On 3/6/25 02:16, Alistair Francis wrote:
On Wed, Feb 19, 2025 at 3:01 AM Paolo Bonzini <[email protected]> wrote:
There is nothing that overwrites env->misa_mxl, so it is a constant. Do
The idea is that misa_mxl can change, although that's not supported now.
At run-time, or only at configuration time (before realize)?
not let a corrupted migration stream change the value; changing misa_mxl
Does this actually happen? If the migration data is corrupted won't we
have all sorts of strange issues?
Generally migration data (just like disk image formats) is treated as
security-sensitive, overriding any other considerations. So you have to
assume that the corruption is intentional, and sneaky enough to cause
trouble.
Paolo
Alistair
would have a snowball effect on, for example, the valid VM modes.
Signed-off-by: Paolo Bonzini <[email protected]>
---
target/riscv/machine.c | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/target/riscv/machine.c b/target/riscv/machine.c
index d8445244ab2..c3d8e7c4005 100644
--- a/target/riscv/machine.c
+++ b/target/riscv/machine.c
@@ -375,6 +375,18 @@ static const VMStateDescription vmstate_ssp = {
}
};
+static bool riscv_validate_misa_mxl(void *opaque, int version_id)
+{
+ RISCVCPU *cpu = RISCV_CPU(opaque);
+ CPURISCVState *env = &cpu->env;
+ RISCVCPUClass *mcc = RISCV_CPU_GET_CLASS(cpu);
+ uint32_t misa_mxl_saved = env->misa_mxl;
+
+ /* Preserve misa_mxl even if the migration stream corrupted it */
+ env->misa_mxl = mcc->misa_mxl_max;
+ return misa_mxl_saved == mcc->misa_mxl_max;
+}
+
const VMStateDescription vmstate_riscv_cpu = {
.name = "cpu",
.version_id = 10,
@@ -394,6 +406,7 @@ const VMStateDescription vmstate_riscv_cpu = {
VMSTATE_UINTTL(env.priv_ver, RISCVCPU),
VMSTATE_UINTTL(env.vext_ver, RISCVCPU),
VMSTATE_UINT32(env.misa_mxl, RISCVCPU),
+ VMSTATE_VALIDATE("MXL must match", riscv_validate_misa_mxl),
VMSTATE_UINT32(env.misa_ext, RISCVCPU),
VMSTATE_UNUSED(4),
VMSTATE_UINT32(env.misa_ext_mask, RISCVCPU),
--
2.48.1
