priv;
     int read_only = get_field(csrno, 0xC00) == 3;
-    if ((write_mask && read_only) || (env->priv < csr_priv)) {
+    if (riscv_has_ext(env, RVH) &&
+        env->priv == PRV_S &&
+        !riscv_cpu_virt_enabled(env)) {
+        /*
+         * We are in S mode without virtualisation, therefore we are in HS Mode.
+         * Add 1 to the effective privledge level to allow us to access the
+         * Hypervisor CSRs.
+         */
+        effective_priv++;
+    }
+    if ((write_mask && read_only) ||
+        (!env->debugger && (effective_priv < get_field(csrno, 0x300)))) {
         return -1;
     }
 #endif