From 569d07195a8495460f04592d8455153f730a0f54 Mon Sep 17 00:00:00 2001
From: Andrew Waterman <andrew@sifive.com>
Date: Tue, 12 Nov 2019 00:26:05 -0800
Subject: MRET and SRET clear MPRV when leaving M-mode

---
 src/machine.tex      | 8 ++++----
 src/priv-preface.tex | 1 +
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/src/machine.tex b/src/machine.tex
index bfdf8c6..7976677 100644
--- a/src/machine.tex
+++ b/src/machine.tex
@@ -602,6 +602,7 @@ executing an {\em x}\,RET instruction, supposing {\em x}\,PP holds the
 value {\em y}, {\em x}\,IE is set to {\em x}\,PIE; the privilege mode
 is changed to {\em y}; {\em x}\,PIE is set to 1; and {\em x}\,PP is
 set to U (or M if user-mode is not supported).
+If {\em x}\,PP$\neq$M, {\em x}\,RET also sets MPRV=0.
 
 {\em x}\,PP fields are \warl\ fields that can hold only privilege mode {\em x}
 and any implemented privilege mode lower than {\em x}.  If privilege mode {\em
@@ -671,6 +672,9 @@ endianness is applied, as though the current privilege mode were set to MPP.
 Instruction address-translation and protection are unaffected by the setting
 of MPRV.  MPRV is hardwired to 0 if U-mode is not supported.
 
+An MRET or SRET instruction that changes the privilege mode to a mode
+less privileged than M also sets MPRV=0.
+
 The MXR (Make eXecutable Readable) bit modifies the privilege with which loads
 access virtual memory.  When MXR=0, only loads from pages marked readable (R=1
 in Figure~\ref{sv32pte}) will succeed.  When MXR=1, loads from pages marked
@@ -684,10 +688,6 @@ routines that emulate missing hardware features, e.g., misaligned loads and
 stores.  MPRV obviates the need to perform address translation in software.
 MXR allows instruction words to be loaded from pages marked execute-only.
 
-For simplicity, MPRV and MXR are in effect regardless of privilege
-mode, but in normal use will only be enabled for short sequences in
-machine mode.
-
 The current privilege mode and the privilege mode specified by MPP might have
 different XLEN settings.  When MPRV=1, load and store memory addresses are
 treated as though the current XLEN were set to MPP's XLEN, following the rules
diff --git a/src/priv-preface.tex b/src/priv-preface.tex
index d06ba37..a0cd8e3 100644
--- a/src/priv-preface.tex
+++ b/src/priv-preface.tex
@@ -35,6 +35,7 @@ Changes from version 1.11 include:
 \item Relaxed I/O regions have been specified to follow RVWMO.  The previous
   specification implied that PPO rules other than fences and acquire/release
   annotations did not apply.
+\item Changed MRET and SRET to clear {\tt mstatus}.MPRV when leaving M-mode.
 \item Revised the hypervisor architecture proposal to represent VS-mode CSR
   state more simply.
 \item Permitted the unconditional delegation of less-privileged interrupts.
-- 
cgit v1.1