mret trigger exception when pmp equals false

Hello,when performing an MRET with MPP set to something else than 0b11 in MSTATUS, 'Invalid Instruction' exception will be triggered. The problem appeared in code after I upgraded qemu to version 6.0+.

I checked code and see in function helper_mret() it will call riscv_raise_exception() when PMP entry is none and previous mode is not machine. I also got an old discussion thread related from https://lore.kernel.org/qemu-devel/161797335493.30650.12922009005165891710.malonedeb@gac.canonical.com/. FYI

But to my understanding, as per spec mentioned, PMP is optional So I try to run qemu with "-cpu rv32,pmp=false", but obviously due to the code in helper_mret() doesn't validate RISCV_FEATURE_PMP, it will ignore the switch-off and trigger the exception anyway.

I'm not sure if it is a bug, though I see Alistair Francis ever replied that the spec said:

If no PMP entry matches an M-mode access, the access succeeds. If no PMP entry matches an S-mode or U-mode access, but at least one PMP entry is implemented, the access fails.

But I think PMP is optional and why the "pmp=false" doesn't take effective?

Thanks in advance.