On 11.05.2026 15:48, Zishun Yi wrote:
Currently, the Machine Security Configuration Register (mseccfg) was
missing from the live migration state. This omission causes the register
to be reset to zero on the destination host after migration.
Fixed by adding vmstate_mseccfg subsection
This vulnerability was discovered and reported by SpecHunter, an
AI-driven architecture specification analysis tool.
Link:
https://github.com/yizishun/rv-isa-sec/blob/a22e4459cd026ae970791dfbd9cfe5d110fbd46b/output/riscv-isa-manual/pr-1879/qemu.txt#L121
Signed-off-by: Zishun Yi <[email protected]>
This change has been nominated for inclusion into previous stable
releases by Alistar. However I've a concern here: can we add new
fields to older machine descriptions this way, and stay migratable?
I understand riscv machine is not versioned. How does migration work
in the first place?
Thanks,
/mjt
---
target/riscv/machine.c | 20 ++++++++++++++++++++
1 file changed, 20 insertions(+)
diff --git a/target/riscv/machine.c b/target/riscv/machine.c
index 09c032a87914..6776e7bf5a11 100644
--- a/target/riscv/machine.c
+++ b/target/riscv/machine.c
@@ -423,6 +423,25 @@ static const VMStateDescription vmstate_sstc = {
}
};
+static bool mseccfg_needed(void *opaque)
+{
+ RISCVCPU *cpu = opaque;
+
+ return cpu->cfg.ext_smepmp || cpu->cfg.ext_zkr
+ || cpu->cfg.ext_smmpm || cpu->cfg.ext_zicfilp;
+}
+
+static const VMStateDescription vmstate_mseccfg = {
+ .name = "cpu/mseccfg",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .needed = mseccfg_needed,
+ .fields = (const VMStateField[]) {
+ VMSTATE_UINTTL(env.mseccfg, RISCVCPU),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
const VMStateDescription vmstate_riscv_cpu = {
.name = "cpu",
.version_id = 11,
@@ -499,6 +518,7 @@ const VMStateDescription vmstate_riscv_cpu = {
&vmstate_ssp,
&vmstate_ctr,Add mseccfg to VMStateDescription
&vmstate_sstc,
+ &vmstate_mseccfg,
NULL
}
};
