On Thu, Mar 6, 2025 at 11:00 PM Paolo Bonzini <pbonz...@redhat.com> wrote:
>
> On 3/6/25 02:16, Alistair Francis wrote:
> > On Wed, Feb 19, 2025 at 3:01 AM Paolo Bonzini <pbonz...@redhat.com> wrote:
> >>
> >> There is nothing that overwrites env->misa_mxl, so it is a constant. Do
> >
> > The idea is that misa_mxl can change, although that's not supported now.
>
> At run-time, or only at configuration time (before realize)?
Runtime, at least kind of
The RISC-V spec 1.12 and earlier allows MXL to change at runtime by
writing to misa.MXL. QEMU doesn't support this and AFAIK no hardware
does either, but it was something that we might support in the future
(hence the split).
The latest RISC-V priv spec has changed misa.MXL to be read only though.
So I guess although in theory it can be changed at runtime, we are
probably never going to support that now that it's deprecated.
Now that the latest priv spec has dropped the ability to write to
misa.MXL we will probably work towards just consolidating misa_mxl_max
and misa_mxl into a single value that is constant after realise.
>
> >> not let a corrupted migration stream change the value; changing misa_mxl
> >
> > Does this actually happen? If the migration data is corrupted won't we
> > have all sorts of strange issues?
>
> Generally migration data (just like disk image formats) is treated as
> security-sensitive, overriding any other considerations. So you have to
> assume that the corruption is intentional, and sneaky enough to cause
> trouble.
I'm not convinced that this is the thing that we should be checking
for. If someone can corrupt the migration data for an attack there are
better things to change then the MXL
Alistair
>
> Paolo
>
> > Alistair
> >
> >> would have a snowball effect on, for example, the valid VM modes.
> >>
> >> Signed-off-by: Paolo Bonzini <pbonz...@redhat.com>
> >> ---
> >> target/riscv/machine.c | 13 +++++++++++++
> >> 1 file changed, 13 insertions(+)
> >>
> >> diff --git a/target/riscv/machine.c b/target/riscv/machine.c
> >> index d8445244ab2..c3d8e7c4005 100644
> >> --- a/target/riscv/machine.c
> >> +++ b/target/riscv/machine.c
> >> @@ -375,6 +375,18 @@ static const VMStateDescription vmstate_ssp = {
> >> }
> >> };
> >>
> >> +static bool riscv_validate_misa_mxl(void *opaque, int version_id)
> >> +{
> >> + RISCVCPU *cpu = RISCV_CPU(opaque);
> >> + CPURISCVState *env = &cpu->env;
> >> + RISCVCPUClass *mcc = RISCV_CPU_GET_CLASS(cpu);
> >> + uint32_t misa_mxl_saved = env->misa_mxl;
> >> +
> >> + /* Preserve misa_mxl even if the migration stream corrupted it */
> >> + env->misa_mxl = mcc->misa_mxl_max;
> >> + return misa_mxl_saved == mcc->misa_mxl_max;
> >> +}
> >> +
> >> const VMStateDescription vmstate_riscv_cpu = {
> >> .name = "cpu",
> >> .version_id = 10,
> >> @@ -394,6 +406,7 @@ const VMStateDescription vmstate_riscv_cpu = {
> >> VMSTATE_UINTTL(env.priv_ver, RISCVCPU),
> >> VMSTATE_UINTTL(env.vext_ver, RISCVCPU),
> >> VMSTATE_UINT32(env.misa_mxl, RISCVCPU),
> >> + VMSTATE_VALIDATE("MXL must match", riscv_validate_misa_mxl),
> >> VMSTATE_UINT32(env.misa_ext, RISCVCPU),
> >> VMSTATE_UNUSED(4),
> >> VMSTATE_UINT32(env.misa_ext_mask, RISCVCPU),
> >> --
> >> 2.48.1
> >>
> >>
> >
> >
>
