From 84c1605b7606d810ded4c1c3a2717f158dc89e3f Mon Sep 17 00:00:00 2001
From: Jim Shu <jim.shu@sifive.com>
Date: Wed, 24 Sep 2025 15:48:17 +0800
Subject: [PATCH] target/riscv: Fix SSP CSR error handling in VU/VS mode

In VU/VS mode, accessing $ssp CSR will trigger the virtual instruction
exception instead of illegal instruction exception if SSE is disabled
via xenvcfg CSRs.

This is from RISC-V CFI v1.0 spec ch2.2.4. Shadow Stack Pointer

Signed-off-by: Jim Shu <jim.shu@sifive.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-ID: <20250924074818.230010-3-jim.shu@sifive.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
---
 target/riscv/csr.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/target/riscv/csr.c b/target/riscv/csr.c
index 3c8989f522e..ea36eccb3dc 100644
--- a/target/riscv/csr.c
+++ b/target/riscv/csr.c
@@ -203,6 +203,8 @@ static RISCVException cfi_ss(CPURISCVState *env, int csrno)
 #if !defined(CONFIG_USER_ONLY)
         if (env->debugger) {
             return RISCV_EXCP_NONE;
+        } else if (env->virt_enabled) {
+            return RISCV_EXCP_VIRT_INSTRUCTION_FAULT;
         }
 #endif
         return RISCV_EXCP_ILLEGAL_INST;
-- 
2.47.3