Potential Bug in RISCV Hypervisor Extension: Timer Interrupt Handling in QEMU v8.0.0-rc1

Host environment

  • Operating system: Ubuntu 20.04.5 LTS
  • OS/kernel version: Linux 5.15.0-69-generic
  • Architecture: x86_64
  • QEMU flavor: qemu-system-riscv64
  • QEMU version: v8.0.0-rc1
  • QEMU command line: 
    ./qemu/build/riscv64-softmmu/qemu-system-riscv64 -m 2G -nographic -machine virt \
     -machine aia=aplic-imsic,aia_guests=7 \
     -bios ./build/sm.build/platform/generic/firmware/fw_jump.elf \
     -kernel ./my-hypervisor \
     -device loader,file=./build/linux.build/arch/riscv/boot/Image,addr=0x80400000 \
     -drive file=./build/buildroot.build/images/rootfs.ext2,format=raw,id=hd0 -device virtio-blk-device,drive=hd0 \
     -smp 1

Emulated/Virtualized environment

  • Operating system: Linux
  • OS/kernel version: 6.1.0-rc4-00024-g5b711f2d7b91
  • Architecture: RISCV

Description of issue and request for guidance

Dear QEMU developers,

Firstly, I would like to express my gratitude for your hard work on QEMU. While testing the hypervisor extension feature of RISCV, I've come across a situation that I'm not sure is a bug or perhaps something I'm misunderstanding in the way QEMU works.

The situation involves the riscv_timer_write_timecmp function in qemu/target/riscv/time_helper.c in QEMU v8.0.0-rc1. I noticed that the recent update in this function (https://github.com/qemu/qemu/commit/14cb78bfaf4f99283252d9683ea4c0d97274ddea) does not clear the mip register's [V]STIP bit when timecmp is updated to a future value. This change seems to cause the read_vstopi function to always detect a pending timer interrupt, which leads to an infinite loop in my test environment.

Steps to reproduce

  1. Build and run a simple hypervisor on QEMU v8.0.0-rc1 with the hypervisor extension feature of RISCV.
  2. Set up hideleg, henvcfg, etc., in hypervisor and run the Linux kernel.
  3. Observe the issue of infinite loop caused by the pending timer interrupt.

Additional information

Linux version: riscv_aia_v1 from github.com/avpatel/linux OpenSBI version: Modified 1.1

I would greatly appreciate it if you could kindly provide some guidance. Is this behavior expected or could this be a bug? I've tried to provide a detailed analysis of my observations, but I'm not 100% certain if my understanding is correct.

Thank you for your time and consideration.

Edited by Yonggon Kim