Privileged Instruction Set Listings

Part II Linux boot: recommended Vol. II (Privileged) pp. 201–202 · ~1 min read

Figure 93, made searchable: every instruction the Privileged Architecture defines. All of them live under the SYSTEM major opcode (1110011) — funct3 000 for the trap-return/fence group (rs2 doubling as a sub-opcode where no operand is needed), funct3 100 for the hypervisor load/store family. The unprivileged listings — ECALL and EBREAK included — are Vol I ch. 36.

19/19
InstructionExtensionFmtGroupEncoding & function
SRETSRTrap-returnfunct7 0001000, rs2 00010 — return from S/HS (or VS) trap; SPP/SPIE restore, V←SPV at V=0
MRETM-modeRTrap-returnfunct7 0011000, rs2 00010 — return from M trap; MPP/MPIE restore, V←MPV unless MPP=3, clears MDT
MNRETSmrnmiRTrap-returnfunct7 0111000, rs2 00010 — return from RNMI handler via mnepc/mnstatus, sets NMIE
WFIBaseRInterrupt mgmtfunct7 0001000, rs2 00101 — stall until interrupt may occur; TW/VTW trap after bounded wait
SCTRCLRSmctrRCTR mgmtfunct7 0001000, rs2 00100 — zero all control-transfer records + cycle counter
SFENCE.VMASRMemory mgmtfunct7 0001001 — order PT stores vs walks, invalidate translations (rs1 VA, rs2 ASID)
HFENCE.VVMAHRMemory mgmtfunct7 0010001 — SFENCE.VMA as-if-in-VS for current VMID (rs1 GVA, rs2 guest ASID)
HFENCE.GVMAHRMemory mgmtfunct7 0110001 — order stores vs G-stage walks (rs1 GPA>>2, rs2 VMID); TVM-trapped
HLV.B / HLV.BUHRVM load/storefunct7 0110000, rs2 0/1, funct3 100 — load byte from guest memory as VS/VU
HLV.H / HLV.HU / HLVX.HUHRVM load/storefunct7 0110010, rs2 0/1/3 — halfword guest load; HLVX checks execute permission
HLV.W / HLVX.WUHRVM load/storefunct7 0110100, rs2 0/3 — word guest load; HLVX.WU legal on RV32 too
HLV.WU / HLV.DH (RV64)RVM load/storefunct7 0110100 rs2 1 / 0110110 rs2 0 — RV64-only guest loads
HSV.B / HSV.H / HSV.WHRVM load/storefunct7 0110001/0110011/0110101, rd 00000 — store rs2 to guest memory
HSV.DH (RV64)RVM load/storefunct7 0110111 — RV64-only guest doubleword store
SINVAL.VMASvinvalRMemory mgmtfunct7 0001011 — SFENCE.VMA's invalidation only, ordered by the bracket fences
SFENCE.W.INVALSvinvalRMemory mgmtfunct7 0001100, rs2 00000 — prior stores before subsequent SINVALs
SFENCE.INVAL.IRSvinvalRMemory mgmtfunct7 0001100, rs2 00001 — prior SINVALs before subsequent implicit references
HINVAL.VVMASvinval+HRMemory mgmtfunct7 0010011 — HFENCE.VVMA's invalidation only
HINVAL.GVMASvinval+HRMemory mgmtfunct7 0110011 — HFENCE.GVMA's invalidation only (rs2 VMID)

Hardware Designer Notes

Twenty-five instructions total — the entire privileged control surface of the architecture fits in one decoder page. The complexity lives in the state machines behind them, not the encodings.

Minimal Linux-boot hart MUST

  • Decode all of these in the SYSTEM secondary decoder: funct3 splits the two families, then funct7 (and rs2 for the no-operand group) selects
  • Trap correctly on every privilege violation — each row has mode/TVM/VTVM/TSR rules on its defining page

MAY simplify / trap-and-emulate

  • Return illegal-instruction for entire absent extensions (H, Svinval, Smctr, Smrnmi rows) — decode holes, not partial support

Check yourself — privileged listings

1.What single major opcode do ALL privileged instructions share, and how are they distinguished?

2.How do MRET, SRET, and MNRET differ in encoding?

2 questions